This flag indicates the path should be opened if it's a regular file. This is useful to write secure programs that want to avoid being tricked into opening device nodes with special semantics while thinking they operate on regular files. This is a requested feature from the uapi-group[1].
A corresponding error code EFTYPE has been introduced. For example, if openat2 is called on path /dev/null with OPENAT2_REGULAR in the flag param, it will return -EFTYPE. EFTYPE is already used in BSD systems like FreeBSD, macOS. When used in combination with O_CREAT, either the regular file is created, or if the path already exists, it is opened if it's a regular file. Otherwise, -EFTYPE is returned. When OPENAT2_REGULAR is combined with O_DIRECTORY, -EINVAL is returned as it doesn't make sense to open a path that is both a directory and a regular file. [1]: https://uapi-group.org/kernel-features/#ability-to-only-open-regular-files Signed-off-by: Dorjoy Chowdhury <[email protected]> --- arch/alpha/include/uapi/asm/errno.h | 2 ++ arch/alpha/include/uapi/asm/fcntl.h | 1 + arch/mips/include/uapi/asm/errno.h | 2 ++ arch/parisc/include/uapi/asm/errno.h | 2 ++ arch/parisc/include/uapi/asm/fcntl.h | 1 + arch/sparc/include/uapi/asm/errno.h | 2 ++ arch/sparc/include/uapi/asm/fcntl.h | 1 + fs/ceph/file.c | 4 ++++ fs/fcntl.c | 4 ++-- fs/gfs2/inode.c | 6 ++++++ fs/namei.c | 4 ++++ fs/nfs/dir.c | 4 ++++ fs/open.c | 8 +++++--- fs/smb/client/dir.c | 14 +++++++++++++- include/linux/fcntl.h | 2 ++ include/uapi/asm-generic/errno.h | 2 ++ include/uapi/asm-generic/fcntl.h | 4 ++++ tools/arch/alpha/include/uapi/asm/errno.h | 2 ++ tools/arch/mips/include/uapi/asm/errno.h | 2 ++ tools/arch/parisc/include/uapi/asm/errno.h | 2 ++ tools/arch/sparc/include/uapi/asm/errno.h | 2 ++ tools/include/uapi/asm-generic/errno.h | 2 ++ 22 files changed, 67 insertions(+), 6 deletions(-) diff --git a/arch/alpha/include/uapi/asm/errno.h b/arch/alpha/include/uapi/asm/errno.h index 6791f6508632..1a99f38813c7 100644 --- a/arch/alpha/include/uapi/asm/errno.h +++ b/arch/alpha/include/uapi/asm/errno.h @@ -127,4 +127,6 @@ #define EHWPOISON 139 /* Memory page has hardware error */ +#define EFTYPE 140 /* Wrong file type for the intended operation */ + #endif diff --git a/arch/alpha/include/uapi/asm/fcntl.h b/arch/alpha/include/uapi/asm/fcntl.h index 50bdc8e8a271..fe488bf7c18e 100644 --- a/arch/alpha/include/uapi/asm/fcntl.h +++ b/arch/alpha/include/uapi/asm/fcntl.h @@ -34,6 +34,7 @@ #define O_PATH 040000000 #define __O_TMPFILE 0100000000 +#define OPENAT2_REGULAR 0200000000 #define F_GETLK 7 #define F_SETLK 8 diff --git a/arch/mips/include/uapi/asm/errno.h b/arch/mips/include/uapi/asm/errno.h index c01ed91b1ef4..1835a50b69ce 100644 --- a/arch/mips/include/uapi/asm/errno.h +++ b/arch/mips/include/uapi/asm/errno.h @@ -126,6 +126,8 @@ #define EHWPOISON 168 /* Memory page has hardware error */ +#define EFTYPE 169 /* Wrong file type for the intended operation */ + #define EDQUOT 1133 /* Quota exceeded */ diff --git a/arch/parisc/include/uapi/asm/errno.h b/arch/parisc/include/uapi/asm/errno.h index 8cbc07c1903e..93194fbb0a80 100644 --- a/arch/parisc/include/uapi/asm/errno.h +++ b/arch/parisc/include/uapi/asm/errno.h @@ -124,4 +124,6 @@ #define EHWPOISON 257 /* Memory page has hardware error */ +#define EFTYPE 258 /* Wrong file type for the intended operation */ + #endif diff --git a/arch/parisc/include/uapi/asm/fcntl.h b/arch/parisc/include/uapi/asm/fcntl.h index 03dee816cb13..d46812f2f0f4 100644 --- a/arch/parisc/include/uapi/asm/fcntl.h +++ b/arch/parisc/include/uapi/asm/fcntl.h @@ -19,6 +19,7 @@ #define O_PATH 020000000 #define __O_TMPFILE 040000000 +#define OPENAT2_REGULAR 0100000000 #define F_GETLK64 8 #define F_SETLK64 9 diff --git a/arch/sparc/include/uapi/asm/errno.h b/arch/sparc/include/uapi/asm/errno.h index 4a41e7835fd5..71940ec9130b 100644 --- a/arch/sparc/include/uapi/asm/errno.h +++ b/arch/sparc/include/uapi/asm/errno.h @@ -117,4 +117,6 @@ #define EHWPOISON 135 /* Memory page has hardware error */ +#define EFTYPE 136 /* Wrong file type for the intended operation */ + #endif diff --git a/arch/sparc/include/uapi/asm/fcntl.h b/arch/sparc/include/uapi/asm/fcntl.h index 67dae75e5274..bb6e9fa94bc9 100644 --- a/arch/sparc/include/uapi/asm/fcntl.h +++ b/arch/sparc/include/uapi/asm/fcntl.h @@ -37,6 +37,7 @@ #define O_PATH 0x1000000 #define __O_TMPFILE 0x2000000 +#define OPENAT2_REGULAR 0x4000000 #define F_GETOWN 5 /* for sockets. */ #define F_SETOWN 6 /* for sockets. */ diff --git a/fs/ceph/file.c b/fs/ceph/file.c index 66bbf6d517a9..6d8d4c7765e6 100644 --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -977,6 +977,10 @@ int ceph_atomic_open(struct inode *dir, struct dentry *dentry, ceph_init_inode_acls(newino, &as_ctx); file->f_mode |= FMODE_CREATED; } + if ((flags & OPENAT2_REGULAR) && !d_is_reg(dentry)) { + err = -EFTYPE; + goto out_req; + } err = finish_open(file, dentry, ceph_open); } out_req: diff --git a/fs/fcntl.c b/fs/fcntl.c index beab8080badf..240bb511557a 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -1169,9 +1169,9 @@ static int __init fcntl_init(void) * Exceptions: O_NONBLOCK is a two bit define on parisc; O_NDELAY * is defined as O_NONBLOCK on some platforms and not on others. */ - BUILD_BUG_ON(20 - 1 /* for O_RDONLY being 0 */ != + BUILD_BUG_ON(21 - 1 /* for O_RDONLY being 0 */ != HWEIGHT32( - (VALID_OPEN_FLAGS & ~(O_NONBLOCK | O_NDELAY)) | + (VALID_OPENAT2_FLAGS & ~(O_NONBLOCK | O_NDELAY)) | __FMODE_EXEC)); fasync_cache = kmem_cache_create("fasync_cache", diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index 8344040ecaf7..4604e2e8a9cc 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c @@ -738,6 +738,12 @@ static int gfs2_create_inode(struct inode *dir, struct dentry *dentry, inode = gfs2_dir_search(dir, &dentry->d_name, !S_ISREG(mode) || excl); error = PTR_ERR(inode); if (!IS_ERR(inode)) { + if (file && (file->f_flags & OPENAT2_REGULAR) && !S_ISREG(inode->i_mode)) { + iput(inode); + inode = NULL; + error = -EFTYPE; + goto fail_gunlock; + } if (S_ISDIR(inode->i_mode)) { iput(inode); inode = NULL; diff --git a/fs/namei.c b/fs/namei.c index 2113958c3b7a..e557c538c238 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -4679,6 +4679,10 @@ static int do_open(struct nameidata *nd, if (unlikely(error)) return error; } + + if ((open_flag & OPENAT2_REGULAR) && !d_is_reg(nd->path.dentry)) + return -EFTYPE; + if ((nd->flags & LOOKUP_DIRECTORY) && !d_can_lookup(nd->path.dentry)) return -ENOTDIR; diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index ddc3789363a5..bfe9470327c8 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -2195,6 +2195,10 @@ int nfs_atomic_open(struct inode *dir, struct dentry *dentry, break; case -EISDIR: case -ENOTDIR: + if (open_flags & OPENAT2_REGULAR) { + err = -EFTYPE; + break; + } goto no_open; case -ELOOP: if (!(open_flags & O_NOFOLLOW)) diff --git a/fs/open.c b/fs/open.c index 681d405bc61e..a6f445f72181 100644 --- a/fs/open.c +++ b/fs/open.c @@ -960,7 +960,7 @@ static int do_dentry_open(struct file *f, if (f->f_mapping->a_ops && f->f_mapping->a_ops->direct_IO) f->f_mode |= FMODE_CAN_ODIRECT; - f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); + f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC | OPENAT2_REGULAR); f->f_iocb_flags = iocb_flags(f); file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping); @@ -1183,7 +1183,7 @@ inline int build_open_flags(const struct open_how *how, struct open_flags *op) int lookup_flags = 0; int acc_mode = ACC_MODE(flags); - BUILD_BUG_ON_MSG(upper_32_bits(VALID_OPEN_FLAGS), + BUILD_BUG_ON_MSG(upper_32_bits(VALID_OPENAT2_FLAGS), "struct open_flags doesn't yet handle flags > 32 bits"); /* @@ -1196,7 +1196,7 @@ inline int build_open_flags(const struct open_how *how, struct open_flags *op) * values before calling build_open_flags(), but openat2(2) checks all * of its arguments. */ - if (flags & ~VALID_OPEN_FLAGS) + if (flags & ~VALID_OPENAT2_FLAGS) return -EINVAL; if (how->resolve & ~VALID_RESOLVE_FLAGS) return -EINVAL; @@ -1235,6 +1235,8 @@ inline int build_open_flags(const struct open_how *how, struct open_flags *op) return -EINVAL; if (!(acc_mode & MAY_WRITE)) return -EINVAL; + } else if ((flags & O_DIRECTORY) && (flags & OPENAT2_REGULAR)) { + return -EINVAL; } if (flags & O_PATH) { /* O_PATH only permits certain other flags to be set. */ diff --git a/fs/smb/client/dir.c b/fs/smb/client/dir.c index 953f1fee8cb8..355681ebacf1 100644 --- a/fs/smb/client/dir.c +++ b/fs/smb/client/dir.c @@ -222,6 +222,13 @@ static int cifs_do_create(struct inode *inode, struct dentry *direntry, unsigned goto cifs_create_get_file_info; } + if ((oflags & OPENAT2_REGULAR) && !S_ISREG(newinode->i_mode)) { + CIFSSMBClose(xid, tcon, fid->netfid); + iput(newinode); + rc = -EFTYPE; + goto out; + } + if (S_ISDIR(newinode->i_mode)) { CIFSSMBClose(xid, tcon, fid->netfid); iput(newinode); @@ -436,11 +443,16 @@ static int cifs_do_create(struct inode *inode, struct dentry *direntry, unsigned goto out_err; } - if (newinode) + if (newinode) { + if ((oflags & OPENAT2_REGULAR) && !S_ISREG(newinode->i_mode)) { + rc = -EFTYPE; + goto out_err; + } if (S_ISDIR(newinode->i_mode)) { rc = -EISDIR; goto out_err; } + } d_drop(direntry); d_add(direntry, newinode); diff --git a/include/linux/fcntl.h b/include/linux/fcntl.h index a332e79b3207..a80026718217 100644 --- a/include/linux/fcntl.h +++ b/include/linux/fcntl.h @@ -12,6 +12,8 @@ FASYNC | O_DIRECT | O_LARGEFILE | O_DIRECTORY | O_NOFOLLOW | \ O_NOATIME | O_CLOEXEC | O_PATH | __O_TMPFILE) +#define VALID_OPENAT2_FLAGS (VALID_OPEN_FLAGS | OPENAT2_REGULAR) + /* List of all valid flags for the how->resolve argument: */ #define VALID_RESOLVE_FLAGS \ (RESOLVE_NO_XDEV | RESOLVE_NO_MAGICLINKS | RESOLVE_NO_SYMLINKS | \ diff --git a/include/uapi/asm-generic/errno.h b/include/uapi/asm-generic/errno.h index 92e7ae493ee3..bd78e69e0a43 100644 --- a/include/uapi/asm-generic/errno.h +++ b/include/uapi/asm-generic/errno.h @@ -122,4 +122,6 @@ #define EHWPOISON 133 /* Memory page has hardware error */ +#define EFTYPE 134 /* Wrong file type for the intended operation */ + #endif diff --git a/include/uapi/asm-generic/fcntl.h b/include/uapi/asm-generic/fcntl.h index 613475285643..b2c2ddd0edc0 100644 --- a/include/uapi/asm-generic/fcntl.h +++ b/include/uapi/asm-generic/fcntl.h @@ -88,6 +88,10 @@ #define __O_TMPFILE 020000000 #endif +#ifndef OPENAT2_REGULAR +#define OPENAT2_REGULAR 040000000 +#endif + /* a horrid kludge trying to make sure that this will fail on old kernels */ #define O_TMPFILE (__O_TMPFILE | O_DIRECTORY) diff --git a/tools/arch/alpha/include/uapi/asm/errno.h b/tools/arch/alpha/include/uapi/asm/errno.h index 6791f6508632..1a99f38813c7 100644 --- a/tools/arch/alpha/include/uapi/asm/errno.h +++ b/tools/arch/alpha/include/uapi/asm/errno.h @@ -127,4 +127,6 @@ #define EHWPOISON 139 /* Memory page has hardware error */ +#define EFTYPE 140 /* Wrong file type for the intended operation */ + #endif diff --git a/tools/arch/mips/include/uapi/asm/errno.h b/tools/arch/mips/include/uapi/asm/errno.h index c01ed91b1ef4..1835a50b69ce 100644 --- a/tools/arch/mips/include/uapi/asm/errno.h +++ b/tools/arch/mips/include/uapi/asm/errno.h @@ -126,6 +126,8 @@ #define EHWPOISON 168 /* Memory page has hardware error */ +#define EFTYPE 169 /* Wrong file type for the intended operation */ + #define EDQUOT 1133 /* Quota exceeded */ diff --git a/tools/arch/parisc/include/uapi/asm/errno.h b/tools/arch/parisc/include/uapi/asm/errno.h index 8cbc07c1903e..93194fbb0a80 100644 --- a/tools/arch/parisc/include/uapi/asm/errno.h +++ b/tools/arch/parisc/include/uapi/asm/errno.h @@ -124,4 +124,6 @@ #define EHWPOISON 257 /* Memory page has hardware error */ +#define EFTYPE 258 /* Wrong file type for the intended operation */ + #endif diff --git a/tools/arch/sparc/include/uapi/asm/errno.h b/tools/arch/sparc/include/uapi/asm/errno.h index 4a41e7835fd5..71940ec9130b 100644 --- a/tools/arch/sparc/include/uapi/asm/errno.h +++ b/tools/arch/sparc/include/uapi/asm/errno.h @@ -117,4 +117,6 @@ #define EHWPOISON 135 /* Memory page has hardware error */ +#define EFTYPE 136 /* Wrong file type for the intended operation */ + #endif diff --git a/tools/include/uapi/asm-generic/errno.h b/tools/include/uapi/asm-generic/errno.h index 92e7ae493ee3..bd78e69e0a43 100644 --- a/tools/include/uapi/asm-generic/errno.h +++ b/tools/include/uapi/asm-generic/errno.h @@ -122,4 +122,6 @@ #define EHWPOISON 133 /* Memory page has hardware error */ +#define EFTYPE 134 /* Wrong file type for the intended operation */ + #endif -- 2.53.0
