xref: /titanic_50/usr/src/uts/common/fs/dev/sdev_ptsops.c (revision e79c98e6c943cb3032f272714ff4ce6137d40394)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * vnode ops for the /dev/pts directory
30  *	The lookup is based on the internal pty table. We also
31  *	override readdir in order to delete pts nodes no longer
32  *	in use.
33  */
34 
35 #include <sys/types.h>
36 #include <sys/param.h>
37 #include <sys/sysmacros.h>
38 #include <sys/sunndi.h>
39 #include <fs/fs_subr.h>
40 #include <sys/fs/dv_node.h>
41 #include <sys/fs/sdev_impl.h>
42 #include <sys/policy.h>
43 #include <sys/ptms.h>
44 #include <sys/stat.h>
45 #include <sys/vfs_opreg.h>
46 
47 #define	DEVPTS_UID_DEFAULT	0
48 #define	DEVPTS_GID_DEFAULT	3
49 #define	DEVPTS_DEVMODE_DEFAULT	(0620)
50 
51 #define	isdigit(ch)	((ch) >= '0' && (ch) <= '9')
52 
53 static vattr_t devpts_vattr = {
54 	AT_TYPE|AT_MODE|AT_UID|AT_GID,		/* va_mask */
55 	VCHR,					/* va_type */
56 	S_IFCHR | DEVPTS_DEVMODE_DEFAULT,	/* va_mode */
57 	DEVPTS_UID_DEFAULT,			/* va_uid */
58 	DEVPTS_GID_DEFAULT,			/* va_gid */
59 	0					/* 0 hereafter */
60 };
61 
62 struct vnodeops		*devpts_vnodeops;
63 
64 struct vnodeops *
65 devpts_getvnodeops(void)
66 {
67 	return (devpts_vnodeops);
68 }
69 
70 /*
71  * Convert string to minor number. Some care must be taken
72  * as we are processing user input. Catch cases like
73  * /dev/pts/4foo and /dev/pts/-1
74  */
75 static int
76 devpts_strtol(const char *nm, minor_t *mp)
77 {
78 	long uminor = 0;
79 	char *endptr = NULL;
80 
81 	if (nm == NULL || !isdigit(*nm))
82 		return (EINVAL);
83 
84 	*mp = 0;
85 	if (ddi_strtol(nm, &endptr, 10, &uminor) != 0 ||
86 	    *endptr != '\0' || uminor < 0) {
87 		return (EINVAL);
88 	}
89 
90 	*mp = (minor_t)uminor;
91 	return (0);
92 }
93 
94 /*
95  * Check if a pts sdev_node is still valid - i.e. it represents a current pty.
96  * This serves two purposes
97  *	- only valid pts nodes are returned during lookup() and readdir().
98  *	- since pts sdev_nodes are not actively destroyed when a pty goes
99  *	  away, we use the validator to do deferred cleanup i.e. when such
100  *	  nodes are encountered during subsequent lookup() and readdir().
101  */
102 /*ARGSUSED*/
103 int
104 devpts_validate(struct sdev_node *dv)
105 {
106 	minor_t min;
107 	uid_t uid;
108 	gid_t gid;
109 	timestruc_t now;
110 	char *nm = dv->sdev_name;
111 
112 	ASSERT(!(dv->sdev_flags & SDEV_STALE));
113 	ASSERT(dv->sdev_state == SDEV_READY);
114 
115 	/* validate only READY nodes */
116 	if (dv->sdev_state != SDEV_READY) {
117 		sdcmn_err(("dev fs: skipping: node not ready %s(%p)",
118 		    nm, (void *)dv));
119 		return (SDEV_VTOR_SKIP);
120 	}
121 
122 	if (devpts_strtol(nm, &min) != 0) {
123 		sdcmn_err7(("devpts_validate: not a valid minor: %s\n", nm));
124 		return (SDEV_VTOR_INVALID);
125 	}
126 
127 	/*
128 	 * Check if pts driver is attached
129 	 */
130 	if (ptms_slave_attached() == (major_t)-1) {
131 		sdcmn_err7(("devpts_validate: slave not attached\n"));
132 		return (SDEV_VTOR_INVALID);
133 	}
134 
135 	if (ptms_minor_valid(min, &uid, &gid) == 0) {
136 		if (ptms_minor_exists(min)) {
137 			sdcmn_err7(("devpts_validate: valid in different zone "
138 			    "%s\n", nm));
139 			return (SDEV_VTOR_SKIP);
140 		} else {
141 			sdcmn_err7(("devpts_validate: %s not valid pty\n",
142 			    nm));
143 			return (SDEV_VTOR_INVALID);
144 		}
145 	}
146 
147 	ASSERT(dv->sdev_attr);
148 	if (dv->sdev_attr->va_uid != uid || dv->sdev_attr->va_gid != gid) {
149 		dv->sdev_attr->va_uid = uid;
150 		dv->sdev_attr->va_gid = gid;
151 		gethrestime(&now);
152 		dv->sdev_attr->va_atime = now;
153 		dv->sdev_attr->va_mtime = now;
154 		dv->sdev_attr->va_ctime = now;
155 		sdcmn_err7(("devpts_validate: update uid/gid/times%s\n", nm));
156 	}
157 
158 	return (SDEV_VTOR_VALID);
159 }
160 
161 /*
162  * This callback is invoked from devname_lookup_func() to create
163  * a pts entry when the node is not found in the cache.
164  */
165 /*ARGSUSED*/
166 static int
167 devpts_create_rvp(struct sdev_node *ddv, char *nm,
168     void **arg, cred_t *cred, void *whatever, char *whichever)
169 {
170 	minor_t min;
171 	major_t maj;
172 	uid_t uid;
173 	gid_t gid;
174 	timestruc_t now;
175 	struct vattr *vap = (struct vattr *)arg;
176 
177 	if (devpts_strtol(nm, &min) != 0) {
178 		sdcmn_err7(("devpts_create_rvp: not a valid minor: %s\n", nm));
179 		return (-1);
180 	}
181 
182 	/*
183 	 * Check if pts driver is attached and if it is
184 	 * get the major number.
185 	 */
186 	maj = ptms_slave_attached();
187 	if (maj == (major_t)-1) {
188 		sdcmn_err7(("devpts_create_rvp: slave not attached\n"));
189 		return (-1);
190 	}
191 
192 	/*
193 	 * Only allow creation of ptys allocated to our zone
194 	 */
195 	if (!ptms_minor_valid(min, &uid, &gid)) {
196 		sdcmn_err7(("devpts_create_rvp: %s not valid pty"
197 		    "or not valid in this zone\n", nm));
198 		return (-1);
199 	}
200 
201 
202 	/*
203 	 * This is a valid pty (at least at this point in time).
204 	 * Create the node by setting the attribute. The rest
205 	 * is taken care of by devname_lookup_func().
206 	 */
207 	*vap = devpts_vattr;
208 	vap->va_rdev = makedevice(maj, min);
209 	vap->va_uid = uid;
210 	vap->va_gid = gid;
211 	gethrestime(&now);
212 	vap->va_atime = now;
213 	vap->va_mtime = now;
214 	vap->va_ctime = now;
215 
216 	return (0);
217 }
218 
219 /*
220  * Clean pts sdev_nodes that are no longer valid.
221  */
222 static void
223 devpts_prunedir(struct sdev_node *ddv)
224 {
225 	struct vnode *vp;
226 	struct sdev_node *dv, *next = NULL;
227 	int (*vtor)(struct sdev_node *) = NULL;
228 
229 	ASSERT(ddv->sdev_flags & SDEV_VTOR);
230 
231 	vtor = (int (*)(struct sdev_node *))sdev_get_vtor(ddv);
232 	ASSERT(vtor);
233 
234 	if (rw_tryupgrade(&ddv->sdev_contents) == NULL) {
235 		rw_exit(&ddv->sdev_contents);
236 		rw_enter(&ddv->sdev_contents, RW_WRITER);
237 	}
238 
239 	for (dv = ddv->sdev_dot; dv; dv = next) {
240 		next = dv->sdev_next;
241 
242 		/* skip stale nodes */
243 		if (dv->sdev_flags & SDEV_STALE)
244 			continue;
245 
246 		/* validate and prune only ready nodes */
247 		if (dv->sdev_state != SDEV_READY)
248 			continue;
249 
250 		switch (vtor(dv)) {
251 		case SDEV_VTOR_VALID:
252 		case SDEV_VTOR_SKIP:
253 			continue;
254 		case SDEV_VTOR_INVALID:
255 			sdcmn_err7(("prunedir: destroy invalid "
256 			    "node: %s(%p)\n", dv->sdev_name, (void *)dv));
257 			break;
258 		}
259 		vp = SDEVTOV(dv);
260 		if (vp->v_count > 0)
261 			continue;
262 		SDEV_HOLD(dv);
263 		/* remove the cache node */
264 		(void) sdev_cache_update(ddv, &dv, dv->sdev_name,
265 		    SDEV_CACHE_DELETE);
266 	}
267 	rw_downgrade(&ddv->sdev_contents);
268 }
269 
270 /*
271  * Lookup for /dev/pts directory
272  *	If the entry does not exist, the devpts_create_rvp() callback
273  *	is invoked to create it. Nodes do not persist across reboot.
274  *
275  * There is a potential denial of service here via
276  * fattach on top of a /dev/pts node - any permission changes
277  * applied to the node, apply to the fattached file and not
278  * to the underlying pts node. As a result when the previous
279  * user fdetaches, the pts node is still owned by the previous
280  * owner. To prevent this we don't allow fattach() on top of a pts
281  * node. This is done by a modification in the namefs filesystem
282  * where we check if the underlying node has the /dev/pts vnodeops.
283  * We do this via VOP_REALVP() on the underlying specfs node.
284  * sdev_nodes currently don't have a realvp. If a realvp is ever
285  * created for sdev_nodes, then VOP_REALVP() will return the
286  * actual realvp (possibly a ufs vnode). This will defeat the check
287  * in namefs code which checks if VOP_REALVP() returns a devpts
288  * node. We add an ASSERT here in /dev/pts lookup() to check for
289  * this condition. If sdev_nodes ever get a VOP_REALVP() entry point,
290  * change the code in the namefs filesystem code (in nm_mount()) to
291  * access the realvp of the specfs node directly instead of using
292  * VOP_REALVP().
293  */
294 /*ARGSUSED3*/
295 static int
296 devpts_lookup(struct vnode *dvp, char *nm, struct vnode **vpp,
297     struct pathname *pnp, int flags, struct vnode *rdir, struct cred *cred,
298     caller_context_t *ct, int *direntflags, pathname_t *realpnp)
299 {
300 	struct sdev_node *sdvp = VTOSDEV(dvp);
301 	struct sdev_node *dv;
302 	struct vnode *rvp = NULL;
303 	int error;
304 
305 	error = devname_lookup_func(sdvp, nm, vpp, cred, devpts_create_rvp,
306 	    SDEV_VATTR);
307 
308 	if (error == 0) {
309 		switch ((*vpp)->v_type) {
310 		case VCHR:
311 			dv = VTOSDEV(VTOS(*vpp)->s_realvp);
312 			ASSERT(VOP_REALVP(SDEVTOV(dv), &rvp, NULL) == ENOSYS);
313 			break;
314 		case VDIR:
315 			dv = VTOSDEV(*vpp);
316 			break;
317 		default:
318 			cmn_err(CE_PANIC, "devpts_lookup: Unsupported node "
319 			    "type: %p: %d", (void *)(*vpp), (*vpp)->v_type);
320 			break;
321 		}
322 		ASSERT(SDEV_HELD(dv));
323 	}
324 
325 	return (error);
326 }
327 
328 /*
329  * We allow create to find existing nodes
330  *	- if the node doesn't exist - EROFS
331  *	- creating an existing dir read-only succeeds, otherwise EISDIR
332  *	- exclusive creates fail - EEXIST
333  */
334 /*ARGSUSED2*/
335 static int
336 devpts_create(struct vnode *dvp, char *nm, struct vattr *vap, vcexcl_t excl,
337     int mode, struct vnode **vpp, struct cred *cred, int flag,
338     caller_context_t *ct, vsecattr_t *vsecp)
339 {
340 	int error;
341 	struct vnode *vp;
342 
343 	*vpp = NULL;
344 
345 	error = devpts_lookup(dvp, nm, &vp, NULL, 0, NULL, cred, ct, NULL,
346 	    NULL);
347 	if (error == 0) {
348 		if (excl == EXCL)
349 			error = EEXIST;
350 		else if (vp->v_type == VDIR && (mode & VWRITE))
351 			error = EISDIR;
352 		else
353 			error = VOP_ACCESS(vp, mode, 0, cred, ct);
354 
355 		if (error) {
356 			VN_RELE(vp);
357 		} else
358 			*vpp = vp;
359 	} else if (error == ENOENT) {
360 		error = EROFS;
361 	}
362 
363 	return (error);
364 }
365 
366 /*
367  * Display all instantiated pts (slave) device nodes.
368  * A /dev/pts entry will be created only after the first lookup of the slave
369  * device succeeds.
370  */
371 /*ARGSUSED4*/
372 static int
373 devpts_readdir(struct vnode *dvp, struct uio *uiop, struct cred *cred,
374     int *eofp, caller_context_t *ct, int flags)
375 {
376 	struct sdev_node *sdvp = VTOSDEV(dvp);
377 	if (uiop->uio_offset == 0) {
378 		devpts_prunedir(sdvp);
379 	}
380 
381 	return (devname_readdir_func(dvp, uiop, cred, eofp, 0));
382 }
383 
384 
385 static int
386 devpts_set_id(struct sdev_node *dv, struct vattr *vap, int protocol)
387 {
388 	ASSERT((protocol & AT_UID) || (protocol & AT_GID));
389 	ptms_set_owner(getminor(SDEVTOV(dv)->v_rdev),
390 	    vap->va_uid, vap->va_gid);
391 	return (0);
392 
393 }
394 
395 /*ARGSUSED4*/
396 static int
397 devpts_setattr(struct vnode *vp, struct vattr *vap, int flags,
398     struct cred *cred, caller_context_t *ctp)
399 {
400 	ASSERT((vp->v_type == VCHR) || (vp->v_type == VDIR));
401 	return (devname_setattr_func(vp, vap, flags, cred,
402 		    devpts_set_id, AT_UID|AT_GID));
403 }
404 
405 
406 /*
407  * We override lookup and readdir to build entries based on the
408  * in kernel pty table. Also override setattr/setsecattr to
409  * avoid persisting permissions.
410  */
411 const fs_operation_def_t devpts_vnodeops_tbl[] = {
412 	VOPNAME_READDIR,	{ .vop_readdir = devpts_readdir },
413 	VOPNAME_LOOKUP,		{ .vop_lookup = devpts_lookup },
414 	VOPNAME_CREATE,		{ .vop_create = devpts_create },
415 	VOPNAME_SETATTR,	{ .vop_setattr = devpts_setattr },
416 	VOPNAME_REMOVE,		{ .error = fs_nosys },
417 	VOPNAME_MKDIR,		{ .error = fs_nosys },
418 	VOPNAME_RMDIR,		{ .error = fs_nosys },
419 	VOPNAME_SYMLINK,	{ .error = fs_nosys },
420 	VOPNAME_SETSECATTR,	{ .error = fs_nosys },
421 	NULL,			NULL
422 };
423