/fs/namei.c
https://bitbucket.org/cyanogenmod/android_kernel_asus_tf300t · C · 3411 lines · 2426 code · 405 blank · 580 comment · 589 complexity · fb2fd2e2ce1cc24bb0eb80bc14eb23bf MD5 · raw file
Large files are truncated click here to view the full file
- /*
- * linux/fs/namei.c
- *
- * Copyright (C) 1991, 1992 Linus Torvalds
- */
- /*
- * Some corrections by tytso.
- */
- /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
- * lookup logic.
- */
- /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
- */
- #include <linux/init.h>
- #include <linux/module.h>
- #include <linux/slab.h>
- #include <linux/fs.h>
- #include <linux/namei.h>
- #include <linux/pagemap.h>
- #include <linux/fsnotify.h>
- #include <linux/personality.h>
- #include <linux/security.h>
- #include <linux/ima.h>
- #include <linux/syscalls.h>
- #include <linux/mount.h>
- #include <linux/audit.h>
- #include <linux/capability.h>
- #include <linux/file.h>
- #include <linux/fcntl.h>
- #include <linux/device_cgroup.h>
- #include <linux/fs_struct.h>
- #include <linux/posix_acl.h>
- #include <asm/uaccess.h>
- #include "internal.h"
- /* [Feb-1997 T. Schoebel-Theuer]
- * Fundamental changes in the pathname lookup mechanisms (namei)
- * were necessary because of omirr. The reason is that omirr needs
- * to know the _real_ pathname, not the user-supplied one, in case
- * of symlinks (and also when transname replacements occur).
- *
- * The new code replaces the old recursive symlink resolution with
- * an iterative one (in case of non-nested symlink chains). It does
- * this with calls to <fs>_follow_link().
- * As a side effect, dir_namei(), _namei() and follow_link() are now
- * replaced with a single function lookup_dentry() that can handle all
- * the special cases of the former code.
- *
- * With the new dcache, the pathname is stored at each inode, at least as
- * long as the refcount of the inode is positive. As a side effect, the
- * size of the dcache depends on the inode cache and thus is dynamic.
- *
- * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
- * resolution to correspond with current state of the code.
- *
- * Note that the symlink resolution is not *completely* iterative.
- * There is still a significant amount of tail- and mid- recursion in
- * the algorithm. Also, note that <fs>_readlink() is not used in
- * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
- * may return different results than <fs>_follow_link(). Many virtual
- * filesystems (including /proc) exhibit this behavior.
- */
- /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
- * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
- * and the name already exists in form of a symlink, try to create the new
- * name indicated by the symlink. The old code always complained that the
- * name already exists, due to not following the symlink even if its target
- * is nonexistent. The new semantics affects also mknod() and link() when
- * the name is a symlink pointing to a non-existent name.
- *
- * I don't know which semantics is the right one, since I have no access
- * to standards. But I found by trial that HP-UX 9.0 has the full "new"
- * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
- * "old" one. Personally, I think the new semantics is much more logical.
- * Note that "ln old new" where "new" is a symlink pointing to a non-existing
- * file does succeed in both HP-UX and SunOs, but not in Solaris
- * and in the old Linux semantics.
- */
- /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
- * semantics. See the comments in "open_namei" and "do_link" below.
- *
- * [10-Sep-98 Alan Modra] Another symlink change.
- */
- /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
- * inside the path - always follow.
- * in the last component in creation/removal/renaming - never follow.
- * if LOOKUP_FOLLOW passed - follow.
- * if the pathname has trailing slashes - follow.
- * otherwise - don't follow.
- * (applied in that order).
- *
- * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
- * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
- * During the 2.4 we need to fix the userland stuff depending on it -
- * hopefully we will be able to get rid of that wart in 2.5. So far only
- * XEmacs seems to be relying on it...
- */
- /*
- * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
- * implemented. Let's see if raised priority of ->s_vfs_rename_mutex gives
- * any extra contention...
- */
- /* In order to reduce some races, while at the same time doing additional
- * checking and hopefully speeding things up, we copy filenames to the
- * kernel data space before using them..
- *
- * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
- * PATH_MAX includes the nul terminator --RR.
- */
- static int do_getname(const char __user *filename, char *page)
- {
- int retval;
- unsigned long len = PATH_MAX;
- if (!segment_eq(get_fs(), KERNEL_DS)) {
- if ((unsigned long) filename >= TASK_SIZE)
- return -EFAULT;
- if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
- len = TASK_SIZE - (unsigned long) filename;
- }
- retval = strncpy_from_user(page, filename, len);
- if (retval > 0) {
- if (retval < len)
- return 0;
- return -ENAMETOOLONG;
- } else if (!retval)
- retval = -ENOENT;
- return retval;
- }
- static char *getname_flags(const char __user *filename, int flags, int *empty)
- {
- char *tmp, *result;
- result = ERR_PTR(-ENOMEM);
- tmp = __getname();
- if (tmp) {
- int retval = do_getname(filename, tmp);
- result = tmp;
- if (retval < 0) {
- if (retval == -ENOENT && empty)
- *empty = 1;
- if (retval != -ENOENT || !(flags & LOOKUP_EMPTY)) {
- __putname(tmp);
- result = ERR_PTR(retval);
- }
- }
- }
- audit_getname(result);
- return result;
- }
- char *getname(const char __user * filename)
- {
- return getname_flags(filename, 0, 0);
- }
- #ifdef CONFIG_AUDITSYSCALL
- void putname(const char *name)
- {
- if (unlikely(!audit_dummy_context()))
- audit_putname(name);
- else
- __putname(name);
- }
- EXPORT_SYMBOL(putname);
- #endif
- static int check_acl(struct inode *inode, int mask)
- {
- #ifdef CONFIG_FS_POSIX_ACL
- struct posix_acl *acl;
- if (mask & MAY_NOT_BLOCK) {
- acl = get_cached_acl_rcu(inode, ACL_TYPE_ACCESS);
- if (!acl)
- return -EAGAIN;
- /* no ->get_acl() calls in RCU mode... */
- if (acl == ACL_NOT_CACHED)
- return -ECHILD;
- return posix_acl_permission(inode, acl, mask & ~MAY_NOT_BLOCK);
- }
- acl = get_cached_acl(inode, ACL_TYPE_ACCESS);
- /*
- * A filesystem can force a ACL callback by just never filling the
- * ACL cache. But normally you'd fill the cache either at inode
- * instantiation time, or on the first ->get_acl call.
- *
- * If the filesystem doesn't have a get_acl() function at all, we'll
- * just create the negative cache entry.
- */
- if (acl == ACL_NOT_CACHED) {
- if (inode->i_op->get_acl) {
- acl = inode->i_op->get_acl(inode, ACL_TYPE_ACCESS);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
- } else {
- set_cached_acl(inode, ACL_TYPE_ACCESS, NULL);
- return -EAGAIN;
- }
- }
- if (acl) {
- int error = posix_acl_permission(inode, acl, mask);
- posix_acl_release(acl);
- return error;
- }
- #endif
- return -EAGAIN;
- }
- /*
- * This does basic POSIX ACL permission checking
- */
- static int acl_permission_check(struct inode *inode, int mask)
- {
- unsigned int mode = inode->i_mode;
- mask &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK;
- if (current_user_ns() != inode_userns(inode))
- goto other_perms;
- if (likely(current_fsuid() == inode->i_uid))
- mode >>= 6;
- else {
- if (IS_POSIXACL(inode) && (mode & S_IRWXG)) {
- int error = check_acl(inode, mask);
- if (error != -EAGAIN)
- return error;
- }
- if (in_group_p(inode->i_gid))
- mode >>= 3;
- }
- other_perms:
- /*
- * If the DACs are ok we don't need any capability check.
- */
- if ((mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
- return 0;
- return -EACCES;
- }
- /**
- * generic_permission - check for access rights on a Posix-like filesystem
- * @inode: inode to check access rights for
- * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
- *
- * Used to check for read/write/execute permissions on a file.
- * We use "fsuid" for this, letting us set arbitrary permissions
- * for filesystem access without changing the "normal" uids which
- * are used for other things.
- *
- * generic_permission is rcu-walk aware. It returns -ECHILD in case an rcu-walk
- * request cannot be satisfied (eg. requires blocking or too much complexity).
- * It would then be called again in ref-walk mode.
- */
- int generic_permission(struct inode *inode, int mask)
- {
- int ret;
- /*
- * Do the basic POSIX ACL permission checks.
- */
- ret = acl_permission_check(inode, mask);
- if (ret != -EACCES)
- return ret;
- if (S_ISDIR(inode->i_mode)) {
- /* DACs are overridable for directories */
- if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
- return 0;
- if (!(mask & MAY_WRITE))
- if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
- return 0;
- return -EACCES;
- }
- /*
- * Read/write DACs are always overridable.
- * Executable DACs are overridable when there is
- * at least one exec bit set.
- */
- if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
- if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
- return 0;
- /*
- * Searching includes executable on directories, else just read.
- */
- mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
- if (mask == MAY_READ)
- if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH))
- return 0;
- return -EACCES;
- }
- /*
- * We _really_ want to just do "generic_permission()" without
- * even looking at the inode->i_op values. So we keep a cache
- * flag in inode->i_opflags, that says "this has not special
- * permission function, use the fast case".
- */
- static inline int do_inode_permission(struct inode *inode, int mask)
- {
- if (unlikely(!(inode->i_opflags & IOP_FASTPERM))) {
- if (likely(inode->i_op->permission))
- return inode->i_op->permission(inode, mask);
- /* This gets set once for the inode lifetime */
- spin_lock(&inode->i_lock);
- inode->i_opflags |= IOP_FASTPERM;
- spin_unlock(&inode->i_lock);
- }
- return generic_permission(inode, mask);
- }
- /**
- * inode_permission - check for access rights to a given inode
- * @inode: inode to check permission on
- * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
- *
- * Used to check for read/write/execute permissions on an inode.
- * We use "fsuid" for this, letting us set arbitrary permissions
- * for filesystem access without changing the "normal" uids which
- * are used for other things.
- */
- int inode_permission(struct inode *inode, int mask)
- {
- int retval;
- if (unlikely(mask & MAY_WRITE)) {
- umode_t mode = inode->i_mode;
- /*
- * Nobody gets write access to a read-only fs.
- */
- if (IS_RDONLY(inode) &&
- (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
- return -EROFS;
- /*
- * Nobody gets write access to an immutable file.
- */
- if (IS_IMMUTABLE(inode))
- return -EACCES;
- }
- retval = do_inode_permission(inode, mask);
- if (retval)
- return retval;
- retval = devcgroup_inode_permission(inode, mask);
- if (retval)
- return retval;
- return security_inode_permission(inode, mask);
- }
- /**
- * path_get - get a reference to a path
- * @path: path to get the reference to
- *
- * Given a path increment the reference count to the dentry and the vfsmount.
- */
- void path_get(struct path *path)
- {
- mntget(path->mnt);
- dget(path->dentry);
- }
- EXPORT_SYMBOL(path_get);
- /**
- * path_put - put a reference to a path
- * @path: path to put the reference to
- *
- * Given a path decrement the reference count to the dentry and the vfsmount.
- */
- void path_put(struct path *path)
- {
- dput(path->dentry);
- mntput(path->mnt);
- }
- EXPORT_SYMBOL(path_put);
- /*
- * Path walking has 2 modes, rcu-walk and ref-walk (see
- * Documentation/filesystems/path-lookup.txt). In situations when we can't
- * continue in RCU mode, we attempt to drop out of rcu-walk mode and grab
- * normal reference counts on dentries and vfsmounts to transition to rcu-walk
- * mode. Refcounts are grabbed at the last known good point before rcu-walk
- * got stuck, so ref-walk may continue from there. If this is not successful
- * (eg. a seqcount has changed), then failure is returned and it's up to caller
- * to restart the path walk from the beginning in ref-walk mode.
- */
- /**
- * unlazy_walk - try to switch to ref-walk mode.
- * @nd: nameidata pathwalk data
- * @dentry: child of nd->path.dentry or NULL
- * Returns: 0 on success, -ECHILD on failure
- *
- * unlazy_walk attempts to legitimize the current nd->path, nd->root and dentry
- * for ref-walk mode. @dentry must be a path found by a do_lookup call on
- * @nd or NULL. Must be called from rcu-walk context.
- */
- static int unlazy_walk(struct nameidata *nd, struct dentry *dentry)
- {
- struct fs_struct *fs = current->fs;
- struct dentry *parent = nd->path.dentry;
- int want_root = 0;
- BUG_ON(!(nd->flags & LOOKUP_RCU));
- if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
- want_root = 1;
- spin_lock(&fs->lock);
- if (nd->root.mnt != fs->root.mnt ||
- nd->root.dentry != fs->root.dentry)
- goto err_root;
- }
- spin_lock(&parent->d_lock);
- if (!dentry) {
- if (!__d_rcu_to_refcount(parent, nd->seq))
- goto err_parent;
- BUG_ON(nd->inode != parent->d_inode);
- } else {
- if (dentry->d_parent != parent)
- goto err_parent;
- spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
- if (!__d_rcu_to_refcount(dentry, nd->seq))
- goto err_child;
- /*
- * If the sequence check on the child dentry passed, then
- * the child has not been removed from its parent. This
- * means the parent dentry must be valid and able to take
- * a reference at this point.
- */
- BUG_ON(!IS_ROOT(dentry) && dentry->d_parent != parent);
- BUG_ON(!parent->d_count);
- parent->d_count++;
- spin_unlock(&dentry->d_lock);
- }
- spin_unlock(&parent->d_lock);
- if (want_root) {
- path_get(&nd->root);
- spin_unlock(&fs->lock);
- }
- mntget(nd->path.mnt);
- rcu_read_unlock();
- br_read_unlock(vfsmount_lock);
- nd->flags &= ~LOOKUP_RCU;
- return 0;
- err_child:
- spin_unlock(&dentry->d_lock);
- err_parent:
- spin_unlock(&parent->d_lock);
- err_root:
- if (want_root)
- spin_unlock(&fs->lock);
- return -ECHILD;
- }
- /**
- * release_open_intent - free up open intent resources
- * @nd: pointer to nameidata
- */
- void release_open_intent(struct nameidata *nd)
- {
- struct file *file = nd->intent.open.file;
- if (file && !IS_ERR(file)) {
- if (file->f_path.dentry == NULL)
- put_filp(file);
- else
- fput(file);
- }
- }
- static inline int d_revalidate(struct dentry *dentry, struct nameidata *nd)
- {
- return dentry->d_op->d_revalidate(dentry, nd);
- }
- /**
- * complete_walk - successful completion of path walk
- * @nd: pointer nameidata
- *
- * If we had been in RCU mode, drop out of it and legitimize nd->path.
- * Revalidate the final result, unless we'd already done that during
- * the path walk or the filesystem doesn't ask for it. Return 0 on
- * success, -error on failure. In case of failure caller does not
- * need to drop nd->path.
- */
- static int complete_walk(struct nameidata *nd)
- {
- struct dentry *dentry = nd->path.dentry;
- int status;
- if (nd->flags & LOOKUP_RCU) {
- nd->flags &= ~LOOKUP_RCU;
- if (!(nd->flags & LOOKUP_ROOT))
- nd->root.mnt = NULL;
- spin_lock(&dentry->d_lock);
- if (unlikely(!__d_rcu_to_refcount(dentry, nd->seq))) {
- spin_unlock(&dentry->d_lock);
- rcu_read_unlock();
- br_read_unlock(vfsmount_lock);
- return -ECHILD;
- }
- BUG_ON(nd->inode != dentry->d_inode);
- spin_unlock(&dentry->d_lock);
- mntget(nd->path.mnt);
- rcu_read_unlock();
- br_read_unlock(vfsmount_lock);
- }
- if (likely(!(nd->flags & LOOKUP_JUMPED)))
- return 0;
- if (likely(!(dentry->d_flags & DCACHE_OP_REVALIDATE)))
- return 0;
- if (likely(!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)))
- return 0;
- /* Note: we do not d_invalidate() */
- status = d_revalidate(dentry, nd);
- if (status > 0)
- return 0;
- if (!status)
- status = -ESTALE;
- path_put(&nd->path);
- return status;
- }
- static __always_inline void set_root(struct nameidata *nd)
- {
- if (!nd->root.mnt)
- get_fs_root(current->fs, &nd->root);
- }
- static int link_path_walk(const char *, struct nameidata *);
- static __always_inline void set_root_rcu(struct nameidata *nd)
- {
- if (!nd->root.mnt) {
- struct fs_struct *fs = current->fs;
- unsigned seq;
- do {
- seq = read_seqcount_begin(&fs->seq);
- nd->root = fs->root;
- nd->seq = __read_seqcount_begin(&nd->root.dentry->d_seq);
- } while (read_seqcount_retry(&fs->seq, seq));
- }
- }
- static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
- {
- int ret;
- if (IS_ERR(link))
- goto fail;
- if (*link == '/') {
- set_root(nd);
- path_put(&nd->path);
- nd->path = nd->root;
- path_get(&nd->root);
- nd->flags |= LOOKUP_JUMPED;
- }
- nd->inode = nd->path.dentry->d_inode;
- ret = link_path_walk(link, nd);
- return ret;
- fail:
- path_put(&nd->path);
- return PTR_ERR(link);
- }
- static void path_put_conditional(struct path *path, struct nameidata *nd)
- {
- dput(path->dentry);
- if (path->mnt != nd->path.mnt)
- mntput(path->mnt);
- }
- static inline void path_to_nameidata(const struct path *path,
- struct nameidata *nd)
- {
- if (!(nd->flags & LOOKUP_RCU)) {
- dput(nd->path.dentry);
- if (nd->path.mnt != path->mnt)
- mntput(nd->path.mnt);
- }
- nd->path.mnt = path->mnt;
- nd->path.dentry = path->dentry;
- }
- static inline void put_link(struct nameidata *nd, struct path *link, void *cookie)
- {
- struct inode *inode = link->dentry->d_inode;
- if (!IS_ERR(cookie) && inode->i_op->put_link)
- inode->i_op->put_link(link->dentry, nd, cookie);
- path_put(link);
- }
- static __always_inline int
- follow_link(struct path *link, struct nameidata *nd, void **p)
- {
- int error;
- struct dentry *dentry = link->dentry;
- BUG_ON(nd->flags & LOOKUP_RCU);
- if (link->mnt == nd->path.mnt)
- mntget(link->mnt);
- if (unlikely(current->total_link_count >= 40)) {
- *p = ERR_PTR(-ELOOP); /* no ->put_link(), please */
- path_put(&nd->path);
- return -ELOOP;
- }
- cond_resched();
- current->total_link_count++;
- touch_atime(link->mnt, dentry);
- nd_set_link(nd, NULL);
- error = security_inode_follow_link(link->dentry, nd);
- if (error) {
- *p = ERR_PTR(error); /* no ->put_link(), please */
- path_put(&nd->path);
- return error;
- }
- nd->last_type = LAST_BIND;
- *p = dentry->d_inode->i_op->follow_link(dentry, nd);
- error = PTR_ERR(*p);
- if (!IS_ERR(*p)) {
- char *s = nd_get_link(nd);
- error = 0;
- if (s)
- error = __vfs_follow_link(nd, s);
- else if (nd->last_type == LAST_BIND) {
- nd->flags |= LOOKUP_JUMPED;
- nd->inode = nd->path.dentry->d_inode;
- if (nd->inode->i_op->follow_link) {
- /* stepped on a _really_ weird one */
- path_put(&nd->path);
- error = -ELOOP;
- }
- }
- }
- return error;
- }
- static int follow_up_rcu(struct path *path)
- {
- struct vfsmount *parent;
- struct dentry *mountpoint;
- parent = path->mnt->mnt_parent;
- if (parent == path->mnt)
- return 0;
- mountpoint = path->mnt->mnt_mountpoint;
- path->dentry = mountpoint;
- path->mnt = parent;
- return 1;
- }
- int follow_up(struct path *path)
- {
- struct vfsmount *parent;
- struct dentry *mountpoint;
- br_read_lock(vfsmount_lock);
- parent = path->mnt->mnt_parent;
- if (parent == path->mnt) {
- br_read_unlock(vfsmount_lock);
- return 0;
- }
- mntget(parent);
- mountpoint = dget(path->mnt->mnt_mountpoint);
- br_read_unlock(vfsmount_lock);
- dput(path->dentry);
- path->dentry = mountpoint;
- mntput(path->mnt);
- path->mnt = parent;
- return 1;
- }
- /*
- * Perform an automount
- * - return -EISDIR to tell follow_managed() to stop and return the path we
- * were called with.
- */
- static int follow_automount(struct path *path, unsigned flags,
- bool *need_mntput)
- {
- struct vfsmount *mnt;
- int err;
- if (!path->dentry->d_op || !path->dentry->d_op->d_automount)
- return -EREMOTE;
- /* We don't want to mount if someone's just doing a stat -
- * unless they're stat'ing a directory and appended a '/' to
- * the name.
- *
- * We do, however, want to mount if someone wants to open or
- * create a file of any type under the mountpoint, wants to
- * traverse through the mountpoint or wants to open the
- * mounted directory. Also, autofs may mark negative dentries
- * as being automount points. These will need the attentions
- * of the daemon to instantiate them before they can be used.
- */
- if (!(flags & (LOOKUP_PARENT | LOOKUP_DIRECTORY |
- LOOKUP_OPEN | LOOKUP_CREATE | LOOKUP_AUTOMOUNT)) &&
- path->dentry->d_inode)
- return -EISDIR;
- current->total_link_count++;
- if (current->total_link_count >= 40)
- return -ELOOP;
- mnt = path->dentry->d_op->d_automount(path);
- if (IS_ERR(mnt)) {
- /*
- * The filesystem is allowed to return -EISDIR here to indicate
- * it doesn't want to automount. For instance, autofs would do
- * this so that its userspace daemon can mount on this dentry.
- *
- * However, we can only permit this if it's a terminal point in
- * the path being looked up; if it wasn't then the remainder of
- * the path is inaccessible and we should say so.
- */
- if (PTR_ERR(mnt) == -EISDIR && (flags & LOOKUP_PARENT))
- return -EREMOTE;
- return PTR_ERR(mnt);
- }
- if (!mnt) /* mount collision */
- return 0;
- if (!*need_mntput) {
- /* lock_mount() may release path->mnt on error */
- mntget(path->mnt);
- *need_mntput = true;
- }
- err = finish_automount(mnt, path);
- switch (err) {
- case -EBUSY:
- /* Someone else made a mount here whilst we were busy */
- return 0;
- case 0:
- path_put(path);
- path->mnt = mnt;
- path->dentry = dget(mnt->mnt_root);
- return 0;
- default:
- return err;
- }
- }
- /*
- * Handle a dentry that is managed in some way.
- * - Flagged for transit management (autofs)
- * - Flagged as mountpoint
- * - Flagged as automount point
- *
- * This may only be called in refwalk mode.
- *
- * Serialization is taken care of in namespace.c
- */
- static int follow_managed(struct path *path, unsigned flags)
- {
- struct vfsmount *mnt = path->mnt; /* held by caller, must be left alone */
- unsigned managed;
- bool need_mntput = false;
- int ret = 0;
- /* Given that we're not holding a lock here, we retain the value in a
- * local variable for each dentry as we look at it so that we don't see
- * the components of that value change under us */
- while (managed = ACCESS_ONCE(path->dentry->d_flags),
- managed &= DCACHE_MANAGED_DENTRY,
- unlikely(managed != 0)) {
- /* Allow the filesystem to manage the transit without i_mutex
- * being held. */
- if (managed & DCACHE_MANAGE_TRANSIT) {
- BUG_ON(!path->dentry->d_op);
- BUG_ON(!path->dentry->d_op->d_manage);
- ret = path->dentry->d_op->d_manage(path->dentry, false);
- if (ret < 0)
- break;
- }
- /* Transit to a mounted filesystem. */
- if (managed & DCACHE_MOUNTED) {
- struct vfsmount *mounted = lookup_mnt(path);
- if (mounted) {
- dput(path->dentry);
- if (need_mntput)
- mntput(path->mnt);
- path->mnt = mounted;
- path->dentry = dget(mounted->mnt_root);
- need_mntput = true;
- continue;
- }
- /* Something is mounted on this dentry in another
- * namespace and/or whatever was mounted there in this
- * namespace got unmounted before we managed to get the
- * vfsmount_lock */
- }
- /* Handle an automount point */
- if (managed & DCACHE_NEED_AUTOMOUNT) {
- ret = follow_automount(path, flags, &need_mntput);
- if (ret < 0)
- break;
- continue;
- }
- /* We didn't change the current path point */
- break;
- }
- if (need_mntput && path->mnt == mnt)
- mntput(path->mnt);
- if (ret == -EISDIR)
- ret = 0;
- return ret < 0 ? ret : need_mntput;
- }
- int follow_down_one(struct path *path)
- {
- struct vfsmount *mounted;
- mounted = lookup_mnt(path);
- if (mounted) {
- dput(path->dentry);
- mntput(path->mnt);
- path->mnt = mounted;
- path->dentry = dget(mounted->mnt_root);
- return 1;
- }
- return 0;
- }
- static inline bool managed_dentry_might_block(struct dentry *dentry)
- {
- return (dentry->d_flags & DCACHE_MANAGE_TRANSIT &&
- dentry->d_op->d_manage(dentry, true) < 0);
- }
- /*
- * Try to skip to top of mountpoint pile in rcuwalk mode. Fail if
- * we meet a managed dentry that would need blocking.
- */
- static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
- struct inode **inode)
- {
- for (;;) {
- struct vfsmount *mounted;
- /*
- * Don't forget we might have a non-mountpoint managed dentry
- * that wants to block transit.
- */
- if (unlikely(managed_dentry_might_block(path->dentry)))
- return false;
- if (!d_mountpoint(path->dentry))
- break;
- mounted = __lookup_mnt(path->mnt, path->dentry, 1);
- if (!mounted)
- break;
- path->mnt = mounted;
- path->dentry = mounted->mnt_root;
- nd->flags |= LOOKUP_JUMPED;
- nd->seq = read_seqcount_begin(&path->dentry->d_seq);
- /*
- * Update the inode too. We don't need to re-check the
- * dentry sequence number here after this d_inode read,
- * because a mount-point is always pinned.
- */
- *inode = path->dentry->d_inode;
- }
- return true;
- }
- static void follow_mount_rcu(struct nameidata *nd)
- {
- while (d_mountpoint(nd->path.dentry)) {
- struct vfsmount *mounted;
- mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry, 1);
- if (!mounted)
- break;
- nd->path.mnt = mounted;
- nd->path.dentry = mounted->mnt_root;
- nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
- }
- }
- static int follow_dotdot_rcu(struct nameidata *nd)
- {
- set_root_rcu(nd);
- while (1) {
- if (nd->path.dentry == nd->root.dentry &&
- nd->path.mnt == nd->root.mnt) {
- break;
- }
- if (nd->path.dentry != nd->path.mnt->mnt_root) {
- struct dentry *old = nd->path.dentry;
- struct dentry *parent = old->d_parent;
- unsigned seq;
- seq = read_seqcount_begin(&parent->d_seq);
- if (read_seqcount_retry(&old->d_seq, nd->seq))
- goto failed;
- nd->path.dentry = parent;
- nd->seq = seq;
- break;
- }
- if (!follow_up_rcu(&nd->path))
- break;
- nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
- }
- follow_mount_rcu(nd);
- nd->inode = nd->path.dentry->d_inode;
- return 0;
- failed:
- nd->flags &= ~LOOKUP_RCU;
- if (!(nd->flags & LOOKUP_ROOT))
- nd->root.mnt = NULL;
- rcu_read_unlock();
- br_read_unlock(vfsmount_lock);
- return -ECHILD;
- }
- /*
- * Follow down to the covering mount currently visible to userspace. At each
- * point, the filesystem owning that dentry may be queried as to whether the
- * caller is permitted to proceed or not.
- */
- int follow_down(struct path *path)
- {
- unsigned managed;
- int ret;
- while (managed = ACCESS_ONCE(path->dentry->d_flags),
- unlikely(managed & DCACHE_MANAGED_DENTRY)) {
- /* Allow the filesystem to manage the transit without i_mutex
- * being held.
- *
- * We indicate to the filesystem if someone is trying to mount
- * something here. This gives autofs the chance to deny anyone
- * other than its daemon the right to mount on its
- * superstructure.
- *
- * The filesystem may sleep at this point.
- */
- if (managed & DCACHE_MANAGE_TRANSIT) {
- BUG_ON(!path->dentry->d_op);
- BUG_ON(!path->dentry->d_op->d_manage);
- ret = path->dentry->d_op->d_manage(
- path->dentry, false);
- if (ret < 0)
- return ret == -EISDIR ? 0 : ret;
- }
- /* Transit to a mounted filesystem. */
- if (managed & DCACHE_MOUNTED) {
- struct vfsmount *mounted = lookup_mnt(path);
- if (!mounted)
- break;
- dput(path->dentry);
- mntput(path->mnt);
- path->mnt = mounted;
- path->dentry = dget(mounted->mnt_root);
- continue;
- }
- /* Don't handle automount points here */
- break;
- }
- return 0;
- }
- /*
- * Skip to top of mountpoint pile in refwalk mode for follow_dotdot()
- */
- static void follow_mount(struct path *path)
- {
- while (d_mountpoint(path->dentry)) {
- struct vfsmount *mounted = lookup_mnt(path);
- if (!mounted)
- break;
- dput(path->dentry);
- mntput(path->mnt);
- path->mnt = mounted;
- path->dentry = dget(mounted->mnt_root);
- }
- }
- static void follow_dotdot(struct nameidata *nd)
- {
- set_root(nd);
- while(1) {
- struct dentry *old = nd->path.dentry;
- if (nd->path.dentry == nd->root.dentry &&
- nd->path.mnt == nd->root.mnt) {
- break;
- }
- if (nd->path.dentry != nd->path.mnt->mnt_root) {
- /* rare case of legitimate dget_parent()... */
- nd->path.dentry = dget_parent(nd->path.dentry);
- dput(old);
- break;
- }
- if (!follow_up(&nd->path))
- break;
- }
- follow_mount(&nd->path);
- nd->inode = nd->path.dentry->d_inode;
- }
- /*
- * Allocate a dentry with name and parent, and perform a parent
- * directory ->lookup on it. Returns the new dentry, or ERR_PTR
- * on error. parent->d_inode->i_mutex must be held. d_lookup must
- * have verified that no child exists while under i_mutex.
- */
- static struct dentry *d_alloc_and_lookup(struct dentry *parent,
- struct qstr *name, struct nameidata *nd)
- {
- struct inode *inode = parent->d_inode;
- struct dentry *dentry;
- struct dentry *old;
- /* Don't create child dentry for a dead directory. */
- if (unlikely(IS_DEADDIR(inode)))
- return ERR_PTR(-ENOENT);
- dentry = d_alloc(parent, name);
- if (unlikely(!dentry))
- return ERR_PTR(-ENOMEM);
- old = inode->i_op->lookup(inode, dentry, nd);
- if (unlikely(old)) {
- dput(dentry);
- dentry = old;
- }
- return dentry;
- }
- /*
- * We already have a dentry, but require a lookup to be performed on the parent
- * directory to fill in d_inode. Returns the new dentry, or ERR_PTR on error.
- * parent->d_inode->i_mutex must be held. d_lookup must have verified that no
- * child exists while under i_mutex.
- */
- static struct dentry *d_inode_lookup(struct dentry *parent, struct dentry *dentry,
- struct nameidata *nd)
- {
- struct inode *inode = parent->d_inode;
- struct dentry *old;
- /* Don't create child dentry for a dead directory. */
- if (unlikely(IS_DEADDIR(inode)))
- return ERR_PTR(-ENOENT);
- old = inode->i_op->lookup(inode, dentry, nd);
- if (unlikely(old)) {
- dput(dentry);
- dentry = old;
- }
- return dentry;
- }
- /*
- * It's more convoluted than I'd like it to be, but... it's still fairly
- * small and for now I'd prefer to have fast path as straight as possible.
- * It _is_ time-critical.
- */
- static int do_lookup(struct nameidata *nd, struct qstr *name,
- struct path *path, struct inode **inode)
- {
- struct vfsmount *mnt = nd->path.mnt;
- struct dentry *dentry, *parent = nd->path.dentry;
- int need_reval = 1;
- int status = 1;
- int err;
- /*
- * Rename seqlock is not required here because in the off chance
- * of a false negative due to a concurrent rename, we're going to
- * do the non-racy lookup, below.
- */
- if (nd->flags & LOOKUP_RCU) {
- unsigned seq;
- *inode = nd->inode;
- dentry = __d_lookup_rcu(parent, name, &seq, inode);
- if (!dentry)
- goto unlazy;
- /* Memory barrier in read_seqcount_begin of child is enough */
- if (__read_seqcount_retry(&parent->d_seq, nd->seq))
- return -ECHILD;
- nd->seq = seq;
- if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE)) {
- status = d_revalidate(dentry, nd);
- if (unlikely(status <= 0)) {
- if (status != -ECHILD)
- need_reval = 0;
- goto unlazy;
- }
- }
- if (unlikely(d_need_lookup(dentry)))
- goto unlazy;
- path->mnt = mnt;
- path->dentry = dentry;
- if (unlikely(!__follow_mount_rcu(nd, path, inode)))
- goto unlazy;
- if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT))
- goto unlazy;
- return 0;
- unlazy:
- if (unlazy_walk(nd, dentry))
- return -ECHILD;
- } else {
- dentry = __d_lookup(parent, name);
- }
- if (dentry && unlikely(d_need_lookup(dentry))) {
- dput(dentry);
- dentry = NULL;
- }
- retry:
- if (unlikely(!dentry)) {
- struct inode *dir = parent->d_inode;
- BUG_ON(nd->inode != dir);
- mutex_lock(&dir->i_mutex);
- dentry = d_lookup(parent, name);
- if (likely(!dentry)) {
- dentry = d_alloc_and_lookup(parent, name, nd);
- if (IS_ERR(dentry)) {
- mutex_unlock(&dir->i_mutex);
- return PTR_ERR(dentry);
- }
- /* known good */
- need_reval = 0;
- status = 1;
- } else if (unlikely(d_need_lookup(dentry))) {
- dentry = d_inode_lookup(parent, dentry, nd);
- if (IS_ERR(dentry)) {
- mutex_unlock(&dir->i_mutex);
- return PTR_ERR(dentry);
- }
- /* known good */
- need_reval = 0;
- status = 1;
- }
- mutex_unlock(&dir->i_mutex);
- }
- if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE) && need_reval)
- status = d_revalidate(dentry, nd);
- if (unlikely(status <= 0)) {
- if (status < 0) {
- dput(dentry);
- return status;
- }
- if (!d_invalidate(dentry)) {
- dput(dentry);
- dentry = NULL;
- need_reval = 1;
- goto retry;
- }
- }
- path->mnt = mnt;
- path->dentry = dentry;
- err = follow_managed(path, nd->flags);
- if (unlikely(err < 0)) {
- path_put_conditional(path, nd);
- return err;
- }
- if (err)
- nd->flags |= LOOKUP_JUMPED;
- *inode = path->dentry->d_inode;
- return 0;
- }
- static inline int may_lookup(struct nameidata *nd)
- {
- if (nd->flags & LOOKUP_RCU) {
- int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
- if (err != -ECHILD)
- return err;
- if (unlazy_walk(nd, NULL))
- return -ECHILD;
- }
- return inode_permission(nd->inode, MAY_EXEC);
- }
- static inline int handle_dots(struct nameidata *nd, int type)
- {
- if (type == LAST_DOTDOT) {
- if (nd->flags & LOOKUP_RCU) {
- if (follow_dotdot_rcu(nd))
- return -ECHILD;
- } else
- follow_dotdot(nd);
- }
- return 0;
- }
- static void terminate_walk(struct nameidata *nd)
- {
- if (!(nd->flags & LOOKUP_RCU)) {
- path_put(&nd->path);
- } else {
- nd->flags &= ~LOOKUP_RCU;
- if (!(nd->flags & LOOKUP_ROOT))
- nd->root.mnt = NULL;
- rcu_read_unlock();
- br_read_unlock(vfsmount_lock);
- }
- }
- /*
- * Do we need to follow links? We _really_ want to be able
- * to do this check without having to look at inode->i_op,
- * so we keep a cache of "no, this doesn't need follow_link"
- * for the common case.
- */
- static inline int should_follow_link(struct inode *inode, int follow)
- {
- if (unlikely(!(inode->i_opflags & IOP_NOFOLLOW))) {
- if (likely(inode->i_op->follow_link))
- return follow;
- /* This gets set once for the inode lifetime */
- spin_lock(&inode->i_lock);
- inode->i_opflags |= IOP_NOFOLLOW;
- spin_unlock(&inode->i_lock);
- }
- return 0;
- }
- static inline int walk_component(struct nameidata *nd, struct path *path,
- struct qstr *name, int type, int follow)
- {
- struct inode *inode;
- int err;
- /*
- * "." and ".." are special - ".." especially so because it has
- * to be able to know about the current root directory and
- * parent relationships.
- */
- if (unlikely(type != LAST_NORM))
- return handle_dots(nd, type);
- err = do_lookup(nd, name, path, &inode);
- if (unlikely(err)) {
- terminate_walk(nd);
- return err;
- }
- if (!inode) {
- path_to_nameidata(path, nd);
- terminate_walk(nd);
- return -ENOENT;
- }
- if (should_follow_link(inode, follow)) {
- if (nd->flags & LOOKUP_RCU) {
- if (unlikely(unlazy_walk(nd, path->dentry))) {
- terminate_walk(nd);
- return -ECHILD;
- }
- }
- BUG_ON(inode != path->dentry->d_inode);
- return 1;
- }
- path_to_nameidata(path, nd);
- nd->inode = inode;
- return 0;
- }
- /*
- * This limits recursive symlink follows to 8, while
- * limiting consecutive symlinks to 40.
- *
- * Without that kind of total limit, nasty chains of consecutive
- * symlinks can cause almost arbitrarily long lookups.
- */
- static inline int nested_symlink(struct path *path, struct nameidata *nd)
- {
- int res;
- if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
- path_put_conditional(path, nd);
- path_put(&nd->path);
- return -ELOOP;
- }
- BUG_ON(nd->depth >= MAX_NESTED_LINKS);
- nd->depth++;
- current->link_count++;
- do {
- struct path link = *path;
- void *cookie;
- res = follow_link(&link, nd, &cookie);
- if (!res)
- res = walk_component(nd, path, &nd->last,
- nd->last_type, LOOKUP_FOLLOW);
- put_link(nd, &link, cookie);
- } while (res > 0);
- current->link_count--;
- nd->depth--;
- return res;
- }
- /*
- * We really don't want to look at inode->i_op->lookup
- * when we don't have to. So we keep a cache bit in
- * the inode ->i_opflags field that says "yes, we can
- * do lookup on this inode".
- */
- static inline int can_lookup(struct inode *inode)
- {
- if (likely(inode->i_opflags & IOP_LOOKUP))
- return 1;
- if (likely(!inode->i_op->lookup))
- return 0;
- /* We do this once for the lifetime of the inode */
- spin_lock(&inode->i_lock);
- inode->i_opflags |= IOP_LOOKUP;
- spin_unlock(&inode->i_lock);
- return 1;
- }
- /*
- * Name resolution.
- * This is the basic name resolution function, turning a pathname into
- * the final dentry. We expect 'base' to be positive and a directory.
- *
- * Returns 0 and nd will have valid dentry and mnt on success.
- * Returns error and drops reference to input namei data on failure.
- */
- static int link_path_walk(const char *name, struct nameidata *nd)
- {
- struct path next;
- int err;
-
- while (*name=='/')
- name++;
- if (!*name)
- return 0;
- /* At this point we know we have a real path component. */
- for(;;) {
- unsigned long hash;
- struct qstr this;
- unsigned int c;
- int type;
- err = may_lookup(nd);
- if (err)
- break;
- this.name = name;
- c = *(const unsigned char *)name;
- hash = init_name_hash();
- do {
- name++;
- hash = partial_name_hash(c, hash);
- c = *(const unsigned char *)name;
- } while (c && (c != '/'));
- this.len = name - (const char *) this.name;
- this.hash = end_name_hash(hash);
- type = LAST_NORM;
- if (this.name[0] == '.') switch (this.len) {
- case 2:
- if (this.name[1] == '.') {
- type = LAST_DOTDOT;
- nd->flags |= LOOKUP_JUMPED;
- }
- break;
- case 1:
- type = LAST_DOT;
- }
- if (likely(type == LAST_NORM)) {
- struct dentry *parent = nd->path.dentry;
- nd->flags &= ~LOOKUP_JUMPED;
- if (unlikely(parent->d_flags & DCACHE_OP_HASH)) {
- err = parent->d_op->d_hash(parent, nd->inode,
- &this);
- if (err < 0)
- break;
- }
- }
- /* remove trailing slashes? */
- if (!c)
- goto last_component;
- while (*++name == '/');
- if (!*name)
- goto last_component;
- err = walk_component(nd, &next, &this, type, LOOKUP_FOLLOW);
- if (err < 0)
- return err;
- if (err) {
- err = nested_symlink(&next, nd);
- if (err)
- return err;
- }
- if (can_lookup(nd->inode))
- continue;
- err = -ENOTDIR;
- break;
- /* here ends the main loop */
- last_component:
- nd->last = this;
- nd->last_type = type;
- return 0;
- }
- terminate_walk(nd);
- return err;
- }
- static int path_init(int dfd, const char *name, unsigned int flags,
- struct nameidata *nd, struct file **fp)
- {
- int retval = 0;
- int fput_needed;
- struct file *file;
- nd->last_type = LAST_ROOT; /* if there are only slashes... */
- nd->flags = flags | LOOKUP_JUMPED;
- nd->depth = 0;
- if (flags & LOOKUP_ROOT) {
- struct inode *inode = nd->root.dentry->d_inode;
- if (*name) {
- if (!inode->i_op->lookup)
- return -ENOTDIR;
- retval = inode_permission(inode, MAY_EXEC);
- if (retval)
- return retval;
- }
- nd->path = nd->root;
- nd->inode = inode;
- if (flags & LOOKUP_RCU) {
- br_read_lock(vfsmount_lock);
- rcu_read_lock();
- nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
- } else {
- path_get(&nd->path);
- }
- return 0;
- }
- nd->root.mnt = NULL;
- if (*name=='/') {
- if (flags & LOOKUP_RCU) {
- br_read_lock(vfsmount_lock);
- rcu_read_lock();
- set_root_rcu(nd);
- } else {
- set_root(nd);
- path_get(&nd->root);
- }
- nd->path = nd->root;
- } else if (dfd == AT_FDCWD) {
- if (flags & LOOKUP_RCU) {
- struct fs_struct *fs = current->fs;
- unsigned seq;
- br_read_lock(vfsmount_lock);
- rcu_read_lock();
- do {
- seq = read_seqcount_begin(&fs->seq);
- nd->path = fs->pwd;
- nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
- } while (read_seqcount_retry(&fs->seq, seq));
- } else {
- get_fs_pwd(current->fs, &nd->path);
- }
- } else {
- struct dentry *dentry;
- file = fget_raw_light(dfd, &fput_needed);
- retval = -EBADF;
- if (!file)
- goto out_fail;
- dentry = file->f_path.dentry;
- if (*name) {
- retval = -ENOTDIR;
- if (!S_ISDIR(dentry->d_inode->i_mode))
- goto fput_fail;
- retval = inode_permission(dentry->d_inode, MAY_EXEC);
- if (retval)
- goto fput_fail;
- }
- nd->path = file->f_path;
- if (flags & LOOKUP_RCU) {
- if (fput_needed)
- *fp = file;
- nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq);
- br_read_lock(vfsmount_lock);
- rcu_read_lock();
- } else {
- path_get(&file->f_path);
- fput_light(file, fput_needed);
- }
- }
- nd->inode = nd->path.dentry->d_inode;
- return 0;
- fput_fail:
- fput_light(file, fput_needed);
- out_fail:
- return retval;
- }
- static inline int lookup_last(struct nameidata *nd, struct path *path)
- {
- if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len])
- nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
- nd->flags &= ~LOOKUP_PARENT;
- return walk_component(nd, path, &nd->last, nd->last_type,
- nd->flags & LOOKUP_FOLLOW);
- }
- /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
- static int path_lookupat(int dfd, const char *name,
- unsigned int flags, struct nameidata *nd)
- {
- struct file *base = NULL;
- struct path path;
- int err;
- /*
- * Path walking is largely split up into 2 different synchronisation
- * schemes, rcu-walk and ref-walk (explained in
- * Documentation/filesystems/path-lookup.txt). These share much of the
- * path walk code, but some things particularly setup, cleanup, and
- * following mounts are sufficiently divergent that functions are
- * duplicated. Typically there is a function foo(), and its RCU
- * analogue, foo_rcu().
- *
- * -ECHILD is the error number of choice (just to avoid clashes) that
- * is returned if some aspect of an rcu-walk fails. Such an error must
- * be handled by restarting a traditional ref-walk (which will always
- * be able to complete).
- */
- err = path_init(dfd, name, flags | LOOKUP_PARENT, nd, &base);
- if (unlikely(err))
- return err;
- current->total_link_count = 0;
- err = link_path_walk(name, nd);
- if (!err && !(flags & LOOKUP_PARENT)) {
- err = lookup_last(nd, &path);
- while (err > 0) {
- void *cookie;
- struct path link = path;
- nd->flags |= LOOKUP_PARENT;
- err = follow_link(&link, nd, &cookie);
- if (!err)
- err = lookup_last(nd, &path);
- put_link(nd, &link, cookie);
- }
- }
- if (!err)
- err = complete_walk(nd);
- if (!err && nd->flags & LOOKUP_DIRECTORY) {
- if (!nd->inode->i_op->lookup) {
- path_put(&nd->path);
- err = -ENOTDIR;
- }
- }
- if (base)
- fput(base);
- if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) {
- path_put(&nd->root);
- nd->root.mnt = NULL;
- }
- return err;
- }
- static int do_path_lookup(int dfd, const char *name,
- unsigned int flags, struct nameidata *nd)
- {
- int retval = path_lookupat(dfd, name, flags | LOOKUP_RCU, nd);
- if (unlikely(retval == -ECHILD))
- retval = path_lookupat(dfd, name, flags, nd);
- if (unlikely(retval == -ESTALE))
- retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
- if (likely(!retval)) {
- if (unlikely(!audit_dummy_context())) {
- if (nd->path.dentry && nd->inode)
- audit_inode(name, nd->path.dentry);
- }
- }
- return retval;
- }
- int kern_path_parent(const char *name, struct nameidata *nd)
- {
- return do_path_lookup(AT_FDCWD, name, LOOKUP_PARENT, nd);
- }
- int kern_path(const char *name, unsigned int flags, struct path *path)
- {
- struct nameidata nd;
- int res = do_path_lookup(AT_FDCWD, name, flags, &nd);
- if (!res)
- *path = nd.path;
- return res;
- }
- /**
- * vfs_path_lookup - lookup a file path relative to a dentry-vfsmount pair
- * @dentry: pointer to dentry of the base directory
- * @mnt: pointer to vfs mount of the base directory
- * @name: pointer to file name
- * @flags: lookup flags
- * @path: pointer to struct path to fill
- */
- int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
- const char *name, unsigned int flags,
- struct path *path)
- {
- struct nameidata nd;
- int err;
- nd.root.dentry = dentry;
- nd.root.mnt = mnt;
- BUG_ON(flags & LOOKUP_PARENT);
- /* the first argument of do_path_lookup() is ignored with LOOKUP_ROOT */
- err = do_path_lookup(AT_FDCWD, name, flags | LOOKUP_ROOT, &nd);
- if (!err)
- *path = nd.path;
- return err;
- }
- static struct dentry *__lookup_hash(struct qstr *name,
- struct dentry *base, struct nameidata *nd)
- {
- struct inode *inode = base->d_inode;
- struct dentry *dentry;
- int err;
- err = inode_permission(inode, MAY_EXEC);
- if (err)
- return ERR_PTR(err);
- /*
- * Don't bother with __d_lookup: callers are for creat as
- * well as unlink, so a lot of the time it would cost
- * a double lookup.
- */
- dentry = d_lookup(base, name);
- if (dentry && d_need_lookup(dentry)) {
- /*
- * __lookup_hash is called with the parent dir's i_mutex already
- * held, so we are good to go here.
- */
- dentry = d_inode_lookup(base, dentry, nd);
- if (IS_ERR(dentry))
- return dentry;
- }
- if (dentry && (dentry->d_flags & DCACHE_OP_REVALIDATE)) {
- int status = d_revalidate(dentry, nd);
- if (unlikely(status <= 0)) {
- /*
- * The dentry failed validation.
- * If d_revalidate returned 0 attempt to invalidate
- * the dentry otherwise d_revalidate is asking us
- * to return a fail status.
- */
- if (status < 0) {
- dput(dentry);
- return ERR_PTR(status);
- } else if (!d_invalidate(dentry)) {
- dput(dentry);
- dentry = NULL;
- }
- }
- }
- if (!dentry)
- dentry = d_alloc_and_lookup(base, name, nd);
- return dentry;
- }
- /*
- * Restricted form of lookup. Doesn't follow links, single-component only,
- * needs parent already locked. Doesn't follow mounts.
- * SMP-safe.
- */
- static struct dentry *lookup_hash(struct nameidata *nd)
- {
- return __lookup_hash(&nd->last, nd->path.dentry, nd);
- }
- /**
- * lookup_one_len - filesystem helper to lookup single pathname component
- * @name: pathname component to lookup
- * @base: base directory to lookup from
- * @len: maximum length @len should be interpreted to
- *
- * Note that this routine is purely a helper for filesystem usage and should
- * not be called by generic code. Also note that by using this function the
- * nameidata argument is passed to the filesystem methods and a filesystem
- * using this helper needs to be prepared for that.
- */
- struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
- {
- struct qstr this;
- unsigned long hash;
- unsigned int c;
- WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex));
- this.name = name;
- this.len = len;
- if (!len)
- return ERR_PTR(-EACCES);
- hash = init_name_hash();
- while (len--) {
- c = *(const unsigned char *)name++;
- if (c == '/' || c == '\0')
- return ERR_PTR(-EACCES);
- hash = partial_name_hash(c, hash);
- }
- this.hash = end_name_hash(hash);
- /*
- * See if the low-level filesystem might want
- * to use its own hash..
- */
- if (base->d_flags & DCACHE_OP_HASH) {
- int err = base->d_op->d_hash(base, base->d_inode, &this);
- if (err < 0)
- return ERR_PTR(err);
- }
- return __lookup_hash(&this, base, NULL);
- }
- int user_path_at_empty(int dfd, const char __user *name, unsigned flags,
- struct path *path, int *empty)
- {
- struct nameidata nd;
- char *tmp = getname_flags(name, flags, empty);
- int err = PTR_ERR(tmp);
- if (!IS_ERR(tmp)) {
- BUG_ON(flags & LOOKUP_PARENT);
- err = do_path_lookup(dfd, tmp, flags, &nd);
- putname(tmp);
- if (!err)
- *path = nd.path;
- }
- return err;
- }
- int user_path_at(int dfd, const char __user *name, unsigned flags,
- struct path *path)
- {
- return user_path_at_empty(dfd, name, flags, path, 0);
- }
- static int user_path_parent(int dfd, const char __user *path,
- struct nameidata *nd, char **name)
- {
- char *s = getname(path);
- int error;
- if (IS_ERR(s))
- return PTR_ERR(s);
- error = do_path_lookup(dfd, s, LOOKUP_PARENT, nd);
- if (error)
- putname(s);
- else
- *name = s;
- return error;
- }
- /*
- * It's inline, so penalty for filesystems that don't use sticky bit is
- * minimal.
- */
- static inline int check_sticky(struct inode *dir, struct inode *inode)
- {
- uid_t fsuid = current_fsuid();
- if (!(dir->i_mode & S_ISVTX))
- return 0;
- if (current_user_ns() != inode_userns(inode))
- goto other_userns;
- if (inode->i_uid == fsuid)
- return 0;
- if (dir->i_uid == fsuid)
- return 0;
- other_userns:
- return !ns_capable(inode_userns(inode), CAP_FOWNER);
- }
- /*
- * Check whether we can remove a link victim from directory dir, check
- * whether the type of victim is right.
- * 1. We can't do it if dir is read-only (done in permission())
- * 2. We should have write and exec permissions on dir
- * 3. We can't remove anything from append-only dir
- * 4. We can't do anything with immutable dir (done in permission())
- * 5. If the sticky bit on dir is set we should either
- * a. be owner of dir, or
- * b. be owner of victim, or
- * c. have CAP_FOWNER capability
- * 6. If the victim is append-only or immutable we can't do antyhing with
- * links pointing to it.
- * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
- * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
- * 9. We can't remove a root or mountpoint.
- * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
- * nfs_async_unlink().
- */
- static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
- {
- int error;
- if (!victim->d_inode)
- return -ENOENT;
- BUG_ON(victim->d_parent->d_inode != dir);
- audit_inode_child(victim, dir);
- error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
- if (error)
- return error;
- if (IS_APPEND(dir))
- return -EPERM;
- if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
- IS_IMMUTABLE(victim->d_inode) || IS_SWAPFILE(victim->d_inode))
- return -EPERM;
- if (isdir) {
- if (!S_ISDIR(victim->d_inode->i_mode))
- return -ENOTDIR;
- if (IS_ROOT(victim))
- return -EBUSY;
- } else if (S_ISDIR(victim->d_inode->i_mode))
- return -EISDIR;
- if (IS_DEADDIR(dir))
- return -ENOENT;
- if (victim->d_flags & DCACHE_NFSFS_RENAMED)
- return -EBUSY;
- return 0;
- }
- /* Check whether we can create an object with dentry child in directory
- * dir.
- * 1. We can't do it if child already exists (open has special treatment for
- * this case, but since we are inlined it's OK)
- * 2. We can't do it if dir is read-only (done in permission())
- * 3. We should have write and exec permissions on dir
- * 4. We can't do it if dir is immutable (done in permission())
- */
- static inline int may_create(struct inode *dir, struct dentry *child)
- {
- if (child->d_inode)
- return -EEXIST;
- if (IS_DEADDIR(dir))
- return -ENOENT;
- return inode_permission(dir, MAY_WRITE | MAY_EXEC);
- }
- /*
- * p1 and p2 should be directories on the same fs.
- */
- struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
- {
- struct dentry *p;
- if (p1 == p2) {
- mutex_lock_nested(&p1->d_inode->i_mutex, I_MUTEX_PARENT);
- return NULL;
- }
- mutex_lock(&p1->d_inode->i_sb->s_vfs_rena…