/* ioctl dispatcher */
static int _autofs_dev_ioctl(unsigned int command, struct autofs_dev_ioctl __user *user)
{
struct autofs_dev_ioctl *param;
struct file *fp;
struct autofs_sb_info *sbi;
unsigned int cmd_first, cmd;
ioctl_fn fn = NULL;
int err = 0;
/* only root can play with this */
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST);
cmd = _IOC_NR(command);
if (_IOC_TYPE(command) != _IOC_TYPE(AUTOFS_DEV_IOCTL_IOC_FIRST) ||
cmd - cmd_first >= AUTOFS_DEV_IOCTL_IOC_COUNT) {
return -ENOTTY;
}
/* Copy the parameters into kernel space. */
param = copy_dev_ioctl(user);
if (IS_ERR(param))
return PTR_ERR(param);
err = validate_dev_ioctl(command, param);
if (err)
goto out;
/* The validate routine above always sets the version */
if (cmd == AUTOFS_DEV_IOCTL_VERSION_CMD)
goto done;
fn = lookup_dev_ioctl(cmd);
if (!fn) {
AUTOFS_WARN("unknown command 0x%08x", command);
return -ENOTTY;
}
fp = NULL;
sbi = NULL;
/*
* For obvious reasons the openmount can't have a file
* descriptor yet. We don't take a reference to the
* file during close to allow for immediate release.
*/
if (cmd != AUTOFS_DEV_IOCTL_OPENMOUNT_CMD &&
cmd != AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD) {
fp = fget(param->ioctlfd);
if (!fp) {
if (cmd == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD)
goto cont;
err = -EBADF;
goto out;
}
if (!fp->f_op) {
err = -ENOTTY;
fput(fp);
goto out;
}
sbi = autofs_dev_ioctl_sbi(fp);
if (!sbi || sbi->magic != AUTOFS_SBI_MAGIC) {
err = -EINVAL;
fput(fp);
goto out;
}
/*
* Admin needs to be able to set the mount catatonic in
* order to be able to perform the re-open.
*/
if (!autofs4_oz_mode(sbi) &&
cmd != AUTOFS_DEV_IOCTL_CATATONIC_CMD) {
err = -EACCES;
fput(fp);
goto out;
}
}
cont:
err = fn(fp, sbi, param);
if (fp)
fput(fp);
done:
if (err >= 0 && copy_to_user(user, param, AUTOFS_DEV_IOCTL_SIZE))
err = -EFAULT;
out:
free_dev_ioctl(param);
return err;
}
/* ioctl dispatcher */
static int _autofs_dev_ioctl(unsigned int command,
struct autofs_dev_ioctl __user *user)
{
struct autofs_dev_ioctl *param;
struct file *fp;
struct autofs_sb_info *sbi;
unsigned int cmd_first, cmd;
ioctl_fn fn = NULL;
int err = 0;
cmd_first = _IOC_NR(AUTOFS_DEV_IOCTL_IOC_FIRST);
cmd = _IOC_NR(command);
if (_IOC_TYPE(command) != _IOC_TYPE(AUTOFS_DEV_IOCTL_IOC_FIRST) ||
cmd - cmd_first > AUTOFS_DEV_IOCTL_IOC_COUNT) {
return -ENOTTY;
}
/* Only root can use ioctls other than AUTOFS_DEV_IOCTL_VERSION_CMD
* and AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD
*/
if (cmd != AUTOFS_DEV_IOCTL_VERSION_CMD &&
cmd != AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD &&
!capable(CAP_SYS_ADMIN))
return -EPERM;
/* Copy the parameters into kernel space. */
param = copy_dev_ioctl(user);
if (IS_ERR(param))
return PTR_ERR(param);
err = validate_dev_ioctl(command, param);
if (err)
goto out;
fn = lookup_dev_ioctl(cmd);
if (!fn) {
pr_warn("unknown command 0x%08x\n", command);
err = -ENOTTY;
goto out;
}
fp = NULL;
sbi = NULL;
/*
* For obvious reasons the openmount can't have a file
* descriptor yet. We don't take a reference to the
* file during close to allow for immediate release,
* and the same for retrieving ioctl version.
*/
if (cmd != AUTOFS_DEV_IOCTL_VERSION_CMD &&
cmd != AUTOFS_DEV_IOCTL_OPENMOUNT_CMD &&
cmd != AUTOFS_DEV_IOCTL_CLOSEMOUNT_CMD) {
struct super_block *sb;
fp = fget(param->ioctlfd);
if (!fp) {
if (cmd == AUTOFS_DEV_IOCTL_ISMOUNTPOINT_CMD)
goto cont;
err = -EBADF;
goto out;
}
sb = file_inode(fp)->i_sb;
if (sb->s_type != &autofs_fs_type) {
err = -EINVAL;
fput(fp);
goto out;
}
sbi = autofs_sbi(sb);
/*
* Admin needs to be able to set the mount catatonic in
* order to be able to perform the re-open.
*/
if (!autofs_oz_mode(sbi) &&
cmd != AUTOFS_DEV_IOCTL_CATATONIC_CMD) {
err = -EACCES;
fput(fp);
goto out;
}
}
cont:
err = fn(fp, sbi, param);
if (fp)
fput(fp);
if (err >= 0 && copy_to_user(user, param, AUTOFS_DEV_IOCTL_SIZE))
err = -EFAULT;
out:
free_dev_ioctl(param);
return err;
}