4 * Copyright (C) 1991, 1992 Linus Torvalds
7 #include <linux/syscalls.h>
8 #include <linux/init.h>
10 #include <linux/sched/task.h>
12 #include <linux/file.h>
13 #include <linux/fdtable.h>
14 #include <linux/capability.h>
15 #include <linux/dnotify.h>
16 #include <linux/slab.h>
17 #include <linux/module.h>
18 #include <linux/pipe_fs_i.h>
19 #include <linux/security.h>
20 #include <linux/ptrace.h>
21 #include <linux/signal.h>
22 #include <linux/rcupdate.h>
23 #include <linux/pid_namespace.h>
24 #include <linux/user_namespace.h>
25 #include <linux/shmem_fs.h>
26 #include <linux/compat.h>
29 #include <asm/siginfo.h>
30 #include <linux/uaccess.h>
32 #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
34 static int setfl(int fd, struct file * filp, unsigned long arg)
36 struct inode * inode = file_inode(filp);
40 * O_APPEND cannot be cleared if the file is marked as append-only
41 * and the file is open for write.
43 if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode))
46 /* O_NOATIME can only be set by the owner or superuser */
47 if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
48 if (!inode_owner_or_capable(inode))
51 /* required for strict SunOS emulation */
52 if (O_NONBLOCK != O_NDELAY)
56 /* Pipe packetized mode is controlled by O_DIRECT flag */
57 if (!S_ISFIFO(inode->i_mode) && (arg & O_DIRECT)) {
58 if (!filp->f_mapping || !filp->f_mapping->a_ops ||
59 !filp->f_mapping->a_ops->direct_IO)
63 if (filp->f_op->check_flags)
64 error = filp->f_op->check_flags(arg);
69 * ->fasync() is responsible for setting the FASYNC bit.
71 if (((arg ^ filp->f_flags) & FASYNC) && filp->f_op->fasync) {
72 error = filp->f_op->fasync(fd, filp, (arg & FASYNC) != 0);
78 spin_lock(&filp->f_lock);
79 filp->f_flags = (arg & SETFL_MASK) | (filp->f_flags & ~SETFL_MASK);
80 spin_unlock(&filp->f_lock);
86 static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
89 write_lock_irq(&filp->f_owner.lock);
90 if (force || !filp->f_owner.pid) {
91 put_pid(filp->f_owner.pid);
92 filp->f_owner.pid = get_pid(pid);
93 filp->f_owner.pid_type = type;
96 const struct cred *cred = current_cred();
97 filp->f_owner.uid = cred->uid;
98 filp->f_owner.euid = cred->euid;
101 write_unlock_irq(&filp->f_owner.lock);
104 void __f_setown(struct file *filp, struct pid *pid, enum pid_type type,
107 security_file_set_fowner(filp);
108 f_modown(filp, pid, type, force);
110 EXPORT_SYMBOL(__f_setown);
112 void f_setown(struct file *filp, unsigned long arg, int force)
123 pid = find_vpid(who);
124 __f_setown(filp, pid, type, force);
127 EXPORT_SYMBOL(f_setown);
129 void f_delown(struct file *filp)
131 f_modown(filp, NULL, PIDTYPE_PID, 1);
134 pid_t f_getown(struct file *filp)
137 read_lock(&filp->f_owner.lock);
138 pid = pid_vnr(filp->f_owner.pid);
139 if (filp->f_owner.pid_type == PIDTYPE_PGID)
141 read_unlock(&filp->f_owner.lock);
145 static int f_setown_ex(struct file *filp, unsigned long arg)
147 struct f_owner_ex __user *owner_p = (void __user *)arg;
148 struct f_owner_ex owner;
153 ret = copy_from_user(&owner, owner_p, sizeof(owner));
157 switch (owner.type) {
175 pid = find_vpid(owner.pid);
176 if (owner.pid && !pid)
179 __f_setown(filp, pid, type, 1);
185 static int f_getown_ex(struct file *filp, unsigned long arg)
187 struct f_owner_ex __user *owner_p = (void __user *)arg;
188 struct f_owner_ex owner;
191 read_lock(&filp->f_owner.lock);
192 owner.pid = pid_vnr(filp->f_owner.pid);
193 switch (filp->f_owner.pid_type) {
195 owner.type = F_OWNER_TID;
199 owner.type = F_OWNER_PID;
203 owner.type = F_OWNER_PGRP;
211 read_unlock(&filp->f_owner.lock);
214 ret = copy_to_user(owner_p, &owner, sizeof(owner));
221 #ifdef CONFIG_CHECKPOINT_RESTORE
222 static int f_getowner_uids(struct file *filp, unsigned long arg)
224 struct user_namespace *user_ns = current_user_ns();
225 uid_t __user *dst = (void __user *)arg;
229 read_lock(&filp->f_owner.lock);
230 src[0] = from_kuid(user_ns, filp->f_owner.uid);
231 src[1] = from_kuid(user_ns, filp->f_owner.euid);
232 read_unlock(&filp->f_owner.lock);
234 err = put_user(src[0], &dst[0]);
235 err |= put_user(src[1], &dst[1]);
240 static int f_getowner_uids(struct file *filp, unsigned long arg)
246 static bool rw_hint_valid(enum rw_hint hint)
249 case RWF_WRITE_LIFE_NOT_SET:
250 case RWH_WRITE_LIFE_NONE:
251 case RWH_WRITE_LIFE_SHORT:
252 case RWH_WRITE_LIFE_MEDIUM:
253 case RWH_WRITE_LIFE_LONG:
254 case RWH_WRITE_LIFE_EXTREME:
261 static long fcntl_rw_hint(struct file *file, unsigned int cmd,
264 struct inode *inode = file_inode(file);
265 u64 *argp = (u64 __user *)arg;
270 case F_GET_FILE_RW_HINT:
271 h = file_write_hint(file);
272 if (copy_to_user(argp, &h, sizeof(*argp)))
275 case F_SET_FILE_RW_HINT:
276 if (copy_from_user(&h, argp, sizeof(h)))
278 hint = (enum rw_hint) h;
279 if (!rw_hint_valid(hint))
282 spin_lock(&file->f_lock);
283 file->f_write_hint = hint;
284 spin_unlock(&file->f_lock);
287 h = inode->i_write_hint;
288 if (copy_to_user(argp, &h, sizeof(*argp)))
292 if (copy_from_user(&h, argp, sizeof(h)))
294 hint = (enum rw_hint) h;
295 if (!rw_hint_valid(hint))
299 inode->i_write_hint = hint;
307 static long do_fcntl(int fd, unsigned int cmd, unsigned long arg,
314 err = f_dupfd(arg, filp, 0);
316 case F_DUPFD_CLOEXEC:
317 err = f_dupfd(arg, filp, O_CLOEXEC);
320 err = get_close_on_exec(fd) ? FD_CLOEXEC : 0;
324 set_close_on_exec(fd, arg & FD_CLOEXEC);
330 err = setfl(fd, filp, arg);
332 #if BITS_PER_LONG != 32
333 /* 32-bit arches must use fcntl64() */
337 err = fcntl_getlk(filp, cmd, (struct flock __user *) arg);
339 #if BITS_PER_LONG != 32
340 /* 32-bit arches must use fcntl64() */
347 err = fcntl_setlk(fd, filp, cmd, (struct flock __user *) arg);
351 * XXX If f_owner is a process group, the
352 * negative return value will get converted
353 * into an error. Oops. If we keep the
354 * current syscall conventions, the only way
355 * to fix this will be in libc.
357 err = f_getown(filp);
358 force_successful_syscall_return();
361 f_setown(filp, arg, 1);
365 err = f_getown_ex(filp, arg);
368 err = f_setown_ex(filp, arg);
370 case F_GETOWNER_UIDS:
371 err = f_getowner_uids(filp, arg);
374 err = filp->f_owner.signum;
377 /* arg == 0 restores default behaviour. */
378 if (!valid_signal(arg)) {
382 filp->f_owner.signum = arg;
385 err = fcntl_getlease(filp);
388 err = fcntl_setlease(fd, filp, arg);
391 err = fcntl_dirnotify(fd, filp, arg);
395 err = pipe_fcntl(filp, cmd, arg);
399 err = shmem_fcntl(filp, cmd, arg);
403 case F_GET_FILE_RW_HINT:
404 case F_SET_FILE_RW_HINT:
405 err = fcntl_rw_hint(filp, cmd, arg);
413 static int check_fcntl_cmd(unsigned cmd)
417 case F_DUPFD_CLOEXEC:
426 SYSCALL_DEFINE3(fcntl, unsigned int, fd, unsigned int, cmd, unsigned long, arg)
428 struct fd f = fdget_raw(fd);
434 if (unlikely(f.file->f_mode & FMODE_PATH)) {
435 if (!check_fcntl_cmd(cmd))
439 err = security_file_fcntl(f.file, cmd, arg);
441 err = do_fcntl(fd, cmd, arg, f.file);
449 #if BITS_PER_LONG == 32
450 SYSCALL_DEFINE3(fcntl64, unsigned int, fd, unsigned int, cmd,
453 struct fd f = fdget_raw(fd);
459 if (unlikely(f.file->f_mode & FMODE_PATH)) {
460 if (!check_fcntl_cmd(cmd))
464 err = security_file_fcntl(f.file, cmd, arg);
471 err = fcntl_getlk64(f.file, cmd, (struct flock64 __user *) arg);
477 err = fcntl_setlk64(fd, f.file, cmd,
478 (struct flock64 __user *) arg);
481 err = do_fcntl(fd, cmd, arg, f.file);
492 static int get_compat_flock(struct flock *kfl, struct compat_flock __user *ufl)
494 if (!access_ok(VERIFY_READ, ufl, sizeof(*ufl)) ||
495 __get_user(kfl->l_type, &ufl->l_type) ||
496 __get_user(kfl->l_whence, &ufl->l_whence) ||
497 __get_user(kfl->l_start, &ufl->l_start) ||
498 __get_user(kfl->l_len, &ufl->l_len) ||
499 __get_user(kfl->l_pid, &ufl->l_pid))
504 static int put_compat_flock(struct flock *kfl, struct compat_flock __user *ufl)
506 if (!access_ok(VERIFY_WRITE, ufl, sizeof(*ufl)) ||
507 __put_user(kfl->l_type, &ufl->l_type) ||
508 __put_user(kfl->l_whence, &ufl->l_whence) ||
509 __put_user(kfl->l_start, &ufl->l_start) ||
510 __put_user(kfl->l_len, &ufl->l_len) ||
511 __put_user(kfl->l_pid, &ufl->l_pid))
516 #ifndef HAVE_ARCH_GET_COMPAT_FLOCK64
517 static int get_compat_flock64(struct flock *kfl, struct compat_flock64 __user *ufl)
519 if (!access_ok(VERIFY_READ, ufl, sizeof(*ufl)) ||
520 __get_user(kfl->l_type, &ufl->l_type) ||
521 __get_user(kfl->l_whence, &ufl->l_whence) ||
522 __get_user(kfl->l_start, &ufl->l_start) ||
523 __get_user(kfl->l_len, &ufl->l_len) ||
524 __get_user(kfl->l_pid, &ufl->l_pid))
530 #ifndef HAVE_ARCH_PUT_COMPAT_FLOCK64
531 static int put_compat_flock64(struct flock *kfl, struct compat_flock64 __user *ufl)
533 if (!access_ok(VERIFY_WRITE, ufl, sizeof(*ufl)) ||
534 __put_user(kfl->l_type, &ufl->l_type) ||
535 __put_user(kfl->l_whence, &ufl->l_whence) ||
536 __put_user(kfl->l_start, &ufl->l_start) ||
537 __put_user(kfl->l_len, &ufl->l_len) ||
538 __put_user(kfl->l_pid, &ufl->l_pid))
545 convert_fcntl_cmd(unsigned int cmd)
559 COMPAT_SYSCALL_DEFINE3(fcntl64, unsigned int, fd, unsigned int, cmd,
565 unsigned int conv_cmd;
571 ret = get_compat_flock(&f, compat_ptr(arg));
576 ret = sys_fcntl(fd, cmd, (unsigned long)&f);
578 if (cmd == F_GETLK && ret == 0) {
579 /* GETLK was successful and we need to return the data...
580 * but it needs to fit in the compat structure.
581 * l_start shouldn't be too big, unless the original
582 * start + end is greater than COMPAT_OFF_T_MAX, in which
583 * case the app was asking for trouble, so we return
584 * -EOVERFLOW in that case.
585 * l_len could be too big, in which case we just truncate it,
586 * and only allow the app to see that part of the conflicting
587 * lock that might make sense to it anyway
590 if (f.l_start > COMPAT_OFF_T_MAX)
592 if (f.l_len > COMPAT_OFF_T_MAX)
593 f.l_len = COMPAT_OFF_T_MAX;
595 ret = put_compat_flock(&f, compat_ptr(arg));
605 ret = get_compat_flock64(&f, compat_ptr(arg));
610 conv_cmd = convert_fcntl_cmd(cmd);
611 ret = sys_fcntl(fd, conv_cmd, (unsigned long)&f);
613 if ((conv_cmd == F_GETLK || conv_cmd == F_OFD_GETLK) && ret == 0) {
614 /* need to return lock information - see above for commentary */
615 if (f.l_start > COMPAT_LOFF_T_MAX)
617 if (f.l_len > COMPAT_LOFF_T_MAX)
618 f.l_len = COMPAT_LOFF_T_MAX;
620 ret = put_compat_flock64(&f, compat_ptr(arg));
625 ret = sys_fcntl(fd, cmd, arg);
631 COMPAT_SYSCALL_DEFINE3(fcntl, unsigned int, fd, unsigned int, cmd,
643 return compat_sys_fcntl64(fd, cmd, arg);
647 /* Table to convert sigio signal codes into poll band bitmaps */
649 static const long band_table[NSIGPOLL] = {
650 POLLIN | POLLRDNORM, /* POLL_IN */
651 POLLOUT | POLLWRNORM | POLLWRBAND, /* POLL_OUT */
652 POLLIN | POLLRDNORM | POLLMSG, /* POLL_MSG */
653 POLLERR, /* POLL_ERR */
654 POLLPRI | POLLRDBAND, /* POLL_PRI */
655 POLLHUP | POLLERR /* POLL_HUP */
658 static inline int sigio_perm(struct task_struct *p,
659 struct fown_struct *fown, int sig)
661 const struct cred *cred;
665 cred = __task_cred(p);
666 ret = ((uid_eq(fown->euid, GLOBAL_ROOT_UID) ||
667 uid_eq(fown->euid, cred->suid) || uid_eq(fown->euid, cred->uid) ||
668 uid_eq(fown->uid, cred->suid) || uid_eq(fown->uid, cred->uid)) &&
669 !security_file_send_sigiotask(p, fown, sig));
674 static void send_sigio_to_task(struct task_struct *p,
675 struct fown_struct *fown,
676 int fd, int reason, int group)
679 * F_SETSIG can change ->signum lockless in parallel, make
680 * sure we read it once and use the same value throughout.
682 int signum = ACCESS_ONCE(fown->signum);
684 if (!sigio_perm(p, fown, signum))
690 /* Queue a rt signal with the appropriate fd as its
691 value. We use SI_SIGIO as the source, not
692 SI_KERNEL, since kernel signals always get
693 delivered even if we can't queue. Failure to
694 queue in this case _should_ be reported; we fall
695 back to SIGIO in that case. --sct */
696 si.si_signo = signum;
699 /* Make sure we are called with one of the POLL_*
700 reasons, otherwise we could leak kernel stack into
702 BUG_ON((reason & __SI_MASK) != __SI_POLL);
703 if (reason - POLL_IN >= NSIGPOLL)
706 si.si_band = band_table[reason - POLL_IN];
708 if (!do_send_sig_info(signum, &si, p, group))
710 /* fall-through: fall back on the old plain SIGIO signal */
712 do_send_sig_info(SIGIO, SEND_SIG_PRIV, p, group);
716 void send_sigio(struct fown_struct *fown, int fd, int band)
718 struct task_struct *p;
723 read_lock(&fown->lock);
725 type = fown->pid_type;
726 if (type == PIDTYPE_MAX) {
733 goto out_unlock_fown;
735 read_lock(&tasklist_lock);
736 do_each_pid_task(pid, type, p) {
737 send_sigio_to_task(p, fown, fd, band, group);
738 } while_each_pid_task(pid, type, p);
739 read_unlock(&tasklist_lock);
741 read_unlock(&fown->lock);
744 static void send_sigurg_to_task(struct task_struct *p,
745 struct fown_struct *fown, int group)
747 if (sigio_perm(p, fown, SIGURG))
748 do_send_sig_info(SIGURG, SEND_SIG_PRIV, p, group);
751 int send_sigurg(struct fown_struct *fown)
753 struct task_struct *p;
759 read_lock(&fown->lock);
761 type = fown->pid_type;
762 if (type == PIDTYPE_MAX) {
769 goto out_unlock_fown;
773 read_lock(&tasklist_lock);
774 do_each_pid_task(pid, type, p) {
775 send_sigurg_to_task(p, fown, group);
776 } while_each_pid_task(pid, type, p);
777 read_unlock(&tasklist_lock);
779 read_unlock(&fown->lock);
783 static DEFINE_SPINLOCK(fasync_lock);
784 static struct kmem_cache *fasync_cache __read_mostly;
786 static void fasync_free_rcu(struct rcu_head *head)
788 kmem_cache_free(fasync_cache,
789 container_of(head, struct fasync_struct, fa_rcu));
793 * Remove a fasync entry. If successfully removed, return
794 * positive and clear the FASYNC flag. If no entry exists,
795 * do nothing and return 0.
797 * NOTE! It is very important that the FASYNC flag always
798 * match the state "is the filp on a fasync list".
801 int fasync_remove_entry(struct file *filp, struct fasync_struct **fapp)
803 struct fasync_struct *fa, **fp;
806 spin_lock(&filp->f_lock);
807 spin_lock(&fasync_lock);
808 for (fp = fapp; (fa = *fp) != NULL; fp = &fa->fa_next) {
809 if (fa->fa_file != filp)
812 spin_lock_irq(&fa->fa_lock);
814 spin_unlock_irq(&fa->fa_lock);
817 call_rcu(&fa->fa_rcu, fasync_free_rcu);
818 filp->f_flags &= ~FASYNC;
822 spin_unlock(&fasync_lock);
823 spin_unlock(&filp->f_lock);
827 struct fasync_struct *fasync_alloc(void)
829 return kmem_cache_alloc(fasync_cache, GFP_KERNEL);
833 * NOTE! This can be used only for unused fasync entries:
834 * entries that actually got inserted on the fasync list
835 * need to be released by rcu - see fasync_remove_entry.
837 void fasync_free(struct fasync_struct *new)
839 kmem_cache_free(fasync_cache, new);
843 * Insert a new entry into the fasync list. Return the pointer to the
844 * old one if we didn't use the new one.
846 * NOTE! It is very important that the FASYNC flag always
847 * match the state "is the filp on a fasync list".
849 struct fasync_struct *fasync_insert_entry(int fd, struct file *filp, struct fasync_struct **fapp, struct fasync_struct *new)
851 struct fasync_struct *fa, **fp;
853 spin_lock(&filp->f_lock);
854 spin_lock(&fasync_lock);
855 for (fp = fapp; (fa = *fp) != NULL; fp = &fa->fa_next) {
856 if (fa->fa_file != filp)
859 spin_lock_irq(&fa->fa_lock);
861 spin_unlock_irq(&fa->fa_lock);
865 spin_lock_init(&new->fa_lock);
866 new->magic = FASYNC_MAGIC;
869 new->fa_next = *fapp;
870 rcu_assign_pointer(*fapp, new);
871 filp->f_flags |= FASYNC;
874 spin_unlock(&fasync_lock);
875 spin_unlock(&filp->f_lock);
880 * Add a fasync entry. Return negative on error, positive if
881 * added, and zero if did nothing but change an existing one.
883 static int fasync_add_entry(int fd, struct file *filp, struct fasync_struct **fapp)
885 struct fasync_struct *new;
887 new = fasync_alloc();
892 * fasync_insert_entry() returns the old (update) entry if
895 * So free the (unused) new entry and return 0 to let the
896 * caller know that we didn't add any new fasync entries.
898 if (fasync_insert_entry(fd, filp, fapp, new)) {
907 * fasync_helper() is used by almost all character device drivers
908 * to set up the fasync queue, and for regular files by the file
909 * lease code. It returns negative on error, 0 if it did no changes
910 * and positive if it added/deleted the entry.
912 int fasync_helper(int fd, struct file * filp, int on, struct fasync_struct **fapp)
915 return fasync_remove_entry(filp, fapp);
916 return fasync_add_entry(fd, filp, fapp);
919 EXPORT_SYMBOL(fasync_helper);
922 * rcu_read_lock() is held
924 static void kill_fasync_rcu(struct fasync_struct *fa, int sig, int band)
927 struct fown_struct *fown;
930 if (fa->magic != FASYNC_MAGIC) {
931 printk(KERN_ERR "kill_fasync: bad magic number in "
935 spin_lock_irqsave(&fa->fa_lock, flags);
937 fown = &fa->fa_file->f_owner;
938 /* Don't send SIGURG to processes which have not set a
939 queued signum: SIGURG has its own default signalling
941 if (!(sig == SIGURG && fown->signum == 0))
942 send_sigio(fown, fa->fa_fd, band);
944 spin_unlock_irqrestore(&fa->fa_lock, flags);
945 fa = rcu_dereference(fa->fa_next);
949 void kill_fasync(struct fasync_struct **fp, int sig, int band)
951 /* First a quick test without locking: usually
956 kill_fasync_rcu(rcu_dereference(*fp), sig, band);
960 EXPORT_SYMBOL(kill_fasync);
962 static int __init fcntl_init(void)
965 * Please add new bits here to ensure allocation uniqueness.
966 * Exceptions: O_NONBLOCK is a two bit define on parisc; O_NDELAY
967 * is defined as O_NONBLOCK on some platforms and not on others.
969 BUILD_BUG_ON(21 - 1 /* for O_RDONLY being 0 */ !=
971 (VALID_OPEN_FLAGS & ~(O_NONBLOCK | O_NDELAY)) |
972 __FMODE_EXEC | __FMODE_NONOTIFY));
974 fasync_cache = kmem_cache_create("fasync_cache",
975 sizeof(struct fasync_struct), 0, SLAB_PANIC, NULL);
979 module_init(fcntl_init)