[thirdparty/systemd.git] / src / basic / recurse-dir.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <sys/stat.h>

#include "alloc-util.h"
#include "dirent-util.h"
#include "fd-util.h"
#include "fs-util.h"
#include "log.h"
#include "mountpoint-util.h"
#include "path-util.h"
#include "recurse-dir.h"
#include "sort-util.h"

#define DEFAULT_RECURSION_MAX 100

static int sort_func(struct dirent * const *a, struct dirent * const *b) {
        return strcmp((*a)->d_name, (*b)->d_name);
}

static bool ignore_dirent(const struct dirent *de, RecurseDirFlags flags) {
        assert(de);

        /* Depending on flag either ignore everything starting with ".", or just "." itself and ".." */

        return FLAGS_SET(flags, RECURSE_DIR_IGNORE_DOT) ?
                de->d_name[0] == '.' :
                dot_or_dot_dot(de->d_name);
}

int readdir_all(int dir_fd, RecurseDirFlags flags, DirectoryEntries **ret) {
        _cleanup_free_ DirectoryEntries *de = NULL;
        DirectoryEntries *nde;
        int r;

        assert(dir_fd >= 0);

        /* Returns an array with pointers to "struct dirent" directory entries, optionally sorted. Free the
         * array with readdir_all_freep().
         *
         * Start with space for up to 8 directory entries. We expect at least 2 ("." + ".."), hence hopefully
         * 8 will cover most cases comprehensively. (Note that most likely a lot more entries will actually
         * fit in the buffer, given we calculate maximum file name length here.) */
        de = malloc(offsetof(DirectoryEntries, buffer) + DIRENT_SIZE_MAX * 8);
        if (!de)
                return -ENOMEM;

        de->buffer_size = 0;
        for (;;) {
                size_t bs;
                ssize_t n;

                bs = MIN(MALLOC_SIZEOF_SAFE(de) - offsetof(DirectoryEntries, buffer), (size_t) SSIZE_MAX);
                assert(bs > de->buffer_size);

                n = getdents64(dir_fd, (struct dirent*) ((uint8_t*) de->buffer + de->buffer_size), bs - de->buffer_size);
                if (n < 0)
                        return -errno;
                if (n == 0)
                        break;

                msan_unpoison((uint8_t*) de->buffer + de->buffer_size, n);

                de->buffer_size += n;

                if (de->buffer_size < bs - DIRENT_SIZE_MAX) /* Still room for one more entry, then try to
                                                             * fill it up without growing the structure. */
                        continue;

                if (bs >= SSIZE_MAX - offsetof(DirectoryEntries, buffer))
                        return -EFBIG;
                bs = bs >= (SSIZE_MAX - offsetof(DirectoryEntries, buffer))/2 ? SSIZE_MAX - offsetof(DirectoryEntries, buffer) : bs * 2;

                nde = realloc(de, bs);
                if (!nde)
                        return -ENOMEM;
                de = nde;
        }

        de->n_entries = 0;
        struct dirent *entry;
        FOREACH_DIRENT_IN_BUFFER(entry, de->buffer, de->buffer_size) {
                if (ignore_dirent(entry, flags))
                        continue;

                if (FLAGS_SET(flags, RECURSE_DIR_ENSURE_TYPE)) {
                        r = dirent_ensure_type(dir_fd, entry);
                        if (r == -ENOENT)
                                /* dentry gone by now? no problem, let's just suppress it */
                                continue;
                        if (r < 0)
                                return r;
                }

                de->n_entries++;
        }

        size_t sz, j;

        sz = ALIGN(offsetof(DirectoryEntries, buffer) + de->buffer_size);
        if (!INC_SAFE(&sz, sizeof(struct dirent*) * de->n_entries))
                return -ENOMEM;

        nde = realloc(de, sz);
        if (!nde)
                return -ENOMEM;
        de = nde;

        de->entries = (struct dirent**) ((uint8_t*) de + ALIGN(offsetof(DirectoryEntries, buffer) + de->buffer_size));

        j = 0;
        FOREACH_DIRENT_IN_BUFFER(entry, de->buffer, de->buffer_size) {
                if (ignore_dirent(entry, flags))
                        continue;

                /* If d_type == DT_UNKNOWN that means we failed to ensure the type in the earlier loop and
                 * didn't include the dentry in de->n_entries and as such should skip it here as well. */
                if (FLAGS_SET(flags, RECURSE_DIR_ENSURE_TYPE) && entry->d_type == DT_UNKNOWN)
                        continue;

                de->entries[j++] = entry;
        }
        assert(j == de->n_entries);

        if (FLAGS_SET(flags, RECURSE_DIR_SORT))
                typesafe_qsort(de->entries, de->n_entries, sort_func);

        if (ret)
                *ret = TAKE_PTR(de);

        return 0;
}

int readdir_all_at(int fd, const char *path, RecurseDirFlags flags, DirectoryEntries **ret) {
        _cleanup_close_ int dir_fd = -EBADF;

        assert(fd >= 0 || fd == AT_FDCWD);

        dir_fd = xopenat(fd, path, O_DIRECTORY|O_CLOEXEC);
        if (dir_fd < 0)
                return dir_fd;

        return readdir_all(dir_fd, flags, ret);
}

int recurse_dir(
                int dir_fd,
                const char *path,
                unsigned statx_mask,
                unsigned n_depth_max,
                RecurseDirFlags flags,
                recurse_dir_func_t func,
                void *userdata) {

        _cleanup_free_ DirectoryEntries *de = NULL;
        struct statx root_sx;
        int r;

        assert(dir_fd >= 0);
        assert(func);

        /* This is a lot like ftw()/nftw(), but a lot more modern, i.e. built around openat()/statx()/O_PATH,
         * and under the assumption that fds are not as 'expensive' as they used to be. */

        if (n_depth_max == 0)
                return -EOVERFLOW;
        if (n_depth_max == UINT_MAX) /* special marker for "default" */
                n_depth_max = DEFAULT_RECURSION_MAX;

        if (FLAGS_SET(flags, RECURSE_DIR_TOPLEVEL)) {
                if (statx_mask != 0) {
                        if (statx(dir_fd, "", AT_EMPTY_PATH, statx_mask, &root_sx) < 0)
                                return -errno;
                }

                r = func(RECURSE_DIR_ENTER,
                         path,
                         -1, /* we have no parent fd */
                         dir_fd,
                         NULL, /* we have no dirent */
                         statx_mask != 0 ? &root_sx : NULL,
                         userdata);
                if (IN_SET(r, RECURSE_DIR_LEAVE_DIRECTORY, RECURSE_DIR_SKIP_ENTRY))
                        return 0;
                if (r != RECURSE_DIR_CONTINUE)
                        return r;
        }

        /* Mask out RECURSE_DIR_ENSURE_TYPE so we can do it ourselves and avoid an extra statx() call. */
        r = readdir_all(dir_fd, flags & ~RECURSE_DIR_ENSURE_TYPE, &de);
        if (r < 0)
                return r;

        for (size_t i = 0; i < de->n_entries; i++) {
                _cleanup_close_ int inode_fd = -EBADF, subdir_fd = -EBADF;
                _cleanup_free_ char *joined = NULL;
                struct statx sx;
                bool sx_valid = false;
                const char *p;

                /* For each directory entry we'll do one of the following:
                 *
                 * 1) If the entry refers to a directory, we'll open it as O_DIRECTORY 'subdir_fd' and then statx() the opened directory via that new fd (if requested)
                 * 2) Otherwise, if RECURSE_DIR_INODE_FD is set we'll open it as O_PATH 'inode_fd' and then statx() the opened inode via that new fd (if requested)
                 * 3) Otherwise, we'll statx() the directory entry via the directory fd we are currently looking at (if requested)
                 */

                if (path) {
                        joined = path_join(path, de->entries[i]->d_name);
                        if (!joined)
                                return -ENOMEM;

                        p = joined;
                } else
                        p = de->entries[i]->d_name;

                if (IN_SET(de->entries[i]->d_type, DT_UNKNOWN, DT_DIR)) {
                        subdir_fd = openat(dir_fd, de->entries[i]->d_name, O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC);
                        if (subdir_fd < 0) {
                                if (errno == ENOENT) /* Vanished by now, go for next file immediately */
                                        continue;

                                /* If it is a subdir but we failed to open it, then fail */
                                if (!IN_SET(errno, ENOTDIR, ELOOP)) {
                                        log_debug_errno(errno, "Failed to open directory '%s': %m", p);

                                        assert(errno <= RECURSE_DIR_SKIP_OPEN_DIR_ERROR_MAX - RECURSE_DIR_SKIP_OPEN_DIR_ERROR_BASE);

                                        r = func(RECURSE_DIR_SKIP_OPEN_DIR_ERROR_BASE + errno,
                                                 p,
                                                 dir_fd,
                                                 -1,
                                                 de->entries[i],
                                                 NULL,
                                                 userdata);
                                        if (r == RECURSE_DIR_LEAVE_DIRECTORY)
                                                break;
                                        if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
                                                return r;

                                        continue;
                                }

                                /* If it's not a subdir, then let's handle it like a regular inode below */

                        } else {
                                /* If we managed to get a DIR* off the inode, it's definitely a directory. */
                                de->entries[i]->d_type = DT_DIR;

                                if (statx_mask != 0 || (flags & RECURSE_DIR_SAME_MOUNT)) {
                                        if (statx(subdir_fd, "", AT_EMPTY_PATH, statx_mask, &sx) < 0)
                                                return -errno;

                                        sx_valid = true;
                                }
                        }
                }

                if (subdir_fd < 0) {
                        /* It's not a subdirectory. */

                        if (flags & RECURSE_DIR_INODE_FD) {

                                inode_fd = openat(dir_fd, de->entries[i]->d_name, O_PATH|O_NOFOLLOW|O_CLOEXEC);
                                if (inode_fd < 0) {
                                        if (errno == ENOENT) /* Vanished by now, go for next file immediately */
                                                continue;

                                        log_debug_errno(errno, "Failed to open directory entry '%s': %m", p);

                                        assert(errno <= RECURSE_DIR_SKIP_OPEN_INODE_ERROR_MAX - RECURSE_DIR_SKIP_OPEN_INODE_ERROR_BASE);

                                        r = func(RECURSE_DIR_SKIP_OPEN_INODE_ERROR_BASE + errno,
                                                 p,
                                                 dir_fd,
                                                 -1,
                                                 de->entries[i],
                                                 NULL,
                                                 userdata);
                                        if (r == RECURSE_DIR_LEAVE_DIRECTORY)
                                                break;
                                        if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
                                                return r;

                                        continue;
                                }

                                /* If we open the inode, then verify it's actually a non-directory, like we
                                 * assume. Let's guarantee that we never pass statx data of a directory where
                                 * caller expects a non-directory */

                                if (statx(inode_fd, "", AT_EMPTY_PATH, statx_mask | STATX_TYPE, &sx) < 0)
                                        return -errno;

                                assert(sx.stx_mask & STATX_TYPE);
                                sx_valid = true;

                                if (S_ISDIR(sx.stx_mode)) {
                                        /* What? It's a directory now? Then someone must have quickly
                                         * replaced it. Let's handle that gracefully: convert it to a
                                         * directory fd — which should be riskless now that we pinned the
                                         * inode. */

                                        subdir_fd = fd_reopen(inode_fd, O_DIRECTORY|O_CLOEXEC);
                                        if (subdir_fd < 0)
                                                return subdir_fd;

                                        inode_fd = safe_close(inode_fd);
                                }

                        } else if (statx_mask != 0 || (de->entries[i]->d_type == DT_UNKNOWN && (flags & RECURSE_DIR_ENSURE_TYPE))) {

                                if (statx(dir_fd, de->entries[i]->d_name, AT_SYMLINK_NOFOLLOW, statx_mask | STATX_TYPE, &sx) < 0) {
                                        if (errno == ENOENT) /* Vanished by now? Go for next file immediately */
                                                continue;

                                        log_debug_errno(errno, "Failed to stat directory entry '%s': %m", p);

                                        assert(errno <= RECURSE_DIR_SKIP_STAT_INODE_ERROR_MAX - RECURSE_DIR_SKIP_STAT_INODE_ERROR_BASE);

                                        r = func(RECURSE_DIR_SKIP_STAT_INODE_ERROR_BASE + errno,
                                                 p,
                                                 dir_fd,
                                                 -1,
                                                 de->entries[i],
                                                 NULL,
                                                 userdata);
                                        if (r == RECURSE_DIR_LEAVE_DIRECTORY)
                                                break;
                                        if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
                                                return r;

                                        continue;
                                }

                                assert(sx.stx_mask & STATX_TYPE);
                                sx_valid = true;

                                if (S_ISDIR(sx.stx_mode)) {
                                        /* So it suddenly is a directory, but we couldn't open it as such
                                         * earlier?  That is weird, and probably means somebody is racing
                                         * against us. We could of course retry and open it as a directory
                                         * again, but the chance to win here is limited. Hence, let's
                                         * propagate this as EISDIR error instead. That way we make this
                                         * something that can be reasonably handled, even though we give the
                                         * guarantee that RECURSE_DIR_ENTRY is strictly issued for
                                         * non-directory dirents. */

                                        log_debug("Non-directory entry '%s' suddenly became a directory.", p);

                                        r = func(RECURSE_DIR_SKIP_STAT_INODE_ERROR_BASE + EISDIR,
                                                 p,
                                                 dir_fd,
                                                 -1,
                                                 de->entries[i],
                                                 NULL,
                                                 userdata);
                                        if (r == RECURSE_DIR_LEAVE_DIRECTORY)
                                                break;
                                        if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
                                                return r;

                                        continue;
                                }
                        }
                }

                if (sx_valid) {
                        /* Copy over the data we acquired through statx() if we acquired any */
                        if (sx.stx_mask & STATX_TYPE) {
                                assert((subdir_fd < 0) == !S_ISDIR(sx.stx_mode));
                                de->entries[i]->d_type = IFTODT(sx.stx_mode);
                        }

                        if (sx.stx_mask & STATX_INO)
                                de->entries[i]->d_ino = sx.stx_ino;
                }

                if (subdir_fd >= 0) {
                        if (FLAGS_SET(flags, RECURSE_DIR_SAME_MOUNT)) {
                                bool is_mount;

                                if (sx_valid && FLAGS_SET(sx.stx_attributes_mask, STATX_ATTR_MOUNT_ROOT))
                                        is_mount = FLAGS_SET(sx.stx_attributes, STATX_ATTR_MOUNT_ROOT);
                                else {
                                        r = is_mount_point_at(dir_fd, de->entries[i]->d_name, 0);
                                        if (r < 0)
                                                log_debug_errno(r, "Failed to determine whether %s is a submount, assuming not: %m", p);

                                        is_mount = r > 0;
                                }

                                if (is_mount) {
                                        r = func(RECURSE_DIR_SKIP_MOUNT,
                                                 p,
                                                 dir_fd,
                                                 subdir_fd,
                                                 de->entries[i],
                                                 statx_mask != 0 ? &sx : NULL, /* only pass sx if user asked for it */
                                                 userdata);
                                        if (r == RECURSE_DIR_LEAVE_DIRECTORY)
                                                break;
                                        if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
                                                return r;

                                        continue;
                                }
                        }

                        if (n_depth_max <= 1) {
                                /* When we reached max depth, generate a special event */

                                r = func(RECURSE_DIR_SKIP_DEPTH,
                                         p,
                                         dir_fd,
                                         subdir_fd,
                                         de->entries[i],
                                         statx_mask != 0 ? &sx : NULL, /* only pass sx if user asked for it */
                                         userdata);
                                if (r == RECURSE_DIR_LEAVE_DIRECTORY)
                                        break;
                                if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
                                        return r;

                                continue;
                        }

                        r = func(RECURSE_DIR_ENTER,
                                 p,
                                 dir_fd,
                                 subdir_fd,
                                 de->entries[i],
                                 statx_mask != 0 ? &sx : NULL, /* only pass sx if user asked for it */
                                 userdata);
                        if (r == RECURSE_DIR_LEAVE_DIRECTORY)
                                break;
                        if (r == RECURSE_DIR_SKIP_ENTRY)
                                continue;
                        if (r != RECURSE_DIR_CONTINUE)
                                return r;

                        r = recurse_dir(subdir_fd,
                                        p,
                                        statx_mask,
                                        n_depth_max - 1,
                                        flags &~ RECURSE_DIR_TOPLEVEL, /* we already called the callback for this entry */
                                        func,
                                        userdata);
                        if (r != 0)
                                return r;

                        r = func(RECURSE_DIR_LEAVE,
                                 p,
                                 dir_fd,
                                 subdir_fd,
                                 de->entries[i],
                                 statx_mask != 0 ? &sx : NULL, /* only pass sx if user asked for it */
                                 userdata);
                } else
                        /* Non-directory inode */
                        r = func(RECURSE_DIR_ENTRY,
                                 p,
                                 dir_fd,
                                 inode_fd,
                                 de->entries[i],
                                 statx_mask != 0 ? &sx : NULL, /* only pass sx if user asked for it */
                                 userdata);

                if (r == RECURSE_DIR_LEAVE_DIRECTORY)
                        break;
                if (!IN_SET(r, RECURSE_DIR_SKIP_ENTRY, RECURSE_DIR_CONTINUE))
                        return r;
        }

        if (FLAGS_SET(flags, RECURSE_DIR_TOPLEVEL)) {

                r = func(RECURSE_DIR_LEAVE,
                         path,
                         -1,
                         dir_fd,
                         NULL,
                         statx_mask != 0 ? &root_sx : NULL,
                         userdata);
                if (!IN_SET(r, RECURSE_DIR_LEAVE_DIRECTORY, RECURSE_DIR_SKIP_ENTRY, RECURSE_DIR_CONTINUE))
                        return r;
        }

        return 0;
}

int recurse_dir_at(
                int atfd,
                const char *path,
                unsigned statx_mask,
                unsigned n_depth_max,
                RecurseDirFlags flags,
                recurse_dir_func_t func,
                void *userdata) {

        _cleanup_close_ int fd = -EBADF;

        assert(atfd >= 0 || atfd == AT_FDCWD);
        assert(func);

        fd = openat(atfd, path ?: ".", O_DIRECTORY|O_CLOEXEC);
        if (fd < 0)
                return -errno;

        return recurse_dir(fd, path, statx_mask, n_depth_max, flags, func, userdata);
}
Commit	Line	Data
b5a07e52 LP	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
b5a07e52 LP	2
0c15577a DDM	3	#include <sys/stat.h>
0c15577a DDM	4
b5a07e52 LP	5	#include "alloc-util.h"
	6	#include "dirent-util.h"
	7	#include "fd-util.h"
4d564427	8	#include "fs-util.h"
93a1f792	9	#include "log.h"
b5a07e52	10	#include "mountpoint-util.h"
0c15577a	11	#include "path-util.h"
b5a07e52 LP	12	#include "recurse-dir.h"
	13	#include "sort-util.h"
	14
	15	#define DEFAULT_RECURSION_MAX 100
	16
	17	static int sort_func(struct dirent * const a, struct dirent const *b) {
	18	return strcmp((a)->d_name, (b)->d_name);
	19	}
	20
6393b847 LP	21	static bool ignore_dirent(const struct dirent *de, RecurseDirFlags flags) {
6393b847 LP	22	assert(de);
b5a07e52	23
6393b847	24	/* Depending on flag either ignore everything starting with ".", or just "." itself and ".." */
b5a07e52	25
6393b847 LP	26	return FLAGS_SET(flags, RECURSE_DIR_IGNORE_DOT) ?
	27	de->d_name[0] == '.' :
	28	dot_or_dot_dot(de->d_name);
b5a07e52 LP	29	}
b5a07e52 LP	30
90761f7f	31	int readdir_all(int dir_fd, RecurseDirFlags flags, DirectoryEntries **ret) {
6393b847 LP	32	_cleanup_free_ DirectoryEntries *de = NULL;
6393b847 LP	33	DirectoryEntries *nde;
a0a4c578	34	int r;
b5a07e52	35
6393b847	36	assert(dir_fd >= 0);
b5a07e52 LP	37
b5a07e52 LP	38	/* Returns an array with pointers to "struct dirent" directory entries, optionally sorted. Free the
ca664db2 LP	39	* array with readdir_all_freep().
	40	*
	41	* Start with space for up to 8 directory entries. We expect at least 2 ("." + ".."), hence hopefully
6393b847 LP	42	* 8 will cover most cases comprehensively. (Note that most likely a lot more entries will actually
	43	* fit in the buffer, given we calculate maximum file name length here.) */
	44	de = malloc(offsetof(DirectoryEntries, buffer) + DIRENT_SIZE_MAX * 8);
	45	if (!de)
	46	return -ENOMEM;
	47
	48	de->buffer_size = 0;
b5a07e52	49	for (;;) {
6393b847 LP	50	size_t bs;
6393b847 LP	51	ssize_t n;
b5a07e52	52
6393b847 LP	53	bs = MIN(MALLOC_SIZEOF_SAFE(de) - offsetof(DirectoryEntries, buffer), (size_t) SSIZE_MAX);
6393b847 LP	54	assert(bs > de->buffer_size);
b5a07e52	55
43aacae8	56	n = getdents64(dir_fd, (struct dirent) ((uint8_t) de->buffer + de->buffer_size), bs - de->buffer_size);
6393b847	57	if (n < 0)
b5a07e52	58	return -errno;
6393b847 LP	59	if (n == 0)
6393b847 LP	60	break;
b5a07e52	61
0dbce03c LP	62	msan_unpoison((uint8_t*) de->buffer + de->buffer_size, n);
0dbce03c LP	63
6393b847 LP	64	de->buffer_size += n;
	65
	66	if (de->buffer_size < bs - DIRENT_SIZE_MAX) /* Still room for one more entry, then try to
	67	* fill it up without growing the structure. */
b5a07e52 LP	68	continue;
b5a07e52 LP	69
6393b847 LP	70	if (bs >= SSIZE_MAX - offsetof(DirectoryEntries, buffer))
	71	return -EFBIG;
	72	bs = bs >= (SSIZE_MAX - offsetof(DirectoryEntries, buffer))/2 ? SSIZE_MAX - offsetof(DirectoryEntries, buffer) : bs * 2;
b5a07e52	73
6393b847 LP	74	nde = realloc(de, bs);
6393b847 LP	75	if (!nde)
b5a07e52	76	return -ENOMEM;
6393b847 LP	77	de = nde;
	78	}
	79
	80	de->n_entries = 0;
90761f7f	81	struct dirent *entry;
a4e70ef7	82	FOREACH_DIRENT_IN_BUFFER(entry, de->buffer, de->buffer_size) {
6393b847 LP	83	if (ignore_dirent(entry, flags))
6393b847 LP	84	continue;
b5a07e52	85
a0a4c578 DDM	86	if (FLAGS_SET(flags, RECURSE_DIR_ENSURE_TYPE)) {
	87	r = dirent_ensure_type(dir_fd, entry);
	88	if (r == -ENOENT)
	89	/* dentry gone by now? no problem, let's just suppress it */
	90	continue;
	91	if (r < 0)
	92	return r;
	93	}
	94
6393b847 LP	95	de->n_entries++;
	96	}
	97
90761f7f MY	98	size_t sz, j;
90761f7f MY	99
6393b847	100	sz = ALIGN(offsetof(DirectoryEntries, buffer) + de->buffer_size);
90761f7f	101	if (!INC_SAFE(&sz, sizeof(struct dirent) de->n_entries))
6393b847 LP	102	return -ENOMEM;
6393b847 LP	103
90761f7f	104	nde = realloc(de, sz);
6393b847 LP	105	if (!nde)
6393b847 LP	106	return -ENOMEM;
6393b847	107	de = nde;
90761f7f	108
6393b847 LP	109	de->entries = (struct dirent*) ((uint8_t) de + ALIGN(offsetof(DirectoryEntries, buffer) + de->buffer_size));
	110
	111	j = 0;
a4e70ef7	112	FOREACH_DIRENT_IN_BUFFER(entry, de->buffer, de->buffer_size) {
6393b847 LP	113	if (ignore_dirent(entry, flags))
	114	continue;
	115
a0a4c578 DDM	116	/* If d_type == DT_UNKNOWN that means we failed to ensure the type in the earlier loop and
	117	* didn't include the dentry in de->n_entries and as such should skip it here as well. */
	118	if (FLAGS_SET(flags, RECURSE_DIR_ENSURE_TYPE) && entry->d_type == DT_UNKNOWN)
	119	continue;
	120
6393b847	121	de->entries[j++] = entry;
b5a07e52	122	}
a0a4c578	123	assert(j == de->n_entries);
b5a07e52 LP	124
b5a07e52 LP	125	if (FLAGS_SET(flags, RECURSE_DIR_SORT))
6393b847	126	typesafe_qsort(de->entries, de->n_entries, sort_func);
b5a07e52 LP	127
b5a07e52 LP	128	if (ret)
6393b847	129	*ret = TAKE_PTR(de);
b5a07e52	130
6393b847	131	return 0;
b5a07e52 LP	132	}
b5a07e52 LP	133
4d564427 LP	134	int readdir_all_at(int fd, const char path, RecurseDirFlags flags, DirectoryEntries *ret) {
	135	_cleanup_close_ int dir_fd = -EBADF;
	136
	137	assert(fd >= 0 \|\| fd == AT_FDCWD);
	138
e40b11be	139	dir_fd = xopenat(fd, path, O_DIRECTORY\|O_CLOEXEC);
4d564427 LP	140	if (dir_fd < 0)
	141	return dir_fd;
	142
	143	return readdir_all(dir_fd, flags, ret);
	144	}
	145
b5a07e52	146	int recurse_dir(
6393b847	147	int dir_fd,
b5a07e52 LP	148	const char *path,
	149	unsigned statx_mask,
	150	unsigned n_depth_max,
	151	RecurseDirFlags flags,
	152	recurse_dir_func_t func,
	153	void *userdata) {
	154
6393b847	155	_cleanup_free_ DirectoryEntries *de = NULL;
4424e6c8	156	struct statx root_sx;
6393b847	157	int r;
b5a07e52	158
6393b847	159	assert(dir_fd >= 0);
b5a07e52 LP	160	assert(func);
b5a07e52 LP	161
6393b847 LP	162	/* This is a lot like ftw()/nftw(), but a lot more modern, i.e. built around openat()/statx()/O_PATH,
6393b847 LP	163	* and under the assumption that fds are not as 'expensive' as they used to be. */
b5a07e52 LP	164
	165	if (n_depth_max == 0)
	166	return -EOVERFLOW;
	167	if (n_depth_max == UINT_MAX) /* special marker for "default" */
	168	n_depth_max = DEFAULT_RECURSION_MAX;
	169
b21ec07b LP	170	if (FLAGS_SET(flags, RECURSE_DIR_TOPLEVEL)) {
b21ec07b LP	171	if (statx_mask != 0) {
d5ddc0e0 YW	172	if (statx(dir_fd, "", AT_EMPTY_PATH, statx_mask, &root_sx) < 0)
d5ddc0e0 YW	173	return -errno;
b21ec07b LP	174	}
	175
	176	r = func(RECURSE_DIR_ENTER,
	177	path,
	178	-1, /* we have no parent fd */
	179	dir_fd,
	180	NULL, /* we have no dirent */
	181	statx_mask != 0 ? &root_sx : NULL,
	182	userdata);
	183	if (IN_SET(r, RECURSE_DIR_LEAVE_DIRECTORY, RECURSE_DIR_SKIP_ENTRY))
	184	return 0;
	185	if (r != RECURSE_DIR_CONTINUE)
	186	return r;
	187	}
	188
a0a4c578 DDM	189	/* Mask out RECURSE_DIR_ENSURE_TYPE so we can do it ourselves and avoid an extra statx() call. */
a0a4c578 DDM	190	r = readdir_all(dir_fd, flags & ~RECURSE_DIR_ENSURE_TYPE, &de);
6393b847 LP	191	if (r < 0)
6393b847 LP	192	return r;
b5a07e52	193
6393b847	194	for (size_t i = 0; i < de->n_entries; i++) {
254d1313	195	_cleanup_close_ int inode_fd = -EBADF, subdir_fd = -EBADF;
b5a07e52	196	_cleanup_free_ char *joined = NULL;
4424e6c8	197	struct statx sx;
b5a07e52 LP	198	bool sx_valid = false;
	199	const char *p;
	200
	201	/* For each directory entry we'll do one of the following:
	202	*
6393b847 LP	203	* 1) If the entry refers to a directory, we'll open it as O_DIRECTORY 'subdir_fd' and then statx() the opened directory via that new fd (if requested)
	204	* 2) Otherwise, if RECURSE_DIR_INODE_FD is set we'll open it as O_PATH 'inode_fd' and then statx() the opened inode via that new fd (if requested)
	205	* 3) Otherwise, we'll statx() the directory entry via the directory fd we are currently looking at (if requested)
b5a07e52 LP	206	*/
	207
	208	if (path) {
6393b847	209	joined = path_join(path, de->entries[i]->d_name);
b5a07e52 LP	210	if (!joined)
	211	return -ENOMEM;
	212
	213	p = joined;
	214	} else
6393b847	215	p = de->entries[i]->d_name;
b5a07e52	216
6393b847 LP	217	if (IN_SET(de->entries[i]->d_type, DT_UNKNOWN, DT_DIR)) {
	218	subdir_fd = openat(dir_fd, de->entries[i]->d_name, O_DIRECTORY\|O_NOFOLLOW\|O_CLOEXEC);
	219	if (subdir_fd < 0) {
b5a07e52 LP	220	if (errno == ENOENT) /* Vanished by now, go for next file immediately */
	221	continue;
	222
	223	/* If it is a subdir but we failed to open it, then fail */
	224	if (!IN_SET(errno, ENOTDIR, ELOOP)) {
	225	log_debug_errno(errno, "Failed to open directory '%s': %m", p);
	226
	227	assert(errno <= RECURSE_DIR_SKIP_OPEN_DIR_ERROR_MAX - RECURSE_DIR_SKIP_OPEN_DIR_ERROR_BASE);
	228
	229	r = func(RECURSE_DIR_SKIP_OPEN_DIR_ERROR_BASE + errno,
	230	p,
6393b847	231	dir_fd,
b5a07e52	232	-1,
6393b847	233	de->entries[i],
b5a07e52 LP	234	NULL,
	235	userdata);
	236	if (r == RECURSE_DIR_LEAVE_DIRECTORY)
	237	break;
	238	if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
	239	return r;
	240
	241	continue;
	242	}
	243
	244	/* If it's not a subdir, then let's handle it like a regular inode below */
	245
	246	} else {
	247	/* If we managed to get a DIR* off the inode, it's definitely a directory. */
6393b847	248	de->entries[i]->d_type = DT_DIR;
b5a07e52 LP	249
b5a07e52 LP	250	if (statx_mask != 0 \|\| (flags & RECURSE_DIR_SAME_MOUNT)) {
d5ddc0e0 YW	251	if (statx(subdir_fd, "", AT_EMPTY_PATH, statx_mask, &sx) < 0)
d5ddc0e0 YW	252	return -errno;
b5a07e52 LP	253
	254	sx_valid = true;
	255	}
	256	}
	257	}
	258
6393b847	259	if (subdir_fd < 0) {
b5a07e52 LP	260	/* It's not a subdirectory. */
	261
	262	if (flags & RECURSE_DIR_INODE_FD) {
	263
6393b847	264	inode_fd = openat(dir_fd, de->entries[i]->d_name, O_PATH\|O_NOFOLLOW\|O_CLOEXEC);
b5a07e52 LP	265	if (inode_fd < 0) {
	266	if (errno == ENOENT) /* Vanished by now, go for next file immediately */
	267	continue;
	268
	269	log_debug_errno(errno, "Failed to open directory entry '%s': %m", p);
	270
	271	assert(errno <= RECURSE_DIR_SKIP_OPEN_INODE_ERROR_MAX - RECURSE_DIR_SKIP_OPEN_INODE_ERROR_BASE);
	272
	273	r = func(RECURSE_DIR_SKIP_OPEN_INODE_ERROR_BASE + errno,
	274	p,
6393b847	275	dir_fd,
b5a07e52	276	-1,
6393b847	277	de->entries[i],
b5a07e52 LP	278	NULL,
	279	userdata);
	280	if (r == RECURSE_DIR_LEAVE_DIRECTORY)
	281	break;
	282	if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
	283	return r;
	284
	285	continue;
	286	}
	287
	288	/* If we open the inode, then verify it's actually a non-directory, like we
	289	* assume. Let's guarantee that we never pass statx data of a directory where
	290	* caller expects a non-directory */
	291
d5ddc0e0 YW	292	if (statx(inode_fd, "", AT_EMPTY_PATH, statx_mask \| STATX_TYPE, &sx) < 0)
d5ddc0e0 YW	293	return -errno;
b5a07e52 LP	294
	295	assert(sx.stx_mask & STATX_TYPE);
	296	sx_valid = true;
	297
	298	if (S_ISDIR(sx.stx_mode)) {
	299	/* What? It's a directory now? Then someone must have quickly
	300	* replaced it. Let's handle that gracefully: convert it to a
ba669952	301	* directory fd — which should be riskless now that we pinned the
b5a07e52 LP	302	* inode. */
b5a07e52 LP	303
739d9cae	304	subdir_fd = fd_reopen(inode_fd, O_DIRECTORY\|O_CLOEXEC);
6393b847	305	if (subdir_fd < 0)
739d9cae	306	return subdir_fd;
b5a07e52 LP	307
	308	inode_fd = safe_close(inode_fd);
	309	}
	310
6393b847	311	} else if (statx_mask != 0 \|\| (de->entries[i]->d_type == DT_UNKNOWN && (flags & RECURSE_DIR_ENSURE_TYPE))) {
b5a07e52	312
d5ddc0e0 YW	313	if (statx(dir_fd, de->entries[i]->d_name, AT_SYMLINK_NOFOLLOW, statx_mask \| STATX_TYPE, &sx) < 0) {
	314	if (errno == ENOENT) /* Vanished by now? Go for next file immediately */
	315	continue;
	316
	317	log_debug_errno(errno, "Failed to stat directory entry '%s': %m", p);
b5a07e52	318
d5ddc0e0	319	assert(errno <= RECURSE_DIR_SKIP_STAT_INODE_ERROR_MAX - RECURSE_DIR_SKIP_STAT_INODE_ERROR_BASE);
b5a07e52	320
d5ddc0e0	321	r = func(RECURSE_DIR_SKIP_STAT_INODE_ERROR_BASE + errno,
b5a07e52	322	p,
6393b847	323	dir_fd,
b5a07e52	324	-1,
6393b847	325	de->entries[i],
b5a07e52 LP	326	NULL,
	327	userdata);
	328	if (r == RECURSE_DIR_LEAVE_DIRECTORY)
	329	break;
	330	if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
	331	return r;
	332
	333	continue;
	334	}
	335
	336	assert(sx.stx_mask & STATX_TYPE);
	337	sx_valid = true;
	338
	339	if (S_ISDIR(sx.stx_mode)) {
	340	/* So it suddenly is a directory, but we couldn't open it as such
	341	* earlier? That is weird, and probably means somebody is racing
	342	* against us. We could of course retry and open it as a directory
	343	* again, but the chance to win here is limited. Hence, let's
	344	* propagate this as EISDIR error instead. That way we make this
	345	* something that can be reasonably handled, even though we give the
	346	* guarantee that RECURSE_DIR_ENTRY is strictly issued for
	347	* non-directory dirents. */
	348
91421f83	349	log_debug("Non-directory entry '%s' suddenly became a directory.", p);
b5a07e52 LP	350
	351	r = func(RECURSE_DIR_SKIP_STAT_INODE_ERROR_BASE + EISDIR,
	352	p,
6393b847	353	dir_fd,
b5a07e52	354	-1,
6393b847	355	de->entries[i],
b5a07e52 LP	356	NULL,
	357	userdata);
	358	if (r == RECURSE_DIR_LEAVE_DIRECTORY)
	359	break;
	360	if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
	361	return r;
	362
	363	continue;
	364	}
	365	}
	366	}
	367
	368	if (sx_valid) {
	369	/* Copy over the data we acquired through statx() if we acquired any */
	370	if (sx.stx_mask & STATX_TYPE) {
6393b847 LP	371	assert((subdir_fd < 0) == !S_ISDIR(sx.stx_mode));
6393b847 LP	372	de->entries[i]->d_type = IFTODT(sx.stx_mode);
b5a07e52 LP	373	}
	374
	375	if (sx.stx_mask & STATX_INO)
6393b847	376	de->entries[i]->d_ino = sx.stx_ino;
b5a07e52 LP	377	}
b5a07e52 LP	378
6393b847	379	if (subdir_fd >= 0) {
b5a07e52 LP	380	if (FLAGS_SET(flags, RECURSE_DIR_SAME_MOUNT)) {
	381	bool is_mount;
	382
	383	if (sx_valid && FLAGS_SET(sx.stx_attributes_mask, STATX_ATTR_MOUNT_ROOT))
	384	is_mount = FLAGS_SET(sx.stx_attributes, STATX_ATTR_MOUNT_ROOT);
	385	else {
7ce2c1bb	386	r = is_mount_point_at(dir_fd, de->entries[i]->d_name, 0);
b5a07e52 LP	387	if (r < 0)
	388	log_debug_errno(r, "Failed to determine whether %s is a submount, assuming not: %m", p);
	389
	390	is_mount = r > 0;
	391	}
	392
	393	if (is_mount) {
	394	r = func(RECURSE_DIR_SKIP_MOUNT,
	395	p,
6393b847 LP	396	dir_fd,
	397	subdir_fd,
	398	de->entries[i],
b5a07e52 LP	399	statx_mask != 0 ? &sx : NULL, /* only pass sx if user asked for it */
	400	userdata);
	401	if (r == RECURSE_DIR_LEAVE_DIRECTORY)
	402	break;
	403	if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
	404	return r;
	405
	406	continue;
	407	}
	408	}
	409
	410	if (n_depth_max <= 1) {
	411	/* When we reached max depth, generate a special event */
	412
	413	r = func(RECURSE_DIR_SKIP_DEPTH,
	414	p,
6393b847 LP	415	dir_fd,
	416	subdir_fd,
	417	de->entries[i],
b5a07e52 LP	418	statx_mask != 0 ? &sx : NULL, /* only pass sx if user asked for it */
	419	userdata);
	420	if (r == RECURSE_DIR_LEAVE_DIRECTORY)
	421	break;
	422	if (!IN_SET(r, RECURSE_DIR_CONTINUE, RECURSE_DIR_SKIP_ENTRY))
	423	return r;
	424
	425	continue;
	426	}
	427
	428	r = func(RECURSE_DIR_ENTER,
	429	p,
6393b847 LP	430	dir_fd,
	431	subdir_fd,
	432	de->entries[i],
b5a07e52 LP	433	statx_mask != 0 ? &sx : NULL, /* only pass sx if user asked for it */
	434	userdata);
	435	if (r == RECURSE_DIR_LEAVE_DIRECTORY)
	436	break;
	437	if (r == RECURSE_DIR_SKIP_ENTRY)
	438	continue;
	439	if (r != RECURSE_DIR_CONTINUE)
	440	return r;
	441
6393b847	442	r = recurse_dir(subdir_fd,
b5a07e52 LP	443	p,
	444	statx_mask,
	445	n_depth_max - 1,
b21ec07b	446	flags &~ RECURSE_DIR_TOPLEVEL, /* we already called the callback for this entry */
b5a07e52 LP	447	func,
	448	userdata);
	449	if (r != 0)
	450	return r;
	451
	452	r = func(RECURSE_DIR_LEAVE,
	453	p,
6393b847 LP	454	dir_fd,
	455	subdir_fd,
	456	de->entries[i],
b5a07e52 LP	457	statx_mask != 0 ? &sx : NULL, /* only pass sx if user asked for it */
	458	userdata);
	459	} else
	460	/* Non-directory inode */
	461	r = func(RECURSE_DIR_ENTRY,
	462	p,
6393b847	463	dir_fd,
b5a07e52	464	inode_fd,
6393b847	465	de->entries[i],
b5a07e52 LP	466	statx_mask != 0 ? &sx : NULL, /* only pass sx if user asked for it */
	467	userdata);
	468
b5a07e52 LP	469	if (r == RECURSE_DIR_LEAVE_DIRECTORY)
	470	break;
	471	if (!IN_SET(r, RECURSE_DIR_SKIP_ENTRY, RECURSE_DIR_CONTINUE))
	472	return r;
	473	}
	474
b21ec07b LP	475	if (FLAGS_SET(flags, RECURSE_DIR_TOPLEVEL)) {
	476
	477	r = func(RECURSE_DIR_LEAVE,
	478	path,
	479	-1,
	480	dir_fd,
	481	NULL,
	482	statx_mask != 0 ? &root_sx : NULL,
	483	userdata);
	484	if (!IN_SET(r, RECURSE_DIR_LEAVE_DIRECTORY, RECURSE_DIR_SKIP_ENTRY, RECURSE_DIR_CONTINUE))
	485	return r;
	486	}
	487
b5a07e52 LP	488	return 0;
	489	}
	490
	491	int recurse_dir_at(
	492	int atfd,
	493	const char *path,
	494	unsigned statx_mask,
	495	unsigned n_depth_max,
	496	RecurseDirFlags flags,
	497	recurse_dir_func_t func,
	498	void *userdata) {
	499
254d1313	500	_cleanup_close_ int fd = -EBADF;
6393b847 LP	501
	502	assert(atfd >= 0 \|\| atfd == AT_FDCWD);
	503	assert(func);
	504
aa3cc58a	505	fd = openat(atfd, path ?: ".", O_DIRECTORY\|O_CLOEXEC);
6393b847	506	if (fd < 0)
b5a07e52 LP	507	return -errno;
b5a07e52 LP	508
6393b847	509	return recurse_dir(fd, path, statx_mask, n_depth_max, flags, func, userdata);
b5a07e52	510	}