1 // SPDX-License-Identifier: GPL-2.0
5 * Copyright (C) 1991, 1992 Linus Torvalds
8 #include <linux/syscalls.h>
9 #include <linux/init.h>
11 #include <linux/sched/task.h>
13 #include <linux/file.h>
14 #include <linux/fdtable.h>
15 #include <linux/capability.h>
16 #include <linux/dnotify.h>
17 #include <linux/slab.h>
18 #include <linux/module.h>
19 #include <linux/pipe_fs_i.h>
20 #include <linux/security.h>
21 #include <linux/ptrace.h>
22 #include <linux/signal.h>
23 #include <linux/rcupdate.h>
24 #include <linux/pid_namespace.h>
25 #include <linux/user_namespace.h>
26 #include <linux/memfd.h>
27 #include <linux/compat.h>
29 #include <linux/poll.h>
30 #include <asm/siginfo.h>
31 #include <linux/uaccess.h>
33 #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
35 static int setfl(int fd, struct file * filp, unsigned long arg)
37 struct inode * inode = file_inode(filp);
41 * O_APPEND cannot be cleared if the file is marked as append-only
42 * and the file is open for write.
44 if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode))
47 /* O_NOATIME can only be set by the owner or superuser */
48 if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
49 if (!inode_owner_or_capable(inode))
52 /* required for strict SunOS emulation */
53 if (O_NONBLOCK != O_NDELAY)
57 /* Pipe packetized mode is controlled by O_DIRECT flag */
58 if (!S_ISFIFO(inode->i_mode) && (arg & O_DIRECT)) {
59 if (!filp->f_mapping || !filp->f_mapping->a_ops ||
60 !filp->f_mapping->a_ops->direct_IO)
64 if (filp->f_op->check_flags)
65 error = filp->f_op->check_flags(arg);
70 * ->fasync() is responsible for setting the FASYNC bit.
72 if (((arg ^ filp->f_flags) & FASYNC) && filp->f_op->fasync) {
73 error = filp->f_op->fasync(fd, filp, (arg & FASYNC) != 0);
79 spin_lock(&filp->f_lock);
80 filp->f_flags = (arg & SETFL_MASK) | (filp->f_flags & ~SETFL_MASK);
81 spin_unlock(&filp->f_lock);
87 static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
90 write_lock_irq(&filp->f_owner.lock);
91 if (force || !filp->f_owner.pid) {
92 put_pid(filp->f_owner.pid);
93 filp->f_owner.pid = get_pid(pid);
94 filp->f_owner.pid_type = type;
97 const struct cred *cred = current_cred();
98 filp->f_owner.uid = cred->uid;
99 filp->f_owner.euid = cred->euid;
102 write_unlock_irq(&filp->f_owner.lock);
105 void __f_setown(struct file *filp, struct pid *pid, enum pid_type type,
108 security_file_set_fowner(filp);
109 f_modown(filp, pid, type, force);
111 EXPORT_SYMBOL(__f_setown);
113 int f_setown(struct file *filp, unsigned long arg, int force)
116 struct pid *pid = NULL;
117 int who = arg, ret = 0;
121 /* avoid overflow below */
131 pid = find_vpid(who);
137 __f_setown(filp, pid, type, force);
142 EXPORT_SYMBOL(f_setown);
144 void f_delown(struct file *filp)
146 f_modown(filp, NULL, PIDTYPE_TGID, 1);
149 pid_t f_getown(struct file *filp)
152 read_lock(&filp->f_owner.lock);
154 if (pid_task(filp->f_owner.pid, filp->f_owner.pid_type)) {
155 pid = pid_vnr(filp->f_owner.pid);
156 if (filp->f_owner.pid_type == PIDTYPE_PGID)
160 read_unlock(&filp->f_owner.lock);
164 static int f_setown_ex(struct file *filp, unsigned long arg)
166 struct f_owner_ex __user *owner_p = (void __user *)arg;
167 struct f_owner_ex owner;
172 ret = copy_from_user(&owner, owner_p, sizeof(owner));
176 switch (owner.type) {
194 pid = find_vpid(owner.pid);
195 if (owner.pid && !pid)
198 __f_setown(filp, pid, type, 1);
204 static int f_getown_ex(struct file *filp, unsigned long arg)
206 struct f_owner_ex __user *owner_p = (void __user *)arg;
207 struct f_owner_ex owner = {};
210 read_lock(&filp->f_owner.lock);
212 if (pid_task(filp->f_owner.pid, filp->f_owner.pid_type))
213 owner.pid = pid_vnr(filp->f_owner.pid);
215 switch (filp->f_owner.pid_type) {
217 owner.type = F_OWNER_TID;
221 owner.type = F_OWNER_PID;
225 owner.type = F_OWNER_PGRP;
233 read_unlock(&filp->f_owner.lock);
236 ret = copy_to_user(owner_p, &owner, sizeof(owner));
243 #ifdef CONFIG_CHECKPOINT_RESTORE
244 static int f_getowner_uids(struct file *filp, unsigned long arg)
246 struct user_namespace *user_ns = current_user_ns();
247 uid_t __user *dst = (void __user *)arg;
251 read_lock(&filp->f_owner.lock);
252 src[0] = from_kuid(user_ns, filp->f_owner.uid);
253 src[1] = from_kuid(user_ns, filp->f_owner.euid);
254 read_unlock(&filp->f_owner.lock);
256 err = put_user(src[0], &dst[0]);
257 err |= put_user(src[1], &dst[1]);
262 static int f_getowner_uids(struct file *filp, unsigned long arg)
268 static bool rw_hint_valid(enum rw_hint hint)
271 case RWH_WRITE_LIFE_NOT_SET:
272 case RWH_WRITE_LIFE_NONE:
273 case RWH_WRITE_LIFE_SHORT:
274 case RWH_WRITE_LIFE_MEDIUM:
275 case RWH_WRITE_LIFE_LONG:
276 case RWH_WRITE_LIFE_EXTREME:
283 static long fcntl_rw_hint(struct file *file, unsigned int cmd,
286 struct inode *inode = file_inode(file);
287 u64 __user *argp = (u64 __user *)arg;
292 case F_GET_FILE_RW_HINT:
293 h = file_write_hint(file);
294 if (copy_to_user(argp, &h, sizeof(*argp)))
297 case F_SET_FILE_RW_HINT:
298 if (copy_from_user(&h, argp, sizeof(h)))
300 hint = (enum rw_hint) h;
301 if (!rw_hint_valid(hint))
304 spin_lock(&file->f_lock);
305 file->f_write_hint = hint;
306 spin_unlock(&file->f_lock);
309 h = inode->i_write_hint;
310 if (copy_to_user(argp, &h, sizeof(*argp)))
314 if (copy_from_user(&h, argp, sizeof(h)))
316 hint = (enum rw_hint) h;
317 if (!rw_hint_valid(hint))
321 inode->i_write_hint = hint;
329 static long do_fcntl(int fd, unsigned int cmd, unsigned long arg,
332 void __user *argp = (void __user *)arg;
338 err = f_dupfd(arg, filp, 0);
340 case F_DUPFD_CLOEXEC:
341 err = f_dupfd(arg, filp, O_CLOEXEC);
344 err = get_close_on_exec(fd) ? FD_CLOEXEC : 0;
348 set_close_on_exec(fd, arg & FD_CLOEXEC);
354 err = setfl(fd, filp, arg);
356 #if BITS_PER_LONG != 32
357 /* 32-bit arches must use fcntl64() */
361 if (copy_from_user(&flock, argp, sizeof(flock)))
363 err = fcntl_getlk(filp, cmd, &flock);
364 if (!err && copy_to_user(argp, &flock, sizeof(flock)))
367 #if BITS_PER_LONG != 32
368 /* 32-bit arches must use fcntl64() */
375 if (copy_from_user(&flock, argp, sizeof(flock)))
377 err = fcntl_setlk(fd, filp, cmd, &flock);
381 * XXX If f_owner is a process group, the
382 * negative return value will get converted
383 * into an error. Oops. If we keep the
384 * current syscall conventions, the only way
385 * to fix this will be in libc.
387 err = f_getown(filp);
388 force_successful_syscall_return();
391 err = f_setown(filp, arg, 1);
394 err = f_getown_ex(filp, arg);
397 err = f_setown_ex(filp, arg);
399 case F_GETOWNER_UIDS:
400 err = f_getowner_uids(filp, arg);
403 err = filp->f_owner.signum;
406 /* arg == 0 restores default behaviour. */
407 if (!valid_signal(arg)) {
411 filp->f_owner.signum = arg;
414 err = fcntl_getlease(filp);
417 err = fcntl_setlease(fd, filp, arg);
420 err = fcntl_dirnotify(fd, filp, arg);
424 err = pipe_fcntl(filp, cmd, arg);
428 err = memfd_fcntl(filp, cmd, arg);
432 case F_GET_FILE_RW_HINT:
433 case F_SET_FILE_RW_HINT:
434 err = fcntl_rw_hint(filp, cmd, arg);
442 static int check_fcntl_cmd(unsigned cmd)
446 case F_DUPFD_CLOEXEC:
455 SYSCALL_DEFINE3(fcntl, unsigned int, fd, unsigned int, cmd, unsigned long, arg)
457 struct fd f = fdget_raw(fd);
463 if (unlikely(f.file->f_mode & FMODE_PATH)) {
464 if (!check_fcntl_cmd(cmd))
468 err = security_file_fcntl(f.file, cmd, arg);
470 err = do_fcntl(fd, cmd, arg, f.file);
478 #if BITS_PER_LONG == 32
479 SYSCALL_DEFINE3(fcntl64, unsigned int, fd, unsigned int, cmd,
482 void __user *argp = (void __user *)arg;
483 struct fd f = fdget_raw(fd);
484 struct flock64 flock;
490 if (unlikely(f.file->f_mode & FMODE_PATH)) {
491 if (!check_fcntl_cmd(cmd))
495 err = security_file_fcntl(f.file, cmd, arg);
503 if (copy_from_user(&flock, argp, sizeof(flock)))
505 err = fcntl_getlk64(f.file, cmd, &flock);
506 if (!err && copy_to_user(argp, &flock, sizeof(flock)))
514 if (copy_from_user(&flock, argp, sizeof(flock)))
516 err = fcntl_setlk64(fd, f.file, cmd, &flock);
519 err = do_fcntl(fd, cmd, arg, f.file);
530 /* careful - don't use anywhere else */
531 #define copy_flock_fields(dst, src) \
532 (dst)->l_type = (src)->l_type; \
533 (dst)->l_whence = (src)->l_whence; \
534 (dst)->l_start = (src)->l_start; \
535 (dst)->l_len = (src)->l_len; \
536 (dst)->l_pid = (src)->l_pid;
538 static int get_compat_flock(struct flock *kfl, const struct compat_flock __user *ufl)
540 struct compat_flock fl;
542 if (copy_from_user(&fl, ufl, sizeof(struct compat_flock)))
544 copy_flock_fields(kfl, &fl);
548 static int get_compat_flock64(struct flock *kfl, const struct compat_flock64 __user *ufl)
550 struct compat_flock64 fl;
552 if (copy_from_user(&fl, ufl, sizeof(struct compat_flock64)))
554 copy_flock_fields(kfl, &fl);
558 static int put_compat_flock(const struct flock *kfl, struct compat_flock __user *ufl)
560 struct compat_flock fl;
562 memset(&fl, 0, sizeof(struct compat_flock));
563 copy_flock_fields(&fl, kfl);
564 if (copy_to_user(ufl, &fl, sizeof(struct compat_flock)))
569 static int put_compat_flock64(const struct flock *kfl, struct compat_flock64 __user *ufl)
571 struct compat_flock64 fl;
573 BUILD_BUG_ON(sizeof(kfl->l_start) > sizeof(ufl->l_start));
574 BUILD_BUG_ON(sizeof(kfl->l_len) > sizeof(ufl->l_len));
576 memset(&fl, 0, sizeof(struct compat_flock64));
577 copy_flock_fields(&fl, kfl);
578 if (copy_to_user(ufl, &fl, sizeof(struct compat_flock64)))
582 #undef copy_flock_fields
585 convert_fcntl_cmd(unsigned int cmd)
600 * GETLK was successful and we need to return the data, but it needs to fit in
601 * the compat structure.
602 * l_start shouldn't be too big, unless the original start + end is greater than
603 * COMPAT_OFF_T_MAX, in which case the app was asking for trouble, so we return
604 * -EOVERFLOW in that case. l_len could be too big, in which case we just
605 * truncate it, and only allow the app to see that part of the conflicting lock
606 * that might make sense to it anyway
608 static int fixup_compat_flock(struct flock *flock)
610 if (flock->l_start > COMPAT_OFF_T_MAX)
612 if (flock->l_len > COMPAT_OFF_T_MAX)
613 flock->l_len = COMPAT_OFF_T_MAX;
617 static long do_compat_fcntl64(unsigned int fd, unsigned int cmd,
620 struct fd f = fdget_raw(fd);
627 if (unlikely(f.file->f_mode & FMODE_PATH)) {
628 if (!check_fcntl_cmd(cmd))
632 err = security_file_fcntl(f.file, cmd, arg);
638 err = get_compat_flock(&flock, compat_ptr(arg));
641 err = fcntl_getlk(f.file, convert_fcntl_cmd(cmd), &flock);
644 err = fixup_compat_flock(&flock);
646 err = put_compat_flock(&flock, compat_ptr(arg));
650 err = get_compat_flock64(&flock, compat_ptr(arg));
653 err = fcntl_getlk(f.file, convert_fcntl_cmd(cmd), &flock);
655 err = put_compat_flock64(&flock, compat_ptr(arg));
659 err = get_compat_flock(&flock, compat_ptr(arg));
662 err = fcntl_setlk(fd, f.file, convert_fcntl_cmd(cmd), &flock);
668 err = get_compat_flock64(&flock, compat_ptr(arg));
671 err = fcntl_setlk(fd, f.file, convert_fcntl_cmd(cmd), &flock);
674 err = do_fcntl(fd, cmd, arg, f.file);
682 COMPAT_SYSCALL_DEFINE3(fcntl64, unsigned int, fd, unsigned int, cmd,
685 return do_compat_fcntl64(fd, cmd, arg);
688 COMPAT_SYSCALL_DEFINE3(fcntl, unsigned int, fd, unsigned int, cmd,
700 return do_compat_fcntl64(fd, cmd, arg);
704 /* Table to convert sigio signal codes into poll band bitmaps */
706 static const __poll_t band_table[NSIGPOLL] = {
707 EPOLLIN | EPOLLRDNORM, /* POLL_IN */
708 EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND, /* POLL_OUT */
709 EPOLLIN | EPOLLRDNORM | EPOLLMSG, /* POLL_MSG */
710 EPOLLERR, /* POLL_ERR */
711 EPOLLPRI | EPOLLRDBAND, /* POLL_PRI */
712 EPOLLHUP | EPOLLERR /* POLL_HUP */
715 static inline int sigio_perm(struct task_struct *p,
716 struct fown_struct *fown, int sig)
718 const struct cred *cred;
722 cred = __task_cred(p);
723 ret = ((uid_eq(fown->euid, GLOBAL_ROOT_UID) ||
724 uid_eq(fown->euid, cred->suid) || uid_eq(fown->euid, cred->uid) ||
725 uid_eq(fown->uid, cred->suid) || uid_eq(fown->uid, cred->uid)) &&
726 !security_file_send_sigiotask(p, fown, sig));
731 static void send_sigio_to_task(struct task_struct *p,
732 struct fown_struct *fown,
733 int fd, int reason, enum pid_type type)
736 * F_SETSIG can change ->signum lockless in parallel, make
737 * sure we read it once and use the same value throughout.
739 int signum = READ_ONCE(fown->signum);
741 if (!sigio_perm(p, fown, signum))
748 /* Queue a rt signal with the appropriate fd as its
749 value. We use SI_SIGIO as the source, not
750 SI_KERNEL, since kernel signals always get
751 delivered even if we can't queue. Failure to
752 queue in this case _should_ be reported; we fall
753 back to SIGIO in that case. --sct */
755 si.si_signo = signum;
759 * Posix definies POLL_IN and friends to be signal
760 * specific si_codes for SIG_POLL. Linux extended
761 * these si_codes to other signals in a way that is
762 * ambiguous if other signals also have signal
763 * specific si_codes. In that case use SI_SIGIO instead
764 * to remove the ambiguity.
766 if ((signum != SIGPOLL) && sig_specific_sicodes(signum))
767 si.si_code = SI_SIGIO;
769 /* Make sure we are called with one of the POLL_*
770 reasons, otherwise we could leak kernel stack into
772 BUG_ON((reason < POLL_IN) || ((reason - POLL_IN) >= NSIGPOLL));
773 if (reason - POLL_IN >= NSIGPOLL)
776 si.si_band = mangle_poll(band_table[reason - POLL_IN]);
778 if (!do_send_sig_info(signum, &si, p, type))
781 fallthrough; /* fall back on the old plain SIGIO signal */
783 do_send_sig_info(SIGIO, SEND_SIG_PRIV, p, type);
787 void send_sigio(struct fown_struct *fown, int fd, int band)
789 struct task_struct *p;
794 read_lock_irqsave(&fown->lock, flags);
796 type = fown->pid_type;
799 goto out_unlock_fown;
801 if (type <= PIDTYPE_TGID) {
803 p = pid_task(pid, PIDTYPE_PID);
805 send_sigio_to_task(p, fown, fd, band, type);
808 read_lock(&tasklist_lock);
809 do_each_pid_task(pid, type, p) {
810 send_sigio_to_task(p, fown, fd, band, type);
811 } while_each_pid_task(pid, type, p);
812 read_unlock(&tasklist_lock);
815 read_unlock_irqrestore(&fown->lock, flags);
818 static void send_sigurg_to_task(struct task_struct *p,
819 struct fown_struct *fown, enum pid_type type)
821 if (sigio_perm(p, fown, SIGURG))
822 do_send_sig_info(SIGURG, SEND_SIG_PRIV, p, type);
825 int send_sigurg(struct fown_struct *fown)
827 struct task_struct *p;
833 read_lock_irqsave(&fown->lock, flags);
835 type = fown->pid_type;
838 goto out_unlock_fown;
842 if (type <= PIDTYPE_TGID) {
844 p = pid_task(pid, PIDTYPE_PID);
846 send_sigurg_to_task(p, fown, type);
849 read_lock(&tasklist_lock);
850 do_each_pid_task(pid, type, p) {
851 send_sigurg_to_task(p, fown, type);
852 } while_each_pid_task(pid, type, p);
853 read_unlock(&tasklist_lock);
856 read_unlock_irqrestore(&fown->lock, flags);
860 static DEFINE_SPINLOCK(fasync_lock);
861 static struct kmem_cache *fasync_cache __read_mostly;
863 static void fasync_free_rcu(struct rcu_head *head)
865 kmem_cache_free(fasync_cache,
866 container_of(head, struct fasync_struct, fa_rcu));
870 * Remove a fasync entry. If successfully removed, return
871 * positive and clear the FASYNC flag. If no entry exists,
872 * do nothing and return 0.
874 * NOTE! It is very important that the FASYNC flag always
875 * match the state "is the filp on a fasync list".
878 int fasync_remove_entry(struct file *filp, struct fasync_struct **fapp)
880 struct fasync_struct *fa, **fp;
883 spin_lock(&filp->f_lock);
884 spin_lock(&fasync_lock);
885 for (fp = fapp; (fa = *fp) != NULL; fp = &fa->fa_next) {
886 if (fa->fa_file != filp)
889 write_lock_irq(&fa->fa_lock);
891 write_unlock_irq(&fa->fa_lock);
894 call_rcu(&fa->fa_rcu, fasync_free_rcu);
895 filp->f_flags &= ~FASYNC;
899 spin_unlock(&fasync_lock);
900 spin_unlock(&filp->f_lock);
904 struct fasync_struct *fasync_alloc(void)
906 return kmem_cache_alloc(fasync_cache, GFP_KERNEL);
910 * NOTE! This can be used only for unused fasync entries:
911 * entries that actually got inserted on the fasync list
912 * need to be released by rcu - see fasync_remove_entry.
914 void fasync_free(struct fasync_struct *new)
916 kmem_cache_free(fasync_cache, new);
920 * Insert a new entry into the fasync list. Return the pointer to the
921 * old one if we didn't use the new one.
923 * NOTE! It is very important that the FASYNC flag always
924 * match the state "is the filp on a fasync list".
926 struct fasync_struct *fasync_insert_entry(int fd, struct file *filp, struct fasync_struct **fapp, struct fasync_struct *new)
928 struct fasync_struct *fa, **fp;
930 spin_lock(&filp->f_lock);
931 spin_lock(&fasync_lock);
932 for (fp = fapp; (fa = *fp) != NULL; fp = &fa->fa_next) {
933 if (fa->fa_file != filp)
936 write_lock_irq(&fa->fa_lock);
938 write_unlock_irq(&fa->fa_lock);
942 rwlock_init(&new->fa_lock);
943 new->magic = FASYNC_MAGIC;
946 new->fa_next = *fapp;
947 rcu_assign_pointer(*fapp, new);
948 filp->f_flags |= FASYNC;
951 spin_unlock(&fasync_lock);
952 spin_unlock(&filp->f_lock);
957 * Add a fasync entry. Return negative on error, positive if
958 * added, and zero if did nothing but change an existing one.
960 static int fasync_add_entry(int fd, struct file *filp, struct fasync_struct **fapp)
962 struct fasync_struct *new;
964 new = fasync_alloc();
969 * fasync_insert_entry() returns the old (update) entry if
972 * So free the (unused) new entry and return 0 to let the
973 * caller know that we didn't add any new fasync entries.
975 if (fasync_insert_entry(fd, filp, fapp, new)) {
984 * fasync_helper() is used by almost all character device drivers
985 * to set up the fasync queue, and for regular files by the file
986 * lease code. It returns negative on error, 0 if it did no changes
987 * and positive if it added/deleted the entry.
989 int fasync_helper(int fd, struct file * filp, int on, struct fasync_struct **fapp)
992 return fasync_remove_entry(filp, fapp);
993 return fasync_add_entry(fd, filp, fapp);
996 EXPORT_SYMBOL(fasync_helper);
999 * rcu_read_lock() is held
1001 static void kill_fasync_rcu(struct fasync_struct *fa, int sig, int band)
1004 struct fown_struct *fown;
1006 if (fa->magic != FASYNC_MAGIC) {
1007 printk(KERN_ERR "kill_fasync: bad magic number in "
1008 "fasync_struct!\n");
1011 read_lock(&fa->fa_lock);
1013 fown = &fa->fa_file->f_owner;
1014 /* Don't send SIGURG to processes which have not set a
1015 queued signum: SIGURG has its own default signalling
1017 if (!(sig == SIGURG && fown->signum == 0))
1018 send_sigio(fown, fa->fa_fd, band);
1020 read_unlock(&fa->fa_lock);
1021 fa = rcu_dereference(fa->fa_next);
1025 void kill_fasync(struct fasync_struct **fp, int sig, int band)
1027 /* First a quick test without locking: usually
1028 * the list is empty.
1032 kill_fasync_rcu(rcu_dereference(*fp), sig, band);
1036 EXPORT_SYMBOL(kill_fasync);
1038 static int __init fcntl_init(void)
1041 * Please add new bits here to ensure allocation uniqueness.
1042 * Exceptions: O_NONBLOCK is a two bit define on parisc; O_NDELAY
1043 * is defined as O_NONBLOCK on some platforms and not on others.
1045 BUILD_BUG_ON(21 - 1 /* for O_RDONLY being 0 */ !=
1047 (VALID_OPEN_FLAGS & ~(O_NONBLOCK | O_NDELAY)) |
1048 __FMODE_EXEC | __FMODE_NONOTIFY));
1050 fasync_cache = kmem_cache_create("fasync_cache",
1051 sizeof(struct fasync_struct), 0, SLAB_PANIC, NULL);
1055 module_init(fcntl_init)
projects / linux-2.6-microblaze.git / blob