aboutsummaryrefslogtreecommitdiffstats
path: root/fs/namei.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/namei.c')
-rw-r--r--fs/namei.c503
1 files changed, 244 insertions, 259 deletions
diff --git a/fs/namei.c b/fs/namei.c
index d11f404667e9..d62fdc875f22 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -35,7 +35,7 @@
35#include <linux/fs_struct.h> 35#include <linux/fs_struct.h>
36#include <asm/uaccess.h> 36#include <asm/uaccess.h>
37 37
38#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) 38#include "internal.h"
39 39
40/* [Feb-1997 T. Schoebel-Theuer] 40/* [Feb-1997 T. Schoebel-Theuer]
41 * Fundamental changes in the pathname lookup mechanisms (namei) 41 * Fundamental changes in the pathname lookup mechanisms (namei)
@@ -108,8 +108,6 @@
108 * any extra contention... 108 * any extra contention...
109 */ 109 */
110 110
111static int __link_path_walk(const char *name, struct nameidata *nd);
112
113/* In order to reduce some races, while at the same time doing additional 111/* In order to reduce some races, while at the same time doing additional
114 * checking and hopefully speeding things up, we copy filenames to the 112 * checking and hopefully speeding things up, we copy filenames to the
115 * kernel data space before using them.. 113 * kernel data space before using them..
@@ -234,6 +232,7 @@ int generic_permission(struct inode *inode, int mask,
234 /* 232 /*
235 * Searching includes executable on directories, else just read. 233 * Searching includes executable on directories, else just read.
236 */ 234 */
235 mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
237 if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) 236 if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
238 if (capable(CAP_DAC_READ_SEARCH)) 237 if (capable(CAP_DAC_READ_SEARCH))
239 return 0; 238 return 0;
@@ -414,36 +413,55 @@ do_revalidate(struct dentry *dentry, struct nameidata *nd)
414} 413}
415 414
416/* 415/*
417 * Internal lookup() using the new generic dcache. 416 * force_reval_path - force revalidation of a dentry
418 * SMP-safe 417 *
418 * In some situations the path walking code will trust dentries without
419 * revalidating them. This causes problems for filesystems that depend on
420 * d_revalidate to handle file opens (e.g. NFSv4). When FS_REVAL_DOT is set
421 * (which indicates that it's possible for the dentry to go stale), force
422 * a d_revalidate call before proceeding.
423 *
424 * Returns 0 if the revalidation was successful. If the revalidation fails,
425 * either return the error returned by d_revalidate or -ESTALE if the
426 * revalidation it just returned 0. If d_revalidate returns 0, we attempt to
427 * invalidate the dentry. It's up to the caller to handle putting references
428 * to the path if necessary.
419 */ 429 */
420static struct dentry * cached_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd) 430static int
431force_reval_path(struct path *path, struct nameidata *nd)
421{ 432{
422 struct dentry * dentry = __d_lookup(parent, name); 433 int status;
434 struct dentry *dentry = path->dentry;
423 435
424 /* lockess __d_lookup may fail due to concurrent d_move() 436 /*
425 * in some unrelated directory, so try with d_lookup 437 * only check on filesystems where it's possible for the dentry to
438 * become stale. It's assumed that if this flag is set then the
439 * d_revalidate op will also be defined.
426 */ 440 */
427 if (!dentry) 441 if (!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT))
428 dentry = d_lookup(parent, name); 442 return 0;
429 443
430 if (dentry && dentry->d_op && dentry->d_op->d_revalidate) 444 status = dentry->d_op->d_revalidate(dentry, nd);
431 dentry = do_revalidate(dentry, nd); 445 if (status > 0)
446 return 0;
432 447
433 return dentry; 448 if (!status) {
449 d_invalidate(dentry);
450 status = -ESTALE;
451 }
452 return status;
434} 453}
435 454
436/* 455/*
437 * Short-cut version of permission(), for calling by 456 * Short-cut version of permission(), for calling on directories
438 * path_walk(), when dcache lock is held. Combines parts 457 * during pathname resolution. Combines parts of permission()
439 * of permission() and generic_permission(), and tests ONLY for 458 * and generic_permission(), and tests ONLY for MAY_EXEC permission.
440 * MAY_EXEC permission.
441 * 459 *
442 * If appropriate, check DAC only. If not appropriate, or 460 * If appropriate, check DAC only. If not appropriate, or
443 * short-cut DAC fails, then call permission() to do more 461 * short-cut DAC fails, then call ->permission() to do more
444 * complete permission check. 462 * complete permission check.
445 */ 463 */
446static int exec_permission_lite(struct inode *inode) 464static int exec_permission(struct inode *inode)
447{ 465{
448 int ret; 466 int ret;
449 467
@@ -465,99 +483,6 @@ ok:
465 return security_inode_permission(inode, MAY_EXEC); 483 return security_inode_permission(inode, MAY_EXEC);
466} 484}
467 485
468/*
469 * This is called when everything else fails, and we actually have
470 * to go to the low-level filesystem to find out what we should do..
471 *
472 * We get the directory semaphore, and after getting that we also
473 * make sure that nobody added the entry to the dcache in the meantime..
474 * SMP-safe
475 */
476static struct dentry * real_lookup(struct dentry * parent, struct qstr * name, struct nameidata *nd)
477{
478 struct dentry * result;
479 struct inode *dir = parent->d_inode;
480
481 mutex_lock(&dir->i_mutex);
482 /*
483 * First re-do the cached lookup just in case it was created
484 * while we waited for the directory semaphore..
485 *
486 * FIXME! This could use version numbering or similar to
487 * avoid unnecessary cache lookups.
488 *
489 * The "dcache_lock" is purely to protect the RCU list walker
490 * from concurrent renames at this point (we mustn't get false
491 * negatives from the RCU list walk here, unlike the optimistic
492 * fast walk).
493 *
494 * so doing d_lookup() (with seqlock), instead of lockfree __d_lookup
495 */
496 result = d_lookup(parent, name);
497 if (!result) {
498 struct dentry *dentry;
499
500 /* Don't create child dentry for a dead directory. */
501 result = ERR_PTR(-ENOENT);
502 if (IS_DEADDIR(dir))
503 goto out_unlock;
504
505 dentry = d_alloc(parent, name);
506 result = ERR_PTR(-ENOMEM);
507 if (dentry) {
508 result = dir->i_op->lookup(dir, dentry, nd);
509 if (result)
510 dput(dentry);
511 else
512 result = dentry;
513 }
514out_unlock:
515 mutex_unlock(&dir->i_mutex);
516 return result;
517 }
518
519 /*
520 * Uhhuh! Nasty case: the cache was re-populated while
521 * we waited on the semaphore. Need to revalidate.
522 */
523 mutex_unlock(&dir->i_mutex);
524 if (result->d_op && result->d_op->d_revalidate) {
525 result = do_revalidate(result, nd);
526 if (!result)
527 result = ERR_PTR(-ENOENT);
528 }
529 return result;
530}
531
532/*
533 * Wrapper to retry pathname resolution whenever the underlying
534 * file system returns an ESTALE.
535 *
536 * Retry the whole path once, forcing real lookup requests
537 * instead of relying on the dcache.
538 */
539static __always_inline int link_path_walk(const char *name, struct nameidata *nd)
540{
541 struct path save = nd->path;
542 int result;
543
544 /* make sure the stuff we saved doesn't go away */
545 path_get(&save);
546
547 result = __link_path_walk(name, nd);
548 if (result == -ESTALE) {
549 /* nd->path had been dropped */
550 nd->path = save;
551 path_get(&nd->path);
552 nd->flags |= LOOKUP_REVAL;
553 result = __link_path_walk(name, nd);
554 }
555
556 path_put(&save);
557
558 return result;
559}
560
561static __always_inline void set_root(struct nameidata *nd) 486static __always_inline void set_root(struct nameidata *nd)
562{ 487{
563 if (!nd->root.mnt) { 488 if (!nd->root.mnt) {
@@ -569,6 +494,8 @@ static __always_inline void set_root(struct nameidata *nd)
569 } 494 }
570} 495}
571 496
497static int link_path_walk(const char *, struct nameidata *);
498
572static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link) 499static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link)
573{ 500{
574 int res = 0; 501 int res = 0;
@@ -634,6 +561,7 @@ static __always_inline int __do_follow_link(struct path *path, struct nameidata
634 dget(dentry); 561 dget(dentry);
635 } 562 }
636 mntget(path->mnt); 563 mntget(path->mnt);
564 nd->last_type = LAST_BIND;
637 cookie = dentry->d_inode->i_op->follow_link(dentry, nd); 565 cookie = dentry->d_inode->i_op->follow_link(dentry, nd);
638 error = PTR_ERR(cookie); 566 error = PTR_ERR(cookie);
639 if (!IS_ERR(cookie)) { 567 if (!IS_ERR(cookie)) {
@@ -641,11 +569,14 @@ static __always_inline int __do_follow_link(struct path *path, struct nameidata
641 error = 0; 569 error = 0;
642 if (s) 570 if (s)
643 error = __vfs_follow_link(nd, s); 571 error = __vfs_follow_link(nd, s);
572 else if (nd->last_type == LAST_BIND) {
573 error = force_reval_path(&nd->path, nd);
574 if (error)
575 path_put(&nd->path);
576 }
644 if (dentry->d_inode->i_op->put_link) 577 if (dentry->d_inode->i_op->put_link)
645 dentry->d_inode->i_op->put_link(dentry, nd, cookie); 578 dentry->d_inode->i_op->put_link(dentry, nd, cookie);
646 } 579 }
647 path_put(path);
648
649 return error; 580 return error;
650} 581}
651 582
@@ -672,6 +603,7 @@ static inline int do_follow_link(struct path *path, struct nameidata *nd)
672 current->total_link_count++; 603 current->total_link_count++;
673 nd->depth++; 604 nd->depth++;
674 err = __do_follow_link(path, nd); 605 err = __do_follow_link(path, nd);
606 path_put(path);
675 current->link_count--; 607 current->link_count--;
676 nd->depth--; 608 nd->depth--;
677 return err; 609 return err;
@@ -797,8 +729,19 @@ static int do_lookup(struct nameidata *nd, struct qstr *name,
797 struct path *path) 729 struct path *path)
798{ 730{
799 struct vfsmount *mnt = nd->path.mnt; 731 struct vfsmount *mnt = nd->path.mnt;
800 struct dentry *dentry = __d_lookup(nd->path.dentry, name); 732 struct dentry *dentry, *parent;
733 struct inode *dir;
734 /*
735 * See if the low-level filesystem might want
736 * to use its own hash..
737 */
738 if (nd->path.dentry->d_op && nd->path.dentry->d_op->d_hash) {
739 int err = nd->path.dentry->d_op->d_hash(nd->path.dentry, name);
740 if (err < 0)
741 return err;
742 }
801 743
744 dentry = __d_lookup(nd->path.dentry, name);
802 if (!dentry) 745 if (!dentry)
803 goto need_lookup; 746 goto need_lookup;
804 if (dentry->d_op && dentry->d_op->d_revalidate) 747 if (dentry->d_op && dentry->d_op->d_revalidate)
@@ -810,7 +753,59 @@ done:
810 return 0; 753 return 0;
811 754
812need_lookup: 755need_lookup:
813 dentry = real_lookup(nd->path.dentry, name, nd); 756 parent = nd->path.dentry;
757 dir = parent->d_inode;
758
759 mutex_lock(&dir->i_mutex);
760 /*
761 * First re-do the cached lookup just in case it was created
762 * while we waited for the directory semaphore..
763 *
764 * FIXME! This could use version numbering or similar to
765 * avoid unnecessary cache lookups.
766 *
767 * The "dcache_lock" is purely to protect the RCU list walker
768 * from concurrent renames at this point (we mustn't get false
769 * negatives from the RCU list walk here, unlike the optimistic
770 * fast walk).
771 *
772 * so doing d_lookup() (with seqlock), instead of lockfree __d_lookup
773 */
774 dentry = d_lookup(parent, name);
775 if (!dentry) {
776 struct dentry *new;
777
778 /* Don't create child dentry for a dead directory. */
779 dentry = ERR_PTR(-ENOENT);
780 if (IS_DEADDIR(dir))
781 goto out_unlock;
782
783 new = d_alloc(parent, name);
784 dentry = ERR_PTR(-ENOMEM);
785 if (new) {
786 dentry = dir->i_op->lookup(dir, new, nd);
787 if (dentry)
788 dput(new);
789 else
790 dentry = new;
791 }
792out_unlock:
793 mutex_unlock(&dir->i_mutex);
794 if (IS_ERR(dentry))
795 goto fail;
796 goto done;
797 }
798
799 /*
800 * Uhhuh! Nasty case: the cache was re-populated while
801 * we waited on the semaphore. Need to revalidate.
802 */
803 mutex_unlock(&dir->i_mutex);
804 if (dentry->d_op && dentry->d_op->d_revalidate) {
805 dentry = do_revalidate(dentry, nd);
806 if (!dentry)
807 dentry = ERR_PTR(-ENOENT);
808 }
814 if (IS_ERR(dentry)) 809 if (IS_ERR(dentry))
815 goto fail; 810 goto fail;
816 goto done; 811 goto done;
@@ -835,7 +830,7 @@ fail:
835 * Returns 0 and nd will have valid dentry and mnt on success. 830 * Returns 0 and nd will have valid dentry and mnt on success.
836 * Returns error and drops reference to input namei data on failure. 831 * Returns error and drops reference to input namei data on failure.
837 */ 832 */
838static int __link_path_walk(const char *name, struct nameidata *nd) 833static int link_path_walk(const char *name, struct nameidata *nd)
839{ 834{
840 struct path next; 835 struct path next;
841 struct inode *inode; 836 struct inode *inode;
@@ -858,7 +853,7 @@ static int __link_path_walk(const char *name, struct nameidata *nd)
858 unsigned int c; 853 unsigned int c;
859 854
860 nd->flags |= LOOKUP_CONTINUE; 855 nd->flags |= LOOKUP_CONTINUE;
861 err = exec_permission_lite(inode); 856 err = exec_permission(inode);
862 if (err) 857 if (err)
863 break; 858 break;
864 859
@@ -898,16 +893,6 @@ static int __link_path_walk(const char *name, struct nameidata *nd)
898 case 1: 893 case 1:
899 continue; 894 continue;
900 } 895 }
901 /*
902 * See if the low-level filesystem might want
903 * to use its own hash..
904 */
905 if (nd->path.dentry->d_op && nd->path.dentry->d_op->d_hash) {
906 err = nd->path.dentry->d_op->d_hash(nd->path.dentry,
907 &this);
908 if (err < 0)
909 break;
910 }
911 /* This does the actual lookups.. */ 896 /* This does the actual lookups.. */
912 err = do_lookup(nd, &this, &next); 897 err = do_lookup(nd, &this, &next);
913 if (err) 898 if (err)
@@ -953,12 +938,6 @@ last_component:
953 case 1: 938 case 1:
954 goto return_reval; 939 goto return_reval;
955 } 940 }
956 if (nd->path.dentry->d_op && nd->path.dentry->d_op->d_hash) {
957 err = nd->path.dentry->d_op->d_hash(nd->path.dentry,
958 &this);
959 if (err < 0)
960 break;
961 }
962 err = do_lookup(nd, &this, &next); 941 err = do_lookup(nd, &this, &next);
963 if (err) 942 if (err)
964 break; 943 break;
@@ -1017,8 +996,27 @@ return_err:
1017 996
1018static int path_walk(const char *name, struct nameidata *nd) 997static int path_walk(const char *name, struct nameidata *nd)
1019{ 998{
999 struct path save = nd->path;
1000 int result;
1001
1020 current->total_link_count = 0; 1002 current->total_link_count = 0;
1021 return link_path_walk(name, nd); 1003
1004 /* make sure the stuff we saved doesn't go away */
1005 path_get(&save);
1006
1007 result = link_path_walk(name, nd);
1008 if (result == -ESTALE) {
1009 /* nd->path had been dropped */
1010 current->total_link_count = 0;
1011 nd->path = save;
1012 path_get(&nd->path);
1013 nd->flags |= LOOKUP_REVAL;
1014 result = link_path_walk(name, nd);
1015 }
1016
1017 path_put(&save);
1018
1019 return result;
1022} 1020}
1023 1021
1024static int path_init(int dfd, const char *name, unsigned int flags, struct nameidata *nd) 1022static int path_init(int dfd, const char *name, unsigned int flags, struct nameidata *nd)
@@ -1141,36 +1139,6 @@ int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt,
1141 return retval; 1139 return retval;
1142} 1140}
1143 1141
1144/**
1145 * path_lookup_open - lookup a file path with open intent
1146 * @dfd: the directory to use as base, or AT_FDCWD
1147 * @name: pointer to file name
1148 * @lookup_flags: lookup intent flags
1149 * @nd: pointer to nameidata
1150 * @open_flags: open intent flags
1151 */
1152static int path_lookup_open(int dfd, const char *name,
1153 unsigned int lookup_flags, struct nameidata *nd, int open_flags)
1154{
1155 struct file *filp = get_empty_filp();
1156 int err;
1157
1158 if (filp == NULL)
1159 return -ENFILE;
1160 nd->intent.open.file = filp;
1161 nd->intent.open.flags = open_flags;
1162 nd->intent.open.create_mode = 0;
1163 err = do_path_lookup(dfd, name, lookup_flags|LOOKUP_OPEN, nd);
1164 if (IS_ERR(nd->intent.open.file)) {
1165 if (err == 0) {
1166 err = PTR_ERR(nd->intent.open.file);
1167 path_put(&nd->path);
1168 }
1169 } else if (err != 0)
1170 release_open_intent(nd);
1171 return err;
1172}
1173
1174static struct dentry *__lookup_hash(struct qstr *name, 1142static struct dentry *__lookup_hash(struct qstr *name,
1175 struct dentry *base, struct nameidata *nd) 1143 struct dentry *base, struct nameidata *nd)
1176{ 1144{
@@ -1191,7 +1159,17 @@ static struct dentry *__lookup_hash(struct qstr *name,
1191 goto out; 1159 goto out;
1192 } 1160 }
1193 1161
1194 dentry = cached_lookup(base, name, nd); 1162 dentry = __d_lookup(base, name);
1163
1164 /* lockess __d_lookup may fail due to concurrent d_move()
1165 * in some unrelated directory, so try with d_lookup
1166 */
1167 if (!dentry)
1168 dentry = d_lookup(base, name);
1169
1170 if (dentry && dentry->d_op && dentry->d_op->d_revalidate)
1171 dentry = do_revalidate(dentry, nd);
1172
1195 if (!dentry) { 1173 if (!dentry) {
1196 struct dentry *new; 1174 struct dentry *new;
1197 1175
@@ -1223,7 +1201,7 @@ static struct dentry *lookup_hash(struct nameidata *nd)
1223{ 1201{
1224 int err; 1202 int err;
1225 1203
1226 err = inode_permission(nd->path.dentry->d_inode, MAY_EXEC); 1204 err = exec_permission(nd->path.dentry->d_inode);
1227 if (err) 1205 if (err)
1228 return ERR_PTR(err); 1206 return ERR_PTR(err);
1229 return __lookup_hash(&nd->last, nd->path.dentry, nd); 1207 return __lookup_hash(&nd->last, nd->path.dentry, nd);
@@ -1273,29 +1251,7 @@ struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)
1273 if (err) 1251 if (err)
1274 return ERR_PTR(err); 1252 return ERR_PTR(err);
1275 1253
1276 err = inode_permission(base->d_inode, MAY_EXEC); 1254 err = exec_permission(base->d_inode);
1277 if (err)
1278 return ERR_PTR(err);
1279 return __lookup_hash(&this, base, NULL);
1280}
1281
1282/**
1283 * lookup_one_noperm - bad hack for sysfs
1284 * @name: pathname component to lookup
1285 * @base: base directory to lookup from
1286 *
1287 * This is a variant of lookup_one_len that doesn't perform any permission
1288 * checks. It's a horrible hack to work around the braindead sysfs
1289 * architecture and should not be used anywhere else.
1290 *
1291 * DON'T USE THIS FUNCTION EVER, thanks.
1292 */
1293struct dentry *lookup_one_noperm(const char *name, struct dentry *base)
1294{
1295 int err;
1296 struct qstr this;
1297
1298 err = __lookup_one_len(name, &this, base, strlen(name));
1299 if (err) 1255 if (err)
1300 return ERR_PTR(err); 1256 return ERR_PTR(err);
1301 return __lookup_hash(&this, base, NULL); 1257 return __lookup_hash(&this, base, NULL);
@@ -1533,69 +1489,45 @@ int may_open(struct path *path, int acc_mode, int flag)
1533 if (error) 1489 if (error)
1534 return error; 1490 return error;
1535 1491
1536 error = ima_path_check(path, acc_mode ?
1537 acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) :
1538 ACC_MODE(flag) & (MAY_READ | MAY_WRITE),
1539 IMA_COUNT_UPDATE);
1540
1541 if (error)
1542 return error;
1543 /* 1492 /*
1544 * An append-only file must be opened in append mode for writing. 1493 * An append-only file must be opened in append mode for writing.
1545 */ 1494 */
1546 if (IS_APPEND(inode)) { 1495 if (IS_APPEND(inode)) {
1547 error = -EPERM;
1548 if ((flag & FMODE_WRITE) && !(flag & O_APPEND)) 1496 if ((flag & FMODE_WRITE) && !(flag & O_APPEND))
1549 goto err_out; 1497 return -EPERM;
1550 if (flag & O_TRUNC) 1498 if (flag & O_TRUNC)
1551 goto err_out; 1499 return -EPERM;
1552 } 1500 }
1553 1501
1554 /* O_NOATIME can only be set by the owner or superuser */ 1502 /* O_NOATIME can only be set by the owner or superuser */
1555 if (flag & O_NOATIME) 1503 if (flag & O_NOATIME && !is_owner_or_cap(inode))
1556 if (!is_owner_or_cap(inode)) { 1504 return -EPERM;
1557 error = -EPERM;
1558 goto err_out;
1559 }
1560 1505
1561 /* 1506 /*
1562 * Ensure there are no outstanding leases on the file. 1507 * Ensure there are no outstanding leases on the file.
1563 */ 1508 */
1564 error = break_lease(inode, flag); 1509 return break_lease(inode, flag);
1565 if (error) 1510}
1566 goto err_out;
1567
1568 if (flag & O_TRUNC) {
1569 error = get_write_access(inode);
1570 if (error)
1571 goto err_out;
1572
1573 /*
1574 * Refuse to truncate files with mandatory locks held on them.
1575 */
1576 error = locks_verify_locked(inode);
1577 if (!error)
1578 error = security_path_truncate(path, 0,
1579 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN);
1580 if (!error) {
1581 vfs_dq_init(inode);
1582
1583 error = do_truncate(dentry, 0,
1584 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
1585 NULL);
1586 }
1587 put_write_access(inode);
1588 if (error)
1589 goto err_out;
1590 } else
1591 if (flag & FMODE_WRITE)
1592 vfs_dq_init(inode);
1593 1511
1594 return 0; 1512static int handle_truncate(struct path *path)
1595err_out: 1513{
1596 ima_counts_put(path, acc_mode ? 1514 struct inode *inode = path->dentry->d_inode;
1597 acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) : 1515 int error = get_write_access(inode);
1598 ACC_MODE(flag) & (MAY_READ | MAY_WRITE)); 1516 if (error)
1517 return error;
1518 /*
1519 * Refuse to truncate files with mandatory locks held on them.
1520 */
1521 error = locks_verify_locked(inode);
1522 if (!error)
1523 error = security_path_truncate(path, 0,
1524 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN);
1525 if (!error) {
1526 error = do_truncate(path->dentry, 0,
1527 ATTR_MTIME|ATTR_CTIME|ATTR_OPEN,
1528 NULL);
1529 }
1530 put_write_access(inode);
1599 return error; 1531 return error;
1600} 1532}
1601 1533
@@ -1650,7 +1582,7 @@ static inline int open_to_namei_flags(int flag)
1650 return flag; 1582 return flag;
1651} 1583}
1652 1584
1653static int open_will_write_to_fs(int flag, struct inode *inode) 1585static int open_will_truncate(int flag, struct inode *inode)
1654{ 1586{
1655 /* 1587 /*
1656 * We'll never write to the fs underlying 1588 * We'll never write to the fs underlying
@@ -1675,11 +1607,21 @@ struct file *do_filp_open(int dfd, const char *pathname,
1675 struct path path; 1607 struct path path;
1676 struct dentry *dir; 1608 struct dentry *dir;
1677 int count = 0; 1609 int count = 0;
1678 int will_write; 1610 int will_truncate;
1679 int flag = open_to_namei_flags(open_flag); 1611 int flag = open_to_namei_flags(open_flag);
1612 int force_reval = 0;
1613
1614 /*
1615 * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only
1616 * check for O_DSYNC if the need any syncing at all we enforce it's
1617 * always set instead of having to deal with possibly weird behaviour
1618 * for malicious applications setting only __O_SYNC.
1619 */
1620 if (open_flag & __O_SYNC)
1621 open_flag |= O_DSYNC;
1680 1622
1681 if (!acc_mode) 1623 if (!acc_mode)
1682 acc_mode = MAY_OPEN | ACC_MODE(flag); 1624 acc_mode = MAY_OPEN | ACC_MODE(open_flag);
1683 1625
1684 /* O_TRUNC implies we need access checks for write permissions */ 1626 /* O_TRUNC implies we need access checks for write permissions */
1685 if (flag & O_TRUNC) 1627 if (flag & O_TRUNC)
@@ -1694,8 +1636,23 @@ struct file *do_filp_open(int dfd, const char *pathname,
1694 * The simplest case - just a plain lookup. 1636 * The simplest case - just a plain lookup.
1695 */ 1637 */
1696 if (!(flag & O_CREAT)) { 1638 if (!(flag & O_CREAT)) {
1697 error = path_lookup_open(dfd, pathname, lookup_flags(flag), 1639 filp = get_empty_filp();
1698 &nd, flag); 1640
1641 if (filp == NULL)
1642 return ERR_PTR(-ENFILE);
1643 nd.intent.open.file = filp;
1644 filp->f_flags = open_flag;
1645 nd.intent.open.flags = flag;
1646 nd.intent.open.create_mode = 0;
1647 error = do_path_lookup(dfd, pathname,
1648 lookup_flags(flag)|LOOKUP_OPEN, &nd);
1649 if (IS_ERR(nd.intent.open.file)) {
1650 if (error == 0) {
1651 error = PTR_ERR(nd.intent.open.file);
1652 path_put(&nd.path);
1653 }
1654 } else if (error)
1655 release_open_intent(&nd);
1699 if (error) 1656 if (error)
1700 return ERR_PTR(error); 1657 return ERR_PTR(error);
1701 goto ok; 1658 goto ok;
@@ -1704,9 +1661,12 @@ struct file *do_filp_open(int dfd, const char *pathname,
1704 /* 1661 /*
1705 * Create - we need to know the parent. 1662 * Create - we need to know the parent.
1706 */ 1663 */
1664reval:
1707 error = path_init(dfd, pathname, LOOKUP_PARENT, &nd); 1665 error = path_init(dfd, pathname, LOOKUP_PARENT, &nd);
1708 if (error) 1666 if (error)
1709 return ERR_PTR(error); 1667 return ERR_PTR(error);
1668 if (force_reval)
1669 nd.flags |= LOOKUP_REVAL;
1710 error = path_walk(pathname, &nd); 1670 error = path_walk(pathname, &nd);
1711 if (error) { 1671 if (error) {
1712 if (nd.root.mnt) 1672 if (nd.root.mnt)
@@ -1730,6 +1690,7 @@ struct file *do_filp_open(int dfd, const char *pathname,
1730 if (filp == NULL) 1690 if (filp == NULL)
1731 goto exit_parent; 1691 goto exit_parent;
1732 nd.intent.open.file = filp; 1692 nd.intent.open.file = filp;
1693 filp->f_flags = open_flag;
1733 nd.intent.open.flags = flag; 1694 nd.intent.open.flags = flag;
1734 nd.intent.open.create_mode = mode; 1695 nd.intent.open.create_mode = mode;
1735 dir = nd.path.dentry; 1696 dir = nd.path.dentry;
@@ -1770,14 +1731,17 @@ do_last:
1770 mnt_drop_write(nd.path.mnt); 1731 mnt_drop_write(nd.path.mnt);
1771 goto exit; 1732 goto exit;
1772 } 1733 }
1773 filp = nameidata_to_filp(&nd, open_flag); 1734 filp = nameidata_to_filp(&nd);
1774 if (IS_ERR(filp))
1775 ima_counts_put(&nd.path,
1776 acc_mode & (MAY_READ | MAY_WRITE |
1777 MAY_EXEC));
1778 mnt_drop_write(nd.path.mnt); 1735 mnt_drop_write(nd.path.mnt);
1779 if (nd.root.mnt) 1736 if (nd.root.mnt)
1780 path_put(&nd.root); 1737 path_put(&nd.root);
1738 if (!IS_ERR(filp)) {
1739 error = ima_file_check(filp, acc_mode);
1740 if (error) {
1741 fput(filp);
1742 filp = ERR_PTR(error);
1743 }
1744 }
1781 return filp; 1745 return filp;
1782 } 1746 }
1783 1747
@@ -1805,7 +1769,7 @@ do_last:
1805 1769
1806 path_to_nameidata(&path, &nd); 1770 path_to_nameidata(&path, &nd);
1807 error = -EISDIR; 1771 error = -EISDIR;
1808 if (path.dentry->d_inode && S_ISDIR(path.dentry->d_inode->i_mode)) 1772 if (S_ISDIR(path.dentry->d_inode->i_mode))
1809 goto exit; 1773 goto exit;
1810ok: 1774ok:
1811 /* 1775 /*
@@ -1818,28 +1782,44 @@ ok:
1818 * be avoided. Taking this mnt write here 1782 * be avoided. Taking this mnt write here
1819 * ensures that (2) can not occur. 1783 * ensures that (2) can not occur.
1820 */ 1784 */
1821 will_write = open_will_write_to_fs(flag, nd.path.dentry->d_inode); 1785 will_truncate = open_will_truncate(flag, nd.path.dentry->d_inode);
1822 if (will_write) { 1786 if (will_truncate) {
1823 error = mnt_want_write(nd.path.mnt); 1787 error = mnt_want_write(nd.path.mnt);
1824 if (error) 1788 if (error)
1825 goto exit; 1789 goto exit;
1826 } 1790 }
1827 error = may_open(&nd.path, acc_mode, flag); 1791 error = may_open(&nd.path, acc_mode, flag);
1828 if (error) { 1792 if (error) {
1829 if (will_write) 1793 if (will_truncate)
1830 mnt_drop_write(nd.path.mnt); 1794 mnt_drop_write(nd.path.mnt);
1831 goto exit; 1795 goto exit;
1832 } 1796 }
1833 filp = nameidata_to_filp(&nd, open_flag); 1797 filp = nameidata_to_filp(&nd);
1834 if (IS_ERR(filp)) 1798 if (!IS_ERR(filp)) {
1835 ima_counts_put(&nd.path, 1799 error = ima_file_check(filp, acc_mode);
1836 acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC)); 1800 if (error) {
1801 fput(filp);
1802 filp = ERR_PTR(error);
1803 }
1804 }
1805 if (!IS_ERR(filp)) {
1806 if (acc_mode & MAY_WRITE)
1807 vfs_dq_init(nd.path.dentry->d_inode);
1808
1809 if (will_truncate) {
1810 error = handle_truncate(&nd.path);
1811 if (error) {
1812 fput(filp);
1813 filp = ERR_PTR(error);
1814 }
1815 }
1816 }
1837 /* 1817 /*
1838 * It is now safe to drop the mnt write 1818 * It is now safe to drop the mnt write
1839 * because the filp has had a write taken 1819 * because the filp has had a write taken
1840 * on its behalf. 1820 * on its behalf.
1841 */ 1821 */
1842 if (will_write) 1822 if (will_truncate)
1843 mnt_drop_write(nd.path.mnt); 1823 mnt_drop_write(nd.path.mnt);
1844 if (nd.root.mnt) 1824 if (nd.root.mnt)
1845 path_put(&nd.root); 1825 path_put(&nd.root);
@@ -1877,6 +1857,7 @@ do_link:
1877 if (error) 1857 if (error)
1878 goto exit_dput; 1858 goto exit_dput;
1879 error = __do_follow_link(&path, &nd); 1859 error = __do_follow_link(&path, &nd);
1860 path_put(&path);
1880 if (error) { 1861 if (error) {
1881 /* Does someone understand code flow here? Or it is only 1862 /* Does someone understand code flow here? Or it is only
1882 * me so stupid? Anathema to whoever designed this non-sense 1863 * me so stupid? Anathema to whoever designed this non-sense
@@ -1885,6 +1866,10 @@ do_link:
1885 release_open_intent(&nd); 1866 release_open_intent(&nd);
1886 if (nd.root.mnt) 1867 if (nd.root.mnt)
1887 path_put(&nd.root); 1868 path_put(&nd.root);
1869 if (error == -ESTALE && !force_reval) {
1870 force_reval = 1;
1871 goto reval;
1872 }
1888 return ERR_PTR(error); 1873 return ERR_PTR(error);
1889 } 1874 }
1890 nd.flags &= ~LOOKUP_PARENT; 1875 nd.flags &= ~LOOKUP_PARENT;
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-22 12:56:05 -0500