root/fs/namei.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. getname_flags
  2. getname
  3. getname_kernel
  4. putname
  5. check_acl
  6. acl_permission_check
  7. generic_permission
  8. do_inode_permission
  9. sb_permission
  10. inode_permission
  11. path_get
  12. path_put
  13. set_nameidata
  14. restore_nameidata
  15. __nd_alloc_stack
  16. path_connected
  17. nd_alloc_stack
  18. drop_links
  19. terminate_walk
  20. legitimize_path
  21. legitimize_links
  22. legitimize_root
  23. unlazy_walk
  24. unlazy_child
  25. d_revalidate
  26. complete_walk
  27. set_root
  28. path_put_conditional
  29. path_to_nameidata
  30. nd_jump_root
  31. nd_jump_link
  32. put_link
  33. may_follow_link
  34. safe_hardlink_source
  35. may_linkat
  36. may_create_in_sticky
  37. get_link
  38. follow_up
  39. follow_automount
  40. follow_managed
  41. follow_down_one
  42. managed_dentry_rcu
  43. __follow_mount_rcu
  44. follow_dotdot_rcu
  45. follow_down
  46. follow_mount
  47. path_parent_directory
  48. follow_dotdot
  49. lookup_dcache
  50. __lookup_hash
  51. lookup_fast
  52. __lookup_slow
  53. lookup_slow
  54. may_lookup
  55. handle_dots
  56. pick_link
  57. step_into
  58. walk_component
  59. fold_hash
  60. fold_hash
  61. full_name_hash
  62. hashlen_string
  63. hash_name
  64. full_name_hash
  65. hashlen_string
  66. hash_name
  67. link_path_walk
  68. path_init
  69. trailing_symlink
  70. lookup_last
  71. handle_lookup_down
  72. path_lookupat
  73. filename_lookup
  74. path_parentat
  75. filename_parentat
  76. kern_path_locked
  77. kern_path
  78. vfs_path_lookup
  79. lookup_one_len_common
  80. try_lookup_one_len
  81. lookup_one_len
  82. lookup_one_len_unlocked
  83. path_pts
  84. user_path_at_empty
  85. mountpoint_last
  86. path_mountpoint
  87. filename_mountpoint
  88. user_path_mountpoint_at
  89. kern_path_mountpoint
  90. __check_sticky
  91. may_delete
  92. may_create
  93. lock_rename
  94. unlock_rename
  95. vfs_create
  96. vfs_mkobj
  97. may_open_dev
  98. may_open
  99. handle_truncate
  100. open_to_namei_flags
  101. may_o_create
  102. atomic_open
  103. lookup_open
  104. do_last
  105. vfs_tmpfile
  106. do_tmpfile
  107. do_o_path
  108. path_openat
  109. do_filp_open
  110. do_file_open_root
  111. filename_create
  112. kern_path_create
  113. done_path_create
  114. user_path_create
  115. vfs_mknod
  116. may_mknod
  117. do_mknodat
  118. SYSCALL_DEFINE4
  119. SYSCALL_DEFINE3
  120. vfs_mkdir
  121. do_mkdirat
  122. SYSCALL_DEFINE3
  123. SYSCALL_DEFINE2
  124. vfs_rmdir
  125. do_rmdir
  126. SYSCALL_DEFINE1
  127. vfs_unlink
  128. do_unlinkat
  129. SYSCALL_DEFINE3
  130. SYSCALL_DEFINE1
  131. vfs_symlink
  132. do_symlinkat
  133. SYSCALL_DEFINE3
  134. SYSCALL_DEFINE2
  135. vfs_link
  136. do_linkat
  137. SYSCALL_DEFINE5
  138. SYSCALL_DEFINE2
  139. vfs_rename
  140. do_renameat2
  141. SYSCALL_DEFINE5
  142. SYSCALL_DEFINE4
  143. SYSCALL_DEFINE2
  144. vfs_whiteout
  145. readlink_copy
  146. vfs_readlink
  147. vfs_get_link
  148. page_get_link
  149. page_put_link
  150. page_readlink
  151. __page_symlink
  152. page_symlink

   1 // SPDX-License-Identifier: GPL-2.0
   2 /*
   3  *  linux/fs/namei.c
   4  *
   5  *  Copyright (C) 1991, 1992  Linus Torvalds
   6  */
   7 
   8 /*
   9  * Some corrections by tytso.
  10  */
  11 
  12 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
  13  * lookup logic.
  14  */
  15 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
  16  */
  17 
  18 #include <linux/init.h>
  19 #include <linux/export.h>
  20 #include <linux/kernel.h>
  21 #include <linux/slab.h>
  22 #include <linux/fs.h>
  23 #include <linux/namei.h>
  24 #include <linux/pagemap.h>
  25 #include <linux/fsnotify.h>
  26 #include <linux/personality.h>
  27 #include <linux/security.h>
  28 #include <linux/ima.h>
  29 #include <linux/syscalls.h>
  30 #include <linux/mount.h>
  31 #include <linux/audit.h>
  32 #include <linux/capability.h>
  33 #include <linux/file.h>
  34 #include <linux/fcntl.h>
  35 #include <linux/device_cgroup.h>
  36 #include <linux/fs_struct.h>
  37 #include <linux/posix_acl.h>
  38 #include <linux/hash.h>
  39 #include <linux/bitops.h>
  40 #include <linux/init_task.h>
  41 #include <linux/uaccess.h>
  42 
  43 #include "internal.h"
  44 #include "mount.h"
  45 
  46 /* [Feb-1997 T. Schoebel-Theuer]
  47  * Fundamental changes in the pathname lookup mechanisms (namei)
  48  * were necessary because of omirr.  The reason is that omirr needs
  49  * to know the _real_ pathname, not the user-supplied one, in case
  50  * of symlinks (and also when transname replacements occur).
  51  *
  52  * The new code replaces the old recursive symlink resolution with
  53  * an iterative one (in case of non-nested symlink chains).  It does
  54  * this with calls to <fs>_follow_link().
  55  * As a side effect, dir_namei(), _namei() and follow_link() are now 
  56  * replaced with a single function lookup_dentry() that can handle all 
  57  * the special cases of the former code.
  58  *
  59  * With the new dcache, the pathname is stored at each inode, at least as
  60  * long as the refcount of the inode is positive.  As a side effect, the
  61  * size of the dcache depends on the inode cache and thus is dynamic.
  62  *
  63  * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
  64  * resolution to correspond with current state of the code.
  65  *
  66  * Note that the symlink resolution is not *completely* iterative.
  67  * There is still a significant amount of tail- and mid- recursion in
  68  * the algorithm.  Also, note that <fs>_readlink() is not used in
  69  * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
  70  * may return different results than <fs>_follow_link().  Many virtual
  71  * filesystems (including /proc) exhibit this behavior.
  72  */
  73 
  74 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
  75  * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
  76  * and the name already exists in form of a symlink, try to create the new
  77  * name indicated by the symlink. The old code always complained that the
  78  * name already exists, due to not following the symlink even if its target
  79  * is nonexistent.  The new semantics affects also mknod() and link() when
  80  * the name is a symlink pointing to a non-existent name.
  81  *
  82  * I don't know which semantics is the right one, since I have no access
  83  * to standards. But I found by trial that HP-UX 9.0 has the full "new"
  84  * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
  85  * "old" one. Personally, I think the new semantics is much more logical.
  86  * Note that "ln old new" where "new" is a symlink pointing to a non-existing
  87  * file does succeed in both HP-UX and SunOs, but not in Solaris
  88  * and in the old Linux semantics.
  89  */
  90 
  91 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
  92  * semantics.  See the comments in "open_namei" and "do_link" below.
  93  *
  94  * [10-Sep-98 Alan Modra] Another symlink change.
  95  */
  96 
  97 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
  98  *      inside the path - always follow.
  99  *      in the last component in creation/removal/renaming - never follow.
 100  *      if LOOKUP_FOLLOW passed - follow.
 101  *      if the pathname has trailing slashes - follow.
 102  *      otherwise - don't follow.
 103  * (applied in that order).
 104  *
 105  * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
 106  * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
 107  * During the 2.4 we need to fix the userland stuff depending on it -
 108  * hopefully we will be able to get rid of that wart in 2.5. So far only
 109  * XEmacs seems to be relying on it...
 110  */
 111 /*
 112  * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
 113  * implemented.  Let's see if raised priority of ->s_vfs_rename_mutex gives
 114  * any extra contention...
 115  */
 116 
 117 /* In order to reduce some races, while at the same time doing additional
 118  * checking and hopefully speeding things up, we copy filenames to the
 119  * kernel data space before using them..
 120  *
 121  * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
 122  * PATH_MAX includes the nul terminator --RR.
 123  */
 124 
 125 #define EMBEDDED_NAME_MAX       (PATH_MAX - offsetof(struct filename, iname))
 126 
 127 struct filename *
 128 getname_flags(const char __user *filename, int flags, int *empty)
 129 {
 130         struct filename *result;
 131         char *kname;
 132         int len;
 133 
 134         result = audit_reusename(filename);
 135         if (result)
 136                 return result;
 137 
 138         result = __getname();
 139         if (unlikely(!result))
 140                 return ERR_PTR(-ENOMEM);
 141 
 142         /*
 143          * First, try to embed the struct filename inside the names_cache
 144          * allocation
 145          */
 146         kname = (char *)result->iname;
 147         result->name = kname;
 148 
 149         len = strncpy_from_user(kname, filename, EMBEDDED_NAME_MAX);
 150         if (unlikely(len < 0)) {
 151                 __putname(result);
 152                 return ERR_PTR(len);
 153         }
 154 
 155         /*
 156          * Uh-oh. We have a name that's approaching PATH_MAX. Allocate a
 157          * separate struct filename so we can dedicate the entire
 158          * names_cache allocation for the pathname, and re-do the copy from
 159          * userland.
 160          */
 161         if (unlikely(len == EMBEDDED_NAME_MAX)) {
 162                 const size_t size = offsetof(struct filename, iname[1]);
 163                 kname = (char *)result;
 164 
 165                 /*
 166                  * size is chosen that way we to guarantee that
 167                  * result->iname[0] is within the same object and that
 168                  * kname can't be equal to result->iname, no matter what.
 169                  */
 170                 result = kzalloc(size, GFP_KERNEL);
 171                 if (unlikely(!result)) {
 172                         __putname(kname);
 173                         return ERR_PTR(-ENOMEM);
 174                 }
 175                 result->name = kname;
 176                 len = strncpy_from_user(kname, filename, PATH_MAX);
 177                 if (unlikely(len < 0)) {
 178                         __putname(kname);
 179                         kfree(result);
 180                         return ERR_PTR(len);
 181                 }
 182                 if (unlikely(len == PATH_MAX)) {
 183                         __putname(kname);
 184                         kfree(result);
 185                         return ERR_PTR(-ENAMETOOLONG);
 186                 }
 187         }
 188 
 189         result->refcnt = 1;
 190         /* The empty path is special. */
 191         if (unlikely(!len)) {
 192                 if (empty)
 193                         *empty = 1;
 194                 if (!(flags & LOOKUP_EMPTY)) {
 195                         putname(result);
 196                         return ERR_PTR(-ENOENT);
 197                 }
 198         }
 199 
 200         result->uptr = filename;
 201         result->aname = NULL;
 202         audit_getname(result);
 203         return result;
 204 }
 205 
 206 struct filename *
 207 getname(const char __user * filename)
 208 {
 209         return getname_flags(filename, 0, NULL);
 210 }
 211 
 212 struct filename *
 213 getname_kernel(const char * filename)
 214 {
 215         struct filename *result;
 216         int len = strlen(filename) + 1;
 217 
 218         result = __getname();
 219         if (unlikely(!result))
 220                 return ERR_PTR(-ENOMEM);
 221 
 222         if (len <= EMBEDDED_NAME_MAX) {
 223                 result->name = (char *)result->iname;
 224         } else if (len <= PATH_MAX) {
 225                 const size_t size = offsetof(struct filename, iname[1]);
 226                 struct filename *tmp;
 227 
 228                 tmp = kmalloc(size, GFP_KERNEL);
 229                 if (unlikely(!tmp)) {
 230                         __putname(result);
 231                         return ERR_PTR(-ENOMEM);
 232                 }
 233                 tmp->name = (char *)result;
 234                 result = tmp;
 235         } else {
 236                 __putname(result);
 237                 return ERR_PTR(-ENAMETOOLONG);
 238         }
 239         memcpy((char *)result->name, filename, len);
 240         result->uptr = NULL;
 241         result->aname = NULL;
 242         result->refcnt = 1;
 243         audit_getname(result);
 244 
 245         return result;
 246 }
 247 
 248 void putname(struct filename *name)
 249 {
 250         BUG_ON(name->refcnt <= 0);
 251 
 252         if (--name->refcnt > 0)
 253                 return;
 254 
 255         if (name->name != name->iname) {
 256                 __putname(name->name);
 257                 kfree(name);
 258         } else
 259                 __putname(name);
 260 }
 261 
 262 static int check_acl(struct inode *inode, int mask)
 263 {
 264 #ifdef CONFIG_FS_POSIX_ACL
 265         struct posix_acl *acl;
 266 
 267         if (mask & MAY_NOT_BLOCK) {
 268                 acl = get_cached_acl_rcu(inode, ACL_TYPE_ACCESS);
 269                 if (!acl)
 270                         return -EAGAIN;
 271                 /* no ->get_acl() calls in RCU mode... */
 272                 if (is_uncached_acl(acl))
 273                         return -ECHILD;
 274                 return posix_acl_permission(inode, acl, mask & ~MAY_NOT_BLOCK);
 275         }
 276 
 277         acl = get_acl(inode, ACL_TYPE_ACCESS);
 278         if (IS_ERR(acl))
 279                 return PTR_ERR(acl);
 280         if (acl) {
 281                 int error = posix_acl_permission(inode, acl, mask);
 282                 posix_acl_release(acl);
 283                 return error;
 284         }
 285 #endif
 286 
 287         return -EAGAIN;
 288 }
 289 
 290 /*
 291  * This does the basic permission checking
 292  */
 293 static int acl_permission_check(struct inode *inode, int mask)
 294 {
 295         unsigned int mode = inode->i_mode;
 296 
 297         if (likely(uid_eq(current_fsuid(), inode->i_uid)))
 298                 mode >>= 6;
 299         else {
 300                 if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
 301                         int error = check_acl(inode, mask);
 302                         if (error != -EAGAIN)
 303                                 return error;
 304                 }
 305 
 306                 if (in_group_p(inode->i_gid))
 307                         mode >>= 3;
 308         }
 309 
 310         /*
 311          * If the DACs are ok we don't need any capability check.
 312          */
 313         if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
 314                 return 0;
 315         return -EACCES;
 316 }
 317 
 318 /**
 319  * generic_permission -  check for access rights on a Posix-like filesystem
 320  * @inode:      inode to check access rights for
 321  * @mask:       right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC, ...)
 322  *
 323  * Used to check for read/write/execute permissions on a file.
 324  * We use "fsuid" for this, letting us set arbitrary permissions
 325  * for filesystem access without changing the "normal" uids which
 326  * are used for other things.
 327  *
 328  * generic_permission is rcu-walk aware. It returns -ECHILD in case an rcu-walk
 329  * request cannot be satisfied (eg. requires blocking or too much complexity).
 330  * It would then be called again in ref-walk mode.
 331  */
 332 int generic_permission(struct inode *inode, int mask)
 333 {
 334         int ret;
 335 
 336         /*
 337          * Do the basic permission checks.
 338          */
 339         ret = acl_permission_check(inode, mask);
 340         if (ret != -EACCES)
 341                 return ret;
 342 
 343         if (S_ISDIR(inode->i_mode)) {
 344                 /* DACs are overridable for directories */
 345                 if (!(mask & MAY_WRITE))
 346                         if (capable_wrt_inode_uidgid(inode,
 347                                                      CAP_DAC_READ_SEARCH))
 348                                 return 0;
 349                 if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
 350                         return 0;
 351                 return -EACCES;
 352         }
 353 
 354         /*
 355          * Searching includes executable on directories, else just read.
 356          */
 357         mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
 358         if (mask == MAY_READ)
 359                 if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
 360                         return 0;
 361         /*
 362          * Read/write DACs are always overridable.
 363          * Executable DACs are overridable when there is
 364          * at least one exec bit set.
 365          */
 366         if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
 367                 if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
 368                         return 0;
 369 
 370         return -EACCES;
 371 }
 372 EXPORT_SYMBOL(generic_permission);
 373 
 374 /*
 375  * We _really_ want to just do "generic_permission()" without
 376  * even looking at the inode->i_op values. So we keep a cache
 377  * flag in inode->i_opflags, that says "this has not special
 378  * permission function, use the fast case".
 379  */
 380 static inline int do_inode_permission(struct inode *inode, int mask)
 381 {
 382         if (unlikely(!(inode->i_opflags & IOP_FASTPERM))) {
 383                 if (likely(inode->i_op->permission))
 384                         return inode->i_op->permission(inode, mask);
 385 
 386                 /* This gets set once for the inode lifetime */
 387                 spin_lock(&inode->i_lock);
 388                 inode->i_opflags |= IOP_FASTPERM;
 389                 spin_unlock(&inode->i_lock);
 390         }
 391         return generic_permission(inode, mask);
 392 }
 393 
 394 /**
 395  * sb_permission - Check superblock-level permissions
 396  * @sb: Superblock of inode to check permission on
 397  * @inode: Inode to check permission on
 398  * @mask: Right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
 399  *
 400  * Separate out file-system wide checks from inode-specific permission checks.
 401  */
 402 static int sb_permission(struct super_block *sb, struct inode *inode, int mask)
 403 {
 404         if (unlikely(mask & MAY_WRITE)) {
 405                 umode_t mode = inode->i_mode;
 406 
 407                 /* Nobody gets write access to a read-only fs. */
 408                 if (sb_rdonly(sb) && (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
 409                         return -EROFS;
 410         }
 411         return 0;
 412 }
 413 
 414 /**
 415  * inode_permission - Check for access rights to a given inode
 416  * @inode: Inode to check permission on
 417  * @mask: Right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
 418  *
 419  * Check for read/write/execute permissions on an inode.  We use fs[ug]id for
 420  * this, letting us set arbitrary permissions for filesystem access without
 421  * changing the "normal" UIDs which are used for other things.
 422  *
 423  * When checking for MAY_APPEND, MAY_WRITE must also be set in @mask.
 424  */
 425 int inode_permission(struct inode *inode, int mask)
 426 {
 427         int retval;
 428 
 429         retval = sb_permission(inode->i_sb, inode, mask);
 430         if (retval)
 431                 return retval;
 432 
 433         if (unlikely(mask & MAY_WRITE)) {
 434                 /*
 435                  * Nobody gets write access to an immutable file.
 436                  */
 437                 if (IS_IMMUTABLE(inode))
 438                         return -EPERM;
 439 
 440                 /*
 441                  * Updating mtime will likely cause i_uid and i_gid to be
 442                  * written back improperly if their true value is unknown
 443                  * to the vfs.
 444                  */
 445                 if (HAS_UNMAPPED_ID(inode))
 446                         return -EACCES;
 447         }
 448 
 449         retval = do_inode_permission(inode, mask);
 450         if (retval)
 451                 return retval;
 452 
 453         retval = devcgroup_inode_permission(inode, mask);
 454         if (retval)
 455                 return retval;
 456 
 457         return security_inode_permission(inode, mask);
 458 }
 459 EXPORT_SYMBOL(inode_permission);
 460 
 461 /**
 462  * path_get - get a reference to a path
 463  * @path: path to get the reference to
 464  *
 465  * Given a path increment the reference count to the dentry and the vfsmount.
 466  */
 467 void path_get(const struct path *path)
 468 {
 469         mntget(path->mnt);
 470         dget(path->dentry);
 471 }
 472 EXPORT_SYMBOL(path_get);
 473 
 474 /**
 475  * path_put - put a reference to a path
 476  * @path: path to put the reference to
 477  *
 478  * Given a path decrement the reference count to the dentry and the vfsmount.
 479  */
 480 void path_put(const struct path *path)
 481 {
 482         dput(path->dentry);
 483         mntput(path->mnt);
 484 }
 485 EXPORT_SYMBOL(path_put);
 486 
 487 #define EMBEDDED_LEVELS 2
 488 struct nameidata {
 489         struct path     path;
 490         struct qstr     last;
 491         struct path     root;
 492         struct inode    *inode; /* path.dentry.d_inode */
 493         unsigned int    flags;
 494         unsigned        seq, m_seq;
 495         int             last_type;
 496         unsigned        depth;
 497         int             total_link_count;
 498         struct saved {
 499                 struct path link;
 500                 struct delayed_call done;
 501                 const char *name;
 502                 unsigned seq;
 503         } *stack, internal[EMBEDDED_LEVELS];
 504         struct filename *name;
 505         struct nameidata *saved;
 506         struct inode    *link_inode;
 507         unsigned        root_seq;
 508         int             dfd;
 509 } __randomize_layout;
 510 
 511 static void set_nameidata(struct nameidata *p, int dfd, struct filename *name)
 512 {
 513         struct nameidata *old = current->nameidata;
 514         p->stack = p->internal;
 515         p->dfd = dfd;
 516         p->name = name;
 517         p->total_link_count = old ? old->total_link_count : 0;
 518         p->saved = old;
 519         current->nameidata = p;
 520 }
 521 
 522 static void restore_nameidata(void)
 523 {
 524         struct nameidata *now = current->nameidata, *old = now->saved;
 525 
 526         current->nameidata = old;
 527         if (old)
 528                 old->total_link_count = now->total_link_count;
 529         if (now->stack != now->internal)
 530                 kfree(now->stack);
 531 }
 532 
 533 static int __nd_alloc_stack(struct nameidata *nd)
 534 {
 535         struct saved *p;
 536 
 537         if (nd->flags & LOOKUP_RCU) {
 538                 p= kmalloc_array(MAXSYMLINKS, sizeof(struct saved),
 539                                   GFP_ATOMIC);
 540                 if (unlikely(!p))
 541                         return -ECHILD;
 542         } else {
 543                 p= kmalloc_array(MAXSYMLINKS, sizeof(struct saved),
 544                                   GFP_KERNEL);
 545                 if (unlikely(!p))
 546                         return -ENOMEM;
 547         }
 548         memcpy(p, nd->internal, sizeof(nd->internal));
 549         nd->stack = p;
 550         return 0;
 551 }
 552 
 553 /**
 554  * path_connected - Verify that a path->dentry is below path->mnt.mnt_root
 555  * @path: nameidate to verify
 556  *
 557  * Rename can sometimes move a file or directory outside of a bind
 558  * mount, path_connected allows those cases to be detected.
 559  */
 560 static bool path_connected(const struct path *path)
 561 {
 562         struct vfsmount *mnt = path->mnt;
 563         struct super_block *sb = mnt->mnt_sb;
 564 
 565         /* Bind mounts and multi-root filesystems can have disconnected paths */
 566         if (!(sb->s_iflags & SB_I_MULTIROOT) && (mnt->mnt_root == sb->s_root))
 567                 return true;
 568 
 569         return is_subdir(path->dentry, mnt->mnt_root);
 570 }
 571 
 572 static inline int nd_alloc_stack(struct nameidata *nd)
 573 {
 574         if (likely(nd->depth != EMBEDDED_LEVELS))
 575                 return 0;
 576         if (likely(nd->stack != nd->internal))
 577                 return 0;
 578         return __nd_alloc_stack(nd);
 579 }
 580 
 581 static void drop_links(struct nameidata *nd)
 582 {
 583         int i = nd->depth;
 584         while (i--) {
 585                 struct saved *last = nd->stack + i;
 586                 do_delayed_call(&last->done);
 587                 clear_delayed_call(&last->done);
 588         }
 589 }
 590 
 591 static void terminate_walk(struct nameidata *nd)
 592 {
 593         drop_links(nd);
 594         if (!(nd->flags & LOOKUP_RCU)) {
 595                 int i;
 596                 path_put(&nd->path);
 597                 for (i = 0; i < nd->depth; i++)
 598                         path_put(&nd->stack[i].link);
 599                 if (nd->flags & LOOKUP_ROOT_GRABBED) {
 600                         path_put(&nd->root);
 601                         nd->flags &= ~LOOKUP_ROOT_GRABBED;
 602                 }
 603         } else {
 604                 nd->flags &= ~LOOKUP_RCU;
 605                 rcu_read_unlock();
 606         }
 607         nd->depth = 0;
 608 }
 609 
 610 /* path_put is needed afterwards regardless of success or failure */
 611 static bool legitimize_path(struct nameidata *nd,
 612                             struct path *path, unsigned seq)
 613 {
 614         int res = __legitimize_mnt(path->mnt, nd->m_seq);
 615         if (unlikely(res)) {
 616                 if (res > 0)
 617                         path->mnt = NULL;
 618                 path->dentry = NULL;
 619                 return false;
 620         }
 621         if (unlikely(!lockref_get_not_dead(&path->dentry->d_lockref))) {
 622                 path->dentry = NULL;
 623                 return false;
 624         }
 625         return !read_seqcount_retry(&path->dentry->d_seq, seq);
 626 }
 627 
 628 static bool legitimize_links(struct nameidata *nd)
 629 {
 630         int i;
 631         for (i = 0; i < nd->depth; i++) {
 632                 struct saved *last = nd->stack + i;
 633                 if (unlikely(!legitimize_path(nd, &last->link, last->seq))) {
 634                         drop_links(nd);
 635                         nd->depth = i + 1;
 636                         return false;
 637                 }
 638         }
 639         return true;
 640 }
 641 
 642 static bool legitimize_root(struct nameidata *nd)
 643 {
 644         if (!nd->root.mnt || (nd->flags & LOOKUP_ROOT))
 645                 return true;
 646         nd->flags |= LOOKUP_ROOT_GRABBED;
 647         return legitimize_path(nd, &nd->root, nd->root_seq);
 648 }
 649 
 650 /*
 651  * Path walking has 2 modes, rcu-walk and ref-walk (see
 652  * Documentation/filesystems/path-lookup.txt).  In situations when we can't
 653  * continue in RCU mode, we attempt to drop out of rcu-walk mode and grab
 654  * normal reference counts on dentries and vfsmounts to transition to ref-walk
 655  * mode.  Refcounts are grabbed at the last known good point before rcu-walk
 656  * got stuck, so ref-walk may continue from there. If this is not successful
 657  * (eg. a seqcount has changed), then failure is returned and it's up to caller
 658  * to restart the path walk from the beginning in ref-walk mode.
 659  */
 660 
 661 /**
 662  * unlazy_walk - try to switch to ref-walk mode.
 663  * @nd: nameidata pathwalk data
 664  * Returns: 0 on success, -ECHILD on failure
 665  *
 666  * unlazy_walk attempts to legitimize the current nd->path and nd->root
 667  * for ref-walk mode.
 668  * Must be called from rcu-walk context.
 669  * Nothing should touch nameidata between unlazy_walk() failure and
 670  * terminate_walk().
 671  */
 672 static int unlazy_walk(struct nameidata *nd)
 673 {
 674         struct dentry *parent = nd->path.dentry;
 675 
 676         BUG_ON(!(nd->flags & LOOKUP_RCU));
 677 
 678         nd->flags &= ~LOOKUP_RCU;
 679         if (unlikely(!legitimize_links(nd)))
 680                 goto out1;
 681         if (unlikely(!legitimize_path(nd, &nd->path, nd->seq)))
 682                 goto out;
 683         if (unlikely(!legitimize_root(nd)))
 684                 goto out;
 685         rcu_read_unlock();
 686         BUG_ON(nd->inode != parent->d_inode);
 687         return 0;
 688 
 689 out1:
 690         nd->path.mnt = NULL;
 691         nd->path.dentry = NULL;
 692 out:
 693         rcu_read_unlock();
 694         return -ECHILD;
 695 }
 696 
 697 /**
 698  * unlazy_child - try to switch to ref-walk mode.
 699  * @nd: nameidata pathwalk data
 700  * @dentry: child of nd->path.dentry
 701  * @seq: seq number to check dentry against
 702  * Returns: 0 on success, -ECHILD on failure
 703  *
 704  * unlazy_child attempts to legitimize the current nd->path, nd->root and dentry
 705  * for ref-walk mode.  @dentry must be a path found by a do_lookup call on
 706  * @nd.  Must be called from rcu-walk context.
 707  * Nothing should touch nameidata between unlazy_child() failure and
 708  * terminate_walk().
 709  */
 710 static int unlazy_child(struct nameidata *nd, struct dentry *dentry, unsigned seq)
 711 {
 712         BUG_ON(!(nd->flags & LOOKUP_RCU));
 713 
 714         nd->flags &= ~LOOKUP_RCU;
 715         if (unlikely(!legitimize_links(nd)))
 716                 goto out2;
 717         if (unlikely(!legitimize_mnt(nd->path.mnt, nd->m_seq)))
 718                 goto out2;
 719         if (unlikely(!lockref_get_not_dead(&nd->path.dentry->d_lockref)))
 720                 goto out1;
 721 
 722         /*
 723          * We need to move both the parent and the dentry from the RCU domain
 724          * to be properly refcounted. And the sequence number in the dentry
 725          * validates *both* dentry counters, since we checked the sequence
 726          * number of the parent after we got the child sequence number. So we
 727          * know the parent must still be valid if the child sequence number is
 728          */
 729         if (unlikely(!lockref_get_not_dead(&dentry->d_lockref)))
 730                 goto out;
 731         if (unlikely(read_seqcount_retry(&dentry->d_seq, seq)))
 732                 goto out_dput;
 733         /*
 734          * Sequence counts matched. Now make sure that the root is
 735          * still valid and get it if required.
 736          */
 737         if (unlikely(!legitimize_root(nd)))
 738                 goto out_dput;
 739         rcu_read_unlock();
 740         return 0;
 741 
 742 out2:
 743         nd->path.mnt = NULL;
 744 out1:
 745         nd->path.dentry = NULL;
 746 out:
 747         rcu_read_unlock();
 748         return -ECHILD;
 749 out_dput:
 750         rcu_read_unlock();
 751         dput(dentry);
 752         return -ECHILD;
 753 }
 754 
 755 static inline int d_revalidate(struct dentry *dentry, unsigned int flags)
 756 {
 757         if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE))
 758                 return dentry->d_op->d_revalidate(dentry, flags);
 759         else
 760                 return 1;
 761 }
 762 
 763 /**
 764  * complete_walk - successful completion of path walk
 765  * @nd:  pointer nameidata
 766  *
 767  * If we had been in RCU mode, drop out of it and legitimize nd->path.
 768  * Revalidate the final result, unless we'd already done that during
 769  * the path walk or the filesystem doesn't ask for it.  Return 0 on
 770  * success, -error on failure.  In case of failure caller does not
 771  * need to drop nd->path.
 772  */
 773 static int complete_walk(struct nameidata *nd)
 774 {
 775         struct dentry *dentry = nd->path.dentry;
 776         int status;
 777 
 778         if (nd->flags & LOOKUP_RCU) {
 779                 if (!(nd->flags & LOOKUP_ROOT))
 780                         nd->root.mnt = NULL;
 781                 if (unlikely(unlazy_walk(nd)))
 782                         return -ECHILD;
 783         }
 784 
 785         if (likely(!(nd->flags & LOOKUP_JUMPED)))
 786                 return 0;
 787 
 788         if (likely(!(dentry->d_flags & DCACHE_OP_WEAK_REVALIDATE)))
 789                 return 0;
 790 
 791         status = dentry->d_op->d_weak_revalidate(dentry, nd->flags);
 792         if (status > 0)
 793                 return 0;
 794 
 795         if (!status)
 796                 status = -ESTALE;
 797 
 798         return status;
 799 }
 800 
 801 static void set_root(struct nameidata *nd)
 802 {
 803         struct fs_struct *fs = current->fs;
 804 
 805         if (nd->flags & LOOKUP_RCU) {
 806                 unsigned seq;
 807 
 808                 do {
 809                         seq = read_seqcount_begin(&fs->seq);
 810                         nd->root = fs->root;
 811                         nd->root_seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
 812                 } while (read_seqcount_retry(&fs->seq, seq));
 813         } else {
 814                 get_fs_root(fs, &nd->root);
 815                 nd->flags |= LOOKUP_ROOT_GRABBED;
 816         }
 817 }
 818 
 819 static void path_put_conditional(struct path *path, struct nameidata *nd)
 820 {
 821         dput(path->dentry);
 822         if (path->mnt != nd->path.mnt)
 823                 mntput(path->mnt);
 824 }
 825 
 826 static inline void path_to_nameidata(const struct path *path,
 827                                         struct nameidata *nd)
 828 {
 829         if (!(nd->flags & LOOKUP_RCU)) {
 830                 dput(nd->path.dentry);
 831                 if (nd->path.mnt != path->mnt)
 832                         mntput(nd->path.mnt);
 833         }
 834         nd->path.mnt = path->mnt;
 835         nd->path.dentry = path->dentry;
 836 }
 837 
 838 static int nd_jump_root(struct nameidata *nd)
 839 {
 840         if (nd->flags & LOOKUP_RCU) {
 841                 struct dentry *d;
 842                 nd->path = nd->root;
 843                 d = nd->path.dentry;
 844                 nd->inode = d->d_inode;
 845                 nd->seq = nd->root_seq;
 846                 if (unlikely(read_seqcount_retry(&d->d_seq, nd->seq)))
 847                         return -ECHILD;
 848         } else {
 849                 path_put(&nd->path);
 850                 nd->path = nd->root;
 851                 path_get(&nd->path);
 852                 nd->inode = nd->path.dentry->d_inode;
 853         }
 854         nd->flags |= LOOKUP_JUMPED;
 855         return 0;
 856 }
 857 
 858 /*
 859  * Helper to directly jump to a known parsed path from ->get_link,
 860  * caller must have taken a reference to path beforehand.
 861  */
 862 void nd_jump_link(struct path *path)
 863 {
 864         struct nameidata *nd = current->nameidata;
 865         path_put(&nd->path);
 866 
 867         nd->path = *path;
 868         nd->inode = nd->path.dentry->d_inode;
 869         nd->flags |= LOOKUP_JUMPED;
 870 }
 871 
 872 static inline void put_link(struct nameidata *nd)
 873 {
 874         struct saved *last = nd->stack + --nd->depth;
 875         do_delayed_call(&last->done);
 876         if (!(nd->flags & LOOKUP_RCU))
 877                 path_put(&last->link);
 878 }
 879 
 880 int sysctl_protected_symlinks __read_mostly = 0;
 881 int sysctl_protected_hardlinks __read_mostly = 0;
 882 int sysctl_protected_fifos __read_mostly;
 883 int sysctl_protected_regular __read_mostly;
 884 
 885 /**
 886  * may_follow_link - Check symlink following for unsafe situations
 887  * @nd: nameidata pathwalk data
 888  *
 889  * In the case of the sysctl_protected_symlinks sysctl being enabled,
 890  * CAP_DAC_OVERRIDE needs to be specifically ignored if the symlink is
 891  * in a sticky world-writable directory. This is to protect privileged
 892  * processes from failing races against path names that may change out
 893  * from under them by way of other users creating malicious symlinks.
 894  * It will permit symlinks to be followed only when outside a sticky
 895  * world-writable directory, or when the uid of the symlink and follower
 896  * match, or when the directory owner matches the symlink's owner.
 897  *
 898  * Returns 0 if following the symlink is allowed, -ve on error.
 899  */
 900 static inline int may_follow_link(struct nameidata *nd)
 901 {
 902         const struct inode *inode;
 903         const struct inode *parent;
 904         kuid_t puid;
 905 
 906         if (!sysctl_protected_symlinks)
 907                 return 0;
 908 
 909         /* Allowed if owner and follower match. */
 910         inode = nd->link_inode;
 911         if (uid_eq(current_cred()->fsuid, inode->i_uid))
 912                 return 0;
 913 
 914         /* Allowed if parent directory not sticky and world-writable. */
 915         parent = nd->inode;
 916         if ((parent->i_mode & (S_ISVTX|S_IWOTH)) != (S_ISVTX|S_IWOTH))
 917                 return 0;
 918 
 919         /* Allowed if parent directory and link owner match. */
 920         puid = parent->i_uid;
 921         if (uid_valid(puid) && uid_eq(puid, inode->i_uid))
 922                 return 0;
 923 
 924         if (nd->flags & LOOKUP_RCU)
 925                 return -ECHILD;
 926 
 927         audit_inode(nd->name, nd->stack[0].link.dentry, 0);
 928         audit_log_link_denied("follow_link");
 929         return -EACCES;
 930 }
 931 
 932 /**
 933  * safe_hardlink_source - Check for safe hardlink conditions
 934  * @inode: the source inode to hardlink from
 935  *
 936  * Return false if at least one of the following conditions:
 937  *    - inode is not a regular file
 938  *    - inode is setuid
 939  *    - inode is setgid and group-exec
 940  *    - access failure for read and write
 941  *
 942  * Otherwise returns true.
 943  */
 944 static bool safe_hardlink_source(struct inode *inode)
 945 {
 946         umode_t mode = inode->i_mode;
 947 
 948         /* Special files should not get pinned to the filesystem. */
 949         if (!S_ISREG(mode))
 950                 return false;
 951 
 952         /* Setuid files should not get pinned to the filesystem. */
 953         if (mode & S_ISUID)
 954                 return false;
 955 
 956         /* Executable setgid files should not get pinned to the filesystem. */
 957         if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
 958                 return false;
 959 
 960         /* Hardlinking to unreadable or unwritable sources is dangerous. */
 961         if (inode_permission(inode, MAY_READ | MAY_WRITE))
 962                 return false;
 963 
 964         return true;
 965 }
 966 
 967 /**
 968  * may_linkat - Check permissions for creating a hardlink
 969  * @link: the source to hardlink from
 970  *
 971  * Block hardlink when all of:
 972  *  - sysctl_protected_hardlinks enabled
 973  *  - fsuid does not match inode
 974  *  - hardlink source is unsafe (see safe_hardlink_source() above)
 975  *  - not CAP_FOWNER in a namespace with the inode owner uid mapped
 976  *
 977  * Returns 0 if successful, -ve on error.
 978  */
 979 static int may_linkat(struct path *link)
 980 {
 981         struct inode *inode = link->dentry->d_inode;
 982 
 983         /* Inode writeback is not safe when the uid or gid are invalid. */
 984         if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
 985                 return -EOVERFLOW;
 986 
 987         if (!sysctl_protected_hardlinks)
 988                 return 0;
 989 
 990         /* Source inode owner (or CAP_FOWNER) can hardlink all they like,
 991          * otherwise, it must be a safe source.
 992          */
 993         if (safe_hardlink_source(inode) || inode_owner_or_capable(inode))
 994                 return 0;
 995 
 996         audit_log_link_denied("linkat");
 997         return -EPERM;
 998 }
 999 
1000 /**
1001  * may_create_in_sticky - Check whether an O_CREAT open in a sticky directory
1002  *                        should be allowed, or not, on files that already
1003  *                        exist.
1004  * @dir_mode: mode bits of directory
1005  * @dir_uid: owner of directory
1006  * @inode: the inode of the file to open
1007  *
1008  * Block an O_CREAT open of a FIFO (or a regular file) when:
1009  *   - sysctl_protected_fifos (or sysctl_protected_regular) is enabled
1010  *   - the file already exists
1011  *   - we are in a sticky directory
1012  *   - we don't own the file
1013  *   - the owner of the directory doesn't own the file
1014  *   - the directory is world writable
1015  * If the sysctl_protected_fifos (or sysctl_protected_regular) is set to 2
1016  * the directory doesn't have to be world writable: being group writable will
1017  * be enough.
1018  *
1019  * Returns 0 if the open is allowed, -ve on error.
1020  */
1021 static int may_create_in_sticky(umode_t dir_mode, kuid_t dir_uid,
1022                                 struct inode * const inode)
1023 {
1024         if ((!sysctl_protected_fifos && S_ISFIFO(inode->i_mode)) ||
1025             (!sysctl_protected_regular && S_ISREG(inode->i_mode)) ||
1026             likely(!(dir_mode & S_ISVTX)) ||
1027             uid_eq(inode->i_uid, dir_uid) ||
1028             uid_eq(current_fsuid(), inode->i_uid))
1029                 return 0;
1030 
1031         if (likely(dir_mode & 0002) ||
1032             (dir_mode & 0020 &&
1033              ((sysctl_protected_fifos >= 2 && S_ISFIFO(inode->i_mode)) ||
1034               (sysctl_protected_regular >= 2 && S_ISREG(inode->i_mode))))) {
1035                 return -EACCES;
1036         }
1037         return 0;
1038 }
1039 
1040 static __always_inline
1041 const char *get_link(struct nameidata *nd)
1042 {
1043         struct saved *last = nd->stack + nd->depth - 1;
1044         struct dentry *dentry = last->link.dentry;
1045         struct inode *inode = nd->link_inode;
1046         int error;
1047         const char *res;
1048 
1049         if (!(nd->flags & LOOKUP_RCU)) {
1050                 touch_atime(&last->link);
1051                 cond_resched();
1052         } else if (atime_needs_update(&last->link, inode)) {
1053                 if (unlikely(unlazy_walk(nd)))
1054                         return ERR_PTR(-ECHILD);
1055                 touch_atime(&last->link);
1056         }
1057 
1058         error = security_inode_follow_link(dentry, inode,
1059                                            nd->flags & LOOKUP_RCU);
1060         if (unlikely(error))
1061                 return ERR_PTR(error);
1062 
1063         nd->last_type = LAST_BIND;
1064         res = READ_ONCE(inode->i_link);
1065         if (!res) {
1066                 const char * (*get)(struct dentry *, struct inode *,
1067                                 struct delayed_call *);
1068                 get = inode->i_op->get_link;
1069                 if (nd->flags & LOOKUP_RCU) {
1070                         res = get(NULL, inode, &last->done);
1071                         if (res == ERR_PTR(-ECHILD)) {
1072                                 if (unlikely(unlazy_walk(nd)))
1073                                         return ERR_PTR(-ECHILD);
1074                                 res = get(dentry, inode, &last->done);
1075                         }
1076                 } else {
1077                         res = get(dentry, inode, &last->done);
1078                 }
1079                 if (IS_ERR_OR_NULL(res))
1080                         return res;
1081         }
1082         if (*res == '/') {
1083                 if (!nd->root.mnt)
1084                         set_root(nd);
1085                 if (unlikely(nd_jump_root(nd)))
1086                         return ERR_PTR(-ECHILD);
1087                 while (unlikely(*++res == '/'))
1088                         ;
1089         }
1090         if (!*res)
1091                 res = NULL;
1092         return res;
1093 }
1094 
1095 /*
1096  * follow_up - Find the mountpoint of path's vfsmount
1097  *
1098  * Given a path, find the mountpoint of its source file system.
1099  * Replace @path with the path of the mountpoint in the parent mount.
1100  * Up is towards /.
1101  *
1102  * Return 1 if we went up a level and 0 if we were already at the
1103  * root.
1104  */
1105 int follow_up(struct path *path)
1106 {
1107         struct mount *mnt = real_mount(path->mnt);
1108         struct mount *parent;
1109         struct dentry *mountpoint;
1110 
1111         read_seqlock_excl(&mount_lock);
1112         parent = mnt->mnt_parent;
1113         if (parent == mnt) {
1114                 read_sequnlock_excl(&mount_lock);
1115                 return 0;
1116         }
1117         mntget(&parent->mnt);
1118         mountpoint = dget(mnt->mnt_mountpoint);
1119         read_sequnlock_excl(&mount_lock);
1120         dput(path->dentry);
1121         path->dentry = mountpoint;
1122         mntput(path->mnt);
1123         path->mnt = &parent->mnt;
1124         return 1;
1125 }
1126 EXPORT_SYMBOL(follow_up);
1127 
1128 /*
1129  * Perform an automount
1130  * - return -EISDIR to tell follow_managed() to stop and return the path we
1131  *   were called with.
1132  */
1133 static int follow_automount(struct path *path, struct nameidata *nd,
1134                             bool *need_mntput)
1135 {
1136         struct vfsmount *mnt;
1137         int err;
1138 
1139         if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
1140                 return -EREMOTE;
1141 
1142         /* We don't want to mount if someone's just doing a stat -
1143          * unless they're stat'ing a directory and appended a '/' to
1144          * the name.
1145          *
1146          * We do, however, want to mount if someone wants to open or
1147          * create a file of any type under the mountpoint, wants to
1148          * traverse through the mountpoint or wants to open the
1149          * mounted directory.  Also, autofs may mark negative dentries
1150          * as being automount points.  These will need the attentions
1151          * of the daemon to instantiate them before they can be used.
1152          */
1153         if (!(nd->flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY |
1154                            LOOKUP_OPEN | LOOKUP_CREATE | LOOKUP_AUTOMOUNT)) &&
1155             path->dentry->d_inode)
1156                 return -EISDIR;
1157 
1158         nd->total_link_count++;
1159         if (nd->total_link_count >= 40)
1160                 return -ELOOP;
1161 
1162         mnt = path->dentry->d_op->d_automount(path);
1163         if (IS_ERR(mnt)) {
1164                 /*
1165                  * The filesystem is allowed to return -EISDIR here to indicate
1166                  * it doesn't want to automount.  For instance, autofs would do
1167                  * this so that its userspace daemon can mount on this dentry.
1168                  *
1169                  * However, we can only permit this if it's a terminal point in
1170                  * the path being looked up; if it wasn't then the remainder of
1171                  * the path is inaccessible and we should say so.
1172                  */
1173                 if (PTR_ERR(mnt) == -EISDIR && (nd->flags & LOOKUP_PARENT))
1174                         return -EREMOTE;
1175                 return PTR_ERR(mnt);
1176         }
1177 
1178         if (!mnt) /* mount collision */
1179                 return 0;
1180 
1181         if (!*need_mntput) {
1182                 /* lock_mount() may release path->mnt on error */
1183                 mntget(path->mnt);
1184                 *need_mntput = true;
1185         }
1186         err = finish_automount(mnt, path);
1187 
1188         switch (err) {
1189         case -EBUSY:
1190                 /* Someone else made a mount here whilst we were busy */
1191                 return 0;
1192         case 0:
1193                 path_put(path);
1194                 path->mnt = mnt;
1195                 path->dentry = dget(mnt->mnt_root);
1196                 return 0;
1197         default:
1198                 return err;
1199         }
1200 
1201 }
1202 
1203 /*
1204  * Handle a dentry that is managed in some way.
1205  * - Flagged for transit management (autofs)
1206  * - Flagged as mountpoint
1207  * - Flagged as automount point
1208  *
1209  * This may only be called in refwalk mode.
1210  *
1211  * Serialization is taken care of in namespace.c
1212  */
1213 static int follow_managed(struct path *path, struct nameidata *nd)
1214 {
1215         struct vfsmount *mnt = path->mnt; /* held by caller, must be left alone */
1216         unsigned managed;
1217         bool need_mntput = false;
1218         int ret = 0;
1219 
1220         /* Given that we're not holding a lock here, we retain the value in a
1221          * local variable for each dentry as we look at it so that we don't see
1222          * the components of that value change under us */
1223         while (managed = READ_ONCE(path->dentry->d_flags),
1224                managed &= DCACHE_MANAGED_DENTRY,
1225                unlikely(managed != 0)) {
1226                 /* Allow the filesystem to manage the transit without i_mutex
1227                  * being held. */
1228                 if (managed & DCACHE_MANAGE_TRANSIT) {
1229                         BUG_ON(!path->dentry->d_op);
1230                         BUG_ON(!path->dentry->d_op->d_manage);
1231                         ret = path->dentry->d_op->d_manage(path, false);
1232                         if (ret < 0)
1233                                 break;
1234                 }
1235 
1236                 /* Transit to a mounted filesystem. */
1237                 if (managed & DCACHE_MOUNTED) {
1238                         struct vfsmount *mounted = lookup_mnt(path);
1239                         if (mounted) {
1240                                 dput(path->dentry);
1241                                 if (need_mntput)
1242                                         mntput(path->mnt);
1243                                 path->mnt = mounted;
1244                                 path->dentry = dget(mounted->mnt_root);
1245                                 need_mntput = true;
1246                                 continue;
1247                         }
1248 
1249                         /* Something is mounted on this dentry in another
1250                          * namespace and/or whatever was mounted there in this
1251                          * namespace got unmounted before lookup_mnt() could
1252                          * get it */
1253                 }
1254 
1255                 /* Handle an automount point */
1256                 if (managed & DCACHE_NEED_AUTOMOUNT) {
1257                         ret = follow_automount(path, nd, &need_mntput);
1258                         if (ret < 0)
1259                                 break;
1260                         continue;
1261                 }
1262 
1263                 /* We didn't change the current path point */
1264                 break;
1265         }
1266 
1267         if (need_mntput && path->mnt == mnt)
1268                 mntput(path->mnt);
1269         if (ret == -EISDIR || !ret)
1270                 ret = 1;
1271         if (need_mntput)
1272                 nd->flags |= LOOKUP_JUMPED;
1273         if (unlikely(ret < 0))
1274                 path_put_conditional(path, nd);
1275         return ret;
1276 }
1277 
1278 int follow_down_one(struct path *path)
1279 {
1280         struct vfsmount *mounted;
1281 
1282         mounted = lookup_mnt(path);
1283         if (mounted) {
1284                 dput(path->dentry);
1285                 mntput(path->mnt);
1286                 path->mnt = mounted;
1287                 path->dentry = dget(mounted->mnt_root);
1288                 return 1;
1289         }
1290         return 0;
1291 }
1292 EXPORT_SYMBOL(follow_down_one);
1293 
1294 static inline int managed_dentry_rcu(const struct path *path)
1295 {
1296         return (path->dentry->d_flags & DCACHE_MANAGE_TRANSIT) ?
1297                 path->dentry->d_op->d_manage(path, true) : 0;
1298 }
1299 
1300 /*
1301  * Try to skip to top of mountpoint pile in rcuwalk mode.  Fail if
1302  * we meet a managed dentry that would need blocking.
1303  */
1304 static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
1305                                struct inode **inode, unsigned *seqp)
1306 {
1307         for (;;) {
1308                 struct mount *mounted;
1309                 /*
1310                  * Don't forget we might have a non-mountpoint managed dentry
1311                  * that wants to block transit.
1312                  */
1313                 switch (managed_dentry_rcu(path)) {
1314                 case -ECHILD:
1315                 default:
1316                         return false;
1317                 case -EISDIR:
1318                         return true;
1319                 case 0:
1320                         break;
1321                 }
1322 
1323                 if (!d_mountpoint(path->dentry))
1324                         return !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT);
1325 
1326                 mounted = __lookup_mnt(path->mnt, path->dentry);
1327                 if (!mounted)
1328                         break;
1329                 path->mnt = &mounted->mnt;
1330                 path->dentry = mounted->mnt.mnt_root;
1331                 nd->flags |= LOOKUP_JUMPED;
1332                 *seqp = read_seqcount_begin(&path->dentry->d_seq);
1333                 /*
1334                  * Update the inode too. We don't need to re-check the
1335                  * dentry sequence number here after this d_inode read,
1336                  * because a mount-point is always pinned.
1337                  */
1338                 *inode = path->dentry->d_inode;
1339         }
1340         return !read_seqretry(&mount_lock, nd->m_seq) &&
1341                 !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT);
1342 }
1343 
1344 static int follow_dotdot_rcu(struct nameidata *nd)
1345 {
1346         struct inode *inode = nd->inode;
1347 
1348         while (1) {
1349                 if (path_equal(&nd->path, &nd->root))
1350                         break;
1351                 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1352                         struct dentry *old = nd->path.dentry;
1353                         struct dentry *parent = old->d_parent;
1354                         unsigned seq;
1355 
1356                         inode = parent->d_inode;
1357                         seq = read_seqcount_begin(&parent->d_seq);
1358                         if (unlikely(read_seqcount_retry(&old->d_seq, nd->seq)))
1359                                 return -ECHILD;
1360                         nd->path.dentry = parent;
1361                         nd->seq = seq;
1362                         if (unlikely(!path_connected(&nd->path)))
1363                                 return -ECHILD;
1364                         break;
1365                 } else {
1366                         struct mount *mnt = real_mount(nd->path.mnt);
1367                         struct mount *mparent = mnt->mnt_parent;
1368                         struct dentry *mountpoint = mnt->mnt_mountpoint;
1369                         struct inode *inode2 = mountpoint->d_inode;
1370                         unsigned seq = read_seqcount_begin(&mountpoint->d_seq);
1371                         if (unlikely(read_seqretry(&mount_lock, nd->m_seq)))
1372                                 return -ECHILD;
1373                         if (&mparent->mnt == nd->path.mnt)
1374                                 break;
1375                         /* we know that mountpoint was pinned */
1376                         nd->path.dentry = mountpoint;
1377                         nd->path.mnt = &mparent->mnt;
1378                         inode = inode2;
1379                         nd->seq = seq;
1380                 }
1381         }
1382         while (unlikely(d_mountpoint(nd->path.dentry))) {
1383                 struct mount *mounted;
1384                 mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
1385                 if (unlikely(read_seqretry(&mount_lock, nd->m_seq)))
1386                         return -ECHILD;
1387                 if (!mounted)
1388                         break;
1389                 nd->path.mnt = &mounted->mnt;
1390                 nd->path.dentry = mounted->mnt.mnt_root;
1391                 inode = nd->path.dentry->d_inode;
1392                 nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
1393         }
1394         nd->inode = inode;
1395         return 0;
1396 }
1397 
1398 /*
1399  * Follow down to the covering mount currently visible to userspace.  At each
1400  * point, the filesystem owning that dentry may be queried as to whether the
1401  * caller is permitted to proceed or not.
1402  */
1403 int follow_down(struct path *path)
1404 {
1405         unsigned managed;
1406         int ret;
1407 
1408         while (managed = READ_ONCE(path->dentry->d_flags),
1409                unlikely(managed & DCACHE_MANAGED_DENTRY)) {
1410                 /* Allow the filesystem to manage the transit without i_mutex
1411                  * being held.
1412                  *
1413                  * We indicate to the filesystem if someone is trying to mount
1414                  * something here.  This gives autofs the chance to deny anyone
1415                  * other than its daemon the right to mount on its
1416                  * superstructure.
1417                  *
1418                  * The filesystem may sleep at this point.
1419                  */
1420                 if (managed & DCACHE_MANAGE_TRANSIT) {
1421                         BUG_ON(!path->dentry->d_op);
1422                         BUG_ON(!path->dentry->d_op->d_manage);
1423                         ret = path->dentry->d_op->d_manage(path, false);
1424                         if (ret < 0)
1425                                 return ret == -EISDIR ? 0 : ret;
1426                 }
1427 
1428                 /* Transit to a mounted filesystem. */
1429                 if (managed & DCACHE_MOUNTED) {
1430                         struct vfsmount *mounted = lookup_mnt(path);
1431                         if (!mounted)
1432                                 break;
1433                         dput(path->dentry);
1434                         mntput(path->mnt);
1435                         path->mnt = mounted;
1436                         path->dentry = dget(mounted->mnt_root);
1437                         continue;
1438                 }
1439 
1440                 /* Don't handle automount points here */
1441                 break;
1442         }
1443         return 0;
1444 }
1445 EXPORT_SYMBOL(follow_down);
1446 
1447 /*
1448  * Skip to top of mountpoint pile in refwalk mode for follow_dotdot()
1449  */
1450 static void follow_mount(struct path *path)
1451 {
1452         while (d_mountpoint(path->dentry)) {
1453                 struct vfsmount *mounted = lookup_mnt(path);
1454                 if (!mounted)
1455                         break;
1456                 dput(path->dentry);
1457                 mntput(path->mnt);
1458                 path->mnt = mounted;
1459                 path->dentry = dget(mounted->mnt_root);
1460         }
1461 }
1462 
1463 static int path_parent_directory(struct path *path)
1464 {
1465         struct dentry *old = path->dentry;
1466         /* rare case of legitimate dget_parent()... */
1467         path->dentry = dget_parent(path->dentry);
1468         dput(old);
1469         if (unlikely(!path_connected(path)))
1470                 return -ENOENT;
1471         return 0;
1472 }
1473 
1474 static int follow_dotdot(struct nameidata *nd)
1475 {
1476         while(1) {
1477                 if (path_equal(&nd->path, &nd->root))
1478                         break;
1479                 if (nd->path.dentry != nd->path.mnt->mnt_root) {
1480                         int ret = path_parent_directory(&nd->path);
1481                         if (ret)
1482                                 return ret;
1483                         break;
1484                 }
1485                 if (!follow_up(&nd->path))
1486                         break;
1487         }
1488         follow_mount(&nd->path);
1489         nd->inode = nd->path.dentry->d_inode;
1490         return 0;
1491 }
1492 
1493 /*
1494  * This looks up the name in dcache and possibly revalidates the found dentry.
1495  * NULL is returned if the dentry does not exist in the cache.
1496  */
1497 static struct dentry *lookup_dcache(const struct qstr *name,
1498                                     struct dentry *dir,
1499                                     unsigned int flags)
1500 {
1501         struct dentry *dentry = d_lookup(dir, name);
1502         if (dentry) {
1503                 int error = d_revalidate(dentry, flags);
1504                 if (unlikely(error <= 0)) {
1505                         if (!error)
1506                                 d_invalidate(dentry);
1507                         dput(dentry);
1508                         return ERR_PTR(error);
1509                 }
1510         }
1511         return dentry;
1512 }
1513 
1514 /*
1515  * Parent directory has inode locked exclusive.  This is one
1516  * and only case when ->lookup() gets called on non in-lookup
1517  * dentries - as the matter of fact, this only gets called
1518  * when directory is guaranteed to have no in-lookup children
1519  * at all.
1520  */
1521 static struct dentry *__lookup_hash(const struct qstr *name,
1522                 struct dentry *base, unsigned int flags)
1523 {
1524         struct dentry *dentry = lookup_dcache(name, base, flags);
1525         struct dentry *old;
1526         struct inode *dir = base->d_inode;
1527 
1528         if (dentry)
1529                 return dentry;
1530 
1531         /* Don't create child dentry for a dead directory. */
1532         if (unlikely(IS_DEADDIR(dir)))
1533                 return ERR_PTR(-ENOENT);
1534 
1535         dentry = d_alloc(base, name);
1536         if (unlikely(!dentry))
1537                 return ERR_PTR(-ENOMEM);
1538 
1539         old = dir->i_op->lookup(dir, dentry, flags);
1540         if (unlikely(old)) {
1541                 dput(dentry);
1542                 dentry = old;
1543         }
1544         return dentry;
1545 }
1546 
1547 static int lookup_fast(struct nameidata *nd,
1548                        struct path *path, struct inode **inode,
1549                        unsigned *seqp)
1550 {
1551         struct vfsmount *mnt = nd->path.mnt;
1552         struct dentry *dentry, *parent = nd->path.dentry;
1553         int status = 1;
1554         int err;
1555 
1556         /*
1557          * Rename seqlock is not required here because in the off chance
1558          * of a false negative due to a concurrent rename, the caller is
1559          * going to fall back to non-racy lookup.
1560          */
1561         if (nd->flags & LOOKUP_RCU) {
1562                 unsigned seq;
1563                 bool negative;
1564                 dentry = __d_lookup_rcu(parent, &nd->last, &seq);
1565                 if (unlikely(!dentry)) {
1566                         if (unlazy_walk(nd))
1567                                 return -ECHILD;
1568                         return 0;
1569                 }
1570 
1571                 /*
1572                  * This sequence count validates that the inode matches
1573                  * the dentry name information from lookup.
1574                  */
1575                 *inode = d_backing_inode(dentry);
1576                 negative = d_is_negative(dentry);
1577                 if (unlikely(read_seqcount_retry(&dentry->d_seq, seq)))
1578                         return -ECHILD;
1579 
1580                 /*
1581                  * This sequence count validates that the parent had no
1582                  * changes while we did the lookup of the dentry above.
1583                  *
1584                  * The memory barrier in read_seqcount_begin of child is
1585                  *  enough, we can use __read_seqcount_retry here.
1586                  */
1587                 if (unlikely(__read_seqcount_retry(&parent->d_seq, nd->seq)))
1588                         return -ECHILD;
1589 
1590                 *seqp = seq;
1591                 status = d_revalidate(dentry, nd->flags);
1592                 if (likely(status > 0)) {
1593                         /*
1594                          * Note: do negative dentry check after revalidation in
1595                          * case that drops it.
1596                          */
1597                         if (unlikely(negative))
1598                                 return -ENOENT;
1599                         path->mnt = mnt;
1600                         path->dentry = dentry;
1601                         if (likely(__follow_mount_rcu(nd, path, inode, seqp)))
1602                                 return 1;
1603                 }
1604                 if (unlazy_child(nd, dentry, seq))
1605                         return -ECHILD;
1606                 if (unlikely(status == -ECHILD))
1607                         /* we'd been told to redo it in non-rcu mode */
1608                         status = d_revalidate(dentry, nd->flags);
1609         } else {
1610                 dentry = __d_lookup(parent, &nd->last);
1611                 if (unlikely(!dentry))
1612                         return 0;
1613                 status = d_revalidate(dentry, nd->flags);
1614         }
1615         if (unlikely(status <= 0)) {
1616                 if (!status)
1617                         d_invalidate(dentry);
1618                 dput(dentry);
1619                 return status;
1620         }
1621         if (unlikely(d_is_negative(dentry))) {
1622                 dput(dentry);
1623                 return -ENOENT;
1624         }
1625 
1626         path->mnt = mnt;
1627         path->dentry = dentry;
1628         err = follow_managed(path, nd);
1629         if (likely(err > 0))
1630                 *inode = d_backing_inode(path->dentry);
1631         return err;
1632 }
1633 
1634 /* Fast lookup failed, do it the slow way */
1635 static struct dentry *__lookup_slow(const struct qstr *name,
1636                                     struct dentry *dir,
1637                                     unsigned int flags)
1638 {
1639         struct dentry *dentry, *old;
1640         struct inode *inode = dir->d_inode;
1641         DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq);
1642 
1643         /* Don't go there if it's already dead */
1644         if (unlikely(IS_DEADDIR(inode)))
1645                 return ERR_PTR(-ENOENT);
1646 again:
1647         dentry = d_alloc_parallel(dir, name, &wq);
1648         if (IS_ERR(dentry))
1649                 return dentry;
1650         if (unlikely(!d_in_lookup(dentry))) {
1651                 if (!(flags & LOOKUP_NO_REVAL)) {
1652                         int error = d_revalidate(dentry, flags);
1653                         if (unlikely(error <= 0)) {
1654                                 if (!error) {
1655                                         d_invalidate(dentry);
1656                                         dput(dentry);
1657                                         goto again;
1658                                 }
1659                                 dput(dentry);
1660                                 dentry = ERR_PTR(error);
1661                         }
1662                 }
1663         } else {
1664                 old = inode->i_op->lookup(inode, dentry, flags);
1665                 d_lookup_done(dentry);
1666                 if (unlikely(old)) {
1667                         dput(dentry);
1668                         dentry = old;
1669                 }
1670         }
1671         return dentry;
1672 }
1673 
1674 static struct dentry *lookup_slow(const struct qstr *name,
1675                                   struct dentry *dir,
1676                                   unsigned int flags)
1677 {
1678         struct inode *inode = dir->d_inode;
1679         struct dentry *res;
1680         inode_lock_shared(inode);
1681         res = __lookup_slow(name, dir, flags);
1682         inode_unlock_shared(inode);
1683         return res;
1684 }
1685 
1686 static inline int may_lookup(struct nameidata *nd)
1687 {
1688         if (nd->flags & LOOKUP_RCU) {
1689                 int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1690                 if (err != -ECHILD)
1691                         return err;
1692                 if (unlazy_walk(nd))
1693                         return -ECHILD;
1694         }
1695         return inode_permission(nd->inode, MAY_EXEC);
1696 }
1697 
1698 static inline int handle_dots(struct nameidata *nd, int type)
1699 {
1700         if (type == LAST_DOTDOT) {
1701                 if (!nd->root.mnt)
1702                         set_root(nd);
1703                 if (nd->flags & LOOKUP_RCU) {
1704                         return follow_dotdot_rcu(nd);
1705                 } else
1706                         return follow_dotdot(nd);
1707         }
1708         return 0;
1709 }
1710 
1711 static int pick_link(struct nameidata *nd, struct path *link,
1712                      struct inode *inode, unsigned seq)
1713 {
1714         int error;
1715         struct saved *last;
1716         if (unlikely(nd->total_link_count++ >= MAXSYMLINKS)) {
1717                 path_to_nameidata(link, nd);
1718                 return -ELOOP;
1719         }
1720         if (!(nd->flags & LOOKUP_RCU)) {
1721                 if (link->mnt == nd->path.mnt)
1722                         mntget(link->mnt);
1723         }
1724         error = nd_alloc_stack(nd);
1725         if (unlikely(error)) {
1726                 if (error == -ECHILD) {
1727                         if (unlikely(!legitimize_path(nd, link, seq))) {
1728                                 drop_links(nd);
1729                                 nd->depth = 0;
1730                                 nd->flags &= ~LOOKUP_RCU;
1731                                 nd->path.mnt = NULL;
1732                                 nd->path.dentry = NULL;
1733                                 rcu_read_unlock();
1734                         } else if (likely(unlazy_walk(nd)) == 0)
1735                                 error = nd_alloc_stack(nd);
1736                 }
1737                 if (error) {
1738                         path_put(link);
1739                         return error;
1740                 }
1741         }
1742 
1743         last = nd->stack + nd->depth++;
1744         last->link = *link;
1745         clear_delayed_call(&last->done);
1746         nd->link_inode = inode;
1747         last->seq = seq;
1748         return 1;
1749 }
1750 
1751 enum {WALK_FOLLOW = 1, WALK_MORE = 2};
1752 
1753 /*
1754  * Do we need to follow links? We _really_ want to be able
1755  * to do this check without having to look at inode->i_op,
1756  * so we keep a cache of "no, this doesn't need follow_link"
1757  * for the common case.
1758  */
1759 static inline int step_into(struct nameidata *nd, struct path *path,
1760                             int flags, struct inode *inode, unsigned seq)
1761 {
1762         if (!(flags & WALK_MORE) && nd->depth)
1763                 put_link(nd);
1764         if (likely(!d_is_symlink(path->dentry)) ||
1765            !(flags & WALK_FOLLOW || nd->flags & LOOKUP_FOLLOW)) {
1766                 /* not a symlink or should not follow */
1767                 path_to_nameidata(path, nd);
1768                 nd->inode = inode;
1769                 nd->seq = seq;
1770                 return 0;
1771         }
1772         /* make sure that d_is_symlink above matches inode */
1773         if (nd->flags & LOOKUP_RCU) {
1774                 if (read_seqcount_retry(&path->dentry->d_seq, seq))
1775                         return -ECHILD;
1776         }
1777         return pick_link(nd, path, inode, seq);
1778 }
1779 
1780 static int walk_component(struct nameidata *nd, int flags)
1781 {
1782         struct path path;
1783         struct inode *inode;
1784         unsigned seq;
1785         int err;
1786         /*
1787          * "." and ".." are special - ".." especially so because it has
1788          * to be able to know about the current root directory and
1789          * parent relationships.
1790          */
1791         if (unlikely(nd->last_type != LAST_NORM)) {
1792                 err = handle_dots(nd, nd->last_type);
1793                 if (!(flags & WALK_MORE) && nd->depth)
1794                         put_link(nd);
1795                 return err;
1796         }
1797         err = lookup_fast(nd, &path, &inode, &seq);
1798         if (unlikely(err <= 0)) {
1799                 if (err < 0)
1800                         return err;
1801                 path.dentry = lookup_slow(&nd->last, nd->path.dentry,
1802                                           nd->flags);
1803                 if (IS_ERR(path.dentry))
1804                         return PTR_ERR(path.dentry);
1805 
1806                 path.mnt = nd->path.mnt;
1807                 err = follow_managed(&path, nd);
1808                 if (unlikely(err < 0))
1809                         return err;
1810 
1811                 if (unlikely(d_is_negative(path.dentry))) {
1812                         path_to_nameidata(&path, nd);
1813                         return -ENOENT;
1814                 }
1815 
1816                 seq = 0;        /* we are already out of RCU mode */
1817                 inode = d_backing_inode(path.dentry);
1818         }
1819 
1820         return step_into(nd, &path, flags, inode, seq);
1821 }
1822 
1823 /*
1824  * We can do the critical dentry name comparison and hashing
1825  * operations one word at a time, but we are limited to:
1826  *
1827  * - Architectures with fast unaligned word accesses. We could
1828  *   do a "get_unaligned()" if this helps and is sufficiently
1829  *   fast.
1830  *
1831  * - non-CONFIG_DEBUG_PAGEALLOC configurations (so that we
1832  *   do not trap on the (extremely unlikely) case of a page
1833  *   crossing operation.
1834  *
1835  * - Furthermore, we need an efficient 64-bit compile for the
1836  *   64-bit case in order to generate the "number of bytes in
1837  *   the final mask". Again, that could be replaced with a
1838  *   efficient population count instruction or similar.
1839  */
1840 #ifdef CONFIG_DCACHE_WORD_ACCESS
1841 
1842 #include <asm/word-at-a-time.h>
1843 
1844 #ifdef HASH_MIX
1845 
1846 /* Architecture provides HASH_MIX and fold_hash() in <asm/hash.h> */
1847 
1848 #elif defined(CONFIG_64BIT)
1849 /*
1850  * Register pressure in the mixing function is an issue, particularly
1851  * on 32-bit x86, but almost any function requires one state value and
1852  * one temporary.  Instead, use a function designed for two state values
1853  * and no temporaries.
1854  *
1855  * This function cannot create a collision in only two iterations, so
1856  * we have two iterations to achieve avalanche.  In those two iterations,
1857  * we have six layers of mixing, which is enough to spread one bit's
1858  * influence out to 2^6 = 64 state bits.
1859  *
1860  * Rotate constants are scored by considering either 64 one-bit input
1861  * deltas or 64*63/2 = 2016 two-bit input deltas, and finding the
1862  * probability of that delta causing a change to each of the 128 output
1863  * bits, using a sample of random initial states.
1864  *
1865  * The Shannon entropy of the computed probabilities is then summed
1866  * to produce a score.  Ideally, any input change has a 50% chance of
1867  * toggling any given output bit.
1868  *
1869  * Mixing scores (in bits) for (12,45):
1870  * Input delta: 1-bit      2-bit
1871  * 1 round:     713.3    42542.6
1872  * 2 rounds:   2753.7   140389.8
1873  * 3 rounds:   5954.1   233458.2
1874  * 4 rounds:   7862.6   256672.2
1875  * Perfect:    8192     258048
1876  *            (64*128) (64*63/2 * 128)
1877  */
1878 #define HASH_MIX(x, y, a)       \
1879         (       x ^= (a),       \
1880         y ^= x, x = rol64(x,12),\
1881         x += y, y = rol64(y,45),\
1882         y *= 9                  )
1883 
1884 /*
1885  * Fold two longs into one 32-bit hash value.  This must be fast, but
1886  * latency isn't quite as critical, as there is a fair bit of additional
1887  * work done before the hash value is used.
1888  */
1889 static inline unsigned int fold_hash(unsigned long x, unsigned long y)
1890 {
1891         y ^= x * GOLDEN_RATIO_64;
1892         y *= GOLDEN_RATIO_64;
1893         return y >> 32;
1894 }
1895 
1896 #else   /* 32-bit case */
1897 
1898 /*
1899  * Mixing scores (in bits) for (7,20):
1900  * Input delta: 1-bit      2-bit
1901  * 1 round:     330.3     9201.6
1902  * 2 rounds:   1246.4    25475.4
1903  * 3 rounds:   1907.1    31295.1
1904  * 4 rounds:   2042.3    31718.6
1905  * Perfect:    2048      31744
1906  *            (32*64)   (32*31/2 * 64)
1907  */
1908 #define HASH_MIX(x, y, a)       \
1909         (       x ^= (a),       \
1910         y ^= x, x = rol32(x, 7),\
1911         x += y, y = rol32(y,20),\
1912         y *= 9                  )
1913 
1914 static inline unsigned int fold_hash(unsigned long x, unsigned long y)
1915 {
1916         /* Use arch-optimized multiply if one exists */
1917         return __hash_32(y ^ __hash_32(x));
1918 }
1919 
1920 #endif
1921 
1922 /*
1923  * Return the hash of a string of known length.  This is carfully
1924  * designed to match hash_name(), which is the more critical function.
1925  * In particular, we must end by hashing a final word containing 0..7
1926  * payload bytes, to match the way that hash_name() iterates until it
1927  * finds the delimiter after the name.
1928  */
1929 unsigned int full_name_hash(const void *salt, const char *name, unsigned int len)
1930 {
1931         unsigned long a, x = 0, y = (unsigned long)salt;
1932 
1933         for (;;) {
1934                 if (!len)
1935                         goto done;
1936                 a = load_unaligned_zeropad(name);
1937                 if (len < sizeof(unsigned long))
1938                         break;
1939                 HASH_MIX(x, y, a);
1940                 name += sizeof(unsigned long);
1941                 len -= sizeof(unsigned long);
1942         }
1943         x ^= a & bytemask_from_count(len);
1944 done:
1945         return fold_hash(x, y);
1946 }
1947 EXPORT_SYMBOL(full_name_hash);
1948 
1949 /* Return the "hash_len" (hash and length) of a null-terminated string */
1950 u64 hashlen_string(const void *salt, const char *name)
1951 {
1952         unsigned long a = 0, x = 0, y = (unsigned long)salt;
1953         unsigned long adata, mask, len;
1954         const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
1955 
1956         len = 0;
1957         goto inside;
1958 
1959         do {
1960                 HASH_MIX(x, y, a);
1961                 len += sizeof(unsigned long);
1962 inside:
1963                 a = load_unaligned_zeropad(name+len);
1964         } while (!has_zero(a, &adata, &constants));
1965 
1966         adata = prep_zero_mask(a, adata, &constants);
1967         mask = create_zero_mask(adata);
1968         x ^= a & zero_bytemask(mask);
1969 
1970         return hashlen_create(fold_hash(x, y), len + find_zero(mask));
1971 }
1972 EXPORT_SYMBOL(hashlen_string);
1973 
1974 /*
1975  * Calculate the length and hash of the path component, and
1976  * return the "hash_len" as the result.
1977  */
1978 static inline u64 hash_name(const void *salt, const char *name)
1979 {
1980         unsigned long a = 0, b, x = 0, y = (unsigned long)salt;
1981         unsigned long adata, bdata, mask, len;
1982         const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
1983 
1984         len = 0;
1985         goto inside;
1986 
1987         do {
1988                 HASH_MIX(x, y, a);
1989                 len += sizeof(unsigned long);
1990 inside:
1991                 a = load_unaligned_zeropad(name+len);
1992                 b = a ^ REPEAT_BYTE('/');
1993         } while (!(has_zero(a, &adata, &constants) | has_zero(b, &bdata, &constants)));
1994 
1995         adata = prep_zero_mask(a, adata, &constants);
1996         bdata = prep_zero_mask(b, bdata, &constants);
1997         mask = create_zero_mask(adata | bdata);
1998         x ^= a & zero_bytemask(mask);
1999 
2000         return hashlen_create(fold_hash(x, y), len + find_zero(mask));
2001 }
2002 
2003 #else   /* !CONFIG_DCACHE_WORD_ACCESS: Slow, byte-at-a-time version */
2004 
2005 /* Return the hash of a string of known length */
2006 unsigned int full_name_hash(const void *salt, const char *name, unsigned int len)
2007 {
2008         unsigned long hash = init_name_hash(salt);
2009         while (len--)
2010                 hash = partial_name_hash((unsigned char)*name++, hash);
2011         return end_name_hash(hash);
2012 }
2013 EXPORT_SYMBOL(full_name_hash);
2014 
2015 /* Return the "hash_len" (hash and length) of a null-terminated string */
2016 u64 hashlen_string(const void *salt, const char *name)
2017 {
2018         unsigned long hash = init_name_hash(salt);
2019         unsigned long len = 0, c;
2020 
2021         c = (unsigned char)*name;
2022         while (c) {
2023                 len++;
2024                 hash = partial_name_hash(c, hash);
2025                 c = (unsigned char)name[len];
2026         }
2027         return hashlen_create(end_name_hash(hash), len);
2028 }
2029 EXPORT_SYMBOL(hashlen_string);
2030 
2031 /*
2032  * We know there's a real path component here of at least
2033  * one character.
2034  */
2035 static inline u64 hash_name(const void *salt, const char *name)
2036 {
2037         unsigned long hash = init_name_hash(salt);
2038         unsigned long len = 0, c;
2039 
2040         c = (unsigned char)*name;
2041         do {
2042                 len++;
2043                 hash = partial_name_hash(c, hash);
2044                 c = (unsigned char)name[len];
2045         } while (c && c != '/');
2046         return hashlen_create(end_name_hash(hash), len);
2047 }
2048 
2049 #endif
2050 
2051 /*
2052  * Name resolution.
2053  * This is the basic name resolution function, turning a pathname into
2054  * the final dentry. We expect 'base' to be positive and a directory.
2055  *
2056  * Returns 0 and nd will have valid dentry and mnt on success.
2057  * Returns error and drops reference to input namei data on failure.
2058  */
2059 static int link_path_walk(const char *name, struct nameidata *nd)
2060 {
2061         int err;
2062 
2063         if (IS_ERR(name))
2064                 return PTR_ERR(name);
2065         while (*name=='/')
2066                 name++;
2067         if (!*name)
2068                 return 0;
2069 
2070         /* At this point we know we have a real path component. */
2071         for(;;) {
2072                 u64 hash_len;
2073                 int type;
2074 
2075                 err = may_lookup(nd);
2076                 if (err)
2077                         return err;
2078 
2079                 hash_len = hash_name(nd->path.dentry, name);
2080 
2081                 type = LAST_NORM;
2082                 if (name[0] == '.') switch (hashlen_len(hash_len)) {
2083                         case 2:
2084                                 if (name[1] == '.') {
2085                                         type = LAST_DOTDOT;
2086                                         nd->flags |= LOOKUP_JUMPED;
2087                                 }
2088                                 break;
2089                         case 1:
2090                                 type = LAST_DOT;
2091                 }
2092                 if (likely(type == LAST_NORM)) {
2093                         struct dentry *parent = nd->path.dentry;
2094                         nd->flags &= ~LOOKUP_JUMPED;
2095                         if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
2096                                 struct qstr this = { { .hash_len = hash_len }, .name = name };
2097                                 err = parent->d_op->d_hash(parent, &this);
2098                                 if (err < 0)
2099                                         return err;
2100                                 hash_len = this.hash_len;
2101                                 name = this.name;
2102                         }
2103                 }
2104 
2105                 nd->last.hash_len = hash_len;
2106                 nd->last.name = name;
2107                 nd->last_type = type;
2108 
2109                 name += hashlen_len(hash_len);
2110                 if (!*name)
2111                         goto OK;
2112                 /*
2113                  * If it wasn't NUL, we know it was '/'. Skip that
2114                  * slash, and continue until no more slashes.
2115                  */
2116                 do {
2117                         name++;
2118                 } while (unlikely(*name == '/'));
2119                 if (unlikely(!*name)) {
2120 OK:
2121                         /* pathname body, done */
2122                         if (!nd->depth)
2123                                 return 0;
2124                         name = nd->stack[nd->depth - 1].name;
2125                         /* trailing symlink, done */
2126                         if (!name)
2127                                 return 0;
2128                         /* last component of nested symlink */
2129                         err = walk_component(nd, WALK_FOLLOW);
2130                 } else {
2131                         /* not the last component */
2132                         err = walk_component(nd, WALK_FOLLOW | WALK_MORE);
2133                 }
2134                 if (err < 0)
2135                         return err;
2136 
2137                 if (err) {
2138                         const char *s = get_link(nd);
2139 
2140                         if (IS_ERR(s))
2141                                 return PTR_ERR(s);
2142                         err = 0;
2143                         if (unlikely(!s)) {
2144                                 /* jumped */
2145                                 put_link(nd);
2146                         } else {
2147                                 nd->stack[nd->depth - 1].name = name;
2148                                 name = s;
2149                                 continue;
2150                         }
2151                 }
2152                 if (unlikely(!d_can_lookup(nd->path.dentry))) {
2153                         if (nd->flags & LOOKUP_RCU) {
2154                                 if (unlazy_walk(nd))
2155                                         return -ECHILD;
2156                         }
2157                         return -ENOTDIR;
2158                 }
2159         }
2160 }
2161 
2162 /* must be paired with terminate_walk() */
2163 static const char *path_init(struct nameidata *nd, unsigned flags)
2164 {
2165         const char *s = nd->name->name;
2166 
2167         if (!*s)
2168                 flags &= ~LOOKUP_RCU;
2169         if (flags & LOOKUP_RCU)
2170                 rcu_read_lock();
2171 
2172         nd->last_type = LAST_ROOT; /* if there are only slashes... */
2173         nd->flags = flags | LOOKUP_JUMPED | LOOKUP_PARENT;
2174         nd->depth = 0;
2175         if (flags & LOOKUP_ROOT) {
2176                 struct dentry *root = nd->root.dentry;
2177                 struct inode *inode = root->d_inode;
2178                 if (*s && unlikely(!d_can_lookup(root)))
2179                         return ERR_PTR(-ENOTDIR);
2180                 nd->path = nd->root;
2181                 nd->inode = inode;
2182                 if (flags & LOOKUP_RCU) {
2183                         nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
2184                         nd->root_seq = nd->seq;
2185                         nd->m_seq = read_seqbegin(&mount_lock);
2186                 } else {
2187                         path_get(&nd->path);
2188                 }
2189                 return s;
2190         }
2191 
2192         nd->root.mnt = NULL;
2193         nd->path.mnt = NULL;
2194         nd->path.dentry = NULL;
2195 
2196         nd->m_seq = read_seqbegin(&mount_lock);
2197         if (*s == '/') {
2198                 set_root(nd);
2199                 if (likely(!nd_jump_root(nd)))
2200                         return s;
2201                 return ERR_PTR(-ECHILD);
2202         } else if (nd->dfd == AT_FDCWD) {
2203                 if (flags & LOOKUP_RCU) {
2204                         struct fs_struct *fs = current->fs;
2205                         unsigned seq;
2206 
2207                         do {
2208                                 seq = read_seqcount_begin(&fs->seq);
2209                                 nd->path = fs->pwd;
2210                                 nd->inode = nd->path.dentry->d_inode;
2211                                 nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
2212                         } while (read_seqcount_retry(&fs->seq, seq));
2213                 } else {
2214                         get_fs_pwd(current->fs, &nd->path);
2215                         nd->inode = nd->path.dentry->d_inode;
2216                 }
2217                 return s;
2218         } else {
2219                 /* Caller must check execute permissions on the starting path component */
2220                 struct fd f = fdget_raw(nd->dfd);
2221                 struct dentry *dentry;
2222 
2223                 if (!f.file)
2224                         return ERR_PTR(-EBADF);
2225 
2226                 dentry = f.file->f_path.dentry;
2227 
2228                 if (*s && unlikely(!d_can_lookup(dentry))) {
2229                         fdput(f);
2230                         return ERR_PTR(-ENOTDIR);
2231                 }
2232 
2233                 nd->path = f.file->f_path;
2234                 if (flags & LOOKUP_RCU) {
2235                         nd->inode = nd->path.dentry->d_inode;
2236                         nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
2237                 } else {
2238                         path_get(&nd->path);
2239                         nd->inode = nd->path.dentry->d_inode;
2240                 }
2241                 fdput(f);
2242                 return s;
2243         }
2244 }
2245 
2246 static const char *trailing_symlink(struct nameidata *nd)
2247 {
2248         const char *s;
2249         int error = may_follow_link(nd);
2250         if (unlikely(error))
2251                 return ERR_PTR(error);
2252         nd->flags |= LOOKUP_PARENT;
2253         nd->stack[0].name = NULL;
2254         s = get_link(nd);
2255         return s ? s : "";
2256 }
2257 
2258 static inline int lookup_last(struct nameidata *nd)
2259 {
2260         if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
2261                 nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
2262 
2263         nd->flags &= ~LOOKUP_PARENT;
2264         return walk_component(nd, 0);
2265 }
2266 
2267 static int handle_lookup_down(struct nameidata *nd)
2268 {
2269         struct path path = nd->path;
2270         struct inode *inode = nd->inode;
2271         unsigned seq = nd->seq;
2272         int err;
2273 
2274         if (nd->flags & LOOKUP_RCU) {
2275                 /*
2276                  * don't bother with unlazy_walk on failure - we are
2277                  * at the very beginning of walk, so we lose nothing
2278                  * if we simply redo everything in non-RCU mode
2279                  */
2280                 if (unlikely(!__follow_mount_rcu(nd, &path, &inode, &seq)))
2281                         return -ECHILD;
2282         } else {
2283                 dget(path.dentry);
2284                 err = follow_managed(&path, nd);
2285                 if (unlikely(err < 0))
2286                         return err;
2287                 inode = d_backing_inode(path.dentry);
2288                 seq = 0;
2289         }
2290         path_to_nameidata(&path, nd);
2291         nd->inode = inode;
2292         nd->seq = seq;
2293         return 0;
2294 }
2295 
2296 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
2297 static int path_lookupat(struct nameidata *nd, unsigned flags, struct path *path)
2298 {
2299         const char *s = path_init(nd, flags);
2300         int err;
2301 
2302         if (unlikely(flags & LOOKUP_DOWN) && !IS_ERR(s)) {
2303                 err = handle_lookup_down(nd);
2304                 if (unlikely(err < 0))
2305                         s = ERR_PTR(err);
2306         }
2307 
2308         while (!(err = link_path_walk(s, nd))
2309                 && ((err = lookup_last(nd)) > 0)) {
2310                 s = trailing_symlink(nd);
2311         }
2312         if (!err)
2313                 err = complete_walk(nd);
2314 
2315         if (!err && nd->flags & LOOKUP_DIRECTORY)
2316                 if (!d_can_lookup(nd->path.dentry))
2317                         err = -ENOTDIR;
2318         if (!err) {
2319                 *path = nd->path;
2320                 nd->path.mnt = NULL;
2321                 nd->path.dentry = NULL;
2322         }
2323         terminate_walk(nd);
2324         return err;
2325 }
2326 
2327 int filename_lookup(int dfd, struct filename *name, unsigned flags,
2328                     struct path *path, struct path *root)
2329 {
2330         int retval;
2331         struct nameidata nd;
2332         if (IS_ERR(name))
2333                 return PTR_ERR(name);
2334         if (unlikely(root)) {
2335                 nd.root = *root;
2336                 flags |= LOOKUP_ROOT;
2337         }
2338         set_nameidata(&nd, dfd, name);
2339         retval = path_lookupat(&nd, flags | LOOKUP_RCU, path);
2340         if (unlikely(retval == -ECHILD))
2341                 retval = path_lookupat(&nd, flags, path);
2342         if (unlikely(retval == -ESTALE))
2343                 retval = path_lookupat(&nd, flags | LOOKUP_REVAL, path);
2344 
2345         if (likely(!retval))
2346                 audit_inode(name, path->dentry, 0);
2347         restore_nameidata();
2348         putname(name);
2349         return retval;
2350 }
2351 
2352 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
2353 static int path_parentat(struct nameidata *nd, unsigned flags,
2354                                 struct path *parent)
2355 {
2356         const char *s = path_init(nd, flags);
2357         int err = link_path_walk(s, nd);
2358         if (!err)
2359                 err = complete_walk(nd);
2360         if (!err) {
2361                 *parent = nd->path;
2362                 nd->path.mnt = NULL;
2363                 nd->path.dentry = NULL;
2364         }
2365         terminate_walk(nd);
2366         return err;
2367 }
2368 
2369 static struct filename *filename_parentat(int dfd, struct filename *name,
2370                                 unsigned int flags, struct path *parent,
2371                                 struct qstr *last, int *type)
2372 {
2373         int retval;
2374         struct nameidata nd;
2375 
2376         if (IS_ERR(name))
2377                 return name;
2378         set_nameidata(&nd, dfd, name);
2379         retval = path_parentat(&nd, flags | LOOKUP_RCU, parent);
2380         if (unlikely(retval == -ECHILD))
2381                 retval = path_parentat(&nd, flags, parent);
2382         if (unlikely(retval == -ESTALE))
2383                 retval = path_parentat(&nd, flags | LOOKUP_REVAL, parent);
2384         if (likely(!retval)) {
2385                 *last = nd.last;
2386                 *type = nd.last_type;
2387                 audit_inode(name, parent->dentry, AUDIT_INODE_PARENT);
2388         } else {
2389                 putname(name);
2390                 name = ERR_PTR(retval);
2391         }
2392         restore_nameidata();
2393         return name;
2394 }
2395 
2396 /* does lookup, returns the object with parent locked */
2397 struct dentry *kern_path_locked(const char *name, struct path *path)
2398 {
2399         struct filename *filename;
2400         struct dentry *d;
2401         struct qstr last;
2402         int type;
2403 
2404         filename = filename_parentat(AT_FDCWD, getname_kernel(name), 0, path,
2405                                     &last, &type);
2406         if (IS_ERR(filename))
2407                 return ERR_CAST(filename);
2408         if (unlikely(type != LAST_NORM)) {
2409                 path_put(path);
2410                 putname(filename);
2411                 return ERR_PTR(-EINVAL);
2412         }
2413         inode_lock_nested(path->dentry->d_inode, I_MUTEX_PARENT);
2414         d = __lookup_hash(&last, path->dentry, 0);
2415         if (IS_ERR(d)) {
2416                 inode_unlock(path->dentry->d_inode);
2417                 path_put(path);
2418         }
2419         putname(filename);
2420         return d;
2421 }
2422 
2423 int kern_path(const char *name, unsigned int flags, struct path *path)
2424 {
2425         return filename_lookup(AT_FDCWD, getname_kernel(name),
2426                                flags, path, NULL);
2427 }
2428 EXPORT_SYMBOL(kern_path);
2429 
2430 /**
2431  * vfs_path_lookup - lookup a file path relative to a dentry-vfsmount pair
2432  * @dentry:  pointer to dentry of the base directory
2433  * @mnt: pointer to vfs mount of the base directory
2434  * @name: pointer to file name
2435  * @flags: lookup flags
2436  * @path: pointer to struct path to fill
2437  */
2438 int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
2439                     const char *name, unsigned int flags,
2440                     struct path *path)
2441 {
2442         struct path root = {.mnt = mnt, .dentry = dentry};
2443         /* the first argument of filename_lookup() is ignored with root */
2444         return filename_lookup(AT_FDCWD, getname_kernel(name),
2445                                flags , path, &root);
2446 }
2447 EXPORT_SYMBOL(vfs_path_lookup);
2448 
2449 static int lookup_one_len_common(const char *name, struct dentry *base,
2450                                  int len, struct qstr *this)
2451 {
2452         this->name = name;
2453         this->len = len;
2454         this->hash = full_name_hash(base, name, len);
2455         if (!len)
2456                 return -EACCES;
2457 
2458         if (unlikely(name[0] == '.')) {
2459                 if (len < 2 || (len == 2 && name[1] == '.'))
2460                         return -EACCES;
2461         }
2462 
2463         while (len--) {
2464                 unsigned int c = *(const unsigned char *)name++;
2465                 if (c == '/' || c == '\0')
2466                         return -EACCES;
2467         }
2468         /*
2469          * See if the low-level filesystem might want
2470          * to use its own hash..
2471          */
2472         if (base->d_flags & DCACHE_OP_HASH) {
2473                 int err = base->d_op->d_hash(base, this);
2474                 if (err < 0)
2475                         return err;
2476         }
2477 
2478         return inode_permission(base->d_inode, MAY_EXEC);
2479 }
2480 
2481 /**
2482  * try_lookup_one_len - filesystem helper to lookup single pathname component
2483  * @name:       pathname component to lookup
2484  * @base:       base directory to lookup from
2485  * @len:        maximum length @len should be interpreted to
2486  *
2487  * Look up a dentry by name in the dcache, returning NULL if it does not
2488  * currently exist.  The function does not try to create a dentry.
2489  *
2490  * Note that this routine is purely a helper for filesystem usage and should
2491  * not be called by generic code.
2492  *
2493  * The caller must hold base->i_mutex.
2494  */
2495 struct dentry *try_lookup_one_len(const char *name, struct dentry *base, int len)
2496 {
2497         struct qstr this;
2498         int err;
2499 
2500         WARN_ON_ONCE(!inode_is_locked(base->d_inode));
2501 
2502         err = lookup_one_len_common(name, base, len, &this);
2503         if (err)
2504                 return ERR_PTR(err);
2505 
2506         return lookup_dcache(&this, base, 0);
2507 }
2508 EXPORT_SYMBOL(try_lookup_one_len);
2509 
2510 /**
2511  * lookup_one_len - filesystem helper to lookup single pathname component
2512  * @name:       pathname component to lookup
2513  * @base:       base directory to lookup from
2514  * @len:        maximum length @len should be interpreted to
2515  *
2516  * Note that this routine is purely a helper for filesystem usage and should
2517  * not be called by generic code.
2518  *
2519  * The caller must hold base->i_mutex.
2520  */
2521 struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
2522 {
2523         struct dentry *dentry;
2524         struct qstr this;
2525         int err;
2526 
2527         WARN_ON_ONCE(!inode_is_locked(base->d_inode));
2528 
2529         err = lookup_one_len_common(name, base, len, &this);
2530         if (err)
2531                 return ERR_PTR(err);
2532 
2533         dentry = lookup_dcache(&this, base, 0);
2534         return dentry ? dentry : __lookup_slow(&this, base, 0);
2535 }
2536 EXPORT_SYMBOL(lookup_one_len);
2537 
2538 /**
2539  * lookup_one_len_unlocked - filesystem helper to lookup single pathname component
2540  * @name:       pathname component to lookup
2541  * @base:       base directory to lookup from
2542  * @len:        maximum length @len should be interpreted to
2543  *
2544  * Note that this routine is purely a helper for filesystem usage and should
2545  * not be called by generic code.
2546  *
2547  * Unlike lookup_one_len, it should be called without the parent
2548  * i_mutex held, and will take the i_mutex itself if necessary.
2549  */
2550 struct dentry *lookup_one_len_unlocked(const char *name,
2551                                        struct dentry *base, int len)
2552 {
2553         struct qstr this;
2554         int err;
2555         struct dentry *ret;
2556 
2557         err = lookup_one_len_common(name, base, len, &this);
2558         if (err)
2559                 return ERR_PTR(err);
2560 
2561         ret = lookup_dcache(&this, base, 0);
2562         if (!ret)
2563                 ret = lookup_slow(&this, base, 0);
2564         return ret;
2565 }
2566 EXPORT_SYMBOL(lookup_one_len_unlocked);
2567 
2568 #ifdef CONFIG_UNIX98_PTYS
2569 int path_pts(struct path *path)
2570 {
2571         /* Find something mounted on "pts" in the same directory as
2572          * the input path.
2573          */
2574         struct dentry *child, *parent;
2575         struct qstr this;
2576         int ret;
2577 
2578         ret = path_parent_directory(path);
2579         if (ret)
2580                 return ret;
2581 
2582         parent = path->dentry;
2583         this.name = "pts";
2584         this.len = 3;
2585         child = d_hash_and_lookup(parent, &this);
2586         if (!child)
2587                 return -ENOENT;
2588 
2589         path->dentry = child;
2590         dput(parent);
2591         follow_mount(path);
2592         return 0;
2593 }
2594 #endif
2595 
2596 int user_path_at_empty(int dfd, const char __user *name, unsigned flags,
2597                  struct path *path, int *empty)
2598 {
2599         return filename_lookup(dfd, getname_flags(name, flags, empty),
2600                                flags, path, NULL);
2601 }
2602 EXPORT_SYMBOL(user_path_at_empty);
2603 
2604 /**
2605  * mountpoint_last - look up last component for umount
2606  * @nd:   pathwalk nameidata - currently pointing at parent directory of "last"
2607  *
2608  * This is a special lookup_last function just for umount. In this case, we
2609  * need to resolve the path without doing any revalidation.
2610  *
2611  * The nameidata should be the result of doing a LOOKUP_PARENT pathwalk. Since
2612  * mountpoints are always pinned in the dcache, their ancestors are too. Thus,
2613  * in almost all cases, this lookup will be served out of the dcache. The only
2614  * cases where it won't are if nd->last refers to a symlink or the path is
2615  * bogus and it doesn't exist.
2616  *
2617  * Returns:
2618  * -error: if there was an error during lookup. This includes -ENOENT if the
2619  *         lookup found a negative dentry.
2620  *
2621  * 0:      if we successfully resolved nd->last and found it to not to be a
2622  *         symlink that needs to be followed.
2623  *
2624  * 1:      if we successfully resolved nd->last and found it to be a symlink
2625  *         that needs to be followed.
2626  */
2627 static int
2628 mountpoint_last(struct nameidata *nd)
2629 {
2630         int error = 0;
2631         struct dentry *dir = nd->path.dentry;
2632         struct path path;
2633 
2634         /* If we're in rcuwalk, drop out of it to handle last component */
2635         if (nd->flags & LOOKUP_RCU) {
2636                 if (unlazy_walk(nd))
2637                         return -ECHILD;
2638         }
2639 
2640         nd->flags &= ~LOOKUP_PARENT;
2641 
2642         if (unlikely(nd->last_type != LAST_NORM)) {
2643                 error = handle_dots(nd, nd->last_type);
2644                 if (error)
2645                         return error;
2646                 path.dentry = dget(nd->path.dentry);
2647         } else {
2648                 path.dentry = d_lookup(dir, &nd->last);
2649                 if (!path.dentry) {
2650                         /*
2651                          * No cached dentry. Mounted dentries are pinned in the
2652                          * cache, so that means that this dentry is probably
2653                          * a symlink or the path doesn't actually point
2654                          * to a mounted dentry.
2655                          */
2656                         path.dentry = lookup_slow(&nd->last, dir,
2657                                              nd->flags | LOOKUP_NO_REVAL);
2658                         if (IS_ERR(path.dentry))
2659                                 return PTR_ERR(path.dentry);
2660                 }
2661         }
2662         if (d_is_negative(path.dentry)) {
2663                 dput(path.dentry);
2664                 return -ENOENT;
2665         }
2666         path.mnt = nd->path.mnt;
2667         return step_into(nd, &path, 0, d_backing_inode(path.dentry), 0);
2668 }
2669 
2670 /**
2671  * path_mountpoint - look up a path to be umounted
2672  * @nd:         lookup context
2673  * @flags:      lookup flags
2674  * @path:       pointer to container for result
2675  *
2676  * Look up the given name, but don't attempt to revalidate the last component.
2677  * Returns 0 and "path" will be valid on success; Returns error otherwise.
2678  */
2679 static int
2680 path_mountpoint(struct nameidata *nd, unsigned flags, struct path *path)
2681 {
2682         const char *s = path_init(nd, flags);
2683         int err;
2684 
2685         while (!(err = link_path_walk(s, nd)) &&
2686                 (err = mountpoint_last(nd)) > 0) {
2687                 s = trailing_symlink(nd);
2688         }
2689         if (!err) {
2690                 *path = nd->path;
2691                 nd->path.mnt = NULL;
2692                 nd->path.dentry = NULL;
2693                 follow_mount(path);
2694         }
2695         terminate_walk(nd);
2696         return err;
2697 }
2698 
2699 static int
2700 filename_mountpoint(int dfd, struct filename *name, struct path *path,
2701                         unsigned int flags)
2702 {
2703         struct nameidata nd;
2704         int error;
2705         if (IS_ERR(name))
2706                 return PTR_ERR(name);
2707         set_nameidata(&nd, dfd, name);
2708         error = path_mountpoint(&nd, flags | LOOKUP_RCU, path);
2709         if (unlikely(error == -ECHILD))
2710                 error = path_mountpoint(&nd, flags, path);
2711         if (unlikely(error == -ESTALE))
2712                 error = path_mountpoint(&nd, flags | LOOKUP_REVAL, path);
2713         if (likely(!error))
2714                 audit_inode(name, path->dentry, AUDIT_INODE_NOEVAL);
2715         restore_nameidata();
2716         putname(name);
2717         return error;
2718 }
2719 
2720 /**
2721  * user_path_mountpoint_at - lookup a path from userland in order to umount it
2722  * @dfd:        directory file descriptor
2723  * @name:       pathname from userland
2724  * @flags:      lookup flags
2725  * @path:       pointer to container to hold result
2726  *
2727  * A umount is a special case for path walking. We're not actually interested
2728  * in the inode in this situation, and ESTALE errors can be a problem. We
2729  * simply want track down the dentry and vfsmount attached at the mountpoint
2730  * and avoid revalidating the last component.
2731  *
2732  * Returns 0 and populates "path" on success.
2733  */
2734 int
2735 user_path_mountpoint_at(int dfd, const char __user *name, unsigned int flags,
2736                         struct path *path)
2737 {
2738         return filename_mountpoint(dfd, getname(name), path, flags);
2739 }
2740 
2741 int
2742 kern_path_mountpoint(int dfd, const char *name, struct path *path,
2743                         unsigned int flags)
2744 {
2745         return filename_mountpoint(dfd, getname_kernel(name), path, flags);
2746 }
2747 EXPORT_SYMBOL(kern_path_mountpoint);
2748 
2749 int __check_sticky(struct inode *dir, struct inode *inode)
2750 {
2751         kuid_t fsuid = current_fsuid();
2752 
2753         if (uid_eq(inode->i_uid, fsuid))
2754                 return 0;
2755         if (uid_eq(dir->i_uid, fsuid))
2756                 return 0;
2757         return !capable_wrt_inode_uidgid(inode, CAP_FOWNER);
2758 }
2759 EXPORT_SYMBOL(__check_sticky);
2760 
2761 /*
2762  *      Check whether we can remove a link victim from directory dir, check
2763  *  whether the type of victim is right.
2764  *  1. We can't do it if dir is read-only (done in permission())
2765  *  2. We should have write and exec permissions on dir
2766  *  3. We can't remove anything from append-only dir
2767  *  4. We can't do anything with immutable dir (done in permission())
2768  *  5. If the sticky bit on dir is set we should either
2769  *      a. be owner of dir, or
2770  *      b. be owner of victim, or
2771  *      c. have CAP_FOWNER capability
2772  *  6. If the victim is append-only or immutable we can't do antyhing with
2773  *     links pointing to it.
2774  *  7. If the victim has an unknown uid or gid we can't change the inode.
2775  *  8. If we were asked to remove a directory and victim isn't one - ENOTDIR.
2776  *  9. If we were asked to remove a non-directory and victim isn't one - EISDIR.
2777  * 10. We can't remove a root or mountpoint.
2778  * 11. We don't allow removal of NFS sillyrenamed files; it's handled by
2779  *     nfs_async_unlink().
2780  */
2781 static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
2782 {
2783         struct inode *inode = d_backing_inode(victim);
2784         int error;
2785 
2786         if (d_is_negative(victim))
2787                 return -ENOENT;
2788         BUG_ON(!inode);
2789 
2790         BUG_ON(victim->d_parent->d_inode != dir);
2791 
2792         /* Inode writeback is not safe when the uid or gid are invalid. */
2793         if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
2794                 return -EOVERFLOW;
2795 
2796         audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE);
2797 
2798         error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
2799         if (error)
2800                 return error;
2801         if (IS_APPEND(dir))
2802                 return -EPERM;
2803 
2804         if (check_sticky(dir, inode) || IS_APPEND(inode) ||
2805             IS_IMMUTABLE(inode) || IS_SWAPFILE(inode) || HAS_UNMAPPED_ID(inode))
2806                 return -EPERM;
2807         if (isdir) {
2808                 if (!d_is_dir(victim))
2809                         return -ENOTDIR;
2810                 if (IS_ROOT(victim))
2811                         return -EBUSY;
2812         } else if (d_is_dir(victim))
2813                 return -EISDIR;
2814         if (IS_DEADDIR(dir))
2815                 return -ENOENT;
2816         if (victim->d_flags & DCACHE_NFSFS_RENAMED)
2817                 return -EBUSY;
2818         return 0;
2819 }
2820 
2821 /*      Check whether we can create an object with dentry child in directory
2822  *  dir.
2823  *  1. We can't do it if child already exists (open has special treatment for
2824  *     this case, but since we are inlined it's OK)
2825  *  2. We can't do it if dir is read-only (done in permission())
2826  *  3. We can't do it if the fs can't represent the fsuid or fsgid.
2827  *  4. We should have write and exec permissions on dir
2828  *  5. We can't do it if dir is immutable (done in permission())
2829  */
2830 static inline int may_create(struct inode *dir, struct dentry *child)
2831 {
2832         struct user_namespace *s_user_ns;
2833         audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);
2834         if (child->d_inode)
2835                 return -EEXIST;
2836         if (IS_DEADDIR(dir))
2837                 return -ENOENT;
2838         s_user_ns = dir->i_sb->s_user_ns;
2839         if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||
2840             !kgid_has_mapping(s_user_ns, current_fsgid()))
2841                 return -EOVERFLOW;
2842         return inode_permission(dir, MAY_WRITE | MAY_EXEC);
2843 }
2844 
2845 /*
2846  * p1 and p2 should be directories on the same fs.
2847  */
2848 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
2849 {
2850         struct dentry *p;
2851 
2852         if (p1 == p2) {
2853                 inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2854                 return NULL;
2855         }
2856 
2857         mutex_lock(&p1->d_sb->s_vfs_rename_mutex);
2858 
2859         p = d_ancestor(p2, p1);
2860         if (p) {
2861                 inode_lock_nested(p2->d_inode, I_MUTEX_PARENT);
2862                 inode_lock_nested(p1->d_inode, I_MUTEX_CHILD);
2863                 return p;
2864         }
2865 
2866         p = d_ancestor(p1, p2);
2867         if (p) {
2868                 inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2869                 inode_lock_nested(p2->d_inode, I_MUTEX_CHILD);
2870                 return p;
2871         }
2872 
2873         inode_lock_nested(p1->d_inode, I_MUTEX_PARENT);
2874         inode_lock_nested(p2->d_inode, I_MUTEX_PARENT2);
2875         return NULL;
2876 }
2877 EXPORT_SYMBOL(lock_rename);
2878 
2879 void unlock_rename(struct dentry *p1, struct dentry *p2)
2880 {
2881         inode_unlock(p1->d_inode);
2882         if (p1 != p2) {
2883                 inode_unlock(p2->d_inode);
2884                 mutex_unlock(&p1->d_sb->s_vfs_rename_mutex);
2885         }
2886 }
2887 EXPORT_SYMBOL(unlock_rename);
2888 
2889 int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
2890                 bool want_excl)
2891 {
2892         int error = may_create(dir, dentry);
2893         if (error)
2894                 return error;
2895 
2896         if (!dir->i_op->create)
2897                 return -EACCES; /* shouldn't it be ENOSYS? */
2898         mode &= S_IALLUGO;
2899         mode |= S_IFREG;
2900         error = security_inode_create(dir, dentry, mode);
2901         if (error)
2902                 return error;
2903         error = dir->i_op->create(dir, dentry, mode, want_excl);
2904         if (!error)
2905                 fsnotify_create(dir, dentry);
2906         return error;
2907 }
2908 EXPORT_SYMBOL(vfs_create);
2909 
2910 int vfs_mkobj(struct dentry *dentry, umode_t mode,
2911                 int (*f)(struct dentry *, umode_t, void *),
2912                 void *arg)
2913 {
2914         struct inode *dir = dentry->d_parent->d_inode;
2915         int error = may_create(dir, dentry);
2916         if (error)
2917                 return error;
2918 
2919         mode &= S_IALLUGO;
2920         mode |= S_IFREG;
2921         error = security_inode_create(dir, dentry, mode);
2922         if (error)
2923                 return error;
2924         error = f(dentry, mode, arg);
2925         if (!error)
2926                 fsnotify_create(dir, dentry);
2927         return error;
2928 }
2929 EXPORT_SYMBOL(vfs_mkobj);
2930 
2931 bool may_open_dev(const struct path *path)
2932 {
2933         return !(path->mnt->mnt_flags & MNT_NODEV) &&
2934                 !(path->mnt->mnt_sb->s_iflags & SB_I_NODEV);
2935 }
2936 
2937 static int may_open(const struct path *path, int acc_mode, int flag)
2938 {
2939         struct dentry *dentry = path->dentry;
2940         struct inode *inode = dentry->d_inode;
2941         int error;
2942 
2943         if (!inode)
2944                 return -ENOENT;
2945 
2946         switch (inode->i_mode & S_IFMT) {
2947         case S_IFLNK:
2948                 return -ELOOP;
2949         case S_IFDIR:
2950                 if (acc_mode & MAY_WRITE)
2951                         return -EISDIR;
2952                 break;
2953         case S_IFBLK:
2954         case S_IFCHR:
2955                 if (!may_open_dev(path))
2956                         return -EACCES;
2957                 /*FALLTHRU*/
2958         case S_IFIFO:
2959         case S_IFSOCK:
2960                 flag &= ~O_TRUNC;
2961                 break;
2962         }
2963 
2964         error = inode_permission(inode, MAY_OPEN | acc_mode);
2965         if (error)
2966                 return error;
2967 
2968         /*
2969          * An append-only file must be opened in append mode for writing.
2970          */
2971         if (IS_APPEND(inode)) {
2972                 if  ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND))
2973                         return -EPERM;
2974                 if (flag & O_TRUNC)
2975                         return -EPERM;
2976         }
2977 
2978         /* O_NOATIME can only be set by the owner or superuser */
2979         if (flag & O_NOATIME && !inode_owner_or_capable(inode))
2980                 return -EPERM;
2981 
2982         return 0;
2983 }
2984 
2985 static int handle_truncate(struct file *filp)
2986 {
2987         const struct path *path = &filp->f_path;
2988         struct inode *inode = path->dentry->d_inode;
2989         int error = get_write_access(inode);
2990         if (error)
2991                 return error;
2992         /*
2993          * Refuse to truncate files with mandatory locks held on them.
2994          */
2995         error = locks_verify_locked(filp);
2996         if (!error)
2997                 error = security_path_truncate(path);
2998         if (!error) {
2999                 error = do_truncate(path->dentry, 0,
3000                                     ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
3001                                     filp);
3002         }
3003         put_write_access(inode);
3004         return error;
3005 }
3006 
3007 static inline int open_to_namei_flags(int flag)
3008 {
3009         if ((flag & O_ACCMODE) == 3)
3010                 flag--;
3011         return flag;
3012 }
3013 
3014 static int may_o_create(const struct path *dir, struct dentry *dentry, umode_t mode)
3015 {
3016         struct user_namespace *s_user_ns;
3017         int error = security_path_mknod(dir, dentry, mode, 0);
3018         if (error)
3019                 return error;
3020 
3021         s_user_ns = dir->dentry->d_sb->s_user_ns;
3022         if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||
3023             !kgid_has_mapping(s_user_ns, current_fsgid()))
3024                 return -EOVERFLOW;
3025 
3026         error = inode_permission(dir->dentry->d_inode, MAY_WRITE | MAY_EXEC);
3027         if (error)
3028                 return error;
3029 
3030         return security_inode_create(dir->dentry->d_inode, dentry, mode);
3031 }
3032 
3033 /*
3034  * Attempt to atomically look up, create and open a file from a negative
3035  * dentry.
3036  *
3037  * Returns 0 if successful.  The file will have been created and attached to
3038  * @file by the filesystem calling finish_open().
3039  *
3040  * If the file was looked up only or didn't need creating, FMODE_OPENED won't
3041  * be set.  The caller will need to perform the open themselves.  @path will
3042  * have been updated to point to the new dentry.  This may be negative.
3043  *
3044  * Returns an error code otherwise.
3045  */
3046 static int atomic_open(struct nameidata *nd, struct dentry *dentry,
3047                         struct path *path, struct file *file,
3048                         const struct open_flags *op,
3049                         int open_flag, umode_t mode)
3050 {
3051         struct dentry *const DENTRY_NOT_SET = (void *) -1UL;
3052         struct inode *dir =  nd->path.dentry->d_inode;
3053         int error;
3054 
3055         if (!(~open_flag & (O_EXCL | O_CREAT))) /* both O_EXCL and O_CREAT */
3056                 open_flag &= ~O_TRUNC;
3057 
3058         if (nd->flags & LOOKUP_DIRECTORY)
3059                 open_flag |= O_DIRECTORY;
3060 
3061         file->f_path.dentry = DENTRY_NOT_SET;
3062         file->f_path.mnt = nd->path.mnt;
3063         error = dir->i_op->atomic_open(dir, dentry, file,
3064                                        open_to_namei_flags(open_flag), mode);
3065         d_lookup_done(dentry);
3066         if (!error) {
3067                 if (file->f_mode & FMODE_OPENED) {
3068                         /*
3069                          * We didn't have the inode before the open, so check open
3070                          * permission here.
3071                          */
3072                         int acc_mode = op->acc_mode;
3073                         if (file->f_mode & FMODE_CREATED) {
3074                                 WARN_ON(!(open_flag & O_CREAT));
3075                                 fsnotify_create(dir, dentry);
3076                                 acc_mode = 0;
3077                         }
3078                         error = may_open(&file->f_path, acc_mode, open_flag);
3079                         if (WARN_ON(error > 0))
3080                                 error = -EINVAL;
3081                 } else if (WARN_ON(file->f_path.dentry == DENTRY_NOT_SET)) {
3082                         error = -EIO;
3083                 } else {
3084                         if (file->f_path.dentry) {
3085                                 dput(dentry);
3086                                 dentry = file->f_path.dentry;
3087                         }
3088                         if (file->f_mode & FMODE_CREATED)
3089                                 fsnotify_create(dir, dentry);
3090                         if (unlikely(d_is_negative(dentry))) {
3091                                 error = -ENOENT;
3092                         } else {
3093                                 path->dentry = dentry;
3094                                 path->mnt = nd->path.mnt;
3095                                 return 0;
3096                         }
3097                 }
3098         }
3099         dput(dentry);
3100         return error;
3101 }
3102 
3103 /*
3104  * Look up and maybe create and open the last component.
3105  *
3106  * Must be called with parent locked (exclusive in O_CREAT case).
3107  *
3108  * Returns 0 on success, that is, if
3109  *  the file was successfully atomically created (if necessary) and opened, or
3110  *  the file was not completely opened at this time, though lookups and
3111  *  creations were performed.
3112  * These case are distinguished by presence of FMODE_OPENED on file->f_mode.
3113  * In the latter case dentry returned in @path might be negative if O_CREAT
3114  * hadn't been specified.
3115  *
3116  * An error code is returned on failure.
3117  */
3118 static int lookup_open(struct nameidata *nd, struct path *path,
3119                         struct file *file,
3120                         const struct open_flags *op,
3121                         bool got_write)
3122 {
3123         struct dentry *dir = nd->path.dentry;
3124         struct inode *dir_inode = dir->d_inode;
3125         int open_flag = op->open_flag;
3126         struct dentry *dentry;
3127         int error, create_error = 0;
3128         umode_t mode = op->mode;
3129         DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq);
3130 
3131         if (unlikely(IS_DEADDIR(dir_inode)))
3132                 return -ENOENT;
3133 
3134         file->f_mode &= ~FMODE_CREATED;
3135         dentry = d_lookup(dir, &nd->last);
3136         for (;;) {
3137                 if (!dentry) {
3138                         dentry = d_alloc_parallel(dir, &nd->last, &wq);
3139                         if (IS_ERR(dentry))
3140                                 return PTR_ERR(dentry);
3141                 }
3142                 if (d_in_lookup(dentry))
3143                         break;
3144 
3145                 error = d_revalidate(dentry, nd->flags);
3146                 if (likely(error > 0))
3147                         break;
3148                 if (error)
3149                         goto out_dput;
3150                 d_invalidate(dentry);
3151                 dput(dentry);
3152                 dentry = NULL;
3153         }
3154         if (dentry->d_inode) {
3155                 /* Cached positive dentry: will open in f_op->open */
3156                 goto out_no_open;
3157         }
3158 
3159         /*
3160          * Checking write permission is tricky, bacuse we don't know if we are
3161          * going to actually need it: O_CREAT opens should work as long as the
3162          * file exists.  But checking existence breaks atomicity.  The trick is
3163          * to check access and if not granted clear O_CREAT from the flags.
3164          *
3165          * Another problem is returing the "right" error value (e.g. for an
3166          * O_EXCL open we want to return EEXIST not EROFS).
3167          */
3168         if (open_flag & O_CREAT) {
3169                 if (!IS_POSIXACL(dir->d_inode))
3170                         mode &= ~current_umask();
3171                 if (unlikely(!got_write)) {
3172                         create_error = -EROFS;
3173                         open_flag &= ~O_CREAT;
3174                         if (open_flag & (O_EXCL | O_TRUNC))
3175                                 goto no_open;
3176                         /* No side effects, safe to clear O_CREAT */
3177                 } else {
3178                         create_error = may_o_create(&nd->path, dentry, mode);
3179                         if (create_error) {
3180                                 open_flag &= ~O_CREAT;
3181                                 if (open_flag & O_EXCL)
3182                                         goto no_open;
3183                         }
3184                 }
3185         } else if ((open_flag & (O_TRUNC|O_WRONLY|O_RDWR)) &&
3186                    unlikely(!got_write)) {
3187                 /*
3188                  * No O_CREATE -> atomicity not a requirement -> fall
3189                  * back to lookup + open
3190                  */
3191                 goto no_open;
3192         }
3193 
3194         if (dir_inode->i_op->atomic_open) {
3195                 error = atomic_open(nd, dentry, path, file, op, open_flag,
3196                                     mode);
3197                 if (unlikely(error == -ENOENT) && create_error)
3198                         error = create_error;
3199                 return error;
3200         }
3201 
3202 no_open:
3203         if (d_in_lookup(dentry)) {
3204                 struct dentry *res = dir_inode->i_op->lookup(dir_inode, dentry,
3205                                                              nd->flags);
3206                 d_lookup_done(dentry);
3207                 if (unlikely(res)) {
3208                         if (IS_ERR(res)) {
3209                                 error = PTR_ERR(res);
3210                                 goto out_dput;
3211                         }
3212                         dput(dentry);
3213                         dentry = res;
3214                 }
3215         }
3216 
3217         /* Negative dentry, just create the file */
3218         if (!dentry->d_inode && (open_flag & O_CREAT)) {
3219                 file->f_mode |= FMODE_CREATED;
3220                 audit_inode_child(dir_inode, dentry, AUDIT_TYPE_CHILD_CREATE);
3221                 if (!dir_inode->i_op->create) {
3222                         error = -EACCES;
3223                         goto out_dput;
3224                 }
3225                 error = dir_inode->i_op->create(dir_inode, dentry, mode,
3226                                                 open_flag & O_EXCL);
3227                 if (error)
3228                         goto out_dput;
3229                 fsnotify_create(dir_inode, dentry);
3230         }
3231         if (unlikely(create_error) && !dentry->d_inode) {
3232                 error = create_error;
3233                 goto out_dput;
3234         }
3235 out_no_open:
3236         path->dentry = dentry;
3237         path->mnt = nd->path.mnt;
3238         return 0;
3239 
3240 out_dput:
3241         dput(dentry);
3242         return error;
3243 }
3244 
3245 /*
3246  * Handle the last step of open()
3247  */
3248 static int do_last(struct nameidata *nd,
3249                    struct file *file, const struct open_flags *op)
3250 {
3251         struct dentry *dir = nd->path.dentry;
3252         kuid_t dir_uid = nd->inode->i_uid;
3253         umode_t dir_mode = nd->inode->i_mode;
3254         int open_flag = op->open_flag;
3255         bool will_truncate = (open_flag & O_TRUNC) != 0;
3256         bool got_write = false;
3257         int acc_mode = op->acc_mode;
3258         unsigned seq;
3259         struct inode *inode;
3260         struct path path;
3261         int error;
3262 
3263         nd->flags &= ~LOOKUP_PARENT;
3264         nd->flags |= op->intent;
3265 
3266         if (nd->last_type != LAST_NORM) {
3267                 error = handle_dots(nd, nd->last_type);
3268                 if (unlikely(error))
3269                         return error;
3270                 goto finish_open;
3271         }
3272 
3273         if (!(open_flag & O_CREAT)) {
3274                 if (nd->last.name[nd->last.len])
3275                         nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
3276                 /* we _can_ be in RCU mode here */
3277                 error = lookup_fast(nd, &path, &inode, &seq);
3278                 if (likely(error > 0))
3279                         goto finish_lookup;
3280 
3281                 if (error < 0)
3282                         return error;
3283 
3284                 BUG_ON(nd->inode != dir->d_inode);
3285                 BUG_ON(nd->flags & LOOKUP_RCU);
3286         } else {
3287                 /* create side of things */
3288                 /*
3289                  * This will *only* deal with leaving RCU mode - LOOKUP_JUMPED
3290                  * has been cleared when we got to the last component we are
3291                  * about to look up
3292                  */
3293                 error = complete_walk(nd);
3294                 if (error)
3295                         return error;
3296 
3297                 audit_inode(nd->name, dir, AUDIT_INODE_PARENT);
3298                 /* trailing slashes? */
3299                 if (unlikely(nd->last.name[nd->last.len]))
3300                         return -EISDIR;
3301         }
3302 
3303         if (open_flag & (O_CREAT | O_TRUNC | O_WRONLY | O_RDWR)) {
3304                 error = mnt_want_write(nd->path.mnt);
3305                 if (!error)
3306                         got_write = true;
3307                 /*
3308                  * do _not_ fail yet - we might not need that or fail with
3309                  * a different error; let lookup_open() decide; we'll be
3310                  * dropping this one anyway.
3311                  */
3312         }
3313         if (open_flag & O_CREAT)
3314                 inode_lock(dir->d_inode);
3315         else
3316                 inode_lock_shared(dir->d_inode);
3317         error = lookup_open(nd, &path, file, op, got_write);
3318         if (open_flag & O_CREAT)
3319                 inode_unlock(dir->d_inode);
3320         else
3321                 inode_unlock_shared(dir->d_inode);
3322 
3323         if (error)
3324                 goto out;
3325 
3326         if (file->f_mode & FMODE_OPENED) {
3327                 if ((file->f_mode & FMODE_CREATED) ||
3328                     !S_ISREG(file_inode(file)->i_mode))
3329                         will_truncate = false;
3330 
3331                 audit_inode(nd->name, file->f_path.dentry, 0);
3332                 goto opened;
3333         }
3334 
3335         if (file->f_mode & FMODE_CREATED) {
3336                 /* Don't check for write permission, don't truncate */
3337                 open_flag &= ~O_TRUNC;
3338                 will_truncate = false;
3339                 acc_mode = 0;
3340                 path_to_nameidata(&path, nd);
3341                 goto finish_open_created;
3342         }
3343 
3344         /*
3345          * If atomic_open() acquired write access it is dropped now due to
3346          * possible mount and symlink following (this might be optimized away if
3347          * necessary...)
3348          */
3349         if (got_write) {
3350                 mnt_drop_write(nd->path.mnt);
3351                 got_write = false;
3352         }
3353 
3354         error = follow_managed(&path, nd);
3355         if (unlikely(error < 0))
3356                 return error;
3357 
3358         if (unlikely(d_is_negative(path.dentry))) {
3359                 path_to_nameidata(&path, nd);
3360                 return -ENOENT;
3361         }
3362 
3363         /*
3364          * create/update audit record if it already exists.
3365          */
3366         audit_inode(nd->name, path.dentry, 0);
3367 
3368         if (unlikely((open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT))) {
3369                 path_to_nameidata(&path, nd);
3370                 return -EEXIST;
3371         }
3372 
3373         seq = 0;        /* out of RCU mode, so the value doesn't matter */
3374         inode = d_backing_inode(path.dentry);
3375 finish_lookup:
3376         error = step_into(nd, &path, 0, inode, seq);
3377         if (unlikely(error))
3378                 return error;
3379 finish_open:
3380         /* Why this, you ask?  _Now_ we might have grown LOOKUP_JUMPED... */
3381         error = complete_walk(nd);
3382         if (error)
3383                 return error;
3384         audit_inode(nd->name, nd->path.dentry, 0);
3385         if (open_flag & O_CREAT) {
3386                 error = -EISDIR;
3387                 if (d_is_dir(nd->path.dentry))
3388                         goto out;
3389                 error = may_create_in_sticky(dir_mode, dir_uid,
3390                                              d_backing_inode(nd->path.dentry));
3391                 if (unlikely(error))
3392                         goto out;
3393         }
3394         error = -ENOTDIR;
3395         if ((nd->flags & LOOKUP_DIRECTORY) && !d_can_lookup(nd->path.dentry))
3396                 goto out;
3397         if (!d_is_reg(nd->path.dentry))
3398                 will_truncate = false;
3399 
3400         if (will_truncate) {
3401                 error = mnt_want_write(nd->path.mnt);
3402                 if (error)
3403                         goto out;
3404                 got_write = true;
3405         }
3406 finish_open_created:
3407         error = may_open(&nd->path, acc_mode, open_flag);
3408         if (error)
3409                 goto out;
3410         BUG_ON(file->f_mode & FMODE_OPENED); /* once it's opened, it's opened */
3411         error = vfs_open(&nd->path, file);
3412         if (error)
3413                 goto out;
3414 opened:
3415         error = ima_file_check(file, op->acc_mode);
3416         if (!error && will_truncate)
3417                 error = handle_truncate(file);
3418 out:
3419         if (unlikely(error > 0)) {
3420                 WARN_ON(1);
3421                 error = -EINVAL;
3422         }
3423         if (got_write)
3424                 mnt_drop_write(nd->path.mnt);
3425         return error;
3426 }
3427 
3428 struct dentry *vfs_tmpfile(struct dentry *dentry, umode_t mode, int open_flag)
3429 {
3430         struct dentry *child = NULL;
3431         struct inode *dir = dentry->d_inode;
3432         struct inode *inode;
3433         int error;
3434 
3435         /* we want directory to be writable */
3436         error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
3437         if (error)
3438                 goto out_err;
3439         error = -EOPNOTSUPP;
3440         if (!dir->i_op->tmpfile)
3441                 goto out_err;
3442         error = -ENOMEM;
3443         child = d_alloc(dentry, &slash_name);
3444         if (unlikely(!child))
3445                 goto out_err;
3446         error = dir->i_op->tmpfile(dir, child, mode);
3447         if (error)
3448                 goto out_err;
3449         error = -ENOENT;
3450         inode = child->d_inode;
3451         if (unlikely(!inode))
3452                 goto out_err;
3453         if (!(open_flag & O_EXCL)) {
3454                 spin_lock(&inode->i_lock);
3455                 inode->i_state |= I_LINKABLE;
3456                 spin_unlock(&inode->i_lock);
3457         }
3458         ima_post_create_tmpfile(inode);
3459         return child;
3460 
3461 out_err:
3462         dput(child);
3463         return ERR_PTR(error);
3464 }
3465 EXPORT_SYMBOL(vfs_tmpfile);
3466 
3467 static int do_tmpfile(struct nameidata *nd, unsigned flags,
3468                 const struct open_flags *op,
3469                 struct file *file)
3470 {
3471         struct dentry *child;
3472         struct path path;
3473         int error = path_lookupat(nd, flags | LOOKUP_DIRECTORY, &path);
3474         if (unlikely(error))
3475                 return error;
3476         error = mnt_want_write(path.mnt);
3477         if (unlikely(error))
3478                 goto out;
3479         child = vfs_tmpfile(path.dentry, op->mode, op->open_flag);
3480         error = PTR_ERR(child);
3481         if (IS_ERR(child))
3482                 goto out2;
3483         dput(path.dentry);
3484         path.dentry = child;
3485         audit_inode(nd->name, child, 0);
3486         /* Don't check for other permissions, the inode was just created */
3487         error = may_open(&path, 0, op->open_flag);
3488         if (error)
3489                 goto out2;
3490         file->f_path.mnt = path.mnt;
3491         error = finish_open(file, child, NULL);
3492 out2:
3493         mnt_drop_write(path.mnt);
3494 out:
3495         path_put(&path);
3496         return error;
3497 }
3498 
3499 static int do_o_path(struct nameidata *nd, unsigned flags, struct file *file)
3500 {
3501         struct path path;
3502         int error = path_lookupat(nd, flags, &path);
3503         if (!error) {
3504                 audit_inode(nd->name, path.dentry, 0);
3505                 error = vfs_open(&path, file);
3506                 path_put(&path);
3507         }
3508         return error;
3509 }
3510 
3511 static struct file *path_openat(struct nameidata *nd,
3512                         const struct open_flags *op, unsigned flags)
3513 {
3514         struct file *file;
3515         int error;
3516 
3517         file = alloc_empty_file(op->open_flag, current_cred());
3518         if (IS_ERR(file))
3519                 return file;
3520 
3521         if (unlikely(file->f_flags & __O_TMPFILE)) {
3522                 error = do_tmpfile(nd, flags, op, file);
3523         } else if (unlikely(file->f_flags & O_PATH)) {
3524                 error = do_o_path(nd, flags, file);
3525         } else {
3526                 const char *s = path_init(nd, flags);
3527                 while (!(error = link_path_walk(s, nd)) &&
3528                         (error = do_last(nd, file, op)) > 0) {
3529                         nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL);
3530                         s = trailing_symlink(nd);
3531                 }
3532                 terminate_walk(nd);
3533         }
3534         if (likely(!error)) {
3535                 if (likely(file->f_mode & FMODE_OPENED))
3536                         return file;
3537                 WARN_ON(1);
3538                 error = -EINVAL;
3539         }
3540         fput(file);
3541         if (error == -EOPENSTALE) {
3542                 if (flags & LOOKUP_RCU)
3543                         error = -ECHILD;
3544                 else
3545                         error = -ESTALE;
3546         }
3547         return ERR_PTR(error);
3548 }
3549 
3550 struct file *do_filp_open(int dfd, struct filename *pathname,
3551                 const struct open_flags *op)
3552 {
3553         struct nameidata nd;
3554         int flags = op->lookup_flags;
3555         struct file *filp;
3556 
3557         set_nameidata(&nd, dfd, pathname);
3558         filp = path_openat(&nd, op, flags | LOOKUP_RCU);
3559         if (unlikely(filp == ERR_PTR(-ECHILD)))
3560                 filp = path_openat(&nd, op, flags);
3561         if (unlikely(filp == ERR_PTR(-ESTALE)))
3562                 filp = path_openat(&nd, op, flags | LOOKUP_REVAL);
3563         restore_nameidata();
3564         return filp;
3565 }
3566 
3567 struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt,
3568                 const char *name, const struct open_flags *op)
3569 {
3570         struct nameidata nd;
3571         struct file *file;
3572         struct filename *filename;
3573         int flags = op->lookup_flags | LOOKUP_ROOT;
3574 
3575         nd.root.mnt = mnt;
3576         nd.root.dentry = dentry;
3577 
3578         if (d_is_symlink(dentry) && op->intent & LOOKUP_OPEN)
3579                 return ERR_PTR(-ELOOP);
3580 
3581         filename = getname_kernel(name);
3582         if (IS_ERR(filename))
3583                 return ERR_CAST(filename);
3584 
3585         set_nameidata(&nd, -1, filename);
3586         file = path_openat(&nd, op, flags | LOOKUP_RCU);
3587         if (unlikely(file == ERR_PTR(-ECHILD)))
3588                 file = path_openat(&nd, op, flags);
3589         if (unlikely(file == ERR_PTR(-ESTALE)))
3590                 file = path_openat(&nd, op, flags | LOOKUP_REVAL);
3591         restore_nameidata();
3592         putname(filename);
3593         return file;
3594 }
3595 
3596 static struct dentry *filename_create(int dfd, struct filename *name,
3597                                 struct path *path, unsigned int lookup_flags)
3598 {
3599         struct dentry *dentry = ERR_PTR(-EEXIST);
3600         struct qstr last;
3601         int type;
3602         int err2;
3603         int error;
3604         bool is_dir = (lookup_flags & LOOKUP_DIRECTORY);
3605 
3606         /*
3607          * Note that only LOOKUP_REVAL and LOOKUP_DIRECTORY matter here. Any
3608          * other flags passed in are ignored!
3609          */
3610         lookup_flags &= LOOKUP_REVAL;
3611 
3612         name = filename_parentat(dfd, name, lookup_flags, path, &last, &type);
3613         if (IS_ERR(name))
3614                 return ERR_CAST(name);
3615 
3616         /*
3617          * Yucky last component or no last component at all?
3618          * (foo/., foo/.., /////)
3619          */
3620         if (unlikely(type != LAST_NORM))
3621                 goto out;
3622 
3623         /* don't fail immediately if it's r/o, at least try to report other errors */
3624         err2 = mnt_want_write(path->mnt);
3625         /*
3626          * Do the final lookup.
3627          */
3628         lookup_flags |= LOOKUP_CREATE | LOOKUP_EXCL;
3629         inode_lock_nested(path->dentry->d_inode, I_MUTEX_PARENT);
3630         dentry = __lookup_hash(&last, path->dentry, lookup_flags);
3631         if (IS_ERR(dentry))
3632                 goto unlock;
3633 
3634         error = -EEXIST;
3635         if (d_is_positive(dentry))
3636                 goto fail;
3637 
3638         /*
3639          * Special case - lookup gave negative, but... we had foo/bar/
3640          * From the vfs_mknod() POV we just have a negative dentry -
3641          * all is fine. Let's be bastards - you had / on the end, you've
3642          * been asking for (non-existent) directory. -ENOENT for you.
3643          */
3644         if (unlikely(!is_dir && last.name[last.len])) {
3645                 error = -ENOENT;
3646                 goto fail;
3647         }
3648         if (unlikely(err2)) {
3649                 error = err2;
3650                 goto fail;
3651         }
3652         putname(name);
3653         return dentry;
3654 fail:
3655         dput(dentry);
3656         dentry = ERR_PTR(error);
3657 unlock:
3658         inode_unlock(path->dentry->d_inode);
3659         if (!err2)
3660                 mnt_drop_write(path->mnt);
3661 out:
3662         path_put(path);
3663         putname(name);
3664         return dentry;
3665 }
3666 
3667 struct dentry *kern_path_create(int dfd, const char *pathname,
3668                                 struct path *path, unsigned int lookup_flags)
3669 {
3670         return filename_create(dfd, getname_kernel(pathname),
3671                                 path, lookup_flags);
3672 }
3673 EXPORT_SYMBOL(kern_path_create);
3674 
3675 void done_path_create(struct path *path, struct dentry *dentry)
3676 {
3677         dput(dentry);
3678         inode_unlock(path->dentry->d_inode);
3679         mnt_drop_write(path->mnt);
3680         path_put(path);
3681 }
3682 EXPORT_SYMBOL(done_path_create);
3683 
3684 inline struct dentry *user_path_create(int dfd, const char __user *pathname,
3685                                 struct path *path, unsigned int lookup_flags)
3686 {
3687         return filename_create(dfd, getname(pathname), path, lookup_flags);
3688 }
3689 EXPORT_SYMBOL(user_path_create);
3690 
3691 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
3692 {
3693         int error = may_create(dir, dentry);
3694 
3695         if (error)
3696                 return error;
3697 
3698         if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
3699                 return -EPERM;
3700 
3701         if (!dir->i_op->mknod)
3702                 return -EPERM;
3703 
3704         error = devcgroup_inode_mknod(mode, dev);
3705         if (error)
3706                 return error;
3707 
3708         error = security_inode_mknod(dir, dentry, mode, dev);
3709         if (error)
3710                 return error;
3711 
3712         error = dir->i_op->mknod(dir, dentry, mode, dev);
3713         if (!error)
3714                 fsnotify_create(dir, dentry);
3715         return error;
3716 }
3717 EXPORT_SYMBOL(vfs_mknod);
3718 
3719 static int may_mknod(umode_t mode)
3720 {
3721         switch (mode & S_IFMT) {
3722         case S_IFREG:
3723         case S_IFCHR:
3724         case S_IFBLK:
3725         case S_IFIFO:
3726         case S_IFSOCK:
3727         case 0: /* zero mode translates to S_IFREG */
3728                 return 0;
3729         case S_IFDIR:
3730                 return -EPERM;
3731         default:
3732                 return -EINVAL;
3733         }
3734 }
3735 
3736 long do_mknodat(int dfd, const char __user *filename, umode_t mode,
3737                 unsigned int dev)
3738 {
3739         struct dentry *dentry;
3740         struct path path;
3741         int error;
3742         unsigned int lookup_flags = 0;
3743 
3744         error = may_mknod(mode);
3745         if (error)
3746                 return error;
3747 retry:
3748         dentry = user_path_create(dfd, filename, &path, lookup_flags);
3749         if (IS_ERR(dentry))
3750                 return PTR_ERR(dentry);
3751 
3752         if (!IS_POSIXACL(path.dentry->d_inode))
3753                 mode &= ~current_umask();
3754         error = security_path_mknod(&path, dentry, mode, dev);
3755         if (error)
3756                 goto out;
3757         switch (mode & S_IFMT) {
3758                 case 0: case S_IFREG:
3759                         error = vfs_create(path.dentry->d_inode,dentry,mode,true);
3760                         if (!error)
3761                                 ima_post_path_mknod(dentry);
3762                         break;
3763                 case S_IFCHR: case S_IFBLK:
3764                         error = vfs_mknod(path.dentry->d_inode,dentry,mode,
3765                                         new_decode_dev(dev));
3766                         break;
3767                 case S_IFIFO: case S_IFSOCK:
3768                         error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
3769                         break;
3770         }
3771 out:
3772         done_path_create(&path, dentry);
3773         if (retry_estale(error, lookup_flags)) {
3774                 lookup_flags |= LOOKUP_REVAL;
3775                 goto retry;
3776         }
3777         return error;
3778 }
3779 
3780 SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
3781                 unsigned int, dev)
3782 {
3783         return do_mknodat(dfd, filename, mode, dev);
3784 }
3785 
3786 SYSCALL_DEFINE3(mknod, const char __user *, filename, umode_t, mode, unsigned, dev)
3787 {
3788         return do_mknodat(AT_FDCWD, filename, mode, dev);
3789 }
3790 
3791 int vfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
3792 {
3793         int error = may_create(dir, dentry);
3794         unsigned max_links = dir->i_sb->s_max_links;
3795 
3796         if (error)
3797                 return error;
3798 
3799         if (!dir->i_op->mkdir)
3800                 return -EPERM;
3801 
3802         mode &= (S_IRWXUGO|S_ISVTX);
3803         error = security_inode_mkdir(dir, dentry, mode);
3804         if (error)
3805                 return error;
3806 
3807         if (max_links && dir->i_nlink >= max_links)
3808                 return -EMLINK;
3809 
3810         error = dir->i_op->mkdir(dir, dentry, mode);
3811         if (!error)
3812                 fsnotify_mkdir(dir, dentry);
3813         return error;
3814 }
3815 EXPORT_SYMBOL(vfs_mkdir);
3816 
3817 long do_mkdirat(int dfd, const char __user *pathname, umode_t mode)
3818 {
3819         struct dentry *dentry;
3820         struct path path;
3821         int error;
3822         unsigned int lookup_flags = LOOKUP_DIRECTORY;
3823 
3824 retry:
3825         dentry = user_path_create(dfd, pathname, &path, lookup_flags);
3826         if (IS_ERR(dentry))
3827                 return PTR_ERR(dentry);
3828 
3829         if (!IS_POSIXACL(path.dentry->d_inode))
3830                 mode &= ~current_umask();
3831         error = security_path_mkdir(&path, dentry, mode);
3832         if (!error)
3833                 error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
3834         done_path_create(&path, dentry);
3835         if (retry_estale(error, lookup_flags)) {
3836                 lookup_flags |= LOOKUP_REVAL;
3837                 goto retry;
3838         }
3839         return error;
3840 }
3841 
3842 SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode)
3843 {
3844         return do_mkdirat(dfd, pathname, mode);
3845 }
3846 
3847 SYSCALL_DEFINE2(mkdir, const char __user *, pathname, umode_t, mode)
3848 {
3849         return do_mkdirat(AT_FDCWD, pathname, mode);
3850 }
3851 
3852 int vfs_rmdir(struct inode *dir, struct dentry *dentry)
3853 {
3854         int error = may_delete(dir, dentry, 1);
3855 
3856         if (error)
3857                 return error;
3858 
3859         if (!dir->i_op->rmdir)
3860                 return -EPERM;
3861 
3862         dget(dentry);
3863         inode_lock(dentry->d_inode);
3864 
3865         error = -EBUSY;
3866         if (is_local_mountpoint(dentry))
3867                 goto out;
3868 
3869         error = security_inode_rmdir(dir, dentry);
3870         if (error)
3871                 goto out;
3872 
3873         error = dir->i_op->rmdir(dir, dentry);
3874         if (error)
3875                 goto out;
3876 
3877         shrink_dcache_parent(dentry);
3878         dentry->d_inode->i_flags |= S_DEAD;
3879         dont_mount(dentry);
3880         detach_mounts(dentry);
3881         fsnotify_rmdir(dir, dentry);
3882 
3883 out:
3884         inode_unlock(dentry->d_inode);
3885         dput(dentry);
3886         if (!error)
3887                 d_delete(dentry);
3888         return error;
3889 }
3890 EXPORT_SYMBOL(vfs_rmdir);
3891 
3892 long do_rmdir(int dfd, const char __user *pathname)
3893 {
3894         int error = 0;
3895         struct filename *name;
3896         struct dentry *dentry;
3897         struct path path;
3898         struct qstr last;
3899         int type;
3900         unsigned int lookup_flags = 0;
3901 retry:
3902         name = filename_parentat(dfd, getname(pathname), lookup_flags,
3903                                 &path, &last, &type);
3904         if (IS_ERR(name))
3905                 return PTR_ERR(name);
3906 
3907         switch (type) {
3908         case LAST_DOTDOT:
3909                 error = -ENOTEMPTY;
3910                 goto exit1;
3911         case LAST_DOT:
3912                 error = -EINVAL;
3913                 goto exit1;
3914         case LAST_ROOT:
3915                 error = -EBUSY;
3916                 goto exit1;
3917         }
3918 
3919         error = mnt_want_write(path.mnt);
3920         if (error)
3921                 goto exit1;
3922 
3923         inode_lock_nested(path.dentry->d_inode, I_MUTEX_PARENT);
3924         dentry = __lookup_hash(&last, path.dentry, lookup_flags);
3925         error = PTR_ERR(dentry);
3926         if (IS_ERR(dentry))
3927                 goto exit2;
3928         if (!dentry->d_inode) {
3929                 error = -ENOENT;
3930                 goto exit3;
3931         }
3932         error = security_path_rmdir(&path, dentry);
3933         if (error)
3934                 goto exit3;
3935         error = vfs_rmdir(path.dentry->d_inode, dentry);
3936 exit3:
3937         dput(dentry);
3938 exit2:
3939         inode_unlock(path.dentry->d_inode);
3940         mnt_drop_write(path.mnt);
3941 exit1:
3942         path_put(&path);
3943         putname(name);
3944         if (retry_estale(error, lookup_flags)) {
3945                 lookup_flags |= LOOKUP_REVAL;
3946                 goto retry;
3947         }
3948         return error;
3949 }
3950 
3951 SYSCALL_DEFINE1(rmdir, const char __user *, pathname)
3952 {
3953         return do_rmdir(AT_FDCWD, pathname);
3954 }
3955 
3956 /**
3957  * vfs_unlink - unlink a filesystem object
3958  * @dir:        parent directory
3959  * @dentry:     victim
3960  * @delegated_inode: returns victim inode, if the inode is delegated.
3961  *
3962  * The caller must hold dir->i_mutex.
3963  *
3964  * If vfs_unlink discovers a delegation, it will return -EWOULDBLOCK and
3965  * return a reference to the inode in delegated_inode.  The caller
3966  * should then break the delegation on that inode and retry.  Because
3967  * breaking a delegation may take a long time, the caller should drop
3968  * dir->i_mutex before doing so.
3969  *
3970  * Alternatively, a caller may pass NULL for delegated_inode.  This may
3971  * be appropriate for callers that expect the underlying filesystem not
3972  * to be NFS exported.
3973  */
3974 int vfs_unlink(struct inode *dir, struct dentry *dentry, struct inode **delegated_inode)
3975 {
3976         struct inode *target = dentry->d_inode;
3977         int error = may_delete(dir, dentry, 0);
3978 
3979         if (error)
3980                 return error;
3981 
3982         if (!dir->i_op->unlink)
3983                 return -EPERM;
3984 
3985         inode_lock(target);
3986         if (is_local_mountpoint(dentry))
3987                 error = -EBUSY;
3988         else {
3989                 error = security_inode_unlink(dir, dentry);
3990                 if (!error) {
3991                         error = try_break_deleg(target, delegated_inode);
3992                         if (error)
3993                                 goto out;
3994                         error = dir->i_op->unlink(dir, dentry);
3995                         if (!error) {
3996                                 dont_mount(dentry);
3997                                 detach_mounts(dentry);
3998                                 fsnotify_unlink(dir, dentry);
3999                         }
4000                 }
4001         }
4002 out:
4003         inode_unlock(target);
4004 
4005         /* We don't d_delete() NFS sillyrenamed files--they still exist. */
4006         if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
4007                 fsnotify_link_count(target);
4008                 d_delete(dentry);
4009         }
4010 
4011         return error;
4012 }
4013 EXPORT_SYMBOL(vfs_unlink);
4014 
4015 /*
4016  * Make sure that the actual truncation of the file will occur outside its
4017  * directory's i_mutex.  Truncate can take a long time if there is a lot of
4018  * writeout happening, and we don't want to prevent access to the directory
4019  * while waiting on the I/O.
4020  */
4021 long do_unlinkat(int dfd, struct filename *name)
4022 {
4023         int error;
4024         struct dentry *dentry;
4025         struct path path;
4026         struct qstr last;
4027         int type;
4028         struct inode *inode = NULL;
4029         struct inode *delegated_inode = NULL;
4030         unsigned int lookup_flags = 0;
4031 retry:
4032         name = filename_parentat(dfd, name, lookup_flags, &path, &last, &type);
4033         if (IS_ERR(name))
4034                 return PTR_ERR(name);
4035 
4036         error = -EISDIR;
4037         if (type != LAST_NORM)
4038                 goto exit1;
4039 
4040         error = mnt_want_write(path.mnt);
4041         if (error)
4042                 goto exit1;
4043 retry_deleg:
4044         inode_lock_nested(path.dentry->d_inode, I_MUTEX_PARENT);
4045         dentry = __lookup_hash(&last, path.dentry, lookup_flags);
4046         error = PTR_ERR(dentry);
4047         if (!IS_ERR(dentry)) {
4048                 /* Why not before? Because we want correct error value */
4049                 if (last.name[last.len])
4050                         goto slashes;
4051                 inode = dentry->d_inode;
4052                 if (d_is_negative(dentry))
4053                         goto slashes;
4054                 ihold(inode);
4055                 error = security_path_unlink(&path, dentry);
4056                 if (error)
4057                         goto exit2;
4058                 error = vfs_unlink(path.dentry->d_inode, dentry, &delegated_inode);
4059 exit2:
4060                 dput(dentry);
4061         }
4062         inode_unlock(path.dentry->d_inode);
4063         if (inode)
4064                 iput(inode);    /* truncate the inode here */
4065         inode = NULL;
4066         if (delegated_inode) {
4067                 error = break_deleg_wait(&delegated_inode);
4068                 if (!error)
4069                         goto retry_deleg;
4070         }
4071         mnt_drop_write(path.mnt);
4072 exit1:
4073         path_put(&path);
4074         if (retry_estale(error, lookup_flags)) {
4075                 lookup_flags |= LOOKUP_REVAL;
4076                 inode = NULL;
4077                 goto retry;
4078         }
4079         putname(name);
4080         return error;
4081 
4082 slashes:
4083         if (d_is_negative(dentry))
4084                 error = -ENOENT;
4085         else if (d_is_dir(dentry))
4086                 error = -EISDIR;
4087         else
4088                 error = -ENOTDIR;
4089         goto exit2;
4090 }
4091 
4092 SYSCALL_DEFINE3(unlinkat, int, dfd, const char __user *, pathname, int, flag)
4093 {
4094         if ((flag & ~AT_REMOVEDIR) != 0)
4095                 return -EINVAL;
4096 
4097         if (flag & AT_REMOVEDIR)
4098                 return do_rmdir(dfd, pathname);
4099 
4100         return do_unlinkat(dfd, getname(pathname));
4101 }
4102 
4103 SYSCALL_DEFINE1(unlink, const char __user *, pathname)
4104 {
4105         return do_unlinkat(AT_FDCWD, getname(pathname));
4106 }
4107 
4108 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
4109 {
4110         int error = may_create(dir, dentry);
4111 
4112         if (error)
4113                 return error;
4114 
4115         if (!dir->i_op->symlink)
4116                 return -EPERM;
4117 
4118         error = security_inode_symlink(dir, dentry, oldname);
4119         if (error)
4120                 return error;
4121 
4122         error = dir->i_op->symlink(dir, dentry, oldname);
4123         if (!error)
4124                 fsnotify_create(dir, dentry);
4125         return error;
4126 }
4127 EXPORT_SYMBOL(vfs_symlink);
4128 
4129 long do_symlinkat(const char __user *oldname, int newdfd,
4130                   const char __user *newname)
4131 {
4132         int error;
4133         struct filename *from;
4134         struct dentry *dentry;
4135         struct path path;
4136         unsigned int lookup_flags = 0;
4137 
4138         from = getname(oldname);
4139         if (IS_ERR(from))
4140                 return PTR_ERR(from);
4141 retry:
4142         dentry = user_path_create(newdfd, newname, &path, lookup_flags);
4143         error = PTR_ERR(dentry);
4144         if (IS_ERR(dentry))
4145                 goto out_putname;
4146 
4147         error = security_path_symlink(&path, dentry, from->name);
4148         if (!error)
4149                 error = vfs_symlink(path.dentry->d_inode, dentry, from->name);
4150         done_path_create(&path, dentry);
4151         if (retry_estale(error, lookup_flags)) {
4152                 lookup_flags |= LOOKUP_REVAL;
4153                 goto retry;
4154         }
4155 out_putname:
4156         putname(from);
4157         return error;
4158 }
4159 
4160 SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
4161                 int, newdfd, const char __user *, newname)
4162 {
4163         return do_symlinkat(oldname, newdfd, newname);
4164 }
4165 
4166 SYSCALL_DEFINE2(symlink, const char __user *, oldname, const char __user *, newname)
4167 {
4168         return do_symlinkat(oldname, AT_FDCWD, newname);
4169 }
4170 
4171 /**
4172  * vfs_link - create a new link
4173  * @old_dentry: object to be linked
4174  * @dir:        new parent
4175  * @new_dentry: where to create the new link
4176  * @delegated_inode: returns inode needing a delegation break
4177  *
4178  * The caller must hold dir->i_mutex
4179  *
4180  * If vfs_link discovers a delegation on the to-be-linked file in need
4181  * of breaking, it will return -EWOULDBLOCK and return a reference to the
4182  * inode in delegated_inode.  The caller should then break the delegation
4183  * and retry.  Because breaking a delegation may take a long time, the
4184  * caller should drop the i_mutex before doing so.
4185  *
4186  * Alternatively, a caller may pass NULL for delegated_inode.  This may
4187  * be appropriate for callers that expect the underlying filesystem not
4188  * to be NFS exported.
4189  */
4190 int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry, struct inode **delegated_inode)
4191 {
4192         struct inode *inode = old_dentry->d_inode;
4193         unsigned max_links = dir->i_sb->s_max_links;
4194         int error;
4195 
4196         if (!inode)
4197                 return -ENOENT;
4198 
4199         error = may_create(dir, new_dentry);
4200         if (error)
4201                 return error;
4202 
4203         if (dir->i_sb != inode->i_sb)
4204                 return -EXDEV;
4205 
4206         /*
4207          * A link to an append-only or immutable file cannot be created.
4208          */
4209         if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
4210                 return -EPERM;
4211         /*
4212          * Updating the link count will likely cause i_uid and i_gid to
4213          * be writen back improperly if their true value is unknown to
4214          * the vfs.
4215          */
4216         if (HAS_UNMAPPED_ID(inode))
4217                 return -EPERM;
4218         if (!dir->i_op->link)
4219                 return -EPERM;
4220         if (S_ISDIR(inode->i_mode))
4221                 return -EPERM;
4222 
4223         error = security_inode_link(old_dentry, dir, new_dentry);
4224         if (error)
4225                 return error;
4226 
4227         inode_lock(inode);
4228         /* Make sure we don't allow creating hardlink to an unlinked file */
4229         if (inode->i_nlink == 0 && !(inode->i_state & I_LINKABLE))
4230                 error =  -ENOENT;
4231         else if (max_links && inode->i_nlink >= max_links)
4232                 error = -EMLINK;
4233         else {
4234                 error = try_break_deleg(inode, delegated_inode);
4235                 if (!error)
4236                         error = dir->i_op->link(old_dentry, dir, new_dentry);
4237         }
4238 
4239         if (!error && (inode->i_state & I_LINKABLE)) {
4240                 spin_lock(&inode->i_lock);
4241                 inode->i_state &= ~I_LINKABLE;
4242                 spin_unlock(&inode->i_lock);
4243         }
4244         inode_unlock(inode);
4245         if (!error)
4246                 fsnotify_link(dir, inode, new_dentry);
4247         return error;
4248 }
4249 EXPORT_SYMBOL(vfs_link);
4250 
4251 /*
4252  * Hardlinks are often used in delicate situations.  We avoid
4253  * security-related surprises by not following symlinks on the
4254  * newname.  --KAB
4255  *
4256  * We don't follow them on the oldname either to be compatible
4257  * with linux 2.0, and to avoid hard-linking to directories
4258  * and other special files.  --ADM
4259  */
4260 int do_linkat(int olddfd, const char __user *oldname, int newdfd,
4261               const char __user *newname, int flags)
4262 {
4263         struct dentry *new_dentry;
4264         struct path old_path, new_path;
4265         struct inode *delegated_inode = NULL;
4266         int how = 0;
4267         int error;
4268 
4269         if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
4270                 return -EINVAL;
4271         /*
4272          * To use null names we require CAP_DAC_READ_SEARCH
4273          * This ensures that not everyone will be able to create
4274          * handlink using the passed filedescriptor.
4275          */
4276         if (flags & AT_EMPTY_PATH) {
4277                 if (!capable(CAP_DAC_READ_SEARCH))
4278                         return -ENOENT;
4279                 how = LOOKUP_EMPTY;
4280         }
4281 
4282         if (flags & AT_SYMLINK_FOLLOW)
4283                 how |= LOOKUP_FOLLOW;
4284 retry:
4285         error = user_path_at(olddfd, oldname, how, &old_path);
4286         if (error)
4287                 return error;
4288 
4289         new_dentry = user_path_create(newdfd, newname, &new_path,
4290                                         (how & LOOKUP_REVAL));
4291         error = PTR_ERR(new_dentry);
4292         if (IS_ERR(new_dentry))
4293                 goto out;
4294 
4295         error = -EXDEV;
4296         if (old_path.mnt != new_path.mnt)
4297                 goto out_dput;
4298         error = may_linkat(&old_path);
4299         if (unlikely(error))
4300                 goto out_dput;
4301         error = security_path_link(old_path.dentry, &new_path, new_dentry);
4302         if (error)
4303                 goto out_dput;
4304         error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry, &delegated_inode);
4305 out_dput:
4306         done_path_create(&new_path, new_dentry);
4307         if (delegated_inode) {
4308                 error = break_deleg_wait(&delegated_inode);
4309                 if (!error) {
4310                         path_put(&old_path);
4311                         goto retry;
4312                 }
4313         }
4314         if (retry_estale(error, how)) {
4315                 path_put(&old_path);
4316                 how |= LOOKUP_REVAL;
4317                 goto retry;
4318         }
4319 out:
4320         path_put(&old_path);
4321 
4322         return error;
4323 }
4324 
4325 SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
4326                 int, newdfd, const char __user *, newname, int, flags)
4327 {
4328         return do_linkat(olddfd, oldname, newdfd, newname, flags);
4329 }
4330 
4331 SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname)
4332 {
4333         return do_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
4334 }
4335 
4336 /**
4337  * vfs_rename - rename a filesystem object
4338  * @old_dir:    parent of source
4339  * @old_dentry: source
4340  * @new_dir:    parent of destination
4341  * @new_dentry: destination
4342  * @delegated_inode: returns an inode needing a delegation break
4343  * @flags:      rename flags
4344  *
4345  * The caller must hold multiple mutexes--see lock_rename()).
4346  *
4347  * If vfs_rename discovers a delegation in need of breaking at either
4348  * the source or destination, it will return -EWOULDBLOCK and return a
4349  * reference to the inode in delegated_inode.  The caller should then
4350  * break the delegation and retry.  Because breaking a delegation may
4351  * take a long time, the caller should drop all locks before doing
4352  * so.
4353  *
4354  * Alternatively, a caller may pass NULL for delegated_inode.  This may
4355  * be appropriate for callers that expect the underlying filesystem not
4356  * to be NFS exported.
4357  *
4358  * The worst of all namespace operations - renaming directory. "Perverted"
4359  * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
4360  * Problems:
4361  *
4362  *      a) we can get into loop creation.
4363  *      b) race potential - two innocent renames can create a loop together.
4364  *         That's where 4.4 screws up. Current fix: serialization on
4365  *         sb->s_vfs_rename_mutex. We might be more accurate, but that's another
4366  *         story.
4367  *      c) we have to lock _four_ objects - parents and victim (if it exists),
4368  *         and source (if it is not a directory).
4369  *         And that - after we got ->i_mutex on parents (until then we don't know
4370  *         whether the target exists).  Solution: try to be smart with locking
4371  *         order for inodes.  We rely on the fact that tree topology may change
4372  *         only under ->s_vfs_rename_mutex _and_ that parent of the object we
4373  *         move will be locked.  Thus we can rank directories by the tree
4374  *         (ancestors first) and rank all non-directories after them.
4375  *         That works since everybody except rename does "lock parent, lookup,
4376  *         lock child" and rename is under ->s_vfs_rename_mutex.
4377  *         HOWEVER, it relies on the assumption that any object with ->lookup()
4378  *         has no more than 1 dentry.  If "hybrid" objects will ever appear,
4379  *         we'd better make sure that there's no link(2) for them.
4380  *      d) conversion from fhandle to dentry may come in the wrong moment - when
4381  *         we are removing the target. Solution: we will have to grab ->i_mutex
4382  *         in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
4383  *         ->i_mutex on parents, which works but leads to some truly excessive
4384  *         locking].
4385  */
4386 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
4387                struct inode *new_dir, struct dentry *new_dentry,
4388                struct inode **delegated_inode, unsigned int flags)
4389 {
4390         int error;
4391         bool is_dir = d_is_dir(old_dentry);
4392         struct inode *source = old_dentry->d_inode;
4393         struct inode *target = new_dentry->d_inode;
4394         bool new_is_dir = false;
4395         unsigned max_links = new_dir->i_sb->s_max_links;
4396         struct name_snapshot old_name;
4397 
4398         if (source == target)
4399                 return 0;
4400 
4401         error = may_delete(old_dir, old_dentry, is_dir);
4402         if (error)
4403                 return error;
4404 
4405         if (!target) {
4406                 error = may_create(new_dir, new_dentry);
4407         } else {
4408                 new_is_dir = d_is_dir(new_dentry);
4409 
4410                 if (!(flags & RENAME_EXCHANGE))
4411                         error = may_delete(new_dir, new_dentry, is_dir);
4412                 else
4413                         error = may_delete(new_dir, new_dentry, new_is_dir);
4414         }
4415         if (error)
4416                 return error;
4417 
4418         if (!old_dir->i_op->rename)
4419                 return -EPERM;
4420 
4421         /*
4422          * If we are going to change the parent - check write permissions,
4423          * we'll need to flip '..'.
4424          */
4425         if (new_dir != old_dir) {
4426                 if (is_dir) {
4427                         error = inode_permission(source, MAY_WRITE);
4428                         if (error)
4429                                 return error;
4430                 }
4431                 if ((flags & RENAME_EXCHANGE) && new_is_dir) {
4432                         error = inode_permission(target, MAY_WRITE);
4433                         if (error)
4434                                 return error;
4435                 }
4436         }
4437 
4438         error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry,
4439                                       flags);
4440         if (error)
4441                 return error;
4442 
4443         take_dentry_name_snapshot(&old_name, old_dentry);
4444         dget(new_dentry);
4445         if (!is_dir || (flags & RENAME_EXCHANGE))
4446                 lock_two_nondirectories(source, target);
4447         else if (target)
4448                 inode_lock(target);
4449 
4450         error = -EBUSY;
4451         if (is_local_mountpoint(old_dentry) || is_local_mountpoint(new_dentry))
4452                 goto out;
4453 
4454         if (max_links && new_dir != old_dir) {
4455                 error = -EMLINK;
4456                 if (is_dir && !new_is_dir && new_dir->i_nlink >= max_links)
4457                         goto out;
4458                 if ((flags & RENAME_EXCHANGE) && !is_dir && new_is_dir &&
4459                     old_dir->i_nlink >= max_links)
4460                         goto out;
4461         }
4462         if (!is_dir) {
4463                 error = try_break_deleg(source, delegated_inode);
4464                 if (error)
4465                         goto out;
4466         }
4467         if (target && !new_is_dir) {
4468                 error = try_break_deleg(target, delegated_inode);
4469                 if (error)
4470                         goto out;
4471         }
4472         error = old_dir->i_op->rename(old_dir, old_dentry,
4473                                        new_dir, new_dentry, flags);
4474         if (error)
4475                 goto out;
4476 
4477         if (!(flags & RENAME_EXCHANGE) && target) {
4478                 if (is_dir) {
4479                         shrink_dcache_parent(new_dentry);
4480                         target->i_flags |= S_DEAD;
4481                 }
4482                 dont_mount(new_dentry);
4483                 detach_mounts(new_dentry);
4484         }
4485         if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) {
4486                 if (!(flags & RENAME_EXCHANGE))
4487                         d_move(old_dentry, new_dentry);
4488                 else
4489                         d_exchange(old_dentry, new_dentry);
4490         }
4491 out:
4492         if (!is_dir || (flags & RENAME_EXCHANGE))
4493                 unlock_two_nondirectories(source, target);
4494         else if (target)
4495                 inode_unlock(target);
4496         dput(new_dentry);
4497         if (!error) {
4498                 fsnotify_move(old_dir, new_dir, &old_name.name, is_dir,
4499                               !(flags & RENAME_EXCHANGE) ? target : NULL, old_dentry);
4500                 if (flags & RENAME_EXCHANGE) {
4501                         fsnotify_move(new_dir, old_dir, &old_dentry->d_name,
4502                                       new_is_dir, NULL, new_dentry);
4503                 }
4504         }
4505         release_dentry_name_snapshot(&old_name);
4506 
4507         return error;
4508 }
4509 EXPORT_SYMBOL(vfs_rename);
4510 
4511 static int do_renameat2(int olddfd, const char __user *oldname, int newdfd,
4512                         const char __user *newname, unsigned int flags)
4513 {
4514         struct dentry *old_dentry, *new_dentry;
4515         struct dentry *trap;
4516         struct path old_path, new_path;
4517         struct qstr old_last, new_last;
4518         int old_type, new_type;
4519         struct inode *delegated_inode = NULL;
4520         struct filename *from;
4521         struct filename *to;
4522         unsigned int lookup_flags = 0, target_flags = LOOKUP_RENAME_TARGET;
4523         bool should_retry = false;
4524         int error;
4525 
4526         if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
4527                 return -EINVAL;
4528 
4529         if ((flags & (RENAME_NOREPLACE | RENAME_WHITEOUT)) &&
4530             (flags & RENAME_EXCHANGE))
4531                 return -EINVAL;
4532 
4533         if ((flags & RENAME_WHITEOUT) && !capable(CAP_MKNOD))
4534                 return -EPERM;
4535 
4536         if (flags & RENAME_EXCHANGE)
4537                 target_flags = 0;
4538 
4539 retry:
4540         from = filename_parentat(olddfd, getname(oldname), lookup_flags,
4541                                 &old_path, &old_last, &old_type);
4542         if (IS_ERR(from)) {
4543                 error = PTR_ERR(from);
4544                 goto exit;
4545         }
4546 
4547         to = filename_parentat(newdfd, getname(newname), lookup_flags,
4548                                 &new_path, &new_last, &new_type);
4549         if (IS_ERR(to)) {
4550                 error = PTR_ERR(to);
4551                 goto exit1;
4552         }
4553 
4554         error = -EXDEV;
4555         if (old_path.mnt != new_path.mnt)
4556                 goto exit2;
4557 
4558         error = -EBUSY;
4559         if (old_type != LAST_NORM)
4560                 goto exit2;
4561 
4562         if (flags & RENAME_NOREPLACE)
4563                 error = -EEXIST;
4564         if (new_type != LAST_NORM)
4565                 goto exit2;
4566 
4567         error = mnt_want_write(old_path.mnt);
4568         if (error)
4569                 goto exit2;
4570 
4571 retry_deleg:
4572         trap = lock_rename(new_path.dentry, old_path.dentry);
4573 
4574         old_dentry = __lookup_hash(&old_last, old_path.dentry, lookup_flags);
4575         error = PTR_ERR(old_dentry);
4576         if (IS_ERR(old_dentry))
4577                 goto exit3;
4578         /* source must exist */
4579         error = -ENOENT;
4580         if (d_is_negative(old_dentry))
4581                 goto exit4;
4582         new_dentry = __lookup_hash(&new_last, new_path.dentry, lookup_flags | target_flags);
4583         error = PTR_ERR(new_dentry);
4584         if (IS_ERR(new_dentry))
4585                 goto exit4;
4586         error = -EEXIST;
4587         if ((flags & RENAME_NOREPLACE) && d_is_positive(new_dentry))
4588                 goto exit5;
4589         if (flags & RENAME_EXCHANGE) {
4590                 error = -ENOENT;
4591                 if (d_is_negative(new_dentry))
4592                         goto exit5;
4593 
4594                 if (!d_is_dir(new_dentry)) {
4595                         error = -ENOTDIR;
4596                         if (new_last.name[new_last.len])
4597                                 goto exit5;
4598                 }
4599         }
4600         /* unless the source is a directory trailing slashes give -ENOTDIR */
4601         if (!d_is_dir(old_dentry)) {
4602                 error = -ENOTDIR;
4603                 if (old_last.name[old_last.len])
4604                         goto exit5;
4605                 if (!(flags & RENAME_EXCHANGE) && new_last.name[new_last.len])
4606                         goto exit5;
4607         }
4608         /* source should not be ancestor of target */
4609         error = -EINVAL;
4610         if (old_dentry == trap)
4611                 goto exit5;
4612         /* target should not be an ancestor of source */
4613         if (!(flags & RENAME_EXCHANGE))
4614                 error = -ENOTEMPTY;
4615         if (new_dentry == trap)
4616                 goto exit5;
4617 
4618         error = security_path_rename(&old_path, old_dentry,
4619                                      &new_path, new_dentry, flags);
4620         if (error)
4621                 goto exit5;
4622         error = vfs_rename(old_path.dentry->d_inode, old_dentry,
4623                            new_path.dentry->d_inode, new_dentry,
4624                            &delegated_inode, flags);
4625 exit5:
4626         dput(new_dentry);
4627 exit4:
4628         dput(old_dentry);
4629 exit3:
4630         unlock_rename(new_path.dentry, old_path.dentry);
4631         if (delegated_inode) {
4632                 error = break_deleg_wait(&delegated_inode);
4633                 if (!error)
4634                         goto retry_deleg;
4635         }
4636         mnt_drop_write(old_path.mnt);
4637 exit2:
4638         if (retry_estale(error, lookup_flags))
4639                 should_retry = true;
4640         path_put(&new_path);
4641         putname(to);
4642 exit1:
4643         path_put(&old_path);
4644         putname(from);
4645         if (should_retry) {
4646                 should_retry = false;
4647                 lookup_flags |= LOOKUP_REVAL;
4648                 goto retry;
4649         }
4650 exit:
4651         return error;
4652 }
4653 
4654 SYSCALL_DEFINE5(renameat2, int, olddfd, const char __user *, oldname,
4655                 int, newdfd, const char __user *, newname, unsigned int, flags)
4656 {
4657         return do_renameat2(olddfd, oldname, newdfd, newname, flags);
4658 }
4659 
4660 SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
4661                 int, newdfd, const char __user *, newname)
4662 {
4663         return do_renameat2(olddfd, oldname, newdfd, newname, 0);
4664 }
4665 
4666 SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newname)
4667 {
4668         return do_renameat2(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
4669 }
4670 
4671 int vfs_whiteout(struct inode *dir, struct dentry *dentry)
4672 {
4673         int error = may_create(dir, dentry);
4674         if (error)
4675                 return error;
4676 
4677         if (!dir->i_op->mknod)
4678                 return -EPERM;
4679 
4680         return dir->i_op->mknod(dir, dentry,
4681                                 S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
4682 }
4683 EXPORT_SYMBOL(vfs_whiteout);
4684 
4685 int readlink_copy(char __user *buffer, int buflen, const char *link)
4686 {
4687         int len = PTR_ERR(link);
4688         if (IS_ERR(link))
4689                 goto out;
4690 
4691         len = strlen(link);
4692         if (len > (unsigned) buflen)
4693                 len = buflen;
4694         if (copy_to_user(buffer, link, len))
4695                 len = -EFAULT;
4696 out:
4697         return len;
4698 }
4699 
4700 /**
4701  * vfs_readlink - copy symlink body into userspace buffer
4702  * @dentry: dentry on which to get symbolic link
4703  * @buffer: user memory pointer
4704  * @buflen: size of buffer
4705  *
4706  * Does not touch atime.  That's up to the caller if necessary
4707  *
4708  * Does not call security hook.
4709  */
4710 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen)
4711 {
4712         struct inode *inode = d_inode(dentry);
4713         DEFINE_DELAYED_CALL(done);
4714         const char *link;
4715         int res;
4716 
4717         if (unlikely(!(inode->i_opflags & IOP_DEFAULT_READLINK))) {
4718                 if (unlikely(inode->i_op->readlink))
4719                         return inode->i_op->readlink(dentry, buffer, buflen);
4720 
4721                 if (!d_is_symlink(dentry))
4722                         return -EINVAL;
4723 
4724                 spin_lock(&inode->i_lock);
4725                 inode->i_opflags |= IOP_DEFAULT_READLINK;
4726                 spin_unlock(&inode->i_lock);
4727         }
4728 
4729         link = READ_ONCE(inode->i_link);
4730         if (!link) {
4731                 link = inode->i_op->get_link(dentry, inode, &done);
4732                 if (IS_ERR(link))
4733                         return PTR_ERR(link);
4734         }
4735         res = readlink_copy(buffer, buflen, link);
4736         do_delayed_call(&done);
4737         return res;
4738 }
4739 EXPORT_SYMBOL(vfs_readlink);
4740 
4741 /**
4742  * vfs_get_link - get symlink body
4743  * @dentry: dentry on which to get symbolic link
4744  * @done: caller needs to free returned data with this
4745  *
4746  * Calls security hook and i_op->get_link() on the supplied inode.
4747  *
4748  * It does not touch atime.  That's up to the caller if necessary.
4749  *
4750  * Does not work on "special" symlinks like /proc/$$/fd/N
4751  */
4752 const char *vfs_get_link(struct dentry *dentry, struct delayed_call *done)
4753 {
4754         const char *res = ERR_PTR(-EINVAL);
4755         struct inode *inode = d_inode(dentry);
4756 
4757         if (d_is_symlink(dentry)) {
4758                 res = ERR_PTR(security_inode_readlink(dentry));
4759                 if (!res)
4760                         res = inode->i_op->get_link(dentry, inode, done);
4761         }
4762         return res;
4763 }
4764 EXPORT_SYMBOL(vfs_get_link);
4765 
4766 /* get the link contents into pagecache */
4767 const char *page_get_link(struct dentry *dentry, struct inode *inode,
4768                           struct delayed_call *callback)
4769 {
4770         char *kaddr;
4771         struct page *page;
4772         struct address_space *mapping = inode->i_mapping;
4773 
4774         if (!dentry) {
4775                 page = find_get_page(mapping, 0);
4776                 if (!page)
4777                         return ERR_PTR(-ECHILD);
4778                 if (!PageUptodate(page)) {
4779                         put_page(page);
4780                         return ERR_PTR(-ECHILD);
4781                 }
4782         } else {
4783                 page = read_mapping_page(mapping, 0, NULL);
4784                 if (IS_ERR(page))
4785                         return (char*)page;
4786         }
4787         set_delayed_call(callback, page_put_link, page);
4788         BUG_ON(mapping_gfp_mask(mapping) & __GFP_HIGHMEM);
4789         kaddr = page_address(page);
4790         nd_terminate_link(kaddr, inode->i_size, PAGE_SIZE - 1);
4791         return kaddr;
4792 }
4793 
4794 EXPORT_SYMBOL(page_get_link);
4795 
4796 void page_put_link(void *arg)
4797 {
4798         put_page(arg);
4799 }
4800 EXPORT_SYMBOL(page_put_link);
4801 
4802 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
4803 {
4804         DEFINE_DELAYED_CALL(done);
4805         int res = readlink_copy(buffer, buflen,
4806                                 page_get_link(dentry, d_inode(dentry),
4807                                               &done));
4808         do_delayed_call(&done);
4809         return res;
4810 }
4811 EXPORT_SYMBOL(page_readlink);
4812 
4813 /*
4814  * The nofs argument instructs pagecache_write_begin to pass AOP_FLAG_NOFS
4815  */
4816 int __page_symlink(struct inode *inode, const char *symname, int len, int nofs)
4817 {
4818         struct address_space *mapping = inode->i_mapping;
4819         struct page *page;
4820         void *fsdata;
4821         int err;
4822         unsigned int flags = 0;
4823         if (nofs)
4824                 flags |= AOP_FLAG_NOFS;
4825 
4826 retry:
4827         err = pagecache_write_begin(NULL, mapping, 0, len-1,
4828                                 flags, &page, &fsdata);
4829         if (err)
4830                 goto fail;
4831 
4832         memcpy(page_address(page), symname, len-1);
4833 
4834         err = pagecache_write_end(NULL, mapping, 0, len-1, len-1,
4835                                                         page, fsdata);
4836         if (err < 0)
4837                 goto fail;
4838         if (err < len-1)
4839                 goto retry;
4840 
4841         mark_inode_dirty(inode);
4842         return 0;
4843 fail:
4844         return err;
4845 }
4846 EXPORT_SYMBOL(__page_symlink);
4847 
4848 int page_symlink(struct inode *inode, const char *symname, int len)
4849 {
4850         return __page_symlink(inode, symname, len,
4851                         !mapping_gfp_constraint(inode->i_mapping, __GFP_FS));
4852 }
4853 EXPORT_SYMBOL(page_symlink);
4854 
4855 const struct inode_operations page_symlink_inode_operations = {
4856         .get_link       = page_get_link,
4857 };
4858 EXPORT_SYMBOL(page_symlink_inode_operations);

/* [<][>][^][v][top][bottom][index][help] */