4 * Copyright (C) 1991, 1992 Linus Torvalds
8 * Some corrections by tytso.
11 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
14 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
21 #include <linux/namei.h>
22 #include <linux/pagemap.h>
23 #include <linux/fsnotify.h>
24 #include <linux/personality.h>
25 #include <linux/security.h>
26 #include <linux/ima.h>
27 #include <linux/syscalls.h>
28 #include <linux/mount.h>
29 #include <linux/audit.h>
30 #include <linux/capability.h>
31 #include <linux/file.h>
32 #include <linux/fcntl.h>
33 #include <linux/device_cgroup.h>
34 #include <linux/fs_struct.h>
35 #include <linux/posix_acl.h>
36 #include <asm/uaccess.h>
40 /* [Feb-1997 T. Schoebel-Theuer]
41 * Fundamental changes in the pathname lookup mechanisms (namei)
42 * were necessary because of omirr. The reason is that omirr needs
43 * to know the _real_ pathname, not the user-supplied one, in case
44 * of symlinks (and also when transname replacements occur).
46 * The new code replaces the old recursive symlink resolution with
47 * an iterative one (in case of non-nested symlink chains). It does
48 * this with calls to <fs>_follow_link().
49 * As a side effect, dir_namei(), _namei() and follow_link() are now
50 * replaced with a single function lookup_dentry() that can handle all
51 * the special cases of the former code.
53 * With the new dcache, the pathname is stored at each inode, at least as
54 * long as the refcount of the inode is positive. As a side effect, the
55 * size of the dcache depends on the inode cache and thus is dynamic.
57 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
58 * resolution to correspond with current state of the code.
60 * Note that the symlink resolution is not *completely* iterative.
61 * There is still a significant amount of tail- and mid- recursion in
62 * the algorithm. Also, note that <fs>_readlink() is not used in
63 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
64 * may return different results than <fs>_follow_link(). Many virtual
65 * filesystems (including /proc) exhibit this behavior.
68 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
69 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
70 * and the name already exists in form of a symlink, try to create the new
71 * name indicated by the symlink. The old code always complained that the
72 * name already exists, due to not following the symlink even if its target
73 * is nonexistent. The new semantics affects also mknod() and link() when
74 * the name is a symlink pointing to a non-existent name.
76 * I don't know which semantics is the right one, since I have no access
77 * to standards. But I found by trial that HP-UX 9.0 has the full "new"
78 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
79 * "old" one. Personally, I think the new semantics is much more logical.
80 * Note that "ln old new" where "new" is a symlink pointing to a non-existing
81 * file does succeed in both HP-UX and SunOs, but not in Solaris
82 * and in the old Linux semantics.
85 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
86 * semantics. See the comments in "open_namei" and "do_link" below.
88 * [10-Sep-98 Alan Modra] Another symlink change.
91 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
92 * inside the path - always follow.
93 * in the last component in creation/removal/renaming - never follow.
94 * if LOOKUP_FOLLOW passed - follow.
95 * if the pathname has trailing slashes - follow.
96 * otherwise - don't follow.
97 * (applied in that order).
99 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
100 * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
101 * During the 2.4 we need to fix the userland stuff depending on it -
102 * hopefully we will be able to get rid of that wart in 2.5. So far only
103 * XEmacs seems to be relying on it...
106 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
107 * implemented. Let's see if raised priority of ->s_vfs_rename_mutex gives
108 * any extra contention...
111 /* In order to reduce some races, while at the same time doing additional
112 * checking and hopefully speeding things up, we copy filenames to the
113 * kernel data space before using them..
115 * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
116 * PATH_MAX includes the nul terminator --RR.
118 static int do_getname(const char __user *filename, char *page)
121 unsigned long len = PATH_MAX;
123 if (!segment_eq(get_fs(), KERNEL_DS)) {
124 if ((unsigned long) filename >= TASK_SIZE)
126 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
127 len = TASK_SIZE - (unsigned long) filename;
130 retval = strncpy_from_user(page, filename, len);
134 return -ENAMETOOLONG;
140 static char *getname_flags(const char __user * filename, int flags)
144 result = ERR_PTR(-ENOMEM);
147 int retval = do_getname(filename, tmp);
151 if (retval != -ENOENT || !(flags & LOOKUP_EMPTY)) {
153 result = ERR_PTR(retval);
157 audit_getname(result);
161 char *getname(const char __user * filename)
163 return getname_flags(filename, 0);
166 #ifdef CONFIG_AUDITSYSCALL
167 void putname(const char *name)
169 if (unlikely(!audit_dummy_context()))
174 EXPORT_SYMBOL(putname);
177 static int check_acl(struct inode *inode, int mask)
179 #ifdef CONFIG_FS_POSIX_ACL
180 struct posix_acl *acl;
183 * Under RCU walk, we cannot even do a "get_cached_acl()",
184 * because that involves locking and getting a refcount on
187 * So the only case we handle during RCU walking is the
188 * case of a cached "no ACL at all", which needs no locks
191 if (mask & MAY_NOT_BLOCK) {
192 if (negative_cached_acl(inode, ACL_TYPE_ACCESS))
197 acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
200 * A filesystem can force a ACL callback by just never filling the
201 * ACL cache. But normally you'd fill the cache either at inode
202 * instantiation time, or on the first ->get_acl call.
204 * If the filesystem doesn't have a get_acl() function at all, we'll
205 * just create the negative cache entry.
207 if (acl == ACL_NOT_CACHED) {
208 if (inode->i_op->get_acl) {
209 acl = inode->i_op->get_acl(inode, ACL_TYPE_ACCESS);
213 set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
219 int error = posix_acl_permission(inode, acl, mask);
220 posix_acl_release(acl);
229 * This does basic POSIX ACL permission checking
231 static int acl_permission_check(struct inode *inode, int mask)
233 unsigned int mode = inode->i_mode;
235 mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK;
237 if (current_user_ns() != inode_userns(inode))
240 if (likely(current_fsuid() == inode->i_uid))
243 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
244 int error = check_acl(inode, mask);
245 if (error != -EAGAIN)
249 if (in_group_p(inode->i_gid))
255 * If the DACs are ok we don't need any capability check.
257 if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
263 * generic_permission - check for access rights on a Posix-like filesystem
264 * @inode: inode to check access rights for
265 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
267 * Used to check for read/write/execute permissions on a file.
268 * We use "fsuid" for this, letting us set arbitrary permissions
269 * for filesystem access without changing the "normal" uids which
270 * are used for other things.
272 * generic_permission is rcu-walk aware. It returns -ECHILD in case an rcu-walk
273 * request cannot be satisfied (eg. requires blocking or too much complexity).
274 * It would then be called again in ref-walk mode.
276 int generic_permission(struct inode *inode, int mask)
281 * Do the basic POSIX ACL permission checks.
283 ret = acl_permission_check(inode, mask);
287 if (S_ISDIR(inode->i_mode)) {
288 /* DACs are overridable for directories */
289 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
291 if (!(mask & MAY_WRITE))
292 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
297 * Read/write DACs are always overridable.
298 * Executable DACs are overridable when there is
299 * at least one exec bit set.
301 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
302 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
306 * Searching includes executable on directories, else just read.
308 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
309 if (mask == MAY_READ)
310 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
317 * inode_permission - check for access rights to a given inode
318 * @inode: inode to check permission on
319 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
321 * Used to check for read/write/execute permissions on an inode.
322 * We use "fsuid" for this, letting us set arbitrary permissions
323 * for filesystem access without changing the "normal" uids which
324 * are used for other things.
326 int inode_permission(struct inode *inode, int mask)
330 if (mask & MAY_WRITE) {
331 umode_t mode = inode->i_mode;
334 * Nobody gets write access to a read-only fs.
336 if (IS_RDONLY(inode) &&
337 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
341 * Nobody gets write access to an immutable file.
343 if (IS_IMMUTABLE(inode))
347 if (inode->i_op->permission)
348 retval = inode->i_op->permission(inode, mask);
350 retval = generic_permission(inode, mask);
355 retval = devcgroup_inode_permission(inode, mask);
359 return security_inode_permission(inode, mask);
363 * path_get - get a reference to a path
364 * @path: path to get the reference to
366 * Given a path increment the reference count to the dentry and the vfsmount.
368 void path_get(struct path *path)
373 EXPORT_SYMBOL(path_get);
376 * path_put - put a reference to a path
377 * @path: path to put the reference to
379 * Given a path decrement the reference count to the dentry and the vfsmount.
381 void path_put(struct path *path)
386 EXPORT_SYMBOL(path_put);
389 * Path walking has 2 modes, rcu-walk and ref-walk (see
390 * Documentation/filesystems/path-lookup.txt). In situations when we can't
391 * continue in RCU mode, we attempt to drop out of rcu-walk mode and grab
392 * normal reference counts on dentries and vfsmounts to transition to rcu-walk
393 * mode. Refcounts are grabbed at the last known good point before rcu-walk
394 * got stuck, so ref-walk may continue from there. If this is not successful
395 * (eg. a seqcount has changed), then failure is returned and it's up to caller
396 * to restart the path walk from the beginning in ref-walk mode.
400 * unlazy_walk - try to switch to ref-walk mode.
401 * @nd: nameidata pathwalk data
402 * @dentry: child of nd->path.dentry or NULL
403 * Returns: 0 on success, -ECHILD on failure
405 * unlazy_walk attempts to legitimize the current nd->path, nd->root and dentry
406 * for ref-walk mode. @dentry must be a path found by a do_lookup call on
407 * @nd or NULL. Must be called from rcu-walk context.
409 static int unlazy_walk(struct nameidata *nd, struct dentry *dentry)
411 struct fs_struct *fs = current->fs;
412 struct dentry *parent = nd->path.dentry;
415 BUG_ON(!(nd->flags & LOOKUP_RCU));
416 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
418 spin_lock(&fs->lock);
419 if (nd->root.mnt != fs->root.mnt ||
420 nd->root.dentry != fs->root.dentry)
423 spin_lock(&parent->d_lock);
425 if (!__d_rcu_to_refcount(parent, nd->seq))
427 BUG_ON(nd->inode != parent->d_inode);
429 if (dentry->d_parent != parent)
431 spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
432 if (!__d_rcu_to_refcount(dentry, nd->seq))
435 * If the sequence check on the child dentry passed, then
436 * the child has not been removed from its parent. This
437 * means the parent dentry must be valid and able to take
438 * a reference at this point.
440 BUG_ON(!IS_ROOT(dentry) && dentry->d_parent != parent);
441 BUG_ON(!parent->d_count);
443 spin_unlock(&dentry->d_lock);
445 spin_unlock(&parent->d_lock);
448 spin_unlock(&fs->lock);
450 mntget(nd->path.mnt);
453 br_read_unlock(vfsmount_lock);
454 nd->flags &= ~LOOKUP_RCU;
458 spin_unlock(&dentry->d_lock);
460 spin_unlock(&parent->d_lock);
463 spin_unlock(&fs->lock);
468 * release_open_intent - free up open intent resources
469 * @nd: pointer to nameidata
471 void release_open_intent(struct nameidata *nd)
473 struct file *file = nd->intent.open.file;
475 if (file && !IS_ERR(file)) {
476 if (file->f_path.dentry == NULL)
483 static inline int d_revalidate(struct dentry *dentry, struct nameidata *nd)
485 return dentry->d_op->d_revalidate(dentry, nd);
489 * complete_walk - successful completion of path walk
490 * @nd: pointer nameidata
492 * If we had been in RCU mode, drop out of it and legitimize nd->path.
493 * Revalidate the final result, unless we'd already done that during
494 * the path walk or the filesystem doesn't ask for it. Return 0 on
495 * success, -error on failure. In case of failure caller does not
496 * need to drop nd->path.
498 static int complete_walk(struct nameidata *nd)
500 struct dentry *dentry = nd->path.dentry;
503 if (nd->flags & LOOKUP_RCU) {
504 nd->flags &= ~LOOKUP_RCU;
505 if (!(nd->flags & LOOKUP_ROOT))
507 spin_lock(&dentry->d_lock);
508 if (unlikely(!__d_rcu_to_refcount(dentry, nd->seq))) {
509 spin_unlock(&dentry->d_lock);
511 br_read_unlock(vfsmount_lock);
514 BUG_ON(nd->inode != dentry->d_inode);
515 spin_unlock(&dentry->d_lock);
516 mntget(nd->path.mnt);
518 br_read_unlock(vfsmount_lock);
521 if (likely(!(nd->flags & LOOKUP_JUMPED)))
524 if (likely(!(dentry->d_flags & DCACHE_OP_REVALIDATE)))
527 if (likely(!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)))
530 /* Note: we do not d_invalidate() */
531 status = d_revalidate(dentry, nd);
542 static __always_inline void set_root(struct nameidata *nd)
545 get_fs_root(current->fs, &nd->root);
548 static int link_path_walk(const char *, struct nameidata *);
550 static __always_inline void set_root_rcu(struct nameidata *nd)
553 struct fs_struct *fs = current->fs;
557 seq = read_seqcount_begin(&fs->seq);
559 nd->seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
560 } while (read_seqcount_retry(&fs->seq, seq));
564 static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
576 nd->flags |= LOOKUP_JUMPED;
578 nd->inode = nd->path.dentry->d_inode;
580 ret = link_path_walk(link, nd);
584 return PTR_ERR(link);
587 static void path_put_conditional(struct path *path, struct nameidata *nd)
590 if (path->mnt != nd->path.mnt)
594 static inline void path_to_nameidata(const struct path *path,
595 struct nameidata *nd)
597 if (!(nd->flags & LOOKUP_RCU)) {
598 dput(nd->path.dentry);
599 if (nd->path.mnt != path->mnt)
600 mntput(nd->path.mnt);
602 nd->path.mnt = path->mnt;
603 nd->path.dentry = path->dentry;
606 static inline void put_link(struct nameidata *nd, struct path *link, void *cookie)
608 struct inode *inode = link->dentry->d_inode;
609 if (!IS_ERR(cookie) && inode->i_op->put_link)
610 inode->i_op->put_link(link->dentry, nd, cookie);
614 static __always_inline int
615 follow_link(struct path *link, struct nameidata *nd, void **p)
618 struct dentry *dentry = link->dentry;
620 BUG_ON(nd->flags & LOOKUP_RCU);
622 if (link->mnt == nd->path.mnt)
625 if (unlikely(current->total_link_count >= 40)) {
626 *p = ERR_PTR(-ELOOP); /* no ->put_link(), please */
631 current->total_link_count++;
633 touch_atime(link->mnt, dentry);
634 nd_set_link(nd, NULL);
636 error = security_inode_follow_link(link->dentry, nd);
638 *p = ERR_PTR(error); /* no ->put_link(), please */
643 nd->last_type = LAST_BIND;
644 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
647 char *s = nd_get_link(nd);
650 error = __vfs_follow_link(nd, s);
651 else if (nd->last_type == LAST_BIND) {
652 nd->flags |= LOOKUP_JUMPED;
653 nd->inode = nd->path.dentry->d_inode;
654 if (nd->inode->i_op->follow_link) {
655 /* stepped on a _really_ weird one */
664 static int follow_up_rcu(struct path *path)
666 struct vfsmount *parent;
667 struct dentry *mountpoint;
669 parent = path->mnt->mnt_parent;
670 if (parent == path->mnt)
672 mountpoint = path->mnt->mnt_mountpoint;
673 path->dentry = mountpoint;
678 int follow_up(struct path *path)
680 struct vfsmount *parent;
681 struct dentry *mountpoint;
683 br_read_lock(vfsmount_lock);
684 parent = path->mnt->mnt_parent;
685 if (parent == path->mnt) {
686 br_read_unlock(vfsmount_lock);
690 mountpoint = dget(path->mnt->mnt_mountpoint);
691 br_read_unlock(vfsmount_lock);
693 path->dentry = mountpoint;
700 * Perform an automount
701 * - return -EISDIR to tell follow_managed() to stop and return the path we
704 static int follow_automount(struct path *path, unsigned flags,
707 struct vfsmount *mnt;
710 if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
713 /* We don't want to mount if someone supplied AT_NO_AUTOMOUNT
714 * and this is the terminal part of the path.
716 if ((flags & LOOKUP_NO_AUTOMOUNT) && !(flags & LOOKUP_PARENT))
717 return -EISDIR; /* we actually want to stop here */
719 /* We want to mount if someone is trying to open/create a file of any
720 * type under the mountpoint, wants to traverse through the mountpoint
721 * or wants to open the mounted directory.
723 * We don't want to mount if someone's just doing a stat and they've
724 * set AT_SYMLINK_NOFOLLOW - unless they're stat'ing a directory and
725 * appended a '/' to the name.
727 if (!(flags & LOOKUP_FOLLOW) &&
728 !(flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY |
729 LOOKUP_OPEN | LOOKUP_CREATE)))
732 current->total_link_count++;
733 if (current->total_link_count >= 40)
736 mnt = path->dentry->d_op->d_automount(path);
739 * The filesystem is allowed to return -EISDIR here to indicate
740 * it doesn't want to automount. For instance, autofs would do
741 * this so that its userspace daemon can mount on this dentry.
743 * However, we can only permit this if it's a terminal point in
744 * the path being looked up; if it wasn't then the remainder of
745 * the path is inaccessible and we should say so.
747 if (PTR_ERR(mnt) == -EISDIR && (flags & LOOKUP_PARENT))
752 if (!mnt) /* mount collision */
756 /* lock_mount() may release path->mnt on error */
760 err = finish_automount(mnt, path);
764 /* Someone else made a mount here whilst we were busy */
769 path->dentry = dget(mnt->mnt_root);
778 * Handle a dentry that is managed in some way.
779 * - Flagged for transit management (autofs)
780 * - Flagged as mountpoint
781 * - Flagged as automount point
783 * This may only be called in refwalk mode.
785 * Serialization is taken care of in namespace.c
787 static int follow_managed(struct path *path, unsigned flags)
789 struct vfsmount *mnt = path->mnt; /* held by caller, must be left alone */
791 bool need_mntput = false;
794 /* Given that we're not holding a lock here, we retain the value in a
795 * local variable for each dentry as we look at it so that we don't see
796 * the components of that value change under us */
797 while (managed = ACCESS_ONCE(path->dentry->d_flags),
798 managed &= DCACHE_MANAGED_DENTRY,
799 unlikely(managed != 0)) {
800 /* Allow the filesystem to manage the transit without i_mutex
802 if (managed & DCACHE_MANAGE_TRANSIT) {
803 BUG_ON(!path->dentry->d_op);
804 BUG_ON(!path->dentry->d_op->d_manage);
805 ret = path->dentry->d_op->d_manage(path->dentry, false);
810 /* Transit to a mounted filesystem. */
811 if (managed & DCACHE_MOUNTED) {
812 struct vfsmount *mounted = lookup_mnt(path);
818 path->dentry = dget(mounted->mnt_root);
823 /* Something is mounted on this dentry in another
824 * namespace and/or whatever was mounted there in this
825 * namespace got unmounted before we managed to get the
829 /* Handle an automount point */
830 if (managed & DCACHE_NEED_AUTOMOUNT) {
831 ret = follow_automount(path, flags, &need_mntput);
837 /* We didn't change the current path point */
841 if (need_mntput && path->mnt == mnt)
848 int follow_down_one(struct path *path)
850 struct vfsmount *mounted;
852 mounted = lookup_mnt(path);
857 path->dentry = dget(mounted->mnt_root);
863 static inline bool managed_dentry_might_block(struct dentry *dentry)
865 return (dentry->d_flags & DCACHE_MANAGE_TRANSIT &&
866 dentry->d_op->d_manage(dentry, true) < 0);
870 * Try to skip to top of mountpoint pile in rcuwalk mode. Fail if
871 * we meet a managed dentry that would need blocking.
873 static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
874 struct inode **inode)
877 struct vfsmount *mounted;
879 * Don't forget we might have a non-mountpoint managed dentry
880 * that wants to block transit.
882 if (unlikely(managed_dentry_might_block(path->dentry)))
885 if (!d_mountpoint(path->dentry))
888 mounted = __lookup_mnt(path->mnt, path->dentry, 1);
892 path->dentry = mounted->mnt_root;
893 nd->seq = read_seqcount_begin(&path->dentry->d_seq);
895 * Update the inode too. We don't need to re-check the
896 * dentry sequence number here after this d_inode read,
897 * because a mount-point is always pinned.
899 *inode = path->dentry->d_inode;
904 static void follow_mount_rcu(struct nameidata *nd)
906 while (d_mountpoint(nd->path.dentry)) {
907 struct vfsmount *mounted;
908 mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry, 1);
911 nd->path.mnt = mounted;
912 nd->path.dentry = mounted->mnt_root;
913 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
917 static int follow_dotdot_rcu(struct nameidata *nd)
922 if (nd->path.dentry == nd->root.dentry &&
923 nd->path.mnt == nd->root.mnt) {
926 if (nd->path.dentry != nd->path.mnt->mnt_root) {
927 struct dentry *old = nd->path.dentry;
928 struct dentry *parent = old->d_parent;
931 seq = read_seqcount_begin(&parent->d_seq);
932 if (read_seqcount_retry(&old->d_seq, nd->seq))
934 nd->path.dentry = parent;
938 if (!follow_up_rcu(&nd->path))
940 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
942 follow_mount_rcu(nd);
943 nd->inode = nd->path.dentry->d_inode;
947 nd->flags &= ~LOOKUP_RCU;
948 if (!(nd->flags & LOOKUP_ROOT))
951 br_read_unlock(vfsmount_lock);
956 * Follow down to the covering mount currently visible to userspace. At each
957 * point, the filesystem owning that dentry may be queried as to whether the
958 * caller is permitted to proceed or not.
960 int follow_down(struct path *path)
965 while (managed = ACCESS_ONCE(path->dentry->d_flags),
966 unlikely(managed & DCACHE_MANAGED_DENTRY)) {
967 /* Allow the filesystem to manage the transit without i_mutex
970 * We indicate to the filesystem if someone is trying to mount
971 * something here. This gives autofs the chance to deny anyone
972 * other than its daemon the right to mount on its
975 * The filesystem may sleep at this point.
977 if (managed & DCACHE_MANAGE_TRANSIT) {
978 BUG_ON(!path->dentry->d_op);
979 BUG_ON(!path->dentry->d_op->d_manage);
980 ret = path->dentry->d_op->d_manage(
981 path->dentry, false);
983 return ret == -EISDIR ? 0 : ret;
986 /* Transit to a mounted filesystem. */
987 if (managed & DCACHE_MOUNTED) {
988 struct vfsmount *mounted = lookup_mnt(path);
994 path->dentry = dget(mounted->mnt_root);
998 /* Don't handle automount points here */
1005 * Skip to top of mountpoint pile in refwalk mode for follow_dotdot()
1007 static void follow_mount(struct path *path)
1009 while (d_mountpoint(path->dentry)) {
1010 struct vfsmount *mounted = lookup_mnt(path);
1015 path->mnt = mounted;
1016 path->dentry = dget(mounted->mnt_root);
1020 static void follow_dotdot(struct nameidata *nd)
1025 struct dentry *old = nd->path.dentry;
1027 if (nd->path.dentry == nd->root.dentry &&
1028 nd->path.mnt == nd->root.mnt) {
1031 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1032 /* rare case of legitimate dget_parent()... */
1033 nd->path.dentry = dget_parent(nd->path.dentry);
1037 if (!follow_up(&nd->path))
1040 follow_mount(&nd->path);
1041 nd->inode = nd->path.dentry->d_inode;
1045 * Allocate a dentry with name and parent, and perform a parent
1046 * directory ->lookup on it. Returns the new dentry, or ERR_PTR
1047 * on error. parent->d_inode->i_mutex must be held. d_lookup must
1048 * have verified that no child exists while under i_mutex.
1050 static struct dentry *d_alloc_and_lookup(struct dentry *parent,
1051 struct qstr *name, struct nameidata *nd)
1053 struct inode *inode = parent->d_inode;
1054 struct dentry *dentry;
1057 /* Don't create child dentry for a dead directory. */
1058 if (unlikely(IS_DEADDIR(inode)))
1059 return ERR_PTR(-ENOENT);
1061 dentry = d_alloc(parent, name);
1062 if (unlikely(!dentry))
1063 return ERR_PTR(-ENOMEM);
1065 old = inode->i_op->lookup(inode, dentry, nd);
1066 if (unlikely(old)) {
1074 * We already have a dentry, but require a lookup to be performed on the parent
1075 * directory to fill in d_inode. Returns the new dentry, or ERR_PTR on error.
1076 * parent->d_inode->i_mutex must be held. d_lookup must have verified that no
1077 * child exists while under i_mutex.
1079 static struct dentry *d_inode_lookup(struct dentry *parent, struct dentry *dentry,
1080 struct nameidata *nd)
1082 struct inode *inode = parent->d_inode;
1085 /* Don't create child dentry for a dead directory. */
1086 if (unlikely(IS_DEADDIR(inode)))
1087 return ERR_PTR(-ENOENT);
1089 old = inode->i_op->lookup(inode, dentry, nd);
1090 if (unlikely(old)) {
1098 * It's more convoluted than I'd like it to be, but... it's still fairly
1099 * small and for now I'd prefer to have fast path as straight as possible.
1100 * It _is_ time-critical.
1102 static int do_lookup(struct nameidata *nd, struct qstr *name,
1103 struct path *path, struct inode **inode)
1105 struct vfsmount *mnt = nd->path.mnt;
1106 struct dentry *dentry, *parent = nd->path.dentry;
1112 * Rename seqlock is not required here because in the off chance
1113 * of a false negative due to a concurrent rename, we're going to
1114 * do the non-racy lookup, below.
1116 if (nd->flags & LOOKUP_RCU) {
1119 dentry = __d_lookup_rcu(parent, name, &seq, inode);
1123 /* Memory barrier in read_seqcount_begin of child is enough */
1124 if (__read_seqcount_retry(&parent->d_seq, nd->seq))
1128 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1129 status = d_revalidate(dentry, nd);
1130 if (unlikely(status <= 0)) {
1131 if (status != -ECHILD)
1136 if (unlikely(d_need_lookup(dentry)))
1139 path->dentry = dentry;
1140 if (unlikely(!__follow_mount_rcu(nd, path, inode)))
1142 if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT))
1146 if (unlazy_walk(nd, dentry))
1149 dentry = __d_lookup(parent, name);
1152 if (dentry && unlikely(d_need_lookup(dentry))) {
1157 if (unlikely(!dentry)) {
1158 struct inode *dir = parent->d_inode;
1159 BUG_ON(nd->inode != dir);
1161 mutex_lock(&dir->i_mutex);
1162 dentry = d_lookup(parent, name);
1163 if (likely(!dentry)) {
1164 dentry = d_alloc_and_lookup(parent, name, nd);
1165 if (IS_ERR(dentry)) {
1166 mutex_unlock(&dir->i_mutex);
1167 return PTR_ERR(dentry);
1172 } else if (unlikely(d_need_lookup(dentry))) {
1173 dentry = d_inode_lookup(parent, dentry, nd);
1174 if (IS_ERR(dentry)) {
1175 mutex_unlock(&dir->i_mutex);
1176 return PTR_ERR(dentry);
1182 mutex_unlock(&dir->i_mutex);
1184 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE) && need_reval)
1185 status = d_revalidate(dentry, nd);
1186 if (unlikely(status <= 0)) {
1191 if (!d_invalidate(dentry)) {
1200 path->dentry = dentry;
1201 err = follow_managed(path, nd->flags);
1202 if (unlikely(err < 0)) {
1203 path_put_conditional(path, nd);
1206 *inode = path->dentry->d_inode;
1210 static inline int may_lookup(struct nameidata *nd)
1212 if (nd->flags & LOOKUP_RCU) {
1213 int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1216 if (unlazy_walk(nd, NULL))
1219 return inode_permission(nd->inode, MAY_EXEC);
1222 static inline int handle_dots(struct nameidata *nd, int type)
1224 if (type == LAST_DOTDOT) {
1225 if (nd->flags & LOOKUP_RCU) {
1226 if (follow_dotdot_rcu(nd))
1234 static void terminate_walk(struct nameidata *nd)
1236 if (!(nd->flags & LOOKUP_RCU)) {
1237 path_put(&nd->path);
1239 nd->flags &= ~LOOKUP_RCU;
1240 if (!(nd->flags & LOOKUP_ROOT))
1241 nd->root.mnt = NULL;
1243 br_read_unlock(vfsmount_lock);
1247 static inline int walk_component(struct nameidata *nd, struct path *path,
1248 struct qstr *name, int type, int follow)
1250 struct inode *inode;
1253 * "." and ".." are special - ".." especially so because it has
1254 * to be able to know about the current root directory and
1255 * parent relationships.
1257 if (unlikely(type != LAST_NORM))
1258 return handle_dots(nd, type);
1259 err = do_lookup(nd, name, path, &inode);
1260 if (unlikely(err)) {
1265 path_to_nameidata(path, nd);
1269 if (unlikely(inode->i_op->follow_link) && follow) {
1270 if (nd->flags & LOOKUP_RCU) {
1271 if (unlikely(unlazy_walk(nd, path->dentry))) {
1276 BUG_ON(inode != path->dentry->d_inode);
1279 path_to_nameidata(path, nd);
1285 * This limits recursive symlink follows to 8, while
1286 * limiting consecutive symlinks to 40.
1288 * Without that kind of total limit, nasty chains of consecutive
1289 * symlinks can cause almost arbitrarily long lookups.
1291 static inline int nested_symlink(struct path *path, struct nameidata *nd)
1295 if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
1296 path_put_conditional(path, nd);
1297 path_put(&nd->path);
1300 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
1303 current->link_count++;
1306 struct path link = *path;
1309 res = follow_link(&link, nd, &cookie);
1311 res = walk_component(nd, path, &nd->last,
1312 nd->last_type, LOOKUP_FOLLOW);
1313 put_link(nd, &link, cookie);
1316 current->link_count--;
1323 * This is the basic name resolution function, turning a pathname into
1324 * the final dentry. We expect 'base' to be positive and a directory.
1326 * Returns 0 and nd will have valid dentry and mnt on success.
1327 * Returns error and drops reference to input namei data on failure.
1329 static int link_path_walk(const char *name, struct nameidata *nd)
1339 /* At this point we know we have a real path component. */
1346 err = may_lookup(nd);
1351 c = *(const unsigned char *)name;
1353 hash = init_name_hash();
1356 hash = partial_name_hash(c, hash);
1357 c = *(const unsigned char *)name;
1358 } while (c && (c != '/'));
1359 this.len = name - (const char *) this.name;
1360 this.hash = end_name_hash(hash);
1363 if (this.name[0] == '.') switch (this.len) {
1365 if (this.name[1] == '.') {
1367 nd->flags |= LOOKUP_JUMPED;
1373 if (likely(type == LAST_NORM)) {
1374 struct dentry *parent = nd->path.dentry;
1375 nd->flags &= ~LOOKUP_JUMPED;
1376 if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
1377 err = parent->d_op->d_hash(parent, nd->inode,
1384 /* remove trailing slashes? */
1386 goto last_component;
1387 while (*++name == '/');
1389 goto last_component;
1391 err = walk_component(nd, &next, &this, type, LOOKUP_FOLLOW);
1396 err = nested_symlink(&next, nd);
1401 if (!nd->inode->i_op->lookup)
1404 /* here ends the main loop */
1408 nd->last_type = type;
1415 static int path_init(int dfd, const char *name, unsigned int flags,
1416 struct nameidata *nd, struct file **fp)
1422 nd->last_type = LAST_ROOT; /* if there are only slashes... */
1423 nd->flags = flags | LOOKUP_JUMPED;
1425 if (flags & LOOKUP_ROOT) {
1426 struct inode *inode = nd->root.dentry->d_inode;
1428 if (!inode->i_op->lookup)
1430 retval = inode_permission(inode, MAY_EXEC);
1434 nd->path = nd->root;
1436 if (flags & LOOKUP_RCU) {
1437 br_read_lock(vfsmount_lock);
1439 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1441 path_get(&nd->path);
1446 nd->root.mnt = NULL;
1449 if (flags & LOOKUP_RCU) {
1450 br_read_lock(vfsmount_lock);
1455 path_get(&nd->root);
1457 nd->path = nd->root;
1458 } else if (dfd == AT_FDCWD) {
1459 if (flags & LOOKUP_RCU) {
1460 struct fs_struct *fs = current->fs;
1463 br_read_lock(vfsmount_lock);
1467 seq = read_seqcount_begin(&fs->seq);
1469 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1470 } while (read_seqcount_retry(&fs->seq, seq));
1472 get_fs_pwd(current->fs, &nd->path);
1475 struct dentry *dentry;
1477 file = fget_raw_light(dfd, &fput_needed);
1482 dentry = file->f_path.dentry;
1486 if (!S_ISDIR(dentry->d_inode->i_mode))
1489 retval = inode_permission(dentry->d_inode, MAY_EXEC);
1494 nd->path = file->f_path;
1495 if (flags & LOOKUP_RCU) {
1498 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1499 br_read_lock(vfsmount_lock);
1502 path_get(&file->f_path);
1503 fput_light(file, fput_needed);
1507 nd->inode = nd->path.dentry->d_inode;
1511 fput_light(file, fput_needed);
1516 static inline int lookup_last(struct nameidata *nd, struct path *path)
1518 if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
1519 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
1521 nd->flags &= ~LOOKUP_PARENT;
1522 return walk_component(nd, path, &nd->last, nd->last_type,
1523 nd->flags & LOOKUP_FOLLOW);
1526 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
1527 static int path_lookupat(int dfd, const char *name,
1528 unsigned int flags, struct nameidata *nd)
1530 struct file *base = NULL;
1535 * Path walking is largely split up into 2 different synchronisation
1536 * schemes, rcu-walk and ref-walk (explained in
1537 * Documentation/filesystems/path-lookup.txt). These share much of the
1538 * path walk code, but some things particularly setup, cleanup, and
1539 * following mounts are sufficiently divergent that functions are
1540 * duplicated. Typically there is a function foo(), and its RCU
1541 * analogue, foo_rcu().
1543 * -ECHILD is the error number of choice (just to avoid clashes) that
1544 * is returned if some aspect of an rcu-walk fails. Such an error must
1545 * be handled by restarting a traditional ref-walk (which will always
1546 * be able to complete).
1548 err = path_init(dfd, name, flags | LOOKUP_PARENT, nd, &base);
1553 current->total_link_count = 0;
1554 err = link_path_walk(name, nd);
1556 if (!err && !(flags & LOOKUP_PARENT)) {
1557 err = lookup_last(nd, &path);
1560 struct path link = path;
1561 nd->flags |= LOOKUP_PARENT;
1562 err = follow_link(&link, nd, &cookie);
1564 err = lookup_last(nd, &path);
1565 put_link(nd, &link, cookie);
1570 err = complete_walk(nd);
1572 if (!err && nd->flags & LOOKUP_DIRECTORY) {
1573 if (!nd->inode->i_op->lookup) {
1574 path_put(&nd->path);
1582 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
1583 path_put(&nd->root);
1584 nd->root.mnt = NULL;
1589 static int do_path_lookup(int dfd, const char *name,
1590 unsigned int flags, struct nameidata *nd)
1592 int retval = path_lookupat(dfd, name, flags | LOOKUP_RCU, nd);
1593 if (unlikely(retval == -ECHILD))
1594 retval = path_lookupat(dfd, name, flags, nd);
1595 if (unlikely(retval == -ESTALE))
1596 retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
1598 if (likely(!retval)) {
1599 if (unlikely(!audit_dummy_context())) {
1600 if (nd->path.dentry && nd->inode)
1601 audit_inode(name, nd->path.dentry);
1607 int kern_path_parent(const char *name, struct nameidata *nd)
1609 return do_path_lookup(AT_FDCWD, name, LOOKUP_PARENT, nd);
1612 int kern_path(const char *name, unsigned int flags, struct path *path)
1614 struct nameidata nd;
1615 int res = do_path_lookup(AT_FDCWD, name, flags, &nd);
1622 * vfs_path_lookup - lookup a file path relative to a dentry-vfsmount pair
1623 * @dentry: pointer to dentry of the base directory
1624 * @mnt: pointer to vfs mount of the base directory
1625 * @name: pointer to file name
1626 * @flags: lookup flags
1627 * @path: pointer to struct path to fill
1629 int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1630 const char *name, unsigned int flags,
1633 struct nameidata nd;
1635 nd.root.dentry = dentry;
1637 BUG_ON(flags & LOOKUP_PARENT);
1638 /* the first argument of do_path_lookup() is ignored with LOOKUP_ROOT */
1639 err = do_path_lookup(AT_FDCWD, name, flags | LOOKUP_ROOT, &nd);
1645 static struct dentry *__lookup_hash(struct qstr *name,
1646 struct dentry *base, struct nameidata *nd)
1648 struct inode *inode = base->d_inode;
1649 struct dentry *dentry;
1652 err = inode_permission(inode, MAY_EXEC);
1654 return ERR_PTR(err);
1657 * Don't bother with __d_lookup: callers are for creat as
1658 * well as unlink, so a lot of the time it would cost
1661 dentry = d_lookup(base, name);
1663 if (dentry && d_need_lookup(dentry)) {
1665 * __lookup_hash is called with the parent dir's i_mutex already
1666 * held, so we are good to go here.
1668 dentry = d_inode_lookup(base, dentry, nd);
1673 if (dentry && (dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1674 int status = d_revalidate(dentry, nd);
1675 if (unlikely(status <= 0)) {
1677 * The dentry failed validation.
1678 * If d_revalidate returned 0 attempt to invalidate
1679 * the dentry otherwise d_revalidate is asking us
1680 * to return a fail status.
1684 return ERR_PTR(status);
1685 } else if (!d_invalidate(dentry)) {
1693 dentry = d_alloc_and_lookup(base, name, nd);
1699 * Restricted form of lookup. Doesn't follow links, single-component only,
1700 * needs parent already locked. Doesn't follow mounts.
1703 static struct dentry *lookup_hash(struct nameidata *nd)
1705 return __lookup_hash(&nd->last, nd->path.dentry, nd);
1709 * lookup_one_len - filesystem helper to lookup single pathname component
1710 * @name: pathname component to lookup
1711 * @base: base directory to lookup from
1712 * @len: maximum length @len should be interpreted to
1714 * Note that this routine is purely a helper for filesystem usage and should
1715 * not be called by generic code. Also note that by using this function the
1716 * nameidata argument is passed to the filesystem methods and a filesystem
1717 * using this helper needs to be prepared for that.
1719 struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1725 WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex));
1730 return ERR_PTR(-EACCES);
1732 hash = init_name_hash();
1734 c = *(const unsigned char *)name++;
1735 if (c == '/' || c == '\0')
1736 return ERR_PTR(-EACCES);
1737 hash = partial_name_hash(c, hash);
1739 this.hash = end_name_hash(hash);
1741 * See if the low-level filesystem might want
1742 * to use its own hash..
1744 if (base->d_flags & DCACHE_OP_HASH) {
1745 int err = base->d_op->d_hash(base, base->d_inode, &this);
1747 return ERR_PTR(err);
1750 return __lookup_hash(&this, base, NULL);
1753 int user_path_at(int dfd, const char __user *name, unsigned flags,
1756 struct nameidata nd;
1757 char *tmp = getname_flags(name, flags);
1758 int err = PTR_ERR(tmp);
1761 BUG_ON(flags & LOOKUP_PARENT);
1763 err = do_path_lookup(dfd, tmp, flags, &nd);
1771 static int user_path_parent(int dfd, const char __user *path,
1772 struct nameidata *nd, char **name)
1774 char *s = getname(path);
1780 error = do_path_lookup(dfd, s, LOOKUP_PARENT, nd);
1790 * It's inline, so penalty for filesystems that don't use sticky bit is
1793 static inline int check_sticky(struct inode *dir, struct inode *inode)
1795 uid_t fsuid = current_fsuid();
1797 if (!(dir->i_mode & S_ISVTX))
1799 if (current_user_ns() != inode_userns(inode))
1801 if (inode->i_uid == fsuid)
1803 if (dir->i_uid == fsuid)
1807 return !ns_capable(inode_userns(inode), CAP_FOWNER);
1811 * Check whether we can remove a link victim from directory dir, check
1812 * whether the type of victim is right.
1813 * 1. We can't do it if dir is read-only (done in permission())
1814 * 2. We should have write and exec permissions on dir
1815 * 3. We can't remove anything from append-only dir
1816 * 4. We can't do anything with immutable dir (done in permission())
1817 * 5. If the sticky bit on dir is set we should either
1818 * a. be owner of dir, or
1819 * b. be owner of victim, or
1820 * c. have CAP_FOWNER capability
1821 * 6. If the victim is append-only or immutable we can't do antyhing with
1822 * links pointing to it.
1823 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
1824 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
1825 * 9. We can't remove a root or mountpoint.
1826 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
1827 * nfs_async_unlink().
1829 static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1833 if (!victim->d_inode)
1836 BUG_ON(victim->d_parent->d_inode != dir);
1837 audit_inode_child(victim, dir);
1839 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
1844 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1845 IS_IMMUTABLE(victim->d_inode) || IS_SWAPFILE(victim->d_inode))
1848 if (!S_ISDIR(victim->d_inode->i_mode))
1850 if (IS_ROOT(victim))
1852 } else if (S_ISDIR(victim->d_inode->i_mode))
1854 if (IS_DEADDIR(dir))
1856 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1861 /* Check whether we can create an object with dentry child in directory
1863 * 1. We can't do it if child already exists (open has special treatment for
1864 * this case, but since we are inlined it's OK)
1865 * 2. We can't do it if dir is read-only (done in permission())
1866 * 3. We should have write and exec permissions on dir
1867 * 4. We can't do it if dir is immutable (done in permission())
1869 static inline int may_create(struct inode *dir, struct dentry *child)
1873 if (IS_DEADDIR(dir))
1875 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
1879 * p1 and p2 should be directories on the same fs.
1881 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1886 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1890 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1892 p = d_ancestor(p2, p1);
1894 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT);
1895 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD);
1899 p = d_ancestor(p1, p2);
1901 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1902 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1906 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1907 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1911 void unlock_rename(struct dentry *p1, struct dentry *p2)
1913 mutex_unlock(&p1->d_inode->i_mutex);
1915 mutex_unlock(&p2->d_inode->i_mutex);
1916 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1920 int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1921 struct nameidata *nd)
1923 int error = may_create(dir, dentry);
1928 if (!dir->i_op->create)
1929 return -EACCES; /* shouldn't it be ENOSYS? */
1932 error = security_inode_create(dir, dentry, mode);
1935 error = dir->i_op->create(dir, dentry, mode, nd);
1937 fsnotify_create(dir, dentry);
1941 static int may_open(struct path *path, int acc_mode, int flag)
1943 struct dentry *dentry = path->dentry;
1944 struct inode *inode = dentry->d_inode;
1954 switch (inode->i_mode & S_IFMT) {
1958 if (acc_mode & MAY_WRITE)
1963 if (path->mnt->mnt_flags & MNT_NODEV)
1972 error = inode_permission(inode, acc_mode);
1977 * An append-only file must be opened in append mode for writing.
1979 if (IS_APPEND(inode)) {
1980 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
1986 /* O_NOATIME can only be set by the owner or superuser */
1987 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
1991 * Ensure there are no outstanding leases on the file.
1993 return break_lease(inode, flag);
1996 static int handle_truncate(struct file *filp)
1998 struct path *path = &filp->f_path;
1999 struct inode *inode = path->dentry->d_inode;
2000 int error = get_write_access(inode);
2004 * Refuse to truncate files with mandatory locks held on them.
2006 error = locks_verify_locked(inode);
2008 error = security_path_truncate(path);
2010 error = do_truncate(path->dentry, 0,
2011 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
2014 put_write_access(inode);
2018 static inline int open_to_namei_flags(int flag)
2020 if ((flag & O_ACCMODE) == 3)
2026 * Handle the last step of open()
2028 static struct file *do_last(struct nameidata *nd, struct path *path,
2029 const struct open_flags *op, const char *pathname)
2031 struct dentry *dir = nd->path.dentry;
2032 struct dentry *dentry;
2033 int open_flag = op->open_flag;
2034 int will_truncate = open_flag & O_TRUNC;
2036 int acc_mode = op->acc_mode;
2040 nd->flags &= ~LOOKUP_PARENT;
2041 nd->flags |= op->intent;
2043 switch (nd->last_type) {
2046 error = handle_dots(nd, nd->last_type);
2048 return ERR_PTR(error);
2051 error = complete_walk(nd);
2053 return ERR_PTR(error);
2054 audit_inode(pathname, nd->path.dentry);
2055 if (open_flag & O_CREAT) {
2061 error = complete_walk(nd);
2063 return ERR_PTR(error);
2064 audit_inode(pathname, dir);
2068 if (!(open_flag & O_CREAT)) {
2070 if (nd->last.name[nd->last.len])
2071 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
2072 if (open_flag & O_PATH && !(nd->flags & LOOKUP_FOLLOW))
2074 /* we _can_ be in RCU mode here */
2075 error = walk_component(nd, path, &nd->last, LAST_NORM,
2078 return ERR_PTR(error);
2079 if (error) /* symlink */
2082 error = complete_walk(nd);
2084 return ERR_PTR(-ECHILD);
2087 if (nd->flags & LOOKUP_DIRECTORY) {
2088 if (!nd->inode->i_op->lookup)
2091 audit_inode(pathname, nd->path.dentry);
2095 /* create side of things */
2096 error = complete_walk(nd);
2098 return ERR_PTR(error);
2100 audit_inode(pathname, dir);
2102 /* trailing slashes? */
2103 if (nd->last.name[nd->last.len])
2106 mutex_lock(&dir->d_inode->i_mutex);
2108 dentry = lookup_hash(nd);
2109 error = PTR_ERR(dentry);
2110 if (IS_ERR(dentry)) {
2111 mutex_unlock(&dir->d_inode->i_mutex);
2115 path->dentry = dentry;
2116 path->mnt = nd->path.mnt;
2118 /* Negative dentry, just create the file */
2119 if (!dentry->d_inode) {
2120 int mode = op->mode;
2121 if (!IS_POSIXACL(dir->d_inode))
2122 mode &= ~current_umask();
2124 * This write is needed to ensure that a
2125 * rw->ro transition does not occur between
2126 * the time when the file is created and when
2127 * a permanent write count is taken through
2128 * the 'struct file' in nameidata_to_filp().
2130 error = mnt_want_write(nd->path.mnt);
2132 goto exit_mutex_unlock;
2134 /* Don't check for write permission, don't truncate */
2135 open_flag &= ~O_TRUNC;
2137 acc_mode = MAY_OPEN;
2138 error = security_path_mknod(&nd->path, dentry, mode, 0);
2140 goto exit_mutex_unlock;
2141 error = vfs_create(dir->d_inode, dentry, mode, nd);
2143 goto exit_mutex_unlock;
2144 mutex_unlock(&dir->d_inode->i_mutex);
2145 dput(nd->path.dentry);
2146 nd->path.dentry = dentry;
2151 * It already exists.
2153 mutex_unlock(&dir->d_inode->i_mutex);
2154 audit_inode(pathname, path->dentry);
2157 if (open_flag & O_EXCL)
2160 error = follow_managed(path, nd->flags);
2165 if (!path->dentry->d_inode)
2168 if (path->dentry->d_inode->i_op->follow_link)
2171 path_to_nameidata(path, nd);
2172 nd->inode = path->dentry->d_inode;
2174 if (S_ISDIR(nd->inode->i_mode))
2177 if (!S_ISREG(nd->inode->i_mode))
2180 if (will_truncate) {
2181 error = mnt_want_write(nd->path.mnt);
2187 error = may_open(&nd->path, acc_mode, open_flag);
2190 filp = nameidata_to_filp(nd);
2191 if (!IS_ERR(filp)) {
2192 error = ima_file_check(filp, op->acc_mode);
2195 filp = ERR_PTR(error);
2198 if (!IS_ERR(filp)) {
2199 if (will_truncate) {
2200 error = handle_truncate(filp);
2203 filp = ERR_PTR(error);
2209 mnt_drop_write(nd->path.mnt);
2210 path_put(&nd->path);
2214 mutex_unlock(&dir->d_inode->i_mutex);
2216 path_put_conditional(path, nd);
2218 filp = ERR_PTR(error);
2222 static struct file *path_openat(int dfd, const char *pathname,
2223 struct nameidata *nd, const struct open_flags *op, int flags)
2225 struct file *base = NULL;
2230 filp = get_empty_filp();
2232 return ERR_PTR(-ENFILE);
2234 filp->f_flags = op->open_flag;
2235 nd->intent.open.file = filp;
2236 nd->intent.open.flags = open_to_namei_flags(op->open_flag);
2237 nd->intent.open.create_mode = op->mode;
2239 error = path_init(dfd, pathname, flags | LOOKUP_PARENT, nd, &base);
2240 if (unlikely(error))
2243 current->total_link_count = 0;
2244 error = link_path_walk(pathname, nd);
2245 if (unlikely(error))
2248 filp = do_last(nd, &path, op, pathname);
2249 while (unlikely(!filp)) { /* trailing symlink */
2250 struct path link = path;
2252 if (!(nd->flags & LOOKUP_FOLLOW)) {
2253 path_put_conditional(&path, nd);
2254 path_put(&nd->path);
2255 filp = ERR_PTR(-ELOOP);
2258 nd->flags |= LOOKUP_PARENT;
2259 nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL);
2260 error = follow_link(&link, nd, &cookie);
2261 if (unlikely(error))
2262 filp = ERR_PTR(error);
2264 filp = do_last(nd, &path, op, pathname);
2265 put_link(nd, &link, cookie);
2268 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT))
2269 path_put(&nd->root);
2272 release_open_intent(nd);
2276 filp = ERR_PTR(error);
2280 struct file *do_filp_open(int dfd, const char *pathname,
2281 const struct open_flags *op, int flags)
2283 struct nameidata nd;
2286 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_RCU);
2287 if (unlikely(filp == ERR_PTR(-ECHILD)))
2288 filp = path_openat(dfd, pathname, &nd, op, flags);
2289 if (unlikely(filp == ERR_PTR(-ESTALE)))
2290 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_REVAL);
2294 struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt,
2295 const char *name, const struct open_flags *op, int flags)
2297 struct nameidata nd;
2301 nd.root.dentry = dentry;
2303 flags |= LOOKUP_ROOT;
2305 if (dentry->d_inode->i_op->follow_link && op->intent & LOOKUP_OPEN)
2306 return ERR_PTR(-ELOOP);
2308 file = path_openat(-1, name, &nd, op, flags | LOOKUP_RCU);
2309 if (unlikely(file == ERR_PTR(-ECHILD)))
2310 file = path_openat(-1, name, &nd, op, flags);
2311 if (unlikely(file == ERR_PTR(-ESTALE)))
2312 file = path_openat(-1, name, &nd, op, flags | LOOKUP_REVAL);
2316 struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path, int is_dir)
2318 struct dentry *dentry = ERR_PTR(-EEXIST);
2319 struct nameidata nd;
2320 int error = do_path_lookup(dfd, pathname, LOOKUP_PARENT, &nd);
2322 return ERR_PTR(error);
2325 * Yucky last component or no last component at all?
2326 * (foo/., foo/.., /////)
2328 if (nd.last_type != LAST_NORM)
2330 nd.flags &= ~LOOKUP_PARENT;
2331 nd.flags |= LOOKUP_CREATE | LOOKUP_EXCL;
2332 nd.intent.open.flags = O_EXCL;
2335 * Do the final lookup.
2337 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2338 dentry = lookup_hash(&nd);
2342 if (dentry->d_inode)
2345 * Special case - lookup gave negative, but... we had foo/bar/
2346 * From the vfs_mknod() POV we just have a negative dentry -
2347 * all is fine. Let's be bastards - you had / on the end, you've
2348 * been asking for (non-existent) directory. -ENOENT for you.
2350 if (unlikely(!is_dir && nd.last.name[nd.last.len])) {
2352 dentry = ERR_PTR(-ENOENT);
2359 dentry = ERR_PTR(-EEXIST);
2361 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2366 EXPORT_SYMBOL(kern_path_create);
2368 struct dentry *user_path_create(int dfd, const char __user *pathname, struct path *path, int is_dir)
2370 char *tmp = getname(pathname);
2373 return ERR_CAST(tmp);
2374 res = kern_path_create(dfd, tmp, path, is_dir);
2378 EXPORT_SYMBOL(user_path_create);
2380 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2382 int error = may_create(dir, dentry);
2387 if ((S_ISCHR(mode) || S_ISBLK(mode)) &&
2388 !ns_capable(inode_userns(dir), CAP_MKNOD))
2391 if (!dir->i_op->mknod)
2394 error = devcgroup_inode_mknod(mode, dev);
2398 error = security_inode_mknod(dir, dentry, mode, dev);
2402 error = dir->i_op->mknod(dir, dentry, mode, dev);
2404 fsnotify_create(dir, dentry);
2408 static int may_mknod(mode_t mode)
2410 switch (mode & S_IFMT) {
2416 case 0: /* zero mode translates to S_IFREG */
2425 SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
2428 struct dentry *dentry;
2435 dentry = user_path_create(dfd, filename, &path, 0);
2437 return PTR_ERR(dentry);
2439 if (!IS_POSIXACL(path.dentry->d_inode))
2440 mode &= ~current_umask();
2441 error = may_mknod(mode);
2444 error = mnt_want_write(path.mnt);
2447 error = security_path_mknod(&path, dentry, mode, dev);
2449 goto out_drop_write;
2450 switch (mode & S_IFMT) {
2451 case 0: case S_IFREG:
2452 error = vfs_create(path.dentry->d_inode,dentry,mode,NULL);
2454 case S_IFCHR: case S_IFBLK:
2455 error = vfs_mknod(path.dentry->d_inode,dentry,mode,
2456 new_decode_dev(dev));
2458 case S_IFIFO: case S_IFSOCK:
2459 error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
2463 mnt_drop_write(path.mnt);
2466 mutex_unlock(&path.dentry->d_inode->i_mutex);
2472 SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev)
2474 return sys_mknodat(AT_FDCWD, filename, mode, dev);
2477 int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
2479 int error = may_create(dir, dentry);
2484 if (!dir->i_op->mkdir)
2487 mode &= (S_IRWXUGO|S_ISVTX);
2488 error = security_inode_mkdir(dir, dentry, mode);
2492 error = dir->i_op->mkdir(dir, dentry, mode);
2494 fsnotify_mkdir(dir, dentry);
2498 SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
2500 struct dentry *dentry;
2504 dentry = user_path_create(dfd, pathname, &path, 1);
2506 return PTR_ERR(dentry);
2508 if (!IS_POSIXACL(path.dentry->d_inode))
2509 mode &= ~current_umask();
2510 error = mnt_want_write(path.mnt);
2513 error = security_path_mkdir(&path, dentry, mode);
2515 goto out_drop_write;
2516 error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
2518 mnt_drop_write(path.mnt);
2521 mutex_unlock(&path.dentry->d_inode->i_mutex);
2526 SYSCALL_DEFINE2(mkdir, const char __user *, pathname, int, mode)
2528 return sys_mkdirat(AT_FDCWD, pathname, mode);
2532 * The dentry_unhash() helper will try to drop the dentry early: we
2533 * should have a usage count of 2 if we're the only user of this
2534 * dentry, and if that is true (possibly after pruning the dcache),
2535 * then we drop the dentry now.
2537 * A low-level filesystem can, if it choses, legally
2540 * if (!d_unhashed(dentry))
2543 * if it cannot handle the case of removing a directory
2544 * that is still in use by something else..
2546 void dentry_unhash(struct dentry *dentry)
2548 shrink_dcache_parent(dentry);
2549 spin_lock(&dentry->d_lock);
2550 if (dentry->d_count == 1)
2552 spin_unlock(&dentry->d_lock);
2555 int vfs_rmdir(struct inode *dir, struct dentry *dentry)
2557 int error = may_delete(dir, dentry, 1);
2562 if (!dir->i_op->rmdir)
2565 mutex_lock(&dentry->d_inode->i_mutex);
2568 if (d_mountpoint(dentry))
2571 error = security_inode_rmdir(dir, dentry);
2575 shrink_dcache_parent(dentry);
2576 error = dir->i_op->rmdir(dir, dentry);
2580 dentry->d_inode->i_flags |= S_DEAD;
2584 mutex_unlock(&dentry->d_inode->i_mutex);
2590 static long do_rmdir(int dfd, const char __user *pathname)
2594 struct dentry *dentry;
2595 struct nameidata nd;
2597 error = user_path_parent(dfd, pathname, &nd, &name);
2601 switch(nd.last_type) {
2613 nd.flags &= ~LOOKUP_PARENT;
2615 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2616 dentry = lookup_hash(&nd);
2617 error = PTR_ERR(dentry);
2620 if (!dentry->d_inode) {
2624 error = mnt_want_write(nd.path.mnt);
2627 error = security_path_rmdir(&nd.path, dentry);
2630 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
2632 mnt_drop_write(nd.path.mnt);
2636 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2643 SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
2645 return do_rmdir(AT_FDCWD, pathname);
2648 int vfs_unlink(struct inode *dir, struct dentry *dentry)
2650 int error = may_delete(dir, dentry, 0);
2655 if (!dir->i_op->unlink)
2658 mutex_lock(&dentry->d_inode->i_mutex);
2659 if (d_mountpoint(dentry))
2662 error = security_inode_unlink(dir, dentry);
2664 error = dir->i_op->unlink(dir, dentry);
2669 mutex_unlock(&dentry->d_inode->i_mutex);
2671 /* We don't d_delete() NFS sillyrenamed files--they still exist. */
2672 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
2673 fsnotify_link_count(dentry->d_inode);
2681 * Make sure that the actual truncation of the file will occur outside its
2682 * directory's i_mutex. Truncate can take a long time if there is a lot of
2683 * writeout happening, and we don't want to prevent access to the directory
2684 * while waiting on the I/O.
2686 static long do_unlinkat(int dfd, const char __user *pathname)
2690 struct dentry *dentry;
2691 struct nameidata nd;
2692 struct inode *inode = NULL;
2694 error = user_path_parent(dfd, pathname, &nd, &name);
2699 if (nd.last_type != LAST_NORM)
2702 nd.flags &= ~LOOKUP_PARENT;
2704 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2705 dentry = lookup_hash(&nd);
2706 error = PTR_ERR(dentry);
2707 if (!IS_ERR(dentry)) {
2708 /* Why not before? Because we want correct error value */
2709 if (nd.last.name[nd.last.len])
2711 inode = dentry->d_inode;
2715 error = mnt_want_write(nd.path.mnt);
2718 error = security_path_unlink(&nd.path, dentry);
2721 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
2723 mnt_drop_write(nd.path.mnt);
2727 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2729 iput(inode); /* truncate the inode here */
2736 error = !dentry->d_inode ? -ENOENT :
2737 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2741 SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
2743 if ((flag & ~AT_REMOVEDIR) != 0)
2746 if (flag & AT_REMOVEDIR)
2747 return do_rmdir(dfd, pathname);
2749 return do_unlinkat(dfd, pathname);
2752 SYSCALL_DEFINE1(unlink, const char __user *, pathname)
2754 return do_unlinkat(AT_FDCWD, pathname);
2757 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
2759 int error = may_create(dir, dentry);
2764 if (!dir->i_op->symlink)
2767 error = security_inode_symlink(dir, dentry, oldname);
2771 error = dir->i_op->symlink(dir, dentry, oldname);
2773 fsnotify_create(dir, dentry);
2777 SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
2778 int, newdfd, const char __user *, newname)
2782 struct dentry *dentry;
2785 from = getname(oldname);
2787 return PTR_ERR(from);
2789 dentry = user_path_create(newdfd, newname, &path, 0);
2790 error = PTR_ERR(dentry);
2794 error = mnt_want_write(path.mnt);
2797 error = security_path_symlink(&path, dentry, from);
2799 goto out_drop_write;
2800 error = vfs_symlink(path.dentry->d_inode, dentry, from);
2802 mnt_drop_write(path.mnt);
2805 mutex_unlock(&path.dentry->d_inode->i_mutex);
2812 SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
2814 return sys_symlinkat(oldname, AT_FDCWD, newname);
2817 int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2819 struct inode *inode = old_dentry->d_inode;
2825 error = may_create(dir, new_dentry);
2829 if (dir->i_sb != inode->i_sb)
2833 * A link to an append-only or immutable file cannot be created.
2835 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2837 if (!dir->i_op->link)
2839 if (S_ISDIR(inode->i_mode))
2842 error = security_inode_link(old_dentry, dir, new_dentry);
2846 mutex_lock(&inode->i_mutex);
2847 /* Make sure we don't allow creating hardlink to an unlinked file */
2848 if (inode->i_nlink == 0)
2851 error = dir->i_op->link(old_dentry, dir, new_dentry);
2852 mutex_unlock(&inode->i_mutex);
2854 fsnotify_link(dir, inode, new_dentry);
2859 * Hardlinks are often used in delicate situations. We avoid
2860 * security-related surprises by not following symlinks on the
2863 * We don't follow them on the oldname either to be compatible
2864 * with linux 2.0, and to avoid hard-linking to directories
2865 * and other special files. --ADM
2867 SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
2868 int, newdfd, const char __user *, newname, int, flags)
2870 struct dentry *new_dentry;
2871 struct path old_path, new_path;
2875 if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
2878 * To use null names we require CAP_DAC_READ_SEARCH
2879 * This ensures that not everyone will be able to create
2880 * handlink using the passed filedescriptor.
2882 if (flags & AT_EMPTY_PATH) {
2883 if (!capable(CAP_DAC_READ_SEARCH))
2888 if (flags & AT_SYMLINK_FOLLOW)
2889 how |= LOOKUP_FOLLOW;
2891 error = user_path_at(olddfd, oldname, how, &old_path);
2895 new_dentry = user_path_create(newdfd, newname, &new_path, 0);
2896 error = PTR_ERR(new_dentry);
2897 if (IS_ERR(new_dentry))
2901 if (old_path.mnt != new_path.mnt)
2903 error = mnt_want_write(new_path.mnt);
2906 error = security_path_link(old_path.dentry, &new_path, new_dentry);
2908 goto out_drop_write;
2909 error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry);
2911 mnt_drop_write(new_path.mnt);
2914 mutex_unlock(&new_path.dentry->d_inode->i_mutex);
2915 path_put(&new_path);
2917 path_put(&old_path);
2922 SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
2924 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
2928 * The worst of all namespace operations - renaming directory. "Perverted"
2929 * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
2931 * a) we can get into loop creation. Check is done in is_subdir().
2932 * b) race potential - two innocent renames can create a loop together.
2933 * That's where 4.4 screws up. Current fix: serialization on
2934 * sb->s_vfs_rename_mutex. We might be more accurate, but that's another
2936 * c) we have to lock _three_ objects - parents and victim (if it exists).
2937 * And that - after we got ->i_mutex on parents (until then we don't know
2938 * whether the target exists). Solution: try to be smart with locking
2939 * order for inodes. We rely on the fact that tree topology may change
2940 * only under ->s_vfs_rename_mutex _and_ that parent of the object we
2941 * move will be locked. Thus we can rank directories by the tree
2942 * (ancestors first) and rank all non-directories after them.
2943 * That works since everybody except rename does "lock parent, lookup,
2944 * lock child" and rename is under ->s_vfs_rename_mutex.
2945 * HOWEVER, it relies on the assumption that any object with ->lookup()
2946 * has no more than 1 dentry. If "hybrid" objects will ever appear,
2947 * we'd better make sure that there's no link(2) for them.
2948 * d) conversion from fhandle to dentry may come in the wrong moment - when
2949 * we are removing the target. Solution: we will have to grab ->i_mutex
2950 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
2951 * ->i_mutex on parents, which works but leads to some truly excessive
2954 static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
2955 struct inode *new_dir, struct dentry *new_dentry)
2958 struct inode *target = new_dentry->d_inode;
2961 * If we are going to change the parent - check write permissions,
2962 * we'll need to flip '..'.
2964 if (new_dir != old_dir) {
2965 error = inode_permission(old_dentry->d_inode, MAY_WRITE);
2970 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2975 mutex_lock(&target->i_mutex);
2978 if (d_mountpoint(old_dentry) || d_mountpoint(new_dentry))
2982 shrink_dcache_parent(new_dentry);
2983 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2988 target->i_flags |= S_DEAD;
2989 dont_mount(new_dentry);
2993 mutex_unlock(&target->i_mutex);
2995 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
2996 d_move(old_dentry,new_dentry);
3000 static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
3001 struct inode *new_dir, struct dentry *new_dentry)
3003 struct inode *target = new_dentry->d_inode;
3006 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3012 mutex_lock(&target->i_mutex);
3015 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
3018 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3023 dont_mount(new_dentry);
3024 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3025 d_move(old_dentry, new_dentry);
3028 mutex_unlock(&target->i_mutex);
3033 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
3034 struct inode *new_dir, struct dentry *new_dentry)
3037 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
3038 const unsigned char *old_name;
3040 if (old_dentry->d_inode == new_dentry->d_inode)
3043 error = may_delete(old_dir, old_dentry, is_dir);
3047 if (!new_dentry->d_inode)
3048 error = may_create(new_dir, new_dentry);
3050 error = may_delete(new_dir, new_dentry, is_dir);
3054 if (!old_dir->i_op->rename)
3057 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
3060 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
3062 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
3064 fsnotify_move(old_dir, new_dir, old_name, is_dir,
3065 new_dentry->d_inode, old_dentry);
3066 fsnotify_oldname_free(old_name);
3071 SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3072 int, newdfd, const char __user *, newname)
3074 struct dentry *old_dir, *new_dir;
3075 struct dentry *old_dentry, *new_dentry;
3076 struct dentry *trap;
3077 struct nameidata oldnd, newnd;
3082 error = user_path_parent(olddfd, oldname, &oldnd, &from);
3086 error = user_path_parent(newdfd, newname, &newnd, &to);
3091 if (oldnd.path.mnt != newnd.path.mnt)
3094 old_dir = oldnd.path.dentry;
3096 if (oldnd.last_type != LAST_NORM)
3099 new_dir = newnd.path.dentry;
3100 if (newnd.last_type != LAST_NORM)
3103 oldnd.flags &= ~LOOKUP_PARENT;
3104 newnd.flags &= ~LOOKUP_PARENT;
3105 newnd.flags |= LOOKUP_RENAME_TARGET;
3107 trap = lock_rename(new_dir, old_dir);
3109 old_dentry = lookup_hash(&oldnd);
3110 error = PTR_ERR(old_dentry);
3111 if (IS_ERR(old_dentry))
3113 /* source must exist */
3115 if (!old_dentry->d_inode)
3117 /* unless the source is a directory trailing slashes give -ENOTDIR */
3118 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
3120 if (oldnd.last.name[oldnd.last.len])
3122 if (newnd.last.name[newnd.last.len])
3125 /* source should not be ancestor of target */
3127 if (old_dentry == trap)
3129 new_dentry = lookup_hash(&newnd);
3130 error = PTR_ERR(new_dentry);
3131 if (IS_ERR(new_dentry))
3133 /* target should not be an ancestor of source */
3135 if (new_dentry == trap)
3138 error = mnt_want_write(oldnd.path.mnt);
3141 error = security_path_rename(&oldnd.path, old_dentry,
3142 &newnd.path, new_dentry);
3145 error = vfs_rename(old_dir->d_inode, old_dentry,
3146 new_dir->d_inode, new_dentry);
3148 mnt_drop_write(oldnd.path.mnt);
3154 unlock_rename(new_dir, old_dir);
3156 path_put(&newnd.path);
3159 path_put(&oldnd.path);
3165 SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
3167 return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname);
3170 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
3174 len = PTR_ERR(link);
3179 if (len > (unsigned) buflen)
3181 if (copy_to_user(buffer, link, len))
3188 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
3189 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
3190 * using) it for any given inode is up to filesystem.
3192 int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3194 struct nameidata nd;
3199 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
3201 return PTR_ERR(cookie);
3203 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
3204 if (dentry->d_inode->i_op->put_link)
3205 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
3209 int vfs_follow_link(struct nameidata *nd, const char *link)
3211 return __vfs_follow_link(nd, link);
3214 /* get the link contents into pagecache */
3215 static char *page_getlink(struct dentry * dentry, struct page **ppage)
3219 struct address_space *mapping = dentry->d_inode->i_mapping;
3220 page = read_mapping_page(mapping, 0, NULL);
3225 nd_terminate_link(kaddr, dentry->d_inode->i_size, PAGE_SIZE - 1);
3229 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3231 struct page *page = NULL;
3232 char *s = page_getlink(dentry, &page);
3233 int res = vfs_readlink(dentry,buffer,buflen,s);
3236 page_cache_release(page);
3241 void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
3243 struct page *page = NULL;
3244 nd_set_link(nd, page_getlink(dentry, &page));
3248 void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
3250 struct page *page = cookie;
3254 page_cache_release(page);
3259 * The nofs argument instructs pagecache_write_begin to pass AOP_FLAG_NOFS
3261 int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
3263 struct address_space *mapping = inode->i_mapping;
3268 unsigned int flags = AOP_FLAG_UNINTERRUPTIBLE;
3270 flags |= AOP_FLAG_NOFS;
3273 err = pagecache_write_begin(NULL, mapping, 0, len-1,
3274 flags, &page, &fsdata);
3278 kaddr = kmap_atomic(page, KM_USER0);
3279 memcpy(kaddr, symname, len-1);
3280 kunmap_atomic(kaddr, KM_USER0);
3282 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
3289 mark_inode_dirty(inode);
3295 int page_symlink(struct inode *inode, const char *symname, int len)
3297 return __page_symlink(inode, symname, len,
3298 !(mapping_gfp_mask(inode->i_mapping) & __GFP_FS));
3301 const struct inode_operations page_symlink_inode_operations = {
3302 .readlink = generic_readlink,
3303 .follow_link = page_follow_link_light,
3304 .put_link = page_put_link,
3307 EXPORT_SYMBOL(user_path_at);
3308 EXPORT_SYMBOL(follow_down_one);
3309 EXPORT_SYMBOL(follow_down);
3310 EXPORT_SYMBOL(follow_up);
3311 EXPORT_SYMBOL(get_write_access); /* binfmt_aout */
3312 EXPORT_SYMBOL(getname);
3313 EXPORT_SYMBOL(lock_rename);
3314 EXPORT_SYMBOL(lookup_one_len);
3315 EXPORT_SYMBOL(page_follow_link_light);
3316 EXPORT_SYMBOL(page_put_link);
3317 EXPORT_SYMBOL(page_readlink);
3318 EXPORT_SYMBOL(__page_symlink);
3319 EXPORT_SYMBOL(page_symlink);
3320 EXPORT_SYMBOL(page_symlink_inode_operations);
3321 EXPORT_SYMBOL(kern_path);
3322 EXPORT_SYMBOL(vfs_path_lookup);
3323 EXPORT_SYMBOL(inode_permission);
3324 EXPORT_SYMBOL(unlock_rename);
3325 EXPORT_SYMBOL(vfs_create);
3326 EXPORT_SYMBOL(vfs_follow_link);
3327 EXPORT_SYMBOL(vfs_link);
3328 EXPORT_SYMBOL(vfs_mkdir);
3329 EXPORT_SYMBOL(vfs_mknod);
3330 EXPORT_SYMBOL(generic_permission);
3331 EXPORT_SYMBOL(vfs_readlink);
3332 EXPORT_SYMBOL(vfs_rename);
3333 EXPORT_SYMBOL(vfs_rmdir);
3334 EXPORT_SYMBOL(vfs_symlink);
3335 EXPORT_SYMBOL(vfs_unlink);
3336 EXPORT_SYMBOL(dentry_unhash);
3337 EXPORT_SYMBOL(generic_readlink);
git.openpandora.org / pandora-kernel.git / blob