open: don't silently ignore unknown O-flags in openat2()

[linux-2.6-microblaze.git] / fs / open.c

diff --git a/fs/open.c b/fs/open.c
index e53af13..53bc057 100644 (file)
--- a/fs/open.c
+++ b/fs/open.c
@@ -1002,12 +1002,20 @@ inline struct open_how build_open_how(int flags, umode_t mode)
 
 inline int build_open_flags(const struct open_how *how, struct open_flags *op)
 {
-       int flags = how->flags;
+       u64 flags = how->flags;
+       u64 strip = FMODE_NONOTIFY | O_CLOEXEC;
        int lookup_flags = 0;
        int acc_mode = ACC_MODE(flags);
 
-       /* Must never be set by userspace */
-       flags &= ~(FMODE_NONOTIFY | O_CLOEXEC);
+       BUILD_BUG_ON_MSG(upper_32_bits(VALID_OPEN_FLAGS),
+                        "struct open_flags doesn't yet handle flags > 32 bits");
+
+       /*
+        * Strip flags that either shouldn't be set by userspace like
+        * FMODE_NONOTIFY or that aren't relevant in determining struct
+        * open_flags like O_CLOEXEC.
+        */
+       flags &= ~strip;
 
        /*
         * Older syscalls implicitly clear all of the invalid flags or argument