4 * Copyright (C) 1991, 1992 Linus Torvalds
8 * Some corrections by tytso.
11 /* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
14 /* [Feb-Apr 2000, AV] Rewrite to the new namespace architecture.
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/slab.h>
21 #include <linux/namei.h>
22 #include <linux/quotaops.h>
23 #include <linux/pagemap.h>
24 #include <linux/fsnotify.h>
25 #include <linux/smp_lock.h>
26 #include <linux/personality.h>
27 #include <linux/security.h>
28 #include <linux/syscalls.h>
29 #include <linux/mount.h>
30 #include <linux/audit.h>
31 #include <linux/capability.h>
32 #include <linux/file.h>
33 #include <asm/namei.h>
34 #include <asm/uaccess.h>
36 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
38 /* [Feb-1997 T. Schoebel-Theuer]
39 * Fundamental changes in the pathname lookup mechanisms (namei)
40 * were necessary because of omirr. The reason is that omirr needs
41 * to know the _real_ pathname, not the user-supplied one, in case
42 * of symlinks (and also when transname replacements occur).
44 * The new code replaces the old recursive symlink resolution with
45 * an iterative one (in case of non-nested symlink chains). It does
46 * this with calls to <fs>_follow_link().
47 * As a side effect, dir_namei(), _namei() and follow_link() are now
48 * replaced with a single function lookup_dentry() that can handle all
49 * the special cases of the former code.
51 * With the new dcache, the pathname is stored at each inode, at least as
52 * long as the refcount of the inode is positive. As a side effect, the
53 * size of the dcache depends on the inode cache and thus is dynamic.
55 * [29-Apr-1998 C. Scott Ananian] Updated above description of symlink
56 * resolution to correspond with current state of the code.
58 * Note that the symlink resolution is not *completely* iterative.
59 * There is still a significant amount of tail- and mid- recursion in
60 * the algorithm. Also, note that <fs>_readlink() is not used in
61 * lookup_dentry(): lookup_dentry() on the result of <fs>_readlink()
62 * may return different results than <fs>_follow_link(). Many virtual
63 * filesystems (including /proc) exhibit this behavior.
66 /* [24-Feb-97 T. Schoebel-Theuer] Side effects caused by new implementation:
67 * New symlink semantics: when open() is called with flags O_CREAT | O_EXCL
68 * and the name already exists in form of a symlink, try to create the new
69 * name indicated by the symlink. The old code always complained that the
70 * name already exists, due to not following the symlink even if its target
71 * is nonexistent. The new semantics affects also mknod() and link() when
72 * the name is a symlink pointing to a non-existant name.
74 * I don't know which semantics is the right one, since I have no access
75 * to standards. But I found by trial that HP-UX 9.0 has the full "new"
76 * semantics implemented, while SunOS 4.1.1 and Solaris (SunOS 5.4) have the
77 * "old" one. Personally, I think the new semantics is much more logical.
78 * Note that "ln old new" where "new" is a symlink pointing to a non-existing
79 * file does succeed in both HP-UX and SunOs, but not in Solaris
80 * and in the old Linux semantics.
83 /* [16-Dec-97 Kevin Buhr] For security reasons, we change some symlink
84 * semantics. See the comments in "open_namei" and "do_link" below.
86 * [10-Sep-98 Alan Modra] Another symlink change.
89 /* [Feb-Apr 2000 AV] Complete rewrite. Rules for symlinks:
90 * inside the path - always follow.
91 * in the last component in creation/removal/renaming - never follow.
92 * if LOOKUP_FOLLOW passed - follow.
93 * if the pathname has trailing slashes - follow.
94 * otherwise - don't follow.
95 * (applied in that order).
97 * [Jun 2000 AV] Inconsistent behaviour of open() in case if flags==O_CREAT
98 * restored for 2.4. This is the last surviving part of old 4.2BSD bug.
99 * During the 2.4 we need to fix the userland stuff depending on it -
100 * hopefully we will be able to get rid of that wart in 2.5. So far only
101 * XEmacs seems to be relying on it...
104 * [Sep 2001 AV] Single-semaphore locking scheme (kudos to David Holland)
105 * implemented. Let's see if raised priority of ->s_vfs_rename_sem gives
106 * any extra contention...
109 /* In order to reduce some races, while at the same time doing additional
110 * checking and hopefully speeding things up, we copy filenames to the
111 * kernel data space before using them..
113 * POSIX.1 2.4: an empty pathname is invalid (ENOENT).
114 * PATH_MAX includes the nul terminator --RR.
116 static int do_getname(const char __user *filename, char *page)
119 unsigned long len = PATH_MAX;
121 if (!segment_eq(get_fs(), KERNEL_DS)) {
122 if ((unsigned long) filename >= TASK_SIZE)
124 if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
125 len = TASK_SIZE - (unsigned long) filename;
128 retval = strncpy_from_user(page, filename, len);
132 return -ENAMETOOLONG;
138 char * getname(const char __user * filename)
142 result = ERR_PTR(-ENOMEM);
145 int retval = do_getname(filename, tmp);
150 result = ERR_PTR(retval);
153 audit_getname(result);
157 #ifdef CONFIG_AUDITSYSCALL
158 void putname(const char *name)
160 if (unlikely(current->audit_context))
165 EXPORT_SYMBOL(putname);
170 * generic_permission - check for access rights on a Posix-like filesystem
171 * @inode: inode to check access rights for
172 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
173 * @check_acl: optional callback to check for Posix ACLs
175 * Used to check for read/write/execute permissions on a file.
176 * We use "fsuid" for this, letting us set arbitrary permissions
177 * for filesystem access without changing the "normal" uids which
178 * are used for other things..
180 int generic_permission(struct inode *inode, int mask,
181 int (*check_acl)(struct inode *inode, int mask))
183 umode_t mode = inode->i_mode;
185 if (current->fsuid == inode->i_uid)
188 if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
189 int error = check_acl(inode, mask);
190 if (error == -EACCES)
191 goto check_capabilities;
192 else if (error != -EAGAIN)
196 if (in_group_p(inode->i_gid))
201 * If the DACs are ok we don't need any capability check.
203 if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask))
208 * Read/write DACs are always overridable.
209 * Executable DACs are overridable if at least one exec bit is set.
211 if (!(mask & MAY_EXEC) ||
212 (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
213 if (capable(CAP_DAC_OVERRIDE))
217 * Searching includes executable on directories, else just read.
219 if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
220 if (capable(CAP_DAC_READ_SEARCH))
226 int permission(struct inode *inode, int mask, struct nameidata *nd)
230 if (mask & MAY_WRITE) {
231 umode_t mode = inode->i_mode;
234 * Nobody gets write access to a read-only fs.
236 if (IS_RDONLY(inode) &&
237 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
241 * Nobody gets write access to an immutable file.
243 if (IS_IMMUTABLE(inode))
248 /* Ordinary permission routines do not understand MAY_APPEND. */
249 submask = mask & ~MAY_APPEND;
250 if (inode->i_op && inode->i_op->permission)
251 retval = inode->i_op->permission(inode, submask, nd);
253 retval = generic_permission(inode, submask, NULL);
257 return security_inode_permission(inode, mask, nd);
261 * vfs_permission - check for access rights to a given path
262 * @nd: lookup result that describes the path
263 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
265 * Used to check for read/write/execute permissions on a path.
266 * We use "fsuid" for this, letting us set arbitrary permissions
267 * for filesystem access without changing the "normal" uids which
268 * are used for other things.
270 int vfs_permission(struct nameidata *nd, int mask)
272 return permission(nd->dentry->d_inode, mask, nd);
276 * file_permission - check for additional access rights to a given file
277 * @file: file to check access rights for
278 * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
280 * Used to check for read/write/execute permissions on an already opened
284 * Do not use this function in new code. All access checks should
285 * be done using vfs_permission().
287 int file_permission(struct file *file, int mask)
289 return permission(file->f_dentry->d_inode, mask, NULL);
293 * get_write_access() gets write permission for a file.
294 * put_write_access() releases this write permission.
295 * This is used for regular files.
296 * We cannot support write (and maybe mmap read-write shared) accesses and
297 * MAP_DENYWRITE mmappings simultaneously. The i_writecount field of an inode
298 * can have the following values:
299 * 0: no writers, no VM_DENYWRITE mappings
300 * < 0: (-i_writecount) vm_area_structs with VM_DENYWRITE set exist
301 * > 0: (i_writecount) users are writing to the file.
303 * Normally we operate on that counter with atomic_{inc,dec} and it's safe
304 * except for the cases where we don't hold i_writecount yet. Then we need to
305 * use {get,deny}_write_access() - these functions check the sign and refuse
306 * to do the change if sign is wrong. Exclusion between them is provided by
307 * the inode->i_lock spinlock.
310 int get_write_access(struct inode * inode)
312 spin_lock(&inode->i_lock);
313 if (atomic_read(&inode->i_writecount) < 0) {
314 spin_unlock(&inode->i_lock);
317 atomic_inc(&inode->i_writecount);
318 spin_unlock(&inode->i_lock);
323 int deny_write_access(struct file * file)
325 struct inode *inode = file->f_dentry->d_inode;
327 spin_lock(&inode->i_lock);
328 if (atomic_read(&inode->i_writecount) > 0) {
329 spin_unlock(&inode->i_lock);
332 atomic_dec(&inode->i_writecount);
333 spin_unlock(&inode->i_lock);
338 void path_release(struct nameidata *nd)
345 * umount() mustn't call path_release()/mntput() as that would clear
348 void path_release_on_umount(struct nameidata *nd)
351 mntput_no_expire(nd->mnt);
355 * release_open_intent - free up open intent resources
356 * @nd: pointer to nameidata
358 void release_open_intent(struct nameidata *nd)
360 if (nd->intent.open.file->f_dentry == NULL)
361 put_filp(nd->intent.open.file);
363 fput(nd->intent.open.file);
367 * Internal lookup() using the new generic dcache.
370 static struct dentry * cached_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd)
372 struct dentry * dentry = __d_lookup(parent, name);
374 /* lockess __d_lookup may fail due to concurrent d_move()
375 * in some unrelated directory, so try with d_lookup
378 dentry = d_lookup(parent, name);
380 if (dentry && dentry->d_op && dentry->d_op->d_revalidate) {
381 if (!dentry->d_op->d_revalidate(dentry, nd) && !d_invalidate(dentry)) {
390 * Short-cut version of permission(), for calling by
391 * path_walk(), when dcache lock is held. Combines parts
392 * of permission() and generic_permission(), and tests ONLY for
393 * MAY_EXEC permission.
395 * If appropriate, check DAC only. If not appropriate, or
396 * short-cut DAC fails, then call permission() to do more
397 * complete permission check.
399 static int exec_permission_lite(struct inode *inode,
400 struct nameidata *nd)
402 umode_t mode = inode->i_mode;
404 if (inode->i_op && inode->i_op->permission)
407 if (current->fsuid == inode->i_uid)
409 else if (in_group_p(inode->i_gid))
415 if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
418 if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_OVERRIDE))
421 if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
426 return security_inode_permission(inode, MAY_EXEC, nd);
430 * This is called when everything else fails, and we actually have
431 * to go to the low-level filesystem to find out what we should do..
433 * We get the directory semaphore, and after getting that we also
434 * make sure that nobody added the entry to the dcache in the meantime..
437 static struct dentry * real_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd)
439 struct dentry * result;
440 struct inode *dir = parent->d_inode;
442 mutex_lock(&dir->i_mutex);
444 * First re-do the cached lookup just in case it was created
445 * while we waited for the directory semaphore..
447 * FIXME! This could use version numbering or similar to
448 * avoid unnecessary cache lookups.
450 * The "dcache_lock" is purely to protect the RCU list walker
451 * from concurrent renames at this point (we mustn't get false
452 * negatives from the RCU list walk here, unlike the optimistic
455 * so doing d_lookup() (with seqlock), instead of lockfree __d_lookup
457 result = d_lookup(parent, name);
459 struct dentry * dentry = d_alloc(parent, name);
460 result = ERR_PTR(-ENOMEM);
462 result = dir->i_op->lookup(dir, dentry, nd);
468 mutex_unlock(&dir->i_mutex);
473 * Uhhuh! Nasty case: the cache was re-populated while
474 * we waited on the semaphore. Need to revalidate.
476 mutex_unlock(&dir->i_mutex);
477 if (result->d_op && result->d_op->d_revalidate) {
478 if (!result->d_op->d_revalidate(result, nd) && !d_invalidate(result)) {
480 result = ERR_PTR(-ENOENT);
486 static int __emul_lookup_dentry(const char *, struct nameidata *);
489 static __always_inline int
490 walk_init_root(const char *name, struct nameidata *nd)
492 read_lock(¤t->fs->lock);
493 if (current->fs->altroot && !(nd->flags & LOOKUP_NOALT)) {
494 nd->mnt = mntget(current->fs->altrootmnt);
495 nd->dentry = dget(current->fs->altroot);
496 read_unlock(¤t->fs->lock);
497 if (__emul_lookup_dentry(name,nd))
499 read_lock(¤t->fs->lock);
501 nd->mnt = mntget(current->fs->rootmnt);
502 nd->dentry = dget(current->fs->root);
503 read_unlock(¤t->fs->lock);
507 static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
516 if (!walk_init_root(link, nd))
517 /* weird __emul_prefix() stuff did it */
520 res = link_path_walk(link, nd);
522 if (nd->depth || res || nd->last_type!=LAST_NORM)
525 * If it is an iterative symlinks resolution in open_namei() we
526 * have to copy the last component. And all that crap because of
527 * bloody create() on broken symlinks. Furrfu...
530 if (unlikely(!name)) {
534 strcpy(name, nd->last.name);
535 nd->last.name = name;
539 return PTR_ERR(link);
543 struct vfsmount *mnt;
544 struct dentry *dentry;
547 static __always_inline int __do_follow_link(struct path *path, struct nameidata *nd)
551 struct dentry *dentry = path->dentry;
553 touch_atime(path->mnt, dentry);
554 nd_set_link(nd, NULL);
556 if (path->mnt == nd->mnt)
558 cookie = dentry->d_inode->i_op->follow_link(dentry, nd);
559 error = PTR_ERR(cookie);
560 if (!IS_ERR(cookie)) {
561 char *s = nd_get_link(nd);
564 error = __vfs_follow_link(nd, s);
565 if (dentry->d_inode->i_op->put_link)
566 dentry->d_inode->i_op->put_link(dentry, nd, cookie);
574 static inline void dput_path(struct path *path, struct nameidata *nd)
577 if (path->mnt != nd->mnt)
581 static inline void path_to_nameidata(struct path *path, struct nameidata *nd)
584 if (nd->mnt != path->mnt)
587 nd->dentry = path->dentry;
591 * This limits recursive symlink follows to 8, while
592 * limiting consecutive symlinks to 40.
594 * Without that kind of total limit, nasty chains of consecutive
595 * symlinks can cause almost arbitrarily long lookups.
597 static inline int do_follow_link(struct path *path, struct nameidata *nd)
600 if (current->link_count >= MAX_NESTED_LINKS)
602 if (current->total_link_count >= 40)
604 BUG_ON(nd->depth >= MAX_NESTED_LINKS);
606 err = security_inode_follow_link(path->dentry, nd);
609 current->link_count++;
610 current->total_link_count++;
612 err = __do_follow_link(path, nd);
613 current->link_count--;
622 int follow_up(struct vfsmount **mnt, struct dentry **dentry)
624 struct vfsmount *parent;
625 struct dentry *mountpoint;
626 spin_lock(&vfsmount_lock);
627 parent=(*mnt)->mnt_parent;
628 if (parent == *mnt) {
629 spin_unlock(&vfsmount_lock);
633 mountpoint=dget((*mnt)->mnt_mountpoint);
634 spin_unlock(&vfsmount_lock);
636 *dentry = mountpoint;
642 /* no need for dcache_lock, as serialization is taken care in
645 static int __follow_mount(struct path *path)
648 while (d_mountpoint(path->dentry)) {
649 struct vfsmount *mounted = lookup_mnt(path->mnt, path->dentry);
656 path->dentry = dget(mounted->mnt_root);
662 static void follow_mount(struct vfsmount **mnt, struct dentry **dentry)
664 while (d_mountpoint(*dentry)) {
665 struct vfsmount *mounted = lookup_mnt(*mnt, *dentry);
671 *dentry = dget(mounted->mnt_root);
675 /* no need for dcache_lock, as serialization is taken care in
678 int follow_down(struct vfsmount **mnt, struct dentry **dentry)
680 struct vfsmount *mounted;
682 mounted = lookup_mnt(*mnt, *dentry);
687 *dentry = dget(mounted->mnt_root);
693 static __always_inline void follow_dotdot(struct nameidata *nd)
696 struct vfsmount *parent;
697 struct dentry *old = nd->dentry;
699 read_lock(¤t->fs->lock);
700 if (nd->dentry == current->fs->root &&
701 nd->mnt == current->fs->rootmnt) {
702 read_unlock(¤t->fs->lock);
705 read_unlock(¤t->fs->lock);
706 spin_lock(&dcache_lock);
707 if (nd->dentry != nd->mnt->mnt_root) {
708 nd->dentry = dget(nd->dentry->d_parent);
709 spin_unlock(&dcache_lock);
713 spin_unlock(&dcache_lock);
714 spin_lock(&vfsmount_lock);
715 parent = nd->mnt->mnt_parent;
716 if (parent == nd->mnt) {
717 spin_unlock(&vfsmount_lock);
721 nd->dentry = dget(nd->mnt->mnt_mountpoint);
722 spin_unlock(&vfsmount_lock);
727 follow_mount(&nd->mnt, &nd->dentry);
731 * It's more convoluted than I'd like it to be, but... it's still fairly
732 * small and for now I'd prefer to have fast path as straight as possible.
733 * It _is_ time-critical.
735 static int do_lookup(struct nameidata *nd, struct qstr *name,
738 struct vfsmount *mnt = nd->mnt;
739 struct dentry *dentry = __d_lookup(nd->dentry, name);
743 if (dentry->d_op && dentry->d_op->d_revalidate)
744 goto need_revalidate;
747 path->dentry = dentry;
748 __follow_mount(path);
752 dentry = real_lookup(nd->dentry, name, nd);
758 if (dentry->d_op->d_revalidate(dentry, nd))
760 if (d_invalidate(dentry))
766 return PTR_ERR(dentry);
771 * This is the basic name resolution function, turning a pathname into
772 * the final dentry. We expect 'base' to be positive and a directory.
774 * Returns 0 and nd will have valid dentry and mnt on success.
775 * Returns error and drops reference to input namei data on failure.
777 static fastcall int __link_path_walk(const char * name, struct nameidata *nd)
782 unsigned int lookup_flags = nd->flags;
789 inode = nd->dentry->d_inode;
791 lookup_flags = LOOKUP_FOLLOW;
793 /* At this point we know we have a real path component. */
799 nd->flags |= LOOKUP_CONTINUE;
800 err = exec_permission_lite(inode, nd);
802 err = vfs_permission(nd, MAY_EXEC);
807 c = *(const unsigned char *)name;
809 hash = init_name_hash();
812 hash = partial_name_hash(c, hash);
813 c = *(const unsigned char *)name;
814 } while (c && (c != '/'));
815 this.len = name - (const char *) this.name;
816 this.hash = end_name_hash(hash);
818 /* remove trailing slashes? */
821 while (*++name == '/');
823 goto last_with_slashes;
826 * "." and ".." are special - ".." especially so because it has
827 * to be able to know about the current root directory and
828 * parent relationships.
830 if (this.name[0] == '.') switch (this.len) {
834 if (this.name[1] != '.')
837 inode = nd->dentry->d_inode;
843 * See if the low-level filesystem might want
844 * to use its own hash..
846 if (nd->dentry->d_op && nd->dentry->d_op->d_hash) {
847 err = nd->dentry->d_op->d_hash(nd->dentry, &this);
851 /* This does the actual lookups.. */
852 err = do_lookup(nd, &this, &next);
857 inode = next.dentry->d_inode;
864 if (inode->i_op->follow_link) {
865 err = do_follow_link(&next, nd);
869 inode = nd->dentry->d_inode;
876 path_to_nameidata(&next, nd);
878 if (!inode->i_op->lookup)
881 /* here ends the main loop */
884 lookup_flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
886 nd->flags &= ~LOOKUP_CONTINUE;
887 if (lookup_flags & LOOKUP_PARENT)
889 if (this.name[0] == '.') switch (this.len) {
893 if (this.name[1] != '.')
896 inode = nd->dentry->d_inode;
901 if (nd->dentry->d_op && nd->dentry->d_op->d_hash) {
902 err = nd->dentry->d_op->d_hash(nd->dentry, &this);
906 err = do_lookup(nd, &this, &next);
909 inode = next.dentry->d_inode;
910 if ((lookup_flags & LOOKUP_FOLLOW)
911 && inode && inode->i_op && inode->i_op->follow_link) {
912 err = do_follow_link(&next, nd);
915 inode = nd->dentry->d_inode;
917 path_to_nameidata(&next, nd);
921 if (lookup_flags & LOOKUP_DIRECTORY) {
923 if (!inode->i_op || !inode->i_op->lookup)
929 nd->last_type = LAST_NORM;
930 if (this.name[0] != '.')
933 nd->last_type = LAST_DOT;
934 else if (this.len == 2 && this.name[1] == '.')
935 nd->last_type = LAST_DOTDOT;
940 * We bypassed the ordinary revalidation routines.
941 * We may need to check the cached dentry for staleness.
943 if (nd->dentry && nd->dentry->d_sb &&
944 (nd->dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT)) {
946 /* Note: we do not d_invalidate() */
947 if (!nd->dentry->d_op->d_revalidate(nd->dentry, nd))
953 dput_path(&next, nd);
962 * Wrapper to retry pathname resolution whenever the underlying
963 * file system returns an ESTALE.
965 * Retry the whole path once, forcing real lookup requests
966 * instead of relying on the dcache.
968 int fastcall link_path_walk(const char *name, struct nameidata *nd)
970 struct nameidata save = *nd;
973 /* make sure the stuff we saved doesn't go away */
977 result = __link_path_walk(name, nd);
978 if (result == -ESTALE) {
982 nd->flags |= LOOKUP_REVAL;
983 result = __link_path_walk(name, nd);
992 int fastcall path_walk(const char * name, struct nameidata *nd)
994 current->total_link_count = 0;
995 return link_path_walk(name, nd);
999 * SMP-safe: Returns 1 and nd will have valid dentry and mnt, if
1000 * everything is done. Returns 0 and drops input nd, if lookup failed;
1002 static int __emul_lookup_dentry(const char *name, struct nameidata *nd)
1004 if (path_walk(name, nd))
1005 return 0; /* something went wrong... */
1007 if (!nd->dentry->d_inode || S_ISDIR(nd->dentry->d_inode->i_mode)) {
1008 struct dentry *old_dentry = nd->dentry;
1009 struct vfsmount *old_mnt = nd->mnt;
1010 struct qstr last = nd->last;
1011 int last_type = nd->last_type;
1013 * NAME was not found in alternate root or it's a directory. Try to find
1014 * it in the normal root:
1016 nd->last_type = LAST_ROOT;
1017 read_lock(¤t->fs->lock);
1018 nd->mnt = mntget(current->fs->rootmnt);
1019 nd->dentry = dget(current->fs->root);
1020 read_unlock(¤t->fs->lock);
1021 if (path_walk(name, nd) == 0) {
1022 if (nd->dentry->d_inode) {
1029 nd->dentry = old_dentry;
1032 nd->last_type = last_type;
1037 void set_fs_altroot(void)
1039 char *emul = __emul_prefix();
1040 struct nameidata nd;
1041 struct vfsmount *mnt = NULL, *oldmnt;
1042 struct dentry *dentry = NULL, *olddentry;
1047 err = path_lookup(emul, LOOKUP_FOLLOW|LOOKUP_DIRECTORY|LOOKUP_NOALT, &nd);
1053 write_lock(¤t->fs->lock);
1054 oldmnt = current->fs->altrootmnt;
1055 olddentry = current->fs->altroot;
1056 current->fs->altrootmnt = mnt;
1057 current->fs->altroot = dentry;
1058 write_unlock(¤t->fs->lock);
1065 /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */
1066 int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata *nd)
1070 nd->last_type = LAST_ROOT; /* if there are only slashes... */
1074 read_lock(¤t->fs->lock);
1076 if (current->fs->altroot && !(nd->flags & LOOKUP_NOALT)) {
1077 nd->mnt = mntget(current->fs->altrootmnt);
1078 nd->dentry = dget(current->fs->altroot);
1079 read_unlock(¤t->fs->lock);
1080 if (__emul_lookup_dentry(name,nd))
1081 goto out; /* found in altroot */
1082 read_lock(¤t->fs->lock);
1084 nd->mnt = mntget(current->fs->rootmnt);
1085 nd->dentry = dget(current->fs->root);
1087 nd->mnt = mntget(current->fs->pwdmnt);
1088 nd->dentry = dget(current->fs->pwd);
1090 read_unlock(¤t->fs->lock);
1091 current->total_link_count = 0;
1092 retval = link_path_walk(name, nd);
1094 if (unlikely(current->audit_context
1095 && nd && nd->dentry && nd->dentry->d_inode))
1096 audit_inode(name, nd->dentry->d_inode, flags);
1100 static int __path_lookup_intent_open(const char *name, unsigned int lookup_flags,
1101 struct nameidata *nd, int open_flags, int create_mode)
1103 struct file *filp = get_empty_filp();
1108 nd->intent.open.file = filp;
1109 nd->intent.open.flags = open_flags;
1110 nd->intent.open.create_mode = create_mode;
1111 err = path_lookup(name, lookup_flags|LOOKUP_OPEN, nd);
1112 if (IS_ERR(nd->intent.open.file)) {
1114 err = PTR_ERR(nd->intent.open.file);
1117 } else if (err != 0)
1118 release_open_intent(nd);
1123 * path_lookup_open - lookup a file path with open intent
1124 * @name: pointer to file name
1125 * @lookup_flags: lookup intent flags
1126 * @nd: pointer to nameidata
1127 * @open_flags: open intent flags
1129 int path_lookup_open(const char *name, unsigned int lookup_flags,
1130 struct nameidata *nd, int open_flags)
1132 return __path_lookup_intent_open(name, lookup_flags, nd,
1137 * path_lookup_create - lookup a file path with open + create intent
1138 * @name: pointer to file name
1139 * @lookup_flags: lookup intent flags
1140 * @nd: pointer to nameidata
1141 * @open_flags: open intent flags
1142 * @create_mode: create intent flags
1144 static int path_lookup_create(const char *name, unsigned int lookup_flags,
1145 struct nameidata *nd, int open_flags,
1148 return __path_lookup_intent_open(name, lookup_flags|LOOKUP_CREATE, nd,
1149 open_flags, create_mode);
1152 int __user_path_lookup_open(const char __user *name, unsigned int lookup_flags,
1153 struct nameidata *nd, int open_flags)
1155 char *tmp = getname(name);
1156 int err = PTR_ERR(tmp);
1159 err = __path_lookup_intent_open(tmp, lookup_flags, nd, open_flags, 0);
1166 * Restricted form of lookup. Doesn't follow links, single-component only,
1167 * needs parent already locked. Doesn't follow mounts.
1170 static struct dentry * __lookup_hash(struct qstr *name, struct dentry * base, struct nameidata *nd)
1172 struct dentry * dentry;
1173 struct inode *inode;
1176 inode = base->d_inode;
1177 err = permission(inode, MAY_EXEC, nd);
1178 dentry = ERR_PTR(err);
1183 * See if the low-level filesystem might want
1184 * to use its own hash..
1186 if (base->d_op && base->d_op->d_hash) {
1187 err = base->d_op->d_hash(base, name);
1188 dentry = ERR_PTR(err);
1193 dentry = cached_lookup(base, name, nd);
1195 struct dentry *new = d_alloc(base, name);
1196 dentry = ERR_PTR(-ENOMEM);
1199 dentry = inode->i_op->lookup(inode, new, nd);
1209 struct dentry * lookup_hash(struct nameidata *nd)
1211 return __lookup_hash(&nd->last, nd->dentry, nd);
1215 struct dentry * lookup_one_len(const char * name, struct dentry * base, int len)
1226 hash = init_name_hash();
1228 c = *(const unsigned char *)name++;
1229 if (c == '/' || c == '\0')
1231 hash = partial_name_hash(c, hash);
1233 this.hash = end_name_hash(hash);
1235 return __lookup_hash(&this, base, NULL);
1237 return ERR_PTR(-EACCES);
1243 * is used by most simple commands to get the inode of a specified name.
1244 * Open, link etc use their own routines, but this is enough for things
1247 * namei exists in two versions: namei/lnamei. The only difference is
1248 * that namei follows links, while lnamei does not.
1251 int fastcall __user_walk(const char __user *name, unsigned flags, struct nameidata *nd)
1253 char *tmp = getname(name);
1254 int err = PTR_ERR(tmp);
1257 err = path_lookup(tmp, flags, nd);
1264 * It's inline, so penalty for filesystems that don't use sticky bit is
1267 static inline int check_sticky(struct inode *dir, struct inode *inode)
1269 if (!(dir->i_mode & S_ISVTX))
1271 if (inode->i_uid == current->fsuid)
1273 if (dir->i_uid == current->fsuid)
1275 return !capable(CAP_FOWNER);
1279 * Check whether we can remove a link victim from directory dir, check
1280 * whether the type of victim is right.
1281 * 1. We can't do it if dir is read-only (done in permission())
1282 * 2. We should have write and exec permissions on dir
1283 * 3. We can't remove anything from append-only dir
1284 * 4. We can't do anything with immutable dir (done in permission())
1285 * 5. If the sticky bit on dir is set we should either
1286 * a. be owner of dir, or
1287 * b. be owner of victim, or
1288 * c. have CAP_FOWNER capability
1289 * 6. If the victim is append-only or immutable we can't do antyhing with
1290 * links pointing to it.
1291 * 7. If we were asked to remove a directory and victim isn't one - ENOTDIR.
1292 * 8. If we were asked to remove a non-directory and victim isn't one - EISDIR.
1293 * 9. We can't remove a root or mountpoint.
1294 * 10. We don't allow removal of NFS sillyrenamed files; it's handled by
1295 * nfs_async_unlink().
1297 static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1301 if (!victim->d_inode)
1304 BUG_ON(victim->d_parent->d_inode != dir);
1306 error = permission(dir,MAY_WRITE | MAY_EXEC, NULL);
1311 if (check_sticky(dir, victim->d_inode)||IS_APPEND(victim->d_inode)||
1312 IS_IMMUTABLE(victim->d_inode))
1315 if (!S_ISDIR(victim->d_inode->i_mode))
1317 if (IS_ROOT(victim))
1319 } else if (S_ISDIR(victim->d_inode->i_mode))
1321 if (IS_DEADDIR(dir))
1323 if (victim->d_flags & DCACHE_NFSFS_RENAMED)
1328 /* Check whether we can create an object with dentry child in directory
1330 * 1. We can't do it if child already exists (open has special treatment for
1331 * this case, but since we are inlined it's OK)
1332 * 2. We can't do it if dir is read-only (done in permission())
1333 * 3. We should have write and exec permissions on dir
1334 * 4. We can't do it if dir is immutable (done in permission())
1336 static inline int may_create(struct inode *dir, struct dentry *child,
1337 struct nameidata *nd)
1341 if (IS_DEADDIR(dir))
1343 return permission(dir,MAY_WRITE | MAY_EXEC, nd);
1347 * O_DIRECTORY translates into forcing a directory lookup.
1349 static inline int lookup_flags(unsigned int f)
1351 unsigned long retval = LOOKUP_FOLLOW;
1354 retval &= ~LOOKUP_FOLLOW;
1356 if (f & O_DIRECTORY)
1357 retval |= LOOKUP_DIRECTORY;
1363 * p1 and p2 should be directories on the same fs.
1365 struct dentry *lock_rename(struct dentry *p1, struct dentry *p2)
1370 mutex_lock(&p1->d_inode->i_mutex);
1374 down(&p1->d_inode->i_sb->s_vfs_rename_sem);
1376 for (p = p1; p->d_parent != p; p = p->d_parent) {
1377 if (p->d_parent == p2) {
1378 mutex_lock(&p2->d_inode->i_mutex);
1379 mutex_lock(&p1->d_inode->i_mutex);
1384 for (p = p2; p->d_parent != p; p = p->d_parent) {
1385 if (p->d_parent == p1) {
1386 mutex_lock(&p1->d_inode->i_mutex);
1387 mutex_lock(&p2->d_inode->i_mutex);
1392 mutex_lock(&p1->d_inode->i_mutex);
1393 mutex_lock(&p2->d_inode->i_mutex);
1397 void unlock_rename(struct dentry *p1, struct dentry *p2)
1399 mutex_unlock(&p1->d_inode->i_mutex);
1401 mutex_unlock(&p2->d_inode->i_mutex);
1402 up(&p1->d_inode->i_sb->s_vfs_rename_sem);
1406 int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1407 struct nameidata *nd)
1409 int error = may_create(dir, dentry, nd);
1414 if (!dir->i_op || !dir->i_op->create)
1415 return -EACCES; /* shouldn't it be ENOSYS? */
1418 error = security_inode_create(dir, dentry, mode);
1422 error = dir->i_op->create(dir, dentry, mode, nd);
1424 fsnotify_create(dir, dentry->d_name.name);
1428 int may_open(struct nameidata *nd, int acc_mode, int flag)
1430 struct dentry *dentry = nd->dentry;
1431 struct inode *inode = dentry->d_inode;
1437 if (S_ISLNK(inode->i_mode))
1440 if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE))
1443 error = vfs_permission(nd, acc_mode);
1448 * FIFO's, sockets and device files are special: they don't
1449 * actually live on the filesystem itself, and as such you
1450 * can write to them even if the filesystem is read-only.
1452 if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
1454 } else if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {
1455 if (nd->mnt->mnt_flags & MNT_NODEV)
1459 } else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
1462 * An append-only file must be opened in append mode for writing.
1464 if (IS_APPEND(inode)) {
1465 if ((flag & FMODE_WRITE) && !(flag & O_APPEND))
1471 /* O_NOATIME can only be set by the owner or superuser */
1472 if (flag & O_NOATIME)
1473 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
1477 * Ensure there are no outstanding leases on the file.
1479 error = break_lease(inode, flag);
1483 if (flag & O_TRUNC) {
1484 error = get_write_access(inode);
1489 * Refuse to truncate files with mandatory locks held on them.
1491 error = locks_verify_locked(inode);
1495 error = do_truncate(dentry, 0, ATTR_MTIME|ATTR_CTIME, NULL);
1497 put_write_access(inode);
1501 if (flag & FMODE_WRITE)
1510 * namei for open - this is in fact almost the whole open-routine.
1512 * Note that the low bits of "flag" aren't the same as in the open
1513 * system call - they are 00 - no permissions needed
1514 * 01 - read permission needed
1515 * 10 - write permission needed
1516 * 11 - read/write permissions needed
1517 * which is a lot more logical, and also allows the "no perm" needed
1518 * for symlinks (where the permissions are checked later).
1521 int open_namei(const char * pathname, int flag, int mode, struct nameidata *nd)
1523 int acc_mode, error;
1528 acc_mode = ACC_MODE(flag);
1530 /* O_TRUNC implies we need access checks for write permissions */
1532 acc_mode |= MAY_WRITE;
1534 /* Allow the LSM permission hook to distinguish append
1535 access from general write access. */
1536 if (flag & O_APPEND)
1537 acc_mode |= MAY_APPEND;
1540 * The simplest case - just a plain lookup.
1542 if (!(flag & O_CREAT)) {
1543 error = path_lookup_open(pathname, lookup_flags(flag), nd, flag);
1550 * Create - we need to know the parent.
1552 error = path_lookup_create(pathname, LOOKUP_PARENT, nd, flag, mode);
1557 * We have the parent and last component. First of all, check
1558 * that we are not asked to creat(2) an obvious directory - that
1562 if (nd->last_type != LAST_NORM || nd->last.name[nd->last.len])
1566 nd->flags &= ~LOOKUP_PARENT;
1567 mutex_lock(&dir->d_inode->i_mutex);
1568 path.dentry = lookup_hash(nd);
1572 error = PTR_ERR(path.dentry);
1573 if (IS_ERR(path.dentry)) {
1574 mutex_unlock(&dir->d_inode->i_mutex);
1578 /* Negative dentry, just create the file */
1579 if (!path.dentry->d_inode) {
1580 if (!IS_POSIXACL(dir->d_inode))
1581 mode &= ~current->fs->umask;
1582 error = vfs_create(dir->d_inode, path.dentry, mode, nd);
1583 mutex_unlock(&dir->d_inode->i_mutex);
1585 nd->dentry = path.dentry;
1588 /* Don't check for write permission, don't truncate */
1595 * It already exists.
1597 mutex_unlock(&dir->d_inode->i_mutex);
1603 if (__follow_mount(&path)) {
1605 if (flag & O_NOFOLLOW)
1609 if (!path.dentry->d_inode)
1611 if (path.dentry->d_inode->i_op && path.dentry->d_inode->i_op->follow_link)
1614 path_to_nameidata(&path, nd);
1616 if (path.dentry->d_inode && S_ISDIR(path.dentry->d_inode->i_mode))
1619 error = may_open(nd, acc_mode, flag);
1625 dput_path(&path, nd);
1627 if (!IS_ERR(nd->intent.open.file))
1628 release_open_intent(nd);
1634 if (flag & O_NOFOLLOW)
1637 * This is subtle. Instead of calling do_follow_link() we do the
1638 * thing by hands. The reason is that this way we have zero link_count
1639 * and path_walk() (called from ->follow_link) honoring LOOKUP_PARENT.
1640 * After that we have the parent and last component, i.e.
1641 * we are in the same situation as after the first path_walk().
1642 * Well, almost - if the last component is normal we get its copy
1643 * stored in nd->last.name and we will have to putname() it when we
1644 * are done. Procfs-like symlinks just set LAST_BIND.
1646 nd->flags |= LOOKUP_PARENT;
1647 error = security_inode_follow_link(path.dentry, nd);
1650 error = __do_follow_link(&path, nd);
1653 nd->flags &= ~LOOKUP_PARENT;
1654 if (nd->last_type == LAST_BIND)
1657 if (nd->last_type != LAST_NORM)
1659 if (nd->last.name[nd->last.len]) {
1660 __putname(nd->last.name);
1665 __putname(nd->last.name);
1669 mutex_lock(&dir->d_inode->i_mutex);
1670 path.dentry = lookup_hash(nd);
1672 __putname(nd->last.name);
1677 * lookup_create - lookup a dentry, creating it if it doesn't exist
1678 * @nd: nameidata info
1679 * @is_dir: directory flag
1681 * Simple function to lookup and return a dentry and create it
1682 * if it doesn't exist. Is SMP-safe.
1684 * Returns with nd->dentry->d_inode->i_mutex locked.
1686 struct dentry *lookup_create(struct nameidata *nd, int is_dir)
1688 struct dentry *dentry = ERR_PTR(-EEXIST);
1690 mutex_lock(&nd->dentry->d_inode->i_mutex);
1692 * Yucky last component or no last component at all?
1693 * (foo/., foo/.., /////)
1695 if (nd->last_type != LAST_NORM)
1697 nd->flags &= ~LOOKUP_PARENT;
1700 * Do the final lookup.
1702 dentry = lookup_hash(nd);
1707 * Special case - lookup gave negative, but... we had foo/bar/
1708 * From the vfs_mknod() POV we just have a negative dentry -
1709 * all is fine. Let's be bastards - you had / on the end, you've
1710 * been asking for (non-existent) directory. -ENOENT for you.
1712 if (!is_dir && nd->last.name[nd->last.len] && !dentry->d_inode)
1717 dentry = ERR_PTR(-ENOENT);
1721 EXPORT_SYMBOL_GPL(lookup_create);
1723 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
1725 int error = may_create(dir, dentry, NULL);
1730 if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD))
1733 if (!dir->i_op || !dir->i_op->mknod)
1736 error = security_inode_mknod(dir, dentry, mode, dev);
1741 error = dir->i_op->mknod(dir, dentry, mode, dev);
1743 fsnotify_create(dir, dentry->d_name.name);
1747 asmlinkage long sys_mknod(const char __user * filename, int mode, unsigned dev)
1751 struct dentry * dentry;
1752 struct nameidata nd;
1756 tmp = getname(filename);
1758 return PTR_ERR(tmp);
1760 error = path_lookup(tmp, LOOKUP_PARENT, &nd);
1763 dentry = lookup_create(&nd, 0);
1764 error = PTR_ERR(dentry);
1766 if (!IS_POSIXACL(nd.dentry->d_inode))
1767 mode &= ~current->fs->umask;
1768 if (!IS_ERR(dentry)) {
1769 switch (mode & S_IFMT) {
1770 case 0: case S_IFREG:
1771 error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd);
1773 case S_IFCHR: case S_IFBLK:
1774 error = vfs_mknod(nd.dentry->d_inode,dentry,mode,
1775 new_decode_dev(dev));
1777 case S_IFIFO: case S_IFSOCK:
1778 error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0);
1788 mutex_unlock(&nd.dentry->d_inode->i_mutex);
1796 int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
1798 int error = may_create(dir, dentry, NULL);
1803 if (!dir->i_op || !dir->i_op->mkdir)
1806 mode &= (S_IRWXUGO|S_ISVTX);
1807 error = security_inode_mkdir(dir, dentry, mode);
1812 error = dir->i_op->mkdir(dir, dentry, mode);
1814 fsnotify_mkdir(dir, dentry->d_name.name);
1818 asmlinkage long sys_mkdir(const char __user * pathname, int mode)
1823 tmp = getname(pathname);
1824 error = PTR_ERR(tmp);
1826 struct dentry *dentry;
1827 struct nameidata nd;
1829 error = path_lookup(tmp, LOOKUP_PARENT, &nd);
1832 dentry = lookup_create(&nd, 1);
1833 error = PTR_ERR(dentry);
1834 if (!IS_ERR(dentry)) {
1835 if (!IS_POSIXACL(nd.dentry->d_inode))
1836 mode &= ~current->fs->umask;
1837 error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
1840 mutex_unlock(&nd.dentry->d_inode->i_mutex);
1850 * We try to drop the dentry early: we should have
1851 * a usage count of 2 if we're the only user of this
1852 * dentry, and if that is true (possibly after pruning
1853 * the dcache), then we drop the dentry now.
1855 * A low-level filesystem can, if it choses, legally
1858 * if (!d_unhashed(dentry))
1861 * if it cannot handle the case of removing a directory
1862 * that is still in use by something else..
1864 void dentry_unhash(struct dentry *dentry)
1867 if (atomic_read(&dentry->d_count))
1868 shrink_dcache_parent(dentry);
1869 spin_lock(&dcache_lock);
1870 spin_lock(&dentry->d_lock);
1871 if (atomic_read(&dentry->d_count) == 2)
1873 spin_unlock(&dentry->d_lock);
1874 spin_unlock(&dcache_lock);
1877 int vfs_rmdir(struct inode *dir, struct dentry *dentry)
1879 int error = may_delete(dir, dentry, 1);
1884 if (!dir->i_op || !dir->i_op->rmdir)
1889 mutex_lock(&dentry->d_inode->i_mutex);
1890 dentry_unhash(dentry);
1891 if (d_mountpoint(dentry))
1894 error = security_inode_rmdir(dir, dentry);
1896 error = dir->i_op->rmdir(dir, dentry);
1898 dentry->d_inode->i_flags |= S_DEAD;
1901 mutex_unlock(&dentry->d_inode->i_mutex);
1910 asmlinkage long sys_rmdir(const char __user * pathname)
1914 struct dentry *dentry;
1915 struct nameidata nd;
1917 name = getname(pathname);
1919 return PTR_ERR(name);
1921 error = path_lookup(name, LOOKUP_PARENT, &nd);
1925 switch(nd.last_type) {
1936 mutex_lock(&nd.dentry->d_inode->i_mutex);
1937 dentry = lookup_hash(&nd);
1938 error = PTR_ERR(dentry);
1939 if (!IS_ERR(dentry)) {
1940 error = vfs_rmdir(nd.dentry->d_inode, dentry);
1943 mutex_unlock(&nd.dentry->d_inode->i_mutex);
1951 int vfs_unlink(struct inode *dir, struct dentry *dentry)
1953 int error = may_delete(dir, dentry, 0);
1958 if (!dir->i_op || !dir->i_op->unlink)
1963 mutex_lock(&dentry->d_inode->i_mutex);
1964 if (d_mountpoint(dentry))
1967 error = security_inode_unlink(dir, dentry);
1969 error = dir->i_op->unlink(dir, dentry);
1971 mutex_unlock(&dentry->d_inode->i_mutex);
1973 /* We don't d_delete() NFS sillyrenamed files--they still exist. */
1974 if (!error && !(dentry->d_flags & DCACHE_NFSFS_RENAMED)) {
1982 * Make sure that the actual truncation of the file will occur outside its
1983 * directory's i_mutex. Truncate can take a long time if there is a lot of
1984 * writeout happening, and we don't want to prevent access to the directory
1985 * while waiting on the I/O.
1987 asmlinkage long sys_unlink(const char __user * pathname)
1991 struct dentry *dentry;
1992 struct nameidata nd;
1993 struct inode *inode = NULL;
1995 name = getname(pathname);
1997 return PTR_ERR(name);
1999 error = path_lookup(name, LOOKUP_PARENT, &nd);
2003 if (nd.last_type != LAST_NORM)
2005 mutex_lock(&nd.dentry->d_inode->i_mutex);
2006 dentry = lookup_hash(&nd);
2007 error = PTR_ERR(dentry);
2008 if (!IS_ERR(dentry)) {
2009 /* Why not before? Because we want correct error value */
2010 if (nd.last.name[nd.last.len])
2012 inode = dentry->d_inode;
2014 atomic_inc(&inode->i_count);
2015 error = vfs_unlink(nd.dentry->d_inode, dentry);
2019 mutex_unlock(&nd.dentry->d_inode->i_mutex);
2021 iput(inode); /* truncate the inode here */
2029 error = !dentry->d_inode ? -ENOENT :
2030 S_ISDIR(dentry->d_inode->i_mode) ? -EISDIR : -ENOTDIR;
2034 int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname, int mode)
2036 int error = may_create(dir, dentry, NULL);
2041 if (!dir->i_op || !dir->i_op->symlink)
2044 error = security_inode_symlink(dir, dentry, oldname);
2049 error = dir->i_op->symlink(dir, dentry, oldname);
2051 fsnotify_create(dir, dentry->d_name.name);
2055 asmlinkage long sys_symlink(const char __user * oldname, const char __user * newname)
2061 from = getname(oldname);
2063 return PTR_ERR(from);
2064 to = getname(newname);
2065 error = PTR_ERR(to);
2067 struct dentry *dentry;
2068 struct nameidata nd;
2070 error = path_lookup(to, LOOKUP_PARENT, &nd);
2073 dentry = lookup_create(&nd, 0);
2074 error = PTR_ERR(dentry);
2075 if (!IS_ERR(dentry)) {
2076 error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
2079 mutex_unlock(&nd.dentry->d_inode->i_mutex);
2088 int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2090 struct inode *inode = old_dentry->d_inode;
2096 error = may_create(dir, new_dentry, NULL);
2100 if (dir->i_sb != inode->i_sb)
2104 * A link to an append-only or immutable file cannot be created.
2106 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
2108 if (!dir->i_op || !dir->i_op->link)
2110 if (S_ISDIR(old_dentry->d_inode->i_mode))
2113 error = security_inode_link(old_dentry, dir, new_dentry);
2117 mutex_lock(&old_dentry->d_inode->i_mutex);
2119 error = dir->i_op->link(old_dentry, dir, new_dentry);
2120 mutex_unlock(&old_dentry->d_inode->i_mutex);
2122 fsnotify_create(dir, new_dentry->d_name.name);
2127 * Hardlinks are often used in delicate situations. We avoid
2128 * security-related surprises by not following symlinks on the
2131 * We don't follow them on the oldname either to be compatible
2132 * with linux 2.0, and to avoid hard-linking to directories
2133 * and other special files. --ADM
2135 asmlinkage long sys_link(const char __user * oldname, const char __user * newname)
2137 struct dentry *new_dentry;
2138 struct nameidata nd, old_nd;
2142 to = getname(newname);
2146 error = __user_walk(oldname, 0, &old_nd);
2149 error = path_lookup(to, LOOKUP_PARENT, &nd);
2153 if (old_nd.mnt != nd.mnt)
2155 new_dentry = lookup_create(&nd, 0);
2156 error = PTR_ERR(new_dentry);
2157 if (!IS_ERR(new_dentry)) {
2158 error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
2161 mutex_unlock(&nd.dentry->d_inode->i_mutex);
2165 path_release(&old_nd);
2173 * The worst of all namespace operations - renaming directory. "Perverted"
2174 * doesn't even start to describe it. Somebody in UCB had a heck of a trip...
2176 * a) we can get into loop creation. Check is done in is_subdir().
2177 * b) race potential - two innocent renames can create a loop together.
2178 * That's where 4.4 screws up. Current fix: serialization on
2179 * sb->s_vfs_rename_sem. We might be more accurate, but that's another
2181 * c) we have to lock _three_ objects - parents and victim (if it exists).
2182 * And that - after we got ->i_mutex on parents (until then we don't know
2183 * whether the target exists). Solution: try to be smart with locking
2184 * order for inodes. We rely on the fact that tree topology may change
2185 * only under ->s_vfs_rename_sem _and_ that parent of the object we
2186 * move will be locked. Thus we can rank directories by the tree
2187 * (ancestors first) and rank all non-directories after them.
2188 * That works since everybody except rename does "lock parent, lookup,
2189 * lock child" and rename is under ->s_vfs_rename_sem.
2190 * HOWEVER, it relies on the assumption that any object with ->lookup()
2191 * has no more than 1 dentry. If "hybrid" objects will ever appear,
2192 * we'd better make sure that there's no link(2) for them.
2193 * d) some filesystems don't support opened-but-unlinked directories,
2194 * either because of layout or because they are not ready to deal with
2195 * all cases correctly. The latter will be fixed (taking this sort of
2196 * stuff into VFS), but the former is not going away. Solution: the same
2197 * trick as in rmdir().
2198 * e) conversion from fhandle to dentry may come in the wrong moment - when
2199 * we are removing the target. Solution: we will have to grab ->i_mutex
2200 * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on
2201 * ->i_mutex on parents, which works but leads to some truely excessive
2204 static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
2205 struct inode *new_dir, struct dentry *new_dentry)
2208 struct inode *target;
2211 * If we are going to change the parent - check write permissions,
2212 * we'll need to flip '..'.
2214 if (new_dir != old_dir) {
2215 error = permission(old_dentry->d_inode, MAY_WRITE, NULL);
2220 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2224 target = new_dentry->d_inode;
2226 mutex_lock(&target->i_mutex);
2227 dentry_unhash(new_dentry);
2229 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
2232 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2235 target->i_flags |= S_DEAD;
2236 mutex_unlock(&target->i_mutex);
2237 if (d_unhashed(new_dentry))
2238 d_rehash(new_dentry);
2242 d_move(old_dentry,new_dentry);
2246 static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
2247 struct inode *new_dir, struct dentry *new_dentry)
2249 struct inode *target;
2252 error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
2257 target = new_dentry->d_inode;
2259 mutex_lock(&target->i_mutex);
2260 if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
2263 error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
2265 /* The following d_move() should become unconditional */
2266 if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME))
2267 d_move(old_dentry, new_dentry);
2270 mutex_unlock(&target->i_mutex);
2275 int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,
2276 struct inode *new_dir, struct dentry *new_dentry)
2279 int is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
2280 const char *old_name;
2282 if (old_dentry->d_inode == new_dentry->d_inode)
2285 error = may_delete(old_dir, old_dentry, is_dir);
2289 if (!new_dentry->d_inode)
2290 error = may_create(new_dir, new_dentry, NULL);
2292 error = may_delete(new_dir, new_dentry, is_dir);
2296 if (!old_dir->i_op || !old_dir->i_op->rename)
2299 DQUOT_INIT(old_dir);
2300 DQUOT_INIT(new_dir);
2302 old_name = fsnotify_oldname_init(old_dentry->d_name.name);
2305 error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry);
2307 error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry);
2309 const char *new_name = old_dentry->d_name.name;
2310 fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir,
2311 new_dentry->d_inode, old_dentry->d_inode);
2313 fsnotify_oldname_free(old_name);
2318 static int do_rename(const char * oldname, const char * newname)
2321 struct dentry * old_dir, * new_dir;
2322 struct dentry * old_dentry, *new_dentry;
2323 struct dentry * trap;
2324 struct nameidata oldnd, newnd;
2326 error = path_lookup(oldname, LOOKUP_PARENT, &oldnd);
2330 error = path_lookup(newname, LOOKUP_PARENT, &newnd);
2335 if (oldnd.mnt != newnd.mnt)
2338 old_dir = oldnd.dentry;
2340 if (oldnd.last_type != LAST_NORM)
2343 new_dir = newnd.dentry;
2344 if (newnd.last_type != LAST_NORM)
2347 trap = lock_rename(new_dir, old_dir);
2349 old_dentry = lookup_hash(&oldnd);
2350 error = PTR_ERR(old_dentry);
2351 if (IS_ERR(old_dentry))
2353 /* source must exist */
2355 if (!old_dentry->d_inode)
2357 /* unless the source is a directory trailing slashes give -ENOTDIR */
2358 if (!S_ISDIR(old_dentry->d_inode->i_mode)) {
2360 if (oldnd.last.name[oldnd.last.len])
2362 if (newnd.last.name[newnd.last.len])
2365 /* source should not be ancestor of target */
2367 if (old_dentry == trap)
2369 new_dentry = lookup_hash(&newnd);
2370 error = PTR_ERR(new_dentry);
2371 if (IS_ERR(new_dentry))
2373 /* target should not be an ancestor of source */
2375 if (new_dentry == trap)
2378 error = vfs_rename(old_dir->d_inode, old_dentry,
2379 new_dir->d_inode, new_dentry);
2385 unlock_rename(new_dir, old_dir);
2387 path_release(&newnd);
2389 path_release(&oldnd);
2394 asmlinkage long sys_rename(const char __user * oldname, const char __user * newname)
2400 from = getname(oldname);
2402 return PTR_ERR(from);
2403 to = getname(newname);
2404 error = PTR_ERR(to);
2406 error = do_rename(from,to);
2413 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
2417 len = PTR_ERR(link);
2422 if (len > (unsigned) buflen)
2424 if (copy_to_user(buffer, link, len))
2431 * A helper for ->readlink(). This should be used *ONLY* for symlinks that
2432 * have ->follow_link() touching nd only in nd_set_link(). Using (or not
2433 * using) it for any given inode is up to filesystem.
2435 int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
2437 struct nameidata nd;
2441 cookie = dentry->d_inode->i_op->follow_link(dentry, &nd);
2442 if (!IS_ERR(cookie)) {
2443 int res = vfs_readlink(dentry, buffer, buflen, nd_get_link(&nd));
2444 if (dentry->d_inode->i_op->put_link)
2445 dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
2446 cookie = ERR_PTR(res);
2448 return PTR_ERR(cookie);
2451 int vfs_follow_link(struct nameidata *nd, const char *link)
2453 return __vfs_follow_link(nd, link);
2456 /* get the link contents into pagecache */
2457 static char *page_getlink(struct dentry * dentry, struct page **ppage)
2460 struct address_space *mapping = dentry->d_inode->i_mapping;
2461 page = read_cache_page(mapping, 0, (filler_t *)mapping->a_ops->readpage,
2465 wait_on_page_locked(page);
2466 if (!PageUptodate(page))
2472 page_cache_release(page);
2473 return ERR_PTR(-EIO);
2479 int page_readlink(struct dentry *dentry, char __user *buffer, int buflen)
2481 struct page *page = NULL;
2482 char *s = page_getlink(dentry, &page);
2483 int res = vfs_readlink(dentry,buffer,buflen,s);
2486 page_cache_release(page);
2491 void *page_follow_link_light(struct dentry *dentry, struct nameidata *nd)
2493 struct page *page = NULL;
2494 nd_set_link(nd, page_getlink(dentry, &page));
2498 void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
2500 struct page *page = cookie;
2504 page_cache_release(page);
2508 int page_symlink(struct inode *inode, const char *symname, int len)
2510 struct address_space *mapping = inode->i_mapping;
2511 struct page *page = grab_cache_page(mapping, 0);
2517 err = mapping->a_ops->prepare_write(NULL, page, 0, len-1);
2520 kaddr = kmap_atomic(page, KM_USER0);
2521 memcpy(kaddr, symname, len-1);
2522 kunmap_atomic(kaddr, KM_USER0);
2523 mapping->a_ops->commit_write(NULL, page, 0, len-1);
2525 * Notice that we are _not_ going to block here - end of page is
2526 * unmapped, so this will only try to map the rest of page, see
2527 * that it is unmapped (typically even will not look into inode -
2528 * ->i_size will be enough for everything) and zero it out.
2529 * OTOH it's obviously correct and should make the page up-to-date.
2531 if (!PageUptodate(page)) {
2532 err = mapping->a_ops->readpage(NULL, page);
2533 wait_on_page_locked(page);
2537 page_cache_release(page);
2540 mark_inode_dirty(inode);
2544 page_cache_release(page);
2549 struct inode_operations page_symlink_inode_operations = {
2550 .readlink = generic_readlink,
2551 .follow_link = page_follow_link_light,
2552 .put_link = page_put_link,
2555 EXPORT_SYMBOL(__user_walk);
2556 EXPORT_SYMBOL(follow_down);
2557 EXPORT_SYMBOL(follow_up);
2558 EXPORT_SYMBOL(get_write_access); /* binfmt_aout */
2559 EXPORT_SYMBOL(getname);
2560 EXPORT_SYMBOL(lock_rename);
2561 EXPORT_SYMBOL(lookup_hash);
2562 EXPORT_SYMBOL(lookup_one_len);
2563 EXPORT_SYMBOL(page_follow_link_light);
2564 EXPORT_SYMBOL(page_put_link);
2565 EXPORT_SYMBOL(page_readlink);
2566 EXPORT_SYMBOL(page_symlink);
2567 EXPORT_SYMBOL(page_symlink_inode_operations);
2568 EXPORT_SYMBOL(path_lookup);
2569 EXPORT_SYMBOL(path_release);
2570 EXPORT_SYMBOL(path_walk);
2571 EXPORT_SYMBOL(permission);
2572 EXPORT_SYMBOL(vfs_permission);
2573 EXPORT_SYMBOL(file_permission);
2574 EXPORT_SYMBOL(unlock_rename);
2575 EXPORT_SYMBOL(vfs_create);
2576 EXPORT_SYMBOL(vfs_follow_link);
2577 EXPORT_SYMBOL(vfs_link);
2578 EXPORT_SYMBOL(vfs_mkdir);
2579 EXPORT_SYMBOL(vfs_mknod);
2580 EXPORT_SYMBOL(generic_permission);
2581 EXPORT_SYMBOL(vfs_readlink);
2582 EXPORT_SYMBOL(vfs_rename);
2583 EXPORT_SYMBOL(vfs_rmdir);
2584 EXPORT_SYMBOL(vfs_symlink);
2585 EXPORT_SYMBOL(vfs_unlink);
2586 EXPORT_SYMBOL(dentry_unhash);
2587 EXPORT_SYMBOL(generic_readlink);