4 * Copyright (C) 1991, 1992 Linus Torvalds
8 * Some corrections by tytso.
11 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
14 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
21 #include <linux/namei.h>
22 #include <linux/quotaops.h>
23 #include <linux/pagemap.h>
24 #include <linux/fsnotify.h>
25 #include <linux/personality.h>
26 #include <linux/security.h>
27 #include <linux/ima.h>
28 #include <linux/syscalls.h>
29 #include <linux/mount.h>
30 #include <linux/audit.h>
31 #include <linux/capability.h>
32 #include <linux/file.h>
33 #include <linux/fcntl.h>
34 #include <linux/device_cgroup.h>
35 #include <linux/fs_struct.h>
36 #include <asm/uaccess.h>
40 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
42 /* [Feb-1997 T. Schoebel-Theuer]
43 * Fundamental changes in the pathname lookup mechanisms (namei)
44 * were necessary because of omirr. The reason is that omirr needs
45 * to know the _real_ pathname, not the user-supplied one, in case
46 * of symlinks (and also when transname replacements occur).
48 * The new code replaces the old recursive symlink resolution with
49 * an iterative one (in case of non-nested symlink chains). It does
50 * this with calls to <fs>_follow_link().
51 * As a side effect, dir_namei(), _namei() and follow_link() are now
52 * replaced with a single function lookup_dentry() that can handle all
53 * the special cases of the former code.
55 * With the new dcache, the pathname is stored at each inode, at least as
56 * long as the refcount of the inode is positive. As a side effect, the
57 * size of the dcache depends on the inode cache and thus is dynamic.
59 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
60 * resolution to correspond with current state of the code.
62 * Note that the symlink resolution is not *completely* iterative.
63 * There is still a significant amount of tail- and mid- recursion in
64 * the algorithm. Also, note that <fs>_readlink() is not used in
65 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
66 * may return different results than <fs>_follow_link(). Many virtual
67 * filesystems (including /proc) exhibit this behavior.
70 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
71 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
72 * and the name already exists in form of a symlink, try to create the new
73 * name indicated by the symlink. The old code always complained that the
74 * name already exists, due to not following the symlink even if its target
75 * is nonexistent. The new semantics affects also mknod() and link() when
76 * the name is a symlink pointing to a non-existant name.
78 * I don't know which semantics is the right one, since I have no access
79 * to standards. But I found by trial that HP-UX 9.0 has the full "new"
80 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
81 * "old" one. Personally, I think the new semantics is much more logical.
82 * Note that "ln old new" where "new" is a symlink pointing to a non-existing
83 * file does succeed in both HP-UX and SunOs, but not in Solaris
84 * and in the old Linux semantics.
87 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
88 * semantics. See the comments in "open_namei" and "do_link" below.
90 * [10-Sep-98 Alan Modra] Another symlink change.
93 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
94 * inside the path - always follow.
95 * in the last component in creation/removal/renaming - never follow.
96 * if LOOKUP_FOLLOW passed - follow.
97 * if the pathname has trailing slashes - follow.
98 * otherwise - don't follow.
99 * (applied in that order).
101 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
102 * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
103 * During the 2.4 we need to fix the userland stuff depending on it -
104 * hopefully we will be able to get rid of that wart in 2.5. So far only
105 * XEmacs seems to be relying on it...
108 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
109 * implemented. Let's see if raised priority of ->s_vfs_rename_mutex gives
110 * any extra contention...
113 /* In order to reduce some races, while at the same time doing additional
114 * checking and hopefully speeding things up, we copy filenames to the
115 * kernel data space before using them..
117 * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
118 * PATH_MAX includes the nul terminator --RR.
120 static int do_getname(const char __user *filename, char *page)
123 unsigned long len = PATH_MAX;
125 if (!segment_eq(get_fs(), KERNEL_DS)) {
126 if ((unsigned long) filename >= TASK_SIZE)
128 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
129 len = TASK_SIZE - (unsigned long) filename;
132 retval = strncpy_from_user(page, filename, len);
136 return -ENAMETOOLONG;
142 char * getname(const char __user * filename)
146 result = ERR_PTR(-ENOMEM);
149 int retval = do_getname(filename, tmp);
154 result = ERR_PTR(retval);
157 audit_getname(result);
161 #ifdef CONFIG_AUDITSYSCALL
162 void putname(const char *name)
164 if (unlikely(!audit_dummy_context()))
169 EXPORT_SYMBOL(putname);
173 * This does basic POSIX ACL permission checking
175 static int acl_permission_check(struct inode *inode, int mask,
176 int (*check_acl)(struct inode *inode, int mask))
178 umode_t mode = inode->i_mode;
180 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
182 if (current_fsuid() == inode->i_uid)
185 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
186 int error = check_acl(inode, mask);
187 if (error != -EAGAIN)
191 if (in_group_p(inode->i_gid))
196 * If the DACs are ok we don't need any capability check.
198 if ((mask & ~mode) == 0)
204 * generic_permission - check for access rights on a Posix-like filesystem
205 * @inode: inode to check access rights for
206 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
207 * @check_acl: optional callback to check for Posix ACLs
209 * Used to check for read/write/execute permissions on a file.
210 * We use "fsuid" for this, letting us set arbitrary permissions
211 * for filesystem access without changing the "normal" uids which
212 * are used for other things..
214 int generic_permission(struct inode *inode, int mask,
215 int (*check_acl)(struct inode *inode, int mask))
220 * Do the basic POSIX ACL permission checks.
222 ret = acl_permission_check(inode, mask, check_acl);
227 * Read/write DACs are always overridable.
228 * Executable DACs are overridable if at least one exec bit is set.
230 if (!(mask & MAY_EXEC) || execute_ok(inode))
231 if (capable(CAP_DAC_OVERRIDE))
235 * Searching includes executable on directories, else just read.
237 if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
238 if (capable(CAP_DAC_READ_SEARCH))
245 * inode_permission - check for access rights to a given inode
246 * @inode: inode to check permission on
247 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
249 * Used to check for read/write/execute permissions on an inode.
250 * We use "fsuid" for this, letting us set arbitrary permissions
251 * for filesystem access without changing the "normal" uids which
252 * are used for other things.
254 int inode_permission(struct inode *inode, int mask)
258 if (mask & MAY_WRITE) {
259 umode_t mode = inode->i_mode;
262 * Nobody gets write access to a read-only fs.
264 if (IS_RDONLY(inode) &&
265 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
269 * Nobody gets write access to an immutable file.
271 if (IS_IMMUTABLE(inode))
275 if (inode->i_op->permission)
276 retval = inode->i_op->permission(inode, mask);
278 retval = generic_permission(inode, mask, inode->i_op->check_acl);
283 retval = devcgroup_inode_permission(inode, mask);
287 return security_inode_permission(inode,
288 mask & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND));
292 * file_permission - check for additional access rights to a given file
293 * @file: file to check access rights for
294 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
296 * Used to check for read/write/execute permissions on an already opened
300 * Do not use this function in new code. All access checks should
301 * be done using inode_permission().
303 int file_permission(struct file *file, int mask)
305 return inode_permission(file->f_path.dentry->d_inode, mask);
309 * get_write_access() gets write permission for a file.
310 * put_write_access() releases this write permission.
311 * This is used for regular files.
312 * We cannot support write (and maybe mmap read-write shared) accesses and
313 * MAP_DENYWRITE mmappings simultaneously. The i_writecount field of an inode
314 * can have the following values:
315 * 0: no writers, no VM_DENYWRITE mappings
316 * < 0: (-i_writecount) vm_area_structs with VM_DENYWRITE set exist
317 * > 0: (i_writecount) users are writing to the file.
319 * Normally we operate on that counter with atomic_{inc,dec} and it's safe
320 * except for the cases where we don't hold i_writecount yet. Then we need to
321 * use {get,deny}_write_access() - these functions check the sign and refuse
322 * to do the change if sign is wrong. Exclusion between them is provided by
323 * the inode->i_lock spinlock.
326 int get_write_access(struct inode * inode)
328 spin_lock(&inode->i_lock);
329 if (atomic_read(&inode->i_writecount) < 0) {
330 spin_unlock(&inode->i_lock);
333 atomic_inc(&inode->i_writecount);
334 spin_unlock(&inode->i_lock);
339 int deny_write_access(struct file * file)
341 struct inode *inode = file->f_path.dentry->d_inode;
343 spin_lock(&inode->i_lock);
344 if (atomic_read(&inode->i_writecount) > 0) {
345 spin_unlock(&inode->i_lock);
348 atomic_dec(&inode->i_writecount);
349 spin_unlock(&inode->i_lock);
355 * path_get - get a reference to a path
356 * @path: path to get the reference to
358 * Given a path increment the reference count to the dentry and the vfsmount.
360 void path_get(struct path *path)
365 EXPORT_SYMBOL(path_get);
368 * path_put - put a reference to a path
369 * @path: path to put the reference to
371 * Given a path decrement the reference count to the dentry and the vfsmount.
373 void path_put(struct path *path)
378 EXPORT_SYMBOL(path_put);
381 * release_open_intent - free up open intent resources
382 * @nd: pointer to nameidata
384 void release_open_intent(struct nameidata *nd)
386 if (nd->intent.open.file->f_path.dentry == NULL)
387 put_filp(nd->intent.open.file);
389 fput(nd->intent.open.file);
392 static inline struct dentry *
393 do_revalidate(struct dentry *dentry, struct nameidata *nd)
395 int status = dentry->d_op->d_revalidate(dentry, nd);
396 if (unlikely(status <= 0)) {
398 * The dentry failed validation.
399 * If d_revalidate returned 0 attempt to invalidate
400 * the dentry otherwise d_revalidate is asking us
401 * to return a fail status.
404 if (!d_invalidate(dentry)) {
410 dentry = ERR_PTR(status);
417 * Short-cut version of permission(), for calling on directories
418 * during pathname resolution. Combines parts of permission()
419 * and generic_permission(), and tests ONLY for MAY_EXEC permission.
421 * If appropriate, check DAC only. If not appropriate, or
422 * short-cut DAC fails, then call ->permission() to do more
423 * complete permission check.
425 static int exec_permission(struct inode *inode)
429 if (inode->i_op->permission) {
430 ret = inode->i_op->permission(inode, MAY_EXEC);
435 ret = acl_permission_check(inode, MAY_EXEC, inode->i_op->check_acl);
439 if (capable(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH))
444 return security_inode_permission(inode, MAY_EXEC);
447 static __always_inline void set_root(struct nameidata *nd)
450 struct fs_struct *fs = current->fs;
451 read_lock(&fs->lock);
454 read_unlock(&fs->lock);
458 static int link_path_walk(const char *, struct nameidata *);
460 static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
474 res = link_path_walk(link, nd);
475 if (nd->depth || res || nd->last_type!=LAST_NORM)
478 * If it is an iterative symlinks resolution in open_namei() we
479 * have to copy the last component. And all that crap because of
480 * bloody create() on broken symlinks. Furrfu...
483 if (unlikely(!name)) {
487 strcpy(name, nd->last.name);
488 nd->last.name = name;
492 return PTR_ERR(link);
495 static void path_put_conditional(struct path *path, struct nameidata *nd)
498 if (path->mnt != nd->path.mnt)
502 static inline void path_to_nameidata(struct path *path, struct nameidata *nd)
504 dput(nd->path.dentry);
505 if (nd->path.mnt != path->mnt)
506 mntput(nd->path.mnt);
507 nd->path.mnt = path->mnt;
508 nd->path.dentry = path->dentry;
511 static __always_inline int __do_follow_link(struct path *path, struct nameidata *nd)
515 struct dentry *dentry = path->dentry;
517 touch_atime(path->mnt, dentry);
518 nd_set_link(nd, NULL);
520 if (path->mnt != nd->path.mnt) {
521 path_to_nameidata(path, nd);
525 cookie = dentry->d_inode->i_op->follow_link(dentry, nd);
526 error = PTR_ERR(cookie);
527 if (!IS_ERR(cookie)) {
528 char *s = nd_get_link(nd);
531 error = __vfs_follow_link(nd, s);
532 if (dentry->d_inode->i_op->put_link)
533 dentry->d_inode->i_op->put_link(dentry, nd, cookie);
539 * This limits recursive symlink follows to 8, while
540 * limiting consecutive symlinks to 40.
542 * Without that kind of total limit, nasty chains of consecutive
543 * symlinks can cause almost arbitrarily long lookups.
545 static inline int do_follow_link(struct path *path, struct nameidata *nd)
548 if (current->link_count >= MAX_NESTED_LINKS)
550 if (current->total_link_count >= 40)
552 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
554 err = security_inode_follow_link(path->dentry, nd);
557 current->link_count++;
558 current->total_link_count++;
560 err = __do_follow_link(path, nd);
562 current->link_count--;
566 path_put_conditional(path, nd);
571 int follow_up(struct path *path)
573 struct vfsmount *parent;
574 struct dentry *mountpoint;
575 spin_lock(&vfsmount_lock);
576 parent = path->mnt->mnt_parent;
577 if (parent == path->mnt) {
578 spin_unlock(&vfsmount_lock);
582 mountpoint = dget(path->mnt->mnt_mountpoint);
583 spin_unlock(&vfsmount_lock);
585 path->dentry = mountpoint;
591 /* no need for dcache_lock, as serialization is taken care in
594 static int __follow_mount(struct path *path)
597 while (d_mountpoint(path->dentry)) {
598 struct vfsmount *mounted = lookup_mnt(path);
605 path->dentry = dget(mounted->mnt_root);
611 static void follow_mount(struct path *path)
613 while (d_mountpoint(path->dentry)) {
614 struct vfsmount *mounted = lookup_mnt(path);
620 path->dentry = dget(mounted->mnt_root);
624 /* no need for dcache_lock, as serialization is taken care in
627 int follow_down(struct path *path)
629 struct vfsmount *mounted;
631 mounted = lookup_mnt(path);
636 path->dentry = dget(mounted->mnt_root);
642 static __always_inline void follow_dotdot(struct nameidata *nd)
647 struct vfsmount *parent;
648 struct dentry *old = nd->path.dentry;
650 if (nd->path.dentry == nd->root.dentry &&
651 nd->path.mnt == nd->root.mnt) {
654 spin_lock(&dcache_lock);
655 if (nd->path.dentry != nd->path.mnt->mnt_root) {
656 nd->path.dentry = dget(nd->path.dentry->d_parent);
657 spin_unlock(&dcache_lock);
661 spin_unlock(&dcache_lock);
662 spin_lock(&vfsmount_lock);
663 parent = nd->path.mnt->mnt_parent;
664 if (parent == nd->path.mnt) {
665 spin_unlock(&vfsmount_lock);
669 nd->path.dentry = dget(nd->path.mnt->mnt_mountpoint);
670 spin_unlock(&vfsmount_lock);
672 mntput(nd->path.mnt);
673 nd->path.mnt = parent;
675 follow_mount(&nd->path);
679 * It's more convoluted than I'd like it to be, but... it's still fairly
680 * small and for now I'd prefer to have fast path as straight as possible.
681 * It _is_ time-critical.
683 static int do_lookup(struct nameidata *nd, struct qstr *name,
686 struct vfsmount *mnt = nd->path.mnt;
687 struct dentry *dentry, *parent;
690 * See if the low-level filesystem might want
691 * to use its own hash..
693 if (nd->path.dentry->d_op && nd->path.dentry->d_op->d_hash) {
694 int err = nd->path.dentry->d_op->d_hash(nd->path.dentry, name);
699 dentry = __d_lookup(nd->path.dentry, name);
702 if (dentry->d_op && dentry->d_op->d_revalidate)
703 goto need_revalidate;
706 path->dentry = dentry;
707 __follow_mount(path);
711 parent = nd->path.dentry;
712 dir = parent->d_inode;
714 mutex_lock(&dir->i_mutex);
716 * First re-do the cached lookup just in case it was created
717 * while we waited for the directory semaphore..
719 * FIXME! This could use version numbering or similar to
720 * avoid unnecessary cache lookups.
722 * The "dcache_lock" is purely to protect the RCU list walker
723 * from concurrent renames at this point (we mustn't get false
724 * negatives from the RCU list walk here, unlike the optimistic
727 * so doing d_lookup() (with seqlock), instead of lockfree __d_lookup
729 dentry = d_lookup(parent, name);
733 /* Don't create child dentry for a dead directory. */
734 dentry = ERR_PTR(-ENOENT);
738 new = d_alloc(parent, name);
739 dentry = ERR_PTR(-ENOMEM);
741 dentry = dir->i_op->lookup(dir, new, nd);
748 mutex_unlock(&dir->i_mutex);
755 * Uhhuh! Nasty case: the cache was re-populated while
756 * we waited on the semaphore. Need to revalidate.
758 mutex_unlock(&dir->i_mutex);
759 if (dentry->d_op && dentry->d_op->d_revalidate) {
760 dentry = do_revalidate(dentry, nd);
762 dentry = ERR_PTR(-ENOENT);
769 dentry = do_revalidate(dentry, nd);
777 return PTR_ERR(dentry);
782 * This is the basic name resolution function, turning a pathname into
783 * the final dentry. We expect 'base' to be positive and a directory.
785 * Returns 0 and nd will have valid dentry and mnt on success.
786 * Returns error and drops reference to input namei data on failure.
788 static int link_path_walk(const char *name, struct nameidata *nd)
793 unsigned int lookup_flags = nd->flags;
800 inode = nd->path.dentry->d_inode;
802 lookup_flags = LOOKUP_FOLLOW | (nd->flags & LOOKUP_CONTINUE);
804 /* At this point we know we have a real path component. */
810 nd->flags |= LOOKUP_CONTINUE;
811 err = exec_permission(inode);
816 c = *(const unsigned char *)name;
818 hash = init_name_hash();
821 hash = partial_name_hash(c, hash);
822 c = *(const unsigned char *)name;
823 } while (c && (c != '/'));
824 this.len = name - (const char *) this.name;
825 this.hash = end_name_hash(hash);
827 /* remove trailing slashes? */
830 while (*++name == '/');
832 goto last_with_slashes;
835 * "." and ".." are special - ".." especially so because it has
836 * to be able to know about the current root directory and
837 * parent relationships.
839 if (this.name[0] == '.') switch (this.len) {
843 if (this.name[1] != '.')
846 inode = nd->path.dentry->d_inode;
851 /* This does the actual lookups.. */
852 err = do_lookup(nd, &this, &next);
857 inode = next.dentry->d_inode;
861 if (inode->i_op->follow_link) {
862 err = do_follow_link(&next, nd);
866 inode = nd->path.dentry->d_inode;
870 path_to_nameidata(&next, nd);
872 if (!inode->i_op->lookup)
875 /* here ends the main loop */
878 lookup_flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
880 /* Clear LOOKUP_CONTINUE iff it was previously unset */
881 nd->flags &= lookup_flags | ~LOOKUP_CONTINUE;
882 if (lookup_flags & LOOKUP_PARENT)
884 if (this.name[0] == '.') switch (this.len) {
888 if (this.name[1] != '.')
891 inode = nd->path.dentry->d_inode;
896 err = do_lookup(nd, &this, &next);
899 inode = next.dentry->d_inode;
900 if ((lookup_flags & LOOKUP_FOLLOW)
901 && inode && inode->i_op->follow_link) {
902 err = do_follow_link(&next, nd);
905 inode = nd->path.dentry->d_inode;
907 path_to_nameidata(&next, nd);
911 if (lookup_flags & LOOKUP_DIRECTORY) {
913 if (!inode->i_op->lookup)
919 nd->last_type = LAST_NORM;
920 if (this.name[0] != '.')
923 nd->last_type = LAST_DOT;
924 else if (this.len == 2 && this.name[1] == '.')
925 nd->last_type = LAST_DOTDOT;
930 * We bypassed the ordinary revalidation routines.
931 * We may need to check the cached dentry for staleness.
933 if (nd->path.dentry && nd->path.dentry->d_sb &&
934 (nd->path.dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)) {
936 /* Note: we do not d_invalidate() */
937 if (!nd->path.dentry->d_op->d_revalidate(
938 nd->path.dentry, nd))
944 path_put_conditional(&next, nd);
952 static int path_walk(const char *name, struct nameidata *nd)
954 struct path save = nd->path;
957 current->total_link_count = 0;
959 /* make sure the stuff we saved doesn't go away */
962 result = link_path_walk(name, nd);
963 if (result == -ESTALE) {
964 /* nd->path had been dropped */
965 current->total_link_count = 0;
968 nd->flags |= LOOKUP_REVAL;
969 result = link_path_walk(name, nd);
977 static int path_init(int dfd, const char *name, unsigned int flags, struct nameidata *nd)
983 nd->last_type = LAST_ROOT; /* if there are only slashes... */
992 } else if (dfd == AT_FDCWD) {
993 struct fs_struct *fs = current->fs;
994 read_lock(&fs->lock);
997 read_unlock(&fs->lock);
999 struct dentry *dentry;
1001 file = fget_light(dfd, &fput_needed);
1006 dentry = file->f_path.dentry;
1009 if (!S_ISDIR(dentry->d_inode->i_mode))
1012 retval = file_permission(file, MAY_EXEC);
1016 nd->path = file->f_path;
1017 path_get(&file->f_path);
1019 fput_light(file, fput_needed);
1024 fput_light(file, fput_needed);
1029 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
1030 static int do_path_lookup(int dfd, const char *name,
1031 unsigned int flags, struct nameidata *nd)
1033 int retval = path_init(dfd, name, flags, nd);
1035 retval = path_walk(name, nd);
1036 if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&
1037 nd->path.dentry->d_inode))
1038 audit_inode(name, nd->path.dentry);
1040 path_put(&nd->root);
1041 nd->root.mnt = NULL;
1046 int path_lookup(const char *name, unsigned int flags,
1047 struct nameidata *nd)
1049 return do_path_lookup(AT_FDCWD, name, flags, nd);
1052 int kern_path(const char *name, unsigned int flags, struct path *path)
1054 struct nameidata nd;
1055 int res = do_path_lookup(AT_FDCWD, name, flags, &nd);
1062 * vfs_path_lookup - lookup a file path relative to a dentry-vfsmount pair
1063 * @dentry: pointer to dentry of the base directory
1064 * @mnt: pointer to vfs mount of the base directory
1065 * @name: pointer to file name
1066 * @flags: lookup flags
1067 * @nd: pointer to nameidata
1069 int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1070 const char *name, unsigned int flags,
1071 struct nameidata *nd)
1075 /* same as do_path_lookup */
1076 nd->last_type = LAST_ROOT;
1080 nd->path.dentry = dentry;
1082 path_get(&nd->path);
1083 nd->root = nd->path;
1084 path_get(&nd->root);
1086 retval = path_walk(name, nd);
1087 if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry &&
1088 nd->path.dentry->d_inode))
1089 audit_inode(name, nd->path.dentry);
1091 path_put(&nd->root);
1092 nd->root.mnt = NULL;
1097 static struct dentry *__lookup_hash(struct qstr *name,
1098 struct dentry *base, struct nameidata *nd)
1100 struct dentry *dentry;
1101 struct inode *inode;
1104 inode = base->d_inode;
1107 * See if the low-level filesystem might want
1108 * to use its own hash..
1110 if (base->d_op && base->d_op->d_hash) {
1111 err = base->d_op->d_hash(base, name);
1112 dentry = ERR_PTR(err);
1117 dentry = __d_lookup(base, name);
1119 /* lockess __d_lookup may fail due to concurrent d_move()
1120 * in some unrelated directory, so try with d_lookup
1123 dentry = d_lookup(base, name);
1125 if (dentry && dentry->d_op && dentry->d_op->d_revalidate)
1126 dentry = do_revalidate(dentry, nd);
1131 /* Don't create child dentry for a dead directory. */
1132 dentry = ERR_PTR(-ENOENT);
1133 if (IS_DEADDIR(inode))
1136 new = d_alloc(base, name);
1137 dentry = ERR_PTR(-ENOMEM);
1140 dentry = inode->i_op->lookup(inode, new, nd);
1151 * Restricted form of lookup. Doesn't follow links, single-component only,
1152 * needs parent already locked. Doesn't follow mounts.
1155 static struct dentry *lookup_hash(struct nameidata *nd)
1159 err = exec_permission(nd->path.dentry->d_inode);
1161 return ERR_PTR(err);
1162 return __lookup_hash(&nd->last, nd->path.dentry, nd);
1165 static int __lookup_one_len(const char *name, struct qstr *this,
1166 struct dentry *base, int len)
1176 hash = init_name_hash();
1178 c = *(const unsigned char *)name++;
1179 if (c == '/' || c == '\0')
1181 hash = partial_name_hash(c, hash);
1183 this->hash = end_name_hash(hash);
1188 * lookup_one_len - filesystem helper to lookup single pathname component
1189 * @name: pathname component to lookup
1190 * @base: base directory to lookup from
1191 * @len: maximum length @len should be interpreted to
1193 * Note that this routine is purely a helper for filesystem usage and should
1194 * not be called by generic code. Also note that by using this function the
1195 * nameidata argument is passed to the filesystem methods and a filesystem
1196 * using this helper needs to be prepared for that.
1198 struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1203 WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex));
1205 err = __lookup_one_len(name, &this, base, len);
1207 return ERR_PTR(err);
1209 err = exec_permission(base->d_inode);
1211 return ERR_PTR(err);
1212 return __lookup_hash(&this, base, NULL);
1215 int user_path_at(int dfd, const char __user *name, unsigned flags,
1218 struct nameidata nd;
1219 char *tmp = getname(name);
1220 int err = PTR_ERR(tmp);
1223 BUG_ON(flags & LOOKUP_PARENT);
1225 err = do_path_lookup(dfd, tmp, flags, &nd);
1233 static int user_path_parent(int dfd, const char __user *path,
1234 struct nameidata *nd, char **name)
1236 char *s = getname(path);
1242 error = do_path_lookup(dfd, s, LOOKUP_PARENT, nd);
1252 * It's inline, so penalty for filesystems that don't use sticky bit is
1255 static inline int check_sticky(struct inode *dir, struct inode *inode)
1257 uid_t fsuid = current_fsuid();
1259 if (!(dir->i_mode & S_ISVTX))
1261 if (inode->i_uid == fsuid)
1263 if (dir->i_uid == fsuid)
1265 return !capable(CAP_FOWNER);
1269 * Check whether we can remove a link victim from directory dir, check
1270 * whether the type of victim is right.
1271 * 1. We can't do it if dir is read-only (done in permission())
1272 * 2. We should have write and exec permissions on dir
1273 * 3. We can't remove anything from append-only dir
1274 * 4. We can't do anything with immutable dir (done in permission())
1275 * 5. If the sticky bit on dir is set we should either
1276 * a. be owner of dir, or
1277 * b. be owner of victim, or
1278 * c. have CAP_FOWNER capability
1279 * 6. If the victim is append-only or immutable we can't do antyhing with
1280 * links pointing to it.
1281 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
1282 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
1283 * 9. We can't remove a root or mountpoint.
1284 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
1285 * nfs_async_unlink().
1287 static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1291 if (!victim->d_inode)
1294 BUG_ON(victim->d_parent->d_inode != dir);
1295 audit_inode_child(victim->d_name.name, victim, dir);
1297 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
1302 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1303 IS_IMMUTABLE(victim->d_inode) || IS_SWAPFILE(victim->d_inode))
1306 if (!S_ISDIR(victim->d_inode->i_mode))
1308 if (IS_ROOT(victim))
1310 } else if (S_ISDIR(victim->d_inode->i_mode))
1312 if (IS_DEADDIR(dir))
1314 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1319 /* Check whether we can create an object with dentry child in directory
1321 * 1. We can't do it if child already exists (open has special treatment for
1322 * this case, but since we are inlined it's OK)
1323 * 2. We can't do it if dir is read-only (done in permission())
1324 * 3. We should have write and exec permissions on dir
1325 * 4. We can't do it if dir is immutable (done in permission())
1327 static inline int may_create(struct inode *dir, struct dentry *child)
1331 if (IS_DEADDIR(dir))
1333 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
1337 * O_DIRECTORY translates into forcing a directory lookup.
1339 static inline int lookup_flags(unsigned int f)
1341 unsigned long retval = LOOKUP_FOLLOW;
1344 retval &= ~LOOKUP_FOLLOW;
1346 if (f & O_DIRECTORY)
1347 retval |= LOOKUP_DIRECTORY;
1353 * p1 and p2 should be directories on the same fs.
1355 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1360 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1364 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1366 p = d_ancestor(p2, p1);
1368 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT);
1369 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD);
1373 p = d_ancestor(p1, p2);
1375 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1376 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1380 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1381 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1385 void unlock_rename(struct dentry *p1, struct dentry *p2)
1387 mutex_unlock(&p1->d_inode->i_mutex);
1389 mutex_unlock(&p2->d_inode->i_mutex);
1390 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1394 int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1395 struct nameidata *nd)
1397 int error = may_create(dir, dentry);
1402 if (!dir->i_op->create)
1403 return -EACCES; /* shouldn't it be ENOSYS? */
1406 error = security_inode_create(dir, dentry, mode);
1410 error = dir->i_op->create(dir, dentry, mode, nd);
1412 fsnotify_create(dir, dentry);
1416 int may_open(struct path *path, int acc_mode, int flag)
1418 struct dentry *dentry = path->dentry;
1419 struct inode *inode = dentry->d_inode;
1425 switch (inode->i_mode & S_IFMT) {
1429 if (acc_mode & MAY_WRITE)
1434 if (path->mnt->mnt_flags & MNT_NODEV)
1443 error = inode_permission(inode, acc_mode);
1448 * An append-only file must be opened in append mode for writing.
1450 if (IS_APPEND(inode)) {
1451 if ((flag & FMODE_WRITE) && !(flag & O_APPEND))
1457 /* O_NOATIME can only be set by the owner or superuser */
1458 if (flag & O_NOATIME && !is_owner_or_cap(inode))
1462 * Ensure there are no outstanding leases on the file.
1464 return break_lease(inode, flag);
1467 static int handle_truncate(struct path *path)
1469 struct inode *inode = path->dentry->d_inode;
1470 int error = get_write_access(inode);
1474 * Refuse to truncate files with mandatory locks held on them.
1476 error = locks_verify_locked(inode);
1478 error = security_path_truncate(path, 0,
1479 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN);
1481 error = do_truncate(path->dentry, 0,
1482 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
1485 put_write_access(inode);
1490 * Be careful about ever adding any more callers of this
1491 * function. Its flags must be in the namei format, not
1492 * what get passed to sys_open().
1494 static int __open_namei_create(struct nameidata *nd, struct path *path,
1498 struct dentry *dir = nd->path.dentry;
1500 if (!IS_POSIXACL(dir->d_inode))
1501 mode &= ~current_umask();
1502 error = security_path_mknod(&nd->path, path->dentry, mode, 0);
1505 error = vfs_create(dir->d_inode, path->dentry, mode, nd);
1507 mutex_unlock(&dir->d_inode->i_mutex);
1508 dput(nd->path.dentry);
1509 nd->path.dentry = path->dentry;
1512 /* Don't check for write permission, don't truncate */
1513 return may_open(&nd->path, 0, flag & ~O_TRUNC);
1517 * Note that while the flag value (low two bits) for sys_open means:
1522 * it is changed into
1523 * 00 - no permissions needed
1524 * 01 - read-permission
1525 * 10 - write-permission
1527 * for the internal routines (ie open_namei()/follow_link() etc)
1528 * This is more logical, and also allows the 00 "no perm needed"
1529 * to be used for symlinks (where the permissions are checked
1533 static inline int open_to_namei_flags(int flag)
1535 if ((flag+1) & O_ACCMODE)
1540 static int open_will_truncate(int flag, struct inode *inode)
1543 * We'll never write to the fs underlying
1546 if (special_file(inode->i_mode))
1548 return (flag & O_TRUNC);
1552 * Note that the low bits of the passed in "open_flag"
1553 * are not the same as in the local variable "flag". See
1554 * open_to_namei_flags() for more details.
1556 struct file *do_filp_open(int dfd, const char *pathname,
1557 int open_flag, int mode, int acc_mode)
1560 struct nameidata nd;
1562 struct path path, save;
1566 int flag = open_to_namei_flags(open_flag);
1569 * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only
1570 * check for O_DSYNC if the need any syncing at all we enforce it's
1571 * always set instead of having to deal with possibly weird behaviour
1572 * for malicious applications setting only __O_SYNC.
1574 if (open_flag & __O_SYNC)
1575 open_flag |= O_DSYNC;
1578 acc_mode = MAY_OPEN | ACC_MODE(flag);
1580 /* O_TRUNC implies we need access checks for write permissions */
1582 acc_mode |= MAY_WRITE;
1584 /* Allow the LSM permission hook to distinguish append
1585 access from general write access. */
1586 if (flag & O_APPEND)
1587 acc_mode |= MAY_APPEND;
1590 * The simplest case - just a plain lookup.
1592 if (!(flag & O_CREAT)) {
1593 filp = get_empty_filp();
1596 return ERR_PTR(-ENFILE);
1597 nd.intent.open.file = filp;
1598 nd.intent.open.flags = flag;
1599 nd.intent.open.create_mode = 0;
1600 error = do_path_lookup(dfd, pathname,
1601 lookup_flags(flag)|LOOKUP_OPEN, &nd);
1602 if (IS_ERR(nd.intent.open.file)) {
1604 error = PTR_ERR(nd.intent.open.file);
1608 release_open_intent(&nd);
1610 return ERR_PTR(error);
1615 * Create - we need to know the parent.
1617 error = path_init(dfd, pathname, LOOKUP_PARENT, &nd);
1619 return ERR_PTR(error);
1620 error = path_walk(pathname, &nd);
1624 return ERR_PTR(error);
1626 if (unlikely(!audit_dummy_context()))
1627 audit_inode(pathname, nd.path.dentry);
1630 * We have the parent and last component. First of all, check
1631 * that we are not asked to creat(2) an obvious directory - that
1635 if (nd.last_type != LAST_NORM || nd.last.name[nd.last.len])
1639 filp = get_empty_filp();
1642 nd.intent.open.file = filp;
1643 nd.intent.open.flags = flag;
1644 nd.intent.open.create_mode = mode;
1645 dir = nd.path.dentry;
1646 nd.flags &= ~LOOKUP_PARENT;
1647 nd.flags |= LOOKUP_CREATE | LOOKUP_OPEN;
1649 nd.flags |= LOOKUP_EXCL;
1650 mutex_lock(&dir->d_inode->i_mutex);
1651 path.dentry = lookup_hash(&nd);
1652 path.mnt = nd.path.mnt;
1655 error = PTR_ERR(path.dentry);
1656 if (IS_ERR(path.dentry)) {
1657 mutex_unlock(&dir->d_inode->i_mutex);
1661 if (IS_ERR(nd.intent.open.file)) {
1662 error = PTR_ERR(nd.intent.open.file);
1663 goto exit_mutex_unlock;
1666 /* Negative dentry, just create the file */
1667 if (!path.dentry->d_inode) {
1669 * This write is needed to ensure that a
1670 * ro->rw transition does not occur between
1671 * the time when the file is created and when
1672 * a permanent write count is taken through
1673 * the 'struct file' in nameidata_to_filp().
1675 error = mnt_want_write(nd.path.mnt);
1677 goto exit_mutex_unlock;
1678 error = __open_namei_create(&nd, &path, flag, mode);
1680 mnt_drop_write(nd.path.mnt);
1683 filp = nameidata_to_filp(&nd, open_flag);
1684 mnt_drop_write(nd.path.mnt);
1687 if (!IS_ERR(filp)) {
1688 error = ima_path_check(&filp->f_path, filp->f_mode &
1689 (MAY_READ | MAY_WRITE | MAY_EXEC), 0);
1692 filp = ERR_PTR(error);
1699 * It already exists.
1701 mutex_unlock(&dir->d_inode->i_mutex);
1702 audit_inode(pathname, path.dentry);
1708 if (__follow_mount(&path)) {
1710 if (flag & O_NOFOLLOW)
1715 if (!path.dentry->d_inode)
1717 if (path.dentry->d_inode->i_op->follow_link)
1720 path_to_nameidata(&path, &nd);
1722 if (path.dentry->d_inode && S_ISDIR(path.dentry->d_inode->i_mode))
1727 * 1. may_open() truncates a file
1728 * 2. a rw->ro mount transition occurs
1729 * 3. nameidata_to_filp() fails due to
1731 * That would be inconsistent, and should
1732 * be avoided. Taking this mnt write here
1733 * ensures that (2) can not occur.
1735 will_truncate = open_will_truncate(flag, nd.path.dentry->d_inode);
1736 if (will_truncate) {
1737 error = mnt_want_write(nd.path.mnt);
1741 error = may_open(&nd.path, acc_mode, flag);
1744 mnt_drop_write(nd.path.mnt);
1747 filp = nameidata_to_filp(&nd, open_flag);
1748 if (!IS_ERR(filp)) {
1749 error = ima_path_check(&filp->f_path, filp->f_mode &
1750 (MAY_READ | MAY_WRITE | MAY_EXEC), 0);
1753 filp = ERR_PTR(error);
1756 if (!IS_ERR(filp)) {
1757 if (acc_mode & MAY_WRITE)
1758 vfs_dq_init(nd.path.dentry->d_inode);
1760 if (will_truncate) {
1761 error = handle_truncate(&nd.path);
1764 filp = ERR_PTR(error);
1769 * It is now safe to drop the mnt write
1770 * because the filp has had a write taken
1774 mnt_drop_write(nd.path.mnt);
1780 mutex_unlock(&dir->d_inode->i_mutex);
1782 path_put_conditional(&path, &nd);
1784 if (!IS_ERR(nd.intent.open.file))
1785 release_open_intent(&nd);
1790 return ERR_PTR(error);
1794 if (flag & O_NOFOLLOW)
1797 * This is subtle. Instead of calling do_follow_link() we do the
1798 * thing by hands. The reason is that this way we have zero link_count
1799 * and path_walk() (called from ->follow_link) honoring LOOKUP_PARENT.
1800 * After that we have the parent and last component, i.e.
1801 * we are in the same situation as after the first path_walk().
1802 * Well, almost - if the last component is normal we get its copy
1803 * stored in nd->last.name and we will have to putname() it when we
1804 * are done. Procfs-like symlinks just set LAST_BIND.
1806 nd.flags |= LOOKUP_PARENT;
1807 error = security_inode_follow_link(path.dentry, &nd);
1812 error = __do_follow_link(&path, &nd);
1813 if (error == -ESTALE) {
1814 /* nd.path had been dropped */
1817 nd.flags |= LOOKUP_REVAL;
1818 error = __do_follow_link(&path, &nd);
1823 /* Does someone understand code flow here? Or it is only
1824 * me so stupid? Anathema to whoever designed this non-sense
1825 * with "intent.open".
1827 release_open_intent(&nd);
1830 return ERR_PTR(error);
1832 nd.flags &= ~LOOKUP_PARENT;
1833 if (nd.last_type == LAST_BIND)
1836 if (nd.last_type != LAST_NORM)
1838 if (nd.last.name[nd.last.len]) {
1839 __putname(nd.last.name);
1844 __putname(nd.last.name);
1847 dir = nd.path.dentry;
1848 mutex_lock(&dir->d_inode->i_mutex);
1849 path.dentry = lookup_hash(&nd);
1850 path.mnt = nd.path.mnt;
1851 __putname(nd.last.name);
1856 * filp_open - open file and return file pointer
1858 * @filename: path to open
1859 * @flags: open flags as per the open(2) second argument
1860 * @mode: mode for the new file if O_CREAT is set, else ignored
1862 * This is the helper to open a file from kernelspace if you really
1863 * have to. But in generally you should not do this, so please move
1864 * along, nothing to see here..
1866 struct file *filp_open(const char *filename, int flags, int mode)
1868 return do_filp_open(AT_FDCWD, filename, flags, mode, 0);
1870 EXPORT_SYMBOL(filp_open);
1873 * lookup_create - lookup a dentry, creating it if it doesn't exist
1874 * @nd: nameidata info
1875 * @is_dir: directory flag
1877 * Simple function to lookup and return a dentry and create it
1878 * if it doesn't exist. Is SMP-safe.
1880 * Returns with nd->path.dentry->d_inode->i_mutex locked.
1882 struct dentry *lookup_create(struct nameidata *nd, int is_dir)
1884 struct dentry *dentry = ERR_PTR(-EEXIST);
1886 mutex_lock_nested(&nd->path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
1888 * Yucky last component or no last component at all?
1889 * (foo/., foo/.., /////)
1891 if (nd->last_type != LAST_NORM)
1893 nd->flags &= ~LOOKUP_PARENT;
1894 nd->flags |= LOOKUP_CREATE | LOOKUP_EXCL;
1895 nd->intent.open.flags = O_EXCL;
1898 * Do the final lookup.
1900 dentry = lookup_hash(nd);
1904 if (dentry->d_inode)
1907 * Special case - lookup gave negative, but... we had foo/bar/
1908 * From the vfs_mknod() POV we just have a negative dentry -
1909 * all is fine. Let's be bastards - you had / on the end, you've
1910 * been asking for (non-existent) directory. -ENOENT for you.
1912 if (unlikely(!is_dir && nd->last.name[nd->last.len])) {
1914 dentry = ERR_PTR(-ENOENT);
1919 dentry = ERR_PTR(-EEXIST);
1923 EXPORT_SYMBOL_GPL(lookup_create);
1925 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
1927 int error = may_create(dir, dentry);
1932 if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
1935 if (!dir->i_op->mknod)
1938 error = devcgroup_inode_mknod(mode, dev);
1942 error = security_inode_mknod(dir, dentry, mode, dev);
1947 error = dir->i_op->mknod(dir, dentry, mode, dev);
1949 fsnotify_create(dir, dentry);
1953 static int may_mknod(mode_t mode)
1955 switch (mode & S_IFMT) {
1961 case 0: /* zero mode translates to S_IFREG */
1970 SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
1975 struct dentry *dentry;
1976 struct nameidata nd;
1981 error = user_path_parent(dfd, filename, &nd, &tmp);
1985 dentry = lookup_create(&nd, 0);
1986 if (IS_ERR(dentry)) {
1987 error = PTR_ERR(dentry);
1990 if (!IS_POSIXACL(nd.path.dentry->d_inode))
1991 mode &= ~current_umask();
1992 error = may_mknod(mode);
1995 error = mnt_want_write(nd.path.mnt);
1998 error = security_path_mknod(&nd.path, dentry, mode, dev);
2000 goto out_drop_write;
2001 switch (mode & S_IFMT) {
2002 case 0: case S_IFREG:
2003 error = vfs_create(nd.path.dentry->d_inode,dentry,mode,&nd);
2005 case S_IFCHR: case S_IFBLK:
2006 error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,
2007 new_decode_dev(dev));
2009 case S_IFIFO: case S_IFSOCK:
2010 error = vfs_mknod(nd.path.dentry->d_inode,dentry,mode,0);
2014 mnt_drop_write(nd.path.mnt);
2018 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2025 SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev)
2027 return sys_mknodat(AT_FDCWD, filename, mode, dev);
2030 int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
2032 int error = may_create(dir, dentry);
2037 if (!dir->i_op->mkdir)
2040 mode &= (S_IRWXUGO|S_ISVTX);
2041 error = security_inode_mkdir(dir, dentry, mode);
2046 error = dir->i_op->mkdir(dir, dentry, mode);
2048 fsnotify_mkdir(dir, dentry);
2052 SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
2056 struct dentry *dentry;
2057 struct nameidata nd;
2059 error = user_path_parent(dfd, pathname, &nd, &tmp);
2063 dentry = lookup_create(&nd, 1);
2064 error = PTR_ERR(dentry);
2068 if (!IS_POSIXACL(nd.path.dentry->d_inode))
2069 mode &= ~current_umask();
2070 error = mnt_want_write(nd.path.mnt);
2073 error = security_path_mkdir(&nd.path, dentry, mode);
2075 goto out_drop_write;
2076 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
2078 mnt_drop_write(nd.path.mnt);
2082 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2089 SYSCALL_DEFINE2(mkdir, const char __user *, pathname, int, mode)
2091 return sys_mkdirat(AT_FDCWD, pathname, mode);
2095 * We try to drop the dentry early: we should have
2096 * a usage count of 2 if we're the only user of this
2097 * dentry, and if that is true (possibly after pruning
2098 * the dcache), then we drop the dentry now.
2100 * A low-level filesystem can, if it choses, legally
2103 * if (!d_unhashed(dentry))
2106 * if it cannot handle the case of removing a directory
2107 * that is still in use by something else..
2109 void dentry_unhash(struct dentry *dentry)
2112 shrink_dcache_parent(dentry);
2113 spin_lock(&dcache_lock);
2114 spin_lock(&dentry->d_lock);
2115 if (atomic_read(&dentry->d_count) == 2)
2117 spin_unlock(&dentry->d_lock);
2118 spin_unlock(&dcache_lock);
2121 int vfs_rmdir(struct inode *dir, struct dentry *dentry)
2123 int error = may_delete(dir, dentry, 1);
2128 if (!dir->i_op->rmdir)
2133 mutex_lock(&dentry->d_inode->i_mutex);
2134 dentry_unhash(dentry);
2135 if (d_mountpoint(dentry))
2138 error = security_inode_rmdir(dir, dentry);
2140 error = dir->i_op->rmdir(dir, dentry);
2142 dentry->d_inode->i_flags |= S_DEAD;
2145 mutex_unlock(&dentry->d_inode->i_mutex);
2154 static long do_rmdir(int dfd, const char __user *pathname)
2158 struct dentry *dentry;
2159 struct nameidata nd;
2161 error = user_path_parent(dfd, pathname, &nd, &name);
2165 switch(nd.last_type) {
2177 nd.flags &= ~LOOKUP_PARENT;
2179 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2180 dentry = lookup_hash(&nd);
2181 error = PTR_ERR(dentry);
2184 error = mnt_want_write(nd.path.mnt);
2187 error = security_path_rmdir(&nd.path, dentry);
2190 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
2192 mnt_drop_write(nd.path.mnt);
2196 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2203 SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
2205 return do_rmdir(AT_FDCWD, pathname);
2208 int vfs_unlink(struct inode *dir, struct dentry *dentry)
2210 int error = may_delete(dir, dentry, 0);
2215 if (!dir->i_op->unlink)
2220 mutex_lock(&dentry->d_inode->i_mutex);
2221 if (d_mountpoint(dentry))
2224 error = security_inode_unlink(dir, dentry);
2226 error = dir->i_op->unlink(dir, dentry);
2228 mutex_unlock(&dentry->d_inode->i_mutex);
2230 /* We don't d_delete() NFS sillyrenamed files--they still exist. */
2231 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
2232 fsnotify_link_count(dentry->d_inode);
2240 * Make sure that the actual truncation of the file will occur outside its
2241 * directory's i_mutex. Truncate can take a long time if there is a lot of
2242 * writeout happening, and we don't want to prevent access to the directory
2243 * while waiting on the I/O.
2245 static long do_unlinkat(int dfd, const char __user *pathname)
2249 struct dentry *dentry;
2250 struct nameidata nd;
2251 struct inode *inode = NULL;
2253 error = user_path_parent(dfd, pathname, &nd, &name);
2258 if (nd.last_type != LAST_NORM)
2261 nd.flags &= ~LOOKUP_PARENT;
2263 mutex_lock_nested(&nd.path.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2264 dentry = lookup_hash(&nd);
2265 error = PTR_ERR(dentry);
2266 if (!IS_ERR(dentry)) {
2267 /* Why not before? Because we want correct error value */
2268 if (nd.last.name[nd.last.len])
2270 inode = dentry->d_inode;
2272 atomic_inc(&inode->i_count);
2273 error = mnt_want_write(nd.path.mnt);
2276 error = security_path_unlink(&nd.path, dentry);
2279 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
2281 mnt_drop_write(nd.path.mnt);
2285 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2287 iput(inode); /* truncate the inode here */
2294 error = !dentry->d_inode ? -ENOENT :
2295 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2299 SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
2301 if ((flag & ~AT_REMOVEDIR) != 0)
2304 if (flag & AT_REMOVEDIR)
2305 return do_rmdir(dfd, pathname);
2307 return do_unlinkat(dfd, pathname);
2310 SYSCALL_DEFINE1(unlink, const char __user *, pathname)
2312 return do_unlinkat(AT_FDCWD, pathname);
2315 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
2317 int error = may_create(dir, dentry);
2322 if (!dir->i_op->symlink)
2325 error = security_inode_symlink(dir, dentry, oldname);
2330 error = dir->i_op->symlink(dir, dentry, oldname);
2332 fsnotify_create(dir, dentry);
2336 SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
2337 int, newdfd, const char __user *, newname)
2342 struct dentry *dentry;
2343 struct nameidata nd;
2345 from = getname(oldname);
2347 return PTR_ERR(from);
2349 error = user_path_parent(newdfd, newname, &nd, &to);
2353 dentry = lookup_create(&nd, 0);
2354 error = PTR_ERR(dentry);
2358 error = mnt_want_write(nd.path.mnt);
2361 error = security_path_symlink(&nd.path, dentry, from);
2363 goto out_drop_write;
2364 error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
2366 mnt_drop_write(nd.path.mnt);
2370 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2378 SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
2380 return sys_symlinkat(oldname, AT_FDCWD, newname);
2383 int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2385 struct inode *inode = old_dentry->d_inode;
2391 error = may_create(dir, new_dentry);
2395 if (dir->i_sb != inode->i_sb)
2399 * A link to an append-only or immutable file cannot be created.
2401 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2403 if (!dir->i_op->link)
2405 if (S_ISDIR(inode->i_mode))
2408 error = security_inode_link(old_dentry, dir, new_dentry);
2412 mutex_lock(&inode->i_mutex);
2414 error = dir->i_op->link(old_dentry, dir, new_dentry);
2415 mutex_unlock(&inode->i_mutex);
2417 fsnotify_link(dir, inode, new_dentry);
2422 * Hardlinks are often used in delicate situations. We avoid
2423 * security-related surprises by not following symlinks on the
2426 * We don't follow them on the oldname either to be compatible
2427 * with linux 2.0, and to avoid hard-linking to directories
2428 * and other special files. --ADM
2430 SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
2431 int, newdfd, const char __user *, newname, int, flags)
2433 struct dentry *new_dentry;
2434 struct nameidata nd;
2435 struct path old_path;
2439 if ((flags & ~AT_SYMLINK_FOLLOW) != 0)
2442 error = user_path_at(olddfd, oldname,
2443 flags & AT_SYMLINK_FOLLOW ? LOOKUP_FOLLOW : 0,
2448 error = user_path_parent(newdfd, newname, &nd, &to);
2452 if (old_path.mnt != nd.path.mnt)
2454 new_dentry = lookup_create(&nd, 0);
2455 error = PTR_ERR(new_dentry);
2456 if (IS_ERR(new_dentry))
2458 error = mnt_want_write(nd.path.mnt);
2461 error = security_path_link(old_path.dentry, &nd.path, new_dentry);
2463 goto out_drop_write;
2464 error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
2466 mnt_drop_write(nd.path.mnt);
2470 mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
2475 path_put(&old_path);
2480 SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
2482 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
2486 * The worst of all namespace operations - renaming directory. "Perverted"
2487 * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
2489 * a) we can get into loop creation. Check is done in is_subdir().
2490 * b) race potential - two innocent renames can create a loop together.
2491 * That's where 4.4 screws up. Current fix: serialization on
2492 * sb->s_vfs_rename_mutex. We might be more accurate, but that's another
2494 * c) we have to lock _three_ objects - parents and victim (if it exists).
2495 * And that - after we got ->i_mutex on parents (until then we don't know
2496 * whether the target exists). Solution: try to be smart with locking
2497 * order for inodes. We rely on the fact that tree topology may change
2498 * only under ->s_vfs_rename_mutex _and_ that parent of the object we
2499 * move will be locked. Thus we can rank directories by the tree
2500 * (ancestors first) and rank all non-directories after them.
2501 * That works since everybody except rename does "lock parent, lookup,
2502 * lock child" and rename is under ->s_vfs_rename_mutex.
2503 * HOWEVER, it relies on the assumption that any object with ->lookup()
2504 * has no more than 1 dentry. If "hybrid" objects will ever appear,
2505 * we'd better make sure that there's no link(2) for them.
2506 * d) some filesystems don't support opened-but-unlinked directories,
2507 * either because of layout or because they are not ready to deal with
2508 * all cases correctly. The latter will be fixed (taking this sort of
2509 * stuff into VFS), but the former is not going away. Solution: the same
2510 * trick as in rmdir().
2511 * e) conversion from fhandle to dentry may come in the wrong moment - when
2512 * we are removing the target. Solution: we will have to grab ->i_mutex
2513 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
2514 * ->i_mutex on parents, which works but leads to some truely excessive
2517 static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
2518 struct inode *new_dir, struct dentry *new_dentry)
2521 struct inode *target;
2524 * If we are going to change the parent - check write permissions,
2525 * we'll need to flip '..'.
2527 if (new_dir != old_dir) {
2528 error = inode_permission(old_dentry->d_inode, MAY_WRITE);
2533 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2537 target = new_dentry->d_inode;
2539 mutex_lock(&target->i_mutex);
2540 dentry_unhash(new_dentry);
2542 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
2545 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2548 target->i_flags |= S_DEAD;
2549 mutex_unlock(&target->i_mutex);
2550 if (d_unhashed(new_dentry))
2551 d_rehash(new_dentry);
2555 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
2556 d_move(old_dentry,new_dentry);
2560 static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
2561 struct inode *new_dir, struct dentry *new_dentry)
2563 struct inode *target;
2566 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2571 target = new_dentry->d_inode;
2573 mutex_lock(&target->i_mutex);
2574 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
2577 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2579 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
2580 d_move(old_dentry, new_dentry);
2583 mutex_unlock(&target->i_mutex);
2588 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
2589 struct inode *new_dir, struct dentry *new_dentry)
2592 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
2593 const char *old_name;
2595 if (old_dentry->d_inode == new_dentry->d_inode)
2598 error = may_delete(old_dir, old_dentry, is_dir);
2602 if (!new_dentry->d_inode)
2603 error = may_create(new_dir, new_dentry);
2605 error = may_delete(new_dir, new_dentry, is_dir);
2609 if (!old_dir->i_op->rename)
2612 vfs_dq_init(old_dir);
2613 vfs_dq_init(new_dir);
2615 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
2618 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
2620 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
2622 const char *new_name = old_dentry->d_name.name;
2623 fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir,
2624 new_dentry->d_inode, old_dentry);
2626 fsnotify_oldname_free(old_name);
2631 SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
2632 int, newdfd, const char __user *, newname)
2634 struct dentry *old_dir, *new_dir;
2635 struct dentry *old_dentry, *new_dentry;
2636 struct dentry *trap;
2637 struct nameidata oldnd, newnd;
2642 error = user_path_parent(olddfd, oldname, &oldnd, &from);
2646 error = user_path_parent(newdfd, newname, &newnd, &to);
2651 if (oldnd.path.mnt != newnd.path.mnt)
2654 old_dir = oldnd.path.dentry;
2656 if (oldnd.last_type != LAST_NORM)
2659 new_dir = newnd.path.dentry;
2660 if (newnd.last_type != LAST_NORM)
2663 oldnd.flags &= ~LOOKUP_PARENT;
2664 newnd.flags &= ~LOOKUP_PARENT;
2665 newnd.flags |= LOOKUP_RENAME_TARGET;
2667 trap = lock_rename(new_dir, old_dir);
2669 old_dentry = lookup_hash(&oldnd);
2670 error = PTR_ERR(old_dentry);
2671 if (IS_ERR(old_dentry))
2673 /* source must exist */
2675 if (!old_dentry->d_inode)
2677 /* unless the source is a directory trailing slashes give -ENOTDIR */
2678 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
2680 if (oldnd.last.name[oldnd.last.len])
2682 if (newnd.last.name[newnd.last.len])
2685 /* source should not be ancestor of target */
2687 if (old_dentry == trap)
2689 new_dentry = lookup_hash(&newnd);
2690 error = PTR_ERR(new_dentry);
2691 if (IS_ERR(new_dentry))
2693 /* target should not be an ancestor of source */
2695 if (new_dentry == trap)
2698 error = mnt_want_write(oldnd.path.mnt);
2701 error = security_path_rename(&oldnd.path, old_dentry,
2702 &newnd.path, new_dentry);
2705 error = vfs_rename(old_dir->d_inode, old_dentry,
2706 new_dir->d_inode, new_dentry);
2708 mnt_drop_write(oldnd.path.mnt);
2714 unlock_rename(new_dir, old_dir);
2716 path_put(&newnd.path);
2719 path_put(&oldnd.path);
2725 SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
2727 return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname);
2730 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
2734 len = PTR_ERR(link);
2739 if (len > (unsigned) buflen)
2741 if (copy_to_user(buffer, link, len))
2748 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
2749 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
2750 * using) it for any given inode is up to filesystem.
2752 int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
2754 struct nameidata nd;
2759 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
2761 return PTR_ERR(cookie);
2763 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
2764 if (dentry->d_inode->i_op->put_link)
2765 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
2769 int vfs_follow_link(struct nameidata *nd, const char *link)
2771 return __vfs_follow_link(nd, link);
2774 /* get the link contents into pagecache */
2775 static char *page_getlink(struct dentry * dentry, struct page **ppage)
2779 struct address_space *mapping = dentry->d_inode->i_mapping;
2780 page = read_mapping_page(mapping, 0, NULL);
2785 nd_terminate_link(kaddr, dentry->d_inode->i_size, PAGE_SIZE - 1);
2789 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
2791 struct page *page = NULL;
2792 char *s = page_getlink(dentry, &page);
2793 int res = vfs_readlink(dentry,buffer,buflen,s);
2796 page_cache_release(page);
2801 void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
2803 struct page *page = NULL;
2804 nd_set_link(nd, page_getlink(dentry, &page));
2808 void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
2810 struct page *page = cookie;
2814 page_cache_release(page);
2819 * The nofs argument instructs pagecache_write_begin to pass AOP_FLAG_NOFS
2821 int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
2823 struct address_space *mapping = inode->i_mapping;
2828 unsigned int flags = AOP_FLAG_UNINTERRUPTIBLE;
2830 flags |= AOP_FLAG_NOFS;
2833 err = pagecache_write_begin(NULL, mapping, 0, len-1,
2834 flags, &page, &fsdata);
2838 kaddr = kmap_atomic(page, KM_USER0);
2839 memcpy(kaddr, symname, len-1);
2840 kunmap_atomic(kaddr, KM_USER0);
2842 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
2849 mark_inode_dirty(inode);
2855 int page_symlink(struct inode *inode, const char *symname, int len)
2857 return __page_symlink(inode, symname, len,
2858 !(mapping_gfp_mask(inode->i_mapping) & __GFP_FS));
2861 const struct inode_operations page_symlink_inode_operations = {
2862 .readlink = generic_readlink,
2863 .follow_link = page_follow_link_light,
2864 .put_link = page_put_link,
2867 EXPORT_SYMBOL(user_path_at);
2868 EXPORT_SYMBOL(follow_down);
2869 EXPORT_SYMBOL(follow_up);
2870 EXPORT_SYMBOL(get_write_access); /* binfmt_aout */
2871 EXPORT_SYMBOL(getname);
2872 EXPORT_SYMBOL(lock_rename);
2873 EXPORT_SYMBOL(lookup_one_len);
2874 EXPORT_SYMBOL(page_follow_link_light);
2875 EXPORT_SYMBOL(page_put_link);
2876 EXPORT_SYMBOL(page_readlink);
2877 EXPORT_SYMBOL(__page_symlink);
2878 EXPORT_SYMBOL(page_symlink);
2879 EXPORT_SYMBOL(page_symlink_inode_operations);
2880 EXPORT_SYMBOL(path_lookup);
2881 EXPORT_SYMBOL(kern_path);
2882 EXPORT_SYMBOL(vfs_path_lookup);
2883 EXPORT_SYMBOL(inode_permission);
2884 EXPORT_SYMBOL(file_permission);
2885 EXPORT_SYMBOL(unlock_rename);
2886 EXPORT_SYMBOL(vfs_create);
2887 EXPORT_SYMBOL(vfs_follow_link);
2888 EXPORT_SYMBOL(vfs_link);
2889 EXPORT_SYMBOL(vfs_mkdir);
2890 EXPORT_SYMBOL(vfs_mknod);
2891 EXPORT_SYMBOL(generic_permission);
2892 EXPORT_SYMBOL(vfs_readlink);
2893 EXPORT_SYMBOL(vfs_rename);
2894 EXPORT_SYMBOL(vfs_rmdir);
2895 EXPORT_SYMBOL(vfs_symlink);
2896 EXPORT_SYMBOL(vfs_unlink);
2897 EXPORT_SYMBOL(dentry_unhash);
2898 EXPORT_SYMBOL(generic_readlink);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob