Blame view
fs/open.c
33.3 KB
457c89965
|
1 |
// SPDX-License-Identifier: GPL-2.0-only |
1da177e4c
|
2 3 4 5 6 7 8 9 |
/* * linux/fs/open.c * * Copyright (C) 1991, 1992 Linus Torvalds */ #include <linux/string.h> #include <linux/mm.h> |
1da177e4c
|
10 |
#include <linux/file.h> |
9f3acc314
|
11 |
#include <linux/fdtable.h> |
0eeca2830
|
12 |
#include <linux/fsnotify.h> |
1da177e4c
|
13 |
#include <linux/module.h> |
1da177e4c
|
14 15 16 |
#include <linux/tty.h> #include <linux/namei.h> #include <linux/backing-dev.h> |
16f7e0fe2
|
17 |
#include <linux/capability.h> |
086f7316f
|
18 |
#include <linux/securebits.h> |
1da177e4c
|
19 20 |
#include <linux/security.h> #include <linux/mount.h> |
5590ff0d5
|
21 |
#include <linux/fcntl.h> |
5a0e3ad6a
|
22 |
#include <linux/slab.h> |
7c0f6ba68
|
23 |
#include <linux/uaccess.h> |
1da177e4c
|
24 |
#include <linux/fs.h> |
ef3daeda7
|
25 |
#include <linux/personality.h> |
1da177e4c
|
26 27 |
#include <linux/pagemap.h> #include <linux/syscalls.h> |
ab2af1f50
|
28 |
#include <linux/rcupdate.h> |
73241ccca
|
29 |
#include <linux/audit.h> |
97ac73506
|
30 |
#include <linux/falloc.h> |
5ad4e53bd
|
31 |
#include <linux/fs_struct.h> |
b65a9cfc2
|
32 |
#include <linux/ima.h> |
2dfc1cae4
|
33 |
#include <linux/dnotify.h> |
3f6d078d4
|
34 |
#include <linux/compat.h> |
1da177e4c
|
35 |
|
e81e3f4dc
|
36 |
#include "internal.h" |
4a30131e7
|
37 38 |
int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, struct file *filp) |
1da177e4c
|
39 |
{ |
939a9421e
|
40 |
int ret; |
1da177e4c
|
41 42 43 44 45 46 47 |
struct iattr newattrs; /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */ if (length < 0) return -EINVAL; newattrs.ia_size = length; |
4a30131e7
|
48 |
newattrs.ia_valid = ATTR_SIZE | time_attrs; |
cc4e69dee
|
49 50 51 52 |
if (filp) { newattrs.ia_file = filp; newattrs.ia_valid |= ATTR_FILE; } |
1da177e4c
|
53 |
|
45f147a1b
|
54 55 56 57 |
/* Remove suid, sgid, and file capabilities on truncate too */ ret = dentry_needs_remove_privs(dentry); if (ret < 0) return ret; |
939a9421e
|
58 59 |
if (ret) newattrs.ia_valid |= ret | ATTR_FORCE; |
7b82dc0e6
|
60 |
|
5955102c9
|
61 |
inode_lock(dentry->d_inode); |
27ac0ffea
|
62 63 |
/* Note any delegations or leases have already been broken: */ ret = notify_change(dentry, &newattrs, NULL); |
5955102c9
|
64 |
inode_unlock(dentry->d_inode); |
939a9421e
|
65 |
return ret; |
1da177e4c
|
66 |
} |
7df818b23
|
67 |
long vfs_truncate(const struct path *path, loff_t length) |
1da177e4c
|
68 |
{ |
2d8f30380
|
69 |
struct inode *inode; |
a02de9608
|
70 |
long error; |
1da177e4c
|
71 |
|
a02de9608
|
72 |
inode = path->dentry->d_inode; |
1da177e4c
|
73 74 |
/* For directories it's -EISDIR, for other non-regulars - -EINVAL */ |
1da177e4c
|
75 |
if (S_ISDIR(inode->i_mode)) |
a02de9608
|
76 |
return -EISDIR; |
1da177e4c
|
77 |
if (!S_ISREG(inode->i_mode)) |
a02de9608
|
78 |
return -EINVAL; |
1da177e4c
|
79 |
|
a02de9608
|
80 |
error = mnt_want_write(path->mnt); |
1da177e4c
|
81 |
if (error) |
a02de9608
|
82 |
goto out; |
1da177e4c
|
83 |
|
256984a83
|
84 |
error = inode_permission(inode, MAY_WRITE); |
9ac9b8474
|
85 86 |
if (error) goto mnt_drop_write_and_out; |
1da177e4c
|
87 88 |
error = -EPERM; |
c82e42da8
|
89 |
if (IS_APPEND(inode)) |
9ac9b8474
|
90 |
goto mnt_drop_write_and_out; |
1da177e4c
|
91 |
|
8cf9ee506
|
92 |
error = get_write_access(inode); |
1da177e4c
|
93 |
if (error) |
9ac9b8474
|
94 |
goto mnt_drop_write_and_out; |
1da177e4c
|
95 |
|
9700382c3
|
96 97 98 99 |
/* * Make sure that there are no leases. get_write_access() protects * against the truncate racing with a lease-granting setlease(). */ |
8737c9305
|
100 |
error = break_lease(inode, O_WRONLY); |
1da177e4c
|
101 |
if (error) |
9700382c3
|
102 |
goto put_write_and_out; |
1da177e4c
|
103 104 |
error = locks_verify_truncate(inode, NULL, length); |
be6d3e56a
|
105 |
if (!error) |
a02de9608
|
106 |
error = security_path_truncate(path); |
907f4554e
|
107 |
if (!error) |
a02de9608
|
108 |
error = do_truncate(path->dentry, length, 0, NULL); |
1da177e4c
|
109 |
|
9700382c3
|
110 |
put_write_and_out: |
8cf9ee506
|
111 |
put_write_access(inode); |
9ac9b8474
|
112 |
mnt_drop_write_and_out: |
a02de9608
|
113 |
mnt_drop_write(path->mnt); |
1da177e4c
|
114 115 116 |
out: return error; } |
a02de9608
|
117 |
EXPORT_SYMBOL_GPL(vfs_truncate); |
df260e21e
|
118 |
long do_sys_truncate(const char __user *pathname, loff_t length) |
a02de9608
|
119 |
{ |
48f7530d3
|
120 |
unsigned int lookup_flags = LOOKUP_FOLLOW; |
a02de9608
|
121 122 123 124 125 |
struct path path; int error; if (length < 0) /* sorry, but loff_t says... */ return -EINVAL; |
48f7530d3
|
126 127 |
retry: error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); |
a02de9608
|
128 129 130 131 |
if (!error) { error = vfs_truncate(&path, length); path_put(&path); } |
48f7530d3
|
132 133 134 135 |
if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; goto retry; } |
a02de9608
|
136 137 |
return error; } |
1da177e4c
|
138 |
|
4fd8da8d6
|
139 |
SYSCALL_DEFINE2(truncate, const char __user *, path, long, length) |
1da177e4c
|
140 |
{ |
4fd8da8d6
|
141 |
return do_sys_truncate(path, length); |
1da177e4c
|
142 |
} |
3f6d078d4
|
143 144 145 146 147 148 |
#ifdef CONFIG_COMPAT COMPAT_SYSCALL_DEFINE2(truncate, const char __user *, path, compat_off_t, length) { return do_sys_truncate(path, length); } #endif |
411d9475c
|
149 |
long do_sys_ftruncate(unsigned int fd, loff_t length, int small) |
1da177e4c
|
150 |
{ |
bf2965d5b
|
151 |
struct inode *inode; |
1da177e4c
|
152 |
struct dentry *dentry; |
2903ff019
|
153 |
struct fd f; |
1da177e4c
|
154 155 156 157 158 159 |
int error; error = -EINVAL; if (length < 0) goto out; error = -EBADF; |
2903ff019
|
160 161 |
f = fdget(fd); if (!f.file) |
1da177e4c
|
162 163 164 |
goto out; /* explicitly opened as large or we are on 64-bit box */ |
2903ff019
|
165 |
if (f.file->f_flags & O_LARGEFILE) |
1da177e4c
|
166 |
small = 0; |
2903ff019
|
167 |
dentry = f.file->f_path.dentry; |
1da177e4c
|
168 169 |
inode = dentry->d_inode; error = -EINVAL; |
2903ff019
|
170 |
if (!S_ISREG(inode->i_mode) || !(f.file->f_mode & FMODE_WRITE)) |
1da177e4c
|
171 172 173 174 175 176 177 178 |
goto out_putf; error = -EINVAL; /* Cannot ftruncate over 2^31 bytes without large file support */ if (small && length > MAX_NON_LFS) goto out_putf; error = -EPERM; |
78757af65
|
179 180 |
/* Check IS_APPEND on real upper inode */ if (IS_APPEND(file_inode(f.file))) |
1da177e4c
|
181 |
goto out_putf; |
14da92001
|
182 |
sb_start_write(inode->i_sb); |
2903ff019
|
183 |
error = locks_verify_truncate(inode, f.file, length); |
1da177e4c
|
184 |
if (!error) |
2903ff019
|
185 |
error = security_path_truncate(&f.file->f_path); |
be6d3e56a
|
186 |
if (!error) |
2903ff019
|
187 |
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file); |
14da92001
|
188 |
sb_end_write(inode->i_sb); |
1da177e4c
|
189 |
out_putf: |
2903ff019
|
190 |
fdput(f); |
1da177e4c
|
191 192 193 |
out: return error; } |
bdc480e3b
|
194 |
SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length) |
1da177e4c
|
195 |
{ |
2cf096668
|
196 |
return do_sys_ftruncate(fd, length, 1); |
1da177e4c
|
197 |
} |
3f6d078d4
|
198 199 200 201 202 203 |
#ifdef CONFIG_COMPAT COMPAT_SYSCALL_DEFINE2(ftruncate, unsigned int, fd, compat_ulong_t, length) { return do_sys_ftruncate(fd, length, 1); } #endif |
1da177e4c
|
204 205 |
/* LFS versions of truncate are only needed on 32 bit machines */ #if BITS_PER_LONG == 32 |
4a0fd5bf0
|
206 |
SYSCALL_DEFINE2(truncate64, const char __user *, path, loff_t, length) |
1da177e4c
|
207 208 209 |
{ return do_sys_truncate(path, length); } |
4a0fd5bf0
|
210 |
SYSCALL_DEFINE2(ftruncate64, unsigned int, fd, loff_t, length) |
1da177e4c
|
211 |
{ |
2cf096668
|
212 |
return do_sys_ftruncate(fd, length, 0); |
1da177e4c
|
213 |
} |
6673e0c3f
|
214 |
#endif /* BITS_PER_LONG == 32 */ |
1da177e4c
|
215 |
|
3e63cbb1e
|
216 |
|
72c72bdf7
|
217 |
int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) |
97ac73506
|
218 |
{ |
496ad9aa8
|
219 |
struct inode *inode = file_inode(file); |
3e63cbb1e
|
220 |
long ret; |
97ac73506
|
221 222 |
if (offset < 0 || len <= 0) |
3e63cbb1e
|
223 |
return -EINVAL; |
97ac73506
|
224 225 |
/* Return error if mode is not supported */ |
dd46c7877
|
226 |
if (mode & ~FALLOC_FL_SUPPORTED_MASK) |
409332b65
|
227 228 229 230 231 |
return -EOPNOTSUPP; /* Punch hole and zero range are mutually exclusive */ if ((mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) == (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) |
79124f18b
|
232 233 234 235 236 |
return -EOPNOTSUPP; /* Punch hole must have keep size set */ if ((mode & FALLOC_FL_PUNCH_HOLE) && !(mode & FALLOC_FL_KEEP_SIZE)) |
3e63cbb1e
|
237 |
return -EOPNOTSUPP; |
97ac73506
|
238 |
|
00f5e6199
|
239 240 241 242 |
/* Collapse range should only be used exclusively. */ if ((mode & FALLOC_FL_COLLAPSE_RANGE) && (mode & ~FALLOC_FL_COLLAPSE_RANGE)) return -EINVAL; |
dd46c7877
|
243 244 245 246 |
/* Insert range should only be used exclusively. */ if ((mode & FALLOC_FL_INSERT_RANGE) && (mode & ~FALLOC_FL_INSERT_RANGE)) return -EINVAL; |
71be6b494
|
247 248 249 250 |
/* Unshare range should only be used with allocate mode. */ if ((mode & FALLOC_FL_UNSHARE_RANGE) && (mode & ~(FALLOC_FL_UNSHARE_RANGE | FALLOC_FL_KEEP_SIZE))) return -EINVAL; |
97ac73506
|
251 |
if (!(file->f_mode & FMODE_WRITE)) |
3e63cbb1e
|
252 |
return -EBADF; |
1ca551c6c
|
253 |
|
00f5e6199
|
254 |
/* |
8fc61d926
|
255 |
* We can only allow pure fallocate on append only files |
00f5e6199
|
256 |
*/ |
8fc61d926
|
257 |
if ((mode & ~FALLOC_FL_KEEP_SIZE) && IS_APPEND(inode)) |
1ca551c6c
|
258 259 260 261 |
return -EPERM; if (IS_IMMUTABLE(inode)) return -EPERM; |
97ac73506
|
262 |
/* |
6d2b6170c
|
263 |
* We cannot allow any fallocate operation on an active swapfile |
0790b31b6
|
264 265 |
*/ if (IS_SWAPFILE(inode)) |
6d2b6170c
|
266 |
return -ETXTBSY; |
0790b31b6
|
267 268 |
/* |
97ac73506
|
269 270 271 272 273 |
* Revalidate the write permissions, in case security policy has * changed since the files were opened. */ ret = security_file_permission(file, MAY_WRITE); if (ret) |
3e63cbb1e
|
274 |
return ret; |
97ac73506
|
275 |
|
97ac73506
|
276 |
if (S_ISFIFO(inode->i_mode)) |
3e63cbb1e
|
277 |
return -ESPIPE; |
97ac73506
|
278 |
|
9e79b1326
|
279 280 281 282 |
if (S_ISDIR(inode->i_mode)) return -EISDIR; if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) |
3e63cbb1e
|
283 |
return -ENODEV; |
97ac73506
|
284 |
|
97ac73506
|
285 286 |
/* Check for wrap through zero too */ if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) |
3e63cbb1e
|
287 |
return -EFBIG; |
97ac73506
|
288 |
|
2fe17c107
|
289 |
if (!file->f_op->fallocate) |
3e63cbb1e
|
290 |
return -EOPNOTSUPP; |
97ac73506
|
291 |
|
bfe219d37
|
292 |
file_start_write(file); |
14da92001
|
293 |
ret = file->f_op->fallocate(file, mode, offset, len); |
820c12d5d
|
294 295 296 297 298 299 300 301 302 303 |
/* * Create inotify and fanotify events. * * To keep the logic simple always create events if fallocate succeeds. * This implies that events are even created if the file size remains * unchanged, e.g. when using flag FALLOC_FL_KEEP_SIZE. */ if (ret == 0) fsnotify_modify(file); |
bfe219d37
|
304 |
file_end_write(file); |
14da92001
|
305 |
return ret; |
3e63cbb1e
|
306 |
} |
72c72bdf7
|
307 |
EXPORT_SYMBOL_GPL(vfs_fallocate); |
3e63cbb1e
|
308 |
|
edf292c76
|
309 |
int ksys_fallocate(int fd, int mode, loff_t offset, loff_t len) |
3e63cbb1e
|
310 |
{ |
2903ff019
|
311 |
struct fd f = fdget(fd); |
3e63cbb1e
|
312 |
int error = -EBADF; |
2903ff019
|
313 |
if (f.file) { |
72c72bdf7
|
314 |
error = vfs_fallocate(f.file, mode, offset, len); |
2903ff019
|
315 |
fdput(f); |
3e63cbb1e
|
316 |
} |
3e63cbb1e
|
317 |
return error; |
97ac73506
|
318 |
} |
3e63cbb1e
|
319 |
|
edf292c76
|
320 321 322 323 |
SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len) { return ksys_fallocate(fd, mode, offset, len); } |
1da177e4c
|
324 325 326 327 328 |
/* * access() needs to use the real uid/gid, not the effective uid/gid. * We do this by temporarily clearing all FS-related capabilities and * switching the fsuid/fsgid around to the real ones. */ |
947045150
|
329 |
static const struct cred *access_override_creds(void) |
1da177e4c
|
330 |
{ |
d84f4f992
|
331 332 |
const struct cred *old_cred; struct cred *override_cred; |
1da177e4c
|
333 |
|
d84f4f992
|
334 335 |
override_cred = prepare_creds(); if (!override_cred) |
947045150
|
336 |
return NULL; |
1da177e4c
|
337 |
|
d84f4f992
|
338 339 |
override_cred->fsuid = override_cred->uid; override_cred->fsgid = override_cred->gid; |
1da177e4c
|
340 |
|
086f7316f
|
341 |
if (!issecure(SECURE_NO_SETUID_FIXUP)) { |
1cdcbec1a
|
342 |
/* Clear the capabilities if we switch to a non-root user */ |
18815a180
|
343 344 |
kuid_t root_uid = make_kuid(override_cred->user_ns, 0); if (!uid_eq(override_cred->uid, root_uid)) |
d84f4f992
|
345 |
cap_clear(override_cred->cap_effective); |
086f7316f
|
346 |
else |
d84f4f992
|
347 348 |
override_cred->cap_effective = override_cred->cap_permitted; |
086f7316f
|
349 |
} |
1da177e4c
|
350 |
|
d7852fbd0
|
351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 |
/* * The new set of credentials can *only* be used in * task-synchronous circumstances, and does not need * RCU freeing, unless somebody then takes a separate * reference to it. * * NOTE! This is _only_ true because this credential * is used purely for override_creds() that installs * it as the subjective cred. Other threads will be * accessing ->real_cred, not the subjective cred. * * If somebody _does_ make a copy of this (using the * 'get_current_cred()' function), that will clear the * non_rcu field, because now that other user may be * expecting RCU freeing. But normal thread-synchronous * cred accesses will keep things non-RCY. */ override_cred->non_rcu = 1; |
d84f4f992
|
369 |
old_cred = override_creds(override_cred); |
947045150
|
370 371 372 373 374 375 |
/* override_cred() gets its own ref */ put_cred(override_cred); return old_cred; } |
eb9d7d390
|
376 |
static long do_faccessat(int dfd, const char __user *filename, int mode, int flags) |
947045150
|
377 378 379 380 381 |
{ struct path path; struct inode *inode; int res; unsigned int lookup_flags = LOOKUP_FOLLOW; |
c8ffd8bcd
|
382 |
const struct cred *old_cred = NULL; |
947045150
|
383 384 385 |
if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ return -EINVAL; |
c8ffd8bcd
|
386 387 388 389 390 391 392 393 394 395 396 397 398 |
if (flags & ~(AT_EACCESS | AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) return -EINVAL; if (flags & AT_SYMLINK_NOFOLLOW) lookup_flags &= ~LOOKUP_FOLLOW; if (flags & AT_EMPTY_PATH) lookup_flags |= LOOKUP_EMPTY; if (!(flags & AT_EACCESS)) { old_cred = access_override_creds(); if (!old_cred) return -ENOMEM; } |
947045150
|
399 |
|
87fa55952
|
400 401 |
retry: res = user_path_at(dfd, filename, lookup_flags, &path); |
6902d925d
|
402 403 |
if (res) goto out; |
63afdfc78
|
404 |
inode = d_backing_inode(path.dentry); |
256984a83
|
405 406 |
if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) { |
30524472c
|
407 408 409 410 411 |
/* * MAY_EXEC on regular files is denied if the fs is mounted * with the "noexec" flag. */ res = -EACCES; |
90f8572b0
|
412 |
if (path_noexec(&path)) |
30524472c
|
413 414 |
goto out_path_release; } |
256984a83
|
415 |
res = inode_permission(inode, mode | MAY_ACCESS); |
6902d925d
|
416 |
/* SuS v2 requires we report a read only fs too */ |
256984a83
|
417 |
if (res || !(mode & S_IWOTH) || special_file(inode->i_mode)) |
6902d925d
|
418 |
goto out_path_release; |
2f676cbc0
|
419 420 421 422 423 424 425 426 427 428 |
/* * This is a rare case where using __mnt_is_readonly() * is OK without a mnt_want/drop_write() pair. Since * no actual write to the fs is performed here, we do * not need to telegraph to that to anyone. * * By doing this, we accept that this access is * inherently racy and know that the fs may change * state before we even see this result. */ |
2d8f30380
|
429 |
if (__mnt_is_readonly(path.mnt)) |
6902d925d
|
430 |
res = -EROFS; |
1da177e4c
|
431 |
|
6902d925d
|
432 |
out_path_release: |
2d8f30380
|
433 |
path_put(&path); |
87fa55952
|
434 435 436 437 |
if (retry_estale(res, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; goto retry; } |
6902d925d
|
438 |
out: |
c8ffd8bcd
|
439 440 |
if (old_cred) revert_creds(old_cred); |
1da177e4c
|
441 442 |
return res; } |
cbfe20f56
|
443 444 |
SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) { |
c8ffd8bcd
|
445 446 447 448 449 450 451 |
return do_faccessat(dfd, filename, mode, 0); } SYSCALL_DEFINE4(faccessat2, int, dfd, const char __user *, filename, int, mode, int, flags) { return do_faccessat(dfd, filename, mode, flags); |
cbfe20f56
|
452 |
} |
ca013e945
|
453 |
SYSCALL_DEFINE2(access, const char __user *, filename, int, mode) |
5590ff0d5
|
454 |
{ |
c8ffd8bcd
|
455 |
return do_faccessat(AT_FDCWD, filename, mode, 0); |
5590ff0d5
|
456 |
} |
db63f1e31
|
457 |
SYSCALL_DEFINE1(chdir, const char __user *, filename) |
1da177e4c
|
458 |
{ |
2d8f30380
|
459 |
struct path path; |
1da177e4c
|
460 |
int error; |
0291c0a55
|
461 462 463 |
unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY; retry: error = user_path_at(AT_FDCWD, filename, lookup_flags, &path); |
1da177e4c
|
464 465 |
if (error) goto out; |
9cfcac810
|
466 |
error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR); |
1da177e4c
|
467 468 |
if (error) goto dput_and_out; |
2d8f30380
|
469 |
set_fs_pwd(current->fs, &path); |
1da177e4c
|
470 471 |
dput_and_out: |
2d8f30380
|
472 |
path_put(&path); |
0291c0a55
|
473 474 475 476 |
if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; goto retry; } |
1da177e4c
|
477 478 479 |
out: return error; } |
3cdad4288
|
480 |
SYSCALL_DEFINE1(fchdir, unsigned int, fd) |
1da177e4c
|
481 |
{ |
2903ff019
|
482 |
struct fd f = fdget_raw(fd); |
159b09562
|
483 |
int error; |
1da177e4c
|
484 485 |
error = -EBADF; |
2903ff019
|
486 |
if (!f.file) |
1da177e4c
|
487 |
goto out; |
1da177e4c
|
488 |
error = -ENOTDIR; |
159b09562
|
489 |
if (!d_can_lookup(f.file->f_path.dentry)) |
1da177e4c
|
490 |
goto out_putf; |
159b09562
|
491 |
error = inode_permission(file_inode(f.file), MAY_EXEC | MAY_CHDIR); |
1da177e4c
|
492 |
if (!error) |
2903ff019
|
493 |
set_fs_pwd(current->fs, &f.file->f_path); |
1da177e4c
|
494 |
out_putf: |
2903ff019
|
495 |
fdput(f); |
1da177e4c
|
496 497 498 |
out: return error; } |
4b7ca5014
|
499 |
SYSCALL_DEFINE1(chroot, const char __user *, filename) |
1da177e4c
|
500 |
{ |
2d8f30380
|
501 |
struct path path; |
1da177e4c
|
502 |
int error; |
2771261ec
|
503 504 505 |
unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY; retry: error = user_path_at(AT_FDCWD, filename, lookup_flags, &path); |
1da177e4c
|
506 507 |
if (error) goto out; |
9cfcac810
|
508 |
error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR); |
1da177e4c
|
509 510 511 512 |
if (error) goto dput_and_out; error = -EPERM; |
c7b96acf1
|
513 |
if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT)) |
1da177e4c
|
514 |
goto dput_and_out; |
8b8efb440
|
515 516 517 |
error = security_path_chroot(&path); if (error) goto dput_and_out; |
1da177e4c
|
518 |
|
2d8f30380
|
519 |
set_fs_root(current->fs, &path); |
1da177e4c
|
520 521 |
error = 0; dput_and_out: |
2d8f30380
|
522 |
path_put(&path); |
2771261ec
|
523 524 525 526 |
if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; goto retry; } |
1da177e4c
|
527 528 529 |
out: return error; } |
1097742ef
|
530 |
int chmod_common(const struct path *path, umode_t mode) |
1da177e4c
|
531 |
{ |
e57712ebe
|
532 |
struct inode *inode = path->dentry->d_inode; |
27ac0ffea
|
533 |
struct inode *delegated_inode = NULL; |
1da177e4c
|
534 |
struct iattr newattrs; |
e57712ebe
|
535 |
int error; |
1da177e4c
|
536 |
|
e57712ebe
|
537 538 539 |
error = mnt_want_write(path->mnt); if (error) return error; |
27ac0ffea
|
540 |
retry_deleg: |
5955102c9
|
541 |
inode_lock(inode); |
cdcf116d4
|
542 |
error = security_path_chmod(path, mode); |
e57712ebe
|
543 |
if (error) |
fe542cf59
|
544 |
goto out_unlock; |
1da177e4c
|
545 546 |
newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; |
27ac0ffea
|
547 |
error = notify_change(path->dentry, &newattrs, &delegated_inode); |
fe542cf59
|
548 |
out_unlock: |
5955102c9
|
549 |
inode_unlock(inode); |
27ac0ffea
|
550 551 552 553 554 |
if (delegated_inode) { error = break_deleg_wait(&delegated_inode); if (!error) goto retry_deleg; } |
e57712ebe
|
555 556 557 |
mnt_drop_write(path->mnt); return error; } |
9e96c8c0e
|
558 559 560 561 562 |
int vfs_fchmod(struct file *file, umode_t mode) { audit_file(file); return chmod_common(&file->f_path, mode); } |
b25ba7c3c
|
563 |
SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode) |
e57712ebe
|
564 |
{ |
173c84012
|
565 |
struct fd f = fdget(fd); |
e57712ebe
|
566 |
int err = -EBADF; |
173c84012
|
567 |
if (f.file) { |
9e96c8c0e
|
568 |
err = vfs_fchmod(f.file, mode); |
173c84012
|
569 |
fdput(f); |
e57712ebe
|
570 |
} |
1da177e4c
|
571 572 |
return err; } |
1097742ef
|
573 |
static int do_fchmodat(int dfd, const char __user *filename, umode_t mode) |
1da177e4c
|
574 |
{ |
2d8f30380
|
575 |
struct path path; |
1da177e4c
|
576 |
int error; |
14ff690c0
|
577 578 579 |
unsigned int lookup_flags = LOOKUP_FOLLOW; retry: error = user_path_at(dfd, filename, lookup_flags, &path); |
e57712ebe
|
580 581 582 |
if (!error) { error = chmod_common(&path, mode); path_put(&path); |
14ff690c0
|
583 584 585 586 |
if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; goto retry; } |
e57712ebe
|
587 |
} |
1da177e4c
|
588 589 |
return error; } |
03450e271
|
590 591 592 593 594 |
SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename, umode_t, mode) { return do_fchmodat(dfd, filename, mode); } |
49f0a0767
|
595 |
SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode) |
5590ff0d5
|
596 |
{ |
03450e271
|
597 |
return do_fchmodat(AT_FDCWD, filename, mode); |
5590ff0d5
|
598 |
} |
b873498f9
|
599 |
int chown_common(const struct path *path, uid_t user, gid_t group) |
1da177e4c
|
600 |
{ |
fe542cf59
|
601 |
struct inode *inode = path->dentry->d_inode; |
27ac0ffea
|
602 |
struct inode *delegated_inode = NULL; |
1da177e4c
|
603 604 |
int error; struct iattr newattrs; |
52137abe1
|
605 606 607 608 609 |
kuid_t uid; kgid_t gid; uid = make_kuid(current_user_ns(), user); gid = make_kgid(current_user_ns(), group); |
1da177e4c
|
610 |
|
c1b8940b4
|
611 |
retry_deleg: |
1da177e4c
|
612 613 |
newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { |
52137abe1
|
614 615 |
if (!uid_valid(uid)) return -EINVAL; |
1da177e4c
|
616 |
newattrs.ia_valid |= ATTR_UID; |
52137abe1
|
617 |
newattrs.ia_uid = uid; |
1da177e4c
|
618 619 |
} if (group != (gid_t) -1) { |
52137abe1
|
620 621 |
if (!gid_valid(gid)) return -EINVAL; |
1da177e4c
|
622 |
newattrs.ia_valid |= ATTR_GID; |
52137abe1
|
623 |
newattrs.ia_gid = gid; |
1da177e4c
|
624 625 |
} if (!S_ISDIR(inode->i_mode)) |
b53767719
|
626 627 |
newattrs.ia_valid |= ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV; |
5955102c9
|
628 |
inode_lock(inode); |
d2b31ca64
|
629 |
error = security_path_chown(path, uid, gid); |
fe542cf59
|
630 |
if (!error) |
27ac0ffea
|
631 |
error = notify_change(path->dentry, &newattrs, &delegated_inode); |
5955102c9
|
632 |
inode_unlock(inode); |
27ac0ffea
|
633 634 635 636 637 |
if (delegated_inode) { error = break_deleg_wait(&delegated_inode); if (!error) goto retry_deleg; } |
1da177e4c
|
638 639 |
return error; } |
55731b3cd
|
640 641 |
int do_fchownat(int dfd, const char __user *filename, uid_t user, gid_t group, int flag) |
5590ff0d5
|
642 |
{ |
2d8f30380
|
643 |
struct path path; |
5590ff0d5
|
644 |
int error = -EINVAL; |
65cfc6722
|
645 |
int lookup_flags; |
5590ff0d5
|
646 |
|
65cfc6722
|
647 |
if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) |
5590ff0d5
|
648 |
goto out; |
65cfc6722
|
649 650 651 |
lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; if (flag & AT_EMPTY_PATH) lookup_flags |= LOOKUP_EMPTY; |
99a5df37a
|
652 |
retry: |
65cfc6722
|
653 |
error = user_path_at(dfd, filename, lookup_flags, &path); |
6902d925d
|
654 655 |
if (error) goto out; |
2d8f30380
|
656 |
error = mnt_want_write(path.mnt); |
2af482a7e
|
657 658 |
if (error) goto out_release; |
fe542cf59
|
659 |
error = chown_common(&path, user, group); |
2d8f30380
|
660 |
mnt_drop_write(path.mnt); |
2af482a7e
|
661 |
out_release: |
2d8f30380
|
662 |
path_put(&path); |
99a5df37a
|
663 664 665 666 |
if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; goto retry; } |
5590ff0d5
|
667 668 669 |
out: return error; } |
55731b3cd
|
670 671 672 673 674 |
SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user, gid_t, group, int, flag) { return do_fchownat(dfd, filename, user, group, flag); } |
55e4def0a
|
675 |
SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group) |
1da177e4c
|
676 |
{ |
55731b3cd
|
677 |
return do_fchownat(AT_FDCWD, filename, user, group, 0); |
55e4def0a
|
678 |
} |
1da177e4c
|
679 |
|
55e4def0a
|
680 681 |
SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group) { |
55731b3cd
|
682 683 |
return do_fchownat(AT_FDCWD, filename, user, group, AT_SYMLINK_NOFOLLOW); |
1da177e4c
|
684 |
} |
c04011fe8
|
685 686 687 688 689 690 691 692 693 694 695 696 |
int vfs_fchown(struct file *file, uid_t user, gid_t group) { int error; error = mnt_want_write_file(file); if (error) return error; audit_file(file); error = chown_common(&file->f_path, user, group); mnt_drop_write_file(file); return error; } |
55731b3cd
|
697 |
int ksys_fchown(unsigned int fd, uid_t user, gid_t group) |
1da177e4c
|
698 |
{ |
2903ff019
|
699 |
struct fd f = fdget(fd); |
1da177e4c
|
700 |
int error = -EBADF; |
c04011fe8
|
701 702 703 704 |
if (f.file) { error = vfs_fchown(f.file, user, group); fdput(f); } |
1da177e4c
|
705 706 |
return error; } |
55731b3cd
|
707 708 709 710 |
SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group) { return ksys_fchown(fd, user, group); } |
02e5180d9
|
711 |
static int do_dentry_open(struct file *f, |
4bacc9c92
|
712 |
struct inode *inode, |
ae2bb293a
|
713 |
int (*open)(struct inode *, struct file *)) |
1da177e4c
|
714 |
{ |
1abf0c718
|
715 |
static const struct file_operations empty_fops = {}; |
1da177e4c
|
716 |
int error; |
b5bcdda32
|
717 |
path_get(&f->f_path); |
4bacc9c92
|
718 |
f->f_inode = inode; |
1da177e4c
|
719 |
f->f_mapping = inode->i_mapping; |
5660e13d2
|
720 |
f->f_wb_err = filemap_sample_wb_err(f->f_mapping); |
735e4ae5b
|
721 |
f->f_sb_err = file_sample_sb_err(f); |
5660e13d2
|
722 |
|
3f4d5a000
|
723 |
if (unlikely(f->f_flags & O_PATH)) { |
f5d11409e
|
724 |
f->f_mode = FMODE_PATH | FMODE_OPENED; |
1abf0c718
|
725 |
f->f_op = &empty_fops; |
af04fadca
|
726 |
return 0; |
1abf0c718
|
727 |
} |
dd20908a8
|
728 |
if (f->f_mode & FMODE_WRITE && !special_file(inode->i_mode)) { |
0ccb28634
|
729 |
error = get_write_access(inode); |
3f4d5a000
|
730 |
if (unlikely(error)) |
1da177e4c
|
731 |
goto cleanup_file; |
0ccb28634
|
732 |
error = __mnt_want_write(f->f_path.mnt); |
3f4d5a000
|
733 |
if (unlikely(error)) { |
0ccb28634
|
734 735 736 |
put_write_access(inode); goto cleanup_file; } |
83f936c75
|
737 |
f->f_mode |= FMODE_WRITER; |
1da177e4c
|
738 |
} |
2be7d348f
|
739 740 741 |
/* POSIX.1-2008/SUSv4 Section XSI 2.9.7 */ if (S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode)) f->f_mode |= FMODE_ATOMIC_POS; |
1abf0c718
|
742 |
f->f_op = fops_get(inode->i_fop); |
7159d5441
|
743 |
if (WARN_ON(!f->f_op)) { |
72c2d5319
|
744 745 746 |
error = -ENODEV; goto cleanup_all; } |
1abf0c718
|
747 |
|
e3f20ae21
|
748 |
error = security_file_open(f); |
788e7dd4c
|
749 750 |
if (error) goto cleanup_all; |
c568d6834
|
751 |
error = break_lease(locks_inode(f), f->f_flags); |
f3c7691e8
|
752 753 |
if (error) goto cleanup_all; |
ea73ea727
|
754 755 |
/* normally all 3 are set; ->open() can clear them if needed */ f->f_mode |= FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE; |
72c2d5319
|
756 |
if (!open) |
834f2a4a1
|
757 758 759 |
open = f->f_op->open; if (open) { error = open(inode, f); |
1da177e4c
|
760 761 762 |
if (error) goto cleanup_all; } |
f5d11409e
|
763 |
f->f_mode |= FMODE_OPENED; |
890275b5e
|
764 765 |
if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) i_readcount_inc(inode); |
293bc9822
|
766 |
if ((f->f_mode & FMODE_READ) && |
843631820
|
767 |
likely(f->f_op->read || f->f_op->read_iter)) |
7f7f25e82
|
768 |
f->f_mode |= FMODE_CAN_READ; |
293bc9822
|
769 |
if ((f->f_mode & FMODE_WRITE) && |
843631820
|
770 |
likely(f->f_op->write || f->f_op->write_iter)) |
7f7f25e82
|
771 |
f->f_mode |= FMODE_CAN_WRITE; |
834f2a4a1
|
772 |
|
c75b1d942
|
773 |
f->f_write_hint = WRITE_LIFE_NOT_SET; |
1da177e4c
|
774 775 776 |
f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping); |
af04fadca
|
777 |
|
69527c554
|
778 779 780 781 782 |
/* NB: we're sure to have correct a_ops only after f_op->open */ if (f->f_flags & O_DIRECT) { if (!f->f_mapping->a_ops || !f->f_mapping->a_ops->direct_IO) return -EINVAL; } |
09d91cda0
|
783 784 785 786 787 788 789 |
/* * XXX: Huge page cache doesn't support writing yet. Drop all page * cache for this file before processing writes. */ if ((f->f_mode & FMODE_WRITE) && filemap_nr_thps(inode->i_mapping)) truncate_pagecache(inode, 0); |
96b7e579a
|
790 |
return 0; |
1da177e4c
|
791 792 |
cleanup_all: |
6b4e8085c
|
793 794 |
if (WARN_ON_ONCE(error > 0)) error = -EINVAL; |
1da177e4c
|
795 |
fops_put(f->f_op); |
83f936c75
|
796 |
if (f->f_mode & FMODE_WRITER) { |
1da177e4c
|
797 |
put_write_access(inode); |
83f936c75
|
798 |
__mnt_drop_write(f->f_path.mnt); |
4a3fd211c
|
799 |
} |
1da177e4c
|
800 |
cleanup_file: |
02e5180d9
|
801 802 803 |
path_put(&f->f_path); f->f_path.mnt = NULL; f->f_path.dentry = NULL; |
dd37978c5
|
804 |
f->f_inode = NULL; |
96b7e579a
|
805 |
return error; |
1da177e4c
|
806 |
} |
834f2a4a1
|
807 |
/** |
d18e9008c
|
808 |
* finish_open - finish opening a file |
0854d450e
|
809 |
* @file: file pointer |
d18e9008c
|
810 811 |
* @dentry: pointer to dentry * @open: open callback |
0854d450e
|
812 |
* @opened: state of open |
d18e9008c
|
813 814 815 816 817 |
* * This can be used to finish opening a file passed to i_op->atomic_open(). * * If the open callback is set to NULL, then the standard f_op->open() * filesystem callback is substituted. |
0854d450e
|
818 819 820 821 822 |
* * NB: the dentry reference is _not_ consumed. If, for example, the dentry is * the return value of d_splice_alias(), then the caller needs to perform dput() * on it after finish_open(). * |
0854d450e
|
823 |
* Returns zero on success or -errno if the open failed. |
d18e9008c
|
824 |
*/ |
30d904947
|
825 |
int finish_open(struct file *file, struct dentry *dentry, |
be12af3ef
|
826 |
int (*open)(struct inode *, struct file *)) |
d18e9008c
|
827 |
{ |
aad888f82
|
828 |
BUG_ON(file->f_mode & FMODE_OPENED); /* once it's opened, it's opened */ |
d18e9008c
|
829 |
|
b5bcdda32
|
830 |
file->f_path.dentry = dentry; |
aad888f82
|
831 |
return do_dentry_open(file, d_backing_inode(dentry), open); |
d18e9008c
|
832 833 834 835 836 837 |
} EXPORT_SYMBOL(finish_open); /** * finish_no_open - finish ->atomic_open() without opening the file * |
0854d450e
|
838 |
* @file: file pointer |
d18e9008c
|
839 840 841 |
* @dentry: dentry or NULL (as returned from ->lookup()) * * This can be used to set the result of a successful lookup in ->atomic_open(). |
0854d450e
|
842 843 844 845 |
* * NB: unlike finish_open() this function does consume the dentry reference and * the caller need not dput() it. * |
64e1ac4d4
|
846 |
* Returns "0" which must be the return value of ->atomic_open() after having |
0854d450e
|
847 |
* called this function. |
d18e9008c
|
848 |
*/ |
e45198a6a
|
849 |
int finish_no_open(struct file *file, struct dentry *dentry) |
d18e9008c
|
850 |
{ |
30d904947
|
851 |
file->f_path.dentry = dentry; |
64e1ac4d4
|
852 |
return 0; |
d18e9008c
|
853 854 |
} EXPORT_SYMBOL(finish_no_open); |
9bf39ab2a
|
855 856 857 858 859 |
char *file_path(struct file *filp, char *buf, int buflen) { return d_path(&filp->f_path, buf, buflen); } EXPORT_SYMBOL(file_path); |
4bacc9c92
|
860 861 862 863 864 865 |
/** * vfs_open - open the file at the given path * @path: path to open * @file: newly allocated file with f_flag initialized * @cred: credentials to use */ |
ae2bb293a
|
866 |
int vfs_open(const struct path *path, struct file *file) |
4bacc9c92
|
867 |
{ |
54d5ca871
|
868 |
file->f_path = *path; |
a6518f73e
|
869 |
return do_dentry_open(file, d_backing_inode(path->dentry), NULL); |
4bacc9c92
|
870 |
} |
765927b2d
|
871 |
struct file *dentry_open(const struct path *path, int flags, |
745ca2475
|
872 |
const struct cred *cred) |
a1a5b3d93
|
873 874 875 |
{ int error; struct file *f; |
e0e817392
|
876 |
validate_creds(cred); |
c212f9aaf
|
877 |
/* We must always pass in a valid mount pointer. */ |
765927b2d
|
878 |
BUG_ON(!path->mnt); |
322ee5b36
|
879 |
|
ea73ea727
|
880 |
f = alloc_empty_file(flags, cred); |
af04fadca
|
881 |
if (!IS_ERR(f)) { |
ae2bb293a
|
882 |
error = vfs_open(path, f); |
4d27f3266
|
883 884 |
if (error) { fput(f); |
af04fadca
|
885 886 |
f = ERR_PTR(error); } |
2a027e7a1
|
887 888 |
} return f; |
a1a5b3d93
|
889 |
} |
1da177e4c
|
890 |
EXPORT_SYMBOL(dentry_open); |
2abc77af8
|
891 892 893 |
struct file *open_with_fake_path(const struct path *path, int flags, struct inode *inode, const struct cred *cred) { |
d3b1084df
|
894 |
struct file *f = alloc_empty_file_noaccount(flags, cred); |
2abc77af8
|
895 896 897 898 899 900 901 902 903 904 905 906 907 |
if (!IS_ERR(f)) { int error; f->f_path = *path; error = do_dentry_open(f, inode, NULL); if (error) { fput(f); f = ERR_PTR(error); } } return f; } EXPORT_SYMBOL(open_with_fake_path); |
fddb5d430
|
908 909 |
#define WILL_CREATE(flags) (flags & (O_CREAT | __O_TMPFILE)) #define O_PATH_FLAGS (O_DIRECTORY | O_NOFOLLOW | O_PATH | O_CLOEXEC) |
35cb6d54c
|
910 |
inline struct open_how build_open_how(int flags, umode_t mode) |
fddb5d430
|
911 912 913 914 915 916 917 918 919 920 921 922 923 924 |
{ struct open_how how = { .flags = flags & VALID_OPEN_FLAGS, .mode = mode & S_IALLUGO, }; /* O_PATH beats everything else. */ if (how.flags & O_PATH) how.flags &= O_PATH_FLAGS; /* Modes should only be set for create-like flags. */ if (!WILL_CREATE(how.flags)) how.mode = 0; return how; } |
35cb6d54c
|
925 |
inline int build_open_flags(const struct open_how *how, struct open_flags *op) |
47c805dc2
|
926 |
{ |
fddb5d430
|
927 |
int flags = how->flags; |
47c805dc2
|
928 |
int lookup_flags = 0; |
62fb4a155
|
929 |
int acc_mode = ACC_MODE(flags); |
47c805dc2
|
930 |
|
fddb5d430
|
931 932 |
/* Must never be set by userspace */ flags &= ~(FMODE_NONOTIFY | O_CLOEXEC); |
629e014bb
|
933 |
/* |
fddb5d430
|
934 935 936 |
* Older syscalls implicitly clear all of the invalid flags or argument * values before calling build_open_flags(), but openat2(2) checks all * of its arguments. |
629e014bb
|
937 |
*/ |
fddb5d430
|
938 939 940 941 |
if (flags & ~VALID_OPEN_FLAGS) return -EINVAL; if (how->resolve & ~VALID_RESOLVE_FLAGS) return -EINVAL; |
629e014bb
|
942 |
|
aa606ebab
|
943 944 945 |
/* Scoping flags are mutually exclusive. */ if ((how->resolve & RESOLVE_BENEATH) && (how->resolve & RESOLVE_IN_ROOT)) return -EINVAL; |
fddb5d430
|
946 947 948 949 950 951 952 953 |
/* Deal with the mode. */ if (WILL_CREATE(flags)) { if (how->mode & ~S_IALLUGO) return -EINVAL; op->mode = how->mode | S_IFREG; } else { if (how->mode != 0) return -EINVAL; |
e68726ff7
|
954 |
op->mode = 0; |
fddb5d430
|
955 |
} |
47c805dc2
|
956 957 |
/* |
fddb5d430
|
958 959 960 961 |
* In order to ensure programs get explicit errors when trying to use * O_TMPFILE on old kernels, O_TMPFILE is implemented such that it * looks like (O_DIRECTORY|O_RDWR & ~O_CREAT) to old kernels. But we * have to require userspace to explicitly set it. |
47c805dc2
|
962 |
*/ |
bb458c644
|
963 964 |
if (flags & __O_TMPFILE) { if ((flags & O_TMPFILE_MASK) != O_TMPFILE) |
60545d0d4
|
965 |
return -EINVAL; |
ba57ea64c
|
966 967 |
if (!(acc_mode & MAY_WRITE)) return -EINVAL; |
fddb5d430
|
968 969 970 971 972 |
} if (flags & O_PATH) { /* O_PATH only permits certain other flags to be set. */ if (flags & ~O_PATH_FLAGS) return -EINVAL; |
1abf0c718
|
973 |
acc_mode = 0; |
1abf0c718
|
974 |
} |
47c805dc2
|
975 |
|
fddb5d430
|
976 977 978 979 980 981 982 983 |
/* * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only * check for O_DSYNC if the need any syncing at all we enforce it's * always set instead of having to deal with possibly weird behaviour * for malicious applications setting only __O_SYNC. */ if (flags & __O_SYNC) flags |= O_DSYNC; |
1abf0c718
|
984 |
op->open_flag = flags; |
47c805dc2
|
985 986 987 988 989 990 991 992 993 994 995 |
/* O_TRUNC implies we need access checks for write permissions */ if (flags & O_TRUNC) acc_mode |= MAY_WRITE; /* Allow the LSM permission hook to distinguish append access from general write access. */ if (flags & O_APPEND) acc_mode |= MAY_APPEND; op->acc_mode = acc_mode; |
1abf0c718
|
996 |
op->intent = flags & O_PATH ? 0 : LOOKUP_OPEN; |
47c805dc2
|
997 998 |
if (flags & O_CREAT) { op->intent |= LOOKUP_CREATE; |
31d1726d7
|
999 |
if (flags & O_EXCL) { |
47c805dc2
|
1000 |
op->intent |= LOOKUP_EXCL; |
31d1726d7
|
1001 1002 |
flags |= O_NOFOLLOW; } |
47c805dc2
|
1003 1004 1005 1006 1007 1008 |
} if (flags & O_DIRECTORY) lookup_flags |= LOOKUP_DIRECTORY; if (!(flags & O_NOFOLLOW)) lookup_flags |= LOOKUP_FOLLOW; |
fddb5d430
|
1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 |
if (how->resolve & RESOLVE_NO_XDEV) lookup_flags |= LOOKUP_NO_XDEV; if (how->resolve & RESOLVE_NO_MAGICLINKS) lookup_flags |= LOOKUP_NO_MAGICLINKS; if (how->resolve & RESOLVE_NO_SYMLINKS) lookup_flags |= LOOKUP_NO_SYMLINKS; if (how->resolve & RESOLVE_BENEATH) lookup_flags |= LOOKUP_BENEATH; if (how->resolve & RESOLVE_IN_ROOT) lookup_flags |= LOOKUP_IN_ROOT; |
f9652e10c
|
1020 1021 |
op->lookup_flags = lookup_flags; return 0; |
47c805dc2
|
1022 1023 1024 |
} /** |
669abf4e5
|
1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 |
* file_open_name - open file and return file pointer * * @name: struct filename containing path to open * @flags: open flags as per the open(2) second argument * @mode: mode for the new file if O_CREAT is set, else ignored * * This is the helper to open a file from kernelspace if you really * have to. But in generally you should not do this, so please move * along, nothing to see here.. */ struct file *file_open_name(struct filename *name, int flags, umode_t mode) { struct open_flags op; |
fddb5d430
|
1038 1039 1040 1041 1042 |
struct open_how how = build_open_how(flags, mode); int err = build_open_flags(&how, &op); if (err) return ERR_PTR(err); return do_filp_open(AT_FDCWD, name, &op); |
669abf4e5
|
1043 1044 1045 |
} /** |
47c805dc2
|
1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 |
* filp_open - open file and return file pointer * * @filename: path to open * @flags: open flags as per the open(2) second argument * @mode: mode for the new file if O_CREAT is set, else ignored * * This is the helper to open a file from kernelspace if you really * have to. But in generally you should not do this, so please move * along, nothing to see here.. */ |
a218d0fdc
|
1056 |
struct file *filp_open(const char *filename, int flags, umode_t mode) |
47c805dc2
|
1057 |
{ |
516891041
|
1058 1059 1060 1061 1062 1063 1064 1065 |
struct filename *name = getname_kernel(filename); struct file *file = ERR_CAST(name); if (!IS_ERR(name)) { file = file_open_name(name, flags, mode); putname(name); } return file; |
47c805dc2
|
1066 1067 |
} EXPORT_SYMBOL(filp_open); |
73d049a40
|
1068 |
struct file *file_open_root(struct dentry *dentry, struct vfsmount *mnt, |
378c6520e
|
1069 |
const char *filename, int flags, umode_t mode) |
73d049a40
|
1070 1071 |
{ struct open_flags op; |
fddb5d430
|
1072 1073 |
struct open_how how = build_open_how(flags, mode); int err = build_open_flags(&how, &op); |
f9652e10c
|
1074 1075 |
if (err) return ERR_PTR(err); |
f9652e10c
|
1076 |
return do_file_open_root(dentry, mnt, filename, &op); |
73d049a40
|
1077 1078 |
} EXPORT_SYMBOL(file_open_root); |
fddb5d430
|
1079 1080 |
static long do_sys_openat2(int dfd, const char __user *filename, struct open_how *how) |
1da177e4c
|
1081 |
{ |
47c805dc2
|
1082 |
struct open_flags op; |
fddb5d430
|
1083 |
int fd = build_open_flags(how, &op); |
f9652e10c
|
1084 1085 1086 1087 1088 1089 1090 1091 |
struct filename *tmp; if (fd) return fd; tmp = getname(filename); if (IS_ERR(tmp)) return PTR_ERR(tmp); |
fddb5d430
|
1092 |
fd = get_unused_fd_flags(how->flags); |
f9652e10c
|
1093 1094 1095 1096 1097 1098 1099 1100 |
if (fd >= 0) { struct file *f = do_filp_open(dfd, tmp, &op); if (IS_ERR(f)) { put_unused_fd(fd); fd = PTR_ERR(f); } else { fsnotify_open(f); fd_install(fd, f); |
1da177e4c
|
1101 |
} |
1da177e4c
|
1102 |
} |
f9652e10c
|
1103 |
putname(tmp); |
1da177e4c
|
1104 |
return fd; |
1da177e4c
|
1105 |
} |
e922efc34
|
1106 |
|
fddb5d430
|
1107 |
long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) |
e922efc34
|
1108 |
{ |
fddb5d430
|
1109 1110 1111 |
struct open_how how = build_open_how(flags, mode); return do_sys_openat2(dfd, filename, &how); } |
e922efc34
|
1112 |
|
fddb5d430
|
1113 1114 1115 |
SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode) { |
166e07c37
|
1116 1117 1118 |
if (force_o_largefile()) flags |= O_LARGEFILE; return do_sys_open(AT_FDCWD, filename, flags, mode); |
e922efc34
|
1119 |
} |
1da177e4c
|
1120 |
|
6559eed8c
|
1121 |
SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, |
a218d0fdc
|
1122 |
umode_t, mode) |
5590ff0d5
|
1123 1124 1125 |
{ if (force_o_largefile()) flags |= O_LARGEFILE; |
2cf096668
|
1126 |
return do_sys_open(dfd, filename, flags, mode); |
5590ff0d5
|
1127 |
} |
5590ff0d5
|
1128 |
|
fddb5d430
|
1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 |
SYSCALL_DEFINE4(openat2, int, dfd, const char __user *, filename, struct open_how __user *, how, size_t, usize) { int err; struct open_how tmp; BUILD_BUG_ON(sizeof(struct open_how) < OPEN_HOW_SIZE_VER0); BUILD_BUG_ON(sizeof(struct open_how) != OPEN_HOW_SIZE_LATEST); if (unlikely(usize < OPEN_HOW_SIZE_VER0)) return -EINVAL; err = copy_struct_from_user(&tmp, sizeof(tmp), how, usize); if (err) return err; /* O_LARGEFILE is only allowed for non-O_PATH. */ if (!(tmp.flags & O_PATH) && force_o_largefile()) tmp.flags |= O_LARGEFILE; return do_sys_openat2(dfd, filename, &tmp); } |
e35d49f63
|
1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 |
#ifdef CONFIG_COMPAT /* * Exactly like sys_open(), except that it doesn't set the * O_LARGEFILE flag. */ COMPAT_SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode) { return do_sys_open(AT_FDCWD, filename, flags, mode); } /* * Exactly like sys_openat(), except that it doesn't set the * O_LARGEFILE flag. */ COMPAT_SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, umode_t, mode) { return do_sys_open(dfd, filename, flags, mode); } #endif |
1da177e4c
|
1170 1171 1172 1173 1174 1175 |
#ifndef __alpha__ /* * For backward compatibility? Maybe this should be moved * into arch/i386 instead? */ |
a218d0fdc
|
1176 |
SYSCALL_DEFINE2(creat, const char __user *, pathname, umode_t, mode) |
1da177e4c
|
1177 |
{ |
166e07c37
|
1178 |
int flags = O_CREAT | O_WRONLY | O_TRUNC; |
1da177e4c
|
1179 |
|
166e07c37
|
1180 1181 1182 1183 |
if (force_o_largefile()) flags |= O_LARGEFILE; return do_sys_open(AT_FDCWD, pathname, flags, mode); } |
1da177e4c
|
1184 1185 1186 1187 1188 1189 1190 1191 |
#endif /* * "id" is the POSIX thread ID. We use the * files pointer for this.. */ int filp_close(struct file *filp, fl_owner_t id) { |
45778ca81
|
1192 |
int retval = 0; |
1da177e4c
|
1193 1194 1195 1196 |
if (!file_count(filp)) { printk(KERN_ERR "VFS: Close: file count is 0 "); |
45778ca81
|
1197 |
return 0; |
1da177e4c
|
1198 |
} |
72c2d5319
|
1199 |
if (filp->f_op->flush) |
75e1fcc0b
|
1200 |
retval = filp->f_op->flush(filp, id); |
1da177e4c
|
1201 |
|
1abf0c718
|
1202 1203 1204 1205 |
if (likely(!(filp->f_mode & FMODE_PATH))) { dnotify_flush(filp, id); locks_remove_posix(filp, id); } |
1da177e4c
|
1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 |
fput(filp); return retval; } EXPORT_SYMBOL(filp_close); /* * Careful here! We test whether the file pointer is NULL before * releasing the fd. This ensures that one clone task can't release * an fd while another clone is opening it. */ |
ca013e945
|
1217 |
SYSCALL_DEFINE1(close, unsigned int, fd) |
1da177e4c
|
1218 |
{ |
483ce1d4b
|
1219 |
int retval = __close_fd(current->files, fd); |
ee731f4f7
|
1220 1221 1222 1223 1224 1225 1226 1227 1228 |
/* can't restart close syscall because file table entry was cleared */ if (unlikely(retval == -ERESTARTSYS || retval == -ERESTARTNOINTR || retval == -ERESTARTNOHAND || retval == -ERESTART_RESTARTBLOCK)) retval = -EINTR; return retval; |
1da177e4c
|
1229 |
} |
1da177e4c
|
1230 |
|
278a5fbae
|
1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 |
/** * close_range() - Close all file descriptors in a given range. * * @fd: starting file descriptor to close * @max_fd: last file descriptor to close * @flags: reserved for future extensions * * This closes a range of file descriptors. All file descriptors * from @fd up to and including @max_fd are closed. * Currently, errors to close a given file descriptor are ignored. */ SYSCALL_DEFINE3(close_range, unsigned int, fd, unsigned int, max_fd, unsigned int, flags) { |
60997c3d4
|
1245 |
return __close_range(fd, max_fd, flags); |
278a5fbae
|
1246 |
} |
1da177e4c
|
1247 1248 1249 1250 |
/* * This routine simulates a hangup on the tty, to arrange that users * are given clean terminals at login time. */ |
ca013e945
|
1251 |
SYSCALL_DEFINE0(vhangup) |
1da177e4c
|
1252 1253 |
{ if (capable(CAP_SYS_TTY_CONFIG)) { |
2cb5998b5
|
1254 |
tty_vhangup_self(); |
1da177e4c
|
1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 |
return 0; } return -EPERM; } /* * Called when an inode is about to be open. * We use this to disallow opening large files on 32bit systems if * the caller didn't specify O_LARGEFILE. On 64bit systems we force * on this flag in sys_open. */ int generic_file_open(struct inode * inode, struct file * filp) { if (!(filp->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS) |
a9c62a18a
|
1269 |
return -EOVERFLOW; |
1da177e4c
|
1270 1271 1272 1273 1274 1275 1276 |
return 0; } EXPORT_SYMBOL(generic_file_open); /* * This is used by subsystems that don't want seekable |
06b1e104b
|
1277 1278 1279 |
* file descriptors. The function is not supposed to ever fail, the only * reason it returns an 'int' and not 'void' is so that it can be plugged * directly into file_operations structure. |
1da177e4c
|
1280 1281 1282 1283 1284 1285 1286 1287 |
*/ int nonseekable_open(struct inode *inode, struct file *filp) { filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE); return 0; } EXPORT_SYMBOL(nonseekable_open); |
10dce8af3
|
1288 1289 1290 1291 |
/* * stream_open is used by subsystems that want stream-like file descriptors. * Such file descriptors are not seekable and don't have notion of position |
438ab720c
|
1292 1293 1294 |
* (file.f_pos is always 0 and ppos passed to .read()/.write() is always NULL). * Contrary to file descriptors of other regular files, .read() and .write() * can run simultaneously. |
10dce8af3
|
1295 1296 1297 1298 1299 1300 |
* * stream_open never fails and is marked to return int so that it could be * directly used as file_operations.open . */ int stream_open(struct inode *inode, struct file *filp) { |
2be7d348f
|
1301 |
filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE | FMODE_ATOMIC_POS); |
10dce8af3
|
1302 1303 1304 1305 1306 |
filp->f_mode |= FMODE_STREAM; return 0; } EXPORT_SYMBOL(stream_open); |