Root/
1 | /* |
2 | * linux/fs/open.c |
3 | * |
4 | * Copyright (C) 1991, 1992 Linus Torvalds |
5 | */ |
6 | |
7 | #include <linux/string.h> |
8 | #include <linux/mm.h> |
9 | #include <linux/file.h> |
10 | #include <linux/fdtable.h> |
11 | #include <linux/fsnotify.h> |
12 | #include <linux/module.h> |
13 | #include <linux/tty.h> |
14 | #include <linux/namei.h> |
15 | #include <linux/backing-dev.h> |
16 | #include <linux/capability.h> |
17 | #include <linux/securebits.h> |
18 | #include <linux/security.h> |
19 | #include <linux/mount.h> |
20 | #include <linux/fcntl.h> |
21 | #include <linux/slab.h> |
22 | #include <asm/uaccess.h> |
23 | #include <linux/fs.h> |
24 | #include <linux/personality.h> |
25 | #include <linux/pagemap.h> |
26 | #include <linux/syscalls.h> |
27 | #include <linux/rcupdate.h> |
28 | #include <linux/audit.h> |
29 | #include <linux/falloc.h> |
30 | #include <linux/fs_struct.h> |
31 | #include <linux/ima.h> |
32 | #include <linux/dnotify.h> |
33 | #include <linux/compat.h> |
34 | |
35 | #include "internal.h" |
36 | |
37 | int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, |
38 | struct file *filp) |
39 | { |
40 | int ret; |
41 | struct iattr newattrs; |
42 | |
43 | /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */ |
44 | if (length < 0) |
45 | return -EINVAL; |
46 | |
47 | newattrs.ia_size = length; |
48 | newattrs.ia_valid = ATTR_SIZE | time_attrs; |
49 | if (filp) { |
50 | newattrs.ia_file = filp; |
51 | newattrs.ia_valid |= ATTR_FILE; |
52 | } |
53 | |
54 | /* Remove suid/sgid on truncate too */ |
55 | ret = should_remove_suid(dentry); |
56 | if (ret) |
57 | newattrs.ia_valid |= ret | ATTR_FORCE; |
58 | |
59 | mutex_lock(&dentry->d_inode->i_mutex); |
60 | ret = notify_change(dentry, &newattrs); |
61 | mutex_unlock(&dentry->d_inode->i_mutex); |
62 | return ret; |
63 | } |
64 | |
65 | long vfs_truncate(struct path *path, loff_t length) |
66 | { |
67 | struct inode *inode; |
68 | long error; |
69 | |
70 | inode = path->dentry->d_inode; |
71 | |
72 | /* For directories it's -EISDIR, for other non-regulars - -EINVAL */ |
73 | if (S_ISDIR(inode->i_mode)) |
74 | return -EISDIR; |
75 | if (!S_ISREG(inode->i_mode)) |
76 | return -EINVAL; |
77 | |
78 | error = mnt_want_write(path->mnt); |
79 | if (error) |
80 | goto out; |
81 | |
82 | error = inode_permission(inode, MAY_WRITE); |
83 | if (error) |
84 | goto mnt_drop_write_and_out; |
85 | |
86 | error = -EPERM; |
87 | if (IS_APPEND(inode)) |
88 | goto mnt_drop_write_and_out; |
89 | |
90 | error = get_write_access(inode); |
91 | if (error) |
92 | goto mnt_drop_write_and_out; |
93 | |
94 | /* |
95 | * Make sure that there are no leases. get_write_access() protects |
96 | * against the truncate racing with a lease-granting setlease(). |
97 | */ |
98 | error = break_lease(inode, O_WRONLY); |
99 | if (error) |
100 | goto put_write_and_out; |
101 | |
102 | error = locks_verify_truncate(inode, NULL, length); |
103 | if (!error) |
104 | error = security_path_truncate(path); |
105 | if (!error) |
106 | error = do_truncate(path->dentry, length, 0, NULL); |
107 | |
108 | put_write_and_out: |
109 | put_write_access(inode); |
110 | mnt_drop_write_and_out: |
111 | mnt_drop_write(path->mnt); |
112 | out: |
113 | return error; |
114 | } |
115 | EXPORT_SYMBOL_GPL(vfs_truncate); |
116 | |
117 | static long do_sys_truncate(const char __user *pathname, loff_t length) |
118 | { |
119 | unsigned int lookup_flags = LOOKUP_FOLLOW; |
120 | struct path path; |
121 | int error; |
122 | |
123 | if (length < 0) /* sorry, but loff_t says... */ |
124 | return -EINVAL; |
125 | |
126 | retry: |
127 | error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path); |
128 | if (!error) { |
129 | error = vfs_truncate(&path, length); |
130 | path_put(&path); |
131 | } |
132 | if (retry_estale(error, lookup_flags)) { |
133 | lookup_flags |= LOOKUP_REVAL; |
134 | goto retry; |
135 | } |
136 | return error; |
137 | } |
138 | |
139 | SYSCALL_DEFINE2(truncate, const char __user *, path, long, length) |
140 | { |
141 | return do_sys_truncate(path, length); |
142 | } |
143 | |
144 | #ifdef CONFIG_COMPAT |
145 | COMPAT_SYSCALL_DEFINE2(truncate, const char __user *, path, compat_off_t, length) |
146 | { |
147 | return do_sys_truncate(path, length); |
148 | } |
149 | #endif |
150 | |
151 | static long do_sys_ftruncate(unsigned int fd, loff_t length, int small) |
152 | { |
153 | struct inode *inode; |
154 | struct dentry *dentry; |
155 | struct fd f; |
156 | int error; |
157 | |
158 | error = -EINVAL; |
159 | if (length < 0) |
160 | goto out; |
161 | error = -EBADF; |
162 | f = fdget(fd); |
163 | if (!f.file) |
164 | goto out; |
165 | |
166 | /* explicitly opened as large or we are on 64-bit box */ |
167 | if (f.file->f_flags & O_LARGEFILE) |
168 | small = 0; |
169 | |
170 | dentry = f.file->f_path.dentry; |
171 | inode = dentry->d_inode; |
172 | error = -EINVAL; |
173 | if (!S_ISREG(inode->i_mode) || !(f.file->f_mode & FMODE_WRITE)) |
174 | goto out_putf; |
175 | |
176 | error = -EINVAL; |
177 | /* Cannot ftruncate over 2^31 bytes without large file support */ |
178 | if (small && length > MAX_NON_LFS) |
179 | goto out_putf; |
180 | |
181 | error = -EPERM; |
182 | if (IS_APPEND(inode)) |
183 | goto out_putf; |
184 | |
185 | sb_start_write(inode->i_sb); |
186 | error = locks_verify_truncate(inode, f.file, length); |
187 | if (!error) |
188 | error = security_path_truncate(&f.file->f_path); |
189 | if (!error) |
190 | error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file); |
191 | sb_end_write(inode->i_sb); |
192 | out_putf: |
193 | fdput(f); |
194 | out: |
195 | return error; |
196 | } |
197 | |
198 | SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length) |
199 | { |
200 | return do_sys_ftruncate(fd, length, 1); |
201 | } |
202 | |
203 | #ifdef CONFIG_COMPAT |
204 | COMPAT_SYSCALL_DEFINE2(ftruncate, unsigned int, fd, compat_ulong_t, length) |
205 | { |
206 | return do_sys_ftruncate(fd, length, 1); |
207 | } |
208 | #endif |
209 | |
210 | /* LFS versions of truncate are only needed on 32 bit machines */ |
211 | #if BITS_PER_LONG == 32 |
212 | SYSCALL_DEFINE2(truncate64, const char __user *, path, loff_t, length) |
213 | { |
214 | return do_sys_truncate(path, length); |
215 | } |
216 | |
217 | SYSCALL_DEFINE2(ftruncate64, unsigned int, fd, loff_t, length) |
218 | { |
219 | return do_sys_ftruncate(fd, length, 0); |
220 | } |
221 | #endif /* BITS_PER_LONG == 32 */ |
222 | |
223 | |
224 | int do_fallocate(struct file *file, int mode, loff_t offset, loff_t len) |
225 | { |
226 | struct inode *inode = file_inode(file); |
227 | long ret; |
228 | |
229 | if (offset < 0 || len <= 0) |
230 | return -EINVAL; |
231 | |
232 | /* Return error if mode is not supported */ |
233 | if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE)) |
234 | return -EOPNOTSUPP; |
235 | |
236 | /* Punch hole must have keep size set */ |
237 | if ((mode & FALLOC_FL_PUNCH_HOLE) && |
238 | !(mode & FALLOC_FL_KEEP_SIZE)) |
239 | return -EOPNOTSUPP; |
240 | |
241 | if (!(file->f_mode & FMODE_WRITE)) |
242 | return -EBADF; |
243 | |
244 | /* It's not possible punch hole on append only file */ |
245 | if (mode & FALLOC_FL_PUNCH_HOLE && IS_APPEND(inode)) |
246 | return -EPERM; |
247 | |
248 | if (IS_IMMUTABLE(inode)) |
249 | return -EPERM; |
250 | |
251 | /* |
252 | * Revalidate the write permissions, in case security policy has |
253 | * changed since the files were opened. |
254 | */ |
255 | ret = security_file_permission(file, MAY_WRITE); |
256 | if (ret) |
257 | return ret; |
258 | |
259 | if (S_ISFIFO(inode->i_mode)) |
260 | return -ESPIPE; |
261 | |
262 | /* |
263 | * Let individual file system decide if it supports preallocation |
264 | * for directories or not. |
265 | */ |
266 | if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) |
267 | return -ENODEV; |
268 | |
269 | /* Check for wrap through zero too */ |
270 | if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) |
271 | return -EFBIG; |
272 | |
273 | if (!file->f_op->fallocate) |
274 | return -EOPNOTSUPP; |
275 | |
276 | sb_start_write(inode->i_sb); |
277 | ret = file->f_op->fallocate(file, mode, offset, len); |
278 | sb_end_write(inode->i_sb); |
279 | return ret; |
280 | } |
281 | |
282 | SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len) |
283 | { |
284 | struct fd f = fdget(fd); |
285 | int error = -EBADF; |
286 | |
287 | if (f.file) { |
288 | error = do_fallocate(f.file, mode, offset, len); |
289 | fdput(f); |
290 | } |
291 | return error; |
292 | } |
293 | |
294 | /* |
295 | * access() needs to use the real uid/gid, not the effective uid/gid. |
296 | * We do this by temporarily clearing all FS-related capabilities and |
297 | * switching the fsuid/fsgid around to the real ones. |
298 | */ |
299 | SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) |
300 | { |
301 | const struct cred *old_cred; |
302 | struct cred *override_cred; |
303 | struct path path; |
304 | struct inode *inode; |
305 | int res; |
306 | unsigned int lookup_flags = LOOKUP_FOLLOW; |
307 | |
308 | if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ |
309 | return -EINVAL; |
310 | |
311 | override_cred = prepare_creds(); |
312 | if (!override_cred) |
313 | return -ENOMEM; |
314 | |
315 | override_cred->fsuid = override_cred->uid; |
316 | override_cred->fsgid = override_cred->gid; |
317 | |
318 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { |
319 | /* Clear the capabilities if we switch to a non-root user */ |
320 | kuid_t root_uid = make_kuid(override_cred->user_ns, 0); |
321 | if (!uid_eq(override_cred->uid, root_uid)) |
322 | cap_clear(override_cred->cap_effective); |
323 | else |
324 | override_cred->cap_effective = |
325 | override_cred->cap_permitted; |
326 | } |
327 | |
328 | old_cred = override_creds(override_cred); |
329 | retry: |
330 | res = user_path_at(dfd, filename, lookup_flags, &path); |
331 | if (res) |
332 | goto out; |
333 | |
334 | inode = path.dentry->d_inode; |
335 | |
336 | if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) { |
337 | /* |
338 | * MAY_EXEC on regular files is denied if the fs is mounted |
339 | * with the "noexec" flag. |
340 | */ |
341 | res = -EACCES; |
342 | if (path.mnt->mnt_flags & MNT_NOEXEC) |
343 | goto out_path_release; |
344 | } |
345 | |
346 | res = inode_permission(inode, mode | MAY_ACCESS); |
347 | /* SuS v2 requires we report a read only fs too */ |
348 | if (res || !(mode & S_IWOTH) || special_file(inode->i_mode)) |
349 | goto out_path_release; |
350 | /* |
351 | * This is a rare case where using __mnt_is_readonly() |
352 | * is OK without a mnt_want/drop_write() pair. Since |
353 | * no actual write to the fs is performed here, we do |
354 | * not need to telegraph to that to anyone. |
355 | * |
356 | * By doing this, we accept that this access is |
357 | * inherently racy and know that the fs may change |
358 | * state before we even see this result. |
359 | */ |
360 | if (__mnt_is_readonly(path.mnt)) |
361 | res = -EROFS; |
362 | |
363 | out_path_release: |
364 | path_put(&path); |
365 | if (retry_estale(res, lookup_flags)) { |
366 | lookup_flags |= LOOKUP_REVAL; |
367 | goto retry; |
368 | } |
369 | out: |
370 | revert_creds(old_cred); |
371 | put_cred(override_cred); |
372 | return res; |
373 | } |
374 | |
375 | SYSCALL_DEFINE2(access, const char __user *, filename, int, mode) |
376 | { |
377 | return sys_faccessat(AT_FDCWD, filename, mode); |
378 | } |
379 | |
380 | SYSCALL_DEFINE1(chdir, const char __user *, filename) |
381 | { |
382 | struct path path; |
383 | int error; |
384 | unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY; |
385 | retry: |
386 | error = user_path_at(AT_FDCWD, filename, lookup_flags, &path); |
387 | if (error) |
388 | goto out; |
389 | |
390 | error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR); |
391 | if (error) |
392 | goto dput_and_out; |
393 | |
394 | set_fs_pwd(current->fs, &path); |
395 | |
396 | dput_and_out: |
397 | path_put(&path); |
398 | if (retry_estale(error, lookup_flags)) { |
399 | lookup_flags |= LOOKUP_REVAL; |
400 | goto retry; |
401 | } |
402 | out: |
403 | return error; |
404 | } |
405 | |
406 | SYSCALL_DEFINE1(fchdir, unsigned int, fd) |
407 | { |
408 | struct fd f = fdget_raw(fd); |
409 | struct inode *inode; |
410 | int error = -EBADF; |
411 | |
412 | error = -EBADF; |
413 | if (!f.file) |
414 | goto out; |
415 | |
416 | inode = file_inode(f.file); |
417 | |
418 | error = -ENOTDIR; |
419 | if (!S_ISDIR(inode->i_mode)) |
420 | goto out_putf; |
421 | |
422 | error = inode_permission(inode, MAY_EXEC | MAY_CHDIR); |
423 | if (!error) |
424 | set_fs_pwd(current->fs, &f.file->f_path); |
425 | out_putf: |
426 | fdput(f); |
427 | out: |
428 | return error; |
429 | } |
430 | |
431 | SYSCALL_DEFINE1(chroot, const char __user *, filename) |
432 | { |
433 | struct path path; |
434 | int error; |
435 | unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY; |
436 | retry: |
437 | error = user_path_at(AT_FDCWD, filename, lookup_flags, &path); |
438 | if (error) |
439 | goto out; |
440 | |
441 | error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR); |
442 | if (error) |
443 | goto dput_and_out; |
444 | |
445 | error = -EPERM; |
446 | if (!nsown_capable(CAP_SYS_CHROOT)) |
447 | goto dput_and_out; |
448 | error = security_path_chroot(&path); |
449 | if (error) |
450 | goto dput_and_out; |
451 | |
452 | set_fs_root(current->fs, &path); |
453 | error = 0; |
454 | dput_and_out: |
455 | path_put(&path); |
456 | if (retry_estale(error, lookup_flags)) { |
457 | lookup_flags |= LOOKUP_REVAL; |
458 | goto retry; |
459 | } |
460 | out: |
461 | return error; |
462 | } |
463 | |
464 | static int chmod_common(struct path *path, umode_t mode) |
465 | { |
466 | struct inode *inode = path->dentry->d_inode; |
467 | struct iattr newattrs; |
468 | int error; |
469 | |
470 | error = mnt_want_write(path->mnt); |
471 | if (error) |
472 | return error; |
473 | mutex_lock(&inode->i_mutex); |
474 | error = security_path_chmod(path, mode); |
475 | if (error) |
476 | goto out_unlock; |
477 | newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); |
478 | newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; |
479 | error = notify_change(path->dentry, &newattrs); |
480 | out_unlock: |
481 | mutex_unlock(&inode->i_mutex); |
482 | mnt_drop_write(path->mnt); |
483 | return error; |
484 | } |
485 | |
486 | SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode) |
487 | { |
488 | struct file * file; |
489 | int err = -EBADF; |
490 | |
491 | file = fget(fd); |
492 | if (file) { |
493 | audit_inode(NULL, file->f_path.dentry, 0); |
494 | err = chmod_common(&file->f_path, mode); |
495 | fput(file); |
496 | } |
497 | return err; |
498 | } |
499 | |
500 | SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename, umode_t, mode) |
501 | { |
502 | struct path path; |
503 | int error; |
504 | unsigned int lookup_flags = LOOKUP_FOLLOW; |
505 | retry: |
506 | error = user_path_at(dfd, filename, lookup_flags, &path); |
507 | if (!error) { |
508 | error = chmod_common(&path, mode); |
509 | path_put(&path); |
510 | if (retry_estale(error, lookup_flags)) { |
511 | lookup_flags |= LOOKUP_REVAL; |
512 | goto retry; |
513 | } |
514 | } |
515 | return error; |
516 | } |
517 | |
518 | SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode) |
519 | { |
520 | return sys_fchmodat(AT_FDCWD, filename, mode); |
521 | } |
522 | |
523 | static int chown_common(struct path *path, uid_t user, gid_t group) |
524 | { |
525 | struct inode *inode = path->dentry->d_inode; |
526 | int error; |
527 | struct iattr newattrs; |
528 | kuid_t uid; |
529 | kgid_t gid; |
530 | |
531 | uid = make_kuid(current_user_ns(), user); |
532 | gid = make_kgid(current_user_ns(), group); |
533 | |
534 | newattrs.ia_valid = ATTR_CTIME; |
535 | if (user != (uid_t) -1) { |
536 | if (!uid_valid(uid)) |
537 | return -EINVAL; |
538 | newattrs.ia_valid |= ATTR_UID; |
539 | newattrs.ia_uid = uid; |
540 | } |
541 | if (group != (gid_t) -1) { |
542 | if (!gid_valid(gid)) |
543 | return -EINVAL; |
544 | newattrs.ia_valid |= ATTR_GID; |
545 | newattrs.ia_gid = gid; |
546 | } |
547 | if (!S_ISDIR(inode->i_mode)) |
548 | newattrs.ia_valid |= |
549 | ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV; |
550 | mutex_lock(&inode->i_mutex); |
551 | error = security_path_chown(path, uid, gid); |
552 | if (!error) |
553 | error = notify_change(path->dentry, &newattrs); |
554 | mutex_unlock(&inode->i_mutex); |
555 | |
556 | return error; |
557 | } |
558 | |
559 | SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user, |
560 | gid_t, group, int, flag) |
561 | { |
562 | struct path path; |
563 | int error = -EINVAL; |
564 | int lookup_flags; |
565 | |
566 | if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) |
567 | goto out; |
568 | |
569 | lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; |
570 | if (flag & AT_EMPTY_PATH) |
571 | lookup_flags |= LOOKUP_EMPTY; |
572 | retry: |
573 | error = user_path_at(dfd, filename, lookup_flags, &path); |
574 | if (error) |
575 | goto out; |
576 | error = mnt_want_write(path.mnt); |
577 | if (error) |
578 | goto out_release; |
579 | error = chown_common(&path, user, group); |
580 | mnt_drop_write(path.mnt); |
581 | out_release: |
582 | path_put(&path); |
583 | if (retry_estale(error, lookup_flags)) { |
584 | lookup_flags |= LOOKUP_REVAL; |
585 | goto retry; |
586 | } |
587 | out: |
588 | return error; |
589 | } |
590 | |
591 | SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group) |
592 | { |
593 | return sys_fchownat(AT_FDCWD, filename, user, group, 0); |
594 | } |
595 | |
596 | SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group) |
597 | { |
598 | return sys_fchownat(AT_FDCWD, filename, user, group, |
599 | AT_SYMLINK_NOFOLLOW); |
600 | } |
601 | |
602 | SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group) |
603 | { |
604 | struct fd f = fdget(fd); |
605 | int error = -EBADF; |
606 | |
607 | if (!f.file) |
608 | goto out; |
609 | |
610 | error = mnt_want_write_file(f.file); |
611 | if (error) |
612 | goto out_fput; |
613 | audit_inode(NULL, f.file->f_path.dentry, 0); |
614 | error = chown_common(&f.file->f_path, user, group); |
615 | mnt_drop_write_file(f.file); |
616 | out_fput: |
617 | fdput(f); |
618 | out: |
619 | return error; |
620 | } |
621 | |
622 | /* |
623 | * You have to be very careful that these write |
624 | * counts get cleaned up in error cases and |
625 | * upon __fput(). This should probably never |
626 | * be called outside of __dentry_open(). |
627 | */ |
628 | static inline int __get_file_write_access(struct inode *inode, |
629 | struct vfsmount *mnt) |
630 | { |
631 | int error; |
632 | error = get_write_access(inode); |
633 | if (error) |
634 | return error; |
635 | /* |
636 | * Do not take mount writer counts on |
637 | * special files since no writes to |
638 | * the mount itself will occur. |
639 | */ |
640 | if (!special_file(inode->i_mode)) { |
641 | /* |
642 | * Balanced in __fput() |
643 | */ |
644 | error = __mnt_want_write(mnt); |
645 | if (error) |
646 | put_write_access(inode); |
647 | } |
648 | return error; |
649 | } |
650 | |
651 | int open_check_o_direct(struct file *f) |
652 | { |
653 | /* NB: we're sure to have correct a_ops only after f_op->open */ |
654 | if (f->f_flags & O_DIRECT) { |
655 | if (!f->f_mapping->a_ops || |
656 | ((!f->f_mapping->a_ops->direct_IO) && |
657 | (!f->f_mapping->a_ops->get_xip_mem))) { |
658 | return -EINVAL; |
659 | } |
660 | } |
661 | return 0; |
662 | } |
663 | |
664 | static int do_dentry_open(struct file *f, |
665 | int (*open)(struct inode *, struct file *), |
666 | const struct cred *cred) |
667 | { |
668 | static const struct file_operations empty_fops = {}; |
669 | struct inode *inode; |
670 | int error; |
671 | |
672 | f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK | |
673 | FMODE_PREAD | FMODE_PWRITE; |
674 | |
675 | if (unlikely(f->f_flags & O_PATH)) |
676 | f->f_mode = FMODE_PATH; |
677 | |
678 | path_get(&f->f_path); |
679 | inode = f->f_inode = f->f_path.dentry->d_inode; |
680 | if (f->f_mode & FMODE_WRITE) { |
681 | error = __get_file_write_access(inode, f->f_path.mnt); |
682 | if (error) |
683 | goto cleanup_file; |
684 | if (!special_file(inode->i_mode)) |
685 | file_take_write(f); |
686 | } |
687 | |
688 | f->f_mapping = inode->i_mapping; |
689 | file_sb_list_add(f, inode->i_sb); |
690 | |
691 | if (unlikely(f->f_mode & FMODE_PATH)) { |
692 | f->f_op = &empty_fops; |
693 | return 0; |
694 | } |
695 | |
696 | f->f_op = fops_get(inode->i_fop); |
697 | |
698 | error = security_file_open(f, cred); |
699 | if (error) |
700 | goto cleanup_all; |
701 | |
702 | error = break_lease(inode, f->f_flags); |
703 | if (error) |
704 | goto cleanup_all; |
705 | |
706 | if (!open && f->f_op) |
707 | open = f->f_op->open; |
708 | if (open) { |
709 | error = open(inode, f); |
710 | if (error) |
711 | goto cleanup_all; |
712 | } |
713 | if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) |
714 | i_readcount_inc(inode); |
715 | |
716 | f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); |
717 | |
718 | file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping); |
719 | |
720 | return 0; |
721 | |
722 | cleanup_all: |
723 | fops_put(f->f_op); |
724 | file_sb_list_del(f); |
725 | if (f->f_mode & FMODE_WRITE) { |
726 | put_write_access(inode); |
727 | if (!special_file(inode->i_mode)) { |
728 | /* |
729 | * We don't consider this a real |
730 | * mnt_want/drop_write() pair |
731 | * because it all happenend right |
732 | * here, so just reset the state. |
733 | */ |
734 | file_reset_write(f); |
735 | __mnt_drop_write(f->f_path.mnt); |
736 | } |
737 | } |
738 | cleanup_file: |
739 | path_put(&f->f_path); |
740 | f->f_path.mnt = NULL; |
741 | f->f_path.dentry = NULL; |
742 | f->f_inode = NULL; |
743 | return error; |
744 | } |
745 | |
746 | /** |
747 | * finish_open - finish opening a file |
748 | * @od: opaque open data |
749 | * @dentry: pointer to dentry |
750 | * @open: open callback |
751 | * |
752 | * This can be used to finish opening a file passed to i_op->atomic_open(). |
753 | * |
754 | * If the open callback is set to NULL, then the standard f_op->open() |
755 | * filesystem callback is substituted. |
756 | */ |
757 | int finish_open(struct file *file, struct dentry *dentry, |
758 | int (*open)(struct inode *, struct file *), |
759 | int *opened) |
760 | { |
761 | int error; |
762 | BUG_ON(*opened & FILE_OPENED); /* once it's opened, it's opened */ |
763 | |
764 | file->f_path.dentry = dentry; |
765 | error = do_dentry_open(file, open, current_cred()); |
766 | if (!error) |
767 | *opened |= FILE_OPENED; |
768 | |
769 | return error; |
770 | } |
771 | EXPORT_SYMBOL(finish_open); |
772 | |
773 | /** |
774 | * finish_no_open - finish ->atomic_open() without opening the file |
775 | * |
776 | * @od: opaque open data |
777 | * @dentry: dentry or NULL (as returned from ->lookup()) |
778 | * |
779 | * This can be used to set the result of a successful lookup in ->atomic_open(). |
780 | * The filesystem's atomic_open() method shall return NULL after calling this. |
781 | */ |
782 | int finish_no_open(struct file *file, struct dentry *dentry) |
783 | { |
784 | file->f_path.dentry = dentry; |
785 | return 1; |
786 | } |
787 | EXPORT_SYMBOL(finish_no_open); |
788 | |
789 | struct file *dentry_open(const struct path *path, int flags, |
790 | const struct cred *cred) |
791 | { |
792 | int error; |
793 | struct file *f; |
794 | |
795 | validate_creds(cred); |
796 | |
797 | /* We must always pass in a valid mount pointer. */ |
798 | BUG_ON(!path->mnt); |
799 | |
800 | f = get_empty_filp(); |
801 | if (!IS_ERR(f)) { |
802 | f->f_flags = flags; |
803 | f->f_path = *path; |
804 | error = do_dentry_open(f, NULL, cred); |
805 | if (!error) { |
806 | /* from now on we need fput() to dispose of f */ |
807 | error = open_check_o_direct(f); |
808 | if (error) { |
809 | fput(f); |
810 | f = ERR_PTR(error); |
811 | } |
812 | } else { |
813 | put_filp(f); |
814 | f = ERR_PTR(error); |
815 | } |
816 | } |
817 | return f; |
818 | } |
819 | EXPORT_SYMBOL(dentry_open); |
820 | |
821 | static inline int build_open_flags(int flags, umode_t mode, struct open_flags *op) |
822 | { |
823 | int lookup_flags = 0; |
824 | int acc_mode; |
825 | |
826 | if (flags & (O_CREAT | __O_TMPFILE)) |
827 | op->mode = (mode & S_IALLUGO) | S_IFREG; |
828 | else |
829 | op->mode = 0; |
830 | |
831 | /* Must never be set by userspace */ |
832 | flags &= ~FMODE_NONOTIFY & ~O_CLOEXEC; |
833 | |
834 | /* |
835 | * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only |
836 | * check for O_DSYNC if the need any syncing at all we enforce it's |
837 | * always set instead of having to deal with possibly weird behaviour |
838 | * for malicious applications setting only __O_SYNC. |
839 | */ |
840 | if (flags & __O_SYNC) |
841 | flags |= O_DSYNC; |
842 | |
843 | if (flags & __O_TMPFILE) { |
844 | if ((flags & O_TMPFILE_MASK) != O_TMPFILE) |
845 | return -EINVAL; |
846 | acc_mode = MAY_OPEN | ACC_MODE(flags); |
847 | if (!(acc_mode & MAY_WRITE)) |
848 | return -EINVAL; |
849 | } else if (flags & O_PATH) { |
850 | /* |
851 | * If we have O_PATH in the open flag. Then we |
852 | * cannot have anything other than the below set of flags |
853 | */ |
854 | flags &= O_DIRECTORY | O_NOFOLLOW | O_PATH; |
855 | acc_mode = 0; |
856 | } else { |
857 | acc_mode = MAY_OPEN | ACC_MODE(flags); |
858 | } |
859 | |
860 | op->open_flag = flags; |
861 | |
862 | /* O_TRUNC implies we need access checks for write permissions */ |
863 | if (flags & O_TRUNC) |
864 | acc_mode |= MAY_WRITE; |
865 | |
866 | /* Allow the LSM permission hook to distinguish append |
867 | access from general write access. */ |
868 | if (flags & O_APPEND) |
869 | acc_mode |= MAY_APPEND; |
870 | |
871 | op->acc_mode = acc_mode; |
872 | |
873 | op->intent = flags & O_PATH ? 0 : LOOKUP_OPEN; |
874 | |
875 | if (flags & O_CREAT) { |
876 | op->intent |= LOOKUP_CREATE; |
877 | if (flags & O_EXCL) |
878 | op->intent |= LOOKUP_EXCL; |
879 | } |
880 | |
881 | if (flags & O_DIRECTORY) |
882 | lookup_flags |= LOOKUP_DIRECTORY; |
883 | if (!(flags & O_NOFOLLOW)) |
884 | lookup_flags |= LOOKUP_FOLLOW; |
885 | op->lookup_flags = lookup_flags; |
886 | return 0; |
887 | } |
888 | |
889 | /** |
890 | * file_open_name - open file and return file pointer |
891 | * |
892 | * @name: struct filename containing path to open |
893 | * @flags: open flags as per the open(2) second argument |
894 | * @mode: mode for the new file if O_CREAT is set, else ignored |
895 | * |
896 | * This is the helper to open a file from kernelspace if you really |
897 | * have to. But in generally you should not do this, so please move |
898 | * along, nothing to see here.. |
899 | */ |
900 | struct file *file_open_name(struct filename *name, int flags, umode_t mode) |
901 | { |
902 | struct open_flags op; |
903 | int err = build_open_flags(flags, mode, &op); |
904 | return err ? ERR_PTR(err) : do_filp_open(AT_FDCWD, name, &op); |
905 | } |
906 | |
907 | /** |
908 | * filp_open - open file and return file pointer |
909 | * |
910 | * @filename: path to open |
911 | * @flags: open flags as per the open(2) second argument |
912 | * @mode: mode for the new file if O_CREAT is set, else ignored |
913 | * |
914 | * This is the helper to open a file from kernelspace if you really |
915 | * have to. But in generally you should not do this, so please move |
916 | * along, nothing to see here.. |
917 | */ |
918 | struct file *filp_open(const char *filename, int flags, umode_t mode) |
919 | { |
920 | struct filename name = {.name = filename}; |
921 | return file_open_name(&name, flags, mode); |
922 | } |
923 | EXPORT_SYMBOL(filp_open); |
924 | |
925 | struct file *file_open_root(struct dentry *dentry, struct vfsmount *mnt, |
926 | const char *filename, int flags) |
927 | { |
928 | struct open_flags op; |
929 | int err = build_open_flags(flags, 0, &op); |
930 | if (err) |
931 | return ERR_PTR(err); |
932 | if (flags & O_CREAT) |
933 | return ERR_PTR(-EINVAL); |
934 | if (!filename && (flags & O_DIRECTORY)) |
935 | if (!dentry->d_inode->i_op->lookup) |
936 | return ERR_PTR(-ENOTDIR); |
937 | return do_file_open_root(dentry, mnt, filename, &op); |
938 | } |
939 | EXPORT_SYMBOL(file_open_root); |
940 | |
941 | long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) |
942 | { |
943 | struct open_flags op; |
944 | int fd = build_open_flags(flags, mode, &op); |
945 | struct filename *tmp; |
946 | |
947 | if (fd) |
948 | return fd; |
949 | |
950 | tmp = getname(filename); |
951 | if (IS_ERR(tmp)) |
952 | return PTR_ERR(tmp); |
953 | |
954 | fd = get_unused_fd_flags(flags); |
955 | if (fd >= 0) { |
956 | struct file *f = do_filp_open(dfd, tmp, &op); |
957 | if (IS_ERR(f)) { |
958 | put_unused_fd(fd); |
959 | fd = PTR_ERR(f); |
960 | } else { |
961 | fsnotify_open(f); |
962 | fd_install(fd, f); |
963 | } |
964 | } |
965 | putname(tmp); |
966 | return fd; |
967 | } |
968 | |
969 | SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode) |
970 | { |
971 | if (force_o_largefile()) |
972 | flags |= O_LARGEFILE; |
973 | |
974 | return do_sys_open(AT_FDCWD, filename, flags, mode); |
975 | } |
976 | |
977 | SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, |
978 | umode_t, mode) |
979 | { |
980 | if (force_o_largefile()) |
981 | flags |= O_LARGEFILE; |
982 | |
983 | return do_sys_open(dfd, filename, flags, mode); |
984 | } |
985 | |
986 | #ifndef __alpha__ |
987 | |
988 | /* |
989 | * For backward compatibility? Maybe this should be moved |
990 | * into arch/i386 instead? |
991 | */ |
992 | SYSCALL_DEFINE2(creat, const char __user *, pathname, umode_t, mode) |
993 | { |
994 | return sys_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); |
995 | } |
996 | |
997 | #endif |
998 | |
999 | /* |
1000 | * "id" is the POSIX thread ID. We use the |
1001 | * files pointer for this.. |
1002 | */ |
1003 | int filp_close(struct file *filp, fl_owner_t id) |
1004 | { |
1005 | int retval = 0; |
1006 | |
1007 | if (!file_count(filp)) { |
1008 | printk(KERN_ERR "VFS: Close: file count is 0\n"); |
1009 | return 0; |
1010 | } |
1011 | |
1012 | if (filp->f_op && filp->f_op->flush) |
1013 | retval = filp->f_op->flush(filp, id); |
1014 | |
1015 | if (likely(!(filp->f_mode & FMODE_PATH))) { |
1016 | dnotify_flush(filp, id); |
1017 | locks_remove_posix(filp, id); |
1018 | } |
1019 | fput(filp); |
1020 | return retval; |
1021 | } |
1022 | |
1023 | EXPORT_SYMBOL(filp_close); |
1024 | |
1025 | /* |
1026 | * Careful here! We test whether the file pointer is NULL before |
1027 | * releasing the fd. This ensures that one clone task can't release |
1028 | * an fd while another clone is opening it. |
1029 | */ |
1030 | SYSCALL_DEFINE1(close, unsigned int, fd) |
1031 | { |
1032 | int retval = __close_fd(current->files, fd); |
1033 | |
1034 | /* can't restart close syscall because file table entry was cleared */ |
1035 | if (unlikely(retval == -ERESTARTSYS || |
1036 | retval == -ERESTARTNOINTR || |
1037 | retval == -ERESTARTNOHAND || |
1038 | retval == -ERESTART_RESTARTBLOCK)) |
1039 | retval = -EINTR; |
1040 | |
1041 | return retval; |
1042 | } |
1043 | EXPORT_SYMBOL(sys_close); |
1044 | |
1045 | /* |
1046 | * This routine simulates a hangup on the tty, to arrange that users |
1047 | * are given clean terminals at login time. |
1048 | */ |
1049 | SYSCALL_DEFINE0(vhangup) |
1050 | { |
1051 | if (capable(CAP_SYS_TTY_CONFIG)) { |
1052 | tty_vhangup_self(); |
1053 | return 0; |
1054 | } |
1055 | return -EPERM; |
1056 | } |
1057 | |
1058 | /* |
1059 | * Called when an inode is about to be open. |
1060 | * We use this to disallow opening large files on 32bit systems if |
1061 | * the caller didn't specify O_LARGEFILE. On 64bit systems we force |
1062 | * on this flag in sys_open. |
1063 | */ |
1064 | int generic_file_open(struct inode * inode, struct file * filp) |
1065 | { |
1066 | if (!(filp->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS) |
1067 | return -EOVERFLOW; |
1068 | return 0; |
1069 | } |
1070 | |
1071 | EXPORT_SYMBOL(generic_file_open); |
1072 | |
1073 | /* |
1074 | * This is used by subsystems that don't want seekable |
1075 | * file descriptors. The function is not supposed to ever fail, the only |
1076 | * reason it returns an 'int' and not 'void' is so that it can be plugged |
1077 | * directly into file_operations structure. |
1078 | */ |
1079 | int nonseekable_open(struct inode *inode, struct file *filp) |
1080 | { |
1081 | filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE); |
1082 | return 0; |
1083 | } |
1084 | |
1085 | EXPORT_SYMBOL(nonseekable_open); |
1086 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9