the-tree/fs/open.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  *  linux/fs/open.c
0004  *
0005  *  Copyright (C) 1991, 1992  Linus Torvalds
0006  */
0007
0008 #include <linux/string.h>
0009 #include <linux/mm.h>
0010 #include <linux/file.h>
0011 #include <linux/fdtable.h>
0012 #include <linux/fsnotify.h>
0013 #include <linux/module.h>
0014 #include <linux/tty.h>
0015 #include <linux/namei.h>
0016 #include <linux/backing-dev.h>
0017 #include <linux/capability.h>
0018 #include <linux/securebits.h>
0019 #include <linux/security.h>
0020 #include <linux/mount.h>
0021 #include <linux/fcntl.h>
0022 #include <linux/slab.h>
0023 #include <linux/uaccess.h>
0024 #include <linux/fs.h>
0025 #include <linux/personality.h>
0026 #include <linux/pagemap.h>
0027 #include <linux/syscalls.h>
0028 #include <linux/rcupdate.h>
0029 #include <linux/audit.h>
0030 #include <linux/falloc.h>
0031 #include <linux/fs_struct.h>
0032 #include <linux/ima.h>
0033 #include <linux/dnotify.h>
0034 #include <linux/compat.h>
0035 #include <linux/mnt_idmapping.h>
0036
0037 #include "internal.h"
0038
0039 int do_truncate(struct user_namespace *mnt_userns, struct dentry *dentry,
0040         loff_t length, unsigned int time_attrs, struct file *filp)
0041 {
0042     int ret;
0043     struct iattr newattrs;
0044
0045     /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */
0046     if (length < 0)
0047         return -EINVAL;
0048
0049     newattrs.ia_size = length;
0050     newattrs.ia_valid = ATTR_SIZE | time_attrs;
0051     if (filp) {
0052         newattrs.ia_file = filp;
0053         newattrs.ia_valid |= ATTR_FILE;
0054     }
0055
0056     /* Remove suid, sgid, and file capabilities on truncate too */
0057     ret = dentry_needs_remove_privs(dentry);
0058     if (ret < 0)
0059         return ret;
0060     if (ret)
0061         newattrs.ia_valid |= ret | ATTR_FORCE;
0062
0063     inode_lock(dentry->d_inode);
0064     /* Note any delegations or leases have already been broken: */
0065     ret = notify_change(mnt_userns, dentry, &newattrs, NULL);
0066     inode_unlock(dentry->d_inode);
0067     return ret;
0068 }
0069
0070 long vfs_truncate(const struct path *path, loff_t length)
0071 {
0072     struct user_namespace *mnt_userns;
0073     struct inode *inode;
0074     long error;
0075
0076     inode = path->dentry->d_inode;
0077
0078     /* For directories it's -EISDIR, for other non-regulars - -EINVAL */
0079     if (S_ISDIR(inode->i_mode))
0080         return -EISDIR;
0081     if (!S_ISREG(inode->i_mode))
0082         return -EINVAL;
0083
0084     error = mnt_want_write(path->mnt);
0085     if (error)
0086         goto out;
0087
0088     mnt_userns = mnt_user_ns(path->mnt);
0089     error = inode_permission(mnt_userns, inode, MAY_WRITE);
0090     if (error)
0091         goto mnt_drop_write_and_out;
0092
0093     error = -EPERM;
0094     if (IS_APPEND(inode))
0095         goto mnt_drop_write_and_out;
0096
0097     error = get_write_access(inode);
0098     if (error)
0099         goto mnt_drop_write_and_out;
0100
0101     /*
0102      * Make sure that there are no leases.  get_write_access() protects
0103      * against the truncate racing with a lease-granting setlease().
0104      */
0105     error = break_lease(inode, O_WRONLY);
0106     if (error)
0107         goto put_write_and_out;
0108
0109     error = security_path_truncate(path);
0110     if (!error)
0111         error = do_truncate(mnt_userns, path->dentry, length, 0, NULL);
0112
0113 put_write_and_out:
0114     put_write_access(inode);
0115 mnt_drop_write_and_out:
0116     mnt_drop_write(path->mnt);
0117 out:
0118     return error;
0119 }
0120 EXPORT_SYMBOL_GPL(vfs_truncate);
0121
0122 long do_sys_truncate(const char __user *pathname, loff_t length)
0123 {
0124     unsigned int lookup_flags = LOOKUP_FOLLOW;
0125     struct path path;
0126     int error;
0127
0128     if (length < 0) /* sorry, but loff_t says... */
0129         return -EINVAL;
0130
0131 retry:
0132     error = user_path_at(AT_FDCWD, pathname, lookup_flags, &path);
0133     if (!error) {
0134         error = vfs_truncate(&path, length);
0135         path_put(&path);
0136     }
0137     if (retry_estale(error, lookup_flags)) {
0138         lookup_flags |= LOOKUP_REVAL;
0139         goto retry;
0140     }
0141     return error;
0142 }
0143
0144 SYSCALL_DEFINE2(truncate, const char __user *, path, long, length)
0145 {
0146     return do_sys_truncate(path, length);
0147 }
0148
0149 #ifdef CONFIG_COMPAT
0150 COMPAT_SYSCALL_DEFINE2(truncate, const char __user *, path, compat_off_t, length)
0151 {
0152     return do_sys_truncate(path, length);
0153 }
0154 #endif
0155
0156 long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
0157 {
0158     struct inode *inode;
0159     struct dentry *dentry;
0160     struct fd f;
0161     int error;
0162
0163     error = -EINVAL;
0164     if (length < 0)
0165         goto out;
0166     error = -EBADF;
0167     f = fdget(fd);
0168     if (!f.file)
0169         goto out;
0170
0171     /* explicitly opened as large or we are on 64-bit box */
0172     if (f.file->f_flags & O_LARGEFILE)
0173         small = 0;
0174
0175     dentry = f.file->f_path.dentry;
0176     inode = dentry->d_inode;
0177     error = -EINVAL;
0178     if (!S_ISREG(inode->i_mode) || !(f.file->f_mode & FMODE_WRITE))
0179         goto out_putf;
0180
0181     error = -EINVAL;
0182     /* Cannot ftruncate over 2^31 bytes without large file support */
0183     if (small && length > MAX_NON_LFS)
0184         goto out_putf;
0185
0186     error = -EPERM;
0187     /* Check IS_APPEND on real upper inode */
0188     if (IS_APPEND(file_inode(f.file)))
0189         goto out_putf;
0190     sb_start_write(inode->i_sb);
0191     error = security_path_truncate(&f.file->f_path);
0192     if (!error)
0193         error = do_truncate(file_mnt_user_ns(f.file), dentry, length,
0194                     ATTR_MTIME | ATTR_CTIME, f.file);
0195     sb_end_write(inode->i_sb);
0196 out_putf:
0197     fdput(f);
0198 out:
0199     return error;
0200 }
0201
0202 SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length)
0203 {
0204     return do_sys_ftruncate(fd, length, 1);
0205 }
0206
0207 #ifdef CONFIG_COMPAT
0208 COMPAT_SYSCALL_DEFINE2(ftruncate, unsigned int, fd, compat_ulong_t, length)
0209 {
0210     return do_sys_ftruncate(fd, length, 1);
0211 }
0212 #endif
0213
0214 /* LFS versions of truncate are only needed on 32 bit machines */
0215 #if BITS_PER_LONG == 32
0216 SYSCALL_DEFINE2(truncate64, const char __user *, path, loff_t, length)
0217 {
0218     return do_sys_truncate(path, length);
0219 }
0220
0221 SYSCALL_DEFINE2(ftruncate64, unsigned int, fd, loff_t, length)
0222 {
0223     return do_sys_ftruncate(fd, length, 0);
0224 }
0225 #endif /* BITS_PER_LONG == 32 */
0226
0227 #if defined(CONFIG_COMPAT) && defined(__ARCH_WANT_COMPAT_TRUNCATE64)
0228 COMPAT_SYSCALL_DEFINE3(truncate64, const char __user *, pathname,
0229                compat_arg_u64_dual(length))
0230 {
0231     return ksys_truncate(pathname, compat_arg_u64_glue(length));
0232 }
0233 #endif
0234
0235 #if defined(CONFIG_COMPAT) && defined(__ARCH_WANT_COMPAT_FTRUNCATE64)
0236 COMPAT_SYSCALL_DEFINE3(ftruncate64, unsigned int, fd,
0237                compat_arg_u64_dual(length))
0238 {
0239     return ksys_ftruncate(fd, compat_arg_u64_glue(length));
0240 }
0241 #endif
0242
0243 int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
0244 {
0245     struct inode *inode = file_inode(file);
0246     long ret;
0247
0248     if (offset < 0 || len <= 0)
0249         return -EINVAL;
0250
0251     /* Return error if mode is not supported */
0252     if (mode & ~FALLOC_FL_SUPPORTED_MASK)
0253         return -EOPNOTSUPP;
0254
0255     /* Punch hole and zero range are mutually exclusive */
0256     if ((mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) ==
0257         (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE))
0258         return -EOPNOTSUPP;
0259
0260     /* Punch hole must have keep size set */
0261     if ((mode & FALLOC_FL_PUNCH_HOLE) &&
0262         !(mode & FALLOC_FL_KEEP_SIZE))
0263         return -EOPNOTSUPP;
0264
0265     /* Collapse range should only be used exclusively. */
0266     if ((mode & FALLOC_FL_COLLAPSE_RANGE) &&
0267         (mode & ~FALLOC_FL_COLLAPSE_RANGE))
0268         return -EINVAL;
0269
0270     /* Insert range should only be used exclusively. */
0271     if ((mode & FALLOC_FL_INSERT_RANGE) &&
0272         (mode & ~FALLOC_FL_INSERT_RANGE))
0273         return -EINVAL;
0274
0275     /* Unshare range should only be used with allocate mode. */
0276     if ((mode & FALLOC_FL_UNSHARE_RANGE) &&
0277         (mode & ~(FALLOC_FL_UNSHARE_RANGE | FALLOC_FL_KEEP_SIZE)))
0278         return -EINVAL;
0279
0280     if (!(file->f_mode & FMODE_WRITE))
0281         return -EBADF;
0282
0283     /*
0284      * We can only allow pure fallocate on append only files
0285      */
0286     if ((mode & ~FALLOC_FL_KEEP_SIZE) && IS_APPEND(inode))
0287         return -EPERM;
0288
0289     if (IS_IMMUTABLE(inode))
0290         return -EPERM;
0291
0292     /*
0293      * We cannot allow any fallocate operation on an active swapfile
0294      */
0295     if (IS_SWAPFILE(inode))
0296         return -ETXTBSY;
0297
0298     /*
0299      * Revalidate the write permissions, in case security policy has
0300      * changed since the files were opened.
0301      */
0302     ret = security_file_permission(file, MAY_WRITE);
0303     if (ret)
0304         return ret;
0305
0306     if (S_ISFIFO(inode->i_mode))
0307         return -ESPIPE;
0308
0309     if (S_ISDIR(inode->i_mode))
0310         return -EISDIR;
0311
0312     if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
0313         return -ENODEV;
0314
0315     /* Check for wrap through zero too */
0316     if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0))
0317         return -EFBIG;
0318
0319     if (!file->f_op->fallocate)
0320         return -EOPNOTSUPP;
0321
0322     file_start_write(file);
0323     ret = file->f_op->fallocate(file, mode, offset, len);
0324
0325     /*
0326      * Create inotify and fanotify events.
0327      *
0328      * To keep the logic simple always create events if fallocate succeeds.
0329      * This implies that events are even created if the file size remains
0330      * unchanged, e.g. when using flag FALLOC_FL_KEEP_SIZE.
0331      */
0332     if (ret == 0)
0333         fsnotify_modify(file);
0334
0335     file_end_write(file);
0336     return ret;
0337 }
0338 EXPORT_SYMBOL_GPL(vfs_fallocate);
0339
0340 int ksys_fallocate(int fd, int mode, loff_t offset, loff_t len)
0341 {
0342     struct fd f = fdget(fd);
0343     int error = -EBADF;
0344
0345     if (f.file) {
0346         error = vfs_fallocate(f.file, mode, offset, len);
0347         fdput(f);
0348     }
0349     return error;
0350 }
0351
0352 SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
0353 {
0354     return ksys_fallocate(fd, mode, offset, len);
0355 }
0356
0357 #if defined(CONFIG_COMPAT) && defined(__ARCH_WANT_COMPAT_FALLOCATE)
0358 COMPAT_SYSCALL_DEFINE6(fallocate, int, fd, int, mode, compat_arg_u64_dual(offset),
0359                compat_arg_u64_dual(len))
0360 {
0361     return ksys_fallocate(fd, mode, compat_arg_u64_glue(offset),
0362                   compat_arg_u64_glue(len));
0363 }
0364 #endif
0365
0366 /*
0367  * access() needs to use the real uid/gid, not the effective uid/gid.
0368  * We do this by temporarily clearing all FS-related capabilities and
0369  * switching the fsuid/fsgid around to the real ones.
0370  */
0371 static const struct cred *access_override_creds(void)
0372 {
0373     const struct cred *old_cred;
0374     struct cred *override_cred;
0375
0376     override_cred = prepare_creds();
0377     if (!override_cred)
0378         return NULL;
0379
0380     override_cred->fsuid = override_cred->uid;
0381     override_cred->fsgid = override_cred->gid;
0382
0383     if (!issecure(SECURE_NO_SETUID_FIXUP)) {
0384         /* Clear the capabilities if we switch to a non-root user */
0385         kuid_t root_uid = make_kuid(override_cred->user_ns, 0);
0386         if (!uid_eq(override_cred->uid, root_uid))
0387             cap_clear(override_cred->cap_effective);
0388         else
0389             override_cred->cap_effective =
0390                 override_cred->cap_permitted;
0391     }
0392
0393     /*
0394      * The new set of credentials can *only* be used in
0395      * task-synchronous circumstances, and does not need
0396      * RCU freeing, unless somebody then takes a separate
0397      * reference to it.
0398      *
0399      * NOTE! This is _only_ true because this credential
0400      * is used purely for override_creds() that installs
0401      * it as the subjective cred. Other threads will be
0402      * accessing ->real_cred, not the subjective cred.
0403      *
0404      * If somebody _does_ make a copy of this (using the
0405      * 'get_current_cred()' function), that will clear the
0406      * non_rcu field, because now that other user may be
0407      * expecting RCU freeing. But normal thread-synchronous
0408      * cred accesses will keep things non-RCY.
0409      */
0410     override_cred->non_rcu = 1;
0411
0412     old_cred = override_creds(override_cred);
0413
0414     /* override_cred() gets its own ref */
0415     put_cred(override_cred);
0416
0417     return old_cred;
0418 }
0419
0420 static long do_faccessat(int dfd, const char __user *filename, int mode, int flags)
0421 {
0422     struct path path;
0423     struct inode *inode;
0424     int res;
0425     unsigned int lookup_flags = LOOKUP_FOLLOW;
0426     const struct cred *old_cred = NULL;
0427
0428     if (mode & ~S_IRWXO)    /* where's F_OK, X_OK, W_OK, R_OK? */
0429         return -EINVAL;
0430
0431     if (flags & ~(AT_EACCESS | AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH))
0432         return -EINVAL;
0433
0434     if (flags & AT_SYMLINK_NOFOLLOW)
0435         lookup_flags &= ~LOOKUP_FOLLOW;
0436     if (flags & AT_EMPTY_PATH)
0437         lookup_flags |= LOOKUP_EMPTY;
0438
0439     if (!(flags & AT_EACCESS)) {
0440         old_cred = access_override_creds();
0441         if (!old_cred)
0442             return -ENOMEM;
0443     }
0444
0445 retry:
0446     res = user_path_at(dfd, filename, lookup_flags, &path);
0447     if (res)
0448         goto out;
0449
0450     inode = d_backing_inode(path.dentry);
0451
0452     if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) {
0453         /*
0454          * MAY_EXEC on regular files is denied if the fs is mounted
0455          * with the "noexec" flag.
0456          */
0457         res = -EACCES;
0458         if (path_noexec(&path))
0459             goto out_path_release;
0460     }
0461
0462     res = inode_permission(mnt_user_ns(path.mnt), inode, mode | MAY_ACCESS);
0463     /* SuS v2 requires we report a read only fs too */
0464     if (res || !(mode & S_IWOTH) || special_file(inode->i_mode))
0465         goto out_path_release;
0466     /*
0467      * This is a rare case where using __mnt_is_readonly()
0468      * is OK without a mnt_want/drop_write() pair.  Since
0469      * no actual write to the fs is performed here, we do
0470      * not need to telegraph to that to anyone.
0471      *
0472      * By doing this, we accept that this access is
0473      * inherently racy and know that the fs may change
0474      * state before we even see this result.
0475      */
0476     if (__mnt_is_readonly(path.mnt))
0477         res = -EROFS;
0478
0479 out_path_release:
0480     path_put(&path);
0481     if (retry_estale(res, lookup_flags)) {
0482         lookup_flags |= LOOKUP_REVAL;
0483         goto retry;
0484     }
0485 out:
0486     if (old_cred)
0487         revert_creds(old_cred);
0488
0489     return res;
0490 }
0491
0492 SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
0493 {
0494     return do_faccessat(dfd, filename, mode, 0);
0495 }
0496
0497 SYSCALL_DEFINE4(faccessat2, int, dfd, const char __user *, filename, int, mode,
0498         int, flags)
0499 {
0500     return do_faccessat(dfd, filename, mode, flags);
0501 }
0502
0503 SYSCALL_DEFINE2(access, const char __user *, filename, int, mode)
0504 {
0505     return do_faccessat(AT_FDCWD, filename, mode, 0);
0506 }
0507
0508 SYSCALL_DEFINE1(chdir, const char __user *, filename)
0509 {
0510     struct path path;
0511     int error;
0512     unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
0513 retry:
0514     error = user_path_at(AT_FDCWD, filename, lookup_flags, &path);
0515     if (error)
0516         goto out;
0517
0518     error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
0519     if (error)
0520         goto dput_and_out;
0521
0522     set_fs_pwd(current->fs, &path);
0523
0524 dput_and_out:
0525     path_put(&path);
0526     if (retry_estale(error, lookup_flags)) {
0527         lookup_flags |= LOOKUP_REVAL;
0528         goto retry;
0529     }
0530 out:
0531     return error;
0532 }
0533
0534 SYSCALL_DEFINE1(fchdir, unsigned int, fd)
0535 {
0536     struct fd f = fdget_raw(fd);
0537     int error;
0538
0539     error = -EBADF;
0540     if (!f.file)
0541         goto out;
0542
0543     error = -ENOTDIR;
0544     if (!d_can_lookup(f.file->f_path.dentry))
0545         goto out_putf;
0546
0547     error = file_permission(f.file, MAY_EXEC | MAY_CHDIR);
0548     if (!error)
0549         set_fs_pwd(current->fs, &f.file->f_path);
0550 out_putf:
0551     fdput(f);
0552 out:
0553     return error;
0554 }
0555
0556 SYSCALL_DEFINE1(chroot, const char __user *, filename)
0557 {
0558     struct path path;
0559     int error;
0560     unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_DIRECTORY;
0561 retry:
0562     error = user_path_at(AT_FDCWD, filename, lookup_flags, &path);
0563     if (error)
0564         goto out;
0565
0566     error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
0567     if (error)
0568         goto dput_and_out;
0569
0570     error = -EPERM;
0571     if (!ns_capable(current_user_ns(), CAP_SYS_CHROOT))
0572         goto dput_and_out;
0573     error = security_path_chroot(&path);
0574     if (error)
0575         goto dput_and_out;
0576
0577     set_fs_root(current->fs, &path);
0578     error = 0;
0579 dput_and_out:
0580     path_put(&path);
0581     if (retry_estale(error, lookup_flags)) {
0582         lookup_flags |= LOOKUP_REVAL;
0583         goto retry;
0584     }
0585 out:
0586     return error;
0587 }
0588
0589 int chmod_common(const struct path *path, umode_t mode)
0590 {
0591     struct inode *inode = path->dentry->d_inode;
0592     struct inode *delegated_inode = NULL;
0593     struct iattr newattrs;
0594     int error;
0595
0596     error = mnt_want_write(path->mnt);
0597     if (error)
0598         return error;
0599 retry_deleg:
0600     inode_lock(inode);
0601     error = security_path_chmod(path, mode);
0602     if (error)
0603         goto out_unlock;
0604     newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
0605     newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
0606     error = notify_change(mnt_user_ns(path->mnt), path->dentry,
0607                   &newattrs, &delegated_inode);
0608 out_unlock:
0609     inode_unlock(inode);
0610     if (delegated_inode) {
0611         error = break_deleg_wait(&delegated_inode);
0612         if (!error)
0613             goto retry_deleg;
0614     }
0615     mnt_drop_write(path->mnt);
0616     return error;
0617 }
0618
0619 int vfs_fchmod(struct file *file, umode_t mode)
0620 {
0621     audit_file(file);
0622     return chmod_common(&file->f_path, mode);
0623 }
0624
0625 SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode)
0626 {
0627     struct fd f = fdget(fd);
0628     int err = -EBADF;
0629
0630     if (f.file) {
0631         err = vfs_fchmod(f.file, mode);
0632         fdput(f);
0633     }
0634     return err;
0635 }
0636
0637 static int do_fchmodat(int dfd, const char __user *filename, umode_t mode)
0638 {
0639     struct path path;
0640     int error;
0641     unsigned int lookup_flags = LOOKUP_FOLLOW;
0642 retry:
0643     error = user_path_at(dfd, filename, lookup_flags, &path);
0644     if (!error) {
0645         error = chmod_common(&path, mode);
0646         path_put(&path);
0647         if (retry_estale(error, lookup_flags)) {
0648             lookup_flags |= LOOKUP_REVAL;
0649             goto retry;
0650         }
0651     }
0652     return error;
0653 }
0654
0655 SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename,
0656         umode_t, mode)
0657 {
0658     return do_fchmodat(dfd, filename, mode);
0659 }
0660
0661 SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode)
0662 {
0663     return do_fchmodat(AT_FDCWD, filename, mode);
0664 }
0665
0666 /**
0667  * setattr_vfsuid - check and set ia_fsuid attribute
0668  * @kuid: new inode owner
0669  *
0670  * Check whether @kuid is valid and if so generate and set vfsuid_t in
0671  * ia_vfsuid.
0672  *
0673  * Return: true if @kuid is valid, false if not.
0674  */
0675 static inline bool setattr_vfsuid(struct iattr *attr, kuid_t kuid)
0676 {
0677     if (!uid_valid(kuid))
0678         return false;
0679     attr->ia_valid |= ATTR_UID;
0680     attr->ia_vfsuid = VFSUIDT_INIT(kuid);
0681     return true;
0682 }
0683
0684 /**
0685  * setattr_vfsgid - check and set ia_fsgid attribute
0686  * @kgid: new inode owner
0687  *
0688  * Check whether @kgid is valid and if so generate and set vfsgid_t in
0689  * ia_vfsgid.
0690  *
0691  * Return: true if @kgid is valid, false if not.
0692  */
0693 static inline bool setattr_vfsgid(struct iattr *attr, kgid_t kgid)
0694 {
0695     if (!gid_valid(kgid))
0696         return false;
0697     attr->ia_valid |= ATTR_GID;
0698     attr->ia_vfsgid = VFSGIDT_INIT(kgid);
0699     return true;
0700 }
0701
0702 int chown_common(const struct path *path, uid_t user, gid_t group)
0703 {
0704     struct user_namespace *mnt_userns, *fs_userns;
0705     struct inode *inode = path->dentry->d_inode;
0706     struct inode *delegated_inode = NULL;
0707     int error;
0708     struct iattr newattrs;
0709     kuid_t uid;
0710     kgid_t gid;
0711
0712     uid = make_kuid(current_user_ns(), user);
0713     gid = make_kgid(current_user_ns(), group);
0714
0715     mnt_userns = mnt_user_ns(path->mnt);
0716     fs_userns = i_user_ns(inode);
0717
0718 retry_deleg:
0719     newattrs.ia_vfsuid = INVALID_VFSUID;
0720     newattrs.ia_vfsgid = INVALID_VFSGID;
0721     newattrs.ia_valid =  ATTR_CTIME;
0722     if ((user != (uid_t)-1) && !setattr_vfsuid(&newattrs, uid))
0723         return -EINVAL;
0724     if ((group != (gid_t)-1) && !setattr_vfsgid(&newattrs, gid))
0725         return -EINVAL;
0726     if (!S_ISDIR(inode->i_mode))
0727         newattrs.ia_valid |=
0728             ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
0729     inode_lock(inode);
0730     /* Continue to send actual fs values, not the mount values. */
0731     error = security_path_chown(
0732         path,
0733         from_vfsuid(mnt_userns, fs_userns, newattrs.ia_vfsuid),
0734         from_vfsgid(mnt_userns, fs_userns, newattrs.ia_vfsgid));
0735     if (!error)
0736         error = notify_change(mnt_userns, path->dentry, &newattrs,
0737                       &delegated_inode);
0738     inode_unlock(inode);
0739     if (delegated_inode) {
0740         error = break_deleg_wait(&delegated_inode);
0741         if (!error)
0742             goto retry_deleg;
0743     }
0744     return error;
0745 }
0746
0747 int do_fchownat(int dfd, const char __user *filename, uid_t user, gid_t group,
0748         int flag)
0749 {
0750     struct path path;
0751     int error = -EINVAL;
0752     int lookup_flags;
0753
0754     if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
0755         goto out;
0756
0757     lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
0758     if (flag & AT_EMPTY_PATH)
0759         lookup_flags |= LOOKUP_EMPTY;
0760 retry:
0761     error = user_path_at(dfd, filename, lookup_flags, &path);
0762     if (error)
0763         goto out;
0764     error = mnt_want_write(path.mnt);
0765     if (error)
0766         goto out_release;
0767     error = chown_common(&path, user, group);
0768     mnt_drop_write(path.mnt);
0769 out_release:
0770     path_put(&path);
0771     if (retry_estale(error, lookup_flags)) {
0772         lookup_flags |= LOOKUP_REVAL;
0773         goto retry;
0774     }
0775 out:
0776     return error;
0777 }
0778
0779 SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user,
0780         gid_t, group, int, flag)
0781 {
0782     return do_fchownat(dfd, filename, user, group, flag);
0783 }
0784
0785 SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group)
0786 {
0787     return do_fchownat(AT_FDCWD, filename, user, group, 0);
0788 }
0789
0790 SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group)
0791 {
0792     return do_fchownat(AT_FDCWD, filename, user, group,
0793                AT_SYMLINK_NOFOLLOW);
0794 }
0795
0796 int vfs_fchown(struct file *file, uid_t user, gid_t group)
0797 {
0798     int error;
0799
0800     error = mnt_want_write_file(file);
0801     if (error)
0802         return error;
0803     audit_file(file);
0804     error = chown_common(&file->f_path, user, group);
0805     mnt_drop_write_file(file);
0806     return error;
0807 }
0808
0809 int ksys_fchown(unsigned int fd, uid_t user, gid_t group)
0810 {
0811     struct fd f = fdget(fd);
0812     int error = -EBADF;
0813
0814     if (f.file) {
0815         error = vfs_fchown(f.file, user, group);
0816         fdput(f);
0817     }
0818     return error;
0819 }
0820
0821 SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group)
0822 {
0823     return ksys_fchown(fd, user, group);
0824 }
0825
0826 static int do_dentry_open(struct file *f,
0827               struct inode *inode,
0828               int (*open)(struct inode *, struct file *))
0829 {
0830     static const struct file_operations empty_fops = {};
0831     int error;
0832
0833     path_get(&f->f_path);
0834     f->f_inode = inode;
0835     f->f_mapping = inode->i_mapping;
0836     f->f_wb_err = filemap_sample_wb_err(f->f_mapping);
0837     f->f_sb_err = file_sample_sb_err(f);
0838
0839     if (unlikely(f->f_flags & O_PATH)) {
0840         f->f_mode = FMODE_PATH | FMODE_OPENED;
0841         f->f_op = &empty_fops;
0842         return 0;
0843     }
0844
0845     if (f->f_mode & FMODE_WRITE && !special_file(inode->i_mode)) {
0846         error = get_write_access(inode);
0847         if (unlikely(error))
0848             goto cleanup_file;
0849         error = __mnt_want_write(f->f_path.mnt);
0850         if (unlikely(error)) {
0851             put_write_access(inode);
0852             goto cleanup_file;
0853         }
0854         f->f_mode |= FMODE_WRITER;
0855     }
0856
0857     /* POSIX.1-2008/SUSv4 Section XSI 2.9.7 */
0858     if (S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))
0859         f->f_mode |= FMODE_ATOMIC_POS;
0860
0861     f->f_op = fops_get(inode->i_fop);
0862     if (WARN_ON(!f->f_op)) {
0863         error = -ENODEV;
0864         goto cleanup_all;
0865     }
0866
0867     error = security_file_open(f);
0868     if (error)
0869         goto cleanup_all;
0870
0871     error = break_lease(locks_inode(f), f->f_flags);
0872     if (error)
0873         goto cleanup_all;
0874
0875     /* normally all 3 are set; ->open() can clear them if needed */
0876     f->f_mode |= FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE;
0877     if (!open)
0878         open = f->f_op->open;
0879     if (open) {
0880         error = open(inode, f);
0881         if (error)
0882             goto cleanup_all;
0883     }
0884     f->f_mode |= FMODE_OPENED;
0885     if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
0886         i_readcount_inc(inode);
0887     if ((f->f_mode & FMODE_READ) &&
0888          likely(f->f_op->read || f->f_op->read_iter))
0889         f->f_mode |= FMODE_CAN_READ;
0890     if ((f->f_mode & FMODE_WRITE) &&
0891          likely(f->f_op->write || f->f_op->write_iter))
0892         f->f_mode |= FMODE_CAN_WRITE;
0893     if ((f->f_mode & FMODE_LSEEK) && !f->f_op->llseek)
0894         f->f_mode &= ~FMODE_LSEEK;
0895     if (f->f_mapping->a_ops && f->f_mapping->a_ops->direct_IO)
0896         f->f_mode |= FMODE_CAN_ODIRECT;
0897
0898     f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC);
0899     f->f_iocb_flags = iocb_flags(f);
0900
0901     file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping);
0902
0903     if ((f->f_flags & O_DIRECT) && !(f->f_mode & FMODE_CAN_ODIRECT))
0904         return -EINVAL;
0905
0906     /*
0907      * XXX: Huge page cache doesn't support writing yet. Drop all page
0908      * cache for this file before processing writes.
0909      */
0910     if (f->f_mode & FMODE_WRITE) {
0911         /*
0912          * Paired with smp_mb() in collapse_file() to ensure nr_thps
0913          * is up to date and the update to i_writecount by
0914          * get_write_access() is visible. Ensures subsequent insertion
0915          * of THPs into the page cache will fail.
0916          */
0917         smp_mb();
0918         if (filemap_nr_thps(inode->i_mapping)) {
0919             struct address_space *mapping = inode->i_mapping;
0920
0921             filemap_invalidate_lock(inode->i_mapping);
0922             /*
0923              * unmap_mapping_range just need to be called once
0924              * here, because the private pages is not need to be
0925              * unmapped mapping (e.g. data segment of dynamic
0926              * shared libraries here).
0927              */
0928             unmap_mapping_range(mapping, 0, 0, 0);
0929             truncate_inode_pages(mapping, 0);
0930             filemap_invalidate_unlock(inode->i_mapping);
0931         }
0932     }
0933
0934     return 0;
0935
0936 cleanup_all:
0937     if (WARN_ON_ONCE(error > 0))
0938         error = -EINVAL;
0939     fops_put(f->f_op);
0940     if (f->f_mode & FMODE_WRITER) {
0941         put_write_access(inode);
0942         __mnt_drop_write(f->f_path.mnt);
0943     }
0944 cleanup_file:
0945     path_put(&f->f_path);
0946     f->f_path.mnt = NULL;
0947     f->f_path.dentry = NULL;
0948     f->f_inode = NULL;
0949     return error;
0950 }
0951
0952 /**
0953  * finish_open - finish opening a file
0954  * @file: file pointer
0955  * @dentry: pointer to dentry
0956  * @open: open callback
0957  * @opened: state of open
0958  *
0959  * This can be used to finish opening a file passed to i_op->atomic_open().
0960  *
0961  * If the open callback is set to NULL, then the standard f_op->open()
0962  * filesystem callback is substituted.
0963  *
0964  * NB: the dentry reference is _not_ consumed.  If, for example, the dentry is
0965  * the return value of d_splice_alias(), then the caller needs to perform dput()
0966  * on it after finish_open().
0967  *
0968  * Returns zero on success or -errno if the open failed.
0969  */
0970 int finish_open(struct file *file, struct dentry *dentry,
0971         int (*open)(struct inode *, struct file *))
0972 {
0973     BUG_ON(file->f_mode & FMODE_OPENED); /* once it's opened, it's opened */
0974
0975     file->f_path.dentry = dentry;
0976     return do_dentry_open(file, d_backing_inode(dentry), open);
0977 }
0978 EXPORT_SYMBOL(finish_open);
0979
0980 /**
0981  * finish_no_open - finish ->atomic_open() without opening the file
0982  *
0983  * @file: file pointer
0984  * @dentry: dentry or NULL (as returned from ->lookup())
0985  *
0986  * This can be used to set the result of a successful lookup in ->atomic_open().
0987  *
0988  * NB: unlike finish_open() this function does consume the dentry reference and
0989  * the caller need not dput() it.
0990  *
0991  * Returns "0" which must be the return value of ->atomic_open() after having
0992  * called this function.
0993  */
0994 int finish_no_open(struct file *file, struct dentry *dentry)
0995 {
0996     file->f_path.dentry = dentry;
0997     return 0;
0998 }
0999 EXPORT_SYMBOL(finish_no_open);
1000
1001 char *file_path(struct file *filp, char *buf, int buflen)
1002 {
1003     return d_path(&filp->f_path, buf, buflen);
1004 }
1005 EXPORT_SYMBOL(file_path);
1006
1007 /**
1008  * vfs_open - open the file at the given path
1009  * @path: path to open
1010  * @file: newly allocated file with f_flag initialized
1011  * @cred: credentials to use
1012  */
1013 int vfs_open(const struct path *path, struct file *file)
1014 {
1015     file->f_path = *path;
1016     return do_dentry_open(file, d_backing_inode(path->dentry), NULL);
1017 }
1018
1019 struct file *dentry_open(const struct path *path, int flags,
1020              const struct cred *cred)
1021 {
1022     int error;
1023     struct file *f;
1024
1025     validate_creds(cred);
1026
1027     /* We must always pass in a valid mount pointer. */
1028     BUG_ON(!path->mnt);
1029
1030     f = alloc_empty_file(flags, cred);
1031     if (!IS_ERR(f)) {
1032         error = vfs_open(path, f);
1033         if (error) {
1034             fput(f);
1035             f = ERR_PTR(error);
1036         }
1037     }
1038     return f;
1039 }
1040 EXPORT_SYMBOL(dentry_open);
1041
1042 /**
1043  * dentry_create - Create and open a file
1044  * @path: path to create
1045  * @flags: O_ flags
1046  * @mode: mode bits for new file
1047  * @cred: credentials to use
1048  *
1049  * Caller must hold the parent directory's lock, and have prepared
1050  * a negative dentry, placed in @path->dentry, for the new file.
1051  *
1052  * Caller sets @path->mnt to the vfsmount of the filesystem where
1053  * the new file is to be created. The parent directory and the
1054  * negative dentry must reside on the same filesystem instance.
1055  *
1056  * On success, returns a "struct file *". Otherwise a ERR_PTR
1057  * is returned.
1058  */
1059 struct file *dentry_create(const struct path *path, int flags, umode_t mode,
1060                const struct cred *cred)
1061 {
1062     struct file *f;
1063     int error;
1064
1065     validate_creds(cred);
1066     f = alloc_empty_file(flags, cred);
1067     if (IS_ERR(f))
1068         return f;
1069
1070     error = vfs_create(mnt_user_ns(path->mnt),
1071                d_inode(path->dentry->d_parent),
1072                path->dentry, mode, true);
1073     if (!error)
1074         error = vfs_open(path, f);
1075
1076     if (unlikely(error)) {
1077         fput(f);
1078         return ERR_PTR(error);
1079     }
1080     return f;
1081 }
1082 EXPORT_SYMBOL(dentry_create);
1083
1084 struct file *open_with_fake_path(const struct path *path, int flags,
1085                 struct inode *inode, const struct cred *cred)
1086 {
1087     struct file *f = alloc_empty_file_noaccount(flags, cred);
1088     if (!IS_ERR(f)) {
1089         int error;
1090
1091         f->f_path = *path;
1092         error = do_dentry_open(f, inode, NULL);
1093         if (error) {
1094             fput(f);
1095             f = ERR_PTR(error);
1096         }
1097     }
1098     return f;
1099 }
1100 EXPORT_SYMBOL(open_with_fake_path);
1101
1102 #define WILL_CREATE(flags)  (flags & (O_CREAT | __O_TMPFILE))
1103 #define O_PATH_FLAGS        (O_DIRECTORY | O_NOFOLLOW | O_PATH | O_CLOEXEC)
1104
1105 inline struct open_how build_open_how(int flags, umode_t mode)
1106 {
1107     struct open_how how = {
1108         .flags = flags & VALID_OPEN_FLAGS,
1109         .mode = mode & S_IALLUGO,
1110     };
1111
1112     /* O_PATH beats everything else. */
1113     if (how.flags & O_PATH)
1114         how.flags &= O_PATH_FLAGS;
1115     /* Modes should only be set for create-like flags. */
1116     if (!WILL_CREATE(how.flags))
1117         how.mode = 0;
1118     return how;
1119 }
1120
1121 inline int build_open_flags(const struct open_how *how, struct open_flags *op)
1122 {
1123     u64 flags = how->flags;
1124     u64 strip = FMODE_NONOTIFY | O_CLOEXEC;
1125     int lookup_flags = 0;
1126     int acc_mode = ACC_MODE(flags);
1127
1128     BUILD_BUG_ON_MSG(upper_32_bits(VALID_OPEN_FLAGS),
1129              "struct open_flags doesn't yet handle flags > 32 bits");
1130
1131     /*
1132      * Strip flags that either shouldn't be set by userspace like
1133      * FMODE_NONOTIFY or that aren't relevant in determining struct
1134      * open_flags like O_CLOEXEC.
1135      */
1136     flags &= ~strip;
1137
1138     /*
1139      * Older syscalls implicitly clear all of the invalid flags or argument
1140      * values before calling build_open_flags(), but openat2(2) checks all
1141      * of its arguments.
1142      */
1143     if (flags & ~VALID_OPEN_FLAGS)
1144         return -EINVAL;
1145     if (how->resolve & ~VALID_RESOLVE_FLAGS)
1146         return -EINVAL;
1147
1148     /* Scoping flags are mutually exclusive. */
1149     if ((how->resolve & RESOLVE_BENEATH) && (how->resolve & RESOLVE_IN_ROOT))
1150         return -EINVAL;
1151
1152     /* Deal with the mode. */
1153     if (WILL_CREATE(flags)) {
1154         if (how->mode & ~S_IALLUGO)
1155             return -EINVAL;
1156         op->mode = how->mode | S_IFREG;
1157     } else {
1158         if (how->mode != 0)
1159             return -EINVAL;
1160         op->mode = 0;
1161     }
1162
1163     /*
1164      * In order to ensure programs get explicit errors when trying to use
1165      * O_TMPFILE on old kernels, O_TMPFILE is implemented such that it
1166      * looks like (O_DIRECTORY|O_RDWR & ~O_CREAT) to old kernels. But we
1167      * have to require userspace to explicitly set it.
1168      */
1169     if (flags & __O_TMPFILE) {
1170         if ((flags & O_TMPFILE_MASK) != O_TMPFILE)
1171             return -EINVAL;
1172         if (!(acc_mode & MAY_WRITE))
1173             return -EINVAL;
1174     }
1175     if (flags & O_PATH) {
1176         /* O_PATH only permits certain other flags to be set. */
1177         if (flags & ~O_PATH_FLAGS)
1178             return -EINVAL;
1179         acc_mode = 0;
1180     }
1181
1182     /*
1183      * O_SYNC is implemented as __O_SYNC|O_DSYNC.  As many places only
1184      * check for O_DSYNC if the need any syncing at all we enforce it's
1185      * always set instead of having to deal with possibly weird behaviour
1186      * for malicious applications setting only __O_SYNC.
1187      */
1188     if (flags & __O_SYNC)
1189         flags |= O_DSYNC;
1190
1191     op->open_flag = flags;
1192
1193     /* O_TRUNC implies we need access checks for write permissions */
1194     if (flags & O_TRUNC)
1195         acc_mode |= MAY_WRITE;
1196
1197     /* Allow the LSM permission hook to distinguish append
1198        access from general write access. */
1199     if (flags & O_APPEND)
1200         acc_mode |= MAY_APPEND;
1201
1202     op->acc_mode = acc_mode;
1203
1204     op->intent = flags & O_PATH ? 0 : LOOKUP_OPEN;
1205
1206     if (flags & O_CREAT) {
1207         op->intent |= LOOKUP_CREATE;
1208         if (flags & O_EXCL) {
1209             op->intent |= LOOKUP_EXCL;
1210             flags |= O_NOFOLLOW;
1211         }
1212     }
1213
1214     if (flags & O_DIRECTORY)
1215         lookup_flags |= LOOKUP_DIRECTORY;
1216     if (!(flags & O_NOFOLLOW))
1217         lookup_flags |= LOOKUP_FOLLOW;
1218
1219     if (how->resolve & RESOLVE_NO_XDEV)
1220         lookup_flags |= LOOKUP_NO_XDEV;
1221     if (how->resolve & RESOLVE_NO_MAGICLINKS)
1222         lookup_flags |= LOOKUP_NO_MAGICLINKS;
1223     if (how->resolve & RESOLVE_NO_SYMLINKS)
1224         lookup_flags |= LOOKUP_NO_SYMLINKS;
1225     if (how->resolve & RESOLVE_BENEATH)
1226         lookup_flags |= LOOKUP_BENEATH;
1227     if (how->resolve & RESOLVE_IN_ROOT)
1228         lookup_flags |= LOOKUP_IN_ROOT;
1229     if (how->resolve & RESOLVE_CACHED) {
1230         /* Don't bother even trying for create/truncate/tmpfile open */
1231         if (flags & (O_TRUNC | O_CREAT | O_TMPFILE))
1232             return -EAGAIN;
1233         lookup_flags |= LOOKUP_CACHED;
1234     }
1235
1236     op->lookup_flags = lookup_flags;
1237     return 0;
1238 }
1239
1240 /**
1241  * file_open_name - open file and return file pointer
1242  *
1243  * @name:   struct filename containing path to open
1244  * @flags:  open flags as per the open(2) second argument
1245  * @mode:   mode for the new file if O_CREAT is set, else ignored
1246  *
1247  * This is the helper to open a file from kernelspace if you really
1248  * have to.  But in generally you should not do this, so please move
1249  * along, nothing to see here..
1250  */
1251 struct file *file_open_name(struct filename *name, int flags, umode_t mode)
1252 {
1253     struct open_flags op;
1254     struct open_how how = build_open_how(flags, mode);
1255     int err = build_open_flags(&how, &op);
1256     if (err)
1257         return ERR_PTR(err);
1258     return do_filp_open(AT_FDCWD, name, &op);
1259 }
1260
1261 /**
1262  * filp_open - open file and return file pointer
1263  *
1264  * @filename:   path to open
1265  * @flags:  open flags as per the open(2) second argument
1266  * @mode:   mode for the new file if O_CREAT is set, else ignored
1267  *
1268  * This is the helper to open a file from kernelspace if you really
1269  * have to.  But in generally you should not do this, so please move
1270  * along, nothing to see here..
1271  */
1272 struct file *filp_open(const char *filename, int flags, umode_t mode)
1273 {
1274     struct filename *name = getname_kernel(filename);
1275     struct file *file = ERR_CAST(name);
1276
1277     if (!IS_ERR(name)) {
1278         file = file_open_name(name, flags, mode);
1279         putname(name);
1280     }
1281     return file;
1282 }
1283 EXPORT_SYMBOL(filp_open);
1284
1285 struct file *file_open_root(const struct path *root,
1286                 const char *filename, int flags, umode_t mode)
1287 {
1288     struct open_flags op;
1289     struct open_how how = build_open_how(flags, mode);
1290     int err = build_open_flags(&how, &op);
1291     if (err)
1292         return ERR_PTR(err);
1293     return do_file_open_root(root, filename, &op);
1294 }
1295 EXPORT_SYMBOL(file_open_root);
1296
1297 static long do_sys_openat2(int dfd, const char __user *filename,
1298                struct open_how *how)
1299 {
1300     struct open_flags op;
1301     int fd = build_open_flags(how, &op);
1302     struct filename *tmp;
1303
1304     if (fd)
1305         return fd;
1306
1307     tmp = getname(filename);
1308     if (IS_ERR(tmp))
1309         return PTR_ERR(tmp);
1310
1311     fd = get_unused_fd_flags(how->flags);
1312     if (fd >= 0) {
1313         struct file *f = do_filp_open(dfd, tmp, &op);
1314         if (IS_ERR(f)) {
1315             put_unused_fd(fd);
1316             fd = PTR_ERR(f);
1317         } else {
1318             fsnotify_open(f);
1319             fd_install(fd, f);
1320         }
1321     }
1322     putname(tmp);
1323     return fd;
1324 }
1325
1326 long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
1327 {
1328     struct open_how how = build_open_how(flags, mode);
1329     return do_sys_openat2(dfd, filename, &how);
1330 }
1331
1332
1333 SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode)
1334 {
1335     if (force_o_largefile())
1336         flags |= O_LARGEFILE;
1337     return do_sys_open(AT_FDCWD, filename, flags, mode);
1338 }
1339
1340 SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags,
1341         umode_t, mode)
1342 {
1343     if (force_o_largefile())
1344         flags |= O_LARGEFILE;
1345     return do_sys_open(dfd, filename, flags, mode);
1346 }
1347
1348 SYSCALL_DEFINE4(openat2, int, dfd, const char __user *, filename,
1349         struct open_how __user *, how, size_t, usize)
1350 {
1351     int err;
1352     struct open_how tmp;
1353
1354     BUILD_BUG_ON(sizeof(struct open_how) < OPEN_HOW_SIZE_VER0);
1355     BUILD_BUG_ON(sizeof(struct open_how) != OPEN_HOW_SIZE_LATEST);
1356
1357     if (unlikely(usize < OPEN_HOW_SIZE_VER0))
1358         return -EINVAL;
1359
1360     err = copy_struct_from_user(&tmp, sizeof(tmp), how, usize);
1361     if (err)
1362         return err;
1363
1364     audit_openat2_how(&tmp);
1365
1366     /* O_LARGEFILE is only allowed for non-O_PATH. */
1367     if (!(tmp.flags & O_PATH) && force_o_largefile())
1368         tmp.flags |= O_LARGEFILE;
1369
1370     return do_sys_openat2(dfd, filename, &tmp);
1371 }
1372
1373 #ifdef CONFIG_COMPAT
1374 /*
1375  * Exactly like sys_open(), except that it doesn't set the
1376  * O_LARGEFILE flag.
1377  */
1378 COMPAT_SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, umode_t, mode)
1379 {
1380     return do_sys_open(AT_FDCWD, filename, flags, mode);
1381 }
1382
1383 /*
1384  * Exactly like sys_openat(), except that it doesn't set the
1385  * O_LARGEFILE flag.
1386  */
1387 COMPAT_SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags, umode_t, mode)
1388 {
1389     return do_sys_open(dfd, filename, flags, mode);
1390 }
1391 #endif
1392
1393 #ifndef __alpha__
1394
1395 /*
1396  * For backward compatibility?  Maybe this should be moved
1397  * into arch/i386 instead?
1398  */
1399 SYSCALL_DEFINE2(creat, const char __user *, pathname, umode_t, mode)
1400 {
1401     int flags = O_CREAT | O_WRONLY | O_TRUNC;
1402
1403     if (force_o_largefile())
1404         flags |= O_LARGEFILE;
1405     return do_sys_open(AT_FDCWD, pathname, flags, mode);
1406 }
1407 #endif
1408
1409 /*
1410  * "id" is the POSIX thread ID. We use the
1411  * files pointer for this..
1412  */
1413 int filp_close(struct file *filp, fl_owner_t id)
1414 {
1415     int retval = 0;
1416
1417     if (!file_count(filp)) {
1418         printk(KERN_ERR "VFS: Close: file count is 0\n");
1419         return 0;
1420     }
1421
1422     if (filp->f_op->flush)
1423         retval = filp->f_op->flush(filp, id);
1424
1425     if (likely(!(filp->f_mode & FMODE_PATH))) {
1426         dnotify_flush(filp, id);
1427         locks_remove_posix(filp, id);
1428     }
1429     fput(filp);
1430     return retval;
1431 }
1432
1433 EXPORT_SYMBOL(filp_close);
1434
1435 /*
1436  * Careful here! We test whether the file pointer is NULL before
1437  * releasing the fd. This ensures that one clone task can't release
1438  * an fd while another clone is opening it.
1439  */
1440 SYSCALL_DEFINE1(close, unsigned int, fd)
1441 {
1442     int retval = close_fd(fd);
1443
1444     /* can't restart close syscall because file table entry was cleared */
1445     if (unlikely(retval == -ERESTARTSYS ||
1446              retval == -ERESTARTNOINTR ||
1447              retval == -ERESTARTNOHAND ||
1448              retval == -ERESTART_RESTARTBLOCK))
1449         retval = -EINTR;
1450
1451     return retval;
1452 }
1453
1454 /**
1455  * close_range() - Close all file descriptors in a given range.
1456  *
1457  * @fd:     starting file descriptor to close
1458  * @max_fd: last file descriptor to close
1459  * @flags:  reserved for future extensions
1460  *
1461  * This closes a range of file descriptors. All file descriptors
1462  * from @fd up to and including @max_fd are closed.
1463  * Currently, errors to close a given file descriptor are ignored.
1464  */
1465 SYSCALL_DEFINE3(close_range, unsigned int, fd, unsigned int, max_fd,
1466         unsigned int, flags)
1467 {
1468     return __close_range(fd, max_fd, flags);
1469 }
1470
1471 /*
1472  * This routine simulates a hangup on the tty, to arrange that users
1473  * are given clean terminals at login time.
1474  */
1475 SYSCALL_DEFINE0(vhangup)
1476 {
1477     if (capable(CAP_SYS_TTY_CONFIG)) {
1478         tty_vhangup_self();
1479         return 0;
1480     }
1481     return -EPERM;
1482 }
1483
1484 /*
1485  * Called when an inode is about to be open.
1486  * We use this to disallow opening large files on 32bit systems if
1487  * the caller didn't specify O_LARGEFILE.  On 64bit systems we force
1488  * on this flag in sys_open.
1489  */
1490 int generic_file_open(struct inode * inode, struct file * filp)
1491 {
1492     if (!(filp->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS)
1493         return -EOVERFLOW;
1494     return 0;
1495 }
1496
1497 EXPORT_SYMBOL(generic_file_open);
1498
1499 /*
1500  * This is used by subsystems that don't want seekable
1501  * file descriptors. The function is not supposed to ever fail, the only
1502  * reason it returns an 'int' and not 'void' is so that it can be plugged
1503  * directly into file_operations structure.
1504  */
1505 int nonseekable_open(struct inode *inode, struct file *filp)
1506 {
1507     filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE);
1508     return 0;
1509 }
1510
1511 EXPORT_SYMBOL(nonseekable_open);
1512
1513 /*
1514  * stream_open is used by subsystems that want stream-like file descriptors.
1515  * Such file descriptors are not seekable and don't have notion of position
1516  * (file.f_pos is always 0 and ppos passed to .read()/.write() is always NULL).
1517  * Contrary to file descriptors of other regular files, .read() and .write()
1518  * can run simultaneously.
1519  *
1520  * stream_open never fails and is marked to return int so that it could be
1521  * directly used as file_operations.open .
1522  */
1523 int stream_open(struct inode *inode, struct file *filp)
1524 {
1525     filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE | FMODE_ATOMIC_POS);
1526     filp->f_mode |= FMODE_STREAM;
1527     return 0;
1528 }
1529
1530 EXPORT_SYMBOL(stream_open);