1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun #include <linux/syscalls.h>
3*4882a593Smuzhiyun #include <linux/slab.h>
4*4882a593Smuzhiyun #include <linux/fs.h>
5*4882a593Smuzhiyun #include <linux/file.h>
6*4882a593Smuzhiyun #include <linux/mount.h>
7*4882a593Smuzhiyun #include <linux/namei.h>
8*4882a593Smuzhiyun #include <linux/exportfs.h>
9*4882a593Smuzhiyun #include <linux/fs_struct.h>
10*4882a593Smuzhiyun #include <linux/fsnotify.h>
11*4882a593Smuzhiyun #include <linux/personality.h>
12*4882a593Smuzhiyun #include <linux/uaccess.h>
13*4882a593Smuzhiyun #include <linux/compat.h>
14*4882a593Smuzhiyun #include "internal.h"
15*4882a593Smuzhiyun #include "mount.h"
16*4882a593Smuzhiyun
do_sys_name_to_handle(struct path * path,struct file_handle __user * ufh,int __user * mnt_id)17*4882a593Smuzhiyun static long do_sys_name_to_handle(struct path *path,
18*4882a593Smuzhiyun struct file_handle __user *ufh,
19*4882a593Smuzhiyun int __user *mnt_id)
20*4882a593Smuzhiyun {
21*4882a593Smuzhiyun long retval;
22*4882a593Smuzhiyun struct file_handle f_handle;
23*4882a593Smuzhiyun int handle_dwords, handle_bytes;
24*4882a593Smuzhiyun struct file_handle *handle = NULL;
25*4882a593Smuzhiyun
26*4882a593Smuzhiyun /*
27*4882a593Smuzhiyun * We need to make sure whether the file system
28*4882a593Smuzhiyun * support decoding of the file handle
29*4882a593Smuzhiyun */
30*4882a593Smuzhiyun if (!path->dentry->d_sb->s_export_op ||
31*4882a593Smuzhiyun !path->dentry->d_sb->s_export_op->fh_to_dentry)
32*4882a593Smuzhiyun return -EOPNOTSUPP;
33*4882a593Smuzhiyun
34*4882a593Smuzhiyun if (copy_from_user(&f_handle, ufh, sizeof(struct file_handle)))
35*4882a593Smuzhiyun return -EFAULT;
36*4882a593Smuzhiyun
37*4882a593Smuzhiyun if (f_handle.handle_bytes > MAX_HANDLE_SZ)
38*4882a593Smuzhiyun return -EINVAL;
39*4882a593Smuzhiyun
40*4882a593Smuzhiyun handle = kmalloc(sizeof(struct file_handle) + f_handle.handle_bytes,
41*4882a593Smuzhiyun GFP_KERNEL);
42*4882a593Smuzhiyun if (!handle)
43*4882a593Smuzhiyun return -ENOMEM;
44*4882a593Smuzhiyun
45*4882a593Smuzhiyun /* convert handle size to multiple of sizeof(u32) */
46*4882a593Smuzhiyun handle_dwords = f_handle.handle_bytes >> 2;
47*4882a593Smuzhiyun
48*4882a593Smuzhiyun /* we ask for a non connected handle */
49*4882a593Smuzhiyun retval = exportfs_encode_fh(path->dentry,
50*4882a593Smuzhiyun (struct fid *)handle->f_handle,
51*4882a593Smuzhiyun &handle_dwords, 0);
52*4882a593Smuzhiyun handle->handle_type = retval;
53*4882a593Smuzhiyun /* convert handle size to bytes */
54*4882a593Smuzhiyun handle_bytes = handle_dwords * sizeof(u32);
55*4882a593Smuzhiyun handle->handle_bytes = handle_bytes;
56*4882a593Smuzhiyun if ((handle->handle_bytes > f_handle.handle_bytes) ||
57*4882a593Smuzhiyun (retval == FILEID_INVALID) || (retval == -ENOSPC)) {
58*4882a593Smuzhiyun /* As per old exportfs_encode_fh documentation
59*4882a593Smuzhiyun * we could return ENOSPC to indicate overflow
60*4882a593Smuzhiyun * But file system returned 255 always. So handle
61*4882a593Smuzhiyun * both the values
62*4882a593Smuzhiyun */
63*4882a593Smuzhiyun /*
64*4882a593Smuzhiyun * set the handle size to zero so we copy only
65*4882a593Smuzhiyun * non variable part of the file_handle
66*4882a593Smuzhiyun */
67*4882a593Smuzhiyun handle_bytes = 0;
68*4882a593Smuzhiyun retval = -EOVERFLOW;
69*4882a593Smuzhiyun } else
70*4882a593Smuzhiyun retval = 0;
71*4882a593Smuzhiyun /* copy the mount id */
72*4882a593Smuzhiyun if (put_user(real_mount(path->mnt)->mnt_id, mnt_id) ||
73*4882a593Smuzhiyun copy_to_user(ufh, handle,
74*4882a593Smuzhiyun sizeof(struct file_handle) + handle_bytes))
75*4882a593Smuzhiyun retval = -EFAULT;
76*4882a593Smuzhiyun kfree(handle);
77*4882a593Smuzhiyun return retval;
78*4882a593Smuzhiyun }
79*4882a593Smuzhiyun
80*4882a593Smuzhiyun /**
81*4882a593Smuzhiyun * sys_name_to_handle_at: convert name to handle
82*4882a593Smuzhiyun * @dfd: directory relative to which name is interpreted if not absolute
83*4882a593Smuzhiyun * @name: name that should be converted to handle.
84*4882a593Smuzhiyun * @handle: resulting file handle
85*4882a593Smuzhiyun * @mnt_id: mount id of the file system containing the file
86*4882a593Smuzhiyun * @flag: flag value to indicate whether to follow symlink or not
87*4882a593Smuzhiyun *
88*4882a593Smuzhiyun * @handle->handle_size indicate the space available to store the
89*4882a593Smuzhiyun * variable part of the file handle in bytes. If there is not
90*4882a593Smuzhiyun * enough space, the field is updated to return the minimum
91*4882a593Smuzhiyun * value required.
92*4882a593Smuzhiyun */
SYSCALL_DEFINE5(name_to_handle_at,int,dfd,const char __user *,name,struct file_handle __user *,handle,int __user *,mnt_id,int,flag)93*4882a593Smuzhiyun SYSCALL_DEFINE5(name_to_handle_at, int, dfd, const char __user *, name,
94*4882a593Smuzhiyun struct file_handle __user *, handle, int __user *, mnt_id,
95*4882a593Smuzhiyun int, flag)
96*4882a593Smuzhiyun {
97*4882a593Smuzhiyun struct path path;
98*4882a593Smuzhiyun int lookup_flags;
99*4882a593Smuzhiyun int err;
100*4882a593Smuzhiyun
101*4882a593Smuzhiyun if ((flag & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
102*4882a593Smuzhiyun return -EINVAL;
103*4882a593Smuzhiyun
104*4882a593Smuzhiyun lookup_flags = (flag & AT_SYMLINK_FOLLOW) ? LOOKUP_FOLLOW : 0;
105*4882a593Smuzhiyun if (flag & AT_EMPTY_PATH)
106*4882a593Smuzhiyun lookup_flags |= LOOKUP_EMPTY;
107*4882a593Smuzhiyun err = user_path_at(dfd, name, lookup_flags, &path);
108*4882a593Smuzhiyun if (!err) {
109*4882a593Smuzhiyun err = do_sys_name_to_handle(&path, handle, mnt_id);
110*4882a593Smuzhiyun path_put(&path);
111*4882a593Smuzhiyun }
112*4882a593Smuzhiyun return err;
113*4882a593Smuzhiyun }
114*4882a593Smuzhiyun
get_vfsmount_from_fd(int fd)115*4882a593Smuzhiyun static struct vfsmount *get_vfsmount_from_fd(int fd)
116*4882a593Smuzhiyun {
117*4882a593Smuzhiyun struct vfsmount *mnt;
118*4882a593Smuzhiyun
119*4882a593Smuzhiyun if (fd == AT_FDCWD) {
120*4882a593Smuzhiyun struct fs_struct *fs = current->fs;
121*4882a593Smuzhiyun spin_lock(&fs->lock);
122*4882a593Smuzhiyun mnt = mntget(fs->pwd.mnt);
123*4882a593Smuzhiyun spin_unlock(&fs->lock);
124*4882a593Smuzhiyun } else {
125*4882a593Smuzhiyun struct fd f = fdget(fd);
126*4882a593Smuzhiyun if (!f.file)
127*4882a593Smuzhiyun return ERR_PTR(-EBADF);
128*4882a593Smuzhiyun mnt = mntget(f.file->f_path.mnt);
129*4882a593Smuzhiyun fdput(f);
130*4882a593Smuzhiyun }
131*4882a593Smuzhiyun return mnt;
132*4882a593Smuzhiyun }
133*4882a593Smuzhiyun
vfs_dentry_acceptable(void * context,struct dentry * dentry)134*4882a593Smuzhiyun static int vfs_dentry_acceptable(void *context, struct dentry *dentry)
135*4882a593Smuzhiyun {
136*4882a593Smuzhiyun return 1;
137*4882a593Smuzhiyun }
138*4882a593Smuzhiyun
do_handle_to_path(int mountdirfd,struct file_handle * handle,struct path * path)139*4882a593Smuzhiyun static int do_handle_to_path(int mountdirfd, struct file_handle *handle,
140*4882a593Smuzhiyun struct path *path)
141*4882a593Smuzhiyun {
142*4882a593Smuzhiyun int retval = 0;
143*4882a593Smuzhiyun int handle_dwords;
144*4882a593Smuzhiyun
145*4882a593Smuzhiyun path->mnt = get_vfsmount_from_fd(mountdirfd);
146*4882a593Smuzhiyun if (IS_ERR(path->mnt)) {
147*4882a593Smuzhiyun retval = PTR_ERR(path->mnt);
148*4882a593Smuzhiyun goto out_err;
149*4882a593Smuzhiyun }
150*4882a593Smuzhiyun /* change the handle size to multiple of sizeof(u32) */
151*4882a593Smuzhiyun handle_dwords = handle->handle_bytes >> 2;
152*4882a593Smuzhiyun path->dentry = exportfs_decode_fh(path->mnt,
153*4882a593Smuzhiyun (struct fid *)handle->f_handle,
154*4882a593Smuzhiyun handle_dwords, handle->handle_type,
155*4882a593Smuzhiyun vfs_dentry_acceptable, NULL);
156*4882a593Smuzhiyun if (IS_ERR(path->dentry)) {
157*4882a593Smuzhiyun retval = PTR_ERR(path->dentry);
158*4882a593Smuzhiyun goto out_mnt;
159*4882a593Smuzhiyun }
160*4882a593Smuzhiyun return 0;
161*4882a593Smuzhiyun out_mnt:
162*4882a593Smuzhiyun mntput(path->mnt);
163*4882a593Smuzhiyun out_err:
164*4882a593Smuzhiyun return retval;
165*4882a593Smuzhiyun }
166*4882a593Smuzhiyun
handle_to_path(int mountdirfd,struct file_handle __user * ufh,struct path * path)167*4882a593Smuzhiyun static int handle_to_path(int mountdirfd, struct file_handle __user *ufh,
168*4882a593Smuzhiyun struct path *path)
169*4882a593Smuzhiyun {
170*4882a593Smuzhiyun int retval = 0;
171*4882a593Smuzhiyun struct file_handle f_handle;
172*4882a593Smuzhiyun struct file_handle *handle = NULL;
173*4882a593Smuzhiyun
174*4882a593Smuzhiyun /*
175*4882a593Smuzhiyun * With handle we don't look at the execute bit on the
176*4882a593Smuzhiyun * the directory. Ideally we would like CAP_DAC_SEARCH.
177*4882a593Smuzhiyun * But we don't have that
178*4882a593Smuzhiyun */
179*4882a593Smuzhiyun if (!capable(CAP_DAC_READ_SEARCH)) {
180*4882a593Smuzhiyun retval = -EPERM;
181*4882a593Smuzhiyun goto out_err;
182*4882a593Smuzhiyun }
183*4882a593Smuzhiyun if (copy_from_user(&f_handle, ufh, sizeof(struct file_handle))) {
184*4882a593Smuzhiyun retval = -EFAULT;
185*4882a593Smuzhiyun goto out_err;
186*4882a593Smuzhiyun }
187*4882a593Smuzhiyun if ((f_handle.handle_bytes > MAX_HANDLE_SZ) ||
188*4882a593Smuzhiyun (f_handle.handle_bytes == 0)) {
189*4882a593Smuzhiyun retval = -EINVAL;
190*4882a593Smuzhiyun goto out_err;
191*4882a593Smuzhiyun }
192*4882a593Smuzhiyun handle = kmalloc(sizeof(struct file_handle) + f_handle.handle_bytes,
193*4882a593Smuzhiyun GFP_KERNEL);
194*4882a593Smuzhiyun if (!handle) {
195*4882a593Smuzhiyun retval = -ENOMEM;
196*4882a593Smuzhiyun goto out_err;
197*4882a593Smuzhiyun }
198*4882a593Smuzhiyun /* copy the full handle */
199*4882a593Smuzhiyun *handle = f_handle;
200*4882a593Smuzhiyun if (copy_from_user(&handle->f_handle,
201*4882a593Smuzhiyun &ufh->f_handle,
202*4882a593Smuzhiyun f_handle.handle_bytes)) {
203*4882a593Smuzhiyun retval = -EFAULT;
204*4882a593Smuzhiyun goto out_handle;
205*4882a593Smuzhiyun }
206*4882a593Smuzhiyun
207*4882a593Smuzhiyun retval = do_handle_to_path(mountdirfd, handle, path);
208*4882a593Smuzhiyun
209*4882a593Smuzhiyun out_handle:
210*4882a593Smuzhiyun kfree(handle);
211*4882a593Smuzhiyun out_err:
212*4882a593Smuzhiyun return retval;
213*4882a593Smuzhiyun }
214*4882a593Smuzhiyun
do_handle_open(int mountdirfd,struct file_handle __user * ufh,int open_flag)215*4882a593Smuzhiyun static long do_handle_open(int mountdirfd, struct file_handle __user *ufh,
216*4882a593Smuzhiyun int open_flag)
217*4882a593Smuzhiyun {
218*4882a593Smuzhiyun long retval = 0;
219*4882a593Smuzhiyun struct path path;
220*4882a593Smuzhiyun struct file *file;
221*4882a593Smuzhiyun int fd;
222*4882a593Smuzhiyun
223*4882a593Smuzhiyun retval = handle_to_path(mountdirfd, ufh, &path);
224*4882a593Smuzhiyun if (retval)
225*4882a593Smuzhiyun return retval;
226*4882a593Smuzhiyun
227*4882a593Smuzhiyun fd = get_unused_fd_flags(open_flag);
228*4882a593Smuzhiyun if (fd < 0) {
229*4882a593Smuzhiyun path_put(&path);
230*4882a593Smuzhiyun return fd;
231*4882a593Smuzhiyun }
232*4882a593Smuzhiyun file = file_open_root(path.dentry, path.mnt, "", open_flag, 0);
233*4882a593Smuzhiyun if (IS_ERR(file)) {
234*4882a593Smuzhiyun put_unused_fd(fd);
235*4882a593Smuzhiyun retval = PTR_ERR(file);
236*4882a593Smuzhiyun } else {
237*4882a593Smuzhiyun retval = fd;
238*4882a593Smuzhiyun fsnotify_open(file);
239*4882a593Smuzhiyun fd_install(fd, file);
240*4882a593Smuzhiyun }
241*4882a593Smuzhiyun path_put(&path);
242*4882a593Smuzhiyun return retval;
243*4882a593Smuzhiyun }
244*4882a593Smuzhiyun
245*4882a593Smuzhiyun /**
246*4882a593Smuzhiyun * sys_open_by_handle_at: Open the file handle
247*4882a593Smuzhiyun * @mountdirfd: directory file descriptor
248*4882a593Smuzhiyun * @handle: file handle to be opened
249*4882a593Smuzhiyun * @flags: open flags.
250*4882a593Smuzhiyun *
251*4882a593Smuzhiyun * @mountdirfd indicate the directory file descriptor
252*4882a593Smuzhiyun * of the mount point. file handle is decoded relative
253*4882a593Smuzhiyun * to the vfsmount pointed by the @mountdirfd. @flags
254*4882a593Smuzhiyun * value is same as the open(2) flags.
255*4882a593Smuzhiyun */
SYSCALL_DEFINE3(open_by_handle_at,int,mountdirfd,struct file_handle __user *,handle,int,flags)256*4882a593Smuzhiyun SYSCALL_DEFINE3(open_by_handle_at, int, mountdirfd,
257*4882a593Smuzhiyun struct file_handle __user *, handle,
258*4882a593Smuzhiyun int, flags)
259*4882a593Smuzhiyun {
260*4882a593Smuzhiyun long ret;
261*4882a593Smuzhiyun
262*4882a593Smuzhiyun if (force_o_largefile())
263*4882a593Smuzhiyun flags |= O_LARGEFILE;
264*4882a593Smuzhiyun
265*4882a593Smuzhiyun ret = do_handle_open(mountdirfd, handle, flags);
266*4882a593Smuzhiyun return ret;
267*4882a593Smuzhiyun }
268*4882a593Smuzhiyun
269*4882a593Smuzhiyun #ifdef CONFIG_COMPAT
270*4882a593Smuzhiyun /*
271*4882a593Smuzhiyun * Exactly like fs/open.c:sys_open_by_handle_at(), except that it
272*4882a593Smuzhiyun * doesn't set the O_LARGEFILE flag.
273*4882a593Smuzhiyun */
COMPAT_SYSCALL_DEFINE3(open_by_handle_at,int,mountdirfd,struct file_handle __user *,handle,int,flags)274*4882a593Smuzhiyun COMPAT_SYSCALL_DEFINE3(open_by_handle_at, int, mountdirfd,
275*4882a593Smuzhiyun struct file_handle __user *, handle, int, flags)
276*4882a593Smuzhiyun {
277*4882a593Smuzhiyun return do_handle_open(mountdirfd, handle, flags);
278*4882a593Smuzhiyun }
279*4882a593Smuzhiyun #endif
280