tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / fs / open.c
at v5.3 31 kB view raw
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * linux/fs/open.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8#include <linux/string.h> 9#include <linux/mm.h> 10#include <linux/file.h> 11#include <linux/fdtable.h> 12#include <linux/fsnotify.h> 13#include <linux/module.h> 14#include <linux/tty.h> 15#include <linux/namei.h> 16#include <linux/backing-dev.h> 17#include <linux/capability.h> 18#include <linux/securebits.h> 19#include <linux/security.h> 20#include <linux/mount.h> 21#include <linux/fcntl.h> 22#include <linux/slab.h> 23#include <linux/uaccess.h> 24#include <linux/fs.h> 25#include <linux/personality.h> 26#include <linux/pagemap.h> 27#include <linux/syscalls.h> 28#include <linux/rcupdate.h> 29#include <linux/audit.h> 30#include <linux/falloc.h> 31#include <linux/fs_struct.h> 32#include <linux/ima.h> 33#include <linux/dnotify.h> 34#include <linux/compat.h> 35 36#include "internal.h" 37 38int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, 39 struct file *filp) 40{ 41 int ret; 42 struct iattr newattrs; 43 44 /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */ 45 if (length < 0) 46 return -EINVAL; 47 48 newattrs.ia_size = length; 49 newattrs.ia_valid = ATTR_SIZE | time_attrs; 50 if (filp) { 51 newattrs.ia_file = filp; 52 newattrs.ia_valid |= ATTR_FILE; 53 } 54 55 /* Remove suid, sgid, and file capabilities on truncate too */ 56 ret = dentry_needs_remove_privs(dentry); 57 if (ret < 0) 58 return ret; 59 if (ret) 60 newattrs.ia_valid |= ret | ATTR_FORCE; 61 62 inode_lock(dentry->d_inode); 63 /* Note any delegations or leases have already been broken: */ 64 ret = notify_change(dentry, &newattrs, NULL); 65 inode_unlock(dentry->d_inode); 66 return ret; 67} 68 69long vfs_truncate(const struct path *path, loff_t length) 70{ 71 struct inode *inode; 72 long error; 73 74 inode = path->dentry->d_inode; 75 76 /* For directories it's -EISDIR, for other non-regulars - -EINVAL */ 77 if (S_ISDIR(inode->i_mode)) 78 return -EISDIR; 79 if (!S_ISREG(inode->i_mode)) 80 return -EINVAL; 81 82 error = mnt_want_write(path->mnt); 83 if (error) 84 goto out; 85 86 error = inode_permission(inode, MAY_WRITE); 87 if (error) 88 goto mnt_drop_write_and_out; 89 90 error = -EPERM; 91 if (IS_APPEND(inode)) 92 goto mnt_drop_write_and_out; 93 94 error = get_write_access(inode); 95 if (error) 96 goto mnt_drop_write_and_out; 97 98 /* 99 * Make sure that there are no leases. get_write_access() protects 100 * against the truncate racing with a lease-granting setlease(). 101 */ 102 error = break_lease(inode, O_WRONLY); 103 if (error) 104 goto put_write_and_out; 105 106 error = locks_verify_truncate(inode, NULL, length); 107 if (!error) 108 error = security_path_truncate(path); 109 if (!error) 110 error = do_truncate(path->dentry, length, 0, NULL); 111 112put_write_and_out: 113 put_write_access(inode); 114mnt_drop_write_and_out: 115 mnt_drop_write(path->mnt); 116out: 117 return error; 118} 119EXPORT_SYMBOL_GPL(vfs_truncate); 120 121long do_sys_truncate(const char __user *pathname, loff_t length) 122{ 123 unsigned int lookup_flags = LOOKUP_FOLLOW; 124 struct path path; 125 int error; 126 127 if (length < 0) /* sorry, but loff_t says... */ 128 return -EINVAL; 129 130retry: 131 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 132 if (!error) { 133 error = vfs_truncate(&path, length); 134 path_put(&path); 135 } 136 if (retry_estale(error, lookup_flags)) { 137 lookup_flags |= LOOKUP_REVAL; 138 goto retry; 139 } 140 return error; 141} 142 143SYSCALL_DEFINE2(truncate, const char __user *, path, long, length) 144{ 145 return do_sys_truncate(path, length); 146} 147 148#ifdef CONFIG_COMPAT 149COMPAT_SYSCALL_DEFINE2(truncate, const char __user *, path, compat_off_t, length) 150{ 151 return do_sys_truncate(path, length); 152} 153#endif 154 155long do_sys_ftruncate(unsigned int fd, loff_t length, int small) 156{ 157 struct inode *inode; 158 struct dentry *dentry; 159 struct fd f; 160 int error; 161 162 error = -EINVAL; 163 if (length < 0) 164 goto out; 165 error = -EBADF; 166 f = fdget(fd); 167 if (!f.file) 168 goto out; 169 170 /* explicitly opened as large or we are on 64-bit box */ 171 if (f.file->f_flags & O_LARGEFILE) 172 small = 0; 173 174 dentry = f.file->f_path.dentry; 175 inode = dentry->d_inode; 176 error = -EINVAL; 177 if (!S_ISREG(inode->i_mode) || !(f.file->f_mode & FMODE_WRITE)) 178 goto out_putf; 179 180 error = -EINVAL; 181 /* Cannot ftruncate over 2^31 bytes without large file support */ 182 if (small && length > MAX_NON_LFS) 183 goto out_putf; 184 185 error = -EPERM; 186 /* Check IS_APPEND on real upper inode */ 187 if (IS_APPEND(file_inode(f.file))) 188 goto out_putf; 189 190 sb_start_write(inode->i_sb); 191 error = locks_verify_truncate(inode, f.file, length); 192 if (!error) 193 error = security_path_truncate(&f.file->f_path); 194 if (!error) 195 error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file); 196 sb_end_write(inode->i_sb); 197out_putf: 198 fdput(f); 199out: 200 return error; 201} 202 203SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length) 204{ 205 return do_sys_ftruncate(fd, length, 1); 206} 207 208#ifdef CONFIG_COMPAT 209COMPAT_SYSCALL_DEFINE2(ftruncate, unsigned int, fd, compat_ulong_t, length) 210{ 211 return do_sys_ftruncate(fd, length, 1); 212} 213#endif 214 215/* LFS versions of truncate are only needed on 32 bit machines */ 216#if BITS_PER_LONG == 32 217SYSCALL_DEFINE2(truncate64, const char __user *, path, loff_t, length) 218{ 219 return do_sys_truncate(path, length); 220} 221 222SYSCALL_DEFINE2(ftruncate64, unsigned int, fd, loff_t, length) 223{ 224 return do_sys_ftruncate(fd, length, 0); 225} 226#endif /* BITS_PER_LONG == 32 */ 227 228 229int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) 230{ 231 struct inode *inode = file_inode(file); 232 long ret; 233 234 if (offset < 0 || len <= 0) 235 return -EINVAL; 236 237 /* Return error if mode is not supported */ 238 if (mode & ~FALLOC_FL_SUPPORTED_MASK) 239 return -EOPNOTSUPP; 240 241 /* Punch hole and zero range are mutually exclusive */ 242 if ((mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) == 243 (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) 244 return -EOPNOTSUPP; 245 246 /* Punch hole must have keep size set */ 247 if ((mode & FALLOC_FL_PUNCH_HOLE) && 248 !(mode & FALLOC_FL_KEEP_SIZE)) 249 return -EOPNOTSUPP; 250 251 /* Collapse range should only be used exclusively. */ 252 if ((mode & FALLOC_FL_COLLAPSE_RANGE) && 253 (mode & ~FALLOC_FL_COLLAPSE_RANGE)) 254 return -EINVAL; 255 256 /* Insert range should only be used exclusively. */ 257 if ((mode & FALLOC_FL_INSERT_RANGE) && 258 (mode & ~FALLOC_FL_INSERT_RANGE)) 259 return -EINVAL; 260 261 /* Unshare range should only be used with allocate mode. */ 262 if ((mode & FALLOC_FL_UNSHARE_RANGE) && 263 (mode & ~(FALLOC_FL_UNSHARE_RANGE | FALLOC_FL_KEEP_SIZE))) 264 return -EINVAL; 265 266 if (!(file->f_mode & FMODE_WRITE)) 267 return -EBADF; 268 269 /* 270 * We can only allow pure fallocate on append only files 271 */ 272 if ((mode & ~FALLOC_FL_KEEP_SIZE) && IS_APPEND(inode)) 273 return -EPERM; 274 275 if (IS_IMMUTABLE(inode)) 276 return -EPERM; 277 278 /* 279 * We cannot allow any fallocate operation on an active swapfile 280 */ 281 if (IS_SWAPFILE(inode)) 282 return -ETXTBSY; 283 284 /* 285 * Revalidate the write permissions, in case security policy has 286 * changed since the files were opened. 287 */ 288 ret = security_file_permission(file, MAY_WRITE); 289 if (ret) 290 return ret; 291 292 if (S_ISFIFO(inode->i_mode)) 293 return -ESPIPE; 294 295 if (S_ISDIR(inode->i_mode)) 296 return -EISDIR; 297 298 if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) 299 return -ENODEV; 300 301 /* Check for wrap through zero too */ 302 if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) 303 return -EFBIG; 304 305 if (!file->f_op->fallocate) 306 return -EOPNOTSUPP; 307 308 file_start_write(file); 309 ret = file->f_op->fallocate(file, mode, offset, len); 310 311 /* 312 * Create inotify and fanotify events. 313 * 314 * To keep the logic simple always create events if fallocate succeeds. 315 * This implies that events are even created if the file size remains 316 * unchanged, e.g. when using flag FALLOC_FL_KEEP_SIZE. 317 */ 318 if (ret == 0) 319 fsnotify_modify(file); 320 321 file_end_write(file); 322 return ret; 323} 324EXPORT_SYMBOL_GPL(vfs_fallocate); 325 326int ksys_fallocate(int fd, int mode, loff_t offset, loff_t len) 327{ 328 struct fd f = fdget(fd); 329 int error = -EBADF; 330 331 if (f.file) { 332 error = vfs_fallocate(f.file, mode, offset, len); 333 fdput(f); 334 } 335 return error; 336} 337 338SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len) 339{ 340 return ksys_fallocate(fd, mode, offset, len); 341} 342 343/* 344 * access() needs to use the real uid/gid, not the effective uid/gid. 345 * We do this by temporarily clearing all FS-related capabilities and 346 * switching the fsuid/fsgid around to the real ones. 347 */ 348long do_faccessat(int dfd, const char __user *filename, int mode) 349{ 350 const struct cred *old_cred; 351 struct cred *override_cred; 352 struct path path; 353 struct inode *inode; 354 int res; 355 unsigned int lookup_flags = LOOKUP_FOLLOW; 356 357 if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ 358 return -EINVAL; 359 360 override_cred = prepare_creds(); 361 if (!override_cred) 362 return -ENOMEM; 363 364 override_cred->fsuid = override_cred->uid; 365 override_cred->fsgid = override_cred->gid; 366 367 if (!issecure(SECURE_NO_SETUID_FIXUP)) { 368 /* Clear the capabilities if we switch to a non-root user */ 369 kuid_t root_uid = make_kuid(override_cred->user_ns, 0); 370 if (!uid_eq(override_cred->uid, root_uid)) 371 cap_clear(override_cred->cap_effective); 372 else 373 override_cred->cap_effective = 374 override_cred->cap_permitted; 375 } 376 377 /* 378 * The new set of credentials can *only* be used in 379 * task-synchronous circumstances, and does not need 380 * RCU freeing, unless somebody then takes a separate 381 * reference to it. 382 * 383 * NOTE! This is _only_ true because this credential 384 * is used purely for override_creds() that installs 385 * it as the subjective cred. Other threads will be 386 * accessing ->real_cred, not the subjective cred. 387 * 388 * If somebody _does_ make a copy of this (using the 389 * 'get_current_cred()' function), that will clear the 390 * non_rcu field, because now that other user may be 391 * expecting RCU freeing. But normal thread-synchronous 392 * cred accesses will keep things non-RCY. 393 */ 394 override_cred->non_rcu = 1; 395 396 old_cred = override_creds(override_cred); 397retry: 398 res = user_path_at(dfd, filename, lookup_flags, &path); 399 if (res) 400 goto out; 401 402 inode = d_backing_inode(path.dentry); 403 404 if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) { 405 /* 406 * MAY_EXEC on regular files is denied if the fs is mounted 407 * with the "noexec" flag. 408 */ 409 res = -EACCES; 410 if (path_noexec(&path)) 411 goto out_path_release; 412 } 413 414 res = inode_permission(inode, mode | MAY_ACCESS); 415 /* SuS v2 requires we report a read only fs too */ 416 if (res || !(mode & S_IWOTH) || special_file(inode->i_mode)) 417 goto out_path_release; 418 /* 419 * This is a rare case where using __mnt_is_readonly() 420 * is OK without a mnt_want/drop_write() pair. Since 421 * no actual write to the fs is performed here, we do 422 * not need to telegraph to that to anyone. 423 * 424 * By doing this, we accept that this access is 425 * inherently racy and know that the fs may change 426 * state before we even see this result. 427 */ 428 if (__mnt_is_readonly(path.mnt)) 429 res = -EROFS; 430 431out_path_release: 432 path_put(&path); 433 if (retry_estale(res, lookup_flags)) { 434 lookup_flags |= LOOKUP_REVAL; 435 goto retry; 436 } 437out: 438 revert_creds(old_cred); 439 put_cred(override_cred); 440 return res; 441} 442 443SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) 444{ 445 return do_faccessat(dfd, filename, mode); 446} 447 448SYSCALL_DEFINE2(access, const char __user *, filename, int, mode) 449{ 450 return do_faccessat(AT_FDCWD, filename, mode); 451} 452 453int ksys_chdir(const char __user *filename) 454{ 455 struct path path; 456 int error; 457 unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY; 458retry: 459 error = user_path_at(AT_FDCWD, filename, lookup_flags, &path); 460 if (error) 461 goto out; 462 463 error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR); 464 if (error) 465 goto dput_and_out; 466 467 set_fs_pwd(current->fs, &path); 468 469dput_and_out: 470 path_put(&path); 471 if (retry_estale(error, lookup_flags)) { 472 lookup_flags |= LOOKUP_REVAL; 473 goto retry; 474 } 475out: 476 return error; 477} 478 479SYSCALL_DEFINE1(chdir, const char __user *, filename) 480{ 481 return ksys_chdir(filename); 482} 483 484SYSCALL_DEFINE1(fchdir, unsigned int, fd) 485{ 486 struct fd f = fdget_raw(fd); 487 int error; 488 489 error = -EBADF; 490 if (!f.file) 491 goto out; 492 493 error = -ENOTDIR; 494 if (!d_can_lookup(f.file->f_path.dentry)) 495 goto out_putf; 496 497 error = inode_permission(file_inode(f.file), MAY_EXEC | MAY_CHDIR); 498 if (!error) 499 set_fs_pwd(current->fs, &f.file->f_path); 500out_putf: 501 fdput(f); 502out: 503 return error; 504} 505 506int ksys_chroot(const char __user *filename) 507{ 508 struct path path; 509 int error; 510 unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY; 511retry: 512 error = user_path_at(AT_FDCWD, filename, lookup_flags, &path); 513 if (error) 514 goto out; 515 516 error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR); 517 if (error) 518 goto dput_and_out; 519 520 error = -EPERM; 521 if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT)) 522 goto dput_and_out; 523 error = security_path_chroot(&path); 524 if (error) 525 goto dput_and_out; 526 527 set_fs_root(current->fs, &path); 528 error = 0; 529dput_and_out: 530 path_put(&path); 531 if (retry_estale(error, lookup_flags)) { 532 lookup_flags |= LOOKUP_REVAL; 533 goto retry; 534 } 535out: 536 return error; 537} 538 539SYSCALL_DEFINE1(chroot, const char __user *, filename) 540{ 541 return ksys_chroot(filename); 542} 543 544static int chmod_common(const struct path *path, umode_t mode) 545{ 546 struct inode *inode = path->dentry->d_inode; 547 struct inode *delegated_inode = NULL; 548 struct iattr newattrs; 549 int error; 550 551 error = mnt_want_write(path->mnt); 552 if (error) 553 return error; 554retry_deleg: 555 inode_lock(inode); 556 error = security_path_chmod(path, mode); 557 if (error) 558 goto out_unlock; 559 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); 560 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; 561 error = notify_change(path->dentry, &newattrs, &delegated_inode); 562out_unlock: 563 inode_unlock(inode); 564 if (delegated_inode) { 565 error = break_deleg_wait(&delegated_inode); 566 if (!error) 567 goto retry_deleg; 568 } 569 mnt_drop_write(path->mnt); 570 return error; 571} 572 573int ksys_fchmod(unsigned int fd, umode_t mode) 574{ 575 struct fd f = fdget(fd); 576 int err = -EBADF; 577 578 if (f.file) { 579 audit_file(f.file); 580 err = chmod_common(&f.file->f_path, mode); 581 fdput(f); 582 } 583 return err; 584} 585 586SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode) 587{ 588 return ksys_fchmod(fd, mode); 589} 590 591int do_fchmodat(int dfd, const char __user *filename, umode_t mode) 592{ 593 struct path path; 594 int error; 595 unsigned int lookup_flags = LOOKUP_FOLLOW; 596retry: 597 error = user_path_at(dfd, filename, lookup_flags, &path); 598 if (!error) { 599 error = chmod_common(&path, mode); 600 path_put(&path); 601 if (retry_estale(error, lookup_flags)) { 602 lookup_flags |= LOOKUP_REVAL; 603 goto retry; 604 } 605 } 606 return error; 607} 608 609SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename, 610 umode_t, mode) 611{ 612 return do_fchmodat(dfd, filename, mode); 613} 614 615SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode) 616{ 617 return do_fchmodat(AT_FDCWD, filename, mode); 618} 619 620static int chown_common(const struct path *path, uid_t user, gid_t group) 621{ 622 struct inode *inode = path->dentry->d_inode; 623 struct inode *delegated_inode = NULL; 624 int error; 625 struct iattr newattrs; 626 kuid_t uid; 627 kgid_t gid; 628 629 uid = make_kuid(current_user_ns(), user); 630 gid = make_kgid(current_user_ns(), group); 631 632retry_deleg: 633 newattrs.ia_valid = ATTR_CTIME; 634 if (user != (uid_t) -1) { 635 if (!uid_valid(uid)) 636 return -EINVAL; 637 newattrs.ia_valid |= ATTR_UID; 638 newattrs.ia_uid = uid; 639 } 640 if (group != (gid_t) -1) { 641 if (!gid_valid(gid)) 642 return -EINVAL; 643 newattrs.ia_valid |= ATTR_GID; 644 newattrs.ia_gid = gid; 645 } 646 if (!S_ISDIR(inode->i_mode)) 647 newattrs.ia_valid |= 648 ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV; 649 inode_lock(inode); 650 error = security_path_chown(path, uid, gid); 651 if (!error) 652 error = notify_change(path->dentry, &newattrs, &delegated_inode); 653 inode_unlock(inode); 654 if (delegated_inode) { 655 error = break_deleg_wait(&delegated_inode); 656 if (!error) 657 goto retry_deleg; 658 } 659 return error; 660} 661 662int do_fchownat(int dfd, const char __user *filename, uid_t user, gid_t group, 663 int flag) 664{ 665 struct path path; 666 int error = -EINVAL; 667 int lookup_flags; 668 669 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) 670 goto out; 671 672 lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; 673 if (flag & AT_EMPTY_PATH) 674 lookup_flags |= LOOKUP_EMPTY; 675retry: 676 error = user_path_at(dfd, filename, lookup_flags, &path); 677 if (error) 678 goto out; 679 error = mnt_want_write(path.mnt); 680 if (error) 681 goto out_release; 682 error = chown_common(&path, user, group); 683 mnt_drop_write(path.mnt); 684out_release: 685 path_put(&path); 686 if (retry_estale(error, lookup_flags)) { 687 lookup_flags |= LOOKUP_REVAL; 688 goto retry; 689 } 690out: 691 return error; 692} 693 694SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user, 695 gid_t, group, int, flag) 696{ 697 return do_fchownat(dfd, filename, user, group, flag); 698} 699 700SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group) 701{ 702 return do_fchownat(AT_FDCWD, filename, user, group, 0); 703} 704 705SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group) 706{ 707 return do_fchownat(AT_FDCWD, filename, user, group, 708 AT_SYMLINK_NOFOLLOW); 709} 710 711int ksys_fchown(unsigned int fd, uid_t user, gid_t group) 712{ 713 struct fd f = fdget(fd); 714 int error = -EBADF; 715 716 if (!f.file) 717 goto out; 718 719 error = mnt_want_write_file(f.file); 720 if (error) 721 goto out_fput; 722 audit_file(f.file); 723 error = chown_common(&f.file->f_path, user, group); 724 mnt_drop_write_file(f.file); 725out_fput: 726 fdput(f); 727out: 728 return error; 729} 730 731SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group) 732{ 733 return ksys_fchown(fd, user, group); 734} 735 736static int do_dentry_open(struct file *f, 737 struct inode *inode, 738 int (*open)(struct inode *, struct file *)) 739{ 740 static const struct file_operations empty_fops = {}; 741 int error; 742 743 path_get(&f->f_path); 744 f->f_inode = inode; 745 f->f_mapping = inode->i_mapping; 746 747 /* Ensure that we skip any errors that predate opening of the file */ 748 f->f_wb_err = filemap_sample_wb_err(f->f_mapping); 749 750 if (unlikely(f->f_flags & O_PATH)) { 751 f->f_mode = FMODE_PATH | FMODE_OPENED; 752 f->f_op = &empty_fops; 753 return 0; 754 } 755 756 /* Any file opened for execve()/uselib() has to be a regular file. */ 757 if (unlikely(f->f_flags & FMODE_EXEC && !S_ISREG(inode->i_mode))) { 758 error = -EACCES; 759 goto cleanup_file; 760 } 761 762 if (f->f_mode & FMODE_WRITE && !special_file(inode->i_mode)) { 763 error = get_write_access(inode); 764 if (unlikely(error)) 765 goto cleanup_file; 766 error = __mnt_want_write(f->f_path.mnt); 767 if (unlikely(error)) { 768 put_write_access(inode); 769 goto cleanup_file; 770 } 771 f->f_mode |= FMODE_WRITER; 772 } 773 774 /* POSIX.1-2008/SUSv4 Section XSI 2.9.7 */ 775 if (S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode)) 776 f->f_mode |= FMODE_ATOMIC_POS; 777 778 f->f_op = fops_get(inode->i_fop); 779 if (unlikely(WARN_ON(!f->f_op))) { 780 error = -ENODEV; 781 goto cleanup_all; 782 } 783 784 error = security_file_open(f); 785 if (error) 786 goto cleanup_all; 787 788 error = break_lease(locks_inode(f), f->f_flags); 789 if (error) 790 goto cleanup_all; 791 792 /* normally all 3 are set; ->open() can clear them if needed */ 793 f->f_mode |= FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE; 794 if (!open) 795 open = f->f_op->open; 796 if (open) { 797 error = open(inode, f); 798 if (error) 799 goto cleanup_all; 800 } 801 f->f_mode |= FMODE_OPENED; 802 if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) 803 i_readcount_inc(inode); 804 if ((f->f_mode & FMODE_READ) && 805 likely(f->f_op->read || f->f_op->read_iter)) 806 f->f_mode |= FMODE_CAN_READ; 807 if ((f->f_mode & FMODE_WRITE) && 808 likely(f->f_op->write || f->f_op->write_iter)) 809 f->f_mode |= FMODE_CAN_WRITE; 810 811 f->f_write_hint = WRITE_LIFE_NOT_SET; 812 f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); 813 814 file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping); 815 816 /* NB: we're sure to have correct a_ops only after f_op->open */ 817 if (f->f_flags & O_DIRECT) { 818 if (!f->f_mapping->a_ops || !f->f_mapping->a_ops->direct_IO) 819 return -EINVAL; 820 } 821 return 0; 822 823cleanup_all: 824 if (WARN_ON_ONCE(error > 0)) 825 error = -EINVAL; 826 fops_put(f->f_op); 827 if (f->f_mode & FMODE_WRITER) { 828 put_write_access(inode); 829 __mnt_drop_write(f->f_path.mnt); 830 } 831cleanup_file: 832 path_put(&f->f_path); 833 f->f_path.mnt = NULL; 834 f->f_path.dentry = NULL; 835 f->f_inode = NULL; 836 return error; 837} 838 839/** 840 * finish_open - finish opening a file 841 * @file: file pointer 842 * @dentry: pointer to dentry 843 * @open: open callback 844 * @opened: state of open 845 * 846 * This can be used to finish opening a file passed to i_op->atomic_open(). 847 * 848 * If the open callback is set to NULL, then the standard f_op->open() 849 * filesystem callback is substituted. 850 * 851 * NB: the dentry reference is _not_ consumed. If, for example, the dentry is 852 * the return value of d_splice_alias(), then the caller needs to perform dput() 853 * on it after finish_open(). 854 * 855 * On successful return @file is a fully instantiated open file. After this, if 856 * an error occurs in ->atomic_open(), it needs to clean up with fput(). 857 * 858 * Returns zero on success or -errno if the open failed. 859 */ 860int finish_open(struct file *file, struct dentry *dentry, 861 int (*open)(struct inode *, struct file *)) 862{ 863 BUG_ON(file->f_mode & FMODE_OPENED); /* once it's opened, it's opened */ 864 865 file->f_path.dentry = dentry; 866 return do_dentry_open(file, d_backing_inode(dentry), open); 867} 868EXPORT_SYMBOL(finish_open); 869 870/** 871 * finish_no_open - finish ->atomic_open() without opening the file 872 * 873 * @file: file pointer 874 * @dentry: dentry or NULL (as returned from ->lookup()) 875 * 876 * This can be used to set the result of a successful lookup in ->atomic_open(). 877 * 878 * NB: unlike finish_open() this function does consume the dentry reference and 879 * the caller need not dput() it. 880 * 881 * Returns "0" which must be the return value of ->atomic_open() after having 882 * called this function. 883 */ 884int finish_no_open(struct file *file, struct dentry *dentry) 885{ 886 file->f_path.dentry = dentry; 887 return 0; 888} 889EXPORT_SYMBOL(finish_no_open); 890 891char *file_path(struct file *filp, char *buf, int buflen) 892{ 893 return d_path(&filp->f_path, buf, buflen); 894} 895EXPORT_SYMBOL(file_path); 896 897/** 898 * vfs_open - open the file at the given path 899 * @path: path to open 900 * @file: newly allocated file with f_flag initialized 901 * @cred: credentials to use 902 */ 903int vfs_open(const struct path *path, struct file *file) 904{ 905 file->f_path = *path; 906 return do_dentry_open(file, d_backing_inode(path->dentry), NULL); 907} 908 909struct file *dentry_open(const struct path *path, int flags, 910 const struct cred *cred) 911{ 912 int error; 913 struct file *f; 914 915 validate_creds(cred); 916 917 /* We must always pass in a valid mount pointer. */ 918 BUG_ON(!path->mnt); 919 920 f = alloc_empty_file(flags, cred); 921 if (!IS_ERR(f)) { 922 error = vfs_open(path, f); 923 if (error) { 924 fput(f); 925 f = ERR_PTR(error); 926 } 927 } 928 return f; 929} 930EXPORT_SYMBOL(dentry_open); 931 932struct file *open_with_fake_path(const struct path *path, int flags, 933 struct inode *inode, const struct cred *cred) 934{ 935 struct file *f = alloc_empty_file_noaccount(flags, cred); 936 if (!IS_ERR(f)) { 937 int error; 938 939 f->f_path = *path; 940 error = do_dentry_open(f, inode, NULL); 941 if (error) { 942 fput(f); 943 f = ERR_PTR(error); 944 } 945 } 946 return f; 947} 948EXPORT_SYMBOL(open_with_fake_path); 949 950static inline int build_open_flags(int flags, umode_t mode, struct open_flags *op) 951{ 952 int lookup_flags = 0; 953 int acc_mode = ACC_MODE(flags); 954 955 /* 956 * Clear out all open flags we don't know about so that we don't report 957 * them in fcntl(F_GETFD) or similar interfaces. 958 */ 959 flags &= VALID_OPEN_FLAGS; 960 961 if (flags & (O_CREAT | __O_TMPFILE)) 962 op->mode = (mode & S_IALLUGO) | S_IFREG; 963 else 964 op->mode = 0; 965 966 /* Must never be set by userspace */ 967 flags &= ~FMODE_NONOTIFY & ~O_CLOEXEC; 968 969 /* 970 * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only 971 * check for O_DSYNC if the need any syncing at all we enforce it's 972 * always set instead of having to deal with possibly weird behaviour 973 * for malicious applications setting only __O_SYNC. 974 */ 975 if (flags & __O_SYNC) 976 flags |= O_DSYNC; 977 978 if (flags & __O_TMPFILE) { 979 if ((flags & O_TMPFILE_MASK) != O_TMPFILE) 980 return -EINVAL; 981 if (!(acc_mode & MAY_WRITE)) 982 return -EINVAL; 983 } else if (flags & O_PATH) { 984 /* 985 * If we have O_PATH in the open flag. Then we 986 * cannot have anything other than the below set of flags 987 */ 988 flags &= O_DIRECTORY | O_NOFOLLOW | O_PATH; 989 acc_mode = 0; 990 } 991 992 op->open_flag = flags; 993 994 /* O_TRUNC implies we need access checks for write permissions */ 995 if (flags & O_TRUNC) 996 acc_mode |= MAY_WRITE; 997 998 /* Allow the LSM permission hook to distinguish append 999 access from general write access. */ 1000 if (flags & O_APPEND) 1001 acc_mode |= MAY_APPEND; 1002 1003 op->acc_mode = acc_mode; 1004 1005 op->intent = flags & O_PATH ? 0 : LOOKUP_OPEN; 1006 1007 if (flags & O_CREAT) { 1008 op->intent |= LOOKUP_CREATE; 1009 if (flags & O_EXCL) 1010 op->intent |= LOOKUP_EXCL; 1011 } 1012 1013 if (flags & O_DIRECTORY) 1014 lookup_flags |= LOOKUP_DIRECTORY; 1015 if (!(flags & O_NOFOLLOW)) 1016 lookup_flags |= LOOKUP_FOLLOW; 1017 op->lookup_flags = lookup_flags; 1018 return 0; 1019} 1020 1021/** 1022 * file_open_name - open file and return file pointer 1023 * 1024 * @name: struct filename containing path to open 1025 * @flags: open flags as per the open(2) second argument 1026 * @mode: mode for the new file if O_CREAT is set, else ignored 1027 * 1028 * This is the helper to open a file from kernelspace if you really 1029 * have to. But in generally you should not do this, so please move 1030 * along, nothing to see here.. 1031 */ 1032struct file *file_open_name(struct filename *name, int flags, umode_t mode) 1033{ 1034 struct open_flags op; 1035 int err = build_open_flags(flags, mode, &op); 1036 return err ? ERR_PTR(err) : do_filp_open(AT_FDCWD, name, &op); 1037} 1038 1039/** 1040 * filp_open - open file and return file pointer 1041 * 1042 * @filename: path to open 1043 * @flags: open flags as per the open(2) second argument 1044 * @mode: mode for the new file if O_CREAT is set, else ignored 1045 * 1046 * This is the helper to open a file from kernelspace if you really 1047 * have to. But in generally you should not do this, so please move 1048 * along, nothing to see here.. 1049 */ 1050struct file *filp_open(const char *filename, int flags, umode_t mode) 1051{ 1052 struct filename *name = getname_kernel(filename); 1053 struct file *file = ERR_CAST(name); 1054 1055 if (!IS_ERR(name)) { 1056 file = file_open_name(name, flags, mode); 1057 putname(name); 1058 } 1059 return file; 1060} 1061EXPORT_SYMBOL(filp_open); 1062 1063struct file *file_open_root(struct dentry *dentry, struct vfsmount *mnt, 1064 const char *filename, int flags, umode_t mode) 1065{ 1066 struct open_flags op; 1067 int err = build_open_flags(flags, mode, &op); 1068 if (err) 1069 return ERR_PTR(err); 1070 return do_file_open_root(dentry, mnt, filename, &op); 1071} 1072EXPORT_SYMBOL(file_open_root); 1073 1074long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) 1075{ 1076 struct open_flags op; 1077 int fd = build_open_flags(flags, mode, &op); 1078 struct filename *tmp; 1079 1080 if (fd) 1081 return fd; 1082 1083 tmp = getname(filename); 1084 if (IS_ERR(tmp)) 1085 return PTR_ERR(tmp); 1086 1087 fd = get_unused_fd_flags(flags); 1088 if (fd >= 0) { 1089 struct file *f = do_filp_open(dfd, tmp, &op); 1090 if (IS_ERR(f)) { 1091 put_unused_fd(fd); 1092 fd = PTR_ERR(f); 1093 } else { 1094 fsnotify_open(f); 1095 fd_install(fd, f); 1096 } 1097 } 1098 putname(tmp); 1099 return fd; 1100} 1101 1102SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode) 1103{ 1104 if (force_o_largefile()) 1105 flags |= O_LARGEFILE; 1106 1107 return do_sys_open(AT_FDCWD, filename, flags, mode); 1108} 1109 1110SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, 1111 umode_t, mode) 1112{ 1113 if (force_o_largefile()) 1114 flags |= O_LARGEFILE; 1115 1116 return do_sys_open(dfd, filename, flags, mode); 1117} 1118 1119#ifdef CONFIG_COMPAT 1120/* 1121 * Exactly like sys_open(), except that it doesn't set the 1122 * O_LARGEFILE flag. 1123 */ 1124COMPAT_SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode) 1125{ 1126 return do_sys_open(AT_FDCWD, filename, flags, mode); 1127} 1128 1129/* 1130 * Exactly like sys_openat(), except that it doesn't set the 1131 * O_LARGEFILE flag. 1132 */ 1133COMPAT_SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, umode_t, mode) 1134{ 1135 return do_sys_open(dfd, filename, flags, mode); 1136} 1137#endif 1138 1139#ifndef __alpha__ 1140 1141/* 1142 * For backward compatibility? Maybe this should be moved 1143 * into arch/i386 instead? 1144 */ 1145SYSCALL_DEFINE2(creat, const char __user *, pathname, umode_t, mode) 1146{ 1147 return ksys_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); 1148} 1149 1150#endif 1151 1152/* 1153 * "id" is the POSIX thread ID. We use the 1154 * files pointer for this.. 1155 */ 1156int filp_close(struct file *filp, fl_owner_t id) 1157{ 1158 int retval = 0; 1159 1160 if (!file_count(filp)) { 1161 printk(KERN_ERR "VFS: Close: file count is 0\n"); 1162 return 0; 1163 } 1164 1165 if (filp->f_op->flush) 1166 retval = filp->f_op->flush(filp, id); 1167 1168 if (likely(!(filp->f_mode & FMODE_PATH))) { 1169 dnotify_flush(filp, id); 1170 locks_remove_posix(filp, id); 1171 } 1172 fput(filp); 1173 return retval; 1174} 1175 1176EXPORT_SYMBOL(filp_close); 1177 1178/* 1179 * Careful here! We test whether the file pointer is NULL before 1180 * releasing the fd. This ensures that one clone task can't release 1181 * an fd while another clone is opening it. 1182 */ 1183SYSCALL_DEFINE1(close, unsigned int, fd) 1184{ 1185 int retval = __close_fd(current->files, fd); 1186 1187 /* can't restart close syscall because file table entry was cleared */ 1188 if (unlikely(retval == -ERESTARTSYS || 1189 retval == -ERESTARTNOINTR || 1190 retval == -ERESTARTNOHAND || 1191 retval == -ERESTART_RESTARTBLOCK)) 1192 retval = -EINTR; 1193 1194 return retval; 1195} 1196 1197/* 1198 * This routine simulates a hangup on the tty, to arrange that users 1199 * are given clean terminals at login time. 1200 */ 1201SYSCALL_DEFINE0(vhangup) 1202{ 1203 if (capable(CAP_SYS_TTY_CONFIG)) { 1204 tty_vhangup_self(); 1205 return 0; 1206 } 1207 return -EPERM; 1208} 1209 1210/* 1211 * Called when an inode is about to be open. 1212 * We use this to disallow opening large files on 32bit systems if 1213 * the caller didn't specify O_LARGEFILE. On 64bit systems we force 1214 * on this flag in sys_open. 1215 */ 1216int generic_file_open(struct inode * inode, struct file * filp) 1217{ 1218 if (!(filp->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS) 1219 return -EOVERFLOW; 1220 return 0; 1221} 1222 1223EXPORT_SYMBOL(generic_file_open); 1224 1225/* 1226 * This is used by subsystems that don't want seekable 1227 * file descriptors. The function is not supposed to ever fail, the only 1228 * reason it returns an 'int' and not 'void' is so that it can be plugged 1229 * directly into file_operations structure. 1230 */ 1231int nonseekable_open(struct inode *inode, struct file *filp) 1232{ 1233 filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE); 1234 return 0; 1235} 1236 1237EXPORT_SYMBOL(nonseekable_open); 1238 1239/* 1240 * stream_open is used by subsystems that want stream-like file descriptors. 1241 * Such file descriptors are not seekable and don't have notion of position 1242 * (file.f_pos is always 0 and ppos passed to .read()/.write() is always NULL). 1243 * Contrary to file descriptors of other regular files, .read() and .write() 1244 * can run simultaneously. 1245 * 1246 * stream_open never fails and is marked to return int so that it could be 1247 * directly used as file_operations.open . 1248 */ 1249int stream_open(struct inode *inode, struct file *filp) 1250{ 1251 filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE | FMODE_ATOMIC_POS); 1252 filp->f_mode |= FMODE_STREAM; 1253 return 0; 1254} 1255 1256EXPORT_SYMBOL(stream_open);