tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / fs / open.c
at v5.6 1339 lines 33 kB view raw
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * linux/fs/open.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8#include <linux/string.h> 9#include <linux/mm.h> 10#include <linux/file.h> 11#include <linux/fdtable.h> 12#include <linux/fsnotify.h> 13#include <linux/module.h> 14#include <linux/tty.h> 15#include <linux/namei.h> 16#include <linux/backing-dev.h> 17#include <linux/capability.h> 18#include <linux/securebits.h> 19#include <linux/security.h> 20#include <linux/mount.h> 21#include <linux/fcntl.h> 22#include <linux/slab.h> 23#include <linux/uaccess.h> 24#include <linux/fs.h> 25#include <linux/personality.h> 26#include <linux/pagemap.h> 27#include <linux/syscalls.h> 28#include <linux/rcupdate.h> 29#include <linux/audit.h> 30#include <linux/falloc.h> 31#include <linux/fs_struct.h> 32#include <linux/ima.h> 33#include <linux/dnotify.h> 34#include <linux/compat.h> 35 36#include "internal.h" 37 38int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, 39 struct file *filp) 40{ 41 int ret; 42 struct iattr newattrs; 43 44 /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */ 45 if (length < 0) 46 return -EINVAL; 47 48 newattrs.ia_size = length; 49 newattrs.ia_valid = ATTR_SIZE | time_attrs; 50 if (filp) { 51 newattrs.ia_file = filp; 52 newattrs.ia_valid |= ATTR_FILE; 53 } 54 55 /* Remove suid, sgid, and file capabilities on truncate too */ 56 ret = dentry_needs_remove_privs(dentry); 57 if (ret < 0) 58 return ret; 59 if (ret) 60 newattrs.ia_valid |= ret | ATTR_FORCE; 61 62 inode_lock(dentry->d_inode); 63 /* Note any delegations or leases have already been broken: */ 64 ret = notify_change(dentry, &newattrs, NULL); 65 inode_unlock(dentry->d_inode); 66 return ret; 67} 68 69long vfs_truncate(const struct path *path, loff_t length) 70{ 71 struct inode *inode; 72 long error; 73 74 inode = path->dentry->d_inode; 75 76 /* For directories it's -EISDIR, for other non-regulars - -EINVAL */ 77 if (S_ISDIR(inode->i_mode)) 78 return -EISDIR; 79 if (!S_ISREG(inode->i_mode)) 80 return -EINVAL; 81 82 error = mnt_want_write(path->mnt); 83 if (error) 84 goto out; 85 86 error = inode_permission(inode, MAY_WRITE); 87 if (error) 88 goto mnt_drop_write_and_out; 89 90 error = -EPERM; 91 if (IS_APPEND(inode)) 92 goto mnt_drop_write_and_out; 93 94 error = get_write_access(inode); 95 if (error) 96 goto mnt_drop_write_and_out; 97 98 /* 99 * Make sure that there are no leases. get_write_access() protects 100 * against the truncate racing with a lease-granting setlease(). 101 */ 102 error = break_lease(inode, O_WRONLY); 103 if (error) 104 goto put_write_and_out; 105 106 error = locks_verify_truncate(inode, NULL, length); 107 if (!error) 108 error = security_path_truncate(path); 109 if (!error) 110 error = do_truncate(path->dentry, length, 0, NULL); 111 112put_write_and_out: 113 put_write_access(inode); 114mnt_drop_write_and_out: 115 mnt_drop_write(path->mnt); 116out: 117 return error; 118} 119EXPORT_SYMBOL_GPL(vfs_truncate); 120 121long do_sys_truncate(const char __user *pathname, loff_t length) 122{ 123 unsigned int lookup_flags = LOOKUP_FOLLOW; 124 struct path path; 125 int error; 126 127 if (length < 0) /* sorry, but loff_t says... */ 128 return -EINVAL; 129 130retry: 131 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); 132 if (!error) { 133 error = vfs_truncate(&path, length); 134 path_put(&path); 135 } 136 if (retry_estale(error, lookup_flags)) { 137 lookup_flags |= LOOKUP_REVAL; 138 goto retry; 139 } 140 return error; 141} 142 143SYSCALL_DEFINE2(truncate, const char __user *, path, long, length) 144{ 145 return do_sys_truncate(path, length); 146} 147 148#ifdef CONFIG_COMPAT 149COMPAT_SYSCALL_DEFINE2(truncate, const char __user *, path, compat_off_t, length) 150{ 151 return do_sys_truncate(path, length); 152} 153#endif 154 155long do_sys_ftruncate(unsigned int fd, loff_t length, int small) 156{ 157 struct inode *inode; 158 struct dentry *dentry; 159 struct fd f; 160 int error; 161 162 error = -EINVAL; 163 if (length < 0) 164 goto out; 165 error = -EBADF; 166 f = fdget(fd); 167 if (!f.file) 168 goto out; 169 170 /* explicitly opened as large or we are on 64-bit box */ 171 if (f.file->f_flags & O_LARGEFILE) 172 small = 0; 173 174 dentry = f.file->f_path.dentry; 175 inode = dentry->d_inode; 176 error = -EINVAL; 177 if (!S_ISREG(inode->i_mode) || !(f.file->f_mode & FMODE_WRITE)) 178 goto out_putf; 179 180 error = -EINVAL; 181 /* Cannot ftruncate over 2^31 bytes without large file support */ 182 if (small && length > MAX_NON_LFS) 183 goto out_putf; 184 185 error = -EPERM; 186 /* Check IS_APPEND on real upper inode */ 187 if (IS_APPEND(file_inode(f.file))) 188 goto out_putf; 189 190 sb_start_write(inode->i_sb); 191 error = locks_verify_truncate(inode, f.file, length); 192 if (!error) 193 error = security_path_truncate(&f.file->f_path); 194 if (!error) 195 error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file); 196 sb_end_write(inode->i_sb); 197out_putf: 198 fdput(f); 199out: 200 return error; 201} 202 203SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length) 204{ 205 return do_sys_ftruncate(fd, length, 1); 206} 207 208#ifdef CONFIG_COMPAT 209COMPAT_SYSCALL_DEFINE2(ftruncate, unsigned int, fd, compat_ulong_t, length) 210{ 211 return do_sys_ftruncate(fd, length, 1); 212} 213#endif 214 215/* LFS versions of truncate are only needed on 32 bit machines */ 216#if BITS_PER_LONG == 32 217SYSCALL_DEFINE2(truncate64, const char __user *, path, loff_t, length) 218{ 219 return do_sys_truncate(path, length); 220} 221 222SYSCALL_DEFINE2(ftruncate64, unsigned int, fd, loff_t, length) 223{ 224 return do_sys_ftruncate(fd, length, 0); 225} 226#endif /* BITS_PER_LONG == 32 */ 227 228 229int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) 230{ 231 struct inode *inode = file_inode(file); 232 long ret; 233 234 if (offset < 0 || len <= 0) 235 return -EINVAL; 236 237 /* Return error if mode is not supported */ 238 if (mode & ~FALLOC_FL_SUPPORTED_MASK) 239 return -EOPNOTSUPP; 240 241 /* Punch hole and zero range are mutually exclusive */ 242 if ((mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) == 243 (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) 244 return -EOPNOTSUPP; 245 246 /* Punch hole must have keep size set */ 247 if ((mode & FALLOC_FL_PUNCH_HOLE) && 248 !(mode & FALLOC_FL_KEEP_SIZE)) 249 return -EOPNOTSUPP; 250 251 /* Collapse range should only be used exclusively. */ 252 if ((mode & FALLOC_FL_COLLAPSE_RANGE) && 253 (mode & ~FALLOC_FL_COLLAPSE_RANGE)) 254 return -EINVAL; 255 256 /* Insert range should only be used exclusively. */ 257 if ((mode & FALLOC_FL_INSERT_RANGE) && 258 (mode & ~FALLOC_FL_INSERT_RANGE)) 259 return -EINVAL; 260 261 /* Unshare range should only be used with allocate mode. */ 262 if ((mode & FALLOC_FL_UNSHARE_RANGE) && 263 (mode & ~(FALLOC_FL_UNSHARE_RANGE | FALLOC_FL_KEEP_SIZE))) 264 return -EINVAL; 265 266 if (!(file->f_mode & FMODE_WRITE)) 267 return -EBADF; 268 269 /* 270 * We can only allow pure fallocate on append only files 271 */ 272 if ((mode & ~FALLOC_FL_KEEP_SIZE) && IS_APPEND(inode)) 273 return -EPERM; 274 275 if (IS_IMMUTABLE(inode)) 276 return -EPERM; 277 278 /* 279 * We cannot allow any fallocate operation on an active swapfile 280 */ 281 if (IS_SWAPFILE(inode)) 282 return -ETXTBSY; 283 284 /* 285 * Revalidate the write permissions, in case security policy has 286 * changed since the files were opened. 287 */ 288 ret = security_file_permission(file, MAY_WRITE); 289 if (ret) 290 return ret; 291 292 if (S_ISFIFO(inode->i_mode)) 293 return -ESPIPE; 294 295 if (S_ISDIR(inode->i_mode)) 296 return -EISDIR; 297 298 if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) 299 return -ENODEV; 300 301 /* Check for wrap through zero too */ 302 if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) 303 return -EFBIG; 304 305 if (!file->f_op->fallocate) 306 return -EOPNOTSUPP; 307 308 file_start_write(file); 309 ret = file->f_op->fallocate(file, mode, offset, len); 310 311 /* 312 * Create inotify and fanotify events. 313 * 314 * To keep the logic simple always create events if fallocate succeeds. 315 * This implies that events are even created if the file size remains 316 * unchanged, e.g. when using flag FALLOC_FL_KEEP_SIZE. 317 */ 318 if (ret == 0) 319 fsnotify_modify(file); 320 321 file_end_write(file); 322 return ret; 323} 324EXPORT_SYMBOL_GPL(vfs_fallocate); 325 326int ksys_fallocate(int fd, int mode, loff_t offset, loff_t len) 327{ 328 struct fd f = fdget(fd); 329 int error = -EBADF; 330 331 if (f.file) { 332 error = vfs_fallocate(f.file, mode, offset, len); 333 fdput(f); 334 } 335 return error; 336} 337 338SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len) 339{ 340 return ksys_fallocate(fd, mode, offset, len); 341} 342 343/* 344 * access() needs to use the real uid/gid, not the effective uid/gid. 345 * We do this by temporarily clearing all FS-related capabilities and 346 * switching the fsuid/fsgid around to the real ones. 347 */ 348long do_faccessat(int dfd, const char __user *filename, int mode) 349{ 350 const struct cred *old_cred; 351 struct cred *override_cred; 352 struct path path; 353 struct inode *inode; 354 int res; 355 unsigned int lookup_flags = LOOKUP_FOLLOW; 356 357 if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ 358 return -EINVAL; 359 360 override_cred = prepare_creds(); 361 if (!override_cred) 362 return -ENOMEM; 363 364 override_cred->fsuid = override_cred->uid; 365 override_cred->fsgid = override_cred->gid; 366 367 if (!issecure(SECURE_NO_SETUID_FIXUP)) { 368 /* Clear the capabilities if we switch to a non-root user */ 369 kuid_t root_uid = make_kuid(override_cred->user_ns, 0); 370 if (!uid_eq(override_cred->uid, root_uid)) 371 cap_clear(override_cred->cap_effective); 372 else 373 override_cred->cap_effective = 374 override_cred->cap_permitted; 375 } 376 377 /* 378 * The new set of credentials can *only* be used in 379 * task-synchronous circumstances, and does not need 380 * RCU freeing, unless somebody then takes a separate 381 * reference to it. 382 * 383 * NOTE! This is _only_ true because this credential 384 * is used purely for override_creds() that installs 385 * it as the subjective cred. Other threads will be 386 * accessing ->real_cred, not the subjective cred. 387 * 388 * If somebody _does_ make a copy of this (using the 389 * 'get_current_cred()' function), that will clear the 390 * non_rcu field, because now that other user may be 391 * expecting RCU freeing. But normal thread-synchronous 392 * cred accesses will keep things non-RCY. 393 */ 394 override_cred->non_rcu = 1; 395 396 old_cred = override_creds(override_cred); 397retry: 398 res = user_path_at(dfd, filename, lookup_flags, &path); 399 if (res) 400 goto out; 401 402 inode = d_backing_inode(path.dentry); 403 404 if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) { 405 /* 406 * MAY_EXEC on regular files is denied if the fs is mounted 407 * with the "noexec" flag. 408 */ 409 res = -EACCES; 410 if (path_noexec(&path)) 411 goto out_path_release; 412 } 413 414 res = inode_permission(inode, mode | MAY_ACCESS); 415 /* SuS v2 requires we report a read only fs too */ 416 if (res || !(mode & S_IWOTH) || special_file(inode->i_mode)) 417 goto out_path_release; 418 /* 419 * This is a rare case where using __mnt_is_readonly() 420 * is OK without a mnt_want/drop_write() pair. Since 421 * no actual write to the fs is performed here, we do 422 * not need to telegraph to that to anyone. 423 * 424 * By doing this, we accept that this access is 425 * inherently racy and know that the fs may change 426 * state before we even see this result. 427 */ 428 if (__mnt_is_readonly(path.mnt)) 429 res = -EROFS; 430 431out_path_release: 432 path_put(&path); 433 if (retry_estale(res, lookup_flags)) { 434 lookup_flags |= LOOKUP_REVAL; 435 goto retry; 436 } 437out: 438 revert_creds(old_cred); 439 put_cred(override_cred); 440 return res; 441} 442 443SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) 444{ 445 return do_faccessat(dfd, filename, mode); 446} 447 448SYSCALL_DEFINE2(access, const char __user *, filename, int, mode) 449{ 450 return do_faccessat(AT_FDCWD, filename, mode); 451} 452 453int ksys_chdir(const char __user *filename) 454{ 455 struct path path; 456 int error; 457 unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY; 458retry: 459 error = user_path_at(AT_FDCWD, filename, lookup_flags, &path); 460 if (error) 461 goto out; 462 463 error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR); 464 if (error) 465 goto dput_and_out; 466 467 set_fs_pwd(current->fs, &path); 468 469dput_and_out: 470 path_put(&path); 471 if (retry_estale(error, lookup_flags)) { 472 lookup_flags |= LOOKUP_REVAL; 473 goto retry; 474 } 475out: 476 return error; 477} 478 479SYSCALL_DEFINE1(chdir, const char __user *, filename) 480{ 481 return ksys_chdir(filename); 482} 483 484SYSCALL_DEFINE1(fchdir, unsigned int, fd) 485{ 486 struct fd f = fdget_raw(fd); 487 int error; 488 489 error = -EBADF; 490 if (!f.file) 491 goto out; 492 493 error = -ENOTDIR; 494 if (!d_can_lookup(f.file->f_path.dentry)) 495 goto out_putf; 496 497 error = inode_permission(file_inode(f.file), MAY_EXEC | MAY_CHDIR); 498 if (!error) 499 set_fs_pwd(current->fs, &f.file->f_path); 500out_putf: 501 fdput(f); 502out: 503 return error; 504} 505 506int ksys_chroot(const char __user *filename) 507{ 508 struct path path; 509 int error; 510 unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY; 511retry: 512 error = user_path_at(AT_FDCWD, filename, lookup_flags, &path); 513 if (error) 514 goto out; 515 516 error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR); 517 if (error) 518 goto dput_and_out; 519 520 error = -EPERM; 521 if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT)) 522 goto dput_and_out; 523 error = security_path_chroot(&path); 524 if (error) 525 goto dput_and_out; 526 527 set_fs_root(current->fs, &path); 528 error = 0; 529dput_and_out: 530 path_put(&path); 531 if (retry_estale(error, lookup_flags)) { 532 lookup_flags |= LOOKUP_REVAL; 533 goto retry; 534 } 535out: 536 return error; 537} 538 539SYSCALL_DEFINE1(chroot, const char __user *, filename) 540{ 541 return ksys_chroot(filename); 542} 543 544static int chmod_common(const struct path *path, umode_t mode) 545{ 546 struct inode *inode = path->dentry->d_inode; 547 struct inode *delegated_inode = NULL; 548 struct iattr newattrs; 549 int error; 550 551 error = mnt_want_write(path->mnt); 552 if (error) 553 return error; 554retry_deleg: 555 inode_lock(inode); 556 error = security_path_chmod(path, mode); 557 if (error) 558 goto out_unlock; 559 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); 560 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; 561 error = notify_change(path->dentry, &newattrs, &delegated_inode); 562out_unlock: 563 inode_unlock(inode); 564 if (delegated_inode) { 565 error = break_deleg_wait(&delegated_inode); 566 if (!error) 567 goto retry_deleg; 568 } 569 mnt_drop_write(path->mnt); 570 return error; 571} 572 573int ksys_fchmod(unsigned int fd, umode_t mode) 574{ 575 struct fd f = fdget(fd); 576 int err = -EBADF; 577 578 if (f.file) { 579 audit_file(f.file); 580 err = chmod_common(&f.file->f_path, mode); 581 fdput(f); 582 } 583 return err; 584} 585 586SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode) 587{ 588 return ksys_fchmod(fd, mode); 589} 590 591int do_fchmodat(int dfd, const char __user *filename, umode_t mode) 592{ 593 struct path path; 594 int error; 595 unsigned int lookup_flags = LOOKUP_FOLLOW; 596retry: 597 error = user_path_at(dfd, filename, lookup_flags, &path); 598 if (!error) { 599 error = chmod_common(&path, mode); 600 path_put(&path); 601 if (retry_estale(error, lookup_flags)) { 602 lookup_flags |= LOOKUP_REVAL; 603 goto retry; 604 } 605 } 606 return error; 607} 608 609SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename, 610 umode_t, mode) 611{ 612 return do_fchmodat(dfd, filename, mode); 613} 614 615SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode) 616{ 617 return do_fchmodat(AT_FDCWD, filename, mode); 618} 619 620static int chown_common(const struct path *path, uid_t user, gid_t group) 621{ 622 struct inode *inode = path->dentry->d_inode; 623 struct inode *delegated_inode = NULL; 624 int error; 625 struct iattr newattrs; 626 kuid_t uid; 627 kgid_t gid; 628 629 uid = make_kuid(current_user_ns(), user); 630 gid = make_kgid(current_user_ns(), group); 631 632retry_deleg: 633 newattrs.ia_valid = ATTR_CTIME; 634 if (user != (uid_t) -1) { 635 if (!uid_valid(uid)) 636 return -EINVAL; 637 newattrs.ia_valid |= ATTR_UID; 638 newattrs.ia_uid = uid; 639 } 640 if (group != (gid_t) -1) { 641 if (!gid_valid(gid)) 642 return -EINVAL; 643 newattrs.ia_valid |= ATTR_GID; 644 newattrs.ia_gid = gid; 645 } 646 if (!S_ISDIR(inode->i_mode)) 647 newattrs.ia_valid |= 648 ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV; 649 inode_lock(inode); 650 error = security_path_chown(path, uid, gid); 651 if (!error) 652 error = notify_change(path->dentry, &newattrs, &delegated_inode); 653 inode_unlock(inode); 654 if (delegated_inode) { 655 error = break_deleg_wait(&delegated_inode); 656 if (!error) 657 goto retry_deleg; 658 } 659 return error; 660} 661 662int do_fchownat(int dfd, const char __user *filename, uid_t user, gid_t group, 663 int flag) 664{ 665 struct path path; 666 int error = -EINVAL; 667 int lookup_flags; 668 669 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) 670 goto out; 671 672 lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; 673 if (flag & AT_EMPTY_PATH) 674 lookup_flags |= LOOKUP_EMPTY; 675retry: 676 error = user_path_at(dfd, filename, lookup_flags, &path); 677 if (error) 678 goto out; 679 error = mnt_want_write(path.mnt); 680 if (error) 681 goto out_release; 682 error = chown_common(&path, user, group); 683 mnt_drop_write(path.mnt); 684out_release: 685 path_put(&path); 686 if (retry_estale(error, lookup_flags)) { 687 lookup_flags |= LOOKUP_REVAL; 688 goto retry; 689 } 690out: 691 return error; 692} 693 694SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user, 695 gid_t, group, int, flag) 696{ 697 return do_fchownat(dfd, filename, user, group, flag); 698} 699 700SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group) 701{ 702 return do_fchownat(AT_FDCWD, filename, user, group, 0); 703} 704 705SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group) 706{ 707 return do_fchownat(AT_FDCWD, filename, user, group, 708 AT_SYMLINK_NOFOLLOW); 709} 710 711int ksys_fchown(unsigned int fd, uid_t user, gid_t group) 712{ 713 struct fd f = fdget(fd); 714 int error = -EBADF; 715 716 if (!f.file) 717 goto out; 718 719 error = mnt_want_write_file(f.file); 720 if (error) 721 goto out_fput; 722 audit_file(f.file); 723 error = chown_common(&f.file->f_path, user, group); 724 mnt_drop_write_file(f.file); 725out_fput: 726 fdput(f); 727out: 728 return error; 729} 730 731SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group) 732{ 733 return ksys_fchown(fd, user, group); 734} 735 736static int do_dentry_open(struct file *f, 737 struct inode *inode, 738 int (*open)(struct inode *, struct file *)) 739{ 740 static const struct file_operations empty_fops = {}; 741 int error; 742 743 path_get(&f->f_path); 744 f->f_inode = inode; 745 f->f_mapping = inode->i_mapping; 746 747 /* Ensure that we skip any errors that predate opening of the file */ 748 f->f_wb_err = filemap_sample_wb_err(f->f_mapping); 749 750 if (unlikely(f->f_flags & O_PATH)) { 751 f->f_mode = FMODE_PATH | FMODE_OPENED; 752 f->f_op = &empty_fops; 753 return 0; 754 } 755 756 /* Any file opened for execve()/uselib() has to be a regular file. */ 757 if (unlikely(f->f_flags & FMODE_EXEC && !S_ISREG(inode->i_mode))) { 758 error = -EACCES; 759 goto cleanup_file; 760 } 761 762 if (f->f_mode & FMODE_WRITE && !special_file(inode->i_mode)) { 763 error = get_write_access(inode); 764 if (unlikely(error)) 765 goto cleanup_file; 766 error = __mnt_want_write(f->f_path.mnt); 767 if (unlikely(error)) { 768 put_write_access(inode); 769 goto cleanup_file; 770 } 771 f->f_mode |= FMODE_WRITER; 772 } 773 774 /* POSIX.1-2008/SUSv4 Section XSI 2.9.7 */ 775 if (S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode)) 776 f->f_mode |= FMODE_ATOMIC_POS; 777 778 f->f_op = fops_get(inode->i_fop); 779 if (WARN_ON(!f->f_op)) { 780 error = -ENODEV; 781 goto cleanup_all; 782 } 783 784 error = security_file_open(f); 785 if (error) 786 goto cleanup_all; 787 788 error = break_lease(locks_inode(f), f->f_flags); 789 if (error) 790 goto cleanup_all; 791 792 /* normally all 3 are set; ->open() can clear them if needed */ 793 f->f_mode |= FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE; 794 if (!open) 795 open = f->f_op->open; 796 if (open) { 797 error = open(inode, f); 798 if (error) 799 goto cleanup_all; 800 } 801 f->f_mode |= FMODE_OPENED; 802 if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) 803 i_readcount_inc(inode); 804 if ((f->f_mode & FMODE_READ) && 805 likely(f->f_op->read || f->f_op->read_iter)) 806 f->f_mode |= FMODE_CAN_READ; 807 if ((f->f_mode & FMODE_WRITE) && 808 likely(f->f_op->write || f->f_op->write_iter)) 809 f->f_mode |= FMODE_CAN_WRITE; 810 811 f->f_write_hint = WRITE_LIFE_NOT_SET; 812 f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); 813 814 file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping); 815 816 /* NB: we're sure to have correct a_ops only after f_op->open */ 817 if (f->f_flags & O_DIRECT) { 818 if (!f->f_mapping->a_ops || !f->f_mapping->a_ops->direct_IO) 819 return -EINVAL; 820 } 821 822 /* 823 * XXX: Huge page cache doesn't support writing yet. Drop all page 824 * cache for this file before processing writes. 825 */ 826 if ((f->f_mode & FMODE_WRITE) && filemap_nr_thps(inode->i_mapping)) 827 truncate_pagecache(inode, 0); 828 829 return 0; 830 831cleanup_all: 832 if (WARN_ON_ONCE(error > 0)) 833 error = -EINVAL; 834 fops_put(f->f_op); 835 if (f->f_mode & FMODE_WRITER) { 836 put_write_access(inode); 837 __mnt_drop_write(f->f_path.mnt); 838 } 839cleanup_file: 840 path_put(&f->f_path); 841 f->f_path.mnt = NULL; 842 f->f_path.dentry = NULL; 843 f->f_inode = NULL; 844 return error; 845} 846 847/** 848 * finish_open - finish opening a file 849 * @file: file pointer 850 * @dentry: pointer to dentry 851 * @open: open callback 852 * @opened: state of open 853 * 854 * This can be used to finish opening a file passed to i_op->atomic_open(). 855 * 856 * If the open callback is set to NULL, then the standard f_op->open() 857 * filesystem callback is substituted. 858 * 859 * NB: the dentry reference is _not_ consumed. If, for example, the dentry is 860 * the return value of d_splice_alias(), then the caller needs to perform dput() 861 * on it after finish_open(). 862 * 863 * Returns zero on success or -errno if the open failed. 864 */ 865int finish_open(struct file *file, struct dentry *dentry, 866 int (*open)(struct inode *, struct file *)) 867{ 868 BUG_ON(file->f_mode & FMODE_OPENED); /* once it's opened, it's opened */ 869 870 file->f_path.dentry = dentry; 871 return do_dentry_open(file, d_backing_inode(dentry), open); 872} 873EXPORT_SYMBOL(finish_open); 874 875/** 876 * finish_no_open - finish ->atomic_open() without opening the file 877 * 878 * @file: file pointer 879 * @dentry: dentry or NULL (as returned from ->lookup()) 880 * 881 * This can be used to set the result of a successful lookup in ->atomic_open(). 882 * 883 * NB: unlike finish_open() this function does consume the dentry reference and 884 * the caller need not dput() it. 885 * 886 * Returns "0" which must be the return value of ->atomic_open() after having 887 * called this function. 888 */ 889int finish_no_open(struct file *file, struct dentry *dentry) 890{ 891 file->f_path.dentry = dentry; 892 return 0; 893} 894EXPORT_SYMBOL(finish_no_open); 895 896char *file_path(struct file *filp, char *buf, int buflen) 897{ 898 return d_path(&filp->f_path, buf, buflen); 899} 900EXPORT_SYMBOL(file_path); 901 902/** 903 * vfs_open - open the file at the given path 904 * @path: path to open 905 * @file: newly allocated file with f_flag initialized 906 * @cred: credentials to use 907 */ 908int vfs_open(const struct path *path, struct file *file) 909{ 910 file->f_path = *path; 911 return do_dentry_open(file, d_backing_inode(path->dentry), NULL); 912} 913 914struct file *dentry_open(const struct path *path, int flags, 915 const struct cred *cred) 916{ 917 int error; 918 struct file *f; 919 920 validate_creds(cred); 921 922 /* We must always pass in a valid mount pointer. */ 923 BUG_ON(!path->mnt); 924 925 f = alloc_empty_file(flags, cred); 926 if (!IS_ERR(f)) { 927 error = vfs_open(path, f); 928 if (error) { 929 fput(f); 930 f = ERR_PTR(error); 931 } 932 } 933 return f; 934} 935EXPORT_SYMBOL(dentry_open); 936 937struct file *open_with_fake_path(const struct path *path, int flags, 938 struct inode *inode, const struct cred *cred) 939{ 940 struct file *f = alloc_empty_file_noaccount(flags, cred); 941 if (!IS_ERR(f)) { 942 int error; 943 944 f->f_path = *path; 945 error = do_dentry_open(f, inode, NULL); 946 if (error) { 947 fput(f); 948 f = ERR_PTR(error); 949 } 950 } 951 return f; 952} 953EXPORT_SYMBOL(open_with_fake_path); 954 955#define WILL_CREATE(flags) (flags & (O_CREAT | __O_TMPFILE)) 956#define O_PATH_FLAGS (O_DIRECTORY | O_NOFOLLOW | O_PATH | O_CLOEXEC) 957 958inline struct open_how build_open_how(int flags, umode_t mode) 959{ 960 struct open_how how = { 961 .flags = flags & VALID_OPEN_FLAGS, 962 .mode = mode & S_IALLUGO, 963 }; 964 965 /* O_PATH beats everything else. */ 966 if (how.flags & O_PATH) 967 how.flags &= O_PATH_FLAGS; 968 /* Modes should only be set for create-like flags. */ 969 if (!WILL_CREATE(how.flags)) 970 how.mode = 0; 971 return how; 972} 973 974inline int build_open_flags(const struct open_how *how, struct open_flags *op) 975{ 976 int flags = how->flags; 977 int lookup_flags = 0; 978 int acc_mode = ACC_MODE(flags); 979 980 /* Must never be set by userspace */ 981 flags &= ~(FMODE_NONOTIFY | O_CLOEXEC); 982 983 /* 984 * Older syscalls implicitly clear all of the invalid flags or argument 985 * values before calling build_open_flags(), but openat2(2) checks all 986 * of its arguments. 987 */ 988 if (flags & ~VALID_OPEN_FLAGS) 989 return -EINVAL; 990 if (how->resolve & ~VALID_RESOLVE_FLAGS) 991 return -EINVAL; 992 993 /* Deal with the mode. */ 994 if (WILL_CREATE(flags)) { 995 if (how->mode & ~S_IALLUGO) 996 return -EINVAL; 997 op->mode = how->mode | S_IFREG; 998 } else { 999 if (how->mode != 0) 1000 return -EINVAL; 1001 op->mode = 0; 1002 } 1003 1004 /* 1005 * In order to ensure programs get explicit errors when trying to use 1006 * O_TMPFILE on old kernels, O_TMPFILE is implemented such that it 1007 * looks like (O_DIRECTORY|O_RDWR & ~O_CREAT) to old kernels. But we 1008 * have to require userspace to explicitly set it. 1009 */ 1010 if (flags & __O_TMPFILE) { 1011 if ((flags & O_TMPFILE_MASK) != O_TMPFILE) 1012 return -EINVAL; 1013 if (!(acc_mode & MAY_WRITE)) 1014 return -EINVAL; 1015 } 1016 if (flags & O_PATH) { 1017 /* O_PATH only permits certain other flags to be set. */ 1018 if (flags & ~O_PATH_FLAGS) 1019 return -EINVAL; 1020 acc_mode = 0; 1021 } 1022 1023 /* 1024 * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only 1025 * check for O_DSYNC if the need any syncing at all we enforce it's 1026 * always set instead of having to deal with possibly weird behaviour 1027 * for malicious applications setting only __O_SYNC. 1028 */ 1029 if (flags & __O_SYNC) 1030 flags |= O_DSYNC; 1031 1032 op->open_flag = flags; 1033 1034 /* O_TRUNC implies we need access checks for write permissions */ 1035 if (flags & O_TRUNC) 1036 acc_mode |= MAY_WRITE; 1037 1038 /* Allow the LSM permission hook to distinguish append 1039 access from general write access. */ 1040 if (flags & O_APPEND) 1041 acc_mode |= MAY_APPEND; 1042 1043 op->acc_mode = acc_mode; 1044 1045 op->intent = flags & O_PATH ? 0 : LOOKUP_OPEN; 1046 1047 if (flags & O_CREAT) { 1048 op->intent |= LOOKUP_CREATE; 1049 if (flags & O_EXCL) 1050 op->intent |= LOOKUP_EXCL; 1051 } 1052 1053 if (flags & O_DIRECTORY) 1054 lookup_flags |= LOOKUP_DIRECTORY; 1055 if (!(flags & O_NOFOLLOW)) 1056 lookup_flags |= LOOKUP_FOLLOW; 1057 1058 if (how->resolve & RESOLVE_NO_XDEV) 1059 lookup_flags |= LOOKUP_NO_XDEV; 1060 if (how->resolve & RESOLVE_NO_MAGICLINKS) 1061 lookup_flags |= LOOKUP_NO_MAGICLINKS; 1062 if (how->resolve & RESOLVE_NO_SYMLINKS) 1063 lookup_flags |= LOOKUP_NO_SYMLINKS; 1064 if (how->resolve & RESOLVE_BENEATH) 1065 lookup_flags |= LOOKUP_BENEATH; 1066 if (how->resolve & RESOLVE_IN_ROOT) 1067 lookup_flags |= LOOKUP_IN_ROOT; 1068 1069 op->lookup_flags = lookup_flags; 1070 return 0; 1071} 1072 1073/** 1074 * file_open_name - open file and return file pointer 1075 * 1076 * @name: struct filename containing path to open 1077 * @flags: open flags as per the open(2) second argument 1078 * @mode: mode for the new file if O_CREAT is set, else ignored 1079 * 1080 * This is the helper to open a file from kernelspace if you really 1081 * have to. But in generally you should not do this, so please move 1082 * along, nothing to see here.. 1083 */ 1084struct file *file_open_name(struct filename *name, int flags, umode_t mode) 1085{ 1086 struct open_flags op; 1087 struct open_how how = build_open_how(flags, mode); 1088 int err = build_open_flags(&how, &op); 1089 if (err) 1090 return ERR_PTR(err); 1091 return do_filp_open(AT_FDCWD, name, &op); 1092} 1093 1094/** 1095 * filp_open - open file and return file pointer 1096 * 1097 * @filename: path to open 1098 * @flags: open flags as per the open(2) second argument 1099 * @mode: mode for the new file if O_CREAT is set, else ignored 1100 * 1101 * This is the helper to open a file from kernelspace if you really 1102 * have to. But in generally you should not do this, so please move 1103 * along, nothing to see here.. 1104 */ 1105struct file *filp_open(const char *filename, int flags, umode_t mode) 1106{ 1107 struct filename *name = getname_kernel(filename); 1108 struct file *file = ERR_CAST(name); 1109 1110 if (!IS_ERR(name)) { 1111 file = file_open_name(name, flags, mode); 1112 putname(name); 1113 } 1114 return file; 1115} 1116EXPORT_SYMBOL(filp_open); 1117 1118struct file *file_open_root(struct dentry *dentry, struct vfsmount *mnt, 1119 const char *filename, int flags, umode_t mode) 1120{ 1121 struct open_flags op; 1122 struct open_how how = build_open_how(flags, mode); 1123 int err = build_open_flags(&how, &op); 1124 if (err) 1125 return ERR_PTR(err); 1126 return do_file_open_root(dentry, mnt, filename, &op); 1127} 1128EXPORT_SYMBOL(file_open_root); 1129 1130static long do_sys_openat2(int dfd, const char __user *filename, 1131 struct open_how *how) 1132{ 1133 struct open_flags op; 1134 int fd = build_open_flags(how, &op); 1135 struct filename *tmp; 1136 1137 if (fd) 1138 return fd; 1139 1140 tmp = getname(filename); 1141 if (IS_ERR(tmp)) 1142 return PTR_ERR(tmp); 1143 1144 fd = get_unused_fd_flags(how->flags); 1145 if (fd >= 0) { 1146 struct file *f = do_filp_open(dfd, tmp, &op); 1147 if (IS_ERR(f)) { 1148 put_unused_fd(fd); 1149 fd = PTR_ERR(f); 1150 } else { 1151 fsnotify_open(f); 1152 fd_install(fd, f); 1153 } 1154 } 1155 putname(tmp); 1156 return fd; 1157} 1158 1159long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) 1160{ 1161 struct open_how how = build_open_how(flags, mode); 1162 return do_sys_openat2(dfd, filename, &how); 1163} 1164 1165 1166SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode) 1167{ 1168 return ksys_open(filename, flags, mode); 1169} 1170 1171SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, 1172 umode_t, mode) 1173{ 1174 if (force_o_largefile()) 1175 flags |= O_LARGEFILE; 1176 return do_sys_open(dfd, filename, flags, mode); 1177} 1178 1179SYSCALL_DEFINE4(openat2, int, dfd, const char __user *, filename, 1180 struct open_how __user *, how, size_t, usize) 1181{ 1182 int err; 1183 struct open_how tmp; 1184 1185 BUILD_BUG_ON(sizeof(struct open_how) < OPEN_HOW_SIZE_VER0); 1186 BUILD_BUG_ON(sizeof(struct open_how) != OPEN_HOW_SIZE_LATEST); 1187 1188 if (unlikely(usize < OPEN_HOW_SIZE_VER0)) 1189 return -EINVAL; 1190 1191 err = copy_struct_from_user(&tmp, sizeof(tmp), how, usize); 1192 if (err) 1193 return err; 1194 1195 /* O_LARGEFILE is only allowed for non-O_PATH. */ 1196 if (!(tmp.flags & O_PATH) && force_o_largefile()) 1197 tmp.flags |= O_LARGEFILE; 1198 1199 return do_sys_openat2(dfd, filename, &tmp); 1200} 1201 1202#ifdef CONFIG_COMPAT 1203/* 1204 * Exactly like sys_open(), except that it doesn't set the 1205 * O_LARGEFILE flag. 1206 */ 1207COMPAT_SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode) 1208{ 1209 return do_sys_open(AT_FDCWD, filename, flags, mode); 1210} 1211 1212/* 1213 * Exactly like sys_openat(), except that it doesn't set the 1214 * O_LARGEFILE flag. 1215 */ 1216COMPAT_SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, umode_t, mode) 1217{ 1218 return do_sys_open(dfd, filename, flags, mode); 1219} 1220#endif 1221 1222#ifndef __alpha__ 1223 1224/* 1225 * For backward compatibility? Maybe this should be moved 1226 * into arch/i386 instead? 1227 */ 1228SYSCALL_DEFINE2(creat, const char __user *, pathname, umode_t, mode) 1229{ 1230 return ksys_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); 1231} 1232 1233#endif 1234 1235/* 1236 * "id" is the POSIX thread ID. We use the 1237 * files pointer for this.. 1238 */ 1239int filp_close(struct file *filp, fl_owner_t id) 1240{ 1241 int retval = 0; 1242 1243 if (!file_count(filp)) { 1244 printk(KERN_ERR "VFS: Close: file count is 0\n"); 1245 return 0; 1246 } 1247 1248 if (filp->f_op->flush) 1249 retval = filp->f_op->flush(filp, id); 1250 1251 if (likely(!(filp->f_mode & FMODE_PATH))) { 1252 dnotify_flush(filp, id); 1253 locks_remove_posix(filp, id); 1254 } 1255 fput(filp); 1256 return retval; 1257} 1258 1259EXPORT_SYMBOL(filp_close); 1260 1261/* 1262 * Careful here! We test whether the file pointer is NULL before 1263 * releasing the fd. This ensures that one clone task can't release 1264 * an fd while another clone is opening it. 1265 */ 1266SYSCALL_DEFINE1(close, unsigned int, fd) 1267{ 1268 int retval = __close_fd(current->files, fd); 1269 1270 /* can't restart close syscall because file table entry was cleared */ 1271 if (unlikely(retval == -ERESTARTSYS || 1272 retval == -ERESTARTNOINTR || 1273 retval == -ERESTARTNOHAND || 1274 retval == -ERESTART_RESTARTBLOCK)) 1275 retval = -EINTR; 1276 1277 return retval; 1278} 1279 1280/* 1281 * This routine simulates a hangup on the tty, to arrange that users 1282 * are given clean terminals at login time. 1283 */ 1284SYSCALL_DEFINE0(vhangup) 1285{ 1286 if (capable(CAP_SYS_TTY_CONFIG)) { 1287 tty_vhangup_self(); 1288 return 0; 1289 } 1290 return -EPERM; 1291} 1292 1293/* 1294 * Called when an inode is about to be open. 1295 * We use this to disallow opening large files on 32bit systems if 1296 * the caller didn't specify O_LARGEFILE. On 64bit systems we force 1297 * on this flag in sys_open. 1298 */ 1299int generic_file_open(struct inode * inode, struct file * filp) 1300{ 1301 if (!(filp->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS) 1302 return -EOVERFLOW; 1303 return 0; 1304} 1305 1306EXPORT_SYMBOL(generic_file_open); 1307 1308/* 1309 * This is used by subsystems that don't want seekable 1310 * file descriptors. The function is not supposed to ever fail, the only 1311 * reason it returns an 'int' and not 'void' is so that it can be plugged 1312 * directly into file_operations structure. 1313 */ 1314int nonseekable_open(struct inode *inode, struct file *filp) 1315{ 1316 filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE); 1317 return 0; 1318} 1319 1320EXPORT_SYMBOL(nonseekable_open); 1321 1322/* 1323 * stream_open is used by subsystems that want stream-like file descriptors. 1324 * Such file descriptors are not seekable and don't have notion of position 1325 * (file.f_pos is always 0 and ppos passed to .read()/.write() is always NULL). 1326 * Contrary to file descriptors of other regular files, .read() and .write() 1327 * can run simultaneously. 1328 * 1329 * stream_open never fails and is marked to return int so that it could be 1330 * directly used as file_operations.open . 1331 */ 1332int stream_open(struct inode *inode, struct file *filp) 1333{ 1334 filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE | FMODE_ATOMIC_POS); 1335 filp->f_mode |= FMODE_STREAM; 1336 return 0; 1337} 1338 1339EXPORT_SYMBOL(stream_open);