1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Copyright 1997-1998 Transmeta Corporation -- All Rights Reserved 4 * Copyright 2001-2006 Ian Kent <raven@themaw.net> 5 */ 6 7#include <linux/sched/signal.h> 8#include "autofs_i.h" 9 10/* We make this a static variable rather than a part of the superblock; it 11 * is better if we don't reassign numbers easily even across filesystems 12 */ 13static autofs_wqt_t autofs_next_wait_queue = 1; 14 15void autofs_catatonic_mode(struct autofs_sb_info *sbi) 16{ 17 struct autofs_wait_queue *wq, *nwq; 18 19 mutex_lock(&sbi->wq_mutex); 20 if (sbi->flags & AUTOFS_SBI_CATATONIC) { 21 mutex_unlock(&sbi->wq_mutex); 22 return; 23 } 24 25 pr_debug("entering catatonic mode\n"); 26 27 sbi->flags |= AUTOFS_SBI_CATATONIC; 28 wq = sbi->queues; 29 sbi->queues = NULL; /* Erase all wait queues */ 30 while (wq) { 31 nwq = wq->next; 32 wq->status = -ENOENT; /* Magic is gone - report failure */ 33 kfree(wq->name.name); 34 wq->name.name = NULL; 35 wake_up_interruptible(&wq->queue); 36 if (!--wq->wait_ctr) 37 kfree(wq); 38 wq = nwq; 39 } 40 fput(sbi->pipe); /* Close the pipe */ 41 sbi->pipe = NULL; 42 sbi->pipefd = -1; 43 mutex_unlock(&sbi->wq_mutex); 44} 45 46static int autofs_write(struct autofs_sb_info *sbi, 47 struct file *file, const void *addr, int bytes) 48{ 49 unsigned long sigpipe, flags; 50 const char *data = (const char *)addr; 51 ssize_t wr = 0; 52 53 sigpipe = sigismember(¤t->pending.signal, SIGPIPE); 54 55 mutex_lock(&sbi->pipe_mutex); 56 while (bytes) { 57 wr = __kernel_write(file, data, bytes, NULL); 58 if (wr <= 0) 59 break; 60 data += wr; 61 bytes -= wr; 62 } 63 mutex_unlock(&sbi->pipe_mutex); 64 65 /* Keep the currently executing process from receiving a 66 * SIGPIPE unless it was already supposed to get one 67 */ 68 if (wr == -EPIPE && !sigpipe) { 69 spin_lock_irqsave(¤t->sighand->siglock, flags); 70 sigdelset(¤t->pending.signal, SIGPIPE); 71 recalc_sigpending(); 72 spin_unlock_irqrestore(¤t->sighand->siglock, flags); 73 } 74 75 /* if 'wr' returned 0 (impossible) we assume -EIO (safe) */ 76 return bytes == 0 ? 0 : wr < 0 ? wr : -EIO; 77} 78 79static void autofs_notify_daemon(struct autofs_sb_info *sbi, 80 struct autofs_wait_queue *wq, 81 int type) 82{ 83 union { 84 struct autofs_packet_hdr hdr; 85 union autofs_packet_union v4_pkt; 86 union autofs_v5_packet_union v5_pkt; 87 } pkt; 88 struct file *pipe = NULL; 89 size_t pktsz; 90 int ret; 91 92 pr_debug("wait id = 0x%08lx, name = %.*s, type=%d\n", 93 (unsigned long) wq->wait_queue_token, 94 wq->name.len, wq->name.name, type); 95 96 memset(&pkt, 0, sizeof(pkt)); /* For security reasons */ 97 98 pkt.hdr.proto_version = sbi->version; 99 pkt.hdr.type = type; 100 101 switch (type) { 102 /* Kernel protocol v4 missing and expire packets */ 103 case autofs_ptype_missing: 104 { 105 struct autofs_packet_missing *mp = &pkt.v4_pkt.missing; 106 107 pktsz = sizeof(*mp); 108 109 mp->wait_queue_token = wq->wait_queue_token; 110 mp->len = wq->name.len; 111 memcpy(mp->name, wq->name.name, wq->name.len); 112 mp->name[wq->name.len] = '\0'; 113 break; 114 } 115 case autofs_ptype_expire_multi: 116 { 117 struct autofs_packet_expire_multi *ep = 118 &pkt.v4_pkt.expire_multi; 119 120 pktsz = sizeof(*ep); 121 122 ep->wait_queue_token = wq->wait_queue_token; 123 ep->len = wq->name.len; 124 memcpy(ep->name, wq->name.name, wq->name.len); 125 ep->name[wq->name.len] = '\0'; 126 break; 127 } 128 /* 129 * Kernel protocol v5 packet for handling indirect and direct 130 * mount missing and expire requests 131 */ 132 case autofs_ptype_missing_indirect: 133 case autofs_ptype_expire_indirect: 134 case autofs_ptype_missing_direct: 135 case autofs_ptype_expire_direct: 136 { 137 struct autofs_v5_packet *packet = &pkt.v5_pkt.v5_packet; 138 struct user_namespace *user_ns = sbi->pipe->f_cred->user_ns; 139 140 pktsz = sizeof(*packet); 141 142 packet->wait_queue_token = wq->wait_queue_token; 143 packet->len = wq->name.len; 144 memcpy(packet->name, wq->name.name, wq->name.len); 145 packet->name[wq->name.len] = '\0'; 146 packet->dev = wq->dev; 147 packet->ino = wq->ino; 148 packet->uid = from_kuid_munged(user_ns, wq->uid); 149 packet->gid = from_kgid_munged(user_ns, wq->gid); 150 packet->pid = wq->pid; 151 packet->tgid = wq->tgid; 152 break; 153 } 154 default: 155 pr_warn("bad type %d!\n", type); 156 mutex_unlock(&sbi->wq_mutex); 157 return; 158 } 159 160 pipe = get_file(sbi->pipe); 161 162 mutex_unlock(&sbi->wq_mutex); 163 164 switch (ret = autofs_write(sbi, pipe, &pkt, pktsz)) { 165 case 0: 166 break; 167 case -ENOMEM: 168 case -ERESTARTSYS: 169 /* Just fail this one */ 170 autofs_wait_release(sbi, wq->wait_queue_token, ret); 171 break; 172 default: 173 autofs_catatonic_mode(sbi); 174 break; 175 } 176 fput(pipe); 177} 178 179static int autofs_getpath(struct autofs_sb_info *sbi, 180 struct dentry *dentry, char *name) 181{ 182 struct dentry *root = sbi->sb->s_root; 183 struct dentry *tmp; 184 char *buf; 185 char *p; 186 int len; 187 unsigned seq; 188 189rename_retry: 190 buf = name; 191 len = 0; 192 193 seq = read_seqbegin(&rename_lock); 194 rcu_read_lock(); 195 spin_lock(&sbi->fs_lock); 196 for (tmp = dentry ; tmp != root ; tmp = tmp->d_parent) 197 len += tmp->d_name.len + 1; 198 199 if (!len || --len > NAME_MAX) { 200 spin_unlock(&sbi->fs_lock); 201 rcu_read_unlock(); 202 if (read_seqretry(&rename_lock, seq)) 203 goto rename_retry; 204 return 0; 205 } 206 207 *(buf + len) = '\0'; 208 p = buf + len - dentry->d_name.len; 209 strncpy(p, dentry->d_name.name, dentry->d_name.len); 210 211 for (tmp = dentry->d_parent; tmp != root ; tmp = tmp->d_parent) { 212 *(--p) = '/'; 213 p -= tmp->d_name.len; 214 strncpy(p, tmp->d_name.name, tmp->d_name.len); 215 } 216 spin_unlock(&sbi->fs_lock); 217 rcu_read_unlock(); 218 if (read_seqretry(&rename_lock, seq)) 219 goto rename_retry; 220 221 return len; 222} 223 224static struct autofs_wait_queue * 225autofs_find_wait(struct autofs_sb_info *sbi, const struct qstr *qstr) 226{ 227 struct autofs_wait_queue *wq; 228 229 for (wq = sbi->queues; wq; wq = wq->next) { 230 if (wq->name.hash == qstr->hash && 231 wq->name.len == qstr->len && 232 wq->name.name && 233 !memcmp(wq->name.name, qstr->name, qstr->len)) 234 break; 235 } 236 return wq; 237} 238 239/* 240 * Check if we have a valid request. 241 * Returns 242 * 1 if the request should continue. 243 * In this case we can return an autofs_wait_queue entry if one is 244 * found or NULL to idicate a new wait needs to be created. 245 * 0 or a negative errno if the request shouldn't continue. 246 */ 247static int validate_request(struct autofs_wait_queue **wait, 248 struct autofs_sb_info *sbi, 249 const struct qstr *qstr, 250 const struct path *path, enum autofs_notify notify) 251{ 252 struct dentry *dentry = path->dentry; 253 struct autofs_wait_queue *wq; 254 struct autofs_info *ino; 255 256 if (sbi->flags & AUTOFS_SBI_CATATONIC) 257 return -ENOENT; 258 259 /* Wait in progress, continue; */ 260 wq = autofs_find_wait(sbi, qstr); 261 if (wq) { 262 *wait = wq; 263 return 1; 264 } 265 266 *wait = NULL; 267 268 /* If we don't yet have any info this is a new request */ 269 ino = autofs_dentry_ino(dentry); 270 if (!ino) 271 return 1; 272 273 /* 274 * If we've been asked to wait on an existing expire (NFY_NONE) 275 * but there is no wait in the queue ... 276 */ 277 if (notify == NFY_NONE) { 278 /* 279 * Either we've betean the pending expire to post it's 280 * wait or it finished while we waited on the mutex. 281 * So we need to wait till either, the wait appears 282 * or the expire finishes. 283 */ 284 285 while (ino->flags & AUTOFS_INF_EXPIRING) { 286 mutex_unlock(&sbi->wq_mutex); 287 schedule_timeout_interruptible(HZ/10); 288 if (mutex_lock_interruptible(&sbi->wq_mutex)) 289 return -EINTR; 290 291 if (sbi->flags & AUTOFS_SBI_CATATONIC) 292 return -ENOENT; 293 294 wq = autofs_find_wait(sbi, qstr); 295 if (wq) { 296 *wait = wq; 297 return 1; 298 } 299 } 300 301 /* 302 * Not ideal but the status has already gone. Of the two 303 * cases where we wait on NFY_NONE neither depend on the 304 * return status of the wait. 305 */ 306 return 0; 307 } 308 309 /* 310 * If we've been asked to trigger a mount and the request 311 * completed while we waited on the mutex ... 312 */ 313 if (notify == NFY_MOUNT) { 314 struct dentry *new = NULL; 315 struct path this; 316 int valid = 1; 317 318 /* 319 * If the dentry was successfully mounted while we slept 320 * on the wait queue mutex we can return success. If it 321 * isn't mounted (doesn't have submounts for the case of 322 * a multi-mount with no mount at it's base) we can 323 * continue on and create a new request. 324 */ 325 if (!IS_ROOT(dentry)) { 326 if (d_unhashed(dentry) && 327 d_really_is_positive(dentry)) { 328 struct dentry *parent = dentry->d_parent; 329 330 new = d_lookup(parent, &dentry->d_name); 331 if (new) 332 dentry = new; 333 } 334 } 335 this.mnt = path->mnt; 336 this.dentry = dentry; 337 if (path_has_submounts(&this)) 338 valid = 0; 339 340 if (new) 341 dput(new); 342 return valid; 343 } 344 345 return 1; 346} 347 348int autofs_wait(struct autofs_sb_info *sbi, 349 const struct path *path, enum autofs_notify notify) 350{ 351 struct dentry *dentry = path->dentry; 352 struct autofs_wait_queue *wq; 353 struct qstr qstr; 354 char *name; 355 int status, ret, type; 356 pid_t pid; 357 pid_t tgid; 358 359 /* In catatonic mode, we don't wait for nobody */ 360 if (sbi->flags & AUTOFS_SBI_CATATONIC) 361 return -ENOENT; 362 363 /* 364 * Try translating pids to the namespace of the daemon. 365 * 366 * Zero means failure: we are in an unrelated pid namespace. 367 */ 368 pid = task_pid_nr_ns(current, ns_of_pid(sbi->oz_pgrp)); 369 tgid = task_tgid_nr_ns(current, ns_of_pid(sbi->oz_pgrp)); 370 if (pid == 0 || tgid == 0) 371 return -ENOENT; 372 373 if (d_really_is_negative(dentry)) { 374 /* 375 * A wait for a negative dentry is invalid for certain 376 * cases. A direct or offset mount "always" has its mount 377 * point directory created and so the request dentry must 378 * be positive or the map key doesn't exist. The situation 379 * is very similar for indirect mounts except only dentrys 380 * in the root of the autofs file system may be negative. 381 */ 382 if (autofs_type_trigger(sbi->type)) 383 return -ENOENT; 384 else if (!IS_ROOT(dentry->d_parent)) 385 return -ENOENT; 386 } 387 388 name = kmalloc(NAME_MAX + 1, GFP_KERNEL); 389 if (!name) 390 return -ENOMEM; 391 392 /* If this is a direct mount request create a dummy name */ 393 if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type)) 394 qstr.len = sprintf(name, "%p", dentry); 395 else { 396 qstr.len = autofs_getpath(sbi, dentry, name); 397 if (!qstr.len) { 398 kfree(name); 399 return -ENOENT; 400 } 401 } 402 qstr.name = name; 403 qstr.hash = full_name_hash(dentry, name, qstr.len); 404 405 if (mutex_lock_interruptible(&sbi->wq_mutex)) { 406 kfree(qstr.name); 407 return -EINTR; 408 } 409 410 ret = validate_request(&wq, sbi, &qstr, path, notify); 411 if (ret <= 0) { 412 if (ret != -EINTR) 413 mutex_unlock(&sbi->wq_mutex); 414 kfree(qstr.name); 415 return ret; 416 } 417 418 if (!wq) { 419 /* Create a new wait queue */ 420 wq = kmalloc(sizeof(struct autofs_wait_queue), GFP_KERNEL); 421 if (!wq) { 422 kfree(qstr.name); 423 mutex_unlock(&sbi->wq_mutex); 424 return -ENOMEM; 425 } 426 427 wq->wait_queue_token = autofs_next_wait_queue; 428 if (++autofs_next_wait_queue == 0) 429 autofs_next_wait_queue = 1; 430 wq->next = sbi->queues; 431 sbi->queues = wq; 432 init_waitqueue_head(&wq->queue); 433 memcpy(&wq->name, &qstr, sizeof(struct qstr)); 434 wq->dev = autofs_get_dev(sbi); 435 wq->ino = autofs_get_ino(sbi); 436 wq->uid = current_uid(); 437 wq->gid = current_gid(); 438 wq->pid = pid; 439 wq->tgid = tgid; 440 wq->status = -EINTR; /* Status return if interrupted */ 441 wq->wait_ctr = 2; 442 443 if (sbi->version < 5) { 444 if (notify == NFY_MOUNT) 445 type = autofs_ptype_missing; 446 else 447 type = autofs_ptype_expire_multi; 448 } else { 449 if (notify == NFY_MOUNT) 450 type = autofs_type_trigger(sbi->type) ? 451 autofs_ptype_missing_direct : 452 autofs_ptype_missing_indirect; 453 else 454 type = autofs_type_trigger(sbi->type) ? 455 autofs_ptype_expire_direct : 456 autofs_ptype_expire_indirect; 457 } 458 459 pr_debug("new wait id = 0x%08lx, name = %.*s, nfy=%d\n", 460 (unsigned long) wq->wait_queue_token, wq->name.len, 461 wq->name.name, notify); 462 463 /* 464 * autofs_notify_daemon() may block; it will unlock ->wq_mutex 465 */ 466 autofs_notify_daemon(sbi, wq, type); 467 } else { 468 wq->wait_ctr++; 469 pr_debug("existing wait id = 0x%08lx, name = %.*s, nfy=%d\n", 470 (unsigned long) wq->wait_queue_token, wq->name.len, 471 wq->name.name, notify); 472 mutex_unlock(&sbi->wq_mutex); 473 kfree(qstr.name); 474 } 475 476 /* 477 * wq->name.name is NULL iff the lock is already released 478 * or the mount has been made catatonic. 479 */ 480 wait_event_killable(wq->queue, wq->name.name == NULL); 481 status = wq->status; 482 483 /* 484 * For direct and offset mounts we need to track the requester's 485 * uid and gid in the dentry info struct. This is so it can be 486 * supplied, on request, by the misc device ioctl interface. 487 * This is needed during daemon resatart when reconnecting 488 * to existing, active, autofs mounts. The uid and gid (and 489 * related string values) may be used for macro substitution 490 * in autofs mount maps. 491 */ 492 if (!status) { 493 struct autofs_info *ino; 494 struct dentry *de = NULL; 495 496 /* direct mount or browsable map */ 497 ino = autofs_dentry_ino(dentry); 498 if (!ino) { 499 /* If not lookup actual dentry used */ 500 de = d_lookup(dentry->d_parent, &dentry->d_name); 501 if (de) 502 ino = autofs_dentry_ino(de); 503 } 504 505 /* Set mount requester */ 506 if (ino) { 507 spin_lock(&sbi->fs_lock); 508 ino->uid = wq->uid; 509 ino->gid = wq->gid; 510 spin_unlock(&sbi->fs_lock); 511 } 512 513 if (de) 514 dput(de); 515 } 516 517 /* Are we the last process to need status? */ 518 mutex_lock(&sbi->wq_mutex); 519 if (!--wq->wait_ctr) 520 kfree(wq); 521 mutex_unlock(&sbi->wq_mutex); 522 523 return status; 524} 525 526 527int autofs_wait_release(struct autofs_sb_info *sbi, 528 autofs_wqt_t wait_queue_token, int status) 529{ 530 struct autofs_wait_queue *wq, **wql; 531 532 mutex_lock(&sbi->wq_mutex); 533 for (wql = &sbi->queues; (wq = *wql) != NULL; wql = &wq->next) { 534 if (wq->wait_queue_token == wait_queue_token) 535 break; 536 } 537 538 if (!wq) { 539 mutex_unlock(&sbi->wq_mutex); 540 return -EINVAL; 541 } 542 543 *wql = wq->next; /* Unlink from chain */ 544 kfree(wq->name.name); 545 wq->name.name = NULL; /* Do not wait on this queue */ 546 wq->status = status; 547 wake_up(&wq->queue); 548 if (!--wq->wait_ctr) 549 kfree(wq); 550 mutex_unlock(&sbi->wq_mutex); 551 552 return 0; 553} 554