1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/init.h>
18#include <linux/module.h>
19#include <linux/slab.h>
20#include <linux/fs.h>
21#include <linux/namei.h>
22#include <linux/pagemap.h>
23#include <linux/fsnotify.h>
24#include <linux/personality.h>
25#include <linux/security.h>
26#include <linux/ima.h>
27#include <linux/syscalls.h>
28#include <linux/mount.h>
29#include <linux/audit.h>
30#include <linux/capability.h>
31#include <linux/file.h>
32#include <linux/fcntl.h>
33#include <linux/device_cgroup.h>
34#include <linux/fs_struct.h>
35#include <linux/posix_acl.h>
36#include <asm/uaccess.h>
37
38#include "internal.h"
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118static int do_getname(const char __user *filename, char *page)
119{
120 int retval;
121 unsigned long len = PATH_MAX;
122
123 if (!segment_eq(get_fs(), KERNEL_DS)) {
124 if ((unsigned long) filename >= TASK_SIZE)
125 return -EFAULT;
126 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
127 len = TASK_SIZE - (unsigned long) filename;
128 }
129
130 retval = strncpy_from_user(page, filename, len);
131 if (retval > 0) {
132 if (retval < len)
133 return 0;
134 return -ENAMETOOLONG;
135 } else if (!retval)
136 retval = -ENOENT;
137 return retval;
138}
139
140static char *getname_flags(const char __user *filename, int flags, int *empty)
141{
142 char *tmp, *result;
143
144 result = ERR_PTR(-ENOMEM);
145 tmp = __getname();
146 if (tmp) {
147 int retval = do_getname(filename, tmp);
148
149 result = tmp;
150 if (retval < 0) {
151 if (retval == -ENOENT && empty)
152 *empty = 1;
153 if (retval != -ENOENT || !(flags & LOOKUP_EMPTY)) {
154 __putname(tmp);
155 result = ERR_PTR(retval);
156 }
157 }
158 }
159 audit_getname(result);
160 return result;
161}
162
163char *getname(const char __user * filename)
164{
165 return getname_flags(filename, 0, 0);
166}
167
168#ifdef CONFIG_AUDITSYSCALL
169void putname(const char *name)
170{
171 if (unlikely(!audit_dummy_context()))
172 audit_putname(name);
173 else
174 __putname(name);
175}
176EXPORT_SYMBOL(putname);
177#endif
178
179static int check_acl(struct inode *inode, int mask)
180{
181#ifdef CONFIG_FS_POSIX_ACL
182 struct posix_acl *acl;
183
184 if (mask & MAY_NOT_BLOCK) {
185 acl = get_cached_acl_rcu(inode, ACL_TYPE_ACCESS);
186 if (!acl)
187 return -EAGAIN;
188
189 if (acl == ACL_NOT_CACHED)
190 return -ECHILD;
191 return posix_acl_permission(inode, acl, mask & ~MAY_NOT_BLOCK);
192 }
193
194 acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
195
196
197
198
199
200
201
202
203
204 if (acl == ACL_NOT_CACHED) {
205 if (inode->i_op->get_acl) {
206 acl = inode->i_op->get_acl(inode, ACL_TYPE_ACCESS);
207 if (IS_ERR(acl))
208 return PTR_ERR(acl);
209 } else {
210 set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
211 return -EAGAIN;
212 }
213 }
214
215 if (acl) {
216 int error = posix_acl_permission(inode, acl, mask);
217 posix_acl_release(acl);
218 return error;
219 }
220#endif
221
222 return -EAGAIN;
223}
224
225
226
227
228static int acl_permission_check(struct inode *inode, int mask)
229{
230 unsigned int mode = inode->i_mode;
231
232 if (current_user_ns() != inode_userns(inode))
233 goto other_perms;
234
235 if (likely(current_fsuid() == inode->i_uid))
236 mode >>= 6;
237 else {
238 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
239 int error = check_acl(inode, mask);
240 if (error != -EAGAIN)
241 return error;
242 }
243
244 if (in_group_p(inode->i_gid))
245 mode >>= 3;
246 }
247
248other_perms:
249
250
251
252 if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
253 return 0;
254 return -EACCES;
255}
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271int generic_permission(struct inode *inode, int mask)
272{
273 int ret;
274
275
276
277
278 ret = acl_permission_check(inode, mask);
279 if (ret != -EACCES)
280 return ret;
281
282 if (S_ISDIR(inode->i_mode)) {
283
284 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
285 return 0;
286 if (!(mask & MAY_WRITE))
287 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
288 return 0;
289 return -EACCES;
290 }
291
292
293
294
295
296 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
297 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
298 return 0;
299
300
301
302
303 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
304 if (mask == MAY_READ)
305 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
306 return 0;
307
308 return -EACCES;
309}
310
311
312
313
314
315
316
317static inline int do_inode_permission(struct inode *inode, int mask)
318{
319 if (unlikely(!(inode->i_opflags & IOP_FASTPERM))) {
320 if (likely(inode->i_op->permission))
321 return inode->i_op->permission(inode, mask);
322
323
324 spin_lock(&inode->i_lock);
325 inode->i_opflags |= IOP_FASTPERM;
326 spin_unlock(&inode->i_lock);
327 }
328 return generic_permission(inode, mask);
329}
330
331
332
333
334
335
336
337
338
339
340
341
342
343int inode_permission(struct inode *inode, int mask)
344{
345 int retval;
346
347 if (unlikely(mask & MAY_WRITE)) {
348 umode_t mode = inode->i_mode;
349
350
351
352
353 if (IS_RDONLY(inode) &&
354 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
355 return -EROFS;
356
357
358
359
360 if (IS_IMMUTABLE(inode))
361 return -EACCES;
362 }
363
364 retval = do_inode_permission(inode, mask);
365 if (retval)
366 return retval;
367
368 retval = devcgroup_inode_permission(inode, mask);
369 if (retval)
370 return retval;
371
372 return security_inode_permission(inode, mask);
373}
374
375
376
377
378
379
380
381void path_get(struct path *path)
382{
383 mntget(path->mnt);
384 dget(path->dentry);
385}
386EXPORT_SYMBOL(path_get);
387
388
389
390
391
392
393
394void path_put(struct path *path)
395{
396 dput(path->dentry);
397 mntput(path->mnt);
398}
399EXPORT_SYMBOL(path_put);
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422static int unlazy_walk(struct nameidata *nd, struct dentry *dentry)
423{
424 struct fs_struct *fs = current->fs;
425 struct dentry *parent = nd->path.dentry;
426 int want_root = 0;
427
428 BUG_ON(!(nd->flags & LOOKUP_RCU));
429 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
430 want_root = 1;
431 spin_lock(&fs->lock);
432 if (nd->root.mnt != fs->root.mnt ||
433 nd->root.dentry != fs->root.dentry)
434 goto err_root;
435 }
436 spin_lock(&parent->d_lock);
437 if (!dentry) {
438 if (!__d_rcu_to_refcount(parent, nd->seq))
439 goto err_parent;
440 BUG_ON(nd->inode != parent->d_inode);
441 } else {
442 if (dentry->d_parent != parent)
443 goto err_parent;
444 spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
445 if (!__d_rcu_to_refcount(dentry, nd->seq))
446 goto err_child;
447
448
449
450
451
452
453 BUG_ON(!IS_ROOT(dentry) && dentry->d_parent != parent);
454 BUG_ON(!parent->d_count);
455 parent->d_count++;
456 spin_unlock(&dentry->d_lock);
457 }
458 spin_unlock(&parent->d_lock);
459 if (want_root) {
460 path_get(&nd->root);
461 spin_unlock(&fs->lock);
462 }
463 mntget(nd->path.mnt);
464
465 rcu_read_unlock();
466 br_read_unlock(vfsmount_lock);
467 nd->flags &= ~LOOKUP_RCU;
468 return 0;
469
470err_child:
471 spin_unlock(&dentry->d_lock);
472err_parent:
473 spin_unlock(&parent->d_lock);
474err_root:
475 if (want_root)
476 spin_unlock(&fs->lock);
477 return -ECHILD;
478}
479
480
481
482
483
484void release_open_intent(struct nameidata *nd)
485{
486 struct file *file = nd->intent.open.file;
487
488 if (file && !IS_ERR(file)) {
489 if (file->f_path.dentry == NULL)
490 put_filp(file);
491 else
492 fput(file);
493 }
494}
495
496static inline int d_revalidate(struct dentry *dentry, struct nameidata *nd)
497{
498 return dentry->d_op->d_revalidate(dentry, nd);
499}
500
501
502
503
504
505
506
507
508
509
510
511static int complete_walk(struct nameidata *nd)
512{
513 struct dentry *dentry = nd->path.dentry;
514 int status;
515
516 if (nd->flags & LOOKUP_RCU) {
517 nd->flags &= ~LOOKUP_RCU;
518 if (!(nd->flags & LOOKUP_ROOT))
519 nd->root.mnt = NULL;
520 spin_lock(&dentry->d_lock);
521 if (unlikely(!__d_rcu_to_refcount(dentry, nd->seq))) {
522 spin_unlock(&dentry->d_lock);
523 rcu_read_unlock();
524 br_read_unlock(vfsmount_lock);
525 return -ECHILD;
526 }
527 BUG_ON(nd->inode != dentry->d_inode);
528 spin_unlock(&dentry->d_lock);
529 mntget(nd->path.mnt);
530 rcu_read_unlock();
531 br_read_unlock(vfsmount_lock);
532 }
533
534 if (likely(!(nd->flags & LOOKUP_JUMPED)))
535 return 0;
536
537 if (likely(!(dentry->d_flags & DCACHE_OP_REVALIDATE)))
538 return 0;
539
540 if (likely(!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)))
541 return 0;
542
543
544 status = d_revalidate(dentry, nd);
545 if (status > 0)
546 return 0;
547
548 if (!status)
549 status = -ESTALE;
550
551 path_put(&nd->path);
552 return status;
553}
554
555static __always_inline void set_root(struct nameidata *nd)
556{
557 if (!nd->root.mnt)
558 get_fs_root(current->fs, &nd->root);
559}
560
561static int link_path_walk(const char *, struct nameidata *);
562
563static __always_inline void set_root_rcu(struct nameidata *nd)
564{
565 if (!nd->root.mnt) {
566 struct fs_struct *fs = current->fs;
567 unsigned seq;
568
569 do {
570 seq = read_seqcount_begin(&fs->seq);
571 nd->root = fs->root;
572 nd->seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
573 } while (read_seqcount_retry(&fs->seq, seq));
574 }
575}
576
577static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
578{
579 int ret;
580
581 if (IS_ERR(link))
582 goto fail;
583
584 if (*link == '/') {
585 set_root(nd);
586 path_put(&nd->path);
587 nd->path = nd->root;
588 path_get(&nd->root);
589 nd->flags |= LOOKUP_JUMPED;
590 }
591 nd->inode = nd->path.dentry->d_inode;
592
593 ret = link_path_walk(link, nd);
594 return ret;
595fail:
596 path_put(&nd->path);
597 return PTR_ERR(link);
598}
599
600static void path_put_conditional(struct path *path, struct nameidata *nd)
601{
602 dput(path->dentry);
603 if (path->mnt != nd->path.mnt)
604 mntput(path->mnt);
605}
606
607static inline void path_to_nameidata(const struct path *path,
608 struct nameidata *nd)
609{
610 if (!(nd->flags & LOOKUP_RCU)) {
611 dput(nd->path.dentry);
612 if (nd->path.mnt != path->mnt)
613 mntput(nd->path.mnt);
614 }
615 nd->path.mnt = path->mnt;
616 nd->path.dentry = path->dentry;
617}
618
619static inline void put_link(struct nameidata *nd, struct path *link, void *cookie)
620{
621 struct inode *inode = link->dentry->d_inode;
622 if (!IS_ERR(cookie) && inode->i_op->put_link)
623 inode->i_op->put_link(link->dentry, nd, cookie);
624 path_put(link);
625}
626
627static __always_inline int
628follow_link(struct path *link, struct nameidata *nd, void **p)
629{
630 int error;
631 struct dentry *dentry = link->dentry;
632
633 BUG_ON(nd->flags & LOOKUP_RCU);
634
635 if (link->mnt == nd->path.mnt)
636 mntget(link->mnt);
637
638 if (unlikely(current->total_link_count >= 40)) {
639 *p = ERR_PTR(-ELOOP);
640 path_put(&nd->path);
641 return -ELOOP;
642 }
643 cond_resched();
644 current->total_link_count++;
645
646 touch_atime(link->mnt, dentry);
647 nd_set_link(nd, NULL);
648
649 error = security_inode_follow_link(link->dentry, nd);
650 if (error) {
651 *p = ERR_PTR(error);
652 path_put(&nd->path);
653 return error;
654 }
655
656 nd->last_type = LAST_BIND;
657 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
658 error = PTR_ERR(*p);
659 if (!IS_ERR(*p)) {
660 char *s = nd_get_link(nd);
661 error = 0;
662 if (s)
663 error = __vfs_follow_link(nd, s);
664 else if (nd->last_type == LAST_BIND) {
665 nd->flags |= LOOKUP_JUMPED;
666 nd->inode = nd->path.dentry->d_inode;
667 if (nd->inode->i_op->follow_link) {
668
669 path_put(&nd->path);
670 error = -ELOOP;
671 }
672 }
673 }
674 return error;
675}
676
677static int follow_up_rcu(struct path *path)
678{
679 struct vfsmount *parent;
680 struct dentry *mountpoint;
681
682 parent = path->mnt->mnt_parent;
683 if (parent == path->mnt)
684 return 0;
685 mountpoint = path->mnt->mnt_mountpoint;
686 path->dentry = mountpoint;
687 path->mnt = parent;
688 return 1;
689}
690
691int follow_up(struct path *path)
692{
693 struct vfsmount *parent;
694 struct dentry *mountpoint;
695
696 br_read_lock(vfsmount_lock);
697 parent = path->mnt->mnt_parent;
698 if (parent == path->mnt) {
699 br_read_unlock(vfsmount_lock);
700 return 0;
701 }
702 mntget(parent);
703 mountpoint = dget(path->mnt->mnt_mountpoint);
704 br_read_unlock(vfsmount_lock);
705 dput(path->dentry);
706 path->dentry = mountpoint;
707 mntput(path->mnt);
708 path->mnt = parent;
709 return 1;
710}
711
712
713
714
715
716
717static int follow_automount(struct path *path, unsigned flags,
718 bool *need_mntput)
719{
720 struct vfsmount *mnt;
721 int err;
722
723 if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
724 return -EREMOTE;
725
726
727
728
729
730
731
732
733
734
735
736
737 if (!(flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY |
738 LOOKUP_OPEN | LOOKUP_CREATE | LOOKUP_AUTOMOUNT)) &&
739 path->dentry->d_inode)
740 return -EISDIR;
741
742 current->total_link_count++;
743 if (current->total_link_count >= 40)
744 return -ELOOP;
745
746 mnt = path->dentry->d_op->d_automount(path);
747 if (IS_ERR(mnt)) {
748
749
750
751
752
753
754
755
756
757 if (PTR_ERR(mnt) == -EISDIR && (flags & LOOKUP_PARENT))
758 return -EREMOTE;
759 return PTR_ERR(mnt);
760 }
761
762 if (!mnt)
763 return 0;
764
765 if (!*need_mntput) {
766
767 mntget(path->mnt);
768 *need_mntput = true;
769 }
770 err = finish_automount(mnt, path);
771
772 switch (err) {
773 case -EBUSY:
774
775 return 0;
776 case 0:
777 path_put(path);
778 path->mnt = mnt;
779 path->dentry = dget(mnt->mnt_root);
780 return 0;
781 default:
782 return err;
783 }
784
785}
786
787
788
789
790
791
792
793
794
795
796
797static int follow_managed(struct path *path, unsigned flags)
798{
799 struct vfsmount *mnt = path->mnt;
800 unsigned managed;
801 bool need_mntput = false;
802 int ret = 0;
803
804
805
806
807 while (managed = ACCESS_ONCE(path->dentry->d_flags),
808 managed &= DCACHE_MANAGED_DENTRY,
809 unlikely(managed != 0)) {
810
811
812 if (managed & DCACHE_MANAGE_TRANSIT) {
813 BUG_ON(!path->dentry->d_op);
814 BUG_ON(!path->dentry->d_op->d_manage);
815 ret = path->dentry->d_op->d_manage(path->dentry, false);
816 if (ret < 0)
817 break;
818 }
819
820
821 if (managed & DCACHE_MOUNTED) {
822 struct vfsmount *mounted = lookup_mnt(path);
823 if (mounted) {
824 dput(path->dentry);
825 if (need_mntput)
826 mntput(path->mnt);
827 path->mnt = mounted;
828 path->dentry = dget(mounted->mnt_root);
829 need_mntput = true;
830 continue;
831 }
832
833
834
835
836
837 }
838
839
840 if (managed & DCACHE_NEED_AUTOMOUNT) {
841 ret = follow_automount(path, flags, &need_mntput);
842 if (ret < 0)
843 break;
844 continue;
845 }
846
847
848 break;
849 }
850
851 if (need_mntput && path->mnt == mnt)
852 mntput(path->mnt);
853 if (ret == -EISDIR)
854 ret = 0;
855 return ret < 0 ? ret : need_mntput;
856}
857
858int follow_down_one(struct path *path)
859{
860 struct vfsmount *mounted;
861
862 mounted = lookup_mnt(path);
863 if (mounted) {
864 dput(path->dentry);
865 mntput(path->mnt);
866 path->mnt = mounted;
867 path->dentry = dget(mounted->mnt_root);
868 return 1;
869 }
870 return 0;
871}
872
873static inline bool managed_dentry_might_block(struct dentry *dentry)
874{
875 return (dentry->d_flags & DCACHE_MANAGE_TRANSIT &&
876 dentry->d_op->d_manage(dentry, true) < 0);
877}
878
879
880
881
882
883static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
884 struct inode **inode)
885{
886 for (;;) {
887 struct vfsmount *mounted;
888
889
890
891
892 if (unlikely(managed_dentry_might_block(path->dentry)))
893 return false;
894
895 if (!d_mountpoint(path->dentry))
896 break;
897
898 mounted = __lookup_mnt(path->mnt, path->dentry, 1);
899 if (!mounted)
900 break;
901 path->mnt = mounted;
902 path->dentry = mounted->mnt_root;
903 nd->flags |= LOOKUP_JUMPED;
904 nd->seq = read_seqcount_begin(&path->dentry->d_seq);
905
906
907
908
909
910 *inode = path->dentry->d_inode;
911 }
912 return true;
913}
914
915static void follow_mount_rcu(struct nameidata *nd)
916{
917 while (d_mountpoint(nd->path.dentry)) {
918 struct vfsmount *mounted;
919 mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry, 1);
920 if (!mounted)
921 break;
922 nd->path.mnt = mounted;
923 nd->path.dentry = mounted->mnt_root;
924 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
925 }
926}
927
928static int follow_dotdot_rcu(struct nameidata *nd)
929{
930 set_root_rcu(nd);
931
932 while (1) {
933 if (nd->path.dentry == nd->root.dentry &&
934 nd->path.mnt == nd->root.mnt) {
935 break;
936 }
937 if (nd->path.dentry != nd->path.mnt->mnt_root) {
938 struct dentry *old = nd->path.dentry;
939 struct dentry *parent = old->d_parent;
940 unsigned seq;
941
942 seq = read_seqcount_begin(&parent->d_seq);
943 if (read_seqcount_retry(&old->d_seq, nd->seq))
944 goto failed;
945 nd->path.dentry = parent;
946 nd->seq = seq;
947 break;
948 }
949 if (!follow_up_rcu(&nd->path))
950 break;
951 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
952 }
953 follow_mount_rcu(nd);
954 nd->inode = nd->path.dentry->d_inode;
955 return 0;
956
957failed:
958 nd->flags &= ~LOOKUP_RCU;
959 if (!(nd->flags & LOOKUP_ROOT))
960 nd->root.mnt = NULL;
961 rcu_read_unlock();
962 br_read_unlock(vfsmount_lock);
963 return -ECHILD;
964}
965
966
967
968
969
970
971int follow_down(struct path *path)
972{
973 unsigned managed;
974 int ret;
975
976 while (managed = ACCESS_ONCE(path->dentry->d_flags),
977 unlikely(managed & DCACHE_MANAGED_DENTRY)) {
978
979
980
981
982
983
984
985
986
987
988 if (managed & DCACHE_MANAGE_TRANSIT) {
989 BUG_ON(!path->dentry->d_op);
990 BUG_ON(!path->dentry->d_op->d_manage);
991 ret = path->dentry->d_op->d_manage(
992 path->dentry, false);
993 if (ret < 0)
994 return ret == -EISDIR ? 0 : ret;
995 }
996
997
998 if (managed & DCACHE_MOUNTED) {
999 struct vfsmount *mounted = lookup_mnt(path);
1000 if (!mounted)
1001 break;
1002 dput(path->dentry);
1003 mntput(path->mnt);
1004 path->mnt = mounted;
1005 path->dentry = dget(mounted->mnt_root);
1006 continue;
1007 }
1008
1009
1010 break;
1011 }
1012 return 0;
1013}
1014
1015
1016
1017
1018static void follow_mount(struct path *path)
1019{
1020 while (d_mountpoint(path->dentry)) {
1021 struct vfsmount *mounted = lookup_mnt(path);
1022 if (!mounted)
1023 break;
1024 dput(path->dentry);
1025 mntput(path->mnt);
1026 path->mnt = mounted;
1027 path->dentry = dget(mounted->mnt_root);
1028 }
1029}
1030
1031static void follow_dotdot(struct nameidata *nd)
1032{
1033 set_root(nd);
1034
1035 while(1) {
1036 struct dentry *old = nd->path.dentry;
1037
1038 if (nd->path.dentry == nd->root.dentry &&
1039 nd->path.mnt == nd->root.mnt) {
1040 break;
1041 }
1042 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1043
1044 nd->path.dentry = dget_parent(nd->path.dentry);
1045 dput(old);
1046 break;
1047 }
1048 if (!follow_up(&nd->path))
1049 break;
1050 }
1051 follow_mount(&nd->path);
1052 nd->inode = nd->path.dentry->d_inode;
1053}
1054
1055
1056
1057
1058
1059
1060
1061static struct dentry *d_alloc_and_lookup(struct dentry *parent,
1062 struct qstr *name, struct nameidata *nd)
1063{
1064 struct inode *inode = parent->d_inode;
1065 struct dentry *dentry;
1066 struct dentry *old;
1067
1068
1069 if (unlikely(IS_DEADDIR(inode)))
1070 return ERR_PTR(-ENOENT);
1071
1072 dentry = d_alloc(parent, name);
1073 if (unlikely(!dentry))
1074 return ERR_PTR(-ENOMEM);
1075
1076 old = inode->i_op->lookup(inode, dentry, nd);
1077 if (unlikely(old)) {
1078 dput(dentry);
1079 dentry = old;
1080 }
1081 return dentry;
1082}
1083
1084
1085
1086
1087
1088
1089
1090static struct dentry *d_inode_lookup(struct dentry *parent, struct dentry *dentry,
1091 struct nameidata *nd)
1092{
1093 struct inode *inode = parent->d_inode;
1094 struct dentry *old;
1095
1096
1097 if (unlikely(IS_DEADDIR(inode)))
1098 return ERR_PTR(-ENOENT);
1099
1100 old = inode->i_op->lookup(inode, dentry, nd);
1101 if (unlikely(old)) {
1102 dput(dentry);
1103 dentry = old;
1104 }
1105 return dentry;
1106}
1107
1108
1109
1110
1111
1112
1113static int do_lookup(struct nameidata *nd, struct qstr *name,
1114 struct path *path, struct inode **inode)
1115{
1116 struct vfsmount *mnt = nd->path.mnt;
1117 struct dentry *dentry, *parent = nd->path.dentry;
1118 int need_reval = 1;
1119 int status = 1;
1120 int err;
1121
1122
1123
1124
1125
1126
1127 if (nd->flags & LOOKUP_RCU) {
1128 unsigned seq;
1129 *inode = nd->inode;
1130 dentry = __d_lookup_rcu(parent, name, &seq, inode);
1131 if (!dentry)
1132 goto unlazy;
1133
1134
1135 if (__read_seqcount_retry(&parent->d_seq, nd->seq))
1136 return -ECHILD;
1137 nd->seq = seq;
1138
1139 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1140 status = d_revalidate(dentry, nd);
1141 if (unlikely(status <= 0)) {
1142 if (status != -ECHILD)
1143 need_reval = 0;
1144 goto unlazy;
1145 }
1146 }
1147 if (unlikely(d_need_lookup(dentry)))
1148 goto unlazy;
1149 path->mnt = mnt;
1150 path->dentry = dentry;
1151 if (unlikely(!__follow_mount_rcu(nd, path, inode)))
1152 goto unlazy;
1153 if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT))
1154 goto unlazy;
1155 return 0;
1156unlazy:
1157 if (unlazy_walk(nd, dentry))
1158 return -ECHILD;
1159 } else {
1160 dentry = __d_lookup(parent, name);
1161 }
1162
1163 if (dentry && unlikely(d_need_lookup(dentry))) {
1164 dput(dentry);
1165 dentry = NULL;
1166 }
1167retry:
1168 if (unlikely(!dentry)) {
1169 struct inode *dir = parent->d_inode;
1170 BUG_ON(nd->inode != dir);
1171
1172 mutex_lock(&dir->i_mutex);
1173 dentry = d_lookup(parent, name);
1174 if (likely(!dentry)) {
1175 dentry = d_alloc_and_lookup(parent, name, nd);
1176 if (IS_ERR(dentry)) {
1177 mutex_unlock(&dir->i_mutex);
1178 return PTR_ERR(dentry);
1179 }
1180
1181 need_reval = 0;
1182 status = 1;
1183 } else if (unlikely(d_need_lookup(dentry))) {
1184 dentry = d_inode_lookup(parent, dentry, nd);
1185 if (IS_ERR(dentry)) {
1186 mutex_unlock(&dir->i_mutex);
1187 return PTR_ERR(dentry);
1188 }
1189
1190 need_reval = 0;
1191 status = 1;
1192 }
1193 mutex_unlock(&dir->i_mutex);
1194 }
1195 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE) && need_reval)
1196 status = d_revalidate(dentry, nd);
1197 if (unlikely(status <= 0)) {
1198 if (status < 0) {
1199 dput(dentry);
1200 return status;
1201 }
1202 if (!d_invalidate(dentry)) {
1203 dput(dentry);
1204 dentry = NULL;
1205 need_reval = 1;
1206 goto retry;
1207 }
1208 }
1209
1210 path->mnt = mnt;
1211 path->dentry = dentry;
1212 err = follow_managed(path, nd->flags);
1213 if (unlikely(err < 0)) {
1214 path_put_conditional(path, nd);
1215 return err;
1216 }
1217 if (err)
1218 nd->flags |= LOOKUP_JUMPED;
1219 *inode = path->dentry->d_inode;
1220 return 0;
1221}
1222
1223static inline int may_lookup(struct nameidata *nd)
1224{
1225 if (nd->flags & LOOKUP_RCU) {
1226 int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1227 if (err != -ECHILD)
1228 return err;
1229 if (unlazy_walk(nd, NULL))
1230 return -ECHILD;
1231 }
1232 return inode_permission(nd->inode, MAY_EXEC);
1233}
1234
1235static inline int handle_dots(struct nameidata *nd, int type)
1236{
1237 if (type == LAST_DOTDOT) {
1238 if (nd->flags & LOOKUP_RCU) {
1239 if (follow_dotdot_rcu(nd))
1240 return -ECHILD;
1241 } else
1242 follow_dotdot(nd);
1243 }
1244 return 0;
1245}
1246
1247static void terminate_walk(struct nameidata *nd)
1248{
1249 if (!(nd->flags & LOOKUP_RCU)) {
1250 path_put(&nd->path);
1251 } else {
1252 nd->flags &= ~LOOKUP_RCU;
1253 if (!(nd->flags & LOOKUP_ROOT))
1254 nd->root.mnt = NULL;
1255 rcu_read_unlock();
1256 br_read_unlock(vfsmount_lock);
1257 }
1258}
1259
1260
1261
1262
1263
1264
1265
1266static inline int should_follow_link(struct inode *inode, int follow)
1267{
1268 if (unlikely(!(inode->i_opflags & IOP_NOFOLLOW))) {
1269 if (likely(inode->i_op->follow_link))
1270 return follow;
1271
1272
1273 spin_lock(&inode->i_lock);
1274 inode->i_opflags |= IOP_NOFOLLOW;
1275 spin_unlock(&inode->i_lock);
1276 }
1277 return 0;
1278}
1279
1280static inline int walk_component(struct nameidata *nd, struct path *path,
1281 struct qstr *name, int type, int follow)
1282{
1283 struct inode *inode;
1284 int err;
1285
1286
1287
1288
1289
1290 if (unlikely(type != LAST_NORM))
1291 return handle_dots(nd, type);
1292 err = do_lookup(nd, name, path, &inode);
1293 if (unlikely(err)) {
1294 terminate_walk(nd);
1295 return err;
1296 }
1297 if (!inode) {
1298 path_to_nameidata(path, nd);
1299 terminate_walk(nd);
1300 return -ENOENT;
1301 }
1302 if (should_follow_link(inode, follow)) {
1303 if (nd->flags & LOOKUP_RCU) {
1304 if (unlikely(unlazy_walk(nd, path->dentry))) {
1305 terminate_walk(nd);
1306 return -ECHILD;
1307 }
1308 }
1309 BUG_ON(inode != path->dentry->d_inode);
1310 return 1;
1311 }
1312 path_to_nameidata(path, nd);
1313 nd->inode = inode;
1314 return 0;
1315}
1316
1317
1318
1319
1320
1321
1322
1323
1324static inline int nested_symlink(struct path *path, struct nameidata *nd)
1325{
1326 int res;
1327
1328 if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
1329 path_put_conditional(path, nd);
1330 path_put(&nd->path);
1331 return -ELOOP;
1332 }
1333 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
1334
1335 nd->depth++;
1336 current->link_count++;
1337
1338 do {
1339 struct path link = *path;
1340 void *cookie;
1341
1342 res = follow_link(&link, nd, &cookie);
1343 if (!res)
1344 res = walk_component(nd, path, &nd->last,
1345 nd->last_type, LOOKUP_FOLLOW);
1346 put_link(nd, &link, cookie);
1347 } while (res > 0);
1348
1349 current->link_count--;
1350 nd->depth--;
1351 return res;
1352}
1353
1354
1355
1356
1357
1358
1359
1360static inline int can_lookup(struct inode *inode)
1361{
1362 if (likely(inode->i_opflags & IOP_LOOKUP))
1363 return 1;
1364 if (likely(!inode->i_op->lookup))
1365 return 0;
1366
1367
1368 spin_lock(&inode->i_lock);
1369 inode->i_opflags |= IOP_LOOKUP;
1370 spin_unlock(&inode->i_lock);
1371 return 1;
1372}
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382static int link_path_walk(const char *name, struct nameidata *nd)
1383{
1384 struct path next;
1385 int err;
1386
1387 while (*name=='/')
1388 name++;
1389 if (!*name)
1390 return 0;
1391
1392
1393 for(;;) {
1394 unsigned long hash;
1395 struct qstr this;
1396 unsigned int c;
1397 int type;
1398
1399 err = may_lookup(nd);
1400 if (err)
1401 break;
1402
1403 this.name = name;
1404 c = *(const unsigned char *)name;
1405
1406 hash = init_name_hash();
1407 do {
1408 name++;
1409 hash = partial_name_hash(c, hash);
1410 c = *(const unsigned char *)name;
1411 } while (c && (c != '/'));
1412 this.len = name - (const char *) this.name;
1413 this.hash = end_name_hash(hash);
1414
1415 type = LAST_NORM;
1416 if (this.name[0] == '.') switch (this.len) {
1417 case 2:
1418 if (this.name[1] == '.') {
1419 type = LAST_DOTDOT;
1420 nd->flags |= LOOKUP_JUMPED;
1421 }
1422 break;
1423 case 1:
1424 type = LAST_DOT;
1425 }
1426 if (likely(type == LAST_NORM)) {
1427 struct dentry *parent = nd->path.dentry;
1428 nd->flags &= ~LOOKUP_JUMPED;
1429 if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
1430 err = parent->d_op->d_hash(parent, nd->inode,
1431 &this);
1432 if (err < 0)
1433 break;
1434 }
1435 }
1436
1437
1438 if (!c)
1439 goto last_component;
1440 while (*++name == '/');
1441 if (!*name)
1442 goto last_component;
1443
1444 err = walk_component(nd, &next, &this, type, LOOKUP_FOLLOW);
1445 if (err < 0)
1446 return err;
1447
1448 if (err) {
1449 err = nested_symlink(&next, nd);
1450 if (err)
1451 return err;
1452 }
1453 if (can_lookup(nd->inode))
1454 continue;
1455 err = -ENOTDIR;
1456 break;
1457
1458
1459last_component:
1460 nd->last = this;
1461 nd->last_type = type;
1462 return 0;
1463 }
1464 terminate_walk(nd);
1465 return err;
1466}
1467
1468static int path_init(int dfd, const char *name, unsigned int flags,
1469 struct nameidata *nd, struct file **fp)
1470{
1471 int retval = 0;
1472 int fput_needed;
1473 struct file *file;
1474
1475 nd->last_type = LAST_ROOT;
1476 nd->flags = flags | LOOKUP_JUMPED;
1477 nd->depth = 0;
1478 if (flags & LOOKUP_ROOT) {
1479 struct inode *inode = nd->root.dentry->d_inode;
1480 if (*name) {
1481 if (!inode->i_op->lookup)
1482 return -ENOTDIR;
1483 retval = inode_permission(inode, MAY_EXEC);
1484 if (retval)
1485 return retval;
1486 }
1487 nd->path = nd->root;
1488 nd->inode = inode;
1489 if (flags & LOOKUP_RCU) {
1490 br_read_lock(vfsmount_lock);
1491 rcu_read_lock();
1492 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1493 } else {
1494 path_get(&nd->path);
1495 }
1496 return 0;
1497 }
1498
1499 nd->root.mnt = NULL;
1500
1501 if (*name=='/') {
1502 if (flags & LOOKUP_RCU) {
1503 br_read_lock(vfsmount_lock);
1504 rcu_read_lock();
1505 set_root_rcu(nd);
1506 } else {
1507 set_root(nd);
1508 path_get(&nd->root);
1509 }
1510 nd->path = nd->root;
1511 } else if (dfd == AT_FDCWD) {
1512 if (flags & LOOKUP_RCU) {
1513 struct fs_struct *fs = current->fs;
1514 unsigned seq;
1515
1516 br_read_lock(vfsmount_lock);
1517 rcu_read_lock();
1518
1519 do {
1520 seq = read_seqcount_begin(&fs->seq);
1521 nd->path = fs->pwd;
1522 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1523 } while (read_seqcount_retry(&fs->seq, seq));
1524 } else {
1525 get_fs_pwd(current->fs, &nd->path);
1526 }
1527 } else {
1528 struct dentry *dentry;
1529
1530 file = fget_raw_light(dfd, &fput_needed);
1531 retval = -EBADF;
1532 if (!file)
1533 goto out_fail;
1534
1535 dentry = file->f_path.dentry;
1536
1537 if (*name) {
1538 retval = -ENOTDIR;
1539 if (!S_ISDIR(dentry->d_inode->i_mode))
1540 goto fput_fail;
1541
1542 retval = inode_permission(dentry->d_inode, MAY_EXEC);
1543 if (retval)
1544 goto fput_fail;
1545 }
1546
1547 nd->path = file->f_path;
1548 if (flags & LOOKUP_RCU) {
1549 if (fput_needed)
1550 *fp = file;
1551 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1552 br_read_lock(vfsmount_lock);
1553 rcu_read_lock();
1554 } else {
1555 path_get(&file->f_path);
1556 fput_light(file, fput_needed);
1557 }
1558 }
1559
1560 nd->inode = nd->path.dentry->d_inode;
1561 return 0;
1562
1563fput_fail:
1564 fput_light(file, fput_needed);
1565out_fail:
1566 return retval;
1567}
1568
1569static inline int lookup_last(struct nameidata *nd, struct path *path)
1570{
1571 if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
1572 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
1573
1574 nd->flags &= ~LOOKUP_PARENT;
1575 return walk_component(nd, path, &nd->last, nd->last_type,
1576 nd->flags & LOOKUP_FOLLOW);
1577}
1578
1579
1580static int path_lookupat(int dfd, const char *name,
1581 unsigned int flags, struct nameidata *nd)
1582{
1583 struct file *base = NULL;
1584 struct path path;
1585 int err;
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601 err = path_init(dfd, name, flags | LOOKUP_PARENT, nd, &base);
1602
1603 if (unlikely(err))
1604 return err;
1605
1606 current->total_link_count = 0;
1607 err = link_path_walk(name, nd);
1608
1609 if (!err && !(flags & LOOKUP_PARENT)) {
1610 err = lookup_last(nd, &path);
1611 while (err > 0) {
1612 void *cookie;
1613 struct path link = path;
1614 nd->flags |= LOOKUP_PARENT;
1615 err = follow_link(&link, nd, &cookie);
1616 if (!err)
1617 err = lookup_last(nd, &path);
1618 put_link(nd, &link, cookie);
1619 }
1620 }
1621
1622 if (!err)
1623 err = complete_walk(nd);
1624
1625 if (!err && nd->flags & LOOKUP_DIRECTORY) {
1626 if (!nd->inode->i_op->lookup) {
1627 path_put(&nd->path);
1628 err = -ENOTDIR;
1629 }
1630 }
1631
1632 if (base)
1633 fput(base);
1634
1635 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
1636 path_put(&nd->root);
1637 nd->root.mnt = NULL;
1638 }
1639 return err;
1640}
1641
1642static int do_path_lookup(int dfd, const char *name,
1643 unsigned int flags, struct nameidata *nd)
1644{
1645 int retval = path_lookupat(dfd, name, flags | LOOKUP_RCU, nd);
1646 if (unlikely(retval == -ECHILD))
1647 retval = path_lookupat(dfd, name, flags, nd);
1648 if (unlikely(retval == -ESTALE))
1649 retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
1650
1651 if (likely(!retval)) {
1652 if (unlikely(!audit_dummy_context())) {
1653 if (nd->path.dentry && nd->inode)
1654 audit_inode(name, nd->path.dentry);
1655 }
1656 }
1657 return retval;
1658}
1659
1660int kern_path_parent(const char *name, struct nameidata *nd)
1661{
1662 return do_path_lookup(AT_FDCWD, name, LOOKUP_PARENT, nd);
1663}
1664
1665int kern_path(const char *name, unsigned int flags, struct path *path)
1666{
1667 struct nameidata nd;
1668 int res = do_path_lookup(AT_FDCWD, name, flags, &nd);
1669 if (!res)
1670 *path = nd.path;
1671 return res;
1672}
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1683 const char *name, unsigned int flags,
1684 struct path *path)
1685{
1686 struct nameidata nd;
1687 int err;
1688 nd.root.dentry = dentry;
1689 nd.root.mnt = mnt;
1690 BUG_ON(flags & LOOKUP_PARENT);
1691
1692 err = do_path_lookup(AT_FDCWD, name, flags | LOOKUP_ROOT, &nd);
1693 if (!err)
1694 *path = nd.path;
1695 return err;
1696}
1697
1698static struct dentry *__lookup_hash(struct qstr *name,
1699 struct dentry *base, struct nameidata *nd)
1700{
1701 struct inode *inode = base->d_inode;
1702 struct dentry *dentry;
1703 int err;
1704
1705 err = inode_permission(inode, MAY_EXEC);
1706 if (err)
1707 return ERR_PTR(err);
1708
1709
1710
1711
1712
1713
1714 dentry = d_lookup(base, name);
1715
1716 if (dentry && d_need_lookup(dentry)) {
1717
1718
1719
1720
1721 dentry = d_inode_lookup(base, dentry, nd);
1722 if (IS_ERR(dentry))
1723 return dentry;
1724 }
1725
1726 if (dentry && (dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1727 int status = d_revalidate(dentry, nd);
1728 if (unlikely(status <= 0)) {
1729
1730
1731
1732
1733
1734
1735 if (status < 0) {
1736 dput(dentry);
1737 return ERR_PTR(status);
1738 } else if (!d_invalidate(dentry)) {
1739 dput(dentry);
1740 dentry = NULL;
1741 }
1742 }
1743 }
1744
1745 if (!dentry)
1746 dentry = d_alloc_and_lookup(base, name, nd);
1747
1748 return dentry;
1749}
1750
1751
1752
1753
1754
1755
1756static struct dentry *lookup_hash(struct nameidata *nd)
1757{
1758 return __lookup_hash(&nd->last, nd->path.dentry, nd);
1759}
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1773{
1774 struct qstr this;
1775 unsigned long hash;
1776 unsigned int c;
1777
1778 WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex));
1779
1780 this.name = name;
1781 this.len = len;
1782 if (!len)
1783 return ERR_PTR(-EACCES);
1784
1785 hash = init_name_hash();
1786 while (len--) {
1787 c = *(const unsigned char *)name++;
1788 if (c == '/' || c == '\0')
1789 return ERR_PTR(-EACCES);
1790 hash = partial_name_hash(c, hash);
1791 }
1792 this.hash = end_name_hash(hash);
1793
1794
1795
1796
1797 if (base->d_flags & DCACHE_OP_HASH) {
1798 int err = base->d_op->d_hash(base, base->d_inode, &this);
1799 if (err < 0)
1800 return ERR_PTR(err);
1801 }
1802
1803 return __lookup_hash(&this, base, NULL);
1804}
1805
1806int user_path_at_empty(int dfd, const char __user *name, unsigned flags,
1807 struct path *path, int *empty)
1808{
1809 struct nameidata nd;
1810 char *tmp = getname_flags(name, flags, empty);
1811 int err = PTR_ERR(tmp);
1812 if (!IS_ERR(tmp)) {
1813
1814 BUG_ON(flags & LOOKUP_PARENT);
1815
1816 err = do_path_lookup(dfd, tmp, flags, &nd);
1817 putname(tmp);
1818 if (!err)
1819 *path = nd.path;
1820 }
1821 return err;
1822}
1823
1824int user_path_at(int dfd, const char __user *name, unsigned flags,
1825 struct path *path)
1826{
1827 return user_path_at_empty(dfd, name, flags, path, 0);
1828}
1829
1830static int user_path_parent(int dfd, const char __user *path,
1831 struct nameidata *nd, char **name)
1832{
1833 char *s = getname(path);
1834 int error;
1835
1836 if (IS_ERR(s))
1837 return PTR_ERR(s);
1838
1839 error = do_path_lookup(dfd, s, LOOKUP_PARENT, nd);
1840 if (error)
1841 putname(s);
1842 else
1843 *name = s;
1844
1845 return error;
1846}
1847
1848
1849
1850
1851
1852static inline int check_sticky(struct inode *dir, struct inode *inode)
1853{
1854 uid_t fsuid = current_fsuid();
1855
1856 if (!(dir->i_mode & S_ISVTX))
1857 return 0;
1858 if (current_user_ns() != inode_userns(inode))
1859 goto other_userns;
1860 if (inode->i_uid == fsuid)
1861 return 0;
1862 if (dir->i_uid == fsuid)
1863 return 0;
1864
1865other_userns:
1866 return !ns_capable(inode_userns(inode), CAP_FOWNER);
1867}
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1889{
1890 int error;
1891
1892 if (!victim->d_inode)
1893 return -ENOENT;
1894
1895 BUG_ON(victim->d_parent->d_inode != dir);
1896 audit_inode_child(victim, dir);
1897
1898 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
1899 if (error)
1900 return error;
1901 if (IS_APPEND(dir))
1902 return -EPERM;
1903 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1904 IS_IMMUTABLE(victim->d_inode) || IS_SWAPFILE(victim->d_inode))
1905 return -EPERM;
1906 if (isdir) {
1907 if (!S_ISDIR(victim->d_inode->i_mode))
1908 return -ENOTDIR;
1909 if (IS_ROOT(victim))
1910 return -EBUSY;
1911 } else if (S_ISDIR(victim->d_inode->i_mode))
1912 return -EISDIR;
1913 if (IS_DEADDIR(dir))
1914 return -ENOENT;
1915 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1916 return -EBUSY;
1917 return 0;
1918}
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928static inline int may_create(struct inode *dir, struct dentry *child)
1929{
1930 if (child->d_inode)
1931 return -EEXIST;
1932 if (IS_DEADDIR(dir))
1933 return -ENOENT;
1934 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
1935}
1936
1937
1938
1939
1940struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1941{
1942 struct dentry *p;
1943
1944 if (p1 == p2) {
1945 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1946 return NULL;
1947 }
1948
1949 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1950
1951 p = d_ancestor(p2, p1);
1952 if (p) {
1953 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT);
1954 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD);
1955 return p;
1956 }
1957
1958 p = d_ancestor(p1, p2);
1959 if (p) {
1960 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1961 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1962 return p;
1963 }
1964
1965 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1966 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1967 return NULL;
1968}
1969
1970void unlock_rename(struct dentry *p1, struct dentry *p2)
1971{
1972 mutex_unlock(&p1->d_inode->i_mutex);
1973 if (p1 != p2) {
1974 mutex_unlock(&p2->d_inode->i_mutex);
1975 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1976 }
1977}
1978
1979int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1980 struct nameidata *nd)
1981{
1982 int error = may_create(dir, dentry);
1983
1984 if (error)
1985 return error;
1986
1987 if (!dir->i_op->create)
1988 return -EACCES;
1989 mode &= S_IALLUGO;
1990 mode |= S_IFREG;
1991 error = security_inode_create(dir, dentry, mode);
1992 if (error)
1993 return error;
1994 error = dir->i_op->create(dir, dentry, mode, nd);
1995 if (!error)
1996 fsnotify_create(dir, dentry);
1997 return error;
1998}
1999
2000static int may_open(struct path *path, int acc_mode, int flag)
2001{
2002 struct dentry *dentry = path->dentry;
2003 struct inode *inode = dentry->d_inode;
2004 int error;
2005
2006
2007 if (!acc_mode)
2008 return 0;
2009
2010 if (!inode)
2011 return -ENOENT;
2012
2013 switch (inode->i_mode & S_IFMT) {
2014 case S_IFLNK:
2015 return -ELOOP;
2016 case S_IFDIR:
2017 if (acc_mode & MAY_WRITE)
2018 return -EISDIR;
2019 break;
2020 case S_IFBLK:
2021 case S_IFCHR:
2022 if (path->mnt->mnt_flags & MNT_NODEV)
2023 return -EACCES;
2024
2025 case S_IFIFO:
2026 case S_IFSOCK:
2027 flag &= ~O_TRUNC;
2028 break;
2029 }
2030
2031 error = inode_permission(inode, acc_mode);
2032 if (error)
2033 return error;
2034
2035
2036
2037
2038 if (IS_APPEND(inode)) {
2039 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
2040 return -EPERM;
2041 if (flag & O_TRUNC)
2042 return -EPERM;
2043 }
2044
2045
2046 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
2047 return -EPERM;
2048
2049 return 0;
2050}
2051
2052static int handle_truncate(struct file *filp)
2053{
2054 struct path *path = &filp->f_path;
2055 struct inode *inode = path->dentry->d_inode;
2056 int error = get_write_access(inode);
2057 if (error)
2058 return error;
2059
2060
2061
2062 error = locks_verify_locked(inode);
2063 if (!error)
2064 error = security_path_truncate(path);
2065 if (!error) {
2066 error = do_truncate(path->dentry, 0,
2067 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
2068 filp);
2069 }
2070 put_write_access(inode);
2071 return error;
2072}
2073
2074static inline int open_to_namei_flags(int flag)
2075{
2076 if ((flag & O_ACCMODE) == 3)
2077 flag--;
2078 return flag;
2079}
2080
2081
2082
2083
2084static struct file *do_last(struct nameidata *nd, struct path *path,
2085 const struct open_flags *op, const char *pathname)
2086{
2087 struct dentry *dir = nd->path.dentry;
2088 struct dentry *dentry;
2089 int open_flag = op->open_flag;
2090 int will_truncate = open_flag & O_TRUNC;
2091 int want_write = 0;
2092 int acc_mode = op->acc_mode;
2093 struct file *filp;
2094 int error;
2095
2096 nd->flags &= ~LOOKUP_PARENT;
2097 nd->flags |= op->intent;
2098
2099 switch (nd->last_type) {
2100 case LAST_DOTDOT:
2101 case LAST_DOT:
2102 error = handle_dots(nd, nd->last_type);
2103 if (error)
2104 return ERR_PTR(error);
2105
2106 case LAST_ROOT:
2107 error = complete_walk(nd);
2108 if (error)
2109 return ERR_PTR(error);
2110 audit_inode(pathname, nd->path.dentry);
2111 if (open_flag & O_CREAT) {
2112 error = -EISDIR;
2113 goto exit;
2114 }
2115 goto ok;
2116 case LAST_BIND:
2117 error = complete_walk(nd);
2118 if (error)
2119 return ERR_PTR(error);
2120 audit_inode(pathname, dir);
2121 goto ok;
2122 }
2123
2124 if (!(open_flag & O_CREAT)) {
2125 int symlink_ok = 0;
2126 if (nd->last.name[nd->last.len])
2127 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
2128 if (open_flag & O_PATH && !(nd->flags & LOOKUP_FOLLOW))
2129 symlink_ok = 1;
2130
2131 error = walk_component(nd, path, &nd->last, LAST_NORM,
2132 !symlink_ok);
2133 if (error < 0)
2134 return ERR_PTR(error);
2135 if (error)
2136 return NULL;
2137
2138 error = complete_walk(nd);
2139 if (error)
2140 return ERR_PTR(-ECHILD);
2141
2142 error = -ENOTDIR;
2143 if (nd->flags & LOOKUP_DIRECTORY) {
2144 if (!nd->inode->i_op->lookup)
2145 goto exit;
2146 }
2147 audit_inode(pathname, nd->path.dentry);
2148 goto ok;
2149 }
2150
2151
2152
2153
2154
2155
2156 error = complete_walk(nd);
2157 if (error)
2158 return ERR_PTR(error);
2159
2160 audit_inode(pathname, dir);
2161 error = -EISDIR;
2162
2163 if (nd->last.name[nd->last.len])
2164 goto exit;
2165
2166 mutex_lock(&dir->d_inode->i_mutex);
2167
2168 dentry = lookup_hash(nd);
2169 error = PTR_ERR(dentry);
2170 if (IS_ERR(dentry)) {
2171 mutex_unlock(&dir->d_inode->i_mutex);
2172 goto exit;
2173 }
2174
2175 path->dentry = dentry;
2176 path->mnt = nd->path.mnt;
2177
2178
2179 if (!dentry->d_inode) {
2180 int mode = op->mode;
2181 if (!IS_POSIXACL(dir->d_inode))
2182 mode &= ~current_umask();
2183
2184
2185
2186
2187
2188
2189
2190 error = mnt_want_write(nd->path.mnt);
2191 if (error)
2192 goto exit_mutex_unlock;
2193 want_write = 1;
2194
2195 open_flag &= ~O_TRUNC;
2196 will_truncate = 0;
2197 acc_mode = MAY_OPEN;
2198 error = security_path_mknod(&nd->path, dentry, mode, 0);
2199 if (error)
2200 goto exit_mutex_unlock;
2201 error = vfs_create(dir->d_inode, dentry, mode, nd);
2202 if (error)
2203 goto exit_mutex_unlock;
2204 mutex_unlock(&dir->d_inode->i_mutex);
2205 dput(nd->path.dentry);
2206 nd->path.dentry = dentry;
2207 goto common;
2208 }
2209
2210
2211
2212
2213 mutex_unlock(&dir->d_inode->i_mutex);
2214 audit_inode(pathname, path->dentry);
2215
2216 error = -EEXIST;
2217 if (open_flag & O_EXCL)
2218 goto exit_dput;
2219
2220 error = follow_managed(path, nd->flags);
2221 if (error < 0)
2222 goto exit_dput;
2223
2224 if (error)
2225 nd->flags |= LOOKUP_JUMPED;
2226
2227 error = -ENOENT;
2228 if (!path->dentry->d_inode)
2229 goto exit_dput;
2230
2231 if (path->dentry->d_inode->i_op->follow_link)
2232 return NULL;
2233
2234 path_to_nameidata(path, nd);
2235 nd->inode = path->dentry->d_inode;
2236
2237 error = complete_walk(nd);
2238 if (error)
2239 goto exit;
2240 error = -EISDIR;
2241 if (S_ISDIR(nd->inode->i_mode))
2242 goto exit;
2243ok:
2244 if (!S_ISREG(nd->inode->i_mode))
2245 will_truncate = 0;
2246
2247 if (will_truncate) {
2248 error = mnt_want_write(nd->path.mnt);
2249 if (error)
2250 goto exit;
2251 want_write = 1;
2252 }
2253common:
2254 error = may_open(&nd->path, acc_mode, open_flag);
2255 if (error)
2256 goto exit;
2257 filp = nameidata_to_filp(nd);
2258 if (!IS_ERR(filp)) {
2259 error = ima_file_check(filp, op->acc_mode);
2260 if (error) {
2261 fput(filp);
2262 filp = ERR_PTR(error);
2263 }
2264 }
2265 if (!IS_ERR(filp)) {
2266 if (will_truncate) {
2267 error = handle_truncate(filp);
2268 if (error) {
2269 fput(filp);
2270 filp = ERR_PTR(error);
2271 }
2272 }
2273 }
2274out:
2275 if (want_write)
2276 mnt_drop_write(nd->path.mnt);
2277 path_put(&nd->path);
2278 return filp;
2279
2280exit_mutex_unlock:
2281 mutex_unlock(&dir->d_inode->i_mutex);
2282exit_dput:
2283 path_put_conditional(path, nd);
2284exit:
2285 filp = ERR_PTR(error);
2286 goto out;
2287}
2288
2289static struct file *path_openat(int dfd, const char *pathname,
2290 struct nameidata *nd, const struct open_flags *op, int flags)
2291{
2292 struct file *base = NULL;
2293 struct file *filp;
2294 struct path path;
2295 int error;
2296
2297 filp = get_empty_filp();
2298 if (!filp)
2299 return ERR_PTR(-ENFILE);
2300
2301 filp->f_flags = op->open_flag;
2302 nd->intent.open.file = filp;
2303 nd->intent.open.flags = open_to_namei_flags(op->open_flag);
2304 nd->intent.open.create_mode = op->mode;
2305
2306 error = path_init(dfd, pathname, flags | LOOKUP_PARENT, nd, &base);
2307 if (unlikely(error))
2308 goto out_filp;
2309
2310 current->total_link_count = 0;
2311 error = link_path_walk(pathname, nd);
2312 if (unlikely(error))
2313 goto out_filp;
2314
2315 filp = do_last(nd, &path, op, pathname);
2316 while (unlikely(!filp)) {
2317 struct path link = path;
2318 void *cookie;
2319 if (!(nd->flags & LOOKUP_FOLLOW)) {
2320 path_put_conditional(&path, nd);
2321 path_put(&nd->path);
2322 filp = ERR_PTR(-ELOOP);
2323 break;
2324 }
2325 nd->flags |= LOOKUP_PARENT;
2326 nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL);
2327 error = follow_link(&link, nd, &cookie);
2328 if (unlikely(error))
2329 filp = ERR_PTR(error);
2330 else
2331 filp = do_last(nd, &path, op, pathname);
2332 put_link(nd, &link, cookie);
2333 }
2334out:
2335 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT))
2336 path_put(&nd->root);
2337 if (base)
2338 fput(base);
2339 release_open_intent(nd);
2340 return filp;
2341
2342out_filp:
2343 filp = ERR_PTR(error);
2344 goto out;
2345}
2346
2347struct file *do_filp_open(int dfd, const char *pathname,
2348 const struct open_flags *op, int flags)
2349{
2350 struct nameidata nd;
2351 struct file *filp;
2352
2353 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_RCU);
2354 if (unlikely(filp == ERR_PTR(-ECHILD)))
2355 filp = path_openat(dfd, pathname, &nd, op, flags);
2356 if (unlikely(filp == ERR_PTR(-ESTALE)))
2357 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_REVAL);
2358 return filp;
2359}
2360
2361struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt,
2362 const char *name, const struct open_flags *op, int flags)
2363{
2364 struct nameidata nd;
2365 struct file *file;
2366
2367 nd.root.mnt = mnt;
2368 nd.root.dentry = dentry;
2369
2370 flags |= LOOKUP_ROOT;
2371
2372 if (dentry->d_inode->i_op->follow_link && op->intent & LOOKUP_OPEN)
2373 return ERR_PTR(-ELOOP);
2374
2375 file = path_openat(-1, name, &nd, op, flags | LOOKUP_RCU);
2376 if (unlikely(file == ERR_PTR(-ECHILD)))
2377 file = path_openat(-1, name, &nd, op, flags);
2378 if (unlikely(file == ERR_PTR(-ESTALE)))
2379 file = path_openat(-1, name, &nd, op, flags | LOOKUP_REVAL);
2380 return file;
2381}
2382
2383struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path, int is_dir)
2384{
2385 struct dentry *dentry = ERR_PTR(-EEXIST);
2386 struct nameidata nd;
2387 int error = do_path_lookup(dfd, pathname, LOOKUP_PARENT, &nd);
2388 if (error)
2389 return ERR_PTR(error);
2390
2391
2392
2393
2394
2395 if (nd.last_type != LAST_NORM)
2396 goto out;
2397 nd.flags &= ~LOOKUP_PARENT;
2398 nd.flags |= LOOKUP_CREATE | LOOKUP_EXCL;
2399 nd.intent.open.flags = O_EXCL;
2400
2401
2402
2403
2404 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2405 dentry = lookup_hash(&nd);
2406 if (IS_ERR(dentry))
2407 goto fail;
2408
2409 if (dentry->d_inode)
2410 goto eexist;
2411
2412
2413
2414
2415
2416
2417 if (unlikely(!is_dir && nd.last.name[nd.last.len])) {
2418 dput(dentry);
2419 dentry = ERR_PTR(-ENOENT);
2420 goto fail;
2421 }
2422 *path = nd.path;
2423 return dentry;
2424eexist:
2425 dput(dentry);
2426 dentry = ERR_PTR(-EEXIST);
2427fail:
2428 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2429out:
2430 path_put(&nd.path);
2431 return dentry;
2432}
2433EXPORT_SYMBOL(kern_path_create);
2434
2435struct dentry *user_path_create(int dfd, const char __user *pathname, struct path *path, int is_dir)
2436{
2437 char *tmp = getname(pathname);
2438 struct dentry *res;
2439 if (IS_ERR(tmp))
2440 return ERR_CAST(tmp);
2441 res = kern_path_create(dfd, tmp, path, is_dir);
2442 putname(tmp);
2443 return res;
2444}
2445EXPORT_SYMBOL(user_path_create);
2446
2447int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2448{
2449 int error = may_create(dir, dentry);
2450
2451 if (error)
2452 return error;
2453
2454 if ((S_ISCHR(mode) || S_ISBLK(mode)) &&
2455 !ns_capable(inode_userns(dir), CAP_MKNOD))
2456 return -EPERM;
2457
2458 if (!dir->i_op->mknod)
2459 return -EPERM;
2460
2461 error = devcgroup_inode_mknod(mode, dev);
2462 if (error)
2463 return error;
2464
2465 error = security_inode_mknod(dir, dentry, mode, dev);
2466 if (error)
2467 return error;
2468
2469 error = dir->i_op->mknod(dir, dentry, mode, dev);
2470 if (!error)
2471 fsnotify_create(dir, dentry);
2472 return error;
2473}
2474
2475static int may_mknod(mode_t mode)
2476{
2477 switch (mode & S_IFMT) {
2478 case S_IFREG:
2479 case S_IFCHR:
2480 case S_IFBLK:
2481 case S_IFIFO:
2482 case S_IFSOCK:
2483 case 0:
2484 return 0;
2485 case S_IFDIR:
2486 return -EPERM;
2487 default:
2488 return -EINVAL;
2489 }
2490}
2491
2492SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
2493 unsigned, dev)
2494{
2495 struct dentry *dentry;
2496 struct path path;
2497 int error;
2498
2499 if (S_ISDIR(mode))
2500 return -EPERM;
2501
2502 dentry = user_path_create(dfd, filename, &path, 0);
2503 if (IS_ERR(dentry))
2504 return PTR_ERR(dentry);
2505
2506 if (!IS_POSIXACL(path.dentry->d_inode))
2507 mode &= ~current_umask();
2508 error = may_mknod(mode);
2509 if (error)
2510 goto out_dput;
2511 error = mnt_want_write(path.mnt);
2512 if (error)
2513 goto out_dput;
2514 error = security_path_mknod(&path, dentry, mode, dev);
2515 if (error)
2516 goto out_drop_write;
2517 switch (mode & S_IFMT) {
2518 case 0: case S_IFREG:
2519 error = vfs_create(path.dentry->d_inode,dentry,mode,NULL);
2520 break;
2521 case S_IFCHR: case S_IFBLK:
2522 error = vfs_mknod(path.dentry->d_inode,dentry,mode,
2523 new_decode_dev(dev));
2524 break;
2525 case S_IFIFO: case S_IFSOCK:
2526 error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
2527 break;
2528 }
2529out_drop_write:
2530 mnt_drop_write(path.mnt);
2531out_dput:
2532 dput(dentry);
2533 mutex_unlock(&path.dentry->d_inode->i_mutex);
2534 path_put(&path);
2535
2536 return error;
2537}
2538
2539SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev)
2540{
2541 return sys_mknodat(AT_FDCWD, filename, mode, dev);
2542}
2543
2544int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
2545{
2546 int error = may_create(dir, dentry);
2547
2548 if (error)
2549 return error;
2550
2551 if (!dir->i_op->mkdir)
2552 return -EPERM;
2553
2554 mode &= (S_IRWXUGO|S_ISVTX);
2555 error = security_inode_mkdir(dir, dentry, mode);
2556 if (error)
2557 return error;
2558
2559 error = dir->i_op->mkdir(dir, dentry, mode);
2560 if (!error)
2561 fsnotify_mkdir(dir, dentry);
2562 return error;
2563}
2564
2565SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
2566{
2567 struct dentry *dentry;
2568 struct path path;
2569 int error;
2570
2571 dentry = user_path_create(dfd, pathname, &path, 1);
2572 if (IS_ERR(dentry))
2573 return PTR_ERR(dentry);
2574
2575 if (!IS_POSIXACL(path.dentry->d_inode))
2576 mode &= ~current_umask();
2577 error = mnt_want_write(path.mnt);
2578 if (error)
2579 goto out_dput;
2580 error = security_path_mkdir(&path, dentry, mode);
2581 if (error)
2582 goto out_drop_write;
2583 error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
2584out_drop_write:
2585 mnt_drop_write(path.mnt);
2586out_dput:
2587 dput(dentry);
2588 mutex_unlock(&path.dentry->d_inode->i_mutex);
2589 path_put(&path);
2590 return error;
2591}
2592
2593SYSCALL_DEFINE2(mkdir, const char __user *, pathname, int, mode)
2594{
2595 return sys_mkdirat(AT_FDCWD, pathname, mode);
2596}
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613void dentry_unhash(struct dentry *dentry)
2614{
2615 shrink_dcache_parent(dentry);
2616 spin_lock(&dentry->d_lock);
2617 if (dentry->d_count == 1)
2618 __d_drop(dentry);
2619 spin_unlock(&dentry->d_lock);
2620}
2621
2622int vfs_rmdir(struct inode *dir, struct dentry *dentry)
2623{
2624 int error = may_delete(dir, dentry, 1);
2625
2626 if (error)
2627 return error;
2628
2629 if (!dir->i_op->rmdir)
2630 return -EPERM;
2631
2632 dget(dentry);
2633 mutex_lock(&dentry->d_inode->i_mutex);
2634
2635 error = -EBUSY;
2636 if (d_mountpoint(dentry))
2637 goto out;
2638
2639 error = security_inode_rmdir(dir, dentry);
2640 if (error)
2641 goto out;
2642
2643 shrink_dcache_parent(dentry);
2644 error = dir->i_op->rmdir(dir, dentry);
2645 if (error)
2646 goto out;
2647
2648 dentry->d_inode->i_flags |= S_DEAD;
2649 dont_mount(dentry);
2650
2651out:
2652 mutex_unlock(&dentry->d_inode->i_mutex);
2653 dput(dentry);
2654 if (!error)
2655 d_delete(dentry);
2656 return error;
2657}
2658
2659static long do_rmdir(int dfd, const char __user *pathname)
2660{
2661 int error = 0;
2662 char * name;
2663 struct dentry *dentry;
2664 struct nameidata nd;
2665
2666 error = user_path_parent(dfd, pathname, &nd, &name);
2667 if (error)
2668 return error;
2669
2670 switch(nd.last_type) {
2671 case LAST_DOTDOT:
2672 error = -ENOTEMPTY;
2673 goto exit1;
2674 case LAST_DOT:
2675 error = -EINVAL;
2676 goto exit1;
2677 case LAST_ROOT:
2678 error = -EBUSY;
2679 goto exit1;
2680 }
2681
2682 nd.flags &= ~LOOKUP_PARENT;
2683
2684 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2685 dentry = lookup_hash(&nd);
2686 error = PTR_ERR(dentry);
2687 if (IS_ERR(dentry))
2688 goto exit2;
2689 if (!dentry->d_inode) {
2690 error = -ENOENT;
2691 goto exit3;
2692 }
2693 error = mnt_want_write(nd.path.mnt);
2694 if (error)
2695 goto exit3;
2696 error = security_path_rmdir(&nd.path, dentry);
2697 if (error)
2698 goto exit4;
2699 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
2700exit4:
2701 mnt_drop_write(nd.path.mnt);
2702exit3:
2703 dput(dentry);
2704exit2:
2705 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2706exit1:
2707 path_put(&nd.path);
2708 putname(name);
2709 return error;
2710}
2711
2712SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
2713{
2714 return do_rmdir(AT_FDCWD, pathname);
2715}
2716
2717int vfs_unlink(struct inode *dir, struct dentry *dentry)
2718{
2719 int error = may_delete(dir, dentry, 0);
2720
2721 if (error)
2722 return error;
2723
2724 if (!dir->i_op->unlink)
2725 return -EPERM;
2726
2727 mutex_lock(&dentry->d_inode->i_mutex);
2728 if (d_mountpoint(dentry))
2729 error = -EBUSY;
2730 else {
2731 error = security_inode_unlink(dir, dentry);
2732 if (!error) {
2733 error = dir->i_op->unlink(dir, dentry);
2734 if (!error)
2735 dont_mount(dentry);
2736 }
2737 }
2738 mutex_unlock(&dentry->d_inode->i_mutex);
2739
2740
2741 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
2742 fsnotify_link_count(dentry->d_inode);
2743 d_delete(dentry);
2744 }
2745
2746 return error;
2747}
2748
2749
2750
2751
2752
2753
2754
2755static long do_unlinkat(int dfd, const char __user *pathname)
2756{
2757 int error;
2758 char *name;
2759 struct dentry *dentry;
2760 struct nameidata nd;
2761 struct inode *inode = NULL;
2762
2763 error = user_path_parent(dfd, pathname, &nd, &name);
2764 if (error)
2765 return error;
2766
2767 error = -EISDIR;
2768 if (nd.last_type != LAST_NORM)
2769 goto exit1;
2770
2771 nd.flags &= ~LOOKUP_PARENT;
2772
2773 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2774 dentry = lookup_hash(&nd);
2775 error = PTR_ERR(dentry);
2776 if (!IS_ERR(dentry)) {
2777
2778 if (nd.last.name[nd.last.len])
2779 goto slashes;
2780 inode = dentry->d_inode;
2781 if (!inode)
2782 goto slashes;
2783 ihold(inode);
2784 error = mnt_want_write(nd.path.mnt);
2785 if (error)
2786 goto exit2;
2787 error = security_path_unlink(&nd.path, dentry);
2788 if (error)
2789 goto exit3;
2790 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
2791exit3:
2792 mnt_drop_write(nd.path.mnt);
2793 exit2:
2794 dput(dentry);
2795 }
2796 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2797 if (inode)
2798 iput(inode);
2799exit1:
2800 path_put(&nd.path);
2801 putname(name);
2802 return error;
2803
2804slashes:
2805 error = !dentry->d_inode ? -ENOENT :
2806 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2807 goto exit2;
2808}
2809
2810SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
2811{
2812 if ((flag & ~AT_REMOVEDIR) != 0)
2813 return -EINVAL;
2814
2815 if (flag & AT_REMOVEDIR)
2816 return do_rmdir(dfd, pathname);
2817
2818 return do_unlinkat(dfd, pathname);
2819}
2820
2821SYSCALL_DEFINE1(unlink, const char __user *, pathname)
2822{
2823 return do_unlinkat(AT_FDCWD, pathname);
2824}
2825
2826int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
2827{
2828 int error = may_create(dir, dentry);
2829
2830 if (error)
2831 return error;
2832
2833 if (!dir->i_op->symlink)
2834 return -EPERM;
2835
2836 error = security_inode_symlink(dir, dentry, oldname);
2837 if (error)
2838 return error;
2839
2840 error = dir->i_op->symlink(dir, dentry, oldname);
2841 if (!error)
2842 fsnotify_create(dir, dentry);
2843 return error;
2844}
2845
2846SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
2847 int, newdfd, const char __user *, newname)
2848{
2849 int error;
2850 char *from;
2851 struct dentry *dentry;
2852 struct path path;
2853
2854 from = getname(oldname);
2855 if (IS_ERR(from))
2856 return PTR_ERR(from);
2857
2858 dentry = user_path_create(newdfd, newname, &path, 0);
2859 error = PTR_ERR(dentry);
2860 if (IS_ERR(dentry))
2861 goto out_putname;
2862
2863 error = mnt_want_write(path.mnt);
2864 if (error)
2865 goto out_dput;
2866 error = security_path_symlink(&path, dentry, from);
2867 if (error)
2868 goto out_drop_write;
2869 error = vfs_symlink(path.dentry->d_inode, dentry, from);
2870out_drop_write:
2871 mnt_drop_write(path.mnt);
2872out_dput:
2873 dput(dentry);
2874 mutex_unlock(&path.dentry->d_inode->i_mutex);
2875 path_put(&path);
2876out_putname:
2877 putname(from);
2878 return error;
2879}
2880
2881SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
2882{
2883 return sys_symlinkat(oldname, AT_FDCWD, newname);
2884}
2885
2886int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2887{
2888 struct inode *inode = old_dentry->d_inode;
2889 int error;
2890
2891 if (!inode)
2892 return -ENOENT;
2893
2894 error = may_create(dir, new_dentry);
2895 if (error)
2896 return error;
2897
2898 if (dir->i_sb != inode->i_sb)
2899 return -EXDEV;
2900
2901
2902
2903
2904 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2905 return -EPERM;
2906 if (!dir->i_op->link)
2907 return -EPERM;
2908 if (S_ISDIR(inode->i_mode))
2909 return -EPERM;
2910
2911 error = security_inode_link(old_dentry, dir, new_dentry);
2912 if (error)
2913 return error;
2914
2915 mutex_lock(&inode->i_mutex);
2916
2917 if (inode->i_nlink == 0)
2918 error = -ENOENT;
2919 else
2920 error = dir->i_op->link(old_dentry, dir, new_dentry);
2921 mutex_unlock(&inode->i_mutex);
2922 if (!error)
2923 fsnotify_link(dir, inode, new_dentry);
2924 return error;
2925}
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
2937 int, newdfd, const char __user *, newname, int, flags)
2938{
2939 struct dentry *new_dentry;
2940 struct path old_path, new_path;
2941 int how = 0;
2942 int error;
2943
2944 if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
2945 return -EINVAL;
2946
2947
2948
2949
2950
2951 if (flags & AT_EMPTY_PATH) {
2952 if (!capable(CAP_DAC_READ_SEARCH))
2953 return -ENOENT;
2954 how = LOOKUP_EMPTY;
2955 }
2956
2957 if (flags & AT_SYMLINK_FOLLOW)
2958 how |= LOOKUP_FOLLOW;
2959
2960 error = user_path_at(olddfd, oldname, how, &old_path);
2961 if (error)
2962 return error;
2963
2964 new_dentry = user_path_create(newdfd, newname, &new_path, 0);
2965 error = PTR_ERR(new_dentry);
2966 if (IS_ERR(new_dentry))
2967 goto out;
2968
2969 error = -EXDEV;
2970 if (old_path.mnt != new_path.mnt)
2971 goto out_dput;
2972 error = mnt_want_write(new_path.mnt);
2973 if (error)
2974 goto out_dput;
2975 error = security_path_link(old_path.dentry, &new_path, new_dentry);
2976 if (error)
2977 goto out_drop_write;
2978 error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry);
2979out_drop_write:
2980 mnt_drop_write(new_path.mnt);
2981out_dput:
2982 dput(new_dentry);
2983 mutex_unlock(&new_path.dentry->d_inode->i_mutex);
2984 path_put(&new_path);
2985out:
2986 path_put(&old_path);
2987
2988 return error;
2989}
2990
2991SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
2992{
2993 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
2994}
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
3024 struct inode *new_dir, struct dentry *new_dentry)
3025{
3026 int error = 0;
3027 struct inode *target = new_dentry->d_inode;
3028
3029
3030
3031
3032
3033 if (new_dir != old_dir) {
3034 error = inode_permission(old_dentry->d_inode, MAY_WRITE);
3035 if (error)
3036 return error;
3037 }
3038
3039 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3040 if (error)
3041 return error;
3042
3043 dget(new_dentry);
3044 if (target)
3045 mutex_lock(&target->i_mutex);
3046
3047 error = -EBUSY;
3048 if (d_mountpoint(old_dentry) || d_mountpoint(new_dentry))
3049 goto out;
3050
3051 if (target)
3052 shrink_dcache_parent(new_dentry);
3053 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3054 if (error)
3055 goto out;
3056
3057 if (target) {
3058 target->i_flags |= S_DEAD;
3059 dont_mount(new_dentry);
3060 }
3061out:
3062 if (target)
3063 mutex_unlock(&target->i_mutex);
3064 dput(new_dentry);
3065 if (!error)
3066 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3067 d_move(old_dentry,new_dentry);
3068 return error;
3069}
3070
3071static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
3072 struct inode *new_dir, struct dentry *new_dentry)
3073{
3074 struct inode *target = new_dentry->d_inode;
3075 int error;
3076
3077 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3078 if (error)
3079 return error;
3080
3081 dget(new_dentry);
3082 if (target)
3083 mutex_lock(&target->i_mutex);
3084
3085 error = -EBUSY;
3086 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
3087 goto out;
3088
3089 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3090 if (error)
3091 goto out;
3092
3093 if (target)
3094 dont_mount(new_dentry);
3095 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3096 d_move(old_dentry, new_dentry);
3097out:
3098 if (target)
3099 mutex_unlock(&target->i_mutex);
3100 dput(new_dentry);
3101 return error;
3102}
3103
3104int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
3105 struct inode *new_dir, struct dentry *new_dentry)
3106{
3107 int error;
3108 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
3109 const unsigned char *old_name;
3110
3111 if (old_dentry->d_inode == new_dentry->d_inode)
3112 return 0;
3113
3114 error = may_delete(old_dir, old_dentry, is_dir);
3115 if (error)
3116 return error;
3117
3118 if (!new_dentry->d_inode)
3119 error = may_create(new_dir, new_dentry);
3120 else
3121 error = may_delete(new_dir, new_dentry, is_dir);
3122 if (error)
3123 return error;
3124
3125 if (!old_dir->i_op->rename)
3126 return -EPERM;
3127
3128 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
3129
3130 if (is_dir)
3131 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
3132 else
3133 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
3134 if (!error)
3135 fsnotify_move(old_dir, new_dir, old_name, is_dir,
3136 new_dentry->d_inode, old_dentry);
3137 fsnotify_oldname_free(old_name);
3138
3139 return error;
3140}
3141
3142SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3143 int, newdfd, const char __user *, newname)
3144{
3145 struct dentry *old_dir, *new_dir;
3146 struct dentry *old_dentry, *new_dentry;
3147 struct dentry *trap;
3148 struct nameidata oldnd, newnd;
3149 char *from;
3150 char *to;
3151 int error;
3152
3153 error = user_path_parent(olddfd, oldname, &oldnd, &from);
3154 if (error)
3155 goto exit;
3156
3157 error = user_path_parent(newdfd, newname, &newnd, &to);
3158 if (error)
3159 goto exit1;
3160
3161 error = -EXDEV;
3162 if (oldnd.path.mnt != newnd.path.mnt)
3163 goto exit2;
3164
3165 old_dir = oldnd.path.dentry;
3166 error = -EBUSY;
3167 if (oldnd.last_type != LAST_NORM)
3168 goto exit2;
3169
3170 new_dir = newnd.path.dentry;
3171 if (newnd.last_type != LAST_NORM)
3172 goto exit2;
3173
3174 oldnd.flags &= ~LOOKUP_PARENT;
3175 newnd.flags &= ~LOOKUP_PARENT;
3176 newnd.flags |= LOOKUP_RENAME_TARGET;
3177
3178 trap = lock_rename(new_dir, old_dir);
3179
3180 old_dentry = lookup_hash(&oldnd);
3181 error = PTR_ERR(old_dentry);
3182 if (IS_ERR(old_dentry))
3183 goto exit3;
3184
3185 error = -ENOENT;
3186 if (!old_dentry->d_inode)
3187 goto exit4;
3188
3189 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
3190 error = -ENOTDIR;
3191 if (oldnd.last.name[oldnd.last.len])
3192 goto exit4;
3193 if (newnd.last.name[newnd.last.len])
3194 goto exit4;
3195 }
3196
3197 error = -EINVAL;
3198 if (old_dentry == trap)
3199 goto exit4;
3200 new_dentry = lookup_hash(&newnd);
3201 error = PTR_ERR(new_dentry);
3202 if (IS_ERR(new_dentry))
3203 goto exit4;
3204
3205 error = -ENOTEMPTY;
3206 if (new_dentry == trap)
3207 goto exit5;
3208
3209 error = mnt_want_write(oldnd.path.mnt);
3210 if (error)
3211 goto exit5;
3212 error = security_path_rename(&oldnd.path, old_dentry,
3213 &newnd.path, new_dentry);
3214 if (error)
3215 goto exit6;
3216 error = vfs_rename(old_dir->d_inode, old_dentry,
3217 new_dir->d_inode, new_dentry);
3218exit6:
3219 mnt_drop_write(oldnd.path.mnt);
3220exit5:
3221 dput(new_dentry);
3222exit4:
3223 dput(old_dentry);
3224exit3:
3225 unlock_rename(new_dir, old_dir);
3226exit2:
3227 path_put(&newnd.path);
3228 putname(to);
3229exit1:
3230 path_put(&oldnd.path);
3231 putname(from);
3232exit:
3233 return error;
3234}
3235
3236SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
3237{
3238 return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname);
3239}
3240
3241int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
3242{
3243 int len;
3244
3245 len = PTR_ERR(link);
3246 if (IS_ERR(link))
3247 goto out;
3248
3249 len = strlen(link);
3250 if (len > (unsigned) buflen)
3251 len = buflen;
3252 if (copy_to_user(buffer, link, len))
3253 len = -EFAULT;
3254out:
3255 return len;
3256}
3257
3258
3259
3260
3261
3262
3263int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3264{
3265 struct nameidata nd;
3266 void *cookie;
3267 int res;
3268
3269 nd.depth = 0;
3270 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
3271 if (IS_ERR(cookie))
3272 return PTR_ERR(cookie);
3273
3274 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
3275 if (dentry->d_inode->i_op->put_link)
3276 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
3277 return res;
3278}
3279
3280int vfs_follow_link(struct nameidata *nd, const char *link)
3281{
3282 return __vfs_follow_link(nd, link);
3283}
3284
3285
3286static char *page_getlink(struct dentry * dentry, struct page **ppage)
3287{
3288 char *kaddr;
3289 struct page *page;
3290 struct address_space *mapping = dentry->d_inode->i_mapping;
3291 page = read_mapping_page(mapping, 0, NULL);
3292 if (IS_ERR(page))
3293 return (char*)page;
3294 *ppage = page;
3295 kaddr = kmap(page);
3296 nd_terminate_link(kaddr, dentry->d_inode->i_size, PAGE_SIZE - 1);
3297 return kaddr;
3298}
3299
3300int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3301{
3302 struct page *page = NULL;
3303 char *s = page_getlink(dentry, &page);
3304 int res = vfs_readlink(dentry,buffer,buflen,s);
3305 if (page) {
3306 kunmap(page);
3307 page_cache_release(page);
3308 }
3309 return res;
3310}
3311
3312void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
3313{
3314 struct page *page = NULL;
3315 nd_set_link(nd, page_getlink(dentry, &page));
3316 return page;
3317}
3318
3319void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
3320{
3321 struct page *page = cookie;
3322
3323 if (page) {
3324 kunmap(page);
3325 page_cache_release(page);
3326 }
3327}
3328
3329
3330
3331
3332int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
3333{
3334 struct address_space *mapping = inode->i_mapping;
3335 struct page *page;
3336 void *fsdata;
3337 int err;
3338 char *kaddr;
3339 unsigned int flags = AOP_FLAG_UNINTERRUPTIBLE;
3340 if (nofs)
3341 flags |= AOP_FLAG_NOFS;
3342
3343retry:
3344 err = pagecache_write_begin(NULL, mapping, 0, len-1,
3345 flags, &page, &fsdata);
3346 if (err)
3347 goto fail;
3348
3349 kaddr = kmap_atomic(page, KM_USER0);
3350 memcpy(kaddr, symname, len-1);
3351 kunmap_atomic(kaddr, KM_USER0);
3352
3353 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
3354 page, fsdata);
3355 if (err < 0)
3356 goto fail;
3357 if (err < len-1)
3358 goto retry;
3359
3360 mark_inode_dirty(inode);
3361 return 0;
3362fail:
3363 return err;
3364}
3365
3366int page_symlink(struct inode *inode, const char *symname, int len)
3367{
3368 return __page_symlink(inode, symname, len,
3369 !(mapping_gfp_mask(inode->i_mapping) & __GFP_FS));
3370}
3371
3372const struct inode_operations page_symlink_inode_operations = {
3373 .readlink = generic_readlink,
3374 .follow_link = page_follow_link_light,
3375 .put_link = page_put_link,
3376};
3377
3378EXPORT_SYMBOL(user_path_at);
3379EXPORT_SYMBOL(follow_down_one);
3380EXPORT_SYMBOL(follow_down);
3381EXPORT_SYMBOL(follow_up);
3382EXPORT_SYMBOL(get_write_access);
3383EXPORT_SYMBOL(getname);
3384EXPORT_SYMBOL(lock_rename);
3385EXPORT_SYMBOL(lookup_one_len);
3386EXPORT_SYMBOL(page_follow_link_light);
3387EXPORT_SYMBOL(page_put_link);
3388EXPORT_SYMBOL(page_readlink);
3389EXPORT_SYMBOL(__page_symlink);
3390EXPORT_SYMBOL(page_symlink);
3391EXPORT_SYMBOL(page_symlink_inode_operations);
3392EXPORT_SYMBOL(kern_path);
3393EXPORT_SYMBOL(vfs_path_lookup);
3394EXPORT_SYMBOL(inode_permission);
3395EXPORT_SYMBOL(unlock_rename);
3396EXPORT_SYMBOL(vfs_create);
3397EXPORT_SYMBOL(vfs_follow_link);
3398EXPORT_SYMBOL(vfs_link);
3399EXPORT_SYMBOL(vfs_mkdir);
3400EXPORT_SYMBOL(vfs_mknod);
3401EXPORT_SYMBOL(generic_permission);
3402EXPORT_SYMBOL(vfs_readlink);
3403EXPORT_SYMBOL(vfs_rename);
3404EXPORT_SYMBOL(vfs_rmdir);
3405EXPORT_SYMBOL(vfs_symlink);
3406EXPORT_SYMBOL(vfs_unlink);
3407EXPORT_SYMBOL(dentry_unhash);
3408EXPORT_SYMBOL(generic_readlink);
3409
