xref: /netbsd-src/sys/kern/vfs_getcwd.c (revision fad4c9f71477ae11cea2ee75ec82151ac770a534) 
1 /* $NetBSD: vfs_getcwd.c,v 1.31 2006/05/14 21:15:12 elad Exp $ */
2 
3 /*-
4  * Copyright (c) 1999 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Bill Sommerfeld.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. All advertising materials mentioning features or use of this software
19  *    must display the following acknowledgement:
20  *        This product includes software developed by the NetBSD
21  *        Foundation, Inc. and its contributors.
22  * 4. Neither the name of The NetBSD Foundation nor the names of its
23  *    contributors may be used to endorse or promote products derived
24  *    from this software without specific prior written permission.
25  *
26  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
27  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
28  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
29  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
30  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36  * POSSIBILITY OF SUCH DAMAGE.
37  */
38 
39 #include <sys/cdefs.h>
40 __KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.31 2006/05/14 21:15:12 elad Exp $");
41 
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/namei.h>
45 #include <sys/filedesc.h>
46 #include <sys/kernel.h>
47 #include <sys/file.h>
48 #include <sys/stat.h>
49 #include <sys/vnode.h>
50 #include <sys/mount.h>
51 #include <sys/proc.h>
52 #include <sys/uio.h>
53 #include <sys/malloc.h>
54 #include <sys/dirent.h>
55 #include <sys/kauth.h>
56 
57 #include <ufs/ufs/dir.h>	/* XXX only for DIRBLKSIZ */
58 
59 #include <sys/sa.h>
60 #include <sys/syscallargs.h>
61 
62 /*
63  * Vnode variable naming conventions in this file:
64  *
65  * rvp: the current root we're aiming towards.
66  * lvp, *lvpp: the "lower" vnode
67  * uvp, *uvpp: the "upper" vnode.
68  *
69  * Since all the vnodes we're dealing with are directories, and the
70  * lookups are going *up* in the filesystem rather than *down*, the
71  * usual "pvp" (parent) or "dvp" (directory) naming conventions are
72  * too confusing.
73  */
74 
75 /*
76  * XXX Will infinite loop in certain cases if a directory read reliably
77  *	returns EINVAL on last block.
78  * XXX is EINVAL the right thing to return if a directory is malformed?
79  */
80 
81 /*
82  * XXX Untested vs. mount -o union; probably does the wrong thing.
83  */
84 
85 /*
86  * Find parent vnode of *lvpp, return in *uvpp
87  *
88  * If we care about the name, scan it looking for name of directory
89  * entry pointing at lvp.
90  *
91  * Place the name in the buffer which starts at bufp, immediately
92  * before *bpp, and move bpp backwards to point at the start of it.
93  *
94  * On entry, *lvpp is a locked vnode reference; on exit, it is vput and NULL'ed
95  * On exit, *uvpp is either NULL or is a locked vnode reference.
96  */
97 static int
98 getcwd_scandir(struct vnode **lvpp, struct vnode **uvpp, char **bpp,
99     char *bufp, struct lwp *l)
100 {
101 	int     error = 0;
102 	int     eofflag;
103 	off_t   off;
104 	int     tries;
105 	struct uio uio;
106 	struct iovec iov;
107 	char   *dirbuf = NULL;
108 	int	dirbuflen;
109 	ino_t   fileno;
110 	struct vattr va;
111 	struct vnode *uvp = NULL;
112 	struct vnode *lvp = *lvpp;
113 	kauth_cred_t cred = l->l_proc->p_cred;
114 	struct componentname cn;
115 	int len, reclen;
116 	tries = 0;
117 
118 	/*
119 	 * If we want the filename, get some info we need while the
120 	 * current directory is still locked.
121 	 */
122 	if (bufp != NULL) {
123 		error = VOP_GETATTR(lvp, &va, cred, l);
124 		if (error) {
125 			vput(lvp);
126 			*lvpp = NULL;
127 			*uvpp = NULL;
128 			return error;
129 		}
130 	}
131 
132 	/*
133 	 * Ok, we have to do it the hard way..
134 	 * Next, get parent vnode using lookup of ..
135 	 */
136 	cn.cn_nameiop = LOOKUP;
137 	cn.cn_flags = ISLASTCN | ISDOTDOT | RDONLY;
138 	cn.cn_lwp = l;
139 	cn.cn_cred = cred;
140 	cn.cn_pnbuf = NULL;
141 	cn.cn_nameptr = "..";
142 	cn.cn_namelen = 2;
143 	cn.cn_hash = 0;
144 	cn.cn_consume = 0;
145 
146 	/*
147 	 * At this point, lvp is locked and will be unlocked by the lookup.
148 	 * On successful return, *uvpp will be locked
149 	 */
150 	error = VOP_LOOKUP(lvp, uvpp, &cn);
151 	if (error) {
152 		vput(lvp);
153 		*lvpp = NULL;
154 		*uvpp = NULL;
155 		return error;
156 	}
157 	uvp = *uvpp;
158 
159 	/* If we don't care about the pathname, we're done */
160 	if (bufp == NULL) {
161 		vrele(lvp);
162 		*lvpp = NULL;
163 		return 0;
164 	}
165 
166 	fileno = va.va_fileid;
167 
168 	dirbuflen = DIRBLKSIZ;
169 	if (dirbuflen < va.va_blocksize)
170 		dirbuflen = va.va_blocksize;
171 	dirbuf = (char *)malloc(dirbuflen, M_TEMP, M_WAITOK);
172 
173 #if 0
174 unionread:
175 #endif
176 	off = 0;
177 	do {
178 		/* call VOP_READDIR of parent */
179 		iov.iov_base = dirbuf;
180 		iov.iov_len = dirbuflen;
181 
182 		uio.uio_iov = &iov;
183 		uio.uio_iovcnt = 1;
184 		uio.uio_offset = off;
185 		uio.uio_resid = dirbuflen;
186 		uio.uio_rw = UIO_READ;
187 		UIO_SETUP_SYSSPACE(&uio);
188 
189 		eofflag = 0;
190 
191 		error = VOP_READDIR(uvp, &uio, cred, &eofflag, 0, 0);
192 
193 		off = uio.uio_offset;
194 
195 		/*
196 		 * Try again if NFS tosses its cookies.
197 		 * XXX this can still loop forever if the directory is busted
198 		 * such that the second or subsequent page of it always
199 		 * returns EINVAL
200 		 */
201 		if ((error == EINVAL) && (tries < 3)) {
202 			off = 0;
203 			tries++;
204 			continue;	/* once more, with feeling */
205 		}
206 
207 		if (!error) {
208 			char   *cpos;
209 			struct dirent *dp;
210 
211 			cpos = dirbuf;
212 			tries = 0;
213 
214 			/* scan directory page looking for matching vnode */
215 			for (len = (dirbuflen - uio.uio_resid); len > 0;
216 			    len -= reclen) {
217 				dp = (struct dirent *) cpos;
218 				reclen = dp->d_reclen;
219 
220 				/* check for malformed directory.. */
221 				if (reclen < _DIRENT_MINSIZE(dp)) {
222 					error = EINVAL;
223 					goto out;
224 				}
225 				/*
226 				 * XXX should perhaps do VOP_LOOKUP to
227 				 * check that we got back to the right place,
228 				 * but getting the locking games for that
229 				 * right would be heinous.
230 				 */
231 				if ((dp->d_type != DT_WHT) &&
232 				    (dp->d_fileno == fileno)) {
233 					char *bp = *bpp;
234 
235 					bp -= dp->d_namlen;
236 					if (bp <= bufp) {
237 						error = ERANGE;
238 						goto out;
239 					}
240 					memcpy(bp, dp->d_name, dp->d_namlen);
241 					error = 0;
242 					*bpp = bp;
243 					goto out;
244 				}
245 				cpos += reclen;
246 			}
247 		} else
248 			goto out;
249 	} while (!eofflag);
250 #if 0
251 	/*
252 	 * Deal with mount -o union, which unions only the
253 	 * root directory of the mount.
254 	 */
255 	if ((uvp->v_flag & VROOT) &&
256 	    (uvp->v_mount->mnt_flag & MNT_UNION)) {
257 		struct vnode *tvp = uvp;
258 
259 		uvp = uvp->v_mount->mnt_vnodecovered;
260 		vput(tvp);
261 		VREF(uvp);
262 		*uvpp = uvp;
263 		error = vn_lock(uvp, LK_EXCLUSIVE | LK_RETRY);
264 		if (error != 0) {
265 			vrele(uvp);
266 			*uvpp = uvp = NULL;
267 			goto out;
268 		}
269 		goto unionread;
270 	}
271 #endif
272 	error = ENOENT;
273 
274 out:
275 	vrele(lvp);
276 	*lvpp = NULL;
277 	free(dirbuf, M_TEMP);
278 	return error;
279 }
280 
281 /*
282  * Look in the vnode-to-name reverse cache to see if
283  * we can find things the easy way.
284  *
285  * XXX vget failure path is untested.
286  *
287  * On entry, *lvpp is a locked vnode reference.
288  * On exit, one of the following is the case:
289  *	0) Both *lvpp and *uvpp are NULL and failure is returned.
290  * 	1) *uvpp is NULL, *lvpp remains locked and -1 is returned (cache miss)
291  *	2) *uvpp is a locked vnode reference, *lvpp is vput and NULL'ed
292  *	   and 0 is returned (cache hit)
293  */
294 
295 static int
296 getcwd_getcache(struct vnode **lvpp, struct vnode **uvpp, char **bpp,
297     char *bufp)
298 {
299 	struct vnode *lvp, *uvp = NULL;
300 	char *obp = *bpp;
301 	int error;
302 
303 	lvp = *lvpp;
304 
305 	/*
306 	 * This returns 0 on a cache hit, -1 on a clean cache miss,
307 	 * or an errno on other failure.
308 	 */
309 	error = cache_revlookup(lvp, uvpp, bpp, bufp);
310 	if (error) {
311 		if (error != -1) {
312 			vput(lvp);
313 			*lvpp = NULL;
314 			*uvpp = NULL;
315 		}
316 		return error;
317 	}
318 	uvp = *uvpp;
319 
320 	/*
321 	 * Since we're going up, we have to release the current lock
322 	 * before we take the parent lock.
323 	 */
324 
325 	VOP_UNLOCK(lvp, 0);
326 
327 	error = vget(uvp, LK_EXCLUSIVE | LK_RETRY);
328 	/*
329 	 * Verify that vget succeeded while we were waiting for the
330 	 * lock.
331 	 */
332 	if (error) {
333 		/*
334 		 * Oops, we missed.  If the vget failed try to get our
335 		 * lock back; if that works, rewind the `bp' and tell
336 		 * caller to try things the hard way, otherwise give
337 		 * up.
338 		 */
339 		*uvpp = NULL;
340 		error = vn_lock(lvp, LK_EXCLUSIVE | LK_RETRY);
341 		if (error == 0) {
342 			*bpp = obp;
343 			return -1;
344 		}
345 	}
346 	vrele(lvp);
347 	*lvpp = NULL;
348 
349 	return error;
350 }
351 
352 /*
353  * common routine shared by sys___getcwd() and vn_isunder()
354  */
355 
356 int
357 getcwd_common(struct vnode *lvp, struct vnode *rvp, char **bpp, char *bufp,
358     int limit, int flags, struct lwp *l)
359 {
360 	struct cwdinfo *cwdi = l->l_proc->p_cwdi;
361 	kauth_cred_t cred = l->l_proc->p_cred;
362 	struct vnode *uvp = NULL;
363 	char *bp = NULL;
364 	int error;
365 	int perms = VEXEC;
366 
367 	if (rvp == NULL) {
368 		rvp = cwdi->cwdi_rdir;
369 		if (rvp == NULL)
370 			rvp = rootvnode;
371 	}
372 
373 	VREF(rvp);
374 	VREF(lvp);
375 
376 	/*
377 	 * Error handling invariant:
378 	 * Before a `goto out':
379 	 *	lvp is either NULL, or locked and held.
380 	 *	uvp is either NULL, or locked and held.
381 	 */
382 
383 	error = vn_lock(lvp, LK_EXCLUSIVE | LK_RETRY);
384 	if (error) {
385 		vrele(lvp);
386 		lvp = NULL;
387 		goto out;
388 	}
389 	if (bufp)
390 		bp = *bpp;
391 	/*
392 	 * this loop will terminate when one of the following happens:
393 	 *	- we hit the root
394 	 *	- getdirentries or lookup fails
395 	 *	- we run out of space in the buffer.
396 	 */
397 	if (lvp == rvp) {
398 		if (bp)
399 			*(--bp) = '/';
400 		goto out;
401 	}
402 	do {
403 		if (lvp->v_type != VDIR) {
404 			error = ENOTDIR;
405 			goto out;
406 		}
407 
408 		/*
409 		 * access check here is optional, depending on
410 		 * whether or not caller cares.
411 		 */
412 		if (flags & GETCWD_CHECK_ACCESS) {
413 			error = VOP_ACCESS(lvp, perms, cred, l);
414 			if (error)
415 				goto out;
416 			perms = VEXEC|VREAD;
417 		}
418 
419 		/*
420 		 * step up if we're a covered vnode..
421 		 */
422 		while (lvp->v_flag & VROOT) {
423 			struct vnode *tvp;
424 
425 			if (lvp == rvp)
426 				goto out;
427 
428 			tvp = lvp;
429 			lvp = lvp->v_mount->mnt_vnodecovered;
430 			vput(tvp);
431 			/*
432 			 * hodie natus est radici frater
433 			 */
434 			if (lvp == NULL) {
435 				error = ENOENT;
436 				goto out;
437 			}
438 			VREF(lvp);
439 			error = vn_lock(lvp, LK_EXCLUSIVE | LK_RETRY);
440 			if (error != 0) {
441 				vrele(lvp);
442 				lvp = NULL;
443 				goto out;
444 			}
445 		}
446 		/*
447 		 * Look in the name cache; if that fails, look in the
448 		 * directory..
449 		 */
450 		error = getcwd_getcache(&lvp, &uvp, &bp, bufp);
451 		if (error == -1)
452 			error = getcwd_scandir(&lvp, &uvp, &bp, bufp, l);
453 		if (error)
454 			goto out;
455 #if DIAGNOSTIC
456 		if (lvp != NULL)
457 			panic("getcwd: oops, forgot to null lvp");
458 		if (bufp && (bp <= bufp)) {
459 			panic("getcwd: oops, went back too far");
460 		}
461 #endif
462 		if (bp)
463 			*(--bp) = '/';
464 		lvp = uvp;
465 		uvp = NULL;
466 		limit--;
467 	} while ((lvp != rvp) && (limit > 0));
468 
469 out:
470 	if (bpp)
471 		*bpp = bp;
472 	if (uvp)
473 		vput(uvp);
474 	if (lvp)
475 		vput(lvp);
476 	vrele(rvp);
477 	return error;
478 }
479 
480 /*
481  * Check if one directory can be found inside another in the directory
482  * hierarchy.
483  *
484  * Intended to be used in chroot, chdir, fchdir, etc., to ensure that
485  * chroot() actually means something.
486  */
487 int
488 vn_isunder(struct vnode *lvp, struct vnode *rvp, struct lwp *l)
489 {
490 	int error;
491 
492 	error = getcwd_common(lvp, rvp, NULL, NULL, MAXPATHLEN / 2, 0, l);
493 
494 	if (!error)
495 		return 1;
496 	else
497 		return 0;
498 }
499 
500 /*
501  * Returns true if proc p1's root directory equal to or under p2's
502  * root directory.
503  *
504  * Intended to be used from ptrace/procfs sorts of things.
505  */
506 
507 int
508 proc_isunder(struct proc *p1, struct lwp *l2)
509 {
510 	struct vnode *r1 = p1->p_cwdi->cwdi_rdir;
511 	struct vnode *r2 = l2->l_proc->p_cwdi->cwdi_rdir;
512 
513 	if (r1 == NULL)
514 		return (r2 == NULL);
515 	else if (r2 == NULL)
516 		return 1;
517 	else
518 		return vn_isunder(r1, r2, l2);
519 }
520 
521 /*
522  * Find pathname of process's current directory.
523  *
524  * Use vfs vnode-to-name reverse cache; if that fails, fall back
525  * to reading directory contents.
526  */
527 
528 int
529 sys___getcwd(struct lwp *l, void *v, register_t *retval)
530 {
531 	struct sys___getcwd_args /* {
532 		syscallarg(char *) bufp;
533 		syscallarg(size_t) length;
534 	} */ *uap = v;
535 
536 	int     error;
537 	char   *path;
538 	char   *bp, *bend;
539 	int     len = SCARG(uap, length);
540 	int	lenused;
541 
542 	if (len > MAXPATHLEN * 4)
543 		len = MAXPATHLEN * 4;
544 	else if (len < 2)
545 		return ERANGE;
546 
547 	path = (char *)malloc(len, M_TEMP, M_WAITOK);
548 	if (!path)
549 		return ENOMEM;
550 
551 	bp = &path[len];
552 	bend = bp;
553 	*(--bp) = '\0';
554 
555 	/*
556 	 * 5th argument here is "max number of vnodes to traverse".
557 	 * Since each entry takes up at least 2 bytes in the output buffer,
558 	 * limit it to N/2 vnodes for an N byte buffer.
559 	 */
560 	error = getcwd_common(l->l_proc->p_cwdi->cwdi_cdir, NULL, &bp, path,
561 	    len/2, GETCWD_CHECK_ACCESS, l);
562 
563 	if (error)
564 		goto out;
565 	lenused = bend - bp;
566 	*retval = lenused;
567 	/* put the result into user buffer */
568 	error = copyout(bp, SCARG(uap, bufp), lenused);
569 
570 out:
571 	free(path, M_TEMP);
572 	return error;
573 }
574