PageRenderTime 58ms CodeModel.GetById 30ms RepoModel.GetById 1ms app.codeStats 0ms

/fs/open.c

https://bitbucket.org/zarboz/ville-upstream-test-branch
C | 1144 lines | 804 code | 167 blank | 173 comment | 145 complexity | 4c9187ea849b79517897247f65aeed94 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.0, AGPL-1.0
  1. /*
  2. * linux/fs/open.c
  3. *
  4. * Copyright (C) 1991, 1992 Linus Torvalds
  5. */
  6. #include <linux/string.h>
  7. #include <linux/mm.h>
  8. #include <linux/file.h>
  9. #include <linux/fdtable.h>
  10. #include <linux/fsnotify.h>
  11. #include <linux/module.h>
  12. #include <linux/tty.h>
  13. #include <linux/namei.h>
  14. #include <linux/backing-dev.h>
  15. #include <linux/capability.h>
  16. #include <linux/securebits.h>
  17. #include <linux/security.h>
  18. #include <linux/mount.h>
  19. #include <linux/fcntl.h>
  20. #include <linux/slab.h>
  21. #include <asm/uaccess.h>
  22. #include <linux/fs.h>
  23. #include <linux/personality.h>
  24. #include <linux/pagemap.h>
  25. #include <linux/syscalls.h>
  26. #include <linux/rcupdate.h>
  27. #include <linux/audit.h>
  28. #include <linux/falloc.h>
  29. #include <linux/fs_struct.h>
  30. #include <linux/ima.h>
  31. #include <linux/dnotify.h>
  32. #include "internal.h"
  33. int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
  34. struct file *filp)
  35. {
  36. int ret;
  37. struct iattr newattrs;
  38. /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */
  39. if (length < 0)
  40. return -EINVAL;
  41. newattrs.ia_size = length;
  42. newattrs.ia_valid = ATTR_SIZE | time_attrs;
  43. if (filp) {
  44. newattrs.ia_file = filp;
  45. newattrs.ia_valid |= ATTR_FILE;
  46. }
  47. /* Remove suid/sgid on truncate too */
  48. ret = should_remove_suid(dentry);
  49. if (ret)
  50. newattrs.ia_valid |= ret | ATTR_FORCE;
  51. mutex_lock(&dentry->d_inode->i_mutex);
  52. ret = notify_change(dentry, &newattrs);
  53. mutex_unlock(&dentry->d_inode->i_mutex);
  54. return ret;
  55. }
  56. static long do_sys_truncate(const char __user *pathname, loff_t length)
  57. {
  58. struct path path;
  59. struct inode *inode;
  60. int error;
  61. error = -EINVAL;
  62. if (length < 0) /* sorry, but loff_t says... */
  63. goto out;
  64. error = user_path(pathname, &path);
  65. if (error)
  66. goto out;
  67. inode = path.dentry->d_inode;
  68. /* For directories it's -EISDIR, for other non-regulars - -EINVAL */
  69. error = -EISDIR;
  70. if (S_ISDIR(inode->i_mode))
  71. goto dput_and_out;
  72. error = -EINVAL;
  73. if (!S_ISREG(inode->i_mode))
  74. goto dput_and_out;
  75. error = mnt_want_write(path.mnt);
  76. if (error)
  77. goto dput_and_out;
  78. error = inode_permission(inode, MAY_WRITE);
  79. if (error)
  80. goto mnt_drop_write_and_out;
  81. error = -EPERM;
  82. if (IS_APPEND(inode))
  83. goto mnt_drop_write_and_out;
  84. error = get_write_access(inode);
  85. if (error)
  86. goto mnt_drop_write_and_out;
  87. /*
  88. * Make sure that there are no leases. get_write_access() protects
  89. * against the truncate racing with a lease-granting setlease().
  90. */
  91. error = break_lease(inode, O_WRONLY);
  92. if (error)
  93. goto put_write_and_out;
  94. error = locks_verify_truncate(inode, NULL, length);
  95. if (!error)
  96. error = security_path_truncate(&path);
  97. if (!error)
  98. error = do_truncate(path.dentry, length, 0, NULL);
  99. put_write_and_out:
  100. put_write_access(inode);
  101. mnt_drop_write_and_out:
  102. mnt_drop_write(path.mnt);
  103. dput_and_out:
  104. path_put(&path);
  105. out:
  106. return error;
  107. }
  108. SYSCALL_DEFINE2(truncate, const char __user *, path, long, length)
  109. {
  110. return do_sys_truncate(path, length);
  111. }
  112. static long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
  113. {
  114. struct inode * inode;
  115. struct dentry *dentry;
  116. struct file * file;
  117. int error;
  118. error = -EINVAL;
  119. if (length < 0)
  120. goto out;
  121. error = -EBADF;
  122. file = fget(fd);
  123. if (!file)
  124. goto out;
  125. /* explicitly opened as large or we are on 64-bit box */
  126. if (file->f_flags & O_LARGEFILE)
  127. small = 0;
  128. dentry = file->f_path.dentry;
  129. inode = dentry->d_inode;
  130. error = -EINVAL;
  131. if (!S_ISREG(inode->i_mode) || !(file->f_mode & FMODE_WRITE))
  132. goto out_putf;
  133. error = -EINVAL;
  134. /* Cannot ftruncate over 2^31 bytes without large file support */
  135. if (small && length > MAX_NON_LFS)
  136. goto out_putf;
  137. error = -EPERM;
  138. if (IS_APPEND(inode))
  139. goto out_putf;
  140. error = locks_verify_truncate(inode, file, length);
  141. if (!error)
  142. error = security_path_truncate(&file->f_path);
  143. if (!error)
  144. error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
  145. out_putf:
  146. fput(file);
  147. out:
  148. return error;
  149. }
  150. SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length)
  151. {
  152. long ret = do_sys_ftruncate(fd, length, 1);
  153. /* avoid REGPARM breakage on x86: */
  154. asmlinkage_protect(2, ret, fd, length);
  155. return ret;
  156. }
  157. /* LFS versions of truncate are only needed on 32 bit machines */
  158. #if BITS_PER_LONG == 32
  159. SYSCALL_DEFINE(truncate64)(const char __user * path, loff_t length)
  160. {
  161. return do_sys_truncate(path, length);
  162. }
  163. #ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
  164. asmlinkage long SyS_truncate64(long path, loff_t length)
  165. {
  166. return SYSC_truncate64((const char __user *) path, length);
  167. }
  168. SYSCALL_ALIAS(sys_truncate64, SyS_truncate64);
  169. #endif
  170. SYSCALL_DEFINE(ftruncate64)(unsigned int fd, loff_t length)
  171. {
  172. long ret = do_sys_ftruncate(fd, length, 0);
  173. /* avoid REGPARM breakage on x86: */
  174. asmlinkage_protect(2, ret, fd, length);
  175. return ret;
  176. }
  177. #ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
  178. asmlinkage long SyS_ftruncate64(long fd, loff_t length)
  179. {
  180. return SYSC_ftruncate64((unsigned int) fd, length);
  181. }
  182. SYSCALL_ALIAS(sys_ftruncate64, SyS_ftruncate64);
  183. #endif
  184. #endif /* BITS_PER_LONG == 32 */
  185. int do_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
  186. {
  187. struct inode *inode = file->f_path.dentry->d_inode;
  188. long ret;
  189. if (offset < 0 || len <= 0)
  190. return -EINVAL;
  191. /* Return error if mode is not supported */
  192. if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE))
  193. return -EOPNOTSUPP;
  194. /* Punch hole must have keep size set */
  195. if ((mode & FALLOC_FL_PUNCH_HOLE) &&
  196. !(mode & FALLOC_FL_KEEP_SIZE))
  197. return -EOPNOTSUPP;
  198. if (!(file->f_mode & FMODE_WRITE))
  199. return -EBADF;
  200. /* It's not possible punch hole on append only file */
  201. if (mode & FALLOC_FL_PUNCH_HOLE && IS_APPEND(inode))
  202. return -EPERM;
  203. if (IS_IMMUTABLE(inode))
  204. return -EPERM;
  205. /*
  206. * Revalidate the write permissions, in case security policy has
  207. * changed since the files were opened.
  208. */
  209. ret = security_file_permission(file, MAY_WRITE);
  210. if (ret)
  211. return ret;
  212. if (S_ISFIFO(inode->i_mode))
  213. return -ESPIPE;
  214. /*
  215. * Let individual file system decide if it supports preallocation
  216. * for directories or not.
  217. */
  218. if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
  219. return -ENODEV;
  220. /* Check for wrap through zero too */
  221. if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0))
  222. return -EFBIG;
  223. if (!file->f_op->fallocate)
  224. return -EOPNOTSUPP;
  225. return file->f_op->fallocate(file, mode, offset, len);
  226. }
  227. SYSCALL_DEFINE(fallocate)(int fd, int mode, loff_t offset, loff_t len)
  228. {
  229. struct file *file;
  230. int error = -EBADF;
  231. file = fget(fd);
  232. if (file) {
  233. error = do_fallocate(file, mode, offset, len);
  234. fput(file);
  235. }
  236. return error;
  237. }
  238. #ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
  239. asmlinkage long SyS_fallocate(long fd, long mode, loff_t offset, loff_t len)
  240. {
  241. return SYSC_fallocate((int)fd, (int)mode, offset, len);
  242. }
  243. SYSCALL_ALIAS(sys_fallocate, SyS_fallocate);
  244. #endif
  245. /*
  246. * access() needs to use the real uid/gid, not the effective uid/gid.
  247. * We do this by temporarily clearing all FS-related capabilities and
  248. * switching the fsuid/fsgid around to the real ones.
  249. */
  250. SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
  251. {
  252. const struct cred *old_cred;
  253. struct cred *override_cred;
  254. struct path path;
  255. struct inode *inode;
  256. int res;
  257. if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
  258. return -EINVAL;
  259. override_cred = prepare_creds();
  260. if (!override_cred)
  261. return -ENOMEM;
  262. override_cred->fsuid = override_cred->uid;
  263. override_cred->fsgid = override_cred->gid;
  264. if (!issecure(SECURE_NO_SETUID_FIXUP)) {
  265. /* Clear the capabilities if we switch to a non-root user */
  266. if (override_cred->uid)
  267. cap_clear(override_cred->cap_effective);
  268. else
  269. override_cred->cap_effective =
  270. override_cred->cap_permitted;
  271. }
  272. old_cred = override_creds(override_cred);
  273. res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
  274. if (res)
  275. goto out;
  276. inode = path.dentry->d_inode;
  277. if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) {
  278. /*
  279. * MAY_EXEC on regular files is denied if the fs is mounted
  280. * with the "noexec" flag.
  281. */
  282. res = -EACCES;
  283. if (path.mnt->mnt_flags & MNT_NOEXEC)
  284. goto out_path_release;
  285. }
  286. res = inode_permission(inode, mode | MAY_ACCESS);
  287. /* SuS v2 requires we report a read only fs too */
  288. if (res || !(mode & S_IWOTH) || special_file(inode->i_mode))
  289. goto out_path_release;
  290. /*
  291. * This is a rare case where using __mnt_is_readonly()
  292. * is OK without a mnt_want/drop_write() pair. Since
  293. * no actual write to the fs is performed here, we do
  294. * not need to telegraph to that to anyone.
  295. *
  296. * By doing this, we accept that this access is
  297. * inherently racy and know that the fs may change
  298. * state before we even see this result.
  299. */
  300. if (__mnt_is_readonly(path.mnt))
  301. res = -EROFS;
  302. out_path_release:
  303. path_put(&path);
  304. out:
  305. revert_creds(old_cred);
  306. put_cred(override_cred);
  307. return res;
  308. }
  309. SYSCALL_DEFINE2(access, const char __user *, filename, int, mode)
  310. {
  311. return sys_faccessat(AT_FDCWD, filename, mode);
  312. }
  313. SYSCALL_DEFINE1(chdir, const char __user *, filename)
  314. {
  315. struct path path;
  316. int error;
  317. error = user_path_dir(filename, &path);
  318. if (error)
  319. goto out;
  320. error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
  321. if (error)
  322. goto dput_and_out;
  323. set_fs_pwd(current->fs, &path);
  324. dput_and_out:
  325. path_put(&path);
  326. out:
  327. return error;
  328. }
  329. SYSCALL_DEFINE1(fchdir, unsigned int, fd)
  330. {
  331. struct file *file;
  332. struct inode *inode;
  333. int error, fput_needed;
  334. error = -EBADF;
  335. file = fget_raw_light(fd, &fput_needed);
  336. if (!file)
  337. goto out;
  338. inode = file->f_path.dentry->d_inode;
  339. error = -ENOTDIR;
  340. if (!S_ISDIR(inode->i_mode))
  341. goto out_putf;
  342. error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
  343. if (!error)
  344. set_fs_pwd(current->fs, &file->f_path);
  345. out_putf:
  346. fput_light(file, fput_needed);
  347. out:
  348. return error;
  349. }
  350. SYSCALL_DEFINE1(chroot, const char __user *, filename)
  351. {
  352. struct path path;
  353. int error;
  354. error = user_path_dir(filename, &path);
  355. if (error)
  356. goto out;
  357. error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
  358. if (error)
  359. goto dput_and_out;
  360. error = -EPERM;
  361. if (!capable(CAP_SYS_CHROOT))
  362. goto dput_and_out;
  363. error = security_path_chroot(&path);
  364. if (error)
  365. goto dput_and_out;
  366. set_fs_root(current->fs, &path);
  367. error = 0;
  368. dput_and_out:
  369. path_put(&path);
  370. out:
  371. return error;
  372. }
  373. static int chmod_common(struct path *path, umode_t mode)
  374. {
  375. struct inode *inode = path->dentry->d_inode;
  376. struct iattr newattrs;
  377. int error;
  378. error = mnt_want_write(path->mnt);
  379. if (error)
  380. return error;
  381. mutex_lock(&inode->i_mutex);
  382. error = security_path_chmod(path->dentry, path->mnt, mode);
  383. if (error)
  384. goto out_unlock;
  385. newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
  386. newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
  387. error = notify_change(path->dentry, &newattrs);
  388. out_unlock:
  389. mutex_unlock(&inode->i_mutex);
  390. mnt_drop_write(path->mnt);
  391. return error;
  392. }
  393. SYSCALL_DEFINE2(fchmod, unsigned int, fd, mode_t, mode)
  394. {
  395. struct file * file;
  396. int err = -EBADF;
  397. file = fget(fd);
  398. if (file) {
  399. audit_inode(NULL, file->f_path.dentry);
  400. err = chmod_common(&file->f_path, mode);
  401. fput(file);
  402. }
  403. return err;
  404. }
  405. SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename, mode_t, mode)
  406. {
  407. struct path path;
  408. int error;
  409. error = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
  410. if (!error) {
  411. error = chmod_common(&path, mode);
  412. path_put(&path);
  413. }
  414. return error;
  415. }
  416. SYSCALL_DEFINE2(chmod, const char __user *, filename, mode_t, mode)
  417. {
  418. return sys_fchmodat(AT_FDCWD, filename, mode);
  419. }
  420. static int chown_common(struct path *path, uid_t user, gid_t group)
  421. {
  422. struct inode *inode = path->dentry->d_inode;
  423. int error;
  424. struct iattr newattrs;
  425. newattrs.ia_valid = ATTR_CTIME;
  426. if (user != (uid_t) -1) {
  427. newattrs.ia_valid |= ATTR_UID;
  428. newattrs.ia_uid = user;
  429. }
  430. if (group != (gid_t) -1) {
  431. newattrs.ia_valid |= ATTR_GID;
  432. newattrs.ia_gid = group;
  433. }
  434. if (!S_ISDIR(inode->i_mode))
  435. newattrs.ia_valid |=
  436. ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
  437. mutex_lock(&inode->i_mutex);
  438. error = security_path_chown(path, user, group);
  439. if (!error)
  440. error = notify_change(path->dentry, &newattrs);
  441. mutex_unlock(&inode->i_mutex);
  442. return error;
  443. }
  444. SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group)
  445. {
  446. struct path path;
  447. int error;
  448. error = user_path(filename, &path);
  449. if (error)
  450. goto out;
  451. error = mnt_want_write(path.mnt);
  452. if (error)
  453. goto out_release;
  454. error = chown_common(&path, user, group);
  455. mnt_drop_write(path.mnt);
  456. out_release:
  457. path_put(&path);
  458. out:
  459. return error;
  460. }
  461. SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user,
  462. gid_t, group, int, flag)
  463. {
  464. struct path path;
  465. int error = -EINVAL;
  466. int lookup_flags;
  467. if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
  468. goto out;
  469. lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
  470. if (flag & AT_EMPTY_PATH)
  471. lookup_flags |= LOOKUP_EMPTY;
  472. error = user_path_at(dfd, filename, lookup_flags, &path);
  473. if (error)
  474. goto out;
  475. error = mnt_want_write(path.mnt);
  476. if (error)
  477. goto out_release;
  478. error = chown_common(&path, user, group);
  479. mnt_drop_write(path.mnt);
  480. out_release:
  481. path_put(&path);
  482. out:
  483. return error;
  484. }
  485. SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group)
  486. {
  487. struct path path;
  488. int error;
  489. error = user_lpath(filename, &path);
  490. if (error)
  491. goto out;
  492. error = mnt_want_write(path.mnt);
  493. if (error)
  494. goto out_release;
  495. error = chown_common(&path, user, group);
  496. mnt_drop_write(path.mnt);
  497. out_release:
  498. path_put(&path);
  499. out:
  500. return error;
  501. }
  502. SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group)
  503. {
  504. struct file * file;
  505. int error = -EBADF;
  506. struct dentry * dentry;
  507. file = fget(fd);
  508. if (!file)
  509. goto out;
  510. error = mnt_want_write_file(file);
  511. if (error)
  512. goto out_fput;
  513. dentry = file->f_path.dentry;
  514. audit_inode(NULL, dentry);
  515. error = chown_common(&file->f_path, user, group);
  516. mnt_drop_write(file->f_path.mnt);
  517. out_fput:
  518. fput(file);
  519. out:
  520. return error;
  521. }
  522. /*
  523. * You have to be very careful that these write
  524. * counts get cleaned up in error cases and
  525. * upon __fput(). This should probably never
  526. * be called outside of __dentry_open().
  527. */
  528. static inline int __get_file_write_access(struct inode *inode,
  529. struct vfsmount *mnt)
  530. {
  531. int error;
  532. error = get_write_access(inode);
  533. if (error)
  534. return error;
  535. /*
  536. * Do not take mount writer counts on
  537. * special files since no writes to
  538. * the mount itself will occur.
  539. */
  540. if (!special_file(inode->i_mode)) {
  541. /*
  542. * Balanced in __fput()
  543. */
  544. error = mnt_want_write(mnt);
  545. if (error)
  546. put_write_access(inode);
  547. }
  548. return error;
  549. }
  550. static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
  551. struct file *f,
  552. int (*open)(struct inode *, struct file *),
  553. const struct cred *cred)
  554. {
  555. static const struct file_operations empty_fops = {};
  556. struct inode *inode;
  557. int error;
  558. f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK |
  559. FMODE_PREAD | FMODE_PWRITE;
  560. if (unlikely(f->f_flags & O_PATH))
  561. f->f_mode = FMODE_PATH;
  562. inode = dentry->d_inode;
  563. if (f->f_mode & FMODE_WRITE) {
  564. error = __get_file_write_access(inode, mnt);
  565. if (error)
  566. goto cleanup_file;
  567. if (!special_file(inode->i_mode))
  568. file_take_write(f);
  569. }
  570. f->f_mapping = inode->i_mapping;
  571. f->f_path.dentry = dentry;
  572. f->f_path.mnt = mnt;
  573. f->f_pos = 0;
  574. file_sb_list_add(f, inode->i_sb);
  575. if (unlikely(f->f_mode & FMODE_PATH)) {
  576. f->f_op = &empty_fops;
  577. return f;
  578. }
  579. f->f_op = fops_get(inode->i_fop);
  580. error = security_dentry_open(f, cred);
  581. if (error)
  582. goto cleanup_all;
  583. error = break_lease(inode, f->f_flags);
  584. if (error)
  585. goto cleanup_all;
  586. if (!open && f->f_op)
  587. open = f->f_op->open;
  588. if (open) {
  589. error = open(inode, f);
  590. if (error)
  591. goto cleanup_all;
  592. }
  593. if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
  594. i_readcount_inc(inode);
  595. f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC);
  596. file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping);
  597. /* NB: we're sure to have correct a_ops only after f_op->open */
  598. if (f->f_flags & O_DIRECT) {
  599. if (!f->f_mapping->a_ops ||
  600. ((!f->f_mapping->a_ops->direct_IO) &&
  601. (!f->f_mapping->a_ops->get_xip_mem))) {
  602. fput(f);
  603. f = ERR_PTR(-EINVAL);
  604. }
  605. }
  606. return f;
  607. cleanup_all:
  608. fops_put(f->f_op);
  609. if (f->f_mode & FMODE_WRITE) {
  610. put_write_access(inode);
  611. if (!special_file(inode->i_mode)) {
  612. /*
  613. * We don't consider this a real
  614. * mnt_want/drop_write() pair
  615. * because it all happenend right
  616. * here, so just reset the state.
  617. */
  618. file_reset_write(f);
  619. mnt_drop_write(mnt);
  620. }
  621. }
  622. file_sb_list_del(f);
  623. f->f_path.dentry = NULL;
  624. f->f_path.mnt = NULL;
  625. cleanup_file:
  626. put_filp(f);
  627. dput(dentry);
  628. mntput(mnt);
  629. return ERR_PTR(error);
  630. }
  631. /**
  632. * lookup_instantiate_filp - instantiates the open intent filp
  633. * @nd: pointer to nameidata
  634. * @dentry: pointer to dentry
  635. * @open: open callback
  636. *
  637. * Helper for filesystems that want to use lookup open intents and pass back
  638. * a fully instantiated struct file to the caller.
  639. * This function is meant to be called from within a filesystem's
  640. * lookup method.
  641. * Beware of calling it for non-regular files! Those ->open methods might block
  642. * (e.g. in fifo_open), leaving you with parent locked (and in case of fifo,
  643. * leading to a deadlock, as nobody can open that fifo anymore, because
  644. * another process to open fifo will block on locked parent when doing lookup).
  645. * Note that in case of error, nd->intent.open.file is destroyed, but the
  646. * path information remains valid.
  647. * If the open callback is set to NULL, then the standard f_op->open()
  648. * filesystem callback is substituted.
  649. */
  650. struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry,
  651. int (*open)(struct inode *, struct file *))
  652. {
  653. const struct cred *cred = current_cred();
  654. if (IS_ERR(nd->intent.open.file))
  655. goto out;
  656. if (IS_ERR(dentry))
  657. goto out_err;
  658. nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt),
  659. nd->intent.open.file,
  660. open, cred);
  661. out:
  662. return nd->intent.open.file;
  663. out_err:
  664. release_open_intent(nd);
  665. nd->intent.open.file = ERR_CAST(dentry);
  666. goto out;
  667. }
  668. EXPORT_SYMBOL_GPL(lookup_instantiate_filp);
  669. /**
  670. * nameidata_to_filp - convert a nameidata to an open filp.
  671. * @nd: pointer to nameidata
  672. * @flags: open flags
  673. *
  674. * Note that this function destroys the original nameidata
  675. */
  676. struct file *nameidata_to_filp(struct nameidata *nd)
  677. {
  678. const struct cred *cred = current_cred();
  679. struct file *filp;
  680. /* Pick up the filp from the open intent */
  681. filp = nd->intent.open.file;
  682. nd->intent.open.file = NULL;
  683. /* Has the filesystem initialised the file for us? */
  684. if (filp->f_path.dentry == NULL) {
  685. path_get(&nd->path);
  686. filp = __dentry_open(nd->path.dentry, nd->path.mnt, filp,
  687. NULL, cred);
  688. }
  689. return filp;
  690. }
  691. /*
  692. * dentry_open() will have done dput(dentry) and mntput(mnt) if it returns an
  693. * error.
  694. */
  695. struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags,
  696. const struct cred *cred)
  697. {
  698. int error;
  699. struct file *f;
  700. validate_creds(cred);
  701. /* We must always pass in a valid mount pointer. */
  702. BUG_ON(!mnt);
  703. error = -ENFILE;
  704. f = get_empty_filp();
  705. if (f == NULL) {
  706. dput(dentry);
  707. mntput(mnt);
  708. return ERR_PTR(error);
  709. }
  710. f->f_flags = flags;
  711. return __dentry_open(dentry, mnt, f, NULL, cred);
  712. }
  713. EXPORT_SYMBOL(dentry_open);
  714. static void __put_unused_fd(struct files_struct *files, unsigned int fd)
  715. {
  716. struct fdtable *fdt = files_fdtable(files);
  717. __FD_CLR(fd, fdt->open_fds);
  718. if (fd < files->next_fd)
  719. files->next_fd = fd;
  720. }
  721. void put_unused_fd(unsigned int fd)
  722. {
  723. struct files_struct *files = current->files;
  724. spin_lock(&files->file_lock);
  725. __put_unused_fd(files, fd);
  726. spin_unlock(&files->file_lock);
  727. }
  728. EXPORT_SYMBOL(put_unused_fd);
  729. /*
  730. * Install a file pointer in the fd array.
  731. *
  732. * The VFS is full of places where we drop the files lock between
  733. * setting the open_fds bitmap and installing the file in the file
  734. * array. At any such point, we are vulnerable to a dup2() race
  735. * installing a file in the array before us. We need to detect this and
  736. * fput() the struct file we are about to overwrite in this case.
  737. *
  738. * It should never happen - if we allow dup2() do it, _really_ bad things
  739. * will follow.
  740. */
  741. void fd_install(unsigned int fd, struct file *file)
  742. {
  743. struct files_struct *files = current->files;
  744. struct fdtable *fdt;
  745. spin_lock(&files->file_lock);
  746. fdt = files_fdtable(files);
  747. BUG_ON(fdt->fd[fd] != NULL);
  748. rcu_assign_pointer(fdt->fd[fd], file);
  749. spin_unlock(&files->file_lock);
  750. }
  751. EXPORT_SYMBOL(fd_install);
  752. static inline int build_open_flags(int flags, int mode, struct open_flags *op)
  753. {
  754. int lookup_flags = 0;
  755. int acc_mode;
  756. if (flags & O_CREAT)
  757. op->mode = (mode & S_IALLUGO) | S_IFREG;
  758. else
  759. op->mode = 0;
  760. /* Must never be set by userspace */
  761. flags &= ~FMODE_NONOTIFY;
  762. /*
  763. * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only
  764. * check for O_DSYNC if the need any syncing at all we enforce it's
  765. * always set instead of having to deal with possibly weird behaviour
  766. * for malicious applications setting only __O_SYNC.
  767. */
  768. if (flags & __O_SYNC)
  769. flags |= O_DSYNC;
  770. /*
  771. * If we have O_PATH in the open flag. Then we
  772. * cannot have anything other than the below set of flags
  773. */
  774. if (flags & O_PATH) {
  775. flags &= O_DIRECTORY | O_NOFOLLOW | O_PATH;
  776. acc_mode = 0;
  777. } else {
  778. acc_mode = MAY_OPEN | ACC_MODE(flags);
  779. }
  780. op->open_flag = flags;
  781. /* O_TRUNC implies we need access checks for write permissions */
  782. if (flags & O_TRUNC)
  783. acc_mode |= MAY_WRITE;
  784. /* Allow the LSM permission hook to distinguish append
  785. access from general write access. */
  786. if (flags & O_APPEND)
  787. acc_mode |= MAY_APPEND;
  788. op->acc_mode = acc_mode;
  789. op->intent = flags & O_PATH ? 0 : LOOKUP_OPEN;
  790. if (flags & O_CREAT) {
  791. op->intent |= LOOKUP_CREATE;
  792. if (flags & O_EXCL)
  793. op->intent |= LOOKUP_EXCL;
  794. }
  795. if (flags & O_DIRECTORY)
  796. lookup_flags |= LOOKUP_DIRECTORY;
  797. if (!(flags & O_NOFOLLOW))
  798. lookup_flags |= LOOKUP_FOLLOW;
  799. return lookup_flags;
  800. }
  801. /**
  802. * filp_open - open file and return file pointer
  803. *
  804. * @filename: path to open
  805. * @flags: open flags as per the open(2) second argument
  806. * @mode: mode for the new file if O_CREAT is set, else ignored
  807. *
  808. * This is the helper to open a file from kernelspace if you really
  809. * have to. But in generally you should not do this, so please move
  810. * along, nothing to see here..
  811. */
  812. struct file *filp_open(const char *filename, int flags, int mode)
  813. {
  814. struct open_flags op;
  815. int lookup = build_open_flags(flags, mode, &op);
  816. return do_filp_open(AT_FDCWD, filename, &op, lookup);
  817. }
  818. EXPORT_SYMBOL(filp_open);
  819. struct file *file_open_root(struct dentry *dentry, struct vfsmount *mnt,
  820. const char *filename, int flags)
  821. {
  822. struct open_flags op;
  823. int lookup = build_open_flags(flags, 0, &op);
  824. if (flags & O_CREAT)
  825. return ERR_PTR(-EINVAL);
  826. if (!filename && (flags & O_DIRECTORY))
  827. if (!dentry->d_inode->i_op->lookup)
  828. return ERR_PTR(-ENOTDIR);
  829. return do_file_open_root(dentry, mnt, filename, &op, lookup);
  830. }
  831. EXPORT_SYMBOL(file_open_root);
  832. long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
  833. {
  834. struct open_flags op;
  835. int lookup = build_open_flags(flags, mode, &op);
  836. char *tmp = getname(filename);
  837. int fd = PTR_ERR(tmp);
  838. if (!IS_ERR(tmp)) {
  839. fd = get_unused_fd_flags(flags);
  840. if (fd >= 0) {
  841. struct file *f = do_filp_open(dfd, tmp, &op, lookup);
  842. if (IS_ERR(f)) {
  843. put_unused_fd(fd);
  844. fd = PTR_ERR(f);
  845. } else {
  846. fsnotify_open(f);
  847. fd_install(fd, f);
  848. }
  849. }
  850. putname(tmp);
  851. }
  852. return fd;
  853. }
  854. SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, int, mode)
  855. {
  856. long ret;
  857. if (force_o_largefile())
  858. flags |= O_LARGEFILE;
  859. ret = do_sys_open(AT_FDCWD, filename, flags, mode);
  860. /* avoid REGPARM breakage on x86: */
  861. asmlinkage_protect(3, ret, filename, flags, mode);
  862. return ret;
  863. }
  864. SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags,
  865. int, mode)
  866. {
  867. long ret;
  868. if (force_o_largefile())
  869. flags |= O_LARGEFILE;
  870. ret = do_sys_open(dfd, filename, flags, mode);
  871. /* avoid REGPARM breakage on x86: */
  872. asmlinkage_protect(4, ret, dfd, filename, flags, mode);
  873. return ret;
  874. }
  875. #ifndef __alpha__
  876. /*
  877. * For backward compatibility? Maybe this should be moved
  878. * into arch/i386 instead?
  879. */
  880. SYSCALL_DEFINE2(creat, const char __user *, pathname, int, mode)
  881. {
  882. return sys_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode);
  883. }
  884. #endif
  885. /*
  886. * "id" is the POSIX thread ID. We use the
  887. * files pointer for this..
  888. */
  889. int filp_close(struct file *filp, fl_owner_t id)
  890. {
  891. int retval = 0;
  892. if (!file_count(filp)) {
  893. printk(KERN_ERR "VFS: Close: file count is 0\n");
  894. return 0;
  895. }
  896. if (filp->f_op && filp->f_op->flush)
  897. retval = filp->f_op->flush(filp, id);
  898. if (likely(!(filp->f_mode & FMODE_PATH))) {
  899. dnotify_flush(filp, id);
  900. locks_remove_posix(filp, id);
  901. }
  902. fput(filp);
  903. return retval;
  904. }
  905. EXPORT_SYMBOL(filp_close);
  906. /*
  907. * Careful here! We test whether the file pointer is NULL before
  908. * releasing the fd. This ensures that one clone task can't release
  909. * an fd while another clone is opening it.
  910. */
  911. SYSCALL_DEFINE1(close, unsigned int, fd)
  912. {
  913. struct file * filp;
  914. struct files_struct *files = current->files;
  915. struct fdtable *fdt;
  916. int retval;
  917. spin_lock(&files->file_lock);
  918. fdt = files_fdtable(files);
  919. if (fd >= fdt->max_fds)
  920. goto out_unlock;
  921. filp = fdt->fd[fd];
  922. if (!filp)
  923. goto out_unlock;
  924. rcu_assign_pointer(fdt->fd[fd], NULL);
  925. FD_CLR(fd, fdt->close_on_exec);
  926. __put_unused_fd(files, fd);
  927. spin_unlock(&files->file_lock);
  928. retval = filp_close(filp, files);
  929. /* can't restart close syscall because file table entry was cleared */
  930. if (unlikely(retval == -ERESTARTSYS ||
  931. retval == -ERESTARTNOINTR ||
  932. retval == -ERESTARTNOHAND ||
  933. retval == -ERESTART_RESTARTBLOCK))
  934. retval = -EINTR;
  935. return retval;
  936. out_unlock:
  937. spin_unlock(&files->file_lock);
  938. return -EBADF;
  939. }
  940. EXPORT_SYMBOL(sys_close);
  941. /*
  942. * This routine simulates a hangup on the tty, to arrange that users
  943. * are given clean terminals at login time.
  944. */
  945. SYSCALL_DEFINE0(vhangup)
  946. {
  947. if (capable(CAP_SYS_TTY_CONFIG)) {
  948. tty_vhangup_self();
  949. return 0;
  950. }
  951. return -EPERM;
  952. }
  953. /*
  954. * Called when an inode is about to be open.
  955. * We use this to disallow opening large files on 32bit systems if
  956. * the caller didn't specify O_LARGEFILE. On 64bit systems we force
  957. * on this flag in sys_open.
  958. */
  959. int generic_file_open(struct inode * inode, struct file * filp)
  960. {
  961. if (!(filp->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS)
  962. return -EOVERFLOW;
  963. return 0;
  964. }
  965. EXPORT_SYMBOL(generic_file_open);
  966. /*
  967. * This is used by subsystems that don't want seekable
  968. * file descriptors. The function is not supposed to ever fail, the only
  969. * reason it returns an 'int' and not 'void' is so that it can be plugged
  970. * directly into file_operations structure.
  971. */
  972. int nonseekable_open(struct inode *inode, struct file *filp)
  973. {
  974. filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE);
  975. return 0;
  976. }
  977. EXPORT_SYMBOL(nonseekable_open);