1 /* 2 * Copyright 1997-1998 Transmeta Corporation -- All Rights Reserved 3 * Copyright 2001-2006 Ian Kent <raven@themaw.net> 4 * 5 * This file is part of the Linux kernel and is made available under 6 * the terms of the GNU General Public License, version 2, or at your 7 * option, any later version, incorporated herein by reference. 8 */ 9 10 #include <linux/sched/signal.h> 11 #include "autofs_i.h" 12 13 /* We make this a static variable rather than a part of the superblock; it 14 * is better if we don't reassign numbers easily even across filesystems 15 */ 16 static autofs_wqt_t autofs_next_wait_queue = 1; 17 18 void autofs_catatonic_mode(struct autofs_sb_info *sbi) 19 { 20 struct autofs_wait_queue *wq, *nwq; 21 22 mutex_lock(&sbi->wq_mutex); 23 if (sbi->catatonic) { 24 mutex_unlock(&sbi->wq_mutex); 25 return; 26 } 27 28 pr_debug("entering catatonic mode\n"); 29 30 sbi->catatonic = 1; 31 wq = sbi->queues; 32 sbi->queues = NULL; /* Erase all wait queues */ 33 while (wq) { 34 nwq = wq->next; 35 wq->status = -ENOENT; /* Magic is gone - report failure */ 36 kfree(wq->name.name); 37 wq->name.name = NULL; 38 wq->wait_ctr--; 39 wake_up_interruptible(&wq->queue); 40 wq = nwq; 41 } 42 fput(sbi->pipe); /* Close the pipe */ 43 sbi->pipe = NULL; 44 sbi->pipefd = -1; 45 mutex_unlock(&sbi->wq_mutex); 46 } 47 48 static int autofs_write(struct autofs_sb_info *sbi, 49 struct file *file, const void *addr, int bytes) 50 { 51 unsigned long sigpipe, flags; 52 const char *data = (const char *)addr; 53 ssize_t wr = 0; 54 55 sigpipe = sigismember(¤t->pending.signal, SIGPIPE); 56 57 mutex_lock(&sbi->pipe_mutex); 58 while (bytes) { 59 wr = __kernel_write(file, data, bytes, &file->f_pos); 60 if (wr <= 0) 61 break; 62 data += wr; 63 bytes -= wr; 64 } 65 mutex_unlock(&sbi->pipe_mutex); 66 67 /* Keep the currently executing process from receiving a 68 * SIGPIPE unless it was already supposed to get one 69 */ 70 if (wr == -EPIPE && !sigpipe) { 71 spin_lock_irqsave(¤t->sighand->siglock, flags); 72 sigdelset(¤t->pending.signal, SIGPIPE); 73 recalc_sigpending(); 74 spin_unlock_irqrestore(¤t->sighand->siglock, flags); 75 } 76 77 /* if 'wr' returned 0 (impossible) we assume -EIO (safe) */ 78 return bytes == 0 ? 0 : wr < 0 ? wr : -EIO; 79 } 80 81 static void autofs_notify_daemon(struct autofs_sb_info *sbi, 82 struct autofs_wait_queue *wq, 83 int type) 84 { 85 union { 86 struct autofs_packet_hdr hdr; 87 union autofs_packet_union v4_pkt; 88 union autofs_v5_packet_union v5_pkt; 89 } pkt; 90 struct file *pipe = NULL; 91 size_t pktsz; 92 int ret; 93 94 pr_debug("wait id = 0x%08lx, name = %.*s, type=%d\n", 95 (unsigned long) wq->wait_queue_token, 96 wq->name.len, wq->name.name, type); 97 98 memset(&pkt, 0, sizeof(pkt)); /* For security reasons */ 99 100 pkt.hdr.proto_version = sbi->version; 101 pkt.hdr.type = type; 102 103 switch (type) { 104 /* Kernel protocol v4 missing and expire packets */ 105 case autofs_ptype_missing: 106 { 107 struct autofs_packet_missing *mp = &pkt.v4_pkt.missing; 108 109 pktsz = sizeof(*mp); 110 111 mp->wait_queue_token = wq->wait_queue_token; 112 mp->len = wq->name.len; 113 memcpy(mp->name, wq->name.name, wq->name.len); 114 mp->name[wq->name.len] = '\0'; 115 break; 116 } 117 case autofs_ptype_expire_multi: 118 { 119 struct autofs_packet_expire_multi *ep = 120 &pkt.v4_pkt.expire_multi; 121 122 pktsz = sizeof(*ep); 123 124 ep->wait_queue_token = wq->wait_queue_token; 125 ep->len = wq->name.len; 126 memcpy(ep->name, wq->name.name, wq->name.len); 127 ep->name[wq->name.len] = '\0'; 128 break; 129 } 130 /* 131 * Kernel protocol v5 packet for handling indirect and direct 132 * mount missing and expire requests 133 */ 134 case autofs_ptype_missing_indirect: 135 case autofs_ptype_expire_indirect: 136 case autofs_ptype_missing_direct: 137 case autofs_ptype_expire_direct: 138 { 139 struct autofs_v5_packet *packet = &pkt.v5_pkt.v5_packet; 140 struct user_namespace *user_ns = sbi->pipe->f_cred->user_ns; 141 142 pktsz = sizeof(*packet); 143 144 packet->wait_queue_token = wq->wait_queue_token; 145 packet->len = wq->name.len; 146 memcpy(packet->name, wq->name.name, wq->name.len); 147 packet->name[wq->name.len] = '\0'; 148 packet->dev = wq->dev; 149 packet->ino = wq->ino; 150 packet->uid = from_kuid_munged(user_ns, wq->uid); 151 packet->gid = from_kgid_munged(user_ns, wq->gid); 152 packet->pid = wq->pid; 153 packet->tgid = wq->tgid; 154 break; 155 } 156 default: 157 pr_warn("bad type %d!\n", type); 158 mutex_unlock(&sbi->wq_mutex); 159 return; 160 } 161 162 pipe = get_file(sbi->pipe); 163 164 mutex_unlock(&sbi->wq_mutex); 165 166 switch (ret = autofs_write(sbi, pipe, &pkt, pktsz)) { 167 case 0: 168 break; 169 case -ENOMEM: 170 case -ERESTARTSYS: 171 /* Just fail this one */ 172 autofs_wait_release(sbi, wq->wait_queue_token, ret); 173 break; 174 default: 175 autofs_catatonic_mode(sbi); 176 break; 177 } 178 fput(pipe); 179 } 180 181 static int autofs_getpath(struct autofs_sb_info *sbi, 182 struct dentry *dentry, char *name) 183 { 184 struct dentry *root = sbi->sb->s_root; 185 struct dentry *tmp; 186 char *buf; 187 char *p; 188 int len; 189 unsigned seq; 190 191 rename_retry: 192 buf = name; 193 len = 0; 194 195 seq = read_seqbegin(&rename_lock); 196 rcu_read_lock(); 197 spin_lock(&sbi->fs_lock); 198 for (tmp = dentry ; tmp != root ; tmp = tmp->d_parent) 199 len += tmp->d_name.len + 1; 200 201 if (!len || --len > NAME_MAX) { 202 spin_unlock(&sbi->fs_lock); 203 rcu_read_unlock(); 204 if (read_seqretry(&rename_lock, seq)) 205 goto rename_retry; 206 return 0; 207 } 208 209 *(buf + len) = '\0'; 210 p = buf + len - dentry->d_name.len; 211 strncpy(p, dentry->d_name.name, dentry->d_name.len); 212 213 for (tmp = dentry->d_parent; tmp != root ; tmp = tmp->d_parent) { 214 *(--p) = '/'; 215 p -= tmp->d_name.len; 216 strncpy(p, tmp->d_name.name, tmp->d_name.len); 217 } 218 spin_unlock(&sbi->fs_lock); 219 rcu_read_unlock(); 220 if (read_seqretry(&rename_lock, seq)) 221 goto rename_retry; 222 223 return len; 224 } 225 226 static struct autofs_wait_queue * 227 autofs_find_wait(struct autofs_sb_info *sbi, const struct qstr *qstr) 228 { 229 struct autofs_wait_queue *wq; 230 231 for (wq = sbi->queues; wq; wq = wq->next) { 232 if (wq->name.hash == qstr->hash && 233 wq->name.len == qstr->len && 234 wq->name.name && 235 !memcmp(wq->name.name, qstr->name, qstr->len)) 236 break; 237 } 238 return wq; 239 } 240 241 /* 242 * Check if we have a valid request. 243 * Returns 244 * 1 if the request should continue. 245 * In this case we can return an autofs_wait_queue entry if one is 246 * found or NULL to idicate a new wait needs to be created. 247 * 0 or a negative errno if the request shouldn't continue. 248 */ 249 static int validate_request(struct autofs_wait_queue **wait, 250 struct autofs_sb_info *sbi, 251 const struct qstr *qstr, 252 const struct path *path, enum autofs_notify notify) 253 { 254 struct dentry *dentry = path->dentry; 255 struct autofs_wait_queue *wq; 256 struct autofs_info *ino; 257 258 if (sbi->catatonic) 259 return -ENOENT; 260 261 /* Wait in progress, continue; */ 262 wq = autofs_find_wait(sbi, qstr); 263 if (wq) { 264 *wait = wq; 265 return 1; 266 } 267 268 *wait = NULL; 269 270 /* If we don't yet have any info this is a new request */ 271 ino = autofs_dentry_ino(dentry); 272 if (!ino) 273 return 1; 274 275 /* 276 * If we've been asked to wait on an existing expire (NFY_NONE) 277 * but there is no wait in the queue ... 278 */ 279 if (notify == NFY_NONE) { 280 /* 281 * Either we've betean the pending expire to post it's 282 * wait or it finished while we waited on the mutex. 283 * So we need to wait till either, the wait appears 284 * or the expire finishes. 285 */ 286 287 while (ino->flags & AUTOFS_INF_EXPIRING) { 288 mutex_unlock(&sbi->wq_mutex); 289 schedule_timeout_interruptible(HZ/10); 290 if (mutex_lock_interruptible(&sbi->wq_mutex)) 291 return -EINTR; 292 293 if (sbi->catatonic) 294 return -ENOENT; 295 296 wq = autofs_find_wait(sbi, qstr); 297 if (wq) { 298 *wait = wq; 299 return 1; 300 } 301 } 302 303 /* 304 * Not ideal but the status has already gone. Of the two 305 * cases where we wait on NFY_NONE neither depend on the 306 * return status of the wait. 307 */ 308 return 0; 309 } 310 311 /* 312 * If we've been asked to trigger a mount and the request 313 * completed while we waited on the mutex ... 314 */ 315 if (notify == NFY_MOUNT) { 316 struct dentry *new = NULL; 317 struct path this; 318 int valid = 1; 319 320 /* 321 * If the dentry was successfully mounted while we slept 322 * on the wait queue mutex we can return success. If it 323 * isn't mounted (doesn't have submounts for the case of 324 * a multi-mount with no mount at it's base) we can 325 * continue on and create a new request. 326 */ 327 if (!IS_ROOT(dentry)) { 328 if (d_unhashed(dentry) && 329 d_really_is_positive(dentry)) { 330 struct dentry *parent = dentry->d_parent; 331 332 new = d_lookup(parent, &dentry->d_name); 333 if (new) 334 dentry = new; 335 } 336 } 337 this.mnt = path->mnt; 338 this.dentry = dentry; 339 if (path_has_submounts(&this)) 340 valid = 0; 341 342 if (new) 343 dput(new); 344 return valid; 345 } 346 347 return 1; 348 } 349 350 int autofs_wait(struct autofs_sb_info *sbi, 351 const struct path *path, enum autofs_notify notify) 352 { 353 struct dentry *dentry = path->dentry; 354 struct autofs_wait_queue *wq; 355 struct qstr qstr; 356 char *name; 357 int status, ret, type; 358 pid_t pid; 359 pid_t tgid; 360 361 /* In catatonic mode, we don't wait for nobody */ 362 if (sbi->catatonic) 363 return -ENOENT; 364 365 /* 366 * Try translating pids to the namespace of the daemon. 367 * 368 * Zero means failure: we are in an unrelated pid namespace. 369 */ 370 pid = task_pid_nr_ns(current, ns_of_pid(sbi->oz_pgrp)); 371 tgid = task_tgid_nr_ns(current, ns_of_pid(sbi->oz_pgrp)); 372 if (pid == 0 || tgid == 0) 373 return -ENOENT; 374 375 if (d_really_is_negative(dentry)) { 376 /* 377 * A wait for a negative dentry is invalid for certain 378 * cases. A direct or offset mount "always" has its mount 379 * point directory created and so the request dentry must 380 * be positive or the map key doesn't exist. The situation 381 * is very similar for indirect mounts except only dentrys 382 * in the root of the autofs file system may be negative. 383 */ 384 if (autofs_type_trigger(sbi->type)) 385 return -ENOENT; 386 else if (!IS_ROOT(dentry->d_parent)) 387 return -ENOENT; 388 } 389 390 name = kmalloc(NAME_MAX + 1, GFP_KERNEL); 391 if (!name) 392 return -ENOMEM; 393 394 /* If this is a direct mount request create a dummy name */ 395 if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type)) 396 qstr.len = sprintf(name, "%p", dentry); 397 else { 398 qstr.len = autofs_getpath(sbi, dentry, name); 399 if (!qstr.len) { 400 kfree(name); 401 return -ENOENT; 402 } 403 } 404 qstr.name = name; 405 qstr.hash = full_name_hash(dentry, name, qstr.len); 406 407 if (mutex_lock_interruptible(&sbi->wq_mutex)) { 408 kfree(qstr.name); 409 return -EINTR; 410 } 411 412 ret = validate_request(&wq, sbi, &qstr, path, notify); 413 if (ret <= 0) { 414 if (ret != -EINTR) 415 mutex_unlock(&sbi->wq_mutex); 416 kfree(qstr.name); 417 return ret; 418 } 419 420 if (!wq) { 421 /* Create a new wait queue */ 422 wq = kmalloc(sizeof(struct autofs_wait_queue), GFP_KERNEL); 423 if (!wq) { 424 kfree(qstr.name); 425 mutex_unlock(&sbi->wq_mutex); 426 return -ENOMEM; 427 } 428 429 wq->wait_queue_token = autofs_next_wait_queue; 430 if (++autofs_next_wait_queue == 0) 431 autofs_next_wait_queue = 1; 432 wq->next = sbi->queues; 433 sbi->queues = wq; 434 init_waitqueue_head(&wq->queue); 435 memcpy(&wq->name, &qstr, sizeof(struct qstr)); 436 wq->dev = autofs_get_dev(sbi); 437 wq->ino = autofs_get_ino(sbi); 438 wq->uid = current_uid(); 439 wq->gid = current_gid(); 440 wq->pid = pid; 441 wq->tgid = tgid; 442 wq->status = -EINTR; /* Status return if interrupted */ 443 wq->wait_ctr = 2; 444 445 if (sbi->version < 5) { 446 if (notify == NFY_MOUNT) 447 type = autofs_ptype_missing; 448 else 449 type = autofs_ptype_expire_multi; 450 } else { 451 if (notify == NFY_MOUNT) 452 type = autofs_type_trigger(sbi->type) ? 453 autofs_ptype_missing_direct : 454 autofs_ptype_missing_indirect; 455 else 456 type = autofs_type_trigger(sbi->type) ? 457 autofs_ptype_expire_direct : 458 autofs_ptype_expire_indirect; 459 } 460 461 pr_debug("new wait id = 0x%08lx, name = %.*s, nfy=%d\n", 462 (unsigned long) wq->wait_queue_token, wq->name.len, 463 wq->name.name, notify); 464 465 /* 466 * autofs_notify_daemon() may block; it will unlock ->wq_mutex 467 */ 468 autofs_notify_daemon(sbi, wq, type); 469 } else { 470 wq->wait_ctr++; 471 pr_debug("existing wait id = 0x%08lx, name = %.*s, nfy=%d\n", 472 (unsigned long) wq->wait_queue_token, wq->name.len, 473 wq->name.name, notify); 474 mutex_unlock(&sbi->wq_mutex); 475 kfree(qstr.name); 476 } 477 478 /* 479 * wq->name.name is NULL iff the lock is already released 480 * or the mount has been made catatonic. 481 */ 482 wait_event_killable(wq->queue, wq->name.name == NULL); 483 status = wq->status; 484 485 /* 486 * For direct and offset mounts we need to track the requester's 487 * uid and gid in the dentry info struct. This is so it can be 488 * supplied, on request, by the misc device ioctl interface. 489 * This is needed during daemon resatart when reconnecting 490 * to existing, active, autofs mounts. The uid and gid (and 491 * related string values) may be used for macro substitution 492 * in autofs mount maps. 493 */ 494 if (!status) { 495 struct autofs_info *ino; 496 struct dentry *de = NULL; 497 498 /* direct mount or browsable map */ 499 ino = autofs_dentry_ino(dentry); 500 if (!ino) { 501 /* If not lookup actual dentry used */ 502 de = d_lookup(dentry->d_parent, &dentry->d_name); 503 if (de) 504 ino = autofs_dentry_ino(de); 505 } 506 507 /* Set mount requester */ 508 if (ino) { 509 spin_lock(&sbi->fs_lock); 510 ino->uid = wq->uid; 511 ino->gid = wq->gid; 512 spin_unlock(&sbi->fs_lock); 513 } 514 515 if (de) 516 dput(de); 517 } 518 519 /* Are we the last process to need status? */ 520 mutex_lock(&sbi->wq_mutex); 521 if (!--wq->wait_ctr) 522 kfree(wq); 523 mutex_unlock(&sbi->wq_mutex); 524 525 return status; 526 } 527 528 529 int autofs_wait_release(struct autofs_sb_info *sbi, 530 autofs_wqt_t wait_queue_token, int status) 531 { 532 struct autofs_wait_queue *wq, **wql; 533 534 mutex_lock(&sbi->wq_mutex); 535 for (wql = &sbi->queues; (wq = *wql) != NULL; wql = &wq->next) { 536 if (wq->wait_queue_token == wait_queue_token) 537 break; 538 } 539 540 if (!wq) { 541 mutex_unlock(&sbi->wq_mutex); 542 return -EINVAL; 543 } 544 545 *wql = wq->next; /* Unlink from chain */ 546 kfree(wq->name.name); 547 wq->name.name = NULL; /* Do not wait on this queue */ 548 wq->status = status; 549 wake_up(&wq->queue); 550 if (!--wq->wait_ctr) 551 kfree(wq); 552 mutex_unlock(&sbi->wq_mutex); 553 554 return 0; 555 } 556