1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/init.h>
18#include <linux/module.h>
19#include <linux/slab.h>
20#include <linux/fs.h>
21#include <linux/namei.h>
22#include <linux/pagemap.h>
23#include <linux/fsnotify.h>
24#include <linux/personality.h>
25#include <linux/security.h>
26#include <linux/ima.h>
27#include <linux/syscalls.h>
28#include <linux/mount.h>
29#include <linux/audit.h>
30#include <linux/capability.h>
31#include <linux/file.h>
32#include <linux/fcntl.h>
33#include <linux/device_cgroup.h>
34#include <linux/fs_struct.h>
35#include <linux/posix_acl.h>
36#include <asm/uaccess.h>
37
38#include "internal.h"
39#include "mount.h"
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119static int do_getname(const char __user *filename, char *page)
120{
121 int retval;
122 unsigned long len = PATH_MAX;
123
124 if (!segment_eq(get_fs(), KERNEL_DS)) {
125 if ((unsigned long) filename >= TASK_SIZE)
126 return -EFAULT;
127 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
128 len = TASK_SIZE - (unsigned long) filename;
129 }
130
131 retval = strncpy_from_user(page, filename, len);
132 if (retval > 0) {
133 if (retval < len)
134 return 0;
135 return -ENAMETOOLONG;
136 } else if (!retval)
137 retval = -ENOENT;
138 return retval;
139}
140
141static char *getname_flags(const char __user *filename, int flags, int *empty)
142{
143 char *result = __getname();
144 int retval;
145
146 if (!result)
147 return ERR_PTR(-ENOMEM);
148
149 retval = do_getname(filename, result);
150 if (retval < 0) {
151 if (retval == -ENOENT && empty)
152 *empty = 1;
153 if (retval != -ENOENT || !(flags & LOOKUP_EMPTY)) {
154 __putname(result);
155 return ERR_PTR(retval);
156 }
157 }
158 audit_getname(result);
159 return result;
160}
161
162char *getname(const char __user * filename)
163{
164 return getname_flags(filename, 0, 0);
165}
166
167#ifdef CONFIG_AUDITSYSCALL
168void putname(const char *name)
169{
170 if (unlikely(!audit_dummy_context()))
171 audit_putname(name);
172 else
173 __putname(name);
174}
175EXPORT_SYMBOL(putname);
176#endif
177
178static int check_acl(struct inode *inode, int mask)
179{
180#ifdef CONFIG_FS_POSIX_ACL
181 struct posix_acl *acl;
182
183 if (mask & MAY_NOT_BLOCK) {
184 acl = get_cached_acl_rcu(inode, ACL_TYPE_ACCESS);
185 if (!acl)
186 return -EAGAIN;
187
188 if (acl == ACL_NOT_CACHED)
189 return -ECHILD;
190 return posix_acl_permission(inode, acl, mask & ~MAY_NOT_BLOCK);
191 }
192
193 acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
194
195
196
197
198
199
200
201
202
203 if (acl == ACL_NOT_CACHED) {
204 if (inode->i_op->get_acl) {
205 acl = inode->i_op->get_acl(inode, ACL_TYPE_ACCESS);
206 if (IS_ERR(acl))
207 return PTR_ERR(acl);
208 } else {
209 set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
210 return -EAGAIN;
211 }
212 }
213
214 if (acl) {
215 int error = posix_acl_permission(inode, acl, mask);
216 posix_acl_release(acl);
217 return error;
218 }
219#endif
220
221 return -EAGAIN;
222}
223
224
225
226
227static int acl_permission_check(struct inode *inode, int mask)
228{
229 unsigned int mode = inode->i_mode;
230
231 if (current_user_ns() != inode_userns(inode))
232 goto other_perms;
233
234 if (likely(current_fsuid() == inode->i_uid))
235 mode >>= 6;
236 else {
237 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
238 int error = check_acl(inode, mask);
239 if (error != -EAGAIN)
240 return error;
241 }
242
243 if (in_group_p(inode->i_gid))
244 mode >>= 3;
245 }
246
247other_perms:
248
249
250
251 if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
252 return 0;
253 return -EACCES;
254}
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270int generic_permission(struct inode *inode, int mask)
271{
272 int ret;
273
274
275
276
277 ret = acl_permission_check(inode, mask);
278 if (ret != -EACCES)
279 return ret;
280
281 if (S_ISDIR(inode->i_mode)) {
282
283 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
284 return 0;
285 if (!(mask & MAY_WRITE))
286 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
287 return 0;
288 return -EACCES;
289 }
290
291
292
293
294
295 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
296 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
297 return 0;
298
299
300
301
302 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
303 if (mask == MAY_READ)
304 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
305 return 0;
306
307 return -EACCES;
308}
309
310
311
312
313
314
315
316static inline int do_inode_permission(struct inode *inode, int mask)
317{
318 if (unlikely(!(inode->i_opflags & IOP_FASTPERM))) {
319 if (likely(inode->i_op->permission))
320 return inode->i_op->permission(inode, mask);
321
322
323 spin_lock(&inode->i_lock);
324 inode->i_opflags |= IOP_FASTPERM;
325 spin_unlock(&inode->i_lock);
326 }
327 return generic_permission(inode, mask);
328}
329
330
331
332
333
334
335
336
337
338
339
340
341
342int inode_permission(struct inode *inode, int mask)
343{
344 int retval;
345
346 if (unlikely(mask & MAY_WRITE)) {
347 umode_t mode = inode->i_mode;
348
349
350
351
352 if (IS_RDONLY(inode) &&
353 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
354 return -EROFS;
355
356
357
358
359 if (IS_IMMUTABLE(inode))
360 return -EACCES;
361 }
362
363 retval = do_inode_permission(inode, mask);
364 if (retval)
365 return retval;
366
367 retval = devcgroup_inode_permission(inode, mask);
368 if (retval)
369 return retval;
370
371 return security_inode_permission(inode, mask);
372}
373
374
375
376
377
378
379
380void path_get(struct path *path)
381{
382 mntget(path->mnt);
383 dget(path->dentry);
384}
385EXPORT_SYMBOL(path_get);
386
387
388
389
390
391
392
393void path_put(struct path *path)
394{
395 dput(path->dentry);
396 mntput(path->mnt);
397}
398EXPORT_SYMBOL(path_put);
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421static int unlazy_walk(struct nameidata *nd, struct dentry *dentry)
422{
423 struct fs_struct *fs = current->fs;
424 struct dentry *parent = nd->path.dentry;
425 int want_root = 0;
426
427 BUG_ON(!(nd->flags & LOOKUP_RCU));
428 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
429 want_root = 1;
430 spin_lock(&fs->lock);
431 if (nd->root.mnt != fs->root.mnt ||
432 nd->root.dentry != fs->root.dentry)
433 goto err_root;
434 }
435 spin_lock(&parent->d_lock);
436 if (!dentry) {
437 if (!__d_rcu_to_refcount(parent, nd->seq))
438 goto err_parent;
439 BUG_ON(nd->inode != parent->d_inode);
440 } else {
441 if (dentry->d_parent != parent)
442 goto err_parent;
443 spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
444 if (!__d_rcu_to_refcount(dentry, nd->seq))
445 goto err_child;
446
447
448
449
450
451
452 BUG_ON(!IS_ROOT(dentry) && dentry->d_parent != parent);
453 BUG_ON(!parent->d_count);
454 parent->d_count++;
455 spin_unlock(&dentry->d_lock);
456 }
457 spin_unlock(&parent->d_lock);
458 if (want_root) {
459 path_get(&nd->root);
460 spin_unlock(&fs->lock);
461 }
462 mntget(nd->path.mnt);
463
464 rcu_read_unlock();
465 br_read_unlock(vfsmount_lock);
466 nd->flags &= ~LOOKUP_RCU;
467 return 0;
468
469err_child:
470 spin_unlock(&dentry->d_lock);
471err_parent:
472 spin_unlock(&parent->d_lock);
473err_root:
474 if (want_root)
475 spin_unlock(&fs->lock);
476 return -ECHILD;
477}
478
479
480
481
482
483void release_open_intent(struct nameidata *nd)
484{
485 struct file *file = nd->intent.open.file;
486
487 if (file && !IS_ERR(file)) {
488 if (file->f_path.dentry == NULL)
489 put_filp(file);
490 else
491 fput(file);
492 }
493}
494
495static inline int d_revalidate(struct dentry *dentry, struct nameidata *nd)
496{
497 return dentry->d_op->d_revalidate(dentry, nd);
498}
499
500
501
502
503
504
505
506
507
508
509
510static int complete_walk(struct nameidata *nd)
511{
512 struct dentry *dentry = nd->path.dentry;
513 int status;
514
515 if (nd->flags & LOOKUP_RCU) {
516 nd->flags &= ~LOOKUP_RCU;
517 if (!(nd->flags & LOOKUP_ROOT))
518 nd->root.mnt = NULL;
519 spin_lock(&dentry->d_lock);
520 if (unlikely(!__d_rcu_to_refcount(dentry, nd->seq))) {
521 spin_unlock(&dentry->d_lock);
522 rcu_read_unlock();
523 br_read_unlock(vfsmount_lock);
524 return -ECHILD;
525 }
526 BUG_ON(nd->inode != dentry->d_inode);
527 spin_unlock(&dentry->d_lock);
528 mntget(nd->path.mnt);
529 rcu_read_unlock();
530 br_read_unlock(vfsmount_lock);
531 }
532
533 if (likely(!(nd->flags & LOOKUP_JUMPED)))
534 return 0;
535
536 if (likely(!(dentry->d_flags & DCACHE_OP_REVALIDATE)))
537 return 0;
538
539 if (likely(!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)))
540 return 0;
541
542
543 status = d_revalidate(dentry, nd);
544 if (status > 0)
545 return 0;
546
547 if (!status)
548 status = -ESTALE;
549
550 path_put(&nd->path);
551 return status;
552}
553
554static __always_inline void set_root(struct nameidata *nd)
555{
556 if (!nd->root.mnt)
557 get_fs_root(current->fs, &nd->root);
558}
559
560static int link_path_walk(const char *, struct nameidata *);
561
562static __always_inline void set_root_rcu(struct nameidata *nd)
563{
564 if (!nd->root.mnt) {
565 struct fs_struct *fs = current->fs;
566 unsigned seq;
567
568 do {
569 seq = read_seqcount_begin(&fs->seq);
570 nd->root = fs->root;
571 nd->seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
572 } while (read_seqcount_retry(&fs->seq, seq));
573 }
574}
575
576static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
577{
578 int ret;
579
580 if (IS_ERR(link))
581 goto fail;
582
583 if (*link == '/') {
584 set_root(nd);
585 path_put(&nd->path);
586 nd->path = nd->root;
587 path_get(&nd->root);
588 nd->flags |= LOOKUP_JUMPED;
589 }
590 nd->inode = nd->path.dentry->d_inode;
591
592 ret = link_path_walk(link, nd);
593 return ret;
594fail:
595 path_put(&nd->path);
596 return PTR_ERR(link);
597}
598
599static void path_put_conditional(struct path *path, struct nameidata *nd)
600{
601 dput(path->dentry);
602 if (path->mnt != nd->path.mnt)
603 mntput(path->mnt);
604}
605
606static inline void path_to_nameidata(const struct path *path,
607 struct nameidata *nd)
608{
609 if (!(nd->flags & LOOKUP_RCU)) {
610 dput(nd->path.dentry);
611 if (nd->path.mnt != path->mnt)
612 mntput(nd->path.mnt);
613 }
614 nd->path.mnt = path->mnt;
615 nd->path.dentry = path->dentry;
616}
617
618static inline void put_link(struct nameidata *nd, struct path *link, void *cookie)
619{
620 struct inode *inode = link->dentry->d_inode;
621 if (!IS_ERR(cookie) && inode->i_op->put_link)
622 inode->i_op->put_link(link->dentry, nd, cookie);
623 path_put(link);
624}
625
626static __always_inline int
627follow_link(struct path *link, struct nameidata *nd, void **p)
628{
629 int error;
630 struct dentry *dentry = link->dentry;
631
632 BUG_ON(nd->flags & LOOKUP_RCU);
633
634 if (link->mnt == nd->path.mnt)
635 mntget(link->mnt);
636
637 if (unlikely(current->total_link_count >= 40)) {
638 *p = ERR_PTR(-ELOOP);
639 path_put(&nd->path);
640 return -ELOOP;
641 }
642 cond_resched();
643 current->total_link_count++;
644
645 touch_atime(link->mnt, dentry);
646 nd_set_link(nd, NULL);
647
648 error = security_inode_follow_link(link->dentry, nd);
649 if (error) {
650 *p = ERR_PTR(error);
651 path_put(&nd->path);
652 return error;
653 }
654
655 nd->last_type = LAST_BIND;
656 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
657 error = PTR_ERR(*p);
658 if (!IS_ERR(*p)) {
659 char *s = nd_get_link(nd);
660 error = 0;
661 if (s)
662 error = __vfs_follow_link(nd, s);
663 else if (nd->last_type == LAST_BIND) {
664 nd->flags |= LOOKUP_JUMPED;
665 nd->inode = nd->path.dentry->d_inode;
666 if (nd->inode->i_op->follow_link) {
667
668 path_put(&nd->path);
669 error = -ELOOP;
670 }
671 }
672 }
673 return error;
674}
675
676static int follow_up_rcu(struct path *path)
677{
678 struct mount *mnt = real_mount(path->mnt);
679 struct mount *parent;
680 struct dentry *mountpoint;
681
682 parent = mnt->mnt_parent;
683 if (&parent->mnt == path->mnt)
684 return 0;
685 mountpoint = mnt->mnt_mountpoint;
686 path->dentry = mountpoint;
687 path->mnt = &parent->mnt;
688 return 1;
689}
690
691int follow_up(struct path *path)
692{
693 struct mount *mnt = real_mount(path->mnt);
694 struct mount *parent;
695 struct dentry *mountpoint;
696
697 br_read_lock(vfsmount_lock);
698 parent = mnt->mnt_parent;
699 if (&parent->mnt == path->mnt) {
700 br_read_unlock(vfsmount_lock);
701 return 0;
702 }
703 mntget(&parent->mnt);
704 mountpoint = dget(mnt->mnt_mountpoint);
705 br_read_unlock(vfsmount_lock);
706 dput(path->dentry);
707 path->dentry = mountpoint;
708 mntput(path->mnt);
709 path->mnt = &parent->mnt;
710 return 1;
711}
712
713
714
715
716
717
718static int follow_automount(struct path *path, unsigned flags,
719 bool *need_mntput)
720{
721 struct vfsmount *mnt;
722 int err;
723
724 if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
725 return -EREMOTE;
726
727
728
729
730
731
732
733
734
735
736
737
738 if (!(flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY |
739 LOOKUP_OPEN | LOOKUP_CREATE | LOOKUP_AUTOMOUNT)) &&
740 path->dentry->d_inode)
741 return -EISDIR;
742
743 current->total_link_count++;
744 if (current->total_link_count >= 40)
745 return -ELOOP;
746
747 mnt = path->dentry->d_op->d_automount(path);
748 if (IS_ERR(mnt)) {
749
750
751
752
753
754
755
756
757
758 if (PTR_ERR(mnt) == -EISDIR && (flags & LOOKUP_PARENT))
759 return -EREMOTE;
760 return PTR_ERR(mnt);
761 }
762
763 if (!mnt)
764 return 0;
765
766 if (!*need_mntput) {
767
768 mntget(path->mnt);
769 *need_mntput = true;
770 }
771 err = finish_automount(mnt, path);
772
773 switch (err) {
774 case -EBUSY:
775
776 return 0;
777 case 0:
778 path_put(path);
779 path->mnt = mnt;
780 path->dentry = dget(mnt->mnt_root);
781 return 0;
782 default:
783 return err;
784 }
785
786}
787
788
789
790
791
792
793
794
795
796
797
798static int follow_managed(struct path *path, unsigned flags)
799{
800 struct vfsmount *mnt = path->mnt;
801 unsigned managed;
802 bool need_mntput = false;
803 int ret = 0;
804
805
806
807
808 while (managed = ACCESS_ONCE(path->dentry->d_flags),
809 managed &= DCACHE_MANAGED_DENTRY,
810 unlikely(managed != 0)) {
811
812
813 if (managed & DCACHE_MANAGE_TRANSIT) {
814 BUG_ON(!path->dentry->d_op);
815 BUG_ON(!path->dentry->d_op->d_manage);
816 ret = path->dentry->d_op->d_manage(path->dentry, false);
817 if (ret < 0)
818 break;
819 }
820
821
822 if (managed & DCACHE_MOUNTED) {
823 struct vfsmount *mounted = lookup_mnt(path);
824 if (mounted) {
825 dput(path->dentry);
826 if (need_mntput)
827 mntput(path->mnt);
828 path->mnt = mounted;
829 path->dentry = dget(mounted->mnt_root);
830 need_mntput = true;
831 continue;
832 }
833
834
835
836
837
838 }
839
840
841 if (managed & DCACHE_NEED_AUTOMOUNT) {
842 ret = follow_automount(path, flags, &need_mntput);
843 if (ret < 0)
844 break;
845 continue;
846 }
847
848
849 break;
850 }
851
852 if (need_mntput && path->mnt == mnt)
853 mntput(path->mnt);
854 if (ret == -EISDIR)
855 ret = 0;
856 return ret < 0 ? ret : need_mntput;
857}
858
859int follow_down_one(struct path *path)
860{
861 struct vfsmount *mounted;
862
863 mounted = lookup_mnt(path);
864 if (mounted) {
865 dput(path->dentry);
866 mntput(path->mnt);
867 path->mnt = mounted;
868 path->dentry = dget(mounted->mnt_root);
869 return 1;
870 }
871 return 0;
872}
873
874static inline bool managed_dentry_might_block(struct dentry *dentry)
875{
876 return (dentry->d_flags & DCACHE_MANAGE_TRANSIT &&
877 dentry->d_op->d_manage(dentry, true) < 0);
878}
879
880
881
882
883
884static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
885 struct inode **inode)
886{
887 for (;;) {
888 struct mount *mounted;
889
890
891
892
893 if (unlikely(managed_dentry_might_block(path->dentry)))
894 return false;
895
896 if (!d_mountpoint(path->dentry))
897 break;
898
899 mounted = __lookup_mnt(path->mnt, path->dentry, 1);
900 if (!mounted)
901 break;
902 path->mnt = &mounted->mnt;
903 path->dentry = mounted->mnt.mnt_root;
904 nd->flags |= LOOKUP_JUMPED;
905 nd->seq = read_seqcount_begin(&path->dentry->d_seq);
906
907
908
909
910
911 *inode = path->dentry->d_inode;
912 }
913 return true;
914}
915
916static void follow_mount_rcu(struct nameidata *nd)
917{
918 while (d_mountpoint(nd->path.dentry)) {
919 struct mount *mounted;
920 mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry, 1);
921 if (!mounted)
922 break;
923 nd->path.mnt = &mounted->mnt;
924 nd->path.dentry = mounted->mnt.mnt_root;
925 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
926 }
927}
928
929static int follow_dotdot_rcu(struct nameidata *nd)
930{
931 set_root_rcu(nd);
932
933 while (1) {
934 if (nd->path.dentry == nd->root.dentry &&
935 nd->path.mnt == nd->root.mnt) {
936 break;
937 }
938 if (nd->path.dentry != nd->path.mnt->mnt_root) {
939 struct dentry *old = nd->path.dentry;
940 struct dentry *parent = old->d_parent;
941 unsigned seq;
942
943 seq = read_seqcount_begin(&parent->d_seq);
944 if (read_seqcount_retry(&old->d_seq, nd->seq))
945 goto failed;
946 nd->path.dentry = parent;
947 nd->seq = seq;
948 break;
949 }
950 if (!follow_up_rcu(&nd->path))
951 break;
952 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
953 }
954 follow_mount_rcu(nd);
955 nd->inode = nd->path.dentry->d_inode;
956 return 0;
957
958failed:
959 nd->flags &= ~LOOKUP_RCU;
960 if (!(nd->flags & LOOKUP_ROOT))
961 nd->root.mnt = NULL;
962 rcu_read_unlock();
963 br_read_unlock(vfsmount_lock);
964 return -ECHILD;
965}
966
967
968
969
970
971
972int follow_down(struct path *path)
973{
974 unsigned managed;
975 int ret;
976
977 while (managed = ACCESS_ONCE(path->dentry->d_flags),
978 unlikely(managed & DCACHE_MANAGED_DENTRY)) {
979
980
981
982
983
984
985
986
987
988
989 if (managed & DCACHE_MANAGE_TRANSIT) {
990 BUG_ON(!path->dentry->d_op);
991 BUG_ON(!path->dentry->d_op->d_manage);
992 ret = path->dentry->d_op->d_manage(
993 path->dentry, false);
994 if (ret < 0)
995 return ret == -EISDIR ? 0 : ret;
996 }
997
998
999 if (managed & DCACHE_MOUNTED) {
1000 struct vfsmount *mounted = lookup_mnt(path);
1001 if (!mounted)
1002 break;
1003 dput(path->dentry);
1004 mntput(path->mnt);
1005 path->mnt = mounted;
1006 path->dentry = dget(mounted->mnt_root);
1007 continue;
1008 }
1009
1010
1011 break;
1012 }
1013 return 0;
1014}
1015
1016
1017
1018
1019static void follow_mount(struct path *path)
1020{
1021 while (d_mountpoint(path->dentry)) {
1022 struct vfsmount *mounted = lookup_mnt(path);
1023 if (!mounted)
1024 break;
1025 dput(path->dentry);
1026 mntput(path->mnt);
1027 path->mnt = mounted;
1028 path->dentry = dget(mounted->mnt_root);
1029 }
1030}
1031
1032static void follow_dotdot(struct nameidata *nd)
1033{
1034 set_root(nd);
1035
1036 while(1) {
1037 struct dentry *old = nd->path.dentry;
1038
1039 if (nd->path.dentry == nd->root.dentry &&
1040 nd->path.mnt == nd->root.mnt) {
1041 break;
1042 }
1043 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1044
1045 nd->path.dentry = dget_parent(nd->path.dentry);
1046 dput(old);
1047 break;
1048 }
1049 if (!follow_up(&nd->path))
1050 break;
1051 }
1052 follow_mount(&nd->path);
1053 nd->inode = nd->path.dentry->d_inode;
1054}
1055
1056
1057
1058
1059
1060
1061
1062static struct dentry *d_alloc_and_lookup(struct dentry *parent,
1063 struct qstr *name, struct nameidata *nd)
1064{
1065 struct inode *inode = parent->d_inode;
1066 struct dentry *dentry;
1067 struct dentry *old;
1068
1069
1070 if (unlikely(IS_DEADDIR(inode)))
1071 return ERR_PTR(-ENOENT);
1072
1073 dentry = d_alloc(parent, name);
1074 if (unlikely(!dentry))
1075 return ERR_PTR(-ENOMEM);
1076
1077 old = inode->i_op->lookup(inode, dentry, nd);
1078 if (unlikely(old)) {
1079 dput(dentry);
1080 dentry = old;
1081 }
1082 return dentry;
1083}
1084
1085
1086
1087
1088
1089
1090
1091static struct dentry *d_inode_lookup(struct dentry *parent, struct dentry *dentry,
1092 struct nameidata *nd)
1093{
1094 struct inode *inode = parent->d_inode;
1095 struct dentry *old;
1096
1097
1098 if (unlikely(IS_DEADDIR(inode))) {
1099 dput(dentry);
1100 return ERR_PTR(-ENOENT);
1101 }
1102
1103 old = inode->i_op->lookup(inode, dentry, nd);
1104 if (unlikely(old)) {
1105 dput(dentry);
1106 dentry = old;
1107 }
1108 return dentry;
1109}
1110
1111
1112
1113
1114
1115
1116static int do_lookup(struct nameidata *nd, struct qstr *name,
1117 struct path *path, struct inode **inode)
1118{
1119 struct vfsmount *mnt = nd->path.mnt;
1120 struct dentry *dentry, *parent = nd->path.dentry;
1121 int need_reval = 1;
1122 int status = 1;
1123 int err;
1124
1125
1126
1127
1128
1129
1130 if (nd->flags & LOOKUP_RCU) {
1131 unsigned seq;
1132 *inode = nd->inode;
1133 dentry = __d_lookup_rcu(parent, name, &seq, inode);
1134 if (!dentry)
1135 goto unlazy;
1136
1137
1138 if (__read_seqcount_retry(&parent->d_seq, nd->seq))
1139 return -ECHILD;
1140 nd->seq = seq;
1141
1142 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1143 status = d_revalidate(dentry, nd);
1144 if (unlikely(status <= 0)) {
1145 if (status != -ECHILD)
1146 need_reval = 0;
1147 goto unlazy;
1148 }
1149 }
1150 if (unlikely(d_need_lookup(dentry)))
1151 goto unlazy;
1152 path->mnt = mnt;
1153 path->dentry = dentry;
1154 if (unlikely(!__follow_mount_rcu(nd, path, inode)))
1155 goto unlazy;
1156 if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT))
1157 goto unlazy;
1158 return 0;
1159unlazy:
1160 if (unlazy_walk(nd, dentry))
1161 return -ECHILD;
1162 } else {
1163 dentry = __d_lookup(parent, name);
1164 }
1165
1166 if (dentry && unlikely(d_need_lookup(dentry))) {
1167 dput(dentry);
1168 dentry = NULL;
1169 }
1170retry:
1171 if (unlikely(!dentry)) {
1172 struct inode *dir = parent->d_inode;
1173 BUG_ON(nd->inode != dir);
1174
1175 mutex_lock(&dir->i_mutex);
1176 dentry = d_lookup(parent, name);
1177 if (likely(!dentry)) {
1178 dentry = d_alloc_and_lookup(parent, name, nd);
1179 if (IS_ERR(dentry)) {
1180 mutex_unlock(&dir->i_mutex);
1181 return PTR_ERR(dentry);
1182 }
1183
1184 need_reval = 0;
1185 status = 1;
1186 } else if (unlikely(d_need_lookup(dentry))) {
1187 dentry = d_inode_lookup(parent, dentry, nd);
1188 if (IS_ERR(dentry)) {
1189 mutex_unlock(&dir->i_mutex);
1190 return PTR_ERR(dentry);
1191 }
1192
1193 need_reval = 0;
1194 status = 1;
1195 }
1196 mutex_unlock(&dir->i_mutex);
1197 }
1198 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE) && need_reval)
1199 status = d_revalidate(dentry, nd);
1200 if (unlikely(status <= 0)) {
1201 if (status < 0) {
1202 dput(dentry);
1203 return status;
1204 }
1205 if (!d_invalidate(dentry)) {
1206 dput(dentry);
1207 dentry = NULL;
1208 need_reval = 1;
1209 goto retry;
1210 }
1211 }
1212
1213 path->mnt = mnt;
1214 path->dentry = dentry;
1215 err = follow_managed(path, nd->flags);
1216 if (unlikely(err < 0)) {
1217 path_put_conditional(path, nd);
1218 return err;
1219 }
1220 if (err)
1221 nd->flags |= LOOKUP_JUMPED;
1222 *inode = path->dentry->d_inode;
1223 return 0;
1224}
1225
1226static inline int may_lookup(struct nameidata *nd)
1227{
1228 if (nd->flags & LOOKUP_RCU) {
1229 int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1230 if (err != -ECHILD)
1231 return err;
1232 if (unlazy_walk(nd, NULL))
1233 return -ECHILD;
1234 }
1235 return inode_permission(nd->inode, MAY_EXEC);
1236}
1237
1238static inline int handle_dots(struct nameidata *nd, int type)
1239{
1240 if (type == LAST_DOTDOT) {
1241 if (nd->flags & LOOKUP_RCU) {
1242 if (follow_dotdot_rcu(nd))
1243 return -ECHILD;
1244 } else
1245 follow_dotdot(nd);
1246 }
1247 return 0;
1248}
1249
1250static void terminate_walk(struct nameidata *nd)
1251{
1252 if (!(nd->flags & LOOKUP_RCU)) {
1253 path_put(&nd->path);
1254 } else {
1255 nd->flags &= ~LOOKUP_RCU;
1256 if (!(nd->flags & LOOKUP_ROOT))
1257 nd->root.mnt = NULL;
1258 rcu_read_unlock();
1259 br_read_unlock(vfsmount_lock);
1260 }
1261}
1262
1263
1264
1265
1266
1267
1268
1269static inline int should_follow_link(struct inode *inode, int follow)
1270{
1271 if (unlikely(!(inode->i_opflags & IOP_NOFOLLOW))) {
1272 if (likely(inode->i_op->follow_link))
1273 return follow;
1274
1275
1276 spin_lock(&inode->i_lock);
1277 inode->i_opflags |= IOP_NOFOLLOW;
1278 spin_unlock(&inode->i_lock);
1279 }
1280 return 0;
1281}
1282
1283static inline int walk_component(struct nameidata *nd, struct path *path,
1284 struct qstr *name, int type, int follow)
1285{
1286 struct inode *inode;
1287 int err;
1288
1289
1290
1291
1292
1293 if (unlikely(type != LAST_NORM))
1294 return handle_dots(nd, type);
1295 err = do_lookup(nd, name, path, &inode);
1296 if (unlikely(err)) {
1297 terminate_walk(nd);
1298 return err;
1299 }
1300 if (!inode) {
1301 path_to_nameidata(path, nd);
1302 terminate_walk(nd);
1303 return -ENOENT;
1304 }
1305 if (should_follow_link(inode, follow)) {
1306 if (nd->flags & LOOKUP_RCU) {
1307 if (unlikely(unlazy_walk(nd, path->dentry))) {
1308 terminate_walk(nd);
1309 return -ECHILD;
1310 }
1311 }
1312 BUG_ON(inode != path->dentry->d_inode);
1313 return 1;
1314 }
1315 path_to_nameidata(path, nd);
1316 nd->inode = inode;
1317 return 0;
1318}
1319
1320
1321
1322
1323
1324
1325
1326
1327static inline int nested_symlink(struct path *path, struct nameidata *nd)
1328{
1329 int res;
1330
1331 if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
1332 path_put_conditional(path, nd);
1333 path_put(&nd->path);
1334 return -ELOOP;
1335 }
1336 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
1337
1338 nd->depth++;
1339 current->link_count++;
1340
1341 do {
1342 struct path link = *path;
1343 void *cookie;
1344
1345 res = follow_link(&link, nd, &cookie);
1346 if (!res)
1347 res = walk_component(nd, path, &nd->last,
1348 nd->last_type, LOOKUP_FOLLOW);
1349 put_link(nd, &link, cookie);
1350 } while (res > 0);
1351
1352 current->link_count--;
1353 nd->depth--;
1354 return res;
1355}
1356
1357
1358
1359
1360
1361
1362
1363static inline int can_lookup(struct inode *inode)
1364{
1365 if (likely(inode->i_opflags & IOP_LOOKUP))
1366 return 1;
1367 if (likely(!inode->i_op->lookup))
1368 return 0;
1369
1370
1371 spin_lock(&inode->i_lock);
1372 inode->i_opflags |= IOP_LOOKUP;
1373 spin_unlock(&inode->i_lock);
1374 return 1;
1375}
1376
1377unsigned int full_name_hash(const unsigned char *name, unsigned int len)
1378{
1379 unsigned long hash = init_name_hash();
1380 while (len--)
1381 hash = partial_name_hash(*name++, hash);
1382 return end_name_hash(hash);
1383}
1384EXPORT_SYMBOL(full_name_hash);
1385
1386
1387
1388
1389
1390static inline unsigned long hash_name(const char *name, unsigned int *hashp)
1391{
1392 unsigned long hash = init_name_hash();
1393 unsigned long len = 0, c;
1394
1395 c = (unsigned char)*name;
1396 do {
1397 len++;
1398 hash = partial_name_hash(c, hash);
1399 c = (unsigned char)name[len];
1400 } while (c && c != '/');
1401 *hashp = end_name_hash(hash);
1402 return len;
1403}
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413static int link_path_walk(const char *name, struct nameidata *nd)
1414{
1415 struct path next;
1416 int err;
1417
1418 while (*name=='/')
1419 name++;
1420 if (!*name)
1421 return 0;
1422
1423
1424 for(;;) {
1425 struct qstr this;
1426 long len;
1427 int type;
1428
1429 err = may_lookup(nd);
1430 if (err)
1431 break;
1432
1433 len = hash_name(name, &this.hash);
1434 this.name = name;
1435 this.len = len;
1436
1437 type = LAST_NORM;
1438 if (name[0] == '.') switch (len) {
1439 case 2:
1440 if (name[1] == '.') {
1441 type = LAST_DOTDOT;
1442 nd->flags |= LOOKUP_JUMPED;
1443 }
1444 break;
1445 case 1:
1446 type = LAST_DOT;
1447 }
1448 if (likely(type == LAST_NORM)) {
1449 struct dentry *parent = nd->path.dentry;
1450 nd->flags &= ~LOOKUP_JUMPED;
1451 if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
1452 err = parent->d_op->d_hash(parent, nd->inode,
1453 &this);
1454 if (err < 0)
1455 break;
1456 }
1457 }
1458
1459 if (!name[len])
1460 goto last_component;
1461
1462
1463
1464
1465 do {
1466 len++;
1467 } while (unlikely(name[len] == '/'));
1468 if (!name[len])
1469 goto last_component;
1470 name += len;
1471
1472 err = walk_component(nd, &next, &this, type, LOOKUP_FOLLOW);
1473 if (err < 0)
1474 return err;
1475
1476 if (err) {
1477 err = nested_symlink(&next, nd);
1478 if (err)
1479 return err;
1480 }
1481 if (can_lookup(nd->inode))
1482 continue;
1483 err = -ENOTDIR;
1484 break;
1485
1486
1487last_component:
1488 nd->last = this;
1489 nd->last_type = type;
1490 return 0;
1491 }
1492 terminate_walk(nd);
1493 return err;
1494}
1495
1496static int path_init(int dfd, const char *name, unsigned int flags,
1497 struct nameidata *nd, struct file **fp)
1498{
1499 int retval = 0;
1500 int fput_needed;
1501 struct file *file;
1502
1503 nd->last_type = LAST_ROOT;
1504 nd->flags = flags | LOOKUP_JUMPED;
1505 nd->depth = 0;
1506 if (flags & LOOKUP_ROOT) {
1507 struct inode *inode = nd->root.dentry->d_inode;
1508 if (*name) {
1509 if (!inode->i_op->lookup)
1510 return -ENOTDIR;
1511 retval = inode_permission(inode, MAY_EXEC);
1512 if (retval)
1513 return retval;
1514 }
1515 nd->path = nd->root;
1516 nd->inode = inode;
1517 if (flags & LOOKUP_RCU) {
1518 br_read_lock(vfsmount_lock);
1519 rcu_read_lock();
1520 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1521 } else {
1522 path_get(&nd->path);
1523 }
1524 return 0;
1525 }
1526
1527 nd->root.mnt = NULL;
1528
1529 if (*name=='/') {
1530 if (flags & LOOKUP_RCU) {
1531 br_read_lock(vfsmount_lock);
1532 rcu_read_lock();
1533 set_root_rcu(nd);
1534 } else {
1535 set_root(nd);
1536 path_get(&nd->root);
1537 }
1538 nd->path = nd->root;
1539 } else if (dfd == AT_FDCWD) {
1540 if (flags & LOOKUP_RCU) {
1541 struct fs_struct *fs = current->fs;
1542 unsigned seq;
1543
1544 br_read_lock(vfsmount_lock);
1545 rcu_read_lock();
1546
1547 do {
1548 seq = read_seqcount_begin(&fs->seq);
1549 nd->path = fs->pwd;
1550 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1551 } while (read_seqcount_retry(&fs->seq, seq));
1552 } else {
1553 get_fs_pwd(current->fs, &nd->path);
1554 }
1555 } else {
1556 struct dentry *dentry;
1557
1558 file = fget_raw_light(dfd, &fput_needed);
1559 retval = -EBADF;
1560 if (!file)
1561 goto out_fail;
1562
1563 dentry = file->f_path.dentry;
1564
1565 if (*name) {
1566 retval = -ENOTDIR;
1567 if (!S_ISDIR(dentry->d_inode->i_mode))
1568 goto fput_fail;
1569
1570 retval = inode_permission(dentry->d_inode, MAY_EXEC);
1571 if (retval)
1572 goto fput_fail;
1573 }
1574
1575 nd->path = file->f_path;
1576 if (flags & LOOKUP_RCU) {
1577 if (fput_needed)
1578 *fp = file;
1579 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1580 br_read_lock(vfsmount_lock);
1581 rcu_read_lock();
1582 } else {
1583 path_get(&file->f_path);
1584 fput_light(file, fput_needed);
1585 }
1586 }
1587
1588 nd->inode = nd->path.dentry->d_inode;
1589 return 0;
1590
1591fput_fail:
1592 fput_light(file, fput_needed);
1593out_fail:
1594 return retval;
1595}
1596
1597static inline int lookup_last(struct nameidata *nd, struct path *path)
1598{
1599 if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
1600 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
1601
1602 nd->flags &= ~LOOKUP_PARENT;
1603 return walk_component(nd, path, &nd->last, nd->last_type,
1604 nd->flags & LOOKUP_FOLLOW);
1605}
1606
1607
1608static int path_lookupat(int dfd, const char *name,
1609 unsigned int flags, struct nameidata *nd)
1610{
1611 struct file *base = NULL;
1612 struct path path;
1613 int err;
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629 err = path_init(dfd, name, flags | LOOKUP_PARENT, nd, &base);
1630
1631 if (unlikely(err))
1632 return err;
1633
1634 current->total_link_count = 0;
1635 err = link_path_walk(name, nd);
1636
1637 if (!err && !(flags & LOOKUP_PARENT)) {
1638 err = lookup_last(nd, &path);
1639 while (err > 0) {
1640 void *cookie;
1641 struct path link = path;
1642 nd->flags |= LOOKUP_PARENT;
1643 err = follow_link(&link, nd, &cookie);
1644 if (!err)
1645 err = lookup_last(nd, &path);
1646 put_link(nd, &link, cookie);
1647 }
1648 }
1649
1650 if (!err)
1651 err = complete_walk(nd);
1652
1653 if (!err && nd->flags & LOOKUP_DIRECTORY) {
1654 if (!nd->inode->i_op->lookup) {
1655 path_put(&nd->path);
1656 err = -ENOTDIR;
1657 }
1658 }
1659
1660 if (base)
1661 fput(base);
1662
1663 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
1664 path_put(&nd->root);
1665 nd->root.mnt = NULL;
1666 }
1667 return err;
1668}
1669
1670static int do_path_lookup(int dfd, const char *name,
1671 unsigned int flags, struct nameidata *nd)
1672{
1673 int retval = path_lookupat(dfd, name, flags | LOOKUP_RCU, nd);
1674 if (unlikely(retval == -ECHILD))
1675 retval = path_lookupat(dfd, name, flags, nd);
1676 if (unlikely(retval == -ESTALE))
1677 retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
1678
1679 if (likely(!retval)) {
1680 if (unlikely(!audit_dummy_context())) {
1681 if (nd->path.dentry && nd->inode)
1682 audit_inode(name, nd->path.dentry);
1683 }
1684 }
1685 return retval;
1686}
1687
1688int kern_path_parent(const char *name, struct nameidata *nd)
1689{
1690 return do_path_lookup(AT_FDCWD, name, LOOKUP_PARENT, nd);
1691}
1692
1693int kern_path(const char *name, unsigned int flags, struct path *path)
1694{
1695 struct nameidata nd;
1696 int res = do_path_lookup(AT_FDCWD, name, flags, &nd);
1697 if (!res)
1698 *path = nd.path;
1699 return res;
1700}
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1711 const char *name, unsigned int flags,
1712 struct path *path)
1713{
1714 struct nameidata nd;
1715 int err;
1716 nd.root.dentry = dentry;
1717 nd.root.mnt = mnt;
1718 BUG_ON(flags & LOOKUP_PARENT);
1719
1720 err = do_path_lookup(AT_FDCWD, name, flags | LOOKUP_ROOT, &nd);
1721 if (!err)
1722 *path = nd.path;
1723 return err;
1724}
1725
1726static struct dentry *__lookup_hash(struct qstr *name,
1727 struct dentry *base, struct nameidata *nd)
1728{
1729 struct inode *inode = base->d_inode;
1730 struct dentry *dentry;
1731 int err;
1732
1733 err = inode_permission(inode, MAY_EXEC);
1734 if (err)
1735 return ERR_PTR(err);
1736
1737
1738
1739
1740
1741
1742 dentry = d_lookup(base, name);
1743
1744 if (dentry && d_need_lookup(dentry)) {
1745
1746
1747
1748
1749 dentry = d_inode_lookup(base, dentry, nd);
1750 if (IS_ERR(dentry))
1751 return dentry;
1752 }
1753
1754 if (dentry && (dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1755 int status = d_revalidate(dentry, nd);
1756 if (unlikely(status <= 0)) {
1757
1758
1759
1760
1761
1762
1763 if (status < 0) {
1764 dput(dentry);
1765 return ERR_PTR(status);
1766 } else if (!d_invalidate(dentry)) {
1767 dput(dentry);
1768 dentry = NULL;
1769 }
1770 }
1771 }
1772
1773 if (!dentry)
1774 dentry = d_alloc_and_lookup(base, name, nd);
1775
1776 return dentry;
1777}
1778
1779
1780
1781
1782
1783
1784static struct dentry *lookup_hash(struct nameidata *nd)
1785{
1786 return __lookup_hash(&nd->last, nd->path.dentry, nd);
1787}
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1801{
1802 struct qstr this;
1803 unsigned int c;
1804
1805 WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex));
1806
1807 this.name = name;
1808 this.len = len;
1809 this.hash = full_name_hash(name, len);
1810 if (!len)
1811 return ERR_PTR(-EACCES);
1812
1813 while (len--) {
1814 c = *(const unsigned char *)name++;
1815 if (c == '/' || c == '\0')
1816 return ERR_PTR(-EACCES);
1817 }
1818
1819
1820
1821
1822 if (base->d_flags & DCACHE_OP_HASH) {
1823 int err = base->d_op->d_hash(base, base->d_inode, &this);
1824 if (err < 0)
1825 return ERR_PTR(err);
1826 }
1827
1828 return __lookup_hash(&this, base, NULL);
1829}
1830
1831int user_path_at_empty(int dfd, const char __user *name, unsigned flags,
1832 struct path *path, int *empty)
1833{
1834 struct nameidata nd;
1835 char *tmp = getname_flags(name, flags, empty);
1836 int err = PTR_ERR(tmp);
1837 if (!IS_ERR(tmp)) {
1838
1839 BUG_ON(flags & LOOKUP_PARENT);
1840
1841 err = do_path_lookup(dfd, tmp, flags, &nd);
1842 putname(tmp);
1843 if (!err)
1844 *path = nd.path;
1845 }
1846 return err;
1847}
1848
1849int user_path_at(int dfd, const char __user *name, unsigned flags,
1850 struct path *path)
1851{
1852 return user_path_at_empty(dfd, name, flags, path, 0);
1853}
1854
1855static int user_path_parent(int dfd, const char __user *path,
1856 struct nameidata *nd, char **name)
1857{
1858 char *s = getname(path);
1859 int error;
1860
1861 if (IS_ERR(s))
1862 return PTR_ERR(s);
1863
1864 error = do_path_lookup(dfd, s, LOOKUP_PARENT, nd);
1865 if (error)
1866 putname(s);
1867 else
1868 *name = s;
1869
1870 return error;
1871}
1872
1873
1874
1875
1876
1877static inline int check_sticky(struct inode *dir, struct inode *inode)
1878{
1879 uid_t fsuid = current_fsuid();
1880
1881 if (!(dir->i_mode & S_ISVTX))
1882 return 0;
1883 if (current_user_ns() != inode_userns(inode))
1884 goto other_userns;
1885 if (inode->i_uid == fsuid)
1886 return 0;
1887 if (dir->i_uid == fsuid)
1888 return 0;
1889
1890other_userns:
1891 return !ns_capable(inode_userns(inode), CAP_FOWNER);
1892}
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1914{
1915 int error;
1916
1917 if (!victim->d_inode)
1918 return -ENOENT;
1919
1920 BUG_ON(victim->d_parent->d_inode != dir);
1921 audit_inode_child(victim, dir);
1922
1923 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
1924 if (error)
1925 return error;
1926 if (IS_APPEND(dir))
1927 return -EPERM;
1928 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1929 IS_IMMUTABLE(victim->d_inode) || IS_SWAPFILE(victim->d_inode))
1930 return -EPERM;
1931 if (isdir) {
1932 if (!S_ISDIR(victim->d_inode->i_mode))
1933 return -ENOTDIR;
1934 if (IS_ROOT(victim))
1935 return -EBUSY;
1936 } else if (S_ISDIR(victim->d_inode->i_mode))
1937 return -EISDIR;
1938 if (IS_DEADDIR(dir))
1939 return -ENOENT;
1940 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1941 return -EBUSY;
1942 return 0;
1943}
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953static inline int may_create(struct inode *dir, struct dentry *child)
1954{
1955 if (child->d_inode)
1956 return -EEXIST;
1957 if (IS_DEADDIR(dir))
1958 return -ENOENT;
1959 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
1960}
1961
1962
1963
1964
1965struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1966{
1967 struct dentry *p;
1968
1969 if (p1 == p2) {
1970 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1971 return NULL;
1972 }
1973
1974 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1975
1976 p = d_ancestor(p2, p1);
1977 if (p) {
1978 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT);
1979 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD);
1980 return p;
1981 }
1982
1983 p = d_ancestor(p1, p2);
1984 if (p) {
1985 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1986 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1987 return p;
1988 }
1989
1990 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1991 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1992 return NULL;
1993}
1994
1995void unlock_rename(struct dentry *p1, struct dentry *p2)
1996{
1997 mutex_unlock(&p1->d_inode->i_mutex);
1998 if (p1 != p2) {
1999 mutex_unlock(&p2->d_inode->i_mutex);
2000 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
2001 }
2002}
2003
2004int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
2005 struct nameidata *nd)
2006{
2007 int error = may_create(dir, dentry);
2008
2009 if (error)
2010 return error;
2011
2012 if (!dir->i_op->create)
2013 return -EACCES;
2014 mode &= S_IALLUGO;
2015 mode |= S_IFREG;
2016 error = security_inode_create(dir, dentry, mode);
2017 if (error)
2018 return error;
2019 error = dir->i_op->create(dir, dentry, mode, nd);
2020 if (!error)
2021 fsnotify_create(dir, dentry);
2022 return error;
2023}
2024
2025static int may_open(struct path *path, int acc_mode, int flag)
2026{
2027 struct dentry *dentry = path->dentry;
2028 struct inode *inode = dentry->d_inode;
2029 int error;
2030
2031
2032 if (!acc_mode)
2033 return 0;
2034
2035 if (!inode)
2036 return -ENOENT;
2037
2038 switch (inode->i_mode & S_IFMT) {
2039 case S_IFLNK:
2040 return -ELOOP;
2041 case S_IFDIR:
2042 if (acc_mode & MAY_WRITE)
2043 return -EISDIR;
2044 break;
2045 case S_IFBLK:
2046 case S_IFCHR:
2047 if (path->mnt->mnt_flags & MNT_NODEV)
2048 return -EACCES;
2049
2050 case S_IFIFO:
2051 case S_IFSOCK:
2052 flag &= ~O_TRUNC;
2053 break;
2054 }
2055
2056 error = inode_permission(inode, acc_mode);
2057 if (error)
2058 return error;
2059
2060
2061
2062
2063 if (IS_APPEND(inode)) {
2064 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
2065 return -EPERM;
2066 if (flag & O_TRUNC)
2067 return -EPERM;
2068 }
2069
2070
2071 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
2072 return -EPERM;
2073
2074 return 0;
2075}
2076
2077static int handle_truncate(struct file *filp)
2078{
2079 struct path *path = &filp->f_path;
2080 struct inode *inode = path->dentry->d_inode;
2081 int error = get_write_access(inode);
2082 if (error)
2083 return error;
2084
2085
2086
2087 error = locks_verify_locked(inode);
2088 if (!error)
2089 error = security_path_truncate(path);
2090 if (!error) {
2091 error = do_truncate(path->dentry, 0,
2092 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
2093 filp);
2094 }
2095 put_write_access(inode);
2096 return error;
2097}
2098
2099static inline int open_to_namei_flags(int flag)
2100{
2101 if ((flag & O_ACCMODE) == 3)
2102 flag--;
2103 return flag;
2104}
2105
2106
2107
2108
2109static struct file *do_last(struct nameidata *nd, struct path *path,
2110 const struct open_flags *op, const char *pathname)
2111{
2112 struct dentry *dir = nd->path.dentry;
2113 struct dentry *dentry;
2114 int open_flag = op->open_flag;
2115 int will_truncate = open_flag & O_TRUNC;
2116 int want_write = 0;
2117 int acc_mode = op->acc_mode;
2118 struct file *filp;
2119 int error;
2120
2121 nd->flags &= ~LOOKUP_PARENT;
2122 nd->flags |= op->intent;
2123
2124 switch (nd->last_type) {
2125 case LAST_DOTDOT:
2126 case LAST_DOT:
2127 error = handle_dots(nd, nd->last_type);
2128 if (error)
2129 return ERR_PTR(error);
2130
2131 case LAST_ROOT:
2132 error = complete_walk(nd);
2133 if (error)
2134 return ERR_PTR(error);
2135 audit_inode(pathname, nd->path.dentry);
2136 if (open_flag & O_CREAT) {
2137 error = -EISDIR;
2138 goto exit;
2139 }
2140 goto ok;
2141 case LAST_BIND:
2142 error = complete_walk(nd);
2143 if (error)
2144 return ERR_PTR(error);
2145 audit_inode(pathname, dir);
2146 goto ok;
2147 }
2148
2149 if (!(open_flag & O_CREAT)) {
2150 int symlink_ok = 0;
2151 if (nd->last.name[nd->last.len])
2152 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
2153 if (open_flag & O_PATH && !(nd->flags & LOOKUP_FOLLOW))
2154 symlink_ok = 1;
2155
2156 error = walk_component(nd, path, &nd->last, LAST_NORM,
2157 !symlink_ok);
2158 if (error < 0)
2159 return ERR_PTR(error);
2160 if (error)
2161 return NULL;
2162
2163 error = complete_walk(nd);
2164 if (error)
2165 return ERR_PTR(error);
2166
2167 error = -ENOTDIR;
2168 if (nd->flags & LOOKUP_DIRECTORY) {
2169 if (!nd->inode->i_op->lookup)
2170 goto exit;
2171 }
2172 audit_inode(pathname, nd->path.dentry);
2173 goto ok;
2174 }
2175
2176
2177
2178
2179
2180
2181 error = complete_walk(nd);
2182 if (error)
2183 return ERR_PTR(error);
2184
2185 audit_inode(pathname, dir);
2186 error = -EISDIR;
2187
2188 if (nd->last.name[nd->last.len])
2189 goto exit;
2190
2191 mutex_lock(&dir->d_inode->i_mutex);
2192
2193 dentry = lookup_hash(nd);
2194 error = PTR_ERR(dentry);
2195 if (IS_ERR(dentry)) {
2196 mutex_unlock(&dir->d_inode->i_mutex);
2197 goto exit;
2198 }
2199
2200 path->dentry = dentry;
2201 path->mnt = nd->path.mnt;
2202
2203
2204 if (!dentry->d_inode) {
2205 umode_t mode = op->mode;
2206 if (!IS_POSIXACL(dir->d_inode))
2207 mode &= ~current_umask();
2208
2209
2210
2211
2212
2213
2214
2215 error = mnt_want_write(nd->path.mnt);
2216 if (error)
2217 goto exit_mutex_unlock;
2218 want_write = 1;
2219
2220 open_flag &= ~O_TRUNC;
2221 will_truncate = 0;
2222 acc_mode = MAY_OPEN;
2223 error = security_path_mknod(&nd->path, dentry, mode, 0);
2224 if (error)
2225 goto exit_mutex_unlock;
2226 error = vfs_create(dir->d_inode, dentry, mode, nd);
2227 if (error)
2228 goto exit_mutex_unlock;
2229 mutex_unlock(&dir->d_inode->i_mutex);
2230 dput(nd->path.dentry);
2231 nd->path.dentry = dentry;
2232 goto common;
2233 }
2234
2235
2236
2237
2238 mutex_unlock(&dir->d_inode->i_mutex);
2239 audit_inode(pathname, path->dentry);
2240
2241 error = -EEXIST;
2242 if (open_flag & O_EXCL)
2243 goto exit_dput;
2244
2245 error = follow_managed(path, nd->flags);
2246 if (error < 0)
2247 goto exit_dput;
2248
2249 if (error)
2250 nd->flags |= LOOKUP_JUMPED;
2251
2252 error = -ENOENT;
2253 if (!path->dentry->d_inode)
2254 goto exit_dput;
2255
2256 if (path->dentry->d_inode->i_op->follow_link)
2257 return NULL;
2258
2259 path_to_nameidata(path, nd);
2260 nd->inode = path->dentry->d_inode;
2261
2262 error = complete_walk(nd);
2263 if (error)
2264 return ERR_PTR(error);
2265 error = -EISDIR;
2266 if (S_ISDIR(nd->inode->i_mode))
2267 goto exit;
2268ok:
2269 if (!S_ISREG(nd->inode->i_mode))
2270 will_truncate = 0;
2271
2272 if (will_truncate) {
2273 error = mnt_want_write(nd->path.mnt);
2274 if (error)
2275 goto exit;
2276 want_write = 1;
2277 }
2278common:
2279 error = may_open(&nd->path, acc_mode, open_flag);
2280 if (error)
2281 goto exit;
2282 filp = nameidata_to_filp(nd);
2283 if (!IS_ERR(filp)) {
2284 error = ima_file_check(filp, op->acc_mode);
2285 if (error) {
2286 fput(filp);
2287 filp = ERR_PTR(error);
2288 }
2289 }
2290 if (!IS_ERR(filp)) {
2291 if (will_truncate) {
2292 error = handle_truncate(filp);
2293 if (error) {
2294 fput(filp);
2295 filp = ERR_PTR(error);
2296 }
2297 }
2298 }
2299out:
2300 if (want_write)
2301 mnt_drop_write(nd->path.mnt);
2302 path_put(&nd->path);
2303 return filp;
2304
2305exit_mutex_unlock:
2306 mutex_unlock(&dir->d_inode->i_mutex);
2307exit_dput:
2308 path_put_conditional(path, nd);
2309exit:
2310 filp = ERR_PTR(error);
2311 goto out;
2312}
2313
2314static struct file *path_openat(int dfd, const char *pathname,
2315 struct nameidata *nd, const struct open_flags *op, int flags)
2316{
2317 struct file *base = NULL;
2318 struct file *filp;
2319 struct path path;
2320 int error;
2321
2322 filp = get_empty_filp();
2323 if (!filp)
2324 return ERR_PTR(-ENFILE);
2325
2326 filp->f_flags = op->open_flag;
2327 nd->intent.open.file = filp;
2328 nd->intent.open.flags = open_to_namei_flags(op->open_flag);
2329 nd->intent.open.create_mode = op->mode;
2330
2331 error = path_init(dfd, pathname, flags | LOOKUP_PARENT, nd, &base);
2332 if (unlikely(error))
2333 goto out_filp;
2334
2335 current->total_link_count = 0;
2336 error = link_path_walk(pathname, nd);
2337 if (unlikely(error))
2338 goto out_filp;
2339
2340 filp = do_last(nd, &path, op, pathname);
2341 while (unlikely(!filp)) {
2342 struct path link = path;
2343 void *cookie;
2344 if (!(nd->flags & LOOKUP_FOLLOW)) {
2345 path_put_conditional(&path, nd);
2346 path_put(&nd->path);
2347 filp = ERR_PTR(-ELOOP);
2348 break;
2349 }
2350 nd->flags |= LOOKUP_PARENT;
2351 nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL);
2352 error = follow_link(&link, nd, &cookie);
2353 if (unlikely(error))
2354 filp = ERR_PTR(error);
2355 else
2356 filp = do_last(nd, &path, op, pathname);
2357 put_link(nd, &link, cookie);
2358 }
2359out:
2360 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT))
2361 path_put(&nd->root);
2362 if (base)
2363 fput(base);
2364 release_open_intent(nd);
2365 return filp;
2366
2367out_filp:
2368 filp = ERR_PTR(error);
2369 goto out;
2370}
2371
2372struct file *do_filp_open(int dfd, const char *pathname,
2373 const struct open_flags *op, int flags)
2374{
2375 struct nameidata nd;
2376 struct file *filp;
2377
2378 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_RCU);
2379 if (unlikely(filp == ERR_PTR(-ECHILD)))
2380 filp = path_openat(dfd, pathname, &nd, op, flags);
2381 if (unlikely(filp == ERR_PTR(-ESTALE)))
2382 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_REVAL);
2383 return filp;
2384}
2385
2386struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt,
2387 const char *name, const struct open_flags *op, int flags)
2388{
2389 struct nameidata nd;
2390 struct file *file;
2391
2392 nd.root.mnt = mnt;
2393 nd.root.dentry = dentry;
2394
2395 flags |= LOOKUP_ROOT;
2396
2397 if (dentry->d_inode->i_op->follow_link && op->intent & LOOKUP_OPEN)
2398 return ERR_PTR(-ELOOP);
2399
2400 file = path_openat(-1, name, &nd, op, flags | LOOKUP_RCU);
2401 if (unlikely(file == ERR_PTR(-ECHILD)))
2402 file = path_openat(-1, name, &nd, op, flags);
2403 if (unlikely(file == ERR_PTR(-ESTALE)))
2404 file = path_openat(-1, name, &nd, op, flags | LOOKUP_REVAL);
2405 return file;
2406}
2407
2408struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path, int is_dir)
2409{
2410 struct dentry *dentry = ERR_PTR(-EEXIST);
2411 struct nameidata nd;
2412 int error = do_path_lookup(dfd, pathname, LOOKUP_PARENT, &nd);
2413 if (error)
2414 return ERR_PTR(error);
2415
2416
2417
2418
2419
2420 if (nd.last_type != LAST_NORM)
2421 goto out;
2422 nd.flags &= ~LOOKUP_PARENT;
2423 nd.flags |= LOOKUP_CREATE | LOOKUP_EXCL;
2424 nd.intent.open.flags = O_EXCL;
2425
2426
2427
2428
2429 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2430 dentry = lookup_hash(&nd);
2431 if (IS_ERR(dentry))
2432 goto fail;
2433
2434 if (dentry->d_inode)
2435 goto eexist;
2436
2437
2438
2439
2440
2441
2442 if (unlikely(!is_dir && nd.last.name[nd.last.len])) {
2443 dput(dentry);
2444 dentry = ERR_PTR(-ENOENT);
2445 goto fail;
2446 }
2447 *path = nd.path;
2448 return dentry;
2449eexist:
2450 dput(dentry);
2451 dentry = ERR_PTR(-EEXIST);
2452fail:
2453 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2454out:
2455 path_put(&nd.path);
2456 return dentry;
2457}
2458EXPORT_SYMBOL(kern_path_create);
2459
2460struct dentry *user_path_create(int dfd, const char __user *pathname, struct path *path, int is_dir)
2461{
2462 char *tmp = getname(pathname);
2463 struct dentry *res;
2464 if (IS_ERR(tmp))
2465 return ERR_CAST(tmp);
2466 res = kern_path_create(dfd, tmp, path, is_dir);
2467 putname(tmp);
2468 return res;
2469}
2470EXPORT_SYMBOL(user_path_create);
2471
2472int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2473{
2474 int error = may_create(dir, dentry);
2475
2476 if (error)
2477 return error;
2478
2479 if ((S_ISCHR(mode) || S_ISBLK(mode)) &&
2480 !ns_capable(inode_userns(dir), CAP_MKNOD))
2481 return -EPERM;
2482
2483 if (!dir->i_op->mknod)
2484 return -EPERM;
2485
2486 error = devcgroup_inode_mknod(mode, dev);
2487 if (error)
2488 return error;
2489
2490 error = security_inode_mknod(dir, dentry, mode, dev);
2491 if (error)
2492 return error;
2493
2494 error = dir->i_op->mknod(dir, dentry, mode, dev);
2495 if (!error)
2496 fsnotify_create(dir, dentry);
2497 return error;
2498}
2499
2500static int may_mknod(umode_t mode)
2501{
2502 switch (mode & S_IFMT) {
2503 case S_IFREG:
2504 case S_IFCHR:
2505 case S_IFBLK:
2506 case S_IFIFO:
2507 case S_IFSOCK:
2508 case 0:
2509 return 0;
2510 case S_IFDIR:
2511 return -EPERM;
2512 default:
2513 return -EINVAL;
2514 }
2515}
2516
2517SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
2518 unsigned, dev)
2519{
2520 struct dentry *dentry;
2521 struct path path;
2522 int error;
2523
2524 if (S_ISDIR(mode))
2525 return -EPERM;
2526
2527 dentry = user_path_create(dfd, filename, &path, 0);
2528 if (IS_ERR(dentry))
2529 return PTR_ERR(dentry);
2530
2531 if (!IS_POSIXACL(path.dentry->d_inode))
2532 mode &= ~current_umask();
2533 error = may_mknod(mode);
2534 if (error)
2535 goto out_dput;
2536 error = mnt_want_write(path.mnt);
2537 if (error)
2538 goto out_dput;
2539 error = security_path_mknod(&path, dentry, mode, dev);
2540 if (error)
2541 goto out_drop_write;
2542 switch (mode & S_IFMT) {
2543 case 0: case S_IFREG:
2544 error = vfs_create(path.dentry->d_inode,dentry,mode,NULL);
2545 break;
2546 case S_IFCHR: case S_IFBLK:
2547 error = vfs_mknod(path.dentry->d_inode,dentry,mode,
2548 new_decode_dev(dev));
2549 break;
2550 case S_IFIFO: case S_IFSOCK:
2551 error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
2552 break;
2553 }
2554out_drop_write:
2555 mnt_drop_write(path.mnt);
2556out_dput:
2557 dput(dentry);
2558 mutex_unlock(&path.dentry->d_inode->i_mutex);
2559 path_put(&path);
2560
2561 return error;
2562}
2563
2564SYSCALL_DEFINE3(mknod, const char __user *, filename, umode_t, mode, unsigned, dev)
2565{
2566 return sys_mknodat(AT_FDCWD, filename, mode, dev);
2567}
2568
2569int vfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
2570{
2571 int error = may_create(dir, dentry);
2572
2573 if (error)
2574 return error;
2575
2576 if (!dir->i_op->mkdir)
2577 return -EPERM;
2578
2579 mode &= (S_IRWXUGO|S_ISVTX);
2580 error = security_inode_mkdir(dir, dentry, mode);
2581 if (error)
2582 return error;
2583
2584 error = dir->i_op->mkdir(dir, dentry, mode);
2585 if (!error)
2586 fsnotify_mkdir(dir, dentry);
2587 return error;
2588}
2589
2590SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode)
2591{
2592 struct dentry *dentry;
2593 struct path path;
2594 int error;
2595
2596 dentry = user_path_create(dfd, pathname, &path, 1);
2597 if (IS_ERR(dentry))
2598 return PTR_ERR(dentry);
2599
2600 if (!IS_POSIXACL(path.dentry->d_inode))
2601 mode &= ~current_umask();
2602 error = mnt_want_write(path.mnt);
2603 if (error)
2604 goto out_dput;
2605 error = security_path_mkdir(&path, dentry, mode);
2606 if (error)
2607 goto out_drop_write;
2608 error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
2609out_drop_write:
2610 mnt_drop_write(path.mnt);
2611out_dput:
2612 dput(dentry);
2613 mutex_unlock(&path.dentry->d_inode->i_mutex);
2614 path_put(&path);
2615 return error;
2616}
2617
2618SYSCALL_DEFINE2(mkdir, const char __user *, pathname, umode_t, mode)
2619{
2620 return sys_mkdirat(AT_FDCWD, pathname, mode);
2621}
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638void dentry_unhash(struct dentry *dentry)
2639{
2640 shrink_dcache_parent(dentry);
2641 spin_lock(&dentry->d_lock);
2642 if (dentry->d_count == 1)
2643 __d_drop(dentry);
2644 spin_unlock(&dentry->d_lock);
2645}
2646
2647int vfs_rmdir(struct inode *dir, struct dentry *dentry)
2648{
2649 int error = may_delete(dir, dentry, 1);
2650
2651 if (error)
2652 return error;
2653
2654 if (!dir->i_op->rmdir)
2655 return -EPERM;
2656
2657 dget(dentry);
2658 mutex_lock(&dentry->d_inode->i_mutex);
2659
2660 error = -EBUSY;
2661 if (d_mountpoint(dentry))
2662 goto out;
2663
2664 error = security_inode_rmdir(dir, dentry);
2665 if (error)
2666 goto out;
2667
2668 shrink_dcache_parent(dentry);
2669 error = dir->i_op->rmdir(dir, dentry);
2670 if (error)
2671 goto out;
2672
2673 dentry->d_inode->i_flags |= S_DEAD;
2674 dont_mount(dentry);
2675
2676out:
2677 mutex_unlock(&dentry->d_inode->i_mutex);
2678 dput(dentry);
2679 if (!error)
2680 d_delete(dentry);
2681 return error;
2682}
2683
2684static long do_rmdir(int dfd, const char __user *pathname)
2685{
2686 int error = 0;
2687 char * name;
2688 struct dentry *dentry;
2689 struct nameidata nd;
2690
2691 error = user_path_parent(dfd, pathname, &nd, &name);
2692 if (error)
2693 return error;
2694
2695 switch(nd.last_type) {
2696 case LAST_DOTDOT:
2697 error = -ENOTEMPTY;
2698 goto exit1;
2699 case LAST_DOT:
2700 error = -EINVAL;
2701 goto exit1;
2702 case LAST_ROOT:
2703 error = -EBUSY;
2704 goto exit1;
2705 }
2706
2707 nd.flags &= ~LOOKUP_PARENT;
2708
2709 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2710 dentry = lookup_hash(&nd);
2711 error = PTR_ERR(dentry);
2712 if (IS_ERR(dentry))
2713 goto exit2;
2714 if (!dentry->d_inode) {
2715 error = -ENOENT;
2716 goto exit3;
2717 }
2718 error = mnt_want_write(nd.path.mnt);
2719 if (error)
2720 goto exit3;
2721 error = security_path_rmdir(&nd.path, dentry);
2722 if (error)
2723 goto exit4;
2724 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
2725exit4:
2726 mnt_drop_write(nd.path.mnt);
2727exit3:
2728 dput(dentry);
2729exit2:
2730 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2731exit1:
2732 path_put(&nd.path);
2733 putname(name);
2734 return error;
2735}
2736
2737SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
2738{
2739 return do_rmdir(AT_FDCWD, pathname);
2740}
2741
2742int vfs_unlink(struct inode *dir, struct dentry *dentry)
2743{
2744 int error = may_delete(dir, dentry, 0);
2745
2746 if (error)
2747 return error;
2748
2749 if (!dir->i_op->unlink)
2750 return -EPERM;
2751
2752 mutex_lock(&dentry->d_inode->i_mutex);
2753 if (d_mountpoint(dentry))
2754 error = -EBUSY;
2755 else {
2756 error = security_inode_unlink(dir, dentry);
2757 if (!error) {
2758 error = dir->i_op->unlink(dir, dentry);
2759 if (!error)
2760 dont_mount(dentry);
2761 }
2762 }
2763 mutex_unlock(&dentry->d_inode->i_mutex);
2764
2765
2766 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
2767 fsnotify_link_count(dentry->d_inode);
2768 d_delete(dentry);
2769 }
2770
2771 return error;
2772}
2773
2774
2775
2776
2777
2778
2779
2780static long do_unlinkat(int dfd, const char __user *pathname)
2781{
2782 int error;
2783 char *name;
2784 struct dentry *dentry;
2785 struct nameidata nd;
2786 struct inode *inode = NULL;
2787
2788 error = user_path_parent(dfd, pathname, &nd, &name);
2789 if (error)
2790 return error;
2791
2792 error = -EISDIR;
2793 if (nd.last_type != LAST_NORM)
2794 goto exit1;
2795
2796 nd.flags &= ~LOOKUP_PARENT;
2797
2798 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2799 dentry = lookup_hash(&nd);
2800 error = PTR_ERR(dentry);
2801 if (!IS_ERR(dentry)) {
2802
2803 if (nd.last.name[nd.last.len])
2804 goto slashes;
2805 inode = dentry->d_inode;
2806 if (!inode)
2807 goto slashes;
2808 ihold(inode);
2809 error = mnt_want_write(nd.path.mnt);
2810 if (error)
2811 goto exit2;
2812 error = security_path_unlink(&nd.path, dentry);
2813 if (error)
2814 goto exit3;
2815 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
2816exit3:
2817 mnt_drop_write(nd.path.mnt);
2818 exit2:
2819 dput(dentry);
2820 }
2821 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2822 if (inode)
2823 iput(inode);
2824exit1:
2825 path_put(&nd.path);
2826 putname(name);
2827 return error;
2828
2829slashes:
2830 error = !dentry->d_inode ? -ENOENT :
2831 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2832 goto exit2;
2833}
2834
2835SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
2836{
2837 if ((flag & ~AT_REMOVEDIR) != 0)
2838 return -EINVAL;
2839
2840 if (flag & AT_REMOVEDIR)
2841 return do_rmdir(dfd, pathname);
2842
2843 return do_unlinkat(dfd, pathname);
2844}
2845
2846SYSCALL_DEFINE1(unlink, const char __user *, pathname)
2847{
2848 return do_unlinkat(AT_FDCWD, pathname);
2849}
2850
2851int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
2852{
2853 int error = may_create(dir, dentry);
2854
2855 if (error)
2856 return error;
2857
2858 if (!dir->i_op->symlink)
2859 return -EPERM;
2860
2861 error = security_inode_symlink(dir, dentry, oldname);
2862 if (error)
2863 return error;
2864
2865 error = dir->i_op->symlink(dir, dentry, oldname);
2866 if (!error)
2867 fsnotify_create(dir, dentry);
2868 return error;
2869}
2870
2871SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
2872 int, newdfd, const char __user *, newname)
2873{
2874 int error;
2875 char *from;
2876 struct dentry *dentry;
2877 struct path path;
2878
2879 from = getname(oldname);
2880 if (IS_ERR(from))
2881 return PTR_ERR(from);
2882
2883 dentry = user_path_create(newdfd, newname, &path, 0);
2884 error = PTR_ERR(dentry);
2885 if (IS_ERR(dentry))
2886 goto out_putname;
2887
2888 error = mnt_want_write(path.mnt);
2889 if (error)
2890 goto out_dput;
2891 error = security_path_symlink(&path, dentry, from);
2892 if (error)
2893 goto out_drop_write;
2894 error = vfs_symlink(path.dentry->d_inode, dentry, from);
2895out_drop_write:
2896 mnt_drop_write(path.mnt);
2897out_dput:
2898 dput(dentry);
2899 mutex_unlock(&path.dentry->d_inode->i_mutex);
2900 path_put(&path);
2901out_putname:
2902 putname(from);
2903 return error;
2904}
2905
2906SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
2907{
2908 return sys_symlinkat(oldname, AT_FDCWD, newname);
2909}
2910
2911int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2912{
2913 struct inode *inode = old_dentry->d_inode;
2914 int error;
2915
2916 if (!inode)
2917 return -ENOENT;
2918
2919 error = may_create(dir, new_dentry);
2920 if (error)
2921 return error;
2922
2923 if (dir->i_sb != inode->i_sb)
2924 return -EXDEV;
2925
2926
2927
2928
2929 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2930 return -EPERM;
2931 if (!dir->i_op->link)
2932 return -EPERM;
2933 if (S_ISDIR(inode->i_mode))
2934 return -EPERM;
2935
2936 error = security_inode_link(old_dentry, dir, new_dentry);
2937 if (error)
2938 return error;
2939
2940 mutex_lock(&inode->i_mutex);
2941
2942 if (inode->i_nlink == 0)
2943 error = -ENOENT;
2944 else
2945 error = dir->i_op->link(old_dentry, dir, new_dentry);
2946 mutex_unlock(&inode->i_mutex);
2947 if (!error)
2948 fsnotify_link(dir, inode, new_dentry);
2949 return error;
2950}
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
2962 int, newdfd, const char __user *, newname, int, flags)
2963{
2964 struct dentry *new_dentry;
2965 struct path old_path, new_path;
2966 int how = 0;
2967 int error;
2968
2969 if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
2970 return -EINVAL;
2971
2972
2973
2974
2975
2976 if (flags & AT_EMPTY_PATH) {
2977 if (!capable(CAP_DAC_READ_SEARCH))
2978 return -ENOENT;
2979 how = LOOKUP_EMPTY;
2980 }
2981
2982 if (flags & AT_SYMLINK_FOLLOW)
2983 how |= LOOKUP_FOLLOW;
2984
2985 error = user_path_at(olddfd, oldname, how, &old_path);
2986 if (error)
2987 return error;
2988
2989 new_dentry = user_path_create(newdfd, newname, &new_path, 0);
2990 error = PTR_ERR(new_dentry);
2991 if (IS_ERR(new_dentry))
2992 goto out;
2993
2994 error = -EXDEV;
2995 if (old_path.mnt != new_path.mnt)
2996 goto out_dput;
2997 error = mnt_want_write(new_path.mnt);
2998 if (error)
2999 goto out_dput;
3000 error = security_path_link(old_path.dentry, &new_path, new_dentry);
3001 if (error)
3002 goto out_drop_write;
3003 error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry);
3004out_drop_write:
3005 mnt_drop_write(new_path.mnt);
3006out_dput:
3007 dput(new_dentry);
3008 mutex_unlock(&new_path.dentry->d_inode->i_mutex);
3009 path_put(&new_path);
3010out:
3011 path_put(&old_path);
3012
3013 return error;
3014}
3015
3016SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
3017{
3018 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
3019}
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
3049 struct inode *new_dir, struct dentry *new_dentry)
3050{
3051 int error = 0;
3052 struct inode *target = new_dentry->d_inode;
3053
3054
3055
3056
3057
3058 if (new_dir != old_dir) {
3059 error = inode_permission(old_dentry->d_inode, MAY_WRITE);
3060 if (error)
3061 return error;
3062 }
3063
3064 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3065 if (error)
3066 return error;
3067
3068 dget(new_dentry);
3069 if (target)
3070 mutex_lock(&target->i_mutex);
3071
3072 error = -EBUSY;
3073 if (d_mountpoint(old_dentry) || d_mountpoint(new_dentry))
3074 goto out;
3075
3076 if (target)
3077 shrink_dcache_parent(new_dentry);
3078 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3079 if (error)
3080 goto out;
3081
3082 if (target) {
3083 target->i_flags |= S_DEAD;
3084 dont_mount(new_dentry);
3085 }
3086out:
3087 if (target)
3088 mutex_unlock(&target->i_mutex);
3089 dput(new_dentry);
3090 if (!error)
3091 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3092 d_move(old_dentry,new_dentry);
3093 return error;
3094}
3095
3096static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
3097 struct inode *new_dir, struct dentry *new_dentry)
3098{
3099 struct inode *target = new_dentry->d_inode;
3100 int error;
3101
3102 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3103 if (error)
3104 return error;
3105
3106 dget(new_dentry);
3107 if (target)
3108 mutex_lock(&target->i_mutex);
3109
3110 error = -EBUSY;
3111 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
3112 goto out;
3113
3114 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3115 if (error)
3116 goto out;
3117
3118 if (target)
3119 dont_mount(new_dentry);
3120 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3121 d_move(old_dentry, new_dentry);
3122out:
3123 if (target)
3124 mutex_unlock(&target->i_mutex);
3125 dput(new_dentry);
3126 return error;
3127}
3128
3129int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
3130 struct inode *new_dir, struct dentry *new_dentry)
3131{
3132 int error;
3133 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
3134 const unsigned char *old_name;
3135
3136 if (old_dentry->d_inode == new_dentry->d_inode)
3137 return 0;
3138
3139 error = may_delete(old_dir, old_dentry, is_dir);
3140 if (error)
3141 return error;
3142
3143 if (!new_dentry->d_inode)
3144 error = may_create(new_dir, new_dentry);
3145 else
3146 error = may_delete(new_dir, new_dentry, is_dir);
3147 if (error)
3148 return error;
3149
3150 if (!old_dir->i_op->rename)
3151 return -EPERM;
3152
3153 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
3154
3155 if (is_dir)
3156 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
3157 else
3158 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
3159 if (!error)
3160 fsnotify_move(old_dir, new_dir, old_name, is_dir,
3161 new_dentry->d_inode, old_dentry);
3162 fsnotify_oldname_free(old_name);
3163
3164 return error;
3165}
3166
3167SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3168 int, newdfd, const char __user *, newname)
3169{
3170 struct dentry *old_dir, *new_dir;
3171 struct dentry *old_dentry, *new_dentry;
3172 struct dentry *trap;
3173 struct nameidata oldnd, newnd;
3174 char *from;
3175 char *to;
3176 int error;
3177
3178 error = user_path_parent(olddfd, oldname, &oldnd, &from);
3179 if (error)
3180 goto exit;
3181
3182 error = user_path_parent(newdfd, newname, &newnd, &to);
3183 if (error)
3184 goto exit1;
3185
3186 error = -EXDEV;
3187 if (oldnd.path.mnt != newnd.path.mnt)
3188 goto exit2;
3189
3190 old_dir = oldnd.path.dentry;
3191 error = -EBUSY;
3192 if (oldnd.last_type != LAST_NORM)
3193 goto exit2;
3194
3195 new_dir = newnd.path.dentry;
3196 if (newnd.last_type != LAST_NORM)
3197 goto exit2;
3198
3199 oldnd.flags &= ~LOOKUP_PARENT;
3200 newnd.flags &= ~LOOKUP_PARENT;
3201 newnd.flags |= LOOKUP_RENAME_TARGET;
3202
3203 trap = lock_rename(new_dir, old_dir);
3204
3205 old_dentry = lookup_hash(&oldnd);
3206 error = PTR_ERR(old_dentry);
3207 if (IS_ERR(old_dentry))
3208 goto exit3;
3209
3210 error = -ENOENT;
3211 if (!old_dentry->d_inode)
3212 goto exit4;
3213
3214 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
3215 error = -ENOTDIR;
3216 if (oldnd.last.name[oldnd.last.len])
3217 goto exit4;
3218 if (newnd.last.name[newnd.last.len])
3219 goto exit4;
3220 }
3221
3222 error = -EINVAL;
3223 if (old_dentry == trap)
3224 goto exit4;
3225 new_dentry = lookup_hash(&newnd);
3226 error = PTR_ERR(new_dentry);
3227 if (IS_ERR(new_dentry))
3228 goto exit4;
3229
3230 error = -ENOTEMPTY;
3231 if (new_dentry == trap)
3232 goto exit5;
3233
3234 error = mnt_want_write(oldnd.path.mnt);
3235 if (error)
3236 goto exit5;
3237 error = security_path_rename(&oldnd.path, old_dentry,
3238 &newnd.path, new_dentry);
3239 if (error)
3240 goto exit6;
3241 error = vfs_rename(old_dir->d_inode, old_dentry,
3242 new_dir->d_inode, new_dentry);
3243exit6:
3244 mnt_drop_write(oldnd.path.mnt);
3245exit5:
3246 dput(new_dentry);
3247exit4:
3248 dput(old_dentry);
3249exit3:
3250 unlock_rename(new_dir, old_dir);
3251exit2:
3252 path_put(&newnd.path);
3253 putname(to);
3254exit1:
3255 path_put(&oldnd.path);
3256 putname(from);
3257exit:
3258 return error;
3259}
3260
3261SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
3262{
3263 return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname);
3264}
3265
3266int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
3267{
3268 int len;
3269
3270 len = PTR_ERR(link);
3271 if (IS_ERR(link))
3272 goto out;
3273
3274 len = strlen(link);
3275 if (len > (unsigned) buflen)
3276 len = buflen;
3277 if (copy_to_user(buffer, link, len))
3278 len = -EFAULT;
3279out:
3280 return len;
3281}
3282
3283
3284
3285
3286
3287
3288int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3289{
3290 struct nameidata nd;
3291 void *cookie;
3292 int res;
3293
3294 nd.depth = 0;
3295 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
3296 if (IS_ERR(cookie))
3297 return PTR_ERR(cookie);
3298
3299 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
3300 if (dentry->d_inode->i_op->put_link)
3301 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
3302 return res;
3303}
3304
3305int vfs_follow_link(struct nameidata *nd, const char *link)
3306{
3307 return __vfs_follow_link(nd, link);
3308}
3309
3310
3311static char *page_getlink(struct dentry * dentry, struct page **ppage)
3312{
3313 char *kaddr;
3314 struct page *page;
3315 struct address_space *mapping = dentry->d_inode->i_mapping;
3316 page = read_mapping_page(mapping, 0, NULL);
3317 if (IS_ERR(page))
3318 return (char*)page;
3319 *ppage = page;
3320 kaddr = kmap(page);
3321 nd_terminate_link(kaddr, dentry->d_inode->i_size, PAGE_SIZE - 1);
3322 return kaddr;
3323}
3324
3325int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3326{
3327 struct page *page = NULL;
3328 char *s = page_getlink(dentry, &page);
3329 int res = vfs_readlink(dentry,buffer,buflen,s);
3330 if (page) {
3331 kunmap(page);
3332 page_cache_release(page);
3333 }
3334 return res;
3335}
3336
3337void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
3338{
3339 struct page *page = NULL;
3340 nd_set_link(nd, page_getlink(dentry, &page));
3341 return page;
3342}
3343
3344void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
3345{
3346 struct page *page = cookie;
3347
3348 if (page) {
3349 kunmap(page);
3350 page_cache_release(page);
3351 }
3352}
3353
3354
3355
3356
3357int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
3358{
3359 struct address_space *mapping = inode->i_mapping;
3360 struct page *page;
3361 void *fsdata;
3362 int err;
3363 char *kaddr;
3364 unsigned int flags = AOP_FLAG_UNINTERRUPTIBLE;
3365 if (nofs)
3366 flags |= AOP_FLAG_NOFS;
3367
3368retry:
3369 err = pagecache_write_begin(NULL, mapping, 0, len-1,
3370 flags, &page, &fsdata);
3371 if (err)
3372 goto fail;
3373
3374 kaddr = kmap_atomic(page, KM_USER0);
3375 memcpy(kaddr, symname, len-1);
3376 kunmap_atomic(kaddr, KM_USER0);
3377
3378 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
3379 page, fsdata);
3380 if (err < 0)
3381 goto fail;
3382 if (err < len-1)
3383 goto retry;
3384
3385 mark_inode_dirty(inode);
3386 return 0;
3387fail:
3388 return err;
3389}
3390
3391int page_symlink(struct inode *inode, const char *symname, int len)
3392{
3393 return __page_symlink(inode, symname, len,
3394 !(mapping_gfp_mask(inode->i_mapping) & __GFP_FS));
3395}
3396
3397const struct inode_operations page_symlink_inode_operations = {
3398 .readlink = generic_readlink,
3399 .follow_link = page_follow_link_light,
3400 .put_link = page_put_link,
3401};
3402
3403EXPORT_SYMBOL(user_path_at);
3404EXPORT_SYMBOL(follow_down_one);
3405EXPORT_SYMBOL(follow_down);
3406EXPORT_SYMBOL(follow_up);
3407EXPORT_SYMBOL(get_write_access);
3408EXPORT_SYMBOL(getname);
3409EXPORT_SYMBOL(lock_rename);
3410EXPORT_SYMBOL(lookup_one_len);
3411EXPORT_SYMBOL(page_follow_link_light);
3412EXPORT_SYMBOL(page_put_link);
3413EXPORT_SYMBOL(page_readlink);
3414EXPORT_SYMBOL(__page_symlink);
3415EXPORT_SYMBOL(page_symlink);
3416EXPORT_SYMBOL(page_symlink_inode_operations);
3417EXPORT_SYMBOL(kern_path);
3418EXPORT_SYMBOL(vfs_path_lookup);
3419EXPORT_SYMBOL(inode_permission);
3420EXPORT_SYMBOL(unlock_rename);
3421EXPORT_SYMBOL(vfs_create);
3422EXPORT_SYMBOL(vfs_follow_link);
3423EXPORT_SYMBOL(vfs_link);
3424EXPORT_SYMBOL(vfs_mkdir);
3425EXPORT_SYMBOL(vfs_mknod);
3426EXPORT_SYMBOL(generic_permission);
3427EXPORT_SYMBOL(vfs_readlink);
3428EXPORT_SYMBOL(vfs_rename);
3429EXPORT_SYMBOL(vfs_rmdir);
3430EXPORT_SYMBOL(vfs_symlink);
3431EXPORT_SYMBOL(vfs_unlink);
3432EXPORT_SYMBOL(dentry_unhash);
3433EXPORT_SYMBOL(generic_readlink);
3434
