Commit 116cc022 authored by Miklos Szeredi's avatar Miklos Szeredi Committed by Al Viro

vfs: don't set FILE_CREATED before calling ->atomic_open()

If O_CREAT|O_EXCL are passed to open, then we know that either

 - the file is successfully created, or
 - the operation fails in some way.

So previously we set FILE_CREATED before calling ->atomic_open() so the
filesystem doesn't have to.  This, however, led to bugs in the
implementation that went unnoticed when the filesystem didn't check for
existence, yet returned success.  To prevent this kind of bug, require
filesystems to always explicitly set FILE_CREATED on O_CREAT|O_EXCL and
verify this in the VFS.

Also added a couple more verifications for the result of atomic_open():

 - Warn if filesystem set FILE_CREATED despite the lack of O_CREAT.
 - Warn if filesystem set FILE_CREATED but gave a negative dentry.
Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 01c919ab
...@@ -2656,6 +2656,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry, ...@@ -2656,6 +2656,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry,
int acc_mode; int acc_mode;
int create_error = 0; int create_error = 0;
struct dentry *const DENTRY_NOT_SET = (void *) -1UL; struct dentry *const DENTRY_NOT_SET = (void *) -1UL;
bool excl;
BUG_ON(dentry->d_inode); BUG_ON(dentry->d_inode);
...@@ -2669,10 +2670,9 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry, ...@@ -2669,10 +2670,9 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry,
if ((open_flag & O_CREAT) && !IS_POSIXACL(dir)) if ((open_flag & O_CREAT) && !IS_POSIXACL(dir))
mode &= ~current_umask(); mode &= ~current_umask();
if ((open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT)) { excl = (open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT);
if (excl)
open_flag &= ~O_TRUNC; open_flag &= ~O_TRUNC;
*opened |= FILE_CREATED;
}
/* /*
* Checking write permission is tricky, bacuse we don't know if we are * Checking write permission is tricky, bacuse we don't know if we are
...@@ -2726,7 +2726,11 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry, ...@@ -2726,7 +2726,11 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry,
} }
acc_mode = op->acc_mode; acc_mode = op->acc_mode;
if (WARN_ON(excl && !(*opened & FILE_CREATED)))
*opened |= FILE_CREATED;
if (*opened & FILE_CREATED) { if (*opened & FILE_CREATED) {
WARN_ON(!(open_flag & O_CREAT));
fsnotify_create(dir, dentry); fsnotify_create(dir, dentry);
acc_mode = MAY_OPEN; acc_mode = MAY_OPEN;
} }
...@@ -2740,6 +2744,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry, ...@@ -2740,6 +2744,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry,
dput(dentry); dput(dentry);
dentry = file->f_path.dentry; dentry = file->f_path.dentry;
} }
WARN_ON(!dentry->d_inode && (*opened & FILE_CREATED));
if (create_error && dentry->d_inode == NULL) { if (create_error && dentry->d_inode == NULL) {
error = create_error; error = create_error;
goto out; goto out;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment