1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 * 5 * Added support for a Unix98-style ptmx device. 6 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 7 * 8 */ 9 10 #include <linux/module.h> 11 #include <linux/errno.h> 12 #include <linux/interrupt.h> 13 #include <linux/tty.h> 14 #include <linux/tty_flip.h> 15 #include <linux/fcntl.h> 16 #include <linux/sched/signal.h> 17 #include <linux/string.h> 18 #include <linux/major.h> 19 #include <linux/mm.h> 20 #include <linux/init.h> 21 #include <linux/device.h> 22 #include <linux/uaccess.h> 23 #include <linux/bitops.h> 24 #include <linux/devpts_fs.h> 25 #include <linux/slab.h> 26 #include <linux/mutex.h> 27 #include <linux/poll.h> 28 #include <linux/mount.h> 29 #include <linux/file.h> 30 #include <linux/ioctl.h> 31 #include <linux/compat.h> 32 #include "tty.h" 33 34 #undef TTY_DEBUG_HANGUP 35 #ifdef TTY_DEBUG_HANGUP 36 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 37 #else 38 # define tty_debug_hangup(tty, f, args...) do {} while (0) 39 #endif 40 41 #ifdef CONFIG_UNIX98_PTYS 42 static struct tty_driver *ptm_driver; 43 static struct tty_driver *pts_driver; 44 static DEFINE_MUTEX(devpts_mutex); 45 #endif 46 47 static void pty_close(struct tty_struct *tty, struct file *filp) 48 { 49 if (tty->driver->subtype == PTY_TYPE_MASTER) 50 WARN_ON(tty->count > 1); 51 else { 52 if (tty_io_error(tty)) 53 return; 54 if (tty->count > 2) 55 return; 56 } 57 set_bit(TTY_IO_ERROR, &tty->flags); 58 wake_up_interruptible(&tty->read_wait); 59 wake_up_interruptible(&tty->write_wait); 60 scoped_guard(spinlock_irq, &tty->ctrl.lock) 61 tty->ctrl.packet = false; 62 /* Review - krefs on tty_link ?? */ 63 if (!tty->link) 64 return; 65 set_bit(TTY_OTHER_CLOSED, &tty->link->flags); 66 wake_up_interruptible(&tty->link->read_wait); 67 wake_up_interruptible(&tty->link->write_wait); 68 if (tty->driver->subtype == PTY_TYPE_MASTER) { 69 set_bit(TTY_OTHER_CLOSED, &tty->flags); 70 #ifdef CONFIG_UNIX98_PTYS 71 if (tty->driver == ptm_driver) { 72 guard(mutex)(&devpts_mutex); 73 if (tty->link->driver_data) 74 devpts_pty_kill(tty->link->driver_data); 75 } 76 #endif 77 tty_vhangup(tty->link); 78 } 79 } 80 81 /* 82 * The unthrottle routine is called by the line discipline to signal 83 * that it can receive more characters. For PTY's, the TTY_THROTTLED 84 * flag is always set, to force the line discipline to always call the 85 * unthrottle routine when there are fewer than TTY_THRESHOLD_UNTHROTTLE 86 * characters in the queue. This is necessary since each time this 87 * happens, we need to wake up any sleeping processes that could be 88 * (1) trying to send data to the pty, or (2) waiting in wait_until_sent() 89 * for the pty buffer to be drained. 90 */ 91 static void pty_unthrottle(struct tty_struct *tty) 92 { 93 tty_wakeup(tty->link); 94 set_bit(TTY_THROTTLED, &tty->flags); 95 } 96 97 /** 98 * pty_write - write to a pty 99 * @tty: the tty we write from 100 * @buf: kernel buffer of data 101 * @c: bytes to write 102 * 103 * Our "hardware" write method. Data is coming from the ldisc which 104 * may be in a non sleeping state. We simply throw this at the other 105 * end of the link as if we were an IRQ handler receiving stuff for 106 * the other side of the pty/tty pair. 107 */ 108 109 static ssize_t pty_write(struct tty_struct *tty, const u8 *buf, size_t c) 110 { 111 struct tty_struct *to = tty->link; 112 113 if (tty->flow.stopped || !c) 114 return 0; 115 116 return tty_insert_flip_string_and_push_buffer(to->port, buf, c); 117 } 118 119 /** 120 * pty_write_room - write space 121 * @tty: tty we are writing from 122 * 123 * Report how many bytes the ldisc can send into the queue for 124 * the other device. 125 */ 126 127 static unsigned int pty_write_room(struct tty_struct *tty) 128 { 129 if (tty->flow.stopped) 130 return 0; 131 return tty_buffer_space_avail(tty->link->port); 132 } 133 134 /* Set the lock flag on a pty */ 135 static int pty_set_lock(struct tty_struct *tty, int __user *arg) 136 { 137 int val; 138 139 if (get_user(val, arg)) 140 return -EFAULT; 141 if (val) 142 set_bit(TTY_PTY_LOCK, &tty->flags); 143 else 144 clear_bit(TTY_PTY_LOCK, &tty->flags); 145 return 0; 146 } 147 148 static int pty_get_lock(struct tty_struct *tty, int __user *arg) 149 { 150 int locked = test_bit(TTY_PTY_LOCK, &tty->flags); 151 152 return put_user(locked, arg); 153 } 154 155 /* Set the packet mode on a pty */ 156 static int pty_set_pktmode(struct tty_struct *tty, int __user *arg) 157 { 158 int want_pktmode; 159 160 if (get_user(want_pktmode, arg)) 161 return -EFAULT; 162 163 guard(spinlock_irq)(&tty->ctrl.lock); 164 if (!want_pktmode) { 165 tty->ctrl.packet = false; 166 return 0; 167 } 168 169 if (tty->ctrl.packet) 170 return 0; 171 172 tty->link->ctrl.pktstatus = 0; 173 smp_mb(); 174 tty->ctrl.packet = true; 175 176 return 0; 177 } 178 179 /* Get the packet mode of a pty */ 180 static int pty_get_pktmode(struct tty_struct *tty, int __user *arg) 181 { 182 int pktmode = tty->ctrl.packet; 183 184 return put_user(pktmode, arg); 185 } 186 187 /* Send a signal to the slave */ 188 static int pty_signal(struct tty_struct *tty, int sig) 189 { 190 struct pid *pgrp; 191 192 if (sig != SIGINT && sig != SIGQUIT && sig != SIGTSTP) 193 return -EINVAL; 194 195 if (tty->link) { 196 pgrp = tty_get_pgrp(tty->link); 197 if (pgrp) 198 kill_pgrp(pgrp, sig, 1); 199 put_pid(pgrp); 200 } 201 return 0; 202 } 203 204 static void pty_flush_buffer(struct tty_struct *tty) 205 { 206 struct tty_struct *to = tty->link; 207 208 if (!to) 209 return; 210 211 tty_buffer_flush(to, NULL); 212 if (to->ctrl.packet) { 213 guard(spinlock_irq)(&tty->ctrl.lock); 214 tty->ctrl.pktstatus |= TIOCPKT_FLUSHWRITE; 215 wake_up_interruptible(&to->read_wait); 216 } 217 } 218 219 static int pty_open(struct tty_struct *tty, struct file *filp) 220 { 221 if (!tty || !tty->link) 222 return -ENODEV; 223 224 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) 225 goto out; 226 if (test_bit(TTY_PTY_LOCK, &tty->link->flags)) 227 goto out; 228 if (tty->driver->subtype == PTY_TYPE_SLAVE && tty->link->count != 1) 229 goto out; 230 231 clear_bit(TTY_IO_ERROR, &tty->flags); 232 clear_bit(TTY_OTHER_CLOSED, &tty->link->flags); 233 set_bit(TTY_THROTTLED, &tty->flags); 234 return 0; 235 236 out: 237 set_bit(TTY_IO_ERROR, &tty->flags); 238 return -EIO; 239 } 240 241 static void pty_set_termios(struct tty_struct *tty, 242 const struct ktermios *old_termios) 243 { 244 /* See if packet mode change of state. */ 245 if (tty->link && tty->link->ctrl.packet) { 246 int extproc = (old_termios->c_lflag & EXTPROC) | L_EXTPROC(tty); 247 int old_flow = ((old_termios->c_iflag & IXON) && 248 (old_termios->c_cc[VSTOP] == '\023') && 249 (old_termios->c_cc[VSTART] == '\021')); 250 int new_flow = (I_IXON(tty) && 251 STOP_CHAR(tty) == '\023' && 252 START_CHAR(tty) == '\021'); 253 if ((old_flow != new_flow) || extproc) { 254 scoped_guard(spinlock_irq, &tty->ctrl.lock) { 255 if (old_flow != new_flow) { 256 tty->ctrl.pktstatus &= ~(TIOCPKT_DOSTOP | TIOCPKT_NOSTOP); 257 if (new_flow) 258 tty->ctrl.pktstatus |= TIOCPKT_DOSTOP; 259 else 260 tty->ctrl.pktstatus |= TIOCPKT_NOSTOP; 261 } 262 if (extproc) 263 tty->ctrl.pktstatus |= TIOCPKT_IOCTL; 264 } 265 wake_up_interruptible(&tty->link->read_wait); 266 } 267 } 268 269 tty->termios.c_cflag &= ~(CSIZE | PARENB); 270 tty->termios.c_cflag |= (CS8 | CREAD); 271 } 272 273 /** 274 * pty_resize - resize event 275 * @tty: tty being resized 276 * @ws: window size being set. 277 * 278 * Update the termios variables and send the necessary signals to 279 * peform a terminal resize correctly 280 */ 281 282 static int pty_resize(struct tty_struct *tty, struct winsize *ws) 283 { 284 struct pid *pgrp, *rpgrp; 285 struct tty_struct *pty = tty->link; 286 287 /* For a PTY we need to lock the tty side */ 288 guard(mutex)(&tty->winsize_mutex); 289 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 290 return 0; 291 292 /* Signal the foreground process group of both ptys */ 293 pgrp = tty_get_pgrp(tty); 294 rpgrp = tty_get_pgrp(pty); 295 296 if (pgrp) 297 kill_pgrp(pgrp, SIGWINCH, 1); 298 if (rpgrp != pgrp && rpgrp) 299 kill_pgrp(rpgrp, SIGWINCH, 1); 300 301 put_pid(pgrp); 302 put_pid(rpgrp); 303 304 tty->winsize = *ws; 305 pty->winsize = *ws; /* Never used so will go away soon */ 306 307 return 0; 308 } 309 310 /** 311 * pty_start - start() handler 312 * pty_stop - stop() handler 313 * @tty: tty being flow-controlled 314 * 315 * Propagates the TIOCPKT status to the master pty. 316 * 317 * NB: only the master pty can be in packet mode so only the slave 318 * needs start()/stop() handlers 319 */ 320 static void pty_start(struct tty_struct *tty) 321 { 322 if (!tty->link || !tty->link->ctrl.packet) 323 return; 324 325 scoped_guard(spinlock_irqsave, &tty->ctrl.lock) { 326 tty->ctrl.pktstatus &= ~TIOCPKT_STOP; 327 tty->ctrl.pktstatus |= TIOCPKT_START; 328 } 329 wake_up_interruptible_poll(&tty->link->read_wait, EPOLLIN); 330 } 331 332 static void pty_stop(struct tty_struct *tty) 333 { 334 if (!tty->link || !tty->link->ctrl.packet) 335 return; 336 337 scoped_guard(spinlock_irqsave, &tty->ctrl.lock) { 338 tty->ctrl.pktstatus &= ~TIOCPKT_START; 339 tty->ctrl.pktstatus |= TIOCPKT_STOP; 340 } 341 wake_up_interruptible_poll(&tty->link->read_wait, EPOLLIN); 342 } 343 344 /** 345 * pty_common_install - set up the pty pair 346 * @driver: the pty driver 347 * @tty: the tty being instantiated 348 * @legacy: true if this is BSD style 349 * 350 * Perform the initial set up for the tty/pty pair. Called from the 351 * tty layer when the port is first opened. 352 * 353 * Locking: the caller must hold the tty_mutex 354 */ 355 static int pty_common_install(struct tty_driver *driver, struct tty_struct *tty, 356 bool legacy) 357 { 358 struct tty_struct *o_tty; 359 struct tty_port *ports[2]; 360 int idx = tty->index; 361 int retval = -ENOMEM; 362 363 /* Opening the slave first has always returned -EIO */ 364 if (driver->subtype != PTY_TYPE_MASTER) 365 return -EIO; 366 367 ports[0] = kmalloc(sizeof **ports, GFP_KERNEL); 368 ports[1] = kmalloc(sizeof **ports, GFP_KERNEL); 369 if (!ports[0] || !ports[1]) 370 goto err; 371 if (!try_module_get(driver->other->owner)) { 372 /* This cannot in fact currently happen */ 373 goto err; 374 } 375 o_tty = alloc_tty_struct(driver->other, idx); 376 if (!o_tty) 377 goto err_put_module; 378 379 tty_set_lock_subclass(o_tty); 380 lockdep_set_subclass(&o_tty->termios_rwsem, TTY_LOCK_SLAVE); 381 382 if (legacy) { 383 /* We always use new tty termios data so we can do this 384 the easy way .. */ 385 tty_init_termios(tty); 386 tty_init_termios(o_tty); 387 388 driver->other->ttys[idx] = o_tty; 389 driver->ttys[idx] = tty; 390 } else { 391 memset(&tty->termios_locked, 0, sizeof(tty->termios_locked)); 392 tty->termios = driver->init_termios; 393 memset(&o_tty->termios_locked, 0, sizeof(tty->termios_locked)); 394 o_tty->termios = driver->other->init_termios; 395 } 396 397 /* 398 * Everything allocated ... set up the o_tty structure. 399 */ 400 tty_driver_kref_get(driver->other); 401 /* Establish the links in both directions */ 402 tty->link = o_tty; 403 o_tty->link = tty; 404 tty_port_init(ports[0]); 405 tty_port_init(ports[1]); 406 tty_buffer_set_limit(ports[0], 8192); 407 tty_buffer_set_limit(ports[1], 8192); 408 o_tty->port = ports[0]; 409 tty->port = ports[1]; 410 o_tty->port->itty = o_tty; 411 412 tty_buffer_set_lock_subclass(o_tty->port); 413 414 tty_driver_kref_get(driver); 415 tty->count++; 416 o_tty->count++; 417 return 0; 418 419 err_put_module: 420 module_put(driver->other->owner); 421 err: 422 kfree(ports[0]); 423 kfree(ports[1]); 424 return retval; 425 } 426 427 static void pty_cleanup(struct tty_struct *tty) 428 { 429 tty_port_put(tty->port); 430 } 431 432 /* Traditional BSD devices */ 433 #ifdef CONFIG_LEGACY_PTYS 434 435 static int pty_install(struct tty_driver *driver, struct tty_struct *tty) 436 { 437 return pty_common_install(driver, tty, true); 438 } 439 440 static void pty_remove(struct tty_driver *driver, struct tty_struct *tty) 441 { 442 struct tty_struct *pair = tty->link; 443 444 driver->ttys[tty->index] = NULL; 445 if (pair) 446 pair->driver->ttys[pair->index] = NULL; 447 } 448 449 static int pty_bsd_ioctl(struct tty_struct *tty, 450 unsigned int cmd, unsigned long arg) 451 { 452 switch (cmd) { 453 case TIOCSPTLCK: /* Set PT Lock (disallow slave open) */ 454 return pty_set_lock(tty, (int __user *) arg); 455 case TIOCGPTLCK: /* Get PT Lock status */ 456 return pty_get_lock(tty, (int __user *)arg); 457 case TIOCPKT: /* Set PT packet mode */ 458 return pty_set_pktmode(tty, (int __user *)arg); 459 case TIOCGPKT: /* Get PT packet mode */ 460 return pty_get_pktmode(tty, (int __user *)arg); 461 case TIOCSIG: /* Send signal to other side of pty */ 462 return pty_signal(tty, (int) arg); 463 case TIOCGPTN: /* TTY returns ENOTTY, but glibc expects EINVAL here */ 464 return -EINVAL; 465 } 466 return -ENOIOCTLCMD; 467 } 468 469 #ifdef CONFIG_COMPAT 470 static long pty_bsd_compat_ioctl(struct tty_struct *tty, 471 unsigned int cmd, unsigned long arg) 472 { 473 /* 474 * PTY ioctls don't require any special translation between 32-bit and 475 * 64-bit userspace, they are already compatible. 476 */ 477 return pty_bsd_ioctl(tty, cmd, (unsigned long)compat_ptr(arg)); 478 } 479 #else 480 #define pty_bsd_compat_ioctl NULL 481 #endif 482 483 static int legacy_count = CONFIG_LEGACY_PTY_COUNT; 484 /* 485 * not really modular, but the easiest way to keep compat with existing 486 * bootargs behaviour is to continue using module_param here. 487 */ 488 module_param(legacy_count, int, 0); 489 490 /* 491 * The master side of a pty can do TIOCSPTLCK and thus 492 * has pty_bsd_ioctl. 493 */ 494 static const struct tty_operations master_pty_ops_bsd = { 495 .install = pty_install, 496 .open = pty_open, 497 .close = pty_close, 498 .write = pty_write, 499 .write_room = pty_write_room, 500 .flush_buffer = pty_flush_buffer, 501 .unthrottle = pty_unthrottle, 502 .ioctl = pty_bsd_ioctl, 503 .compat_ioctl = pty_bsd_compat_ioctl, 504 .cleanup = pty_cleanup, 505 .resize = pty_resize, 506 .remove = pty_remove 507 }; 508 509 static const struct tty_operations slave_pty_ops_bsd = { 510 .install = pty_install, 511 .open = pty_open, 512 .close = pty_close, 513 .write = pty_write, 514 .write_room = pty_write_room, 515 .flush_buffer = pty_flush_buffer, 516 .unthrottle = pty_unthrottle, 517 .set_termios = pty_set_termios, 518 .cleanup = pty_cleanup, 519 .resize = pty_resize, 520 .start = pty_start, 521 .stop = pty_stop, 522 .remove = pty_remove 523 }; 524 525 static void __init legacy_pty_init(void) 526 { 527 struct tty_driver *pty_driver, *pty_slave_driver; 528 529 if (legacy_count <= 0) 530 return; 531 532 pty_driver = tty_alloc_driver(legacy_count, 533 TTY_DRIVER_RESET_TERMIOS | 534 TTY_DRIVER_REAL_RAW | 535 TTY_DRIVER_DYNAMIC_ALLOC); 536 if (IS_ERR(pty_driver)) 537 panic("Couldn't allocate pty driver"); 538 539 pty_slave_driver = tty_alloc_driver(legacy_count, 540 TTY_DRIVER_RESET_TERMIOS | 541 TTY_DRIVER_REAL_RAW | 542 TTY_DRIVER_DYNAMIC_ALLOC); 543 if (IS_ERR(pty_slave_driver)) 544 panic("Couldn't allocate pty slave driver"); 545 546 pty_driver->driver_name = "pty_master"; 547 pty_driver->name = "pty"; 548 pty_driver->major = PTY_MASTER_MAJOR; 549 pty_driver->minor_start = 0; 550 pty_driver->type = TTY_DRIVER_TYPE_PTY; 551 pty_driver->subtype = PTY_TYPE_MASTER; 552 pty_driver->init_termios = tty_std_termios; 553 pty_driver->init_termios.c_iflag = 0; 554 pty_driver->init_termios.c_oflag = 0; 555 pty_driver->init_termios.c_cflag = B38400 | CS8 | CREAD; 556 pty_driver->init_termios.c_lflag = 0; 557 pty_driver->init_termios.c_ispeed = 38400; 558 pty_driver->init_termios.c_ospeed = 38400; 559 pty_driver->other = pty_slave_driver; 560 tty_set_operations(pty_driver, &master_pty_ops_bsd); 561 562 pty_slave_driver->driver_name = "pty_slave"; 563 pty_slave_driver->name = "ttyp"; 564 pty_slave_driver->major = PTY_SLAVE_MAJOR; 565 pty_slave_driver->minor_start = 0; 566 pty_slave_driver->type = TTY_DRIVER_TYPE_PTY; 567 pty_slave_driver->subtype = PTY_TYPE_SLAVE; 568 pty_slave_driver->init_termios = tty_std_termios; 569 pty_slave_driver->init_termios.c_cflag = B38400 | CS8 | CREAD; 570 pty_slave_driver->init_termios.c_ispeed = 38400; 571 pty_slave_driver->init_termios.c_ospeed = 38400; 572 pty_slave_driver->other = pty_driver; 573 tty_set_operations(pty_slave_driver, &slave_pty_ops_bsd); 574 575 if (tty_register_driver(pty_driver)) 576 panic("Couldn't register pty driver"); 577 if (tty_register_driver(pty_slave_driver)) 578 panic("Couldn't register pty slave driver"); 579 } 580 #else 581 static inline void legacy_pty_init(void) { } 582 #endif 583 584 /* Unix98 devices */ 585 #ifdef CONFIG_UNIX98_PTYS 586 static struct cdev ptmx_cdev; 587 588 static struct file *ptm_open_peer_file(struct file *master, 589 struct tty_struct *tty, int flags) 590 { 591 struct path path; 592 struct file *file; 593 594 /* Compute the slave's path */ 595 path.mnt = devpts_mntget(master, tty->driver_data); 596 if (IS_ERR(path.mnt)) 597 return ERR_CAST(path.mnt); 598 path.dentry = tty->link->driver_data; 599 600 file = dentry_open(&path, flags, current_cred()); 601 mntput(path.mnt); 602 return file; 603 } 604 605 /** 606 * ptm_open_peer - open the peer of a pty 607 * @master: the open struct file of the ptmx device node 608 * @tty: the master of the pty being opened 609 * @flags: the flags for open 610 * 611 * Provide a race free way for userspace to open the slave end of a pty 612 * (where they have the master fd and cannot access or trust the mount 613 * namespace /dev/pts was mounted inside). 614 */ 615 int ptm_open_peer(struct file *master, struct tty_struct *tty, int flags) 616 { 617 if (tty->driver != ptm_driver) 618 return -EIO; 619 620 return FD_ADD(flags, ptm_open_peer_file(master, tty, flags)); 621 } 622 623 static int pty_unix98_ioctl(struct tty_struct *tty, 624 unsigned int cmd, unsigned long arg) 625 { 626 switch (cmd) { 627 case TIOCSPTLCK: /* Set PT Lock (disallow slave open) */ 628 return pty_set_lock(tty, (int __user *)arg); 629 case TIOCGPTLCK: /* Get PT Lock status */ 630 return pty_get_lock(tty, (int __user *)arg); 631 case TIOCPKT: /* Set PT packet mode */ 632 return pty_set_pktmode(tty, (int __user *)arg); 633 case TIOCGPKT: /* Get PT packet mode */ 634 return pty_get_pktmode(tty, (int __user *)arg); 635 case TIOCGPTN: /* Get PT Number */ 636 return put_user(tty->index, (unsigned int __user *)arg); 637 case TIOCSIG: /* Send signal to other side of pty */ 638 return pty_signal(tty, (int) arg); 639 } 640 641 return -ENOIOCTLCMD; 642 } 643 644 #ifdef CONFIG_COMPAT 645 static long pty_unix98_compat_ioctl(struct tty_struct *tty, 646 unsigned int cmd, unsigned long arg) 647 { 648 /* 649 * PTY ioctls don't require any special translation between 32-bit and 650 * 64-bit userspace, they are already compatible. 651 */ 652 return pty_unix98_ioctl(tty, cmd, 653 cmd == TIOCSIG ? arg : (unsigned long)compat_ptr(arg)); 654 } 655 #else 656 #define pty_unix98_compat_ioctl NULL 657 #endif 658 659 /** 660 * ptm_unix98_lookup - find a pty master 661 * @driver: ptm driver 662 * @file: unused 663 * @idx: tty index 664 * 665 * Look up a pty master device. Called under the tty_mutex for now. 666 * This provides our locking. 667 */ 668 669 static struct tty_struct *ptm_unix98_lookup(struct tty_driver *driver, 670 struct file *file, int idx) 671 { 672 /* Master must be open via /dev/ptmx */ 673 return ERR_PTR(-EIO); 674 } 675 676 /** 677 * pts_unix98_lookup - find a pty slave 678 * @driver: pts driver 679 * @file: file pointer to tty 680 * @idx: tty index 681 * 682 * Look up a pty master device. Called under the tty_mutex for now. 683 * This provides our locking for the tty pointer. 684 */ 685 686 static struct tty_struct *pts_unix98_lookup(struct tty_driver *driver, 687 struct file *file, int idx) 688 { 689 guard(mutex)(&devpts_mutex); 690 /* Master must be open before slave */ 691 return devpts_get_priv(file->f_path.dentry) ? : ERR_PTR(-EIO); 692 } 693 694 static int pty_unix98_install(struct tty_driver *driver, struct tty_struct *tty) 695 { 696 return pty_common_install(driver, tty, false); 697 } 698 699 /* this is called once with whichever end is closed last */ 700 static void pty_unix98_remove(struct tty_driver *driver, struct tty_struct *tty) 701 { 702 struct pts_fs_info *fsi; 703 704 if (tty->driver->subtype == PTY_TYPE_MASTER) 705 fsi = tty->driver_data; 706 else 707 fsi = tty->link->driver_data; 708 709 if (fsi) { 710 devpts_kill_index(fsi, tty->index); 711 devpts_release(fsi); 712 } 713 } 714 715 static void pty_show_fdinfo(struct tty_struct *tty, struct seq_file *m) 716 { 717 seq_printf(m, "tty-index:\t%d\n", tty->index); 718 } 719 720 static const struct tty_operations ptm_unix98_ops = { 721 .lookup = ptm_unix98_lookup, 722 .install = pty_unix98_install, 723 .remove = pty_unix98_remove, 724 .open = pty_open, 725 .close = pty_close, 726 .write = pty_write, 727 .write_room = pty_write_room, 728 .flush_buffer = pty_flush_buffer, 729 .unthrottle = pty_unthrottle, 730 .ioctl = pty_unix98_ioctl, 731 .compat_ioctl = pty_unix98_compat_ioctl, 732 .resize = pty_resize, 733 .cleanup = pty_cleanup, 734 .show_fdinfo = pty_show_fdinfo, 735 }; 736 737 static const struct tty_operations pty_unix98_ops = { 738 .lookup = pts_unix98_lookup, 739 .install = pty_unix98_install, 740 .remove = pty_unix98_remove, 741 .open = pty_open, 742 .close = pty_close, 743 .write = pty_write, 744 .write_room = pty_write_room, 745 .flush_buffer = pty_flush_buffer, 746 .unthrottle = pty_unthrottle, 747 .set_termios = pty_set_termios, 748 .start = pty_start, 749 .stop = pty_stop, 750 .cleanup = pty_cleanup, 751 }; 752 753 /** 754 * ptmx_open - open a unix 98 pty master 755 * @inode: inode of device file 756 * @filp: file pointer to tty 757 * 758 * Allocate a unix98 pty master device from the ptmx driver. 759 * 760 * Locking: tty_mutex protects the init_dev work. tty->count should 761 * protect the rest. 762 * allocated_ptys_lock handles the list of free pty numbers 763 */ 764 765 static int ptmx_open(struct inode *inode, struct file *filp) 766 { 767 struct pts_fs_info *fsi; 768 struct tty_struct *tty; 769 struct dentry *dentry; 770 int retval; 771 int index; 772 773 nonseekable_open(inode, filp); 774 775 /* We refuse fsnotify events on ptmx, since it's a shared resource */ 776 file_set_fsnotify_mode(filp, FMODE_NONOTIFY); 777 778 retval = tty_alloc_file(filp); 779 if (retval) 780 return retval; 781 782 fsi = devpts_acquire(filp); 783 if (IS_ERR(fsi)) { 784 retval = PTR_ERR(fsi); 785 goto out_free_file; 786 } 787 788 /* find a device that is not in use. */ 789 scoped_guard(mutex, &devpts_mutex) 790 index = devpts_new_index(fsi); 791 792 retval = index; 793 if (index < 0) 794 goto out_put_fsi; 795 796 797 /* The tty returned here is locked so we can safely drop the mutex */ 798 scoped_guard(mutex, &tty_mutex) 799 tty = tty_init_dev(ptm_driver, index); 800 801 retval = PTR_ERR(tty); 802 if (IS_ERR(tty)) 803 goto out; 804 805 /* 806 * From here on out, the tty is "live", and the index and 807 * fsi will be killed/put by the tty_release() 808 */ 809 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */ 810 tty->driver_data = fsi; 811 812 tty_add_file(tty, filp); 813 814 dentry = devpts_pty_new(fsi, index, tty->link); 815 if (IS_ERR(dentry)) { 816 retval = PTR_ERR(dentry); 817 goto err_release; 818 } 819 tty->link->driver_data = dentry; 820 821 retval = ptm_driver->ops->open(tty, filp); 822 if (retval) 823 goto err_release; 824 825 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 826 827 tty_unlock(tty); 828 return 0; 829 err_release: 830 tty_unlock(tty); 831 // This will also put-ref the fsi 832 tty_release(inode, filp); 833 return retval; 834 out: 835 devpts_kill_index(fsi, index); 836 out_put_fsi: 837 devpts_release(fsi); 838 out_free_file: 839 tty_free_file(filp); 840 return retval; 841 } 842 843 static struct file_operations ptmx_fops __ro_after_init; 844 845 static void __init unix98_pty_init(void) 846 { 847 ptm_driver = tty_alloc_driver(NR_UNIX98_PTY_MAX, 848 TTY_DRIVER_RESET_TERMIOS | 849 TTY_DRIVER_REAL_RAW | 850 TTY_DRIVER_DYNAMIC_DEV | 851 TTY_DRIVER_DEVPTS_MEM | 852 TTY_DRIVER_DYNAMIC_ALLOC); 853 if (IS_ERR(ptm_driver)) 854 panic("Couldn't allocate Unix98 ptm driver"); 855 pts_driver = tty_alloc_driver(NR_UNIX98_PTY_MAX, 856 TTY_DRIVER_RESET_TERMIOS | 857 TTY_DRIVER_REAL_RAW | 858 TTY_DRIVER_DYNAMIC_DEV | 859 TTY_DRIVER_DEVPTS_MEM | 860 TTY_DRIVER_DYNAMIC_ALLOC); 861 if (IS_ERR(pts_driver)) 862 panic("Couldn't allocate Unix98 pts driver"); 863 864 ptm_driver->driver_name = "pty_master"; 865 ptm_driver->name = "ptm"; 866 ptm_driver->major = UNIX98_PTY_MASTER_MAJOR; 867 ptm_driver->minor_start = 0; 868 ptm_driver->type = TTY_DRIVER_TYPE_PTY; 869 ptm_driver->subtype = PTY_TYPE_MASTER; 870 ptm_driver->init_termios = tty_std_termios; 871 ptm_driver->init_termios.c_iflag = 0; 872 ptm_driver->init_termios.c_oflag = 0; 873 ptm_driver->init_termios.c_cflag = B38400 | CS8 | CREAD; 874 ptm_driver->init_termios.c_lflag = 0; 875 ptm_driver->init_termios.c_ispeed = 38400; 876 ptm_driver->init_termios.c_ospeed = 38400; 877 ptm_driver->other = pts_driver; 878 tty_set_operations(ptm_driver, &ptm_unix98_ops); 879 880 pts_driver->driver_name = "pty_slave"; 881 pts_driver->name = "pts"; 882 pts_driver->major = UNIX98_PTY_SLAVE_MAJOR; 883 pts_driver->minor_start = 0; 884 pts_driver->type = TTY_DRIVER_TYPE_PTY; 885 pts_driver->subtype = PTY_TYPE_SLAVE; 886 pts_driver->init_termios = tty_std_termios; 887 pts_driver->init_termios.c_cflag = B38400 | CS8 | CREAD; 888 pts_driver->init_termios.c_ispeed = 38400; 889 pts_driver->init_termios.c_ospeed = 38400; 890 pts_driver->other = ptm_driver; 891 tty_set_operations(pts_driver, &pty_unix98_ops); 892 893 if (tty_register_driver(ptm_driver)) 894 panic("Couldn't register Unix98 ptm driver"); 895 if (tty_register_driver(pts_driver)) 896 panic("Couldn't register Unix98 pts driver"); 897 898 /* Now create the /dev/ptmx special device */ 899 tty_default_fops(&ptmx_fops); 900 ptmx_fops.open = ptmx_open; 901 902 cdev_init(&ptmx_cdev, &ptmx_fops); 903 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) || 904 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0) 905 panic("Couldn't register /dev/ptmx driver"); 906 device_create(&tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx"); 907 } 908 909 #else 910 static inline void unix98_pty_init(void) { } 911 #endif 912 913 static int __init pty_init(void) 914 { 915 legacy_pty_init(); 916 unix98_pty_init(); 917 return 0; 918 } 919 device_initcall(pty_init); 920