1/* Copyright (C) 1991-2018 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <http://www.gnu.org/licenses/>. */
17
18#include <assert.h>
19#include <errno.h>
20#include <limits.h>
21#include <stdbool.h>
22#include <stddef.h>
23#include <stdlib.h>
24#include <dirent.h>
25#include <fcntl.h>
26#include <sys/param.h>
27#include <sys/types.h>
28#include <sys/stat.h>
29#include <unistd.h>
30#include <stdio.h>
31#include <string.h>
32
33#include <dirstream.h>
34#include <not-cancel.h>
35#include <kernel-features.h>
36
37/* The st_blksize value of the directory is used as a hint for the
38 size of the buffer which receives struct dirent values from the
39 kernel. st_blksize is limited to MAX_DIR_BUFFER_SIZE, in case the
40 file system provides a bogus value. */
41#define MAX_DIR_BUFFER_SIZE 1048576U
42
43/* opendir() must not accidentally open something other than a directory.
44 Some OS's have kernel support for that, some don't. In the worst
45 case we have to stat() before the open() AND fstat() after.
46
47 We have to test at runtime for kernel support since libc may have
48 been compiled with different headers to the kernel it's running on.
49 This test can't be done reliably in the general case. We'll use
50 /dev/null, which if it's not a device lots of stuff will break, as
51 a guinea pig. It may be missing in chroot environments, so we
52 make sure to fail safe. */
53#ifdef O_DIRECTORY
54# ifdef O_DIRECTORY_WORKS
55# define o_directory_works 1
56# define tryopen_o_directory() while (1) /* This must not be called. */
57# else
58static int o_directory_works;
59
60static void
61tryopen_o_directory (void)
62{
63 int serrno = errno;
64 int x = __open_nocancel ("/dev/null", O_RDONLY|O_NDELAY|O_DIRECTORY);
65
66 if (x >= 0)
67 {
68 __close_nocancel_nostatus (x);
69 o_directory_works = -1;
70 }
71 else if (errno != ENOTDIR)
72 o_directory_works = -1;
73 else
74 o_directory_works = 1;
75
76 __set_errno (serrno);
77}
78# endif
79# define EXTRA_FLAGS O_DIRECTORY
80#else
81# define EXTRA_FLAGS 0
82#endif
83
84enum {
85 opendir_oflags = O_RDONLY|O_NDELAY|EXTRA_FLAGS|O_LARGEFILE|O_CLOEXEC
86};
87
88static bool
89invalid_name (const char *name)
90{
91 if (__glibc_unlikely (name[0] == '\0'))
92 {
93 /* POSIX.1-1990 says an empty name gets ENOENT;
94 but `open' might like it fine. */
95 __set_errno (ENOENT);
96 return true;
97 }
98 return false;
99}
100
101
102static bool
103need_isdir_precheck (void)
104{
105#ifdef O_DIRECTORY
106 /* Test whether O_DIRECTORY works. */
107 if (o_directory_works == 0)
108 tryopen_o_directory ();
109
110 /* We can skip the expensive `stat' call if O_DIRECTORY works. */
111 return o_directory_works < 0;
112#endif
113 return true;
114}
115
116static DIR *
117opendir_tail (int fd)
118{
119 if (__glibc_unlikely (fd < 0))
120 return NULL;
121
122 /* Now make sure this really is a directory and nothing changed since the
123 `stat' call. The S_ISDIR check is superfluous if O_DIRECTORY works,
124 but it's cheap and we need the stat call for st_blksize anyway. */
125 struct stat64 statbuf;
126 if (__glibc_unlikely (__fxstat64 (_STAT_VER, fd, &statbuf) < 0))
127 goto lose;
128 if (__glibc_unlikely (! S_ISDIR (statbuf.st_mode)))
129 {
130 __set_errno (ENOTDIR);
131 lose:
132 __close_nocancel_nostatus (fd);
133 return NULL;
134 }
135
136 return __alloc_dir (fd, true, 0, &statbuf);
137}
138
139
140#if IS_IN (libc)
141DIR *
142__opendirat (int dfd, const char *name)
143{
144 if (__glibc_unlikely (invalid_name (name)))
145 return NULL;
146
147 if (need_isdir_precheck ())
148 {
149 /* We first have to check whether the name is for a directory. We
150 cannot do this after the open() call since the open/close operation
151 performed on, say, a tape device might have undesirable effects. */
152 struct stat64 statbuf;
153 if (__glibc_unlikely (__fxstatat64 (_STAT_VER, dfd, name,
154 &statbuf, 0) < 0))
155 return NULL;
156 if (__glibc_unlikely (! S_ISDIR (statbuf.st_mode)))
157 {
158 __set_errno (ENOTDIR);
159 return NULL;
160 }
161 }
162
163 return opendir_tail (__openat_nocancel (dfd, name, opendir_oflags));
164}
165#endif
166
167
168/* Open a directory stream on NAME. */
169DIR *
170__opendir (const char *name)
171{
172 if (__glibc_unlikely (invalid_name (name)))
173 return NULL;
174
175 if (need_isdir_precheck ())
176 {
177 /* We first have to check whether the name is for a directory. We
178 cannot do this after the open() call since the open/close operation
179 performed on, say, a tape device might have undesirable effects. */
180 struct stat64 statbuf;
181 if (__glibc_unlikely (__xstat64 (_STAT_VER, name, &statbuf) < 0))
182 return NULL;
183 if (__glibc_unlikely (! S_ISDIR (statbuf.st_mode)))
184 {
185 __set_errno (ENOTDIR);
186 return NULL;
187 }
188 }
189
190 return opendir_tail (__open_nocancel (name, opendir_oflags));
191}
192weak_alias (__opendir, opendir)
193
194DIR *
195__alloc_dir (int fd, bool close_fd, int flags, const struct stat64 *statp)
196{
197 /* We have to set the close-on-exit flag if the user provided the
198 file descriptor. */
199 if (!close_fd
200 && __builtin_expect (__fcntl (fd, F_SETFD, FD_CLOEXEC), 0) < 0)
201 goto lose;
202
203 const size_t default_allocation = (4 * BUFSIZ < sizeof (struct dirent64)
204 ? sizeof (struct dirent64) : 4 * BUFSIZ);
205 const size_t small_allocation = (BUFSIZ < sizeof (struct dirent64)
206 ? sizeof (struct dirent64) : BUFSIZ);
207 size_t allocation = default_allocation;
208#ifdef _STATBUF_ST_BLKSIZE
209 /* Increase allocation if requested, but not if the value appears to
210 be bogus. */
211 if (statp != NULL)
212 allocation = MIN (MAX ((size_t) statp->st_blksize, default_allocation),
213 MAX_DIR_BUFFER_SIZE);
214#endif
215
216 DIR *dirp = (DIR *) malloc (sizeof (DIR) + allocation);
217 if (dirp == NULL)
218 {
219 allocation = small_allocation;
220 dirp = (DIR *) malloc (sizeof (DIR) + allocation);
221
222 if (dirp == NULL)
223 lose:
224 {
225 if (close_fd)
226 {
227 int save_errno = errno;
228 __close_nocancel_nostatus (fd);
229 __set_errno (save_errno);
230 }
231 return NULL;
232 }
233 }
234
235 dirp->fd = fd;
236#if IS_IN (libc)
237 __libc_lock_init (dirp->lock);
238#endif
239 dirp->allocation = allocation;
240 dirp->size = 0;
241 dirp->offset = 0;
242 dirp->filepos = 0;
243 dirp->errcode = 0;
244
245 return dirp;
246}
247