1/* -*- c -*- --------------------------------------------------------------- *
2 *
3 * linux/fs/autofs/waitq.c
4 *
5 *  Copyright 1997-1998 Transmeta Corporation -- All Rights Reserved
6 *  Copyright 2001-2006 Ian Kent <raven@themaw.net>
7 *
8 * This file is part of the Linux kernel and is made available under
9 * the terms of the GNU General Public License, version 2, or at your
10 * option, any later version, incorporated herein by reference.
11 *
12 * ------------------------------------------------------------------------- */
13
14#include <linux/slab.h>
15#include <linux/time.h>
16#include <linux/signal.h>
17#include <linux/file.h>
18#include "autofs_i.h"
19
20/* We make this a static variable rather than a part of the superblock; it
21   is better if we don't reassign numbers easily even across filesystems */
22static autofs_wqt_t autofs4_next_wait_queue = 1;
23
24/* These are the signals we allow interrupting a pending mount */
25#define SHUTDOWN_SIGS	(sigmask(SIGKILL) | sigmask(SIGINT) | sigmask(SIGQUIT))
26
27void autofs4_catatonic_mode(struct autofs_sb_info *sbi)
28{
29	struct autofs_wait_queue *wq, *nwq;
30
31	mutex_lock(&sbi->wq_mutex);
32	if (sbi->catatonic) {
33		mutex_unlock(&sbi->wq_mutex);
34		return;
35	}
36
37	DPRINTK("entering catatonic mode");
38
39	sbi->catatonic = 1;
40	wq = sbi->queues;
41	sbi->queues = NULL;	/* Erase all wait queues */
42	while (wq) {
43		nwq = wq->next;
44		wq->status = -ENOENT; /* Magic is gone - report failure */
45		kfree(wq->name.name);
46		wq->name.name = NULL;
47		wq->wait_ctr--;
48		wake_up_interruptible(&wq->queue);
49		wq = nwq;
50	}
51	fput(sbi->pipe);	/* Close the pipe */
52	sbi->pipe = NULL;
53	sbi->pipefd = -1;
54	mutex_unlock(&sbi->wq_mutex);
55}
56
57static int autofs4_write(struct autofs_sb_info *sbi,
58			 struct file *file, const void *addr, int bytes)
59{
60	unsigned long sigpipe, flags;
61	mm_segment_t fs;
62	const char *data = (const char *)addr;
63	ssize_t wr = 0;
64
65	sigpipe = sigismember(&current->pending.signal, SIGPIPE);
66
67	/* Save pointer to user space and point back to kernel space */
68	fs = get_fs();
69	set_fs(KERNEL_DS);
70
71	mutex_lock(&sbi->pipe_mutex);
72	while (bytes &&
73	       (wr = __vfs_write(file,data,bytes,&file->f_pos)) > 0) {
74		data += wr;
75		bytes -= wr;
76	}
77	mutex_unlock(&sbi->pipe_mutex);
78
79	set_fs(fs);
80
81	/* Keep the currently executing process from receiving a
82	   SIGPIPE unless it was already supposed to get one */
83	if (wr == -EPIPE && !sigpipe) {
84		spin_lock_irqsave(&current->sighand->siglock, flags);
85		sigdelset(&current->pending.signal, SIGPIPE);
86		recalc_sigpending();
87		spin_unlock_irqrestore(&current->sighand->siglock, flags);
88	}
89
90	return (bytes > 0);
91}
92
93static void autofs4_notify_daemon(struct autofs_sb_info *sbi,
94				 struct autofs_wait_queue *wq,
95				 int type)
96{
97	union {
98		struct autofs_packet_hdr hdr;
99		union autofs_packet_union v4_pkt;
100		union autofs_v5_packet_union v5_pkt;
101	} pkt;
102	struct file *pipe = NULL;
103	size_t pktsz;
104
105	DPRINTK("wait id = 0x%08lx, name = %.*s, type=%d",
106		(unsigned long) wq->wait_queue_token, wq->name.len, wq->name.name, type);
107
108	memset(&pkt,0,sizeof pkt); /* For security reasons */
109
110	pkt.hdr.proto_version = sbi->version;
111	pkt.hdr.type = type;
112
113	switch (type) {
114	/* Kernel protocol v4 missing and expire packets */
115	case autofs_ptype_missing:
116	{
117		struct autofs_packet_missing *mp = &pkt.v4_pkt.missing;
118
119		pktsz = sizeof(*mp);
120
121		mp->wait_queue_token = wq->wait_queue_token;
122		mp->len = wq->name.len;
123		memcpy(mp->name, wq->name.name, wq->name.len);
124		mp->name[wq->name.len] = '\0';
125		break;
126	}
127	case autofs_ptype_expire_multi:
128	{
129		struct autofs_packet_expire_multi *ep = &pkt.v4_pkt.expire_multi;
130
131		pktsz = sizeof(*ep);
132
133		ep->wait_queue_token = wq->wait_queue_token;
134		ep->len = wq->name.len;
135		memcpy(ep->name, wq->name.name, wq->name.len);
136		ep->name[wq->name.len] = '\0';
137		break;
138	}
139	/*
140	 * Kernel protocol v5 packet for handling indirect and direct
141	 * mount missing and expire requests
142	 */
143	case autofs_ptype_missing_indirect:
144	case autofs_ptype_expire_indirect:
145	case autofs_ptype_missing_direct:
146	case autofs_ptype_expire_direct:
147	{
148		struct autofs_v5_packet *packet = &pkt.v5_pkt.v5_packet;
149		struct user_namespace *user_ns = sbi->pipe->f_cred->user_ns;
150
151		pktsz = sizeof(*packet);
152
153		packet->wait_queue_token = wq->wait_queue_token;
154		packet->len = wq->name.len;
155		memcpy(packet->name, wq->name.name, wq->name.len);
156		packet->name[wq->name.len] = '\0';
157		packet->dev = wq->dev;
158		packet->ino = wq->ino;
159		packet->uid = from_kuid_munged(user_ns, wq->uid);
160		packet->gid = from_kgid_munged(user_ns, wq->gid);
161		packet->pid = wq->pid;
162		packet->tgid = wq->tgid;
163		break;
164	}
165	default:
166		printk("autofs4_notify_daemon: bad type %d!\n", type);
167		mutex_unlock(&sbi->wq_mutex);
168		return;
169	}
170
171	pipe = get_file(sbi->pipe);
172
173	mutex_unlock(&sbi->wq_mutex);
174
175	if (autofs4_write(sbi, pipe, &pkt, pktsz))
176		autofs4_catatonic_mode(sbi);
177	fput(pipe);
178}
179
180static int autofs4_getpath(struct autofs_sb_info *sbi,
181			   struct dentry *dentry, char **name)
182{
183	struct dentry *root = sbi->sb->s_root;
184	struct dentry *tmp;
185	char *buf;
186	char *p;
187	int len;
188	unsigned seq;
189
190rename_retry:
191	buf = *name;
192	len = 0;
193
194	seq = read_seqbegin(&rename_lock);
195	rcu_read_lock();
196	spin_lock(&sbi->fs_lock);
197	for (tmp = dentry ; tmp != root ; tmp = tmp->d_parent)
198		len += tmp->d_name.len + 1;
199
200	if (!len || --len > NAME_MAX) {
201		spin_unlock(&sbi->fs_lock);
202		rcu_read_unlock();
203		if (read_seqretry(&rename_lock, seq))
204			goto rename_retry;
205		return 0;
206	}
207
208	*(buf + len) = '\0';
209	p = buf + len - dentry->d_name.len;
210	strncpy(p, dentry->d_name.name, dentry->d_name.len);
211
212	for (tmp = dentry->d_parent; tmp != root ; tmp = tmp->d_parent) {
213		*(--p) = '/';
214		p -= tmp->d_name.len;
215		strncpy(p, tmp->d_name.name, tmp->d_name.len);
216	}
217	spin_unlock(&sbi->fs_lock);
218	rcu_read_unlock();
219	if (read_seqretry(&rename_lock, seq))
220		goto rename_retry;
221
222	return len;
223}
224
225static struct autofs_wait_queue *
226autofs4_find_wait(struct autofs_sb_info *sbi, struct qstr *qstr)
227{
228	struct autofs_wait_queue *wq;
229
230	for (wq = sbi->queues; wq; wq = wq->next) {
231		if (wq->name.hash == qstr->hash &&
232		    wq->name.len == qstr->len &&
233		    wq->name.name &&
234			 !memcmp(wq->name.name, qstr->name, qstr->len))
235			break;
236	}
237	return wq;
238}
239
240/*
241 * Check if we have a valid request.
242 * Returns
243 * 1 if the request should continue.
244 *   In this case we can return an autofs_wait_queue entry if one is
245 *   found or NULL to idicate a new wait needs to be created.
246 * 0 or a negative errno if the request shouldn't continue.
247 */
248static int validate_request(struct autofs_wait_queue **wait,
249			    struct autofs_sb_info *sbi,
250			    struct qstr *qstr,
251			    struct dentry*dentry, enum autofs_notify notify)
252{
253	struct autofs_wait_queue *wq;
254	struct autofs_info *ino;
255
256	if (sbi->catatonic)
257		return -ENOENT;
258
259	/* Wait in progress, continue; */
260	wq = autofs4_find_wait(sbi, qstr);
261	if (wq) {
262		*wait = wq;
263		return 1;
264	}
265
266	*wait = NULL;
267
268	/* If we don't yet have any info this is a new request */
269	ino = autofs4_dentry_ino(dentry);
270	if (!ino)
271		return 1;
272
273	/*
274	 * If we've been asked to wait on an existing expire (NFY_NONE)
275	 * but there is no wait in the queue ...
276	 */
277	if (notify == NFY_NONE) {
278		/*
279		 * Either we've betean the pending expire to post it's
280		 * wait or it finished while we waited on the mutex.
281		 * So we need to wait till either, the wait appears
282		 * or the expire finishes.
283		 */
284
285		while (ino->flags & AUTOFS_INF_EXPIRING) {
286			mutex_unlock(&sbi->wq_mutex);
287			schedule_timeout_interruptible(HZ/10);
288			if (mutex_lock_interruptible(&sbi->wq_mutex))
289				return -EINTR;
290
291			if (sbi->catatonic)
292				return -ENOENT;
293
294			wq = autofs4_find_wait(sbi, qstr);
295			if (wq) {
296				*wait = wq;
297				return 1;
298			}
299		}
300
301		/*
302		 * Not ideal but the status has already gone. Of the two
303		 * cases where we wait on NFY_NONE neither depend on the
304		 * return status of the wait.
305		 */
306		return 0;
307	}
308
309	/*
310	 * If we've been asked to trigger a mount and the request
311	 * completed while we waited on the mutex ...
312	 */
313	if (notify == NFY_MOUNT) {
314		struct dentry *new = NULL;
315		int valid = 1;
316
317		/*
318		 * If the dentry was successfully mounted while we slept
319		 * on the wait queue mutex we can return success. If it
320		 * isn't mounted (doesn't have submounts for the case of
321		 * a multi-mount with no mount at it's base) we can
322		 * continue on and create a new request.
323		 */
324		if (!IS_ROOT(dentry)) {
325			if (d_really_is_positive(dentry) && d_unhashed(dentry)) {
326				struct dentry *parent = dentry->d_parent;
327				new = d_lookup(parent, &dentry->d_name);
328				if (new)
329					dentry = new;
330			}
331		}
332		if (have_submounts(dentry))
333			valid = 0;
334
335		if (new)
336			dput(new);
337		return valid;
338	}
339
340	return 1;
341}
342
343int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
344		enum autofs_notify notify)
345{
346	struct autofs_wait_queue *wq;
347	struct qstr qstr;
348	char *name;
349	int status, ret, type;
350	pid_t pid;
351	pid_t tgid;
352
353	/* In catatonic mode, we don't wait for nobody */
354	if (sbi->catatonic)
355		return -ENOENT;
356
357	/*
358	 * Try translating pids to the namespace of the daemon.
359	 *
360	 * Zero means failure: we are in an unrelated pid namespace.
361	 */
362	pid = task_pid_nr_ns(current, ns_of_pid(sbi->oz_pgrp));
363	tgid = task_tgid_nr_ns(current, ns_of_pid(sbi->oz_pgrp));
364	if (pid == 0 || tgid == 0)
365		return -ENOENT;
366
367	if (d_really_is_negative(dentry)) {
368		/*
369		 * A wait for a negative dentry is invalid for certain
370		 * cases. A direct or offset mount "always" has its mount
371		 * point directory created and so the request dentry must
372		 * be positive or the map key doesn't exist. The situation
373		 * is very similar for indirect mounts except only dentrys
374		 * in the root of the autofs file system may be negative.
375		 */
376		if (autofs_type_trigger(sbi->type))
377			return -ENOENT;
378		else if (!IS_ROOT(dentry->d_parent))
379			return -ENOENT;
380	}
381
382	name = kmalloc(NAME_MAX + 1, GFP_KERNEL);
383	if (!name)
384		return -ENOMEM;
385
386	/* If this is a direct mount request create a dummy name */
387	if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type))
388		qstr.len = sprintf(name, "%p", dentry);
389	else {
390		qstr.len = autofs4_getpath(sbi, dentry, &name);
391		if (!qstr.len) {
392			kfree(name);
393			return -ENOENT;
394		}
395	}
396	qstr.name = name;
397	qstr.hash = full_name_hash(name, qstr.len);
398
399	if (mutex_lock_interruptible(&sbi->wq_mutex)) {
400		kfree(qstr.name);
401		return -EINTR;
402	}
403
404	ret = validate_request(&wq, sbi, &qstr, dentry, notify);
405	if (ret <= 0) {
406		if (ret != -EINTR)
407			mutex_unlock(&sbi->wq_mutex);
408		kfree(qstr.name);
409		return ret;
410	}
411
412	if (!wq) {
413		/* Create a new wait queue */
414		wq = kmalloc(sizeof(struct autofs_wait_queue),GFP_KERNEL);
415		if (!wq) {
416			kfree(qstr.name);
417			mutex_unlock(&sbi->wq_mutex);
418			return -ENOMEM;
419		}
420
421		wq->wait_queue_token = autofs4_next_wait_queue;
422		if (++autofs4_next_wait_queue == 0)
423			autofs4_next_wait_queue = 1;
424		wq->next = sbi->queues;
425		sbi->queues = wq;
426		init_waitqueue_head(&wq->queue);
427		memcpy(&wq->name, &qstr, sizeof(struct qstr));
428		wq->dev = autofs4_get_dev(sbi);
429		wq->ino = autofs4_get_ino(sbi);
430		wq->uid = current_uid();
431		wq->gid = current_gid();
432		wq->pid = pid;
433		wq->tgid = tgid;
434		wq->status = -EINTR; /* Status return if interrupted */
435		wq->wait_ctr = 2;
436
437		if (sbi->version < 5) {
438			if (notify == NFY_MOUNT)
439				type = autofs_ptype_missing;
440			else
441				type = autofs_ptype_expire_multi;
442		} else {
443			if (notify == NFY_MOUNT)
444				type = autofs_type_trigger(sbi->type) ?
445					autofs_ptype_missing_direct :
446					 autofs_ptype_missing_indirect;
447			else
448				type = autofs_type_trigger(sbi->type) ?
449					autofs_ptype_expire_direct :
450					autofs_ptype_expire_indirect;
451		}
452
453		DPRINTK("new wait id = 0x%08lx, name = %.*s, nfy=%d\n",
454			(unsigned long) wq->wait_queue_token, wq->name.len,
455			wq->name.name, notify);
456
457		/* autofs4_notify_daemon() may block; it will unlock ->wq_mutex */
458		autofs4_notify_daemon(sbi, wq, type);
459	} else {
460		wq->wait_ctr++;
461		DPRINTK("existing wait id = 0x%08lx, name = %.*s, nfy=%d",
462			(unsigned long) wq->wait_queue_token, wq->name.len,
463			wq->name.name, notify);
464		mutex_unlock(&sbi->wq_mutex);
465		kfree(qstr.name);
466	}
467
468	/*
469	 * wq->name.name is NULL iff the lock is already released
470	 * or the mount has been made catatonic.
471	 */
472	if (wq->name.name) {
473		/* Block all but "shutdown" signals while waiting */
474		sigset_t oldset;
475		unsigned long irqflags;
476
477		spin_lock_irqsave(&current->sighand->siglock, irqflags);
478		oldset = current->blocked;
479		siginitsetinv(&current->blocked, SHUTDOWN_SIGS & ~oldset.sig[0]);
480		recalc_sigpending();
481		spin_unlock_irqrestore(&current->sighand->siglock, irqflags);
482
483		wait_event_interruptible(wq->queue, wq->name.name == NULL);
484
485		spin_lock_irqsave(&current->sighand->siglock, irqflags);
486		current->blocked = oldset;
487		recalc_sigpending();
488		spin_unlock_irqrestore(&current->sighand->siglock, irqflags);
489	} else {
490		DPRINTK("skipped sleeping");
491	}
492
493	status = wq->status;
494
495	/*
496	 * For direct and offset mounts we need to track the requester's
497	 * uid and gid in the dentry info struct. This is so it can be
498	 * supplied, on request, by the misc device ioctl interface.
499	 * This is needed during daemon resatart when reconnecting
500	 * to existing, active, autofs mounts. The uid and gid (and
501	 * related string values) may be used for macro substitution
502	 * in autofs mount maps.
503	 */
504	if (!status) {
505		struct autofs_info *ino;
506		struct dentry *de = NULL;
507
508		/* direct mount or browsable map */
509		ino = autofs4_dentry_ino(dentry);
510		if (!ino) {
511			/* If not lookup actual dentry used */
512			de = d_lookup(dentry->d_parent, &dentry->d_name);
513			if (de)
514				ino = autofs4_dentry_ino(de);
515		}
516
517		/* Set mount requester */
518		if (ino) {
519			spin_lock(&sbi->fs_lock);
520			ino->uid = wq->uid;
521			ino->gid = wq->gid;
522			spin_unlock(&sbi->fs_lock);
523		}
524
525		if (de)
526			dput(de);
527	}
528
529	/* Are we the last process to need status? */
530	mutex_lock(&sbi->wq_mutex);
531	if (!--wq->wait_ctr)
532		kfree(wq);
533	mutex_unlock(&sbi->wq_mutex);
534
535	return status;
536}
537
538
539int autofs4_wait_release(struct autofs_sb_info *sbi, autofs_wqt_t wait_queue_token, int status)
540{
541	struct autofs_wait_queue *wq, **wql;
542
543	mutex_lock(&sbi->wq_mutex);
544	for (wql = &sbi->queues; (wq = *wql) != NULL; wql = &wq->next) {
545		if (wq->wait_queue_token == wait_queue_token)
546			break;
547	}
548
549	if (!wq) {
550		mutex_unlock(&sbi->wq_mutex);
551		return -EINVAL;
552	}
553
554	*wql = wq->next;	/* Unlink from chain */
555	kfree(wq->name.name);
556	wq->name.name = NULL;	/* Do not wait on this queue */
557	wq->status = status;
558	wake_up_interruptible(&wq->queue);
559	if (!--wq->wait_ctr)
560		kfree(wq);
561	mutex_unlock(&sbi->wq_mutex);
562
563	return 0;
564}
565
566