4 * Copyright (C) 1991, 1992 Linus Torvalds
8 * Some corrections by tytso.
11 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
14 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
21 #include <linux/namei.h>
22 #include <linux/pagemap.h>
23 #include <linux/fsnotify.h>
24 #include <linux/personality.h>
25 #include <linux/security.h>
26 #include <linux/ima.h>
27 #include <linux/syscalls.h>
28 #include <linux/mount.h>
29 #include <linux/audit.h>
30 #include <linux/capability.h>
31 #include <linux/file.h>
32 #include <linux/fcntl.h>
33 #include <linux/device_cgroup.h>
34 #include <linux/fs_struct.h>
35 #include <asm/uaccess.h>
39 /* [Feb-1997 T. Schoebel-Theuer]
40 * Fundamental changes in the pathname lookup mechanisms (namei)
41 * were necessary because of omirr. The reason is that omirr needs
42 * to know the _real_ pathname, not the user-supplied one, in case
43 * of symlinks (and also when transname replacements occur).
45 * The new code replaces the old recursive symlink resolution with
46 * an iterative one (in case of non-nested symlink chains). It does
47 * this with calls to <fs>_follow_link().
48 * As a side effect, dir_namei(), _namei() and follow_link() are now
49 * replaced with a single function lookup_dentry() that can handle all
50 * the special cases of the former code.
52 * With the new dcache, the pathname is stored at each inode, at least as
53 * long as the refcount of the inode is positive. As a side effect, the
54 * size of the dcache depends on the inode cache and thus is dynamic.
56 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
57 * resolution to correspond with current state of the code.
59 * Note that the symlink resolution is not *completely* iterative.
60 * There is still a significant amount of tail- and mid- recursion in
61 * the algorithm. Also, note that <fs>_readlink() is not used in
62 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
63 * may return different results than <fs>_follow_link(). Many virtual
64 * filesystems (including /proc) exhibit this behavior.
67 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
68 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
69 * and the name already exists in form of a symlink, try to create the new
70 * name indicated by the symlink. The old code always complained that the
71 * name already exists, due to not following the symlink even if its target
72 * is nonexistent. The new semantics affects also mknod() and link() when
73 * the name is a symlink pointing to a non-existent name.
75 * I don't know which semantics is the right one, since I have no access
76 * to standards. But I found by trial that HP-UX 9.0 has the full "new"
77 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
78 * "old" one. Personally, I think the new semantics is much more logical.
79 * Note that "ln old new" where "new" is a symlink pointing to a non-existing
80 * file does succeed in both HP-UX and SunOs, but not in Solaris
81 * and in the old Linux semantics.
84 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
85 * semantics. See the comments in "open_namei" and "do_link" below.
87 * [10-Sep-98 Alan Modra] Another symlink change.
90 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
91 * inside the path - always follow.
92 * in the last component in creation/removal/renaming - never follow.
93 * if LOOKUP_FOLLOW passed - follow.
94 * if the pathname has trailing slashes - follow.
95 * otherwise - don't follow.
96 * (applied in that order).
98 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
99 * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
100 * During the 2.4 we need to fix the userland stuff depending on it -
101 * hopefully we will be able to get rid of that wart in 2.5. So far only
102 * XEmacs seems to be relying on it...
105 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
106 * implemented. Let's see if raised priority of ->s_vfs_rename_mutex gives
107 * any extra contention...
110 /* In order to reduce some races, while at the same time doing additional
111 * checking and hopefully speeding things up, we copy filenames to the
112 * kernel data space before using them..
114 * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
115 * PATH_MAX includes the nul terminator --RR.
117 static int do_getname(const char __user *filename, char *page)
120 unsigned long len = PATH_MAX;
122 if (!segment_eq(get_fs(), KERNEL_DS)) {
123 if ((unsigned long) filename >= TASK_SIZE)
125 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
126 len = TASK_SIZE - (unsigned long) filename;
129 retval = strncpy_from_user(page, filename, len);
133 return -ENAMETOOLONG;
139 static char *getname_flags(const char __user * filename, int flags)
143 result = ERR_PTR(-ENOMEM);
146 int retval = do_getname(filename, tmp);
150 if (retval != -ENOENT || !(flags & LOOKUP_EMPTY)) {
152 result = ERR_PTR(retval);
156 audit_getname(result);
160 char *getname(const char __user * filename)
162 return getname_flags(filename, 0);
165 #ifdef CONFIG_AUDITSYSCALL
166 void putname(const char *name)
168 if (unlikely(!audit_dummy_context()))
173 EXPORT_SYMBOL(putname);
177 * This does basic POSIX ACL permission checking
179 static int acl_permission_check(struct inode *inode, int mask)
181 int (*check_acl)(struct inode *inode, int mask);
182 unsigned int mode = inode->i_mode;
184 mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK;
186 if (current_user_ns() != inode_userns(inode))
189 if (current_fsuid() == inode->i_uid)
192 check_acl = inode->i_op->check_acl;
193 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
194 int error = check_acl(inode, mask);
195 if (error != -EAGAIN)
199 if (in_group_p(inode->i_gid))
205 * If the DACs are ok we don't need any capability check.
207 if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
213 * generic_permission - check for access rights on a Posix-like filesystem
214 * @inode: inode to check access rights for
215 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
217 * Used to check for read/write/execute permissions on a file.
218 * We use "fsuid" for this, letting us set arbitrary permissions
219 * for filesystem access without changing the "normal" uids which
220 * are used for other things.
222 * generic_permission is rcu-walk aware. It returns -ECHILD in case an rcu-walk
223 * request cannot be satisfied (eg. requires blocking or too much complexity).
224 * It would then be called again in ref-walk mode.
226 int generic_permission(struct inode *inode, int mask)
231 * Do the basic POSIX ACL permission checks.
233 ret = acl_permission_check(inode, mask);
237 if (S_ISDIR(inode->i_mode)) {
238 /* DACs are overridable for directories */
239 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
241 if (!(mask & MAY_WRITE))
242 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
247 * Read/write DACs are always overridable.
248 * Executable DACs are overridable when there is
249 * at least one exec bit set.
251 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
252 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
256 * Searching includes executable on directories, else just read.
258 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
259 if (mask == MAY_READ)
260 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
267 * inode_permission - check for access rights to a given inode
268 * @inode: inode to check permission on
269 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
271 * Used to check for read/write/execute permissions on an inode.
272 * We use "fsuid" for this, letting us set arbitrary permissions
273 * for filesystem access without changing the "normal" uids which
274 * are used for other things.
276 int inode_permission(struct inode *inode, int mask)
280 if (mask & MAY_WRITE) {
281 umode_t mode = inode->i_mode;
284 * Nobody gets write access to a read-only fs.
286 if (IS_RDONLY(inode) &&
287 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
291 * Nobody gets write access to an immutable file.
293 if (IS_IMMUTABLE(inode))
297 if (inode->i_op->permission)
298 retval = inode->i_op->permission(inode, mask);
300 retval = generic_permission(inode, mask);
305 retval = devcgroup_inode_permission(inode, mask);
309 return security_inode_permission(inode, mask);
313 * path_get - get a reference to a path
314 * @path: path to get the reference to
316 * Given a path increment the reference count to the dentry and the vfsmount.
318 void path_get(struct path *path)
323 EXPORT_SYMBOL(path_get);
326 * path_put - put a reference to a path
327 * @path: path to put the reference to
329 * Given a path decrement the reference count to the dentry and the vfsmount.
331 void path_put(struct path *path)
336 EXPORT_SYMBOL(path_put);
339 * Path walking has 2 modes, rcu-walk and ref-walk (see
340 * Documentation/filesystems/path-lookup.txt). In situations when we can't
341 * continue in RCU mode, we attempt to drop out of rcu-walk mode and grab
342 * normal reference counts on dentries and vfsmounts to transition to rcu-walk
343 * mode. Refcounts are grabbed at the last known good point before rcu-walk
344 * got stuck, so ref-walk may continue from there. If this is not successful
345 * (eg. a seqcount has changed), then failure is returned and it's up to caller
346 * to restart the path walk from the beginning in ref-walk mode.
350 * unlazy_walk - try to switch to ref-walk mode.
351 * @nd: nameidata pathwalk data
352 * @dentry: child of nd->path.dentry or NULL
353 * Returns: 0 on success, -ECHILD on failure
355 * unlazy_walk attempts to legitimize the current nd->path, nd->root and dentry
356 * for ref-walk mode. @dentry must be a path found by a do_lookup call on
357 * @nd or NULL. Must be called from rcu-walk context.
359 static int unlazy_walk(struct nameidata *nd, struct dentry *dentry)
361 struct fs_struct *fs = current->fs;
362 struct dentry *parent = nd->path.dentry;
365 BUG_ON(!(nd->flags & LOOKUP_RCU));
366 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
368 spin_lock(&fs->lock);
369 if (nd->root.mnt != fs->root.mnt ||
370 nd->root.dentry != fs->root.dentry)
373 spin_lock(&parent->d_lock);
375 if (!__d_rcu_to_refcount(parent, nd->seq))
377 BUG_ON(nd->inode != parent->d_inode);
379 if (dentry->d_parent != parent)
381 spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
382 if (!__d_rcu_to_refcount(dentry, nd->seq))
385 * If the sequence check on the child dentry passed, then
386 * the child has not been removed from its parent. This
387 * means the parent dentry must be valid and able to take
388 * a reference at this point.
390 BUG_ON(!IS_ROOT(dentry) && dentry->d_parent != parent);
391 BUG_ON(!parent->d_count);
393 spin_unlock(&dentry->d_lock);
395 spin_unlock(&parent->d_lock);
398 spin_unlock(&fs->lock);
400 mntget(nd->path.mnt);
403 br_read_unlock(vfsmount_lock);
404 nd->flags &= ~LOOKUP_RCU;
408 spin_unlock(&dentry->d_lock);
410 spin_unlock(&parent->d_lock);
413 spin_unlock(&fs->lock);
418 * release_open_intent - free up open intent resources
419 * @nd: pointer to nameidata
421 void release_open_intent(struct nameidata *nd)
423 struct file *file = nd->intent.open.file;
425 if (file && !IS_ERR(file)) {
426 if (file->f_path.dentry == NULL)
433 static inline int d_revalidate(struct dentry *dentry, struct nameidata *nd)
435 return dentry->d_op->d_revalidate(dentry, nd);
439 * complete_walk - successful completion of path walk
440 * @nd: pointer nameidata
442 * If we had been in RCU mode, drop out of it and legitimize nd->path.
443 * Revalidate the final result, unless we'd already done that during
444 * the path walk or the filesystem doesn't ask for it. Return 0 on
445 * success, -error on failure. In case of failure caller does not
446 * need to drop nd->path.
448 static int complete_walk(struct nameidata *nd)
450 struct dentry *dentry = nd->path.dentry;
453 if (nd->flags & LOOKUP_RCU) {
454 nd->flags &= ~LOOKUP_RCU;
455 if (!(nd->flags & LOOKUP_ROOT))
457 spin_lock(&dentry->d_lock);
458 if (unlikely(!__d_rcu_to_refcount(dentry, nd->seq))) {
459 spin_unlock(&dentry->d_lock);
461 br_read_unlock(vfsmount_lock);
464 BUG_ON(nd->inode != dentry->d_inode);
465 spin_unlock(&dentry->d_lock);
466 mntget(nd->path.mnt);
468 br_read_unlock(vfsmount_lock);
471 if (likely(!(nd->flags & LOOKUP_JUMPED)))
474 if (likely(!(dentry->d_flags & DCACHE_OP_REVALIDATE)))
477 if (likely(!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)))
480 /* Note: we do not d_invalidate() */
481 status = d_revalidate(dentry, nd);
492 static __always_inline void set_root(struct nameidata *nd)
495 get_fs_root(current->fs, &nd->root);
498 static int link_path_walk(const char *, struct nameidata *);
500 static __always_inline void set_root_rcu(struct nameidata *nd)
503 struct fs_struct *fs = current->fs;
507 seq = read_seqcount_begin(&fs->seq);
509 nd->seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
510 } while (read_seqcount_retry(&fs->seq, seq));
514 static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
526 nd->flags |= LOOKUP_JUMPED;
528 nd->inode = nd->path.dentry->d_inode;
530 ret = link_path_walk(link, nd);
534 return PTR_ERR(link);
537 static void path_put_conditional(struct path *path, struct nameidata *nd)
540 if (path->mnt != nd->path.mnt)
544 static inline void path_to_nameidata(const struct path *path,
545 struct nameidata *nd)
547 if (!(nd->flags & LOOKUP_RCU)) {
548 dput(nd->path.dentry);
549 if (nd->path.mnt != path->mnt)
550 mntput(nd->path.mnt);
552 nd->path.mnt = path->mnt;
553 nd->path.dentry = path->dentry;
556 static inline void put_link(struct nameidata *nd, struct path *link, void *cookie)
558 struct inode *inode = link->dentry->d_inode;
559 if (!IS_ERR(cookie) && inode->i_op->put_link)
560 inode->i_op->put_link(link->dentry, nd, cookie);
564 static __always_inline int
565 follow_link(struct path *link, struct nameidata *nd, void **p)
568 struct dentry *dentry = link->dentry;
570 BUG_ON(nd->flags & LOOKUP_RCU);
572 if (link->mnt == nd->path.mnt)
575 if (unlikely(current->total_link_count >= 40)) {
576 *p = ERR_PTR(-ELOOP); /* no ->put_link(), please */
581 current->total_link_count++;
583 touch_atime(link->mnt, dentry);
584 nd_set_link(nd, NULL);
586 error = security_inode_follow_link(link->dentry, nd);
588 *p = ERR_PTR(error); /* no ->put_link(), please */
593 nd->last_type = LAST_BIND;
594 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
597 char *s = nd_get_link(nd);
600 error = __vfs_follow_link(nd, s);
601 else if (nd->last_type == LAST_BIND) {
602 nd->flags |= LOOKUP_JUMPED;
603 nd->inode = nd->path.dentry->d_inode;
604 if (nd->inode->i_op->follow_link) {
605 /* stepped on a _really_ weird one */
614 static int follow_up_rcu(struct path *path)
616 struct vfsmount *parent;
617 struct dentry *mountpoint;
619 parent = path->mnt->mnt_parent;
620 if (parent == path->mnt)
622 mountpoint = path->mnt->mnt_mountpoint;
623 path->dentry = mountpoint;
628 int follow_up(struct path *path)
630 struct vfsmount *parent;
631 struct dentry *mountpoint;
633 br_read_lock(vfsmount_lock);
634 parent = path->mnt->mnt_parent;
635 if (parent == path->mnt) {
636 br_read_unlock(vfsmount_lock);
640 mountpoint = dget(path->mnt->mnt_mountpoint);
641 br_read_unlock(vfsmount_lock);
643 path->dentry = mountpoint;
650 * Perform an automount
651 * - return -EISDIR to tell follow_managed() to stop and return the path we
654 static int follow_automount(struct path *path, unsigned flags,
657 struct vfsmount *mnt;
660 if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
663 /* We don't want to mount if someone supplied AT_NO_AUTOMOUNT
664 * and this is the terminal part of the path.
666 if ((flags & LOOKUP_NO_AUTOMOUNT) && !(flags & LOOKUP_PARENT))
667 return -EISDIR; /* we actually want to stop here */
669 /* We want to mount if someone is trying to open/create a file of any
670 * type under the mountpoint, wants to traverse through the mountpoint
671 * or wants to open the mounted directory.
673 * We don't want to mount if someone's just doing a stat and they've
674 * set AT_SYMLINK_NOFOLLOW - unless they're stat'ing a directory and
675 * appended a '/' to the name.
677 if (!(flags & LOOKUP_FOLLOW) &&
678 !(flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY |
679 LOOKUP_OPEN | LOOKUP_CREATE)))
682 current->total_link_count++;
683 if (current->total_link_count >= 40)
686 mnt = path->dentry->d_op->d_automount(path);
689 * The filesystem is allowed to return -EISDIR here to indicate
690 * it doesn't want to automount. For instance, autofs would do
691 * this so that its userspace daemon can mount on this dentry.
693 * However, we can only permit this if it's a terminal point in
694 * the path being looked up; if it wasn't then the remainder of
695 * the path is inaccessible and we should say so.
697 if (PTR_ERR(mnt) == -EISDIR && (flags & LOOKUP_PARENT))
702 if (!mnt) /* mount collision */
706 /* lock_mount() may release path->mnt on error */
710 err = finish_automount(mnt, path);
714 /* Someone else made a mount here whilst we were busy */
719 path->dentry = dget(mnt->mnt_root);
728 * Handle a dentry that is managed in some way.
729 * - Flagged for transit management (autofs)
730 * - Flagged as mountpoint
731 * - Flagged as automount point
733 * This may only be called in refwalk mode.
735 * Serialization is taken care of in namespace.c
737 static int follow_managed(struct path *path, unsigned flags)
739 struct vfsmount *mnt = path->mnt; /* held by caller, must be left alone */
741 bool need_mntput = false;
744 /* Given that we're not holding a lock here, we retain the value in a
745 * local variable for each dentry as we look at it so that we don't see
746 * the components of that value change under us */
747 while (managed = ACCESS_ONCE(path->dentry->d_flags),
748 managed &= DCACHE_MANAGED_DENTRY,
749 unlikely(managed != 0)) {
750 /* Allow the filesystem to manage the transit without i_mutex
752 if (managed & DCACHE_MANAGE_TRANSIT) {
753 BUG_ON(!path->dentry->d_op);
754 BUG_ON(!path->dentry->d_op->d_manage);
755 ret = path->dentry->d_op->d_manage(path->dentry, false);
760 /* Transit to a mounted filesystem. */
761 if (managed & DCACHE_MOUNTED) {
762 struct vfsmount *mounted = lookup_mnt(path);
768 path->dentry = dget(mounted->mnt_root);
773 /* Something is mounted on this dentry in another
774 * namespace and/or whatever was mounted there in this
775 * namespace got unmounted before we managed to get the
779 /* Handle an automount point */
780 if (managed & DCACHE_NEED_AUTOMOUNT) {
781 ret = follow_automount(path, flags, &need_mntput);
787 /* We didn't change the current path point */
791 if (need_mntput && path->mnt == mnt)
798 int follow_down_one(struct path *path)
800 struct vfsmount *mounted;
802 mounted = lookup_mnt(path);
807 path->dentry = dget(mounted->mnt_root);
813 static inline bool managed_dentry_might_block(struct dentry *dentry)
815 return (dentry->d_flags & DCACHE_MANAGE_TRANSIT &&
816 dentry->d_op->d_manage(dentry, true) < 0);
820 * Try to skip to top of mountpoint pile in rcuwalk mode. Fail if
821 * we meet a managed dentry that would need blocking.
823 static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
824 struct inode **inode)
827 struct vfsmount *mounted;
829 * Don't forget we might have a non-mountpoint managed dentry
830 * that wants to block transit.
832 if (unlikely(managed_dentry_might_block(path->dentry)))
835 if (!d_mountpoint(path->dentry))
838 mounted = __lookup_mnt(path->mnt, path->dentry, 1);
842 path->dentry = mounted->mnt_root;
843 nd->seq = read_seqcount_begin(&path->dentry->d_seq);
845 * Update the inode too. We don't need to re-check the
846 * dentry sequence number here after this d_inode read,
847 * because a mount-point is always pinned.
849 *inode = path->dentry->d_inode;
854 static void follow_mount_rcu(struct nameidata *nd)
856 while (d_mountpoint(nd->path.dentry)) {
857 struct vfsmount *mounted;
858 mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry, 1);
861 nd->path.mnt = mounted;
862 nd->path.dentry = mounted->mnt_root;
863 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
867 static int follow_dotdot_rcu(struct nameidata *nd)
872 if (nd->path.dentry == nd->root.dentry &&
873 nd->path.mnt == nd->root.mnt) {
876 if (nd->path.dentry != nd->path.mnt->mnt_root) {
877 struct dentry *old = nd->path.dentry;
878 struct dentry *parent = old->d_parent;
881 seq = read_seqcount_begin(&parent->d_seq);
882 if (read_seqcount_retry(&old->d_seq, nd->seq))
884 nd->path.dentry = parent;
888 if (!follow_up_rcu(&nd->path))
890 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
892 follow_mount_rcu(nd);
893 nd->inode = nd->path.dentry->d_inode;
897 nd->flags &= ~LOOKUP_RCU;
898 if (!(nd->flags & LOOKUP_ROOT))
901 br_read_unlock(vfsmount_lock);
906 * Follow down to the covering mount currently visible to userspace. At each
907 * point, the filesystem owning that dentry may be queried as to whether the
908 * caller is permitted to proceed or not.
910 int follow_down(struct path *path)
915 while (managed = ACCESS_ONCE(path->dentry->d_flags),
916 unlikely(managed & DCACHE_MANAGED_DENTRY)) {
917 /* Allow the filesystem to manage the transit without i_mutex
920 * We indicate to the filesystem if someone is trying to mount
921 * something here. This gives autofs the chance to deny anyone
922 * other than its daemon the right to mount on its
925 * The filesystem may sleep at this point.
927 if (managed & DCACHE_MANAGE_TRANSIT) {
928 BUG_ON(!path->dentry->d_op);
929 BUG_ON(!path->dentry->d_op->d_manage);
930 ret = path->dentry->d_op->d_manage(
931 path->dentry, false);
933 return ret == -EISDIR ? 0 : ret;
936 /* Transit to a mounted filesystem. */
937 if (managed & DCACHE_MOUNTED) {
938 struct vfsmount *mounted = lookup_mnt(path);
944 path->dentry = dget(mounted->mnt_root);
948 /* Don't handle automount points here */
955 * Skip to top of mountpoint pile in refwalk mode for follow_dotdot()
957 static void follow_mount(struct path *path)
959 while (d_mountpoint(path->dentry)) {
960 struct vfsmount *mounted = lookup_mnt(path);
966 path->dentry = dget(mounted->mnt_root);
970 static void follow_dotdot(struct nameidata *nd)
975 struct dentry *old = nd->path.dentry;
977 if (nd->path.dentry == nd->root.dentry &&
978 nd->path.mnt == nd->root.mnt) {
981 if (nd->path.dentry != nd->path.mnt->mnt_root) {
982 /* rare case of legitimate dget_parent()... */
983 nd->path.dentry = dget_parent(nd->path.dentry);
987 if (!follow_up(&nd->path))
990 follow_mount(&nd->path);
991 nd->inode = nd->path.dentry->d_inode;
995 * Allocate a dentry with name and parent, and perform a parent
996 * directory ->lookup on it. Returns the new dentry, or ERR_PTR
997 * on error. parent->d_inode->i_mutex must be held. d_lookup must
998 * have verified that no child exists while under i_mutex.
1000 static struct dentry *d_alloc_and_lookup(struct dentry *parent,
1001 struct qstr *name, struct nameidata *nd)
1003 struct inode *inode = parent->d_inode;
1004 struct dentry *dentry;
1007 /* Don't create child dentry for a dead directory. */
1008 if (unlikely(IS_DEADDIR(inode)))
1009 return ERR_PTR(-ENOENT);
1011 dentry = d_alloc(parent, name);
1012 if (unlikely(!dentry))
1013 return ERR_PTR(-ENOMEM);
1015 old = inode->i_op->lookup(inode, dentry, nd);
1016 if (unlikely(old)) {
1024 * We already have a dentry, but require a lookup to be performed on the parent
1025 * directory to fill in d_inode. Returns the new dentry, or ERR_PTR on error.
1026 * parent->d_inode->i_mutex must be held. d_lookup must have verified that no
1027 * child exists while under i_mutex.
1029 static struct dentry *d_inode_lookup(struct dentry *parent, struct dentry *dentry,
1030 struct nameidata *nd)
1032 struct inode *inode = parent->d_inode;
1035 /* Don't create child dentry for a dead directory. */
1036 if (unlikely(IS_DEADDIR(inode)))
1037 return ERR_PTR(-ENOENT);
1039 old = inode->i_op->lookup(inode, dentry, nd);
1040 if (unlikely(old)) {
1048 * It's more convoluted than I'd like it to be, but... it's still fairly
1049 * small and for now I'd prefer to have fast path as straight as possible.
1050 * It _is_ time-critical.
1052 static int do_lookup(struct nameidata *nd, struct qstr *name,
1053 struct path *path, struct inode **inode)
1055 struct vfsmount *mnt = nd->path.mnt;
1056 struct dentry *dentry, *parent = nd->path.dentry;
1062 * Rename seqlock is not required here because in the off chance
1063 * of a false negative due to a concurrent rename, we're going to
1064 * do the non-racy lookup, below.
1066 if (nd->flags & LOOKUP_RCU) {
1069 dentry = __d_lookup_rcu(parent, name, &seq, inode);
1073 /* Memory barrier in read_seqcount_begin of child is enough */
1074 if (__read_seqcount_retry(&parent->d_seq, nd->seq))
1078 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1079 status = d_revalidate(dentry, nd);
1080 if (unlikely(status <= 0)) {
1081 if (status != -ECHILD)
1086 if (unlikely(d_need_lookup(dentry)))
1089 path->dentry = dentry;
1090 if (unlikely(!__follow_mount_rcu(nd, path, inode)))
1092 if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT))
1096 if (unlazy_walk(nd, dentry))
1099 dentry = __d_lookup(parent, name);
1102 if (dentry && unlikely(d_need_lookup(dentry))) {
1107 if (unlikely(!dentry)) {
1108 struct inode *dir = parent->d_inode;
1109 BUG_ON(nd->inode != dir);
1111 mutex_lock(&dir->i_mutex);
1112 dentry = d_lookup(parent, name);
1113 if (likely(!dentry)) {
1114 dentry = d_alloc_and_lookup(parent, name, nd);
1115 if (IS_ERR(dentry)) {
1116 mutex_unlock(&dir->i_mutex);
1117 return PTR_ERR(dentry);
1122 } else if (unlikely(d_need_lookup(dentry))) {
1123 dentry = d_inode_lookup(parent, dentry, nd);
1124 if (IS_ERR(dentry)) {
1125 mutex_unlock(&dir->i_mutex);
1126 return PTR_ERR(dentry);
1132 mutex_unlock(&dir->i_mutex);
1134 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE) && need_reval)
1135 status = d_revalidate(dentry, nd);
1136 if (unlikely(status <= 0)) {
1141 if (!d_invalidate(dentry)) {
1150 path->dentry = dentry;
1151 err = follow_managed(path, nd->flags);
1152 if (unlikely(err < 0)) {
1153 path_put_conditional(path, nd);
1156 *inode = path->dentry->d_inode;
1160 static inline int may_lookup(struct nameidata *nd)
1162 if (nd->flags & LOOKUP_RCU) {
1163 int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1166 if (unlazy_walk(nd, NULL))
1169 return inode_permission(nd->inode, MAY_EXEC);
1172 static inline int handle_dots(struct nameidata *nd, int type)
1174 if (type == LAST_DOTDOT) {
1175 if (nd->flags & LOOKUP_RCU) {
1176 if (follow_dotdot_rcu(nd))
1184 static void terminate_walk(struct nameidata *nd)
1186 if (!(nd->flags & LOOKUP_RCU)) {
1187 path_put(&nd->path);
1189 nd->flags &= ~LOOKUP_RCU;
1190 if (!(nd->flags & LOOKUP_ROOT))
1191 nd->root.mnt = NULL;
1193 br_read_unlock(vfsmount_lock);
1197 static inline int walk_component(struct nameidata *nd, struct path *path,
1198 struct qstr *name, int type, int follow)
1200 struct inode *inode;
1203 * "." and ".." are special - ".." especially so because it has
1204 * to be able to know about the current root directory and
1205 * parent relationships.
1207 if (unlikely(type != LAST_NORM))
1208 return handle_dots(nd, type);
1209 err = do_lookup(nd, name, path, &inode);
1210 if (unlikely(err)) {
1215 path_to_nameidata(path, nd);
1219 if (unlikely(inode->i_op->follow_link) && follow) {
1220 if (nd->flags & LOOKUP_RCU) {
1221 if (unlikely(unlazy_walk(nd, path->dentry))) {
1226 BUG_ON(inode != path->dentry->d_inode);
1229 path_to_nameidata(path, nd);
1235 * This limits recursive symlink follows to 8, while
1236 * limiting consecutive symlinks to 40.
1238 * Without that kind of total limit, nasty chains of consecutive
1239 * symlinks can cause almost arbitrarily long lookups.
1241 static inline int nested_symlink(struct path *path, struct nameidata *nd)
1245 if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
1246 path_put_conditional(path, nd);
1247 path_put(&nd->path);
1250 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
1253 current->link_count++;
1256 struct path link = *path;
1259 res = follow_link(&link, nd, &cookie);
1261 res = walk_component(nd, path, &nd->last,
1262 nd->last_type, LOOKUP_FOLLOW);
1263 put_link(nd, &link, cookie);
1266 current->link_count--;
1273 * This is the basic name resolution function, turning a pathname into
1274 * the final dentry. We expect 'base' to be positive and a directory.
1276 * Returns 0 and nd will have valid dentry and mnt on success.
1277 * Returns error and drops reference to input namei data on failure.
1279 static int link_path_walk(const char *name, struct nameidata *nd)
1289 /* At this point we know we have a real path component. */
1296 err = may_lookup(nd);
1301 c = *(const unsigned char *)name;
1303 hash = init_name_hash();
1306 hash = partial_name_hash(c, hash);
1307 c = *(const unsigned char *)name;
1308 } while (c && (c != '/'));
1309 this.len = name - (const char *) this.name;
1310 this.hash = end_name_hash(hash);
1313 if (this.name[0] == '.') switch (this.len) {
1315 if (this.name[1] == '.') {
1317 nd->flags |= LOOKUP_JUMPED;
1323 if (likely(type == LAST_NORM)) {
1324 struct dentry *parent = nd->path.dentry;
1325 nd->flags &= ~LOOKUP_JUMPED;
1326 if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
1327 err = parent->d_op->d_hash(parent, nd->inode,
1334 /* remove trailing slashes? */
1336 goto last_component;
1337 while (*++name == '/');
1339 goto last_component;
1341 err = walk_component(nd, &next, &this, type, LOOKUP_FOLLOW);
1346 err = nested_symlink(&next, nd);
1351 if (!nd->inode->i_op->lookup)
1354 /* here ends the main loop */
1358 nd->last_type = type;
1365 static int path_init(int dfd, const char *name, unsigned int flags,
1366 struct nameidata *nd, struct file **fp)
1372 nd->last_type = LAST_ROOT; /* if there are only slashes... */
1373 nd->flags = flags | LOOKUP_JUMPED;
1375 if (flags & LOOKUP_ROOT) {
1376 struct inode *inode = nd->root.dentry->d_inode;
1378 if (!inode->i_op->lookup)
1380 retval = inode_permission(inode, MAY_EXEC);
1384 nd->path = nd->root;
1386 if (flags & LOOKUP_RCU) {
1387 br_read_lock(vfsmount_lock);
1389 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1391 path_get(&nd->path);
1396 nd->root.mnt = NULL;
1399 if (flags & LOOKUP_RCU) {
1400 br_read_lock(vfsmount_lock);
1405 path_get(&nd->root);
1407 nd->path = nd->root;
1408 } else if (dfd == AT_FDCWD) {
1409 if (flags & LOOKUP_RCU) {
1410 struct fs_struct *fs = current->fs;
1413 br_read_lock(vfsmount_lock);
1417 seq = read_seqcount_begin(&fs->seq);
1419 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1420 } while (read_seqcount_retry(&fs->seq, seq));
1422 get_fs_pwd(current->fs, &nd->path);
1425 struct dentry *dentry;
1427 file = fget_raw_light(dfd, &fput_needed);
1432 dentry = file->f_path.dentry;
1436 if (!S_ISDIR(dentry->d_inode->i_mode))
1439 retval = inode_permission(dentry->d_inode, MAY_EXEC);
1444 nd->path = file->f_path;
1445 if (flags & LOOKUP_RCU) {
1448 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1449 br_read_lock(vfsmount_lock);
1452 path_get(&file->f_path);
1453 fput_light(file, fput_needed);
1457 nd->inode = nd->path.dentry->d_inode;
1461 fput_light(file, fput_needed);
1466 static inline int lookup_last(struct nameidata *nd, struct path *path)
1468 if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
1469 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
1471 nd->flags &= ~LOOKUP_PARENT;
1472 return walk_component(nd, path, &nd->last, nd->last_type,
1473 nd->flags & LOOKUP_FOLLOW);
1476 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
1477 static int path_lookupat(int dfd, const char *name,
1478 unsigned int flags, struct nameidata *nd)
1480 struct file *base = NULL;
1485 * Path walking is largely split up into 2 different synchronisation
1486 * schemes, rcu-walk and ref-walk (explained in
1487 * Documentation/filesystems/path-lookup.txt). These share much of the
1488 * path walk code, but some things particularly setup, cleanup, and
1489 * following mounts are sufficiently divergent that functions are
1490 * duplicated. Typically there is a function foo(), and its RCU
1491 * analogue, foo_rcu().
1493 * -ECHILD is the error number of choice (just to avoid clashes) that
1494 * is returned if some aspect of an rcu-walk fails. Such an error must
1495 * be handled by restarting a traditional ref-walk (which will always
1496 * be able to complete).
1498 err = path_init(dfd, name, flags | LOOKUP_PARENT, nd, &base);
1503 current->total_link_count = 0;
1504 err = link_path_walk(name, nd);
1506 if (!err && !(flags & LOOKUP_PARENT)) {
1507 err = lookup_last(nd, &path);
1510 struct path link = path;
1511 nd->flags |= LOOKUP_PARENT;
1512 err = follow_link(&link, nd, &cookie);
1514 err = lookup_last(nd, &path);
1515 put_link(nd, &link, cookie);
1520 err = complete_walk(nd);
1522 if (!err && nd->flags & LOOKUP_DIRECTORY) {
1523 if (!nd->inode->i_op->lookup) {
1524 path_put(&nd->path);
1532 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
1533 path_put(&nd->root);
1534 nd->root.mnt = NULL;
1539 static int do_path_lookup(int dfd, const char *name,
1540 unsigned int flags, struct nameidata *nd)
1542 int retval = path_lookupat(dfd, name, flags | LOOKUP_RCU, nd);
1543 if (unlikely(retval == -ECHILD))
1544 retval = path_lookupat(dfd, name, flags, nd);
1545 if (unlikely(retval == -ESTALE))
1546 retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
1548 if (likely(!retval)) {
1549 if (unlikely(!audit_dummy_context())) {
1550 if (nd->path.dentry && nd->inode)
1551 audit_inode(name, nd->path.dentry);
1557 int kern_path_parent(const char *name, struct nameidata *nd)
1559 return do_path_lookup(AT_FDCWD, name, LOOKUP_PARENT, nd);
1562 int kern_path(const char *name, unsigned int flags, struct path *path)
1564 struct nameidata nd;
1565 int res = do_path_lookup(AT_FDCWD, name, flags, &nd);
1572 * vfs_path_lookup - lookup a file path relative to a dentry-vfsmount pair
1573 * @dentry: pointer to dentry of the base directory
1574 * @mnt: pointer to vfs mount of the base directory
1575 * @name: pointer to file name
1576 * @flags: lookup flags
1577 * @path: pointer to struct path to fill
1579 int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1580 const char *name, unsigned int flags,
1583 struct nameidata nd;
1585 nd.root.dentry = dentry;
1587 BUG_ON(flags & LOOKUP_PARENT);
1588 /* the first argument of do_path_lookup() is ignored with LOOKUP_ROOT */
1589 err = do_path_lookup(AT_FDCWD, name, flags | LOOKUP_ROOT, &nd);
1595 static struct dentry *__lookup_hash(struct qstr *name,
1596 struct dentry *base, struct nameidata *nd)
1598 struct inode *inode = base->d_inode;
1599 struct dentry *dentry;
1602 err = inode_permission(inode, MAY_EXEC);
1604 return ERR_PTR(err);
1607 * Don't bother with __d_lookup: callers are for creat as
1608 * well as unlink, so a lot of the time it would cost
1611 dentry = d_lookup(base, name);
1613 if (dentry && d_need_lookup(dentry)) {
1615 * __lookup_hash is called with the parent dir's i_mutex already
1616 * held, so we are good to go here.
1618 dentry = d_inode_lookup(base, dentry, nd);
1623 if (dentry && (dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1624 int status = d_revalidate(dentry, nd);
1625 if (unlikely(status <= 0)) {
1627 * The dentry failed validation.
1628 * If d_revalidate returned 0 attempt to invalidate
1629 * the dentry otherwise d_revalidate is asking us
1630 * to return a fail status.
1634 return ERR_PTR(status);
1635 } else if (!d_invalidate(dentry)) {
1643 dentry = d_alloc_and_lookup(base, name, nd);
1649 * Restricted form of lookup. Doesn't follow links, single-component only,
1650 * needs parent already locked. Doesn't follow mounts.
1653 static struct dentry *lookup_hash(struct nameidata *nd)
1655 return __lookup_hash(&nd->last, nd->path.dentry, nd);
1659 * lookup_one_len - filesystem helper to lookup single pathname component
1660 * @name: pathname component to lookup
1661 * @base: base directory to lookup from
1662 * @len: maximum length @len should be interpreted to
1664 * Note that this routine is purely a helper for filesystem usage and should
1665 * not be called by generic code. Also note that by using this function the
1666 * nameidata argument is passed to the filesystem methods and a filesystem
1667 * using this helper needs to be prepared for that.
1669 struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1675 WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex));
1680 return ERR_PTR(-EACCES);
1682 hash = init_name_hash();
1684 c = *(const unsigned char *)name++;
1685 if (c == '/' || c == '\0')
1686 return ERR_PTR(-EACCES);
1687 hash = partial_name_hash(c, hash);
1689 this.hash = end_name_hash(hash);
1691 * See if the low-level filesystem might want
1692 * to use its own hash..
1694 if (base->d_flags & DCACHE_OP_HASH) {
1695 int err = base->d_op->d_hash(base, base->d_inode, &this);
1697 return ERR_PTR(err);
1700 return __lookup_hash(&this, base, NULL);
1703 int user_path_at(int dfd, const char __user *name, unsigned flags,
1706 struct nameidata nd;
1707 char *tmp = getname_flags(name, flags);
1708 int err = PTR_ERR(tmp);
1711 BUG_ON(flags & LOOKUP_PARENT);
1713 err = do_path_lookup(dfd, tmp, flags, &nd);
1721 static int user_path_parent(int dfd, const char __user *path,
1722 struct nameidata *nd, char **name)
1724 char *s = getname(path);
1730 error = do_path_lookup(dfd, s, LOOKUP_PARENT, nd);
1740 * It's inline, so penalty for filesystems that don't use sticky bit is
1743 static inline int check_sticky(struct inode *dir, struct inode *inode)
1745 uid_t fsuid = current_fsuid();
1747 if (!(dir->i_mode & S_ISVTX))
1749 if (current_user_ns() != inode_userns(inode))
1751 if (inode->i_uid == fsuid)
1753 if (dir->i_uid == fsuid)
1757 return !ns_capable(inode_userns(inode), CAP_FOWNER);
1761 * Check whether we can remove a link victim from directory dir, check
1762 * whether the type of victim is right.
1763 * 1. We can't do it if dir is read-only (done in permission())
1764 * 2. We should have write and exec permissions on dir
1765 * 3. We can't remove anything from append-only dir
1766 * 4. We can't do anything with immutable dir (done in permission())
1767 * 5. If the sticky bit on dir is set we should either
1768 * a. be owner of dir, or
1769 * b. be owner of victim, or
1770 * c. have CAP_FOWNER capability
1771 * 6. If the victim is append-only or immutable we can't do antyhing with
1772 * links pointing to it.
1773 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
1774 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
1775 * 9. We can't remove a root or mountpoint.
1776 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
1777 * nfs_async_unlink().
1779 static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1783 if (!victim->d_inode)
1786 BUG_ON(victim->d_parent->d_inode != dir);
1787 audit_inode_child(victim, dir);
1789 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
1794 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1795 IS_IMMUTABLE(victim->d_inode) || IS_SWAPFILE(victim->d_inode))
1798 if (!S_ISDIR(victim->d_inode->i_mode))
1800 if (IS_ROOT(victim))
1802 } else if (S_ISDIR(victim->d_inode->i_mode))
1804 if (IS_DEADDIR(dir))
1806 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1811 /* Check whether we can create an object with dentry child in directory
1813 * 1. We can't do it if child already exists (open has special treatment for
1814 * this case, but since we are inlined it's OK)
1815 * 2. We can't do it if dir is read-only (done in permission())
1816 * 3. We should have write and exec permissions on dir
1817 * 4. We can't do it if dir is immutable (done in permission())
1819 static inline int may_create(struct inode *dir, struct dentry *child)
1823 if (IS_DEADDIR(dir))
1825 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
1829 * p1 and p2 should be directories on the same fs.
1831 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1836 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1840 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1842 p = d_ancestor(p2, p1);
1844 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT);
1845 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD);
1849 p = d_ancestor(p1, p2);
1851 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1852 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1856 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1857 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1861 void unlock_rename(struct dentry *p1, struct dentry *p2)
1863 mutex_unlock(&p1->d_inode->i_mutex);
1865 mutex_unlock(&p2->d_inode->i_mutex);
1866 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1870 int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1871 struct nameidata *nd)
1873 int error = may_create(dir, dentry);
1878 if (!dir->i_op->create)
1879 return -EACCES; /* shouldn't it be ENOSYS? */
1882 error = security_inode_create(dir, dentry, mode);
1885 error = dir->i_op->create(dir, dentry, mode, nd);
1887 fsnotify_create(dir, dentry);
1891 static int may_open(struct path *path, int acc_mode, int flag)
1893 struct dentry *dentry = path->dentry;
1894 struct inode *inode = dentry->d_inode;
1904 switch (inode->i_mode & S_IFMT) {
1908 if (acc_mode & MAY_WRITE)
1913 if (path->mnt->mnt_flags & MNT_NODEV)
1922 error = inode_permission(inode, acc_mode);
1927 * An append-only file must be opened in append mode for writing.
1929 if (IS_APPEND(inode)) {
1930 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
1936 /* O_NOATIME can only be set by the owner or superuser */
1937 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
1941 * Ensure there are no outstanding leases on the file.
1943 return break_lease(inode, flag);
1946 static int handle_truncate(struct file *filp)
1948 struct path *path = &filp->f_path;
1949 struct inode *inode = path->dentry->d_inode;
1950 int error = get_write_access(inode);
1954 * Refuse to truncate files with mandatory locks held on them.
1956 error = locks_verify_locked(inode);
1958 error = security_path_truncate(path);
1960 error = do_truncate(path->dentry, 0,
1961 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
1964 put_write_access(inode);
1968 static inline int open_to_namei_flags(int flag)
1970 if ((flag & O_ACCMODE) == 3)
1976 * Handle the last step of open()
1978 static struct file *do_last(struct nameidata *nd, struct path *path,
1979 const struct open_flags *op, const char *pathname)
1981 struct dentry *dir = nd->path.dentry;
1982 struct dentry *dentry;
1983 int open_flag = op->open_flag;
1984 int will_truncate = open_flag & O_TRUNC;
1986 int acc_mode = op->acc_mode;
1990 nd->flags &= ~LOOKUP_PARENT;
1991 nd->flags |= op->intent;
1993 switch (nd->last_type) {
1996 error = handle_dots(nd, nd->last_type);
1998 return ERR_PTR(error);
2001 error = complete_walk(nd);
2003 return ERR_PTR(error);
2004 audit_inode(pathname, nd->path.dentry);
2005 if (open_flag & O_CREAT) {
2011 error = complete_walk(nd);
2013 return ERR_PTR(error);
2014 audit_inode(pathname, dir);
2018 if (!(open_flag & O_CREAT)) {
2020 if (nd->last.name[nd->last.len])
2021 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
2022 if (open_flag & O_PATH && !(nd->flags & LOOKUP_FOLLOW))
2024 /* we _can_ be in RCU mode here */
2025 error = walk_component(nd, path, &nd->last, LAST_NORM,
2028 return ERR_PTR(error);
2029 if (error) /* symlink */
2032 error = complete_walk(nd);
2034 return ERR_PTR(-ECHILD);
2037 if (nd->flags & LOOKUP_DIRECTORY) {
2038 if (!nd->inode->i_op->lookup)
2041 audit_inode(pathname, nd->path.dentry);
2045 /* create side of things */
2046 error = complete_walk(nd);
2048 return ERR_PTR(error);
2050 audit_inode(pathname, dir);
2052 /* trailing slashes? */
2053 if (nd->last.name[nd->last.len])
2056 mutex_lock(&dir->d_inode->i_mutex);
2058 dentry = lookup_hash(nd);
2059 error = PTR_ERR(dentry);
2060 if (IS_ERR(dentry)) {
2061 mutex_unlock(&dir->d_inode->i_mutex);
2065 path->dentry = dentry;
2066 path->mnt = nd->path.mnt;
2068 /* Negative dentry, just create the file */
2069 if (!dentry->d_inode) {
2070 int mode = op->mode;
2071 if (!IS_POSIXACL(dir->d_inode))
2072 mode &= ~current_umask();
2074 * This write is needed to ensure that a
2075 * rw->ro transition does not occur between
2076 * the time when the file is created and when
2077 * a permanent write count is taken through
2078 * the 'struct file' in nameidata_to_filp().
2080 error = mnt_want_write(nd->path.mnt);
2082 goto exit_mutex_unlock;
2084 /* Don't check for write permission, don't truncate */
2085 open_flag &= ~O_TRUNC;
2087 acc_mode = MAY_OPEN;
2088 error = security_path_mknod(&nd->path, dentry, mode, 0);
2090 goto exit_mutex_unlock;
2091 error = vfs_create(dir->d_inode, dentry, mode, nd);
2093 goto exit_mutex_unlock;
2094 mutex_unlock(&dir->d_inode->i_mutex);
2095 dput(nd->path.dentry);
2096 nd->path.dentry = dentry;
2101 * It already exists.
2103 mutex_unlock(&dir->d_inode->i_mutex);
2104 audit_inode(pathname, path->dentry);
2107 if (open_flag & O_EXCL)
2110 error = follow_managed(path, nd->flags);
2115 if (!path->dentry->d_inode)
2118 if (path->dentry->d_inode->i_op->follow_link)
2121 path_to_nameidata(path, nd);
2122 nd->inode = path->dentry->d_inode;
2124 if (S_ISDIR(nd->inode->i_mode))
2127 if (!S_ISREG(nd->inode->i_mode))
2130 if (will_truncate) {
2131 error = mnt_want_write(nd->path.mnt);
2137 error = may_open(&nd->path, acc_mode, open_flag);
2140 filp = nameidata_to_filp(nd);
2141 if (!IS_ERR(filp)) {
2142 error = ima_file_check(filp, op->acc_mode);
2145 filp = ERR_PTR(error);
2148 if (!IS_ERR(filp)) {
2149 if (will_truncate) {
2150 error = handle_truncate(filp);
2153 filp = ERR_PTR(error);
2159 mnt_drop_write(nd->path.mnt);
2160 path_put(&nd->path);
2164 mutex_unlock(&dir->d_inode->i_mutex);
2166 path_put_conditional(path, nd);
2168 filp = ERR_PTR(error);
2172 static struct file *path_openat(int dfd, const char *pathname,
2173 struct nameidata *nd, const struct open_flags *op, int flags)
2175 struct file *base = NULL;
2180 filp = get_empty_filp();
2182 return ERR_PTR(-ENFILE);
2184 filp->f_flags = op->open_flag;
2185 nd->intent.open.file = filp;
2186 nd->intent.open.flags = open_to_namei_flags(op->open_flag);
2187 nd->intent.open.create_mode = op->mode;
2189 error = path_init(dfd, pathname, flags | LOOKUP_PARENT, nd, &base);
2190 if (unlikely(error))
2193 current->total_link_count = 0;
2194 error = link_path_walk(pathname, nd);
2195 if (unlikely(error))
2198 filp = do_last(nd, &path, op, pathname);
2199 while (unlikely(!filp)) { /* trailing symlink */
2200 struct path link = path;
2202 if (!(nd->flags & LOOKUP_FOLLOW)) {
2203 path_put_conditional(&path, nd);
2204 path_put(&nd->path);
2205 filp = ERR_PTR(-ELOOP);
2208 nd->flags |= LOOKUP_PARENT;
2209 nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL);
2210 error = follow_link(&link, nd, &cookie);
2211 if (unlikely(error))
2212 filp = ERR_PTR(error);
2214 filp = do_last(nd, &path, op, pathname);
2215 put_link(nd, &link, cookie);
2218 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT))
2219 path_put(&nd->root);
2222 release_open_intent(nd);
2226 filp = ERR_PTR(error);
2230 struct file *do_filp_open(int dfd, const char *pathname,
2231 const struct open_flags *op, int flags)
2233 struct nameidata nd;
2236 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_RCU);
2237 if (unlikely(filp == ERR_PTR(-ECHILD)))
2238 filp = path_openat(dfd, pathname, &nd, op, flags);
2239 if (unlikely(filp == ERR_PTR(-ESTALE)))
2240 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_REVAL);
2244 struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt,
2245 const char *name, const struct open_flags *op, int flags)
2247 struct nameidata nd;
2251 nd.root.dentry = dentry;
2253 flags |= LOOKUP_ROOT;
2255 if (dentry->d_inode->i_op->follow_link && op->intent & LOOKUP_OPEN)
2256 return ERR_PTR(-ELOOP);
2258 file = path_openat(-1, name, &nd, op, flags | LOOKUP_RCU);
2259 if (unlikely(file == ERR_PTR(-ECHILD)))
2260 file = path_openat(-1, name, &nd, op, flags);
2261 if (unlikely(file == ERR_PTR(-ESTALE)))
2262 file = path_openat(-1, name, &nd, op, flags | LOOKUP_REVAL);
2266 struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path, int is_dir)
2268 struct dentry *dentry = ERR_PTR(-EEXIST);
2269 struct nameidata nd;
2270 int error = do_path_lookup(dfd, pathname, LOOKUP_PARENT, &nd);
2272 return ERR_PTR(error);
2275 * Yucky last component or no last component at all?
2276 * (foo/., foo/.., /////)
2278 if (nd.last_type != LAST_NORM)
2280 nd.flags &= ~LOOKUP_PARENT;
2281 nd.flags |= LOOKUP_CREATE | LOOKUP_EXCL;
2282 nd.intent.open.flags = O_EXCL;
2285 * Do the final lookup.
2287 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2288 dentry = lookup_hash(&nd);
2292 if (dentry->d_inode)
2295 * Special case - lookup gave negative, but... we had foo/bar/
2296 * From the vfs_mknod() POV we just have a negative dentry -
2297 * all is fine. Let's be bastards - you had / on the end, you've
2298 * been asking for (non-existent) directory. -ENOENT for you.
2300 if (unlikely(!is_dir && nd.last.name[nd.last.len])) {
2302 dentry = ERR_PTR(-ENOENT);
2309 dentry = ERR_PTR(-EEXIST);
2311 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2316 EXPORT_SYMBOL(kern_path_create);
2318 struct dentry *user_path_create(int dfd, const char __user *pathname, struct path *path, int is_dir)
2320 char *tmp = getname(pathname);
2323 return ERR_CAST(tmp);
2324 res = kern_path_create(dfd, tmp, path, is_dir);
2328 EXPORT_SYMBOL(user_path_create);
2330 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2332 int error = may_create(dir, dentry);
2337 if ((S_ISCHR(mode) || S_ISBLK(mode)) &&
2338 !ns_capable(inode_userns(dir), CAP_MKNOD))
2341 if (!dir->i_op->mknod)
2344 error = devcgroup_inode_mknod(mode, dev);
2348 error = security_inode_mknod(dir, dentry, mode, dev);
2352 error = dir->i_op->mknod(dir, dentry, mode, dev);
2354 fsnotify_create(dir, dentry);
2358 static int may_mknod(mode_t mode)
2360 switch (mode & S_IFMT) {
2366 case 0: /* zero mode translates to S_IFREG */
2375 SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
2378 struct dentry *dentry;
2385 dentry = user_path_create(dfd, filename, &path, 0);
2387 return PTR_ERR(dentry);
2389 if (!IS_POSIXACL(path.dentry->d_inode))
2390 mode &= ~current_umask();
2391 error = may_mknod(mode);
2394 error = mnt_want_write(path.mnt);
2397 error = security_path_mknod(&path, dentry, mode, dev);
2399 goto out_drop_write;
2400 switch (mode & S_IFMT) {
2401 case 0: case S_IFREG:
2402 error = vfs_create(path.dentry->d_inode,dentry,mode,NULL);
2404 case S_IFCHR: case S_IFBLK:
2405 error = vfs_mknod(path.dentry->d_inode,dentry,mode,
2406 new_decode_dev(dev));
2408 case S_IFIFO: case S_IFSOCK:
2409 error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
2413 mnt_drop_write(path.mnt);
2416 mutex_unlock(&path.dentry->d_inode->i_mutex);
2422 SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev)
2424 return sys_mknodat(AT_FDCWD, filename, mode, dev);
2427 int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
2429 int error = may_create(dir, dentry);
2434 if (!dir->i_op->mkdir)
2437 mode &= (S_IRWXUGO|S_ISVTX);
2438 error = security_inode_mkdir(dir, dentry, mode);
2442 error = dir->i_op->mkdir(dir, dentry, mode);
2444 fsnotify_mkdir(dir, dentry);
2448 SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
2450 struct dentry *dentry;
2454 dentry = user_path_create(dfd, pathname, &path, 1);
2456 return PTR_ERR(dentry);
2458 if (!IS_POSIXACL(path.dentry->d_inode))
2459 mode &= ~current_umask();
2460 error = mnt_want_write(path.mnt);
2463 error = security_path_mkdir(&path, dentry, mode);
2465 goto out_drop_write;
2466 error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
2468 mnt_drop_write(path.mnt);
2471 mutex_unlock(&path.dentry->d_inode->i_mutex);
2476 SYSCALL_DEFINE2(mkdir, const char __user *, pathname, int, mode)
2478 return sys_mkdirat(AT_FDCWD, pathname, mode);
2482 * The dentry_unhash() helper will try to drop the dentry early: we
2483 * should have a usage count of 2 if we're the only user of this
2484 * dentry, and if that is true (possibly after pruning the dcache),
2485 * then we drop the dentry now.
2487 * A low-level filesystem can, if it choses, legally
2490 * if (!d_unhashed(dentry))
2493 * if it cannot handle the case of removing a directory
2494 * that is still in use by something else..
2496 void dentry_unhash(struct dentry *dentry)
2498 shrink_dcache_parent(dentry);
2499 spin_lock(&dentry->d_lock);
2500 if (dentry->d_count == 1)
2502 spin_unlock(&dentry->d_lock);
2505 int vfs_rmdir(struct inode *dir, struct dentry *dentry)
2507 int error = may_delete(dir, dentry, 1);
2512 if (!dir->i_op->rmdir)
2515 mutex_lock(&dentry->d_inode->i_mutex);
2518 if (d_mountpoint(dentry))
2521 error = security_inode_rmdir(dir, dentry);
2525 shrink_dcache_parent(dentry);
2526 error = dir->i_op->rmdir(dir, dentry);
2530 dentry->d_inode->i_flags |= S_DEAD;
2534 mutex_unlock(&dentry->d_inode->i_mutex);
2540 static long do_rmdir(int dfd, const char __user *pathname)
2544 struct dentry *dentry;
2545 struct nameidata nd;
2547 error = user_path_parent(dfd, pathname, &nd, &name);
2551 switch(nd.last_type) {
2563 nd.flags &= ~LOOKUP_PARENT;
2565 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2566 dentry = lookup_hash(&nd);
2567 error = PTR_ERR(dentry);
2570 if (!dentry->d_inode) {
2574 error = mnt_want_write(nd.path.mnt);
2577 error = security_path_rmdir(&nd.path, dentry);
2580 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
2582 mnt_drop_write(nd.path.mnt);
2586 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2593 SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
2595 return do_rmdir(AT_FDCWD, pathname);
2598 int vfs_unlink(struct inode *dir, struct dentry *dentry)
2600 int error = may_delete(dir, dentry, 0);
2605 if (!dir->i_op->unlink)
2608 mutex_lock(&dentry->d_inode->i_mutex);
2609 if (d_mountpoint(dentry))
2612 error = security_inode_unlink(dir, dentry);
2614 error = dir->i_op->unlink(dir, dentry);
2619 mutex_unlock(&dentry->d_inode->i_mutex);
2621 /* We don't d_delete() NFS sillyrenamed files--they still exist. */
2622 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
2623 fsnotify_link_count(dentry->d_inode);
2631 * Make sure that the actual truncation of the file will occur outside its
2632 * directory's i_mutex. Truncate can take a long time if there is a lot of
2633 * writeout happening, and we don't want to prevent access to the directory
2634 * while waiting on the I/O.
2636 static long do_unlinkat(int dfd, const char __user *pathname)
2640 struct dentry *dentry;
2641 struct nameidata nd;
2642 struct inode *inode = NULL;
2644 error = user_path_parent(dfd, pathname, &nd, &name);
2649 if (nd.last_type != LAST_NORM)
2652 nd.flags &= ~LOOKUP_PARENT;
2654 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2655 dentry = lookup_hash(&nd);
2656 error = PTR_ERR(dentry);
2657 if (!IS_ERR(dentry)) {
2658 /* Why not before? Because we want correct error value */
2659 if (nd.last.name[nd.last.len])
2661 inode = dentry->d_inode;
2665 error = mnt_want_write(nd.path.mnt);
2668 error = security_path_unlink(&nd.path, dentry);
2671 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
2673 mnt_drop_write(nd.path.mnt);
2677 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2679 iput(inode); /* truncate the inode here */
2686 error = !dentry->d_inode ? -ENOENT :
2687 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2691 SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
2693 if ((flag & ~AT_REMOVEDIR) != 0)
2696 if (flag & AT_REMOVEDIR)
2697 return do_rmdir(dfd, pathname);
2699 return do_unlinkat(dfd, pathname);
2702 SYSCALL_DEFINE1(unlink, const char __user *, pathname)
2704 return do_unlinkat(AT_FDCWD, pathname);
2707 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
2709 int error = may_create(dir, dentry);
2714 if (!dir->i_op->symlink)
2717 error = security_inode_symlink(dir, dentry, oldname);
2721 error = dir->i_op->symlink(dir, dentry, oldname);
2723 fsnotify_create(dir, dentry);
2727 SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
2728 int, newdfd, const char __user *, newname)
2732 struct dentry *dentry;
2735 from = getname(oldname);
2737 return PTR_ERR(from);
2739 dentry = user_path_create(newdfd, newname, &path, 0);
2740 error = PTR_ERR(dentry);
2744 error = mnt_want_write(path.mnt);
2747 error = security_path_symlink(&path, dentry, from);
2749 goto out_drop_write;
2750 error = vfs_symlink(path.dentry->d_inode, dentry, from);
2752 mnt_drop_write(path.mnt);
2755 mutex_unlock(&path.dentry->d_inode->i_mutex);
2762 SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
2764 return sys_symlinkat(oldname, AT_FDCWD, newname);
2767 int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2769 struct inode *inode = old_dentry->d_inode;
2775 error = may_create(dir, new_dentry);
2779 if (dir->i_sb != inode->i_sb)
2783 * A link to an append-only or immutable file cannot be created.
2785 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2787 if (!dir->i_op->link)
2789 if (S_ISDIR(inode->i_mode))
2792 error = security_inode_link(old_dentry, dir, new_dentry);
2796 mutex_lock(&inode->i_mutex);
2797 /* Make sure we don't allow creating hardlink to an unlinked file */
2798 if (inode->i_nlink == 0)
2801 error = dir->i_op->link(old_dentry, dir, new_dentry);
2802 mutex_unlock(&inode->i_mutex);
2804 fsnotify_link(dir, inode, new_dentry);
2809 * Hardlinks are often used in delicate situations. We avoid
2810 * security-related surprises by not following symlinks on the
2813 * We don't follow them on the oldname either to be compatible
2814 * with linux 2.0, and to avoid hard-linking to directories
2815 * and other special files. --ADM
2817 SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
2818 int, newdfd, const char __user *, newname, int, flags)
2820 struct dentry *new_dentry;
2821 struct path old_path, new_path;
2825 if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
2828 * To use null names we require CAP_DAC_READ_SEARCH
2829 * This ensures that not everyone will be able to create
2830 * handlink using the passed filedescriptor.
2832 if (flags & AT_EMPTY_PATH) {
2833 if (!capable(CAP_DAC_READ_SEARCH))
2838 if (flags & AT_SYMLINK_FOLLOW)
2839 how |= LOOKUP_FOLLOW;
2841 error = user_path_at(olddfd, oldname, how, &old_path);
2845 new_dentry = user_path_create(newdfd, newname, &new_path, 0);
2846 error = PTR_ERR(new_dentry);
2847 if (IS_ERR(new_dentry))
2851 if (old_path.mnt != new_path.mnt)
2853 error = mnt_want_write(new_path.mnt);
2856 error = security_path_link(old_path.dentry, &new_path, new_dentry);
2858 goto out_drop_write;
2859 error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry);
2861 mnt_drop_write(new_path.mnt);
2864 mutex_unlock(&new_path.dentry->d_inode->i_mutex);
2865 path_put(&new_path);
2867 path_put(&old_path);
2872 SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
2874 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
2878 * The worst of all namespace operations - renaming directory. "Perverted"
2879 * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
2881 * a) we can get into loop creation. Check is done in is_subdir().
2882 * b) race potential - two innocent renames can create a loop together.
2883 * That's where 4.4 screws up. Current fix: serialization on
2884 * sb->s_vfs_rename_mutex. We might be more accurate, but that's another
2886 * c) we have to lock _three_ objects - parents and victim (if it exists).
2887 * And that - after we got ->i_mutex on parents (until then we don't know
2888 * whether the target exists). Solution: try to be smart with locking
2889 * order for inodes. We rely on the fact that tree topology may change
2890 * only under ->s_vfs_rename_mutex _and_ that parent of the object we
2891 * move will be locked. Thus we can rank directories by the tree
2892 * (ancestors first) and rank all non-directories after them.
2893 * That works since everybody except rename does "lock parent, lookup,
2894 * lock child" and rename is under ->s_vfs_rename_mutex.
2895 * HOWEVER, it relies on the assumption that any object with ->lookup()
2896 * has no more than 1 dentry. If "hybrid" objects will ever appear,
2897 * we'd better make sure that there's no link(2) for them.
2898 * d) conversion from fhandle to dentry may come in the wrong moment - when
2899 * we are removing the target. Solution: we will have to grab ->i_mutex
2900 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
2901 * ->i_mutex on parents, which works but leads to some truly excessive
2904 static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
2905 struct inode *new_dir, struct dentry *new_dentry)
2908 struct inode *target = new_dentry->d_inode;
2911 * If we are going to change the parent - check write permissions,
2912 * we'll need to flip '..'.
2914 if (new_dir != old_dir) {
2915 error = inode_permission(old_dentry->d_inode, MAY_WRITE);
2920 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2925 mutex_lock(&target->i_mutex);
2928 if (d_mountpoint(old_dentry) || d_mountpoint(new_dentry))
2932 shrink_dcache_parent(new_dentry);
2933 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2938 target->i_flags |= S_DEAD;
2939 dont_mount(new_dentry);
2943 mutex_unlock(&target->i_mutex);
2945 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
2946 d_move(old_dentry,new_dentry);
2950 static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
2951 struct inode *new_dir, struct dentry *new_dentry)
2953 struct inode *target = new_dentry->d_inode;
2956 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2962 mutex_lock(&target->i_mutex);
2965 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
2968 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2973 dont_mount(new_dentry);
2974 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
2975 d_move(old_dentry, new_dentry);
2978 mutex_unlock(&target->i_mutex);
2983 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
2984 struct inode *new_dir, struct dentry *new_dentry)
2987 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
2988 const unsigned char *old_name;
2990 if (old_dentry->d_inode == new_dentry->d_inode)
2993 error = may_delete(old_dir, old_dentry, is_dir);
2997 if (!new_dentry->d_inode)
2998 error = may_create(new_dir, new_dentry);
3000 error = may_delete(new_dir, new_dentry, is_dir);
3004 if (!old_dir->i_op->rename)
3007 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
3010 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
3012 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
3014 fsnotify_move(old_dir, new_dir, old_name, is_dir,
3015 new_dentry->d_inode, old_dentry);
3016 fsnotify_oldname_free(old_name);
3021 SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3022 int, newdfd, const char __user *, newname)
3024 struct dentry *old_dir, *new_dir;
3025 struct dentry *old_dentry, *new_dentry;
3026 struct dentry *trap;
3027 struct nameidata oldnd, newnd;
3032 error = user_path_parent(olddfd, oldname, &oldnd, &from);
3036 error = user_path_parent(newdfd, newname, &newnd, &to);
3041 if (oldnd.path.mnt != newnd.path.mnt)
3044 old_dir = oldnd.path.dentry;
3046 if (oldnd.last_type != LAST_NORM)
3049 new_dir = newnd.path.dentry;
3050 if (newnd.last_type != LAST_NORM)
3053 oldnd.flags &= ~LOOKUP_PARENT;
3054 newnd.flags &= ~LOOKUP_PARENT;
3055 newnd.flags |= LOOKUP_RENAME_TARGET;
3057 trap = lock_rename(new_dir, old_dir);
3059 old_dentry = lookup_hash(&oldnd);
3060 error = PTR_ERR(old_dentry);
3061 if (IS_ERR(old_dentry))
3063 /* source must exist */
3065 if (!old_dentry->d_inode)
3067 /* unless the source is a directory trailing slashes give -ENOTDIR */
3068 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
3070 if (oldnd.last.name[oldnd.last.len])
3072 if (newnd.last.name[newnd.last.len])
3075 /* source should not be ancestor of target */
3077 if (old_dentry == trap)
3079 new_dentry = lookup_hash(&newnd);
3080 error = PTR_ERR(new_dentry);
3081 if (IS_ERR(new_dentry))
3083 /* target should not be an ancestor of source */
3085 if (new_dentry == trap)
3088 error = mnt_want_write(oldnd.path.mnt);
3091 error = security_path_rename(&oldnd.path, old_dentry,
3092 &newnd.path, new_dentry);
3095 error = vfs_rename(old_dir->d_inode, old_dentry,
3096 new_dir->d_inode, new_dentry);
3098 mnt_drop_write(oldnd.path.mnt);
3104 unlock_rename(new_dir, old_dir);
3106 path_put(&newnd.path);
3109 path_put(&oldnd.path);
3115 SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
3117 return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname);
3120 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
3124 len = PTR_ERR(link);
3129 if (len > (unsigned) buflen)
3131 if (copy_to_user(buffer, link, len))
3138 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
3139 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
3140 * using) it for any given inode is up to filesystem.
3142 int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3144 struct nameidata nd;
3149 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
3151 return PTR_ERR(cookie);
3153 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
3154 if (dentry->d_inode->i_op->put_link)
3155 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
3159 int vfs_follow_link(struct nameidata *nd, const char *link)
3161 return __vfs_follow_link(nd, link);
3164 /* get the link contents into pagecache */
3165 static char *page_getlink(struct dentry * dentry, struct page **ppage)
3169 struct address_space *mapping = dentry->d_inode->i_mapping;
3170 page = read_mapping_page(mapping, 0, NULL);
3175 nd_terminate_link(kaddr, dentry->d_inode->i_size, PAGE_SIZE - 1);
3179 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3181 struct page *page = NULL;
3182 char *s = page_getlink(dentry, &page);
3183 int res = vfs_readlink(dentry,buffer,buflen,s);
3186 page_cache_release(page);
3191 void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
3193 struct page *page = NULL;
3194 nd_set_link(nd, page_getlink(dentry, &page));
3198 void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
3200 struct page *page = cookie;
3204 page_cache_release(page);
3209 * The nofs argument instructs pagecache_write_begin to pass AOP_FLAG_NOFS
3211 int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
3213 struct address_space *mapping = inode->i_mapping;
3218 unsigned int flags = AOP_FLAG_UNINTERRUPTIBLE;
3220 flags |= AOP_FLAG_NOFS;
3223 err = pagecache_write_begin(NULL, mapping, 0, len-1,
3224 flags, &page, &fsdata);
3228 kaddr = kmap_atomic(page, KM_USER0);
3229 memcpy(kaddr, symname, len-1);
3230 kunmap_atomic(kaddr, KM_USER0);
3232 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
3239 mark_inode_dirty(inode);
3245 int page_symlink(struct inode *inode, const char *symname, int len)
3247 return __page_symlink(inode, symname, len,
3248 !(mapping_gfp_mask(inode->i_mapping) & __GFP_FS));
3251 const struct inode_operations page_symlink_inode_operations = {
3252 .readlink = generic_readlink,
3253 .follow_link = page_follow_link_light,
3254 .put_link = page_put_link,
3257 EXPORT_SYMBOL(user_path_at);
3258 EXPORT_SYMBOL(follow_down_one);
3259 EXPORT_SYMBOL(follow_down);
3260 EXPORT_SYMBOL(follow_up);
3261 EXPORT_SYMBOL(get_write_access); /* binfmt_aout */
3262 EXPORT_SYMBOL(getname);
3263 EXPORT_SYMBOL(lock_rename);
3264 EXPORT_SYMBOL(lookup_one_len);
3265 EXPORT_SYMBOL(page_follow_link_light);
3266 EXPORT_SYMBOL(page_put_link);
3267 EXPORT_SYMBOL(page_readlink);
3268 EXPORT_SYMBOL(__page_symlink);
3269 EXPORT_SYMBOL(page_symlink);
3270 EXPORT_SYMBOL(page_symlink_inode_operations);
3271 EXPORT_SYMBOL(kern_path);
3272 EXPORT_SYMBOL(vfs_path_lookup);
3273 EXPORT_SYMBOL(inode_permission);
3274 EXPORT_SYMBOL(unlock_rename);
3275 EXPORT_SYMBOL(vfs_create);
3276 EXPORT_SYMBOL(vfs_follow_link);
3277 EXPORT_SYMBOL(vfs_link);
3278 EXPORT_SYMBOL(vfs_mkdir);
3279 EXPORT_SYMBOL(vfs_mknod);
3280 EXPORT_SYMBOL(generic_permission);
3281 EXPORT_SYMBOL(vfs_readlink);
3282 EXPORT_SYMBOL(vfs_rename);
3283 EXPORT_SYMBOL(vfs_rmdir);
3284 EXPORT_SYMBOL(vfs_symlink);
3285 EXPORT_SYMBOL(vfs_unlink);
3286 EXPORT_SYMBOL(dentry_unhash);
3287 EXPORT_SYMBOL(generic_readlink);
git.openpandora.org / pandora-kernel.git / blob