VFS/audit: introduce kern_path_parent() for audit

audit_alloc_mark() and audit_get_nd() both need to perform a path
lookup getting the parent dentry (which must exist) and the final
target (following a LAST_NORM name) which sometimes doesn't need to
exist.

They don't need the parent to be locked, but use kern_path_locked() or
kern_path_locked_negative() anyway.  This is somewhat misleading to the
casual reader.

This patch introduces a more targeted function, kern_path_parent(),
which returns not holding locks.  On success the "path" will
be set to the parent, which must be found, and the return value is the
dentry of the target, which might be negative.

This will clear the way to rename kern_path_locked() which is
otherwise only used to prepare for removing something.

It also allows us to remove kern_path_locked_negative(), which is
transformed into the new kern_path_parent().

Signed-off-by: NeilBrown <neil@brown.name>
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/namei.c b/fs/namei.c
index 180037b96956a2f3374fbf5483ad740b9e6f8b52..4017bc8641d3b1901ed1ae17968465a750329296 100644 (file)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2781,7 +2781,20 @@ static struct dentry *__kern_path_locked(int dfd, struct filename *name, struct
        return d;
 }
 
-struct dentry *kern_path_locked_negative(const char *name, struct path *path)
+/**
+ * kern_path_parent: lookup path returning parent and target
+ * @name: path name
+ * @path: path to store parent in
+ *
+ * The path @name should end with a normal component, not "." or ".." or "/".
+ * A lookup is performed and if successful the parent information
+ * is store in @parent and the dentry is returned.
+ *
+ * The dentry maybe negative, the parent will be positive.
+ *
+ * Returns:  dentry or error.
+ */
+struct dentry *kern_path_parent(const char *name, struct path *path)
 {
        struct path parent_path __free(path_put) = {};
        struct filename *filename __free(putname) = getname_kernel(name);
@@ -2794,12 +2807,10 @@ struct dentry *kern_path_locked_negative(const char *name, struct path *path)
                return ERR_PTR(error);
        if (unlikely(type != LAST_NORM))
                return ERR_PTR(-EINVAL);
-       inode_lock_nested(parent_path.dentry->d_inode, I_MUTEX_PARENT);
-       d = lookup_one_qstr_excl(&last, parent_path.dentry, LOOKUP_CREATE);
-       if (IS_ERR(d)) {
-               inode_unlock(parent_path.dentry->d_inode);
+
+       d = lookup_noperm_unlocked(&last, parent_path.dentry);
+       if (IS_ERR(d))
                return d;
-       }
        path->dentry = no_free_ptr(parent_path.dentry);
        path->mnt = no_free_ptr(parent_path.mnt);
        return d;

diff --git a/include/linux/namei.h b/include/linux/namei.h
index 551a1a01e5e72e63e404de26c6c19e56acf64a44..1d5038c21c20ae9d36a7c94fcc276e5b4bea1c37 100644 (file)
--- a/include/linux/namei.h
+++ b/include/linux/namei.h
@@ -57,12 +57,12 @@ struct dentry *lookup_one_qstr_excl(const struct qstr *name,
                                    struct dentry *base,
                                    unsigned int flags);
 extern int kern_path(const char *, unsigned, struct path *);
+struct dentry *kern_path_parent(const char *name, struct path *parent);
 
 extern struct dentry *kern_path_create(int, const char *, struct path *, unsigned int);
 extern struct dentry *user_path_create(int, const char __user *, struct path *, unsigned int);
 extern void done_path_create(struct path *, struct dentry *);
 extern struct dentry *kern_path_locked(const char *, struct path *);
-extern struct dentry *kern_path_locked_negative(const char *, struct path *);
 extern struct dentry *user_path_locked_at(int , const char __user *, struct path *);
 int vfs_path_parent_lookup(struct filename *filename, unsigned int flags,
                           struct path *parent, struct qstr *last, int *type,

diff --git a/kernel/audit_fsnotify.c b/kernel/audit_fsnotify.c
index c565fbf66ac8767285b3de2fbd44928aaab59b2b..b92805b317a2d4e293f3dc2b943749fba8105465 100644 (file)
--- a/kernel/audit_fsnotify.c
+++ b/kernel/audit_fsnotify.c
@@ -76,17 +76,18 @@ struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule, char *pa
        struct audit_fsnotify_mark *audit_mark;
        struct path path;
        struct dentry *dentry;
-       struct inode *inode;
        int ret;
 
        if (pathname[0] != '/' || pathname[len-1] == '/')
                return ERR_PTR(-EINVAL);
 
-       dentry = kern_path_locked(pathname, &path);
+       dentry = kern_path_parent(pathname, &path);
        if (IS_ERR(dentry))
                return ERR_CAST(dentry); /* returning an error */
-       inode = path.dentry->d_inode;
-       inode_unlock(inode);
+       if (d_really_is_negative(dentry)) {
+               audit_mark = ERR_PTR(-ENOENT);
+               goto out;
+       }
 
        audit_mark = kzalloc(sizeof(*audit_mark), GFP_KERNEL);
        if (unlikely(!audit_mark)) {
@@ -100,7 +101,7 @@ struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule, char *pa
        audit_update_mark(audit_mark, dentry->d_inode);
        audit_mark->rule = krule;
 
-       ret = fsnotify_add_inode_mark(&audit_mark->mark, inode, 0);
+       ret = fsnotify_add_inode_mark(&audit_mark->mark, path.dentry->d_inode, 0);
        if (ret < 0) {
                audit_mark->path = NULL;
                fsnotify_put_mark(&audit_mark->mark);

diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 0ebbbe37a60f027702741674f50203db7f976379..a700e3c8925ff7d8db2a00303cf32ff5cf07b893 100644 (file)
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -349,7 +349,7 @@ static int audit_get_nd(struct audit_watch *watch, struct path *parent)
 {
        struct dentry *d;
 
-       d = kern_path_locked_negative(watch->path, parent);
+       d = kern_path_parent(watch->path, parent);
        if (IS_ERR(d))
                return PTR_ERR(d);
 
@@ -359,7 +359,6 @@ static int audit_get_nd(struct audit_watch *watch, struct path *parent)
                watch->ino = d_backing_inode(d)->i_ino;
        }
 
-       inode_unlock(d_backing_inode(parent->dentry));
        dput(d);
        return 0;
 }