1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #include <linux/syscalls.h> 3 #include <linux/export.h> 4 #include <linux/uaccess.h> 5 #include <linux/fs_struct.h> 6 #include <linux/fs.h> 7 #include <linux/slab.h> 8 #include <linux/prefetch.h> 9 #include "mount.h" 10 11 struct prepend_buffer { 12 char *buf; 13 int len; 14 }; 15 #define DECLARE_BUFFER(__name, __buf, __len) \ 16 struct prepend_buffer __name = {.buf = __buf + __len, .len = __len} 17 18 static char *extract_string(struct prepend_buffer *p) 19 { 20 if (likely(p->len >= 0)) 21 return p->buf; 22 return ERR_PTR(-ENAMETOOLONG); 23 } 24 25 static void prepend(struct prepend_buffer *p, const char *str, int namelen) 26 { 27 p->len -= namelen; 28 if (likely(p->len >= 0)) { 29 p->buf -= namelen; 30 memcpy(p->buf, str, namelen); 31 } 32 } 33 34 /** 35 * prepend_name - prepend a pathname in front of current buffer pointer 36 * @buffer: buffer pointer 37 * @buflen: allocated length of the buffer 38 * @name: name string and length qstr structure 39 * 40 * With RCU path tracing, it may race with d_move(). Use READ_ONCE() to 41 * make sure that either the old or the new name pointer and length are 42 * fetched. However, there may be mismatch between length and pointer. 43 * The length cannot be trusted, we need to copy it byte-by-byte until 44 * the length is reached or a null byte is found. It also prepends "/" at 45 * the beginning of the name. The sequence number check at the caller will 46 * retry it again when a d_move() does happen. So any garbage in the buffer 47 * due to mismatched pointer and length will be discarded. 48 * 49 * Load acquire is needed to make sure that we see that terminating NUL. 50 */ 51 static bool prepend_name(struct prepend_buffer *p, const struct qstr *name) 52 { 53 const char *dname = smp_load_acquire(&name->name); /* ^^^ */ 54 u32 dlen = READ_ONCE(name->len); 55 char *s; 56 57 p->len -= dlen + 1; 58 if (unlikely(p->len < 0)) 59 return false; 60 s = p->buf -= dlen + 1; 61 *s++ = '/'; 62 while (dlen--) { 63 char c = *dname++; 64 if (!c) 65 break; 66 *s++ = c; 67 } 68 return true; 69 } 70 71 static int __prepend_path(const struct dentry *dentry, const struct mount *mnt, 72 const struct path *root, struct prepend_buffer *p) 73 { 74 while (dentry != root->dentry || &mnt->mnt != root->mnt) { 75 const struct dentry *parent = READ_ONCE(dentry->d_parent); 76 77 if (dentry == mnt->mnt.mnt_root) { 78 struct mount *m = READ_ONCE(mnt->mnt_parent); 79 struct mnt_namespace *mnt_ns; 80 81 if (likely(mnt != m)) { 82 dentry = READ_ONCE(mnt->mnt_mountpoint); 83 mnt = m; 84 continue; 85 } 86 /* Global root */ 87 mnt_ns = READ_ONCE(mnt->mnt_ns); 88 /* open-coded is_mounted() to use local mnt_ns */ 89 if (!IS_ERR_OR_NULL(mnt_ns) && !is_anon_ns(mnt_ns)) 90 return 1; // absolute root 91 else 92 return 2; // detached or not attached yet 93 } 94 95 if (unlikely(dentry == parent)) 96 /* Escaped? */ 97 return 3; 98 99 prefetch(parent); 100 if (!prepend_name(p, &dentry->d_name)) 101 break; 102 dentry = parent; 103 } 104 return 0; 105 } 106 107 /** 108 * prepend_path - Prepend path string to a buffer 109 * @path: the dentry/vfsmount to report 110 * @root: root vfsmnt/dentry 111 * @buffer: pointer to the end of the buffer 112 * @buflen: pointer to buffer length 113 * 114 * The function will first try to write out the pathname without taking any 115 * lock other than the RCU read lock to make sure that dentries won't go away. 116 * It only checks the sequence number of the global rename_lock as any change 117 * in the dentry's d_seq will be preceded by changes in the rename_lock 118 * sequence number. If the sequence number had been changed, it will restart 119 * the whole pathname back-tracing sequence again by taking the rename_lock. 120 * In this case, there is no need to take the RCU read lock as the recursive 121 * parent pointer references will keep the dentry chain alive as long as no 122 * rename operation is performed. 123 */ 124 static int prepend_path(const struct path *path, 125 const struct path *root, 126 struct prepend_buffer *p) 127 { 128 unsigned seq, m_seq = 0; 129 struct prepend_buffer b; 130 int error; 131 132 rcu_read_lock(); 133 restart_mnt: 134 read_seqbegin_or_lock(&mount_lock, &m_seq); 135 seq = 0; 136 rcu_read_lock(); 137 restart: 138 b = *p; 139 read_seqbegin_or_lock(&rename_lock, &seq); 140 error = __prepend_path(path->dentry, real_mount(path->mnt), root, &b); 141 if (!(seq & 1)) 142 rcu_read_unlock(); 143 if (need_seqretry(&rename_lock, seq)) { 144 seq = 1; 145 goto restart; 146 } 147 done_seqretry(&rename_lock, seq); 148 149 if (!(m_seq & 1)) 150 rcu_read_unlock(); 151 if (need_seqretry(&mount_lock, m_seq)) { 152 m_seq = 1; 153 goto restart_mnt; 154 } 155 done_seqretry(&mount_lock, m_seq); 156 157 if (unlikely(error == 3)) 158 b = *p; 159 160 if (b.len == p->len) 161 prepend(&b, "/", 1); 162 163 *p = b; 164 return error; 165 } 166 167 /** 168 * __d_path - return the path of a dentry 169 * @path: the dentry/vfsmount to report 170 * @root: root vfsmnt/dentry 171 * @buf: buffer to return value in 172 * @buflen: buffer length 173 * 174 * Convert a dentry into an ASCII path name. 175 * 176 * Returns a pointer into the buffer or an error code if the 177 * path was too long. 178 * 179 * "buflen" should be positive. 180 * 181 * If the path is not reachable from the supplied root, return %NULL. 182 */ 183 char *__d_path(const struct path *path, 184 const struct path *root, 185 char *buf, int buflen) 186 { 187 DECLARE_BUFFER(b, buf, buflen); 188 189 prepend(&b, "", 1); 190 if (unlikely(prepend_path(path, root, &b) > 0)) 191 return NULL; 192 return extract_string(&b); 193 } 194 195 char *d_absolute_path(const struct path *path, 196 char *buf, int buflen) 197 { 198 struct path root = {}; 199 DECLARE_BUFFER(b, buf, buflen); 200 201 prepend(&b, "", 1); 202 if (unlikely(prepend_path(path, &root, &b) > 1)) 203 return ERR_PTR(-EINVAL); 204 return extract_string(&b); 205 } 206 207 static void get_fs_root_rcu(struct fs_struct *fs, struct path *root) 208 { 209 unsigned seq; 210 211 do { 212 seq = read_seqcount_begin(&fs->seq); 213 *root = fs->root; 214 } while (read_seqcount_retry(&fs->seq, seq)); 215 } 216 217 /** 218 * d_path - return the path of a dentry 219 * @path: path to report 220 * @buf: buffer to return value in 221 * @buflen: buffer length 222 * 223 * Convert a dentry into an ASCII path name. If the entry has been deleted 224 * the string " (deleted)" is appended. Note that this is ambiguous. 225 * 226 * Returns a pointer into the buffer or an error code if the path was 227 * too long. Note: Callers should use the returned pointer, not the passed 228 * in buffer, to use the name! The implementation often starts at an offset 229 * into the buffer, and may leave 0 bytes at the start. 230 * 231 * "buflen" should be positive. 232 */ 233 char *d_path(const struct path *path, char *buf, int buflen) 234 { 235 DECLARE_BUFFER(b, buf, buflen); 236 struct path root; 237 238 /* 239 * We have various synthetic filesystems that never get mounted. On 240 * these filesystems dentries are never used for lookup purposes, and 241 * thus don't need to be hashed. They also don't need a name until a 242 * user wants to identify the object in /proc/pid/fd/. The little hack 243 * below allows us to generate a name for these objects on demand: 244 * 245 * Some pseudo inodes are mountable. When they are mounted 246 * path->dentry == path->mnt->mnt_root. In that case don't call d_dname 247 * and instead have d_path return the mounted path. 248 */ 249 if (path->dentry->d_op && path->dentry->d_op->d_dname && 250 (!IS_ROOT(path->dentry) || path->dentry != path->mnt->mnt_root)) 251 return path->dentry->d_op->d_dname(path->dentry, buf, buflen); 252 253 rcu_read_lock(); 254 get_fs_root_rcu(current->fs, &root); 255 if (unlikely(d_unlinked(path->dentry))) 256 prepend(&b, " (deleted)", 11); 257 else 258 prepend(&b, "", 1); 259 prepend_path(path, &root, &b); 260 rcu_read_unlock(); 261 262 return extract_string(&b); 263 } 264 EXPORT_SYMBOL(d_path); 265 266 /* 267 * Helper function for dentry_operations.d_dname() members 268 */ 269 char *dynamic_dname(struct dentry *dentry, char *buffer, int buflen, 270 const char *fmt, ...) 271 { 272 va_list args; 273 char temp[64]; 274 int sz; 275 276 va_start(args, fmt); 277 sz = vsnprintf(temp, sizeof(temp), fmt, args) + 1; 278 va_end(args); 279 280 if (sz > sizeof(temp) || sz > buflen) 281 return ERR_PTR(-ENAMETOOLONG); 282 283 buffer += buflen - sz; 284 return memcpy(buffer, temp, sz); 285 } 286 287 char *simple_dname(struct dentry *dentry, char *buffer, int buflen) 288 { 289 DECLARE_BUFFER(b, buffer, buflen); 290 /* these dentries are never renamed, so d_lock is not needed */ 291 prepend(&b, " (deleted)", 11); 292 prepend(&b, dentry->d_name.name, dentry->d_name.len); 293 prepend(&b, "/", 1); 294 return extract_string(&b); 295 } 296 297 /* 298 * Write full pathname from the root of the filesystem into the buffer. 299 */ 300 static char *__dentry_path(const struct dentry *d, struct prepend_buffer *p) 301 { 302 const struct dentry *dentry; 303 struct prepend_buffer b; 304 int seq = 0; 305 306 rcu_read_lock(); 307 restart: 308 dentry = d; 309 b = *p; 310 read_seqbegin_or_lock(&rename_lock, &seq); 311 while (!IS_ROOT(dentry)) { 312 const struct dentry *parent = dentry->d_parent; 313 314 prefetch(parent); 315 if (!prepend_name(&b, &dentry->d_name)) 316 break; 317 dentry = parent; 318 } 319 if (!(seq & 1)) 320 rcu_read_unlock(); 321 if (need_seqretry(&rename_lock, seq)) { 322 seq = 1; 323 goto restart; 324 } 325 done_seqretry(&rename_lock, seq); 326 if (b.len == p->len) 327 prepend(&b, "/", 1); 328 return extract_string(&b); 329 } 330 331 char *dentry_path_raw(const struct dentry *dentry, char *buf, int buflen) 332 { 333 DECLARE_BUFFER(b, buf, buflen); 334 335 prepend(&b, "", 1); 336 return __dentry_path(dentry, &b); 337 } 338 EXPORT_SYMBOL(dentry_path_raw); 339 340 char *dentry_path(const struct dentry *dentry, char *buf, int buflen) 341 { 342 DECLARE_BUFFER(b, buf, buflen); 343 344 if (unlikely(d_unlinked(dentry))) 345 prepend(&b, "//deleted", 10); 346 else 347 prepend(&b, "", 1); 348 return __dentry_path(dentry, &b); 349 } 350 351 static void get_fs_root_and_pwd_rcu(struct fs_struct *fs, struct path *root, 352 struct path *pwd) 353 { 354 unsigned seq; 355 356 do { 357 seq = read_seqcount_begin(&fs->seq); 358 *root = fs->root; 359 *pwd = fs->pwd; 360 } while (read_seqcount_retry(&fs->seq, seq)); 361 } 362 363 /* 364 * NOTE! The user-level library version returns a 365 * character pointer. The kernel system call just 366 * returns the length of the buffer filled (which 367 * includes the ending '\0' character), or a negative 368 * error value. So libc would do something like 369 * 370 * char *getcwd(char * buf, size_t size) 371 * { 372 * int retval; 373 * 374 * retval = sys_getcwd(buf, size); 375 * if (retval >= 0) 376 * return buf; 377 * errno = -retval; 378 * return NULL; 379 * } 380 */ 381 SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) 382 { 383 int error; 384 struct path pwd, root; 385 char *page = __getname(); 386 387 if (!page) 388 return -ENOMEM; 389 390 rcu_read_lock(); 391 get_fs_root_and_pwd_rcu(current->fs, &root, &pwd); 392 393 if (unlikely(d_unlinked(pwd.dentry))) { 394 rcu_read_unlock(); 395 error = -ENOENT; 396 } else { 397 unsigned len; 398 DECLARE_BUFFER(b, page, PATH_MAX); 399 400 prepend(&b, "", 1); 401 if (unlikely(prepend_path(&pwd, &root, &b) > 0)) 402 prepend(&b, "(unreachable)", 13); 403 rcu_read_unlock(); 404 405 len = PATH_MAX - b.len; 406 if (unlikely(len > PATH_MAX)) 407 error = -ENAMETOOLONG; 408 else if (unlikely(len > size)) 409 error = -ERANGE; 410 else if (copy_to_user(buf, b.buf, len)) 411 error = -EFAULT; 412 else 413 error = len; 414 } 415 __putname(page); 416 return error; 417 } 418