blob: 054d6d9ad9baa0d883b26db48e4eebad990d734f [file] [log] [blame]
Ian Kent8d7b48e2008-10-15 22:02:54 -07001/*
2 * Copyright 2008 Red Hat, Inc. All rights reserved.
3 * Copyright 2008 Ian Kent <raven@themaw.net>
4 *
5 * This file is part of the Linux kernel and is made available under
6 * the terms of the GNU General Public License, version 2, or at your
7 * option, any later version, incorporated herein by reference.
8 */
9
10#include <linux/module.h>
11#include <linux/vmalloc.h>
12#include <linux/miscdevice.h>
13#include <linux/init.h>
14#include <linux/wait.h>
15#include <linux/namei.h>
16#include <linux/fcntl.h>
17#include <linux/file.h>
18#include <linux/fdtable.h>
19#include <linux/sched.h>
20#include <linux/compat.h>
21#include <linux/syscalls.h>
22#include <linux/smp_lock.h>
23#include <linux/magic.h>
24#include <linux/dcache.h>
25#include <linux/uaccess.h>
26
27#include "autofs_i.h"
28
29/*
30 * This module implements an interface for routing autofs ioctl control
31 * commands via a miscellaneous device file.
32 *
33 * The alternate interface is needed because we need to be able open
34 * an ioctl file descriptor on an autofs mount that may be covered by
35 * another mount. This situation arises when starting automount(8)
36 * or other user space daemon which uses direct mounts or offset
37 * mounts (used for autofs lazy mount/umount of nested mount trees),
38 * which have been left busy at at service shutdown.
39 */
40
41#define AUTOFS_DEV_IOCTL_SIZE sizeof(struct autofs_dev_ioctl)
42
43typedef int (*ioctl_fn)(struct file *, struct autofs_sb_info *,
44 struct autofs_dev_ioctl *);
45
46static int check_name(const char *name)
47{
48 if (!strchr(name, '/'))
49 return -EINVAL;
50 return 0;
51}
52
53/*
54 * Check a string doesn't overrun the chunk of
55 * memory we copied from user land.
56 */
57static int invalid_str(char *str, void *end)
58{
59 while ((void *) str <= end)
60 if (!*str++)
61 return 0;
62 return -EINVAL;
63}
64
65/*
66 * Check that the user compiled against correct version of autofs
67 * misc device code.
68 *
69 * As well as checking the version compatibility this always copies
70 * the kernel interface version out.
71 */
72static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
73{
74 int err = 0;
75
76 if ((AUTOFS_DEV_IOCTL_VERSION_MAJOR != param->ver_major) ||
77 (AUTOFS_DEV_IOCTL_VERSION_MINOR < param->ver_minor)) {
78 AUTOFS_WARN("ioctl control interface version mismatch: "
79 "kernel(%u.%u), user(%u.%u), cmd(%d)",
80 AUTOFS_DEV_IOCTL_VERSION_MAJOR,
81 AUTOFS_DEV_IOCTL_VERSION_MINOR,
82 param->ver_major, param->ver_minor, cmd);
83 err = -EINVAL;
84 }
85
86 /* Fill in the kernel version. */
87 param->ver_major = AUTOFS_DEV_IOCTL_VERSION_MAJOR;
88 param->ver_minor = AUTOFS_DEV_IOCTL_VERSION_MINOR;
89
90 return err;
91}
92
93/*
94 * Copy parameter control struct, including a possible path allocated
95 * at the end of the struct.
96 */
97static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
98{
99 struct autofs_dev_ioctl tmp, *ads;
100
101 if (copy_from_user(&tmp, in, sizeof(tmp)))
102 return ERR_PTR(-EFAULT);
103
104 if (tmp.size < sizeof(tmp))
105 return ERR_PTR(-EINVAL);
106
107 ads = kmalloc(tmp.size, GFP_KERNEL);
108 if (!ads)
109 return ERR_PTR(-ENOMEM);
110
111 if (copy_from_user(ads, in, tmp.size)) {
112 kfree(ads);
113 return ERR_PTR(-EFAULT);
114 }
115
116 return ads;
117}
118
119static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
120{
121 kfree(param);
122 return;
123}
124
125/*
126 * Check sanity of parameter control fields and if a path is present
127 * check that it has a "/" and is terminated.
128 */
129static int validate_dev_ioctl(int cmd, struct autofs_dev_ioctl *param)
130{
Ian Kent96b03172008-11-06 12:53:23 -0800131 int err;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700132
Ian Kent96b03172008-11-06 12:53:23 -0800133 err = check_dev_ioctl_version(cmd, param);
134 if (err) {
Ian Kent8d7b48e2008-10-15 22:02:54 -0700135 AUTOFS_WARN("invalid device control module version "
136 "supplied for cmd(0x%08x)", cmd);
137 goto out;
138 }
139
140 if (param->size > sizeof(*param)) {
141 err = check_name(param->path);
142 if (err) {
143 AUTOFS_WARN("invalid path supplied for cmd(0x%08x)",
144 cmd);
145 goto out;
146 }
147
148 err = invalid_str(param->path,
149 (void *) ((size_t) param + param->size));
150 if (err) {
151 AUTOFS_WARN("invalid path supplied for cmd(0x%08x)",
152 cmd);
153 goto out;
154 }
155 }
156
157 err = 0;
158out:
159 return err;
160}
161
162/*
163 * Get the autofs super block info struct from the file opened on
164 * the autofs mount point.
165 */
166static struct autofs_sb_info *autofs_dev_ioctl_sbi(struct file *f)
167{
168 struct autofs_sb_info *sbi = NULL;
169 struct inode *inode;
170
171 if (f) {
172 inode = f->f_path.dentry->d_inode;
173 sbi = autofs4_sbi(inode->i_sb);
174 }
175 return sbi;
176}
177
178/* Return autofs module protocol version */
179static int autofs_dev_ioctl_protover(struct file *fp,
180 struct autofs_sb_info *sbi,
181 struct autofs_dev_ioctl *param)
182{
Ian Kent730c9ee2009-01-06 14:42:06 -0800183 param->protover.version = sbi->version;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700184 return 0;
185}
186
187/* Return autofs module protocol sub version */
188static int autofs_dev_ioctl_protosubver(struct file *fp,
189 struct autofs_sb_info *sbi,
190 struct autofs_dev_ioctl *param)
191{
Ian Kent730c9ee2009-01-06 14:42:06 -0800192 param->protosubver.sub_version = sbi->sub_version;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700193 return 0;
194}
195
196/*
197 * Walk down the mount stack looking for an autofs mount that
198 * has the requested device number (aka. new_encode_dev(sb->s_dev).
199 */
200static int autofs_dev_ioctl_find_super(struct nameidata *nd, dev_t devno)
201{
202 struct dentry *dentry;
203 struct inode *inode;
204 struct super_block *sb;
205 dev_t s_dev;
206 unsigned int err;
207
208 err = -ENOENT;
209
210 /* Lookup the dentry name at the base of our mount point */
211 dentry = d_lookup(nd->path.dentry, &nd->last);
212 if (!dentry)
213 goto out;
214
215 dput(nd->path.dentry);
216 nd->path.dentry = dentry;
217
218 /* And follow the mount stack looking for our autofs mount */
219 while (follow_down(&nd->path.mnt, &nd->path.dentry)) {
220 inode = nd->path.dentry->d_inode;
221 if (!inode)
222 break;
223
224 sb = inode->i_sb;
225 s_dev = new_encode_dev(sb->s_dev);
226 if (devno == s_dev) {
227 if (sb->s_magic == AUTOFS_SUPER_MAGIC) {
228 err = 0;
229 break;
230 }
231 }
232 }
233out:
234 return err;
235}
236
237/*
238 * Walk down the mount stack looking for an autofs mount that
239 * has the requested mount type (ie. indirect, direct or offset).
240 */
241static int autofs_dev_ioctl_find_sbi_type(struct nameidata *nd, unsigned int type)
242{
243 struct dentry *dentry;
244 struct autofs_info *ino;
245 unsigned int err;
246
247 err = -ENOENT;
248
249 /* Lookup the dentry name at the base of our mount point */
250 dentry = d_lookup(nd->path.dentry, &nd->last);
251 if (!dentry)
252 goto out;
253
254 dput(nd->path.dentry);
255 nd->path.dentry = dentry;
256
257 /* And follow the mount stack looking for our autofs mount */
258 while (follow_down(&nd->path.mnt, &nd->path.dentry)) {
259 ino = autofs4_dentry_ino(nd->path.dentry);
260 if (ino && ino->sbi->type & type) {
261 err = 0;
262 break;
263 }
264 }
265out:
266 return err;
267}
268
269static void autofs_dev_ioctl_fd_install(unsigned int fd, struct file *file)
270{
271 struct files_struct *files = current->files;
272 struct fdtable *fdt;
273
274 spin_lock(&files->file_lock);
275 fdt = files_fdtable(files);
276 BUG_ON(fdt->fd[fd] != NULL);
277 rcu_assign_pointer(fdt->fd[fd], file);
278 FD_SET(fd, fdt->close_on_exec);
279 spin_unlock(&files->file_lock);
280}
281
282
283/*
284 * Open a file descriptor on the autofs mount point corresponding
285 * to the given path and device number (aka. new_encode_dev(sb->s_dev)).
286 */
287static int autofs_dev_ioctl_open_mountpoint(const char *path, dev_t devid)
288{
289 struct file *filp;
290 struct nameidata nd;
291 int err, fd;
292
293 fd = get_unused_fd();
294 if (likely(fd >= 0)) {
295 /* Get nameidata of the parent directory */
296 err = path_lookup(path, LOOKUP_PARENT, &nd);
297 if (err)
298 goto out;
299
300 /*
301 * Search down, within the parent, looking for an
302 * autofs super block that has the device number
303 * corresponding to the autofs fs we want to open.
304 */
305 err = autofs_dev_ioctl_find_super(&nd, devid);
306 if (err) {
307 path_put(&nd.path);
308 goto out;
309 }
310
David Howells745ca242008-11-14 10:39:22 +1100311 filp = dentry_open(nd.path.dentry, nd.path.mnt, O_RDONLY,
312 current_cred());
Ian Kent8d7b48e2008-10-15 22:02:54 -0700313 if (IS_ERR(filp)) {
314 err = PTR_ERR(filp);
315 goto out;
316 }
317
318 autofs_dev_ioctl_fd_install(fd, filp);
319 }
320
321 return fd;
322
323out:
324 put_unused_fd(fd);
325 return err;
326}
327
328/* Open a file descriptor on an autofs mount point */
329static int autofs_dev_ioctl_openmount(struct file *fp,
330 struct autofs_sb_info *sbi,
331 struct autofs_dev_ioctl *param)
332{
333 const char *path;
334 dev_t devid;
335 int err, fd;
336
337 /* param->path has already been checked */
Ian Kent730c9ee2009-01-06 14:42:06 -0800338 if (!param->openmount.devid)
Ian Kent8d7b48e2008-10-15 22:02:54 -0700339 return -EINVAL;
340
341 param->ioctlfd = -1;
342
343 path = param->path;
Ian Kent730c9ee2009-01-06 14:42:06 -0800344 devid = param->openmount.devid;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700345
346 err = 0;
347 fd = autofs_dev_ioctl_open_mountpoint(path, devid);
348 if (unlikely(fd < 0)) {
349 err = fd;
350 goto out;
351 }
352
353 param->ioctlfd = fd;
354out:
355 return err;
356}
357
358/* Close file descriptor allocated above (user can also use close(2)). */
359static int autofs_dev_ioctl_closemount(struct file *fp,
360 struct autofs_sb_info *sbi,
361 struct autofs_dev_ioctl *param)
362{
363 return sys_close(param->ioctlfd);
364}
365
366/*
367 * Send "ready" status for an existing wait (either a mount or an expire
368 * request).
369 */
370static int autofs_dev_ioctl_ready(struct file *fp,
371 struct autofs_sb_info *sbi,
372 struct autofs_dev_ioctl *param)
373{
374 autofs_wqt_t token;
375
Ian Kent730c9ee2009-01-06 14:42:06 -0800376 token = (autofs_wqt_t) param->ready.token;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700377 return autofs4_wait_release(sbi, token, 0);
378}
379
380/*
381 * Send "fail" status for an existing wait (either a mount or an expire
382 * request).
383 */
384static int autofs_dev_ioctl_fail(struct file *fp,
385 struct autofs_sb_info *sbi,
386 struct autofs_dev_ioctl *param)
387{
388 autofs_wqt_t token;
389 int status;
390
Ian Kent730c9ee2009-01-06 14:42:06 -0800391 token = (autofs_wqt_t) param->fail.token;
392 status = param->fail.status ? param->fail.status : -ENOENT;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700393 return autofs4_wait_release(sbi, token, status);
394}
395
396/*
397 * Set the pipe fd for kernel communication to the daemon.
398 *
399 * Normally this is set at mount using an option but if we
400 * are reconnecting to a busy mount then we need to use this
401 * to tell the autofs mount about the new kernel pipe fd. In
402 * order to protect mounts against incorrectly setting the
403 * pipefd we also require that the autofs mount be catatonic.
404 *
405 * This also sets the process group id used to identify the
406 * controlling process (eg. the owning automount(8) daemon).
407 */
408static int autofs_dev_ioctl_setpipefd(struct file *fp,
409 struct autofs_sb_info *sbi,
410 struct autofs_dev_ioctl *param)
411{
412 int pipefd;
413 int err = 0;
414
Ian Kent730c9ee2009-01-06 14:42:06 -0800415 if (param->setpipefd.pipefd == -1)
Ian Kent8d7b48e2008-10-15 22:02:54 -0700416 return -EINVAL;
417
Ian Kent730c9ee2009-01-06 14:42:06 -0800418 pipefd = param->setpipefd.pipefd;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700419
420 mutex_lock(&sbi->wq_mutex);
421 if (!sbi->catatonic) {
422 mutex_unlock(&sbi->wq_mutex);
423 return -EBUSY;
424 } else {
425 struct file *pipe = fget(pipefd);
426 if (!pipe->f_op || !pipe->f_op->write) {
427 err = -EPIPE;
428 fput(pipe);
429 goto out;
430 }
431 sbi->oz_pgrp = task_pgrp_nr(current);
432 sbi->pipefd = pipefd;
433 sbi->pipe = pipe;
434 sbi->catatonic = 0;
435 }
436out:
437 mutex_unlock(&sbi->wq_mutex);
438 return err;
439}
440
441/*
442 * Make the autofs mount point catatonic, no longer responsive to
443 * mount requests. Also closes the kernel pipe file descriptor.
444 */
445static int autofs_dev_ioctl_catatonic(struct file *fp,
446 struct autofs_sb_info *sbi,
447 struct autofs_dev_ioctl *param)
448{
449 autofs4_catatonic_mode(sbi);
450 return 0;
451}
452
453/* Set the autofs mount timeout */
454static int autofs_dev_ioctl_timeout(struct file *fp,
455 struct autofs_sb_info *sbi,
456 struct autofs_dev_ioctl *param)
457{
458 unsigned long timeout;
459
Ian Kent730c9ee2009-01-06 14:42:06 -0800460 timeout = param->timeout.timeout;
461 param->timeout.timeout = sbi->exp_timeout / HZ;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700462 sbi->exp_timeout = timeout * HZ;
463 return 0;
464}
465
466/*
467 * Return the uid and gid of the last request for the mount
468 *
469 * When reconstructing an autofs mount tree with active mounts
470 * we need to re-connect to mounts that may have used the original
471 * process uid and gid (or string variations of them) for mount
472 * lookups within the map entry.
473 */
474static int autofs_dev_ioctl_requester(struct file *fp,
475 struct autofs_sb_info *sbi,
476 struct autofs_dev_ioctl *param)
477{
478 struct autofs_info *ino;
479 struct nameidata nd;
480 const char *path;
481 dev_t devid;
482 int err = -ENOENT;
483
484 if (param->size <= sizeof(*param)) {
485 err = -EINVAL;
486 goto out;
487 }
488
489 path = param->path;
490 devid = sbi->sb->s_dev;
491
Ian Kent730c9ee2009-01-06 14:42:06 -0800492 param->requester.uid = param->requester.gid = -1;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700493
494 /* Get nameidata of the parent directory */
495 err = path_lookup(path, LOOKUP_PARENT, &nd);
496 if (err)
497 goto out;
498
499 err = autofs_dev_ioctl_find_super(&nd, devid);
500 if (err)
501 goto out_release;
502
503 ino = autofs4_dentry_ino(nd.path.dentry);
504 if (ino) {
505 err = 0;
506 autofs4_expire_wait(nd.path.dentry);
507 spin_lock(&sbi->fs_lock);
Ian Kent730c9ee2009-01-06 14:42:06 -0800508 param->requester.uid = ino->uid;
509 param->requester.gid = ino->gid;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700510 spin_unlock(&sbi->fs_lock);
511 }
512
513out_release:
514 path_put(&nd.path);
515out:
516 return err;
517}
518
519/*
520 * Call repeatedly until it returns -EAGAIN, meaning there's nothing
521 * more that can be done.
522 */
523static int autofs_dev_ioctl_expire(struct file *fp,
524 struct autofs_sb_info *sbi,
525 struct autofs_dev_ioctl *param)
526{
527 struct dentry *dentry;
528 struct vfsmount *mnt;
529 int err = -EAGAIN;
530 int how;
531
Ian Kent730c9ee2009-01-06 14:42:06 -0800532 how = param->expire.how;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700533 mnt = fp->f_path.mnt;
534
535 if (sbi->type & AUTOFS_TYPE_TRIGGER)
536 dentry = autofs4_expire_direct(sbi->sb, mnt, sbi, how);
537 else
538 dentry = autofs4_expire_indirect(sbi->sb, mnt, sbi, how);
539
540 if (dentry) {
541 struct autofs_info *ino = autofs4_dentry_ino(dentry);
542
543 /*
544 * This is synchronous because it makes the daemon a
545 * little easier
546 */
547 err = autofs4_wait(sbi, dentry, NFY_EXPIRE);
548
549 spin_lock(&sbi->fs_lock);
550 if (ino->flags & AUTOFS_INF_MOUNTPOINT) {
551 ino->flags &= ~AUTOFS_INF_MOUNTPOINT;
552 sbi->sb->s_root->d_mounted++;
553 }
554 ino->flags &= ~AUTOFS_INF_EXPIRING;
555 complete_all(&ino->expire_complete);
556 spin_unlock(&sbi->fs_lock);
557 dput(dentry);
558 }
559
560 return err;
561}
562
563/* Check if autofs mount point is in use */
564static int autofs_dev_ioctl_askumount(struct file *fp,
565 struct autofs_sb_info *sbi,
566 struct autofs_dev_ioctl *param)
567{
Ian Kent730c9ee2009-01-06 14:42:06 -0800568 param->askumount.may_umount = 0;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700569 if (may_umount(fp->f_path.mnt))
Ian Kent730c9ee2009-01-06 14:42:06 -0800570 param->askumount.may_umount = 1;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700571 return 0;
572}
573
574/*
575 * Check if the given path is a mountpoint.
576 *
577 * If we are supplied with the file descriptor of an autofs
578 * mount we're looking for a specific mount. In this case
579 * the path is considered a mountpoint if it is itself a
580 * mountpoint or contains a mount, such as a multi-mount
581 * without a root mount. In this case we return 1 if the
582 * path is a mount point and the super magic of the covering
583 * mount if there is one or 0 if it isn't a mountpoint.
584 *
585 * If we aren't supplied with a file descriptor then we
586 * lookup the nameidata of the path and check if it is the
587 * root of a mount. If a type is given we are looking for
588 * a particular autofs mount and if we don't find a match
589 * we return fail. If the located nameidata path is the
590 * root of a mount we return 1 along with the super magic
591 * of the mount or 0 otherwise.
592 *
593 * In both cases the the device number (as returned by
594 * new_encode_dev()) is also returned.
595 */
596static int autofs_dev_ioctl_ismountpoint(struct file *fp,
597 struct autofs_sb_info *sbi,
598 struct autofs_dev_ioctl *param)
599{
600 struct nameidata nd;
601 const char *path;
602 unsigned int type;
Ian Kent730c9ee2009-01-06 14:42:06 -0800603 unsigned int devid, magic;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700604 int err = -ENOENT;
605
606 if (param->size <= sizeof(*param)) {
607 err = -EINVAL;
608 goto out;
609 }
610
611 path = param->path;
Ian Kent730c9ee2009-01-06 14:42:06 -0800612 type = param->ismountpoint.in.type;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700613
Ian Kent730c9ee2009-01-06 14:42:06 -0800614 param->ismountpoint.out.devid = devid = 0;
615 param->ismountpoint.out.magic = magic = 0;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700616
617 if (!fp || param->ioctlfd == -1) {
618 if (type == AUTOFS_TYPE_ANY) {
619 struct super_block *sb;
620
621 err = path_lookup(path, LOOKUP_FOLLOW, &nd);
622 if (err)
623 goto out;
624
625 sb = nd.path.dentry->d_sb;
Ian Kent730c9ee2009-01-06 14:42:06 -0800626 devid = new_encode_dev(sb->s_dev);
Ian Kent8d7b48e2008-10-15 22:02:54 -0700627 } else {
628 struct autofs_info *ino;
629
630 err = path_lookup(path, LOOKUP_PARENT, &nd);
631 if (err)
632 goto out;
633
634 err = autofs_dev_ioctl_find_sbi_type(&nd, type);
635 if (err)
636 goto out_release;
637
638 ino = autofs4_dentry_ino(nd.path.dentry);
Ian Kent730c9ee2009-01-06 14:42:06 -0800639 devid = autofs4_get_dev(ino->sbi);
Ian Kent8d7b48e2008-10-15 22:02:54 -0700640 }
641
642 err = 0;
643 if (nd.path.dentry->d_inode &&
644 nd.path.mnt->mnt_root == nd.path.dentry) {
645 err = 1;
Ian Kent730c9ee2009-01-06 14:42:06 -0800646 magic = nd.path.dentry->d_inode->i_sb->s_magic;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700647 }
648 } else {
649 dev_t devid = new_encode_dev(sbi->sb->s_dev);
650
651 err = path_lookup(path, LOOKUP_PARENT, &nd);
652 if (err)
653 goto out;
654
655 err = autofs_dev_ioctl_find_super(&nd, devid);
656 if (err)
657 goto out_release;
658
Ian Kent730c9ee2009-01-06 14:42:06 -0800659 devid = autofs4_get_dev(sbi);
Ian Kent8d7b48e2008-10-15 22:02:54 -0700660
661 err = have_submounts(nd.path.dentry);
662
663 if (nd.path.mnt->mnt_mountpoint != nd.path.mnt->mnt_root) {
664 if (follow_down(&nd.path.mnt, &nd.path.dentry)) {
665 struct inode *inode = nd.path.dentry->d_inode;
Ian Kent730c9ee2009-01-06 14:42:06 -0800666 magic = inode->i_sb->s_magic;
Ian Kent8d7b48e2008-10-15 22:02:54 -0700667 }
668 }
669 }
670
Ian Kent730c9ee2009-01-06 14:42:06 -0800671 param->ismountpoint.out.devid = devid;
672 param->ismountpoint.out.magic = magic;
673
Ian Kent8d7b48e2008-10-15 22:02:54 -0700674out_release:
675 path_put(&nd.path);
676out:
677 return err;
678}
679
680/*
681 * Our range of ioctl numbers isn't 0 based so we need to shift
682 * the array index by _IOC_NR(AUTOFS_CTL_IOC_FIRST) for the table
683 * lookup.
684 */
685#define cmd_idx(cmd) (cmd - _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST))
686
687static ioctl_fn lookup_dev_ioctl(unsigned int cmd)
688{
689 static struct {
690 int cmd;
691 ioctl_fn fn;
692 } _ioctls[] = {
693 {cmd_idx(AUTOFS_DEV_IOCTL_VERSION_CMD), NULL},
694 {cmd_idx(AUTOFS_DEV_IOCTL_PROTOVER_CMD),
695 autofs_dev_ioctl_protover},
696 {cmd_idx(AUTOFS_DEV_IOCTL_PROTOSUBVER_CMD),
697 autofs_dev_ioctl_protosubver},
698 {cmd_idx(AUTOFS_DEV_IOCTL_OPENMOUNT_CMD),
699 autofs_dev_ioctl_openmount},
700 {cmd_idx(AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD),
701 autofs_dev_ioctl_closemount},
702 {cmd_idx(AUTOFS_DEV_IOCTL_READY_CMD),
703 autofs_dev_ioctl_ready},
704 {cmd_idx(AUTOFS_DEV_IOCTL_FAIL_CMD),
705 autofs_dev_ioctl_fail},
706 {cmd_idx(AUTOFS_DEV_IOCTL_SETPIPEFD_CMD),
707 autofs_dev_ioctl_setpipefd},
708 {cmd_idx(AUTOFS_DEV_IOCTL_CATATONIC_CMD),
709 autofs_dev_ioctl_catatonic},
710 {cmd_idx(AUTOFS_DEV_IOCTL_TIMEOUT_CMD),
711 autofs_dev_ioctl_timeout},
712 {cmd_idx(AUTOFS_DEV_IOCTL_REQUESTER_CMD),
713 autofs_dev_ioctl_requester},
714 {cmd_idx(AUTOFS_DEV_IOCTL_EXPIRE_CMD),
715 autofs_dev_ioctl_expire},
716 {cmd_idx(AUTOFS_DEV_IOCTL_ASKUMOUNT_CMD),
717 autofs_dev_ioctl_askumount},
718 {cmd_idx(AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD),
719 autofs_dev_ioctl_ismountpoint}
720 };
721 unsigned int idx = cmd_idx(cmd);
722
723 return (idx >= ARRAY_SIZE(_ioctls)) ? NULL : _ioctls[idx].fn;
724}
725
726/* ioctl dispatcher */
727static int _autofs_dev_ioctl(unsigned int command, struct autofs_dev_ioctl __user *user)
728{
729 struct autofs_dev_ioctl *param;
730 struct file *fp;
731 struct autofs_sb_info *sbi;
732 unsigned int cmd_first, cmd;
733 ioctl_fn fn = NULL;
734 int err = 0;
735
736 /* only root can play with this */
737 if (!capable(CAP_SYS_ADMIN))
738 return -EPERM;
739
740 cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST);
741 cmd = _IOC_NR(command);
742
743 if (_IOC_TYPE(command) != _IOC_TYPE(AUTOFS_DEV_IOCTL_IOC_FIRST) ||
744 cmd - cmd_first >= AUTOFS_DEV_IOCTL_IOC_COUNT) {
745 return -ENOTTY;
746 }
747
748 /* Copy the parameters into kernel space. */
749 param = copy_dev_ioctl(user);
750 if (IS_ERR(param))
751 return PTR_ERR(param);
752
753 err = validate_dev_ioctl(command, param);
754 if (err)
755 goto out;
756
757 /* The validate routine above always sets the version */
758 if (cmd == AUTOFS_DEV_IOCTL_VERSION_CMD)
759 goto done;
760
761 fn = lookup_dev_ioctl(cmd);
762 if (!fn) {
763 AUTOFS_WARN("unknown command 0x%08x", command);
764 return -ENOTTY;
765 }
766
767 fp = NULL;
768 sbi = NULL;
769
770 /*
771 * For obvious reasons the openmount can't have a file
772 * descriptor yet. We don't take a reference to the
773 * file during close to allow for immediate release.
774 */
775 if (cmd != AUTOFS_DEV_IOCTL_OPENMOUNT_CMD &&
776 cmd != AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD) {
777 fp = fget(param->ioctlfd);
778 if (!fp) {
779 if (cmd == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD)
780 goto cont;
781 err = -EBADF;
782 goto out;
783 }
784
785 if (!fp->f_op) {
786 err = -ENOTTY;
787 fput(fp);
788 goto out;
789 }
790
791 sbi = autofs_dev_ioctl_sbi(fp);
792 if (!sbi || sbi->magic != AUTOFS_SBI_MAGIC) {
793 err = -EINVAL;
794 fput(fp);
795 goto out;
796 }
797
798 /*
799 * Admin needs to be able to set the mount catatonic in
800 * order to be able to perform the re-open.
801 */
802 if (!autofs4_oz_mode(sbi) &&
803 cmd != AUTOFS_DEV_IOCTL_CATATONIC_CMD) {
804 err = -EACCES;
805 fput(fp);
806 goto out;
807 }
808 }
809cont:
810 err = fn(fp, sbi, param);
811
812 if (fp)
813 fput(fp);
814done:
815 if (err >= 0 && copy_to_user(user, param, AUTOFS_DEV_IOCTL_SIZE))
816 err = -EFAULT;
817out:
818 free_dev_ioctl(param);
819 return err;
820}
821
822static long autofs_dev_ioctl(struct file *file, uint command, ulong u)
823{
824 int err;
825 err = _autofs_dev_ioctl(command, (struct autofs_dev_ioctl __user *) u);
826 return (long) err;
827}
828
829#ifdef CONFIG_COMPAT
830static long autofs_dev_ioctl_compat(struct file *file, uint command, ulong u)
831{
832 return (long) autofs_dev_ioctl(file, command, (ulong) compat_ptr(u));
833}
834#else
835#define autofs_dev_ioctl_compat NULL
836#endif
837
838static const struct file_operations _dev_ioctl_fops = {
839 .unlocked_ioctl = autofs_dev_ioctl,
840 .compat_ioctl = autofs_dev_ioctl_compat,
841 .owner = THIS_MODULE,
842};
843
844static struct miscdevice _autofs_dev_ioctl_misc = {
845 .minor = MISC_DYNAMIC_MINOR,
846 .name = AUTOFS_DEVICE_NAME,
847 .fops = &_dev_ioctl_fops
848};
849
850/* Register/deregister misc character device */
851int autofs_dev_ioctl_init(void)
852{
853 int r;
854
855 r = misc_register(&_autofs_dev_ioctl_misc);
856 if (r) {
857 AUTOFS_ERROR("misc_register failed for control device");
858 return r;
859 }
860
861 return 0;
862}
863
864void autofs_dev_ioctl_exit(void)
865{
866 misc_deregister(&_autofs_dev_ioctl_misc);
867 return;
868}
869