Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0
2 : /*
3 : * Copyright (C) 1991, 1992 Linus Torvalds
4 : *
5 : * Added support for a Unix98-style ptmx device.
6 : * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
7 : *
8 : */
9 :
10 : #include <linux/module.h>
11 : #include <linux/errno.h>
12 : #include <linux/interrupt.h>
13 : #include <linux/tty.h>
14 : #include <linux/tty_flip.h>
15 : #include <linux/fcntl.h>
16 : #include <linux/sched/signal.h>
17 : #include <linux/string.h>
18 : #include <linux/major.h>
19 : #include <linux/mm.h>
20 : #include <linux/init.h>
21 : #include <linux/device.h>
22 : #include <linux/uaccess.h>
23 : #include <linux/bitops.h>
24 : #include <linux/devpts_fs.h>
25 : #include <linux/slab.h>
26 : #include <linux/mutex.h>
27 : #include <linux/poll.h>
28 : #include <linux/mount.h>
29 : #include <linux/file.h>
30 : #include <linux/ioctl.h>
31 : #include <linux/compat.h>
32 :
33 : #undef TTY_DEBUG_HANGUP
34 : #ifdef TTY_DEBUG_HANGUP
35 : # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
36 : #else
37 : # define tty_debug_hangup(tty, f, args...) do {} while (0)
38 : #endif
39 :
40 : #ifdef CONFIG_UNIX98_PTYS
41 : static struct tty_driver *ptm_driver;
42 : static struct tty_driver *pts_driver;
43 : static DEFINE_MUTEX(devpts_mutex);
44 : #endif
45 :
46 0 : static void pty_close(struct tty_struct *tty, struct file *filp)
47 : {
48 0 : if (tty->driver->subtype == PTY_TYPE_MASTER)
49 0 : WARN_ON(tty->count > 1);
50 : else {
51 0 : if (tty_io_error(tty))
52 : return;
53 0 : if (tty->count > 2)
54 : return;
55 : }
56 0 : set_bit(TTY_IO_ERROR, &tty->flags);
57 0 : wake_up_interruptible(&tty->read_wait);
58 0 : wake_up_interruptible(&tty->write_wait);
59 0 : spin_lock_irq(&tty->ctrl_lock);
60 0 : tty->packet = 0;
61 0 : spin_unlock_irq(&tty->ctrl_lock);
62 : /* Review - krefs on tty_link ?? */
63 0 : if (!tty->link)
64 : return;
65 0 : set_bit(TTY_OTHER_CLOSED, &tty->link->flags);
66 0 : wake_up_interruptible(&tty->link->read_wait);
67 0 : wake_up_interruptible(&tty->link->write_wait);
68 0 : if (tty->driver->subtype == PTY_TYPE_MASTER) {
69 0 : set_bit(TTY_OTHER_CLOSED, &tty->flags);
70 : #ifdef CONFIG_UNIX98_PTYS
71 0 : if (tty->driver == ptm_driver) {
72 0 : mutex_lock(&devpts_mutex);
73 0 : if (tty->link->driver_data)
74 0 : devpts_pty_kill(tty->link->driver_data);
75 0 : mutex_unlock(&devpts_mutex);
76 : }
77 : #endif
78 0 : tty_vhangup(tty->link);
79 : }
80 : }
81 :
82 : /*
83 : * The unthrottle routine is called by the line discipline to signal
84 : * that it can receive more characters. For PTY's, the TTY_THROTTLED
85 : * flag is always set, to force the line discipline to always call the
86 : * unthrottle routine when there are fewer than TTY_THRESHOLD_UNTHROTTLE
87 : * characters in the queue. This is necessary since each time this
88 : * happens, we need to wake up any sleeping processes that could be
89 : * (1) trying to send data to the pty, or (2) waiting in wait_until_sent()
90 : * for the pty buffer to be drained.
91 : */
92 0 : static void pty_unthrottle(struct tty_struct *tty)
93 : {
94 0 : tty_wakeup(tty->link);
95 0 : set_bit(TTY_THROTTLED, &tty->flags);
96 0 : }
97 :
98 : /**
99 : * pty_write - write to a pty
100 : * @tty: the tty we write from
101 : * @buf: kernel buffer of data
102 : * @c: bytes to write
103 : *
104 : * Our "hardware" write method. Data is coming from the ldisc which
105 : * may be in a non sleeping state. We simply throw this at the other
106 : * end of the link as if we were an IRQ handler receiving stuff for
107 : * the other side of the pty/tty pair.
108 : */
109 :
110 0 : static int pty_write(struct tty_struct *tty, const unsigned char *buf, int c)
111 : {
112 0 : struct tty_struct *to = tty->link;
113 0 : unsigned long flags;
114 :
115 0 : if (tty->stopped)
116 : return 0;
117 :
118 0 : if (c > 0) {
119 0 : spin_lock_irqsave(&to->port->lock, flags);
120 : /* Stuff the data into the input queue of the other end */
121 0 : c = tty_insert_flip_string(to->port, buf, c);
122 0 : spin_unlock_irqrestore(&to->port->lock, flags);
123 : /* And shovel */
124 0 : if (c)
125 0 : tty_flip_buffer_push(to->port);
126 : }
127 : return c;
128 : }
129 :
130 : /**
131 : * pty_write_room - write space
132 : * @tty: tty we are writing from
133 : *
134 : * Report how many bytes the ldisc can send into the queue for
135 : * the other device.
136 : */
137 :
138 0 : static int pty_write_room(struct tty_struct *tty)
139 : {
140 0 : if (tty->stopped)
141 : return 0;
142 0 : return tty_buffer_space_avail(tty->link->port);
143 : }
144 :
145 : /**
146 : * pty_chars_in_buffer - characters currently in our tx queue
147 : * @tty: our tty
148 : *
149 : * Report how much we have in the transmit queue. As everything is
150 : * instantly at the other end this is easy to implement.
151 : */
152 :
153 0 : static int pty_chars_in_buffer(struct tty_struct *tty)
154 : {
155 0 : return 0;
156 : }
157 :
158 : /* Set the lock flag on a pty */
159 0 : static int pty_set_lock(struct tty_struct *tty, int __user *arg)
160 : {
161 0 : int val;
162 0 : if (get_user(val, arg))
163 : return -EFAULT;
164 0 : if (val)
165 0 : set_bit(TTY_PTY_LOCK, &tty->flags);
166 : else
167 0 : clear_bit(TTY_PTY_LOCK, &tty->flags);
168 : return 0;
169 : }
170 :
171 0 : static int pty_get_lock(struct tty_struct *tty, int __user *arg)
172 : {
173 0 : int locked = test_bit(TTY_PTY_LOCK, &tty->flags);
174 0 : return put_user(locked, arg);
175 : }
176 :
177 : /* Set the packet mode on a pty */
178 0 : static int pty_set_pktmode(struct tty_struct *tty, int __user *arg)
179 : {
180 0 : int pktmode;
181 :
182 0 : if (get_user(pktmode, arg))
183 : return -EFAULT;
184 :
185 0 : spin_lock_irq(&tty->ctrl_lock);
186 0 : if (pktmode) {
187 0 : if (!tty->packet) {
188 0 : tty->link->ctrl_status = 0;
189 0 : smp_mb();
190 0 : tty->packet = 1;
191 : }
192 : } else
193 0 : tty->packet = 0;
194 0 : spin_unlock_irq(&tty->ctrl_lock);
195 :
196 0 : return 0;
197 : }
198 :
199 : /* Get the packet mode of a pty */
200 0 : static int pty_get_pktmode(struct tty_struct *tty, int __user *arg)
201 : {
202 0 : int pktmode = tty->packet;
203 0 : return put_user(pktmode, arg);
204 : }
205 :
206 : /* Send a signal to the slave */
207 0 : static int pty_signal(struct tty_struct *tty, int sig)
208 : {
209 0 : struct pid *pgrp;
210 :
211 0 : if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP)
212 : return -EINVAL;
213 :
214 0 : if (tty->link) {
215 0 : pgrp = tty_get_pgrp(tty->link);
216 0 : if (pgrp)
217 0 : kill_pgrp(pgrp, sig, 1);
218 0 : put_pid(pgrp);
219 : }
220 : return 0;
221 : }
222 :
223 0 : static void pty_flush_buffer(struct tty_struct *tty)
224 : {
225 0 : struct tty_struct *to = tty->link;
226 :
227 0 : if (!to)
228 : return;
229 :
230 0 : tty_buffer_flush(to, NULL);
231 0 : if (to->packet) {
232 0 : spin_lock_irq(&tty->ctrl_lock);
233 0 : tty->ctrl_status |= TIOCPKT_FLUSHWRITE;
234 0 : wake_up_interruptible(&to->read_wait);
235 0 : spin_unlock_irq(&tty->ctrl_lock);
236 : }
237 : }
238 :
239 0 : static int pty_open(struct tty_struct *tty, struct file *filp)
240 : {
241 0 : if (!tty || !tty->link)
242 : return -ENODEV;
243 :
244 0 : if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
245 0 : goto out;
246 0 : if (test_bit(TTY_PTY_LOCK, &tty->link->flags))
247 0 : goto out;
248 0 : if (tty->driver->subtype == PTY_TYPE_SLAVE && tty->link->count != 1)
249 0 : goto out;
250 :
251 0 : clear_bit(TTY_IO_ERROR, &tty->flags);
252 0 : clear_bit(TTY_OTHER_CLOSED, &tty->link->flags);
253 0 : set_bit(TTY_THROTTLED, &tty->flags);
254 0 : return 0;
255 :
256 0 : out:
257 0 : set_bit(TTY_IO_ERROR, &tty->flags);
258 0 : return -EIO;
259 : }
260 :
261 0 : static void pty_set_termios(struct tty_struct *tty,
262 : struct ktermios *old_termios)
263 : {
264 : /* See if packet mode change of state. */
265 0 : if (tty->link && tty->link->packet) {
266 0 : int extproc = (old_termios->c_lflag & EXTPROC) | L_EXTPROC(tty);
267 0 : int old_flow = ((old_termios->c_iflag & IXON) &&
268 0 : (old_termios->c_cc[VSTOP] == '\023') &&
269 : (old_termios->c_cc[VSTART] == '\021'));
270 0 : int new_flow = (I_IXON(tty) &&
271 0 : STOP_CHAR(tty) == '\023' &&
272 : START_CHAR(tty) == '\021');
273 0 : if ((old_flow != new_flow) || extproc) {
274 0 : spin_lock_irq(&tty->ctrl_lock);
275 0 : if (old_flow != new_flow) {
276 0 : tty->ctrl_status &= ~(TIOCPKT_DOSTOP | TIOCPKT_NOSTOP);
277 0 : if (new_flow)
278 0 : tty->ctrl_status |= TIOCPKT_DOSTOP;
279 : else
280 0 : tty->ctrl_status |= TIOCPKT_NOSTOP;
281 : }
282 0 : if (extproc)
283 0 : tty->ctrl_status |= TIOCPKT_IOCTL;
284 0 : spin_unlock_irq(&tty->ctrl_lock);
285 0 : wake_up_interruptible(&tty->link->read_wait);
286 : }
287 : }
288 :
289 0 : tty->termios.c_cflag &= ~(CSIZE | PARENB);
290 0 : tty->termios.c_cflag |= (CS8 | CREAD);
291 0 : }
292 :
293 : /**
294 : * pty_do_resize - resize event
295 : * @tty: tty being resized
296 : * @ws: window size being set.
297 : *
298 : * Update the termios variables and send the necessary signals to
299 : * peform a terminal resize correctly
300 : */
301 :
302 0 : static int pty_resize(struct tty_struct *tty, struct winsize *ws)
303 : {
304 0 : struct pid *pgrp, *rpgrp;
305 0 : struct tty_struct *pty = tty->link;
306 :
307 : /* For a PTY we need to lock the tty side */
308 0 : mutex_lock(&tty->winsize_mutex);
309 0 : if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
310 0 : goto done;
311 :
312 : /* Signal the foreground process group of both ptys */
313 0 : pgrp = tty_get_pgrp(tty);
314 0 : rpgrp = tty_get_pgrp(pty);
315 :
316 0 : if (pgrp)
317 0 : kill_pgrp(pgrp, SIGWINCH, 1);
318 0 : if (rpgrp != pgrp && rpgrp)
319 0 : kill_pgrp(rpgrp, SIGWINCH, 1);
320 :
321 0 : put_pid(pgrp);
322 0 : put_pid(rpgrp);
323 :
324 0 : tty->winsize = *ws;
325 0 : pty->winsize = *ws; /* Never used so will go away soon */
326 0 : done:
327 0 : mutex_unlock(&tty->winsize_mutex);
328 0 : return 0;
329 : }
330 :
331 : /**
332 : * pty_start - start() handler
333 : * pty_stop - stop() handler
334 : * @tty: tty being flow-controlled
335 : *
336 : * Propagates the TIOCPKT status to the master pty.
337 : *
338 : * NB: only the master pty can be in packet mode so only the slave
339 : * needs start()/stop() handlers
340 : */
341 0 : static void pty_start(struct tty_struct *tty)
342 : {
343 0 : unsigned long flags;
344 :
345 0 : if (tty->link && tty->link->packet) {
346 0 : spin_lock_irqsave(&tty->ctrl_lock, flags);
347 0 : tty->ctrl_status &= ~TIOCPKT_STOP;
348 0 : tty->ctrl_status |= TIOCPKT_START;
349 0 : spin_unlock_irqrestore(&tty->ctrl_lock, flags);
350 0 : wake_up_interruptible_poll(&tty->link->read_wait, EPOLLIN);
351 : }
352 0 : }
353 :
354 0 : static void pty_stop(struct tty_struct *tty)
355 : {
356 0 : unsigned long flags;
357 :
358 0 : if (tty->link && tty->link->packet) {
359 0 : spin_lock_irqsave(&tty->ctrl_lock, flags);
360 0 : tty->ctrl_status &= ~TIOCPKT_START;
361 0 : tty->ctrl_status |= TIOCPKT_STOP;
362 0 : spin_unlock_irqrestore(&tty->ctrl_lock, flags);
363 0 : wake_up_interruptible_poll(&tty->link->read_wait, EPOLLIN);
364 : }
365 0 : }
366 :
367 : /**
368 : * pty_common_install - set up the pty pair
369 : * @driver: the pty driver
370 : * @tty: the tty being instantiated
371 : * @legacy: true if this is BSD style
372 : *
373 : * Perform the initial set up for the tty/pty pair. Called from the
374 : * tty layer when the port is first opened.
375 : *
376 : * Locking: the caller must hold the tty_mutex
377 : */
378 0 : static int pty_common_install(struct tty_driver *driver, struct tty_struct *tty,
379 : bool legacy)
380 : {
381 0 : struct tty_struct *o_tty;
382 0 : struct tty_port *ports[2];
383 0 : int idx = tty->index;
384 0 : int retval = -ENOMEM;
385 :
386 : /* Opening the slave first has always returned -EIO */
387 0 : if (driver->subtype != PTY_TYPE_MASTER)
388 : return -EIO;
389 :
390 0 : ports[0] = kmalloc(sizeof **ports, GFP_KERNEL);
391 0 : ports[1] = kmalloc(sizeof **ports, GFP_KERNEL);
392 0 : if (!ports[0] || !ports[1])
393 0 : goto err;
394 0 : if (!try_module_get(driver->other->owner)) {
395 : /* This cannot in fact currently happen */
396 : goto err;
397 : }
398 0 : o_tty = alloc_tty_struct(driver->other, idx);
399 0 : if (!o_tty)
400 0 : goto err_put_module;
401 :
402 0 : tty_set_lock_subclass(o_tty);
403 0 : lockdep_set_subclass(&o_tty->termios_rwsem, TTY_LOCK_SLAVE);
404 :
405 0 : if (legacy) {
406 : /* We always use new tty termios data so we can do this
407 : the easy way .. */
408 0 : tty_init_termios(tty);
409 0 : tty_init_termios(o_tty);
410 :
411 0 : driver->other->ttys[idx] = o_tty;
412 0 : driver->ttys[idx] = tty;
413 : } else {
414 0 : memset(&tty->termios_locked, 0, sizeof(tty->termios_locked));
415 0 : tty->termios = driver->init_termios;
416 0 : memset(&o_tty->termios_locked, 0, sizeof(tty->termios_locked));
417 0 : o_tty->termios = driver->other->init_termios;
418 : }
419 :
420 : /*
421 : * Everything allocated ... set up the o_tty structure.
422 : */
423 0 : tty_driver_kref_get(driver->other);
424 : /* Establish the links in both directions */
425 0 : tty->link = o_tty;
426 0 : o_tty->link = tty;
427 0 : tty_port_init(ports[0]);
428 0 : tty_port_init(ports[1]);
429 0 : tty_buffer_set_limit(ports[0], 8192);
430 0 : tty_buffer_set_limit(ports[1], 8192);
431 0 : o_tty->port = ports[0];
432 0 : tty->port = ports[1];
433 0 : o_tty->port->itty = o_tty;
434 :
435 0 : tty_buffer_set_lock_subclass(o_tty->port);
436 :
437 0 : tty_driver_kref_get(driver);
438 0 : tty->count++;
439 0 : o_tty->count++;
440 0 : return 0;
441 :
442 0 : err_put_module:
443 0 : module_put(driver->other->owner);
444 0 : err:
445 0 : kfree(ports[0]);
446 0 : kfree(ports[1]);
447 0 : return retval;
448 : }
449 :
450 0 : static void pty_cleanup(struct tty_struct *tty)
451 : {
452 0 : tty_port_put(tty->port);
453 0 : }
454 :
455 : /* Traditional BSD devices */
456 : #ifdef CONFIG_LEGACY_PTYS
457 :
458 : static int pty_install(struct tty_driver *driver, struct tty_struct *tty)
459 : {
460 : return pty_common_install(driver, tty, true);
461 : }
462 :
463 : static void pty_remove(struct tty_driver *driver, struct tty_struct *tty)
464 : {
465 : struct tty_struct *pair = tty->link;
466 : driver->ttys[tty->index] = NULL;
467 : if (pair)
468 : pair->driver->ttys[pair->index] = NULL;
469 : }
470 :
471 : static int pty_bsd_ioctl(struct tty_struct *tty,
472 : unsigned int cmd, unsigned long arg)
473 : {
474 : switch (cmd) {
475 : case TIOCSPTLCK: /* Set PT Lock (disallow slave open) */
476 : return pty_set_lock(tty, (int __user *) arg);
477 : case TIOCGPTLCK: /* Get PT Lock status */
478 : return pty_get_lock(tty, (int __user *)arg);
479 : case TIOCPKT: /* Set PT packet mode */
480 : return pty_set_pktmode(tty, (int __user *)arg);
481 : case TIOCGPKT: /* Get PT packet mode */
482 : return pty_get_pktmode(tty, (int __user *)arg);
483 : case TIOCSIG: /* Send signal to other side of pty */
484 : return pty_signal(tty, (int) arg);
485 : case TIOCGPTN: /* TTY returns ENOTTY, but glibc expects EINVAL here */
486 : return -EINVAL;
487 : }
488 : return -ENOIOCTLCMD;
489 : }
490 :
491 : #ifdef CONFIG_COMPAT
492 : static long pty_bsd_compat_ioctl(struct tty_struct *tty,
493 : unsigned int cmd, unsigned long arg)
494 : {
495 : /*
496 : * PTY ioctls don't require any special translation between 32-bit and
497 : * 64-bit userspace, they are already compatible.
498 : */
499 : return pty_bsd_ioctl(tty, cmd, (unsigned long)compat_ptr(arg));
500 : }
501 : #else
502 : #define pty_bsd_compat_ioctl NULL
503 : #endif
504 :
505 : static int legacy_count = CONFIG_LEGACY_PTY_COUNT;
506 : /*
507 : * not really modular, but the easiest way to keep compat with existing
508 : * bootargs behaviour is to continue using module_param here.
509 : */
510 : module_param(legacy_count, int, 0);
511 :
512 : /*
513 : * The master side of a pty can do TIOCSPTLCK and thus
514 : * has pty_bsd_ioctl.
515 : */
516 : static const struct tty_operations master_pty_ops_bsd = {
517 : .install = pty_install,
518 : .open = pty_open,
519 : .close = pty_close,
520 : .write = pty_write,
521 : .write_room = pty_write_room,
522 : .flush_buffer = pty_flush_buffer,
523 : .chars_in_buffer = pty_chars_in_buffer,
524 : .unthrottle = pty_unthrottle,
525 : .ioctl = pty_bsd_ioctl,
526 : .compat_ioctl = pty_bsd_compat_ioctl,
527 : .cleanup = pty_cleanup,
528 : .resize = pty_resize,
529 : .remove = pty_remove
530 : };
531 :
532 : static const struct tty_operations slave_pty_ops_bsd = {
533 : .install = pty_install,
534 : .open = pty_open,
535 : .close = pty_close,
536 : .write = pty_write,
537 : .write_room = pty_write_room,
538 : .flush_buffer = pty_flush_buffer,
539 : .chars_in_buffer = pty_chars_in_buffer,
540 : .unthrottle = pty_unthrottle,
541 : .set_termios = pty_set_termios,
542 : .cleanup = pty_cleanup,
543 : .resize = pty_resize,
544 : .start = pty_start,
545 : .stop = pty_stop,
546 : .remove = pty_remove
547 : };
548 :
549 : static void __init legacy_pty_init(void)
550 : {
551 : struct tty_driver *pty_driver, *pty_slave_driver;
552 :
553 : if (legacy_count <= 0)
554 : return;
555 :
556 : pty_driver = tty_alloc_driver(legacy_count,
557 : TTY_DRIVER_RESET_TERMIOS |
558 : TTY_DRIVER_REAL_RAW |
559 : TTY_DRIVER_DYNAMIC_ALLOC);
560 : if (IS_ERR(pty_driver))
561 : panic("Couldn't allocate pty driver");
562 :
563 : pty_slave_driver = tty_alloc_driver(legacy_count,
564 : TTY_DRIVER_RESET_TERMIOS |
565 : TTY_DRIVER_REAL_RAW |
566 : TTY_DRIVER_DYNAMIC_ALLOC);
567 : if (IS_ERR(pty_slave_driver))
568 : panic("Couldn't allocate pty slave driver");
569 :
570 : pty_driver->driver_name = "pty_master";
571 : pty_driver->name = "pty";
572 : pty_driver->major = PTY_MASTER_MAJOR;
573 : pty_driver->minor_start = 0;
574 : pty_driver->type = TTY_DRIVER_TYPE_PTY;
575 : pty_driver->subtype = PTY_TYPE_MASTER;
576 : pty_driver->init_termios = tty_std_termios;
577 : pty_driver->init_termios.c_iflag = 0;
578 : pty_driver->init_termios.c_oflag = 0;
579 : pty_driver->init_termios.c_cflag = B38400 | CS8 | CREAD;
580 : pty_driver->init_termios.c_lflag = 0;
581 : pty_driver->init_termios.c_ispeed = 38400;
582 : pty_driver->init_termios.c_ospeed = 38400;
583 : pty_driver->other = pty_slave_driver;
584 : tty_set_operations(pty_driver, &master_pty_ops_bsd);
585 :
586 : pty_slave_driver->driver_name = "pty_slave";
587 : pty_slave_driver->name = "ttyp";
588 : pty_slave_driver->major = PTY_SLAVE_MAJOR;
589 : pty_slave_driver->minor_start = 0;
590 : pty_slave_driver->type = TTY_DRIVER_TYPE_PTY;
591 : pty_slave_driver->subtype = PTY_TYPE_SLAVE;
592 : pty_slave_driver->init_termios = tty_std_termios;
593 : pty_slave_driver->init_termios.c_cflag = B38400 | CS8 | CREAD;
594 : pty_slave_driver->init_termios.c_ispeed = 38400;
595 : pty_slave_driver->init_termios.c_ospeed = 38400;
596 : pty_slave_driver->other = pty_driver;
597 : tty_set_operations(pty_slave_driver, &slave_pty_ops_bsd);
598 :
599 : if (tty_register_driver(pty_driver))
600 : panic("Couldn't register pty driver");
601 : if (tty_register_driver(pty_slave_driver))
602 : panic("Couldn't register pty slave driver");
603 : }
604 : #else
605 1 : static inline void legacy_pty_init(void) { }
606 : #endif
607 :
608 : /* Unix98 devices */
609 : #ifdef CONFIG_UNIX98_PTYS
610 : static struct cdev ptmx_cdev;
611 :
612 : /**
613 : * ptm_open_peer - open the peer of a pty
614 : * @master: the open struct file of the ptmx device node
615 : * @tty: the master of the pty being opened
616 : * @flags: the flags for open
617 : *
618 : * Provide a race free way for userspace to open the slave end of a pty
619 : * (where they have the master fd and cannot access or trust the mount
620 : * namespace /dev/pts was mounted inside).
621 : */
622 0 : int ptm_open_peer(struct file *master, struct tty_struct *tty, int flags)
623 : {
624 0 : int fd = -1;
625 0 : struct file *filp;
626 0 : int retval = -EINVAL;
627 0 : struct path path;
628 :
629 0 : if (tty->driver != ptm_driver)
630 : return -EIO;
631 :
632 0 : fd = get_unused_fd_flags(flags);
633 0 : if (fd < 0) {
634 0 : retval = fd;
635 0 : goto err;
636 : }
637 :
638 : /* Compute the slave's path */
639 0 : path.mnt = devpts_mntget(master, tty->driver_data);
640 0 : if (IS_ERR(path.mnt)) {
641 0 : retval = PTR_ERR(path.mnt);
642 0 : goto err_put;
643 : }
644 0 : path.dentry = tty->link->driver_data;
645 :
646 0 : filp = dentry_open(&path, flags, current_cred());
647 0 : mntput(path.mnt);
648 0 : if (IS_ERR(filp)) {
649 0 : retval = PTR_ERR(filp);
650 0 : goto err_put;
651 : }
652 :
653 0 : fd_install(fd, filp);
654 0 : return fd;
655 :
656 0 : err_put:
657 0 : put_unused_fd(fd);
658 : err:
659 : return retval;
660 : }
661 :
662 0 : static int pty_unix98_ioctl(struct tty_struct *tty,
663 : unsigned int cmd, unsigned long arg)
664 : {
665 0 : switch (cmd) {
666 0 : case TIOCSPTLCK: /* Set PT Lock (disallow slave open) */
667 0 : return pty_set_lock(tty, (int __user *)arg);
668 0 : case TIOCGPTLCK: /* Get PT Lock status */
669 0 : return pty_get_lock(tty, (int __user *)arg);
670 0 : case TIOCPKT: /* Set PT packet mode */
671 0 : return pty_set_pktmode(tty, (int __user *)arg);
672 0 : case TIOCGPKT: /* Get PT packet mode */
673 0 : return pty_get_pktmode(tty, (int __user *)arg);
674 0 : case TIOCGPTN: /* Get PT Number */
675 0 : return put_user(tty->index, (unsigned int __user *)arg);
676 0 : case TIOCSIG: /* Send signal to other side of pty */
677 0 : return pty_signal(tty, (int) arg);
678 : }
679 :
680 : return -ENOIOCTLCMD;
681 : }
682 :
683 : #ifdef CONFIG_COMPAT
684 0 : static long pty_unix98_compat_ioctl(struct tty_struct *tty,
685 : unsigned int cmd, unsigned long arg)
686 : {
687 : /*
688 : * PTY ioctls don't require any special translation between 32-bit and
689 : * 64-bit userspace, they are already compatible.
690 : */
691 0 : return pty_unix98_ioctl(tty, cmd,
692 0 : cmd == TIOCSIG ? arg : (unsigned long)compat_ptr(arg));
693 : }
694 : #else
695 : #define pty_unix98_compat_ioctl NULL
696 : #endif
697 :
698 : /**
699 : * ptm_unix98_lookup - find a pty master
700 : * @driver: ptm driver
701 : * @file: unused
702 : * @idx: tty index
703 : *
704 : * Look up a pty master device. Called under the tty_mutex for now.
705 : * This provides our locking.
706 : */
707 :
708 0 : static struct tty_struct *ptm_unix98_lookup(struct tty_driver *driver,
709 : struct file *file, int idx)
710 : {
711 : /* Master must be open via /dev/ptmx */
712 0 : return ERR_PTR(-EIO);
713 : }
714 :
715 : /**
716 : * pts_unix98_lookup - find a pty slave
717 : * @driver: pts driver
718 : * @file: file pointer to tty
719 : * @idx: tty index
720 : *
721 : * Look up a pty master device. Called under the tty_mutex for now.
722 : * This provides our locking for the tty pointer.
723 : */
724 :
725 0 : static struct tty_struct *pts_unix98_lookup(struct tty_driver *driver,
726 : struct file *file, int idx)
727 : {
728 0 : struct tty_struct *tty;
729 :
730 0 : mutex_lock(&devpts_mutex);
731 0 : tty = devpts_get_priv(file->f_path.dentry);
732 0 : mutex_unlock(&devpts_mutex);
733 : /* Master must be open before slave */
734 0 : if (!tty)
735 0 : return ERR_PTR(-EIO);
736 : return tty;
737 : }
738 :
739 0 : static int pty_unix98_install(struct tty_driver *driver, struct tty_struct *tty)
740 : {
741 0 : return pty_common_install(driver, tty, false);
742 : }
743 :
744 : /* this is called once with whichever end is closed last */
745 0 : static void pty_unix98_remove(struct tty_driver *driver, struct tty_struct *tty)
746 : {
747 0 : struct pts_fs_info *fsi;
748 :
749 0 : if (tty->driver->subtype == PTY_TYPE_MASTER)
750 0 : fsi = tty->driver_data;
751 : else
752 0 : fsi = tty->link->driver_data;
753 :
754 0 : if (fsi) {
755 0 : devpts_kill_index(fsi, tty->index);
756 0 : devpts_release(fsi);
757 : }
758 0 : }
759 :
760 0 : static void pty_show_fdinfo(struct tty_struct *tty, struct seq_file *m)
761 : {
762 0 : seq_printf(m, "tty-index:\t%d\n", tty->index);
763 0 : }
764 :
765 : static const struct tty_operations ptm_unix98_ops = {
766 : .lookup = ptm_unix98_lookup,
767 : .install = pty_unix98_install,
768 : .remove = pty_unix98_remove,
769 : .open = pty_open,
770 : .close = pty_close,
771 : .write = pty_write,
772 : .write_room = pty_write_room,
773 : .flush_buffer = pty_flush_buffer,
774 : .chars_in_buffer = pty_chars_in_buffer,
775 : .unthrottle = pty_unthrottle,
776 : .ioctl = pty_unix98_ioctl,
777 : .compat_ioctl = pty_unix98_compat_ioctl,
778 : .resize = pty_resize,
779 : .cleanup = pty_cleanup,
780 : .show_fdinfo = pty_show_fdinfo,
781 : };
782 :
783 : static const struct tty_operations pty_unix98_ops = {
784 : .lookup = pts_unix98_lookup,
785 : .install = pty_unix98_install,
786 : .remove = pty_unix98_remove,
787 : .open = pty_open,
788 : .close = pty_close,
789 : .write = pty_write,
790 : .write_room = pty_write_room,
791 : .flush_buffer = pty_flush_buffer,
792 : .chars_in_buffer = pty_chars_in_buffer,
793 : .unthrottle = pty_unthrottle,
794 : .set_termios = pty_set_termios,
795 : .start = pty_start,
796 : .stop = pty_stop,
797 : .cleanup = pty_cleanup,
798 : };
799 :
800 : /**
801 : * ptmx_open - open a unix 98 pty master
802 : * @inode: inode of device file
803 : * @filp: file pointer to tty
804 : *
805 : * Allocate a unix98 pty master device from the ptmx driver.
806 : *
807 : * Locking: tty_mutex protects the init_dev work. tty->count should
808 : * protect the rest.
809 : * allocated_ptys_lock handles the list of free pty numbers
810 : */
811 :
812 0 : static int ptmx_open(struct inode *inode, struct file *filp)
813 : {
814 0 : struct pts_fs_info *fsi;
815 0 : struct tty_struct *tty;
816 0 : struct dentry *dentry;
817 0 : int retval;
818 0 : int index;
819 :
820 0 : nonseekable_open(inode, filp);
821 :
822 : /* We refuse fsnotify events on ptmx, since it's a shared resource */
823 0 : filp->f_mode |= FMODE_NONOTIFY;
824 :
825 0 : retval = tty_alloc_file(filp);
826 0 : if (retval)
827 : return retval;
828 :
829 0 : fsi = devpts_acquire(filp);
830 0 : if (IS_ERR(fsi)) {
831 0 : retval = PTR_ERR(fsi);
832 0 : goto out_free_file;
833 : }
834 :
835 : /* find a device that is not in use. */
836 0 : mutex_lock(&devpts_mutex);
837 0 : index = devpts_new_index(fsi);
838 0 : mutex_unlock(&devpts_mutex);
839 :
840 0 : retval = index;
841 0 : if (index < 0)
842 0 : goto out_put_fsi;
843 :
844 :
845 0 : mutex_lock(&tty_mutex);
846 0 : tty = tty_init_dev(ptm_driver, index);
847 : /* The tty returned here is locked so we can safely
848 : drop the mutex */
849 0 : mutex_unlock(&tty_mutex);
850 :
851 0 : retval = PTR_ERR(tty);
852 0 : if (IS_ERR(tty))
853 0 : goto out;
854 :
855 : /*
856 : * From here on out, the tty is "live", and the index and
857 : * fsi will be killed/put by the tty_release()
858 : */
859 0 : set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
860 0 : tty->driver_data = fsi;
861 :
862 0 : tty_add_file(tty, filp);
863 :
864 0 : dentry = devpts_pty_new(fsi, index, tty->link);
865 0 : if (IS_ERR(dentry)) {
866 0 : retval = PTR_ERR(dentry);
867 0 : goto err_release;
868 : }
869 0 : tty->link->driver_data = dentry;
870 :
871 0 : retval = ptm_driver->ops->open(tty, filp);
872 0 : if (retval)
873 0 : goto err_release;
874 :
875 0 : tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
876 :
877 0 : tty_unlock(tty);
878 0 : return 0;
879 0 : err_release:
880 0 : tty_unlock(tty);
881 : // This will also put-ref the fsi
882 0 : tty_release(inode, filp);
883 0 : return retval;
884 0 : out:
885 0 : devpts_kill_index(fsi, index);
886 0 : out_put_fsi:
887 0 : devpts_release(fsi);
888 0 : out_free_file:
889 0 : tty_free_file(filp);
890 0 : return retval;
891 : }
892 :
893 : static struct file_operations ptmx_fops __ro_after_init;
894 :
895 1 : static void __init unix98_pty_init(void)
896 : {
897 1 : ptm_driver = tty_alloc_driver(NR_UNIX98_PTY_MAX,
898 : TTY_DRIVER_RESET_TERMIOS |
899 : TTY_DRIVER_REAL_RAW |
900 : TTY_DRIVER_DYNAMIC_DEV |
901 : TTY_DRIVER_DEVPTS_MEM |
902 : TTY_DRIVER_DYNAMIC_ALLOC);
903 1 : if (IS_ERR(ptm_driver))
904 0 : panic("Couldn't allocate Unix98 ptm driver");
905 1 : pts_driver = tty_alloc_driver(NR_UNIX98_PTY_MAX,
906 : TTY_DRIVER_RESET_TERMIOS |
907 : TTY_DRIVER_REAL_RAW |
908 : TTY_DRIVER_DYNAMIC_DEV |
909 : TTY_DRIVER_DEVPTS_MEM |
910 : TTY_DRIVER_DYNAMIC_ALLOC);
911 1 : if (IS_ERR(pts_driver))
912 0 : panic("Couldn't allocate Unix98 pts driver");
913 :
914 1 : ptm_driver->driver_name = "pty_master";
915 1 : ptm_driver->name = "ptm";
916 1 : ptm_driver->major = UNIX98_PTY_MASTER_MAJOR;
917 1 : ptm_driver->minor_start = 0;
918 1 : ptm_driver->type = TTY_DRIVER_TYPE_PTY;
919 1 : ptm_driver->subtype = PTY_TYPE_MASTER;
920 1 : ptm_driver->init_termios = tty_std_termios;
921 1 : ptm_driver->init_termios.c_iflag = 0;
922 1 : ptm_driver->init_termios.c_oflag = 0;
923 1 : ptm_driver->init_termios.c_cflag = B38400 | CS8 | CREAD;
924 1 : ptm_driver->init_termios.c_lflag = 0;
925 1 : ptm_driver->init_termios.c_ispeed = 38400;
926 1 : ptm_driver->init_termios.c_ospeed = 38400;
927 1 : ptm_driver->other = pts_driver;
928 1 : tty_set_operations(ptm_driver, &ptm_unix98_ops);
929 :
930 1 : pts_driver->driver_name = "pty_slave";
931 1 : pts_driver->name = "pts";
932 1 : pts_driver->major = UNIX98_PTY_SLAVE_MAJOR;
933 1 : pts_driver->minor_start = 0;
934 1 : pts_driver->type = TTY_DRIVER_TYPE_PTY;
935 1 : pts_driver->subtype = PTY_TYPE_SLAVE;
936 1 : pts_driver->init_termios = tty_std_termios;
937 1 : pts_driver->init_termios.c_cflag = B38400 | CS8 | CREAD;
938 1 : pts_driver->init_termios.c_ispeed = 38400;
939 1 : pts_driver->init_termios.c_ospeed = 38400;
940 1 : pts_driver->other = ptm_driver;
941 1 : tty_set_operations(pts_driver, &pty_unix98_ops);
942 :
943 1 : if (tty_register_driver(ptm_driver))
944 0 : panic("Couldn't register Unix98 ptm driver");
945 1 : if (tty_register_driver(pts_driver))
946 0 : panic("Couldn't register Unix98 pts driver");
947 :
948 : /* Now create the /dev/ptmx special device */
949 1 : tty_default_fops(&ptmx_fops);
950 1 : ptmx_fops.open = ptmx_open;
951 :
952 1 : cdev_init(&ptmx_cdev, &ptmx_fops);
953 2 : if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
954 1 : register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
955 0 : panic("Couldn't register /dev/ptmx driver");
956 1 : device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
957 1 : }
958 :
959 : #else
960 : static inline void unix98_pty_init(void) { }
961 : #endif
962 :
963 1 : static int __init pty_init(void)
964 : {
965 1 : legacy_pty_init();
966 1 : unix98_pty_init();
967 1 : return 0;
968 : }
969 : device_initcall(pty_init);
|
