4 * Copyright (C) 1991, 1992 Linus Torvalds
8 * Some corrections by tytso.
11 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
14 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
21 #include <linux/namei.h>
22 #include <linux/quotaops.h>
23 #include <linux/pagemap.h>
24 #include <linux/fsnotify.h>
25 #include <linux/smp_lock.h>
26 #include <linux/personality.h>
27 #include <linux/security.h>
28 #include <linux/syscalls.h>
29 #include <linux/mount.h>
30 #include <linux/audit.h>
31 #include <linux/capability.h>
32 #include <linux/file.h>
33 #include <linux/fcntl.h>
34 #include <linux/namei.h>
35 #include <linux/proc_fs.h>
36 #include <linux/vs_base.h>
37 #include <linux/vserver/inode.h>
38 #include <linux/vserver/debug.h>
39 #include <asm/namei.h>
40 #include <asm/uaccess.h>
42 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
44 /* [Feb-1997 T. Schoebel-Theuer]
45 * Fundamental changes in the pathname lookup mechanisms (namei)
46 * were necessary because of omirr. The reason is that omirr needs
47 * to know the _real_ pathname, not the user-supplied one, in case
48 * of symlinks (and also when transname replacements occur).
50 * The new code replaces the old recursive symlink resolution with
51 * an iterative one (in case of non-nested symlink chains). It does
52 * this with calls to <fs>_follow_link().
53 * As a side effect, dir_namei(), _namei() and follow_link() are now
54 * replaced with a single function lookup_dentry() that can handle all
55 * the special cases of the former code.
57 * With the new dcache, the pathname is stored at each inode, at least as
58 * long as the refcount of the inode is positive. As a side effect, the
59 * size of the dcache depends on the inode cache and thus is dynamic.
61 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
62 * resolution to correspond with current state of the code.
64 * Note that the symlink resolution is not *completely* iterative.
65 * There is still a significant amount of tail- and mid- recursion in
66 * the algorithm. Also, note that <fs>_readlink() is not used in
67 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
68 * may return different results than <fs>_follow_link(). Many virtual
69 * filesystems (including /proc) exhibit this behavior.
72 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
73 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
74 * and the name already exists in form of a symlink, try to create the new
75 * name indicated by the symlink. The old code always complained that the
76 * name already exists, due to not following the symlink even if its target
77 * is nonexistent. The new semantics affects also mknod() and link() when
78 * the name is a symlink pointing to a non-existant name.
80 * I don't know which semantics is the right one, since I have no access
81 * to standards. But I found by trial that HP-UX 9.0 has the full "new"
82 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
83 * "old" one. Personally, I think the new semantics is much more logical.
84 * Note that "ln old new" where "new" is a symlink pointing to a non-existing
85 * file does succeed in both HP-UX and SunOs, but not in Solaris
86 * and in the old Linux semantics.
89 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
90 * semantics. See the comments in "open_namei" and "do_link" below.
92 * [10-Sep-98 Alan Modra] Another symlink change.
95 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
96 * inside the path - always follow.
97 * in the last component in creation/removal/renaming - never follow.
98 * if LOOKUP_FOLLOW passed - follow.
99 * if the pathname has trailing slashes - follow.
100 * otherwise - don't follow.
101 * (applied in that order).
103 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
104 * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
105 * During the 2.4 we need to fix the userland stuff depending on it -
106 * hopefully we will be able to get rid of that wart in 2.5. So far only
107 * XEmacs seems to be relying on it...
110 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
111 * implemented. Let's see if raised priority of ->s_vfs_rename_mutex gives
112 * any extra contention...
115 /* In order to reduce some races, while at the same time doing additional
116 * checking and hopefully speeding things up, we copy filenames to the
117 * kernel data space before using them..
119 * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
120 * PATH_MAX includes the nul terminator --RR.
122 static int do_getname(const char __user *filename, char *page)
125 unsigned long len = PATH_MAX;
127 if (!segment_eq(get_fs(), KERNEL_DS)) {
128 if ((unsigned long) filename >= TASK_SIZE)
130 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
131 len = TASK_SIZE - (unsigned long) filename;
134 retval = strncpy_from_user(page, filename, len);
138 return -ENAMETOOLONG;
144 char * getname(const char __user * filename)
148 result = ERR_PTR(-ENOMEM);
151 int retval = do_getname(filename, tmp);
156 result = ERR_PTR(retval);
159 audit_getname(result);
163 #ifdef CONFIG_AUDITSYSCALL
164 void putname(const char *name)
166 if (unlikely(!audit_dummy_context()))
171 EXPORT_SYMBOL(putname);
176 * generic_permission - check for access rights on a Posix-like filesystem
177 * @inode: inode to check access rights for
178 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
179 * @check_acl: optional callback to check for Posix ACLs
181 * Used to check for read/write/execute permissions on a file.
182 * We use "fsuid" for this, letting us set arbitrary permissions
183 * for filesystem access without changing the "normal" uids which
184 * are used for other things..
186 int generic_permission(struct inode *inode, int mask,
187 int (*check_acl)(struct inode *inode, int mask))
189 umode_t mode = inode->i_mode;
191 if (current->fsuid == inode->i_uid)
194 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
195 int error = check_acl(inode, mask);
196 if (error == -EACCES)
197 goto check_capabilities;
198 else if (error != -EAGAIN)
202 if (in_group_p(inode->i_gid))
207 * If the DACs are ok we don't need any capability check.
209 if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask))
214 * Read/write DACs are always overridable.
215 * Executable DACs are overridable if at least one exec bit is set.
217 if (!(mask & MAY_EXEC) ||
218 (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
219 if (capable(CAP_DAC_OVERRIDE))
223 * Searching includes executable on directories, else just read.
225 if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
226 if (capable(CAP_DAC_READ_SEARCH))
232 static inline int vx_barrier(struct inode *inode)
234 if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN|VX_WATCH)) {
235 vxwprintk(1, "xid=%d did hit the barrier.",
242 static inline int xid_permission(struct inode *inode, int mask, struct nameidata *nd)
244 if (vx_barrier(inode))
246 if (inode->i_xid == 0)
248 #ifdef CONFIG_VSERVER_FILESHARING
249 /* MEF: PlanetLab FS module assumes that any file that can be
250 * named (e.g., via a cross mount) is not hidden from another
251 * context or the admin context.
253 if (vx_check(inode->i_xid,VX_STATIC|VX_DYNAMIC))
256 if (vx_check(inode->i_xid, VX_ADMIN|VX_WATCH|VX_IDENT))
259 vxwprintk(1, "xid=%d denied access to %p[#%d,%lu] »%s«.",
260 vx_current_xid(), inode, inode->i_xid, inode->i_ino,
265 int permission(struct inode *inode, int mask, struct nameidata *nd)
267 umode_t mode = inode->i_mode;
270 if (mask & MAY_WRITE) {
273 * Nobody gets write access to a read-only fs.
275 if ((IS_RDONLY(inode) || (nd && MNT_IS_RDONLY(nd->mnt))) &&
276 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
280 * Nobody gets write access to an immutable file.
282 if (IS_IMMUTABLE(inode))
288 * MAY_EXEC on regular files requires special handling: We override
289 * filesystem execute permissions if the mode bits aren't set.
291 if ((mask & MAY_EXEC) && S_ISREG(mode) && !(mode & S_IXUGO))
294 /* Ordinary permission routines do not understand MAY_APPEND. */
295 submask = mask & ~MAY_APPEND;
296 if ((retval = xid_permission(inode, mask, nd)))
298 if (inode->i_op && inode->i_op->permission)
299 retval = inode->i_op->permission(inode, submask, nd);
301 retval = generic_permission(inode, submask, NULL);
305 return security_inode_permission(inode, mask, nd);
309 * vfs_permission - check for access rights to a given path
310 * @nd: lookup result that describes the path
311 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
313 * Used to check for read/write/execute permissions on a path.
314 * We use "fsuid" for this, letting us set arbitrary permissions
315 * for filesystem access without changing the "normal" uids which
316 * are used for other things.
318 int vfs_permission(struct nameidata *nd, int mask)
320 return permission(nd->dentry->d_inode, mask, nd);
324 * file_permission - check for additional access rights to a given file
325 * @file: file to check access rights for
326 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
328 * Used to check for read/write/execute permissions on an already opened
332 * Do not use this function in new code. All access checks should
333 * be done using vfs_permission().
335 int file_permission(struct file *file, int mask)
337 return permission(file->f_dentry->d_inode, mask, NULL);
341 * get_write_access() gets write permission for a file.
342 * put_write_access() releases this write permission.
343 * This is used for regular files.
344 * We cannot support write (and maybe mmap read-write shared) accesses and
345 * MAP_DENYWRITE mmappings simultaneously. The i_writecount field of an inode
346 * can have the following values:
347 * 0: no writers, no VM_DENYWRITE mappings
348 * < 0: (-i_writecount) vm_area_structs with VM_DENYWRITE set exist
349 * > 0: (i_writecount) users are writing to the file.
351 * Normally we operate on that counter with atomic_{inc,dec} and it's safe
352 * except for the cases where we don't hold i_writecount yet. Then we need to
353 * use {get,deny}_write_access() - these functions check the sign and refuse
354 * to do the change if sign is wrong. Exclusion between them is provided by
355 * the inode->i_lock spinlock.
358 int get_write_access(struct inode * inode)
360 spin_lock(&inode->i_lock);
361 if (atomic_read(&inode->i_writecount) < 0) {
362 spin_unlock(&inode->i_lock);
365 atomic_inc(&inode->i_writecount);
366 spin_unlock(&inode->i_lock);
371 int deny_write_access(struct file * file)
373 struct inode *inode = file->f_dentry->d_inode;
375 spin_lock(&inode->i_lock);
376 if (atomic_read(&inode->i_writecount) > 0) {
377 spin_unlock(&inode->i_lock);
380 atomic_dec(&inode->i_writecount);
381 spin_unlock(&inode->i_lock);
386 void path_release(struct nameidata *nd)
393 * umount() mustn't call path_release()/mntput() as that would clear
396 void path_release_on_umount(struct nameidata *nd)
399 mntput_no_expire(nd->mnt);
403 * release_open_intent - free up open intent resources
404 * @nd: pointer to nameidata
406 void release_open_intent(struct nameidata *nd)
408 if (nd->intent.open.file->f_dentry == NULL)
409 put_filp(nd->intent.open.file);
411 fput(nd->intent.open.file);
414 static inline struct dentry *do_revalidate(struct dentry *dentry, struct nameidata *nd)
416 int status = dentry->d_op->d_revalidate(dentry, nd);
417 if (unlikely(status <= 0)) {
419 * The dentry failed validation.
420 * If d_revalidate returned 0 attempt to invalidate
421 * the dentry otherwise d_revalidate is asking us
422 * to return a fail status.
425 if (!d_invalidate(dentry)) {
431 dentry = ERR_PTR(status);
438 * Internal lookup() using the new generic dcache.
441 static struct dentry * cached_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd)
443 struct dentry * dentry = __d_lookup(parent, name);
445 /* lockess __d_lookup may fail due to concurrent d_move()
446 * in some unrelated directory, so try with d_lookup
449 dentry = d_lookup(parent, name);
451 if (dentry && dentry->d_op && dentry->d_op->d_revalidate)
452 dentry = do_revalidate(dentry, nd);
458 * Short-cut version of permission(), for calling by
459 * path_walk(), when dcache lock is held. Combines parts
460 * of permission() and generic_permission(), and tests ONLY for
461 * MAY_EXEC permission.
463 * If appropriate, check DAC only. If not appropriate, or
464 * short-cut DAC fails, then call permission() to do more
465 * complete permission check.
467 static int exec_permission_lite(struct inode *inode,
468 struct nameidata *nd)
470 umode_t mode = inode->i_mode;
472 if (vx_barrier(inode))
474 if (inode->i_op && inode->i_op->permission)
477 if (current->fsuid == inode->i_uid)
479 else if (in_group_p(inode->i_gid))
485 if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
488 if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_OVERRIDE))
491 if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
496 return security_inode_permission(inode, MAY_EXEC, nd);
500 * This is called when everything else fails, and we actually have
501 * to go to the low-level filesystem to find out what we should do..
503 * We get the directory semaphore, and after getting that we also
504 * make sure that nobody added the entry to the dcache in the meantime..
507 static struct dentry * real_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd)
509 struct dentry * result;
510 struct inode *dir = parent->d_inode;
512 mutex_lock(&dir->i_mutex);
514 * First re-do the cached lookup just in case it was created
515 * while we waited for the directory semaphore..
517 * FIXME! This could use version numbering or similar to
518 * avoid unnecessary cache lookups.
520 * The "dcache_lock" is purely to protect the RCU list walker
521 * from concurrent renames at this point (we mustn't get false
522 * negatives from the RCU list walk here, unlike the optimistic
525 * so doing d_lookup() (with seqlock), instead of lockfree __d_lookup
527 result = d_lookup(parent, name);
529 struct dentry * dentry = d_alloc(parent, name);
530 result = ERR_PTR(-ENOMEM);
532 result = dir->i_op->lookup(dir, dentry, nd);
538 mutex_unlock(&dir->i_mutex);
543 * Uhhuh! Nasty case: the cache was re-populated while
544 * we waited on the semaphore. Need to revalidate.
546 mutex_unlock(&dir->i_mutex);
547 if (result->d_op && result->d_op->d_revalidate) {
548 result = do_revalidate(result, nd);
550 result = ERR_PTR(-ENOENT);
555 static int __emul_lookup_dentry(const char *, struct nameidata *);
558 static __always_inline int
559 walk_init_root(const char *name, struct nameidata *nd)
561 read_lock(¤t->fs->lock);
562 if (current->fs->altroot && !(nd->flags & LOOKUP_NOALT)) {
563 nd->mnt = mntget(current->fs->altrootmnt);
564 nd->dentry = dget(current->fs->altroot);
565 read_unlock(¤t->fs->lock);
566 if (__emul_lookup_dentry(name,nd))
568 read_lock(¤t->fs->lock);
570 nd->mnt = mntget(current->fs->rootmnt);
571 nd->dentry = dget(current->fs->root);
572 read_unlock(¤t->fs->lock);
576 static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
585 if (!walk_init_root(link, nd))
586 /* weird __emul_prefix() stuff did it */
589 res = link_path_walk(link, nd);
591 if (nd->depth || res || nd->last_type!=LAST_NORM)
594 * If it is an iterative symlinks resolution in open_namei() we
595 * have to copy the last component. And all that crap because of
596 * bloody create() on broken symlinks. Furrfu...
599 if (unlikely(!name)) {
603 strcpy(name, nd->last.name);
604 nd->last.name = name;
608 return PTR_ERR(link);
612 struct vfsmount *mnt;
613 struct dentry *dentry;
616 static inline void dput_path(struct path *path, struct nameidata *nd)
619 if (path->mnt != nd->mnt)
623 static inline void path_to_nameidata(struct path *path, struct nameidata *nd)
626 if (nd->mnt != path->mnt)
629 nd->dentry = path->dentry;
632 static __always_inline int __do_follow_link(struct path *path, struct nameidata *nd)
636 struct dentry *dentry = path->dentry;
638 touch_atime(path->mnt, dentry);
639 nd_set_link(nd, NULL);
641 if (path->mnt != nd->mnt) {
642 path_to_nameidata(path, nd);
646 cookie = dentry->d_inode->i_op->follow_link(dentry, nd);
647 error = PTR_ERR(cookie);
648 if (!IS_ERR(cookie)) {
649 char *s = nd_get_link(nd);
652 error = __vfs_follow_link(nd, s);
653 if (dentry->d_inode->i_op->put_link)
654 dentry->d_inode->i_op->put_link(dentry, nd, cookie);
663 * This limits recursive symlink follows to 8, while
664 * limiting consecutive symlinks to 40.
666 * Without that kind of total limit, nasty chains of consecutive
667 * symlinks can cause almost arbitrarily long lookups.
669 static inline int do_follow_link(struct path *path, struct nameidata *nd)
672 if (current->link_count >= MAX_NESTED_LINKS)
674 if (current->total_link_count >= 40)
676 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
678 err = security_inode_follow_link(path->dentry, nd);
681 current->link_count++;
682 current->total_link_count++;
684 err = __do_follow_link(path, nd);
685 current->link_count--;
694 int follow_up(struct vfsmount **mnt, struct dentry **dentry)
696 struct vfsmount *parent;
697 struct dentry *mountpoint;
698 spin_lock(&vfsmount_lock);
699 parent=(*mnt)->mnt_parent;
700 if (parent == *mnt) {
701 spin_unlock(&vfsmount_lock);
705 mountpoint=dget((*mnt)->mnt_mountpoint);
706 spin_unlock(&vfsmount_lock);
708 *dentry = mountpoint;
714 /* no need for dcache_lock, as serialization is taken care in
717 static int __follow_mount(struct path *path)
720 while (d_mountpoint(path->dentry)) {
721 struct vfsmount *mounted = lookup_mnt(path->mnt, path->dentry);
728 path->dentry = dget(mounted->mnt_root);
734 static void follow_mount(struct vfsmount **mnt, struct dentry **dentry)
736 while (d_mountpoint(*dentry)) {
737 struct vfsmount *mounted = lookup_mnt(*mnt, *dentry);
743 *dentry = dget(mounted->mnt_root);
747 /* no need for dcache_lock, as serialization is taken care in
750 int follow_down(struct vfsmount **mnt, struct dentry **dentry)
752 struct vfsmount *mounted;
754 mounted = lookup_mnt(*mnt, *dentry);
759 *dentry = dget(mounted->mnt_root);
765 static __always_inline void follow_dotdot(struct nameidata *nd)
768 struct vfsmount *parent;
769 struct dentry *old = nd->dentry;
771 read_lock(¤t->fs->lock);
772 if (nd->dentry == current->fs->root &&
773 nd->mnt == current->fs->rootmnt) {
774 read_unlock(¤t->fs->lock);
775 /* for sane '/' avoid follow_mount() */
778 read_unlock(¤t->fs->lock);
779 spin_lock(&dcache_lock);
780 if (nd->dentry != nd->mnt->mnt_root) {
781 nd->dentry = dget(nd->dentry->d_parent);
782 spin_unlock(&dcache_lock);
786 spin_unlock(&dcache_lock);
787 spin_lock(&vfsmount_lock);
788 parent = nd->mnt->mnt_parent;
789 if (parent == nd->mnt) {
790 spin_unlock(&vfsmount_lock);
794 nd->dentry = dget(nd->mnt->mnt_mountpoint);
795 spin_unlock(&vfsmount_lock);
800 follow_mount(&nd->mnt, &nd->dentry);
804 * It's more convoluted than I'd like it to be, but... it's still fairly
805 * small and for now I'd prefer to have fast path as straight as possible.
806 * It _is_ time-critical.
808 static int do_lookup(struct nameidata *nd, struct qstr *name,
809 struct path *path, int atomic)
811 struct vfsmount *mnt = nd->mnt;
812 struct dentry *dentry = __d_lookup(nd->dentry, name);
817 if (dentry->d_op && dentry->d_op->d_revalidate)
818 goto need_revalidate;
820 inode = dentry->d_inode;
824 #ifdef CONFIG_VSERVER_FILESHARING
825 /* MEF: PlanetLab FS module assumes that any file that can be
826 * named (e.g., via a cross mount) is not hidden from another
827 * context or the admin context.
829 if (vx_check(inode->i_xid,VX_STATIC|VX_DYNAMIC|VX_ADMIN)) {
832 else /* do the following check */
834 if (!vx_check(inode->i_xid, VX_WATCH|VX_ADMIN|VX_HOSTID|VX_IDENT))
836 if (inode->i_sb->s_magic == PROC_SUPER_MAGIC) {
837 struct proc_dir_entry *de = PDE(inode);
839 if (de && !vx_hide_check(0, de->vx_flags))
844 path->dentry = dentry;
845 __follow_mount(path);
848 vxwprintk(1, "xid=%d did lookup hidden %p[#%d,%lu] »%s«.",
849 vx_current_xid(), inode, inode->i_xid, inode->i_ino,
850 vxd_path(dentry, mnt));
856 return -EWOULDBLOCKIO;
857 dentry = real_lookup(nd->dentry, name, nd);
864 return -EWOULDBLOCKIO;
865 dentry = do_revalidate(dentry, nd);
873 return PTR_ERR(dentry);
878 * This is the basic name resolution function, turning a pathname into
879 * the final dentry. We expect 'base' to be positive and a directory.
881 * Returns 0 and nd will have valid dentry and mnt on success.
882 * Returns error and drops reference to input namei data on failure.
884 static fastcall int __link_path_walk(const char * name, struct nameidata *nd)
889 unsigned int lookup_flags = nd->flags;
891 atomic = (lookup_flags & LOOKUP_ATOMIC);
898 inode = nd->dentry->d_inode;
900 lookup_flags = LOOKUP_FOLLOW | (nd->flags & LOOKUP_CONTINUE);
902 /* At this point we know we have a real path component. */
908 nd->flags |= LOOKUP_CONTINUE;
909 err = exec_permission_lite(inode, nd);
911 err = vfs_permission(nd, MAY_EXEC);
916 c = *(const unsigned char *)name;
918 hash = init_name_hash();
921 hash = partial_name_hash(c, hash);
922 c = *(const unsigned char *)name;
923 } while (c && (c != '/'));
924 this.len = name - (const char *) this.name;
925 this.hash = end_name_hash(hash);
927 /* remove trailing slashes? */
930 while (*++name == '/');
932 goto last_with_slashes;
935 * "." and ".." are special - ".." especially so because it has
936 * to be able to know about the current root directory and
937 * parent relationships.
939 if (this.name[0] == '.') switch (this.len) {
943 if (this.name[1] != '.')
946 inode = nd->dentry->d_inode;
952 * See if the low-level filesystem might want
953 * to use its own hash..
955 if (nd->dentry->d_op && nd->dentry->d_op->d_hash) {
956 err = nd->dentry->d_op->d_hash(nd->dentry, &this);
960 /* This does the actual lookups.. */
961 err = do_lookup(nd, &this, &next, atomic);
966 inode = next.dentry->d_inode;
973 if (inode->i_op->follow_link) {
974 err = do_follow_link(&next, nd);
978 inode = nd->dentry->d_inode;
985 path_to_nameidata(&next, nd);
987 if (!inode->i_op->lookup)
990 /* here ends the main loop */
993 lookup_flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
995 /* Clear LOOKUP_CONTINUE iff it was previously unset */
996 nd->flags &= lookup_flags | ~LOOKUP_CONTINUE;
997 if (lookup_flags & LOOKUP_PARENT)
999 if (this.name[0] == '.') switch (this.len) {
1003 if (this.name[1] != '.')
1006 inode = nd->dentry->d_inode;
1011 if (nd->dentry->d_op && nd->dentry->d_op->d_hash) {
1012 err = nd->dentry->d_op->d_hash(nd->dentry, &this);
1016 err = do_lookup(nd, &this, &next, atomic);
1019 inode = next.dentry->d_inode;
1020 if ((lookup_flags & LOOKUP_FOLLOW)
1021 && inode && inode->i_op && inode->i_op->follow_link) {
1022 err = do_follow_link(&next, nd);
1025 inode = nd->dentry->d_inode;
1027 path_to_nameidata(&next, nd);
1031 if (lookup_flags & LOOKUP_DIRECTORY) {
1033 if (!inode->i_op || !inode->i_op->lookup)
1039 nd->last_type = LAST_NORM;
1040 if (this.name[0] != '.')
1043 nd->last_type = LAST_DOT;
1044 else if (this.len == 2 && this.name[1] == '.')
1045 nd->last_type = LAST_DOTDOT;
1050 * We bypassed the ordinary revalidation routines.
1051 * We may need to check the cached dentry for staleness.
1053 if (nd->dentry && nd->dentry->d_sb &&
1054 (nd->dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)) {
1056 /* Note: we do not d_invalidate() */
1057 if (!nd->dentry->d_op->d_revalidate(nd->dentry, nd))
1063 dput_path(&next, nd);
1072 * Wrapper to retry pathname resolution whenever the underlying
1073 * file system returns an ESTALE.
1075 * Retry the whole path once, forcing real lookup requests
1076 * instead of relying on the dcache.
1078 int fastcall link_path_walk(const char *name, struct nameidata *nd)
1080 struct nameidata save = *nd;
1083 /* make sure the stuff we saved doesn't go away */
1087 result = __link_path_walk(name, nd);
1088 if (result == -ESTALE) {
1092 nd->flags |= LOOKUP_REVAL;
1093 result = __link_path_walk(name, nd);
1102 int fastcall path_walk(const char * name, struct nameidata *nd)
1104 current->total_link_count = 0;
1105 return link_path_walk(name, nd);
1109 * SMP-safe: Returns 1 and nd will have valid dentry and mnt, if
1110 * everything is done. Returns 0 and drops input nd, if lookup failed;
1112 static int __emul_lookup_dentry(const char *name, struct nameidata *nd)
1114 if (path_walk(name, nd))
1115 return 0; /* something went wrong... */
1117 if (!nd->dentry->d_inode || S_ISDIR(nd->dentry->d_inode->i_mode)) {
1118 struct dentry *old_dentry = nd->dentry;
1119 struct vfsmount *old_mnt = nd->mnt;
1120 struct qstr last = nd->last;
1121 int last_type = nd->last_type;
1123 * NAME was not found in alternate root or it's a directory. Try to find
1124 * it in the normal root:
1126 nd->last_type = LAST_ROOT;
1127 read_lock(¤t->fs->lock);
1128 nd->mnt = mntget(current->fs->rootmnt);
1129 nd->dentry = dget(current->fs->root);
1130 read_unlock(¤t->fs->lock);
1131 if (path_walk(name, nd) == 0) {
1132 if (nd->dentry->d_inode) {
1139 nd->dentry = old_dentry;
1142 nd->last_type = last_type;
1147 void set_fs_altroot(void)
1149 char *emul = __emul_prefix();
1150 struct nameidata nd;
1151 struct vfsmount *mnt = NULL, *oldmnt;
1152 struct dentry *dentry = NULL, *olddentry;
1157 err = path_lookup(emul, LOOKUP_FOLLOW|LOOKUP_DIRECTORY|LOOKUP_NOALT, &nd);
1163 write_lock(¤t->fs->lock);
1164 oldmnt = current->fs->altrootmnt;
1165 olddentry = current->fs->altroot;
1166 current->fs->altrootmnt = mnt;
1167 current->fs->altroot = dentry;
1168 write_unlock(¤t->fs->lock);
1175 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
1176 static int fastcall do_path_lookup(int dfd, const char *name,
1177 unsigned int flags, struct nameidata *nd)
1183 nd->last_type = LAST_ROOT; /* if there are only slashes... */
1188 read_lock(¤t->fs->lock);
1189 if (current->fs->altroot && !(nd->flags & LOOKUP_NOALT)) {
1190 nd->mnt = mntget(current->fs->altrootmnt);
1191 nd->dentry = dget(current->fs->altroot);
1192 read_unlock(¤t->fs->lock);
1193 if (__emul_lookup_dentry(name,nd))
1194 goto out; /* found in altroot */
1195 read_lock(¤t->fs->lock);
1197 nd->mnt = mntget(current->fs->rootmnt);
1198 nd->dentry = dget(current->fs->root);
1199 read_unlock(¤t->fs->lock);
1200 } else if (dfd == AT_FDCWD) {
1201 read_lock(¤t->fs->lock);
1202 nd->mnt = mntget(current->fs->pwdmnt);
1203 nd->dentry = dget(current->fs->pwd);
1204 read_unlock(¤t->fs->lock);
1206 struct dentry *dentry;
1208 file = fget_light(dfd, &fput_needed);
1213 dentry = file->f_dentry;
1216 if (!S_ISDIR(dentry->d_inode->i_mode))
1219 retval = file_permission(file, MAY_EXEC);
1223 nd->mnt = mntget(file->f_vfsmnt);
1224 nd->dentry = dget(dentry);
1226 fput_light(file, fput_needed);
1228 current->total_link_count = 0;
1229 retval = link_path_walk(name, nd);
1231 if (likely(retval == 0)) {
1232 if (unlikely(!audit_dummy_context() && nd && nd->dentry &&
1233 nd->dentry->d_inode))
1234 audit_inode(name, nd->dentry->d_inode);
1240 fput_light(file, fput_needed);
1244 int fastcall path_lookup(const char *name, unsigned int flags,
1245 struct nameidata *nd)
1247 return do_path_lookup(AT_FDCWD, name, flags, nd);
1250 static int __path_lookup_intent_open(int dfd, const char *name,
1251 unsigned int lookup_flags, struct nameidata *nd,
1252 int open_flags, int create_mode)
1254 struct file *filp = get_empty_filp();
1259 nd->intent.open.file = filp;
1260 nd->intent.open.flags = open_flags;
1261 nd->intent.open.create_mode = create_mode;
1262 err = do_path_lookup(dfd, name, lookup_flags|LOOKUP_OPEN, nd);
1263 if (IS_ERR(nd->intent.open.file)) {
1265 err = PTR_ERR(nd->intent.open.file);
1268 } else if (err != 0)
1269 release_open_intent(nd);
1274 * path_lookup_open - lookup a file path with open intent
1275 * @dfd: the directory to use as base, or AT_FDCWD
1276 * @name: pointer to file name
1277 * @lookup_flags: lookup intent flags
1278 * @nd: pointer to nameidata
1279 * @open_flags: open intent flags
1281 int path_lookup_open(int dfd, const char *name, unsigned int lookup_flags,
1282 struct nameidata *nd, int open_flags)
1284 return __path_lookup_intent_open(dfd, name, lookup_flags, nd,
1289 * path_lookup_create - lookup a file path with open + create intent
1290 * @dfd: the directory to use as base, or AT_FDCWD
1291 * @name: pointer to file name
1292 * @lookup_flags: lookup intent flags
1293 * @nd: pointer to nameidata
1294 * @open_flags: open intent flags
1295 * @create_mode: create intent flags
1297 static int path_lookup_create(int dfd, const char *name,
1298 unsigned int lookup_flags, struct nameidata *nd,
1299 int open_flags, int create_mode)
1301 return __path_lookup_intent_open(dfd, name, lookup_flags|LOOKUP_CREATE,
1302 nd, open_flags, create_mode);
1305 int __user_path_lookup_open(const char __user *name, unsigned int lookup_flags,
1306 struct nameidata *nd, int open_flags)
1308 char *tmp = getname(name);
1309 int err = PTR_ERR(tmp);
1312 err = __path_lookup_intent_open(AT_FDCWD, tmp, lookup_flags, nd, open_flags, 0);
1319 * Restricted form of lookup. Doesn't follow links, single-component only,
1320 * needs parent already locked. Doesn't follow mounts.
1323 static struct dentry * __lookup_hash(struct qstr *name, struct dentry * base, struct nameidata *nd)
1325 struct dentry * dentry;
1326 struct inode *inode;
1329 inode = base->d_inode;
1330 err = permission(inode, MAY_EXEC, nd);
1331 dentry = ERR_PTR(err);
1336 * See if the low-level filesystem might want
1337 * to use its own hash..
1339 if (base->d_op && base->d_op->d_hash) {
1340 err = base->d_op->d_hash(base, name);
1341 dentry = ERR_PTR(err);
1346 dentry = cached_lookup(base, name, nd);
1348 struct dentry *new = d_alloc(base, name);
1349 dentry = ERR_PTR(-ENOMEM);
1352 dentry = inode->i_op->lookup(inode, new, nd);
1362 static struct dentry *lookup_hash(struct nameidata *nd)
1364 return __lookup_hash(&nd->last, nd->dentry, nd);
1368 struct dentry * lookup_one_len(const char * name, struct dentry * base, int len)
1379 hash = init_name_hash();
1381 c = *(const unsigned char *)name++;
1382 if (c == '/' || c == '\0')
1384 hash = partial_name_hash(c, hash);
1386 this.hash = end_name_hash(hash);
1388 return __lookup_hash(&this, base, NULL);
1390 return ERR_PTR(-EACCES);
1396 * is used by most simple commands to get the inode of a specified name.
1397 * Open, link etc use their own routines, but this is enough for things
1400 * namei exists in two versions: namei/lnamei. The only difference is
1401 * that namei follows links, while lnamei does not.
1404 int fastcall __user_walk_fd(int dfd, const char __user *name, unsigned flags,
1405 struct nameidata *nd)
1407 char *tmp = getname(name);
1408 int err = PTR_ERR(tmp);
1411 err = do_path_lookup(dfd, tmp, flags, nd);
1417 int fastcall __user_walk(const char __user *name, unsigned flags, struct nameidata *nd)
1419 return __user_walk_fd(AT_FDCWD, name, flags, nd);
1423 * It's inline, so penalty for filesystems that don't use sticky bit is
1426 static inline int check_sticky(struct inode *dir, struct inode *inode)
1428 if (!(dir->i_mode & S_ISVTX))
1430 if (inode->i_uid == current->fsuid)
1432 if (dir->i_uid == current->fsuid)
1434 return !capable(CAP_FOWNER);
1438 * Check whether we can remove a link victim from directory dir, check
1439 * whether the type of victim is right.
1440 * 1. We can't do it if dir is read-only (done in permission())
1441 * 2. We should have write and exec permissions on dir
1442 * 3. We can't remove anything from append-only dir
1443 * 4. We can't do anything with immutable dir (done in permission())
1444 * 5. If the sticky bit on dir is set we should either
1445 * a. be owner of dir, or
1446 * b. be owner of victim, or
1447 * c. have CAP_FOWNER capability
1448 * 6. If the victim is append-only or immutable we can't do antyhing with
1449 * links pointing to it.
1450 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
1451 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
1452 * 9. We can't remove a root or mountpoint.
1453 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
1454 * nfs_async_unlink().
1456 static int may_delete(struct inode *dir, struct dentry *victim,
1457 int isdir, struct nameidata *nd)
1461 if (!victim->d_inode)
1464 BUG_ON(victim->d_parent->d_inode != dir);
1465 audit_inode_child(victim->d_name.name, victim->d_inode, dir);
1467 error = permission(dir,MAY_WRITE | MAY_EXEC, nd);
1472 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1473 IS_IXORUNLINK(victim->d_inode))
1476 if (!S_ISDIR(victim->d_inode->i_mode))
1478 if (IS_ROOT(victim))
1480 } else if (S_ISDIR(victim->d_inode->i_mode))
1482 if (IS_DEADDIR(dir))
1484 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1489 /* Check whether we can create an object with dentry child in directory
1491 * 1. We can't do it if child already exists (open has special treatment for
1492 * this case, but since we are inlined it's OK)
1493 * 2. We can't do it if dir is read-only (done in permission())
1494 * 3. We should have write and exec permissions on dir
1495 * 4. We can't do it if dir is immutable (done in permission())
1497 static inline int may_create(struct inode *dir, struct dentry *child,
1498 struct nameidata *nd)
1502 if (IS_DEADDIR(dir))
1504 return permission(dir,MAY_WRITE | MAY_EXEC, nd);
1508 * O_DIRECTORY translates into forcing a directory lookup.
1510 static inline int lookup_flags(unsigned int f)
1512 unsigned long retval = LOOKUP_FOLLOW;
1515 retval &= ~LOOKUP_FOLLOW;
1517 if (f & O_DIRECTORY)
1518 retval |= LOOKUP_DIRECTORY;
1519 if (f & O_ATOMICLOOKUP)
1520 retval |= LOOKUP_ATOMIC;
1526 * p1 and p2 should be directories on the same fs.
1528 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1533 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1537 mutex_lock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1539 for (p = p1; p->d_parent != p; p = p->d_parent) {
1540 if (p->d_parent == p2) {
1541 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_PARENT);
1542 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_CHILD);
1547 for (p = p2; p->d_parent != p; p = p->d_parent) {
1548 if (p->d_parent == p1) {
1549 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1550 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1555 mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
1556 mutex_lock_nested(&p2->d_inode->i_mutex, I_MUTEX_CHILD);
1560 void unlock_rename(struct dentry *p1, struct dentry *p2)
1562 mutex_unlock(&p1->d_inode->i_mutex);
1564 mutex_unlock(&p2->d_inode->i_mutex);
1565 mutex_unlock(&p1->d_inode->i_sb->s_vfs_rename_mutex);
1569 int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1570 struct nameidata *nd)
1572 int error = may_create(dir, dentry, nd);
1577 if (!dir->i_op || !dir->i_op->create)
1578 return -EACCES; /* shouldn't it be ENOSYS? */
1581 error = security_inode_create(dir, dentry, mode);
1585 error = dir->i_op->create(dir, dentry, mode, nd);
1587 fsnotify_create(dir, dentry);
1591 int may_open(struct nameidata *nd, int acc_mode, int flag)
1593 struct dentry *dentry = nd->dentry;
1594 struct inode *inode = dentry->d_inode;
1600 if (S_ISLNK(inode->i_mode))
1603 if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
1606 error = vfs_permission(nd, acc_mode);
1611 * FIFO's, sockets and device files are special: they don't
1612 * actually live on the filesystem itself, and as such you
1613 * can write to them even if the filesystem is read-only.
1615 if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
1617 } else if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {
1618 if (nd->mnt->mnt_flags & MNT_NODEV)
1622 } else if ((IS_RDONLY(inode) || MNT_IS_RDONLY(nd->mnt))
1623 && (flag & FMODE_WRITE))
1626 * An append-only file must be opened in append mode for writing.
1628 if (IS_APPEND(inode)) {
1629 if ((flag & FMODE_WRITE) && !(flag & O_APPEND))
1635 /* O_NOATIME can only be set by the owner or superuser */
1636 if (flag & O_NOATIME)
1637 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
1641 * Ensure there are no outstanding leases on the file.
1643 error = break_lease(inode, flag);
1647 if (flag & O_TRUNC) {
1648 error = get_write_access(inode);
1653 * Refuse to truncate files with mandatory locks held on them.
1655 error = locks_verify_locked(inode);
1659 error = do_truncate(dentry, 0, ATTR_MTIME|ATTR_CTIME, NULL);
1661 put_write_access(inode);
1665 if (flag & FMODE_WRITE)
1674 * namei for open - this is in fact almost the whole open-routine.
1676 * Note that the low bits of "flag" aren't the same as in the open
1677 * system call - they are 00 - no permissions needed
1678 * 01 - read permission needed
1679 * 10 - write permission needed
1680 * 11 - read/write permissions needed
1681 * which is a lot more logical, and also allows the "no perm" needed
1682 * for symlinks (where the permissions are checked later).
1685 int open_namei(int dfd, const char *pathname, int flag,
1686 int mode, struct nameidata *nd)
1688 int acc_mode, error;
1693 acc_mode = ACC_MODE(flag);
1695 /* O_TRUNC implies we need access checks for write permissions */
1697 acc_mode |= MAY_WRITE;
1699 /* Allow the LSM permission hook to distinguish append
1700 access from general write access. */
1701 if (flag & O_APPEND)
1702 acc_mode |= MAY_APPEND;
1705 * The simplest case - just a plain lookup.
1707 if (!(flag & O_CREAT)) {
1708 error = path_lookup_open(dfd, pathname, lookup_flags(flag),
1716 * Create - we need to know the parent.
1718 error = path_lookup_create(dfd,pathname,LOOKUP_PARENT,nd,flag,mode);
1723 * We have the parent and last component. First of all, check
1724 * that we are not asked to creat(2) an obvious directory - that
1728 if (nd->last_type != LAST_NORM || nd->last.name[nd->last.len])
1732 nd->flags &= ~LOOKUP_PARENT;
1733 mutex_lock(&dir->d_inode->i_mutex);
1734 path.dentry = lookup_hash(nd);
1738 error = PTR_ERR(path.dentry);
1739 if (IS_ERR(path.dentry)) {
1740 mutex_unlock(&dir->d_inode->i_mutex);
1744 if (IS_ERR(nd->intent.open.file)) {
1745 mutex_unlock(&dir->d_inode->i_mutex);
1746 error = PTR_ERR(nd->intent.open.file);
1750 /* Negative dentry, just create the file */
1751 if (!path.dentry->d_inode) {
1752 if (!IS_POSIXACL(dir->d_inode))
1753 mode &= ~current->fs->umask;
1754 error = vfs_create(dir->d_inode, path.dentry, mode, nd);
1755 mutex_unlock(&dir->d_inode->i_mutex);
1757 nd->dentry = path.dentry;
1760 /* Don't check for write permission, don't truncate */
1767 * It already exists.
1769 mutex_unlock(&dir->d_inode->i_mutex);
1770 audit_inode_update(path.dentry->d_inode);
1776 if (__follow_mount(&path)) {
1778 if (flag & O_NOFOLLOW)
1783 if (!path.dentry->d_inode)
1785 if (path.dentry->d_inode->i_op && path.dentry->d_inode->i_op->follow_link)
1788 path_to_nameidata(&path, nd);
1790 if (path.dentry->d_inode && S_ISDIR(path.dentry->d_inode->i_mode))
1793 error = may_open(nd, acc_mode, flag);
1799 dput_path(&path, nd);
1801 if (!IS_ERR(nd->intent.open.file))
1802 release_open_intent(nd);
1808 if (flag & O_NOFOLLOW)
1811 * This is subtle. Instead of calling do_follow_link() we do the
1812 * thing by hands. The reason is that this way we have zero link_count
1813 * and path_walk() (called from ->follow_link) honoring LOOKUP_PARENT.
1814 * After that we have the parent and last component, i.e.
1815 * we are in the same situation as after the first path_walk().
1816 * Well, almost - if the last component is normal we get its copy
1817 * stored in nd->last.name and we will have to putname() it when we
1818 * are done. Procfs-like symlinks just set LAST_BIND.
1820 nd->flags |= LOOKUP_PARENT;
1821 error = security_inode_follow_link(path.dentry, nd);
1824 error = __do_follow_link(&path, nd);
1826 /* Does someone understand code flow here? Or it is only
1827 * me so stupid? Anathema to whoever designed this non-sense
1828 * with "intent.open".
1830 release_open_intent(nd);
1833 nd->flags &= ~LOOKUP_PARENT;
1834 if (nd->last_type == LAST_BIND)
1837 if (nd->last_type != LAST_NORM)
1839 if (nd->last.name[nd->last.len]) {
1840 __putname(nd->last.name);
1845 __putname(nd->last.name);
1849 mutex_lock(&dir->d_inode->i_mutex);
1850 path.dentry = lookup_hash(nd);
1852 __putname(nd->last.name);
1857 * lookup_create - lookup a dentry, creating it if it doesn't exist
1858 * @nd: nameidata info
1859 * @is_dir: directory flag
1861 * Simple function to lookup and return a dentry and create it
1862 * if it doesn't exist. Is SMP-safe.
1864 * Returns with nd->dentry->d_inode->i_mutex locked.
1866 struct dentry *lookup_create(struct nameidata *nd, int is_dir)
1868 struct dentry *dentry = ERR_PTR(-EEXIST);
1870 mutex_lock_nested(&nd->dentry->d_inode->i_mutex, I_MUTEX_PARENT);
1872 * Yucky last component or no last component at all?
1873 * (foo/., foo/.., /////)
1875 if (nd->last_type != LAST_NORM)
1877 nd->flags &= ~LOOKUP_PARENT;
1878 nd->flags |= LOOKUP_CREATE;
1879 nd->intent.open.flags = O_EXCL;
1882 * Do the final lookup.
1884 dentry = lookup_hash(nd);
1889 * Special case - lookup gave negative, but... we had foo/bar/
1890 * From the vfs_mknod() POV we just have a negative dentry -
1891 * all is fine. Let's be bastards - you had / on the end, you've
1892 * been asking for (non-existent) directory. -ENOENT for you.
1894 if (!is_dir && nd->last.name[nd->last.len] && !dentry->d_inode)
1899 dentry = ERR_PTR(-ENOENT);
1903 EXPORT_SYMBOL_GPL(lookup_create);
1905 int vfs_mknod(struct inode *dir, struct dentry *dentry,
1906 int mode, dev_t dev, struct nameidata *nd)
1908 int error = may_create(dir, dentry, nd);
1913 if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
1916 if (!dir->i_op || !dir->i_op->mknod)
1919 error = security_inode_mknod(dir, dentry, mode, dev);
1924 error = dir->i_op->mknod(dir, dentry, mode, dev);
1926 fsnotify_create(dir, dentry);
1930 asmlinkage long sys_mknodat(int dfd, const char __user *filename, int mode,
1935 struct dentry * dentry;
1936 struct nameidata nd;
1940 tmp = getname(filename);
1942 return PTR_ERR(tmp);
1944 error = do_path_lookup(dfd, tmp, LOOKUP_PARENT, &nd);
1947 dentry = lookup_create(&nd, 0);
1948 error = PTR_ERR(dentry);
1950 if (!IS_POSIXACL(nd.dentry->d_inode))
1951 mode &= ~current->fs->umask;
1952 if (!IS_ERR(dentry)) {
1953 switch (mode & S_IFMT) {
1954 case 0: case S_IFREG:
1955 error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd);
1957 case S_IFCHR: case S_IFBLK:
1958 error = vfs_mknod(nd.dentry->d_inode, dentry, mode,
1959 new_decode_dev(dev), &nd);
1961 case S_IFIFO: case S_IFSOCK:
1962 error = vfs_mknod(nd.dentry->d_inode, dentry, mode,
1973 mutex_unlock(&nd.dentry->d_inode->i_mutex);
1981 asmlinkage long sys_mknod(const char __user *filename, int mode, unsigned dev)
1983 return sys_mknodat(AT_FDCWD, filename, mode, dev);
1986 int vfs_mkdir(struct inode *dir, struct dentry *dentry,
1987 int mode, struct nameidata *nd)
1989 int error = may_create(dir, dentry, nd);
1994 if (!dir->i_op || !dir->i_op->mkdir)
1997 mode &= (S_IRWXUGO|S_ISVTX);
1998 error = security_inode_mkdir(dir, dentry, mode);
2003 error = dir->i_op->mkdir(dir, dentry, mode);
2005 fsnotify_mkdir(dir, dentry);
2009 asmlinkage long sys_mkdirat(int dfd, const char __user *pathname, int mode)
2014 tmp = getname(pathname);
2015 error = PTR_ERR(tmp);
2017 struct dentry *dentry;
2018 struct nameidata nd;
2020 error = do_path_lookup(dfd, tmp, LOOKUP_PARENT, &nd);
2023 dentry = lookup_create(&nd, 1);
2024 error = PTR_ERR(dentry);
2025 if (!IS_ERR(dentry)) {
2026 if (!IS_POSIXACL(nd.dentry->d_inode))
2027 mode &= ~current->fs->umask;
2028 error = vfs_mkdir(nd.dentry->d_inode, dentry,
2032 mutex_unlock(&nd.dentry->d_inode->i_mutex);
2041 asmlinkage long sys_mkdir(const char __user *pathname, int mode)
2043 return sys_mkdirat(AT_FDCWD, pathname, mode);
2047 * We try to drop the dentry early: we should have
2048 * a usage count of 2 if we're the only user of this
2049 * dentry, and if that is true (possibly after pruning
2050 * the dcache), then we drop the dentry now.
2052 * A low-level filesystem can, if it choses, legally
2055 * if (!d_unhashed(dentry))
2058 * if it cannot handle the case of removing a directory
2059 * that is still in use by something else..
2061 void dentry_unhash(struct dentry *dentry)
2064 if (atomic_read(&dentry->d_count))
2065 shrink_dcache_parent(dentry);
2066 spin_lock(&dcache_lock);
2067 spin_lock(&dentry->d_lock);
2068 if (atomic_read(&dentry->d_count) == 2)
2070 spin_unlock(&dentry->d_lock);
2071 spin_unlock(&dcache_lock);
2074 int vfs_rmdir(struct inode *dir, struct dentry *dentry,
2075 struct nameidata *nd)
2077 int error = may_delete(dir, dentry, 1, nd);
2082 if (!dir->i_op || !dir->i_op->rmdir)
2087 mutex_lock(&dentry->d_inode->i_mutex);
2088 dentry_unhash(dentry);
2089 if (d_mountpoint(dentry))
2092 error = security_inode_rmdir(dir, dentry);
2094 error = dir->i_op->rmdir(dir, dentry);
2096 dentry->d_inode->i_flags |= S_DEAD;
2099 mutex_unlock(&dentry->d_inode->i_mutex);
2108 static long do_rmdir(int dfd, const char __user *pathname)
2112 struct dentry *dentry;
2113 struct nameidata nd;
2115 name = getname(pathname);
2117 return PTR_ERR(name);
2119 error = do_path_lookup(dfd, name, LOOKUP_PARENT, &nd);
2123 switch(nd.last_type) {
2134 mutex_lock_nested(&nd.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2135 dentry = lookup_hash(&nd);
2136 error = PTR_ERR(dentry);
2137 if (!IS_ERR(dentry)) {
2138 error = vfs_rmdir(nd.dentry->d_inode, dentry, &nd);
2141 mutex_unlock(&nd.dentry->d_inode->i_mutex);
2149 asmlinkage long sys_rmdir(const char __user *pathname)
2151 return do_rmdir(AT_FDCWD, pathname);
2154 int vfs_unlink(struct inode *dir, struct dentry *dentry,
2155 struct nameidata *nd)
2157 int error = may_delete(dir, dentry, 0, nd);
2162 if (!dir->i_op || !dir->i_op->unlink)
2167 mutex_lock(&dentry->d_inode->i_mutex);
2168 if (d_mountpoint(dentry))
2171 error = security_inode_unlink(dir, dentry);
2173 error = dir->i_op->unlink(dir, dentry);
2175 mutex_unlock(&dentry->d_inode->i_mutex);
2177 /* We don't d_delete() NFS sillyrenamed files--they still exist. */
2178 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
2186 * Make sure that the actual truncation of the file will occur outside its
2187 * directory's i_mutex. Truncate can take a long time if there is a lot of
2188 * writeout happening, and we don't want to prevent access to the directory
2189 * while waiting on the I/O.
2191 static long do_unlinkat(int dfd, const char __user *pathname)
2195 struct dentry *dentry;
2196 struct nameidata nd;
2197 struct inode *inode = NULL;
2199 name = getname(pathname);
2201 return PTR_ERR(name);
2203 error = do_path_lookup(dfd, name, LOOKUP_PARENT, &nd);
2207 if (nd.last_type != LAST_NORM)
2209 mutex_lock_nested(&nd.dentry->d_inode->i_mutex, I_MUTEX_PARENT);
2210 dentry = lookup_hash(&nd);
2211 error = PTR_ERR(dentry);
2212 if (!IS_ERR(dentry)) {
2213 /* Why not before? Because we want correct error value */
2214 if (nd.last.name[nd.last.len])
2216 inode = dentry->d_inode;
2218 atomic_inc(&inode->i_count);
2219 error = vfs_unlink(nd.dentry->d_inode, dentry, &nd);
2223 mutex_unlock(&nd.dentry->d_inode->i_mutex);
2225 iput(inode); /* truncate the inode here */
2233 error = !dentry->d_inode ? -ENOENT :
2234 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2238 asmlinkage long sys_unlinkat(int dfd, const char __user *pathname, int flag)
2240 if ((flag & ~AT_REMOVEDIR) != 0)
2243 if (flag & AT_REMOVEDIR)
2244 return do_rmdir(dfd, pathname);
2246 return do_unlinkat(dfd, pathname);
2249 asmlinkage long sys_unlink(const char __user *pathname)
2251 return do_unlinkat(AT_FDCWD, pathname);
2254 int vfs_symlink(struct inode *dir, struct dentry *dentry,
2255 const char *oldname, int mode, struct nameidata *nd)
2257 int error = may_create(dir, dentry, nd);
2262 if (!dir->i_op || !dir->i_op->symlink)
2265 error = security_inode_symlink(dir, dentry, oldname);
2270 error = dir->i_op->symlink(dir, dentry, oldname);
2272 fsnotify_create(dir, dentry);
2276 asmlinkage long sys_symlinkat(const char __user *oldname,
2277 int newdfd, const char __user *newname)
2283 from = getname(oldname);
2285 return PTR_ERR(from);
2286 to = getname(newname);
2287 error = PTR_ERR(to);
2289 struct dentry *dentry;
2290 struct nameidata nd;
2292 error = do_path_lookup(newdfd, to, LOOKUP_PARENT, &nd);
2295 dentry = lookup_create(&nd, 0);
2296 error = PTR_ERR(dentry);
2297 if (!IS_ERR(dentry)) {
2298 error = vfs_symlink(nd.dentry->d_inode, dentry,
2299 from, S_IALLUGO, &nd);
2302 mutex_unlock(&nd.dentry->d_inode->i_mutex);
2311 asmlinkage long sys_symlink(const char __user *oldname, const char __user *newname)
2313 return sys_symlinkat(oldname, AT_FDCWD, newname);
2316 int vfs_link(struct dentry *old_dentry, struct inode *dir,
2317 struct dentry *new_dentry, struct nameidata *nd)
2319 struct inode *inode = old_dentry->d_inode;
2325 error = may_create(dir, new_dentry, nd);
2329 if (dir->i_sb != inode->i_sb)
2333 * A link to an append-only or immutable file cannot be created.
2335 if (IS_APPEND(inode) || IS_IXORUNLINK(inode))
2337 if (!dir->i_op || !dir->i_op->link)
2339 if (S_ISDIR(old_dentry->d_inode->i_mode))
2342 error = security_inode_link(old_dentry, dir, new_dentry);
2346 mutex_lock(&old_dentry->d_inode->i_mutex);
2348 error = dir->i_op->link(old_dentry, dir, new_dentry);
2349 mutex_unlock(&old_dentry->d_inode->i_mutex);
2351 fsnotify_create(dir, new_dentry);
2356 * Hardlinks are often used in delicate situations. We avoid
2357 * security-related surprises by not following symlinks on the
2360 * We don't follow them on the oldname either to be compatible
2361 * with linux 2.0, and to avoid hard-linking to directories
2362 * and other special files. --ADM
2364 asmlinkage long sys_linkat(int olddfd, const char __user *oldname,
2365 int newdfd, const char __user *newname,
2368 struct dentry *new_dentry;
2369 struct nameidata nd, old_nd;
2373 if ((flags & ~AT_SYMLINK_FOLLOW) != 0)
2376 to = getname(newname);
2380 error = __user_walk_fd(olddfd, oldname,
2381 flags & AT_SYMLINK_FOLLOW ? LOOKUP_FOLLOW : 0,
2385 error = do_path_lookup(newdfd, to, LOOKUP_PARENT, &nd);
2389 * We allow hard-links to be created to a bind-mount as long
2390 * as the bind-mount is not read-only. Checking for cross-dev
2391 * links is subsumed by the superblock check in vfs_link().
2394 if (MNT_IS_RDONLY(old_nd.mnt))
2396 new_dentry = lookup_create(&nd, 0);
2397 error = PTR_ERR(new_dentry);
2398 if (!IS_ERR(new_dentry)) {
2399 error = vfs_link(old_nd.dentry, nd.dentry->d_inode,
2403 mutex_unlock(&nd.dentry->d_inode->i_mutex);
2407 path_release(&old_nd);
2414 asmlinkage long sys_link(const char __user *oldname, const char __user *newname)
2416 return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
2420 * The worst of all namespace operations - renaming directory. "Perverted"
2421 * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
2423 * a) we can get into loop creation. Check is done in is_subdir().
2424 * b) race potential - two innocent renames can create a loop together.
2425 * That's where 4.4 screws up. Current fix: serialization on
2426 * sb->s_vfs_rename_mutex. We might be more accurate, but that's another
2428 * c) we have to lock _three_ objects - parents and victim (if it exists).
2429 * And that - after we got ->i_mutex on parents (until then we don't know
2430 * whether the target exists). Solution: try to be smart with locking
2431 * order for inodes. We rely on the fact that tree topology may change
2432 * only under ->s_vfs_rename_mutex _and_ that parent of the object we
2433 * move will be locked. Thus we can rank directories by the tree
2434 * (ancestors first) and rank all non-directories after them.
2435 * That works since everybody except rename does "lock parent, lookup,
2436 * lock child" and rename is under ->s_vfs_rename_mutex.
2437 * HOWEVER, it relies on the assumption that any object with ->lookup()
2438 * has no more than 1 dentry. If "hybrid" objects will ever appear,
2439 * we'd better make sure that there's no link(2) for them.
2440 * d) some filesystems don't support opened-but-unlinked directories,
2441 * either because of layout or because they are not ready to deal with
2442 * all cases correctly. The latter will be fixed (taking this sort of
2443 * stuff into VFS), but the former is not going away. Solution: the same
2444 * trick as in rmdir().
2445 * e) conversion from fhandle to dentry may come in the wrong moment - when
2446 * we are removing the target. Solution: we will have to grab ->i_mutex
2447 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
2448 * ->i_mutex on parents, which works but leads to some truely excessive
2451 static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
2452 struct inode *new_dir, struct dentry *new_dentry)
2455 struct inode *target;
2458 * If we are going to change the parent - check write permissions,
2459 * we'll need to flip '..'.
2461 if (new_dir != old_dir) {
2462 error = permission(old_dentry->d_inode, MAY_WRITE, NULL);
2467 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2471 target = new_dentry->d_inode;
2473 mutex_lock(&target->i_mutex);
2474 dentry_unhash(new_dentry);
2476 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
2479 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2482 target->i_flags |= S_DEAD;
2483 mutex_unlock(&target->i_mutex);
2484 if (d_unhashed(new_dentry))
2485 d_rehash(new_dentry);
2489 d_move(old_dentry,new_dentry);
2493 static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
2494 struct inode *new_dir, struct dentry *new_dentry)
2496 struct inode *target;
2499 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2504 target = new_dentry->d_inode;
2506 mutex_lock(&target->i_mutex);
2507 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
2510 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2512 /* The following d_move() should become unconditional */
2513 if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME))
2514 d_move(old_dentry, new_dentry);
2517 mutex_unlock(&target->i_mutex);
2522 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
2523 struct inode *new_dir, struct dentry *new_dentry)
2526 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
2527 const char *old_name;
2529 if (old_dentry->d_inode == new_dentry->d_inode)
2532 error = may_delete(old_dir, old_dentry, is_dir, NULL);
2536 if (!new_dentry->d_inode)
2537 error = may_create(new_dir, new_dentry, NULL);
2539 error = may_delete(new_dir, new_dentry, is_dir, NULL);
2543 if (!old_dir->i_op || !old_dir->i_op->rename)
2546 DQUOT_INIT(old_dir);
2547 DQUOT_INIT(new_dir);
2549 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
2552 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
2554 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
2556 const char *new_name = old_dentry->d_name.name;
2557 fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir,
2558 new_dentry->d_inode, old_dentry->d_inode);
2560 fsnotify_oldname_free(old_name);
2565 static int do_rename(int olddfd, const char *oldname,
2566 int newdfd, const char *newname)
2569 struct dentry * old_dir, * new_dir;
2570 struct dentry * old_dentry, *new_dentry;
2571 struct dentry * trap;
2572 struct nameidata oldnd, newnd;
2574 error = do_path_lookup(olddfd, oldname, LOOKUP_PARENT, &oldnd);
2578 error = do_path_lookup(newdfd, newname, LOOKUP_PARENT, &newnd);
2583 if (oldnd.mnt != newnd.mnt)
2586 old_dir = oldnd.dentry;
2588 if (oldnd.last_type != LAST_NORM)
2591 new_dir = newnd.dentry;
2592 if (newnd.last_type != LAST_NORM)
2595 trap = lock_rename(new_dir, old_dir);
2597 old_dentry = lookup_hash(&oldnd);
2598 error = PTR_ERR(old_dentry);
2599 if (IS_ERR(old_dentry))
2601 /* source must exist */
2603 if (!old_dentry->d_inode)
2605 /* unless the source is a directory trailing slashes give -ENOTDIR */
2606 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
2608 if (oldnd.last.name[oldnd.last.len])
2610 if (newnd.last.name[newnd.last.len])
2613 /* source should not be ancestor of target */
2615 if (old_dentry == trap)
2618 if (MNT_IS_RDONLY(newnd.mnt))
2620 new_dentry = lookup_hash(&newnd);
2621 error = PTR_ERR(new_dentry);
2622 if (IS_ERR(new_dentry))
2624 /* target should not be an ancestor of source */
2626 if (new_dentry == trap)
2629 error = vfs_rename(old_dir->d_inode, old_dentry,
2630 new_dir->d_inode, new_dentry);
2636 unlock_rename(new_dir, old_dir);
2638 path_release(&newnd);
2640 path_release(&oldnd);
2645 asmlinkage long sys_renameat(int olddfd, const char __user *oldname,
2646 int newdfd, const char __user *newname)
2652 from = getname(oldname);
2654 return PTR_ERR(from);
2655 to = getname(newname);
2656 error = PTR_ERR(to);
2658 error = do_rename(olddfd, from, newdfd, to);
2665 asmlinkage long sys_rename(const char __user *oldname, const char __user *newname)
2667 return sys_renameat(AT_FDCWD, oldname, AT_FDCWD, newname);
2670 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
2674 len = PTR_ERR(link);
2679 if (len > (unsigned) buflen)
2681 if (copy_to_user(buffer, link, len))
2688 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
2689 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
2690 * using) it for any given inode is up to filesystem.
2692 int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
2694 struct nameidata nd;
2698 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
2699 if (!IS_ERR(cookie)) {
2700 int res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
2701 if (dentry->d_inode->i_op->put_link)
2702 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
2703 cookie = ERR_PTR(res);
2705 return PTR_ERR(cookie);
2708 int vfs_follow_link(struct nameidata *nd, const char *link)
2710 return __vfs_follow_link(nd, link);
2713 /* get the link contents into pagecache */
2714 static char *page_getlink(struct dentry * dentry, struct page **ppage)
2717 struct address_space *mapping = dentry->d_inode->i_mapping;
2718 page = read_mapping_page(mapping, 0, NULL);
2721 wait_on_page_locked(page);
2722 if (!PageUptodate(page))
2728 page_cache_release(page);
2729 return ERR_PTR(-EIO);
2735 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
2737 struct page *page = NULL;
2738 char *s = page_getlink(dentry, &page);
2739 int res = vfs_readlink(dentry,buffer,buflen,s);
2742 page_cache_release(page);
2747 void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
2749 struct page *page = NULL;
2750 nd_set_link(nd, page_getlink(dentry, &page));
2754 void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
2756 struct page *page = cookie;
2760 page_cache_release(page);
2764 int __page_symlink(struct inode *inode, const char *symname, int len,
2767 struct address_space *mapping = inode->i_mapping;
2773 page = find_or_create_page(mapping, 0, gfp_mask);
2776 err = mapping->a_ops->prepare_write(NULL, page, 0, len-1);
2777 if (err == AOP_TRUNCATED_PAGE) {
2778 page_cache_release(page);
2783 kaddr = kmap_atomic(page, KM_USER0);
2784 memcpy(kaddr, symname, len-1);
2785 kunmap_atomic(kaddr, KM_USER0);
2786 err = mapping->a_ops->commit_write(NULL, page, 0, len-1);
2787 if (err == AOP_TRUNCATED_PAGE) {
2788 page_cache_release(page);
2794 * Notice that we are _not_ going to block here - end of page is
2795 * unmapped, so this will only try to map the rest of page, see
2796 * that it is unmapped (typically even will not look into inode -
2797 * ->i_size will be enough for everything) and zero it out.
2798 * OTOH it's obviously correct and should make the page up-to-date.
2800 if (!PageUptodate(page)) {
2801 err = mapping->a_ops->readpage(NULL, page);
2802 if (err != AOP_TRUNCATED_PAGE)
2803 wait_on_page_locked(page);
2807 page_cache_release(page);
2810 mark_inode_dirty(inode);
2814 page_cache_release(page);
2819 int page_symlink(struct inode *inode, const char *symname, int len)
2821 return __page_symlink(inode, symname, len,
2822 mapping_gfp_mask(inode->i_mapping));
2825 struct inode_operations page_symlink_inode_operations = {
2826 .readlink = generic_readlink,
2827 .follow_link = page_follow_link_light,
2828 .put_link = page_put_link,
2831 EXPORT_SYMBOL(__user_walk);
2832 EXPORT_SYMBOL(__user_walk_fd);
2833 EXPORT_SYMBOL(follow_down);
2834 EXPORT_SYMBOL(follow_up);
2835 EXPORT_SYMBOL(get_write_access); /* binfmt_aout */
2836 EXPORT_SYMBOL(getname);
2837 EXPORT_SYMBOL(lock_rename);
2838 EXPORT_SYMBOL(lookup_one_len);
2839 EXPORT_SYMBOL(page_follow_link_light);
2840 EXPORT_SYMBOL(page_put_link);
2841 EXPORT_SYMBOL(page_readlink);
2842 EXPORT_SYMBOL(__page_symlink);
2843 EXPORT_SYMBOL(page_symlink);
2844 EXPORT_SYMBOL(page_symlink_inode_operations);
2845 EXPORT_SYMBOL(path_lookup);
2846 EXPORT_SYMBOL(path_release);
2847 EXPORT_SYMBOL(path_walk);
2848 EXPORT_SYMBOL(permission);
2849 EXPORT_SYMBOL(vfs_permission);
2850 EXPORT_SYMBOL(file_permission);
2851 EXPORT_SYMBOL(unlock_rename);
2852 EXPORT_SYMBOL(vfs_create);
2853 EXPORT_SYMBOL(vfs_follow_link);
2854 EXPORT_SYMBOL(vfs_link);
2855 EXPORT_SYMBOL(vfs_mkdir);
2856 EXPORT_SYMBOL(vfs_mknod);
2857 EXPORT_SYMBOL(generic_permission);
2858 EXPORT_SYMBOL(vfs_readlink);
2859 EXPORT_SYMBOL(vfs_rename);
2860 EXPORT_SYMBOL(vfs_rmdir);
2861 EXPORT_SYMBOL(vfs_symlink);
2862 EXPORT_SYMBOL(vfs_unlink);
2863 EXPORT_SYMBOL(dentry_unhash);
2864 EXPORT_SYMBOL(generic_readlink);
git://git.onelab.eu / linux-2.6.git / blob