4 * Copyright (C) 1991, 1992 Linus Torvalds
8 * Some corrections by tytso.
11 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
14 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
21 #include <linux/namei.h>
22 #include <linux/pagemap.h>
23 #include <linux/fsnotify.h>
24 #include <linux/personality.h>
25 #include <linux/security.h>
26 #include <linux/ima.h>
27 #include <linux/syscalls.h>
28 #include <linux/mount.h>
29 #include <linux/audit.h>
30 #include <linux/capability.h>
31 #include <linux/file.h>
32 #include <linux/fcntl.h>
33 #include <linux/device_cgroup.h>
34 #include <linux/fs_struct.h>
35 #include <asm/uaccess.h>
39 /* [Feb-1997 T. Schoebel-Theuer]
40 * Fundamental changes in the pathname lookup mechanisms (namei)
41 * were necessary because of omirr. The reason is that omirr needs
42 * to know the _real_ pathname, not the user-supplied one, in case
43 * of symlinks (and also when transname replacements occur).
45 * The new code replaces the old recursive symlink resolution with
46 * an iterative one (in case of non-nested symlink chains). It does
47 * this with calls to <fs>_follow_link().
48 * As a side effect, dir_namei(), _namei() and follow_link() are now
49 * replaced with a single function lookup_dentry() that can handle all
50 * the special cases of the former code.
52 * With the new dcache, the pathname is stored at each inode, at least as
53 * long as the refcount of the inode is positive. As a side effect, the
54 * size of the dcache depends on the inode cache and thus is dynamic.
56 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
57 * resolution to correspond with current state of the code.
59 * Note that the symlink resolution is not *completely* iterative.
60 * There is still a significant amount of tail- and mid- recursion in
61 * the algorithm. Also, note that <fs>_readlink() is not used in
62 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
63 * may return different results than <fs>_follow_link(). Many virtual
64 * filesystems (including /proc) exhibit this behavior.
67 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
68 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
69 * and the name already exists in form of a symlink, try to create the new
70 * name indicated by the symlink. The old code always complained that the
71 * name already exists, due to not following the symlink even if its target
72 * is nonexistent. The new semantics affects also mknod() and link() when
73 * the name is a symlink pointing to a non-existent name.
75 * I don't know which semantics is the right one, since I have no access
76 * to standards. But I found by trial that HP-UX 9.0 has the full "new"
77 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
78 * "old" one. Personally, I think the new semantics is much more logical.
79 * Note that "ln old new" where "new" is a symlink pointing to a non-existing
80 * file does succeed in both HP-UX and SunOs, but not in Solaris
81 * and in the old Linux semantics.
84 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
85 * semantics. See the comments in "open_namei" and "do_link" below.
87 * [10-Sep-98 Alan Modra] Another symlink change.
90 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
91 * inside the path - always follow.
92 * in the last component in creation/removal/renaming - never follow.
93 * if LOOKUP_FOLLOW passed - follow.
94 * if the pathname has trailing slashes - follow.
95 * otherwise - don't follow.
96 * (applied in that order).
98 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
99 * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
100 * During the 2.4 we need to fix the userland stuff depending on it -
101 * hopefully we will be able to get rid of that wart in 2.5. So far only
102 * XEmacs seems to be relying on it...
105 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
106 * implemented. Let's see if raised priority of ->s_vfs_rename_mutex gives
107 * any extra contention...
110 /* In order to reduce some races, while at the same time doing additional
111 * checking and hopefully speeding things up, we copy filenames to the
112 * kernel data space before using them..
114 * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
115 * PATH_MAX includes the nul terminator --RR.
117 static int do_getname(const char __user *filename, char *page)
120 unsigned long len = PATH_MAX;
122 if (!segment_eq(get_fs(), KERNEL_DS)) {
123 if ((unsigned long) filename >= TASK_SIZE)
125 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
126 len = TASK_SIZE - (unsigned long) filename;
129 retval = strncpy_from_user(page, filename, len);
133 return -ENAMETOOLONG;
139 static char *getname_flags(const char __user * filename, int flags)
143 result = ERR_PTR(-ENOMEM);
146 int retval = do_getname(filename, tmp);
150 if (retval != -ENOENT || !(flags & LOOKUP_EMPTY)) {
152 result = ERR_PTR(retval);
156 audit_getname(result);
160 char *getname(const char __user * filename)
162 return getname_flags(filename, 0);
165 #ifdef CONFIG_AUDITSYSCALL
166 void putname(const char *name)
168 if (unlikely(!audit_dummy_context()))
173 EXPORT_SYMBOL(putname);
177 * This does basic POSIX ACL permission checking
179 static int acl_permission_check(struct inode *inode, int mask)
181 int (*check_acl)(struct inode *inode, int mask);
182 unsigned int mode = inode->i_mode;
184 mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK;
186 if (current_user_ns() != inode_userns(inode))
189 if (current_fsuid() == inode->i_uid)
192 check_acl = inode->i_op->check_acl;
193 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
194 int error = check_acl(inode, mask);
195 if (error != -EAGAIN)
199 if (in_group_p(inode->i_gid))
205 * If the DACs are ok we don't need any capability check.
207 if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
213 * generic_permission - check for access rights on a Posix-like filesystem
214 * @inode: inode to check access rights for
215 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
216 * @flags: IPERM_FLAG_ flags.
218 * Used to check for read/write/execute permissions on a file.
219 * We use "fsuid" for this, letting us set arbitrary permissions
220 * for filesystem access without changing the "normal" uids which
221 * are used for other things.
223 * generic_permission is rcu-walk aware. It returns -ECHILD in case an rcu-walk
224 * request cannot be satisfied (eg. requires blocking or too much complexity).
225 * It would then be called again in ref-walk mode.
227 int generic_permission(struct inode *inode, int mask)
232 * Do the basic POSIX ACL permission checks.
234 ret = acl_permission_check(inode, mask);
238 if (S_ISDIR(inode->i_mode)) {
239 /* DACs are overridable for directories */
240 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
242 if (!(mask & MAY_WRITE))
243 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
248 * Read/write DACs are always overridable.
249 * Executable DACs are overridable when there is
250 * at least one exec bit set.
252 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
253 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
257 * Searching includes executable on directories, else just read.
259 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
260 if (mask == MAY_READ)
261 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
268 * inode_permission - check for access rights to a given inode
269 * @inode: inode to check permission on
270 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
272 * Used to check for read/write/execute permissions on an inode.
273 * We use "fsuid" for this, letting us set arbitrary permissions
274 * for filesystem access without changing the "normal" uids which
275 * are used for other things.
277 int inode_permission(struct inode *inode, int mask)
281 if (mask & MAY_WRITE) {
282 umode_t mode = inode->i_mode;
285 * Nobody gets write access to a read-only fs.
287 if (IS_RDONLY(inode) &&
288 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
292 * Nobody gets write access to an immutable file.
294 if (IS_IMMUTABLE(inode))
298 if (inode->i_op->permission)
299 retval = inode->i_op->permission(inode, mask);
301 retval = generic_permission(inode, mask);
306 retval = devcgroup_inode_permission(inode, mask);
310 return security_inode_permission(inode, mask);
314 * exec_permission - check for right to do lookups in a given directory
315 * @inode: inode to check permission on
316 * @mask: MAY_EXEC and possibly MAY_NOT_BLOCK flags.
318 * Short-cut version of inode_permission(), for calling on directories
319 * during pathname resolution. Combines parts of inode_permission()
320 * and generic_permission(), and tests ONLY for MAY_EXEC permission.
322 * If appropriate, check DAC only. If not appropriate, or
323 * short-cut DAC fails, then call ->permission() to do more
324 * complete permission check.
326 static inline int exec_permission(struct inode *inode, int mask)
329 struct user_namespace *ns = inode_userns(inode);
331 if (inode->i_op->permission) {
332 ret = inode->i_op->permission(inode, mask);
336 ret = acl_permission_check(inode, mask);
341 if (ns_capable(ns, CAP_DAC_OVERRIDE) ||
342 ns_capable(ns, CAP_DAC_READ_SEARCH))
347 return security_inode_permission(inode, mask);
351 * path_get - get a reference to a path
352 * @path: path to get the reference to
354 * Given a path increment the reference count to the dentry and the vfsmount.
356 void path_get(struct path *path)
361 EXPORT_SYMBOL(path_get);
364 * path_put - put a reference to a path
365 * @path: path to put the reference to
367 * Given a path decrement the reference count to the dentry and the vfsmount.
369 void path_put(struct path *path)
374 EXPORT_SYMBOL(path_put);
377 * Path walking has 2 modes, rcu-walk and ref-walk (see
378 * Documentation/filesystems/path-lookup.txt). In situations when we can't
379 * continue in RCU mode, we attempt to drop out of rcu-walk mode and grab
380 * normal reference counts on dentries and vfsmounts to transition to rcu-walk
381 * mode. Refcounts are grabbed at the last known good point before rcu-walk
382 * got stuck, so ref-walk may continue from there. If this is not successful
383 * (eg. a seqcount has changed), then failure is returned and it's up to caller
384 * to restart the path walk from the beginning in ref-walk mode.
388 * unlazy_walk - try to switch to ref-walk mode.
389 * @nd: nameidata pathwalk data
390 * @dentry: child of nd->path.dentry or NULL
391 * Returns: 0 on success, -ECHILD on failure
393 * unlazy_walk attempts to legitimize the current nd->path, nd->root and dentry
394 * for ref-walk mode. @dentry must be a path found by a do_lookup call on
395 * @nd or NULL. Must be called from rcu-walk context.
397 static int unlazy_walk(struct nameidata *nd, struct dentry *dentry)
399 struct fs_struct *fs = current->fs;
400 struct dentry *parent = nd->path.dentry;
403 BUG_ON(!(nd->flags & LOOKUP_RCU));
404 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
406 spin_lock(&fs->lock);
407 if (nd->root.mnt != fs->root.mnt ||
408 nd->root.dentry != fs->root.dentry)
411 spin_lock(&parent->d_lock);
413 if (!__d_rcu_to_refcount(parent, nd->seq))
415 BUG_ON(nd->inode != parent->d_inode);
417 if (dentry->d_parent != parent)
419 spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
420 if (!__d_rcu_to_refcount(dentry, nd->seq))
423 * If the sequence check on the child dentry passed, then
424 * the child has not been removed from its parent. This
425 * means the parent dentry must be valid and able to take
426 * a reference at this point.
428 BUG_ON(!IS_ROOT(dentry) && dentry->d_parent != parent);
429 BUG_ON(!parent->d_count);
431 spin_unlock(&dentry->d_lock);
433 spin_unlock(&parent->d_lock);
436 spin_unlock(&fs->lock);
438 mntget(nd->path.mnt);
441 br_read_unlock(vfsmount_lock);
442 nd->flags &= ~LOOKUP_RCU;
446 spin_unlock(&dentry->d_lock);
448 spin_unlock(&parent->d_lock);
451 spin_unlock(&fs->lock);
456 * release_open_intent - free up open intent resources
457 * @nd: pointer to nameidata
459 void release_open_intent(struct nameidata *nd)
461 struct file *file = nd->intent.open.file;
463 if (file && !IS_ERR(file)) {
464 if (file->f_path.dentry == NULL)
471 static inline int d_revalidate(struct dentry *dentry, struct nameidata *nd)
473 return dentry->d_op->d_revalidate(dentry, nd);
476 static struct dentry *
477 do_revalidate(struct dentry *dentry, struct nameidata *nd)
479 int status = d_revalidate(dentry, nd);
480 if (unlikely(status <= 0)) {
482 * The dentry failed validation.
483 * If d_revalidate returned 0 attempt to invalidate
484 * the dentry otherwise d_revalidate is asking us
485 * to return a fail status.
489 dentry = ERR_PTR(status);
490 } else if (!d_invalidate(dentry)) {
499 * complete_walk - successful completion of path walk
500 * @nd: pointer nameidata
502 * If we had been in RCU mode, drop out of it and legitimize nd->path.
503 * Revalidate the final result, unless we'd already done that during
504 * the path walk or the filesystem doesn't ask for it. Return 0 on
505 * success, -error on failure. In case of failure caller does not
506 * need to drop nd->path.
508 static int complete_walk(struct nameidata *nd)
510 struct dentry *dentry = nd->path.dentry;
513 if (nd->flags & LOOKUP_RCU) {
514 nd->flags &= ~LOOKUP_RCU;
515 if (!(nd->flags & LOOKUP_ROOT))
517 spin_lock(&dentry->d_lock);
518 if (unlikely(!__d_rcu_to_refcount(dentry, nd->seq))) {
519 spin_unlock(&dentry->d_lock);
521 br_read_unlock(vfsmount_lock);
524 BUG_ON(nd->inode != dentry->d_inode);
525 spin_unlock(&dentry->d_lock);
526 mntget(nd->path.mnt);
528 br_read_unlock(vfsmount_lock);
531 if (likely(!(nd->flags & LOOKUP_JUMPED)))
534 if (likely(!(dentry->d_flags & DCACHE_OP_REVALIDATE)))
537 if (likely(!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)))
540 /* Note: we do not d_invalidate() */
541 status = d_revalidate(dentry, nd);
552 static __always_inline void set_root(struct nameidata *nd)
555 get_fs_root(current->fs, &nd->root);
558 static int link_path_walk(const char *, struct nameidata *);
560 static __always_inline void set_root_rcu(struct nameidata *nd)
563 struct fs_struct *fs = current->fs;
567 seq = read_seqcount_begin(&fs->seq);
569 nd->seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
570 } while (read_seqcount_retry(&fs->seq, seq));
574 static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
586 nd->flags |= LOOKUP_JUMPED;
588 nd->inode = nd->path.dentry->d_inode;
590 ret = link_path_walk(link, nd);
594 return PTR_ERR(link);
597 static void path_put_conditional(struct path *path, struct nameidata *nd)
600 if (path->mnt != nd->path.mnt)
604 static inline void path_to_nameidata(const struct path *path,
605 struct nameidata *nd)
607 if (!(nd->flags & LOOKUP_RCU)) {
608 dput(nd->path.dentry);
609 if (nd->path.mnt != path->mnt)
610 mntput(nd->path.mnt);
612 nd->path.mnt = path->mnt;
613 nd->path.dentry = path->dentry;
616 static inline void put_link(struct nameidata *nd, struct path *link, void *cookie)
618 struct inode *inode = link->dentry->d_inode;
619 if (!IS_ERR(cookie) && inode->i_op->put_link)
620 inode->i_op->put_link(link->dentry, nd, cookie);
624 static __always_inline int
625 follow_link(struct path *link, struct nameidata *nd, void **p)
628 struct dentry *dentry = link->dentry;
630 BUG_ON(nd->flags & LOOKUP_RCU);
632 if (link->mnt == nd->path.mnt)
635 if (unlikely(current->total_link_count >= 40)) {
636 *p = ERR_PTR(-ELOOP); /* no ->put_link(), please */
641 current->total_link_count++;
643 touch_atime(link->mnt, dentry);
644 nd_set_link(nd, NULL);
646 error = security_inode_follow_link(link->dentry, nd);
648 *p = ERR_PTR(error); /* no ->put_link(), please */
653 nd->last_type = LAST_BIND;
654 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
657 char *s = nd_get_link(nd);
660 error = __vfs_follow_link(nd, s);
661 else if (nd->last_type == LAST_BIND) {
662 nd->flags |= LOOKUP_JUMPED;
663 nd->inode = nd->path.dentry->d_inode;
664 if (nd->inode->i_op->follow_link) {
665 /* stepped on a _really_ weird one */
674 static int follow_up_rcu(struct path *path)
676 struct vfsmount *parent;
677 struct dentry *mountpoint;
679 parent = path->mnt->mnt_parent;
680 if (parent == path->mnt)
682 mountpoint = path->mnt->mnt_mountpoint;
683 path->dentry = mountpoint;
688 int follow_up(struct path *path)
690 struct vfsmount *parent;
691 struct dentry *mountpoint;
693 br_read_lock(vfsmount_lock);
694 parent = path->mnt->mnt_parent;
695 if (parent == path->mnt) {
696 br_read_unlock(vfsmount_lock);
700 mountpoint = dget(path->mnt->mnt_mountpoint);
701 br_read_unlock(vfsmount_lock);
703 path->dentry = mountpoint;
710 * Perform an automount
711 * - return -EISDIR to tell follow_managed() to stop and return the path we
714 static int follow_automount(struct path *path, unsigned flags,
717 struct vfsmount *mnt;
720 if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
723 /* We don't want to mount if someone supplied AT_NO_AUTOMOUNT
724 * and this is the terminal part of the path.
726 if ((flags & LOOKUP_NO_AUTOMOUNT) && !(flags & LOOKUP_CONTINUE))
727 return -EISDIR; /* we actually want to stop here */
729 /* We want to mount if someone is trying to open/create a file of any
730 * type under the mountpoint, wants to traverse through the mountpoint
731 * or wants to open the mounted directory.
733 * We don't want to mount if someone's just doing a stat and they've
734 * set AT_SYMLINK_NOFOLLOW - unless they're stat'ing a directory and
735 * appended a '/' to the name.
737 if (!(flags & LOOKUP_FOLLOW) &&
738 !(flags & (LOOKUP_CONTINUE | LOOKUP_DIRECTORY |
739 LOOKUP_OPEN | LOOKUP_CREATE)))
742 current->total_link_count++;
743 if (current->total_link_count >= 40)
746 mnt = path->dentry->d_op->d_automount(path);
749 * The filesystem is allowed to return -EISDIR here to indicate
750 * it doesn't want to automount. For instance, autofs would do
751 * this so that its userspace daemon can mount on this dentry.
753 * However, we can only permit this if it's a terminal point in
754 * the path being looked up; if it wasn't then the remainder of
755 * the path is inaccessible and we should say so.
757 if (PTR_ERR(mnt) == -EISDIR && (flags & LOOKUP_CONTINUE))
762 if (!mnt) /* mount collision */
766 /* lock_mount() may release path->mnt on error */
770 err = finish_automount(mnt, path);
774 /* Someone else made a mount here whilst we were busy */
779 path->dentry = dget(mnt->mnt_root);
788 * Handle a dentry that is managed in some way.
789 * - Flagged for transit management (autofs)
790 * - Flagged as mountpoint
791 * - Flagged as automount point
793 * This may only be called in refwalk mode.
795 * Serialization is taken care of in namespace.c
797 static int follow_managed(struct path *path, unsigned flags)
799 struct vfsmount *mnt = path->mnt; /* held by caller, must be left alone */
801 bool need_mntput = false;
804 /* Given that we're not holding a lock here, we retain the value in a
805 * local variable for each dentry as we look at it so that we don't see
806 * the components of that value change under us */
807 while (managed = ACCESS_ONCE(path->dentry->d_flags),
808 managed &= DCACHE_MANAGED_DENTRY,
809 unlikely(managed != 0)) {
810 /* Allow the filesystem to manage the transit without i_mutex
812 if (managed & DCACHE_MANAGE_TRANSIT) {
813 BUG_ON(!path->dentry->d_op);
814 BUG_ON(!path->dentry->d_op->d_manage);
815 ret = path->dentry->d_op->d_manage(path->dentry, false);
820 /* Transit to a mounted filesystem. */
821 if (managed & DCACHE_MOUNTED) {
822 struct vfsmount *mounted = lookup_mnt(path);
828 path->dentry = dget(mounted->mnt_root);
833 /* Something is mounted on this dentry in another
834 * namespace and/or whatever was mounted there in this
835 * namespace got unmounted before we managed to get the
839 /* Handle an automount point */
840 if (managed & DCACHE_NEED_AUTOMOUNT) {
841 ret = follow_automount(path, flags, &need_mntput);
847 /* We didn't change the current path point */
851 if (need_mntput && path->mnt == mnt)
858 int follow_down_one(struct path *path)
860 struct vfsmount *mounted;
862 mounted = lookup_mnt(path);
867 path->dentry = dget(mounted->mnt_root);
873 static inline bool managed_dentry_might_block(struct dentry *dentry)
875 return (dentry->d_flags & DCACHE_MANAGE_TRANSIT &&
876 dentry->d_op->d_manage(dentry, true) < 0);
880 * Try to skip to top of mountpoint pile in rcuwalk mode. Fail if
881 * we meet a managed dentry that would need blocking.
883 static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
884 struct inode **inode)
887 struct vfsmount *mounted;
889 * Don't forget we might have a non-mountpoint managed dentry
890 * that wants to block transit.
892 if (unlikely(managed_dentry_might_block(path->dentry)))
895 if (!d_mountpoint(path->dentry))
898 mounted = __lookup_mnt(path->mnt, path->dentry, 1);
902 path->dentry = mounted->mnt_root;
903 nd->seq = read_seqcount_begin(&path->dentry->d_seq);
905 * Update the inode too. We don't need to re-check the
906 * dentry sequence number here after this d_inode read,
907 * because a mount-point is always pinned.
909 *inode = path->dentry->d_inode;
914 static void follow_mount_rcu(struct nameidata *nd)
916 while (d_mountpoint(nd->path.dentry)) {
917 struct vfsmount *mounted;
918 mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry, 1);
921 nd->path.mnt = mounted;
922 nd->path.dentry = mounted->mnt_root;
923 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
927 static int follow_dotdot_rcu(struct nameidata *nd)
932 if (nd->path.dentry == nd->root.dentry &&
933 nd->path.mnt == nd->root.mnt) {
936 if (nd->path.dentry != nd->path.mnt->mnt_root) {
937 struct dentry *old = nd->path.dentry;
938 struct dentry *parent = old->d_parent;
941 seq = read_seqcount_begin(&parent->d_seq);
942 if (read_seqcount_retry(&old->d_seq, nd->seq))
944 nd->path.dentry = parent;
948 if (!follow_up_rcu(&nd->path))
950 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
952 follow_mount_rcu(nd);
953 nd->inode = nd->path.dentry->d_inode;
957 nd->flags &= ~LOOKUP_RCU;
958 if (!(nd->flags & LOOKUP_ROOT))
961 br_read_unlock(vfsmount_lock);
966 * Follow down to the covering mount currently visible to userspace. At each
967 * point, the filesystem owning that dentry may be queried as to whether the
968 * caller is permitted to proceed or not.
970 int follow_down(struct path *path)
975 while (managed = ACCESS_ONCE(path->dentry->d_flags),
976 unlikely(managed & DCACHE_MANAGED_DENTRY)) {
977 /* Allow the filesystem to manage the transit without i_mutex
980 * We indicate to the filesystem if someone is trying to mount
981 * something here. This gives autofs the chance to deny anyone
982 * other than its daemon the right to mount on its
985 * The filesystem may sleep at this point.
987 if (managed & DCACHE_MANAGE_TRANSIT) {
988 BUG_ON(!path->dentry->d_op);
989 BUG_ON(!path->dentry->d_op->d_manage);
990 ret = path->dentry->d_op->d_manage(
991 path->dentry, false);
993 return ret == -EISDIR ? 0 : ret;
996 /* Transit to a mounted filesystem. */
997 if (managed & DCACHE_MOUNTED) {
998 struct vfsmount *mounted = lookup_mnt(path);
1003 path->mnt = mounted;
1004 path->dentry = dget(mounted->mnt_root);
1008 /* Don't handle automount points here */
1015 * Skip to top of mountpoint pile in refwalk mode for follow_dotdot()
1017 static void follow_mount(struct path *path)
1019 while (d_mountpoint(path->dentry)) {
1020 struct vfsmount *mounted = lookup_mnt(path);
1025 path->mnt = mounted;
1026 path->dentry = dget(mounted->mnt_root);
1030 static void follow_dotdot(struct nameidata *nd)
1035 struct dentry *old = nd->path.dentry;
1037 if (nd->path.dentry == nd->root.dentry &&
1038 nd->path.mnt == nd->root.mnt) {
1041 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1042 /* rare case of legitimate dget_parent()... */
1043 nd->path.dentry = dget_parent(nd->path.dentry);
1047 if (!follow_up(&nd->path))
1050 follow_mount(&nd->path);
1051 nd->inode = nd->path.dentry->d_inode;
1055 * Allocate a dentry with name and parent, and perform a parent
1056 * directory ->lookup on it. Returns the new dentry, or ERR_PTR
1057 * on error. parent->d_inode->i_mutex must be held. d_lookup must
1058 * have verified that no child exists while under i_mutex.
1060 static struct dentry *d_alloc_and_lookup(struct dentry *parent,
1061 struct qstr *name, struct nameidata *nd)
1063 struct inode *inode = parent->d_inode;
1064 struct dentry *dentry;
1067 /* Don't create child dentry for a dead directory. */
1068 if (unlikely(IS_DEADDIR(inode)))
1069 return ERR_PTR(-ENOENT);
1071 dentry = d_alloc(parent, name);
1072 if (unlikely(!dentry))
1073 return ERR_PTR(-ENOMEM);
1075 old = inode->i_op->lookup(inode, dentry, nd);
1076 if (unlikely(old)) {
1084 * We already have a dentry, but require a lookup to be performed on the parent
1085 * directory to fill in d_inode. Returns the new dentry, or ERR_PTR on error.
1086 * parent->d_inode->i_mutex must be held. d_lookup must have verified that no
1087 * child exists while under i_mutex.
1089 static struct dentry *d_inode_lookup(struct dentry *parent, struct dentry *dentry,
1090 struct nameidata *nd)
1092 struct inode *inode = parent->d_inode;
1095 /* Don't create child dentry for a dead directory. */
1096 if (unlikely(IS_DEADDIR(inode)))
1097 return ERR_PTR(-ENOENT);
1099 old = inode->i_op->lookup(inode, dentry, nd);
1100 if (unlikely(old)) {
1108 * It's more convoluted than I'd like it to be, but... it's still fairly
1109 * small and for now I'd prefer to have fast path as straight as possible.
1110 * It _is_ time-critical.
1112 static int do_lookup(struct nameidata *nd, struct qstr *name,
1113 struct path *path, struct inode **inode)
1115 struct vfsmount *mnt = nd->path.mnt;
1116 struct dentry *dentry, *parent = nd->path.dentry;
1122 * Rename seqlock is not required here because in the off chance
1123 * of a false negative due to a concurrent rename, we're going to
1124 * do the non-racy lookup, below.
1126 if (nd->flags & LOOKUP_RCU) {
1129 dentry = __d_lookup_rcu(parent, name, &seq, inode);
1133 /* Memory barrier in read_seqcount_begin of child is enough */
1134 if (__read_seqcount_retry(&parent->d_seq, nd->seq))
1138 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1139 status = d_revalidate(dentry, nd);
1140 if (unlikely(status <= 0)) {
1141 if (status != -ECHILD)
1146 if (unlikely(d_need_lookup(dentry)))
1149 path->dentry = dentry;
1150 if (unlikely(!__follow_mount_rcu(nd, path, inode)))
1152 if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT))
1156 if (unlazy_walk(nd, dentry))
1159 dentry = __d_lookup(parent, name);
1162 if (dentry && unlikely(d_need_lookup(dentry))) {
1167 if (unlikely(!dentry)) {
1168 struct inode *dir = parent->d_inode;
1169 BUG_ON(nd->inode != dir);
1171 mutex_lock(&dir->i_mutex);
1172 dentry = d_lookup(parent, name);
1173 if (likely(!dentry)) {
1174 dentry = d_alloc_and_lookup(parent, name, nd);
1175 if (IS_ERR(dentry)) {
1176 mutex_unlock(&dir->i_mutex);
1177 return PTR_ERR(dentry);
1182 } else if (unlikely(d_need_lookup(dentry))) {
1183 dentry = d_inode_lookup(parent, dentry, nd);
1184 if (IS_ERR(dentry)) {
1185 mutex_unlock(&dir->i_mutex);
1186 return PTR_ERR(dentry);
1192 mutex_unlock(&dir->i_mutex);
1194 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE) && need_reval)
1195 status = d_revalidate(dentry, nd);
1196 if (unlikely(status <= 0)) {
1201 if (!d_invalidate(dentry)) {
1210 path->dentry = dentry;
1211 err = follow_managed(path, nd->flags);
1212 if (unlikely(err < 0)) {
1213 path_put_conditional(path, nd);
1216 *inode = path->dentry->d_inode;
1220 static inline int may_lookup(struct nameidata *nd)
1222 if (nd->flags & LOOKUP_RCU) {
1223 int err = exec_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1226 if (unlazy_walk(nd, NULL))
1229 return exec_permission(nd->inode, MAY_EXEC);
1232 static inline int handle_dots(struct nameidata *nd, int type)
1234 if (type == LAST_DOTDOT) {
1235 if (nd->flags & LOOKUP_RCU) {
1236 if (follow_dotdot_rcu(nd))
1244 static void terminate_walk(struct nameidata *nd)
1246 if (!(nd->flags & LOOKUP_RCU)) {
1247 path_put(&nd->path);
1249 nd->flags &= ~LOOKUP_RCU;
1250 if (!(nd->flags & LOOKUP_ROOT))
1251 nd->root.mnt = NULL;
1253 br_read_unlock(vfsmount_lock);
1257 static inline int walk_component(struct nameidata *nd, struct path *path,
1258 struct qstr *name, int type, int follow)
1260 struct inode *inode;
1263 * "." and ".." are special - ".." especially so because it has
1264 * to be able to know about the current root directory and
1265 * parent relationships.
1267 if (unlikely(type != LAST_NORM))
1268 return handle_dots(nd, type);
1269 err = do_lookup(nd, name, path, &inode);
1270 if (unlikely(err)) {
1275 path_to_nameidata(path, nd);
1279 if (unlikely(inode->i_op->follow_link) && follow) {
1280 if (nd->flags & LOOKUP_RCU) {
1281 if (unlikely(unlazy_walk(nd, path->dentry))) {
1286 BUG_ON(inode != path->dentry->d_inode);
1289 path_to_nameidata(path, nd);
1295 * This limits recursive symlink follows to 8, while
1296 * limiting consecutive symlinks to 40.
1298 * Without that kind of total limit, nasty chains of consecutive
1299 * symlinks can cause almost arbitrarily long lookups.
1301 static inline int nested_symlink(struct path *path, struct nameidata *nd)
1305 if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
1306 path_put_conditional(path, nd);
1307 path_put(&nd->path);
1310 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
1313 current->link_count++;
1316 struct path link = *path;
1319 res = follow_link(&link, nd, &cookie);
1321 res = walk_component(nd, path, &nd->last,
1322 nd->last_type, LOOKUP_FOLLOW);
1323 put_link(nd, &link, cookie);
1326 current->link_count--;
1333 * This is the basic name resolution function, turning a pathname into
1334 * the final dentry. We expect 'base' to be positive and a directory.
1336 * Returns 0 and nd will have valid dentry and mnt on success.
1337 * Returns error and drops reference to input namei data on failure.
1339 static int link_path_walk(const char *name, struct nameidata *nd)
1343 unsigned int lookup_flags = nd->flags;
1350 /* At this point we know we have a real path component. */
1357 nd->flags |= LOOKUP_CONTINUE;
1359 err = may_lookup(nd);
1364 c = *(const unsigned char *)name;
1366 hash = init_name_hash();
1369 hash = partial_name_hash(c, hash);
1370 c = *(const unsigned char *)name;
1371 } while (c && (c != '/'));
1372 this.len = name - (const char *) this.name;
1373 this.hash = end_name_hash(hash);
1376 if (this.name[0] == '.') switch (this.len) {
1378 if (this.name[1] == '.') {
1380 nd->flags |= LOOKUP_JUMPED;
1386 if (likely(type == LAST_NORM)) {
1387 struct dentry *parent = nd->path.dentry;
1388 nd->flags &= ~LOOKUP_JUMPED;
1389 if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
1390 err = parent->d_op->d_hash(parent, nd->inode,
1397 /* remove trailing slashes? */
1399 goto last_component;
1400 while (*++name == '/');
1402 goto last_component;
1404 err = walk_component(nd, &next, &this, type, LOOKUP_FOLLOW);
1409 err = nested_symlink(&next, nd);
1414 if (!nd->inode->i_op->lookup)
1417 /* here ends the main loop */
1420 /* Clear LOOKUP_CONTINUE iff it was previously unset */
1421 nd->flags &= lookup_flags | ~LOOKUP_CONTINUE;
1423 nd->last_type = type;
1430 static int path_init(int dfd, const char *name, unsigned int flags,
1431 struct nameidata *nd, struct file **fp)
1437 nd->last_type = LAST_ROOT; /* if there are only slashes... */
1438 nd->flags = flags | LOOKUP_JUMPED;
1440 if (flags & LOOKUP_ROOT) {
1441 struct inode *inode = nd->root.dentry->d_inode;
1443 if (!inode->i_op->lookup)
1445 retval = inode_permission(inode, MAY_EXEC);
1449 nd->path = nd->root;
1451 if (flags & LOOKUP_RCU) {
1452 br_read_lock(vfsmount_lock);
1454 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1456 path_get(&nd->path);
1461 nd->root.mnt = NULL;
1464 if (flags & LOOKUP_RCU) {
1465 br_read_lock(vfsmount_lock);
1470 path_get(&nd->root);
1472 nd->path = nd->root;
1473 } else if (dfd == AT_FDCWD) {
1474 if (flags & LOOKUP_RCU) {
1475 struct fs_struct *fs = current->fs;
1478 br_read_lock(vfsmount_lock);
1482 seq = read_seqcount_begin(&fs->seq);
1484 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1485 } while (read_seqcount_retry(&fs->seq, seq));
1487 get_fs_pwd(current->fs, &nd->path);
1490 struct dentry *dentry;
1492 file = fget_raw_light(dfd, &fput_needed);
1497 dentry = file->f_path.dentry;
1501 if (!S_ISDIR(dentry->d_inode->i_mode))
1504 retval = exec_permission(dentry->d_inode, MAY_EXEC);
1509 nd->path = file->f_path;
1510 if (flags & LOOKUP_RCU) {
1513 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1514 br_read_lock(vfsmount_lock);
1517 path_get(&file->f_path);
1518 fput_light(file, fput_needed);
1522 nd->inode = nd->path.dentry->d_inode;
1526 fput_light(file, fput_needed);
1531 static inline int lookup_last(struct nameidata *nd, struct path *path)
1533 if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
1534 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
1536 nd->flags &= ~LOOKUP_PARENT;
1537 return walk_component(nd, path, &nd->last, nd->last_type,
1538 nd->flags & LOOKUP_FOLLOW);
1541 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
1542 static int path_lookupat(int dfd, const char *name,
1543 unsigned int flags, struct nameidata *nd)
1545 struct file *base = NULL;
1550 * Path walking is largely split up into 2 different synchronisation
1551 * schemes, rcu-walk and ref-walk (explained in
1552 * Documentation/filesystems/path-lookup.txt). These share much of the
1553 * path walk code, but some things particularly setup, cleanup, and
1554 * following mounts are sufficiently divergent that functions are
1555 * duplicated. Typically there is a function foo(), and its RCU
1556 * analogue, foo_rcu().
1558 * -ECHILD is the error number of choice (just to avoid clashes) that
1559 * is returned if some aspect of an rcu-walk fails. Such an error must
1560 * be handled by restarting a traditional ref-walk (which will always
1561 * be able to complete).
1563 err = path_init(dfd, name, flags | LOOKUP_PARENT, nd, &base);
1568 current->total_link_count = 0;
1569 err = link_path_walk(name, nd);
1571 if (!err && !(flags & LOOKUP_PARENT)) {
1572 err = lookup_last(nd, &path);
1575 struct path link = path;
1576 nd->flags |= LOOKUP_PARENT;
1577 err = follow_link(&link, nd, &cookie);
1579 err = lookup_last(nd, &path);
1580 put_link(nd, &link, cookie);
1585 err = complete_walk(nd);
1587 if (!err && nd->flags & LOOKUP_DIRECTORY) {
1588 if (!nd->inode->i_op->lookup) {
1589 path_put(&nd->path);
1597 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
1598 path_put(&nd->root);
1599 nd->root.mnt = NULL;
1604 static int do_path_lookup(int dfd, const char *name,
1605 unsigned int flags, struct nameidata *nd)
1607 int retval = path_lookupat(dfd, name, flags | LOOKUP_RCU, nd);
1608 if (unlikely(retval == -ECHILD))
1609 retval = path_lookupat(dfd, name, flags, nd);
1610 if (unlikely(retval == -ESTALE))
1611 retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
1613 if (likely(!retval)) {
1614 if (unlikely(!audit_dummy_context())) {
1615 if (nd->path.dentry && nd->inode)
1616 audit_inode(name, nd->path.dentry);
1622 int kern_path_parent(const char *name, struct nameidata *nd)
1624 return do_path_lookup(AT_FDCWD, name, LOOKUP_PARENT, nd);
1627 int kern_path(const char *name, unsigned int flags, struct path *path)
1629 struct nameidata nd;
1630 int res = do_path_lookup(AT_FDCWD, name, flags, &nd);
1637 * vfs_path_lookup - lookup a file path relative to a dentry-vfsmount pair
1638 * @dentry: pointer to dentry of the base directory
1639 * @mnt: pointer to vfs mount of the base directory
1640 * @name: pointer to file name
1641 * @flags: lookup flags
1642 * @nd: pointer to nameidata
1644 int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1645 const char *name, unsigned int flags,
1646 struct nameidata *nd)
1648 nd->root.dentry = dentry;
1650 /* the first argument of do_path_lookup() is ignored with LOOKUP_ROOT */
1651 return do_path_lookup(AT_FDCWD, name, flags | LOOKUP_ROOT, nd);
1654 static struct dentry *__lookup_hash(struct qstr *name,
1655 struct dentry *base, struct nameidata *nd)
1657 struct inode *inode = base->d_inode;
1658 struct dentry *dentry;
1661 err = exec_permission(inode, MAY_EXEC);
1663 return ERR_PTR(err);
1666 * Don't bother with __d_lookup: callers are for creat as
1667 * well as unlink, so a lot of the time it would cost
1670 dentry = d_lookup(base, name);
1672 if (dentry && d_need_lookup(dentry)) {
1674 * __lookup_hash is called with the parent dir's i_mutex already
1675 * held, so we are good to go here.
1677 dentry = d_inode_lookup(base, dentry, nd);
1682 if (dentry && (dentry->d_flags & DCACHE_OP_REVALIDATE))
1683 dentry = do_revalidate(dentry, nd);
1686 dentry = d_alloc_and_lookup(base, name, nd);
1692 * Restricted form of lookup. Doesn't follow links, single-component only,
1693 * needs parent already locked. Doesn't follow mounts.
1696 static struct dentry *lookup_hash(struct nameidata *nd)
1698 return __lookup_hash(&nd->last, nd->path.dentry, nd);
1702 * lookup_one_len - filesystem helper to lookup single pathname component
1703 * @name: pathname component to lookup
1704 * @base: base directory to lookup from
1705 * @len: maximum length @len should be interpreted to
1707 * Note that this routine is purely a helper for filesystem usage and should
1708 * not be called by generic code. Also note that by using this function the
1709 * nameidata argument is passed to the filesystem methods and a filesystem
1710 * using this helper needs to be prepared for that.
1712 struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1718 WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex));
1723 return ERR_PTR(-EACCES);
1725 hash = init_name_hash();
1727 c = *(const unsigned char *)name++;
1728 if (c == '/' || c == '\0')
1729 return ERR_PTR(-EACCES);
1730 hash = partial_name_hash(c, hash);
1732 this.hash = end_name_hash(hash);
1734 * See if the low-level filesystem might want
1735 * to use its own hash..
1737 if (base->d_flags & DCACHE_OP_HASH) {
1738 int err = base->d_op->d_hash(base, base->d_inode, &this);
1740 return ERR_PTR(err);
1743 return __lookup_hash(&this, base, NULL);
1746 int user_path_at(int dfd, const char __user *name, unsigned flags,
1749 struct nameidata nd;
1750 char *tmp = getname_flags(name, flags);
1751 int err = PTR_ERR(tmp);
1754 BUG_ON(flags & LOOKUP_PARENT);
1756 err = do_path_lookup(dfd, tmp, flags, &nd);
1764 static int user_path_parent(int dfd, const char __user *path,
1765 struct nameidata *nd, char **name)
1767 char *s = getname(path);
1773 error = do_path_lookup(dfd, s, LOOKUP_PARENT, nd);
1783 * It's inline, so penalty for filesystems that don't use sticky bit is
1786 static inline int check_sticky(struct inode *dir, struct inode *inode)
1788 uid_t fsuid = current_fsuid();
1790 if (!(dir->i_mode & S_ISVTX))
1792 if (current_user_ns() != inode_userns(inode))
1794 if (inode->i_uid == fsuid)
1796 if (dir->i_uid == fsuid)
1800 return !ns_capable(inode_userns(inode), CAP_FOWNER);
1804 * Check whether we can remove a link victim from directory dir, check
1805 * whether the type of victim is right.
1806 * 1. We can't do it if dir is read-only (done in permission())
1807 * 2. We should have write and exec permissions on dir
1808 * 3. We can't remove anything from append-only dir
1809 * 4. We can't do anything with immutable dir (done in permission())
1810 * 5. If the sticky bit on dir is set we should either
1811 * a. be owner of dir, or
1812 * b. be owner of victim, or
1813 * c. have CAP_FOWNER capability
1814 * 6. If the victim is append-only or immutable we can't do antyhing with
1815 * links pointing to it.
1816 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
1817 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
1818 * 9. We can't remove a root or mountpoint.
1819 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
1820 * nfs_async_unlink().
1822 static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1826 if (!victim->d_inode)
1829 BUG_ON(victim->d_parent->d_inode != dir);
1830 audit_inode_child(victim, dir);
1832 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
1837 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1838 IS_IMMUTABLE(victim->d_inode) || IS_SWAPFILE(victim->d_inode))
1841 if (!S_ISDIR(victim->d_inode->i_mode))
1843 if (IS_ROOT(victim))
1845 } else if (S_ISDIR(victim->d_inode->i_mode))
1847 if (IS_DEADDIR(dir))
1849 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1854 /* Check whether we can create an object with dentry child in directory
1856 * 1. We can't do it if child already exists (open has special treatment for
1857 * this case, but since we are inlined it's OK)
1858 * 2. We can't do it if dir is read-only (done in permission())
1859 * 3. We should have write and exec permissions on dir
1860 * 4. We can't do it if dir is immutable (done in permission())
1862 static inline int may_create(struct inode *dir, struct dentry *child)
1866 if (IS_DEADDIR(dir))
1868 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
1872 * p1 and p2 should be directories on the same fs.
1874 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1879 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1883 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1885 p = d_ancestor(p2, p1);
1887 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT);
1888 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD);
1892 p = d_ancestor(p1, p2);
1894 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1895 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1899 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1900 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1904 void unlock_rename(struct dentry *p1, struct dentry *p2)
1906 mutex_unlock(&p1->d_inode->i_mutex);
1908 mutex_unlock(&p2->d_inode->i_mutex);
1909 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1913 int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1914 struct nameidata *nd)
1916 int error = may_create(dir, dentry);
1921 if (!dir->i_op->create)
1922 return -EACCES; /* shouldn't it be ENOSYS? */
1925 error = security_inode_create(dir, dentry, mode);
1928 error = dir->i_op->create(dir, dentry, mode, nd);
1930 fsnotify_create(dir, dentry);
1934 static int may_open(struct path *path, int acc_mode, int flag)
1936 struct dentry *dentry = path->dentry;
1937 struct inode *inode = dentry->d_inode;
1947 switch (inode->i_mode & S_IFMT) {
1951 if (acc_mode & MAY_WRITE)
1956 if (path->mnt->mnt_flags & MNT_NODEV)
1965 error = inode_permission(inode, acc_mode);
1970 * An append-only file must be opened in append mode for writing.
1972 if (IS_APPEND(inode)) {
1973 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
1979 /* O_NOATIME can only be set by the owner or superuser */
1980 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
1984 * Ensure there are no outstanding leases on the file.
1986 return break_lease(inode, flag);
1989 static int handle_truncate(struct file *filp)
1991 struct path *path = &filp->f_path;
1992 struct inode *inode = path->dentry->d_inode;
1993 int error = get_write_access(inode);
1997 * Refuse to truncate files with mandatory locks held on them.
1999 error = locks_verify_locked(inode);
2001 error = security_path_truncate(path);
2003 error = do_truncate(path->dentry, 0,
2004 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
2007 put_write_access(inode);
2012 * Note that while the flag value (low two bits) for sys_open means:
2017 * it is changed into
2018 * 00 - no permissions needed
2019 * 01 - read-permission
2020 * 10 - write-permission
2022 * for the internal routines (ie open_namei()/follow_link() etc)
2023 * This is more logical, and also allows the 00 "no perm needed"
2024 * to be used for symlinks (where the permissions are checked
2028 static inline int open_to_namei_flags(int flag)
2030 if ((flag+1) & O_ACCMODE)
2036 * Handle the last step of open()
2038 static struct file *do_last(struct nameidata *nd, struct path *path,
2039 const struct open_flags *op, const char *pathname)
2041 struct dentry *dir = nd->path.dentry;
2042 struct dentry *dentry;
2043 int open_flag = op->open_flag;
2044 int will_truncate = open_flag & O_TRUNC;
2046 int acc_mode = op->acc_mode;
2050 nd->flags &= ~LOOKUP_PARENT;
2051 nd->flags |= op->intent;
2053 switch (nd->last_type) {
2056 error = handle_dots(nd, nd->last_type);
2058 return ERR_PTR(error);
2061 error = complete_walk(nd);
2063 return ERR_PTR(error);
2064 audit_inode(pathname, nd->path.dentry);
2065 if (open_flag & O_CREAT) {
2071 error = complete_walk(nd);
2073 return ERR_PTR(error);
2074 audit_inode(pathname, dir);
2078 if (!(open_flag & O_CREAT)) {
2080 if (nd->last.name[nd->last.len])
2081 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
2082 if (open_flag & O_PATH && !(nd->flags & LOOKUP_FOLLOW))
2084 /* we _can_ be in RCU mode here */
2085 error = walk_component(nd, path, &nd->last, LAST_NORM,
2088 return ERR_PTR(error);
2089 if (error) /* symlink */
2092 error = complete_walk(nd);
2094 return ERR_PTR(-ECHILD);
2097 if (nd->flags & LOOKUP_DIRECTORY) {
2098 if (!nd->inode->i_op->lookup)
2101 audit_inode(pathname, nd->path.dentry);
2105 /* create side of things */
2106 error = complete_walk(nd);
2108 return ERR_PTR(error);
2110 audit_inode(pathname, dir);
2112 /* trailing slashes? */
2113 if (nd->last.name[nd->last.len])
2116 mutex_lock(&dir->d_inode->i_mutex);
2118 dentry = lookup_hash(nd);
2119 error = PTR_ERR(dentry);
2120 if (IS_ERR(dentry)) {
2121 mutex_unlock(&dir->d_inode->i_mutex);
2125 path->dentry = dentry;
2126 path->mnt = nd->path.mnt;
2128 /* Negative dentry, just create the file */
2129 if (!dentry->d_inode) {
2130 int mode = op->mode;
2131 if (!IS_POSIXACL(dir->d_inode))
2132 mode &= ~current_umask();
2134 * This write is needed to ensure that a
2135 * rw->ro transition does not occur between
2136 * the time when the file is created and when
2137 * a permanent write count is taken through
2138 * the 'struct file' in nameidata_to_filp().
2140 error = mnt_want_write(nd->path.mnt);
2142 goto exit_mutex_unlock;
2144 /* Don't check for write permission, don't truncate */
2145 open_flag &= ~O_TRUNC;
2147 acc_mode = MAY_OPEN;
2148 error = security_path_mknod(&nd->path, dentry, mode, 0);
2150 goto exit_mutex_unlock;
2151 error = vfs_create(dir->d_inode, dentry, mode, nd);
2153 goto exit_mutex_unlock;
2154 mutex_unlock(&dir->d_inode->i_mutex);
2155 dput(nd->path.dentry);
2156 nd->path.dentry = dentry;
2161 * It already exists.
2163 mutex_unlock(&dir->d_inode->i_mutex);
2164 audit_inode(pathname, path->dentry);
2167 if (open_flag & O_EXCL)
2170 error = follow_managed(path, nd->flags);
2175 if (!path->dentry->d_inode)
2178 if (path->dentry->d_inode->i_op->follow_link)
2181 path_to_nameidata(path, nd);
2182 nd->inode = path->dentry->d_inode;
2184 if (S_ISDIR(nd->inode->i_mode))
2187 if (!S_ISREG(nd->inode->i_mode))
2190 if (will_truncate) {
2191 error = mnt_want_write(nd->path.mnt);
2197 error = may_open(&nd->path, acc_mode, open_flag);
2200 filp = nameidata_to_filp(nd);
2201 if (!IS_ERR(filp)) {
2202 error = ima_file_check(filp, op->acc_mode);
2205 filp = ERR_PTR(error);
2208 if (!IS_ERR(filp)) {
2209 if (will_truncate) {
2210 error = handle_truncate(filp);
2213 filp = ERR_PTR(error);
2219 mnt_drop_write(nd->path.mnt);
2220 path_put(&nd->path);
2224 mutex_unlock(&dir->d_inode->i_mutex);
2226 path_put_conditional(path, nd);
2228 filp = ERR_PTR(error);
2232 static struct file *path_openat(int dfd, const char *pathname,
2233 struct nameidata *nd, const struct open_flags *op, int flags)
2235 struct file *base = NULL;
2240 filp = get_empty_filp();
2242 return ERR_PTR(-ENFILE);
2244 filp->f_flags = op->open_flag;
2245 nd->intent.open.file = filp;
2246 nd->intent.open.flags = open_to_namei_flags(op->open_flag);
2247 nd->intent.open.create_mode = op->mode;
2249 error = path_init(dfd, pathname, flags | LOOKUP_PARENT, nd, &base);
2250 if (unlikely(error))
2253 current->total_link_count = 0;
2254 error = link_path_walk(pathname, nd);
2255 if (unlikely(error))
2258 filp = do_last(nd, &path, op, pathname);
2259 while (unlikely(!filp)) { /* trailing symlink */
2260 struct path link = path;
2262 if (!(nd->flags & LOOKUP_FOLLOW)) {
2263 path_put_conditional(&path, nd);
2264 path_put(&nd->path);
2265 filp = ERR_PTR(-ELOOP);
2268 nd->flags |= LOOKUP_PARENT;
2269 nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL);
2270 error = follow_link(&link, nd, &cookie);
2271 if (unlikely(error))
2272 filp = ERR_PTR(error);
2274 filp = do_last(nd, &path, op, pathname);
2275 put_link(nd, &link, cookie);
2278 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT))
2279 path_put(&nd->root);
2282 release_open_intent(nd);
2286 filp = ERR_PTR(error);
2290 struct file *do_filp_open(int dfd, const char *pathname,
2291 const struct open_flags *op, int flags)
2293 struct nameidata nd;
2296 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_RCU);
2297 if (unlikely(filp == ERR_PTR(-ECHILD)))
2298 filp = path_openat(dfd, pathname, &nd, op, flags);
2299 if (unlikely(filp == ERR_PTR(-ESTALE)))
2300 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_REVAL);
2304 struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt,
2305 const char *name, const struct open_flags *op, int flags)
2307 struct nameidata nd;
2311 nd.root.dentry = dentry;
2313 flags |= LOOKUP_ROOT;
2315 if (dentry->d_inode->i_op->follow_link && op->intent & LOOKUP_OPEN)
2316 return ERR_PTR(-ELOOP);
2318 file = path_openat(-1, name, &nd, op, flags | LOOKUP_RCU);
2319 if (unlikely(file == ERR_PTR(-ECHILD)))
2320 file = path_openat(-1, name, &nd, op, flags);
2321 if (unlikely(file == ERR_PTR(-ESTALE)))
2322 file = path_openat(-1, name, &nd, op, flags | LOOKUP_REVAL);
2327 * lookup_create - lookup a dentry, creating it if it doesn't exist
2328 * @nd: nameidata info
2329 * @is_dir: directory flag
2331 * Simple function to lookup and return a dentry and create it
2332 * if it doesn't exist. Is SMP-safe.
2334 * Returns with nd->path.dentry->d_inode->i_mutex locked.
2336 struct dentry *lookup_create(struct nameidata *nd, int is_dir)
2338 struct dentry *dentry = ERR_PTR(-EEXIST);
2340 mutex_lock_nested(&nd->path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2342 * Yucky last component or no last component at all?
2343 * (foo/., foo/.., /////)
2345 if (nd->last_type != LAST_NORM)
2347 nd->flags &= ~LOOKUP_PARENT;
2348 nd->flags |= LOOKUP_CREATE | LOOKUP_EXCL;
2349 nd->intent.open.flags = O_EXCL;
2352 * Do the final lookup.
2354 dentry = lookup_hash(nd);
2358 if (dentry->d_inode)
2361 * Special case - lookup gave negative, but... we had foo/bar/
2362 * From the vfs_mknod() POV we just have a negative dentry -
2363 * all is fine. Let's be bastards - you had / on the end, you've
2364 * been asking for (non-existent) directory. -ENOENT for you.
2366 if (unlikely(!is_dir && nd->last.name[nd->last.len])) {
2368 dentry = ERR_PTR(-ENOENT);
2373 dentry = ERR_PTR(-EEXIST);
2377 EXPORT_SYMBOL_GPL(lookup_create);
2379 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2381 int error = may_create(dir, dentry);
2386 if ((S_ISCHR(mode) || S_ISBLK(mode)) &&
2387 !ns_capable(inode_userns(dir), CAP_MKNOD))
2390 if (!dir->i_op->mknod)
2393 error = devcgroup_inode_mknod(mode, dev);
2397 error = security_inode_mknod(dir, dentry, mode, dev);
2401 error = dir->i_op->mknod(dir, dentry, mode, dev);
2403 fsnotify_create(dir, dentry);
2407 static int may_mknod(mode_t mode)
2409 switch (mode & S_IFMT) {
2415 case 0: /* zero mode translates to S_IFREG */
2424 SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
2429 struct dentry *dentry;
2430 struct nameidata nd;
2435 error = user_path_parent(dfd, filename, &nd, &tmp);
2439 dentry = lookup_create(&nd, 0);
2440 if (IS_ERR(dentry)) {
2441 error = PTR_ERR(dentry);
2444 if (!IS_POSIXACL(nd.path.dentry->d_inode))
2445 mode &= ~current_umask();
2446 error = may_mknod(mode);
2449 error = mnt_want_write(nd.path.mnt);
2452 error = security_path_mknod(&nd.path, dentry, mode, dev);
2454 goto out_drop_write;
2455 switch (mode & S_IFMT) {
2456 case 0: case S_IFREG:
2457 error = vfs_create(nd.path.dentry->d_inode,dentry,mode,&nd);
2459 case S_IFCHR: case S_IFBLK:
2460 error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,
2461 new_decode_dev(dev));
2463 case S_IFIFO: case S_IFSOCK:
2464 error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,0);
2468 mnt_drop_write(nd.path.mnt);
2472 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2479 SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev)
2481 return sys_mknodat(AT_FDCWD, filename, mode, dev);
2484 int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
2486 int error = may_create(dir, dentry);
2491 if (!dir->i_op->mkdir)
2494 mode &= (S_IRWXUGO|S_ISVTX);
2495 error = security_inode_mkdir(dir, dentry, mode);
2499 error = dir->i_op->mkdir(dir, dentry, mode);
2501 fsnotify_mkdir(dir, dentry);
2505 SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
2509 struct dentry *dentry;
2510 struct nameidata nd;
2512 error = user_path_parent(dfd, pathname, &nd, &tmp);
2516 dentry = lookup_create(&nd, 1);
2517 error = PTR_ERR(dentry);
2521 if (!IS_POSIXACL(nd.path.dentry->d_inode))
2522 mode &= ~current_umask();
2523 error = mnt_want_write(nd.path.mnt);
2526 error = security_path_mkdir(&nd.path, dentry, mode);
2528 goto out_drop_write;
2529 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
2531 mnt_drop_write(nd.path.mnt);
2535 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2542 SYSCALL_DEFINE2(mkdir, const char __user *, pathname, int, mode)
2544 return sys_mkdirat(AT_FDCWD, pathname, mode);
2548 * The dentry_unhash() helper will try to drop the dentry early: we
2549 * should have a usage count of 2 if we're the only user of this
2550 * dentry, and if that is true (possibly after pruning the dcache),
2551 * then we drop the dentry now.
2553 * A low-level filesystem can, if it choses, legally
2556 * if (!d_unhashed(dentry))
2559 * if it cannot handle the case of removing a directory
2560 * that is still in use by something else..
2562 void dentry_unhash(struct dentry *dentry)
2564 shrink_dcache_parent(dentry);
2565 spin_lock(&dentry->d_lock);
2566 if (dentry->d_count == 1)
2568 spin_unlock(&dentry->d_lock);
2571 int vfs_rmdir(struct inode *dir, struct dentry *dentry)
2573 int error = may_delete(dir, dentry, 1);
2578 if (!dir->i_op->rmdir)
2581 mutex_lock(&dentry->d_inode->i_mutex);
2584 if (d_mountpoint(dentry))
2587 error = security_inode_rmdir(dir, dentry);
2591 shrink_dcache_parent(dentry);
2592 error = dir->i_op->rmdir(dir, dentry);
2596 dentry->d_inode->i_flags |= S_DEAD;
2600 mutex_unlock(&dentry->d_inode->i_mutex);
2606 static long do_rmdir(int dfd, const char __user *pathname)
2610 struct dentry *dentry;
2611 struct nameidata nd;
2613 error = user_path_parent(dfd, pathname, &nd, &name);
2617 switch(nd.last_type) {
2629 nd.flags &= ~LOOKUP_PARENT;
2631 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2632 dentry = lookup_hash(&nd);
2633 error = PTR_ERR(dentry);
2636 if (!dentry->d_inode) {
2640 error = mnt_want_write(nd.path.mnt);
2643 error = security_path_rmdir(&nd.path, dentry);
2646 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
2648 mnt_drop_write(nd.path.mnt);
2652 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2659 SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
2661 return do_rmdir(AT_FDCWD, pathname);
2664 int vfs_unlink(struct inode *dir, struct dentry *dentry)
2666 int error = may_delete(dir, dentry, 0);
2671 if (!dir->i_op->unlink)
2674 mutex_lock(&dentry->d_inode->i_mutex);
2675 if (d_mountpoint(dentry))
2678 error = security_inode_unlink(dir, dentry);
2680 error = dir->i_op->unlink(dir, dentry);
2685 mutex_unlock(&dentry->d_inode->i_mutex);
2687 /* We don't d_delete() NFS sillyrenamed files--they still exist. */
2688 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
2689 fsnotify_link_count(dentry->d_inode);
2697 * Make sure that the actual truncation of the file will occur outside its
2698 * directory's i_mutex. Truncate can take a long time if there is a lot of
2699 * writeout happening, and we don't want to prevent access to the directory
2700 * while waiting on the I/O.
2702 static long do_unlinkat(int dfd, const char __user *pathname)
2706 struct dentry *dentry;
2707 struct nameidata nd;
2708 struct inode *inode = NULL;
2710 error = user_path_parent(dfd, pathname, &nd, &name);
2715 if (nd.last_type != LAST_NORM)
2718 nd.flags &= ~LOOKUP_PARENT;
2720 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2721 dentry = lookup_hash(&nd);
2722 error = PTR_ERR(dentry);
2723 if (!IS_ERR(dentry)) {
2724 /* Why not before? Because we want correct error value */
2725 if (nd.last.name[nd.last.len])
2727 inode = dentry->d_inode;
2731 error = mnt_want_write(nd.path.mnt);
2734 error = security_path_unlink(&nd.path, dentry);
2737 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
2739 mnt_drop_write(nd.path.mnt);
2743 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2745 iput(inode); /* truncate the inode here */
2752 error = !dentry->d_inode ? -ENOENT :
2753 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2757 SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
2759 if ((flag & ~AT_REMOVEDIR) != 0)
2762 if (flag & AT_REMOVEDIR)
2763 return do_rmdir(dfd, pathname);
2765 return do_unlinkat(dfd, pathname);
2768 SYSCALL_DEFINE1(unlink, const char __user *, pathname)
2770 return do_unlinkat(AT_FDCWD, pathname);
2773 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
2775 int error = may_create(dir, dentry);
2780 if (!dir->i_op->symlink)
2783 error = security_inode_symlink(dir, dentry, oldname);
2787 error = dir->i_op->symlink(dir, dentry, oldname);
2789 fsnotify_create(dir, dentry);
2793 SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
2794 int, newdfd, const char __user *, newname)
2799 struct dentry *dentry;
2800 struct nameidata nd;
2802 from = getname(oldname);
2804 return PTR_ERR(from);
2806 error = user_path_parent(newdfd, newname, &nd, &to);
2810 dentry = lookup_create(&nd, 0);
2811 error = PTR_ERR(dentry);
2815 error = mnt_want_write(nd.path.mnt);
2818 error = security_path_symlink(&nd.path, dentry, from);
2820 goto out_drop_write;
2821 error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
2823 mnt_drop_write(nd.path.mnt);
2827 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2835 SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
2837 return sys_symlinkat(oldname, AT_FDCWD, newname);
2840 int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2842 struct inode *inode = old_dentry->d_inode;
2848 error = may_create(dir, new_dentry);
2852 if (dir->i_sb != inode->i_sb)
2856 * A link to an append-only or immutable file cannot be created.
2858 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2860 if (!dir->i_op->link)
2862 if (S_ISDIR(inode->i_mode))
2865 error = security_inode_link(old_dentry, dir, new_dentry);
2869 mutex_lock(&inode->i_mutex);
2870 /* Make sure we don't allow creating hardlink to an unlinked file */
2871 if (inode->i_nlink == 0)
2874 error = dir->i_op->link(old_dentry, dir, new_dentry);
2875 mutex_unlock(&inode->i_mutex);
2877 fsnotify_link(dir, inode, new_dentry);
2882 * Hardlinks are often used in delicate situations. We avoid
2883 * security-related surprises by not following symlinks on the
2886 * We don't follow them on the oldname either to be compatible
2887 * with linux 2.0, and to avoid hard-linking to directories
2888 * and other special files. --ADM
2890 SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
2891 int, newdfd, const char __user *, newname, int, flags)
2893 struct dentry *new_dentry;
2894 struct nameidata nd;
2895 struct path old_path;
2900 if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
2903 * To use null names we require CAP_DAC_READ_SEARCH
2904 * This ensures that not everyone will be able to create
2905 * handlink using the passed filedescriptor.
2907 if (flags & AT_EMPTY_PATH) {
2908 if (!capable(CAP_DAC_READ_SEARCH))
2913 if (flags & AT_SYMLINK_FOLLOW)
2914 how |= LOOKUP_FOLLOW;
2916 error = user_path_at(olddfd, oldname, how, &old_path);
2920 error = user_path_parent(newdfd, newname, &nd, &to);
2924 if (old_path.mnt != nd.path.mnt)
2926 new_dentry = lookup_create(&nd, 0);
2927 error = PTR_ERR(new_dentry);
2928 if (IS_ERR(new_dentry))
2930 error = mnt_want_write(nd.path.mnt);
2933 error = security_path_link(old_path.dentry, &nd.path, new_dentry);
2935 goto out_drop_write;
2936 error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
2938 mnt_drop_write(nd.path.mnt);
2942 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2947 path_put(&old_path);
2952 SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
2954 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
2958 * The worst of all namespace operations - renaming directory. "Perverted"
2959 * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
2961 * a) we can get into loop creation. Check is done in is_subdir().
2962 * b) race potential - two innocent renames can create a loop together.
2963 * That's where 4.4 screws up. Current fix: serialization on
2964 * sb->s_vfs_rename_mutex. We might be more accurate, but that's another
2966 * c) we have to lock _three_ objects - parents and victim (if it exists).
2967 * And that - after we got ->i_mutex on parents (until then we don't know
2968 * whether the target exists). Solution: try to be smart with locking
2969 * order for inodes. We rely on the fact that tree topology may change
2970 * only under ->s_vfs_rename_mutex _and_ that parent of the object we
2971 * move will be locked. Thus we can rank directories by the tree
2972 * (ancestors first) and rank all non-directories after them.
2973 * That works since everybody except rename does "lock parent, lookup,
2974 * lock child" and rename is under ->s_vfs_rename_mutex.
2975 * HOWEVER, it relies on the assumption that any object with ->lookup()
2976 * has no more than 1 dentry. If "hybrid" objects will ever appear,
2977 * we'd better make sure that there's no link(2) for them.
2978 * d) conversion from fhandle to dentry may come in the wrong moment - when
2979 * we are removing the target. Solution: we will have to grab ->i_mutex
2980 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
2981 * ->i_mutex on parents, which works but leads to some truly excessive
2984 static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
2985 struct inode *new_dir, struct dentry *new_dentry)
2988 struct inode *target = new_dentry->d_inode;
2991 * If we are going to change the parent - check write permissions,
2992 * we'll need to flip '..'.
2994 if (new_dir != old_dir) {
2995 error = inode_permission(old_dentry->d_inode, MAY_WRITE);
3000 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3005 mutex_lock(&target->i_mutex);
3008 if (d_mountpoint(old_dentry) || d_mountpoint(new_dentry))
3012 shrink_dcache_parent(new_dentry);
3013 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3018 target->i_flags |= S_DEAD;
3019 dont_mount(new_dentry);
3023 mutex_unlock(&target->i_mutex);
3025 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3026 d_move(old_dentry,new_dentry);
3030 static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
3031 struct inode *new_dir, struct dentry *new_dentry)
3033 struct inode *target = new_dentry->d_inode;
3036 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3042 mutex_lock(&target->i_mutex);
3045 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
3048 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3053 dont_mount(new_dentry);
3054 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3055 d_move(old_dentry, new_dentry);
3058 mutex_unlock(&target->i_mutex);
3063 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
3064 struct inode *new_dir, struct dentry *new_dentry)
3067 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
3068 const unsigned char *old_name;
3070 if (old_dentry->d_inode == new_dentry->d_inode)
3073 error = may_delete(old_dir, old_dentry, is_dir);
3077 if (!new_dentry->d_inode)
3078 error = may_create(new_dir, new_dentry);
3080 error = may_delete(new_dir, new_dentry, is_dir);
3084 if (!old_dir->i_op->rename)
3087 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
3090 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
3092 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
3094 fsnotify_move(old_dir, new_dir, old_name, is_dir,
3095 new_dentry->d_inode, old_dentry);
3096 fsnotify_oldname_free(old_name);
3101 SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3102 int, newdfd, const char __user *, newname)
3104 struct dentry *old_dir, *new_dir;
3105 struct dentry *old_dentry, *new_dentry;
3106 struct dentry *trap;
3107 struct nameidata oldnd, newnd;
3112 error = user_path_parent(olddfd, oldname, &oldnd, &from);
3116 error = user_path_parent(newdfd, newname, &newnd, &to);
3121 if (oldnd.path.mnt != newnd.path.mnt)
3124 old_dir = oldnd.path.dentry;
3126 if (oldnd.last_type != LAST_NORM)
3129 new_dir = newnd.path.dentry;
3130 if (newnd.last_type != LAST_NORM)
3133 oldnd.flags &= ~LOOKUP_PARENT;
3134 newnd.flags &= ~LOOKUP_PARENT;
3135 newnd.flags |= LOOKUP_RENAME_TARGET;
3137 trap = lock_rename(new_dir, old_dir);
3139 old_dentry = lookup_hash(&oldnd);
3140 error = PTR_ERR(old_dentry);
3141 if (IS_ERR(old_dentry))
3143 /* source must exist */
3145 if (!old_dentry->d_inode)
3147 /* unless the source is a directory trailing slashes give -ENOTDIR */
3148 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
3150 if (oldnd.last.name[oldnd.last.len])
3152 if (newnd.last.name[newnd.last.len])
3155 /* source should not be ancestor of target */
3157 if (old_dentry == trap)
3159 new_dentry = lookup_hash(&newnd);
3160 error = PTR_ERR(new_dentry);
3161 if (IS_ERR(new_dentry))
3163 /* target should not be an ancestor of source */
3165 if (new_dentry == trap)
3168 error = mnt_want_write(oldnd.path.mnt);
3171 error = security_path_rename(&oldnd.path, old_dentry,
3172 &newnd.path, new_dentry);
3175 error = vfs_rename(old_dir->d_inode, old_dentry,
3176 new_dir->d_inode, new_dentry);
3178 mnt_drop_write(oldnd.path.mnt);
3184 unlock_rename(new_dir, old_dir);
3186 path_put(&newnd.path);
3189 path_put(&oldnd.path);
3195 SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
3197 return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname);
3200 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
3204 len = PTR_ERR(link);
3209 if (len > (unsigned) buflen)
3211 if (copy_to_user(buffer, link, len))
3218 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
3219 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
3220 * using) it for any given inode is up to filesystem.
3222 int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3224 struct nameidata nd;
3229 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
3231 return PTR_ERR(cookie);
3233 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
3234 if (dentry->d_inode->i_op->put_link)
3235 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
3239 int vfs_follow_link(struct nameidata *nd, const char *link)
3241 return __vfs_follow_link(nd, link);
3244 /* get the link contents into pagecache */
3245 static char *page_getlink(struct dentry * dentry, struct page **ppage)
3249 struct address_space *mapping = dentry->d_inode->i_mapping;
3250 page = read_mapping_page(mapping, 0, NULL);
3255 nd_terminate_link(kaddr, dentry->d_inode->i_size, PAGE_SIZE - 1);
3259 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3261 struct page *page = NULL;
3262 char *s = page_getlink(dentry, &page);
3263 int res = vfs_readlink(dentry,buffer,buflen,s);
3266 page_cache_release(page);
3271 void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
3273 struct page *page = NULL;
3274 nd_set_link(nd, page_getlink(dentry, &page));
3278 void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
3280 struct page *page = cookie;
3284 page_cache_release(page);
3289 * The nofs argument instructs pagecache_write_begin to pass AOP_FLAG_NOFS
3291 int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
3293 struct address_space *mapping = inode->i_mapping;
3298 unsigned int flags = AOP_FLAG_UNINTERRUPTIBLE;
3300 flags |= AOP_FLAG_NOFS;
3303 err = pagecache_write_begin(NULL, mapping, 0, len-1,
3304 flags, &page, &fsdata);
3308 kaddr = kmap_atomic(page, KM_USER0);
3309 memcpy(kaddr, symname, len-1);
3310 kunmap_atomic(kaddr, KM_USER0);
3312 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
3319 mark_inode_dirty(inode);
3325 int page_symlink(struct inode *inode, const char *symname, int len)
3327 return __page_symlink(inode, symname, len,
3328 !(mapping_gfp_mask(inode->i_mapping) & __GFP_FS));
3331 const struct inode_operations page_symlink_inode_operations = {
3332 .readlink = generic_readlink,
3333 .follow_link = page_follow_link_light,
3334 .put_link = page_put_link,
3337 EXPORT_SYMBOL(user_path_at);
3338 EXPORT_SYMBOL(follow_down_one);
3339 EXPORT_SYMBOL(follow_down);
3340 EXPORT_SYMBOL(follow_up);
3341 EXPORT_SYMBOL(get_write_access); /* binfmt_aout */
3342 EXPORT_SYMBOL(getname);
3343 EXPORT_SYMBOL(lock_rename);
3344 EXPORT_SYMBOL(lookup_one_len);
3345 EXPORT_SYMBOL(page_follow_link_light);
3346 EXPORT_SYMBOL(page_put_link);
3347 EXPORT_SYMBOL(page_readlink);
3348 EXPORT_SYMBOL(__page_symlink);
3349 EXPORT_SYMBOL(page_symlink);
3350 EXPORT_SYMBOL(page_symlink_inode_operations);
3351 EXPORT_SYMBOL(kern_path_parent);
3352 EXPORT_SYMBOL(kern_path);
3353 EXPORT_SYMBOL(vfs_path_lookup);
3354 EXPORT_SYMBOL(inode_permission);
3355 EXPORT_SYMBOL(unlock_rename);
3356 EXPORT_SYMBOL(vfs_create);
3357 EXPORT_SYMBOL(vfs_follow_link);
3358 EXPORT_SYMBOL(vfs_link);
3359 EXPORT_SYMBOL(vfs_mkdir);
3360 EXPORT_SYMBOL(vfs_mknod);
3361 EXPORT_SYMBOL(generic_permission);
3362 EXPORT_SYMBOL(vfs_readlink);
3363 EXPORT_SYMBOL(vfs_rename);
3364 EXPORT_SYMBOL(vfs_rmdir);
3365 EXPORT_SYMBOL(vfs_symlink);
3366 EXPORT_SYMBOL(vfs_unlink);
3367 EXPORT_SYMBOL(dentry_unhash);
3368 EXPORT_SYMBOL(generic_readlink);