4 * Copyright (C) 1991, 1992 Linus Torvalds
7 #include <linux/string.h>
9 #include <linux/file.h>
10 #include <linux/fdtable.h>
11 #include <linux/fsnotify.h>
12 #include <linux/module.h>
13 #include <linux/tty.h>
14 #include <linux/namei.h>
15 #include <linux/backing-dev.h>
16 #include <linux/capability.h>
17 #include <linux/securebits.h>
18 #include <linux/security.h>
19 #include <linux/mount.h>
20 #include <linux/fcntl.h>
21 #include <linux/slab.h>
22 #include <linux/uaccess.h>
24 #include <linux/personality.h>
25 #include <linux/pagemap.h>
26 #include <linux/syscalls.h>
27 #include <linux/rcupdate.h>
28 #include <linux/audit.h>
29 #include <linux/falloc.h>
30 #include <linux/fs_struct.h>
31 #include <linux/ima.h>
32 #include <linux/dnotify.h>
33 #include <linux/compat.h>
37 #define CREATE_TRACE_POINTS
38 #include <trace/events/fs.h>
40 int do_truncate(struct dentry
*dentry
, loff_t length
, unsigned int time_attrs
,
44 struct iattr newattrs
;
46 /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */
50 newattrs
.ia_size
= length
;
51 newattrs
.ia_valid
= ATTR_SIZE
| time_attrs
;
53 newattrs
.ia_file
= filp
;
54 newattrs
.ia_valid
|= ATTR_FILE
;
57 /* Remove suid, sgid, and file capabilities on truncate too */
58 ret
= dentry_needs_remove_privs(dentry
);
62 newattrs
.ia_valid
|= ret
| ATTR_FORCE
;
64 inode_lock(dentry
->d_inode
);
65 /* Note any delegations or leases have already been broken: */
66 ret
= notify_change(dentry
, &newattrs
, NULL
);
67 inode_unlock(dentry
->d_inode
);
71 long vfs_truncate(const struct path
*path
, loff_t length
)
74 struct dentry
*upperdentry
;
77 inode
= path
->dentry
->d_inode
;
79 /* For directories it's -EISDIR, for other non-regulars - -EINVAL */
80 if (S_ISDIR(inode
->i_mode
))
82 if (!S_ISREG(inode
->i_mode
))
85 error
= mnt_want_write(path
->mnt
);
89 error
= inode_permission(inode
, MAY_WRITE
);
91 goto mnt_drop_write_and_out
;
95 goto mnt_drop_write_and_out
;
98 * If this is an overlayfs then do as if opening the file so we get
99 * write access on the upper inode, not on the overlay inode. For
100 * non-overlay filesystems d_real() is an identity function.
102 upperdentry
= d_real(path
->dentry
, NULL
, O_WRONLY
, 0);
103 error
= PTR_ERR(upperdentry
);
104 if (IS_ERR(upperdentry
))
105 goto mnt_drop_write_and_out
;
107 error
= get_write_access(upperdentry
->d_inode
);
109 goto mnt_drop_write_and_out
;
112 * Make sure that there are no leases. get_write_access() protects
113 * against the truncate racing with a lease-granting setlease().
115 error
= break_lease(inode
, O_WRONLY
);
117 goto put_write_and_out
;
119 error
= locks_verify_truncate(inode
, NULL
, length
);
121 error
= security_path_truncate(path
);
123 error
= do_truncate(path
->dentry
, length
, 0, NULL
);
126 put_write_access(upperdentry
->d_inode
);
127 mnt_drop_write_and_out
:
128 mnt_drop_write(path
->mnt
);
132 EXPORT_SYMBOL_GPL(vfs_truncate
);
134 static long do_sys_truncate(const char __user
*pathname
, loff_t length
)
136 unsigned int lookup_flags
= LOOKUP_FOLLOW
;
140 if (length
< 0) /* sorry, but loff_t says... */
144 error
= user_path_at(AT_FDCWD
, pathname
, lookup_flags
, &path
);
146 error
= vfs_truncate(&path
, length
);
149 if (retry_estale(error
, lookup_flags
)) {
150 lookup_flags
|= LOOKUP_REVAL
;
156 SYSCALL_DEFINE2(truncate
, const char __user
*, path
, long, length
)
158 return do_sys_truncate(path
, length
);
162 COMPAT_SYSCALL_DEFINE2(truncate
, const char __user
*, path
, compat_off_t
, length
)
164 return do_sys_truncate(path
, length
);
168 static long do_sys_ftruncate(unsigned int fd
, loff_t length
, int small
)
171 struct dentry
*dentry
;
183 /* explicitly opened as large or we are on 64-bit box */
184 if (f
.file
->f_flags
& O_LARGEFILE
)
187 dentry
= f
.file
->f_path
.dentry
;
188 inode
= dentry
->d_inode
;
190 if (!S_ISREG(inode
->i_mode
) || !(f
.file
->f_mode
& FMODE_WRITE
))
194 /* Cannot ftruncate over 2^31 bytes without large file support */
195 if (small
&& length
> MAX_NON_LFS
)
199 /* Check IS_APPEND on real upper inode */
200 if (IS_APPEND(file_inode(f
.file
)))
203 sb_start_write(inode
->i_sb
);
204 error
= locks_verify_truncate(inode
, f
.file
, length
);
206 error
= security_path_truncate(&f
.file
->f_path
);
208 error
= do_truncate(dentry
, length
, ATTR_MTIME
|ATTR_CTIME
, f
.file
);
209 sb_end_write(inode
->i_sb
);
216 SYSCALL_DEFINE2(ftruncate
, unsigned int, fd
, unsigned long, length
)
218 return do_sys_ftruncate(fd
, length
, 1);
222 COMPAT_SYSCALL_DEFINE2(ftruncate
, unsigned int, fd
, compat_ulong_t
, length
)
224 return do_sys_ftruncate(fd
, length
, 1);
228 /* LFS versions of truncate are only needed on 32 bit machines */
229 #if BITS_PER_LONG == 32
230 SYSCALL_DEFINE2(truncate64
, const char __user
*, path
, loff_t
, length
)
232 return do_sys_truncate(path
, length
);
235 SYSCALL_DEFINE2(ftruncate64
, unsigned int, fd
, loff_t
, length
)
237 return do_sys_ftruncate(fd
, length
, 0);
239 #endif /* BITS_PER_LONG == 32 */
242 int vfs_fallocate(struct file
*file
, int mode
, loff_t offset
, loff_t len
)
244 struct inode
*inode
= file_inode(file
);
247 if (offset
< 0 || len
<= 0)
250 /* Return error if mode is not supported */
251 if (mode
& ~FALLOC_FL_SUPPORTED_MASK
)
254 /* Punch hole and zero range are mutually exclusive */
255 if ((mode
& (FALLOC_FL_PUNCH_HOLE
| FALLOC_FL_ZERO_RANGE
)) ==
256 (FALLOC_FL_PUNCH_HOLE
| FALLOC_FL_ZERO_RANGE
))
259 /* Punch hole must have keep size set */
260 if ((mode
& FALLOC_FL_PUNCH_HOLE
) &&
261 !(mode
& FALLOC_FL_KEEP_SIZE
))
264 /* Collapse range should only be used exclusively. */
265 if ((mode
& FALLOC_FL_COLLAPSE_RANGE
) &&
266 (mode
& ~FALLOC_FL_COLLAPSE_RANGE
))
269 /* Insert range should only be used exclusively. */
270 if ((mode
& FALLOC_FL_INSERT_RANGE
) &&
271 (mode
& ~FALLOC_FL_INSERT_RANGE
))
274 /* Unshare range should only be used with allocate mode. */
275 if ((mode
& FALLOC_FL_UNSHARE_RANGE
) &&
276 (mode
& ~(FALLOC_FL_UNSHARE_RANGE
| FALLOC_FL_KEEP_SIZE
)))
279 if (!(file
->f_mode
& FMODE_WRITE
))
283 * We can only allow pure fallocate on append only files
285 if ((mode
& ~FALLOC_FL_KEEP_SIZE
) && IS_APPEND(inode
))
288 if (IS_IMMUTABLE(inode
))
292 * We cannot allow any fallocate operation on an active swapfile
294 if (IS_SWAPFILE(inode
))
298 * Revalidate the write permissions, in case security policy has
299 * changed since the files were opened.
301 ret
= security_file_permission(file
, MAY_WRITE
);
305 if (S_ISFIFO(inode
->i_mode
))
308 if (S_ISDIR(inode
->i_mode
))
311 if (!S_ISREG(inode
->i_mode
) && !S_ISBLK(inode
->i_mode
))
314 /* Check for wrap through zero too */
315 if (((offset
+ len
) > inode
->i_sb
->s_maxbytes
) || ((offset
+ len
) < 0))
318 if (!file
->f_op
->fallocate
)
321 file_start_write(file
);
322 ret
= file
->f_op
->fallocate(file
, mode
, offset
, len
);
325 * Create inotify and fanotify events.
327 * To keep the logic simple always create events if fallocate succeeds.
328 * This implies that events are even created if the file size remains
329 * unchanged, e.g. when using flag FALLOC_FL_KEEP_SIZE.
332 fsnotify_modify(file
);
334 file_end_write(file
);
337 EXPORT_SYMBOL_GPL(vfs_fallocate
);
339 SYSCALL_DEFINE4(fallocate
, int, fd
, int, mode
, loff_t
, offset
, loff_t
, len
)
341 struct fd f
= fdget(fd
);
345 error
= vfs_fallocate(f
.file
, mode
, offset
, len
);
352 * access() needs to use the real uid/gid, not the effective uid/gid.
353 * We do this by temporarily clearing all FS-related capabilities and
354 * switching the fsuid/fsgid around to the real ones.
356 SYSCALL_DEFINE3(faccessat
, int, dfd
, const char __user
*, filename
, int, mode
)
358 const struct cred
*old_cred
;
359 struct cred
*override_cred
;
363 unsigned int lookup_flags
= LOOKUP_FOLLOW
;
365 if (mode
& ~S_IRWXO
) /* where's F_OK, X_OK, W_OK, R_OK? */
368 override_cred
= prepare_creds();
372 override_cred
->fsuid
= override_cred
->uid
;
373 override_cred
->fsgid
= override_cred
->gid
;
375 if (!issecure(SECURE_NO_SETUID_FIXUP
)) {
376 /* Clear the capabilities if we switch to a non-root user */
377 kuid_t root_uid
= make_kuid(override_cred
->user_ns
, 0);
378 if (!uid_eq(override_cred
->uid
, root_uid
))
379 cap_clear(override_cred
->cap_effective
);
381 override_cred
->cap_effective
=
382 override_cred
->cap_permitted
;
385 old_cred
= override_creds(override_cred
);
387 res
= user_path_at(dfd
, filename
, lookup_flags
, &path
);
391 inode
= d_backing_inode(path
.dentry
);
393 if ((mode
& MAY_EXEC
) && S_ISREG(inode
->i_mode
)) {
395 * MAY_EXEC on regular files is denied if the fs is mounted
396 * with the "noexec" flag.
399 if (path_noexec(&path
))
400 goto out_path_release
;
403 res
= inode_permission(inode
, mode
| MAY_ACCESS
);
404 /* SuS v2 requires we report a read only fs too */
405 if (res
|| !(mode
& S_IWOTH
) || special_file(inode
->i_mode
))
406 goto out_path_release
;
408 * This is a rare case where using __mnt_is_readonly()
409 * is OK without a mnt_want/drop_write() pair. Since
410 * no actual write to the fs is performed here, we do
411 * not need to telegraph to that to anyone.
413 * By doing this, we accept that this access is
414 * inherently racy and know that the fs may change
415 * state before we even see this result.
417 if (__mnt_is_readonly(path
.mnt
))
422 if (retry_estale(res
, lookup_flags
)) {
423 lookup_flags
|= LOOKUP_REVAL
;
427 revert_creds(old_cred
);
428 put_cred(override_cred
);
432 SYSCALL_DEFINE2(access
, const char __user
*, filename
, int, mode
)
434 return sys_faccessat(AT_FDCWD
, filename
, mode
);
437 SYSCALL_DEFINE1(chdir
, const char __user
*, filename
)
441 unsigned int lookup_flags
= LOOKUP_FOLLOW
| LOOKUP_DIRECTORY
;
443 error
= user_path_at(AT_FDCWD
, filename
, lookup_flags
, &path
);
447 error
= inode_permission(path
.dentry
->d_inode
, MAY_EXEC
| MAY_CHDIR
);
451 set_fs_pwd(current
->fs
, &path
);
455 if (retry_estale(error
, lookup_flags
)) {
456 lookup_flags
|= LOOKUP_REVAL
;
463 SYSCALL_DEFINE1(fchdir
, unsigned int, fd
)
465 struct fd f
= fdget_raw(fd
);
473 if (!d_can_lookup(f
.file
->f_path
.dentry
))
476 error
= inode_permission(file_inode(f
.file
), MAY_EXEC
| MAY_CHDIR
);
478 set_fs_pwd(current
->fs
, &f
.file
->f_path
);
485 SYSCALL_DEFINE1(chroot
, const char __user
*, filename
)
489 unsigned int lookup_flags
= LOOKUP_FOLLOW
| LOOKUP_DIRECTORY
;
491 error
= user_path_at(AT_FDCWD
, filename
, lookup_flags
, &path
);
495 error
= inode_permission(path
.dentry
->d_inode
, MAY_EXEC
| MAY_CHDIR
);
500 if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT
))
502 error
= security_path_chroot(&path
);
506 set_fs_root(current
->fs
, &path
);
510 if (retry_estale(error
, lookup_flags
)) {
511 lookup_flags
|= LOOKUP_REVAL
;
518 static int chmod_common(const struct path
*path
, umode_t mode
)
520 struct inode
*inode
= path
->dentry
->d_inode
;
521 struct inode
*delegated_inode
= NULL
;
522 struct iattr newattrs
;
525 error
= mnt_want_write(path
->mnt
);
530 error
= security_path_chmod(path
, mode
);
533 newattrs
.ia_mode
= (mode
& S_IALLUGO
) | (inode
->i_mode
& ~S_IALLUGO
);
534 newattrs
.ia_valid
= ATTR_MODE
| ATTR_CTIME
;
535 error
= notify_change(path
->dentry
, &newattrs
, &delegated_inode
);
538 if (delegated_inode
) {
539 error
= break_deleg_wait(&delegated_inode
);
543 mnt_drop_write(path
->mnt
);
547 SYSCALL_DEFINE2(fchmod
, unsigned int, fd
, umode_t
, mode
)
549 struct fd f
= fdget(fd
);
554 err
= chmod_common(&f
.file
->f_path
, mode
);
560 SYSCALL_DEFINE3(fchmodat
, int, dfd
, const char __user
*, filename
, umode_t
, mode
)
564 unsigned int lookup_flags
= LOOKUP_FOLLOW
;
566 error
= user_path_at(dfd
, filename
, lookup_flags
, &path
);
568 error
= chmod_common(&path
, mode
);
570 if (retry_estale(error
, lookup_flags
)) {
571 lookup_flags
|= LOOKUP_REVAL
;
578 SYSCALL_DEFINE2(chmod
, const char __user
*, filename
, umode_t
, mode
)
580 return sys_fchmodat(AT_FDCWD
, filename
, mode
);
583 static int chown_common(const struct path
*path
, uid_t user
, gid_t group
)
585 struct inode
*inode
= path
->dentry
->d_inode
;
586 struct inode
*delegated_inode
= NULL
;
588 struct iattr newattrs
;
592 uid
= make_kuid(current_user_ns(), user
);
593 gid
= make_kgid(current_user_ns(), group
);
596 newattrs
.ia_valid
= ATTR_CTIME
;
597 if (user
!= (uid_t
) -1) {
600 newattrs
.ia_valid
|= ATTR_UID
;
601 newattrs
.ia_uid
= uid
;
603 if (group
!= (gid_t
) -1) {
606 newattrs
.ia_valid
|= ATTR_GID
;
607 newattrs
.ia_gid
= gid
;
609 if (!S_ISDIR(inode
->i_mode
))
611 ATTR_KILL_SUID
| ATTR_KILL_SGID
| ATTR_KILL_PRIV
;
613 error
= security_path_chown(path
, uid
, gid
);
615 error
= notify_change(path
->dentry
, &newattrs
, &delegated_inode
);
617 if (delegated_inode
) {
618 error
= break_deleg_wait(&delegated_inode
);
625 SYSCALL_DEFINE5(fchownat
, int, dfd
, const char __user
*, filename
, uid_t
, user
,
626 gid_t
, group
, int, flag
)
632 if ((flag
& ~(AT_SYMLINK_NOFOLLOW
| AT_EMPTY_PATH
)) != 0)
635 lookup_flags
= (flag
& AT_SYMLINK_NOFOLLOW
) ? 0 : LOOKUP_FOLLOW
;
636 if (flag
& AT_EMPTY_PATH
)
637 lookup_flags
|= LOOKUP_EMPTY
;
639 error
= user_path_at(dfd
, filename
, lookup_flags
, &path
);
642 error
= mnt_want_write(path
.mnt
);
645 error
= chown_common(&path
, user
, group
);
646 mnt_drop_write(path
.mnt
);
649 if (retry_estale(error
, lookup_flags
)) {
650 lookup_flags
|= LOOKUP_REVAL
;
657 SYSCALL_DEFINE3(chown
, const char __user
*, filename
, uid_t
, user
, gid_t
, group
)
659 return sys_fchownat(AT_FDCWD
, filename
, user
, group
, 0);
662 SYSCALL_DEFINE3(lchown
, const char __user
*, filename
, uid_t
, user
, gid_t
, group
)
664 return sys_fchownat(AT_FDCWD
, filename
, user
, group
,
665 AT_SYMLINK_NOFOLLOW
);
668 SYSCALL_DEFINE3(fchown
, unsigned int, fd
, uid_t
, user
, gid_t
, group
)
670 struct fd f
= fdget(fd
);
676 error
= mnt_want_write_file_path(f
.file
);
680 error
= chown_common(&f
.file
->f_path
, user
, group
);
681 mnt_drop_write_file_path(f
.file
);
688 int open_check_o_direct(struct file
*f
)
690 /* NB: we're sure to have correct a_ops only after f_op->open */
691 if (f
->f_flags
& O_DIRECT
) {
692 if (!f
->f_mapping
->a_ops
|| !f
->f_mapping
->a_ops
->direct_IO
)
698 static int do_dentry_open(struct file
*f
,
700 int (*open
)(struct inode
*, struct file
*),
701 const struct cred
*cred
)
703 static const struct file_operations empty_fops
= {};
706 f
->f_mode
= OPEN_FMODE(f
->f_flags
) | FMODE_LSEEK
|
707 FMODE_PREAD
| FMODE_PWRITE
;
709 path_get(&f
->f_path
);
711 f
->f_mapping
= inode
->i_mapping
;
713 /* Ensure that we skip any errors that predate opening of the file */
714 f
->f_wb_err
= filemap_sample_wb_err(f
->f_mapping
);
716 if (unlikely(f
->f_flags
& O_PATH
)) {
717 f
->f_mode
= FMODE_PATH
;
718 f
->f_op
= &empty_fops
;
722 if (f
->f_mode
& FMODE_WRITE
&& !special_file(inode
->i_mode
)) {
723 error
= get_write_access(inode
);
726 error
= __mnt_want_write(f
->f_path
.mnt
);
727 if (unlikely(error
)) {
728 put_write_access(inode
);
731 f
->f_mode
|= FMODE_WRITER
;
734 /* POSIX.1-2008/SUSv4 Section XSI 2.9.7 */
735 if (S_ISREG(inode
->i_mode
) || S_ISDIR(inode
->i_mode
))
736 f
->f_mode
|= FMODE_ATOMIC_POS
;
738 f
->f_op
= fops_get(inode
->i_fop
);
739 if (unlikely(WARN_ON(!f
->f_op
))) {
744 error
= security_file_open(f
, cred
);
748 error
= break_lease(locks_inode(f
), f
->f_flags
);
753 open
= f
->f_op
->open
;
755 error
= open(inode
, f
);
759 if ((f
->f_mode
& (FMODE_READ
| FMODE_WRITE
)) == FMODE_READ
)
760 i_readcount_inc(inode
);
761 if ((f
->f_mode
& FMODE_READ
) &&
762 likely(f
->f_op
->read
|| f
->f_op
->read_iter
))
763 f
->f_mode
|= FMODE_CAN_READ
;
764 if ((f
->f_mode
& FMODE_WRITE
) &&
765 likely(f
->f_op
->write
|| f
->f_op
->write_iter
))
766 f
->f_mode
|= FMODE_CAN_WRITE
;
768 f
->f_write_hint
= WRITE_LIFE_NOT_SET
;
769 f
->f_flags
&= ~(O_CREAT
| O_EXCL
| O_NOCTTY
| O_TRUNC
);
771 file_ra_state_init(&f
->f_ra
, f
->f_mapping
->host
->i_mapping
);
777 if (f
->f_mode
& FMODE_WRITER
) {
778 put_write_access(inode
);
779 __mnt_drop_write(f
->f_path
.mnt
);
782 path_put(&f
->f_path
);
783 f
->f_path
.mnt
= NULL
;
784 f
->f_path
.dentry
= NULL
;
790 * finish_open - finish opening a file
791 * @file: file pointer
792 * @dentry: pointer to dentry
793 * @open: open callback
794 * @opened: state of open
796 * This can be used to finish opening a file passed to i_op->atomic_open().
798 * If the open callback is set to NULL, then the standard f_op->open()
799 * filesystem callback is substituted.
801 * NB: the dentry reference is _not_ consumed. If, for example, the dentry is
802 * the return value of d_splice_alias(), then the caller needs to perform dput()
803 * on it after finish_open().
805 * On successful return @file is a fully instantiated open file. After this, if
806 * an error occurs in ->atomic_open(), it needs to clean up with fput().
808 * Returns zero on success or -errno if the open failed.
810 int finish_open(struct file
*file
, struct dentry
*dentry
,
811 int (*open
)(struct inode
*, struct file
*),
815 BUG_ON(*opened
& FILE_OPENED
); /* once it's opened, it's opened */
817 file
->f_path
.dentry
= dentry
;
818 error
= do_dentry_open(file
, d_backing_inode(dentry
), open
,
821 *opened
|= FILE_OPENED
;
825 EXPORT_SYMBOL(finish_open
);
828 * finish_no_open - finish ->atomic_open() without opening the file
830 * @file: file pointer
831 * @dentry: dentry or NULL (as returned from ->lookup())
833 * This can be used to set the result of a successful lookup in ->atomic_open().
835 * NB: unlike finish_open() this function does consume the dentry reference and
836 * the caller need not dput() it.
838 * Returns "1" which must be the return value of ->atomic_open() after having
839 * called this function.
841 int finish_no_open(struct file
*file
, struct dentry
*dentry
)
843 file
->f_path
.dentry
= dentry
;
846 EXPORT_SYMBOL(finish_no_open
);
848 char *file_path(struct file
*filp
, char *buf
, int buflen
)
850 return d_path(&filp
->f_path
, buf
, buflen
);
852 EXPORT_SYMBOL(file_path
);
855 * vfs_open - open the file at the given path
856 * @path: path to open
857 * @file: newly allocated file with f_flag initialized
858 * @cred: credentials to use
860 int vfs_open(const struct path
*path
, struct file
*file
,
861 const struct cred
*cred
)
863 struct dentry
*dentry
= d_real(path
->dentry
, NULL
, file
->f_flags
, 0);
866 return PTR_ERR(dentry
);
868 file
->f_path
= *path
;
869 return do_dentry_open(file
, d_backing_inode(dentry
), NULL
, cred
);
872 struct file
*dentry_open(const struct path
*path
, int flags
,
873 const struct cred
*cred
)
878 validate_creds(cred
);
880 /* We must always pass in a valid mount pointer. */
883 f
= get_empty_filp();
886 error
= vfs_open(path
, f
, cred
);
888 /* from now on we need fput() to dispose of f */
889 error
= open_check_o_direct(f
);
901 EXPORT_SYMBOL(dentry_open
);
903 static inline int build_open_flags(int flags
, umode_t mode
, struct open_flags
*op
)
905 int lookup_flags
= 0;
906 int acc_mode
= ACC_MODE(flags
);
909 * Clear out all open flags we don't know about so that we don't report
910 * them in fcntl(F_GETFD) or similar interfaces.
912 flags
&= VALID_OPEN_FLAGS
;
914 if (flags
& (O_CREAT
| __O_TMPFILE
))
915 op
->mode
= (mode
& S_IALLUGO
) | S_IFREG
;
919 /* Must never be set by userspace */
920 flags
&= ~FMODE_NONOTIFY
& ~O_CLOEXEC
;
923 * O_SYNC is implemented as __O_SYNC|O_DSYNC. As many places only
924 * check for O_DSYNC if the need any syncing at all we enforce it's
925 * always set instead of having to deal with possibly weird behaviour
926 * for malicious applications setting only __O_SYNC.
928 if (flags
& __O_SYNC
)
931 if (flags
& __O_TMPFILE
) {
932 if ((flags
& O_TMPFILE_MASK
) != O_TMPFILE
)
934 if (!(acc_mode
& MAY_WRITE
))
936 } else if (flags
& O_PATH
) {
938 * If we have O_PATH in the open flag. Then we
939 * cannot have anything other than the below set of flags
941 flags
&= O_DIRECTORY
| O_NOFOLLOW
| O_PATH
;
945 op
->open_flag
= flags
;
947 /* O_TRUNC implies we need access checks for write permissions */
949 acc_mode
|= MAY_WRITE
;
951 /* Allow the LSM permission hook to distinguish append
952 access from general write access. */
953 if (flags
& O_APPEND
)
954 acc_mode
|= MAY_APPEND
;
956 op
->acc_mode
= acc_mode
;
958 op
->intent
= flags
& O_PATH
? 0 : LOOKUP_OPEN
;
960 if (flags
& O_CREAT
) {
961 op
->intent
|= LOOKUP_CREATE
;
963 op
->intent
|= LOOKUP_EXCL
;
966 if (flags
& O_DIRECTORY
)
967 lookup_flags
|= LOOKUP_DIRECTORY
;
968 if (!(flags
& O_NOFOLLOW
))
969 lookup_flags
|= LOOKUP_FOLLOW
;
970 op
->lookup_flags
= lookup_flags
;
975 * file_open_name - open file and return file pointer
977 * @name: struct filename containing path to open
978 * @flags: open flags as per the open(2) second argument
979 * @mode: mode for the new file if O_CREAT is set, else ignored
981 * This is the helper to open a file from kernelspace if you really
982 * have to. But in generally you should not do this, so please move
983 * along, nothing to see here..
985 struct file
*file_open_name(struct filename
*name
, int flags
, umode_t mode
)
987 struct open_flags op
;
988 int err
= build_open_flags(flags
, mode
, &op
);
989 return err
? ERR_PTR(err
) : do_filp_open(AT_FDCWD
, name
, &op
);
993 * filp_open - open file and return file pointer
995 * @filename: path to open
996 * @flags: open flags as per the open(2) second argument
997 * @mode: mode for the new file if O_CREAT is set, else ignored
999 * This is the helper to open a file from kernelspace if you really
1000 * have to. But in generally you should not do this, so please move
1001 * along, nothing to see here..
1003 struct file
*filp_open(const char *filename
, int flags
, umode_t mode
)
1005 struct filename
*name
= getname_kernel(filename
);
1006 struct file
*file
= ERR_CAST(name
);
1008 if (!IS_ERR(name
)) {
1009 file
= file_open_name(name
, flags
, mode
);
1014 EXPORT_SYMBOL(filp_open
);
1016 struct file
*file_open_root(struct dentry
*dentry
, struct vfsmount
*mnt
,
1017 const char *filename
, int flags
, umode_t mode
)
1019 struct open_flags op
;
1020 int err
= build_open_flags(flags
, mode
, &op
);
1022 return ERR_PTR(err
);
1023 return do_file_open_root(dentry
, mnt
, filename
, &op
);
1025 EXPORT_SYMBOL(file_open_root
);
1027 struct file
*filp_clone_open(struct file
*oldfile
)
1032 file
= get_empty_filp();
1036 file
->f_flags
= oldfile
->f_flags
;
1037 retval
= vfs_open(&oldfile
->f_path
, file
, oldfile
->f_cred
);
1040 return ERR_PTR(retval
);
1045 EXPORT_SYMBOL(filp_clone_open
);
1047 long do_sys_open(int dfd
, const char __user
*filename
, int flags
, umode_t mode
)
1049 struct open_flags op
;
1050 int fd
= build_open_flags(flags
, mode
, &op
);
1051 struct filename
*tmp
;
1056 tmp
= getname(filename
);
1058 return PTR_ERR(tmp
);
1060 fd
= get_unused_fd_flags(flags
);
1062 struct file
*f
= do_filp_open(dfd
, tmp
, &op
);
1069 trace_do_sys_open(tmp
->name
, flags
, mode
);
1076 SYSCALL_DEFINE3(open
, const char __user
*, filename
, int, flags
, umode_t
, mode
)
1078 if (force_o_largefile())
1079 flags
|= O_LARGEFILE
;
1081 return do_sys_open(AT_FDCWD
, filename
, flags
, mode
);
1084 SYSCALL_DEFINE4(openat
, int, dfd
, const char __user
*, filename
, int, flags
,
1087 if (force_o_largefile())
1088 flags
|= O_LARGEFILE
;
1090 return do_sys_open(dfd
, filename
, flags
, mode
);
1093 #ifdef CONFIG_COMPAT
1095 * Exactly like sys_open(), except that it doesn't set the
1098 COMPAT_SYSCALL_DEFINE3(open
, const char __user
*, filename
, int, flags
, umode_t
, mode
)
1100 return do_sys_open(AT_FDCWD
, filename
, flags
, mode
);
1104 * Exactly like sys_openat(), except that it doesn't set the
1107 COMPAT_SYSCALL_DEFINE4(openat
, int, dfd
, const char __user
*, filename
, int, flags
, umode_t
, mode
)
1109 return do_sys_open(dfd
, filename
, flags
, mode
);
1116 * For backward compatibility? Maybe this should be moved
1117 * into arch/i386 instead?
1119 SYSCALL_DEFINE2(creat
, const char __user
*, pathname
, umode_t
, mode
)
1121 return sys_open(pathname
, O_CREAT
| O_WRONLY
| O_TRUNC
, mode
);
1127 * "id" is the POSIX thread ID. We use the
1128 * files pointer for this..
1130 int filp_close(struct file
*filp
, fl_owner_t id
)
1134 if (!file_count(filp
)) {
1135 printk(KERN_ERR
"VFS: Close: file count is 0\n");
1139 if (filp
->f_op
->flush
)
1140 retval
= filp
->f_op
->flush(filp
, id
);
1142 if (likely(!(filp
->f_mode
& FMODE_PATH
))) {
1143 dnotify_flush(filp
, id
);
1144 locks_remove_posix(filp
, id
);
1150 EXPORT_SYMBOL(filp_close
);
1153 * Careful here! We test whether the file pointer is NULL before
1154 * releasing the fd. This ensures that one clone task can't release
1155 * an fd while another clone is opening it.
1157 SYSCALL_DEFINE1(close
, unsigned int, fd
)
1159 int retval
= __close_fd(current
->files
, fd
);
1161 /* can't restart close syscall because file table entry was cleared */
1162 if (unlikely(retval
== -ERESTARTSYS
||
1163 retval
== -ERESTARTNOINTR
||
1164 retval
== -ERESTARTNOHAND
||
1165 retval
== -ERESTART_RESTARTBLOCK
))
1170 EXPORT_SYMBOL(sys_close
);
1173 * This routine simulates a hangup on the tty, to arrange that users
1174 * are given clean terminals at login time.
1176 SYSCALL_DEFINE0(vhangup
)
1178 if (capable(CAP_SYS_TTY_CONFIG
)) {
1186 * Called when an inode is about to be open.
1187 * We use this to disallow opening large files on 32bit systems if
1188 * the caller didn't specify O_LARGEFILE. On 64bit systems we force
1189 * on this flag in sys_open.
1191 int generic_file_open(struct inode
* inode
, struct file
* filp
)
1193 if (!(filp
->f_flags
& O_LARGEFILE
) && i_size_read(inode
) > MAX_NON_LFS
)
1198 EXPORT_SYMBOL(generic_file_open
);
1201 * This is used by subsystems that don't want seekable
1202 * file descriptors. The function is not supposed to ever fail, the only
1203 * reason it returns an 'int' and not 'void' is so that it can be plugged
1204 * directly into file_operations structure.
1206 int nonseekable_open(struct inode
*inode
, struct file
*filp
)
1208 filp
->f_mode
&= ~(FMODE_LSEEK
| FMODE_PREAD
| FMODE_PWRITE
);
1212 EXPORT_SYMBOL(nonseekable_open
);