1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#include <linux/init.h>
19#include <linux/export.h>
20#include <linux/kernel.h>
21#include <linux/slab.h>
22#include <linux/fs.h>
23#include <linux/namei.h>
24#include <linux/pagemap.h>
25#include <linux/fsnotify.h>
26#include <linux/personality.h>
27#include <linux/security.h>
28#include <linux/ima.h>
29#include <linux/syscalls.h>
30#include <linux/mount.h>
31#include <linux/audit.h>
32#include <linux/capability.h>
33#include <linux/file.h>
34#include <linux/fcntl.h>
35#include <linux/device_cgroup.h>
36#include <linux/fs_struct.h>
37#include <linux/posix_acl.h>
38#include <linux/hash.h>
39#include <linux/bitops.h>
40#include <linux/init_task.h>
41#include <linux/uaccess.h>
42
43#include "internal.h"
44#include "mount.h"
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125#define EMBEDDED_NAME_MAX (PATH_MAX - offsetof(struct filename, iname))
126
127struct filename *
128getname_flags(const char __user *filename, int flags, int *empty)
129{
130 struct filename *result;
131 char *kname;
132 int len;
133
134 result = audit_reusename(filename);
135 if (result)
136 return result;
137
138 result = __getname();
139 if (unlikely(!result))
140 return ERR_PTR(-ENOMEM);
141
142
143
144
145
146 kname = (char *)result->iname;
147 result->name = kname;
148
149 len = strncpy_from_user(kname, filename, EMBEDDED_NAME_MAX);
150 if (unlikely(len < 0)) {
151 __putname(result);
152 return ERR_PTR(len);
153 }
154
155
156
157
158
159
160
161 if (unlikely(len == EMBEDDED_NAME_MAX)) {
162 const size_t size = offsetof(struct filename, iname[1]);
163 kname = (char *)result;
164
165
166
167
168
169
170 result = kzalloc(size, GFP_KERNEL);
171 if (unlikely(!result)) {
172 __putname(kname);
173 return ERR_PTR(-ENOMEM);
174 }
175 result->name = kname;
176 len = strncpy_from_user(kname, filename, PATH_MAX);
177 if (unlikely(len < 0)) {
178 __putname(kname);
179 kfree(result);
180 return ERR_PTR(len);
181 }
182 if (unlikely(len == PATH_MAX)) {
183 __putname(kname);
184 kfree(result);
185 return ERR_PTR(-ENAMETOOLONG);
186 }
187 }
188
189 result->refcnt = 1;
190
191 if (unlikely(!len)) {
192 if (empty)
193 *empty = 1;
194 if (!(flags & LOOKUP_EMPTY)) {
195 putname(result);
196 return ERR_PTR(-ENOENT);
197 }
198 }
199
200 result->uptr = filename;
201 result->aname = NULL;
202 audit_getname(result);
203 return result;
204}
205
206struct filename *
207getname(const char __user * filename)
208{
209 return getname_flags(filename, 0, NULL);
210}
211
212struct filename *
213getname_kernel(const char * filename)
214{
215 struct filename *result;
216 int len = strlen(filename) + 1;
217
218 result = __getname();
219 if (unlikely(!result))
220 return ERR_PTR(-ENOMEM);
221
222 if (len <= EMBEDDED_NAME_MAX) {
223 result->name = (char *)result->iname;
224 } else if (len <= PATH_MAX) {
225 const size_t size = offsetof(struct filename, iname[1]);
226 struct filename *tmp;
227
228 tmp = kmalloc(size, GFP_KERNEL);
229 if (unlikely(!tmp)) {
230 __putname(result);
231 return ERR_PTR(-ENOMEM);
232 }
233 tmp->name = (char *)result;
234 result = tmp;
235 } else {
236 __putname(result);
237 return ERR_PTR(-ENAMETOOLONG);
238 }
239 memcpy((char *)result->name, filename, len);
240 result->uptr = NULL;
241 result->aname = NULL;
242 result->refcnt = 1;
243 audit_getname(result);
244
245 return result;
246}
247
248void putname(struct filename *name)
249{
250 BUG_ON(name->refcnt <= 0);
251
252 if (--name->refcnt > 0)
253 return;
254
255 if (name->name != name->iname) {
256 __putname(name->name);
257 kfree(name);
258 } else
259 __putname(name);
260}
261
262static int check_acl(struct inode *inode, int mask)
263{
264#ifdef CONFIG_FS_POSIX_ACL
265 struct posix_acl *acl;
266
267 if (mask & MAY_NOT_BLOCK) {
268 acl = get_cached_acl_rcu(inode, ACL_TYPE_ACCESS);
269 if (!acl)
270 return -EAGAIN;
271
272 if (is_uncached_acl(acl))
273 return -ECHILD;
274 return posix_acl_permission(inode, acl, mask & ~MAY_NOT_BLOCK);
275 }
276
277 acl = get_acl(inode, ACL_TYPE_ACCESS);
278 if (IS_ERR(acl))
279 return PTR_ERR(acl);
280 if (acl) {
281 int error = posix_acl_permission(inode, acl, mask);
282 posix_acl_release(acl);
283 return error;
284 }
285#endif
286
287 return -EAGAIN;
288}
289
290
291
292
293static int acl_permission_check(struct inode *inode, int mask)
294{
295 unsigned int mode = inode->i_mode;
296
297 if (likely(uid_eq(current_fsuid(), inode->i_uid)))
298 mode >>= 6;
299 else {
300 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
301 int error = check_acl(inode, mask);
302 if (error != -EAGAIN)
303 return error;
304 }
305
306 if (in_group_p(inode->i_gid))
307 mode >>= 3;
308 }
309
310
311
312
313 if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
314 return 0;
315 return -EACCES;
316}
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332int generic_permission(struct inode *inode, int mask)
333{
334 int ret;
335
336
337
338
339 ret = acl_permission_check(inode, mask);
340 if (ret != -EACCES)
341 return ret;
342
343 if (S_ISDIR(inode->i_mode)) {
344
345 if (!(mask & MAY_WRITE))
346 if (capable_wrt_inode_uidgid(inode,
347 CAP_DAC_READ_SEARCH))
348 return 0;
349 if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
350 return 0;
351 return -EACCES;
352 }
353
354
355
356
357 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
358 if (mask == MAY_READ)
359 if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
360 return 0;
361
362
363
364
365
366 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
367 if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
368 return 0;
369
370 return -EACCES;
371}
372EXPORT_SYMBOL(generic_permission);
373
374
375
376
377
378
379
380static inline int do_inode_permission(struct inode *inode, int mask)
381{
382 if (unlikely(!(inode->i_opflags & IOP_FASTPERM))) {
383 if (likely(inode->i_op->permission))
384 return inode->i_op->permission(inode, mask);
385
386
387 spin_lock(&inode->i_lock);
388 inode->i_opflags |= IOP_FASTPERM;
389 spin_unlock(&inode->i_lock);
390 }
391 return generic_permission(inode, mask);
392}
393
394
395
396
397
398
399
400
401
402static int sb_permission(struct super_block *sb, struct inode *inode, int mask)
403{
404 if (unlikely(mask & MAY_WRITE)) {
405 umode_t mode = inode->i_mode;
406
407
408 if (sb_rdonly(sb) && (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
409 return -EROFS;
410 }
411 return 0;
412}
413
414
415
416
417
418
419
420
421
422
423
424
425int inode_permission(struct inode *inode, int mask)
426{
427 int retval;
428
429 retval = sb_permission(inode->i_sb, inode, mask);
430 if (retval)
431 return retval;
432
433 if (unlikely(mask & MAY_WRITE)) {
434
435
436
437 if (IS_IMMUTABLE(inode))
438 return -EPERM;
439
440
441
442
443
444
445 if (HAS_UNMAPPED_ID(inode))
446 return -EACCES;
447 }
448
449 retval = do_inode_permission(inode, mask);
450 if (retval)
451 return retval;
452
453 retval = devcgroup_inode_permission(inode, mask);
454 if (retval)
455 return retval;
456
457 return security_inode_permission(inode, mask);
458}
459EXPORT_SYMBOL(inode_permission);
460
461
462
463
464
465
466
467void path_get(const struct path *path)
468{
469 mntget(path->mnt);
470 dget(path->dentry);
471}
472EXPORT_SYMBOL(path_get);
473
474
475
476
477
478
479
480void path_put(const struct path *path)
481{
482 dput(path->dentry);
483 mntput(path->mnt);
484}
485EXPORT_SYMBOL(path_put);
486
487#define EMBEDDED_LEVELS 2
488struct nameidata {
489 struct path path;
490 struct qstr last;
491 struct path root;
492 struct inode *inode;
493 unsigned int flags;
494 unsigned seq, m_seq;
495 int last_type;
496 unsigned depth;
497 int total_link_count;
498 struct saved {
499 struct path link;
500 struct delayed_call done;
501 const char *name;
502 unsigned seq;
503 } *stack, internal[EMBEDDED_LEVELS];
504 struct filename *name;
505 struct nameidata *saved;
506 struct inode *link_inode;
507 unsigned root_seq;
508 int dfd;
509} __randomize_layout;
510
511static void set_nameidata(struct nameidata *p, int dfd, struct filename *name)
512{
513 struct nameidata *old = current->nameidata;
514 p->stack = p->internal;
515 p->dfd = dfd;
516 p->name = name;
517 p->total_link_count = old ? old->total_link_count : 0;
518 p->saved = old;
519 current->nameidata = p;
520}
521
522static void restore_nameidata(void)
523{
524 struct nameidata *now = current->nameidata, *old = now->saved;
525
526 current->nameidata = old;
527 if (old)
528 old->total_link_count = now->total_link_count;
529 if (now->stack != now->internal)
530 kfree(now->stack);
531}
532
533static int __nd_alloc_stack(struct nameidata *nd)
534{
535 struct saved *p;
536
537 if (nd->flags & LOOKUP_RCU) {
538 p= kmalloc_array(MAXSYMLINKS, sizeof(struct saved),
539 GFP_ATOMIC);
540 if (unlikely(!p))
541 return -ECHILD;
542 } else {
543 p= kmalloc_array(MAXSYMLINKS, sizeof(struct saved),
544 GFP_KERNEL);
545 if (unlikely(!p))
546 return -ENOMEM;
547 }
548 memcpy(p, nd->internal, sizeof(nd->internal));
549 nd->stack = p;
550 return 0;
551}
552
553
554
555
556
557
558
559
560static bool path_connected(const struct path *path)
561{
562 struct vfsmount *mnt = path->mnt;
563 struct super_block *sb = mnt->mnt_sb;
564
565
566 if (!(sb->s_iflags & SB_I_MULTIROOT) && (mnt->mnt_root == sb->s_root))
567 return true;
568
569 return is_subdir(path->dentry, mnt->mnt_root);
570}
571
572static inline int nd_alloc_stack(struct nameidata *nd)
573{
574 if (likely(nd->depth != EMBEDDED_LEVELS))
575 return 0;
576 if (likely(nd->stack != nd->internal))
577 return 0;
578 return __nd_alloc_stack(nd);
579}
580
581static void drop_links(struct nameidata *nd)
582{
583 int i = nd->depth;
584 while (i--) {
585 struct saved *last = nd->stack + i;
586 do_delayed_call(&last->done);
587 clear_delayed_call(&last->done);
588 }
589}
590
591static void terminate_walk(struct nameidata *nd)
592{
593 drop_links(nd);
594 if (!(nd->flags & LOOKUP_RCU)) {
595 int i;
596 path_put(&nd->path);
597 for (i = 0; i < nd->depth; i++)
598 path_put(&nd->stack[i].link);
599 if (nd->flags & LOOKUP_ROOT_GRABBED) {
600 path_put(&nd->root);
601 nd->flags &= ~LOOKUP_ROOT_GRABBED;
602 }
603 } else {
604 nd->flags &= ~LOOKUP_RCU;
605 rcu_read_unlock();
606 }
607 nd->depth = 0;
608}
609
610
611static bool legitimize_path(struct nameidata *nd,
612 struct path *path, unsigned seq)
613{
614 int res = __legitimize_mnt(path->mnt, nd->m_seq);
615 if (unlikely(res)) {
616 if (res > 0)
617 path->mnt = NULL;
618 path->dentry = NULL;
619 return false;
620 }
621 if (unlikely(!lockref_get_not_dead(&path->dentry->d_lockref))) {
622 path->dentry = NULL;
623 return false;
624 }
625 return !read_seqcount_retry(&path->dentry->d_seq, seq);
626}
627
628static bool legitimize_links(struct nameidata *nd)
629{
630 int i;
631 for (i = 0; i < nd->depth; i++) {
632 struct saved *last = nd->stack + i;
633 if (unlikely(!legitimize_path(nd, &last->link, last->seq))) {
634 drop_links(nd);
635 nd->depth = i + 1;
636 return false;
637 }
638 }
639 return true;
640}
641
642static bool legitimize_root(struct nameidata *nd)
643{
644 if (!nd->root.mnt || (nd->flags & LOOKUP_ROOT))
645 return true;
646 nd->flags |= LOOKUP_ROOT_GRABBED;
647 return legitimize_path(nd, &nd->root, nd->root_seq);
648}
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672static int unlazy_walk(struct nameidata *nd)
673{
674 struct dentry *parent = nd->path.dentry;
675
676 BUG_ON(!(nd->flags & LOOKUP_RCU));
677
678 nd->flags &= ~LOOKUP_RCU;
679 if (unlikely(!legitimize_links(nd)))
680 goto out1;
681 if (unlikely(!legitimize_path(nd, &nd->path, nd->seq)))
682 goto out;
683 if (unlikely(!legitimize_root(nd)))
684 goto out;
685 rcu_read_unlock();
686 BUG_ON(nd->inode != parent->d_inode);
687 return 0;
688
689out1:
690 nd->path.mnt = NULL;
691 nd->path.dentry = NULL;
692out:
693 rcu_read_unlock();
694 return -ECHILD;
695}
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710static int unlazy_child(struct nameidata *nd, struct dentry *dentry, unsigned seq)
711{
712 BUG_ON(!(nd->flags & LOOKUP_RCU));
713
714 nd->flags &= ~LOOKUP_RCU;
715 if (unlikely(!legitimize_links(nd)))
716 goto out2;
717 if (unlikely(!legitimize_mnt(nd->path.mnt, nd->m_seq)))
718 goto out2;
719 if (unlikely(!lockref_get_not_dead(&nd->path.dentry->d_lockref)))
720 goto out1;
721
722
723
724
725
726
727
728
729 if (unlikely(!lockref_get_not_dead(&dentry->d_lockref)))
730 goto out;
731 if (unlikely(read_seqcount_retry(&dentry->d_seq, seq)))
732 goto out_dput;
733
734
735
736
737 if (unlikely(!legitimize_root(nd)))
738 goto out_dput;
739 rcu_read_unlock();
740 return 0;
741
742out2:
743 nd->path.mnt = NULL;
744out1:
745 nd->path.dentry = NULL;
746out:
747 rcu_read_unlock();
748 return -ECHILD;
749out_dput:
750 rcu_read_unlock();
751 dput(dentry);
752 return -ECHILD;
753}
754
755static inline int d_revalidate(struct dentry *dentry, unsigned int flags)
756{
757 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE))
758 return dentry->d_op->d_revalidate(dentry, flags);
759 else
760 return 1;
761}
762
763
764
765
766
767
768
769
770
771
772
773static int complete_walk(struct nameidata *nd)
774{
775 struct dentry *dentry = nd->path.dentry;
776 int status;
777
778 if (nd->flags & LOOKUP_RCU) {
779 if (!(nd->flags & LOOKUP_ROOT))
780 nd->root.mnt = NULL;
781 if (unlikely(unlazy_walk(nd)))
782 return -ECHILD;
783 }
784
785 if (likely(!(nd->flags & LOOKUP_JUMPED)))
786 return 0;
787
788 if (likely(!(dentry->d_flags & DCACHE_OP_WEAK_REVALIDATE)))
789 return 0;
790
791 status = dentry->d_op->d_weak_revalidate(dentry, nd->flags);
792 if (status > 0)
793 return 0;
794
795 if (!status)
796 status = -ESTALE;
797
798 return status;
799}
800
801static void set_root(struct nameidata *nd)
802{
803 struct fs_struct *fs = current->fs;
804
805 if (nd->flags & LOOKUP_RCU) {
806 unsigned seq;
807
808 do {
809 seq = read_seqcount_begin(&fs->seq);
810 nd->root = fs->root;
811 nd->root_seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
812 } while (read_seqcount_retry(&fs->seq, seq));
813 } else {
814 get_fs_root(fs, &nd->root);
815 nd->flags |= LOOKUP_ROOT_GRABBED;
816 }
817}
818
819static void path_put_conditional(struct path *path, struct nameidata *nd)
820{
821 dput(path->dentry);
822 if (path->mnt != nd->path.mnt)
823 mntput(path->mnt);
824}
825
826static inline void path_to_nameidata(const struct path *path,
827 struct nameidata *nd)
828{
829 if (!(nd->flags & LOOKUP_RCU)) {
830 dput(nd->path.dentry);
831 if (nd->path.mnt != path->mnt)
832 mntput(nd->path.mnt);
833 }
834 nd->path.mnt = path->mnt;
835 nd->path.dentry = path->dentry;
836}
837
838static int nd_jump_root(struct nameidata *nd)
839{
840 if (nd->flags & LOOKUP_RCU) {
841 struct dentry *d;
842 nd->path = nd->root;
843 d = nd->path.dentry;
844 nd->inode = d->d_inode;
845 nd->seq = nd->root_seq;
846 if (unlikely(read_seqcount_retry(&d->d_seq, nd->seq)))
847 return -ECHILD;
848 } else {
849 path_put(&nd->path);
850 nd->path = nd->root;
851 path_get(&nd->path);
852 nd->inode = nd->path.dentry->d_inode;
853 }
854 nd->flags |= LOOKUP_JUMPED;
855 return 0;
856}
857
858
859
860
861
862void nd_jump_link(struct path *path)
863{
864 struct nameidata *nd = current->nameidata;
865 path_put(&nd->path);
866
867 nd->path = *path;
868 nd->inode = nd->path.dentry->d_inode;
869 nd->flags |= LOOKUP_JUMPED;
870}
871
872static inline void put_link(struct nameidata *nd)
873{
874 struct saved *last = nd->stack + --nd->depth;
875 do_delayed_call(&last->done);
876 if (!(nd->flags & LOOKUP_RCU))
877 path_put(&last->link);
878}
879
880int sysctl_protected_symlinks __read_mostly = 0;
881int sysctl_protected_hardlinks __read_mostly = 0;
882int sysctl_protected_fifos __read_mostly;
883int sysctl_protected_regular __read_mostly;
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900static inline int may_follow_link(struct nameidata *nd)
901{
902 const struct inode *inode;
903 const struct inode *parent;
904 kuid_t puid;
905
906 if (!sysctl_protected_symlinks)
907 return 0;
908
909
910 inode = nd->link_inode;
911 if (uid_eq(current_cred()->fsuid, inode->i_uid))
912 return 0;
913
914
915 parent = nd->inode;
916 if ((parent->i_mode & (S_ISVTX|S_IWOTH)) != (S_ISVTX|S_IWOTH))
917 return 0;
918
919
920 puid = parent->i_uid;
921 if (uid_valid(puid) && uid_eq(puid, inode->i_uid))
922 return 0;
923
924 if (nd->flags & LOOKUP_RCU)
925 return -ECHILD;
926
927 audit_inode(nd->name, nd->stack[0].link.dentry, 0);
928 audit_log_path_denied(AUDIT_ANOM_LINK, "follow_link");
929 return -EACCES;
930}
931
932
933
934
935
936
937
938
939
940
941
942
943
944static bool safe_hardlink_source(struct inode *inode)
945{
946 umode_t mode = inode->i_mode;
947
948
949 if (!S_ISREG(mode))
950 return false;
951
952
953 if (mode & S_ISUID)
954 return false;
955
956
957 if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
958 return false;
959
960
961 if (inode_permission(inode, MAY_READ | MAY_WRITE))
962 return false;
963
964 return true;
965}
966
967
968
969
970
971
972
973
974
975
976
977
978
979static int may_linkat(struct path *link)
980{
981 struct inode *inode = link->dentry->d_inode;
982
983
984 if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
985 return -EOVERFLOW;
986
987 if (!sysctl_protected_hardlinks)
988 return 0;
989
990
991
992
993 if (safe_hardlink_source(inode) || inode_owner_or_capable(inode))
994 return 0;
995
996 audit_log_path_denied(AUDIT_ANOM_LINK, "linkat");
997 return -EPERM;
998}
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021static int may_create_in_sticky(umode_t dir_mode, kuid_t dir_uid,
1022 struct inode * const inode)
1023{
1024 if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) ||
1025 (!sysctl_protected_regular && S_ISREG(inode->i_mode)) ||
1026 likely(!(dir_mode & S_ISVTX)) ||
1027 uid_eq(inode->i_uid, dir_uid) ||
1028 uid_eq(current_fsuid(), inode->i_uid))
1029 return 0;
1030
1031 if (likely(dir_mode & 0002) ||
1032 (dir_mode & 0020 &&
1033 ((sysctl_protected_fifos >= 2 && S_ISFIFO(inode->i_mode)) ||
1034 (sysctl_protected_regular >= 2 && S_ISREG(inode->i_mode))))) {
1035 const char *operation = S_ISFIFO(inode->i_mode) ?
1036 "sticky_create_fifo" :
1037 "sticky_create_regular";
1038 audit_log_path_denied(AUDIT_ANOM_CREAT, operation);
1039 return -EACCES;
1040 }
1041 return 0;
1042}
1043
1044static __always_inline
1045const char *get_link(struct nameidata *nd)
1046{
1047 struct saved *last = nd->stack + nd->depth - 1;
1048 struct dentry *dentry = last->link.dentry;
1049 struct inode *inode = nd->link_inode;
1050 int error;
1051 const char *res;
1052
1053 if (!(nd->flags & LOOKUP_RCU)) {
1054 touch_atime(&last->link);
1055 cond_resched();
1056 } else if (atime_needs_update(&last->link, inode)) {
1057 if (unlikely(unlazy_walk(nd)))
1058 return ERR_PTR(-ECHILD);
1059 touch_atime(&last->link);
1060 }
1061
1062 error = security_inode_follow_link(dentry, inode,
1063 nd->flags & LOOKUP_RCU);
1064 if (unlikely(error))
1065 return ERR_PTR(error);
1066
1067 nd->last_type = LAST_BIND;
1068 res = READ_ONCE(inode->i_link);
1069 if (!res) {
1070 const char * (*get)(struct dentry *, struct inode *,
1071 struct delayed_call *);
1072 get = inode->i_op->get_link;
1073 if (nd->flags & LOOKUP_RCU) {
1074 res = get(NULL, inode, &last->done);
1075 if (res == ERR_PTR(-ECHILD)) {
1076 if (unlikely(unlazy_walk(nd)))
1077 return ERR_PTR(-ECHILD);
1078 res = get(dentry, inode, &last->done);
1079 }
1080 } else {
1081 res = get(dentry, inode, &last->done);
1082 }
1083 if (IS_ERR_OR_NULL(res))
1084 return res;
1085 }
1086 if (*res == '/') {
1087 if (!nd->root.mnt)
1088 set_root(nd);
1089 if (unlikely(nd_jump_root(nd)))
1090 return ERR_PTR(-ECHILD);
1091 while (unlikely(*++res == '/'))
1092 ;
1093 }
1094 if (!*res)
1095 res = NULL;
1096 return res;
1097}
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109int follow_up(struct path *path)
1110{
1111 struct mount *mnt = real_mount(path->mnt);
1112 struct mount *parent;
1113 struct dentry *mountpoint;
1114
1115 read_seqlock_excl(&mount_lock);
1116 parent = mnt->mnt_parent;
1117 if (parent == mnt) {
1118 read_sequnlock_excl(&mount_lock);
1119 return 0;
1120 }
1121 mntget(&parent->mnt);
1122 mountpoint = dget(mnt->mnt_mountpoint);
1123 read_sequnlock_excl(&mount_lock);
1124 dput(path->dentry);
1125 path->dentry = mountpoint;
1126 mntput(path->mnt);
1127 path->mnt = &parent->mnt;
1128 return 1;
1129}
1130EXPORT_SYMBOL(follow_up);
1131
1132
1133
1134
1135
1136
1137static int follow_automount(struct path *path, struct nameidata *nd,
1138 bool *need_mntput)
1139{
1140 struct vfsmount *mnt;
1141 int err;
1142
1143 if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
1144 return -EREMOTE;
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157 if (!(nd->flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY |
1158 LOOKUP_OPEN | LOOKUP_CREATE | LOOKUP_AUTOMOUNT)) &&
1159 path->dentry->d_inode)
1160 return -EISDIR;
1161
1162 nd->total_link_count++;
1163 if (nd->total_link_count >= 40)
1164 return -ELOOP;
1165
1166 mnt = path->dentry->d_op->d_automount(path);
1167 if (IS_ERR(mnt)) {
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177 if (PTR_ERR(mnt) == -EISDIR && (nd->flags & LOOKUP_PARENT))
1178 return -EREMOTE;
1179 return PTR_ERR(mnt);
1180 }
1181
1182 if (!mnt)
1183 return 0;
1184
1185 if (!*need_mntput) {
1186
1187 mntget(path->mnt);
1188 *need_mntput = true;
1189 }
1190 err = finish_automount(mnt, path);
1191
1192 switch (err) {
1193 case -EBUSY:
1194
1195 return 0;
1196 case 0:
1197 path_put(path);
1198 path->mnt = mnt;
1199 path->dentry = dget(mnt->mnt_root);
1200 return 0;
1201 default:
1202 return err;
1203 }
1204
1205}
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218static int follow_managed(struct path *path, struct nameidata *nd)
1219{
1220 struct vfsmount *mnt = path->mnt;
1221 unsigned flags;
1222 bool need_mntput = false;
1223 int ret = 0;
1224
1225
1226
1227
1228 while (flags = smp_load_acquire(&path->dentry->d_flags),
1229 unlikely(flags & DCACHE_MANAGED_DENTRY)) {
1230
1231
1232 if (flags & DCACHE_MANAGE_TRANSIT) {
1233 BUG_ON(!path->dentry->d_op);
1234 BUG_ON(!path->dentry->d_op->d_manage);
1235 ret = path->dentry->d_op->d_manage(path, false);
1236 flags = smp_load_acquire(&path->dentry->d_flags);
1237 if (ret < 0)
1238 break;
1239 }
1240
1241
1242 if (flags & DCACHE_MOUNTED) {
1243 struct vfsmount *mounted = lookup_mnt(path);
1244 if (mounted) {
1245 dput(path->dentry);
1246 if (need_mntput)
1247 mntput(path->mnt);
1248 path->mnt = mounted;
1249 path->dentry = dget(mounted->mnt_root);
1250 need_mntput = true;
1251 continue;
1252 }
1253
1254
1255
1256
1257
1258 }
1259
1260
1261 if (flags & DCACHE_NEED_AUTOMOUNT) {
1262 ret = follow_automount(path, nd, &need_mntput);
1263 if (ret < 0)
1264 break;
1265 continue;
1266 }
1267
1268
1269 break;
1270 }
1271
1272 if (need_mntput && path->mnt == mnt)
1273 mntput(path->mnt);
1274 if (need_mntput)
1275 nd->flags |= LOOKUP_JUMPED;
1276 if (ret == -EISDIR || !ret)
1277 ret = 1;
1278 if (ret > 0 && unlikely(d_flags_negative(flags)))
1279 ret = -ENOENT;
1280 if (unlikely(ret < 0))
1281 path_put_conditional(path, nd);
1282 return ret;
1283}
1284
1285int follow_down_one(struct path *path)
1286{
1287 struct vfsmount *mounted;
1288
1289 mounted = lookup_mnt(path);
1290 if (mounted) {
1291 dput(path->dentry);
1292 mntput(path->mnt);
1293 path->mnt = mounted;
1294 path->dentry = dget(mounted->mnt_root);
1295 return 1;
1296 }
1297 return 0;
1298}
1299EXPORT_SYMBOL(follow_down_one);
1300
1301static inline int managed_dentry_rcu(const struct path *path)
1302{
1303 return (path->dentry->d_flags & DCACHE_MANAGE_TRANSIT) ?
1304 path->dentry->d_op->d_manage(path, true) : 0;
1305}
1306
1307
1308
1309
1310
1311static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
1312 struct inode **inode, unsigned *seqp)
1313{
1314 for (;;) {
1315 struct mount *mounted;
1316
1317
1318
1319
1320 switch (managed_dentry_rcu(path)) {
1321 case -ECHILD:
1322 default:
1323 return false;
1324 case -EISDIR:
1325 return true;
1326 case 0:
1327 break;
1328 }
1329
1330 if (!d_mountpoint(path->dentry))
1331 return !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT);
1332
1333 mounted = __lookup_mnt(path->mnt, path->dentry);
1334 if (!mounted)
1335 break;
1336 path->mnt = &mounted->mnt;
1337 path->dentry = mounted->mnt.mnt_root;
1338 nd->flags |= LOOKUP_JUMPED;
1339 *seqp = read_seqcount_begin(&path->dentry->d_seq);
1340
1341
1342
1343
1344
1345 *inode = path->dentry->d_inode;
1346 }
1347 return !read_seqretry(&mount_lock, nd->m_seq) &&
1348 !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT);
1349}
1350
1351static int follow_dotdot_rcu(struct nameidata *nd)
1352{
1353 struct inode *inode = nd->inode;
1354
1355 while (1) {
1356 if (path_equal(&nd->path, &nd->root))
1357 break;
1358 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1359 struct dentry *old = nd->path.dentry;
1360 struct dentry *parent = old->d_parent;
1361 unsigned seq;
1362
1363 inode = parent->d_inode;
1364 seq = read_seqcount_begin(&parent->d_seq);
1365 if (unlikely(read_seqcount_retry(&old->d_seq, nd->seq)))
1366 return -ECHILD;
1367 nd->path.dentry = parent;
1368 nd->seq = seq;
1369 if (unlikely(!path_connected(&nd->path)))
1370 return -ENOENT;
1371 break;
1372 } else {
1373 struct mount *mnt = real_mount(nd->path.mnt);
1374 struct mount *mparent = mnt->mnt_parent;
1375 struct dentry *mountpoint = mnt->mnt_mountpoint;
1376 struct inode *inode2 = mountpoint->d_inode;
1377 unsigned seq = read_seqcount_begin(&mountpoint->d_seq);
1378 if (unlikely(read_seqretry(&mount_lock, nd->m_seq)))
1379 return -ECHILD;
1380 if (&mparent->mnt == nd->path.mnt)
1381 break;
1382
1383 nd->path.dentry = mountpoint;
1384 nd->path.mnt = &mparent->mnt;
1385 inode = inode2;
1386 nd->seq = seq;
1387 }
1388 }
1389 while (unlikely(d_mountpoint(nd->path.dentry))) {
1390 struct mount *mounted;
1391 mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
1392 if (unlikely(read_seqretry(&mount_lock, nd->m_seq)))
1393 return -ECHILD;
1394 if (!mounted)
1395 break;
1396 nd->path.mnt = &mounted->mnt;
1397 nd->path.dentry = mounted->mnt.mnt_root;
1398 inode = nd->path.dentry->d_inode;
1399 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
1400 }
1401 nd->inode = inode;
1402 return 0;
1403}
1404
1405
1406
1407
1408
1409
1410int follow_down(struct path *path)
1411{
1412 unsigned managed;
1413 int ret;
1414
1415 while (managed = READ_ONCE(path->dentry->d_flags),
1416 unlikely(managed & DCACHE_MANAGED_DENTRY)) {
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427 if (managed & DCACHE_MANAGE_TRANSIT) {
1428 BUG_ON(!path->dentry->d_op);
1429 BUG_ON(!path->dentry->d_op->d_manage);
1430 ret = path->dentry->d_op->d_manage(path, false);
1431 if (ret < 0)
1432 return ret == -EISDIR ? 0 : ret;
1433 }
1434
1435
1436 if (managed & DCACHE_MOUNTED) {
1437 struct vfsmount *mounted = lookup_mnt(path);
1438 if (!mounted)
1439 break;
1440 dput(path->dentry);
1441 mntput(path->mnt);
1442 path->mnt = mounted;
1443 path->dentry = dget(mounted->mnt_root);
1444 continue;
1445 }
1446
1447
1448 break;
1449 }
1450 return 0;
1451}
1452EXPORT_SYMBOL(follow_down);
1453
1454
1455
1456
1457static void follow_mount(struct path *path)
1458{
1459 while (d_mountpoint(path->dentry)) {
1460 struct vfsmount *mounted = lookup_mnt(path);
1461 if (!mounted)
1462 break;
1463 dput(path->dentry);
1464 mntput(path->mnt);
1465 path->mnt = mounted;
1466 path->dentry = dget(mounted->mnt_root);
1467 }
1468}
1469
1470static int path_parent_directory(struct path *path)
1471{
1472 struct dentry *old = path->dentry;
1473
1474 path->dentry = dget_parent(path->dentry);
1475 dput(old);
1476 if (unlikely(!path_connected(path)))
1477 return -ENOENT;
1478 return 0;
1479}
1480
1481static int follow_dotdot(struct nameidata *nd)
1482{
1483 while(1) {
1484 if (path_equal(&nd->path, &nd->root))
1485 break;
1486 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1487 int ret = path_parent_directory(&nd->path);
1488 if (ret)
1489 return ret;
1490 break;
1491 }
1492 if (!follow_up(&nd->path))
1493 break;
1494 }
1495 follow_mount(&nd->path);
1496 nd->inode = nd->path.dentry->d_inode;
1497 return 0;
1498}
1499
1500
1501
1502
1503
1504static struct dentry *lookup_dcache(const struct qstr *name,
1505 struct dentry *dir,
1506 unsigned int flags)
1507{
1508 struct dentry *dentry = d_lookup(dir, name);
1509 if (dentry) {
1510 int error = d_revalidate(dentry, flags);
1511 if (unlikely(error <= 0)) {
1512 if (!error)
1513 d_invalidate(dentry);
1514 dput(dentry);
1515 return ERR_PTR(error);
1516 }
1517 }
1518 return dentry;
1519}
1520
1521
1522
1523
1524
1525
1526
1527
1528static struct dentry *__lookup_hash(const struct qstr *name,
1529 struct dentry *base, unsigned int flags)
1530{
1531 struct dentry *dentry = lookup_dcache(name, base, flags);
1532 struct dentry *old;
1533 struct inode *dir = base->d_inode;
1534
1535 if (dentry)
1536 return dentry;
1537
1538
1539 if (unlikely(IS_DEADDIR(dir)))
1540 return ERR_PTR(-ENOENT);
1541
1542 dentry = d_alloc(base, name);
1543 if (unlikely(!dentry))
1544 return ERR_PTR(-ENOMEM);
1545
1546 old = dir->i_op->lookup(dir, dentry, flags);
1547 if (unlikely(old)) {
1548 dput(dentry);
1549 dentry = old;
1550 }
1551 return dentry;
1552}
1553
1554static int lookup_fast(struct nameidata *nd,
1555 struct path *path, struct inode **inode,
1556 unsigned *seqp)
1557{
1558 struct vfsmount *mnt = nd->path.mnt;
1559 struct dentry *dentry, *parent = nd->path.dentry;
1560 int status = 1;
1561 int err;
1562
1563
1564
1565
1566
1567
1568 if (nd->flags & LOOKUP_RCU) {
1569 unsigned seq;
1570 bool negative;
1571 dentry = __d_lookup_rcu(parent, &nd->last, &seq);
1572 if (unlikely(!dentry)) {
1573 if (unlazy_walk(nd))
1574 return -ECHILD;
1575 return 0;
1576 }
1577
1578
1579
1580
1581
1582 *inode = d_backing_inode(dentry);
1583 negative = d_is_negative(dentry);
1584 if (unlikely(read_seqcount_retry(&dentry->d_seq, seq)))
1585 return -ECHILD;
1586
1587
1588
1589
1590
1591
1592
1593
1594 if (unlikely(__read_seqcount_retry(&parent->d_seq, nd->seq)))
1595 return -ECHILD;
1596
1597 *seqp = seq;
1598 status = d_revalidate(dentry, nd->flags);
1599 if (likely(status > 0)) {
1600
1601
1602
1603
1604 if (unlikely(negative))
1605 return -ENOENT;
1606 path->mnt = mnt;
1607 path->dentry = dentry;
1608 if (likely(__follow_mount_rcu(nd, path, inode, seqp)))
1609 return 1;
1610 }
1611 if (unlazy_child(nd, dentry, seq))
1612 return -ECHILD;
1613 if (unlikely(status == -ECHILD))
1614
1615 status = d_revalidate(dentry, nd->flags);
1616 } else {
1617 dentry = __d_lookup(parent, &nd->last);
1618 if (unlikely(!dentry))
1619 return 0;
1620 status = d_revalidate(dentry, nd->flags);
1621 }
1622 if (unlikely(status <= 0)) {
1623 if (!status)
1624 d_invalidate(dentry);
1625 dput(dentry);
1626 return status;
1627 }
1628
1629 path->mnt = mnt;
1630 path->dentry = dentry;
1631 err = follow_managed(path, nd);
1632 if (likely(err > 0))
1633 *inode = d_backing_inode(path->dentry);
1634 return err;
1635}
1636
1637
1638static struct dentry *__lookup_slow(const struct qstr *name,
1639 struct dentry *dir,
1640 unsigned int flags)
1641{
1642 struct dentry *dentry, *old;
1643 struct inode *inode = dir->d_inode;
1644 DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq);
1645
1646
1647 if (unlikely(IS_DEADDIR(inode)))
1648 return ERR_PTR(-ENOENT);
1649again:
1650 dentry = d_alloc_parallel(dir, name, &wq);
1651 if (IS_ERR(dentry))
1652 return dentry;
1653 if (unlikely(!d_in_lookup(dentry))) {
1654 int error = d_revalidate(dentry, flags);
1655 if (unlikely(error <= 0)) {
1656 if (!error) {
1657 d_invalidate(dentry);
1658 dput(dentry);
1659 goto again;
1660 }
1661 dput(dentry);
1662 dentry = ERR_PTR(error);
1663 }
1664 } else {
1665 old = inode->i_op->lookup(inode, dentry, flags);
1666 d_lookup_done(dentry);
1667 if (unlikely(old)) {
1668 dput(dentry);
1669 dentry = old;
1670 }
1671 }
1672 return dentry;
1673}
1674
1675static struct dentry *lookup_slow(const struct qstr *name,
1676 struct dentry *dir,
1677 unsigned int flags)
1678{
1679 struct inode *inode = dir->d_inode;
1680 struct dentry *res;
1681 inode_lock_shared(inode);
1682 res = __lookup_slow(name, dir, flags);
1683 inode_unlock_shared(inode);
1684 return res;
1685}
1686
1687static inline int may_lookup(struct nameidata *nd)
1688{
1689 if (nd->flags & LOOKUP_RCU) {
1690 int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1691 if (err != -ECHILD)
1692 return err;
1693 if (unlazy_walk(nd))
1694 return -ECHILD;
1695 }
1696 return inode_permission(nd->inode, MAY_EXEC);
1697}
1698
1699static inline int handle_dots(struct nameidata *nd, int type)
1700{
1701 if (type == LAST_DOTDOT) {
1702 if (!nd->root.mnt)
1703 set_root(nd);
1704 if (nd->flags & LOOKUP_RCU) {
1705 return follow_dotdot_rcu(nd);
1706 } else
1707 return follow_dotdot(nd);
1708 }
1709 return 0;
1710}
1711
1712static int pick_link(struct nameidata *nd, struct path *link,
1713 struct inode *inode, unsigned seq)
1714{
1715 int error;
1716 struct saved *last;
1717 if (unlikely(nd->total_link_count++ >= MAXSYMLINKS)) {
1718 path_to_nameidata(link, nd);
1719 return -ELOOP;
1720 }
1721 if (!(nd->flags & LOOKUP_RCU)) {
1722 if (link->mnt == nd->path.mnt)
1723 mntget(link->mnt);
1724 }
1725 error = nd_alloc_stack(nd);
1726 if (unlikely(error)) {
1727 if (error == -ECHILD) {
1728 if (unlikely(!legitimize_path(nd, link, seq))) {
1729 drop_links(nd);
1730 nd->depth = 0;
1731 nd->flags &= ~LOOKUP_RCU;
1732 nd->path.mnt = NULL;
1733 nd->path.dentry = NULL;
1734 rcu_read_unlock();
1735 } else if (likely(unlazy_walk(nd)) == 0)
1736 error = nd_alloc_stack(nd);
1737 }
1738 if (error) {
1739 path_put(link);
1740 return error;
1741 }
1742 }
1743
1744 last = nd->stack + nd->depth++;
1745 last->link = *link;
1746 clear_delayed_call(&last->done);
1747 nd->link_inode = inode;
1748 last->seq = seq;
1749 return 1;
1750}
1751
1752enum {WALK_FOLLOW = 1, WALK_MORE = 2};
1753
1754
1755
1756
1757
1758
1759
1760static inline int step_into(struct nameidata *nd, struct path *path,
1761 int flags, struct inode *inode, unsigned seq)
1762{
1763 if (!(flags & WALK_MORE) && nd->depth)
1764 put_link(nd);
1765 if (likely(!d_is_symlink(path->dentry)) ||
1766 !(flags & WALK_FOLLOW || nd->flags & LOOKUP_FOLLOW)) {
1767
1768 path_to_nameidata(path, nd);
1769 nd->inode = inode;
1770 nd->seq = seq;
1771 return 0;
1772 }
1773
1774 if (nd->flags & LOOKUP_RCU) {
1775 if (read_seqcount_retry(&path->dentry->d_seq, seq))
1776 return -ECHILD;
1777 }
1778 return pick_link(nd, path, inode, seq);
1779}
1780
1781static int walk_component(struct nameidata *nd, int flags)
1782{
1783 struct path path;
1784 struct inode *inode;
1785 unsigned seq;
1786 int err;
1787
1788
1789
1790
1791
1792 if (unlikely(nd->last_type != LAST_NORM)) {
1793 err = handle_dots(nd, nd->last_type);
1794 if (!(flags & WALK_MORE) && nd->depth)
1795 put_link(nd);
1796 return err;
1797 }
1798 err = lookup_fast(nd, &path, &inode, &seq);
1799 if (unlikely(err <= 0)) {
1800 if (err < 0)
1801 return err;
1802 path.dentry = lookup_slow(&nd->last, nd->path.dentry,
1803 nd->flags);
1804 if (IS_ERR(path.dentry))
1805 return PTR_ERR(path.dentry);
1806
1807 path.mnt = nd->path.mnt;
1808 err = follow_managed(&path, nd);
1809 if (unlikely(err < 0))
1810 return err;
1811
1812 seq = 0;
1813 inode = d_backing_inode(path.dentry);
1814 }
1815
1816 return step_into(nd, &path, flags, inode, seq);
1817}
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836#ifdef CONFIG_DCACHE_WORD_ACCESS
1837
1838#include <asm/word-at-a-time.h>
1839
1840#ifdef HASH_MIX
1841
1842
1843
1844#elif defined(CONFIG_64BIT)
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874#define HASH_MIX(x, y, a) \
1875 ( x ^= (a), \
1876 y ^= x, x = rol64(x,12),\
1877 x += y, y = rol64(y,45),\
1878 y *= 9 )
1879
1880
1881
1882
1883
1884
1885static inline unsigned int fold_hash(unsigned long x, unsigned long y)
1886{
1887 y ^= x * GOLDEN_RATIO_64;
1888 y *= GOLDEN_RATIO_64;
1889 return y >> 32;
1890}
1891
1892#else
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904#define HASH_MIX(x, y, a) \
1905 ( x ^= (a), \
1906 y ^= x, x = rol32(x, 7),\
1907 x += y, y = rol32(y,20),\
1908 y *= 9 )
1909
1910static inline unsigned int fold_hash(unsigned long x, unsigned long y)
1911{
1912
1913 return __hash_32(y ^ __hash_32(x));
1914}
1915
1916#endif
1917
1918
1919
1920
1921
1922
1923
1924
1925unsigned int full_name_hash(const void *salt, const char *name, unsigned int len)
1926{
1927 unsigned long a, x = 0, y = (unsigned long)salt;
1928
1929 for (;;) {
1930 if (!len)
1931 goto done;
1932 a = load_unaligned_zeropad(name);
1933 if (len < sizeof(unsigned long))
1934 break;
1935 HASH_MIX(x, y, a);
1936 name += sizeof(unsigned long);
1937 len -= sizeof(unsigned long);
1938 }
1939 x ^= a & bytemask_from_count(len);
1940done:
1941 return fold_hash(x, y);
1942}
1943EXPORT_SYMBOL(full_name_hash);
1944
1945
1946u64 hashlen_string(const void *salt, const char *name)
1947{
1948 unsigned long a = 0, x = 0, y = (unsigned long)salt;
1949 unsigned long adata, mask, len;
1950 const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
1951
1952 len = 0;
1953 goto inside;
1954
1955 do {
1956 HASH_MIX(x, y, a);
1957 len += sizeof(unsigned long);
1958inside:
1959 a = load_unaligned_zeropad(name+len);
1960 } while (!has_zero(a, &adata, &constants));
1961
1962 adata = prep_zero_mask(a, adata, &constants);
1963 mask = create_zero_mask(adata);
1964 x ^= a & zero_bytemask(mask);
1965
1966 return hashlen_create(fold_hash(x, y), len + find_zero(mask));
1967}
1968EXPORT_SYMBOL(hashlen_string);
1969
1970
1971
1972
1973
1974static inline u64 hash_name(const void *salt, const char *name)
1975{
1976 unsigned long a = 0, b, x = 0, y = (unsigned long)salt;
1977 unsigned long adata, bdata, mask, len;
1978 const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
1979
1980 len = 0;
1981 goto inside;
1982
1983 do {
1984 HASH_MIX(x, y, a);
1985 len += sizeof(unsigned long);
1986inside:
1987 a = load_unaligned_zeropad(name+len);
1988 b = a ^ REPEAT_BYTE('/');
1989 } while (!(has_zero(a, &adata, &constants) | has_zero(b, &bdata, &constants)));
1990
1991 adata = prep_zero_mask(a, adata, &constants);
1992 bdata = prep_zero_mask(b, bdata, &constants);
1993 mask = create_zero_mask(adata | bdata);
1994 x ^= a & zero_bytemask(mask);
1995
1996 return hashlen_create(fold_hash(x, y), len + find_zero(mask));
1997}
1998
1999#else
2000
2001
2002unsigned int full_name_hash(const void *salt, const char *name, unsigned int len)
2003{
2004 unsigned long hash = init_name_hash(salt);
2005 while (len--)
2006 hash = partial_name_hash((unsigned char)*name++, hash);
2007 return end_name_hash(hash);
2008}
2009EXPORT_SYMBOL(full_name_hash);
2010
2011
2012u64 hashlen_string(const void *salt, const char *name)
2013{
2014 unsigned long hash = init_name_hash(salt);
2015 unsigned long len = 0, c;
2016
2017 c = (unsigned char)*name;
2018 while (c) {
2019 len++;
2020 hash = partial_name_hash(c, hash);
2021 c = (unsigned char)name[len];
2022 }
2023 return hashlen_create(end_name_hash(hash), len);
2024}
2025EXPORT_SYMBOL(hashlen_string);
2026
2027
2028
2029
2030
2031static inline u64 hash_name(const void *salt, const char *name)
2032{
2033 unsigned long hash = init_name_hash(salt);
2034 unsigned long len = 0, c;
2035
2036 c = (unsigned char)*name;
2037 do {
2038 len++;
2039 hash = partial_name_hash(c, hash);
2040 c = (unsigned char)name[len];
2041 } while (c && c != '/');
2042 return hashlen_create(end_name_hash(hash), len);
2043}
2044
2045#endif
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055static int link_path_walk(const char *name, struct nameidata *nd)
2056{
2057 int err;
2058
2059 if (IS_ERR(name))
2060 return PTR_ERR(name);
2061 while (*name=='/')
2062 name++;
2063 if (!*name)
2064 return 0;
2065
2066
2067 for(;;) {
2068 u64 hash_len;
2069 int type;
2070
2071 err = may_lookup(nd);
2072 if (err)
2073 return err;
2074
2075 hash_len = hash_name(nd->path.dentry, name);
2076
2077 type = LAST_NORM;
2078 if (name[0] == '.') switch (hashlen_len(hash_len)) {
2079 case 2:
2080 if (name[1] == '.') {
2081 type = LAST_DOTDOT;
2082 nd->flags |= LOOKUP_JUMPED;
2083 }
2084 break;
2085 case 1:
2086 type = LAST_DOT;
2087 }
2088 if (likely(type == LAST_NORM)) {
2089 struct dentry *parent = nd->path.dentry;
2090 nd->flags &= ~LOOKUP_JUMPED;
2091 if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
2092 struct qstr this = { { .hash_len = hash_len }, .name = name };
2093 err = parent->d_op->d_hash(parent, &this);
2094 if (err < 0)
2095 return err;
2096 hash_len = this.hash_len;
2097 name = this.name;
2098 }
2099 }
2100
2101 nd->last.hash_len = hash_len;
2102 nd->last.name = name;
2103 nd->last_type = type;
2104
2105 name += hashlen_len(hash_len);
2106 if (!*name)
2107 goto OK;
2108
2109
2110
2111
2112 do {
2113 name++;
2114 } while (unlikely(*name == '/'));
2115 if (unlikely(!*name)) {
2116OK:
2117
2118 if (!nd->depth)
2119 return 0;
2120 name = nd->stack[nd->depth - 1].name;
2121
2122 if (!name)
2123 return 0;
2124
2125 err = walk_component(nd, WALK_FOLLOW);
2126 } else {
2127
2128 err = walk_component(nd, WALK_FOLLOW | WALK_MORE);
2129 }
2130 if (err < 0)
2131 return err;
2132
2133 if (err) {
2134 const char *s = get_link(nd);
2135
2136 if (IS_ERR(s))
2137 return PTR_ERR(s);
2138 err = 0;
2139 if (unlikely(!s)) {
2140
2141 put_link(nd);
2142 } else {
2143 nd->stack[nd->depth - 1].name = name;
2144 name = s;
2145 continue;
2146 }
2147 }
2148 if (unlikely(!d_can_lookup(nd->path.dentry))) {
2149 if (nd->flags & LOOKUP_RCU) {
2150 if (unlazy_walk(nd))
2151 return -ECHILD;
2152 }
2153 return -ENOTDIR;
2154 }
2155 }
2156}
2157
2158
2159static const char *path_init(struct nameidata *nd, unsigned flags)
2160{
2161 const char *s = nd->name->name;
2162
2163 if (!*s)
2164 flags &= ~LOOKUP_RCU;
2165 if (flags & LOOKUP_RCU)
2166 rcu_read_lock();
2167
2168 nd->last_type = LAST_ROOT;
2169 nd->flags = flags | LOOKUP_JUMPED | LOOKUP_PARENT;
2170 nd->depth = 0;
2171 if (flags & LOOKUP_ROOT) {
2172 struct dentry *root = nd->root.dentry;
2173 struct inode *inode = root->d_inode;
2174 if (*s && unlikely(!d_can_lookup(root)))
2175 return ERR_PTR(-ENOTDIR);
2176 nd->path = nd->root;
2177 nd->inode = inode;
2178 if (flags & LOOKUP_RCU) {
2179 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
2180 nd->root_seq = nd->seq;
2181 nd->m_seq = read_seqbegin(&mount_lock);
2182 } else {
2183 path_get(&nd->path);
2184 }
2185 return s;
2186 }
2187
2188 nd->root.mnt = NULL;
2189 nd->path.mnt = NULL;
2190 nd->path.dentry = NULL;
2191
2192 nd->m_seq = read_seqbegin(&mount_lock);
2193 if (*s == '/') {
2194 set_root(nd);
2195 if (likely(!nd_jump_root(nd)))
2196 return s;
2197 return ERR_PTR(-ECHILD);
2198 } else if (nd->dfd == AT_FDCWD) {
2199 if (flags & LOOKUP_RCU) {
2200 struct fs_struct *fs = current->fs;
2201 unsigned seq;
2202
2203 do {
2204 seq = read_seqcount_begin(&fs->seq);
2205 nd->path = fs->pwd;
2206 nd->inode = nd->path.dentry->d_inode;
2207 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
2208 } while (read_seqcount_retry(&fs->seq, seq));
2209 } else {
2210 get_fs_pwd(current->fs, &nd->path);
2211 nd->inode = nd->path.dentry->d_inode;
2212 }
2213 return s;
2214 } else {
2215
2216 struct fd f = fdget_raw(nd->dfd);
2217 struct dentry *dentry;
2218
2219 if (!f.file)
2220 return ERR_PTR(-EBADF);
2221
2222 dentry = f.file->f_path.dentry;
2223
2224 if (*s && unlikely(!d_can_lookup(dentry))) {
2225 fdput(f);
2226 return ERR_PTR(-ENOTDIR);
2227 }
2228
2229 nd->path = f.file->f_path;
2230 if (flags & LOOKUP_RCU) {
2231 nd->inode = nd->path.dentry->d_inode;
2232 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
2233 } else {
2234 path_get(&nd->path);
2235 nd->inode = nd->path.dentry->d_inode;
2236 }
2237 fdput(f);
2238 return s;
2239 }
2240}
2241
2242static const char *trailing_symlink(struct nameidata *nd)
2243{
2244 const char *s;
2245 int error = may_follow_link(nd);
2246 if (unlikely(error))
2247 return ERR_PTR(error);
2248 nd->flags |= LOOKUP_PARENT;
2249 nd->stack[0].name = NULL;
2250 s = get_link(nd);
2251 return s ? s : "";
2252}
2253
2254static inline int lookup_last(struct nameidata *nd)
2255{
2256 if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
2257 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
2258
2259 nd->flags &= ~LOOKUP_PARENT;
2260 return walk_component(nd, 0);
2261}
2262
2263static int handle_lookup_down(struct nameidata *nd)
2264{
2265 struct path path = nd->path;
2266 struct inode *inode = nd->inode;
2267 unsigned seq = nd->seq;
2268 int err;
2269
2270 if (nd->flags & LOOKUP_RCU) {
2271
2272
2273
2274
2275
2276 if (unlikely(!__follow_mount_rcu(nd, &path, &inode, &seq)))
2277 return -ECHILD;
2278 } else {
2279 dget(path.dentry);
2280 err = follow_managed(&path, nd);
2281 if (unlikely(err < 0))
2282 return err;
2283 inode = d_backing_inode(path.dentry);
2284 seq = 0;
2285 }
2286 path_to_nameidata(&path, nd);
2287 nd->inode = inode;
2288 nd->seq = seq;
2289 return 0;
2290}
2291
2292
2293static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path)
2294{
2295 const char *s = path_init(nd, flags);
2296 int err;
2297
2298 if (unlikely(flags & LOOKUP_DOWN) && !IS_ERR(s)) {
2299 err = handle_lookup_down(nd);
2300 if (unlikely(err < 0))
2301 s = ERR_PTR(err);
2302 }
2303
2304 while (!(err = link_path_walk(s, nd))
2305 && ((err = lookup_last(nd)) > 0)) {
2306 s = trailing_symlink(nd);
2307 }
2308 if (!err)
2309 err = complete_walk(nd);
2310
2311 if (!err && nd->flags & LOOKUP_DIRECTORY)
2312 if (!d_can_lookup(nd->path.dentry))
2313 err = -ENOTDIR;
2314 if (!err) {
2315 *path = nd->path;
2316 nd->path.mnt = NULL;
2317 nd->path.dentry = NULL;
2318 }
2319 terminate_walk(nd);
2320 return err;
2321}
2322
2323int filename_lookup(int dfd, struct filename *name, unsigned flags,
2324 struct path *path, struct path *root)
2325{
2326 int retval;
2327 struct nameidata nd;
2328 if (IS_ERR(name))
2329 return PTR_ERR(name);
2330 if (unlikely(root)) {
2331 nd.root = *root;
2332 flags |= LOOKUP_ROOT;
2333 }
2334 set_nameidata(&nd, dfd, name);
2335 retval = path_lookupat(&nd, flags | LOOKUP_RCU, path);
2336 if (unlikely(retval == -ECHILD))
2337 retval = path_lookupat(&nd, flags, path);
2338 if (unlikely(retval == -ESTALE))
2339 retval = path_lookupat(&nd, flags | LOOKUP_REVAL, path);
2340
2341 if (likely(!retval))
2342 audit_inode(name, path->dentry, 0);
2343 restore_nameidata();
2344 putname(name);
2345 return retval;
2346}
2347
2348
2349static int path_parentat(struct nameidata *nd, unsigned flags,
2350 struct path *parent)
2351{
2352 const char *s = path_init(nd, flags);
2353 int err = link_path_walk(s, nd);
2354 if (!err)
2355 err = complete_walk(nd);
2356 if (!err) {
2357 *parent = nd->path;
2358 nd->path.mnt = NULL;
2359 nd->path.dentry = NULL;
2360 }
2361 terminate_walk(nd);
2362 return err;
2363}
2364
2365static struct filename *filename_parentat(int dfd, struct filename *name,
2366 unsigned int flags, struct path *parent,
2367 struct qstr *last, int *type)
2368{
2369 int retval;
2370 struct nameidata nd;
2371
2372 if (IS_ERR(name))
2373 return name;
2374 set_nameidata(&nd, dfd, name);
2375 retval = path_parentat(&nd, flags | LOOKUP_RCU, parent);
2376 if (unlikely(retval == -ECHILD))
2377 retval = path_parentat(&nd, flags, parent);
2378 if (unlikely(retval == -ESTALE))
2379 retval = path_parentat(&nd, flags | LOOKUP_REVAL, parent);
2380 if (likely(!retval)) {
2381 *last = nd.last;
2382 *type = nd.last_type;
2383 audit_inode(name, parent->dentry, AUDIT_INODE_PARENT);
2384 } else {
2385 putname(name);
2386 name = ERR_PTR(retval);
2387 }
2388 restore_nameidata();
2389 return name;
2390}
2391
2392
2393struct dentry *kern_path_locked(const char *name, struct path *path)
2394{
2395 struct filename *filename;
2396 struct dentry *d;
2397 struct qstr last;
2398 int type;
2399
2400 filename = filename_parentat(AT_FDCWD, getname_kernel(name), 0, path,
2401 &last, &type);
2402 if (IS_ERR(filename))
2403 return ERR_CAST(filename);
2404 if (unlikely(type != LAST_NORM)) {
2405 path_put(path);
2406 putname(filename);
2407 return ERR_PTR(-EINVAL);
2408 }
2409 inode_lock_nested(path->dentry->d_inode, I_MUTEX_PARENT);
2410 d = __lookup_hash(&last, path->dentry, 0);
2411 if (IS_ERR(d)) {
2412 inode_unlock(path->dentry->d_inode);
2413 path_put(path);
2414 }
2415 putname(filename);
2416 return d;
2417}
2418
2419int kern_path(const char *name, unsigned int flags, struct path *path)
2420{
2421 return filename_lookup(AT_FDCWD, getname_kernel(name),
2422 flags, path, NULL);
2423}
2424EXPORT_SYMBOL(kern_path);
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
2435 const char *name, unsigned int flags,
2436 struct path *path)
2437{
2438 struct path root = {.mnt = mnt, .dentry = dentry};
2439
2440 return filename_lookup(AT_FDCWD, getname_kernel(name),
2441 flags , path, &root);
2442}
2443EXPORT_SYMBOL(vfs_path_lookup);
2444
2445static int lookup_one_len_common(const char *name, struct dentry *base,
2446 int len, struct qstr *this)
2447{
2448 this->name = name;
2449 this->len = len;
2450 this->hash = full_name_hash(base, name, len);
2451 if (!len)
2452 return -EACCES;
2453
2454 if (unlikely(name[0] == '.')) {
2455 if (len < 2 || (len == 2 && name[1] == '.'))
2456 return -EACCES;
2457 }
2458
2459 while (len--) {
2460 unsigned int c = *(const unsigned char *)name++;
2461 if (c == '/' || c == '\0')
2462 return -EACCES;
2463 }
2464
2465
2466
2467
2468 if (base->d_flags & DCACHE_OP_HASH) {
2469 int err = base->d_op->d_hash(base, this);
2470 if (err < 0)
2471 return err;
2472 }
2473
2474 return inode_permission(base->d_inode, MAY_EXEC);
2475}
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491struct dentry *try_lookup_one_len(const char *name, struct dentry *base, int len)
2492{
2493 struct qstr this;
2494 int err;
2495
2496 WARN_ON_ONCE(!inode_is_locked(base->d_inode));
2497
2498 err = lookup_one_len_common(name, base, len, &this);
2499 if (err)
2500 return ERR_PTR(err);
2501
2502 return lookup_dcache(&this, base, 0);
2503}
2504EXPORT_SYMBOL(try_lookup_one_len);
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
2518{
2519 struct dentry *dentry;
2520 struct qstr this;
2521 int err;
2522
2523 WARN_ON_ONCE(!inode_is_locked(base->d_inode));
2524
2525 err = lookup_one_len_common(name, base, len, &this);
2526 if (err)
2527 return ERR_PTR(err);
2528
2529 dentry = lookup_dcache(&this, base, 0);
2530 return dentry ? dentry : __lookup_slow(&this, base, 0);
2531}
2532EXPORT_SYMBOL(lookup_one_len);
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546struct dentry *lookup_one_len_unlocked(const char *name,
2547 struct dentry *base, int len)
2548{
2549 struct qstr this;
2550 int err;
2551 struct dentry *ret;
2552
2553 err = lookup_one_len_common(name, base, len, &this);
2554 if (err)
2555 return ERR_PTR(err);
2556
2557 ret = lookup_dcache(&this, base, 0);
2558 if (!ret)
2559 ret = lookup_slow(&this, base, 0);
2560 return ret;
2561}
2562EXPORT_SYMBOL(lookup_one_len_unlocked);
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572struct dentry *lookup_positive_unlocked(const char *name,
2573 struct dentry *base, int len)
2574{
2575 struct dentry *ret = lookup_one_len_unlocked(name, base, len);
2576 if (!IS_ERR(ret) && d_flags_negative(smp_load_acquire(&ret->d_flags))) {
2577 dput(ret);
2578 ret = ERR_PTR(-ENOENT);
2579 }
2580 return ret;
2581}
2582EXPORT_SYMBOL(lookup_positive_unlocked);
2583
2584#ifdef CONFIG_UNIX98_PTYS
2585int path_pts(struct path *path)
2586{
2587
2588
2589
2590 struct dentry *child, *parent;
2591 struct qstr this;
2592 int ret;
2593
2594 ret = path_parent_directory(path);
2595 if (ret)
2596 return ret;
2597
2598 parent = path->dentry;
2599 this.name = "pts";
2600 this.len = 3;
2601 child = d_hash_and_lookup(parent, &this);
2602 if (!child)
2603 return -ENOENT;
2604
2605 path->dentry = child;
2606 dput(parent);
2607 follow_mount(path);
2608 return 0;
2609}
2610#endif
2611
2612int user_path_at_empty(int dfd, const char __user *name, unsigned flags,
2613 struct path *path, int *empty)
2614{
2615 return filename_lookup(dfd, getname_flags(name, flags, empty),
2616 flags, path, NULL);
2617}
2618EXPORT_SYMBOL(user_path_at_empty);
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629static int
2630path_mountpoint(struct nameidata *nd, unsigned flags, struct path *path)
2631{
2632 const char *s = path_init(nd, flags);
2633 int err;
2634
2635 while (!(err = link_path_walk(s, nd)) &&
2636 (err = lookup_last(nd)) > 0) {
2637 s = trailing_symlink(nd);
2638 }
2639 if (!err && (nd->flags & LOOKUP_RCU))
2640 err = unlazy_walk(nd);
2641 if (!err)
2642 err = handle_lookup_down(nd);
2643 if (!err) {
2644 *path = nd->path;
2645 nd->path.mnt = NULL;
2646 nd->path.dentry = NULL;
2647 }
2648 terminate_walk(nd);
2649 return err;
2650}
2651
2652static int
2653filename_mountpoint(int dfd, struct filename *name, struct path *path,
2654 unsigned int flags)
2655{
2656 struct nameidata nd;
2657 int error;
2658 if (IS_ERR(name))
2659 return PTR_ERR(name);
2660 set_nameidata(&nd, dfd, name);
2661 error = path_mountpoint(&nd, flags | LOOKUP_RCU, path);
2662 if (unlikely(error == -ECHILD))
2663 error = path_mountpoint(&nd, flags, path);
2664 if (unlikely(error == -ESTALE))
2665 error = path_mountpoint(&nd, flags | LOOKUP_REVAL, path);
2666 if (likely(!error))
2667 audit_inode(name, path->dentry, AUDIT_INODE_NOEVAL);
2668 restore_nameidata();
2669 putname(name);
2670 return error;
2671}
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687int
2688user_path_mountpoint_at(int dfd, const char __user *name, unsigned int flags,
2689 struct path *path)
2690{
2691 return filename_mountpoint(dfd, getname(name), path, flags);
2692}
2693
2694int
2695kern_path_mountpoint(int dfd, const char *name, struct path *path,
2696 unsigned int flags)
2697{
2698 return filename_mountpoint(dfd, getname_kernel(name), path, flags);
2699}
2700EXPORT_SYMBOL(kern_path_mountpoint);
2701
2702int __check_sticky(struct inode *dir, struct inode *inode)
2703{
2704 kuid_t fsuid = current_fsuid();
2705
2706 if (uid_eq(inode->i_uid, fsuid))
2707 return 0;
2708 if (uid_eq(dir->i_uid, fsuid))
2709 return 0;
2710 return !capable_wrt_inode_uidgid(inode, CAP_FOWNER);
2711}
2712EXPORT_SYMBOL(__check_sticky);
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
2735{
2736 struct inode *inode = d_backing_inode(victim);
2737 int error;
2738
2739 if (d_is_negative(victim))
2740 return -ENOENT;
2741 BUG_ON(!inode);
2742
2743 BUG_ON(victim->d_parent->d_inode != dir);
2744
2745
2746 if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
2747 return -EOVERFLOW;
2748
2749 audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE);
2750
2751 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
2752 if (error)
2753 return error;
2754 if (IS_APPEND(dir))
2755 return -EPERM;
2756
2757 if (check_sticky(dir, inode) || IS_APPEND(inode) ||
2758 IS_IMMUTABLE(inode) || IS_SWAPFILE(inode) || HAS_UNMAPPED_ID(inode))
2759 return -EPERM;
2760 if (isdir) {
2761 if (!d_is_dir(victim))
2762 return -ENOTDIR;
2763 if (IS_ROOT(victim))
2764 return -EBUSY;
2765 } else if (d_is_dir(victim))
2766 return -EISDIR;
2767 if (IS_DEADDIR(dir))
2768 return -ENOENT;
2769 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
2770 return -EBUSY;
2771 return 0;
2772}
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783static inline int may_create(struct inode *dir, struct dentry *child)
2784{
2785 struct user_namespace *s_user_ns;
2786 audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);
2787 if (child->d_inode)
2788 return -EEXIST;
2789 if (IS_DEADDIR(dir))
2790 return -ENOENT;
2791 s_user_ns = dir->i_sb->s_user_ns;
2792 if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||
2793 !kgid_has_mapping(s_user_ns, current_fsgid()))
2794 return -EOVERFLOW;
2795 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
2796}
2797
2798
2799
2800
2801struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
2802{
2803 struct dentry *p;
2804
2805 if (p1 == p2) {
2806 inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2807 return NULL;
2808 }
2809
2810 mutex_lock(&p1->d_sb->s_vfs_rename_mutex);
2811
2812 p = d_ancestor(p2, p1);
2813 if (p) {
2814 inode_lock_nested(p2->d_inode, I_MUTEX_PARENT);
2815 inode_lock_nested(p1->d_inode, I_MUTEX_CHILD);
2816 return p;
2817 }
2818
2819 p = d_ancestor(p1, p2);
2820 if (p) {
2821 inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2822 inode_lock_nested(p2->d_inode, I_MUTEX_CHILD);
2823 return p;
2824 }
2825
2826 inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2827 inode_lock_nested(p2->d_inode, I_MUTEX_PARENT2);
2828 return NULL;
2829}
2830EXPORT_SYMBOL(lock_rename);
2831
2832void unlock_rename(struct dentry *p1, struct dentry *p2)
2833{
2834 inode_unlock(p1->d_inode);
2835 if (p1 != p2) {
2836 inode_unlock(p2->d_inode);
2837 mutex_unlock(&p1->d_sb->s_vfs_rename_mutex);
2838 }
2839}
2840EXPORT_SYMBOL(unlock_rename);
2841
2842int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
2843 bool want_excl)
2844{
2845 int error = may_create(dir, dentry);
2846 if (error)
2847 return error;
2848
2849 if (!dir->i_op->create)
2850 return -EACCES;
2851 mode &= S_IALLUGO;
2852 mode |= S_IFREG;
2853 error = security_inode_create(dir, dentry, mode);
2854 if (error)
2855 return error;
2856 error = dir->i_op->create(dir, dentry, mode, want_excl);
2857 if (!error)
2858 fsnotify_create(dir, dentry);
2859 return error;
2860}
2861EXPORT_SYMBOL(vfs_create);
2862
2863int vfs_mkobj(struct dentry *dentry, umode_t mode,
2864 int (*f)(struct dentry *, umode_t, void *),
2865 void *arg)
2866{
2867 struct inode *dir = dentry->d_parent->d_inode;
2868 int error = may_create(dir, dentry);
2869 if (error)
2870 return error;
2871
2872 mode &= S_IALLUGO;
2873 mode |= S_IFREG;
2874 error = security_inode_create(dir, dentry, mode);
2875 if (error)
2876 return error;
2877 error = f(dentry, mode, arg);
2878 if (!error)
2879 fsnotify_create(dir, dentry);
2880 return error;
2881}
2882EXPORT_SYMBOL(vfs_mkobj);
2883
2884bool may_open_dev(const struct path *path)
2885{
2886 return !(path->mnt->mnt_flags & MNT_NODEV) &&
2887 !(path->mnt->mnt_sb->s_iflags & SB_I_NODEV);
2888}
2889
2890static int may_open(const struct path *path, int acc_mode, int flag)
2891{
2892 struct dentry *dentry = path->dentry;
2893 struct inode *inode = dentry->d_inode;
2894 int error;
2895
2896 if (!inode)
2897 return -ENOENT;
2898
2899 switch (inode->i_mode & S_IFMT) {
2900 case S_IFLNK:
2901 return -ELOOP;
2902 case S_IFDIR:
2903 if (acc_mode & MAY_WRITE)
2904 return -EISDIR;
2905 break;
2906 case S_IFBLK:
2907 case S_IFCHR:
2908 if (!may_open_dev(path))
2909 return -EACCES;
2910
2911 case S_IFIFO:
2912 case S_IFSOCK:
2913 flag &= ~O_TRUNC;
2914 break;
2915 }
2916
2917 error = inode_permission(inode, MAY_OPEN | acc_mode);
2918 if (error)
2919 return error;
2920
2921
2922
2923
2924 if (IS_APPEND(inode)) {
2925 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
2926 return -EPERM;
2927 if (flag & O_TRUNC)
2928 return -EPERM;
2929 }
2930
2931
2932 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
2933 return -EPERM;
2934
2935 return 0;
2936}
2937
2938static int handle_truncate(struct file *filp)
2939{
2940 const struct path *path = &filp->f_path;
2941 struct inode *inode = path->dentry->d_inode;
2942 int error = get_write_access(inode);
2943 if (error)
2944 return error;
2945
2946
2947
2948 error = locks_verify_locked(filp);
2949 if (!error)
2950 error = security_path_truncate(path);
2951 if (!error) {
2952 error = do_truncate(path->dentry, 0,
2953 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
2954 filp);
2955 }
2956 put_write_access(inode);
2957 return error;
2958}
2959
2960static inline int open_to_namei_flags(int flag)
2961{
2962 if ((flag & O_ACCMODE) == 3)
2963 flag--;
2964 return flag;
2965}
2966
2967static int may_o_create(const struct path *dir, struct dentry *dentry, umode_t mode)
2968{
2969 struct user_namespace *s_user_ns;
2970 int error = security_path_mknod(dir, dentry, mode, 0);
2971 if (error)
2972 return error;
2973
2974 s_user_ns = dir->dentry->d_sb->s_user_ns;
2975 if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||
2976 !kgid_has_mapping(s_user_ns, current_fsgid()))
2977 return -EOVERFLOW;
2978
2979 error = inode_permission(dir->dentry->d_inode, MAY_WRITE | MAY_EXEC);
2980 if (error)
2981 return error;
2982
2983 return security_inode_create(dir->dentry->d_inode, dentry, mode);
2984}
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999static int atomic_open(struct nameidata *nd, struct dentry *dentry,
3000 struct path *path, struct file *file,
3001 const struct open_flags *op,
3002 int open_flag, umode_t mode)
3003{
3004 struct dentry *const DENTRY_NOT_SET = (void *) -1UL;
3005 struct inode *dir = nd->path.dentry->d_inode;
3006 int error;
3007
3008 if (!(~open_flag & (O_EXCL | O_CREAT)))
3009 open_flag &= ~O_TRUNC;
3010
3011 if (nd->flags & LOOKUP_DIRECTORY)
3012 open_flag |= O_DIRECTORY;
3013
3014 file->f_path.dentry = DENTRY_NOT_SET;
3015 file->f_path.mnt = nd->path.mnt;
3016 error = dir->i_op->atomic_open(dir, dentry, file,
3017 open_to_namei_flags(open_flag), mode);
3018 d_lookup_done(dentry);
3019 if (!error) {
3020 if (file->f_mode & FMODE_OPENED) {
3021
3022
3023
3024
3025 int acc_mode = op->acc_mode;
3026 if (file->f_mode & FMODE_CREATED) {
3027 WARN_ON(!(open_flag & O_CREAT));
3028 fsnotify_create(dir, dentry);
3029 acc_mode = 0;
3030 }
3031 error = may_open(&file->f_path, acc_mode, open_flag);
3032 if (WARN_ON(error > 0))
3033 error = -EINVAL;
3034 } else if (WARN_ON(file->f_path.dentry == DENTRY_NOT_SET)) {
3035 error = -EIO;
3036 } else {
3037 if (file->f_path.dentry) {
3038 dput(dentry);
3039 dentry = file->f_path.dentry;
3040 }
3041 if (file->f_mode & FMODE_CREATED)
3042 fsnotify_create(dir, dentry);
3043 if (unlikely(d_is_negative(dentry))) {
3044 error = -ENOENT;
3045 } else {
3046 path->dentry = dentry;
3047 path->mnt = nd->path.mnt;
3048 return 0;
3049 }
3050 }
3051 }
3052 dput(dentry);
3053 return error;
3054}
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071static int lookup_open(struct nameidata *nd, struct path *path,
3072 struct file *file,
3073 const struct open_flags *op,
3074 bool got_write)
3075{
3076 struct dentry *dir = nd->path.dentry;
3077 struct inode *dir_inode = dir->d_inode;
3078 int open_flag = op->open_flag;
3079 struct dentry *dentry;
3080 int error, create_error = 0;
3081 umode_t mode = op->mode;
3082 DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq);
3083
3084 if (unlikely(IS_DEADDIR(dir_inode)))
3085 return -ENOENT;
3086
3087 file->f_mode &= ~FMODE_CREATED;
3088 dentry = d_lookup(dir, &nd->last);
3089 for (;;) {
3090 if (!dentry) {
3091 dentry = d_alloc_parallel(dir, &nd->last, &wq);
3092 if (IS_ERR(dentry))
3093 return PTR_ERR(dentry);
3094 }
3095 if (d_in_lookup(dentry))
3096 break;
3097
3098 error = d_revalidate(dentry, nd->flags);
3099 if (likely(error > 0))
3100 break;
3101 if (error)
3102 goto out_dput;
3103 d_invalidate(dentry);
3104 dput(dentry);
3105 dentry = NULL;
3106 }
3107 if (dentry->d_inode) {
3108
3109 goto out_no_open;
3110 }
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121 if (open_flag & O_CREAT) {
3122 if (!IS_POSIXACL(dir->d_inode))
3123 mode &= ~current_umask();
3124 if (unlikely(!got_write)) {
3125 create_error = -EROFS;
3126 open_flag &= ~O_CREAT;
3127 if (open_flag & (O_EXCL | O_TRUNC))
3128 goto no_open;
3129
3130 } else {
3131 create_error = may_o_create(&nd->path, dentry, mode);
3132 if (create_error) {
3133 open_flag &= ~O_CREAT;
3134 if (open_flag & O_EXCL)
3135 goto no_open;
3136 }
3137 }
3138 } else if ((open_flag & (O_TRUNC|O_WRONLY|O_RDWR)) &&
3139 unlikely(!got_write)) {
3140
3141
3142
3143
3144 goto no_open;
3145 }
3146
3147 if (dir_inode->i_op->atomic_open) {
3148 error = atomic_open(nd, dentry, path, file, op, open_flag,
3149 mode);
3150 if (unlikely(error == -ENOENT) && create_error)
3151 error = create_error;
3152 return error;
3153 }
3154
3155no_open:
3156 if (d_in_lookup(dentry)) {
3157 struct dentry *res = dir_inode->i_op->lookup(dir_inode, dentry,
3158 nd->flags);
3159 d_lookup_done(dentry);
3160 if (unlikely(res)) {
3161 if (IS_ERR(res)) {
3162 error = PTR_ERR(res);
3163 goto out_dput;
3164 }
3165 dput(dentry);
3166 dentry = res;
3167 }
3168 }
3169
3170
3171 if (!dentry->d_inode && (open_flag & O_CREAT)) {
3172 file->f_mode |= FMODE_CREATED;
3173 audit_inode_child(dir_inode, dentry, AUDIT_TYPE_CHILD_CREATE);
3174 if (!dir_inode->i_op->create) {
3175 error = -EACCES;
3176 goto out_dput;
3177 }
3178 error = dir_inode->i_op->create(dir_inode, dentry, mode,
3179 open_flag & O_EXCL);
3180 if (error)
3181 goto out_dput;
3182 fsnotify_create(dir_inode, dentry);
3183 }
3184 if (unlikely(create_error) && !dentry->d_inode) {
3185 error = create_error;
3186 goto out_dput;
3187 }
3188out_no_open:
3189 path->dentry = dentry;
3190 path->mnt = nd->path.mnt;
3191 return 0;
3192
3193out_dput:
3194 dput(dentry);
3195 return error;
3196}
3197
3198
3199
3200
3201static int do_last(struct nameidata *nd,
3202 struct file *file, const struct open_flags *op)
3203{
3204 struct dentry *dir = nd->path.dentry;
3205 kuid_t dir_uid = dir->d_inode->i_uid;
3206 umode_t dir_mode = dir->d_inode->i_mode;
3207 int open_flag = op->open_flag;
3208 bool will_truncate = (open_flag & O_TRUNC) != 0;
3209 bool got_write = false;
3210 int acc_mode = op->acc_mode;
3211 unsigned seq;
3212 struct inode *inode;
3213 struct path path;
3214 int error;
3215
3216 nd->flags &= ~LOOKUP_PARENT;
3217 nd->flags |= op->intent;
3218
3219 if (nd->last_type != LAST_NORM) {
3220 error = handle_dots(nd, nd->last_type);
3221 if (unlikely(error))
3222 return error;
3223 goto finish_open;
3224 }
3225
3226 if (!(open_flag & O_CREAT)) {
3227 if (nd->last.name[nd->last.len])
3228 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
3229
3230 error = lookup_fast(nd, &path, &inode, &seq);
3231 if (likely(error > 0))
3232 goto finish_lookup;
3233
3234 if (error < 0)
3235 return error;
3236
3237 BUG_ON(nd->inode != dir->d_inode);
3238 BUG_ON(nd->flags & LOOKUP_RCU);
3239 } else {
3240
3241
3242
3243
3244
3245
3246 error = complete_walk(nd);
3247 if (error)
3248 return error;
3249
3250 audit_inode(nd->name, dir, AUDIT_INODE_PARENT);
3251
3252 if (unlikely(nd->last.name[nd->last.len]))
3253 return -EISDIR;
3254 }
3255
3256 if (open_flag & (O_CREAT | O_TRUNC | O_WRONLY | O_RDWR)) {
3257 error = mnt_want_write(nd->path.mnt);
3258 if (!error)
3259 got_write = true;
3260
3261
3262
3263
3264
3265 }
3266 if (open_flag & O_CREAT)
3267 inode_lock(dir->d_inode);
3268 else
3269 inode_lock_shared(dir->d_inode);
3270 error = lookup_open(nd, &path, file, op, got_write);
3271 if (open_flag & O_CREAT)
3272 inode_unlock(dir->d_inode);
3273 else
3274 inode_unlock_shared(dir->d_inode);
3275
3276 if (error)
3277 goto out;
3278
3279 if (file->f_mode & FMODE_OPENED) {
3280 if ((file->f_mode & FMODE_CREATED) ||
3281 !S_ISREG(file_inode(file)->i_mode))
3282 will_truncate = false;
3283
3284 audit_inode(nd->name, file->f_path.dentry, 0);
3285 goto opened;
3286 }
3287
3288 if (file->f_mode & FMODE_CREATED) {
3289
3290 open_flag &= ~O_TRUNC;
3291 will_truncate = false;
3292 acc_mode = 0;
3293 path_to_nameidata(&path, nd);
3294 goto finish_open_created;
3295 }
3296
3297
3298
3299
3300
3301
3302 if (got_write) {
3303 mnt_drop_write(nd->path.mnt);
3304 got_write = false;
3305 }
3306
3307 error = follow_managed(&path, nd);
3308 if (unlikely(error < 0))
3309 return error;
3310
3311
3312
3313
3314 audit_inode(nd->name, path.dentry, 0);
3315
3316 if (unlikely((open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT))) {
3317 path_to_nameidata(&path, nd);
3318 return -EEXIST;
3319 }
3320
3321 seq = 0;
3322 inode = d_backing_inode(path.dentry);
3323finish_lookup:
3324 error = step_into(nd, &path, 0, inode, seq);
3325 if (unlikely(error))
3326 return error;
3327finish_open:
3328
3329 error = complete_walk(nd);
3330 if (error)
3331 return error;
3332 audit_inode(nd->name, nd->path.dentry, 0);
3333 if (open_flag & O_CREAT) {
3334 error = -EISDIR;
3335 if (d_is_dir(nd->path.dentry))
3336 goto out;
3337 error = may_create_in_sticky(dir_mode, dir_uid,
3338 d_backing_inode(nd->path.dentry));
3339 if (unlikely(error))
3340 goto out;
3341 }
3342 error = -ENOTDIR;
3343 if ((nd->flags & LOOKUP_DIRECTORY) && !d_can_lookup(nd->path.dentry))
3344 goto out;
3345 if (!d_is_reg(nd->path.dentry))
3346 will_truncate = false;
3347
3348 if (will_truncate) {
3349 error = mnt_want_write(nd->path.mnt);
3350 if (error)
3351 goto out;
3352 got_write = true;
3353 }
3354finish_open_created:
3355 error = may_open(&nd->path, acc_mode, open_flag);
3356 if (error)
3357 goto out;
3358 BUG_ON(file->f_mode & FMODE_OPENED);
3359 error = vfs_open(&nd->path, file);
3360 if (error)
3361 goto out;
3362opened:
3363 error = ima_file_check(file, op->acc_mode);
3364 if (!error && will_truncate)
3365 error = handle_truncate(file);
3366out:
3367 if (unlikely(error > 0)) {
3368 WARN_ON(1);
3369 error = -EINVAL;
3370 }
3371 if (got_write)
3372 mnt_drop_write(nd->path.mnt);
3373 return error;
3374}
3375
3376struct dentry *vfs_tmpfile(struct dentry *dentry, umode_t mode, int open_flag)
3377{
3378 struct dentry *child = NULL;
3379 struct inode *dir = dentry->d_inode;
3380 struct inode *inode;
3381 int error;
3382
3383
3384 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
3385 if (error)
3386 goto out_err;
3387 error = -EOPNOTSUPP;
3388 if (!dir->i_op->tmpfile)
3389 goto out_err;
3390 error = -ENOMEM;
3391 child = d_alloc(dentry, &slash_name);
3392 if (unlikely(!child))
3393 goto out_err;
3394 error = dir->i_op->tmpfile(dir, child, mode);
3395 if (error)
3396 goto out_err;
3397 error = -ENOENT;
3398 inode = child->d_inode;
3399 if (unlikely(!inode))
3400 goto out_err;
3401 if (!(open_flag & O_EXCL)) {
3402 spin_lock(&inode->i_lock);
3403 inode->i_state |= I_LINKABLE;
3404 spin_unlock(&inode->i_lock);
3405 }
3406 ima_post_create_tmpfile(inode);
3407 return child;
3408
3409out_err:
3410 dput(child);
3411 return ERR_PTR(error);
3412}
3413EXPORT_SYMBOL(vfs_tmpfile);
3414
3415static int do_tmpfile(struct nameidata *nd, unsigned flags,
3416 const struct open_flags *op,
3417 struct file *file)
3418{
3419 struct dentry *child;
3420 struct path path;
3421 int error = path_lookupat(nd, flags | LOOKUP_DIRECTORY, &path);
3422 if (unlikely(error))
3423 return error;
3424 error = mnt_want_write(path.mnt);
3425 if (unlikely(error))
3426 goto out;
3427 child = vfs_tmpfile(path.dentry, op->mode, op->open_flag);
3428 error = PTR_ERR(child);
3429 if (IS_ERR(child))
3430 goto out2;
3431 dput(path.dentry);
3432 path.dentry = child;
3433 audit_inode(nd->name, child, 0);
3434
3435 error = may_open(&path, 0, op->open_flag);
3436 if (error)
3437 goto out2;
3438 file->f_path.mnt = path.mnt;
3439 error = finish_open(file, child, NULL);
3440out2:
3441 mnt_drop_write(path.mnt);
3442out:
3443 path_put(&path);
3444 return error;
3445}
3446
3447static int do_o_path(struct nameidata *nd, unsigned flags, struct file *file)
3448{
3449 struct path path;
3450 int error = path_lookupat(nd, flags, &path);
3451 if (!error) {
3452 audit_inode(nd->name, path.dentry, 0);
3453 error = vfs_open(&path, file);
3454 path_put(&path);
3455 }
3456 return error;
3457}
3458
3459static struct file *path_openat(struct nameidata *nd,
3460 const struct open_flags *op, unsigned flags)
3461{
3462 struct file *file;
3463 int error;
3464
3465 file = alloc_empty_file(op->open_flag, current_cred());
3466 if (IS_ERR(file))
3467 return file;
3468
3469 if (unlikely(file->f_flags & __O_TMPFILE)) {
3470 error = do_tmpfile(nd, flags, op, file);
3471 } else if (unlikely(file->f_flags & O_PATH)) {
3472 error = do_o_path(nd, flags, file);
3473 } else {
3474 const char *s = path_init(nd, flags);
3475 while (!(error = link_path_walk(s, nd)) &&
3476 (error = do_last(nd, file, op)) > 0) {
3477 nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL);
3478 s = trailing_symlink(nd);
3479 }
3480 terminate_walk(nd);
3481 }
3482 if (likely(!error)) {
3483 if (likely(file->f_mode & FMODE_OPENED))
3484 return file;
3485 WARN_ON(1);
3486 error = -EINVAL;
3487 }
3488 fput(file);
3489 if (error == -EOPENSTALE) {
3490 if (flags & LOOKUP_RCU)
3491 error = -ECHILD;
3492 else
3493 error = -ESTALE;
3494 }
3495 return ERR_PTR(error);
3496}
3497
3498struct file *do_filp_open(int dfd, struct filename *pathname,
3499 const struct open_flags *op)
3500{
3501 struct nameidata nd;
3502 int flags = op->lookup_flags;
3503 struct file *filp;
3504
3505 set_nameidata(&nd, dfd, pathname);
3506 filp = path_openat(&nd, op, flags | LOOKUP_RCU);
3507 if (unlikely(filp == ERR_PTR(-ECHILD)))
3508 filp = path_openat(&nd, op, flags);
3509 if (unlikely(filp == ERR_PTR(-ESTALE)))
3510 filp = path_openat(&nd, op, flags | LOOKUP_REVAL);
3511 restore_nameidata();
3512 return filp;
3513}
3514
3515struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt,
3516 const char *name, const struct open_flags *op)
3517{
3518 struct nameidata nd;
3519 struct file *file;
3520 struct filename *filename;
3521 int flags = op->lookup_flags | LOOKUP_ROOT;
3522
3523 nd.root.mnt = mnt;
3524 nd.root.dentry = dentry;
3525
3526 if (d_is_symlink(dentry) && op->intent & LOOKUP_OPEN)
3527 return ERR_PTR(-ELOOP);
3528
3529 filename = getname_kernel(name);
3530 if (IS_ERR(filename))
3531 return ERR_CAST(filename);
3532
3533 set_nameidata(&nd, -1, filename);
3534 file = path_openat(&nd, op, flags | LOOKUP_RCU);
3535 if (unlikely(file == ERR_PTR(-ECHILD)))
3536 file = path_openat(&nd, op, flags);
3537 if (unlikely(file == ERR_PTR(-ESTALE)))
3538 file = path_openat(&nd, op, flags | LOOKUP_REVAL);
3539 restore_nameidata();
3540 putname(filename);
3541 return file;
3542}
3543
3544static struct dentry *filename_create(int dfd, struct filename *name,
3545 struct path *path, unsigned int lookup_flags)
3546{
3547 struct dentry *dentry = ERR_PTR(-EEXIST);
3548 struct qstr last;
3549 int type;
3550 int err2;
3551 int error;
3552 bool is_dir = (lookup_flags & LOOKUP_DIRECTORY);
3553
3554
3555
3556
3557
3558 lookup_flags &= LOOKUP_REVAL;
3559
3560 name = filename_parentat(dfd, name, lookup_flags, path, &last, &type);
3561 if (IS_ERR(name))
3562 return ERR_CAST(name);
3563
3564
3565
3566
3567
3568 if (unlikely(type != LAST_NORM))
3569 goto out;
3570
3571
3572 err2 = mnt_want_write(path->mnt);
3573
3574
3575
3576 lookup_flags |= LOOKUP_CREATE | LOOKUP_EXCL;
3577 inode_lock_nested(path->dentry->d_inode, I_MUTEX_PARENT);
3578 dentry = __lookup_hash(&last, path->dentry, lookup_flags);
3579 if (IS_ERR(dentry))
3580 goto unlock;
3581
3582 error = -EEXIST;
3583 if (d_is_positive(dentry))
3584 goto fail;
3585
3586
3587
3588
3589
3590
3591
3592 if (unlikely(!is_dir && last.name[last.len])) {
3593 error = -ENOENT;
3594 goto fail;
3595 }
3596 if (unlikely(err2)) {
3597 error = err2;
3598 goto fail;
3599 }
3600 putname(name);
3601 return dentry;
3602fail:
3603 dput(dentry);
3604 dentry = ERR_PTR(error);
3605unlock:
3606 inode_unlock(path->dentry->d_inode);
3607 if (!err2)
3608 mnt_drop_write(path->mnt);
3609out:
3610 path_put(path);
3611 putname(name);
3612 return dentry;
3613}
3614
3615struct dentry *kern_path_create(int dfd, const char *pathname,
3616 struct path *path, unsigned int lookup_flags)
3617{
3618 return filename_create(dfd, getname_kernel(pathname),
3619 path, lookup_flags);
3620}
3621EXPORT_SYMBOL(kern_path_create);
3622
3623void done_path_create(struct path *path, struct dentry *dentry)
3624{
3625 dput(dentry);
3626 inode_unlock(path->dentry->d_inode);
3627 mnt_drop_write(path->mnt);
3628 path_put(path);
3629}
3630EXPORT_SYMBOL(done_path_create);
3631
3632inline struct dentry *user_path_create(int dfd, const char __user *pathname,
3633 struct path *path, unsigned int lookup_flags)
3634{
3635 return filename_create(dfd, getname(pathname), path, lookup_flags);
3636}
3637EXPORT_SYMBOL(user_path_create);
3638
3639int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
3640{
3641 int error = may_create(dir, dentry);
3642
3643 if (error)
3644 return error;
3645
3646 if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
3647 return -EPERM;
3648
3649 if (!dir->i_op->mknod)
3650 return -EPERM;
3651
3652 error = devcgroup_inode_mknod(mode, dev);
3653 if (error)
3654 return error;
3655
3656 error = security_inode_mknod(dir, dentry, mode, dev);
3657 if (error)
3658 return error;
3659
3660 error = dir->i_op->mknod(dir, dentry, mode, dev);
3661 if (!error)
3662 fsnotify_create(dir, dentry);
3663 return error;
3664}
3665EXPORT_SYMBOL(vfs_mknod);
3666
3667static int may_mknod(umode_t mode)
3668{
3669 switch (mode & S_IFMT) {
3670 case S_IFREG:
3671 case S_IFCHR:
3672 case S_IFBLK:
3673 case S_IFIFO:
3674 case S_IFSOCK:
3675 case 0:
3676 return 0;
3677 case S_IFDIR:
3678 return -EPERM;
3679 default:
3680 return -EINVAL;
3681 }
3682}
3683
3684long do_mknodat(int dfd, const char __user *filename, umode_t mode,
3685 unsigned int dev)
3686{
3687 struct dentry *dentry;
3688 struct path path;
3689 int error;
3690 unsigned int lookup_flags = 0;
3691
3692 error = may_mknod(mode);
3693 if (error)
3694 return error;
3695retry:
3696 dentry = user_path_create(dfd, filename, &path, lookup_flags);
3697 if (IS_ERR(dentry))
3698 return PTR_ERR(dentry);
3699
3700 if (!IS_POSIXACL(path.dentry->d_inode))
3701 mode &= ~current_umask();
3702 error = security_path_mknod(&path, dentry, mode, dev);
3703 if (error)
3704 goto out;
3705 switch (mode & S_IFMT) {
3706 case 0: case S_IFREG:
3707 error = vfs_create(path.dentry->d_inode,dentry,mode,true);
3708 if (!error)
3709 ima_post_path_mknod(dentry);
3710 break;
3711 case S_IFCHR: case S_IFBLK:
3712 error = vfs_mknod(path.dentry->d_inode,dentry,mode,
3713 new_decode_dev(dev));
3714 break;
3715 case S_IFIFO: case S_IFSOCK:
3716 error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
3717 break;
3718 }
3719out:
3720 done_path_create(&path, dentry);
3721 if (retry_estale(error, lookup_flags)) {
3722 lookup_flags |= LOOKUP_REVAL;
3723 goto retry;
3724 }
3725 return error;
3726}
3727
3728SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
3729 unsigned int, dev)
3730{
3731 return do_mknodat(dfd, filename, mode, dev);
3732}
3733
3734SYSCALL_DEFINE3(mknod, const char __user *, filename, umode_t, mode, unsigned, dev)
3735{
3736 return do_mknodat(AT_FDCWD, filename, mode, dev);
3737}
3738
3739int vfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
3740{
3741 int error = may_create(dir, dentry);
3742 unsigned max_links = dir->i_sb->s_max_links;
3743
3744 if (error)
3745 return error;
3746
3747 if (!dir->i_op->mkdir)
3748 return -EPERM;
3749
3750 mode &= (S_IRWXUGO|S_ISVTX);
3751 error = security_inode_mkdir(dir, dentry, mode);
3752 if (error)
3753 return error;
3754
3755 if (max_links && dir->i_nlink >= max_links)
3756 return -EMLINK;
3757
3758 error = dir->i_op->mkdir(dir, dentry, mode);
3759 if (!error)
3760 fsnotify_mkdir(dir, dentry);
3761 return error;
3762}
3763EXPORT_SYMBOL(vfs_mkdir);
3764
3765long do_mkdirat(int dfd, const char __user *pathname, umode_t mode)
3766{
3767 struct dentry *dentry;
3768 struct path path;
3769 int error;
3770 unsigned int lookup_flags = LOOKUP_DIRECTORY;
3771
3772retry:
3773 dentry = user_path_create(dfd, pathname, &path, lookup_flags);
3774 if (IS_ERR(dentry))
3775 return PTR_ERR(dentry);
3776
3777 if (!IS_POSIXACL(path.dentry->d_inode))
3778 mode &= ~current_umask();
3779 error = security_path_mkdir(&path, dentry, mode);
3780 if (!error)
3781 error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
3782 done_path_create(&path, dentry);
3783 if (retry_estale(error, lookup_flags)) {
3784 lookup_flags |= LOOKUP_REVAL;
3785 goto retry;
3786 }
3787 return error;
3788}
3789
3790SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode)
3791{
3792 return do_mkdirat(dfd, pathname, mode);
3793}
3794
3795SYSCALL_DEFINE2(mkdir, const char __user *, pathname, umode_t, mode)
3796{
3797 return do_mkdirat(AT_FDCWD, pathname, mode);
3798}
3799
3800int vfs_rmdir(struct inode *dir, struct dentry *dentry)
3801{
3802 int error = may_delete(dir, dentry, 1);
3803
3804 if (error)
3805 return error;
3806
3807 if (!dir->i_op->rmdir)
3808 return -EPERM;
3809
3810 dget(dentry);
3811 inode_lock(dentry->d_inode);
3812
3813 error = -EBUSY;
3814 if (is_local_mountpoint(dentry))
3815 goto out;
3816
3817 error = security_inode_rmdir(dir, dentry);
3818 if (error)
3819 goto out;
3820
3821 error = dir->i_op->rmdir(dir, dentry);
3822 if (error)
3823 goto out;
3824
3825 shrink_dcache_parent(dentry);
3826 dentry->d_inode->i_flags |= S_DEAD;
3827 dont_mount(dentry);
3828 detach_mounts(dentry);
3829 fsnotify_rmdir(dir, dentry);
3830
3831out:
3832 inode_unlock(dentry->d_inode);
3833 dput(dentry);
3834 if (!error)
3835 d_delete(dentry);
3836 return error;
3837}
3838EXPORT_SYMBOL(vfs_rmdir);
3839
3840long do_rmdir(int dfd, const char __user *pathname)
3841{
3842 int error = 0;
3843 struct filename *name;
3844 struct dentry *dentry;
3845 struct path path;
3846 struct qstr last;
3847 int type;
3848 unsigned int lookup_flags = 0;
3849retry:
3850 name = filename_parentat(dfd, getname(pathname), lookup_flags,
3851 &path, &last, &type);
3852 if (IS_ERR(name))
3853 return PTR_ERR(name);
3854
3855 switch (type) {
3856 case LAST_DOTDOT:
3857 error = -ENOTEMPTY;
3858 goto exit1;
3859 case LAST_DOT:
3860 error = -EINVAL;
3861 goto exit1;
3862 case LAST_ROOT:
3863 error = -EBUSY;
3864 goto exit1;
3865 }
3866
3867 error = mnt_want_write(path.mnt);
3868 if (error)
3869 goto exit1;
3870
3871 inode_lock_nested(path.dentry->d_inode, I_MUTEX_PARENT);
3872 dentry = __lookup_hash(&last, path.dentry, lookup_flags);
3873 error = PTR_ERR(dentry);
3874 if (IS_ERR(dentry))
3875 goto exit2;
3876 if (!dentry->d_inode) {
3877 error = -ENOENT;
3878 goto exit3;
3879 }
3880 error = security_path_rmdir(&path, dentry);
3881 if (error)
3882 goto exit3;
3883 error = vfs_rmdir(path.dentry->d_inode, dentry);
3884exit3:
3885 dput(dentry);
3886exit2:
3887 inode_unlock(path.dentry->d_inode);
3888 mnt_drop_write(path.mnt);
3889exit1:
3890 path_put(&path);
3891 putname(name);
3892 if (retry_estale(error, lookup_flags)) {
3893 lookup_flags |= LOOKUP_REVAL;
3894 goto retry;
3895 }
3896 return error;
3897}
3898
3899SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
3900{
3901 return do_rmdir(AT_FDCWD, pathname);
3902}
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922int vfs_unlink(struct inode *dir, struct dentry *dentry, struct inode **delegated_inode)
3923{
3924 struct inode *target = dentry->d_inode;
3925 int error = may_delete(dir, dentry, 0);
3926
3927 if (error)
3928 return error;
3929
3930 if (!dir->i_op->unlink)
3931 return -EPERM;
3932
3933 inode_lock(target);
3934 if (is_local_mountpoint(dentry))
3935 error = -EBUSY;
3936 else {
3937 error = security_inode_unlink(dir, dentry);
3938 if (!error) {
3939 error = try_break_deleg(target, delegated_inode);
3940 if (error)
3941 goto out;
3942 error = dir->i_op->unlink(dir, dentry);
3943 if (!error) {
3944 dont_mount(dentry);
3945 detach_mounts(dentry);
3946 fsnotify_unlink(dir, dentry);
3947 }
3948 }
3949 }
3950out:
3951 inode_unlock(target);
3952
3953
3954 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
3955 fsnotify_link_count(target);
3956 d_delete(dentry);
3957 }
3958
3959 return error;
3960}
3961EXPORT_SYMBOL(vfs_unlink);
3962
3963
3964
3965
3966
3967
3968
3969long do_unlinkat(int dfd, struct filename *name)
3970{
3971 int error;
3972 struct dentry *dentry;
3973 struct path path;
3974 struct qstr last;
3975 int type;
3976 struct inode *inode = NULL;
3977 struct inode *delegated_inode = NULL;
3978 unsigned int lookup_flags = 0;
3979retry:
3980 name = filename_parentat(dfd, name, lookup_flags, &path, &last, &type);
3981 if (IS_ERR(name))
3982 return PTR_ERR(name);
3983
3984 error = -EISDIR;
3985 if (type != LAST_NORM)
3986 goto exit1;
3987
3988 error = mnt_want_write(path.mnt);
3989 if (error)
3990 goto exit1;
3991retry_deleg:
3992 inode_lock_nested(path.dentry->d_inode, I_MUTEX_PARENT);
3993 dentry = __lookup_hash(&last, path.dentry, lookup_flags);
3994 error = PTR_ERR(dentry);
3995 if (!IS_ERR(dentry)) {
3996
3997 if (last.name[last.len])
3998 goto slashes;
3999 inode = dentry->d_inode;
4000 if (d_is_negative(dentry))
4001 goto slashes;
4002 ihold(inode);
4003 error = security_path_unlink(&path, dentry);
4004 if (error)
4005 goto exit2;
4006 error = vfs_unlink(path.dentry->d_inode, dentry, &delegated_inode);
4007exit2:
4008 dput(dentry);
4009 }
4010 inode_unlock(path.dentry->d_inode);
4011 if (inode)
4012 iput(inode);
4013 inode = NULL;
4014 if (delegated_inode) {
4015 error = break_deleg_wait(&delegated_inode);
4016 if (!error)
4017 goto retry_deleg;
4018 }
4019 mnt_drop_write(path.mnt);
4020exit1:
4021 path_put(&path);
4022 if (retry_estale(error, lookup_flags)) {
4023 lookup_flags |= LOOKUP_REVAL;
4024 inode = NULL;
4025 goto retry;
4026 }
4027 putname(name);
4028 return error;
4029
4030slashes:
4031 if (d_is_negative(dentry))
4032 error = -ENOENT;
4033 else if (d_is_dir(dentry))
4034 error = -EISDIR;
4035 else
4036 error = -ENOTDIR;
4037 goto exit2;
4038}
4039
4040SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
4041{
4042 if ((flag & ~AT_REMOVEDIR) != 0)
4043 return -EINVAL;
4044
4045 if (flag & AT_REMOVEDIR)
4046 return do_rmdir(dfd, pathname);
4047
4048 return do_unlinkat(dfd, getname(pathname));
4049}
4050
4051SYSCALL_DEFINE1(unlink, const char __user *, pathname)
4052{
4053 return do_unlinkat(AT_FDCWD, getname(pathname));
4054}
4055
4056int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
4057{
4058 int error = may_create(dir, dentry);
4059
4060 if (error)
4061 return error;
4062
4063 if (!dir->i_op->symlink)
4064 return -EPERM;
4065
4066 error = security_inode_symlink(dir, dentry, oldname);
4067 if (error)
4068 return error;
4069
4070 error = dir->i_op->symlink(dir, dentry, oldname);
4071 if (!error)
4072 fsnotify_create(dir, dentry);
4073 return error;
4074}
4075EXPORT_SYMBOL(vfs_symlink);
4076
4077long do_symlinkat(const char __user *oldname, int newdfd,
4078 const char __user *newname)
4079{
4080 int error;
4081 struct filename *from;
4082 struct dentry *dentry;
4083 struct path path;
4084 unsigned int lookup_flags = 0;
4085
4086 from = getname(oldname);
4087 if (IS_ERR(from))
4088 return PTR_ERR(from);
4089retry:
4090 dentry = user_path_create(newdfd, newname, &path, lookup_flags);
4091 error = PTR_ERR(dentry);
4092 if (IS_ERR(dentry))
4093 goto out_putname;
4094
4095 error = security_path_symlink(&path, dentry, from->name);
4096 if (!error)
4097 error = vfs_symlink(path.dentry->d_inode, dentry, from->name);
4098 done_path_create(&path, dentry);
4099 if (retry_estale(error, lookup_flags)) {
4100 lookup_flags |= LOOKUP_REVAL;
4101 goto retry;
4102 }
4103out_putname:
4104 putname(from);
4105 return error;
4106}
4107
4108SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
4109 int, newdfd, const char __user *, newname)
4110{
4111 return do_symlinkat(oldname, newdfd, newname);
4112}
4113
4114SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
4115{
4116 return do_symlinkat(oldname, AT_FDCWD, newname);
4117}
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry, struct inode **delegated_inode)
4139{
4140 struct inode *inode = old_dentry->d_inode;
4141 unsigned max_links = dir->i_sb->s_max_links;
4142 int error;
4143
4144 if (!inode)
4145 return -ENOENT;
4146
4147 error = may_create(dir, new_dentry);
4148 if (error)
4149 return error;
4150
4151 if (dir->i_sb != inode->i_sb)
4152 return -EXDEV;
4153
4154
4155
4156
4157 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
4158 return -EPERM;
4159
4160
4161
4162
4163
4164 if (HAS_UNMAPPED_ID(inode))
4165 return -EPERM;
4166 if (!dir->i_op->link)
4167 return -EPERM;
4168 if (S_ISDIR(inode->i_mode))
4169 return -EPERM;
4170
4171 error = security_inode_link(old_dentry, dir, new_dentry);
4172 if (error)
4173 return error;
4174
4175 inode_lock(inode);
4176
4177 if (inode->i_nlink == 0 && !(inode->i_state & I_LINKABLE))
4178 error = -ENOENT;
4179 else if (max_links && inode->i_nlink >= max_links)
4180 error = -EMLINK;
4181 else {
4182 error = try_break_deleg(inode, delegated_inode);
4183 if (!error)
4184 error = dir->i_op->link(old_dentry, dir, new_dentry);
4185 }
4186
4187 if (!error && (inode->i_state & I_LINKABLE)) {
4188 spin_lock(&inode->i_lock);
4189 inode->i_state &= ~I_LINKABLE;
4190 spin_unlock(&inode->i_lock);
4191 }
4192 inode_unlock(inode);
4193 if (!error)
4194 fsnotify_link(dir, inode, new_dentry);
4195 return error;
4196}
4197EXPORT_SYMBOL(vfs_link);
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208int do_linkat(int olddfd, const char __user *oldname, int newdfd,
4209 const char __user *newname, int flags)
4210{
4211 struct dentry *new_dentry;
4212 struct path old_path, new_path;
4213 struct inode *delegated_inode = NULL;
4214 int how = 0;
4215 int error;
4216
4217 if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
4218 return -EINVAL;
4219
4220
4221
4222
4223
4224 if (flags & AT_EMPTY_PATH) {
4225 if (!capable(CAP_DAC_READ_SEARCH))
4226 return -ENOENT;
4227 how = LOOKUP_EMPTY;
4228 }
4229
4230 if (flags & AT_SYMLINK_FOLLOW)
4231 how |= LOOKUP_FOLLOW;
4232retry:
4233 error = user_path_at(olddfd, oldname, how, &old_path);
4234 if (error)
4235 return error;
4236
4237 new_dentry = user_path_create(newdfd, newname, &new_path,
4238 (how & LOOKUP_REVAL));
4239 error = PTR_ERR(new_dentry);
4240 if (IS_ERR(new_dentry))
4241 goto out;
4242
4243 error = -EXDEV;
4244 if (old_path.mnt != new_path.mnt)
4245 goto out_dput;
4246 error = may_linkat(&old_path);
4247 if (unlikely(error))
4248 goto out_dput;
4249 error = security_path_link(old_path.dentry, &new_path, new_dentry);
4250 if (error)
4251 goto out_dput;
4252 error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry, &delegated_inode);
4253out_dput:
4254 done_path_create(&new_path, new_dentry);
4255 if (delegated_inode) {
4256 error = break_deleg_wait(&delegated_inode);
4257 if (!error) {
4258 path_put(&old_path);
4259 goto retry;
4260 }
4261 }
4262 if (retry_estale(error, how)) {
4263 path_put(&old_path);
4264 how |= LOOKUP_REVAL;
4265 goto retry;
4266 }
4267out:
4268 path_put(&old_path);
4269
4270 return error;
4271}
4272
4273SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
4274 int, newdfd, const char __user *, newname, int, flags)
4275{
4276 return do_linkat(olddfd, oldname, newdfd, newname, flags);
4277}
4278
4279SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
4280{
4281 return do_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
4282}
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
4335 struct inode *new_dir, struct dentry *new_dentry,
4336 struct inode **delegated_inode, unsigned int flags)
4337{
4338 int error;
4339 bool is_dir = d_is_dir(old_dentry);
4340 struct inode *source = old_dentry->d_inode;
4341 struct inode *target = new_dentry->d_inode;
4342 bool new_is_dir = false;
4343 unsigned max_links = new_dir->i_sb->s_max_links;
4344 struct name_snapshot old_name;
4345
4346 if (source == target)
4347 return 0;
4348
4349 error = may_delete(old_dir, old_dentry, is_dir);
4350 if (error)
4351 return error;
4352
4353 if (!target) {
4354 error = may_create(new_dir, new_dentry);
4355 } else {
4356 new_is_dir = d_is_dir(new_dentry);
4357
4358 if (!(flags & RENAME_EXCHANGE))
4359 error = may_delete(new_dir, new_dentry, is_dir);
4360 else
4361 error = may_delete(new_dir, new_dentry, new_is_dir);
4362 }
4363 if (error)
4364 return error;
4365
4366 if (!old_dir->i_op->rename)
4367 return -EPERM;
4368
4369
4370
4371
4372
4373 if (new_dir != old_dir) {
4374 if (is_dir) {
4375 error = inode_permission(source, MAY_WRITE);
4376 if (error)
4377 return error;
4378 }
4379 if ((flags & RENAME_EXCHANGE) && new_is_dir) {
4380 error = inode_permission(target, MAY_WRITE);
4381 if (error)
4382 return error;
4383 }
4384 }
4385
4386 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry,
4387 flags);
4388 if (error)
4389 return error;
4390
4391 take_dentry_name_snapshot(&old_name, old_dentry);
4392 dget(new_dentry);
4393 if (!is_dir || (flags & RENAME_EXCHANGE))
4394 lock_two_nondirectories(source, target);
4395 else if (target)
4396 inode_lock(target);
4397
4398 error = -EBUSY;
4399 if (is_local_mountpoint(old_dentry) || is_local_mountpoint(new_dentry))
4400 goto out;
4401
4402 if (max_links && new_dir != old_dir) {
4403 error = -EMLINK;
4404 if (is_dir && !new_is_dir && new_dir->i_nlink >= max_links)
4405 goto out;
4406 if ((flags & RENAME_EXCHANGE) && !is_dir && new_is_dir &&
4407 old_dir->i_nlink >= max_links)
4408 goto out;
4409 }
4410 if (!is_dir) {
4411 error = try_break_deleg(source, delegated_inode);
4412 if (error)
4413 goto out;
4414 }
4415 if (target && !new_is_dir) {
4416 error = try_break_deleg(target, delegated_inode);
4417 if (error)
4418 goto out;
4419 }
4420 error = old_dir->i_op->rename(old_dir, old_dentry,
4421 new_dir, new_dentry, flags);
4422 if (error)
4423 goto out;
4424
4425 if (!(flags & RENAME_EXCHANGE) && target) {
4426 if (is_dir) {
4427 shrink_dcache_parent(new_dentry);
4428 target->i_flags |= S_DEAD;
4429 }
4430 dont_mount(new_dentry);
4431 detach_mounts(new_dentry);
4432 }
4433 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) {
4434 if (!(flags & RENAME_EXCHANGE))
4435 d_move(old_dentry, new_dentry);
4436 else
4437 d_exchange(old_dentry, new_dentry);
4438 }
4439out:
4440 if (!is_dir || (flags & RENAME_EXCHANGE))
4441 unlock_two_nondirectories(source, target);
4442 else if (target)
4443 inode_unlock(target);
4444 dput(new_dentry);
4445 if (!error) {
4446 fsnotify_move(old_dir, new_dir, &old_name.name, is_dir,
4447 !(flags & RENAME_EXCHANGE) ? target : NULL, old_dentry);
4448 if (flags & RENAME_EXCHANGE) {
4449 fsnotify_move(new_dir, old_dir, &old_dentry->d_name,
4450 new_is_dir, NULL, new_dentry);
4451 }
4452 }
4453 release_dentry_name_snapshot(&old_name);
4454
4455 return error;
4456}
4457EXPORT_SYMBOL(vfs_rename);
4458
4459static int do_renameat2(int olddfd, const char __user *oldname, int newdfd,
4460 const char __user *newname, unsigned int flags)
4461{
4462 struct dentry *old_dentry, *new_dentry;
4463 struct dentry *trap;
4464 struct path old_path, new_path;
4465 struct qstr old_last, new_last;
4466 int old_type, new_type;
4467 struct inode *delegated_inode = NULL;
4468 struct filename *from;
4469 struct filename *to;
4470 unsigned int lookup_flags = 0, target_flags = LOOKUP_RENAME_TARGET;
4471 bool should_retry = false;
4472 int error;
4473
4474 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
4475 return -EINVAL;
4476
4477 if ((flags & (RENAME_NOREPLACE | RENAME_WHITEOUT)) &&
4478 (flags & RENAME_EXCHANGE))
4479 return -EINVAL;
4480
4481 if ((flags & RENAME_WHITEOUT) && !capable(CAP_MKNOD))
4482 return -EPERM;
4483
4484 if (flags & RENAME_EXCHANGE)
4485 target_flags = 0;
4486
4487retry:
4488 from = filename_parentat(olddfd, getname(oldname), lookup_flags,
4489 &old_path, &old_last, &old_type);
4490 if (IS_ERR(from)) {
4491 error = PTR_ERR(from);
4492 goto exit;
4493 }
4494
4495 to = filename_parentat(newdfd, getname(newname), lookup_flags,
4496 &new_path, &new_last, &new_type);
4497 if (IS_ERR(to)) {
4498 error = PTR_ERR(to);
4499 goto exit1;
4500 }
4501
4502 error = -EXDEV;
4503 if (old_path.mnt != new_path.mnt)
4504 goto exit2;
4505
4506 error = -EBUSY;
4507 if (old_type != LAST_NORM)
4508 goto exit2;
4509
4510 if (flags & RENAME_NOREPLACE)
4511 error = -EEXIST;
4512 if (new_type != LAST_NORM)
4513 goto exit2;
4514
4515 error = mnt_want_write(old_path.mnt);
4516 if (error)
4517 goto exit2;
4518
4519retry_deleg:
4520 trap = lock_rename(new_path.dentry, old_path.dentry);
4521
4522 old_dentry = __lookup_hash(&old_last, old_path.dentry, lookup_flags);
4523 error = PTR_ERR(old_dentry);
4524 if (IS_ERR(old_dentry))
4525 goto exit3;
4526
4527 error = -ENOENT;
4528 if (d_is_negative(old_dentry))
4529 goto exit4;
4530 new_dentry = __lookup_hash(&new_last, new_path.dentry, lookup_flags | target_flags);
4531 error = PTR_ERR(new_dentry);
4532 if (IS_ERR(new_dentry))
4533 goto exit4;
4534 error = -EEXIST;
4535 if ((flags & RENAME_NOREPLACE) && d_is_positive(new_dentry))
4536 goto exit5;
4537 if (flags & RENAME_EXCHANGE) {
4538 error = -ENOENT;
4539 if (d_is_negative(new_dentry))
4540 goto exit5;
4541
4542 if (!d_is_dir(new_dentry)) {
4543 error = -ENOTDIR;
4544 if (new_last.name[new_last.len])
4545 goto exit5;
4546 }
4547 }
4548
4549 if (!d_is_dir(old_dentry)) {
4550 error = -ENOTDIR;
4551 if (old_last.name[old_last.len])
4552 goto exit5;
4553 if (!(flags & RENAME_EXCHANGE) && new_last.name[new_last.len])
4554 goto exit5;
4555 }
4556
4557 error = -EINVAL;
4558 if (old_dentry == trap)
4559 goto exit5;
4560
4561 if (!(flags & RENAME_EXCHANGE))
4562 error = -ENOTEMPTY;
4563 if (new_dentry == trap)
4564 goto exit5;
4565
4566 error = security_path_rename(&old_path, old_dentry,
4567 &new_path, new_dentry, flags);
4568 if (error)
4569 goto exit5;
4570 error = vfs_rename(old_path.dentry->d_inode, old_dentry,
4571 new_path.dentry->d_inode, new_dentry,
4572 &delegated_inode, flags);
4573exit5:
4574 dput(new_dentry);
4575exit4:
4576 dput(old_dentry);
4577exit3:
4578 unlock_rename(new_path.dentry, old_path.dentry);
4579 if (delegated_inode) {
4580 error = break_deleg_wait(&delegated_inode);
4581 if (!error)
4582 goto retry_deleg;
4583 }
4584 mnt_drop_write(old_path.mnt);
4585exit2:
4586 if (retry_estale(error, lookup_flags))
4587 should_retry = true;
4588 path_put(&new_path);
4589 putname(to);
4590exit1:
4591 path_put(&old_path);
4592 putname(from);
4593 if (should_retry) {
4594 should_retry = false;
4595 lookup_flags |= LOOKUP_REVAL;
4596 goto retry;
4597 }
4598exit:
4599 return error;
4600}
4601
4602SYSCALL_DEFINE5(renameat2, int, olddfd, const char __user *, oldname,
4603 int, newdfd, const char __user *, newname, unsigned int, flags)
4604{
4605 return do_renameat2(olddfd, oldname, newdfd, newname, flags);
4606}
4607
4608SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
4609 int, newdfd, const char __user *, newname)
4610{
4611 return do_renameat2(olddfd, oldname, newdfd, newname, 0);
4612}
4613
4614SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
4615{
4616 return do_renameat2(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
4617}
4618
4619int vfs_whiteout(struct inode *dir, struct dentry *dentry)
4620{
4621 int error = may_create(dir, dentry);
4622 if (error)
4623 return error;
4624
4625 if (!dir->i_op->mknod)
4626 return -EPERM;
4627
4628 return dir->i_op->mknod(dir, dentry,
4629 S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
4630}
4631EXPORT_SYMBOL(vfs_whiteout);
4632
4633int readlink_copy(char __user *buffer, int buflen, const char *link)
4634{
4635 int len = PTR_ERR(link);
4636 if (IS_ERR(link))
4637 goto out;
4638
4639 len = strlen(link);
4640 if (len > (unsigned) buflen)
4641 len = buflen;
4642 if (copy_to_user(buffer, link, len))
4643 len = -EFAULT;
4644out:
4645 return len;
4646}
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen)
4659{
4660 struct inode *inode = d_inode(dentry);
4661 DEFINE_DELAYED_CALL(done);
4662 const char *link;
4663 int res;
4664
4665 if (unlikely(!(inode->i_opflags & IOP_DEFAULT_READLINK))) {
4666 if (unlikely(inode->i_op->readlink))
4667 return inode->i_op->readlink(dentry, buffer, buflen);
4668
4669 if (!d_is_symlink(dentry))
4670 return -EINVAL;
4671
4672 spin_lock(&inode->i_lock);
4673 inode->i_opflags |= IOP_DEFAULT_READLINK;
4674 spin_unlock(&inode->i_lock);
4675 }
4676
4677 link = READ_ONCE(inode->i_link);
4678 if (!link) {
4679 link = inode->i_op->get_link(dentry, inode, &done);
4680 if (IS_ERR(link))
4681 return PTR_ERR(link);
4682 }
4683 res = readlink_copy(buffer, buflen, link);
4684 do_delayed_call(&done);
4685 return res;
4686}
4687EXPORT_SYMBOL(vfs_readlink);
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700const char *vfs_get_link(struct dentry *dentry, struct delayed_call *done)
4701{
4702 const char *res = ERR_PTR(-EINVAL);
4703 struct inode *inode = d_inode(dentry);
4704
4705 if (d_is_symlink(dentry)) {
4706 res = ERR_PTR(security_inode_readlink(dentry));
4707 if (!res)
4708 res = inode->i_op->get_link(dentry, inode, done);
4709 }
4710 return res;
4711}
4712EXPORT_SYMBOL(vfs_get_link);
4713
4714
4715const char *page_get_link(struct dentry *dentry, struct inode *inode,
4716 struct delayed_call *callback)
4717{
4718 char *kaddr;
4719 struct page *page;
4720 struct address_space *mapping = inode->i_mapping;
4721
4722 if (!dentry) {
4723 page = find_get_page(mapping, 0);
4724 if (!page)
4725 return ERR_PTR(-ECHILD);
4726 if (!PageUptodate(page)) {
4727 put_page(page);
4728 return ERR_PTR(-ECHILD);
4729 }
4730 } else {
4731 page = read_mapping_page(mapping, 0, NULL);
4732 if (IS_ERR(page))
4733 return (char*)page;
4734 }
4735 set_delayed_call(callback, page_put_link, page);
4736 BUG_ON(mapping_gfp_mask(mapping) & __GFP_HIGHMEM);
4737 kaddr = page_address(page);
4738 nd_terminate_link(kaddr, inode->i_size, PAGE_SIZE - 1);
4739 return kaddr;
4740}
4741
4742EXPORT_SYMBOL(page_get_link);
4743
4744void page_put_link(void *arg)
4745{
4746 put_page(arg);
4747}
4748EXPORT_SYMBOL(page_put_link);
4749
4750int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
4751{
4752 DEFINE_DELAYED_CALL(done);
4753 int res = readlink_copy(buffer, buflen,
4754 page_get_link(dentry, d_inode(dentry),
4755 &done));
4756 do_delayed_call(&done);
4757 return res;
4758}
4759EXPORT_SYMBOL(page_readlink);
4760
4761
4762
4763
4764int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
4765{
4766 struct address_space *mapping = inode->i_mapping;
4767 struct page *page;
4768 void *fsdata;
4769 int err;
4770 unsigned int flags = 0;
4771 if (nofs)
4772 flags |= AOP_FLAG_NOFS;
4773
4774retry:
4775 err = pagecache_write_begin(NULL, mapping, 0, len-1,
4776 flags, &page, &fsdata);
4777 if (err)
4778 goto fail;
4779
4780 memcpy(page_address(page), symname, len-1);
4781
4782 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
4783 page, fsdata);
4784 if (err < 0)
4785 goto fail;
4786 if (err < len-1)
4787 goto retry;
4788
4789 mark_inode_dirty(inode);
4790 return 0;
4791fail:
4792 return err;
4793}
4794EXPORT_SYMBOL(__page_symlink);
4795
4796int page_symlink(struct inode *inode, const char *symname, int len)
4797{
4798 return __page_symlink(inode, symname, len,
4799 !mapping_gfp_constraint(inode->i_mapping, __GFP_FS));
4800}
4801EXPORT_SYMBOL(page_symlink);
4802
4803const struct inode_operations page_symlink_inode_operations = {
4804 .get_link = page_get_link,
4805};
4806EXPORT_SYMBOL(page_symlink_inode_operations);
4807
