fs/fcntl.c



/*
* linux/fs/fcntl.c
*
* Copyright (C) 1991, 1992 Linus Torvalds
*/

#include

#include
#include
#include
#include
#include
#include

extern int fcntl_getlk(unsigned int, struct flock *);
extern int fcntl_setlk(unsigned int, unsigned int, struct flock *);
extern int sock_fcntl (struct file *, unsigned int cmd, unsigned long arg);

static int dupfd(unsigned int fd, unsigned int arg)
{
if (fd >= NR_OPEN || !current->files->fd[fd])
return -EBADF;
if (arg >= NR_OPEN)
return -EINVAL;
while (arg < NR_OPEN)
if (current->files->fd[arg])
arg++;
else
break;
if (arg >= NR_OPEN)
return -EMFILE;
FD_CLR(arg, ¤t->files->close_on_exec);
(current->files->fd[arg] = current->files->fd[fd])->f_count++;
return arg;
}

asmlinkage int sys_dup2(unsigned int oldfd, unsigned int newfd)
{
if (oldfd >= NR_OPEN || !current->files->fd[oldfd])
return -EBADF;
if (newfd == oldfd)
return newfd;
/*
* errno's for dup2() are slightly different than for fcntl(F_DUPFD)
* for historical reasons.
*/
if (newfd > NR_OPEN) /* historical botch - should have been >= */
return -EBADF; /* dupfd() would return -EINVAL */
#if 1
if (newfd == NR_OPEN)
return -EBADF; /* dupfd() does return -EINVAL and that may
* even be the standard! But that is too
* weird for now.
*/
#endif
sys_close(newfd);
return dupfd(oldfd,newfd);
}



asmlinkage int sys_dup(unsigned int fildes)
{
return dupfd(fildes,0);
}

asmlinkage int sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg)
{
struct file * filp;
struct task_struct *p;
int task_found = 0;

if (fd >= NR_OPEN || !(filp = current->files->fd[fd]))
return -EBADF;
switch (cmd) {
case F_DUPFD:
return dupfd(fd,arg);
case F_GETFD:
return FD_ISSET(fd, ¤t->files->close_on_exec);
case F_SETFD:
if (arg&1)
FD_SET(fd, ¤t->files->close_on_exec);
else
FD_CLR(fd, ¤t->files->close_on_exec);
return 0;
case F_GETFL:
return filp->f_flags;
case F_SETFL:
/*
* In the case of an append-only file, O_APPEND
* cannot be cleared
*/
if (IS_APPEND(filp->f_inode) && !(arg & O_APPEND))
return -EPERM;
if ((arg & FASYNC) && !(filp->f_flags & FASYNC) &&
filp->f_op->fasync)
filp->f_op->fasync(filp->f_inode, filp, 1);
if (!(arg & FASYNC) && (filp->f_flags & FASYNC) &&
filp->f_op->fasync)
filp->f_op->fasync(filp->f_inode, filp, 0);
filp->f_flags &= ~(O_APPEND | O_NONBLOCK | FASYNC);
filp->f_flags |= arg & (O_APPEND | O_NONBLOCK |
FASYNC);
return 0;
case F_GETLK:
return fcntl_getlk(fd, (struct flock *) arg);
case F_SETLK:
return fcntl_setlk(fd, cmd, (struct flock *) arg);
case F_SETLKW:
return fcntl_setlk(fd, cmd, (struct flock *) arg);
case F_GETOWN:
/*
* XXX If f_owner is a process group, the
* negative return value will get converted
* into an error. Oops. If we keep the the
* current syscall conventions, the only way
* to fix this will be in libc.
*/
return filp->f_owner;
case F_SETOWN:
/*
* Add the security checks - AC. Without
* this there is a massive Linux security
* hole here - consider what happens if
* you do something like
*
* fcntl(0,F_SETOWN,some_root_process);
* getchar();
*
* and input a line!
*
* BTW: Don't try this for fun. Several Unix
* systems I tried this on fall for the
* trick!
*
* I had to fix this botch job as Linux
* kill_fasync asserts priv making it a
* free all user process killer!
*
* Changed to make the security checks more
* liberal. -- TYT
*/
if (current->pgrp == -arg || current->pid == arg)
goto fasync_ok;

for_each_task(p) {
if ((p->pid == arg) || (p->pid == -arg) ||
(p->pgrp == -arg)) {
task_found++;
if ((p->session != current->session) &&
(p->uid != current->uid) &&
(p->euid != current->euid) &&
!suser())
return -EPERM;
break;
}
}
if ((task_found == 0) && !suser())
return -EINVAL;
fasync_ok:
filp->f_owner = arg;
if (S_ISSOCK (filp->f_inode->i_mode))
sock_fcntl (filp, F_SETOWN, arg);
return 0;
default:
/* sockets need a few special fcntls. */
if (S_ISSOCK (filp->f_inode->i_mode))
{
return (sock_fcntl (filp, cmd, arg));
}
return -EINVAL;
}
}

void kill_fasync(struct fasync_struct *fa, int sig)
{
while (fa) {
if (fa->magic != FASYNC_MAGIC) {
printk("kill_fasync: bad magic number in "
"fasync_struct!\n");
return;
}
if (fa->fa_file->f_owner > 0)
kill_proc(fa->fa_file->f_owner, sig, 1);
else
kill_pg(-fa->fa_file->f_owner, sig, 1);
fa = fa->fa_next;
}
}