Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0-only
2 : /*
3 : * linux/fs/open.c
4 : *
5 : * Copyright (C) 1991, 1992 Linus Torvalds
6 : */
7 :
8 : #include <linux/string.h>
9 : #include <linux/mm.h>
10 : #include <linux/file.h>
11 : #include <linux/fdtable.h>
12 : #include <linux/fsnotify.h>
13 : #include <linux/module.h>
14 : #include <linux/tty.h>
15 : #include <linux/namei.h>
16 : #include <linux/backing-dev.h>
17 : #include <linux/capability.h>
18 : #include <linux/securebits.h>
19 : #include <linux/security.h>
20 : #include <linux/mount.h>
21 : #include <linux/fcntl.h>
22 : #include <linux/slab.h>
23 : #include <linux/uaccess.h>
24 : #include <linux/fs.h>
25 : #include <linux/personality.h>
26 : #include <linux/pagemap.h>
27 : #include <linux/syscalls.h>
28 : #include <linux/rcupdate.h>
29 : #include <linux/audit.h>
30 : #include <linux/falloc.h>
31 : #include <linux/fs_struct.h>
32 : #include <linux/ima.h>
33 : #include <linux/dnotify.h>
34 : #include <linux/compat.h>
35 : #include <linux/mnt_idmapping.h>
36 :
37 : #include "internal.h"
38 :
39 0 : int do_truncate(struct user_namespace *mnt_userns, struct dentry *dentry,
40 : loff_t length, unsigned int time_attrs, struct file *filp)
41 : {
42 : int ret;
43 : struct iattr newattrs;
44 :
45 : /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */
46 0 : if (length < 0)
47 : return -EINVAL;
48 :
49 0 : newattrs.ia_size = length;
50 0 : newattrs.ia_valid = ATTR_SIZE | time_attrs;
51 0 : if (filp) {
52 0 : newattrs.ia_file = filp;
53 0 : newattrs.ia_valid |= ATTR_FILE;
54 : }
55 :
56 : /* Remove suid, sgid, and file capabilities on truncate too */
57 0 : ret = dentry_needs_remove_privs(dentry);
58 0 : if (ret < 0)
59 : return ret;
60 0 : if (ret)
61 0 : newattrs.ia_valid |= ret | ATTR_FORCE;
62 :
63 0 : inode_lock(dentry->d_inode);
64 : /* Note any delegations or leases have already been broken: */
65 0 : ret = notify_change(mnt_userns, dentry, &newattrs, NULL);
66 0 : inode_unlock(dentry->d_inode);
67 0 : return ret;
68 : }
69 :
70 0 : long vfs_truncate(const struct path *path, loff_t length)
71 : {
72 : struct user_namespace *mnt_userns;
73 : struct inode *inode;
74 : long error;
75 :
76 0 : inode = path->dentry->d_inode;
77 :
78 : /* For directories it's -EISDIR, for other non-regulars - -EINVAL */
79 0 : if (S_ISDIR(inode->i_mode))
80 : return -EISDIR;
81 0 : if (!S_ISREG(inode->i_mode))
82 : return -EINVAL;
83 :
84 0 : error = mnt_want_write(path->mnt);
85 0 : if (error)
86 : goto out;
87 :
88 0 : mnt_userns = mnt_user_ns(path->mnt);
89 0 : error = inode_permission(mnt_userns, inode, MAY_WRITE);
90 0 : if (error)
91 : goto mnt_drop_write_and_out;
92 :
93 0 : error = -EPERM;
94 0 : if (IS_APPEND(inode))
95 : goto mnt_drop_write_and_out;
96 :
97 0 : error = get_write_access(inode);
98 0 : if (error)
99 : goto mnt_drop_write_and_out;
100 :
101 : /*
102 : * Make sure that there are no leases. get_write_access() protects
103 : * against the truncate racing with a lease-granting setlease().
104 : */
105 0 : error = break_lease(inode, O_WRONLY);
106 0 : if (error)
107 : goto put_write_and_out;
108 :
109 0 : error = security_path_truncate(path);
110 : if (!error)
111 0 : error = do_truncate(mnt_userns, path->dentry, length, 0, NULL);
112 :
113 : put_write_and_out:
114 : put_write_access(inode);
115 : mnt_drop_write_and_out:
116 0 : mnt_drop_write(path->mnt);
117 : out:
118 : return error;
119 : }
120 : EXPORT_SYMBOL_GPL(vfs_truncate);
121 :
122 0 : long do_sys_truncate(const char __user *pathname, loff_t length)
123 : {
124 0 : unsigned int lookup_flags = LOOKUP_FOLLOW;
125 : struct path path;
126 : int error;
127 :
128 0 : if (length < 0) /* sorry, but loff_t says... */
129 : return -EINVAL;
130 :
131 : retry:
132 0 : error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
133 0 : if (!error) {
134 0 : error = vfs_truncate(&path, length);
135 0 : path_put(&path);
136 : }
137 0 : if (retry_estale(error, lookup_flags)) {
138 : lookup_flags |= LOOKUP_REVAL;
139 : goto retry;
140 : }
141 : return error;
142 : }
143 :
144 0 : SYSCALL_DEFINE2(truncate, const char __user *, path, long, length)
145 : {
146 0 : return do_sys_truncate(path, length);
147 : }
148 :
149 : #ifdef CONFIG_COMPAT
150 : COMPAT_SYSCALL_DEFINE2(truncate, const char __user *, path, compat_off_t, length)
151 : {
152 : return do_sys_truncate(path, length);
153 : }
154 : #endif
155 :
156 0 : long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
157 : {
158 : struct inode *inode;
159 : struct dentry *dentry;
160 : struct fd f;
161 : int error;
162 :
163 0 : error = -EINVAL;
164 0 : if (length < 0)
165 : goto out;
166 0 : error = -EBADF;
167 0 : f = fdget(fd);
168 0 : if (!f.file)
169 : goto out;
170 :
171 : /* explicitly opened as large or we are on 64-bit box */
172 0 : if (f.file->f_flags & O_LARGEFILE)
173 0 : small = 0;
174 :
175 0 : dentry = f.file->f_path.dentry;
176 0 : inode = dentry->d_inode;
177 0 : error = -EINVAL;
178 0 : if (!S_ISREG(inode->i_mode) || !(f.file->f_mode & FMODE_WRITE))
179 : goto out_putf;
180 :
181 0 : error = -EINVAL;
182 : /* Cannot ftruncate over 2^31 bytes without large file support */
183 0 : if (small && length > MAX_NON_LFS)
184 : goto out_putf;
185 :
186 0 : error = -EPERM;
187 : /* Check IS_APPEND on real upper inode */
188 0 : if (IS_APPEND(file_inode(f.file)))
189 : goto out_putf;
190 0 : sb_start_write(inode->i_sb);
191 0 : error = security_path_truncate(&f.file->f_path);
192 : if (!error)
193 0 : error = do_truncate(file_mnt_user_ns(f.file), dentry, length,
194 : ATTR_MTIME | ATTR_CTIME, f.file);
195 0 : sb_end_write(inode->i_sb);
196 : out_putf:
197 0 : fdput(f);
198 : out:
199 0 : return error;
200 : }
201 :
202 0 : SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length)
203 : {
204 0 : return do_sys_ftruncate(fd, length, 1);
205 : }
206 :
207 : #ifdef CONFIG_COMPAT
208 : COMPAT_SYSCALL_DEFINE2(ftruncate, unsigned int, fd, compat_ulong_t, length)
209 : {
210 : return do_sys_ftruncate(fd, length, 1);
211 : }
212 : #endif
213 :
214 : /* LFS versions of truncate are only needed on 32 bit machines */
215 : #if BITS_PER_LONG == 32
216 : SYSCALL_DEFINE2(truncate64, const char __user *, path, loff_t, length)
217 : {
218 : return do_sys_truncate(path, length);
219 : }
220 :
221 : SYSCALL_DEFINE2(ftruncate64, unsigned int, fd, loff_t, length)
222 : {
223 : return do_sys_ftruncate(fd, length, 0);
224 : }
225 : #endif /* BITS_PER_LONG == 32 */
226 :
227 :
228 0 : int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
229 : {
230 0 : struct inode *inode = file_inode(file);
231 : long ret;
232 :
233 0 : if (offset < 0 || len <= 0)
234 : return -EINVAL;
235 :
236 : /* Return error if mode is not supported */
237 0 : if (mode & ~FALLOC_FL_SUPPORTED_MASK)
238 : return -EOPNOTSUPP;
239 :
240 : /* Punch hole and zero range are mutually exclusive */
241 0 : if ((mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) ==
242 : (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE))
243 : return -EOPNOTSUPP;
244 :
245 : /* Punch hole must have keep size set */
246 0 : if ((mode & FALLOC_FL_PUNCH_HOLE) &&
247 : !(mode & FALLOC_FL_KEEP_SIZE))
248 : return -EOPNOTSUPP;
249 :
250 : /* Collapse range should only be used exclusively. */
251 0 : if ((mode & FALLOC_FL_COLLAPSE_RANGE) &&
252 0 : (mode & ~FALLOC_FL_COLLAPSE_RANGE))
253 : return -EINVAL;
254 :
255 : /* Insert range should only be used exclusively. */
256 0 : if ((mode & FALLOC_FL_INSERT_RANGE) &&
257 0 : (mode & ~FALLOC_FL_INSERT_RANGE))
258 : return -EINVAL;
259 :
260 : /* Unshare range should only be used with allocate mode. */
261 0 : if ((mode & FALLOC_FL_UNSHARE_RANGE) &&
262 0 : (mode & ~(FALLOC_FL_UNSHARE_RANGE | FALLOC_FL_KEEP_SIZE)))
263 : return -EINVAL;
264 :
265 0 : if (!(file->f_mode & FMODE_WRITE))
266 : return -EBADF;
267 :
268 : /*
269 : * We can only allow pure fallocate on append only files
270 : */
271 0 : if ((mode & ~FALLOC_FL_KEEP_SIZE) && IS_APPEND(inode))
272 : return -EPERM;
273 :
274 0 : if (IS_IMMUTABLE(inode))
275 : return -EPERM;
276 :
277 : /*
278 : * We cannot allow any fallocate operation on an active swapfile
279 : */
280 0 : if (IS_SWAPFILE(inode))
281 : return -ETXTBSY;
282 :
283 : /*
284 : * Revalidate the write permissions, in case security policy has
285 : * changed since the files were opened.
286 : */
287 0 : ret = security_file_permission(file, MAY_WRITE);
288 : if (ret)
289 : return ret;
290 :
291 0 : if (S_ISFIFO(inode->i_mode))
292 : return -ESPIPE;
293 :
294 0 : if (S_ISDIR(inode->i_mode))
295 : return -EISDIR;
296 :
297 0 : if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
298 : return -ENODEV;
299 :
300 : /* Check for wrap through zero too */
301 0 : if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0))
302 : return -EFBIG;
303 :
304 0 : if (!file->f_op->fallocate)
305 : return -EOPNOTSUPP;
306 :
307 0 : file_start_write(file);
308 0 : ret = file->f_op->fallocate(file, mode, offset, len);
309 :
310 : /*
311 : * Create inotify and fanotify events.
312 : *
313 : * To keep the logic simple always create events if fallocate succeeds.
314 : * This implies that events are even created if the file size remains
315 : * unchanged, e.g. when using flag FALLOC_FL_KEEP_SIZE.
316 : */
317 0 : if (ret == 0)
318 : fsnotify_modify(file);
319 :
320 0 : file_end_write(file);
321 0 : return ret;
322 : }
323 : EXPORT_SYMBOL_GPL(vfs_fallocate);
324 :
325 0 : int ksys_fallocate(int fd, int mode, loff_t offset, loff_t len)
326 : {
327 0 : struct fd f = fdget(fd);
328 0 : int error = -EBADF;
329 :
330 0 : if (f.file) {
331 0 : error = vfs_fallocate(f.file, mode, offset, len);
332 0 : fdput(f);
333 : }
334 0 : return error;
335 : }
336 :
337 0 : SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
338 : {
339 0 : return ksys_fallocate(fd, mode, offset, len);
340 : }
341 :
342 : /*
343 : * access() needs to use the real uid/gid, not the effective uid/gid.
344 : * We do this by temporarily clearing all FS-related capabilities and
345 : * switching the fsuid/fsgid around to the real ones.
346 : */
347 0 : static const struct cred *access_override_creds(void)
348 : {
349 : const struct cred *old_cred;
350 : struct cred *override_cred;
351 :
352 0 : override_cred = prepare_creds();
353 0 : if (!override_cred)
354 : return NULL;
355 :
356 0 : override_cred->fsuid = override_cred->uid;
357 0 : override_cred->fsgid = override_cred->gid;
358 :
359 0 : if (!issecure(SECURE_NO_SETUID_FIXUP)) {
360 : /* Clear the capabilities if we switch to a non-root user */
361 0 : kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
362 0 : if (!uid_eq(override_cred->uid, root_uid))
363 0 : cap_clear(override_cred->cap_effective);
364 : else
365 0 : override_cred->cap_effective =
366 : override_cred->cap_permitted;
367 : }
368 :
369 : /*
370 : * The new set of credentials can *only* be used in
371 : * task-synchronous circumstances, and does not need
372 : * RCU freeing, unless somebody then takes a separate
373 : * reference to it.
374 : *
375 : * NOTE! This is _only_ true because this credential
376 : * is used purely for override_creds() that installs
377 : * it as the subjective cred. Other threads will be
378 : * accessing ->real_cred, not the subjective cred.
379 : *
380 : * If somebody _does_ make a copy of this (using the
381 : * 'get_current_cred()' function), that will clear the
382 : * non_rcu field, because now that other user may be
383 : * expecting RCU freeing. But normal thread-synchronous
384 : * cred accesses will keep things non-RCY.
385 : */
386 0 : override_cred->non_rcu = 1;
387 :
388 0 : old_cred = override_creds(override_cred);
389 :
390 : /* override_cred() gets its own ref */
391 : put_cred(override_cred);
392 :
393 : return old_cred;
394 : }
395 :
396 0 : static long do_faccessat(int dfd, const char __user *filename, int mode, int flags)
397 : {
398 : struct path path;
399 : struct inode *inode;
400 : int res;
401 0 : unsigned int lookup_flags = LOOKUP_FOLLOW;
402 0 : const struct cred *old_cred = NULL;
403 :
404 0 : if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
405 : return -EINVAL;
406 :
407 0 : if (flags & ~(AT_EACCESS | AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH))
408 : return -EINVAL;
409 :
410 0 : if (flags & AT_SYMLINK_NOFOLLOW)
411 0 : lookup_flags &= ~LOOKUP_FOLLOW;
412 0 : if (flags & AT_EMPTY_PATH)
413 0 : lookup_flags |= LOOKUP_EMPTY;
414 :
415 0 : if (!(flags & AT_EACCESS)) {
416 0 : old_cred = access_override_creds();
417 0 : if (!old_cred)
418 : return -ENOMEM;
419 : }
420 :
421 : retry:
422 0 : res = user_path_at(dfd, filename, lookup_flags, &path);
423 0 : if (res)
424 : goto out;
425 :
426 0 : inode = d_backing_inode(path.dentry);
427 :
428 0 : if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) {
429 : /*
430 : * MAY_EXEC on regular files is denied if the fs is mounted
431 : * with the "noexec" flag.
432 : */
433 0 : res = -EACCES;
434 0 : if (path_noexec(&path))
435 : goto out_path_release;
436 : }
437 :
438 0 : res = inode_permission(mnt_user_ns(path.mnt), inode, mode | MAY_ACCESS);
439 : /* SuS v2 requires we report a read only fs too */
440 0 : if (res || !(mode & S_IWOTH) || special_file(inode->i_mode))
441 : goto out_path_release;
442 : /*
443 : * This is a rare case where using __mnt_is_readonly()
444 : * is OK without a mnt_want/drop_write() pair. Since
445 : * no actual write to the fs is performed here, we do
446 : * not need to telegraph to that to anyone.
447 : *
448 : * By doing this, we accept that this access is
449 : * inherently racy and know that the fs may change
450 : * state before we even see this result.
451 : */
452 0 : if (__mnt_is_readonly(path.mnt))
453 0 : res = -EROFS;
454 :
455 : out_path_release:
456 0 : path_put(&path);
457 0 : if (retry_estale(res, lookup_flags)) {
458 0 : lookup_flags |= LOOKUP_REVAL;
459 0 : goto retry;
460 : }
461 : out:
462 0 : if (old_cred)
463 0 : revert_creds(old_cred);
464 :
465 0 : return res;
466 : }
467 :
468 0 : SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
469 : {
470 0 : return do_faccessat(dfd, filename, mode, 0);
471 : }
472 :
473 0 : SYSCALL_DEFINE4(faccessat2, int, dfd, const char __user *, filename, int, mode,
474 : int, flags)
475 : {
476 0 : return do_faccessat(dfd, filename, mode, flags);
477 : }
478 :
479 0 : SYSCALL_DEFINE2(access, const char __user *, filename, int, mode)
480 : {
481 0 : return do_faccessat(AT_FDCWD, filename, mode, 0);
482 : }
483 :
484 0 : SYSCALL_DEFINE1(chdir, const char __user *, filename)
485 : {
486 : struct path path;
487 : int error;
488 0 : unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
489 : retry:
490 0 : error = user_path_at(AT_FDCWD, filename, lookup_flags, &path);
491 0 : if (error)
492 : goto out;
493 :
494 0 : error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
495 0 : if (error)
496 : goto dput_and_out;
497 :
498 0 : set_fs_pwd(current->fs, &path);
499 :
500 : dput_and_out:
501 0 : path_put(&path);
502 0 : if (retry_estale(error, lookup_flags)) {
503 : lookup_flags |= LOOKUP_REVAL;
504 : goto retry;
505 : }
506 : out:
507 0 : return error;
508 : }
509 :
510 0 : SYSCALL_DEFINE1(fchdir, unsigned int, fd)
511 : {
512 0 : struct fd f = fdget_raw(fd);
513 : int error;
514 :
515 0 : error = -EBADF;
516 0 : if (!f.file)
517 : goto out;
518 :
519 0 : error = -ENOTDIR;
520 0 : if (!d_can_lookup(f.file->f_path.dentry))
521 : goto out_putf;
522 :
523 0 : error = file_permission(f.file, MAY_EXEC | MAY_CHDIR);
524 0 : if (!error)
525 0 : set_fs_pwd(current->fs, &f.file->f_path);
526 : out_putf:
527 0 : fdput(f);
528 : out:
529 0 : return error;
530 : }
531 :
532 0 : SYSCALL_DEFINE1(chroot, const char __user *, filename)
533 : {
534 : struct path path;
535 : int error;
536 0 : unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
537 : retry:
538 0 : error = user_path_at(AT_FDCWD, filename, lookup_flags, &path);
539 0 : if (error)
540 : goto out;
541 :
542 0 : error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
543 0 : if (error)
544 : goto dput_and_out;
545 :
546 0 : error = -EPERM;
547 0 : if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT))
548 : goto dput_and_out;
549 0 : error = security_path_chroot(&path);
550 : if (error)
551 : goto dput_and_out;
552 :
553 0 : set_fs_root(current->fs, &path);
554 0 : error = 0;
555 : dput_and_out:
556 0 : path_put(&path);
557 0 : if (retry_estale(error, lookup_flags)) {
558 : lookup_flags |= LOOKUP_REVAL;
559 : goto retry;
560 : }
561 : out:
562 0 : return error;
563 : }
564 :
565 0 : int chmod_common(const struct path *path, umode_t mode)
566 : {
567 0 : struct inode *inode = path->dentry->d_inode;
568 0 : struct inode *delegated_inode = NULL;
569 : struct iattr newattrs;
570 : int error;
571 :
572 0 : error = mnt_want_write(path->mnt);
573 0 : if (error)
574 : return error;
575 : retry_deleg:
576 0 : inode_lock(inode);
577 0 : error = security_path_chmod(path, mode);
578 : if (error)
579 : goto out_unlock;
580 0 : newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
581 0 : newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
582 0 : error = notify_change(mnt_user_ns(path->mnt), path->dentry,
583 : &newattrs, &delegated_inode);
584 : out_unlock:
585 0 : inode_unlock(inode);
586 0 : if (delegated_inode) {
587 0 : error = break_deleg_wait(&delegated_inode);
588 0 : if (!error)
589 : goto retry_deleg;
590 : }
591 0 : mnt_drop_write(path->mnt);
592 0 : return error;
593 : }
594 :
595 0 : int vfs_fchmod(struct file *file, umode_t mode)
596 : {
597 0 : audit_file(file);
598 0 : return chmod_common(&file->f_path, mode);
599 : }
600 :
601 0 : SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode)
602 : {
603 0 : struct fd f = fdget(fd);
604 0 : int err = -EBADF;
605 :
606 0 : if (f.file) {
607 0 : err = vfs_fchmod(f.file, mode);
608 0 : fdput(f);
609 : }
610 0 : return err;
611 : }
612 :
613 0 : static int do_fchmodat(int dfd, const char __user *filename, umode_t mode)
614 : {
615 : struct path path;
616 : int error;
617 0 : unsigned int lookup_flags = LOOKUP_FOLLOW;
618 : retry:
619 0 : error = user_path_at(dfd, filename, lookup_flags, &path);
620 0 : if (!error) {
621 0 : error = chmod_common(&path, mode);
622 0 : path_put(&path);
623 0 : if (retry_estale(error, lookup_flags)) {
624 : lookup_flags |= LOOKUP_REVAL;
625 : goto retry;
626 : }
627 : }
628 0 : return error;
629 : }
630 :
631 0 : SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename,
632 : umode_t, mode)
633 : {
634 0 : return do_fchmodat(dfd, filename, mode);
635 : }
636 :
637 0 : SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode)
638 : {
639 0 : return do_fchmodat(AT_FDCWD, filename, mode);
640 : }
641 :
642 0 : int chown_common(const struct path *path, uid_t user, gid_t group)
643 : {
644 : struct user_namespace *mnt_userns, *fs_userns;
645 0 : struct inode *inode = path->dentry->d_inode;
646 0 : struct inode *delegated_inode = NULL;
647 : int error;
648 : struct iattr newattrs;
649 : kuid_t uid;
650 : kgid_t gid;
651 :
652 0 : uid = make_kuid(current_user_ns(), user);
653 0 : gid = make_kgid(current_user_ns(), group);
654 :
655 0 : mnt_userns = mnt_user_ns(path->mnt);
656 0 : fs_userns = i_user_ns(inode);
657 0 : uid = mapped_kuid_user(mnt_userns, fs_userns, uid);
658 : gid = mapped_kgid_user(mnt_userns, fs_userns, gid);
659 :
660 : retry_deleg:
661 0 : newattrs.ia_valid = ATTR_CTIME;
662 0 : if (user != (uid_t) -1) {
663 0 : if (!uid_valid(uid))
664 : return -EINVAL;
665 0 : newattrs.ia_valid |= ATTR_UID;
666 0 : newattrs.ia_uid = uid;
667 : }
668 0 : if (group != (gid_t) -1) {
669 0 : if (!gid_valid(gid))
670 : return -EINVAL;
671 0 : newattrs.ia_valid |= ATTR_GID;
672 0 : newattrs.ia_gid = gid;
673 : }
674 0 : if (!S_ISDIR(inode->i_mode))
675 0 : newattrs.ia_valid |=
676 : ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
677 0 : inode_lock(inode);
678 0 : error = security_path_chown(path, uid, gid);
679 : if (!error)
680 0 : error = notify_change(mnt_userns, path->dentry, &newattrs,
681 : &delegated_inode);
682 0 : inode_unlock(inode);
683 0 : if (delegated_inode) {
684 0 : error = break_deleg_wait(&delegated_inode);
685 0 : if (!error)
686 : goto retry_deleg;
687 : }
688 : return error;
689 : }
690 :
691 0 : int do_fchownat(int dfd, const char __user *filename, uid_t user, gid_t group,
692 : int flag)
693 : {
694 : struct path path;
695 0 : int error = -EINVAL;
696 : int lookup_flags;
697 :
698 0 : if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
699 : goto out;
700 :
701 0 : lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
702 0 : if (flag & AT_EMPTY_PATH)
703 0 : lookup_flags |= LOOKUP_EMPTY;
704 : retry:
705 0 : error = user_path_at(dfd, filename, lookup_flags, &path);
706 0 : if (error)
707 : goto out;
708 0 : error = mnt_want_write(path.mnt);
709 0 : if (error)
710 : goto out_release;
711 0 : error = chown_common(&path, user, group);
712 0 : mnt_drop_write(path.mnt);
713 : out_release:
714 0 : path_put(&path);
715 0 : if (retry_estale(error, lookup_flags)) {
716 0 : lookup_flags |= LOOKUP_REVAL;
717 0 : goto retry;
718 : }
719 : out:
720 0 : return error;
721 : }
722 :
723 0 : SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user,
724 : gid_t, group, int, flag)
725 : {
726 0 : return do_fchownat(dfd, filename, user, group, flag);
727 : }
728 :
729 0 : SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group)
730 : {
731 0 : return do_fchownat(AT_FDCWD, filename, user, group, 0);
732 : }
733 :
734 0 : SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group)
735 : {
736 0 : return do_fchownat(AT_FDCWD, filename, user, group,
737 : AT_SYMLINK_NOFOLLOW);
738 : }
739 :
740 0 : int vfs_fchown(struct file *file, uid_t user, gid_t group)
741 : {
742 : int error;
743 :
744 0 : error = mnt_want_write_file(file);
745 0 : if (error)
746 : return error;
747 0 : audit_file(file);
748 0 : error = chown_common(&file->f_path, user, group);
749 0 : mnt_drop_write_file(file);
750 0 : return error;
751 : }
752 :
753 0 : int ksys_fchown(unsigned int fd, uid_t user, gid_t group)
754 : {
755 0 : struct fd f = fdget(fd);
756 0 : int error = -EBADF;
757 :
758 0 : if (f.file) {
759 0 : error = vfs_fchown(f.file, user, group);
760 0 : fdput(f);
761 : }
762 0 : return error;
763 : }
764 :
765 0 : SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group)
766 : {
767 0 : return ksys_fchown(fd, user, group);
768 : }
769 :
770 0 : static int do_dentry_open(struct file *f,
771 : struct inode *inode,
772 : int (*open)(struct inode *, struct file *))
773 : {
774 : static const struct file_operations empty_fops = {};
775 : int error;
776 :
777 0 : path_get(&f->f_path);
778 0 : f->f_inode = inode;
779 0 : f->f_mapping = inode->i_mapping;
780 0 : f->f_wb_err = filemap_sample_wb_err(f->f_mapping);
781 0 : f->f_sb_err = file_sample_sb_err(f);
782 :
783 0 : if (unlikely(f->f_flags & O_PATH)) {
784 0 : f->f_mode = FMODE_PATH | FMODE_OPENED;
785 0 : f->f_op = &empty_fops;
786 0 : return 0;
787 : }
788 :
789 0 : if (f->f_mode & FMODE_WRITE && !special_file(inode->i_mode)) {
790 0 : error = get_write_access(inode);
791 0 : if (unlikely(error))
792 : goto cleanup_file;
793 0 : error = __mnt_want_write(f->f_path.mnt);
794 0 : if (unlikely(error)) {
795 : put_write_access(inode);
796 : goto cleanup_file;
797 : }
798 0 : f->f_mode |= FMODE_WRITER;
799 : }
800 :
801 : /* POSIX.1-2008/SUSv4 Section XSI 2.9.7 */
802 0 : if (S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))
803 0 : f->f_mode |= FMODE_ATOMIC_POS;
804 :
805 0 : f->f_op = fops_get(inode->i_fop);
806 0 : if (WARN_ON(!f->f_op)) {
807 : error = -ENODEV;
808 : goto cleanup_all;
809 : }
810 :
811 0 : error = security_file_open(f);
812 : if (error)
813 : goto cleanup_all;
814 :
815 0 : error = break_lease(locks_inode(f), f->f_flags);
816 0 : if (error)
817 : goto cleanup_all;
818 :
819 : /* normally all 3 are set; ->open() can clear them if needed */
820 0 : f->f_mode |= FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE;
821 0 : if (!open)
822 0 : open = f->f_op->open;
823 0 : if (open) {
824 0 : error = open(inode, f);
825 0 : if (error)
826 : goto cleanup_all;
827 : }
828 0 : f->f_mode |= FMODE_OPENED;
829 0 : if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
830 : i_readcount_inc(inode);
831 0 : if ((f->f_mode & FMODE_READ) &&
832 0 : likely(f->f_op->read || f->f_op->read_iter))
833 0 : f->f_mode |= FMODE_CAN_READ;
834 0 : if ((f->f_mode & FMODE_WRITE) &&
835 0 : likely(f->f_op->write || f->f_op->write_iter))
836 0 : f->f_mode |= FMODE_CAN_WRITE;
837 :
838 0 : f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC);
839 :
840 0 : file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping);
841 :
842 : /* NB: we're sure to have correct a_ops only after f_op->open */
843 0 : if (f->f_flags & O_DIRECT) {
844 0 : if (!f->f_mapping->a_ops || !f->f_mapping->a_ops->direct_IO)
845 : return -EINVAL;
846 : }
847 :
848 : /*
849 : * XXX: Huge page cache doesn't support writing yet. Drop all page
850 : * cache for this file before processing writes.
851 : */
852 0 : if (f->f_mode & FMODE_WRITE) {
853 : /*
854 : * Paired with smp_mb() in collapse_file() to ensure nr_thps
855 : * is up to date and the update to i_writecount by
856 : * get_write_access() is visible. Ensures subsequent insertion
857 : * of THPs into the page cache will fail.
858 : */
859 0 : smp_mb();
860 0 : if (filemap_nr_thps(inode->i_mapping)) {
861 : struct address_space *mapping = inode->i_mapping;
862 :
863 : filemap_invalidate_lock(inode->i_mapping);
864 : /*
865 : * unmap_mapping_range just need to be called once
866 : * here, because the private pages is not need to be
867 : * unmapped mapping (e.g. data segment of dynamic
868 : * shared libraries here).
869 : */
870 : unmap_mapping_range(mapping, 0, 0, 0);
871 : truncate_inode_pages(mapping, 0);
872 : filemap_invalidate_unlock(inode->i_mapping);
873 : }
874 : }
875 :
876 : return 0;
877 :
878 : cleanup_all:
879 0 : if (WARN_ON_ONCE(error > 0))
880 0 : error = -EINVAL;
881 0 : fops_put(f->f_op);
882 0 : if (f->f_mode & FMODE_WRITER) {
883 0 : put_write_access(inode);
884 0 : __mnt_drop_write(f->f_path.mnt);
885 : }
886 : cleanup_file:
887 0 : path_put(&f->f_path);
888 0 : f->f_path.mnt = NULL;
889 0 : f->f_path.dentry = NULL;
890 0 : f->f_inode = NULL;
891 0 : return error;
892 : }
893 :
894 : /**
895 : * finish_open - finish opening a file
896 : * @file: file pointer
897 : * @dentry: pointer to dentry
898 : * @open: open callback
899 : * @opened: state of open
900 : *
901 : * This can be used to finish opening a file passed to i_op->atomic_open().
902 : *
903 : * If the open callback is set to NULL, then the standard f_op->open()
904 : * filesystem callback is substituted.
905 : *
906 : * NB: the dentry reference is _not_ consumed. If, for example, the dentry is
907 : * the return value of d_splice_alias(), then the caller needs to perform dput()
908 : * on it after finish_open().
909 : *
910 : * Returns zero on success or -errno if the open failed.
911 : */
912 0 : int finish_open(struct file *file, struct dentry *dentry,
913 : int (*open)(struct inode *, struct file *))
914 : {
915 0 : BUG_ON(file->f_mode & FMODE_OPENED); /* once it's opened, it's opened */
916 :
917 0 : file->f_path.dentry = dentry;
918 0 : return do_dentry_open(file, d_backing_inode(dentry), open);
919 : }
920 : EXPORT_SYMBOL(finish_open);
921 :
922 : /**
923 : * finish_no_open - finish ->atomic_open() without opening the file
924 : *
925 : * @file: file pointer
926 : * @dentry: dentry or NULL (as returned from ->lookup())
927 : *
928 : * This can be used to set the result of a successful lookup in ->atomic_open().
929 : *
930 : * NB: unlike finish_open() this function does consume the dentry reference and
931 : * the caller need not dput() it.
932 : *
933 : * Returns "0" which must be the return value of ->atomic_open() after having
934 : * called this function.
935 : */
936 0 : int finish_no_open(struct file *file, struct dentry *dentry)
937 : {
938 0 : file->f_path.dentry = dentry;
939 0 : return 0;
940 : }
941 : EXPORT_SYMBOL(finish_no_open);
942 :
943 0 : char *file_path(struct file *filp, char *buf, int buflen)
944 : {
945 0 : return d_path(&filp->f_path, buf, buflen);
946 : }
947 : EXPORT_SYMBOL(file_path);
948 :
949 : /**
950 : * vfs_open - open the file at the given path
951 : * @path: path to open
952 : * @file: newly allocated file with f_flag initialized
953 : * @cred: credentials to use
954 : */
955 0 : int vfs_open(const struct path *path, struct file *file)
956 : {
957 0 : file->f_path = *path;
958 0 : return do_dentry_open(file, d_backing_inode(path->dentry), NULL);
959 : }
960 :
961 0 : struct file *dentry_open(const struct path *path, int flags,
962 : const struct cred *cred)
963 : {
964 : int error;
965 : struct file *f;
966 :
967 0 : validate_creds(cred);
968 :
969 : /* We must always pass in a valid mount pointer. */
970 0 : BUG_ON(!path->mnt);
971 :
972 0 : f = alloc_empty_file(flags, cred);
973 0 : if (!IS_ERR(f)) {
974 0 : error = vfs_open(path, f);
975 0 : if (error) {
976 0 : fput(f);
977 0 : f = ERR_PTR(error);
978 : }
979 : }
980 0 : return f;
981 : }
982 : EXPORT_SYMBOL(dentry_open);
983 :
984 0 : struct file *open_with_fake_path(const struct path *path, int flags,
985 : struct inode *inode, const struct cred *cred)
986 : {
987 0 : struct file *f = alloc_empty_file_noaccount(flags, cred);
988 0 : if (!IS_ERR(f)) {
989 : int error;
990 :
991 0 : f->f_path = *path;
992 0 : error = do_dentry_open(f, inode, NULL);
993 0 : if (error) {
994 0 : fput(f);
995 0 : f = ERR_PTR(error);
996 : }
997 : }
998 0 : return f;
999 : }
1000 : EXPORT_SYMBOL(open_with_fake_path);
1001 :
1002 : #define WILL_CREATE(flags) (flags & (O_CREAT | __O_TMPFILE))
1003 : #define O_PATH_FLAGS (O_DIRECTORY | O_NOFOLLOW | O_PATH | O_CLOEXEC)
1004 :
1005 0 : inline struct open_how build_open_how(int flags, umode_t mode)
1006 : {
1007 0 : struct open_how how = {
1008 0 : .flags = flags & VALID_OPEN_FLAGS,
1009 0 : .mode = mode & S_IALLUGO,
1010 : };
1011 :
1012 : /* O_PATH beats everything else. */
1013 0 : if (how.flags & O_PATH)
1014 0 : how.flags &= O_PATH_FLAGS;
1015 : /* Modes should only be set for create-like flags. */
1016 0 : if (!WILL_CREATE(how.flags))
1017 0 : how.mode = 0;
1018 0 : return how;
1019 : }
1020 :
1021 0 : inline int build_open_flags(const struct open_how *how, struct open_flags *op)
1022 : {
1023 0 : u64 flags = how->flags;
1024 0 : u64 strip = FMODE_NONOTIFY | O_CLOEXEC;
1025 0 : int lookup_flags = 0;
1026 0 : int acc_mode = ACC_MODE(flags);
1027 :
1028 : BUILD_BUG_ON_MSG(upper_32_bits(VALID_OPEN_FLAGS),
1029 : "struct open_flags doesn't yet handle flags > 32 bits");
1030 :
1031 : /*
1032 : * Strip flags that either shouldn't be set by userspace like
1033 : * FMODE_NONOTIFY or that aren't relevant in determining struct
1034 : * open_flags like O_CLOEXEC.
1035 : */
1036 0 : flags &= ~strip;
1037 :
1038 : /*
1039 : * Older syscalls implicitly clear all of the invalid flags or argument
1040 : * values before calling build_open_flags(), but openat2(2) checks all
1041 : * of its arguments.
1042 : */
1043 0 : if (flags & ~VALID_OPEN_FLAGS)
1044 : return -EINVAL;
1045 0 : if (how->resolve & ~VALID_RESOLVE_FLAGS)
1046 : return -EINVAL;
1047 :
1048 : /* Scoping flags are mutually exclusive. */
1049 0 : if ((how->resolve & RESOLVE_BENEATH) && (how->resolve & RESOLVE_IN_ROOT))
1050 : return -EINVAL;
1051 :
1052 : /* Deal with the mode. */
1053 0 : if (WILL_CREATE(flags)) {
1054 0 : if (how->mode & ~S_IALLUGO)
1055 : return -EINVAL;
1056 0 : op->mode = how->mode | S_IFREG;
1057 : } else {
1058 0 : if (how->mode != 0)
1059 : return -EINVAL;
1060 0 : op->mode = 0;
1061 : }
1062 :
1063 : /*
1064 : * In order to ensure programs get explicit errors when trying to use
1065 : * O_TMPFILE on old kernels, O_TMPFILE is implemented such that it
1066 : * looks like (O_DIRECTORY|O_RDWR & ~O_CREAT) to old kernels. But we
1067 : * have to require userspace to explicitly set it.
1068 : */
1069 0 : if (flags & __O_TMPFILE) {
1070 0 : if ((flags & O_TMPFILE_MASK) != O_TMPFILE)
1071 : return -EINVAL;
1072 0 : if (!(acc_mode & MAY_WRITE))
1073 : return -EINVAL;
1074 : }
1075 0 : if (flags & O_PATH) {
1076 : /* O_PATH only permits certain other flags to be set. */
1077 0 : if (flags & ~O_PATH_FLAGS)
1078 : return -EINVAL;
1079 : acc_mode = 0;
1080 : }
1081 :
1082 : /*
1083 : * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only
1084 : * check for O_DSYNC if the need any syncing at all we enforce it's
1085 : * always set instead of having to deal with possibly weird behaviour
1086 : * for malicious applications setting only __O_SYNC.
1087 : */
1088 0 : if (flags & __O_SYNC)
1089 0 : flags |= O_DSYNC;
1090 :
1091 0 : op->open_flag = flags;
1092 :
1093 : /* O_TRUNC implies we need access checks for write permissions */
1094 0 : if (flags & O_TRUNC)
1095 0 : acc_mode |= MAY_WRITE;
1096 :
1097 : /* Allow the LSM permission hook to distinguish append
1098 : access from general write access. */
1099 0 : if (flags & O_APPEND)
1100 0 : acc_mode |= MAY_APPEND;
1101 :
1102 0 : op->acc_mode = acc_mode;
1103 :
1104 0 : op->intent = flags & O_PATH ? 0 : LOOKUP_OPEN;
1105 :
1106 0 : if (flags & O_CREAT) {
1107 0 : op->intent |= LOOKUP_CREATE;
1108 0 : if (flags & O_EXCL) {
1109 0 : op->intent |= LOOKUP_EXCL;
1110 0 : flags |= O_NOFOLLOW;
1111 : }
1112 : }
1113 :
1114 0 : if (flags & O_DIRECTORY)
1115 0 : lookup_flags |= LOOKUP_DIRECTORY;
1116 0 : if (!(flags & O_NOFOLLOW))
1117 0 : lookup_flags |= LOOKUP_FOLLOW;
1118 :
1119 0 : if (how->resolve & RESOLVE_NO_XDEV)
1120 0 : lookup_flags |= LOOKUP_NO_XDEV;
1121 0 : if (how->resolve & RESOLVE_NO_MAGICLINKS)
1122 0 : lookup_flags |= LOOKUP_NO_MAGICLINKS;
1123 0 : if (how->resolve & RESOLVE_NO_SYMLINKS)
1124 0 : lookup_flags |= LOOKUP_NO_SYMLINKS;
1125 0 : if (how->resolve & RESOLVE_BENEATH)
1126 0 : lookup_flags |= LOOKUP_BENEATH;
1127 0 : if (how->resolve & RESOLVE_IN_ROOT)
1128 0 : lookup_flags |= LOOKUP_IN_ROOT;
1129 0 : if (how->resolve & RESOLVE_CACHED) {
1130 : /* Don't bother even trying for create/truncate/tmpfile open */
1131 0 : if (flags & (O_TRUNC | O_CREAT | O_TMPFILE))
1132 : return -EAGAIN;
1133 0 : lookup_flags |= LOOKUP_CACHED;
1134 : }
1135 :
1136 0 : op->lookup_flags = lookup_flags;
1137 0 : return 0;
1138 : }
1139 :
1140 : /**
1141 : * file_open_name - open file and return file pointer
1142 : *
1143 : * @name: struct filename containing path to open
1144 : * @flags: open flags as per the open(2) second argument
1145 : * @mode: mode for the new file if O_CREAT is set, else ignored
1146 : *
1147 : * This is the helper to open a file from kernelspace if you really
1148 : * have to. But in generally you should not do this, so please move
1149 : * along, nothing to see here..
1150 : */
1151 0 : struct file *file_open_name(struct filename *name, int flags, umode_t mode)
1152 : {
1153 : struct open_flags op;
1154 0 : struct open_how how = build_open_how(flags, mode);
1155 0 : int err = build_open_flags(&how, &op);
1156 0 : if (err)
1157 0 : return ERR_PTR(err);
1158 0 : return do_filp_open(AT_FDCWD, name, &op);
1159 : }
1160 :
1161 : /**
1162 : * filp_open - open file and return file pointer
1163 : *
1164 : * @filename: path to open
1165 : * @flags: open flags as per the open(2) second argument
1166 : * @mode: mode for the new file if O_CREAT is set, else ignored
1167 : *
1168 : * This is the helper to open a file from kernelspace if you really
1169 : * have to. But in generally you should not do this, so please move
1170 : * along, nothing to see here..
1171 : */
1172 0 : struct file *filp_open(const char *filename, int flags, umode_t mode)
1173 : {
1174 0 : struct filename *name = getname_kernel(filename);
1175 0 : struct file *file = ERR_CAST(name);
1176 :
1177 0 : if (!IS_ERR(name)) {
1178 0 : file = file_open_name(name, flags, mode);
1179 0 : putname(name);
1180 : }
1181 0 : return file;
1182 : }
1183 : EXPORT_SYMBOL(filp_open);
1184 :
1185 0 : struct file *file_open_root(const struct path *root,
1186 : const char *filename, int flags, umode_t mode)
1187 : {
1188 : struct open_flags op;
1189 0 : struct open_how how = build_open_how(flags, mode);
1190 0 : int err = build_open_flags(&how, &op);
1191 0 : if (err)
1192 0 : return ERR_PTR(err);
1193 0 : return do_file_open_root(root, filename, &op);
1194 : }
1195 : EXPORT_SYMBOL(file_open_root);
1196 :
1197 0 : static long do_sys_openat2(int dfd, const char __user *filename,
1198 : struct open_how *how)
1199 : {
1200 : struct open_flags op;
1201 0 : int fd = build_open_flags(how, &op);
1202 : struct filename *tmp;
1203 :
1204 0 : if (fd)
1205 0 : return fd;
1206 :
1207 0 : tmp = getname(filename);
1208 0 : if (IS_ERR(tmp))
1209 0 : return PTR_ERR(tmp);
1210 :
1211 0 : fd = get_unused_fd_flags(how->flags);
1212 0 : if (fd >= 0) {
1213 0 : struct file *f = do_filp_open(dfd, tmp, &op);
1214 0 : if (IS_ERR(f)) {
1215 0 : put_unused_fd(fd);
1216 0 : fd = PTR_ERR(f);
1217 : } else {
1218 0 : fsnotify_open(f);
1219 0 : fd_install(fd, f);
1220 : }
1221 : }
1222 0 : putname(tmp);
1223 0 : return fd;
1224 : }
1225 :
1226 0 : long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
1227 : {
1228 0 : struct open_how how = build_open_how(flags, mode);
1229 0 : return do_sys_openat2(dfd, filename, &how);
1230 : }
1231 :
1232 :
1233 0 : SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode)
1234 : {
1235 : if (force_o_largefile())
1236 0 : flags |= O_LARGEFILE;
1237 0 : return do_sys_open(AT_FDCWD, filename, flags, mode);
1238 : }
1239 :
1240 0 : SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags,
1241 : umode_t, mode)
1242 : {
1243 : if (force_o_largefile())
1244 0 : flags |= O_LARGEFILE;
1245 0 : return do_sys_open(dfd, filename, flags, mode);
1246 : }
1247 :
1248 0 : SYSCALL_DEFINE4(openat2, int, dfd, const char __user *, filename,
1249 : struct open_how __user *, how, size_t, usize)
1250 : {
1251 : int err;
1252 : struct open_how tmp;
1253 :
1254 : BUILD_BUG_ON(sizeof(struct open_how) < OPEN_HOW_SIZE_VER0);
1255 : BUILD_BUG_ON(sizeof(struct open_how) != OPEN_HOW_SIZE_LATEST);
1256 :
1257 0 : if (unlikely(usize < OPEN_HOW_SIZE_VER0))
1258 : return -EINVAL;
1259 :
1260 0 : err = copy_struct_from_user(&tmp, sizeof(tmp), how, usize);
1261 0 : if (err)
1262 0 : return err;
1263 :
1264 0 : audit_openat2_how(&tmp);
1265 :
1266 : /* O_LARGEFILE is only allowed for non-O_PATH. */
1267 0 : if (!(tmp.flags & O_PATH) && force_o_largefile())
1268 0 : tmp.flags |= O_LARGEFILE;
1269 :
1270 0 : return do_sys_openat2(dfd, filename, &tmp);
1271 : }
1272 :
1273 : #ifdef CONFIG_COMPAT
1274 : /*
1275 : * Exactly like sys_open(), except that it doesn't set the
1276 : * O_LARGEFILE flag.
1277 : */
1278 : COMPAT_SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode)
1279 : {
1280 : return do_sys_open(AT_FDCWD, filename, flags, mode);
1281 : }
1282 :
1283 : /*
1284 : * Exactly like sys_openat(), except that it doesn't set the
1285 : * O_LARGEFILE flag.
1286 : */
1287 : COMPAT_SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, umode_t, mode)
1288 : {
1289 : return do_sys_open(dfd, filename, flags, mode);
1290 : }
1291 : #endif
1292 :
1293 : #ifndef __alpha__
1294 :
1295 : /*
1296 : * For backward compatibility? Maybe this should be moved
1297 : * into arch/i386 instead?
1298 : */
1299 0 : SYSCALL_DEFINE2(creat, const char __user *, pathname, umode_t, mode)
1300 : {
1301 0 : int flags = O_CREAT | O_WRONLY | O_TRUNC;
1302 :
1303 : if (force_o_largefile())
1304 0 : flags |= O_LARGEFILE;
1305 0 : return do_sys_open(AT_FDCWD, pathname, flags, mode);
1306 : }
1307 : #endif
1308 :
1309 : /*
1310 : * "id" is the POSIX thread ID. We use the
1311 : * files pointer for this..
1312 : */
1313 0 : int filp_close(struct file *filp, fl_owner_t id)
1314 : {
1315 0 : int retval = 0;
1316 :
1317 0 : if (!file_count(filp)) {
1318 0 : printk(KERN_ERR "VFS: Close: file count is 0\n");
1319 0 : return 0;
1320 : }
1321 :
1322 0 : if (filp->f_op->flush)
1323 0 : retval = filp->f_op->flush(filp, id);
1324 :
1325 0 : if (likely(!(filp->f_mode & FMODE_PATH))) {
1326 0 : dnotify_flush(filp, id);
1327 0 : locks_remove_posix(filp, id);
1328 : }
1329 0 : fput(filp);
1330 0 : return retval;
1331 : }
1332 :
1333 : EXPORT_SYMBOL(filp_close);
1334 :
1335 : /*
1336 : * Careful here! We test whether the file pointer is NULL before
1337 : * releasing the fd. This ensures that one clone task can't release
1338 : * an fd while another clone is opening it.
1339 : */
1340 0 : SYSCALL_DEFINE1(close, unsigned int, fd)
1341 : {
1342 0 : int retval = close_fd(fd);
1343 :
1344 : /* can't restart close syscall because file table entry was cleared */
1345 0 : if (unlikely(retval == -ERESTARTSYS ||
1346 : retval == -ERESTARTNOINTR ||
1347 : retval == -ERESTARTNOHAND ||
1348 : retval == -ERESTART_RESTARTBLOCK))
1349 0 : retval = -EINTR;
1350 :
1351 0 : return retval;
1352 : }
1353 :
1354 : /**
1355 : * close_range() - Close all file descriptors in a given range.
1356 : *
1357 : * @fd: starting file descriptor to close
1358 : * @max_fd: last file descriptor to close
1359 : * @flags: reserved for future extensions
1360 : *
1361 : * This closes a range of file descriptors. All file descriptors
1362 : * from @fd up to and including @max_fd are closed.
1363 : * Currently, errors to close a given file descriptor are ignored.
1364 : */
1365 0 : SYSCALL_DEFINE3(close_range, unsigned int, fd, unsigned int, max_fd,
1366 : unsigned int, flags)
1367 : {
1368 0 : return __close_range(fd, max_fd, flags);
1369 : }
1370 :
1371 : /*
1372 : * This routine simulates a hangup on the tty, to arrange that users
1373 : * are given clean terminals at login time.
1374 : */
1375 0 : SYSCALL_DEFINE0(vhangup)
1376 : {
1377 0 : if (capable(CAP_SYS_TTY_CONFIG)) {
1378 0 : tty_vhangup_self();
1379 0 : return 0;
1380 : }
1381 : return -EPERM;
1382 : }
1383 :
1384 : /*
1385 : * Called when an inode is about to be open.
1386 : * We use this to disallow opening large files on 32bit systems if
1387 : * the caller didn't specify O_LARGEFILE. On 64bit systems we force
1388 : * on this flag in sys_open.
1389 : */
1390 0 : int generic_file_open(struct inode * inode, struct file * filp)
1391 : {
1392 0 : if (!(filp->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS)
1393 : return -EOVERFLOW;
1394 : return 0;
1395 : }
1396 :
1397 : EXPORT_SYMBOL(generic_file_open);
1398 :
1399 : /*
1400 : * This is used by subsystems that don't want seekable
1401 : * file descriptors. The function is not supposed to ever fail, the only
1402 : * reason it returns an 'int' and not 'void' is so that it can be plugged
1403 : * directly into file_operations structure.
1404 : */
1405 0 : int nonseekable_open(struct inode *inode, struct file *filp)
1406 : {
1407 0 : filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE);
1408 0 : return 0;
1409 : }
1410 :
1411 : EXPORT_SYMBOL(nonseekable_open);
1412 :
1413 : /*
1414 : * stream_open is used by subsystems that want stream-like file descriptors.
1415 : * Such file descriptors are not seekable and don't have notion of position
1416 : * (file.f_pos is always 0 and ppos passed to .read()/.write() is always NULL).
1417 : * Contrary to file descriptors of other regular files, .read() and .write()
1418 : * can run simultaneously.
1419 : *
1420 : * stream_open never fails and is marked to return int so that it could be
1421 : * directly used as file_operations.open .
1422 : */
1423 0 : int stream_open(struct inode *inode, struct file *filp)
1424 : {
1425 0 : filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE | FMODE_ATOMIC_POS);
1426 0 : filp->f_mode |= FMODE_STREAM;
1427 0 : return 0;
1428 : }
1429 :
1430 : EXPORT_SYMBOL(stream_open);
|
