This source file includes following definitions.
- getname_flags
- getname
- getname_kernel
- putname
- check_acl
- acl_permission_check
- generic_permission
- do_inode_permission
- sb_permission
- inode_permission
- path_get
- path_put
- set_nameidata
- restore_nameidata
- __nd_alloc_stack
- path_connected
- nd_alloc_stack
- drop_links
- terminate_walk
- legitimize_path
- legitimize_links
- legitimize_root
- unlazy_walk
- unlazy_child
- d_revalidate
- complete_walk
- set_root
- path_put_conditional
- path_to_nameidata
- nd_jump_root
- nd_jump_link
- put_link
- may_follow_link
- safe_hardlink_source
- may_linkat
- may_create_in_sticky
- get_link
- follow_up
- follow_automount
- follow_managed
- follow_down_one
- managed_dentry_rcu
- __follow_mount_rcu
- follow_dotdot_rcu
- follow_down
- follow_mount
- path_parent_directory
- follow_dotdot
- lookup_dcache
- __lookup_hash
- lookup_fast
- __lookup_slow
- lookup_slow
- may_lookup
- handle_dots
- pick_link
- step_into
- walk_component
- fold_hash
- fold_hash
- full_name_hash
- hashlen_string
- hash_name
- full_name_hash
- hashlen_string
- hash_name
- link_path_walk
- path_init
- trailing_symlink
- lookup_last
- handle_lookup_down
- path_lookupat
- filename_lookup
- path_parentat
- filename_parentat
- kern_path_locked
- kern_path
- vfs_path_lookup
- lookup_one_len_common
- try_lookup_one_len
- lookup_one_len
- lookup_one_len_unlocked
- path_pts
- user_path_at_empty
- mountpoint_last
- path_mountpoint
- filename_mountpoint
- user_path_mountpoint_at
- kern_path_mountpoint
- __check_sticky
- may_delete
- may_create
- lock_rename
- unlock_rename
- vfs_create
- vfs_mkobj
- may_open_dev
- may_open
- handle_truncate
- open_to_namei_flags
- may_o_create
- atomic_open
- lookup_open
- do_last
- vfs_tmpfile
- do_tmpfile
- do_o_path
- path_openat
- do_filp_open
- do_file_open_root
- filename_create
- kern_path_create
- done_path_create
- user_path_create
- vfs_mknod
- may_mknod
- do_mknodat
- SYSCALL_DEFINE4
- SYSCALL_DEFINE3
- vfs_mkdir
- do_mkdirat
- SYSCALL_DEFINE3
- SYSCALL_DEFINE2
- vfs_rmdir
- do_rmdir
- SYSCALL_DEFINE1
- vfs_unlink
- do_unlinkat
- SYSCALL_DEFINE3
- SYSCALL_DEFINE1
- vfs_symlink
- do_symlinkat
- SYSCALL_DEFINE3
- SYSCALL_DEFINE2
- vfs_link
- do_linkat
- SYSCALL_DEFINE5
- SYSCALL_DEFINE2
- vfs_rename
- do_renameat2
- SYSCALL_DEFINE5
- SYSCALL_DEFINE4
- SYSCALL_DEFINE2
- vfs_whiteout
- readlink_copy
- vfs_readlink
- vfs_get_link
- page_get_link
- page_put_link
- page_readlink
- __page_symlink
- page_symlink
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 #include <linux/init.h>
19 #include <linux/export.h>
20 #include <linux/kernel.h>
21 #include <linux/slab.h>
22 #include <linux/fs.h>
23 #include <linux/namei.h>
24 #include <linux/pagemap.h>
25 #include <linux/fsnotify.h>
26 #include <linux/personality.h>
27 #include <linux/security.h>
28 #include <linux/ima.h>
29 #include <linux/syscalls.h>
30 #include <linux/mount.h>
31 #include <linux/audit.h>
32 #include <linux/capability.h>
33 #include <linux/file.h>
34 #include <linux/fcntl.h>
35 #include <linux/device_cgroup.h>
36 #include <linux/fs_struct.h>
37 #include <linux/posix_acl.h>
38 #include <linux/hash.h>
39 #include <linux/bitops.h>
40 #include <linux/init_task.h>
41 #include <linux/uaccess.h>
42
43 #include "internal.h"
44 #include "mount.h"
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125 #define EMBEDDED_NAME_MAX (PATH_MAX - offsetof(struct filename, iname))
126
127 struct filename *
128 getname_flags(const char __user *filename, int flags, int *empty)
129 {
130 struct filename *result;
131 char *kname;
132 int len;
133
134 result = audit_reusename(filename);
135 if (result)
136 return result;
137
138 result = __getname();
139 if (unlikely(!result))
140 return ERR_PTR(-ENOMEM);
141
142
143
144
145
146 kname = (char *)result->iname;
147 result->name = kname;
148
149 len = strncpy_from_user(kname, filename, EMBEDDED_NAME_MAX);
150 if (unlikely(len < 0)) {
151 __putname(result);
152 return ERR_PTR(len);
153 }
154
155
156
157
158
159
160
161 if (unlikely(len == EMBEDDED_NAME_MAX)) {
162 const size_t size = offsetof(struct filename, iname[1]);
163 kname = (char *)result;
164
165
166
167
168
169
170 result = kzalloc(size, GFP_KERNEL);
171 if (unlikely(!result)) {
172 __putname(kname);
173 return ERR_PTR(-ENOMEM);
174 }
175 result->name = kname;
176 len = strncpy_from_user(kname, filename, PATH_MAX);
177 if (unlikely(len < 0)) {
178 __putname(kname);
179 kfree(result);
180 return ERR_PTR(len);
181 }
182 if (unlikely(len == PATH_MAX)) {
183 __putname(kname);
184 kfree(result);
185 return ERR_PTR(-ENAMETOOLONG);
186 }
187 }
188
189 result->refcnt = 1;
190
191 if (unlikely(!len)) {
192 if (empty)
193 *empty = 1;
194 if (!(flags & LOOKUP_EMPTY)) {
195 putname(result);
196 return ERR_PTR(-ENOENT);
197 }
198 }
199
200 result->uptr = filename;
201 result->aname = NULL;
202 audit_getname(result);
203 return result;
204 }
205
206 struct filename *
207 getname(const char __user * filename)
208 {
209 return getname_flags(filename, 0, NULL);
210 }
211
212 struct filename *
213 getname_kernel(const char * filename)
214 {
215 struct filename *result;
216 int len = strlen(filename) + 1;
217
218 result = __getname();
219 if (unlikely(!result))
220 return ERR_PTR(-ENOMEM);
221
222 if (len <= EMBEDDED_NAME_MAX) {
223 result->name = (char *)result->iname;
224 } else if (len <= PATH_MAX) {
225 const size_t size = offsetof(struct filename, iname[1]);
226 struct filename *tmp;
227
228 tmp = kmalloc(size, GFP_KERNEL);
229 if (unlikely(!tmp)) {
230 __putname(result);
231 return ERR_PTR(-ENOMEM);
232 }
233 tmp->name = (char *)result;
234 result = tmp;
235 } else {
236 __putname(result);
237 return ERR_PTR(-ENAMETOOLONG);
238 }
239 memcpy((char *)result->name, filename, len);
240 result->uptr = NULL;
241 result->aname = NULL;
242 result->refcnt = 1;
243 audit_getname(result);
244
245 return result;
246 }
247
248 void putname(struct filename *name)
249 {
250 BUG_ON(name->refcnt <= 0);
251
252 if (--name->refcnt > 0)
253 return;
254
255 if (name->name != name->iname) {
256 __putname(name->name);
257 kfree(name);
258 } else
259 __putname(name);
260 }
261
262 static int check_acl(struct inode *inode, int mask)
263 {
264 #ifdef CONFIG_FS_POSIX_ACL
265 struct posix_acl *acl;
266
267 if (mask & MAY_NOT_BLOCK) {
268 acl = get_cached_acl_rcu(inode, ACL_TYPE_ACCESS);
269 if (!acl)
270 return -EAGAIN;
271
272 if (is_uncached_acl(acl))
273 return -ECHILD;
274 return posix_acl_permission(inode, acl, mask & ~MAY_NOT_BLOCK);
275 }
276
277 acl = get_acl(inode, ACL_TYPE_ACCESS);
278 if (IS_ERR(acl))
279 return PTR_ERR(acl);
280 if (acl) {
281 int error = posix_acl_permission(inode, acl, mask);
282 posix_acl_release(acl);
283 return error;
284 }
285 #endif
286
287 return -EAGAIN;
288 }
289
290
291
292
293 static int acl_permission_check(struct inode *inode, int mask)
294 {
295 unsigned int mode = inode->i_mode;
296
297 if (likely(uid_eq(current_fsuid(), inode->i_uid)))
298 mode >>= 6;
299 else {
300 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
301 int error = check_acl(inode, mask);
302 if (error != -EAGAIN)
303 return error;
304 }
305
306 if (in_group_p(inode->i_gid))
307 mode >>= 3;
308 }
309
310
311
312
313 if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
314 return 0;
315 return -EACCES;
316 }
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332 int generic_permission(struct inode *inode, int mask)
333 {
334 int ret;
335
336
337
338
339 ret = acl_permission_check(inode, mask);
340 if (ret != -EACCES)
341 return ret;
342
343 if (S_ISDIR(inode->i_mode)) {
344
345 if (!(mask & MAY_WRITE))
346 if (capable_wrt_inode_uidgid(inode,
347 CAP_DAC_READ_SEARCH))
348 return 0;
349 if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
350 return 0;
351 return -EACCES;
352 }
353
354
355
356
357 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
358 if (mask == MAY_READ)
359 if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
360 return 0;
361
362
363
364
365
366 if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
367 if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
368 return 0;
369
370 return -EACCES;
371 }
372 EXPORT_SYMBOL(generic_permission);
373
374
375
376
377
378
379
380 static inline int do_inode_permission(struct inode *inode, int mask)
381 {
382 if (unlikely(!(inode->i_opflags & IOP_FASTPERM))) {
383 if (likely(inode->i_op->permission))
384 return inode->i_op->permission(inode, mask);
385
386
387 spin_lock(&inode->i_lock);
388 inode->i_opflags |= IOP_FASTPERM;
389 spin_unlock(&inode->i_lock);
390 }
391 return generic_permission(inode, mask);
392 }
393
394
395
396
397
398
399
400
401
402 static int sb_permission(struct super_block *sb, struct inode *inode, int mask)
403 {
404 if (unlikely(mask & MAY_WRITE)) {
405 umode_t mode = inode->i_mode;
406
407
408 if (sb_rdonly(sb) && (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
409 return -EROFS;
410 }
411 return 0;
412 }
413
414
415
416
417
418
419
420
421
422
423
424
425 int inode_permission(struct inode *inode, int mask)
426 {
427 int retval;
428
429 retval = sb_permission(inode->i_sb, inode, mask);
430 if (retval)
431 return retval;
432
433 if (unlikely(mask & MAY_WRITE)) {
434
435
436
437 if (IS_IMMUTABLE(inode))
438 return -EPERM;
439
440
441
442
443
444
445 if (HAS_UNMAPPED_ID(inode))
446 return -EACCES;
447 }
448
449 retval = do_inode_permission(inode, mask);
450 if (retval)
451 return retval;
452
453 retval = devcgroup_inode_permission(inode, mask);
454 if (retval)
455 return retval;
456
457 return security_inode_permission(inode, mask);
458 }
459 EXPORT_SYMBOL(inode_permission);
460
461
462
463
464
465
466
467 void path_get(const struct path *path)
468 {
469 mntget(path->mnt);
470 dget(path->dentry);
471 }
472 EXPORT_SYMBOL(path_get);
473
474
475
476
477
478
479
480 void path_put(const struct path *path)
481 {
482 dput(path->dentry);
483 mntput(path->mnt);
484 }
485 EXPORT_SYMBOL(path_put);
486
487 #define EMBEDDED_LEVELS 2
488 struct nameidata {
489 struct path path;
490 struct qstr last;
491 struct path root;
492 struct inode *inode;
493 unsigned int flags;
494 unsigned seq, m_seq;
495 int last_type;
496 unsigned depth;
497 int total_link_count;
498 struct saved {
499 struct path link;
500 struct delayed_call done;
501 const char *name;
502 unsigned seq;
503 } *stack, internal[EMBEDDED_LEVELS];
504 struct filename *name;
505 struct nameidata *saved;
506 struct inode *link_inode;
507 unsigned root_seq;
508 int dfd;
509 } __randomize_layout;
510
511 static void set_nameidata(struct nameidata *p, int dfd, struct filename *name)
512 {
513 struct nameidata *old = current->nameidata;
514 p->stack = p->internal;
515 p->dfd = dfd;
516 p->name = name;
517 p->total_link_count = old ? old->total_link_count : 0;
518 p->saved = old;
519 current->nameidata = p;
520 }
521
522 static void restore_nameidata(void)
523 {
524 struct nameidata *now = current->nameidata, *old = now->saved;
525
526 current->nameidata = old;
527 if (old)
528 old->total_link_count = now->total_link_count;
529 if (now->stack != now->internal)
530 kfree(now->stack);
531 }
532
533 static int __nd_alloc_stack(struct nameidata *nd)
534 {
535 struct saved *p;
536
537 if (nd->flags & LOOKUP_RCU) {
538 p= kmalloc_array(MAXSYMLINKS, sizeof(struct saved),
539 GFP_ATOMIC);
540 if (unlikely(!p))
541 return -ECHILD;
542 } else {
543 p= kmalloc_array(MAXSYMLINKS, sizeof(struct saved),
544 GFP_KERNEL);
545 if (unlikely(!p))
546 return -ENOMEM;
547 }
548 memcpy(p, nd->internal, sizeof(nd->internal));
549 nd->stack = p;
550 return 0;
551 }
552
553
554
555
556
557
558
559
560 static bool path_connected(const struct path *path)
561 {
562 struct vfsmount *mnt = path->mnt;
563 struct super_block *sb = mnt->mnt_sb;
564
565
566 if (!(sb->s_iflags & SB_I_MULTIROOT) && (mnt->mnt_root == sb->s_root))
567 return true;
568
569 return is_subdir(path->dentry, mnt->mnt_root);
570 }
571
572 static inline int nd_alloc_stack(struct nameidata *nd)
573 {
574 if (likely(nd->depth != EMBEDDED_LEVELS))
575 return 0;
576 if (likely(nd->stack != nd->internal))
577 return 0;
578 return __nd_alloc_stack(nd);
579 }
580
581 static void drop_links(struct nameidata *nd)
582 {
583 int i = nd->depth;
584 while (i--) {
585 struct saved *last = nd->stack + i;
586 do_delayed_call(&last->done);
587 clear_delayed_call(&last->done);
588 }
589 }
590
591 static void terminate_walk(struct nameidata *nd)
592 {
593 drop_links(nd);
594 if (!(nd->flags & LOOKUP_RCU)) {
595 int i;
596 path_put(&nd->path);
597 for (i = 0; i < nd->depth; i++)
598 path_put(&nd->stack[i].link);
599 if (nd->flags & LOOKUP_ROOT_GRABBED) {
600 path_put(&nd->root);
601 nd->flags &= ~LOOKUP_ROOT_GRABBED;
602 }
603 } else {
604 nd->flags &= ~LOOKUP_RCU;
605 rcu_read_unlock();
606 }
607 nd->depth = 0;
608 }
609
610
611 static bool legitimize_path(struct nameidata *nd,
612 struct path *path, unsigned seq)
613 {
614 int res = __legitimize_mnt(path->mnt, nd->m_seq);
615 if (unlikely(res)) {
616 if (res > 0)
617 path->mnt = NULL;
618 path->dentry = NULL;
619 return false;
620 }
621 if (unlikely(!lockref_get_not_dead(&path->dentry->d_lockref))) {
622 path->dentry = NULL;
623 return false;
624 }
625 return !read_seqcount_retry(&path->dentry->d_seq, seq);
626 }
627
628 static bool legitimize_links(struct nameidata *nd)
629 {
630 int i;
631 for (i = 0; i < nd->depth; i++) {
632 struct saved *last = nd->stack + i;
633 if (unlikely(!legitimize_path(nd, &last->link, last->seq))) {
634 drop_links(nd);
635 nd->depth = i + 1;
636 return false;
637 }
638 }
639 return true;
640 }
641
642 static bool legitimize_root(struct nameidata *nd)
643 {
644 if (!nd->root.mnt || (nd->flags & LOOKUP_ROOT))
645 return true;
646 nd->flags |= LOOKUP_ROOT_GRABBED;
647 return legitimize_path(nd, &nd->root, nd->root_seq);
648 }
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672 static int unlazy_walk(struct nameidata *nd)
673 {
674 struct dentry *parent = nd->path.dentry;
675
676 BUG_ON(!(nd->flags & LOOKUP_RCU));
677
678 nd->flags &= ~LOOKUP_RCU;
679 if (unlikely(!legitimize_links(nd)))
680 goto out1;
681 if (unlikely(!legitimize_path(nd, &nd->path, nd->seq)))
682 goto out;
683 if (unlikely(!legitimize_root(nd)))
684 goto out;
685 rcu_read_unlock();
686 BUG_ON(nd->inode != parent->d_inode);
687 return 0;
688
689 out1:
690 nd->path.mnt = NULL;
691 nd->path.dentry = NULL;
692 out:
693 rcu_read_unlock();
694 return -ECHILD;
695 }
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710 static int unlazy_child(struct nameidata *nd, struct dentry *dentry, unsigned seq)
711 {
712 BUG_ON(!(nd->flags & LOOKUP_RCU));
713
714 nd->flags &= ~LOOKUP_RCU;
715 if (unlikely(!legitimize_links(nd)))
716 goto out2;
717 if (unlikely(!legitimize_mnt(nd->path.mnt, nd->m_seq)))
718 goto out2;
719 if (unlikely(!lockref_get_not_dead(&nd->path.dentry->d_lockref)))
720 goto out1;
721
722
723
724
725
726
727
728
729 if (unlikely(!lockref_get_not_dead(&dentry->d_lockref)))
730 goto out;
731 if (unlikely(read_seqcount_retry(&dentry->d_seq, seq)))
732 goto out_dput;
733
734
735
736
737 if (unlikely(!legitimize_root(nd)))
738 goto out_dput;
739 rcu_read_unlock();
740 return 0;
741
742 out2:
743 nd->path.mnt = NULL;
744 out1:
745 nd->path.dentry = NULL;
746 out:
747 rcu_read_unlock();
748 return -ECHILD;
749 out_dput:
750 rcu_read_unlock();
751 dput(dentry);
752 return -ECHILD;
753 }
754
755 static inline int d_revalidate(struct dentry *dentry, unsigned int flags)
756 {
757 if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE))
758 return dentry->d_op->d_revalidate(dentry, flags);
759 else
760 return 1;
761 }
762
763
764
765
766
767
768
769
770
771
772
773 static int complete_walk(struct nameidata *nd)
774 {
775 struct dentry *dentry = nd->path.dentry;
776 int status;
777
778 if (nd->flags & LOOKUP_RCU) {
779 if (!(nd->flags & LOOKUP_ROOT))
780 nd->root.mnt = NULL;
781 if (unlikely(unlazy_walk(nd)))
782 return -ECHILD;
783 }
784
785 if (likely(!(nd->flags & LOOKUP_JUMPED)))
786 return 0;
787
788 if (likely(!(dentry->d_flags & DCACHE_OP_WEAK_REVALIDATE)))
789 return 0;
790
791 status = dentry->d_op->d_weak_revalidate(dentry, nd->flags);
792 if (status > 0)
793 return 0;
794
795 if (!status)
796 status = -ESTALE;
797
798 return status;
799 }
800
801 static void set_root(struct nameidata *nd)
802 {
803 struct fs_struct *fs = current->fs;
804
805 if (nd->flags & LOOKUP_RCU) {
806 unsigned seq;
807
808 do {
809 seq = read_seqcount_begin(&fs->seq);
810 nd->root = fs->root;
811 nd->root_seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
812 } while (read_seqcount_retry(&fs->seq, seq));
813 } else {
814 get_fs_root(fs, &nd->root);
815 nd->flags |= LOOKUP_ROOT_GRABBED;
816 }
817 }
818
819 static void path_put_conditional(struct path *path, struct nameidata *nd)
820 {
821 dput(path->dentry);
822 if (path->mnt != nd->path.mnt)
823 mntput(path->mnt);
824 }
825
826 static inline void path_to_nameidata(const struct path *path,
827 struct nameidata *nd)
828 {
829 if (!(nd->flags & LOOKUP_RCU)) {
830 dput(nd->path.dentry);
831 if (nd->path.mnt != path->mnt)
832 mntput(nd->path.mnt);
833 }
834 nd->path.mnt = path->mnt;
835 nd->path.dentry = path->dentry;
836 }
837
838 static int nd_jump_root(struct nameidata *nd)
839 {
840 if (nd->flags & LOOKUP_RCU) {
841 struct dentry *d;
842 nd->path = nd->root;
843 d = nd->path.dentry;
844 nd->inode = d->d_inode;
845 nd->seq = nd->root_seq;
846 if (unlikely(read_seqcount_retry(&d->d_seq, nd->seq)))
847 return -ECHILD;
848 } else {
849 path_put(&nd->path);
850 nd->path = nd->root;
851 path_get(&nd->path);
852 nd->inode = nd->path.dentry->d_inode;
853 }
854 nd->flags |= LOOKUP_JUMPED;
855 return 0;
856 }
857
858
859
860
861
862 void nd_jump_link(struct path *path)
863 {
864 struct nameidata *nd = current->nameidata;
865 path_put(&nd->path);
866
867 nd->path = *path;
868 nd->inode = nd->path.dentry->d_inode;
869 nd->flags |= LOOKUP_JUMPED;
870 }
871
872 static inline void put_link(struct nameidata *nd)
873 {
874 struct saved *last = nd->stack + --nd->depth;
875 do_delayed_call(&last->done);
876 if (!(nd->flags & LOOKUP_RCU))
877 path_put(&last->link);
878 }
879
880 int sysctl_protected_symlinks __read_mostly = 0;
881 int sysctl_protected_hardlinks __read_mostly = 0;
882 int sysctl_protected_fifos __read_mostly;
883 int sysctl_protected_regular __read_mostly;
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900 static inline int may_follow_link(struct nameidata *nd)
901 {
902 const struct inode *inode;
903 const struct inode *parent;
904 kuid_t puid;
905
906 if (!sysctl_protected_symlinks)
907 return 0;
908
909
910 inode = nd->link_inode;
911 if (uid_eq(current_cred()->fsuid, inode->i_uid))
912 return 0;
913
914
915 parent = nd->inode;
916 if ((parent->i_mode & (S_ISVTX|S_IWOTH)) != (S_ISVTX|S_IWOTH))
917 return 0;
918
919
920 puid = parent->i_uid;
921 if (uid_valid(puid) && uid_eq(puid, inode->i_uid))
922 return 0;
923
924 if (nd->flags & LOOKUP_RCU)
925 return -ECHILD;
926
927 audit_inode(nd->name, nd->stack[0].link.dentry, 0);
928 audit_log_link_denied("follow_link");
929 return -EACCES;
930 }
931
932
933
934
935
936
937
938
939
940
941
942
943
944 static bool safe_hardlink_source(struct inode *inode)
945 {
946 umode_t mode = inode->i_mode;
947
948
949 if (!S_ISREG(mode))
950 return false;
951
952
953 if (mode & S_ISUID)
954 return false;
955
956
957 if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
958 return false;
959
960
961 if (inode_permission(inode, MAY_READ | MAY_WRITE))
962 return false;
963
964 return true;
965 }
966
967
968
969
970
971
972
973
974
975
976
977
978
979 static int may_linkat(struct path *link)
980 {
981 struct inode *inode = link->dentry->d_inode;
982
983
984 if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
985 return -EOVERFLOW;
986
987 if (!sysctl_protected_hardlinks)
988 return 0;
989
990
991
992
993 if (safe_hardlink_source(inode) || inode_owner_or_capable(inode))
994 return 0;
995
996 audit_log_link_denied("linkat");
997 return -EPERM;
998 }
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021 static int may_create_in_sticky(umode_t dir_mode, kuid_t dir_uid,
1022 struct inode * const inode)
1023 {
1024 if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) ||
1025 (!sysctl_protected_regular && S_ISREG(inode->i_mode)) ||
1026 likely(!(dir_mode & S_ISVTX)) ||
1027 uid_eq(inode->i_uid, dir_uid) ||
1028 uid_eq(current_fsuid(), inode->i_uid))
1029 return 0;
1030
1031 if (likely(dir_mode & 0002) ||
1032 (dir_mode & 0020 &&
1033 ((sysctl_protected_fifos >= 2 && S_ISFIFO(inode->i_mode)) ||
1034 (sysctl_protected_regular >= 2 && S_ISREG(inode->i_mode))))) {
1035 return -EACCES;
1036 }
1037 return 0;
1038 }
1039
1040 static __always_inline
1041 const char *get_link(struct nameidata *nd)
1042 {
1043 struct saved *last = nd->stack + nd->depth - 1;
1044 struct dentry *dentry = last->link.dentry;
1045 struct inode *inode = nd->link_inode;
1046 int error;
1047 const char *res;
1048
1049 if (!(nd->flags & LOOKUP_RCU)) {
1050 touch_atime(&last->link);
1051 cond_resched();
1052 } else if (atime_needs_update(&last->link, inode)) {
1053 if (unlikely(unlazy_walk(nd)))
1054 return ERR_PTR(-ECHILD);
1055 touch_atime(&last->link);
1056 }
1057
1058 error = security_inode_follow_link(dentry, inode,
1059 nd->flags & LOOKUP_RCU);
1060 if (unlikely(error))
1061 return ERR_PTR(error);
1062
1063 nd->last_type = LAST_BIND;
1064 res = READ_ONCE(inode->i_link);
1065 if (!res) {
1066 const char * (*get)(struct dentry *, struct inode *,
1067 struct delayed_call *);
1068 get = inode->i_op->get_link;
1069 if (nd->flags & LOOKUP_RCU) {
1070 res = get(NULL, inode, &last->done);
1071 if (res == ERR_PTR(-ECHILD)) {
1072 if (unlikely(unlazy_walk(nd)))
1073 return ERR_PTR(-ECHILD);
1074 res = get(dentry, inode, &last->done);
1075 }
1076 } else {
1077 res = get(dentry, inode, &last->done);
1078 }
1079 if (IS_ERR_OR_NULL(res))
1080 return res;
1081 }
1082 if (*res == '/') {
1083 if (!nd->root.mnt)
1084 set_root(nd);
1085 if (unlikely(nd_jump_root(nd)))
1086 return ERR_PTR(-ECHILD);
1087 while (unlikely(*++res == '/'))
1088 ;
1089 }
1090 if (!*res)
1091 res = NULL;
1092 return res;
1093 }
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105 int follow_up(struct path *path)
1106 {
1107 struct mount *mnt = real_mount(path->mnt);
1108 struct mount *parent;
1109 struct dentry *mountpoint;
1110
1111 read_seqlock_excl(&mount_lock);
1112 parent = mnt->mnt_parent;
1113 if (parent == mnt) {
1114 read_sequnlock_excl(&mount_lock);
1115 return 0;
1116 }
1117 mntget(&parent->mnt);
1118 mountpoint = dget(mnt->mnt_mountpoint);
1119 read_sequnlock_excl(&mount_lock);
1120 dput(path->dentry);
1121 path->dentry = mountpoint;
1122 mntput(path->mnt);
1123 path->mnt = &parent->mnt;
1124 return 1;
1125 }
1126 EXPORT_SYMBOL(follow_up);
1127
1128
1129
1130
1131
1132
1133 static int follow_automount(struct path *path, struct nameidata *nd,
1134 bool *need_mntput)
1135 {
1136 struct vfsmount *mnt;
1137 int err;
1138
1139 if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
1140 return -EREMOTE;
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153 if (!(nd->flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY |
1154 LOOKUP_OPEN | LOOKUP_CREATE | LOOKUP_AUTOMOUNT)) &&
1155 path->dentry->d_inode)
1156 return -EISDIR;
1157
1158 nd->total_link_count++;
1159 if (nd->total_link_count >= 40)
1160 return -ELOOP;
1161
1162 mnt = path->dentry->d_op->d_automount(path);
1163 if (IS_ERR(mnt)) {
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173 if (PTR_ERR(mnt) == -EISDIR && (nd->flags & LOOKUP_PARENT))
1174 return -EREMOTE;
1175 return PTR_ERR(mnt);
1176 }
1177
1178 if (!mnt)
1179 return 0;
1180
1181 if (!*need_mntput) {
1182
1183 mntget(path->mnt);
1184 *need_mntput = true;
1185 }
1186 err = finish_automount(mnt, path);
1187
1188 switch (err) {
1189 case -EBUSY:
1190
1191 return 0;
1192 case 0:
1193 path_put(path);
1194 path->mnt = mnt;
1195 path->dentry = dget(mnt->mnt_root);
1196 return 0;
1197 default:
1198 return err;
1199 }
1200
1201 }
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213 static int follow_managed(struct path *path, struct nameidata *nd)
1214 {
1215 struct vfsmount *mnt = path->mnt;
1216 unsigned managed;
1217 bool need_mntput = false;
1218 int ret = 0;
1219
1220
1221
1222
1223 while (managed = READ_ONCE(path->dentry->d_flags),
1224 managed &= DCACHE_MANAGED_DENTRY,
1225 unlikely(managed != 0)) {
1226
1227
1228 if (managed & DCACHE_MANAGE_TRANSIT) {
1229 BUG_ON(!path->dentry->d_op);
1230 BUG_ON(!path->dentry->d_op->d_manage);
1231 ret = path->dentry->d_op->d_manage(path, false);
1232 if (ret < 0)
1233 break;
1234 }
1235
1236
1237 if (managed & DCACHE_MOUNTED) {
1238 struct vfsmount *mounted = lookup_mnt(path);
1239 if (mounted) {
1240 dput(path->dentry);
1241 if (need_mntput)
1242 mntput(path->mnt);
1243 path->mnt = mounted;
1244 path->dentry = dget(mounted->mnt_root);
1245 need_mntput = true;
1246 continue;
1247 }
1248
1249
1250
1251
1252
1253 }
1254
1255
1256 if (managed & DCACHE_NEED_AUTOMOUNT) {
1257 ret = follow_automount(path, nd, &need_mntput);
1258 if (ret < 0)
1259 break;
1260 continue;
1261 }
1262
1263
1264 break;
1265 }
1266
1267 if (need_mntput && path->mnt == mnt)
1268 mntput(path->mnt);
1269 if (ret == -EISDIR || !ret)
1270 ret = 1;
1271 if (need_mntput)
1272 nd->flags |= LOOKUP_JUMPED;
1273 if (unlikely(ret < 0))
1274 path_put_conditional(path, nd);
1275 return ret;
1276 }
1277
1278 int follow_down_one(struct path *path)
1279 {
1280 struct vfsmount *mounted;
1281
1282 mounted = lookup_mnt(path);
1283 if (mounted) {
1284 dput(path->dentry);
1285 mntput(path->mnt);
1286 path->mnt = mounted;
1287 path->dentry = dget(mounted->mnt_root);
1288 return 1;
1289 }
1290 return 0;
1291 }
1292 EXPORT_SYMBOL(follow_down_one);
1293
1294 static inline int managed_dentry_rcu(const struct path *path)
1295 {
1296 return (path->dentry->d_flags & DCACHE_MANAGE_TRANSIT) ?
1297 path->dentry->d_op->d_manage(path, true) : 0;
1298 }
1299
1300
1301
1302
1303
1304 static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
1305 struct inode **inode, unsigned *seqp)
1306 {
1307 for (;;) {
1308 struct mount *mounted;
1309
1310
1311
1312
1313 switch (managed_dentry_rcu(path)) {
1314 case -ECHILD:
1315 default:
1316 return false;
1317 case -EISDIR:
1318 return true;
1319 case 0:
1320 break;
1321 }
1322
1323 if (!d_mountpoint(path->dentry))
1324 return !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT);
1325
1326 mounted = __lookup_mnt(path->mnt, path->dentry);
1327 if (!mounted)
1328 break;
1329 path->mnt = &mounted->mnt;
1330 path->dentry = mounted->mnt.mnt_root;
1331 nd->flags |= LOOKUP_JUMPED;
1332 *seqp = read_seqcount_begin(&path->dentry->d_seq);
1333
1334
1335
1336
1337
1338 *inode = path->dentry->d_inode;
1339 }
1340 return !read_seqretry(&mount_lock, nd->m_seq) &&
1341 !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT);
1342 }
1343
1344 static int follow_dotdot_rcu(struct nameidata *nd)
1345 {
1346 struct inode *inode = nd->inode;
1347
1348 while (1) {
1349 if (path_equal(&nd->path, &nd->root))
1350 break;
1351 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1352 struct dentry *old = nd->path.dentry;
1353 struct dentry *parent = old->d_parent;
1354 unsigned seq;
1355
1356 inode = parent->d_inode;
1357 seq = read_seqcount_begin(&parent->d_seq);
1358 if (unlikely(read_seqcount_retry(&old->d_seq, nd->seq)))
1359 return -ECHILD;
1360 nd->path.dentry = parent;
1361 nd->seq = seq;
1362 if (unlikely(!path_connected(&nd->path)))
1363 return -ECHILD;
1364 break;
1365 } else {
1366 struct mount *mnt = real_mount(nd->path.mnt);
1367 struct mount *mparent = mnt->mnt_parent;
1368 struct dentry *mountpoint = mnt->mnt_mountpoint;
1369 struct inode *inode2 = mountpoint->d_inode;
1370 unsigned seq = read_seqcount_begin(&mountpoint->d_seq);
1371 if (unlikely(read_seqretry(&mount_lock, nd->m_seq)))
1372 return -ECHILD;
1373 if (&mparent->mnt == nd->path.mnt)
1374 break;
1375
1376 nd->path.dentry = mountpoint;
1377 nd->path.mnt = &mparent->mnt;
1378 inode = inode2;
1379 nd->seq = seq;
1380 }
1381 }
1382 while (unlikely(d_mountpoint(nd->path.dentry))) {
1383 struct mount *mounted;
1384 mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
1385 if (unlikely(read_seqretry(&mount_lock, nd->m_seq)))
1386 return -ECHILD;
1387 if (!mounted)
1388 break;
1389 nd->path.mnt = &mounted->mnt;
1390 nd->path.dentry = mounted->mnt.mnt_root;
1391 inode = nd->path.dentry->d_inode;
1392 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
1393 }
1394 nd->inode = inode;
1395 return 0;
1396 }
1397
1398
1399
1400
1401
1402
1403 int follow_down(struct path *path)
1404 {
1405 unsigned managed;
1406 int ret;
1407
1408 while (managed = READ_ONCE(path->dentry->d_flags),
1409 unlikely(managed & DCACHE_MANAGED_DENTRY)) {
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420 if (managed & DCACHE_MANAGE_TRANSIT) {
1421 BUG_ON(!path->dentry->d_op);
1422 BUG_ON(!path->dentry->d_op->d_manage);
1423 ret = path->dentry->d_op->d_manage(path, false);
1424 if (ret < 0)
1425 return ret == -EISDIR ? 0 : ret;
1426 }
1427
1428
1429 if (managed & DCACHE_MOUNTED) {
1430 struct vfsmount *mounted = lookup_mnt(path);
1431 if (!mounted)
1432 break;
1433 dput(path->dentry);
1434 mntput(path->mnt);
1435 path->mnt = mounted;
1436 path->dentry = dget(mounted->mnt_root);
1437 continue;
1438 }
1439
1440
1441 break;
1442 }
1443 return 0;
1444 }
1445 EXPORT_SYMBOL(follow_down);
1446
1447
1448
1449
1450 static void follow_mount(struct path *path)
1451 {
1452 while (d_mountpoint(path->dentry)) {
1453 struct vfsmount *mounted = lookup_mnt(path);
1454 if (!mounted)
1455 break;
1456 dput(path->dentry);
1457 mntput(path->mnt);
1458 path->mnt = mounted;
1459 path->dentry = dget(mounted->mnt_root);
1460 }
1461 }
1462
1463 static int path_parent_directory(struct path *path)
1464 {
1465 struct dentry *old = path->dentry;
1466
1467 path->dentry = dget_parent(path->dentry);
1468 dput(old);
1469 if (unlikely(!path_connected(path)))
1470 return -ENOENT;
1471 return 0;
1472 }
1473
1474 static int follow_dotdot(struct nameidata *nd)
1475 {
1476 while(1) {
1477 if (path_equal(&nd->path, &nd->root))
1478 break;
1479 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1480 int ret = path_parent_directory(&nd->path);
1481 if (ret)
1482 return ret;
1483 break;
1484 }
1485 if (!follow_up(&nd->path))
1486 break;
1487 }
1488 follow_mount(&nd->path);
1489 nd->inode = nd->path.dentry->d_inode;
1490 return 0;
1491 }
1492
1493
1494
1495
1496
1497 static struct dentry *lookup_dcache(const struct qstr *name,
1498 struct dentry *dir,
1499 unsigned int flags)
1500 {
1501 struct dentry *dentry = d_lookup(dir, name);
1502 if (dentry) {
1503 int error = d_revalidate(dentry, flags);
1504 if (unlikely(error <= 0)) {
1505 if (!error)
1506 d_invalidate(dentry);
1507 dput(dentry);
1508 return ERR_PTR(error);
1509 }
1510 }
1511 return dentry;
1512 }
1513
1514
1515
1516
1517
1518
1519
1520
1521 static struct dentry *__lookup_hash(const struct qstr *name,
1522 struct dentry *base, unsigned int flags)
1523 {
1524 struct dentry *dentry = lookup_dcache(name, base, flags);
1525 struct dentry *old;
1526 struct inode *dir = base->d_inode;
1527
1528 if (dentry)
1529 return dentry;
1530
1531
1532 if (unlikely(IS_DEADDIR(dir)))
1533 return ERR_PTR(-ENOENT);
1534
1535 dentry = d_alloc(base, name);
1536 if (unlikely(!dentry))
1537 return ERR_PTR(-ENOMEM);
1538
1539 old = dir->i_op->lookup(dir, dentry, flags);
1540 if (unlikely(old)) {
1541 dput(dentry);
1542 dentry = old;
1543 }
1544 return dentry;
1545 }
1546
1547 static int lookup_fast(struct nameidata *nd,
1548 struct path *path, struct inode **inode,
1549 unsigned *seqp)
1550 {
1551 struct vfsmount *mnt = nd->path.mnt;
1552 struct dentry *dentry, *parent = nd->path.dentry;
1553 int status = 1;
1554 int err;
1555
1556
1557
1558
1559
1560
1561 if (nd->flags & LOOKUP_RCU) {
1562 unsigned seq;
1563 bool negative;
1564 dentry = __d_lookup_rcu(parent, &nd->last, &seq);
1565 if (unlikely(!dentry)) {
1566 if (unlazy_walk(nd))
1567 return -ECHILD;
1568 return 0;
1569 }
1570
1571
1572
1573
1574
1575 *inode = d_backing_inode(dentry);
1576 negative = d_is_negative(dentry);
1577 if (unlikely(read_seqcount_retry(&dentry->d_seq, seq)))
1578 return -ECHILD;
1579
1580
1581
1582
1583
1584
1585
1586
1587 if (unlikely(__read_seqcount_retry(&parent->d_seq, nd->seq)))
1588 return -ECHILD;
1589
1590 *seqp = seq;
1591 status = d_revalidate(dentry, nd->flags);
1592 if (likely(status > 0)) {
1593
1594
1595
1596
1597 if (unlikely(negative))
1598 return -ENOENT;
1599 path->mnt = mnt;
1600 path->dentry = dentry;
1601 if (likely(__follow_mount_rcu(nd, path, inode, seqp)))
1602 return 1;
1603 }
1604 if (unlazy_child(nd, dentry, seq))
1605 return -ECHILD;
1606 if (unlikely(status == -ECHILD))
1607
1608 status = d_revalidate(dentry, nd->flags);
1609 } else {
1610 dentry = __d_lookup(parent, &nd->last);
1611 if (unlikely(!dentry))
1612 return 0;
1613 status = d_revalidate(dentry, nd->flags);
1614 }
1615 if (unlikely(status <= 0)) {
1616 if (!status)
1617 d_invalidate(dentry);
1618 dput(dentry);
1619 return status;
1620 }
1621 if (unlikely(d_is_negative(dentry))) {
1622 dput(dentry);
1623 return -ENOENT;
1624 }
1625
1626 path->mnt = mnt;
1627 path->dentry = dentry;
1628 err = follow_managed(path, nd);
1629 if (likely(err > 0))
1630 *inode = d_backing_inode(path->dentry);
1631 return err;
1632 }
1633
1634
1635 static struct dentry *__lookup_slow(const struct qstr *name,
1636 struct dentry *dir,
1637 unsigned int flags)
1638 {
1639 struct dentry *dentry, *old;
1640 struct inode *inode = dir->d_inode;
1641 DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq);
1642
1643
1644 if (unlikely(IS_DEADDIR(inode)))
1645 return ERR_PTR(-ENOENT);
1646 again:
1647 dentry = d_alloc_parallel(dir, name, &wq);
1648 if (IS_ERR(dentry))
1649 return dentry;
1650 if (unlikely(!d_in_lookup(dentry))) {
1651 if (!(flags & LOOKUP_NO_REVAL)) {
1652 int error = d_revalidate(dentry, flags);
1653 if (unlikely(error <= 0)) {
1654 if (!error) {
1655 d_invalidate(dentry);
1656 dput(dentry);
1657 goto again;
1658 }
1659 dput(dentry);
1660 dentry = ERR_PTR(error);
1661 }
1662 }
1663 } else {
1664 old = inode->i_op->lookup(inode, dentry, flags);
1665 d_lookup_done(dentry);
1666 if (unlikely(old)) {
1667 dput(dentry);
1668 dentry = old;
1669 }
1670 }
1671 return dentry;
1672 }
1673
1674 static struct dentry *lookup_slow(const struct qstr *name,
1675 struct dentry *dir,
1676 unsigned int flags)
1677 {
1678 struct inode *inode = dir->d_inode;
1679 struct dentry *res;
1680 inode_lock_shared(inode);
1681 res = __lookup_slow(name, dir, flags);
1682 inode_unlock_shared(inode);
1683 return res;
1684 }
1685
1686 static inline int may_lookup(struct nameidata *nd)
1687 {
1688 if (nd->flags & LOOKUP_RCU) {
1689 int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1690 if (err != -ECHILD)
1691 return err;
1692 if (unlazy_walk(nd))
1693 return -ECHILD;
1694 }
1695 return inode_permission(nd->inode, MAY_EXEC);
1696 }
1697
1698 static inline int handle_dots(struct nameidata *nd, int type)
1699 {
1700 if (type == LAST_DOTDOT) {
1701 if (!nd->root.mnt)
1702 set_root(nd);
1703 if (nd->flags & LOOKUP_RCU) {
1704 return follow_dotdot_rcu(nd);
1705 } else
1706 return follow_dotdot(nd);
1707 }
1708 return 0;
1709 }
1710
1711 static int pick_link(struct nameidata *nd, struct path *link,
1712 struct inode *inode, unsigned seq)
1713 {
1714 int error;
1715 struct saved *last;
1716 if (unlikely(nd->total_link_count++ >= MAXSYMLINKS)) {
1717 path_to_nameidata(link, nd);
1718 return -ELOOP;
1719 }
1720 if (!(nd->flags & LOOKUP_RCU)) {
1721 if (link->mnt == nd->path.mnt)
1722 mntget(link->mnt);
1723 }
1724 error = nd_alloc_stack(nd);
1725 if (unlikely(error)) {
1726 if (error == -ECHILD) {
1727 if (unlikely(!legitimize_path(nd, link, seq))) {
1728 drop_links(nd);
1729 nd->depth = 0;
1730 nd->flags &= ~LOOKUP_RCU;
1731 nd->path.mnt = NULL;
1732 nd->path.dentry = NULL;
1733 rcu_read_unlock();
1734 } else if (likely(unlazy_walk(nd)) == 0)
1735 error = nd_alloc_stack(nd);
1736 }
1737 if (error) {
1738 path_put(link);
1739 return error;
1740 }
1741 }
1742
1743 last = nd->stack + nd->depth++;
1744 last->link = *link;
1745 clear_delayed_call(&last->done);
1746 nd->link_inode = inode;
1747 last->seq = seq;
1748 return 1;
1749 }
1750
1751 enum {WALK_FOLLOW = 1, WALK_MORE = 2};
1752
1753
1754
1755
1756
1757
1758
1759 static inline int step_into(struct nameidata *nd, struct path *path,
1760 int flags, struct inode *inode, unsigned seq)
1761 {
1762 if (!(flags & WALK_MORE) && nd->depth)
1763 put_link(nd);
1764 if (likely(!d_is_symlink(path->dentry)) ||
1765 !(flags & WALK_FOLLOW || nd->flags & LOOKUP_FOLLOW)) {
1766
1767 path_to_nameidata(path, nd);
1768 nd->inode = inode;
1769 nd->seq = seq;
1770 return 0;
1771 }
1772
1773 if (nd->flags & LOOKUP_RCU) {
1774 if (read_seqcount_retry(&path->dentry->d_seq, seq))
1775 return -ECHILD;
1776 }
1777 return pick_link(nd, path, inode, seq);
1778 }
1779
1780 static int walk_component(struct nameidata *nd, int flags)
1781 {
1782 struct path path;
1783 struct inode *inode;
1784 unsigned seq;
1785 int err;
1786
1787
1788
1789
1790
1791 if (unlikely(nd->last_type != LAST_NORM)) {
1792 err = handle_dots(nd, nd->last_type);
1793 if (!(flags & WALK_MORE) && nd->depth)
1794 put_link(nd);
1795 return err;
1796 }
1797 err = lookup_fast(nd, &path, &inode, &seq);
1798 if (unlikely(err <= 0)) {
1799 if (err < 0)
1800 return err;
1801 path.dentry = lookup_slow(&nd->last, nd->path.dentry,
1802 nd->flags);
1803 if (IS_ERR(path.dentry))
1804 return PTR_ERR(path.dentry);
1805
1806 path.mnt = nd->path.mnt;
1807 err = follow_managed(&path, nd);
1808 if (unlikely(err < 0))
1809 return err;
1810
1811 if (unlikely(d_is_negative(path.dentry))) {
1812 path_to_nameidata(&path, nd);
1813 return -ENOENT;
1814 }
1815
1816 seq = 0;
1817 inode = d_backing_inode(path.dentry);
1818 }
1819
1820 return step_into(nd, &path, flags, inode, seq);
1821 }
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840 #ifdef CONFIG_DCACHE_WORD_ACCESS
1841
1842 #include <asm/word-at-a-time.h>
1843
1844 #ifdef HASH_MIX
1845
1846
1847
1848 #elif defined(CONFIG_64BIT)
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878 #define HASH_MIX(x, y, a) \
1879 ( x ^= (a), \
1880 y ^= x, x = rol64(x,12),\
1881 x += y, y = rol64(y,45),\
1882 y *= 9 )
1883
1884
1885
1886
1887
1888
1889 static inline unsigned int fold_hash(unsigned long x, unsigned long y)
1890 {
1891 y ^= x * GOLDEN_RATIO_64;
1892 y *= GOLDEN_RATIO_64;
1893 return y >> 32;
1894 }
1895
1896 #else
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908 #define HASH_MIX(x, y, a) \
1909 ( x ^= (a), \
1910 y ^= x, x = rol32(x, 7),\
1911 x += y, y = rol32(y,20),\
1912 y *= 9 )
1913
1914 static inline unsigned int fold_hash(unsigned long x, unsigned long y)
1915 {
1916
1917 return __hash_32(y ^ __hash_32(x));
1918 }
1919
1920 #endif
1921
1922
1923
1924
1925
1926
1927
1928
1929 unsigned int full_name_hash(const void *salt, const char *name, unsigned int len)
1930 {
1931 unsigned long a, x = 0, y = (unsigned long)salt;
1932
1933 for (;;) {
1934 if (!len)
1935 goto done;
1936 a = load_unaligned_zeropad(name);
1937 if (len < sizeof(unsigned long))
1938 break;
1939 HASH_MIX(x, y, a);
1940 name += sizeof(unsigned long);
1941 len -= sizeof(unsigned long);
1942 }
1943 x ^= a & bytemask_from_count(len);
1944 done:
1945 return fold_hash(x, y);
1946 }
1947 EXPORT_SYMBOL(full_name_hash);
1948
1949
1950 u64 hashlen_string(const void *salt, const char *name)
1951 {
1952 unsigned long a = 0, x = 0, y = (unsigned long)salt;
1953 unsigned long adata, mask, len;
1954 const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
1955
1956 len = 0;
1957 goto inside;
1958
1959 do {
1960 HASH_MIX(x, y, a);
1961 len += sizeof(unsigned long);
1962 inside:
1963 a = load_unaligned_zeropad(name+len);
1964 } while (!has_zero(a, &adata, &constants));
1965
1966 adata = prep_zero_mask(a, adata, &constants);
1967 mask = create_zero_mask(adata);
1968 x ^= a & zero_bytemask(mask);
1969
1970 return hashlen_create(fold_hash(x, y), len + find_zero(mask));
1971 }
1972 EXPORT_SYMBOL(hashlen_string);
1973
1974
1975
1976
1977
1978 static inline u64 hash_name(const void *salt, const char *name)
1979 {
1980 unsigned long a = 0, b, x = 0, y = (unsigned long)salt;
1981 unsigned long adata, bdata, mask, len;
1982 const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
1983
1984 len = 0;
1985 goto inside;
1986
1987 do {
1988 HASH_MIX(x, y, a);
1989 len += sizeof(unsigned long);
1990 inside:
1991 a = load_unaligned_zeropad(name+len);
1992 b = a ^ REPEAT_BYTE('/');
1993 } while (!(has_zero(a, &adata, &constants) | has_zero(b, &bdata, &constants)));
1994
1995 adata = prep_zero_mask(a, adata, &constants);
1996 bdata = prep_zero_mask(b, bdata, &constants);
1997 mask = create_zero_mask(adata | bdata);
1998 x ^= a & zero_bytemask(mask);
1999
2000 return hashlen_create(fold_hash(x, y), len + find_zero(mask));
2001 }
2002
2003 #else
2004
2005
2006 unsigned int full_name_hash(const void *salt, const char *name, unsigned int len)
2007 {
2008 unsigned long hash = init_name_hash(salt);
2009 while (len--)
2010 hash = partial_name_hash((unsigned char)*name++, hash);
2011 return end_name_hash(hash);
2012 }
2013 EXPORT_SYMBOL(full_name_hash);
2014
2015
2016 u64 hashlen_string(const void *salt, const char *name)
2017 {
2018 unsigned long hash = init_name_hash(salt);
2019 unsigned long len = 0, c;
2020
2021 c = (unsigned char)*name;
2022 while (c) {
2023 len++;
2024 hash = partial_name_hash(c, hash);
2025 c = (unsigned char)name[len];
2026 }
2027 return hashlen_create(end_name_hash(hash), len);
2028 }
2029 EXPORT_SYMBOL(hashlen_string);
2030
2031
2032
2033
2034
2035 static inline u64 hash_name(const void *salt, const char *name)
2036 {
2037 unsigned long hash = init_name_hash(salt);
2038 unsigned long len = 0, c;
2039
2040 c = (unsigned char)*name;
2041 do {
2042 len++;
2043 hash = partial_name_hash(c, hash);
2044 c = (unsigned char)name[len];
2045 } while (c && c != '/');
2046 return hashlen_create(end_name_hash(hash), len);
2047 }
2048
2049 #endif
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059 static int link_path_walk(const char *name, struct nameidata *nd)
2060 {
2061 int err;
2062
2063 if (IS_ERR(name))
2064 return PTR_ERR(name);
2065 while (*name=='/')
2066 name++;
2067 if (!*name)
2068 return 0;
2069
2070
2071 for(;;) {
2072 u64 hash_len;
2073 int type;
2074
2075 err = may_lookup(nd);
2076 if (err)
2077 return err;
2078
2079 hash_len = hash_name(nd->path.dentry, name);
2080
2081 type = LAST_NORM;
2082 if (name[0] == '.') switch (hashlen_len(hash_len)) {
2083 case 2:
2084 if (name[1] == '.') {
2085 type = LAST_DOTDOT;
2086 nd->flags |= LOOKUP_JUMPED;
2087 }
2088 break;
2089 case 1:
2090 type = LAST_DOT;
2091 }
2092 if (likely(type == LAST_NORM)) {
2093 struct dentry *parent = nd->path.dentry;
2094 nd->flags &= ~LOOKUP_JUMPED;
2095 if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
2096 struct qstr this = { { .hash_len = hash_len }, .name = name };
2097 err = parent->d_op->d_hash(parent, &this);
2098 if (err < 0)
2099 return err;
2100 hash_len = this.hash_len;
2101 name = this.name;
2102 }
2103 }
2104
2105 nd->last.hash_len = hash_len;
2106 nd->last.name = name;
2107 nd->last_type = type;
2108
2109 name += hashlen_len(hash_len);
2110 if (!*name)
2111 goto OK;
2112
2113
2114
2115
2116 do {
2117 name++;
2118 } while (unlikely(*name == '/'));
2119 if (unlikely(!*name)) {
2120 OK:
2121
2122 if (!nd->depth)
2123 return 0;
2124 name = nd->stack[nd->depth - 1].name;
2125
2126 if (!name)
2127 return 0;
2128
2129 err = walk_component(nd, WALK_FOLLOW);
2130 } else {
2131
2132 err = walk_component(nd, WALK_FOLLOW | WALK_MORE);
2133 }
2134 if (err < 0)
2135 return err;
2136
2137 if (err) {
2138 const char *s = get_link(nd);
2139
2140 if (IS_ERR(s))
2141 return PTR_ERR(s);
2142 err = 0;
2143 if (unlikely(!s)) {
2144
2145 put_link(nd);
2146 } else {
2147 nd->stack[nd->depth - 1].name = name;
2148 name = s;
2149 continue;
2150 }
2151 }
2152 if (unlikely(!d_can_lookup(nd->path.dentry))) {
2153 if (nd->flags & LOOKUP_RCU) {
2154 if (unlazy_walk(nd))
2155 return -ECHILD;
2156 }
2157 return -ENOTDIR;
2158 }
2159 }
2160 }
2161
2162
2163 static const char *path_init(struct nameidata *nd, unsigned flags)
2164 {
2165 const char *s = nd->name->name;
2166
2167 if (!*s)
2168 flags &= ~LOOKUP_RCU;
2169 if (flags & LOOKUP_RCU)
2170 rcu_read_lock();
2171
2172 nd->last_type = LAST_ROOT;
2173 nd->flags = flags | LOOKUP_JUMPED | LOOKUP_PARENT;
2174 nd->depth = 0;
2175 if (flags & LOOKUP_ROOT) {
2176 struct dentry *root = nd->root.dentry;
2177 struct inode *inode = root->d_inode;
2178 if (*s && unlikely(!d_can_lookup(root)))
2179 return ERR_PTR(-ENOTDIR);
2180 nd->path = nd->root;
2181 nd->inode = inode;
2182 if (flags & LOOKUP_RCU) {
2183 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
2184 nd->root_seq = nd->seq;
2185 nd->m_seq = read_seqbegin(&mount_lock);
2186 } else {
2187 path_get(&nd->path);
2188 }
2189 return s;
2190 }
2191
2192 nd->root.mnt = NULL;
2193 nd->path.mnt = NULL;
2194 nd->path.dentry = NULL;
2195
2196 nd->m_seq = read_seqbegin(&mount_lock);
2197 if (*s == '/') {
2198 set_root(nd);
2199 if (likely(!nd_jump_root(nd)))
2200 return s;
2201 return ERR_PTR(-ECHILD);
2202 } else if (nd->dfd == AT_FDCWD) {
2203 if (flags & LOOKUP_RCU) {
2204 struct fs_struct *fs = current->fs;
2205 unsigned seq;
2206
2207 do {
2208 seq = read_seqcount_begin(&fs->seq);
2209 nd->path = fs->pwd;
2210 nd->inode = nd->path.dentry->d_inode;
2211 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
2212 } while (read_seqcount_retry(&fs->seq, seq));
2213 } else {
2214 get_fs_pwd(current->fs, &nd->path);
2215 nd->inode = nd->path.dentry->d_inode;
2216 }
2217 return s;
2218 } else {
2219
2220 struct fd f = fdget_raw(nd->dfd);
2221 struct dentry *dentry;
2222
2223 if (!f.file)
2224 return ERR_PTR(-EBADF);
2225
2226 dentry = f.file->f_path.dentry;
2227
2228 if (*s && unlikely(!d_can_lookup(dentry))) {
2229 fdput(f);
2230 return ERR_PTR(-ENOTDIR);
2231 }
2232
2233 nd->path = f.file->f_path;
2234 if (flags & LOOKUP_RCU) {
2235 nd->inode = nd->path.dentry->d_inode;
2236 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
2237 } else {
2238 path_get(&nd->path);
2239 nd->inode = nd->path.dentry->d_inode;
2240 }
2241 fdput(f);
2242 return s;
2243 }
2244 }
2245
2246 static const char *trailing_symlink(struct nameidata *nd)
2247 {
2248 const char *s;
2249 int error = may_follow_link(nd);
2250 if (unlikely(error))
2251 return ERR_PTR(error);
2252 nd->flags |= LOOKUP_PARENT;
2253 nd->stack[0].name = NULL;
2254 s = get_link(nd);
2255 return s ? s : "";
2256 }
2257
2258 static inline int lookup_last(struct nameidata *nd)
2259 {
2260 if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
2261 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
2262
2263 nd->flags &= ~LOOKUP_PARENT;
2264 return walk_component(nd, 0);
2265 }
2266
2267 static int handle_lookup_down(struct nameidata *nd)
2268 {
2269 struct path path = nd->path;
2270 struct inode *inode = nd->inode;
2271 unsigned seq = nd->seq;
2272 int err;
2273
2274 if (nd->flags & LOOKUP_RCU) {
2275
2276
2277
2278
2279
2280 if (unlikely(!__follow_mount_rcu(nd, &path, &inode, &seq)))
2281 return -ECHILD;
2282 } else {
2283 dget(path.dentry);
2284 err = follow_managed(&path, nd);
2285 if (unlikely(err < 0))
2286 return err;
2287 inode = d_backing_inode(path.dentry);
2288 seq = 0;
2289 }
2290 path_to_nameidata(&path, nd);
2291 nd->inode = inode;
2292 nd->seq = seq;
2293 return 0;
2294 }
2295
2296
2297 static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path)
2298 {
2299 const char *s = path_init(nd, flags);
2300 int err;
2301
2302 if (unlikely(flags & LOOKUP_DOWN) && !IS_ERR(s)) {
2303 err = handle_lookup_down(nd);
2304 if (unlikely(err < 0))
2305 s = ERR_PTR(err);
2306 }
2307
2308 while (!(err = link_path_walk(s, nd))
2309 && ((err = lookup_last(nd)) > 0)) {
2310 s = trailing_symlink(nd);
2311 }
2312 if (!err)
2313 err = complete_walk(nd);
2314
2315 if (!err && nd->flags & LOOKUP_DIRECTORY)
2316 if (!d_can_lookup(nd->path.dentry))
2317 err = -ENOTDIR;
2318 if (!err) {
2319 *path = nd->path;
2320 nd->path.mnt = NULL;
2321 nd->path.dentry = NULL;
2322 }
2323 terminate_walk(nd);
2324 return err;
2325 }
2326
2327 int filename_lookup(int dfd, struct filename *name, unsigned flags,
2328 struct path *path, struct path *root)
2329 {
2330 int retval;
2331 struct nameidata nd;
2332 if (IS_ERR(name))
2333 return PTR_ERR(name);
2334 if (unlikely(root)) {
2335 nd.root = *root;
2336 flags |= LOOKUP_ROOT;
2337 }
2338 set_nameidata(&nd, dfd, name);
2339 retval = path_lookupat(&nd, flags | LOOKUP_RCU, path);
2340 if (unlikely(retval == -ECHILD))
2341 retval = path_lookupat(&nd, flags, path);
2342 if (unlikely(retval == -ESTALE))
2343 retval = path_lookupat(&nd, flags | LOOKUP_REVAL, path);
2344
2345 if (likely(!retval))
2346 audit_inode(name, path->dentry, 0);
2347 restore_nameidata();
2348 putname(name);
2349 return retval;
2350 }
2351
2352
2353 static int path_parentat(struct nameidata *nd, unsigned flags,
2354 struct path *parent)
2355 {
2356 const char *s = path_init(nd, flags);
2357 int err = link_path_walk(s, nd);
2358 if (!err)
2359 err = complete_walk(nd);
2360 if (!err) {
2361 *parent = nd->path;
2362 nd->path.mnt = NULL;
2363 nd->path.dentry = NULL;
2364 }
2365 terminate_walk(nd);
2366 return err;
2367 }
2368
2369 static struct filename *filename_parentat(int dfd, struct filename *name,
2370 unsigned int flags, struct path *parent,
2371 struct qstr *last, int *type)
2372 {
2373 int retval;
2374 struct nameidata nd;
2375
2376 if (IS_ERR(name))
2377 return name;
2378 set_nameidata(&nd, dfd, name);
2379 retval = path_parentat(&nd, flags | LOOKUP_RCU, parent);
2380 if (unlikely(retval == -ECHILD))
2381 retval = path_parentat(&nd, flags, parent);
2382 if (unlikely(retval == -ESTALE))
2383 retval = path_parentat(&nd, flags | LOOKUP_REVAL, parent);
2384 if (likely(!retval)) {
2385 *last = nd.last;
2386 *type = nd.last_type;
2387 audit_inode(name, parent->dentry, AUDIT_INODE_PARENT);
2388 } else {
2389 putname(name);
2390 name = ERR_PTR(retval);
2391 }
2392 restore_nameidata();
2393 return name;
2394 }
2395
2396
2397 struct dentry *kern_path_locked(const char *name, struct path *path)
2398 {
2399 struct filename *filename;
2400 struct dentry *d;
2401 struct qstr last;
2402 int type;
2403
2404 filename = filename_parentat(AT_FDCWD, getname_kernel(name), 0, path,
2405 &last, &type);
2406 if (IS_ERR(filename))
2407 return ERR_CAST(filename);
2408 if (unlikely(type != LAST_NORM)) {
2409 path_put(path);
2410 putname(filename);
2411 return ERR_PTR(-EINVAL);
2412 }
2413 inode_lock_nested(path->dentry->d_inode, I_MUTEX_PARENT);
2414 d = __lookup_hash(&last, path->dentry, 0);
2415 if (IS_ERR(d)) {
2416 inode_unlock(path->dentry->d_inode);
2417 path_put(path);
2418 }
2419 putname(filename);
2420 return d;
2421 }
2422
2423 int kern_path(const char *name, unsigned int flags, struct path *path)
2424 {
2425 return filename_lookup(AT_FDCWD, getname_kernel(name),
2426 flags, path, NULL);
2427 }
2428 EXPORT_SYMBOL(kern_path);
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438 int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
2439 const char *name, unsigned int flags,
2440 struct path *path)
2441 {
2442 struct path root = {.mnt = mnt, .dentry = dentry};
2443
2444 return filename_lookup(AT_FDCWD, getname_kernel(name),
2445 flags , path, &root);
2446 }
2447 EXPORT_SYMBOL(vfs_path_lookup);
2448
2449 static int lookup_one_len_common(const char *name, struct dentry *base,
2450 int len, struct qstr *this)
2451 {
2452 this->name = name;
2453 this->len = len;
2454 this->hash = full_name_hash(base, name, len);
2455 if (!len)
2456 return -EACCES;
2457
2458 if (unlikely(name[0] == '.')) {
2459 if (len < 2 || (len == 2 && name[1] == '.'))
2460 return -EACCES;
2461 }
2462
2463 while (len--) {
2464 unsigned int c = *(const unsigned char *)name++;
2465 if (c == '/' || c == '\0')
2466 return -EACCES;
2467 }
2468
2469
2470
2471
2472 if (base->d_flags & DCACHE_OP_HASH) {
2473 int err = base->d_op->d_hash(base, this);
2474 if (err < 0)
2475 return err;
2476 }
2477
2478 return inode_permission(base->d_inode, MAY_EXEC);
2479 }
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495 struct dentry *try_lookup_one_len(const char *name, struct dentry *base, int len)
2496 {
2497 struct qstr this;
2498 int err;
2499
2500 WARN_ON_ONCE(!inode_is_locked(base->d_inode));
2501
2502 err = lookup_one_len_common(name, base, len, &this);
2503 if (err)
2504 return ERR_PTR(err);
2505
2506 return lookup_dcache(&this, base, 0);
2507 }
2508 EXPORT_SYMBOL(try_lookup_one_len);
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521 struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
2522 {
2523 struct dentry *dentry;
2524 struct qstr this;
2525 int err;
2526
2527 WARN_ON_ONCE(!inode_is_locked(base->d_inode));
2528
2529 err = lookup_one_len_common(name, base, len, &this);
2530 if (err)
2531 return ERR_PTR(err);
2532
2533 dentry = lookup_dcache(&this, base, 0);
2534 return dentry ? dentry : __lookup_slow(&this, base, 0);
2535 }
2536 EXPORT_SYMBOL(lookup_one_len);
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550 struct dentry *lookup_one_len_unlocked(const char *name,
2551 struct dentry *base, int len)
2552 {
2553 struct qstr this;
2554 int err;
2555 struct dentry *ret;
2556
2557 err = lookup_one_len_common(name, base, len, &this);
2558 if (err)
2559 return ERR_PTR(err);
2560
2561 ret = lookup_dcache(&this, base, 0);
2562 if (!ret)
2563 ret = lookup_slow(&this, base, 0);
2564 return ret;
2565 }
2566 EXPORT_SYMBOL(lookup_one_len_unlocked);
2567
2568 #ifdef CONFIG_UNIX98_PTYS
2569 int path_pts(struct path *path)
2570 {
2571
2572
2573
2574 struct dentry *child, *parent;
2575 struct qstr this;
2576 int ret;
2577
2578 ret = path_parent_directory(path);
2579 if (ret)
2580 return ret;
2581
2582 parent = path->dentry;
2583 this.name = "pts";
2584 this.len = 3;
2585 child = d_hash_and_lookup(parent, &this);
2586 if (!child)
2587 return -ENOENT;
2588
2589 path->dentry = child;
2590 dput(parent);
2591 follow_mount(path);
2592 return 0;
2593 }
2594 #endif
2595
2596 int user_path_at_empty(int dfd, const char __user *name, unsigned flags,
2597 struct path *path, int *empty)
2598 {
2599 return filename_lookup(dfd, getname_flags(name, flags, empty),
2600 flags, path, NULL);
2601 }
2602 EXPORT_SYMBOL(user_path_at_empty);
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627 static int
2628 mountpoint_last(struct nameidata *nd)
2629 {
2630 int error = 0;
2631 struct dentry *dir = nd->path.dentry;
2632 struct path path;
2633
2634
2635 if (nd->flags & LOOKUP_RCU) {
2636 if (unlazy_walk(nd))
2637 return -ECHILD;
2638 }
2639
2640 nd->flags &= ~LOOKUP_PARENT;
2641
2642 if (unlikely(nd->last_type != LAST_NORM)) {
2643 error = handle_dots(nd, nd->last_type);
2644 if (error)
2645 return error;
2646 path.dentry = dget(nd->path.dentry);
2647 } else {
2648 path.dentry = d_lookup(dir, &nd->last);
2649 if (!path.dentry) {
2650
2651
2652
2653
2654
2655
2656 path.dentry = lookup_slow(&nd->last, dir,
2657 nd->flags | LOOKUP_NO_REVAL);
2658 if (IS_ERR(path.dentry))
2659 return PTR_ERR(path.dentry);
2660 }
2661 }
2662 if (d_is_negative(path.dentry)) {
2663 dput(path.dentry);
2664 return -ENOENT;
2665 }
2666 path.mnt = nd->path.mnt;
2667 return step_into(nd, &path, 0, d_backing_inode(path.dentry), 0);
2668 }
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679 static int
2680 path_mountpoint(struct nameidata *nd, unsigned flags, struct path *path)
2681 {
2682 const char *s = path_init(nd, flags);
2683 int err;
2684
2685 while (!(err = link_path_walk(s, nd)) &&
2686 (err = mountpoint_last(nd)) > 0) {
2687 s = trailing_symlink(nd);
2688 }
2689 if (!err) {
2690 *path = nd->path;
2691 nd->path.mnt = NULL;
2692 nd->path.dentry = NULL;
2693 follow_mount(path);
2694 }
2695 terminate_walk(nd);
2696 return err;
2697 }
2698
2699 static int
2700 filename_mountpoint(int dfd, struct filename *name, struct path *path,
2701 unsigned int flags)
2702 {
2703 struct nameidata nd;
2704 int error;
2705 if (IS_ERR(name))
2706 return PTR_ERR(name);
2707 set_nameidata(&nd, dfd, name);
2708 error = path_mountpoint(&nd, flags | LOOKUP_RCU, path);
2709 if (unlikely(error == -ECHILD))
2710 error = path_mountpoint(&nd, flags, path);
2711 if (unlikely(error == -ESTALE))
2712 error = path_mountpoint(&nd, flags | LOOKUP_REVAL, path);
2713 if (likely(!error))
2714 audit_inode(name, path->dentry, AUDIT_INODE_NOEVAL);
2715 restore_nameidata();
2716 putname(name);
2717 return error;
2718 }
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734 int
2735 user_path_mountpoint_at(int dfd, const char __user *name, unsigned int flags,
2736 struct path *path)
2737 {
2738 return filename_mountpoint(dfd, getname(name), path, flags);
2739 }
2740
2741 int
2742 kern_path_mountpoint(int dfd, const char *name, struct path *path,
2743 unsigned int flags)
2744 {
2745 return filename_mountpoint(dfd, getname_kernel(name), path, flags);
2746 }
2747 EXPORT_SYMBOL(kern_path_mountpoint);
2748
2749 int __check_sticky(struct inode *dir, struct inode *inode)
2750 {
2751 kuid_t fsuid = current_fsuid();
2752
2753 if (uid_eq(inode->i_uid, fsuid))
2754 return 0;
2755 if (uid_eq(dir->i_uid, fsuid))
2756 return 0;
2757 return !capable_wrt_inode_uidgid(inode, CAP_FOWNER);
2758 }
2759 EXPORT_SYMBOL(__check_sticky);
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781 static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
2782 {
2783 struct inode *inode = d_backing_inode(victim);
2784 int error;
2785
2786 if (d_is_negative(victim))
2787 return -ENOENT;
2788 BUG_ON(!inode);
2789
2790 BUG_ON(victim->d_parent->d_inode != dir);
2791
2792
2793 if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
2794 return -EOVERFLOW;
2795
2796 audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE);
2797
2798 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
2799 if (error)
2800 return error;
2801 if (IS_APPEND(dir))
2802 return -EPERM;
2803
2804 if (check_sticky(dir, inode) || IS_APPEND(inode) ||
2805 IS_IMMUTABLE(inode) || IS_SWAPFILE(inode) || HAS_UNMAPPED_ID(inode))
2806 return -EPERM;
2807 if (isdir) {
2808 if (!d_is_dir(victim))
2809 return -ENOTDIR;
2810 if (IS_ROOT(victim))
2811 return -EBUSY;
2812 } else if (d_is_dir(victim))
2813 return -EISDIR;
2814 if (IS_DEADDIR(dir))
2815 return -ENOENT;
2816 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
2817 return -EBUSY;
2818 return 0;
2819 }
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830 static inline int may_create(struct inode *dir, struct dentry *child)
2831 {
2832 struct user_namespace *s_user_ns;
2833 audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);
2834 if (child->d_inode)
2835 return -EEXIST;
2836 if (IS_DEADDIR(dir))
2837 return -ENOENT;
2838 s_user_ns = dir->i_sb->s_user_ns;
2839 if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||
2840 !kgid_has_mapping(s_user_ns, current_fsgid()))
2841 return -EOVERFLOW;
2842 return inode_permission(dir, MAY_WRITE | MAY_EXEC);
2843 }
2844
2845
2846
2847
2848 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
2849 {
2850 struct dentry *p;
2851
2852 if (p1 == p2) {
2853 inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2854 return NULL;
2855 }
2856
2857 mutex_lock(&p1->d_sb->s_vfs_rename_mutex);
2858
2859 p = d_ancestor(p2, p1);
2860 if (p) {
2861 inode_lock_nested(p2->d_inode, I_MUTEX_PARENT);
2862 inode_lock_nested(p1->d_inode, I_MUTEX_CHILD);
2863 return p;
2864 }
2865
2866 p = d_ancestor(p1, p2);
2867 if (p) {
2868 inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2869 inode_lock_nested(p2->d_inode, I_MUTEX_CHILD);
2870 return p;
2871 }
2872
2873 inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2874 inode_lock_nested(p2->d_inode, I_MUTEX_PARENT2);
2875 return NULL;
2876 }
2877 EXPORT_SYMBOL(lock_rename);
2878
2879 void unlock_rename(struct dentry *p1, struct dentry *p2)
2880 {
2881 inode_unlock(p1->d_inode);
2882 if (p1 != p2) {
2883 inode_unlock(p2->d_inode);
2884 mutex_unlock(&p1->d_sb->s_vfs_rename_mutex);
2885 }
2886 }
2887 EXPORT_SYMBOL(unlock_rename);
2888
2889 int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
2890 bool want_excl)
2891 {
2892 int error = may_create(dir, dentry);
2893 if (error)
2894 return error;
2895
2896 if (!dir->i_op->create)
2897 return -EACCES;
2898 mode &= S_IALLUGO;
2899 mode |= S_IFREG;
2900 error = security_inode_create(dir, dentry, mode);
2901 if (error)
2902 return error;
2903 error = dir->i_op->create(dir, dentry, mode, want_excl);
2904 if (!error)
2905 fsnotify_create(dir, dentry);
2906 return error;
2907 }
2908 EXPORT_SYMBOL(vfs_create);
2909
2910 int vfs_mkobj(struct dentry *dentry, umode_t mode,
2911 int (*f)(struct dentry *, umode_t, void *),
2912 void *arg)
2913 {
2914 struct inode *dir = dentry->d_parent->d_inode;
2915 int error = may_create(dir, dentry);
2916 if (error)
2917 return error;
2918
2919 mode &= S_IALLUGO;
2920 mode |= S_IFREG;
2921 error = security_inode_create(dir, dentry, mode);
2922 if (error)
2923 return error;
2924 error = f(dentry, mode, arg);
2925 if (!error)
2926 fsnotify_create(dir, dentry);
2927 return error;
2928 }
2929 EXPORT_SYMBOL(vfs_mkobj);
2930
2931 bool may_open_dev(const struct path *path)
2932 {
2933 return !(path->mnt->mnt_flags & MNT_NODEV) &&
2934 !(path->mnt->mnt_sb->s_iflags & SB_I_NODEV);
2935 }
2936
2937 static int may_open(const struct path *path, int acc_mode, int flag)
2938 {
2939 struct dentry *dentry = path->dentry;
2940 struct inode *inode = dentry->d_inode;
2941 int error;
2942
2943 if (!inode)
2944 return -ENOENT;
2945
2946 switch (inode->i_mode & S_IFMT) {
2947 case S_IFLNK:
2948 return -ELOOP;
2949 case S_IFDIR:
2950 if (acc_mode & MAY_WRITE)
2951 return -EISDIR;
2952 break;
2953 case S_IFBLK:
2954 case S_IFCHR:
2955 if (!may_open_dev(path))
2956 return -EACCES;
2957
2958 case S_IFIFO:
2959 case S_IFSOCK:
2960 flag &= ~O_TRUNC;
2961 break;
2962 }
2963
2964 error = inode_permission(inode, MAY_OPEN | acc_mode);
2965 if (error)
2966 return error;
2967
2968
2969
2970
2971 if (IS_APPEND(inode)) {
2972 if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
2973 return -EPERM;
2974 if (flag & O_TRUNC)
2975 return -EPERM;
2976 }
2977
2978
2979 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
2980 return -EPERM;
2981
2982 return 0;
2983 }
2984
2985 static int handle_truncate(struct file *filp)
2986 {
2987 const struct path *path = &filp->f_path;
2988 struct inode *inode = path->dentry->d_inode;
2989 int error = get_write_access(inode);
2990 if (error)
2991 return error;
2992
2993
2994
2995 error = locks_verify_locked(filp);
2996 if (!error)
2997 error = security_path_truncate(path);
2998 if (!error) {
2999 error = do_truncate(path->dentry, 0,
3000 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
3001 filp);
3002 }
3003 put_write_access(inode);
3004 return error;
3005 }
3006
3007 static inline int open_to_namei_flags(int flag)
3008 {
3009 if ((flag & O_ACCMODE) == 3)
3010 flag--;
3011 return flag;
3012 }
3013
3014 static int may_o_create(const struct path *dir, struct dentry *dentry, umode_t mode)
3015 {
3016 struct user_namespace *s_user_ns;
3017 int error = security_path_mknod(dir, dentry, mode, 0);
3018 if (error)
3019 return error;
3020
3021 s_user_ns = dir->dentry->d_sb->s_user_ns;
3022 if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||
3023 !kgid_has_mapping(s_user_ns, current_fsgid()))
3024 return -EOVERFLOW;
3025
3026 error = inode_permission(dir->dentry->d_inode, MAY_WRITE | MAY_EXEC);
3027 if (error)
3028 return error;
3029
3030 return security_inode_create(dir->dentry->d_inode, dentry, mode);
3031 }
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046 static int atomic_open(struct nameidata *nd, struct dentry *dentry,
3047 struct path *path, struct file *file,
3048 const struct open_flags *op,
3049 int open_flag, umode_t mode)
3050 {
3051 struct dentry *const DENTRY_NOT_SET = (void *) -1UL;
3052 struct inode *dir = nd->path.dentry->d_inode;
3053 int error;
3054
3055 if (!(~open_flag & (O_EXCL | O_CREAT)))
3056 open_flag &= ~O_TRUNC;
3057
3058 if (nd->flags & LOOKUP_DIRECTORY)
3059 open_flag |= O_DIRECTORY;
3060
3061 file->f_path.dentry = DENTRY_NOT_SET;
3062 file->f_path.mnt = nd->path.mnt;
3063 error = dir->i_op->atomic_open(dir, dentry, file,
3064 open_to_namei_flags(open_flag), mode);
3065 d_lookup_done(dentry);
3066 if (!error) {
3067 if (file->f_mode & FMODE_OPENED) {
3068
3069
3070
3071
3072 int acc_mode = op->acc_mode;
3073 if (file->f_mode & FMODE_CREATED) {
3074 WARN_ON(!(open_flag & O_CREAT));
3075 fsnotify_create(dir, dentry);
3076 acc_mode = 0;
3077 }
3078 error = may_open(&file->f_path, acc_mode, open_flag);
3079 if (WARN_ON(error > 0))
3080 error = -EINVAL;
3081 } else if (WARN_ON(file->f_path.dentry == DENTRY_NOT_SET)) {
3082 error = -EIO;
3083 } else {
3084 if (file->f_path.dentry) {
3085 dput(dentry);
3086 dentry = file->f_path.dentry;
3087 }
3088 if (file->f_mode & FMODE_CREATED)
3089 fsnotify_create(dir, dentry);
3090 if (unlikely(d_is_negative(dentry))) {
3091 error = -ENOENT;
3092 } else {
3093 path->dentry = dentry;
3094 path->mnt = nd->path.mnt;
3095 return 0;
3096 }
3097 }
3098 }
3099 dput(dentry);
3100 return error;
3101 }
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118 static int lookup_open(struct nameidata *nd, struct path *path,
3119 struct file *file,
3120 const struct open_flags *op,
3121 bool got_write)
3122 {
3123 struct dentry *dir = nd->path.dentry;
3124 struct inode *dir_inode = dir->d_inode;
3125 int open_flag = op->open_flag;
3126 struct dentry *dentry;
3127 int error, create_error = 0;
3128 umode_t mode = op->mode;
3129 DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq);
3130
3131 if (unlikely(IS_DEADDIR(dir_inode)))
3132 return -ENOENT;
3133
3134 file->f_mode &= ~FMODE_CREATED;
3135 dentry = d_lookup(dir, &nd->last);
3136 for (;;) {
3137 if (!dentry) {
3138 dentry = d_alloc_parallel(dir, &nd->last, &wq);
3139 if (IS_ERR(dentry))
3140 return PTR_ERR(dentry);
3141 }
3142 if (d_in_lookup(dentry))
3143 break;
3144
3145 error = d_revalidate(dentry, nd->flags);
3146 if (likely(error > 0))
3147 break;
3148 if (error)
3149 goto out_dput;
3150 d_invalidate(dentry);
3151 dput(dentry);
3152 dentry = NULL;
3153 }
3154 if (dentry->d_inode) {
3155
3156 goto out_no_open;
3157 }
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168 if (open_flag & O_CREAT) {
3169 if (!IS_POSIXACL(dir->d_inode))
3170 mode &= ~current_umask();
3171 if (unlikely(!got_write)) {
3172 create_error = -EROFS;
3173 open_flag &= ~O_CREAT;
3174 if (open_flag & (O_EXCL | O_TRUNC))
3175 goto no_open;
3176
3177 } else {
3178 create_error = may_o_create(&nd->path, dentry, mode);
3179 if (create_error) {
3180 open_flag &= ~O_CREAT;
3181 if (open_flag & O_EXCL)
3182 goto no_open;
3183 }
3184 }
3185 } else if ((open_flag & (O_TRUNC|O_WRONLY|O_RDWR)) &&
3186 unlikely(!got_write)) {
3187
3188
3189
3190
3191 goto no_open;
3192 }
3193
3194 if (dir_inode->i_op->atomic_open) {
3195 error = atomic_open(nd, dentry, path, file, op, open_flag,
3196 mode);
3197 if (unlikely(error == -ENOENT) && create_error)
3198 error = create_error;
3199 return error;
3200 }
3201
3202 no_open:
3203 if (d_in_lookup(dentry)) {
3204 struct dentry *res = dir_inode->i_op->lookup(dir_inode, dentry,
3205 nd->flags);
3206 d_lookup_done(dentry);
3207 if (unlikely(res)) {
3208 if (IS_ERR(res)) {
3209 error = PTR_ERR(res);
3210 goto out_dput;
3211 }
3212 dput(dentry);
3213 dentry = res;
3214 }
3215 }
3216
3217
3218 if (!dentry->d_inode && (open_flag & O_CREAT)) {
3219 file->f_mode |= FMODE_CREATED;
3220 audit_inode_child(dir_inode, dentry, AUDIT_TYPE_CHILD_CREATE);
3221 if (!dir_inode->i_op->create) {
3222 error = -EACCES;
3223 goto out_dput;
3224 }
3225 error = dir_inode->i_op->create(dir_inode, dentry, mode,
3226 open_flag & O_EXCL);
3227 if (error)
3228 goto out_dput;
3229 fsnotify_create(dir_inode, dentry);
3230 }
3231 if (unlikely(create_error) && !dentry->d_inode) {
3232 error = create_error;
3233 goto out_dput;
3234 }
3235 out_no_open:
3236 path->dentry = dentry;
3237 path->mnt = nd->path.mnt;
3238 return 0;
3239
3240 out_dput:
3241 dput(dentry);
3242 return error;
3243 }
3244
3245
3246
3247
3248 static int do_last(struct nameidata *nd,
3249 struct file *file, const struct open_flags *op)
3250 {
3251 struct dentry *dir = nd->path.dentry;
3252 kuid_t dir_uid = nd->inode->i_uid;
3253 umode_t dir_mode = nd->inode->i_mode;
3254 int open_flag = op->open_flag;
3255 bool will_truncate = (open_flag & O_TRUNC) != 0;
3256 bool got_write = false;
3257 int acc_mode = op->acc_mode;
3258 unsigned seq;
3259 struct inode *inode;
3260 struct path path;
3261 int error;
3262
3263 nd->flags &= ~LOOKUP_PARENT;
3264 nd->flags |= op->intent;
3265
3266 if (nd->last_type != LAST_NORM) {
3267 error = handle_dots(nd, nd->last_type);
3268 if (unlikely(error))
3269 return error;
3270 goto finish_open;
3271 }
3272
3273 if (!(open_flag & O_CREAT)) {
3274 if (nd->last.name[nd->last.len])
3275 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
3276
3277 error = lookup_fast(nd, &path, &inode, &seq);
3278 if (likely(error > 0))
3279 goto finish_lookup;
3280
3281 if (error < 0)
3282 return error;
3283
3284 BUG_ON(nd->inode != dir->d_inode);
3285 BUG_ON(nd->flags & LOOKUP_RCU);
3286 } else {
3287
3288
3289
3290
3291
3292
3293 error = complete_walk(nd);
3294 if (error)
3295 return error;
3296
3297 audit_inode(nd->name, dir, AUDIT_INODE_PARENT);
3298
3299 if (unlikely(nd->last.name[nd->last.len]))
3300 return -EISDIR;
3301 }
3302
3303 if (open_flag & (O_CREAT | O_TRUNC | O_WRONLY | O_RDWR)) {
3304 error = mnt_want_write(nd->path.mnt);
3305 if (!error)
3306 got_write = true;
3307
3308
3309
3310
3311
3312 }
3313 if (open_flag & O_CREAT)
3314 inode_lock(dir->d_inode);
3315 else
3316 inode_lock_shared(dir->d_inode);
3317 error = lookup_open(nd, &path, file, op, got_write);
3318 if (open_flag & O_CREAT)
3319 inode_unlock(dir->d_inode);
3320 else
3321 inode_unlock_shared(dir->d_inode);
3322
3323 if (error)
3324 goto out;
3325
3326 if (file->f_mode & FMODE_OPENED) {
3327 if ((file->f_mode & FMODE_CREATED) ||
3328 !S_ISREG(file_inode(file)->i_mode))
3329 will_truncate = false;
3330
3331 audit_inode(nd->name, file->f_path.dentry, 0);
3332 goto opened;
3333 }
3334
3335 if (file->f_mode & FMODE_CREATED) {
3336
3337 open_flag &= ~O_TRUNC;
3338 will_truncate = false;
3339 acc_mode = 0;
3340 path_to_nameidata(&path, nd);
3341 goto finish_open_created;
3342 }
3343
3344
3345
3346
3347
3348
3349 if (got_write) {
3350 mnt_drop_write(nd->path.mnt);
3351 got_write = false;
3352 }
3353
3354 error = follow_managed(&path, nd);
3355 if (unlikely(error < 0))
3356 return error;
3357
3358 if (unlikely(d_is_negative(path.dentry))) {
3359 path_to_nameidata(&path, nd);
3360 return -ENOENT;
3361 }
3362
3363
3364
3365
3366 audit_inode(nd->name, path.dentry, 0);
3367
3368 if (unlikely((open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT))) {
3369 path_to_nameidata(&path, nd);
3370 return -EEXIST;
3371 }
3372
3373 seq = 0;
3374 inode = d_backing_inode(path.dentry);
3375 finish_lookup:
3376 error = step_into(nd, &path, 0, inode, seq);
3377 if (unlikely(error))
3378 return error;
3379 finish_open:
3380
3381 error = complete_walk(nd);
3382 if (error)
3383 return error;
3384 audit_inode(nd->name, nd->path.dentry, 0);
3385 if (open_flag & O_CREAT) {
3386 error = -EISDIR;
3387 if (d_is_dir(nd->path.dentry))
3388 goto out;
3389 error = may_create_in_sticky(dir_mode, dir_uid,
3390 d_backing_inode(nd->path.dentry));
3391 if (unlikely(error))
3392 goto out;
3393 }
3394 error = -ENOTDIR;
3395 if ((nd->flags & LOOKUP_DIRECTORY) && !d_can_lookup(nd->path.dentry))
3396 goto out;
3397 if (!d_is_reg(nd->path.dentry))
3398 will_truncate = false;
3399
3400 if (will_truncate) {
3401 error = mnt_want_write(nd->path.mnt);
3402 if (error)
3403 goto out;
3404 got_write = true;
3405 }
3406 finish_open_created:
3407 error = may_open(&nd->path, acc_mode, open_flag);
3408 if (error)
3409 goto out;
3410 BUG_ON(file->f_mode & FMODE_OPENED);
3411 error = vfs_open(&nd->path, file);
3412 if (error)
3413 goto out;
3414 opened:
3415 error = ima_file_check(file, op->acc_mode);
3416 if (!error && will_truncate)
3417 error = handle_truncate(file);
3418 out:
3419 if (unlikely(error > 0)) {
3420 WARN_ON(1);
3421 error = -EINVAL;
3422 }
3423 if (got_write)
3424 mnt_drop_write(nd->path.mnt);
3425 return error;
3426 }
3427
3428 struct dentry *vfs_tmpfile(struct dentry *dentry, umode_t mode, int open_flag)
3429 {
3430 struct dentry *child = NULL;
3431 struct inode *dir = dentry->d_inode;
3432 struct inode *inode;
3433 int error;
3434
3435
3436 error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
3437 if (error)
3438 goto out_err;
3439 error = -EOPNOTSUPP;
3440 if (!dir->i_op->tmpfile)
3441 goto out_err;
3442 error = -ENOMEM;
3443 child = d_alloc(dentry, &slash_name);
3444 if (unlikely(!child))
3445 goto out_err;
3446 error = dir->i_op->tmpfile(dir, child, mode);
3447 if (error)
3448 goto out_err;
3449 error = -ENOENT;
3450 inode = child->d_inode;
3451 if (unlikely(!inode))
3452 goto out_err;
3453 if (!(open_flag & O_EXCL)) {
3454 spin_lock(&inode->i_lock);
3455 inode->i_state |= I_LINKABLE;
3456 spin_unlock(&inode->i_lock);
3457 }
3458 ima_post_create_tmpfile(inode);
3459 return child;
3460
3461 out_err:
3462 dput(child);
3463 return ERR_PTR(error);
3464 }
3465 EXPORT_SYMBOL(vfs_tmpfile);
3466
3467 static int do_tmpfile(struct nameidata *nd, unsigned flags,
3468 const struct open_flags *op,
3469 struct file *file)
3470 {
3471 struct dentry *child;
3472 struct path path;
3473 int error = path_lookupat(nd, flags | LOOKUP_DIRECTORY, &path);
3474 if (unlikely(error))
3475 return error;
3476 error = mnt_want_write(path.mnt);
3477 if (unlikely(error))
3478 goto out;
3479 child = vfs_tmpfile(path.dentry, op->mode, op->open_flag);
3480 error = PTR_ERR(child);
3481 if (IS_ERR(child))
3482 goto out2;
3483 dput(path.dentry);
3484 path.dentry = child;
3485 audit_inode(nd->name, child, 0);
3486
3487 error = may_open(&path, 0, op->open_flag);
3488 if (error)
3489 goto out2;
3490 file->f_path.mnt = path.mnt;
3491 error = finish_open(file, child, NULL);
3492 out2:
3493 mnt_drop_write(path.mnt);
3494 out:
3495 path_put(&path);
3496 return error;
3497 }
3498
3499 static int do_o_path(struct nameidata *nd, unsigned flags, struct file *file)
3500 {
3501 struct path path;
3502 int error = path_lookupat(nd, flags, &path);
3503 if (!error) {
3504 audit_inode(nd->name, path.dentry, 0);
3505 error = vfs_open(&path, file);
3506 path_put(&path);
3507 }
3508 return error;
3509 }
3510
3511 static struct file *path_openat(struct nameidata *nd,
3512 const struct open_flags *op, unsigned flags)
3513 {
3514 struct file *file;
3515 int error;
3516
3517 file = alloc_empty_file(op->open_flag, current_cred());
3518 if (IS_ERR(file))
3519 return file;
3520
3521 if (unlikely(file->f_flags & __O_TMPFILE)) {
3522 error = do_tmpfile(nd, flags, op, file);
3523 } else if (unlikely(file->f_flags & O_PATH)) {
3524 error = do_o_path(nd, flags, file);
3525 } else {
3526 const char *s = path_init(nd, flags);
3527 while (!(error = link_path_walk(s, nd)) &&
3528 (error = do_last(nd, file, op)) > 0) {
3529 nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL);
3530 s = trailing_symlink(nd);
3531 }
3532 terminate_walk(nd);
3533 }
3534 if (likely(!error)) {
3535 if (likely(file->f_mode & FMODE_OPENED))
3536 return file;
3537 WARN_ON(1);
3538 error = -EINVAL;
3539 }
3540 fput(file);
3541 if (error == -EOPENSTALE) {
3542 if (flags & LOOKUP_RCU)
3543 error = -ECHILD;
3544 else
3545 error = -ESTALE;
3546 }
3547 return ERR_PTR(error);
3548 }
3549
3550 struct file *do_filp_open(int dfd, struct filename *pathname,
3551 const struct open_flags *op)
3552 {
3553 struct nameidata nd;
3554 int flags = op->lookup_flags;
3555 struct file *filp;
3556
3557 set_nameidata(&nd, dfd, pathname);
3558 filp = path_openat(&nd, op, flags | LOOKUP_RCU);
3559 if (unlikely(filp == ERR_PTR(-ECHILD)))
3560 filp = path_openat(&nd, op, flags);
3561 if (unlikely(filp == ERR_PTR(-ESTALE)))
3562 filp = path_openat(&nd, op, flags | LOOKUP_REVAL);
3563 restore_nameidata();
3564 return filp;
3565 }
3566
3567 struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt,
3568 const char *name, const struct open_flags *op)
3569 {
3570 struct nameidata nd;
3571 struct file *file;
3572 struct filename *filename;
3573 int flags = op->lookup_flags | LOOKUP_ROOT;
3574
3575 nd.root.mnt = mnt;
3576 nd.root.dentry = dentry;
3577
3578 if (d_is_symlink(dentry) && op->intent & LOOKUP_OPEN)
3579 return ERR_PTR(-ELOOP);
3580
3581 filename = getname_kernel(name);
3582 if (IS_ERR(filename))
3583 return ERR_CAST(filename);
3584
3585 set_nameidata(&nd, -1, filename);
3586 file = path_openat(&nd, op, flags | LOOKUP_RCU);
3587 if (unlikely(file == ERR_PTR(-ECHILD)))
3588 file = path_openat(&nd, op, flags);
3589 if (unlikely(file == ERR_PTR(-ESTALE)))
3590 file = path_openat(&nd, op, flags | LOOKUP_REVAL);
3591 restore_nameidata();
3592 putname(filename);
3593 return file;
3594 }
3595
3596 static struct dentry *filename_create(int dfd, struct filename *name,
3597 struct path *path, unsigned int lookup_flags)
3598 {
3599 struct dentry *dentry = ERR_PTR(-EEXIST);
3600 struct qstr last;
3601 int type;
3602 int err2;
3603 int error;
3604 bool is_dir = (lookup_flags & LOOKUP_DIRECTORY);
3605
3606
3607
3608
3609
3610 lookup_flags &= LOOKUP_REVAL;
3611
3612 name = filename_parentat(dfd, name, lookup_flags, path, &last, &type);
3613 if (IS_ERR(name))
3614 return ERR_CAST(name);
3615
3616
3617
3618
3619
3620 if (unlikely(type != LAST_NORM))
3621 goto out;
3622
3623
3624 err2 = mnt_want_write(path->mnt);
3625
3626
3627
3628 lookup_flags |= LOOKUP_CREATE | LOOKUP_EXCL;
3629 inode_lock_nested(path->dentry->d_inode, I_MUTEX_PARENT);
3630 dentry = __lookup_hash(&last, path->dentry, lookup_flags);
3631 if (IS_ERR(dentry))
3632 goto unlock;
3633
3634 error = -EEXIST;
3635 if (d_is_positive(dentry))
3636 goto fail;
3637
3638
3639
3640
3641
3642
3643
3644 if (unlikely(!is_dir && last.name[last.len])) {
3645 error = -ENOENT;
3646 goto fail;
3647 }
3648 if (unlikely(err2)) {
3649 error = err2;
3650 goto fail;
3651 }
3652 putname(name);
3653 return dentry;
3654 fail:
3655 dput(dentry);
3656 dentry = ERR_PTR(error);
3657 unlock:
3658 inode_unlock(path->dentry->d_inode);
3659 if (!err2)
3660 mnt_drop_write(path->mnt);
3661 out:
3662 path_put(path);
3663 putname(name);
3664 return dentry;
3665 }
3666
3667 struct dentry *kern_path_create(int dfd, const char *pathname,
3668 struct path *path, unsigned int lookup_flags)
3669 {
3670 return filename_create(dfd, getname_kernel(pathname),
3671 path, lookup_flags);
3672 }
3673 EXPORT_SYMBOL(kern_path_create);
3674
3675 void done_path_create(struct path *path, struct dentry *dentry)
3676 {
3677 dput(dentry);
3678 inode_unlock(path->dentry->d_inode);
3679 mnt_drop_write(path->mnt);
3680 path_put(path);
3681 }
3682 EXPORT_SYMBOL(done_path_create);
3683
3684 inline struct dentry *user_path_create(int dfd, const char __user *pathname,
3685 struct path *path, unsigned int lookup_flags)
3686 {
3687 return filename_create(dfd, getname(pathname), path, lookup_flags);
3688 }
3689 EXPORT_SYMBOL(user_path_create);
3690
3691 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
3692 {
3693 int error = may_create(dir, dentry);
3694
3695 if (error)
3696 return error;
3697
3698 if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
3699 return -EPERM;
3700
3701 if (!dir->i_op->mknod)
3702 return -EPERM;
3703
3704 error = devcgroup_inode_mknod(mode, dev);
3705 if (error)
3706 return error;
3707
3708 error = security_inode_mknod(dir, dentry, mode, dev);
3709 if (error)
3710 return error;
3711
3712 error = dir->i_op->mknod(dir, dentry, mode, dev);
3713 if (!error)
3714 fsnotify_create(dir, dentry);
3715 return error;
3716 }
3717 EXPORT_SYMBOL(vfs_mknod);
3718
3719 static int may_mknod(umode_t mode)
3720 {
3721 switch (mode & S_IFMT) {
3722 case S_IFREG:
3723 case S_IFCHR:
3724 case S_IFBLK:
3725 case S_IFIFO:
3726 case S_IFSOCK:
3727 case 0:
3728 return 0;
3729 case S_IFDIR:
3730 return -EPERM;
3731 default:
3732 return -EINVAL;
3733 }
3734 }
3735
3736 long do_mknodat(int dfd, const char __user *filename, umode_t mode,
3737 unsigned int dev)
3738 {
3739 struct dentry *dentry;
3740 struct path path;
3741 int error;
3742 unsigned int lookup_flags = 0;
3743
3744 error = may_mknod(mode);
3745 if (error)
3746 return error;
3747 retry:
3748 dentry = user_path_create(dfd, filename, &path, lookup_flags);
3749 if (IS_ERR(dentry))
3750 return PTR_ERR(dentry);
3751
3752 if (!IS_POSIXACL(path.dentry->d_inode))
3753 mode &= ~current_umask();
3754 error = security_path_mknod(&path, dentry, mode, dev);
3755 if (error)
3756 goto out;
3757 switch (mode & S_IFMT) {
3758 case 0: case S_IFREG:
3759 error = vfs_create(path.dentry->d_inode,dentry,mode,true);
3760 if (!error)
3761 ima_post_path_mknod(dentry);
3762 break;
3763 case S_IFCHR: case S_IFBLK:
3764 error = vfs_mknod(path.dentry->d_inode,dentry,mode,
3765 new_decode_dev(dev));
3766 break;
3767 case S_IFIFO: case S_IFSOCK:
3768 error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
3769 break;
3770 }
3771 out:
3772 done_path_create(&path, dentry);
3773 if (retry_estale(error, lookup_flags)) {
3774 lookup_flags |= LOOKUP_REVAL;
3775 goto retry;
3776 }
3777 return error;
3778 }
3779
3780 SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
3781 unsigned int, dev)
3782 {
3783 return do_mknodat(dfd, filename, mode, dev);
3784 }
3785
3786 SYSCALL_DEFINE3(mknod, const char __user *, filename, umode_t, mode, unsigned, dev)
3787 {
3788 return do_mknodat(AT_FDCWD, filename, mode, dev);
3789 }
3790
3791 int vfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
3792 {
3793 int error = may_create(dir, dentry);
3794 unsigned max_links = dir->i_sb->s_max_links;
3795
3796 if (error)
3797 return error;
3798
3799 if (!dir->i_op->mkdir)
3800 return -EPERM;
3801
3802 mode &= (S_IRWXUGO|S_ISVTX);
3803 error = security_inode_mkdir(dir, dentry, mode);
3804 if (error)
3805 return error;
3806
3807 if (max_links && dir->i_nlink >= max_links)
3808 return -EMLINK;
3809
3810 error = dir->i_op->mkdir(dir, dentry, mode);
3811 if (!error)
3812 fsnotify_mkdir(dir, dentry);
3813 return error;
3814 }
3815 EXPORT_SYMBOL(vfs_mkdir);
3816
3817 long do_mkdirat(int dfd, const char __user *pathname, umode_t mode)
3818 {
3819 struct dentry *dentry;
3820 struct path path;
3821 int error;
3822 unsigned int lookup_flags = LOOKUP_DIRECTORY;
3823
3824 retry:
3825 dentry = user_path_create(dfd, pathname, &path, lookup_flags);
3826 if (IS_ERR(dentry))
3827 return PTR_ERR(dentry);
3828
3829 if (!IS_POSIXACL(path.dentry->d_inode))
3830 mode &= ~current_umask();
3831 error = security_path_mkdir(&path, dentry, mode);
3832 if (!error)
3833 error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
3834 done_path_create(&path, dentry);
3835 if (retry_estale(error, lookup_flags)) {
3836 lookup_flags |= LOOKUP_REVAL;
3837 goto retry;
3838 }
3839 return error;
3840 }
3841
3842 SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode)
3843 {
3844 return do_mkdirat(dfd, pathname, mode);
3845 }
3846
3847 SYSCALL_DEFINE2(mkdir, const char __user *, pathname, umode_t, mode)
3848 {
3849 return do_mkdirat(AT_FDCWD, pathname, mode);
3850 }
3851
3852 int vfs_rmdir(struct inode *dir, struct dentry *dentry)
3853 {
3854 int error = may_delete(dir, dentry, 1);
3855
3856 if (error)
3857 return error;
3858
3859 if (!dir->i_op->rmdir)
3860 return -EPERM;
3861
3862 dget(dentry);
3863 inode_lock(dentry->d_inode);
3864
3865 error = -EBUSY;
3866 if (is_local_mountpoint(dentry))
3867 goto out;
3868
3869 error = security_inode_rmdir(dir, dentry);
3870 if (error)
3871 goto out;
3872
3873 error = dir->i_op->rmdir(dir, dentry);
3874 if (error)
3875 goto out;
3876
3877 shrink_dcache_parent(dentry);
3878 dentry->d_inode->i_flags |= S_DEAD;
3879 dont_mount(dentry);
3880 detach_mounts(dentry);
3881 fsnotify_rmdir(dir, dentry);
3882
3883 out:
3884 inode_unlock(dentry->d_inode);
3885 dput(dentry);
3886 if (!error)
3887 d_delete(dentry);
3888 return error;
3889 }
3890 EXPORT_SYMBOL(vfs_rmdir);
3891
3892 long do_rmdir(int dfd, const char __user *pathname)
3893 {
3894 int error = 0;
3895 struct filename *name;
3896 struct dentry *dentry;
3897 struct path path;
3898 struct qstr last;
3899 int type;
3900 unsigned int lookup_flags = 0;
3901 retry:
3902 name = filename_parentat(dfd, getname(pathname), lookup_flags,
3903 &path, &last, &type);
3904 if (IS_ERR(name))
3905 return PTR_ERR(name);
3906
3907 switch (type) {
3908 case LAST_DOTDOT:
3909 error = -ENOTEMPTY;
3910 goto exit1;
3911 case LAST_DOT:
3912 error = -EINVAL;
3913 goto exit1;
3914 case LAST_ROOT:
3915 error = -EBUSY;
3916 goto exit1;
3917 }
3918
3919 error = mnt_want_write(path.mnt);
3920 if (error)
3921 goto exit1;
3922
3923 inode_lock_nested(path.dentry->d_inode, I_MUTEX_PARENT);
3924 dentry = __lookup_hash(&last, path.dentry, lookup_flags);
3925 error = PTR_ERR(dentry);
3926 if (IS_ERR(dentry))
3927 goto exit2;
3928 if (!dentry->d_inode) {
3929 error = -ENOENT;
3930 goto exit3;
3931 }
3932 error = security_path_rmdir(&path, dentry);
3933 if (error)
3934 goto exit3;
3935 error = vfs_rmdir(path.dentry->d_inode, dentry);
3936 exit3:
3937 dput(dentry);
3938 exit2:
3939 inode_unlock(path.dentry->d_inode);
3940 mnt_drop_write(path.mnt);
3941 exit1:
3942 path_put(&path);
3943 putname(name);
3944 if (retry_estale(error, lookup_flags)) {
3945 lookup_flags |= LOOKUP_REVAL;
3946 goto retry;
3947 }
3948 return error;
3949 }
3950
3951 SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
3952 {
3953 return do_rmdir(AT_FDCWD, pathname);
3954 }
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974 int vfs_unlink(struct inode *dir, struct dentry *dentry, struct inode **delegated_inode)
3975 {
3976 struct inode *target = dentry->d_inode;
3977 int error = may_delete(dir, dentry, 0);
3978
3979 if (error)
3980 return error;
3981
3982 if (!dir->i_op->unlink)
3983 return -EPERM;
3984
3985 inode_lock(target);
3986 if (is_local_mountpoint(dentry))
3987 error = -EBUSY;
3988 else {
3989 error = security_inode_unlink(dir, dentry);
3990 if (!error) {
3991 error = try_break_deleg(target, delegated_inode);
3992 if (error)
3993 goto out;
3994 error = dir->i_op->unlink(dir, dentry);
3995 if (!error) {
3996 dont_mount(dentry);
3997 detach_mounts(dentry);
3998 fsnotify_unlink(dir, dentry);
3999 }
4000 }
4001 }
4002 out:
4003 inode_unlock(target);
4004
4005
4006 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
4007 fsnotify_link_count(target);
4008 d_delete(dentry);
4009 }
4010
4011 return error;
4012 }
4013 EXPORT_SYMBOL(vfs_unlink);
4014
4015
4016
4017
4018
4019
4020
4021 long do_unlinkat(int dfd, struct filename *name)
4022 {
4023 int error;
4024 struct dentry *dentry;
4025 struct path path;
4026 struct qstr last;
4027 int type;
4028 struct inode *inode = NULL;
4029 struct inode *delegated_inode = NULL;
4030 unsigned int lookup_flags = 0;
4031 retry:
4032 name = filename_parentat(dfd, name, lookup_flags, &path, &last, &type);
4033 if (IS_ERR(name))
4034 return PTR_ERR(name);
4035
4036 error = -EISDIR;
4037 if (type != LAST_NORM)
4038 goto exit1;
4039
4040 error = mnt_want_write(path.mnt);
4041 if (error)
4042 goto exit1;
4043 retry_deleg:
4044 inode_lock_nested(path.dentry->d_inode, I_MUTEX_PARENT);
4045 dentry = __lookup_hash(&last, path.dentry, lookup_flags);
4046 error = PTR_ERR(dentry);
4047 if (!IS_ERR(dentry)) {
4048
4049 if (last.name[last.len])
4050 goto slashes;
4051 inode = dentry->d_inode;
4052 if (d_is_negative(dentry))
4053 goto slashes;
4054 ihold(inode);
4055 error = security_path_unlink(&path, dentry);
4056 if (error)
4057 goto exit2;
4058 error = vfs_unlink(path.dentry->d_inode, dentry, &delegated_inode);
4059 exit2:
4060 dput(dentry);
4061 }
4062 inode_unlock(path.dentry->d_inode);
4063 if (inode)
4064 iput(inode);
4065 inode = NULL;
4066 if (delegated_inode) {
4067 error = break_deleg_wait(&delegated_inode);
4068 if (!error)
4069 goto retry_deleg;
4070 }
4071 mnt_drop_write(path.mnt);
4072 exit1:
4073 path_put(&path);
4074 if (retry_estale(error, lookup_flags)) {
4075 lookup_flags |= LOOKUP_REVAL;
4076 inode = NULL;
4077 goto retry;
4078 }
4079 putname(name);
4080 return error;
4081
4082 slashes:
4083 if (d_is_negative(dentry))
4084 error = -ENOENT;
4085 else if (d_is_dir(dentry))
4086 error = -EISDIR;
4087 else
4088 error = -ENOTDIR;
4089 goto exit2;
4090 }
4091
4092 SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
4093 {
4094 if ((flag & ~AT_REMOVEDIR) != 0)
4095 return -EINVAL;
4096
4097 if (flag & AT_REMOVEDIR)
4098 return do_rmdir(dfd, pathname);
4099
4100 return do_unlinkat(dfd, getname(pathname));
4101 }
4102
4103 SYSCALL_DEFINE1(unlink, const char __user *, pathname)
4104 {
4105 return do_unlinkat(AT_FDCWD, getname(pathname));
4106 }
4107
4108 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
4109 {
4110 int error = may_create(dir, dentry);
4111
4112 if (error)
4113 return error;
4114
4115 if (!dir->i_op->symlink)
4116 return -EPERM;
4117
4118 error = security_inode_symlink(dir, dentry, oldname);
4119 if (error)
4120 return error;
4121
4122 error = dir->i_op->symlink(dir, dentry, oldname);
4123 if (!error)
4124 fsnotify_create(dir, dentry);
4125 return error;
4126 }
4127 EXPORT_SYMBOL(vfs_symlink);
4128
4129 long do_symlinkat(const char __user *oldname, int newdfd,
4130 const char __user *newname)
4131 {
4132 int error;
4133 struct filename *from;
4134 struct dentry *dentry;
4135 struct path path;
4136 unsigned int lookup_flags = 0;
4137
4138 from = getname(oldname);
4139 if (IS_ERR(from))
4140 return PTR_ERR(from);
4141 retry:
4142 dentry = user_path_create(newdfd, newname, &path, lookup_flags);
4143 error = PTR_ERR(dentry);
4144 if (IS_ERR(dentry))
4145 goto out_putname;
4146
4147 error = security_path_symlink(&path, dentry, from->name);
4148 if (!error)
4149 error = vfs_symlink(path.dentry->d_inode, dentry, from->name);
4150 done_path_create(&path, dentry);
4151 if (retry_estale(error, lookup_flags)) {
4152 lookup_flags |= LOOKUP_REVAL;
4153 goto retry;
4154 }
4155 out_putname:
4156 putname(from);
4157 return error;
4158 }
4159
4160 SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
4161 int, newdfd, const char __user *, newname)
4162 {
4163 return do_symlinkat(oldname, newdfd, newname);
4164 }
4165
4166 SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
4167 {
4168 return do_symlinkat(oldname, AT_FDCWD, newname);
4169 }
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190 int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry, struct inode **delegated_inode)
4191 {
4192 struct inode *inode = old_dentry->d_inode;
4193 unsigned max_links = dir->i_sb->s_max_links;
4194 int error;
4195
4196 if (!inode)
4197 return -ENOENT;
4198
4199 error = may_create(dir, new_dentry);
4200 if (error)
4201 return error;
4202
4203 if (dir->i_sb != inode->i_sb)
4204 return -EXDEV;
4205
4206
4207
4208
4209 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
4210 return -EPERM;
4211
4212
4213
4214
4215
4216 if (HAS_UNMAPPED_ID(inode))
4217 return -EPERM;
4218 if (!dir->i_op->link)
4219 return -EPERM;
4220 if (S_ISDIR(inode->i_mode))
4221 return -EPERM;
4222
4223 error = security_inode_link(old_dentry, dir, new_dentry);
4224 if (error)
4225 return error;
4226
4227 inode_lock(inode);
4228
4229 if (inode->i_nlink == 0 && !(inode->i_state & I_LINKABLE))
4230 error = -ENOENT;
4231 else if (max_links && inode->i_nlink >= max_links)
4232 error = -EMLINK;
4233 else {
4234 error = try_break_deleg(inode, delegated_inode);
4235 if (!error)
4236 error = dir->i_op->link(old_dentry, dir, new_dentry);
4237 }
4238
4239 if (!error && (inode->i_state & I_LINKABLE)) {
4240 spin_lock(&inode->i_lock);
4241 inode->i_state &= ~I_LINKABLE;
4242 spin_unlock(&inode->i_lock);
4243 }
4244 inode_unlock(inode);
4245 if (!error)
4246 fsnotify_link(dir, inode, new_dentry);
4247 return error;
4248 }
4249 EXPORT_SYMBOL(vfs_link);
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260 int do_linkat(int olddfd, const char __user *oldname, int newdfd,
4261 const char __user *newname, int flags)
4262 {
4263 struct dentry *new_dentry;
4264 struct path old_path, new_path;
4265 struct inode *delegated_inode = NULL;
4266 int how = 0;
4267 int error;
4268
4269 if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
4270 return -EINVAL;
4271
4272
4273
4274
4275
4276 if (flags & AT_EMPTY_PATH) {
4277 if (!capable(CAP_DAC_READ_SEARCH))
4278 return -ENOENT;
4279 how = LOOKUP_EMPTY;
4280 }
4281
4282 if (flags & AT_SYMLINK_FOLLOW)
4283 how |= LOOKUP_FOLLOW;
4284 retry:
4285 error = user_path_at(olddfd, oldname, how, &old_path);
4286 if (error)
4287 return error;
4288
4289 new_dentry = user_path_create(newdfd, newname, &new_path,
4290 (how & LOOKUP_REVAL));
4291 error = PTR_ERR(new_dentry);
4292 if (IS_ERR(new_dentry))
4293 goto out;
4294
4295 error = -EXDEV;
4296 if (old_path.mnt != new_path.mnt)
4297 goto out_dput;
4298 error = may_linkat(&old_path);
4299 if (unlikely(error))
4300 goto out_dput;
4301 error = security_path_link(old_path.dentry, &new_path, new_dentry);
4302 if (error)
4303 goto out_dput;
4304 error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry, &delegated_inode);
4305 out_dput:
4306 done_path_create(&new_path, new_dentry);
4307 if (delegated_inode) {
4308 error = break_deleg_wait(&delegated_inode);
4309 if (!error) {
4310 path_put(&old_path);
4311 goto retry;
4312 }
4313 }
4314 if (retry_estale(error, how)) {
4315 path_put(&old_path);
4316 how |= LOOKUP_REVAL;
4317 goto retry;
4318 }
4319 out:
4320 path_put(&old_path);
4321
4322 return error;
4323 }
4324
4325 SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
4326 int, newdfd, const char __user *, newname, int, flags)
4327 {
4328 return do_linkat(olddfd, oldname, newdfd, newname, flags);
4329 }
4330
4331 SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
4332 {
4333 return do_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
4334 }
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
4387 struct inode *new_dir, struct dentry *new_dentry,
4388 struct inode **delegated_inode, unsigned int flags)
4389 {
4390 int error;
4391 bool is_dir = d_is_dir(old_dentry);
4392 struct inode *source = old_dentry->d_inode;
4393 struct inode *target = new_dentry->d_inode;
4394 bool new_is_dir = false;
4395 unsigned max_links = new_dir->i_sb->s_max_links;
4396 struct name_snapshot old_name;
4397
4398 if (source == target)
4399 return 0;
4400
4401 error = may_delete(old_dir, old_dentry, is_dir);
4402 if (error)
4403 return error;
4404
4405 if (!target) {
4406 error = may_create(new_dir, new_dentry);
4407 } else {
4408 new_is_dir = d_is_dir(new_dentry);
4409
4410 if (!(flags & RENAME_EXCHANGE))
4411 error = may_delete(new_dir, new_dentry, is_dir);
4412 else
4413 error = may_delete(new_dir, new_dentry, new_is_dir);
4414 }
4415 if (error)
4416 return error;
4417
4418 if (!old_dir->i_op->rename)
4419 return -EPERM;
4420
4421
4422
4423
4424
4425 if (new_dir != old_dir) {
4426 if (is_dir) {
4427 error = inode_permission(source, MAY_WRITE);
4428 if (error)
4429 return error;
4430 }
4431 if ((flags & RENAME_EXCHANGE) && new_is_dir) {
4432 error = inode_permission(target, MAY_WRITE);
4433 if (error)
4434 return error;
4435 }
4436 }
4437
4438 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry,
4439 flags);
4440 if (error)
4441 return error;
4442
4443 take_dentry_name_snapshot(&old_name, old_dentry);
4444 dget(new_dentry);
4445 if (!is_dir || (flags & RENAME_EXCHANGE))
4446 lock_two_nondirectories(source, target);
4447 else if (target)
4448 inode_lock(target);
4449
4450 error = -EBUSY;
4451 if (is_local_mountpoint(old_dentry) || is_local_mountpoint(new_dentry))
4452 goto out;
4453
4454 if (max_links && new_dir != old_dir) {
4455 error = -EMLINK;
4456 if (is_dir && !new_is_dir && new_dir->i_nlink >= max_links)
4457 goto out;
4458 if ((flags & RENAME_EXCHANGE) && !is_dir && new_is_dir &&
4459 old_dir->i_nlink >= max_links)
4460 goto out;
4461 }
4462 if (!is_dir) {
4463 error = try_break_deleg(source, delegated_inode);
4464 if (error)
4465 goto out;
4466 }
4467 if (target && !new_is_dir) {
4468 error = try_break_deleg(target, delegated_inode);
4469 if (error)
4470 goto out;
4471 }
4472 error = old_dir->i_op->rename(old_dir, old_dentry,
4473 new_dir, new_dentry, flags);
4474 if (error)
4475 goto out;
4476
4477 if (!(flags & RENAME_EXCHANGE) && target) {
4478 if (is_dir) {
4479 shrink_dcache_parent(new_dentry);
4480 target->i_flags |= S_DEAD;
4481 }
4482 dont_mount(new_dentry);
4483 detach_mounts(new_dentry);
4484 }
4485 if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) {
4486 if (!(flags & RENAME_EXCHANGE))
4487 d_move(old_dentry, new_dentry);
4488 else
4489 d_exchange(old_dentry, new_dentry);
4490 }
4491 out:
4492 if (!is_dir || (flags & RENAME_EXCHANGE))
4493 unlock_two_nondirectories(source, target);
4494 else if (target)
4495 inode_unlock(target);
4496 dput(new_dentry);
4497 if (!error) {
4498 fsnotify_move(old_dir, new_dir, &old_name.name, is_dir,
4499 !(flags & RENAME_EXCHANGE) ? target : NULL, old_dentry);
4500 if (flags & RENAME_EXCHANGE) {
4501 fsnotify_move(new_dir, old_dir, &old_dentry->d_name,
4502 new_is_dir, NULL, new_dentry);
4503 }
4504 }
4505 release_dentry_name_snapshot(&old_name);
4506
4507 return error;
4508 }
4509 EXPORT_SYMBOL(vfs_rename);
4510
4511 static int do_renameat2(int olddfd, const char __user *oldname, int newdfd,
4512 const char __user *newname, unsigned int flags)
4513 {
4514 struct dentry *old_dentry, *new_dentry;
4515 struct dentry *trap;
4516 struct path old_path, new_path;
4517 struct qstr old_last, new_last;
4518 int old_type, new_type;
4519 struct inode *delegated_inode = NULL;
4520 struct filename *from;
4521 struct filename *to;
4522 unsigned int lookup_flags = 0, target_flags = LOOKUP_RENAME_TARGET;
4523 bool should_retry = false;
4524 int error;
4525
4526 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
4527 return -EINVAL;
4528
4529 if ((flags & (RENAME_NOREPLACE | RENAME_WHITEOUT)) &&
4530 (flags & RENAME_EXCHANGE))
4531 return -EINVAL;
4532
4533 if ((flags & RENAME_WHITEOUT) && !capable(CAP_MKNOD))
4534 return -EPERM;
4535
4536 if (flags & RENAME_EXCHANGE)
4537 target_flags = 0;
4538
4539 retry:
4540 from = filename_parentat(olddfd, getname(oldname), lookup_flags,
4541 &old_path, &old_last, &old_type);
4542 if (IS_ERR(from)) {
4543 error = PTR_ERR(from);
4544 goto exit;
4545 }
4546
4547 to = filename_parentat(newdfd, getname(newname), lookup_flags,
4548 &new_path, &new_last, &new_type);
4549 if (IS_ERR(to)) {
4550 error = PTR_ERR(to);
4551 goto exit1;
4552 }
4553
4554 error = -EXDEV;
4555 if (old_path.mnt != new_path.mnt)
4556 goto exit2;
4557
4558 error = -EBUSY;
4559 if (old_type != LAST_NORM)
4560 goto exit2;
4561
4562 if (flags & RENAME_NOREPLACE)
4563 error = -EEXIST;
4564 if (new_type != LAST_NORM)
4565 goto exit2;
4566
4567 error = mnt_want_write(old_path.mnt);
4568 if (error)
4569 goto exit2;
4570
4571 retry_deleg:
4572 trap = lock_rename(new_path.dentry, old_path.dentry);
4573
4574 old_dentry = __lookup_hash(&old_last, old_path.dentry, lookup_flags);
4575 error = PTR_ERR(old_dentry);
4576 if (IS_ERR(old_dentry))
4577 goto exit3;
4578
4579 error = -ENOENT;
4580 if (d_is_negative(old_dentry))
4581 goto exit4;
4582 new_dentry = __lookup_hash(&new_last, new_path.dentry, lookup_flags | target_flags);
4583 error = PTR_ERR(new_dentry);
4584 if (IS_ERR(new_dentry))
4585 goto exit4;
4586 error = -EEXIST;
4587 if ((flags & RENAME_NOREPLACE) && d_is_positive(new_dentry))
4588 goto exit5;
4589 if (flags & RENAME_EXCHANGE) {
4590 error = -ENOENT;
4591 if (d_is_negative(new_dentry))
4592 goto exit5;
4593
4594 if (!d_is_dir(new_dentry)) {
4595 error = -ENOTDIR;
4596 if (new_last.name[new_last.len])
4597 goto exit5;
4598 }
4599 }
4600
4601 if (!d_is_dir(old_dentry)) {
4602 error = -ENOTDIR;
4603 if (old_last.name[old_last.len])
4604 goto exit5;
4605 if (!(flags & RENAME_EXCHANGE) && new_last.name[new_last.len])
4606 goto exit5;
4607 }
4608
4609 error = -EINVAL;
4610 if (old_dentry == trap)
4611 goto exit5;
4612
4613 if (!(flags & RENAME_EXCHANGE))
4614 error = -ENOTEMPTY;
4615 if (new_dentry == trap)
4616 goto exit5;
4617
4618 error = security_path_rename(&old_path, old_dentry,
4619 &new_path, new_dentry, flags);
4620 if (error)
4621 goto exit5;
4622 error = vfs_rename(old_path.dentry->d_inode, old_dentry,
4623 new_path.dentry->d_inode, new_dentry,
4624 &delegated_inode, flags);
4625 exit5:
4626 dput(new_dentry);
4627 exit4:
4628 dput(old_dentry);
4629 exit3:
4630 unlock_rename(new_path.dentry, old_path.dentry);
4631 if (delegated_inode) {
4632 error = break_deleg_wait(&delegated_inode);
4633 if (!error)
4634 goto retry_deleg;
4635 }
4636 mnt_drop_write(old_path.mnt);
4637 exit2:
4638 if (retry_estale(error, lookup_flags))
4639 should_retry = true;
4640 path_put(&new_path);
4641 putname(to);
4642 exit1:
4643 path_put(&old_path);
4644 putname(from);
4645 if (should_retry) {
4646 should_retry = false;
4647 lookup_flags |= LOOKUP_REVAL;
4648 goto retry;
4649 }
4650 exit:
4651 return error;
4652 }
4653
4654 SYSCALL_DEFINE5(renameat2, int, olddfd, const char __user *, oldname,
4655 int, newdfd, const char __user *, newname, unsigned int, flags)
4656 {
4657 return do_renameat2(olddfd, oldname, newdfd, newname, flags);
4658 }
4659
4660 SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
4661 int, newdfd, const char __user *, newname)
4662 {
4663 return do_renameat2(olddfd, oldname, newdfd, newname, 0);
4664 }
4665
4666 SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
4667 {
4668 return do_renameat2(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
4669 }
4670
4671 int vfs_whiteout(struct inode *dir, struct dentry *dentry)
4672 {
4673 int error = may_create(dir, dentry);
4674 if (error)
4675 return error;
4676
4677 if (!dir->i_op->mknod)
4678 return -EPERM;
4679
4680 return dir->i_op->mknod(dir, dentry,
4681 S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
4682 }
4683 EXPORT_SYMBOL(vfs_whiteout);
4684
4685 int readlink_copy(char __user *buffer, int buflen, const char *link)
4686 {
4687 int len = PTR_ERR(link);
4688 if (IS_ERR(link))
4689 goto out;
4690
4691 len = strlen(link);
4692 if (len > (unsigned) buflen)
4693 len = buflen;
4694 if (copy_to_user(buffer, link, len))
4695 len = -EFAULT;
4696 out:
4697 return len;
4698 }
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen)
4711 {
4712 struct inode *inode = d_inode(dentry);
4713 DEFINE_DELAYED_CALL(done);
4714 const char *link;
4715 int res;
4716
4717 if (unlikely(!(inode->i_opflags & IOP_DEFAULT_READLINK))) {
4718 if (unlikely(inode->i_op->readlink))
4719 return inode->i_op->readlink(dentry, buffer, buflen);
4720
4721 if (!d_is_symlink(dentry))
4722 return -EINVAL;
4723
4724 spin_lock(&inode->i_lock);
4725 inode->i_opflags |= IOP_DEFAULT_READLINK;
4726 spin_unlock(&inode->i_lock);
4727 }
4728
4729 link = READ_ONCE(inode->i_link);
4730 if (!link) {
4731 link = inode->i_op->get_link(dentry, inode, &done);
4732 if (IS_ERR(link))
4733 return PTR_ERR(link);
4734 }
4735 res = readlink_copy(buffer, buflen, link);
4736 do_delayed_call(&done);
4737 return res;
4738 }
4739 EXPORT_SYMBOL(vfs_readlink);
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752 const char *vfs_get_link(struct dentry *dentry, struct delayed_call *done)
4753 {
4754 const char *res = ERR_PTR(-EINVAL);
4755 struct inode *inode = d_inode(dentry);
4756
4757 if (d_is_symlink(dentry)) {
4758 res = ERR_PTR(security_inode_readlink(dentry));
4759 if (!res)
4760 res = inode->i_op->get_link(dentry, inode, done);
4761 }
4762 return res;
4763 }
4764 EXPORT_SYMBOL(vfs_get_link);
4765
4766
4767 const char *page_get_link(struct dentry *dentry, struct inode *inode,
4768 struct delayed_call *callback)
4769 {
4770 char *kaddr;
4771 struct page *page;
4772 struct address_space *mapping = inode->i_mapping;
4773
4774 if (!dentry) {
4775 page = find_get_page(mapping, 0);
4776 if (!page)
4777 return ERR_PTR(-ECHILD);
4778 if (!PageUptodate(page)) {
4779 put_page(page);
4780 return ERR_PTR(-ECHILD);
4781 }
4782 } else {
4783 page = read_mapping_page(mapping, 0, NULL);
4784 if (IS_ERR(page))
4785 return (char*)page;
4786 }
4787 set_delayed_call(callback, page_put_link, page);
4788 BUG_ON(mapping_gfp_mask(mapping) & __GFP_HIGHMEM);
4789 kaddr = page_address(page);
4790 nd_terminate_link(kaddr, inode->i_size, PAGE_SIZE - 1);
4791 return kaddr;
4792 }
4793
4794 EXPORT_SYMBOL(page_get_link);
4795
4796 void page_put_link(void *arg)
4797 {
4798 put_page(arg);
4799 }
4800 EXPORT_SYMBOL(page_put_link);
4801
4802 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
4803 {
4804 DEFINE_DELAYED_CALL(done);
4805 int res = readlink_copy(buffer, buflen,
4806 page_get_link(dentry, d_inode(dentry),
4807 &done));
4808 do_delayed_call(&done);
4809 return res;
4810 }
4811 EXPORT_SYMBOL(page_readlink);
4812
4813
4814
4815
4816 int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
4817 {
4818 struct address_space *mapping = inode->i_mapping;
4819 struct page *page;
4820 void *fsdata;
4821 int err;
4822 unsigned int flags = 0;
4823 if (nofs)
4824 flags |= AOP_FLAG_NOFS;
4825
4826 retry:
4827 err = pagecache_write_begin(NULL, mapping, 0, len-1,
4828 flags, &page, &fsdata);
4829 if (err)
4830 goto fail;
4831
4832 memcpy(page_address(page), symname, len-1);
4833
4834 err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
4835 page, fsdata);
4836 if (err < 0)
4837 goto fail;
4838 if (err < len-1)
4839 goto retry;
4840
4841 mark_inode_dirty(inode);
4842 return 0;
4843 fail:
4844 return err;
4845 }
4846 EXPORT_SYMBOL(__page_symlink);
4847
4848 int page_symlink(struct inode *inode, const char *symname, int len)
4849 {
4850 return __page_symlink(inode, symname, len,
4851 !mapping_gfp_constraint(inode->i_mapping, __GFP_FS));
4852 }
4853 EXPORT_SYMBOL(page_symlink);
4854
4855 const struct inode_operations page_symlink_inode_operations = {
4856 .get_link = page_get_link,
4857 };
4858 EXPORT_SYMBOL(page_symlink_inode_operations);