This flag indicates the path should be opened if it's a regular file. This is useful to write secure programs that want to avoid being tricked into opening device nodes with special semantics while thinking they operate on regular files. This is a requested feature from the uapi-group[1].
A corresponding error code EFTYPE has been introduced. For example, if openat2 is called on path /dev/null with OPENAT2_REGULAR in the flag param, it will return -EFTYPE. EFTYPE is already used in BSD systems like FreeBSD, macOS. When used in combination with O_CREAT, either the regular file is created, or if the path already exists, it is opened if it's a regular file. Otherwise, -EFTYPE is returned. When OPENAT2_REGULAR is combined with O_DIRECTORY, -EINVAL is returned as it doesn't make sense to open a path that is both a directory and a regular file. [1]: https://uapi-group.org/kernel-features/#ability-to-only-open-regular-files Signed-off-by: Dorjoy Chowdhury <[email protected]> --- arch/alpha/include/uapi/asm/errno.h | 2 ++ arch/alpha/include/uapi/asm/fcntl.h | 1 + arch/mips/include/uapi/asm/errno.h | 2 ++ arch/parisc/include/uapi/asm/errno.h | 2 ++ arch/parisc/include/uapi/asm/fcntl.h | 1 + arch/sparc/include/uapi/asm/errno.h | 2 ++ arch/sparc/include/uapi/asm/fcntl.h | 1 + fs/ceph/file.c | 4 ++++ fs/gfs2/inode.c | 6 ++++++ fs/namei.c | 4 ++++ fs/nfs/dir.c | 4 ++++ fs/open.c | 4 +++- fs/smb/client/dir.c | 14 +++++++++++++- include/linux/fcntl.h | 2 ++ include/uapi/asm-generic/errno.h | 2 ++ include/uapi/asm-generic/fcntl.h | 4 ++++ tools/arch/alpha/include/uapi/asm/errno.h | 2 ++ tools/arch/mips/include/uapi/asm/errno.h | 2 ++ tools/arch/parisc/include/uapi/asm/errno.h | 2 ++ tools/arch/sparc/include/uapi/asm/errno.h | 2 ++ tools/include/uapi/asm-generic/errno.h | 2 ++ 21 files changed, 63 insertions(+), 2 deletions(-) diff --git a/arch/alpha/include/uapi/asm/errno.h b/arch/alpha/include/uapi/asm/errno.h index 6791f6508632..1a99f38813c7 100644 --- a/arch/alpha/include/uapi/asm/errno.h +++ b/arch/alpha/include/uapi/asm/errno.h @@ -127,4 +127,6 @@ #define EHWPOISON 139 /* Memory page has hardware error */ +#define EFTYPE 140 /* Wrong file type for the intended operation */ + #endif diff --git a/arch/alpha/include/uapi/asm/fcntl.h b/arch/alpha/include/uapi/asm/fcntl.h index 50bdc8e8a271..fe488bf7c18e 100644 --- a/arch/alpha/include/uapi/asm/fcntl.h +++ b/arch/alpha/include/uapi/asm/fcntl.h @@ -34,6 +34,7 @@ #define O_PATH 040000000 #define __O_TMPFILE 0100000000 +#define OPENAT2_REGULAR 0200000000 #define F_GETLK 7 #define F_SETLK 8 diff --git a/arch/mips/include/uapi/asm/errno.h b/arch/mips/include/uapi/asm/errno.h index c01ed91b1ef4..1835a50b69ce 100644 --- a/arch/mips/include/uapi/asm/errno.h +++ b/arch/mips/include/uapi/asm/errno.h @@ -126,6 +126,8 @@ #define EHWPOISON 168 /* Memory page has hardware error */ +#define EFTYPE 169 /* Wrong file type for the intended operation */ + #define EDQUOT 1133 /* Quota exceeded */ diff --git a/arch/parisc/include/uapi/asm/errno.h b/arch/parisc/include/uapi/asm/errno.h index 8cbc07c1903e..93194fbb0a80 100644 --- a/arch/parisc/include/uapi/asm/errno.h +++ b/arch/parisc/include/uapi/asm/errno.h @@ -124,4 +124,6 @@ #define EHWPOISON 257 /* Memory page has hardware error */ +#define EFTYPE 258 /* Wrong file type for the intended operation */ + #endif diff --git a/arch/parisc/include/uapi/asm/fcntl.h b/arch/parisc/include/uapi/asm/fcntl.h index 03dee816cb13..d46812f2f0f4 100644 --- a/arch/parisc/include/uapi/asm/fcntl.h +++ b/arch/parisc/include/uapi/asm/fcntl.h @@ -19,6 +19,7 @@ #define O_PATH 020000000 #define __O_TMPFILE 040000000 +#define OPENAT2_REGULAR 0100000000 #define F_GETLK64 8 #define F_SETLK64 9 diff --git a/arch/sparc/include/uapi/asm/errno.h b/arch/sparc/include/uapi/asm/errno.h index 4a41e7835fd5..71940ec9130b 100644 --- a/arch/sparc/include/uapi/asm/errno.h +++ b/arch/sparc/include/uapi/asm/errno.h @@ -117,4 +117,6 @@ #define EHWPOISON 135 /* Memory page has hardware error */ +#define EFTYPE 136 /* Wrong file type for the intended operation */ + #endif diff --git a/arch/sparc/include/uapi/asm/fcntl.h b/arch/sparc/include/uapi/asm/fcntl.h index 67dae75e5274..bb6e9fa94bc9 100644 --- a/arch/sparc/include/uapi/asm/fcntl.h +++ b/arch/sparc/include/uapi/asm/fcntl.h @@ -37,6 +37,7 @@ #define O_PATH 0x1000000 #define __O_TMPFILE 0x2000000 +#define OPENAT2_REGULAR 0x4000000 #define F_GETOWN 5 /* for sockets. */ #define F_SETOWN 6 /* for sockets. */ diff --git a/fs/ceph/file.c b/fs/ceph/file.c index 66bbf6d517a9..6d8d4c7765e6 100644 --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -977,6 +977,10 @@ int ceph_atomic_open(struct inode *dir, struct dentry *dentry, ceph_init_inode_acls(newino, &as_ctx); file->f_mode |= FMODE_CREATED; } + if ((flags & OPENAT2_REGULAR) && !d_is_reg(dentry)) { + err = -EFTYPE; + goto out_req; + } err = finish_open(file, dentry, ceph_open); } out_req: diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c index 8344040ecaf7..4604e2e8a9cc 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c @@ -738,6 +738,12 @@ static int gfs2_create_inode(struct inode *dir, struct dentry *dentry, inode = gfs2_dir_search(dir, &dentry->d_name, !S_ISREG(mode) || excl); error = PTR_ERR(inode); if (!IS_ERR(inode)) { + if (file && (file->f_flags & OPENAT2_REGULAR) && !S_ISREG(inode->i_mode)) { + iput(inode); + inode = NULL; + error = -EFTYPE; + goto fail_gunlock; + } if (S_ISDIR(inode->i_mode)) { iput(inode); inode = NULL; diff --git a/fs/namei.c b/fs/namei.c index 58f715f7657e..2a47289262bd 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -4651,6 +4651,10 @@ static int do_open(struct nameidata *nd, if (unlikely(error)) return error; } + + if ((open_flag & OPENAT2_REGULAR) && !d_is_reg(nd->path.dentry)) + return -EFTYPE; + if ((nd->flags & LOOKUP_DIRECTORY) && !d_can_lookup(nd->path.dentry)) return -ENOTDIR; diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index 2402f57c8e7d..d8037c119317 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -2195,6 +2195,10 @@ int nfs_atomic_open(struct inode *dir, struct dentry *dentry, break; case -EISDIR: case -ENOTDIR: + if (open_flags & OPENAT2_REGULAR) { + err = -EFTYPE; + break; + } goto no_open; case -ELOOP: if (!(open_flags & O_NOFOLLOW)) diff --git a/fs/open.c b/fs/open.c index 4f0a76dc8993..026b59af6124 100644 --- a/fs/open.c +++ b/fs/open.c @@ -1195,7 +1195,7 @@ inline int build_open_flags(const struct open_how *how, struct open_flags *op) * values before calling build_open_flags(), but openat2(2) checks all * of its arguments. */ - if (flags & ~VALID_OPEN_FLAGS) + if (flags & ~VALID_OPENAT2_FLAGS) return -EINVAL; if (how->resolve & ~VALID_RESOLVE_FLAGS) return -EINVAL; @@ -1234,6 +1234,8 @@ inline int build_open_flags(const struct open_how *how, struct open_flags *op) return -EINVAL; if (!(acc_mode & MAY_WRITE)) return -EINVAL; + } else if ((flags & O_DIRECTORY) && (flags & OPENAT2_REGULAR)) { + return -EINVAL; } if (flags & O_PATH) { /* O_PATH only permits certain other flags to be set. */ diff --git a/fs/smb/client/dir.c b/fs/smb/client/dir.c index 953f1fee8cb8..355681ebacf1 100644 --- a/fs/smb/client/dir.c +++ b/fs/smb/client/dir.c @@ -222,6 +222,13 @@ static int cifs_do_create(struct inode *inode, struct dentry *direntry, unsigned goto cifs_create_get_file_info; } + if ((oflags & OPENAT2_REGULAR) && !S_ISREG(newinode->i_mode)) { + CIFSSMBClose(xid, tcon, fid->netfid); + iput(newinode); + rc = -EFTYPE; + goto out; + } + if (S_ISDIR(newinode->i_mode)) { CIFSSMBClose(xid, tcon, fid->netfid); iput(newinode); @@ -436,11 +443,16 @@ static int cifs_do_create(struct inode *inode, struct dentry *direntry, unsigned goto out_err; } - if (newinode) + if (newinode) { + if ((oflags & OPENAT2_REGULAR) && !S_ISREG(newinode->i_mode)) { + rc = -EFTYPE; + goto out_err; + } if (S_ISDIR(newinode->i_mode)) { rc = -EISDIR; goto out_err; } + } d_drop(direntry); d_add(direntry, newinode); diff --git a/include/linux/fcntl.h b/include/linux/fcntl.h index d1bb87ff70e3..a6c692773af8 100644 --- a/include/linux/fcntl.h +++ b/include/linux/fcntl.h @@ -15,6 +15,8 @@ /* upper 32-bit flags (openat2(2) only) */ \ OPENAT2_EMPTY_PATH) +#define VALID_OPENAT2_FLAGS (VALID_OPEN_FLAGS | OPENAT2_REGULAR) + /* List of all valid flags for the how->resolve argument: */ #define VALID_RESOLVE_FLAGS \ (RESOLVE_NO_XDEV | RESOLVE_NO_MAGICLINKS | RESOLVE_NO_SYMLINKS | \ diff --git a/include/uapi/asm-generic/errno.h b/include/uapi/asm-generic/errno.h index 92e7ae493ee3..bd78e69e0a43 100644 --- a/include/uapi/asm-generic/errno.h +++ b/include/uapi/asm-generic/errno.h @@ -122,4 +122,6 @@ #define EHWPOISON 133 /* Memory page has hardware error */ +#define EFTYPE 134 /* Wrong file type for the intended operation */ + #endif diff --git a/include/uapi/asm-generic/fcntl.h b/include/uapi/asm-generic/fcntl.h index 613475285643..b2c2ddd0edc0 100644 --- a/include/uapi/asm-generic/fcntl.h +++ b/include/uapi/asm-generic/fcntl.h @@ -88,6 +88,10 @@ #define __O_TMPFILE 020000000 #endif +#ifndef OPENAT2_REGULAR +#define OPENAT2_REGULAR 040000000 +#endif + /* a horrid kludge trying to make sure that this will fail on old kernels */ #define O_TMPFILE (__O_TMPFILE | O_DIRECTORY) diff --git a/tools/arch/alpha/include/uapi/asm/errno.h b/tools/arch/alpha/include/uapi/asm/errno.h index 6791f6508632..1a99f38813c7 100644 --- a/tools/arch/alpha/include/uapi/asm/errno.h +++ b/tools/arch/alpha/include/uapi/asm/errno.h @@ -127,4 +127,6 @@ #define EHWPOISON 139 /* Memory page has hardware error */ +#define EFTYPE 140 /* Wrong file type for the intended operation */ + #endif diff --git a/tools/arch/mips/include/uapi/asm/errno.h b/tools/arch/mips/include/uapi/asm/errno.h index c01ed91b1ef4..1835a50b69ce 100644 --- a/tools/arch/mips/include/uapi/asm/errno.h +++ b/tools/arch/mips/include/uapi/asm/errno.h @@ -126,6 +126,8 @@ #define EHWPOISON 168 /* Memory page has hardware error */ +#define EFTYPE 169 /* Wrong file type for the intended operation */ + #define EDQUOT 1133 /* Quota exceeded */ diff --git a/tools/arch/parisc/include/uapi/asm/errno.h b/tools/arch/parisc/include/uapi/asm/errno.h index 8cbc07c1903e..93194fbb0a80 100644 --- a/tools/arch/parisc/include/uapi/asm/errno.h +++ b/tools/arch/parisc/include/uapi/asm/errno.h @@ -124,4 +124,6 @@ #define EHWPOISON 257 /* Memory page has hardware error */ +#define EFTYPE 258 /* Wrong file type for the intended operation */ + #endif diff --git a/tools/arch/sparc/include/uapi/asm/errno.h b/tools/arch/sparc/include/uapi/asm/errno.h index 4a41e7835fd5..71940ec9130b 100644 --- a/tools/arch/sparc/include/uapi/asm/errno.h +++ b/tools/arch/sparc/include/uapi/asm/errno.h @@ -117,4 +117,6 @@ #define EHWPOISON 135 /* Memory page has hardware error */ +#define EFTYPE 136 /* Wrong file type for the intended operation */ + #endif diff --git a/tools/include/uapi/asm-generic/errno.h b/tools/include/uapi/asm-generic/errno.h index 92e7ae493ee3..bd78e69e0a43 100644 --- a/tools/include/uapi/asm-generic/errno.h +++ b/tools/include/uapi/asm-generic/errno.h @@ -122,4 +122,6 @@ #define EHWPOISON 133 /* Memory page has hardware error */ +#define EFTYPE 134 /* Wrong file type for the intended operation */ + #endif -- 2.53.0
