4 * Copyright (C) 1991, 1992 Linus Torvalds
8 * Some corrections by tytso.
11 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
14 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
21 #include <linux/namei.h>
22 #include <linux/quotaops.h>
23 #include <linux/pagemap.h>
24 #include <linux/fsnotify.h>
25 #include <linux/personality.h>
26 #include <linux/security.h>
27 #include <linux/syscalls.h>
28 #include <linux/mount.h>
29 #include <linux/audit.h>
30 #include <linux/capability.h>
31 #include <linux/file.h>
32 #include <linux/fcntl.h>
33 #include <linux/device_cgroup.h>
34 #include <asm/uaccess.h>
36 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
38 /* [Feb-1997 T. Schoebel-Theuer]
39 * Fundamental changes in the pathname lookup mechanisms (namei)
40 * were necessary because of omirr. The reason is that omirr needs
41 * to know the _real_ pathname, not the user-supplied one, in case
42 * of symlinks (and also when transname replacements occur).
44 * The new code replaces the old recursive symlink resolution with
45 * an iterative one (in case of non-nested symlink chains). It does
46 * this with calls to <fs>_follow_link().
47 * As a side effect, dir_namei(), _namei() and follow_link() are now
48 * replaced with a single function lookup_dentry() that can handle all
49 * the special cases of the former code.
51 * With the new dcache, the pathname is stored at each inode, at least as
52 * long as the refcount of the inode is positive. As a side effect, the
53 * size of the dcache depends on the inode cache and thus is dynamic.
55 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
56 * resolution to correspond with current state of the code.
58 * Note that the symlink resolution is not *completely* iterative.
59 * There is still a significant amount of tail- and mid- recursion in
60 * the algorithm. Also, note that <fs>_readlink() is not used in
61 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
62 * may return different results than <fs>_follow_link(). Many virtual
63 * filesystems (including /proc) exhibit this behavior.
66 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
67 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
68 * and the name already exists in form of a symlink, try to create the new
69 * name indicated by the symlink. The old code always complained that the
70 * name already exists, due to not following the symlink even if its target
71 * is nonexistent. The new semantics affects also mknod() and link() when
72 * the name is a symlink pointing to a non-existant name.
74 * I don't know which semantics is the right one, since I have no access
75 * to standards. But I found by trial that HP-UX 9.0 has the full "new"
76 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
77 * "old" one. Personally, I think the new semantics is much more logical.
78 * Note that "ln old new" where "new" is a symlink pointing to a non-existing
79 * file does succeed in both HP-UX and SunOs, but not in Solaris
80 * and in the old Linux semantics.
83 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
84 * semantics. See the comments in "open_namei" and "do_link" below.
86 * [10-Sep-98 Alan Modra] Another symlink change.
89 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
90 * inside the path - always follow.
91 * in the last component in creation/removal/renaming - never follow.
92 * if LOOKUP_FOLLOW passed - follow.
93 * if the pathname has trailing slashes - follow.
94 * otherwise - don't follow.
95 * (applied in that order).
97 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
98 * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
99 * During the 2.4 we need to fix the userland stuff depending on it -
100 * hopefully we will be able to get rid of that wart in 2.5. So far only
101 * XEmacs seems to be relying on it...
104 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
105 * implemented. Let's see if raised priority of ->s_vfs_rename_mutex gives
106 * any extra contention...
109 static int __link_path_walk(const char *name, struct nameidata *nd);
111 /* In order to reduce some races, while at the same time doing additional
112 * checking and hopefully speeding things up, we copy filenames to the
113 * kernel data space before using them..
115 * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
116 * PATH_MAX includes the nul terminator --RR.
118 static int do_getname(const char __user *filename, char *page)
121 unsigned long len = PATH_MAX;
123 if (!segment_eq(get_fs(), KERNEL_DS)) {
124 if ((unsigned long) filename >= TASK_SIZE)
126 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
127 len = TASK_SIZE - (unsigned long) filename;
130 retval = strncpy_from_user(page, filename, len);
134 return -ENAMETOOLONG;
140 char * getname(const char __user * filename)
144 result = ERR_PTR(-ENOMEM);
147 int retval = do_getname(filename, tmp);
152 result = ERR_PTR(retval);
155 audit_getname(result);
159 #ifdef CONFIG_AUDITSYSCALL
160 void putname(const char *name)
162 if (unlikely(!audit_dummy_context()))
167 EXPORT_SYMBOL(putname);
172 * generic_permission - check for access rights on a Posix-like filesystem
173 * @inode: inode to check access rights for
174 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
175 * @check_acl: optional callback to check for Posix ACLs
177 * Used to check for read/write/execute permissions on a file.
178 * We use "fsuid" for this, letting us set arbitrary permissions
179 * for filesystem access without changing the "normal" uids which
180 * are used for other things..
182 int generic_permission(struct inode *inode, int mask,
183 int (*check_acl)(struct inode *inode, int mask))
185 umode_t mode = inode->i_mode;
187 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
189 if (current->fsuid == inode->i_uid)
192 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
193 int error = check_acl(inode, mask);
194 if (error == -EACCES)
195 goto check_capabilities;
196 else if (error != -EAGAIN)
200 if (in_group_p(inode->i_gid))
205 * If the DACs are ok we don't need any capability check.
207 if ((mask & ~mode) == 0)
212 * Read/write DACs are always overridable.
213 * Executable DACs are overridable if at least one exec bit is set.
215 if (!(mask & MAY_EXEC) ||
216 (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
217 if (capable(CAP_DAC_OVERRIDE))
221 * Searching includes executable on directories, else just read.
223 if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
224 if (capable(CAP_DAC_READ_SEARCH))
230 int permission(struct inode *inode, int mask, struct nameidata *nd)
233 struct vfsmount *mnt = NULL;
238 if (mask & MAY_WRITE) {
239 umode_t mode = inode->i_mode;
242 * Nobody gets write access to a read-only fs.
244 if (IS_RDONLY(inode) &&
245 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
249 * Nobody gets write access to an immutable file.
251 if (IS_IMMUTABLE(inode))
255 /* Ordinary permission routines do not understand MAY_APPEND. */
256 if (inode->i_op && inode->i_op->permission) {
257 retval = inode->i_op->permission(inode, mask);
260 * Exec permission on a regular file is denied if none
261 * of the execute bits are set.
263 * This check should be done by the ->permission()
266 if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode) &&
267 !(inode->i_mode & S_IXUGO))
271 retval = generic_permission(inode, mask, NULL);
276 retval = devcgroup_inode_permission(inode, mask);
280 return security_inode_permission(inode,
281 mask & (MAY_READ|MAY_WRITE|MAY_EXEC));
285 * vfs_permission - check for access rights to a given path
286 * @nd: lookup result that describes the path
287 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
289 * Used to check for read/write/execute permissions on a path.
290 * We use "fsuid" for this, letting us set arbitrary permissions
291 * for filesystem access without changing the "normal" uids which
292 * are used for other things.
294 int vfs_permission(struct nameidata *nd, int mask)
296 return permission(nd->path.dentry->d_inode, mask, nd);
300 * file_permission - check for additional access rights to a given file
301 * @file: file to check access rights for
302 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
304 * Used to check for read/write/execute permissions on an already opened
308 * Do not use this function in new code. All access checks should
309 * be done using vfs_permission().
311 int file_permission(struct file *file, int mask)
313 return permission(file->f_path.dentry->d_inode, mask, NULL);
317 * get_write_access() gets write permission for a file.
318 * put_write_access() releases this write permission.
319 * This is used for regular files.
320 * We cannot support write (and maybe mmap read-write shared) accesses and
321 * MAP_DENYWRITE mmappings simultaneously. The i_writecount field of an inode
322 * can have the following values:
323 * 0: no writers, no VM_DENYWRITE mappings
324 * < 0: (-i_writecount) vm_area_structs with VM_DENYWRITE set exist
325 * > 0: (i_writecount) users are writing to the file.
327 * Normally we operate on that counter with atomic_{inc,dec} and it's safe
328 * except for the cases where we don't hold i_writecount yet. Then we need to
329 * use {get,deny}_write_access() - these functions check the sign and refuse
330 * to do the change if sign is wrong. Exclusion between them is provided by
331 * the inode->i_lock spinlock.
334 int get_write_access(struct inode * inode)
336 spin_lock(&inode->i_lock);
337 if (atomic_read(&inode->i_writecount) < 0) {
338 spin_unlock(&inode->i_lock);
341 atomic_inc(&inode->i_writecount);
342 spin_unlock(&inode->i_lock);
347 int deny_write_access(struct file * file)
349 struct inode *inode = file->f_path.dentry->d_inode;
351 spin_lock(&inode->i_lock);
352 if (atomic_read(&inode->i_writecount) > 0) {
353 spin_unlock(&inode->i_lock);
356 atomic_dec(&inode->i_writecount);
357 spin_unlock(&inode->i_lock);
363 * path_get - get a reference to a path
364 * @path: path to get the reference to
366 * Given a path increment the reference count to the dentry and the vfsmount.
368 void path_get(struct path *path)
373 EXPORT_SYMBOL(path_get);
376 * path_put - put a reference to a path
377 * @path: path to put the reference to
379 * Given a path decrement the reference count to the dentry and the vfsmount.
381 void path_put(struct path *path)
386 EXPORT_SYMBOL(path_put);
389 * release_open_intent - free up open intent resources
390 * @nd: pointer to nameidata
392 void release_open_intent(struct nameidata *nd)
394 if (nd->intent.open.file->f_path.dentry == NULL)
395 put_filp(nd->intent.open.file);
397 fput(nd->intent.open.file);
400 static inline struct dentry *
401 do_revalidate(struct dentry *dentry, struct nameidata *nd)
403 int status = dentry->d_op->d_revalidate(dentry, nd);
404 if (unlikely(status <= 0)) {
406 * The dentry failed validation.
407 * If d_revalidate returned 0 attempt to invalidate
408 * the dentry otherwise d_revalidate is asking us
409 * to return a fail status.
412 if (!d_invalidate(dentry)) {
418 dentry = ERR_PTR(status);
425 * Internal lookup() using the new generic dcache.
428 static struct dentry * cached_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd)
430 struct dentry * dentry = __d_lookup(parent, name);
432 /* lockess __d_lookup may fail due to concurrent d_move()
433 * in some unrelated directory, so try with d_lookup
436 dentry = d_lookup(parent, name);
438 if (dentry && dentry->d_op && dentry->d_op->d_revalidate)
439 dentry = do_revalidate(dentry, nd);
445 * Short-cut version of permission(), for calling by
446 * path_walk(), when dcache lock is held. Combines parts
447 * of permission() and generic_permission(), and tests ONLY for
448 * MAY_EXEC permission.
450 * If appropriate, check DAC only. If not appropriate, or
451 * short-cut DAC fails, then call permission() to do more
452 * complete permission check.
454 static int exec_permission_lite(struct inode *inode)
456 umode_t mode = inode->i_mode;
458 if (inode->i_op && inode->i_op->permission)
461 if (current->fsuid == inode->i_uid)
463 else if (in_group_p(inode->i_gid))
469 if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
472 if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_OVERRIDE))
475 if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
480 return security_inode_permission(inode, MAY_EXEC);
484 * This is called when everything else fails, and we actually have
485 * to go to the low-level filesystem to find out what we should do..
487 * We get the directory semaphore, and after getting that we also
488 * make sure that nobody added the entry to the dcache in the meantime..
491 static struct dentry * real_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd)
493 struct dentry * result;
494 struct inode *dir = parent->d_inode;
496 mutex_lock(&dir->i_mutex);
498 * First re-do the cached lookup just in case it was created
499 * while we waited for the directory semaphore..
501 * FIXME! This could use version numbering or similar to
502 * avoid unnecessary cache lookups.
504 * The "dcache_lock" is purely to protect the RCU list walker
505 * from concurrent renames at this point (we mustn't get false
506 * negatives from the RCU list walk here, unlike the optimistic
509 * so doing d_lookup() (with seqlock), instead of lockfree __d_lookup
511 result = d_lookup(parent, name);
513 struct dentry *dentry;
515 /* Don't create child dentry for a dead directory. */
516 result = ERR_PTR(-ENOENT);
520 dentry = d_alloc(parent, name);
521 result = ERR_PTR(-ENOMEM);
523 result = dir->i_op->lookup(dir, dentry, nd);
530 mutex_unlock(&dir->i_mutex);
535 * Uhhuh! Nasty case: the cache was re-populated while
536 * we waited on the semaphore. Need to revalidate.
538 mutex_unlock(&dir->i_mutex);
539 if (result->d_op && result->d_op->d_revalidate) {
540 result = do_revalidate(result, nd);
542 result = ERR_PTR(-ENOENT);
548 static __always_inline void
549 walk_init_root(const char *name, struct nameidata *nd)
551 struct fs_struct *fs = current->fs;
553 read_lock(&fs->lock);
556 read_unlock(&fs->lock);
560 * Wrapper to retry pathname resolution whenever the underlying
561 * file system returns an ESTALE.
563 * Retry the whole path once, forcing real lookup requests
564 * instead of relying on the dcache.
566 static __always_inline int link_path_walk(const char *name, struct nameidata *nd)
568 struct path save = nd->path;
571 /* make sure the stuff we saved doesn't go away */
574 result = __link_path_walk(name, nd);
575 if (result == -ESTALE) {
576 /* nd->path had been dropped */
579 nd->flags |= LOOKUP_REVAL;
580 result = __link_path_walk(name, nd);
588 static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
597 walk_init_root(link, nd);
599 res = link_path_walk(link, nd);
600 if (nd->depth || res || nd->last_type!=LAST_NORM)
603 * If it is an iterative symlinks resolution in open_namei() we
604 * have to copy the last component. And all that crap because of
605 * bloody create() on broken symlinks. Furrfu...
608 if (unlikely(!name)) {
612 strcpy(name, nd->last.name);
613 nd->last.name = name;
617 return PTR_ERR(link);
620 static void path_put_conditional(struct path *path, struct nameidata *nd)
623 if (path->mnt != nd->path.mnt)
627 static inline void path_to_nameidata(struct path *path, struct nameidata *nd)
629 dput(nd->path.dentry);
630 if (nd->path.mnt != path->mnt)
631 mntput(nd->path.mnt);
632 nd->path.mnt = path->mnt;
633 nd->path.dentry = path->dentry;
636 static __always_inline int __do_follow_link(struct path *path, struct nameidata *nd)
640 struct dentry *dentry = path->dentry;
642 touch_atime(path->mnt, dentry);
643 nd_set_link(nd, NULL);
645 if (path->mnt != nd->path.mnt) {
646 path_to_nameidata(path, nd);
650 cookie = dentry->d_inode->i_op->follow_link(dentry, nd);
651 error = PTR_ERR(cookie);
652 if (!IS_ERR(cookie)) {
653 char *s = nd_get_link(nd);
656 error = __vfs_follow_link(nd, s);
657 if (dentry->d_inode->i_op->put_link)
658 dentry->d_inode->i_op->put_link(dentry, nd, cookie);
666 * This limits recursive symlink follows to 8, while
667 * limiting consecutive symlinks to 40.
669 * Without that kind of total limit, nasty chains of consecutive
670 * symlinks can cause almost arbitrarily long lookups.
672 static inline int do_follow_link(struct path *path, struct nameidata *nd)
675 if (current->link_count >= MAX_NESTED_LINKS)
677 if (current->total_link_count >= 40)
679 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
681 err = security_inode_follow_link(path->dentry, nd);
684 current->link_count++;
685 current->total_link_count++;
687 err = __do_follow_link(path, nd);
688 current->link_count--;
692 path_put_conditional(path, nd);
697 int follow_up(struct vfsmount **mnt, struct dentry **dentry)
699 struct vfsmount *parent;
700 struct dentry *mountpoint;
701 spin_lock(&vfsmount_lock);
702 parent=(*mnt)->mnt_parent;
703 if (parent == *mnt) {
704 spin_unlock(&vfsmount_lock);
708 mountpoint=dget((*mnt)->mnt_mountpoint);
709 spin_unlock(&vfsmount_lock);
711 *dentry = mountpoint;
717 /* no need for dcache_lock, as serialization is taken care in
720 static int __follow_mount(struct path *path)
723 while (d_mountpoint(path->dentry)) {
724 struct vfsmount *mounted = lookup_mnt(path->mnt, path->dentry);
731 path->dentry = dget(mounted->mnt_root);
737 static void follow_mount(struct vfsmount **mnt, struct dentry **dentry)
739 while (d_mountpoint(*dentry)) {
740 struct vfsmount *mounted = lookup_mnt(*mnt, *dentry);
746 *dentry = dget(mounted->mnt_root);
750 /* no need for dcache_lock, as serialization is taken care in
753 int follow_down(struct vfsmount **mnt, struct dentry **dentry)
755 struct vfsmount *mounted;
757 mounted = lookup_mnt(*mnt, *dentry);
762 *dentry = dget(mounted->mnt_root);
768 static __always_inline void follow_dotdot(struct nameidata *nd)
770 struct fs_struct *fs = current->fs;
773 struct vfsmount *parent;
774 struct dentry *old = nd->path.dentry;
776 read_lock(&fs->lock);
777 if (nd->path.dentry == fs->root.dentry &&
778 nd->path.mnt == fs->root.mnt) {
779 read_unlock(&fs->lock);
782 read_unlock(&fs->lock);
783 spin_lock(&dcache_lock);
784 if (nd->path.dentry != nd->path.mnt->mnt_root) {
785 nd->path.dentry = dget(nd->path.dentry->d_parent);
786 spin_unlock(&dcache_lock);
790 spin_unlock(&dcache_lock);
791 spin_lock(&vfsmount_lock);
792 parent = nd->path.mnt->mnt_parent;
793 if (parent == nd->path.mnt) {
794 spin_unlock(&vfsmount_lock);
798 nd->path.dentry = dget(nd->path.mnt->mnt_mountpoint);
799 spin_unlock(&vfsmount_lock);
801 mntput(nd->path.mnt);
802 nd->path.mnt = parent;
804 follow_mount(&nd->path.mnt, &nd->path.dentry);
808 * It's more convoluted than I'd like it to be, but... it's still fairly
809 * small and for now I'd prefer to have fast path as straight as possible.
810 * It _is_ time-critical.
812 static int do_lookup(struct nameidata *nd, struct qstr *name,
815 struct vfsmount *mnt = nd->path.mnt;
816 struct dentry *dentry = __d_lookup(nd->path.dentry, name);
820 if (dentry->d_op && dentry->d_op->d_revalidate)
821 goto need_revalidate;
824 path->dentry = dentry;
825 __follow_mount(path);
829 dentry = real_lookup(nd->path.dentry, name, nd);
835 dentry = do_revalidate(dentry, nd);
843 return PTR_ERR(dentry);
848 * This is the basic name resolution function, turning a pathname into
849 * the final dentry. We expect 'base' to be positive and a directory.
851 * Returns 0 and nd will have valid dentry and mnt on success.
852 * Returns error and drops reference to input namei data on failure.
854 static int __link_path_walk(const char *name, struct nameidata *nd)
859 unsigned int lookup_flags = nd->flags;
866 inode = nd->path.dentry->d_inode;
868 lookup_flags = LOOKUP_FOLLOW | (nd->flags & LOOKUP_CONTINUE);
870 /* At this point we know we have a real path component. */
876 nd->flags |= LOOKUP_CONTINUE;
877 err = exec_permission_lite(inode);
879 err = vfs_permission(nd, MAY_EXEC);
884 c = *(const unsigned char *)name;
886 hash = init_name_hash();
889 hash = partial_name_hash(c, hash);
890 c = *(const unsigned char *)name;
891 } while (c && (c != '/'));
892 this.len = name - (const char *) this.name;
893 this.hash = end_name_hash(hash);
895 /* remove trailing slashes? */
898 while (*++name == '/');
900 goto last_with_slashes;
903 * "." and ".." are special - ".." especially so because it has
904 * to be able to know about the current root directory and
905 * parent relationships.
907 if (this.name[0] == '.') switch (this.len) {
911 if (this.name[1] != '.')
914 inode = nd->path.dentry->d_inode;
920 * See if the low-level filesystem might want
921 * to use its own hash..
923 if (nd->path.dentry->d_op && nd->path.dentry->d_op->d_hash) {
924 err = nd->path.dentry->d_op->d_hash(nd->path.dentry,
929 /* This does the actual lookups.. */
930 err = do_lookup(nd, &this, &next);
935 inode = next.dentry->d_inode;
942 if (inode->i_op->follow_link) {
943 err = do_follow_link(&next, nd);
947 inode = nd->path.dentry->d_inode;
954 path_to_nameidata(&next, nd);
956 if (!inode->i_op->lookup)
959 /* here ends the main loop */
962 lookup_flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
964 /* Clear LOOKUP_CONTINUE iff it was previously unset */
965 nd->flags &= lookup_flags | ~LOOKUP_CONTINUE;
966 if (lookup_flags & LOOKUP_PARENT)
968 if (this.name[0] == '.') switch (this.len) {
972 if (this.name[1] != '.')
975 inode = nd->path.dentry->d_inode;
980 if (nd->path.dentry->d_op && nd->path.dentry->d_op->d_hash) {
981 err = nd->path.dentry->d_op->d_hash(nd->path.dentry,
986 err = do_lookup(nd, &this, &next);
989 inode = next.dentry->d_inode;
990 if ((lookup_flags & LOOKUP_FOLLOW)
991 && inode && inode->i_op && inode->i_op->follow_link) {
992 err = do_follow_link(&next, nd);
995 inode = nd->path.dentry->d_inode;
997 path_to_nameidata(&next, nd);
1001 if (lookup_flags & LOOKUP_DIRECTORY) {
1003 if (!inode->i_op || !inode->i_op->lookup)
1009 nd->last_type = LAST_NORM;
1010 if (this.name[0] != '.')
1013 nd->last_type = LAST_DOT;
1014 else if (this.len == 2 && this.name[1] == '.')
1015 nd->last_type = LAST_DOTDOT;
1020 * We bypassed the ordinary revalidation routines.
1021 * We may need to check the cached dentry for staleness.
1023 if (nd->path.dentry && nd->path.dentry->d_sb &&
1024 (nd->path.dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)) {
1026 /* Note: we do not d_invalidate() */
1027 if (!nd->path.dentry->d_op->d_revalidate(
1028 nd->path.dentry, nd))
1034 path_put_conditional(&next, nd);
1037 path_put(&nd->path);
1042 static int path_walk(const char *name, struct nameidata *nd)
1044 current->total_link_count = 0;
1045 return link_path_walk(name, nd);
1048 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
1049 static int do_path_lookup(int dfd, const char *name,
1050 unsigned int flags, struct nameidata *nd)
1055 struct fs_struct *fs = current->fs;
1057 nd->last_type = LAST_ROOT; /* if there are only slashes... */
1062 read_lock(&fs->lock);
1063 nd->path = fs->root;
1064 path_get(&fs->root);
1065 read_unlock(&fs->lock);
1066 } else if (dfd == AT_FDCWD) {
1067 read_lock(&fs->lock);
1070 read_unlock(&fs->lock);
1072 struct dentry *dentry;
1074 file = fget_light(dfd, &fput_needed);
1079 dentry = file->f_path.dentry;
1082 if (!S_ISDIR(dentry->d_inode->i_mode))
1085 retval = file_permission(file, MAY_EXEC);
1089 nd->path = file->f_path;
1090 path_get(&file->f_path);
1092 fput_light(file, fput_needed);
1095 retval = path_walk(name, nd);
1096 if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&
1097 nd->path.dentry->d_inode))
1098 audit_inode(name, nd->path.dentry);
1103 fput_light(file, fput_needed);
1107 int path_lookup(const char *name, unsigned int flags,
1108 struct nameidata *nd)
1110 return do_path_lookup(AT_FDCWD, name, flags, nd);
1114 * vfs_path_lookup - lookup a file path relative to a dentry-vfsmount pair
1115 * @dentry: pointer to dentry of the base directory
1116 * @mnt: pointer to vfs mount of the base directory
1117 * @name: pointer to file name
1118 * @flags: lookup flags
1119 * @nd: pointer to nameidata
1121 int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1122 const char *name, unsigned int flags,
1123 struct nameidata *nd)
1127 /* same as do_path_lookup */
1128 nd->last_type = LAST_ROOT;
1132 nd->path.dentry = dentry;
1134 path_get(&nd->path);
1136 retval = path_walk(name, nd);
1137 if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&
1138 nd->path.dentry->d_inode))
1139 audit_inode(name, nd->path.dentry);
1145 static int __path_lookup_intent_open(int dfd, const char *name,
1146 unsigned int lookup_flags, struct nameidata *nd,
1147 int open_flags, int create_mode)
1149 struct file *filp = get_empty_filp();
1154 nd->intent.open.file = filp;
1155 nd->intent.open.flags = open_flags;
1156 nd->intent.open.create_mode = create_mode;
1157 err = do_path_lookup(dfd, name, lookup_flags|LOOKUP_OPEN, nd);
1158 if (IS_ERR(nd->intent.open.file)) {
1160 err = PTR_ERR(nd->intent.open.file);
1161 path_put(&nd->path);
1163 } else if (err != 0)
1164 release_open_intent(nd);
1169 * path_lookup_open - lookup a file path with open intent
1170 * @dfd: the directory to use as base, or AT_FDCWD
1171 * @name: pointer to file name
1172 * @lookup_flags: lookup intent flags
1173 * @nd: pointer to nameidata
1174 * @open_flags: open intent flags
1176 int path_lookup_open(int dfd, const char *name, unsigned int lookup_flags,
1177 struct nameidata *nd, int open_flags)
1179 return __path_lookup_intent_open(dfd, name, lookup_flags, nd,
1184 * path_lookup_create - lookup a file path with open + create intent
1185 * @dfd: the directory to use as base, or AT_FDCWD
1186 * @name: pointer to file name
1187 * @lookup_flags: lookup intent flags
1188 * @nd: pointer to nameidata
1189 * @open_flags: open intent flags
1190 * @create_mode: create intent flags
1192 static int path_lookup_create(int dfd, const char *name,
1193 unsigned int lookup_flags, struct nameidata *nd,
1194 int open_flags, int create_mode)
1196 return __path_lookup_intent_open(dfd, name, lookup_flags|LOOKUP_CREATE,
1197 nd, open_flags, create_mode);
1200 int __user_path_lookup_open(const char __user *name, unsigned int lookup_flags,
1201 struct nameidata *nd, int open_flags)
1203 char *tmp = getname(name);
1204 int err = PTR_ERR(tmp);
1207 err = __path_lookup_intent_open(AT_FDCWD, tmp, lookup_flags, nd, open_flags, 0);
1213 static struct dentry *__lookup_hash(struct qstr *name,
1214 struct dentry *base, struct nameidata *nd)
1216 struct dentry *dentry;
1217 struct inode *inode;
1220 inode = base->d_inode;
1223 * See if the low-level filesystem might want
1224 * to use its own hash..
1226 if (base->d_op && base->d_op->d_hash) {
1227 err = base->d_op->d_hash(base, name);
1228 dentry = ERR_PTR(err);
1233 dentry = cached_lookup(base, name, nd);
1237 /* Don't create child dentry for a dead directory. */
1238 dentry = ERR_PTR(-ENOENT);
1239 if (IS_DEADDIR(inode))
1242 new = d_alloc(base, name);
1243 dentry = ERR_PTR(-ENOMEM);
1246 dentry = inode->i_op->lookup(inode, new, nd);
1257 * Restricted form of lookup. Doesn't follow links, single-component only,
1258 * needs parent already locked. Doesn't follow mounts.
1261 static struct dentry *lookup_hash(struct nameidata *nd)
1265 err = permission(nd->path.dentry->d_inode, MAY_EXEC, nd);
1267 return ERR_PTR(err);
1268 return __lookup_hash(&nd->last, nd->path.dentry, nd);
1271 static int __lookup_one_len(const char *name, struct qstr *this,
1272 struct dentry *base, int len)
1282 hash = init_name_hash();
1284 c = *(const unsigned char *)name++;
1285 if (c == '/' || c == '\0')
1287 hash = partial_name_hash(c, hash);
1289 this->hash = end_name_hash(hash);
1294 * lookup_one_len - filesystem helper to lookup single pathname component
1295 * @name: pathname component to lookup
1296 * @base: base directory to lookup from
1297 * @len: maximum length @len should be interpreted to
1299 * Note that this routine is purely a helper for filesystem usage and should
1300 * not be called by generic code. Also note that by using this function the
1301 * nameidata argument is passed to the filesystem methods and a filesystem
1302 * using this helper needs to be prepared for that.
1304 struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1309 err = __lookup_one_len(name, &this, base, len);
1311 return ERR_PTR(err);
1313 err = permission(base->d_inode, MAY_EXEC, NULL);
1315 return ERR_PTR(err);
1316 return __lookup_hash(&this, base, NULL);
1320 * lookup_one_noperm - bad hack for sysfs
1321 * @name: pathname component to lookup
1322 * @base: base directory to lookup from
1324 * This is a variant of lookup_one_len that doesn't perform any permission
1325 * checks. It's a horrible hack to work around the braindead sysfs
1326 * architecture and should not be used anywhere else.
1328 * DON'T USE THIS FUNCTION EVER, thanks.
1330 struct dentry *lookup_one_noperm(const char *name, struct dentry *base)
1335 err = __lookup_one_len(name, &this, base, strlen(name));
1337 return ERR_PTR(err);
1338 return __lookup_hash(&this, base, NULL);
1341 int __user_walk_fd(int dfd, const char __user *name, unsigned flags,
1342 struct nameidata *nd)
1344 char *tmp = getname(name);
1345 int err = PTR_ERR(tmp);
1348 err = do_path_lookup(dfd, tmp, flags, nd);
1354 int __user_walk(const char __user *name, unsigned flags, struct nameidata *nd)
1356 return __user_walk_fd(AT_FDCWD, name, flags, nd);
1360 * It's inline, so penalty for filesystems that don't use sticky bit is
1363 static inline int check_sticky(struct inode *dir, struct inode *inode)
1365 if (!(dir->i_mode & S_ISVTX))
1367 if (inode->i_uid == current->fsuid)
1369 if (dir->i_uid == current->fsuid)
1371 return !capable(CAP_FOWNER);
1375 * Check whether we can remove a link victim from directory dir, check
1376 * whether the type of victim is right.
1377 * 1. We can't do it if dir is read-only (done in permission())
1378 * 2. We should have write and exec permissions on dir
1379 * 3. We can't remove anything from append-only dir
1380 * 4. We can't do anything with immutable dir (done in permission())
1381 * 5. If the sticky bit on dir is set we should either
1382 * a. be owner of dir, or
1383 * b. be owner of victim, or
1384 * c. have CAP_FOWNER capability
1385 * 6. If the victim is append-only or immutable we can't do antyhing with
1386 * links pointing to it.
1387 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
1388 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
1389 * 9. We can't remove a root or mountpoint.
1390 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
1391 * nfs_async_unlink().
1393 static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1397 if (!victim->d_inode)
1400 BUG_ON(victim->d_parent->d_inode != dir);
1401 audit_inode_child(victim->d_name.name, victim, dir);
1403 error = permission(dir,MAY_WRITE | MAY_EXEC, NULL);
1408 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1409 IS_IMMUTABLE(victim->d_inode))
1412 if (!S_ISDIR(victim->d_inode->i_mode))
1414 if (IS_ROOT(victim))
1416 } else if (S_ISDIR(victim->d_inode->i_mode))
1418 if (IS_DEADDIR(dir))
1420 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1425 /* Check whether we can create an object with dentry child in directory
1427 * 1. We can't do it if child already exists (open has special treatment for
1428 * this case, but since we are inlined it's OK)
1429 * 2. We can't do it if dir is read-only (done in permission())
1430 * 3. We should have write and exec permissions on dir
1431 * 4. We can't do it if dir is immutable (done in permission())
1433 static inline int may_create(struct inode *dir, struct dentry *child,
1434 struct nameidata *nd)
1438 if (IS_DEADDIR(dir))
1440 return permission(dir,MAY_WRITE | MAY_EXEC, nd);
1444 * O_DIRECTORY translates into forcing a directory lookup.
1446 static inline int lookup_flags(unsigned int f)
1448 unsigned long retval = LOOKUP_FOLLOW;
1451 retval &= ~LOOKUP_FOLLOW;
1453 if (f & O_DIRECTORY)
1454 retval |= LOOKUP_DIRECTORY;
1460 * p1 and p2 should be directories on the same fs.
1462 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1467 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1471 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1473 for (p = p1; p->d_parent != p; p = p->d_parent) {
1474 if (p->d_parent == p2) {
1475 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT);
1476 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD);
1481 for (p = p2; p->d_parent != p; p = p->d_parent) {
1482 if (p->d_parent == p1) {
1483 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1484 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1489 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1490 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1494 void unlock_rename(struct dentry *p1, struct dentry *p2)
1496 mutex_unlock(&p1->d_inode->i_mutex);
1498 mutex_unlock(&p2->d_inode->i_mutex);
1499 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1503 int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1504 struct nameidata *nd)
1506 int error = may_create(dir, dentry, nd);
1511 if (!dir->i_op || !dir->i_op->create)
1512 return -EACCES; /* shouldn't it be ENOSYS? */
1515 error = security_inode_create(dir, dentry, mode);
1519 error = dir->i_op->create(dir, dentry, mode, nd);
1521 fsnotify_create(dir, dentry);
1525 int may_open(struct nameidata *nd, int acc_mode, int flag)
1527 struct dentry *dentry = nd->path.dentry;
1528 struct inode *inode = dentry->d_inode;
1534 if (S_ISLNK(inode->i_mode))
1537 if (S_ISDIR(inode->i_mode) && (acc_mode & MAY_WRITE))
1541 * FIFO's, sockets and device files are special: they don't
1542 * actually live on the filesystem itself, and as such you
1543 * can write to them even if the filesystem is read-only.
1545 if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
1547 } else if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {
1548 if (nd->path.mnt->mnt_flags & MNT_NODEV)
1554 error = vfs_permission(nd, acc_mode);
1558 * An append-only file must be opened in append mode for writing.
1560 if (IS_APPEND(inode)) {
1561 if ((flag & FMODE_WRITE) && !(flag & O_APPEND))
1567 /* O_NOATIME can only be set by the owner or superuser */
1568 if (flag & O_NOATIME)
1569 if (!is_owner_or_cap(inode))
1573 * Ensure there are no outstanding leases on the file.
1575 error = break_lease(inode, flag);
1579 if (flag & O_TRUNC) {
1580 error = get_write_access(inode);
1585 * Refuse to truncate files with mandatory locks held on them.
1587 error = locks_verify_locked(inode);
1591 error = do_truncate(dentry, 0,
1592 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
1595 put_write_access(inode);
1599 if (flag & FMODE_WRITE)
1606 * Be careful about ever adding any more callers of this
1607 * function. Its flags must be in the namei format, not
1608 * what get passed to sys_open().
1610 static int __open_namei_create(struct nameidata *nd, struct path *path,
1614 struct dentry *dir = nd->path.dentry;
1616 if (!IS_POSIXACL(dir->d_inode))
1617 mode &= ~current->fs->umask;
1618 error = vfs_create(dir->d_inode, path->dentry, mode, nd);
1619 mutex_unlock(&dir->d_inode->i_mutex);
1620 dput(nd->path.dentry);
1621 nd->path.dentry = path->dentry;
1624 /* Don't check for write permission, don't truncate */
1625 return may_open(nd, 0, flag & ~O_TRUNC);
1629 * Note that while the flag value (low two bits) for sys_open means:
1634 * it is changed into
1635 * 00 - no permissions needed
1636 * 01 - read-permission
1637 * 10 - write-permission
1639 * for the internal routines (ie open_namei()/follow_link() etc)
1640 * This is more logical, and also allows the 00 "no perm needed"
1641 * to be used for symlinks (where the permissions are checked
1645 static inline int open_to_namei_flags(int flag)
1647 if ((flag+1) & O_ACCMODE)
1652 static int open_will_write_to_fs(int flag, struct inode *inode)
1655 * We'll never write to the fs underlying
1658 if (special_file(inode->i_mode))
1660 return (flag & O_TRUNC);
1664 * Note that the low bits of the passed in "open_flag"
1665 * are not the same as in the local variable "flag". See
1666 * open_to_namei_flags() for more details.
1668 struct file *do_filp_open(int dfd, const char *pathname,
1669 int open_flag, int mode)
1672 struct nameidata nd;
1673 int acc_mode, error;
1678 int flag = open_to_namei_flags(open_flag);
1680 acc_mode = MAY_OPEN | ACC_MODE(flag);
1682 /* O_TRUNC implies we need access checks for write permissions */
1684 acc_mode |= MAY_WRITE;
1686 /* Allow the LSM permission hook to distinguish append
1687 access from general write access. */
1688 if (flag & O_APPEND)
1689 acc_mode |= MAY_APPEND;
1692 * The simplest case - just a plain lookup.
1694 if (!(flag & O_CREAT)) {
1695 error = path_lookup_open(dfd, pathname, lookup_flags(flag),
1698 return ERR_PTR(error);
1703 * Create - we need to know the parent.
1705 error = path_lookup_create(dfd, pathname, LOOKUP_PARENT,
1708 return ERR_PTR(error);
1711 * We have the parent and last component. First of all, check
1712 * that we are not asked to creat(2) an obvious directory - that
1716 if (nd.last_type != LAST_NORM || nd.last.name[nd.last.len])
1719 dir = nd.path.dentry;
1720 nd.flags &= ~LOOKUP_PARENT;
1721 mutex_lock(&dir->d_inode->i_mutex);
1722 path.dentry = lookup_hash(&nd);
1723 path.mnt = nd.path.mnt;
1726 error = PTR_ERR(path.dentry);
1727 if (IS_ERR(path.dentry)) {
1728 mutex_unlock(&dir->d_inode->i_mutex);
1732 if (IS_ERR(nd.intent.open.file)) {
1733 error = PTR_ERR(nd.intent.open.file);
1734 goto exit_mutex_unlock;
1737 /* Negative dentry, just create the file */
1738 if (!path.dentry->d_inode) {
1740 * This write is needed to ensure that a
1741 * ro->rw transition does not occur between
1742 * the time when the file is created and when
1743 * a permanent write count is taken through
1744 * the 'struct file' in nameidata_to_filp().
1746 error = mnt_want_write(nd.path.mnt);
1748 goto exit_mutex_unlock;
1749 error = __open_namei_create(&nd, &path, flag, mode);
1751 mnt_drop_write(nd.path.mnt);
1754 filp = nameidata_to_filp(&nd, open_flag);
1755 mnt_drop_write(nd.path.mnt);
1760 * It already exists.
1762 mutex_unlock(&dir->d_inode->i_mutex);
1763 audit_inode(pathname, path.dentry);
1769 if (__follow_mount(&path)) {
1771 if (flag & O_NOFOLLOW)
1776 if (!path.dentry->d_inode)
1778 if (path.dentry->d_inode->i_op && path.dentry->d_inode->i_op->follow_link)
1781 path_to_nameidata(&path, &nd);
1783 if (path.dentry->d_inode && S_ISDIR(path.dentry->d_inode->i_mode))
1788 * 1. may_open() truncates a file
1789 * 2. a rw->ro mount transition occurs
1790 * 3. nameidata_to_filp() fails due to
1792 * That would be inconsistent, and should
1793 * be avoided. Taking this mnt write here
1794 * ensures that (2) can not occur.
1796 will_write = open_will_write_to_fs(flag, nd.path.dentry->d_inode);
1798 error = mnt_want_write(nd.path.mnt);
1802 error = may_open(&nd, acc_mode, flag);
1805 mnt_drop_write(nd.path.mnt);
1808 filp = nameidata_to_filp(&nd, open_flag);
1810 * It is now safe to drop the mnt write
1811 * because the filp has had a write taken
1815 mnt_drop_write(nd.path.mnt);
1819 mutex_unlock(&dir->d_inode->i_mutex);
1821 path_put_conditional(&path, &nd);
1823 if (!IS_ERR(nd.intent.open.file))
1824 release_open_intent(&nd);
1826 return ERR_PTR(error);
1830 if (flag & O_NOFOLLOW)
1833 * This is subtle. Instead of calling do_follow_link() we do the
1834 * thing by hands. The reason is that this way we have zero link_count
1835 * and path_walk() (called from ->follow_link) honoring LOOKUP_PARENT.
1836 * After that we have the parent and last component, i.e.
1837 * we are in the same situation as after the first path_walk().
1838 * Well, almost - if the last component is normal we get its copy
1839 * stored in nd->last.name and we will have to putname() it when we
1840 * are done. Procfs-like symlinks just set LAST_BIND.
1842 nd.flags |= LOOKUP_PARENT;
1843 error = security_inode_follow_link(path.dentry, &nd);
1846 error = __do_follow_link(&path, &nd);
1848 /* Does someone understand code flow here? Or it is only
1849 * me so stupid? Anathema to whoever designed this non-sense
1850 * with "intent.open".
1852 release_open_intent(&nd);
1853 return ERR_PTR(error);
1855 nd.flags &= ~LOOKUP_PARENT;
1856 if (nd.last_type == LAST_BIND)
1859 if (nd.last_type != LAST_NORM)
1861 if (nd.last.name[nd.last.len]) {
1862 __putname(nd.last.name);
1867 __putname(nd.last.name);
1870 dir = nd.path.dentry;
1871 mutex_lock(&dir->d_inode->i_mutex);
1872 path.dentry = lookup_hash(&nd);
1873 path.mnt = nd.path.mnt;
1874 __putname(nd.last.name);
1879 * filp_open - open file and return file pointer
1881 * @filename: path to open
1882 * @flags: open flags as per the open(2) second argument
1883 * @mode: mode for the new file if O_CREAT is set, else ignored
1885 * This is the helper to open a file from kernelspace if you really
1886 * have to. But in generally you should not do this, so please move
1887 * along, nothing to see here..
1889 struct file *filp_open(const char *filename, int flags, int mode)
1891 return do_filp_open(AT_FDCWD, filename, flags, mode);
1893 EXPORT_SYMBOL(filp_open);
1896 * lookup_create - lookup a dentry, creating it if it doesn't exist
1897 * @nd: nameidata info
1898 * @is_dir: directory flag
1900 * Simple function to lookup and return a dentry and create it
1901 * if it doesn't exist. Is SMP-safe.
1903 * Returns with nd->path.dentry->d_inode->i_mutex locked.
1905 struct dentry *lookup_create(struct nameidata *nd, int is_dir)
1907 struct dentry *dentry = ERR_PTR(-EEXIST);
1909 mutex_lock_nested(&nd->path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
1911 * Yucky last component or no last component at all?
1912 * (foo/., foo/.., /////)
1914 if (nd->last_type != LAST_NORM)
1916 nd->flags &= ~LOOKUP_PARENT;
1917 nd->flags |= LOOKUP_CREATE;
1918 nd->intent.open.flags = O_EXCL;
1921 * Do the final lookup.
1923 dentry = lookup_hash(nd);
1927 if (dentry->d_inode)
1930 * Special case - lookup gave negative, but... we had foo/bar/
1931 * From the vfs_mknod() POV we just have a negative dentry -
1932 * all is fine. Let's be bastards - you had / on the end, you've
1933 * been asking for (non-existent) directory. -ENOENT for you.
1935 if (unlikely(!is_dir && nd->last.name[nd->last.len])) {
1937 dentry = ERR_PTR(-ENOENT);
1942 dentry = ERR_PTR(-EEXIST);
1946 EXPORT_SYMBOL_GPL(lookup_create);
1948 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
1950 int error = may_create(dir, dentry, NULL);
1955 if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
1958 if (!dir->i_op || !dir->i_op->mknod)
1961 error = devcgroup_inode_mknod(mode, dev);
1965 error = security_inode_mknod(dir, dentry, mode, dev);
1970 error = dir->i_op->mknod(dir, dentry, mode, dev);
1972 fsnotify_create(dir, dentry);
1976 static int may_mknod(mode_t mode)
1978 switch (mode & S_IFMT) {
1984 case 0: /* zero mode translates to S_IFREG */
1993 asmlinkage long sys_mknodat(int dfd, const char __user *filename, int mode,
1998 struct dentry * dentry;
1999 struct nameidata nd;
2003 tmp = getname(filename);
2005 return PTR_ERR(tmp);
2007 error = do_path_lookup(dfd, tmp, LOOKUP_PARENT, &nd);
2010 dentry = lookup_create(&nd, 0);
2011 if (IS_ERR(dentry)) {
2012 error = PTR_ERR(dentry);
2015 if (!IS_POSIXACL(nd.path.dentry->d_inode))
2016 mode &= ~current->fs->umask;
2017 error = may_mknod(mode);
2020 error = mnt_want_write(nd.path.mnt);
2023 switch (mode & S_IFMT) {
2024 case 0: case S_IFREG:
2025 error = vfs_create(nd.path.dentry->d_inode,dentry,mode,&nd);
2027 case S_IFCHR: case S_IFBLK:
2028 error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,
2029 new_decode_dev(dev));
2031 case S_IFIFO: case S_IFSOCK:
2032 error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,0);
2035 mnt_drop_write(nd.path.mnt);
2039 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2047 asmlinkage long sys_mknod(const char __user *filename, int mode, unsigned dev)
2049 return sys_mknodat(AT_FDCWD, filename, mode, dev);
2052 int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
2054 int error = may_create(dir, dentry, NULL);
2059 if (!dir->i_op || !dir->i_op->mkdir)
2062 mode &= (S_IRWXUGO|S_ISVTX);
2063 error = security_inode_mkdir(dir, dentry, mode);
2068 error = dir->i_op->mkdir(dir, dentry, mode);
2070 fsnotify_mkdir(dir, dentry);
2074 asmlinkage long sys_mkdirat(int dfd, const char __user *pathname, int mode)
2078 struct dentry *dentry;
2079 struct nameidata nd;
2081 tmp = getname(pathname);
2082 error = PTR_ERR(tmp);
2086 error = do_path_lookup(dfd, tmp, LOOKUP_PARENT, &nd);
2089 dentry = lookup_create(&nd, 1);
2090 error = PTR_ERR(dentry);
2094 if (!IS_POSIXACL(nd.path.dentry->d_inode))
2095 mode &= ~current->fs->umask;
2096 error = mnt_want_write(nd.path.mnt);
2099 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
2100 mnt_drop_write(nd.path.mnt);
2104 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2112 asmlinkage long sys_mkdir(const char __user *pathname, int mode)
2114 return sys_mkdirat(AT_FDCWD, pathname, mode);
2118 * We try to drop the dentry early: we should have
2119 * a usage count of 2 if we're the only user of this
2120 * dentry, and if that is true (possibly after pruning
2121 * the dcache), then we drop the dentry now.
2123 * A low-level filesystem can, if it choses, legally
2126 * if (!d_unhashed(dentry))
2129 * if it cannot handle the case of removing a directory
2130 * that is still in use by something else..
2132 void dentry_unhash(struct dentry *dentry)
2135 shrink_dcache_parent(dentry);
2136 spin_lock(&dcache_lock);
2137 spin_lock(&dentry->d_lock);
2138 if (atomic_read(&dentry->d_count) == 2)
2140 spin_unlock(&dentry->d_lock);
2141 spin_unlock(&dcache_lock);
2144 int vfs_rmdir(struct inode *dir, struct dentry *dentry)
2146 int error = may_delete(dir, dentry, 1);
2151 if (!dir->i_op || !dir->i_op->rmdir)
2156 mutex_lock(&dentry->d_inode->i_mutex);
2157 dentry_unhash(dentry);
2158 if (d_mountpoint(dentry))
2161 error = security_inode_rmdir(dir, dentry);
2163 error = dir->i_op->rmdir(dir, dentry);
2165 dentry->d_inode->i_flags |= S_DEAD;
2168 mutex_unlock(&dentry->d_inode->i_mutex);
2177 static long do_rmdir(int dfd, const char __user *pathname)
2181 struct dentry *dentry;
2182 struct nameidata nd;
2184 name = getname(pathname);
2186 return PTR_ERR(name);
2188 error = do_path_lookup(dfd, name, LOOKUP_PARENT, &nd);
2192 switch(nd.last_type) {
2203 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2204 dentry = lookup_hash(&nd);
2205 error = PTR_ERR(dentry);
2208 error = mnt_want_write(nd.path.mnt);
2211 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
2212 mnt_drop_write(nd.path.mnt);
2216 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2224 asmlinkage long sys_rmdir(const char __user *pathname)
2226 return do_rmdir(AT_FDCWD, pathname);
2229 int vfs_unlink(struct inode *dir, struct dentry *dentry)
2231 int error = may_delete(dir, dentry, 0);
2236 if (!dir->i_op || !dir->i_op->unlink)
2241 mutex_lock(&dentry->d_inode->i_mutex);
2242 if (d_mountpoint(dentry))
2245 error = security_inode_unlink(dir, dentry);
2247 error = dir->i_op->unlink(dir, dentry);
2249 mutex_unlock(&dentry->d_inode->i_mutex);
2251 /* We don't d_delete() NFS sillyrenamed files--they still exist. */
2252 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
2253 fsnotify_link_count(dentry->d_inode);
2261 * Make sure that the actual truncation of the file will occur outside its
2262 * directory's i_mutex. Truncate can take a long time if there is a lot of
2263 * writeout happening, and we don't want to prevent access to the directory
2264 * while waiting on the I/O.
2266 static long do_unlinkat(int dfd, const char __user *pathname)
2270 struct dentry *dentry;
2271 struct nameidata nd;
2272 struct inode *inode = NULL;
2274 name = getname(pathname);
2276 return PTR_ERR(name);
2278 error = do_path_lookup(dfd, name, LOOKUP_PARENT, &nd);
2282 if (nd.last_type != LAST_NORM)
2284 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2285 dentry = lookup_hash(&nd);
2286 error = PTR_ERR(dentry);
2287 if (!IS_ERR(dentry)) {
2288 /* Why not before? Because we want correct error value */
2289 if (nd.last.name[nd.last.len])
2291 inode = dentry->d_inode;
2293 atomic_inc(&inode->i_count);
2294 error = mnt_want_write(nd.path.mnt);
2297 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
2298 mnt_drop_write(nd.path.mnt);
2302 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2304 iput(inode); /* truncate the inode here */
2312 error = !dentry->d_inode ? -ENOENT :
2313 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2317 asmlinkage long sys_unlinkat(int dfd, const char __user *pathname, int flag)
2319 if ((flag & ~AT_REMOVEDIR) != 0)
2322 if (flag & AT_REMOVEDIR)
2323 return do_rmdir(dfd, pathname);
2325 return do_unlinkat(dfd, pathname);
2328 asmlinkage long sys_unlink(const char __user *pathname)
2330 return do_unlinkat(AT_FDCWD, pathname);
2333 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
2335 int error = may_create(dir, dentry, NULL);
2340 if (!dir->i_op || !dir->i_op->symlink)
2343 error = security_inode_symlink(dir, dentry, oldname);
2348 error = dir->i_op->symlink(dir, dentry, oldname);
2350 fsnotify_create(dir, dentry);
2354 asmlinkage long sys_symlinkat(const char __user *oldname,
2355 int newdfd, const char __user *newname)
2360 struct dentry *dentry;
2361 struct nameidata nd;
2363 from = getname(oldname);
2365 return PTR_ERR(from);
2366 to = getname(newname);
2367 error = PTR_ERR(to);
2371 error = do_path_lookup(newdfd, to, LOOKUP_PARENT, &nd);
2374 dentry = lookup_create(&nd, 0);
2375 error = PTR_ERR(dentry);
2379 error = mnt_want_write(nd.path.mnt);
2382 error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
2383 mnt_drop_write(nd.path.mnt);
2387 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2396 asmlinkage long sys_symlink(const char __user *oldname, const char __user *newname)
2398 return sys_symlinkat(oldname, AT_FDCWD, newname);
2401 int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2403 struct inode *inode = old_dentry->d_inode;
2409 error = may_create(dir, new_dentry, NULL);
2413 if (dir->i_sb != inode->i_sb)
2417 * A link to an append-only or immutable file cannot be created.
2419 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2421 if (!dir->i_op || !dir->i_op->link)
2423 if (S_ISDIR(inode->i_mode))
2426 error = security_inode_link(old_dentry, dir, new_dentry);
2430 mutex_lock(&inode->i_mutex);
2432 error = dir->i_op->link(old_dentry, dir, new_dentry);
2433 mutex_unlock(&inode->i_mutex);
2435 fsnotify_link(dir, inode, new_dentry);
2440 * Hardlinks are often used in delicate situations. We avoid
2441 * security-related surprises by not following symlinks on the
2444 * We don't follow them on the oldname either to be compatible
2445 * with linux 2.0, and to avoid hard-linking to directories
2446 * and other special files. --ADM
2448 asmlinkage long sys_linkat(int olddfd, const char __user *oldname,
2449 int newdfd, const char __user *newname,
2452 struct dentry *new_dentry;
2453 struct nameidata nd, old_nd;
2457 if ((flags & ~AT_SYMLINK_FOLLOW) != 0)
2460 to = getname(newname);
2464 error = __user_walk_fd(olddfd, oldname,
2465 flags & AT_SYMLINK_FOLLOW ? LOOKUP_FOLLOW : 0,
2469 error = do_path_lookup(newdfd, to, LOOKUP_PARENT, &nd);
2473 if (old_nd.path.mnt != nd.path.mnt)
2475 new_dentry = lookup_create(&nd, 0);
2476 error = PTR_ERR(new_dentry);
2477 if (IS_ERR(new_dentry))
2479 error = mnt_want_write(nd.path.mnt);
2482 error = vfs_link(old_nd.path.dentry, nd.path.dentry->d_inode, new_dentry);
2483 mnt_drop_write(nd.path.mnt);
2487 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2491 path_put(&old_nd.path);
2498 asmlinkage long sys_link(const char __user *oldname, const char __user *newname)
2500 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
2504 * The worst of all namespace operations - renaming directory. "Perverted"
2505 * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
2507 * a) we can get into loop creation. Check is done in is_subdir().
2508 * b) race potential - two innocent renames can create a loop together.
2509 * That's where 4.4 screws up. Current fix: serialization on
2510 * sb->s_vfs_rename_mutex. We might be more accurate, but that's another
2512 * c) we have to lock _three_ objects - parents and victim (if it exists).
2513 * And that - after we got ->i_mutex on parents (until then we don't know
2514 * whether the target exists). Solution: try to be smart with locking
2515 * order for inodes. We rely on the fact that tree topology may change
2516 * only under ->s_vfs_rename_mutex _and_ that parent of the object we
2517 * move will be locked. Thus we can rank directories by the tree
2518 * (ancestors first) and rank all non-directories after them.
2519 * That works since everybody except rename does "lock parent, lookup,
2520 * lock child" and rename is under ->s_vfs_rename_mutex.
2521 * HOWEVER, it relies on the assumption that any object with ->lookup()
2522 * has no more than 1 dentry. If "hybrid" objects will ever appear,
2523 * we'd better make sure that there's no link(2) for them.
2524 * d) some filesystems don't support opened-but-unlinked directories,
2525 * either because of layout or because they are not ready to deal with
2526 * all cases correctly. The latter will be fixed (taking this sort of
2527 * stuff into VFS), but the former is not going away. Solution: the same
2528 * trick as in rmdir().
2529 * e) conversion from fhandle to dentry may come in the wrong moment - when
2530 * we are removing the target. Solution: we will have to grab ->i_mutex
2531 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
2532 * ->i_mutex on parents, which works but leads to some truely excessive
2535 static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
2536 struct inode *new_dir, struct dentry *new_dentry)
2539 struct inode *target;
2542 * If we are going to change the parent - check write permissions,
2543 * we'll need to flip '..'.
2545 if (new_dir != old_dir) {
2546 error = permission(old_dentry->d_inode, MAY_WRITE, NULL);
2551 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2555 target = new_dentry->d_inode;
2557 mutex_lock(&target->i_mutex);
2558 dentry_unhash(new_dentry);
2560 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
2563 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2566 target->i_flags |= S_DEAD;
2567 mutex_unlock(&target->i_mutex);
2568 if (d_unhashed(new_dentry))
2569 d_rehash(new_dentry);
2573 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
2574 d_move(old_dentry,new_dentry);
2578 static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
2579 struct inode *new_dir, struct dentry *new_dentry)
2581 struct inode *target;
2584 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2589 target = new_dentry->d_inode;
2591 mutex_lock(&target->i_mutex);
2592 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
2595 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2597 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
2598 d_move(old_dentry, new_dentry);
2601 mutex_unlock(&target->i_mutex);
2606 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
2607 struct inode *new_dir, struct dentry *new_dentry)
2610 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
2611 const char *old_name;
2613 if (old_dentry->d_inode == new_dentry->d_inode)
2616 error = may_delete(old_dir, old_dentry, is_dir);
2620 if (!new_dentry->d_inode)
2621 error = may_create(new_dir, new_dentry, NULL);
2623 error = may_delete(new_dir, new_dentry, is_dir);
2627 if (!old_dir->i_op || !old_dir->i_op->rename)
2630 DQUOT_INIT(old_dir);
2631 DQUOT_INIT(new_dir);
2633 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
2636 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
2638 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
2640 const char *new_name = old_dentry->d_name.name;
2641 fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir,
2642 new_dentry->d_inode, old_dentry);
2644 fsnotify_oldname_free(old_name);
2649 static int do_rename(int olddfd, const char *oldname,
2650 int newdfd, const char *newname)
2653 struct dentry * old_dir, * new_dir;
2654 struct dentry * old_dentry, *new_dentry;
2655 struct dentry * trap;
2656 struct nameidata oldnd, newnd;
2658 error = do_path_lookup(olddfd, oldname, LOOKUP_PARENT, &oldnd);
2662 error = do_path_lookup(newdfd, newname, LOOKUP_PARENT, &newnd);
2667 if (oldnd.path.mnt != newnd.path.mnt)
2670 old_dir = oldnd.path.dentry;
2672 if (oldnd.last_type != LAST_NORM)
2675 new_dir = newnd.path.dentry;
2676 if (newnd.last_type != LAST_NORM)
2679 trap = lock_rename(new_dir, old_dir);
2681 old_dentry = lookup_hash(&oldnd);
2682 error = PTR_ERR(old_dentry);
2683 if (IS_ERR(old_dentry))
2685 /* source must exist */
2687 if (!old_dentry->d_inode)
2689 /* unless the source is a directory trailing slashes give -ENOTDIR */
2690 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
2692 if (oldnd.last.name[oldnd.last.len])
2694 if (newnd.last.name[newnd.last.len])
2697 /* source should not be ancestor of target */
2699 if (old_dentry == trap)
2701 new_dentry = lookup_hash(&newnd);
2702 error = PTR_ERR(new_dentry);
2703 if (IS_ERR(new_dentry))
2705 /* target should not be an ancestor of source */
2707 if (new_dentry == trap)
2710 error = mnt_want_write(oldnd.path.mnt);
2713 error = vfs_rename(old_dir->d_inode, old_dentry,
2714 new_dir->d_inode, new_dentry);
2715 mnt_drop_write(oldnd.path.mnt);
2721 unlock_rename(new_dir, old_dir);
2723 path_put(&newnd.path);
2725 path_put(&oldnd.path);
2730 asmlinkage long sys_renameat(int olddfd, const char __user *oldname,
2731 int newdfd, const char __user *newname)
2737 from = getname(oldname);
2739 return PTR_ERR(from);
2740 to = getname(newname);
2741 error = PTR_ERR(to);
2743 error = do_rename(olddfd, from, newdfd, to);
2750 asmlinkage long sys_rename(const char __user *oldname, const char __user *newname)
2752 return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname);
2755 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
2759 len = PTR_ERR(link);
2764 if (len > (unsigned) buflen)
2766 if (copy_to_user(buffer, link, len))
2773 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
2774 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
2775 * using) it for any given inode is up to filesystem.
2777 int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
2779 struct nameidata nd;
2784 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
2786 return PTR_ERR(cookie);
2788 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
2789 if (dentry->d_inode->i_op->put_link)
2790 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
2794 int vfs_follow_link(struct nameidata *nd, const char *link)
2796 return __vfs_follow_link(nd, link);
2799 /* get the link contents into pagecache */
2800 static char *page_getlink(struct dentry * dentry, struct page **ppage)
2803 struct address_space *mapping = dentry->d_inode->i_mapping;
2804 page = read_mapping_page(mapping, 0, NULL);
2811 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
2813 struct page *page = NULL;
2814 char *s = page_getlink(dentry, &page);
2815 int res = vfs_readlink(dentry,buffer,buflen,s);
2818 page_cache_release(page);
2823 void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
2825 struct page *page = NULL;
2826 nd_set_link(nd, page_getlink(dentry, &page));
2830 void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
2832 struct page *page = cookie;
2836 page_cache_release(page);
2840 int __page_symlink(struct inode *inode, const char *symname, int len,
2843 struct address_space *mapping = inode->i_mapping;
2850 err = pagecache_write_begin(NULL, mapping, 0, len-1,
2851 AOP_FLAG_UNINTERRUPTIBLE, &page, &fsdata);
2855 kaddr = kmap_atomic(page, KM_USER0);
2856 memcpy(kaddr, symname, len-1);
2857 kunmap_atomic(kaddr, KM_USER0);
2859 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
2866 mark_inode_dirty(inode);
2872 int page_symlink(struct inode *inode, const char *symname, int len)
2874 return __page_symlink(inode, symname, len,
2875 mapping_gfp_mask(inode->i_mapping));
2878 const struct inode_operations page_symlink_inode_operations = {
2879 .readlink = generic_readlink,
2880 .follow_link = page_follow_link_light,
2881 .put_link = page_put_link,
2884 EXPORT_SYMBOL(__user_walk);
2885 EXPORT_SYMBOL(__user_walk_fd);
2886 EXPORT_SYMBOL(follow_down);
2887 EXPORT_SYMBOL(follow_up);
2888 EXPORT_SYMBOL(get_write_access); /* binfmt_aout */
2889 EXPORT_SYMBOL(getname);
2890 EXPORT_SYMBOL(lock_rename);
2891 EXPORT_SYMBOL(lookup_one_len);
2892 EXPORT_SYMBOL(page_follow_link_light);
2893 EXPORT_SYMBOL(page_put_link);
2894 EXPORT_SYMBOL(page_readlink);
2895 EXPORT_SYMBOL(__page_symlink);
2896 EXPORT_SYMBOL(page_symlink);
2897 EXPORT_SYMBOL(page_symlink_inode_operations);
2898 EXPORT_SYMBOL(path_lookup);
2899 EXPORT_SYMBOL(vfs_path_lookup);
2900 EXPORT_SYMBOL(permission);
2901 EXPORT_SYMBOL(vfs_permission);
2902 EXPORT_SYMBOL(file_permission);
2903 EXPORT_SYMBOL(unlock_rename);
2904 EXPORT_SYMBOL(vfs_create);
2905 EXPORT_SYMBOL(vfs_follow_link);
2906 EXPORT_SYMBOL(vfs_link);
2907 EXPORT_SYMBOL(vfs_mkdir);
2908 EXPORT_SYMBOL(vfs_mknod);
2909 EXPORT_SYMBOL(generic_permission);
2910 EXPORT_SYMBOL(vfs_readlink);
2911 EXPORT_SYMBOL(vfs_rename);
2912 EXPORT_SYMBOL(vfs_rmdir);
2913 EXPORT_SYMBOL(vfs_symlink);
2914 EXPORT_SYMBOL(vfs_unlink);
2915 EXPORT_SYMBOL(dentry_unhash);
2916 EXPORT_SYMBOL(generic_readlink);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob