Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright 2008 Red Hat, Inc. All rights reserved.
4 * Copyright 2008 Ian Kent <raven@themaw.net>
5 */
6
7#include <linux/miscdevice.h>
8#include <linux/compat.h>
9#include <linux/syscalls.h>
10#include <linux/magic.h>
11
12#include "autofs_i.h"
13
14/*
15 * This module implements an interface for routing autofs ioctl control
16 * commands via a miscellaneous device file.
17 *
18 * The alternate interface is needed because we need to be able open
19 * an ioctl file descriptor on an autofs mount that may be covered by
20 * another mount. This situation arises when starting automount(8)
21 * or other user space daemon which uses direct mounts or offset
22 * mounts (used for autofs lazy mount/umount of nested mount trees),
23 * which have been left busy at service shutdown.
24 */
25
26typedef int (*ioctl_fn)(struct file *, struct autofs_sb_info *,
27 struct autofs_dev_ioctl *);
28
29static int check_name(const char *name)
30{
31 if (!strchr(name, '/'))
32 return -EINVAL;
33 return 0;
34}
35
36/*
37 * Check a string doesn't overrun the chunk of
38 * memory we copied from user land.
39 */
40static int invalid_str(char *str, size_t size)
41{
42 if (memchr(str, 0, size))
43 return 0;
44 return -EINVAL;
45}
46
47/*
48 * Check that the user compiled against correct version of autofs
49 * misc device code.
50 *
51 * As well as checking the version compatibility this always copies
52 * the kernel interface version out.
53 */
54static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
55{
56 int err = 0;
57
58 if ((param->ver_major != AUTOFS_DEV_IOCTL_VERSION_MAJOR) ||
59 (param->ver_minor > AUTOFS_DEV_IOCTL_VERSION_MINOR)) {
60 pr_warn("ioctl control interface version mismatch: "
61 "kernel(%u.%u), user(%u.%u), cmd(0x%08x)\n",
62 AUTOFS_DEV_IOCTL_VERSION_MAJOR,
63 AUTOFS_DEV_IOCTL_VERSION_MINOR,
64 param->ver_major, param->ver_minor, cmd);
65 err = -EINVAL;
66 }
67
68 /* Fill in the kernel version. */
69 param->ver_major = AUTOFS_DEV_IOCTL_VERSION_MAJOR;
70 param->ver_minor = AUTOFS_DEV_IOCTL_VERSION_MINOR;
71
72 return err;
73}
74
75/*
76 * Copy parameter control struct, including a possible path allocated
77 * at the end of the struct.
78 */
79static struct autofs_dev_ioctl *
80copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
81{
82 struct autofs_dev_ioctl tmp, *res;
83
84 if (copy_from_user(&tmp, in, AUTOFS_DEV_IOCTL_SIZE))
85 return ERR_PTR(-EFAULT);
86
87 if (tmp.size < AUTOFS_DEV_IOCTL_SIZE)
88 return ERR_PTR(-EINVAL);
89
90 if (tmp.size > AUTOFS_DEV_IOCTL_SIZE + PATH_MAX)
91 return ERR_PTR(-ENAMETOOLONG);
92
93 res = memdup_user(in, tmp.size);
94 if (!IS_ERR(res))
95 res->size = tmp.size;
96
97 return res;
98}
99
100static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
101{
102 kfree(param);
103}
104
105/*
106 * Check sanity of parameter control fields and if a path is present
107 * check that it is terminated and contains at least one "/".
108 */
109static int validate_dev_ioctl(int cmd, struct autofs_dev_ioctl *param)
110{
111 int err;
112
113 err = check_dev_ioctl_version(cmd, param);
114 if (err) {
115 pr_warn("invalid device control module version "
116 "supplied for cmd(0x%08x)\n", cmd);
117 goto out;
118 }
119
120 if (param->size > AUTOFS_DEV_IOCTL_SIZE) {
121 err = invalid_str(param->path, param->size - AUTOFS_DEV_IOCTL_SIZE);
122 if (err) {
123 pr_warn(
124 "path string terminator missing for cmd(0x%08x)\n",
125 cmd);
126 goto out;
127 }
128
129 err = check_name(param->path);
130 if (err) {
131 pr_warn("invalid path supplied for cmd(0x%08x)\n",
132 cmd);
133 goto out;
134 }
135 } else {
136 unsigned int inr = _IOC_NR(cmd);
137
138 if (inr == AUTOFS_DEV_IOCTL_OPENMOUNT_CMD ||
139 inr == AUTOFS_DEV_IOCTL_REQUESTER_CMD ||
140 inr == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD) {
141 err = -EINVAL;
142 goto out;
143 }
144 }
145
146 err = 0;
147out:
148 return err;
149}
150
151/* Return autofs dev ioctl version */
152static int autofs_dev_ioctl_version(struct file *fp,
153 struct autofs_sb_info *sbi,
154 struct autofs_dev_ioctl *param)
155{
156 /* This should have already been set. */
157 param->ver_major = AUTOFS_DEV_IOCTL_VERSION_MAJOR;
158 param->ver_minor = AUTOFS_DEV_IOCTL_VERSION_MINOR;
159 return 0;
160}
161
162/* Return autofs module protocol version */
163static int autofs_dev_ioctl_protover(struct file *fp,
164 struct autofs_sb_info *sbi,
165 struct autofs_dev_ioctl *param)
166{
167 param->protover.version = sbi->version;
168 return 0;
169}
170
171/* Return autofs module protocol sub version */
172static int autofs_dev_ioctl_protosubver(struct file *fp,
173 struct autofs_sb_info *sbi,
174 struct autofs_dev_ioctl *param)
175{
176 param->protosubver.sub_version = sbi->sub_version;
177 return 0;
178}
179
180/* Find the topmost mount satisfying test() */
181static int find_autofs_mount(const char *pathname,
182 struct path *res,
183 int test(const struct path *path, void *data),
184 void *data)
185{
186 struct path path;
187 int err;
188
189 err = kern_path(pathname, LOOKUP_MOUNTPOINT, &path);
190 if (err)
191 return err;
192 err = -ENOENT;
193 while (path.dentry == path.mnt->mnt_root) {
194 if (path.dentry->d_sb->s_magic == AUTOFS_SUPER_MAGIC) {
195 if (test(&path, data)) {
196 path_get(&path);
197 *res = path;
198 err = 0;
199 break;
200 }
201 }
202 if (!follow_up(&path))
203 break;
204 }
205 path_put(&path);
206 return err;
207}
208
209static int test_by_dev(const struct path *path, void *p)
210{
211 return path->dentry->d_sb->s_dev == *(dev_t *)p;
212}
213
214static int test_by_type(const struct path *path, void *p)
215{
216 struct autofs_info *ino = autofs_dentry_ino(path->dentry);
217
218 return ino && ino->sbi->type & *(unsigned *)p;
219}
220
221/*
222 * Open a file descriptor on the autofs mount point corresponding
223 * to the given path and device number (aka. new_encode_dev(sb->s_dev)).
224 */
225static int autofs_dev_ioctl_open_mountpoint(const char *name, dev_t devid)
226{
227 int err, fd;
228
229 fd = get_unused_fd_flags(O_CLOEXEC);
230 if (likely(fd >= 0)) {
231 struct file *filp;
232 struct path path;
233
234 err = find_autofs_mount(name, &path, test_by_dev, &devid);
235 if (err)
236 goto out;
237
238 filp = dentry_open(&path, O_RDONLY, current_cred());
239 path_put(&path);
240 if (IS_ERR(filp)) {
241 err = PTR_ERR(filp);
242 goto out;
243 }
244
245 fd_install(fd, filp);
246 }
247
248 return fd;
249
250out:
251 put_unused_fd(fd);
252 return err;
253}
254
255/* Open a file descriptor on an autofs mount point */
256static int autofs_dev_ioctl_openmount(struct file *fp,
257 struct autofs_sb_info *sbi,
258 struct autofs_dev_ioctl *param)
259{
260 const char *path;
261 dev_t devid;
262 int err, fd;
263
264 /* param->path has been checked in validate_dev_ioctl() */
265
266 if (!param->openmount.devid)
267 return -EINVAL;
268
269 param->ioctlfd = -1;
270
271 path = param->path;
272 devid = new_decode_dev(param->openmount.devid);
273
274 err = 0;
275 fd = autofs_dev_ioctl_open_mountpoint(path, devid);
276 if (unlikely(fd < 0)) {
277 err = fd;
278 goto out;
279 }
280
281 param->ioctlfd = fd;
282out:
283 return err;
284}
285
286/* Close file descriptor allocated above (user can also use close(2)). */
287static int autofs_dev_ioctl_closemount(struct file *fp,
288 struct autofs_sb_info *sbi,
289 struct autofs_dev_ioctl *param)
290{
291 return ksys_close(param->ioctlfd);
292}
293
294/*
295 * Send "ready" status for an existing wait (either a mount or an expire
296 * request).
297 */
298static int autofs_dev_ioctl_ready(struct file *fp,
299 struct autofs_sb_info *sbi,
300 struct autofs_dev_ioctl *param)
301{
302 autofs_wqt_t token;
303
304 token = (autofs_wqt_t) param->ready.token;
305 return autofs_wait_release(sbi, token, 0);
306}
307
308/*
309 * Send "fail" status for an existing wait (either a mount or an expire
310 * request).
311 */
312static int autofs_dev_ioctl_fail(struct file *fp,
313 struct autofs_sb_info *sbi,
314 struct autofs_dev_ioctl *param)
315{
316 autofs_wqt_t token;
317 int status;
318
319 token = (autofs_wqt_t) param->fail.token;
320 status = param->fail.status < 0 ? param->fail.status : -ENOENT;
321 return autofs_wait_release(sbi, token, status);
322}
323
324/*
325 * Set the pipe fd for kernel communication to the daemon.
326 *
327 * Normally this is set at mount using an option but if we
328 * are reconnecting to a busy mount then we need to use this
329 * to tell the autofs mount about the new kernel pipe fd. In
330 * order to protect mounts against incorrectly setting the
331 * pipefd we also require that the autofs mount be catatonic.
332 *
333 * This also sets the process group id used to identify the
334 * controlling process (eg. the owning automount(8) daemon).
335 */
336static int autofs_dev_ioctl_setpipefd(struct file *fp,
337 struct autofs_sb_info *sbi,
338 struct autofs_dev_ioctl *param)
339{
340 int pipefd;
341 int err = 0;
342 struct pid *new_pid = NULL;
343
344 if (param->setpipefd.pipefd == -1)
345 return -EINVAL;
346
347 pipefd = param->setpipefd.pipefd;
348
349 mutex_lock(&sbi->wq_mutex);
350 if (!(sbi->flags & AUTOFS_SBI_CATATONIC)) {
351 mutex_unlock(&sbi->wq_mutex);
352 return -EBUSY;
353 } else {
354 struct file *pipe;
355
356 new_pid = get_task_pid(current, PIDTYPE_PGID);
357
358 if (ns_of_pid(new_pid) != ns_of_pid(sbi->oz_pgrp)) {
359 pr_warn("not allowed to change PID namespace\n");
360 err = -EINVAL;
361 goto out;
362 }
363
364 pipe = fget(pipefd);
365 if (!pipe) {
366 err = -EBADF;
367 goto out;
368 }
369 if (autofs_prepare_pipe(pipe) < 0) {
370 err = -EPIPE;
371 fput(pipe);
372 goto out;
373 }
374 swap(sbi->oz_pgrp, new_pid);
375 sbi->pipefd = pipefd;
376 sbi->pipe = pipe;
377 sbi->flags &= ~AUTOFS_SBI_CATATONIC;
378 }
379out:
380 put_pid(new_pid);
381 mutex_unlock(&sbi->wq_mutex);
382 return err;
383}
384
385/*
386 * Make the autofs mount point catatonic, no longer responsive to
387 * mount requests. Also closes the kernel pipe file descriptor.
388 */
389static int autofs_dev_ioctl_catatonic(struct file *fp,
390 struct autofs_sb_info *sbi,
391 struct autofs_dev_ioctl *param)
392{
393 autofs_catatonic_mode(sbi);
394 return 0;
395}
396
397/* Set the autofs mount timeout */
398static int autofs_dev_ioctl_timeout(struct file *fp,
399 struct autofs_sb_info *sbi,
400 struct autofs_dev_ioctl *param)
401{
402 unsigned long timeout;
403
404 timeout = param->timeout.timeout;
405 param->timeout.timeout = sbi->exp_timeout / HZ;
406 sbi->exp_timeout = timeout * HZ;
407 return 0;
408}
409
410/*
411 * Return the uid and gid of the last request for the mount
412 *
413 * When reconstructing an autofs mount tree with active mounts
414 * we need to re-connect to mounts that may have used the original
415 * process uid and gid (or string variations of them) for mount
416 * lookups within the map entry.
417 */
418static int autofs_dev_ioctl_requester(struct file *fp,
419 struct autofs_sb_info *sbi,
420 struct autofs_dev_ioctl *param)
421{
422 struct autofs_info *ino;
423 struct path path;
424 dev_t devid;
425 int err = -ENOENT;
426
427 /* param->path has been checked in validate_dev_ioctl() */
428
429 devid = sbi->sb->s_dev;
430
431 param->requester.uid = param->requester.gid = -1;
432
433 err = find_autofs_mount(param->path, &path, test_by_dev, &devid);
434 if (err)
435 goto out;
436
437 ino = autofs_dentry_ino(path.dentry);
438 if (ino) {
439 err = 0;
440 autofs_expire_wait(&path, 0);
441 spin_lock(&sbi->fs_lock);
442 param->requester.uid =
443 from_kuid_munged(current_user_ns(), ino->uid);
444 param->requester.gid =
445 from_kgid_munged(current_user_ns(), ino->gid);
446 spin_unlock(&sbi->fs_lock);
447 }
448 path_put(&path);
449out:
450 return err;
451}
452
453/*
454 * Call repeatedly until it returns -EAGAIN, meaning there's nothing
455 * more that can be done.
456 */
457static int autofs_dev_ioctl_expire(struct file *fp,
458 struct autofs_sb_info *sbi,
459 struct autofs_dev_ioctl *param)
460{
461 struct vfsmount *mnt;
462 int how;
463
464 how = param->expire.how;
465 mnt = fp->f_path.mnt;
466
467 return autofs_do_expire_multi(sbi->sb, mnt, sbi, how);
468}
469
470/* Check if autofs mount point is in use */
471static int autofs_dev_ioctl_askumount(struct file *fp,
472 struct autofs_sb_info *sbi,
473 struct autofs_dev_ioctl *param)
474{
475 param->askumount.may_umount = 0;
476 if (may_umount(fp->f_path.mnt))
477 param->askumount.may_umount = 1;
478 return 0;
479}
480
481/*
482 * Check if the given path is a mountpoint.
483 *
484 * If we are supplied with the file descriptor of an autofs
485 * mount we're looking for a specific mount. In this case
486 * the path is considered a mountpoint if it is itself a
487 * mountpoint or contains a mount, such as a multi-mount
488 * without a root mount. In this case we return 1 if the
489 * path is a mount point and the super magic of the covering
490 * mount if there is one or 0 if it isn't a mountpoint.
491 *
492 * If we aren't supplied with a file descriptor then we
493 * lookup the path and check if it is the root of a mount.
494 * If a type is given we are looking for a particular autofs
495 * mount and if we don't find a match we return fail. If the
496 * located path is the root of a mount we return 1 along with
497 * the super magic of the mount or 0 otherwise.
498 *
499 * In both cases the device number (as returned by
500 * new_encode_dev()) is also returned.
501 */
502static int autofs_dev_ioctl_ismountpoint(struct file *fp,
503 struct autofs_sb_info *sbi,
504 struct autofs_dev_ioctl *param)
505{
506 struct path path;
507 const char *name;
508 unsigned int type;
509 unsigned int devid, magic;
510 int err = -ENOENT;
511
512 /* param->path has been checked in validate_dev_ioctl() */
513
514 name = param->path;
515 type = param->ismountpoint.in.type;
516
517 param->ismountpoint.out.devid = devid = 0;
518 param->ismountpoint.out.magic = magic = 0;
519
520 if (!fp || param->ioctlfd == -1) {
521 if (autofs_type_any(type))
522 err = kern_path(name, LOOKUP_FOLLOW | LOOKUP_MOUNTPOINT,
523 &path);
524 else
525 err = find_autofs_mount(name, &path,
526 test_by_type, &type);
527 if (err)
528 goto out;
529 devid = new_encode_dev(path.dentry->d_sb->s_dev);
530 err = 0;
531 if (path.mnt->mnt_root == path.dentry) {
532 err = 1;
533 magic = path.dentry->d_sb->s_magic;
534 }
535 } else {
536 dev_t dev = sbi->sb->s_dev;
537
538 err = find_autofs_mount(name, &path, test_by_dev, &dev);
539 if (err)
540 goto out;
541
542 devid = new_encode_dev(dev);
543
544 err = path_has_submounts(&path);
545
546 if (follow_down_one(&path))
547 magic = path.dentry->d_sb->s_magic;
548 }
549
550 param->ismountpoint.out.devid = devid;
551 param->ismountpoint.out.magic = magic;
552 path_put(&path);
553out:
554 return err;
555}
556
557/*
558 * Our range of ioctl numbers isn't 0 based so we need to shift
559 * the array index by _IOC_NR(AUTOFS_CTL_IOC_FIRST) for the table
560 * lookup.
561 */
562#define cmd_idx(cmd) (cmd - _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST))
563
564static ioctl_fn lookup_dev_ioctl(unsigned int cmd)
565{
566 static ioctl_fn _ioctls[] = {
567 autofs_dev_ioctl_version,
568 autofs_dev_ioctl_protover,
569 autofs_dev_ioctl_protosubver,
570 autofs_dev_ioctl_openmount,
571 autofs_dev_ioctl_closemount,
572 autofs_dev_ioctl_ready,
573 autofs_dev_ioctl_fail,
574 autofs_dev_ioctl_setpipefd,
575 autofs_dev_ioctl_catatonic,
576 autofs_dev_ioctl_timeout,
577 autofs_dev_ioctl_requester,
578 autofs_dev_ioctl_expire,
579 autofs_dev_ioctl_askumount,
580 autofs_dev_ioctl_ismountpoint,
581 };
582 unsigned int idx = cmd_idx(cmd);
583
584 return (idx >= ARRAY_SIZE(_ioctls)) ? NULL : _ioctls[idx];
585}
586
587/* ioctl dispatcher */
588static int _autofs_dev_ioctl(unsigned int command,
589 struct autofs_dev_ioctl __user *user)
590{
591 struct autofs_dev_ioctl *param;
592 struct file *fp;
593 struct autofs_sb_info *sbi;
594 unsigned int cmd_first, cmd;
595 ioctl_fn fn = NULL;
596 int err = 0;
597
598 cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST);
599 cmd = _IOC_NR(command);
600
601 if (_IOC_TYPE(command) != _IOC_TYPE(AUTOFS_DEV_IOCTL_IOC_FIRST) ||
602 cmd - cmd_first > AUTOFS_DEV_IOCTL_IOC_COUNT) {
603 return -ENOTTY;
604 }
605
606 /* Only root can use ioctls other than AUTOFS_DEV_IOCTL_VERSION_CMD
607 * and AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD
608 */
609 if (cmd != AUTOFS_DEV_IOCTL_VERSION_CMD &&
610 cmd != AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD &&
611 !capable(CAP_SYS_ADMIN))
612 return -EPERM;
613
614 /* Copy the parameters into kernel space. */
615 param = copy_dev_ioctl(user);
616 if (IS_ERR(param))
617 return PTR_ERR(param);
618
619 err = validate_dev_ioctl(command, param);
620 if (err)
621 goto out;
622
623 fn = lookup_dev_ioctl(cmd);
624 if (!fn) {
625 pr_warn("unknown command 0x%08x\n", command);
626 err = -ENOTTY;
627 goto out;
628 }
629
630 fp = NULL;
631 sbi = NULL;
632
633 /*
634 * For obvious reasons the openmount can't have a file
635 * descriptor yet. We don't take a reference to the
636 * file during close to allow for immediate release,
637 * and the same for retrieving ioctl version.
638 */
639 if (cmd != AUTOFS_DEV_IOCTL_VERSION_CMD &&
640 cmd != AUTOFS_DEV_IOCTL_OPENMOUNT_CMD &&
641 cmd != AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD) {
642 struct super_block *sb;
643
644 fp = fget(param->ioctlfd);
645 if (!fp) {
646 if (cmd == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD)
647 goto cont;
648 err = -EBADF;
649 goto out;
650 }
651
652 sb = file_inode(fp)->i_sb;
653 if (sb->s_type != &autofs_fs_type) {
654 err = -EINVAL;
655 fput(fp);
656 goto out;
657 }
658 sbi = autofs_sbi(sb);
659
660 /*
661 * Admin needs to be able to set the mount catatonic in
662 * order to be able to perform the re-open.
663 */
664 if (!autofs_oz_mode(sbi) &&
665 cmd != AUTOFS_DEV_IOCTL_CATATONIC_CMD) {
666 err = -EACCES;
667 fput(fp);
668 goto out;
669 }
670 }
671cont:
672 err = fn(fp, sbi, param);
673
674 if (fp)
675 fput(fp);
676 if (err >= 0 && copy_to_user(user, param, AUTOFS_DEV_IOCTL_SIZE))
677 err = -EFAULT;
678out:
679 free_dev_ioctl(param);
680 return err;
681}
682
683static long autofs_dev_ioctl(struct file *file, unsigned int command,
684 unsigned long u)
685{
686 int err;
687
688 err = _autofs_dev_ioctl(command, (struct autofs_dev_ioctl __user *) u);
689 return (long) err;
690}
691
692#ifdef CONFIG_COMPAT
693static long autofs_dev_ioctl_compat(struct file *file, unsigned int command,
694 unsigned long u)
695{
696 return autofs_dev_ioctl(file, command, (unsigned long) compat_ptr(u));
697}
698#else
699#define autofs_dev_ioctl_compat NULL
700#endif
701
702static const struct file_operations _dev_ioctl_fops = {
703 .unlocked_ioctl = autofs_dev_ioctl,
704 .compat_ioctl = autofs_dev_ioctl_compat,
705 .owner = THIS_MODULE,
706 .llseek = noop_llseek,
707};
708
709static struct miscdevice _autofs_dev_ioctl_misc = {
710 .minor = AUTOFS_MINOR,
711 .name = AUTOFS_DEVICE_NAME,
712 .fops = &_dev_ioctl_fops,
713 .mode = 0644,
714};
715
716MODULE_ALIAS_MISCDEV(AUTOFS_MINOR);
717MODULE_ALIAS("devname:autofs");
718
719/* Register/deregister misc character device */
720int __init autofs_dev_ioctl_init(void)
721{
722 int r;
723
724 r = misc_register(&_autofs_dev_ioctl_misc);
725 if (r) {
726 pr_err("misc_register failed for control device\n");
727 return r;
728 }
729
730 return 0;
731}
732
733void autofs_dev_ioctl_exit(void)
734{
735 misc_deregister(&_autofs_dev_ioctl_misc);
736}
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright 2008 Red Hat, Inc. All rights reserved.
4 * Copyright 2008 Ian Kent <raven@themaw.net>
5 */
6
7#include <linux/module.h>
8#include <linux/miscdevice.h>
9#include <linux/compat.h>
10#include <linux/fdtable.h>
11#include <linux/magic.h>
12#include <linux/nospec.h>
13
14#include "autofs_i.h"
15
16/*
17 * This module implements an interface for routing autofs ioctl control
18 * commands via a miscellaneous device file.
19 *
20 * The alternate interface is needed because we need to be able open
21 * an ioctl file descriptor on an autofs mount that may be covered by
22 * another mount. This situation arises when starting automount(8)
23 * or other user space daemon which uses direct mounts or offset
24 * mounts (used for autofs lazy mount/umount of nested mount trees),
25 * which have been left busy at service shutdown.
26 */
27
28typedef int (*ioctl_fn)(struct file *, struct autofs_sb_info *,
29 struct autofs_dev_ioctl *);
30
31static int check_name(const char *name)
32{
33 if (!strchr(name, '/'))
34 return -EINVAL;
35 return 0;
36}
37
38/*
39 * Check a string doesn't overrun the chunk of
40 * memory we copied from user land.
41 */
42static int invalid_str(char *str, size_t size)
43{
44 if (memchr(str, 0, size))
45 return 0;
46 return -EINVAL;
47}
48
49/*
50 * Check that the user compiled against correct version of autofs
51 * misc device code.
52 *
53 * As well as checking the version compatibility this always copies
54 * the kernel interface version out.
55 */
56static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param)
57{
58 int err = 0;
59
60 if ((param->ver_major != AUTOFS_DEV_IOCTL_VERSION_MAJOR) ||
61 (param->ver_minor > AUTOFS_DEV_IOCTL_VERSION_MINOR)) {
62 pr_warn("ioctl control interface version mismatch: "
63 "kernel(%u.%u), user(%u.%u), cmd(0x%08x)\n",
64 AUTOFS_DEV_IOCTL_VERSION_MAJOR,
65 AUTOFS_DEV_IOCTL_VERSION_MINOR,
66 param->ver_major, param->ver_minor, cmd);
67 err = -EINVAL;
68 }
69
70 /* Fill in the kernel version. */
71 param->ver_major = AUTOFS_DEV_IOCTL_VERSION_MAJOR;
72 param->ver_minor = AUTOFS_DEV_IOCTL_VERSION_MINOR;
73
74 return err;
75}
76
77/*
78 * Copy parameter control struct, including a possible path allocated
79 * at the end of the struct.
80 */
81static struct autofs_dev_ioctl *
82copy_dev_ioctl(struct autofs_dev_ioctl __user *in)
83{
84 struct autofs_dev_ioctl tmp, *res;
85
86 if (copy_from_user(&tmp, in, AUTOFS_DEV_IOCTL_SIZE))
87 return ERR_PTR(-EFAULT);
88
89 if (tmp.size < AUTOFS_DEV_IOCTL_SIZE)
90 return ERR_PTR(-EINVAL);
91
92 if (tmp.size > AUTOFS_DEV_IOCTL_SIZE + PATH_MAX)
93 return ERR_PTR(-ENAMETOOLONG);
94
95 res = memdup_user(in, tmp.size);
96 if (!IS_ERR(res))
97 res->size = tmp.size;
98
99 return res;
100}
101
102static inline void free_dev_ioctl(struct autofs_dev_ioctl *param)
103{
104 kfree(param);
105}
106
107/*
108 * Check sanity of parameter control fields and if a path is present
109 * check that it is terminated and contains at least one "/".
110 */
111static int validate_dev_ioctl(int cmd, struct autofs_dev_ioctl *param)
112{
113 unsigned int inr = _IOC_NR(cmd);
114 int err;
115
116 err = check_dev_ioctl_version(cmd, param);
117 if (err) {
118 pr_warn("invalid device control module version "
119 "supplied for cmd(0x%08x)\n", cmd);
120 goto out;
121 }
122
123 if (param->size > AUTOFS_DEV_IOCTL_SIZE) {
124 err = invalid_str(param->path, param->size - AUTOFS_DEV_IOCTL_SIZE);
125 if (err) {
126 pr_warn(
127 "path string terminator missing for cmd(0x%08x)\n",
128 cmd);
129 goto out;
130 }
131
132 /* Setting the per-dentry expire timeout requires a trailing
133 * path component, ie. no '/', so invert the logic of the
134 * check_name() return for AUTOFS_DEV_IOCTL_TIMEOUT_CMD.
135 */
136 err = check_name(param->path);
137 if (inr == AUTOFS_DEV_IOCTL_TIMEOUT_CMD)
138 err = err ? 0 : -EINVAL;
139 if (err) {
140 pr_warn("invalid path supplied for cmd(0x%08x)\n",
141 cmd);
142 goto out;
143 }
144 } else {
145 if (inr == AUTOFS_DEV_IOCTL_OPENMOUNT_CMD ||
146 inr == AUTOFS_DEV_IOCTL_REQUESTER_CMD ||
147 inr == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD) {
148 err = -EINVAL;
149 goto out;
150 }
151 }
152
153 err = 0;
154out:
155 return err;
156}
157
158/* Return autofs dev ioctl version */
159static int autofs_dev_ioctl_version(struct file *fp,
160 struct autofs_sb_info *sbi,
161 struct autofs_dev_ioctl *param)
162{
163 /* This should have already been set. */
164 param->ver_major = AUTOFS_DEV_IOCTL_VERSION_MAJOR;
165 param->ver_minor = AUTOFS_DEV_IOCTL_VERSION_MINOR;
166 return 0;
167}
168
169/* Return autofs module protocol version */
170static int autofs_dev_ioctl_protover(struct file *fp,
171 struct autofs_sb_info *sbi,
172 struct autofs_dev_ioctl *param)
173{
174 param->protover.version = sbi->version;
175 return 0;
176}
177
178/* Return autofs module protocol sub version */
179static int autofs_dev_ioctl_protosubver(struct file *fp,
180 struct autofs_sb_info *sbi,
181 struct autofs_dev_ioctl *param)
182{
183 param->protosubver.sub_version = sbi->sub_version;
184 return 0;
185}
186
187/* Find the topmost mount satisfying test() */
188static int find_autofs_mount(const char *pathname,
189 struct path *res,
190 int test(const struct path *path, void *data),
191 void *data)
192{
193 struct path path;
194 int err;
195
196 err = kern_path(pathname, LOOKUP_MOUNTPOINT, &path);
197 if (err)
198 return err;
199 err = -ENOENT;
200 while (path.dentry == path.mnt->mnt_root) {
201 if (path.dentry->d_sb->s_magic == AUTOFS_SUPER_MAGIC) {
202 if (test(&path, data)) {
203 path_get(&path);
204 *res = path;
205 err = 0;
206 break;
207 }
208 }
209 if (!follow_up(&path))
210 break;
211 }
212 path_put(&path);
213 return err;
214}
215
216static int test_by_dev(const struct path *path, void *p)
217{
218 return path->dentry->d_sb->s_dev == *(dev_t *)p;
219}
220
221static int test_by_type(const struct path *path, void *p)
222{
223 struct autofs_info *ino = autofs_dentry_ino(path->dentry);
224
225 return ino && ino->sbi->type & *(unsigned *)p;
226}
227
228/*
229 * Open a file descriptor on the autofs mount point corresponding
230 * to the given path and device number (aka. new_encode_dev(sb->s_dev)).
231 */
232static int autofs_dev_ioctl_open_mountpoint(const char *name, dev_t devid)
233{
234 int err, fd;
235
236 fd = get_unused_fd_flags(O_CLOEXEC);
237 if (likely(fd >= 0)) {
238 struct file *filp;
239 struct path path;
240
241 err = find_autofs_mount(name, &path, test_by_dev, &devid);
242 if (err)
243 goto out;
244
245 filp = dentry_open(&path, O_RDONLY, current_cred());
246 path_put(&path);
247 if (IS_ERR(filp)) {
248 err = PTR_ERR(filp);
249 goto out;
250 }
251
252 fd_install(fd, filp);
253 }
254
255 return fd;
256
257out:
258 put_unused_fd(fd);
259 return err;
260}
261
262/* Open a file descriptor on an autofs mount point */
263static int autofs_dev_ioctl_openmount(struct file *fp,
264 struct autofs_sb_info *sbi,
265 struct autofs_dev_ioctl *param)
266{
267 const char *path;
268 dev_t devid;
269 int err, fd;
270
271 /* param->path has been checked in validate_dev_ioctl() */
272
273 if (!param->openmount.devid)
274 return -EINVAL;
275
276 param->ioctlfd = -1;
277
278 path = param->path;
279 devid = new_decode_dev(param->openmount.devid);
280
281 err = 0;
282 fd = autofs_dev_ioctl_open_mountpoint(path, devid);
283 if (unlikely(fd < 0)) {
284 err = fd;
285 goto out;
286 }
287
288 param->ioctlfd = fd;
289out:
290 return err;
291}
292
293/* Close file descriptor allocated above (user can also use close(2)). */
294static int autofs_dev_ioctl_closemount(struct file *fp,
295 struct autofs_sb_info *sbi,
296 struct autofs_dev_ioctl *param)
297{
298 return close_fd(param->ioctlfd);
299}
300
301/*
302 * Send "ready" status for an existing wait (either a mount or an expire
303 * request).
304 */
305static int autofs_dev_ioctl_ready(struct file *fp,
306 struct autofs_sb_info *sbi,
307 struct autofs_dev_ioctl *param)
308{
309 autofs_wqt_t token;
310
311 token = (autofs_wqt_t) param->ready.token;
312 return autofs_wait_release(sbi, token, 0);
313}
314
315/*
316 * Send "fail" status for an existing wait (either a mount or an expire
317 * request).
318 */
319static int autofs_dev_ioctl_fail(struct file *fp,
320 struct autofs_sb_info *sbi,
321 struct autofs_dev_ioctl *param)
322{
323 autofs_wqt_t token;
324 int status;
325
326 token = (autofs_wqt_t) param->fail.token;
327 status = param->fail.status < 0 ? param->fail.status : -ENOENT;
328 return autofs_wait_release(sbi, token, status);
329}
330
331/*
332 * Set the pipe fd for kernel communication to the daemon.
333 *
334 * Normally this is set at mount using an option but if we
335 * are reconnecting to a busy mount then we need to use this
336 * to tell the autofs mount about the new kernel pipe fd. In
337 * order to protect mounts against incorrectly setting the
338 * pipefd we also require that the autofs mount be catatonic.
339 *
340 * This also sets the process group id used to identify the
341 * controlling process (eg. the owning automount(8) daemon).
342 */
343static int autofs_dev_ioctl_setpipefd(struct file *fp,
344 struct autofs_sb_info *sbi,
345 struct autofs_dev_ioctl *param)
346{
347 int pipefd;
348 int err = 0;
349 struct pid *new_pid = NULL;
350
351 if (param->setpipefd.pipefd == -1)
352 return -EINVAL;
353
354 pipefd = param->setpipefd.pipefd;
355
356 mutex_lock(&sbi->wq_mutex);
357 if (!(sbi->flags & AUTOFS_SBI_CATATONIC)) {
358 mutex_unlock(&sbi->wq_mutex);
359 return -EBUSY;
360 } else {
361 struct file *pipe;
362
363 new_pid = get_task_pid(current, PIDTYPE_PGID);
364
365 if (ns_of_pid(new_pid) != ns_of_pid(sbi->oz_pgrp)) {
366 pr_warn("not allowed to change PID namespace\n");
367 err = -EINVAL;
368 goto out;
369 }
370
371 pipe = fget(pipefd);
372 if (!pipe) {
373 err = -EBADF;
374 goto out;
375 }
376 if (autofs_prepare_pipe(pipe) < 0) {
377 err = -EPIPE;
378 fput(pipe);
379 goto out;
380 }
381 swap(sbi->oz_pgrp, new_pid);
382 sbi->pipefd = pipefd;
383 sbi->pipe = pipe;
384 sbi->flags &= ~AUTOFS_SBI_CATATONIC;
385 }
386out:
387 put_pid(new_pid);
388 mutex_unlock(&sbi->wq_mutex);
389 return err;
390}
391
392/*
393 * Make the autofs mount point catatonic, no longer responsive to
394 * mount requests. Also closes the kernel pipe file descriptor.
395 */
396static int autofs_dev_ioctl_catatonic(struct file *fp,
397 struct autofs_sb_info *sbi,
398 struct autofs_dev_ioctl *param)
399{
400 autofs_catatonic_mode(sbi);
401 return 0;
402}
403
404/*
405 * Set the autofs mount expire timeout.
406 *
407 * There are two places an expire timeout can be set, in the autofs
408 * super block info. (this is all that's needed for direct and offset
409 * mounts because there's a distinct mount corresponding to each of
410 * these) and per-dentry within within the dentry info. If a per-dentry
411 * timeout is set it will override the expire timeout set in the parent
412 * autofs super block info.
413 *
414 * If setting the autofs super block expire timeout the autofs_dev_ioctl
415 * size field will be equal to the autofs_dev_ioctl structure size. If
416 * setting the per-dentry expire timeout the mount point name is passed
417 * in the autofs_dev_ioctl path field and the size field updated to
418 * reflect this.
419 *
420 * Setting the autofs mount expire timeout sets the timeout in the super
421 * block info. struct. Setting the per-dentry timeout does a little more.
422 * If the timeout is equal to -1 the per-dentry timeout (and flag) is
423 * cleared which reverts to using the super block timeout, otherwise if
424 * timeout is 0 the timeout is set to this value and the flag is left
425 * set which disables expiration for the mount point, lastly the flag
426 * and the timeout are set enabling the dentry to use this timeout.
427 */
428static int autofs_dev_ioctl_timeout(struct file *fp,
429 struct autofs_sb_info *sbi,
430 struct autofs_dev_ioctl *param)
431{
432 unsigned long timeout = param->timeout.timeout;
433
434 /* If setting the expire timeout for an individual indirect
435 * mount point dentry the mount trailing component path is
436 * placed in param->path and param->size adjusted to account
437 * for it otherwise param->size it is set to the structure
438 * size.
439 */
440 if (param->size == AUTOFS_DEV_IOCTL_SIZE) {
441 param->timeout.timeout = sbi->exp_timeout / HZ;
442 sbi->exp_timeout = timeout * HZ;
443 } else {
444 struct dentry *base = fp->f_path.dentry;
445 struct inode *inode = base->d_inode;
446 int path_len = param->size - AUTOFS_DEV_IOCTL_SIZE - 1;
447 struct dentry *dentry;
448 struct autofs_info *ino;
449
450 if (!autofs_type_indirect(sbi->type))
451 return -EINVAL;
452
453 /* An expire timeout greater than the superblock timeout
454 * could be a problem at shutdown but the super block
455 * timeout itself can change so all we can really do is
456 * warn the user.
457 */
458 if (timeout >= sbi->exp_timeout)
459 pr_warn("per-mount expire timeout is greater than "
460 "the parent autofs mount timeout which could "
461 "prevent shutdown\n");
462
463 inode_lock_shared(inode);
464 dentry = try_lookup_one_len(param->path, base, path_len);
465 inode_unlock_shared(inode);
466 if (IS_ERR_OR_NULL(dentry))
467 return dentry ? PTR_ERR(dentry) : -ENOENT;
468 ino = autofs_dentry_ino(dentry);
469 if (!ino) {
470 dput(dentry);
471 return -ENOENT;
472 }
473
474 if (ino->exp_timeout && ino->flags & AUTOFS_INF_EXPIRE_SET)
475 param->timeout.timeout = ino->exp_timeout / HZ;
476 else
477 param->timeout.timeout = sbi->exp_timeout / HZ;
478
479 if (timeout == -1) {
480 /* Revert to using the super block timeout */
481 ino->flags &= ~AUTOFS_INF_EXPIRE_SET;
482 ino->exp_timeout = 0;
483 } else {
484 /* Set the dentry expire flag and timeout.
485 *
486 * If timeout is 0 it will prevent the expire
487 * of this particular automount.
488 */
489 ino->flags |= AUTOFS_INF_EXPIRE_SET;
490 ino->exp_timeout = timeout * HZ;
491 }
492 dput(dentry);
493 }
494
495 return 0;
496}
497
498/*
499 * Return the uid and gid of the last request for the mount
500 *
501 * When reconstructing an autofs mount tree with active mounts
502 * we need to re-connect to mounts that may have used the original
503 * process uid and gid (or string variations of them) for mount
504 * lookups within the map entry.
505 */
506static int autofs_dev_ioctl_requester(struct file *fp,
507 struct autofs_sb_info *sbi,
508 struct autofs_dev_ioctl *param)
509{
510 struct autofs_info *ino;
511 struct path path;
512 dev_t devid;
513 int err = -ENOENT;
514
515 /* param->path has been checked in validate_dev_ioctl() */
516
517 devid = sbi->sb->s_dev;
518
519 param->requester.uid = param->requester.gid = -1;
520
521 err = find_autofs_mount(param->path, &path, test_by_dev, &devid);
522 if (err)
523 goto out;
524
525 ino = autofs_dentry_ino(path.dentry);
526 if (ino) {
527 err = 0;
528 autofs_expire_wait(&path, 0);
529 spin_lock(&sbi->fs_lock);
530 param->requester.uid =
531 from_kuid_munged(current_user_ns(), ino->uid);
532 param->requester.gid =
533 from_kgid_munged(current_user_ns(), ino->gid);
534 spin_unlock(&sbi->fs_lock);
535 }
536 path_put(&path);
537out:
538 return err;
539}
540
541/*
542 * Call repeatedly until it returns -EAGAIN, meaning there's nothing
543 * more that can be done.
544 */
545static int autofs_dev_ioctl_expire(struct file *fp,
546 struct autofs_sb_info *sbi,
547 struct autofs_dev_ioctl *param)
548{
549 struct vfsmount *mnt;
550 int how;
551
552 how = param->expire.how;
553 mnt = fp->f_path.mnt;
554
555 return autofs_do_expire_multi(sbi->sb, mnt, sbi, how);
556}
557
558/* Check if autofs mount point is in use */
559static int autofs_dev_ioctl_askumount(struct file *fp,
560 struct autofs_sb_info *sbi,
561 struct autofs_dev_ioctl *param)
562{
563 param->askumount.may_umount = 0;
564 if (may_umount(fp->f_path.mnt))
565 param->askumount.may_umount = 1;
566 return 0;
567}
568
569/*
570 * Check if the given path is a mountpoint.
571 *
572 * If we are supplied with the file descriptor of an autofs
573 * mount we're looking for a specific mount. In this case
574 * the path is considered a mountpoint if it is itself a
575 * mountpoint or contains a mount, such as a multi-mount
576 * without a root mount. In this case we return 1 if the
577 * path is a mount point and the super magic of the covering
578 * mount if there is one or 0 if it isn't a mountpoint.
579 *
580 * If we aren't supplied with a file descriptor then we
581 * lookup the path and check if it is the root of a mount.
582 * If a type is given we are looking for a particular autofs
583 * mount and if we don't find a match we return fail. If the
584 * located path is the root of a mount we return 1 along with
585 * the super magic of the mount or 0 otherwise.
586 *
587 * In both cases the device number (as returned by
588 * new_encode_dev()) is also returned.
589 */
590static int autofs_dev_ioctl_ismountpoint(struct file *fp,
591 struct autofs_sb_info *sbi,
592 struct autofs_dev_ioctl *param)
593{
594 struct path path;
595 const char *name;
596 unsigned int type;
597 unsigned int devid, magic;
598 int err = -ENOENT;
599
600 /* param->path has been checked in validate_dev_ioctl() */
601
602 name = param->path;
603 type = param->ismountpoint.in.type;
604
605 param->ismountpoint.out.devid = devid = 0;
606 param->ismountpoint.out.magic = magic = 0;
607
608 if (!fp || param->ioctlfd == -1) {
609 if (autofs_type_any(type))
610 err = kern_path(name, LOOKUP_FOLLOW | LOOKUP_MOUNTPOINT,
611 &path);
612 else
613 err = find_autofs_mount(name, &path,
614 test_by_type, &type);
615 if (err)
616 goto out;
617 devid = new_encode_dev(path.dentry->d_sb->s_dev);
618 err = 0;
619 if (path.mnt->mnt_root == path.dentry) {
620 err = 1;
621 magic = path.dentry->d_sb->s_magic;
622 }
623 } else {
624 dev_t dev = sbi->sb->s_dev;
625
626 err = find_autofs_mount(name, &path, test_by_dev, &dev);
627 if (err)
628 goto out;
629
630 devid = new_encode_dev(dev);
631
632 err = path_has_submounts(&path);
633
634 if (follow_down_one(&path))
635 magic = path.dentry->d_sb->s_magic;
636 }
637
638 param->ismountpoint.out.devid = devid;
639 param->ismountpoint.out.magic = magic;
640 path_put(&path);
641out:
642 return err;
643}
644
645/*
646 * Our range of ioctl numbers isn't 0 based so we need to shift
647 * the array index by _IOC_NR(AUTOFS_CTL_IOC_FIRST) for the table
648 * lookup.
649 */
650#define cmd_idx(cmd) (cmd - _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST))
651
652static ioctl_fn lookup_dev_ioctl(unsigned int cmd)
653{
654 static const ioctl_fn _ioctls[] = {
655 autofs_dev_ioctl_version,
656 autofs_dev_ioctl_protover,
657 autofs_dev_ioctl_protosubver,
658 autofs_dev_ioctl_openmount,
659 autofs_dev_ioctl_closemount,
660 autofs_dev_ioctl_ready,
661 autofs_dev_ioctl_fail,
662 autofs_dev_ioctl_setpipefd,
663 autofs_dev_ioctl_catatonic,
664 autofs_dev_ioctl_timeout,
665 autofs_dev_ioctl_requester,
666 autofs_dev_ioctl_expire,
667 autofs_dev_ioctl_askumount,
668 autofs_dev_ioctl_ismountpoint,
669 };
670 unsigned int idx = cmd_idx(cmd);
671
672 if (idx >= ARRAY_SIZE(_ioctls))
673 return NULL;
674 idx = array_index_nospec(idx, ARRAY_SIZE(_ioctls));
675 return _ioctls[idx];
676}
677
678/* ioctl dispatcher */
679static int _autofs_dev_ioctl(unsigned int command,
680 struct autofs_dev_ioctl __user *user)
681{
682 struct autofs_dev_ioctl *param;
683 struct file *fp;
684 struct autofs_sb_info *sbi;
685 unsigned int cmd_first, cmd;
686 ioctl_fn fn = NULL;
687 int err = 0;
688
689 cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST);
690 cmd = _IOC_NR(command);
691
692 if (_IOC_TYPE(command) != _IOC_TYPE(AUTOFS_DEV_IOCTL_IOC_FIRST) ||
693 cmd - cmd_first > AUTOFS_DEV_IOCTL_IOC_COUNT) {
694 return -ENOTTY;
695 }
696
697 /* Only root can use ioctls other than AUTOFS_DEV_IOCTL_VERSION_CMD
698 * and AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD
699 */
700 if (cmd != AUTOFS_DEV_IOCTL_VERSION_CMD &&
701 cmd != AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD &&
702 !capable(CAP_SYS_ADMIN))
703 return -EPERM;
704
705 /* Copy the parameters into kernel space. */
706 param = copy_dev_ioctl(user);
707 if (IS_ERR(param))
708 return PTR_ERR(param);
709
710 err = validate_dev_ioctl(command, param);
711 if (err)
712 goto out;
713
714 fn = lookup_dev_ioctl(cmd);
715 if (!fn) {
716 pr_warn("unknown command 0x%08x\n", command);
717 err = -ENOTTY;
718 goto out;
719 }
720
721 fp = NULL;
722 sbi = NULL;
723
724 /*
725 * For obvious reasons the openmount can't have a file
726 * descriptor yet. We don't take a reference to the
727 * file during close to allow for immediate release,
728 * and the same for retrieving ioctl version.
729 */
730 if (cmd != AUTOFS_DEV_IOCTL_VERSION_CMD &&
731 cmd != AUTOFS_DEV_IOCTL_OPENMOUNT_CMD &&
732 cmd != AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD) {
733 struct super_block *sb;
734
735 fp = fget(param->ioctlfd);
736 if (!fp) {
737 if (cmd == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD)
738 goto cont;
739 err = -EBADF;
740 goto out;
741 }
742
743 sb = file_inode(fp)->i_sb;
744 if (sb->s_type != &autofs_fs_type) {
745 err = -EINVAL;
746 fput(fp);
747 goto out;
748 }
749 sbi = autofs_sbi(sb);
750
751 /*
752 * Admin needs to be able to set the mount catatonic in
753 * order to be able to perform the re-open.
754 */
755 if (!autofs_oz_mode(sbi) &&
756 cmd != AUTOFS_DEV_IOCTL_CATATONIC_CMD) {
757 err = -EACCES;
758 fput(fp);
759 goto out;
760 }
761 }
762cont:
763 err = fn(fp, sbi, param);
764
765 if (fp)
766 fput(fp);
767 if (err >= 0 && copy_to_user(user, param, AUTOFS_DEV_IOCTL_SIZE))
768 err = -EFAULT;
769out:
770 free_dev_ioctl(param);
771 return err;
772}
773
774static long autofs_dev_ioctl(struct file *file, unsigned int command,
775 unsigned long u)
776{
777 int err;
778
779 err = _autofs_dev_ioctl(command, (struct autofs_dev_ioctl __user *) u);
780 return (long) err;
781}
782
783#ifdef CONFIG_COMPAT
784static long autofs_dev_ioctl_compat(struct file *file, unsigned int command,
785 unsigned long u)
786{
787 return autofs_dev_ioctl(file, command, (unsigned long) compat_ptr(u));
788}
789#else
790#define autofs_dev_ioctl_compat NULL
791#endif
792
793static const struct file_operations _dev_ioctl_fops = {
794 .unlocked_ioctl = autofs_dev_ioctl,
795 .compat_ioctl = autofs_dev_ioctl_compat,
796 .owner = THIS_MODULE,
797 .llseek = noop_llseek,
798};
799
800static struct miscdevice _autofs_dev_ioctl_misc = {
801 .minor = AUTOFS_MINOR,
802 .name = AUTOFS_DEVICE_NAME,
803 .fops = &_dev_ioctl_fops,
804 .mode = 0644,
805};
806
807MODULE_ALIAS_MISCDEV(AUTOFS_MINOR);
808MODULE_ALIAS("devname:autofs");
809
810/* Register/deregister misc character device */
811int __init autofs_dev_ioctl_init(void)
812{
813 int r;
814
815 r = misc_register(&_autofs_dev_ioctl_misc);
816 if (r) {
817 pr_err("misc_register failed for control device\n");
818 return r;
819 }
820
821 return 0;
822}
823
824void autofs_dev_ioctl_exit(void)
825{
826 misc_deregister(&_autofs_dev_ioctl_misc);
827}