LXR linux/fs/open.c

   1/*
   2 *  linux/fs/open.c
   3 *
   4 *  Copyright (C) 1991, 1992  Linus Torvalds
   5 */
   6
   7#include <linux/string.h>
   8#include <linux/mm.h>
   9#include <linux/file.h>
  10#include <linux/fdtable.h>
  11#include <linux/fsnotify.h>
  12#include <linux/module.h>
  13#include <linux/tty.h>
  14#include <linux/namei.h>
  15#include <linux/backing-dev.h>
  16#include <linux/capability.h>
  17#include <linux/securebits.h>
  18#include <linux/security.h>
  19#include <linux/mount.h>
  20#include <linux/fcntl.h>
  21#include <linux/slab.h>
  22#include <asm/uaccess.h>
  23#include <linux/fs.h>
  24#include <linux/personality.h>
  25#include <linux/pagemap.h>
  26#include <linux/syscalls.h>
  27#include <linux/rcupdate.h>
  28#include <linux/audit.h>
  29#include <linux/falloc.h>
  30#include <linux/fs_struct.h>
  31#include <linux/ima.h>
  32#include <linux/dnotify.h>
  33
  34#include "internal.h"
  35
  36int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
  37        struct file *filp)
  38{
  39        int ret;
  40        struct iattr newattrs;
  41
  42        /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */
  43        if (length < 0)
  44                return -EINVAL;
  45
  46        newattrs.ia_size = length;
  47        newattrs.ia_valid = ATTR_SIZE | time_attrs;
  48        if (filp) {
  49                newattrs.ia_file = filp;
  50                newattrs.ia_valid |= ATTR_FILE;
  51        }
  52
  53        /* Remove suid/sgid on truncate too */
  54        ret = should_remove_suid(dentry);
  55        if (ret)
  56                newattrs.ia_valid |= ret | ATTR_FORCE;
  57
  58        mutex_lock(&dentry->d_inode->i_mutex);
  59        ret = notify_change(dentry, &newattrs);
  60        mutex_unlock(&dentry->d_inode->i_mutex);
  61        return ret;
  62}
  63
  64static long do_sys_truncate(const char __user *pathname, loff_t length)
  65{
  66        struct path path;
  67        struct inode *inode;
  68        int error;
  69
  70        error = -EINVAL;
  71        if (length < 0) /* sorry, but loff_t says... */
  72                goto out;
  73
  74        error = user_path(pathname, &path);
  75        if (error)
  76                goto out;
  77        inode = path.dentry->d_inode;
  78
  79        /* For directories it's -EISDIR, for other non-regulars - -EINVAL */
  80        error = -EISDIR;
  81        if (S_ISDIR(inode->i_mode))
  82                goto dput_and_out;
  83
  84        error = -EINVAL;
  85        if (!S_ISREG(inode->i_mode))
  86                goto dput_and_out;
  87
  88        error = mnt_want_write(path.mnt);
  89        if (error)
  90                goto dput_and_out;
  91
  92        error = inode_permission(inode, MAY_WRITE);
  93        if (error)
  94                goto mnt_drop_write_and_out;
  95
  96        error = -EPERM;
  97        if (IS_APPEND(inode))
  98                goto mnt_drop_write_and_out;
  99
 100        error = get_write_access(inode);
 101        if (error)
 102                goto mnt_drop_write_and_out;
 103
 104        /*
 105         * Make sure that there are no leases.  get_write_access() protects
 106         * against the truncate racing with a lease-granting setlease().
 107         */
 108        error = break_lease(inode, O_WRONLY);
 109        if (error)
 110                goto put_write_and_out;
 111
 112        error = locks_verify_truncate(inode, NULL, length);
 113        if (!error)
 114                error = security_path_truncate(&path);
 115        if (!error)
 116                error = do_truncate(path.dentry, length, 0, NULL);
 117
 118put_write_and_out:
 119        put_write_access(inode);
 120mnt_drop_write_and_out:
 121        mnt_drop_write(path.mnt);
 122dput_and_out:
 123        path_put(&path);
 124out:
 125        return error;
 126}
 127
 128SYSCALL_DEFINE2(truncate, const char __user *, path, long, length)
 129{
 130        return do_sys_truncate(path, length);
 131}
 132
 133static long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
 134{
 135        struct inode * inode;
 136        struct dentry *dentry;
 137        struct file * file;
 138        int error;
 139
 140        error = -EINVAL;
 141        if (length < 0)
 142                goto out;
 143        error = -EBADF;
 144        file = fget(fd);
 145        if (!file)
 146                goto out;
 147
 148        /* explicitly opened as large or we are on 64-bit box */
 149        if (file->f_flags & O_LARGEFILE)
 150                small = 0;
 151
 152        dentry = file->f_path.dentry;
 153        inode = dentry->d_inode;
 154        error = -EINVAL;
 155        if (!S_ISREG(inode->i_mode) || !(file->f_mode & FMODE_WRITE))
 156                goto out_putf;
 157
 158        error = -EINVAL;
 159        /* Cannot ftruncate over 2^31 bytes without large file support */
 160        if (small && length > MAX_NON_LFS)
 161                goto out_putf;
 162
 163        error = -EPERM;
 164        if (IS_APPEND(inode))
 165                goto out_putf;
 166
 167        error = locks_verify_truncate(inode, file, length);
 168        if (!error)
 169                error = security_path_truncate(&file->f_path);
 170        if (!error)
 171                error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
 172out_putf:
 173        fput(file);
 174out:
 175        return error;
 176}
 177
 178SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length)
 179{
 180        long ret = do_sys_ftruncate(fd, length, 1);
 181        /* avoid REGPARM breakage on x86: */
 182        asmlinkage_protect(2, ret, fd, length);
 183        return ret;
 184}
 185
 186/* LFS versions of truncate are only needed on 32 bit machines */
 187#if BITS_PER_LONG == 32
 188SYSCALL_DEFINE(truncate64)(const char __user * path, loff_t length)
 189{
 190        return do_sys_truncate(path, length);
 191}
 192#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
 193asmlinkage long SyS_truncate64(long path, loff_t length)
 194{
 195        return SYSC_truncate64((const char __user *) path, length);
 196}
 197SYSCALL_ALIAS(sys_truncate64, SyS_truncate64);
 198#endif
 199
 200SYSCALL_DEFINE(ftruncate64)(unsigned int fd, loff_t length)
 201{
 202        long ret = do_sys_ftruncate(fd, length, 0);
 203        /* avoid REGPARM breakage on x86: */
 204        asmlinkage_protect(2, ret, fd, length);
 205        return ret;
 206}
 207#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
 208asmlinkage long SyS_ftruncate64(long fd, loff_t length)
 209{
 210        return SYSC_ftruncate64((unsigned int) fd, length);
 211}
 212SYSCALL_ALIAS(sys_ftruncate64, SyS_ftruncate64);
 213#endif
 214#endif /* BITS_PER_LONG == 32 */
 215
 216
 217int do_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
 218{
 219        struct inode *inode = file->f_path.dentry->d_inode;
 220        long ret;
 221
 222        if (offset < 0 || len <= 0)
 223                return -EINVAL;
 224
 225        /* Return error if mode is not supported */
 226        if (mode && !(mode & FALLOC_FL_KEEP_SIZE))
 227                return -EOPNOTSUPP;
 228
 229        if (!(file->f_mode & FMODE_WRITE))
 230                return -EBADF;
 231        /*
 232         * Revalidate the write permissions, in case security policy has
 233         * changed since the files were opened.
 234         */
 235        ret = security_file_permission(file, MAY_WRITE);
 236        if (ret)
 237                return ret;
 238
 239        if (S_ISFIFO(inode->i_mode))
 240                return -ESPIPE;
 241
 242        /*
 243         * Let individual file system decide if it supports preallocation
 244         * for directories or not.
 245         */
 246        if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
 247                return -ENODEV;
 248
 249        /* Check for wrap through zero too */
 250        if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0))
 251                return -EFBIG;
 252
 253        if (!inode->i_op->fallocate)
 254                return -EOPNOTSUPP;
 255
 256        return inode->i_op->fallocate(inode, mode, offset, len);
 257}
 258
 259SYSCALL_DEFINE(fallocate)(int fd, int mode, loff_t offset, loff_t len)
 260{
 261        struct file *file;
 262        int error = -EBADF;
 263
 264        file = fget(fd);
 265        if (file) {
 266                error = do_fallocate(file, mode, offset, len);
 267                fput(file);
 268        }
 269
 270        return error;
 271}
 272
 273#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
 274asmlinkage long SyS_fallocate(long fd, long mode, loff_t offset, loff_t len)
 275{
 276        return SYSC_fallocate((int)fd, (int)mode, offset, len);
 277}
 278SYSCALL_ALIAS(sys_fallocate, SyS_fallocate);
 279#endif
 280
 281/*
 282 * access() needs to use the real uid/gid, not the effective uid/gid.
 283 * We do this by temporarily clearing all FS-related capabilities and
 284 * switching the fsuid/fsgid around to the real ones.
 285 */
 286SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
 287{
 288        const struct cred *old_cred;
 289        struct cred *override_cred;
 290        struct path path;
 291        struct inode *inode;
 292        int res;
 293
 294        if (mode & ~S_IRWXO)    /* where's F_OK, X_OK, W_OK, R_OK? */
 295                return -EINVAL;
 296
 297        override_cred = prepare_creds();
 298        if (!override_cred)
 299                return -ENOMEM;
 300
 301        override_cred->fsuid = override_cred->uid;
 302        override_cred->fsgid = override_cred->gid;
 303
 304        if (!issecure(SECURE_NO_SETUID_FIXUP)) {
 305                /* Clear the capabilities if we switch to a non-root user */
 306                if (override_cred->uid)
 307                        cap_clear(override_cred->cap_effective);
 308                else
 309                        override_cred->cap_effective =
 310                                override_cred->cap_permitted;
 311        }
 312
 313        old_cred = override_creds(override_cred);
 314
 315        res = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
 316        if (res)
 317                goto out;
 318
 319        inode = path.dentry->d_inode;
 320
 321        if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) {
 322                /*
 323                 * MAY_EXEC on regular files is denied if the fs is mounted
 324                 * with the "noexec" flag.
 325                 */
 326                res = -EACCES;
 327                if (path.mnt->mnt_flags & MNT_NOEXEC)
 328                        goto out_path_release;
 329        }
 330
 331        res = inode_permission(inode, mode | MAY_ACCESS);
 332        /* SuS v2 requires we report a read only fs too */
 333        if (res || !(mode & S_IWOTH) || special_file(inode->i_mode))
 334                goto out_path_release;
 335        /*
 336         * This is a rare case where using __mnt_is_readonly()
 337         * is OK without a mnt_want/drop_write() pair.  Since
 338         * no actual write to the fs is performed here, we do
 339         * not need to telegraph to that to anyone.
 340         *
 341         * By doing this, we accept that this access is
 342         * inherently racy and know that the fs may change
 343         * state before we even see this result.
 344         */
 345        if (__mnt_is_readonly(path.mnt))
 346                res = -EROFS;
 347
 348out_path_release:
 349        path_put(&path);
 350out:
 351        revert_creds(old_cred);
 352        put_cred(override_cred);
 353        return res;
 354}
 355
 356SYSCALL_DEFINE2(access, const char __user *, filename, int, mode)
 357{
 358        return sys_faccessat(AT_FDCWD, filename, mode);
 359}
 360
 361SYSCALL_DEFINE1(chdir, const char __user *, filename)
 362{
 363        struct path path;
 364        int error;
 365
 366        error = user_path_dir(filename, &path);
 367        if (error)
 368                goto out;
 369
 370        error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
 371        if (error)
 372                goto dput_and_out;
 373
 374        set_fs_pwd(current->fs, &path);
 375
 376dput_and_out:
 377        path_put(&path);
 378out:
 379        return error;
 380}
 381
 382SYSCALL_DEFINE1(fchdir, unsigned int, fd)
 383{
 384        struct file *file;
 385        struct inode *inode;
 386        int error;
 387
 388        error = -EBADF;
 389        file = fget(fd);
 390        if (!file)
 391                goto out;
 392
 393        inode = file->f_path.dentry->d_inode;
 394
 395        error = -ENOTDIR;
 396        if (!S_ISDIR(inode->i_mode))
 397                goto out_putf;
 398
 399        error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
 400        if (!error)
 401                set_fs_pwd(current->fs, &file->f_path);
 402out_putf:
 403        fput(file);
 404out:
 405        return error;
 406}
 407
 408SYSCALL_DEFINE1(chroot, const char __user *, filename)
 409{
 410        struct path path;
 411        int error;
 412
 413        error = user_path_dir(filename, &path);
 414        if (error)
 415                goto out;
 416
 417        error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
 418        if (error)
 419                goto dput_and_out;
 420
 421        error = -EPERM;
 422        if (!capable(CAP_SYS_CHROOT))
 423                goto dput_and_out;
 424        error = security_path_chroot(&path);
 425        if (error)
 426                goto dput_and_out;
 427
 428        set_fs_root(current->fs, &path);
 429        error = 0;
 430dput_and_out:
 431        path_put(&path);
 432out:
 433        return error;
 434}
 435
 436SYSCALL_DEFINE2(fchmod, unsigned int, fd, mode_t, mode)
 437{
 438        struct inode * inode;
 439        struct dentry * dentry;
 440        struct file * file;
 441        int err = -EBADF;
 442        struct iattr newattrs;
 443
 444        file = fget(fd);
 445        if (!file)
 446                goto out;
 447
 448        dentry = file->f_path.dentry;
 449        inode = dentry->d_inode;
 450
 451        audit_inode(NULL, dentry);
 452
 453        err = mnt_want_write_file(file);
 454        if (err)
 455                goto out_putf;
 456        mutex_lock(&inode->i_mutex);
 457        err = security_path_chmod(dentry, file->f_vfsmnt, mode);
 458        if (err)
 459                goto out_unlock;
 460        if (mode == (mode_t) -1)
 461                mode = inode->i_mode;
 462        newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
 463        newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
 464        err = notify_change(dentry, &newattrs);
 465out_unlock:
 466        mutex_unlock(&inode->i_mutex);
 467        mnt_drop_write(file->f_path.mnt);
 468out_putf:
 469        fput(file);
 470out:
 471        return err;
 472}
 473
 474SYSCALL_DEFINE3(fchmodat, int, dfd, const char __user *, filename, mode_t, mode)
 475{
 476        struct path path;
 477        struct inode *inode;
 478        int error;
 479        struct iattr newattrs;
 480
 481        error = user_path_at(dfd, filename, LOOKUP_FOLLOW, &path);
 482        if (error)
 483                goto out;
 484        inode = path.dentry->d_inode;
 485
 486        error = mnt_want_write(path.mnt);
 487        if (error)
 488                goto dput_and_out;
 489        mutex_lock(&inode->i_mutex);
 490        error = security_path_chmod(path.dentry, path.mnt, mode);
 491        if (error)
 492                goto out_unlock;
 493        if (mode == (mode_t) -1)
 494                mode = inode->i_mode;
 495        newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
 496        newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
 497        error = notify_change(path.dentry, &newattrs);
 498out_unlock:
 499        mutex_unlock(&inode->i_mutex);
 500        mnt_drop_write(path.mnt);
 501dput_and_out:
 502        path_put(&path);
 503out:
 504        return error;
 505}
 506
 507SYSCALL_DEFINE2(chmod, const char __user *, filename, mode_t, mode)
 508{
 509        return sys_fchmodat(AT_FDCWD, filename, mode);
 510}
 511
 512static int chown_common(struct path *path, uid_t user, gid_t group)
 513{
 514        struct inode *inode = path->dentry->d_inode;
 515        int error;
 516        struct iattr newattrs;
 517
 518        newattrs.ia_valid =  ATTR_CTIME;
 519        if (user != (uid_t) -1) {
 520                newattrs.ia_valid |= ATTR_UID;
 521                newattrs.ia_uid = user;
 522        }
 523        if (group != (gid_t) -1) {
 524                newattrs.ia_valid |= ATTR_GID;
 525                newattrs.ia_gid = group;
 526        }
 527        if (!S_ISDIR(inode->i_mode))
 528                newattrs.ia_valid |=
 529                        ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV;
 530        mutex_lock(&inode->i_mutex);
 531        error = security_path_chown(path, user, group);
 532        if (!error)
 533                error = notify_change(path->dentry, &newattrs);
 534        mutex_unlock(&inode->i_mutex);
 535
 536        return error;
 537}
 538
 539SYSCALL_DEFINE3(chown, const char __user *, filename, uid_t, user, gid_t, group)
 540{
 541        struct path path;
 542        int error;
 543
 544        error = user_path(filename, &path);
 545        if (error)
 546                goto out;
 547        error = mnt_want_write(path.mnt);
 548        if (error)
 549                goto out_release;
 550        error = chown_common(&path, user, group);
 551        mnt_drop_write(path.mnt);
 552out_release:
 553        path_put(&path);
 554out:
 555        return error;
 556}
 557
 558SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user,
 559                gid_t, group, int, flag)
 560{
 561        struct path path;
 562        int error = -EINVAL;
 563        int follow;
 564
 565        if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0)
 566                goto out;
 567
 568        follow = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
 569        error = user_path_at(dfd, filename, follow, &path);
 570        if (error)
 571                goto out;
 572        error = mnt_want_write(path.mnt);
 573        if (error)
 574                goto out_release;
 575        error = chown_common(&path, user, group);
 576        mnt_drop_write(path.mnt);
 577out_release:
 578        path_put(&path);
 579out:
 580        return error;
 581}
 582
 583SYSCALL_DEFINE3(lchown, const char __user *, filename, uid_t, user, gid_t, group)
 584{
 585        struct path path;
 586        int error;
 587
 588        error = user_lpath(filename, &path);
 589        if (error)
 590                goto out;
 591        error = mnt_want_write(path.mnt);
 592        if (error)
 593                goto out_release;
 594        error = chown_common(&path, user, group);
 595        mnt_drop_write(path.mnt);
 596out_release:
 597        path_put(&path);
 598out:
 599        return error;
 600}
 601
 602SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group)
 603{
 604        struct file * file;
 605        int error = -EBADF;
 606        struct dentry * dentry;
 607
 608        file = fget(fd);
 609        if (!file)
 610                goto out;
 611
 612        error = mnt_want_write_file(file);
 613        if (error)
 614                goto out_fput;
 615        dentry = file->f_path.dentry;
 616        audit_inode(NULL, dentry);
 617        error = chown_common(&file->f_path, user, group);
 618        mnt_drop_write(file->f_path.mnt);
 619out_fput:
 620        fput(file);
 621out:
 622        return error;
 623}
 624
 625/*
 626 * You have to be very careful that these write
 627 * counts get cleaned up in error cases and
 628 * upon __fput().  This should probably never
 629 * be called outside of __dentry_open().
 630 */
 631static inline int __get_file_write_access(struct inode *inode,
 632                                          struct vfsmount *mnt)
 633{
 634        int error;
 635        error = get_write_access(inode);
 636        if (error)
 637                return error;
 638        /*
 639         * Do not take mount writer counts on
 640         * special files since no writes to
 641         * the mount itself will occur.
 642         */
 643        if (!special_file(inode->i_mode)) {
 644                /*
 645                 * Balanced in __fput()
 646                 */
 647                error = mnt_want_write(mnt);
 648                if (error)
 649                        put_write_access(inode);
 650        }
 651        return error;
 652}
 653
 654static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
 655                                        struct file *f,
 656                                        int (*open)(struct inode *, struct file *),
 657                                        const struct cred *cred)
 658{
 659        struct inode *inode;
 660        int error;
 661
 662        f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK |
 663                                FMODE_PREAD | FMODE_PWRITE;
 664        inode = dentry->d_inode;
 665        if (f->f_mode & FMODE_WRITE) {
 666                error = __get_file_write_access(inode, mnt);
 667                if (error)
 668                        goto cleanup_file;
 669                if (!special_file(inode->i_mode))
 670                        file_take_write(f);
 671        }
 672
 673        f->f_mapping = inode->i_mapping;
 674        f->f_path.dentry = dentry;
 675        f->f_path.mnt = mnt;
 676        f->f_pos = 0;
 677        f->f_op = fops_get(inode->i_fop);
 678        file_sb_list_add(f, inode->i_sb);
 679
 680        error = security_dentry_open(f, cred);
 681        if (error)
 682                goto cleanup_all;
 683
 684        if (!open && f->f_op)
 685                open = f->f_op->open;
 686        if (open) {
 687                error = open(inode, f);
 688                if (error)
 689                        goto cleanup_all;
 690        }
 691        ima_counts_get(f);
 692
 693        f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC);
 694
 695        file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping);
 696
 697        /* NB: we're sure to have correct a_ops only after f_op->open */
 698        if (f->f_flags & O_DIRECT) {
 699                if (!f->f_mapping->a_ops ||
 700                    ((!f->f_mapping->a_ops->direct_IO) &&
 701                    (!f->f_mapping->a_ops->get_xip_mem))) {
 702                        fput(f);
 703                        f = ERR_PTR(-EINVAL);
 704                }
 705        }
 706
 707        return f;
 708
 709cleanup_all:
 710        fops_put(f->f_op);
 711        if (f->f_mode & FMODE_WRITE) {
 712                put_write_access(inode);
 713                if (!special_file(inode->i_mode)) {
 714                        /*
 715                         * We don't consider this a real
 716                         * mnt_want/drop_write() pair
 717                         * because it all happenend right
 718                         * here, so just reset the state.
 719                         */
 720                        file_reset_write(f);
 721                        mnt_drop_write(mnt);
 722                }
 723        }
 724        file_sb_list_del(f);
 725        f->f_path.dentry = NULL;
 726        f->f_path.mnt = NULL;
 727cleanup_file:
 728        put_filp(f);
 729        dput(dentry);
 730        mntput(mnt);
 731        return ERR_PTR(error);
 732}
 733
 734/**
 735 * lookup_instantiate_filp - instantiates the open intent filp
 736 * @nd: pointer to nameidata
 737 * @dentry: pointer to dentry
 738 * @open: open callback
 739 *
 740 * Helper for filesystems that want to use lookup open intents and pass back
 741 * a fully instantiated struct file to the caller.
 742 * This function is meant to be called from within a filesystem's
 743 * lookup method.
 744 * Beware of calling it for non-regular files! Those ->open methods might block
 745 * (e.g. in fifo_open), leaving you with parent locked (and in case of fifo,
 746 * leading to a deadlock, as nobody can open that fifo anymore, because
 747 * another process to open fifo will block on locked parent when doing lookup).
 748 * Note that in case of error, nd->intent.open.file is destroyed, but the
 749 * path information remains valid.
 750 * If the open callback is set to NULL, then the standard f_op->open()
 751 * filesystem callback is substituted.
 752 */
 753struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry,
 754                int (*open)(struct inode *, struct file *))
 755{
 756        const struct cred *cred = current_cred();
 757
 758        if (IS_ERR(nd->intent.open.file))
 759                goto out;
 760        if (IS_ERR(dentry))
 761                goto out_err;
 762        nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt),
 763                                             nd->intent.open.file,
 764                                             open, cred);
 765out:
 766        return nd->intent.open.file;
 767out_err:
 768        release_open_intent(nd);
 769        nd->intent.open.file = (struct file *)dentry;
 770        goto out;
 771}
 772EXPORT_SYMBOL_GPL(lookup_instantiate_filp);
 773
 774/**
 775 * nameidata_to_filp - convert a nameidata to an open filp.
 776 * @nd: pointer to nameidata
 777 * @flags: open flags
 778 *
 779 * Note that this function destroys the original nameidata
 780 */
 781struct file *nameidata_to_filp(struct nameidata *nd)
 782{
 783        const struct cred *cred = current_cred();
 784        struct file *filp;
 785
 786        /* Pick up the filp from the open intent */
 787        filp = nd->intent.open.file;
 788        /* Has the filesystem initialised the file for us? */
 789        if (filp->f_path.dentry == NULL)
 790                filp = __dentry_open(nd->path.dentry, nd->path.mnt, filp,
 791                                     NULL, cred);
 792        else
 793                path_put(&nd->path);
 794        return filp;
 795}
 796
 797/*
 798 * dentry_open() will have done dput(dentry) and mntput(mnt) if it returns an
 799 * error.
 800 */
 801struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags,
 802                         const struct cred *cred)
 803{
 804        int error;
 805        struct file *f;
 806
 807        validate_creds(cred);
 808
 809        /*
 810         * We must always pass in a valid mount pointer.   Historically
 811         * callers got away with not passing it, but we must enforce this at
 812         * the earliest possible point now to avoid strange problems deep in the
 813         * filesystem stack.
 814         */
 815        if (!mnt) {
 816                printk(KERN_WARNING "%s called with NULL vfsmount\n", __func__);
 817                dump_stack();
 818                return ERR_PTR(-EINVAL);
 819        }
 820
 821        error = -ENFILE;
 822        f = get_empty_filp();
 823        if (f == NULL) {
 824                dput(dentry);
 825                mntput(mnt);
 826                return ERR_PTR(error);
 827        }
 828
 829        f->f_flags = flags;
 830        return __dentry_open(dentry, mnt, f, NULL, cred);
 831}
 832EXPORT_SYMBOL(dentry_open);
 833
 834static void __put_unused_fd(struct files_struct *files, unsigned int fd)
 835{
 836        struct fdtable *fdt = files_fdtable(files);
 837        __FD_CLR(fd, fdt->open_fds);
 838        if (fd < files->next_fd)
 839                files->next_fd = fd;
 840}
 841
 842void put_unused_fd(unsigned int fd)
 843{
 844        struct files_struct *files = current->files;
 845        spin_lock(&files->file_lock);
 846        __put_unused_fd(files, fd);
 847        spin_unlock(&files->file_lock);
 848}
 849
 850EXPORT_SYMBOL(put_unused_fd);
 851
 852/*
 853 * Install a file pointer in the fd array.
 854 *
 855 * The VFS is full of places where we drop the files lock between
 856 * setting the open_fds bitmap and installing the file in the file
 857 * array.  At any such point, we are vulnerable to a dup2() race
 858 * installing a file in the array before us.  We need to detect this and
 859 * fput() the struct file we are about to overwrite in this case.
 860 *
 861 * It should never happen - if we allow dup2() do it, _really_ bad things
 862 * will follow.
 863 */
 864
 865void fd_install(unsigned int fd, struct file *file)
 866{
 867        struct files_struct *files = current->files;
 868        struct fdtable *fdt;
 869        spin_lock(&files->file_lock);
 870        fdt = files_fdtable(files);
 871        BUG_ON(fdt->fd[fd] != NULL);
 872        rcu_assign_pointer(fdt->fd[fd], file);
 873        spin_unlock(&files->file_lock);
 874}
 875
 876EXPORT_SYMBOL(fd_install);
 877
 878long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
 879{
 880        char *tmp = getname(filename);
 881        int fd = PTR_ERR(tmp);
 882
 883        if (!IS_ERR(tmp)) {
 884                fd = get_unused_fd_flags(flags);
 885                if (fd >= 0) {
 886                        struct file *f = do_filp_open(dfd, tmp, flags, mode, 0);
 887                        if (IS_ERR(f)) {
 888                                put_unused_fd(fd);
 889                                fd = PTR_ERR(f);
 890                        } else {
 891                                fsnotify_open(f);
 892                                fd_install(fd, f);
 893                        }
 894                }
 895                putname(tmp);
 896        }
 897        return fd;
 898}
 899
 900SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, int, mode)
 901{
 902        long ret;
 903
 904        if (force_o_largefile())
 905                flags |= O_LARGEFILE;
 906
 907        ret = do_sys_open(AT_FDCWD, filename, flags, mode);
 908        /* avoid REGPARM breakage on x86: */
 909        asmlinkage_protect(3, ret, filename, flags, mode);
 910        return ret;
 911}
 912
 913SYSCALL_DEFINE4(openat, int, dfd, const char __user *, filename, int, flags,
 914                int, mode)
 915{
 916        long ret;
 917
 918        if (force_o_largefile())
 919                flags |= O_LARGEFILE;
 920
 921        ret = do_sys_open(dfd, filename, flags, mode);
 922        /* avoid REGPARM breakage on x86: */
 923        asmlinkage_protect(4, ret, dfd, filename, flags, mode);
 924        return ret;
 925}
 926
 927#ifndef __alpha__
 928
 929/*
 930 * For backward compatibility?  Maybe this should be moved
 931 * into arch/i386 instead?
 932 */
 933SYSCALL_DEFINE2(creat, const char __user *, pathname, int, mode)
 934{
 935        return sys_open(pathname, O_CREAT | O_WRONLY | O_TRUNC, mode);
 936}
 937
 938#endif
 939
 940/*
 941 * "id" is the POSIX thread ID. We use the
 942 * files pointer for this..
 943 */
 944int filp_close(struct file *filp, fl_owner_t id)
 945{
 946        int retval = 0;
 947
 948        if (!file_count(filp)) {
 949                printk(KERN_ERR "VFS: Close: file count is 0\n");
 950                return 0;
 951        }
 952
 953        if (filp->f_op && filp->f_op->flush)
 954                retval = filp->f_op->flush(filp, id);
 955
 956        dnotify_flush(filp, id);
 957        locks_remove_posix(filp, id);
 958        fput(filp);
 959        return retval;
 960}
 961
 962EXPORT_SYMBOL(filp_close);
 963
 964/*
 965 * Careful here! We test whether the file pointer is NULL before
 966 * releasing the fd. This ensures that one clone task can't release
 967 * an fd while another clone is opening it.
 968 */
 969SYSCALL_DEFINE1(close, unsigned int, fd)
 970{
 971        struct file * filp;
 972        struct files_struct *files = current->files;
 973        struct fdtable *fdt;
 974        int retval;
 975
 976        spin_lock(&files->file_lock);
 977        fdt = files_fdtable(files);
 978        if (fd >= fdt->max_fds)
 979                goto out_unlock;
 980        filp = fdt->fd[fd];
 981        if (!filp)
 982                goto out_unlock;
 983        rcu_assign_pointer(fdt->fd[fd], NULL);
 984        FD_CLR(fd, fdt->close_on_exec);
 985        __put_unused_fd(files, fd);
 986        spin_unlock(&files->file_lock);
 987        retval = filp_close(filp, files);
 988
 989        /* can't restart close syscall because file table entry was cleared */
 990        if (unlikely(retval == -ERESTARTSYS ||
 991                     retval == -ERESTARTNOINTR ||
 992                     retval == -ERESTARTNOHAND ||
 993                     retval == -ERESTART_RESTARTBLOCK))
 994                retval = -EINTR;
 995
 996        return retval;
 997
 998out_unlock:
 999        spin_unlock(&files->file_lock);
1000        return -EBADF;

1001}
1002EXPORT_SYMBOL(sys_close);
1003
1004/*
1005 * This routine simulates a hangup on the tty, to arrange that users
1006 * are given clean terminals at login time.
1007 */
1008SYSCALL_DEFINE0(vhangup)
1009{
1010        if (capable(CAP_SYS_TTY_CONFIG)) {
1011                tty_vhangup_self();
1012                return 0;
1013        }
1014        return -EPERM;
1015}
1016
1017/*
1018 * Called when an inode is about to be open.
1019 * We use this to disallow opening large files on 32bit systems if
1020 * the caller didn't specify O_LARGEFILE.  On 64bit systems we force
1021 * on this flag in sys_open.
1022 */
1023int generic_file_open(struct inode * inode, struct file * filp)
1024{
1025        if (!(filp->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS)
1026                return -EOVERFLOW;
1027        return 0;
1028}
1029
1030EXPORT_SYMBOL(generic_file_open);
1031
1032/*
1033 * This is used by subsystems that don't want seekable
1034 * file descriptors. The function is not supposed to ever fail, the only
1035 * reason it returns an 'int' and not 'void' is so that it can be plugged
1036 * directly into file_operations structure.
1037 */
1038int nonseekable_open(struct inode *inode, struct file *filp)
1039{
1040        filp->f_mode &= ~(FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE);
1041        return 0;
1042}
1043
1044EXPORT_SYMBOL(nonseekable_open);
1045