[PATCH 05/17] make build_open_flags() treat O_CREAT | O_EXCL as implying O_NOFOLLOW

From: Al Viro
Date: Sat Jan 18 2020 - 22:19:34 EST

Next message: Al Viro: "[PATCH 06/17] handle_mounts(): start building a sane wrapper for follow_managed()"
Previous message: Al Viro: "[PATCH 04/17] follow_automount() doesn't need the entire nameidata"
In reply to: Al Viro: "[PATCH 04/17] follow_automount() doesn't need the entire nameidata"
Next in thread: Al Viro: "[PATCH 06/17] handle_mounts(): start building a sane wrapper for follow_managed()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

O_CREAT | O_EXCL means "-EEXIST if we run into a trailing symlink".
As it is, we might or might not have LOOKUP_FOLLOW in op->intent
in that case - that depends upon having O_NOFOLLOW in open flags.
It doesn't matter, since we won't be checking it in that case -
do_last() bails out earlier.

However, making sure it's not set (i.e. acting as if we had an explicit
O_NOFOLLOW) makes the behaviour more explicit and allows to reorder the
check for O_CREAT | O_EXCL in do_last() with the call of step_into()
immediately following it.

Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
---
fs/namei.c | 15 +++++----------
fs/open.c | 4 +++-
2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/fs/namei.c b/fs/namei.c
index 3b6f60c02f8a..c19b458f66da 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3262,22 +3262,17 @@ static int do_last(struct nameidata *nd,
if (unlikely(error < 0))
return error;

- /*
- * create/update audit record if it already exists.
- */
- audit_inode(nd->name, path.dentry, 0);
-
- if (unlikely((open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT))) {
- path_to_nameidata(&path, nd);
- return -EEXIST;
- }
-
seq = 0; /* out of RCU mode, so the value doesn't matter */
inode = d_backing_inode(path.dentry);
finish_lookup:
error = step_into(nd, &path, 0, inode, seq);
if (unlikely(error))
return error;
+
+ if (unlikely((open_flag & (O_EXCL | O_CREAT)) == (O_EXCL | O_CREAT))) {
+ audit_inode(nd->name, nd->path.dentry, 0);
+ return -EEXIST;
+ }
finish_open:
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
error = complete_walk(nd);
diff --git a/fs/open.c b/fs/open.c
index b62f5c0923a8..ba7009a5dd1a 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -1014,8 +1014,10 @@ static inline int build_open_flags(int flags, umode_t mode, struct open_flags *o

if (flags & O_CREAT) {
op->intent |= LOOKUP_CREATE;
- if (flags & O_EXCL)
+ if (flags & O_EXCL) {
op->intent |= LOOKUP_EXCL;
+ flags |= O_NOFOLLOW;
+ }
}

if (flags & O_DIRECTORY)
--
2.20.1

Next message: Al Viro: "[PATCH 06/17] handle_mounts(): start building a sane wrapper for follow_managed()"
Previous message: Al Viro: "[PATCH 04/17] follow_automount() doesn't need the entire nameidata"
In reply to: Al Viro: "[PATCH 04/17] follow_automount() doesn't need the entire nameidata"
Next in thread: Al Viro: "[PATCH 06/17] handle_mounts(): start building a sane wrapper for follow_managed()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]