2005-09-06 15:17:57 -07:00
# ifndef _ASM_GENERIC_FCNTL_H
# define _ASM_GENERIC_FCNTL_H
2005-09-06 15:18:00 -07:00
# include <linux/types.h>
2009-12-17 21:24:25 -05:00
/*
* FMODE_EXEC is 0x20
2010-02-08 12:31:29 -05:00
* FMODE_NONOTIFY is 0x1000000
2009-12-17 21:24:25 -05:00
* These cannot be used by userspace O_ * until internal and external open
* flags are split .
* - Eric Paris
*/
2010-08-10 18:01:29 -07:00
/*
* When introducing new O_ * bits , please check its uniqueness in fcntl_init ( ) .
*/
2005-09-06 15:17:58 -07:00
# define O_ACCMODE 00000003
# define O_RDONLY 00000000
# define O_WRONLY 00000001
# define O_RDWR 00000002
# ifndef O_CREAT
# define O_CREAT 00000100 /* not fcntl */
# endif
# ifndef O_EXCL
# define O_EXCL 00000200 /* not fcntl */
# endif
# ifndef O_NOCTTY
# define O_NOCTTY 00000400 /* not fcntl */
# endif
# ifndef O_TRUNC
# define O_TRUNC 00001000 /* not fcntl */
# endif
# ifndef O_APPEND
# define O_APPEND 00002000
# endif
# ifndef O_NONBLOCK
# define O_NONBLOCK 00004000
# endif
2009-10-27 11:05:28 +01:00
# ifndef O_DSYNC
# define O_DSYNC 00010000 /* used to be O_SYNC, see below */
2005-09-06 15:17:58 -07:00
# endif
# ifndef FASYNC
# define FASYNC 00020000 /* fcntl, for BSD compatibility */
# endif
# ifndef O_DIRECT
# define O_DIRECT 00040000 /* direct disk access hint */
# endif
# ifndef O_LARGEFILE
# define O_LARGEFILE 00100000
# endif
# ifndef O_DIRECTORY
# define O_DIRECTORY 00200000 /* must be a directory */
# endif
# ifndef O_NOFOLLOW
# define O_NOFOLLOW 00400000 /* don't follow links */
# endif
# ifndef O_NOATIME
# define O_NOATIME 01000000
# endif
Introduce O_CLOEXEC
The problem is as follows: in multi-threaded code (or more correctly: all
code using clone() with CLONE_FILES) we have a race when exec'ing.
thread #1 thread #2
fd=open()
fork + exec
fcntl(fd,F_SETFD,FD_CLOEXEC)
In some applications this can happen frequently. Take a web browser. One
thread opens a file and another thread starts, say, an external PDF viewer.
The result can even be a security issue if that open file descriptor
refers to a sensitive file and the external program can somehow be tricked
into using that descriptor.
Just adding O_CLOEXEC support to open() doesn't solve the whole set of
problems. There are other ways to create file descriptors (socket,
epoll_create, Unix domain socket transfer, etc). These can and should be
addressed separately though. open() is such an easy case that it makes not
much sense putting the fix off.
The test program:
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#ifndef O_CLOEXEC
# define O_CLOEXEC 02000000
#endif
int
main (int argc, char *argv[])
{
int fd;
if (argc > 1)
{
fd = atol (argv[1]);
printf ("child: fd = %d\n", fd);
if (fcntl (fd, F_GETFD) == 0 || errno != EBADF)
{
puts ("file descriptor valid in child");
return 1;
}
return 0;
}
fd = open ("/proc/self/exe", O_RDONLY | O_CLOEXEC);
printf ("in parent: new fd = %d\n", fd);
char buf[20];
snprintf (buf, sizeof (buf), "%d", fd);
execl ("/proc/self/exe", argv[0], buf, NULL);
puts ("execl failed");
return 1;
}
[kyle@parisc-linux.org: parisc fix]
Signed-off-by: Ulrich Drepper <drepper@redhat.com>
Acked-by: Ingo Molnar <mingo@elte.hu>
Cc: Davide Libenzi <davidel@xmailserver.org>
Cc: Michael Kerrisk <mtk-manpages@gmx.net>
Cc: Chris Zankel <chris@zankel.net>
Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-15 23:40:32 -07:00
# ifndef O_CLOEXEC
# define O_CLOEXEC 02000000 /* set close_on_exec */
# endif
2009-10-27 11:05:28 +01:00
/*
2009-12-17 14:24:20 +01:00
* Before Linux 2.6 .33 only O_DSYNC semantics were implemented , but using
2009-10-27 11:05:28 +01:00
* the O_SYNC flag . We continue to use the existing numerical value
* for O_DSYNC semantics now , but using the correct symbolic name for it .
* This new value is used to request true Posix O_SYNC semantics . It is
* defined in this strange way to make sure applications compiled against
* new headers get at least O_DSYNC semantics on older kernels .
*
* This has the nice side - effect that we can simply test for O_DSYNC
* wherever we do not care if O_DSYNC or O_SYNC is used .
*
* Note : __O_SYNC must never be used directly .
*/
# ifndef O_SYNC
# define __O_SYNC 04000000
# define O_SYNC (__O_SYNC|O_DSYNC)
# endif
New kind of open files - "location only".
New flag for open(2) - O_PATH. Semantics:
* pathname is resolved, but the file itself is _NOT_ opened
as far as filesystem is concerned.
* almost all operations on the resulting descriptors shall
fail with -EBADF. Exceptions are:
1) operations on descriptors themselves (i.e.
close(), dup(), dup2(), dup3(), fcntl(fd, F_DUPFD),
fcntl(fd, F_DUPFD_CLOEXEC, ...), fcntl(fd, F_GETFD),
fcntl(fd, F_SETFD, ...))
2) fcntl(fd, F_GETFL), for a common non-destructive way to
check if descriptor is open
3) "dfd" arguments of ...at(2) syscalls, i.e. the starting
points of pathname resolution
* closing such descriptor does *NOT* affect dnotify or
posix locks.
* permissions are checked as usual along the way to file;
no permission checks are applied to the file itself. Of course,
giving such thing to syscall will result in permission checks (at
the moment it means checking that starting point of ....at() is
a directory and caller has exec permissions on it).
fget() and fget_light() return NULL on such descriptors; use of
fget_raw() and fget_raw_light() is needed to get them. That protects
existing code from dealing with those things.
There are two things still missing (they come in the next commits):
one is handling of symlinks (right now we refuse to open them that
way; see the next commit for semantics related to those) and another
is descriptor passing via SCM_RIGHTS datagrams.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-03-13 03:51:11 -04:00
# ifndef O_PATH
# define O_PATH 010000000
# endif
2005-09-06 15:17:58 -07:00
# ifndef O_NDELAY
# define O_NDELAY O_NONBLOCK
# endif
2005-09-06 15:17:57 -07:00
# define F_DUPFD 0 /* dup */
# define F_GETFD 1 /* get close_on_exec */
# define F_SETFD 2 /* set/clear close_on_exec */
# define F_GETFL 3 /* get file->f_flags */
# define F_SETFL 4 /* set file->f_flags */
2005-09-06 15:17:59 -07:00
# ifndef F_GETLK
# define F_GETLK 5
# define F_SETLK 6
# define F_SETLKW 7
# endif
# ifndef F_SETOWN
# define F_SETOWN 8 /* for sockets. */
# define F_GETOWN 9 /* for sockets. */
# endif
# ifndef F_SETSIG
# define F_SETSIG 10 /* for sockets. */
# define F_GETSIG 11 /* for sockets. */
# endif
2009-11-11 14:26:27 -08:00
# ifndef CONFIG_64BIT
# ifndef F_GETLK64
# define F_GETLK64 12 /* using 'struct flock64' */
# define F_SETLK64 13
# define F_SETLKW64 14
# endif
# endif
2009-09-23 15:57:03 -07:00
# ifndef F_SETOWN_EX
2009-11-11 14:26:27 -08:00
# define F_SETOWN_EX 15
# define F_GETOWN_EX 16
2009-09-23 15:57:03 -07:00
# endif
# define F_OWNER_TID 0
# define F_OWNER_PID 1
2009-11-17 14:06:24 -08:00
# define F_OWNER_PGRP 2
2009-09-23 15:57:03 -07:00
struct f_owner_ex {
int type ;
2010-10-06 15:03:47 -07:00
__kernel_pid_t pid ;
2009-09-23 15:57:03 -07:00
} ;
2005-09-06 15:17:57 -07:00
/* for F_[GET|SET]FL */
# define FD_CLOEXEC 1 /* actually anything with low bit set goes */
2005-09-06 15:17:59 -07:00
/* for posix fcntl() and lockf() */
# ifndef F_RDLCK
# define F_RDLCK 0
# define F_WRLCK 1
# define F_UNLCK 2
# endif
/* for old implementation of bsd flock () */
# ifndef F_EXLCK
# define F_EXLCK 4 /* or 3 */
# define F_SHLCK 8 /* or 4 */
# endif
/* for leases */
# ifndef F_INPROGRESS
# define F_INPROGRESS 16
# endif
2005-09-06 15:17:57 -07:00
/* operations for bsd flock(), also used by the kernel implementation */
# define LOCK_SH 1 /* shared lock */
# define LOCK_EX 2 /* exclusive lock */
# define LOCK_NB 4 / * or'd with one of the above to prevent
blocking */
# define LOCK_UN 8 /* remove lock */
# define LOCK_MAND 32 /* This is a mandatory flock ... */
# define LOCK_READ 64 /* which allows concurrent read operations */
# define LOCK_WRITE 128 /* which allows concurrent write operations */
# define LOCK_RW 192 /* which allows concurrent read & write ops */
# define F_LINUX_SPECIFIC_BASE 1024
2005-09-06 15:18:00 -07:00
# ifndef HAVE_ARCH_STRUCT_FLOCK
# ifndef __ARCH_FLOCK_PAD
# define __ARCH_FLOCK_PAD
# endif
struct flock {
short l_type ;
short l_whence ;
make exported headers use strict posix types
A number of standard posix types are used in exported headers, which
is not allowed if __STRICT_KERNEL_NAMES is defined. In order to
get rid of the non-__STRICT_KERNEL_NAMES part and to make sane headers
the default, we have to change them all to safe types.
There are also still some leftovers in reiserfs_fs.h, elfcore.h
and coda.h, but these files have not compiled in user space for
a long time.
This leaves out the various integer types ({u_,u,}int{8,16,32,64}_t),
which we take care of separately.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Cc: David Airlie <airlied@linux.ie>
Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Cc: netdev@vger.kernel.org
Cc: linux-ppp@vger.kernel.org
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-02-26 00:51:39 +01:00
__kernel_off_t l_start ;
__kernel_off_t l_len ;
__kernel_pid_t l_pid ;
2005-09-06 15:18:00 -07:00
__ARCH_FLOCK_PAD
} ;
# endif
2005-09-06 15:18:01 -07:00
# ifndef CONFIG_64BIT
# ifndef HAVE_ARCH_STRUCT_FLOCK64
# ifndef __ARCH_FLOCK64_PAD
# define __ARCH_FLOCK64_PAD
# endif
struct flock64 {
short l_type ;
short l_whence ;
make exported headers use strict posix types
A number of standard posix types are used in exported headers, which
is not allowed if __STRICT_KERNEL_NAMES is defined. In order to
get rid of the non-__STRICT_KERNEL_NAMES part and to make sane headers
the default, we have to change them all to safe types.
There are also still some leftovers in reiserfs_fs.h, elfcore.h
and coda.h, but these files have not compiled in user space for
a long time.
This leaves out the various integer types ({u_,u,}int{8,16,32,64}_t),
which we take care of separately.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Cc: David Airlie <airlied@linux.ie>
Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Cc: netdev@vger.kernel.org
Cc: linux-ppp@vger.kernel.org
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-02-26 00:51:39 +01:00
__kernel_loff_t l_start ;
__kernel_loff_t l_len ;
__kernel_pid_t l_pid ;
2005-09-06 15:18:01 -07:00
__ARCH_FLOCK64_PAD
} ;
# endif
# endif /* !CONFIG_64BIT */
2005-09-06 15:17:57 -07:00
# endif /* _ASM_GENERIC_FCNTL_H */