search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 4.14.212
[linux/fpc-iii.git] / fs / open.c
blob49fd070be0ec2afe52a46490735de7e7a1ebabe0
1 /*
2 * linux/fs/open.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7 #include <linux/string.h>
8 #include <linux/mm.h>
9 #include <linux/file.h>
10 #include <linux/fdtable.h>
11 #include <linux/fsnotify.h>
12 #include <linux/module.h>
13 #include <linux/tty.h>
14 #include <linux/namei.h>
15 #include <linux/backing-dev.h>
16 #include <linux/capability.h>
17 #include <linux/securebits.h>
18 #include <linux/security.h>
19 #include <linux/mount.h>
20 #include <linux/fcntl.h>
21 #include <linux/slab.h>
22 #include <linux/uaccess.h>
23 #include <linux/fs.h>
24 #include <linux/personality.h>
25 #include <linux/pagemap.h>
26 #include <linux/syscalls.h>
27 #include <linux/rcupdate.h>
28 #include <linux/audit.h>
29 #include <linux/falloc.h>
30 #include <linux/fs_struct.h>
31 #include <linux/ima.h>
32 #include <linux/dnotify.h>
33 #include <linux/compat.h>
34
35 #include "internal.h"
36
37 int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
38 struct file *filp)
39 {
40 int ret;
41 struct iattr newattrs;
42
43 /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */
44 if (length < 0)
45 return -EINVAL;
46
47 newattrs.ia_size = length;
48 newattrs.ia_valid = ATTR_SIZE | time_attrs;
49 if (filp) {
50 newattrs.ia_file = filp;
51 newattrs.ia_valid |= ATTR_FILE;
52 }
53
54 /* Remove suid, sgid, and file capabilities on truncate too */
55 ret = dentry_needs_remove_privs(dentry);
56 if (ret < 0)
57 return ret;
58 if (ret)
59 newattrs.ia_valid |= ret | ATTR_FORCE;
60
61 inode_lock(dentry->d_inode);
62 /* Note any delegations or leases have already been broken: */
63 ret = notify_change(dentry, &newattrs, NULL);
64 inode_unlock(dentry->d_inode);
65 return ret;
66 }
67
68 long vfs_truncate(const struct path *path, loff_t length)
69 {
70 struct inode *inode;
71 struct dentry *upperdentry;
72 long error;
73
74 inode = path->dentry->d_inode;
75
76 /* For directories it's -EISDIR, for other non-regulars - -EINVAL */
77 if (S_ISDIR(inode->i_mode))
78 return -EISDIR;
79 if (!S_ISREG(inode->i_mode))
80 return -EINVAL;
81
82 error = mnt_want_write(path->mnt);
83 if (error)
84 goto out;
85
86 error = inode_permission(inode, MAY_WRITE);
87 if (error)
88 goto mnt_drop_write_and_out;
89
90 error = -EPERM;
91 if (IS_APPEND(inode))
92 goto mnt_drop_write_and_out;
93
94 /*
95 * If this is an overlayfs then do as if opening the file so we get
96 * write access on the upper inode, not on the overlay inode. For
97 * non-overlay filesystems d_real() is an identity function.
98 */
99 upperdentry = d_real(path->dentry, NULL, O_WRONLY, 0);
100 error = PTR_ERR(upperdentry);
101 if (IS_ERR(upperdentry))
102 goto mnt_drop_write_and_out;
103
104 error = get_write_access(upperdentry->d_inode);
105 if (error)
106 goto mnt_drop_write_and_out;
107
108 /*
109 * Make sure that there are no leases. get_write_access() protects
110 * against the truncate racing with a lease-granting setlease().
111 */
112 error = break_lease(inode, O_WRONLY);
113 if (error)
114 goto put_write_and_out;
115
116 error = locks_verify_truncate(inode, NULL, length);
117 if (!error)
118 error = security_path_truncate(path);
119 if (!error)
120 error = do_truncate(path->dentry, length, 0, NULL);
121
122 put_write_and_out:
123 put_write_access(upperdentry->d_inode);
124 mnt_drop_write_and_out:
125 mnt_drop_write(path->mnt);
126 out:
127 return error;
128 }
129 EXPORT_SYMBOL_GPL(vfs_truncate);
130
131 static long do_sys_truncate(const char __user *pathname, loff_t length)
132 {
133 unsigned int lookup_flags = LOOKUP_FOLLOW;
134 struct path path;
135 int error;
136
137 if (length < 0) /* sorry, but loff_t says... */
138 return -EINVAL;
139
140 retry:
141 error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
142 if (!error) {
143 error = vfs_truncate(&path, length);
144 path_put(&path);
145 }
146 if (retry_estale(error, lookup_flags)) {
147 lookup_flags |= LOOKUP_REVAL;
148 goto retry;
149 }
150 return error;
151 }
152
153 SYSCALL_DEFINE2(truncate, const char __user *, path, long, length)
154 {
155 return do_sys_truncate(path, length);
156 }
157
158 #ifdef CONFIG_COMPAT
159 COMPAT_SYSCALL_DEFINE2(truncate, const char __user *, path, compat_off_t, length)
160 {
161 return do_sys_truncate(path, length);
162 }
163 #endif
164
165 static long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
166 {
167 struct inode *inode;
168 struct dentry *dentry;
169 struct fd f;
170 int error;
171
172 error = -EINVAL;
173 if (length < 0)
174 goto out;
175 error = -EBADF;
176 f = fdget(fd);
177 if (!f.file)
178 goto out;
179
180 /* explicitly opened as large or we are on 64-bit box */
181 if (f.file->f_flags & O_LARGEFILE)
182 small = 0;
183
184 dentry = f.file->f_path.dentry;
185 inode = dentry->d_inode;
186 error = -EINVAL;
187 if (!S_ISREG(inode->i_mode) || !(f.file->f_mode & FMODE_WRITE))
188 goto out_putf;
189
190 error = -EINVAL;
191 /* Cannot ftruncate over 2^31 bytes without large file support */
192 if (small && length > MAX_NON_LFS)
193 goto out_putf;
194
195 error = -EPERM;
196 /* Check IS_APPEND on real upper inode */
197 if (IS_APPEND(file_inode(f.file)))
198 goto out_putf;
199
200 sb_start_write(inode->i_sb);
201 error = locks_verify_truncate(inode, f.file, length);
202 if (!error)
203 error = security_path_truncate(&f.file->f_path);
204 if (!error)
205 error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file);
206 sb_end_write(inode->i_sb);
207 out_putf:
208 fdput(f);
209 out:
210 return error;
211 }
212
213 SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length)
214 {
215 return do_sys_ftruncate(fd, length, 1);
216 }
217
218 #ifdef CONFIG_COMPAT
219 COMPAT_SYSCALL_DEFINE2(ftruncate, unsigned int, fd, compat_ulong_t, length)
220 {
221 return do_sys_ftruncate(fd, length, 1);
222 }
223 #endif
224
225 /* LFS versions of truncate are only needed on 32 bit machines */
226 #if BITS_PER_LONG == 32
227 SYSCALL_DEFINE2(truncate64, const char __user *, path, loff_t, length)
228 {
229 return do_sys_truncate(path, length);
230 }
231
232 SYSCALL_DEFINE2(ftruncate64, unsigned int, fd, loff_t, length)
233 {
234 return do_sys_ftruncate(fd, length, 0);
235 }
236 #endif /* BITS_PER_LONG == 32 */
237
238
239 int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
240 {
241 struct inode *inode = file_inode(file);
242 long ret;
243
244 if (offset < 0 || len <= 0)
245 return -EINVAL;
246
247 /* Return error if mode is not supported */
248 if (mode & ~FALLOC_FL_SUPPORTED_MASK)
249 return -EOPNOTSUPP;
250
251 /* Punch hole and zero range are mutually exclusive */
252 if ((mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) ==
253 (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE))
254 return -EOPNOTSUPP;
255
256 /* Punch hole must have keep size set */
257 if ((mode & FALLOC_FL_PUNCH_HOLE) &&
258 !(mode & FALLOC_FL_KEEP_SIZE))
259 return -EOPNOTSUPP;
260
261 /* Collapse range should only be used exclusively. */
262 if ((mode & FALLOC_FL_COLLAPSE_RANGE) &&
263 (mode & ~FALLOC_FL_COLLAPSE_RANGE))
264 return -EINVAL;
265
266 /* Insert range should only be used exclusively. */
267 if ((mode & FALLOC_FL_INSERT_RANGE) &&
268 (mode & ~FALLOC_FL_INSERT_RANGE))
269 return -EINVAL;
270
271 /* Unshare range should only be used with allocate mode. */
272 if ((mode & FALLOC_FL_UNSHARE_RANGE) &&
273 (mode & ~(FALLOC_FL_UNSHARE_RANGE | FALLOC_FL_KEEP_SIZE)))
274 return -EINVAL;
275
276 if (!(file->f_mode & FMODE_WRITE))
277 return -EBADF;
278
279 /*
280 * We can only allow pure fallocate on append only files
281 */
282 if ((mode & ~FALLOC_FL_KEEP_SIZE) && IS_APPEND(inode))
283 return -EPERM;
284
285 if (IS_IMMUTABLE(inode))
286 return -EPERM;
287
288 /*
289 * We cannot allow any fallocate operation on an active swapfile
290 */
291 if (IS_SWAPFILE(inode))
292 return -ETXTBSY;
293
294 /*
295 * Revalidate the write permissions, in case security policy has
296 * changed since the files were opened.
297 */
298 ret = security_file_permission(file, MAY_WRITE);
299 if (ret)
300 return ret;
301
302 if (S_ISFIFO(inode->i_mode))
303 return -ESPIPE;
304
305 if (S_ISDIR(inode->i_mode))
306 return -EISDIR;
307
308 if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
309 return -ENODEV;
310
311 /* Check for wrap through zero too */
312 if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0))
313 return -EFBIG;
314
315 if (!file->f_op->fallocate)
316 return -EOPNOTSUPP;
317
318 file_start_write(file);
319 ret = file->f_op->fallocate(file, mode, offset, len);
320
321 /*
322 * Create inotify and fanotify events.
323 *
324 * To keep the logic simple always create events if fallocate succeeds.
325 * This implies that events are even created if the file size remains
326 * unchanged, e.g. when using flag FALLOC_FL_KEEP_SIZE.
327 */
328 if (ret == 0)
329 fsnotify_modify(file);
330
331 file_end_write(file);
332 return ret;
333 }
334 EXPORT_SYMBOL_GPL(vfs_fallocate);
335
336 SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
337 {
338 struct fd f = fdget(fd);
339 int error = -EBADF;
340
341 if (f.file) {
342 error = vfs_fallocate(f.file, mode, offset, len);
343 fdput(f);
344 }
345 return error;
346 }
347
348 /*
349 * access() needs to use the real uid/gid, not the effective uid/gid.
350 * We do this by temporarily clearing all FS-related capabilities and
351 * switching the fsuid/fsgid around to the real ones.
352 */
353 SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
354 {
355 const struct cred *old_cred;
356 struct cred *override_cred;
357 struct path path;
358 struct inode *inode;
359 int res;
360 unsigned int lookup_flags = LOOKUP_FOLLOW;
361
362 if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
363 return -EINVAL;
364
365 override_cred = prepare_creds();
366 if (!override_cred)
367 return -ENOMEM;
368
369 override_cred->fsuid = override_cred->uid;
370 override_cred->fsgid = override_cred->gid;
371
372 if (!issecure(SECURE_NO_SETUID_FIXUP)) {
373 /* Clear the capabilities if we switch to a non-root user */
374 kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
375 if (!uid_eq(override_cred->uid, root_uid))
376 cap_clear(override_cred->cap_effective);
377 else
378 override_cred->cap_effective =
379 override_cred->cap_permitted;
380 }
381
382 /*
383 * The new set of credentials can *only* be used in
384 * task-synchronous circumstances, and does not need
385 * RCU freeing, unless somebody then takes a separate
386 * reference to it.
387 *
388 * NOTE! This is _only_ true because this credential
389 * is used purely for override_creds() that installs
390 * it as the subjective cred. Other threads will be
391 * accessing ->real_cred, not the subjective cred.
392 *
393 * If somebody _does_ make a copy of this (using the
394 * 'get_current_cred()' function), that will clear the
395 * non_rcu field, because now that other user may be
396 * expecting RCU freeing. But normal thread-synchronous
397 * cred accesses will keep things non-RCY.
398 */
399 override_cred->non_rcu = 1;
400
401 old_cred = override_creds(override_cred);
402 retry:
403 res = user_path_at(dfd, filename, lookup_flags, &path);
404 if (res)
405 goto out;
406
407 inode = d_backing_inode(path.dentry);
408
409 if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) {
410 /*
411 * MAY_EXEC on regular files is denied if the fs is mounted
412 * with the "noexec" flag.
413 */
414 res = -EACCES;
415 if (path_noexec(&path))
416 goto out_path_release;
417 }
418
419 res = inode_permission(inode, mode | MAY_ACCESS);
420 /* SuS v2 requires we report a read only fs too */
421 if (res || !(mode & S_IWOTH) || special_file(inode->i_mode))
422 goto out_path_release;
423 /*
424 * This is a rare case where using __mnt_is_readonly()
425 * is OK without a mnt_want/drop_write() pair. Since
426 * no actual write to the fs is performed here, we do
427 * not need to telegraph to that to anyone.
428 *
429 * By doing this, we accept that this access is
430 * inherently racy and know that the fs may change
431 * state before we even see this result.
432 */
433 if (__mnt_is_readonly(path.mnt))
434 res = -EROFS;
435
436 out_path_release:
437 path_put(&path);
438 if (retry_estale(res, lookup_flags)) {
439 lookup_flags |= LOOKUP_REVAL;
440 goto retry;
441 }
442 out:
443 revert_creds(old_cred);
444 put_cred(override_cred);
445 return res;
446 }
447
448 SYSCALL_DEFINE2(access, const char __user *, filename, int, mode)
449 {
450 return sys_faccessat(AT_FDCWD, filename, mode);
451 }
452
453 SYSCALL_DEFINE1(chdir, const char __user *, filename)
454 {
455 struct path path;
456 int error;
457 unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
458 retry:
459 error = user_path_at(AT_FDCWD, filename, lookup_flags, &path);
460 if (error)
461 goto out;
462
463 error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
464 if (error)
465 goto dput_and_out;
466
467 set_fs_pwd(current->fs, &path);
468
469 dput_and_out:
470 path_put(&path);
471 if (retry_estale(error, lookup_flags)) {
472 lookup_flags |= LOOKUP_REVAL;
473 goto retry;
474 }
475 out:
476 return error;
477 }
478
479 SYSCALL_DEFINE1(fchdir, unsigned int, fd)
480 {
481 struct fd f = fdget_raw(fd);
482 int error;
483
484 error = -EBADF;
485 if (!f.file)
486 goto out;
487
488 error = -ENOTDIR;
489 if (!d_can_lookup(f.file->f_path.dentry))
490 goto out_putf;
491
492 error = inode_permission(file_inode(f.file), MAY_EXEC | MAY_CHDIR);
493 if (!error)
494 set_fs_pwd(current->fs, &f.file->f_path);
495 out_putf:
496 fdput(f);
497 out:
498 return error;
499 }
500
501 SYSCALL_DEFINE1(chroot, const char __user *, filename)
502 {
503 struct path path;
504 int error;
505 unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
506 retry:
507 error = user_path_at(AT_FDCWD, filename, lookup_flags, &path);
508 if (error)
509 goto out;
510
511 error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
512 if (error)
513 goto dput_and_out;
514
515 error = -EPERM;
516 if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT))
517 goto dput_and_out;
518 error = security_path_chroot(&path);
519 if (error)
520 goto dput_and_out;
521
522 set_fs_root(current->fs, &path);
523 error = 0;
524 dput_and_out:
525 path_put(&path);
526 if (retry_estale(error, lookup_flags)) {
527 lookup_flags |= LOOKUP_REVAL;
528 goto retry;
529 }
530 out:
531 return error;
532 }
533
534 static int chmod_common(const struct path *path, umode_t mode)
535 {
536 struct inode *inode = path->dentry->d_inode;
537 struct inode *delegated_inode = NULL;
538 struct iattr newattrs;
539 int error;
540
541 error = mnt_want_write(path->mnt);
542 if (error)
543 return error;
544 retry_deleg:
545 inode_lock(inode);
546 error = security_path_chmod(path, mode);
547 if (error)
548 goto out_unlock;
549 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
550 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
551 error = notify_change(path->dentry, &newattrs, &delegated_inode);
552 out_unlock:
553 inode_unlock(inode);
554 if (delegated_inode) {
555 error = break_deleg_wait(&delegated_inode);
556 if (!error)
557 goto retry_deleg;
558 }
559 mnt_drop_write(path->mnt);
560 return error;
561 }
562
563 SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode)
564 {
565 struct fd f = fdget(fd);
566 int err = -EBADF;
567
568 if (f.file) {
569 audit_file(f.file);
570 err = chmod_common(&f.file->f_path, mode);
571 fdput(f);
572 }
573 return err;
574 }
575
576 SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename, umode_t, mode)
577 {
578 struct path path;
579 int error;
580 unsigned int lookup_flags = LOOKUP_FOLLOW;
581 retry:
582 error = user_path_at(dfd, filename, lookup_flags, &path);
583 if (!error) {
584 error = chmod_common(&path, mode);
585 path_put(&path);
586 if (retry_estale(error, lookup_flags)) {
587 lookup_flags |= LOOKUP_REVAL;
588 goto retry;
589 }
590 }
591 return error;
592 }
593
594 SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode)
595 {
596 return sys_fchmodat(AT_FDCWD, filename, mode);
597 }
598
599 static int chown_common(const struct path *path, uid_t user, gid_t group)
600 {
601 struct inode *inode = path->dentry->d_inode;
602 struct inode *delegated_inode = NULL;
603 int error;
604 struct iattr newattrs;
605 kuid_t uid;
606 kgid_t gid;
607
608 uid = make_kuid(current_user_ns(), user);
609 gid = make_kgid(current_user_ns(), group);
610
611 retry_deleg:
612 newattrs.ia_valid = ATTR_CTIME;
613 if (user != (uid_t) -1) {
614 if (!uid_valid(uid))
615 return -EINVAL;
616 newattrs.ia_valid |= ATTR_UID;
617 newattrs.ia_uid = uid;
618 }
619 if (group != (gid_t) -1) {
620 if (!gid_valid(gid))
621 return -EINVAL;
622 newattrs.ia_valid |= ATTR_GID;
623 newattrs.ia_gid = gid;
624 }
625 if (!S_ISDIR(inode->i_mode))
626 newattrs.ia_valid |=
627 ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
628 inode_lock(inode);
629 error = security_path_chown(path, uid, gid);
630 if (!error)
631 error = notify_change(path->dentry, &newattrs, &delegated_inode);
632 inode_unlock(inode);
633 if (delegated_inode) {
634 error = break_deleg_wait(&delegated_inode);
635 if (!error)
636 goto retry_deleg;
637 }
638 return error;
639 }
640
641 SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user,
642 gid_t, group, int, flag)
643 {
644 struct path path;
645 int error = -EINVAL;
646 int lookup_flags;
647
648 if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
649 goto out;
650
651 lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
652 if (flag & AT_EMPTY_PATH)
653 lookup_flags |= LOOKUP_EMPTY;
654 retry:
655 error = user_path_at(dfd, filename, lookup_flags, &path);
656 if (error)
657 goto out;
658 error = mnt_want_write(path.mnt);
659 if (error)
660 goto out_release;
661 error = chown_common(&path, user, group);
662 mnt_drop_write(path.mnt);
663 out_release:
664 path_put(&path);
665 if (retry_estale(error, lookup_flags)) {
666 lookup_flags |= LOOKUP_REVAL;
667 goto retry;
668 }
669 out:
670 return error;
671 }
672
673 SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group)
674 {
675 return sys_fchownat(AT_FDCWD, filename, user, group, 0);
676 }
677
678 SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group)
679 {
680 return sys_fchownat(AT_FDCWD, filename, user, group,
681 AT_SYMLINK_NOFOLLOW);
682 }
683
684 SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group)
685 {
686 struct fd f = fdget(fd);
687 int error = -EBADF;
688
689 if (!f.file)
690 goto out;
691
692 error = mnt_want_write_file_path(f.file);
693 if (error)
694 goto out_fput;
695 audit_file(f.file);
696 error = chown_common(&f.file->f_path, user, group);
697 mnt_drop_write_file_path(f.file);
698 out_fput:
699 fdput(f);
700 out:
701 return error;
702 }
703
704 int open_check_o_direct(struct file *f)
705 {
706 /* NB: we're sure to have correct a_ops only after f_op->open */
707 if (f->f_flags & O_DIRECT) {
708 if (!f->f_mapping->a_ops || !f->f_mapping->a_ops->direct_IO)
709 return -EINVAL;
710 }
711 return 0;
712 }
713
714 static int do_dentry_open(struct file *f,
715 struct inode *inode,
716 int (*open)(struct inode *, struct file *),
717 const struct cred *cred)
718 {
719 static const struct file_operations empty_fops = {};
720 int error;
721
722 f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK |
723 FMODE_PREAD | FMODE_PWRITE;
724
725 path_get(&f->f_path);
726 f->f_inode = inode;
727 f->f_mapping = inode->i_mapping;
728
729 /* Ensure that we skip any errors that predate opening of the file */
730 f->f_wb_err = filemap_sample_wb_err(f->f_mapping);
731
732 if (unlikely(f->f_flags & O_PATH)) {
733 f->f_mode = FMODE_PATH;
734 f->f_op = &empty_fops;
735 return 0;
736 }
737
738 /* Any file opened for execve()/uselib() has to be a regular file. */
739 if (unlikely(f->f_flags & FMODE_EXEC && !S_ISREG(inode->i_mode))) {
740 error = -EACCES;
741 goto cleanup_file;
742 }
743
744 if (f->f_mode & FMODE_WRITE && !special_file(inode->i_mode)) {
745 error = get_write_access(inode);
746 if (unlikely(error))
747 goto cleanup_file;
748 error = __mnt_want_write(f->f_path.mnt);
749 if (unlikely(error)) {
750 put_write_access(inode);
751 goto cleanup_file;
752 }
753 f->f_mode |= FMODE_WRITER;
754 }
755
756 /* POSIX.1-2008/SUSv4 Section XSI 2.9.7 */
757 if (S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))
758 f->f_mode |= FMODE_ATOMIC_POS;
759
760 f->f_op = fops_get(inode->i_fop);
761 if (unlikely(WARN_ON(!f->f_op))) {
762 error = -ENODEV;
763 goto cleanup_all;
764 }
765
766 error = security_file_open(f, cred);
767 if (error)
768 goto cleanup_all;
769
770 error = break_lease(locks_inode(f), f->f_flags);
771 if (error)
772 goto cleanup_all;
773
774 if (!open)
775 open = f->f_op->open;
776 if (open) {
777 error = open(inode, f);
778 if (error)
779 goto cleanup_all;
780 }
781 if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
782 i_readcount_inc(inode);
783 if ((f->f_mode & FMODE_READ) &&
784 likely(f->f_op->read || f->f_op->read_iter))
785 f->f_mode |= FMODE_CAN_READ;
786 if ((f->f_mode & FMODE_WRITE) &&
787 likely(f->f_op->write || f->f_op->write_iter))
788 f->f_mode |= FMODE_CAN_WRITE;
789
790 f->f_write_hint = WRITE_LIFE_NOT_SET;
791 f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC);
792
793 file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping);
794
795 return 0;
796
797 cleanup_all:
798 fops_put(f->f_op);
799 if (f->f_mode & FMODE_WRITER) {
800 put_write_access(inode);
801 __mnt_drop_write(f->f_path.mnt);
802 }
803 cleanup_file:
804 path_put(&f->f_path);
805 f->f_path.mnt = NULL;
806 f->f_path.dentry = NULL;
807 f->f_inode = NULL;
808 return error;
809 }
810
811 /**
812 * finish_open - finish opening a file
813 * @file: file pointer
814 * @dentry: pointer to dentry
815 * @open: open callback
816 * @opened: state of open
817 *
818 * This can be used to finish opening a file passed to i_op->atomic_open().
819 *
820 * If the open callback is set to NULL, then the standard f_op->open()
821 * filesystem callback is substituted.
822 *
823 * NB: the dentry reference is _not_ consumed. If, for example, the dentry is
824 * the return value of d_splice_alias(), then the caller needs to perform dput()
825 * on it after finish_open().
826 *
827 * Returns zero on success or -errno if the open failed.
828 */
829 int finish_open(struct file *file, struct dentry *dentry,
830 int (*open)(struct inode *, struct file *),
831 int *opened)
832 {
833 int error;
834 BUG_ON(*opened & FILE_OPENED); /* once it's opened, it's opened */
835
836 file->f_path.dentry = dentry;
837 error = do_dentry_open(file, d_backing_inode(dentry), open,
838 current_cred());
839 if (!error)
840 *opened |= FILE_OPENED;
841
842 return error;
843 }
844 EXPORT_SYMBOL(finish_open);
845
846 /**
847 * finish_no_open - finish ->atomic_open() without opening the file
848 *
849 * @file: file pointer
850 * @dentry: dentry or NULL (as returned from ->lookup())
851 *
852 * This can be used to set the result of a successful lookup in ->atomic_open().
853 *
854 * NB: unlike finish_open() this function does consume the dentry reference and
855 * the caller need not dput() it.
856 *
857 * Returns "1" which must be the return value of ->atomic_open() after having
858 * called this function.
859 */
860 int finish_no_open(struct file *file, struct dentry *dentry)
861 {
862 file->f_path.dentry = dentry;
863 return 1;
864 }
865 EXPORT_SYMBOL(finish_no_open);
866
867 char *file_path(struct file *filp, char *buf, int buflen)
868 {
869 return d_path(&filp->f_path, buf, buflen);
870 }
871 EXPORT_SYMBOL(file_path);
872
873 /**
874 * vfs_open - open the file at the given path
875 * @path: path to open
876 * @file: newly allocated file with f_flag initialized
877 * @cred: credentials to use
878 */
879 int vfs_open(const struct path *path, struct file *file,
880 const struct cred *cred)
881 {
882 struct dentry *dentry = d_real(path->dentry, NULL, file->f_flags, 0);
883
884 if (IS_ERR(dentry))
885 return PTR_ERR(dentry);
886
887 file->f_path = *path;
888 return do_dentry_open(file, d_backing_inode(dentry), NULL, cred);
889 }
890
891 struct file *dentry_open(const struct path *path, int flags,
892 const struct cred *cred)
893 {
894 int error;
895 struct file *f;
896
897 validate_creds(cred);
898
899 /* We must always pass in a valid mount pointer. */
900 BUG_ON(!path->mnt);
901
902 f = get_empty_filp();
903 if (!IS_ERR(f)) {
904 f->f_flags = flags;
905 error = vfs_open(path, f, cred);
906 if (!error) {
907 /* from now on we need fput() to dispose of f */
908 error = open_check_o_direct(f);
909 if (error) {
910 fput(f);
911 f = ERR_PTR(error);
912 }
913 } else {
914 put_filp(f);
915 f = ERR_PTR(error);
916 }
917 }
918 return f;
919 }
920 EXPORT_SYMBOL(dentry_open);
921
922 static inline int build_open_flags(int flags, umode_t mode, struct open_flags *op)
923 {
924 int lookup_flags = 0;
925 int acc_mode = ACC_MODE(flags);
926
927 /*
928 * Clear out all open flags we don't know about so that we don't report
929 * them in fcntl(F_GETFD) or similar interfaces.
930 */
931 flags &= VALID_OPEN_FLAGS;
932
933 if (flags & (O_CREAT | __O_TMPFILE))
934 op->mode = (mode & S_IALLUGO) | S_IFREG;
935 else
936 op->mode = 0;
937
938 /* Must never be set by userspace */
939 flags &= ~FMODE_NONOTIFY & ~O_CLOEXEC;
940
941 /*
942 * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only
943 * check for O_DSYNC if the need any syncing at all we enforce it's
944 * always set instead of having to deal with possibly weird behaviour
945 * for malicious applications setting only __O_SYNC.
946 */
947 if (flags & __O_SYNC)
948 flags |= O_DSYNC;
949
950 if (flags & __O_TMPFILE) {
951 if ((flags & O_TMPFILE_MASK) != O_TMPFILE)
952 return -EINVAL;
953 if (!(acc_mode & MAY_WRITE))
954 return -EINVAL;
955 } else if (flags & O_PATH) {
956 /*
957 * If we have O_PATH in the open flag. Then we
958 * cannot have anything other than the below set of flags
959 */
960 flags &= O_DIRECTORY | O_NOFOLLOW | O_PATH;
961 acc_mode = 0;
962 }
963
964 op->open_flag = flags;
965
966 /* O_TRUNC implies we need access checks for write permissions */
967 if (flags & O_TRUNC)
968 acc_mode |= MAY_WRITE;
969
970 /* Allow the LSM permission hook to distinguish append
971 access from general write access. */
972 if (flags & O_APPEND)
973 acc_mode |= MAY_APPEND;
974
975 op->acc_mode = acc_mode;
976
977 op->intent = flags & O_PATH ? 0 : LOOKUP_OPEN;
978
979 if (flags & O_CREAT) {
980 op->intent |= LOOKUP_CREATE;
981 if (flags & O_EXCL)
982 op->intent |= LOOKUP_EXCL;
983 }
984
985 if (flags & O_DIRECTORY)
986 lookup_flags |= LOOKUP_DIRECTORY;
987 if (!(flags & O_NOFOLLOW))
988 lookup_flags |= LOOKUP_FOLLOW;
989 op->lookup_flags = lookup_flags;
990 return 0;
991 }
992
993 /**
994 * file_open_name - open file and return file pointer
995 *
996 * @name: struct filename containing path to open
997 * @flags: open flags as per the open(2) second argument
998 * @mode: mode for the new file if O_CREAT is set, else ignored
999 *
1000 * This is the helper to open a file from kernelspace if you really
1001 * have to. But in generally you should not do this, so please move
1002 * along, nothing to see here..
1003 */
1004 struct file *file_open_name(struct filename *name, int flags, umode_t mode)
1005 {
1006 struct open_flags op;
1007 int err = build_open_flags(flags, mode, &op);
1008 return err ? ERR_PTR(err) : do_filp_open(AT_FDCWD, name, &op);
1009 }
1010
1011 /**
1012 * filp_open - open file and return file pointer
1013 *
1014 * @filename: path to open
1015 * @flags: open flags as per the open(2) second argument
1016 * @mode: mode for the new file if O_CREAT is set, else ignored
1017 *
1018 * This is the helper to open a file from kernelspace if you really
1019 * have to. But in generally you should not do this, so please move
1020 * along, nothing to see here..
1021 */
1022 struct file *filp_open(const char *filename, int flags, umode_t mode)
1023 {
1024 struct filename *name = getname_kernel(filename);
1025 struct file *file = ERR_CAST(name);
1026
1027 if (!IS_ERR(name)) {
1028 file = file_open_name(name, flags, mode);
1029 putname(name);
1030 }
1031 return file;
1032 }
1033 EXPORT_SYMBOL(filp_open);
1034
1035 struct file *file_open_root(struct dentry *dentry, struct vfsmount *mnt,
1036 const char *filename, int flags, umode_t mode)
1037 {
1038 struct open_flags op;
1039 int err = build_open_flags(flags, mode, &op);
1040 if (err)
1041 return ERR_PTR(err);
1042 return do_file_open_root(dentry, mnt, filename, &op);
1043 }
1044 EXPORT_SYMBOL(file_open_root);
1045
1046 struct file *filp_clone_open(struct file *oldfile)
1047 {
1048 struct file *file;
1049 int retval;
1050
1051 file = get_empty_filp();
1052 if (IS_ERR(file))
1053 return file;
1054
1055 file->f_flags = oldfile->f_flags;
1056 retval = vfs_open(&oldfile->f_path, file, oldfile->f_cred);
1057 if (retval) {
1058 put_filp(file);
1059 return ERR_PTR(retval);
1060 }
1061
1062 return file;
1063 }
1064 EXPORT_SYMBOL(filp_clone_open);
1065
1066 long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
1067 {
1068 struct open_flags op;
1069 int fd = build_open_flags(flags, mode, &op);
1070 struct filename *tmp;
1071
1072 if (fd)
1073 return fd;
1074
1075 tmp = getname(filename);
1076 if (IS_ERR(tmp))
1077 return PTR_ERR(tmp);
1078
1079 fd = get_unused_fd_flags(flags);
1080 if (fd >= 0) {
1081 struct file *f = do_filp_open(dfd, tmp, &op);
1082 if (IS_ERR(f)) {
1083 put_unused_fd(fd);
1084 fd = PTR_ERR(f);
1085 } else {
1086 fsnotify_open(f);
1087 fd_install(fd, f);
1088 }
1089 }
1090 putname(tmp);
1091 return fd;
1092 }
1093
1094 SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode)
1095 {
1096 if (force_o_largefile())
1097 flags |= O_LARGEFILE;
1098
1099 return do_sys_open(AT_FDCWD, filename, flags, mode);
1100 }
1101
1102 SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags,
1103 umode_t, mode)
1104 {
1105 if (force_o_largefile())
1106 flags |= O_LARGEFILE;
1107
1108 return do_sys_open(dfd, filename, flags, mode);
1109 }
1110
1111 #ifdef CONFIG_COMPAT
1112 /*
1113 * Exactly like sys_open(), except that it doesn't set the
1114 * O_LARGEFILE flag.
1115 */
1116 COMPAT_SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode)
1117 {
1118 return do_sys_open(AT_FDCWD, filename, flags, mode);
1119 }
1120
1121 /*
1122 * Exactly like sys_openat(), except that it doesn't set the
1123 * O_LARGEFILE flag.
1124 */
1125 COMPAT_SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, umode_t, mode)
1126 {
1127 return do_sys_open(dfd, filename, flags, mode);
1128 }
1129 #endif
1130
1131 #ifndef __alpha__
1132
1133 /*
1134 * For backward compatibility? Maybe this should be moved
1135 * into arch/i386 instead?
1136 */
1137 SYSCALL_DEFINE2(creat, const char __user *, pathname, umode_t, mode)
1138 {
1139 return sys_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode);
1140 }
1141
1142 #endif
1143
1144 /*
1145 * "id" is the POSIX thread ID. We use the
1146 * files pointer for this..
1147 */
1148 int filp_close(struct file *filp, fl_owner_t id)
1149 {
1150 int retval = 0;
1151
1152 if (!file_count(filp)) {
1153 printk(KERN_ERR "VFS: Close: file count is 0\n");
1154 return 0;
1155 }
1156
1157 if (filp->f_op->flush)
1158 retval = filp->f_op->flush(filp, id);
1159
1160 if (likely(!(filp->f_mode & FMODE_PATH))) {
1161 dnotify_flush(filp, id);
1162 locks_remove_posix(filp, id);
1163 }
1164 fput(filp);
1165 return retval;
1166 }
1167
1168 EXPORT_SYMBOL(filp_close);
1169
1170 /*
1171 * Careful here! We test whether the file pointer is NULL before
1172 * releasing the fd. This ensures that one clone task can't release
1173 * an fd while another clone is opening it.
1174 */
1175 SYSCALL_DEFINE1(close, unsigned int, fd)
1176 {
1177 int retval = __close_fd(current->files, fd);
1178
1179 /* can't restart close syscall because file table entry was cleared */
1180 if (unlikely(retval == -ERESTARTSYS ||
1181 retval == -ERESTARTNOINTR ||
1182 retval == -ERESTARTNOHAND ||
1183 retval == -ERESTART_RESTARTBLOCK))
1184 retval = -EINTR;
1185
1186 return retval;
1187 }
1188 EXPORT_SYMBOL(sys_close);
1189
1190 /*
1191 * This routine simulates a hangup on the tty, to arrange that users
1192 * are given clean terminals at login time.
1193 */
1194 SYSCALL_DEFINE0(vhangup)
1195 {
1196 if (capable(CAP_SYS_TTY_CONFIG)) {
1197 tty_vhangup_self();
1198 return 0;
1199 }
1200 return -EPERM;
1201 }
1202
1203 /*
1204 * Called when an inode is about to be open.
1205 * We use this to disallow opening large files on 32bit systems if
1206 * the caller didn't specify O_LARGEFILE. On 64bit systems we force
1207 * on this flag in sys_open.
1208 */
1209 int generic_file_open(struct inode * inode, struct file * filp)
1210 {
1211 if (!(filp->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS)
1212 return -EOVERFLOW;
1213 return 0;
1214 }
1215
1216 EXPORT_SYMBOL(generic_file_open);
1217
1218 /*
1219 * This is used by subsystems that don't want seekable
1220 * file descriptors. The function is not supposed to ever fail, the only
1221 * reason it returns an 'int' and not 'void' is so that it can be plugged
1222 * directly into file_operations structure.
1223 */
1224 int nonseekable_open(struct inode *inode, struct file *filp)
1225 {
1226 filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE);
1227 return 0;
1228 }
1229
1230 EXPORT_SYMBOL(nonseekable_open);
1231
1232 /*
1233 * stream_open is used by subsystems that want stream-like file descriptors.
1234 * Such file descriptors are not seekable and don't have notion of position
1235 * (file.f_pos is always 0). Contrary to file descriptors of other regular
1236 * files, .read() and .write() can run simultaneously.
1237 *
1238 * stream_open never fails and is marked to return int so that it could be
1239 * directly used as file_operations.open .
1240 */
1241 int stream_open(struct inode *inode, struct file *filp)
1242 {
1243 filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE | FMODE_ATOMIC_POS);
1244 filp->f_mode |= FMODE_STREAM;
1245 return 0;
1246 }
1247
1248 EXPORT_SYMBOL(stream_open);
Linux with added FPC-III support