1 /*
2 * Copyright 2008 Red Hat, Inc. All rights reserved.
3 * Copyright 2008 Ian Kent <raven@themaw.net>
4 *
5 * This file is part of the Linux kernel and is made available under
6 * the terms of the GNU General Public License, version 2, or at your
7 * option, any later version, incorporated herein by reference.
8 */
9
10 #include <linux/module.h>
11 #include <linux/vmalloc.h>
12 #include <linux/miscdevice.h>
13 #include <linux/init.h>
14 #include <linux/wait.h>
15 #include <linux/namei.h>
16 #include <linux/fcntl.h>
17 #include <linux/file.h>
18 #include <linux/fdtable.h>
19 #include <linux/sched.h>
20 #include <linux/compat.h>
21 #include <linux/syscalls.h>
22 #include <linux/smp_lock.h>
23 #include <linux/magic.h>
24 #include <linux/dcache.h>
25 #include <linux/uaccess.h>
26
27 #include "autofs_i.h"
28
29 /*
30 * This module implements an interface for routing autofs ioctl control
31 * commands via a miscellaneous device file.
32 *
33 * The alternate interface is needed because we need to be able open
34 * an ioctl file descriptor on an autofs mount that may be covered by
35 * another mount. This situation arises when starting automount(8)
36 * or other user space daemon which uses direct mounts or offset
37 * mounts (used for autofs lazy mount/umount of nested mount trees),
38 * which have been left busy at at service shutdown.
39 */
40
41 #define AUTOFS_DEV_IOCTL_SIZE sizeof(struct autofs_dev_ioctl)
42
43 typedef int (*ioctl_fn)(struct file *, struct autofs_sb_info *,
44 struct autofs_dev_ioctl *);
45
check_name(const char * name)46 static int check_name(const char *name)
47 {
48 if (!strchr(name, '/'))
49 return -EINVAL;
50 return 0;
51 }
52
53 /*
54 * Check a string doesn't overrun the chunk of
55 * memory we copied from user land.
56 */
invalid_str(char * str,void * end)57 static int invalid_str(char *str, void *end)
58 {
59 while ((void *) str <= end)
60 if (!*str++)
61 return 0;
62 return -EINVAL;
63 }
64
65 /*
66 * Check that the user compiled against correct version of autofs
67 * misc device code.
68 *
69 * As well as checking the version compatibility this always copies
70 * the kernel interface version out.
71 */
check_dev_ioctl_version(int cmd,struct autofs_dev_ioctl * param)72 static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
73 {
74 int err = 0;
75
76 if ((AUTOFS_DEV_IOCTL_VERSION_MAJOR != param->ver_major) ||
77 (AUTOFS_DEV_IOCTL_VERSION_MINOR < param->ver_minor)) {
78 AUTOFS_WARN("ioctl control interface version mismatch: "
79 "kernel(%u.%u), user(%u.%u), cmd(%d)",
80 AUTOFS_DEV_IOCTL_VERSION_MAJOR,
81 AUTOFS_DEV_IOCTL_VERSION_MINOR,
82 param->ver_major, param->ver_minor, cmd);
83 err = -EINVAL;
84 }
85
86 /* Fill in the kernel version. */
87 param->ver_major = AUTOFS_DEV_IOCTL_VERSION_MAJOR;
88 param->ver_minor = AUTOFS_DEV_IOCTL_VERSION_MINOR;
89
90 return err;
91 }
92
93 /*
94 * Copy parameter control struct, including a possible path allocated
95 * at the end of the struct.
96 */
copy_dev_ioctl(struct autofs_dev_ioctl __user * in)97 static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
98 {
99 struct autofs_dev_ioctl tmp, *ads;
100
101 if (copy_from_user(&tmp, in, sizeof(tmp)))
102 return ERR_PTR(-EFAULT);
103
104 if (tmp.size < sizeof(tmp))
105 return ERR_PTR(-EINVAL);
106
107 ads = kmalloc(tmp.size, GFP_KERNEL);
108 if (!ads)
109 return ERR_PTR(-ENOMEM);
110
111 if (copy_from_user(ads, in, tmp.size)) {
112 kfree(ads);
113 return ERR_PTR(-EFAULT);
114 }
115
116 return ads;
117 }
118
free_dev_ioctl(struct autofs_dev_ioctl * param)119 static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
120 {
121 kfree(param);
122 return;
123 }
124
125 /*
126 * Check sanity of parameter control fields and if a path is present
127 * check that it is terminated and contains at least one "/".
128 */
validate_dev_ioctl(int cmd,struct autofs_dev_ioctl * param)129 static int validate_dev_ioctl(int cmd, struct autofs_dev_ioctl *param)
130 {
131 int err;
132
133 err = check_dev_ioctl_version(cmd, param);
134 if (err) {
135 AUTOFS_WARN("invalid device control module version "
136 "supplied for cmd(0x%08x)", cmd);
137 goto out;
138 }
139
140 if (param->size > sizeof(*param)) {
141 err = invalid_str(param->path,
142 (void *) ((size_t) param + param->size));
143 if (err) {
144 AUTOFS_WARN(
145 "path string terminator missing for cmd(0x%08x)",
146 cmd);
147 goto out;
148 }
149
150 err = check_name(param->path);
151 if (err) {
152 AUTOFS_WARN("invalid path supplied for cmd(0x%08x)",
153 cmd);
154 goto out;
155 }
156 }
157
158 err = 0;
159 out:
160 return err;
161 }
162
163 /*
164 * Get the autofs super block info struct from the file opened on
165 * the autofs mount point.
166 */
autofs_dev_ioctl_sbi(struct file * f)167 static struct autofs_sb_info *autofs_dev_ioctl_sbi(struct file *f)
168 {
169 struct autofs_sb_info *sbi = NULL;
170 struct inode *inode;
171
172 if (f) {
173 inode = f->f_path.dentry->d_inode;
174 sbi = autofs4_sbi(inode->i_sb);
175 }
176 return sbi;
177 }
178
179 /* Return autofs module protocol version */
autofs_dev_ioctl_protover(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)180 static int autofs_dev_ioctl_protover(struct file *fp,
181 struct autofs_sb_info *sbi,
182 struct autofs_dev_ioctl *param)
183 {
184 param->protover.version = sbi->version;
185 return 0;
186 }
187
188 /* Return autofs module protocol sub version */
autofs_dev_ioctl_protosubver(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)189 static int autofs_dev_ioctl_protosubver(struct file *fp,
190 struct autofs_sb_info *sbi,
191 struct autofs_dev_ioctl *param)
192 {
193 param->protosubver.sub_version = sbi->sub_version;
194 return 0;
195 }
196
197 /*
198 * Walk down the mount stack looking for an autofs mount that
199 * has the requested device number (aka. new_encode_dev(sb->s_dev).
200 */
autofs_dev_ioctl_find_super(struct nameidata * nd,dev_t devno)201 static int autofs_dev_ioctl_find_super(struct nameidata *nd, dev_t devno)
202 {
203 struct dentry *dentry;
204 struct inode *inode;
205 struct super_block *sb;
206 dev_t s_dev;
207 unsigned int err;
208
209 err = -ENOENT;
210
211 /* Lookup the dentry name at the base of our mount point */
212 dentry = d_lookup(nd->path.dentry, &nd->last);
213 if (!dentry)
214 goto out;
215
216 dput(nd->path.dentry);
217 nd->path.dentry = dentry;
218
219 /* And follow the mount stack looking for our autofs mount */
220 while (follow_down(&nd->path.mnt, &nd->path.dentry)) {
221 inode = nd->path.dentry->d_inode;
222 if (!inode)
223 break;
224
225 sb = inode->i_sb;
226 s_dev = new_encode_dev(sb->s_dev);
227 if (devno == s_dev) {
228 if (sb->s_magic == AUTOFS_SUPER_MAGIC) {
229 err = 0;
230 break;
231 }
232 }
233 }
234 out:
235 return err;
236 }
237
238 /*
239 * Walk down the mount stack looking for an autofs mount that
240 * has the requested mount type (ie. indirect, direct or offset).
241 */
autofs_dev_ioctl_find_sbi_type(struct nameidata * nd,unsigned int type)242 static int autofs_dev_ioctl_find_sbi_type(struct nameidata *nd, unsigned int type)
243 {
244 struct dentry *dentry;
245 struct autofs_info *ino;
246 unsigned int err;
247
248 err = -ENOENT;
249
250 /* Lookup the dentry name at the base of our mount point */
251 dentry = d_lookup(nd->path.dentry, &nd->last);
252 if (!dentry)
253 goto out;
254
255 dput(nd->path.dentry);
256 nd->path.dentry = dentry;
257
258 /* And follow the mount stack looking for our autofs mount */
259 while (follow_down(&nd->path.mnt, &nd->path.dentry)) {
260 ino = autofs4_dentry_ino(nd->path.dentry);
261 if (ino && ino->sbi->type & type) {
262 err = 0;
263 break;
264 }
265 }
266 out:
267 return err;
268 }
269
autofs_dev_ioctl_fd_install(unsigned int fd,struct file * file)270 static void autofs_dev_ioctl_fd_install(unsigned int fd, struct file *file)
271 {
272 struct files_struct *files = current->files;
273 struct fdtable *fdt;
274
275 spin_lock(&files->file_lock);
276 fdt = files_fdtable(files);
277 BUG_ON(fdt->fd[fd] != NULL);
278 rcu_assign_pointer(fdt->fd[fd], file);
279 FD_SET(fd, fdt->close_on_exec);
280 spin_unlock(&files->file_lock);
281 }
282
283
284 /*
285 * Open a file descriptor on the autofs mount point corresponding
286 * to the given path and device number (aka. new_encode_dev(sb->s_dev)).
287 */
autofs_dev_ioctl_open_mountpoint(const char * path,dev_t devid)288 static int autofs_dev_ioctl_open_mountpoint(const char *path, dev_t devid)
289 {
290 struct file *filp;
291 struct nameidata nd;
292 int err, fd;
293
294 fd = get_unused_fd();
295 if (likely(fd >= 0)) {
296 /* Get nameidata of the parent directory */
297 err = path_lookup(path, LOOKUP_PARENT, &nd);
298 if (err)
299 goto out;
300
301 /*
302 * Search down, within the parent, looking for an
303 * autofs super block that has the device number
304 * corresponding to the autofs fs we want to open.
305 */
306 err = autofs_dev_ioctl_find_super(&nd, devid);
307 if (err) {
308 path_put(&nd.path);
309 goto out;
310 }
311
312 filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY,
313 current_cred());
314 if (IS_ERR(filp)) {
315 err = PTR_ERR(filp);
316 goto out;
317 }
318
319 autofs_dev_ioctl_fd_install(fd, filp);
320 }
321
322 return fd;
323
324 out:
325 put_unused_fd(fd);
326 return err;
327 }
328
329 /* Open a file descriptor on an autofs mount point */
autofs_dev_ioctl_openmount(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)330 static int autofs_dev_ioctl_openmount(struct file *fp,
331 struct autofs_sb_info *sbi,
332 struct autofs_dev_ioctl *param)
333 {
334 const char *path;
335 dev_t devid;
336 int err, fd;
337
338 /* param->path has already been checked */
339 if (!param->openmount.devid)
340 return -EINVAL;
341
342 param->ioctlfd = -1;
343
344 path = param->path;
345 devid = param->openmount.devid;
346
347 err = 0;
348 fd = autofs_dev_ioctl_open_mountpoint(path, devid);
349 if (unlikely(fd < 0)) {
350 err = fd;
351 goto out;
352 }
353
354 param->ioctlfd = fd;
355 out:
356 return err;
357 }
358
359 /* Close file descriptor allocated above (user can also use close(2)). */
autofs_dev_ioctl_closemount(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)360 static int autofs_dev_ioctl_closemount(struct file *fp,
361 struct autofs_sb_info *sbi,
362 struct autofs_dev_ioctl *param)
363 {
364 return sys_close(param->ioctlfd);
365 }
366
367 /*
368 * Send "ready" status for an existing wait (either a mount or an expire
369 * request).
370 */
autofs_dev_ioctl_ready(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)371 static int autofs_dev_ioctl_ready(struct file *fp,
372 struct autofs_sb_info *sbi,
373 struct autofs_dev_ioctl *param)
374 {
375 autofs_wqt_t token;
376
377 token = (autofs_wqt_t) param->ready.token;
378 return autofs4_wait_release(sbi, token, 0);
379 }
380
381 /*
382 * Send "fail" status for an existing wait (either a mount or an expire
383 * request).
384 */
autofs_dev_ioctl_fail(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)385 static int autofs_dev_ioctl_fail(struct file *fp,
386 struct autofs_sb_info *sbi,
387 struct autofs_dev_ioctl *param)
388 {
389 autofs_wqt_t token;
390 int status;
391
392 token = (autofs_wqt_t) param->fail.token;
393 status = param->fail.status ? param->fail.status : -ENOENT;
394 return autofs4_wait_release(sbi, token, status);
395 }
396
397 /*
398 * Set the pipe fd for kernel communication to the daemon.
399 *
400 * Normally this is set at mount using an option but if we
401 * are reconnecting to a busy mount then we need to use this
402 * to tell the autofs mount about the new kernel pipe fd. In
403 * order to protect mounts against incorrectly setting the
404 * pipefd we also require that the autofs mount be catatonic.
405 *
406 * This also sets the process group id used to identify the
407 * controlling process (eg. the owning automount(8) daemon).
408 */
autofs_dev_ioctl_setpipefd(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)409 static int autofs_dev_ioctl_setpipefd(struct file *fp,
410 struct autofs_sb_info *sbi,
411 struct autofs_dev_ioctl *param)
412 {
413 int pipefd;
414 int err = 0;
415
416 if (param->setpipefd.pipefd == -1)
417 return -EINVAL;
418
419 pipefd = param->setpipefd.pipefd;
420
421 mutex_lock(&sbi->wq_mutex);
422 if (!sbi->catatonic) {
423 mutex_unlock(&sbi->wq_mutex);
424 return -EBUSY;
425 } else {
426 struct file *pipe = fget(pipefd);
427 if (!pipe->f_op || !pipe->f_op->write) {
428 err = -EPIPE;
429 fput(pipe);
430 goto out;
431 }
432 sbi->oz_pgrp = task_pgrp_nr(current);
433 sbi->pipefd = pipefd;
434 sbi->pipe = pipe;
435 sbi->catatonic = 0;
436 }
437 out:
438 mutex_unlock(&sbi->wq_mutex);
439 return err;
440 }
441
442 /*
443 * Make the autofs mount point catatonic, no longer responsive to
444 * mount requests. Also closes the kernel pipe file descriptor.
445 */
autofs_dev_ioctl_catatonic(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)446 static int autofs_dev_ioctl_catatonic(struct file *fp,
447 struct autofs_sb_info *sbi,
448 struct autofs_dev_ioctl *param)
449 {
450 autofs4_catatonic_mode(sbi);
451 return 0;
452 }
453
454 /* Set the autofs mount timeout */
autofs_dev_ioctl_timeout(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)455 static int autofs_dev_ioctl_timeout(struct file *fp,
456 struct autofs_sb_info *sbi,
457 struct autofs_dev_ioctl *param)
458 {
459 unsigned long timeout;
460
461 timeout = param->timeout.timeout;
462 param->timeout.timeout = sbi->exp_timeout / HZ;
463 sbi->exp_timeout = timeout * HZ;
464 return 0;
465 }
466
467 /*
468 * Return the uid and gid of the last request for the mount
469 *
470 * When reconstructing an autofs mount tree with active mounts
471 * we need to re-connect to mounts that may have used the original
472 * process uid and gid (or string variations of them) for mount
473 * lookups within the map entry.
474 */
autofs_dev_ioctl_requester(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)475 static int autofs_dev_ioctl_requester(struct file *fp,
476 struct autofs_sb_info *sbi,
477 struct autofs_dev_ioctl *param)
478 {
479 struct autofs_info *ino;
480 struct nameidata nd;
481 const char *path;
482 dev_t devid;
483 int err = -ENOENT;
484
485 if (param->size <= sizeof(*param)) {
486 err = -EINVAL;
487 goto out;
488 }
489
490 path = param->path;
491 devid = sbi->sb->s_dev;
492
493 param->requester.uid = param->requester.gid = -1;
494
495 /* Get nameidata of the parent directory */
496 err = path_lookup(path, LOOKUP_PARENT, &nd);
497 if (err)
498 goto out;
499
500 err = autofs_dev_ioctl_find_super(&nd, devid);
501 if (err)
502 goto out_release;
503
504 ino = autofs4_dentry_ino(nd.path.dentry);
505 if (ino) {
506 err = 0;
507 autofs4_expire_wait(nd.path.dentry);
508 spin_lock(&sbi->fs_lock);
509 param->requester.uid = ino->uid;
510 param->requester.gid = ino->gid;
511 spin_unlock(&sbi->fs_lock);
512 }
513
514 out_release:
515 path_put(&nd.path);
516 out:
517 return err;
518 }
519
520 /*
521 * Call repeatedly until it returns -EAGAIN, meaning there's nothing
522 * more that can be done.
523 */
autofs_dev_ioctl_expire(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)524 static int autofs_dev_ioctl_expire(struct file *fp,
525 struct autofs_sb_info *sbi,
526 struct autofs_dev_ioctl *param)
527 {
528 struct dentry *dentry;
529 struct vfsmount *mnt;
530 int err = -EAGAIN;
531 int how;
532
533 how = param->expire.how;
534 mnt = fp->f_path.mnt;
535
536 if (autofs_type_trigger(sbi->type))
537 dentry = autofs4_expire_direct(sbi->sb, mnt, sbi, how);
538 else
539 dentry = autofs4_expire_indirect(sbi->sb, mnt, sbi, how);
540
541 if (dentry) {
542 struct autofs_info *ino = autofs4_dentry_ino(dentry);
543
544 /*
545 * This is synchronous because it makes the daemon a
546 * little easier
547 */
548 err = autofs4_wait(sbi, dentry, NFY_EXPIRE);
549
550 spin_lock(&sbi->fs_lock);
551 if (ino->flags & AUTOFS_INF_MOUNTPOINT) {
552 ino->flags &= ~AUTOFS_INF_MOUNTPOINT;
553 sbi->sb->s_root->d_mounted++;
554 }
555 ino->flags &= ~AUTOFS_INF_EXPIRING;
556 complete_all(&ino->expire_complete);
557 spin_unlock(&sbi->fs_lock);
558 dput(dentry);
559 }
560
561 return err;
562 }
563
564 /* Check if autofs mount point is in use */
autofs_dev_ioctl_askumount(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)565 static int autofs_dev_ioctl_askumount(struct file *fp,
566 struct autofs_sb_info *sbi,
567 struct autofs_dev_ioctl *param)
568 {
569 param->askumount.may_umount = 0;
570 if (may_umount(fp->f_path.mnt))
571 param->askumount.may_umount = 1;
572 return 0;
573 }
574
575 /*
576 * Check if the given path is a mountpoint.
577 *
578 * If we are supplied with the file descriptor of an autofs
579 * mount we're looking for a specific mount. In this case
580 * the path is considered a mountpoint if it is itself a
581 * mountpoint or contains a mount, such as a multi-mount
582 * without a root mount. In this case we return 1 if the
583 * path is a mount point and the super magic of the covering
584 * mount if there is one or 0 if it isn't a mountpoint.
585 *
586 * If we aren't supplied with a file descriptor then we
587 * lookup the nameidata of the path and check if it is the
588 * root of a mount. If a type is given we are looking for
589 * a particular autofs mount and if we don't find a match
590 * we return fail. If the located nameidata path is the
591 * root of a mount we return 1 along with the super magic
592 * of the mount or 0 otherwise.
593 *
594 * In both cases the the device number (as returned by
595 * new_encode_dev()) is also returned.
596 */
autofs_dev_ioctl_ismountpoint(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)597 static int autofs_dev_ioctl_ismountpoint(struct file *fp,
598 struct autofs_sb_info *sbi,
599 struct autofs_dev_ioctl *param)
600 {
601 struct nameidata nd;
602 const char *path;
603 unsigned int type;
604 unsigned int devid, magic;
605 int err = -ENOENT;
606
607 if (param->size <= sizeof(*param)) {
608 err = -EINVAL;
609 goto out;
610 }
611
612 path = param->path;
613 type = param->ismountpoint.in.type;
614
615 param->ismountpoint.out.devid = devid = 0;
616 param->ismountpoint.out.magic = magic = 0;
617
618 if (!fp || param->ioctlfd == -1) {
619 if (autofs_type_any(type)) {
620 struct super_block *sb;
621
622 err = path_lookup(path, LOOKUP_FOLLOW, &nd);
623 if (err)
624 goto out;
625
626 sb = nd.path.dentry->d_sb;
627 devid = new_encode_dev(sb->s_dev);
628 } else {
629 struct autofs_info *ino;
630
631 err = path_lookup(path, LOOKUP_PARENT, &nd);
632 if (err)
633 goto out;
634
635 err = autofs_dev_ioctl_find_sbi_type(&nd, type);
636 if (err)
637 goto out_release;
638
639 ino = autofs4_dentry_ino(nd.path.dentry);
640 devid = autofs4_get_dev(ino->sbi);
641 }
642
643 err = 0;
644 if (nd.path.dentry->d_inode &&
645 nd.path.mnt->mnt_root == nd.path.dentry) {
646 err = 1;
647 magic = nd.path.dentry->d_inode->i_sb->s_magic;
648 }
649 } else {
650 dev_t dev = autofs4_get_dev(sbi);
651
652 err = path_lookup(path, LOOKUP_PARENT, &nd);
653 if (err)
654 goto out;
655
656 err = autofs_dev_ioctl_find_super(&nd, dev);
657 if (err)
658 goto out_release;
659
660 devid = dev;
661
662 err = have_submounts(nd.path.dentry);
663
664 if (nd.path.mnt->mnt_mountpoint != nd.path.mnt->mnt_root) {
665 if (follow_down(&nd.path.mnt, &nd.path.dentry)) {
666 struct inode *inode = nd.path.dentry->d_inode;
667 magic = inode->i_sb->s_magic;
668 }
669 }
670 }
671
672 param->ismountpoint.out.devid = devid;
673 param->ismountpoint.out.magic = magic;
674
675 out_release:
676 path_put(&nd.path);
677 out:
678 return err;
679 }
680
681 /*
682 * Our range of ioctl numbers isn't 0 based so we need to shift
683 * the array index by _IOC_NR(AUTOFS_CTL_IOC_FIRST) for the table
684 * lookup.
685 */
686 #define cmd_idx(cmd) (cmd - _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST))
687
lookup_dev_ioctl(unsigned int cmd)688 static ioctl_fn lookup_dev_ioctl(unsigned int cmd)
689 {
690 static struct {
691 int cmd;
692 ioctl_fn fn;
693 } _ioctls[] = {
694 {cmd_idx(AUTOFS_DEV_IOCTL_VERSION_CMD), NULL},
695 {cmd_idx(AUTOFS_DEV_IOCTL_PROTOVER_CMD),
696 autofs_dev_ioctl_protover},
697 {cmd_idx(AUTOFS_DEV_IOCTL_PROTOSUBVER_CMD),
698 autofs_dev_ioctl_protosubver},
699 {cmd_idx(AUTOFS_DEV_IOCTL_OPENMOUNT_CMD),
700 autofs_dev_ioctl_openmount},
701 {cmd_idx(AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD),
702 autofs_dev_ioctl_closemount},
703 {cmd_idx(AUTOFS_DEV_IOCTL_READY_CMD),
704 autofs_dev_ioctl_ready},
705 {cmd_idx(AUTOFS_DEV_IOCTL_FAIL_CMD),
706 autofs_dev_ioctl_fail},
707 {cmd_idx(AUTOFS_DEV_IOCTL_SETPIPEFD_CMD),
708 autofs_dev_ioctl_setpipefd},
709 {cmd_idx(AUTOFS_DEV_IOCTL_CATATONIC_CMD),
710 autofs_dev_ioctl_catatonic},
711 {cmd_idx(AUTOFS_DEV_IOCTL_TIMEOUT_CMD),
712 autofs_dev_ioctl_timeout},
713 {cmd_idx(AUTOFS_DEV_IOCTL_REQUESTER_CMD),
714 autofs_dev_ioctl_requester},
715 {cmd_idx(AUTOFS_DEV_IOCTL_EXPIRE_CMD),
716 autofs_dev_ioctl_expire},
717 {cmd_idx(AUTOFS_DEV_IOCTL_ASKUMOUNT_CMD),
718 autofs_dev_ioctl_askumount},
719 {cmd_idx(AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD),
720 autofs_dev_ioctl_ismountpoint}
721 };
722 unsigned int idx = cmd_idx(cmd);
723
724 return (idx >= ARRAY_SIZE(_ioctls)) ? NULL : _ioctls[idx].fn;
725 }
726
727 /* ioctl dispatcher */
_autofs_dev_ioctl(unsigned int command,struct autofs_dev_ioctl __user * user)728 static int _autofs_dev_ioctl(unsigned int command, struct autofs_dev_ioctl __user *user)
729 {
730 struct autofs_dev_ioctl *param;
731 struct file *fp;
732 struct autofs_sb_info *sbi;
733 unsigned int cmd_first, cmd;
734 ioctl_fn fn = NULL;
735 int err = 0;
736
737 /* only root can play with this */
738 if (!capable(CAP_SYS_ADMIN))
739 return -EPERM;
740
741 cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST);
742 cmd = _IOC_NR(command);
743
744 if (_IOC_TYPE(command) != _IOC_TYPE(AUTOFS_DEV_IOCTL_IOC_FIRST) ||
745 cmd - cmd_first >= AUTOFS_DEV_IOCTL_IOC_COUNT) {
746 return -ENOTTY;
747 }
748
749 /* Copy the parameters into kernel space. */
750 param = copy_dev_ioctl(user);
751 if (IS_ERR(param))
752 return PTR_ERR(param);
753
754 err = validate_dev_ioctl(command, param);
755 if (err)
756 goto out;
757
758 /* The validate routine above always sets the version */
759 if (cmd == AUTOFS_DEV_IOCTL_VERSION_CMD)
760 goto done;
761
762 fn = lookup_dev_ioctl(cmd);
763 if (!fn) {
764 AUTOFS_WARN("unknown command 0x%08x", command);
765 return -ENOTTY;
766 }
767
768 fp = NULL;
769 sbi = NULL;
770
771 /*
772 * For obvious reasons the openmount can't have a file
773 * descriptor yet. We don't take a reference to the
774 * file during close to allow for immediate release.
775 */
776 if (cmd != AUTOFS_DEV_IOCTL_OPENMOUNT_CMD &&
777 cmd != AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD) {
778 fp = fget(param->ioctlfd);
779 if (!fp) {
780 if (cmd == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD)
781 goto cont;
782 err = -EBADF;
783 goto out;
784 }
785
786 if (!fp->f_op) {
787 err = -ENOTTY;
788 fput(fp);
789 goto out;
790 }
791
792 sbi = autofs_dev_ioctl_sbi(fp);
793 if (!sbi || sbi->magic != AUTOFS_SBI_MAGIC) {
794 err = -EINVAL;
795 fput(fp);
796 goto out;
797 }
798
799 /*
800 * Admin needs to be able to set the mount catatonic in
801 * order to be able to perform the re-open.
802 */
803 if (!autofs4_oz_mode(sbi) &&
804 cmd != AUTOFS_DEV_IOCTL_CATATONIC_CMD) {
805 err = -EACCES;
806 fput(fp);
807 goto out;
808 }
809 }
810 cont:
811 err = fn(fp, sbi, param);
812
813 if (fp)
814 fput(fp);
815 done:
816 if (err >= 0 && copy_to_user(user, param, AUTOFS_DEV_IOCTL_SIZE))
817 err = -EFAULT;
818 out:
819 free_dev_ioctl(param);
820 return err;
821 }
822
autofs_dev_ioctl(struct file * file,uint command,ulong u)823 static long autofs_dev_ioctl(struct file *file, uint command, ulong u)
824 {
825 int err;
826 err = _autofs_dev_ioctl(command, (struct autofs_dev_ioctl __user *) u);
827 return (long) err;
828 }
829
830 #ifdef CONFIG_COMPAT
autofs_dev_ioctl_compat(struct file * file,uint command,ulong u)831 static long autofs_dev_ioctl_compat(struct file *file, uint command, ulong u)
832 {
833 return (long) autofs_dev_ioctl(file, command, (ulong) compat_ptr(u));
834 }
835 #else
836 #define autofs_dev_ioctl_compat NULL
837 #endif
838
839 static const struct file_operations _dev_ioctl_fops = {
840 .unlocked_ioctl = autofs_dev_ioctl,
841 .compat_ioctl = autofs_dev_ioctl_compat,
842 .owner = THIS_MODULE,
843 };
844
845 static struct miscdevice _autofs_dev_ioctl_misc = {
846 .minor = MISC_DYNAMIC_MINOR,
847 .name = AUTOFS_DEVICE_NAME,
848 .fops = &_dev_ioctl_fops
849 };
850
851 /* Register/deregister misc character device */
autofs_dev_ioctl_init(void)852 int autofs_dev_ioctl_init(void)
853 {
854 int r;
855
856 r = misc_register(&_autofs_dev_ioctl_misc);
857 if (r) {
858 AUTOFS_ERROR("misc_register failed for control device");
859 return r;
860 }
861
862 return 0;
863 }
864
autofs_dev_ioctl_exit(void)865 void autofs_dev_ioctl_exit(void)
866 {
867 misc_deregister(&_autofs_dev_ioctl_misc);
868 return;
869 }
870
871