1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/kernel.h>
3 #include <linux/errno.h>
4 #include <linux/fs.h>
5 #include <linux/file.h>
6 #include <linux/fdtable.h>
7 #include <linux/fsnotify.h>
8 #include <linux/namei.h>
9 #include <linux/io_uring.h>
10 
11 #include <uapi/linux/io_uring.h>
12 
13 #include "../fs/internal.h"
14 
15 #include "io_uring.h"
16 #include "rsrc.h"
17 #include "openclose.h"
18 
19 struct io_open {
20 	struct file			*file;
21 	int				dfd;
22 	u32				file_slot;
23 	struct filename			*filename;
24 	struct open_how			how;
25 	unsigned long			nofile;
26 };
27 
28 struct io_close {
29 	struct file			*file;
30 	int				fd;
31 	u32				file_slot;
32 };
33 
34 struct io_fixed_install {
35 	struct file			*file;
36 	unsigned int			o_flags;
37 };
38 
io_openat_force_async(struct io_open * open)39 static bool io_openat_force_async(struct io_open *open)
40 {
41 	/*
42 	 * Don't bother trying for O_TRUNC, O_CREAT, or O_TMPFILE open,
43 	 * it'll always -EAGAIN. Note that we test for __O_TMPFILE because
44 	 * O_TMPFILE includes O_DIRECTORY, which isn't a flag we need to force
45 	 * async for.
46 	 */
47 	return open->how.flags & (O_TRUNC | O_CREAT | __O_TMPFILE);
48 }
49 
__io_openat_prep(struct io_kiocb * req,const struct io_uring_sqe * sqe)50 static int __io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
51 {
52 	struct io_open *open = io_kiocb_to_cmd(req, struct io_open);
53 	const char __user *fname;
54 	int ret;
55 
56 	if (unlikely(sqe->buf_index))
57 		return -EINVAL;
58 	if (unlikely(req->flags & REQ_F_FIXED_FILE))
59 		return -EBADF;
60 
61 	/* open.how should be already initialised */
62 	if (!(open->how.flags & O_PATH) && force_o_largefile())
63 		open->how.flags |= O_LARGEFILE;
64 
65 	open->dfd = READ_ONCE(sqe->fd);
66 	fname = u64_to_user_ptr(READ_ONCE(sqe->addr));
67 	open->filename = getname(fname);
68 	if (IS_ERR(open->filename)) {
69 		ret = PTR_ERR(open->filename);
70 		open->filename = NULL;
71 		return ret;
72 	}
73 
74 	open->file_slot = READ_ONCE(sqe->file_index);
75 	if (open->file_slot && (open->how.flags & O_CLOEXEC))
76 		return -EINVAL;
77 
78 	open->nofile = rlimit(RLIMIT_NOFILE);
79 	req->flags |= REQ_F_NEED_CLEANUP;
80 	if (io_openat_force_async(open))
81 		req->flags |= REQ_F_FORCE_ASYNC;
82 	return 0;
83 }
84 
io_openat_prep(struct io_kiocb * req,const struct io_uring_sqe * sqe)85 int io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
86 {
87 	struct io_open *open = io_kiocb_to_cmd(req, struct io_open);
88 	u64 mode = READ_ONCE(sqe->len);
89 	u64 flags = READ_ONCE(sqe->open_flags);
90 
91 	open->how = build_open_how(flags, mode);
92 	return __io_openat_prep(req, sqe);
93 }
94 
io_openat2_prep(struct io_kiocb * req,const struct io_uring_sqe * sqe)95 int io_openat2_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
96 {
97 	struct io_open *open = io_kiocb_to_cmd(req, struct io_open);
98 	struct open_how __user *how;
99 	size_t len;
100 	int ret;
101 
102 	how = u64_to_user_ptr(READ_ONCE(sqe->addr2));
103 	len = READ_ONCE(sqe->len);
104 	if (len < OPEN_HOW_SIZE_VER0)
105 		return -EINVAL;
106 
107 	ret = copy_struct_from_user(&open->how, sizeof(open->how), how, len);
108 	if (ret)
109 		return ret;
110 
111 	return __io_openat_prep(req, sqe);
112 }
113 
io_openat2(struct io_kiocb * req,unsigned int issue_flags)114 int io_openat2(struct io_kiocb *req, unsigned int issue_flags)
115 {
116 	struct io_open *open = io_kiocb_to_cmd(req, struct io_open);
117 	struct open_flags op;
118 	struct file *file;
119 	bool resolve_nonblock, nonblock_set;
120 	bool fixed = !!open->file_slot;
121 	int ret;
122 
123 	ret = build_open_flags(&open->how, &op);
124 	if (ret)
125 		goto err;
126 	nonblock_set = op.open_flag & O_NONBLOCK;
127 	resolve_nonblock = open->how.resolve & RESOLVE_CACHED;
128 	if (issue_flags & IO_URING_F_NONBLOCK) {
129 		WARN_ON_ONCE(io_openat_force_async(open));
130 		op.lookup_flags |= LOOKUP_CACHED;
131 		op.open_flag |= O_NONBLOCK;
132 	}
133 
134 	if (!fixed) {
135 		ret = __get_unused_fd_flags(open->how.flags, open->nofile);
136 		if (ret < 0)
137 			goto err;
138 	}
139 
140 	file = do_filp_open(open->dfd, open->filename, &op);
141 	if (IS_ERR(file)) {
142 		/*
143 		 * We could hang on to this 'fd' on retrying, but seems like
144 		 * marginal gain for something that is now known to be a slower
145 		 * path. So just put it, and we'll get a new one when we retry.
146 		 */
147 		if (!fixed)
148 			put_unused_fd(ret);
149 
150 		ret = PTR_ERR(file);
151 		/* only retry if RESOLVE_CACHED wasn't already set by application */
152 		if (ret == -EAGAIN &&
153 		    (!resolve_nonblock && (issue_flags & IO_URING_F_NONBLOCK)))
154 			return -EAGAIN;
155 		goto err;
156 	}
157 
158 	if ((issue_flags & IO_URING_F_NONBLOCK) && !nonblock_set)
159 		file->f_flags &= ~O_NONBLOCK;
160 
161 	if (!fixed)
162 		fd_install(ret, file);
163 	else
164 		ret = io_fixed_fd_install(req, issue_flags, file,
165 						open->file_slot);
166 err:
167 	putname(open->filename);
168 	req->flags &= ~REQ_F_NEED_CLEANUP;
169 	if (ret < 0)
170 		req_set_fail(req);
171 	io_req_set_res(req, ret, 0);
172 	return IOU_OK;
173 }
174 
io_openat(struct io_kiocb * req,unsigned int issue_flags)175 int io_openat(struct io_kiocb *req, unsigned int issue_flags)
176 {
177 	return io_openat2(req, issue_flags);
178 }
179 
io_open_cleanup(struct io_kiocb * req)180 void io_open_cleanup(struct io_kiocb *req)
181 {
182 	struct io_open *open = io_kiocb_to_cmd(req, struct io_open);
183 
184 	if (open->filename)
185 		putname(open->filename);
186 }
187 
__io_close_fixed(struct io_ring_ctx * ctx,unsigned int issue_flags,unsigned int offset)188 int __io_close_fixed(struct io_ring_ctx *ctx, unsigned int issue_flags,
189 		     unsigned int offset)
190 {
191 	int ret;
192 
193 	io_ring_submit_lock(ctx, issue_flags);
194 	ret = io_fixed_fd_remove(ctx, offset);
195 	io_ring_submit_unlock(ctx, issue_flags);
196 
197 	return ret;
198 }
199 
io_close_fixed(struct io_kiocb * req,unsigned int issue_flags)200 static inline int io_close_fixed(struct io_kiocb *req, unsigned int issue_flags)
201 {
202 	struct io_close *close = io_kiocb_to_cmd(req, struct io_close);
203 
204 	return __io_close_fixed(req->ctx, issue_flags, close->file_slot - 1);
205 }
206 
io_close_prep(struct io_kiocb * req,const struct io_uring_sqe * sqe)207 int io_close_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
208 {
209 	struct io_close *close = io_kiocb_to_cmd(req, struct io_close);
210 
211 	if (sqe->off || sqe->addr || sqe->len || sqe->rw_flags || sqe->buf_index)
212 		return -EINVAL;
213 	if (req->flags & REQ_F_FIXED_FILE)
214 		return -EBADF;
215 
216 	close->fd = READ_ONCE(sqe->fd);
217 	close->file_slot = READ_ONCE(sqe->file_index);
218 	if (close->file_slot && close->fd)
219 		return -EINVAL;
220 
221 	return 0;
222 }
223 
io_close(struct io_kiocb * req,unsigned int issue_flags)224 int io_close(struct io_kiocb *req, unsigned int issue_flags)
225 {
226 	struct files_struct *files = current->files;
227 	struct io_close *close = io_kiocb_to_cmd(req, struct io_close);
228 	struct file *file;
229 	int ret = -EBADF;
230 
231 	if (close->file_slot) {
232 		ret = io_close_fixed(req, issue_flags);
233 		goto err;
234 	}
235 
236 	spin_lock(&files->file_lock);
237 	file = files_lookup_fd_locked(files, close->fd);
238 	if (!file || io_is_uring_fops(file)) {
239 		spin_unlock(&files->file_lock);
240 		goto err;
241 	}
242 
243 	/* if the file has a flush method, be safe and punt to async */
244 	if (file->f_op->flush && (issue_flags & IO_URING_F_NONBLOCK)) {
245 		spin_unlock(&files->file_lock);
246 		return -EAGAIN;
247 	}
248 
249 	file = file_close_fd_locked(files, close->fd);
250 	spin_unlock(&files->file_lock);
251 	if (!file)
252 		goto err;
253 
254 	/* No ->flush() or already async, safely close from here */
255 	ret = filp_close(file, current->files);
256 err:
257 	if (ret < 0)
258 		req_set_fail(req);
259 	io_req_set_res(req, ret, 0);
260 	return IOU_OK;
261 }
262 
io_install_fixed_fd_prep(struct io_kiocb * req,const struct io_uring_sqe * sqe)263 int io_install_fixed_fd_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
264 {
265 	struct io_fixed_install *ifi;
266 	unsigned int flags;
267 
268 	if (sqe->off || sqe->addr || sqe->len || sqe->buf_index ||
269 	    sqe->splice_fd_in || sqe->addr3)
270 		return -EINVAL;
271 
272 	/* must be a fixed file */
273 	if (!(req->flags & REQ_F_FIXED_FILE))
274 		return -EBADF;
275 
276 	flags = READ_ONCE(sqe->install_fd_flags);
277 	if (flags & ~IORING_FIXED_FD_NO_CLOEXEC)
278 		return -EINVAL;
279 
280 	/* ensure the task's creds are used when installing/receiving fds */
281 	if (req->flags & REQ_F_CREDS)
282 		return -EPERM;
283 
284 	/* default to O_CLOEXEC, disable if IORING_FIXED_FD_NO_CLOEXEC is set */
285 	ifi = io_kiocb_to_cmd(req, struct io_fixed_install);
286 	ifi->o_flags = O_CLOEXEC;
287 	if (flags & IORING_FIXED_FD_NO_CLOEXEC)
288 		ifi->o_flags = 0;
289 
290 	return 0;
291 }
292 
io_install_fixed_fd(struct io_kiocb * req,unsigned int issue_flags)293 int io_install_fixed_fd(struct io_kiocb *req, unsigned int issue_flags)
294 {
295 	struct io_fixed_install *ifi;
296 	int ret;
297 
298 	ifi = io_kiocb_to_cmd(req, struct io_fixed_install);
299 	ret = receive_fd(req->file, NULL, ifi->o_flags);
300 	if (ret < 0)
301 		req_set_fail(req);
302 	io_req_set_res(req, ret, 0);
303 	return IOU_OK;
304 }
305