]> git.saurik.com Git - apple/xnu.git/blame - bsd/kern/tty_ptmx.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-6153.81.5.tar.gz
[apple/xnu.git] / bsd / kern / tty_ptmx.c
CommitLineData
2d21ac55 1/*
cb323159 2 * Copyright (c) 1997-2019 Apple Inc. All rights reserved.
2d21ac55
A		 3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5ba3f43e 5 *
2d21ac55
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
5ba3f43e 14 *
2d21ac55
A		 15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
5ba3f43e 17 *
2d21ac55
A		 18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
5ba3f43e 25 *
2d21ac55
A		 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28/*
29 * Copyright (c) 1982, 1986, 1989, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
34 * are met:
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. All advertising materials mentioning features or use of this software
41 * must display the following acknowledgement:
42 * This product includes software developed by the University of
43 * California, Berkeley and its contributors.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)tty_pty.c 8.4 (Berkeley) 2/20/95
61 */
62
63/*
64 * Pseudo-teletype Driver
65 * (Actually two drivers, requiring two entries in 'cdevsw')
66 */
0a7de745 67#include "pty.h" /* XXX */
2d21ac55
A		 68
69#include <sys/param.h>
70#include <sys/systm.h>
71#include <sys/ioctl.h>
72#include <sys/proc_internal.h>
73#include <sys/kauth.h>
74#include <sys/tty.h>
75#include <sys/conf.h>
76#include <sys/file_internal.h>
b0d623f7 77#include <sys/uio_internal.h>
2d21ac55
A		 78#include <sys/kernel.h>
79#include <sys/vnode.h>
2d21ac55
A		 80#include <sys/user.h>
81#include <sys/signalvar.h>
82#include <sys/sysctl.h>
83#include <miscfs/devfs/devfs.h>
0a7de745 84#include <miscfs/devfs/devfsdefs.h> /* DEVFS_LOCK()/DEVFS_UNLOCK() */
5ba3f43e 85#include <libkern/section_keywords.h>
2d21ac55 86
39236c6e
A		 87#if CONFIG_MACF
88#include <security/mac_framework.h>
89#endif
90
fe8ab488 91#include "tty_dev.h"
2d21ac55
A		 92
93/*
94 * Forward declarations
95 */
96int ptmx_init(int n_ptys);
fe8ab488
A		 97static struct ptmx_ioctl *ptmx_get_ioctl(int minor, int open_flag);
98static int ptmx_free_ioctl(int minor, int open_flag);
99static int ptmx_get_name(int minor, char *buffer, size_t size);
100static void ptsd_revoke_knotes(int minor, struct tty *tp);
101
0a7de745
A		 102extern d_open_t ptsopen;
103extern d_close_t ptsclose;
104extern d_read_t ptsread;
105extern d_write_t ptswrite;
106extern d_ioctl_t ptyioctl;
107extern d_stop_t ptsstop;
108extern d_reset_t ptsreset;
109extern d_select_t ptsselect;
110
111extern d_open_t ptcopen;
112extern d_close_t ptcclose;
113extern d_read_t ptcread;
114extern d_write_t ptcwrite;
115extern d_stop_t ptcstop;
116extern d_reset_t ptcreset;
117extern d_select_t ptcselect;
118
119static int ptmx_major; /* dynamically assigned major number */
2d21ac55 120static struct cdevsw ptmx_cdev = {
cb323159
A		 121 .d_open = ptcopen,
122 .d_close = ptcclose,
123 .d_read = ptcread,
124 .d_write = ptcwrite,
125 .d_ioctl = ptyioctl,
126 .d_stop = ptcstop,
127 .d_reset = ptcreset,
128 .d_ttys = NULL,
129 .d_select = ptcselect,
130 .d_mmap = eno_mmap,
131 .d_strategy = eno_strat,
132 .d_reserved_1 = eno_getc,
133 .d_reserved_2 = eno_putc,
134 .d_type = D_TTY
2d21ac55
A		 135};
136
0a7de745 137static int ptsd_major; /* dynamically assigned major number */
2d21ac55 138static struct cdevsw ptsd_cdev = {
cb323159
A		 139 .d_open = ptsopen,
140 .d_close = ptsclose,
141 .d_read = ptsread,
142 .d_write = ptswrite,
143 .d_ioctl = ptyioctl,
144 .d_stop = ptsstop,
145 .d_reset = ptsreset,
146 .d_ttys = NULL,
147 .d_select = ptsselect,
148 .d_mmap = eno_mmap,
149 .d_strategy = eno_strat,
150 .d_reserved_1 = eno_getc,
151 .d_reserved_2 = eno_putc,
152 .d_type = D_TTY
2d21ac55
A		 153};
154
2d21ac55
A		 155/*
156 * ptmx == /dev/ptmx
157 * ptsd == /dev/pts[0123456789]{3}
158 */
0a7de745
A		 159#define PTMX_TEMPLATE "ptmx"
160#define PTSD_TEMPLATE "ttys%03d"
2d21ac55
A		 161
162/*
163 * System-wide limit on the max number of cloned ptys
164 */
0a7de745
A		 165#define PTMX_MAX_DEFAULT 511 /* 512 entries */
166#define PTMX_MAX_HARD 999 /* 1000 entries, due to PTSD_TEMPLATE */
2d21ac55 167
0a7de745 168static int ptmx_max = PTMX_MAX_DEFAULT; /* default # of clones we allow */
2d21ac55
A		 169
170/* Range enforcement for the sysctl */
171static int
172sysctl_ptmx_max(__unused struct sysctl_oid *oidp, __unused void *arg1,
0a7de745 173 __unused int arg2, struct sysctl_req *req)
2d21ac55
A		 174{
175 int new_value, changed;
176 int error = sysctl_io_number(req, ptmx_max, sizeof(int), &new_value, &changed);
177 if (changed) {
0a7de745 178 if (new_value > 0 && new_value <= PTMX_MAX_HARD) {
2d21ac55 179 ptmx_max = new_value;
0a7de745 180 } else {
2d21ac55 181 error = EINVAL;
0a7de745 182 }
2d21ac55 183 }
0a7de745 184 return error;
2d21ac55
A		 185}
186
0a7de745 187SYSCTL_NODE(_kern, KERN_TTY, tty, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "TTY");
2d21ac55 188SYSCTL_PROC(_kern_tty, OID_AUTO, ptmx_max,
0a7de745
A		 189 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED,
190 &ptmx_max, 0, &sysctl_ptmx_max, "I", "ptmx_max");
2d21ac55 191
0a7de745 192static int ptmx_clone(dev_t dev, int minor);
2d21ac55 193
fe8ab488
A		 194static struct tty_dev_t _ptmx_driver;
195
2d21ac55
A		 196int
197ptmx_init( __unused int config_count)
198{
199 /*
200 * We start looking at slot 10, since there are inits that will
201 * stomp explicit slots (e.g. vndevice stomps 1) below that.
202 */
203
204 /* Get a major number for /dev/ptmx */
5ba3f43e 205 if ((ptmx_major = cdevsw_add(-15, &ptmx_cdev)) == -1) {
2d21ac55 206 printf("ptmx_init: failed to obtain /dev/ptmx major number\n");
0a7de745 207 return ENOENT;
2d21ac55
A		 208 }
209
5ba3f43e 210 if (cdevsw_setkqueueok(ptmx_major, &ptmx_cdev, CDEVSW_IS_PTC) == -1) {
6d2010ae
A		 211 panic("Failed to set flags on ptmx cdevsw entry.");
212 }
213
2d21ac55
A		 214 /* Get a major number for /dev/pts/nnn */
215 if ((ptsd_major = cdevsw_add(-15, &ptsd_cdev)) == -1) {
216 (void)cdevsw_remove(ptmx_major, &ptmx_cdev);
217 printf("ptmx_init: failed to obtain /dev/ptmx major number\n");
0a7de745 218 return ENOENT;
2d21ac55 219 }
5ba3f43e
A		 220
221 if (cdevsw_setkqueueok(ptsd_major, &ptsd_cdev, CDEVSW_IS_PTS) == -1) {
6d2010ae
A		 222 panic("Failed to set flags on ptmx cdevsw entry.");
223 }
224
2d21ac55
A		 225 /* Create the /dev/ptmx device {<major>,0} */
226 (void)devfs_make_node_clone(makedev(ptmx_major, 0),
0a7de745
A		 227 DEVFS_CHAR, UID_ROOT, GID_TTY, 0666,
228 ptmx_clone, PTMX_TEMPLATE);
fe8ab488
A		 229
230 _ptmx_driver.master = ptmx_major;
231 _ptmx_driver.slave = ptsd_major;
232 _ptmx_driver.fix_7828447 = 1;
233 _ptmx_driver.fix_7070978 = 1;
234#if CONFIG_MACF
235 _ptmx_driver.mac_notify = 1;
236#endif
237 _ptmx_driver.open = &ptmx_get_ioctl;
238 _ptmx_driver.free = &ptmx_free_ioctl;
239 _ptmx_driver.name = &ptmx_get_name;
240 _ptmx_driver.revoke = &ptsd_revoke_knotes;
241 tty_dev_register(&_ptmx_driver);
242
0a7de745 243 return 0;
2d21ac55
A		 244}
245
246
247static struct _ptmx_ioctl_state {
0a7de745
A		 248 struct ptmx_ioctl **pis_ioctl_list; /* pointer vector */
249 int pis_total; /* total slots */
250 int pis_free; /* free slots */
2d21ac55 251} _state;
0a7de745 252#define PTMX_GROW_VECTOR 16 /* Grow by this many slots at a time */
2d21ac55
A		 253
254/*
255 * Given a minor number, return the corresponding structure for that minor
256 * number. If there isn't one, and the create flag is specified, we create
257 * one if possible.
258 *
259 * Parameters: minor Minor number of ptmx device
260 * open_flag PF_OPEN_M First open of master
261 * PF_OPEN_S First open of slave
262 * 0 Just want ioctl struct
263 *
264 * Returns: NULL Did not exist/could not create
265 * !NULL structure corresponding minor number
b0d623f7
A		 266 *
267 * Locks: tty_lock() on ptmx_ioctl->pt_tty NOT held on entry or exit.
2d21ac55
A		 268 */
269static struct ptmx_ioctl *
270ptmx_get_ioctl(int minor, int open_flag)
271{
272 struct ptmx_ioctl *new_ptmx_ioctl;
273
274 if (open_flag & PF_OPEN_M) {
2d21ac55
A		 275 /*
276 * If we are about to allocate more memory, but we have
277 * already hit the administrative limit, then fail the
278 * operation.
279 *
280 * Note: Subtract free from total when making this
281 * check to allow unit increments, rather than
282 * snapping to the nearest PTMX_GROW_VECTOR...
283 */
284 if ((_state.pis_total - _state.pis_free) >= ptmx_max) {
0a7de745 285 return NULL;
2d21ac55
A		 286 }
287
0a7de745 288 MALLOC(new_ptmx_ioctl, struct ptmx_ioctl *, sizeof(struct ptmx_ioctl), M_TTYS, M_WAITOK | M_ZERO);
2d21ac55 289 if (new_ptmx_ioctl == NULL) {
0a7de745 290 return NULL;
2d21ac55
A		 291 }
292
293 if ((new_ptmx_ioctl->pt_tty = ttymalloc()) == NULL) {
294 FREE(new_ptmx_ioctl, M_TTYS);
0a7de745 295 return NULL;
2d21ac55 296 }
0a7de745 297
2d21ac55
A		 298 /*
299 * Hold the DEVFS_LOCK() over this whole operation; devfs
300 * itself does this over malloc/free as well, so this should
301 * be safe to do. We hold it longer than we want to, but
302 * doing so avoids a reallocation race on the minor number.
303 */
304 DEVFS_LOCK();
305 /* Need to allocate a larger vector? */
306 if (_state.pis_free == 0) {
307 struct ptmx_ioctl **new_pis_ioctl_list;
308 struct ptmx_ioctl **old_pis_ioctl_list = NULL;
309
310 /* Yes. */
0a7de745 311 MALLOC(new_pis_ioctl_list, struct ptmx_ioctl **, sizeof(struct ptmx_ioctl *) * (_state.pis_total + PTMX_GROW_VECTOR), M_TTYS, M_WAITOK | M_ZERO);
2d21ac55
A		 312 if (new_pis_ioctl_list == NULL) {
313 ttyfree(new_ptmx_ioctl->pt_tty);
314 DEVFS_UNLOCK();
315 FREE(new_ptmx_ioctl, M_TTYS);
0a7de745 316 return NULL;
2d21ac55
A		 317 }
318
319 /* If this is not the first time, copy the old over */
320 bcopy(_state.pis_ioctl_list, new_pis_ioctl_list, sizeof(struct ptmx_ioctl *) * _state.pis_total);
321 old_pis_ioctl_list = _state.pis_ioctl_list;
322 _state.pis_ioctl_list = new_pis_ioctl_list;
323 _state.pis_free += PTMX_GROW_VECTOR;
324 _state.pis_total += PTMX_GROW_VECTOR;
0a7de745 325 if (old_pis_ioctl_list) {
2d21ac55 326 FREE(old_pis_ioctl_list, M_TTYS);
0a7de745 327 }
5ba3f43e
A		 328 }
329
fe8ab488
A		 330 /* is minor in range now? */
331 if (minor < 0 || minor >= _state.pis_total) {
332 ttyfree(new_ptmx_ioctl->pt_tty);
333 DEVFS_UNLOCK();
334 FREE(new_ptmx_ioctl, M_TTYS);
0a7de745 335 return NULL;
fe8ab488 336 }
5ba3f43e 337
935ed37a
A		 338 if (_state.pis_ioctl_list[minor] != NULL) {
339 ttyfree(new_ptmx_ioctl->pt_tty);
340 DEVFS_UNLOCK();
341 FREE(new_ptmx_ioctl, M_TTYS);
342
343 /* Special error value so we know to redrive the open, we've been raced */
5ba3f43e 344 return (struct ptmx_ioctl*)-1;
2d21ac55
A		 345 }
346
347 /* Vector is large enough; grab a new ptmx_ioctl */
348
349 /* Now grab a free slot... */
350 _state.pis_ioctl_list[minor] = new_ptmx_ioctl;
351
352 /* reduce free count */
353 _state.pis_free--;
354
355 _state.pis_ioctl_list[minor]->pt_flags |= PF_OPEN_M;
356 DEVFS_UNLOCK();
357
358 /* Create the /dev/ttysXXX device {<major>,XXX} */
359 _state.pis_ioctl_list[minor]->pt_devhandle = devfs_make_node(
0a7de745
A		 360 makedev(ptsd_major, minor),
361 DEVFS_CHAR, UID_ROOT, GID_TTY, 0620,
362 PTSD_TEMPLATE, minor);
b0d623f7
A		 363 if (_state.pis_ioctl_list[minor]->pt_devhandle == NULL) {
364 printf("devfs_make_node() call failed for ptmx_get_ioctl()!!!!\n");
365 }
2d21ac55 366 }
5ba3f43e 367
fe8ab488 368 if (minor < 0 || minor >= _state.pis_total) {
0a7de745 369 return NULL;
fe8ab488 370 }
5ba3f43e 371
0a7de745 372 return _state.pis_ioctl_list[minor];
2d21ac55
A		 373}
374
b0d623f7
A		 375/*
376 * Locks: tty_lock() of old_ptmx_ioctl->pt_tty NOT held for this call.
377 */
2d21ac55
A		 378static int
379ptmx_free_ioctl(int minor, int open_flag)
380{
381 struct ptmx_ioctl *old_ptmx_ioctl = NULL;
382
383 DEVFS_LOCK();
5ba3f43e 384
fe8ab488
A		 385 if (minor < 0 || minor >= _state.pis_total) {
386 DEVFS_UNLOCK();
0a7de745 387 return -1;
fe8ab488
A		 388 }
389
2d21ac55
A		 390 _state.pis_ioctl_list[minor]->pt_flags &= ~(open_flag);
391
392 /*
393 * Was this the last close? We will recognize it because we only get
394 * a notification on the last close of a device, and we will have
395 * cleared both the master and the slave open bits in the flags.
396 */
0a7de745 397 if (!(_state.pis_ioctl_list[minor]->pt_flags & (PF_OPEN_M | PF_OPEN_S))) {
2d21ac55 398 /* Mark as free so it can be reallocated later */
0a7de745 399 old_ptmx_ioctl = _state.pis_ioctl_list[minor];
39037602
A		 400 _state.pis_ioctl_list[minor] = NULL;
401 _state.pis_free++;
2d21ac55
A		 402 }
403 DEVFS_UNLOCK();
404
405 /* Free old after dropping lock */
406 if (old_ptmx_ioctl != NULL) {
407 /*
408 * XXX See <rdar://5348651> and <rdar://4854638>
409 *
410 * XXX Conditional to be removed when/if tty/pty reference
411 * XXX counting and mutex implemented.
412 */
0a7de745 413 if (old_ptmx_ioctl->pt_devhandle != NULL) {
2d21ac55 414 devfs_remove(old_ptmx_ioctl->pt_devhandle);
0a7de745 415 }
2d21ac55
A		 416 ttyfree(old_ptmx_ioctl->pt_tty);
417 FREE(old_ptmx_ioctl, M_TTYS);
418 }
419
0a7de745 420 return 0; /* Success */
2d21ac55
A		 421}
422
fe8ab488
A		 423static int
424ptmx_get_name(int minor, char *buffer, size_t size)
425{
426 return snprintf(buffer, size, "/dev/" PTSD_TEMPLATE, minor);
427}
2d21ac55
A		 428
429
430
431/*
432 * Given the dev entry that's being opened, we clone the device. This driver
433 * doesn't actually use the dev entry, since we alreaqdy know who we are by
434 * being called from this code. This routine is a callback registered from
435 * devfs_make_node_clone() in ptmx_init(); it's purpose is to provide a new
436 * minor number, or to return -1, if one can't be provided.
437 *
438 * Parameters: dev The device we are cloning from
439 *
440 * Returns: >= 0 A new minor device number
441 * -1 Error: ENOMEM ("Can't alloc device")
442 *
443 * NOTE: Called with DEVFS_LOCK() held
444 */
445static int
446ptmx_clone(__unused dev_t dev, int action)
447{
448 int i;
449
450 if (action == DEVFS_CLONE_ALLOC) {
451 /* First one */
0a7de745
A		 452 if (_state.pis_total == 0) {
453 return 0;
454 }
2d21ac55
A		 455
456 /*
457 * Note: We can add hinting on free slots, if this linear search
458 * ends up being a performance bottleneck...
459 */
0a7de745
A		 460 for (i = 0; i < _state.pis_total; i++) {
461 if (_state.pis_ioctl_list[i] == NULL) {
2d21ac55 462 break;
0a7de745 463 }
2d21ac55
A		 464 }
465
466 /*
467 * XXX We fall off the end here; if we did this twice at the
468 * XXX same time, we could return the same minor to two
469 * XXX callers; we should probably exand the pointer vector
470 * XXX here, but I need more information on the MALLOC/FREE
471 * XXX locking to ensure against a deadlock. Maybe we can
472 * XXX just high watermark it at 1/2 of PTMX_GROW_VECTOR?
473 * XXX That would require returning &minor as implict return
474 * XXX and an error code ("EAGAIN/ERESTART") or 0 as our
475 * XXX explicit return.
476 */
477
0a7de745 478 return i; /* empty slot or next slot */
2d21ac55 479 }
0a7de745 480 return -1;
2d21ac55
A		 481}
482
b0d623f7
A		 483
484/*
485 * kqueue support.
486 */
5ba3f43e 487int ptsd_kqfilter(dev_t dev, struct knote *kn);
6d2010ae
A		 488static void ptsd_kqops_detach(struct knote *);
489static int ptsd_kqops_event(struct knote *, long);
cb323159
A		 490static int ptsd_kqops_touch(struct knote *kn, struct kevent_qos_s *kev);
491static int ptsd_kqops_process(struct knote *kn, struct kevent_qos_s *kev);
b0d623f7 492
5ba3f43e 493SECURITY_READ_ONLY_EARLY(struct filterops) ptsd_kqops = {
b0d623f7 494 .f_isfd = 1,
5ba3f43e 495 /* attach is handled by ptsd_kqfilter -- the dev node must be passed in */
6d2010ae
A		 496 .f_detach = ptsd_kqops_detach,
497 .f_event = ptsd_kqops_event,
39037602
A		 498 .f_touch = ptsd_kqops_touch,
499 .f_process = ptsd_kqops_process,
5ba3f43e 500};
b0d623f7 501
6d2010ae
A		 502/*
503 * In the normal case, by the time the driver_close() routine is called
504 * on the slave, all knotes have been detached. However in the revoke(2)
505 * case, the driver's close routine is called while there are knotes active
506 * that reference the handlers below. And we have no obvious means to
507 * reach from the driver out to the kqueue's that reference them to get
508 * them to stop.
509 */
b0d623f7 510
6d2010ae
A		 511static void
512ptsd_kqops_detach(struct knote *kn)
b0d623f7 513{
cb323159 514 struct tty *tp = kn->kn_hook;
5ba3f43e
A		 515
516 tty_lock(tp);
517
518 /*
519 * Only detach knotes from open ttys -- ttyclose detaches all knotes
520 * under the lock and unsets TS_ISOPEN.
521 */
522 if (tp->t_state & TS_ISOPEN) {
523 switch (kn->kn_filter) {
524 case EVFILT_READ:
525 KNOTE_DETACH(&tp->t_rsel.si_note, kn);
526 break;
5ba3f43e
A		 527 case EVFILT_WRITE:
528 KNOTE_DETACH(&tp->t_wsel.si_note, kn);
529 break;
5ba3f43e
A		 530 default:
531 panic("invalid knote %p detach, filter: %d", kn, kn->kn_filter);
532 break;
6d2010ae 533 }
b0d623f7
A		 534 }
535
5ba3f43e 536 tty_unlock(tp);
5ba3f43e 537 ttyfree(tp);
b0d623f7
A		 538}
539
540static int
cb323159 541ptsd_kqops_common(struct knote *kn, struct kevent_qos_s *kev, struct tty *tp)
b0d623f7 542{
b0d623f7 543 int retval = 0;
cb323159 544 int64_t data = 0;
b0d623f7 545
5ba3f43e 546 TTY_LOCK_OWNED(tp);
b0d623f7 547
5ba3f43e
A		 548 switch (kn->kn_filter) {
549 case EVFILT_READ:
cb323159
A		 550 /*
551 * ttnread can change the tty state,
552 * hence must be done upfront, before any other check.
553 */
554 data = ttnread(tp);
555 retval = (data > 0);
5ba3f43e 556 break;
b0d623f7 557
5ba3f43e
A		 558 case EVFILT_WRITE:
559 if ((tp->t_outq.c_cc <= tp->t_lowat) &&
0a7de745 560 (tp->t_state & TS_CONNECTED)) {
cb323159 561 data = tp->t_outq.c_cn - tp->t_outq.c_cc;
5ba3f43e 562 retval = 1;
6d2010ae 563 }
5ba3f43e 564 break;
b0d623f7 565
5ba3f43e
A		 566 default:
567 panic("ptsd kevent: unexpected filter: %d, kn = %p, tty = %p",
0a7de745 568 kn->kn_filter, kn, tp);
5ba3f43e
A		 569 break;
570 }
b0d623f7 571
5ba3f43e
A		 572 if (tp->t_state & TS_ZOMBIE) {
573 kn->kn_flags |= EV_EOF;
cb323159
A		 574 }
575 if (kn->kn_flags & EV_EOF) {
5ba3f43e
A		 576 retval = 1;
577 }
cb323159
A		 578 if (retval && kev) {
579 knote_fill_kevent(kn, kev, data);
580 }
5ba3f43e
A		 581 return retval;
582}
39037602
A		 583
584static int
585ptsd_kqops_event(struct knote *kn, long hint)
586{
5ba3f43e
A		 587 struct tty *tp = kn->kn_hook;
588 int ret;
39037602 589
cb323159 590 TTY_LOCK_OWNED(tp);
5ba3f43e 591
cb323159 592 if (hint & NOTE_REVOKE) {
5ba3f43e
A		 593 kn->kn_flags |= EV_EOF | EV_ONESHOT;
594 ret = 1;
595 } else {
cb323159 596 ret = ptsd_kqops_common(kn, NULL, tp);
5ba3f43e
A		 597 }
598
599 return ret;
39037602 600}
39037602
A		 601
602static int
cb323159 603ptsd_kqops_touch(struct knote *kn, struct kevent_qos_s *kev)
39037602 604{
cb323159 605 struct tty *tp = kn->kn_hook;
5ba3f43e
A		 606 int ret;
607
5ba3f43e 608 tty_lock(tp);
39037602
A		 609
610 /* accept new kevent state */
611 kn->kn_sfflags = kev->fflags;
612 kn->kn_sdata = kev->data;
39037602
A		 613
614 /* recapture fired state of knote */
cb323159 615 ret = ptsd_kqops_common(kn, NULL, tp);
39037602 616
5ba3f43e 617 tty_unlock(tp);
39037602 618
5ba3f43e 619 return ret;
39037602
A		 620}
621
622static int
cb323159 623ptsd_kqops_process(struct knote *kn, struct kevent_qos_s *kev)
39037602 624{
5ba3f43e
A		 625 struct tty *tp = kn->kn_hook;
626 int ret;
39037602 627
5ba3f43e 628 tty_lock(tp);
cb323159 629 ret = ptsd_kqops_common(kn, kev, tp);
5ba3f43e
A		 630 tty_unlock(tp);
631
632 return ret;
39037602
A		 633}
634
b0d623f7
A		 635int
636ptsd_kqfilter(dev_t dev, struct knote *kn)
637{
5ba3f43e 638 struct tty *tp = NULL;
b0d623f7 639 struct ptmx_ioctl *pti = NULL;
5ba3f43e 640 int ret;
b0d623f7
A		 641
642 /* make sure we're talking about the right device type */
fe8ab488 643 if (cdevsw[major(dev)].d_open != ptsopen) {
5ba3f43e 644 knote_set_error(kn, ENODEV);
39037602 645 return 0;
b0d623f7
A		 646 }
647
648 if ((pti = ptmx_get_ioctl(minor(dev), 0)) == NULL) {
5ba3f43e
A		 649 knote_set_error(kn, ENXIO);
650 return 0;
b0d623f7
A		 651 }
652
653 tp = pti->pt_tty;
654 tty_lock(tp);
655
5ba3f43e 656 assert(tp->t_state & TS_ISOPEN);
39037602 657
5ba3f43e
A		 658 kn->kn_filtid = EVFILTID_PTSD;
659 /* the tty will be freed when detaching the knote */
660 ttyhold(tp);
661 kn->kn_hook = tp;
662
663 switch (kn->kn_filter) {
664 case EVFILT_READ:
665 KNOTE_ATTACH(&tp->t_rsel.si_note, kn);
666 break;
667 case EVFILT_WRITE:
668 KNOTE_ATTACH(&tp->t_wsel.si_note, kn);
669 break;
670 default:
671 panic("ptsd kevent: unexpected filter: %d, kn = %p, tty = %p",
0a7de745 672 kn->kn_filter, kn, tp);
5ba3f43e
A		 673 break;
674 }
39037602
A		 675
676 /* capture current event state */
cb323159 677 ret = ptsd_kqops_common(kn, NULL, tp);
39037602 678
5ba3f43e 679 tty_unlock(tp);
39037602 680
5ba3f43e 681 return ret;
b0d623f7
A		 682}
683
6d2010ae
A		 684/*
685 * Support for revoke(2).
6d2010ae
A		 686 */
687static void
5ba3f43e 688ptsd_revoke_knotes(__unused int minor, struct tty *tp)
6d2010ae 689{
6d2010ae
A		 690 tty_lock(tp);
691
6d2010ae 692 ttwakeup(tp);
cb323159
A		 693 assert((tp->t_rsel.si_flags & SI_KNPOSTING) == 0);
694 KNOTE(&tp->t_rsel.si_note, NOTE_REVOKE);
6d2010ae 695
5ba3f43e 696 ttwwakeup(tp);
cb323159
A		 697 assert((tp->t_wsel.si_flags & SI_KNPOSTING) == 0);
698 KNOTE(&tp->t_wsel.si_note, NOTE_REVOKE);
6d2010ae
A		 699
700 tty_unlock(tp);
6d2010ae 701}
5c9f4661
A		 702
703/*
704 * kevent filter routines for the master side of a pty, a ptmx.
705 *
706 * Stuff the ptmx_ioctl structure into the hook for ptmx knotes. Use the
707 * embedded tty's lock for synchronization.
708 */
709
710int ptmx_kqfilter(dev_t dev, struct knote *kn);
711static void ptmx_kqops_detach(struct knote *);
712static int ptmx_kqops_event(struct knote *, long);
cb323159
A		 713static int ptmx_kqops_touch(struct knote *kn, struct kevent_qos_s *kev);
714static int ptmx_kqops_process(struct knote *kn, struct kevent_qos_s *kev);
715static int ptmx_kqops_common(struct knote *kn, struct kevent_qos_s *kev,
716 struct ptmx_ioctl *pti, struct tty *tp);
5c9f4661
A		 717
718SECURITY_READ_ONLY_EARLY(struct filterops) ptmx_kqops = {
719 .f_isfd = 1,
720 /* attach is handled by ptmx_kqfilter -- the dev node must be passed in */
721 .f_detach = ptmx_kqops_detach,
722 .f_event = ptmx_kqops_event,
723 .f_touch = ptmx_kqops_touch,
724 .f_process = ptmx_kqops_process,
725};
726
727static struct ptmx_ioctl *
728ptmx_knote_ioctl(struct knote *kn)
729{
730 return (struct ptmx_ioctl *)kn->kn_hook;
731}
732
733static struct tty *
734ptmx_knote_tty(struct knote *kn)
735{
cb323159 736 return ptmx_knote_ioctl(kn)->pt_tty;
5c9f4661
A		 737}
738
739int
740ptmx_kqfilter(dev_t dev, struct knote *kn)
741{
742 struct tty *tp = NULL;
743 struct ptmx_ioctl *pti = NULL;
744 int ret;
745
746 /* make sure we're talking about the right device type */
747 if (cdevsw[major(dev)].d_open != ptcopen) {
748 knote_set_error(kn, ENODEV);
749 return 0;
750 }
751
752 if ((pti = ptmx_get_ioctl(minor(dev), 0)) == NULL) {
753 knote_set_error(kn, ENXIO);
754 return 0;
755 }
756
757 tp = pti->pt_tty;
758 tty_lock(tp);
759
760 kn->kn_filtid = EVFILTID_PTMX;
cb323159
A		 761 /* the tty will be freed when detaching the knote */
762 ttyhold(tp);
5c9f4661
A		 763 kn->kn_hook = pti;
764
765 /*
766 * Attach to the ptmx's selinfo structures. This is the major difference
767 * to the ptsd filtops, which use the selinfo structures in the tty
768 * structure.
769 */
770 switch (kn->kn_filter) {
771 case EVFILT_READ:
772 KNOTE_ATTACH(&pti->pt_selr.si_note, kn);
773 break;
774 case EVFILT_WRITE:
775 KNOTE_ATTACH(&pti->pt_selw.si_note, kn);
776 break;
777 default:
778 panic("ptmx kevent: unexpected filter: %d, kn = %p, tty = %p",
0a7de745 779 kn->kn_filter, kn, tp);
5c9f4661
A		 780 break;
781 }
782
783 /* capture current event state */
cb323159 784 ret = ptmx_kqops_common(kn, NULL, pti, tp);
5c9f4661 785
5c9f4661
A		 786 tty_unlock(tp);
787
788 return ret;
789}
790
791static void
792ptmx_kqops_detach(struct knote *kn)
793{
794 struct ptmx_ioctl *pti = kn->kn_hook;
795 struct tty *tp = pti->pt_tty;
796
5c9f4661
A		 797 tty_lock(tp);
798
799 switch (kn->kn_filter) {
800 case EVFILT_READ:
801 KNOTE_DETACH(&pti->pt_selr.si_note, kn);
802 break;
5c9f4661
A		 803 case EVFILT_WRITE:
804 KNOTE_DETACH(&pti->pt_selw.si_note, kn);
805 break;
5c9f4661
A		 806 default:
807 panic("invalid knote %p detach, filter: %d", kn, kn->kn_filter);
808 break;
809 }
810
5c9f4661 811 tty_unlock(tp);
5c9f4661
A		 812 ttyfree(tp);
813}
814
815static int
cb323159
A		 816ptmx_kqops_common(struct knote *kn, struct kevent_qos_s *kev,
817 struct ptmx_ioctl *pti, struct tty *tp)
5c9f4661
A		 818{
819 int retval = 0;
cb323159 820 int64_t data = 0;
5c9f4661
A		 821
822 TTY_LOCK_OWNED(tp);
823
5c9f4661
A		 824 switch (kn->kn_filter) {
825 case EVFILT_READ:
826 /* there's data on the TTY and it's not stopped */
827 if (tp->t_outq.c_cc && !(tp->t_state & TS_TTSTOP)) {
cb323159
A		 828 data = tp->t_outq.c_cc;
829 retval = data > 0;
5c9f4661 830 } else if (((pti->pt_flags & PF_PKT) && pti->pt_send) ||
0a7de745 831 ((pti->pt_flags & PF_UCNTL) && pti->pt_ucntl)) {
5c9f4661
A		 832 retval = 1;
833 }
834 break;
835
836 case EVFILT_WRITE:
837 if (pti->pt_flags & PF_REMOTE) {
838 if (tp->t_canq.c_cc == 0) {
839 retval = TTYHOG - 1;
840 }
841 } else {
842 retval = (TTYHOG - 2) - (tp->t_rawq.c_cc + tp->t_canq.c_cc);
843 if (tp->t_canq.c_cc == 0 && (tp->t_lflag & ICANON)) {
844 retval = 1;
845 }
846 if (retval < 0) {
847 retval = 0;
848 }
849 }
850 break;
851
852 default:
853 panic("ptmx kevent: unexpected filter: %d, kn = %p, tty = %p",
0a7de745 854 kn->kn_filter, kn, tp);
5c9f4661
A		 855 break;
856 }
857
cb323159
A		 858 /* disconnects should force a wakeup (EOF) */
859 if (!(tp->t_state & TS_CONNECTED) || (tp->t_state & TS_ZOMBIE)) {
5c9f4661 860 kn->kn_flags |= EV_EOF;
cb323159
A		 861 }
862 if (kn->kn_flags & EV_EOF) {
5c9f4661
A		 863 retval = 1;
864 }
cb323159
A		 865 if (retval && kev) {
866 knote_fill_kevent(kn, kev, data);
867 }
5c9f4661
A		 868 return retval;
869}
870
871static int
872ptmx_kqops_event(struct knote *kn, long hint)
873{
874 struct ptmx_ioctl *pti = ptmx_knote_ioctl(kn);
875 struct tty *tp = ptmx_knote_tty(kn);
876 int ret;
5c9f4661 877
cb323159 878 TTY_LOCK_OWNED(tp);
5c9f4661 879
cb323159 880 if (hint & NOTE_REVOKE) {
5c9f4661
A		 881 kn->kn_flags |= EV_EOF | EV_ONESHOT;
882 ret = 1;
883 } else {
cb323159 884 ret = ptmx_kqops_common(kn, NULL, pti, tp);
5c9f4661
A		 885 }
886
887 return ret;
888}
889
890static int
cb323159 891ptmx_kqops_touch(struct knote *kn, struct kevent_qos_s *kev)
5c9f4661
A		 892{
893 struct ptmx_ioctl *pti = ptmx_knote_ioctl(kn);
894 struct tty *tp = ptmx_knote_tty(kn);
895 int ret;
896
897 tty_lock(tp);
898
899 /* accept new kevent state */
900 kn->kn_sfflags = kev->fflags;
901 kn->kn_sdata = kev->data;
5c9f4661
A		 902
903 /* recapture fired state of knote */
cb323159 904 ret = ptmx_kqops_common(kn, NULL, pti, tp);
5c9f4661
A		 905
906 tty_unlock(tp);
907
908 return ret;
909}
910
911static int
cb323159 912ptmx_kqops_process(struct knote *kn, struct kevent_qos_s *kev)
5c9f4661
A		 913{
914 struct ptmx_ioctl *pti = ptmx_knote_ioctl(kn);
915 struct tty *tp = ptmx_knote_tty(kn);
916 int ret;
917
918 tty_lock(tp);
cb323159 919 ret = ptmx_kqops_common(kn, kev, pti, tp);
5c9f4661
A		 920 tty_unlock(tp);
921
922 return ret;
923}
mirror of XNU