2 * Copyright 2008 Red Hat, Inc. All rights reserved.
3 * Copyright 2008 Ian Kent <raven@themaw.net>
5 * This file is part of the Linux kernel and is made available under
6 * the terms of the GNU General Public License, version 2, or at your
7 * option, any later version, incorporated herein by reference.
10 #include <linux/module.h>
11 #include <linux/vmalloc.h>
12 #include <linux/miscdevice.h>
13 #include <linux/init.h>
14 #include <linux/wait.h>
15 #include <linux/namei.h>
16 #include <linux/fcntl.h>
17 #include <linux/file.h>
18 #include <linux/fdtable.h>
19 #include <linux/sched.h>
20 #include <linux/compat.h>
21 #include <linux/syscalls.h>
22 #include <linux/magic.h>
23 #include <linux/dcache.h>
24 #include <linux/uaccess.h>
25 #include <linux/slab.h>
30 * This module implements an interface for routing autofs ioctl control
31 * commands via a miscellaneous device file.
33 * The alternate interface is needed because we need to be able open
34 * an ioctl file descriptor on an autofs mount that may be covered by
35 * another mount. This situation arises when starting automount(8)
36 * or other user space daemon which uses direct mounts or offset
37 * mounts (used for autofs lazy mount/umount of nested mount trees),
38 * which have been left busy at at service shutdown.
41 #define AUTOFS_DEV_IOCTL_SIZE sizeof(struct autofs_dev_ioctl)
43 typedef int (*ioctl_fn)(struct file *, struct autofs_sb_info *,
44 struct autofs_dev_ioctl *);
46 static int check_name(const char *name)
48 if (!strchr(name, '/'))
54 * Check a string doesn't overrun the chunk of
55 * memory we copied from user land.
57 static int invalid_str(char *str, size_t size)
59 if (memchr(str, 0, size))
65 * Check that the user compiled against correct version of autofs
68 * As well as checking the version compatibility this always copies
69 * the kernel interface version out.
71 static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
75 if ((AUTOFS_DEV_IOCTL_VERSION_MAJOR != param->ver_major) ||
76 (AUTOFS_DEV_IOCTL_VERSION_MINOR < param->ver_minor)) {
77 AUTOFS_WARN("ioctl control interface version mismatch: "
78 "kernel(%u.%u), user(%u.%u), cmd(%d)",
79 AUTOFS_DEV_IOCTL_VERSION_MAJOR,
80 AUTOFS_DEV_IOCTL_VERSION_MINOR,
81 param->ver_major, param->ver_minor, cmd);
85 /* Fill in the kernel version. */
86 param->ver_major = AUTOFS_DEV_IOCTL_VERSION_MAJOR;
87 param->ver_minor = AUTOFS_DEV_IOCTL_VERSION_MINOR;
93 * Copy parameter control struct, including a possible path allocated
94 * at the end of the struct.
96 static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
98 struct autofs_dev_ioctl tmp, *res;
100 if (copy_from_user(&tmp, in, sizeof(tmp)))
101 return ERR_PTR(-EFAULT);
103 if (tmp.size < sizeof(tmp))
104 return ERR_PTR(-EINVAL);
106 res = memdup_user(in, tmp.size);
108 res->size = tmp.size;
113 static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
120 * Check sanity of parameter control fields and if a path is present
121 * check that it is terminated and contains at least one "/".
123 static int validate_dev_ioctl(int cmd, struct autofs_dev_ioctl *param)
127 err = check_dev_ioctl_version(cmd, param);
129 AUTOFS_WARN("invalid device control module version "
130 "supplied for cmd(0x%08x)", cmd);
134 if (param->size > sizeof(*param)) {
135 err = invalid_str(param->path, param->size - sizeof(*param));
138 "path string terminator missing for cmd(0x%08x)",
143 err = check_name(param->path);
145 AUTOFS_WARN("invalid path supplied for cmd(0x%08x)",
157 * Get the autofs super block info struct from the file opened on
158 * the autofs mount point.
160 static struct autofs_sb_info *autofs_dev_ioctl_sbi(struct file *f)
162 struct autofs_sb_info *sbi = NULL;
166 inode = file_inode(f);
167 sbi = autofs4_sbi(inode->i_sb);
172 /* Return autofs module protocol version */
173 static int autofs_dev_ioctl_protover(struct file *fp,
174 struct autofs_sb_info *sbi,
175 struct autofs_dev_ioctl *param)
177 param->protover.version = sbi->version;
181 /* Return autofs module protocol sub version */
182 static int autofs_dev_ioctl_protosubver(struct file *fp,
183 struct autofs_sb_info *sbi,
184 struct autofs_dev_ioctl *param)
186 param->protosubver.sub_version = sbi->sub_version;
190 static int find_autofs_mount(const char *pathname,
192 int test(struct path *path, void *data),
196 int err = kern_path(pathname, 0, &path);
200 while (path.dentry == path.mnt->mnt_root) {
201 if (path.dentry->d_sb->s_magic == AUTOFS_SUPER_MAGIC) {
202 if (test(&path, data)) {
204 if (!err) /* already found some */
210 if (!follow_up(&path))
217 static int test_by_dev(struct path *path, void *p)
219 return path->dentry->d_sb->s_dev == *(dev_t *)p;
222 static int test_by_type(struct path *path, void *p)
224 struct autofs_info *ino = autofs4_dentry_ino(path->dentry);
225 return ino && ino->sbi->type & *(unsigned *)p;
229 * Open a file descriptor on the autofs mount point corresponding
230 * to the given path and device number (aka. new_encode_dev(sb->s_dev)).
232 static int autofs_dev_ioctl_open_mountpoint(const char *name, dev_t devid)
236 fd = get_unused_fd_flags(O_CLOEXEC);
237 if (likely(fd >= 0)) {
241 err = find_autofs_mount(name, &path, test_by_dev, &devid);
246 * Find autofs super block that has the device number
247 * corresponding to the autofs fs we want to open.
250 filp = dentry_open(&path, O_RDONLY, current_cred());
257 fd_install(fd, filp);
267 /* Open a file descriptor on an autofs mount point */
268 static int autofs_dev_ioctl_openmount(struct file *fp,
269 struct autofs_sb_info *sbi,
270 struct autofs_dev_ioctl *param)
276 /* param->path has already been checked */
277 if (!param->openmount.devid)
283 devid = new_decode_dev(param->openmount.devid);
286 fd = autofs_dev_ioctl_open_mountpoint(path, devid);
287 if (unlikely(fd < 0)) {
297 /* Close file descriptor allocated above (user can also use close(2)). */
298 static int autofs_dev_ioctl_closemount(struct file *fp,
299 struct autofs_sb_info *sbi,
300 struct autofs_dev_ioctl *param)
302 return sys_close(param->ioctlfd);
306 * Send "ready" status for an existing wait (either a mount or an expire
309 static int autofs_dev_ioctl_ready(struct file *fp,
310 struct autofs_sb_info *sbi,
311 struct autofs_dev_ioctl *param)
315 token = (autofs_wqt_t) param->ready.token;
316 return autofs4_wait_release(sbi, token, 0);
320 * Send "fail" status for an existing wait (either a mount or an expire
323 static int autofs_dev_ioctl_fail(struct file *fp,
324 struct autofs_sb_info *sbi,
325 struct autofs_dev_ioctl *param)
330 token = (autofs_wqt_t) param->fail.token;
331 status = param->fail.status ? param->fail.status : -ENOENT;
332 return autofs4_wait_release(sbi, token, status);
336 * Set the pipe fd for kernel communication to the daemon.
338 * Normally this is set at mount using an option but if we
339 * are reconnecting to a busy mount then we need to use this
340 * to tell the autofs mount about the new kernel pipe fd. In
341 * order to protect mounts against incorrectly setting the
342 * pipefd we also require that the autofs mount be catatonic.
344 * This also sets the process group id used to identify the
345 * controlling process (eg. the owning automount(8) daemon).
347 static int autofs_dev_ioctl_setpipefd(struct file *fp,
348 struct autofs_sb_info *sbi,
349 struct autofs_dev_ioctl *param)
354 if (param->setpipefd.pipefd == -1)
357 pipefd = param->setpipefd.pipefd;
359 mutex_lock(&sbi->wq_mutex);
360 if (!sbi->catatonic) {
361 mutex_unlock(&sbi->wq_mutex);
364 struct file *pipe = fget(pipefd);
369 if (autofs_prepare_pipe(pipe) < 0) {
374 sbi->oz_pgrp = task_pgrp_nr(current);
375 sbi->pipefd = pipefd;
380 mutex_unlock(&sbi->wq_mutex);
385 * Make the autofs mount point catatonic, no longer responsive to
386 * mount requests. Also closes the kernel pipe file descriptor.
388 static int autofs_dev_ioctl_catatonic(struct file *fp,
389 struct autofs_sb_info *sbi,
390 struct autofs_dev_ioctl *param)
392 autofs4_catatonic_mode(sbi);
396 /* Set the autofs mount timeout */
397 static int autofs_dev_ioctl_timeout(struct file *fp,
398 struct autofs_sb_info *sbi,
399 struct autofs_dev_ioctl *param)
401 unsigned long timeout;
403 timeout = param->timeout.timeout;
404 param->timeout.timeout = sbi->exp_timeout / HZ;
405 sbi->exp_timeout = timeout * HZ;
410 * Return the uid and gid of the last request for the mount
412 * When reconstructing an autofs mount tree with active mounts
413 * we need to re-connect to mounts that may have used the original
414 * process uid and gid (or string variations of them) for mount
415 * lookups within the map entry.
417 static int autofs_dev_ioctl_requester(struct file *fp,
418 struct autofs_sb_info *sbi,
419 struct autofs_dev_ioctl *param)
421 struct autofs_info *ino;
426 if (param->size <= sizeof(*param)) {
431 devid = sbi->sb->s_dev;
433 param->requester.uid = param->requester.gid = -1;
435 err = find_autofs_mount(param->path, &path, test_by_dev, &devid);
439 ino = autofs4_dentry_ino(path.dentry);
442 autofs4_expire_wait(path.dentry);
443 spin_lock(&sbi->fs_lock);
444 param->requester.uid = from_kuid_munged(current_user_ns(), ino->uid);
445 param->requester.gid = from_kgid_munged(current_user_ns(), ino->gid);
446 spin_unlock(&sbi->fs_lock);
454 * Call repeatedly until it returns -EAGAIN, meaning there's nothing
455 * more that can be done.
457 static int autofs_dev_ioctl_expire(struct file *fp,
458 struct autofs_sb_info *sbi,
459 struct autofs_dev_ioctl *param)
461 struct vfsmount *mnt;
464 how = param->expire.how;
465 mnt = fp->f_path.mnt;
467 return autofs4_do_expire_multi(sbi->sb, mnt, sbi, how);
470 /* Check if autofs mount point is in use */
471 static int autofs_dev_ioctl_askumount(struct file *fp,
472 struct autofs_sb_info *sbi,
473 struct autofs_dev_ioctl *param)
475 param->askumount.may_umount = 0;
476 if (may_umount(fp->f_path.mnt))
477 param->askumount.may_umount = 1;
482 * Check if the given path is a mountpoint.
484 * If we are supplied with the file descriptor of an autofs
485 * mount we're looking for a specific mount. In this case
486 * the path is considered a mountpoint if it is itself a
487 * mountpoint or contains a mount, such as a multi-mount
488 * without a root mount. In this case we return 1 if the
489 * path is a mount point and the super magic of the covering
490 * mount if there is one or 0 if it isn't a mountpoint.
492 * If we aren't supplied with a file descriptor then we
493 * lookup the nameidata of the path and check if it is the
494 * root of a mount. If a type is given we are looking for
495 * a particular autofs mount and if we don't find a match
496 * we return fail. If the located nameidata path is the
497 * root of a mount we return 1 along with the super magic
498 * of the mount or 0 otherwise.
500 * In both cases the the device number (as returned by
501 * new_encode_dev()) is also returned.
503 static int autofs_dev_ioctl_ismountpoint(struct file *fp,
504 struct autofs_sb_info *sbi,
505 struct autofs_dev_ioctl *param)
510 unsigned int devid, magic;
513 if (param->size <= sizeof(*param)) {
519 type = param->ismountpoint.in.type;
521 param->ismountpoint.out.devid = devid = 0;
522 param->ismountpoint.out.magic = magic = 0;
524 if (!fp || param->ioctlfd == -1) {
525 if (autofs_type_any(type))
526 err = kern_path(name, LOOKUP_FOLLOW, &path);
528 err = find_autofs_mount(name, &path, test_by_type, &type);
531 devid = new_encode_dev(path.dentry->d_sb->s_dev);
533 if (path.mnt->mnt_root == path.dentry) {
535 magic = path.dentry->d_sb->s_magic;
538 dev_t dev = sbi->sb->s_dev;
540 err = find_autofs_mount(name, &path, test_by_dev, &dev);
544 devid = new_encode_dev(dev);
546 err = have_submounts(path.dentry);
548 if (follow_down_one(&path))
549 magic = path.dentry->d_sb->s_magic;
552 param->ismountpoint.out.devid = devid;
553 param->ismountpoint.out.magic = magic;
560 * Our range of ioctl numbers isn't 0 based so we need to shift
561 * the array index by _IOC_NR(AUTOFS_CTL_IOC_FIRST) for the table
564 #define cmd_idx(cmd) (cmd - _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST))
566 static ioctl_fn lookup_dev_ioctl(unsigned int cmd)
572 {cmd_idx(AUTOFS_DEV_IOCTL_VERSION_CMD), NULL},
573 {cmd_idx(AUTOFS_DEV_IOCTL_PROTOVER_CMD),
574 autofs_dev_ioctl_protover},
575 {cmd_idx(AUTOFS_DEV_IOCTL_PROTOSUBVER_CMD),
576 autofs_dev_ioctl_protosubver},
577 {cmd_idx(AUTOFS_DEV_IOCTL_OPENMOUNT_CMD),
578 autofs_dev_ioctl_openmount},
579 {cmd_idx(AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD),
580 autofs_dev_ioctl_closemount},
581 {cmd_idx(AUTOFS_DEV_IOCTL_READY_CMD),
582 autofs_dev_ioctl_ready},
583 {cmd_idx(AUTOFS_DEV_IOCTL_FAIL_CMD),
584 autofs_dev_ioctl_fail},
585 {cmd_idx(AUTOFS_DEV_IOCTL_SETPIPEFD_CMD),
586 autofs_dev_ioctl_setpipefd},
587 {cmd_idx(AUTOFS_DEV_IOCTL_CATATONIC_CMD),
588 autofs_dev_ioctl_catatonic},
589 {cmd_idx(AUTOFS_DEV_IOCTL_TIMEOUT_CMD),
590 autofs_dev_ioctl_timeout},
591 {cmd_idx(AUTOFS_DEV_IOCTL_REQUESTER_CMD),
592 autofs_dev_ioctl_requester},
593 {cmd_idx(AUTOFS_DEV_IOCTL_EXPIRE_CMD),
594 autofs_dev_ioctl_expire},
595 {cmd_idx(AUTOFS_DEV_IOCTL_ASKUMOUNT_CMD),
596 autofs_dev_ioctl_askumount},
597 {cmd_idx(AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD),
598 autofs_dev_ioctl_ismountpoint}
600 unsigned int idx = cmd_idx(cmd);
602 return (idx >= ARRAY_SIZE(_ioctls)) ? NULL : _ioctls[idx].fn;
605 /* ioctl dispatcher */
606 static int _autofs_dev_ioctl(unsigned int command, struct autofs_dev_ioctl __user *user)
608 struct autofs_dev_ioctl *param;
610 struct autofs_sb_info *sbi;
611 unsigned int cmd_first, cmd;
615 /* only root can play with this */
616 if (!capable(CAP_SYS_ADMIN))
619 cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST);
620 cmd = _IOC_NR(command);
622 if (_IOC_TYPE(command) != _IOC_TYPE(AUTOFS_DEV_IOCTL_IOC_FIRST) ||
623 cmd - cmd_first >= AUTOFS_DEV_IOCTL_IOC_COUNT) {
627 /* Copy the parameters into kernel space. */
628 param = copy_dev_ioctl(user);
630 return PTR_ERR(param);
632 err = validate_dev_ioctl(command, param);
636 /* The validate routine above always sets the version */
637 if (cmd == AUTOFS_DEV_IOCTL_VERSION_CMD)
640 fn = lookup_dev_ioctl(cmd);
642 AUTOFS_WARN("unknown command 0x%08x", command);
650 * For obvious reasons the openmount can't have a file
651 * descriptor yet. We don't take a reference to the
652 * file during close to allow for immediate release.
654 if (cmd != AUTOFS_DEV_IOCTL_OPENMOUNT_CMD &&
655 cmd != AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD) {
656 fp = fget(param->ioctlfd);
658 if (cmd == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD)
670 sbi = autofs_dev_ioctl_sbi(fp);
671 if (!sbi || sbi->magic != AUTOFS_SBI_MAGIC) {
678 * Admin needs to be able to set the mount catatonic in
679 * order to be able to perform the re-open.
681 if (!autofs4_oz_mode(sbi) &&
682 cmd != AUTOFS_DEV_IOCTL_CATATONIC_CMD) {
689 err = fn(fp, sbi, param);
694 if (err >= 0 && copy_to_user(user, param, AUTOFS_DEV_IOCTL_SIZE))
697 free_dev_ioctl(param);
701 static long autofs_dev_ioctl(struct file *file, uint command, ulong u)
704 err = _autofs_dev_ioctl(command, (struct autofs_dev_ioctl __user *) u);
709 static long autofs_dev_ioctl_compat(struct file *file, uint command, ulong u)
711 return (long) autofs_dev_ioctl(file, command, (ulong) compat_ptr(u));
714 #define autofs_dev_ioctl_compat NULL
717 static const struct file_operations _dev_ioctl_fops = {
718 .unlocked_ioctl = autofs_dev_ioctl,
719 .compat_ioctl = autofs_dev_ioctl_compat,
720 .owner = THIS_MODULE,
721 .llseek = noop_llseek,
724 static struct miscdevice _autofs_dev_ioctl_misc = {
725 .minor = AUTOFS_MINOR,
726 .name = AUTOFS_DEVICE_NAME,
727 .fops = &_dev_ioctl_fops
730 MODULE_ALIAS_MISCDEV(AUTOFS_MINOR);
731 MODULE_ALIAS("devname:autofs");
733 /* Register/deregister misc character device */
734 int autofs_dev_ioctl_init(void)
738 r = misc_register(&_autofs_dev_ioctl_misc);
740 AUTOFS_ERROR("misc_register failed for control device");
747 void autofs_dev_ioctl_exit(void)
749 misc_deregister(&_autofs_dev_ioctl_misc);