4 * Copyright (C) 1991, 1992 Linus Torvalds
8 * Some corrections by tytso.
11 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
14 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
21 #include <linux/namei.h>
22 #include <linux/pagemap.h>
23 #include <linux/fsnotify.h>
24 #include <linux/personality.h>
25 #include <linux/security.h>
26 #include <linux/ima.h>
27 #include <linux/syscalls.h>
28 #include <linux/mount.h>
29 #include <linux/audit.h>
30 #include <linux/capability.h>
31 #include <linux/file.h>
32 #include <linux/fcntl.h>
33 #include <linux/device_cgroup.h>
34 #include <linux/fs_struct.h>
35 #include <asm/uaccess.h>
39 /* [Feb-1997 T. Schoebel-Theuer]
40 * Fundamental changes in the pathname lookup mechanisms (namei)
41 * were necessary because of omirr. The reason is that omirr needs
42 * to know the _real_ pathname, not the user-supplied one, in case
43 * of symlinks (and also when transname replacements occur).
45 * The new code replaces the old recursive symlink resolution with
46 * an iterative one (in case of non-nested symlink chains). It does
47 * this with calls to <fs>_follow_link().
48 * As a side effect, dir_namei(), _namei() and follow_link() are now
49 * replaced with a single function lookup_dentry() that can handle all
50 * the special cases of the former code.
52 * With the new dcache, the pathname is stored at each inode, at least as
53 * long as the refcount of the inode is positive. As a side effect, the
54 * size of the dcache depends on the inode cache and thus is dynamic.
56 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
57 * resolution to correspond with current state of the code.
59 * Note that the symlink resolution is not *completely* iterative.
60 * There is still a significant amount of tail- and mid- recursion in
61 * the algorithm. Also, note that <fs>_readlink() is not used in
62 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
63 * may return different results than <fs>_follow_link(). Many virtual
64 * filesystems (including /proc) exhibit this behavior.
67 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
68 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
69 * and the name already exists in form of a symlink, try to create the new
70 * name indicated by the symlink. The old code always complained that the
71 * name already exists, due to not following the symlink even if its target
72 * is nonexistent. The new semantics affects also mknod() and link() when
73 * the name is a symlink pointing to a non-existant name.
75 * I don't know which semantics is the right one, since I have no access
76 * to standards. But I found by trial that HP-UX 9.0 has the full "new"
77 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
78 * "old" one. Personally, I think the new semantics is much more logical.
79 * Note that "ln old new" where "new" is a symlink pointing to a non-existing
80 * file does succeed in both HP-UX and SunOs, but not in Solaris
81 * and in the old Linux semantics.
84 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
85 * semantics. See the comments in "open_namei" and "do_link" below.
87 * [10-Sep-98 Alan Modra] Another symlink change.
90 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
91 * inside the path - always follow.
92 * in the last component in creation/removal/renaming - never follow.
93 * if LOOKUP_FOLLOW passed - follow.
94 * if the pathname has trailing slashes - follow.
95 * otherwise - don't follow.
96 * (applied in that order).
98 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
99 * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
100 * During the 2.4 we need to fix the userland stuff depending on it -
101 * hopefully we will be able to get rid of that wart in 2.5. So far only
102 * XEmacs seems to be relying on it...
105 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
106 * implemented. Let's see if raised priority of ->s_vfs_rename_mutex gives
107 * any extra contention...
110 /* In order to reduce some races, while at the same time doing additional
111 * checking and hopefully speeding things up, we copy filenames to the
112 * kernel data space before using them..
114 * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
115 * PATH_MAX includes the nul terminator --RR.
117 static int do_getname(const char __user
*filename
, char *page
)
120 unsigned long len
= PATH_MAX
;
122 if (!segment_eq(get_fs(), KERNEL_DS
)) {
123 if ((unsigned long) filename
>= TASK_SIZE
)
125 if (TASK_SIZE
- (unsigned long) filename
< PATH_MAX
)
126 len
= TASK_SIZE
- (unsigned long) filename
;
129 retval
= strncpy_from_user(page
, filename
, len
);
133 return -ENAMETOOLONG
;
139 char * getname(const char __user
* filename
)
143 result
= ERR_PTR(-ENOMEM
);
146 int retval
= do_getname(filename
, tmp
);
151 result
= ERR_PTR(retval
);
154 audit_getname(result
);
158 #ifdef CONFIG_AUDITSYSCALL
159 void putname(const char *name
)
161 if (unlikely(!audit_dummy_context()))
166 EXPORT_SYMBOL(putname
);
170 * This does basic POSIX ACL permission checking
172 static inline int __acl_permission_check(struct inode
*inode
, int mask
,
173 int (*check_acl
)(struct inode
*inode
, int mask
), int rcu
)
175 umode_t mode
= inode
->i_mode
;
177 mask
&= MAY_READ
| MAY_WRITE
| MAY_EXEC
;
179 if (current_fsuid() == inode
->i_uid
)
182 if (IS_POSIXACL(inode
) && (mode
& S_IRWXG
) && check_acl
) {
186 int error
= check_acl(inode
, mask
);
187 if (error
!= -EAGAIN
)
192 if (in_group_p(inode
->i_gid
))
197 * If the DACs are ok we don't need any capability check.
199 if ((mask
& ~mode
) == 0)
204 static inline int acl_permission_check(struct inode
*inode
, int mask
,
205 int (*check_acl
)(struct inode
*inode
, int mask
))
207 return __acl_permission_check(inode
, mask
, check_acl
, 0);
211 * generic_permission - check for access rights on a Posix-like filesystem
212 * @inode: inode to check access rights for
213 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
214 * @check_acl: optional callback to check for Posix ACLs
216 * Used to check for read/write/execute permissions on a file.
217 * We use "fsuid" for this, letting us set arbitrary permissions
218 * for filesystem access without changing the "normal" uids which
219 * are used for other things..
221 int generic_permission(struct inode
*inode
, int mask
,
222 int (*check_acl
)(struct inode
*inode
, int mask
))
227 * Do the basic POSIX ACL permission checks.
229 ret
= acl_permission_check(inode
, mask
, check_acl
);
234 * Read/write DACs are always overridable.
235 * Executable DACs are overridable if at least one exec bit is set.
237 if (!(mask
& MAY_EXEC
) || execute_ok(inode
))
238 if (capable(CAP_DAC_OVERRIDE
))
242 * Searching includes executable on directories, else just read.
244 mask
&= MAY_READ
| MAY_WRITE
| MAY_EXEC
;
245 if (mask
== MAY_READ
|| (S_ISDIR(inode
->i_mode
) && !(mask
& MAY_WRITE
)))
246 if (capable(CAP_DAC_READ_SEARCH
))
253 * inode_permission - check for access rights to a given inode
254 * @inode: inode to check permission on
255 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
257 * Used to check for read/write/execute permissions on an inode.
258 * We use "fsuid" for this, letting us set arbitrary permissions
259 * for filesystem access without changing the "normal" uids which
260 * are used for other things.
262 int inode_permission(struct inode
*inode
, int mask
)
266 if (mask
& MAY_WRITE
) {
267 umode_t mode
= inode
->i_mode
;
270 * Nobody gets write access to a read-only fs.
272 if (IS_RDONLY(inode
) &&
273 (S_ISREG(mode
) || S_ISDIR(mode
) || S_ISLNK(mode
)))
277 * Nobody gets write access to an immutable file.
279 if (IS_IMMUTABLE(inode
))
283 if (inode
->i_op
->permission
)
284 retval
= inode
->i_op
->permission(inode
, mask
);
286 retval
= generic_permission(inode
, mask
, inode
->i_op
->check_acl
);
291 retval
= devcgroup_inode_permission(inode
, mask
);
295 return security_inode_permission(inode
, mask
);
299 * file_permission - check for additional access rights to a given file
300 * @file: file to check access rights for
301 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
303 * Used to check for read/write/execute permissions on an already opened
307 * Do not use this function in new code. All access checks should
308 * be done using inode_permission().
310 int file_permission(struct file
*file
, int mask
)
312 return inode_permission(file
->f_path
.dentry
->d_inode
, mask
);
316 * get_write_access() gets write permission for a file.
317 * put_write_access() releases this write permission.
318 * This is used for regular files.
319 * We cannot support write (and maybe mmap read-write shared) accesses and
320 * MAP_DENYWRITE mmappings simultaneously. The i_writecount field of an inode
321 * can have the following values:
322 * 0: no writers, no VM_DENYWRITE mappings
323 * < 0: (-i_writecount) vm_area_structs with VM_DENYWRITE set exist
324 * > 0: (i_writecount) users are writing to the file.
326 * Normally we operate on that counter with atomic_{inc,dec} and it's safe
327 * except for the cases where we don't hold i_writecount yet. Then we need to
328 * use {get,deny}_write_access() - these functions check the sign and refuse
329 * to do the change if sign is wrong. Exclusion between them is provided by
330 * the inode->i_lock spinlock.
333 int get_write_access(struct inode
* inode
)
335 spin_lock(&inode
->i_lock
);
336 if (atomic_read(&inode
->i_writecount
) < 0) {
337 spin_unlock(&inode
->i_lock
);
340 atomic_inc(&inode
->i_writecount
);
341 spin_unlock(&inode
->i_lock
);
346 int deny_write_access(struct file
* file
)
348 struct inode
*inode
= file
->f_path
.dentry
->d_inode
;
350 spin_lock(&inode
->i_lock
);
351 if (atomic_read(&inode
->i_writecount
) > 0) {
352 spin_unlock(&inode
->i_lock
);
355 atomic_dec(&inode
->i_writecount
);
356 spin_unlock(&inode
->i_lock
);
362 * path_get - get a reference to a path
363 * @path: path to get the reference to
365 * Given a path increment the reference count to the dentry and the vfsmount.
367 void path_get(struct path
*path
)
372 EXPORT_SYMBOL(path_get
);
375 * path_put - put a reference to a path
376 * @path: path to put the reference to
378 * Given a path decrement the reference count to the dentry and the vfsmount.
380 void path_put(struct path
*path
)
385 EXPORT_SYMBOL(path_put
);
388 * nameidata_drop_rcu - drop this nameidata out of rcu-walk
389 * @nd: nameidata pathwalk data to drop
390 * @Returns: 0 on success, -ECHLID on failure
392 * Path walking has 2 modes, rcu-walk and ref-walk (see
393 * Documentation/filesystems/path-lookup.txt). __drop_rcu* functions attempt
394 * to drop out of rcu-walk mode and take normal reference counts on dentries
395 * and vfsmounts to transition to rcu-walk mode. __drop_rcu* functions take
396 * refcounts at the last known good point before rcu-walk got stuck, so
397 * ref-walk may continue from there. If this is not successful (eg. a seqcount
398 * has changed), then failure is returned and path walk restarts from the
399 * beginning in ref-walk mode.
401 * nameidata_drop_rcu attempts to drop the current nd->path and nd->root into
402 * ref-walk. Must be called from rcu-walk context.
404 static int nameidata_drop_rcu(struct nameidata
*nd
)
406 struct fs_struct
*fs
= current
->fs
;
407 struct dentry
*dentry
= nd
->path
.dentry
;
409 BUG_ON(!(nd
->flags
& LOOKUP_RCU
));
411 spin_lock(&fs
->lock
);
412 if (nd
->root
.mnt
!= fs
->root
.mnt
||
413 nd
->root
.dentry
!= fs
->root
.dentry
)
416 spin_lock(&dentry
->d_lock
);
417 if (!__d_rcu_to_refcount(dentry
, nd
->seq
))
419 BUG_ON(nd
->inode
!= dentry
->d_inode
);
420 spin_unlock(&dentry
->d_lock
);
423 spin_unlock(&fs
->lock
);
425 mntget(nd
->path
.mnt
);
428 br_read_unlock(vfsmount_lock
);
429 nd
->flags
&= ~LOOKUP_RCU
;
432 spin_unlock(&dentry
->d_lock
);
435 spin_unlock(&fs
->lock
);
439 /* Try to drop out of rcu-walk mode if we were in it, otherwise do nothing. */
440 static inline int nameidata_drop_rcu_maybe(struct nameidata
*nd
)
442 if (nd
->flags
& LOOKUP_RCU
)
443 return nameidata_drop_rcu(nd
);
448 * nameidata_dentry_drop_rcu - drop nameidata and dentry out of rcu-walk
449 * @nd: nameidata pathwalk data to drop
450 * @dentry: dentry to drop
451 * @Returns: 0 on success, -ECHLID on failure
453 * nameidata_dentry_drop_rcu attempts to drop the current nd->path and nd->root,
454 * and dentry into ref-walk. @dentry must be a path found by a do_lookup call on
455 * @nd. Must be called from rcu-walk context.
457 static int nameidata_dentry_drop_rcu(struct nameidata
*nd
, struct dentry
*dentry
)
459 struct fs_struct
*fs
= current
->fs
;
460 struct dentry
*parent
= nd
->path
.dentry
;
462 BUG_ON(!(nd
->flags
& LOOKUP_RCU
));
464 spin_lock(&fs
->lock
);
465 if (nd
->root
.mnt
!= fs
->root
.mnt
||
466 nd
->root
.dentry
!= fs
->root
.dentry
)
469 spin_lock(&parent
->d_lock
);
470 spin_lock_nested(&dentry
->d_lock
, DENTRY_D_LOCK_NESTED
);
471 if (!__d_rcu_to_refcount(dentry
, nd
->seq
))
474 * If the sequence check on the child dentry passed, then the child has
475 * not been removed from its parent. This means the parent dentry must
476 * be valid and able to take a reference at this point.
478 BUG_ON(!IS_ROOT(dentry
) && dentry
->d_parent
!= parent
);
479 BUG_ON(!parent
->d_count
);
481 spin_unlock(&dentry
->d_lock
);
482 spin_unlock(&parent
->d_lock
);
485 spin_unlock(&fs
->lock
);
487 mntget(nd
->path
.mnt
);
490 br_read_unlock(vfsmount_lock
);
491 nd
->flags
&= ~LOOKUP_RCU
;
494 spin_unlock(&dentry
->d_lock
);
495 spin_unlock(&parent
->d_lock
);
498 spin_unlock(&fs
->lock
);
502 /* Try to drop out of rcu-walk mode if we were in it, otherwise do nothing. */
503 static inline int nameidata_dentry_drop_rcu_maybe(struct nameidata
*nd
, struct dentry
*dentry
)
505 if (nd
->flags
& LOOKUP_RCU
)
506 return nameidata_dentry_drop_rcu(nd
, dentry
);
511 * nameidata_drop_rcu_last - drop nameidata ending path walk out of rcu-walk
512 * @nd: nameidata pathwalk data to drop
513 * @Returns: 0 on success, -ECHLID on failure
515 * nameidata_drop_rcu_last attempts to drop the current nd->path into ref-walk.
516 * nd->path should be the final element of the lookup, so nd->root is discarded.
517 * Must be called from rcu-walk context.
519 static int nameidata_drop_rcu_last(struct nameidata
*nd
)
521 struct dentry
*dentry
= nd
->path
.dentry
;
523 BUG_ON(!(nd
->flags
& LOOKUP_RCU
));
524 nd
->flags
&= ~LOOKUP_RCU
;
526 spin_lock(&dentry
->d_lock
);
527 if (!__d_rcu_to_refcount(dentry
, nd
->seq
))
529 BUG_ON(nd
->inode
!= dentry
->d_inode
);
530 spin_unlock(&dentry
->d_lock
);
532 mntget(nd
->path
.mnt
);
535 br_read_unlock(vfsmount_lock
);
540 spin_unlock(&dentry
->d_lock
);
542 br_read_unlock(vfsmount_lock
);
546 /* Try to drop out of rcu-walk mode if we were in it, otherwise do nothing. */
547 static inline int nameidata_drop_rcu_last_maybe(struct nameidata
*nd
)
549 if (likely(nd
->flags
& LOOKUP_RCU
))
550 return nameidata_drop_rcu_last(nd
);
555 * release_open_intent - free up open intent resources
556 * @nd: pointer to nameidata
558 void release_open_intent(struct nameidata
*nd
)
560 if (nd
->intent
.open
.file
->f_path
.dentry
== NULL
)
561 put_filp(nd
->intent
.open
.file
);
563 fput(nd
->intent
.open
.file
);
566 static inline struct dentry
*
567 do_revalidate(struct dentry
*dentry
, struct nameidata
*nd
)
569 int status
= dentry
->d_op
->d_revalidate(dentry
, nd
);
570 if (unlikely(status
<= 0)) {
572 * The dentry failed validation.
573 * If d_revalidate returned 0 attempt to invalidate
574 * the dentry otherwise d_revalidate is asking us
575 * to return a fail status.
578 if (!d_invalidate(dentry
)) {
584 dentry
= ERR_PTR(status
);
591 * force_reval_path - force revalidation of a dentry
593 * In some situations the path walking code will trust dentries without
594 * revalidating them. This causes problems for filesystems that depend on
595 * d_revalidate to handle file opens (e.g. NFSv4). When FS_REVAL_DOT is set
596 * (which indicates that it's possible for the dentry to go stale), force
597 * a d_revalidate call before proceeding.
599 * Returns 0 if the revalidation was successful. If the revalidation fails,
600 * either return the error returned by d_revalidate or -ESTALE if the
601 * revalidation it just returned 0. If d_revalidate returns 0, we attempt to
602 * invalidate the dentry. It's up to the caller to handle putting references
603 * to the path if necessary.
606 force_reval_path(struct path
*path
, struct nameidata
*nd
)
609 struct dentry
*dentry
= path
->dentry
;
612 * only check on filesystems where it's possible for the dentry to
613 * become stale. It's assumed that if this flag is set then the
614 * d_revalidate op will also be defined.
616 if (!(dentry
->d_sb
->s_type
->fs_flags
& FS_REVAL_DOT
))
619 status
= dentry
->d_op
->d_revalidate(dentry
, nd
);
624 d_invalidate(dentry
);
631 * Short-cut version of permission(), for calling on directories
632 * during pathname resolution. Combines parts of permission()
633 * and generic_permission(), and tests ONLY for MAY_EXEC permission.
635 * If appropriate, check DAC only. If not appropriate, or
636 * short-cut DAC fails, then call ->permission() to do more
637 * complete permission check.
639 static inline int __exec_permission(struct inode
*inode
, int rcu
)
643 if (inode
->i_op
->permission
) {
646 ret
= inode
->i_op
->permission(inode
, MAY_EXEC
);
651 ret
= __acl_permission_check(inode
, MAY_EXEC
, inode
->i_op
->check_acl
, rcu
);
654 if (rcu
&& ret
== -ECHILD
)
657 if (capable(CAP_DAC_OVERRIDE
) || capable(CAP_DAC_READ_SEARCH
))
662 return security_inode_exec_permission(inode
, rcu
);
665 static int exec_permission(struct inode
*inode
)
667 return __exec_permission(inode
, 0);
670 static int exec_permission_rcu(struct inode
*inode
)
672 return __exec_permission(inode
, 1);
675 static __always_inline
void set_root(struct nameidata
*nd
)
678 get_fs_root(current
->fs
, &nd
->root
);
681 static int link_path_walk(const char *, struct nameidata
*);
683 static __always_inline
void set_root_rcu(struct nameidata
*nd
)
686 struct fs_struct
*fs
= current
->fs
;
690 seq
= read_seqcount_begin(&fs
->seq
);
692 } while (read_seqcount_retry(&fs
->seq
, seq
));
696 static __always_inline
int __vfs_follow_link(struct nameidata
*nd
, const char *link
)
709 nd
->inode
= nd
->path
.dentry
->d_inode
;
711 ret
= link_path_walk(link
, nd
);
715 return PTR_ERR(link
);
718 static void path_put_conditional(struct path
*path
, struct nameidata
*nd
)
721 if (path
->mnt
!= nd
->path
.mnt
)
725 static inline void path_to_nameidata(struct path
*path
, struct nameidata
*nd
)
727 if (!(nd
->flags
& LOOKUP_RCU
)) {
728 dput(nd
->path
.dentry
);
729 if (nd
->path
.mnt
!= path
->mnt
)
730 mntput(nd
->path
.mnt
);
732 nd
->path
.mnt
= path
->mnt
;
733 nd
->path
.dentry
= path
->dentry
;
736 static __always_inline
int
737 __do_follow_link(struct path
*path
, struct nameidata
*nd
, void **p
)
740 struct dentry
*dentry
= path
->dentry
;
742 touch_atime(path
->mnt
, dentry
);
743 nd_set_link(nd
, NULL
);
745 if (path
->mnt
!= nd
->path
.mnt
) {
746 path_to_nameidata(path
, nd
);
747 nd
->inode
= nd
->path
.dentry
->d_inode
;
752 nd
->last_type
= LAST_BIND
;
753 *p
= dentry
->d_inode
->i_op
->follow_link(dentry
, nd
);
756 char *s
= nd_get_link(nd
);
759 error
= __vfs_follow_link(nd
, s
);
760 else if (nd
->last_type
== LAST_BIND
) {
761 error
= force_reval_path(&nd
->path
, nd
);
770 * This limits recursive symlink follows to 8, while
771 * limiting consecutive symlinks to 40.
773 * Without that kind of total limit, nasty chains of consecutive
774 * symlinks can cause almost arbitrarily long lookups.
776 static inline int do_follow_link(struct path
*path
, struct nameidata
*nd
)
780 if (current
->link_count
>= MAX_NESTED_LINKS
)
782 if (current
->total_link_count
>= 40)
784 BUG_ON(nd
->depth
>= MAX_NESTED_LINKS
);
786 err
= security_inode_follow_link(path
->dentry
, nd
);
789 current
->link_count
++;
790 current
->total_link_count
++;
792 err
= __do_follow_link(path
, nd
, &cookie
);
793 if (!IS_ERR(cookie
) && path
->dentry
->d_inode
->i_op
->put_link
)
794 path
->dentry
->d_inode
->i_op
->put_link(path
->dentry
, nd
, cookie
);
796 current
->link_count
--;
800 path_put_conditional(path
, nd
);
805 static int follow_up_rcu(struct path
*path
)
807 struct vfsmount
*parent
;
808 struct dentry
*mountpoint
;
810 parent
= path
->mnt
->mnt_parent
;
811 if (parent
== path
->mnt
)
813 mountpoint
= path
->mnt
->mnt_mountpoint
;
814 path
->dentry
= mountpoint
;
819 int follow_up(struct path
*path
)
821 struct vfsmount
*parent
;
822 struct dentry
*mountpoint
;
824 br_read_lock(vfsmount_lock
);
825 parent
= path
->mnt
->mnt_parent
;
826 if (parent
== path
->mnt
) {
827 br_read_unlock(vfsmount_lock
);
831 mountpoint
= dget(path
->mnt
->mnt_mountpoint
);
832 br_read_unlock(vfsmount_lock
);
834 path
->dentry
= mountpoint
;
841 * serialization is taken care of in namespace.c
843 static void __follow_mount_rcu(struct nameidata
*nd
, struct path
*path
,
844 struct inode
**inode
)
846 while (d_mountpoint(path
->dentry
)) {
847 struct vfsmount
*mounted
;
848 mounted
= __lookup_mnt(path
->mnt
, path
->dentry
, 1);
852 path
->dentry
= mounted
->mnt_root
;
853 nd
->seq
= read_seqcount_begin(&path
->dentry
->d_seq
);
854 *inode
= path
->dentry
->d_inode
;
858 static int __follow_mount(struct path
*path
)
861 while (d_mountpoint(path
->dentry
)) {
862 struct vfsmount
*mounted
= lookup_mnt(path
);
869 path
->dentry
= dget(mounted
->mnt_root
);
875 static void follow_mount(struct path
*path
)
877 while (d_mountpoint(path
->dentry
)) {
878 struct vfsmount
*mounted
= lookup_mnt(path
);
884 path
->dentry
= dget(mounted
->mnt_root
);
888 int follow_down(struct path
*path
)
890 struct vfsmount
*mounted
;
892 mounted
= lookup_mnt(path
);
897 path
->dentry
= dget(mounted
->mnt_root
);
903 static int follow_dotdot_rcu(struct nameidata
*nd
)
905 struct inode
*inode
= nd
->inode
;
910 if (nd
->path
.dentry
== nd
->root
.dentry
&&
911 nd
->path
.mnt
== nd
->root
.mnt
) {
914 if (nd
->path
.dentry
!= nd
->path
.mnt
->mnt_root
) {
915 struct dentry
*old
= nd
->path
.dentry
;
916 struct dentry
*parent
= old
->d_parent
;
919 seq
= read_seqcount_begin(&parent
->d_seq
);
920 if (read_seqcount_retry(&old
->d_seq
, nd
->seq
))
922 inode
= parent
->d_inode
;
923 nd
->path
.dentry
= parent
;
927 if (!follow_up_rcu(&nd
->path
))
929 nd
->seq
= read_seqcount_begin(&nd
->path
.dentry
->d_seq
);
930 inode
= nd
->path
.dentry
->d_inode
;
932 __follow_mount_rcu(nd
, &nd
->path
, &inode
);
938 static void follow_dotdot(struct nameidata
*nd
)
943 struct dentry
*old
= nd
->path
.dentry
;
945 if (nd
->path
.dentry
== nd
->root
.dentry
&&
946 nd
->path
.mnt
== nd
->root
.mnt
) {
949 if (nd
->path
.dentry
!= nd
->path
.mnt
->mnt_root
) {
950 /* rare case of legitimate dget_parent()... */
951 nd
->path
.dentry
= dget_parent(nd
->path
.dentry
);
955 if (!follow_up(&nd
->path
))
958 follow_mount(&nd
->path
);
959 nd
->inode
= nd
->path
.dentry
->d_inode
;
963 * Allocate a dentry with name and parent, and perform a parent
964 * directory ->lookup on it. Returns the new dentry, or ERR_PTR
965 * on error. parent->d_inode->i_mutex must be held. d_lookup must
966 * have verified that no child exists while under i_mutex.
968 static struct dentry
*d_alloc_and_lookup(struct dentry
*parent
,
969 struct qstr
*name
, struct nameidata
*nd
)
971 struct inode
*inode
= parent
->d_inode
;
972 struct dentry
*dentry
;
975 /* Don't create child dentry for a dead directory. */
976 if (unlikely(IS_DEADDIR(inode
)))
977 return ERR_PTR(-ENOENT
);
979 dentry
= d_alloc(parent
, name
);
980 if (unlikely(!dentry
))
981 return ERR_PTR(-ENOMEM
);
983 old
= inode
->i_op
->lookup(inode
, dentry
, nd
);
992 * It's more convoluted than I'd like it to be, but... it's still fairly
993 * small and for now I'd prefer to have fast path as straight as possible.
994 * It _is_ time-critical.
996 static int do_lookup(struct nameidata
*nd
, struct qstr
*name
,
997 struct path
*path
, struct inode
**inode
)
999 struct vfsmount
*mnt
= nd
->path
.mnt
;
1000 struct dentry
*dentry
, *parent
= nd
->path
.dentry
;
1003 * See if the low-level filesystem might want
1004 * to use its own hash..
1006 if (parent
->d_op
&& parent
->d_op
->d_hash
) {
1007 int err
= parent
->d_op
->d_hash(parent
, nd
->inode
, name
);
1013 * Rename seqlock is not required here because in the off chance
1014 * of a false negative due to a concurrent rename, we're going to
1015 * do the non-racy lookup, below.
1017 if (nd
->flags
& LOOKUP_RCU
) {
1021 dentry
= __d_lookup_rcu(parent
, name
, &seq
, inode
);
1023 if (nameidata_drop_rcu(nd
))
1027 /* Memory barrier in read_seqcount_begin of child is enough */
1028 if (__read_seqcount_retry(&parent
->d_seq
, nd
->seq
))
1032 if (dentry
->d_op
&& dentry
->d_op
->d_revalidate
) {
1033 /* We commonly drop rcu-walk here */
1034 if (nameidata_dentry_drop_rcu(nd
, dentry
))
1036 goto need_revalidate
;
1039 path
->dentry
= dentry
;
1040 __follow_mount_rcu(nd
, path
, inode
);
1042 dentry
= __d_lookup(parent
, name
);
1046 if (dentry
->d_op
&& dentry
->d_op
->d_revalidate
)
1047 goto need_revalidate
;
1050 path
->dentry
= dentry
;
1051 __follow_mount(path
);
1052 *inode
= path
->dentry
->d_inode
;
1057 dir
= parent
->d_inode
;
1058 BUG_ON(nd
->inode
!= dir
);
1060 mutex_lock(&dir
->i_mutex
);
1062 * First re-do the cached lookup just in case it was created
1063 * while we waited for the directory semaphore, or the first
1064 * lookup failed due to an unrelated rename.
1066 * This could use version numbering or similar to avoid unnecessary
1067 * cache lookups, but then we'd have to do the first lookup in the
1068 * non-racy way. However in the common case here, everything should
1069 * be hot in cache, so would it be a big win?
1071 dentry
= d_lookup(parent
, name
);
1072 if (likely(!dentry
)) {
1073 dentry
= d_alloc_and_lookup(parent
, name
, nd
);
1074 mutex_unlock(&dir
->i_mutex
);
1080 * Uhhuh! Nasty case: the cache was re-populated while
1081 * we waited on the semaphore. Need to revalidate.
1083 mutex_unlock(&dir
->i_mutex
);
1087 dentry
= do_revalidate(dentry
, nd
);
1095 return PTR_ERR(dentry
);
1099 * This is a temporary kludge to deal with "automount" symlinks; proper
1100 * solution is to trigger them on follow_mount(), so that do_lookup()
1101 * would DTRT. To be killed before 2.6.34-final.
1103 static inline int follow_on_final(struct inode
*inode
, unsigned lookup_flags
)
1105 return inode
&& unlikely(inode
->i_op
->follow_link
) &&
1106 ((lookup_flags
& LOOKUP_FOLLOW
) || S_ISDIR(inode
->i_mode
));
1111 * This is the basic name resolution function, turning a pathname into
1112 * the final dentry. We expect 'base' to be positive and a directory.
1114 * Returns 0 and nd will have valid dentry and mnt on success.
1115 * Returns error and drops reference to input namei data on failure.
1117 static int link_path_walk(const char *name
, struct nameidata
*nd
)
1121 unsigned int lookup_flags
= nd
->flags
;
1129 lookup_flags
= LOOKUP_FOLLOW
| (nd
->flags
& LOOKUP_CONTINUE
);
1131 /* At this point we know we have a real path component. */
1133 struct inode
*inode
;
1138 nd
->flags
|= LOOKUP_CONTINUE
;
1139 if (nd
->flags
& LOOKUP_RCU
) {
1140 err
= exec_permission_rcu(nd
->inode
);
1141 if (err
== -ECHILD
) {
1142 if (nameidata_drop_rcu(nd
))
1148 err
= exec_permission(nd
->inode
);
1154 c
= *(const unsigned char *)name
;
1156 hash
= init_name_hash();
1159 hash
= partial_name_hash(c
, hash
);
1160 c
= *(const unsigned char *)name
;
1161 } while (c
&& (c
!= '/'));
1162 this.len
= name
- (const char *) this.name
;
1163 this.hash
= end_name_hash(hash
);
1165 /* remove trailing slashes? */
1167 goto last_component
;
1168 while (*++name
== '/');
1170 goto last_with_slashes
;
1173 * "." and ".." are special - ".." especially so because it has
1174 * to be able to know about the current root directory and
1175 * parent relationships.
1177 if (this.name
[0] == '.') switch (this.len
) {
1181 if (this.name
[1] != '.')
1183 if (nd
->flags
& LOOKUP_RCU
) {
1184 if (follow_dotdot_rcu(nd
))
1192 /* This does the actual lookups.. */
1193 err
= do_lookup(nd
, &this, &next
, &inode
);
1200 if (inode
->i_op
->follow_link
) {
1201 /* We commonly drop rcu-walk here */
1202 if (nameidata_dentry_drop_rcu_maybe(nd
, next
.dentry
))
1204 BUG_ON(inode
!= next
.dentry
->d_inode
);
1205 err
= do_follow_link(&next
, nd
);
1208 nd
->inode
= nd
->path
.dentry
->d_inode
;
1213 path_to_nameidata(&next
, nd
);
1217 if (!nd
->inode
->i_op
->lookup
)
1220 /* here ends the main loop */
1223 lookup_flags
|= LOOKUP_FOLLOW
| LOOKUP_DIRECTORY
;
1225 /* Clear LOOKUP_CONTINUE iff it was previously unset */
1226 nd
->flags
&= lookup_flags
| ~LOOKUP_CONTINUE
;
1227 if (lookup_flags
& LOOKUP_PARENT
)
1229 if (this.name
[0] == '.') switch (this.len
) {
1233 if (this.name
[1] != '.')
1235 if (nd
->flags
& LOOKUP_RCU
) {
1236 if (follow_dotdot_rcu(nd
))
1244 err
= do_lookup(nd
, &this, &next
, &inode
);
1247 if (follow_on_final(inode
, lookup_flags
)) {
1248 if (nameidata_dentry_drop_rcu_maybe(nd
, next
.dentry
))
1250 BUG_ON(inode
!= next
.dentry
->d_inode
);
1251 err
= do_follow_link(&next
, nd
);
1254 nd
->inode
= nd
->path
.dentry
->d_inode
;
1256 path_to_nameidata(&next
, nd
);
1262 if (lookup_flags
& LOOKUP_DIRECTORY
) {
1264 if (!nd
->inode
->i_op
->lookup
)
1270 nd
->last_type
= LAST_NORM
;
1271 if (this.name
[0] != '.')
1274 nd
->last_type
= LAST_DOT
;
1275 else if (this.len
== 2 && this.name
[1] == '.')
1276 nd
->last_type
= LAST_DOTDOT
;
1281 * We bypassed the ordinary revalidation routines.
1282 * We may need to check the cached dentry for staleness.
1284 if (nd
->path
.dentry
&& nd
->path
.dentry
->d_sb
&&
1285 (nd
->path
.dentry
->d_sb
->s_type
->fs_flags
& FS_REVAL_DOT
)) {
1286 if (nameidata_drop_rcu_maybe(nd
))
1289 /* Note: we do not d_invalidate() */
1290 if (!nd
->path
.dentry
->d_op
->d_revalidate(
1291 nd
->path
.dentry
, nd
))
1295 if (nameidata_drop_rcu_last_maybe(nd
))
1299 if (!(nd
->flags
& LOOKUP_RCU
))
1300 path_put_conditional(&next
, nd
);
1303 if (!(nd
->flags
& LOOKUP_RCU
))
1304 path_put(&nd
->path
);
1309 static inline int path_walk_rcu(const char *name
, struct nameidata
*nd
)
1311 current
->total_link_count
= 0;
1313 return link_path_walk(name
, nd
);
1316 static inline int path_walk_simple(const char *name
, struct nameidata
*nd
)
1318 current
->total_link_count
= 0;
1320 return link_path_walk(name
, nd
);
1323 static int path_walk(const char *name
, struct nameidata
*nd
)
1325 struct path save
= nd
->path
;
1328 current
->total_link_count
= 0;
1330 /* make sure the stuff we saved doesn't go away */
1333 result
= link_path_walk(name
, nd
);
1334 if (result
== -ESTALE
) {
1335 /* nd->path had been dropped */
1336 current
->total_link_count
= 0;
1338 path_get(&nd
->path
);
1339 nd
->flags
|= LOOKUP_REVAL
;
1340 result
= link_path_walk(name
, nd
);
1348 static void path_finish_rcu(struct nameidata
*nd
)
1350 if (nd
->flags
& LOOKUP_RCU
) {
1351 /* RCU dangling. Cancel it. */
1352 nd
->flags
&= ~LOOKUP_RCU
;
1353 nd
->root
.mnt
= NULL
;
1355 br_read_unlock(vfsmount_lock
);
1361 static int path_init_rcu(int dfd
, const char *name
, unsigned int flags
, struct nameidata
*nd
)
1367 nd
->last_type
= LAST_ROOT
; /* if there are only slashes... */
1368 nd
->flags
= flags
| LOOKUP_RCU
;
1370 nd
->root
.mnt
= NULL
;
1374 struct fs_struct
*fs
= current
->fs
;
1377 br_read_lock(vfsmount_lock
);
1381 seq
= read_seqcount_begin(&fs
->seq
);
1382 nd
->root
= fs
->root
;
1383 nd
->path
= nd
->root
;
1384 nd
->seq
= __read_seqcount_begin(&nd
->path
.dentry
->d_seq
);
1385 } while (read_seqcount_retry(&fs
->seq
, seq
));
1387 } else if (dfd
== AT_FDCWD
) {
1388 struct fs_struct
*fs
= current
->fs
;
1391 br_read_lock(vfsmount_lock
);
1395 seq
= read_seqcount_begin(&fs
->seq
);
1397 nd
->seq
= __read_seqcount_begin(&nd
->path
.dentry
->d_seq
);
1398 } while (read_seqcount_retry(&fs
->seq
, seq
));
1401 struct dentry
*dentry
;
1403 file
= fget_light(dfd
, &fput_needed
);
1408 dentry
= file
->f_path
.dentry
;
1411 if (!S_ISDIR(dentry
->d_inode
->i_mode
))
1414 retval
= file_permission(file
, MAY_EXEC
);
1418 nd
->path
= file
->f_path
;
1422 nd
->seq
= __read_seqcount_begin(&nd
->path
.dentry
->d_seq
);
1423 br_read_lock(vfsmount_lock
);
1426 nd
->inode
= nd
->path
.dentry
->d_inode
;
1430 fput_light(file
, fput_needed
);
1435 static int path_init(int dfd
, const char *name
, unsigned int flags
, struct nameidata
*nd
)
1441 nd
->last_type
= LAST_ROOT
; /* if there are only slashes... */
1444 nd
->root
.mnt
= NULL
;
1448 nd
->path
= nd
->root
;
1449 path_get(&nd
->root
);
1450 } else if (dfd
== AT_FDCWD
) {
1451 get_fs_pwd(current
->fs
, &nd
->path
);
1453 struct dentry
*dentry
;
1455 file
= fget_light(dfd
, &fput_needed
);
1460 dentry
= file
->f_path
.dentry
;
1463 if (!S_ISDIR(dentry
->d_inode
->i_mode
))
1466 retval
= file_permission(file
, MAY_EXEC
);
1470 nd
->path
= file
->f_path
;
1471 path_get(&file
->f_path
);
1473 fput_light(file
, fput_needed
);
1475 nd
->inode
= nd
->path
.dentry
->d_inode
;
1479 fput_light(file
, fput_needed
);
1484 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
1485 static int do_path_lookup(int dfd
, const char *name
,
1486 unsigned int flags
, struct nameidata
*nd
)
1491 * Path walking is largely split up into 2 different synchronisation
1492 * schemes, rcu-walk and ref-walk (explained in
1493 * Documentation/filesystems/path-lookup.txt). These share much of the
1494 * path walk code, but some things particularly setup, cleanup, and
1495 * following mounts are sufficiently divergent that functions are
1496 * duplicated. Typically there is a function foo(), and its RCU
1497 * analogue, foo_rcu().
1499 * -ECHILD is the error number of choice (just to avoid clashes) that
1500 * is returned if some aspect of an rcu-walk fails. Such an error must
1501 * be handled by restarting a traditional ref-walk (which will always
1502 * be able to complete).
1504 retval
= path_init_rcu(dfd
, name
, flags
, nd
);
1505 if (unlikely(retval
))
1507 retval
= path_walk_rcu(name
, nd
);
1508 path_finish_rcu(nd
);
1510 path_put(&nd
->root
);
1511 nd
->root
.mnt
= NULL
;
1514 if (unlikely(retval
== -ECHILD
|| retval
== -ESTALE
)) {
1515 /* slower, locked walk */
1516 if (retval
== -ESTALE
)
1517 flags
|= LOOKUP_REVAL
;
1518 retval
= path_init(dfd
, name
, flags
, nd
);
1519 if (unlikely(retval
))
1521 retval
= path_walk(name
, nd
);
1523 path_put(&nd
->root
);
1524 nd
->root
.mnt
= NULL
;
1528 if (likely(!retval
)) {
1529 if (unlikely(!audit_dummy_context())) {
1530 if (nd
->path
.dentry
&& nd
->inode
)
1531 audit_inode(name
, nd
->path
.dentry
);
1538 int path_lookup(const char *name
, unsigned int flags
,
1539 struct nameidata
*nd
)
1541 return do_path_lookup(AT_FDCWD
, name
, flags
, nd
);
1544 int kern_path(const char *name
, unsigned int flags
, struct path
*path
)
1546 struct nameidata nd
;
1547 int res
= do_path_lookup(AT_FDCWD
, name
, flags
, &nd
);
1554 * vfs_path_lookup - lookup a file path relative to a dentry-vfsmount pair
1555 * @dentry: pointer to dentry of the base directory
1556 * @mnt: pointer to vfs mount of the base directory
1557 * @name: pointer to file name
1558 * @flags: lookup flags
1559 * @nd: pointer to nameidata
1561 int vfs_path_lookup(struct dentry
*dentry
, struct vfsmount
*mnt
,
1562 const char *name
, unsigned int flags
,
1563 struct nameidata
*nd
)
1567 /* same as do_path_lookup */
1568 nd
->last_type
= LAST_ROOT
;
1572 nd
->path
.dentry
= dentry
;
1574 path_get(&nd
->path
);
1575 nd
->root
= nd
->path
;
1576 path_get(&nd
->root
);
1577 nd
->inode
= nd
->path
.dentry
->d_inode
;
1579 retval
= path_walk(name
, nd
);
1580 if (unlikely(!retval
&& !audit_dummy_context() && nd
->path
.dentry
&&
1582 audit_inode(name
, nd
->path
.dentry
);
1584 path_put(&nd
->root
);
1585 nd
->root
.mnt
= NULL
;
1590 static struct dentry
*__lookup_hash(struct qstr
*name
,
1591 struct dentry
*base
, struct nameidata
*nd
)
1593 struct inode
*inode
= base
->d_inode
;
1594 struct dentry
*dentry
;
1597 err
= exec_permission(inode
);
1599 return ERR_PTR(err
);
1602 * See if the low-level filesystem might want
1603 * to use its own hash..
1605 if (base
->d_op
&& base
->d_op
->d_hash
) {
1606 err
= base
->d_op
->d_hash(base
, inode
, name
);
1607 dentry
= ERR_PTR(err
);
1613 * Don't bother with __d_lookup: callers are for creat as
1614 * well as unlink, so a lot of the time it would cost
1617 dentry
= d_lookup(base
, name
);
1619 if (dentry
&& dentry
->d_op
&& dentry
->d_op
->d_revalidate
)
1620 dentry
= do_revalidate(dentry
, nd
);
1623 dentry
= d_alloc_and_lookup(base
, name
, nd
);
1629 * Restricted form of lookup. Doesn't follow links, single-component only,
1630 * needs parent already locked. Doesn't follow mounts.
1633 static struct dentry
*lookup_hash(struct nameidata
*nd
)
1635 return __lookup_hash(&nd
->last
, nd
->path
.dentry
, nd
);
1638 static int __lookup_one_len(const char *name
, struct qstr
*this,
1639 struct dentry
*base
, int len
)
1649 hash
= init_name_hash();
1651 c
= *(const unsigned char *)name
++;
1652 if (c
== '/' || c
== '\0')
1654 hash
= partial_name_hash(c
, hash
);
1656 this->hash
= end_name_hash(hash
);
1661 * lookup_one_len - filesystem helper to lookup single pathname component
1662 * @name: pathname component to lookup
1663 * @base: base directory to lookup from
1664 * @len: maximum length @len should be interpreted to
1666 * Note that this routine is purely a helper for filesystem usage and should
1667 * not be called by generic code. Also note that by using this function the
1668 * nameidata argument is passed to the filesystem methods and a filesystem
1669 * using this helper needs to be prepared for that.
1671 struct dentry
*lookup_one_len(const char *name
, struct dentry
*base
, int len
)
1676 WARN_ON_ONCE(!mutex_is_locked(&base
->d_inode
->i_mutex
));
1678 err
= __lookup_one_len(name
, &this, base
, len
);
1680 return ERR_PTR(err
);
1682 return __lookup_hash(&this, base
, NULL
);
1685 int user_path_at(int dfd
, const char __user
*name
, unsigned flags
,
1688 struct nameidata nd
;
1689 char *tmp
= getname(name
);
1690 int err
= PTR_ERR(tmp
);
1693 BUG_ON(flags
& LOOKUP_PARENT
);
1695 err
= do_path_lookup(dfd
, tmp
, flags
, &nd
);
1703 static int user_path_parent(int dfd
, const char __user
*path
,
1704 struct nameidata
*nd
, char **name
)
1706 char *s
= getname(path
);
1712 error
= do_path_lookup(dfd
, s
, LOOKUP_PARENT
, nd
);
1722 * It's inline, so penalty for filesystems that don't use sticky bit is
1725 static inline int check_sticky(struct inode
*dir
, struct inode
*inode
)
1727 uid_t fsuid
= current_fsuid();
1729 if (!(dir
->i_mode
& S_ISVTX
))
1731 if (inode
->i_uid
== fsuid
)
1733 if (dir
->i_uid
== fsuid
)
1735 return !capable(CAP_FOWNER
);
1739 * Check whether we can remove a link victim from directory dir, check
1740 * whether the type of victim is right.
1741 * 1. We can't do it if dir is read-only (done in permission())
1742 * 2. We should have write and exec permissions on dir
1743 * 3. We can't remove anything from append-only dir
1744 * 4. We can't do anything with immutable dir (done in permission())
1745 * 5. If the sticky bit on dir is set we should either
1746 * a. be owner of dir, or
1747 * b. be owner of victim, or
1748 * c. have CAP_FOWNER capability
1749 * 6. If the victim is append-only or immutable we can't do antyhing with
1750 * links pointing to it.
1751 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
1752 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
1753 * 9. We can't remove a root or mountpoint.
1754 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
1755 * nfs_async_unlink().
1757 static int may_delete(struct inode
*dir
,struct dentry
*victim
,int isdir
)
1761 if (!victim
->d_inode
)
1764 BUG_ON(victim
->d_parent
->d_inode
!= dir
);
1765 audit_inode_child(victim
, dir
);
1767 error
= inode_permission(dir
, MAY_WRITE
| MAY_EXEC
);
1772 if (check_sticky(dir
, victim
->d_inode
)||IS_APPEND(victim
->d_inode
)||
1773 IS_IMMUTABLE(victim
->d_inode
) || IS_SWAPFILE(victim
->d_inode
))
1776 if (!S_ISDIR(victim
->d_inode
->i_mode
))
1778 if (IS_ROOT(victim
))
1780 } else if (S_ISDIR(victim
->d_inode
->i_mode
))
1782 if (IS_DEADDIR(dir
))
1784 if (victim
->d_flags
& DCACHE_NFSFS_RENAMED
)
1789 /* Check whether we can create an object with dentry child in directory
1791 * 1. We can't do it if child already exists (open has special treatment for
1792 * this case, but since we are inlined it's OK)
1793 * 2. We can't do it if dir is read-only (done in permission())
1794 * 3. We should have write and exec permissions on dir
1795 * 4. We can't do it if dir is immutable (done in permission())
1797 static inline int may_create(struct inode
*dir
, struct dentry
*child
)
1801 if (IS_DEADDIR(dir
))
1803 return inode_permission(dir
, MAY_WRITE
| MAY_EXEC
);
1807 * p1 and p2 should be directories on the same fs.
1809 struct dentry
*lock_rename(struct dentry
*p1
, struct dentry
*p2
)
1814 mutex_lock_nested(&p1
->d_inode
->i_mutex
, I_MUTEX_PARENT
);
1818 mutex_lock(&p1
->d_inode
->i_sb
->s_vfs_rename_mutex
);
1820 p
= d_ancestor(p2
, p1
);
1822 mutex_lock_nested(&p2
->d_inode
->i_mutex
, I_MUTEX_PARENT
);
1823 mutex_lock_nested(&p1
->d_inode
->i_mutex
, I_MUTEX_CHILD
);
1827 p
= d_ancestor(p1
, p2
);
1829 mutex_lock_nested(&p1
->d_inode
->i_mutex
, I_MUTEX_PARENT
);
1830 mutex_lock_nested(&p2
->d_inode
->i_mutex
, I_MUTEX_CHILD
);
1834 mutex_lock_nested(&p1
->d_inode
->i_mutex
, I_MUTEX_PARENT
);
1835 mutex_lock_nested(&p2
->d_inode
->i_mutex
, I_MUTEX_CHILD
);
1839 void unlock_rename(struct dentry
*p1
, struct dentry
*p2
)
1841 mutex_unlock(&p1
->d_inode
->i_mutex
);
1843 mutex_unlock(&p2
->d_inode
->i_mutex
);
1844 mutex_unlock(&p1
->d_inode
->i_sb
->s_vfs_rename_mutex
);
1848 int vfs_create(struct inode
*dir
, struct dentry
*dentry
, int mode
,
1849 struct nameidata
*nd
)
1851 int error
= may_create(dir
, dentry
);
1856 if (!dir
->i_op
->create
)
1857 return -EACCES
; /* shouldn't it be ENOSYS? */
1860 error
= security_inode_create(dir
, dentry
, mode
);
1863 error
= dir
->i_op
->create(dir
, dentry
, mode
, nd
);
1865 fsnotify_create(dir
, dentry
);
1869 int may_open(struct path
*path
, int acc_mode
, int flag
)
1871 struct dentry
*dentry
= path
->dentry
;
1872 struct inode
*inode
= dentry
->d_inode
;
1878 switch (inode
->i_mode
& S_IFMT
) {
1882 if (acc_mode
& MAY_WRITE
)
1887 if (path
->mnt
->mnt_flags
& MNT_NODEV
)
1896 error
= inode_permission(inode
, acc_mode
);
1901 * An append-only file must be opened in append mode for writing.
1903 if (IS_APPEND(inode
)) {
1904 if ((flag
& O_ACCMODE
) != O_RDONLY
&& !(flag
& O_APPEND
))
1910 /* O_NOATIME can only be set by the owner or superuser */
1911 if (flag
& O_NOATIME
&& !is_owner_or_cap(inode
))
1915 * Ensure there are no outstanding leases on the file.
1917 return break_lease(inode
, flag
);
1920 static int handle_truncate(struct path
*path
)
1922 struct inode
*inode
= path
->dentry
->d_inode
;
1923 int error
= get_write_access(inode
);
1927 * Refuse to truncate files with mandatory locks held on them.
1929 error
= locks_verify_locked(inode
);
1931 error
= security_path_truncate(path
);
1933 error
= do_truncate(path
->dentry
, 0,
1934 ATTR_MTIME
|ATTR_CTIME
|ATTR_OPEN
,
1937 put_write_access(inode
);
1942 * Be careful about ever adding any more callers of this
1943 * function. Its flags must be in the namei format, not
1944 * what get passed to sys_open().
1946 static int __open_namei_create(struct nameidata
*nd
, struct path
*path
,
1947 int open_flag
, int mode
)
1950 struct dentry
*dir
= nd
->path
.dentry
;
1952 if (!IS_POSIXACL(dir
->d_inode
))
1953 mode
&= ~current_umask();
1954 error
= security_path_mknod(&nd
->path
, path
->dentry
, mode
, 0);
1957 error
= vfs_create(dir
->d_inode
, path
->dentry
, mode
, nd
);
1959 mutex_unlock(&dir
->d_inode
->i_mutex
);
1960 dput(nd
->path
.dentry
);
1961 nd
->path
.dentry
= path
->dentry
;
1965 /* Don't check for write permission, don't truncate */
1966 return may_open(&nd
->path
, 0, open_flag
& ~O_TRUNC
);
1970 * Note that while the flag value (low two bits) for sys_open means:
1975 * it is changed into
1976 * 00 - no permissions needed
1977 * 01 - read-permission
1978 * 10 - write-permission
1980 * for the internal routines (ie open_namei()/follow_link() etc)
1981 * This is more logical, and also allows the 00 "no perm needed"
1982 * to be used for symlinks (where the permissions are checked
1986 static inline int open_to_namei_flags(int flag
)
1988 if ((flag
+1) & O_ACCMODE
)
1993 static int open_will_truncate(int flag
, struct inode
*inode
)
1996 * We'll never write to the fs underlying
1999 if (special_file(inode
->i_mode
))
2001 return (flag
& O_TRUNC
);
2004 static struct file
*finish_open(struct nameidata
*nd
,
2005 int open_flag
, int acc_mode
)
2011 will_truncate
= open_will_truncate(open_flag
, nd
->path
.dentry
->d_inode
);
2012 if (will_truncate
) {
2013 error
= mnt_want_write(nd
->path
.mnt
);
2017 error
= may_open(&nd
->path
, acc_mode
, open_flag
);
2020 mnt_drop_write(nd
->path
.mnt
);
2023 filp
= nameidata_to_filp(nd
);
2024 if (!IS_ERR(filp
)) {
2025 error
= ima_file_check(filp
, acc_mode
);
2028 filp
= ERR_PTR(error
);
2031 if (!IS_ERR(filp
)) {
2032 if (will_truncate
) {
2033 error
= handle_truncate(&nd
->path
);
2036 filp
= ERR_PTR(error
);
2041 * It is now safe to drop the mnt write
2042 * because the filp has had a write taken
2046 mnt_drop_write(nd
->path
.mnt
);
2047 path_put(&nd
->path
);
2051 if (!IS_ERR(nd
->intent
.open
.file
))
2052 release_open_intent(nd
);
2053 path_put(&nd
->path
);
2054 return ERR_PTR(error
);
2058 * Handle O_CREAT case for do_filp_open
2060 static struct file
*do_last(struct nameidata
*nd
, struct path
*path
,
2061 int open_flag
, int acc_mode
,
2062 int mode
, const char *pathname
)
2064 struct dentry
*dir
= nd
->path
.dentry
;
2066 int error
= -EISDIR
;
2068 switch (nd
->last_type
) {
2071 dir
= nd
->path
.dentry
;
2073 if (nd
->path
.mnt
->mnt_sb
->s_type
->fs_flags
& FS_REVAL_DOT
) {
2074 if (!dir
->d_op
->d_revalidate(dir
, nd
)) {
2083 audit_inode(pathname
, dir
);
2087 /* trailing slashes? */
2088 if (nd
->last
.name
[nd
->last
.len
])
2091 mutex_lock(&dir
->d_inode
->i_mutex
);
2093 path
->dentry
= lookup_hash(nd
);
2094 path
->mnt
= nd
->path
.mnt
;
2096 error
= PTR_ERR(path
->dentry
);
2097 if (IS_ERR(path
->dentry
)) {
2098 mutex_unlock(&dir
->d_inode
->i_mutex
);
2102 if (IS_ERR(nd
->intent
.open
.file
)) {
2103 error
= PTR_ERR(nd
->intent
.open
.file
);
2104 goto exit_mutex_unlock
;
2107 /* Negative dentry, just create the file */
2108 if (!path
->dentry
->d_inode
) {
2110 * This write is needed to ensure that a
2111 * ro->rw transition does not occur between
2112 * the time when the file is created and when
2113 * a permanent write count is taken through
2114 * the 'struct file' in nameidata_to_filp().
2116 error
= mnt_want_write(nd
->path
.mnt
);
2118 goto exit_mutex_unlock
;
2119 error
= __open_namei_create(nd
, path
, open_flag
, mode
);
2121 mnt_drop_write(nd
->path
.mnt
);
2124 filp
= nameidata_to_filp(nd
);
2125 mnt_drop_write(nd
->path
.mnt
);
2126 path_put(&nd
->path
);
2127 if (!IS_ERR(filp
)) {
2128 error
= ima_file_check(filp
, acc_mode
);
2131 filp
= ERR_PTR(error
);
2138 * It already exists.
2140 mutex_unlock(&dir
->d_inode
->i_mutex
);
2141 audit_inode(pathname
, path
->dentry
);
2144 if (open_flag
& O_EXCL
)
2147 if (__follow_mount(path
)) {
2149 if (open_flag
& O_NOFOLLOW
)
2154 if (!path
->dentry
->d_inode
)
2157 if (path
->dentry
->d_inode
->i_op
->follow_link
)
2160 path_to_nameidata(path
, nd
);
2161 nd
->inode
= path
->dentry
->d_inode
;
2163 if (S_ISDIR(nd
->inode
->i_mode
))
2166 filp
= finish_open(nd
, open_flag
, acc_mode
);
2170 mutex_unlock(&dir
->d_inode
->i_mutex
);
2172 path_put_conditional(path
, nd
);
2174 if (!IS_ERR(nd
->intent
.open
.file
))
2175 release_open_intent(nd
);
2176 path_put(&nd
->path
);
2177 return ERR_PTR(error
);
2181 * Note that the low bits of the passed in "open_flag"
2182 * are not the same as in the local variable "flag". See
2183 * open_to_namei_flags() for more details.
2185 struct file
*do_filp_open(int dfd
, const char *pathname
,
2186 int open_flag
, int mode
, int acc_mode
)
2189 struct nameidata nd
;
2193 int flag
= open_to_namei_flags(open_flag
);
2196 if (!(open_flag
& O_CREAT
))
2199 /* Must never be set by userspace */
2200 open_flag
&= ~FMODE_NONOTIFY
;
2203 * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only
2204 * check for O_DSYNC if the need any syncing at all we enforce it's
2205 * always set instead of having to deal with possibly weird behaviour
2206 * for malicious applications setting only __O_SYNC.
2208 if (open_flag
& __O_SYNC
)
2209 open_flag
|= O_DSYNC
;
2212 acc_mode
= MAY_OPEN
| ACC_MODE(open_flag
);
2214 /* O_TRUNC implies we need access checks for write permissions */
2215 if (open_flag
& O_TRUNC
)
2216 acc_mode
|= MAY_WRITE
;
2218 /* Allow the LSM permission hook to distinguish append
2219 access from general write access. */
2220 if (open_flag
& O_APPEND
)
2221 acc_mode
|= MAY_APPEND
;
2223 flags
= LOOKUP_OPEN
;
2224 if (open_flag
& O_CREAT
) {
2225 flags
|= LOOKUP_CREATE
;
2226 if (open_flag
& O_EXCL
)
2227 flags
|= LOOKUP_EXCL
;
2229 if (open_flag
& O_DIRECTORY
)
2230 flags
|= LOOKUP_DIRECTORY
;
2231 if (!(open_flag
& O_NOFOLLOW
))
2232 flags
|= LOOKUP_FOLLOW
;
2234 filp
= get_empty_filp();
2236 return ERR_PTR(-ENFILE
);
2238 filp
->f_flags
= open_flag
;
2239 nd
.intent
.open
.file
= filp
;
2240 nd
.intent
.open
.flags
= flag
;
2241 nd
.intent
.open
.create_mode
= mode
;
2243 if (open_flag
& O_CREAT
)
2246 /* !O_CREAT, simple open */
2247 error
= do_path_lookup(dfd
, pathname
, flags
, &nd
);
2248 if (unlikely(error
))
2251 if (!(nd
.flags
& LOOKUP_FOLLOW
)) {
2252 if (nd
.inode
->i_op
->follow_link
)
2256 if (nd
.flags
& LOOKUP_DIRECTORY
) {
2257 if (!nd
.inode
->i_op
->lookup
)
2260 audit_inode(pathname
, nd
.path
.dentry
);
2261 filp
= finish_open(&nd
, open_flag
, acc_mode
);
2265 /* OK, have to create the file. Find the parent. */
2266 error
= path_init_rcu(dfd
, pathname
,
2267 LOOKUP_PARENT
| (flags
& LOOKUP_REVAL
), &nd
);
2270 error
= path_walk_rcu(pathname
, &nd
);
2271 path_finish_rcu(&nd
);
2272 if (unlikely(error
== -ECHILD
|| error
== -ESTALE
)) {
2273 /* slower, locked walk */
2274 if (error
== -ESTALE
) {
2276 flags
|= LOOKUP_REVAL
;
2278 error
= path_init(dfd
, pathname
,
2279 LOOKUP_PARENT
| (flags
& LOOKUP_REVAL
), &nd
);
2283 error
= path_walk_simple(pathname
, &nd
);
2285 if (unlikely(error
))
2287 if (unlikely(!audit_dummy_context()))
2288 audit_inode(pathname
, nd
.path
.dentry
);
2291 * We have the parent and last component.
2294 filp
= do_last(&nd
, &path
, open_flag
, acc_mode
, mode
, pathname
);
2295 while (unlikely(!filp
)) { /* trailing symlink */
2299 /* S_ISDIR part is a temporary automount kludge */
2300 if (!(nd
.flags
& LOOKUP_FOLLOW
) && !S_ISDIR(nd
.inode
->i_mode
))
2305 * This is subtle. Instead of calling do_follow_link() we do
2306 * the thing by hands. The reason is that this way we have zero
2307 * link_count and path_walk() (called from ->follow_link)
2308 * honoring LOOKUP_PARENT. After that we have the parent and
2309 * last component, i.e. we are in the same situation as after
2310 * the first path_walk(). Well, almost - if the last component
2311 * is normal we get its copy stored in nd->last.name and we will
2312 * have to putname() it when we are done. Procfs-like symlinks
2313 * just set LAST_BIND.
2315 nd
.flags
|= LOOKUP_PARENT
;
2316 error
= security_inode_follow_link(path
.dentry
, &nd
);
2319 error
= __do_follow_link(&path
, &nd
, &cookie
);
2320 if (unlikely(error
)) {
2321 if (!IS_ERR(cookie
) && nd
.inode
->i_op
->put_link
)
2322 nd
.inode
->i_op
->put_link(path
.dentry
, &nd
, cookie
);
2323 /* nd.path had been dropped */
2328 nd
.flags
&= ~LOOKUP_PARENT
;
2329 filp
= do_last(&nd
, &path
, open_flag
, acc_mode
, mode
, pathname
);
2330 if (nd
.inode
->i_op
->put_link
)
2331 nd
.inode
->i_op
->put_link(holder
.dentry
, &nd
, cookie
);
2337 if (filp
== ERR_PTR(-ESTALE
) && !(flags
& LOOKUP_REVAL
))
2342 path_put_conditional(&path
, &nd
);
2346 if (!IS_ERR(nd
.intent
.open
.file
))
2347 release_open_intent(&nd
);
2348 filp
= ERR_PTR(error
);
2353 * filp_open - open file and return file pointer
2355 * @filename: path to open
2356 * @flags: open flags as per the open(2) second argument
2357 * @mode: mode for the new file if O_CREAT is set, else ignored
2359 * This is the helper to open a file from kernelspace if you really
2360 * have to. But in generally you should not do this, so please move
2361 * along, nothing to see here..
2363 struct file
*filp_open(const char *filename
, int flags
, int mode
)
2365 return do_filp_open(AT_FDCWD
, filename
, flags
, mode
, 0);
2367 EXPORT_SYMBOL(filp_open
);
2370 * lookup_create - lookup a dentry, creating it if it doesn't exist
2371 * @nd: nameidata info
2372 * @is_dir: directory flag
2374 * Simple function to lookup and return a dentry and create it
2375 * if it doesn't exist. Is SMP-safe.
2377 * Returns with nd->path.dentry->d_inode->i_mutex locked.
2379 struct dentry
*lookup_create(struct nameidata
*nd
, int is_dir
)
2381 struct dentry
*dentry
= ERR_PTR(-EEXIST
);
2383 mutex_lock_nested(&nd
->path
.dentry
->d_inode
->i_mutex
, I_MUTEX_PARENT
);
2385 * Yucky last component or no last component at all?
2386 * (foo/., foo/.., /////)
2388 if (nd
->last_type
!= LAST_NORM
)
2390 nd
->flags
&= ~LOOKUP_PARENT
;
2391 nd
->flags
|= LOOKUP_CREATE
| LOOKUP_EXCL
;
2392 nd
->intent
.open
.flags
= O_EXCL
;
2395 * Do the final lookup.
2397 dentry
= lookup_hash(nd
);
2401 if (dentry
->d_inode
)
2404 * Special case - lookup gave negative, but... we had foo/bar/
2405 * From the vfs_mknod() POV we just have a negative dentry -
2406 * all is fine. Let's be bastards - you had / on the end, you've
2407 * been asking for (non-existent) directory. -ENOENT for you.
2409 if (unlikely(!is_dir
&& nd
->last
.name
[nd
->last
.len
])) {
2411 dentry
= ERR_PTR(-ENOENT
);
2416 dentry
= ERR_PTR(-EEXIST
);
2420 EXPORT_SYMBOL_GPL(lookup_create
);
2422 int vfs_mknod(struct inode
*dir
, struct dentry
*dentry
, int mode
, dev_t dev
)
2424 int error
= may_create(dir
, dentry
);
2429 if ((S_ISCHR(mode
) || S_ISBLK(mode
)) && !capable(CAP_MKNOD
))
2432 if (!dir
->i_op
->mknod
)
2435 error
= devcgroup_inode_mknod(mode
, dev
);
2439 error
= security_inode_mknod(dir
, dentry
, mode
, dev
);
2443 error
= dir
->i_op
->mknod(dir
, dentry
, mode
, dev
);
2445 fsnotify_create(dir
, dentry
);
2449 static int may_mknod(mode_t mode
)
2451 switch (mode
& S_IFMT
) {
2457 case 0: /* zero mode translates to S_IFREG */
2466 SYSCALL_DEFINE4(mknodat
, int, dfd
, const char __user
*, filename
, int, mode
,
2471 struct dentry
*dentry
;
2472 struct nameidata nd
;
2477 error
= user_path_parent(dfd
, filename
, &nd
, &tmp
);
2481 dentry
= lookup_create(&nd
, 0);
2482 if (IS_ERR(dentry
)) {
2483 error
= PTR_ERR(dentry
);
2486 if (!IS_POSIXACL(nd
.path
.dentry
->d_inode
))
2487 mode
&= ~current_umask();
2488 error
= may_mknod(mode
);
2491 error
= mnt_want_write(nd
.path
.mnt
);
2494 error
= security_path_mknod(&nd
.path
, dentry
, mode
, dev
);
2496 goto out_drop_write
;
2497 switch (mode
& S_IFMT
) {
2498 case 0: case S_IFREG
:
2499 error
= vfs_create(nd
.path
.dentry
->d_inode
,dentry
,mode
,&nd
);
2501 case S_IFCHR
: case S_IFBLK
:
2502 error
= vfs_mknod(nd
.path
.dentry
->d_inode
,dentry
,mode
,
2503 new_decode_dev(dev
));
2505 case S_IFIFO
: case S_IFSOCK
:
2506 error
= vfs_mknod(nd
.path
.dentry
->d_inode
,dentry
,mode
,0);
2510 mnt_drop_write(nd
.path
.mnt
);
2514 mutex_unlock(&nd
.path
.dentry
->d_inode
->i_mutex
);
2521 SYSCALL_DEFINE3(mknod
, const char __user
*, filename
, int, mode
, unsigned, dev
)
2523 return sys_mknodat(AT_FDCWD
, filename
, mode
, dev
);
2526 int vfs_mkdir(struct inode
*dir
, struct dentry
*dentry
, int mode
)
2528 int error
= may_create(dir
, dentry
);
2533 if (!dir
->i_op
->mkdir
)
2536 mode
&= (S_IRWXUGO
|S_ISVTX
);
2537 error
= security_inode_mkdir(dir
, dentry
, mode
);
2541 error
= dir
->i_op
->mkdir(dir
, dentry
, mode
);
2543 fsnotify_mkdir(dir
, dentry
);
2547 SYSCALL_DEFINE3(mkdirat
, int, dfd
, const char __user
*, pathname
, int, mode
)
2551 struct dentry
*dentry
;
2552 struct nameidata nd
;
2554 error
= user_path_parent(dfd
, pathname
, &nd
, &tmp
);
2558 dentry
= lookup_create(&nd
, 1);
2559 error
= PTR_ERR(dentry
);
2563 if (!IS_POSIXACL(nd
.path
.dentry
->d_inode
))
2564 mode
&= ~current_umask();
2565 error
= mnt_want_write(nd
.path
.mnt
);
2568 error
= security_path_mkdir(&nd
.path
, dentry
, mode
);
2570 goto out_drop_write
;
2571 error
= vfs_mkdir(nd
.path
.dentry
->d_inode
, dentry
, mode
);
2573 mnt_drop_write(nd
.path
.mnt
);
2577 mutex_unlock(&nd
.path
.dentry
->d_inode
->i_mutex
);
2584 SYSCALL_DEFINE2(mkdir
, const char __user
*, pathname
, int, mode
)
2586 return sys_mkdirat(AT_FDCWD
, pathname
, mode
);
2590 * We try to drop the dentry early: we should have
2591 * a usage count of 2 if we're the only user of this
2592 * dentry, and if that is true (possibly after pruning
2593 * the dcache), then we drop the dentry now.
2595 * A low-level filesystem can, if it choses, legally
2598 * if (!d_unhashed(dentry))
2601 * if it cannot handle the case of removing a directory
2602 * that is still in use by something else..
2604 void dentry_unhash(struct dentry
*dentry
)
2607 shrink_dcache_parent(dentry
);
2608 spin_lock(&dentry
->d_lock
);
2609 if (dentry
->d_count
== 2)
2611 spin_unlock(&dentry
->d_lock
);
2614 int vfs_rmdir(struct inode
*dir
, struct dentry
*dentry
)
2616 int error
= may_delete(dir
, dentry
, 1);
2621 if (!dir
->i_op
->rmdir
)
2624 mutex_lock(&dentry
->d_inode
->i_mutex
);
2625 dentry_unhash(dentry
);
2626 if (d_mountpoint(dentry
))
2629 error
= security_inode_rmdir(dir
, dentry
);
2631 error
= dir
->i_op
->rmdir(dir
, dentry
);
2633 dentry
->d_inode
->i_flags
|= S_DEAD
;
2638 mutex_unlock(&dentry
->d_inode
->i_mutex
);
2647 static long do_rmdir(int dfd
, const char __user
*pathname
)
2651 struct dentry
*dentry
;
2652 struct nameidata nd
;
2654 error
= user_path_parent(dfd
, pathname
, &nd
, &name
);
2658 switch(nd
.last_type
) {
2670 nd
.flags
&= ~LOOKUP_PARENT
;
2672 mutex_lock_nested(&nd
.path
.dentry
->d_inode
->i_mutex
, I_MUTEX_PARENT
);
2673 dentry
= lookup_hash(&nd
);
2674 error
= PTR_ERR(dentry
);
2677 error
= mnt_want_write(nd
.path
.mnt
);
2680 error
= security_path_rmdir(&nd
.path
, dentry
);
2683 error
= vfs_rmdir(nd
.path
.dentry
->d_inode
, dentry
);
2685 mnt_drop_write(nd
.path
.mnt
);
2689 mutex_unlock(&nd
.path
.dentry
->d_inode
->i_mutex
);
2696 SYSCALL_DEFINE1(rmdir
, const char __user
*, pathname
)
2698 return do_rmdir(AT_FDCWD
, pathname
);
2701 int vfs_unlink(struct inode
*dir
, struct dentry
*dentry
)
2703 int error
= may_delete(dir
, dentry
, 0);
2708 if (!dir
->i_op
->unlink
)
2711 mutex_lock(&dentry
->d_inode
->i_mutex
);
2712 if (d_mountpoint(dentry
))
2715 error
= security_inode_unlink(dir
, dentry
);
2717 error
= dir
->i_op
->unlink(dir
, dentry
);
2722 mutex_unlock(&dentry
->d_inode
->i_mutex
);
2724 /* We don't d_delete() NFS sillyrenamed files--they still exist. */
2725 if (!error
&& !(dentry
->d_flags
& DCACHE_NFSFS_RENAMED
)) {
2726 fsnotify_link_count(dentry
->d_inode
);
2734 * Make sure that the actual truncation of the file will occur outside its
2735 * directory's i_mutex. Truncate can take a long time if there is a lot of
2736 * writeout happening, and we don't want to prevent access to the directory
2737 * while waiting on the I/O.
2739 static long do_unlinkat(int dfd
, const char __user
*pathname
)
2743 struct dentry
*dentry
;
2744 struct nameidata nd
;
2745 struct inode
*inode
= NULL
;
2747 error
= user_path_parent(dfd
, pathname
, &nd
, &name
);
2752 if (nd
.last_type
!= LAST_NORM
)
2755 nd
.flags
&= ~LOOKUP_PARENT
;
2757 mutex_lock_nested(&nd
.path
.dentry
->d_inode
->i_mutex
, I_MUTEX_PARENT
);
2758 dentry
= lookup_hash(&nd
);
2759 error
= PTR_ERR(dentry
);
2760 if (!IS_ERR(dentry
)) {
2761 /* Why not before? Because we want correct error value */
2762 if (nd
.last
.name
[nd
.last
.len
])
2764 inode
= dentry
->d_inode
;
2767 error
= mnt_want_write(nd
.path
.mnt
);
2770 error
= security_path_unlink(&nd
.path
, dentry
);
2773 error
= vfs_unlink(nd
.path
.dentry
->d_inode
, dentry
);
2775 mnt_drop_write(nd
.path
.mnt
);
2779 mutex_unlock(&nd
.path
.dentry
->d_inode
->i_mutex
);
2781 iput(inode
); /* truncate the inode here */
2788 error
= !dentry
->d_inode
? -ENOENT
:
2789 S_ISDIR(dentry
->d_inode
->i_mode
) ? -EISDIR
: -ENOTDIR
;
2793 SYSCALL_DEFINE3(unlinkat
, int, dfd
, const char __user
*, pathname
, int, flag
)
2795 if ((flag
& ~AT_REMOVEDIR
) != 0)
2798 if (flag
& AT_REMOVEDIR
)
2799 return do_rmdir(dfd
, pathname
);
2801 return do_unlinkat(dfd
, pathname
);
2804 SYSCALL_DEFINE1(unlink
, const char __user
*, pathname
)
2806 return do_unlinkat(AT_FDCWD
, pathname
);
2809 int vfs_symlink(struct inode
*dir
, struct dentry
*dentry
, const char *oldname
)
2811 int error
= may_create(dir
, dentry
);
2816 if (!dir
->i_op
->symlink
)
2819 error
= security_inode_symlink(dir
, dentry
, oldname
);
2823 error
= dir
->i_op
->symlink(dir
, dentry
, oldname
);
2825 fsnotify_create(dir
, dentry
);
2829 SYSCALL_DEFINE3(symlinkat
, const char __user
*, oldname
,
2830 int, newdfd
, const char __user
*, newname
)
2835 struct dentry
*dentry
;
2836 struct nameidata nd
;
2838 from
= getname(oldname
);
2840 return PTR_ERR(from
);
2842 error
= user_path_parent(newdfd
, newname
, &nd
, &to
);
2846 dentry
= lookup_create(&nd
, 0);
2847 error
= PTR_ERR(dentry
);
2851 error
= mnt_want_write(nd
.path
.mnt
);
2854 error
= security_path_symlink(&nd
.path
, dentry
, from
);
2856 goto out_drop_write
;
2857 error
= vfs_symlink(nd
.path
.dentry
->d_inode
, dentry
, from
);
2859 mnt_drop_write(nd
.path
.mnt
);
2863 mutex_unlock(&nd
.path
.dentry
->d_inode
->i_mutex
);
2871 SYSCALL_DEFINE2(symlink
, const char __user
*, oldname
, const char __user
*, newname
)
2873 return sys_symlinkat(oldname
, AT_FDCWD
, newname
);
2876 int vfs_link(struct dentry
*old_dentry
, struct inode
*dir
, struct dentry
*new_dentry
)
2878 struct inode
*inode
= old_dentry
->d_inode
;
2884 error
= may_create(dir
, new_dentry
);
2888 if (dir
->i_sb
!= inode
->i_sb
)
2892 * A link to an append-only or immutable file cannot be created.
2894 if (IS_APPEND(inode
) || IS_IMMUTABLE(inode
))
2896 if (!dir
->i_op
->link
)
2898 if (S_ISDIR(inode
->i_mode
))
2901 error
= security_inode_link(old_dentry
, dir
, new_dentry
);
2905 mutex_lock(&inode
->i_mutex
);
2906 error
= dir
->i_op
->link(old_dentry
, dir
, new_dentry
);
2907 mutex_unlock(&inode
->i_mutex
);
2909 fsnotify_link(dir
, inode
, new_dentry
);
2914 * Hardlinks are often used in delicate situations. We avoid
2915 * security-related surprises by not following symlinks on the
2918 * We don't follow them on the oldname either to be compatible
2919 * with linux 2.0, and to avoid hard-linking to directories
2920 * and other special files. --ADM
2922 SYSCALL_DEFINE5(linkat
, int, olddfd
, const char __user
*, oldname
,
2923 int, newdfd
, const char __user
*, newname
, int, flags
)
2925 struct dentry
*new_dentry
;
2926 struct nameidata nd
;
2927 struct path old_path
;
2931 if ((flags
& ~AT_SYMLINK_FOLLOW
) != 0)
2934 error
= user_path_at(olddfd
, oldname
,
2935 flags
& AT_SYMLINK_FOLLOW
? LOOKUP_FOLLOW
: 0,
2940 error
= user_path_parent(newdfd
, newname
, &nd
, &to
);
2944 if (old_path
.mnt
!= nd
.path
.mnt
)
2946 new_dentry
= lookup_create(&nd
, 0);
2947 error
= PTR_ERR(new_dentry
);
2948 if (IS_ERR(new_dentry
))
2950 error
= mnt_want_write(nd
.path
.mnt
);
2953 error
= security_path_link(old_path
.dentry
, &nd
.path
, new_dentry
);
2955 goto out_drop_write
;
2956 error
= vfs_link(old_path
.dentry
, nd
.path
.dentry
->d_inode
, new_dentry
);
2958 mnt_drop_write(nd
.path
.mnt
);
2962 mutex_unlock(&nd
.path
.dentry
->d_inode
->i_mutex
);
2967 path_put(&old_path
);
2972 SYSCALL_DEFINE2(link
, const char __user
*, oldname
, const char __user
*, newname
)
2974 return sys_linkat(AT_FDCWD
, oldname
, AT_FDCWD
, newname
, 0);
2978 * The worst of all namespace operations - renaming directory. "Perverted"
2979 * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
2981 * a) we can get into loop creation. Check is done in is_subdir().
2982 * b) race potential - two innocent renames can create a loop together.
2983 * That's where 4.4 screws up. Current fix: serialization on
2984 * sb->s_vfs_rename_mutex. We might be more accurate, but that's another
2986 * c) we have to lock _three_ objects - parents and victim (if it exists).
2987 * And that - after we got ->i_mutex on parents (until then we don't know
2988 * whether the target exists). Solution: try to be smart with locking
2989 * order for inodes. We rely on the fact that tree topology may change
2990 * only under ->s_vfs_rename_mutex _and_ that parent of the object we
2991 * move will be locked. Thus we can rank directories by the tree
2992 * (ancestors first) and rank all non-directories after them.
2993 * That works since everybody except rename does "lock parent, lookup,
2994 * lock child" and rename is under ->s_vfs_rename_mutex.
2995 * HOWEVER, it relies on the assumption that any object with ->lookup()
2996 * has no more than 1 dentry. If "hybrid" objects will ever appear,
2997 * we'd better make sure that there's no link(2) for them.
2998 * d) some filesystems don't support opened-but-unlinked directories,
2999 * either because of layout or because they are not ready to deal with
3000 * all cases correctly. The latter will be fixed (taking this sort of
3001 * stuff into VFS), but the former is not going away. Solution: the same
3002 * trick as in rmdir().
3003 * e) conversion from fhandle to dentry may come in the wrong moment - when
3004 * we are removing the target. Solution: we will have to grab ->i_mutex
3005 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
3006 * ->i_mutex on parents, which works but leads to some truly excessive
3009 static int vfs_rename_dir(struct inode
*old_dir
, struct dentry
*old_dentry
,
3010 struct inode
*new_dir
, struct dentry
*new_dentry
)
3013 struct inode
*target
;
3016 * If we are going to change the parent - check write permissions,
3017 * we'll need to flip '..'.
3019 if (new_dir
!= old_dir
) {
3020 error
= inode_permission(old_dentry
->d_inode
, MAY_WRITE
);
3025 error
= security_inode_rename(old_dir
, old_dentry
, new_dir
, new_dentry
);
3029 target
= new_dentry
->d_inode
;
3031 mutex_lock(&target
->i_mutex
);
3032 if (d_mountpoint(old_dentry
)||d_mountpoint(new_dentry
))
3036 dentry_unhash(new_dentry
);
3037 error
= old_dir
->i_op
->rename(old_dir
, old_dentry
, new_dir
, new_dentry
);
3041 target
->i_flags
|= S_DEAD
;
3042 dont_mount(new_dentry
);
3044 mutex_unlock(&target
->i_mutex
);
3045 if (d_unhashed(new_dentry
))
3046 d_rehash(new_dentry
);
3050 if (!(old_dir
->i_sb
->s_type
->fs_flags
& FS_RENAME_DOES_D_MOVE
))
3051 d_move(old_dentry
,new_dentry
);
3055 static int vfs_rename_other(struct inode
*old_dir
, struct dentry
*old_dentry
,
3056 struct inode
*new_dir
, struct dentry
*new_dentry
)
3058 struct inode
*target
;
3061 error
= security_inode_rename(old_dir
, old_dentry
, new_dir
, new_dentry
);
3066 target
= new_dentry
->d_inode
;
3068 mutex_lock(&target
->i_mutex
);
3069 if (d_mountpoint(old_dentry
)||d_mountpoint(new_dentry
))
3072 error
= old_dir
->i_op
->rename(old_dir
, old_dentry
, new_dir
, new_dentry
);
3075 dont_mount(new_dentry
);
3076 if (!(old_dir
->i_sb
->s_type
->fs_flags
& FS_RENAME_DOES_D_MOVE
))
3077 d_move(old_dentry
, new_dentry
);
3080 mutex_unlock(&target
->i_mutex
);
3085 int vfs_rename(struct inode
*old_dir
, struct dentry
*old_dentry
,
3086 struct inode
*new_dir
, struct dentry
*new_dentry
)
3089 int is_dir
= S_ISDIR(old_dentry
->d_inode
->i_mode
);
3090 const unsigned char *old_name
;
3092 if (old_dentry
->d_inode
== new_dentry
->d_inode
)
3095 error
= may_delete(old_dir
, old_dentry
, is_dir
);
3099 if (!new_dentry
->d_inode
)
3100 error
= may_create(new_dir
, new_dentry
);
3102 error
= may_delete(new_dir
, new_dentry
, is_dir
);
3106 if (!old_dir
->i_op
->rename
)
3109 old_name
= fsnotify_oldname_init(old_dentry
->d_name
.name
);
3112 error
= vfs_rename_dir(old_dir
,old_dentry
,new_dir
,new_dentry
);
3114 error
= vfs_rename_other(old_dir
,old_dentry
,new_dir
,new_dentry
);
3116 fsnotify_move(old_dir
, new_dir
, old_name
, is_dir
,
3117 new_dentry
->d_inode
, old_dentry
);
3118 fsnotify_oldname_free(old_name
);
3123 SYSCALL_DEFINE4(renameat
, int, olddfd
, const char __user
*, oldname
,
3124 int, newdfd
, const char __user
*, newname
)
3126 struct dentry
*old_dir
, *new_dir
;
3127 struct dentry
*old_dentry
, *new_dentry
;
3128 struct dentry
*trap
;
3129 struct nameidata oldnd
, newnd
;
3134 error
= user_path_parent(olddfd
, oldname
, &oldnd
, &from
);
3138 error
= user_path_parent(newdfd
, newname
, &newnd
, &to
);
3143 if (oldnd
.path
.mnt
!= newnd
.path
.mnt
)
3146 old_dir
= oldnd
.path
.dentry
;
3148 if (oldnd
.last_type
!= LAST_NORM
)
3151 new_dir
= newnd
.path
.dentry
;
3152 if (newnd
.last_type
!= LAST_NORM
)
3155 oldnd
.flags
&= ~LOOKUP_PARENT
;
3156 newnd
.flags
&= ~LOOKUP_PARENT
;
3157 newnd
.flags
|= LOOKUP_RENAME_TARGET
;
3159 trap
= lock_rename(new_dir
, old_dir
);
3161 old_dentry
= lookup_hash(&oldnd
);
3162 error
= PTR_ERR(old_dentry
);
3163 if (IS_ERR(old_dentry
))
3165 /* source must exist */
3167 if (!old_dentry
->d_inode
)
3169 /* unless the source is a directory trailing slashes give -ENOTDIR */
3170 if (!S_ISDIR(old_dentry
->d_inode
->i_mode
)) {
3172 if (oldnd
.last
.name
[oldnd
.last
.len
])
3174 if (newnd
.last
.name
[newnd
.last
.len
])
3177 /* source should not be ancestor of target */
3179 if (old_dentry
== trap
)
3181 new_dentry
= lookup_hash(&newnd
);
3182 error
= PTR_ERR(new_dentry
);
3183 if (IS_ERR(new_dentry
))
3185 /* target should not be an ancestor of source */
3187 if (new_dentry
== trap
)
3190 error
= mnt_want_write(oldnd
.path
.mnt
);
3193 error
= security_path_rename(&oldnd
.path
, old_dentry
,
3194 &newnd
.path
, new_dentry
);
3197 error
= vfs_rename(old_dir
->d_inode
, old_dentry
,
3198 new_dir
->d_inode
, new_dentry
);
3200 mnt_drop_write(oldnd
.path
.mnt
);
3206 unlock_rename(new_dir
, old_dir
);
3208 path_put(&newnd
.path
);
3211 path_put(&oldnd
.path
);
3217 SYSCALL_DEFINE2(rename
, const char __user
*, oldname
, const char __user
*, newname
)
3219 return sys_renameat(AT_FDCWD
, oldname
, AT_FDCWD
, newname
);
3222 int vfs_readlink(struct dentry
*dentry
, char __user
*buffer
, int buflen
, const char *link
)
3226 len
= PTR_ERR(link
);
3231 if (len
> (unsigned) buflen
)
3233 if (copy_to_user(buffer
, link
, len
))
3240 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
3241 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
3242 * using) it for any given inode is up to filesystem.
3244 int generic_readlink(struct dentry
*dentry
, char __user
*buffer
, int buflen
)
3246 struct nameidata nd
;
3251 cookie
= dentry
->d_inode
->i_op
->follow_link(dentry
, &nd
);
3253 return PTR_ERR(cookie
);
3255 res
= vfs_readlink(dentry
, buffer
, buflen
, nd_get_link(&nd
));
3256 if (dentry
->d_inode
->i_op
->put_link
)
3257 dentry
->d_inode
->i_op
->put_link(dentry
, &nd
, cookie
);
3261 int vfs_follow_link(struct nameidata
*nd
, const char *link
)
3263 return __vfs_follow_link(nd
, link
);
3266 /* get the link contents into pagecache */
3267 static char *page_getlink(struct dentry
* dentry
, struct page
**ppage
)
3271 struct address_space
*mapping
= dentry
->d_inode
->i_mapping
;
3272 page
= read_mapping_page(mapping
, 0, NULL
);
3277 nd_terminate_link(kaddr
, dentry
->d_inode
->i_size
, PAGE_SIZE
- 1);
3281 int page_readlink(struct dentry
*dentry
, char __user
*buffer
, int buflen
)
3283 struct page
*page
= NULL
;
3284 char *s
= page_getlink(dentry
, &page
);
3285 int res
= vfs_readlink(dentry
,buffer
,buflen
,s
);
3288 page_cache_release(page
);
3293 void *page_follow_link_light(struct dentry
*dentry
, struct nameidata
*nd
)
3295 struct page
*page
= NULL
;
3296 nd_set_link(nd
, page_getlink(dentry
, &page
));
3300 void page_put_link(struct dentry
*dentry
, struct nameidata
*nd
, void *cookie
)
3302 struct page
*page
= cookie
;
3306 page_cache_release(page
);
3311 * The nofs argument instructs pagecache_write_begin to pass AOP_FLAG_NOFS
3313 int __page_symlink(struct inode
*inode
, const char *symname
, int len
, int nofs
)
3315 struct address_space
*mapping
= inode
->i_mapping
;
3320 unsigned int flags
= AOP_FLAG_UNINTERRUPTIBLE
;
3322 flags
|= AOP_FLAG_NOFS
;
3325 err
= pagecache_write_begin(NULL
, mapping
, 0, len
-1,
3326 flags
, &page
, &fsdata
);
3330 kaddr
= kmap_atomic(page
, KM_USER0
);
3331 memcpy(kaddr
, symname
, len
-1);
3332 kunmap_atomic(kaddr
, KM_USER0
);
3334 err
= pagecache_write_end(NULL
, mapping
, 0, len
-1, len
-1,
3341 mark_inode_dirty(inode
);
3347 int page_symlink(struct inode
*inode
, const char *symname
, int len
)
3349 return __page_symlink(inode
, symname
, len
,
3350 !(mapping_gfp_mask(inode
->i_mapping
) & __GFP_FS
));
3353 const struct inode_operations page_symlink_inode_operations
= {
3354 .readlink
= generic_readlink
,
3355 .follow_link
= page_follow_link_light
,
3356 .put_link
= page_put_link
,
3359 EXPORT_SYMBOL(user_path_at
);
3360 EXPORT_SYMBOL(follow_down
);
3361 EXPORT_SYMBOL(follow_up
);
3362 EXPORT_SYMBOL(get_write_access
); /* binfmt_aout */
3363 EXPORT_SYMBOL(getname
);
3364 EXPORT_SYMBOL(lock_rename
);
3365 EXPORT_SYMBOL(lookup_one_len
);
3366 EXPORT_SYMBOL(page_follow_link_light
);
3367 EXPORT_SYMBOL(page_put_link
);
3368 EXPORT_SYMBOL(page_readlink
);
3369 EXPORT_SYMBOL(__page_symlink
);
3370 EXPORT_SYMBOL(page_symlink
);
3371 EXPORT_SYMBOL(page_symlink_inode_operations
);
3372 EXPORT_SYMBOL(path_lookup
);
3373 EXPORT_SYMBOL(kern_path
);
3374 EXPORT_SYMBOL(vfs_path_lookup
);
3375 EXPORT_SYMBOL(inode_permission
);
3376 EXPORT_SYMBOL(file_permission
);
3377 EXPORT_SYMBOL(unlock_rename
);
3378 EXPORT_SYMBOL(vfs_create
);
3379 EXPORT_SYMBOL(vfs_follow_link
);
3380 EXPORT_SYMBOL(vfs_link
);
3381 EXPORT_SYMBOL(vfs_mkdir
);
3382 EXPORT_SYMBOL(vfs_mknod
);
3383 EXPORT_SYMBOL(generic_permission
);
3384 EXPORT_SYMBOL(vfs_readlink
);
3385 EXPORT_SYMBOL(vfs_rename
);
3386 EXPORT_SYMBOL(vfs_rmdir
);
3387 EXPORT_SYMBOL(vfs_symlink
);
3388 EXPORT_SYMBOL(vfs_unlink
);
3389 EXPORT_SYMBOL(dentry_unhash
);
3390 EXPORT_SYMBOL(generic_readlink
);