1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/init.h>
18#include <linux/export.h>
19#include <linux/kernel.h>
20#include <linux/slab.h>
21#include <linux/fs.h>
22#include <linux/namei.h>
23#include <linux/pagemap.h>
24#include <linux/fsnotify.h>
25#include <linux/personality.h>
26#include <linux/security.h>
27#include <linux/ima.h>
28#include <linux/syscalls.h>
29#include <linux/mount.h>
30#include <linux/audit.h>
31#include <linux/capability.h>
32#include <linux/file.h>
33#include <linux/fcntl.h>
34#include <linux/device_cgroup.h>
35#include <linux/fs_struct.h>
36#include <linux/posix_acl.h>
37#include <linux/hash.h>
38#include <asm/uaccess.h>
39
40#include "internal.h"
41#include "mount.h"
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122#define EMBEDDED_NAME_MAX (PATH_MAX - offsetof(struct filename, iname))
123
124struct filename *
125getname_flags(const char __user *filename, int flags, int *empty)
126{
127 struct filename *result;
128 char *kname;
129 int len;
130
131 result = audit_reusename(filename);
132 if (result)
133 return result;
134
135 result = __getname();
136 if (unlikely(!result))
137 return ERR_PTR(-ENOMEM);
138
139
140
141
142
143 kname = (char *)result->iname;
144 result->name = kname;
145
146 len = strncpy_from_user(kname, filename, EMBEDDED_NAME_MAX);
147 if (unlikely(len < 0)) {
148 __putname(result);
149 return ERR_PTR(len);
150 }
151
152
153
154
155
156
157
158 if (unlikely(len == EMBEDDED_NAME_MAX)) {
159 const size_t size = offsetof(struct filename, iname[1]);
160 kname = (char *)result;
161
162
163
164
165
166
167 result = kzalloc(size, GFP_KERNEL);
168 if (unlikely(!result)) {
169 __putname(kname);
170 return ERR_PTR(-ENOMEM);
171 }
172 result->name = kname;
173 len = strncpy_from_user(kname, filename, PATH_MAX);
174 if (unlikely(len < 0)) {
175 __putname(kname);
176 kfree(result);
177 return ERR_PTR(len);
178 }
179 if (unlikely(len == PATH_MAX)) {
180 __putname(kname);
181 kfree(result);
182 return ERR_PTR(-ENAMETOOLONG);
183 }
184 }
185
186 result->refcnt = 1;
187
188 if (unlikely(!len)) {
189 if (empty)
190 *empty = 1;
191 if (!(flags & LOOKUP_EMPTY)) {
192 putname(result);
193 return ERR_PTR(-ENOENT);
194 }
195 }
196
197 result->uptr = filename;
198 result->aname = NULL;
199 audit_getname(result);
200 return result;
201}
202
203struct filename *
204getname(const char __user * filename)
205{
206 return getname_flags(filename, 0, NULL);
207}
208
209struct filename *
210getname_kernel(const char * filename)
211{
212 struct filename *result;
213 int len = strlen(filename) + 1;
214
215 result = __getname();
216 if (unlikely(!result))
217 return ERR_PTR(-ENOMEM);
218
219 if (len <= EMBEDDED_NAME_MAX) {
220 result->name = (char *)result->iname;
221 } else if (len <= PATH_MAX) {
222 struct filename *tmp;
223
224 tmp = kmalloc(sizeof(*tmp), GFP_KERNEL);
225 if (unlikely(!tmp)) {
226 __putname(result);
227 return ERR_PTR(-ENOMEM);
228 }
229 tmp->name = (char *)result;
230 result = tmp;
231 } else {
232 __putname(result);
233 return ERR_PTR(-ENAMETOOLONG);
234 }
235 memcpy((char *)result->name, filename, len);
236 result->uptr = NULL;
237 result->aname = NULL;
238 result->refcnt = 1;
239 audit_getname(result);
240
241 return result;
242}
243
244void putname(struct filename *name)
245{
246 BUG_ON(name->refcnt <= 0);
247
248 if (--name->refcnt > 0)
249 return;
250
251 if (name->name != name->iname) {
252 __putname(name->name);
253 kfree(name);
254 } else
255 __putname(name);
256}
257
258static int check_acl(struct inode *inode, int mask)
259{
260#ifdef CONFIG_FS_POSIX_ACL
261 struct posix_acl *acl;
262
263 if (mask & MAY_NOT_BLOCK) {
264 acl = get_cached_acl_rcu(inode, ACL_TYPE_ACCESS);
265 if (!acl)
266 return -EAGAIN;
267
268 if (acl == ACL_NOT_CACHED)
269 return -ECHILD;
270 return posix_acl_permission(inode, acl, mask & ~MAY_NOT_BLOCK);
271 }
272
273 acl = get_acl(inode, ACL_TYPE_ACCESS);
274 if (IS_ERR(acl))
275 return PTR_ERR(acl);
276 if (acl) {
277 int error = posix_acl_permission(inode, acl, mask);
278 posix_acl_release(acl);
279 return error;
280 }
281#endif
282
283 return -EAGAIN;
284}
285
286
287
288
289static int acl_permission_check(struct inode *inode, int mask)
290{
291 unsigned int mode = inode->i_mode;
292
293 if (likely(uid_eq(current_fsuid(), inode->i_uid)))
294 mode >>= 6;
295 else {
296 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
297 int error = check_acl(inode, mask);
298 if (error != -EAGAIN)
299 return error;
300 }
301
302 if (in_group_p(inode->i_gid))
303 mode >>= 3;
304 }
305
306
307
308
309 if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
310 return 0;
311 return -EACCES;
312}
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328int generic_permission(struct inode *inode, int mask)
329{
330 int ret;
331
332
333
334
335 ret = acl_permission_check(inode, mask);
336 if (ret != -EACCES)
337 return ret;
338
339 if (S_ISDIR(inode->i_mode)) {
340
341 if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
342 return 0;
343 if (!(mask & MAY_WRITE))
344 if (capable_wrt_inode_uidgid(inode,
345 CAP_DAC_READ_SEARCH))
346 return 0;
347 return -EACCES;
348 }
349
350
351
352
353
354 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
355 if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
356 return 0;
357
358
359
360
361 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
362 if (mask == MAY_READ)
363 if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
364 return 0;
365
366 return -EACCES;
367}
368EXPORT_SYMBOL(generic_permission);
369
370
371
372
373
374
375
376static inline int do_inode_permission(struct inode *inode, int mask)
377{
378 if (unlikely(!(inode->i_opflags & IOP_FASTPERM))) {
379 if (likely(inode->i_op->permission))
380 return inode->i_op->permission(inode, mask);
381
382
383 spin_lock(&inode->i_lock);
384 inode->i_opflags |= IOP_FASTPERM;
385 spin_unlock(&inode->i_lock);
386 }
387 return generic_permission(inode, mask);
388}
389
390
391
392
393
394
395
396
397
398
399
400
401
402int __inode_permission(struct inode *inode, int mask)
403{
404 int retval;
405
406 if (unlikely(mask & MAY_WRITE)) {
407
408
409
410 if (IS_IMMUTABLE(inode))
411 return -EACCES;
412 }
413
414 retval = do_inode_permission(inode, mask);
415 if (retval)
416 return retval;
417
418 retval = devcgroup_inode_permission(inode, mask);
419 if (retval)
420 return retval;
421
422 return security_inode_permission(inode, mask);
423}
424EXPORT_SYMBOL(__inode_permission);
425
426
427
428
429
430
431
432
433
434static int sb_permission(struct super_block *sb, struct inode *inode, int mask)
435{
436 if (unlikely(mask & MAY_WRITE)) {
437 umode_t mode = inode->i_mode;
438
439
440 if ((sb->s_flags & MS_RDONLY) &&
441 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
442 return -EROFS;
443 }
444 return 0;
445}
446
447
448
449
450
451
452
453
454
455
456
457
458int inode_permission(struct inode *inode, int mask)
459{
460 int retval;
461
462 retval = sb_permission(inode->i_sb, inode, mask);
463 if (retval)
464 return retval;
465 return __inode_permission(inode, mask);
466}
467EXPORT_SYMBOL(inode_permission);
468
469
470
471
472
473
474
475void path_get(const struct path *path)
476{
477 mntget(path->mnt);
478 dget(path->dentry);
479}
480EXPORT_SYMBOL(path_get);
481
482
483
484
485
486
487
488void path_put(const struct path *path)
489{
490 dput(path->dentry);
491 mntput(path->mnt);
492}
493EXPORT_SYMBOL(path_put);
494
495#define EMBEDDED_LEVELS 2
496struct nameidata {
497 struct path path;
498 struct qstr last;
499 struct path root;
500 struct inode *inode;
501 unsigned int flags;
502 unsigned seq, m_seq;
503 int last_type;
504 unsigned depth;
505 int total_link_count;
506 struct saved {
507 struct path link;
508 struct delayed_call done;
509 const char *name;
510 unsigned seq;
511 } *stack, internal[EMBEDDED_LEVELS];
512 struct filename *name;
513 struct nameidata *saved;
514 struct inode *link_inode;
515 unsigned root_seq;
516 int dfd;
517};
518
519static void set_nameidata(struct nameidata *p, int dfd, struct filename *name)
520{
521 struct nameidata *old = current->nameidata;
522 p->stack = p->internal;
523 p->dfd = dfd;
524 p->name = name;
525 p->total_link_count = old ? old->total_link_count : 0;
526 p->saved = old;
527 current->nameidata = p;
528}
529
530static void restore_nameidata(void)
531{
532 struct nameidata *now = current->nameidata, *old = now->saved;
533
534 current->nameidata = old;
535 if (old)
536 old->total_link_count = now->total_link_count;
537 if (now->stack != now->internal)
538 kfree(now->stack);
539}
540
541static int __nd_alloc_stack(struct nameidata *nd)
542{
543 struct saved *p;
544
545 if (nd->flags & LOOKUP_RCU) {
546 p= kmalloc(MAXSYMLINKS * sizeof(struct saved),
547 GFP_ATOMIC);
548 if (unlikely(!p))
549 return -ECHILD;
550 } else {
551 p= kmalloc(MAXSYMLINKS * sizeof(struct saved),
552 GFP_KERNEL);
553 if (unlikely(!p))
554 return -ENOMEM;
555 }
556 memcpy(p, nd->internal, sizeof(nd->internal));
557 nd->stack = p;
558 return 0;
559}
560
561
562
563
564
565
566
567
568static bool path_connected(const struct path *path)
569{
570 struct vfsmount *mnt = path->mnt;
571
572
573 if (mnt->mnt_root == mnt->mnt_sb->s_root)
574 return true;
575
576 return is_subdir(path->dentry, mnt->mnt_root);
577}
578
579static inline int nd_alloc_stack(struct nameidata *nd)
580{
581 if (likely(nd->depth != EMBEDDED_LEVELS))
582 return 0;
583 if (likely(nd->stack != nd->internal))
584 return 0;
585 return __nd_alloc_stack(nd);
586}
587
588static void drop_links(struct nameidata *nd)
589{
590 int i = nd->depth;
591 while (i--) {
592 struct saved *last = nd->stack + i;
593 do_delayed_call(&last->done);
594 clear_delayed_call(&last->done);
595 }
596}
597
598static void terminate_walk(struct nameidata *nd)
599{
600 drop_links(nd);
601 if (!(nd->flags & LOOKUP_RCU)) {
602 int i;
603 path_put(&nd->path);
604 for (i = 0; i < nd->depth; i++)
605 path_put(&nd->stack[i].link);
606 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
607 path_put(&nd->root);
608 nd->root.mnt = NULL;
609 }
610 } else {
611 nd->flags &= ~LOOKUP_RCU;
612 if (!(nd->flags & LOOKUP_ROOT))
613 nd->root.mnt = NULL;
614 rcu_read_unlock();
615 }
616 nd->depth = 0;
617}
618
619
620static bool legitimize_path(struct nameidata *nd,
621 struct path *path, unsigned seq)
622{
623 int res = __legitimize_mnt(path->mnt, nd->m_seq);
624 if (unlikely(res)) {
625 if (res > 0)
626 path->mnt = NULL;
627 path->dentry = NULL;
628 return false;
629 }
630 if (unlikely(!lockref_get_not_dead(&path->dentry->d_lockref))) {
631 path->dentry = NULL;
632 return false;
633 }
634 return !read_seqcount_retry(&path->dentry->d_seq, seq);
635}
636
637static bool legitimize_links(struct nameidata *nd)
638{
639 int i;
640 for (i = 0; i < nd->depth; i++) {
641 struct saved *last = nd->stack + i;
642 if (unlikely(!legitimize_path(nd, &last->link, last->seq))) {
643 drop_links(nd);
644 nd->depth = i + 1;
645 return false;
646 }
647 }
648 return true;
649}
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675static int unlazy_walk(struct nameidata *nd, struct dentry *dentry, unsigned seq)
676{
677 struct dentry *parent = nd->path.dentry;
678
679 BUG_ON(!(nd->flags & LOOKUP_RCU));
680
681 nd->flags &= ~LOOKUP_RCU;
682 if (unlikely(!legitimize_links(nd)))
683 goto out2;
684 if (unlikely(!legitimize_mnt(nd->path.mnt, nd->m_seq)))
685 goto out2;
686 if (unlikely(!lockref_get_not_dead(&parent->d_lockref)))
687 goto out1;
688
689
690
691
692
693
694
695
696
697
698
699
700 if (!dentry) {
701 if (read_seqcount_retry(&parent->d_seq, nd->seq))
702 goto out;
703 BUG_ON(nd->inode != parent->d_inode);
704 } else {
705 if (!lockref_get_not_dead(&dentry->d_lockref))
706 goto out;
707 if (read_seqcount_retry(&dentry->d_seq, seq))
708 goto drop_dentry;
709 }
710
711
712
713
714
715 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
716 if (unlikely(!legitimize_path(nd, &nd->root, nd->root_seq))) {
717 rcu_read_unlock();
718 dput(dentry);
719 return -ECHILD;
720 }
721 }
722
723 rcu_read_unlock();
724 return 0;
725
726drop_dentry:
727 rcu_read_unlock();
728 dput(dentry);
729 goto drop_root_mnt;
730out2:
731 nd->path.mnt = NULL;
732out1:
733 nd->path.dentry = NULL;
734out:
735 rcu_read_unlock();
736drop_root_mnt:
737 if (!(nd->flags & LOOKUP_ROOT))
738 nd->root.mnt = NULL;
739 return -ECHILD;
740}
741
742static int unlazy_link(struct nameidata *nd, struct path *link, unsigned seq)
743{
744 if (unlikely(!legitimize_path(nd, link, seq))) {
745 drop_links(nd);
746 nd->depth = 0;
747 nd->flags &= ~LOOKUP_RCU;
748 nd->path.mnt = NULL;
749 nd->path.dentry = NULL;
750 if (!(nd->flags & LOOKUP_ROOT))
751 nd->root.mnt = NULL;
752 rcu_read_unlock();
753 } else if (likely(unlazy_walk(nd, NULL, 0)) == 0) {
754 return 0;
755 }
756 path_put(link);
757 return -ECHILD;
758}
759
760static inline int d_revalidate(struct dentry *dentry, unsigned int flags)
761{
762 return dentry->d_op->d_revalidate(dentry, flags);
763}
764
765
766
767
768
769
770
771
772
773
774
775static int complete_walk(struct nameidata *nd)
776{
777 struct dentry *dentry = nd->path.dentry;
778 int status;
779
780 if (nd->flags & LOOKUP_RCU) {
781 if (!(nd->flags & LOOKUP_ROOT))
782 nd->root.mnt = NULL;
783 if (unlikely(unlazy_walk(nd, NULL, 0)))
784 return -ECHILD;
785 }
786
787 if (likely(!(nd->flags & LOOKUP_JUMPED)))
788 return 0;
789
790 if (likely(!(dentry->d_flags & DCACHE_OP_WEAK_REVALIDATE)))
791 return 0;
792
793 status = dentry->d_op->d_weak_revalidate(dentry, nd->flags);
794 if (status > 0)
795 return 0;
796
797 if (!status)
798 status = -ESTALE;
799
800 return status;
801}
802
803static void set_root(struct nameidata *nd)
804{
805 struct fs_struct *fs = current->fs;
806
807 if (nd->flags & LOOKUP_RCU) {
808 unsigned seq;
809
810 do {
811 seq = read_seqcount_begin(&fs->seq);
812 nd->root = fs->root;
813 nd->root_seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
814 } while (read_seqcount_retry(&fs->seq, seq));
815 } else {
816 get_fs_root(fs, &nd->root);
817 }
818}
819
820static void path_put_conditional(struct path *path, struct nameidata *nd)
821{
822 dput(path->dentry);
823 if (path->mnt != nd->path.mnt)
824 mntput(path->mnt);
825}
826
827static inline void path_to_nameidata(const struct path *path,
828 struct nameidata *nd)
829{
830 if (!(nd->flags & LOOKUP_RCU)) {
831 dput(nd->path.dentry);
832 if (nd->path.mnt != path->mnt)
833 mntput(nd->path.mnt);
834 }
835 nd->path.mnt = path->mnt;
836 nd->path.dentry = path->dentry;
837}
838
839static int nd_jump_root(struct nameidata *nd)
840{
841 if (nd->flags & LOOKUP_RCU) {
842 struct dentry *d;
843 nd->path = nd->root;
844 d = nd->path.dentry;
845 nd->inode = d->d_inode;
846 nd->seq = nd->root_seq;
847 if (unlikely(read_seqcount_retry(&d->d_seq, nd->seq)))
848 return -ECHILD;
849 } else {
850 path_put(&nd->path);
851 nd->path = nd->root;
852 path_get(&nd->path);
853 nd->inode = nd->path.dentry->d_inode;
854 }
855 nd->flags |= LOOKUP_JUMPED;
856 return 0;
857}
858
859
860
861
862
863void nd_jump_link(struct path *path)
864{
865 struct nameidata *nd = current->nameidata;
866 path_put(&nd->path);
867
868 nd->path = *path;
869 nd->inode = nd->path.dentry->d_inode;
870 nd->flags |= LOOKUP_JUMPED;
871}
872
873static inline void put_link(struct nameidata *nd)
874{
875 struct saved *last = nd->stack + --nd->depth;
876 do_delayed_call(&last->done);
877 if (!(nd->flags & LOOKUP_RCU))
878 path_put(&last->link);
879}
880
881int sysctl_protected_symlinks __read_mostly = 0;
882int sysctl_protected_hardlinks __read_mostly = 0;
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899static inline int may_follow_link(struct nameidata *nd)
900{
901 const struct inode *inode;
902 const struct inode *parent;
903
904 if (!sysctl_protected_symlinks)
905 return 0;
906
907
908 inode = nd->link_inode;
909 if (uid_eq(current_cred()->fsuid, inode->i_uid))
910 return 0;
911
912
913 parent = nd->inode;
914 if ((parent->i_mode & (S_ISVTX|S_IWOTH)) != (S_ISVTX|S_IWOTH))
915 return 0;
916
917
918 if (uid_eq(parent->i_uid, inode->i_uid))
919 return 0;
920
921 if (nd->flags & LOOKUP_RCU)
922 return -ECHILD;
923
924 audit_log_link_denied("follow_link", &nd->stack[0].link);
925 return -EACCES;
926}
927
928
929
930
931
932
933
934
935
936
937
938
939
940static bool safe_hardlink_source(struct inode *inode)
941{
942 umode_t mode = inode->i_mode;
943
944
945 if (!S_ISREG(mode))
946 return false;
947
948
949 if (mode & S_ISUID)
950 return false;
951
952
953 if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
954 return false;
955
956
957 if (inode_permission(inode, MAY_READ | MAY_WRITE))
958 return false;
959
960 return true;
961}
962
963
964
965
966
967
968
969
970
971
972
973
974
975static int may_linkat(struct path *link)
976{
977 struct inode *inode;
978
979 if (!sysctl_protected_hardlinks)
980 return 0;
981
982 inode = link->dentry->d_inode;
983
984
985
986
987 if (inode_owner_or_capable(inode) || safe_hardlink_source(inode))
988 return 0;
989
990 audit_log_link_denied("linkat", link);
991 return -EPERM;
992}
993
994static __always_inline
995const char *get_link(struct nameidata *nd)
996{
997 struct saved *last = nd->stack + nd->depth - 1;
998 struct dentry *dentry = last->link.dentry;
999 struct inode *inode = nd->link_inode;
1000 int error;
1001 const char *res;
1002
1003 if (!(nd->flags & LOOKUP_RCU)) {
1004 touch_atime(&last->link);
1005 cond_resched();
1006 } else if (atime_needs_update(&last->link, inode)) {
1007 if (unlikely(unlazy_walk(nd, NULL, 0)))
1008 return ERR_PTR(-ECHILD);
1009 touch_atime(&last->link);
1010 }
1011
1012 error = security_inode_follow_link(dentry, inode,
1013 nd->flags & LOOKUP_RCU);
1014 if (unlikely(error))
1015 return ERR_PTR(error);
1016
1017 nd->last_type = LAST_BIND;
1018 res = inode->i_link;
1019 if (!res) {
1020 const char * (*get)(struct dentry *, struct inode *,
1021 struct delayed_call *);
1022 get = inode->i_op->get_link;
1023 if (nd->flags & LOOKUP_RCU) {
1024 res = get(NULL, inode, &last->done);
1025 if (res == ERR_PTR(-ECHILD)) {
1026 if (unlikely(unlazy_walk(nd, NULL, 0)))
1027 return ERR_PTR(-ECHILD);
1028 res = get(dentry, inode, &last->done);
1029 }
1030 } else {
1031 res = get(dentry, inode, &last->done);
1032 }
1033 if (IS_ERR_OR_NULL(res))
1034 return res;
1035 }
1036 if (*res == '/') {
1037 if (!nd->root.mnt)
1038 set_root(nd);
1039 if (unlikely(nd_jump_root(nd)))
1040 return ERR_PTR(-ECHILD);
1041 while (unlikely(*++res == '/'))
1042 ;
1043 }
1044 if (!*res)
1045 res = NULL;
1046 return res;
1047}
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059int follow_up(struct path *path)
1060{
1061 struct mount *mnt = real_mount(path->mnt);
1062 struct mount *parent;
1063 struct dentry *mountpoint;
1064
1065 read_seqlock_excl(&mount_lock);
1066 parent = mnt->mnt_parent;
1067 if (parent == mnt) {
1068 read_sequnlock_excl(&mount_lock);
1069 return 0;
1070 }
1071 mntget(&parent->mnt);
1072 mountpoint = dget(mnt->mnt_mountpoint);
1073 read_sequnlock_excl(&mount_lock);
1074 dput(path->dentry);
1075 path->dentry = mountpoint;
1076 mntput(path->mnt);
1077 path->mnt = &parent->mnt;
1078 return 1;
1079}
1080EXPORT_SYMBOL(follow_up);
1081
1082
1083
1084
1085
1086
1087static int follow_automount(struct path *path, struct nameidata *nd,
1088 bool *need_mntput)
1089{
1090 struct vfsmount *mnt;
1091 int err;
1092
1093 if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
1094 return -EREMOTE;
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107 if (!(nd->flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY |
1108 LOOKUP_OPEN | LOOKUP_CREATE | LOOKUP_AUTOMOUNT)) &&
1109 path->dentry->d_inode)
1110 return -EISDIR;
1111
1112 nd->total_link_count++;
1113 if (nd->total_link_count >= 40)
1114 return -ELOOP;
1115
1116 mnt = path->dentry->d_op->d_automount(path);
1117 if (IS_ERR(mnt)) {
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127 if (PTR_ERR(mnt) == -EISDIR && (nd->flags & LOOKUP_PARENT))
1128 return -EREMOTE;
1129 return PTR_ERR(mnt);
1130 }
1131
1132 if (!mnt)
1133 return 0;
1134
1135 if (!*need_mntput) {
1136
1137 mntget(path->mnt);
1138 *need_mntput = true;
1139 }
1140 err = finish_automount(mnt, path);
1141
1142 switch (err) {
1143 case -EBUSY:
1144
1145 return 0;
1146 case 0:
1147 path_put(path);
1148 path->mnt = mnt;
1149 path->dentry = dget(mnt->mnt_root);
1150 return 0;
1151 default:
1152 return err;
1153 }
1154
1155}
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167static int follow_managed(struct path *path, struct nameidata *nd)
1168{
1169 struct vfsmount *mnt = path->mnt;
1170 unsigned managed;
1171 bool need_mntput = false;
1172 int ret = 0;
1173
1174
1175
1176
1177 while (managed = ACCESS_ONCE(path->dentry->d_flags),
1178 managed &= DCACHE_MANAGED_DENTRY,
1179 unlikely(managed != 0)) {
1180
1181
1182 if (managed & DCACHE_MANAGE_TRANSIT) {
1183 BUG_ON(!path->dentry->d_op);
1184 BUG_ON(!path->dentry->d_op->d_manage);
1185 ret = path->dentry->d_op->d_manage(path->dentry, false);
1186 if (ret < 0)
1187 break;
1188 }
1189
1190
1191 if (managed & DCACHE_MOUNTED) {
1192 struct vfsmount *mounted = lookup_mnt(path);
1193 if (mounted) {
1194 dput(path->dentry);
1195 if (need_mntput)
1196 mntput(path->mnt);
1197 path->mnt = mounted;
1198 path->dentry = dget(mounted->mnt_root);
1199 need_mntput = true;
1200 continue;
1201 }
1202
1203
1204
1205
1206
1207 }
1208
1209
1210 if (managed & DCACHE_NEED_AUTOMOUNT) {
1211 ret = follow_automount(path, nd, &need_mntput);
1212 if (ret < 0)
1213 break;
1214 continue;
1215 }
1216
1217
1218 break;
1219 }
1220
1221 if (need_mntput && path->mnt == mnt)
1222 mntput(path->mnt);
1223 if (ret == -EISDIR || !ret)
1224 ret = 1;
1225 if (need_mntput)
1226 nd->flags |= LOOKUP_JUMPED;
1227 if (unlikely(ret < 0))
1228 path_put_conditional(path, nd);
1229 return ret;
1230}
1231
1232int follow_down_one(struct path *path)
1233{
1234 struct vfsmount *mounted;
1235
1236 mounted = lookup_mnt(path);
1237 if (mounted) {
1238 dput(path->dentry);
1239 mntput(path->mnt);
1240 path->mnt = mounted;
1241 path->dentry = dget(mounted->mnt_root);
1242 return 1;
1243 }
1244 return 0;
1245}
1246EXPORT_SYMBOL(follow_down_one);
1247
1248static inline int managed_dentry_rcu(struct dentry *dentry)
1249{
1250 return (dentry->d_flags & DCACHE_MANAGE_TRANSIT) ?
1251 dentry->d_op->d_manage(dentry, true) : 0;
1252}
1253
1254
1255
1256
1257
1258static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
1259 struct inode **inode, unsigned *seqp)
1260{
1261 for (;;) {
1262 struct mount *mounted;
1263
1264
1265
1266
1267 switch (managed_dentry_rcu(path->dentry)) {
1268 case -ECHILD:
1269 default:
1270 return false;
1271 case -EISDIR:
1272 return true;
1273 case 0:
1274 break;
1275 }
1276
1277 if (!d_mountpoint(path->dentry))
1278 return !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT);
1279
1280 mounted = __lookup_mnt(path->mnt, path->dentry);
1281 if (!mounted)
1282 break;
1283 path->mnt = &mounted->mnt;
1284 path->dentry = mounted->mnt.mnt_root;
1285 nd->flags |= LOOKUP_JUMPED;
1286 *seqp = read_seqcount_begin(&path->dentry->d_seq);
1287
1288
1289
1290
1291
1292 *inode = path->dentry->d_inode;
1293 }
1294 return !read_seqretry(&mount_lock, nd->m_seq) &&
1295 !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT);
1296}
1297
1298static int follow_dotdot_rcu(struct nameidata *nd)
1299{
1300 struct inode *inode = nd->inode;
1301
1302 while (1) {
1303 if (path_equal(&nd->path, &nd->root))
1304 break;
1305 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1306 struct dentry *old = nd->path.dentry;
1307 struct dentry *parent = old->d_parent;
1308 unsigned seq;
1309
1310 inode = parent->d_inode;
1311 seq = read_seqcount_begin(&parent->d_seq);
1312 if (unlikely(read_seqcount_retry(&old->d_seq, nd->seq)))
1313 return -ECHILD;
1314 nd->path.dentry = parent;
1315 nd->seq = seq;
1316 if (unlikely(!path_connected(&nd->path)))
1317 return -ENOENT;
1318 break;
1319 } else {
1320 struct mount *mnt = real_mount(nd->path.mnt);
1321 struct mount *mparent = mnt->mnt_parent;
1322 struct dentry *mountpoint = mnt->mnt_mountpoint;
1323 struct inode *inode2 = mountpoint->d_inode;
1324 unsigned seq = read_seqcount_begin(&mountpoint->d_seq);
1325 if (unlikely(read_seqretry(&mount_lock, nd->m_seq)))
1326 return -ECHILD;
1327 if (&mparent->mnt == nd->path.mnt)
1328 break;
1329
1330 nd->path.dentry = mountpoint;
1331 nd->path.mnt = &mparent->mnt;
1332 inode = inode2;
1333 nd->seq = seq;
1334 }
1335 }
1336 while (unlikely(d_mountpoint(nd->path.dentry))) {
1337 struct mount *mounted;
1338 mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
1339 if (unlikely(read_seqretry(&mount_lock, nd->m_seq)))
1340 return -ECHILD;
1341 if (!mounted)
1342 break;
1343 nd->path.mnt = &mounted->mnt;
1344 nd->path.dentry = mounted->mnt.mnt_root;
1345 inode = nd->path.dentry->d_inode;
1346 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
1347 }
1348 nd->inode = inode;
1349 return 0;
1350}
1351
1352
1353
1354
1355
1356
1357int follow_down(struct path *path)
1358{
1359 unsigned managed;
1360 int ret;
1361
1362 while (managed = ACCESS_ONCE(path->dentry->d_flags),
1363 unlikely(managed & DCACHE_MANAGED_DENTRY)) {
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374 if (managed & DCACHE_MANAGE_TRANSIT) {
1375 BUG_ON(!path->dentry->d_op);
1376 BUG_ON(!path->dentry->d_op->d_manage);
1377 ret = path->dentry->d_op->d_manage(
1378 path->dentry, false);
1379 if (ret < 0)
1380 return ret == -EISDIR ? 0 : ret;
1381 }
1382
1383
1384 if (managed & DCACHE_MOUNTED) {
1385 struct vfsmount *mounted = lookup_mnt(path);
1386 if (!mounted)
1387 break;
1388 dput(path->dentry);
1389 mntput(path->mnt);
1390 path->mnt = mounted;
1391 path->dentry = dget(mounted->mnt_root);
1392 continue;
1393 }
1394
1395
1396 break;
1397 }
1398 return 0;
1399}
1400EXPORT_SYMBOL(follow_down);
1401
1402
1403
1404
1405static void follow_mount(struct path *path)
1406{
1407 while (d_mountpoint(path->dentry)) {
1408 struct vfsmount *mounted = lookup_mnt(path);
1409 if (!mounted)
1410 break;
1411 dput(path->dentry);
1412 mntput(path->mnt);
1413 path->mnt = mounted;
1414 path->dentry = dget(mounted->mnt_root);
1415 }
1416}
1417
1418static int follow_dotdot(struct nameidata *nd)
1419{
1420 while(1) {
1421 struct dentry *old = nd->path.dentry;
1422
1423 if (nd->path.dentry == nd->root.dentry &&
1424 nd->path.mnt == nd->root.mnt) {
1425 break;
1426 }
1427 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1428
1429 nd->path.dentry = dget_parent(nd->path.dentry);
1430 dput(old);
1431 if (unlikely(!path_connected(&nd->path)))
1432 return -ENOENT;
1433 break;
1434 }
1435 if (!follow_up(&nd->path))
1436 break;
1437 }
1438 follow_mount(&nd->path);
1439 nd->inode = nd->path.dentry->d_inode;
1440 return 0;
1441}
1442
1443
1444
1445
1446
1447
1448static struct dentry *lookup_dcache(const struct qstr *name,
1449 struct dentry *dir,
1450 unsigned int flags)
1451{
1452 struct dentry *dentry;
1453 int error;
1454
1455 dentry = d_lookup(dir, name);
1456 if (dentry) {
1457 if (dentry->d_flags & DCACHE_OP_REVALIDATE) {
1458 error = d_revalidate(dentry, flags);
1459 if (unlikely(error <= 0)) {
1460 if (!error)
1461 d_invalidate(dentry);
1462 dput(dentry);
1463 return ERR_PTR(error);
1464 }
1465 }
1466 }
1467 return dentry;
1468}
1469
1470
1471
1472
1473
1474
1475
1476static struct dentry *lookup_real(struct inode *dir, struct dentry *dentry,
1477 unsigned int flags)
1478{
1479 struct dentry *old;
1480
1481
1482 if (unlikely(IS_DEADDIR(dir))) {
1483 dput(dentry);
1484 return ERR_PTR(-ENOENT);
1485 }
1486
1487 old = dir->i_op->lookup(dir, dentry, flags);
1488 if (unlikely(old)) {
1489 dput(dentry);
1490 dentry = old;
1491 }
1492 return dentry;
1493}
1494
1495static struct dentry *__lookup_hash(const struct qstr *name,
1496 struct dentry *base, unsigned int flags)
1497{
1498 struct dentry *dentry = lookup_dcache(name, base, flags);
1499
1500 if (dentry)
1501 return dentry;
1502
1503 dentry = d_alloc(base, name);
1504 if (unlikely(!dentry))
1505 return ERR_PTR(-ENOMEM);
1506
1507 return lookup_real(base->d_inode, dentry, flags);
1508}
1509
1510static int lookup_fast(struct nameidata *nd,
1511 struct path *path, struct inode **inode,
1512 unsigned *seqp)
1513{
1514 struct vfsmount *mnt = nd->path.mnt;
1515 struct dentry *dentry, *parent = nd->path.dentry;
1516 int status = 1;
1517 int err;
1518
1519
1520
1521
1522
1523
1524 if (nd->flags & LOOKUP_RCU) {
1525 unsigned seq;
1526 bool negative;
1527 dentry = __d_lookup_rcu(parent, &nd->last, &seq);
1528 if (unlikely(!dentry)) {
1529 if (unlazy_walk(nd, NULL, 0))
1530 return -ECHILD;
1531 return 0;
1532 }
1533
1534
1535
1536
1537
1538 *inode = d_backing_inode(dentry);
1539 negative = d_is_negative(dentry);
1540 if (unlikely(read_seqcount_retry(&dentry->d_seq, seq)))
1541 return -ECHILD;
1542
1543
1544
1545
1546
1547
1548
1549
1550 if (unlikely(__read_seqcount_retry(&parent->d_seq, nd->seq)))
1551 return -ECHILD;
1552
1553 *seqp = seq;
1554 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE))
1555 status = d_revalidate(dentry, nd->flags);
1556 if (unlikely(status <= 0)) {
1557 if (unlazy_walk(nd, dentry, seq))
1558 return -ECHILD;
1559 if (status == -ECHILD)
1560 status = d_revalidate(dentry, nd->flags);
1561 } else {
1562
1563
1564
1565
1566 if (unlikely(negative))
1567 return -ENOENT;
1568 path->mnt = mnt;
1569 path->dentry = dentry;
1570 if (likely(__follow_mount_rcu(nd, path, inode, seqp)))
1571 return 1;
1572 if (unlazy_walk(nd, dentry, seq))
1573 return -ECHILD;
1574 }
1575 } else {
1576 dentry = __d_lookup(parent, &nd->last);
1577 if (unlikely(!dentry))
1578 return 0;
1579 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE))
1580 status = d_revalidate(dentry, nd->flags);
1581 }
1582 if (unlikely(status <= 0)) {
1583 if (!status)
1584 d_invalidate(dentry);
1585 dput(dentry);
1586 return status;
1587 }
1588 if (unlikely(d_is_negative(dentry))) {
1589 dput(dentry);
1590 return -ENOENT;
1591 }
1592
1593 path->mnt = mnt;
1594 path->dentry = dentry;
1595 err = follow_managed(path, nd);
1596 if (likely(err > 0))
1597 *inode = d_backing_inode(path->dentry);
1598 return err;
1599}
1600
1601
1602static struct dentry *lookup_slow(const struct qstr *name,
1603 struct dentry *dir,
1604 unsigned int flags)
1605{
1606 struct dentry *dentry;
1607 inode_lock(dir->d_inode);
1608 dentry = d_lookup(dir, name);
1609 if (unlikely(dentry)) {
1610 if ((dentry->d_flags & DCACHE_OP_REVALIDATE) &&
1611 !(flags & LOOKUP_NO_REVAL)) {
1612 int error = d_revalidate(dentry, flags);
1613 if (unlikely(error <= 0)) {
1614 if (!error)
1615 d_invalidate(dentry);
1616 dput(dentry);
1617 dentry = ERR_PTR(error);
1618 }
1619 }
1620 if (dentry) {
1621 inode_unlock(dir->d_inode);
1622 return dentry;
1623 }
1624 }
1625 dentry = d_alloc(dir, name);
1626 if (unlikely(!dentry)) {
1627 inode_unlock(dir->d_inode);
1628 return ERR_PTR(-ENOMEM);
1629 }
1630 dentry = lookup_real(dir->d_inode, dentry, flags);
1631 inode_unlock(dir->d_inode);
1632 return dentry;
1633}
1634
1635static inline int may_lookup(struct nameidata *nd)
1636{
1637 if (nd->flags & LOOKUP_RCU) {
1638 int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1639 if (err != -ECHILD)
1640 return err;
1641 if (unlazy_walk(nd, NULL, 0))
1642 return -ECHILD;
1643 }
1644 return inode_permission(nd->inode, MAY_EXEC);
1645}
1646
1647static inline int handle_dots(struct nameidata *nd, int type)
1648{
1649 if (type == LAST_DOTDOT) {
1650 if (!nd->root.mnt)
1651 set_root(nd);
1652 if (nd->flags & LOOKUP_RCU) {
1653 return follow_dotdot_rcu(nd);
1654 } else
1655 return follow_dotdot(nd);
1656 }
1657 return 0;
1658}
1659
1660static int pick_link(struct nameidata *nd, struct path *link,
1661 struct inode *inode, unsigned seq)
1662{
1663 int error;
1664 struct saved *last;
1665 if (unlikely(nd->total_link_count++ >= MAXSYMLINKS)) {
1666 path_to_nameidata(link, nd);
1667 return -ELOOP;
1668 }
1669 if (!(nd->flags & LOOKUP_RCU)) {
1670 if (link->mnt == nd->path.mnt)
1671 mntget(link->mnt);
1672 }
1673 error = nd_alloc_stack(nd);
1674 if (unlikely(error)) {
1675 if (error == -ECHILD) {
1676 if (unlikely(unlazy_link(nd, link, seq)))
1677 return -ECHILD;
1678 error = nd_alloc_stack(nd);
1679 }
1680 if (error) {
1681 path_put(link);
1682 return error;
1683 }
1684 }
1685
1686 last = nd->stack + nd->depth++;
1687 last->link = *link;
1688 clear_delayed_call(&last->done);
1689 nd->link_inode = inode;
1690 last->seq = seq;
1691 return 1;
1692}
1693
1694
1695
1696
1697
1698
1699
1700static inline int should_follow_link(struct nameidata *nd, struct path *link,
1701 int follow,
1702 struct inode *inode, unsigned seq)
1703{
1704 if (likely(!d_is_symlink(link->dentry)))
1705 return 0;
1706 if (!follow)
1707 return 0;
1708
1709 if (nd->flags & LOOKUP_RCU) {
1710 if (read_seqcount_retry(&link->dentry->d_seq, seq))
1711 return -ECHILD;
1712 }
1713 return pick_link(nd, link, inode, seq);
1714}
1715
1716enum {WALK_GET = 1, WALK_PUT = 2};
1717
1718static int walk_component(struct nameidata *nd, int flags)
1719{
1720 struct path path;
1721 struct inode *inode;
1722 unsigned seq;
1723 int err;
1724
1725
1726
1727
1728
1729 if (unlikely(nd->last_type != LAST_NORM)) {
1730 err = handle_dots(nd, nd->last_type);
1731 if (flags & WALK_PUT)
1732 put_link(nd);
1733 return err;
1734 }
1735 err = lookup_fast(nd, &path, &inode, &seq);
1736 if (unlikely(err <= 0)) {
1737 if (err < 0)
1738 return err;
1739 path.dentry = lookup_slow(&nd->last, nd->path.dentry,
1740 nd->flags);
1741 if (IS_ERR(path.dentry))
1742 return PTR_ERR(path.dentry);
1743
1744 path.mnt = nd->path.mnt;
1745 err = follow_managed(&path, nd);
1746 if (unlikely(err < 0))
1747 return err;
1748
1749 if (unlikely(d_is_negative(path.dentry))) {
1750 path_to_nameidata(&path, nd);
1751 return -ENOENT;
1752 }
1753
1754 seq = 0;
1755 inode = d_backing_inode(path.dentry);
1756 }
1757
1758 if (flags & WALK_PUT)
1759 put_link(nd);
1760 err = should_follow_link(nd, &path, flags & WALK_GET, inode, seq);
1761 if (unlikely(err))
1762 return err;
1763 path_to_nameidata(&path, nd);
1764 nd->inode = inode;
1765 nd->seq = seq;
1766 return 0;
1767}
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786#ifdef CONFIG_DCACHE_WORD_ACCESS
1787
1788#include <asm/word-at-a-time.h>
1789
1790#ifdef CONFIG_64BIT
1791
1792static inline unsigned int fold_hash(unsigned long hash)
1793{
1794 return hash_64(hash, 32);
1795}
1796
1797#else
1798
1799#define fold_hash(x) (x)
1800
1801#endif
1802
1803unsigned int full_name_hash(const unsigned char *name, unsigned int len)
1804{
1805 unsigned long a, mask;
1806 unsigned long hash = 0;
1807
1808 for (;;) {
1809 a = load_unaligned_zeropad(name);
1810 if (len < sizeof(unsigned long))
1811 break;
1812 hash += a;
1813 hash *= 9;
1814 name += sizeof(unsigned long);
1815 len -= sizeof(unsigned long);
1816 if (!len)
1817 goto done;
1818 }
1819 mask = bytemask_from_count(len);
1820 hash += mask & a;
1821done:
1822 return fold_hash(hash);
1823}
1824EXPORT_SYMBOL(full_name_hash);
1825
1826
1827
1828
1829
1830static inline u64 hash_name(const char *name)
1831{
1832 unsigned long a, b, adata, bdata, mask, hash, len;
1833 const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
1834
1835 hash = a = 0;
1836 len = -sizeof(unsigned long);
1837 do {
1838 hash = (hash + a) * 9;
1839 len += sizeof(unsigned long);
1840 a = load_unaligned_zeropad(name+len);
1841 b = a ^ REPEAT_BYTE('/');
1842 } while (!(has_zero(a, &adata, &constants) | has_zero(b, &bdata, &constants)));
1843
1844 adata = prep_zero_mask(a, adata, &constants);
1845 bdata = prep_zero_mask(b, bdata, &constants);
1846
1847 mask = create_zero_mask(adata | bdata);
1848
1849 hash += a & zero_bytemask(mask);
1850 len += find_zero(mask);
1851 return hashlen_create(fold_hash(hash), len);
1852}
1853
1854#else
1855
1856unsigned int full_name_hash(const unsigned char *name, unsigned int len)
1857{
1858 unsigned long hash = init_name_hash();
1859 while (len--)
1860 hash = partial_name_hash(*name++, hash);
1861 return end_name_hash(hash);
1862}
1863EXPORT_SYMBOL(full_name_hash);
1864
1865
1866
1867
1868
1869static inline u64 hash_name(const char *name)
1870{
1871 unsigned long hash = init_name_hash();
1872 unsigned long len = 0, c;
1873
1874 c = (unsigned char)*name;
1875 do {
1876 len++;
1877 hash = partial_name_hash(c, hash);
1878 c = (unsigned char)name[len];
1879 } while (c && c != '/');
1880 return hashlen_create(end_name_hash(hash), len);
1881}
1882
1883#endif
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893static int link_path_walk(const char *name, struct nameidata *nd)
1894{
1895 int err;
1896
1897 while (*name=='/')
1898 name++;
1899 if (!*name)
1900 return 0;
1901
1902
1903 for(;;) {
1904 u64 hash_len;
1905 int type;
1906
1907 err = may_lookup(nd);
1908 if (err)
1909 return err;
1910
1911 hash_len = hash_name(name);
1912
1913 type = LAST_NORM;
1914 if (name[0] == '.') switch (hashlen_len(hash_len)) {
1915 case 2:
1916 if (name[1] == '.') {
1917 type = LAST_DOTDOT;
1918 nd->flags |= LOOKUP_JUMPED;
1919 }
1920 break;
1921 case 1:
1922 type = LAST_DOT;
1923 }
1924 if (likely(type == LAST_NORM)) {
1925 struct dentry *parent = nd->path.dentry;
1926 nd->flags &= ~LOOKUP_JUMPED;
1927 if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
1928 struct qstr this = { { .hash_len = hash_len }, .name = name };
1929 err = parent->d_op->d_hash(parent, &this);
1930 if (err < 0)
1931 return err;
1932 hash_len = this.hash_len;
1933 name = this.name;
1934 }
1935 }
1936
1937 nd->last.hash_len = hash_len;
1938 nd->last.name = name;
1939 nd->last_type = type;
1940
1941 name += hashlen_len(hash_len);
1942 if (!*name)
1943 goto OK;
1944
1945
1946
1947
1948 do {
1949 name++;
1950 } while (unlikely(*name == '/'));
1951 if (unlikely(!*name)) {
1952OK:
1953
1954 if (!nd->depth)
1955 return 0;
1956 name = nd->stack[nd->depth - 1].name;
1957
1958 if (!name)
1959 return 0;
1960
1961 err = walk_component(nd, WALK_GET | WALK_PUT);
1962 } else {
1963 err = walk_component(nd, WALK_GET);
1964 }
1965 if (err < 0)
1966 return err;
1967
1968 if (err) {
1969 const char *s = get_link(nd);
1970
1971 if (IS_ERR(s))
1972 return PTR_ERR(s);
1973 err = 0;
1974 if (unlikely(!s)) {
1975
1976 put_link(nd);
1977 } else {
1978 nd->stack[nd->depth - 1].name = name;
1979 name = s;
1980 continue;
1981 }
1982 }
1983 if (unlikely(!d_can_lookup(nd->path.dentry))) {
1984 if (nd->flags & LOOKUP_RCU) {
1985 if (unlazy_walk(nd, NULL, 0))
1986 return -ECHILD;
1987 }
1988 return -ENOTDIR;
1989 }
1990 }
1991}
1992
1993static const char *path_init(struct nameidata *nd, unsigned flags)
1994{
1995 int retval = 0;
1996 const char *s = nd->name->name;
1997
1998 nd->last_type = LAST_ROOT;
1999 nd->flags = flags | LOOKUP_JUMPED | LOOKUP_PARENT;
2000 nd->depth = 0;
2001 if (flags & LOOKUP_ROOT) {
2002 struct dentry *root = nd->root.dentry;
2003 struct inode *inode = root->d_inode;
2004 if (*s) {
2005 if (!d_can_lookup(root))
2006 return ERR_PTR(-ENOTDIR);
2007 retval = inode_permission(inode, MAY_EXEC);
2008 if (retval)
2009 return ERR_PTR(retval);
2010 }
2011 nd->path = nd->root;
2012 nd->inode = inode;
2013 if (flags & LOOKUP_RCU) {
2014 rcu_read_lock();
2015 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
2016 nd->root_seq = nd->seq;
2017 nd->m_seq = read_seqbegin(&mount_lock);
2018 } else {
2019 path_get(&nd->path);
2020 }
2021 return s;
2022 }
2023
2024 nd->root.mnt = NULL;
2025 nd->path.mnt = NULL;
2026 nd->path.dentry = NULL;
2027
2028 nd->m_seq = read_seqbegin(&mount_lock);
2029 if (*s == '/') {
2030 if (flags & LOOKUP_RCU)
2031 rcu_read_lock();
2032 set_root(nd);
2033 if (likely(!nd_jump_root(nd)))
2034 return s;
2035 nd->root.mnt = NULL;
2036 rcu_read_unlock();
2037 return ERR_PTR(-ECHILD);
2038 } else if (nd->dfd == AT_FDCWD) {
2039 if (flags & LOOKUP_RCU) {
2040 struct fs_struct *fs = current->fs;
2041 unsigned seq;
2042
2043 rcu_read_lock();
2044
2045 do {
2046 seq = read_seqcount_begin(&fs->seq);
2047 nd->path = fs->pwd;
2048 nd->inode = nd->path.dentry->d_inode;
2049 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
2050 } while (read_seqcount_retry(&fs->seq, seq));
2051 } else {
2052 get_fs_pwd(current->fs, &nd->path);
2053 nd->inode = nd->path.dentry->d_inode;
2054 }
2055 return s;
2056 } else {
2057
2058 struct fd f = fdget_raw(nd->dfd);
2059 struct dentry *dentry;
2060
2061 if (!f.file)
2062 return ERR_PTR(-EBADF);
2063
2064 dentry = f.file->f_path.dentry;
2065
2066 if (*s) {
2067 if (!d_can_lookup(dentry)) {
2068 fdput(f);
2069 return ERR_PTR(-ENOTDIR);
2070 }
2071 }
2072
2073 nd->path = f.file->f_path;
2074 if (flags & LOOKUP_RCU) {
2075 rcu_read_lock();
2076 nd->inode = nd->path.dentry->d_inode;
2077 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
2078 } else {
2079 path_get(&nd->path);
2080 nd->inode = nd->path.dentry->d_inode;
2081 }
2082 fdput(f);
2083 return s;
2084 }
2085}
2086
2087static const char *trailing_symlink(struct nameidata *nd)
2088{
2089 const char *s;
2090 int error = may_follow_link(nd);
2091 if (unlikely(error))
2092 return ERR_PTR(error);
2093 nd->flags |= LOOKUP_PARENT;
2094 nd->stack[0].name = NULL;
2095 s = get_link(nd);
2096 return s ? s : "";
2097}
2098
2099static inline int lookup_last(struct nameidata *nd)
2100{
2101 if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
2102 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
2103
2104 nd->flags &= ~LOOKUP_PARENT;
2105 return walk_component(nd,
2106 nd->flags & LOOKUP_FOLLOW
2107 ? nd->depth
2108 ? WALK_PUT | WALK_GET
2109 : WALK_GET
2110 : 0);
2111}
2112
2113
2114static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path)
2115{
2116 const char *s = path_init(nd, flags);
2117 int err;
2118
2119 if (IS_ERR(s))
2120 return PTR_ERR(s);
2121 while (!(err = link_path_walk(s, nd))
2122 && ((err = lookup_last(nd)) > 0)) {
2123 s = trailing_symlink(nd);
2124 if (IS_ERR(s)) {
2125 err = PTR_ERR(s);
2126 break;
2127 }
2128 }
2129 if (!err)
2130 err = complete_walk(nd);
2131
2132 if (!err && nd->flags & LOOKUP_DIRECTORY)
2133 if (!d_can_lookup(nd->path.dentry))
2134 err = -ENOTDIR;
2135 if (!err) {
2136 *path = nd->path;
2137 nd->path.mnt = NULL;
2138 nd->path.dentry = NULL;
2139 }
2140 terminate_walk(nd);
2141 return err;
2142}
2143
2144static int filename_lookup(int dfd, struct filename *name, unsigned flags,
2145 struct path *path, struct path *root)
2146{
2147 int retval;
2148 struct nameidata nd;
2149 if (IS_ERR(name))
2150 return PTR_ERR(name);
2151 if (unlikely(root)) {
2152 nd.root = *root;
2153 flags |= LOOKUP_ROOT;
2154 }
2155 set_nameidata(&nd, dfd, name);
2156 retval = path_lookupat(&nd, flags | LOOKUP_RCU, path);
2157 if (unlikely(retval == -ECHILD))
2158 retval = path_lookupat(&nd, flags, path);
2159 if (unlikely(retval == -ESTALE))
2160 retval = path_lookupat(&nd, flags | LOOKUP_REVAL, path);
2161
2162 if (likely(!retval))
2163 audit_inode(name, path->dentry, flags & LOOKUP_PARENT);
2164 restore_nameidata();
2165 putname(name);
2166 return retval;
2167}
2168
2169
2170static int path_parentat(struct nameidata *nd, unsigned flags,
2171 struct path *parent)
2172{
2173 const char *s = path_init(nd, flags);
2174 int err;
2175 if (IS_ERR(s))
2176 return PTR_ERR(s);
2177 err = link_path_walk(s, nd);
2178 if (!err)
2179 err = complete_walk(nd);
2180 if (!err) {
2181 *parent = nd->path;
2182 nd->path.mnt = NULL;
2183 nd->path.dentry = NULL;
2184 }
2185 terminate_walk(nd);
2186 return err;
2187}
2188
2189static struct filename *filename_parentat(int dfd, struct filename *name,
2190 unsigned int flags, struct path *parent,
2191 struct qstr *last, int *type)
2192{
2193 int retval;
2194 struct nameidata nd;
2195
2196 if (IS_ERR(name))
2197 return name;
2198 set_nameidata(&nd, dfd, name);
2199 retval = path_parentat(&nd, flags | LOOKUP_RCU, parent);
2200 if (unlikely(retval == -ECHILD))
2201 retval = path_parentat(&nd, flags, parent);
2202 if (unlikely(retval == -ESTALE))
2203 retval = path_parentat(&nd, flags | LOOKUP_REVAL, parent);
2204 if (likely(!retval)) {
2205 *last = nd.last;
2206 *type = nd.last_type;
2207 audit_inode(name, parent->dentry, LOOKUP_PARENT);
2208 } else {
2209 putname(name);
2210 name = ERR_PTR(retval);
2211 }
2212 restore_nameidata();
2213 return name;
2214}
2215
2216
2217struct dentry *kern_path_locked(const char *name, struct path *path)
2218{
2219 struct filename *filename;
2220 struct dentry *d;
2221 struct qstr last;
2222 int type;
2223
2224 filename = filename_parentat(AT_FDCWD, getname_kernel(name), 0, path,
2225 &last, &type);
2226 if (IS_ERR(filename))
2227 return ERR_CAST(filename);
2228 if (unlikely(type != LAST_NORM)) {
2229 path_put(path);
2230 putname(filename);
2231 return ERR_PTR(-EINVAL);
2232 }
2233 inode_lock_nested(path->dentry->d_inode, I_MUTEX_PARENT);
2234 d = __lookup_hash(&last, path->dentry, 0);
2235 if (IS_ERR(d)) {
2236 inode_unlock(path->dentry->d_inode);
2237 path_put(path);
2238 }
2239 putname(filename);
2240 return d;
2241}
2242
2243int kern_path(const char *name, unsigned int flags, struct path *path)
2244{
2245 return filename_lookup(AT_FDCWD, getname_kernel(name),
2246 flags, path, NULL);
2247}
2248EXPORT_SYMBOL(kern_path);
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
2259 const char *name, unsigned int flags,
2260 struct path *path)
2261{
2262 struct path root = {.mnt = mnt, .dentry = dentry};
2263
2264 return filename_lookup(AT_FDCWD, getname_kernel(name),
2265 flags , path, &root);
2266}
2267EXPORT_SYMBOL(vfs_path_lookup);
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284struct dentry *lookup_hash(const struct qstr *name, struct dentry *base)
2285{
2286 struct dentry *ret;
2287
2288 ret = lookup_dcache(name, base, 0);
2289 if (!ret)
2290 ret = lookup_slow(name, base, 0);
2291
2292 return ret;
2293}
2294EXPORT_SYMBOL(lookup_hash);
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
2308{
2309 struct qstr this;
2310 unsigned int c;
2311 int err;
2312
2313 WARN_ON_ONCE(!inode_is_locked(base->d_inode));
2314
2315 this.name = name;
2316 this.len = len;
2317 this.hash = full_name_hash(name, len);
2318 if (!len)
2319 return ERR_PTR(-EACCES);
2320
2321 if (unlikely(name[0] == '.')) {
2322 if (len < 2 || (len == 2 && name[1] == '.'))
2323 return ERR_PTR(-EACCES);
2324 }
2325
2326 while (len--) {
2327 c = *(const unsigned char *)name++;
2328 if (c == '/' || c == '\0')
2329 return ERR_PTR(-EACCES);
2330 }
2331
2332
2333
2334
2335 if (base->d_flags & DCACHE_OP_HASH) {
2336 int err = base->d_op->d_hash(base, &this);
2337 if (err < 0)
2338 return ERR_PTR(err);
2339 }
2340
2341 err = inode_permission(base->d_inode, MAY_EXEC);
2342 if (err)
2343 return ERR_PTR(err);
2344
2345 return __lookup_hash(&this, base, 0);
2346}
2347EXPORT_SYMBOL(lookup_one_len);
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361struct dentry *lookup_one_len_unlocked(const char *name,
2362 struct dentry *base, int len)
2363{
2364 struct qstr this;
2365 unsigned int c;
2366 int err;
2367
2368 this.name = name;
2369 this.len = len;
2370 this.hash = full_name_hash(name, len);
2371 if (!len)
2372 return ERR_PTR(-EACCES);
2373
2374 if (unlikely(name[0] == '.')) {
2375 if (len < 2 || (len == 2 && name[1] == '.'))
2376 return ERR_PTR(-EACCES);
2377 }
2378
2379 while (len--) {
2380 c = *(const unsigned char *)name++;
2381 if (c == '/' || c == '\0')
2382 return ERR_PTR(-EACCES);
2383 }
2384
2385
2386
2387
2388 if (base->d_flags & DCACHE_OP_HASH) {
2389 int err = base->d_op->d_hash(base, &this);
2390 if (err < 0)
2391 return ERR_PTR(err);
2392 }
2393
2394 err = inode_permission(base->d_inode, MAY_EXEC);
2395 if (err)
2396 return ERR_PTR(err);
2397
2398 return lookup_hash(&this, base);
2399}
2400EXPORT_SYMBOL(lookup_one_len_unlocked);
2401
2402int user_path_at_empty(int dfd, const char __user *name, unsigned flags,
2403 struct path *path, int *empty)
2404{
2405 return filename_lookup(dfd, getname_flags(name, flags, empty),
2406 flags, path, NULL);
2407}
2408EXPORT_SYMBOL(user_path_at_empty);
2409
2410
2411
2412
2413
2414
2415
2416static inline struct filename *
2417user_path_parent(int dfd, const char __user *path,
2418 struct path *parent,
2419 struct qstr *last,
2420 int *type,
2421 unsigned int flags)
2422{
2423
2424 return filename_parentat(dfd, getname(path), flags & LOOKUP_REVAL,
2425 parent, last, type);
2426}
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455static int
2456mountpoint_last(struct nameidata *nd, struct path *path)
2457{
2458 int error = 0;
2459 struct dentry *dentry;
2460 struct dentry *dir = nd->path.dentry;
2461
2462
2463 if (nd->flags & LOOKUP_RCU) {
2464 if (unlazy_walk(nd, NULL, 0))
2465 return -ECHILD;
2466 }
2467
2468 nd->flags &= ~LOOKUP_PARENT;
2469
2470 if (unlikely(nd->last_type != LAST_NORM)) {
2471 error = handle_dots(nd, nd->last_type);
2472 if (error)
2473 return error;
2474 dentry = dget(nd->path.dentry);
2475 } else {
2476 dentry = d_lookup(dir, &nd->last);
2477 if (!dentry) {
2478
2479
2480
2481
2482
2483
2484 dentry = lookup_slow(&nd->last, dir,
2485 nd->flags | LOOKUP_NO_REVAL);
2486 if (IS_ERR(dentry))
2487 return PTR_ERR(dentry);
2488 }
2489 }
2490 if (d_is_negative(dentry)) {
2491 dput(dentry);
2492 return -ENOENT;
2493 }
2494 if (nd->depth)
2495 put_link(nd);
2496 path->dentry = dentry;
2497 path->mnt = nd->path.mnt;
2498 error = should_follow_link(nd, path, nd->flags & LOOKUP_FOLLOW,
2499 d_backing_inode(dentry), 0);
2500 if (unlikely(error))
2501 return error;
2502 mntget(path->mnt);
2503 follow_mount(path);
2504 return 0;
2505}
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516static int
2517path_mountpoint(struct nameidata *nd, unsigned flags, struct path *path)
2518{
2519 const char *s = path_init(nd, flags);
2520 int err;
2521 if (IS_ERR(s))
2522 return PTR_ERR(s);
2523 while (!(err = link_path_walk(s, nd)) &&
2524 (err = mountpoint_last(nd, path)) > 0) {
2525 s = trailing_symlink(nd);
2526 if (IS_ERR(s)) {
2527 err = PTR_ERR(s);
2528 break;
2529 }
2530 }
2531 terminate_walk(nd);
2532 return err;
2533}
2534
2535static int
2536filename_mountpoint(int dfd, struct filename *name, struct path *path,
2537 unsigned int flags)
2538{
2539 struct nameidata nd;
2540 int error;
2541 if (IS_ERR(name))
2542 return PTR_ERR(name);
2543 set_nameidata(&nd, dfd, name);
2544 error = path_mountpoint(&nd, flags | LOOKUP_RCU, path);
2545 if (unlikely(error == -ECHILD))
2546 error = path_mountpoint(&nd, flags, path);
2547 if (unlikely(error == -ESTALE))
2548 error = path_mountpoint(&nd, flags | LOOKUP_REVAL, path);
2549 if (likely(!error))
2550 audit_inode(name, path->dentry, 0);
2551 restore_nameidata();
2552 putname(name);
2553 return error;
2554}
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570int
2571user_path_mountpoint_at(int dfd, const char __user *name, unsigned int flags,
2572 struct path *path)
2573{
2574 return filename_mountpoint(dfd, getname(name), path, flags);
2575}
2576
2577int
2578kern_path_mountpoint(int dfd, const char *name, struct path *path,
2579 unsigned int flags)
2580{
2581 return filename_mountpoint(dfd, getname_kernel(name), path, flags);
2582}
2583EXPORT_SYMBOL(kern_path_mountpoint);
2584
2585int __check_sticky(struct inode *dir, struct inode *inode)
2586{
2587 kuid_t fsuid = current_fsuid();
2588
2589 if (uid_eq(inode->i_uid, fsuid))
2590 return 0;
2591 if (uid_eq(dir->i_uid, fsuid))
2592 return 0;
2593 return !capable_wrt_inode_uidgid(inode, CAP_FOWNER);
2594}
2595EXPORT_SYMBOL(__check_sticky);
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
2617{
2618 struct inode *inode = d_backing_inode(victim);
2619 int error;
2620
2621 if (d_is_negative(victim))
2622 return -ENOENT;
2623 BUG_ON(!inode);
2624
2625 BUG_ON(victim->d_parent->d_inode != dir);
2626 audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE);
2627
2628 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
2629 if (error)
2630 return error;
2631 if (IS_APPEND(dir))
2632 return -EPERM;
2633
2634 if (check_sticky(dir, inode) || IS_APPEND(inode) ||
2635 IS_IMMUTABLE(inode) || IS_SWAPFILE(inode))
2636 return -EPERM;
2637 if (isdir) {
2638 if (!d_is_dir(victim))
2639 return -ENOTDIR;
2640 if (IS_ROOT(victim))
2641 return -EBUSY;
2642 } else if (d_is_dir(victim))
2643 return -EISDIR;
2644 if (IS_DEADDIR(dir))
2645 return -ENOENT;
2646 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
2647 return -EBUSY;
2648 return 0;
2649}
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659static inline int may_create(struct inode *dir, struct dentry *child)
2660{
2661 audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);
2662 if (child->d_inode)
2663 return -EEXIST;
2664 if (IS_DEADDIR(dir))
2665 return -ENOENT;
2666 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
2667}
2668
2669
2670
2671
2672struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
2673{
2674 struct dentry *p;
2675
2676 if (p1 == p2) {
2677 inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2678 return NULL;
2679 }
2680
2681 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
2682
2683 p = d_ancestor(p2, p1);
2684 if (p) {
2685 inode_lock_nested(p2->d_inode, I_MUTEX_PARENT);
2686 inode_lock_nested(p1->d_inode, I_MUTEX_CHILD);
2687 return p;
2688 }
2689
2690 p = d_ancestor(p1, p2);
2691 if (p) {
2692 inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2693 inode_lock_nested(p2->d_inode, I_MUTEX_CHILD);
2694 return p;
2695 }
2696
2697 inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2698 inode_lock_nested(p2->d_inode, I_MUTEX_PARENT2);
2699 return NULL;
2700}
2701EXPORT_SYMBOL(lock_rename);
2702
2703void unlock_rename(struct dentry *p1, struct dentry *p2)
2704{
2705 inode_unlock(p1->d_inode);
2706 if (p1 != p2) {
2707 inode_unlock(p2->d_inode);
2708 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
2709 }
2710}
2711EXPORT_SYMBOL(unlock_rename);
2712
2713int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
2714 bool want_excl)
2715{
2716 int error = may_create(dir, dentry);
2717 if (error)
2718 return error;
2719
2720 if (!dir->i_op->create)
2721 return -EACCES;
2722 mode &= S_IALLUGO;
2723 mode |= S_IFREG;
2724 error = security_inode_create(dir, dentry, mode);
2725 if (error)
2726 return error;
2727 error = dir->i_op->create(dir, dentry, mode, want_excl);
2728 if (!error)
2729 fsnotify_create(dir, dentry);
2730 return error;
2731}
2732EXPORT_SYMBOL(vfs_create);
2733
2734static int may_open(struct path *path, int acc_mode, int flag)
2735{
2736 struct dentry *dentry = path->dentry;
2737 struct inode *inode = dentry->d_inode;
2738 int error;
2739
2740 if (!inode)
2741 return -ENOENT;
2742
2743 switch (inode->i_mode & S_IFMT) {
2744 case S_IFLNK:
2745 return -ELOOP;
2746 case S_IFDIR:
2747 if (acc_mode & MAY_WRITE)
2748 return -EISDIR;
2749 break;
2750 case S_IFBLK:
2751 case S_IFCHR:
2752 if (path->mnt->mnt_flags & MNT_NODEV)
2753 return -EACCES;
2754
2755 case S_IFIFO:
2756 case S_IFSOCK:
2757 flag &= ~O_TRUNC;
2758 break;
2759 }
2760
2761 error = inode_permission(inode, MAY_OPEN | acc_mode);
2762 if (error)
2763 return error;
2764
2765
2766
2767
2768 if (IS_APPEND(inode)) {
2769 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
2770 return -EPERM;
2771 if (flag & O_TRUNC)
2772 return -EPERM;
2773 }
2774
2775
2776 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
2777 return -EPERM;
2778
2779 return 0;
2780}
2781
2782static int handle_truncate(struct file *filp)
2783{
2784 struct path *path = &filp->f_path;
2785 struct inode *inode = path->dentry->d_inode;
2786 int error = get_write_access(inode);
2787 if (error)
2788 return error;
2789
2790
2791
2792 error = locks_verify_locked(filp);
2793 if (!error)
2794 error = security_path_truncate(path);
2795 if (!error) {
2796 error = do_truncate(path->dentry, 0,
2797 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
2798 filp);
2799 }
2800 put_write_access(inode);
2801 return error;
2802}
2803
2804static inline int open_to_namei_flags(int flag)
2805{
2806 if ((flag & O_ACCMODE) == 3)
2807 flag--;
2808 return flag;
2809}
2810
2811static int may_o_create(struct path *dir, struct dentry *dentry, umode_t mode)
2812{
2813 int error = security_path_mknod(dir, dentry, mode, 0);
2814 if (error)
2815 return error;
2816
2817 error = inode_permission(dir->dentry->d_inode, MAY_WRITE | MAY_EXEC);
2818 if (error)
2819 return error;
2820
2821 return security_inode_create(dir->dentry->d_inode, dentry, mode);
2822}
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837static int atomic_open(struct nameidata *nd, struct dentry *dentry,
2838 struct path *path, struct file *file,
2839 const struct open_flags *op,
2840 bool got_write, bool need_lookup,
2841 int *opened)
2842{
2843 struct inode *dir = nd->path.dentry->d_inode;
2844 unsigned open_flag = open_to_namei_flags(op->open_flag);
2845 umode_t mode;
2846 int error;
2847 int acc_mode;
2848 int create_error = 0;
2849 struct dentry *const DENTRY_NOT_SET = (void *) -1UL;
2850 bool excl;
2851
2852 BUG_ON(dentry->d_inode);
2853
2854
2855 if (unlikely(IS_DEADDIR(dir))) {
2856 error = -ENOENT;
2857 goto out;
2858 }
2859
2860 mode = op->mode;
2861 if ((open_flag & O_CREAT) && !IS_POSIXACL(dir))
2862 mode &= ~current_umask();
2863
2864 excl = (open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT);
2865 if (excl)
2866 open_flag &= ~O_TRUNC;
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877 if (((open_flag & (O_CREAT | O_TRUNC)) ||
2878 (open_flag & O_ACCMODE) != O_RDONLY) && unlikely(!got_write)) {
2879 if (!(open_flag & O_CREAT)) {
2880
2881
2882
2883
2884 goto no_open;
2885 } else if (open_flag & (O_EXCL | O_TRUNC)) {
2886
2887 create_error = -EROFS;
2888 goto no_open;
2889 } else {
2890
2891 create_error = -EROFS;
2892 open_flag &= ~O_CREAT;
2893 }
2894 }
2895
2896 if (open_flag & O_CREAT) {
2897 error = may_o_create(&nd->path, dentry, mode);
2898 if (error) {
2899 create_error = error;
2900 if (open_flag & O_EXCL)
2901 goto no_open;
2902 open_flag &= ~O_CREAT;
2903 }
2904 }
2905
2906 if (nd->flags & LOOKUP_DIRECTORY)
2907 open_flag |= O_DIRECTORY;
2908
2909 file->f_path.dentry = DENTRY_NOT_SET;
2910 file->f_path.mnt = nd->path.mnt;
2911 error = dir->i_op->atomic_open(dir, dentry, file, open_flag, mode,
2912 opened);
2913 if (error < 0) {
2914 if (create_error && error == -ENOENT)
2915 error = create_error;
2916 goto out;
2917 }
2918
2919 if (error) {
2920 if (WARN_ON(file->f_path.dentry == DENTRY_NOT_SET)) {
2921 error = -EIO;
2922 goto out;
2923 }
2924 if (file->f_path.dentry) {
2925 dput(dentry);
2926 dentry = file->f_path.dentry;
2927 }
2928 if (*opened & FILE_CREATED)
2929 fsnotify_create(dir, dentry);
2930 if (!dentry->d_inode) {
2931 WARN_ON(*opened & FILE_CREATED);
2932 if (create_error) {
2933 error = create_error;
2934 goto out;
2935 }
2936 } else {
2937 if (excl && !(*opened & FILE_CREATED)) {
2938 error = -EEXIST;
2939 goto out;
2940 }
2941 }
2942 goto looked_up;
2943 }
2944
2945
2946
2947
2948
2949 acc_mode = op->acc_mode;
2950 if (*opened & FILE_CREATED) {
2951 WARN_ON(!(open_flag & O_CREAT));
2952 fsnotify_create(dir, dentry);
2953 acc_mode = 0;
2954 }
2955 error = may_open(&file->f_path, acc_mode, open_flag);
2956 if (error)
2957 fput(file);
2958
2959out:
2960 dput(dentry);
2961 return error;
2962
2963no_open:
2964 if (need_lookup) {
2965 dentry = lookup_real(dir, dentry, nd->flags);
2966 if (IS_ERR(dentry))
2967 return PTR_ERR(dentry);
2968 }
2969 if (create_error && !dentry->d_inode) {
2970 error = create_error;
2971 goto out;
2972 }
2973looked_up:
2974 path->dentry = dentry;
2975 path->mnt = nd->path.mnt;
2976 return 1;
2977}
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997static int lookup_open(struct nameidata *nd, struct path *path,
2998 struct file *file,
2999 const struct open_flags *op,
3000 bool got_write, int *opened)
3001{
3002 struct dentry *dir = nd->path.dentry;
3003 struct inode *dir_inode = dir->d_inode;
3004 struct dentry *dentry;
3005 int error;
3006 bool need_lookup = false;
3007
3008 *opened &= ~FILE_CREATED;
3009 dentry = lookup_dcache(&nd->last, dir, nd->flags);
3010 if (IS_ERR(dentry))
3011 return PTR_ERR(dentry);
3012
3013 if (!dentry) {
3014 dentry = d_alloc(dir, &nd->last);
3015 if (unlikely(!dentry))
3016 return -ENOMEM;
3017 need_lookup = true;
3018 } else if (dentry->d_inode) {
3019
3020 goto out_no_open;
3021 }
3022
3023 if ((nd->flags & LOOKUP_OPEN) && dir_inode->i_op->atomic_open) {
3024 return atomic_open(nd, dentry, path, file, op, got_write,
3025 need_lookup, opened);
3026 }
3027
3028 if (need_lookup) {
3029 BUG_ON(dentry->d_inode);
3030
3031 dentry = lookup_real(dir_inode, dentry, nd->flags);
3032 if (IS_ERR(dentry))
3033 return PTR_ERR(dentry);
3034 }
3035
3036
3037 if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
3038 umode_t mode = op->mode;
3039 if (!IS_POSIXACL(dir->d_inode))
3040 mode &= ~current_umask();
3041
3042
3043
3044
3045
3046
3047
3048 if (!got_write) {
3049 error = -EROFS;
3050 goto out_dput;
3051 }
3052 *opened |= FILE_CREATED;
3053 error = security_path_mknod(&nd->path, dentry, mode, 0);
3054 if (error)
3055 goto out_dput;
3056 error = vfs_create(dir->d_inode, dentry, mode,
3057 nd->flags & LOOKUP_EXCL);
3058 if (error)
3059 goto out_dput;
3060 }
3061out_no_open:
3062 path->dentry = dentry;
3063 path->mnt = nd->path.mnt;
3064 return 1;
3065
3066out_dput:
3067 dput(dentry);
3068 return error;
3069}
3070
3071
3072
3073
3074static int do_last(struct nameidata *nd,
3075 struct file *file, const struct open_flags *op,
3076 int *opened)
3077{
3078 struct dentry *dir = nd->path.dentry;
3079 int open_flag = op->open_flag;
3080 bool will_truncate = (open_flag & O_TRUNC) != 0;
3081 bool got_write = false;
3082 int acc_mode = op->acc_mode;
3083 unsigned seq;
3084 struct inode *inode;
3085 struct path save_parent = { .dentry = NULL, .mnt = NULL };
3086 struct path path;
3087 bool retried = false;
3088 int error;
3089
3090 nd->flags &= ~LOOKUP_PARENT;
3091 nd->flags |= op->intent;
3092
3093 if (nd->last_type != LAST_NORM) {
3094 error = handle_dots(nd, nd->last_type);
3095 if (unlikely(error))
3096 return error;
3097 goto finish_open;
3098 }
3099
3100 if (!(open_flag & O_CREAT)) {
3101 if (nd->last.name[nd->last.len])
3102 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
3103
3104 error = lookup_fast(nd, &path, &inode, &seq);
3105 if (likely(error > 0))
3106 goto finish_lookup;
3107
3108 if (error < 0)
3109 return error;
3110
3111 BUG_ON(nd->inode != dir->d_inode);
3112 BUG_ON(nd->flags & LOOKUP_RCU);
3113 } else {
3114
3115
3116
3117
3118
3119
3120 error = complete_walk(nd);
3121 if (error)
3122 return error;
3123
3124 audit_inode(nd->name, dir, LOOKUP_PARENT);
3125
3126 if (unlikely(nd->last.name[nd->last.len]))
3127 return -EISDIR;
3128 }
3129
3130retry_lookup:
3131 if (op->open_flag & (O_CREAT | O_TRUNC | O_WRONLY | O_RDWR)) {
3132 error = mnt_want_write(nd->path.mnt);
3133 if (!error)
3134 got_write = true;
3135
3136
3137
3138
3139
3140 }
3141 inode_lock(dir->d_inode);
3142 error = lookup_open(nd, &path, file, op, got_write, opened);
3143 inode_unlock(dir->d_inode);
3144
3145 if (error <= 0) {
3146 if (error)
3147 goto out;
3148
3149 if ((*opened & FILE_CREATED) ||
3150 !S_ISREG(file_inode(file)->i_mode))
3151 will_truncate = false;
3152
3153 audit_inode(nd->name, file->f_path.dentry, 0);
3154 goto opened;
3155 }
3156
3157 if (*opened & FILE_CREATED) {
3158
3159 open_flag &= ~O_TRUNC;
3160 will_truncate = false;
3161 acc_mode = 0;
3162 path_to_nameidata(&path, nd);
3163 goto finish_open_created;
3164 }
3165
3166
3167
3168
3169
3170
3171 if (got_write) {
3172 mnt_drop_write(nd->path.mnt);
3173 got_write = false;
3174 }
3175
3176 if (unlikely(d_is_negative(path.dentry))) {
3177 path_to_nameidata(&path, nd);
3178 return -ENOENT;
3179 }
3180
3181
3182
3183
3184 audit_inode(nd->name, path.dentry, 0);
3185
3186 if (unlikely((open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT))) {
3187 path_to_nameidata(&path, nd);
3188 return -EEXIST;
3189 }
3190
3191 error = follow_managed(&path, nd);
3192 if (unlikely(error < 0))
3193 return error;
3194
3195 seq = 0;
3196 inode = d_backing_inode(path.dentry);
3197finish_lookup:
3198 if (nd->depth)
3199 put_link(nd);
3200 error = should_follow_link(nd, &path, nd->flags & LOOKUP_FOLLOW,
3201 inode, seq);
3202 if (unlikely(error))
3203 return error;
3204
3205 if ((nd->flags & LOOKUP_RCU) || nd->path.mnt != path.mnt) {
3206 path_to_nameidata(&path, nd);
3207 } else {
3208 save_parent.dentry = nd->path.dentry;
3209 save_parent.mnt = mntget(path.mnt);
3210 nd->path.dentry = path.dentry;
3211
3212 }
3213 nd->inode = inode;
3214 nd->seq = seq;
3215
3216finish_open:
3217 error = complete_walk(nd);
3218 if (error) {
3219 path_put(&save_parent);
3220 return error;
3221 }
3222 audit_inode(nd->name, nd->path.dentry, 0);
3223 if (unlikely(d_is_symlink(nd->path.dentry)) && !(open_flag & O_PATH)) {
3224 error = -ELOOP;
3225 goto out;
3226 }
3227 error = -EISDIR;
3228 if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry))
3229 goto out;
3230 error = -ENOTDIR;
3231 if ((nd->flags & LOOKUP_DIRECTORY) && !d_can_lookup(nd->path.dentry))
3232 goto out;
3233 if (!d_is_reg(nd->path.dentry))
3234 will_truncate = false;
3235
3236 if (will_truncate) {
3237 error = mnt_want_write(nd->path.mnt);
3238 if (error)
3239 goto out;
3240 got_write = true;
3241 }
3242finish_open_created:
3243 if (likely(!(open_flag & O_PATH))) {
3244 error = may_open(&nd->path, acc_mode, open_flag);
3245 if (error)
3246 goto out;
3247 }
3248 BUG_ON(*opened & FILE_OPENED);
3249 error = vfs_open(&nd->path, file, current_cred());
3250 if (!error) {
3251 *opened |= FILE_OPENED;
3252 } else {
3253 if (error == -EOPENSTALE)
3254 goto stale_open;
3255 goto out;
3256 }
3257opened:
3258 error = open_check_o_direct(file);
3259 if (error)
3260 goto exit_fput;
3261 error = ima_file_check(file, op->acc_mode, *opened);
3262 if (error)
3263 goto exit_fput;
3264
3265 if (will_truncate) {
3266 error = handle_truncate(file);
3267 if (error)
3268 goto exit_fput;
3269 }
3270out:
3271 if (unlikely(error > 0)) {
3272 WARN_ON(1);
3273 error = -EINVAL;
3274 }
3275 if (got_write)
3276 mnt_drop_write(nd->path.mnt);
3277 path_put(&save_parent);
3278 return error;
3279
3280exit_fput:
3281 fput(file);
3282 goto out;
3283
3284stale_open:
3285
3286 if (!save_parent.dentry || retried)
3287 goto out;
3288
3289 BUG_ON(save_parent.dentry != dir);
3290 path_put(&nd->path);
3291 nd->path = save_parent;
3292 nd->inode = dir->d_inode;
3293 save_parent.mnt = NULL;
3294 save_parent.dentry = NULL;
3295 if (got_write) {
3296 mnt_drop_write(nd->path.mnt);
3297 got_write = false;
3298 }
3299 retried = true;
3300 goto retry_lookup;
3301}
3302
3303static int do_tmpfile(struct nameidata *nd, unsigned flags,
3304 const struct open_flags *op,
3305 struct file *file, int *opened)
3306{
3307 static const struct qstr name = QSTR_INIT("/", 1);
3308 struct dentry *child;
3309 struct inode *dir;
3310 struct path path;
3311 int error = path_lookupat(nd, flags | LOOKUP_DIRECTORY, &path);
3312 if (unlikely(error))
3313 return error;
3314 error = mnt_want_write(path.mnt);
3315 if (unlikely(error))
3316 goto out;
3317 dir = path.dentry->d_inode;
3318
3319 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
3320 if (error)
3321 goto out2;
3322 if (!dir->i_op->tmpfile) {
3323 error = -EOPNOTSUPP;
3324 goto out2;
3325 }
3326 child = d_alloc(path.dentry, &name);
3327 if (unlikely(!child)) {
3328 error = -ENOMEM;
3329 goto out2;
3330 }
3331 dput(path.dentry);
3332 path.dentry = child;
3333 error = dir->i_op->tmpfile(dir, child, op->mode);
3334 if (error)
3335 goto out2;
3336 audit_inode(nd->name, child, 0);
3337
3338 error = may_open(&path, 0, op->open_flag);
3339 if (error)
3340 goto out2;
3341 file->f_path.mnt = path.mnt;
3342 error = finish_open(file, child, NULL, opened);
3343 if (error)
3344 goto out2;
3345 error = open_check_o_direct(file);
3346 if (error) {
3347 fput(file);
3348 } else if (!(op->open_flag & O_EXCL)) {
3349 struct inode *inode = file_inode(file);
3350 spin_lock(&inode->i_lock);
3351 inode->i_state |= I_LINKABLE;
3352 spin_unlock(&inode->i_lock);
3353 }
3354out2:
3355 mnt_drop_write(path.mnt);
3356out:
3357 path_put(&path);
3358 return error;
3359}
3360
3361static struct file *path_openat(struct nameidata *nd,
3362 const struct open_flags *op, unsigned flags)
3363{
3364 const char *s;
3365 struct file *file;
3366 int opened = 0;
3367 int error;
3368
3369 file = get_empty_filp();
3370 if (IS_ERR(file))
3371 return file;
3372
3373 file->f_flags = op->open_flag;
3374
3375 if (unlikely(file->f_flags & __O_TMPFILE)) {
3376 error = do_tmpfile(nd, flags, op, file, &opened);
3377 goto out2;
3378 }
3379
3380 s = path_init(nd, flags);
3381 if (IS_ERR(s)) {
3382 put_filp(file);
3383 return ERR_CAST(s);
3384 }
3385 while (!(error = link_path_walk(s, nd)) &&
3386 (error = do_last(nd, file, op, &opened)) > 0) {
3387 nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL);
3388 s = trailing_symlink(nd);
3389 if (IS_ERR(s)) {
3390 error = PTR_ERR(s);
3391 break;
3392 }
3393 }
3394 terminate_walk(nd);
3395out2:
3396 if (!(opened & FILE_OPENED)) {
3397 BUG_ON(!error);
3398 put_filp(file);
3399 }
3400 if (unlikely(error)) {
3401 if (error == -EOPENSTALE) {
3402 if (flags & LOOKUP_RCU)
3403 error = -ECHILD;
3404 else
3405 error = -ESTALE;
3406 }
3407 file = ERR_PTR(error);
3408 }
3409 return file;
3410}
3411
3412struct file *do_filp_open(int dfd, struct filename *pathname,
3413 const struct open_flags *op)
3414{
3415 struct nameidata nd;
3416 int flags = op->lookup_flags;
3417 struct file *filp;
3418
3419 set_nameidata(&nd, dfd, pathname);
3420 filp = path_openat(&nd, op, flags | LOOKUP_RCU);
3421 if (unlikely(filp == ERR_PTR(-ECHILD)))
3422 filp = path_openat(&nd, op, flags);
3423 if (unlikely(filp == ERR_PTR(-ESTALE)))
3424 filp = path_openat(&nd, op, flags | LOOKUP_REVAL);
3425 restore_nameidata();
3426 return filp;
3427}
3428
3429struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt,
3430 const char *name, const struct open_flags *op)
3431{
3432 struct nameidata nd;
3433 struct file *file;
3434 struct filename *filename;
3435 int flags = op->lookup_flags | LOOKUP_ROOT;
3436
3437 nd.root.mnt = mnt;
3438 nd.root.dentry = dentry;
3439
3440 if (d_is_symlink(dentry) && op->intent & LOOKUP_OPEN)
3441 return ERR_PTR(-ELOOP);
3442
3443 filename = getname_kernel(name);
3444 if (IS_ERR(filename))
3445 return ERR_CAST(filename);
3446
3447 set_nameidata(&nd, -1, filename);
3448 file = path_openat(&nd, op, flags | LOOKUP_RCU);
3449 if (unlikely(file == ERR_PTR(-ECHILD)))
3450 file = path_openat(&nd, op, flags);
3451 if (unlikely(file == ERR_PTR(-ESTALE)))
3452 file = path_openat(&nd, op, flags | LOOKUP_REVAL);
3453 restore_nameidata();
3454 putname(filename);
3455 return file;
3456}
3457
3458static struct dentry *filename_create(int dfd, struct filename *name,
3459 struct path *path, unsigned int lookup_flags)
3460{
3461 struct dentry *dentry = ERR_PTR(-EEXIST);
3462 struct qstr last;
3463 int type;
3464 int err2;
3465 int error;
3466 bool is_dir = (lookup_flags & LOOKUP_DIRECTORY);
3467
3468
3469
3470
3471
3472 lookup_flags &= LOOKUP_REVAL;
3473
3474 name = filename_parentat(dfd, name, lookup_flags, path, &last, &type);
3475 if (IS_ERR(name))
3476 return ERR_CAST(name);
3477
3478
3479
3480
3481
3482 if (unlikely(type != LAST_NORM))
3483 goto out;
3484
3485
3486 err2 = mnt_want_write(path->mnt);
3487
3488
3489
3490 lookup_flags |= LOOKUP_CREATE | LOOKUP_EXCL;
3491 inode_lock_nested(path->dentry->d_inode, I_MUTEX_PARENT);
3492 dentry = __lookup_hash(&last, path->dentry, lookup_flags);
3493 if (IS_ERR(dentry))
3494 goto unlock;
3495
3496 error = -EEXIST;
3497 if (d_is_positive(dentry))
3498 goto fail;
3499
3500
3501
3502
3503
3504
3505
3506 if (unlikely(!is_dir && last.name[last.len])) {
3507 error = -ENOENT;
3508 goto fail;
3509 }
3510 if (unlikely(err2)) {
3511 error = err2;
3512 goto fail;
3513 }
3514 putname(name);
3515 return dentry;
3516fail:
3517 dput(dentry);
3518 dentry = ERR_PTR(error);
3519unlock:
3520 inode_unlock(path->dentry->d_inode);
3521 if (!err2)
3522 mnt_drop_write(path->mnt);
3523out:
3524 path_put(path);
3525 putname(name);
3526 return dentry;
3527}
3528
3529struct dentry *kern_path_create(int dfd, const char *pathname,
3530 struct path *path, unsigned int lookup_flags)
3531{
3532 return filename_create(dfd, getname_kernel(pathname),
3533 path, lookup_flags);
3534}
3535EXPORT_SYMBOL(kern_path_create);
3536
3537void done_path_create(struct path *path, struct dentry *dentry)
3538{
3539 dput(dentry);
3540 inode_unlock(path->dentry->d_inode);
3541 mnt_drop_write(path->mnt);
3542 path_put(path);
3543}
3544EXPORT_SYMBOL(done_path_create);
3545
3546inline struct dentry *user_path_create(int dfd, const char __user *pathname,
3547 struct path *path, unsigned int lookup_flags)
3548{
3549 return filename_create(dfd, getname(pathname), path, lookup_flags);
3550}
3551EXPORT_SYMBOL(user_path_create);
3552
3553int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
3554{
3555 int error = may_create(dir, dentry);
3556
3557 if (error)
3558 return error;
3559
3560 if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
3561 return -EPERM;
3562
3563 if (!dir->i_op->mknod)
3564 return -EPERM;
3565
3566 error = devcgroup_inode_mknod(mode, dev);
3567 if (error)
3568 return error;
3569
3570 error = security_inode_mknod(dir, dentry, mode, dev);
3571 if (error)
3572 return error;
3573
3574 error = dir->i_op->mknod(dir, dentry, mode, dev);
3575 if (!error)
3576 fsnotify_create(dir, dentry);
3577 return error;
3578}
3579EXPORT_SYMBOL(vfs_mknod);
3580
3581static int may_mknod(umode_t mode)
3582{
3583 switch (mode & S_IFMT) {
3584 case S_IFREG:
3585 case S_IFCHR:
3586 case S_IFBLK:
3587 case S_IFIFO:
3588 case S_IFSOCK:
3589 case 0:
3590 return 0;
3591 case S_IFDIR:
3592 return -EPERM;
3593 default:
3594 return -EINVAL;
3595 }
3596}
3597
3598SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
3599 unsigned, dev)
3600{
3601 struct dentry *dentry;
3602 struct path path;
3603 int error;
3604 unsigned int lookup_flags = 0;
3605
3606 error = may_mknod(mode);
3607 if (error)
3608 return error;
3609retry:
3610 dentry = user_path_create(dfd, filename, &path, lookup_flags);
3611 if (IS_ERR(dentry))
3612 return PTR_ERR(dentry);
3613
3614 if (!IS_POSIXACL(path.dentry->d_inode))
3615 mode &= ~current_umask();
3616 error = security_path_mknod(&path, dentry, mode, dev);
3617 if (error)
3618 goto out;
3619 switch (mode & S_IFMT) {
3620 case 0: case S_IFREG:
3621 error = vfs_create(path.dentry->d_inode,dentry,mode,true);
3622 break;
3623 case S_IFCHR: case S_IFBLK:
3624 error = vfs_mknod(path.dentry->d_inode,dentry,mode,
3625 new_decode_dev(dev));
3626 break;
3627 case S_IFIFO: case S_IFSOCK:
3628 error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
3629 break;
3630 }
3631out:
3632 done_path_create(&path, dentry);
3633 if (retry_estale(error, lookup_flags)) {
3634 lookup_flags |= LOOKUP_REVAL;
3635 goto retry;
3636 }
3637 return error;
3638}
3639
3640SYSCALL_DEFINE3(mknod, const char __user *, filename, umode_t, mode, unsigned, dev)
3641{
3642 return sys_mknodat(AT_FDCWD, filename, mode, dev);
3643}
3644
3645int vfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
3646{
3647 int error = may_create(dir, dentry);
3648 unsigned max_links = dir->i_sb->s_max_links;
3649
3650 if (error)
3651 return error;
3652
3653 if (!dir->i_op->mkdir)
3654 return -EPERM;
3655
3656 mode &= (S_IRWXUGO|S_ISVTX);
3657 error = security_inode_mkdir(dir, dentry, mode);
3658 if (error)
3659 return error;
3660
3661 if (max_links && dir->i_nlink >= max_links)
3662 return -EMLINK;
3663
3664 error = dir->i_op->mkdir(dir, dentry, mode);
3665 if (!error)
3666 fsnotify_mkdir(dir, dentry);
3667 return error;
3668}
3669EXPORT_SYMBOL(vfs_mkdir);
3670
3671SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode)
3672{
3673 struct dentry *dentry;
3674 struct path path;
3675 int error;
3676 unsigned int lookup_flags = LOOKUP_DIRECTORY;
3677
3678retry:
3679 dentry = user_path_create(dfd, pathname, &path, lookup_flags);
3680 if (IS_ERR(dentry))
3681 return PTR_ERR(dentry);
3682
3683 if (!IS_POSIXACL(path.dentry->d_inode))
3684 mode &= ~current_umask();
3685 error = security_path_mkdir(&path, dentry, mode);
3686 if (!error)
3687 error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
3688 done_path_create(&path, dentry);
3689 if (retry_estale(error, lookup_flags)) {
3690 lookup_flags |= LOOKUP_REVAL;
3691 goto retry;
3692 }
3693 return error;
3694}
3695
3696SYSCALL_DEFINE2(mkdir, const char __user *, pathname, umode_t, mode)
3697{
3698 return sys_mkdirat(AT_FDCWD, pathname, mode);
3699}
3700
3701int vfs_rmdir(struct inode *dir, struct dentry *dentry)
3702{
3703 int error = may_delete(dir, dentry, 1);
3704
3705 if (error)
3706 return error;
3707
3708 if (!dir->i_op->rmdir)
3709 return -EPERM;
3710
3711 dget(dentry);
3712 inode_lock(dentry->d_inode);
3713
3714 error = -EBUSY;
3715 if (is_local_mountpoint(dentry))
3716 goto out;
3717
3718 error = security_inode_rmdir(dir, dentry);
3719 if (error)
3720 goto out;
3721
3722 shrink_dcache_parent(dentry);
3723 error = dir->i_op->rmdir(dir, dentry);
3724 if (error)
3725 goto out;
3726
3727 dentry->d_inode->i_flags |= S_DEAD;
3728 dont_mount(dentry);
3729 detach_mounts(dentry);
3730
3731out:
3732 inode_unlock(dentry->d_inode);
3733 dput(dentry);
3734 if (!error)
3735 d_delete(dentry);
3736 return error;
3737}
3738EXPORT_SYMBOL(vfs_rmdir);
3739
3740static long do_rmdir(int dfd, const char __user *pathname)
3741{
3742 int error = 0;
3743 struct filename *name;
3744 struct dentry *dentry;
3745 struct path path;
3746 struct qstr last;
3747 int type;
3748 unsigned int lookup_flags = 0;
3749retry:
3750 name = user_path_parent(dfd, pathname,
3751 &path, &last, &type, lookup_flags);
3752 if (IS_ERR(name))
3753 return PTR_ERR(name);
3754
3755 switch (type) {
3756 case LAST_DOTDOT:
3757 error = -ENOTEMPTY;
3758 goto exit1;
3759 case LAST_DOT:
3760 error = -EINVAL;
3761 goto exit1;
3762 case LAST_ROOT:
3763 error = -EBUSY;
3764 goto exit1;
3765 }
3766
3767 error = mnt_want_write(path.mnt);
3768 if (error)
3769 goto exit1;
3770
3771 inode_lock_nested(path.dentry->d_inode, I_MUTEX_PARENT);
3772 dentry = __lookup_hash(&last, path.dentry, lookup_flags);
3773 error = PTR_ERR(dentry);
3774 if (IS_ERR(dentry))
3775 goto exit2;
3776 if (!dentry->d_inode) {
3777 error = -ENOENT;
3778 goto exit3;
3779 }
3780 error = security_path_rmdir(&path, dentry);
3781 if (error)
3782 goto exit3;
3783 error = vfs_rmdir(path.dentry->d_inode, dentry);
3784exit3:
3785 dput(dentry);
3786exit2:
3787 inode_unlock(path.dentry->d_inode);
3788 mnt_drop_write(path.mnt);
3789exit1:
3790 path_put(&path);
3791 putname(name);
3792 if (retry_estale(error, lookup_flags)) {
3793 lookup_flags |= LOOKUP_REVAL;
3794 goto retry;
3795 }
3796 return error;
3797}
3798
3799SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
3800{
3801 return do_rmdir(AT_FDCWD, pathname);
3802}
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822int vfs_unlink(struct inode *dir, struct dentry *dentry, struct inode **delegated_inode)
3823{
3824 struct inode *target = dentry->d_inode;
3825 int error = may_delete(dir, dentry, 0);
3826
3827 if (error)
3828 return error;
3829
3830 if (!dir->i_op->unlink)
3831 return -EPERM;
3832
3833 inode_lock(target);
3834 if (is_local_mountpoint(dentry))
3835 error = -EBUSY;
3836 else {
3837 error = security_inode_unlink(dir, dentry);
3838 if (!error) {
3839 error = try_break_deleg(target, delegated_inode);
3840 if (error)
3841 goto out;
3842 error = dir->i_op->unlink(dir, dentry);
3843 if (!error) {
3844 dont_mount(dentry);
3845 detach_mounts(dentry);
3846 }
3847 }
3848 }
3849out:
3850 inode_unlock(target);
3851
3852
3853 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
3854 fsnotify_link_count(target);
3855 d_delete(dentry);
3856 }
3857
3858 return error;
3859}
3860EXPORT_SYMBOL(vfs_unlink);
3861
3862
3863
3864
3865
3866
3867
3868static long do_unlinkat(int dfd, const char __user *pathname)
3869{
3870 int error;
3871 struct filename *name;
3872 struct dentry *dentry;
3873 struct path path;
3874 struct qstr last;
3875 int type;
3876 struct inode *inode = NULL;
3877 struct inode *delegated_inode = NULL;
3878 unsigned int lookup_flags = 0;
3879retry:
3880 name = user_path_parent(dfd, pathname,
3881 &path, &last, &type, lookup_flags);
3882 if (IS_ERR(name))
3883 return PTR_ERR(name);
3884
3885 error = -EISDIR;
3886 if (type != LAST_NORM)
3887 goto exit1;
3888
3889 error = mnt_want_write(path.mnt);
3890 if (error)
3891 goto exit1;
3892retry_deleg:
3893 inode_lock_nested(path.dentry->d_inode, I_MUTEX_PARENT);
3894 dentry = __lookup_hash(&last, path.dentry, lookup_flags);
3895 error = PTR_ERR(dentry);
3896 if (!IS_ERR(dentry)) {
3897
3898 if (last.name[last.len])
3899 goto slashes;
3900 inode = dentry->d_inode;
3901 if (d_is_negative(dentry))
3902 goto slashes;
3903 ihold(inode);
3904 error = security_path_unlink(&path, dentry);
3905 if (error)
3906 goto exit2;
3907 error = vfs_unlink(path.dentry->d_inode, dentry, &delegated_inode);
3908exit2:
3909 dput(dentry);
3910 }
3911 inode_unlock(path.dentry->d_inode);
3912 if (inode)
3913 iput(inode);
3914 inode = NULL;
3915 if (delegated_inode) {
3916 error = break_deleg_wait(&delegated_inode);
3917 if (!error)
3918 goto retry_deleg;
3919 }
3920 mnt_drop_write(path.mnt);
3921exit1:
3922 path_put(&path);
3923 putname(name);
3924 if (retry_estale(error, lookup_flags)) {
3925 lookup_flags |= LOOKUP_REVAL;
3926 inode = NULL;
3927 goto retry;
3928 }
3929 return error;
3930
3931slashes:
3932 if (d_is_negative(dentry))
3933 error = -ENOENT;
3934 else if (d_is_dir(dentry))
3935 error = -EISDIR;
3936 else
3937 error = -ENOTDIR;
3938 goto exit2;
3939}
3940
3941SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
3942{
3943 if ((flag & ~AT_REMOVEDIR) != 0)
3944 return -EINVAL;
3945
3946 if (flag & AT_REMOVEDIR)
3947 return do_rmdir(dfd, pathname);
3948
3949 return do_unlinkat(dfd, pathname);
3950}
3951
3952SYSCALL_DEFINE1(unlink, const char __user *, pathname)
3953{
3954 return do_unlinkat(AT_FDCWD, pathname);
3955}
3956
3957int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
3958{
3959 int error = may_create(dir, dentry);
3960
3961 if (error)
3962 return error;
3963
3964 if (!dir->i_op->symlink)
3965 return -EPERM;
3966
3967 error = security_inode_symlink(dir, dentry, oldname);
3968 if (error)
3969 return error;
3970
3971 error = dir->i_op->symlink(dir, dentry, oldname);
3972 if (!error)
3973 fsnotify_create(dir, dentry);
3974 return error;
3975}
3976EXPORT_SYMBOL(vfs_symlink);
3977
3978SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
3979 int, newdfd, const char __user *, newname)
3980{
3981 int error;
3982 struct filename *from;
3983 struct dentry *dentry;
3984 struct path path;
3985 unsigned int lookup_flags = 0;
3986
3987 from = getname(oldname);
3988 if (IS_ERR(from))
3989 return PTR_ERR(from);
3990retry:
3991 dentry = user_path_create(newdfd, newname, &path, lookup_flags);
3992 error = PTR_ERR(dentry);
3993 if (IS_ERR(dentry))
3994 goto out_putname;
3995
3996 error = security_path_symlink(&path, dentry, from->name);
3997 if (!error)
3998 error = vfs_symlink(path.dentry->d_inode, dentry, from->name);
3999 done_path_create(&path, dentry);
4000 if (retry_estale(error, lookup_flags)) {
4001 lookup_flags |= LOOKUP_REVAL;
4002 goto retry;
4003 }
4004out_putname:
4005 putname(from);
4006 return error;
4007}
4008
4009SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
4010{
4011 return sys_symlinkat(oldname, AT_FDCWD, newname);
4012}
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry, struct inode **delegated_inode)
4034{
4035 struct inode *inode = old_dentry->d_inode;
4036 unsigned max_links = dir->i_sb->s_max_links;
4037 int error;
4038
4039 if (!inode)
4040 return -ENOENT;
4041
4042 error = may_create(dir, new_dentry);
4043 if (error)
4044 return error;
4045
4046 if (dir->i_sb != inode->i_sb)
4047 return -EXDEV;
4048
4049
4050
4051
4052 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
4053 return -EPERM;
4054 if (!dir->i_op->link)
4055 return -EPERM;
4056 if (S_ISDIR(inode->i_mode))
4057 return -EPERM;
4058
4059 error = security_inode_link(old_dentry, dir, new_dentry);
4060 if (error)
4061 return error;
4062
4063 inode_lock(inode);
4064
4065 if (inode->i_nlink == 0 && !(inode->i_state & I_LINKABLE))
4066 error = -ENOENT;
4067 else if (max_links && inode->i_nlink >= max_links)
4068 error = -EMLINK;
4069 else {
4070 error = try_break_deleg(inode, delegated_inode);
4071 if (!error)
4072 error = dir->i_op->link(old_dentry, dir, new_dentry);
4073 }
4074
4075 if (!error && (inode->i_state & I_LINKABLE)) {
4076 spin_lock(&inode->i_lock);
4077 inode->i_state &= ~I_LINKABLE;
4078 spin_unlock(&inode->i_lock);
4079 }
4080 inode_unlock(inode);
4081 if (!error)
4082 fsnotify_link(dir, inode, new_dentry);
4083 return error;
4084}
4085EXPORT_SYMBOL(vfs_link);
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
4097 int, newdfd, const char __user *, newname, int, flags)
4098{
4099 struct dentry *new_dentry;
4100 struct path old_path, new_path;
4101 struct inode *delegated_inode = NULL;
4102 int how = 0;
4103 int error;
4104
4105 if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
4106 return -EINVAL;
4107
4108
4109
4110
4111
4112 if (flags & AT_EMPTY_PATH) {
4113 if (!capable(CAP_DAC_READ_SEARCH))
4114 return -ENOENT;
4115 how = LOOKUP_EMPTY;
4116 }
4117
4118 if (flags & AT_SYMLINK_FOLLOW)
4119 how |= LOOKUP_FOLLOW;
4120retry:
4121 error = user_path_at(olddfd, oldname, how, &old_path);
4122 if (error)
4123 return error;
4124
4125 new_dentry = user_path_create(newdfd, newname, &new_path,
4126 (how & LOOKUP_REVAL));
4127 error = PTR_ERR(new_dentry);
4128 if (IS_ERR(new_dentry))
4129 goto out;
4130
4131 error = -EXDEV;
4132 if (old_path.mnt != new_path.mnt)
4133 goto out_dput;
4134 error = may_linkat(&old_path);
4135 if (unlikely(error))
4136 goto out_dput;
4137 error = security_path_link(old_path.dentry, &new_path, new_dentry);
4138 if (error)
4139 goto out_dput;
4140 error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry, &delegated_inode);
4141out_dput:
4142 done_path_create(&new_path, new_dentry);
4143 if (delegated_inode) {
4144 error = break_deleg_wait(&delegated_inode);
4145 if (!error) {
4146 path_put(&old_path);
4147 goto retry;
4148 }
4149 }
4150 if (retry_estale(error, how)) {
4151 path_put(&old_path);
4152 how |= LOOKUP_REVAL;
4153 goto retry;
4154 }
4155out:
4156 path_put(&old_path);
4157
4158 return error;
4159}
4160
4161SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
4162{
4163 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
4164}
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
4216 struct inode *new_dir, struct dentry *new_dentry,
4217 struct inode **delegated_inode, unsigned int flags)
4218{
4219 int error;
4220 bool is_dir = d_is_dir(old_dentry);
4221 const unsigned char *old_name;
4222 struct inode *source = old_dentry->d_inode;
4223 struct inode *target = new_dentry->d_inode;
4224 bool new_is_dir = false;
4225 unsigned max_links = new_dir->i_sb->s_max_links;
4226
4227
4228
4229
4230
4231 if (vfs_select_inode(old_dentry, 0) == vfs_select_inode(new_dentry, 0))
4232 return 0;
4233
4234 error = may_delete(old_dir, old_dentry, is_dir);
4235 if (error)
4236 return error;
4237
4238 if (!target) {
4239 error = may_create(new_dir, new_dentry);
4240 } else {
4241 new_is_dir = d_is_dir(new_dentry);
4242
4243 if (!(flags & RENAME_EXCHANGE))
4244 error = may_delete(new_dir, new_dentry, is_dir);
4245 else
4246 error = may_delete(new_dir, new_dentry, new_is_dir);
4247 }
4248 if (error)
4249 return error;
4250
4251 if (!old_dir->i_op->rename && !old_dir->i_op->rename2)
4252 return -EPERM;
4253
4254 if (flags && !old_dir->i_op->rename2)
4255 return -EINVAL;
4256
4257
4258
4259
4260
4261 if (new_dir != old_dir) {
4262 if (is_dir) {
4263 error = inode_permission(source, MAY_WRITE);
4264 if (error)
4265 return error;
4266 }
4267 if ((flags & RENAME_EXCHANGE) && new_is_dir) {
4268 error = inode_permission(target, MAY_WRITE);
4269 if (error)
4270 return error;
4271 }
4272 }
4273
4274 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry,
4275 flags);
4276 if (error)
4277 return error;
4278
4279 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
4280 dget(new_dentry);
4281 if (!is_dir || (flags & RENAME_EXCHANGE))
4282 lock_two_nondirectories(source, target);
4283 else if (target)
4284 inode_lock(target);
4285
4286 error = -EBUSY;
4287 if (is_local_mountpoint(old_dentry) || is_local_mountpoint(new_dentry))
4288 goto out;
4289
4290 if (max_links && new_dir != old_dir) {
4291 error = -EMLINK;
4292 if (is_dir && !new_is_dir && new_dir->i_nlink >= max_links)
4293 goto out;
4294 if ((flags & RENAME_EXCHANGE) && !is_dir && new_is_dir &&
4295 old_dir->i_nlink >= max_links)
4296 goto out;
4297 }
4298 if (is_dir && !(flags & RENAME_EXCHANGE) && target)
4299 shrink_dcache_parent(new_dentry);
4300 if (!is_dir) {
4301 error = try_break_deleg(source, delegated_inode);
4302 if (error)
4303 goto out;
4304 }
4305 if (target && !new_is_dir) {
4306 error = try_break_deleg(target, delegated_inode);
4307 if (error)
4308 goto out;
4309 }
4310 if (!old_dir->i_op->rename2) {
4311 error = old_dir->i_op->rename(old_dir, old_dentry,
4312 new_dir, new_dentry);
4313 } else {
4314 WARN_ON(old_dir->i_op->rename != NULL);
4315 error = old_dir->i_op->rename2(old_dir, old_dentry,
4316 new_dir, new_dentry, flags);
4317 }
4318 if (error)
4319 goto out;
4320
4321 if (!(flags & RENAME_EXCHANGE) && target) {
4322 if (is_dir)
4323 target->i_flags |= S_DEAD;
4324 dont_mount(new_dentry);
4325 detach_mounts(new_dentry);
4326 }
4327 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) {
4328 if (!(flags & RENAME_EXCHANGE))
4329 d_move(old_dentry, new_dentry);
4330 else
4331 d_exchange(old_dentry, new_dentry);
4332 }
4333out:
4334 if (!is_dir || (flags & RENAME_EXCHANGE))
4335 unlock_two_nondirectories(source, target);
4336 else if (target)
4337 inode_unlock(target);
4338 dput(new_dentry);
4339 if (!error) {
4340 fsnotify_move(old_dir, new_dir, old_name, is_dir,
4341 !(flags & RENAME_EXCHANGE) ? target : NULL, old_dentry);
4342 if (flags & RENAME_EXCHANGE) {
4343 fsnotify_move(new_dir, old_dir, old_dentry->d_name.name,
4344 new_is_dir, NULL, new_dentry);
4345 }
4346 }
4347 fsnotify_oldname_free(old_name);
4348
4349 return error;
4350}
4351EXPORT_SYMBOL(vfs_rename);
4352
4353SYSCALL_DEFINE5(renameat2, int, olddfd, const char __user *, oldname,
4354 int, newdfd, const char __user *, newname, unsigned int, flags)
4355{
4356 struct dentry *old_dentry, *new_dentry;
4357 struct dentry *trap;
4358 struct path old_path, new_path;
4359 struct qstr old_last, new_last;
4360 int old_type, new_type;
4361 struct inode *delegated_inode = NULL;
4362 struct filename *from;
4363 struct filename *to;
4364 unsigned int lookup_flags = 0, target_flags = LOOKUP_RENAME_TARGET;
4365 bool should_retry = false;
4366 int error;
4367
4368 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
4369 return -EINVAL;
4370
4371 if ((flags & (RENAME_NOREPLACE | RENAME_WHITEOUT)) &&
4372 (flags & RENAME_EXCHANGE))
4373 return -EINVAL;
4374
4375 if ((flags & RENAME_WHITEOUT) && !capable(CAP_MKNOD))
4376 return -EPERM;
4377
4378 if (flags & RENAME_EXCHANGE)
4379 target_flags = 0;
4380
4381retry:
4382 from = user_path_parent(olddfd, oldname,
4383 &old_path, &old_last, &old_type, lookup_flags);
4384 if (IS_ERR(from)) {
4385 error = PTR_ERR(from);
4386 goto exit;
4387 }
4388
4389 to = user_path_parent(newdfd, newname,
4390 &new_path, &new_last, &new_type, lookup_flags);
4391 if (IS_ERR(to)) {
4392 error = PTR_ERR(to);
4393 goto exit1;
4394 }
4395
4396 error = -EXDEV;
4397 if (old_path.mnt != new_path.mnt)
4398 goto exit2;
4399
4400 error = -EBUSY;
4401 if (old_type != LAST_NORM)
4402 goto exit2;
4403
4404 if (flags & RENAME_NOREPLACE)
4405 error = -EEXIST;
4406 if (new_type != LAST_NORM)
4407 goto exit2;
4408
4409 error = mnt_want_write(old_path.mnt);
4410 if (error)
4411 goto exit2;
4412
4413retry_deleg:
4414 trap = lock_rename(new_path.dentry, old_path.dentry);
4415
4416 old_dentry = __lookup_hash(&old_last, old_path.dentry, lookup_flags);
4417 error = PTR_ERR(old_dentry);
4418 if (IS_ERR(old_dentry))
4419 goto exit3;
4420
4421 error = -ENOENT;
4422 if (d_is_negative(old_dentry))
4423 goto exit4;
4424 new_dentry = __lookup_hash(&new_last, new_path.dentry, lookup_flags | target_flags);
4425 error = PTR_ERR(new_dentry);
4426 if (IS_ERR(new_dentry))
4427 goto exit4;
4428 error = -EEXIST;
4429 if ((flags & RENAME_NOREPLACE) && d_is_positive(new_dentry))
4430 goto exit5;
4431 if (flags & RENAME_EXCHANGE) {
4432 error = -ENOENT;
4433 if (d_is_negative(new_dentry))
4434 goto exit5;
4435
4436 if (!d_is_dir(new_dentry)) {
4437 error = -ENOTDIR;
4438 if (new_last.name[new_last.len])
4439 goto exit5;
4440 }
4441 }
4442
4443 if (!d_is_dir(old_dentry)) {
4444 error = -ENOTDIR;
4445 if (old_last.name[old_last.len])
4446 goto exit5;
4447 if (!(flags & RENAME_EXCHANGE) && new_last.name[new_last.len])
4448 goto exit5;
4449 }
4450
4451 error = -EINVAL;
4452 if (old_dentry == trap)
4453 goto exit5;
4454
4455 if (!(flags & RENAME_EXCHANGE))
4456 error = -ENOTEMPTY;
4457 if (new_dentry == trap)
4458 goto exit5;
4459
4460 error = security_path_rename(&old_path, old_dentry,
4461 &new_path, new_dentry, flags);
4462 if (error)
4463 goto exit5;
4464 error = vfs_rename(old_path.dentry->d_inode, old_dentry,
4465 new_path.dentry->d_inode, new_dentry,
4466 &delegated_inode, flags);
4467exit5:
4468 dput(new_dentry);
4469exit4:
4470 dput(old_dentry);
4471exit3:
4472 unlock_rename(new_path.dentry, old_path.dentry);
4473 if (delegated_inode) {
4474 error = break_deleg_wait(&delegated_inode);
4475 if (!error)
4476 goto retry_deleg;
4477 }
4478 mnt_drop_write(old_path.mnt);
4479exit2:
4480 if (retry_estale(error, lookup_flags))
4481 should_retry = true;
4482 path_put(&new_path);
4483 putname(to);
4484exit1:
4485 path_put(&old_path);
4486 putname(from);
4487 if (should_retry) {
4488 should_retry = false;
4489 lookup_flags |= LOOKUP_REVAL;
4490 goto retry;
4491 }
4492exit:
4493 return error;
4494}
4495
4496SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
4497 int, newdfd, const char __user *, newname)
4498{
4499 return sys_renameat2(olddfd, oldname, newdfd, newname, 0);
4500}
4501
4502SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
4503{
4504 return sys_renameat2(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
4505}
4506
4507int vfs_whiteout(struct inode *dir, struct dentry *dentry)
4508{
4509 int error = may_create(dir, dentry);
4510 if (error)
4511 return error;
4512
4513 if (!dir->i_op->mknod)
4514 return -EPERM;
4515
4516 return dir->i_op->mknod(dir, dentry,
4517 S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
4518}
4519EXPORT_SYMBOL(vfs_whiteout);
4520
4521int readlink_copy(char __user *buffer, int buflen, const char *link)
4522{
4523 int len = PTR_ERR(link);
4524 if (IS_ERR(link))
4525 goto out;
4526
4527 len = strlen(link);
4528 if (len > (unsigned) buflen)
4529 len = buflen;
4530 if (copy_to_user(buffer, link, len))
4531 len = -EFAULT;
4532out:
4533 return len;
4534}
4535EXPORT_SYMBOL(readlink_copy);
4536
4537
4538
4539
4540
4541
4542int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
4543{
4544 DEFINE_DELAYED_CALL(done);
4545 struct inode *inode = d_inode(dentry);
4546 const char *link = inode->i_link;
4547 int res;
4548
4549 if (!link) {
4550 link = inode->i_op->get_link(dentry, inode, &done);
4551 if (IS_ERR(link))
4552 return PTR_ERR(link);
4553 }
4554 res = readlink_copy(buffer, buflen, link);
4555 do_delayed_call(&done);
4556 return res;
4557}
4558EXPORT_SYMBOL(generic_readlink);
4559
4560
4561const char *page_get_link(struct dentry *dentry, struct inode *inode,
4562 struct delayed_call *callback)
4563{
4564 char *kaddr;
4565 struct page *page;
4566 struct address_space *mapping = inode->i_mapping;
4567
4568 if (!dentry) {
4569 page = find_get_page(mapping, 0);
4570 if (!page)
4571 return ERR_PTR(-ECHILD);
4572 if (!PageUptodate(page)) {
4573 put_page(page);
4574 return ERR_PTR(-ECHILD);
4575 }
4576 } else {
4577 page = read_mapping_page(mapping, 0, NULL);
4578 if (IS_ERR(page))
4579 return (char*)page;
4580 }
4581 set_delayed_call(callback, page_put_link, page);
4582 BUG_ON(mapping_gfp_mask(mapping) & __GFP_HIGHMEM);
4583 kaddr = page_address(page);
4584 nd_terminate_link(kaddr, inode->i_size, PAGE_SIZE - 1);
4585 return kaddr;
4586}
4587
4588EXPORT_SYMBOL(page_get_link);
4589
4590void page_put_link(void *arg)
4591{
4592 put_page(arg);
4593}
4594EXPORT_SYMBOL(page_put_link);
4595
4596int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
4597{
4598 DEFINE_DELAYED_CALL(done);
4599 int res = readlink_copy(buffer, buflen,
4600 page_get_link(dentry, d_inode(dentry),
4601 &done));
4602 do_delayed_call(&done);
4603 return res;
4604}
4605EXPORT_SYMBOL(page_readlink);
4606
4607
4608
4609
4610int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
4611{
4612 struct address_space *mapping = inode->i_mapping;
4613 struct page *page;
4614 void *fsdata;
4615 int err;
4616 unsigned int flags = AOP_FLAG_UNINTERRUPTIBLE;
4617 if (nofs)
4618 flags |= AOP_FLAG_NOFS;
4619
4620retry:
4621 err = pagecache_write_begin(NULL, mapping, 0, len-1,
4622 flags, &page, &fsdata);
4623 if (err)
4624 goto fail;
4625
4626 memcpy(page_address(page), symname, len-1);
4627
4628 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
4629 page, fsdata);
4630 if (err < 0)
4631 goto fail;
4632 if (err < len-1)
4633 goto retry;
4634
4635 mark_inode_dirty(inode);
4636 return 0;
4637fail:
4638 return err;
4639}
4640EXPORT_SYMBOL(__page_symlink);
4641
4642int page_symlink(struct inode *inode, const char *symname, int len)
4643{
4644 return __page_symlink(inode, symname, len,
4645 !mapping_gfp_constraint(inode->i_mapping, __GFP_FS));
4646}
4647EXPORT_SYMBOL(page_symlink);
4648
4649const struct inode_operations page_symlink_inode_operations = {
4650 .readlink = generic_readlink,
4651 .get_link = page_get_link,
4652};
4653EXPORT_SYMBOL(page_symlink_inode_operations);
4654
