glibc/sysdeps/unix/sysv/linux/faccessat.c
Joseph Myers 809fdf0d23 Remove __ASSUME_ATFCTS conditionals in sysdeps/unix/sysv/linux/.
This patch cleans up for __ASSUME_ATFCTS now always being true for the
supported Linux kernel versions by removing conditional code in
sysdeps/unix/sysv/linux.  Several fchownat.c files that were only
present because of differences in the fallback syscalls used
(depending on the architecture-specific names of chown-related
syscalls for 32-bit uids) are removed.  Files that looks like they
could be replaced by syscalls.list entries have the standard "Consider
moving to syscalls.list." comment (see bug 14138) added.  Conditionals
on the relevant __NR_* syscall numbers being defined are also removed,
since my analysis indicated that the relevant syscalls are always
defined for all relevant kernel versions using any affected file.
Much of the removed fallback code had unbounded stack allocations, so
this reduces the number of cases to consider for anyone reviewing uses
of alloca and VLAs in glibc.

There remain tests of __ASSUME_ATFCTS in io/openat.c (to determine
whether to define __have_atfcts) and sysdeps/posix/getcwd.c (which
also uses __have_atfcts); thus, the definition of __ASSUME_ATFCTS
remains in kernel-features.h.  The logical condition relevant there is
whether openat64_not_cancel_3 is known to work.  Hurd doesn't use this
version of getcwd at all, so the conditionals in getcwd.c are always
true in glibc.  However, this code is also used in gnulib.  So the
best way to deal with the conditionals there may be for gnulib people
to deal with merging all relevant changes in both directions between
the glibc and gnulib versions of this file, at the end of which the
openat conditionals should be in whatever form is best for gnulib, and
hardcoded in the _LIBC case to having openat supported.

Tested by comparing before-and-after disassembly of installed
(stripped) shared libraries, on x86_64 and x86.  On x86 the patch made
no change to the disassembly; on x86_64, the only changes were in
readlinkat, where formerly the return value from the readlinkat
syscall was stored in an int variable before being converted to
ssize_t for the return, and now the return value is returned directly
without truncation to int.  I think it's clearly correct not to
truncate the return value (although I also think the truncation would
not have been a user-visible bug because the kernel would never have
returned a value it could have affected).

	* include/fcntl.h (__atfct_seterrno): Remove prototype.
	(__atfct_seterrno_2): Likewise.
	* sysdeps/unix/sysv/linux/alpha/dl-fxstatat64.c: Do not include
	<kernel-features.h>.
	(__ASSUME_ATFCTS): Do not undefine and redefine.
	* sysdeps/unix/sysv/linux/alpha/fxstatat.c [__ASSUME_ATFCTS]
	(__have_atfcts): Remove conditional definition.
	(__fxstatat([__NR_fstatat64]: Make code unconditional.
	(__fxstatat) [!__ASSUME_ATFCTS]: Remove conditional code and code
	unreachable if [__ASSUME_ATFCTS].
	* sysdeps/unix/sysv/linux/dl-fxstatat64.c (__ASSUME_ATFCTS): Do
	not undefine and redefine.
	* sysdeps/unix/sysv/linux/faccessat.c: Do not include
	<kernel-features.h>.
	(faccessat) [__NR_faccessat]: Make code unconditional.
	(faccessat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/fchmodat.c: Do not include
	<kernel-features.h>.
	(fchmodat) [__NR_fchmodat]: Make code unconditional.
	(fchmodat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/fchownat.c: Do not include
	<kernel-features.h>.
	(fchownat) [__NR_fchownat]: Make code unconditional.
	(fchownat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/futimesat.c: Do not include
	<kernel-features.h>.
	(futimesat) [__NR_futimesat]: Make code unconditional.
	(futimesat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/fxstatat.c: Do not include
	<kernel-features.h>.
	(__fxstatat) [__NR_newfstatat]: Make code unconditional.
	(__fxstatat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/fxstatat64.c: Do not include
	<kernel-features.h>.
	(__fxstatat64) [__NR_fstatat64]: Make code unconditional.
	(__fxstatat64) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/i386/fchownat.c: Remove file.
	* sysdeps/unix/sysv/linux/i386/fxstatat.c: Do not include
	<kernel-features.h>.
	(__fxstatat) [__NR_fstatat64]: Make code unconditional.
	(__fxstatat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/linkat.c: Do not include
	<kernel-features.h>.
	(linkat) [__NR_linkat]: Make code unconditional.
	(linkat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/m68k/fchownat.c: Remove file.
	* sysdeps/unix/sysv/linux/mips/mips64/fxstatat64.c: Do not include
	<kernel-features.h>.
	(__fxstatat64) [__NR_newfstatat]: Make code unconditional.
	(__fxstatat64) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/mkdirat.c: Do not include
	<kernel-features.h>.
	(mkdirat) [__NR_mkdirat]: Make code unconditional.
	(mkdirat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/openat.c: Do not include
	<kernel-features.h>.
	[!__ASSUME_ATFCTS] (__atfct_seterrno): Remove function.
	[!__ASSUME_ATFCTS] (__have_atfcts): Remove variable.
	(OPENAT_NOT_CANCEL) [__NR_openat]: Make code unconditional.
	(OPENAT_NOT_CANCEL) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/powerpc/fchownat.c: Remove file.
	* sysdeps/unix/sysv/linux/readlinkat.c: Do not include
	<kernel-features.h>.
	(readlinkat) [__NR_readlinkat]: Make code unconditional.
	(readlinkat) [!__ASSUME_ATFCTS]: Remove conditional code.  Return
	result of INLINE_SYSCALL directly, not via int variable.
	* sysdeps/unix/sysv/linux/renameat.c: Do not include
	<kernel-features.h>.
	[!__ASSUME_ATFCTS] (__atfct_seterrno_2): Remove function.
	(renameat) [__NR_renameat]: Make code unconditional.
	(renameat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/s390/s390-32/fchownat.c: Remove file.
	* sysdeps/unix/sysv/linux/sh/fchownat.c: Remove file.
	* sysdeps/unix/sysv/linux/sparc/sparc32/fchownat.c: Remove file.
	* sysdeps/unix/sysv/linux/sparc/sparc64/dl-fxstatat64.c
	(__ASSUME_ATFCTS): Do not undefine and redefine.
	* sysdeps/unix/sysv/linux/symlinkat.c: Do not include
	<kernel-features.h>.
	(symlinkat) [__NR_symlinkat]: Make code unconditional.
	(symlinkat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/unlinkat.c: Do not include
	<kernel-features.h>.
	(unlinkat) [__NR_unlinkat]: Make code unconditional.
	(unlinkat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/wordsize-64/dl-fxstatat64.c
	(__ASSUME_ATFCTS): Do not undefine and redefine.
	* sysdeps/unix/sysv/linux/wordsize-64/fxstatat.c: Do not include
	<kernel-features.h>.
	(__fxstatat) [__NR_newfstatat]: Make code unconditional.
	(__fxstatat) [!__ASSUME_ATFCTS]: Remove conditional code.
	* sysdeps/unix/sysv/linux/xmknodat.c: Do not include
	<kernel-features.h>.
	(__xmknodat) [__NR_mknodat]: Make code unconditional.
	(__xmknodat) [!__ASSUME_ATFCTS]: Remove conditional code.
2014-06-20 15:41:35 +00:00

80 lines
2.3 KiB
C

/* Test for access to file, relative to open directory. Linux version.
Copyright (C) 2006-2014 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#include <errno.h>
#include <fcntl.h>
#include <stddef.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <alloca.h>
#include <sysdep.h>
int
faccessat (fd, file, mode, flag)
int fd;
const char *file;
int mode;
int flag;
{
if (flag & ~(AT_SYMLINK_NOFOLLOW | AT_EACCESS))
{
__set_errno (EINVAL);
return -1;
}
if ((flag == 0 || ((flag & ~AT_EACCESS) == 0 && ! __libc_enable_secure)))
return INLINE_SYSCALL (faccessat, 3, fd, file, mode);
struct stat64 stats;
if (__fxstatat64 (_STAT_VER, fd, file, &stats, flag & AT_SYMLINK_NOFOLLOW))
return -1;
mode &= (X_OK | W_OK | R_OK); /* Clear any bogus bits. */
#if R_OK != S_IROTH || W_OK != S_IWOTH || X_OK != S_IXOTH
# error Oops, portability assumptions incorrect.
#endif
if (mode == F_OK)
return 0; /* The file exists. */
uid_t uid = (flag & AT_EACCESS) ? __geteuid () : __getuid ();
/* The super-user can read and write any file, and execute any file
that anyone can execute. */
if (uid == 0 && ((mode & X_OK) == 0
|| (stats.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))))
return 0;
int granted = (uid == stats.st_uid
? (unsigned int) (stats.st_mode & (mode << 6)) >> 6
: (stats.st_gid == ((flag & AT_EACCESS)
? __getegid () : __getgid ())
|| __group_member (stats.st_gid))
? (unsigned int) (stats.st_mode & (mode << 3)) >> 3
: (stats.st_mode & mode));
if (granted == mode)
return 0;
__set_errno (EACCES);
return -1;
}