1 /* 2 * linux/fs/namei.c 3 * 4 * Copyright (C) 1991, 1992 Linus Torvalds 5 */ 6 7 /* 8 * Some corrections by tytso. 9 */ 10 11 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname 12 * lookup logic. 13 */ 14 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture. 15 */ 16 17 #include <linux/init.h> 18 #include <linux/module.h> 19 #include <linux/slab.h> 20 #include <linux/fs.h> 21 #include <linux/namei.h> 22 #include <linux/quotaops.h> 23 #include <linux/pagemap.h> 24 #include <linux/fsnotify.h> 25 #include <linux/smp_lock.h> 26 #include <linux/personality.h> 27 #include <linux/security.h> 28 #include <linux/syscalls.h> 29 #include <linux/mount.h> 30 #include <linux/audit.h> 31 #include <linux/file.h> 32 #include <asm/namei.h> 33 #include <asm/uaccess.h> 34 35 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) 36 37 /* [Feb-1997 T. Schoebel-Theuer] 38 * Fundamental changes in the pathname lookup mechanisms (namei) 39 * were necessary because of omirr. The reason is that omirr needs 40 * to know the _real_ pathname, not the user-supplied one, in case 41 * of symlinks (and also when transname replacements occur). 42 * 43 * The new code replaces the old recursive symlink resolution with 44 * an iterative one (in case of non-nested symlink chains). It does 45 * this with calls to <fs>_follow_link(). 46 * As a side effect, dir_namei(), _namei() and follow_link() are now 47 * replaced with a single function lookup_dentry() that can handle all 48 * the special cases of the former code. 49 * 50 * With the new dcache, the pathname is stored at each inode, at least as 51 * long as the refcount of the inode is positive. As a side effect, the 52 * size of the dcache depends on the inode cache and thus is dynamic. 53 * 54 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink 55 * resolution to correspond with current state of the code. 56 * 57 * Note that the symlink resolution is not *completely* iterative. 58 * There is still a significant amount of tail- and mid- recursion in 59 * the algorithm. Also, note that <fs>_readlink() is not used in 60 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink() 61 * may return different results than <fs>_follow_link(). Many virtual 62 * filesystems (including /proc) exhibit this behavior. 63 */ 64 65 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation: 66 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL 67 * and the name already exists in form of a symlink, try to create the new 68 * name indicated by the symlink. The old code always complained that the 69 * name already exists, due to not following the symlink even if its target 70 * is nonexistent. The new semantics affects also mknod() and link() when 71 * the name is a symlink pointing to a non-existant name. 72 * 73 * I don't know which semantics is the right one, since I have no access 74 * to standards. But I found by trial that HP-UX 9.0 has the full "new" 75 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the 76 * "old" one. Personally, I think the new semantics is much more logical. 77 * Note that "ln old new" where "new" is a symlink pointing to a non-existing 78 * file does succeed in both HP-UX and SunOs, but not in Solaris 79 * and in the old Linux semantics. 80 */ 81 82 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink 83 * semantics. See the comments in "open_namei" and "do_link" below. 84 * 85 * [10-Sep-98 Alan Modra] Another symlink change. 86 */ 87 88 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks: 89 * inside the path - always follow. 90 * in the last component in creation/removal/renaming - never follow. 91 * if LOOKUP_FOLLOW passed - follow. 92 * if the pathname has trailing slashes - follow. 93 * otherwise - don't follow. 94 * (applied in that order). 95 * 96 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT 97 * restored for 2.4. This is the last surviving part of old 4.2BSD bug. 98 * During the 2.4 we need to fix the userland stuff depending on it - 99 * hopefully we will be able to get rid of that wart in 2.5. So far only 100 * XEmacs seems to be relying on it... 101 */ 102 /* 103 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland) 104 * implemented. Let's see if raised priority of ->s_vfs_rename_sem gives 105 * any extra contention... 106 */ 107 108 /* In order to reduce some races, while at the same time doing additional 109 * checking and hopefully speeding things up, we copy filenames to the 110 * kernel data space before using them.. 111 * 112 * POSIX.1 2.4: an empty pathname is invalid (ENOENT). 113 * PATH_MAX includes the nul terminator --RR. 114 */ 115 static inline int do_getname(const char __user *filename, char *page) 116 { 117 int retval; 118 unsigned long len = PATH_MAX; 119 120 if (!segment_eq(get_fs(), KERNEL_DS)) { 121 if ((unsigned long) filename >= TASK_SIZE) 122 return -EFAULT; 123 if (TASK_SIZE - (unsigned long) filename < PATH_MAX) 124 len = TASK_SIZE - (unsigned long) filename; 125 } 126 127 retval = strncpy_from_user(page, filename, len); 128 if (retval > 0) { 129 if (retval < len) 130 return 0; 131 return -ENAMETOOLONG; 132 } else if (!retval) 133 retval = -ENOENT; 134 return retval; 135 } 136 137 char * getname(const char __user * filename) 138 { 139 char *tmp, *result; 140 141 result = ERR_PTR(-ENOMEM); 142 tmp = __getname(); 143 if (tmp) { 144 int retval = do_getname(filename, tmp); 145 146 result = tmp; 147 if (retval < 0) { 148 __putname(tmp); 149 result = ERR_PTR(retval); 150 } 151 } 152 audit_getname(result); 153 return result; 154 } 155 156 #ifdef CONFIG_AUDITSYSCALL 157 void putname(const char *name) 158 { 159 if (unlikely(current->audit_context)) 160 audit_putname(name); 161 else 162 __putname(name); 163 } 164 EXPORT_SYMBOL(putname); 165 #endif 166 167 168 /** 169 * generic_permission - check for access rights on a Posix-like filesystem 170 * @inode: inode to check access rights for 171 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) 172 * @check_acl: optional callback to check for Posix ACLs 173 * 174 * Used to check for read/write/execute permissions on a file. 175 * We use "fsuid" for this, letting us set arbitrary permissions 176 * for filesystem access without changing the "normal" uids which 177 * are used for other things.. 178 */ 179 int generic_permission(struct inode *inode, int mask, 180 int (*check_acl)(struct inode *inode, int mask)) 181 { 182 umode_t mode = inode->i_mode; 183 184 if (current->fsuid == inode->i_uid) 185 mode >>= 6; 186 else { 187 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) { 188 int error = check_acl(inode, mask); 189 if (error == -EACCES) 190 goto check_capabilities; 191 else if (error != -EAGAIN) 192 return error; 193 } 194 195 if (in_group_p(inode->i_gid)) 196 mode >>= 3; 197 } 198 199 /* 200 * If the DACs are ok we don't need any capability check. 201 */ 202 if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask)) 203 return 0; 204 205 check_capabilities: 206 /* 207 * Read/write DACs are always overridable. 208 * Executable DACs are overridable if at least one exec bit is set. 209 */ 210 if (!(mask & MAY_EXEC) || 211 (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode)) 212 if (capable(CAP_DAC_OVERRIDE)) 213 return 0; 214 215 /* 216 * Searching includes executable on directories, else just read. 217 */ 218 if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) 219 if (capable(CAP_DAC_READ_SEARCH)) 220 return 0; 221 222 return -EACCES; 223 } 224 225 int permission(struct inode *inode, int mask, struct nameidata *nd) 226 { 227 int retval, submask; 228 229 if (mask & MAY_WRITE) { 230 umode_t mode = inode->i_mode; 231 232 /* 233 * Nobody gets write access to a read-only fs. 234 */ 235 if (IS_RDONLY(inode) && 236 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) 237 return -EROFS; 238 239 /* 240 * Nobody gets write access to an immutable file. 241 */ 242 if (IS_IMMUTABLE(inode)) 243 return -EACCES; 244 } 245 246 247 /* Ordinary permission routines do not understand MAY_APPEND. */ 248 submask = mask & ~MAY_APPEND; 249 if (inode->i_op && inode->i_op->permission) 250 retval = inode->i_op->permission(inode, submask, nd); 251 else 252 retval = generic_permission(inode, submask, NULL); 253 if (retval) 254 return retval; 255 256 return security_inode_permission(inode, mask, nd); 257 } 258 259 /** 260 * vfs_permission - check for access rights to a given path 261 * @nd: lookup result that describes the path 262 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) 263 * 264 * Used to check for read/write/execute permissions on a path. 265 * We use "fsuid" for this, letting us set arbitrary permissions 266 * for filesystem access without changing the "normal" uids which 267 * are used for other things. 268 */ 269 int vfs_permission(struct nameidata *nd, int mask) 270 { 271 return permission(nd->dentry->d_inode, mask, nd); 272 } 273 274 /** 275 * file_permission - check for additional access rights to a given file 276 * @file: file to check access rights for 277 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) 278 * 279 * Used to check for read/write/execute permissions on an already opened 280 * file. 281 * 282 * Note: 283 * Do not use this function in new code. All access checks should 284 * be done using vfs_permission(). 285 */ 286 int file_permission(struct file *file, int mask) 287 { 288 return permission(file->f_dentry->d_inode, mask, NULL); 289 } 290 291 /* 292 * get_write_access() gets write permission for a file. 293 * put_write_access() releases this write permission. 294 * This is used for regular files. 295 * We cannot support write (and maybe mmap read-write shared) accesses and 296 * MAP_DENYWRITE mmappings simultaneously. The i_writecount field of an inode 297 * can have the following values: 298 * 0: no writers, no VM_DENYWRITE mappings 299 * < 0: (-i_writecount) vm_area_structs with VM_DENYWRITE set exist 300 * > 0: (i_writecount) users are writing to the file. 301 * 302 * Normally we operate on that counter with atomic_{inc,dec} and it's safe 303 * except for the cases where we don't hold i_writecount yet. Then we need to 304 * use {get,deny}_write_access() - these functions check the sign and refuse 305 * to do the change if sign is wrong. Exclusion between them is provided by 306 * the inode->i_lock spinlock. 307 */ 308 309 int get_write_access(struct inode * inode) 310 { 311 spin_lock(&inode->i_lock); 312 if (atomic_read(&inode->i_writecount) < 0) { 313 spin_unlock(&inode->i_lock); 314 return -ETXTBSY; 315 } 316 atomic_inc(&inode->i_writecount); 317 spin_unlock(&inode->i_lock); 318 319 return 0; 320 } 321 322 int deny_write_access(struct file * file) 323 { 324 struct inode *inode = file->f_dentry->d_inode; 325 326 spin_lock(&inode->i_lock); 327 if (atomic_read(&inode->i_writecount) > 0) { 328 spin_unlock(&inode->i_lock); 329 return -ETXTBSY; 330 } 331 atomic_dec(&inode->i_writecount); 332 spin_unlock(&inode->i_lock); 333 334 return 0; 335 } 336 337 void path_release(struct nameidata *nd) 338 { 339 dput(nd->dentry); 340 mntput(nd->mnt); 341 } 342 343 /* 344 * umount() mustn't call path_release()/mntput() as that would clear 345 * mnt_expiry_mark 346 */ 347 void path_release_on_umount(struct nameidata *nd) 348 { 349 dput(nd->dentry); 350 mntput_no_expire(nd->mnt); 351 } 352 353 /** 354 * release_open_intent - free up open intent resources 355 * @nd: pointer to nameidata 356 */ 357 void release_open_intent(struct nameidata *nd) 358 { 359 if (nd->intent.open.file->f_dentry == NULL) 360 put_filp(nd->intent.open.file); 361 else 362 fput(nd->intent.open.file); 363 } 364 365 /* 366 * Internal lookup() using the new generic dcache. 367 * SMP-safe 368 */ 369 static struct dentry * cached_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd) 370 { 371 struct dentry * dentry = __d_lookup(parent, name); 372 373 /* lockess __d_lookup may fail due to concurrent d_move() 374 * in some unrelated directory, so try with d_lookup 375 */ 376 if (!dentry) 377 dentry = d_lookup(parent, name); 378 379 if (dentry && dentry->d_op && dentry->d_op->d_revalidate) { 380 if (!dentry->d_op->d_revalidate(dentry, nd) && !d_invalidate(dentry)) { 381 dput(dentry); 382 dentry = NULL; 383 } 384 } 385 return dentry; 386 } 387 388 /* 389 * Short-cut version of permission(), for calling by 390 * path_walk(), when dcache lock is held. Combines parts 391 * of permission() and generic_permission(), and tests ONLY for 392 * MAY_EXEC permission. 393 * 394 * If appropriate, check DAC only. If not appropriate, or 395 * short-cut DAC fails, then call permission() to do more 396 * complete permission check. 397 */ 398 static inline int exec_permission_lite(struct inode *inode, 399 struct nameidata *nd) 400 { 401 umode_t mode = inode->i_mode; 402 403 if (inode->i_op && inode->i_op->permission) 404 return -EAGAIN; 405 406 if (current->fsuid == inode->i_uid) 407 mode >>= 6; 408 else if (in_group_p(inode->i_gid)) 409 mode >>= 3; 410 411 if (mode & MAY_EXEC) 412 goto ok; 413 414 if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE)) 415 goto ok; 416 417 if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_OVERRIDE)) 418 goto ok; 419 420 if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH)) 421 goto ok; 422 423 return -EACCES; 424 ok: 425 return security_inode_permission(inode, MAY_EXEC, nd); 426 } 427 428 /* 429 * This is called when everything else fails, and we actually have 430 * to go to the low-level filesystem to find out what we should do.. 431 * 432 * We get the directory semaphore, and after getting that we also 433 * make sure that nobody added the entry to the dcache in the meantime.. 434 * SMP-safe 435 */ 436 static struct dentry * real_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd) 437 { 438 struct dentry * result; 439 struct inode *dir = parent->d_inode; 440 441 down(&dir->i_sem); 442 /* 443 * First re-do the cached lookup just in case it was created 444 * while we waited for the directory semaphore.. 445 * 446 * FIXME! This could use version numbering or similar to 447 * avoid unnecessary cache lookups. 448 * 449 * The "dcache_lock" is purely to protect the RCU list walker 450 * from concurrent renames at this point (we mustn't get false 451 * negatives from the RCU list walk here, unlike the optimistic 452 * fast walk). 453 * 454 * so doing d_lookup() (with seqlock), instead of lockfree __d_lookup 455 */ 456 result = d_lookup(parent, name); 457 if (!result) { 458 struct dentry * dentry = d_alloc(parent, name); 459 result = ERR_PTR(-ENOMEM); 460 if (dentry) { 461 result = dir->i_op->lookup(dir, dentry, nd); 462 if (result) 463 dput(dentry); 464 else 465 result = dentry; 466 } 467 up(&dir->i_sem); 468 return result; 469 } 470 471 /* 472 * Uhhuh! Nasty case: the cache was re-populated while 473 * we waited on the semaphore. Need to revalidate. 474 */ 475 up(&dir->i_sem); 476 if (result->d_op && result->d_op->d_revalidate) { 477 if (!result->d_op->d_revalidate(result, nd) && !d_invalidate(result)) { 478 dput(result); 479 result = ERR_PTR(-ENOENT); 480 } 481 } 482 return result; 483 } 484 485 static int __emul_lookup_dentry(const char *, struct nameidata *); 486 487 /* SMP-safe */ 488 static inline int 489 walk_init_root(const char *name, struct nameidata *nd) 490 { 491 read_lock(¤t->fs->lock); 492 if (current->fs->altroot && !(nd->flags & LOOKUP_NOALT)) { 493 nd->mnt = mntget(current->fs->altrootmnt); 494 nd->dentry = dget(current->fs->altroot); 495 read_unlock(¤t->fs->lock); 496 if (__emul_lookup_dentry(name,nd)) 497 return 0; 498 read_lock(¤t->fs->lock); 499 } 500 nd->mnt = mntget(current->fs->rootmnt); 501 nd->dentry = dget(current->fs->root); 502 read_unlock(¤t->fs->lock); 503 return 1; 504 } 505 506 static inline int __vfs_follow_link(struct nameidata *nd, const char *link) 507 { 508 int res = 0; 509 char *name; 510 if (IS_ERR(link)) 511 goto fail; 512 513 if (*link == '/') { 514 path_release(nd); 515 if (!walk_init_root(link, nd)) 516 /* weird __emul_prefix() stuff did it */ 517 goto out; 518 } 519 res = link_path_walk(link, nd); 520 out: 521 if (nd->depth || res || nd->last_type!=LAST_NORM) 522 return res; 523 /* 524 * If it is an iterative symlinks resolution in open_namei() we 525 * have to copy the last component. And all that crap because of 526 * bloody create() on broken symlinks. Furrfu... 527 */ 528 name = __getname(); 529 if (unlikely(!name)) { 530 path_release(nd); 531 return -ENOMEM; 532 } 533 strcpy(name, nd->last.name); 534 nd->last.name = name; 535 return 0; 536 fail: 537 path_release(nd); 538 return PTR_ERR(link); 539 } 540 541 struct path { 542 struct vfsmount *mnt; 543 struct dentry *dentry; 544 }; 545 546 static inline int __do_follow_link(struct path *path, struct nameidata *nd) 547 { 548 int error; 549 void *cookie; 550 struct dentry *dentry = path->dentry; 551 552 touch_atime(path->mnt, dentry); 553 nd_set_link(nd, NULL); 554 555 if (path->mnt == nd->mnt) 556 mntget(path->mnt); 557 cookie = dentry->d_inode->i_op->follow_link(dentry, nd); 558 error = PTR_ERR(cookie); 559 if (!IS_ERR(cookie)) { 560 char *s = nd_get_link(nd); 561 error = 0; 562 if (s) 563 error = __vfs_follow_link(nd, s); 564 if (dentry->d_inode->i_op->put_link) 565 dentry->d_inode->i_op->put_link(dentry, nd, cookie); 566 } 567 dput(dentry); 568 mntput(path->mnt); 569 570 return error; 571 } 572 573 static inline void dput_path(struct path *path, struct nameidata *nd) 574 { 575 dput(path->dentry); 576 if (path->mnt != nd->mnt) 577 mntput(path->mnt); 578 } 579 580 static inline void path_to_nameidata(struct path *path, struct nameidata *nd) 581 { 582 dput(nd->dentry); 583 if (nd->mnt != path->mnt) 584 mntput(nd->mnt); 585 nd->mnt = path->mnt; 586 nd->dentry = path->dentry; 587 } 588 589 /* 590 * This limits recursive symlink follows to 8, while 591 * limiting consecutive symlinks to 40. 592 * 593 * Without that kind of total limit, nasty chains of consecutive 594 * symlinks can cause almost arbitrarily long lookups. 595 */ 596 static inline int do_follow_link(struct path *path, struct nameidata *nd) 597 { 598 int err = -ELOOP; 599 if (current->link_count >= MAX_NESTED_LINKS) 600 goto loop; 601 if (current->total_link_count >= 40) 602 goto loop; 603 BUG_ON(nd->depth >= MAX_NESTED_LINKS); 604 cond_resched(); 605 err = security_inode_follow_link(path->dentry, nd); 606 if (err) 607 goto loop; 608 current->link_count++; 609 current->total_link_count++; 610 nd->depth++; 611 err = __do_follow_link(path, nd); 612 current->link_count--; 613 nd->depth--; 614 return err; 615 loop: 616 dput_path(path, nd); 617 path_release(nd); 618 return err; 619 } 620 621 int follow_up(struct vfsmount **mnt, struct dentry **dentry) 622 { 623 struct vfsmount *parent; 624 struct dentry *mountpoint; 625 spin_lock(&vfsmount_lock); 626 parent=(*mnt)->mnt_parent; 627 if (parent == *mnt) { 628 spin_unlock(&vfsmount_lock); 629 return 0; 630 } 631 mntget(parent); 632 mountpoint=dget((*mnt)->mnt_mountpoint); 633 spin_unlock(&vfsmount_lock); 634 dput(*dentry); 635 *dentry = mountpoint; 636 mntput(*mnt); 637 *mnt = parent; 638 return 1; 639 } 640 641 /* no need for dcache_lock, as serialization is taken care in 642 * namespace.c 643 */ 644 static int __follow_mount(struct path *path) 645 { 646 int res = 0; 647 while (d_mountpoint(path->dentry)) { 648 struct vfsmount *mounted = lookup_mnt(path->mnt, path->dentry); 649 if (!mounted) 650 break; 651 dput(path->dentry); 652 if (res) 653 mntput(path->mnt); 654 path->mnt = mounted; 655 path->dentry = dget(mounted->mnt_root); 656 res = 1; 657 } 658 return res; 659 } 660 661 static void follow_mount(struct vfsmount **mnt, struct dentry **dentry) 662 { 663 while (d_mountpoint(*dentry)) { 664 struct vfsmount *mounted = lookup_mnt(*mnt, *dentry); 665 if (!mounted) 666 break; 667 dput(*dentry); 668 mntput(*mnt); 669 *mnt = mounted; 670 *dentry = dget(mounted->mnt_root); 671 } 672 } 673 674 /* no need for dcache_lock, as serialization is taken care in 675 * namespace.c 676 */ 677 int follow_down(struct vfsmount **mnt, struct dentry **dentry) 678 { 679 struct vfsmount *mounted; 680 681 mounted = lookup_mnt(*mnt, *dentry); 682 if (mounted) { 683 dput(*dentry); 684 mntput(*mnt); 685 *mnt = mounted; 686 *dentry = dget(mounted->mnt_root); 687 return 1; 688 } 689 return 0; 690 } 691 692 static inline void follow_dotdot(struct nameidata *nd) 693 { 694 while(1) { 695 struct vfsmount *parent; 696 struct dentry *old = nd->dentry; 697 698 read_lock(¤t->fs->lock); 699 if (nd->dentry == current->fs->root && 700 nd->mnt == current->fs->rootmnt) { 701 read_unlock(¤t->fs->lock); 702 break; 703 } 704 read_unlock(¤t->fs->lock); 705 spin_lock(&dcache_lock); 706 if (nd->dentry != nd->mnt->mnt_root) { 707 nd->dentry = dget(nd->dentry->d_parent); 708 spin_unlock(&dcache_lock); 709 dput(old); 710 break; 711 } 712 spin_unlock(&dcache_lock); 713 spin_lock(&vfsmount_lock); 714 parent = nd->mnt->mnt_parent; 715 if (parent == nd->mnt) { 716 spin_unlock(&vfsmount_lock); 717 break; 718 } 719 mntget(parent); 720 nd->dentry = dget(nd->mnt->mnt_mountpoint); 721 spin_unlock(&vfsmount_lock); 722 dput(old); 723 mntput(nd->mnt); 724 nd->mnt = parent; 725 } 726 follow_mount(&nd->mnt, &nd->dentry); 727 } 728 729 /* 730 * It's more convoluted than I'd like it to be, but... it's still fairly 731 * small and for now I'd prefer to have fast path as straight as possible. 732 * It _is_ time-critical. 733 */ 734 static int do_lookup(struct nameidata *nd, struct qstr *name, 735 struct path *path) 736 { 737 struct vfsmount *mnt = nd->mnt; 738 struct dentry *dentry = __d_lookup(nd->dentry, name); 739 740 if (!dentry) 741 goto need_lookup; 742 if (dentry->d_op && dentry->d_op->d_revalidate) 743 goto need_revalidate; 744 done: 745 path->mnt = mnt; 746 path->dentry = dentry; 747 __follow_mount(path); 748 return 0; 749 750 need_lookup: 751 dentry = real_lookup(nd->dentry, name, nd); 752 if (IS_ERR(dentry)) 753 goto fail; 754 goto done; 755 756 need_revalidate: 757 if (dentry->d_op->d_revalidate(dentry, nd)) 758 goto done; 759 if (d_invalidate(dentry)) 760 goto done; 761 dput(dentry); 762 goto need_lookup; 763 764 fail: 765 return PTR_ERR(dentry); 766 } 767 768 /* 769 * Name resolution. 770 * This is the basic name resolution function, turning a pathname into 771 * the final dentry. We expect 'base' to be positive and a directory. 772 * 773 * Returns 0 and nd will have valid dentry and mnt on success. 774 * Returns error and drops reference to input namei data on failure. 775 */ 776 static fastcall int __link_path_walk(const char * name, struct nameidata *nd) 777 { 778 struct path next; 779 struct inode *inode; 780 int err; 781 unsigned int lookup_flags = nd->flags; 782 783 while (*name=='/') 784 name++; 785 if (!*name) 786 goto return_reval; 787 788 inode = nd->dentry->d_inode; 789 if (nd->depth) 790 lookup_flags = LOOKUP_FOLLOW; 791 792 /* At this point we know we have a real path component. */ 793 for(;;) { 794 unsigned long hash; 795 struct qstr this; 796 unsigned int c; 797 798 nd->flags |= LOOKUP_CONTINUE; 799 err = exec_permission_lite(inode, nd); 800 if (err == -EAGAIN) 801 err = vfs_permission(nd, MAY_EXEC); 802 if (err) 803 break; 804 805 this.name = name; 806 c = *(const unsigned char *)name; 807 808 hash = init_name_hash(); 809 do { 810 name++; 811 hash = partial_name_hash(c, hash); 812 c = *(const unsigned char *)name; 813 } while (c && (c != '/')); 814 this.len = name - (const char *) this.name; 815 this.hash = end_name_hash(hash); 816 817 /* remove trailing slashes? */ 818 if (!c) 819 goto last_component; 820 while (*++name == '/'); 821 if (!*name) 822 goto last_with_slashes; 823 824 /* 825 * "." and ".." are special - ".." especially so because it has 826 * to be able to know about the current root directory and 827 * parent relationships. 828 */ 829 if (this.name[0] == '.') switch (this.len) { 830 default: 831 break; 832 case 2: 833 if (this.name[1] != '.') 834 break; 835 follow_dotdot(nd); 836 inode = nd->dentry->d_inode; 837 /* fallthrough */ 838 case 1: 839 continue; 840 } 841 /* 842 * See if the low-level filesystem might want 843 * to use its own hash.. 844 */ 845 if (nd->dentry->d_op && nd->dentry->d_op->d_hash) { 846 err = nd->dentry->d_op->d_hash(nd->dentry, &this); 847 if (err < 0) 848 break; 849 } 850 /* This does the actual lookups.. */ 851 err = do_lookup(nd, &this, &next); 852 if (err) 853 break; 854 855 err = -ENOENT; 856 inode = next.dentry->d_inode; 857 if (!inode) 858 goto out_dput; 859 err = -ENOTDIR; 860 if (!inode->i_op) 861 goto out_dput; 862 863 if (inode->i_op->follow_link) { 864 err = do_follow_link(&next, nd); 865 if (err) 866 goto return_err; 867 err = -ENOENT; 868 inode = nd->dentry->d_inode; 869 if (!inode) 870 break; 871 err = -ENOTDIR; 872 if (!inode->i_op) 873 break; 874 } else 875 path_to_nameidata(&next, nd); 876 err = -ENOTDIR; 877 if (!inode->i_op->lookup) 878 break; 879 continue; 880 /* here ends the main loop */ 881 882 last_with_slashes: 883 lookup_flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY; 884 last_component: 885 nd->flags &= ~LOOKUP_CONTINUE; 886 if (lookup_flags & LOOKUP_PARENT) 887 goto lookup_parent; 888 if (this.name[0] == '.') switch (this.len) { 889 default: 890 break; 891 case 2: 892 if (this.name[1] != '.') 893 break; 894 follow_dotdot(nd); 895 inode = nd->dentry->d_inode; 896 /* fallthrough */ 897 case 1: 898 goto return_reval; 899 } 900 if (nd->dentry->d_op && nd->dentry->d_op->d_hash) { 901 err = nd->dentry->d_op->d_hash(nd->dentry, &this); 902 if (err < 0) 903 break; 904 } 905 err = do_lookup(nd, &this, &next); 906 if (err) 907 break; 908 inode = next.dentry->d_inode; 909 if ((lookup_flags & LOOKUP_FOLLOW) 910 && inode && inode->i_op && inode->i_op->follow_link) { 911 err = do_follow_link(&next, nd); 912 if (err) 913 goto return_err; 914 inode = nd->dentry->d_inode; 915 } else 916 path_to_nameidata(&next, nd); 917 err = -ENOENT; 918 if (!inode) 919 break; 920 if (lookup_flags & LOOKUP_DIRECTORY) { 921 err = -ENOTDIR; 922 if (!inode->i_op || !inode->i_op->lookup) 923 break; 924 } 925 goto return_base; 926 lookup_parent: 927 nd->last = this; 928 nd->last_type = LAST_NORM; 929 if (this.name[0] != '.') 930 goto return_base; 931 if (this.len == 1) 932 nd->last_type = LAST_DOT; 933 else if (this.len == 2 && this.name[1] == '.') 934 nd->last_type = LAST_DOTDOT; 935 else 936 goto return_base; 937 return_reval: 938 /* 939 * We bypassed the ordinary revalidation routines. 940 * We may need to check the cached dentry for staleness. 941 */ 942 if (nd->dentry && nd->dentry->d_sb && 943 (nd->dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)) { 944 err = -ESTALE; 945 /* Note: we do not d_invalidate() */ 946 if (!nd->dentry->d_op->d_revalidate(nd->dentry, nd)) 947 break; 948 } 949 return_base: 950 return 0; 951 out_dput: 952 dput_path(&next, nd); 953 break; 954 } 955 path_release(nd); 956 return_err: 957 return err; 958 } 959 960 /* 961 * Wrapper to retry pathname resolution whenever the underlying 962 * file system returns an ESTALE. 963 * 964 * Retry the whole path once, forcing real lookup requests 965 * instead of relying on the dcache. 966 */ 967 int fastcall link_path_walk(const char *name, struct nameidata *nd) 968 { 969 struct nameidata save = *nd; 970 int result; 971 972 /* make sure the stuff we saved doesn't go away */ 973 dget(save.dentry); 974 mntget(save.mnt); 975 976 result = __link_path_walk(name, nd); 977 if (result == -ESTALE) { 978 *nd = save; 979 dget(nd->dentry); 980 mntget(nd->mnt); 981 nd->flags |= LOOKUP_REVAL; 982 result = __link_path_walk(name, nd); 983 } 984 985 dput(save.dentry); 986 mntput(save.mnt); 987 988 return result; 989 } 990 991 int fastcall path_walk(const char * name, struct nameidata *nd) 992 { 993 current->total_link_count = 0; 994 return link_path_walk(name, nd); 995 } 996 997 /* 998 * SMP-safe: Returns 1 and nd will have valid dentry and mnt, if 999 * everything is done. Returns 0 and drops input nd, if lookup failed; 1000 */ 1001 static int __emul_lookup_dentry(const char *name, struct nameidata *nd) 1002 { 1003 if (path_walk(name, nd)) 1004 return 0; /* something went wrong... */ 1005 1006 if (!nd->dentry->d_inode || S_ISDIR(nd->dentry->d_inode->i_mode)) { 1007 struct dentry *old_dentry = nd->dentry; 1008 struct vfsmount *old_mnt = nd->mnt; 1009 struct qstr last = nd->last; 1010 int last_type = nd->last_type; 1011 /* 1012 * NAME was not found in alternate root or it's a directory. Try to find 1013 * it in the normal root: 1014 */ 1015 nd->last_type = LAST_ROOT; 1016 read_lock(¤t->fs->lock); 1017 nd->mnt = mntget(current->fs->rootmnt); 1018 nd->dentry = dget(current->fs->root); 1019 read_unlock(¤t->fs->lock); 1020 if (path_walk(name, nd) == 0) { 1021 if (nd->dentry->d_inode) { 1022 dput(old_dentry); 1023 mntput(old_mnt); 1024 return 1; 1025 } 1026 path_release(nd); 1027 } 1028 nd->dentry = old_dentry; 1029 nd->mnt = old_mnt; 1030 nd->last = last; 1031 nd->last_type = last_type; 1032 } 1033 return 1; 1034 } 1035 1036 void set_fs_altroot(void) 1037 { 1038 char *emul = __emul_prefix(); 1039 struct nameidata nd; 1040 struct vfsmount *mnt = NULL, *oldmnt; 1041 struct dentry *dentry = NULL, *olddentry; 1042 int err; 1043 1044 if (!emul) 1045 goto set_it; 1046 err = path_lookup(emul, LOOKUP_FOLLOW|LOOKUP_DIRECTORY|LOOKUP_NOALT, &nd); 1047 if (!err) { 1048 mnt = nd.mnt; 1049 dentry = nd.dentry; 1050 } 1051 set_it: 1052 write_lock(¤t->fs->lock); 1053 oldmnt = current->fs->altrootmnt; 1054 olddentry = current->fs->altroot; 1055 current->fs->altrootmnt = mnt; 1056 current->fs->altroot = dentry; 1057 write_unlock(¤t->fs->lock); 1058 if (olddentry) { 1059 dput(olddentry); 1060 mntput(oldmnt); 1061 } 1062 } 1063 1064 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */ 1065 int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata *nd) 1066 { 1067 int retval = 0; 1068 1069 nd->last_type = LAST_ROOT; /* if there are only slashes... */ 1070 nd->flags = flags; 1071 nd->depth = 0; 1072 1073 read_lock(¤t->fs->lock); 1074 if (*name=='/') { 1075 if (current->fs->altroot && !(nd->flags & LOOKUP_NOALT)) { 1076 nd->mnt = mntget(current->fs->altrootmnt); 1077 nd->dentry = dget(current->fs->altroot); 1078 read_unlock(¤t->fs->lock); 1079 if (__emul_lookup_dentry(name,nd)) 1080 goto out; /* found in altroot */ 1081 read_lock(¤t->fs->lock); 1082 } 1083 nd->mnt = mntget(current->fs->rootmnt); 1084 nd->dentry = dget(current->fs->root); 1085 } else { 1086 nd->mnt = mntget(current->fs->pwdmnt); 1087 nd->dentry = dget(current->fs->pwd); 1088 } 1089 read_unlock(¤t->fs->lock); 1090 current->total_link_count = 0; 1091 retval = link_path_walk(name, nd); 1092 out: 1093 if (unlikely(current->audit_context 1094 && nd && nd->dentry && nd->dentry->d_inode)) 1095 audit_inode(name, nd->dentry->d_inode, flags); 1096 return retval; 1097 } 1098 1099 static int __path_lookup_intent_open(const char *name, unsigned int lookup_flags, 1100 struct nameidata *nd, int open_flags, int create_mode) 1101 { 1102 struct file *filp = get_empty_filp(); 1103 int err; 1104 1105 if (filp == NULL) 1106 return -ENFILE; 1107 nd->intent.open.file = filp; 1108 nd->intent.open.flags = open_flags; 1109 nd->intent.open.create_mode = create_mode; 1110 err = path_lookup(name, lookup_flags|LOOKUP_OPEN, nd); 1111 if (IS_ERR(nd->intent.open.file)) { 1112 if (err == 0) { 1113 err = PTR_ERR(nd->intent.open.file); 1114 path_release(nd); 1115 } 1116 } else if (err != 0) 1117 release_open_intent(nd); 1118 return err; 1119 } 1120 1121 /** 1122 * path_lookup_open - lookup a file path with open intent 1123 * @name: pointer to file name 1124 * @lookup_flags: lookup intent flags 1125 * @nd: pointer to nameidata 1126 * @open_flags: open intent flags 1127 */ 1128 int path_lookup_open(const char *name, unsigned int lookup_flags, 1129 struct nameidata *nd, int open_flags) 1130 { 1131 return __path_lookup_intent_open(name, lookup_flags, nd, 1132 open_flags, 0); 1133 } 1134 1135 /** 1136 * path_lookup_create - lookup a file path with open + create intent 1137 * @name: pointer to file name 1138 * @lookup_flags: lookup intent flags 1139 * @nd: pointer to nameidata 1140 * @open_flags: open intent flags 1141 * @create_mode: create intent flags 1142 */ 1143 static int path_lookup_create(const char *name, unsigned int lookup_flags, 1144 struct nameidata *nd, int open_flags, 1145 int create_mode) 1146 { 1147 return __path_lookup_intent_open(name, lookup_flags|LOOKUP_CREATE, nd, 1148 open_flags, create_mode); 1149 } 1150 1151 int __user_path_lookup_open(const char __user *name, unsigned int lookup_flags, 1152 struct nameidata *nd, int open_flags) 1153 { 1154 char *tmp = getname(name); 1155 int err = PTR_ERR(tmp); 1156 1157 if (!IS_ERR(tmp)) { 1158 err = __path_lookup_intent_open(tmp, lookup_flags, nd, open_flags, 0); 1159 putname(tmp); 1160 } 1161 return err; 1162 } 1163 1164 /* 1165 * Restricted form of lookup. Doesn't follow links, single-component only, 1166 * needs parent already locked. Doesn't follow mounts. 1167 * SMP-safe. 1168 */ 1169 static struct dentry * __lookup_hash(struct qstr *name, struct dentry * base, struct nameidata *nd) 1170 { 1171 struct dentry * dentry; 1172 struct inode *inode; 1173 int err; 1174 1175 inode = base->d_inode; 1176 err = permission(inode, MAY_EXEC, nd); 1177 dentry = ERR_PTR(err); 1178 if (err) 1179 goto out; 1180 1181 /* 1182 * See if the low-level filesystem might want 1183 * to use its own hash.. 1184 */ 1185 if (base->d_op && base->d_op->d_hash) { 1186 err = base->d_op->d_hash(base, name); 1187 dentry = ERR_PTR(err); 1188 if (err < 0) 1189 goto out; 1190 } 1191 1192 dentry = cached_lookup(base, name, nd); 1193 if (!dentry) { 1194 struct dentry *new = d_alloc(base, name); 1195 dentry = ERR_PTR(-ENOMEM); 1196 if (!new) 1197 goto out; 1198 dentry = inode->i_op->lookup(inode, new, nd); 1199 if (!dentry) 1200 dentry = new; 1201 else 1202 dput(new); 1203 } 1204 out: 1205 return dentry; 1206 } 1207 1208 struct dentry * lookup_hash(struct nameidata *nd) 1209 { 1210 return __lookup_hash(&nd->last, nd->dentry, nd); 1211 } 1212 1213 /* SMP-safe */ 1214 struct dentry * lookup_one_len(const char * name, struct dentry * base, int len) 1215 { 1216 unsigned long hash; 1217 struct qstr this; 1218 unsigned int c; 1219 1220 this.name = name; 1221 this.len = len; 1222 if (!len) 1223 goto access; 1224 1225 hash = init_name_hash(); 1226 while (len--) { 1227 c = *(const unsigned char *)name++; 1228 if (c == '/' || c == '\0') 1229 goto access; 1230 hash = partial_name_hash(c, hash); 1231 } 1232 this.hash = end_name_hash(hash); 1233 1234 return __lookup_hash(&this, base, NULL); 1235 access: 1236 return ERR_PTR(-EACCES); 1237 } 1238 1239 /* 1240 * namei() 1241 * 1242 * is used by most simple commands to get the inode of a specified name. 1243 * Open, link etc use their own routines, but this is enough for things 1244 * like 'chmod' etc. 1245 * 1246 * namei exists in two versions: namei/lnamei. The only difference is 1247 * that namei follows links, while lnamei does not. 1248 * SMP-safe 1249 */ 1250 int fastcall __user_walk(const char __user *name, unsigned flags, struct nameidata *nd) 1251 { 1252 char *tmp = getname(name); 1253 int err = PTR_ERR(tmp); 1254 1255 if (!IS_ERR(tmp)) { 1256 err = path_lookup(tmp, flags, nd); 1257 putname(tmp); 1258 } 1259 return err; 1260 } 1261 1262 /* 1263 * It's inline, so penalty for filesystems that don't use sticky bit is 1264 * minimal. 1265 */ 1266 static inline int check_sticky(struct inode *dir, struct inode *inode) 1267 { 1268 if (!(dir->i_mode & S_ISVTX)) 1269 return 0; 1270 if (inode->i_uid == current->fsuid) 1271 return 0; 1272 if (dir->i_uid == current->fsuid) 1273 return 0; 1274 return !capable(CAP_FOWNER); 1275 } 1276 1277 /* 1278 * Check whether we can remove a link victim from directory dir, check 1279 * whether the type of victim is right. 1280 * 1. We can't do it if dir is read-only (done in permission()) 1281 * 2. We should have write and exec permissions on dir 1282 * 3. We can't remove anything from append-only dir 1283 * 4. We can't do anything with immutable dir (done in permission()) 1284 * 5. If the sticky bit on dir is set we should either 1285 * a. be owner of dir, or 1286 * b. be owner of victim, or 1287 * c. have CAP_FOWNER capability 1288 * 6. If the victim is append-only or immutable we can't do antyhing with 1289 * links pointing to it. 1290 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR. 1291 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR. 1292 * 9. We can't remove a root or mountpoint. 1293 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by 1294 * nfs_async_unlink(). 1295 */ 1296 static inline int may_delete(struct inode *dir,struct dentry *victim,int isdir) 1297 { 1298 int error; 1299 1300 if (!victim->d_inode) 1301 return -ENOENT; 1302 1303 BUG_ON(victim->d_parent->d_inode != dir); 1304 1305 error = permission(dir,MAY_WRITE | MAY_EXEC, NULL); 1306 if (error) 1307 return error; 1308 if (IS_APPEND(dir)) 1309 return -EPERM; 1310 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)|| 1311 IS_IMMUTABLE(victim->d_inode)) 1312 return -EPERM; 1313 if (isdir) { 1314 if (!S_ISDIR(victim->d_inode->i_mode)) 1315 return -ENOTDIR; 1316 if (IS_ROOT(victim)) 1317 return -EBUSY; 1318 } else if (S_ISDIR(victim->d_inode->i_mode)) 1319 return -EISDIR; 1320 if (IS_DEADDIR(dir)) 1321 return -ENOENT; 1322 if (victim->d_flags & DCACHE_NFSFS_RENAMED) 1323 return -EBUSY; 1324 return 0; 1325 } 1326 1327 /* Check whether we can create an object with dentry child in directory 1328 * dir. 1329 * 1. We can't do it if child already exists (open has special treatment for 1330 * this case, but since we are inlined it's OK) 1331 * 2. We can't do it if dir is read-only (done in permission()) 1332 * 3. We should have write and exec permissions on dir 1333 * 4. We can't do it if dir is immutable (done in permission()) 1334 */ 1335 static inline int may_create(struct inode *dir, struct dentry *child, 1336 struct nameidata *nd) 1337 { 1338 if (child->d_inode) 1339 return -EEXIST; 1340 if (IS_DEADDIR(dir)) 1341 return -ENOENT; 1342 return permission(dir,MAY_WRITE | MAY_EXEC, nd); 1343 } 1344 1345 /* 1346 * O_DIRECTORY translates into forcing a directory lookup. 1347 */ 1348 static inline int lookup_flags(unsigned int f) 1349 { 1350 unsigned long retval = LOOKUP_FOLLOW; 1351 1352 if (f & O_NOFOLLOW) 1353 retval &= ~LOOKUP_FOLLOW; 1354 1355 if (f & O_DIRECTORY) 1356 retval |= LOOKUP_DIRECTORY; 1357 1358 return retval; 1359 } 1360 1361 /* 1362 * p1 and p2 should be directories on the same fs. 1363 */ 1364 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2) 1365 { 1366 struct dentry *p; 1367 1368 if (p1 == p2) { 1369 down(&p1->d_inode->i_sem); 1370 return NULL; 1371 } 1372 1373 down(&p1->d_inode->i_sb->s_vfs_rename_sem); 1374 1375 for (p = p1; p->d_parent != p; p = p->d_parent) { 1376 if (p->d_parent == p2) { 1377 down(&p2->d_inode->i_sem); 1378 down(&p1->d_inode->i_sem); 1379 return p; 1380 } 1381 } 1382 1383 for (p = p2; p->d_parent != p; p = p->d_parent) { 1384 if (p->d_parent == p1) { 1385 down(&p1->d_inode->i_sem); 1386 down(&p2->d_inode->i_sem); 1387 return p; 1388 } 1389 } 1390 1391 down(&p1->d_inode->i_sem); 1392 down(&p2->d_inode->i_sem); 1393 return NULL; 1394 } 1395 1396 void unlock_rename(struct dentry *p1, struct dentry *p2) 1397 { 1398 up(&p1->d_inode->i_sem); 1399 if (p1 != p2) { 1400 up(&p2->d_inode->i_sem); 1401 up(&p1->d_inode->i_sb->s_vfs_rename_sem); 1402 } 1403 } 1404 1405 int vfs_create(struct inode *dir, struct dentry *dentry, int mode, 1406 struct nameidata *nd) 1407 { 1408 int error = may_create(dir, dentry, nd); 1409 1410 if (error) 1411 return error; 1412 1413 if (!dir->i_op || !dir->i_op->create) 1414 return -EACCES; /* shouldn't it be ENOSYS? */ 1415 mode &= S_IALLUGO; 1416 mode |= S_IFREG; 1417 error = security_inode_create(dir, dentry, mode); 1418 if (error) 1419 return error; 1420 DQUOT_INIT(dir); 1421 error = dir->i_op->create(dir, dentry, mode, nd); 1422 if (!error) 1423 fsnotify_create(dir, dentry->d_name.name); 1424 return error; 1425 } 1426 1427 int may_open(struct nameidata *nd, int acc_mode, int flag) 1428 { 1429 struct dentry *dentry = nd->dentry; 1430 struct inode *inode = dentry->d_inode; 1431 int error; 1432 1433 if (!inode) 1434 return -ENOENT; 1435 1436 if (S_ISLNK(inode->i_mode)) 1437 return -ELOOP; 1438 1439 if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE)) 1440 return -EISDIR; 1441 1442 error = vfs_permission(nd, acc_mode); 1443 if (error) 1444 return error; 1445 1446 /* 1447 * FIFO's, sockets and device files are special: they don't 1448 * actually live on the filesystem itself, and as such you 1449 * can write to them even if the filesystem is read-only. 1450 */ 1451 if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) { 1452 flag &= ~O_TRUNC; 1453 } else if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) { 1454 if (nd->mnt->mnt_flags & MNT_NODEV) 1455 return -EACCES; 1456 1457 flag &= ~O_TRUNC; 1458 } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE)) 1459 return -EROFS; 1460 /* 1461 * An append-only file must be opened in append mode for writing. 1462 */ 1463 if (IS_APPEND(inode)) { 1464 if ((flag & FMODE_WRITE) && !(flag & O_APPEND)) 1465 return -EPERM; 1466 if (flag & O_TRUNC) 1467 return -EPERM; 1468 } 1469 1470 /* O_NOATIME can only be set by the owner or superuser */ 1471 if (flag & O_NOATIME) 1472 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) 1473 return -EPERM; 1474 1475 /* 1476 * Ensure there are no outstanding leases on the file. 1477 */ 1478 error = break_lease(inode, flag); 1479 if (error) 1480 return error; 1481 1482 if (flag & O_TRUNC) { 1483 error = get_write_access(inode); 1484 if (error) 1485 return error; 1486 1487 /* 1488 * Refuse to truncate files with mandatory locks held on them. 1489 */ 1490 error = locks_verify_locked(inode); 1491 if (!error) { 1492 DQUOT_INIT(inode); 1493 1494 error = do_truncate(dentry, 0, NULL); 1495 } 1496 put_write_access(inode); 1497 if (error) 1498 return error; 1499 } else 1500 if (flag & FMODE_WRITE) 1501 DQUOT_INIT(inode); 1502 1503 return 0; 1504 } 1505 1506 /* 1507 * open_namei() 1508 * 1509 * namei for open - this is in fact almost the whole open-routine. 1510 * 1511 * Note that the low bits of "flag" aren't the same as in the open 1512 * system call - they are 00 - no permissions needed 1513 * 01 - read permission needed 1514 * 10 - write permission needed 1515 * 11 - read/write permissions needed 1516 * which is a lot more logical, and also allows the "no perm" needed 1517 * for symlinks (where the permissions are checked later). 1518 * SMP-safe 1519 */ 1520 int open_namei(const char * pathname, int flag, int mode, struct nameidata *nd) 1521 { 1522 int acc_mode, error; 1523 struct path path; 1524 struct dentry *dir; 1525 int count = 0; 1526 1527 acc_mode = ACC_MODE(flag); 1528 1529 /* O_TRUNC implies we need access checks for write permissions */ 1530 if (flag & O_TRUNC) 1531 acc_mode |= MAY_WRITE; 1532 1533 /* Allow the LSM permission hook to distinguish append 1534 access from general write access. */ 1535 if (flag & O_APPEND) 1536 acc_mode |= MAY_APPEND; 1537 1538 /* 1539 * The simplest case - just a plain lookup. 1540 */ 1541 if (!(flag & O_CREAT)) { 1542 error = path_lookup_open(pathname, lookup_flags(flag), nd, flag); 1543 if (error) 1544 return error; 1545 goto ok; 1546 } 1547 1548 /* 1549 * Create - we need to know the parent. 1550 */ 1551 error = path_lookup_create(pathname, LOOKUP_PARENT, nd, flag, mode); 1552 if (error) 1553 return error; 1554 1555 /* 1556 * We have the parent and last component. First of all, check 1557 * that we are not asked to creat(2) an obvious directory - that 1558 * will not do. 1559 */ 1560 error = -EISDIR; 1561 if (nd->last_type != LAST_NORM || nd->last.name[nd->last.len]) 1562 goto exit; 1563 1564 dir = nd->dentry; 1565 nd->flags &= ~LOOKUP_PARENT; 1566 down(&dir->d_inode->i_sem); 1567 path.dentry = lookup_hash(nd); 1568 path.mnt = nd->mnt; 1569 1570 do_last: 1571 error = PTR_ERR(path.dentry); 1572 if (IS_ERR(path.dentry)) { 1573 up(&dir->d_inode->i_sem); 1574 goto exit; 1575 } 1576 1577 /* Negative dentry, just create the file */ 1578 if (!path.dentry->d_inode) { 1579 if (!IS_POSIXACL(dir->d_inode)) 1580 mode &= ~current->fs->umask; 1581 error = vfs_create(dir->d_inode, path.dentry, mode, nd); 1582 up(&dir->d_inode->i_sem); 1583 dput(nd->dentry); 1584 nd->dentry = path.dentry; 1585 if (error) 1586 goto exit; 1587 /* Don't check for write permission, don't truncate */ 1588 acc_mode = 0; 1589 flag &= ~O_TRUNC; 1590 goto ok; 1591 } 1592 1593 /* 1594 * It already exists. 1595 */ 1596 up(&dir->d_inode->i_sem); 1597 1598 error = -EEXIST; 1599 if (flag & O_EXCL) 1600 goto exit_dput; 1601 1602 if (__follow_mount(&path)) { 1603 error = -ELOOP; 1604 if (flag & O_NOFOLLOW) 1605 goto exit_dput; 1606 } 1607 error = -ENOENT; 1608 if (!path.dentry->d_inode) 1609 goto exit_dput; 1610 if (path.dentry->d_inode->i_op && path.dentry->d_inode->i_op->follow_link) 1611 goto do_link; 1612 1613 path_to_nameidata(&path, nd); 1614 error = -EISDIR; 1615 if (path.dentry->d_inode && S_ISDIR(path.dentry->d_inode->i_mode)) 1616 goto exit; 1617 ok: 1618 error = may_open(nd, acc_mode, flag); 1619 if (error) 1620 goto exit; 1621 return 0; 1622 1623 exit_dput: 1624 dput_path(&path, nd); 1625 exit: 1626 if (!IS_ERR(nd->intent.open.file)) 1627 release_open_intent(nd); 1628 path_release(nd); 1629 return error; 1630 1631 do_link: 1632 error = -ELOOP; 1633 if (flag & O_NOFOLLOW) 1634 goto exit_dput; 1635 /* 1636 * This is subtle. Instead of calling do_follow_link() we do the 1637 * thing by hands. The reason is that this way we have zero link_count 1638 * and path_walk() (called from ->follow_link) honoring LOOKUP_PARENT. 1639 * After that we have the parent and last component, i.e. 1640 * we are in the same situation as after the first path_walk(). 1641 * Well, almost - if the last component is normal we get its copy 1642 * stored in nd->last.name and we will have to putname() it when we 1643 * are done. Procfs-like symlinks just set LAST_BIND. 1644 */ 1645 nd->flags |= LOOKUP_PARENT; 1646 error = security_inode_follow_link(path.dentry, nd); 1647 if (error) 1648 goto exit_dput; 1649 error = __do_follow_link(&path, nd); 1650 if (error) 1651 return error; 1652 nd->flags &= ~LOOKUP_PARENT; 1653 if (nd->last_type == LAST_BIND) 1654 goto ok; 1655 error = -EISDIR; 1656 if (nd->last_type != LAST_NORM) 1657 goto exit; 1658 if (nd->last.name[nd->last.len]) { 1659 __putname(nd->last.name); 1660 goto exit; 1661 } 1662 error = -ELOOP; 1663 if (count++==32) { 1664 __putname(nd->last.name); 1665 goto exit; 1666 } 1667 dir = nd->dentry; 1668 down(&dir->d_inode->i_sem); 1669 path.dentry = lookup_hash(nd); 1670 path.mnt = nd->mnt; 1671 __putname(nd->last.name); 1672 goto do_last; 1673 } 1674 1675 /** 1676 * lookup_create - lookup a dentry, creating it if it doesn't exist 1677 * @nd: nameidata info 1678 * @is_dir: directory flag 1679 * 1680 * Simple function to lookup and return a dentry and create it 1681 * if it doesn't exist. Is SMP-safe. 1682 * 1683 * Returns with nd->dentry->d_inode->i_sem locked. 1684 */ 1685 struct dentry *lookup_create(struct nameidata *nd, int is_dir) 1686 { 1687 struct dentry *dentry = ERR_PTR(-EEXIST); 1688 1689 down(&nd->dentry->d_inode->i_sem); 1690 /* 1691 * Yucky last component or no last component at all? 1692 * (foo/., foo/.., /////) 1693 */ 1694 if (nd->last_type != LAST_NORM) 1695 goto fail; 1696 nd->flags &= ~LOOKUP_PARENT; 1697 1698 /* 1699 * Do the final lookup. 1700 */ 1701 dentry = lookup_hash(nd); 1702 if (IS_ERR(dentry)) 1703 goto fail; 1704 1705 /* 1706 * Special case - lookup gave negative, but... we had foo/bar/ 1707 * From the vfs_mknod() POV we just have a negative dentry - 1708 * all is fine. Let's be bastards - you had / on the end, you've 1709 * been asking for (non-existent) directory. -ENOENT for you. 1710 */ 1711 if (!is_dir && nd->last.name[nd->last.len] && !dentry->d_inode) 1712 goto enoent; 1713 return dentry; 1714 enoent: 1715 dput(dentry); 1716 dentry = ERR_PTR(-ENOENT); 1717 fail: 1718 return dentry; 1719 } 1720 EXPORT_SYMBOL_GPL(lookup_create); 1721 1722 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) 1723 { 1724 int error = may_create(dir, dentry, NULL); 1725 1726 if (error) 1727 return error; 1728 1729 if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD)) 1730 return -EPERM; 1731 1732 if (!dir->i_op || !dir->i_op->mknod) 1733 return -EPERM; 1734 1735 error = security_inode_mknod(dir, dentry, mode, dev); 1736 if (error) 1737 return error; 1738 1739 DQUOT_INIT(dir); 1740 error = dir->i_op->mknod(dir, dentry, mode, dev); 1741 if (!error) 1742 fsnotify_create(dir, dentry->d_name.name); 1743 return error; 1744 } 1745 1746 asmlinkage long sys_mknod(const char __user * filename, int mode, unsigned dev) 1747 { 1748 int error = 0; 1749 char * tmp; 1750 struct dentry * dentry; 1751 struct nameidata nd; 1752 1753 if (S_ISDIR(mode)) 1754 return -EPERM; 1755 tmp = getname(filename); 1756 if (IS_ERR(tmp)) 1757 return PTR_ERR(tmp); 1758 1759 error = path_lookup(tmp, LOOKUP_PARENT, &nd); 1760 if (error) 1761 goto out; 1762 dentry = lookup_create(&nd, 0); 1763 error = PTR_ERR(dentry); 1764 1765 if (!IS_POSIXACL(nd.dentry->d_inode)) 1766 mode &= ~current->fs->umask; 1767 if (!IS_ERR(dentry)) { 1768 switch (mode & S_IFMT) { 1769 case 0: case S_IFREG: 1770 error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); 1771 break; 1772 case S_IFCHR: case S_IFBLK: 1773 error = vfs_mknod(nd.dentry->d_inode,dentry,mode, 1774 new_decode_dev(dev)); 1775 break; 1776 case S_IFIFO: case S_IFSOCK: 1777 error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); 1778 break; 1779 case S_IFDIR: 1780 error = -EPERM; 1781 break; 1782 default: 1783 error = -EINVAL; 1784 } 1785 dput(dentry); 1786 } 1787 up(&nd.dentry->d_inode->i_sem); 1788 path_release(&nd); 1789 out: 1790 putname(tmp); 1791 1792 return error; 1793 } 1794 1795 int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) 1796 { 1797 int error = may_create(dir, dentry, NULL); 1798 1799 if (error) 1800 return error; 1801 1802 if (!dir->i_op || !dir->i_op->mkdir) 1803 return -EPERM; 1804 1805 mode &= (S_IRWXUGO|S_ISVTX); 1806 error = security_inode_mkdir(dir, dentry, mode); 1807 if (error) 1808 return error; 1809 1810 DQUOT_INIT(dir); 1811 error = dir->i_op->mkdir(dir, dentry, mode); 1812 if (!error) 1813 fsnotify_mkdir(dir, dentry->d_name.name); 1814 return error; 1815 } 1816 1817 asmlinkage long sys_mkdir(const char __user * pathname, int mode) 1818 { 1819 int error = 0; 1820 char * tmp; 1821 1822 tmp = getname(pathname); 1823 error = PTR_ERR(tmp); 1824 if (!IS_ERR(tmp)) { 1825 struct dentry *dentry; 1826 struct nameidata nd; 1827 1828 error = path_lookup(tmp, LOOKUP_PARENT, &nd); 1829 if (error) 1830 goto out; 1831 dentry = lookup_create(&nd, 1); 1832 error = PTR_ERR(dentry); 1833 if (!IS_ERR(dentry)) { 1834 if (!IS_POSIXACL(nd.dentry->d_inode)) 1835 mode &= ~current->fs->umask; 1836 error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); 1837 dput(dentry); 1838 } 1839 up(&nd.dentry->d_inode->i_sem); 1840 path_release(&nd); 1841 out: 1842 putname(tmp); 1843 } 1844 1845 return error; 1846 } 1847 1848 /* 1849 * We try to drop the dentry early: we should have 1850 * a usage count of 2 if we're the only user of this 1851 * dentry, and if that is true (possibly after pruning 1852 * the dcache), then we drop the dentry now. 1853 * 1854 * A low-level filesystem can, if it choses, legally 1855 * do a 1856 * 1857 * if (!d_unhashed(dentry)) 1858 * return -EBUSY; 1859 * 1860 * if it cannot handle the case of removing a directory 1861 * that is still in use by something else.. 1862 */ 1863 void dentry_unhash(struct dentry *dentry) 1864 { 1865 dget(dentry); 1866 if (atomic_read(&dentry->d_count)) 1867 shrink_dcache_parent(dentry); 1868 spin_lock(&dcache_lock); 1869 spin_lock(&dentry->d_lock); 1870 if (atomic_read(&dentry->d_count) == 2) 1871 __d_drop(dentry); 1872 spin_unlock(&dentry->d_lock); 1873 spin_unlock(&dcache_lock); 1874 } 1875 1876 int vfs_rmdir(struct inode *dir, struct dentry *dentry) 1877 { 1878 int error = may_delete(dir, dentry, 1); 1879 1880 if (error) 1881 return error; 1882 1883 if (!dir->i_op || !dir->i_op->rmdir) 1884 return -EPERM; 1885 1886 DQUOT_INIT(dir); 1887 1888 down(&dentry->d_inode->i_sem); 1889 dentry_unhash(dentry); 1890 if (d_mountpoint(dentry)) 1891 error = -EBUSY; 1892 else { 1893 error = security_inode_rmdir(dir, dentry); 1894 if (!error) { 1895 error = dir->i_op->rmdir(dir, dentry); 1896 if (!error) 1897 dentry->d_inode->i_flags |= S_DEAD; 1898 } 1899 } 1900 up(&dentry->d_inode->i_sem); 1901 if (!error) { 1902 d_delete(dentry); 1903 } 1904 dput(dentry); 1905 1906 return error; 1907 } 1908 1909 asmlinkage long sys_rmdir(const char __user * pathname) 1910 { 1911 int error = 0; 1912 char * name; 1913 struct dentry *dentry; 1914 struct nameidata nd; 1915 1916 name = getname(pathname); 1917 if(IS_ERR(name)) 1918 return PTR_ERR(name); 1919 1920 error = path_lookup(name, LOOKUP_PARENT, &nd); 1921 if (error) 1922 goto exit; 1923 1924 switch(nd.last_type) { 1925 case LAST_DOTDOT: 1926 error = -ENOTEMPTY; 1927 goto exit1; 1928 case LAST_DOT: 1929 error = -EINVAL; 1930 goto exit1; 1931 case LAST_ROOT: 1932 error = -EBUSY; 1933 goto exit1; 1934 } 1935 down(&nd.dentry->d_inode->i_sem); 1936 dentry = lookup_hash(&nd); 1937 error = PTR_ERR(dentry); 1938 if (!IS_ERR(dentry)) { 1939 error = vfs_rmdir(nd.dentry->d_inode, dentry); 1940 dput(dentry); 1941 } 1942 up(&nd.dentry->d_inode->i_sem); 1943 exit1: 1944 path_release(&nd); 1945 exit: 1946 putname(name); 1947 return error; 1948 } 1949 1950 int vfs_unlink(struct inode *dir, struct dentry *dentry) 1951 { 1952 int error = may_delete(dir, dentry, 0); 1953 1954 if (error) 1955 return error; 1956 1957 if (!dir->i_op || !dir->i_op->unlink) 1958 return -EPERM; 1959 1960 DQUOT_INIT(dir); 1961 1962 down(&dentry->d_inode->i_sem); 1963 if (d_mountpoint(dentry)) 1964 error = -EBUSY; 1965 else { 1966 error = security_inode_unlink(dir, dentry); 1967 if (!error) 1968 error = dir->i_op->unlink(dir, dentry); 1969 } 1970 up(&dentry->d_inode->i_sem); 1971 1972 /* We don't d_delete() NFS sillyrenamed files--they still exist. */ 1973 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) { 1974 d_delete(dentry); 1975 } 1976 1977 return error; 1978 } 1979 1980 /* 1981 * Make sure that the actual truncation of the file will occur outside its 1982 * directory's i_sem. Truncate can take a long time if there is a lot of 1983 * writeout happening, and we don't want to prevent access to the directory 1984 * while waiting on the I/O. 1985 */ 1986 asmlinkage long sys_unlink(const char __user * pathname) 1987 { 1988 int error = 0; 1989 char * name; 1990 struct dentry *dentry; 1991 struct nameidata nd; 1992 struct inode *inode = NULL; 1993 1994 name = getname(pathname); 1995 if(IS_ERR(name)) 1996 return PTR_ERR(name); 1997 1998 error = path_lookup(name, LOOKUP_PARENT, &nd); 1999 if (error) 2000 goto exit; 2001 error = -EISDIR; 2002 if (nd.last_type != LAST_NORM) 2003 goto exit1; 2004 down(&nd.dentry->d_inode->i_sem); 2005 dentry = lookup_hash(&nd); 2006 error = PTR_ERR(dentry); 2007 if (!IS_ERR(dentry)) { 2008 /* Why not before? Because we want correct error value */ 2009 if (nd.last.name[nd.last.len]) 2010 goto slashes; 2011 inode = dentry->d_inode; 2012 if (inode) 2013 atomic_inc(&inode->i_count); 2014 error = vfs_unlink(nd.dentry->d_inode, dentry); 2015 exit2: 2016 dput(dentry); 2017 } 2018 up(&nd.dentry->d_inode->i_sem); 2019 if (inode) 2020 iput(inode); /* truncate the inode here */ 2021 exit1: 2022 path_release(&nd); 2023 exit: 2024 putname(name); 2025 return error; 2026 2027 slashes: 2028 error = !dentry->d_inode ? -ENOENT : 2029 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR; 2030 goto exit2; 2031 } 2032 2033 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname, int mode) 2034 { 2035 int error = may_create(dir, dentry, NULL); 2036 2037 if (error) 2038 return error; 2039 2040 if (!dir->i_op || !dir->i_op->symlink) 2041 return -EPERM; 2042 2043 error = security_inode_symlink(dir, dentry, oldname); 2044 if (error) 2045 return error; 2046 2047 DQUOT_INIT(dir); 2048 error = dir->i_op->symlink(dir, dentry, oldname); 2049 if (!error) 2050 fsnotify_create(dir, dentry->d_name.name); 2051 return error; 2052 } 2053 2054 asmlinkage long sys_symlink(const char __user * oldname, const char __user * newname) 2055 { 2056 int error = 0; 2057 char * from; 2058 char * to; 2059 2060 from = getname(oldname); 2061 if(IS_ERR(from)) 2062 return PTR_ERR(from); 2063 to = getname(newname); 2064 error = PTR_ERR(to); 2065 if (!IS_ERR(to)) { 2066 struct dentry *dentry; 2067 struct nameidata nd; 2068 2069 error = path_lookup(to, LOOKUP_PARENT, &nd); 2070 if (error) 2071 goto out; 2072 dentry = lookup_create(&nd, 0); 2073 error = PTR_ERR(dentry); 2074 if (!IS_ERR(dentry)) { 2075 error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); 2076 dput(dentry); 2077 } 2078 up(&nd.dentry->d_inode->i_sem); 2079 path_release(&nd); 2080 out: 2081 putname(to); 2082 } 2083 putname(from); 2084 return error; 2085 } 2086 2087 int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) 2088 { 2089 struct inode *inode = old_dentry->d_inode; 2090 int error; 2091 2092 if (!inode) 2093 return -ENOENT; 2094 2095 error = may_create(dir, new_dentry, NULL); 2096 if (error) 2097 return error; 2098 2099 if (dir->i_sb != inode->i_sb) 2100 return -EXDEV; 2101 2102 /* 2103 * A link to an append-only or immutable file cannot be created. 2104 */ 2105 if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) 2106 return -EPERM; 2107 if (!dir->i_op || !dir->i_op->link) 2108 return -EPERM; 2109 if (S_ISDIR(old_dentry->d_inode->i_mode)) 2110 return -EPERM; 2111 2112 error = security_inode_link(old_dentry, dir, new_dentry); 2113 if (error) 2114 return error; 2115 2116 down(&old_dentry->d_inode->i_sem); 2117 DQUOT_INIT(dir); 2118 error = dir->i_op->link(old_dentry, dir, new_dentry); 2119 up(&old_dentry->d_inode->i_sem); 2120 if (!error) 2121 fsnotify_create(dir, new_dentry->d_name.name); 2122 return error; 2123 } 2124 2125 /* 2126 * Hardlinks are often used in delicate situations. We avoid 2127 * security-related surprises by not following symlinks on the 2128 * newname. --KAB 2129 * 2130 * We don't follow them on the oldname either to be compatible 2131 * with linux 2.0, and to avoid hard-linking to directories 2132 * and other special files. --ADM 2133 */ 2134 asmlinkage long sys_link(const char __user * oldname, const char __user * newname) 2135 { 2136 struct dentry *new_dentry; 2137 struct nameidata nd, old_nd; 2138 int error; 2139 char * to; 2140 2141 to = getname(newname); 2142 if (IS_ERR(to)) 2143 return PTR_ERR(to); 2144 2145 error = __user_walk(oldname, 0, &old_nd); 2146 if (error) 2147 goto exit; 2148 error = path_lookup(to, LOOKUP_PARENT, &nd); 2149 if (error) 2150 goto out; 2151 error = -EXDEV; 2152 if (old_nd.mnt != nd.mnt) 2153 goto out_release; 2154 new_dentry = lookup_create(&nd, 0); 2155 error = PTR_ERR(new_dentry); 2156 if (!IS_ERR(new_dentry)) { 2157 error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); 2158 dput(new_dentry); 2159 } 2160 up(&nd.dentry->d_inode->i_sem); 2161 out_release: 2162 path_release(&nd); 2163 out: 2164 path_release(&old_nd); 2165 exit: 2166 putname(to); 2167 2168 return error; 2169 } 2170 2171 /* 2172 * The worst of all namespace operations - renaming directory. "Perverted" 2173 * doesn't even start to describe it. Somebody in UCB had a heck of a trip... 2174 * Problems: 2175 * a) we can get into loop creation. Check is done in is_subdir(). 2176 * b) race potential - two innocent renames can create a loop together. 2177 * That's where 4.4 screws up. Current fix: serialization on 2178 * sb->s_vfs_rename_sem. We might be more accurate, but that's another 2179 * story. 2180 * c) we have to lock _three_ objects - parents and victim (if it exists). 2181 * And that - after we got ->i_sem on parents (until then we don't know 2182 * whether the target exists). Solution: try to be smart with locking 2183 * order for inodes. We rely on the fact that tree topology may change 2184 * only under ->s_vfs_rename_sem _and_ that parent of the object we 2185 * move will be locked. Thus we can rank directories by the tree 2186 * (ancestors first) and rank all non-directories after them. 2187 * That works since everybody except rename does "lock parent, lookup, 2188 * lock child" and rename is under ->s_vfs_rename_sem. 2189 * HOWEVER, it relies on the assumption that any object with ->lookup() 2190 * has no more than 1 dentry. If "hybrid" objects will ever appear, 2191 * we'd better make sure that there's no link(2) for them. 2192 * d) some filesystems don't support opened-but-unlinked directories, 2193 * either because of layout or because they are not ready to deal with 2194 * all cases correctly. The latter will be fixed (taking this sort of 2195 * stuff into VFS), but the former is not going away. Solution: the same 2196 * trick as in rmdir(). 2197 * e) conversion from fhandle to dentry may come in the wrong moment - when 2198 * we are removing the target. Solution: we will have to grab ->i_sem 2199 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on 2200 * ->i_sem on parents, which works but leads to some truely excessive 2201 * locking]. 2202 */ 2203 static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry, 2204 struct inode *new_dir, struct dentry *new_dentry) 2205 { 2206 int error = 0; 2207 struct inode *target; 2208 2209 /* 2210 * If we are going to change the parent - check write permissions, 2211 * we'll need to flip '..'. 2212 */ 2213 if (new_dir != old_dir) { 2214 error = permission(old_dentry->d_inode, MAY_WRITE, NULL); 2215 if (error) 2216 return error; 2217 } 2218 2219 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry); 2220 if (error) 2221 return error; 2222 2223 target = new_dentry->d_inode; 2224 if (target) { 2225 down(&target->i_sem); 2226 dentry_unhash(new_dentry); 2227 } 2228 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry)) 2229 error = -EBUSY; 2230 else 2231 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry); 2232 if (target) { 2233 if (!error) 2234 target->i_flags |= S_DEAD; 2235 up(&target->i_sem); 2236 if (d_unhashed(new_dentry)) 2237 d_rehash(new_dentry); 2238 dput(new_dentry); 2239 } 2240 if (!error) 2241 d_move(old_dentry,new_dentry); 2242 return error; 2243 } 2244 2245 static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, 2246 struct inode *new_dir, struct dentry *new_dentry) 2247 { 2248 struct inode *target; 2249 int error; 2250 2251 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry); 2252 if (error) 2253 return error; 2254 2255 dget(new_dentry); 2256 target = new_dentry->d_inode; 2257 if (target) 2258 down(&target->i_sem); 2259 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry)) 2260 error = -EBUSY; 2261 else 2262 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry); 2263 if (!error) { 2264 /* The following d_move() should become unconditional */ 2265 if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME)) 2266 d_move(old_dentry, new_dentry); 2267 } 2268 if (target) 2269 up(&target->i_sem); 2270 dput(new_dentry); 2271 return error; 2272 } 2273 2274 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry, 2275 struct inode *new_dir, struct dentry *new_dentry) 2276 { 2277 int error; 2278 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode); 2279 const char *old_name; 2280 2281 if (old_dentry->d_inode == new_dentry->d_inode) 2282 return 0; 2283 2284 error = may_delete(old_dir, old_dentry, is_dir); 2285 if (error) 2286 return error; 2287 2288 if (!new_dentry->d_inode) 2289 error = may_create(new_dir, new_dentry, NULL); 2290 else 2291 error = may_delete(new_dir, new_dentry, is_dir); 2292 if (error) 2293 return error; 2294 2295 if (!old_dir->i_op || !old_dir->i_op->rename) 2296 return -EPERM; 2297 2298 DQUOT_INIT(old_dir); 2299 DQUOT_INIT(new_dir); 2300 2301 old_name = fsnotify_oldname_init(old_dentry->d_name.name); 2302 2303 if (is_dir) 2304 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry); 2305 else 2306 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry); 2307 if (!error) { 2308 const char *new_name = old_dentry->d_name.name; 2309 fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir, 2310 new_dentry->d_inode, old_dentry->d_inode); 2311 } 2312 fsnotify_oldname_free(old_name); 2313 2314 return error; 2315 } 2316 2317 static inline int do_rename(const char * oldname, const char * newname) 2318 { 2319 int error = 0; 2320 struct dentry * old_dir, * new_dir; 2321 struct dentry * old_dentry, *new_dentry; 2322 struct dentry * trap; 2323 struct nameidata oldnd, newnd; 2324 2325 error = path_lookup(oldname, LOOKUP_PARENT, &oldnd); 2326 if (error) 2327 goto exit; 2328 2329 error = path_lookup(newname, LOOKUP_PARENT, &newnd); 2330 if (error) 2331 goto exit1; 2332 2333 error = -EXDEV; 2334 if (oldnd.mnt != newnd.mnt) 2335 goto exit2; 2336 2337 old_dir = oldnd.dentry; 2338 error = -EBUSY; 2339 if (oldnd.last_type != LAST_NORM) 2340 goto exit2; 2341 2342 new_dir = newnd.dentry; 2343 if (newnd.last_type != LAST_NORM) 2344 goto exit2; 2345 2346 trap = lock_rename(new_dir, old_dir); 2347 2348 old_dentry = lookup_hash(&oldnd); 2349 error = PTR_ERR(old_dentry); 2350 if (IS_ERR(old_dentry)) 2351 goto exit3; 2352 /* source must exist */ 2353 error = -ENOENT; 2354 if (!old_dentry->d_inode) 2355 goto exit4; 2356 /* unless the source is a directory trailing slashes give -ENOTDIR */ 2357 if (!S_ISDIR(old_dentry->d_inode->i_mode)) { 2358 error = -ENOTDIR; 2359 if (oldnd.last.name[oldnd.last.len]) 2360 goto exit4; 2361 if (newnd.last.name[newnd.last.len]) 2362 goto exit4; 2363 } 2364 /* source should not be ancestor of target */ 2365 error = -EINVAL; 2366 if (old_dentry == trap) 2367 goto exit4; 2368 new_dentry = lookup_hash(&newnd); 2369 error = PTR_ERR(new_dentry); 2370 if (IS_ERR(new_dentry)) 2371 goto exit4; 2372 /* target should not be an ancestor of source */ 2373 error = -ENOTEMPTY; 2374 if (new_dentry == trap) 2375 goto exit5; 2376 2377 error = vfs_rename(old_dir->d_inode, old_dentry, 2378 new_dir->d_inode, new_dentry); 2379 exit5: 2380 dput(new_dentry); 2381 exit4: 2382 dput(old_dentry); 2383 exit3: 2384 unlock_rename(new_dir, old_dir); 2385 exit2: 2386 path_release(&newnd); 2387 exit1: 2388 path_release(&oldnd); 2389 exit: 2390 return error; 2391 } 2392 2393 asmlinkage long sys_rename(const char __user * oldname, const char __user * newname) 2394 { 2395 int error; 2396 char * from; 2397 char * to; 2398 2399 from = getname(oldname); 2400 if(IS_ERR(from)) 2401 return PTR_ERR(from); 2402 to = getname(newname); 2403 error = PTR_ERR(to); 2404 if (!IS_ERR(to)) { 2405 error = do_rename(from,to); 2406 putname(to); 2407 } 2408 putname(from); 2409 return error; 2410 } 2411 2412 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) 2413 { 2414 int len; 2415 2416 len = PTR_ERR(link); 2417 if (IS_ERR(link)) 2418 goto out; 2419 2420 len = strlen(link); 2421 if (len > (unsigned) buflen) 2422 len = buflen; 2423 if (copy_to_user(buffer, link, len)) 2424 len = -EFAULT; 2425 out: 2426 return len; 2427 } 2428 2429 /* 2430 * A helper for ->readlink(). This should be used *ONLY* for symlinks that 2431 * have ->follow_link() touching nd only in nd_set_link(). Using (or not 2432 * using) it for any given inode is up to filesystem. 2433 */ 2434 int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen) 2435 { 2436 struct nameidata nd; 2437 void *cookie; 2438 2439 nd.depth = 0; 2440 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd); 2441 if (!IS_ERR(cookie)) { 2442 int res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd)); 2443 if (dentry->d_inode->i_op->put_link) 2444 dentry->d_inode->i_op->put_link(dentry, &nd, cookie); 2445 cookie = ERR_PTR(res); 2446 } 2447 return PTR_ERR(cookie); 2448 } 2449 2450 int vfs_follow_link(struct nameidata *nd, const char *link) 2451 { 2452 return __vfs_follow_link(nd, link); 2453 } 2454 2455 /* get the link contents into pagecache */ 2456 static char *page_getlink(struct dentry * dentry, struct page **ppage) 2457 { 2458 struct page * page; 2459 struct address_space *mapping = dentry->d_inode->i_mapping; 2460 page = read_cache_page(mapping, 0, (filler_t *)mapping->a_ops->readpage, 2461 NULL); 2462 if (IS_ERR(page)) 2463 goto sync_fail; 2464 wait_on_page_locked(page); 2465 if (!PageUptodate(page)) 2466 goto async_fail; 2467 *ppage = page; 2468 return kmap(page); 2469 2470 async_fail: 2471 page_cache_release(page); 2472 return ERR_PTR(-EIO); 2473 2474 sync_fail: 2475 return (char*)page; 2476 } 2477 2478 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen) 2479 { 2480 struct page *page = NULL; 2481 char *s = page_getlink(dentry, &page); 2482 int res = vfs_readlink(dentry,buffer,buflen,s); 2483 if (page) { 2484 kunmap(page); 2485 page_cache_release(page); 2486 } 2487 return res; 2488 } 2489 2490 void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd) 2491 { 2492 struct page *page = NULL; 2493 nd_set_link(nd, page_getlink(dentry, &page)); 2494 return page; 2495 } 2496 2497 void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) 2498 { 2499 struct page *page = cookie; 2500 2501 if (page) { 2502 kunmap(page); 2503 page_cache_release(page); 2504 } 2505 } 2506 2507 int page_symlink(struct inode *inode, const char *symname, int len) 2508 { 2509 struct address_space *mapping = inode->i_mapping; 2510 struct page *page = grab_cache_page(mapping, 0); 2511 int err = -ENOMEM; 2512 char *kaddr; 2513 2514 if (!page) 2515 goto fail; 2516 err = mapping->a_ops->prepare_write(NULL, page, 0, len-1); 2517 if (err) 2518 goto fail_map; 2519 kaddr = kmap_atomic(page, KM_USER0); 2520 memcpy(kaddr, symname, len-1); 2521 kunmap_atomic(kaddr, KM_USER0); 2522 mapping->a_ops->commit_write(NULL, page, 0, len-1); 2523 /* 2524 * Notice that we are _not_ going to block here - end of page is 2525 * unmapped, so this will only try to map the rest of page, see 2526 * that it is unmapped (typically even will not look into inode - 2527 * ->i_size will be enough for everything) and zero it out. 2528 * OTOH it's obviously correct and should make the page up-to-date. 2529 */ 2530 if (!PageUptodate(page)) { 2531 err = mapping->a_ops->readpage(NULL, page); 2532 wait_on_page_locked(page); 2533 } else { 2534 unlock_page(page); 2535 } 2536 page_cache_release(page); 2537 if (err < 0) 2538 goto fail; 2539 mark_inode_dirty(inode); 2540 return 0; 2541 fail_map: 2542 unlock_page(page); 2543 page_cache_release(page); 2544 fail: 2545 return err; 2546 } 2547 2548 struct inode_operations page_symlink_inode_operations = { 2549 .readlink = generic_readlink, 2550 .follow_link = page_follow_link_light, 2551 .put_link = page_put_link, 2552 }; 2553 2554 EXPORT_SYMBOL(__user_walk); 2555 EXPORT_SYMBOL(follow_down); 2556 EXPORT_SYMBOL(follow_up); 2557 EXPORT_SYMBOL(get_write_access); /* binfmt_aout */ 2558 EXPORT_SYMBOL(getname); 2559 EXPORT_SYMBOL(lock_rename); 2560 EXPORT_SYMBOL(lookup_hash); 2561 EXPORT_SYMBOL(lookup_one_len); 2562 EXPORT_SYMBOL(page_follow_link_light); 2563 EXPORT_SYMBOL(page_put_link); 2564 EXPORT_SYMBOL(page_readlink); 2565 EXPORT_SYMBOL(page_symlink); 2566 EXPORT_SYMBOL(page_symlink_inode_operations); 2567 EXPORT_SYMBOL(path_lookup); 2568 EXPORT_SYMBOL(path_release); 2569 EXPORT_SYMBOL(path_walk); 2570 EXPORT_SYMBOL(permission); 2571 EXPORT_SYMBOL(vfs_permission); 2572 EXPORT_SYMBOL(file_permission); 2573 EXPORT_SYMBOL(unlock_rename); 2574 EXPORT_SYMBOL(vfs_create); 2575 EXPORT_SYMBOL(vfs_follow_link); 2576 EXPORT_SYMBOL(vfs_link); 2577 EXPORT_SYMBOL(vfs_mkdir); 2578 EXPORT_SYMBOL(vfs_mknod); 2579 EXPORT_SYMBOL(generic_permission); 2580 EXPORT_SYMBOL(vfs_readlink); 2581 EXPORT_SYMBOL(vfs_rename); 2582 EXPORT_SYMBOL(vfs_rmdir); 2583 EXPORT_SYMBOL(vfs_symlink); 2584 EXPORT_SYMBOL(vfs_unlink); 2585 EXPORT_SYMBOL(dentry_unhash); 2586 EXPORT_SYMBOL(generic_readlink); 2587