1 /*
2 * Copyright 2008 Red Hat, Inc. All rights reserved.
3 * Copyright 2008 Ian Kent <raven@themaw.net>
4 *
5 * This file is part of the Linux kernel and is made available under
6 * the terms of the GNU General Public License, version 2, or at your
7 * option, any later version, incorporated herein by reference.
8 */
9
10 #include <linux/module.h>
11 #include <linux/vmalloc.h>
12 #include <linux/miscdevice.h>
13 #include <linux/init.h>
14 #include <linux/wait.h>
15 #include <linux/namei.h>
16 #include <linux/fcntl.h>
17 #include <linux/file.h>
18 #include <linux/fdtable.h>
19 #include <linux/sched.h>
20 #include <linux/compat.h>
21 #include <linux/syscalls.h>
22 #include <linux/magic.h>
23 #include <linux/dcache.h>
24 #include <linux/uaccess.h>
25 #include <linux/slab.h>
26
27 #include "autofs_i.h"
28
29 /*
30 * This module implements an interface for routing autofs ioctl control
31 * commands via a miscellaneous device file.
32 *
33 * The alternate interface is needed because we need to be able open
34 * an ioctl file descriptor on an autofs mount that may be covered by
35 * another mount. This situation arises when starting automount(8)
36 * or other user space daemon which uses direct mounts or offset
37 * mounts (used for autofs lazy mount/umount of nested mount trees),
38 * which have been left busy at at service shutdown.
39 */
40
41 #define AUTOFS_DEV_IOCTL_SIZE sizeof(struct autofs_dev_ioctl)
42
43 typedef int (*ioctl_fn)(struct file *, struct autofs_sb_info *,
44 struct autofs_dev_ioctl *);
45
check_name(const char * name)46 static int check_name(const char *name)
47 {
48 if (!strchr(name, '/'))
49 return -EINVAL;
50 return 0;
51 }
52
53 /*
54 * Check a string doesn't overrun the chunk of
55 * memory we copied from user land.
56 */
invalid_str(char * str,size_t size)57 static int invalid_str(char *str, size_t size)
58 {
59 if (memchr(str, 0, size))
60 return 0;
61 return -EINVAL;
62 }
63
64 /*
65 * Check that the user compiled against correct version of autofs
66 * misc device code.
67 *
68 * As well as checking the version compatibility this always copies
69 * the kernel interface version out.
70 */
check_dev_ioctl_version(int cmd,struct autofs_dev_ioctl * param)71 static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
72 {
73 int err = 0;
74
75 if ((AUTOFS_DEV_IOCTL_VERSION_MAJOR != param->ver_major) ||
76 (AUTOFS_DEV_IOCTL_VERSION_MINOR < param->ver_minor)) {
77 AUTOFS_WARN("ioctl control interface version mismatch: "
78 "kernel(%u.%u), user(%u.%u), cmd(%d)",
79 AUTOFS_DEV_IOCTL_VERSION_MAJOR,
80 AUTOFS_DEV_IOCTL_VERSION_MINOR,
81 param->ver_major, param->ver_minor, cmd);
82 err = -EINVAL;
83 }
84
85 /* Fill in the kernel version. */
86 param->ver_major = AUTOFS_DEV_IOCTL_VERSION_MAJOR;
87 param->ver_minor = AUTOFS_DEV_IOCTL_VERSION_MINOR;
88
89 return err;
90 }
91
92 /*
93 * Copy parameter control struct, including a possible path allocated
94 * at the end of the struct.
95 */
copy_dev_ioctl(struct autofs_dev_ioctl __user * in)96 static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
97 {
98 struct autofs_dev_ioctl tmp;
99
100 if (copy_from_user(&tmp, in, sizeof(tmp)))
101 return ERR_PTR(-EFAULT);
102
103 if (tmp.size < sizeof(tmp))
104 return ERR_PTR(-EINVAL);
105
106 return memdup_user(in, tmp.size);
107 }
108
free_dev_ioctl(struct autofs_dev_ioctl * param)109 static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
110 {
111 kfree(param);
112 return;
113 }
114
115 /*
116 * Check sanity of parameter control fields and if a path is present
117 * check that it is terminated and contains at least one "/".
118 */
validate_dev_ioctl(int cmd,struct autofs_dev_ioctl * param)119 static int validate_dev_ioctl(int cmd, struct autofs_dev_ioctl *param)
120 {
121 int err;
122
123 err = check_dev_ioctl_version(cmd, param);
124 if (err) {
125 AUTOFS_WARN("invalid device control module version "
126 "supplied for cmd(0x%08x)", cmd);
127 goto out;
128 }
129
130 if (param->size > sizeof(*param)) {
131 err = invalid_str(param->path, param->size - sizeof(*param));
132 if (err) {
133 AUTOFS_WARN(
134 "path string terminator missing for cmd(0x%08x)",
135 cmd);
136 goto out;
137 }
138
139 err = check_name(param->path);
140 if (err) {
141 AUTOFS_WARN("invalid path supplied for cmd(0x%08x)",
142 cmd);
143 goto out;
144 }
145 }
146
147 err = 0;
148 out:
149 return err;
150 }
151
152 /*
153 * Get the autofs super block info struct from the file opened on
154 * the autofs mount point.
155 */
autofs_dev_ioctl_sbi(struct file * f)156 static struct autofs_sb_info *autofs_dev_ioctl_sbi(struct file *f)
157 {
158 struct autofs_sb_info *sbi = NULL;
159 struct inode *inode;
160
161 if (f) {
162 inode = f->f_path.dentry->d_inode;
163 sbi = autofs4_sbi(inode->i_sb);
164 }
165 return sbi;
166 }
167
168 /* Return autofs module protocol version */
autofs_dev_ioctl_protover(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)169 static int autofs_dev_ioctl_protover(struct file *fp,
170 struct autofs_sb_info *sbi,
171 struct autofs_dev_ioctl *param)
172 {
173 param->protover.version = sbi->version;
174 return 0;
175 }
176
177 /* Return autofs module protocol sub version */
autofs_dev_ioctl_protosubver(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)178 static int autofs_dev_ioctl_protosubver(struct file *fp,
179 struct autofs_sb_info *sbi,
180 struct autofs_dev_ioctl *param)
181 {
182 param->protosubver.sub_version = sbi->sub_version;
183 return 0;
184 }
185
find_autofs_mount(const char * pathname,struct path * res,int test (struct path * path,void * data),void * data)186 static int find_autofs_mount(const char *pathname,
187 struct path *res,
188 int test(struct path *path, void *data),
189 void *data)
190 {
191 struct path path;
192 int err = kern_path(pathname, 0, &path);
193 if (err)
194 return err;
195 err = -ENOENT;
196 while (path.dentry == path.mnt->mnt_root) {
197 if (path.dentry->d_sb->s_magic == AUTOFS_SUPER_MAGIC) {
198 if (test(&path, data)) {
199 path_get(&path);
200 if (!err) /* already found some */
201 path_put(res);
202 *res = path;
203 err = 0;
204 }
205 }
206 if (!follow_up(&path))
207 break;
208 }
209 path_put(&path);
210 return err;
211 }
212
test_by_dev(struct path * path,void * p)213 static int test_by_dev(struct path *path, void *p)
214 {
215 return path->dentry->d_sb->s_dev == *(dev_t *)p;
216 }
217
test_by_type(struct path * path,void * p)218 static int test_by_type(struct path *path, void *p)
219 {
220 struct autofs_info *ino = autofs4_dentry_ino(path->dentry);
221 return ino && ino->sbi->type & *(unsigned *)p;
222 }
223
autofs_dev_ioctl_fd_install(unsigned int fd,struct file * file)224 static void autofs_dev_ioctl_fd_install(unsigned int fd, struct file *file)
225 {
226 struct files_struct *files = current->files;
227 struct fdtable *fdt;
228
229 spin_lock(&files->file_lock);
230 fdt = files_fdtable(files);
231 BUG_ON(fdt->fd[fd] != NULL);
232 rcu_assign_pointer(fdt->fd[fd], file);
233 FD_SET(fd, fdt->close_on_exec);
234 spin_unlock(&files->file_lock);
235 }
236
237
238 /*
239 * Open a file descriptor on the autofs mount point corresponding
240 * to the given path and device number (aka. new_encode_dev(sb->s_dev)).
241 */
autofs_dev_ioctl_open_mountpoint(const char * name,dev_t devid)242 static int autofs_dev_ioctl_open_mountpoint(const char *name, dev_t devid)
243 {
244 int err, fd;
245
246 fd = get_unused_fd();
247 if (likely(fd >= 0)) {
248 struct file *filp;
249 struct path path;
250
251 err = find_autofs_mount(name, &path, test_by_dev, &devid);
252 if (err)
253 goto out;
254
255 /*
256 * Find autofs super block that has the device number
257 * corresponding to the autofs fs we want to open.
258 */
259
260 filp = dentry_open(path.dentry, path.mnt, O_RDONLY,
261 current_cred());
262 if (IS_ERR(filp)) {
263 err = PTR_ERR(filp);
264 goto out;
265 }
266
267 autofs_dev_ioctl_fd_install(fd, filp);
268 }
269
270 return fd;
271
272 out:
273 put_unused_fd(fd);
274 return err;
275 }
276
277 /* Open a file descriptor on an autofs mount point */
autofs_dev_ioctl_openmount(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)278 static int autofs_dev_ioctl_openmount(struct file *fp,
279 struct autofs_sb_info *sbi,
280 struct autofs_dev_ioctl *param)
281 {
282 const char *path;
283 dev_t devid;
284 int err, fd;
285
286 /* param->path has already been checked */
287 if (!param->openmount.devid)
288 return -EINVAL;
289
290 param->ioctlfd = -1;
291
292 path = param->path;
293 devid = new_decode_dev(param->openmount.devid);
294
295 err = 0;
296 fd = autofs_dev_ioctl_open_mountpoint(path, devid);
297 if (unlikely(fd < 0)) {
298 err = fd;
299 goto out;
300 }
301
302 param->ioctlfd = fd;
303 out:
304 return err;
305 }
306
307 /* Close file descriptor allocated above (user can also use close(2)). */
autofs_dev_ioctl_closemount(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)308 static int autofs_dev_ioctl_closemount(struct file *fp,
309 struct autofs_sb_info *sbi,
310 struct autofs_dev_ioctl *param)
311 {
312 return sys_close(param->ioctlfd);
313 }
314
315 /*
316 * Send "ready" status for an existing wait (either a mount or an expire
317 * request).
318 */
autofs_dev_ioctl_ready(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)319 static int autofs_dev_ioctl_ready(struct file *fp,
320 struct autofs_sb_info *sbi,
321 struct autofs_dev_ioctl *param)
322 {
323 autofs_wqt_t token;
324
325 token = (autofs_wqt_t) param->ready.token;
326 return autofs4_wait_release(sbi, token, 0);
327 }
328
329 /*
330 * Send "fail" status for an existing wait (either a mount or an expire
331 * request).
332 */
autofs_dev_ioctl_fail(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)333 static int autofs_dev_ioctl_fail(struct file *fp,
334 struct autofs_sb_info *sbi,
335 struct autofs_dev_ioctl *param)
336 {
337 autofs_wqt_t token;
338 int status;
339
340 token = (autofs_wqt_t) param->fail.token;
341 status = param->fail.status ? param->fail.status : -ENOENT;
342 return autofs4_wait_release(sbi, token, status);
343 }
344
345 /*
346 * Set the pipe fd for kernel communication to the daemon.
347 *
348 * Normally this is set at mount using an option but if we
349 * are reconnecting to a busy mount then we need to use this
350 * to tell the autofs mount about the new kernel pipe fd. In
351 * order to protect mounts against incorrectly setting the
352 * pipefd we also require that the autofs mount be catatonic.
353 *
354 * This also sets the process group id used to identify the
355 * controlling process (eg. the owning automount(8) daemon).
356 */
autofs_dev_ioctl_setpipefd(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)357 static int autofs_dev_ioctl_setpipefd(struct file *fp,
358 struct autofs_sb_info *sbi,
359 struct autofs_dev_ioctl *param)
360 {
361 int pipefd;
362 int err = 0;
363
364 if (param->setpipefd.pipefd == -1)
365 return -EINVAL;
366
367 pipefd = param->setpipefd.pipefd;
368
369 mutex_lock(&sbi->wq_mutex);
370 if (!sbi->catatonic) {
371 mutex_unlock(&sbi->wq_mutex);
372 return -EBUSY;
373 } else {
374 struct file *pipe = fget(pipefd);
375 if (!pipe) {
376 err = -EBADF;
377 goto out;
378 }
379 if (!pipe->f_op || !pipe->f_op->write) {
380 err = -EPIPE;
381 fput(pipe);
382 goto out;
383 }
384 sbi->oz_pgrp = task_pgrp_nr(current);
385 sbi->pipefd = pipefd;
386 sbi->pipe = pipe;
387 sbi->catatonic = 0;
388 sbi->compat_daemon = is_compat_task();
389 }
390 out:
391 mutex_unlock(&sbi->wq_mutex);
392 return err;
393 }
394
395 /*
396 * Make the autofs mount point catatonic, no longer responsive to
397 * mount requests. Also closes the kernel pipe file descriptor.
398 */
autofs_dev_ioctl_catatonic(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)399 static int autofs_dev_ioctl_catatonic(struct file *fp,
400 struct autofs_sb_info *sbi,
401 struct autofs_dev_ioctl *param)
402 {
403 autofs4_catatonic_mode(sbi);
404 return 0;
405 }
406
407 /* Set the autofs mount timeout */
autofs_dev_ioctl_timeout(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)408 static int autofs_dev_ioctl_timeout(struct file *fp,
409 struct autofs_sb_info *sbi,
410 struct autofs_dev_ioctl *param)
411 {
412 unsigned long timeout;
413
414 timeout = param->timeout.timeout;
415 param->timeout.timeout = sbi->exp_timeout / HZ;
416 sbi->exp_timeout = timeout * HZ;
417 return 0;
418 }
419
420 /*
421 * Return the uid and gid of the last request for the mount
422 *
423 * When reconstructing an autofs mount tree with active mounts
424 * we need to re-connect to mounts that may have used the original
425 * process uid and gid (or string variations of them) for mount
426 * lookups within the map entry.
427 */
autofs_dev_ioctl_requester(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)428 static int autofs_dev_ioctl_requester(struct file *fp,
429 struct autofs_sb_info *sbi,
430 struct autofs_dev_ioctl *param)
431 {
432 struct autofs_info *ino;
433 struct path path;
434 dev_t devid;
435 int err = -ENOENT;
436
437 if (param->size <= sizeof(*param)) {
438 err = -EINVAL;
439 goto out;
440 }
441
442 devid = sbi->sb->s_dev;
443
444 param->requester.uid = param->requester.gid = -1;
445
446 err = find_autofs_mount(param->path, &path, test_by_dev, &devid);
447 if (err)
448 goto out;
449
450 ino = autofs4_dentry_ino(path.dentry);
451 if (ino) {
452 err = 0;
453 autofs4_expire_wait(path.dentry);
454 spin_lock(&sbi->fs_lock);
455 param->requester.uid = ino->uid;
456 param->requester.gid = ino->gid;
457 spin_unlock(&sbi->fs_lock);
458 }
459 path_put(&path);
460 out:
461 return err;
462 }
463
464 /*
465 * Call repeatedly until it returns -EAGAIN, meaning there's nothing
466 * more that can be done.
467 */
autofs_dev_ioctl_expire(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)468 static int autofs_dev_ioctl_expire(struct file *fp,
469 struct autofs_sb_info *sbi,
470 struct autofs_dev_ioctl *param)
471 {
472 struct vfsmount *mnt;
473 int how;
474
475 how = param->expire.how;
476 mnt = fp->f_path.mnt;
477
478 return autofs4_do_expire_multi(sbi->sb, mnt, sbi, how);
479 }
480
481 /* Check if autofs mount point is in use */
autofs_dev_ioctl_askumount(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)482 static int autofs_dev_ioctl_askumount(struct file *fp,
483 struct autofs_sb_info *sbi,
484 struct autofs_dev_ioctl *param)
485 {
486 param->askumount.may_umount = 0;
487 if (may_umount(fp->f_path.mnt))
488 param->askumount.may_umount = 1;
489 return 0;
490 }
491
492 /*
493 * Check if the given path is a mountpoint.
494 *
495 * If we are supplied with the file descriptor of an autofs
496 * mount we're looking for a specific mount. In this case
497 * the path is considered a mountpoint if it is itself a
498 * mountpoint or contains a mount, such as a multi-mount
499 * without a root mount. In this case we return 1 if the
500 * path is a mount point and the super magic of the covering
501 * mount if there is one or 0 if it isn't a mountpoint.
502 *
503 * If we aren't supplied with a file descriptor then we
504 * lookup the nameidata of the path and check if it is the
505 * root of a mount. If a type is given we are looking for
506 * a particular autofs mount and if we don't find a match
507 * we return fail. If the located nameidata path is the
508 * root of a mount we return 1 along with the super magic
509 * of the mount or 0 otherwise.
510 *
511 * In both cases the the device number (as returned by
512 * new_encode_dev()) is also returned.
513 */
autofs_dev_ioctl_ismountpoint(struct file * fp,struct autofs_sb_info * sbi,struct autofs_dev_ioctl * param)514 static int autofs_dev_ioctl_ismountpoint(struct file *fp,
515 struct autofs_sb_info *sbi,
516 struct autofs_dev_ioctl *param)
517 {
518 struct path path;
519 const char *name;
520 unsigned int type;
521 unsigned int devid, magic;
522 int err = -ENOENT;
523
524 if (param->size <= sizeof(*param)) {
525 err = -EINVAL;
526 goto out;
527 }
528
529 name = param->path;
530 type = param->ismountpoint.in.type;
531
532 param->ismountpoint.out.devid = devid = 0;
533 param->ismountpoint.out.magic = magic = 0;
534
535 if (!fp || param->ioctlfd == -1) {
536 if (autofs_type_any(type))
537 err = kern_path(name, LOOKUP_FOLLOW, &path);
538 else
539 err = find_autofs_mount(name, &path, test_by_type, &type);
540 if (err)
541 goto out;
542 devid = new_encode_dev(path.dentry->d_sb->s_dev);
543 err = 0;
544 if (path.mnt->mnt_root == path.dentry) {
545 err = 1;
546 magic = path.dentry->d_sb->s_magic;
547 }
548 } else {
549 dev_t dev = sbi->sb->s_dev;
550
551 err = find_autofs_mount(name, &path, test_by_dev, &dev);
552 if (err)
553 goto out;
554
555 devid = new_encode_dev(dev);
556
557 err = have_submounts(path.dentry);
558
559 if (follow_down_one(&path))
560 magic = path.dentry->d_sb->s_magic;
561 }
562
563 param->ismountpoint.out.devid = devid;
564 param->ismountpoint.out.magic = magic;
565 path_put(&path);
566 out:
567 return err;
568 }
569
570 /*
571 * Our range of ioctl numbers isn't 0 based so we need to shift
572 * the array index by _IOC_NR(AUTOFS_CTL_IOC_FIRST) for the table
573 * lookup.
574 */
575 #define cmd_idx(cmd) (cmd - _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST))
576
lookup_dev_ioctl(unsigned int cmd)577 static ioctl_fn lookup_dev_ioctl(unsigned int cmd)
578 {
579 static struct {
580 int cmd;
581 ioctl_fn fn;
582 } _ioctls[] = {
583 {cmd_idx(AUTOFS_DEV_IOCTL_VERSION_CMD), NULL},
584 {cmd_idx(AUTOFS_DEV_IOCTL_PROTOVER_CMD),
585 autofs_dev_ioctl_protover},
586 {cmd_idx(AUTOFS_DEV_IOCTL_PROTOSUBVER_CMD),
587 autofs_dev_ioctl_protosubver},
588 {cmd_idx(AUTOFS_DEV_IOCTL_OPENMOUNT_CMD),
589 autofs_dev_ioctl_openmount},
590 {cmd_idx(AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD),
591 autofs_dev_ioctl_closemount},
592 {cmd_idx(AUTOFS_DEV_IOCTL_READY_CMD),
593 autofs_dev_ioctl_ready},
594 {cmd_idx(AUTOFS_DEV_IOCTL_FAIL_CMD),
595 autofs_dev_ioctl_fail},
596 {cmd_idx(AUTOFS_DEV_IOCTL_SETPIPEFD_CMD),
597 autofs_dev_ioctl_setpipefd},
598 {cmd_idx(AUTOFS_DEV_IOCTL_CATATONIC_CMD),
599 autofs_dev_ioctl_catatonic},
600 {cmd_idx(AUTOFS_DEV_IOCTL_TIMEOUT_CMD),
601 autofs_dev_ioctl_timeout},
602 {cmd_idx(AUTOFS_DEV_IOCTL_REQUESTER_CMD),
603 autofs_dev_ioctl_requester},
604 {cmd_idx(AUTOFS_DEV_IOCTL_EXPIRE_CMD),
605 autofs_dev_ioctl_expire},
606 {cmd_idx(AUTOFS_DEV_IOCTL_ASKUMOUNT_CMD),
607 autofs_dev_ioctl_askumount},
608 {cmd_idx(AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD),
609 autofs_dev_ioctl_ismountpoint}
610 };
611 unsigned int idx = cmd_idx(cmd);
612
613 return (idx >= ARRAY_SIZE(_ioctls)) ? NULL : _ioctls[idx].fn;
614 }
615
616 /* ioctl dispatcher */
_autofs_dev_ioctl(unsigned int command,struct autofs_dev_ioctl __user * user)617 static int _autofs_dev_ioctl(unsigned int command, struct autofs_dev_ioctl __user *user)
618 {
619 struct autofs_dev_ioctl *param;
620 struct file *fp;
621 struct autofs_sb_info *sbi;
622 unsigned int cmd_first, cmd;
623 ioctl_fn fn = NULL;
624 int err = 0;
625
626 /* only root can play with this */
627 if (!capable(CAP_SYS_ADMIN))
628 return -EPERM;
629
630 cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST);
631 cmd = _IOC_NR(command);
632
633 if (_IOC_TYPE(command) != _IOC_TYPE(AUTOFS_DEV_IOCTL_IOC_FIRST) ||
634 cmd - cmd_first >= AUTOFS_DEV_IOCTL_IOC_COUNT) {
635 return -ENOTTY;
636 }
637
638 /* Copy the parameters into kernel space. */
639 param = copy_dev_ioctl(user);
640 if (IS_ERR(param))
641 return PTR_ERR(param);
642
643 err = validate_dev_ioctl(command, param);
644 if (err)
645 goto out;
646
647 /* The validate routine above always sets the version */
648 if (cmd == AUTOFS_DEV_IOCTL_VERSION_CMD)
649 goto done;
650
651 fn = lookup_dev_ioctl(cmd);
652 if (!fn) {
653 AUTOFS_WARN("unknown command 0x%08x", command);
654 return -ENOTTY;
655 }
656
657 fp = NULL;
658 sbi = NULL;
659
660 /*
661 * For obvious reasons the openmount can't have a file
662 * descriptor yet. We don't take a reference to the
663 * file during close to allow for immediate release.
664 */
665 if (cmd != AUTOFS_DEV_IOCTL_OPENMOUNT_CMD &&
666 cmd != AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD) {
667 fp = fget(param->ioctlfd);
668 if (!fp) {
669 if (cmd == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD)
670 goto cont;
671 err = -EBADF;
672 goto out;
673 }
674
675 if (!fp->f_op) {
676 err = -ENOTTY;
677 fput(fp);
678 goto out;
679 }
680
681 sbi = autofs_dev_ioctl_sbi(fp);
682 if (!sbi || sbi->magic != AUTOFS_SBI_MAGIC) {
683 err = -EINVAL;
684 fput(fp);
685 goto out;
686 }
687
688 /*
689 * Admin needs to be able to set the mount catatonic in
690 * order to be able to perform the re-open.
691 */
692 if (!autofs4_oz_mode(sbi) &&
693 cmd != AUTOFS_DEV_IOCTL_CATATONIC_CMD) {
694 err = -EACCES;
695 fput(fp);
696 goto out;
697 }
698 }
699 cont:
700 err = fn(fp, sbi, param);
701
702 if (fp)
703 fput(fp);
704 done:
705 if (err >= 0 && copy_to_user(user, param, AUTOFS_DEV_IOCTL_SIZE))
706 err = -EFAULT;
707 out:
708 free_dev_ioctl(param);
709 return err;
710 }
711
autofs_dev_ioctl(struct file * file,uint command,ulong u)712 static long autofs_dev_ioctl(struct file *file, uint command, ulong u)
713 {
714 int err;
715 err = _autofs_dev_ioctl(command, (struct autofs_dev_ioctl __user *) u);
716 return (long) err;
717 }
718
719 #ifdef CONFIG_COMPAT
autofs_dev_ioctl_compat(struct file * file,uint command,ulong u)720 static long autofs_dev_ioctl_compat(struct file *file, uint command, ulong u)
721 {
722 return (long) autofs_dev_ioctl(file, command, (ulong) compat_ptr(u));
723 }
724 #else
725 #define autofs_dev_ioctl_compat NULL
726 #endif
727
728 static const struct file_operations _dev_ioctl_fops = {
729 .unlocked_ioctl = autofs_dev_ioctl,
730 .compat_ioctl = autofs_dev_ioctl_compat,
731 .owner = THIS_MODULE,
732 .llseek = noop_llseek,
733 };
734
735 static struct miscdevice _autofs_dev_ioctl_misc = {
736 .minor = AUTOFS_MINOR,
737 .name = AUTOFS_DEVICE_NAME,
738 .fops = &_dev_ioctl_fops
739 };
740
741 MODULE_ALIAS_MISCDEV(AUTOFS_MINOR);
742 MODULE_ALIAS("devname:autofs");
743
744 /* Register/deregister misc character device */
autofs_dev_ioctl_init(void)745 int autofs_dev_ioctl_init(void)
746 {
747 int r;
748
749 r = misc_register(&_autofs_dev_ioctl_misc);
750 if (r) {
751 AUTOFS_ERROR("misc_register failed for control device");
752 return r;
753 }
754
755 return 0;
756 }
757
autofs_dev_ioctl_exit(void)758 void autofs_dev_ioctl_exit(void)
759 {
760 misc_deregister(&_autofs_dev_ioctl_misc);
761 return;
762 }
763
764