projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fs: dcache remove d_mounted
[deliverable/linux.git] / fs / namei.c
1 /*
2 * linux/fs/namei.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7 /*
8 * Some corrections by tytso.
9 */
10
11 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
12 * lookup logic.
13 */
14 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
15 */
16
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
20 #include <linux/fs.h>
21 #include <linux/namei.h>
22 #include <linux/pagemap.h>
23 #include <linux/fsnotify.h>
24 #include <linux/personality.h>
25 #include <linux/security.h>
26 #include <linux/ima.h>
27 #include <linux/syscalls.h>
28 #include <linux/mount.h>
29 #include <linux/audit.h>
30 #include <linux/capability.h>
31 #include <linux/file.h>
32 #include <linux/fcntl.h>
33 #include <linux/device_cgroup.h>
34 #include <linux/fs_struct.h>
35 #include <asm/uaccess.h>
36
37 #include "internal.h"
38
39 /* [Feb-1997 T. Schoebel-Theuer]
40 * Fundamental changes in the pathname lookup mechanisms (namei)
41 * were necessary because of omirr. The reason is that omirr needs
42 * to know the _real_ pathname, not the user-supplied one, in case
43 * of symlinks (and also when transname replacements occur).
44 *
45 * The new code replaces the old recursive symlink resolution with
46 * an iterative one (in case of non-nested symlink chains). It does
47 * this with calls to <fs>_follow_link().
48 * As a side effect, dir_namei(), _namei() and follow_link() are now
49 * replaced with a single function lookup_dentry() that can handle all
50 * the special cases of the former code.
51 *
52 * With the new dcache, the pathname is stored at each inode, at least as
53 * long as the refcount of the inode is positive. As a side effect, the
54 * size of the dcache depends on the inode cache and thus is dynamic.
55 *
56 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
57 * resolution to correspond with current state of the code.
58 *
59 * Note that the symlink resolution is not *completely* iterative.
60 * There is still a significant amount of tail- and mid- recursion in
61 * the algorithm. Also, note that <fs>_readlink() is not used in
62 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
63 * may return different results than <fs>_follow_link(). Many virtual
64 * filesystems (including /proc) exhibit this behavior.
65 */
66
67 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
68 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
69 * and the name already exists in form of a symlink, try to create the new
70 * name indicated by the symlink. The old code always complained that the
71 * name already exists, due to not following the symlink even if its target
72 * is nonexistent. The new semantics affects also mknod() and link() when
73 * the name is a symlink pointing to a non-existant name.
74 *
75 * I don't know which semantics is the right one, since I have no access
76 * to standards. But I found by trial that HP-UX 9.0 has the full "new"
77 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
78 * "old" one. Personally, I think the new semantics is much more logical.
79 * Note that "ln old new" where "new" is a symlink pointing to a non-existing
80 * file does succeed in both HP-UX and SunOs, but not in Solaris
81 * and in the old Linux semantics.
82 */
83
84 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
85 * semantics. See the comments in "open_namei" and "do_link" below.
86 *
87 * [10-Sep-98 Alan Modra] Another symlink change.
88 */
89
90 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
91 * inside the path - always follow.
92 * in the last component in creation/removal/renaming - never follow.
93 * if LOOKUP_FOLLOW passed - follow.
94 * if the pathname has trailing slashes - follow.
95 * otherwise - don't follow.
96 * (applied in that order).
97 *
98 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
99 * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
100 * During the 2.4 we need to fix the userland stuff depending on it -
101 * hopefully we will be able to get rid of that wart in 2.5. So far only
102 * XEmacs seems to be relying on it...
103 */
104 /*
105 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
106 * implemented. Let's see if raised priority of ->s_vfs_rename_mutex gives
107 * any extra contention...
108 */
109
110 /* In order to reduce some races, while at the same time doing additional
111 * checking and hopefully speeding things up, we copy filenames to the
112 * kernel data space before using them..
113 *
114 * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
115 * PATH_MAX includes the nul terminator --RR.
116 */
117 static int do_getname(const char __user *filename, char *page)
118 {
119 int retval;
120 unsigned long len = PATH_MAX;
121
122 if (!segment_eq(get_fs(), KERNEL_DS)) {
123 if ((unsigned long) filename >= TASK_SIZE)
124 return -EFAULT;
125 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
126 len = TASK_SIZE - (unsigned long) filename;
127 }
128
129 retval = strncpy_from_user(page, filename, len);
130 if (retval > 0) {
131 if (retval < len)
132 return 0;
133 return -ENAMETOOLONG;
134 } else if (!retval)
135 retval = -ENOENT;
136 return retval;
137 }
138
139 char * getname(const char __user * filename)
140 {
141 char *tmp, *result;
142
143 result = ERR_PTR(-ENOMEM);
144 tmp = __getname();
145 if (tmp) {
146 int retval = do_getname(filename, tmp);
147
148 result = tmp;
149 if (retval < 0) {
150 __putname(tmp);
151 result = ERR_PTR(retval);
152 }
153 }
154 audit_getname(result);
155 return result;
156 }
157
158 #ifdef CONFIG_AUDITSYSCALL
159 void putname(const char *name)
160 {
161 if (unlikely(!audit_dummy_context()))
162 audit_putname(name);
163 else
164 __putname(name);
165 }
166 EXPORT_SYMBOL(putname);
167 #endif
168
169 /*
170 * This does basic POSIX ACL permission checking
171 */
172 static inline int __acl_permission_check(struct inode *inode, int mask,
173 int (*check_acl)(struct inode *inode, int mask), int rcu)
174 {
175 umode_t mode = inode->i_mode;
176
177 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
178
179 if (current_fsuid() == inode->i_uid)
180 mode >>= 6;
181 else {
182 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
183 if (rcu) {
184 return -ECHILD;
185 } else {
186 int error = check_acl(inode, mask);
187 if (error != -EAGAIN)
188 return error;
189 }
190 }
191
192 if (in_group_p(inode->i_gid))
193 mode >>= 3;
194 }
195
196 /*
197 * If the DACs are ok we don't need any capability check.
198 */
199 if ((mask & ~mode) == 0)
200 return 0;
201 return -EACCES;
202 }
203
204 static inline int acl_permission_check(struct inode *inode, int mask,
205 int (*check_acl)(struct inode *inode, int mask))
206 {
207 return __acl_permission_check(inode, mask, check_acl, 0);
208 }
209
210 /**
211 * generic_permission - check for access rights on a Posix-like filesystem
212 * @inode: inode to check access rights for
213 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
214 * @check_acl: optional callback to check for Posix ACLs
215 *
216 * Used to check for read/write/execute permissions on a file.
217 * We use "fsuid" for this, letting us set arbitrary permissions
218 * for filesystem access without changing the "normal" uids which
219 * are used for other things..
220 */
221 int generic_permission(struct inode *inode, int mask,
222 int (*check_acl)(struct inode *inode, int mask))
223 {
224 int ret;
225
226 /*
227 * Do the basic POSIX ACL permission checks.
228 */
229 ret = acl_permission_check(inode, mask, check_acl);
230 if (ret != -EACCES)
231 return ret;
232
233 /*
234 * Read/write DACs are always overridable.
235 * Executable DACs are overridable if at least one exec bit is set.
236 */
237 if (!(mask & MAY_EXEC) || execute_ok(inode))
238 if (capable(CAP_DAC_OVERRIDE))
239 return 0;
240
241 /*
242 * Searching includes executable on directories, else just read.
243 */
244 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
245 if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
246 if (capable(CAP_DAC_READ_SEARCH))
247 return 0;
248
249 return -EACCES;
250 }
251
252 /**
253 * inode_permission - check for access rights to a given inode
254 * @inode: inode to check permission on
255 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
256 *
257 * Used to check for read/write/execute permissions on an inode.
258 * We use "fsuid" for this, letting us set arbitrary permissions
259 * for filesystem access without changing the "normal" uids which
260 * are used for other things.
261 */
262 int inode_permission(struct inode *inode, int mask)
263 {
264 int retval;
265
266 if (mask & MAY_WRITE) {
267 umode_t mode = inode->i_mode;
268
269 /*
270 * Nobody gets write access to a read-only fs.
271 */
272 if (IS_RDONLY(inode) &&
273 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
274 return -EROFS;
275
276 /*
277 * Nobody gets write access to an immutable file.
278 */
279 if (IS_IMMUTABLE(inode))
280 return -EACCES;
281 }
282
283 if (inode->i_op->permission)
284 retval = inode->i_op->permission(inode, mask);
285 else
286 retval = generic_permission(inode, mask, inode->i_op->check_acl);
287
288 if (retval)
289 return retval;
290
291 retval = devcgroup_inode_permission(inode, mask);
292 if (retval)
293 return retval;
294
295 return security_inode_permission(inode, mask);
296 }
297
298 /**
299 * file_permission - check for additional access rights to a given file
300 * @file: file to check access rights for
301 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
302 *
303 * Used to check for read/write/execute permissions on an already opened
304 * file.
305 *
306 * Note:
307 * Do not use this function in new code. All access checks should
308 * be done using inode_permission().
309 */
310 int file_permission(struct file *file, int mask)
311 {
312 return inode_permission(file->f_path.dentry->d_inode, mask);
313 }
314
315 /*
316 * get_write_access() gets write permission for a file.
317 * put_write_access() releases this write permission.
318 * This is used for regular files.
319 * We cannot support write (and maybe mmap read-write shared) accesses and
320 * MAP_DENYWRITE mmappings simultaneously. The i_writecount field of an inode
321 * can have the following values:
322 * 0: no writers, no VM_DENYWRITE mappings
323 * < 0: (-i_writecount) vm_area_structs with VM_DENYWRITE set exist
324 * > 0: (i_writecount) users are writing to the file.
325 *
326 * Normally we operate on that counter with atomic_{inc,dec} and it's safe
327 * except for the cases where we don't hold i_writecount yet. Then we need to
328 * use {get,deny}_write_access() - these functions check the sign and refuse
329 * to do the change if sign is wrong. Exclusion between them is provided by
330 * the inode->i_lock spinlock.
331 */
332
333 int get_write_access(struct inode * inode)
334 {
335 spin_lock(&inode->i_lock);
336 if (atomic_read(&inode->i_writecount) < 0) {
337 spin_unlock(&inode->i_lock);
338 return -ETXTBSY;
339 }
340 atomic_inc(&inode->i_writecount);
341 spin_unlock(&inode->i_lock);
342
343 return 0;
344 }
345
346 int deny_write_access(struct file * file)
347 {
348 struct inode *inode = file->f_path.dentry->d_inode;
349
350 spin_lock(&inode->i_lock);
351 if (atomic_read(&inode->i_writecount) > 0) {
352 spin_unlock(&inode->i_lock);
353 return -ETXTBSY;
354 }
355 atomic_dec(&inode->i_writecount);
356 spin_unlock(&inode->i_lock);
357
358 return 0;
359 }
360
361 /**
362 * path_get - get a reference to a path
363 * @path: path to get the reference to
364 *
365 * Given a path increment the reference count to the dentry and the vfsmount.
366 */
367 void path_get(struct path *path)
368 {
369 mntget(path->mnt);
370 dget(path->dentry);
371 }
372 EXPORT_SYMBOL(path_get);
373
374 /**
375 * path_put - put a reference to a path
376 * @path: path to put the reference to
377 *
378 * Given a path decrement the reference count to the dentry and the vfsmount.
379 */
380 void path_put(struct path *path)
381 {
382 dput(path->dentry);
383 mntput(path->mnt);
384 }
385 EXPORT_SYMBOL(path_put);
386
387 /**
388 * nameidata_drop_rcu - drop this nameidata out of rcu-walk
389 * @nd: nameidata pathwalk data to drop
390 * @Returns: 0 on success, -ECHLID on failure
391 *
392 * Path walking has 2 modes, rcu-walk and ref-walk (see
393 * Documentation/filesystems/path-lookup.txt). __drop_rcu* functions attempt
394 * to drop out of rcu-walk mode and take normal reference counts on dentries
395 * and vfsmounts to transition to rcu-walk mode. __drop_rcu* functions take
396 * refcounts at the last known good point before rcu-walk got stuck, so
397 * ref-walk may continue from there. If this is not successful (eg. a seqcount
398 * has changed), then failure is returned and path walk restarts from the
399 * beginning in ref-walk mode.
400 *
401 * nameidata_drop_rcu attempts to drop the current nd->path and nd->root into
402 * ref-walk. Must be called from rcu-walk context.
403 */
404 static int nameidata_drop_rcu(struct nameidata *nd)
405 {
406 struct fs_struct *fs = current->fs;
407 struct dentry *dentry = nd->path.dentry;
408
409 BUG_ON(!(nd->flags & LOOKUP_RCU));
410 if (nd->root.mnt) {
411 spin_lock(&fs->lock);
412 if (nd->root.mnt != fs->root.mnt ||
413 nd->root.dentry != fs->root.dentry)
414 goto err_root;
415 }
416 spin_lock(&dentry->d_lock);
417 if (!__d_rcu_to_refcount(dentry, nd->seq))
418 goto err;
419 BUG_ON(nd->inode != dentry->d_inode);
420 spin_unlock(&dentry->d_lock);
421 if (nd->root.mnt) {
422 path_get(&nd->root);
423 spin_unlock(&fs->lock);
424 }
425 mntget(nd->path.mnt);
426
427 rcu_read_unlock();
428 br_read_unlock(vfsmount_lock);
429 nd->flags &= ~LOOKUP_RCU;
430 return 0;
431 err:
432 spin_unlock(&dentry->d_lock);
433 err_root:
434 if (nd->root.mnt)
435 spin_unlock(&fs->lock);
436 return -ECHILD;
437 }
438
439 /* Try to drop out of rcu-walk mode if we were in it, otherwise do nothing. */
440 static inline int nameidata_drop_rcu_maybe(struct nameidata *nd)
441 {
442 if (nd->flags & LOOKUP_RCU)
443 return nameidata_drop_rcu(nd);
444 return 0;
445 }
446
447 /**
448 * nameidata_dentry_drop_rcu - drop nameidata and dentry out of rcu-walk
449 * @nd: nameidata pathwalk data to drop
450 * @dentry: dentry to drop
451 * @Returns: 0 on success, -ECHLID on failure
452 *
453 * nameidata_dentry_drop_rcu attempts to drop the current nd->path and nd->root,
454 * and dentry into ref-walk. @dentry must be a path found by a do_lookup call on
455 * @nd. Must be called from rcu-walk context.
456 */
457 static int nameidata_dentry_drop_rcu(struct nameidata *nd, struct dentry *dentry)
458 {
459 struct fs_struct *fs = current->fs;
460 struct dentry *parent = nd->path.dentry;
461
462 BUG_ON(!(nd->flags & LOOKUP_RCU));
463 if (nd->root.mnt) {
464 spin_lock(&fs->lock);
465 if (nd->root.mnt != fs->root.mnt ||
466 nd->root.dentry != fs->root.dentry)
467 goto err_root;
468 }
469 spin_lock(&parent->d_lock);
470 spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
471 if (!__d_rcu_to_refcount(dentry, nd->seq))
472 goto err;
473 /*
474 * If the sequence check on the child dentry passed, then the child has
475 * not been removed from its parent. This means the parent dentry must
476 * be valid and able to take a reference at this point.
477 */
478 BUG_ON(!IS_ROOT(dentry) && dentry->d_parent != parent);
479 BUG_ON(!parent->d_count);
480 parent->d_count++;
481 spin_unlock(&dentry->d_lock);
482 spin_unlock(&parent->d_lock);
483 if (nd->root.mnt) {
484 path_get(&nd->root);
485 spin_unlock(&fs->lock);
486 }
487 mntget(nd->path.mnt);
488
489 rcu_read_unlock();
490 br_read_unlock(vfsmount_lock);
491 nd->flags &= ~LOOKUP_RCU;
492 return 0;
493 err:
494 spin_unlock(&dentry->d_lock);
495 spin_unlock(&parent->d_lock);
496 err_root:
497 if (nd->root.mnt)
498 spin_unlock(&fs->lock);
499 return -ECHILD;
500 }
501
502 /* Try to drop out of rcu-walk mode if we were in it, otherwise do nothing. */
503 static inline int nameidata_dentry_drop_rcu_maybe(struct nameidata *nd, struct dentry *dentry)
504 {
505 if (nd->flags & LOOKUP_RCU)
506 return nameidata_dentry_drop_rcu(nd, dentry);
507 return 0;
508 }
509
510 /**
511 * nameidata_drop_rcu_last - drop nameidata ending path walk out of rcu-walk
512 * @nd: nameidata pathwalk data to drop
513 * @Returns: 0 on success, -ECHLID on failure
514 *
515 * nameidata_drop_rcu_last attempts to drop the current nd->path into ref-walk.
516 * nd->path should be the final element of the lookup, so nd->root is discarded.
517 * Must be called from rcu-walk context.
518 */
519 static int nameidata_drop_rcu_last(struct nameidata *nd)
520 {
521 struct dentry *dentry = nd->path.dentry;
522
523 BUG_ON(!(nd->flags & LOOKUP_RCU));
524 nd->flags &= ~LOOKUP_RCU;
525 nd->root.mnt = NULL;
526 spin_lock(&dentry->d_lock);
527 if (!__d_rcu_to_refcount(dentry, nd->seq))
528 goto err_unlock;
529 BUG_ON(nd->inode != dentry->d_inode);
530 spin_unlock(&dentry->d_lock);
531
532 mntget(nd->path.mnt);
533
534 rcu_read_unlock();
535 br_read_unlock(vfsmount_lock);
536
537 return 0;
538
539 err_unlock:
540 spin_unlock(&dentry->d_lock);
541 rcu_read_unlock();
542 br_read_unlock(vfsmount_lock);
543 return -ECHILD;
544 }
545
546 /* Try to drop out of rcu-walk mode if we were in it, otherwise do nothing. */
547 static inline int nameidata_drop_rcu_last_maybe(struct nameidata *nd)
548 {
549 if (likely(nd->flags & LOOKUP_RCU))
550 return nameidata_drop_rcu_last(nd);
551 return 0;
552 }
553
554 /**
555 * release_open_intent - free up open intent resources
556 * @nd: pointer to nameidata
557 */
558 void release_open_intent(struct nameidata *nd)
559 {
560 if (nd->intent.open.file->f_path.dentry == NULL)
561 put_filp(nd->intent.open.file);
562 else
563 fput(nd->intent.open.file);
564 }
565
566 static inline struct dentry *
567 do_revalidate(struct dentry *dentry, struct nameidata *nd)
568 {
569 int status = dentry->d_op->d_revalidate(dentry, nd);
570 if (unlikely(status <= 0)) {
571 /*
572 * The dentry failed validation.
573 * If d_revalidate returned 0 attempt to invalidate
574 * the dentry otherwise d_revalidate is asking us
575 * to return a fail status.
576 */
577 if (!status) {
578 if (!d_invalidate(dentry)) {
579 dput(dentry);
580 dentry = NULL;
581 }
582 } else {
583 dput(dentry);
584 dentry = ERR_PTR(status);
585 }
586 }
587 return dentry;
588 }
589
590 /*
591 * force_reval_path - force revalidation of a dentry
592 *
593 * In some situations the path walking code will trust dentries without
594 * revalidating them. This causes problems for filesystems that depend on
595 * d_revalidate to handle file opens (e.g. NFSv4). When FS_REVAL_DOT is set
596 * (which indicates that it's possible for the dentry to go stale), force
597 * a d_revalidate call before proceeding.
598 *
599 * Returns 0 if the revalidation was successful. If the revalidation fails,
600 * either return the error returned by d_revalidate or -ESTALE if the
601 * revalidation it just returned 0. If d_revalidate returns 0, we attempt to
602 * invalidate the dentry. It's up to the caller to handle putting references
603 * to the path if necessary.
604 */
605 static int
606 force_reval_path(struct path *path, struct nameidata *nd)
607 {
608 int status;
609 struct dentry *dentry = path->dentry;
610
611 /*
612 * only check on filesystems where it's possible for the dentry to
613 * become stale. It's assumed that if this flag is set then the
614 * d_revalidate op will also be defined.
615 */
616 if (!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT))
617 return 0;
618
619 status = dentry->d_op->d_revalidate(dentry, nd);
620 if (status > 0)
621 return 0;
622
623 if (!status) {
624 d_invalidate(dentry);
625 status = -ESTALE;
626 }
627 return status;
628 }
629
630 /*
631 * Short-cut version of permission(), for calling on directories
632 * during pathname resolution. Combines parts of permission()
633 * and generic_permission(), and tests ONLY for MAY_EXEC permission.
634 *
635 * If appropriate, check DAC only. If not appropriate, or
636 * short-cut DAC fails, then call ->permission() to do more
637 * complete permission check.
638 */
639 static inline int __exec_permission(struct inode *inode, int rcu)
640 {
641 int ret;
642
643 if (inode->i_op->permission) {
644 if (rcu)
645 return -ECHILD;
646 ret = inode->i_op->permission(inode, MAY_EXEC);
647 if (!ret)
648 goto ok;
649 return ret;
650 }
651 ret = __acl_permission_check(inode, MAY_EXEC, inode->i_op->check_acl, rcu);
652 if (!ret)
653 goto ok;
654 if (rcu && ret == -ECHILD)
655 return ret;
656
657 if (capable(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH))
658 goto ok;
659
660 return ret;
661 ok:
662 return security_inode_exec_permission(inode, rcu);
663 }
664
665 static int exec_permission(struct inode *inode)
666 {
667 return __exec_permission(inode, 0);
668 }
669
670 static int exec_permission_rcu(struct inode *inode)
671 {
672 return __exec_permission(inode, 1);
673 }
674
675 static __always_inline void set_root(struct nameidata *nd)
676 {
677 if (!nd->root.mnt)
678 get_fs_root(current->fs, &nd->root);
679 }
680
681 static int link_path_walk(const char *, struct nameidata *);
682
683 static __always_inline void set_root_rcu(struct nameidata *nd)
684 {
685 if (!nd->root.mnt) {
686 struct fs_struct *fs = current->fs;
687 unsigned seq;
688
689 do {
690 seq = read_seqcount_begin(&fs->seq);
691 nd->root = fs->root;
692 } while (read_seqcount_retry(&fs->seq, seq));
693 }
694 }
695
696 static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
697 {
698 int ret;
699
700 if (IS_ERR(link))
701 goto fail;
702
703 if (*link == '/') {
704 set_root(nd);
705 path_put(&nd->path);
706 nd->path = nd->root;
707 path_get(&nd->root);
708 }
709 nd->inode = nd->path.dentry->d_inode;
710
711 ret = link_path_walk(link, nd);
712 return ret;
713 fail:
714 path_put(&nd->path);
715 return PTR_ERR(link);
716 }
717
718 static void path_put_conditional(struct path *path, struct nameidata *nd)
719 {
720 dput(path->dentry);
721 if (path->mnt != nd->path.mnt)
722 mntput(path->mnt);
723 }
724
725 static inline void path_to_nameidata(struct path *path, struct nameidata *nd)
726 {
727 if (!(nd->flags & LOOKUP_RCU)) {
728 dput(nd->path.dentry);
729 if (nd->path.mnt != path->mnt)
730 mntput(nd->path.mnt);
731 }
732 nd->path.mnt = path->mnt;
733 nd->path.dentry = path->dentry;
734 }
735
736 static __always_inline int
737 __do_follow_link(struct path *path, struct nameidata *nd, void **p)
738 {
739 int error;
740 struct dentry *dentry = path->dentry;
741
742 touch_atime(path->mnt, dentry);
743 nd_set_link(nd, NULL);
744
745 if (path->mnt != nd->path.mnt) {
746 path_to_nameidata(path, nd);
747 nd->inode = nd->path.dentry->d_inode;
748 dget(dentry);
749 }
750 mntget(path->mnt);
751
752 nd->last_type = LAST_BIND;
753 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
754 error = PTR_ERR(*p);
755 if (!IS_ERR(*p)) {
756 char *s = nd_get_link(nd);
757 error = 0;
758 if (s)
759 error = __vfs_follow_link(nd, s);
760 else if (nd->last_type == LAST_BIND) {
761 error = force_reval_path(&nd->path, nd);
762 if (error)
763 path_put(&nd->path);
764 }
765 }
766 return error;
767 }
768
769 /*
770 * This limits recursive symlink follows to 8, while
771 * limiting consecutive symlinks to 40.
772 *
773 * Without that kind of total limit, nasty chains of consecutive
774 * symlinks can cause almost arbitrarily long lookups.
775 */
776 static inline int do_follow_link(struct path *path, struct nameidata *nd)
777 {
778 void *cookie;
779 int err = -ELOOP;
780 if (current->link_count >= MAX_NESTED_LINKS)
781 goto loop;
782 if (current->total_link_count >= 40)
783 goto loop;
784 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
785 cond_resched();
786 err = security_inode_follow_link(path->dentry, nd);
787 if (err)
788 goto loop;
789 current->link_count++;
790 current->total_link_count++;
791 nd->depth++;
792 err = __do_follow_link(path, nd, &cookie);
793 if (!IS_ERR(cookie) && path->dentry->d_inode->i_op->put_link)
794 path->dentry->d_inode->i_op->put_link(path->dentry, nd, cookie);
795 path_put(path);
796 current->link_count--;
797 nd->depth--;
798 return err;
799 loop:
800 path_put_conditional(path, nd);
801 path_put(&nd->path);
802 return err;
803 }
804
805 static int follow_up_rcu(struct path *path)
806 {
807 struct vfsmount *parent;
808 struct dentry *mountpoint;
809
810 parent = path->mnt->mnt_parent;
811 if (parent == path->mnt)
812 return 0;
813 mountpoint = path->mnt->mnt_mountpoint;
814 path->dentry = mountpoint;
815 path->mnt = parent;
816 return 1;
817 }
818
819 int follow_up(struct path *path)
820 {
821 struct vfsmount *parent;
822 struct dentry *mountpoint;
823
824 br_read_lock(vfsmount_lock);
825 parent = path->mnt->mnt_parent;
826 if (parent == path->mnt) {
827 br_read_unlock(vfsmount_lock);
828 return 0;
829 }
830 mntget(parent);
831 mountpoint = dget(path->mnt->mnt_mountpoint);
832 br_read_unlock(vfsmount_lock);
833 dput(path->dentry);
834 path->dentry = mountpoint;
835 mntput(path->mnt);
836 path->mnt = parent;
837 return 1;
838 }
839
840 /*
841 * serialization is taken care of in namespace.c
842 */
843 static void __follow_mount_rcu(struct nameidata *nd, struct path *path,
844 struct inode **inode)
845 {
846 while (d_mountpoint(path->dentry)) {
847 struct vfsmount *mounted;
848 mounted = __lookup_mnt(path->mnt, path->dentry, 1);
849 if (!mounted)
850 return;
851 path->mnt = mounted;
852 path->dentry = mounted->mnt_root;
853 nd->seq = read_seqcount_begin(&path->dentry->d_seq);
854 *inode = path->dentry->d_inode;
855 }
856 }
857
858 static int __follow_mount(struct path *path)
859 {
860 int res = 0;
861 while (d_mountpoint(path->dentry)) {
862 struct vfsmount *mounted = lookup_mnt(path);
863 if (!mounted)
864 break;
865 dput(path->dentry);
866 if (res)
867 mntput(path->mnt);
868 path->mnt = mounted;
869 path->dentry = dget(mounted->mnt_root);
870 res = 1;
871 }
872 return res;
873 }
874
875 static void follow_mount(struct path *path)
876 {
877 while (d_mountpoint(path->dentry)) {
878 struct vfsmount *mounted = lookup_mnt(path);
879 if (!mounted)
880 break;
881 dput(path->dentry);
882 mntput(path->mnt);
883 path->mnt = mounted;
884 path->dentry = dget(mounted->mnt_root);
885 }
886 }
887
888 int follow_down(struct path *path)
889 {
890 struct vfsmount *mounted;
891
892 mounted = lookup_mnt(path);
893 if (mounted) {
894 dput(path->dentry);
895 mntput(path->mnt);
896 path->mnt = mounted;
897 path->dentry = dget(mounted->mnt_root);
898 return 1;
899 }
900 return 0;
901 }
902
903 static int follow_dotdot_rcu(struct nameidata *nd)
904 {
905 struct inode *inode = nd->inode;
906
907 set_root_rcu(nd);
908
909 while(1) {
910 if (nd->path.dentry == nd->root.dentry &&
911 nd->path.mnt == nd->root.mnt) {
912 break;
913 }
914 if (nd->path.dentry != nd->path.mnt->mnt_root) {
915 struct dentry *old = nd->path.dentry;
916 struct dentry *parent = old->d_parent;
917 unsigned seq;
918
919 seq = read_seqcount_begin(&parent->d_seq);
920 if (read_seqcount_retry(&old->d_seq, nd->seq))
921 return -ECHILD;
922 inode = parent->d_inode;
923 nd->path.dentry = parent;
924 nd->seq = seq;
925 break;
926 }
927 if (!follow_up_rcu(&nd->path))
928 break;
929 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
930 inode = nd->path.dentry->d_inode;
931 }
932 __follow_mount_rcu(nd, &nd->path, &inode);
933 nd->inode = inode;
934
935 return 0;
936 }
937
938 static void follow_dotdot(struct nameidata *nd)
939 {
940 set_root(nd);
941
942 while(1) {
943 struct dentry *old = nd->path.dentry;
944
945 if (nd->path.dentry == nd->root.dentry &&
946 nd->path.mnt == nd->root.mnt) {
947 break;
948 }
949 if (nd->path.dentry != nd->path.mnt->mnt_root) {
950 /* rare case of legitimate dget_parent()... */
951 nd->path.dentry = dget_parent(nd->path.dentry);
952 dput(old);
953 break;
954 }
955 if (!follow_up(&nd->path))
956 break;
957 }
958 follow_mount(&nd->path);
959 nd->inode = nd->path.dentry->d_inode;
960 }
961
962 /*
963 * Allocate a dentry with name and parent, and perform a parent
964 * directory ->lookup on it. Returns the new dentry, or ERR_PTR
965 * on error. parent->d_inode->i_mutex must be held. d_lookup must
966 * have verified that no child exists while under i_mutex.
967 */
968 static struct dentry *d_alloc_and_lookup(struct dentry *parent,
969 struct qstr *name, struct nameidata *nd)
970 {
971 struct inode *inode = parent->d_inode;
972 struct dentry *dentry;
973 struct dentry *old;
974
975 /* Don't create child dentry for a dead directory. */
976 if (unlikely(IS_DEADDIR(inode)))
977 return ERR_PTR(-ENOENT);
978
979 dentry = d_alloc(parent, name);
980 if (unlikely(!dentry))
981 return ERR_PTR(-ENOMEM);
982
983 old = inode->i_op->lookup(inode, dentry, nd);
984 if (unlikely(old)) {
985 dput(dentry);
986 dentry = old;
987 }
988 return dentry;
989 }
990
991 /*
992 * It's more convoluted than I'd like it to be, but... it's still fairly
993 * small and for now I'd prefer to have fast path as straight as possible.
994 * It _is_ time-critical.
995 */
996 static int do_lookup(struct nameidata *nd, struct qstr *name,
997 struct path *path, struct inode **inode)
998 {
999 struct vfsmount *mnt = nd->path.mnt;
1000 struct dentry *dentry, *parent = nd->path.dentry;
1001 struct inode *dir;
1002 /*
1003 * See if the low-level filesystem might want
1004 * to use its own hash..
1005 */
1006 if (parent->d_op && parent->d_op->d_hash) {
1007 int err = parent->d_op->d_hash(parent, nd->inode, name);
1008 if (err < 0)
1009 return err;
1010 }
1011
1012 /*
1013 * Rename seqlock is not required here because in the off chance
1014 * of a false negative due to a concurrent rename, we're going to
1015 * do the non-racy lookup, below.
1016 */
1017 if (nd->flags & LOOKUP_RCU) {
1018 unsigned seq;
1019
1020 *inode = nd->inode;
1021 dentry = __d_lookup_rcu(parent, name, &seq, inode);
1022 if (!dentry) {
1023 if (nameidata_drop_rcu(nd))
1024 return -ECHILD;
1025 goto need_lookup;
1026 }
1027 /* Memory barrier in read_seqcount_begin of child is enough */
1028 if (__read_seqcount_retry(&parent->d_seq, nd->seq))
1029 return -ECHILD;
1030
1031 nd->seq = seq;
1032 if (dentry->d_op && dentry->d_op->d_revalidate) {
1033 /* We commonly drop rcu-walk here */
1034 if (nameidata_dentry_drop_rcu(nd, dentry))
1035 return -ECHILD;
1036 goto need_revalidate;
1037 }
1038 path->mnt = mnt;
1039 path->dentry = dentry;
1040 __follow_mount_rcu(nd, path, inode);
1041 } else {
1042 dentry = __d_lookup(parent, name);
1043 if (!dentry)
1044 goto need_lookup;
1045 found:
1046 if (dentry->d_op && dentry->d_op->d_revalidate)
1047 goto need_revalidate;
1048 done:
1049 path->mnt = mnt;
1050 path->dentry = dentry;
1051 __follow_mount(path);
1052 *inode = path->dentry->d_inode;
1053 }
1054 return 0;
1055
1056 need_lookup:
1057 dir = parent->d_inode;
1058 BUG_ON(nd->inode != dir);
1059
1060 mutex_lock(&dir->i_mutex);
1061 /*
1062 * First re-do the cached lookup just in case it was created
1063 * while we waited for the directory semaphore, or the first
1064 * lookup failed due to an unrelated rename.
1065 *
1066 * This could use version numbering or similar to avoid unnecessary
1067 * cache lookups, but then we'd have to do the first lookup in the
1068 * non-racy way. However in the common case here, everything should
1069 * be hot in cache, so would it be a big win?
1070 */
1071 dentry = d_lookup(parent, name);
1072 if (likely(!dentry)) {
1073 dentry = d_alloc_and_lookup(parent, name, nd);
1074 mutex_unlock(&dir->i_mutex);
1075 if (IS_ERR(dentry))
1076 goto fail;
1077 goto done;
1078 }
1079 /*
1080 * Uhhuh! Nasty case: the cache was re-populated while
1081 * we waited on the semaphore. Need to revalidate.
1082 */
1083 mutex_unlock(&dir->i_mutex);
1084 goto found;
1085
1086 need_revalidate:
1087 dentry = do_revalidate(dentry, nd);
1088 if (!dentry)
1089 goto need_lookup;
1090 if (IS_ERR(dentry))
1091 goto fail;
1092 goto done;
1093
1094 fail:
1095 return PTR_ERR(dentry);
1096 }
1097
1098 /*
1099 * This is a temporary kludge to deal with "automount" symlinks; proper
1100 * solution is to trigger them on follow_mount(), so that do_lookup()
1101 * would DTRT. To be killed before 2.6.34-final.
1102 */
1103 static inline int follow_on_final(struct inode *inode, unsigned lookup_flags)
1104 {
1105 return inode && unlikely(inode->i_op->follow_link) &&
1106 ((lookup_flags & LOOKUP_FOLLOW) || S_ISDIR(inode->i_mode));
1107 }
1108
1109 /*
1110 * Name resolution.
1111 * This is the basic name resolution function, turning a pathname into
1112 * the final dentry. We expect 'base' to be positive and a directory.
1113 *
1114 * Returns 0 and nd will have valid dentry and mnt on success.
1115 * Returns error and drops reference to input namei data on failure.
1116 */
1117 static int link_path_walk(const char *name, struct nameidata *nd)
1118 {
1119 struct path next;
1120 int err;
1121 unsigned int lookup_flags = nd->flags;
1122
1123 while (*name=='/')
1124 name++;
1125 if (!*name)
1126 goto return_reval;
1127
1128 if (nd->depth)
1129 lookup_flags = LOOKUP_FOLLOW | (nd->flags & LOOKUP_CONTINUE);
1130
1131 /* At this point we know we have a real path component. */
1132 for(;;) {
1133 struct inode *inode;
1134 unsigned long hash;
1135 struct qstr this;
1136 unsigned int c;
1137
1138 nd->flags |= LOOKUP_CONTINUE;
1139 if (nd->flags & LOOKUP_RCU) {
1140 err = exec_permission_rcu(nd->inode);
1141 if (err == -ECHILD) {
1142 if (nameidata_drop_rcu(nd))
1143 return -ECHILD;
1144 goto exec_again;
1145 }
1146 } else {
1147 exec_again:
1148 err = exec_permission(nd->inode);
1149 }
1150 if (err)
1151 break;
1152
1153 this.name = name;
1154 c = *(const unsigned char *)name;
1155
1156 hash = init_name_hash();
1157 do {
1158 name++;
1159 hash = partial_name_hash(c, hash);
1160 c = *(const unsigned char *)name;
1161 } while (c && (c != '/'));
1162 this.len = name - (const char *) this.name;
1163 this.hash = end_name_hash(hash);
1164
1165 /* remove trailing slashes? */
1166 if (!c)
1167 goto last_component;
1168 while (*++name == '/');
1169 if (!*name)
1170 goto last_with_slashes;
1171
1172 /*
1173 * "." and ".." are special - ".." especially so because it has
1174 * to be able to know about the current root directory and
1175 * parent relationships.
1176 */
1177 if (this.name[0] == '.') switch (this.len) {
1178 default:
1179 break;
1180 case 2:
1181 if (this.name[1] != '.')
1182 break;
1183 if (nd->flags & LOOKUP_RCU) {
1184 if (follow_dotdot_rcu(nd))
1185 return -ECHILD;
1186 } else
1187 follow_dotdot(nd);
1188 /* fallthrough */
1189 case 1:
1190 continue;
1191 }
1192 /* This does the actual lookups.. */
1193 err = do_lookup(nd, &this, &next, &inode);
1194 if (err)
1195 break;
1196 err = -ENOENT;
1197 if (!inode)
1198 goto out_dput;
1199
1200 if (inode->i_op->follow_link) {
1201 /* We commonly drop rcu-walk here */
1202 if (nameidata_dentry_drop_rcu_maybe(nd, next.dentry))
1203 return -ECHILD;
1204 BUG_ON(inode != next.dentry->d_inode);
1205 err = do_follow_link(&next, nd);
1206 if (err)
1207 goto return_err;
1208 nd->inode = nd->path.dentry->d_inode;
1209 err = -ENOENT;
1210 if (!nd->inode)
1211 break;
1212 } else {
1213 path_to_nameidata(&next, nd);
1214 nd->inode = inode;
1215 }
1216 err = -ENOTDIR;
1217 if (!nd->inode->i_op->lookup)
1218 break;
1219 continue;
1220 /* here ends the main loop */
1221
1222 last_with_slashes:
1223 lookup_flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
1224 last_component:
1225 /* Clear LOOKUP_CONTINUE iff it was previously unset */
1226 nd->flags &= lookup_flags | ~LOOKUP_CONTINUE;
1227 if (lookup_flags & LOOKUP_PARENT)
1228 goto lookup_parent;
1229 if (this.name[0] == '.') switch (this.len) {
1230 default:
1231 break;
1232 case 2:
1233 if (this.name[1] != '.')
1234 break;
1235 if (nd->flags & LOOKUP_RCU) {
1236 if (follow_dotdot_rcu(nd))
1237 return -ECHILD;
1238 } else
1239 follow_dotdot(nd);
1240 /* fallthrough */
1241 case 1:
1242 goto return_reval;
1243 }
1244 err = do_lookup(nd, &this, &next, &inode);
1245 if (err)
1246 break;
1247 if (follow_on_final(inode, lookup_flags)) {
1248 if (nameidata_dentry_drop_rcu_maybe(nd, next.dentry))
1249 return -ECHILD;
1250 BUG_ON(inode != next.dentry->d_inode);
1251 err = do_follow_link(&next, nd);
1252 if (err)
1253 goto return_err;
1254 nd->inode = nd->path.dentry->d_inode;
1255 } else {
1256 path_to_nameidata(&next, nd);
1257 nd->inode = inode;
1258 }
1259 err = -ENOENT;
1260 if (!nd->inode)
1261 break;
1262 if (lookup_flags & LOOKUP_DIRECTORY) {
1263 err = -ENOTDIR;
1264 if (!nd->inode->i_op->lookup)
1265 break;
1266 }
1267 goto return_base;
1268 lookup_parent:
1269 nd->last = this;
1270 nd->last_type = LAST_NORM;
1271 if (this.name[0] != '.')
1272 goto return_base;
1273 if (this.len == 1)
1274 nd->last_type = LAST_DOT;
1275 else if (this.len == 2 && this.name[1] == '.')
1276 nd->last_type = LAST_DOTDOT;
1277 else
1278 goto return_base;
1279 return_reval:
1280 /*
1281 * We bypassed the ordinary revalidation routines.
1282 * We may need to check the cached dentry for staleness.
1283 */
1284 if (nd->path.dentry && nd->path.dentry->d_sb &&
1285 (nd->path.dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)) {
1286 if (nameidata_drop_rcu_maybe(nd))
1287 return -ECHILD;
1288 err = -ESTALE;
1289 /* Note: we do not d_invalidate() */
1290 if (!nd->path.dentry->d_op->d_revalidate(
1291 nd->path.dentry, nd))
1292 break;
1293 }
1294 return_base:
1295 if (nameidata_drop_rcu_last_maybe(nd))
1296 return -ECHILD;
1297 return 0;
1298 out_dput:
1299 if (!(nd->flags & LOOKUP_RCU))
1300 path_put_conditional(&next, nd);
1301 break;
1302 }
1303 if (!(nd->flags & LOOKUP_RCU))
1304 path_put(&nd->path);
1305 return_err:
1306 return err;
1307 }
1308
1309 static inline int path_walk_rcu(const char *name, struct nameidata *nd)
1310 {
1311 current->total_link_count = 0;
1312
1313 return link_path_walk(name, nd);
1314 }
1315
1316 static inline int path_walk_simple(const char *name, struct nameidata *nd)
1317 {
1318 current->total_link_count = 0;
1319
1320 return link_path_walk(name, nd);
1321 }
1322
1323 static int path_walk(const char *name, struct nameidata *nd)
1324 {
1325 struct path save = nd->path;
1326 int result;
1327
1328 current->total_link_count = 0;
1329
1330 /* make sure the stuff we saved doesn't go away */
1331 path_get(&save);
1332
1333 result = link_path_walk(name, nd);
1334 if (result == -ESTALE) {
1335 /* nd->path had been dropped */
1336 current->total_link_count = 0;
1337 nd->path = save;
1338 path_get(&nd->path);
1339 nd->flags |= LOOKUP_REVAL;
1340 result = link_path_walk(name, nd);
1341 }
1342
1343 path_put(&save);
1344
1345 return result;
1346 }
1347
1348 static void path_finish_rcu(struct nameidata *nd)
1349 {
1350 if (nd->flags & LOOKUP_RCU) {
1351 /* RCU dangling. Cancel it. */
1352 nd->flags &= ~LOOKUP_RCU;
1353 nd->root.mnt = NULL;
1354 rcu_read_unlock();
1355 br_read_unlock(vfsmount_lock);
1356 }
1357 if (nd->file)
1358 fput(nd->file);
1359 }
1360
1361 static int path_init_rcu(int dfd, const char *name, unsigned int flags, struct nameidata *nd)
1362 {
1363 int retval = 0;
1364 int fput_needed;
1365 struct file *file;
1366
1367 nd->last_type = LAST_ROOT; /* if there are only slashes... */
1368 nd->flags = flags | LOOKUP_RCU;
1369 nd->depth = 0;
1370 nd->root.mnt = NULL;
1371 nd->file = NULL;
1372
1373 if (*name=='/') {
1374 struct fs_struct *fs = current->fs;
1375 unsigned seq;
1376
1377 br_read_lock(vfsmount_lock);
1378 rcu_read_lock();
1379
1380 do {
1381 seq = read_seqcount_begin(&fs->seq);
1382 nd->root = fs->root;
1383 nd->path = nd->root;
1384 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1385 } while (read_seqcount_retry(&fs->seq, seq));
1386
1387 } else if (dfd == AT_FDCWD) {
1388 struct fs_struct *fs = current->fs;
1389 unsigned seq;
1390
1391 br_read_lock(vfsmount_lock);
1392 rcu_read_lock();
1393
1394 do {
1395 seq = read_seqcount_begin(&fs->seq);
1396 nd->path = fs->pwd;
1397 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1398 } while (read_seqcount_retry(&fs->seq, seq));
1399
1400 } else {
1401 struct dentry *dentry;
1402
1403 file = fget_light(dfd, &fput_needed);
1404 retval = -EBADF;
1405 if (!file)
1406 goto out_fail;
1407
1408 dentry = file->f_path.dentry;
1409
1410 retval = -ENOTDIR;
1411 if (!S_ISDIR(dentry->d_inode->i_mode))
1412 goto fput_fail;
1413
1414 retval = file_permission(file, MAY_EXEC);
1415 if (retval)
1416 goto fput_fail;
1417
1418 nd->path = file->f_path;
1419 if (fput_needed)
1420 nd->file = file;
1421
1422 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1423 br_read_lock(vfsmount_lock);
1424 rcu_read_lock();
1425 }
1426 nd->inode = nd->path.dentry->d_inode;
1427 return 0;
1428
1429 fput_fail:
1430 fput_light(file, fput_needed);
1431 out_fail:
1432 return retval;
1433 }
1434
1435 static int path_init(int dfd, const char *name, unsigned int flags, struct nameidata *nd)
1436 {
1437 int retval = 0;
1438 int fput_needed;
1439 struct file *file;
1440
1441 nd->last_type = LAST_ROOT; /* if there are only slashes... */
1442 nd->flags = flags;
1443 nd->depth = 0;
1444 nd->root.mnt = NULL;
1445
1446 if (*name=='/') {
1447 set_root(nd);
1448 nd->path = nd->root;
1449 path_get(&nd->root);
1450 } else if (dfd == AT_FDCWD) {
1451 get_fs_pwd(current->fs, &nd->path);
1452 } else {
1453 struct dentry *dentry;
1454
1455 file = fget_light(dfd, &fput_needed);
1456 retval = -EBADF;
1457 if (!file)
1458 goto out_fail;
1459
1460 dentry = file->f_path.dentry;
1461
1462 retval = -ENOTDIR;
1463 if (!S_ISDIR(dentry->d_inode->i_mode))
1464 goto fput_fail;
1465
1466 retval = file_permission(file, MAY_EXEC);
1467 if (retval)
1468 goto fput_fail;
1469
1470 nd->path = file->f_path;
1471 path_get(&file->f_path);
1472
1473 fput_light(file, fput_needed);
1474 }
1475 nd->inode = nd->path.dentry->d_inode;
1476 return 0;
1477
1478 fput_fail:
1479 fput_light(file, fput_needed);
1480 out_fail:
1481 return retval;
1482 }
1483
1484 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
1485 static int do_path_lookup(int dfd, const char *name,
1486 unsigned int flags, struct nameidata *nd)
1487 {
1488 int retval;
1489
1490 /*
1491 * Path walking is largely split up into 2 different synchronisation
1492 * schemes, rcu-walk and ref-walk (explained in
1493 * Documentation/filesystems/path-lookup.txt). These share much of the
1494 * path walk code, but some things particularly setup, cleanup, and
1495 * following mounts are sufficiently divergent that functions are
1496 * duplicated. Typically there is a function foo(), and its RCU
1497 * analogue, foo_rcu().
1498 *
1499 * -ECHILD is the error number of choice (just to avoid clashes) that
1500 * is returned if some aspect of an rcu-walk fails. Such an error must
1501 * be handled by restarting a traditional ref-walk (which will always
1502 * be able to complete).
1503 */
1504 retval = path_init_rcu(dfd, name, flags, nd);
1505 if (unlikely(retval))
1506 return retval;
1507 retval = path_walk_rcu(name, nd);
1508 path_finish_rcu(nd);
1509 if (nd->root.mnt) {
1510 path_put(&nd->root);
1511 nd->root.mnt = NULL;
1512 }
1513
1514 if (unlikely(retval == -ECHILD || retval == -ESTALE)) {
1515 /* slower, locked walk */
1516 if (retval == -ESTALE)
1517 flags |= LOOKUP_REVAL;
1518 retval = path_init(dfd, name, flags, nd);
1519 if (unlikely(retval))
1520 return retval;
1521 retval = path_walk(name, nd);
1522 if (nd->root.mnt) {
1523 path_put(&nd->root);
1524 nd->root.mnt = NULL;
1525 }
1526 }
1527
1528 if (likely(!retval)) {
1529 if (unlikely(!audit_dummy_context())) {
1530 if (nd->path.dentry && nd->inode)
1531 audit_inode(name, nd->path.dentry);
1532 }
1533 }
1534
1535 return retval;
1536 }
1537
1538 int path_lookup(const char *name, unsigned int flags,
1539 struct nameidata *nd)
1540 {
1541 return do_path_lookup(AT_FDCWD, name, flags, nd);
1542 }
1543
1544 int kern_path(const char *name, unsigned int flags, struct path *path)
1545 {
1546 struct nameidata nd;
1547 int res = do_path_lookup(AT_FDCWD, name, flags, &nd);
1548 if (!res)
1549 *path = nd.path;
1550 return res;
1551 }
1552
1553 /**
1554 * vfs_path_lookup - lookup a file path relative to a dentry-vfsmount pair
1555 * @dentry: pointer to dentry of the base directory
1556 * @mnt: pointer to vfs mount of the base directory
1557 * @name: pointer to file name
1558 * @flags: lookup flags
1559 * @nd: pointer to nameidata
1560 */
1561 int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1562 const char *name, unsigned int flags,
1563 struct nameidata *nd)
1564 {
1565 int retval;
1566
1567 /* same as do_path_lookup */
1568 nd->last_type = LAST_ROOT;
1569 nd->flags = flags;
1570 nd->depth = 0;
1571
1572 nd->path.dentry = dentry;
1573 nd->path.mnt = mnt;
1574 path_get(&nd->path);
1575 nd->root = nd->path;
1576 path_get(&nd->root);
1577 nd->inode = nd->path.dentry->d_inode;
1578
1579 retval = path_walk(name, nd);
1580 if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&
1581 nd->inode))
1582 audit_inode(name, nd->path.dentry);
1583
1584 path_put(&nd->root);
1585 nd->root.mnt = NULL;
1586
1587 return retval;
1588 }
1589
1590 static struct dentry *__lookup_hash(struct qstr *name,
1591 struct dentry *base, struct nameidata *nd)
1592 {
1593 struct inode *inode = base->d_inode;
1594 struct dentry *dentry;
1595 int err;
1596
1597 err = exec_permission(inode);
1598 if (err)
1599 return ERR_PTR(err);
1600
1601 /*
1602 * See if the low-level filesystem might want
1603 * to use its own hash..
1604 */
1605 if (base->d_op && base->d_op->d_hash) {
1606 err = base->d_op->d_hash(base, inode, name);
1607 dentry = ERR_PTR(err);
1608 if (err < 0)
1609 goto out;
1610 }
1611
1612 /*
1613 * Don't bother with __d_lookup: callers are for creat as
1614 * well as unlink, so a lot of the time it would cost
1615 * a double lookup.
1616 */
1617 dentry = d_lookup(base, name);
1618
1619 if (dentry && dentry->d_op && dentry->d_op->d_revalidate)
1620 dentry = do_revalidate(dentry, nd);
1621
1622 if (!dentry)
1623 dentry = d_alloc_and_lookup(base, name, nd);
1624 out:
1625 return dentry;
1626 }
1627
1628 /*
1629 * Restricted form of lookup. Doesn't follow links, single-component only,
1630 * needs parent already locked. Doesn't follow mounts.
1631 * SMP-safe.
1632 */
1633 static struct dentry *lookup_hash(struct nameidata *nd)
1634 {
1635 return __lookup_hash(&nd->last, nd->path.dentry, nd);
1636 }
1637
1638 static int __lookup_one_len(const char *name, struct qstr *this,
1639 struct dentry *base, int len)
1640 {
1641 unsigned long hash;
1642 unsigned int c;
1643
1644 this->name = name;
1645 this->len = len;
1646 if (!len)
1647 return -EACCES;
1648
1649 hash = init_name_hash();
1650 while (len--) {
1651 c = *(const unsigned char *)name++;
1652 if (c == '/' || c == '\0')
1653 return -EACCES;
1654 hash = partial_name_hash(c, hash);
1655 }
1656 this->hash = end_name_hash(hash);
1657 return 0;
1658 }
1659
1660 /**
1661 * lookup_one_len - filesystem helper to lookup single pathname component
1662 * @name: pathname component to lookup
1663 * @base: base directory to lookup from
1664 * @len: maximum length @len should be interpreted to
1665 *
1666 * Note that this routine is purely a helper for filesystem usage and should
1667 * not be called by generic code. Also note that by using this function the
1668 * nameidata argument is passed to the filesystem methods and a filesystem
1669 * using this helper needs to be prepared for that.
1670 */
1671 struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1672 {
1673 int err;
1674 struct qstr this;
1675
1676 WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex));
1677
1678 err = __lookup_one_len(name, &this, base, len);
1679 if (err)
1680 return ERR_PTR(err);
1681
1682 return __lookup_hash(&this, base, NULL);
1683 }
1684
1685 int user_path_at(int dfd, const char __user *name, unsigned flags,
1686 struct path *path)
1687 {
1688 struct nameidata nd;
1689 char *tmp = getname(name);
1690 int err = PTR_ERR(tmp);
1691 if (!IS_ERR(tmp)) {
1692
1693 BUG_ON(flags & LOOKUP_PARENT);
1694
1695 err = do_path_lookup(dfd, tmp, flags, &nd);
1696 putname(tmp);
1697 if (!err)
1698 *path = nd.path;
1699 }
1700 return err;
1701 }
1702
1703 static int user_path_parent(int dfd, const char __user *path,
1704 struct nameidata *nd, char **name)
1705 {
1706 char *s = getname(path);
1707 int error;
1708
1709 if (IS_ERR(s))
1710 return PTR_ERR(s);
1711
1712 error = do_path_lookup(dfd, s, LOOKUP_PARENT, nd);
1713 if (error)
1714 putname(s);
1715 else
1716 *name = s;
1717
1718 return error;
1719 }
1720
1721 /*
1722 * It's inline, so penalty for filesystems that don't use sticky bit is
1723 * minimal.
1724 */
1725 static inline int check_sticky(struct inode *dir, struct inode *inode)
1726 {
1727 uid_t fsuid = current_fsuid();
1728
1729 if (!(dir->i_mode & S_ISVTX))
1730 return 0;
1731 if (inode->i_uid == fsuid)
1732 return 0;
1733 if (dir->i_uid == fsuid)
1734 return 0;
1735 return !capable(CAP_FOWNER);
1736 }
1737
1738 /*
1739 * Check whether we can remove a link victim from directory dir, check
1740 * whether the type of victim is right.
1741 * 1. We can't do it if dir is read-only (done in permission())
1742 * 2. We should have write and exec permissions on dir
1743 * 3. We can't remove anything from append-only dir
1744 * 4. We can't do anything with immutable dir (done in permission())
1745 * 5. If the sticky bit on dir is set we should either
1746 * a. be owner of dir, or
1747 * b. be owner of victim, or
1748 * c. have CAP_FOWNER capability
1749 * 6. If the victim is append-only or immutable we can't do antyhing with
1750 * links pointing to it.
1751 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
1752 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
1753 * 9. We can't remove a root or mountpoint.
1754 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
1755 * nfs_async_unlink().
1756 */
1757 static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1758 {
1759 int error;
1760
1761 if (!victim->d_inode)
1762 return -ENOENT;
1763
1764 BUG_ON(victim->d_parent->d_inode != dir);
1765 audit_inode_child(victim, dir);
1766
1767 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
1768 if (error)
1769 return error;
1770 if (IS_APPEND(dir))
1771 return -EPERM;
1772 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1773 IS_IMMUTABLE(victim->d_inode) || IS_SWAPFILE(victim->d_inode))
1774 return -EPERM;
1775 if (isdir) {
1776 if (!S_ISDIR(victim->d_inode->i_mode))
1777 return -ENOTDIR;
1778 if (IS_ROOT(victim))
1779 return -EBUSY;
1780 } else if (S_ISDIR(victim->d_inode->i_mode))
1781 return -EISDIR;
1782 if (IS_DEADDIR(dir))
1783 return -ENOENT;
1784 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1785 return -EBUSY;
1786 return 0;
1787 }
1788
1789 /* Check whether we can create an object with dentry child in directory
1790 * dir.
1791 * 1. We can't do it if child already exists (open has special treatment for
1792 * this case, but since we are inlined it's OK)
1793 * 2. We can't do it if dir is read-only (done in permission())
1794 * 3. We should have write and exec permissions on dir
1795 * 4. We can't do it if dir is immutable (done in permission())
1796 */
1797 static inline int may_create(struct inode *dir, struct dentry *child)
1798 {
1799 if (child->d_inode)
1800 return -EEXIST;
1801 if (IS_DEADDIR(dir))
1802 return -ENOENT;
1803 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
1804 }
1805
1806 /*
1807 * p1 and p2 should be directories on the same fs.
1808 */
1809 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1810 {
1811 struct dentry *p;
1812
1813 if (p1 == p2) {
1814 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1815 return NULL;
1816 }
1817
1818 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1819
1820 p = d_ancestor(p2, p1);
1821 if (p) {
1822 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT);
1823 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD);
1824 return p;
1825 }
1826
1827 p = d_ancestor(p1, p2);
1828 if (p) {
1829 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1830 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1831 return p;
1832 }
1833
1834 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1835 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1836 return NULL;
1837 }
1838
1839 void unlock_rename(struct dentry *p1, struct dentry *p2)
1840 {
1841 mutex_unlock(&p1->d_inode->i_mutex);
1842 if (p1 != p2) {
1843 mutex_unlock(&p2->d_inode->i_mutex);
1844 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1845 }
1846 }
1847
1848 int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1849 struct nameidata *nd)
1850 {
1851 int error = may_create(dir, dentry);
1852
1853 if (error)
1854 return error;
1855
1856 if (!dir->i_op->create)
1857 return -EACCES; /* shouldn't it be ENOSYS? */
1858 mode &= S_IALLUGO;
1859 mode |= S_IFREG;
1860 error = security_inode_create(dir, dentry, mode);
1861 if (error)
1862 return error;
1863 error = dir->i_op->create(dir, dentry, mode, nd);
1864 if (!error)
1865 fsnotify_create(dir, dentry);
1866 return error;
1867 }
1868
1869 int may_open(struct path *path, int acc_mode, int flag)
1870 {
1871 struct dentry *dentry = path->dentry;
1872 struct inode *inode = dentry->d_inode;
1873 int error;
1874
1875 if (!inode)
1876 return -ENOENT;
1877
1878 switch (inode->i_mode & S_IFMT) {
1879 case S_IFLNK:
1880 return -ELOOP;
1881 case S_IFDIR:
1882 if (acc_mode & MAY_WRITE)
1883 return -EISDIR;
1884 break;
1885 case S_IFBLK:
1886 case S_IFCHR:
1887 if (path->mnt->mnt_flags & MNT_NODEV)
1888 return -EACCES;
1889 /*FALLTHRU*/
1890 case S_IFIFO:
1891 case S_IFSOCK:
1892 flag &= ~O_TRUNC;
1893 break;
1894 }
1895
1896 error = inode_permission(inode, acc_mode);
1897 if (error)
1898 return error;
1899
1900 /*
1901 * An append-only file must be opened in append mode for writing.
1902 */
1903 if (IS_APPEND(inode)) {
1904 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
1905 return -EPERM;
1906 if (flag & O_TRUNC)
1907 return -EPERM;
1908 }
1909
1910 /* O_NOATIME can only be set by the owner or superuser */
1911 if (flag & O_NOATIME && !is_owner_or_cap(inode))
1912 return -EPERM;
1913
1914 /*
1915 * Ensure there are no outstanding leases on the file.
1916 */
1917 return break_lease(inode, flag);
1918 }
1919
1920 static int handle_truncate(struct path *path)
1921 {
1922 struct inode *inode = path->dentry->d_inode;
1923 int error = get_write_access(inode);
1924 if (error)
1925 return error;
1926 /*
1927 * Refuse to truncate files with mandatory locks held on them.
1928 */
1929 error = locks_verify_locked(inode);
1930 if (!error)
1931 error = security_path_truncate(path);
1932 if (!error) {
1933 error = do_truncate(path->dentry, 0,
1934 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
1935 NULL);
1936 }
1937 put_write_access(inode);
1938 return error;
1939 }
1940
1941 /*
1942 * Be careful about ever adding any more callers of this
1943 * function. Its flags must be in the namei format, not
1944 * what get passed to sys_open().
1945 */
1946 static int __open_namei_create(struct nameidata *nd, struct path *path,
1947 int open_flag, int mode)
1948 {
1949 int error;
1950 struct dentry *dir = nd->path.dentry;
1951
1952 if (!IS_POSIXACL(dir->d_inode))
1953 mode &= ~current_umask();
1954 error = security_path_mknod(&nd->path, path->dentry, mode, 0);
1955 if (error)
1956 goto out_unlock;
1957 error = vfs_create(dir->d_inode, path->dentry, mode, nd);
1958 out_unlock:
1959 mutex_unlock(&dir->d_inode->i_mutex);
1960 dput(nd->path.dentry);
1961 nd->path.dentry = path->dentry;
1962
1963 if (error)
1964 return error;
1965 /* Don't check for write permission, don't truncate */
1966 return may_open(&nd->path, 0, open_flag & ~O_TRUNC);
1967 }
1968
1969 /*
1970 * Note that while the flag value (low two bits) for sys_open means:
1971 * 00 - read-only
1972 * 01 - write-only
1973 * 10 - read-write
1974 * 11 - special
1975 * it is changed into
1976 * 00 - no permissions needed
1977 * 01 - read-permission
1978 * 10 - write-permission
1979 * 11 - read-write
1980 * for the internal routines (ie open_namei()/follow_link() etc)
1981 * This is more logical, and also allows the 00 "no perm needed"
1982 * to be used for symlinks (where the permissions are checked
1983 * later).
1984 *
1985 */
1986 static inline int open_to_namei_flags(int flag)
1987 {
1988 if ((flag+1) & O_ACCMODE)
1989 flag++;
1990 return flag;
1991 }
1992
1993 static int open_will_truncate(int flag, struct inode *inode)
1994 {
1995 /*
1996 * We'll never write to the fs underlying
1997 * a device file.
1998 */
1999 if (special_file(inode->i_mode))
2000 return 0;
2001 return (flag & O_TRUNC);
2002 }
2003
2004 static struct file *finish_open(struct nameidata *nd,
2005 int open_flag, int acc_mode)
2006 {
2007 struct file *filp;
2008 int will_truncate;
2009 int error;
2010
2011 will_truncate = open_will_truncate(open_flag, nd->path.dentry->d_inode);
2012 if (will_truncate) {
2013 error = mnt_want_write(nd->path.mnt);
2014 if (error)
2015 goto exit;
2016 }
2017 error = may_open(&nd->path, acc_mode, open_flag);
2018 if (error) {
2019 if (will_truncate)
2020 mnt_drop_write(nd->path.mnt);
2021 goto exit;
2022 }
2023 filp = nameidata_to_filp(nd);
2024 if (!IS_ERR(filp)) {
2025 error = ima_file_check(filp, acc_mode);
2026 if (error) {
2027 fput(filp);
2028 filp = ERR_PTR(error);
2029 }
2030 }
2031 if (!IS_ERR(filp)) {
2032 if (will_truncate) {
2033 error = handle_truncate(&nd->path);
2034 if (error) {
2035 fput(filp);
2036 filp = ERR_PTR(error);
2037 }
2038 }
2039 }
2040 /*
2041 * It is now safe to drop the mnt write
2042 * because the filp has had a write taken
2043 * on its behalf.
2044 */
2045 if (will_truncate)
2046 mnt_drop_write(nd->path.mnt);
2047 path_put(&nd->path);
2048 return filp;
2049
2050 exit:
2051 if (!IS_ERR(nd->intent.open.file))
2052 release_open_intent(nd);
2053 path_put(&nd->path);
2054 return ERR_PTR(error);
2055 }
2056
2057 /*
2058 * Handle O_CREAT case for do_filp_open
2059 */
2060 static struct file *do_last(struct nameidata *nd, struct path *path,
2061 int open_flag, int acc_mode,
2062 int mode, const char *pathname)
2063 {
2064 struct dentry *dir = nd->path.dentry;
2065 struct file *filp;
2066 int error = -EISDIR;
2067
2068 switch (nd->last_type) {
2069 case LAST_DOTDOT:
2070 follow_dotdot(nd);
2071 dir = nd->path.dentry;
2072 case LAST_DOT:
2073 if (nd->path.mnt->mnt_sb->s_type->fs_flags & FS_REVAL_DOT) {
2074 if (!dir->d_op->d_revalidate(dir, nd)) {
2075 error = -ESTALE;
2076 goto exit;
2077 }
2078 }
2079 /* fallthrough */
2080 case LAST_ROOT:
2081 goto exit;
2082 case LAST_BIND:
2083 audit_inode(pathname, dir);
2084 goto ok;
2085 }
2086
2087 /* trailing slashes? */
2088 if (nd->last.name[nd->last.len])
2089 goto exit;
2090
2091 mutex_lock(&dir->d_inode->i_mutex);
2092
2093 path->dentry = lookup_hash(nd);
2094 path->mnt = nd->path.mnt;
2095
2096 error = PTR_ERR(path->dentry);
2097 if (IS_ERR(path->dentry)) {
2098 mutex_unlock(&dir->d_inode->i_mutex);
2099 goto exit;
2100 }
2101
2102 if (IS_ERR(nd->intent.open.file)) {
2103 error = PTR_ERR(nd->intent.open.file);
2104 goto exit_mutex_unlock;
2105 }
2106
2107 /* Negative dentry, just create the file */
2108 if (!path->dentry->d_inode) {
2109 /*
2110 * This write is needed to ensure that a
2111 * ro->rw transition does not occur between
2112 * the time when the file is created and when
2113 * a permanent write count is taken through
2114 * the 'struct file' in nameidata_to_filp().
2115 */
2116 error = mnt_want_write(nd->path.mnt);
2117 if (error)
2118 goto exit_mutex_unlock;
2119 error = __open_namei_create(nd, path, open_flag, mode);
2120 if (error) {
2121 mnt_drop_write(nd->path.mnt);
2122 goto exit;
2123 }
2124 filp = nameidata_to_filp(nd);
2125 mnt_drop_write(nd->path.mnt);
2126 path_put(&nd->path);
2127 if (!IS_ERR(filp)) {
2128 error = ima_file_check(filp, acc_mode);
2129 if (error) {
2130 fput(filp);
2131 filp = ERR_PTR(error);
2132 }
2133 }
2134 return filp;
2135 }
2136
2137 /*
2138 * It already exists.
2139 */
2140 mutex_unlock(&dir->d_inode->i_mutex);
2141 audit_inode(pathname, path->dentry);
2142
2143 error = -EEXIST;
2144 if (open_flag & O_EXCL)
2145 goto exit_dput;
2146
2147 if (__follow_mount(path)) {
2148 error = -ELOOP;
2149 if (open_flag & O_NOFOLLOW)
2150 goto exit_dput;
2151 }
2152
2153 error = -ENOENT;
2154 if (!path->dentry->d_inode)
2155 goto exit_dput;
2156
2157 if (path->dentry->d_inode->i_op->follow_link)
2158 return NULL;
2159
2160 path_to_nameidata(path, nd);
2161 nd->inode = path->dentry->d_inode;
2162 error = -EISDIR;
2163 if (S_ISDIR(nd->inode->i_mode))
2164 goto exit;
2165 ok:
2166 filp = finish_open(nd, open_flag, acc_mode);
2167 return filp;
2168
2169 exit_mutex_unlock:
2170 mutex_unlock(&dir->d_inode->i_mutex);
2171 exit_dput:
2172 path_put_conditional(path, nd);
2173 exit:
2174 if (!IS_ERR(nd->intent.open.file))
2175 release_open_intent(nd);
2176 path_put(&nd->path);
2177 return ERR_PTR(error);
2178 }
2179
2180 /*
2181 * Note that the low bits of the passed in "open_flag"
2182 * are not the same as in the local variable "flag". See
2183 * open_to_namei_flags() for more details.
2184 */
2185 struct file *do_filp_open(int dfd, const char *pathname,
2186 int open_flag, int mode, int acc_mode)
2187 {
2188 struct file *filp;
2189 struct nameidata nd;
2190 int error;
2191 struct path path;
2192 int count = 0;
2193 int flag = open_to_namei_flags(open_flag);
2194 int flags;
2195
2196 if (!(open_flag & O_CREAT))
2197 mode = 0;
2198
2199 /* Must never be set by userspace */
2200 open_flag &= ~FMODE_NONOTIFY;
2201
2202 /*
2203 * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only
2204 * check for O_DSYNC if the need any syncing at all we enforce it's
2205 * always set instead of having to deal with possibly weird behaviour
2206 * for malicious applications setting only __O_SYNC.
2207 */
2208 if (open_flag & __O_SYNC)
2209 open_flag |= O_DSYNC;
2210
2211 if (!acc_mode)
2212 acc_mode = MAY_OPEN | ACC_MODE(open_flag);
2213
2214 /* O_TRUNC implies we need access checks for write permissions */
2215 if (open_flag & O_TRUNC)
2216 acc_mode |= MAY_WRITE;
2217
2218 /* Allow the LSM permission hook to distinguish append
2219 access from general write access. */
2220 if (open_flag & O_APPEND)
2221 acc_mode |= MAY_APPEND;
2222
2223 flags = LOOKUP_OPEN;
2224 if (open_flag & O_CREAT) {
2225 flags |= LOOKUP_CREATE;
2226 if (open_flag & O_EXCL)
2227 flags |= LOOKUP_EXCL;
2228 }
2229 if (open_flag & O_DIRECTORY)
2230 flags |= LOOKUP_DIRECTORY;
2231 if (!(open_flag & O_NOFOLLOW))
2232 flags |= LOOKUP_FOLLOW;
2233
2234 filp = get_empty_filp();
2235 if (!filp)
2236 return ERR_PTR(-ENFILE);
2237
2238 filp->f_flags = open_flag;
2239 nd.intent.open.file = filp;
2240 nd.intent.open.flags = flag;
2241 nd.intent.open.create_mode = mode;
2242
2243 if (open_flag & O_CREAT)
2244 goto creat;
2245
2246 /* !O_CREAT, simple open */
2247 error = do_path_lookup(dfd, pathname, flags, &nd);
2248 if (unlikely(error))
2249 goto out_filp;
2250 error = -ELOOP;
2251 if (!(nd.flags & LOOKUP_FOLLOW)) {
2252 if (nd.inode->i_op->follow_link)
2253 goto out_path;
2254 }
2255 error = -ENOTDIR;
2256 if (nd.flags & LOOKUP_DIRECTORY) {
2257 if (!nd.inode->i_op->lookup)
2258 goto out_path;
2259 }
2260 audit_inode(pathname, nd.path.dentry);
2261 filp = finish_open(&nd, open_flag, acc_mode);
2262 return filp;
2263
2264 creat:
2265 /* OK, have to create the file. Find the parent. */
2266 error = path_init_rcu(dfd, pathname,
2267 LOOKUP_PARENT | (flags & LOOKUP_REVAL), &nd);
2268 if (error)
2269 goto out_filp;
2270 error = path_walk_rcu(pathname, &nd);
2271 path_finish_rcu(&nd);
2272 if (unlikely(error == -ECHILD || error == -ESTALE)) {
2273 /* slower, locked walk */
2274 if (error == -ESTALE) {
2275 reval:
2276 flags |= LOOKUP_REVAL;
2277 }
2278 error = path_init(dfd, pathname,
2279 LOOKUP_PARENT | (flags & LOOKUP_REVAL), &nd);
2280 if (error)
2281 goto out_filp;
2282
2283 error = path_walk_simple(pathname, &nd);
2284 }
2285 if (unlikely(error))
2286 goto out_filp;
2287 if (unlikely(!audit_dummy_context()))
2288 audit_inode(pathname, nd.path.dentry);
2289
2290 /*
2291 * We have the parent and last component.
2292 */
2293 nd.flags = flags;
2294 filp = do_last(&nd, &path, open_flag, acc_mode, mode, pathname);
2295 while (unlikely(!filp)) { /* trailing symlink */
2296 struct path holder;
2297 void *cookie;
2298 error = -ELOOP;
2299 /* S_ISDIR part is a temporary automount kludge */
2300 if (!(nd.flags & LOOKUP_FOLLOW) && !S_ISDIR(nd.inode->i_mode))
2301 goto exit_dput;
2302 if (count++ == 32)
2303 goto exit_dput;
2304 /*
2305 * This is subtle. Instead of calling do_follow_link() we do
2306 * the thing by hands. The reason is that this way we have zero
2307 * link_count and path_walk() (called from ->follow_link)
2308 * honoring LOOKUP_PARENT. After that we have the parent and
2309 * last component, i.e. we are in the same situation as after
2310 * the first path_walk(). Well, almost - if the last component
2311 * is normal we get its copy stored in nd->last.name and we will
2312 * have to putname() it when we are done. Procfs-like symlinks
2313 * just set LAST_BIND.
2314 */
2315 nd.flags |= LOOKUP_PARENT;
2316 error = security_inode_follow_link(path.dentry, &nd);
2317 if (error)
2318 goto exit_dput;
2319 error = __do_follow_link(&path, &nd, &cookie);
2320 if (unlikely(error)) {
2321 if (!IS_ERR(cookie) && nd.inode->i_op->put_link)
2322 nd.inode->i_op->put_link(path.dentry, &nd, cookie);
2323 /* nd.path had been dropped */
2324 nd.path = path;
2325 goto out_path;
2326 }
2327 holder = path;
2328 nd.flags &= ~LOOKUP_PARENT;
2329 filp = do_last(&nd, &path, open_flag, acc_mode, mode, pathname);
2330 if (nd.inode->i_op->put_link)
2331 nd.inode->i_op->put_link(holder.dentry, &nd, cookie);
2332 path_put(&holder);
2333 }
2334 out:
2335 if (nd.root.mnt)
2336 path_put(&nd.root);
2337 if (filp == ERR_PTR(-ESTALE) && !(flags & LOOKUP_REVAL))
2338 goto reval;
2339 return filp;
2340
2341 exit_dput:
2342 path_put_conditional(&path, &nd);
2343 out_path:
2344 path_put(&nd.path);
2345 out_filp:
2346 if (!IS_ERR(nd.intent.open.file))
2347 release_open_intent(&nd);
2348 filp = ERR_PTR(error);
2349 goto out;
2350 }
2351
2352 /**
2353 * filp_open - open file and return file pointer
2354 *
2355 * @filename: path to open
2356 * @flags: open flags as per the open(2) second argument
2357 * @mode: mode for the new file if O_CREAT is set, else ignored
2358 *
2359 * This is the helper to open a file from kernelspace if you really
2360 * have to. But in generally you should not do this, so please move
2361 * along, nothing to see here..
2362 */
2363 struct file *filp_open(const char *filename, int flags, int mode)
2364 {
2365 return do_filp_open(AT_FDCWD, filename, flags, mode, 0);
2366 }
2367 EXPORT_SYMBOL(filp_open);
2368
2369 /**
2370 * lookup_create - lookup a dentry, creating it if it doesn't exist
2371 * @nd: nameidata info
2372 * @is_dir: directory flag
2373 *
2374 * Simple function to lookup and return a dentry and create it
2375 * if it doesn't exist. Is SMP-safe.
2376 *
2377 * Returns with nd->path.dentry->d_inode->i_mutex locked.
2378 */
2379 struct dentry *lookup_create(struct nameidata *nd, int is_dir)
2380 {
2381 struct dentry *dentry = ERR_PTR(-EEXIST);
2382
2383 mutex_lock_nested(&nd->path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2384 /*
2385 * Yucky last component or no last component at all?
2386 * (foo/., foo/.., /////)
2387 */
2388 if (nd->last_type != LAST_NORM)
2389 goto fail;
2390 nd->flags &= ~LOOKUP_PARENT;
2391 nd->flags |= LOOKUP_CREATE | LOOKUP_EXCL;
2392 nd->intent.open.flags = O_EXCL;
2393
2394 /*
2395 * Do the final lookup.
2396 */
2397 dentry = lookup_hash(nd);
2398 if (IS_ERR(dentry))
2399 goto fail;
2400
2401 if (dentry->d_inode)
2402 goto eexist;
2403 /*
2404 * Special case - lookup gave negative, but... we had foo/bar/
2405 * From the vfs_mknod() POV we just have a negative dentry -
2406 * all is fine. Let's be bastards - you had / on the end, you've
2407 * been asking for (non-existent) directory. -ENOENT for you.
2408 */
2409 if (unlikely(!is_dir && nd->last.name[nd->last.len])) {
2410 dput(dentry);
2411 dentry = ERR_PTR(-ENOENT);
2412 }
2413 return dentry;
2414 eexist:
2415 dput(dentry);
2416 dentry = ERR_PTR(-EEXIST);
2417 fail:
2418 return dentry;
2419 }
2420 EXPORT_SYMBOL_GPL(lookup_create);
2421
2422 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2423 {
2424 int error = may_create(dir, dentry);
2425
2426 if (error)
2427 return error;
2428
2429 if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
2430 return -EPERM;
2431
2432 if (!dir->i_op->mknod)
2433 return -EPERM;
2434
2435 error = devcgroup_inode_mknod(mode, dev);
2436 if (error)
2437 return error;
2438
2439 error = security_inode_mknod(dir, dentry, mode, dev);
2440 if (error)
2441 return error;
2442
2443 error = dir->i_op->mknod(dir, dentry, mode, dev);
2444 if (!error)
2445 fsnotify_create(dir, dentry);
2446 return error;
2447 }
2448
2449 static int may_mknod(mode_t mode)
2450 {
2451 switch (mode & S_IFMT) {
2452 case S_IFREG:
2453 case S_IFCHR:
2454 case S_IFBLK:
2455 case S_IFIFO:
2456 case S_IFSOCK:
2457 case 0: /* zero mode translates to S_IFREG */
2458 return 0;
2459 case S_IFDIR:
2460 return -EPERM;
2461 default:
2462 return -EINVAL;
2463 }
2464 }
2465
2466 SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
2467 unsigned, dev)
2468 {
2469 int error;
2470 char *tmp;
2471 struct dentry *dentry;
2472 struct nameidata nd;
2473
2474 if (S_ISDIR(mode))
2475 return -EPERM;
2476
2477 error = user_path_parent(dfd, filename, &nd, &tmp);
2478 if (error)
2479 return error;
2480
2481 dentry = lookup_create(&nd, 0);
2482 if (IS_ERR(dentry)) {
2483 error = PTR_ERR(dentry);
2484 goto out_unlock;
2485 }
2486 if (!IS_POSIXACL(nd.path.dentry->d_inode))
2487 mode &= ~current_umask();
2488 error = may_mknod(mode);
2489 if (error)
2490 goto out_dput;
2491 error = mnt_want_write(nd.path.mnt);
2492 if (error)
2493 goto out_dput;
2494 error = security_path_mknod(&nd.path, dentry, mode, dev);
2495 if (error)
2496 goto out_drop_write;
2497 switch (mode & S_IFMT) {
2498 case 0: case S_IFREG:
2499 error = vfs_create(nd.path.dentry->d_inode,dentry,mode,&nd);
2500 break;
2501 case S_IFCHR: case S_IFBLK:
2502 error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,
2503 new_decode_dev(dev));
2504 break;
2505 case S_IFIFO: case S_IFSOCK:
2506 error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,0);
2507 break;
2508 }
2509 out_drop_write:
2510 mnt_drop_write(nd.path.mnt);
2511 out_dput:
2512 dput(dentry);
2513 out_unlock:
2514 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2515 path_put(&nd.path);
2516 putname(tmp);
2517
2518 return error;
2519 }
2520
2521 SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev)
2522 {
2523 return sys_mknodat(AT_FDCWD, filename, mode, dev);
2524 }
2525
2526 int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
2527 {
2528 int error = may_create(dir, dentry);
2529
2530 if (error)
2531 return error;
2532
2533 if (!dir->i_op->mkdir)
2534 return -EPERM;
2535
2536 mode &= (S_IRWXUGO|S_ISVTX);
2537 error = security_inode_mkdir(dir, dentry, mode);
2538 if (error)
2539 return error;
2540
2541 error = dir->i_op->mkdir(dir, dentry, mode);
2542 if (!error)
2543 fsnotify_mkdir(dir, dentry);
2544 return error;
2545 }
2546
2547 SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
2548 {
2549 int error = 0;
2550 char * tmp;
2551 struct dentry *dentry;
2552 struct nameidata nd;
2553
2554 error = user_path_parent(dfd, pathname, &nd, &tmp);
2555 if (error)
2556 goto out_err;
2557
2558 dentry = lookup_create(&nd, 1);
2559 error = PTR_ERR(dentry);
2560 if (IS_ERR(dentry))
2561 goto out_unlock;
2562
2563 if (!IS_POSIXACL(nd.path.dentry->d_inode))
2564 mode &= ~current_umask();
2565 error = mnt_want_write(nd.path.mnt);
2566 if (error)
2567 goto out_dput;
2568 error = security_path_mkdir(&nd.path, dentry, mode);
2569 if (error)
2570 goto out_drop_write;
2571 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
2572 out_drop_write:
2573 mnt_drop_write(nd.path.mnt);
2574 out_dput:
2575 dput(dentry);
2576 out_unlock:
2577 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2578 path_put(&nd.path);
2579 putname(tmp);
2580 out_err:
2581 return error;
2582 }
2583
2584 SYSCALL_DEFINE2(mkdir, const char __user *, pathname, int, mode)
2585 {
2586 return sys_mkdirat(AT_FDCWD, pathname, mode);
2587 }
2588
2589 /*
2590 * We try to drop the dentry early: we should have
2591 * a usage count of 2 if we're the only user of this
2592 * dentry, and if that is true (possibly after pruning
2593 * the dcache), then we drop the dentry now.
2594 *
2595 * A low-level filesystem can, if it choses, legally
2596 * do a
2597 *
2598 * if (!d_unhashed(dentry))
2599 * return -EBUSY;
2600 *
2601 * if it cannot handle the case of removing a directory
2602 * that is still in use by something else..
2603 */
2604 void dentry_unhash(struct dentry *dentry)
2605 {
2606 dget(dentry);
2607 shrink_dcache_parent(dentry);
2608 spin_lock(&dentry->d_lock);
2609 if (dentry->d_count == 2)
2610 __d_drop(dentry);
2611 spin_unlock(&dentry->d_lock);
2612 }
2613
2614 int vfs_rmdir(struct inode *dir, struct dentry *dentry)
2615 {
2616 int error = may_delete(dir, dentry, 1);
2617
2618 if (error)
2619 return error;
2620
2621 if (!dir->i_op->rmdir)
2622 return -EPERM;
2623
2624 mutex_lock(&dentry->d_inode->i_mutex);
2625 dentry_unhash(dentry);
2626 if (d_mountpoint(dentry))
2627 error = -EBUSY;
2628 else {
2629 error = security_inode_rmdir(dir, dentry);
2630 if (!error) {
2631 error = dir->i_op->rmdir(dir, dentry);
2632 if (!error) {
2633 dentry->d_inode->i_flags |= S_DEAD;
2634 dont_mount(dentry);
2635 }
2636 }
2637 }
2638 mutex_unlock(&dentry->d_inode->i_mutex);
2639 if (!error) {
2640 d_delete(dentry);
2641 }
2642 dput(dentry);
2643
2644 return error;
2645 }
2646
2647 static long do_rmdir(int dfd, const char __user *pathname)
2648 {
2649 int error = 0;
2650 char * name;
2651 struct dentry *dentry;
2652 struct nameidata nd;
2653
2654 error = user_path_parent(dfd, pathname, &nd, &name);
2655 if (error)
2656 return error;
2657
2658 switch(nd.last_type) {
2659 case LAST_DOTDOT:
2660 error = -ENOTEMPTY;
2661 goto exit1;
2662 case LAST_DOT:
2663 error = -EINVAL;
2664 goto exit1;
2665 case LAST_ROOT:
2666 error = -EBUSY;
2667 goto exit1;
2668 }
2669
2670 nd.flags &= ~LOOKUP_PARENT;
2671
2672 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2673 dentry = lookup_hash(&nd);
2674 error = PTR_ERR(dentry);
2675 if (IS_ERR(dentry))
2676 goto exit2;
2677 error = mnt_want_write(nd.path.mnt);
2678 if (error)
2679 goto exit3;
2680 error = security_path_rmdir(&nd.path, dentry);
2681 if (error)
2682 goto exit4;
2683 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
2684 exit4:
2685 mnt_drop_write(nd.path.mnt);
2686 exit3:
2687 dput(dentry);
2688 exit2:
2689 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2690 exit1:
2691 path_put(&nd.path);
2692 putname(name);
2693 return error;
2694 }
2695
2696 SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
2697 {
2698 return do_rmdir(AT_FDCWD, pathname);
2699 }
2700
2701 int vfs_unlink(struct inode *dir, struct dentry *dentry)
2702 {
2703 int error = may_delete(dir, dentry, 0);
2704
2705 if (error)
2706 return error;
2707
2708 if (!dir->i_op->unlink)
2709 return -EPERM;
2710
2711 mutex_lock(&dentry->d_inode->i_mutex);
2712 if (d_mountpoint(dentry))
2713 error = -EBUSY;
2714 else {
2715 error = security_inode_unlink(dir, dentry);
2716 if (!error) {
2717 error = dir->i_op->unlink(dir, dentry);
2718 if (!error)
2719 dont_mount(dentry);
2720 }
2721 }
2722 mutex_unlock(&dentry->d_inode->i_mutex);
2723
2724 /* We don't d_delete() NFS sillyrenamed files--they still exist. */
2725 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
2726 fsnotify_link_count(dentry->d_inode);
2727 d_delete(dentry);
2728 }
2729
2730 return error;
2731 }
2732
2733 /*
2734 * Make sure that the actual truncation of the file will occur outside its
2735 * directory's i_mutex. Truncate can take a long time if there is a lot of
2736 * writeout happening, and we don't want to prevent access to the directory
2737 * while waiting on the I/O.
2738 */
2739 static long do_unlinkat(int dfd, const char __user *pathname)
2740 {
2741 int error;
2742 char *name;
2743 struct dentry *dentry;
2744 struct nameidata nd;
2745 struct inode *inode = NULL;
2746
2747 error = user_path_parent(dfd, pathname, &nd, &name);
2748 if (error)
2749 return error;
2750
2751 error = -EISDIR;
2752 if (nd.last_type != LAST_NORM)
2753 goto exit1;
2754
2755 nd.flags &= ~LOOKUP_PARENT;
2756
2757 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2758 dentry = lookup_hash(&nd);
2759 error = PTR_ERR(dentry);
2760 if (!IS_ERR(dentry)) {
2761 /* Why not before? Because we want correct error value */
2762 if (nd.last.name[nd.last.len])
2763 goto slashes;
2764 inode = dentry->d_inode;
2765 if (inode)
2766 ihold(inode);
2767 error = mnt_want_write(nd.path.mnt);
2768 if (error)
2769 goto exit2;
2770 error = security_path_unlink(&nd.path, dentry);
2771 if (error)
2772 goto exit3;
2773 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
2774 exit3:
2775 mnt_drop_write(nd.path.mnt);
2776 exit2:
2777 dput(dentry);
2778 }
2779 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2780 if (inode)
2781 iput(inode); /* truncate the inode here */
2782 exit1:
2783 path_put(&nd.path);
2784 putname(name);
2785 return error;
2786
2787 slashes:
2788 error = !dentry->d_inode ? -ENOENT :
2789 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2790 goto exit2;
2791 }
2792
2793 SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
2794 {
2795 if ((flag & ~AT_REMOVEDIR) != 0)
2796 return -EINVAL;
2797
2798 if (flag & AT_REMOVEDIR)
2799 return do_rmdir(dfd, pathname);
2800
2801 return do_unlinkat(dfd, pathname);
2802 }
2803
2804 SYSCALL_DEFINE1(unlink, const char __user *, pathname)
2805 {
2806 return do_unlinkat(AT_FDCWD, pathname);
2807 }
2808
2809 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
2810 {
2811 int error = may_create(dir, dentry);
2812
2813 if (error)
2814 return error;
2815
2816 if (!dir->i_op->symlink)
2817 return -EPERM;
2818
2819 error = security_inode_symlink(dir, dentry, oldname);
2820 if (error)
2821 return error;
2822
2823 error = dir->i_op->symlink(dir, dentry, oldname);
2824 if (!error)
2825 fsnotify_create(dir, dentry);
2826 return error;
2827 }
2828
2829 SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
2830 int, newdfd, const char __user *, newname)
2831 {
2832 int error;
2833 char *from;
2834 char *to;
2835 struct dentry *dentry;
2836 struct nameidata nd;
2837
2838 from = getname(oldname);
2839 if (IS_ERR(from))
2840 return PTR_ERR(from);
2841
2842 error = user_path_parent(newdfd, newname, &nd, &to);
2843 if (error)
2844 goto out_putname;
2845
2846 dentry = lookup_create(&nd, 0);
2847 error = PTR_ERR(dentry);
2848 if (IS_ERR(dentry))
2849 goto out_unlock;
2850
2851 error = mnt_want_write(nd.path.mnt);
2852 if (error)
2853 goto out_dput;
2854 error = security_path_symlink(&nd.path, dentry, from);
2855 if (error)
2856 goto out_drop_write;
2857 error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
2858 out_drop_write:
2859 mnt_drop_write(nd.path.mnt);
2860 out_dput:
2861 dput(dentry);
2862 out_unlock:
2863 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2864 path_put(&nd.path);
2865 putname(to);
2866 out_putname:
2867 putname(from);
2868 return error;
2869 }
2870
2871 SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
2872 {
2873 return sys_symlinkat(oldname, AT_FDCWD, newname);
2874 }
2875
2876 int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2877 {
2878 struct inode *inode = old_dentry->d_inode;
2879 int error;
2880
2881 if (!inode)
2882 return -ENOENT;
2883
2884 error = may_create(dir, new_dentry);
2885 if (error)
2886 return error;
2887
2888 if (dir->i_sb != inode->i_sb)
2889 return -EXDEV;
2890
2891 /*
2892 * A link to an append-only or immutable file cannot be created.
2893 */
2894 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2895 return -EPERM;
2896 if (!dir->i_op->link)
2897 return -EPERM;
2898 if (S_ISDIR(inode->i_mode))
2899 return -EPERM;
2900
2901 error = security_inode_link(old_dentry, dir, new_dentry);
2902 if (error)
2903 return error;
2904
2905 mutex_lock(&inode->i_mutex);
2906 error = dir->i_op->link(old_dentry, dir, new_dentry);
2907 mutex_unlock(&inode->i_mutex);
2908 if (!error)
2909 fsnotify_link(dir, inode, new_dentry);
2910 return error;
2911 }
2912
2913 /*
2914 * Hardlinks are often used in delicate situations. We avoid
2915 * security-related surprises by not following symlinks on the
2916 * newname. --KAB
2917 *
2918 * We don't follow them on the oldname either to be compatible
2919 * with linux 2.0, and to avoid hard-linking to directories
2920 * and other special files. --ADM
2921 */
2922 SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
2923 int, newdfd, const char __user *, newname, int, flags)
2924 {
2925 struct dentry *new_dentry;
2926 struct nameidata nd;
2927 struct path old_path;
2928 int error;
2929 char *to;
2930
2931 if ((flags & ~AT_SYMLINK_FOLLOW) != 0)
2932 return -EINVAL;
2933
2934 error = user_path_at(olddfd, oldname,
2935 flags & AT_SYMLINK_FOLLOW ? LOOKUP_FOLLOW : 0,
2936 &old_path);
2937 if (error)
2938 return error;
2939
2940 error = user_path_parent(newdfd, newname, &nd, &to);
2941 if (error)
2942 goto out;
2943 error = -EXDEV;
2944 if (old_path.mnt != nd.path.mnt)
2945 goto out_release;
2946 new_dentry = lookup_create(&nd, 0);
2947 error = PTR_ERR(new_dentry);
2948 if (IS_ERR(new_dentry))
2949 goto out_unlock;
2950 error = mnt_want_write(nd.path.mnt);
2951 if (error)
2952 goto out_dput;
2953 error = security_path_link(old_path.dentry, &nd.path, new_dentry);
2954 if (error)
2955 goto out_drop_write;
2956 error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
2957 out_drop_write:
2958 mnt_drop_write(nd.path.mnt);
2959 out_dput:
2960 dput(new_dentry);
2961 out_unlock:
2962 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2963 out_release:
2964 path_put(&nd.path);
2965 putname(to);
2966 out:
2967 path_put(&old_path);
2968
2969 return error;
2970 }
2971
2972 SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
2973 {
2974 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
2975 }
2976
2977 /*
2978 * The worst of all namespace operations - renaming directory. "Perverted"
2979 * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
2980 * Problems:
2981 * a) we can get into loop creation. Check is done in is_subdir().
2982 * b) race potential - two innocent renames can create a loop together.
2983 * That's where 4.4 screws up. Current fix: serialization on
2984 * sb->s_vfs_rename_mutex. We might be more accurate, but that's another
2985 * story.
2986 * c) we have to lock _three_ objects - parents and victim (if it exists).
2987 * And that - after we got ->i_mutex on parents (until then we don't know
2988 * whether the target exists). Solution: try to be smart with locking
2989 * order for inodes. We rely on the fact that tree topology may change
2990 * only under ->s_vfs_rename_mutex _and_ that parent of the object we
2991 * move will be locked. Thus we can rank directories by the tree
2992 * (ancestors first) and rank all non-directories after them.
2993 * That works since everybody except rename does "lock parent, lookup,
2994 * lock child" and rename is under ->s_vfs_rename_mutex.
2995 * HOWEVER, it relies on the assumption that any object with ->lookup()
2996 * has no more than 1 dentry. If "hybrid" objects will ever appear,
2997 * we'd better make sure that there's no link(2) for them.
2998 * d) some filesystems don't support opened-but-unlinked directories,
2999 * either because of layout or because they are not ready to deal with
3000 * all cases correctly. The latter will be fixed (taking this sort of
3001 * stuff into VFS), but the former is not going away. Solution: the same
3002 * trick as in rmdir().
3003 * e) conversion from fhandle to dentry may come in the wrong moment - when
3004 * we are removing the target. Solution: we will have to grab ->i_mutex
3005 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
3006 * ->i_mutex on parents, which works but leads to some truly excessive
3007 * locking].
3008 */
3009 static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
3010 struct inode *new_dir, struct dentry *new_dentry)
3011 {
3012 int error = 0;
3013 struct inode *target;
3014
3015 /*
3016 * If we are going to change the parent - check write permissions,
3017 * we'll need to flip '..'.
3018 */
3019 if (new_dir != old_dir) {
3020 error = inode_permission(old_dentry->d_inode, MAY_WRITE);
3021 if (error)
3022 return error;
3023 }
3024
3025 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3026 if (error)
3027 return error;
3028
3029 target = new_dentry->d_inode;
3030 if (target)
3031 mutex_lock(&target->i_mutex);
3032 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
3033 error = -EBUSY;
3034 else {
3035 if (target)
3036 dentry_unhash(new_dentry);
3037 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3038 }
3039 if (target) {
3040 if (!error) {
3041 target->i_flags |= S_DEAD;
3042 dont_mount(new_dentry);
3043 }
3044 mutex_unlock(&target->i_mutex);
3045 if (d_unhashed(new_dentry))
3046 d_rehash(new_dentry);
3047 dput(new_dentry);
3048 }
3049 if (!error)
3050 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3051 d_move(old_dentry,new_dentry);
3052 return error;
3053 }
3054
3055 static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
3056 struct inode *new_dir, struct dentry *new_dentry)
3057 {
3058 struct inode *target;
3059 int error;
3060
3061 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3062 if (error)
3063 return error;
3064
3065 dget(new_dentry);
3066 target = new_dentry->d_inode;
3067 if (target)
3068 mutex_lock(&target->i_mutex);
3069 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
3070 error = -EBUSY;
3071 else
3072 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3073 if (!error) {
3074 if (target)
3075 dont_mount(new_dentry);
3076 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3077 d_move(old_dentry, new_dentry);
3078 }
3079 if (target)
3080 mutex_unlock(&target->i_mutex);
3081 dput(new_dentry);
3082 return error;
3083 }
3084
3085 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
3086 struct inode *new_dir, struct dentry *new_dentry)
3087 {
3088 int error;
3089 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
3090 const unsigned char *old_name;
3091
3092 if (old_dentry->d_inode == new_dentry->d_inode)
3093 return 0;
3094
3095 error = may_delete(old_dir, old_dentry, is_dir);
3096 if (error)
3097 return error;
3098
3099 if (!new_dentry->d_inode)
3100 error = may_create(new_dir, new_dentry);
3101 else
3102 error = may_delete(new_dir, new_dentry, is_dir);
3103 if (error)
3104 return error;
3105
3106 if (!old_dir->i_op->rename)
3107 return -EPERM;
3108
3109 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
3110
3111 if (is_dir)
3112 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
3113 else
3114 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
3115 if (!error)
3116 fsnotify_move(old_dir, new_dir, old_name, is_dir,
3117 new_dentry->d_inode, old_dentry);
3118 fsnotify_oldname_free(old_name);
3119
3120 return error;
3121 }
3122
3123 SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3124 int, newdfd, const char __user *, newname)
3125 {
3126 struct dentry *old_dir, *new_dir;
3127 struct dentry *old_dentry, *new_dentry;
3128 struct dentry *trap;
3129 struct nameidata oldnd, newnd;
3130 char *from;
3131 char *to;
3132 int error;
3133
3134 error = user_path_parent(olddfd, oldname, &oldnd, &from);
3135 if (error)
3136 goto exit;
3137
3138 error = user_path_parent(newdfd, newname, &newnd, &to);
3139 if (error)
3140 goto exit1;
3141
3142 error = -EXDEV;
3143 if (oldnd.path.mnt != newnd.path.mnt)
3144 goto exit2;
3145
3146 old_dir = oldnd.path.dentry;
3147 error = -EBUSY;
3148 if (oldnd.last_type != LAST_NORM)
3149 goto exit2;
3150
3151 new_dir = newnd.path.dentry;
3152 if (newnd.last_type != LAST_NORM)
3153 goto exit2;
3154
3155 oldnd.flags &= ~LOOKUP_PARENT;
3156 newnd.flags &= ~LOOKUP_PARENT;
3157 newnd.flags |= LOOKUP_RENAME_TARGET;
3158
3159 trap = lock_rename(new_dir, old_dir);
3160
3161 old_dentry = lookup_hash(&oldnd);
3162 error = PTR_ERR(old_dentry);
3163 if (IS_ERR(old_dentry))
3164 goto exit3;
3165 /* source must exist */
3166 error = -ENOENT;
3167 if (!old_dentry->d_inode)
3168 goto exit4;
3169 /* unless the source is a directory trailing slashes give -ENOTDIR */
3170 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
3171 error = -ENOTDIR;
3172 if (oldnd.last.name[oldnd.last.len])
3173 goto exit4;
3174 if (newnd.last.name[newnd.last.len])
3175 goto exit4;
3176 }
3177 /* source should not be ancestor of target */
3178 error = -EINVAL;
3179 if (old_dentry == trap)
3180 goto exit4;
3181 new_dentry = lookup_hash(&newnd);
3182 error = PTR_ERR(new_dentry);
3183 if (IS_ERR(new_dentry))
3184 goto exit4;
3185 /* target should not be an ancestor of source */
3186 error = -ENOTEMPTY;
3187 if (new_dentry == trap)
3188 goto exit5;
3189
3190 error = mnt_want_write(oldnd.path.mnt);
3191 if (error)
3192 goto exit5;
3193 error = security_path_rename(&oldnd.path, old_dentry,
3194 &newnd.path, new_dentry);
3195 if (error)
3196 goto exit6;
3197 error = vfs_rename(old_dir->d_inode, old_dentry,
3198 new_dir->d_inode, new_dentry);
3199 exit6:
3200 mnt_drop_write(oldnd.path.mnt);
3201 exit5:
3202 dput(new_dentry);
3203 exit4:
3204 dput(old_dentry);
3205 exit3:
3206 unlock_rename(new_dir, old_dir);
3207 exit2:
3208 path_put(&newnd.path);
3209 putname(to);
3210 exit1:
3211 path_put(&oldnd.path);
3212 putname(from);
3213 exit:
3214 return error;
3215 }
3216
3217 SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
3218 {
3219 return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname);
3220 }
3221
3222 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
3223 {
3224 int len;
3225
3226 len = PTR_ERR(link);
3227 if (IS_ERR(link))
3228 goto out;
3229
3230 len = strlen(link);
3231 if (len > (unsigned) buflen)
3232 len = buflen;
3233 if (copy_to_user(buffer, link, len))
3234 len = -EFAULT;
3235 out:
3236 return len;
3237 }
3238
3239 /*
3240 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
3241 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
3242 * using) it for any given inode is up to filesystem.
3243 */
3244 int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3245 {
3246 struct nameidata nd;
3247 void *cookie;
3248 int res;
3249
3250 nd.depth = 0;
3251 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
3252 if (IS_ERR(cookie))
3253 return PTR_ERR(cookie);
3254
3255 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
3256 if (dentry->d_inode->i_op->put_link)
3257 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
3258 return res;
3259 }
3260
3261 int vfs_follow_link(struct nameidata *nd, const char *link)
3262 {
3263 return __vfs_follow_link(nd, link);
3264 }
3265
3266 /* get the link contents into pagecache */
3267 static char *page_getlink(struct dentry * dentry, struct page **ppage)
3268 {
3269 char *kaddr;
3270 struct page *page;
3271 struct address_space *mapping = dentry->d_inode->i_mapping;
3272 page = read_mapping_page(mapping, 0, NULL);
3273 if (IS_ERR(page))
3274 return (char*)page;
3275 *ppage = page;
3276 kaddr = kmap(page);
3277 nd_terminate_link(kaddr, dentry->d_inode->i_size, PAGE_SIZE - 1);
3278 return kaddr;
3279 }
3280
3281 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3282 {
3283 struct page *page = NULL;
3284 char *s = page_getlink(dentry, &page);
3285 int res = vfs_readlink(dentry,buffer,buflen,s);
3286 if (page) {
3287 kunmap(page);
3288 page_cache_release(page);
3289 }
3290 return res;
3291 }
3292
3293 void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
3294 {
3295 struct page *page = NULL;
3296 nd_set_link(nd, page_getlink(dentry, &page));
3297 return page;
3298 }
3299
3300 void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
3301 {
3302 struct page *page = cookie;
3303
3304 if (page) {
3305 kunmap(page);
3306 page_cache_release(page);
3307 }
3308 }
3309
3310 /*
3311 * The nofs argument instructs pagecache_write_begin to pass AOP_FLAG_NOFS
3312 */
3313 int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
3314 {
3315 struct address_space *mapping = inode->i_mapping;
3316 struct page *page;
3317 void *fsdata;
3318 int err;
3319 char *kaddr;
3320 unsigned int flags = AOP_FLAG_UNINTERRUPTIBLE;
3321 if (nofs)
3322 flags |= AOP_FLAG_NOFS;
3323
3324 retry:
3325 err = pagecache_write_begin(NULL, mapping, 0, len-1,
3326 flags, &page, &fsdata);
3327 if (err)
3328 goto fail;
3329
3330 kaddr = kmap_atomic(page, KM_USER0);
3331 memcpy(kaddr, symname, len-1);
3332 kunmap_atomic(kaddr, KM_USER0);
3333
3334 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
3335 page, fsdata);
3336 if (err < 0)
3337 goto fail;
3338 if (err < len-1)
3339 goto retry;
3340
3341 mark_inode_dirty(inode);
3342 return 0;
3343 fail:
3344 return err;
3345 }
3346
3347 int page_symlink(struct inode *inode, const char *symname, int len)
3348 {
3349 return __page_symlink(inode, symname, len,
3350 !(mapping_gfp_mask(inode->i_mapping) & __GFP_FS));
3351 }
3352
3353 const struct inode_operations page_symlink_inode_operations = {
3354 .readlink = generic_readlink,
3355 .follow_link = page_follow_link_light,
3356 .put_link = page_put_link,
3357 };
3358
3359 EXPORT_SYMBOL(user_path_at);
3360 EXPORT_SYMBOL(follow_down);
3361 EXPORT_SYMBOL(follow_up);
3362 EXPORT_SYMBOL(get_write_access); /* binfmt_aout */
3363 EXPORT_SYMBOL(getname);
3364 EXPORT_SYMBOL(lock_rename);
3365 EXPORT_SYMBOL(lookup_one_len);
3366 EXPORT_SYMBOL(page_follow_link_light);
3367 EXPORT_SYMBOL(page_put_link);
3368 EXPORT_SYMBOL(page_readlink);
3369 EXPORT_SYMBOL(__page_symlink);
3370 EXPORT_SYMBOL(page_symlink);
3371 EXPORT_SYMBOL(page_symlink_inode_operations);
3372 EXPORT_SYMBOL(path_lookup);
3373 EXPORT_SYMBOL(kern_path);
3374 EXPORT_SYMBOL(vfs_path_lookup);
3375 EXPORT_SYMBOL(inode_permission);
3376 EXPORT_SYMBOL(file_permission);
3377 EXPORT_SYMBOL(unlock_rename);
3378 EXPORT_SYMBOL(vfs_create);
3379 EXPORT_SYMBOL(vfs_follow_link);
3380 EXPORT_SYMBOL(vfs_link);
3381 EXPORT_SYMBOL(vfs_mkdir);
3382 EXPORT_SYMBOL(vfs_mknod);
3383 EXPORT_SYMBOL(generic_permission);
3384 EXPORT_SYMBOL(vfs_readlink);
3385 EXPORT_SYMBOL(vfs_rename);
3386 EXPORT_SYMBOL(vfs_rmdir);
3387 EXPORT_SYMBOL(vfs_symlink);
3388 EXPORT_SYMBOL(vfs_unlink);
3389 EXPORT_SYMBOL(dentry_unhash);
3390 EXPORT_SYMBOL(generic_readlink);
Linux kernel - Deliverables
This page took 0.105231 seconds and 5 git commands to generate.