1/* Copyright (C) 1991-2017 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <http://www.gnu.org/licenses/>. */
17
18#include <assert.h>
19#include <errno.h>
20#include <limits.h>
21#include <stdbool.h>
22#include <stddef.h>
23#include <stdlib.h>
24#include <dirent.h>
25#include <fcntl.h>
26#include <sys/param.h>
27#include <sys/types.h>
28#include <sys/stat.h>
29#include <unistd.h>
30#include <stdio.h>
31#include <string.h>
32
33#include <dirstream.h>
34#include <not-cancel.h>
35#include <kernel-features.h>
36
37/* The st_blksize value of the directory is used as a hint for the
38 size of the buffer which receives struct dirent values from the
39 kernel. st_blksize is limited to MAX_DIR_BUFFER_SIZE, in case the
40 file system provides a bogus value. */
41#define MAX_DIR_BUFFER_SIZE 1048576U
42
43/* opendir() must not accidentally open something other than a directory.
44 Some OS's have kernel support for that, some don't. In the worst
45 case we have to stat() before the open() AND fstat() after.
46
47 We have to test at runtime for kernel support since libc may have
48 been compiled with different headers to the kernel it's running on.
49 This test can't be done reliably in the general case. We'll use
50 /dev/null, which if it's not a device lots of stuff will break, as
51 a guinea pig. It may be missing in chroot environments, so we
52 make sure to fail safe. */
53#ifdef O_DIRECTORY
54# ifdef O_DIRECTORY_WORKS
55# define o_directory_works 1
56# define tryopen_o_directory() while (1) /* This must not be called. */
57# else
58static int o_directory_works;
59
60static void
61tryopen_o_directory (void)
62{
63 int serrno = errno;
64 int x = open_not_cancel_2 ("/dev/null", O_RDONLY|O_NDELAY|O_DIRECTORY);
65
66 if (x >= 0)
67 {
68 close_not_cancel_no_status (x);
69 o_directory_works = -1;
70 }
71 else if (errno != ENOTDIR)
72 o_directory_works = -1;
73 else
74 o_directory_works = 1;
75
76 __set_errno (serrno);
77}
78# endif
79# define EXTRA_FLAGS O_DIRECTORY
80#else
81# define EXTRA_FLAGS 0
82#endif
83
84enum {
85 opendir_oflags = O_RDONLY|O_NDELAY|EXTRA_FLAGS|O_LARGEFILE|O_CLOEXEC
86};
87
88static bool
89invalid_name (const char *name)
90{
91 if (__glibc_unlikely (name[0] == '\0'))
92 {
93 /* POSIX.1-1990 says an empty name gets ENOENT;
94 but `open' might like it fine. */
95 __set_errno (ENOENT);
96 return true;
97 }
98 return false;
99}
100
101
102static bool
103need_isdir_precheck (void)
104{
105#ifdef O_DIRECTORY
106 /* Test whether O_DIRECTORY works. */
107 if (o_directory_works == 0)
108 tryopen_o_directory ();
109
110 /* We can skip the expensive `stat' call if O_DIRECTORY works. */
111 return o_directory_works < 0;
112#endif
113 return true;
114}
115
116static DIR *
117opendir_tail (int fd)
118{
119 if (__glibc_unlikely (fd < 0))
120 return NULL;
121
122 /* Now make sure this really is a directory and nothing changed since the
123 `stat' call. The S_ISDIR check is superfluous if O_DIRECTORY works,
124 but it's cheap and we need the stat call for st_blksize anyway. */
125 struct stat64 statbuf;
126 if (__glibc_unlikely (__fxstat64 (_STAT_VER, fd, &statbuf) < 0))
127 goto lose;
128 if (__glibc_unlikely (! S_ISDIR (statbuf.st_mode)))
129 {
130 __set_errno (ENOTDIR);
131 lose:
132 close_not_cancel_no_status (fd);
133 return NULL;
134 }
135
136 return __alloc_dir (fd, true, 0, &statbuf);
137}
138
139
140#if IS_IN (libc)
141DIR *
142internal_function
143__opendirat (int dfd, const char *name)
144{
145 if (__glibc_unlikely (invalid_name (name)))
146 return NULL;
147
148 if (need_isdir_precheck ())
149 {
150 /* We first have to check whether the name is for a directory. We
151 cannot do this after the open() call since the open/close operation
152 performed on, say, a tape device might have undesirable effects. */
153 struct stat64 statbuf;
154 if (__glibc_unlikely (__fxstatat64 (_STAT_VER, dfd, name,
155 &statbuf, 0) < 0))
156 return NULL;
157 if (__glibc_unlikely (! S_ISDIR (statbuf.st_mode)))
158 {
159 __set_errno (ENOTDIR);
160 return NULL;
161 }
162 }
163
164 return opendir_tail (openat_not_cancel_3 (dfd, name, opendir_oflags));
165}
166#endif
167
168
169/* Open a directory stream on NAME. */
170DIR *
171__opendir (const char *name)
172{
173 if (__glibc_unlikely (invalid_name (name)))
174 return NULL;
175
176 if (need_isdir_precheck ())
177 {
178 /* We first have to check whether the name is for a directory. We
179 cannot do this after the open() call since the open/close operation
180 performed on, say, a tape device might have undesirable effects. */
181 struct stat64 statbuf;
182 if (__glibc_unlikely (__xstat64 (_STAT_VER, name, &statbuf) < 0))
183 return NULL;
184 if (__glibc_unlikely (! S_ISDIR (statbuf.st_mode)))
185 {
186 __set_errno (ENOTDIR);
187 return NULL;
188 }
189 }
190
191 return opendir_tail (open_not_cancel_2 (name, opendir_oflags));
192}
193weak_alias (__opendir, opendir)
194
195DIR *
196internal_function
197__alloc_dir (int fd, bool close_fd, int flags, const struct stat64 *statp)
198{
199 /* We have to set the close-on-exit flag if the user provided the
200 file descriptor. */
201 if (!close_fd
202 && __builtin_expect (__fcntl (fd, F_SETFD, FD_CLOEXEC), 0) < 0)
203 goto lose;
204
205 const size_t default_allocation = (4 * BUFSIZ < sizeof (struct dirent64)
206 ? sizeof (struct dirent64) : 4 * BUFSIZ);
207 const size_t small_allocation = (BUFSIZ < sizeof (struct dirent64)
208 ? sizeof (struct dirent64) : BUFSIZ);
209 size_t allocation = default_allocation;
210#ifdef _STATBUF_ST_BLKSIZE
211 /* Increase allocation if requested, but not if the value appears to
212 be bogus. */
213 if (statp != NULL)
214 allocation = MIN (MAX ((size_t) statp->st_blksize, default_allocation),
215 MAX_DIR_BUFFER_SIZE);
216#endif
217
218 DIR *dirp = (DIR *) malloc (sizeof (DIR) + allocation);
219 if (dirp == NULL)
220 {
221 allocation = small_allocation;
222 dirp = (DIR *) malloc (sizeof (DIR) + allocation);
223
224 if (dirp == NULL)
225 lose:
226 {
227 if (close_fd)
228 {
229 int save_errno = errno;
230 close_not_cancel_no_status (fd);
231 __set_errno (save_errno);
232 }
233 return NULL;
234 }
235 }
236
237 dirp->fd = fd;
238#if IS_IN (libc)
239 __libc_lock_init (dirp->lock);
240#endif
241 dirp->allocation = allocation;
242 dirp->size = 0;
243 dirp->offset = 0;
244 dirp->filepos = 0;
245 dirp->errcode = 0;
246
247 return dirp;
248}
249