diff --git a/fs/namei.c b/fs/namei.c index 5dbc3f836934..8c14353fb750 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1988,18 +1988,28 @@ static int path_lookupat(int dfd, const char *name, return err; } +static int filename_lookup(int dfd, struct filename *name, + unsigned int flags, struct nameidata *nd) +{ + int retval = path_lookupat(dfd, name->name, flags | LOOKUP_RCU, nd); + if (unlikely(retval == -ECHILD)) + retval = path_lookupat(dfd, name->name, flags, nd); + if (unlikely(retval == -ESTALE)) + retval = path_lookupat(dfd, name->name, + flags | LOOKUP_REVAL, nd); + + if (likely(!retval)) + audit_inode(name->name, nd->path.dentry, + flags & LOOKUP_PARENT); + return retval; +} + static int do_path_lookup(int dfd, const char *name, unsigned int flags, struct nameidata *nd) { - int retval = path_lookupat(dfd, name, flags | LOOKUP_RCU, nd); - if (unlikely(retval == -ECHILD)) - retval = path_lookupat(dfd, name, flags, nd); - if (unlikely(retval == -ESTALE)) - retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd); + struct filename filename = { .name = name }; - if (likely(!retval)) - audit_inode(name, nd->path.dentry, flags & LOOKUP_PARENT); - return retval; + return filename_lookup(dfd, &filename, flags, nd); } /* does lookup, returns the object with parent locked */ @@ -2125,7 +2135,7 @@ int user_path_at_empty(int dfd, const char __user *name, unsigned flags, BUG_ON(flags & LOOKUP_PARENT); - err = do_path_lookup(dfd, tmp->name, flags, &nd); + err = filename_lookup(dfd, tmp, flags, &nd); putname(tmp); if (!err) *path = nd.path; @@ -2139,6 +2149,12 @@ int user_path_at(int dfd, const char __user *name, unsigned flags, return user_path_at_empty(dfd, name, flags, path, NULL); } +/* + * NB: most callers don't do anything directly with the reference to the + * to struct filename, but the nd->last pointer points into the name string + * allocated by getname. So we must hold the reference to it until all + * path-walking is complete. + */ static struct filename * user_path_parent(int dfd, const char __user *path, struct nameidata *nd) { @@ -2148,7 +2164,7 @@ user_path_parent(int dfd, const char __user *path, struct nameidata *nd) if (IS_ERR(s)) return s; - error = do_path_lookup(dfd, s->name, LOOKUP_PARENT, nd); + error = filename_lookup(dfd, s, LOOKUP_PARENT, nd); if (error) { putname(s); return ERR_PTR(error);