4 * Copyright (C) 1991, 1992 Linus Torvalds
8 * Some corrections by tytso.
11 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
14 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
21 #include <linux/namei.h>
22 #include <linux/quotaops.h>
23 #include <linux/pagemap.h>
24 #include <linux/dnotify.h>
25 #include <linux/smp_lock.h>
26 #include <linux/personality.h>
27 #include <linux/security.h>
28 #include <linux/mount.h>
29 #include <linux/audit.h>
30 #include <linux/vs_base.h>
32 #include <asm/namei.h>
33 #include <asm/uaccess.h>
35 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
37 /* [Feb-1997 T. Schoebel-Theuer]
38 * Fundamental changes in the pathname lookup mechanisms (namei)
39 * were necessary because of omirr. The reason is that omirr needs
40 * to know the _real_ pathname, not the user-supplied one, in case
41 * of symlinks (and also when transname replacements occur).
43 * The new code replaces the old recursive symlink resolution with
44 * an iterative one (in case of non-nested symlink chains). It does
45 * this with calls to <fs>_follow_link().
46 * As a side effect, dir_namei(), _namei() and follow_link() are now
47 * replaced with a single function lookup_dentry() that can handle all
48 * the special cases of the former code.
50 * With the new dcache, the pathname is stored at each inode, at least as
51 * long as the refcount of the inode is positive. As a side effect, the
52 * size of the dcache depends on the inode cache and thus is dynamic.
54 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
55 * resolution to correspond with current state of the code.
57 * Note that the symlink resolution is not *completely* iterative.
58 * There is still a significant amount of tail- and mid- recursion in
59 * the algorithm. Also, note that <fs>_readlink() is not used in
60 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
61 * may return different results than <fs>_follow_link(). Many virtual
62 * filesystems (including /proc) exhibit this behavior.
65 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
66 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
67 * and the name already exists in form of a symlink, try to create the new
68 * name indicated by the symlink. The old code always complained that the
69 * name already exists, due to not following the symlink even if its target
70 * is nonexistent. The new semantics affects also mknod() and link() when
71 * the name is a symlink pointing to a non-existant name.
73 * I don't know which semantics is the right one, since I have no access
74 * to standards. But I found by trial that HP-UX 9.0 has the full "new"
75 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
76 * "old" one. Personally, I think the new semantics is much more logical.
77 * Note that "ln old new" where "new" is a symlink pointing to a non-existing
78 * file does succeed in both HP-UX and SunOs, but not in Solaris
79 * and in the old Linux semantics.
82 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
83 * semantics. See the comments in "open_namei" and "do_link" below.
85 * [10-Sep-98 Alan Modra] Another symlink change.
88 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
89 * inside the path - always follow.
90 * in the last component in creation/removal/renaming - never follow.
91 * if LOOKUP_FOLLOW passed - follow.
92 * if the pathname has trailing slashes - follow.
93 * otherwise - don't follow.
94 * (applied in that order).
96 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
97 * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
98 * During the 2.4 we need to fix the userland stuff depending on it -
99 * hopefully we will be able to get rid of that wart in 2.5. So far only
100 * XEmacs seems to be relying on it...
103 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
104 * implemented. Let's see if raised priority of ->s_vfs_rename_sem gives
105 * any extra contention...
108 /* In order to reduce some races, while at the same time doing additional
109 * checking and hopefully speeding things up, we copy filenames to the
110 * kernel data space before using them..
112 * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
113 * PATH_MAX includes the nul terminator --RR.
115 static inline int do_getname(const char __user *filename, char *page)
118 unsigned long len = PATH_MAX;
120 if ((unsigned long) filename >= TASK_SIZE) {
121 if (!segment_eq(get_fs(), KERNEL_DS))
123 } else if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
124 len = TASK_SIZE - (unsigned long) filename;
126 retval = strncpy_from_user((char *)page, filename, len);
130 return -ENAMETOOLONG;
136 char * getname(const char __user * filename)
140 result = ERR_PTR(-ENOMEM);
143 int retval = do_getname(filename, tmp);
148 result = ERR_PTR(retval);
151 if (unlikely(current->audit_context) && !IS_ERR(result) && result)
152 audit_getname(result);
159 * is used to check for read/write/execute permissions on a file.
160 * We use "fsuid" for this, letting us set arbitrary permissions
161 * for filesystem access without changing the "normal" uids which
162 * are used for other things..
164 int vfs_permission(struct inode * inode, int mask)
166 umode_t mode = inode->i_mode;
168 /* Prevent vservers from escaping chroot() barriers */
169 if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN))
172 if (mask & MAY_WRITE) {
174 * Nobody gets write access to a read-only fs.
176 if (IS_RDONLY(inode) &&
177 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
181 * Nobody gets write access to an immutable file.
183 if (IS_IMMUTABLE(inode))
187 if (current->fsuid == inode->i_uid)
189 else if (in_group_p(inode->i_gid))
193 * If the DACs are ok we don't need any capability check.
195 if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask))
199 * Read/write DACs are always overridable.
200 * Executable DACs are overridable if at least one exec bit is set.
202 if (!(mask & MAY_EXEC) ||
203 (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
204 if (capable(CAP_DAC_OVERRIDE))
208 * Searching includes executable on directories, else just read.
210 if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
211 if (capable(CAP_DAC_READ_SEARCH))
217 int permission(struct inode * inode,int mask, struct nameidata *nd)
221 umode_t mode = inode->i_mode;
223 /* Ordinary permission routines do not understand MAY_APPEND. */
224 submask = mask & ~MAY_APPEND;
226 if (nd && (mask & MAY_WRITE) && MNT_IS_RDONLY(nd->mnt) &&
227 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
230 if (inode->i_op && inode->i_op->permission)
231 retval = inode->i_op->permission(inode, submask, nd);
233 retval = vfs_permission(inode, submask);
237 return security_inode_permission(inode, mask, nd);
241 * get_write_access() gets write permission for a file.
242 * put_write_access() releases this write permission.
243 * This is used for regular files.
244 * We cannot support write (and maybe mmap read-write shared) accesses and
245 * MAP_DENYWRITE mmappings simultaneously. The i_writecount field of an inode
246 * can have the following values:
247 * 0: no writers, no VM_DENYWRITE mappings
248 * < 0: (-i_writecount) vm_area_structs with VM_DENYWRITE set exist
249 * > 0: (i_writecount) users are writing to the file.
251 * Normally we operate on that counter with atomic_{inc,dec} and it's safe
252 * except for the cases where we don't hold i_writecount yet. Then we need to
253 * use {get,deny}_write_access() - these functions check the sign and refuse
254 * to do the change if sign is wrong. Exclusion between them is provided by
255 * the inode->i_lock spinlock.
258 int get_write_access(struct inode * inode)
260 spin_lock(&inode->i_lock);
261 if (atomic_read(&inode->i_writecount) < 0) {
262 spin_unlock(&inode->i_lock);
265 atomic_inc(&inode->i_writecount);
266 spin_unlock(&inode->i_lock);
271 int deny_write_access(struct file * file)
273 struct inode *inode = file->f_dentry->d_inode;
275 spin_lock(&inode->i_lock);
276 if (atomic_read(&inode->i_writecount) > 0) {
277 spin_unlock(&inode->i_lock);
280 atomic_dec(&inode->i_writecount);
281 spin_unlock(&inode->i_lock);
286 void path_release(struct nameidata *nd)
293 * umount() mustn't call path_release()/mntput() as that would clear
296 void path_release_on_umount(struct nameidata *nd)
303 * Internal lookup() using the new generic dcache.
306 static struct dentry * cached_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd)
308 struct dentry * dentry = __d_lookup(parent, name);
310 /* lockess __d_lookup may fail due to concurrent d_move()
311 * in some unrelated directory, so try with d_lookup
314 dentry = d_lookup(parent, name);
316 if (dentry && dentry->d_op && dentry->d_op->d_revalidate) {
317 if (!dentry->d_op->d_revalidate(dentry, nd) && !d_invalidate(dentry)) {
326 * Short-cut version of permission(), for calling by
327 * path_walk(), when dcache lock is held. Combines parts
328 * of permission() and vfs_permission(), and tests ONLY for
329 * MAY_EXEC permission.
331 * If appropriate, check DAC only. If not appropriate, or
332 * short-cut DAC fails, then call permission() to do more
333 * complete permission check.
335 static inline int exec_permission_lite(struct inode *inode,
336 struct nameidata *nd)
338 umode_t mode = inode->i_mode;
340 if (inode->i_op && inode->i_op->permission)
343 if (current->fsuid == inode->i_uid)
345 else if (in_group_p(inode->i_gid))
351 if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
354 if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_OVERRIDE))
357 if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
362 return security_inode_permission(inode, MAY_EXEC, nd);
366 * This is called when everything else fails, and we actually have
367 * to go to the low-level filesystem to find out what we should do..
369 * We get the directory semaphore, and after getting that we also
370 * make sure that nobody added the entry to the dcache in the meantime..
373 static struct dentry * real_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd)
375 struct dentry * result;
376 struct inode *dir = parent->d_inode;
380 * First re-do the cached lookup just in case it was created
381 * while we waited for the directory semaphore..
383 * FIXME! This could use version numbering or similar to
384 * avoid unnecessary cache lookups.
386 * The "dcache_lock" is purely to protect the RCU list walker
387 * from concurrent renames at this point (we mustn't get false
388 * negatives from the RCU list walk here, unlike the optimistic
391 * so doing d_lookup() (with seqlock), instead of lockfree __d_lookup
393 result = d_lookup(parent, name);
395 struct dentry * dentry = d_alloc(parent, name);
396 result = ERR_PTR(-ENOMEM);
398 result = dir->i_op->lookup(dir, dentry, nd);
409 * Uhhuh! Nasty case: the cache was re-populated while
410 * we waited on the semaphore. Need to revalidate.
413 if (result->d_op && result->d_op->d_revalidate) {
414 if (!result->d_op->d_revalidate(result, nd) && !d_invalidate(result)) {
416 result = ERR_PTR(-ENOENT);
422 static int __emul_lookup_dentry(const char *, struct nameidata *);
426 walk_init_root(const char *name, struct nameidata *nd)
428 read_lock(¤t->fs->lock);
429 if (current->fs->altroot && !(nd->flags & LOOKUP_NOALT)) {
430 nd->mnt = mntget(current->fs->altrootmnt);
431 nd->dentry = dget(current->fs->altroot);
432 read_unlock(¤t->fs->lock);
433 if (__emul_lookup_dentry(name,nd))
435 read_lock(¤t->fs->lock);
437 nd->mnt = mntget(current->fs->rootmnt);
438 nd->dentry = dget(current->fs->root);
439 read_unlock(¤t->fs->lock);
443 static inline int __vfs_follow_link(struct nameidata *nd, const char *link)
452 if (!walk_init_root(link, nd))
453 /* weird __emul_prefix() stuff did it */
456 res = link_path_walk(link, nd);
458 if (nd->depth || res || nd->last_type!=LAST_NORM)
461 * If it is an iterative symlinks resolution in open_namei() we
462 * have to copy the last component. And all that crap because of
463 * bloody create() on broken symlinks. Furrfu...
466 if (unlikely(!name)) {
470 strcpy(name, nd->last.name);
471 nd->last.name = name;
475 return PTR_ERR(link);
479 * This limits recursive symlink follows to 8, while
480 * limiting consecutive symlinks to 40.
482 * Without that kind of total limit, nasty chains of consecutive
483 * symlinks can cause almost arbitrarily long lookups.
485 static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
488 if (current->link_count >= MAX_NESTED_LINKS)
490 if (current->total_link_count >= 40)
492 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
494 err = security_inode_follow_link(dentry, nd);
497 current->link_count++;
498 current->total_link_count++;
500 touch_atime(nd->mnt, dentry);
501 nd_set_link(nd, NULL);
502 err = dentry->d_inode->i_op->follow_link(dentry, nd);
504 char *s = nd_get_link(nd);
506 err = __vfs_follow_link(nd, s);
507 if (dentry->d_inode->i_op->put_link)
508 dentry->d_inode->i_op->put_link(dentry, nd);
510 current->link_count--;
518 int follow_up(struct vfsmount **mnt, struct dentry **dentry)
520 struct vfsmount *parent;
521 struct dentry *mountpoint;
522 spin_lock(&vfsmount_lock);
523 parent=(*mnt)->mnt_parent;
524 if (parent == *mnt) {
525 spin_unlock(&vfsmount_lock);
529 mountpoint=dget((*mnt)->mnt_mountpoint);
530 spin_unlock(&vfsmount_lock);
532 *dentry = mountpoint;
538 /* no need for dcache_lock, as serialization is taken care in
541 static int follow_mount(struct vfsmount **mnt, struct dentry **dentry)
544 while (d_mountpoint(*dentry)) {
545 struct vfsmount *mounted = lookup_mnt(*mnt, *dentry);
551 *dentry = dget(mounted->mnt_root);
557 /* no need for dcache_lock, as serialization is taken care in
560 static inline int __follow_down(struct vfsmount **mnt, struct dentry **dentry)
562 struct vfsmount *mounted;
564 mounted = lookup_mnt(*mnt, *dentry);
569 *dentry = dget(mounted->mnt_root);
575 int follow_down(struct vfsmount **mnt, struct dentry **dentry)
577 return __follow_down(mnt,dentry);
580 static inline void follow_dotdot(struct vfsmount **mnt, struct dentry **dentry)
583 struct vfsmount *parent;
584 struct dentry *old = *dentry;
586 read_lock(¤t->fs->lock);
587 if (*dentry == current->fs->root &&
588 *mnt == current->fs->rootmnt) {
589 read_unlock(¤t->fs->lock);
592 read_unlock(¤t->fs->lock);
593 spin_lock(&dcache_lock);
594 if (*dentry != (*mnt)->mnt_root) {
595 *dentry = dget((*dentry)->d_parent);
596 spin_unlock(&dcache_lock);
600 spin_unlock(&dcache_lock);
601 spin_lock(&vfsmount_lock);
602 parent = (*mnt)->mnt_parent;
603 if (parent == *mnt) {
604 spin_unlock(&vfsmount_lock);
608 *dentry = dget((*mnt)->mnt_mountpoint);
609 spin_unlock(&vfsmount_lock);
614 follow_mount(mnt, dentry);
618 struct vfsmount *mnt;
619 struct dentry *dentry;
623 * It's more convoluted than I'd like it to be, but... it's still fairly
624 * small and for now I'd prefer to have fast path as straight as possible.
625 * It _is_ time-critical.
627 static int do_lookup(struct nameidata *nd, struct qstr *name,
630 struct vfsmount *mnt = nd->mnt;
631 struct dentry *dentry = __d_lookup(nd->dentry, name);
635 if (dentry->d_op && dentry->d_op->d_revalidate)
636 goto need_revalidate;
639 path->dentry = dentry;
643 dentry = real_lookup(nd->dentry, name, nd);
649 if (dentry->d_op->d_revalidate(dentry, nd))
651 if (d_invalidate(dentry))
657 return PTR_ERR(dentry);
663 * This is the basic name resolution function, turning a pathname
664 * into the final dentry.
666 * We expect 'base' to be positive and a directory.
668 int fastcall link_path_walk(const char * name, struct nameidata *nd)
673 unsigned int lookup_flags = nd->flags;
675 atomic = (lookup_flags & LOOKUP_ATOMIC);
682 inode = nd->dentry->d_inode;
684 lookup_flags = LOOKUP_FOLLOW;
686 /* At this point we know we have a real path component. */
692 err = exec_permission_lite(inode, nd);
693 if (err == -EAGAIN) {
694 err = permission(inode, MAY_EXEC, nd);
700 c = *(const unsigned char *)name;
702 hash = init_name_hash();
705 hash = partial_name_hash(c, hash);
706 c = *(const unsigned char *)name;
707 } while (c && (c != '/'));
708 this.len = name - (const char *) this.name;
709 this.hash = end_name_hash(hash);
711 /* remove trailing slashes? */
714 while (*++name == '/');
716 goto last_with_slashes;
719 * "." and ".." are special - ".." especially so because it has
720 * to be able to know about the current root directory and
721 * parent relationships.
723 if (this.name[0] == '.') switch (this.len) {
727 if (this.name[1] != '.')
729 follow_dotdot(&nd->mnt, &nd->dentry);
730 inode = nd->dentry->d_inode;
736 * See if the low-level filesystem might want
737 * to use its own hash..
739 if (nd->dentry->d_op && nd->dentry->d_op->d_hash) {
740 err = nd->dentry->d_op->d_hash(nd->dentry, &this);
744 err = -EWOULDBLOCKIO;
747 nd->flags |= LOOKUP_CONTINUE;
748 /* This does the actual lookups.. */
749 err = do_lookup(nd, &this, &next);
752 /* Check mountpoints.. */
753 follow_mount(&next.mnt, &next.dentry);
756 inode = next.dentry->d_inode;
763 if (inode->i_op->follow_link) {
765 err = do_follow_link(next.dentry, nd);
771 inode = nd->dentry->d_inode;
780 nd->dentry = next.dentry;
783 if (!inode->i_op->lookup)
786 /* here ends the main loop */
789 lookup_flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
791 nd->flags &= ~LOOKUP_CONTINUE;
792 if (lookup_flags & LOOKUP_PARENT)
794 if (this.name[0] == '.') switch (this.len) {
798 if (this.name[1] != '.')
800 follow_dotdot(&nd->mnt, &nd->dentry);
801 inode = nd->dentry->d_inode;
806 if (nd->dentry->d_op && nd->dentry->d_op->d_hash) {
807 err = nd->dentry->d_op->d_hash(nd->dentry, &this);
811 err = -EWOULDBLOCKIO;
814 err = do_lookup(nd, &this, &next);
817 follow_mount(&next.mnt, &next.dentry);
818 inode = next.dentry->d_inode;
819 if ((lookup_flags & LOOKUP_FOLLOW)
820 && inode && inode->i_op && inode->i_op->follow_link) {
822 err = do_follow_link(next.dentry, nd);
827 inode = nd->dentry->d_inode;
831 nd->dentry = next.dentry;
836 if (lookup_flags & LOOKUP_DIRECTORY) {
838 if (!inode->i_op || !inode->i_op->lookup)
844 nd->last_type = LAST_NORM;
845 if (this.name[0] != '.')
848 nd->last_type = LAST_DOT;
849 else if (this.len == 2 && this.name[1] == '.')
850 nd->last_type = LAST_DOTDOT;
855 * We bypassed the ordinary revalidation routines.
856 * We may need to check the cached dentry for staleness.
858 if (nd->dentry && nd->dentry->d_sb &&
859 (nd->dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)) {
861 /* Note: we do not d_invalidate() */
862 if (!nd->dentry->d_op->d_revalidate(nd->dentry, nd))
876 int fastcall path_walk(const char * name, struct nameidata *nd)
878 current->total_link_count = 0;
879 return link_path_walk(name, nd);
883 /* returns 1 if everything is done */
884 static int __emul_lookup_dentry(const char *name, struct nameidata *nd)
886 if (path_walk(name, nd))
887 return 0; /* something went wrong... */
889 if (!nd->dentry->d_inode || S_ISDIR(nd->dentry->d_inode->i_mode)) {
890 struct dentry *old_dentry = nd->dentry;
891 struct vfsmount *old_mnt = nd->mnt;
892 struct qstr last = nd->last;
893 int last_type = nd->last_type;
895 * NAME was not found in alternate root or it's a directory. Try to find
896 * it in the normal root:
898 nd->last_type = LAST_ROOT;
899 read_lock(¤t->fs->lock);
900 nd->mnt = mntget(current->fs->rootmnt);
901 nd->dentry = dget(current->fs->root);
902 read_unlock(¤t->fs->lock);
903 if (path_walk(name, nd) == 0) {
904 if (nd->dentry->d_inode) {
911 nd->dentry = old_dentry;
914 nd->last_type = last_type;
919 void set_fs_altroot(void)
921 char *emul = __emul_prefix();
923 struct vfsmount *mnt = NULL, *oldmnt;
924 struct dentry *dentry = NULL, *olddentry;
929 err = path_lookup(emul, LOOKUP_FOLLOW|LOOKUP_DIRECTORY|LOOKUP_NOALT, &nd);
935 write_lock(¤t->fs->lock);
936 oldmnt = current->fs->altrootmnt;
937 olddentry = current->fs->altroot;
938 current->fs->altrootmnt = mnt;
939 current->fs->altroot = dentry;
940 write_unlock(¤t->fs->lock);
947 int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata *nd)
951 nd->last_type = LAST_ROOT; /* if there are only slashes... */
955 read_lock(¤t->fs->lock);
957 if (current->fs->altroot && !(nd->flags & LOOKUP_NOALT)) {
958 nd->mnt = mntget(current->fs->altrootmnt);
959 nd->dentry = dget(current->fs->altroot);
960 read_unlock(¤t->fs->lock);
961 if (__emul_lookup_dentry(name,nd))
963 read_lock(¤t->fs->lock);
965 nd->mnt = mntget(current->fs->rootmnt);
966 nd->dentry = dget(current->fs->root);
968 nd->mnt = mntget(current->fs->pwdmnt);
969 nd->dentry = dget(current->fs->pwd);
971 read_unlock(¤t->fs->lock);
972 current->total_link_count = 0;
973 retval = link_path_walk(name, nd);
974 if (unlikely(current->audit_context
975 && nd && nd->dentry && nd->dentry->d_inode))
977 nd->dentry->d_inode->i_ino,
978 nd->dentry->d_inode->i_rdev);
983 * Restricted form of lookup. Doesn't follow links, single-component only,
984 * needs parent already locked. Doesn't follow mounts.
987 static struct dentry * __lookup_hash(struct qstr *name, struct dentry * base, struct nameidata *nd)
989 struct dentry * dentry;
993 inode = base->d_inode;
994 err = permission(inode, MAY_EXEC, nd);
995 dentry = ERR_PTR(err);
1000 * See if the low-level filesystem might want
1001 * to use its own hash..
1003 if (base->d_op && base->d_op->d_hash) {
1004 err = base->d_op->d_hash(base, name);
1005 dentry = ERR_PTR(err);
1010 dentry = cached_lookup(base, name, nd);
1012 struct dentry *new = d_alloc(base, name);
1013 dentry = ERR_PTR(-ENOMEM);
1016 dentry = inode->i_op->lookup(inode, new, nd);
1026 struct dentry * lookup_hash(struct qstr *name, struct dentry * base)
1028 return __lookup_hash(name, base, NULL);
1032 struct dentry * lookup_one_len(const char * name, struct dentry * base, int len)
1043 hash = init_name_hash();
1045 c = *(const unsigned char *)name++;
1046 if (c == '/' || c == '\0')
1048 hash = partial_name_hash(c, hash);
1050 this.hash = end_name_hash(hash);
1052 return lookup_hash(&this, base);
1054 return ERR_PTR(-EACCES);
1060 * is used by most simple commands to get the inode of a specified name.
1061 * Open, link etc use their own routines, but this is enough for things
1064 * namei exists in two versions: namei/lnamei. The only difference is
1065 * that namei follows links, while lnamei does not.
1068 int fastcall __user_walk(const char __user *name, unsigned flags, struct nameidata *nd)
1070 char *tmp = getname(name);
1071 int err = PTR_ERR(tmp);
1074 err = path_lookup(tmp, flags, nd);
1081 * It's inline, so penalty for filesystems that don't use sticky bit is
1084 static inline int check_sticky(struct inode *dir, struct inode *inode)
1086 if (!(dir->i_mode & S_ISVTX))
1088 if (inode->i_uid == current->fsuid)
1090 if (dir->i_uid == current->fsuid)
1092 return !capable(CAP_FOWNER);
1096 * Check whether we can remove a link victim from directory dir, check
1097 * whether the type of victim is right.
1098 * 1. We can't do it if dir is read-only (done in permission())
1099 * 2. We should have write and exec permissions on dir
1100 * 3. We can't remove anything from append-only dir
1101 * 4. We can't do anything with immutable dir (done in permission())
1102 * 5. If the sticky bit on dir is set we should either
1103 * a. be owner of dir, or
1104 * b. be owner of victim, or
1105 * c. have CAP_FOWNER capability
1106 * 6. If the victim is append-only or immutable we can't do antyhing with
1107 * links pointing to it.
1108 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
1109 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
1110 * 9. We can't remove a root or mountpoint.
1111 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
1112 * nfs_async_unlink().
1114 static inline int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1117 if (!victim->d_inode)
1119 if (victim->d_parent->d_inode != dir)
1122 error = permission(dir,MAY_WRITE | MAY_EXEC, NULL);
1127 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1128 IS_IXORUNLINK(victim->d_inode))
1131 if (!S_ISDIR(victim->d_inode->i_mode))
1133 if (IS_ROOT(victim))
1135 } else if (S_ISDIR(victim->d_inode->i_mode))
1137 if (IS_DEADDIR(dir))
1139 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1144 /* Check whether we can create an object with dentry child in directory
1146 * 1. We can't do it if child already exists (open has special treatment for
1147 * this case, but since we are inlined it's OK)
1148 * 2. We can't do it if dir is read-only (done in permission())
1149 * 3. We should have write and exec permissions on dir
1150 * 4. We can't do it if dir is immutable (done in permission())
1152 static inline int may_create(struct inode *dir, struct dentry *child,
1153 struct nameidata *nd)
1157 if (IS_DEADDIR(dir))
1159 return permission(dir,MAY_WRITE | MAY_EXEC, nd);
1162 static inline int mnt_may_create(struct vfsmount *mnt, struct inode *dir, struct dentry *child) {
1165 if (IS_DEADDIR(dir))
1167 if (mnt->mnt_flags & MNT_RDONLY)
1172 static inline int mnt_may_unlink(struct vfsmount *mnt, struct inode *dir, struct dentry *child) {
1173 if (!child->d_inode)
1175 if (mnt->mnt_flags & MNT_RDONLY)
1181 * Special case: O_CREAT|O_EXCL implies O_NOFOLLOW for security
1184 * O_DIRECTORY translates into forcing a directory lookup.
1186 static inline int lookup_flags(unsigned int f)
1188 unsigned long retval = LOOKUP_FOLLOW;
1191 retval &= ~LOOKUP_FOLLOW;
1193 if ((f & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL))
1194 retval &= ~LOOKUP_FOLLOW;
1196 if (f & O_DIRECTORY)
1197 retval |= LOOKUP_DIRECTORY;
1198 if (f & O_ATOMICLOOKUP)
1199 retval |= LOOKUP_ATOMIC;
1205 * p1 and p2 should be directories on the same fs.
1207 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1212 down(&p1->d_inode->i_sem);
1216 down(&p1->d_inode->i_sb->s_vfs_rename_sem);
1218 for (p = p1; p->d_parent != p; p = p->d_parent) {
1219 if (p->d_parent == p2) {
1220 down(&p2->d_inode->i_sem);
1221 down(&p1->d_inode->i_sem);
1226 for (p = p2; p->d_parent != p; p = p->d_parent) {
1227 if (p->d_parent == p1) {
1228 down(&p1->d_inode->i_sem);
1229 down(&p2->d_inode->i_sem);
1234 down(&p1->d_inode->i_sem);
1235 down(&p2->d_inode->i_sem);
1239 void unlock_rename(struct dentry *p1, struct dentry *p2)
1241 up(&p1->d_inode->i_sem);
1243 up(&p2->d_inode->i_sem);
1244 up(&p1->d_inode->i_sb->s_vfs_rename_sem);
1248 int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1249 struct nameidata *nd)
1251 int error = may_create(dir, dentry, nd);
1256 if (!dir->i_op || !dir->i_op->create)
1257 return -EACCES; /* shouldn't it be ENOSYS? */
1260 error = security_inode_create(dir, dentry, mode);
1264 error = dir->i_op->create(dir, dentry, mode, nd);
1266 inode_dir_notify(dir, DN_CREATE);
1267 security_inode_post_create(dir, dentry, mode);
1272 int may_open(struct nameidata *nd, int acc_mode, int flag)
1274 struct dentry *dentry = nd->dentry;
1275 struct inode *inode = dentry->d_inode;
1281 if (S_ISLNK(inode->i_mode))
1284 if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
1287 error = permission(inode, acc_mode, nd);
1292 * FIFO's, sockets and device files are special: they don't
1293 * actually live on the filesystem itself, and as such you
1294 * can write to them even if the filesystem is read-only.
1296 if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
1298 } else if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {
1299 if (nd->mnt->mnt_flags & MNT_NODEV)
1303 } else if ((IS_RDONLY(inode) || (nd && MNT_IS_RDONLY(nd->mnt)))
1304 && (flag & FMODE_WRITE))
1307 * An append-only file must be opened in append mode for writing.
1309 if (IS_APPEND(inode)) {
1310 if ((flag & FMODE_WRITE) && !(flag & O_APPEND))
1316 /* O_NOATIME can only be set by the owner or superuser */
1317 if (flag & O_NOATIME)
1318 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
1322 * Ensure there are no outstanding leases on the file.
1324 error = break_lease(inode, flag);
1328 if (flag & O_TRUNC) {
1329 error = get_write_access(inode);
1334 * Refuse to truncate files with mandatory locks held on them.
1336 error = locks_verify_locked(inode);
1340 error = do_truncate(dentry, 0);
1342 put_write_access(inode);
1346 if (flag & FMODE_WRITE)
1355 * namei for open - this is in fact almost the whole open-routine.
1357 * Note that the low bits of "flag" aren't the same as in the open
1358 * system call - they are 00 - no permissions needed
1359 * 01 - read permission needed
1360 * 10 - write permission needed
1361 * 11 - read/write permissions needed
1362 * which is a lot more logical, and also allows the "no perm" needed
1363 * for symlinks (where the permissions are checked later).
1366 int open_namei(const char * pathname, int flag, int mode, struct nameidata *nd)
1368 int acc_mode, error = 0;
1369 struct dentry *dentry;
1373 acc_mode = ACC_MODE(flag);
1375 /* Allow the LSM permission hook to distinguish append
1376 access from general write access. */
1377 if (flag & O_APPEND)
1378 acc_mode |= MAY_APPEND;
1380 /* Fill in the open() intent data */
1381 nd->intent.open.flags = flag;
1382 nd->intent.open.create_mode = mode;
1385 * The simplest case - just a plain lookup.
1387 if (!(flag & O_CREAT)) {
1388 error = path_lookup(pathname, lookup_flags(flag)|LOOKUP_OPEN, nd);
1395 * Create - we need to know the parent.
1397 error = path_lookup(pathname, LOOKUP_PARENT|LOOKUP_OPEN|LOOKUP_CREATE, nd);
1402 * We have the parent and last component. First of all, check
1403 * that we are not asked to creat(2) an obvious directory - that
1407 if (nd->last_type != LAST_NORM || nd->last.name[nd->last.len])
1411 nd->flags &= ~LOOKUP_PARENT;
1412 down(&dir->d_inode->i_sem);
1413 dentry = __lookup_hash(&nd->last, nd->dentry, nd);
1416 error = PTR_ERR(dentry);
1417 if (IS_ERR(dentry)) {
1418 up(&dir->d_inode->i_sem);
1422 /* Negative dentry, just create the file */
1423 if (!dentry->d_inode) {
1424 if (!IS_POSIXACL(dir->d_inode))
1425 mode &= ~current->fs->umask;
1426 error = vfs_create(dir->d_inode, dentry, mode, nd);
1427 up(&dir->d_inode->i_sem);
1429 nd->dentry = dentry;
1432 /* Don't check for write permission, don't truncate */
1439 * It already exists.
1441 up(&dir->d_inode->i_sem);
1447 if (d_mountpoint(dentry)) {
1449 if (flag & O_NOFOLLOW)
1451 while (__follow_down(&nd->mnt,&dentry) && d_mountpoint(dentry));
1454 if (!dentry->d_inode)
1456 if (dentry->d_inode->i_op && dentry->d_inode->i_op->follow_link)
1460 nd->dentry = dentry;
1462 if (dentry->d_inode && S_ISDIR(dentry->d_inode->i_mode))
1465 error = may_open(nd, acc_mode, flag);
1478 if (flag & O_NOFOLLOW)
1481 * This is subtle. Instead of calling do_follow_link() we do the
1482 * thing by hands. The reason is that this way we have zero link_count
1483 * and path_walk() (called from ->follow_link) honoring LOOKUP_PARENT.
1484 * After that we have the parent and last component, i.e.
1485 * we are in the same situation as after the first path_walk().
1486 * Well, almost - if the last component is normal we get its copy
1487 * stored in nd->last.name and we will have to putname() it when we
1488 * are done. Procfs-like symlinks just set LAST_BIND.
1490 nd->flags |= LOOKUP_PARENT;
1491 error = security_inode_follow_link(dentry, nd);
1494 touch_atime(nd->mnt, dentry);
1495 nd_set_link(nd, NULL);
1496 error = dentry->d_inode->i_op->follow_link(dentry, nd);
1498 char *s = nd_get_link(nd);
1500 error = __vfs_follow_link(nd, s);
1501 if (dentry->d_inode->i_op->put_link)
1502 dentry->d_inode->i_op->put_link(dentry, nd);
1507 nd->flags &= ~LOOKUP_PARENT;
1508 if (nd->last_type == LAST_BIND) {
1509 dentry = nd->dentry;
1513 if (nd->last_type != LAST_NORM)
1515 if (nd->last.name[nd->last.len]) {
1516 putname(nd->last.name);
1521 putname(nd->last.name);
1525 down(&dir->d_inode->i_sem);
1526 dentry = __lookup_hash(&nd->last, nd->dentry, nd);
1527 putname(nd->last.name);
1532 * lookup_create - lookup a dentry, creating it if it doesn't exist
1533 * @nd: nameidata info
1534 * @is_dir: directory flag
1536 * Simple function to lookup and return a dentry and create it
1537 * if it doesn't exist. Is SMP-safe.
1539 struct dentry *lookup_create(struct nameidata *nd, int is_dir)
1541 struct dentry *dentry;
1544 down(&nd->dentry->d_inode->i_sem);
1546 if (nd->last_type != LAST_NORM)
1548 nd->flags &= ~LOOKUP_PARENT;
1549 dentry = lookup_hash(&nd->last, nd->dentry);
1552 error = mnt_may_create(nd->mnt, nd->dentry->d_inode, dentry);
1556 if (!is_dir && nd->last.name[nd->last.len] && !dentry->d_inode)
1563 return ERR_PTR(error);
1566 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
1568 int error = may_create(dir, dentry, NULL);
1573 if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
1576 if (!dir->i_op || !dir->i_op->mknod)
1579 error = security_inode_mknod(dir, dentry, mode, dev);
1584 error = dir->i_op->mknod(dir, dentry, mode, dev);
1586 inode_dir_notify(dir, DN_CREATE);
1587 security_inode_post_mknod(dir, dentry, mode, dev);
1592 asmlinkage long sys_mknod(const char __user * filename, int mode, unsigned dev)
1596 struct dentry * dentry;
1597 struct nameidata nd;
1601 tmp = getname(filename);
1603 return PTR_ERR(tmp);
1605 error = path_lookup(tmp, LOOKUP_PARENT, &nd);
1608 dentry = lookup_create(&nd, 0);
1609 error = PTR_ERR(dentry);
1611 if (!IS_POSIXACL(nd.dentry->d_inode))
1612 mode &= ~current->fs->umask;
1613 if (!IS_ERR(dentry)) {
1614 switch (mode & S_IFMT) {
1615 case 0: case S_IFREG:
1616 error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd);
1618 case S_IFCHR: case S_IFBLK:
1619 error = vfs_mknod(nd.dentry->d_inode,dentry,mode,
1620 new_decode_dev(dev));
1622 case S_IFIFO: case S_IFSOCK:
1623 error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0);
1633 up(&nd.dentry->d_inode->i_sem);
1641 int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
1643 int error = may_create(dir, dentry, NULL);
1648 if (!dir->i_op || !dir->i_op->mkdir)
1651 mode &= (S_IRWXUGO|S_ISVTX);
1652 error = security_inode_mkdir(dir, dentry, mode);
1657 error = dir->i_op->mkdir(dir, dentry, mode);
1659 inode_dir_notify(dir, DN_CREATE);
1660 security_inode_post_mkdir(dir,dentry, mode);
1665 asmlinkage long sys_mkdir(const char __user * pathname, int mode)
1670 tmp = getname(pathname);
1671 error = PTR_ERR(tmp);
1673 struct dentry *dentry;
1674 struct nameidata nd;
1676 error = path_lookup(tmp, LOOKUP_PARENT, &nd);
1679 dentry = lookup_create(&nd, 1);
1680 error = PTR_ERR(dentry);
1681 if (!IS_ERR(dentry)) {
1682 if (!IS_POSIXACL(nd.dentry->d_inode))
1683 mode &= ~current->fs->umask;
1684 error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
1687 up(&nd.dentry->d_inode->i_sem);
1697 * We try to drop the dentry early: we should have
1698 * a usage count of 2 if we're the only user of this
1699 * dentry, and if that is true (possibly after pruning
1700 * the dcache), then we drop the dentry now.
1702 * A low-level filesystem can, if it choses, legally
1705 * if (!d_unhashed(dentry))
1708 * if it cannot handle the case of removing a directory
1709 * that is still in use by something else..
1711 static void d_unhash(struct dentry *dentry)
1714 spin_lock(&dcache_lock);
1715 switch (atomic_read(&dentry->d_count)) {
1717 spin_unlock(&dcache_lock);
1718 shrink_dcache_parent(dentry);
1719 spin_lock(&dcache_lock);
1720 if (atomic_read(&dentry->d_count) != 2)
1725 spin_unlock(&dcache_lock);
1728 int vfs_rmdir(struct inode *dir, struct dentry *dentry)
1730 int error = may_delete(dir, dentry, 1);
1735 if (!dir->i_op || !dir->i_op->rmdir)
1740 down(&dentry->d_inode->i_sem);
1742 if (d_mountpoint(dentry))
1745 error = security_inode_rmdir(dir, dentry);
1747 error = dir->i_op->rmdir(dir, dentry);
1749 dentry->d_inode->i_flags |= S_DEAD;
1752 up(&dentry->d_inode->i_sem);
1754 inode_dir_notify(dir, DN_DELETE);
1762 asmlinkage long sys_rmdir(const char __user * pathname)
1766 struct dentry *dentry;
1767 struct nameidata nd;
1769 name = getname(pathname);
1771 return PTR_ERR(name);
1773 error = path_lookup(name, LOOKUP_PARENT, &nd);
1777 switch(nd.last_type) {
1788 down(&nd.dentry->d_inode->i_sem);
1789 dentry = lookup_hash(&nd.last, nd.dentry);
1790 error = PTR_ERR(dentry);
1791 if (!IS_ERR(dentry)) {
1792 error = mnt_may_unlink(nd.mnt, nd.dentry->d_inode, dentry);
1795 error = vfs_rmdir(nd.dentry->d_inode, dentry);
1799 up(&nd.dentry->d_inode->i_sem);
1807 int vfs_unlink(struct inode *dir, struct dentry *dentry)
1809 int error = may_delete(dir, dentry, 0);
1814 if (!dir->i_op || !dir->i_op->unlink)
1819 down(&dentry->d_inode->i_sem);
1820 if (d_mountpoint(dentry))
1823 error = security_inode_unlink(dir, dentry);
1825 error = dir->i_op->unlink(dir, dentry);
1827 up(&dentry->d_inode->i_sem);
1829 /* We don't d_delete() NFS sillyrenamed files--they still exist. */
1830 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
1832 inode_dir_notify(dir, DN_DELETE);
1838 * Make sure that the actual truncation of the file will occur outside its
1839 * directory's i_sem. Truncate can take a long time if there is a lot of
1840 * writeout happening, and we don't want to prevent access to the directory
1841 * while waiting on the I/O.
1843 asmlinkage long sys_unlink(const char __user * pathname)
1847 struct dentry *dentry;
1848 struct nameidata nd;
1849 struct inode *inode = NULL;
1851 name = getname(pathname);
1853 return PTR_ERR(name);
1855 error = path_lookup(name, LOOKUP_PARENT, &nd);
1859 if (nd.last_type != LAST_NORM)
1861 down(&nd.dentry->d_inode->i_sem);
1862 dentry = lookup_hash(&nd.last, nd.dentry);
1863 error = PTR_ERR(dentry);
1864 if (!IS_ERR(dentry)) {
1865 /* Why not before? Because we want correct error value */
1866 if (nd.last.name[nd.last.len])
1868 error = mnt_may_unlink(nd.mnt, nd.dentry->d_inode, dentry);
1871 inode = dentry->d_inode;
1873 atomic_inc(&inode->i_count);
1874 error = vfs_unlink(nd.dentry->d_inode, dentry);
1878 up(&nd.dentry->d_inode->i_sem);
1885 iput(inode); /* truncate the inode here */
1889 error = !dentry->d_inode ? -ENOENT :
1890 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
1894 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname, int mode)
1896 int error = may_create(dir, dentry, NULL);
1901 if (!dir->i_op || !dir->i_op->symlink)
1904 error = security_inode_symlink(dir, dentry, oldname);
1909 error = dir->i_op->symlink(dir, dentry, oldname);
1911 inode_dir_notify(dir, DN_CREATE);
1912 security_inode_post_symlink(dir, dentry, oldname);
1917 asmlinkage long sys_symlink(const char __user * oldname, const char __user * newname)
1923 from = getname(oldname);
1925 return PTR_ERR(from);
1926 to = getname(newname);
1927 error = PTR_ERR(to);
1929 struct dentry *dentry;
1930 struct nameidata nd;
1932 error = path_lookup(to, LOOKUP_PARENT, &nd);
1935 dentry = lookup_create(&nd, 0);
1936 error = PTR_ERR(dentry);
1937 if (!IS_ERR(dentry)) {
1938 error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
1941 up(&nd.dentry->d_inode->i_sem);
1950 int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
1952 struct inode *inode = old_dentry->d_inode;
1958 error = may_create(dir, new_dentry, NULL);
1962 if (dir->i_sb != inode->i_sb)
1966 * A link to an append-only or immutable file cannot be created.
1968 if (IS_APPEND(inode) || IS_IXORUNLINK(inode))
1970 if (!dir->i_op || !dir->i_op->link)
1972 if (S_ISDIR(old_dentry->d_inode->i_mode))
1975 error = security_inode_link(old_dentry, dir, new_dentry);
1979 down(&old_dentry->d_inode->i_sem);
1981 error = dir->i_op->link(old_dentry, dir, new_dentry);
1982 up(&old_dentry->d_inode->i_sem);
1984 inode_dir_notify(dir, DN_CREATE);
1985 security_inode_post_link(old_dentry, dir, new_dentry);
1991 * Hardlinks are often used in delicate situations. We avoid
1992 * security-related surprises by not following symlinks on the
1995 * We don't follow them on the oldname either to be compatible
1996 * with linux 2.0, and to avoid hard-linking to directories
1997 * and other special files. --ADM
1999 asmlinkage long sys_link(const char __user * oldname, const char __user * newname)
2001 struct dentry *new_dentry;
2002 struct nameidata nd, old_nd;
2006 to = getname(newname);
2010 error = __user_walk(oldname, 0, &old_nd);
2013 error = path_lookup(to, LOOKUP_PARENT, &nd);
2017 * We allow hard-links to be created to a bind-mount as long
2018 * as the bind-mount is not read-only. Checking for cross-dev
2019 * links is subsumed by the superblock check in vfs_link().
2022 if (MNT_IS_RDONLY(old_nd.mnt))
2024 new_dentry = lookup_create(&nd, 0);
2025 error = PTR_ERR(new_dentry);
2026 if (!IS_ERR(new_dentry)) {
2027 error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
2030 up(&nd.dentry->d_inode->i_sem);
2034 path_release(&old_nd);
2042 * The worst of all namespace operations - renaming directory. "Perverted"
2043 * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
2045 * a) we can get into loop creation. Check is done in is_subdir().
2046 * b) race potential - two innocent renames can create a loop together.
2047 * That's where 4.4 screws up. Current fix: serialization on
2048 * sb->s_vfs_rename_sem. We might be more accurate, but that's another
2050 * c) we have to lock _three_ objects - parents and victim (if it exists).
2051 * And that - after we got ->i_sem on parents (until then we don't know
2052 * whether the target exists). Solution: try to be smart with locking
2053 * order for inodes. We rely on the fact that tree topology may change
2054 * only under ->s_vfs_rename_sem _and_ that parent of the object we
2055 * move will be locked. Thus we can rank directories by the tree
2056 * (ancestors first) and rank all non-directories after them.
2057 * That works since everybody except rename does "lock parent, lookup,
2058 * lock child" and rename is under ->s_vfs_rename_sem.
2059 * HOWEVER, it relies on the assumption that any object with ->lookup()
2060 * has no more than 1 dentry. If "hybrid" objects will ever appear,
2061 * we'd better make sure that there's no link(2) for them.
2062 * d) some filesystems don't support opened-but-unlinked directories,
2063 * either because of layout or because they are not ready to deal with
2064 * all cases correctly. The latter will be fixed (taking this sort of
2065 * stuff into VFS), but the former is not going away. Solution: the same
2066 * trick as in rmdir().
2067 * e) conversion from fhandle to dentry may come in the wrong moment - when
2068 * we are removing the target. Solution: we will have to grab ->i_sem
2069 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
2070 * ->i_sem on parents, which works but leads to some truely excessive
2073 int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
2074 struct inode *new_dir, struct dentry *new_dentry)
2077 struct inode *target;
2080 * If we are going to change the parent - check write permissions,
2081 * we'll need to flip '..'.
2083 if (new_dir != old_dir) {
2084 error = permission(old_dentry->d_inode, MAY_WRITE, NULL);
2089 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2093 target = new_dentry->d_inode;
2095 down(&target->i_sem);
2096 d_unhash(new_dentry);
2098 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
2101 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2104 target->i_flags |= S_DEAD;
2106 if (d_unhashed(new_dentry))
2107 d_rehash(new_dentry);
2111 d_move(old_dentry,new_dentry);
2112 security_inode_post_rename(old_dir, old_dentry,
2113 new_dir, new_dentry);
2118 int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
2119 struct inode *new_dir, struct dentry *new_dentry)
2121 struct inode *target;
2124 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2129 target = new_dentry->d_inode;
2131 down(&target->i_sem);
2132 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
2135 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2137 /* The following d_move() should become unconditional */
2138 if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME))
2139 d_move(old_dentry, new_dentry);
2140 security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
2148 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
2149 struct inode *new_dir, struct dentry *new_dentry)
2152 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
2154 if (old_dentry->d_inode == new_dentry->d_inode)
2157 error = may_delete(old_dir, old_dentry, is_dir);
2161 if (!new_dentry->d_inode)
2162 error = may_create(new_dir, new_dentry, NULL);
2164 error = may_delete(new_dir, new_dentry, is_dir);
2168 if (!old_dir->i_op || !old_dir->i_op->rename)
2171 DQUOT_INIT(old_dir);
2172 DQUOT_INIT(new_dir);
2175 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
2177 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
2179 if (old_dir == new_dir)
2180 inode_dir_notify(old_dir, DN_RENAME);
2182 inode_dir_notify(old_dir, DN_DELETE);
2183 inode_dir_notify(new_dir, DN_CREATE);
2189 static inline int do_rename(const char * oldname, const char * newname)
2192 struct dentry * old_dir, * new_dir;
2193 struct dentry * old_dentry, *new_dentry;
2194 struct dentry * trap;
2195 struct nameidata oldnd, newnd;
2197 error = path_lookup(oldname, LOOKUP_PARENT, &oldnd);
2201 error = path_lookup(newname, LOOKUP_PARENT, &newnd);
2206 if (oldnd.mnt != newnd.mnt)
2209 old_dir = oldnd.dentry;
2211 if (oldnd.last_type != LAST_NORM)
2214 new_dir = newnd.dentry;
2215 if (newnd.last_type != LAST_NORM)
2218 trap = lock_rename(new_dir, old_dir);
2220 old_dentry = lookup_hash(&oldnd.last, old_dir);
2221 error = PTR_ERR(old_dentry);
2222 if (IS_ERR(old_dentry))
2224 /* source must exist */
2226 if (!old_dentry->d_inode)
2228 /* unless the source is a directory trailing slashes give -ENOTDIR */
2229 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
2231 if (oldnd.last.name[oldnd.last.len])
2233 if (newnd.last.name[newnd.last.len])
2236 /* source should not be ancestor of target */
2238 if (old_dentry == trap)
2241 if (MNT_IS_RDONLY(newnd.mnt))
2243 new_dentry = lookup_hash(&newnd.last, new_dir);
2244 error = PTR_ERR(new_dentry);
2245 if (IS_ERR(new_dentry))
2247 /* target should not be an ancestor of source */
2249 if (new_dentry == trap)
2252 error = vfs_rename(old_dir->d_inode, old_dentry,
2253 new_dir->d_inode, new_dentry);
2259 unlock_rename(new_dir, old_dir);
2261 path_release(&newnd);
2263 path_release(&oldnd);
2268 asmlinkage long sys_rename(const char __user * oldname, const char __user * newname)
2274 from = getname(oldname);
2276 return PTR_ERR(from);
2277 to = getname(newname);
2278 error = PTR_ERR(to);
2280 error = do_rename(from,to);
2287 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
2291 len = PTR_ERR(link);
2296 if (len > (unsigned) buflen)
2298 if (copy_to_user(buffer, link, len))
2305 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
2306 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
2307 * using) it for any given inode is up to filesystem.
2309 int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
2311 struct nameidata nd;
2314 res = dentry->d_inode->i_op->follow_link(dentry, &nd);
2316 res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
2317 if (dentry->d_inode->i_op->put_link)
2318 dentry->d_inode->i_op->put_link(dentry, &nd);
2323 int vfs_follow_link(struct nameidata *nd, const char *link)
2325 return __vfs_follow_link(nd, link);
2328 /* get the link contents into pagecache */
2329 static char *page_getlink(struct dentry * dentry, struct page **ppage)
2332 struct address_space *mapping = dentry->d_inode->i_mapping;
2333 page = read_cache_page(mapping, 0, (filler_t *)mapping->a_ops->readpage,
2337 wait_on_page_locked(page);
2338 if (!PageUptodate(page))
2344 page_cache_release(page);
2345 return ERR_PTR(-EIO);
2351 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
2353 struct page *page = NULL;
2354 char *s = page_getlink(dentry, &page);
2355 int res = vfs_readlink(dentry,buffer,buflen,s);
2358 page_cache_release(page);
2363 int page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
2366 nd_set_link(nd, page_getlink(dentry, &page));
2370 void page_put_link(struct dentry *dentry, struct nameidata *nd)
2372 if (!IS_ERR(nd_get_link(nd))) {
2374 page = find_get_page(dentry->d_inode->i_mapping, 0);
2378 page_cache_release(page);
2379 page_cache_release(page);
2383 int page_follow_link(struct dentry *dentry, struct nameidata *nd)
2385 struct page *page = NULL;
2386 char *s = page_getlink(dentry, &page);
2387 int res = __vfs_follow_link(nd, s);
2390 page_cache_release(page);
2395 int page_symlink(struct inode *inode, const char *symname, int len)
2397 struct address_space *mapping = inode->i_mapping;
2398 struct page *page = grab_cache_page(mapping, 0);
2404 err = mapping->a_ops->prepare_write(NULL, page, 0, len-1);
2407 kaddr = kmap_atomic(page, KM_USER0);
2408 memcpy(kaddr, symname, len-1);
2409 kunmap_atomic(kaddr, KM_USER0);
2410 mapping->a_ops->commit_write(NULL, page, 0, len-1);
2412 * Notice that we are _not_ going to block here - end of page is
2413 * unmapped, so this will only try to map the rest of page, see
2414 * that it is unmapped (typically even will not look into inode -
2415 * ->i_size will be enough for everything) and zero it out.
2416 * OTOH it's obviously correct and should make the page up-to-date.
2418 if (!PageUptodate(page)) {
2419 err = mapping->a_ops->readpage(NULL, page);
2420 wait_on_page_locked(page);
2424 page_cache_release(page);
2427 mark_inode_dirty(inode);
2431 page_cache_release(page);
2436 struct inode_operations page_symlink_inode_operations = {
2437 .readlink = generic_readlink,
2438 .follow_link = page_follow_link_light,
2439 .put_link = page_put_link,
2442 EXPORT_SYMBOL(__user_walk);
2443 EXPORT_SYMBOL(follow_down);
2444 EXPORT_SYMBOL(follow_up);
2445 EXPORT_SYMBOL(get_write_access); /* binfmt_aout */
2446 EXPORT_SYMBOL(getname);
2447 EXPORT_SYMBOL(lock_rename);
2448 EXPORT_SYMBOL(lookup_create);
2449 EXPORT_SYMBOL(lookup_hash);
2450 EXPORT_SYMBOL(lookup_one_len);
2451 EXPORT_SYMBOL(page_follow_link);
2452 EXPORT_SYMBOL(page_follow_link_light);
2453 EXPORT_SYMBOL(page_put_link);
2454 EXPORT_SYMBOL(page_readlink);
2455 EXPORT_SYMBOL(page_symlink);
2456 EXPORT_SYMBOL(page_symlink_inode_operations);
2457 EXPORT_SYMBOL(path_lookup);
2458 EXPORT_SYMBOL(path_release);
2459 EXPORT_SYMBOL(path_walk);
2460 EXPORT_SYMBOL(permission);
2461 EXPORT_SYMBOL(unlock_rename);
2462 EXPORT_SYMBOL(vfs_create);
2463 EXPORT_SYMBOL(vfs_follow_link);
2464 EXPORT_SYMBOL(vfs_link);
2465 EXPORT_SYMBOL(vfs_mkdir);
2466 EXPORT_SYMBOL(vfs_mknod);
2467 EXPORT_SYMBOL(vfs_permission);
2468 EXPORT_SYMBOL(vfs_readlink);
2469 EXPORT_SYMBOL(vfs_rename);
2470 EXPORT_SYMBOL(vfs_rmdir);
2471 EXPORT_SYMBOL(vfs_symlink);
2472 EXPORT_SYMBOL(vfs_unlink);
2473 EXPORT_SYMBOL(generic_readlink);
git://git.onelab.eu / linux-2.6.git / blob