1/* Copyright (C) 1991-2016 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <http://www.gnu.org/licenses/>. */
17
18#include <assert.h>
19#include <errno.h>
20#include <limits.h>
21#include <stdbool.h>
22#include <stddef.h>
23#include <stdlib.h>
24#include <dirent.h>
25#include <fcntl.h>
26#include <sys/param.h>
27#include <sys/types.h>
28#include <sys/stat.h>
29#include <unistd.h>
30#include <stdio.h>
31#include <string.h>
32
33#include <dirstream.h>
34#include <not-cancel.h>
35#include <kernel-features.h>
36
37/* The st_blksize value of the directory is used as a hint for the
38 size of the buffer which receives struct dirent values from the
39 kernel. st_blksize is limited to MAX_DIR_BUFFER_SIZE, in case the
40 file system provides a bogus value. */
41#define MAX_DIR_BUFFER_SIZE 1048576U
42
43/* opendir() must not accidentally open something other than a directory.
44 Some OS's have kernel support for that, some don't. In the worst
45 case we have to stat() before the open() AND fstat() after.
46
47 We have to test at runtime for kernel support since libc may have
48 been compiled with different headers to the kernel it's running on.
49 This test can't be done reliably in the general case. We'll use
50 /dev/null, which if it's not a device lots of stuff will break, as
51 a guinea pig. It may be missing in chroot environments, so we
52 make sure to fail safe. */
53#ifdef O_DIRECTORY
54# ifdef O_DIRECTORY_WORKS
55# define o_directory_works 1
56# define tryopen_o_directory() while (1) /* This must not be called. */
57# else
58static int o_directory_works;
59
60static void
61tryopen_o_directory (void)
62{
63 int serrno = errno;
64 int x = open_not_cancel_2 ("/dev/null", O_RDONLY|O_NDELAY|O_DIRECTORY);
65
66 if (x >= 0)
67 {
68 close_not_cancel_no_status (x);
69 o_directory_works = -1;
70 }
71 else if (errno != ENOTDIR)
72 o_directory_works = -1;
73 else
74 o_directory_works = 1;
75
76 __set_errno (serrno);
77}
78# endif
79# define EXTRA_FLAGS O_DIRECTORY
80#else
81# define EXTRA_FLAGS 0
82#endif
83
84
85static bool
86invalid_name (const char *name)
87{
88 if (__glibc_unlikely (name[0] == '\0'))
89 {
90 /* POSIX.1-1990 says an empty name gets ENOENT;
91 but `open' might like it fine. */
92 __set_errno (ENOENT);
93 return true;
94 }
95 return false;
96}
97
98
99static bool
100need_isdir_precheck (void)
101{
102#ifdef O_DIRECTORY
103 /* Test whether O_DIRECTORY works. */
104 if (o_directory_works == 0)
105 tryopen_o_directory ();
106
107 /* We can skip the expensive `stat' call if O_DIRECTORY works. */
108 return o_directory_works < 0;
109#endif
110 return true;
111}
112
113
114static int
115opendir_oflags (void)
116{
117 int flags = O_RDONLY|O_NDELAY|EXTRA_FLAGS|O_LARGEFILE;
118#ifdef O_CLOEXEC
119 flags |= O_CLOEXEC;
120#endif
121 return flags;
122}
123
124
125static DIR *
126opendir_tail (int fd)
127{
128 if (__glibc_unlikely (fd < 0))
129 return NULL;
130
131 /* Now make sure this really is a directory and nothing changed since the
132 `stat' call. The S_ISDIR check is superfluous if O_DIRECTORY works,
133 but it's cheap and we need the stat call for st_blksize anyway. */
134 struct stat64 statbuf;
135 if (__glibc_unlikely (__fxstat64 (_STAT_VER, fd, &statbuf) < 0))
136 goto lose;
137 if (__glibc_unlikely (! S_ISDIR (statbuf.st_mode)))
138 {
139 __set_errno (ENOTDIR);
140 lose:
141 close_not_cancel_no_status (fd);
142 return NULL;
143 }
144
145 return __alloc_dir (fd, true, 0, &statbuf);
146}
147
148
149#if IS_IN (libc)
150DIR *
151internal_function
152__opendirat (int dfd, const char *name)
153{
154 if (__glibc_unlikely (invalid_name (name)))
155 return NULL;
156
157 if (need_isdir_precheck ())
158 {
159 /* We first have to check whether the name is for a directory. We
160 cannot do this after the open() call since the open/close operation
161 performed on, say, a tape device might have undesirable effects. */
162 struct stat64 statbuf;
163 if (__glibc_unlikely (__fxstatat64 (_STAT_VER, dfd, name,
164 &statbuf, 0) < 0))
165 return NULL;
166 if (__glibc_unlikely (! S_ISDIR (statbuf.st_mode)))
167 {
168 __set_errno (ENOTDIR);
169 return NULL;
170 }
171 }
172
173 return opendir_tail (openat_not_cancel_3 (dfd, name, opendir_oflags ()));
174}
175#endif
176
177
178/* Open a directory stream on NAME. */
179DIR *
180__opendir (const char *name)
181{
182 if (__glibc_unlikely (invalid_name (name)))
183 return NULL;
184
185 if (need_isdir_precheck ())
186 {
187 /* We first have to check whether the name is for a directory. We
188 cannot do this after the open() call since the open/close operation
189 performed on, say, a tape device might have undesirable effects. */
190 struct stat64 statbuf;
191 if (__glibc_unlikely (__xstat64 (_STAT_VER, name, &statbuf) < 0))
192 return NULL;
193 if (__glibc_unlikely (! S_ISDIR (statbuf.st_mode)))
194 {
195 __set_errno (ENOTDIR);
196 return NULL;
197 }
198 }
199
200 return opendir_tail (open_not_cancel_2 (name, opendir_oflags ()));
201}
202weak_alias (__opendir, opendir)
203
204
205#ifdef __ASSUME_O_CLOEXEC
206# define check_have_o_cloexec(fd) 1
207#else
208static int
209check_have_o_cloexec (int fd)
210{
211 if (__have_o_cloexec == 0)
212 __have_o_cloexec = (__fcntl (fd, F_GETFD, 0) & FD_CLOEXEC) == 0 ? -1 : 1;
213 return __have_o_cloexec > 0;
214}
215#endif
216
217
218DIR *
219internal_function
220__alloc_dir (int fd, bool close_fd, int flags, const struct stat64 *statp)
221{
222 /* We always have to set the close-on-exit flag if the user provided
223 the file descriptor. Otherwise only if we have no working
224 O_CLOEXEC support. */
225#ifdef O_CLOEXEC
226 if ((! close_fd && (flags & O_CLOEXEC) == 0)
227 || ! check_have_o_cloexec (fd))
228#endif
229 {
230 if (__builtin_expect (__fcntl (fd, F_SETFD, FD_CLOEXEC), 0) < 0)
231 goto lose;
232 }
233
234 const size_t default_allocation = (4 * BUFSIZ < sizeof (struct dirent64)
235 ? sizeof (struct dirent64) : 4 * BUFSIZ);
236 const size_t small_allocation = (BUFSIZ < sizeof (struct dirent64)
237 ? sizeof (struct dirent64) : BUFSIZ);
238 size_t allocation = default_allocation;
239#ifdef _STATBUF_ST_BLKSIZE
240 /* Increase allocation if requested, but not if the value appears to
241 be bogus. */
242 if (statp != NULL)
243 allocation = MIN (MAX ((size_t) statp->st_blksize, default_allocation),
244 MAX_DIR_BUFFER_SIZE);
245#endif
246
247 DIR *dirp = (DIR *) malloc (sizeof (DIR) + allocation);
248 if (dirp == NULL)
249 {
250 allocation = small_allocation;
251 dirp = (DIR *) malloc (sizeof (DIR) + allocation);
252
253 if (dirp == NULL)
254 lose:
255 {
256 if (close_fd)
257 {
258 int save_errno = errno;
259 close_not_cancel_no_status (fd);
260 __set_errno (save_errno);
261 }
262 return NULL;
263 }
264 }
265
266 dirp->fd = fd;
267#if IS_IN (libc)
268 __libc_lock_init (dirp->lock);
269#endif
270 dirp->allocation = allocation;
271 dirp->size = 0;
272 dirp->offset = 0;
273 dirp->filepos = 0;
274 dirp->errcode = 0;
275
276 return dirp;
277}
278