1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/init.h>
18#include <linux/module.h>
19#include <linux/slab.h>
20#include <linux/fs.h>
21#include <linux/namei.h>
22#include <linux/pagemap.h>
23#include <linux/fsnotify.h>
24#include <linux/personality.h>
25#include <linux/security.h>
26#include <linux/ima.h>
27#include <linux/syscalls.h>
28#include <linux/mount.h>
29#include <linux/audit.h>
30#include <linux/capability.h>
31#include <linux/file.h>
32#include <linux/fcntl.h>
33#include <linux/device_cgroup.h>
34#include <linux/fs_struct.h>
35#include <linux/posix_acl.h>
36#include <asm/uaccess.h>
37
38#include "internal.h"
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118static int do_getname(const char __user *filename, char *page)
119{
120 int retval;
121 unsigned long len = PATH_MAX;
122
123 if (!segment_eq(get_fs(), KERNEL_DS)) {
124 if ((unsigned long) filename >= TASK_SIZE)
125 return -EFAULT;
126 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
127 len = TASK_SIZE - (unsigned long) filename;
128 }
129
130 retval = strncpy_from_user(page, filename, len);
131 if (retval > 0) {
132 if (retval < len)
133 return 0;
134 return -ENAMETOOLONG;
135 } else if (!retval)
136 retval = -ENOENT;
137 return retval;
138}
139
140static char *getname_flags(const char __user *filename, int flags, int *empty)
141{
142 char *tmp, *result;
143
144 result = ERR_PTR(-ENOMEM);
145 tmp = __getname();
146 if (tmp) {
147 int retval = do_getname(filename, tmp);
148
149 result = tmp;
150 if (retval < 0) {
151 if (retval == -ENOENT && empty)
152 *empty = 1;
153 if (retval != -ENOENT || !(flags & LOOKUP_EMPTY)) {
154 __putname(tmp);
155 result = ERR_PTR(retval);
156 }
157 }
158 }
159 audit_getname(result);
160 return result;
161}
162
163char *getname(const char __user * filename)
164{
165 return getname_flags(filename, 0, 0);
166}
167
168#ifdef CONFIG_AUDITSYSCALL
169void putname(const char *name)
170{
171 if (unlikely(!audit_dummy_context()))
172 audit_putname(name);
173 else
174 __putname(name);
175}
176EXPORT_SYMBOL(putname);
177#endif
178
179static int check_acl(struct inode *inode, int mask)
180{
181#ifdef CONFIG_FS_POSIX_ACL
182 struct posix_acl *acl;
183
184 if (mask & MAY_NOT_BLOCK) {
185 acl = get_cached_acl_rcu(inode, ACL_TYPE_ACCESS);
186 if (!acl)
187 return -EAGAIN;
188
189 if (acl == ACL_NOT_CACHED)
190 return -ECHILD;
191 return posix_acl_permission(inode, acl, mask & ~MAY_NOT_BLOCK);
192 }
193
194 acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
195
196
197
198
199
200
201
202
203
204 if (acl == ACL_NOT_CACHED) {
205 if (inode->i_op->get_acl) {
206 acl = inode->i_op->get_acl(inode, ACL_TYPE_ACCESS);
207 if (IS_ERR(acl))
208 return PTR_ERR(acl);
209 } else {
210 set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
211 return -EAGAIN;
212 }
213 }
214
215 if (acl) {
216 int error = posix_acl_permission(inode, acl, mask);
217 posix_acl_release(acl);
218 return error;
219 }
220#endif
221
222 return -EAGAIN;
223}
224
225
226
227
228static int acl_permission_check(struct inode *inode, int mask)
229{
230 unsigned int mode = inode->i_mode;
231
232 mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK;
233
234 if (current_user_ns() != inode_userns(inode))
235 goto other_perms;
236
237 if (likely(current_fsuid() == inode->i_uid))
238 mode >>= 6;
239 else {
240 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
241 int error = check_acl(inode, mask);
242 if (error != -EAGAIN)
243 return error;
244 }
245
246 if (in_group_p(inode->i_gid))
247 mode >>= 3;
248 }
249
250other_perms:
251
252
253
254 if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
255 return 0;
256 return -EACCES;
257}
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273int generic_permission(struct inode *inode, int mask)
274{
275 int ret;
276
277
278
279
280 ret = acl_permission_check(inode, mask);
281 if (ret != -EACCES)
282 return ret;
283
284 if (S_ISDIR(inode->i_mode)) {
285
286 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
287 return 0;
288 if (!(mask & MAY_WRITE))
289 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
290 return 0;
291 return -EACCES;
292 }
293
294
295
296
297
298 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
299 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
300 return 0;
301
302
303
304
305 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
306 if (mask == MAY_READ)
307 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
308 return 0;
309
310 return -EACCES;
311}
312
313
314
315
316
317
318
319static inline int do_inode_permission(struct inode *inode, int mask)
320{
321 if (unlikely(!(inode->i_opflags & IOP_FASTPERM))) {
322 if (likely(inode->i_op->permission))
323 return inode->i_op->permission(inode, mask);
324
325
326 spin_lock(&inode->i_lock);
327 inode->i_opflags |= IOP_FASTPERM;
328 spin_unlock(&inode->i_lock);
329 }
330 return generic_permission(inode, mask);
331}
332
333
334
335
336
337
338
339
340
341
342
343int inode_permission(struct inode *inode, int mask)
344{
345 int retval;
346
347 if (unlikely(mask & MAY_WRITE)) {
348 umode_t mode = inode->i_mode;
349
350
351
352
353 if (IS_RDONLY(inode) &&
354 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
355 return -EROFS;
356
357
358
359
360 if (IS_IMMUTABLE(inode))
361 return -EACCES;
362 }
363
364 retval = do_inode_permission(inode, mask);
365 if (retval)
366 return retval;
367
368 retval = devcgroup_inode_permission(inode, mask);
369 if (retval)
370 return retval;
371
372 return security_inode_permission(inode, mask);
373}
374
375
376
377
378
379
380
381void path_get(struct path *path)
382{
383 mntget(path->mnt);
384 dget(path->dentry);
385}
386EXPORT_SYMBOL(path_get);
387
388
389
390
391
392
393
394void path_put(struct path *path)
395{
396 dput(path->dentry);
397 mntput(path->mnt);
398}
399EXPORT_SYMBOL(path_put);
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422static int unlazy_walk(struct nameidata *nd, struct dentry *dentry)
423{
424 struct fs_struct *fs = current->fs;
425 struct dentry *parent = nd->path.dentry;
426 int want_root = 0;
427
428 BUG_ON(!(nd->flags & LOOKUP_RCU));
429 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
430 want_root = 1;
431 spin_lock(&fs->lock);
432 if (nd->root.mnt != fs->root.mnt ||
433 nd->root.dentry != fs->root.dentry)
434 goto err_root;
435 }
436 spin_lock(&parent->d_lock);
437 if (!dentry) {
438 if (!__d_rcu_to_refcount(parent, nd->seq))
439 goto err_parent;
440 BUG_ON(nd->inode != parent->d_inode);
441 } else {
442 if (dentry->d_parent != parent)
443 goto err_parent;
444 spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
445 if (!__d_rcu_to_refcount(dentry, nd->seq))
446 goto err_child;
447
448
449
450
451
452
453 BUG_ON(!IS_ROOT(dentry) && dentry->d_parent != parent);
454 BUG_ON(!parent->d_count);
455 parent->d_count++;
456 spin_unlock(&dentry->d_lock);
457 }
458 spin_unlock(&parent->d_lock);
459 if (want_root) {
460 path_get(&nd->root);
461 spin_unlock(&fs->lock);
462 }
463 mntget(nd->path.mnt);
464
465 rcu_read_unlock();
466 br_read_unlock(vfsmount_lock);
467 nd->flags &= ~LOOKUP_RCU;
468 return 0;
469
470err_child:
471 spin_unlock(&dentry->d_lock);
472err_parent:
473 spin_unlock(&parent->d_lock);
474err_root:
475 if (want_root)
476 spin_unlock(&fs->lock);
477 return -ECHILD;
478}
479
480
481
482
483
484void release_open_intent(struct nameidata *nd)
485{
486 struct file *file = nd->intent.open.file;
487
488 if (file && !IS_ERR(file)) {
489 if (file->f_path.dentry == NULL)
490 put_filp(file);
491 else
492 fput(file);
493 }
494}
495
496static inline int d_revalidate(struct dentry *dentry, struct nameidata *nd)
497{
498 return dentry->d_op->d_revalidate(dentry, nd);
499}
500
501
502
503
504
505
506
507
508
509
510
511static int complete_walk(struct nameidata *nd)
512{
513 struct dentry *dentry = nd->path.dentry;
514 int status;
515
516 if (nd->flags & LOOKUP_RCU) {
517 nd->flags &= ~LOOKUP_RCU;
518 if (!(nd->flags & LOOKUP_ROOT))
519 nd->root.mnt = NULL;
520 spin_lock(&dentry->d_lock);
521 if (unlikely(!__d_rcu_to_refcount(dentry, nd->seq))) {
522 spin_unlock(&dentry->d_lock);
523 rcu_read_unlock();
524 br_read_unlock(vfsmount_lock);
525 return -ECHILD;
526 }
527 BUG_ON(nd->inode != dentry->d_inode);
528 spin_unlock(&dentry->d_lock);
529 mntget(nd->path.mnt);
530 rcu_read_unlock();
531 br_read_unlock(vfsmount_lock);
532 }
533
534 if (likely(!(nd->flags & LOOKUP_JUMPED)))
535 return 0;
536
537 if (likely(!(dentry->d_flags & DCACHE_OP_REVALIDATE)))
538 return 0;
539
540 if (likely(!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)))
541 return 0;
542
543
544 status = d_revalidate(dentry, nd);
545 if (status > 0)
546 return 0;
547
548 if (!status)
549 status = -ESTALE;
550
551 path_put(&nd->path);
552 return status;
553}
554
555static __always_inline void set_root(struct nameidata *nd)
556{
557 if (!nd->root.mnt)
558 get_fs_root(current->fs, &nd->root);
559}
560
561static int link_path_walk(const char *, struct nameidata *);
562
563static __always_inline void set_root_rcu(struct nameidata *nd)
564{
565 if (!nd->root.mnt) {
566 struct fs_struct *fs = current->fs;
567 unsigned seq;
568
569 do {
570 seq = read_seqcount_begin(&fs->seq);
571 nd->root = fs->root;
572 nd->seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
573 } while (read_seqcount_retry(&fs->seq, seq));
574 }
575}
576
577static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
578{
579 int ret;
580
581 if (IS_ERR(link))
582 goto fail;
583
584 if (*link == '/') {
585 set_root(nd);
586 path_put(&nd->path);
587 nd->path = nd->root;
588 path_get(&nd->root);
589 nd->flags |= LOOKUP_JUMPED;
590 }
591 nd->inode = nd->path.dentry->d_inode;
592
593 ret = link_path_walk(link, nd);
594 return ret;
595fail:
596 path_put(&nd->path);
597 return PTR_ERR(link);
598}
599
600static void path_put_conditional(struct path *path, struct nameidata *nd)
601{
602 dput(path->dentry);
603 if (path->mnt != nd->path.mnt)
604 mntput(path->mnt);
605}
606
607static inline void path_to_nameidata(const struct path *path,
608 struct nameidata *nd)
609{
610 if (!(nd->flags & LOOKUP_RCU)) {
611 dput(nd->path.dentry);
612 if (nd->path.mnt != path->mnt)
613 mntput(nd->path.mnt);
614 }
615 nd->path.mnt = path->mnt;
616 nd->path.dentry = path->dentry;
617}
618
619static inline void put_link(struct nameidata *nd, struct path *link, void *cookie)
620{
621 struct inode *inode = link->dentry->d_inode;
622 if (!IS_ERR(cookie) && inode->i_op->put_link)
623 inode->i_op->put_link(link->dentry, nd, cookie);
624 path_put(link);
625}
626
627static __always_inline int
628follow_link(struct path *link, struct nameidata *nd, void **p)
629{
630 int error;
631 struct dentry *dentry = link->dentry;
632
633 BUG_ON(nd->flags & LOOKUP_RCU);
634
635 if (link->mnt == nd->path.mnt)
636 mntget(link->mnt);
637
638 if (unlikely(current->total_link_count >= 40)) {
639 *p = ERR_PTR(-ELOOP);
640 path_put(&nd->path);
641 return -ELOOP;
642 }
643 cond_resched();
644 current->total_link_count++;
645
646 touch_atime(link->mnt, dentry);
647 nd_set_link(nd, NULL);
648
649 error = security_inode_follow_link(link->dentry, nd);
650 if (error) {
651 *p = ERR_PTR(error);
652 path_put(&nd->path);
653 return error;
654 }
655
656 nd->last_type = LAST_BIND;
657 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
658 error = PTR_ERR(*p);
659 if (!IS_ERR(*p)) {
660 char *s = nd_get_link(nd);
661 error = 0;
662 if (s)
663 error = __vfs_follow_link(nd, s);
664 else if (nd->last_type == LAST_BIND) {
665 nd->flags |= LOOKUP_JUMPED;
666 nd->inode = nd->path.dentry->d_inode;
667 if (nd->inode->i_op->follow_link) {
668
669 path_put(&nd->path);
670 error = -ELOOP;
671 }
672 }
673 }
674 return error;
675}
676
677static int follow_up_rcu(struct path *path)
678{
679 struct vfsmount *parent;
680 struct dentry *mountpoint;
681
682 parent = path->mnt->mnt_parent;
683 if (parent == path->mnt)
684 return 0;
685 mountpoint = path->mnt->mnt_mountpoint;
686 path->dentry = mountpoint;
687 path->mnt = parent;
688 return 1;
689}
690
691int follow_up(struct path *path)
692{
693 struct vfsmount *parent;
694 struct dentry *mountpoint;
695
696 br_read_lock(vfsmount_lock);
697 parent = path->mnt->mnt_parent;
698 if (parent == path->mnt) {
699 br_read_unlock(vfsmount_lock);
700 return 0;
701 }
702 mntget(parent);
703 mountpoint = dget(path->mnt->mnt_mountpoint);
704 br_read_unlock(vfsmount_lock);
705 dput(path->dentry);
706 path->dentry = mountpoint;
707 mntput(path->mnt);
708 path->mnt = parent;
709 return 1;
710}
711
712
713
714
715
716
717static int follow_automount(struct path *path, unsigned flags,
718 bool *need_mntput)
719{
720 struct vfsmount *mnt;
721 int err;
722
723 if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
724 return -EREMOTE;
725
726
727
728
729
730
731
732
733
734
735
736
737 if (!(flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY |
738 LOOKUP_OPEN | LOOKUP_CREATE | LOOKUP_AUTOMOUNT)) &&
739 path->dentry->d_inode)
740 return -EISDIR;
741
742 current->total_link_count++;
743 if (current->total_link_count >= 40)
744 return -ELOOP;
745
746 mnt = path->dentry->d_op->d_automount(path);
747 if (IS_ERR(mnt)) {
748
749
750
751
752
753
754
755
756
757 if (PTR_ERR(mnt) == -EISDIR && (flags & LOOKUP_PARENT))
758 return -EREMOTE;
759 return PTR_ERR(mnt);
760 }
761
762 if (!mnt)
763 return 0;
764
765 if (!*need_mntput) {
766
767 mntget(path->mnt);
768 *need_mntput = true;
769 }
770 err = finish_automount(mnt, path);
771
772 switch (err) {
773 case -EBUSY:
774
775 return 0;
776 case 0:
777 path_put(path);
778 path->mnt = mnt;
779 path->dentry = dget(mnt->mnt_root);
780 return 0;
781 default:
782 return err;
783 }
784
785}
786
787
788
789
790
791
792
793
794
795
796
797static int follow_managed(struct path *path, unsigned flags)
798{
799 struct vfsmount *mnt = path->mnt;
800 unsigned managed;
801 bool need_mntput = false;
802 int ret = 0;
803
804
805
806
807 while (managed = ACCESS_ONCE(path->dentry->d_flags),
808 managed &= DCACHE_MANAGED_DENTRY,
809 unlikely(managed != 0)) {
810
811
812 if (managed & DCACHE_MANAGE_TRANSIT) {
813 BUG_ON(!path->dentry->d_op);
814 BUG_ON(!path->dentry->d_op->d_manage);
815 ret = path->dentry->d_op->d_manage(path->dentry, false);
816 if (ret < 0)
817 break;
818 }
819
820
821 if (managed & DCACHE_MOUNTED) {
822 struct vfsmount *mounted = lookup_mnt(path);
823 if (mounted) {
824 dput(path->dentry);
825 if (need_mntput)
826 mntput(path->mnt);
827 path->mnt = mounted;
828 path->dentry = dget(mounted->mnt_root);
829 need_mntput = true;
830 continue;
831 }
832
833
834
835
836
837 }
838
839
840 if (managed & DCACHE_NEED_AUTOMOUNT) {
841 ret = follow_automount(path, flags, &need_mntput);
842 if (ret < 0)
843 break;
844 continue;
845 }
846
847
848 break;
849 }
850
851 if (need_mntput && path->mnt == mnt)
852 mntput(path->mnt);
853 if (ret == -EISDIR)
854 ret = 0;
855 return ret < 0 ? ret : need_mntput;
856}
857
858int follow_down_one(struct path *path)
859{
860 struct vfsmount *mounted;
861
862 mounted = lookup_mnt(path);
863 if (mounted) {
864 dput(path->dentry);
865 mntput(path->mnt);
866 path->mnt = mounted;
867 path->dentry = dget(mounted->mnt_root);
868 return 1;
869 }
870 return 0;
871}
872
873static inline bool managed_dentry_might_block(struct dentry *dentry)
874{
875 return (dentry->d_flags & DCACHE_MANAGE_TRANSIT &&
876 dentry->d_op->d_manage(dentry, true) < 0);
877}
878
879
880
881
882
883static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
884 struct inode **inode)
885{
886 for (;;) {
887 struct vfsmount *mounted;
888
889
890
891
892 if (unlikely(managed_dentry_might_block(path->dentry)))
893 return false;
894
895 if (!d_mountpoint(path->dentry))
896 break;
897
898 mounted = __lookup_mnt(path->mnt, path->dentry, 1);
899 if (!mounted)
900 break;
901 path->mnt = mounted;
902 path->dentry = mounted->mnt_root;
903 nd->flags |= LOOKUP_JUMPED;
904 nd->seq = read_seqcount_begin(&path->dentry->d_seq);
905
906
907
908
909
910 *inode = path->dentry->d_inode;
911 }
912 return true;
913}
914
915static void follow_mount_rcu(struct nameidata *nd)
916{
917 while (d_mountpoint(nd->path.dentry)) {
918 struct vfsmount *mounted;
919 mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry, 1);
920 if (!mounted)
921 break;
922 nd->path.mnt = mounted;
923 nd->path.dentry = mounted->mnt_root;
924 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
925 }
926}
927
928static int follow_dotdot_rcu(struct nameidata *nd)
929{
930 set_root_rcu(nd);
931
932 while (1) {
933 if (nd->path.dentry == nd->root.dentry &&
934 nd->path.mnt == nd->root.mnt) {
935 break;
936 }
937 if (nd->path.dentry != nd->path.mnt->mnt_root) {
938 struct dentry *old = nd->path.dentry;
939 struct dentry *parent = old->d_parent;
940 unsigned seq;
941
942 seq = read_seqcount_begin(&parent->d_seq);
943 if (read_seqcount_retry(&old->d_seq, nd->seq))
944 goto failed;
945 nd->path.dentry = parent;
946 nd->seq = seq;
947 break;
948 }
949 if (!follow_up_rcu(&nd->path))
950 break;
951 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
952 }
953 follow_mount_rcu(nd);
954 nd->inode = nd->path.dentry->d_inode;
955 return 0;
956
957failed:
958 nd->flags &= ~LOOKUP_RCU;
959 if (!(nd->flags & LOOKUP_ROOT))
960 nd->root.mnt = NULL;
961 rcu_read_unlock();
962 br_read_unlock(vfsmount_lock);
963 return -ECHILD;
964}
965
966
967
968
969
970
971int follow_down(struct path *path)
972{
973 unsigned managed;
974 int ret;
975
976 while (managed = ACCESS_ONCE(path->dentry->d_flags),
977 unlikely(managed & DCACHE_MANAGED_DENTRY)) {
978
979
980
981
982
983
984
985
986
987
988 if (managed & DCACHE_MANAGE_TRANSIT) {
989 BUG_ON(!path->dentry->d_op);
990 BUG_ON(!path->dentry->d_op->d_manage);
991 ret = path->dentry->d_op->d_manage(
992 path->dentry, false);
993 if (ret < 0)
994 return ret == -EISDIR ? 0 : ret;
995 }
996
997
998 if (managed & DCACHE_MOUNTED) {
999 struct vfsmount *mounted = lookup_mnt(path);
1000 if (!mounted)
1001 break;
1002 dput(path->dentry);
1003 mntput(path->mnt);
1004 path->mnt = mounted;
1005 path->dentry = dget(mounted->mnt_root);
1006 continue;
1007 }
1008
1009
1010 break;
1011 }
1012 return 0;
1013}
1014
1015
1016
1017
1018static void follow_mount(struct path *path)
1019{
1020 while (d_mountpoint(path->dentry)) {
1021 struct vfsmount *mounted = lookup_mnt(path);
1022 if (!mounted)
1023 break;
1024 dput(path->dentry);
1025 mntput(path->mnt);
1026 path->mnt = mounted;
1027 path->dentry = dget(mounted->mnt_root);
1028 }
1029}
1030
1031static void follow_dotdot(struct nameidata *nd)
1032{
1033 set_root(nd);
1034
1035 while(1) {
1036 struct dentry *old = nd->path.dentry;
1037
1038 if (nd->path.dentry == nd->root.dentry &&
1039 nd->path.mnt == nd->root.mnt) {
1040 break;
1041 }
1042 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1043
1044 nd->path.dentry = dget_parent(nd->path.dentry);
1045 dput(old);
1046 break;
1047 }
1048 if (!follow_up(&nd->path))
1049 break;
1050 }
1051 follow_mount(&nd->path);
1052 nd->inode = nd->path.dentry->d_inode;
1053}
1054
1055
1056
1057
1058
1059
1060
1061static struct dentry *d_alloc_and_lookup(struct dentry *parent,
1062 struct qstr *name, struct nameidata *nd)
1063{
1064 struct inode *inode = parent->d_inode;
1065 struct dentry *dentry;
1066 struct dentry *old;
1067
1068
1069 if (unlikely(IS_DEADDIR(inode)))
1070 return ERR_PTR(-ENOENT);
1071
1072 dentry = d_alloc(parent, name);
1073 if (unlikely(!dentry))
1074 return ERR_PTR(-ENOMEM);
1075
1076 old = inode->i_op->lookup(inode, dentry, nd);
1077 if (unlikely(old)) {
1078 dput(dentry);
1079 dentry = old;
1080 }
1081 return dentry;
1082}
1083
1084
1085
1086
1087
1088
1089
1090static struct dentry *d_inode_lookup(struct dentry *parent, struct dentry *dentry,
1091 struct nameidata *nd)
1092{
1093 struct inode *inode = parent->d_inode;
1094 struct dentry *old;
1095
1096
1097 if (unlikely(IS_DEADDIR(inode)))
1098 return ERR_PTR(-ENOENT);
1099
1100 old = inode->i_op->lookup(inode, dentry, nd);
1101 if (unlikely(old)) {
1102 dput(dentry);
1103 dentry = old;
1104 }
1105 return dentry;
1106}
1107
1108
1109
1110
1111
1112
1113static int do_lookup(struct nameidata *nd, struct qstr *name,
1114 struct path *path, struct inode **inode)
1115{
1116 struct vfsmount *mnt = nd->path.mnt;
1117 struct dentry *dentry, *parent = nd->path.dentry;
1118 int need_reval = 1;
1119 int status = 1;
1120 int err;
1121
1122
1123
1124
1125
1126
1127 if (nd->flags & LOOKUP_RCU) {
1128 unsigned seq;
1129 *inode = nd->inode;
1130 dentry = __d_lookup_rcu(parent, name, &seq, inode);
1131 if (!dentry)
1132 goto unlazy;
1133
1134
1135 if (__read_seqcount_retry(&parent->d_seq, nd->seq))
1136 return -ECHILD;
1137 nd->seq = seq;
1138
1139 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1140 status = d_revalidate(dentry, nd);
1141 if (unlikely(status <= 0)) {
1142 if (status != -ECHILD)
1143 need_reval = 0;
1144 goto unlazy;
1145 }
1146 }
1147 if (unlikely(d_need_lookup(dentry)))
1148 goto unlazy;
1149 path->mnt = mnt;
1150 path->dentry = dentry;
1151 if (unlikely(!__follow_mount_rcu(nd, path, inode)))
1152 goto unlazy;
1153 if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT))
1154 goto unlazy;
1155 return 0;
1156unlazy:
1157 if (unlazy_walk(nd, dentry))
1158 return -ECHILD;
1159 } else {
1160 dentry = __d_lookup(parent, name);
1161 }
1162
1163 if (dentry && unlikely(d_need_lookup(dentry))) {
1164 dput(dentry);
1165 dentry = NULL;
1166 }
1167retry:
1168 if (unlikely(!dentry)) {
1169 struct inode *dir = parent->d_inode;
1170 BUG_ON(nd->inode != dir);
1171
1172 mutex_lock(&dir->i_mutex);
1173 dentry = d_lookup(parent, name);
1174 if (likely(!dentry)) {
1175 dentry = d_alloc_and_lookup(parent, name, nd);
1176 if (IS_ERR(dentry)) {
1177 mutex_unlock(&dir->i_mutex);
1178 return PTR_ERR(dentry);
1179 }
1180
1181 need_reval = 0;
1182 status = 1;
1183 } else if (unlikely(d_need_lookup(dentry))) {
1184 dentry = d_inode_lookup(parent, dentry, nd);
1185 if (IS_ERR(dentry)) {
1186 mutex_unlock(&dir->i_mutex);
1187 return PTR_ERR(dentry);
1188 }
1189
1190 need_reval = 0;
1191 status = 1;
1192 }
1193 mutex_unlock(&dir->i_mutex);
1194 }
1195 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE) && need_reval)
1196 status = d_revalidate(dentry, nd);
1197 if (unlikely(status <= 0)) {
1198 if (status < 0) {
1199 dput(dentry);
1200 return status;
1201 }
1202 if (!d_invalidate(dentry)) {
1203 dput(dentry);
1204 dentry = NULL;
1205 need_reval = 1;
1206 goto retry;
1207 }
1208 }
1209
1210 path->mnt = mnt;
1211 path->dentry = dentry;
1212 err = follow_managed(path, nd->flags);
1213 if (unlikely(err < 0)) {
1214 path_put_conditional(path, nd);
1215 return err;
1216 }
1217 if (err)
1218 nd->flags |= LOOKUP_JUMPED;
1219 *inode = path->dentry->d_inode;
1220 return 0;
1221}
1222
1223static inline int may_lookup(struct nameidata *nd)
1224{
1225 if (nd->flags & LOOKUP_RCU) {
1226 int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1227 if (err != -ECHILD)
1228 return err;
1229 if (unlazy_walk(nd, NULL))
1230 return -ECHILD;
1231 }
1232 return inode_permission(nd->inode, MAY_EXEC);
1233}
1234
1235static inline int handle_dots(struct nameidata *nd, int type)
1236{
1237 if (type == LAST_DOTDOT) {
1238 if (nd->flags & LOOKUP_RCU) {
1239 if (follow_dotdot_rcu(nd))
1240 return -ECHILD;
1241 } else
1242 follow_dotdot(nd);
1243 }
1244 return 0;
1245}
1246
1247static void terminate_walk(struct nameidata *nd)
1248{
1249 if (!(nd->flags & LOOKUP_RCU)) {
1250 path_put(&nd->path);
1251 } else {
1252 nd->flags &= ~LOOKUP_RCU;
1253 if (!(nd->flags & LOOKUP_ROOT))
1254 nd->root.mnt = NULL;
1255 rcu_read_unlock();
1256 br_read_unlock(vfsmount_lock);
1257 }
1258}
1259
1260
1261
1262
1263
1264
1265
1266static inline int should_follow_link(struct inode *inode, int follow)
1267{
1268 if (unlikely(!(inode->i_opflags & IOP_NOFOLLOW))) {
1269 if (likely(inode->i_op->follow_link))
1270 return follow;
1271
1272
1273 spin_lock(&inode->i_lock);
1274 inode->i_opflags |= IOP_NOFOLLOW;
1275 spin_unlock(&inode->i_lock);
1276 }
1277 return 0;
1278}
1279
1280static inline int walk_component(struct nameidata *nd, struct path *path,
1281 struct qstr *name, int type, int follow)
1282{
1283 struct inode *inode;
1284 int err;
1285
1286
1287
1288
1289
1290 if (unlikely(type != LAST_NORM))
1291 return handle_dots(nd, type);
1292 err = do_lookup(nd, name, path, &inode);
1293 if (unlikely(err)) {
1294 terminate_walk(nd);
1295 return err;
1296 }
1297 if (!inode) {
1298 path_to_nameidata(path, nd);
1299 terminate_walk(nd);
1300 return -ENOENT;
1301 }
1302 if (should_follow_link(inode, follow)) {
1303 if (nd->flags & LOOKUP_RCU) {
1304 if (unlikely(unlazy_walk(nd, path->dentry))) {
1305 terminate_walk(nd);
1306 return -ECHILD;
1307 }
1308 }
1309 BUG_ON(inode != path->dentry->d_inode);
1310 return 1;
1311 }
1312 path_to_nameidata(path, nd);
1313 nd->inode = inode;
1314 return 0;
1315}
1316
1317
1318
1319
1320
1321
1322
1323
1324static inline int nested_symlink(struct path *path, struct nameidata *nd)
1325{
1326 int res;
1327
1328 if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
1329 path_put_conditional(path, nd);
1330 path_put(&nd->path);
1331 return -ELOOP;
1332 }
1333 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
1334
1335 nd->depth++;
1336 current->link_count++;
1337
1338 do {
1339 struct path link = *path;
1340 void *cookie;
1341
1342 res = follow_link(&link, nd, &cookie);
1343 if (!res)
1344 res = walk_component(nd, path, &nd->last,
1345 nd->last_type, LOOKUP_FOLLOW);
1346 put_link(nd, &link, cookie);
1347 } while (res > 0);
1348
1349 current->link_count--;
1350 nd->depth--;
1351 return res;
1352}
1353
1354
1355
1356
1357
1358
1359
1360static inline int can_lookup(struct inode *inode)
1361{
1362 if (likely(inode->i_opflags & IOP_LOOKUP))
1363 return 1;
1364 if (likely(!inode->i_op->lookup))
1365 return 0;
1366
1367
1368 spin_lock(&inode->i_lock);
1369 inode->i_opflags |= IOP_LOOKUP;
1370 spin_unlock(&inode->i_lock);
1371 return 1;
1372}
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382static int link_path_walk(const char *name, struct nameidata *nd)
1383{
1384 struct path next;
1385 int err;
1386
1387 while (*name=='/')
1388 name++;
1389 if (!*name)
1390 return 0;
1391
1392
1393 for(;;) {
1394 unsigned long hash;
1395 struct qstr this;
1396 unsigned int c;
1397 int type;
1398
1399 err = may_lookup(nd);
1400 if (err)
1401 break;
1402
1403 this.name = name;
1404 c = *(const unsigned char *)name;
1405
1406 hash = init_name_hash();
1407 do {
1408 name++;
1409 hash = partial_name_hash(c, hash);
1410 c = *(const unsigned char *)name;
1411 } while (c && (c != '/'));
1412 this.len = name - (const char *) this.name;
1413 this.hash = end_name_hash(hash);
1414
1415 type = LAST_NORM;
1416 if (this.name[0] == '.') switch (this.len) {
1417 case 2:
1418 if (this.name[1] == '.') {
1419 type = LAST_DOTDOT;
1420 nd->flags |= LOOKUP_JUMPED;
1421 }
1422 break;
1423 case 1:
1424 type = LAST_DOT;
1425 }
1426 if (likely(type == LAST_NORM)) {
1427 struct dentry *parent = nd->path.dentry;
1428 nd->flags &= ~LOOKUP_JUMPED;
1429 if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
1430 err = parent->d_op->d_hash(parent, nd->inode,
1431 &this);
1432 if (err < 0)
1433 break;
1434 }
1435 }
1436
1437
1438 if (!c)
1439 goto last_component;
1440 while (*++name == '/');
1441 if (!*name)
1442 goto last_component;
1443
1444 err = walk_component(nd, &next, &this, type, LOOKUP_FOLLOW);
1445 if (err < 0)
1446 return err;
1447
1448 if (err) {
1449 err = nested_symlink(&next, nd);
1450 if (err)
1451 return err;
1452 }
1453 if (can_lookup(nd->inode))
1454 continue;
1455 err = -ENOTDIR;
1456 break;
1457
1458
1459last_component:
1460 nd->last = this;
1461 nd->last_type = type;
1462 return 0;
1463 }
1464 terminate_walk(nd);
1465 return err;
1466}
1467
1468static int path_init(int dfd, const char *name, unsigned int flags,
1469 struct nameidata *nd, struct file **fp)
1470{
1471 int retval = 0;
1472 int fput_needed;
1473 struct file *file;
1474
1475 nd->last_type = LAST_ROOT;
1476 nd->flags = flags | LOOKUP_JUMPED;
1477 nd->depth = 0;
1478 if (flags & LOOKUP_ROOT) {
1479 struct inode *inode = nd->root.dentry->d_inode;
1480 if (*name) {
1481 if (!inode->i_op->lookup)
1482 return -ENOTDIR;
1483 retval = inode_permission(inode, MAY_EXEC);
1484 if (retval)
1485 return retval;
1486 }
1487 nd->path = nd->root;
1488 nd->inode = inode;
1489 if (flags & LOOKUP_RCU) {
1490 br_read_lock(vfsmount_lock);
1491 rcu_read_lock();
1492 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1493 } else {
1494 path_get(&nd->path);
1495 }
1496 return 0;
1497 }
1498
1499 nd->root.mnt = NULL;
1500
1501 if (*name=='/') {
1502 if (flags & LOOKUP_RCU) {
1503 br_read_lock(vfsmount_lock);
1504 rcu_read_lock();
1505 set_root_rcu(nd);
1506 } else {
1507 set_root(nd);
1508 path_get(&nd->root);
1509 }
1510 nd->path = nd->root;
1511 } else if (dfd == AT_FDCWD) {
1512 if (flags & LOOKUP_RCU) {
1513 struct fs_struct *fs = current->fs;
1514 unsigned seq;
1515
1516 br_read_lock(vfsmount_lock);
1517 rcu_read_lock();
1518
1519 do {
1520 seq = read_seqcount_begin(&fs->seq);
1521 nd->path = fs->pwd;
1522 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1523 } while (read_seqcount_retry(&fs->seq, seq));
1524 } else {
1525 get_fs_pwd(current->fs, &nd->path);
1526 }
1527 } else {
1528 struct dentry *dentry;
1529
1530 file = fget_raw_light(dfd, &fput_needed);
1531 retval = -EBADF;
1532 if (!file)
1533 goto out_fail;
1534
1535 dentry = file->f_path.dentry;
1536
1537 if (*name) {
1538 retval = -ENOTDIR;
1539 if (!S_ISDIR(dentry->d_inode->i_mode))
1540 goto fput_fail;
1541
1542 retval = inode_permission(dentry->d_inode, MAY_EXEC);
1543 if (retval)
1544 goto fput_fail;
1545 }
1546
1547 nd->path = file->f_path;
1548 if (flags & LOOKUP_RCU) {
1549 if (fput_needed)
1550 *fp = file;
1551 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1552 br_read_lock(vfsmount_lock);
1553 rcu_read_lock();
1554 } else {
1555 path_get(&file->f_path);
1556 fput_light(file, fput_needed);
1557 }
1558 }
1559
1560 nd->inode = nd->path.dentry->d_inode;
1561 return 0;
1562
1563fput_fail:
1564 fput_light(file, fput_needed);
1565out_fail:
1566 return retval;
1567}
1568
1569static inline int lookup_last(struct nameidata *nd, struct path *path)
1570{
1571 if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
1572 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
1573
1574 nd->flags &= ~LOOKUP_PARENT;
1575 return walk_component(nd, path, &nd->last, nd->last_type,
1576 nd->flags & LOOKUP_FOLLOW);
1577}
1578
1579
1580static int path_lookupat(int dfd, const char *name,
1581 unsigned int flags, struct nameidata *nd)
1582{
1583 struct file *base = NULL;
1584 struct path path;
1585 int err;
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601 err = path_init(dfd, name, flags | LOOKUP_PARENT, nd, &base);
1602
1603 if (unlikely(err))
1604 return err;
1605
1606 current->total_link_count = 0;
1607 err = link_path_walk(name, nd);
1608
1609 if (!err && !(flags & LOOKUP_PARENT)) {
1610 err = lookup_last(nd, &path);
1611 while (err > 0) {
1612 void *cookie;
1613 struct path link = path;
1614 nd->flags |= LOOKUP_PARENT;
1615 err = follow_link(&link, nd, &cookie);
1616 if (!err)
1617 err = lookup_last(nd, &path);
1618 put_link(nd, &link, cookie);
1619 }
1620 }
1621
1622 if (!err)
1623 err = complete_walk(nd);
1624
1625 if (!err && nd->flags & LOOKUP_DIRECTORY) {
1626 if (!nd->inode->i_op->lookup) {
1627 path_put(&nd->path);
1628 err = -ENOTDIR;
1629 }
1630 }
1631
1632 if (base)
1633 fput(base);
1634
1635 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
1636 path_put(&nd->root);
1637 nd->root.mnt = NULL;
1638 }
1639 return err;
1640}
1641
1642static int do_path_lookup(int dfd, const char *name,
1643 unsigned int flags, struct nameidata *nd)
1644{
1645 int retval = path_lookupat(dfd, name, flags | LOOKUP_RCU, nd);
1646 if (unlikely(retval == -ECHILD))
1647 retval = path_lookupat(dfd, name, flags, nd);
1648 if (unlikely(retval == -ESTALE))
1649 retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
1650
1651 if (likely(!retval)) {
1652 if (unlikely(!audit_dummy_context())) {
1653 if (nd->path.dentry && nd->inode)
1654 audit_inode(name, nd->path.dentry);
1655 }
1656 }
1657 return retval;
1658}
1659
1660int kern_path_parent(const char *name, struct nameidata *nd)
1661{
1662 return do_path_lookup(AT_FDCWD, name, LOOKUP_PARENT, nd);
1663}
1664
1665int kern_path(const char *name, unsigned int flags, struct path *path)
1666{
1667 struct nameidata nd;
1668 int res = do_path_lookup(AT_FDCWD, name, flags, &nd);
1669 if (!res)
1670 *path = nd.path;
1671 return res;
1672}
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1683 const char *name, unsigned int flags,
1684 struct path *path)
1685{
1686 struct nameidata nd;
1687 int err;
1688 nd.root.dentry = dentry;
1689 nd.root.mnt = mnt;
1690 BUG_ON(flags & LOOKUP_PARENT);
1691
1692 err = do_path_lookup(AT_FDCWD, name, flags | LOOKUP_ROOT, &nd);
1693 if (!err)
1694 *path = nd.path;
1695 return err;
1696}
1697
1698static struct dentry *__lookup_hash(struct qstr *name,
1699 struct dentry *base, struct nameidata *nd)
1700{
1701 struct inode *inode = base->d_inode;
1702 struct dentry *dentry;
1703 int err;
1704
1705 err = inode_permission(inode, MAY_EXEC);
1706 if (err)
1707 return ERR_PTR(err);
1708
1709
1710
1711
1712
1713
1714 dentry = d_lookup(base, name);
1715
1716 if (dentry && d_need_lookup(dentry)) {
1717
1718
1719
1720
1721 dentry = d_inode_lookup(base, dentry, nd);
1722 if (IS_ERR(dentry))
1723 return dentry;
1724 }
1725
1726 if (dentry && (dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1727 int status = d_revalidate(dentry, nd);
1728 if (unlikely(status <= 0)) {
1729
1730
1731
1732
1733
1734
1735 if (status < 0) {
1736 dput(dentry);
1737 return ERR_PTR(status);
1738 } else if (!d_invalidate(dentry)) {
1739 dput(dentry);
1740 dentry = NULL;
1741 }
1742 }
1743 }
1744
1745 if (!dentry)
1746 dentry = d_alloc_and_lookup(base, name, nd);
1747
1748 return dentry;
1749}
1750
1751
1752
1753
1754
1755
1756static struct dentry *lookup_hash(struct nameidata *nd)
1757{
1758 return __lookup_hash(&nd->last, nd->path.dentry, nd);
1759}
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1773{
1774 struct qstr this;
1775 unsigned long hash;
1776 unsigned int c;
1777
1778 WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex));
1779
1780 this.name = name;
1781 this.len = len;
1782 if (!len)
1783 return ERR_PTR(-EACCES);
1784
1785 hash = init_name_hash();
1786 while (len--) {
1787 c = *(const unsigned char *)name++;
1788 if (c == '/' || c == '\0')
1789 return ERR_PTR(-EACCES);
1790 hash = partial_name_hash(c, hash);
1791 }
1792 this.hash = end_name_hash(hash);
1793
1794
1795
1796
1797 if (base->d_flags & DCACHE_OP_HASH) {
1798 int err = base->d_op->d_hash(base, base->d_inode, &this);
1799 if (err < 0)
1800 return ERR_PTR(err);
1801 }
1802
1803 return __lookup_hash(&this, base, NULL);
1804}
1805
1806int user_path_at_empty(int dfd, const char __user *name, unsigned flags,
1807 struct path *path, int *empty)
1808{
1809 struct nameidata nd;
1810 char *tmp = getname_flags(name, flags, empty);
1811 int err = PTR_ERR(tmp);
1812 if (!IS_ERR(tmp)) {
1813
1814 BUG_ON(flags & LOOKUP_PARENT);
1815
1816 err = do_path_lookup(dfd, tmp, flags, &nd);
1817 putname(tmp);
1818 if (!err)
1819 *path = nd.path;
1820 }
1821 return err;
1822}
1823
1824int user_path_at(int dfd, const char __user *name, unsigned flags,
1825 struct path *path)
1826{
1827 return user_path_at_empty(dfd, name, flags, path, 0);
1828}
1829
1830static int user_path_parent(int dfd, const char __user *path,
1831 struct nameidata *nd, char **name)
1832{
1833 char *s = getname(path);
1834 int error;
1835
1836 if (IS_ERR(s))
1837 return PTR_ERR(s);
1838
1839 error = do_path_lookup(dfd, s, LOOKUP_PARENT, nd);
1840 if (error)
1841 putname(s);
1842 else
1843 *name = s;
1844
1845 return error;
1846}
1847
1848
1849
1850
1851
1852static inline int check_sticky(struct inode *dir, struct inode *inode)
1853{
1854 uid_t fsuid = current_fsuid();
1855
1856 if (!(dir->i_mode & S_ISVTX))
1857 return 0;
1858 if (current_user_ns() != inode_userns(inode))
1859 goto other_userns;
1860 if (inode->i_uid == fsuid)
1861 return 0;
1862 if (dir->i_uid == fsuid)
1863 return 0;
1864
1865other_userns:
1866 return !ns_capable(inode_userns(inode), CAP_FOWNER);
1867}
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1889{
1890 int error;
1891
1892 if (!victim->d_inode)
1893 return -ENOENT;
1894
1895 BUG_ON(victim->d_parent->d_inode != dir);
1896 audit_inode_child(victim, dir);
1897
1898 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
1899 if (error)
1900 return error;
1901 if (IS_APPEND(dir))
1902 return -EPERM;
1903 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1904 IS_IMMUTABLE(victim->d_inode) || IS_SWAPFILE(victim->d_inode))
1905 return -EPERM;
1906 if (isdir) {
1907 if (!S_ISDIR(victim->d_inode->i_mode))
1908 return -ENOTDIR;
1909 if (IS_ROOT(victim))
1910 return -EBUSY;
1911 } else if (S_ISDIR(victim->d_inode->i_mode))
1912 return -EISDIR;
1913 if (IS_DEADDIR(dir))
1914 return -ENOENT;
1915 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1916 return -EBUSY;
1917 return 0;
1918}
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928static inline int may_create(struct inode *dir, struct dentry *child)
1929{
1930 if (child->d_inode)
1931 return -EEXIST;
1932 if (IS_DEADDIR(dir))
1933 return -ENOENT;
1934 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
1935}
1936
1937
1938
1939
1940struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1941{
1942 struct dentry *p;
1943
1944 if (p1 == p2) {
1945 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1946 return NULL;
1947 }
1948
1949 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1950
1951 p = d_ancestor(p2, p1);
1952 if (p) {
1953 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT);
1954 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD);
1955 return p;
1956 }
1957
1958 p = d_ancestor(p1, p2);
1959 if (p) {
1960 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1961 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1962 return p;
1963 }
1964
1965 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1966 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1967 return NULL;
1968}
1969
1970void unlock_rename(struct dentry *p1, struct dentry *p2)
1971{
1972 mutex_unlock(&p1->d_inode->i_mutex);
1973 if (p1 != p2) {
1974 mutex_unlock(&p2->d_inode->i_mutex);
1975 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1976 }
1977}
1978
1979int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1980 struct nameidata *nd)
1981{
1982 int error = may_create(dir, dentry);
1983
1984 if (error)
1985 return error;
1986
1987 if (!dir->i_op->create)
1988 return -EACCES;
1989 mode &= S_IALLUGO;
1990 mode |= S_IFREG;
1991 error = security_inode_create(dir, dentry, mode);
1992 if (error)
1993 return error;
1994 error = dir->i_op->create(dir, dentry, mode, nd);
1995 if (!error)
1996 fsnotify_create(dir, dentry);
1997 return error;
1998}
1999
2000static int may_open(struct path *path, int acc_mode, int flag)
2001{
2002 struct dentry *dentry = path->dentry;
2003 struct inode *inode = dentry->d_inode;
2004 int error;
2005
2006
2007 if (!acc_mode)
2008 return 0;
2009
2010 if (!inode)
2011 return -ENOENT;
2012
2013 switch (inode->i_mode & S_IFMT) {
2014 case S_IFLNK:
2015 return -ELOOP;
2016 case S_IFDIR:
2017 if (acc_mode & MAY_WRITE)
2018 return -EISDIR;
2019 break;
2020 case S_IFBLK:
2021 case S_IFCHR:
2022 if (path->mnt->mnt_flags & MNT_NODEV)
2023 return -EACCES;
2024
2025 case S_IFIFO:
2026 case S_IFSOCK:
2027 flag &= ~O_TRUNC;
2028 break;
2029 }
2030
2031 error = inode_permission(inode, acc_mode);
2032 if (error)
2033 return error;
2034
2035
2036
2037
2038 if (IS_APPEND(inode)) {
2039 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
2040 return -EPERM;
2041 if (flag & O_TRUNC)
2042 return -EPERM;
2043 }
2044
2045
2046 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
2047 return -EPERM;
2048
2049
2050
2051
2052 return break_lease(inode, flag);
2053}
2054
2055static int handle_truncate(struct file *filp)
2056{
2057 struct path *path = &filp->f_path;
2058 struct inode *inode = path->dentry->d_inode;
2059 int error = get_write_access(inode);
2060 if (error)
2061 return error;
2062
2063
2064
2065 error = locks_verify_locked(inode);
2066 if (!error)
2067 error = security_path_truncate(path);
2068 if (!error) {
2069 error = do_truncate(path->dentry, 0,
2070 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
2071 filp);
2072 }
2073 put_write_access(inode);
2074 return error;
2075}
2076
2077static inline int open_to_namei_flags(int flag)
2078{
2079 if ((flag & O_ACCMODE) == 3)
2080 flag--;
2081 return flag;
2082}
2083
2084
2085
2086
2087static struct file *do_last(struct nameidata *nd, struct path *path,
2088 const struct open_flags *op, const char *pathname)
2089{
2090 struct dentry *dir = nd->path.dentry;
2091 struct dentry *dentry;
2092 int open_flag = op->open_flag;
2093 int will_truncate = open_flag & O_TRUNC;
2094 int want_write = 0;
2095 int acc_mode = op->acc_mode;
2096 struct file *filp;
2097 int error;
2098
2099 nd->flags &= ~LOOKUP_PARENT;
2100 nd->flags |= op->intent;
2101
2102 switch (nd->last_type) {
2103 case LAST_DOTDOT:
2104 case LAST_DOT:
2105 error = handle_dots(nd, nd->last_type);
2106 if (error)
2107 return ERR_PTR(error);
2108
2109 case LAST_ROOT:
2110 error = complete_walk(nd);
2111 if (error)
2112 return ERR_PTR(error);
2113 audit_inode(pathname, nd->path.dentry);
2114 if (open_flag & O_CREAT) {
2115 error = -EISDIR;
2116 goto exit;
2117 }
2118 goto ok;
2119 case LAST_BIND:
2120 error = complete_walk(nd);
2121 if (error)
2122 return ERR_PTR(error);
2123 audit_inode(pathname, dir);
2124 goto ok;
2125 }
2126
2127 if (!(open_flag & O_CREAT)) {
2128 int symlink_ok = 0;
2129 if (nd->last.name[nd->last.len])
2130 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
2131 if (open_flag & O_PATH && !(nd->flags & LOOKUP_FOLLOW))
2132 symlink_ok = 1;
2133
2134 error = walk_component(nd, path, &nd->last, LAST_NORM,
2135 !symlink_ok);
2136 if (error < 0)
2137 return ERR_PTR(error);
2138 if (error)
2139 return NULL;
2140
2141 error = complete_walk(nd);
2142 if (error)
2143 return ERR_PTR(-ECHILD);
2144
2145 error = -ENOTDIR;
2146 if (nd->flags & LOOKUP_DIRECTORY) {
2147 if (!nd->inode->i_op->lookup)
2148 goto exit;
2149 }
2150 audit_inode(pathname, nd->path.dentry);
2151 goto ok;
2152 }
2153
2154
2155
2156
2157
2158
2159 error = complete_walk(nd);
2160 if (error)
2161 return ERR_PTR(error);
2162
2163 audit_inode(pathname, dir);
2164 error = -EISDIR;
2165
2166 if (nd->last.name[nd->last.len])
2167 goto exit;
2168
2169 mutex_lock(&dir->d_inode->i_mutex);
2170
2171 dentry = lookup_hash(nd);
2172 error = PTR_ERR(dentry);
2173 if (IS_ERR(dentry)) {
2174 mutex_unlock(&dir->d_inode->i_mutex);
2175 goto exit;
2176 }
2177
2178 path->dentry = dentry;
2179 path->mnt = nd->path.mnt;
2180
2181
2182 if (!dentry->d_inode) {
2183 int mode = op->mode;
2184 if (!IS_POSIXACL(dir->d_inode))
2185 mode &= ~current_umask();
2186
2187
2188
2189
2190
2191
2192
2193 error = mnt_want_write(nd->path.mnt);
2194 if (error)
2195 goto exit_mutex_unlock;
2196 want_write = 1;
2197
2198 open_flag &= ~O_TRUNC;
2199 will_truncate = 0;
2200 acc_mode = MAY_OPEN;
2201 error = security_path_mknod(&nd->path, dentry, mode, 0);
2202 if (error)
2203 goto exit_mutex_unlock;
2204 error = vfs_create(dir->d_inode, dentry, mode, nd);
2205 if (error)
2206 goto exit_mutex_unlock;
2207 mutex_unlock(&dir->d_inode->i_mutex);
2208 dput(nd->path.dentry);
2209 nd->path.dentry = dentry;
2210 goto common;
2211 }
2212
2213
2214
2215
2216 mutex_unlock(&dir->d_inode->i_mutex);
2217 audit_inode(pathname, path->dentry);
2218
2219 error = -EEXIST;
2220 if (open_flag & O_EXCL)
2221 goto exit_dput;
2222
2223 error = follow_managed(path, nd->flags);
2224 if (error < 0)
2225 goto exit_dput;
2226
2227 if (error)
2228 nd->flags |= LOOKUP_JUMPED;
2229
2230 error = -ENOENT;
2231 if (!path->dentry->d_inode)
2232 goto exit_dput;
2233
2234 if (path->dentry->d_inode->i_op->follow_link)
2235 return NULL;
2236
2237 path_to_nameidata(path, nd);
2238 nd->inode = path->dentry->d_inode;
2239
2240 error = complete_walk(nd);
2241 if (error)
2242 goto exit;
2243 error = -EISDIR;
2244 if (S_ISDIR(nd->inode->i_mode))
2245 goto exit;
2246ok:
2247 if (!S_ISREG(nd->inode->i_mode))
2248 will_truncate = 0;
2249
2250 if (will_truncate) {
2251 error = mnt_want_write(nd->path.mnt);
2252 if (error)
2253 goto exit;
2254 want_write = 1;
2255 }
2256common:
2257 error = may_open(&nd->path, acc_mode, open_flag);
2258 if (error)
2259 goto exit;
2260 filp = nameidata_to_filp(nd);
2261 if (!IS_ERR(filp)) {
2262 error = ima_file_check(filp, op->acc_mode);
2263 if (error) {
2264 fput(filp);
2265 filp = ERR_PTR(error);
2266 }
2267 }
2268 if (!IS_ERR(filp)) {
2269 if (will_truncate) {
2270 error = handle_truncate(filp);
2271 if (error) {
2272 fput(filp);
2273 filp = ERR_PTR(error);
2274 }
2275 }
2276 }
2277out:
2278 if (want_write)
2279 mnt_drop_write(nd->path.mnt);
2280 path_put(&nd->path);
2281 return filp;
2282
2283exit_mutex_unlock:
2284 mutex_unlock(&dir->d_inode->i_mutex);
2285exit_dput:
2286 path_put_conditional(path, nd);
2287exit:
2288 filp = ERR_PTR(error);
2289 goto out;
2290}
2291
2292static struct file *path_openat(int dfd, const char *pathname,
2293 struct nameidata *nd, const struct open_flags *op, int flags)
2294{
2295 struct file *base = NULL;
2296 struct file *filp;
2297 struct path path;
2298 int error;
2299
2300 filp = get_empty_filp();
2301 if (!filp)
2302 return ERR_PTR(-ENFILE);
2303
2304 filp->f_flags = op->open_flag;
2305 nd->intent.open.file = filp;
2306 nd->intent.open.flags = open_to_namei_flags(op->open_flag);
2307 nd->intent.open.create_mode = op->mode;
2308
2309 error = path_init(dfd, pathname, flags | LOOKUP_PARENT, nd, &base);
2310 if (unlikely(error))
2311 goto out_filp;
2312
2313 current->total_link_count = 0;
2314 error = link_path_walk(pathname, nd);
2315 if (unlikely(error))
2316 goto out_filp;
2317
2318 filp = do_last(nd, &path, op, pathname);
2319 while (unlikely(!filp)) {
2320 struct path link = path;
2321 void *cookie;
2322 if (!(nd->flags & LOOKUP_FOLLOW)) {
2323 path_put_conditional(&path, nd);
2324 path_put(&nd->path);
2325 filp = ERR_PTR(-ELOOP);
2326 break;
2327 }
2328 nd->flags |= LOOKUP_PARENT;
2329 nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL);
2330 error = follow_link(&link, nd, &cookie);
2331 if (unlikely(error))
2332 filp = ERR_PTR(error);
2333 else
2334 filp = do_last(nd, &path, op, pathname);
2335 put_link(nd, &link, cookie);
2336 }
2337out:
2338 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT))
2339 path_put(&nd->root);
2340 if (base)
2341 fput(base);
2342 release_open_intent(nd);
2343 return filp;
2344
2345out_filp:
2346 filp = ERR_PTR(error);
2347 goto out;
2348}
2349
2350struct file *do_filp_open(int dfd, const char *pathname,
2351 const struct open_flags *op, int flags)
2352{
2353 struct nameidata nd;
2354 struct file *filp;
2355
2356 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_RCU);
2357 if (unlikely(filp == ERR_PTR(-ECHILD)))
2358 filp = path_openat(dfd, pathname, &nd, op, flags);
2359 if (unlikely(filp == ERR_PTR(-ESTALE)))
2360 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_REVAL);
2361 return filp;
2362}
2363
2364struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt,
2365 const char *name, const struct open_flags *op, int flags)
2366{
2367 struct nameidata nd;
2368 struct file *file;
2369
2370 nd.root.mnt = mnt;
2371 nd.root.dentry = dentry;
2372
2373 flags |= LOOKUP_ROOT;
2374
2375 if (dentry->d_inode->i_op->follow_link && op->intent & LOOKUP_OPEN)
2376 return ERR_PTR(-ELOOP);
2377
2378 file = path_openat(-1, name, &nd, op, flags | LOOKUP_RCU);
2379 if (unlikely(file == ERR_PTR(-ECHILD)))
2380 file = path_openat(-1, name, &nd, op, flags);
2381 if (unlikely(file == ERR_PTR(-ESTALE)))
2382 file = path_openat(-1, name, &nd, op, flags | LOOKUP_REVAL);
2383 return file;
2384}
2385
2386struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path, int is_dir)
2387{
2388 struct dentry *dentry = ERR_PTR(-EEXIST);
2389 struct nameidata nd;
2390 int error = do_path_lookup(dfd, pathname, LOOKUP_PARENT, &nd);
2391 if (error)
2392 return ERR_PTR(error);
2393
2394
2395
2396
2397
2398 if (nd.last_type != LAST_NORM)
2399 goto out;
2400 nd.flags &= ~LOOKUP_PARENT;
2401 nd.flags |= LOOKUP_CREATE | LOOKUP_EXCL;
2402 nd.intent.open.flags = O_EXCL;
2403
2404
2405
2406
2407 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2408 dentry = lookup_hash(&nd);
2409 if (IS_ERR(dentry))
2410 goto fail;
2411
2412 if (dentry->d_inode)
2413 goto eexist;
2414
2415
2416
2417
2418
2419
2420 if (unlikely(!is_dir && nd.last.name[nd.last.len])) {
2421 dput(dentry);
2422 dentry = ERR_PTR(-ENOENT);
2423 goto fail;
2424 }
2425 *path = nd.path;
2426 return dentry;
2427eexist:
2428 dput(dentry);
2429 dentry = ERR_PTR(-EEXIST);
2430fail:
2431 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2432out:
2433 path_put(&nd.path);
2434 return dentry;
2435}
2436EXPORT_SYMBOL(kern_path_create);
2437
2438struct dentry *user_path_create(int dfd, const char __user *pathname, struct path *path, int is_dir)
2439{
2440 char *tmp = getname(pathname);
2441 struct dentry *res;
2442 if (IS_ERR(tmp))
2443 return ERR_CAST(tmp);
2444 res = kern_path_create(dfd, tmp, path, is_dir);
2445 putname(tmp);
2446 return res;
2447}
2448EXPORT_SYMBOL(user_path_create);
2449
2450int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2451{
2452 int error = may_create(dir, dentry);
2453
2454 if (error)
2455 return error;
2456
2457 if ((S_ISCHR(mode) || S_ISBLK(mode)) &&
2458 !ns_capable(inode_userns(dir), CAP_MKNOD))
2459 return -EPERM;
2460
2461 if (!dir->i_op->mknod)
2462 return -EPERM;
2463
2464 error = devcgroup_inode_mknod(mode, dev);
2465 if (error)
2466 return error;
2467
2468 error = security_inode_mknod(dir, dentry, mode, dev);
2469 if (error)
2470 return error;
2471
2472 error = dir->i_op->mknod(dir, dentry, mode, dev);
2473 if (!error)
2474 fsnotify_create(dir, dentry);
2475 return error;
2476}
2477
2478static int may_mknod(mode_t mode)
2479{
2480 switch (mode & S_IFMT) {
2481 case S_IFREG:
2482 case S_IFCHR:
2483 case S_IFBLK:
2484 case S_IFIFO:
2485 case S_IFSOCK:
2486 case 0:
2487 return 0;
2488 case S_IFDIR:
2489 return -EPERM;
2490 default:
2491 return -EINVAL;
2492 }
2493}
2494
2495SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
2496 unsigned, dev)
2497{
2498 struct dentry *dentry;
2499 struct path path;
2500 int error;
2501
2502 if (S_ISDIR(mode))
2503 return -EPERM;
2504
2505 dentry = user_path_create(dfd, filename, &path, 0);
2506 if (IS_ERR(dentry))
2507 return PTR_ERR(dentry);
2508
2509 if (!IS_POSIXACL(path.dentry->d_inode))
2510 mode &= ~current_umask();
2511 error = may_mknod(mode);
2512 if (error)
2513 goto out_dput;
2514 error = mnt_want_write(path.mnt);
2515 if (error)
2516 goto out_dput;
2517 error = security_path_mknod(&path, dentry, mode, dev);
2518 if (error)
2519 goto out_drop_write;
2520 switch (mode & S_IFMT) {
2521 case 0: case S_IFREG:
2522 error = vfs_create(path.dentry->d_inode,dentry,mode,NULL);
2523 break;
2524 case S_IFCHR: case S_IFBLK:
2525 error = vfs_mknod(path.dentry->d_inode,dentry,mode,
2526 new_decode_dev(dev));
2527 break;
2528 case S_IFIFO: case S_IFSOCK:
2529 error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
2530 break;
2531 }
2532out_drop_write:
2533 mnt_drop_write(path.mnt);
2534out_dput:
2535 dput(dentry);
2536 mutex_unlock(&path.dentry->d_inode->i_mutex);
2537 path_put(&path);
2538
2539 return error;
2540}
2541
2542SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev)
2543{
2544 return sys_mknodat(AT_FDCWD, filename, mode, dev);
2545}
2546
2547int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
2548{
2549 int error = may_create(dir, dentry);
2550
2551 if (error)
2552 return error;
2553
2554 if (!dir->i_op->mkdir)
2555 return -EPERM;
2556
2557 mode &= (S_IRWXUGO|S_ISVTX);
2558 error = security_inode_mkdir(dir, dentry, mode);
2559 if (error)
2560 return error;
2561
2562 error = dir->i_op->mkdir(dir, dentry, mode);
2563 if (!error)
2564 fsnotify_mkdir(dir, dentry);
2565 return error;
2566}
2567
2568SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
2569{
2570 struct dentry *dentry;
2571 struct path path;
2572 int error;
2573
2574 dentry = user_path_create(dfd, pathname, &path, 1);
2575 if (IS_ERR(dentry))
2576 return PTR_ERR(dentry);
2577
2578 if (!IS_POSIXACL(path.dentry->d_inode))
2579 mode &= ~current_umask();
2580 error = mnt_want_write(path.mnt);
2581 if (error)
2582 goto out_dput;
2583 error = security_path_mkdir(&path, dentry, mode);
2584 if (error)
2585 goto out_drop_write;
2586 error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
2587out_drop_write:
2588 mnt_drop_write(path.mnt);
2589out_dput:
2590 dput(dentry);
2591 mutex_unlock(&path.dentry->d_inode->i_mutex);
2592 path_put(&path);
2593 return error;
2594}
2595
2596SYSCALL_DEFINE2(mkdir, const char __user *, pathname, int, mode)
2597{
2598 return sys_mkdirat(AT_FDCWD, pathname, mode);
2599}
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616void dentry_unhash(struct dentry *dentry)
2617{
2618 shrink_dcache_parent(dentry);
2619 spin_lock(&dentry->d_lock);
2620 if (dentry->d_count == 1)
2621 __d_drop(dentry);
2622 spin_unlock(&dentry->d_lock);
2623}
2624
2625int vfs_rmdir(struct inode *dir, struct dentry *dentry)
2626{
2627 int error = may_delete(dir, dentry, 1);
2628
2629 if (error)
2630 return error;
2631
2632 if (!dir->i_op->rmdir)
2633 return -EPERM;
2634
2635 dget(dentry);
2636 mutex_lock(&dentry->d_inode->i_mutex);
2637
2638 error = -EBUSY;
2639 if (d_mountpoint(dentry))
2640 goto out;
2641
2642 error = security_inode_rmdir(dir, dentry);
2643 if (error)
2644 goto out;
2645
2646 shrink_dcache_parent(dentry);
2647 error = dir->i_op->rmdir(dir, dentry);
2648 if (error)
2649 goto out;
2650
2651 dentry->d_inode->i_flags |= S_DEAD;
2652 dont_mount(dentry);
2653
2654out:
2655 mutex_unlock(&dentry->d_inode->i_mutex);
2656 dput(dentry);
2657 if (!error)
2658 d_delete(dentry);
2659 return error;
2660}
2661
2662static long do_rmdir(int dfd, const char __user *pathname)
2663{
2664 int error = 0;
2665 char * name;
2666 struct dentry *dentry;
2667 struct nameidata nd;
2668
2669 error = user_path_parent(dfd, pathname, &nd, &name);
2670 if (error)
2671 return error;
2672
2673 switch(nd.last_type) {
2674 case LAST_DOTDOT:
2675 error = -ENOTEMPTY;
2676 goto exit1;
2677 case LAST_DOT:
2678 error = -EINVAL;
2679 goto exit1;
2680 case LAST_ROOT:
2681 error = -EBUSY;
2682 goto exit1;
2683 }
2684
2685 nd.flags &= ~LOOKUP_PARENT;
2686
2687 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2688 dentry = lookup_hash(&nd);
2689 error = PTR_ERR(dentry);
2690 if (IS_ERR(dentry))
2691 goto exit2;
2692 if (!dentry->d_inode) {
2693 error = -ENOENT;
2694 goto exit3;
2695 }
2696 error = mnt_want_write(nd.path.mnt);
2697 if (error)
2698 goto exit3;
2699 error = security_path_rmdir(&nd.path, dentry);
2700 if (error)
2701 goto exit4;
2702 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
2703exit4:
2704 mnt_drop_write(nd.path.mnt);
2705exit3:
2706 dput(dentry);
2707exit2:
2708 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2709exit1:
2710 path_put(&nd.path);
2711 putname(name);
2712 return error;
2713}
2714
2715SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
2716{
2717 return do_rmdir(AT_FDCWD, pathname);
2718}
2719
2720int vfs_unlink(struct inode *dir, struct dentry *dentry)
2721{
2722 int error = may_delete(dir, dentry, 0);
2723
2724 if (error)
2725 return error;
2726
2727 if (!dir->i_op->unlink)
2728 return -EPERM;
2729
2730 mutex_lock(&dentry->d_inode->i_mutex);
2731 if (d_mountpoint(dentry))
2732 error = -EBUSY;
2733 else {
2734 error = security_inode_unlink(dir, dentry);
2735 if (!error) {
2736 error = dir->i_op->unlink(dir, dentry);
2737 if (!error)
2738 dont_mount(dentry);
2739 }
2740 }
2741 mutex_unlock(&dentry->d_inode->i_mutex);
2742
2743
2744 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
2745 fsnotify_link_count(dentry->d_inode);
2746 d_delete(dentry);
2747 }
2748
2749 return error;
2750}
2751
2752
2753
2754
2755
2756
2757
2758static long do_unlinkat(int dfd, const char __user *pathname)
2759{
2760 int error;
2761 char *name;
2762 struct dentry *dentry;
2763 struct nameidata nd;
2764 struct inode *inode = NULL;
2765
2766 error = user_path_parent(dfd, pathname, &nd, &name);
2767 if (error)
2768 return error;
2769
2770 error = -EISDIR;
2771 if (nd.last_type != LAST_NORM)
2772 goto exit1;
2773
2774 nd.flags &= ~LOOKUP_PARENT;
2775
2776 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2777 dentry = lookup_hash(&nd);
2778 error = PTR_ERR(dentry);
2779 if (!IS_ERR(dentry)) {
2780
2781 if (nd.last.name[nd.last.len])
2782 goto slashes;
2783 inode = dentry->d_inode;
2784 if (!inode)
2785 goto slashes;
2786 ihold(inode);
2787 error = mnt_want_write(nd.path.mnt);
2788 if (error)
2789 goto exit2;
2790 error = security_path_unlink(&nd.path, dentry);
2791 if (error)
2792 goto exit3;
2793 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
2794exit3:
2795 mnt_drop_write(nd.path.mnt);
2796 exit2:
2797 dput(dentry);
2798 }
2799 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2800 if (inode)
2801 iput(inode);
2802exit1:
2803 path_put(&nd.path);
2804 putname(name);
2805 return error;
2806
2807slashes:
2808 error = !dentry->d_inode ? -ENOENT :
2809 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2810 goto exit2;
2811}
2812
2813SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
2814{
2815 if ((flag & ~AT_REMOVEDIR) != 0)
2816 return -EINVAL;
2817
2818 if (flag & AT_REMOVEDIR)
2819 return do_rmdir(dfd, pathname);
2820
2821 return do_unlinkat(dfd, pathname);
2822}
2823
2824SYSCALL_DEFINE1(unlink, const char __user *, pathname)
2825{
2826 return do_unlinkat(AT_FDCWD, pathname);
2827}
2828
2829int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
2830{
2831 int error = may_create(dir, dentry);
2832
2833 if (error)
2834 return error;
2835
2836 if (!dir->i_op->symlink)
2837 return -EPERM;
2838
2839 error = security_inode_symlink(dir, dentry, oldname);
2840 if (error)
2841 return error;
2842
2843 error = dir->i_op->symlink(dir, dentry, oldname);
2844 if (!error)
2845 fsnotify_create(dir, dentry);
2846 return error;
2847}
2848
2849SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
2850 int, newdfd, const char __user *, newname)
2851{
2852 int error;
2853 char *from;
2854 struct dentry *dentry;
2855 struct path path;
2856
2857 from = getname(oldname);
2858 if (IS_ERR(from))
2859 return PTR_ERR(from);
2860
2861 dentry = user_path_create(newdfd, newname, &path, 0);
2862 error = PTR_ERR(dentry);
2863 if (IS_ERR(dentry))
2864 goto out_putname;
2865
2866 error = mnt_want_write(path.mnt);
2867 if (error)
2868 goto out_dput;
2869 error = security_path_symlink(&path, dentry, from);
2870 if (error)
2871 goto out_drop_write;
2872 error = vfs_symlink(path.dentry->d_inode, dentry, from);
2873out_drop_write:
2874 mnt_drop_write(path.mnt);
2875out_dput:
2876 dput(dentry);
2877 mutex_unlock(&path.dentry->d_inode->i_mutex);
2878 path_put(&path);
2879out_putname:
2880 putname(from);
2881 return error;
2882}
2883
2884SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
2885{
2886 return sys_symlinkat(oldname, AT_FDCWD, newname);
2887}
2888
2889int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2890{
2891 struct inode *inode = old_dentry->d_inode;
2892 int error;
2893
2894 if (!inode)
2895 return -ENOENT;
2896
2897 error = may_create(dir, new_dentry);
2898 if (error)
2899 return error;
2900
2901 if (dir->i_sb != inode->i_sb)
2902 return -EXDEV;
2903
2904
2905
2906
2907 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2908 return -EPERM;
2909 if (!dir->i_op->link)
2910 return -EPERM;
2911 if (S_ISDIR(inode->i_mode))
2912 return -EPERM;
2913
2914 error = security_inode_link(old_dentry, dir, new_dentry);
2915 if (error)
2916 return error;
2917
2918 mutex_lock(&inode->i_mutex);
2919
2920 if (inode->i_nlink == 0)
2921 error = -ENOENT;
2922 else
2923 error = dir->i_op->link(old_dentry, dir, new_dentry);
2924 mutex_unlock(&inode->i_mutex);
2925 if (!error)
2926 fsnotify_link(dir, inode, new_dentry);
2927 return error;
2928}
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
2940 int, newdfd, const char __user *, newname, int, flags)
2941{
2942 struct dentry *new_dentry;
2943 struct path old_path, new_path;
2944 int how = 0;
2945 int error;
2946
2947 if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
2948 return -EINVAL;
2949
2950
2951
2952
2953
2954 if (flags & AT_EMPTY_PATH) {
2955 if (!capable(CAP_DAC_READ_SEARCH))
2956 return -ENOENT;
2957 how = LOOKUP_EMPTY;
2958 }
2959
2960 if (flags & AT_SYMLINK_FOLLOW)
2961 how |= LOOKUP_FOLLOW;
2962
2963 error = user_path_at(olddfd, oldname, how, &old_path);
2964 if (error)
2965 return error;
2966
2967 new_dentry = user_path_create(newdfd, newname, &new_path, 0);
2968 error = PTR_ERR(new_dentry);
2969 if (IS_ERR(new_dentry))
2970 goto out;
2971
2972 error = -EXDEV;
2973 if (old_path.mnt != new_path.mnt)
2974 goto out_dput;
2975 error = mnt_want_write(new_path.mnt);
2976 if (error)
2977 goto out_dput;
2978 error = security_path_link(old_path.dentry, &new_path, new_dentry);
2979 if (error)
2980 goto out_drop_write;
2981 error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry);
2982out_drop_write:
2983 mnt_drop_write(new_path.mnt);
2984out_dput:
2985 dput(new_dentry);
2986 mutex_unlock(&new_path.dentry->d_inode->i_mutex);
2987 path_put(&new_path);
2988out:
2989 path_put(&old_path);
2990
2991 return error;
2992}
2993
2994SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
2995{
2996 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
2997}
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
3027 struct inode *new_dir, struct dentry *new_dentry)
3028{
3029 int error = 0;
3030 struct inode *target = new_dentry->d_inode;
3031
3032
3033
3034
3035
3036 if (new_dir != old_dir) {
3037 error = inode_permission(old_dentry->d_inode, MAY_WRITE);
3038 if (error)
3039 return error;
3040 }
3041
3042 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3043 if (error)
3044 return error;
3045
3046 dget(new_dentry);
3047 if (target)
3048 mutex_lock(&target->i_mutex);
3049
3050 error = -EBUSY;
3051 if (d_mountpoint(old_dentry) || d_mountpoint(new_dentry))
3052 goto out;
3053
3054 if (target)
3055 shrink_dcache_parent(new_dentry);
3056 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3057 if (error)
3058 goto out;
3059
3060 if (target) {
3061 target->i_flags |= S_DEAD;
3062 dont_mount(new_dentry);
3063 }
3064out:
3065 if (target)
3066 mutex_unlock(&target->i_mutex);
3067 dput(new_dentry);
3068 if (!error)
3069 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3070 d_move(old_dentry,new_dentry);
3071 return error;
3072}
3073
3074static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
3075 struct inode *new_dir, struct dentry *new_dentry)
3076{
3077 struct inode *target = new_dentry->d_inode;
3078 int error;
3079
3080 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3081 if (error)
3082 return error;
3083
3084 dget(new_dentry);
3085 if (target)
3086 mutex_lock(&target->i_mutex);
3087
3088 error = -EBUSY;
3089 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
3090 goto out;
3091
3092 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3093 if (error)
3094 goto out;
3095
3096 if (target)
3097 dont_mount(new_dentry);
3098 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3099 d_move(old_dentry, new_dentry);
3100out:
3101 if (target)
3102 mutex_unlock(&target->i_mutex);
3103 dput(new_dentry);
3104 return error;
3105}
3106
3107int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
3108 struct inode *new_dir, struct dentry *new_dentry)
3109{
3110 int error;
3111 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
3112 const unsigned char *old_name;
3113
3114 if (old_dentry->d_inode == new_dentry->d_inode)
3115 return 0;
3116
3117 error = may_delete(old_dir, old_dentry, is_dir);
3118 if (error)
3119 return error;
3120
3121 if (!new_dentry->d_inode)
3122 error = may_create(new_dir, new_dentry);
3123 else
3124 error = may_delete(new_dir, new_dentry, is_dir);
3125 if (error)
3126 return error;
3127
3128 if (!old_dir->i_op->rename)
3129 return -EPERM;
3130
3131 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
3132
3133 if (is_dir)
3134 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
3135 else
3136 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
3137 if (!error)
3138 fsnotify_move(old_dir, new_dir, old_name, is_dir,
3139 new_dentry->d_inode, old_dentry);
3140 fsnotify_oldname_free(old_name);
3141
3142 return error;
3143}
3144
3145SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3146 int, newdfd, const char __user *, newname)
3147{
3148 struct dentry *old_dir, *new_dir;
3149 struct dentry *old_dentry, *new_dentry;
3150 struct dentry *trap;
3151 struct nameidata oldnd, newnd;
3152 char *from;
3153 char *to;
3154 int error;
3155
3156 error = user_path_parent(olddfd, oldname, &oldnd, &from);
3157 if (error)
3158 goto exit;
3159
3160 error = user_path_parent(newdfd, newname, &newnd, &to);
3161 if (error)
3162 goto exit1;
3163
3164 error = -EXDEV;
3165 if (oldnd.path.mnt != newnd.path.mnt)
3166 goto exit2;
3167
3168 old_dir = oldnd.path.dentry;
3169 error = -EBUSY;
3170 if (oldnd.last_type != LAST_NORM)
3171 goto exit2;
3172
3173 new_dir = newnd.path.dentry;
3174 if (newnd.last_type != LAST_NORM)
3175 goto exit2;
3176
3177 oldnd.flags &= ~LOOKUP_PARENT;
3178 newnd.flags &= ~LOOKUP_PARENT;
3179 newnd.flags |= LOOKUP_RENAME_TARGET;
3180
3181 trap = lock_rename(new_dir, old_dir);
3182
3183 old_dentry = lookup_hash(&oldnd);
3184 error = PTR_ERR(old_dentry);
3185 if (IS_ERR(old_dentry))
3186 goto exit3;
3187
3188 error = -ENOENT;
3189 if (!old_dentry->d_inode)
3190 goto exit4;
3191
3192 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
3193 error = -ENOTDIR;
3194 if (oldnd.last.name[oldnd.last.len])
3195 goto exit4;
3196 if (newnd.last.name[newnd.last.len])
3197 goto exit4;
3198 }
3199
3200 error = -EINVAL;
3201 if (old_dentry == trap)
3202 goto exit4;
3203 new_dentry = lookup_hash(&newnd);
3204 error = PTR_ERR(new_dentry);
3205 if (IS_ERR(new_dentry))
3206 goto exit4;
3207
3208 error = -ENOTEMPTY;
3209 if (new_dentry == trap)
3210 goto exit5;
3211
3212 error = mnt_want_write(oldnd.path.mnt);
3213 if (error)
3214 goto exit5;
3215 error = security_path_rename(&oldnd.path, old_dentry,
3216 &newnd.path, new_dentry);
3217 if (error)
3218 goto exit6;
3219 error = vfs_rename(old_dir->d_inode, old_dentry,
3220 new_dir->d_inode, new_dentry);
3221exit6:
3222 mnt_drop_write(oldnd.path.mnt);
3223exit5:
3224 dput(new_dentry);
3225exit4:
3226 dput(old_dentry);
3227exit3:
3228 unlock_rename(new_dir, old_dir);
3229exit2:
3230 path_put(&newnd.path);
3231 putname(to);
3232exit1:
3233 path_put(&oldnd.path);
3234 putname(from);
3235exit:
3236 return error;
3237}
3238
3239SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
3240{
3241 return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname);
3242}
3243
3244int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
3245{
3246 int len;
3247
3248 len = PTR_ERR(link);
3249 if (IS_ERR(link))
3250 goto out;
3251
3252 len = strlen(link);
3253 if (len > (unsigned) buflen)
3254 len = buflen;
3255 if (copy_to_user(buffer, link, len))
3256 len = -EFAULT;
3257out:
3258 return len;
3259}
3260
3261
3262
3263
3264
3265
3266int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3267{
3268 struct nameidata nd;
3269 void *cookie;
3270 int res;
3271
3272 nd.depth = 0;
3273 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
3274 if (IS_ERR(cookie))
3275 return PTR_ERR(cookie);
3276
3277 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
3278 if (dentry->d_inode->i_op->put_link)
3279 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
3280 return res;
3281}
3282
3283int vfs_follow_link(struct nameidata *nd, const char *link)
3284{
3285 return __vfs_follow_link(nd, link);
3286}
3287
3288
3289static char *page_getlink(struct dentry * dentry, struct page **ppage)
3290{
3291 char *kaddr;
3292 struct page *page;
3293 struct address_space *mapping = dentry->d_inode->i_mapping;
3294 page = read_mapping_page(mapping, 0, NULL);
3295 if (IS_ERR(page))
3296 return (char*)page;
3297 *ppage = page;
3298 kaddr = kmap(page);
3299 nd_terminate_link(kaddr, dentry->d_inode->i_size, PAGE_SIZE - 1);
3300 return kaddr;
3301}
3302
3303int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3304{
3305 struct page *page = NULL;
3306 char *s = page_getlink(dentry, &page);
3307 int res = vfs_readlink(dentry,buffer,buflen,s);
3308 if (page) {
3309 kunmap(page);
3310 page_cache_release(page);
3311 }
3312 return res;
3313}
3314
3315void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
3316{
3317 struct page *page = NULL;
3318 nd_set_link(nd, page_getlink(dentry, &page));
3319 return page;
3320}
3321
3322void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
3323{
3324 struct page *page = cookie;
3325
3326 if (page) {
3327 kunmap(page);
3328 page_cache_release(page);
3329 }
3330}
3331
3332
3333
3334
3335int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
3336{
3337 struct address_space *mapping = inode->i_mapping;
3338 struct page *page;
3339 void *fsdata;
3340 int err;
3341 char *kaddr;
3342 unsigned int flags = AOP_FLAG_UNINTERRUPTIBLE;
3343 if (nofs)
3344 flags |= AOP_FLAG_NOFS;
3345
3346retry:
3347 err = pagecache_write_begin(NULL, mapping, 0, len-1,
3348 flags, &page, &fsdata);
3349 if (err)
3350 goto fail;
3351
3352 kaddr = kmap_atomic(page, KM_USER0);
3353 memcpy(kaddr, symname, len-1);
3354 kunmap_atomic(kaddr, KM_USER0);
3355
3356 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
3357 page, fsdata);
3358 if (err < 0)
3359 goto fail;
3360 if (err < len-1)
3361 goto retry;
3362
3363 mark_inode_dirty(inode);
3364 return 0;
3365fail:
3366 return err;
3367}
3368
3369int page_symlink(struct inode *inode, const char *symname, int len)
3370{
3371 return __page_symlink(inode, symname, len,
3372 !(mapping_gfp_mask(inode->i_mapping) & __GFP_FS));
3373}
3374
3375const struct inode_operations page_symlink_inode_operations = {
3376 .readlink = generic_readlink,
3377 .follow_link = page_follow_link_light,
3378 .put_link = page_put_link,
3379};
3380
3381EXPORT_SYMBOL(user_path_at);
3382EXPORT_SYMBOL(follow_down_one);
3383EXPORT_SYMBOL(follow_down);
3384EXPORT_SYMBOL(follow_up);
3385EXPORT_SYMBOL(get_write_access);
3386EXPORT_SYMBOL(getname);
3387EXPORT_SYMBOL(lock_rename);
3388EXPORT_SYMBOL(lookup_one_len);
3389EXPORT_SYMBOL(page_follow_link_light);
3390EXPORT_SYMBOL(page_put_link);
3391EXPORT_SYMBOL(page_readlink);
3392EXPORT_SYMBOL(__page_symlink);
3393EXPORT_SYMBOL(page_symlink);
3394EXPORT_SYMBOL(page_symlink_inode_operations);
3395EXPORT_SYMBOL(kern_path);
3396EXPORT_SYMBOL(vfs_path_lookup);
3397EXPORT_SYMBOL(inode_permission);
3398EXPORT_SYMBOL(unlock_rename);
3399EXPORT_SYMBOL(vfs_create);
3400EXPORT_SYMBOL(vfs_follow_link);
3401EXPORT_SYMBOL(vfs_link);
3402EXPORT_SYMBOL(vfs_mkdir);
3403EXPORT_SYMBOL(vfs_mknod);
3404EXPORT_SYMBOL(generic_permission);
3405EXPORT_SYMBOL(vfs_readlink);
3406EXPORT_SYMBOL(vfs_rename);
3407EXPORT_SYMBOL(vfs_rmdir);
3408EXPORT_SYMBOL(vfs_symlink);
3409EXPORT_SYMBOL(vfs_unlink);
3410EXPORT_SYMBOL(dentry_unhash);
3411EXPORT_SYMBOL(generic_readlink);
3412
