diff options
Diffstat (limited to 'fs/namei.c')
-rw-r--r-- | fs/namei.c | 561 |
1 files changed, 277 insertions, 284 deletions
diff --git a/fs/namei.c b/fs/namei.c index a4855af776a8..9a6456099f1e 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -498,8 +498,6 @@ static int link_path_walk(const char *, struct nameidata *); | |||
498 | 498 | ||
499 | static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link) | 499 | static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *link) |
500 | { | 500 | { |
501 | int res = 0; | ||
502 | char *name; | ||
503 | if (IS_ERR(link)) | 501 | if (IS_ERR(link)) |
504 | goto fail; | 502 | goto fail; |
505 | 503 | ||
@@ -510,22 +508,7 @@ static __always_inline int __vfs_follow_link(struct nameidata *nd, const char *l | |||
510 | path_get(&nd->root); | 508 | path_get(&nd->root); |
511 | } | 509 | } |
512 | 510 | ||
513 | res = link_path_walk(link, nd); | 511 | return link_path_walk(link, nd); |
514 | if (nd->depth || res || nd->last_type!=LAST_NORM) | ||
515 | return res; | ||
516 | /* | ||
517 | * If it is an iterative symlinks resolution in open_namei() we | ||
518 | * have to copy the last component. And all that crap because of | ||
519 | * bloody create() on broken symlinks. Furrfu... | ||
520 | */ | ||
521 | name = __getname(); | ||
522 | if (unlikely(!name)) { | ||
523 | path_put(&nd->path); | ||
524 | return -ENOMEM; | ||
525 | } | ||
526 | strcpy(name, nd->last.name); | ||
527 | nd->last.name = name; | ||
528 | return 0; | ||
529 | fail: | 512 | fail: |
530 | path_put(&nd->path); | 513 | path_put(&nd->path); |
531 | return PTR_ERR(link); | 514 | return PTR_ERR(link); |
@@ -547,10 +530,10 @@ static inline void path_to_nameidata(struct path *path, struct nameidata *nd) | |||
547 | nd->path.dentry = path->dentry; | 530 | nd->path.dentry = path->dentry; |
548 | } | 531 | } |
549 | 532 | ||
550 | static __always_inline int __do_follow_link(struct path *path, struct nameidata *nd) | 533 | static __always_inline int |
534 | __do_follow_link(struct path *path, struct nameidata *nd, void **p) | ||
551 | { | 535 | { |
552 | int error; | 536 | int error; |
553 | void *cookie; | ||
554 | struct dentry *dentry = path->dentry; | 537 | struct dentry *dentry = path->dentry; |
555 | 538 | ||
556 | touch_atime(path->mnt, dentry); | 539 | touch_atime(path->mnt, dentry); |
@@ -562,9 +545,9 @@ static __always_inline int __do_follow_link(struct path *path, struct nameidata | |||
562 | } | 545 | } |
563 | mntget(path->mnt); | 546 | mntget(path->mnt); |
564 | nd->last_type = LAST_BIND; | 547 | nd->last_type = LAST_BIND; |
565 | cookie = dentry->d_inode->i_op->follow_link(dentry, nd); | 548 | *p = dentry->d_inode->i_op->follow_link(dentry, nd); |
566 | error = PTR_ERR(cookie); | 549 | error = PTR_ERR(*p); |
567 | if (!IS_ERR(cookie)) { | 550 | if (!IS_ERR(*p)) { |
568 | char *s = nd_get_link(nd); | 551 | char *s = nd_get_link(nd); |
569 | error = 0; | 552 | error = 0; |
570 | if (s) | 553 | if (s) |
@@ -574,8 +557,6 @@ static __always_inline int __do_follow_link(struct path *path, struct nameidata | |||
574 | if (error) | 557 | if (error) |
575 | path_put(&nd->path); | 558 | path_put(&nd->path); |
576 | } | 559 | } |
577 | if (dentry->d_inode->i_op->put_link) | ||
578 | dentry->d_inode->i_op->put_link(dentry, nd, cookie); | ||
579 | } | 560 | } |
580 | return error; | 561 | return error; |
581 | } | 562 | } |
@@ -589,6 +570,7 @@ static __always_inline int __do_follow_link(struct path *path, struct nameidata | |||
589 | */ | 570 | */ |
590 | static inline int do_follow_link(struct path *path, struct nameidata *nd) | 571 | static inline int do_follow_link(struct path *path, struct nameidata *nd) |
591 | { | 572 | { |
573 | void *cookie; | ||
592 | int err = -ELOOP; | 574 | int err = -ELOOP; |
593 | if (current->link_count >= MAX_NESTED_LINKS) | 575 | if (current->link_count >= MAX_NESTED_LINKS) |
594 | goto loop; | 576 | goto loop; |
@@ -602,7 +584,9 @@ static inline int do_follow_link(struct path *path, struct nameidata *nd) | |||
602 | current->link_count++; | 584 | current->link_count++; |
603 | current->total_link_count++; | 585 | current->total_link_count++; |
604 | nd->depth++; | 586 | nd->depth++; |
605 | err = __do_follow_link(path, nd); | 587 | err = __do_follow_link(path, nd, &cookie); |
588 | if (!IS_ERR(cookie) && path->dentry->d_inode->i_op->put_link) | ||
589 | path->dentry->d_inode->i_op->put_link(path->dentry, nd, cookie); | ||
606 | path_put(path); | 590 | path_put(path); |
607 | current->link_count--; | 591 | current->link_count--; |
608 | nd->depth--; | 592 | nd->depth--; |
@@ -689,33 +673,20 @@ static __always_inline void follow_dotdot(struct nameidata *nd) | |||
689 | set_root(nd); | 673 | set_root(nd); |
690 | 674 | ||
691 | while(1) { | 675 | while(1) { |
692 | struct vfsmount *parent; | ||
693 | struct dentry *old = nd->path.dentry; | 676 | struct dentry *old = nd->path.dentry; |
694 | 677 | ||
695 | if (nd->path.dentry == nd->root.dentry && | 678 | if (nd->path.dentry == nd->root.dentry && |
696 | nd->path.mnt == nd->root.mnt) { | 679 | nd->path.mnt == nd->root.mnt) { |
697 | break; | 680 | break; |
698 | } | 681 | } |
699 | spin_lock(&dcache_lock); | ||
700 | if (nd->path.dentry != nd->path.mnt->mnt_root) { | 682 | if (nd->path.dentry != nd->path.mnt->mnt_root) { |
701 | nd->path.dentry = dget(nd->path.dentry->d_parent); | 683 | /* rare case of legitimate dget_parent()... */ |
702 | spin_unlock(&dcache_lock); | 684 | nd->path.dentry = dget_parent(nd->path.dentry); |
703 | dput(old); | 685 | dput(old); |
704 | break; | 686 | break; |
705 | } | 687 | } |
706 | spin_unlock(&dcache_lock); | 688 | if (!follow_up(&nd->path)) |
707 | spin_lock(&vfsmount_lock); | ||
708 | parent = nd->path.mnt->mnt_parent; | ||
709 | if (parent == nd->path.mnt) { | ||
710 | spin_unlock(&vfsmount_lock); | ||
711 | break; | 689 | break; |
712 | } | ||
713 | mntget(parent); | ||
714 | nd->path.dentry = dget(nd->path.mnt->mnt_mountpoint); | ||
715 | spin_unlock(&vfsmount_lock); | ||
716 | dput(old); | ||
717 | mntput(nd->path.mnt); | ||
718 | nd->path.mnt = parent; | ||
719 | } | 690 | } |
720 | follow_mount(&nd->path); | 691 | follow_mount(&nd->path); |
721 | } | 692 | } |
@@ -1347,7 +1318,7 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir) | |||
1347 | return -ENOENT; | 1318 | return -ENOENT; |
1348 | 1319 | ||
1349 | BUG_ON(victim->d_parent->d_inode != dir); | 1320 | BUG_ON(victim->d_parent->d_inode != dir); |
1350 | audit_inode_child(victim->d_name.name, victim, dir); | 1321 | audit_inode_child(victim, dir); |
1351 | 1322 | ||
1352 | error = inode_permission(dir, MAY_WRITE | MAY_EXEC); | 1323 | error = inode_permission(dir, MAY_WRITE | MAY_EXEC); |
1353 | if (error) | 1324 | if (error) |
@@ -1388,22 +1359,6 @@ static inline int may_create(struct inode *dir, struct dentry *child) | |||
1388 | return inode_permission(dir, MAY_WRITE | MAY_EXEC); | 1359 | return inode_permission(dir, MAY_WRITE | MAY_EXEC); |
1389 | } | 1360 | } |
1390 | 1361 | ||
1391 | /* | ||
1392 | * O_DIRECTORY translates into forcing a directory lookup. | ||
1393 | */ | ||
1394 | static inline int lookup_flags(unsigned int f) | ||
1395 | { | ||
1396 | unsigned long retval = LOOKUP_FOLLOW; | ||
1397 | |||
1398 | if (f & O_NOFOLLOW) | ||
1399 | retval &= ~LOOKUP_FOLLOW; | ||
1400 | |||
1401 | if (f & O_DIRECTORY) | ||
1402 | retval |= LOOKUP_DIRECTORY; | ||
1403 | |||
1404 | return retval; | ||
1405 | } | ||
1406 | |||
1407 | /* | 1362 | /* |
1408 | * p1 and p2 should be directories on the same fs. | 1363 | * p1 and p2 should be directories on the same fs. |
1409 | */ | 1364 | */ |
@@ -1503,7 +1458,7 @@ int may_open(struct path *path, int acc_mode, int flag) | |||
1503 | * An append-only file must be opened in append mode for writing. | 1458 | * An append-only file must be opened in append mode for writing. |
1504 | */ | 1459 | */ |
1505 | if (IS_APPEND(inode)) { | 1460 | if (IS_APPEND(inode)) { |
1506 | if ((flag & FMODE_WRITE) && !(flag & O_APPEND)) | 1461 | if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND)) |
1507 | return -EPERM; | 1462 | return -EPERM; |
1508 | if (flag & O_TRUNC) | 1463 | if (flag & O_TRUNC) |
1509 | return -EPERM; | 1464 | return -EPERM; |
@@ -1547,7 +1502,7 @@ static int handle_truncate(struct path *path) | |||
1547 | * what get passed to sys_open(). | 1502 | * what get passed to sys_open(). |
1548 | */ | 1503 | */ |
1549 | static int __open_namei_create(struct nameidata *nd, struct path *path, | 1504 | static int __open_namei_create(struct nameidata *nd, struct path *path, |
1550 | int flag, int mode) | 1505 | int open_flag, int mode) |
1551 | { | 1506 | { |
1552 | int error; | 1507 | int error; |
1553 | struct dentry *dir = nd->path.dentry; | 1508 | struct dentry *dir = nd->path.dentry; |
@@ -1565,7 +1520,7 @@ out_unlock: | |||
1565 | if (error) | 1520 | if (error) |
1566 | return error; | 1521 | return error; |
1567 | /* Don't check for write permission, don't truncate */ | 1522 | /* Don't check for write permission, don't truncate */ |
1568 | return may_open(&nd->path, 0, flag & ~O_TRUNC); | 1523 | return may_open(&nd->path, 0, open_flag & ~O_TRUNC); |
1569 | } | 1524 | } |
1570 | 1525 | ||
1571 | /* | 1526 | /* |
@@ -1603,129 +1558,135 @@ static int open_will_truncate(int flag, struct inode *inode) | |||
1603 | return (flag & O_TRUNC); | 1558 | return (flag & O_TRUNC); |
1604 | } | 1559 | } |
1605 | 1560 | ||
1606 | /* | 1561 | static struct file *finish_open(struct nameidata *nd, |
1607 | * Note that the low bits of the passed in "open_flag" | 1562 | int open_flag, int acc_mode) |
1608 | * are not the same as in the local variable "flag". See | ||
1609 | * open_to_namei_flags() for more details. | ||
1610 | */ | ||
1611 | struct file *do_filp_open(int dfd, const char *pathname, | ||
1612 | int open_flag, int mode, int acc_mode) | ||
1613 | { | 1563 | { |
1614 | struct file *filp; | 1564 | struct file *filp; |
1615 | struct nameidata nd; | ||
1616 | int error; | ||
1617 | struct path path; | ||
1618 | struct dentry *dir; | ||
1619 | int count = 0; | ||
1620 | int will_truncate; | 1565 | int will_truncate; |
1621 | int flag = open_to_namei_flags(open_flag); | 1566 | int error; |
1622 | int force_reval = 0; | 1567 | |
1568 | will_truncate = open_will_truncate(open_flag, nd->path.dentry->d_inode); | ||
1569 | if (will_truncate) { | ||
1570 | error = mnt_want_write(nd->path.mnt); | ||
1571 | if (error) | ||
1572 | goto exit; | ||
1573 | } | ||
1574 | error = may_open(&nd->path, acc_mode, open_flag); | ||
1575 | if (error) { | ||
1576 | if (will_truncate) | ||
1577 | mnt_drop_write(nd->path.mnt); | ||
1578 | goto exit; | ||
1579 | } | ||
1580 | filp = nameidata_to_filp(nd); | ||
1581 | if (!IS_ERR(filp)) { | ||
1582 | error = ima_file_check(filp, acc_mode); | ||
1583 | if (error) { | ||
1584 | fput(filp); | ||
1585 | filp = ERR_PTR(error); | ||
1586 | } | ||
1587 | } | ||
1588 | if (!IS_ERR(filp)) { | ||
1589 | if (acc_mode & MAY_WRITE) | ||
1590 | vfs_dq_init(nd->path.dentry->d_inode); | ||
1623 | 1591 | ||
1592 | if (will_truncate) { | ||
1593 | error = handle_truncate(&nd->path); | ||
1594 | if (error) { | ||
1595 | fput(filp); | ||
1596 | filp = ERR_PTR(error); | ||
1597 | } | ||
1598 | } | ||
1599 | } | ||
1624 | /* | 1600 | /* |
1625 | * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only | 1601 | * It is now safe to drop the mnt write |
1626 | * check for O_DSYNC if the need any syncing at all we enforce it's | 1602 | * because the filp has had a write taken |
1627 | * always set instead of having to deal with possibly weird behaviour | 1603 | * on its behalf. |
1628 | * for malicious applications setting only __O_SYNC. | ||
1629 | */ | 1604 | */ |
1630 | if (open_flag & __O_SYNC) | 1605 | if (will_truncate) |
1631 | open_flag |= O_DSYNC; | 1606 | mnt_drop_write(nd->path.mnt); |
1632 | 1607 | return filp; | |
1633 | if (!acc_mode) | ||
1634 | acc_mode = MAY_OPEN | ACC_MODE(open_flag); | ||
1635 | 1608 | ||
1636 | /* O_TRUNC implies we need access checks for write permissions */ | 1609 | exit: |
1637 | if (flag & O_TRUNC) | 1610 | if (!IS_ERR(nd->intent.open.file)) |
1638 | acc_mode |= MAY_WRITE; | 1611 | release_open_intent(nd); |
1612 | path_put(&nd->path); | ||
1613 | return ERR_PTR(error); | ||
1614 | } | ||
1639 | 1615 | ||
1640 | /* Allow the LSM permission hook to distinguish append | 1616 | static struct file *do_last(struct nameidata *nd, struct path *path, |
1641 | access from general write access. */ | 1617 | int open_flag, int acc_mode, |
1642 | if (flag & O_APPEND) | 1618 | int mode, const char *pathname, |
1643 | acc_mode |= MAY_APPEND; | 1619 | int *want_dir) |
1620 | { | ||
1621 | struct dentry *dir = nd->path.dentry; | ||
1622 | struct file *filp; | ||
1623 | int error = -EISDIR; | ||
1644 | 1624 | ||
1645 | /* | 1625 | switch (nd->last_type) { |
1646 | * The simplest case - just a plain lookup. | 1626 | case LAST_DOTDOT: |
1647 | */ | 1627 | follow_dotdot(nd); |
1648 | if (!(flag & O_CREAT)) { | 1628 | dir = nd->path.dentry; |
1649 | filp = get_empty_filp(); | 1629 | if (nd->path.mnt->mnt_sb->s_type->fs_flags & FS_REVAL_DOT) { |
1650 | 1630 | if (!dir->d_op->d_revalidate(dir, nd)) { | |
1651 | if (filp == NULL) | 1631 | error = -ESTALE; |
1652 | return ERR_PTR(-ENFILE); | 1632 | goto exit; |
1653 | nd.intent.open.file = filp; | ||
1654 | filp->f_flags = open_flag; | ||
1655 | nd.intent.open.flags = flag; | ||
1656 | nd.intent.open.create_mode = 0; | ||
1657 | error = do_path_lookup(dfd, pathname, | ||
1658 | lookup_flags(flag)|LOOKUP_OPEN, &nd); | ||
1659 | if (IS_ERR(nd.intent.open.file)) { | ||
1660 | if (error == 0) { | ||
1661 | error = PTR_ERR(nd.intent.open.file); | ||
1662 | path_put(&nd.path); | ||
1663 | } | 1633 | } |
1664 | } else if (error) | 1634 | } |
1665 | release_open_intent(&nd); | 1635 | /* fallthrough */ |
1666 | if (error) | 1636 | case LAST_DOT: |
1667 | return ERR_PTR(error); | 1637 | case LAST_ROOT: |
1638 | if (open_flag & O_CREAT) | ||
1639 | goto exit; | ||
1640 | /* fallthrough */ | ||
1641 | case LAST_BIND: | ||
1642 | audit_inode(pathname, dir); | ||
1668 | goto ok; | 1643 | goto ok; |
1669 | } | 1644 | } |
1670 | 1645 | ||
1671 | /* | 1646 | /* trailing slashes? */ |
1672 | * Create - we need to know the parent. | 1647 | if (nd->last.name[nd->last.len]) { |
1673 | */ | 1648 | if (open_flag & O_CREAT) |
1674 | reval: | 1649 | goto exit; |
1675 | error = path_init(dfd, pathname, LOOKUP_PARENT, &nd); | 1650 | *want_dir = 1; |
1676 | if (error) | ||
1677 | return ERR_PTR(error); | ||
1678 | if (force_reval) | ||
1679 | nd.flags |= LOOKUP_REVAL; | ||
1680 | error = path_walk(pathname, &nd); | ||
1681 | if (error) { | ||
1682 | if (nd.root.mnt) | ||
1683 | path_put(&nd.root); | ||
1684 | return ERR_PTR(error); | ||
1685 | } | 1651 | } |
1686 | if (unlikely(!audit_dummy_context())) | ||
1687 | audit_inode(pathname, nd.path.dentry); | ||
1688 | 1652 | ||
1689 | /* | 1653 | /* just plain open? */ |
1690 | * We have the parent and last component. First of all, check | 1654 | if (!(open_flag & O_CREAT)) { |
1691 | * that we are not asked to creat(2) an obvious directory - that | 1655 | error = do_lookup(nd, &nd->last, path); |
1692 | * will not do. | 1656 | if (error) |
1693 | */ | 1657 | goto exit; |
1694 | error = -EISDIR; | 1658 | error = -ENOENT; |
1695 | if (nd.last_type != LAST_NORM || nd.last.name[nd.last.len]) | 1659 | if (!path->dentry->d_inode) |
1696 | goto exit_parent; | 1660 | goto exit_dput; |
1661 | if (path->dentry->d_inode->i_op->follow_link) | ||
1662 | return NULL; | ||
1663 | error = -ENOTDIR; | ||
1664 | if (*want_dir & !path->dentry->d_inode->i_op->lookup) | ||
1665 | goto exit_dput; | ||
1666 | path_to_nameidata(path, nd); | ||
1667 | audit_inode(pathname, nd->path.dentry); | ||
1668 | goto ok; | ||
1669 | } | ||
1697 | 1670 | ||
1698 | error = -ENFILE; | 1671 | /* OK, it's O_CREAT */ |
1699 | filp = get_empty_filp(); | ||
1700 | if (filp == NULL) | ||
1701 | goto exit_parent; | ||
1702 | nd.intent.open.file = filp; | ||
1703 | filp->f_flags = open_flag; | ||
1704 | nd.intent.open.flags = flag; | ||
1705 | nd.intent.open.create_mode = mode; | ||
1706 | dir = nd.path.dentry; | ||
1707 | nd.flags &= ~LOOKUP_PARENT; | ||
1708 | nd.flags |= LOOKUP_CREATE | LOOKUP_OPEN; | ||
1709 | if (flag & O_EXCL) | ||
1710 | nd.flags |= LOOKUP_EXCL; | ||
1711 | mutex_lock(&dir->d_inode->i_mutex); | 1672 | mutex_lock(&dir->d_inode->i_mutex); |
1712 | path.dentry = lookup_hash(&nd); | ||
1713 | path.mnt = nd.path.mnt; | ||
1714 | 1673 | ||
1715 | do_last: | 1674 | path->dentry = lookup_hash(nd); |
1716 | error = PTR_ERR(path.dentry); | 1675 | path->mnt = nd->path.mnt; |
1717 | if (IS_ERR(path.dentry)) { | 1676 | |
1677 | error = PTR_ERR(path->dentry); | ||
1678 | if (IS_ERR(path->dentry)) { | ||
1718 | mutex_unlock(&dir->d_inode->i_mutex); | 1679 | mutex_unlock(&dir->d_inode->i_mutex); |
1719 | goto exit; | 1680 | goto exit; |
1720 | } | 1681 | } |
1721 | 1682 | ||
1722 | if (IS_ERR(nd.intent.open.file)) { | 1683 | if (IS_ERR(nd->intent.open.file)) { |
1723 | error = PTR_ERR(nd.intent.open.file); | 1684 | error = PTR_ERR(nd->intent.open.file); |
1724 | goto exit_mutex_unlock; | 1685 | goto exit_mutex_unlock; |
1725 | } | 1686 | } |
1726 | 1687 | ||
1727 | /* Negative dentry, just create the file */ | 1688 | /* Negative dentry, just create the file */ |
1728 | if (!path.dentry->d_inode) { | 1689 | if (!path->dentry->d_inode) { |
1729 | /* | 1690 | /* |
1730 | * This write is needed to ensure that a | 1691 | * This write is needed to ensure that a |
1731 | * ro->rw transition does not occur between | 1692 | * ro->rw transition does not occur between |
@@ -1733,18 +1694,16 @@ do_last: | |||
1733 | * a permanent write count is taken through | 1694 | * a permanent write count is taken through |
1734 | * the 'struct file' in nameidata_to_filp(). | 1695 | * the 'struct file' in nameidata_to_filp(). |
1735 | */ | 1696 | */ |
1736 | error = mnt_want_write(nd.path.mnt); | 1697 | error = mnt_want_write(nd->path.mnt); |
1737 | if (error) | 1698 | if (error) |
1738 | goto exit_mutex_unlock; | 1699 | goto exit_mutex_unlock; |
1739 | error = __open_namei_create(&nd, &path, flag, mode); | 1700 | error = __open_namei_create(nd, path, open_flag, mode); |
1740 | if (error) { | 1701 | if (error) { |
1741 | mnt_drop_write(nd.path.mnt); | 1702 | mnt_drop_write(nd->path.mnt); |
1742 | goto exit; | 1703 | goto exit; |
1743 | } | 1704 | } |
1744 | filp = nameidata_to_filp(&nd); | 1705 | filp = nameidata_to_filp(nd); |
1745 | mnt_drop_write(nd.path.mnt); | 1706 | mnt_drop_write(nd->path.mnt); |
1746 | if (nd.root.mnt) | ||
1747 | path_put(&nd.root); | ||
1748 | if (!IS_ERR(filp)) { | 1707 | if (!IS_ERR(filp)) { |
1749 | error = ima_file_check(filp, acc_mode); | 1708 | error = ima_file_check(filp, acc_mode); |
1750 | if (error) { | 1709 | if (error) { |
@@ -1759,150 +1718,181 @@ do_last: | |||
1759 | * It already exists. | 1718 | * It already exists. |
1760 | */ | 1719 | */ |
1761 | mutex_unlock(&dir->d_inode->i_mutex); | 1720 | mutex_unlock(&dir->d_inode->i_mutex); |
1762 | audit_inode(pathname, path.dentry); | 1721 | audit_inode(pathname, path->dentry); |
1763 | 1722 | ||
1764 | error = -EEXIST; | 1723 | error = -EEXIST; |
1765 | if (flag & O_EXCL) | 1724 | if (open_flag & O_EXCL) |
1766 | goto exit_dput; | 1725 | goto exit_dput; |
1767 | 1726 | ||
1768 | if (__follow_mount(&path)) { | 1727 | if (__follow_mount(path)) { |
1769 | error = -ELOOP; | 1728 | error = -ELOOP; |
1770 | if (flag & O_NOFOLLOW) | 1729 | if (open_flag & O_NOFOLLOW) |
1771 | goto exit_dput; | 1730 | goto exit_dput; |
1772 | } | 1731 | } |
1773 | 1732 | ||
1774 | error = -ENOENT; | 1733 | error = -ENOENT; |
1775 | if (!path.dentry->d_inode) | 1734 | if (!path->dentry->d_inode) |
1776 | goto exit_dput; | 1735 | goto exit_dput; |
1777 | if (path.dentry->d_inode->i_op->follow_link) | ||
1778 | goto do_link; | ||
1779 | 1736 | ||
1780 | path_to_nameidata(&path, &nd); | 1737 | if (path->dentry->d_inode->i_op->follow_link) |
1738 | return NULL; | ||
1739 | |||
1740 | path_to_nameidata(path, nd); | ||
1781 | error = -EISDIR; | 1741 | error = -EISDIR; |
1782 | if (S_ISDIR(path.dentry->d_inode->i_mode)) | 1742 | if (S_ISDIR(path->dentry->d_inode->i_mode)) |
1783 | goto exit; | 1743 | goto exit; |
1784 | ok: | 1744 | ok: |
1745 | filp = finish_open(nd, open_flag, acc_mode); | ||
1746 | return filp; | ||
1747 | |||
1748 | exit_mutex_unlock: | ||
1749 | mutex_unlock(&dir->d_inode->i_mutex); | ||
1750 | exit_dput: | ||
1751 | path_put_conditional(path, nd); | ||
1752 | exit: | ||
1753 | if (!IS_ERR(nd->intent.open.file)) | ||
1754 | release_open_intent(nd); | ||
1755 | path_put(&nd->path); | ||
1756 | return ERR_PTR(error); | ||
1757 | } | ||
1758 | |||
1759 | /* | ||
1760 | * Note that the low bits of the passed in "open_flag" | ||
1761 | * are not the same as in the local variable "flag". See | ||
1762 | * open_to_namei_flags() for more details. | ||
1763 | */ | ||
1764 | struct file *do_filp_open(int dfd, const char *pathname, | ||
1765 | int open_flag, int mode, int acc_mode) | ||
1766 | { | ||
1767 | struct file *filp; | ||
1768 | struct nameidata nd; | ||
1769 | int error; | ||
1770 | struct path path; | ||
1771 | int count = 0; | ||
1772 | int flag = open_to_namei_flags(open_flag); | ||
1773 | int force_reval = 0; | ||
1774 | int want_dir = open_flag & O_DIRECTORY; | ||
1775 | |||
1776 | if (!(open_flag & O_CREAT)) | ||
1777 | mode = 0; | ||
1778 | |||
1785 | /* | 1779 | /* |
1786 | * Consider: | 1780 | * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only |
1787 | * 1. may_open() truncates a file | 1781 | * check for O_DSYNC if the need any syncing at all we enforce it's |
1788 | * 2. a rw->ro mount transition occurs | 1782 | * always set instead of having to deal with possibly weird behaviour |
1789 | * 3. nameidata_to_filp() fails due to | 1783 | * for malicious applications setting only __O_SYNC. |
1790 | * the ro mount. | ||
1791 | * That would be inconsistent, and should | ||
1792 | * be avoided. Taking this mnt write here | ||
1793 | * ensures that (2) can not occur. | ||
1794 | */ | 1784 | */ |
1795 | will_truncate = open_will_truncate(flag, nd.path.dentry->d_inode); | 1785 | if (open_flag & __O_SYNC) |
1796 | if (will_truncate) { | 1786 | open_flag |= O_DSYNC; |
1797 | error = mnt_want_write(nd.path.mnt); | 1787 | |
1798 | if (error) | 1788 | if (!acc_mode) |
1799 | goto exit; | 1789 | acc_mode = MAY_OPEN | ACC_MODE(open_flag); |
1800 | } | 1790 | |
1801 | error = may_open(&nd.path, acc_mode, flag); | 1791 | /* O_TRUNC implies we need access checks for write permissions */ |
1792 | if (open_flag & O_TRUNC) | ||
1793 | acc_mode |= MAY_WRITE; | ||
1794 | |||
1795 | /* Allow the LSM permission hook to distinguish append | ||
1796 | access from general write access. */ | ||
1797 | if (open_flag & O_APPEND) | ||
1798 | acc_mode |= MAY_APPEND; | ||
1799 | |||
1800 | /* find the parent */ | ||
1801 | reval: | ||
1802 | error = path_init(dfd, pathname, LOOKUP_PARENT, &nd); | ||
1803 | if (error) | ||
1804 | return ERR_PTR(error); | ||
1805 | if (force_reval) | ||
1806 | nd.flags |= LOOKUP_REVAL; | ||
1807 | |||
1808 | current->total_link_count = 0; | ||
1809 | error = link_path_walk(pathname, &nd); | ||
1802 | if (error) { | 1810 | if (error) { |
1803 | if (will_truncate) | 1811 | filp = ERR_PTR(error); |
1804 | mnt_drop_write(nd.path.mnt); | 1812 | goto out; |
1805 | goto exit; | ||
1806 | } | ||
1807 | filp = nameidata_to_filp(&nd); | ||
1808 | if (!IS_ERR(filp)) { | ||
1809 | error = ima_file_check(filp, acc_mode); | ||
1810 | if (error) { | ||
1811 | fput(filp); | ||
1812 | filp = ERR_PTR(error); | ||
1813 | } | ||
1814 | } | 1813 | } |
1815 | if (!IS_ERR(filp)) { | 1814 | if (unlikely(!audit_dummy_context()) && (open_flag & O_CREAT)) |
1816 | if (acc_mode & MAY_WRITE) | 1815 | audit_inode(pathname, nd.path.dentry); |
1817 | vfs_dq_init(nd.path.dentry->d_inode); | ||
1818 | 1816 | ||
1819 | if (will_truncate) { | ||
1820 | error = handle_truncate(&nd.path); | ||
1821 | if (error) { | ||
1822 | fput(filp); | ||
1823 | filp = ERR_PTR(error); | ||
1824 | } | ||
1825 | } | ||
1826 | } | ||
1827 | /* | 1817 | /* |
1828 | * It is now safe to drop the mnt write | 1818 | * We have the parent and last component. |
1829 | * because the filp has had a write taken | ||
1830 | * on its behalf. | ||
1831 | */ | 1819 | */ |
1832 | if (will_truncate) | 1820 | |
1833 | mnt_drop_write(nd.path.mnt); | 1821 | error = -ENFILE; |
1822 | filp = get_empty_filp(); | ||
1823 | if (filp == NULL) | ||
1824 | goto exit_parent; | ||
1825 | nd.intent.open.file = filp; | ||
1826 | filp->f_flags = open_flag; | ||
1827 | nd.intent.open.flags = flag; | ||
1828 | nd.intent.open.create_mode = mode; | ||
1829 | nd.flags &= ~LOOKUP_PARENT; | ||
1830 | nd.flags |= LOOKUP_OPEN; | ||
1831 | if (open_flag & O_CREAT) { | ||
1832 | nd.flags |= LOOKUP_CREATE; | ||
1833 | if (open_flag & O_EXCL) | ||
1834 | nd.flags |= LOOKUP_EXCL; | ||
1835 | } | ||
1836 | filp = do_last(&nd, &path, open_flag, acc_mode, mode, pathname, &want_dir); | ||
1837 | while (unlikely(!filp)) { /* trailing symlink */ | ||
1838 | struct path holder; | ||
1839 | struct inode *inode = path.dentry->d_inode; | ||
1840 | void *cookie; | ||
1841 | error = -ELOOP; | ||
1842 | /* S_ISDIR part is a temporary automount kludge */ | ||
1843 | if ((open_flag & O_NOFOLLOW) && !S_ISDIR(inode->i_mode)) | ||
1844 | goto exit_dput; | ||
1845 | if (count++ == 32) | ||
1846 | goto exit_dput; | ||
1847 | /* | ||
1848 | * This is subtle. Instead of calling do_follow_link() we do | ||
1849 | * the thing by hands. The reason is that this way we have zero | ||
1850 | * link_count and path_walk() (called from ->follow_link) | ||
1851 | * honoring LOOKUP_PARENT. After that we have the parent and | ||
1852 | * last component, i.e. we are in the same situation as after | ||
1853 | * the first path_walk(). Well, almost - if the last component | ||
1854 | * is normal we get its copy stored in nd->last.name and we will | ||
1855 | * have to putname() it when we are done. Procfs-like symlinks | ||
1856 | * just set LAST_BIND. | ||
1857 | */ | ||
1858 | nd.flags |= LOOKUP_PARENT; | ||
1859 | error = security_inode_follow_link(path.dentry, &nd); | ||
1860 | if (error) | ||
1861 | goto exit_dput; | ||
1862 | error = __do_follow_link(&path, &nd, &cookie); | ||
1863 | if (unlikely(error)) { | ||
1864 | /* nd.path had been dropped */ | ||
1865 | if (!IS_ERR(cookie) && inode->i_op->put_link) | ||
1866 | inode->i_op->put_link(path.dentry, &nd, cookie); | ||
1867 | path_put(&path); | ||
1868 | release_open_intent(&nd); | ||
1869 | filp = ERR_PTR(error); | ||
1870 | goto out; | ||
1871 | } | ||
1872 | holder = path; | ||
1873 | nd.flags &= ~LOOKUP_PARENT; | ||
1874 | filp = do_last(&nd, &path, open_flag, acc_mode, mode, pathname, &want_dir); | ||
1875 | if (inode->i_op->put_link) | ||
1876 | inode->i_op->put_link(holder.dentry, &nd, cookie); | ||
1877 | path_put(&holder); | ||
1878 | } | ||
1879 | out: | ||
1834 | if (nd.root.mnt) | 1880 | if (nd.root.mnt) |
1835 | path_put(&nd.root); | 1881 | path_put(&nd.root); |
1882 | if (filp == ERR_PTR(-ESTALE) && !force_reval) { | ||
1883 | force_reval = 1; | ||
1884 | goto reval; | ||
1885 | } | ||
1836 | return filp; | 1886 | return filp; |
1837 | 1887 | ||
1838 | exit_mutex_unlock: | ||
1839 | mutex_unlock(&dir->d_inode->i_mutex); | ||
1840 | exit_dput: | 1888 | exit_dput: |
1841 | path_put_conditional(&path, &nd); | 1889 | path_put_conditional(&path, &nd); |
1842 | exit: | ||
1843 | if (!IS_ERR(nd.intent.open.file)) | 1890 | if (!IS_ERR(nd.intent.open.file)) |
1844 | release_open_intent(&nd); | 1891 | release_open_intent(&nd); |
1845 | exit_parent: | 1892 | exit_parent: |
1846 | if (nd.root.mnt) | ||
1847 | path_put(&nd.root); | ||
1848 | path_put(&nd.path); | 1893 | path_put(&nd.path); |
1849 | return ERR_PTR(error); | 1894 | filp = ERR_PTR(error); |
1850 | 1895 | goto out; | |
1851 | do_link: | ||
1852 | error = -ELOOP; | ||
1853 | if (flag & O_NOFOLLOW) | ||
1854 | goto exit_dput; | ||
1855 | /* | ||
1856 | * This is subtle. Instead of calling do_follow_link() we do the | ||
1857 | * thing by hands. The reason is that this way we have zero link_count | ||
1858 | * and path_walk() (called from ->follow_link) honoring LOOKUP_PARENT. | ||
1859 | * After that we have the parent and last component, i.e. | ||
1860 | * we are in the same situation as after the first path_walk(). | ||
1861 | * Well, almost - if the last component is normal we get its copy | ||
1862 | * stored in nd->last.name and we will have to putname() it when we | ||
1863 | * are done. Procfs-like symlinks just set LAST_BIND. | ||
1864 | */ | ||
1865 | nd.flags |= LOOKUP_PARENT; | ||
1866 | error = security_inode_follow_link(path.dentry, &nd); | ||
1867 | if (error) | ||
1868 | goto exit_dput; | ||
1869 | error = __do_follow_link(&path, &nd); | ||
1870 | path_put(&path); | ||
1871 | if (error) { | ||
1872 | /* Does someone understand code flow here? Or it is only | ||
1873 | * me so stupid? Anathema to whoever designed this non-sense | ||
1874 | * with "intent.open". | ||
1875 | */ | ||
1876 | release_open_intent(&nd); | ||
1877 | if (nd.root.mnt) | ||
1878 | path_put(&nd.root); | ||
1879 | if (error == -ESTALE && !force_reval) { | ||
1880 | force_reval = 1; | ||
1881 | goto reval; | ||
1882 | } | ||
1883 | return ERR_PTR(error); | ||
1884 | } | ||
1885 | nd.flags &= ~LOOKUP_PARENT; | ||
1886 | if (nd.last_type == LAST_BIND) | ||
1887 | goto ok; | ||
1888 | error = -EISDIR; | ||
1889 | if (nd.last_type != LAST_NORM) | ||
1890 | goto exit; | ||
1891 | if (nd.last.name[nd.last.len]) { | ||
1892 | __putname(nd.last.name); | ||
1893 | goto exit; | ||
1894 | } | ||
1895 | error = -ELOOP; | ||
1896 | if (count++==32) { | ||
1897 | __putname(nd.last.name); | ||
1898 | goto exit; | ||
1899 | } | ||
1900 | dir = nd.path.dentry; | ||
1901 | mutex_lock(&dir->d_inode->i_mutex); | ||
1902 | path.dentry = lookup_hash(&nd); | ||
1903 | path.mnt = nd.path.mnt; | ||
1904 | __putname(nd.last.name); | ||
1905 | goto do_last; | ||
1906 | } | 1896 | } |
1907 | 1897 | ||
1908 | /** | 1898 | /** |
@@ -2275,8 +2265,11 @@ int vfs_unlink(struct inode *dir, struct dentry *dentry) | |||
2275 | error = -EBUSY; | 2265 | error = -EBUSY; |
2276 | else { | 2266 | else { |
2277 | error = security_inode_unlink(dir, dentry); | 2267 | error = security_inode_unlink(dir, dentry); |
2278 | if (!error) | 2268 | if (!error) { |
2279 | error = dir->i_op->unlink(dir, dentry); | 2269 | error = dir->i_op->unlink(dir, dentry); |
2270 | if (!error) | ||
2271 | dentry->d_inode->i_flags |= S_DEAD; | ||
2272 | } | ||
2280 | } | 2273 | } |
2281 | mutex_unlock(&dentry->d_inode->i_mutex); | 2274 | mutex_unlock(&dentry->d_inode->i_mutex); |
2282 | 2275 | ||
@@ -2629,6 +2622,8 @@ static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, | |||
2629 | else | 2622 | else |
2630 | error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry); | 2623 | error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry); |
2631 | if (!error) { | 2624 | if (!error) { |
2625 | if (target) | ||
2626 | target->i_flags |= S_DEAD; | ||
2632 | if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) | 2627 | if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) |
2633 | d_move(old_dentry, new_dentry); | 2628 | d_move(old_dentry, new_dentry); |
2634 | } | 2629 | } |
@@ -2671,11 +2666,9 @@ int vfs_rename(struct inode *old_dir, struct dentry *old_dentry, | |||
2671 | error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry); | 2666 | error = vfs_rename_dir(old_dir,old_dentry,new_dir,new_dentry); |
2672 | else | 2667 | else |
2673 | error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry); | 2668 | error = vfs_rename_other(old_dir,old_dentry,new_dir,new_dentry); |
2674 | if (!error) { | 2669 | if (!error) |
2675 | const char *new_name = old_dentry->d_name.name; | 2670 | fsnotify_move(old_dir, new_dir, old_name, is_dir, |
2676 | fsnotify_move(old_dir, new_dir, old_name, new_name, is_dir, | ||
2677 | new_dentry->d_inode, old_dentry); | 2671 | new_dentry->d_inode, old_dentry); |
2678 | } | ||
2679 | fsnotify_oldname_free(old_name); | 2672 | fsnotify_oldname_free(old_name); |
2680 | 2673 | ||
2681 | return error; | 2674 | return error; |