/*
* linux/fs/namei.c
*
* Copyright (C) 1991, 1992 Linus Torvalds
*/
/*
* Some corrections by tytso.
*
* Aug 97 - cevans - fix security problem with O_TRUNC and append only files
*/
#include <asm/segment.h>
#include <linux/errno.h>
#include <linux/sched.h>
#include <linux/kernel.h>
#include <linux/string.h>
#include <linux/fcntl.h>
#include <linux/stat.h>
#include <linux/mm.h>
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
/*
* How long a filename can we get from user space?
* -EFAULT if invalid area
* 0 if ok (ENAMETOOLONG before EFAULT)
* >0 EFAULT after xx bytes
*/
static inline int get_max_filename(unsigned long address)
{
struct vm_area_struct * vma;
if (get_fs() == KERNEL_DS)
return 0;
vma = find_vma(current->mm, address);
if (!vma || vma->vm_start > address || !(vma->vm_flags & VM_READ))
return -EFAULT;
address = vma->vm_end - address;
if (address > PAGE_SIZE)
return 0;
if (vma->vm_next && vma->vm_next->vm_start == vma->vm_end &&
(vma->vm_next->vm_flags & VM_READ))
return 0;
return address;
}
/*
* In order to reduce some races, while at the same time doing additional
* checking and hopefully speeding things up, we copy filenames to the
* kernel data space before using them..
*
* POSIX.1 2.4: an empty pathname is invalid (ENOENT).
*/
int getname(const char * filename, char **result)
{
int i, error;
unsigned long page;
char * tmp, c;
i = get_max_filename((unsigned long) filename);
if (i < 0)
return i;
error = -EFAULT;
if (!i) {
error = -ENAMETOOLONG;
i = PAGE_SIZE;
}
c = get_user(filename++);
if (!c)
return -ENOENT;
if(!(page = __get_free_page(GFP_KERNEL)))
return -ENOMEM;
*result = tmp = (char *) page;
while (--i) {
*(tmp++) = c;
c = get_user(filename++);
if (!c) {
*tmp = '\0';
return 0;
}
}
free_page(page);
return error;
}
void putname(char * name)
{
free_page((unsigned long) name);
}
/*
* permission()
*
* is used to check for read/write/execute permissions on a file.
* We use "fsuid" for this, letting us set arbitrary permissions
* for filesystem access without changing the "normal" uids which
* are used for other things..
*/
int permission(struct inode * inode,int mask)
{
int mode = inode->i_mode;
if (inode->i_op && inode->i_op->permission)
return inode->i_op->permission(inode, mask);
else if ((mask & S_IWOTH) && IS_RDONLY(inode) &&
(S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
return -EROFS; /* Nobody gets write access to a read-only fs */
else if ((mask & S_IWOTH) && IS_IMMUTABLE(inode))
return -EACCES; /* Nobody gets write access to an immutable file */
else if (current->fsuid == inode->i_uid)
mode >>= 6;
else if (in_group_p(inode->i_gid))
mode >>= 3;
if (((mode & mask & 0007) == mask) || fsuser())
return 0;
return -EACCES;
}
/*
* get_write_access() gets write permission for a file.
* put_write_access() releases this write permission.
* This is used for regular files.
* We cannot support write (and maybe mmap read-write shared) accesses and
* MAP_DENYWRITE mmappings simultaneously.
*/
int get_write_access(struct inode * inode)
{
struct task_struct * p;
if ((inode->i_count > 1) && S_ISREG(inode->i_mode)) /* shortcut */
for_each_task(p) {
struct vm_area_struct * mpnt;
if (!p->mm)
continue;
for(mpnt = p->mm->mmap; mpnt; mpnt = mpnt->vm_next) {
if (inode != mpnt->vm_inode)
continue;
if (mpnt->vm_flags & VM_DENYWRITE)
return -ETXTBSY;
}
}
inode->i_writecount++;
return 0;
}
void put_write_access(struct inode * inode)
{
inode->i_writecount--;
}
/*
* lookup() looks up one part of a pathname, using the fs-dependent
* routines (currently minix_lookup) for it. It also checks for
* fathers (pseudo-roots, mount-points)
*/
int lookup(struct inode * dir,const char * name, int len,
struct inode ** result)
{
struct super_block * sb;
int perm;
*result = NULL;
if (!dir)
return -ENOENT;
/* check permissions before traversing mount-points */
perm = permission(dir,MAY_EXEC);
if (len==2 && name[0] == '.' && name[1] == '.') {
if (dir == current->fs->root) {
*result = dir;
return 0;
} else if ((sb = dir->i_sb) && (dir == sb->s_mounted)) {
iput(dir);
dir = sb->s_covered;
if (!dir)
return -ENOENT;
dir->i_count++;
}
}
if (!dir->i_op || !dir->i_op->lookup) {
iput(dir);
return -ENOTDIR;
}
if (perm != 0) {
iput(dir);
return perm;
}
if (!len) {
*result = dir;
return 0;
}
return dir->i_op->lookup(dir, name, len, result);
}
int follow_link(struct inode * dir, struct inode * inode,
int flag, int mode, struct inode ** res_inode)
{
if (!dir || !inode) {
iput(dir);
iput(inode);
*res_inode = NULL;
return -ENOENT;
}
if (!inode->i_op || !inode->i_op->follow_link) {
iput(dir);
*res_inode = inode;
return 0;
}
return inode->i_op->follow_link(dir,inode,flag,mode,res_inode);
}
/*
* dir_namei()
*
* dir_namei() returns the inode of the directory of the
* specified name, and the name within that directory.
*/
static int dir_namei(const char *pathname, int *namelen, const char **name,
struct inode * base, struct inode **res_inode)
{
char c;
const char * thisname;
int len,error;
struct inode * inode;
*res_inode = NULL;
if (!base) {
base = current->fs->pwd;
base->i_count++;
}
if ((c = *pathname) == '/') {
iput(base);
base = current->fs->root;
pathname++;
base->i_count++;
}
while (1) {
thisname = pathname;
for(len=0;(c = *(pathname++))&&(c != '/');len++)
/* nothing */ ;
if (!c)
break;
base->i_count++;
error = lookup(base, thisname, len, &inode);
if (error) {
iput(base);
return error;
}
error = follow_link(base,inode,0,0,&base);
if (error)
return error;
}
if (!base->i_op || !base->i_op->lookup) {
iput(base);
return -ENOTDIR;
}
*name = thisname;
*namelen = len;
*res_inode = base;
return 0;
}
static int _namei(const char * pathname, struct inode * base,
int follow_links, struct inode ** res_inode)
{
const char *basename;
int namelen,error;
struct inode * inode;
*res_inode = NULL;
error = dir_namei(pathname, &namelen, &basename, base, &base);
if (error)
return error;
base->i_count++; /* lookup uses up base */
error = lookup(base, basename, namelen, &inode);
if (error) {
iput(base);
return error;
}
if (follow_links) {
error = follow_link(base, inode, 0, 0, &inode);
if (error)
return error;
} else
iput(base);
if ((inode->i_flags & S_BAD_INODE) != 0) {
iput(inode);
return -EIO;
}
*res_inode = inode;
return 0;
}
int lnamei(const char *pathname, struct inode **res_inode)
{
int error;
char * tmp;
error = getname(pathname, &tmp);
if (!error) {
error = _namei(tmp, NULL, 0, res_inode);
putname(tmp);
}
return error;
}
/*
* namei()
*
* is used by most simple commands to get the inode of a specified name.
* Open, link etc use their own routines, but this is enough for things
* like 'chmod' etc.
*/
int namei(const char *pathname, struct inode **res_inode)
{
int error;
char * tmp;
error = getname(pathname, &tmp);
if (!error) {
error = _namei(tmp, NULL, 1, res_inode);
putname(tmp);
}
return error;
}
/*
* open_namei()
*
* namei for open - this is in fact almost the whole open-routine.
*
* Note that the low bits of "flag" aren't the same as in the open
* system call - they are 00 - no permissions needed
* 01 - read permission needed
* 10 - write permission needed
* 11 - read/write permissions needed
* which is a lot more logical, and also allows the "no perm" needed
* for symlinks (where the permissions are checked later).
*/
/*
* namei dla funkcji open - tu zawarta jest znaczna czesc kodu funkcji open
* KOMENTOWAL: ADAM KIEZUN
*/
int open_namei(const char * pathname, int flag, int mode,
struct inode ** res_inode, struct inode * base)
{
const char * basename;
int namelen,error;
struct inode * dir, *inode;
mode &= S_IALLUGO & ~current->fs->umask;
mode |= S_IFREG;
/*szukamy i-wezla katalogu i nazwy pliku w tym katalogu*/
error = dir_namei(pathname, &namelen, &basename, base, &dir);
if (error)
return error;
if (!namelen) { /*nazwa pliku pusta, bo to jest katalog*/
if (flag & 2) { /*próba otwarcia katalogu do pisania*/
iput(dir);
return -EISDIR;
}
/*sprawdzamy prawa do katalogu*/
if ((error = permission(dir,ACC_MODE(flag))) != 0) {
iput(dir);
return error;
}
*res_inode=dir;
return 0;
}
dir->i_count++;
if (flag & O_CREAT) { /*plik nalezy stworzyc*/
down(&dir->i_sem); /*opuscic semafor na i-wezle katalogu*/
error = lookup(dir, basename, namelen, &inode); /*jeden katalog w góre*/
if (!error) {
if (flag & O_EXCL) { /*plik mial byc tworzony a on juz istnieje*/
iput(inode);
error = -EEXIST;
}
} else if (IS_RDONLY(dir)) /*katalog tylko do odczytu - blad*/
error = -EROFS;
else if (!dir->i_op || !dir->i_op->create)/*operacja tworzenia niedozwolona
w tym katalogu*/
error = -EACCES;
else if ((error = permission(dir,MAY_WRITE | MAY_EXEC)) != 0)
; /* czy mamy prawa zapisu i wykonywania(czyli przegladania)
w tym katalogu */
else { /*wszystko jest OK - zaczynamy*/
dir->i_count++;
if (dir->i_sb && dir->i_sb->dq_op)
dir->i_sb->dq_op->initialize(dir, -1);
error = dir->i_op->create(dir, basename, namelen, mode, res_inode);
/*nowy i-wezel*/
up(&dir->i_sem); /*semafor w góre*/
iput(dir); /*i-wezel "nadkatalogu" odkladamy*/
return error;
}
up(&dir->i_sem); /*semafor w góre*/
} else /*pliku tworzyc nie trzeba*/
error = lookup(dir, basename, namelen, &inode);/*nadkatalog*/
if (error) {
iput(dir);
return error;
}
error = follow_link(dir,inode,flag,mode,&inode);
if (error)
return error;
if (S_ISDIR(inode->i_mode) && (flag & 2)) { /*próba zapisu katalogu*/
iput(inode);
return -EISDIR;
}
if ((error = permission(inode,ACC_MODE(flag))) != 0) { /*pozwolenia*/
iput(inode);
return error;
}
if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
/*jesli to FIFO lub gniazdo to kasujemy flage obciecia pliku*/
flag &= ~O_TRUNC;
}
else if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {
/* podobnie dla urzadzen znakowych i blokowych*/
if (IS_NODEV(inode)) {
iput(inode);
return -EACCES;
}
flag &= ~O_TRUNC;
} else {
if (IS_RDONLY(inode) && (flag & 2)) {/*otwarcie do zapisu pliku z systemu
przeznaczonego tylko do odczytu*/
iput(inode);
return -EROFS;
}
}
/*
* Pliki przeznaczone tylko do dopisywania maja byc otwarte w trybie dopisywania
* i w trybie pisania. Tryb obcinania jest niedozwolony.
*/
if (IS_APPEND(inode) && (((flag & FMODE_WRITE) && !(flag & O_APPEND)) || (flag & O_TRUNC))) {
iput(inode);
return -EPERM;
}
if (flag & O_TRUNC) { /*tryb obcinania*/
if ((error = get_write_access(inode))) {/*brak zezwolenia na zapis*/
iput(inode);
return error;
}
/*Jesli sa zalozone jakies blokady na plik, to odmawiamy obciecia */
error = locks_verify_locked(inode);
if (error) {
iput(inode);
return error;
}
if (inode->i_sb && inode->i_sb->dq_op
inode->i_sb->dq_op->initialize(inode, -1);
error = do_truncate(inode, 0); /*obciecie*/
put_write_access(inode); /*oddajemy prawa zapisu*/
if (error) {
iput(inode);
return error;
}
} else
if (flag & FMODE_WRITE) /*zapis*/
if (inode->i_sb && inode->i_sb->dq_op) /*zalezy od systemu plików*/
inode->i_sb->dq_op->initialize(inode, -1);
*res_inode = inode;
return 0;
}
int do_mknod(const char * filename, int mode, dev_t dev)
{
const char * basename;
int namelen, error;
struct inode * dir;
mode &= ~current->fs->umask;
error = dir_namei(filename, &namelen, &basename, NULL, &dir);
if (error)
return error;
if (!namelen) {
iput(dir);
return -ENOENT;
}
if (IS_RDONLY(dir)) {
iput(dir);
return -EROFS;
}
if ((error = permission(dir,MAY_WRITE | MAY_EXEC)) != 0) {
iput(dir);
return error;
}
if (!dir->i_op || !dir->i_op->mknod) {
iput(dir);
return -EPERM;
}
dir->i_count++;
if (dir->i_sb && dir->i_sb->dq_op)
dir->i_sb->dq_op->initialize(dir, -1);
down(&dir->i_sem);
error = dir->i_op->mknod(dir,basename,namelen,mode,dev);
up(&dir->i_sem);
iput(dir);
return error;
}
asmlinkage int sys_mknod(const char * filename, int mode, dev_t dev)
{
int error;
char * tmp;
if (S_ISDIR(mode) || (!S_ISFIFO(mode) && !fsuser()))
return -EPERM;
switch (mode & S_IFMT) {
case 0:
mode |= S_IFREG;
break;
case S_IFREG: case S_IFCHR: case S_IFBLK: case S_IFIFO: case S_IFSOCK:
break;
default:
return -EINVAL;
}
error = getname(filename,&tmp);
if (!error) {
error = do_mknod(tmp,mode,dev);
putname(tmp);
}
return error;
}
/*
* Some operations need to remove trailing slashes for POSIX.1
* conformance. For rename we also need to change the behaviour
* depending on whether we had a trailing slash or not.. (we
* cannot rename normal files with trailing slashes, only dirs)
*
* "dummy" is used to make sure we don't do "/" -> "".
*/
static int remove_trailing_slashes(char * name)
{
int result;
char dummy[1];
char *remove = dummy+1;
for (;;) {
char c = *name;
name++;
if (!c)
break;
if (c != '/') {
remove = NULL;
continue;
}
if (remove)
continue;
remove = name;
}
result = 0;
if (remove) {
remove[-1] = 0;
result = 1;
}
return result;
}
static int do_mkdir(const char * pathname, int mode)
{
const char * basename;
int namelen, error;
struct inode * dir;
error = dir_namei(pathname, &namelen, &basename, NULL, &dir);
if (error)
return error;
if (!namelen) {
iput(dir);
return -ENOENT;
}
if (IS_RDONLY(dir)) {
iput(dir);
return -EROFS;
}
if ((error = permission(dir,MAY_WRITE | MAY_EXEC)) != 0) {
iput(dir);
return error;
}
if (!dir->i_op || !dir->i_op->mkdir) {
iput(dir);
return -EPERM;
}
dir->i_count++;
if (dir->i_sb && dir->i_sb->dq_op)
dir->i_sb->dq_op->initialize(dir, -1);
down(&dir->i_sem);
error = dir->i_op->mkdir(dir, basename, namelen, mode & 01777 & ~current->fs->umask);
up(&dir->i_sem);
iput(dir);
return error;
}
asmlinkage int sys_mkdir(const char * pathname, int mode)
{
int error;
char * tmp;
error = getname(pathname,&tmp);
if (!error) {
remove_trailing_slashes(tmp);
error = do_mkdir(tmp,mode);
putname(tmp);
}
return error;
}
static int do_rmdir(const char * name)
{
const char * basename;
int namelen, error;
struct inode * dir;
error = dir_namei(name, &namelen, &basename, NULL, &dir);
if (error)
return error;
if (!namelen) {
iput(dir);
return -ENOENT;
}
if (IS_RDONLY(dir)) {
iput(dir);
return -EROFS;
}
if ((error = permission(dir,MAY_WRITE | MAY_EXEC)) != 0) {
iput(dir);
return error;
}
/*
* A subdirectory cannot be removed from an append-only directory
*/
if (IS_APPEND(dir)) {
iput(dir);
return -EPERM;
}
if (!dir->i_op || !dir->i_op->rmdir) {
iput(dir);
return -EPERM;
}
if (dir->i_sb && dir->i_sb->dq_op)
dir->i_sb->dq_op->initialize(dir, -1);
down(&dir->i_sem);
error = dir->i_op->rmdir(dir,basename,namelen);
up(&dir->i_sem);
return error;
}
asmlinkage int sys_rmdir(const char * pathname)
{
int error;
char * tmp;
error = getname(pathname,&tmp);
if (!error) {
remove_trailing_slashes(tmp);
error = do_rmdir(tmp);
putname(tmp);
}
return error;
}
static int do_unlink(const char * name)
{
const char * basename;
int namelen, error;
struct inode * dir;
error = dir_namei(name, &namelen, &basename, NULL, &dir);
if (error)
return error;
if (!namelen) {
iput(dir);
return -EPERM;
}
if (IS_RDONLY(dir)) {
iput(dir);
return -EROFS;
}
if ((error = permission(dir,MAY_WRITE | MAY_EXEC)) != 0) {
iput(dir);
return error;
}
/*
* A file cannot be removed from an append-only directory
*/
if (IS_APPEND(dir)) {
iput(dir);
return -EPERM;
}
if (!dir->i_op || !dir->i_op->unlink) {
iput(dir);
return -EPERM;
}
if (dir->i_sb && dir->i_sb->dq_op)
dir->i_sb->dq_op->initialize(dir, -1);
down(&dir->i_sem);
error = dir->i_op->unlink(dir,basename,namelen);
up(&dir->i_sem);
return error;
}
asmlinkage int sys_unlink(const char * pathname)
{
int error;
char * tmp;
error = getname(pathname,&tmp);
if (!error) {
error = do_unlink(tmp);
putname(tmp);
}
return error;
}
static int do_symlink(const char * oldname, const char * newname)
{
struct inode * dir;
const char * basename;
int namelen, error;
error = dir_namei(newname, &namelen, &basename, NULL, &dir);
if (error)
return error;
if (!namelen) {
iput(dir);
return -ENOENT;
}
if (IS_RDONLY(dir)) {
iput(dir);
return -EROFS;
}
if ((error = permission(dir,MAY_WRITE | MAY_EXEC)) != 0) {
iput(dir);
return error;
}
if (!dir->i_op || !dir->i_op->symlink) {
iput(dir);
return -EPERM;
}
dir->i_count++;
if (dir->i_sb && dir->i_sb->dq_op)
dir->i_sb->dq_op->initialize(dir, -1);
down(&dir->i_sem);
error = dir->i_op->symlink(dir,basename,namelen,oldname);
up(&dir->i_sem);
iput(dir);
return error;
}
asmlinkage int sys_symlink(const char * oldname, const char * newname)
{
int error;
char * from, * to;
error = getname(oldname,&from);
if (!error) {
error = getname(newname,&to);
if (!error) {
error = do_symlink(from,to);
putname(to);
}
putname(from);
}
return error;
}
static int do_link(struct inode * oldinode, const char * newname)
{
struct inode * dir;
const char * basename;
int namelen, error;
error = dir_namei(newname, &namelen, &basename, NULL, &dir);
if (error) {
iput(oldinode);
return error;
}
if (!namelen) {
iput(oldinode);
iput(dir);
return -EPERM;
}
if (IS_RDONLY(dir)) {
iput(oldinode);
iput(dir);
return -EROFS;
}
if (dir->i_dev != oldinode->i_dev) {
iput(dir);
iput(oldinode);
return -EXDEV;
}
if ((error = permission(dir,MAY_WRITE | MAY_EXEC)) != 0) {
iput(dir);
iput(oldinode);
return error;
}
/*
* A link to an append-only or immutable file cannot be created
*/
if (IS_APPEND(oldinode) || IS_IMMUTABLE(oldinode)) {
iput(dir);
iput(oldinode);
return -EPERM;
}
if (!dir->i_op || !dir->i_op->link) {
iput(dir);
iput(oldinode);
return -EPERM;
}
dir->i_count++;
if (dir->i_sb && dir->i_sb->dq_op)
dir->i_sb->dq_op->initialize(dir, -1);
down(&dir->i_sem);
error = dir->i_op->link(oldinode, dir, basename, namelen);
up(&dir->i_sem);
iput(dir);
return error;
}
asmlinkage int sys_link(const char * oldname, const char * newname)
{
int error;
char * to;
struct inode * oldinode;
error = lnamei(oldname, &oldinode);
if (error)
return error;
error = getname(newname,&to);
if (error) {
iput(oldinode);
return error;
}
error = do_link(oldinode,to);
putname(to);
return error;
}
static int do_rename(const char * oldname, const char * newname, int must_be_dir)
{
struct inode * old_dir, * new_dir;
const char * old_base, * new_base;
int old_len, new_len, error;
error = dir_namei(oldname, &old_len, &old_base, NULL, &old_dir);
if (error)
return error;
if ((error = permission(old_dir,MAY_WRITE | MAY_EXEC)) != 0) {
iput(old_dir);
return error;
}
if (!old_len || (old_base[0] == '.' &&
(old_len == 1 || (old_base[1] == '.' &&
old_len == 2)))) {
iput(old_dir);
return -EPERM;
}
error = dir_namei(newname, &new_len, &new_base, NULL, &new_dir);
if (error) {
iput(old_dir);
return error;
}
if ((error = permission(new_dir,MAY_WRITE | MAY_EXEC)) != 0){
iput(old_dir);
iput(new_dir);
return error;
}
if (!new_len || (new_base[0] == '.' &&
(new_len == 1 || (new_base[1] == '.' &&
new_len == 2)))) {
iput(old_dir);
iput(new_dir);
return -EPERM;
}
if (new_dir->i_dev != old_dir->i_dev) {
iput(old_dir);
iput(new_dir);
return -EXDEV;
}
if (IS_RDONLY(new_dir) || IS_RDONLY(old_dir)) {
iput(old_dir);
iput(new_dir);
return -EROFS;
}
/*
* A file cannot be removed from an append-only directory
*/
if (IS_APPEND(old_dir)) {
iput(old_dir);
iput(new_dir);
return -EPERM;
}
if (!old_dir->i_op || !old_dir->i_op->rename) {
iput(old_dir);
iput(new_dir);
return -EPERM;
}
new_dir->i_count++;
if (new_dir->i_sb && new_dir->i_sb->dq_op)
new_dir->i_sb->dq_op->initialize(new_dir, -1);
down(&new_dir->i_sem);
error = old_dir->i_op->rename(old_dir, old_base, old_len,
new_dir, new_base, new_len, must_be_dir);
up(&new_dir->i_sem);
iput(new_dir);
return error;
}
asmlinkage int sys_rename(const char * oldname, const char * newname)
{
int error;
char * from, * to;
error = getname(oldname,&from);
if (!error) {
error = getname(newname,&to);
if (!error) {
error = do_rename(from,to,
remove_trailing_slashes(from) |
remove_trailing_slashes(to));
putname(to);
}
putname(from);
}
return error;
}