1 /*
2 * Copyright 2008 Red Hat, Inc. All rights reserved.
3 * Copyright 2008 Ian Kent <raven@themaw.net>
4 *
5 * This file is part of the Linux kernel and is made available under
6 * the terms of the GNU General Public License, version 2, or at your
7 * option, any later version, incorporated herein by reference.
8 */
9
10 #include <linux/module.h>
11 #include <linux/vmalloc.h>
12 #include <linux/miscdevice.h>
13 #include <linux/init.h>
14 #include <linux/wait.h>
15 #include <linux/namei.h>
16 #include <linux/fcntl.h>
17 #include <linux/file.h>
18 #include <linux/fdtable.h>
19 #include <linux/sched.h>
20 #include <linux/compat.h>
21 #include <linux/syscalls.h>
22 #include <linux/magic.h>
23 #include <linux/dcache.h>
24 #include <linux/uaccess.h>
25 #include <linux/slab.h>
26
27 #include "autofs_i.h"
28
29 /*
30 * This module implements an interface for routing autofs ioctl control
31 * commands via a miscellaneous device file.
32 *
33 * The alternate interface is needed because we need to be able open
34 * an ioctl file descriptor on an autofs mount that may be covered by
35 * another mount. This situation arises when starting automount(8)
36 * or other user space daemon which uses direct mounts or offset
37 * mounts (used for autofs lazy mount/umount of nested mount trees),
38 * which have been left busy at at service shutdown.
39 */
40
41 #define AUTOFS_DEV_IOCTL_SIZE sizeof(struct autofs_dev_ioctl)
42
43 typedef int (*ioctl_fn)(struct file *, struct autofs_sb_info *,
44 struct autofs_dev_ioctl *);
45
check_name(const char * name)46 static int check_name(const char *name)
47 {
48 if (!strchr(name, '/'))
49 return -EINVAL;
50 return 0;
51 }
52
53 /*
54 * Check a string doesn't overrun the chunk of
55 * memory we copied from user land.
56 */
invalid_str(char * str,size_t size)57 static int invalid_str(char *str, size_t size)
58 {
59 if (memchr(str, 0, size))
60 return 0;
61 return -EINVAL;
62 }
63
64 /*
65 * Check that the user compiled against correct version of autofs
66 * misc device code.
67 *
68 * As well as checking the version compatibility this always copies
69 * the kernel interface version out.
70 */
check_dev_ioctl_version(int cmd,struct autofs_dev_ioctl * param)71 static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
72 {
73 int err = 0;
74
75 if ((AUTOFS_DEV_IOCTL_VERSION_MAJOR != param->ver_major) ||
76 (AUTOFS_DEV_IOCTL_VERSION_MINOR < param->ver_minor)) {
77 AUTOFS_WARN("ioctl control interface version mismatch: "
78 "kernel(%u.%u), user(%u.%u), cmd(%d)",
79 AUTOFS_DEV_IOCTL_VERSION_MAJOR,
80 AUTOFS_DEV_IOCTL_VERSION_MINOR,
81 param->ver_major, param->ver_minor, cmd);
82 err = -EINVAL;
83 }
84
85 /* Fill in the kernel version. */
86 param->ver_major = AUTOFS_DEV_IOCTL_VERSION_MAJOR;
87 param->ver_minor = AUTOFS_DEV_IOCTL_VERSION_MINOR;
88
89 return err;
90 }
91
92 /*
93 * Copy parameter control struct, including a possible path allocated
94 * at the end of the struct.
95 */
copy_dev_ioctl(struct autofs_dev_ioctl __user * in)96 static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
97 {
98 struct autofs_dev_ioctl tmp;
99
100 if (copy_from_user(&tmp, in, sizeof(tmp)))
101 return ERR_PTR(-EFAULT);
102
103 if (tmp.size < sizeof(tmp))
104 return ERR_PTR(-EINVAL);
105
106 return memdup_user(in, tmp.size);
107 }
108
free_dev_ioctl(struct autofs_dev_ioctl * param)109 static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
110 {
111 kfree(param);
112 return;
113 }
114
115 /*
116 * Check sanity of parameter control fields and if a path is present
117 * check that it is terminated and contains at least one "/".
118 */
validate_dev_ioctl(int cmd,struct autofs_dev_ioctl * param)119 static int validate_dev_ioctl(int cmd, struct autofs_dev_ioctl *param)
120 {
121 int err;
122
123 err = check_dev_ioctl_version(cmd, param);
124 if (err) {
125 AUTOFS_WARN("invalid device control module version "
126 "supplied for cmd(0x%08x)", cmd);
127 goto out;
128 }
129
130 if (param->size > sizeof(*param)) {
131 err = invalid_str(param->path, param->size - sizeof(*param));
132 if (err) {
133 AUTOFS_WARN(
134 "path string terminator missing for cmd(0x%08x)",
135 cmd);
136 goto out;
137 }
138
139 err = check_name(param->path);
140 if (err) {
141 AUTOFS_WARN("invalid path supplied for cmd(0x%08x)",
142 cmd);
143 goto out;
144 }
145 }
146
147 err = 0;
148 out:
149 return err;
150 }
151
152 /*
153 * Get the autofs super block info struct from the file opened on
154 * the autofs mount point.
155 */
autofs_dev_ioctl_sbi(struct file * f)156 static struct autofs_sb_info *autofs_dev_ioctl_sbi(struct file *f)
157 {
158 struct autofs_sb_info *sbi = NULL;
159 struct inode *inode;
160
161 if (f) {
162 inode = f->f_path.dentry->d_inode;
163 sbi = autofs4_sbi(inode->i_sb);
164 }
165 return sbi;
166 }
167
168 /* Return autofs module protocol version */
autofs_dev_ioctl_protover(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)169 static int autofs_dev_ioctl_protover(struct file *fp,
170 struct autofs_sb_info *sbi,
171 struct autofs_dev_ioctl *param)
172 {
173 param->protover.version = sbi->version;
174 return 0;
175 }
176
177 /* Return autofs module protocol sub version */
autofs_dev_ioctl_protosubver(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)178 static int autofs_dev_ioctl_protosubver(struct file *fp,
179 struct autofs_sb_info *sbi,
180 struct autofs_dev_ioctl *param)
181 {
182 param->protosubver.sub_version = sbi->sub_version;
183 return 0;
184 }
185
find_autofs_mount(const char * pathname,struct path * res,int test (struct path * path,void * data),void * data)186 static int find_autofs_mount(const char *pathname,
187 struct path *res,
188 int test(struct path *path, void *data),
189 void *data)
190 {
191 struct path path;
192 int err = kern_path(pathname, 0, &path);
193 if (err)
194 return err;
195 err = -ENOENT;
196 while (path.dentry == path.mnt->mnt_root) {
197 if (path.dentry->d_sb->s_magic == AUTOFS_SUPER_MAGIC) {
198 if (test(&path, data)) {
199 path_get(&path);
200 if (!err) /* already found some */
201 path_put(res);
202 *res = path;
203 err = 0;
204 }
205 }
206 if (!follow_up(&path))
207 break;
208 }
209 path_put(&path);
210 return err;
211 }
212
test_by_dev(struct path * path,void * p)213 static int test_by_dev(struct path *path, void *p)
214 {
215 return path->dentry->d_sb->s_dev == *(dev_t *)p;
216 }
217
test_by_type(struct path * path,void * p)218 static int test_by_type(struct path *path, void *p)
219 {
220 struct autofs_info *ino = autofs4_dentry_ino(path->dentry);
221 return ino && ino->sbi->type & *(unsigned *)p;
222 }
223
autofs_dev_ioctl_fd_install(unsigned int fd,struct file * file)224 static void autofs_dev_ioctl_fd_install(unsigned int fd, struct file *file)
225 {
226 struct files_struct *files = current->files;
227 struct fdtable *fdt;
228
229 spin_lock(&files->file_lock);
230 fdt = files_fdtable(files);
231 BUG_ON(fdt->fd[fd] != NULL);
232 rcu_assign_pointer(fdt->fd[fd], file);
233 __set_close_on_exec(fd, fdt);
234 spin_unlock(&files->file_lock);
235 }
236
237
238 /*
239 * Open a file descriptor on the autofs mount point corresponding
240 * to the given path and device number (aka. new_encode_dev(sb->s_dev)).
241 */
autofs_dev_ioctl_open_mountpoint(const char * name,dev_t devid)242 static int autofs_dev_ioctl_open_mountpoint(const char *name, dev_t devid)
243 {
244 int err, fd;
245
246 fd = get_unused_fd();
247 if (likely(fd >= 0)) {
248 struct file *filp;
249 struct path path;
250
251 err = find_autofs_mount(name, &path, test_by_dev, &devid);
252 if (err)
253 goto out;
254
255 /*
256 * Find autofs super block that has the device number
257 * corresponding to the autofs fs we want to open.
258 */
259
260 filp = dentry_open(path.dentry, path.mnt, O_RDONLY,
261 current_cred());
262 if (IS_ERR(filp)) {
263 err = PTR_ERR(filp);
264 goto out;
265 }
266
267 autofs_dev_ioctl_fd_install(fd, filp);
268 }
269
270 return fd;
271
272 out:
273 put_unused_fd(fd);
274 return err;
275 }
276
277 /* Open a file descriptor on an autofs mount point */
autofs_dev_ioctl_openmount(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)278 static int autofs_dev_ioctl_openmount(struct file *fp,
279 struct autofs_sb_info *sbi,
280 struct autofs_dev_ioctl *param)
281 {
282 const char *path;
283 dev_t devid;
284 int err, fd;
285
286 /* param->path has already been checked */
287 if (!param->openmount.devid)
288 return -EINVAL;
289
290 param->ioctlfd = -1;
291
292 path = param->path;
293 devid = new_decode_dev(param->openmount.devid);
294
295 err = 0;
296 fd = autofs_dev_ioctl_open_mountpoint(path, devid);
297 if (unlikely(fd < 0)) {
298 err = fd;
299 goto out;
300 }
301
302 param->ioctlfd = fd;
303 out:
304 return err;
305 }
306
307 /* Close file descriptor allocated above (user can also use close(2)). */
autofs_dev_ioctl_closemount(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)308 static int autofs_dev_ioctl_closemount(struct file *fp,
309 struct autofs_sb_info *sbi,
310 struct autofs_dev_ioctl *param)
311 {
312 return sys_close(param->ioctlfd);
313 }
314
315 /*
316 * Send "ready" status for an existing wait (either a mount or an expire
317 * request).
318 */
autofs_dev_ioctl_ready(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)319 static int autofs_dev_ioctl_ready(struct file *fp,
320 struct autofs_sb_info *sbi,
321 struct autofs_dev_ioctl *param)
322 {
323 autofs_wqt_t token;
324
325 token = (autofs_wqt_t) param->ready.token;
326 return autofs4_wait_release(sbi, token, 0);
327 }
328
329 /*
330 * Send "fail" status for an existing wait (either a mount or an expire
331 * request).
332 */
autofs_dev_ioctl_fail(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)333 static int autofs_dev_ioctl_fail(struct file *fp,
334 struct autofs_sb_info *sbi,
335 struct autofs_dev_ioctl *param)
336 {
337 autofs_wqt_t token;
338 int status;
339
340 token = (autofs_wqt_t) param->fail.token;
341 status = param->fail.status ? param->fail.status : -ENOENT;
342 return autofs4_wait_release(sbi, token, status);
343 }
344
345 /*
346 * Set the pipe fd for kernel communication to the daemon.
347 *
348 * Normally this is set at mount using an option but if we
349 * are reconnecting to a busy mount then we need to use this
350 * to tell the autofs mount about the new kernel pipe fd. In
351 * order to protect mounts against incorrectly setting the
352 * pipefd we also require that the autofs mount be catatonic.
353 *
354 * This also sets the process group id used to identify the
355 * controlling process (eg. the owning automount(8) daemon).
356 */
autofs_dev_ioctl_setpipefd(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)357 static int autofs_dev_ioctl_setpipefd(struct file *fp,
358 struct autofs_sb_info *sbi,
359 struct autofs_dev_ioctl *param)
360 {
361 int pipefd;
362 int err = 0;
363
364 if (param->setpipefd.pipefd == -1)
365 return -EINVAL;
366
367 pipefd = param->setpipefd.pipefd;
368
369 mutex_lock(&sbi->wq_mutex);
370 if (!sbi->catatonic) {
371 mutex_unlock(&sbi->wq_mutex);
372 return -EBUSY;
373 } else {
374 struct file *pipe = fget(pipefd);
375 if (!pipe) {
376 err = -EBADF;
377 goto out;
378 }
379 if (autofs_prepare_pipe(pipe) < 0) {
380 err = -EPIPE;
381 fput(pipe);
382 goto out;
383 }
384 sbi->oz_pgrp = task_pgrp_nr(current);
385 sbi->pipefd = pipefd;
386 sbi->pipe = pipe;
387 sbi->catatonic = 0;
388 }
389 out:
390 mutex_unlock(&sbi->wq_mutex);
391 return err;
392 }
393
394 /*
395 * Make the autofs mount point catatonic, no longer responsive to
396 * mount requests. Also closes the kernel pipe file descriptor.
397 */
autofs_dev_ioctl_catatonic(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)398 static int autofs_dev_ioctl_catatonic(struct file *fp,
399 struct autofs_sb_info *sbi,
400 struct autofs_dev_ioctl *param)
401 {
402 autofs4_catatonic_mode(sbi);
403 return 0;
404 }
405
406 /* Set the autofs mount timeout */
autofs_dev_ioctl_timeout(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)407 static int autofs_dev_ioctl_timeout(struct file *fp,
408 struct autofs_sb_info *sbi,
409 struct autofs_dev_ioctl *param)
410 {
411 unsigned long timeout;
412
413 timeout = param->timeout.timeout;
414 param->timeout.timeout = sbi->exp_timeout / HZ;
415 sbi->exp_timeout = timeout * HZ;
416 return 0;
417 }
418
419 /*
420 * Return the uid and gid of the last request for the mount
421 *
422 * When reconstructing an autofs mount tree with active mounts
423 * we need to re-connect to mounts that may have used the original
424 * process uid and gid (or string variations of them) for mount
425 * lookups within the map entry.
426 */
autofs_dev_ioctl_requester(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)427 static int autofs_dev_ioctl_requester(struct file *fp,
428 struct autofs_sb_info *sbi,
429 struct autofs_dev_ioctl *param)
430 {
431 struct autofs_info *ino;
432 struct path path;
433 dev_t devid;
434 int err = -ENOENT;
435
436 if (param->size <= sizeof(*param)) {
437 err = -EINVAL;
438 goto out;
439 }
440
441 devid = sbi->sb->s_dev;
442
443 param->requester.uid = param->requester.gid = -1;
444
445 err = find_autofs_mount(param->path, &path, test_by_dev, &devid);
446 if (err)
447 goto out;
448
449 ino = autofs4_dentry_ino(path.dentry);
450 if (ino) {
451 err = 0;
452 autofs4_expire_wait(path.dentry);
453 spin_lock(&sbi->fs_lock);
454 param->requester.uid = ino->uid;
455 param->requester.gid = ino->gid;
456 spin_unlock(&sbi->fs_lock);
457 }
458 path_put(&path);
459 out:
460 return err;
461 }
462
463 /*
464 * Call repeatedly until it returns -EAGAIN, meaning there's nothing
465 * more that can be done.
466 */
autofs_dev_ioctl_expire(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)467 static int autofs_dev_ioctl_expire(struct file *fp,
468 struct autofs_sb_info *sbi,
469 struct autofs_dev_ioctl *param)
470 {
471 struct vfsmount *mnt;
472 int how;
473
474 how = param->expire.how;
475 mnt = fp->f_path.mnt;
476
477 return autofs4_do_expire_multi(sbi->sb, mnt, sbi, how);
478 }
479
480 /* Check if autofs mount point is in use */
autofs_dev_ioctl_askumount(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)481 static int autofs_dev_ioctl_askumount(struct file *fp,
482 struct autofs_sb_info *sbi,
483 struct autofs_dev_ioctl *param)
484 {
485 param->askumount.may_umount = 0;
486 if (may_umount(fp->f_path.mnt))
487 param->askumount.may_umount = 1;
488 return 0;
489 }
490
491 /*
492 * Check if the given path is a mountpoint.
493 *
494 * If we are supplied with the file descriptor of an autofs
495 * mount we're looking for a specific mount. In this case
496 * the path is considered a mountpoint if it is itself a
497 * mountpoint or contains a mount, such as a multi-mount
498 * without a root mount. In this case we return 1 if the
499 * path is a mount point and the super magic of the covering
500 * mount if there is one or 0 if it isn't a mountpoint.
501 *
502 * If we aren't supplied with a file descriptor then we
503 * lookup the nameidata of the path and check if it is the
504 * root of a mount. If a type is given we are looking for
505 * a particular autofs mount and if we don't find a match
506 * we return fail. If the located nameidata path is the
507 * root of a mount we return 1 along with the super magic
508 * of the mount or 0 otherwise.
509 *
510 * In both cases the the device number (as returned by
511 * new_encode_dev()) is also returned.
512 */
autofs_dev_ioctl_ismountpoint(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)513 static int autofs_dev_ioctl_ismountpoint(struct file *fp,
514 struct autofs_sb_info *sbi,
515 struct autofs_dev_ioctl *param)
516 {
517 struct path path;
518 const char *name;
519 unsigned int type;
520 unsigned int devid, magic;
521 int err = -ENOENT;
522
523 if (param->size <= sizeof(*param)) {
524 err = -EINVAL;
525 goto out;
526 }
527
528 name = param->path;
529 type = param->ismountpoint.in.type;
530
531 param->ismountpoint.out.devid = devid = 0;
532 param->ismountpoint.out.magic = magic = 0;
533
534 if (!fp || param->ioctlfd == -1) {
535 if (autofs_type_any(type))
536 err = kern_path(name, LOOKUP_FOLLOW, &path);
537 else
538 err = find_autofs_mount(name, &path, test_by_type, &type);
539 if (err)
540 goto out;
541 devid = new_encode_dev(path.dentry->d_sb->s_dev);
542 err = 0;
543 if (path.mnt->mnt_root == path.dentry) {
544 err = 1;
545 magic = path.dentry->d_sb->s_magic;
546 }
547 } else {
548 dev_t dev = sbi->sb->s_dev;
549
550 err = find_autofs_mount(name, &path, test_by_dev, &dev);
551 if (err)
552 goto out;
553
554 devid = new_encode_dev(dev);
555
556 err = have_submounts(path.dentry);
557
558 if (follow_down_one(&path))
559 magic = path.dentry->d_sb->s_magic;
560 }
561
562 param->ismountpoint.out.devid = devid;
563 param->ismountpoint.out.magic = magic;
564 path_put(&path);
565 out:
566 return err;
567 }
568
569 /*
570 * Our range of ioctl numbers isn't 0 based so we need to shift
571 * the array index by _IOC_NR(AUTOFS_CTL_IOC_FIRST) for the table
572 * lookup.
573 */
574 #define cmd_idx(cmd) (cmd - _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST))
575
lookup_dev_ioctl(unsigned int cmd)576 static ioctl_fn lookup_dev_ioctl(unsigned int cmd)
577 {
578 static struct {
579 int cmd;
580 ioctl_fn fn;
581 } _ioctls[] = {
582 {cmd_idx(AUTOFS_DEV_IOCTL_VERSION_CMD), NULL},
583 {cmd_idx(AUTOFS_DEV_IOCTL_PROTOVER_CMD),
584 autofs_dev_ioctl_protover},
585 {cmd_idx(AUTOFS_DEV_IOCTL_PROTOSUBVER_CMD),
586 autofs_dev_ioctl_protosubver},
587 {cmd_idx(AUTOFS_DEV_IOCTL_OPENMOUNT_CMD),
588 autofs_dev_ioctl_openmount},
589 {cmd_idx(AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD),
590 autofs_dev_ioctl_closemount},
591 {cmd_idx(AUTOFS_DEV_IOCTL_READY_CMD),
592 autofs_dev_ioctl_ready},
593 {cmd_idx(AUTOFS_DEV_IOCTL_FAIL_CMD),
594 autofs_dev_ioctl_fail},
595 {cmd_idx(AUTOFS_DEV_IOCTL_SETPIPEFD_CMD),
596 autofs_dev_ioctl_setpipefd},
597 {cmd_idx(AUTOFS_DEV_IOCTL_CATATONIC_CMD),
598 autofs_dev_ioctl_catatonic},
599 {cmd_idx(AUTOFS_DEV_IOCTL_TIMEOUT_CMD),
600 autofs_dev_ioctl_timeout},
601 {cmd_idx(AUTOFS_DEV_IOCTL_REQUESTER_CMD),
602 autofs_dev_ioctl_requester},
603 {cmd_idx(AUTOFS_DEV_IOCTL_EXPIRE_CMD),
604 autofs_dev_ioctl_expire},
605 {cmd_idx(AUTOFS_DEV_IOCTL_ASKUMOUNT_CMD),
606 autofs_dev_ioctl_askumount},
607 {cmd_idx(AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD),
608 autofs_dev_ioctl_ismountpoint}
609 };
610 unsigned int idx = cmd_idx(cmd);
611
612 return (idx >= ARRAY_SIZE(_ioctls)) ? NULL : _ioctls[idx].fn;
613 }
614
615 /* ioctl dispatcher */
_autofs_dev_ioctl(unsigned int command,struct autofs_dev_ioctl __user * user)616 static int _autofs_dev_ioctl(unsigned int command, struct autofs_dev_ioctl __user *user)
617 {
618 struct autofs_dev_ioctl *param;
619 struct file *fp;
620 struct autofs_sb_info *sbi;
621 unsigned int cmd_first, cmd;
622 ioctl_fn fn = NULL;
623 int err = 0;
624
625 /* only root can play with this */
626 if (!capable(CAP_SYS_ADMIN))
627 return -EPERM;
628
629 cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST);
630 cmd = _IOC_NR(command);
631
632 if (_IOC_TYPE(command) != _IOC_TYPE(AUTOFS_DEV_IOCTL_IOC_FIRST) ||
633 cmd - cmd_first >= AUTOFS_DEV_IOCTL_IOC_COUNT) {
634 return -ENOTTY;
635 }
636
637 /* Copy the parameters into kernel space. */
638 param = copy_dev_ioctl(user);
639 if (IS_ERR(param))
640 return PTR_ERR(param);
641
642 err = validate_dev_ioctl(command, param);
643 if (err)
644 goto out;
645
646 /* The validate routine above always sets the version */
647 if (cmd == AUTOFS_DEV_IOCTL_VERSION_CMD)
648 goto done;
649
650 fn = lookup_dev_ioctl(cmd);
651 if (!fn) {
652 AUTOFS_WARN("unknown command 0x%08x", command);
653 return -ENOTTY;
654 }
655
656 fp = NULL;
657 sbi = NULL;
658
659 /*
660 * For obvious reasons the openmount can't have a file
661 * descriptor yet. We don't take a reference to the
662 * file during close to allow for immediate release.
663 */
664 if (cmd != AUTOFS_DEV_IOCTL_OPENMOUNT_CMD &&
665 cmd != AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD) {
666 fp = fget(param->ioctlfd);
667 if (!fp) {
668 if (cmd == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD)
669 goto cont;
670 err = -EBADF;
671 goto out;
672 }
673
674 if (!fp->f_op) {
675 err = -ENOTTY;
676 fput(fp);
677 goto out;
678 }
679
680 sbi = autofs_dev_ioctl_sbi(fp);
681 if (!sbi || sbi->magic != AUTOFS_SBI_MAGIC) {
682 err = -EINVAL;
683 fput(fp);
684 goto out;
685 }
686
687 /*
688 * Admin needs to be able to set the mount catatonic in
689 * order to be able to perform the re-open.
690 */
691 if (!autofs4_oz_mode(sbi) &&
692 cmd != AUTOFS_DEV_IOCTL_CATATONIC_CMD) {
693 err = -EACCES;
694 fput(fp);
695 goto out;
696 }
697 }
698 cont:
699 err = fn(fp, sbi, param);
700
701 if (fp)
702 fput(fp);
703 done:
704 if (err >= 0 && copy_to_user(user, param, AUTOFS_DEV_IOCTL_SIZE))
705 err = -EFAULT;
706 out:
707 free_dev_ioctl(param);
708 return err;
709 }
710
autofs_dev_ioctl(struct file * file,uint command,ulong u)711 static long autofs_dev_ioctl(struct file *file, uint command, ulong u)
712 {
713 int err;
714 err = _autofs_dev_ioctl(command, (struct autofs_dev_ioctl __user *) u);
715 return (long) err;
716 }
717
718 #ifdef CONFIG_COMPAT
autofs_dev_ioctl_compat(struct file * file,uint command,ulong u)719 static long autofs_dev_ioctl_compat(struct file *file, uint command, ulong u)
720 {
721 return (long) autofs_dev_ioctl(file, command, (ulong) compat_ptr(u));
722 }
723 #else
724 #define autofs_dev_ioctl_compat NULL
725 #endif
726
727 static const struct file_operations _dev_ioctl_fops = {
728 .unlocked_ioctl = autofs_dev_ioctl,
729 .compat_ioctl = autofs_dev_ioctl_compat,
730 .owner = THIS_MODULE,
731 .llseek = noop_llseek,
732 };
733
734 static struct miscdevice _autofs_dev_ioctl_misc = {
735 .minor = AUTOFS_MINOR,
736 .name = AUTOFS_DEVICE_NAME,
737 .fops = &_dev_ioctl_fops
738 };
739
740 MODULE_ALIAS_MISCDEV(AUTOFS_MINOR);
741 MODULE_ALIAS("devname:autofs");
742
743 /* Register/deregister misc character device */
autofs_dev_ioctl_init(void)744 int autofs_dev_ioctl_init(void)
745 {
746 int r;
747
748 r = misc_register(&_autofs_dev_ioctl_misc);
749 if (r) {
750 AUTOFS_ERROR("misc_register failed for control device");
751 return r;
752 }
753
754 return 0;
755 }
756
autofs_dev_ioctl_exit(void)757 void autofs_dev_ioctl_exit(void)
758 {
759 misc_deregister(&_autofs_dev_ioctl_misc);
760 return;
761 }
762
763