Merge tag 'for-5.15/io_uring-vfs-2021-08-30' of git://git.kernel.dk/linux-block

		const char __user *const __user *, envp,

		int, flags)

{

	int lookup_flags = (flags & AT_EMPTY_PATH) ? LOOKUP_EMPTY : 0;

	return do_execveat(fd,

			   getname_flags(filename, lookup_flags, NULL),

			   getname_uflags(filename, flags),

			   argv, envp, flags);

}

		       const compat_uptr_t __user *, envp,

		       int,  flags)

{

	int lookup_flags = (flags & AT_EMPTY_PATH) ? LOOKUP_EMPTY : 0;

	return compat_do_execveat(fd,

				  getname_flags(filename, lookup_flags, NULL),

				  getname_uflags(filename, flags),

				  argv, envp, flags);

}

#endif

			   struct path *path, struct path *root);

extern int vfs_path_lookup(struct dentry *, struct vfsmount *,

			   const char *, unsigned int, struct path *);

long do_rmdir(int dfd, struct filename *name);

long do_unlinkat(int dfd, struct filename *name);

int do_rmdir(int dfd, struct filename *name);

int do_unlinkat(int dfd, struct filename *name);

int may_linkat(struct user_namespace *mnt_userns, struct path *link);

int do_renameat2(int olddfd, struct filename *oldname, int newdfd,

		 struct filename *newname, unsigned int flags);

int do_mkdirat(int dfd, struct filename *name, umode_t mode);

int do_symlinkat(struct filename *from, int newdfd, struct filename *to);

int do_linkat(int olddfd, struct filename *old, int newdfd,

			struct filename *new, int flags);

/*

 * namespace.c

	struct filename			*filename;

};

struct io_mkdir {

	struct file			*file;

	int				dfd;

	umode_t				mode;

	struct filename			*filename;

};

struct io_symlink {

	struct file			*file;

	int				new_dfd;

	struct filename			*oldpath;

	struct filename			*newpath;

};

struct io_hardlink {

	struct file			*file;

	int				old_dfd;

	int				new_dfd;

	struct filename			*oldpath;

	struct filename			*newpath;

	int				flags;

};

struct io_completion {

	struct file			*file;

	u32				cflags;

		struct io_shutdown	shutdown;

		struct io_rename	rename;

		struct io_unlink	unlink;

		struct io_mkdir		mkdir;

		struct io_symlink	symlink;

		struct io_hardlink	hardlink;

		/* use only after cleaning per-op data, see io_clean_op() */

		struct io_completion	compl;

	};

	},

	[IORING_OP_RENAMEAT] = {},

	[IORING_OP_UNLINKAT] = {},

	[IORING_OP_MKDIRAT] = {},

	[IORING_OP_SYMLINKAT] = {},

	[IORING_OP_LINKAT] = {},

};

/* requests with any of those set should undergo io_disarm_next() */

	return 0;

}

static int io_mkdirat_prep(struct io_kiocb *req,

			    const struct io_uring_sqe *sqe)

{

	struct io_mkdir *mkd = &req->mkdir;

	const char __user *fname;

	if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))

		return -EINVAL;

	if (sqe->ioprio || sqe->off || sqe->rw_flags || sqe->buf_index ||

	    sqe->splice_fd_in)

		return -EINVAL;

	if (unlikely(req->flags & REQ_F_FIXED_FILE))

		return -EBADF;

	mkd->dfd = READ_ONCE(sqe->fd);

	mkd->mode = READ_ONCE(sqe->len);

	fname = u64_to_user_ptr(READ_ONCE(sqe->addr));

	mkd->filename = getname(fname);

	if (IS_ERR(mkd->filename))

		return PTR_ERR(mkd->filename);

	req->flags |= REQ_F_NEED_CLEANUP;

	return 0;

}

static int io_mkdirat(struct io_kiocb *req, int issue_flags)

{

	struct io_mkdir *mkd = &req->mkdir;

	int ret;

	if (issue_flags & IO_URING_F_NONBLOCK)

		return -EAGAIN;

	ret = do_mkdirat(mkd->dfd, mkd->filename, mkd->mode);

	req->flags &= ~REQ_F_NEED_CLEANUP;

	if (ret < 0)

		req_set_fail(req);

	io_req_complete(req, ret);

	return 0;

}

static int io_symlinkat_prep(struct io_kiocb *req,

			    const struct io_uring_sqe *sqe)

{

	struct io_symlink *sl = &req->symlink;

	const char __user *oldpath, *newpath;

	if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))

		return -EINVAL;

	if (sqe->ioprio || sqe->len || sqe->rw_flags || sqe->buf_index ||

	    sqe->splice_fd_in)

		return -EINVAL;

	if (unlikely(req->flags & REQ_F_FIXED_FILE))

		return -EBADF;

	sl->new_dfd = READ_ONCE(sqe->fd);

	oldpath = u64_to_user_ptr(READ_ONCE(sqe->addr));

	newpath = u64_to_user_ptr(READ_ONCE(sqe->addr2));

	sl->oldpath = getname(oldpath);

	if (IS_ERR(sl->oldpath))

		return PTR_ERR(sl->oldpath);

	sl->newpath = getname(newpath);

	if (IS_ERR(sl->newpath)) {

		putname(sl->oldpath);

		return PTR_ERR(sl->newpath);

	}

	req->flags |= REQ_F_NEED_CLEANUP;

	return 0;

}

static int io_symlinkat(struct io_kiocb *req, int issue_flags)

{

	struct io_symlink *sl = &req->symlink;

	int ret;

	if (issue_flags & IO_URING_F_NONBLOCK)

		return -EAGAIN;

	ret = do_symlinkat(sl->oldpath, sl->new_dfd, sl->newpath);

	req->flags &= ~REQ_F_NEED_CLEANUP;

	if (ret < 0)

		req_set_fail(req);

	io_req_complete(req, ret);

	return 0;

}

static int io_linkat_prep(struct io_kiocb *req,

			    const struct io_uring_sqe *sqe)

{

	struct io_hardlink *lnk = &req->hardlink;

	const char __user *oldf, *newf;

	if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))

		return -EINVAL;

	if (sqe->ioprio || sqe->rw_flags || sqe->buf_index || sqe->splice_fd_in)

		return -EINVAL;

	if (unlikely(req->flags & REQ_F_FIXED_FILE))

		return -EBADF;

	lnk->old_dfd = READ_ONCE(sqe->fd);

	lnk->new_dfd = READ_ONCE(sqe->len);

	oldf = u64_to_user_ptr(READ_ONCE(sqe->addr));

	newf = u64_to_user_ptr(READ_ONCE(sqe->addr2));

	lnk->flags = READ_ONCE(sqe->hardlink_flags);

	lnk->oldpath = getname(oldf);

	if (IS_ERR(lnk->oldpath))

		return PTR_ERR(lnk->oldpath);

	lnk->newpath = getname(newf);

	if (IS_ERR(lnk->newpath)) {

		putname(lnk->oldpath);

		return PTR_ERR(lnk->newpath);

	}

	req->flags |= REQ_F_NEED_CLEANUP;

	return 0;

}

static int io_linkat(struct io_kiocb *req, int issue_flags)

{

	struct io_hardlink *lnk = &req->hardlink;

	int ret;

	if (issue_flags & IO_URING_F_NONBLOCK)

		return -EAGAIN;

	ret = do_linkat(lnk->old_dfd, lnk->oldpath, lnk->new_dfd,

				lnk->newpath, lnk->flags);

	req->flags &= ~REQ_F_NEED_CLEANUP;

	if (ret < 0)

		req_set_fail(req);

	io_req_complete(req, ret);

	return 0;

}

static int io_shutdown_prep(struct io_kiocb *req,

			    const struct io_uring_sqe *sqe)

{

		return io_renameat_prep(req, sqe);

	case IORING_OP_UNLINKAT:

		return io_unlinkat_prep(req, sqe);

	case IORING_OP_MKDIRAT:

		return io_mkdirat_prep(req, sqe);

	case IORING_OP_SYMLINKAT:

		return io_symlinkat_prep(req, sqe);

	case IORING_OP_LINKAT:

		return io_linkat_prep(req, sqe);

	}

	printk_once(KERN_WARNING "io_uring: unhandled opcode %d\n",

		case IORING_OP_UNLINKAT:

			putname(req->unlink.filename);

			break;

		case IORING_OP_MKDIRAT:

			putname(req->mkdir.filename);

			break;

		case IORING_OP_SYMLINKAT:

			putname(req->symlink.oldpath);

			putname(req->symlink.newpath);

			break;

		case IORING_OP_LINKAT:

			putname(req->hardlink.oldpath);

			putname(req->hardlink.newpath);

			break;

		}

	}

	if ((req->flags & REQ_F_POLLED) && req->apoll) {

	case IORING_OP_UNLINKAT:

		ret = io_unlinkat(req, issue_flags);

		break;

	case IORING_OP_MKDIRAT:

		ret = io_mkdirat(req, issue_flags);

		break;

	case IORING_OP_SYMLINKAT:

		ret = io_symlinkat(req, issue_flags);

		break;

	case IORING_OP_LINKAT:

		ret = io_linkat(req, issue_flags);

		break;

	default:

		ret = -EINVAL;

		break;

	return result;

}

struct filename *

getname_uflags(const char __user *filename, int uflags)

{

	int flags = (uflags & AT_EMPTY_PATH) ? LOOKUP_EMPTY : 0;

	return getname_flags(filename, flags, NULL);

}

struct filename *

getname(const char __user * filename)

{

void putname(struct filename *name)

{

	if (IS_ERR_OR_NULL(name))

		return;

	BUG_ON(name->refcnt <= 0);

	if (--name->refcnt > 0)

	return err;

}

int filename_lookup(int dfd, struct filename *name, unsigned flags,

static int __filename_lookup(int dfd, struct filename *name, unsigned flags,

		    struct path *path, struct path *root)

{

	int retval;

		audit_inode(name, path->dentry,

			    flags & LOOKUP_MOUNTPOINT ? AUDIT_INODE_NOEVAL : 0);

	restore_nameidata();

	return retval;

}

int filename_lookup(int dfd, struct filename *name, unsigned flags,

		    struct path *path, struct path *root)

{

	int retval = __filename_lookup(dfd, name, flags, path, root);

	putname(name);

	return retval;

}

	return err;

}

static struct filename *filename_parentat(int dfd, struct filename *name,

static int __filename_parentat(int dfd, struct filename *name,

				unsigned int flags, struct path *parent,

				struct qstr *last, int *type)

{

	struct nameidata nd;

	if (IS_ERR(name))

		return name;

		return PTR_ERR(name);

	set_nameidata(&nd, dfd, name, NULL);

	retval = path_parentat(&nd, flags | LOOKUP_RCU, parent);

	if (unlikely(retval == -ECHILD))

		*last = nd.last;

		*type = nd.last_type;

		audit_inode(name, parent->dentry, AUDIT_INODE_PARENT);

	} else {

		putname(name);

		name = ERR_PTR(retval);

	}

	restore_nameidata();

	return name;

	return retval;

}

static int filename_parentat(int dfd, struct filename *name,

				unsigned int flags, struct path *parent,

				struct qstr *last, int *type)

{

	int retval = __filename_parentat(dfd, name, flags, parent, last, type);

	putname(name);

	return retval;

}

/* does lookup, returns the object with parent locked */

struct dentry *kern_path_locked(const char *name, struct path *path)

{

	struct filename *filename;

	struct dentry *d;

	struct qstr last;

	int type;

	int type, error;

	filename = filename_parentat(AT_FDCWD, getname_kernel(name), 0, path,

	error = filename_parentat(AT_FDCWD, getname_kernel(name), 0, path,

				    &last, &type);

	if (IS_ERR(filename))

		return ERR_CAST(filename);

	if (error)

		return ERR_PTR(error);

	if (unlikely(type != LAST_NORM)) {

		path_put(path);

		putname(filename);

		return ERR_PTR(-EINVAL);

	}

	inode_lock_nested(path->dentry->d_inode, I_MUTEX_PARENT);

		inode_unlock(path->dentry->d_inode);

		path_put(path);

	}

	putname(filename);

	return d;

}

	return file;

}

static struct dentry *filename_create(int dfd, struct filename *name,

static struct dentry *__filename_create(int dfd, struct filename *name,

				struct path *path, unsigned int lookup_flags)

{

	struct dentry *dentry = ERR_PTR(-EEXIST);

	 */

	lookup_flags &= LOOKUP_REVAL;

	name = filename_parentat(dfd, name, lookup_flags, path, &last, &type);

	if (IS_ERR(name))

		return ERR_CAST(name);

	error = __filename_parentat(dfd, name, lookup_flags, path, &last, &type);

	if (error)

		return ERR_PTR(error);

	/*

	 * Yucky last component or no last component at all?

		error = err2;

		goto fail;

	}

	putname(name);

	return dentry;

fail:

	dput(dentry);

		mnt_drop_write(path->mnt);

out:

	path_put(path);

	putname(name);

	return dentry;

}

static inline struct dentry *filename_create(int dfd, struct filename *name,

				struct path *path, unsigned int lookup_flags)

{

	struct dentry *res = __filename_create(dfd, name, path, lookup_flags);

	putname(name);

	return res;

}

struct dentry *kern_path_create(int dfd, const char *pathname,

				struct path *path, unsigned int lookup_flags)

{

	}

}

static long do_mknodat(int dfd, const char __user *filename, umode_t mode,

static int do_mknodat(int dfd, struct filename *name, umode_t mode,

		unsigned int dev)

{

	struct user_namespace *mnt_userns;

	error = may_mknod(mode);

	if (error)

		return error;

		goto out1;

retry:

	dentry = user_path_create(dfd, filename, &path, lookup_flags);

	dentry = __filename_create(dfd, name, &path, lookup_flags);

	error = PTR_ERR(dentry);

	if (IS_ERR(dentry))

		return PTR_ERR(dentry);

		goto out1;

	if (!IS_POSIXACL(path.dentry->d_inode))

		mode &= ~current_umask();

	error = security_path_mknod(&path, dentry, mode, dev);

	if (error)

		goto out;

		goto out2;

	mnt_userns = mnt_user_ns(path.mnt);

	switch (mode & S_IFMT) {

					  dentry, mode, 0);

			break;

	}

out:

out2:

	done_path_create(&path, dentry);

	if (retry_estale(error, lookup_flags)) {

		lookup_flags |= LOOKUP_REVAL;

		goto retry;

	}

out1:

	putname(name);

	return error;

}

SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,

		unsigned int, dev)

{

	return do_mknodat(dfd, filename, mode, dev);

	return do_mknodat(dfd, getname(filename), mode, dev);

}

SYSCALL_DEFINE3(mknod, const char __user *, filename, umode_t, mode, unsigned, dev)

{

	return do_mknodat(AT_FDCWD, filename, mode, dev);

	return do_mknodat(AT_FDCWD, getname(filename), mode, dev);

}

/**

}

EXPORT_SYMBOL(vfs_mkdir);

static long do_mkdirat(int dfd, const char __user *pathname, umode_t mode)

int do_mkdirat(int dfd, struct filename *name, umode_t mode)

{

	struct dentry *dentry;

	struct path path;

	unsigned int lookup_flags = LOOKUP_DIRECTORY;

retry:

	dentry = user_path_create(dfd, pathname, &path, lookup_flags);

	dentry = __filename_create(dfd, name, &path, lookup_flags);

	error = PTR_ERR(dentry);

	if (IS_ERR(dentry))

		return PTR_ERR(dentry);

		goto out_putname;

	if (!IS_POSIXACL(path.dentry->d_inode))

		mode &= ~current_umask();

		lookup_flags |= LOOKUP_REVAL;

		goto retry;

	}

out_putname:

	putname(name);

	return error;

}

SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode)

{

	return do_mkdirat(dfd, pathname, mode);

	return do_mkdirat(dfd, getname(pathname), mode);

}

SYSCALL_DEFINE2(mkdir, const char __user *, pathname, umode_t, mode)

{

	return do_mkdirat(AT_FDCWD, pathname, mode);

	return do_mkdirat(AT_FDCWD, getname(pathname), mode);

}

/**

}

EXPORT_SYMBOL(vfs_rmdir);

long do_rmdir(int dfd, struct filename *name)

int do_rmdir(int dfd, struct filename *name)

{

	struct user_namespace *mnt_userns;

	int error = 0;

	int error;

	struct dentry *dentry;

	struct path path;

	struct qstr last;

	int type;

	unsigned int lookup_flags = 0;

retry:

	name = filename_parentat(dfd, name, lookup_flags,

				&path, &last, &type);

	if (IS_ERR(name))

		return PTR_ERR(name);

	error = __filename_parentat(dfd, name, lookup_flags, &path, &last, &type);

	if (error)

		goto exit1;

	switch (type) {

	case LAST_DOTDOT:

		error = -ENOTEMPTY;

		goto exit1;

		goto exit2;

	case LAST_DOT:

		error = -EINVAL;

		goto exit1;

		goto exit2;

	case LAST_ROOT:

		error = -EBUSY;

		goto exit1;

		goto exit2;

	}

	error = mnt_want_write(path.mnt);

	if (error)