diff options
Diffstat (limited to 'fs/namei.c')
-rw-r--r-- | fs/namei.c | 1863 |
1 files changed, 800 insertions, 1063 deletions
diff --git a/fs/namei.c b/fs/namei.c index 7d77f24d32a9..2358b326b221 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -70,7 +70,7 @@ | |||
70 | * name indicated by the symlink. The old code always complained that the | 70 | * name indicated by the symlink. The old code always complained that the |
71 | * name already exists, due to not following the symlink even if its target | 71 | * name already exists, due to not following the symlink even if its target |
72 | * is nonexistent. The new semantics affects also mknod() and link() when | 72 | * is nonexistent. The new semantics affects also mknod() and link() when |
73 | * the name is a symlink pointing to a non-existant name. | 73 | * the name is a symlink pointing to a non-existent name. |
74 | * | 74 | * |
75 | * I don't know which semantics is the right one, since I have no access | 75 | * I don't know which semantics is the right one, since I have no access |
76 | * to standards. But I found by trial that HP-UX 9.0 has the full "new" | 76 | * to standards. But I found by trial that HP-UX 9.0 has the full "new" |
@@ -136,7 +136,7 @@ static int do_getname(const char __user *filename, char *page) | |||
136 | return retval; | 136 | return retval; |
137 | } | 137 | } |
138 | 138 | ||
139 | char * getname(const char __user * filename) | 139 | static char *getname_flags(const char __user * filename, int flags) |
140 | { | 140 | { |
141 | char *tmp, *result; | 141 | char *tmp, *result; |
142 | 142 | ||
@@ -147,14 +147,21 @@ char * getname(const char __user * filename) | |||
147 | 147 | ||
148 | result = tmp; | 148 | result = tmp; |
149 | if (retval < 0) { | 149 | if (retval < 0) { |
150 | __putname(tmp); | 150 | if (retval != -ENOENT || !(flags & LOOKUP_EMPTY)) { |
151 | result = ERR_PTR(retval); | 151 | __putname(tmp); |
152 | result = ERR_PTR(retval); | ||
153 | } | ||
152 | } | 154 | } |
153 | } | 155 | } |
154 | audit_getname(result); | 156 | audit_getname(result); |
155 | return result; | 157 | return result; |
156 | } | 158 | } |
157 | 159 | ||
160 | char *getname(const char __user * filename) | ||
161 | { | ||
162 | return getname_flags(filename, 0); | ||
163 | } | ||
164 | |||
158 | #ifdef CONFIG_AUDITSYSCALL | 165 | #ifdef CONFIG_AUDITSYSCALL |
159 | void putname(const char *name) | 166 | void putname(const char *name) |
160 | { | 167 | { |
@@ -172,10 +179,13 @@ EXPORT_SYMBOL(putname); | |||
172 | static int acl_permission_check(struct inode *inode, int mask, unsigned int flags, | 179 | static int acl_permission_check(struct inode *inode, int mask, unsigned int flags, |
173 | int (*check_acl)(struct inode *inode, int mask, unsigned int flags)) | 180 | int (*check_acl)(struct inode *inode, int mask, unsigned int flags)) |
174 | { | 181 | { |
175 | umode_t mode = inode->i_mode; | 182 | unsigned int mode = inode->i_mode; |
176 | 183 | ||
177 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC; | 184 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC; |
178 | 185 | ||
186 | if (current_user_ns() != inode_userns(inode)) | ||
187 | goto other_perms; | ||
188 | |||
179 | if (current_fsuid() == inode->i_uid) | 189 | if (current_fsuid() == inode->i_uid) |
180 | mode >>= 6; | 190 | mode >>= 6; |
181 | else { | 191 | else { |
@@ -189,6 +199,7 @@ static int acl_permission_check(struct inode *inode, int mask, unsigned int flag | |||
189 | mode >>= 3; | 199 | mode >>= 3; |
190 | } | 200 | } |
191 | 201 | ||
202 | other_perms: | ||
192 | /* | 203 | /* |
193 | * If the DACs are ok we don't need any capability check. | 204 | * If the DACs are ok we don't need any capability check. |
194 | */ | 205 | */ |
@@ -230,7 +241,7 @@ int generic_permission(struct inode *inode, int mask, unsigned int flags, | |||
230 | * Executable DACs are overridable if at least one exec bit is set. | 241 | * Executable DACs are overridable if at least one exec bit is set. |
231 | */ | 242 | */ |
232 | if (!(mask & MAY_EXEC) || execute_ok(inode)) | 243 | if (!(mask & MAY_EXEC) || execute_ok(inode)) |
233 | if (capable(CAP_DAC_OVERRIDE)) | 244 | if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE)) |
234 | return 0; | 245 | return 0; |
235 | 246 | ||
236 | /* | 247 | /* |
@@ -238,7 +249,7 @@ int generic_permission(struct inode *inode, int mask, unsigned int flags, | |||
238 | */ | 249 | */ |
239 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC; | 250 | mask &= MAY_READ | MAY_WRITE | MAY_EXEC; |
240 | if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) | 251 | if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) |
241 | if (capable(CAP_DAC_READ_SEARCH)) | 252 | if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH)) |
242 | return 0; | 253 | return 0; |
243 | 254 | ||
244 | return -EACCES; | 255 | return -EACCES; |
@@ -380,111 +391,63 @@ void path_put(struct path *path) | |||
380 | } | 391 | } |
381 | EXPORT_SYMBOL(path_put); | 392 | EXPORT_SYMBOL(path_put); |
382 | 393 | ||
383 | /** | 394 | /* |
384 | * nameidata_drop_rcu - drop this nameidata out of rcu-walk | ||
385 | * @nd: nameidata pathwalk data to drop | ||
386 | * Returns: 0 on success, -ECHILD on failure | ||
387 | * | ||
388 | * Path walking has 2 modes, rcu-walk and ref-walk (see | 395 | * Path walking has 2 modes, rcu-walk and ref-walk (see |
389 | * Documentation/filesystems/path-lookup.txt). __drop_rcu* functions attempt | 396 | * Documentation/filesystems/path-lookup.txt). In situations when we can't |
390 | * to drop out of rcu-walk mode and take normal reference counts on dentries | 397 | * continue in RCU mode, we attempt to drop out of rcu-walk mode and grab |
391 | * and vfsmounts to transition to rcu-walk mode. __drop_rcu* functions take | 398 | * normal reference counts on dentries and vfsmounts to transition to rcu-walk |
392 | * refcounts at the last known good point before rcu-walk got stuck, so | 399 | * mode. Refcounts are grabbed at the last known good point before rcu-walk |
393 | * ref-walk may continue from there. If this is not successful (eg. a seqcount | 400 | * got stuck, so ref-walk may continue from there. If this is not successful |
394 | * has changed), then failure is returned and path walk restarts from the | 401 | * (eg. a seqcount has changed), then failure is returned and it's up to caller |
395 | * beginning in ref-walk mode. | 402 | * to restart the path walk from the beginning in ref-walk mode. |
396 | * | ||
397 | * nameidata_drop_rcu attempts to drop the current nd->path and nd->root into | ||
398 | * ref-walk. Must be called from rcu-walk context. | ||
399 | */ | 403 | */ |
400 | static int nameidata_drop_rcu(struct nameidata *nd) | ||
401 | { | ||
402 | struct fs_struct *fs = current->fs; | ||
403 | struct dentry *dentry = nd->path.dentry; | ||
404 | |||
405 | BUG_ON(!(nd->flags & LOOKUP_RCU)); | ||
406 | if (nd->root.mnt) { | ||
407 | spin_lock(&fs->lock); | ||
408 | if (nd->root.mnt != fs->root.mnt || | ||
409 | nd->root.dentry != fs->root.dentry) | ||
410 | goto err_root; | ||
411 | } | ||
412 | spin_lock(&dentry->d_lock); | ||
413 | if (!__d_rcu_to_refcount(dentry, nd->seq)) | ||
414 | goto err; | ||
415 | BUG_ON(nd->inode != dentry->d_inode); | ||
416 | spin_unlock(&dentry->d_lock); | ||
417 | if (nd->root.mnt) { | ||
418 | path_get(&nd->root); | ||
419 | spin_unlock(&fs->lock); | ||
420 | } | ||
421 | mntget(nd->path.mnt); | ||
422 | |||
423 | rcu_read_unlock(); | ||
424 | br_read_unlock(vfsmount_lock); | ||
425 | nd->flags &= ~LOOKUP_RCU; | ||
426 | return 0; | ||
427 | err: | ||
428 | spin_unlock(&dentry->d_lock); | ||
429 | err_root: | ||
430 | if (nd->root.mnt) | ||
431 | spin_unlock(&fs->lock); | ||
432 | return -ECHILD; | ||
433 | } | ||
434 | |||
435 | /* Try to drop out of rcu-walk mode if we were in it, otherwise do nothing. */ | ||
436 | static inline int nameidata_drop_rcu_maybe(struct nameidata *nd) | ||
437 | { | ||
438 | if (nd->flags & LOOKUP_RCU) | ||
439 | return nameidata_drop_rcu(nd); | ||
440 | return 0; | ||
441 | } | ||
442 | 404 | ||
443 | /** | 405 | /** |
444 | * nameidata_dentry_drop_rcu - drop nameidata and dentry out of rcu-walk | 406 | * unlazy_walk - try to switch to ref-walk mode. |
445 | * @nd: nameidata pathwalk data to drop | 407 | * @nd: nameidata pathwalk data |
446 | * @dentry: dentry to drop | 408 | * @dentry: child of nd->path.dentry or NULL |
447 | * Returns: 0 on success, -ECHILD on failure | 409 | * Returns: 0 on success, -ECHILD on failure |
448 | * | 410 | * |
449 | * nameidata_dentry_drop_rcu attempts to drop the current nd->path and nd->root, | 411 | * unlazy_walk attempts to legitimize the current nd->path, nd->root and dentry |
450 | * and dentry into ref-walk. @dentry must be a path found by a do_lookup call on | 412 | * for ref-walk mode. @dentry must be a path found by a do_lookup call on |
451 | * @nd. Must be called from rcu-walk context. | 413 | * @nd or NULL. Must be called from rcu-walk context. |
452 | */ | 414 | */ |
453 | static int nameidata_dentry_drop_rcu(struct nameidata *nd, struct dentry *dentry) | 415 | static int unlazy_walk(struct nameidata *nd, struct dentry *dentry) |
454 | { | 416 | { |
455 | struct fs_struct *fs = current->fs; | 417 | struct fs_struct *fs = current->fs; |
456 | struct dentry *parent = nd->path.dentry; | 418 | struct dentry *parent = nd->path.dentry; |
457 | 419 | int want_root = 0; | |
458 | /* | ||
459 | * It can be possible to revalidate the dentry that we started | ||
460 | * the path walk with. force_reval_path may also revalidate the | ||
461 | * dentry already committed to the nameidata. | ||
462 | */ | ||
463 | if (unlikely(parent == dentry)) | ||
464 | return nameidata_drop_rcu(nd); | ||
465 | 420 | ||
466 | BUG_ON(!(nd->flags & LOOKUP_RCU)); | 421 | BUG_ON(!(nd->flags & LOOKUP_RCU)); |
467 | if (nd->root.mnt) { | 422 | if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) { |
423 | want_root = 1; | ||
468 | spin_lock(&fs->lock); | 424 | spin_lock(&fs->lock); |
469 | if (nd->root.mnt != fs->root.mnt || | 425 | if (nd->root.mnt != fs->root.mnt || |
470 | nd->root.dentry != fs->root.dentry) | 426 | nd->root.dentry != fs->root.dentry) |
471 | goto err_root; | 427 | goto err_root; |
472 | } | 428 | } |
473 | spin_lock(&parent->d_lock); | 429 | spin_lock(&parent->d_lock); |
474 | spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); | 430 | if (!dentry) { |
475 | if (!__d_rcu_to_refcount(dentry, nd->seq)) | 431 | if (!__d_rcu_to_refcount(parent, nd->seq)) |
476 | goto err; | 432 | goto err_parent; |
477 | /* | 433 | BUG_ON(nd->inode != parent->d_inode); |
478 | * If the sequence check on the child dentry passed, then the child has | 434 | } else { |
479 | * not been removed from its parent. This means the parent dentry must | 435 | spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); |
480 | * be valid and able to take a reference at this point. | 436 | if (!__d_rcu_to_refcount(dentry, nd->seq)) |
481 | */ | 437 | goto err_child; |
482 | BUG_ON(!IS_ROOT(dentry) && dentry->d_parent != parent); | 438 | /* |
483 | BUG_ON(!parent->d_count); | 439 | * If the sequence check on the child dentry passed, then |
484 | parent->d_count++; | 440 | * the child has not been removed from its parent. This |
485 | spin_unlock(&dentry->d_lock); | 441 | * means the parent dentry must be valid and able to take |
442 | * a reference at this point. | ||
443 | */ | ||
444 | BUG_ON(!IS_ROOT(dentry) && dentry->d_parent != parent); | ||
445 | BUG_ON(!parent->d_count); | ||
446 | parent->d_count++; | ||
447 | spin_unlock(&dentry->d_lock); | ||
448 | } | ||
486 | spin_unlock(&parent->d_lock); | 449 | spin_unlock(&parent->d_lock); |
487 | if (nd->root.mnt) { | 450 | if (want_root) { |
488 | path_get(&nd->root); | 451 | path_get(&nd->root); |
489 | spin_unlock(&fs->lock); | 452 | spin_unlock(&fs->lock); |
490 | } | 453 | } |
@@ -494,106 +457,42 @@ static int nameidata_dentry_drop_rcu(struct nameidata *nd, struct dentry *dentry | |||
494 | br_read_unlock(vfsmount_lock); | 457 | br_read_unlock(vfsmount_lock); |
495 | nd->flags &= ~LOOKUP_RCU; | 458 | nd->flags &= ~LOOKUP_RCU; |
496 | return 0; | 459 | return 0; |
497 | err: | 460 | |
461 | err_child: | ||
498 | spin_unlock(&dentry->d_lock); | 462 | spin_unlock(&dentry->d_lock); |
463 | err_parent: | ||
499 | spin_unlock(&parent->d_lock); | 464 | spin_unlock(&parent->d_lock); |
500 | err_root: | 465 | err_root: |
501 | if (nd->root.mnt) | 466 | if (want_root) |
502 | spin_unlock(&fs->lock); | 467 | spin_unlock(&fs->lock); |
503 | return -ECHILD; | 468 | return -ECHILD; |
504 | } | 469 | } |
505 | 470 | ||
506 | /* Try to drop out of rcu-walk mode if we were in it, otherwise do nothing. */ | ||
507 | static inline int nameidata_dentry_drop_rcu_maybe(struct nameidata *nd, struct dentry *dentry) | ||
508 | { | ||
509 | if (nd->flags & LOOKUP_RCU) | ||
510 | return nameidata_dentry_drop_rcu(nd, dentry); | ||
511 | return 0; | ||
512 | } | ||
513 | |||
514 | /** | ||
515 | * nameidata_drop_rcu_last - drop nameidata ending path walk out of rcu-walk | ||
516 | * @nd: nameidata pathwalk data to drop | ||
517 | * Returns: 0 on success, -ECHILD on failure | ||
518 | * | ||
519 | * nameidata_drop_rcu_last attempts to drop the current nd->path into ref-walk. | ||
520 | * nd->path should be the final element of the lookup, so nd->root is discarded. | ||
521 | * Must be called from rcu-walk context. | ||
522 | */ | ||
523 | static int nameidata_drop_rcu_last(struct nameidata *nd) | ||
524 | { | ||
525 | struct dentry *dentry = nd->path.dentry; | ||
526 | |||
527 | BUG_ON(!(nd->flags & LOOKUP_RCU)); | ||
528 | nd->flags &= ~LOOKUP_RCU; | ||
529 | nd->root.mnt = NULL; | ||
530 | spin_lock(&dentry->d_lock); | ||
531 | if (!__d_rcu_to_refcount(dentry, nd->seq)) | ||
532 | goto err_unlock; | ||
533 | BUG_ON(nd->inode != dentry->d_inode); | ||
534 | spin_unlock(&dentry->d_lock); | ||
535 | |||
536 | mntget(nd->path.mnt); | ||
537 | |||
538 | rcu_read_unlock(); | ||
539 | br_read_unlock(vfsmount_lock); | ||
540 | |||
541 | return 0; | ||
542 | |||
543 | err_unlock: | ||
544 | spin_unlock(&dentry->d_lock); | ||
545 | rcu_read_unlock(); | ||
546 | br_read_unlock(vfsmount_lock); | ||
547 | return -ECHILD; | ||
548 | } | ||
549 | |||
550 | /* Try to drop out of rcu-walk mode if we were in it, otherwise do nothing. */ | ||
551 | static inline int nameidata_drop_rcu_last_maybe(struct nameidata *nd) | ||
552 | { | ||
553 | if (likely(nd->flags & LOOKUP_RCU)) | ||
554 | return nameidata_drop_rcu_last(nd); | ||
555 | return 0; | ||
556 | } | ||
557 | |||
558 | /** | 471 | /** |
559 | * release_open_intent - free up open intent resources | 472 | * release_open_intent - free up open intent resources |
560 | * @nd: pointer to nameidata | 473 | * @nd: pointer to nameidata |
561 | */ | 474 | */ |
562 | void release_open_intent(struct nameidata *nd) | 475 | void release_open_intent(struct nameidata *nd) |
563 | { | 476 | { |
564 | if (nd->intent.open.file->f_path.dentry == NULL) | 477 | struct file *file = nd->intent.open.file; |
565 | put_filp(nd->intent.open.file); | ||
566 | else | ||
567 | fput(nd->intent.open.file); | ||
568 | } | ||
569 | 478 | ||
570 | /* | 479 | if (file && !IS_ERR(file)) { |
571 | * Call d_revalidate and handle filesystems that request rcu-walk | 480 | if (file->f_path.dentry == NULL) |
572 | * to be dropped. This may be called and return in rcu-walk mode, | 481 | put_filp(file); |
573 | * regardless of success or error. If -ECHILD is returned, the caller | 482 | else |
574 | * must return -ECHILD back up the path walk stack so path walk may | 483 | fput(file); |
575 | * be restarted in ref-walk mode. | ||
576 | */ | ||
577 | static int d_revalidate(struct dentry *dentry, struct nameidata *nd) | ||
578 | { | ||
579 | int status; | ||
580 | |||
581 | status = dentry->d_op->d_revalidate(dentry, nd); | ||
582 | if (status == -ECHILD) { | ||
583 | if (nameidata_dentry_drop_rcu(nd, dentry)) | ||
584 | return status; | ||
585 | status = dentry->d_op->d_revalidate(dentry, nd); | ||
586 | } | 484 | } |
485 | } | ||
587 | 486 | ||
588 | return status; | 487 | static inline int d_revalidate(struct dentry *dentry, struct nameidata *nd) |
488 | { | ||
489 | return dentry->d_op->d_revalidate(dentry, nd); | ||
589 | } | 490 | } |
590 | 491 | ||
591 | static inline struct dentry * | 492 | static struct dentry * |
592 | do_revalidate(struct dentry *dentry, struct nameidata *nd) | 493 | do_revalidate(struct dentry *dentry, struct nameidata *nd) |
593 | { | 494 | { |
594 | int status; | 495 | int status = d_revalidate(dentry, nd); |
595 | |||
596 | status = d_revalidate(dentry, nd); | ||
597 | if (unlikely(status <= 0)) { | 496 | if (unlikely(status <= 0)) { |
598 | /* | 497 | /* |
599 | * The dentry failed validation. | 498 | * The dentry failed validation. |
@@ -602,74 +501,67 @@ do_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
602 | * to return a fail status. | 501 | * to return a fail status. |
603 | */ | 502 | */ |
604 | if (status < 0) { | 503 | if (status < 0) { |
605 | /* If we're in rcu-walk, we don't have a ref */ | 504 | dput(dentry); |
606 | if (!(nd->flags & LOOKUP_RCU)) | ||
607 | dput(dentry); | ||
608 | dentry = ERR_PTR(status); | 505 | dentry = ERR_PTR(status); |
609 | 506 | } else if (!d_invalidate(dentry)) { | |
610 | } else { | 507 | dput(dentry); |
611 | /* Don't d_invalidate in rcu-walk mode */ | 508 | dentry = NULL; |
612 | if (nameidata_dentry_drop_rcu_maybe(nd, dentry)) | ||
613 | return ERR_PTR(-ECHILD); | ||
614 | if (!d_invalidate(dentry)) { | ||
615 | dput(dentry); | ||
616 | dentry = NULL; | ||
617 | } | ||
618 | } | 509 | } |
619 | } | 510 | } |
620 | return dentry; | 511 | return dentry; |
621 | } | 512 | } |
622 | 513 | ||
623 | static inline int need_reval_dot(struct dentry *dentry) | 514 | /** |
624 | { | 515 | * complete_walk - successful completion of path walk |
625 | if (likely(!(dentry->d_flags & DCACHE_OP_REVALIDATE))) | 516 | * @nd: pointer nameidata |
626 | return 0; | ||
627 | |||
628 | if (likely(!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT))) | ||
629 | return 0; | ||
630 | |||
631 | return 1; | ||
632 | } | ||
633 | |||
634 | /* | ||
635 | * force_reval_path - force revalidation of a dentry | ||
636 | * | ||
637 | * In some situations the path walking code will trust dentries without | ||
638 | * revalidating them. This causes problems for filesystems that depend on | ||
639 | * d_revalidate to handle file opens (e.g. NFSv4). When FS_REVAL_DOT is set | ||
640 | * (which indicates that it's possible for the dentry to go stale), force | ||
641 | * a d_revalidate call before proceeding. | ||
642 | * | 517 | * |
643 | * Returns 0 if the revalidation was successful. If the revalidation fails, | 518 | * If we had been in RCU mode, drop out of it and legitimize nd->path. |
644 | * either return the error returned by d_revalidate or -ESTALE if the | 519 | * Revalidate the final result, unless we'd already done that during |
645 | * revalidation it just returned 0. If d_revalidate returns 0, we attempt to | 520 | * the path walk or the filesystem doesn't ask for it. Return 0 on |
646 | * invalidate the dentry. It's up to the caller to handle putting references | 521 | * success, -error on failure. In case of failure caller does not |
647 | * to the path if necessary. | 522 | * need to drop nd->path. |
648 | */ | 523 | */ |
649 | static int | 524 | static int complete_walk(struct nameidata *nd) |
650 | force_reval_path(struct path *path, struct nameidata *nd) | ||
651 | { | 525 | { |
526 | struct dentry *dentry = nd->path.dentry; | ||
652 | int status; | 527 | int status; |
653 | struct dentry *dentry = path->dentry; | ||
654 | 528 | ||
655 | /* | 529 | if (nd->flags & LOOKUP_RCU) { |
656 | * only check on filesystems where it's possible for the dentry to | 530 | nd->flags &= ~LOOKUP_RCU; |
657 | * become stale. | 531 | if (!(nd->flags & LOOKUP_ROOT)) |
658 | */ | 532 | nd->root.mnt = NULL; |
659 | if (!need_reval_dot(dentry)) | 533 | spin_lock(&dentry->d_lock); |
534 | if (unlikely(!__d_rcu_to_refcount(dentry, nd->seq))) { | ||
535 | spin_unlock(&dentry->d_lock); | ||
536 | rcu_read_unlock(); | ||
537 | br_read_unlock(vfsmount_lock); | ||
538 | return -ECHILD; | ||
539 | } | ||
540 | BUG_ON(nd->inode != dentry->d_inode); | ||
541 | spin_unlock(&dentry->d_lock); | ||
542 | mntget(nd->path.mnt); | ||
543 | rcu_read_unlock(); | ||
544 | br_read_unlock(vfsmount_lock); | ||
545 | } | ||
546 | |||
547 | if (likely(!(nd->flags & LOOKUP_JUMPED))) | ||
548 | return 0; | ||
549 | |||
550 | if (likely(!(dentry->d_flags & DCACHE_OP_REVALIDATE))) | ||
551 | return 0; | ||
552 | |||
553 | if (likely(!(dentry->d_sb->s_type->fs_flags & FS_REVAL_DOT))) | ||
660 | return 0; | 554 | return 0; |
661 | 555 | ||
556 | /* Note: we do not d_invalidate() */ | ||
662 | status = d_revalidate(dentry, nd); | 557 | status = d_revalidate(dentry, nd); |
663 | if (status > 0) | 558 | if (status > 0) |
664 | return 0; | 559 | return 0; |
665 | 560 | ||
666 | if (!status) { | 561 | if (!status) |
667 | /* Don't d_invalidate in rcu-walk mode */ | ||
668 | if (nameidata_drop_rcu(nd)) | ||
669 | return -ECHILD; | ||
670 | d_invalidate(dentry); | ||
671 | status = -ESTALE; | 562 | status = -ESTALE; |
672 | } | 563 | |
564 | path_put(&nd->path); | ||
673 | return status; | 565 | return status; |
674 | } | 566 | } |
675 | 567 | ||
@@ -685,6 +577,7 @@ force_reval_path(struct path *path, struct nameidata *nd) | |||
685 | static inline int exec_permission(struct inode *inode, unsigned int flags) | 577 | static inline int exec_permission(struct inode *inode, unsigned int flags) |
686 | { | 578 | { |
687 | int ret; | 579 | int ret; |
580 | struct user_namespace *ns = inode_userns(inode); | ||
688 | 581 | ||
689 | if (inode->i_op->permission) { | 582 | if (inode->i_op->permission) { |
690 | ret = inode->i_op->permission(inode, MAY_EXEC, flags); | 583 | ret = inode->i_op->permission(inode, MAY_EXEC, flags); |
@@ -697,7 +590,8 @@ static inline int exec_permission(struct inode *inode, unsigned int flags) | |||
697 | if (ret == -ECHILD) | 590 | if (ret == -ECHILD) |
698 | return ret; | 591 | return ret; |
699 | 592 | ||
700 | if (capable(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH)) | 593 | if (ns_capable(ns, CAP_DAC_OVERRIDE) || |
594 | ns_capable(ns, CAP_DAC_READ_SEARCH)) | ||
701 | goto ok; | 595 | goto ok; |
702 | 596 | ||
703 | return ret; | 597 | return ret; |
@@ -722,6 +616,7 @@ static __always_inline void set_root_rcu(struct nameidata *nd) | |||
722 | do { | 616 | do { |
723 | seq = read_seqcount_begin(&fs->seq); | 617 | seq = read_seqcount_begin(&fs->seq); |
724 | nd->root = fs->root; | 618 | nd->root = fs->root; |
619 | nd->seq = __read_seqcount_begin(&nd->root.dentry->d_seq); | ||
725 | } while (read_seqcount_retry(&fs->seq, seq)); | 620 | } while (read_seqcount_retry(&fs->seq, seq)); |
726 | } | 621 | } |
727 | } | 622 | } |
@@ -738,6 +633,7 @@ static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *l | |||
738 | path_put(&nd->path); | 633 | path_put(&nd->path); |
739 | nd->path = nd->root; | 634 | nd->path = nd->root; |
740 | path_get(&nd->root); | 635 | path_get(&nd->root); |
636 | nd->flags |= LOOKUP_JUMPED; | ||
741 | } | 637 | } |
742 | nd->inode = nd->path.dentry->d_inode; | 638 | nd->inode = nd->path.dentry->d_inode; |
743 | 639 | ||
@@ -767,18 +663,43 @@ static inline void path_to_nameidata(const struct path *path, | |||
767 | nd->path.dentry = path->dentry; | 663 | nd->path.dentry = path->dentry; |
768 | } | 664 | } |
769 | 665 | ||
666 | static inline void put_link(struct nameidata *nd, struct path *link, void *cookie) | ||
667 | { | ||
668 | struct inode *inode = link->dentry->d_inode; | ||
669 | if (!IS_ERR(cookie) && inode->i_op->put_link) | ||
670 | inode->i_op->put_link(link->dentry, nd, cookie); | ||
671 | path_put(link); | ||
672 | } | ||
673 | |||
770 | static __always_inline int | 674 | static __always_inline int |
771 | __do_follow_link(const struct path *link, struct nameidata *nd, void **p) | 675 | follow_link(struct path *link, struct nameidata *nd, void **p) |
772 | { | 676 | { |
773 | int error; | 677 | int error; |
774 | struct dentry *dentry = link->dentry; | 678 | struct dentry *dentry = link->dentry; |
775 | 679 | ||
776 | touch_atime(link->mnt, dentry); | 680 | BUG_ON(nd->flags & LOOKUP_RCU); |
777 | nd_set_link(nd, NULL); | ||
778 | 681 | ||
779 | if (link->mnt == nd->path.mnt) | 682 | if (link->mnt == nd->path.mnt) |
780 | mntget(link->mnt); | 683 | mntget(link->mnt); |
781 | 684 | ||
685 | if (unlikely(current->total_link_count >= 40)) { | ||
686 | *p = ERR_PTR(-ELOOP); /* no ->put_link(), please */ | ||
687 | path_put(&nd->path); | ||
688 | return -ELOOP; | ||
689 | } | ||
690 | cond_resched(); | ||
691 | current->total_link_count++; | ||
692 | |||
693 | touch_atime(link->mnt, dentry); | ||
694 | nd_set_link(nd, NULL); | ||
695 | |||
696 | error = security_inode_follow_link(link->dentry, nd); | ||
697 | if (error) { | ||
698 | *p = ERR_PTR(error); /* no ->put_link(), please */ | ||
699 | path_put(&nd->path); | ||
700 | return error; | ||
701 | } | ||
702 | |||
782 | nd->last_type = LAST_BIND; | 703 | nd->last_type = LAST_BIND; |
783 | *p = dentry->d_inode->i_op->follow_link(dentry, nd); | 704 | *p = dentry->d_inode->i_op->follow_link(dentry, nd); |
784 | error = PTR_ERR(*p); | 705 | error = PTR_ERR(*p); |
@@ -788,50 +709,18 @@ __do_follow_link(const struct path *link, struct nameidata *nd, void **p) | |||
788 | if (s) | 709 | if (s) |
789 | error = __vfs_follow_link(nd, s); | 710 | error = __vfs_follow_link(nd, s); |
790 | else if (nd->last_type == LAST_BIND) { | 711 | else if (nd->last_type == LAST_BIND) { |
791 | error = force_reval_path(&nd->path, nd); | 712 | nd->flags |= LOOKUP_JUMPED; |
792 | if (error) | 713 | nd->inode = nd->path.dentry->d_inode; |
714 | if (nd->inode->i_op->follow_link) { | ||
715 | /* stepped on a _really_ weird one */ | ||
793 | path_put(&nd->path); | 716 | path_put(&nd->path); |
717 | error = -ELOOP; | ||
718 | } | ||
794 | } | 719 | } |
795 | } | 720 | } |
796 | return error; | 721 | return error; |
797 | } | 722 | } |
798 | 723 | ||
799 | /* | ||
800 | * This limits recursive symlink follows to 8, while | ||
801 | * limiting consecutive symlinks to 40. | ||
802 | * | ||
803 | * Without that kind of total limit, nasty chains of consecutive | ||
804 | * symlinks can cause almost arbitrarily long lookups. | ||
805 | */ | ||
806 | static inline int do_follow_link(struct path *path, struct nameidata *nd) | ||
807 | { | ||
808 | void *cookie; | ||
809 | int err = -ELOOP; | ||
810 | if (current->link_count >= MAX_NESTED_LINKS) | ||
811 | goto loop; | ||
812 | if (current->total_link_count >= 40) | ||
813 | goto loop; | ||
814 | BUG_ON(nd->depth >= MAX_NESTED_LINKS); | ||
815 | cond_resched(); | ||
816 | err = security_inode_follow_link(path->dentry, nd); | ||
817 | if (err) | ||
818 | goto loop; | ||
819 | current->link_count++; | ||
820 | current->total_link_count++; | ||
821 | nd->depth++; | ||
822 | err = __do_follow_link(path, nd, &cookie); | ||
823 | if (!IS_ERR(cookie) && path->dentry->d_inode->i_op->put_link) | ||
824 | path->dentry->d_inode->i_op->put_link(path->dentry, nd, cookie); | ||
825 | path_put(path); | ||
826 | current->link_count--; | ||
827 | nd->depth--; | ||
828 | return err; | ||
829 | loop: | ||
830 | path_put_conditional(path, nd); | ||
831 | path_put(&nd->path); | ||
832 | return err; | ||
833 | } | ||
834 | |||
835 | static int follow_up_rcu(struct path *path) | 724 | static int follow_up_rcu(struct path *path) |
836 | { | 725 | { |
837 | struct vfsmount *parent; | 726 | struct vfsmount *parent; |
@@ -970,8 +859,7 @@ static int follow_managed(struct path *path, unsigned flags) | |||
970 | if (managed & DCACHE_MANAGE_TRANSIT) { | 859 | if (managed & DCACHE_MANAGE_TRANSIT) { |
971 | BUG_ON(!path->dentry->d_op); | 860 | BUG_ON(!path->dentry->d_op); |
972 | BUG_ON(!path->dentry->d_op->d_manage); | 861 | BUG_ON(!path->dentry->d_op->d_manage); |
973 | ret = path->dentry->d_op->d_manage(path->dentry, | 862 | ret = path->dentry->d_op->d_manage(path->dentry, false); |
974 | false, false); | ||
975 | if (ret < 0) | 863 | if (ret < 0) |
976 | return ret == -EISDIR ? 0 : ret; | 864 | return ret == -EISDIR ? 0 : ret; |
977 | } | 865 | } |
@@ -1024,6 +912,12 @@ int follow_down_one(struct path *path) | |||
1024 | return 0; | 912 | return 0; |
1025 | } | 913 | } |
1026 | 914 | ||
915 | static inline bool managed_dentry_might_block(struct dentry *dentry) | ||
916 | { | ||
917 | return (dentry->d_flags & DCACHE_MANAGE_TRANSIT && | ||
918 | dentry->d_op->d_manage(dentry, true) < 0); | ||
919 | } | ||
920 | |||
1027 | /* | 921 | /* |
1028 | * Skip to top of mountpoint pile in rcuwalk mode. We abort the rcu-walk if we | 922 | * Skip to top of mountpoint pile in rcuwalk mode. We abort the rcu-walk if we |
1029 | * meet a managed dentry and we're not walking to "..". True is returned to | 923 | * meet a managed dentry and we're not walking to "..". True is returned to |
@@ -1032,19 +926,26 @@ int follow_down_one(struct path *path) | |||
1032 | static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, | 926 | static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, |
1033 | struct inode **inode, bool reverse_transit) | 927 | struct inode **inode, bool reverse_transit) |
1034 | { | 928 | { |
1035 | while (d_mountpoint(path->dentry)) { | 929 | for (;;) { |
1036 | struct vfsmount *mounted; | 930 | struct vfsmount *mounted; |
1037 | if (unlikely(path->dentry->d_flags & DCACHE_MANAGE_TRANSIT) && | 931 | /* |
1038 | !reverse_transit && | 932 | * Don't forget we might have a non-mountpoint managed dentry |
1039 | path->dentry->d_op->d_manage(path->dentry, false, true) < 0) | 933 | * that wants to block transit. |
934 | */ | ||
935 | *inode = path->dentry->d_inode; | ||
936 | if (!reverse_transit && | ||
937 | unlikely(managed_dentry_might_block(path->dentry))) | ||
1040 | return false; | 938 | return false; |
939 | |||
940 | if (!d_mountpoint(path->dentry)) | ||
941 | break; | ||
942 | |||
1041 | mounted = __lookup_mnt(path->mnt, path->dentry, 1); | 943 | mounted = __lookup_mnt(path->mnt, path->dentry, 1); |
1042 | if (!mounted) | 944 | if (!mounted) |
1043 | break; | 945 | break; |
1044 | path->mnt = mounted; | 946 | path->mnt = mounted; |
1045 | path->dentry = mounted->mnt_root; | 947 | path->dentry = mounted->mnt_root; |
1046 | nd->seq = read_seqcount_begin(&path->dentry->d_seq); | 948 | nd->seq = read_seqcount_begin(&path->dentry->d_seq); |
1047 | *inode = path->dentry->d_inode; | ||
1048 | } | 949 | } |
1049 | 950 | ||
1050 | if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT)) | 951 | if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT)) |
@@ -1070,7 +971,7 @@ static int follow_dotdot_rcu(struct nameidata *nd) | |||
1070 | 971 | ||
1071 | seq = read_seqcount_begin(&parent->d_seq); | 972 | seq = read_seqcount_begin(&parent->d_seq); |
1072 | if (read_seqcount_retry(&old->d_seq, nd->seq)) | 973 | if (read_seqcount_retry(&old->d_seq, nd->seq)) |
1073 | return -ECHILD; | 974 | goto failed; |
1074 | inode = parent->d_inode; | 975 | inode = parent->d_inode; |
1075 | nd->path.dentry = parent; | 976 | nd->path.dentry = parent; |
1076 | nd->seq = seq; | 977 | nd->seq = seq; |
@@ -1083,8 +984,15 @@ static int follow_dotdot_rcu(struct nameidata *nd) | |||
1083 | } | 984 | } |
1084 | __follow_mount_rcu(nd, &nd->path, &inode, true); | 985 | __follow_mount_rcu(nd, &nd->path, &inode, true); |
1085 | nd->inode = inode; | 986 | nd->inode = inode; |
1086 | |||
1087 | return 0; | 987 | return 0; |
988 | |||
989 | failed: | ||
990 | nd->flags &= ~LOOKUP_RCU; | ||
991 | if (!(nd->flags & LOOKUP_ROOT)) | ||
992 | nd->root.mnt = NULL; | ||
993 | rcu_read_unlock(); | ||
994 | br_read_unlock(vfsmount_lock); | ||
995 | return -ECHILD; | ||
1088 | } | 996 | } |
1089 | 997 | ||
1090 | /* | 998 | /* |
@@ -1095,7 +1003,7 @@ static int follow_dotdot_rcu(struct nameidata *nd) | |||
1095 | * Care must be taken as namespace_sem may be held (indicated by mounting_here | 1003 | * Care must be taken as namespace_sem may be held (indicated by mounting_here |
1096 | * being true). | 1004 | * being true). |
1097 | */ | 1005 | */ |
1098 | int follow_down(struct path *path, bool mounting_here) | 1006 | int follow_down(struct path *path) |
1099 | { | 1007 | { |
1100 | unsigned managed; | 1008 | unsigned managed; |
1101 | int ret; | 1009 | int ret; |
@@ -1116,7 +1024,7 @@ int follow_down(struct path *path, bool mounting_here) | |||
1116 | BUG_ON(!path->dentry->d_op); | 1024 | BUG_ON(!path->dentry->d_op); |
1117 | BUG_ON(!path->dentry->d_op->d_manage); | 1025 | BUG_ON(!path->dentry->d_op->d_manage); |
1118 | ret = path->dentry->d_op->d_manage( | 1026 | ret = path->dentry->d_op->d_manage( |
1119 | path->dentry, mounting_here, false); | 1027 | path->dentry, false); |
1120 | if (ret < 0) | 1028 | if (ret < 0) |
1121 | return ret == -EISDIR ? 0 : ret; | 1029 | return ret == -EISDIR ? 0 : ret; |
1122 | } | 1030 | } |
@@ -1218,57 +1126,80 @@ static int do_lookup(struct nameidata *nd, struct qstr *name, | |||
1218 | { | 1126 | { |
1219 | struct vfsmount *mnt = nd->path.mnt; | 1127 | struct vfsmount *mnt = nd->path.mnt; |
1220 | struct dentry *dentry, *parent = nd->path.dentry; | 1128 | struct dentry *dentry, *parent = nd->path.dentry; |
1221 | struct inode *dir; | 1129 | int need_reval = 1; |
1130 | int status = 1; | ||
1222 | int err; | 1131 | int err; |
1223 | 1132 | ||
1224 | /* | 1133 | /* |
1225 | * See if the low-level filesystem might want | ||
1226 | * to use its own hash.. | ||
1227 | */ | ||
1228 | if (unlikely(parent->d_flags & DCACHE_OP_HASH)) { | ||
1229 | err = parent->d_op->d_hash(parent, nd->inode, name); | ||
1230 | if (err < 0) | ||
1231 | return err; | ||
1232 | } | ||
1233 | |||
1234 | /* | ||
1235 | * Rename seqlock is not required here because in the off chance | 1134 | * Rename seqlock is not required here because in the off chance |
1236 | * of a false negative due to a concurrent rename, we're going to | 1135 | * of a false negative due to a concurrent rename, we're going to |
1237 | * do the non-racy lookup, below. | 1136 | * do the non-racy lookup, below. |
1238 | */ | 1137 | */ |
1239 | if (nd->flags & LOOKUP_RCU) { | 1138 | if (nd->flags & LOOKUP_RCU) { |
1240 | unsigned seq; | 1139 | unsigned seq; |
1241 | |||
1242 | *inode = nd->inode; | 1140 | *inode = nd->inode; |
1243 | dentry = __d_lookup_rcu(parent, name, &seq, inode); | 1141 | dentry = __d_lookup_rcu(parent, name, &seq, inode); |
1244 | if (!dentry) { | 1142 | if (!dentry) |
1245 | if (nameidata_drop_rcu(nd)) | 1143 | goto unlazy; |
1246 | return -ECHILD; | 1144 | |
1247 | goto need_lookup; | ||
1248 | } | ||
1249 | /* Memory barrier in read_seqcount_begin of child is enough */ | 1145 | /* Memory barrier in read_seqcount_begin of child is enough */ |
1250 | if (__read_seqcount_retry(&parent->d_seq, nd->seq)) | 1146 | if (__read_seqcount_retry(&parent->d_seq, nd->seq)) |
1251 | return -ECHILD; | 1147 | return -ECHILD; |
1252 | |||
1253 | nd->seq = seq; | 1148 | nd->seq = seq; |
1254 | if (dentry->d_flags & DCACHE_OP_REVALIDATE) | 1149 | |
1255 | goto need_revalidate; | 1150 | if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE)) { |
1256 | done2: | 1151 | status = d_revalidate(dentry, nd); |
1152 | if (unlikely(status <= 0)) { | ||
1153 | if (status != -ECHILD) | ||
1154 | need_reval = 0; | ||
1155 | goto unlazy; | ||
1156 | } | ||
1157 | } | ||
1257 | path->mnt = mnt; | 1158 | path->mnt = mnt; |
1258 | path->dentry = dentry; | 1159 | path->dentry = dentry; |
1259 | if (likely(__follow_mount_rcu(nd, path, inode, false))) | 1160 | if (likely(__follow_mount_rcu(nd, path, inode, false))) |
1260 | return 0; | 1161 | return 0; |
1261 | if (nameidata_drop_rcu(nd)) | 1162 | unlazy: |
1163 | if (unlazy_walk(nd, dentry)) | ||
1262 | return -ECHILD; | 1164 | return -ECHILD; |
1263 | /* fallthru */ | 1165 | } else { |
1166 | dentry = __d_lookup(parent, name); | ||
1264 | } | 1167 | } |
1265 | dentry = __d_lookup(parent, name); | 1168 | |
1266 | if (!dentry) | 1169 | retry: |
1267 | goto need_lookup; | 1170 | if (unlikely(!dentry)) { |
1268 | found: | 1171 | struct inode *dir = parent->d_inode; |
1269 | if (dentry->d_flags & DCACHE_OP_REVALIDATE) | 1172 | BUG_ON(nd->inode != dir); |
1270 | goto need_revalidate; | 1173 | |
1271 | done: | 1174 | mutex_lock(&dir->i_mutex); |
1175 | dentry = d_lookup(parent, name); | ||
1176 | if (likely(!dentry)) { | ||
1177 | dentry = d_alloc_and_lookup(parent, name, nd); | ||
1178 | if (IS_ERR(dentry)) { | ||
1179 | mutex_unlock(&dir->i_mutex); | ||
1180 | return PTR_ERR(dentry); | ||
1181 | } | ||
1182 | /* known good */ | ||
1183 | need_reval = 0; | ||
1184 | status = 1; | ||
1185 | } | ||
1186 | mutex_unlock(&dir->i_mutex); | ||
1187 | } | ||
1188 | if (unlikely(dentry->d_flags & DCACHE_OP_REVALIDATE) && need_reval) | ||
1189 | status = d_revalidate(dentry, nd); | ||
1190 | if (unlikely(status <= 0)) { | ||
1191 | if (status < 0) { | ||
1192 | dput(dentry); | ||
1193 | return status; | ||
1194 | } | ||
1195 | if (!d_invalidate(dentry)) { | ||
1196 | dput(dentry); | ||
1197 | dentry = NULL; | ||
1198 | need_reval = 1; | ||
1199 | goto retry; | ||
1200 | } | ||
1201 | } | ||
1202 | |||
1272 | path->mnt = mnt; | 1203 | path->mnt = mnt; |
1273 | path->dentry = dentry; | 1204 | path->dentry = dentry; |
1274 | err = follow_managed(path, nd->flags); | 1205 | err = follow_managed(path, nd->flags); |
@@ -1278,49 +1209,117 @@ done: | |||
1278 | } | 1209 | } |
1279 | *inode = path->dentry->d_inode; | 1210 | *inode = path->dentry->d_inode; |
1280 | return 0; | 1211 | return 0; |
1212 | } | ||
1281 | 1213 | ||
1282 | need_lookup: | 1214 | static inline int may_lookup(struct nameidata *nd) |
1283 | dir = parent->d_inode; | 1215 | { |
1284 | BUG_ON(nd->inode != dir); | 1216 | if (nd->flags & LOOKUP_RCU) { |
1217 | int err = exec_permission(nd->inode, IPERM_FLAG_RCU); | ||
1218 | if (err != -ECHILD) | ||
1219 | return err; | ||
1220 | if (unlazy_walk(nd, NULL)) | ||
1221 | return -ECHILD; | ||
1222 | } | ||
1223 | return exec_permission(nd->inode, 0); | ||
1224 | } | ||
1285 | 1225 | ||
1286 | mutex_lock(&dir->i_mutex); | 1226 | static inline int handle_dots(struct nameidata *nd, int type) |
1287 | /* | 1227 | { |
1288 | * First re-do the cached lookup just in case it was created | 1228 | if (type == LAST_DOTDOT) { |
1289 | * while we waited for the directory semaphore, or the first | 1229 | if (nd->flags & LOOKUP_RCU) { |
1290 | * lookup failed due to an unrelated rename. | 1230 | if (follow_dotdot_rcu(nd)) |
1291 | * | 1231 | return -ECHILD; |
1292 | * This could use version numbering or similar to avoid unnecessary | 1232 | } else |
1293 | * cache lookups, but then we'd have to do the first lookup in the | 1233 | follow_dotdot(nd); |
1294 | * non-racy way. However in the common case here, everything should | ||
1295 | * be hot in cache, so would it be a big win? | ||
1296 | */ | ||
1297 | dentry = d_lookup(parent, name); | ||
1298 | if (likely(!dentry)) { | ||
1299 | dentry = d_alloc_and_lookup(parent, name, nd); | ||
1300 | mutex_unlock(&dir->i_mutex); | ||
1301 | if (IS_ERR(dentry)) | ||
1302 | goto fail; | ||
1303 | goto done; | ||
1304 | } | 1234 | } |
1235 | return 0; | ||
1236 | } | ||
1237 | |||
1238 | static void terminate_walk(struct nameidata *nd) | ||
1239 | { | ||
1240 | if (!(nd->flags & LOOKUP_RCU)) { | ||
1241 | path_put(&nd->path); | ||
1242 | } else { | ||
1243 | nd->flags &= ~LOOKUP_RCU; | ||
1244 | if (!(nd->flags & LOOKUP_ROOT)) | ||
1245 | nd->root.mnt = NULL; | ||
1246 | rcu_read_unlock(); | ||
1247 | br_read_unlock(vfsmount_lock); | ||
1248 | } | ||
1249 | } | ||
1250 | |||
1251 | static inline int walk_component(struct nameidata *nd, struct path *path, | ||
1252 | struct qstr *name, int type, int follow) | ||
1253 | { | ||
1254 | struct inode *inode; | ||
1255 | int err; | ||
1305 | /* | 1256 | /* |
1306 | * Uhhuh! Nasty case: the cache was re-populated while | 1257 | * "." and ".." are special - ".." especially so because it has |
1307 | * we waited on the semaphore. Need to revalidate. | 1258 | * to be able to know about the current root directory and |
1259 | * parent relationships. | ||
1308 | */ | 1260 | */ |
1309 | mutex_unlock(&dir->i_mutex); | 1261 | if (unlikely(type != LAST_NORM)) |
1310 | goto found; | 1262 | return handle_dots(nd, type); |
1263 | err = do_lookup(nd, name, path, &inode); | ||
1264 | if (unlikely(err)) { | ||
1265 | terminate_walk(nd); | ||
1266 | return err; | ||
1267 | } | ||
1268 | if (!inode) { | ||
1269 | path_to_nameidata(path, nd); | ||
1270 | terminate_walk(nd); | ||
1271 | return -ENOENT; | ||
1272 | } | ||
1273 | if (unlikely(inode->i_op->follow_link) && follow) { | ||
1274 | if (nd->flags & LOOKUP_RCU) { | ||
1275 | if (unlikely(unlazy_walk(nd, path->dentry))) { | ||
1276 | terminate_walk(nd); | ||
1277 | return -ECHILD; | ||
1278 | } | ||
1279 | } | ||
1280 | BUG_ON(inode != path->dentry->d_inode); | ||
1281 | return 1; | ||
1282 | } | ||
1283 | path_to_nameidata(path, nd); | ||
1284 | nd->inode = inode; | ||
1285 | return 0; | ||
1286 | } | ||
1311 | 1287 | ||
1312 | need_revalidate: | 1288 | /* |
1313 | dentry = do_revalidate(dentry, nd); | 1289 | * This limits recursive symlink follows to 8, while |
1314 | if (!dentry) | 1290 | * limiting consecutive symlinks to 40. |
1315 | goto need_lookup; | 1291 | * |
1316 | if (IS_ERR(dentry)) | 1292 | * Without that kind of total limit, nasty chains of consecutive |
1317 | goto fail; | 1293 | * symlinks can cause almost arbitrarily long lookups. |
1318 | if (nd->flags & LOOKUP_RCU) | 1294 | */ |
1319 | goto done2; | 1295 | static inline int nested_symlink(struct path *path, struct nameidata *nd) |
1320 | goto done; | 1296 | { |
1297 | int res; | ||
1321 | 1298 | ||
1322 | fail: | 1299 | if (unlikely(current->link_count >= MAX_NESTED_LINKS)) { |
1323 | return PTR_ERR(dentry); | 1300 | path_put_conditional(path, nd); |
1301 | path_put(&nd->path); | ||
1302 | return -ELOOP; | ||
1303 | } | ||
1304 | BUG_ON(nd->depth >= MAX_NESTED_LINKS); | ||
1305 | |||
1306 | nd->depth++; | ||
1307 | current->link_count++; | ||
1308 | |||
1309 | do { | ||
1310 | struct path link = *path; | ||
1311 | void *cookie; | ||
1312 | |||
1313 | res = follow_link(&link, nd, &cookie); | ||
1314 | if (!res) | ||
1315 | res = walk_component(nd, path, &nd->last, | ||
1316 | nd->last_type, LOOKUP_FOLLOW); | ||
1317 | put_link(nd, &link, cookie); | ||
1318 | } while (res > 0); | ||
1319 | |||
1320 | current->link_count--; | ||
1321 | nd->depth--; | ||
1322 | return res; | ||
1324 | } | 1323 | } |
1325 | 1324 | ||
1326 | /* | 1325 | /* |
@@ -1340,30 +1339,18 @@ static int link_path_walk(const char *name, struct nameidata *nd) | |||
1340 | while (*name=='/') | 1339 | while (*name=='/') |
1341 | name++; | 1340 | name++; |
1342 | if (!*name) | 1341 | if (!*name) |
1343 | goto return_reval; | 1342 | return 0; |
1344 | |||
1345 | if (nd->depth) | ||
1346 | lookup_flags = LOOKUP_FOLLOW | (nd->flags & LOOKUP_CONTINUE); | ||
1347 | 1343 | ||
1348 | /* At this point we know we have a real path component. */ | 1344 | /* At this point we know we have a real path component. */ |
1349 | for(;;) { | 1345 | for(;;) { |
1350 | struct inode *inode; | ||
1351 | unsigned long hash; | 1346 | unsigned long hash; |
1352 | struct qstr this; | 1347 | struct qstr this; |
1353 | unsigned int c; | 1348 | unsigned int c; |
1349 | int type; | ||
1354 | 1350 | ||
1355 | nd->flags |= LOOKUP_CONTINUE; | 1351 | nd->flags |= LOOKUP_CONTINUE; |
1356 | if (nd->flags & LOOKUP_RCU) { | 1352 | |
1357 | err = exec_permission(nd->inode, IPERM_FLAG_RCU); | 1353 | err = may_lookup(nd); |
1358 | if (err == -ECHILD) { | ||
1359 | if (nameidata_drop_rcu(nd)) | ||
1360 | return -ECHILD; | ||
1361 | goto exec_again; | ||
1362 | } | ||
1363 | } else { | ||
1364 | exec_again: | ||
1365 | err = exec_permission(nd->inode, 0); | ||
1366 | } | ||
1367 | if (err) | 1354 | if (err) |
1368 | break; | 1355 | break; |
1369 | 1356 | ||
@@ -1379,56 +1366,43 @@ exec_again: | |||
1379 | this.len = name - (const char *) this.name; | 1366 | this.len = name - (const char *) this.name; |
1380 | this.hash = end_name_hash(hash); | 1367 | this.hash = end_name_hash(hash); |
1381 | 1368 | ||
1369 | type = LAST_NORM; | ||
1370 | if (this.name[0] == '.') switch (this.len) { | ||
1371 | case 2: | ||
1372 | if (this.name[1] == '.') { | ||
1373 | type = LAST_DOTDOT; | ||
1374 | nd->flags |= LOOKUP_JUMPED; | ||
1375 | } | ||
1376 | break; | ||
1377 | case 1: | ||
1378 | type = LAST_DOT; | ||
1379 | } | ||
1380 | if (likely(type == LAST_NORM)) { | ||
1381 | struct dentry *parent = nd->path.dentry; | ||
1382 | nd->flags &= ~LOOKUP_JUMPED; | ||
1383 | if (unlikely(parent->d_flags & DCACHE_OP_HASH)) { | ||
1384 | err = parent->d_op->d_hash(parent, nd->inode, | ||
1385 | &this); | ||
1386 | if (err < 0) | ||
1387 | break; | ||
1388 | } | ||
1389 | } | ||
1390 | |||
1382 | /* remove trailing slashes? */ | 1391 | /* remove trailing slashes? */ |
1383 | if (!c) | 1392 | if (!c) |
1384 | goto last_component; | 1393 | goto last_component; |
1385 | while (*++name == '/'); | 1394 | while (*++name == '/'); |
1386 | if (!*name) | 1395 | if (!*name) |
1387 | goto last_with_slashes; | 1396 | goto last_component; |
1388 | 1397 | ||
1389 | /* | 1398 | err = walk_component(nd, &next, &this, type, LOOKUP_FOLLOW); |
1390 | * "." and ".." are special - ".." especially so because it has | 1399 | if (err < 0) |
1391 | * to be able to know about the current root directory and | 1400 | return err; |
1392 | * parent relationships. | ||
1393 | */ | ||
1394 | if (this.name[0] == '.') switch (this.len) { | ||
1395 | default: | ||
1396 | break; | ||
1397 | case 2: | ||
1398 | if (this.name[1] != '.') | ||
1399 | break; | ||
1400 | if (nd->flags & LOOKUP_RCU) { | ||
1401 | if (follow_dotdot_rcu(nd)) | ||
1402 | return -ECHILD; | ||
1403 | } else | ||
1404 | follow_dotdot(nd); | ||
1405 | /* fallthrough */ | ||
1406 | case 1: | ||
1407 | continue; | ||
1408 | } | ||
1409 | /* This does the actual lookups.. */ | ||
1410 | err = do_lookup(nd, &this, &next, &inode); | ||
1411 | if (err) | ||
1412 | break; | ||
1413 | err = -ENOENT; | ||
1414 | if (!inode) | ||
1415 | goto out_dput; | ||
1416 | 1401 | ||
1417 | if (inode->i_op->follow_link) { | 1402 | if (err) { |
1418 | /* We commonly drop rcu-walk here */ | 1403 | err = nested_symlink(&next, nd); |
1419 | if (nameidata_dentry_drop_rcu_maybe(nd, next.dentry)) | ||
1420 | return -ECHILD; | ||
1421 | BUG_ON(inode != next.dentry->d_inode); | ||
1422 | err = do_follow_link(&next, nd); | ||
1423 | if (err) | 1404 | if (err) |
1424 | goto return_err; | 1405 | return err; |
1425 | nd->inode = nd->path.dentry->d_inode; | ||
1426 | err = -ENOENT; | ||
1427 | if (!nd->inode) | ||
1428 | break; | ||
1429 | } else { | ||
1430 | path_to_nameidata(&next, nd); | ||
1431 | nd->inode = inode; | ||
1432 | } | 1406 | } |
1433 | err = -ENOTDIR; | 1407 | err = -ENOTDIR; |
1434 | if (!nd->inode->i_op->lookup) | 1408 | if (!nd->inode->i_op->lookup) |
@@ -1436,209 +1410,109 @@ exec_again: | |||
1436 | continue; | 1410 | continue; |
1437 | /* here ends the main loop */ | 1411 | /* here ends the main loop */ |
1438 | 1412 | ||
1439 | last_with_slashes: | ||
1440 | lookup_flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY; | ||
1441 | last_component: | 1413 | last_component: |
1442 | /* Clear LOOKUP_CONTINUE iff it was previously unset */ | 1414 | /* Clear LOOKUP_CONTINUE iff it was previously unset */ |
1443 | nd->flags &= lookup_flags | ~LOOKUP_CONTINUE; | 1415 | nd->flags &= lookup_flags | ~LOOKUP_CONTINUE; |
1444 | if (lookup_flags & LOOKUP_PARENT) | ||
1445 | goto lookup_parent; | ||
1446 | if (this.name[0] == '.') switch (this.len) { | ||
1447 | default: | ||
1448 | break; | ||
1449 | case 2: | ||
1450 | if (this.name[1] != '.') | ||
1451 | break; | ||
1452 | if (nd->flags & LOOKUP_RCU) { | ||
1453 | if (follow_dotdot_rcu(nd)) | ||
1454 | return -ECHILD; | ||
1455 | } else | ||
1456 | follow_dotdot(nd); | ||
1457 | /* fallthrough */ | ||
1458 | case 1: | ||
1459 | goto return_reval; | ||
1460 | } | ||
1461 | err = do_lookup(nd, &this, &next, &inode); | ||
1462 | if (err) | ||
1463 | break; | ||
1464 | if (inode && unlikely(inode->i_op->follow_link) && | ||
1465 | (lookup_flags & LOOKUP_FOLLOW)) { | ||
1466 | if (nameidata_dentry_drop_rcu_maybe(nd, next.dentry)) | ||
1467 | return -ECHILD; | ||
1468 | BUG_ON(inode != next.dentry->d_inode); | ||
1469 | err = do_follow_link(&next, nd); | ||
1470 | if (err) | ||
1471 | goto return_err; | ||
1472 | nd->inode = nd->path.dentry->d_inode; | ||
1473 | } else { | ||
1474 | path_to_nameidata(&next, nd); | ||
1475 | nd->inode = inode; | ||
1476 | } | ||
1477 | err = -ENOENT; | ||
1478 | if (!nd->inode) | ||
1479 | break; | ||
1480 | if (lookup_flags & LOOKUP_DIRECTORY) { | ||
1481 | err = -ENOTDIR; | ||
1482 | if (!nd->inode->i_op->lookup) | ||
1483 | break; | ||
1484 | } | ||
1485 | goto return_base; | ||
1486 | lookup_parent: | ||
1487 | nd->last = this; | 1416 | nd->last = this; |
1488 | nd->last_type = LAST_NORM; | 1417 | nd->last_type = type; |
1489 | if (this.name[0] != '.') | ||
1490 | goto return_base; | ||
1491 | if (this.len == 1) | ||
1492 | nd->last_type = LAST_DOT; | ||
1493 | else if (this.len == 2 && this.name[1] == '.') | ||
1494 | nd->last_type = LAST_DOTDOT; | ||
1495 | else | ||
1496 | goto return_base; | ||
1497 | return_reval: | ||
1498 | /* | ||
1499 | * We bypassed the ordinary revalidation routines. | ||
1500 | * We may need to check the cached dentry for staleness. | ||
1501 | */ | ||
1502 | if (need_reval_dot(nd->path.dentry)) { | ||
1503 | /* Note: we do not d_invalidate() */ | ||
1504 | err = d_revalidate(nd->path.dentry, nd); | ||
1505 | if (!err) | ||
1506 | err = -ESTALE; | ||
1507 | if (err < 0) | ||
1508 | break; | ||
1509 | } | ||
1510 | return_base: | ||
1511 | if (nameidata_drop_rcu_last_maybe(nd)) | ||
1512 | return -ECHILD; | ||
1513 | return 0; | 1418 | return 0; |
1514 | out_dput: | ||
1515 | if (!(nd->flags & LOOKUP_RCU)) | ||
1516 | path_put_conditional(&next, nd); | ||
1517 | break; | ||
1518 | } | 1419 | } |
1519 | if (!(nd->flags & LOOKUP_RCU)) | 1420 | terminate_walk(nd); |
1520 | path_put(&nd->path); | ||
1521 | return_err: | ||
1522 | return err; | 1421 | return err; |
1523 | } | 1422 | } |
1524 | 1423 | ||
1525 | static inline int path_walk_rcu(const char *name, struct nameidata *nd) | 1424 | static int path_init(int dfd, const char *name, unsigned int flags, |
1526 | { | 1425 | struct nameidata *nd, struct file **fp) |
1527 | current->total_link_count = 0; | ||
1528 | |||
1529 | return link_path_walk(name, nd); | ||
1530 | } | ||
1531 | |||
1532 | static inline int path_walk_simple(const char *name, struct nameidata *nd) | ||
1533 | { | ||
1534 | current->total_link_count = 0; | ||
1535 | |||
1536 | return link_path_walk(name, nd); | ||
1537 | } | ||
1538 | |||
1539 | static int path_walk(const char *name, struct nameidata *nd) | ||
1540 | { | ||
1541 | struct path save = nd->path; | ||
1542 | int result; | ||
1543 | |||
1544 | current->total_link_count = 0; | ||
1545 | |||
1546 | /* make sure the stuff we saved doesn't go away */ | ||
1547 | path_get(&save); | ||
1548 | |||
1549 | result = link_path_walk(name, nd); | ||
1550 | if (result == -ESTALE) { | ||
1551 | /* nd->path had been dropped */ | ||
1552 | current->total_link_count = 0; | ||
1553 | nd->path = save; | ||
1554 | path_get(&nd->path); | ||
1555 | nd->flags |= LOOKUP_REVAL; | ||
1556 | result = link_path_walk(name, nd); | ||
1557 | } | ||
1558 | |||
1559 | path_put(&save); | ||
1560 | |||
1561 | return result; | ||
1562 | } | ||
1563 | |||
1564 | static void path_finish_rcu(struct nameidata *nd) | ||
1565 | { | ||
1566 | if (nd->flags & LOOKUP_RCU) { | ||
1567 | /* RCU dangling. Cancel it. */ | ||
1568 | nd->flags &= ~LOOKUP_RCU; | ||
1569 | nd->root.mnt = NULL; | ||
1570 | rcu_read_unlock(); | ||
1571 | br_read_unlock(vfsmount_lock); | ||
1572 | } | ||
1573 | if (nd->file) | ||
1574 | fput(nd->file); | ||
1575 | } | ||
1576 | |||
1577 | static int path_init_rcu(int dfd, const char *name, unsigned int flags, struct nameidata *nd) | ||
1578 | { | 1426 | { |
1579 | int retval = 0; | 1427 | int retval = 0; |
1580 | int fput_needed; | 1428 | int fput_needed; |
1581 | struct file *file; | 1429 | struct file *file; |
1582 | 1430 | ||
1583 | nd->last_type = LAST_ROOT; /* if there are only slashes... */ | 1431 | nd->last_type = LAST_ROOT; /* if there are only slashes... */ |
1584 | nd->flags = flags | LOOKUP_RCU; | 1432 | nd->flags = flags | LOOKUP_JUMPED; |
1585 | nd->depth = 0; | 1433 | nd->depth = 0; |
1434 | if (flags & LOOKUP_ROOT) { | ||
1435 | struct inode *inode = nd->root.dentry->d_inode; | ||
1436 | if (*name) { | ||
1437 | if (!inode->i_op->lookup) | ||
1438 | return -ENOTDIR; | ||
1439 | retval = inode_permission(inode, MAY_EXEC); | ||
1440 | if (retval) | ||
1441 | return retval; | ||
1442 | } | ||
1443 | nd->path = nd->root; | ||
1444 | nd->inode = inode; | ||
1445 | if (flags & LOOKUP_RCU) { | ||
1446 | br_read_lock(vfsmount_lock); | ||
1447 | rcu_read_lock(); | ||
1448 | nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq); | ||
1449 | } else { | ||
1450 | path_get(&nd->path); | ||
1451 | } | ||
1452 | return 0; | ||
1453 | } | ||
1454 | |||
1586 | nd->root.mnt = NULL; | 1455 | nd->root.mnt = NULL; |
1587 | nd->file = NULL; | ||
1588 | 1456 | ||
1589 | if (*name=='/') { | 1457 | if (*name=='/') { |
1590 | struct fs_struct *fs = current->fs; | 1458 | if (flags & LOOKUP_RCU) { |
1591 | unsigned seq; | 1459 | br_read_lock(vfsmount_lock); |
1592 | 1460 | rcu_read_lock(); | |
1593 | br_read_lock(vfsmount_lock); | 1461 | set_root_rcu(nd); |
1594 | rcu_read_lock(); | 1462 | } else { |
1595 | 1463 | set_root(nd); | |
1596 | do { | 1464 | path_get(&nd->root); |
1597 | seq = read_seqcount_begin(&fs->seq); | 1465 | } |
1598 | nd->root = fs->root; | 1466 | nd->path = nd->root; |
1599 | nd->path = nd->root; | ||
1600 | nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq); | ||
1601 | } while (read_seqcount_retry(&fs->seq, seq)); | ||
1602 | |||
1603 | } else if (dfd == AT_FDCWD) { | 1467 | } else if (dfd == AT_FDCWD) { |
1604 | struct fs_struct *fs = current->fs; | 1468 | if (flags & LOOKUP_RCU) { |
1605 | unsigned seq; | 1469 | struct fs_struct *fs = current->fs; |
1606 | 1470 | unsigned seq; | |
1607 | br_read_lock(vfsmount_lock); | ||
1608 | rcu_read_lock(); | ||
1609 | 1471 | ||
1610 | do { | 1472 | br_read_lock(vfsmount_lock); |
1611 | seq = read_seqcount_begin(&fs->seq); | 1473 | rcu_read_lock(); |
1612 | nd->path = fs->pwd; | ||
1613 | nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq); | ||
1614 | } while (read_seqcount_retry(&fs->seq, seq)); | ||
1615 | 1474 | ||
1475 | do { | ||
1476 | seq = read_seqcount_begin(&fs->seq); | ||
1477 | nd->path = fs->pwd; | ||
1478 | nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq); | ||
1479 | } while (read_seqcount_retry(&fs->seq, seq)); | ||
1480 | } else { | ||
1481 | get_fs_pwd(current->fs, &nd->path); | ||
1482 | } | ||
1616 | } else { | 1483 | } else { |
1617 | struct dentry *dentry; | 1484 | struct dentry *dentry; |
1618 | 1485 | ||
1619 | file = fget_light(dfd, &fput_needed); | 1486 | file = fget_raw_light(dfd, &fput_needed); |
1620 | retval = -EBADF; | 1487 | retval = -EBADF; |
1621 | if (!file) | 1488 | if (!file) |
1622 | goto out_fail; | 1489 | goto out_fail; |
1623 | 1490 | ||
1624 | dentry = file->f_path.dentry; | 1491 | dentry = file->f_path.dentry; |
1625 | 1492 | ||
1626 | retval = -ENOTDIR; | 1493 | if (*name) { |
1627 | if (!S_ISDIR(dentry->d_inode->i_mode)) | 1494 | retval = -ENOTDIR; |
1628 | goto fput_fail; | 1495 | if (!S_ISDIR(dentry->d_inode->i_mode)) |
1496 | goto fput_fail; | ||
1629 | 1497 | ||
1630 | retval = file_permission(file, MAY_EXEC); | 1498 | retval = file_permission(file, MAY_EXEC); |
1631 | if (retval) | 1499 | if (retval) |
1632 | goto fput_fail; | 1500 | goto fput_fail; |
1501 | } | ||
1633 | 1502 | ||
1634 | nd->path = file->f_path; | 1503 | nd->path = file->f_path; |
1635 | if (fput_needed) | 1504 | if (flags & LOOKUP_RCU) { |
1636 | nd->file = file; | 1505 | if (fput_needed) |
1637 | 1506 | *fp = file; | |
1638 | nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq); | 1507 | nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq); |
1639 | br_read_lock(vfsmount_lock); | 1508 | br_read_lock(vfsmount_lock); |
1640 | rcu_read_lock(); | 1509 | rcu_read_lock(); |
1510 | } else { | ||
1511 | path_get(&file->f_path); | ||
1512 | fput_light(file, fput_needed); | ||
1513 | } | ||
1641 | } | 1514 | } |
1515 | |||
1642 | nd->inode = nd->path.dentry->d_inode; | 1516 | nd->inode = nd->path.dentry->d_inode; |
1643 | return 0; | 1517 | return 0; |
1644 | 1518 | ||
@@ -1648,60 +1522,23 @@ out_fail: | |||
1648 | return retval; | 1522 | return retval; |
1649 | } | 1523 | } |
1650 | 1524 | ||
1651 | static int path_init(int dfd, const char *name, unsigned int flags, struct nameidata *nd) | 1525 | static inline int lookup_last(struct nameidata *nd, struct path *path) |
1652 | { | 1526 | { |
1653 | int retval = 0; | 1527 | if (nd->last_type == LAST_NORM && nd->last.name[nd->last.len]) |
1654 | int fput_needed; | 1528 | nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY; |
1655 | struct file *file; | ||
1656 | |||
1657 | nd->last_type = LAST_ROOT; /* if there are only slashes... */ | ||
1658 | nd->flags = flags; | ||
1659 | nd->depth = 0; | ||
1660 | nd->root.mnt = NULL; | ||
1661 | |||
1662 | if (*name=='/') { | ||
1663 | set_root(nd); | ||
1664 | nd->path = nd->root; | ||
1665 | path_get(&nd->root); | ||
1666 | } else if (dfd == AT_FDCWD) { | ||
1667 | get_fs_pwd(current->fs, &nd->path); | ||
1668 | } else { | ||
1669 | struct dentry *dentry; | ||
1670 | |||
1671 | file = fget_light(dfd, &fput_needed); | ||
1672 | retval = -EBADF; | ||
1673 | if (!file) | ||
1674 | goto out_fail; | ||
1675 | |||
1676 | dentry = file->f_path.dentry; | ||
1677 | |||
1678 | retval = -ENOTDIR; | ||
1679 | if (!S_ISDIR(dentry->d_inode->i_mode)) | ||
1680 | goto fput_fail; | ||
1681 | |||
1682 | retval = file_permission(file, MAY_EXEC); | ||
1683 | if (retval) | ||
1684 | goto fput_fail; | ||
1685 | |||
1686 | nd->path = file->f_path; | ||
1687 | path_get(&file->f_path); | ||
1688 | |||
1689 | fput_light(file, fput_needed); | ||
1690 | } | ||
1691 | nd->inode = nd->path.dentry->d_inode; | ||
1692 | return 0; | ||
1693 | 1529 | ||
1694 | fput_fail: | 1530 | nd->flags &= ~LOOKUP_PARENT; |
1695 | fput_light(file, fput_needed); | 1531 | return walk_component(nd, path, &nd->last, nd->last_type, |
1696 | out_fail: | 1532 | nd->flags & LOOKUP_FOLLOW); |
1697 | return retval; | ||
1698 | } | 1533 | } |
1699 | 1534 | ||
1700 | /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */ | 1535 | /* Returns 0 and nd will be valid on success; Retuns error, otherwise. */ |
1701 | static int do_path_lookup(int dfd, const char *name, | 1536 | static int path_lookupat(int dfd, const char *name, |
1702 | unsigned int flags, struct nameidata *nd) | 1537 | unsigned int flags, struct nameidata *nd) |
1703 | { | 1538 | { |
1704 | int retval; | 1539 | struct file *base = NULL; |
1540 | struct path path; | ||
1541 | int err; | ||
1705 | 1542 | ||
1706 | /* | 1543 | /* |
1707 | * Path walking is largely split up into 2 different synchronisation | 1544 | * Path walking is largely split up into 2 different synchronisation |
@@ -1717,44 +1554,68 @@ static int do_path_lookup(int dfd, const char *name, | |||
1717 | * be handled by restarting a traditional ref-walk (which will always | 1554 | * be handled by restarting a traditional ref-walk (which will always |
1718 | * be able to complete). | 1555 | * be able to complete). |
1719 | */ | 1556 | */ |
1720 | retval = path_init_rcu(dfd, name, flags, nd); | 1557 | err = path_init(dfd, name, flags | LOOKUP_PARENT, nd, &base); |
1721 | if (unlikely(retval)) | 1558 | |
1722 | return retval; | 1559 | if (unlikely(err)) |
1723 | retval = path_walk_rcu(name, nd); | 1560 | return err; |
1724 | path_finish_rcu(nd); | 1561 | |
1725 | if (nd->root.mnt) { | 1562 | current->total_link_count = 0; |
1726 | path_put(&nd->root); | 1563 | err = link_path_walk(name, nd); |
1727 | nd->root.mnt = NULL; | 1564 | |
1565 | if (!err && !(flags & LOOKUP_PARENT)) { | ||
1566 | err = lookup_last(nd, &path); | ||
1567 | while (err > 0) { | ||
1568 | void *cookie; | ||
1569 | struct path link = path; | ||
1570 | nd->flags |= LOOKUP_PARENT; | ||
1571 | err = follow_link(&link, nd, &cookie); | ||
1572 | if (!err) | ||
1573 | err = lookup_last(nd, &path); | ||
1574 | put_link(nd, &link, cookie); | ||
1575 | } | ||
1728 | } | 1576 | } |
1729 | 1577 | ||
1730 | if (unlikely(retval == -ECHILD || retval == -ESTALE)) { | 1578 | if (!err) |
1731 | /* slower, locked walk */ | 1579 | err = complete_walk(nd); |
1732 | if (retval == -ESTALE) | 1580 | |
1733 | flags |= LOOKUP_REVAL; | 1581 | if (!err && nd->flags & LOOKUP_DIRECTORY) { |
1734 | retval = path_init(dfd, name, flags, nd); | 1582 | if (!nd->inode->i_op->lookup) { |
1735 | if (unlikely(retval)) | 1583 | path_put(&nd->path); |
1736 | return retval; | 1584 | err = -ENOTDIR; |
1737 | retval = path_walk(name, nd); | ||
1738 | if (nd->root.mnt) { | ||
1739 | path_put(&nd->root); | ||
1740 | nd->root.mnt = NULL; | ||
1741 | } | 1585 | } |
1742 | } | 1586 | } |
1743 | 1587 | ||
1588 | if (base) | ||
1589 | fput(base); | ||
1590 | |||
1591 | if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) { | ||
1592 | path_put(&nd->root); | ||
1593 | nd->root.mnt = NULL; | ||
1594 | } | ||
1595 | return err; | ||
1596 | } | ||
1597 | |||
1598 | static int do_path_lookup(int dfd, const char *name, | ||
1599 | unsigned int flags, struct nameidata *nd) | ||
1600 | { | ||
1601 | int retval = path_lookupat(dfd, name, flags | LOOKUP_RCU, nd); | ||
1602 | if (unlikely(retval == -ECHILD)) | ||
1603 | retval = path_lookupat(dfd, name, flags, nd); | ||
1604 | if (unlikely(retval == -ESTALE)) | ||
1605 | retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd); | ||
1606 | |||
1744 | if (likely(!retval)) { | 1607 | if (likely(!retval)) { |
1745 | if (unlikely(!audit_dummy_context())) { | 1608 | if (unlikely(!audit_dummy_context())) { |
1746 | if (nd->path.dentry && nd->inode) | 1609 | if (nd->path.dentry && nd->inode) |
1747 | audit_inode(name, nd->path.dentry); | 1610 | audit_inode(name, nd->path.dentry); |
1748 | } | 1611 | } |
1749 | } | 1612 | } |
1750 | |||
1751 | return retval; | 1613 | return retval; |
1752 | } | 1614 | } |
1753 | 1615 | ||
1754 | int path_lookup(const char *name, unsigned int flags, | 1616 | int kern_path_parent(const char *name, struct nameidata *nd) |
1755 | struct nameidata *nd) | ||
1756 | { | 1617 | { |
1757 | return do_path_lookup(AT_FDCWD, name, flags, nd); | 1618 | return do_path_lookup(AT_FDCWD, name, LOOKUP_PARENT, nd); |
1758 | } | 1619 | } |
1759 | 1620 | ||
1760 | int kern_path(const char *name, unsigned int flags, struct path *path) | 1621 | int kern_path(const char *name, unsigned int flags, struct path *path) |
@@ -1778,29 +1639,10 @@ int vfs_path_lookup(struct dentry *dentry, struct vfsmount *mnt, | |||
1778 | const char *name, unsigned int flags, | 1639 | const char *name, unsigned int flags, |
1779 | struct nameidata *nd) | 1640 | struct nameidata *nd) |
1780 | { | 1641 | { |
1781 | int retval; | 1642 | nd->root.dentry = dentry; |
1782 | 1643 | nd->root.mnt = mnt; | |
1783 | /* same as do_path_lookup */ | 1644 | /* the first argument of do_path_lookup() is ignored with LOOKUP_ROOT */ |
1784 | nd->last_type = LAST_ROOT; | 1645 | return do_path_lookup(AT_FDCWD, name, flags | LOOKUP_ROOT, nd); |
1785 | nd->flags = flags; | ||
1786 | nd->depth = 0; | ||
1787 | |||
1788 | nd->path.dentry = dentry; | ||
1789 | nd->path.mnt = mnt; | ||
1790 | path_get(&nd->path); | ||
1791 | nd->root = nd->path; | ||
1792 | path_get(&nd->root); | ||
1793 | nd->inode = nd->path.dentry->d_inode; | ||
1794 | |||
1795 | retval = path_walk(name, nd); | ||
1796 | if (unlikely(!retval && !audit_dummy_context() && nd->path.dentry && | ||
1797 | nd->inode)) | ||
1798 | audit_inode(name, nd->path.dentry); | ||
1799 | |||
1800 | path_put(&nd->root); | ||
1801 | nd->root.mnt = NULL; | ||
1802 | |||
1803 | return retval; | ||
1804 | } | 1646 | } |
1805 | 1647 | ||
1806 | static struct dentry *__lookup_hash(struct qstr *name, | 1648 | static struct dentry *__lookup_hash(struct qstr *name, |
@@ -1815,17 +1657,6 @@ static struct dentry *__lookup_hash(struct qstr *name, | |||
1815 | return ERR_PTR(err); | 1657 | return ERR_PTR(err); |
1816 | 1658 | ||
1817 | /* | 1659 | /* |
1818 | * See if the low-level filesystem might want | ||
1819 | * to use its own hash.. | ||
1820 | */ | ||
1821 | if (base->d_flags & DCACHE_OP_HASH) { | ||
1822 | err = base->d_op->d_hash(base, inode, name); | ||
1823 | dentry = ERR_PTR(err); | ||
1824 | if (err < 0) | ||
1825 | goto out; | ||
1826 | } | ||
1827 | |||
1828 | /* | ||
1829 | * Don't bother with __d_lookup: callers are for creat as | 1660 | * Don't bother with __d_lookup: callers are for creat as |
1830 | * well as unlink, so a lot of the time it would cost | 1661 | * well as unlink, so a lot of the time it would cost |
1831 | * a double lookup. | 1662 | * a double lookup. |
@@ -1837,7 +1668,7 @@ static struct dentry *__lookup_hash(struct qstr *name, | |||
1837 | 1668 | ||
1838 | if (!dentry) | 1669 | if (!dentry) |
1839 | dentry = d_alloc_and_lookup(base, name, nd); | 1670 | dentry = d_alloc_and_lookup(base, name, nd); |
1840 | out: | 1671 | |
1841 | return dentry; | 1672 | return dentry; |
1842 | } | 1673 | } |
1843 | 1674 | ||
@@ -1851,28 +1682,6 @@ static struct dentry *lookup_hash(struct nameidata *nd) | |||
1851 | return __lookup_hash(&nd->last, nd->path.dentry, nd); | 1682 | return __lookup_hash(&nd->last, nd->path.dentry, nd); |
1852 | } | 1683 | } |
1853 | 1684 | ||
1854 | static int __lookup_one_len(const char *name, struct qstr *this, | ||
1855 | struct dentry *base, int len) | ||
1856 | { | ||
1857 | unsigned long hash; | ||
1858 | unsigned int c; | ||
1859 | |||
1860 | this->name = name; | ||
1861 | this->len = len; | ||
1862 | if (!len) | ||
1863 | return -EACCES; | ||
1864 | |||
1865 | hash = init_name_hash(); | ||
1866 | while (len--) { | ||
1867 | c = *(const unsigned char *)name++; | ||
1868 | if (c == '/' || c == '\0') | ||
1869 | return -EACCES; | ||
1870 | hash = partial_name_hash(c, hash); | ||
1871 | } | ||
1872 | this->hash = end_name_hash(hash); | ||
1873 | return 0; | ||
1874 | } | ||
1875 | |||
1876 | /** | 1685 | /** |
1877 | * lookup_one_len - filesystem helper to lookup single pathname component | 1686 | * lookup_one_len - filesystem helper to lookup single pathname component |
1878 | * @name: pathname component to lookup | 1687 | * @name: pathname component to lookup |
@@ -1886,14 +1695,34 @@ static int __lookup_one_len(const char *name, struct qstr *this, | |||
1886 | */ | 1695 | */ |
1887 | struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) | 1696 | struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) |
1888 | { | 1697 | { |
1889 | int err; | ||
1890 | struct qstr this; | 1698 | struct qstr this; |
1699 | unsigned long hash; | ||
1700 | unsigned int c; | ||
1891 | 1701 | ||
1892 | WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex)); | 1702 | WARN_ON_ONCE(!mutex_is_locked(&base->d_inode->i_mutex)); |
1893 | 1703 | ||
1894 | err = __lookup_one_len(name, &this, base, len); | 1704 | this.name = name; |
1895 | if (err) | 1705 | this.len = len; |
1896 | return ERR_PTR(err); | 1706 | if (!len) |
1707 | return ERR_PTR(-EACCES); | ||
1708 | |||
1709 | hash = init_name_hash(); | ||
1710 | while (len--) { | ||
1711 | c = *(const unsigned char *)name++; | ||
1712 | if (c == '/' || c == '\0') | ||
1713 | return ERR_PTR(-EACCES); | ||
1714 | hash = partial_name_hash(c, hash); | ||
1715 | } | ||
1716 | this.hash = end_name_hash(hash); | ||
1717 | /* | ||
1718 | * See if the low-level filesystem might want | ||
1719 | * to use its own hash.. | ||
1720 | */ | ||
1721 | if (base->d_flags & DCACHE_OP_HASH) { | ||
1722 | int err = base->d_op->d_hash(base, base->d_inode, &this); | ||
1723 | if (err < 0) | ||
1724 | return ERR_PTR(err); | ||
1725 | } | ||
1897 | 1726 | ||
1898 | return __lookup_hash(&this, base, NULL); | 1727 | return __lookup_hash(&this, base, NULL); |
1899 | } | 1728 | } |
@@ -1902,7 +1731,7 @@ int user_path_at(int dfd, const char __user *name, unsigned flags, | |||
1902 | struct path *path) | 1731 | struct path *path) |
1903 | { | 1732 | { |
1904 | struct nameidata nd; | 1733 | struct nameidata nd; |
1905 | char *tmp = getname(name); | 1734 | char *tmp = getname_flags(name, flags); |
1906 | int err = PTR_ERR(tmp); | 1735 | int err = PTR_ERR(tmp); |
1907 | if (!IS_ERR(tmp)) { | 1736 | if (!IS_ERR(tmp)) { |
1908 | 1737 | ||
@@ -1944,11 +1773,15 @@ static inline int check_sticky(struct inode *dir, struct inode *inode) | |||
1944 | 1773 | ||
1945 | if (!(dir->i_mode & S_ISVTX)) | 1774 | if (!(dir->i_mode & S_ISVTX)) |
1946 | return 0; | 1775 | return 0; |
1776 | if (current_user_ns() != inode_userns(inode)) | ||
1777 | goto other_userns; | ||
1947 | if (inode->i_uid == fsuid) | 1778 | if (inode->i_uid == fsuid) |
1948 | return 0; | 1779 | return 0; |
1949 | if (dir->i_uid == fsuid) | 1780 | if (dir->i_uid == fsuid) |
1950 | return 0; | 1781 | return 0; |
1951 | return !capable(CAP_FOWNER); | 1782 | |
1783 | other_userns: | ||
1784 | return !ns_capable(inode_userns(inode), CAP_FOWNER); | ||
1952 | } | 1785 | } |
1953 | 1786 | ||
1954 | /* | 1787 | /* |
@@ -2082,12 +1915,16 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode, | |||
2082 | return error; | 1915 | return error; |
2083 | } | 1916 | } |
2084 | 1917 | ||
2085 | int may_open(struct path *path, int acc_mode, int flag) | 1918 | static int may_open(struct path *path, int acc_mode, int flag) |
2086 | { | 1919 | { |
2087 | struct dentry *dentry = path->dentry; | 1920 | struct dentry *dentry = path->dentry; |
2088 | struct inode *inode = dentry->d_inode; | 1921 | struct inode *inode = dentry->d_inode; |
2089 | int error; | 1922 | int error; |
2090 | 1923 | ||
1924 | /* O_PATH? */ | ||
1925 | if (!acc_mode) | ||
1926 | return 0; | ||
1927 | |||
2091 | if (!inode) | 1928 | if (!inode) |
2092 | return -ENOENT; | 1929 | return -ENOENT; |
2093 | 1930 | ||
@@ -2124,7 +1961,7 @@ int may_open(struct path *path, int acc_mode, int flag) | |||
2124 | } | 1961 | } |
2125 | 1962 | ||
2126 | /* O_NOATIME can only be set by the owner or superuser */ | 1963 | /* O_NOATIME can only be set by the owner or superuser */ |
2127 | if (flag & O_NOATIME && !is_owner_or_cap(inode)) | 1964 | if (flag & O_NOATIME && !inode_owner_or_capable(inode)) |
2128 | return -EPERM; | 1965 | return -EPERM; |
2129 | 1966 | ||
2130 | /* | 1967 | /* |
@@ -2156,34 +1993,6 @@ static int handle_truncate(struct file *filp) | |||
2156 | } | 1993 | } |
2157 | 1994 | ||
2158 | /* | 1995 | /* |
2159 | * Be careful about ever adding any more callers of this | ||
2160 | * function. Its flags must be in the namei format, not | ||
2161 | * what get passed to sys_open(). | ||
2162 | */ | ||
2163 | static int __open_namei_create(struct nameidata *nd, struct path *path, | ||
2164 | int open_flag, int mode) | ||
2165 | { | ||
2166 | int error; | ||
2167 | struct dentry *dir = nd->path.dentry; | ||
2168 | |||
2169 | if (!IS_POSIXACL(dir->d_inode)) | ||
2170 | mode &= ~current_umask(); | ||
2171 | error = security_path_mknod(&nd->path, path->dentry, mode, 0); | ||
2172 | if (error) | ||
2173 | goto out_unlock; | ||
2174 | error = vfs_create(dir->d_inode, path->dentry, mode, nd); | ||
2175 | out_unlock: | ||
2176 | mutex_unlock(&dir->d_inode->i_mutex); | ||
2177 | dput(nd->path.dentry); | ||
2178 | nd->path.dentry = path->dentry; | ||
2179 | |||
2180 | if (error) | ||
2181 | return error; | ||
2182 | /* Don't check for write permission, don't truncate */ | ||
2183 | return may_open(&nd->path, 0, open_flag & ~O_TRUNC); | ||
2184 | } | ||
2185 | |||
2186 | /* | ||
2187 | * Note that while the flag value (low two bits) for sys_open means: | 1996 | * Note that while the flag value (low two bits) for sys_open means: |
2188 | * 00 - read-only | 1997 | * 00 - read-only |
2189 | * 01 - write-only | 1998 | * 01 - write-only |
@@ -2207,128 +2016,107 @@ static inline int open_to_namei_flags(int flag) | |||
2207 | return flag; | 2016 | return flag; |
2208 | } | 2017 | } |
2209 | 2018 | ||
2210 | static int open_will_truncate(int flag, struct inode *inode) | ||
2211 | { | ||
2212 | /* | ||
2213 | * We'll never write to the fs underlying | ||
2214 | * a device file. | ||
2215 | */ | ||
2216 | if (special_file(inode->i_mode)) | ||
2217 | return 0; | ||
2218 | return (flag & O_TRUNC); | ||
2219 | } | ||
2220 | |||
2221 | static struct file *finish_open(struct nameidata *nd, | ||
2222 | int open_flag, int acc_mode) | ||
2223 | { | ||
2224 | struct file *filp; | ||
2225 | int will_truncate; | ||
2226 | int error; | ||
2227 | |||
2228 | will_truncate = open_will_truncate(open_flag, nd->path.dentry->d_inode); | ||
2229 | if (will_truncate) { | ||
2230 | error = mnt_want_write(nd->path.mnt); | ||
2231 | if (error) | ||
2232 | goto exit; | ||
2233 | } | ||
2234 | error = may_open(&nd->path, acc_mode, open_flag); | ||
2235 | if (error) { | ||
2236 | if (will_truncate) | ||
2237 | mnt_drop_write(nd->path.mnt); | ||
2238 | goto exit; | ||
2239 | } | ||
2240 | filp = nameidata_to_filp(nd); | ||
2241 | if (!IS_ERR(filp)) { | ||
2242 | error = ima_file_check(filp, acc_mode); | ||
2243 | if (error) { | ||
2244 | fput(filp); | ||
2245 | filp = ERR_PTR(error); | ||
2246 | } | ||
2247 | } | ||
2248 | if (!IS_ERR(filp)) { | ||
2249 | if (will_truncate) { | ||
2250 | error = handle_truncate(filp); | ||
2251 | if (error) { | ||
2252 | fput(filp); | ||
2253 | filp = ERR_PTR(error); | ||
2254 | } | ||
2255 | } | ||
2256 | } | ||
2257 | /* | ||
2258 | * It is now safe to drop the mnt write | ||
2259 | * because the filp has had a write taken | ||
2260 | * on its behalf. | ||
2261 | */ | ||
2262 | if (will_truncate) | ||
2263 | mnt_drop_write(nd->path.mnt); | ||
2264 | path_put(&nd->path); | ||
2265 | return filp; | ||
2266 | |||
2267 | exit: | ||
2268 | if (!IS_ERR(nd->intent.open.file)) | ||
2269 | release_open_intent(nd); | ||
2270 | path_put(&nd->path); | ||
2271 | return ERR_PTR(error); | ||
2272 | } | ||
2273 | |||
2274 | /* | 2019 | /* |
2275 | * Handle O_CREAT case for do_filp_open | 2020 | * Handle the last step of open() |
2276 | */ | 2021 | */ |
2277 | static struct file *do_last(struct nameidata *nd, struct path *path, | 2022 | static struct file *do_last(struct nameidata *nd, struct path *path, |
2278 | int open_flag, int acc_mode, | 2023 | const struct open_flags *op, const char *pathname) |
2279 | int mode, const char *pathname) | ||
2280 | { | 2024 | { |
2281 | struct dentry *dir = nd->path.dentry; | 2025 | struct dentry *dir = nd->path.dentry; |
2026 | struct dentry *dentry; | ||
2027 | int open_flag = op->open_flag; | ||
2028 | int will_truncate = open_flag & O_TRUNC; | ||
2029 | int want_write = 0; | ||
2030 | int acc_mode = op->acc_mode; | ||
2282 | struct file *filp; | 2031 | struct file *filp; |
2283 | int error = -EISDIR; | 2032 | int error; |
2033 | |||
2034 | nd->flags &= ~LOOKUP_PARENT; | ||
2035 | nd->flags |= op->intent; | ||
2284 | 2036 | ||
2285 | switch (nd->last_type) { | 2037 | switch (nd->last_type) { |
2286 | case LAST_DOTDOT: | 2038 | case LAST_DOTDOT: |
2287 | follow_dotdot(nd); | ||
2288 | dir = nd->path.dentry; | ||
2289 | case LAST_DOT: | 2039 | case LAST_DOT: |
2290 | if (need_reval_dot(dir)) { | 2040 | error = handle_dots(nd, nd->last_type); |
2291 | int status = d_revalidate(nd->path.dentry, nd); | 2041 | if (error) |
2292 | if (!status) | 2042 | return ERR_PTR(error); |
2293 | status = -ESTALE; | ||
2294 | if (status < 0) { | ||
2295 | error = status; | ||
2296 | goto exit; | ||
2297 | } | ||
2298 | } | ||
2299 | /* fallthrough */ | 2043 | /* fallthrough */ |
2300 | case LAST_ROOT: | 2044 | case LAST_ROOT: |
2301 | goto exit; | 2045 | error = complete_walk(nd); |
2046 | if (error) | ||
2047 | return ERR_PTR(error); | ||
2048 | audit_inode(pathname, nd->path.dentry); | ||
2049 | if (open_flag & O_CREAT) { | ||
2050 | error = -EISDIR; | ||
2051 | goto exit; | ||
2052 | } | ||
2053 | goto ok; | ||
2302 | case LAST_BIND: | 2054 | case LAST_BIND: |
2055 | error = complete_walk(nd); | ||
2056 | if (error) | ||
2057 | return ERR_PTR(error); | ||
2303 | audit_inode(pathname, dir); | 2058 | audit_inode(pathname, dir); |
2304 | goto ok; | 2059 | goto ok; |
2305 | } | 2060 | } |
2306 | 2061 | ||
2062 | if (!(open_flag & O_CREAT)) { | ||
2063 | int symlink_ok = 0; | ||
2064 | if (nd->last.name[nd->last.len]) | ||
2065 | nd->flags |= LOOKUP_FOLLOW | LOOKUP_DIRECTORY; | ||
2066 | if (open_flag & O_PATH && !(nd->flags & LOOKUP_FOLLOW)) | ||
2067 | symlink_ok = 1; | ||
2068 | /* we _can_ be in RCU mode here */ | ||
2069 | error = walk_component(nd, path, &nd->last, LAST_NORM, | ||
2070 | !symlink_ok); | ||
2071 | if (error < 0) | ||
2072 | return ERR_PTR(error); | ||
2073 | if (error) /* symlink */ | ||
2074 | return NULL; | ||
2075 | /* sayonara */ | ||
2076 | error = complete_walk(nd); | ||
2077 | if (error) | ||
2078 | return ERR_PTR(-ECHILD); | ||
2079 | |||
2080 | error = -ENOTDIR; | ||
2081 | if (nd->flags & LOOKUP_DIRECTORY) { | ||
2082 | if (!nd->inode->i_op->lookup) | ||
2083 | goto exit; | ||
2084 | } | ||
2085 | audit_inode(pathname, nd->path.dentry); | ||
2086 | goto ok; | ||
2087 | } | ||
2088 | |||
2089 | /* create side of things */ | ||
2090 | error = complete_walk(nd); | ||
2091 | if (error) | ||
2092 | return ERR_PTR(error); | ||
2093 | |||
2094 | audit_inode(pathname, dir); | ||
2095 | error = -EISDIR; | ||
2307 | /* trailing slashes? */ | 2096 | /* trailing slashes? */ |
2308 | if (nd->last.name[nd->last.len]) | 2097 | if (nd->last.name[nd->last.len]) |
2309 | goto exit; | 2098 | goto exit; |
2310 | 2099 | ||
2311 | mutex_lock(&dir->d_inode->i_mutex); | 2100 | mutex_lock(&dir->d_inode->i_mutex); |
2312 | 2101 | ||
2313 | path->dentry = lookup_hash(nd); | 2102 | dentry = lookup_hash(nd); |
2314 | path->mnt = nd->path.mnt; | 2103 | error = PTR_ERR(dentry); |
2315 | 2104 | if (IS_ERR(dentry)) { | |
2316 | error = PTR_ERR(path->dentry); | ||
2317 | if (IS_ERR(path->dentry)) { | ||
2318 | mutex_unlock(&dir->d_inode->i_mutex); | 2105 | mutex_unlock(&dir->d_inode->i_mutex); |
2319 | goto exit; | 2106 | goto exit; |
2320 | } | 2107 | } |
2321 | 2108 | ||
2322 | if (IS_ERR(nd->intent.open.file)) { | 2109 | path->dentry = dentry; |
2323 | error = PTR_ERR(nd->intent.open.file); | 2110 | path->mnt = nd->path.mnt; |
2324 | goto exit_mutex_unlock; | ||
2325 | } | ||
2326 | 2111 | ||
2327 | /* Negative dentry, just create the file */ | 2112 | /* Negative dentry, just create the file */ |
2328 | if (!path->dentry->d_inode) { | 2113 | if (!dentry->d_inode) { |
2114 | int mode = op->mode; | ||
2115 | if (!IS_POSIXACL(dir->d_inode)) | ||
2116 | mode &= ~current_umask(); | ||
2329 | /* | 2117 | /* |
2330 | * This write is needed to ensure that a | 2118 | * This write is needed to ensure that a |
2331 | * ro->rw transition does not occur between | 2119 | * rw->ro transition does not occur between |
2332 | * the time when the file is created and when | 2120 | * the time when the file is created and when |
2333 | * a permanent write count is taken through | 2121 | * a permanent write count is taken through |
2334 | * the 'struct file' in nameidata_to_filp(). | 2122 | * the 'struct file' in nameidata_to_filp(). |
@@ -2336,22 +2124,21 @@ static struct file *do_last(struct nameidata *nd, struct path *path, | |||
2336 | error = mnt_want_write(nd->path.mnt); | 2124 | error = mnt_want_write(nd->path.mnt); |
2337 | if (error) | 2125 | if (error) |
2338 | goto exit_mutex_unlock; | 2126 | goto exit_mutex_unlock; |
2339 | error = __open_namei_create(nd, path, open_flag, mode); | 2127 | want_write = 1; |
2340 | if (error) { | 2128 | /* Don't check for write permission, don't truncate */ |
2341 | mnt_drop_write(nd->path.mnt); | 2129 | open_flag &= ~O_TRUNC; |
2342 | goto exit; | 2130 | will_truncate = 0; |
2343 | } | 2131 | acc_mode = MAY_OPEN; |
2344 | filp = nameidata_to_filp(nd); | 2132 | error = security_path_mknod(&nd->path, dentry, mode, 0); |
2345 | mnt_drop_write(nd->path.mnt); | 2133 | if (error) |
2346 | path_put(&nd->path); | 2134 | goto exit_mutex_unlock; |
2347 | if (!IS_ERR(filp)) { | 2135 | error = vfs_create(dir->d_inode, dentry, mode, nd); |
2348 | error = ima_file_check(filp, acc_mode); | 2136 | if (error) |
2349 | if (error) { | 2137 | goto exit_mutex_unlock; |
2350 | fput(filp); | 2138 | mutex_unlock(&dir->d_inode->i_mutex); |
2351 | filp = ERR_PTR(error); | 2139 | dput(nd->path.dentry); |
2352 | } | 2140 | nd->path.dentry = dentry; |
2353 | } | 2141 | goto common; |
2354 | return filp; | ||
2355 | } | 2142 | } |
2356 | 2143 | ||
2357 | /* | 2144 | /* |
@@ -2381,7 +2168,40 @@ static struct file *do_last(struct nameidata *nd, struct path *path, | |||
2381 | if (S_ISDIR(nd->inode->i_mode)) | 2168 | if (S_ISDIR(nd->inode->i_mode)) |
2382 | goto exit; | 2169 | goto exit; |
2383 | ok: | 2170 | ok: |
2384 | filp = finish_open(nd, open_flag, acc_mode); | 2171 | if (!S_ISREG(nd->inode->i_mode)) |
2172 | will_truncate = 0; | ||
2173 | |||
2174 | if (will_truncate) { | ||
2175 | error = mnt_want_write(nd->path.mnt); | ||
2176 | if (error) | ||
2177 | goto exit; | ||
2178 | want_write = 1; | ||
2179 | } | ||
2180 | common: | ||
2181 | error = may_open(&nd->path, acc_mode, open_flag); | ||
2182 | if (error) | ||
2183 | goto exit; | ||
2184 | filp = nameidata_to_filp(nd); | ||
2185 | if (!IS_ERR(filp)) { | ||
2186 | error = ima_file_check(filp, op->acc_mode); | ||
2187 | if (error) { | ||
2188 | fput(filp); | ||
2189 | filp = ERR_PTR(error); | ||
2190 | } | ||
2191 | } | ||
2192 | if (!IS_ERR(filp)) { | ||
2193 | if (will_truncate) { | ||
2194 | error = handle_truncate(filp); | ||
2195 | if (error) { | ||
2196 | fput(filp); | ||
2197 | filp = ERR_PTR(error); | ||
2198 | } | ||
2199 | } | ||
2200 | } | ||
2201 | out: | ||
2202 | if (want_write) | ||
2203 | mnt_drop_write(nd->path.mnt); | ||
2204 | path_put(&nd->path); | ||
2385 | return filp; | 2205 | return filp; |
2386 | 2206 | ||
2387 | exit_mutex_unlock: | 2207 | exit_mutex_unlock: |
@@ -2389,199 +2209,103 @@ exit_mutex_unlock: | |||
2389 | exit_dput: | 2209 | exit_dput: |
2390 | path_put_conditional(path, nd); | 2210 | path_put_conditional(path, nd); |
2391 | exit: | 2211 | exit: |
2392 | if (!IS_ERR(nd->intent.open.file)) | 2212 | filp = ERR_PTR(error); |
2393 | release_open_intent(nd); | 2213 | goto out; |
2394 | path_put(&nd->path); | ||
2395 | return ERR_PTR(error); | ||
2396 | } | 2214 | } |
2397 | 2215 | ||
2398 | /* | 2216 | static struct file *path_openat(int dfd, const char *pathname, |
2399 | * Note that the low bits of the passed in "open_flag" | 2217 | struct nameidata *nd, const struct open_flags *op, int flags) |
2400 | * are not the same as in the local variable "flag". See | ||
2401 | * open_to_namei_flags() for more details. | ||
2402 | */ | ||
2403 | struct file *do_filp_open(int dfd, const char *pathname, | ||
2404 | int open_flag, int mode, int acc_mode) | ||
2405 | { | 2218 | { |
2219 | struct file *base = NULL; | ||
2406 | struct file *filp; | 2220 | struct file *filp; |
2407 | struct nameidata nd; | ||
2408 | int error; | ||
2409 | struct path path; | 2221 | struct path path; |
2410 | int count = 0; | 2222 | int error; |
2411 | int flag = open_to_namei_flags(open_flag); | ||
2412 | int flags; | ||
2413 | |||
2414 | if (!(open_flag & O_CREAT)) | ||
2415 | mode = 0; | ||
2416 | |||
2417 | /* Must never be set by userspace */ | ||
2418 | open_flag &= ~FMODE_NONOTIFY; | ||
2419 | |||
2420 | /* | ||
2421 | * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only | ||
2422 | * check for O_DSYNC if the need any syncing at all we enforce it's | ||
2423 | * always set instead of having to deal with possibly weird behaviour | ||
2424 | * for malicious applications setting only __O_SYNC. | ||
2425 | */ | ||
2426 | if (open_flag & __O_SYNC) | ||
2427 | open_flag |= O_DSYNC; | ||
2428 | |||
2429 | if (!acc_mode) | ||
2430 | acc_mode = MAY_OPEN | ACC_MODE(open_flag); | ||
2431 | |||
2432 | /* O_TRUNC implies we need access checks for write permissions */ | ||
2433 | if (open_flag & O_TRUNC) | ||
2434 | acc_mode |= MAY_WRITE; | ||
2435 | |||
2436 | /* Allow the LSM permission hook to distinguish append | ||
2437 | access from general write access. */ | ||
2438 | if (open_flag & O_APPEND) | ||
2439 | acc_mode |= MAY_APPEND; | ||
2440 | |||
2441 | flags = LOOKUP_OPEN; | ||
2442 | if (open_flag & O_CREAT) { | ||
2443 | flags |= LOOKUP_CREATE; | ||
2444 | if (open_flag & O_EXCL) | ||
2445 | flags |= LOOKUP_EXCL; | ||
2446 | } | ||
2447 | if (open_flag & O_DIRECTORY) | ||
2448 | flags |= LOOKUP_DIRECTORY; | ||
2449 | if (!(open_flag & O_NOFOLLOW)) | ||
2450 | flags |= LOOKUP_FOLLOW; | ||
2451 | 2223 | ||
2452 | filp = get_empty_filp(); | 2224 | filp = get_empty_filp(); |
2453 | if (!filp) | 2225 | if (!filp) |
2454 | return ERR_PTR(-ENFILE); | 2226 | return ERR_PTR(-ENFILE); |
2455 | 2227 | ||
2456 | filp->f_flags = open_flag; | 2228 | filp->f_flags = op->open_flag; |
2457 | nd.intent.open.file = filp; | 2229 | nd->intent.open.file = filp; |
2458 | nd.intent.open.flags = flag; | 2230 | nd->intent.open.flags = open_to_namei_flags(op->open_flag); |
2459 | nd.intent.open.create_mode = mode; | 2231 | nd->intent.open.create_mode = op->mode; |
2460 | 2232 | ||
2461 | if (open_flag & O_CREAT) | 2233 | error = path_init(dfd, pathname, flags | LOOKUP_PARENT, nd, &base); |
2462 | goto creat; | ||
2463 | |||
2464 | /* !O_CREAT, simple open */ | ||
2465 | error = do_path_lookup(dfd, pathname, flags, &nd); | ||
2466 | if (unlikely(error)) | 2234 | if (unlikely(error)) |
2467 | goto out_filp; | 2235 | goto out_filp; |
2468 | error = -ELOOP; | ||
2469 | if (!(nd.flags & LOOKUP_FOLLOW)) { | ||
2470 | if (nd.inode->i_op->follow_link) | ||
2471 | goto out_path; | ||
2472 | } | ||
2473 | error = -ENOTDIR; | ||
2474 | if (nd.flags & LOOKUP_DIRECTORY) { | ||
2475 | if (!nd.inode->i_op->lookup) | ||
2476 | goto out_path; | ||
2477 | } | ||
2478 | audit_inode(pathname, nd.path.dentry); | ||
2479 | filp = finish_open(&nd, open_flag, acc_mode); | ||
2480 | return filp; | ||
2481 | 2236 | ||
2482 | creat: | 2237 | current->total_link_count = 0; |
2483 | /* OK, have to create the file. Find the parent. */ | 2238 | error = link_path_walk(pathname, nd); |
2484 | error = path_init_rcu(dfd, pathname, | ||
2485 | LOOKUP_PARENT | (flags & LOOKUP_REVAL), &nd); | ||
2486 | if (error) | ||
2487 | goto out_filp; | ||
2488 | error = path_walk_rcu(pathname, &nd); | ||
2489 | path_finish_rcu(&nd); | ||
2490 | if (unlikely(error == -ECHILD || error == -ESTALE)) { | ||
2491 | /* slower, locked walk */ | ||
2492 | if (error == -ESTALE) { | ||
2493 | reval: | ||
2494 | flags |= LOOKUP_REVAL; | ||
2495 | } | ||
2496 | error = path_init(dfd, pathname, | ||
2497 | LOOKUP_PARENT | (flags & LOOKUP_REVAL), &nd); | ||
2498 | if (error) | ||
2499 | goto out_filp; | ||
2500 | |||
2501 | error = path_walk_simple(pathname, &nd); | ||
2502 | } | ||
2503 | if (unlikely(error)) | 2239 | if (unlikely(error)) |
2504 | goto out_filp; | 2240 | goto out_filp; |
2505 | if (unlikely(!audit_dummy_context())) | ||
2506 | audit_inode(pathname, nd.path.dentry); | ||
2507 | 2241 | ||
2508 | /* | 2242 | filp = do_last(nd, &path, op, pathname); |
2509 | * We have the parent and last component. | ||
2510 | */ | ||
2511 | nd.flags = flags; | ||
2512 | filp = do_last(&nd, &path, open_flag, acc_mode, mode, pathname); | ||
2513 | while (unlikely(!filp)) { /* trailing symlink */ | 2243 | while (unlikely(!filp)) { /* trailing symlink */ |
2514 | struct path link = path; | 2244 | struct path link = path; |
2515 | struct inode *linki = link.dentry->d_inode; | ||
2516 | void *cookie; | 2245 | void *cookie; |
2517 | error = -ELOOP; | 2246 | if (!(nd->flags & LOOKUP_FOLLOW)) { |
2518 | if (!(nd.flags & LOOKUP_FOLLOW)) | 2247 | path_put_conditional(&path, nd); |
2519 | goto exit_dput; | 2248 | path_put(&nd->path); |
2520 | if (count++ == 32) | 2249 | filp = ERR_PTR(-ELOOP); |
2521 | goto exit_dput; | 2250 | break; |
2522 | /* | ||
2523 | * This is subtle. Instead of calling do_follow_link() we do | ||
2524 | * the thing by hands. The reason is that this way we have zero | ||
2525 | * link_count and path_walk() (called from ->follow_link) | ||
2526 | * honoring LOOKUP_PARENT. After that we have the parent and | ||
2527 | * last component, i.e. we are in the same situation as after | ||
2528 | * the first path_walk(). Well, almost - if the last component | ||
2529 | * is normal we get its copy stored in nd->last.name and we will | ||
2530 | * have to putname() it when we are done. Procfs-like symlinks | ||
2531 | * just set LAST_BIND. | ||
2532 | */ | ||
2533 | nd.flags |= LOOKUP_PARENT; | ||
2534 | error = security_inode_follow_link(link.dentry, &nd); | ||
2535 | if (error) | ||
2536 | goto exit_dput; | ||
2537 | error = __do_follow_link(&link, &nd, &cookie); | ||
2538 | if (unlikely(error)) { | ||
2539 | if (!IS_ERR(cookie) && linki->i_op->put_link) | ||
2540 | linki->i_op->put_link(link.dentry, &nd, cookie); | ||
2541 | /* nd.path had been dropped */ | ||
2542 | nd.path = link; | ||
2543 | goto out_path; | ||
2544 | } | 2251 | } |
2545 | nd.flags &= ~LOOKUP_PARENT; | 2252 | nd->flags |= LOOKUP_PARENT; |
2546 | filp = do_last(&nd, &path, open_flag, acc_mode, mode, pathname); | 2253 | nd->flags &= ~(LOOKUP_OPEN|LOOKUP_CREATE|LOOKUP_EXCL); |
2547 | if (linki->i_op->put_link) | 2254 | error = follow_link(&link, nd, &cookie); |
2548 | linki->i_op->put_link(link.dentry, &nd, cookie); | 2255 | if (unlikely(error)) |
2549 | path_put(&link); | 2256 | filp = ERR_PTR(error); |
2257 | else | ||
2258 | filp = do_last(nd, &path, op, pathname); | ||
2259 | put_link(nd, &link, cookie); | ||
2550 | } | 2260 | } |
2551 | out: | 2261 | out: |
2552 | if (nd.root.mnt) | 2262 | if (nd->root.mnt && !(nd->flags & LOOKUP_ROOT)) |
2553 | path_put(&nd.root); | 2263 | path_put(&nd->root); |
2554 | if (filp == ERR_PTR(-ESTALE) && !(flags & LOOKUP_REVAL)) | 2264 | if (base) |
2555 | goto reval; | 2265 | fput(base); |
2266 | release_open_intent(nd); | ||
2556 | return filp; | 2267 | return filp; |
2557 | 2268 | ||
2558 | exit_dput: | ||
2559 | path_put_conditional(&path, &nd); | ||
2560 | out_path: | ||
2561 | path_put(&nd.path); | ||
2562 | out_filp: | 2269 | out_filp: |
2563 | if (!IS_ERR(nd.intent.open.file)) | ||
2564 | release_open_intent(&nd); | ||
2565 | filp = ERR_PTR(error); | 2270 | filp = ERR_PTR(error); |
2566 | goto out; | 2271 | goto out; |
2567 | } | 2272 | } |
2568 | 2273 | ||
2569 | /** | 2274 | struct file *do_filp_open(int dfd, const char *pathname, |
2570 | * filp_open - open file and return file pointer | 2275 | const struct open_flags *op, int flags) |
2571 | * | ||
2572 | * @filename: path to open | ||
2573 | * @flags: open flags as per the open(2) second argument | ||
2574 | * @mode: mode for the new file if O_CREAT is set, else ignored | ||
2575 | * | ||
2576 | * This is the helper to open a file from kernelspace if you really | ||
2577 | * have to. But in generally you should not do this, so please move | ||
2578 | * along, nothing to see here.. | ||
2579 | */ | ||
2580 | struct file *filp_open(const char *filename, int flags, int mode) | ||
2581 | { | 2276 | { |
2582 | return do_filp_open(AT_FDCWD, filename, flags, mode, 0); | 2277 | struct nameidata nd; |
2278 | struct file *filp; | ||
2279 | |||
2280 | filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_RCU); | ||
2281 | if (unlikely(filp == ERR_PTR(-ECHILD))) | ||
2282 | filp = path_openat(dfd, pathname, &nd, op, flags); | ||
2283 | if (unlikely(filp == ERR_PTR(-ESTALE))) | ||
2284 | filp = path_openat(dfd, pathname, &nd, op, flags | LOOKUP_REVAL); | ||
2285 | return filp; | ||
2286 | } | ||
2287 | |||
2288 | struct file *do_file_open_root(struct dentry *dentry, struct vfsmount *mnt, | ||
2289 | const char *name, const struct open_flags *op, int flags) | ||
2290 | { | ||
2291 | struct nameidata nd; | ||
2292 | struct file *file; | ||
2293 | |||
2294 | nd.root.mnt = mnt; | ||
2295 | nd.root.dentry = dentry; | ||
2296 | |||
2297 | flags |= LOOKUP_ROOT; | ||
2298 | |||
2299 | if (dentry->d_inode->i_op->follow_link && op->intent & LOOKUP_OPEN) | ||
2300 | return ERR_PTR(-ELOOP); | ||
2301 | |||
2302 | file = path_openat(-1, name, &nd, op, flags | LOOKUP_RCU); | ||
2303 | if (unlikely(file == ERR_PTR(-ECHILD))) | ||
2304 | file = path_openat(-1, name, &nd, op, flags); | ||
2305 | if (unlikely(file == ERR_PTR(-ESTALE))) | ||
2306 | file = path_openat(-1, name, &nd, op, flags | LOOKUP_REVAL); | ||
2307 | return file; | ||
2583 | } | 2308 | } |
2584 | EXPORT_SYMBOL(filp_open); | ||
2585 | 2309 | ||
2586 | /** | 2310 | /** |
2587 | * lookup_create - lookup a dentry, creating it if it doesn't exist | 2311 | * lookup_create - lookup a dentry, creating it if it doesn't exist |
@@ -2643,7 +2367,8 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) | |||
2643 | if (error) | 2367 | if (error) |
2644 | return error; | 2368 | return error; |
2645 | 2369 | ||
2646 | if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD)) | 2370 | if ((S_ISCHR(mode) || S_ISBLK(mode)) && |
2371 | !ns_capable(inode_userns(dir), CAP_MKNOD)) | ||
2647 | return -EPERM; | 2372 | return -EPERM; |
2648 | 2373 | ||
2649 | if (!dir->i_op->mknod) | 2374 | if (!dir->i_op->mknod) |
@@ -2804,10 +2529,10 @@ SYSCALL_DEFINE2(mkdir, const char __user *, pathname, int, mode) | |||
2804 | } | 2529 | } |
2805 | 2530 | ||
2806 | /* | 2531 | /* |
2807 | * We try to drop the dentry early: we should have | 2532 | * The dentry_unhash() helper will try to drop the dentry early: we |
2808 | * a usage count of 2 if we're the only user of this | 2533 | * should have a usage count of 2 if we're the only user of this |
2809 | * dentry, and if that is true (possibly after pruning | 2534 | * dentry, and if that is true (possibly after pruning the dcache), |
2810 | * the dcache), then we drop the dentry now. | 2535 | * then we drop the dentry now. |
2811 | * | 2536 | * |
2812 | * A low-level filesystem can, if it choses, legally | 2537 | * A low-level filesystem can, if it choses, legally |
2813 | * do a | 2538 | * do a |
@@ -2820,10 +2545,9 @@ SYSCALL_DEFINE2(mkdir, const char __user *, pathname, int, mode) | |||
2820 | */ | 2545 | */ |
2821 | void dentry_unhash(struct dentry *dentry) | 2546 | void dentry_unhash(struct dentry *dentry) |
2822 | { | 2547 | { |
2823 | dget(dentry); | ||
2824 | shrink_dcache_parent(dentry); | 2548 | shrink_dcache_parent(dentry); |
2825 | spin_lock(&dentry->d_lock); | 2549 | spin_lock(&dentry->d_lock); |
2826 | if (dentry->d_count == 2) | 2550 | if (dentry->d_count == 1) |
2827 | __d_drop(dentry); | 2551 | __d_drop(dentry); |
2828 | spin_unlock(&dentry->d_lock); | 2552 | spin_unlock(&dentry->d_lock); |
2829 | } | 2553 | } |
@@ -2839,25 +2563,26 @@ int vfs_rmdir(struct inode *dir, struct dentry *dentry) | |||
2839 | return -EPERM; | 2563 | return -EPERM; |
2840 | 2564 | ||
2841 | mutex_lock(&dentry->d_inode->i_mutex); | 2565 | mutex_lock(&dentry->d_inode->i_mutex); |
2842 | dentry_unhash(dentry); | 2566 | |
2567 | error = -EBUSY; | ||
2843 | if (d_mountpoint(dentry)) | 2568 | if (d_mountpoint(dentry)) |
2844 | error = -EBUSY; | 2569 | goto out; |
2845 | else { | 2570 | |
2846 | error = security_inode_rmdir(dir, dentry); | 2571 | error = security_inode_rmdir(dir, dentry); |
2847 | if (!error) { | 2572 | if (error) |
2848 | error = dir->i_op->rmdir(dir, dentry); | 2573 | goto out; |
2849 | if (!error) { | 2574 | |
2850 | dentry->d_inode->i_flags |= S_DEAD; | 2575 | error = dir->i_op->rmdir(dir, dentry); |
2851 | dont_mount(dentry); | 2576 | if (error) |
2852 | } | 2577 | goto out; |
2853 | } | 2578 | |
2854 | } | 2579 | dentry->d_inode->i_flags |= S_DEAD; |
2580 | dont_mount(dentry); | ||
2581 | |||
2582 | out: | ||
2855 | mutex_unlock(&dentry->d_inode->i_mutex); | 2583 | mutex_unlock(&dentry->d_inode->i_mutex); |
2856 | if (!error) { | 2584 | if (!error) |
2857 | d_delete(dentry); | 2585 | d_delete(dentry); |
2858 | } | ||
2859 | dput(dentry); | ||
2860 | |||
2861 | return error; | 2586 | return error; |
2862 | } | 2587 | } |
2863 | 2588 | ||
@@ -3120,7 +2845,11 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de | |||
3120 | return error; | 2845 | return error; |
3121 | 2846 | ||
3122 | mutex_lock(&inode->i_mutex); | 2847 | mutex_lock(&inode->i_mutex); |
3123 | error = dir->i_op->link(old_dentry, dir, new_dentry); | 2848 | /* Make sure we don't allow creating hardlink to an unlinked file */ |
2849 | if (inode->i_nlink == 0) | ||
2850 | error = -ENOENT; | ||
2851 | else | ||
2852 | error = dir->i_op->link(old_dentry, dir, new_dentry); | ||
3124 | mutex_unlock(&inode->i_mutex); | 2853 | mutex_unlock(&inode->i_mutex); |
3125 | if (!error) | 2854 | if (!error) |
3126 | fsnotify_link(dir, inode, new_dentry); | 2855 | fsnotify_link(dir, inode, new_dentry); |
@@ -3142,15 +2871,27 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, | |||
3142 | struct dentry *new_dentry; | 2871 | struct dentry *new_dentry; |
3143 | struct nameidata nd; | 2872 | struct nameidata nd; |
3144 | struct path old_path; | 2873 | struct path old_path; |
2874 | int how = 0; | ||
3145 | int error; | 2875 | int error; |
3146 | char *to; | 2876 | char *to; |
3147 | 2877 | ||
3148 | if ((flags & ~AT_SYMLINK_FOLLOW) != 0) | 2878 | if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0) |
3149 | return -EINVAL; | 2879 | return -EINVAL; |
2880 | /* | ||
2881 | * To use null names we require CAP_DAC_READ_SEARCH | ||
2882 | * This ensures that not everyone will be able to create | ||
2883 | * handlink using the passed filedescriptor. | ||
2884 | */ | ||
2885 | if (flags & AT_EMPTY_PATH) { | ||
2886 | if (!capable(CAP_DAC_READ_SEARCH)) | ||
2887 | return -ENOENT; | ||
2888 | how = LOOKUP_EMPTY; | ||
2889 | } | ||
2890 | |||
2891 | if (flags & AT_SYMLINK_FOLLOW) | ||
2892 | how |= LOOKUP_FOLLOW; | ||
3150 | 2893 | ||
3151 | error = user_path_at(olddfd, oldname, | 2894 | error = user_path_at(olddfd, oldname, how, &old_path); |
3152 | flags & AT_SYMLINK_FOLLOW ? LOOKUP_FOLLOW : 0, | ||
3153 | &old_path); | ||
3154 | if (error) | 2895 | if (error) |
3155 | return error; | 2896 | return error; |
3156 | 2897 | ||
@@ -3212,12 +2953,7 @@ SYSCALL_DEFINE2(link, const char __user *, oldname, const char __user *, newname | |||
3212 | * HOWEVER, it relies on the assumption that any object with ->lookup() | 2953 | * HOWEVER, it relies on the assumption that any object with ->lookup() |
3213 | * has no more than 1 dentry. If "hybrid" objects will ever appear, | 2954 | * has no more than 1 dentry. If "hybrid" objects will ever appear, |
3214 | * we'd better make sure that there's no link(2) for them. | 2955 | * we'd better make sure that there's no link(2) for them. |
3215 | * d) some filesystems don't support opened-but-unlinked directories, | 2956 | * d) conversion from fhandle to dentry may come in the wrong moment - when |
3216 | * either because of layout or because they are not ready to deal with | ||
3217 | * all cases correctly. The latter will be fixed (taking this sort of | ||
3218 | * stuff into VFS), but the former is not going away. Solution: the same | ||
3219 | * trick as in rmdir(). | ||
3220 | * e) conversion from fhandle to dentry may come in the wrong moment - when | ||
3221 | * we are removing the target. Solution: we will have to grab ->i_mutex | 2957 | * we are removing the target. Solution: we will have to grab ->i_mutex |
3222 | * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on | 2958 | * in the fhandle_to_dentry code. [FIXME - current nfsfh.c relies on |
3223 | * ->i_mutex on parents, which works but leads to some truly excessive | 2959 | * ->i_mutex on parents, which works but leads to some truly excessive |
@@ -3227,7 +2963,7 @@ static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry, | |||
3227 | struct inode *new_dir, struct dentry *new_dentry) | 2963 | struct inode *new_dir, struct dentry *new_dentry) |
3228 | { | 2964 | { |
3229 | int error = 0; | 2965 | int error = 0; |
3230 | struct inode *target; | 2966 | struct inode *target = new_dentry->d_inode; |
3231 | 2967 | ||
3232 | /* | 2968 | /* |
3233 | * If we are going to change the parent - check write permissions, | 2969 | * If we are going to change the parent - check write permissions, |
@@ -3243,26 +2979,24 @@ static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry, | |||
3243 | if (error) | 2979 | if (error) |
3244 | return error; | 2980 | return error; |
3245 | 2981 | ||
3246 | target = new_dentry->d_inode; | ||
3247 | if (target) | 2982 | if (target) |
3248 | mutex_lock(&target->i_mutex); | 2983 | mutex_lock(&target->i_mutex); |
3249 | if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry)) | 2984 | |
3250 | error = -EBUSY; | 2985 | error = -EBUSY; |
3251 | else { | 2986 | if (d_mountpoint(old_dentry) || d_mountpoint(new_dentry)) |
3252 | if (target) | 2987 | goto out; |
3253 | dentry_unhash(new_dentry); | 2988 | |
3254 | error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry); | 2989 | error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry); |
3255 | } | 2990 | if (error) |
2991 | goto out; | ||
2992 | |||
3256 | if (target) { | 2993 | if (target) { |
3257 | if (!error) { | 2994 | target->i_flags |= S_DEAD; |
3258 | target->i_flags |= S_DEAD; | 2995 | dont_mount(new_dentry); |
3259 | dont_mount(new_dentry); | ||
3260 | } | ||
3261 | mutex_unlock(&target->i_mutex); | ||
3262 | if (d_unhashed(new_dentry)) | ||
3263 | d_rehash(new_dentry); | ||
3264 | dput(new_dentry); | ||
3265 | } | 2996 | } |
2997 | out: | ||
2998 | if (target) | ||
2999 | mutex_unlock(&target->i_mutex); | ||
3266 | if (!error) | 3000 | if (!error) |
3267 | if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) | 3001 | if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) |
3268 | d_move(old_dentry,new_dentry); | 3002 | d_move(old_dentry,new_dentry); |
@@ -3272,7 +3006,7 @@ static int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry, | |||
3272 | static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, | 3006 | static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, |
3273 | struct inode *new_dir, struct dentry *new_dentry) | 3007 | struct inode *new_dir, struct dentry *new_dentry) |
3274 | { | 3008 | { |
3275 | struct inode *target; | 3009 | struct inode *target = new_dentry->d_inode; |
3276 | int error; | 3010 | int error; |
3277 | 3011 | ||
3278 | error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry); | 3012 | error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry); |
@@ -3280,19 +3014,22 @@ static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, | |||
3280 | return error; | 3014 | return error; |
3281 | 3015 | ||
3282 | dget(new_dentry); | 3016 | dget(new_dentry); |
3283 | target = new_dentry->d_inode; | ||
3284 | if (target) | 3017 | if (target) |
3285 | mutex_lock(&target->i_mutex); | 3018 | mutex_lock(&target->i_mutex); |
3019 | |||
3020 | error = -EBUSY; | ||
3286 | if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry)) | 3021 | if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry)) |
3287 | error = -EBUSY; | 3022 | goto out; |
3288 | else | 3023 | |
3289 | error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry); | 3024 | error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry); |
3290 | if (!error) { | 3025 | if (error) |
3291 | if (target) | 3026 | goto out; |
3292 | dont_mount(new_dentry); | 3027 | |
3293 | if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) | 3028 | if (target) |
3294 | d_move(old_dentry, new_dentry); | 3029 | dont_mount(new_dentry); |
3295 | } | 3030 | if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) |
3031 | d_move(old_dentry, new_dentry); | ||
3032 | out: | ||
3296 | if (target) | 3033 | if (target) |
3297 | mutex_unlock(&target->i_mutex); | 3034 | mutex_unlock(&target->i_mutex); |
3298 | dput(new_dentry); | 3035 | dput(new_dentry); |
@@ -3587,7 +3324,7 @@ EXPORT_SYMBOL(page_readlink); | |||
3587 | EXPORT_SYMBOL(__page_symlink); | 3324 | EXPORT_SYMBOL(__page_symlink); |
3588 | EXPORT_SYMBOL(page_symlink); | 3325 | EXPORT_SYMBOL(page_symlink); |
3589 | EXPORT_SYMBOL(page_symlink_inode_operations); | 3326 | EXPORT_SYMBOL(page_symlink_inode_operations); |
3590 | EXPORT_SYMBOL(path_lookup); | 3327 | EXPORT_SYMBOL(kern_path_parent); |
3591 | EXPORT_SYMBOL(kern_path); | 3328 | EXPORT_SYMBOL(kern_path); |
3592 | EXPORT_SYMBOL(vfs_path_lookup); | 3329 | EXPORT_SYMBOL(vfs_path_lookup); |
3593 | EXPORT_SYMBOL(inode_permission); | 3330 | EXPORT_SYMBOL(inode_permission); |