1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright 1997-1998 Transmeta Corporation -- All Rights Reserved 4 * Copyright 1999-2000 Jeremy Fitzhardinge <jeremy@goop.org> 5 * Copyright 2001-2006 Ian Kent <raven@themaw.net> 6 */ 7 8 #include <linux/capability.h> 9 #include <linux/compat.h> 10 11 #include "autofs_i.h" 12 13 static int autofs_dir_symlink(struct user_namespace *, struct inode *, 14 struct dentry *, const char *); 15 static int autofs_dir_unlink(struct inode *, struct dentry *); 16 static int autofs_dir_rmdir(struct inode *, struct dentry *); 17 static int autofs_dir_mkdir(struct user_namespace *, struct inode *, 18 struct dentry *, umode_t); 19 static long autofs_root_ioctl(struct file *, unsigned int, unsigned long); 20 #ifdef CONFIG_COMPAT 21 static long autofs_root_compat_ioctl(struct file *, 22 unsigned int, unsigned long); 23 #endif 24 static int autofs_dir_open(struct inode *inode, struct file *file); 25 static struct dentry *autofs_lookup(struct inode *, 26 struct dentry *, unsigned int); 27 static struct vfsmount *autofs_d_automount(struct path *); 28 static int autofs_d_manage(const struct path *, bool); 29 static void autofs_dentry_release(struct dentry *); 30 31 const struct file_operations autofs_root_operations = { 32 .open = dcache_dir_open, 33 .release = dcache_dir_close, 34 .read = generic_read_dir, 35 .iterate_shared = dcache_readdir, 36 .llseek = dcache_dir_lseek, 37 .unlocked_ioctl = autofs_root_ioctl, 38 #ifdef CONFIG_COMPAT 39 .compat_ioctl = autofs_root_compat_ioctl, 40 #endif 41 }; 42 43 const struct file_operations autofs_dir_operations = { 44 .open = autofs_dir_open, 45 .release = dcache_dir_close, 46 .read = generic_read_dir, 47 .iterate_shared = dcache_readdir, 48 .llseek = dcache_dir_lseek, 49 }; 50 51 const struct inode_operations autofs_dir_inode_operations = { 52 .lookup = autofs_lookup, 53 .unlink = autofs_dir_unlink, 54 .symlink = autofs_dir_symlink, 55 .mkdir = autofs_dir_mkdir, 56 .rmdir = autofs_dir_rmdir, 57 }; 58 59 const struct dentry_operations autofs_dentry_operations = { 60 .d_automount = autofs_d_automount, 61 .d_manage = autofs_d_manage, 62 .d_release = autofs_dentry_release, 63 }; 64 65 static void autofs_del_active(struct dentry *dentry) 66 { 67 struct autofs_sb_info *sbi = autofs_sbi(dentry->d_sb); 68 struct autofs_info *ino; 69 70 ino = autofs_dentry_ino(dentry); 71 spin_lock(&sbi->lookup_lock); 72 list_del_init(&ino->active); 73 spin_unlock(&sbi->lookup_lock); 74 } 75 76 static int autofs_dir_open(struct inode *inode, struct file *file) 77 { 78 struct dentry *dentry = file->f_path.dentry; 79 struct autofs_sb_info *sbi = autofs_sbi(dentry->d_sb); 80 81 pr_debug("file=%p dentry=%p %pd\n", file, dentry, dentry); 82 83 if (autofs_oz_mode(sbi)) 84 goto out; 85 86 /* 87 * An empty directory in an autofs file system is always a 88 * mount point. The daemon must have failed to mount this 89 * during lookup so it doesn't exist. This can happen, for 90 * example, if user space returns an incorrect status for a 91 * mount request. Otherwise we're doing a readdir on the 92 * autofs file system so just let the libfs routines handle 93 * it. 94 */ 95 spin_lock(&sbi->lookup_lock); 96 if (!path_is_mountpoint(&file->f_path) && simple_empty(dentry)) { 97 spin_unlock(&sbi->lookup_lock); 98 return -ENOENT; 99 } 100 spin_unlock(&sbi->lookup_lock); 101 102 out: 103 return dcache_dir_open(inode, file); 104 } 105 106 static void autofs_dentry_release(struct dentry *de) 107 { 108 struct autofs_info *ino = autofs_dentry_ino(de); 109 struct autofs_sb_info *sbi = autofs_sbi(de->d_sb); 110 111 pr_debug("releasing %p\n", de); 112 113 if (!ino) 114 return; 115 116 if (sbi) { 117 spin_lock(&sbi->lookup_lock); 118 if (!list_empty(&ino->active)) 119 list_del(&ino->active); 120 if (!list_empty(&ino->expiring)) 121 list_del(&ino->expiring); 122 spin_unlock(&sbi->lookup_lock); 123 } 124 125 autofs_free_ino(ino); 126 } 127 128 static struct dentry *autofs_lookup_active(struct dentry *dentry) 129 { 130 struct autofs_sb_info *sbi = autofs_sbi(dentry->d_sb); 131 struct dentry *parent = dentry->d_parent; 132 const struct qstr *name = &dentry->d_name; 133 unsigned int len = name->len; 134 unsigned int hash = name->hash; 135 const unsigned char *str = name->name; 136 struct list_head *p, *head; 137 138 head = &sbi->active_list; 139 if (list_empty(head)) 140 return NULL; 141 spin_lock(&sbi->lookup_lock); 142 list_for_each(p, head) { 143 struct autofs_info *ino; 144 struct dentry *active; 145 const struct qstr *qstr; 146 147 ino = list_entry(p, struct autofs_info, active); 148 active = ino->dentry; 149 150 spin_lock(&active->d_lock); 151 152 /* Already gone? */ 153 if ((int) d_count(active) <= 0) 154 goto next; 155 156 qstr = &active->d_name; 157 158 if (active->d_name.hash != hash) 159 goto next; 160 if (active->d_parent != parent) 161 goto next; 162 163 if (qstr->len != len) 164 goto next; 165 if (memcmp(qstr->name, str, len)) 166 goto next; 167 168 if (d_unhashed(active)) { 169 dget_dlock(active); 170 spin_unlock(&active->d_lock); 171 spin_unlock(&sbi->lookup_lock); 172 return active; 173 } 174 next: 175 spin_unlock(&active->d_lock); 176 } 177 spin_unlock(&sbi->lookup_lock); 178 179 return NULL; 180 } 181 182 static struct dentry *autofs_lookup_expiring(struct dentry *dentry, 183 bool rcu_walk) 184 { 185 struct autofs_sb_info *sbi = autofs_sbi(dentry->d_sb); 186 struct dentry *parent = dentry->d_parent; 187 const struct qstr *name = &dentry->d_name; 188 unsigned int len = name->len; 189 unsigned int hash = name->hash; 190 const unsigned char *str = name->name; 191 struct list_head *p, *head; 192 193 head = &sbi->expiring_list; 194 if (list_empty(head)) 195 return NULL; 196 spin_lock(&sbi->lookup_lock); 197 list_for_each(p, head) { 198 struct autofs_info *ino; 199 struct dentry *expiring; 200 const struct qstr *qstr; 201 202 if (rcu_walk) { 203 spin_unlock(&sbi->lookup_lock); 204 return ERR_PTR(-ECHILD); 205 } 206 207 ino = list_entry(p, struct autofs_info, expiring); 208 expiring = ino->dentry; 209 210 spin_lock(&expiring->d_lock); 211 212 /* We've already been dentry_iput or unlinked */ 213 if (d_really_is_negative(expiring)) 214 goto next; 215 216 qstr = &expiring->d_name; 217 218 if (expiring->d_name.hash != hash) 219 goto next; 220 if (expiring->d_parent != parent) 221 goto next; 222 223 if (qstr->len != len) 224 goto next; 225 if (memcmp(qstr->name, str, len)) 226 goto next; 227 228 if (d_unhashed(expiring)) { 229 dget_dlock(expiring); 230 spin_unlock(&expiring->d_lock); 231 spin_unlock(&sbi->lookup_lock); 232 return expiring; 233 } 234 next: 235 spin_unlock(&expiring->d_lock); 236 } 237 spin_unlock(&sbi->lookup_lock); 238 239 return NULL; 240 } 241 242 static int autofs_mount_wait(const struct path *path, bool rcu_walk) 243 { 244 struct autofs_sb_info *sbi = autofs_sbi(path->dentry->d_sb); 245 struct autofs_info *ino = autofs_dentry_ino(path->dentry); 246 int status = 0; 247 248 if (ino->flags & AUTOFS_INF_PENDING) { 249 if (rcu_walk) 250 return -ECHILD; 251 pr_debug("waiting for mount name=%pd\n", path->dentry); 252 status = autofs_wait(sbi, path, NFY_MOUNT); 253 pr_debug("mount wait done status=%d\n", status); 254 ino->last_used = jiffies; 255 return status; 256 } 257 if (!(sbi->flags & AUTOFS_SBI_STRICTEXPIRE)) 258 ino->last_used = jiffies; 259 return status; 260 } 261 262 static int do_expire_wait(const struct path *path, bool rcu_walk) 263 { 264 struct dentry *dentry = path->dentry; 265 struct dentry *expiring; 266 267 expiring = autofs_lookup_expiring(dentry, rcu_walk); 268 if (IS_ERR(expiring)) 269 return PTR_ERR(expiring); 270 if (!expiring) 271 return autofs_expire_wait(path, rcu_walk); 272 else { 273 const struct path this = { .mnt = path->mnt, .dentry = expiring }; 274 /* 275 * If we are racing with expire the request might not 276 * be quite complete, but the directory has been removed 277 * so it must have been successful, just wait for it. 278 */ 279 autofs_expire_wait(&this, 0); 280 autofs_del_expiring(expiring); 281 dput(expiring); 282 } 283 return 0; 284 } 285 286 static struct dentry *autofs_mountpoint_changed(struct path *path) 287 { 288 struct dentry *dentry = path->dentry; 289 struct autofs_sb_info *sbi = autofs_sbi(dentry->d_sb); 290 291 /* 292 * If this is an indirect mount the dentry could have gone away 293 * as a result of an expire and a new one created. 294 */ 295 if (autofs_type_indirect(sbi->type) && d_unhashed(dentry)) { 296 struct dentry *parent = dentry->d_parent; 297 struct autofs_info *ino; 298 struct dentry *new; 299 300 new = d_lookup(parent, &dentry->d_name); 301 if (!new) 302 return NULL; 303 ino = autofs_dentry_ino(new); 304 ino->last_used = jiffies; 305 dput(path->dentry); 306 path->dentry = new; 307 } 308 return path->dentry; 309 } 310 311 static struct vfsmount *autofs_d_automount(struct path *path) 312 { 313 struct dentry *dentry = path->dentry; 314 struct autofs_sb_info *sbi = autofs_sbi(dentry->d_sb); 315 struct autofs_info *ino = autofs_dentry_ino(dentry); 316 int status; 317 318 pr_debug("dentry=%p %pd\n", dentry, dentry); 319 320 /* The daemon never triggers a mount. */ 321 if (autofs_oz_mode(sbi)) 322 return NULL; 323 324 /* 325 * If an expire request is pending everyone must wait. 326 * If the expire fails we're still mounted so continue 327 * the follow and return. A return of -EAGAIN (which only 328 * happens with indirect mounts) means the expire completed 329 * and the directory was removed, so just go ahead and try 330 * the mount. 331 */ 332 status = do_expire_wait(path, 0); 333 if (status && status != -EAGAIN) 334 return NULL; 335 336 /* Callback to the daemon to perform the mount or wait */ 337 spin_lock(&sbi->fs_lock); 338 if (ino->flags & AUTOFS_INF_PENDING) { 339 spin_unlock(&sbi->fs_lock); 340 status = autofs_mount_wait(path, 0); 341 if (status) 342 return ERR_PTR(status); 343 goto done; 344 } 345 346 /* 347 * If the dentry is a symlink it's equivalent to a directory 348 * having path_is_mountpoint() true, so there's no need to call 349 * back to the daemon. 350 */ 351 if (d_really_is_positive(dentry) && d_is_symlink(dentry)) { 352 spin_unlock(&sbi->fs_lock); 353 goto done; 354 } 355 356 if (!path_is_mountpoint(path)) { 357 /* 358 * It's possible that user space hasn't removed directories 359 * after umounting a rootless multi-mount, although it 360 * should. For v5 path_has_submounts() is sufficient to 361 * handle this because the leaves of the directory tree under 362 * the mount never trigger mounts themselves (they have an 363 * autofs trigger mount mounted on them). But v4 pseudo direct 364 * mounts do need the leaves to trigger mounts. In this case 365 * we have no choice but to use the list_empty() check and 366 * require user space behave. 367 */ 368 if (sbi->version > 4) { 369 if (path_has_submounts(path)) { 370 spin_unlock(&sbi->fs_lock); 371 goto done; 372 } 373 } else { 374 if (!simple_empty(dentry)) { 375 spin_unlock(&sbi->fs_lock); 376 goto done; 377 } 378 } 379 ino->flags |= AUTOFS_INF_PENDING; 380 spin_unlock(&sbi->fs_lock); 381 status = autofs_mount_wait(path, 0); 382 spin_lock(&sbi->fs_lock); 383 ino->flags &= ~AUTOFS_INF_PENDING; 384 if (status) { 385 spin_unlock(&sbi->fs_lock); 386 return ERR_PTR(status); 387 } 388 } 389 spin_unlock(&sbi->fs_lock); 390 done: 391 /* Mount succeeded, check if we ended up with a new dentry */ 392 dentry = autofs_mountpoint_changed(path); 393 if (!dentry) 394 return ERR_PTR(-ENOENT); 395 396 return NULL; 397 } 398 399 static int autofs_d_manage(const struct path *path, bool rcu_walk) 400 { 401 struct dentry *dentry = path->dentry; 402 struct autofs_sb_info *sbi = autofs_sbi(dentry->d_sb); 403 struct autofs_info *ino = autofs_dentry_ino(dentry); 404 int status; 405 406 pr_debug("dentry=%p %pd\n", dentry, dentry); 407 408 /* The daemon never waits. */ 409 if (autofs_oz_mode(sbi)) { 410 if (!path_is_mountpoint(path)) 411 return -EISDIR; 412 return 0; 413 } 414 415 /* Wait for pending expires */ 416 if (do_expire_wait(path, rcu_walk) == -ECHILD) 417 return -ECHILD; 418 419 /* 420 * This dentry may be under construction so wait on mount 421 * completion. 422 */ 423 status = autofs_mount_wait(path, rcu_walk); 424 if (status) 425 return status; 426 427 if (rcu_walk) { 428 /* We don't need fs_lock in rcu_walk mode, 429 * just testing 'AUTOFS_INFO_NO_RCU' is enough. 430 * simple_empty() takes a spinlock, so leave it 431 * to last. 432 * We only return -EISDIR when certain this isn't 433 * a mount-trap. 434 */ 435 struct inode *inode; 436 437 if (ino->flags & AUTOFS_INF_WANT_EXPIRE) 438 return 0; 439 if (path_is_mountpoint(path)) 440 return 0; 441 inode = d_inode_rcu(dentry); 442 if (inode && S_ISLNK(inode->i_mode)) 443 return -EISDIR; 444 if (list_empty(&dentry->d_subdirs)) 445 return 0; 446 if (!simple_empty(dentry)) 447 return -EISDIR; 448 return 0; 449 } 450 451 spin_lock(&sbi->fs_lock); 452 /* 453 * If the dentry has been selected for expire while we slept 454 * on the lock then it might go away. We'll deal with that in 455 * ->d_automount() and wait on a new mount if the expire 456 * succeeds or return here if it doesn't (since there's no 457 * mount to follow with a rootless multi-mount). 458 */ 459 if (!(ino->flags & AUTOFS_INF_EXPIRING)) { 460 /* 461 * Any needed mounting has been completed and the path 462 * updated so check if this is a rootless multi-mount so 463 * we can avoid needless calls ->d_automount() and avoid 464 * an incorrect ELOOP error return. 465 */ 466 if ((!path_is_mountpoint(path) && !simple_empty(dentry)) || 467 (d_really_is_positive(dentry) && d_is_symlink(dentry))) 468 status = -EISDIR; 469 } 470 spin_unlock(&sbi->fs_lock); 471 472 return status; 473 } 474 475 /* Lookups in the root directory */ 476 static struct dentry *autofs_lookup(struct inode *dir, 477 struct dentry *dentry, unsigned int flags) 478 { 479 struct autofs_sb_info *sbi; 480 struct autofs_info *ino; 481 struct dentry *active; 482 483 pr_debug("name = %pd\n", dentry); 484 485 /* File name too long to exist */ 486 if (dentry->d_name.len > NAME_MAX) 487 return ERR_PTR(-ENAMETOOLONG); 488 489 sbi = autofs_sbi(dir->i_sb); 490 491 pr_debug("pid = %u, pgrp = %u, catatonic = %d, oz_mode = %d\n", 492 current->pid, task_pgrp_nr(current), 493 sbi->flags & AUTOFS_SBI_CATATONIC, 494 autofs_oz_mode(sbi)); 495 496 active = autofs_lookup_active(dentry); 497 if (active) 498 return active; 499 else { 500 /* 501 * A dentry that is not within the root can never trigger a 502 * mount operation, unless the directory already exists, so we 503 * can return fail immediately. The daemon however does need 504 * to create directories within the file system. 505 */ 506 if (!autofs_oz_mode(sbi) && !IS_ROOT(dentry->d_parent)) 507 return ERR_PTR(-ENOENT); 508 509 ino = autofs_new_ino(sbi); 510 if (!ino) 511 return ERR_PTR(-ENOMEM); 512 513 spin_lock(&sbi->lookup_lock); 514 spin_lock(&dentry->d_lock); 515 /* Mark entries in the root as mount triggers */ 516 if (IS_ROOT(dentry->d_parent) && 517 autofs_type_indirect(sbi->type)) 518 __managed_dentry_set_managed(dentry); 519 dentry->d_fsdata = ino; 520 ino->dentry = dentry; 521 522 list_add(&ino->active, &sbi->active_list); 523 spin_unlock(&sbi->lookup_lock); 524 spin_unlock(&dentry->d_lock); 525 } 526 return NULL; 527 } 528 529 static int autofs_dir_symlink(struct user_namespace *mnt_userns, 530 struct inode *dir, struct dentry *dentry, 531 const char *symname) 532 { 533 struct autofs_sb_info *sbi = autofs_sbi(dir->i_sb); 534 struct autofs_info *ino = autofs_dentry_ino(dentry); 535 struct autofs_info *p_ino; 536 struct inode *inode; 537 size_t size = strlen(symname); 538 char *cp; 539 540 pr_debug("%s <- %pd\n", symname, dentry); 541 542 if (!autofs_oz_mode(sbi)) 543 return -EACCES; 544 545 /* autofs_oz_mode() needs to allow path walks when the 546 * autofs mount is catatonic but the state of an autofs 547 * file system needs to be preserved over restarts. 548 */ 549 if (sbi->flags & AUTOFS_SBI_CATATONIC) 550 return -EACCES; 551 552 BUG_ON(!ino); 553 554 autofs_clean_ino(ino); 555 556 autofs_del_active(dentry); 557 558 cp = kmalloc(size + 1, GFP_KERNEL); 559 if (!cp) 560 return -ENOMEM; 561 562 strcpy(cp, symname); 563 564 inode = autofs_get_inode(dir->i_sb, S_IFLNK | 0555); 565 if (!inode) { 566 kfree(cp); 567 return -ENOMEM; 568 } 569 inode->i_private = cp; 570 inode->i_size = size; 571 d_add(dentry, inode); 572 573 dget(dentry); 574 ino->count++; 575 p_ino = autofs_dentry_ino(dentry->d_parent); 576 p_ino->count++; 577 578 dir->i_mtime = current_time(dir); 579 580 return 0; 581 } 582 583 /* 584 * NOTE! 585 * 586 * Normal filesystems would do a "d_delete()" to tell the VFS dcache 587 * that the file no longer exists. However, doing that means that the 588 * VFS layer can turn the dentry into a negative dentry. We don't want 589 * this, because the unlink is probably the result of an expire. 590 * We simply d_drop it and add it to a expiring list in the super block, 591 * which allows the dentry lookup to check for an incomplete expire. 592 * 593 * If a process is blocked on the dentry waiting for the expire to finish, 594 * it will invalidate the dentry and try to mount with a new one. 595 * 596 * Also see autofs_dir_rmdir().. 597 */ 598 static int autofs_dir_unlink(struct inode *dir, struct dentry *dentry) 599 { 600 struct autofs_sb_info *sbi = autofs_sbi(dir->i_sb); 601 struct autofs_info *ino = autofs_dentry_ino(dentry); 602 struct autofs_info *p_ino; 603 604 if (!autofs_oz_mode(sbi)) 605 return -EACCES; 606 607 /* autofs_oz_mode() needs to allow path walks when the 608 * autofs mount is catatonic but the state of an autofs 609 * file system needs to be preserved over restarts. 610 */ 611 if (sbi->flags & AUTOFS_SBI_CATATONIC) 612 return -EACCES; 613 614 ino->count--; 615 p_ino = autofs_dentry_ino(dentry->d_parent); 616 p_ino->count--; 617 dput(ino->dentry); 618 619 d_inode(dentry)->i_size = 0; 620 clear_nlink(d_inode(dentry)); 621 622 dir->i_mtime = current_time(dir); 623 624 spin_lock(&sbi->lookup_lock); 625 __autofs_add_expiring(dentry); 626 d_drop(dentry); 627 spin_unlock(&sbi->lookup_lock); 628 629 return 0; 630 } 631 632 /* 633 * Version 4 of autofs provides a pseudo direct mount implementation 634 * that relies on directories at the leaves of a directory tree under 635 * an indirect mount to trigger mounts. To allow for this we need to 636 * set the DMANAGED_AUTOMOUNT and DMANAGED_TRANSIT flags on the leaves 637 * of the directory tree. There is no need to clear the automount flag 638 * following a mount or restore it after an expire because these mounts 639 * are always covered. However, it is necessary to ensure that these 640 * flags are clear on non-empty directories to avoid unnecessary calls 641 * during path walks. 642 */ 643 static void autofs_set_leaf_automount_flags(struct dentry *dentry) 644 { 645 struct dentry *parent; 646 647 /* root and dentrys in the root are already handled */ 648 if (IS_ROOT(dentry->d_parent)) 649 return; 650 651 managed_dentry_set_managed(dentry); 652 653 parent = dentry->d_parent; 654 /* only consider parents below dentrys in the root */ 655 if (IS_ROOT(parent->d_parent)) 656 return; 657 managed_dentry_clear_managed(parent); 658 } 659 660 static void autofs_clear_leaf_automount_flags(struct dentry *dentry) 661 { 662 struct dentry *parent; 663 664 /* flags for dentrys in the root are handled elsewhere */ 665 if (IS_ROOT(dentry->d_parent)) 666 return; 667 668 managed_dentry_clear_managed(dentry); 669 670 parent = dentry->d_parent; 671 /* only consider parents below dentrys in the root */ 672 if (IS_ROOT(parent->d_parent)) 673 return; 674 if (autofs_dentry_ino(parent)->count == 2) 675 managed_dentry_set_managed(parent); 676 } 677 678 static int autofs_dir_rmdir(struct inode *dir, struct dentry *dentry) 679 { 680 struct autofs_sb_info *sbi = autofs_sbi(dir->i_sb); 681 struct autofs_info *ino = autofs_dentry_ino(dentry); 682 struct autofs_info *p_ino; 683 684 pr_debug("dentry %p, removing %pd\n", dentry, dentry); 685 686 if (!autofs_oz_mode(sbi)) 687 return -EACCES; 688 689 /* autofs_oz_mode() needs to allow path walks when the 690 * autofs mount is catatonic but the state of an autofs 691 * file system needs to be preserved over restarts. 692 */ 693 if (sbi->flags & AUTOFS_SBI_CATATONIC) 694 return -EACCES; 695 696 if (ino->count != 1) 697 return -ENOTEMPTY; 698 699 spin_lock(&sbi->lookup_lock); 700 __autofs_add_expiring(dentry); 701 d_drop(dentry); 702 spin_unlock(&sbi->lookup_lock); 703 704 if (sbi->version < 5) 705 autofs_clear_leaf_automount_flags(dentry); 706 707 ino->count--; 708 p_ino = autofs_dentry_ino(dentry->d_parent); 709 p_ino->count--; 710 dput(ino->dentry); 711 d_inode(dentry)->i_size = 0; 712 clear_nlink(d_inode(dentry)); 713 714 if (dir->i_nlink) 715 drop_nlink(dir); 716 717 return 0; 718 } 719 720 static int autofs_dir_mkdir(struct user_namespace *mnt_userns, 721 struct inode *dir, struct dentry *dentry, 722 umode_t mode) 723 { 724 struct autofs_sb_info *sbi = autofs_sbi(dir->i_sb); 725 struct autofs_info *ino = autofs_dentry_ino(dentry); 726 struct autofs_info *p_ino; 727 struct inode *inode; 728 729 if (!autofs_oz_mode(sbi)) 730 return -EACCES; 731 732 /* autofs_oz_mode() needs to allow path walks when the 733 * autofs mount is catatonic but the state of an autofs 734 * file system needs to be preserved over restarts. 735 */ 736 if (sbi->flags & AUTOFS_SBI_CATATONIC) 737 return -EACCES; 738 739 pr_debug("dentry %p, creating %pd\n", dentry, dentry); 740 741 BUG_ON(!ino); 742 743 autofs_clean_ino(ino); 744 745 autofs_del_active(dentry); 746 747 inode = autofs_get_inode(dir->i_sb, S_IFDIR | mode); 748 if (!inode) 749 return -ENOMEM; 750 d_add(dentry, inode); 751 752 if (sbi->version < 5) 753 autofs_set_leaf_automount_flags(dentry); 754 755 dget(dentry); 756 ino->count++; 757 p_ino = autofs_dentry_ino(dentry->d_parent); 758 p_ino->count++; 759 inc_nlink(dir); 760 dir->i_mtime = current_time(dir); 761 762 return 0; 763 } 764 765 /* Get/set timeout ioctl() operation */ 766 #ifdef CONFIG_COMPAT 767 static inline int autofs_compat_get_set_timeout(struct autofs_sb_info *sbi, 768 compat_ulong_t __user *p) 769 { 770 unsigned long ntimeout; 771 int rv; 772 773 rv = get_user(ntimeout, p); 774 if (rv) 775 goto error; 776 777 rv = put_user(sbi->exp_timeout/HZ, p); 778 if (rv) 779 goto error; 780 781 if (ntimeout > UINT_MAX/HZ) 782 sbi->exp_timeout = 0; 783 else 784 sbi->exp_timeout = ntimeout * HZ; 785 786 return 0; 787 error: 788 return rv; 789 } 790 #endif 791 792 static inline int autofs_get_set_timeout(struct autofs_sb_info *sbi, 793 unsigned long __user *p) 794 { 795 unsigned long ntimeout; 796 int rv; 797 798 rv = get_user(ntimeout, p); 799 if (rv) 800 goto error; 801 802 rv = put_user(sbi->exp_timeout/HZ, p); 803 if (rv) 804 goto error; 805 806 if (ntimeout > ULONG_MAX/HZ) 807 sbi->exp_timeout = 0; 808 else 809 sbi->exp_timeout = ntimeout * HZ; 810 811 return 0; 812 error: 813 return rv; 814 } 815 816 /* Return protocol version */ 817 static inline int autofs_get_protover(struct autofs_sb_info *sbi, 818 int __user *p) 819 { 820 return put_user(sbi->version, p); 821 } 822 823 /* Return protocol sub version */ 824 static inline int autofs_get_protosubver(struct autofs_sb_info *sbi, 825 int __user *p) 826 { 827 return put_user(sbi->sub_version, p); 828 } 829 830 /* 831 * Tells the daemon whether it can umount the autofs mount. 832 */ 833 static inline int autofs_ask_umount(struct vfsmount *mnt, int __user *p) 834 { 835 int status = 0; 836 837 if (may_umount(mnt)) 838 status = 1; 839 840 pr_debug("may umount %d\n", status); 841 842 status = put_user(status, p); 843 844 return status; 845 } 846 847 /* Identify autofs_dentries - this is so we can tell if there's 848 * an extra dentry refcount or not. We only hold a refcount on the 849 * dentry if its non-negative (ie, d_inode != NULL) 850 */ 851 int is_autofs_dentry(struct dentry *dentry) 852 { 853 return dentry && d_really_is_positive(dentry) && 854 dentry->d_op == &autofs_dentry_operations && 855 dentry->d_fsdata != NULL; 856 } 857 858 /* 859 * ioctl()'s on the root directory is the chief method for the daemon to 860 * generate kernel reactions 861 */ 862 static int autofs_root_ioctl_unlocked(struct inode *inode, struct file *filp, 863 unsigned int cmd, unsigned long arg) 864 { 865 struct autofs_sb_info *sbi = autofs_sbi(inode->i_sb); 866 void __user *p = (void __user *)arg; 867 868 pr_debug("cmd = 0x%08x, arg = 0x%08lx, sbi = %p, pgrp = %u\n", 869 cmd, arg, sbi, task_pgrp_nr(current)); 870 871 if (_IOC_TYPE(cmd) != _IOC_TYPE(AUTOFS_IOC_FIRST) || 872 _IOC_NR(cmd) - _IOC_NR(AUTOFS_IOC_FIRST) >= AUTOFS_IOC_COUNT) 873 return -ENOTTY; 874 875 if (!autofs_oz_mode(sbi) && !capable(CAP_SYS_ADMIN)) 876 return -EPERM; 877 878 switch (cmd) { 879 case AUTOFS_IOC_READY: /* Wait queue: go ahead and retry */ 880 return autofs_wait_release(sbi, (autofs_wqt_t) arg, 0); 881 case AUTOFS_IOC_FAIL: /* Wait queue: fail with ENOENT */ 882 return autofs_wait_release(sbi, (autofs_wqt_t) arg, -ENOENT); 883 case AUTOFS_IOC_CATATONIC: /* Enter catatonic mode (daemon shutdown) */ 884 autofs_catatonic_mode(sbi); 885 return 0; 886 case AUTOFS_IOC_PROTOVER: /* Get protocol version */ 887 return autofs_get_protover(sbi, p); 888 case AUTOFS_IOC_PROTOSUBVER: /* Get protocol sub version */ 889 return autofs_get_protosubver(sbi, p); 890 case AUTOFS_IOC_SETTIMEOUT: 891 return autofs_get_set_timeout(sbi, p); 892 #ifdef CONFIG_COMPAT 893 case AUTOFS_IOC_SETTIMEOUT32: 894 return autofs_compat_get_set_timeout(sbi, p); 895 #endif 896 897 case AUTOFS_IOC_ASKUMOUNT: 898 return autofs_ask_umount(filp->f_path.mnt, p); 899 900 /* return a single thing to expire */ 901 case AUTOFS_IOC_EXPIRE: 902 return autofs_expire_run(inode->i_sb, filp->f_path.mnt, sbi, p); 903 /* same as above, but can send multiple expires through pipe */ 904 case AUTOFS_IOC_EXPIRE_MULTI: 905 return autofs_expire_multi(inode->i_sb, 906 filp->f_path.mnt, sbi, p); 907 908 default: 909 return -EINVAL; 910 } 911 } 912 913 static long autofs_root_ioctl(struct file *filp, 914 unsigned int cmd, unsigned long arg) 915 { 916 struct inode *inode = file_inode(filp); 917 918 return autofs_root_ioctl_unlocked(inode, filp, cmd, arg); 919 } 920 921 #ifdef CONFIG_COMPAT 922 static long autofs_root_compat_ioctl(struct file *filp, 923 unsigned int cmd, unsigned long arg) 924 { 925 struct inode *inode = file_inode(filp); 926 int ret; 927 928 if (cmd == AUTOFS_IOC_READY || cmd == AUTOFS_IOC_FAIL) 929 ret = autofs_root_ioctl_unlocked(inode, filp, cmd, arg); 930 else 931 ret = autofs_root_ioctl_unlocked(inode, filp, cmd, 932 (unsigned long) compat_ptr(arg)); 933 934 return ret; 935 } 936 #endif 937