1 files changed, 126 insertions, 8 deletions
diff --git a/fs/open.c b/fs/open.c
index 5a2c6ebc22b5..3cac0bda46df 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -233,6 +233,14 @@ int do_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
        if (!(file->f_mode & FMODE_WRITE))
                return -EBADF;
+        /* It's not possible punch hole on append only file */
+        if (mode & FALLOC_FL_PUNCH_HOLE && IS_APPEND(inode))
+                return -EPERM;
+        if (IS_IMMUTABLE(inode))
+                return -EPERM;
        /*
         * Revalidate the write permissions, in case security policy has
         * changed since the files were opened.
@@ -565,13 +573,15 @@ SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user,
 {
        struct path path;
        int error = -EINVAL;
-        int follow;
+        int lookup_flags;
-        if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0)
+        if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
                goto out;
-        follow = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
+        lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
-        error = user_path_at(dfd, filename, follow, &path);
+        if (flag & AT_EMPTY_PATH)
+                lookup_flags |= LOOKUP_EMPTY;
+        error = user_path_at(dfd, filename, lookup_flags, &path);
        if (error)
                goto out;
        error = mnt_want_write(path.mnt);
@@ -661,11 +671,16 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
                                        int (*open)(struct inode *, struct file *),
                                        const struct cred *cred)
 {
+        static const struct file_operations empty_fops = {};
        struct inode *inode;
        int error;
        f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK |
                                FMODE_PREAD | FMODE_PWRITE;
+        if (unlikely(f->f_flags & O_PATH))
+                f->f_mode = FMODE_PATH;
        inode = dentry->d_inode;
        if (f->f_mode & FMODE_WRITE) {
                error = __get_file_write_access(inode, mnt);
@@ -679,9 +694,15 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
        f->f_path.dentry = dentry;
        f->f_path.mnt = mnt;
        f->f_pos = 0;
-        f->f_op = fops_get(inode->i_fop);
        file_sb_list_add(f, inode->i_sb);
+        if (unlikely(f->f_mode & FMODE_PATH)) {
+                f->f_op = &empty_fops;
+                return f;
+        }
+        f->f_op = fops_get(inode->i_fop);
        error = security_dentry_open(f, cred);
        if (error)
                goto cleanup_all;
@@ -882,15 +903,110 @@ void fd_install(unsigned int fd, struct file *file)
 EXPORT_SYMBOL(fd_install);
+static inline int build_open_flags(int flags, int mode, struct open_flags *op)
+{
+        int lookup_flags = 0;
+        int acc_mode;
+        if (!(flags & O_CREAT))
+                mode = 0;
+        op->mode = mode;
+        /* Must never be set by userspace */
+        flags &= ~FMODE_NONOTIFY;
+        /*
+         * O_SYNC is implemented as __O_SYNC|O_DSYNC.  As many places only
+         * check for O_DSYNC if the need any syncing at all we enforce it's
+         * always set instead of having to deal with possibly weird behaviour
+         * for malicious applications setting only __O_SYNC.
+         */
+        if (flags & __O_SYNC)
+                flags |= O_DSYNC;
+        /*
+         * If we have O_PATH in the open flag. Then we
+         * cannot have anything other than the below set of flags
+         */
+        if (flags & O_PATH) {
+                flags &= O_DIRECTORY | O_NOFOLLOW | O_PATH;
+                acc_mode = 0;
+        } else {
+                acc_mode = MAY_OPEN | ACC_MODE(flags);
+        }
+        op->open_flag = flags;
+        /* O_TRUNC implies we need access checks for write permissions */
+        if (flags & O_TRUNC)
+                acc_mode |= MAY_WRITE;
+        /* Allow the LSM permission hook to distinguish append
+           access from general write access. */
+        if (flags & O_APPEND)
+                acc_mode |= MAY_APPEND;
+        op->acc_mode = acc_mode;
+        op->intent = flags & O_PATH ? 0 : LOOKUP_OPEN;
+        if (flags & O_CREAT) {
+                op->intent |= LOOKUP_CREATE;
+                if (flags & O_EXCL)
+                        op->intent |= LOOKUP_EXCL;
+        }
+        if (flags & O_DIRECTORY)
+                lookup_flags |= LOOKUP_DIRECTORY;
+        if (!(flags & O_NOFOLLOW))
+                lookup_flags |= LOOKUP_FOLLOW;
+        return lookup_flags;
+}
+/**
+ * filp_open - open file and return file pointer
+ *
+ * @filename:   path to open
+ * @flags:      open flags as per the open(2) second argument
+ * @mode:       mode for the new file if O_CREAT is set, else ignored
+ *
+ * This is the helper to open a file from kernelspace if you really
+ * have to.  But in generally you should not do this, so please move
+ * along, nothing to see here..
+ */
+struct file *filp_open(const char *filename, int flags, int mode)
+{
+        struct open_flags op;
+        int lookup = build_open_flags(flags, mode, &op);
+        return do_filp_open(AT_FDCWD, filename, &op, lookup);
+}
+EXPORT_SYMBOL(filp_open);
+struct file *file_open_root(struct dentry *dentry, struct vfsmount *mnt,
+                            const char *filename, int flags)
+{
+        struct open_flags op;
+        int lookup = build_open_flags(flags, 0, &op);
+        if (flags & O_CREAT)
+                return ERR_PTR(-EINVAL);
+        if (!filename && (flags & O_DIRECTORY))
+                if (!dentry->d_inode->i_op->lookup)
+                        return ERR_PTR(-ENOTDIR);
+        return do_file_open_root(dentry, mnt, filename, &op, lookup);
+}
+EXPORT_SYMBOL(file_open_root);
 long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
 {
+        struct open_flags op;
+        int lookup = build_open_flags(flags, mode, &op);
        char *tmp = getname(filename);
        int fd = PTR_ERR(tmp);
        if (!IS_ERR(tmp)) {
                fd = get_unused_fd_flags(flags);
                if (fd >= 0) {
-                        struct file *f = do_filp_open(dfd, tmp, flags, mode, 0);
+                        struct file *f = do_filp_open(dfd, tmp, &op, lookup);
                        if (IS_ERR(f)) {
                                put_unused_fd(fd);
                                fd = PTR_ERR(f);
@@ -960,8 +1076,10 @@ int filp_close(struct file *filp, fl_owner_t id)
        if (filp->f_op && filp->f_op->flush)
                retval = filp->f_op->flush(filp, id);
-        dnotify_flush(filp, id);
+        if (likely(!(filp->f_mode & FMODE_PATH))) {
-        locks_remove_posix(filp, id);
+                dnotify_flush(filp, id);
+                locks_remove_posix(filp, id);
+        }
        fput(filp);
        return retval;
 }

diff --git a/fs/open.c b/fs/open.c index 5a2c6ebc22b5..3cac0bda46df 100644 --- a/fs/open.c +++ b/fs/open.c
@@ -233,6 +233,14 @@ int do_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
233		233
234	if (!(file->f_mode & FMODE_WRITE))	234	if (!(file->f_mode & FMODE_WRITE))
235	return -EBADF;	235	return -EBADF;
		236
		237	/* It's not possible punch hole on append only file */
		238	if (mode & FALLOC_FL_PUNCH_HOLE && IS_APPEND(inode))
		239	return -EPERM;
		240
		241	if (IS_IMMUTABLE(inode))
		242	return -EPERM;
		243
236	/*	244	/*
237	* Revalidate the write permissions, in case security policy has	245	* Revalidate the write permissions, in case security policy has
238	* changed since the files were opened.	246	* changed since the files were opened.
@@ -565,13 +573,15 @@ SYSCALL_DEFINE5(fchownat, int, dfd, const char __user *, filename, uid_t, user,
565	{	573	{
566	struct path path;	574	struct path path;
567	int error = -EINVAL;	575	int error = -EINVAL;
568	int follow;	576	int lookup_flags;
569		577
570	if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0)	578	if ((flag & ~(AT_SYMLINK_NOFOLLOW \| AT_EMPTY_PATH)) != 0)
571	goto out;	579	goto out;
572		580
573	follow = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;	581	lookup_flags = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW;
574	error = user_path_at(dfd, filename, follow, &path);	582	if (flag & AT_EMPTY_PATH)
		583	lookup_flags \|= LOOKUP_EMPTY;
		584	error = user_path_at(dfd, filename, lookup_flags, &path);
575	if (error)	585	if (error)
576	goto out;	586	goto out;
577	error = mnt_want_write(path.mnt);	587	error = mnt_want_write(path.mnt);
@@ -661,11 +671,16 @@ static struct file __dentry_open(struct dentry dentry, struct vfsmount *mnt,
661	int (open)(struct inode , struct file *),	671	int (open)(struct inode , struct file *),
662	const struct cred *cred)	672	const struct cred *cred)
663	{	673	{
		674	static const struct file_operations empty_fops = {};
664	struct inode *inode;	675	struct inode *inode;
665	int error;	676	int error;
666		677
667	f->f_mode = OPEN_FMODE(f->f_flags) \| FMODE_LSEEK \|	678	f->f_mode = OPEN_FMODE(f->f_flags) \| FMODE_LSEEK \|
668	FMODE_PREAD \| FMODE_PWRITE;	679	FMODE_PREAD \| FMODE_PWRITE;
		680
		681	if (unlikely(f->f_flags & O_PATH))
		682	f->f_mode = FMODE_PATH;
		683
669	inode = dentry->d_inode;	684	inode = dentry->d_inode;
670	if (f->f_mode & FMODE_WRITE) {	685	if (f->f_mode & FMODE_WRITE) {
671	error = __get_file_write_access(inode, mnt);	686	error = __get_file_write_access(inode, mnt);
@@ -679,9 +694,15 @@ static struct file __dentry_open(struct dentry dentry, struct vfsmount *mnt,
679	f->f_path.dentry = dentry;	694	f->f_path.dentry = dentry;
680	f->f_path.mnt = mnt;	695	f->f_path.mnt = mnt;
681	f->f_pos = 0;	696	f->f_pos = 0;
682	f->f_op = fops_get(inode->i_fop);
683	file_sb_list_add(f, inode->i_sb);	697	file_sb_list_add(f, inode->i_sb);
684		698
		699	if (unlikely(f->f_mode & FMODE_PATH)) {
		700	f->f_op = &empty_fops;
		701	return f;
		702	}
		703
		704	f->f_op = fops_get(inode->i_fop);
		705
685	error = security_dentry_open(f, cred);	706	error = security_dentry_open(f, cred);
686	if (error)	707	if (error)
687	goto cleanup_all;	708	goto cleanup_all;
@@ -882,15 +903,110 @@ void fd_install(unsigned int fd, struct file *file)
882		903
883	EXPORT_SYMBOL(fd_install);	904	EXPORT_SYMBOL(fd_install);
884		905
		906	static inline int build_open_flags(int flags, int mode, struct open_flags *op)
		907	{
		908	int lookup_flags = 0;
		909	int acc_mode;
		910
		911	if (!(flags & O_CREAT))
		912	mode = 0;
		913	op->mode = mode;
		914
		915	/* Must never be set by userspace */
		916	flags &= ~FMODE_NONOTIFY;
		917
		918	/*
		919	* O_SYNC is implemented as __O_SYNC\|O_DSYNC. As many places only
		920	* check for O_DSYNC if the need any syncing at all we enforce it's
		921	* always set instead of having to deal with possibly weird behaviour
		922	* for malicious applications setting only __O_SYNC.
		923	*/
		924	if (flags & __O_SYNC)
		925	flags \|= O_DSYNC;
		926
		927	/*
		928	* If we have O_PATH in the open flag. Then we
		929	* cannot have anything other than the below set of flags
		930	*/
		931	if (flags & O_PATH) {
		932	flags &= O_DIRECTORY \| O_NOFOLLOW \| O_PATH;
		933	acc_mode = 0;
		934	} else {
		935	acc_mode = MAY_OPEN \| ACC_MODE(flags);
		936	}
		937
		938	op->open_flag = flags;
		939
		940	/* O_TRUNC implies we need access checks for write permissions */
		941	if (flags & O_TRUNC)
		942	acc_mode \|= MAY_WRITE;
		943
		944	/* Allow the LSM permission hook to distinguish append
		945	access from general write access. */
		946	if (flags & O_APPEND)
		947	acc_mode \|= MAY_APPEND;
		948
		949	op->acc_mode = acc_mode;
		950
		951	op->intent = flags & O_PATH ? 0 : LOOKUP_OPEN;
		952
		953	if (flags & O_CREAT) {
		954	op->intent \|= LOOKUP_CREATE;
		955	if (flags & O_EXCL)
		956	op->intent \|= LOOKUP_EXCL;
		957	}
		958
		959	if (flags & O_DIRECTORY)
		960	lookup_flags \|= LOOKUP_DIRECTORY;
		961	if (!(flags & O_NOFOLLOW))
		962	lookup_flags \|= LOOKUP_FOLLOW;
		963	return lookup_flags;
		964	}
		965
		966	/**
		967	* filp_open - open file and return file pointer
		968	*
		969	* @filename: path to open
		970	* @flags: open flags as per the open(2) second argument
		971	* @mode: mode for the new file if O_CREAT is set, else ignored
		972	*
		973	* This is the helper to open a file from kernelspace if you really
		974	* have to. But in generally you should not do this, so please move
		975	* along, nothing to see here..
		976	*/
		977	struct file filp_open(const char filename, int flags, int mode)
		978	{
		979	struct open_flags op;
		980	int lookup = build_open_flags(flags, mode, &op);
		981	return do_filp_open(AT_FDCWD, filename, &op, lookup);
		982	}
		983	EXPORT_SYMBOL(filp_open);
		984
		985	struct file file_open_root(struct dentry dentry, struct vfsmount *mnt,
		986	const char *filename, int flags)
		987	{
		988	struct open_flags op;
		989	int lookup = build_open_flags(flags, 0, &op);
		990	if (flags & O_CREAT)
		991	return ERR_PTR(-EINVAL);
		992	if (!filename && (flags & O_DIRECTORY))
		993	if (!dentry->d_inode->i_op->lookup)
		994	return ERR_PTR(-ENOTDIR);
		995	return do_file_open_root(dentry, mnt, filename, &op, lookup);
		996	}
		997	EXPORT_SYMBOL(file_open_root);
		998
885	long do_sys_open(int dfd, const char __user *filename, int flags, int mode)	999	long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
886	{	1000	{
		1001	struct open_flags op;
		1002	int lookup = build_open_flags(flags, mode, &op);
887	char *tmp = getname(filename);	1003	char *tmp = getname(filename);
888	int fd = PTR_ERR(tmp);	1004	int fd = PTR_ERR(tmp);
889		1005
890	if (!IS_ERR(tmp)) {	1006	if (!IS_ERR(tmp)) {
891	fd = get_unused_fd_flags(flags);	1007	fd = get_unused_fd_flags(flags);
892	if (fd >= 0) {	1008	if (fd >= 0) {
893	struct file *f = do_filp_open(dfd, tmp, flags, mode, 0);	1009	struct file *f = do_filp_open(dfd, tmp, &op, lookup);
894	if (IS_ERR(f)) {	1010	if (IS_ERR(f)) {
895	put_unused_fd(fd);	1011	put_unused_fd(fd);
896	fd = PTR_ERR(f);	1012	fd = PTR_ERR(f);
@@ -960,8 +1076,10 @@ int filp_close(struct file *filp, fl_owner_t id)
960	if (filp->f_op && filp->f_op->flush)	1076	if (filp->f_op && filp->f_op->flush)
961	retval = filp->f_op->flush(filp, id);	1077	retval = filp->f_op->flush(filp, id);
962		1078
963	dnotify_flush(filp, id);	1079	if (likely(!(filp->f_mode & FMODE_PATH))) {
964	locks_remove_posix(filp, id);	1080	dnotify_flush(filp, id);
		1081	locks_remove_posix(filp, id);
		1082	}
965	fput(filp);	1083	fput(filp);
966	return retval;	1084	return retval;
967	}	1085	}