]> git.saurik.com Git - apple/xnu.git/blame - bsd/kern/tty_ptmx.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-4570.31.3.tar.gz
[apple/xnu.git] / bsd / kern / tty_ptmx.c
CommitLineData
2d21ac55 1/*
fe8ab488 2 * Copyright (c) 1997-2013 Apple Inc. All rights reserved.
2d21ac55
A		 3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5ba3f43e 5 *
2d21ac55
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
5ba3f43e 14 *
2d21ac55
A		 15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
5ba3f43e 17 *
2d21ac55
A		 18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
5ba3f43e 25 *
2d21ac55
A		 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28/*
29 * Copyright (c) 1982, 1986, 1989, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
34 * are met:
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. All advertising materials mentioning features or use of this software
41 * must display the following acknowledgement:
42 * This product includes software developed by the University of
43 * California, Berkeley and its contributors.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)tty_pty.c 8.4 (Berkeley) 2/20/95
61 */
62
63/*
64 * Pseudo-teletype Driver
65 * (Actually two drivers, requiring two entries in 'cdevsw')
66 */
67#include "pty.h" /* XXX */
68
69#include <sys/param.h>
70#include <sys/systm.h>
71#include <sys/ioctl.h>
72#include <sys/proc_internal.h>
73#include <sys/kauth.h>
74#include <sys/tty.h>
75#include <sys/conf.h>
76#include <sys/file_internal.h>
b0d623f7 77#include <sys/uio_internal.h>
2d21ac55
A		 78#include <sys/kernel.h>
79#include <sys/vnode.h>
2d21ac55
A		 80#include <sys/user.h>
81#include <sys/signalvar.h>
82#include <sys/sysctl.h>
83#include <miscfs/devfs/devfs.h>
84#include <miscfs/devfs/devfsdefs.h> /* DEVFS_LOCK()/DEVFS_UNLOCK() */
5ba3f43e 85#include <libkern/section_keywords.h>
2d21ac55 86
39236c6e
A		 87#if CONFIG_MACF
88#include <security/mac_framework.h>
89#endif
90
fe8ab488 91#include "tty_dev.h"
2d21ac55
A		 92
93/*
94 * Forward declarations
95 */
96int ptmx_init(int n_ptys);
fe8ab488
A		 97static struct ptmx_ioctl *ptmx_get_ioctl(int minor, int open_flag);
98static int ptmx_free_ioctl(int minor, int open_flag);
99static int ptmx_get_name(int minor, char *buffer, size_t size);
100static void ptsd_revoke_knotes(int minor, struct tty *tp);
101
102extern d_open_t ptsopen;
103extern d_close_t ptsclose;
104extern d_read_t ptsread;
105extern d_write_t ptswrite;
106extern d_ioctl_t ptyioctl;
107extern d_stop_t ptsstop;
108extern d_reset_t ptsreset;
109extern d_select_t ptsselect;
110
111extern d_open_t ptcopen;
112extern d_close_t ptcclose;
113extern d_read_t ptcread;
114extern d_write_t ptcwrite;
115extern d_stop_t ptcstop;
116extern d_reset_t ptcreset;
117extern d_select_t ptcselect;
2d21ac55
A		 118
119static int ptmx_major; /* dynamically assigned major number */
120static struct cdevsw ptmx_cdev = {
fe8ab488
A		 121 ptcopen, ptcclose, ptcread, ptcwrite,
122 ptyioctl, ptcstop, ptcreset, 0,
123 ptcselect, eno_mmap, eno_strat, eno_getc,
2d21ac55
A		 124 eno_putc, D_TTY
125};
126
127static int ptsd_major; /* dynamically assigned major number */
128static struct cdevsw ptsd_cdev = {
fe8ab488
A		 129 ptsopen, ptsclose, ptsread, ptswrite,
130 ptyioctl, ptsstop, ptsreset, 0,
131 ptsselect, eno_mmap, eno_strat, eno_getc,
2d21ac55
A		 132 eno_putc, D_TTY
133};
134
2d21ac55
A		 135/*
136 * ptmx == /dev/ptmx
137 * ptsd == /dev/pts[0123456789]{3}
138 */
139#define PTMX_TEMPLATE "ptmx"
140#define PTSD_TEMPLATE "ttys%03d"
141
142/*
143 * System-wide limit on the max number of cloned ptys
144 */
5c9f4661 145#define PTMX_MAX_DEFAULT 511 /* 512 entries */
2d21ac55
A		 146#define PTMX_MAX_HARD 999 /* 1000 entries, due to PTSD_TEMPLATE */
147
148static int ptmx_max = PTMX_MAX_DEFAULT; /* default # of clones we allow */
149
150/* Range enforcement for the sysctl */
151static int
152sysctl_ptmx_max(__unused struct sysctl_oid *oidp, __unused void *arg1,
153 __unused int arg2, struct sysctl_req *req)
154{
155 int new_value, changed;
156 int error = sysctl_io_number(req, ptmx_max, sizeof(int), &new_value, &changed);
157 if (changed) {
158 if (new_value > 0 && new_value <= PTMX_MAX_HARD)
159 ptmx_max = new_value;
160 else
161 error = EINVAL;
162 }
163 return(error);
164}
165
166SYSCTL_NODE(_kern, KERN_TTY, tty, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "TTY");
167SYSCTL_PROC(_kern_tty, OID_AUTO, ptmx_max,
6d2010ae 168 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED,
2d21ac55
A		 169 &ptmx_max, 0, &sysctl_ptmx_max, "I", "ptmx_max");
170
2d21ac55
A		 171static int ptmx_clone(dev_t dev, int minor);
172
fe8ab488
A		 173static struct tty_dev_t _ptmx_driver;
174
2d21ac55
A		 175int
176ptmx_init( __unused int config_count)
177{
178 /*
179 * We start looking at slot 10, since there are inits that will
180 * stomp explicit slots (e.g. vndevice stomps 1) below that.
181 */
182
183 /* Get a major number for /dev/ptmx */
5ba3f43e 184 if ((ptmx_major = cdevsw_add(-15, &ptmx_cdev)) == -1) {
2d21ac55
A		 185 printf("ptmx_init: failed to obtain /dev/ptmx major number\n");
186 return (ENOENT);
187 }
188
5ba3f43e 189 if (cdevsw_setkqueueok(ptmx_major, &ptmx_cdev, CDEVSW_IS_PTC) == -1) {
6d2010ae
A		 190 panic("Failed to set flags on ptmx cdevsw entry.");
191 }
192
2d21ac55
A		 193 /* Get a major number for /dev/pts/nnn */
194 if ((ptsd_major = cdevsw_add(-15, &ptsd_cdev)) == -1) {
195 (void)cdevsw_remove(ptmx_major, &ptmx_cdev);
196 printf("ptmx_init: failed to obtain /dev/ptmx major number\n");
197 return (ENOENT);
198 }
5ba3f43e
A		 199
200 if (cdevsw_setkqueueok(ptsd_major, &ptsd_cdev, CDEVSW_IS_PTS) == -1) {
6d2010ae
A		 201 panic("Failed to set flags on ptmx cdevsw entry.");
202 }
203
2d21ac55
A		 204 /* Create the /dev/ptmx device {<major>,0} */
205 (void)devfs_make_node_clone(makedev(ptmx_major, 0),
206 DEVFS_CHAR, UID_ROOT, GID_TTY, 0666,
207 ptmx_clone, PTMX_TEMPLATE);
fe8ab488
A		 208
209 _ptmx_driver.master = ptmx_major;
210 _ptmx_driver.slave = ptsd_major;
211 _ptmx_driver.fix_7828447 = 1;
212 _ptmx_driver.fix_7070978 = 1;
213#if CONFIG_MACF
214 _ptmx_driver.mac_notify = 1;
215#endif
216 _ptmx_driver.open = &ptmx_get_ioctl;
217 _ptmx_driver.free = &ptmx_free_ioctl;
218 _ptmx_driver.name = &ptmx_get_name;
219 _ptmx_driver.revoke = &ptsd_revoke_knotes;
220 tty_dev_register(&_ptmx_driver);
221
222 return (0);
2d21ac55
A		 223}
224
225
226static struct _ptmx_ioctl_state {
227 struct ptmx_ioctl **pis_ioctl_list; /* pointer vector */
228 int pis_total; /* total slots */
229 int pis_free; /* free slots */
230} _state;
231#define PTMX_GROW_VECTOR 16 /* Grow by this many slots at a time */
232
233/*
234 * Given a minor number, return the corresponding structure for that minor
235 * number. If there isn't one, and the create flag is specified, we create
236 * one if possible.
237 *
238 * Parameters: minor Minor number of ptmx device
239 * open_flag PF_OPEN_M First open of master
240 * PF_OPEN_S First open of slave
241 * 0 Just want ioctl struct
242 *
243 * Returns: NULL Did not exist/could not create
244 * !NULL structure corresponding minor number
b0d623f7
A		 245 *
246 * Locks: tty_lock() on ptmx_ioctl->pt_tty NOT held on entry or exit.
2d21ac55
A		 247 */
248static struct ptmx_ioctl *
249ptmx_get_ioctl(int minor, int open_flag)
250{
251 struct ptmx_ioctl *new_ptmx_ioctl;
252
253 if (open_flag & PF_OPEN_M) {
254
255 /*
256 * If we are about to allocate more memory, but we have
257 * already hit the administrative limit, then fail the
258 * operation.
259 *
260 * Note: Subtract free from total when making this
261 * check to allow unit increments, rather than
262 * snapping to the nearest PTMX_GROW_VECTOR...
263 */
264 if ((_state.pis_total - _state.pis_free) >= ptmx_max) {
265 return (NULL);
266 }
267
268 MALLOC(new_ptmx_ioctl, struct ptmx_ioctl *, sizeof(struct ptmx_ioctl), M_TTYS, M_WAITOK|M_ZERO);
269 if (new_ptmx_ioctl == NULL) {
270 return (NULL);
271 }
272
273 if ((new_ptmx_ioctl->pt_tty = ttymalloc()) == NULL) {
274 FREE(new_ptmx_ioctl, M_TTYS);
275 return (NULL);
276 }
277
278 /*
279 * Hold the DEVFS_LOCK() over this whole operation; devfs
280 * itself does this over malloc/free as well, so this should
281 * be safe to do. We hold it longer than we want to, but
282 * doing so avoids a reallocation race on the minor number.
283 */
284 DEVFS_LOCK();
285 /* Need to allocate a larger vector? */
286 if (_state.pis_free == 0) {
287 struct ptmx_ioctl **new_pis_ioctl_list;
288 struct ptmx_ioctl **old_pis_ioctl_list = NULL;
289
290 /* Yes. */
291 MALLOC(new_pis_ioctl_list, struct ptmx_ioctl **, sizeof(struct ptmx_ioctl *) * (_state.pis_total + PTMX_GROW_VECTOR), M_TTYS, M_WAITOK|M_ZERO);
292 if (new_pis_ioctl_list == NULL) {
293 ttyfree(new_ptmx_ioctl->pt_tty);
294 DEVFS_UNLOCK();
295 FREE(new_ptmx_ioctl, M_TTYS);
296 return (NULL);
297 }
298
299 /* If this is not the first time, copy the old over */
300 bcopy(_state.pis_ioctl_list, new_pis_ioctl_list, sizeof(struct ptmx_ioctl *) * _state.pis_total);
301 old_pis_ioctl_list = _state.pis_ioctl_list;
302 _state.pis_ioctl_list = new_pis_ioctl_list;
303 _state.pis_free += PTMX_GROW_VECTOR;
304 _state.pis_total += PTMX_GROW_VECTOR;
305 if (old_pis_ioctl_list)
306 FREE(old_pis_ioctl_list, M_TTYS);
5ba3f43e
A		 307 }
308
fe8ab488
A		 309 /* is minor in range now? */
310 if (minor < 0 || minor >= _state.pis_total) {
311 ttyfree(new_ptmx_ioctl->pt_tty);
312 DEVFS_UNLOCK();
313 FREE(new_ptmx_ioctl, M_TTYS);
314 return (NULL);
315 }
5ba3f43e 316
935ed37a
A		 317 if (_state.pis_ioctl_list[minor] != NULL) {
318 ttyfree(new_ptmx_ioctl->pt_tty);
319 DEVFS_UNLOCK();
320 FREE(new_ptmx_ioctl, M_TTYS);
321
322 /* Special error value so we know to redrive the open, we've been raced */
5ba3f43e 323 return (struct ptmx_ioctl*)-1;
935ed37a 324
2d21ac55
A		 325 }
326
327 /* Vector is large enough; grab a new ptmx_ioctl */
328
329 /* Now grab a free slot... */
330 _state.pis_ioctl_list[minor] = new_ptmx_ioctl;
331
332 /* reduce free count */
333 _state.pis_free--;
334
335 _state.pis_ioctl_list[minor]->pt_flags |= PF_OPEN_M;
336 DEVFS_UNLOCK();
337
338 /* Create the /dev/ttysXXX device {<major>,XXX} */
339 _state.pis_ioctl_list[minor]->pt_devhandle = devfs_make_node(
340 makedev(ptsd_major, minor),
341 DEVFS_CHAR, UID_ROOT, GID_TTY, 0620,
342 PTSD_TEMPLATE, minor);
b0d623f7
A		 343 if (_state.pis_ioctl_list[minor]->pt_devhandle == NULL) {
344 printf("devfs_make_node() call failed for ptmx_get_ioctl()!!!!\n");
345 }
2d21ac55 346 }
5ba3f43e 347
fe8ab488
A		 348 if (minor < 0 || minor >= _state.pis_total) {
349 return (NULL);
350 }
5ba3f43e 351
2d21ac55
A		 352 return (_state.pis_ioctl_list[minor]);
353}
354
b0d623f7
A		 355/*
356 * Locks: tty_lock() of old_ptmx_ioctl->pt_tty NOT held for this call.
357 */
2d21ac55
A		 358static int
359ptmx_free_ioctl(int minor, int open_flag)
360{
361 struct ptmx_ioctl *old_ptmx_ioctl = NULL;
362
363 DEVFS_LOCK();
5ba3f43e 364
fe8ab488
A		 365 if (minor < 0 || minor >= _state.pis_total) {
366 DEVFS_UNLOCK();
367 return (-1);
368 }
369
2d21ac55
A		 370 _state.pis_ioctl_list[minor]->pt_flags &= ~(open_flag);
371
372 /*
373 * Was this the last close? We will recognize it because we only get
374 * a notification on the last close of a device, and we will have
375 * cleared both the master and the slave open bits in the flags.
376 */
377 if (!(_state.pis_ioctl_list[minor]->pt_flags & (PF_OPEN_M|PF_OPEN_S))) {
378 /* Mark as free so it can be reallocated later */
379 old_ptmx_ioctl = _state.pis_ioctl_list[ minor];
39037602
A		 380 _state.pis_ioctl_list[minor] = NULL;
381 _state.pis_free++;
2d21ac55
A		 382 }
383 DEVFS_UNLOCK();
384
385 /* Free old after dropping lock */
386 if (old_ptmx_ioctl != NULL) {
387 /*
388 * XXX See <rdar://5348651> and <rdar://4854638>
389 *
390 * XXX Conditional to be removed when/if tty/pty reference
391 * XXX counting and mutex implemented.
392 */
393 if (old_ptmx_ioctl->pt_devhandle != NULL)
394 devfs_remove(old_ptmx_ioctl->pt_devhandle);
395 ttyfree(old_ptmx_ioctl->pt_tty);
396 FREE(old_ptmx_ioctl, M_TTYS);
397 }
398
399 return (0); /* Success */
400}
401
fe8ab488
A		 402static int
403ptmx_get_name(int minor, char *buffer, size_t size)
404{
405 return snprintf(buffer, size, "/dev/" PTSD_TEMPLATE, minor);
406}
2d21ac55
A		 407
408
409
410/*
411 * Given the dev entry that's being opened, we clone the device. This driver
412 * doesn't actually use the dev entry, since we alreaqdy know who we are by
413 * being called from this code. This routine is a callback registered from
414 * devfs_make_node_clone() in ptmx_init(); it's purpose is to provide a new
415 * minor number, or to return -1, if one can't be provided.
416 *
417 * Parameters: dev The device we are cloning from
418 *
419 * Returns: >= 0 A new minor device number
420 * -1 Error: ENOMEM ("Can't alloc device")
421 *
422 * NOTE: Called with DEVFS_LOCK() held
423 */
424static int
425ptmx_clone(__unused dev_t dev, int action)
426{
427 int i;
428
429 if (action == DEVFS_CLONE_ALLOC) {
430 /* First one */
431 if (_state.pis_total == 0)
432 return (0);
433
434 /*
435 * Note: We can add hinting on free slots, if this linear search
436 * ends up being a performance bottleneck...
437 */
438 for(i = 0; i < _state.pis_total; i++) {
439 if (_state.pis_ioctl_list[ i] == NULL)
440 break;
441 }
442
443 /*
444 * XXX We fall off the end here; if we did this twice at the
445 * XXX same time, we could return the same minor to two
446 * XXX callers; we should probably exand the pointer vector
447 * XXX here, but I need more information on the MALLOC/FREE
448 * XXX locking to ensure against a deadlock. Maybe we can
449 * XXX just high watermark it at 1/2 of PTMX_GROW_VECTOR?
450 * XXX That would require returning &minor as implict return
451 * XXX and an error code ("EAGAIN/ERESTART") or 0 as our
452 * XXX explicit return.
453 */
454
455 return (i); /* empty slot or next slot */
456 }
457 return(-1);
458}
459
b0d623f7
A		 460
461/*
462 * kqueue support.
463 */
5ba3f43e 464int ptsd_kqfilter(dev_t dev, struct knote *kn);
6d2010ae
A		 465static void ptsd_kqops_detach(struct knote *);
466static int ptsd_kqops_event(struct knote *, long);
39037602
A		 467static int ptsd_kqops_touch(struct knote *kn, struct kevent_internal_s *kev);
468static int ptsd_kqops_process(struct knote *kn, struct filt_process_s *data, struct kevent_internal_s *kev);
b0d623f7 469
5ba3f43e 470SECURITY_READ_ONLY_EARLY(struct filterops) ptsd_kqops = {
b0d623f7 471 .f_isfd = 1,
5ba3f43e 472 /* attach is handled by ptsd_kqfilter -- the dev node must be passed in */
6d2010ae
A		 473 .f_detach = ptsd_kqops_detach,
474 .f_event = ptsd_kqops_event,
39037602
A		 475 .f_touch = ptsd_kqops_touch,
476 .f_process = ptsd_kqops_process,
5ba3f43e 477};
b0d623f7 478
6d2010ae
A		 479/*
480 * In the normal case, by the time the driver_close() routine is called
481 * on the slave, all knotes have been detached. However in the revoke(2)
482 * case, the driver's close routine is called while there are knotes active
483 * that reference the handlers below. And we have no obvious means to
484 * reach from the driver out to the kqueue's that reference them to get
485 * them to stop.
486 */
b0d623f7 487
6d2010ae
A		 488static void
489ptsd_kqops_detach(struct knote *kn)
b0d623f7 490{
b0d623f7 491 struct tty *tp;
5ba3f43e
A		 492
493 tp = kn->kn_hook;
494 assert(tp != NULL);
495
496 tty_lock(tp);
497
498 /*
499 * Only detach knotes from open ttys -- ttyclose detaches all knotes
500 * under the lock and unsets TS_ISOPEN.
501 */
502 if (tp->t_state & TS_ISOPEN) {
503 switch (kn->kn_filter) {
504 case EVFILT_READ:
505 KNOTE_DETACH(&tp->t_rsel.si_note, kn);
506 break;
507
508 case EVFILT_WRITE:
509 KNOTE_DETACH(&tp->t_wsel.si_note, kn);
510 break;
511
512 default:
513 panic("invalid knote %p detach, filter: %d", kn, kn->kn_filter);
514 break;
6d2010ae 515 }
b0d623f7
A		 516 }
517
5ba3f43e
A		 518 kn->kn_hook = NULL;
519 tty_unlock(tp);
520
521 ttyfree(tp);
b0d623f7
A		 522}
523
524static int
5ba3f43e 525ptsd_kqops_common(struct knote *kn, struct tty *tp)
b0d623f7 526{
b0d623f7
A		 527 int retval = 0;
528
5ba3f43e 529 TTY_LOCK_OWNED(tp);
b0d623f7 530
5ba3f43e
A		 531 switch (kn->kn_filter) {
532 case EVFILT_READ:
533 kn->kn_data = ttnread(tp);
534 if (kn->kn_data > 0) {
6d2010ae 535 retval = 1;
6d2010ae 536 }
5ba3f43e 537 break;
b0d623f7 538
5ba3f43e
A		 539 case EVFILT_WRITE:
540 if ((tp->t_outq.c_cc <= tp->t_lowat) &&
541 (tp->t_state & TS_CONNECTED)) {
542 kn->kn_data = tp->t_outq.c_cn - tp->t_outq.c_cc;
543 retval = 1;
6d2010ae 544 }
5ba3f43e 545 break;
b0d623f7 546
5ba3f43e
A		 547 default:
548 panic("ptsd kevent: unexpected filter: %d, kn = %p, tty = %p",
549 kn->kn_filter, kn, tp);
550 break;
551 }
b0d623f7 552
5ba3f43e
A		 553 if (tp->t_state & TS_ZOMBIE) {
554 kn->kn_flags |= EV_EOF;
555 retval = 1;
556 }
b0d623f7 557
5ba3f43e
A		 558 return retval;
559}
39037602
A		 560
561static int
562ptsd_kqops_event(struct knote *kn, long hint)
563{
5ba3f43e
A		 564 struct tty *tp = kn->kn_hook;
565 int ret;
566 bool revoked = hint & NOTE_REVOKE;
567 hint &= ~NOTE_REVOKE;
39037602 568
5ba3f43e
A		 569 if (!hint) {
570 tty_lock(tp);
571 }
572
573 if (revoked) {
574 kn->kn_flags |= EV_EOF | EV_ONESHOT;
575 ret = 1;
576 } else {
577 ret = ptsd_kqops_common(kn, tp);
578 }
579
580 if (!hint) {
581 tty_unlock(tp);
582 }
583
584 return ret;
39037602 585}
39037602
A		 586
587static int
588ptsd_kqops_touch(struct knote *kn, struct kevent_internal_s *kev)
589{
5ba3f43e
A		 590 struct tty *tp;
591 int ret;
592
593 tp = kn->kn_hook;
39037602 594
5ba3f43e 595 tty_lock(tp);
39037602
A		 596
597 /* accept new kevent state */
598 kn->kn_sfflags = kev->fflags;
599 kn->kn_sdata = kev->data;
5ba3f43e 600 if ((kn->kn_status & KN_UDATA_SPECIFIC) == 0) {
39037602 601 kn->kn_udata = kev->udata;
5ba3f43e 602 }
39037602
A		 603
604 /* recapture fired state of knote */
5ba3f43e 605 ret = ptsd_kqops_common(kn, tp);
39037602 606
5ba3f43e 607 tty_unlock(tp);
39037602 608
5ba3f43e 609 return ret;
39037602
A		 610}
611
612static int
5ba3f43e
A		 613ptsd_kqops_process(struct knote *kn, __unused struct filt_process_s *data,
614 struct kevent_internal_s *kev)
39037602 615{
5ba3f43e
A		 616 struct tty *tp = kn->kn_hook;
617 int ret;
39037602 618
5ba3f43e
A		 619 tty_lock(tp);
620 ret = ptsd_kqops_common(kn, tp);
621 if (ret) {
39037602
A		 622 *kev = kn->kn_kevent;
623 if (kn->kn_flags & EV_CLEAR) {
624 kn->kn_fflags = 0;
625 kn->kn_data = 0;
626 }
627 }
5ba3f43e
A		 628 tty_unlock(tp);
629
630 return ret;
39037602
A		 631}
632
b0d623f7
A		 633int
634ptsd_kqfilter(dev_t dev, struct knote *kn)
635{
5ba3f43e 636 struct tty *tp = NULL;
b0d623f7 637 struct ptmx_ioctl *pti = NULL;
5ba3f43e 638 int ret;
b0d623f7
A		 639
640 /* make sure we're talking about the right device type */
fe8ab488 641 if (cdevsw[major(dev)].d_open != ptsopen) {
5ba3f43e 642 knote_set_error(kn, ENODEV);
39037602 643 return 0;
b0d623f7
A		 644 }
645
646 if ((pti = ptmx_get_ioctl(minor(dev), 0)) == NULL) {
5ba3f43e
A		 647 knote_set_error(kn, ENXIO);
648 return 0;
b0d623f7
A		 649 }
650
651 tp = pti->pt_tty;
652 tty_lock(tp);
653
5ba3f43e 654 assert(tp->t_state & TS_ISOPEN);
39037602 655
5ba3f43e
A		 656 kn->kn_filtid = EVFILTID_PTSD;
657 /* the tty will be freed when detaching the knote */
658 ttyhold(tp);
659 kn->kn_hook = tp;
660
661 switch (kn->kn_filter) {
662 case EVFILT_READ:
663 KNOTE_ATTACH(&tp->t_rsel.si_note, kn);
664 break;
665 case EVFILT_WRITE:
666 KNOTE_ATTACH(&tp->t_wsel.si_note, kn);
667 break;
668 default:
669 panic("ptsd kevent: unexpected filter: %d, kn = %p, tty = %p",
670 kn->kn_filter, kn, tp);
671 break;
672 }
39037602
A		 673
674 /* capture current event state */
5ba3f43e 675 ret = ptsd_kqops_common(kn, tp);
39037602 676
5ba3f43e 677 tty_unlock(tp);
39037602 678
5ba3f43e 679 return ret;
b0d623f7
A		 680}
681
6d2010ae
A		 682/*
683 * Support for revoke(2).
6d2010ae
A		 684 */
685static void
5ba3f43e 686ptsd_revoke_knotes(__unused int minor, struct tty *tp)
6d2010ae 687{
6d2010ae
A		 688 tty_lock(tp);
689
6d2010ae 690 ttwakeup(tp);
5ba3f43e 691 KNOTE(&tp->t_rsel.si_note, NOTE_REVOKE | 1 /* the lock is already held */);
6d2010ae 692
5ba3f43e
A		 693 ttwwakeup(tp);
694 KNOTE(&tp->t_wsel.si_note, NOTE_REVOKE | 1);
6d2010ae
A		 695
696 tty_unlock(tp);
6d2010ae 697}
5c9f4661
A		 698
699/*
700 * kevent filter routines for the master side of a pty, a ptmx.
701 *
702 * Stuff the ptmx_ioctl structure into the hook for ptmx knotes. Use the
703 * embedded tty's lock for synchronization.
704 */
705
706int ptmx_kqfilter(dev_t dev, struct knote *kn);
707static void ptmx_kqops_detach(struct knote *);
708static int ptmx_kqops_event(struct knote *, long);
709static int ptmx_kqops_touch(struct knote *kn, struct kevent_internal_s *kev);
710static int ptmx_kqops_process(struct knote *kn, struct filt_process_s *data, struct kevent_internal_s *kev);
711static int ptmx_kqops_common(struct knote *kn, struct ptmx_ioctl *pti, struct tty *tp);
712
713SECURITY_READ_ONLY_EARLY(struct filterops) ptmx_kqops = {
714 .f_isfd = 1,
715 /* attach is handled by ptmx_kqfilter -- the dev node must be passed in */
716 .f_detach = ptmx_kqops_detach,
717 .f_event = ptmx_kqops_event,
718 .f_touch = ptmx_kqops_touch,
719 .f_process = ptmx_kqops_process,
720};
721
722static struct ptmx_ioctl *
723ptmx_knote_ioctl(struct knote *kn)
724{
725 return (struct ptmx_ioctl *)kn->kn_hook;
726}
727
728static struct tty *
729ptmx_knote_tty(struct knote *kn)
730{
731 struct ptmx_ioctl *pti = kn->kn_hook;
732 return pti->pt_tty;
733}
734
735int
736ptmx_kqfilter(dev_t dev, struct knote *kn)
737{
738 struct tty *tp = NULL;
739 struct ptmx_ioctl *pti = NULL;
740 int ret;
741
742 /* make sure we're talking about the right device type */
743 if (cdevsw[major(dev)].d_open != ptcopen) {
744 knote_set_error(kn, ENODEV);
745 return 0;
746 }
747
748 if ((pti = ptmx_get_ioctl(minor(dev), 0)) == NULL) {
749 knote_set_error(kn, ENXIO);
750 return 0;
751 }
752
753 tp = pti->pt_tty;
754 tty_lock(tp);
755
756 kn->kn_filtid = EVFILTID_PTMX;
757 kn->kn_hook = pti;
758
759 /*
760 * Attach to the ptmx's selinfo structures. This is the major difference
761 * to the ptsd filtops, which use the selinfo structures in the tty
762 * structure.
763 */
764 switch (kn->kn_filter) {
765 case EVFILT_READ:
766 KNOTE_ATTACH(&pti->pt_selr.si_note, kn);
767 break;
768 case EVFILT_WRITE:
769 KNOTE_ATTACH(&pti->pt_selw.si_note, kn);
770 break;
771 default:
772 panic("ptmx kevent: unexpected filter: %d, kn = %p, tty = %p",
773 kn->kn_filter, kn, tp);
774 break;
775 }
776
777 /* capture current event state */
778 ret = ptmx_kqops_common(kn, pti, tp);
779
780 /* take a reference on the TTY */
781 ttyhold(tp);
782 tty_unlock(tp);
783
784 return ret;
785}
786
787static void
788ptmx_kqops_detach(struct knote *kn)
789{
790 struct ptmx_ioctl *pti = kn->kn_hook;
791 struct tty *tp = pti->pt_tty;
792
793 assert(tp != NULL);
794
795 tty_lock(tp);
796
797 switch (kn->kn_filter) {
798 case EVFILT_READ:
799 KNOTE_DETACH(&pti->pt_selr.si_note, kn);
800 break;
801
802 case EVFILT_WRITE:
803 KNOTE_DETACH(&pti->pt_selw.si_note, kn);
804 break;
805
806 default:
807 panic("invalid knote %p detach, filter: %d", kn, kn->kn_filter);
808 break;
809 }
810
811 kn->kn_hook = NULL;
812 tty_unlock(tp);
813
814 ttyfree(tp);
815}
816
817static int
818ptmx_kqops_common(struct knote *kn, struct ptmx_ioctl *pti, struct tty *tp)
819{
820 int retval = 0;
821
822 TTY_LOCK_OWNED(tp);
823
824 /* disconnects should force a wakeup (EOF) */
825 if (!(tp->t_state & TS_CONNECTED)) {
826 return 1;
827 }
828
829 switch (kn->kn_filter) {
830 case EVFILT_READ:
831 /* there's data on the TTY and it's not stopped */
832 if (tp->t_outq.c_cc && !(tp->t_state & TS_TTSTOP)) {
833 retval = tp->t_outq.c_cc;
834 } else if (((pti->pt_flags & PF_PKT) && pti->pt_send) ||
835 ((pti->pt_flags & PF_UCNTL) && pti->pt_ucntl)) {
836 retval = 1;
837 }
838 break;
839
840 case EVFILT_WRITE:
841 if (pti->pt_flags & PF_REMOTE) {
842 if (tp->t_canq.c_cc == 0) {
843 retval = TTYHOG - 1;
844 }
845 } else {
846 retval = (TTYHOG - 2) - (tp->t_rawq.c_cc + tp->t_canq.c_cc);
847 if (tp->t_canq.c_cc == 0 && (tp->t_lflag & ICANON)) {
848 retval = 1;
849 }
850 if (retval < 0) {
851 retval = 0;
852 }
853 }
854 break;
855
856 default:
857 panic("ptmx kevent: unexpected filter: %d, kn = %p, tty = %p",
858 kn->kn_filter, kn, tp);
859 break;
860 }
861
862 if (tp->t_state & TS_ZOMBIE) {
863 kn->kn_flags |= EV_EOF;
864 retval = 1;
865 }
866
867 return retval;
868}
869
870static int
871ptmx_kqops_event(struct knote *kn, long hint)
872{
873 struct ptmx_ioctl *pti = ptmx_knote_ioctl(kn);
874 struct tty *tp = ptmx_knote_tty(kn);
875 int ret;
876 bool revoked = hint & NOTE_REVOKE;
877 hint &= ~NOTE_REVOKE;
878
879 if (!hint) {
880 tty_lock(tp);
881 }
882
883 if (revoked) {
884 kn->kn_flags |= EV_EOF | EV_ONESHOT;
885 ret = 1;
886 } else {
887 ret = ptmx_kqops_common(kn, pti, tp);
888 }
889
890 if (!hint) {
891 tty_unlock(tp);
892 }
893
894 return ret;
895}
896
897static int
898ptmx_kqops_touch(struct knote *kn, struct kevent_internal_s *kev)
899{
900 struct ptmx_ioctl *pti = ptmx_knote_ioctl(kn);
901 struct tty *tp = ptmx_knote_tty(kn);
902 int ret;
903
904 tty_lock(tp);
905
906 /* accept new kevent state */
907 kn->kn_sfflags = kev->fflags;
908 kn->kn_sdata = kev->data;
909 if ((kn->kn_status & KN_UDATA_SPECIFIC) == 0) {
910 kn->kn_udata = kev->udata;
911 }
912
913 /* recapture fired state of knote */
914 ret = ptmx_kqops_common(kn, pti, tp);
915
916 tty_unlock(tp);
917
918 return ret;
919}
920
921static int
922ptmx_kqops_process(struct knote *kn, __unused struct filt_process_s *data,
923 struct kevent_internal_s *kev)
924{
925 struct ptmx_ioctl *pti = ptmx_knote_ioctl(kn);
926 struct tty *tp = ptmx_knote_tty(kn);
927 int ret;
928
929 tty_lock(tp);
930 ret = ptmx_kqops_common(kn, pti, tp);
931 if (ret) {
932 *kev = kn->kn_kevent;
933 if (kn->kn_flags & EV_CLEAR) {
934 kn->kn_fflags = 0;
935 kn->kn_data = 0;
936 }
937 }
938 tty_unlock(tp);
939
940 return ret;
941}
mirror of XNU