1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright 1997-1998 Transmeta Corporation -- All Rights Reserved
4 * Copyright 2001-2006 Ian Kent <raven@themaw.net>
5 */
6
7#include <linux/sched/signal.h>
8#include "autofs_i.h"
9
10/* We make this a static variable rather than a part of the superblock; it
11 * is better if we don't reassign numbers easily even across filesystems
12 */
13static autofs_wqt_t autofs_next_wait_queue = 1;
14
15void autofs_catatonic_mode(struct autofs_sb_info *sbi)
16{
17 struct autofs_wait_queue *wq, *nwq;
18
19 mutex_lock(&sbi->wq_mutex);
20 if (sbi->flags & AUTOFS_SBI_CATATONIC) {
21 mutex_unlock(lock: &sbi->wq_mutex);
22 return;
23 }
24
25 pr_debug("entering catatonic mode\n");
26
27 sbi->flags |= AUTOFS_SBI_CATATONIC;
28 wq = sbi->queues;
29 sbi->queues = NULL; /* Erase all wait queues */
30 while (wq) {
31 nwq = wq->next;
32 wq->status = -ENOENT; /* Magic is gone - report failure */
33 kfree(objp: wq->name.name - wq->offset);
34 wq->name.name = NULL;
35 wake_up(&wq->queue);
36 if (!--wq->wait_ctr)
37 kfree(objp: wq);
38 wq = nwq;
39 }
40 fput(sbi->pipe); /* Close the pipe */
41 sbi->pipe = NULL;
42 sbi->pipefd = -1;
43 mutex_unlock(lock: &sbi->wq_mutex);
44}
45
46static int autofs_write(struct autofs_sb_info *sbi,
47 struct file *file, const void *addr, int bytes)
48{
49 unsigned long sigpipe, flags;
50 const char *data = (const char *)addr;
51 ssize_t wr = 0;
52
53 sigpipe = sigismember(set: &current->pending.signal, SIGPIPE);
54
55 mutex_lock(&sbi->pipe_mutex);
56 while (bytes) {
57 wr = __kernel_write(file, data, bytes, NULL);
58 if (wr <= 0)
59 break;
60 data += wr;
61 bytes -= wr;
62 }
63 mutex_unlock(lock: &sbi->pipe_mutex);
64
65 /* Keep the currently executing process from receiving a
66 * SIGPIPE unless it was already supposed to get one
67 */
68 if (wr == -EPIPE && !sigpipe) {
69 spin_lock_irqsave(&current->sighand->siglock, flags);
70 sigdelset(set: &current->pending.signal, SIGPIPE);
71 recalc_sigpending();
72 spin_unlock_irqrestore(lock: &current->sighand->siglock, flags);
73 }
74
75 /* if 'wr' returned 0 (impossible) we assume -EIO (safe) */
76 return bytes == 0 ? 0 : wr < 0 ? wr : -EIO;
77}
78
79static void autofs_notify_daemon(struct autofs_sb_info *sbi,
80 struct autofs_wait_queue *wq,
81 int type)
82{
83 union {
84 struct autofs_packet_hdr hdr;
85 union autofs_packet_union v4_pkt;
86 union autofs_v5_packet_union v5_pkt;
87 } pkt;
88 struct file *pipe = NULL;
89 size_t pktsz;
90 int ret;
91
92 pr_debug("wait id = 0x%08lx, name = %.*s, type=%d\n",
93 (unsigned long) wq->wait_queue_token,
94 wq->name.len, wq->name.name, type);
95
96 memset(&pkt, 0, sizeof(pkt)); /* For security reasons */
97
98 pkt.hdr.proto_version = sbi->version;
99 pkt.hdr.type = type;
100
101 switch (type) {
102 /* Kernel protocol v4 missing and expire packets */
103 case autofs_ptype_missing:
104 {
105 struct autofs_packet_missing *mp = &pkt.v4_pkt.missing;
106
107 pktsz = sizeof(*mp);
108
109 mp->wait_queue_token = wq->wait_queue_token;
110 mp->len = wq->name.len;
111 memcpy(mp->name, wq->name.name, wq->name.len);
112 mp->name[wq->name.len] = '\0';
113 break;
114 }
115 case autofs_ptype_expire_multi:
116 {
117 struct autofs_packet_expire_multi *ep =
118 &pkt.v4_pkt.expire_multi;
119
120 pktsz = sizeof(*ep);
121
122 ep->wait_queue_token = wq->wait_queue_token;
123 ep->len = wq->name.len;
124 memcpy(ep->name, wq->name.name, wq->name.len);
125 ep->name[wq->name.len] = '\0';
126 break;
127 }
128 /*
129 * Kernel protocol v5 packet for handling indirect and direct
130 * mount missing and expire requests
131 */
132 case autofs_ptype_missing_indirect:
133 case autofs_ptype_expire_indirect:
134 case autofs_ptype_missing_direct:
135 case autofs_ptype_expire_direct:
136 {
137 struct autofs_v5_packet *packet = &pkt.v5_pkt.v5_packet;
138 struct user_namespace *user_ns = sbi->pipe->f_cred->user_ns;
139
140 pktsz = sizeof(*packet);
141
142 packet->wait_queue_token = wq->wait_queue_token;
143 packet->len = wq->name.len;
144 memcpy(packet->name, wq->name.name, wq->name.len);
145 packet->name[wq->name.len] = '\0';
146 packet->dev = wq->dev;
147 packet->ino = wq->ino;
148 packet->uid = from_kuid_munged(to: user_ns, uid: wq->uid);
149 packet->gid = from_kgid_munged(to: user_ns, gid: wq->gid);
150 packet->pid = wq->pid;
151 packet->tgid = wq->tgid;
152 break;
153 }
154 default:
155 pr_warn("bad type %d!\n", type);
156 mutex_unlock(lock: &sbi->wq_mutex);
157 return;
158 }
159
160 pipe = get_file(f: sbi->pipe);
161
162 mutex_unlock(lock: &sbi->wq_mutex);
163
164 switch (ret = autofs_write(sbi, file: pipe, addr: &pkt, bytes: pktsz)) {
165 case 0:
166 break;
167 case -ENOMEM:
168 case -ERESTARTSYS:
169 /* Just fail this one */
170 autofs_wait_release(sbi, wq->wait_queue_token, ret);
171 break;
172 default:
173 autofs_catatonic_mode(sbi);
174 break;
175 }
176 fput(pipe);
177}
178
179static struct autofs_wait_queue *
180autofs_find_wait(struct autofs_sb_info *sbi, const struct qstr *qstr)
181{
182 struct autofs_wait_queue *wq;
183
184 for (wq = sbi->queues; wq; wq = wq->next) {
185 if (wq->name.hash == qstr->hash &&
186 wq->name.len == qstr->len &&
187 wq->name.name &&
188 !memcmp(p: wq->name.name, q: qstr->name, size: qstr->len))
189 break;
190 }
191 return wq;
192}
193
194/*
195 * Check if we have a valid request.
196 * Returns
197 * 1 if the request should continue.
198 * In this case we can return an autofs_wait_queue entry if one is
199 * found or NULL to idicate a new wait needs to be created.
200 * 0 or a negative errno if the request shouldn't continue.
201 */
202static int validate_request(struct autofs_wait_queue **wait,
203 struct autofs_sb_info *sbi,
204 const struct qstr *qstr,
205 const struct path *path, enum autofs_notify notify)
206{
207 struct dentry *dentry = path->dentry;
208 struct autofs_wait_queue *wq;
209 struct autofs_info *ino;
210
211 if (sbi->flags & AUTOFS_SBI_CATATONIC)
212 return -ENOENT;
213
214 /* Wait in progress, continue; */
215 wq = autofs_find_wait(sbi, qstr);
216 if (wq) {
217 *wait = wq;
218 return 1;
219 }
220
221 *wait = NULL;
222
223 /* If we don't yet have any info this is a new request */
224 ino = autofs_dentry_ino(dentry);
225 if (!ino)
226 return 1;
227
228 /*
229 * If we've been asked to wait on an existing expire (NFY_NONE)
230 * but there is no wait in the queue ...
231 */
232 if (notify == NFY_NONE) {
233 /*
234 * Either we've betean the pending expire to post it's
235 * wait or it finished while we waited on the mutex.
236 * So we need to wait till either, the wait appears
237 * or the expire finishes.
238 */
239
240 while (ino->flags & AUTOFS_INF_EXPIRING) {
241 mutex_unlock(lock: &sbi->wq_mutex);
242 schedule_timeout_interruptible(HZ/10);
243 if (mutex_lock_interruptible(&sbi->wq_mutex))
244 return -EINTR;
245
246 if (sbi->flags & AUTOFS_SBI_CATATONIC)
247 return -ENOENT;
248
249 wq = autofs_find_wait(sbi, qstr);
250 if (wq) {
251 *wait = wq;
252 return 1;
253 }
254 }
255
256 /*
257 * Not ideal but the status has already gone. Of the two
258 * cases where we wait on NFY_NONE neither depend on the
259 * return status of the wait.
260 */
261 return 0;
262 }
263
264 /*
265 * If we've been asked to trigger a mount and the request
266 * completed while we waited on the mutex ...
267 */
268 if (notify == NFY_MOUNT) {
269 struct dentry *new = NULL;
270 struct path this;
271 int valid = 1;
272
273 /*
274 * If the dentry was successfully mounted while we slept
275 * on the wait queue mutex we can return success. If it
276 * isn't mounted (doesn't have submounts for the case of
277 * a multi-mount with no mount at it's base) we can
278 * continue on and create a new request.
279 */
280 if (!IS_ROOT(dentry)) {
281 if (d_unhashed(dentry) &&
282 d_really_is_positive(dentry)) {
283 struct dentry *parent = dentry->d_parent;
284
285 new = d_lookup(parent, &dentry->d_name);
286 if (new)
287 dentry = new;
288 }
289 }
290 this.mnt = path->mnt;
291 this.dentry = dentry;
292 if (path_has_submounts(&this))
293 valid = 0;
294
295 if (new)
296 dput(new);
297 return valid;
298 }
299
300 return 1;
301}
302
303int autofs_wait(struct autofs_sb_info *sbi,
304 const struct path *path, enum autofs_notify notify)
305{
306 struct dentry *dentry = path->dentry;
307 struct autofs_wait_queue *wq;
308 struct qstr qstr;
309 char *name;
310 int status, ret, type;
311 unsigned int offset = 0;
312 pid_t pid;
313 pid_t tgid;
314
315 /* In catatonic mode, we don't wait for nobody */
316 if (sbi->flags & AUTOFS_SBI_CATATONIC)
317 return -ENOENT;
318
319 /*
320 * Try translating pids to the namespace of the daemon.
321 *
322 * Zero means failure: we are in an unrelated pid namespace.
323 */
324 pid = task_pid_nr_ns(current, ns: ns_of_pid(pid: sbi->oz_pgrp));
325 tgid = task_tgid_nr_ns(current, ns: ns_of_pid(pid: sbi->oz_pgrp));
326 if (pid == 0 || tgid == 0)
327 return -ENOENT;
328
329 if (d_really_is_negative(dentry)) {
330 /*
331 * A wait for a negative dentry is invalid for certain
332 * cases. A direct or offset mount "always" has its mount
333 * point directory created and so the request dentry must
334 * be positive or the map key doesn't exist. The situation
335 * is very similar for indirect mounts except only dentrys
336 * in the root of the autofs file system may be negative.
337 */
338 if (autofs_type_trigger(type: sbi->type))
339 return -ENOENT;
340 else if (!IS_ROOT(dentry->d_parent))
341 return -ENOENT;
342 }
343
344 name = kmalloc(NAME_MAX + 1, GFP_KERNEL);
345 if (!name)
346 return -ENOMEM;
347
348 /* If this is a direct mount request create a dummy name */
349 if (IS_ROOT(dentry) && autofs_type_trigger(type: sbi->type)) {
350 qstr.name = name;
351 qstr.len = sprintf(buf: name, fmt: "%p", dentry);
352 } else {
353 char *p = dentry_path_raw(dentry, name, NAME_MAX);
354 if (IS_ERR(ptr: p)) {
355 kfree(objp: name);
356 return -ENOENT;
357 }
358 qstr.name = ++p; // skip the leading slash
359 qstr.len = strlen(p);
360 offset = p - name;
361 }
362 qstr.hash = full_name_hash(salt: dentry, qstr.name, qstr.len);
363
364 if (mutex_lock_interruptible(&sbi->wq_mutex)) {
365 kfree(objp: name);
366 return -EINTR;
367 }
368
369 ret = validate_request(wait: &wq, sbi, qstr: &qstr, path, notify);
370 if (ret <= 0) {
371 if (ret != -EINTR)
372 mutex_unlock(lock: &sbi->wq_mutex);
373 kfree(objp: name);
374 return ret;
375 }
376
377 if (!wq) {
378 /* Create a new wait queue */
379 wq = kmalloc(size: sizeof(struct autofs_wait_queue), GFP_KERNEL);
380 if (!wq) {
381 kfree(objp: name);
382 mutex_unlock(lock: &sbi->wq_mutex);
383 return -ENOMEM;
384 }
385
386 wq->wait_queue_token = autofs_next_wait_queue;
387 if (++autofs_next_wait_queue == 0)
388 autofs_next_wait_queue = 1;
389 wq->next = sbi->queues;
390 sbi->queues = wq;
391 init_waitqueue_head(&wq->queue);
392 memcpy(&wq->name, &qstr, sizeof(struct qstr));
393 wq->offset = offset;
394 wq->dev = autofs_get_dev(sbi);
395 wq->ino = autofs_get_ino(sbi);
396 wq->uid = current_uid();
397 wq->gid = current_gid();
398 wq->pid = pid;
399 wq->tgid = tgid;
400 wq->status = -EINTR; /* Status return if interrupted */
401 wq->wait_ctr = 2;
402
403 if (sbi->version < 5) {
404 if (notify == NFY_MOUNT)
405 type = autofs_ptype_missing;
406 else
407 type = autofs_ptype_expire_multi;
408 } else {
409 if (notify == NFY_MOUNT)
410 type = autofs_type_trigger(type: sbi->type) ?
411 autofs_ptype_missing_direct :
412 autofs_ptype_missing_indirect;
413 else
414 type = autofs_type_trigger(type: sbi->type) ?
415 autofs_ptype_expire_direct :
416 autofs_ptype_expire_indirect;
417 }
418
419 pr_debug("new wait id = 0x%08lx, name = %.*s, nfy=%d\n",
420 (unsigned long) wq->wait_queue_token, wq->name.len,
421 wq->name.name, notify);
422
423 /*
424 * autofs_notify_daemon() may block; it will unlock ->wq_mutex
425 */
426 autofs_notify_daemon(sbi, wq, type);
427 } else {
428 wq->wait_ctr++;
429 pr_debug("existing wait id = 0x%08lx, name = %.*s, nfy=%d\n",
430 (unsigned long) wq->wait_queue_token, wq->name.len,
431 wq->name.name, notify);
432 mutex_unlock(lock: &sbi->wq_mutex);
433 kfree(objp: name);
434 }
435
436 /*
437 * wq->name.name is NULL iff the lock is already released
438 * or the mount has been made catatonic.
439 */
440 wait_event_killable(wq->queue, wq->name.name == NULL);
441 status = wq->status;
442
443 /*
444 * For direct and offset mounts we need to track the requester's
445 * uid and gid in the dentry info struct. This is so it can be
446 * supplied, on request, by the misc device ioctl interface.
447 * This is needed during daemon resatart when reconnecting
448 * to existing, active, autofs mounts. The uid and gid (and
449 * related string values) may be used for macro substitution
450 * in autofs mount maps.
451 */
452 if (!status) {
453 struct autofs_info *ino;
454 struct dentry *de = NULL;
455
456 /* direct mount or browsable map */
457 ino = autofs_dentry_ino(dentry);
458 if (!ino) {
459 /* If not lookup actual dentry used */
460 de = d_lookup(dentry->d_parent, &dentry->d_name);
461 if (de)
462 ino = autofs_dentry_ino(dentry: de);
463 }
464
465 /* Set mount requester */
466 if (ino) {
467 spin_lock(lock: &sbi->fs_lock);
468 ino->uid = wq->uid;
469 ino->gid = wq->gid;
470 spin_unlock(lock: &sbi->fs_lock);
471 }
472
473 if (de)
474 dput(de);
475 }
476
477 /* Are we the last process to need status? */
478 mutex_lock(&sbi->wq_mutex);
479 if (!--wq->wait_ctr)
480 kfree(objp: wq);
481 mutex_unlock(lock: &sbi->wq_mutex);
482
483 return status;
484}
485
486
487int autofs_wait_release(struct autofs_sb_info *sbi,
488 autofs_wqt_t wait_queue_token, int status)
489{
490 struct autofs_wait_queue *wq, **wql;
491
492 mutex_lock(&sbi->wq_mutex);
493 for (wql = &sbi->queues; (wq = *wql) != NULL; wql = &wq->next) {
494 if (wq->wait_queue_token == wait_queue_token)
495 break;
496 }
497
498 if (!wq) {
499 mutex_unlock(lock: &sbi->wq_mutex);
500 return -EINVAL;
501 }
502
503 *wql = wq->next; /* Unlink from chain */
504 kfree(objp: wq->name.name - wq->offset);
505 wq->name.name = NULL; /* Do not wait on this queue */
506 wq->status = status;
507 wake_up(&wq->queue);
508 if (!--wq->wait_ctr)
509 kfree(objp: wq);
510 mutex_unlock(lock: &sbi->wq_mutex);
511
512 return 0;
513}
514

source code of linux/fs/autofs/waitq.c