Root/
1 | /* |
2 | * linux/fs/open.c |
3 | * |
4 | * Copyright (C) 1991, 1992 Linus Torvalds |
5 | */ |
6 | |
7 | #include <linux/string.h> |
8 | #include <linux/mm.h> |
9 | #include <linux/file.h> |
10 | #include <linux/fdtable.h> |
11 | #include <linux/fsnotify.h> |
12 | #include <linux/module.h> |
13 | #include <linux/tty.h> |
14 | #include <linux/namei.h> |
15 | #include <linux/backing-dev.h> |
16 | #include <linux/capability.h> |
17 | #include <linux/securebits.h> |
18 | #include <linux/security.h> |
19 | #include <linux/mount.h> |
20 | #include <linux/fcntl.h> |
21 | #include <linux/slab.h> |
22 | #include <asm/uaccess.h> |
23 | #include <linux/fs.h> |
24 | #include <linux/personality.h> |
25 | #include <linux/pagemap.h> |
26 | #include <linux/syscalls.h> |
27 | #include <linux/rcupdate.h> |
28 | #include <linux/audit.h> |
29 | #include <linux/falloc.h> |
30 | #include <linux/fs_struct.h> |
31 | #include <linux/ima.h> |
32 | #include <linux/dnotify.h> |
33 | |
34 | #include "internal.h" |
35 | |
36 | int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, |
37 | struct file *filp) |
38 | { |
39 | int ret; |
40 | struct iattr newattrs; |
41 | |
42 | /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */ |
43 | if (length < 0) |
44 | return -EINVAL; |
45 | |
46 | newattrs.ia_size = length; |
47 | newattrs.ia_valid = ATTR_SIZE | time_attrs; |
48 | if (filp) { |
49 | newattrs.ia_file = filp; |
50 | newattrs.ia_valid |= ATTR_FILE; |
51 | } |
52 | |
53 | /* Remove suid/sgid on truncate too */ |
54 | ret = should_remove_suid(dentry); |
55 | if (ret) |
56 | newattrs.ia_valid |= ret | ATTR_FORCE; |
57 | |
58 | mutex_lock(&dentry->d_inode->i_mutex); |
59 | ret = notify_change(dentry, &newattrs); |
60 | mutex_unlock(&dentry->d_inode->i_mutex); |
61 | return ret; |
62 | } |
63 | |
64 | static long do_sys_truncate(const char __user *pathname, loff_t length) |
65 | { |
66 | struct path path; |
67 | struct inode *inode; |
68 | int error; |
69 | |
70 | error = -EINVAL; |
71 | if (length < 0) /* sorry, but loff_t says... */ |
72 | goto out; |
73 | |
74 | error = user_path(pathname, &path); |
75 | if (error) |
76 | goto out; |
77 | inode = path.dentry->d_inode; |
78 | |
79 | /* For directories it's -EISDIR, for other non-regulars - -EINVAL */ |
80 | error = -EISDIR; |
81 | if (S_ISDIR(inode->i_mode)) |
82 | goto dput_and_out; |
83 | |
84 | error = -EINVAL; |
85 | if (!S_ISREG(inode->i_mode)) |
86 | goto dput_and_out; |
87 | |
88 | error = mnt_want_write(path.mnt); |
89 | if (error) |
90 | goto dput_and_out; |
91 | |
92 | error = inode_permission(inode, MAY_WRITE); |
93 | if (error) |
94 | goto mnt_drop_write_and_out; |
95 | |
96 | error = -EPERM; |
97 | if (IS_APPEND(inode)) |
98 | goto mnt_drop_write_and_out; |
99 | |
100 | error = get_write_access(inode); |
101 | if (error) |
102 | goto mnt_drop_write_and_out; |
103 | |
104 | /* |
105 | * Make sure that there are no leases. get_write_access() protects |
106 | * against the truncate racing with a lease-granting setlease(). |
107 | */ |
108 | error = break_lease(inode, O_WRONLY); |
109 | if (error) |
110 | goto put_write_and_out; |
111 | |
112 | error = locks_verify_truncate(inode, NULL, length); |
113 | if (!error) |
114 | error = security_path_truncate(&path); |
115 | if (!error) |
116 | error = do_truncate(path.dentry, length, 0, NULL); |
117 | |
118 | put_write_and_out: |
119 | put_write_access(inode); |
120 | mnt_drop_write_and_out: |
121 | mnt_drop_write(path.mnt); |
122 | dput_and_out: |
123 | path_put(&path); |
124 | out: |
125 | return error; |
126 | } |
127 | |
128 | SYSCALL_DEFINE2(truncate, const char __user *, path, long, length) |
129 | { |
130 | return do_sys_truncate(path, length); |
131 | } |
132 | |
133 | static long do_sys_ftruncate(unsigned int fd, loff_t length, int small) |
134 | { |
135 | struct inode * inode; |
136 | struct dentry *dentry; |
137 | struct file * file; |
138 | int error; |
139 | |
140 | error = -EINVAL; |
141 | if (length < 0) |
142 | goto out; |
143 | error = -EBADF; |
144 | file = fget(fd); |
145 | if (!file) |
146 | goto out; |
147 | |
148 | /* explicitly opened as large or we are on 64-bit box */ |
149 | if (file->f_flags & O_LARGEFILE) |
150 | small = 0; |
151 | |
152 | dentry = file->f_path.dentry; |
153 | inode = dentry->d_inode; |
154 | error = -EINVAL; |
155 | if (!S_ISREG(inode->i_mode) || !(file->f_mode & FMODE_WRITE)) |
156 | goto out_putf; |
157 | |
158 | error = -EINVAL; |
159 | /* Cannot ftruncate over 2^31 bytes without large file support */ |
160 | if (small && length > MAX_NON_LFS) |
161 | goto out_putf; |
162 | |
163 | error = -EPERM; |
164 | if (IS_APPEND(inode)) |
165 | goto out_putf; |
166 | |
167 | sb_start_write(inode->i_sb); |
168 | error = locks_verify_truncate(inode, file, length); |
169 | if (!error) |
170 | error = security_path_truncate(&file->f_path); |
171 | if (!error) |
172 | error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); |
173 | sb_end_write(inode->i_sb); |
174 | out_putf: |
175 | fput(file); |
176 | out: |
177 | return error; |
178 | } |
179 | |
180 | SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length) |
181 | { |
182 | long ret = do_sys_ftruncate(fd, length, 1); |
183 | /* avoid REGPARM breakage on x86: */ |
184 | asmlinkage_protect(2, ret, fd, length); |
185 | return ret; |
186 | } |
187 | |
188 | /* LFS versions of truncate are only needed on 32 bit machines */ |
189 | #if BITS_PER_LONG == 32 |
190 | SYSCALL_DEFINE(truncate64)(const char __user * path, loff_t length) |
191 | { |
192 | return do_sys_truncate(path, length); |
193 | } |
194 | #ifdef CONFIG_HAVE_SYSCALL_WRAPPERS |
195 | asmlinkage long SyS_truncate64(long path, loff_t length) |
196 | { |
197 | return SYSC_truncate64((const char __user *) path, length); |
198 | } |
199 | SYSCALL_ALIAS(sys_truncate64, SyS_truncate64); |
200 | #endif |
201 | |
202 | SYSCALL_DEFINE(ftruncate64)(unsigned int fd, loff_t length) |
203 | { |
204 | long ret = do_sys_ftruncate(fd, length, 0); |
205 | /* avoid REGPARM breakage on x86: */ |
206 | asmlinkage_protect(2, ret, fd, length); |
207 | return ret; |
208 | } |
209 | #ifdef CONFIG_HAVE_SYSCALL_WRAPPERS |
210 | asmlinkage long SyS_ftruncate64(long fd, loff_t length) |
211 | { |
212 | return SYSC_ftruncate64((unsigned int) fd, length); |
213 | } |
214 | SYSCALL_ALIAS(sys_ftruncate64, SyS_ftruncate64); |
215 | #endif |
216 | #endif /* BITS_PER_LONG == 32 */ |
217 | |
218 | |
219 | int do_fallocate(struct file *file, int mode, loff_t offset, loff_t len) |
220 | { |
221 | struct inode *inode = file->f_path.dentry->d_inode; |
222 | long ret; |
223 | |
224 | if (offset < 0 || len <= 0) |
225 | return -EINVAL; |
226 | |
227 | /* Return error if mode is not supported */ |
228 | if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE)) |
229 | return -EOPNOTSUPP; |
230 | |
231 | /* Punch hole must have keep size set */ |
232 | if ((mode & FALLOC_FL_PUNCH_HOLE) && |
233 | !(mode & FALLOC_FL_KEEP_SIZE)) |
234 | return -EOPNOTSUPP; |
235 | |
236 | if (!(file->f_mode & FMODE_WRITE)) |
237 | return -EBADF; |
238 | |
239 | /* It's not possible punch hole on append only file */ |
240 | if (mode & FALLOC_FL_PUNCH_HOLE && IS_APPEND(inode)) |
241 | return -EPERM; |
242 | |
243 | if (IS_IMMUTABLE(inode)) |
244 | return -EPERM; |
245 | |
246 | /* |
247 | * Revalidate the write permissions, in case security policy has |
248 | * changed since the files were opened. |
249 | */ |
250 | ret = security_file_permission(file, MAY_WRITE); |
251 | if (ret) |
252 | return ret; |
253 | |
254 | if (S_ISFIFO(inode->i_mode)) |
255 | return -ESPIPE; |
256 | |
257 | /* |
258 | * Let individual file system decide if it supports preallocation |
259 | * for directories or not. |
260 | */ |
261 | if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) |
262 | return -ENODEV; |
263 | |
264 | /* Check for wrap through zero too */ |
265 | if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) |
266 | return -EFBIG; |
267 | |
268 | if (!file->f_op->fallocate) |
269 | return -EOPNOTSUPP; |
270 | |
271 | sb_start_write(inode->i_sb); |
272 | ret = file->f_op->fallocate(file, mode, offset, len); |
273 | sb_end_write(inode->i_sb); |
274 | return ret; |
275 | } |
276 | |
277 | SYSCALL_DEFINE(fallocate)(int fd, int mode, loff_t offset, loff_t len) |
278 | { |
279 | struct file *file; |
280 | int error = -EBADF; |
281 | |
282 | file = fget(fd); |
283 | if (file) { |
284 | error = do_fallocate(file, mode, offset, len); |
285 | fput(file); |
286 | } |
287 | |
288 | return error; |
289 | } |
290 | |
291 | #ifdef CONFIG_HAVE_SYSCALL_WRAPPERS |
292 | asmlinkage long SyS_fallocate(long fd, long mode, loff_t offset, loff_t len) |
293 | { |
294 | return SYSC_fallocate((int)fd, (int)mode, offset, len); |
295 | } |
296 | SYSCALL_ALIAS(sys_fallocate, SyS_fallocate); |
297 | #endif |
298 | |
299 | /* |
300 | * access() needs to use the real uid/gid, not the effective uid/gid. |
301 | * We do this by temporarily clearing all FS-related capabilities and |
302 | * switching the fsuid/fsgid around to the real ones. |
303 | */ |
304 | SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) |
305 | { |
306 | const struct cred *old_cred; |
307 | struct cred *override_cred; |
308 | struct path path; |
309 | struct inode *inode; |
310 | int res; |
311 | |
312 | if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ |
313 | return -EINVAL; |
314 | |
315 | override_cred = prepare_creds(); |
316 | if (!override_cred) |
317 | return -ENOMEM; |
318 | |
319 | override_cred->fsuid = override_cred->uid; |
320 | override_cred->fsgid = override_cred->gid; |
321 | |
322 | if (!issecure(SECURE_NO_SETUID_FIXUP)) { |
323 | /* Clear the capabilities if we switch to a non-root user */ |
324 | kuid_t root_uid = make_kuid(override_cred->user_ns, 0); |
325 | if (!uid_eq(override_cred->uid, root_uid)) |
326 | cap_clear(override_cred->cap_effective); |
327 | else |
328 | override_cred->cap_effective = |
329 | override_cred->cap_permitted; |
330 | } |
331 | |
332 | old_cred = override_creds(override_cred); |
333 | |
334 | res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); |
335 | if (res) |
336 | goto out; |
337 | |
338 | inode = path.dentry->d_inode; |
339 | |
340 | if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) { |
341 | /* |
342 | * MAY_EXEC on regular files is denied if the fs is mounted |
343 | * with the "noexec" flag. |
344 | */ |
345 | res = -EACCES; |
346 | if (path.mnt->mnt_flags & MNT_NOEXEC) |
347 | goto out_path_release; |
348 | } |
349 | |
350 | res = inode_permission(inode, mode | MAY_ACCESS); |
351 | /* SuS v2 requires we report a read only fs too */ |
352 | if (res || !(mode & S_IWOTH) || special_file(inode->i_mode)) |
353 | goto out_path_release; |
354 | /* |
355 | * This is a rare case where using __mnt_is_readonly() |
356 | * is OK without a mnt_want/drop_write() pair. Since |
357 | * no actual write to the fs is performed here, we do |
358 | * not need to telegraph to that to anyone. |
359 | * |
360 | * By doing this, we accept that this access is |
361 | * inherently racy and know that the fs may change |
362 | * state before we even see this result. |
363 | */ |
364 | if (__mnt_is_readonly(path.mnt)) |
365 | res = -EROFS; |
366 | |
367 | out_path_release: |
368 | path_put(&path); |
369 | out: |
370 | revert_creds(old_cred); |
371 | put_cred(override_cred); |
372 | return res; |
373 | } |
374 | |
375 | SYSCALL_DEFINE2(access, const char __user *, filename, int, mode) |
376 | { |
377 | return sys_faccessat(AT_FDCWD, filename, mode); |
378 | } |
379 | |
380 | SYSCALL_DEFINE1(chdir, const char __user *, filename) |
381 | { |
382 | struct path path; |
383 | int error; |
384 | |
385 | error = user_path_dir(filename, &path); |
386 | if (error) |
387 | goto out; |
388 | |
389 | error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR); |
390 | if (error) |
391 | goto dput_and_out; |
392 | |
393 | set_fs_pwd(current->fs, &path); |
394 | |
395 | dput_and_out: |
396 | path_put(&path); |
397 | out: |
398 | return error; |
399 | } |
400 | |
401 | SYSCALL_DEFINE1(fchdir, unsigned int, fd) |
402 | { |
403 | struct file *file; |
404 | struct inode *inode; |
405 | int error, fput_needed; |
406 | |
407 | error = -EBADF; |
408 | file = fget_raw_light(fd, &fput_needed); |
409 | if (!file) |
410 | goto out; |
411 | |
412 | inode = file->f_path.dentry->d_inode; |
413 | |
414 | error = -ENOTDIR; |
415 | if (!S_ISDIR(inode->i_mode)) |
416 | goto out_putf; |
417 | |
418 | error = inode_permission(inode, MAY_EXEC | MAY_CHDIR); |
419 | if (!error) |
420 | set_fs_pwd(current->fs, &file->f_path); |
421 | out_putf: |
422 | fput_light(file, fput_needed); |
423 | out: |
424 | return error; |
425 | } |
426 | |
427 | SYSCALL_DEFINE1(chroot, const char __user *, filename) |
428 | { |
429 | struct path path; |
430 | int error; |
431 | |
432 | error = user_path_dir(filename, &path); |
433 | if (error) |
434 | goto out; |
435 | |
436 | error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR); |
437 | if (error) |
438 | goto dput_and_out; |
439 | |
440 | error = -EPERM; |
441 | if (!capable(CAP_SYS_CHROOT)) |
442 | goto dput_and_out; |
443 | error = security_path_chroot(&path); |
444 | if (error) |
445 | goto dput_and_out; |
446 | |
447 | set_fs_root(current->fs, &path); |
448 | error = 0; |
449 | dput_and_out: |
450 | path_put(&path); |
451 | out: |
452 | return error; |
453 | } |
454 | |
455 | static int chmod_common(struct path *path, umode_t mode) |
456 | { |
457 | struct inode *inode = path->dentry->d_inode; |
458 | struct iattr newattrs; |
459 | int error; |
460 | |
461 | error = mnt_want_write(path->mnt); |
462 | if (error) |
463 | return error; |
464 | mutex_lock(&inode->i_mutex); |
465 | error = security_path_chmod(path, mode); |
466 | if (error) |
467 | goto out_unlock; |
468 | newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); |
469 | newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; |
470 | error = notify_change(path->dentry, &newattrs); |
471 | out_unlock: |
472 | mutex_unlock(&inode->i_mutex); |
473 | mnt_drop_write(path->mnt); |
474 | return error; |
475 | } |
476 | |
477 | SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode) |
478 | { |
479 | struct file * file; |
480 | int err = -EBADF; |
481 | |
482 | file = fget(fd); |
483 | if (file) { |
484 | audit_inode(NULL, file->f_path.dentry); |
485 | err = chmod_common(&file->f_path, mode); |
486 | fput(file); |
487 | } |
488 | return err; |
489 | } |
490 | |
491 | SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename, umode_t, mode) |
492 | { |
493 | struct path path; |
494 | int error; |
495 | |
496 | error = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path); |
497 | if (!error) { |
498 | error = chmod_common(&path, mode); |
499 | path_put(&path); |
500 | } |
501 | return error; |
502 | } |
503 | |
504 | SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode) |
505 | { |
506 | return sys_fchmodat(AT_FDCWD, filename, mode); |
507 | } |
508 | |
509 | static int chown_common(struct path *path, uid_t user, gid_t group) |
510 | { |
511 | struct inode *inode = path->dentry->d_inode; |
512 | int error; |
513 | struct iattr newattrs; |
514 | kuid_t uid; |
515 | kgid_t gid; |
516 | |
517 | uid = make_kuid(current_user_ns(), user); |
518 | gid = make_kgid(current_user_ns(), group); |
519 | |
520 | newattrs.ia_valid = ATTR_CTIME; |
521 | if (user != (uid_t) -1) { |
522 | if (!uid_valid(uid)) |
523 | return -EINVAL; |
524 | newattrs.ia_valid |= ATTR_UID; |
525 | newattrs.ia_uid = uid; |
526 | } |
527 | if (group != (gid_t) -1) { |
528 | if (!gid_valid(gid)) |
529 | return -EINVAL; |
530 | newattrs.ia_valid |= ATTR_GID; |
531 | newattrs.ia_gid = gid; |
532 | } |
533 | if (!S_ISDIR(inode->i_mode)) |
534 | newattrs.ia_valid |= |
535 | ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV; |
536 | mutex_lock(&inode->i_mutex); |
537 | error = security_path_chown(path, user, group); |
538 | if (!error) |
539 | error = notify_change(path->dentry, &newattrs); |
540 | mutex_unlock(&inode->i_mutex); |
541 | |
542 | return error; |
543 | } |
544 | |
545 | SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user, |
546 | gid_t, group, int, flag) |
547 | { |
548 | struct path path; |
549 | int error = -EINVAL; |
550 | int lookup_flags; |
551 | |
552 | if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0) |
553 | goto out; |
554 | |
555 | lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; |
556 | if (flag & AT_EMPTY_PATH) |
557 | lookup_flags |= LOOKUP_EMPTY; |
558 | error = user_path_at(dfd, filename, lookup_flags, &path); |
559 | if (error) |
560 | goto out; |
561 | error = mnt_want_write(path.mnt); |
562 | if (error) |
563 | goto out_release; |
564 | error = chown_common(&path, user, group); |
565 | mnt_drop_write(path.mnt); |
566 | out_release: |
567 | path_put(&path); |
568 | out: |
569 | return error; |
570 | } |
571 | |
572 | SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group) |
573 | { |
574 | return sys_fchownat(AT_FDCWD, filename, user, group, 0); |
575 | } |
576 | |
577 | SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group) |
578 | { |
579 | return sys_fchownat(AT_FDCWD, filename, user, group, |
580 | AT_SYMLINK_NOFOLLOW); |
581 | } |
582 | |
583 | SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group) |
584 | { |
585 | struct file * file; |
586 | int error = -EBADF; |
587 | struct dentry * dentry; |
588 | |
589 | file = fget(fd); |
590 | if (!file) |
591 | goto out; |
592 | |
593 | error = mnt_want_write_file(file); |
594 | if (error) |
595 | goto out_fput; |
596 | dentry = file->f_path.dentry; |
597 | audit_inode(NULL, dentry); |
598 | error = chown_common(&file->f_path, user, group); |
599 | mnt_drop_write_file(file); |
600 | out_fput: |
601 | fput(file); |
602 | out: |
603 | return error; |
604 | } |
605 | |
606 | /* |
607 | * You have to be very careful that these write |
608 | * counts get cleaned up in error cases and |
609 | * upon __fput(). This should probably never |
610 | * be called outside of __dentry_open(). |
611 | */ |
612 | static inline int __get_file_write_access(struct inode *inode, |
613 | struct vfsmount *mnt) |
614 | { |
615 | int error; |
616 | error = get_write_access(inode); |
617 | if (error) |
618 | return error; |
619 | /* |
620 | * Do not take mount writer counts on |
621 | * special files since no writes to |
622 | * the mount itself will occur. |
623 | */ |
624 | if (!special_file(inode->i_mode)) { |
625 | /* |
626 | * Balanced in __fput() |
627 | */ |
628 | error = __mnt_want_write(mnt); |
629 | if (error) |
630 | put_write_access(inode); |
631 | } |
632 | return error; |
633 | } |
634 | |
635 | int open_check_o_direct(struct file *f) |
636 | { |
637 | /* NB: we're sure to have correct a_ops only after f_op->open */ |
638 | if (f->f_flags & O_DIRECT) { |
639 | if (!f->f_mapping->a_ops || |
640 | ((!f->f_mapping->a_ops->direct_IO) && |
641 | (!f->f_mapping->a_ops->get_xip_mem))) { |
642 | return -EINVAL; |
643 | } |
644 | } |
645 | return 0; |
646 | } |
647 | |
648 | static int do_dentry_open(struct file *f, |
649 | int (*open)(struct inode *, struct file *), |
650 | const struct cred *cred) |
651 | { |
652 | static const struct file_operations empty_fops = {}; |
653 | struct inode *inode; |
654 | int error; |
655 | |
656 | f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK | |
657 | FMODE_PREAD | FMODE_PWRITE; |
658 | |
659 | if (unlikely(f->f_flags & O_PATH)) |
660 | f->f_mode = FMODE_PATH; |
661 | |
662 | path_get(&f->f_path); |
663 | inode = f->f_path.dentry->d_inode; |
664 | if (f->f_mode & FMODE_WRITE) { |
665 | error = __get_file_write_access(inode, f->f_path.mnt); |
666 | if (error) |
667 | goto cleanup_file; |
668 | if (!special_file(inode->i_mode)) |
669 | file_take_write(f); |
670 | } |
671 | |
672 | f->f_mapping = inode->i_mapping; |
673 | f->f_pos = 0; |
674 | file_sb_list_add(f, inode->i_sb); |
675 | |
676 | if (unlikely(f->f_mode & FMODE_PATH)) { |
677 | f->f_op = &empty_fops; |
678 | return 0; |
679 | } |
680 | |
681 | f->f_op = fops_get(inode->i_fop); |
682 | |
683 | error = security_file_open(f, cred); |
684 | if (error) |
685 | goto cleanup_all; |
686 | |
687 | error = break_lease(inode, f->f_flags); |
688 | if (error) |
689 | goto cleanup_all; |
690 | |
691 | if (!open && f->f_op) |
692 | open = f->f_op->open; |
693 | if (open) { |
694 | error = open(inode, f); |
695 | if (error) |
696 | goto cleanup_all; |
697 | } |
698 | if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) |
699 | i_readcount_inc(inode); |
700 | |
701 | f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); |
702 | |
703 | file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping); |
704 | |
705 | return 0; |
706 | |
707 | cleanup_all: |
708 | fops_put(f->f_op); |
709 | file_sb_list_del(f); |
710 | if (f->f_mode & FMODE_WRITE) { |
711 | put_write_access(inode); |
712 | if (!special_file(inode->i_mode)) { |
713 | /* |
714 | * We don't consider this a real |
715 | * mnt_want/drop_write() pair |
716 | * because it all happenend right |
717 | * here, so just reset the state. |
718 | */ |
719 | file_reset_write(f); |
720 | __mnt_drop_write(f->f_path.mnt); |
721 | } |
722 | } |
723 | cleanup_file: |
724 | path_put(&f->f_path); |
725 | f->f_path.mnt = NULL; |
726 | f->f_path.dentry = NULL; |
727 | return error; |
728 | } |
729 | |
730 | /** |
731 | * finish_open - finish opening a file |
732 | * @od: opaque open data |
733 | * @dentry: pointer to dentry |
734 | * @open: open callback |
735 | * |
736 | * This can be used to finish opening a file passed to i_op->atomic_open(). |
737 | * |
738 | * If the open callback is set to NULL, then the standard f_op->open() |
739 | * filesystem callback is substituted. |
740 | */ |
741 | int finish_open(struct file *file, struct dentry *dentry, |
742 | int (*open)(struct inode *, struct file *), |
743 | int *opened) |
744 | { |
745 | int error; |
746 | BUG_ON(*opened & FILE_OPENED); /* once it's opened, it's opened */ |
747 | |
748 | file->f_path.dentry = dentry; |
749 | error = do_dentry_open(file, open, current_cred()); |
750 | if (!error) |
751 | *opened |= FILE_OPENED; |
752 | |
753 | return error; |
754 | } |
755 | EXPORT_SYMBOL(finish_open); |
756 | |
757 | /** |
758 | * finish_no_open - finish ->atomic_open() without opening the file |
759 | * |
760 | * @od: opaque open data |
761 | * @dentry: dentry or NULL (as returned from ->lookup()) |
762 | * |
763 | * This can be used to set the result of a successful lookup in ->atomic_open(). |
764 | * The filesystem's atomic_open() method shall return NULL after calling this. |
765 | */ |
766 | int finish_no_open(struct file *file, struct dentry *dentry) |
767 | { |
768 | file->f_path.dentry = dentry; |
769 | return 1; |
770 | } |
771 | EXPORT_SYMBOL(finish_no_open); |
772 | |
773 | struct file *dentry_open(const struct path *path, int flags, |
774 | const struct cred *cred) |
775 | { |
776 | int error; |
777 | struct file *f; |
778 | |
779 | validate_creds(cred); |
780 | |
781 | /* We must always pass in a valid mount pointer. */ |
782 | BUG_ON(!path->mnt); |
783 | |
784 | error = -ENFILE; |
785 | f = get_empty_filp(); |
786 | if (f == NULL) |
787 | return ERR_PTR(error); |
788 | |
789 | f->f_flags = flags; |
790 | f->f_path = *path; |
791 | error = do_dentry_open(f, NULL, cred); |
792 | if (!error) { |
793 | error = open_check_o_direct(f); |
794 | if (error) { |
795 | fput(f); |
796 | f = ERR_PTR(error); |
797 | } |
798 | } else { |
799 | put_filp(f); |
800 | f = ERR_PTR(error); |
801 | } |
802 | return f; |
803 | } |
804 | EXPORT_SYMBOL(dentry_open); |
805 | |
806 | static void __put_unused_fd(struct files_struct *files, unsigned int fd) |
807 | { |
808 | struct fdtable *fdt = files_fdtable(files); |
809 | __clear_open_fd(fd, fdt); |
810 | if (fd < files->next_fd) |
811 | files->next_fd = fd; |
812 | } |
813 | |
814 | void put_unused_fd(unsigned int fd) |
815 | { |
816 | struct files_struct *files = current->files; |
817 | spin_lock(&files->file_lock); |
818 | __put_unused_fd(files, fd); |
819 | spin_unlock(&files->file_lock); |
820 | } |
821 | |
822 | EXPORT_SYMBOL(put_unused_fd); |
823 | |
824 | /* |
825 | * Install a file pointer in the fd array. |
826 | * |
827 | * The VFS is full of places where we drop the files lock between |
828 | * setting the open_fds bitmap and installing the file in the file |
829 | * array. At any such point, we are vulnerable to a dup2() race |
830 | * installing a file in the array before us. We need to detect this and |
831 | * fput() the struct file we are about to overwrite in this case. |
832 | * |
833 | * It should never happen - if we allow dup2() do it, _really_ bad things |
834 | * will follow. |
835 | */ |
836 | |
837 | void fd_install(unsigned int fd, struct file *file) |
838 | { |
839 | struct files_struct *files = current->files; |
840 | struct fdtable *fdt; |
841 | spin_lock(&files->file_lock); |
842 | fdt = files_fdtable(files); |
843 | BUG_ON(fdt->fd[fd] != NULL); |
844 | rcu_assign_pointer(fdt->fd[fd], file); |
845 | spin_unlock(&files->file_lock); |
846 | } |
847 | |
848 | EXPORT_SYMBOL(fd_install); |
849 | |
850 | static inline int build_open_flags(int flags, umode_t mode, struct open_flags *op) |
851 | { |
852 | int lookup_flags = 0; |
853 | int acc_mode; |
854 | |
855 | if (!(flags & O_CREAT)) |
856 | mode = 0; |
857 | op->mode = mode; |
858 | |
859 | /* Must never be set by userspace */ |
860 | flags &= ~FMODE_NONOTIFY; |
861 | |
862 | /* |
863 | * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only |
864 | * check for O_DSYNC if the need any syncing at all we enforce it's |
865 | * always set instead of having to deal with possibly weird behaviour |
866 | * for malicious applications setting only __O_SYNC. |
867 | */ |
868 | if (flags & __O_SYNC) |
869 | flags |= O_DSYNC; |
870 | |
871 | /* |
872 | * If we have O_PATH in the open flag. Then we |
873 | * cannot have anything other than the below set of flags |
874 | */ |
875 | if (flags & O_PATH) { |
876 | flags &= O_DIRECTORY | O_NOFOLLOW | O_PATH; |
877 | acc_mode = 0; |
878 | } else { |
879 | acc_mode = MAY_OPEN | ACC_MODE(flags); |
880 | } |
881 | |
882 | op->open_flag = flags; |
883 | |
884 | /* O_TRUNC implies we need access checks for write permissions */ |
885 | if (flags & O_TRUNC) |
886 | acc_mode |= MAY_WRITE; |
887 | |
888 | /* Allow the LSM permission hook to distinguish append |
889 | access from general write access. */ |
890 | if (flags & O_APPEND) |
891 | acc_mode |= MAY_APPEND; |
892 | |
893 | op->acc_mode = acc_mode; |
894 | |
895 | op->intent = flags & O_PATH ? 0 : LOOKUP_OPEN; |
896 | |
897 | if (flags & O_CREAT) { |
898 | op->intent |= LOOKUP_CREATE; |
899 | if (flags & O_EXCL) |
900 | op->intent |= LOOKUP_EXCL; |
901 | } |
902 | |
903 | if (flags & O_DIRECTORY) |
904 | lookup_flags |= LOOKUP_DIRECTORY; |
905 | if (!(flags & O_NOFOLLOW)) |
906 | lookup_flags |= LOOKUP_FOLLOW; |
907 | return lookup_flags; |
908 | } |
909 | |
910 | /** |
911 | * filp_open - open file and return file pointer |
912 | * |
913 | * @filename: path to open |
914 | * @flags: open flags as per the open(2) second argument |
915 | * @mode: mode for the new file if O_CREAT is set, else ignored |
916 | * |
917 | * This is the helper to open a file from kernelspace if you really |
918 | * have to. But in generally you should not do this, so please move |
919 | * along, nothing to see here.. |
920 | */ |
921 | struct file *filp_open(const char *filename, int flags, umode_t mode) |
922 | { |
923 | struct open_flags op; |
924 | int lookup = build_open_flags(flags, mode, &op); |
925 | return do_filp_open(AT_FDCWD, filename, &op, lookup); |
926 | } |
927 | EXPORT_SYMBOL(filp_open); |
928 | |
929 | struct file *file_open_root(struct dentry *dentry, struct vfsmount *mnt, |
930 | const char *filename, int flags) |
931 | { |
932 | struct open_flags op; |
933 | int lookup = build_open_flags(flags, 0, &op); |
934 | if (flags & O_CREAT) |
935 | return ERR_PTR(-EINVAL); |
936 | if (!filename && (flags & O_DIRECTORY)) |
937 | if (!dentry->d_inode->i_op->lookup) |
938 | return ERR_PTR(-ENOTDIR); |
939 | return do_file_open_root(dentry, mnt, filename, &op, lookup); |
940 | } |
941 | EXPORT_SYMBOL(file_open_root); |
942 | |
943 | long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) |
944 | { |
945 | struct open_flags op; |
946 | int lookup = build_open_flags(flags, mode, &op); |
947 | char *tmp = getname(filename); |
948 | int fd = PTR_ERR(tmp); |
949 | |
950 | if (!IS_ERR(tmp)) { |
951 | fd = get_unused_fd_flags(flags); |
952 | if (fd >= 0) { |
953 | struct file *f = do_filp_open(dfd, tmp, &op, lookup); |
954 | if (IS_ERR(f)) { |
955 | put_unused_fd(fd); |
956 | fd = PTR_ERR(f); |
957 | } else { |
958 | fsnotify_open(f); |
959 | fd_install(fd, f); |
960 | } |
961 | } |
962 | putname(tmp); |
963 | } |
964 | return fd; |
965 | } |
966 | |
967 | SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode) |
968 | { |
969 | long ret; |
970 | |
971 | if (force_o_largefile()) |
972 | flags |= O_LARGEFILE; |
973 | |
974 | ret = do_sys_open(AT_FDCWD, filename, flags, mode); |
975 | /* avoid REGPARM breakage on x86: */ |
976 | asmlinkage_protect(3, ret, filename, flags, mode); |
977 | return ret; |
978 | } |
979 | |
980 | SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, |
981 | umode_t, mode) |
982 | { |
983 | long ret; |
984 | |
985 | if (force_o_largefile()) |
986 | flags |= O_LARGEFILE; |
987 | |
988 | ret = do_sys_open(dfd, filename, flags, mode); |
989 | /* avoid REGPARM breakage on x86: */ |
990 | asmlinkage_protect(4, ret, dfd, filename, flags, mode); |
991 | return ret; |
992 | } |
993 | |
994 | #ifndef __alpha__ |
995 | |
996 | /* |
997 | * For backward compatibility? Maybe this should be moved |
998 | * into arch/i386 instead? |
999 | */ |
1000 | SYSCALL_DEFINE2(creat, const char __user *, pathname, umode_t, mode) |
1001 | { |
1002 | return sys_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode); |
1003 | } |
1004 | |
1005 | #endif |
1006 | |
1007 | /* |
1008 | * "id" is the POSIX thread ID. We use the |
1009 | * files pointer for this.. |
1010 | */ |
1011 | int filp_close(struct file *filp, fl_owner_t id) |
1012 | { |
1013 | int retval = 0; |
1014 | |
1015 | if (!file_count(filp)) { |
1016 | printk(KERN_ERR "VFS: Close: file count is 0\n"); |
1017 | return 0; |
1018 | } |
1019 | |
1020 | if (filp->f_op && filp->f_op->flush) |
1021 | retval = filp->f_op->flush(filp, id); |
1022 | |
1023 | if (likely(!(filp->f_mode & FMODE_PATH))) { |
1024 | dnotify_flush(filp, id); |
1025 | locks_remove_posix(filp, id); |
1026 | } |
1027 | fput(filp); |
1028 | return retval; |
1029 | } |
1030 | |
1031 | EXPORT_SYMBOL(filp_close); |
1032 | |
1033 | /* |
1034 | * Careful here! We test whether the file pointer is NULL before |
1035 | * releasing the fd. This ensures that one clone task can't release |
1036 | * an fd while another clone is opening it. |
1037 | */ |
1038 | SYSCALL_DEFINE1(close, unsigned int, fd) |
1039 | { |
1040 | struct file * filp; |
1041 | struct files_struct *files = current->files; |
1042 | struct fdtable *fdt; |
1043 | int retval; |
1044 | |
1045 | spin_lock(&files->file_lock); |
1046 | fdt = files_fdtable(files); |
1047 | if (fd >= fdt->max_fds) |
1048 | goto out_unlock; |
1049 | filp = fdt->fd[fd]; |
1050 | if (!filp) |
1051 | goto out_unlock; |
1052 | rcu_assign_pointer(fdt->fd[fd], NULL); |
1053 | __clear_close_on_exec(fd, fdt); |
1054 | __put_unused_fd(files, fd); |
1055 | spin_unlock(&files->file_lock); |
1056 | retval = filp_close(filp, files); |
1057 | |
1058 | /* can't restart close syscall because file table entry was cleared */ |
1059 | if (unlikely(retval == -ERESTARTSYS || |
1060 | retval == -ERESTARTNOINTR || |
1061 | retval == -ERESTARTNOHAND || |
1062 | retval == -ERESTART_RESTARTBLOCK)) |
1063 | retval = -EINTR; |
1064 | |
1065 | return retval; |
1066 | |
1067 | out_unlock: |
1068 | spin_unlock(&files->file_lock); |
1069 | return -EBADF; |
1070 | } |
1071 | EXPORT_SYMBOL(sys_close); |
1072 | |
1073 | /* |
1074 | * This routine simulates a hangup on the tty, to arrange that users |
1075 | * are given clean terminals at login time. |
1076 | */ |
1077 | SYSCALL_DEFINE0(vhangup) |
1078 | { |
1079 | if (capable(CAP_SYS_TTY_CONFIG)) { |
1080 | tty_vhangup_self(); |
1081 | return 0; |
1082 | } |
1083 | return -EPERM; |
1084 | } |
1085 | |
1086 | /* |
1087 | * Called when an inode is about to be open. |
1088 | * We use this to disallow opening large files on 32bit systems if |
1089 | * the caller didn't specify O_LARGEFILE. On 64bit systems we force |
1090 | * on this flag in sys_open. |
1091 | */ |
1092 | int generic_file_open(struct inode * inode, struct file * filp) |
1093 | { |
1094 | if (!(filp->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS) |
1095 | return -EOVERFLOW; |
1096 | return 0; |
1097 | } |
1098 | |
1099 | EXPORT_SYMBOL(generic_file_open); |
1100 | |
1101 | /* |
1102 | * This is used by subsystems that don't want seekable |
1103 | * file descriptors. The function is not supposed to ever fail, the only |
1104 | * reason it returns an 'int' and not 'void' is so that it can be plugged |
1105 | * directly into file_operations structure. |
1106 | */ |
1107 | int nonseekable_open(struct inode *inode, struct file *filp) |
1108 | { |
1109 | filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE); |
1110 | return 0; |
1111 | } |
1112 | |
1113 | EXPORT_SYMBOL(nonseekable_open); |
1114 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9