LCOV - code coverage report
Current view: top level - fs - fcntl.c (source / functions) Hit Total Coverage
Test: fstests of 6.5.0-rc3-achx @ Mon Jul 31 20:08:12 PDT 2023 Lines: 201 454 44.3 %
Date: 2023-07-31 20:08:12 Functions: 18 38 47.4 %

          Line data    Source code
       1             : // SPDX-License-Identifier: GPL-2.0
       2             : /*
       3             :  *  linux/fs/fcntl.c
       4             :  *
       5             :  *  Copyright (C) 1991, 1992  Linus Torvalds
       6             :  */
       7             : 
       8             : #include <linux/syscalls.h>
       9             : #include <linux/init.h>
      10             : #include <linux/mm.h>
      11             : #include <linux/sched/task.h>
      12             : #include <linux/fs.h>
      13             : #include <linux/filelock.h>
      14             : #include <linux/file.h>
      15             : #include <linux/fdtable.h>
      16             : #include <linux/capability.h>
      17             : #include <linux/dnotify.h>
      18             : #include <linux/slab.h>
      19             : #include <linux/module.h>
      20             : #include <linux/pipe_fs_i.h>
      21             : #include <linux/security.h>
      22             : #include <linux/ptrace.h>
      23             : #include <linux/signal.h>
      24             : #include <linux/rcupdate.h>
      25             : #include <linux/pid_namespace.h>
      26             : #include <linux/user_namespace.h>
      27             : #include <linux/memfd.h>
      28             : #include <linux/compat.h>
      29             : #include <linux/mount.h>
      30             : 
      31             : #include <linux/poll.h>
      32             : #include <asm/siginfo.h>
      33             : #include <linux/uaccess.h>
      34             : 
      35             : #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
      36             : 
      37   738707266 : static int setfl(int fd, struct file * filp, unsigned long arg)
      38             : {
      39   738707266 :         struct inode * inode = file_inode(filp);
      40   738707266 :         int error = 0;
      41             : 
      42             :         /*
      43             :          * O_APPEND cannot be cleared if the file is marked as append-only
      44             :          * and the file is open for write.
      45             :          */
      46   738707266 :         if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode))
      47             :                 return -EPERM;
      48             : 
      49             :         /* O_NOATIME can only be set by the owner or superuser */
      50   738707266 :         if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
      51           0 :                 if (!inode_owner_or_capable(file_mnt_idmap(filp), inode))
      52             :                         return -EPERM;
      53             : 
      54             :         /* required for strict SunOS emulation */
      55   738707266 :         if (O_NONBLOCK != O_NDELAY)
      56             :                if (arg & O_NDELAY)
      57             :                    arg |= O_NONBLOCK;
      58             : 
      59             :         /* Pipe packetized mode is controlled by O_DIRECT flag */
      60   738707266 :         if (!S_ISFIFO(inode->i_mode) &&
      61   738696018 :             (arg & O_DIRECT) &&
      62   369103587 :             !(filp->f_mode & FMODE_CAN_ODIRECT))
      63             :                 return -EINVAL;
      64             : 
      65   738707266 :         if (filp->f_op->check_flags)
      66          14 :                 error = filp->f_op->check_flags(arg);
      67           4 :         if (error)
      68             :                 return error;
      69             : 
      70             :         /*
      71             :          * ->fasync() is responsible for setting the FASYNC bit.
      72             :          */
      73   738707247 :         if (((arg ^ filp->f_flags) & FASYNC) && filp->f_op->fasync) {
      74           0 :                 error = filp->f_op->fasync(fd, filp, (arg & FASYNC) != 0);
      75           0 :                 if (error < 0)
      76           0 :                         goto out;
      77             :                 if (error > 0)
      78             :                         error = 0;
      79             :         }
      80   738707247 :         spin_lock(&filp->f_lock);
      81   738707297 :         filp->f_flags = (arg & SETFL_MASK) | (filp->f_flags & ~SETFL_MASK);
      82   738707297 :         filp->f_iocb_flags = iocb_flags(filp);
      83   738707297 :         spin_unlock(&filp->f_lock);
      84             : 
      85             :  out:
      86             :         return error;
      87             : }
      88             : 
      89         208 : static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
      90             :                      int force)
      91             : {
      92         208 :         write_lock_irq(&filp->f_owner.lock);
      93         208 :         if (force || !filp->f_owner.pid) {
      94         208 :                 put_pid(filp->f_owner.pid);
      95         208 :                 filp->f_owner.pid = get_pid(pid);
      96         208 :                 filp->f_owner.pid_type = type;
      97             : 
      98         208 :                 if (pid) {
      99         104 :                         const struct cred *cred = current_cred();
     100         104 :                         filp->f_owner.uid = cred->uid;
     101         104 :                         filp->f_owner.euid = cred->euid;
     102             :                 }
     103             :         }
     104         208 :         write_unlock_irq(&filp->f_owner.lock);
     105         208 : }
     106             : 
     107         104 : void __f_setown(struct file *filp, struct pid *pid, enum pid_type type,
     108             :                 int force)
     109             : {
     110         104 :         security_file_set_fowner(filp);
     111         104 :         f_modown(filp, pid, type, force);
     112           0 : }
     113             : EXPORT_SYMBOL(__f_setown);
     114             : 
     115           0 : int f_setown(struct file *filp, unsigned long arg, int force)
     116             : {
     117           0 :         enum pid_type type;
     118           0 :         struct pid *pid = NULL;
     119           0 :         int who = arg, ret = 0;
     120             : 
     121           0 :         type = PIDTYPE_TGID;
     122           0 :         if (who < 0) {
     123             :                 /* avoid overflow below */
     124           0 :                 if (who == INT_MIN)
     125             :                         return -EINVAL;
     126             : 
     127           0 :                 type = PIDTYPE_PGID;
     128           0 :                 who = -who;
     129             :         }
     130             : 
     131           0 :         rcu_read_lock();
     132           0 :         if (who) {
     133           0 :                 pid = find_vpid(who);
     134           0 :                 if (!pid)
     135             :                         ret = -ESRCH;
     136             :         }
     137             : 
     138             :         if (!ret)
     139           0 :                 __f_setown(filp, pid, type, force);
     140           0 :         rcu_read_unlock();
     141             : 
     142           0 :         return ret;
     143             : }
     144             : EXPORT_SYMBOL(f_setown);
     145             : 
     146         104 : void f_delown(struct file *filp)
     147             : {
     148         104 :         f_modown(filp, NULL, PIDTYPE_TGID, 1);
     149         104 : }
     150             : 
     151           0 : pid_t f_getown(struct file *filp)
     152             : {
     153           0 :         pid_t pid = 0;
     154             : 
     155           0 :         read_lock_irq(&filp->f_owner.lock);
     156           0 :         rcu_read_lock();
     157           0 :         if (pid_task(filp->f_owner.pid, filp->f_owner.pid_type)) {
     158           0 :                 pid = pid_vnr(filp->f_owner.pid);
     159           0 :                 if (filp->f_owner.pid_type == PIDTYPE_PGID)
     160           0 :                         pid = -pid;
     161             :         }
     162           0 :         rcu_read_unlock();
     163           0 :         read_unlock_irq(&filp->f_owner.lock);
     164           0 :         return pid;
     165             : }
     166             : 
     167           0 : static int f_setown_ex(struct file *filp, unsigned long arg)
     168             : {
     169           0 :         struct f_owner_ex __user *owner_p = (void __user *)arg;
     170           0 :         struct f_owner_ex owner;
     171           0 :         struct pid *pid;
     172           0 :         int type;
     173           0 :         int ret;
     174             : 
     175           0 :         ret = copy_from_user(&owner, owner_p, sizeof(owner));
     176           0 :         if (ret)
     177             :                 return -EFAULT;
     178             : 
     179           0 :         switch (owner.type) {
     180             :         case F_OWNER_TID:
     181             :                 type = PIDTYPE_PID;
     182             :                 break;
     183             : 
     184             :         case F_OWNER_PID:
     185             :                 type = PIDTYPE_TGID;
     186             :                 break;
     187             : 
     188             :         case F_OWNER_PGRP:
     189             :                 type = PIDTYPE_PGID;
     190             :                 break;
     191             : 
     192             :         default:
     193             :                 return -EINVAL;
     194             :         }
     195             : 
     196           0 :         rcu_read_lock();
     197           0 :         pid = find_vpid(owner.pid);
     198           0 :         if (owner.pid && !pid)
     199             :                 ret = -ESRCH;
     200             :         else
     201           0 :                  __f_setown(filp, pid, type, 1);
     202           0 :         rcu_read_unlock();
     203             : 
     204           0 :         return ret;
     205             : }
     206             : 
     207           0 : static int f_getown_ex(struct file *filp, unsigned long arg)
     208             : {
     209           0 :         struct f_owner_ex __user *owner_p = (void __user *)arg;
     210           0 :         struct f_owner_ex owner = {};
     211           0 :         int ret = 0;
     212             : 
     213           0 :         read_lock_irq(&filp->f_owner.lock);
     214           0 :         rcu_read_lock();
     215           0 :         if (pid_task(filp->f_owner.pid, filp->f_owner.pid_type))
     216           0 :                 owner.pid = pid_vnr(filp->f_owner.pid);
     217           0 :         rcu_read_unlock();
     218           0 :         switch (filp->f_owner.pid_type) {
     219           0 :         case PIDTYPE_PID:
     220           0 :                 owner.type = F_OWNER_TID;
     221           0 :                 break;
     222             : 
     223           0 :         case PIDTYPE_TGID:
     224           0 :                 owner.type = F_OWNER_PID;
     225           0 :                 break;
     226             : 
     227           0 :         case PIDTYPE_PGID:
     228           0 :                 owner.type = F_OWNER_PGRP;
     229           0 :                 break;
     230             : 
     231             :         default:
     232           0 :                 WARN_ON(1);
     233           0 :                 ret = -EINVAL;
     234           0 :                 break;
     235             :         }
     236           0 :         read_unlock_irq(&filp->f_owner.lock);
     237             : 
     238           0 :         if (!ret) {
     239           0 :                 ret = copy_to_user(owner_p, &owner, sizeof(owner));
     240           0 :                 if (ret)
     241           0 :                         ret = -EFAULT;
     242             :         }
     243           0 :         return ret;
     244             : }
     245             : 
     246             : #ifdef CONFIG_CHECKPOINT_RESTORE
     247             : static int f_getowner_uids(struct file *filp, unsigned long arg)
     248             : {
     249             :         struct user_namespace *user_ns = current_user_ns();
     250             :         uid_t __user *dst = (void __user *)arg;
     251             :         uid_t src[2];
     252             :         int err;
     253             : 
     254             :         read_lock_irq(&filp->f_owner.lock);
     255             :         src[0] = from_kuid(user_ns, filp->f_owner.uid);
     256             :         src[1] = from_kuid(user_ns, filp->f_owner.euid);
     257             :         read_unlock_irq(&filp->f_owner.lock);
     258             : 
     259             :         err  = put_user(src[0], &dst[0]);
     260             :         err |= put_user(src[1], &dst[1]);
     261             : 
     262             :         return err;
     263             : }
     264             : #else
     265             : static int f_getowner_uids(struct file *filp, unsigned long arg)
     266             : {
     267             :         return -EINVAL;
     268             : }
     269             : #endif
     270             : 
     271             : static bool rw_hint_valid(enum rw_hint hint)
     272             : {
     273           0 :         switch (hint) {
     274             :         case RWH_WRITE_LIFE_NOT_SET:
     275             :         case RWH_WRITE_LIFE_NONE:
     276             :         case RWH_WRITE_LIFE_SHORT:
     277             :         case RWH_WRITE_LIFE_MEDIUM:
     278             :         case RWH_WRITE_LIFE_LONG:
     279             :         case RWH_WRITE_LIFE_EXTREME:
     280             :                 return true;
     281             :         default:
     282             :                 return false;
     283             :         }
     284             : }
     285             : 
     286           0 : static long fcntl_rw_hint(struct file *file, unsigned int cmd,
     287             :                           unsigned long arg)
     288             : {
     289           0 :         struct inode *inode = file_inode(file);
     290           0 :         u64 __user *argp = (u64 __user *)arg;
     291           0 :         enum rw_hint hint;
     292           0 :         u64 h;
     293             : 
     294           0 :         switch (cmd) {
     295           0 :         case F_GET_RW_HINT:
     296           0 :                 h = inode->i_write_hint;
     297           0 :                 if (copy_to_user(argp, &h, sizeof(*argp)))
     298           0 :                         return -EFAULT;
     299             :                 return 0;
     300             :         case F_SET_RW_HINT:
     301           0 :                 if (copy_from_user(&h, argp, sizeof(h)))
     302             :                         return -EFAULT;
     303           0 :                 hint = (enum rw_hint) h;
     304           0 :                 if (!rw_hint_valid(hint))
     305             :                         return -EINVAL;
     306             : 
     307           0 :                 inode_lock(inode);
     308           0 :                 inode->i_write_hint = hint;
     309           0 :                 inode_unlock(inode);
     310           0 :                 return 0;
     311             :         default:
     312             :                 return -EINVAL;
     313             :         }
     314             : }
     315             : 
     316   880121893 : static long do_fcntl(int fd, unsigned int cmd, unsigned long arg,
     317             :                 struct file *filp)
     318             : {
     319   880121893 :         void __user *argp = (void __user *)arg;
     320   880121893 :         struct flock flock;
     321   880121893 :         long err = -EINVAL;
     322             : 
     323   880121893 :         switch (cmd) {
     324    14859917 :         case F_DUPFD:
     325    14859917 :                 err = f_dupfd(arg, filp, 0);
     326    14895208 :                 break;
     327     2359360 :         case F_DUPFD_CLOEXEC:
     328     2359360 :                 err = f_dupfd(arg, filp, O_CLOEXEC);
     329     2359512 :                 break;
     330    50575870 :         case F_GETFD:
     331    50575870 :                 err = get_close_on_exec(fd) ? FD_CLOEXEC : 0;
     332    50673974 :                 break;
     333    40609226 :         case F_SETFD:
     334    40609226 :                 err = 0;
     335    40609226 :                 set_close_on_exec(fd, arg & FD_CLOEXEC);
     336    40609226 :                 break;
     337    32538032 :         case F_GETFL:
     338    32538032 :                 err = filp->f_flags;
     339    32538032 :                 break;
     340   738707282 :         case F_SETFL:
     341   738707282 :                 err = setfl(fd, filp, arg);
     342   738707291 :                 break;
     343             : #if BITS_PER_LONG != 32
     344             :         /* 32-bit arches must use fcntl64() */
     345             :         case F_OFD_GETLK:
     346             : #endif
     347             :         case F_GETLK:
     348        1203 :                 if (copy_from_user(&flock, argp, sizeof(flock)))
     349             :                         return -EFAULT;
     350        1203 :                 err = fcntl_getlk(filp, cmd, &flock);
     351        2406 :                 if (!err && copy_to_user(argp, &flock, sizeof(flock)))
     352           0 :                         return -EFAULT;
     353             :                 break;
     354             : #if BITS_PER_LONG != 32
     355             :         /* 32-bit arches must use fcntl64() */
     356             :         case F_OFD_SETLK:
     357             :         case F_OFD_SETLKW:
     358      435962 :                 fallthrough;
     359             : #endif
     360             :         case F_SETLK:
     361             :         case F_SETLKW:
     362      435962 :                 if (copy_from_user(&flock, argp, sizeof(flock)))
     363             :                         return -EFAULT;
     364      435958 :                 err = fcntl_setlk(fd, filp, cmd, &flock);
     365      435963 :                 break;
     366           0 :         case F_GETOWN:
     367             :                 /*
     368             :                  * XXX If f_owner is a process group, the
     369             :                  * negative return value will get converted
     370             :                  * into an error.  Oops.  If we keep the
     371             :                  * current syscall conventions, the only way
     372             :                  * to fix this will be in libc.
     373             :                  */
     374           0 :                 err = f_getown(filp);
     375           0 :                 force_successful_syscall_return();
     376           0 :                 break;
     377           0 :         case F_SETOWN:
     378           0 :                 err = f_setown(filp, arg, 1);
     379           0 :                 break;
     380           0 :         case F_GETOWN_EX:
     381           0 :                 err = f_getown_ex(filp, arg);
     382           0 :                 break;
     383           0 :         case F_SETOWN_EX:
     384           0 :                 err = f_setown_ex(filp, arg);
     385           0 :                 break;
     386             :         case F_GETOWNER_UIDS:
     387             :                 err = f_getowner_uids(filp, arg);
     388             :                 break;
     389           0 :         case F_GETSIG:
     390           0 :                 err = filp->f_owner.signum;
     391           0 :                 break;
     392             :         case F_SETSIG:
     393             :                 /* arg == 0 restores default behaviour. */
     394          78 :                 if (!valid_signal(arg)) {
     395             :                         break;
     396             :                 }
     397          78 :                 err = 0;
     398          78 :                 filp->f_owner.signum = arg;
     399          78 :                 break;
     400         130 :         case F_GETLEASE:
     401         130 :                 err = fcntl_getlease(filp);
     402         130 :                 break;
     403         234 :         case F_SETLEASE:
     404         234 :                 err = fcntl_setlease(fd, filp, arg);
     405         234 :                 break;
     406           0 :         case F_NOTIFY:
     407           0 :                 err = fcntl_dirnotify(fd, filp, arg);
     408           0 :                 break;
     409       34599 :         case F_SETPIPE_SZ:
     410             :         case F_GETPIPE_SZ:
     411       34599 :                 err = pipe_fcntl(filp, cmd, arg);
     412       34599 :                 break;
     413           0 :         case F_ADD_SEALS:
     414             :         case F_GET_SEALS:
     415           0 :                 err = memfd_fcntl(filp, cmd, arg);
     416           0 :                 break;
     417           0 :         case F_GET_RW_HINT:
     418             :         case F_SET_RW_HINT:
     419           0 :                 err = fcntl_rw_hint(filp, cmd, arg);
     420           0 :                 break;
     421             :         default:
     422             :                 break;
     423             :         }
     424             :         return err;
     425             : }
     426             : 
     427             : static int check_fcntl_cmd(unsigned cmd)
     428             : {
     429         748 :         switch (cmd) {
     430             :         case F_DUPFD:
     431             :         case F_DUPFD_CLOEXEC:
     432             :         case F_GETFD:
     433             :         case F_SETFD:
     434             :         case F_GETFL:
     435             :                 return 1;
     436             :         }
     437           0 :         return 0;
     438             : }
     439             : 
     440  1760951856 : SYSCALL_DEFINE3(fcntl, unsigned int, fd, unsigned int, cmd, unsigned long, arg)
     441             : {       
     442   880352767 :         struct fd f = fdget_raw(fd);
     443   881133243 :         long err = -EBADF;
     444             : 
     445   881133243 :         if (!f.file)
     446      778542 :                 goto out;
     447             : 
     448   880354701 :         if (unlikely(f.file->f_mode & FMODE_PATH)) {
     449         748 :                 if (!check_fcntl_cmd(cmd))
     450           0 :                         goto out1;
     451             :         }
     452             : 
     453   880354701 :         err = security_file_fcntl(f.file, cmd, arg);
     454   880354701 :         if (!err)
     455   880354701 :                 err = do_fcntl(fd, cmd, arg, f.file);
     456             : 
     457   880167769 : out1:
     458   880167769 :         fdput(f);
     459   881116357 : out:
     460   881116357 :         return err;
     461             : }
     462             : 
     463             : #if BITS_PER_LONG == 32
     464             : SYSCALL_DEFINE3(fcntl64, unsigned int, fd, unsigned int, cmd,
     465             :                 unsigned long, arg)
     466             : {       
     467             :         void __user *argp = (void __user *)arg;
     468             :         struct fd f = fdget_raw(fd);
     469             :         struct flock64 flock;
     470             :         long err = -EBADF;
     471             : 
     472             :         if (!f.file)
     473             :                 goto out;
     474             : 
     475             :         if (unlikely(f.file->f_mode & FMODE_PATH)) {
     476             :                 if (!check_fcntl_cmd(cmd))
     477             :                         goto out1;
     478             :         }
     479             : 
     480             :         err = security_file_fcntl(f.file, cmd, arg);
     481             :         if (err)
     482             :                 goto out1;
     483             :         
     484             :         switch (cmd) {
     485             :         case F_GETLK64:
     486             :         case F_OFD_GETLK:
     487             :                 err = -EFAULT;
     488             :                 if (copy_from_user(&flock, argp, sizeof(flock)))
     489             :                         break;
     490             :                 err = fcntl_getlk64(f.file, cmd, &flock);
     491             :                 if (!err && copy_to_user(argp, &flock, sizeof(flock)))
     492             :                         err = -EFAULT;
     493             :                 break;
     494             :         case F_SETLK64:
     495             :         case F_SETLKW64:
     496             :         case F_OFD_SETLK:
     497             :         case F_OFD_SETLKW:
     498             :                 err = -EFAULT;
     499             :                 if (copy_from_user(&flock, argp, sizeof(flock)))
     500             :                         break;
     501             :                 err = fcntl_setlk64(fd, f.file, cmd, &flock);
     502             :                 break;
     503             :         default:
     504             :                 err = do_fcntl(fd, cmd, arg, f.file);
     505             :                 break;
     506             :         }
     507             : out1:
     508             :         fdput(f);
     509             : out:
     510             :         return err;
     511             : }
     512             : #endif
     513             : 
     514             : #ifdef CONFIG_COMPAT
     515             : /* careful - don't use anywhere else */
     516             : #define copy_flock_fields(dst, src)             \
     517             :         (dst)->l_type = (src)->l_type;            \
     518             :         (dst)->l_whence = (src)->l_whence;        \
     519             :         (dst)->l_start = (src)->l_start;  \
     520             :         (dst)->l_len = (src)->l_len;              \
     521             :         (dst)->l_pid = (src)->l_pid;
     522             : 
     523           0 : static int get_compat_flock(struct flock *kfl, const struct compat_flock __user *ufl)
     524             : {
     525           0 :         struct compat_flock fl;
     526             : 
     527           0 :         if (copy_from_user(&fl, ufl, sizeof(struct compat_flock)))
     528             :                 return -EFAULT;
     529           0 :         copy_flock_fields(kfl, &fl);
     530           0 :         return 0;
     531             : }
     532             : 
     533           0 : static int get_compat_flock64(struct flock *kfl, const struct compat_flock64 __user *ufl)
     534             : {
     535           0 :         struct compat_flock64 fl;
     536             : 
     537           0 :         if (copy_from_user(&fl, ufl, sizeof(struct compat_flock64)))
     538             :                 return -EFAULT;
     539           0 :         copy_flock_fields(kfl, &fl);
     540           0 :         return 0;
     541             : }
     542             : 
     543           0 : static int put_compat_flock(const struct flock *kfl, struct compat_flock __user *ufl)
     544             : {
     545           0 :         struct compat_flock fl;
     546             : 
     547           0 :         memset(&fl, 0, sizeof(struct compat_flock));
     548           0 :         copy_flock_fields(&fl, kfl);
     549           0 :         if (copy_to_user(ufl, &fl, sizeof(struct compat_flock)))
     550           0 :                 return -EFAULT;
     551             :         return 0;
     552             : }
     553             : 
     554           0 : static int put_compat_flock64(const struct flock *kfl, struct compat_flock64 __user *ufl)
     555             : {
     556           0 :         struct compat_flock64 fl;
     557             : 
     558           0 :         BUILD_BUG_ON(sizeof(kfl->l_start) > sizeof(ufl->l_start));
     559           0 :         BUILD_BUG_ON(sizeof(kfl->l_len) > sizeof(ufl->l_len));
     560             : 
     561           0 :         memset(&fl, 0, sizeof(struct compat_flock64));
     562           0 :         copy_flock_fields(&fl, kfl);
     563           0 :         if (copy_to_user(ufl, &fl, sizeof(struct compat_flock64)))
     564           0 :                 return -EFAULT;
     565             :         return 0;
     566             : }
     567             : #undef copy_flock_fields
     568             : 
     569             : static unsigned int
     570             : convert_fcntl_cmd(unsigned int cmd)
     571             : {
     572           0 :         switch (cmd) {
     573             :         case F_GETLK64:
     574             :                 return F_GETLK;
     575             :         case F_SETLK64:
     576             :                 return F_SETLK;
     577             :         case F_SETLKW64:
     578             :                 return F_SETLKW;
     579             :         }
     580             : 
     581             :         return cmd;
     582             : }
     583             : 
     584             : /*
     585             :  * GETLK was successful and we need to return the data, but it needs to fit in
     586             :  * the compat structure.
     587             :  * l_start shouldn't be too big, unless the original start + end is greater than
     588             :  * COMPAT_OFF_T_MAX, in which case the app was asking for trouble, so we return
     589             :  * -EOVERFLOW in that case.  l_len could be too big, in which case we just
     590             :  * truncate it, and only allow the app to see that part of the conflicting lock
     591             :  * that might make sense to it anyway
     592             :  */
     593             : static int fixup_compat_flock(struct flock *flock)
     594             : {
     595           0 :         if (flock->l_start > COMPAT_OFF_T_MAX)
     596             :                 return -EOVERFLOW;
     597           0 :         if (flock->l_len > COMPAT_OFF_T_MAX)
     598           0 :                 flock->l_len = COMPAT_OFF_T_MAX;
     599             :         return 0;
     600             : }
     601             : 
     602           0 : static long do_compat_fcntl64(unsigned int fd, unsigned int cmd,
     603             :                              compat_ulong_t arg)
     604             : {
     605           0 :         struct fd f = fdget_raw(fd);
     606           0 :         struct flock flock;
     607           0 :         long err = -EBADF;
     608             : 
     609           0 :         if (!f.file)
     610             :                 return err;
     611             : 
     612           0 :         if (unlikely(f.file->f_mode & FMODE_PATH)) {
     613           0 :                 if (!check_fcntl_cmd(cmd))
     614           0 :                         goto out_put;
     615             :         }
     616             : 
     617           0 :         err = security_file_fcntl(f.file, cmd, arg);
     618           0 :         if (err)
     619             :                 goto out_put;
     620             : 
     621           0 :         switch (cmd) {
     622             :         case F_GETLK:
     623           0 :                 err = get_compat_flock(&flock, compat_ptr(arg));
     624           0 :                 if (err)
     625             :                         break;
     626           0 :                 err = fcntl_getlk(f.file, convert_fcntl_cmd(cmd), &flock);
     627           0 :                 if (err)
     628             :                         break;
     629           0 :                 err = fixup_compat_flock(&flock);
     630           0 :                 if (!err)
     631           0 :                         err = put_compat_flock(&flock, compat_ptr(arg));
     632             :                 break;
     633             :         case F_GETLK64:
     634             :         case F_OFD_GETLK:
     635           0 :                 err = get_compat_flock64(&flock, compat_ptr(arg));
     636           0 :                 if (err)
     637             :                         break;
     638           0 :                 err = fcntl_getlk(f.file, convert_fcntl_cmd(cmd), &flock);
     639           0 :                 if (!err)
     640           0 :                         err = put_compat_flock64(&flock, compat_ptr(arg));
     641             :                 break;
     642             :         case F_SETLK:
     643             :         case F_SETLKW:
     644           0 :                 err = get_compat_flock(&flock, compat_ptr(arg));
     645           0 :                 if (err)
     646             :                         break;
     647           0 :                 err = fcntl_setlk(fd, f.file, convert_fcntl_cmd(cmd), &flock);
     648           0 :                 break;
     649             :         case F_SETLK64:
     650             :         case F_SETLKW64:
     651             :         case F_OFD_SETLK:
     652             :         case F_OFD_SETLKW:
     653           0 :                 err = get_compat_flock64(&flock, compat_ptr(arg));
     654           0 :                 if (err)
     655             :                         break;
     656           0 :                 err = fcntl_setlk(fd, f.file, convert_fcntl_cmd(cmd), &flock);
     657           0 :                 break;
     658           0 :         default:
     659           0 :                 err = do_fcntl(fd, cmd, arg, f.file);
     660           0 :                 break;
     661             :         }
     662           0 : out_put:
     663           0 :         fdput(f);
     664           0 :         return err;
     665             : }
     666             : 
     667           0 : COMPAT_SYSCALL_DEFINE3(fcntl64, unsigned int, fd, unsigned int, cmd,
     668             :                        compat_ulong_t, arg)
     669             : {
     670           0 :         return do_compat_fcntl64(fd, cmd, arg);
     671             : }
     672             : 
     673           0 : COMPAT_SYSCALL_DEFINE3(fcntl, unsigned int, fd, unsigned int, cmd,
     674             :                        compat_ulong_t, arg)
     675             : {
     676           0 :         switch (cmd) {
     677             :         case F_GETLK64:
     678             :         case F_SETLK64:
     679             :         case F_SETLKW64:
     680             :         case F_OFD_GETLK:
     681             :         case F_OFD_SETLK:
     682             :         case F_OFD_SETLKW:
     683             :                 return -EINVAL;
     684             :         }
     685           0 :         return do_compat_fcntl64(fd, cmd, arg);
     686             : }
     687             : #endif
     688             : 
     689             : /* Table to convert sigio signal codes into poll band bitmaps */
     690             : 
     691             : static const __poll_t band_table[NSIGPOLL] = {
     692             :         EPOLLIN | EPOLLRDNORM,                  /* POLL_IN */
     693             :         EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND,   /* POLL_OUT */
     694             :         EPOLLIN | EPOLLRDNORM | EPOLLMSG,               /* POLL_MSG */
     695             :         EPOLLERR,                               /* POLL_ERR */
     696             :         EPOLLPRI | EPOLLRDBAND,                 /* POLL_PRI */
     697             :         EPOLLHUP | EPOLLERR                     /* POLL_HUP */
     698             : };
     699             : 
     700          65 : static inline int sigio_perm(struct task_struct *p,
     701             :                              struct fown_struct *fown, int sig)
     702             : {
     703          65 :         const struct cred *cred;
     704          65 :         int ret;
     705             : 
     706          65 :         rcu_read_lock();
     707          65 :         cred = __task_cred(p);
     708          65 :         ret = ((uid_eq(fown->euid, GLOBAL_ROOT_UID) ||
     709           0 :                 uid_eq(fown->euid, cred->suid) || uid_eq(fown->euid, cred->uid) ||
     710          65 :                 uid_eq(fown->uid,  cred->suid) || uid_eq(fown->uid,  cred->uid)) &&
     711             :                !security_file_send_sigiotask(p, fown, sig));
     712          65 :         rcu_read_unlock();
     713          65 :         return ret;
     714             : }
     715             : 
     716          65 : static void send_sigio_to_task(struct task_struct *p,
     717             :                                struct fown_struct *fown,
     718             :                                int fd, int reason, enum pid_type type)
     719             : {
     720             :         /*
     721             :          * F_SETSIG can change ->signum lockless in parallel, make
     722             :          * sure we read it once and use the same value throughout.
     723             :          */
     724          65 :         int signum = READ_ONCE(fown->signum);
     725             : 
     726          65 :         if (!sigio_perm(p, fown, signum))
     727             :                 return;
     728             : 
     729          65 :         switch (signum) {
     730          65 :                 default: {
     731          65 :                         kernel_siginfo_t si;
     732             : 
     733             :                         /* Queue a rt signal with the appropriate fd as its
     734             :                            value.  We use SI_SIGIO as the source, not 
     735             :                            SI_KERNEL, since kernel signals always get 
     736             :                            delivered even if we can't queue.  Failure to
     737             :                            queue in this case _should_ be reported; we fall
     738             :                            back to SIGIO in that case. --sct */
     739          65 :                         clear_siginfo(&si);
     740          65 :                         si.si_signo = signum;
     741          65 :                         si.si_errno = 0;
     742          65 :                         si.si_code  = reason;
     743             :                         /*
     744             :                          * Posix definies POLL_IN and friends to be signal
     745             :                          * specific si_codes for SIG_POLL.  Linux extended
     746             :                          * these si_codes to other signals in a way that is
     747             :                          * ambiguous if other signals also have signal
     748             :                          * specific si_codes.  In that case use SI_SIGIO instead
     749             :                          * to remove the ambiguity.
     750             :                          */
     751          65 :                         if ((signum != SIGPOLL) && sig_specific_sicodes(signum))
     752           0 :                                 si.si_code = SI_SIGIO;
     753             : 
     754             :                         /* Make sure we are called with one of the POLL_*
     755             :                            reasons, otherwise we could leak kernel stack into
     756             :                            userspace.  */
     757          65 :                         BUG_ON((reason < POLL_IN) || ((reason - POLL_IN) >= NSIGPOLL));
     758          65 :                         if (reason - POLL_IN >= NSIGPOLL)
     759           0 :                                 si.si_band  = ~0L;
     760             :                         else
     761          65 :                                 si.si_band = mangle_poll(band_table[reason - POLL_IN]);
     762          65 :                         si.si_fd    = fd;
     763          65 :                         if (!do_send_sig_info(signum, &si, p, type))
     764             :                                 break;
     765             :                 }
     766           0 :                         fallthrough;    /* fall back on the old plain SIGIO signal */
     767             :                 case 0:
     768           0 :                         do_send_sig_info(SIGIO, SEND_SIG_PRIV, p, type);
     769             :         }
     770             : }
     771             : 
     772          65 : void send_sigio(struct fown_struct *fown, int fd, int band)
     773             : {
     774          65 :         struct task_struct *p;
     775          65 :         enum pid_type type;
     776          65 :         unsigned long flags;
     777          65 :         struct pid *pid;
     778             :         
     779          65 :         read_lock_irqsave(&fown->lock, flags);
     780             : 
     781          65 :         type = fown->pid_type;
     782          65 :         pid = fown->pid;
     783          65 :         if (!pid)
     784           0 :                 goto out_unlock_fown;
     785             : 
     786          65 :         if (type <= PIDTYPE_TGID) {
     787          65 :                 rcu_read_lock();
     788          65 :                 p = pid_task(pid, PIDTYPE_PID);
     789          65 :                 if (p)
     790          65 :                         send_sigio_to_task(p, fown, fd, band, type);
     791          65 :                 rcu_read_unlock();
     792             :         } else {
     793           0 :                 read_lock(&tasklist_lock);
     794           0 :                 do_each_pid_task(pid, type, p) {
     795           0 :                         send_sigio_to_task(p, fown, fd, band, type);
     796           0 :                 } while_each_pid_task(pid, type, p);
     797           0 :                 read_unlock(&tasklist_lock);
     798             :         }
     799          65 :  out_unlock_fown:
     800          65 :         read_unlock_irqrestore(&fown->lock, flags);
     801          65 : }
     802             : 
     803           0 : static void send_sigurg_to_task(struct task_struct *p,
     804             :                                 struct fown_struct *fown, enum pid_type type)
     805             : {
     806           0 :         if (sigio_perm(p, fown, SIGURG))
     807           0 :                 do_send_sig_info(SIGURG, SEND_SIG_PRIV, p, type);
     808           0 : }
     809             : 
     810           0 : int send_sigurg(struct fown_struct *fown)
     811             : {
     812           0 :         struct task_struct *p;
     813           0 :         enum pid_type type;
     814           0 :         struct pid *pid;
     815           0 :         unsigned long flags;
     816           0 :         int ret = 0;
     817             :         
     818           0 :         read_lock_irqsave(&fown->lock, flags);
     819             : 
     820           0 :         type = fown->pid_type;
     821           0 :         pid = fown->pid;
     822           0 :         if (!pid)
     823           0 :                 goto out_unlock_fown;
     824             : 
     825           0 :         ret = 1;
     826             : 
     827           0 :         if (type <= PIDTYPE_TGID) {
     828           0 :                 rcu_read_lock();
     829           0 :                 p = pid_task(pid, PIDTYPE_PID);
     830           0 :                 if (p)
     831           0 :                         send_sigurg_to_task(p, fown, type);
     832           0 :                 rcu_read_unlock();
     833             :         } else {
     834           0 :                 read_lock(&tasklist_lock);
     835           0 :                 do_each_pid_task(pid, type, p) {
     836           0 :                         send_sigurg_to_task(p, fown, type);
     837           0 :                 } while_each_pid_task(pid, type, p);
     838           0 :                 read_unlock(&tasklist_lock);
     839             :         }
     840           0 :  out_unlock_fown:
     841           0 :         read_unlock_irqrestore(&fown->lock, flags);
     842           0 :         return ret;
     843             : }
     844             : 
     845             : static DEFINE_SPINLOCK(fasync_lock);
     846             : static struct kmem_cache *fasync_cache __read_mostly;
     847             : 
     848         104 : static void fasync_free_rcu(struct rcu_head *head)
     849             : {
     850         104 :         kmem_cache_free(fasync_cache,
     851         104 :                         container_of(head, struct fasync_struct, fa_rcu));
     852         104 : }
     853             : 
     854             : /*
     855             :  * Remove a fasync entry. If successfully removed, return
     856             :  * positive and clear the FASYNC flag. If no entry exists,
     857             :  * do nothing and return 0.
     858             :  *
     859             :  * NOTE! It is very important that the FASYNC flag always
     860             :  * match the state "is the filp on a fasync list".
     861             :  *
     862             :  */
     863       78266 : int fasync_remove_entry(struct file *filp, struct fasync_struct **fapp)
     864             : {
     865       78266 :         struct fasync_struct *fa, **fp;
     866       78266 :         int result = 0;
     867             : 
     868       78266 :         spin_lock(&filp->f_lock);
     869       78266 :         spin_lock(&fasync_lock);
     870      156532 :         for (fp = fapp; (fa = *fp) != NULL; fp = &fa->fa_next) {
     871         104 :                 if (fa->fa_file != filp)
     872           0 :                         continue;
     873             : 
     874         104 :                 write_lock_irq(&fa->fa_lock);
     875         104 :                 fa->fa_file = NULL;
     876         104 :                 write_unlock_irq(&fa->fa_lock);
     877             : 
     878         104 :                 *fp = fa->fa_next;
     879         104 :                 call_rcu(&fa->fa_rcu, fasync_free_rcu);
     880         104 :                 filp->f_flags &= ~FASYNC;
     881         104 :                 result = 1;
     882         104 :                 break;
     883             :         }
     884       78266 :         spin_unlock(&fasync_lock);
     885       78266 :         spin_unlock(&filp->f_lock);
     886       78266 :         return result;
     887             : }
     888             : 
     889         130 : struct fasync_struct *fasync_alloc(void)
     890             : {
     891         130 :         return kmem_cache_alloc(fasync_cache, GFP_KERNEL);
     892             : }
     893             : 
     894             : /*
     895             :  * NOTE! This can be used only for unused fasync entries:
     896             :  * entries that actually got inserted on the fasync list
     897             :  * need to be released by rcu - see fasync_remove_entry.
     898             :  */
     899          26 : void fasync_free(struct fasync_struct *new)
     900             : {
     901          26 :         kmem_cache_free(fasync_cache, new);
     902          26 : }
     903             : 
     904             : /*
     905             :  * Insert a new entry into the fasync list.  Return the pointer to the
     906             :  * old one if we didn't use the new one.
     907             :  *
     908             :  * NOTE! It is very important that the FASYNC flag always
     909             :  * match the state "is the filp on a fasync list".
     910             :  */
     911         104 : struct fasync_struct *fasync_insert_entry(int fd, struct file *filp, struct fasync_struct **fapp, struct fasync_struct *new)
     912             : {
     913         104 :         struct fasync_struct *fa, **fp;
     914             : 
     915         104 :         spin_lock(&filp->f_lock);
     916         104 :         spin_lock(&fasync_lock);
     917         208 :         for (fp = fapp; (fa = *fp) != NULL; fp = &fa->fa_next) {
     918           0 :                 if (fa->fa_file != filp)
     919           0 :                         continue;
     920             : 
     921           0 :                 write_lock_irq(&fa->fa_lock);
     922           0 :                 fa->fa_fd = fd;
     923           0 :                 write_unlock_irq(&fa->fa_lock);
     924           0 :                 goto out;
     925             :         }
     926             : 
     927         104 :         rwlock_init(&new->fa_lock);
     928         104 :         new->magic = FASYNC_MAGIC;
     929         104 :         new->fa_file = filp;
     930         104 :         new->fa_fd = fd;
     931         104 :         new->fa_next = *fapp;
     932         104 :         rcu_assign_pointer(*fapp, new);
     933         104 :         filp->f_flags |= FASYNC;
     934             : 
     935         104 : out:
     936         104 :         spin_unlock(&fasync_lock);
     937         104 :         spin_unlock(&filp->f_lock);
     938         104 :         return fa;
     939             : }
     940             : 
     941             : /*
     942             :  * Add a fasync entry. Return negative on error, positive if
     943             :  * added, and zero if did nothing but change an existing one.
     944             :  */
     945           0 : static int fasync_add_entry(int fd, struct file *filp, struct fasync_struct **fapp)
     946             : {
     947           0 :         struct fasync_struct *new;
     948             : 
     949           0 :         new = fasync_alloc();
     950           0 :         if (!new)
     951             :                 return -ENOMEM;
     952             : 
     953             :         /*
     954             :          * fasync_insert_entry() returns the old (update) entry if
     955             :          * it existed.
     956             :          *
     957             :          * So free the (unused) new entry and return 0 to let the
     958             :          * caller know that we didn't add any new fasync entries.
     959             :          */
     960           0 :         if (fasync_insert_entry(fd, filp, fapp, new)) {
     961           0 :                 fasync_free(new);
     962           0 :                 return 0;
     963             :         }
     964             : 
     965             :         return 1;
     966             : }
     967             : 
     968             : /*
     969             :  * fasync_helper() is used by almost all character device drivers
     970             :  * to set up the fasync queue, and for regular files by the file
     971             :  * lease code. It returns negative on error, 0 if it did no changes
     972             :  * and positive if it added/deleted the entry.
     973             :  */
     974       78266 : int fasync_helper(int fd, struct file * filp, int on, struct fasync_struct **fapp)
     975             : {
     976       78266 :         if (!on)
     977       78266 :                 return fasync_remove_entry(filp, fapp);
     978           0 :         return fasync_add_entry(fd, filp, fapp);
     979             : }
     980             : 
     981             : EXPORT_SYMBOL(fasync_helper);
     982             : 
     983             : /*
     984             :  * rcu_read_lock() is held
     985             :  */
     986          65 : static void kill_fasync_rcu(struct fasync_struct *fa, int sig, int band)
     987             : {
     988         130 :         while (fa) {
     989          65 :                 struct fown_struct *fown;
     990          65 :                 unsigned long flags;
     991             : 
     992          65 :                 if (fa->magic != FASYNC_MAGIC) {
     993           0 :                         printk(KERN_ERR "kill_fasync: bad magic number in "
     994             :                                "fasync_struct!\n");
     995           0 :                         return;
     996             :                 }
     997          65 :                 read_lock_irqsave(&fa->fa_lock, flags);
     998          65 :                 if (fa->fa_file) {
     999          65 :                         fown = &fa->fa_file->f_owner;
    1000             :                         /* Don't send SIGURG to processes which have not set a
    1001             :                            queued signum: SIGURG has its own default signalling
    1002             :                            mechanism. */
    1003          65 :                         if (!(sig == SIGURG && fown->signum == 0))
    1004          65 :                                 send_sigio(fown, fa->fa_fd, band);
    1005             :                 }
    1006          65 :                 read_unlock_irqrestore(&fa->fa_lock, flags);
    1007          65 :                 fa = rcu_dereference(fa->fa_next);
    1008             :         }
    1009             : }
    1010             : 
    1011  2193222777 : void kill_fasync(struct fasync_struct **fp, int sig, int band)
    1012             : {
    1013             :         /* First a quick test without locking: usually
    1014             :          * the list is empty.
    1015             :          */
    1016  2193222777 :         if (*fp) {
    1017          65 :                 rcu_read_lock();
    1018          65 :                 kill_fasync_rcu(rcu_dereference(*fp), sig, band);
    1019          65 :                 rcu_read_unlock();
    1020             :         }
    1021  2193222777 : }
    1022             : EXPORT_SYMBOL(kill_fasync);
    1023             : 
    1024           0 : static int __init fcntl_init(void)
    1025             : {
    1026             :         /*
    1027             :          * Please add new bits here to ensure allocation uniqueness.
    1028             :          * Exceptions: O_NONBLOCK is a two bit define on parisc; O_NDELAY
    1029             :          * is defined as O_NONBLOCK on some platforms and not on others.
    1030             :          */
    1031           0 :         BUILD_BUG_ON(21 - 1 /* for O_RDONLY being 0 */ !=
    1032             :                 HWEIGHT32(
    1033             :                         (VALID_OPEN_FLAGS & ~(O_NONBLOCK | O_NDELAY)) |
    1034             :                         __FMODE_EXEC | __FMODE_NONOTIFY));
    1035             : 
    1036           0 :         fasync_cache = kmem_cache_create("fasync_cache",
    1037             :                                          sizeof(struct fasync_struct), 0,
    1038             :                                          SLAB_PANIC | SLAB_ACCOUNT, NULL);
    1039           0 :         return 0;
    1040             : }
    1041             : 
    1042             : module_init(fcntl_init)

Generated by: LCOV version 1.14