search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / readdir.c
blob3494d7a8ff6539c52cc0d21dcc43f9f16cde64c9
1 /*
2 * linux/fs/readdir.c
3 *
4 * Copyright (C) 1995 Linus Torvalds
5 */
6
7 #include <linux/stddef.h>
8 #include <linux/kernel.h>
9 #include <linux/export.h>
10 #include <linux/time.h>
11 #include <linux/mm.h>
12 #include <linux/errno.h>
13 #include <linux/stat.h>
14 #include <linux/file.h>
15 #include <linux/fs.h>
16 #include <linux/fsnotify.h>
17 #include <linux/dirent.h>
18 #include <linux/security.h>
19 #include <linux/syscalls.h>
20 #include <linux/unistd.h>
21
22 #include <asm/uaccess.h>
23
24 int iterate_dir(struct file *file, struct dir_context *ctx)
25 {
26 struct inode *inode = file_inode(file);
27 int res = -ENOTDIR;
28 if (!file->f_op->iterate)
29 goto out;
30
31 res = security_file_permission(file, MAY_READ);
32 if (res)
33 goto out;
34
35 res = mutex_lock_killable(&inode->i_mutex);
36 if (res)
37 goto out;
38
39 res = -ENOENT;
40 if (!IS_DEADDIR(inode)) {
41 ctx->pos = file->f_pos;
42 res = file->f_op->iterate(file, ctx);
43 file->f_pos = ctx->pos;
44 fsnotify_access(file);
45 file_accessed(file);
46 }
47 mutex_unlock(&inode->i_mutex);
48 out:
49 return res;
50 }
51 EXPORT_SYMBOL(iterate_dir);
52
53 /*
54 * POSIX says that a dirent name cannot contain NULL or a '/'.
55 *
56 * It's not 100% clear what we should really do in this case.
57 * The filesystem is clearly corrupted, but returning a hard
58 * error means that you now don't see any of the other names
59 * either, so that isn't a perfect alternative.
60 *
61 * And if you return an error, what error do you use? Several
62 * filesystems seem to have decided on EUCLEAN being the error
63 * code for EFSCORRUPTED, and that may be the error to use. Or
64 * just EIO, which is perhaps more obvious to users.
65 *
66 * In order to see the other file names in the directory, the
67 * caller might want to make this a "soft" error: skip the
68 * entry, and return the error at the end instead.
69 *
70 * Note that this should likely do a "memchr(name, 0, len)"
71 * check too, since that would be filesystem corruption as
72 * well. However, that case can't actually confuse user space,
73 * which has to do a strlen() on the name anyway to find the
74 * filename length, and the above "soft error" worry means
75 * that it's probably better left alone until we have that
76 * issue clarified.
77 */
78 static int verify_dirent_name(const char *name, int len)
79 {
80 if (!len)
81 return -EIO;
82 if (memchr(name, '/', len))
83 return -EIO;
84 return 0;
85 }
86
87 /*
88 * Traditional linux readdir() handling..
89 *
90 * "count=1" is a special case, meaning that the buffer is one
91 * dirent-structure in size and that the code can't handle more
92 * anyway. Thus the special "fillonedir()" function for that
93 * case (the low-level handlers don't need to care about this).
94 */
95
96 #ifdef __ARCH_WANT_OLD_READDIR
97
98 struct old_linux_dirent {
99 unsigned long d_ino;
100 unsigned long d_offset;
101 unsigned short d_namlen;
102 char d_name[1];
103 };
104
105 struct readdir_callback {
106 struct dir_context ctx;
107 struct old_linux_dirent __user * dirent;
108 int result;
109 };
110
111 static int fillonedir(struct dir_context *ctx, const char *name, int namlen,
112 loff_t offset, u64 ino, unsigned int d_type)
113 {
114 struct readdir_callback *buf =
115 container_of(ctx, struct readdir_callback, ctx);
116 struct old_linux_dirent __user * dirent;
117 unsigned long d_ino;
118
119 if (buf->result)
120 return -EINVAL;
121 d_ino = ino;
122 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
123 buf->result = -EOVERFLOW;
124 return -EOVERFLOW;
125 }
126 buf->result++;
127 dirent = buf->dirent;
128 if (!access_ok(VERIFY_WRITE, dirent,
129 (unsigned long)(dirent->d_name + namlen + 1) -
130 (unsigned long)dirent))
131 goto efault;
132 if ( __put_user(d_ino, &dirent->d_ino) ||
133 __put_user(offset, &dirent->d_offset) ||
134 __put_user(namlen, &dirent->d_namlen) ||
135 __copy_to_user(dirent->d_name, name, namlen) ||
136 __put_user(0, dirent->d_name + namlen))
137 goto efault;
138 return 0;
139 efault:
140 buf->result = -EFAULT;
141 return -EFAULT;
142 }
143
144 SYSCALL_DEFINE3(old_readdir, unsigned int, fd,
145 struct old_linux_dirent __user *, dirent, unsigned int, count)
146 {
147 int error;
148 struct fd f = fdget(fd);
149 struct readdir_callback buf = {
150 .ctx.actor = fillonedir,
151 .dirent = dirent
152 };
153
154 if (!f.file)
155 return -EBADF;
156
157 error = iterate_dir(f.file, &buf.ctx);
158 if (buf.result)
159 error = buf.result;
160
161 fdput(f);
162 return error;
163 }
164
165 #endif /* __ARCH_WANT_OLD_READDIR */
166
167 /*
168 * New, all-improved, singing, dancing, iBCS2-compliant getdents()
169 * interface.
170 */
171 struct linux_dirent {
172 unsigned long d_ino;
173 unsigned long d_off;
174 unsigned short d_reclen;
175 char d_name[1];
176 };
177
178 struct getdents_callback {
179 struct dir_context ctx;
180 struct linux_dirent __user * current_dir;
181 struct linux_dirent __user * previous;
182 int count;
183 int error;
184 };
185
186 static int filldir(struct dir_context *ctx, const char *name, int namlen,
187 loff_t offset, u64 ino, unsigned int d_type)
188 {
189 struct linux_dirent __user * dirent;
190 struct getdents_callback *buf =
191 container_of(ctx, struct getdents_callback, ctx);
192 unsigned long d_ino;
193 int reclen = ALIGN(offsetof(struct linux_dirent, d_name) + namlen + 2,
194 sizeof(long));
195
196 buf->error = verify_dirent_name(name, namlen);
197 if (unlikely(buf->error))
198 return buf->error;
199 buf->error = -EINVAL; /* only used if we fail.. */
200 if (reclen > buf->count)
201 return -EINVAL;
202 d_ino = ino;
203 if (sizeof(d_ino) < sizeof(ino) && d_ino != ino) {
204 buf->error = -EOVERFLOW;
205 return -EOVERFLOW;
206 }
207 dirent = buf->previous;
208 if (dirent) {
209 if (__put_user(offset, &dirent->d_off))
210 goto efault;
211 }
212 dirent = buf->current_dir;
213 if (__put_user(d_ino, &dirent->d_ino))
214 goto efault;
215 if (__put_user(reclen, &dirent->d_reclen))
216 goto efault;
217 if (copy_to_user(dirent->d_name, name, namlen))
218 goto efault;
219 if (__put_user(0, dirent->d_name + namlen))
220 goto efault;
221 if (__put_user(d_type, (char __user *) dirent + reclen - 1))
222 goto efault;
223 buf->previous = dirent;
224 dirent = (void __user *)dirent + reclen;
225 buf->current_dir = dirent;
226 buf->count -= reclen;
227 return 0;
228 efault:
229 buf->error = -EFAULT;
230 return -EFAULT;
231 }
232
233 SYSCALL_DEFINE3(getdents, unsigned int, fd,
234 struct linux_dirent __user *, dirent, unsigned int, count)
235 {
236 struct fd f;
237 struct linux_dirent __user * lastdirent;
238 struct getdents_callback buf = {
239 .ctx.actor = filldir,
240 .count = count,
241 .current_dir = dirent
242 };
243 int error;
244
245 if (!access_ok(VERIFY_WRITE, dirent, count))
246 return -EFAULT;
247
248 f = fdget(fd);
249 if (!f.file)
250 return -EBADF;
251
252 error = iterate_dir(f.file, &buf.ctx);
253 if (error >= 0)
254 error = buf.error;
255 lastdirent = buf.previous;
256 if (lastdirent) {
257 if (put_user(buf.ctx.pos, &lastdirent->d_off))
258 error = -EFAULT;
259 else
260 error = count - buf.count;
261 }
262 fdput(f);
263 return error;
264 }
265
266 struct getdents_callback64 {
267 struct dir_context ctx;
268 struct linux_dirent64 __user * current_dir;
269 struct linux_dirent64 __user * previous;
270 int count;
271 int error;
272 };
273
274 static int filldir64(struct dir_context *ctx, const char *name, int namlen,
275 loff_t offset, u64 ino, unsigned int d_type)
276 {
277 struct linux_dirent64 __user *dirent;
278 struct getdents_callback64 *buf =
279 container_of(ctx, struct getdents_callback64, ctx);
280 int reclen = ALIGN(offsetof(struct linux_dirent64, d_name) + namlen + 1,
281 sizeof(u64));
282
283 buf->error = verify_dirent_name(name, namlen);
284 if (unlikely(buf->error))
285 return buf->error;
286 buf->error = -EINVAL; /* only used if we fail.. */
287 if (reclen > buf->count)
288 return -EINVAL;
289 dirent = buf->previous;
290 if (dirent) {
291 if (__put_user(offset, &dirent->d_off))
292 goto efault;
293 }
294 dirent = buf->current_dir;
295 if (__put_user(ino, &dirent->d_ino))
296 goto efault;
297 if (__put_user(0, &dirent->d_off))
298 goto efault;
299 if (__put_user(reclen, &dirent->d_reclen))
300 goto efault;
301 if (__put_user(d_type, &dirent->d_type))
302 goto efault;
303 if (copy_to_user(dirent->d_name, name, namlen))
304 goto efault;
305 if (__put_user(0, dirent->d_name + namlen))
306 goto efault;
307 buf->previous = dirent;
308 dirent = (void __user *)dirent + reclen;
309 buf->current_dir = dirent;
310 buf->count -= reclen;
311 return 0;
312 efault:
313 buf->error = -EFAULT;
314 return -EFAULT;
315 }
316
317 SYSCALL_DEFINE3(getdents64, unsigned int, fd,
318 struct linux_dirent64 __user *, dirent, unsigned int, count)
319 {
320 struct fd f;
321 struct linux_dirent64 __user * lastdirent;
322 struct getdents_callback64 buf = {
323 .ctx.actor = filldir64,
324 .count = count,
325 .current_dir = dirent
326 };
327 int error;
328
329 if (!access_ok(VERIFY_WRITE, dirent, count))
330 return -EFAULT;
331
332 f = fdget(fd);
333 if (!f.file)
334 return -EBADF;
335
336 error = iterate_dir(f.file, &buf.ctx);
337 if (error >= 0)
338 error = buf.error;
339 lastdirent = buf.previous;
340 if (lastdirent) {
341 typeof(lastdirent->d_off) d_off = buf.ctx.pos;
342 if (__put_user(d_off, &lastdirent->d_off))
343 error = -EFAULT;
344 else
345 error = count - buf.count;
346 }
347 fdput(f);
348 return error;
349 }
Linux with added FPC-III support