projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
lib/sha1.c: quiet sparse noise about symbol not declared
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / fs / namei.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/fs/namei.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * Some corrections by tytso.
9 */
10
11/* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
12 * lookup logic.
13 */
14/* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
15 */
16
17#include <linux/init.h>
18#include <linux/module.h>
19#include <linux/slab.h>
20#include <linux/fs.h>
21#include <linux/namei.h>
1da177e4 22#include <linux/pagemap.h>
0eeca283 23#include <linux/fsnotify.h>
1da177e4
LT		 24#include <linux/personality.h>
25#include <linux/security.h>
6146f0d5 26#include <linux/ima.h>
1da177e4
LT		 27#include <linux/syscalls.h>
28#include <linux/mount.h>
29#include <linux/audit.h>
16f7e0fe 30#include <linux/capability.h>
834f2a4a 31#include <linux/file.h>
5590ff0d 32#include <linux/fcntl.h>
08ce5f16 33#include <linux/device_cgroup.h>
5ad4e53b 34#include <linux/fs_struct.h>
e77819e5 35#include <linux/posix_acl.h>
1da177e4
LT		 36#include <asm/uaccess.h>
37
e81e3f4d
EP		 38#include "internal.h"
39
1da177e4
LT		 40/* [Feb-1997 T. Schoebel-Theuer]
41 * Fundamental changes in the pathname lookup mechanisms (namei)
42 * were necessary because of omirr. The reason is that omirr needs
43 * to know the _real_ pathname, not the user-supplied one, in case
44 * of symlinks (and also when transname replacements occur).
45 *
46 * The new code replaces the old recursive symlink resolution with
47 * an iterative one (in case of non-nested symlink chains). It does
48 * this with calls to <fs>_follow_link().
49 * As a side effect, dir_namei(), _namei() and follow_link() are now
50 * replaced with a single function lookup_dentry() that can handle all
51 * the special cases of the former code.
52 *
53 * With the new dcache, the pathname is stored at each inode, at least as
54 * long as the refcount of the inode is positive. As a side effect, the
55 * size of the dcache depends on the inode cache and thus is dynamic.
56 *
57 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
58 * resolution to correspond with current state of the code.
59 *
60 * Note that the symlink resolution is not *completely* iterative.
61 * There is still a significant amount of tail- and mid- recursion in
62 * the algorithm. Also, note that <fs>_readlink() is not used in
63 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
64 * may return different results than <fs>_follow_link(). Many virtual
65 * filesystems (including /proc) exhibit this behavior.
66 */
67
68/* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
69 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
70 * and the name already exists in form of a symlink, try to create the new
71 * name indicated by the symlink. The old code always complained that the
72 * name already exists, due to not following the symlink even if its target
73 * is nonexistent. The new semantics affects also mknod() and link() when
25985edc 74 * the name is a symlink pointing to a non-existent name.
1da177e4
LT		 75 *
76 * I don't know which semantics is the right one, since I have no access
77 * to standards. But I found by trial that HP-UX 9.0 has the full "new"
78 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
79 * "old" one. Personally, I think the new semantics is much more logical.
80 * Note that "ln old new" where "new" is a symlink pointing to a non-existing
81 * file does succeed in both HP-UX and SunOs, but not in Solaris
82 * and in the old Linux semantics.
83 */
84
85/* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
86 * semantics. See the comments in "open_namei" and "do_link" below.
87 *
88 * [10-Sep-98 Alan Modra] Another symlink change.
89 */
90
91/* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
92 * inside the path - always follow.
93 * in the last component in creation/removal/renaming - never follow.
94 * if LOOKUP_FOLLOW passed - follow.
95 * if the pathname has trailing slashes - follow.
96 * otherwise - don't follow.
97 * (applied in that order).
98 *
99 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
100 * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
101 * During the 2.4 we need to fix the userland stuff depending on it -
102 * hopefully we will be able to get rid of that wart in 2.5. So far only
103 * XEmacs seems to be relying on it...
104 */
105/*
106 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
a11f3a05 107 * implemented. Let's see if raised priority of ->s_vfs_rename_mutex gives
1da177e4
LT		 108 * any extra contention...
109 */
110
111/* In order to reduce some races, while at the same time doing additional
112 * checking and hopefully speeding things up, we copy filenames to the
113 * kernel data space before using them..
114 *
115 * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
116 * PATH_MAX includes the nul terminator --RR.
117 */
858119e1 118static int do_getname(const char __user *filename, char *page)
1da177e4
LT		 119{
120 int retval;
121 unsigned long len = PATH_MAX;
122
123 if (!segment_eq(get_fs(), KERNEL_DS)) {
124 if ((unsigned long) filename >= TASK_SIZE)
125 return -EFAULT;
126 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
127 len = TASK_SIZE - (unsigned long) filename;
128 }
129
130 retval = strncpy_from_user(page, filename, len);
131 if (retval > 0) {
132 if (retval < len)
133 return 0;
134 return -ENAMETOOLONG;
135 } else if (!retval)
136 retval = -ENOENT;
137 return retval;
138}
139
f52e0c11 140static char *getname_flags(const char __user * filename, int flags)
1da177e4
LT		 141{
142 char *tmp, *result;
143
144 result = ERR_PTR(-ENOMEM);
145 tmp = __getname();
146 if (tmp) {
147 int retval = do_getname(filename, tmp);
148
149 result = tmp;
150 if (retval < 0) {
f52e0c11
AV		 151 if (retval != -ENOENT || !(flags & LOOKUP_EMPTY)) {
152 __putname(tmp);
153 result = ERR_PTR(retval);
154 }
1da177e4
LT		 155 }
156 }
157 audit_getname(result);
158 return result;
159}
160
f52e0c11
AV		 161char *getname(const char __user * filename)
162{
163 return getname_flags(filename, 0);
164}
165
1da177e4
LT		 166#ifdef CONFIG_AUDITSYSCALL
167void putname(const char *name)
168{
5ac3a9c2 169 if (unlikely(!audit_dummy_context()))
1da177e4
LT		 170 audit_putname(name);
171 else
172 __putname(name);
173}
174EXPORT_SYMBOL(putname);
175#endif
176
e77819e5
LT		 177static int check_acl(struct inode *inode, int mask)
178{
84635d68 179#ifdef CONFIG_FS_POSIX_ACL
e77819e5
LT		 180 struct posix_acl *acl;
181
e77819e5 182 if (mask & MAY_NOT_BLOCK) {
3567866b
AV		 183 acl = get_cached_acl_rcu(inode, ACL_TYPE_ACCESS);
184 if (!acl)
e77819e5 185 return -EAGAIN;
3567866b
AV		 186 /* no ->get_acl() calls in RCU mode... */
187 if (acl == ACL_NOT_CACHED)
188 return -ECHILD;
206b1d09 189 return posix_acl_permission(inode, acl, mask & ~MAY_NOT_BLOCK);
e77819e5
LT		 190 }
191
192 acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
193
194 /*
4e34e719
CH		 195 * A filesystem can force a ACL callback by just never filling the
196 * ACL cache. But normally you'd fill the cache either at inode
197 * instantiation time, or on the first ->get_acl call.
e77819e5 198 *
4e34e719
CH		 199 * If the filesystem doesn't have a get_acl() function at all, we'll
200 * just create the negative cache entry.
e77819e5
LT		 201 */
202 if (acl == ACL_NOT_CACHED) {
4e34e719
CH		 203 if (inode->i_op->get_acl) {
204 acl = inode->i_op->get_acl(inode, ACL_TYPE_ACCESS);
205 if (IS_ERR(acl))
206 return PTR_ERR(acl);
207 } else {
208 set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
209 return -EAGAIN;
210 }
e77819e5
LT		 211 }
212
213 if (acl) {
214 int error = posix_acl_permission(inode, acl, mask);
215 posix_acl_release(acl);
216 return error;
217 }
84635d68 218#endif
e77819e5
LT		 219
220 return -EAGAIN;
221}
222
5909ccaa
LT		 223/*
224 * This does basic POSIX ACL permission checking
1da177e4 225 */
7e40145e 226static int acl_permission_check(struct inode *inode, int mask)
1da177e4 227{
26cf46be 228 unsigned int mode = inode->i_mode;
1da177e4 229
9c2c7039 230 mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK;
e6305c43 231
e795b717
SH		 232 if (current_user_ns() != inode_userns(inode))
233 goto other_perms;
234
14067ff5 235 if (likely(current_fsuid() == inode->i_uid))
1da177e4
LT		 236 mode >>= 6;
237 else {
e77819e5 238 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
7e40145e 239 int error = check_acl(inode, mask);
b74c79e9
NP		 240 if (error != -EAGAIN)
241 return error;
1da177e4
LT		 242 }
243
244 if (in_group_p(inode->i_gid))
245 mode >>= 3;
246 }
247
e795b717 248other_perms:
1da177e4
LT		 249 /*
250 * If the DACs are ok we don't need any capability check.
251 */
9c2c7039 252 if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
1da177e4 253 return 0;
5909ccaa
LT		 254 return -EACCES;
255}
256
257/**
b74c79e9 258 * generic_permission - check for access rights on a Posix-like filesystem
5909ccaa
LT		 259 * @inode: inode to check access rights for
260 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
5909ccaa
LT		 261 *
262 * Used to check for read/write/execute permissions on a file.
263 * We use "fsuid" for this, letting us set arbitrary permissions
264 * for filesystem access without changing the "normal" uids which
b74c79e9
NP		 265 * are used for other things.
266 *
267 * generic_permission is rcu-walk aware. It returns -ECHILD in case an rcu-walk
268 * request cannot be satisfied (eg. requires blocking or too much complexity).
269 * It would then be called again in ref-walk mode.
5909ccaa 270 */
2830ba7f 271int generic_permission(struct inode *inode, int mask)
5909ccaa
LT		 272{
273 int ret;
274
275 /*
276 * Do the basic POSIX ACL permission checks.
277 */
7e40145e 278 ret = acl_permission_check(inode, mask);
5909ccaa
LT		 279 if (ret != -EACCES)
280 return ret;
1da177e4 281
d594e7ec
AV		 282 if (S_ISDIR(inode->i_mode)) {
283 /* DACs are overridable for directories */
284 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
285 return 0;
286 if (!(mask & MAY_WRITE))
287 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
288 return 0;
289 return -EACCES;
290 }
1da177e4
LT		 291 /*
292 * Read/write DACs are always overridable.
d594e7ec
AV		 293 * Executable DACs are overridable when there is
294 * at least one exec bit set.
1da177e4 295 */
d594e7ec 296 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
e795b717 297 if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
1da177e4
LT		 298 return 0;
299
300 /*
301 * Searching includes executable on directories, else just read.
302 */
7ea66001 303 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
d594e7ec 304 if (mask == MAY_READ)
e795b717 305 if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
1da177e4
LT		 306 return 0;
307
308 return -EACCES;
309}
310
3ddcd056
LT		 311/*
312 * We _really_ want to just do "generic_permission()" without
313 * even looking at the inode->i_op values. So we keep a cache
314 * flag in inode->i_opflags, that says "this has not special
315 * permission function, use the fast case".
316 */
317static inline int do_inode_permission(struct inode *inode, int mask)
318{
319 if (unlikely(!(inode->i_opflags & IOP_FASTPERM))) {
320 if (likely(inode->i_op->permission))
321 return inode->i_op->permission(inode, mask);
322
323 /* This gets set once for the inode lifetime */
324 spin_lock(&inode->i_lock);
325 inode->i_opflags |= IOP_FASTPERM;
326 spin_unlock(&inode->i_lock);
327 }
328 return generic_permission(inode, mask);
329}
330
cb23beb5
CH		 331/**
332 * inode_permission - check for access rights to a given inode
333 * @inode: inode to check permission on
334 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
335 *
336 * Used to check for read/write/execute permissions on an inode.
337 * We use "fsuid" for this, letting us set arbitrary permissions
338 * for filesystem access without changing the "normal" uids which
339 * are used for other things.
340 */
f419a2e3 341int inode_permission(struct inode *inode, int mask)
1da177e4 342{
e6305c43 343 int retval;
1da177e4 344
3ddcd056 345 if (unlikely(mask & MAY_WRITE)) {
22590e41 346 umode_t mode = inode->i_mode;
1da177e4
LT		 347
348 /*
349 * Nobody gets write access to a read-only fs.
350 */
351 if (IS_RDONLY(inode) &&
352 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
353 return -EROFS;
354
355 /*
356 * Nobody gets write access to an immutable file.
357 */
358 if (IS_IMMUTABLE(inode))
359 return -EACCES;
360 }
361
3ddcd056 362 retval = do_inode_permission(inode, mask);
1da177e4
LT		 363 if (retval)
364 return retval;
365
08ce5f16
SH		 366 retval = devcgroup_inode_permission(inode, mask);
367 if (retval)
368 return retval;
369
d09ca739 370 return security_inode_permission(inode, mask);
1da177e4
LT		 371}
372
5dd784d0
JB		 373/**
374 * path_get - get a reference to a path
375 * @path: path to get the reference to
376 *
377 * Given a path increment the reference count to the dentry and the vfsmount.
378 */
379void path_get(struct path *path)
380{
381 mntget(path->mnt);
382 dget(path->dentry);
383}
384EXPORT_SYMBOL(path_get);
385
1d957f9b
JB		 386/**
387 * path_put - put a reference to a path
388 * @path: path to put the reference to
389 *
390 * Given a path decrement the reference count to the dentry and the vfsmount.
391 */
392void path_put(struct path *path)
1da177e4 393{
1d957f9b
JB		 394 dput(path->dentry);
395 mntput(path->mnt);
1da177e4 396}
1d957f9b 397EXPORT_SYMBOL(path_put);
1da177e4 398
19660af7 399/*
31e6b01f 400 * Path walking has 2 modes, rcu-walk and ref-walk (see
19660af7
AV		 401 * Documentation/filesystems/path-lookup.txt). In situations when we can't
402 * continue in RCU mode, we attempt to drop out of rcu-walk mode and grab
403 * normal reference counts on dentries and vfsmounts to transition to rcu-walk
404 * mode. Refcounts are grabbed at the last known good point before rcu-walk
405 * got stuck, so ref-walk may continue from there. If this is not successful
406 * (eg. a seqcount has changed), then failure is returned and it's up to caller
407 * to restart the path walk from the beginning in ref-walk mode.
31e6b01f 408 */
31e6b01f
NP		 409
410/**
19660af7
AV		 411 * unlazy_walk - try to switch to ref-walk mode.
412 * @nd: nameidata pathwalk data
413 * @dentry: child of nd->path.dentry or NULL
39191628 414 * Returns: 0 on success, -ECHILD on failure
31e6b01f 415 *
19660af7
AV		 416 * unlazy_walk attempts to legitimize the current nd->path, nd->root and dentry
417 * for ref-walk mode. @dentry must be a path found by a do_lookup call on
418 * @nd or NULL. Must be called from rcu-walk context.
31e6b01f 419 */
19660af7 420static int unlazy_walk(struct nameidata *nd, struct dentry *dentry)
31e6b01f
NP		 421{
422 struct fs_struct *fs = current->fs;
423 struct dentry *parent = nd->path.dentry;
5b6ca027 424 int want_root = 0;
31e6b01f
NP		 425
426 BUG_ON(!(nd->flags & LOOKUP_RCU));
5b6ca027
AV		 427 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
428 want_root = 1;
31e6b01f
NP		 429 spin_lock(&fs->lock);
430 if (nd->root.mnt != fs->root.mnt ||
431 nd->root.dentry != fs->root.dentry)
432 goto err_root;
433 }
434 spin_lock(&parent->d_lock);
19660af7
AV		 435 if (!dentry) {
436 if (!__d_rcu_to_refcount(parent, nd->seq))
437 goto err_parent;
438 BUG_ON(nd->inode != parent->d_inode);
439 } else {
94c0d4ec
AV		 440 if (dentry->d_parent != parent)
441 goto err_parent;
19660af7
AV		 442 spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
443 if (!__d_rcu_to_refcount(dentry, nd->seq))
444 goto err_child;
445 /*
446 * If the sequence check on the child dentry passed, then
447 * the child has not been removed from its parent. This
448 * means the parent dentry must be valid and able to take
449 * a reference at this point.
450 */
451 BUG_ON(!IS_ROOT(dentry) && dentry->d_parent != parent);
452 BUG_ON(!parent->d_count);
453 parent->d_count++;
454 spin_unlock(&dentry->d_lock);
455 }
31e6b01f 456 spin_unlock(&parent->d_lock);
5b6ca027 457 if (want_root) {
31e6b01f
NP		 458 path_get(&nd->root);
459 spin_unlock(&fs->lock);
460 }
461 mntget(nd->path.mnt);
462
463 rcu_read_unlock();
464 br_read_unlock(vfsmount_lock);
465 nd->flags &= ~LOOKUP_RCU;
466 return 0;
19660af7
AV		 467
468err_child:
31e6b01f 469 spin_unlock(&dentry->d_lock);
19660af7 470err_parent:
31e6b01f
NP		 471 spin_unlock(&parent->d_lock);
472err_root:
5b6ca027 473 if (want_root)
31e6b01f
NP		 474 spin_unlock(&fs->lock);
475 return -ECHILD;
476}
477
834f2a4a
TM		 478/**
479 * release_open_intent - free up open intent resources
480 * @nd: pointer to nameidata
481 */
482void release_open_intent(struct nameidata *nd)
483{
2dab5974
LT		 484 struct file *file = nd->intent.open.file;
485
486 if (file && !IS_ERR(file)) {
487 if (file->f_path.dentry == NULL)
488 put_filp(file);
489 else
490 fput(file);
491 }
834f2a4a
TM		 492}
493
f60aef7e 494static inline int d_revalidate(struct dentry *dentry, struct nameidata *nd)
34286d66 495{
f60aef7e 496 return dentry->d_op->d_revalidate(dentry, nd);
34286d66
NP		 497}
498
9f1fafee
AV		 499/**
500 * complete_walk - successful completion of path walk
501 * @nd: pointer nameidata
39159de2 502 *
9f1fafee
AV		 503 * If we had been in RCU mode, drop out of it and legitimize nd->path.
504 * Revalidate the final result, unless we'd already done that during
505 * the path walk or the filesystem doesn't ask for it. Return 0 on
506 * success, -error on failure. In case of failure caller does not
507 * need to drop nd->path.
39159de2 508 */
9f1fafee 509static int complete_walk(struct nameidata *nd)
39159de2 510{
16c2cd71 511 struct dentry *dentry = nd->path.dentry;
39159de2 512 int status;
39159de2 513
9f1fafee
AV		 514 if (nd->flags & LOOKUP_RCU) {
515 nd->flags &= ~LOOKUP_RCU;
516 if (!(nd->flags & LOOKUP_ROOT))
517 nd->root.mnt = NULL;
518 spin_lock(&dentry->d_lock);
519 if (unlikely(!__d_rcu_to_refcount(dentry, nd->seq))) {
520 spin_unlock(&dentry->d_lock);
521 rcu_read_unlock();
522 br_read_unlock(vfsmount_lock);
523 return -ECHILD;
524 }
525 BUG_ON(nd->inode != dentry->d_inode);
526 spin_unlock(&dentry->d_lock);
527 mntget(nd->path.mnt);
528 rcu_read_unlock();
529 br_read_unlock(vfsmount_lock);
530 }
531
16c2cd71
AV		 532 if (likely(!(nd->flags & LOOKUP_JUMPED)))
533 return 0;
534
535 if (likely(!(dentry->d_flags & DCACHE_OP_REVALIDATE)))
39159de2
JL		 536 return 0;
537
16c2cd71
AV		 538 if (likely(!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)))
539 return 0;
540
541 /* Note: we do not d_invalidate() */
34286d66 542 status = d_revalidate(dentry, nd);
39159de2
JL		 543 if (status > 0)
544 return 0;
545
16c2cd71 546 if (!status)
39159de2 547 status = -ESTALE;
16c2cd71 548
9f1fafee 549 path_put(&nd->path);
39159de2
JL		 550 return status;
551}
552
2a737871
AV		 553static __always_inline void set_root(struct nameidata *nd)
554{
f7ad3c6b
MS		 555 if (!nd->root.mnt)
556 get_fs_root(current->fs, &nd->root);
2a737871
AV		 557}
558
6de88d72
AV		 559static int link_path_walk(const char *, struct nameidata *);
560
31e6b01f
NP		 561static __always_inline void set_root_rcu(struct nameidata *nd)
562{
563 if (!nd->root.mnt) {
564 struct fs_struct *fs = current->fs;
c28cc364
NP		 565 unsigned seq;
566
567 do {
568 seq = read_seqcount_begin(&fs->seq);
569 nd->root = fs->root;
c1530019 570 nd->seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
c28cc364 571 } while (read_seqcount_retry(&fs->seq, seq));
31e6b01f
NP		 572 }
573}
574
f1662356 575static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
1da177e4 576{
31e6b01f
NP		 577 int ret;
578
1da177e4
LT		 579 if (IS_ERR(link))
580 goto fail;
581
582 if (*link == '/') {
2a737871 583 set_root(nd);
1d957f9b 584 path_put(&nd->path);
2a737871
AV		 585 nd->path = nd->root;
586 path_get(&nd->root);
16c2cd71 587 nd->flags |= LOOKUP_JUMPED;
1da177e4 588 }
31e6b01f 589 nd->inode = nd->path.dentry->d_inode;
b4091d5f 590
31e6b01f
NP		 591 ret = link_path_walk(link, nd);
592 return ret;
1da177e4 593fail:
1d957f9b 594 path_put(&nd->path);
1da177e4
LT		 595 return PTR_ERR(link);
596}
597
1d957f9b 598static void path_put_conditional(struct path *path, struct nameidata *nd)
051d3812
IK		 599{
600 dput(path->dentry);
4ac91378 601 if (path->mnt != nd->path.mnt)
051d3812
IK		 602 mntput(path->mnt);
603}
604
7b9337aa
NP		 605static inline void path_to_nameidata(const struct path *path,
606 struct nameidata *nd)
051d3812 607{
31e6b01f
NP		 608 if (!(nd->flags & LOOKUP_RCU)) {
609 dput(nd->path.dentry);
610 if (nd->path.mnt != path->mnt)
611 mntput(nd->path.mnt);
9a229683 612 }
31e6b01f 613 nd->path.mnt = path->mnt;
4ac91378 614 nd->path.dentry = path->dentry;
051d3812
IK		 615}
616
574197e0
AV		 617static inline void put_link(struct nameidata *nd, struct path *link, void *cookie)
618{
619 struct inode *inode = link->dentry->d_inode;
620 if (!IS_ERR(cookie) && inode->i_op->put_link)
621 inode->i_op->put_link(link->dentry, nd, cookie);
622 path_put(link);
623}
624
def4af30 625static __always_inline int
574197e0 626follow_link(struct path *link, struct nameidata *nd, void **p)
1da177e4
LT		 627{
628 int error;
7b9337aa 629 struct dentry *dentry = link->dentry;
1da177e4 630
844a3917
AV		 631 BUG_ON(nd->flags & LOOKUP_RCU);
632
0e794589
AV		 633 if (link->mnt == nd->path.mnt)
634 mntget(link->mnt);
635
574197e0
AV		 636 if (unlikely(current->total_link_count >= 40)) {
637 *p = ERR_PTR(-ELOOP); /* no ->put_link(), please */
574197e0
AV		 638 path_put(&nd->path);
639 return -ELOOP;
640 }
641 cond_resched();
642 current->total_link_count++;
643
7b9337aa 644 touch_atime(link->mnt, dentry);
1da177e4 645 nd_set_link(nd, NULL);
cd4e91d3 646
36f3b4f6
AV		 647 error = security_inode_follow_link(link->dentry, nd);
648 if (error) {
649 *p = ERR_PTR(error); /* no ->put_link(), please */
650 path_put(&nd->path);
651 return error;
652 }
653
86acdca1 654 nd->last_type = LAST_BIND;
def4af30
AV		 655 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
656 error = PTR_ERR(*p);
657 if (!IS_ERR(*p)) {
1da177e4 658 char *s = nd_get_link(nd);
cc314eef 659 error = 0;
1da177e4
LT		 660 if (s)
661 error = __vfs_follow_link(nd, s);
bcda7652 662 else if (nd->last_type == LAST_BIND) {
16c2cd71 663 nd->flags |= LOOKUP_JUMPED;
b21041d0
AV		 664 nd->inode = nd->path.dentry->d_inode;
665 if (nd->inode->i_op->follow_link) {
bcda7652
AV		 666 /* stepped on a _really_ weird one */
667 path_put(&nd->path);
668 error = -ELOOP;
669 }
670 }
1da177e4 671 }
1da177e4
LT		 672 return error;
673}
674
31e6b01f
NP		 675static int follow_up_rcu(struct path *path)
676{
677 struct vfsmount *parent;
678 struct dentry *mountpoint;
679
680 parent = path->mnt->mnt_parent;
681 if (parent == path->mnt)
682 return 0;
683 mountpoint = path->mnt->mnt_mountpoint;
684 path->dentry = mountpoint;
685 path->mnt = parent;
686 return 1;
687}
688
bab77ebf 689int follow_up(struct path *path)
1da177e4
LT		 690{
691 struct vfsmount *parent;
692 struct dentry *mountpoint;
99b7db7b
NP		 693
694 br_read_lock(vfsmount_lock);
bab77ebf
AV		 695 parent = path->mnt->mnt_parent;
696 if (parent == path->mnt) {
99b7db7b 697 br_read_unlock(vfsmount_lock);
1da177e4
LT		 698 return 0;
699 }
700 mntget(parent);
bab77ebf 701 mountpoint = dget(path->mnt->mnt_mountpoint);
99b7db7b 702 br_read_unlock(vfsmount_lock);
bab77ebf
AV		 703 dput(path->dentry);
704 path->dentry = mountpoint;
705 mntput(path->mnt);
706 path->mnt = parent;
1da177e4
LT		 707 return 1;
708}
709
b5c84bf6 710/*
9875cf80
DH		 711 * Perform an automount
712 * - return -EISDIR to tell follow_managed() to stop and return the path we
713 * were called with.
1da177e4 714 */
9875cf80
DH		 715static int follow_automount(struct path *path, unsigned flags,
716 bool *need_mntput)
31e6b01f 717{
9875cf80 718 struct vfsmount *mnt;
ea5b778a 719 int err;
9875cf80
DH		 720
721 if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
722 return -EREMOTE;
723
6f45b656
DH		 724 /* We don't want to mount if someone supplied AT_NO_AUTOMOUNT
725 * and this is the terminal part of the path.
726 */
49084c3b 727 if ((flags & LOOKUP_NO_AUTOMOUNT) && !(flags & LOOKUP_PARENT))
6f45b656
DH		 728 return -EISDIR; /* we actually want to stop here */
729
0ec26fd0
MS		 730 /* We don't want to mount if someone's just doing a stat -
731 * unless they're stat'ing a directory and appended a '/' to
732 * the name.
733 *
734 * We do, however, want to mount if someone wants to open or
735 * create a file of any type under the mountpoint, wants to
736 * traverse through the mountpoint or wants to open the
737 * mounted directory. Also, autofs may mark negative dentries
738 * as being automount points. These will need the attentions
739 * of the daemon to instantiate them before they can be used.
9875cf80 740 */
0ec26fd0
MS		 741 if (!(flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY |
742 LOOKUP_OPEN | LOOKUP_CREATE)) &&
743 path->dentry->d_inode)
744 return -EISDIR;
745
9875cf80
DH		 746 current->total_link_count++;
747 if (current->total_link_count >= 40)
748 return -ELOOP;
749
750 mnt = path->dentry->d_op->d_automount(path);
751 if (IS_ERR(mnt)) {
752 /*
753 * The filesystem is allowed to return -EISDIR here to indicate
754 * it doesn't want to automount. For instance, autofs would do
755 * this so that its userspace daemon can mount on this dentry.
756 *
757 * However, we can only permit this if it's a terminal point in
758 * the path being looked up; if it wasn't then the remainder of
759 * the path is inaccessible and we should say so.
760 */
49084c3b 761 if (PTR_ERR(mnt) == -EISDIR && (flags & LOOKUP_PARENT))
9875cf80
DH		 762 return -EREMOTE;
763 return PTR_ERR(mnt);
31e6b01f 764 }
ea5b778a 765
9875cf80
DH		 766 if (!mnt) /* mount collision */
767 return 0;
31e6b01f 768
8aef1884
AV		 769 if (!*need_mntput) {
770 /* lock_mount() may release path->mnt on error */
771 mntget(path->mnt);
772 *need_mntput = true;
773 }
19a167af 774 err = finish_automount(mnt, path);
9875cf80 775
ea5b778a
DH		 776 switch (err) {
777 case -EBUSY:
778 /* Someone else made a mount here whilst we were busy */
19a167af 779 return 0;
ea5b778a 780 case 0:
8aef1884 781 path_put(path);
ea5b778a
DH		 782 path->mnt = mnt;
783 path->dentry = dget(mnt->mnt_root);
ea5b778a 784 return 0;
19a167af
AV		 785 default:
786 return err;
ea5b778a 787 }
19a167af 788
463ffb2e
AV		 789}
790
9875cf80
DH		 791/*
792 * Handle a dentry that is managed in some way.
cc53ce53 793 * - Flagged for transit management (autofs)
9875cf80
DH		 794 * - Flagged as mountpoint
795 * - Flagged as automount point
796 *
797 * This may only be called in refwalk mode.
798 *
799 * Serialization is taken care of in namespace.c
800 */
801static int follow_managed(struct path *path, unsigned flags)
1da177e4 802{
8aef1884 803 struct vfsmount *mnt = path->mnt; /* held by caller, must be left alone */
9875cf80
DH		 804 unsigned managed;
805 bool need_mntput = false;
8aef1884 806 int ret = 0;
9875cf80
DH		 807
808 /* Given that we're not holding a lock here, we retain the value in a
809 * local variable for each dentry as we look at it so that we don't see
810 * the components of that value change under us */
811 while (managed = ACCESS_ONCE(path->dentry->d_flags),
812 managed &= DCACHE_MANAGED_DENTRY,
813 unlikely(managed != 0)) {
cc53ce53
DH		 814 /* Allow the filesystem to manage the transit without i_mutex
815 * being held. */
816 if (managed & DCACHE_MANAGE_TRANSIT) {
817 BUG_ON(!path->dentry->d_op);
818 BUG_ON(!path->dentry->d_op->d_manage);
1aed3e42 819 ret = path->dentry->d_op->d_manage(path->dentry, false);
cc53ce53 820 if (ret < 0)
8aef1884 821 break;
cc53ce53
DH		 822 }
823
9875cf80
DH		 824 /* Transit to a mounted filesystem. */
825 if (managed & DCACHE_MOUNTED) {
826 struct vfsmount *mounted = lookup_mnt(path);
827 if (mounted) {
828 dput(path->dentry);
829 if (need_mntput)
830 mntput(path->mnt);
831 path->mnt = mounted;
832 path->dentry = dget(mounted->mnt_root);
833 need_mntput = true;
834 continue;
835 }
836
837 /* Something is mounted on this dentry in another
838 * namespace and/or whatever was mounted there in this
839 * namespace got unmounted before we managed to get the
840 * vfsmount_lock */
841 }
842
843 /* Handle an automount point */
844 if (managed & DCACHE_NEED_AUTOMOUNT) {
845 ret = follow_automount(path, flags, &need_mntput);
846 if (ret < 0)
8aef1884 847 break;
9875cf80
DH		 848 continue;
849 }
850
851 /* We didn't change the current path point */
852 break;
1da177e4 853 }
8aef1884
AV		 854
855 if (need_mntput && path->mnt == mnt)
856 mntput(path->mnt);
857 if (ret == -EISDIR)
858 ret = 0;
859 return ret;
1da177e4
LT		 860}
861
cc53ce53 862int follow_down_one(struct path *path)
1da177e4
LT		 863{
864 struct vfsmount *mounted;
865
1c755af4 866 mounted = lookup_mnt(path);
1da177e4 867 if (mounted) {
9393bd07
AV		 868 dput(path->dentry);
869 mntput(path->mnt);
870 path->mnt = mounted;
871 path->dentry = dget(mounted->mnt_root);
1da177e4
LT		 872 return 1;
873 }
874 return 0;
875}
876
62a7375e
IK		 877static inline bool managed_dentry_might_block(struct dentry *dentry)
878{
879 return (dentry->d_flags & DCACHE_MANAGE_TRANSIT &&
880 dentry->d_op->d_manage(dentry, true) < 0);
881}
882
9875cf80 883/*
287548e4
AV		 884 * Try to skip to top of mountpoint pile in rcuwalk mode. Fail if
885 * we meet a managed dentry that would need blocking.
9875cf80
DH		 886 */
887static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
287548e4 888 struct inode **inode)
9875cf80 889{
62a7375e 890 for (;;) {
9875cf80 891 struct vfsmount *mounted;
62a7375e
IK		 892 /*
893 * Don't forget we might have a non-mountpoint managed dentry
894 * that wants to block transit.
895 */
287548e4 896 if (unlikely(managed_dentry_might_block(path->dentry)))
ab90911f 897 return false;
62a7375e
IK		 898
899 if (!d_mountpoint(path->dentry))
900 break;
901
9875cf80
DH		 902 mounted = __lookup_mnt(path->mnt, path->dentry, 1);
903 if (!mounted)
904 break;
905 path->mnt = mounted;
906 path->dentry = mounted->mnt_root;
907 nd->seq = read_seqcount_begin(&path->dentry->d_seq);
59430262
LT		 908 /*
909 * Update the inode too. We don't need to re-check the
910 * dentry sequence number here after this d_inode read,
911 * because a mount-point is always pinned.
912 */
913 *inode = path->dentry->d_inode;
9875cf80 914 }
9875cf80
DH		 915 return true;
916}
917
dea39376 918static void follow_mount_rcu(struct nameidata *nd)
287548e4 919{
dea39376 920 while (d_mountpoint(nd->path.dentry)) {
287548e4 921 struct vfsmount *mounted;
dea39376 922 mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry, 1);
287548e4
AV		 923 if (!mounted)
924 break;
dea39376
AV		 925 nd->path.mnt = mounted;
926 nd->path.dentry = mounted->mnt_root;
927 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
287548e4
AV		 928 }
929}
930
31e6b01f
NP		 931static int follow_dotdot_rcu(struct nameidata *nd)
932{
31e6b01f
NP		 933 set_root_rcu(nd);
934
9875cf80 935 while (1) {
31e6b01f
NP		 936 if (nd->path.dentry == nd->root.dentry &&
937 nd->path.mnt == nd->root.mnt) {
938 break;
939 }
940 if (nd->path.dentry != nd->path.mnt->mnt_root) {
941 struct dentry *old = nd->path.dentry;
942 struct dentry *parent = old->d_parent;
943 unsigned seq;
944
945 seq = read_seqcount_begin(&parent->d_seq);
946 if (read_seqcount_retry(&old->d_seq, nd->seq))
ef7562d5 947 goto failed;
31e6b01f
NP		 948 nd->path.dentry = parent;
949 nd->seq = seq;
950 break;
951 }
952 if (!follow_up_rcu(&nd->path))
953 break;
954 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
31e6b01f 955 }
dea39376
AV		 956 follow_mount_rcu(nd);
957 nd->inode = nd->path.dentry->d_inode;
31e6b01f 958 return 0;
ef7562d5
AV		 959
960failed:
961 nd->flags &= ~LOOKUP_RCU;
5b6ca027
AV		 962 if (!(nd->flags & LOOKUP_ROOT))
963 nd->root.mnt = NULL;
ef7562d5
AV		 964 rcu_read_unlock();
965 br_read_unlock(vfsmount_lock);
966 return -ECHILD;
31e6b01f
NP		 967}
968
cc53ce53
DH		 969/*
970 * Follow down to the covering mount currently visible to userspace. At each
971 * point, the filesystem owning that dentry may be queried as to whether the
972 * caller is permitted to proceed or not.
cc53ce53 973 */
7cc90cc3 974int follow_down(struct path *path)
cc53ce53
DH		 975{
976 unsigned managed;
977 int ret;
978
979 while (managed = ACCESS_ONCE(path->dentry->d_flags),
980 unlikely(managed & DCACHE_MANAGED_DENTRY)) {
981 /* Allow the filesystem to manage the transit without i_mutex
982 * being held.
983 *
984 * We indicate to the filesystem if someone is trying to mount
985 * something here. This gives autofs the chance to deny anyone
986 * other than its daemon the right to mount on its
987 * superstructure.
988 *
989 * The filesystem may sleep at this point.
990 */
991 if (managed & DCACHE_MANAGE_TRANSIT) {
992 BUG_ON(!path->dentry->d_op);
993 BUG_ON(!path->dentry->d_op->d_manage);
ab90911f 994 ret = path->dentry->d_op->d_manage(
1aed3e42 995 path->dentry, false);
cc53ce53
DH		 996 if (ret < 0)
997 return ret == -EISDIR ? 0 : ret;
998 }
999
1000 /* Transit to a mounted filesystem. */
1001 if (managed & DCACHE_MOUNTED) {
1002 struct vfsmount *mounted = lookup_mnt(path);
1003 if (!mounted)
1004 break;
1005 dput(path->dentry);
1006 mntput(path->mnt);
1007 path->mnt = mounted;
1008 path->dentry = dget(mounted->mnt_root);
1009 continue;
1010 }
1011
1012 /* Don't handle automount points here */
1013 break;
1014 }
1015 return 0;
1016}
1017
9875cf80
DH		 1018/*
1019 * Skip to top of mountpoint pile in refwalk mode for follow_dotdot()
1020 */
1021static void follow_mount(struct path *path)
1022{
1023 while (d_mountpoint(path->dentry)) {
1024 struct vfsmount *mounted = lookup_mnt(path);
1025 if (!mounted)
1026 break;
1027 dput(path->dentry);
1028 mntput(path->mnt);
1029 path->mnt = mounted;
1030 path->dentry = dget(mounted->mnt_root);
1031 }
1032}
1033
31e6b01f 1034static void follow_dotdot(struct nameidata *nd)
1da177e4 1035{
2a737871 1036 set_root(nd);
e518ddb7 1037
1da177e4 1038 while(1) {
4ac91378 1039 struct dentry *old = nd->path.dentry;
1da177e4 1040
2a737871
AV		 1041 if (nd->path.dentry == nd->root.dentry &&
1042 nd->path.mnt == nd->root.mnt) {
1da177e4
LT		 1043 break;
1044 }
4ac91378 1045 if (nd->path.dentry != nd->path.mnt->mnt_root) {
3088dd70
AV		 1046 /* rare case of legitimate dget_parent()... */
1047 nd->path.dentry = dget_parent(nd->path.dentry);
1da177e4
LT		 1048 dput(old);
1049 break;
1050 }
3088dd70 1051 if (!follow_up(&nd->path))
1da177e4 1052 break;
1da177e4 1053 }
79ed0226 1054 follow_mount(&nd->path);
31e6b01f 1055 nd->inode = nd->path.dentry->d_inode;
1da177e4
LT		 1056}
1057
baa03890
NP		 1058/*
1059 * Allocate a dentry with name and parent, and perform a parent
1060 * directory ->lookup on it. Returns the new dentry, or ERR_PTR
1061 * on error. parent->d_inode->i_mutex must be held. d_lookup must
1062 * have verified that no child exists while under i_mutex.
1063 */
1064static struct dentry *d_alloc_and_lookup(struct dentry *parent,
1065 struct qstr *name, struct nameidata *nd)
1066{
1067 struct inode *inode = parent->d_inode;
1068 struct dentry *dentry;
1069 struct dentry *old;
1070
1071 /* Don't create child dentry for a dead directory. */
1072 if (unlikely(IS_DEADDIR(inode)))
1073 return ERR_PTR(-ENOENT);
1074
1075 dentry = d_alloc(parent, name);
1076 if (unlikely(!dentry))
1077 return ERR_PTR(-ENOMEM);
1078
1079 old = inode->i_op->lookup(inode, dentry, nd);
1080 if (unlikely(old)) {
1081 dput(dentry);
1082 dentry = old;
1083 }
1084 return dentry;
1085}
1086
44396f4b
JB		 1087/*
1088 * We already have a dentry, but require a lookup to be performed on the parent
1089 * directory to fill in d_inode. Returns the new dentry, or ERR_PTR on error.
1090 * parent->d_inode->i_mutex must be held. d_lookup must have verified that no
1091 * child exists while under i_mutex.
1092 */
1093static struct dentry *d_inode_lookup(struct dentry *parent, struct dentry *dentry,
1094 struct nameidata *nd)
1095{
1096 struct inode *inode = parent->d_inode;
1097 struct dentry *old;
1098
1099 /* Don't create child dentry for a dead directory. */
1100 if (unlikely(IS_DEADDIR(inode)))
1101 return ERR_PTR(-ENOENT);
1102
1103 old = inode->i_op->lookup(inode, dentry, nd);
1104 if (unlikely(old)) {
1105 dput(dentry);
1106 dentry = old;
1107 }
1108 return dentry;
1109}
1110
1da177e4
LT		 1111/*
1112 * It's more convoluted than I'd like it to be, but... it's still fairly
1113 * small and for now I'd prefer to have fast path as straight as possible.
1114 * It _is_ time-critical.
1115 */
1116static int do_lookup(struct nameidata *nd, struct qstr *name,
31e6b01f 1117 struct path *path, struct inode **inode)
1da177e4 1118{
4ac91378 1119 struct vfsmount *mnt = nd->path.mnt;
31e6b01f 1120 struct dentry *dentry, *parent = nd->path.dentry;
5a18fff2
AV		 1121 int need_reval = 1;
1122 int status = 1;
9875cf80
DH		 1123 int err;
1124
b04f784e
NP		 1125 /*
1126 * Rename seqlock is not required here because in the off chance
1127 * of a false negative due to a concurrent rename, we're going to
1128 * do the non-racy lookup, below.
1129 */
31e6b01f
NP		 1130 if (nd->flags & LOOKUP_RCU) {
1131 unsigned seq;
31e6b01f
NP		 1132 *inode = nd->inode;
1133 dentry = __d_lookup_rcu(parent, name, &seq, inode);
5a18fff2
AV		 1134 if (!dentry)
1135 goto unlazy;
1136
31e6b01f
NP		 1137 /* Memory barrier in read_seqcount_begin of child is enough */
1138 if (__read_seqcount_retry(&parent->d_seq, nd->seq))
1139 return -ECHILD;
31e6b01f 1140 nd->seq = seq;
5a18fff2 1141
24643087 1142 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE)) {
5a18fff2
AV		 1143 status = d_revalidate(dentry, nd);
1144 if (unlikely(status <= 0)) {
1145 if (status != -ECHILD)
1146 need_reval = 0;
1147 goto unlazy;
1148 }
24643087 1149 }
44396f4b
JB		 1150 if (unlikely(d_need_lookup(dentry)))
1151 goto unlazy;
31e6b01f
NP		 1152 path->mnt = mnt;
1153 path->dentry = dentry;
d6e9bd25
AV		 1154 if (unlikely(!__follow_mount_rcu(nd, path, inode)))
1155 goto unlazy;
1156 if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT))
1157 goto unlazy;
1158 return 0;
5a18fff2 1159unlazy:
19660af7
AV		 1160 if (unlazy_walk(nd, dentry))
1161 return -ECHILD;
5a18fff2
AV		 1162 } else {
1163 dentry = __d_lookup(parent, name);
9875cf80 1164 }
5a18fff2 1165
44396f4b
JB		 1166 if (dentry && unlikely(d_need_lookup(dentry))) {
1167 dput(dentry);
1168 dentry = NULL;
1169 }
5a18fff2
AV		 1170retry:
1171 if (unlikely(!dentry)) {
1172 struct inode *dir = parent->d_inode;
1173 BUG_ON(nd->inode != dir);
1174
1175 mutex_lock(&dir->i_mutex);
1176 dentry = d_lookup(parent, name);
1177 if (likely(!dentry)) {
1178 dentry = d_alloc_and_lookup(parent, name, nd);
1179 if (IS_ERR(dentry)) {
1180 mutex_unlock(&dir->i_mutex);
1181 return PTR_ERR(dentry);
1182 }
1183 /* known good */
1184 need_reval = 0;
1185 status = 1;
44396f4b
JB		 1186 } else if (unlikely(d_need_lookup(dentry))) {
1187 dentry = d_inode_lookup(parent, dentry, nd);
1188 if (IS_ERR(dentry)) {
1189 mutex_unlock(&dir->i_mutex);
1190 return PTR_ERR(dentry);
1191 }
1192 /* known good */
1193 need_reval = 0;
1194 status = 1;
5a18fff2
AV		 1195 }
1196 mutex_unlock(&dir->i_mutex);
1197 }
1198 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE) && need_reval)
1199 status = d_revalidate(dentry, nd);
1200 if (unlikely(status <= 0)) {
1201 if (status < 0) {
1202 dput(dentry);
1203 return status;
1204 }
1205 if (!d_invalidate(dentry)) {
1206 dput(dentry);
1207 dentry = NULL;
1208 need_reval = 1;
1209 goto retry;
1210 }
24643087 1211 }
5a18fff2 1212
9875cf80
DH		 1213 path->mnt = mnt;
1214 path->dentry = dentry;
1215 err = follow_managed(path, nd->flags);
89312214
IK		 1216 if (unlikely(err < 0)) {
1217 path_put_conditional(path, nd);
9875cf80 1218 return err;
89312214 1219 }
9875cf80 1220 *inode = path->dentry->d_inode;
1da177e4 1221 return 0;
1da177e4
LT		 1222}
1223
52094c8a
AV		 1224static inline int may_lookup(struct nameidata *nd)
1225{
1226 if (nd->flags & LOOKUP_RCU) {
4ad5abb3 1227 int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
52094c8a
AV		 1228 if (err != -ECHILD)
1229 return err;
19660af7 1230 if (unlazy_walk(nd, NULL))
52094c8a
AV		 1231 return -ECHILD;
1232 }
4ad5abb3 1233 return inode_permission(nd->inode, MAY_EXEC);
52094c8a
AV		 1234}
1235
9856fa1b
AV		 1236static inline int handle_dots(struct nameidata *nd, int type)
1237{
1238 if (type == LAST_DOTDOT) {
1239 if (nd->flags & LOOKUP_RCU) {
1240 if (follow_dotdot_rcu(nd))
1241 return -ECHILD;
1242 } else
1243 follow_dotdot(nd);
1244 }
1245 return 0;
1246}
1247
951361f9
AV		 1248static void terminate_walk(struct nameidata *nd)
1249{
1250 if (!(nd->flags & LOOKUP_RCU)) {
1251 path_put(&nd->path);
1252 } else {
1253 nd->flags &= ~LOOKUP_RCU;
5b6ca027
AV		 1254 if (!(nd->flags & LOOKUP_ROOT))
1255 nd->root.mnt = NULL;
951361f9
AV		 1256 rcu_read_unlock();
1257 br_read_unlock(vfsmount_lock);
1258 }
1259}
1260
3ddcd056
LT		 1261/*
1262 * Do we need to follow links? We _really_ want to be able
1263 * to do this check without having to look at inode->i_op,
1264 * so we keep a cache of "no, this doesn't need follow_link"
1265 * for the common case.
1266 */
7813b94a 1267static inline int should_follow_link(struct inode *inode, int follow)
3ddcd056
LT		 1268{
1269 if (unlikely(!(inode->i_opflags & IOP_NOFOLLOW))) {
1270 if (likely(inode->i_op->follow_link))
1271 return follow;
1272
1273 /* This gets set once for the inode lifetime */
1274 spin_lock(&inode->i_lock);
1275 inode->i_opflags |= IOP_NOFOLLOW;
1276 spin_unlock(&inode->i_lock);
1277 }
1278 return 0;
1279}
1280
ce57dfc1
AV		 1281static inline int walk_component(struct nameidata *nd, struct path *path,
1282 struct qstr *name, int type, int follow)
1283{
1284 struct inode *inode;
1285 int err;
1286 /*
1287 * "." and ".." are special - ".." especially so because it has
1288 * to be able to know about the current root directory and
1289 * parent relationships.
1290 */
1291 if (unlikely(type != LAST_NORM))
1292 return handle_dots(nd, type);
1293 err = do_lookup(nd, name, path, &inode);
1294 if (unlikely(err)) {
1295 terminate_walk(nd);
1296 return err;
1297 }
1298 if (!inode) {
1299 path_to_nameidata(path, nd);
1300 terminate_walk(nd);
1301 return -ENOENT;
1302 }
7813b94a 1303 if (should_follow_link(inode, follow)) {
19660af7
AV		 1304 if (nd->flags & LOOKUP_RCU) {
1305 if (unlikely(unlazy_walk(nd, path->dentry))) {
1306 terminate_walk(nd);
1307 return -ECHILD;
1308 }
1309 }
ce57dfc1
AV		 1310 BUG_ON(inode != path->dentry->d_inode);
1311 return 1;
1312 }
1313 path_to_nameidata(path, nd);
1314 nd->inode = inode;
1315 return 0;
1316}
1317
b356379a
AV		 1318/*
1319 * This limits recursive symlink follows to 8, while
1320 * limiting consecutive symlinks to 40.
1321 *
1322 * Without that kind of total limit, nasty chains of consecutive
1323 * symlinks can cause almost arbitrarily long lookups.
1324 */
1325static inline int nested_symlink(struct path *path, struct nameidata *nd)
1326{
1327 int res;
1328
b356379a
AV		 1329 if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
1330 path_put_conditional(path, nd);
1331 path_put(&nd->path);
1332 return -ELOOP;
1333 }
1a4022f8 1334 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
b356379a
AV		 1335
1336 nd->depth++;
1337 current->link_count++;
1338
1339 do {
1340 struct path link = *path;
1341 void *cookie;
574197e0
AV		 1342
1343 res = follow_link(&link, nd, &cookie);
b356379a
AV		 1344 if (!res)
1345 res = walk_component(nd, path, &nd->last,
1346 nd->last_type, LOOKUP_FOLLOW);
574197e0 1347 put_link(nd, &link, cookie);
b356379a
AV		 1348 } while (res > 0);
1349
1350 current->link_count--;
1351 nd->depth--;
1352 return res;
1353}
1354
3ddcd056
LT		 1355/*
1356 * We really don't want to look at inode->i_op->lookup
1357 * when we don't have to. So we keep a cache bit in
1358 * the inode ->i_opflags field that says "yes, we can
1359 * do lookup on this inode".
1360 */
1361static inline int can_lookup(struct inode *inode)
1362{
1363 if (likely(inode->i_opflags & IOP_LOOKUP))
1364 return 1;
1365 if (likely(!inode->i_op->lookup))
1366 return 0;
1367
1368 /* We do this once for the lifetime of the inode */
1369 spin_lock(&inode->i_lock);
1370 inode->i_opflags |= IOP_LOOKUP;
1371 spin_unlock(&inode->i_lock);
1372 return 1;
1373}
1374
1da177e4
LT		 1375/*
1376 * Name resolution.
ea3834d9
PM		 1377 * This is the basic name resolution function, turning a pathname into
1378 * the final dentry. We expect 'base' to be positive and a directory.
1da177e4 1379 *
ea3834d9
PM		 1380 * Returns 0 and nd will have valid dentry and mnt on success.
1381 * Returns error and drops reference to input namei data on failure.
1da177e4 1382 */
6de88d72 1383static int link_path_walk(const char *name, struct nameidata *nd)
1da177e4
LT		 1384{
1385 struct path next;
1da177e4 1386 int err;
1da177e4
LT		 1387
1388 while (*name=='/')
1389 name++;
1390 if (!*name)
086e183a 1391 return 0;
1da177e4 1392
1da177e4
LT		 1393 /* At this point we know we have a real path component. */
1394 for(;;) {
1395 unsigned long hash;
1396 struct qstr this;
1397 unsigned int c;
fe479a58 1398 int type;
1da177e4 1399
52094c8a 1400 err = may_lookup(nd);
1da177e4
LT		 1401 if (err)
1402 break;
1403
1404 this.name = name;
1405 c = *(const unsigned char *)name;
1406
1407 hash = init_name_hash();
1408 do {
1409 name++;
1410 hash = partial_name_hash(c, hash);
1411 c = *(const unsigned char *)name;
1412 } while (c && (c != '/'));
1413 this.len = name - (const char *) this.name;
1414 this.hash = end_name_hash(hash);
1415
fe479a58
AV		 1416 type = LAST_NORM;
1417 if (this.name[0] == '.') switch (this.len) {
1418 case 2:
16c2cd71 1419 if (this.name[1] == '.') {
fe479a58 1420 type = LAST_DOTDOT;
16c2cd71
AV		 1421 nd->flags |= LOOKUP_JUMPED;
1422 }
fe479a58
AV		 1423 break;
1424 case 1:
1425 type = LAST_DOT;
1426 }
5a202bcd
AV		 1427 if (likely(type == LAST_NORM)) {
1428 struct dentry *parent = nd->path.dentry;
16c2cd71 1429 nd->flags &= ~LOOKUP_JUMPED;
5a202bcd
AV		 1430 if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
1431 err = parent->d_op->d_hash(parent, nd->inode,
1432 &this);
1433 if (err < 0)
1434 break;
1435 }
1436 }
fe479a58 1437
1da177e4
LT		 1438 /* remove trailing slashes? */
1439 if (!c)
1440 goto last_component;
1441 while (*++name == '/');
1442 if (!*name)
b356379a 1443 goto last_component;
1da177e4 1444
ce57dfc1
AV		 1445 err = walk_component(nd, &next, &this, type, LOOKUP_FOLLOW);
1446 if (err < 0)
1447 return err;
1da177e4 1448
ce57dfc1 1449 if (err) {
b356379a 1450 err = nested_symlink(&next, nd);
1da177e4 1451 if (err)
a7472bab 1452 return err;
31e6b01f 1453 }
3ddcd056
LT		 1454 if (can_lookup(nd->inode))
1455 continue;
1da177e4 1456 err = -ENOTDIR;
3ddcd056 1457 break;
1da177e4
LT		 1458 /* here ends the main loop */
1459
1da177e4 1460last_component:
b356379a
AV		 1461 nd->last = this;
1462 nd->last_type = type;
086e183a 1463 return 0;
1da177e4 1464 }
951361f9 1465 terminate_walk(nd);
1da177e4
LT		 1466 return err;
1467}
1468
70e9b357
AV		 1469static int path_init(int dfd, const char *name, unsigned int flags,
1470 struct nameidata *nd, struct file **fp)
31e6b01f
NP		 1471{
1472 int retval = 0;
1473 int fput_needed;
1474 struct file *file;
1475
1476 nd->last_type = LAST_ROOT; /* if there are only slashes... */
16c2cd71 1477 nd->flags = flags | LOOKUP_JUMPED;
31e6b01f 1478 nd->depth = 0;
5b6ca027
AV		 1479 if (flags & LOOKUP_ROOT) {
1480 struct inode *inode = nd->root.dentry->d_inode;
73d049a4
AV		 1481 if (*name) {
1482 if (!inode->i_op->lookup)
1483 return -ENOTDIR;
1484 retval = inode_permission(inode, MAY_EXEC);
1485 if (retval)
1486 return retval;
1487 }
5b6ca027
AV		 1488 nd->path = nd->root;
1489 nd->inode = inode;
1490 if (flags & LOOKUP_RCU) {
1491 br_read_lock(vfsmount_lock);
1492 rcu_read_lock();
1493 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1494 } else {
1495 path_get(&nd->path);
1496 }
1497 return 0;
1498 }
1499
31e6b01f 1500 nd->root.mnt = NULL;
31e6b01f
NP		 1501
1502 if (*name=='/') {
e41f7d4e
AV		 1503 if (flags & LOOKUP_RCU) {
1504 br_read_lock(vfsmount_lock);
1505 rcu_read_lock();
1506 set_root_rcu(nd);
1507 } else {
1508 set_root(nd);
1509 path_get(&nd->root);
1510 }
1511 nd->path = nd->root;
31e6b01f 1512 } else if (dfd == AT_FDCWD) {
e41f7d4e
AV		 1513 if (flags & LOOKUP_RCU) {
1514 struct fs_struct *fs = current->fs;
1515 unsigned seq;
31e6b01f 1516
e41f7d4e
AV		 1517 br_read_lock(vfsmount_lock);
1518 rcu_read_lock();
c28cc364 1519
e41f7d4e
AV		 1520 do {
1521 seq = read_seqcount_begin(&fs->seq);
1522 nd->path = fs->pwd;
1523 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1524 } while (read_seqcount_retry(&fs->seq, seq));
1525 } else {
1526 get_fs_pwd(current->fs, &nd->path);
1527 }
31e6b01f
NP		 1528 } else {
1529 struct dentry *dentry;
1530
1abf0c71 1531 file = fget_raw_light(dfd, &fput_needed);
31e6b01f
NP		 1532 retval = -EBADF;
1533 if (!file)
1534 goto out_fail;
1535
1536 dentry = file->f_path.dentry;
1537
f52e0c11
AV		 1538 if (*name) {
1539 retval = -ENOTDIR;
1540 if (!S_ISDIR(dentry->d_inode->i_mode))
1541 goto fput_fail;
31e6b01f 1542
4ad5abb3 1543 retval = inode_permission(dentry->d_inode, MAY_EXEC);
f52e0c11
AV		 1544 if (retval)
1545 goto fput_fail;
1546 }
31e6b01f
NP		 1547
1548 nd->path = file->f_path;
e41f7d4e
AV		 1549 if (flags & LOOKUP_RCU) {
1550 if (fput_needed)
70e9b357 1551 *fp = file;
e41f7d4e
AV		 1552 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
1553 br_read_lock(vfsmount_lock);
1554 rcu_read_lock();
1555 } else {
1556 path_get(&file->f_path);
1557 fput_light(file, fput_needed);
1558 }
31e6b01f 1559 }
31e6b01f 1560
31e6b01f 1561 nd->inode = nd->path.dentry->d_inode;
9b4a9b14 1562 return 0;
2dfdd266 1563
9b4a9b14
AV		 1564fput_fail:
1565 fput_light(file, fput_needed);
1566out_fail:
1567 return retval;
1568}
1569
bd92d7fe
AV		 1570static inline int lookup_last(struct nameidata *nd, struct path *path)
1571{
1572 if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
1573 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
1574
1575 nd->flags &= ~LOOKUP_PARENT;
1576 return walk_component(nd, path, &nd->last, nd->last_type,
1577 nd->flags & LOOKUP_FOLLOW);
1578}
1579
9b4a9b14 1580/* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
ee0827cd 1581static int path_lookupat(int dfd, const char *name,
9b4a9b14
AV		 1582 unsigned int flags, struct nameidata *nd)
1583{
70e9b357 1584 struct file *base = NULL;
bd92d7fe
AV		 1585 struct path path;
1586 int err;
31e6b01f
NP		 1587
1588 /*
1589 * Path walking is largely split up into 2 different synchronisation
1590 * schemes, rcu-walk and ref-walk (explained in
1591 * Documentation/filesystems/path-lookup.txt). These share much of the
1592 * path walk code, but some things particularly setup, cleanup, and
1593 * following mounts are sufficiently divergent that functions are
1594 * duplicated. Typically there is a function foo(), and its RCU
1595 * analogue, foo_rcu().
1596 *
1597 * -ECHILD is the error number of choice (just to avoid clashes) that
1598 * is returned if some aspect of an rcu-walk fails. Such an error must
1599 * be handled by restarting a traditional ref-walk (which will always
1600 * be able to complete).
1601 */
bd92d7fe 1602 err = path_init(dfd, name, flags | LOOKUP_PARENT, nd, &base);
ee0827cd 1603
bd92d7fe
AV		 1604 if (unlikely(err))
1605 return err;
ee0827cd
AV		 1606
1607 current->total_link_count = 0;
bd92d7fe
AV		 1608 err = link_path_walk(name, nd);
1609
1610 if (!err && !(flags & LOOKUP_PARENT)) {
bd92d7fe
AV		 1611 err = lookup_last(nd, &path);
1612 while (err > 0) {
1613 void *cookie;
1614 struct path link = path;
bd92d7fe 1615 nd->flags |= LOOKUP_PARENT;
574197e0 1616 err = follow_link(&link, nd, &cookie);
bd92d7fe
AV		 1617 if (!err)
1618 err = lookup_last(nd, &path);
574197e0 1619 put_link(nd, &link, cookie);
bd92d7fe
AV		 1620 }
1621 }
ee0827cd 1622
9f1fafee
AV		 1623 if (!err)
1624 err = complete_walk(nd);
bd92d7fe
AV		 1625
1626 if (!err && nd->flags & LOOKUP_DIRECTORY) {
1627 if (!nd->inode->i_op->lookup) {
1628 path_put(&nd->path);
bd23a539 1629 err = -ENOTDIR;
bd92d7fe
AV		 1630 }
1631 }
16c2cd71 1632
70e9b357
AV		 1633 if (base)
1634 fput(base);
ee0827cd 1635
5b6ca027 1636 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
2a737871
AV		 1637 path_put(&nd->root);
1638 nd->root.mnt = NULL;
1639 }
bd92d7fe 1640 return err;
ee0827cd 1641}
31e6b01f 1642
ee0827cd
AV		 1643static int do_path_lookup(int dfd, const char *name,
1644 unsigned int flags, struct nameidata *nd)
1645{
1646 int retval = path_lookupat(dfd, name, flags | LOOKUP_RCU, nd);
1647 if (unlikely(retval == -ECHILD))
1648 retval = path_lookupat(dfd, name, flags, nd);
1649 if (unlikely(retval == -ESTALE))
1650 retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
31e6b01f
NP		 1651
1652 if (likely(!retval)) {
1653 if (unlikely(!audit_dummy_context())) {
1654 if (nd->path.dentry && nd->inode)
1655 audit_inode(name, nd->path.dentry);
1656 }
1657 }
170aa3d0 1658 return retval;
1da177e4
LT		 1659}
1660
c9c6cac0 1661int kern_path_parent(const char *name, struct nameidata *nd)
5590ff0d 1662{
c9c6cac0 1663 return do_path_lookup(AT_FDCWD, name, LOOKUP_PARENT, nd);
5590ff0d
UD		 1664}
1665
d1811465
AV		 1666int kern_path(const char *name, unsigned int flags, struct path *path)
1667{
1668 struct nameidata nd;
1669 int res = do_path_lookup(AT_FDCWD, name, flags, &nd);
1670 if (!res)
1671 *path = nd.path;
1672 return res;
1673}
1674
16f18200
JJS		 1675/**
1676 * vfs_path_lookup - lookup a file path relative to a dentry-vfsmount pair
1677 * @dentry: pointer to dentry of the base directory
1678 * @mnt: pointer to vfs mount of the base directory
1679 * @name: pointer to file name
1680 * @flags: lookup flags
e0a01249 1681 * @path: pointer to struct path to fill
16f18200
JJS		 1682 */
1683int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1684 const char *name, unsigned int flags,
e0a01249 1685 struct path *path)
16f18200 1686{
e0a01249
AV		 1687 struct nameidata nd;
1688 int err;
1689 nd.root.dentry = dentry;
1690 nd.root.mnt = mnt;
1691 BUG_ON(flags & LOOKUP_PARENT);
5b6ca027 1692 /* the first argument of do_path_lookup() is ignored with LOOKUP_ROOT */
e0a01249
AV		 1693 err = do_path_lookup(AT_FDCWD, name, flags | LOOKUP_ROOT, &nd);
1694 if (!err)
1695 *path = nd.path;
1696 return err;
16f18200
JJS		 1697}
1698
eead1911
CH		 1699static struct dentry *__lookup_hash(struct qstr *name,
1700 struct dentry *base, struct nameidata *nd)
1da177e4 1701{
81fca444 1702 struct inode *inode = base->d_inode;
057f6c01 1703 struct dentry *dentry;
1da177e4
LT		 1704 int err;
1705
4ad5abb3 1706 err = inode_permission(inode, MAY_EXEC);
81fca444
CH		 1707 if (err)
1708 return ERR_PTR(err);
1da177e4 1709
b04f784e
NP		 1710 /*
1711 * Don't bother with __d_lookup: callers are for creat as
1712 * well as unlink, so a lot of the time it would cost
1713 * a double lookup.
6e6b1bd1 1714 */
b04f784e 1715 dentry = d_lookup(base, name);
6e6b1bd1 1716
44396f4b
JB		 1717 if (dentry && d_need_lookup(dentry)) {
1718 /*
1719 * __lookup_hash is called with the parent dir's i_mutex already
1720 * held, so we are good to go here.
1721 */
1722 dentry = d_inode_lookup(base, dentry, nd);
1723 if (IS_ERR(dentry))
1724 return dentry;
1725 }
1726
d2d9e9fb
AV		 1727 if (dentry && (dentry->d_flags & DCACHE_OP_REVALIDATE)) {
1728 int status = d_revalidate(dentry, nd);
1729 if (unlikely(status <= 0)) {
1730 /*
1731 * The dentry failed validation.
1732 * If d_revalidate returned 0 attempt to invalidate
1733 * the dentry otherwise d_revalidate is asking us
1734 * to return a fail status.
1735 */
1736 if (status < 0) {
1737 dput(dentry);
1738 return ERR_PTR(status);
1739 } else if (!d_invalidate(dentry)) {
1740 dput(dentry);
1741 dentry = NULL;
1742 }
1743 }
1744 }
6e6b1bd1 1745
baa03890
NP		 1746 if (!dentry)
1747 dentry = d_alloc_and_lookup(base, name, nd);
5a202bcd 1748
1da177e4
LT		 1749 return dentry;
1750}
1751
057f6c01
JM		 1752/*
1753 * Restricted form of lookup. Doesn't follow links, single-component only,
1754 * needs parent already locked. Doesn't follow mounts.
1755 * SMP-safe.
1756 */
eead1911 1757static struct dentry *lookup_hash(struct nameidata *nd)
057f6c01 1758{
4ac91378 1759 return __lookup_hash(&nd->last, nd->path.dentry, nd);
1da177e4
LT		 1760}
1761
eead1911 1762/**
a6b91919 1763 * lookup_one_len - filesystem helper to lookup single pathname component
eead1911
CH		 1764 * @name: pathname component to lookup
1765 * @base: base directory to lookup from
1766 * @len: maximum length @len should be interpreted to
1767 *
a6b91919
RD		 1768 * Note that this routine is purely a helper for filesystem usage and should
1769 * not be called by generic code. Also note that by using this function the
eead1911
CH		 1770 * nameidata argument is passed to the filesystem methods and a filesystem
1771 * using this helper needs to be prepared for that.
1772 */
057f6c01
JM		 1773struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1774{
057f6c01 1775 struct qstr this;
6a96ba54
AV		 1776 unsigned long hash;
1777 unsigned int c;
057f6c01 1778
2f9092e1
DW		 1779 WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex));
1780
6a96ba54
AV		 1781 this.name = name;
1782 this.len = len;
1783 if (!len)
1784 return ERR_PTR(-EACCES);
1785
1786 hash = init_name_hash();
1787 while (len--) {
1788 c = *(const unsigned char *)name++;
1789 if (c == '/' || c == '\0')
1790 return ERR_PTR(-EACCES);
1791 hash = partial_name_hash(c, hash);
1792 }
1793 this.hash = end_name_hash(hash);
5a202bcd
AV		 1794 /*
1795 * See if the low-level filesystem might want
1796 * to use its own hash..
1797 */
1798 if (base->d_flags & DCACHE_OP_HASH) {
1799 int err = base->d_op->d_hash(base, base->d_inode, &this);
1800 if (err < 0)
1801 return ERR_PTR(err);
1802 }
eead1911 1803
49705b77 1804 return __lookup_hash(&this, base, NULL);
057f6c01
JM		 1805}
1806
2d8f3038
AV		 1807int user_path_at(int dfd, const char __user *name, unsigned flags,
1808 struct path *path)
1da177e4 1809{
2d8f3038 1810 struct nameidata nd;
f52e0c11 1811 char *tmp = getname_flags(name, flags);
1da177e4 1812 int err = PTR_ERR(tmp);
1da177e4 1813 if (!IS_ERR(tmp)) {
2d8f3038
AV		 1814
1815 BUG_ON(flags & LOOKUP_PARENT);
1816
1817 err = do_path_lookup(dfd, tmp, flags, &nd);
1da177e4 1818 putname(tmp);
2d8f3038
AV		 1819 if (!err)
1820 *path = nd.path;
1da177e4
LT		 1821 }
1822 return err;
1823}
1824
2ad94ae6
AV		 1825static int user_path_parent(int dfd, const char __user *path,
1826 struct nameidata *nd, char **name)
1827{
1828 char *s = getname(path);
1829 int error;
1830
1831 if (IS_ERR(s))
1832 return PTR_ERR(s);
1833
1834 error = do_path_lookup(dfd, s, LOOKUP_PARENT, nd);
1835 if (error)
1836 putname(s);
1837 else
1838 *name = s;
1839
1840 return error;
1841}
1842
1da177e4
LT		 1843/*
1844 * It's inline, so penalty for filesystems that don't use sticky bit is
1845 * minimal.
1846 */
1847static inline int check_sticky(struct inode *dir, struct inode *inode)
1848{
da9592ed
DH		 1849 uid_t fsuid = current_fsuid();
1850
1da177e4
LT		 1851 if (!(dir->i_mode & S_ISVTX))
1852 return 0;
e795b717
SH		 1853 if (current_user_ns() != inode_userns(inode))
1854 goto other_userns;
da9592ed 1855 if (inode->i_uid == fsuid)
1da177e4 1856 return 0;
da9592ed 1857 if (dir->i_uid == fsuid)
1da177e4 1858 return 0;
e795b717
SH		 1859
1860other_userns:
1861 return !ns_capable(inode_userns(inode), CAP_FOWNER);
1da177e4
LT		 1862}
1863
1864/*
1865 * Check whether we can remove a link victim from directory dir, check
1866 * whether the type of victim is right.
1867 * 1. We can't do it if dir is read-only (done in permission())
1868 * 2. We should have write and exec permissions on dir
1869 * 3. We can't remove anything from append-only dir
1870 * 4. We can't do anything with immutable dir (done in permission())
1871 * 5. If the sticky bit on dir is set we should either
1872 * a. be owner of dir, or
1873 * b. be owner of victim, or
1874 * c. have CAP_FOWNER capability
1875 * 6. If the victim is append-only or immutable we can't do antyhing with
1876 * links pointing to it.
1877 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
1878 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
1879 * 9. We can't remove a root or mountpoint.
1880 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
1881 * nfs_async_unlink().
1882 */
858119e1 1883static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1da177e4
LT		 1884{
1885 int error;
1886
1887 if (!victim->d_inode)
1888 return -ENOENT;
1889
1890 BUG_ON(victim->d_parent->d_inode != dir);
cccc6bba 1891 audit_inode_child(victim, dir);
1da177e4 1892
f419a2e3 1893 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
1da177e4
LT		 1894 if (error)
1895 return error;
1896 if (IS_APPEND(dir))
1897 return -EPERM;
1898 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
f9454548 1899 IS_IMMUTABLE(victim->d_inode) || IS_SWAPFILE(victim->d_inode))
1da177e4
LT		 1900 return -EPERM;
1901 if (isdir) {
1902 if (!S_ISDIR(victim->d_inode->i_mode))
1903 return -ENOTDIR;
1904 if (IS_ROOT(victim))
1905 return -EBUSY;
1906 } else if (S_ISDIR(victim->d_inode->i_mode))
1907 return -EISDIR;
1908 if (IS_DEADDIR(dir))
1909 return -ENOENT;
1910 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1911 return -EBUSY;
1912 return 0;
1913}
1914
1915/* Check whether we can create an object with dentry child in directory
1916 * dir.
1917 * 1. We can't do it if child already exists (open has special treatment for
1918 * this case, but since we are inlined it's OK)
1919 * 2. We can't do it if dir is read-only (done in permission())
1920 * 3. We should have write and exec permissions on dir
1921 * 4. We can't do it if dir is immutable (done in permission())
1922 */
a95164d9 1923static inline int may_create(struct inode *dir, struct dentry *child)
1da177e4
LT		 1924{
1925 if (child->d_inode)
1926 return -EEXIST;
1927 if (IS_DEADDIR(dir))
1928 return -ENOENT;
f419a2e3 1929 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
1da177e4
LT		 1930}
1931
1da177e4
LT		 1932/*
1933 * p1 and p2 should be directories on the same fs.
1934 */
1935struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1936{
1937 struct dentry *p;
1938
1939 if (p1 == p2) {
f2eace23 1940 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1da177e4
LT		 1941 return NULL;
1942 }
1943
a11f3a05 1944 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1da177e4 1945
e2761a11
OH		 1946 p = d_ancestor(p2, p1);
1947 if (p) {
1948 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT);
1949 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD);
1950 return p;
1da177e4
LT		 1951 }
1952
e2761a11
OH		 1953 p = d_ancestor(p1, p2);
1954 if (p) {
1955 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1956 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1957 return p;
1da177e4
LT		 1958 }
1959
f2eace23
IM		 1960 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1961 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1da177e4
LT		 1962 return NULL;
1963}
1964
1965void unlock_rename(struct dentry *p1, struct dentry *p2)
1966{
1b1dcc1b 1967 mutex_unlock(&p1->d_inode->i_mutex);
1da177e4 1968 if (p1 != p2) {
1b1dcc1b 1969 mutex_unlock(&p2->d_inode->i_mutex);
a11f3a05 1970 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1da177e4
LT		 1971 }
1972}
1973
1974int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1975 struct nameidata *nd)
1976{
a95164d9 1977 int error = may_create(dir, dentry);
1da177e4
LT		 1978
1979 if (error)
1980 return error;
1981
acfa4380 1982 if (!dir->i_op->create)
1da177e4
LT		 1983 return -EACCES; /* shouldn't it be ENOSYS? */
1984 mode &= S_IALLUGO;
1985 mode |= S_IFREG;
1986 error = security_inode_create(dir, dentry, mode);
1987 if (error)
1988 return error;
1da177e4 1989 error = dir->i_op->create(dir, dentry, mode, nd);
a74574aa 1990 if (!error)
f38aa942 1991 fsnotify_create(dir, dentry);
1da177e4
LT		 1992 return error;
1993}
1994
73d049a4 1995static int may_open(struct path *path, int acc_mode, int flag)
1da177e4 1996{
3fb64190 1997 struct dentry *dentry = path->dentry;
1da177e4
LT		 1998 struct inode *inode = dentry->d_inode;
1999 int error;
2000
bcda7652
AV		 2001 /* O_PATH? */
2002 if (!acc_mode)
2003 return 0;
2004
1da177e4
LT		 2005 if (!inode)
2006 return -ENOENT;
2007
c8fe8f30
CH		 2008 switch (inode->i_mode & S_IFMT) {
2009 case S_IFLNK:
1da177e4 2010 return -ELOOP;
c8fe8f30
CH		 2011 case S_IFDIR:
2012 if (acc_mode & MAY_WRITE)
2013 return -EISDIR;
2014 break;
2015 case S_IFBLK:
2016 case S_IFCHR:
3fb64190 2017 if (path->mnt->mnt_flags & MNT_NODEV)
1da177e4 2018 return -EACCES;
c8fe8f30
CH		 2019 /*FALLTHRU*/
2020 case S_IFIFO:
2021 case S_IFSOCK:
1da177e4 2022 flag &= ~O_TRUNC;
c8fe8f30 2023 break;
4a3fd211 2024 }
b41572e9 2025
3fb64190 2026 error = inode_permission(inode, acc_mode);
b41572e9
DH		 2027 if (error)
2028 return error;
6146f0d5 2029
1da177e4
LT		 2030 /*
2031 * An append-only file must be opened in append mode for writing.
2032 */
2033 if (IS_APPEND(inode)) {
8737c930 2034 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
7715b521 2035 return -EPERM;
1da177e4 2036 if (flag & O_TRUNC)
7715b521 2037 return -EPERM;
1da177e4
LT		 2038 }
2039
2040 /* O_NOATIME can only be set by the owner or superuser */
2e149670 2041 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
7715b521 2042 return -EPERM;
1da177e4
LT		 2043
2044 /*
2045 * Ensure there are no outstanding leases on the file.
2046 */
b65a9cfc 2047 return break_lease(inode, flag);
7715b521 2048}
1da177e4 2049
e1181ee6 2050static int handle_truncate(struct file *filp)
7715b521 2051{
e1181ee6 2052 struct path *path = &filp->f_path;
7715b521
AV		 2053 struct inode *inode = path->dentry->d_inode;
2054 int error = get_write_access(inode);
2055 if (error)
2056 return error;
2057 /*
2058 * Refuse to truncate files with mandatory locks held on them.
2059 */
2060 error = locks_verify_locked(inode);
2061 if (!error)
ea0d3ab2 2062 error = security_path_truncate(path);
7715b521
AV		 2063 if (!error) {
2064 error = do_truncate(path->dentry, 0,
2065 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
e1181ee6 2066 filp);
7715b521
AV		 2067 }
2068 put_write_access(inode);
acd0c935 2069 return error;
1da177e4
LT		 2070}
2071
d57999e1
DH		 2072static inline int open_to_namei_flags(int flag)
2073{
8a5e929d
AV		 2074 if ((flag & O_ACCMODE) == 3)
2075 flag--;
d57999e1
DH		 2076 return flag;
2077}
2078
31e6b01f 2079/*
fe2d35ff 2080 * Handle the last step of open()
31e6b01f 2081 */
fb1cc555 2082static struct file *do_last(struct nameidata *nd, struct path *path,
c3e380b0 2083 const struct open_flags *op, const char *pathname)
fb1cc555 2084{
a1e28038 2085 struct dentry *dir = nd->path.dentry;
6c0d46c4 2086 struct dentry *dentry;
ca344a89 2087 int open_flag = op->open_flag;
6c0d46c4 2088 int will_truncate = open_flag & O_TRUNC;
ca344a89 2089 int want_write = 0;
bcda7652 2090 int acc_mode = op->acc_mode;
fb1cc555 2091 struct file *filp;
16c2cd71 2092 int error;
1f36f774 2093
c3e380b0
AV		 2094 nd->flags &= ~LOOKUP_PARENT;
2095 nd->flags |= op->intent;
2096
1f36f774
AV		 2097 switch (nd->last_type) {
2098 case LAST_DOTDOT:
176306f5 2099 case LAST_DOT:
fe2d35ff
AV		 2100 error = handle_dots(nd, nd->last_type);
2101 if (error)
2102 return ERR_PTR(error);
1f36f774 2103 /* fallthrough */
1f36f774 2104 case LAST_ROOT:
9f1fafee 2105 error = complete_walk(nd);
16c2cd71 2106 if (error)
9f1fafee 2107 return ERR_PTR(error);
fe2d35ff 2108 audit_inode(pathname, nd->path.dentry);
ca344a89 2109 if (open_flag & O_CREAT) {
fe2d35ff
AV		 2110 error = -EISDIR;
2111 goto exit;
2112 }
2113 goto ok;
1f36f774 2114 case LAST_BIND:
9f1fafee 2115 error = complete_walk(nd);
16c2cd71 2116 if (error)
9f1fafee 2117 return ERR_PTR(error);
1f36f774 2118 audit_inode(pathname, dir);
67ee3ad2 2119 goto ok;
1f36f774 2120 }
67ee3ad2 2121
ca344a89 2122 if (!(open_flag & O_CREAT)) {
bcda7652 2123 int symlink_ok = 0;
fe2d35ff
AV		 2124 if (nd->last.name[nd->last.len])
2125 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
bcda7652
AV		 2126 if (open_flag & O_PATH && !(nd->flags & LOOKUP_FOLLOW))
2127 symlink_ok = 1;
fe2d35ff 2128 /* we _can_ be in RCU mode here */
ce57dfc1
AV		 2129 error = walk_component(nd, path, &nd->last, LAST_NORM,
2130 !symlink_ok);
2131 if (error < 0)
fe2d35ff 2132 return ERR_PTR(error);
ce57dfc1 2133 if (error) /* symlink */
fe2d35ff 2134 return NULL;
fe2d35ff 2135 /* sayonara */
9f1fafee
AV		 2136 error = complete_walk(nd);
2137 if (error)
2138 return ERR_PTR(-ECHILD);
fe2d35ff
AV		 2139
2140 error = -ENOTDIR;
2141 if (nd->flags & LOOKUP_DIRECTORY) {
ce57dfc1 2142 if (!nd->inode->i_op->lookup)
fe2d35ff
AV		 2143 goto exit;
2144 }
2145 audit_inode(pathname, nd->path.dentry);
2146 goto ok;
2147 }
2148
2149 /* create side of things */
9f1fafee
AV		 2150 error = complete_walk(nd);
2151 if (error)
2152 return ERR_PTR(error);
fe2d35ff
AV		 2153
2154 audit_inode(pathname, dir);
16c2cd71 2155 error = -EISDIR;
1f36f774 2156 /* trailing slashes? */
31e6b01f
NP		 2157 if (nd->last.name[nd->last.len])
2158 goto exit;
a2c36b45 2159
a1e28038
AV		 2160 mutex_lock(&dir->d_inode->i_mutex);
2161
6c0d46c4
AV		 2162 dentry = lookup_hash(nd);
2163 error = PTR_ERR(dentry);
2164 if (IS_ERR(dentry)) {
fb1cc555
AV		 2165 mutex_unlock(&dir->d_inode->i_mutex);
2166 goto exit;
2167 }
2168
6c0d46c4
AV		 2169 path->dentry = dentry;
2170 path->mnt = nd->path.mnt;
2171
fb1cc555 2172 /* Negative dentry, just create the file */
6c0d46c4
AV		 2173 if (!dentry->d_inode) {
2174 int mode = op->mode;
2175 if (!IS_POSIXACL(dir->d_inode))
2176 mode &= ~current_umask();
fb1cc555
AV		 2177 /*
2178 * This write is needed to ensure that a
6c0d46c4 2179 * rw->ro transition does not occur between
fb1cc555
AV		 2180 * the time when the file is created and when
2181 * a permanent write count is taken through
2182 * the 'struct file' in nameidata_to_filp().
2183 */
2184 error = mnt_want_write(nd->path.mnt);
2185 if (error)
2186 goto exit_mutex_unlock;
ca344a89 2187 want_write = 1;
9b44f1b3 2188 /* Don't check for write permission, don't truncate */
ca344a89 2189 open_flag &= ~O_TRUNC;
6c0d46c4 2190 will_truncate = 0;
bcda7652 2191 acc_mode = MAY_OPEN;
6c0d46c4
AV		 2192 error = security_path_mknod(&nd->path, dentry, mode, 0);
2193 if (error)
2194 goto exit_mutex_unlock;
2195 error = vfs_create(dir->d_inode, dentry, mode, nd);
2196 if (error)
2197 goto exit_mutex_unlock;
2198 mutex_unlock(&dir->d_inode->i_mutex);
2199 dput(nd->path.dentry);
2200 nd->path.dentry = dentry;
ca344a89 2201 goto common;
fb1cc555
AV		 2202 }
2203
2204 /*
2205 * It already exists.
2206 */
2207 mutex_unlock(&dir->d_inode->i_mutex);
2208 audit_inode(pathname, path->dentry);
2209
2210 error = -EEXIST;
ca344a89 2211 if (open_flag & O_EXCL)
fb1cc555
AV		 2212 goto exit_dput;
2213
9875cf80
DH		 2214 error = follow_managed(path, nd->flags);
2215 if (error < 0)
2216 goto exit_dput;
fb1cc555
AV		 2217
2218 error = -ENOENT;
2219 if (!path->dentry->d_inode)
2220 goto exit_dput;
9e67f361
AV		 2221
2222 if (path->dentry->d_inode->i_op->follow_link)
fb1cc555 2223 return NULL;
fb1cc555
AV		 2224
2225 path_to_nameidata(path, nd);
31e6b01f 2226 nd->inode = path->dentry->d_inode;
fb1cc555 2227 error = -EISDIR;
31e6b01f 2228 if (S_ISDIR(nd->inode->i_mode))
fb1cc555 2229 goto exit;
67ee3ad2 2230ok:
6c0d46c4
AV		 2231 if (!S_ISREG(nd->inode->i_mode))
2232 will_truncate = 0;
2233
0f9d1a10
AV		 2234 if (will_truncate) {
2235 error = mnt_want_write(nd->path.mnt);
2236 if (error)
2237 goto exit;
ca344a89 2238 want_write = 1;
0f9d1a10 2239 }
ca344a89 2240common:
bcda7652 2241 error = may_open(&nd->path, acc_mode, open_flag);
ca344a89 2242 if (error)
0f9d1a10 2243 goto exit;
0f9d1a10
AV		 2244 filp = nameidata_to_filp(nd);
2245 if (!IS_ERR(filp)) {
2246 error = ima_file_check(filp, op->acc_mode);
2247 if (error) {
2248 fput(filp);
2249 filp = ERR_PTR(error);
2250 }
2251 }
2252 if (!IS_ERR(filp)) {
2253 if (will_truncate) {
2254 error = handle_truncate(filp);
2255 if (error) {
2256 fput(filp);
2257 filp = ERR_PTR(error);
2258 }
2259 }
2260 }
ca344a89
AV		 2261out:
2262 if (want_write)
0f9d1a10
AV		 2263 mnt_drop_write(nd->path.mnt);
2264 path_put(&nd->path);
fb1cc555
AV		 2265 return filp;
2266
2267exit_mutex_unlock:
2268 mutex_unlock(&dir->d_inode->i_mutex);
2269exit_dput:
2270 path_put_conditional(path, nd);
2271exit:
ca344a89
AV		 2272 filp = ERR_PTR(error);
2273 goto out;
fb1cc555
AV		 2274}
2275
13aab428 2276static struct file *path_openat(int dfd, const char *pathname,
73d049a4 2277 struct nameidata *nd, const struct open_flags *op, int flags)
1da177e4 2278{
fe2d35ff 2279 struct file *base = NULL;
4a3fd211 2280 struct file *filp;
9850c056 2281 struct path path;
13aab428 2282 int error;
31e6b01f
NP		 2283
2284 filp = get_empty_filp();
2285 if (!filp)
2286 return ERR_PTR(-ENFILE);
2287
47c805dc 2288 filp->f_flags = op->open_flag;
73d049a4
AV		 2289 nd->intent.open.file = filp;
2290 nd->intent.open.flags = open_to_namei_flags(op->open_flag);
2291 nd->intent.open.create_mode = op->mode;
31e6b01f 2292
73d049a4 2293 error = path_init(dfd, pathname, flags | LOOKUP_PARENT, nd, &base);
31e6b01f 2294 if (unlikely(error))
13aab428 2295 goto out_filp;
31e6b01f 2296
fe2d35ff 2297 current->total_link_count = 0;
73d049a4 2298 error = link_path_walk(pathname, nd);
31e6b01f
NP		 2299 if (unlikely(error))
2300 goto out_filp;
1da177e4 2301
73d049a4 2302 filp = do_last(nd, &path, op, pathname);
806b681c 2303 while (unlikely(!filp)) { /* trailing symlink */
7b9337aa 2304 struct path link = path;
def4af30 2305 void *cookie;
574197e0 2306 if (!(nd->flags & LOOKUP_FOLLOW)) {
73d049a4
AV		 2307 path_put_conditional(&path, nd);
2308 path_put(&nd->path);
40b39136
AV		 2309 filp = ERR_PTR(-ELOOP);
2310 break;
2311 }
73d049a4
AV		 2312 nd->flags |= LOOKUP_PARENT;
2313 nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL);
574197e0 2314 error = follow_link(&link, nd, &cookie);
c3e380b0 2315 if (unlikely(error))
f1afe9ef 2316 filp = ERR_PTR(error);
c3e380b0 2317 else
73d049a4 2318 filp = do_last(nd, &path, op, pathname);
574197e0 2319 put_link(nd, &link, cookie);
806b681c 2320 }
10fa8e62 2321out:
73d049a4
AV		 2322 if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT))
2323 path_put(&nd->root);
fe2d35ff
AV		 2324 if (base)
2325 fput(base);
73d049a4 2326 release_open_intent(nd);
10fa8e62 2327 return filp;
1da177e4 2328
31e6b01f 2329out_filp:
806b681c 2330 filp = ERR_PTR(error);
10fa8e62 2331 goto out;
1da177e4
LT		 2332}
2333
13aab428
AV		 2334struct file *do_filp_open(int dfd, const char *pathname,
2335 const struct open_flags *op, int flags)
2336{
73d049a4 2337 struct nameidata nd;
13aab428
AV		 2338 struct file *filp;
2339
73d049a4 2340 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_RCU);
13aab428 2341 if (unlikely(filp == ERR_PTR(-ECHILD)))
73d049a4 2342 filp = path_openat(dfd, pathname, &nd, op, flags);
13aab428 2343 if (unlikely(filp == ERR_PTR(-ESTALE)))
73d049a4 2344 filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_REVAL);
13aab428
AV		 2345 return filp;
2346}
2347
73d049a4
AV		 2348struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt,
2349 const char *name, const struct open_flags *op, int flags)
2350{
2351 struct nameidata nd;
2352 struct file *file;
2353
2354 nd.root.mnt = mnt;
2355 nd.root.dentry = dentry;
2356
2357 flags |= LOOKUP_ROOT;
2358
bcda7652 2359 if (dentry->d_inode->i_op->follow_link && op->intent & LOOKUP_OPEN)
73d049a4
AV		 2360 return ERR_PTR(-ELOOP);
2361
2362 file = path_openat(-1, name, &nd, op, flags | LOOKUP_RCU);
2363 if (unlikely(file == ERR_PTR(-ECHILD)))
2364 file = path_openat(-1, name, &nd, op, flags);
2365 if (unlikely(file == ERR_PTR(-ESTALE)))
2366 file = path_openat(-1, name, &nd, op, flags | LOOKUP_REVAL);
2367 return file;
2368}
2369
ed75e95d 2370struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path, int is_dir)
1da177e4 2371{
c663e5d8 2372 struct dentry *dentry = ERR_PTR(-EEXIST);
ed75e95d
AV		 2373 struct nameidata nd;
2374 int error = do_path_lookup(dfd, pathname, LOOKUP_PARENT, &nd);
2375 if (error)
2376 return ERR_PTR(error);
1da177e4 2377
c663e5d8
CH		 2378 /*
2379 * Yucky last component or no last component at all?
2380 * (foo/., foo/.., /////)
2381 */
ed75e95d
AV		 2382 if (nd.last_type != LAST_NORM)
2383 goto out;
2384 nd.flags &= ~LOOKUP_PARENT;
2385 nd.flags |= LOOKUP_CREATE | LOOKUP_EXCL;
2386 nd.intent.open.flags = O_EXCL;
c663e5d8
CH		 2387
2388 /*
2389 * Do the final lookup.
2390 */
ed75e95d
AV		 2391 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2392 dentry = lookup_hash(&nd);
1da177e4
LT		 2393 if (IS_ERR(dentry))
2394 goto fail;
c663e5d8 2395
e9baf6e5
AV		 2396 if (dentry->d_inode)
2397 goto eexist;
c663e5d8
CH		 2398 /*
2399 * Special case - lookup gave negative, but... we had foo/bar/
2400 * From the vfs_mknod() POV we just have a negative dentry -
2401 * all is fine. Let's be bastards - you had / on the end, you've
2402 * been asking for (non-existent) directory. -ENOENT for you.
2403 */
ed75e95d 2404 if (unlikely(!is_dir && nd.last.name[nd.last.len])) {
e9baf6e5
AV		 2405 dput(dentry);
2406 dentry = ERR_PTR(-ENOENT);
ed75e95d 2407 goto fail;
e9baf6e5 2408 }
ed75e95d 2409 *path = nd.path;
1da177e4 2410 return dentry;
e9baf6e5 2411eexist:
1da177e4 2412 dput(dentry);
e9baf6e5 2413 dentry = ERR_PTR(-EEXIST);
1da177e4 2414fail:
ed75e95d
AV		 2415 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2416out:
2417 path_put(&nd.path);
1da177e4
LT		 2418 return dentry;
2419}
dae6ad8f
AV		 2420EXPORT_SYMBOL(kern_path_create);
2421
2422struct dentry *user_path_create(int dfd, const char __user *pathname, struct path *path, int is_dir)
2423{
2424 char *tmp = getname(pathname);
2425 struct dentry *res;
2426 if (IS_ERR(tmp))
2427 return ERR_CAST(tmp);
2428 res = kern_path_create(dfd, tmp, path, is_dir);
2429 putname(tmp);
2430 return res;
2431}
2432EXPORT_SYMBOL(user_path_create);
2433
1da177e4
LT		 2434int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2435{
a95164d9 2436 int error = may_create(dir, dentry);
1da177e4
LT		 2437
2438 if (error)
2439 return error;
2440
e795b717
SH		 2441 if ((S_ISCHR(mode) || S_ISBLK(mode)) &&
2442 !ns_capable(inode_userns(dir), CAP_MKNOD))
1da177e4
LT		 2443 return -EPERM;
2444
acfa4380 2445 if (!dir->i_op->mknod)
1da177e4
LT		 2446 return -EPERM;
2447
08ce5f16
SH		 2448 error = devcgroup_inode_mknod(mode, dev);
2449 if (error)
2450 return error;
2451
1da177e4
LT		 2452 error = security_inode_mknod(dir, dentry, mode, dev);
2453 if (error)
2454 return error;
2455
1da177e4 2456 error = dir->i_op->mknod(dir, dentry, mode, dev);
a74574aa 2457 if (!error)
f38aa942 2458 fsnotify_create(dir, dentry);
1da177e4
LT		 2459 return error;
2460}
2461
463c3197
DH		 2462static int may_mknod(mode_t mode)
2463{
2464 switch (mode & S_IFMT) {
2465 case S_IFREG:
2466 case S_IFCHR:
2467 case S_IFBLK:
2468 case S_IFIFO:
2469 case S_IFSOCK:
2470 case 0: /* zero mode translates to S_IFREG */
2471 return 0;
2472 case S_IFDIR:
2473 return -EPERM;
2474 default:
2475 return -EINVAL;
2476 }
2477}
2478
2e4d0924
HC		 2479SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
2480 unsigned, dev)
1da177e4 2481{
2ad94ae6 2482 struct dentry *dentry;
dae6ad8f
AV		 2483 struct path path;
2484 int error;
1da177e4
LT		 2485
2486 if (S_ISDIR(mode))
2487 return -EPERM;
1da177e4 2488
dae6ad8f
AV		 2489 dentry = user_path_create(dfd, filename, &path, 0);
2490 if (IS_ERR(dentry))
2491 return PTR_ERR(dentry);
2ad94ae6 2492
dae6ad8f 2493 if (!IS_POSIXACL(path.dentry->d_inode))
ce3b0f8d 2494 mode &= ~current_umask();
463c3197
DH		 2495 error = may_mknod(mode);
2496 if (error)
2497 goto out_dput;
dae6ad8f 2498 error = mnt_want_write(path.mnt);
463c3197
DH		 2499 if (error)
2500 goto out_dput;
dae6ad8f 2501 error = security_path_mknod(&path, dentry, mode, dev);
be6d3e56
KT		 2502 if (error)
2503 goto out_drop_write;
463c3197 2504 switch (mode & S_IFMT) {
1da177e4 2505 case 0: case S_IFREG:
dae6ad8f 2506 error = vfs_create(path.dentry->d_inode,dentry,mode,NULL);
1da177e4
LT		 2507 break;
2508 case S_IFCHR: case S_IFBLK:
dae6ad8f 2509 error = vfs_mknod(path.dentry->d_inode,dentry,mode,
1da177e4
LT		 2510 new_decode_dev(dev));
2511 break;
2512 case S_IFIFO: case S_IFSOCK:
dae6ad8f 2513 error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
1da177e4 2514 break;
1da177e4 2515 }
be6d3e56 2516out_drop_write:
dae6ad8f 2517 mnt_drop_write(path.mnt);
463c3197
DH		 2518out_dput:
2519 dput(dentry);
dae6ad8f
AV		 2520 mutex_unlock(&path.dentry->d_inode->i_mutex);
2521 path_put(&path);
1da177e4
LT		 2522
2523 return error;
2524}
2525
3480b257 2526SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev)
5590ff0d
UD		 2527{
2528 return sys_mknodat(AT_FDCWD, filename, mode, dev);
2529}
2530
1da177e4
LT		 2531int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
2532{
a95164d9 2533 int error = may_create(dir, dentry);
1da177e4
LT		 2534
2535 if (error)
2536 return error;
2537
acfa4380 2538 if (!dir->i_op->mkdir)
1da177e4
LT		 2539 return -EPERM;
2540
2541 mode &= (S_IRWXUGO|S_ISVTX);
2542 error = security_inode_mkdir(dir, dentry, mode);
2543 if (error)
2544 return error;
2545
1da177e4 2546 error = dir->i_op->mkdir(dir, dentry, mode);
a74574aa 2547 if (!error)
f38aa942 2548 fsnotify_mkdir(dir, dentry);
1da177e4
LT		 2549 return error;
2550}
2551
2e4d0924 2552SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
1da177e4 2553{
6902d925 2554 struct dentry *dentry;
dae6ad8f
AV		 2555 struct path path;
2556 int error;
1da177e4 2557
dae6ad8f 2558 dentry = user_path_create(dfd, pathname, &path, 1);
6902d925 2559 if (IS_ERR(dentry))
dae6ad8f 2560 return PTR_ERR(dentry);
1da177e4 2561
dae6ad8f 2562 if (!IS_POSIXACL(path.dentry->d_inode))
ce3b0f8d 2563 mode &= ~current_umask();
dae6ad8f 2564 error = mnt_want_write(path.mnt);
463c3197
DH		 2565 if (error)
2566 goto out_dput;
dae6ad8f 2567 error = security_path_mkdir(&path, dentry, mode);
be6d3e56
KT		 2568 if (error)
2569 goto out_drop_write;
dae6ad8f 2570 error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
be6d3e56 2571out_drop_write:
dae6ad8f 2572 mnt_drop_write(path.mnt);
463c3197 2573out_dput:
6902d925 2574 dput(dentry);
dae6ad8f
AV		 2575 mutex_unlock(&path.dentry->d_inode->i_mutex);
2576 path_put(&path);
1da177e4
LT		 2577 return error;
2578}
2579
3cdad428 2580SYSCALL_DEFINE2(mkdir, const char __user *, pathname, int, mode)
5590ff0d
UD		 2581{
2582 return sys_mkdirat(AT_FDCWD, pathname, mode);
2583}
2584
1da177e4 2585/*
a71905f0
SW		 2586 * The dentry_unhash() helper will try to drop the dentry early: we
2587 * should have a usage count of 2 if we're the only user of this
2588 * dentry, and if that is true (possibly after pruning the dcache),
2589 * then we drop the dentry now.
1da177e4
LT		 2590 *
2591 * A low-level filesystem can, if it choses, legally
2592 * do a
2593 *
2594 * if (!d_unhashed(dentry))
2595 * return -EBUSY;
2596 *
2597 * if it cannot handle the case of removing a directory
2598 * that is still in use by something else..
2599 */
2600void dentry_unhash(struct dentry *dentry)
2601{
dc168427 2602 shrink_dcache_parent(dentry);
1da177e4 2603 spin_lock(&dentry->d_lock);
64252c75 2604 if (dentry->d_count == 1)
1da177e4
LT		 2605 __d_drop(dentry);
2606 spin_unlock(&dentry->d_lock);
1da177e4
LT		 2607}
2608
2609int vfs_rmdir(struct inode *dir, struct dentry *dentry)
2610{
2611 int error = may_delete(dir, dentry, 1);
2612
2613 if (error)
2614 return error;
2615
acfa4380 2616 if (!dir->i_op->rmdir)
1da177e4
LT		 2617 return -EPERM;
2618
1b1dcc1b 2619 mutex_lock(&dentry->d_inode->i_mutex);
912dbc15
SW		 2620
2621 error = -EBUSY;
1da177e4 2622 if (d_mountpoint(dentry))
912dbc15
SW		 2623 goto out;
2624
2625 error = security_inode_rmdir(dir, dentry);
2626 if (error)
2627 goto out;
2628
3cebde24 2629 shrink_dcache_parent(dentry);
912dbc15
SW		 2630 error = dir->i_op->rmdir(dir, dentry);
2631 if (error)
2632 goto out;
2633
2634 dentry->d_inode->i_flags |= S_DEAD;
2635 dont_mount(dentry);
2636
2637out:
1b1dcc1b 2638 mutex_unlock(&dentry->d_inode->i_mutex);
912dbc15 2639 if (!error)
1da177e4 2640 d_delete(dentry);
1da177e4
LT		 2641 return error;
2642}
2643
5590ff0d 2644static long do_rmdir(int dfd, const char __user *pathname)
1da177e4
LT		 2645{
2646 int error = 0;
2647 char * name;
2648 struct dentry *dentry;
2649 struct nameidata nd;
2650
2ad94ae6 2651 error = user_path_parent(dfd, pathname, &nd, &name);
1da177e4 2652 if (error)
2ad94ae6 2653 return error;
1da177e4
LT		 2654
2655 switch(nd.last_type) {
0612d9fb
OH		 2656 case LAST_DOTDOT:
2657 error = -ENOTEMPTY;
2658 goto exit1;
2659 case LAST_DOT:
2660 error = -EINVAL;
2661 goto exit1;
2662 case LAST_ROOT:
2663 error = -EBUSY;
2664 goto exit1;
1da177e4 2665 }
0612d9fb
OH		 2666
2667 nd.flags &= ~LOOKUP_PARENT;
2668
4ac91378 2669 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
49705b77 2670 dentry = lookup_hash(&nd);
1da177e4 2671 error = PTR_ERR(dentry);
6902d925
DH		 2672 if (IS_ERR(dentry))
2673 goto exit2;
e6bc45d6
TT		 2674 if (!dentry->d_inode) {
2675 error = -ENOENT;
2676 goto exit3;
2677 }
0622753b
DH		 2678 error = mnt_want_write(nd.path.mnt);
2679 if (error)
2680 goto exit3;
be6d3e56
KT		 2681 error = security_path_rmdir(&nd.path, dentry);
2682 if (error)
2683 goto exit4;
4ac91378 2684 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
be6d3e56 2685exit4:
0622753b
DH		 2686 mnt_drop_write(nd.path.mnt);
2687exit3:
6902d925
DH		 2688 dput(dentry);
2689exit2:
4ac91378 2690 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
1da177e4 2691exit1:
1d957f9b 2692 path_put(&nd.path);
1da177e4
LT		 2693 putname(name);
2694 return error;
2695}
2696
3cdad428 2697SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
5590ff0d
UD		 2698{
2699 return do_rmdir(AT_FDCWD, pathname);
2700}
2701
1da177e4
LT		 2702int vfs_unlink(struct inode *dir, struct dentry *dentry)
2703{
2704 int error = may_delete(dir, dentry, 0);
2705
2706 if (error)
2707 return error;
2708
acfa4380 2709 if (!dir->i_op->unlink)
1da177e4
LT		 2710 return -EPERM;
2711
1b1dcc1b 2712 mutex_lock(&dentry->d_inode->i_mutex);
1da177e4
LT		 2713 if (d_mountpoint(dentry))
2714 error = -EBUSY;
2715 else {
2716 error = security_inode_unlink(dir, dentry);
bec1052e 2717 if (!error) {
1da177e4 2718 error = dir->i_op->unlink(dir, dentry);
bec1052e 2719 if (!error)
d83c49f3 2720 dont_mount(dentry);
bec1052e 2721 }
1da177e4 2722 }
1b1dcc1b 2723 mutex_unlock(&dentry->d_inode->i_mutex);
1da177e4
LT		 2724
2725 /* We don't d_delete() NFS sillyrenamed files--they still exist. */
2726 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
ece95912 2727 fsnotify_link_count(dentry->d_inode);
e234f35c 2728 d_delete(dentry);
1da177e4 2729 }
0eeca283 2730
1da177e4
LT		 2731 return error;
2732}
2733
2734/*
2735 * Make sure that the actual truncation of the file will occur outside its
1b1dcc1b 2736 * directory's i_mutex. Truncate can take a long time if there is a lot of
1da177e4
LT		 2737 * writeout happening, and we don't want to prevent access to the directory
2738 * while waiting on the I/O.
2739 */
5590ff0d 2740static long do_unlinkat(int dfd, const char __user *pathname)
1da177e4 2741{
2ad94ae6
AV		 2742 int error;
2743 char *name;
1da177e4
LT		 2744 struct dentry *dentry;
2745 struct nameidata nd;
2746 struct inode *inode = NULL;
2747
2ad94ae6 2748 error = user_path_parent(dfd, pathname, &nd, &name);
1da177e4 2749 if (error)
2ad94ae6
AV		 2750 return error;
2751
1da177e4
LT		 2752 error = -EISDIR;
2753 if (nd.last_type != LAST_NORM)
2754 goto exit1;
0612d9fb
OH		 2755
2756 nd.flags &= ~LOOKUP_PARENT;
2757
4ac91378 2758 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
49705b77 2759 dentry = lookup_hash(&nd);
1da177e4
LT		 2760 error = PTR_ERR(dentry);
2761 if (!IS_ERR(dentry)) {
2762 /* Why not before? Because we want correct error value */
50338b88
TE		 2763 if (nd.last.name[nd.last.len])
2764 goto slashes;
1da177e4 2765 inode = dentry->d_inode;
50338b88 2766 if (!inode)
e6bc45d6
TT		 2767 goto slashes;
2768 ihold(inode);
0622753b
DH		 2769 error = mnt_want_write(nd.path.mnt);
2770 if (error)
2771 goto exit2;
be6d3e56
KT		 2772 error = security_path_unlink(&nd.path, dentry);
2773 if (error)
2774 goto exit3;
4ac91378 2775 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
be6d3e56 2776exit3:
0622753b 2777 mnt_drop_write(nd.path.mnt);
1da177e4
LT		 2778 exit2:
2779 dput(dentry);
2780 }
4ac91378 2781 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
1da177e4
LT		 2782 if (inode)
2783 iput(inode); /* truncate the inode here */
2784exit1:
1d957f9b 2785 path_put(&nd.path);
1da177e4
LT		 2786 putname(name);
2787 return error;
2788
2789slashes:
2790 error = !dentry->d_inode ? -ENOENT :
2791 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2792 goto exit2;
2793}
2794
2e4d0924 2795SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
5590ff0d
UD		 2796{
2797 if ((flag & ~AT_REMOVEDIR) != 0)
2798 return -EINVAL;
2799
2800 if (flag & AT_REMOVEDIR)
2801 return do_rmdir(dfd, pathname);
2802
2803 return do_unlinkat(dfd, pathname);
2804}
2805
3480b257 2806SYSCALL_DEFINE1(unlink, const char __user *, pathname)
5590ff0d
UD		 2807{
2808 return do_unlinkat(AT_FDCWD, pathname);
2809}
2810
db2e747b 2811int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
1da177e4 2812{
a95164d9 2813 int error = may_create(dir, dentry);
1da177e4
LT		 2814
2815 if (error)
2816 return error;
2817
acfa4380 2818 if (!dir->i_op->symlink)
1da177e4
LT		 2819 return -EPERM;
2820
2821 error = security_inode_symlink(dir, dentry, oldname);
2822 if (error)
2823 return error;
2824
1da177e4 2825 error = dir->i_op->symlink(dir, dentry, oldname);
a74574aa 2826 if (!error)
f38aa942 2827 fsnotify_create(dir, dentry);
1da177e4
LT		 2828 return error;
2829}
2830
2e4d0924
HC		 2831SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
2832 int, newdfd, const char __user *, newname)
1da177e4 2833{
2ad94ae6
AV		 2834 int error;
2835 char *from;
6902d925 2836 struct dentry *dentry;
dae6ad8f 2837 struct path path;
1da177e4
LT		 2838
2839 from = getname(oldname);
2ad94ae6 2840 if (IS_ERR(from))
1da177e4 2841 return PTR_ERR(from);
1da177e4 2842
dae6ad8f 2843 dentry = user_path_create(newdfd, newname, &path, 0);
6902d925
DH		 2844 error = PTR_ERR(dentry);
2845 if (IS_ERR(dentry))
dae6ad8f 2846 goto out_putname;
6902d925 2847
dae6ad8f 2848 error = mnt_want_write(path.mnt);
75c3f29d
DH		 2849 if (error)
2850 goto out_dput;
dae6ad8f 2851 error = security_path_symlink(&path, dentry, from);
be6d3e56
KT		 2852 if (error)
2853 goto out_drop_write;
dae6ad8f 2854 error = vfs_symlink(path.dentry->d_inode, dentry, from);
be6d3e56 2855out_drop_write:
dae6ad8f 2856 mnt_drop_write(path.mnt);
75c3f29d 2857out_dput:
6902d925 2858 dput(dentry);
dae6ad8f
AV		 2859 mutex_unlock(&path.dentry->d_inode->i_mutex);
2860 path_put(&path);
6902d925 2861out_putname:
1da177e4
LT		 2862 putname(from);
2863 return error;
2864}
2865
3480b257 2866SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
5590ff0d
UD		 2867{
2868 return sys_symlinkat(oldname, AT_FDCWD, newname);
2869}
2870
1da177e4
LT		 2871int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2872{
2873 struct inode *inode = old_dentry->d_inode;
2874 int error;
2875
2876 if (!inode)
2877 return -ENOENT;
2878
a95164d9 2879 error = may_create(dir, new_dentry);
1da177e4
LT		 2880 if (error)
2881 return error;
2882
2883 if (dir->i_sb != inode->i_sb)
2884 return -EXDEV;
2885
2886 /*
2887 * A link to an append-only or immutable file cannot be created.
2888 */
2889 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2890 return -EPERM;
acfa4380 2891 if (!dir->i_op->link)
1da177e4 2892 return -EPERM;
7e79eedb 2893 if (S_ISDIR(inode->i_mode))
1da177e4
LT		 2894 return -EPERM;
2895
2896 error = security_inode_link(old_dentry, dir, new_dentry);
2897 if (error)
2898 return error;
2899
7e79eedb 2900 mutex_lock(&inode->i_mutex);
aae8a97d
AK		 2901 /* Make sure we don't allow creating hardlink to an unlinked file */
2902 if (inode->i_nlink == 0)
2903 error = -ENOENT;
2904 else
2905 error = dir->i_op->link(old_dentry, dir, new_dentry);
7e79eedb 2906 mutex_unlock(&inode->i_mutex);
e31e14ec 2907 if (!error)
7e79eedb 2908 fsnotify_link(dir, inode, new_dentry);
1da177e4
LT		 2909 return error;
2910}
2911
2912/*
2913 * Hardlinks are often used in delicate situations. We avoid
2914 * security-related surprises by not following symlinks on the
2915 * newname. --KAB
2916 *
2917 * We don't follow them on the oldname either to be compatible
2918 * with linux 2.0, and to avoid hard-linking to directories
2919 * and other special files. --ADM
2920 */
2e4d0924
HC		 2921SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
2922 int, newdfd, const char __user *, newname, int, flags)
1da177e4
LT		 2923{
2924 struct dentry *new_dentry;
dae6ad8f 2925 struct path old_path, new_path;
11a7b371 2926 int how = 0;
1da177e4 2927 int error;
1da177e4 2928
11a7b371 2929 if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
c04030e1 2930 return -EINVAL;
11a7b371
AK		 2931 /*
2932 * To use null names we require CAP_DAC_READ_SEARCH
2933 * This ensures that not everyone will be able to create
2934 * handlink using the passed filedescriptor.
2935 */
2936 if (flags & AT_EMPTY_PATH) {
2937 if (!capable(CAP_DAC_READ_SEARCH))
2938 return -ENOENT;
2939 how = LOOKUP_EMPTY;
2940 }
2941
2942 if (flags & AT_SYMLINK_FOLLOW)
2943 how |= LOOKUP_FOLLOW;
c04030e1 2944
11a7b371 2945 error = user_path_at(olddfd, oldname, how, &old_path);
1da177e4 2946 if (error)
2ad94ae6
AV		 2947 return error;
2948
dae6ad8f 2949 new_dentry = user_path_create(newdfd, newname, &new_path, 0);
1da177e4 2950 error = PTR_ERR(new_dentry);
6902d925 2951 if (IS_ERR(new_dentry))
dae6ad8f
AV		 2952 goto out;
2953
2954 error = -EXDEV;
2955 if (old_path.mnt != new_path.mnt)
2956 goto out_dput;
2957 error = mnt_want_write(new_path.mnt);
75c3f29d
DH		 2958 if (error)
2959 goto out_dput;
dae6ad8f 2960 error = security_path_link(old_path.dentry, &new_path, new_dentry);
be6d3e56
KT		 2961 if (error)
2962 goto out_drop_write;
dae6ad8f 2963 error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry);
be6d3e56 2964out_drop_write:
dae6ad8f 2965 mnt_drop_write(new_path.mnt);
75c3f29d 2966out_dput:
6902d925 2967 dput(new_dentry);
dae6ad8f
AV		 2968 mutex_unlock(&new_path.dentry->d_inode->i_mutex);
2969 path_put(&new_path);
1da177e4 2970out:
2d8f3038 2971 path_put(&old_path);
1da177e4
LT		 2972
2973 return error;
2974}
2975
3480b257 2976SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
5590ff0d 2977{
c04030e1 2978 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
5590ff0d
UD		 2979}
2980
1da177e4
LT		 2981/*
2982 * The worst of all namespace operations - renaming directory. "Perverted"
2983 * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
2984 * Problems:
2985 * a) we can get into loop creation. Check is done in is_subdir().
2986 * b) race potential - two innocent renames can create a loop together.
2987 * That's where 4.4 screws up. Current fix: serialization on
a11f3a05 2988 * sb->s_vfs_rename_mutex. We might be more accurate, but that's another
1da177e4
LT		 2989 * story.
2990 * c) we have to lock _three_ objects - parents and victim (if it exists).
1b1dcc1b 2991 * And that - after we got ->i_mutex on parents (until then we don't know
1da177e4
LT		 2992 * whether the target exists). Solution: try to be smart with locking
2993 * order for inodes. We rely on the fact that tree topology may change
a11f3a05 2994 * only under ->s_vfs_rename_mutex _and_ that parent of the object we
1da177e4
LT		 2995 * move will be locked. Thus we can rank directories by the tree
2996 * (ancestors first) and rank all non-directories after them.
2997 * That works since everybody except rename does "lock parent, lookup,
a11f3a05 2998 * lock child" and rename is under ->s_vfs_rename_mutex.
1da177e4
LT		 2999 * HOWEVER, it relies on the assumption that any object with ->lookup()
3000 * has no more than 1 dentry. If "hybrid" objects will ever appear,
3001 * we'd better make sure that there's no link(2) for them.
e4eaac06 3002 * d) conversion from fhandle to dentry may come in the wrong moment - when
1b1dcc1b 3003 * we are removing the target. Solution: we will have to grab ->i_mutex
1da177e4 3004 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
c41b20e7 3005 * ->i_mutex on parents, which works but leads to some truly excessive
1da177e4
LT		 3006 * locking].
3007 */
75c96f85
AB		 3008static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
3009 struct inode *new_dir, struct dentry *new_dentry)
1da177e4
LT		 3010{
3011 int error = 0;
9055cba7 3012 struct inode *target = new_dentry->d_inode;
1da177e4
LT		 3013
3014 /*
3015 * If we are going to change the parent - check write permissions,
3016 * we'll need to flip '..'.
3017 */
3018 if (new_dir != old_dir) {
f419a2e3 3019 error = inode_permission(old_dentry->d_inode, MAY_WRITE);
1da177e4
LT		 3020 if (error)
3021 return error;
3022 }
3023
3024 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3025 if (error)
3026 return error;
3027
d83c49f3 3028 if (target)
1b1dcc1b 3029 mutex_lock(&target->i_mutex);
9055cba7
SW		 3030
3031 error = -EBUSY;
3032 if (d_mountpoint(old_dentry) || d_mountpoint(new_dentry))
3033 goto out;
3034
3cebde24
SW		 3035 if (target)
3036 shrink_dcache_parent(new_dentry);
9055cba7
SW		 3037 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3038 if (error)
3039 goto out;
3040
1da177e4 3041 if (target) {
9055cba7
SW		 3042 target->i_flags |= S_DEAD;
3043 dont_mount(new_dentry);
1da177e4 3044 }
9055cba7
SW		 3045out:
3046 if (target)
3047 mutex_unlock(&target->i_mutex);
e31e14ec 3048 if (!error)
349457cc
MF		 3049 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3050 d_move(old_dentry,new_dentry);
1da177e4
LT		 3051 return error;
3052}
3053
75c96f85
AB		 3054static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
3055 struct inode *new_dir, struct dentry *new_dentry)
1da177e4 3056{
51892bbb 3057 struct inode *target = new_dentry->d_inode;
1da177e4
LT		 3058 int error;
3059
3060 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
3061 if (error)
3062 return error;
3063
3064 dget(new_dentry);
1da177e4 3065 if (target)
1b1dcc1b 3066 mutex_lock(&target->i_mutex);
51892bbb
SW		 3067
3068 error = -EBUSY;
1da177e4 3069 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
51892bbb
SW		 3070 goto out;
3071
3072 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
3073 if (error)
3074 goto out;
3075
3076 if (target)
3077 dont_mount(new_dentry);
3078 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
3079 d_move(old_dentry, new_dentry);
3080out:
1da177e4 3081 if (target)
1b1dcc1b 3082 mutex_unlock(&target->i_mutex);
1da177e4
LT		 3083 dput(new_dentry);
3084 return error;
3085}
3086
3087int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
3088 struct inode *new_dir, struct dentry *new_dentry)
3089{
3090 int error;
3091 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
59b0df21 3092 const unsigned char *old_name;
1da177e4
LT		 3093
3094 if (old_dentry->d_inode == new_dentry->d_inode)
3095 return 0;
3096
3097 error = may_delete(old_dir, old_dentry, is_dir);
3098 if (error)
3099 return error;
3100
3101 if (!new_dentry->d_inode)
a95164d9 3102 error = may_create(new_dir, new_dentry);
1da177e4
LT		 3103 else
3104 error = may_delete(new_dir, new_dentry, is_dir);
3105 if (error)
3106 return error;
3107
acfa4380 3108 if (!old_dir->i_op->rename)
1da177e4
LT		 3109 return -EPERM;
3110
0eeca283
RL		 3111 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
3112
1da177e4
LT		 3113 if (is_dir)
3114 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
3115 else
3116 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
123df294
AV		 3117 if (!error)
3118 fsnotify_move(old_dir, new_dir, old_name, is_dir,
5a190ae6 3119 new_dentry->d_inode, old_dentry);
0eeca283
RL		 3120 fsnotify_oldname_free(old_name);
3121
1da177e4
LT		 3122 return error;
3123}
3124
2e4d0924
HC		 3125SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
3126 int, newdfd, const char __user *, newname)
1da177e4 3127{
2ad94ae6
AV		 3128 struct dentry *old_dir, *new_dir;
3129 struct dentry *old_dentry, *new_dentry;
3130 struct dentry *trap;
1da177e4 3131 struct nameidata oldnd, newnd;
2ad94ae6
AV		 3132 char *from;
3133 char *to;
3134 int error;
1da177e4 3135
2ad94ae6 3136 error = user_path_parent(olddfd, oldname, &oldnd, &from);
1da177e4
LT		 3137 if (error)
3138 goto exit;
3139
2ad94ae6 3140 error = user_path_parent(newdfd, newname, &newnd, &to);
1da177e4
LT		 3141 if (error)
3142 goto exit1;
3143
3144 error = -EXDEV;
4ac91378 3145 if (oldnd.path.mnt != newnd.path.mnt)
1da177e4
LT		 3146 goto exit2;
3147
4ac91378 3148 old_dir = oldnd.path.dentry;
1da177e4
LT		 3149 error = -EBUSY;
3150 if (oldnd.last_type != LAST_NORM)
3151 goto exit2;
3152
4ac91378 3153 new_dir = newnd.path.dentry;
1da177e4
LT		 3154 if (newnd.last_type != LAST_NORM)
3155 goto exit2;
3156
0612d9fb
OH		 3157 oldnd.flags &= ~LOOKUP_PARENT;
3158 newnd.flags &= ~LOOKUP_PARENT;
4e9ed2f8 3159 newnd.flags |= LOOKUP_RENAME_TARGET;
0612d9fb 3160
1da177e4
LT		 3161 trap = lock_rename(new_dir, old_dir);
3162
49705b77 3163 old_dentry = lookup_hash(&oldnd);
1da177e4
LT		 3164 error = PTR_ERR(old_dentry);
3165 if (IS_ERR(old_dentry))
3166 goto exit3;
3167 /* source must exist */
3168 error = -ENOENT;
3169 if (!old_dentry->d_inode)
3170 goto exit4;
3171 /* unless the source is a directory trailing slashes give -ENOTDIR */
3172 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
3173 error = -ENOTDIR;
3174 if (oldnd.last.name[oldnd.last.len])
3175 goto exit4;
3176 if (newnd.last.name[newnd.last.len])
3177 goto exit4;
3178 }
3179 /* source should not be ancestor of target */
3180 error = -EINVAL;
3181 if (old_dentry == trap)
3182 goto exit4;
49705b77 3183 new_dentry = lookup_hash(&newnd);
1da177e4
LT		 3184 error = PTR_ERR(new_dentry);
3185 if (IS_ERR(new_dentry))
3186 goto exit4;
3187 /* target should not be an ancestor of source */
3188 error = -ENOTEMPTY;
3189 if (new_dentry == trap)
3190 goto exit5;
3191
9079b1eb
DH		 3192 error = mnt_want_write(oldnd.path.mnt);
3193 if (error)
3194 goto exit5;
be6d3e56
KT		 3195 error = security_path_rename(&oldnd.path, old_dentry,
3196 &newnd.path, new_dentry);
3197 if (error)
3198 goto exit6;
1da177e4
LT		 3199 error = vfs_rename(old_dir->d_inode, old_dentry,
3200 new_dir->d_inode, new_dentry);
be6d3e56 3201exit6:
9079b1eb 3202 mnt_drop_write(oldnd.path.mnt);
1da177e4
LT		 3203exit5:
3204 dput(new_dentry);
3205exit4:
3206 dput(old_dentry);
3207exit3:
3208 unlock_rename(new_dir, old_dir);
3209exit2:
1d957f9b 3210 path_put(&newnd.path);
2ad94ae6 3211 putname(to);
1da177e4 3212exit1:
1d957f9b 3213 path_put(&oldnd.path);
1da177e4 3214 putname(from);
2ad94ae6 3215exit:
1da177e4
LT		 3216 return error;
3217}
3218
a26eab24 3219SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
5590ff0d
UD		 3220{
3221 return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname);
3222}
3223
1da177e4
LT		 3224int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
3225{
3226 int len;
3227
3228 len = PTR_ERR(link);
3229 if (IS_ERR(link))
3230 goto out;
3231
3232 len = strlen(link);
3233 if (len > (unsigned) buflen)
3234 len = buflen;
3235 if (copy_to_user(buffer, link, len))
3236 len = -EFAULT;
3237out:
3238 return len;
3239}
3240
3241/*
3242 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
3243 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
3244 * using) it for any given inode is up to filesystem.
3245 */
3246int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3247{
3248 struct nameidata nd;
cc314eef 3249 void *cookie;
694a1764 3250 int res;
cc314eef 3251
1da177e4 3252 nd.depth = 0;
cc314eef 3253 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
694a1764
MS		 3254 if (IS_ERR(cookie))
3255 return PTR_ERR(cookie);
3256
3257 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
3258 if (dentry->d_inode->i_op->put_link)
3259 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
3260 return res;
1da177e4
LT		 3261}
3262
3263int vfs_follow_link(struct nameidata *nd, const char *link)
3264{
3265 return __vfs_follow_link(nd, link);
3266}
3267
3268/* get the link contents into pagecache */
3269static char *page_getlink(struct dentry * dentry, struct page **ppage)
3270{
ebd09abb
DG		 3271 char *kaddr;
3272 struct page *page;
1da177e4 3273 struct address_space *mapping = dentry->d_inode->i_mapping;
090d2b18 3274 page = read_mapping_page(mapping, 0, NULL);
1da177e4 3275 if (IS_ERR(page))
6fe6900e 3276 return (char*)page;
1da177e4 3277 *ppage = page;
ebd09abb
DG		 3278 kaddr = kmap(page);
3279 nd_terminate_link(kaddr, dentry->d_inode->i_size, PAGE_SIZE - 1);
3280 return kaddr;
1da177e4
LT		 3281}
3282
3283int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
3284{
3285 struct page *page = NULL;
3286 char *s = page_getlink(dentry, &page);
3287 int res = vfs_readlink(dentry,buffer,buflen,s);
3288 if (page) {
3289 kunmap(page);
3290 page_cache_release(page);
3291 }
3292 return res;
3293}
3294
cc314eef 3295void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
1da177e4 3296{
cc314eef 3297 struct page *page = NULL;
1da177e4 3298 nd_set_link(nd, page_getlink(dentry, &page));
cc314eef 3299 return page;
1da177e4
LT		 3300}
3301
cc314eef 3302void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
1da177e4 3303{
cc314eef
LT		 3304 struct page *page = cookie;
3305
3306 if (page) {
1da177e4
LT		 3307 kunmap(page);
3308 page_cache_release(page);
1da177e4
LT		 3309 }
3310}
3311
54566b2c
NP		 3312/*
3313 * The nofs argument instructs pagecache_write_begin to pass AOP_FLAG_NOFS
3314 */
3315int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
1da177e4
LT		 3316{
3317 struct address_space *mapping = inode->i_mapping;
0adb25d2 3318 struct page *page;
afddba49 3319 void *fsdata;
beb497ab 3320 int err;
1da177e4 3321 char *kaddr;
54566b2c
NP		 3322 unsigned int flags = AOP_FLAG_UNINTERRUPTIBLE;
3323 if (nofs)
3324 flags |= AOP_FLAG_NOFS;
1da177e4 3325
7e53cac4 3326retry:
afddba49 3327 err = pagecache_write_begin(NULL, mapping, 0, len-1,
54566b2c 3328 flags, &page, &fsdata);
1da177e4 3329 if (err)
afddba49
NP		 3330 goto fail;
3331
1da177e4
LT		 3332 kaddr = kmap_atomic(page, KM_USER0);
3333 memcpy(kaddr, symname, len-1);
3334 kunmap_atomic(kaddr, KM_USER0);
afddba49
NP		 3335
3336 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
3337 page, fsdata);
1da177e4
LT		 3338 if (err < 0)
3339 goto fail;
afddba49
NP		 3340 if (err < len-1)
3341 goto retry;
3342
1da177e4
LT		 3343 mark_inode_dirty(inode);
3344 return 0;
1da177e4
LT		 3345fail:
3346 return err;
3347}
3348
0adb25d2
KK		 3349int page_symlink(struct inode *inode, const char *symname, int len)
3350{
3351 return __page_symlink(inode, symname, len,
54566b2c 3352 !(mapping_gfp_mask(inode->i_mapping) & __GFP_FS));
0adb25d2
KK		 3353}
3354
92e1d5be 3355const struct inode_operations page_symlink_inode_operations = {
1da177e4
LT		 3356 .readlink = generic_readlink,
3357 .follow_link = page_follow_link_light,
3358 .put_link = page_put_link,
3359};
3360
2d8f3038 3361EXPORT_SYMBOL(user_path_at);
cc53ce53 3362EXPORT_SYMBOL(follow_down_one);
1da177e4
LT		 3363EXPORT_SYMBOL(follow_down);
3364EXPORT_SYMBOL(follow_up);
3365EXPORT_SYMBOL(get_write_access); /* binfmt_aout */
3366EXPORT_SYMBOL(getname);
3367EXPORT_SYMBOL(lock_rename);
1da177e4
LT		 3368EXPORT_SYMBOL(lookup_one_len);
3369EXPORT_SYMBOL(page_follow_link_light);
3370EXPORT_SYMBOL(page_put_link);
3371EXPORT_SYMBOL(page_readlink);
0adb25d2 3372EXPORT_SYMBOL(__page_symlink);
1da177e4
LT		 3373EXPORT_SYMBOL(page_symlink);
3374EXPORT_SYMBOL(page_symlink_inode_operations);
d1811465 3375EXPORT_SYMBOL(kern_path);
16f18200 3376EXPORT_SYMBOL(vfs_path_lookup);
f419a2e3 3377EXPORT_SYMBOL(inode_permission);
1da177e4
LT		 3378EXPORT_SYMBOL(unlock_rename);
3379EXPORT_SYMBOL(vfs_create);
3380EXPORT_SYMBOL(vfs_follow_link);
3381EXPORT_SYMBOL(vfs_link);
3382EXPORT_SYMBOL(vfs_mkdir);
3383EXPORT_SYMBOL(vfs_mknod);
3384EXPORT_SYMBOL(generic_permission);
3385EXPORT_SYMBOL(vfs_readlink);
3386EXPORT_SYMBOL(vfs_rename);
3387EXPORT_SYMBOL(vfs_rmdir);
3388EXPORT_SYMBOL(vfs_symlink);
3389EXPORT_SYMBOL(vfs_unlink);
3390EXPORT_SYMBOL(dentry_unhash);
3391EXPORT_SYMBOL(generic_readlink);
kernel source for telekom puls (alcatel/mediatek)