]> git.saurik.com Git - apple/xnu.git/blob - bsd/kern/tty_ptmx.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-2422.100.13.tar.gz
[apple/xnu.git] / bsd / kern / tty_ptmx.c
1 /*
2 * Copyright (c) 1997-2010 Apple Computer, Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (c) 1982, 1986, 1989, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
34 * are met:
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. All advertising materials mentioning features or use of this software
41 * must display the following acknowledgement:
42 * This product includes software developed by the University of
43 * California, Berkeley and its contributors.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)tty_pty.c 8.4 (Berkeley) 2/20/95
61 */
62
63 /*
64 * Pseudo-teletype Driver
65 * (Actually two drivers, requiring two entries in 'cdevsw')
66 */
67 #include "pty.h" /* XXX */
68
69 #include <sys/param.h>
70 #include <sys/systm.h>
71 #include <sys/ioctl.h>
72 #include <sys/proc_internal.h>
73 #include <sys/kauth.h>
74 #include <sys/tty.h>
75 #include <sys/conf.h>
76 #include <sys/file_internal.h>
77 #include <sys/uio_internal.h>
78 #include <sys/kernel.h>
79 #include <sys/vnode.h>
80 #include <sys/vnode_internal.h> /* _devfs_setattr() */
81 #include <sys/stat.h> /* _devfs_setattr() */
82 #include <sys/user.h>
83 #include <sys/signalvar.h>
84 #include <sys/sysctl.h>
85 #include <miscfs/devfs/devfs.h>
86 #include <miscfs/devfs/devfsdefs.h> /* DEVFS_LOCK()/DEVFS_UNLOCK() */
87
88 #if CONFIG_MACF
89 #include <security/mac_framework.h>
90 #endif
91
92 /* XXX belongs in devfs somewhere - LATER */
93 int _devfs_setattr(void *, unsigned short, uid_t, gid_t);
94
95
96 #define FREE_BSDSTATIC __private_extern__
97 #define d_devtotty_t struct tty **
98
99 /*
100 * Forward declarations
101 */
102 int ptmx_init(int n_ptys);
103 static void ptsd_start(struct tty *tp);
104 static void ptmx_wakeup(struct tty *tp, int flag);
105 __XNU_PRIVATE_EXTERN d_open_t ptsd_open;
106 __XNU_PRIVATE_EXTERN d_close_t ptsd_close;
107 __XNU_PRIVATE_EXTERN d_read_t ptsd_read;
108 __XNU_PRIVATE_EXTERN d_write_t ptsd_write;
109 __XNU_PRIVATE_EXTERN d_ioctl_t cptyioctl; /* common ioctl */
110 __XNU_PRIVATE_EXTERN d_stop_t ptsd_stop;
111 __XNU_PRIVATE_EXTERN d_reset_t ptsd_reset;
112 __XNU_PRIVATE_EXTERN d_open_t ptmx_open;
113 __XNU_PRIVATE_EXTERN d_close_t ptmx_close;
114 __XNU_PRIVATE_EXTERN d_read_t ptmx_read;
115 __XNU_PRIVATE_EXTERN d_write_t ptmx_write;
116 __XNU_PRIVATE_EXTERN d_stop_t ptmx_stop; /* NO-OP */
117 __XNU_PRIVATE_EXTERN d_reset_t ptmx_reset;
118 __XNU_PRIVATE_EXTERN d_select_t ptmx_select;
119 __XNU_PRIVATE_EXTERN d_select_t ptsd_select;
120
121 extern d_devtotty_t ptydevtotty;
122
123 static int ptmx_major; /* dynamically assigned major number */
124 static struct cdevsw ptmx_cdev = {
125 ptmx_open, ptmx_close, ptmx_read, ptmx_write,
126 cptyioctl, ptmx_stop, ptmx_reset, 0,
127 ptmx_select, eno_mmap, eno_strat, eno_getc,
128 eno_putc, D_TTY
129 };
130
131 static int ptsd_major; /* dynamically assigned major number */
132 static struct cdevsw ptsd_cdev = {
133 ptsd_open, ptsd_close, ptsd_read, ptsd_write,
134 cptyioctl, ptsd_stop, ptsd_reset, 0,
135 ptsd_select, eno_mmap, eno_strat, eno_getc,
136 eno_putc, D_TTY
137 };
138
139 /*
140 * XXX Should be devfs function... and use VATTR mechanisms, per
141 * XXX vnode_setattr2(); only we maybe can't really get back to the
142 * XXX vnode here for cloning devices (but it works for *cloned* devices
143 * XXX that are not themselves cloning).
144 *
145 * Returns: 0 Success
146 * namei:???
147 * vnode_setattr:???
148 */
149 int
150 _devfs_setattr(void * handle, unsigned short mode, uid_t uid, gid_t gid)
151 {
152 devdirent_t *direntp = (devdirent_t *)handle;
153 devnode_t *devnodep;
154 int error = EACCES;
155 vfs_context_t ctx = vfs_context_current();;
156 struct vnode_attr va;
157
158 VATTR_INIT(&va);
159 VATTR_SET(&va, va_uid, uid);
160 VATTR_SET(&va, va_gid, gid);
161 VATTR_SET(&va, va_mode, mode & ALLPERMS);
162
163 /*
164 * If the TIOCPTYGRANT loses the race with the clone operation because
165 * this function is not part of devfs, and therefore can't take the
166 * devfs lock to protect the direntp update, then force user space to
167 * redrive the grant request.
168 */
169 if (direntp == NULL || (devnodep = direntp->de_dnp) == NULL) {
170 error = ERESTART;
171 goto out;
172 }
173
174 /*
175 * Only do this if we are operating on device that doesn't clone
176 * each time it's referenced. We perform a lookup on the device
177 * to insure we get the right instance. We can't just use the call
178 * to devfs_dntovn() to get the vp for the operation, because
179 * dn_dvm may not have been initialized.
180 */
181 if (devnodep->dn_clone == NULL) {
182 struct nameidata nd;
183 char name[128];
184
185 snprintf(name, sizeof(name), "/dev/%s", direntp->de_name);
186 NDINIT(&nd, LOOKUP, OP_SETATTR, FOLLOW, UIO_SYSSPACE, CAST_USER_ADDR_T(name), ctx);
187 error = namei(&nd);
188 if (error)
189 goto out;
190 error = vnode_setattr(nd.ni_vp, &va, ctx);
191 vnode_put(nd.ni_vp);
192 nameidone(&nd);
193 goto out;
194 }
195
196 out:
197 return(error);
198 }
199
200
201
202 #define BUFSIZ 100 /* Chunk size iomoved to/from user */
203
204 /*
205 * ptmx == /dev/ptmx
206 * ptsd == /dev/pts[0123456789]{3}
207 */
208 #define PTMX_TEMPLATE "ptmx"
209 #define PTSD_TEMPLATE "ttys%03d"
210
211 /*
212 * System-wide limit on the max number of cloned ptys
213 */
214 #define PTMX_MAX_DEFAULT 127 /* 128 entries */
215 #define PTMX_MAX_HARD 999 /* 1000 entries, due to PTSD_TEMPLATE */
216
217 static int ptmx_max = PTMX_MAX_DEFAULT; /* default # of clones we allow */
218
219 /* Range enforcement for the sysctl */
220 static int
221 sysctl_ptmx_max(__unused struct sysctl_oid *oidp, __unused void *arg1,
222 __unused int arg2, struct sysctl_req *req)
223 {
224 int new_value, changed;
225 int error = sysctl_io_number(req, ptmx_max, sizeof(int), &new_value, &changed);
226 if (changed) {
227 if (new_value > 0 && new_value <= PTMX_MAX_HARD)
228 ptmx_max = new_value;
229 else
230 error = EINVAL;
231 }
232 return(error);
233 }
234
235 SYSCTL_NODE(_kern, KERN_TTY, tty, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "TTY");
236 SYSCTL_PROC(_kern_tty, OID_AUTO, ptmx_max,
237 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED,
238 &ptmx_max, 0, &sysctl_ptmx_max, "I", "ptmx_max");
239
240
241 /*
242 * ptmx_ioctl is a pointer to a list of pointers to tty structures which is
243 * grown, as necessary, copied, and replaced, but never shrunk. The ioctl
244 * structures themselves pointed to from this list come and go as needed.
245 */
246 struct ptmx_ioctl {
247 struct tty *pt_tty; /* pointer to ttymalloc()'ed data */
248 int pt_flags;
249 struct selinfo pt_selr;
250 struct selinfo pt_selw;
251 u_char pt_send;
252 u_char pt_ucntl;
253 void *pt_devhandle; /* cloned slave device handle */
254 };
255
256 #define PF_PKT 0x0008 /* packet mode */
257 #define PF_STOPPED 0x0010 /* user told stopped */
258 #define PF_REMOTE 0x0020 /* remote and flow controlled input */
259 #define PF_NOSTOP 0x0040
260 #define PF_UCNTL 0x0080 /* user control mode */
261 #define PF_UNLOCKED 0x0100 /* slave unlock (master open resets) */
262 #define PF_OPEN_M 0x0200 /* master is open */
263 #define PF_OPEN_S 0x0400 /* slave is open */
264
265 static int ptmx_clone(dev_t dev, int minor);
266
267 /*
268 * Set of locks to keep the interaction between kevents and revoke
269 * from causing havoc.
270 */
271
272 #define LOG2_PTSD_KE_NLCK 2
273 #define PTSD_KE_NLCK (1l << LOG2_PTSD_KE_NLCK)
274 #define PTSD_KE_LOCK_INDEX(x) ((x) & (PTSD_KE_NLCK - 1))
275
276 static lck_mtx_t ptsd_kevent_lock[PTSD_KE_NLCK];
277
278 static void
279 ptsd_kevent_lock_init(void)
280 {
281 int i;
282 lck_grp_t *lgrp = lck_grp_alloc_init("ptsd kevent", LCK_GRP_ATTR_NULL);
283
284 for (i = 0; i < PTSD_KE_NLCK; i++)
285 lck_mtx_init(&ptsd_kevent_lock[i], lgrp, LCK_ATTR_NULL);
286 }
287
288 static void
289 ptsd_kevent_mtx_lock(int minor)
290 {
291 lck_mtx_lock(&ptsd_kevent_lock[PTSD_KE_LOCK_INDEX(minor)]);
292 }
293
294 static void
295 ptsd_kevent_mtx_unlock(int minor)
296 {
297 lck_mtx_unlock(&ptsd_kevent_lock[PTSD_KE_LOCK_INDEX(minor)]);
298 }
299
300 int
301 ptmx_init( __unused int config_count)
302 {
303 /*
304 * We start looking at slot 10, since there are inits that will
305 * stomp explicit slots (e.g. vndevice stomps 1) below that.
306 */
307
308 /* Get a major number for /dev/ptmx */
309 if((ptmx_major = cdevsw_add(-15, &ptmx_cdev)) == -1) {
310 printf("ptmx_init: failed to obtain /dev/ptmx major number\n");
311 return (ENOENT);
312 }
313
314 if (cdevsw_setkqueueok(ptmx_major, &ptmx_cdev, 0) == -1) {
315 panic("Failed to set flags on ptmx cdevsw entry.");
316 }
317
318 /* Get a major number for /dev/pts/nnn */
319 if ((ptsd_major = cdevsw_add(-15, &ptsd_cdev)) == -1) {
320 (void)cdevsw_remove(ptmx_major, &ptmx_cdev);
321 printf("ptmx_init: failed to obtain /dev/ptmx major number\n");
322 return (ENOENT);
323 }
324
325 if (cdevsw_setkqueueok(ptsd_major, &ptsd_cdev, 0) == -1) {
326 panic("Failed to set flags on ptmx cdevsw entry.");
327 }
328
329 /*
330 * Locks to guard against races between revoke and kevents
331 */
332 ptsd_kevent_lock_init();
333
334 /* Create the /dev/ptmx device {<major>,0} */
335 (void)devfs_make_node_clone(makedev(ptmx_major, 0),
336 DEVFS_CHAR, UID_ROOT, GID_TTY, 0666,
337 ptmx_clone, PTMX_TEMPLATE);
338 return (0);
339 }
340
341
342 static struct _ptmx_ioctl_state {
343 struct ptmx_ioctl **pis_ioctl_list; /* pointer vector */
344 int pis_total; /* total slots */
345 int pis_free; /* free slots */
346 } _state;
347 #define PTMX_GROW_VECTOR 16 /* Grow by this many slots at a time */
348
349 /*
350 * Given a minor number, return the corresponding structure for that minor
351 * number. If there isn't one, and the create flag is specified, we create
352 * one if possible.
353 *
354 * Parameters: minor Minor number of ptmx device
355 * open_flag PF_OPEN_M First open of master
356 * PF_OPEN_S First open of slave
357 * 0 Just want ioctl struct
358 *
359 * Returns: NULL Did not exist/could not create
360 * !NULL structure corresponding minor number
361 *
362 * Locks: tty_lock() on ptmx_ioctl->pt_tty NOT held on entry or exit.
363 */
364 static struct ptmx_ioctl *
365 ptmx_get_ioctl(int minor, int open_flag)
366 {
367 struct ptmx_ioctl *new_ptmx_ioctl;
368
369 if (open_flag & PF_OPEN_M) {
370
371 /*
372 * If we are about to allocate more memory, but we have
373 * already hit the administrative limit, then fail the
374 * operation.
375 *
376 * Note: Subtract free from total when making this
377 * check to allow unit increments, rather than
378 * snapping to the nearest PTMX_GROW_VECTOR...
379 */
380 if ((_state.pis_total - _state.pis_free) >= ptmx_max) {
381 return (NULL);
382 }
383
384 MALLOC(new_ptmx_ioctl, struct ptmx_ioctl *, sizeof(struct ptmx_ioctl), M_TTYS, M_WAITOK|M_ZERO);
385 if (new_ptmx_ioctl == NULL) {
386 return (NULL);
387 }
388
389 if ((new_ptmx_ioctl->pt_tty = ttymalloc()) == NULL) {
390 FREE(new_ptmx_ioctl, M_TTYS);
391 return (NULL);
392 }
393
394 /*
395 * Hold the DEVFS_LOCK() over this whole operation; devfs
396 * itself does this over malloc/free as well, so this should
397 * be safe to do. We hold it longer than we want to, but
398 * doing so avoids a reallocation race on the minor number.
399 */
400 DEVFS_LOCK();
401 /* Need to allocate a larger vector? */
402 if (_state.pis_free == 0) {
403 struct ptmx_ioctl **new_pis_ioctl_list;
404 struct ptmx_ioctl **old_pis_ioctl_list = NULL;
405
406 /* Yes. */
407 MALLOC(new_pis_ioctl_list, struct ptmx_ioctl **, sizeof(struct ptmx_ioctl *) * (_state.pis_total + PTMX_GROW_VECTOR), M_TTYS, M_WAITOK|M_ZERO);
408 if (new_pis_ioctl_list == NULL) {
409 ttyfree(new_ptmx_ioctl->pt_tty);
410 DEVFS_UNLOCK();
411 FREE(new_ptmx_ioctl, M_TTYS);
412 return (NULL);
413 }
414
415 /* If this is not the first time, copy the old over */
416 bcopy(_state.pis_ioctl_list, new_pis_ioctl_list, sizeof(struct ptmx_ioctl *) * _state.pis_total);
417 old_pis_ioctl_list = _state.pis_ioctl_list;
418 _state.pis_ioctl_list = new_pis_ioctl_list;
419 _state.pis_free += PTMX_GROW_VECTOR;
420 _state.pis_total += PTMX_GROW_VECTOR;
421 if (old_pis_ioctl_list)
422 FREE(old_pis_ioctl_list, M_TTYS);
423 }
424
425 if (_state.pis_ioctl_list[minor] != NULL) {
426 ttyfree(new_ptmx_ioctl->pt_tty);
427 DEVFS_UNLOCK();
428 FREE(new_ptmx_ioctl, M_TTYS);
429
430 /* Special error value so we know to redrive the open, we've been raced */
431 return (struct ptmx_ioctl*)-1;
432
433 }
434
435 /* Vector is large enough; grab a new ptmx_ioctl */
436
437 /* Now grab a free slot... */
438 _state.pis_ioctl_list[minor] = new_ptmx_ioctl;
439
440 /* reduce free count */
441 _state.pis_free--;
442
443 _state.pis_ioctl_list[minor]->pt_flags |= PF_OPEN_M;
444 DEVFS_UNLOCK();
445
446 /* Create the /dev/ttysXXX device {<major>,XXX} */
447 _state.pis_ioctl_list[minor]->pt_devhandle = devfs_make_node(
448 makedev(ptsd_major, minor),
449 DEVFS_CHAR, UID_ROOT, GID_TTY, 0620,
450 PTSD_TEMPLATE, minor);
451 if (_state.pis_ioctl_list[minor]->pt_devhandle == NULL) {
452 printf("devfs_make_node() call failed for ptmx_get_ioctl()!!!!\n");
453 }
454 } else if (open_flag & PF_OPEN_S) {
455 DEVFS_LOCK();
456 _state.pis_ioctl_list[minor]->pt_flags |= PF_OPEN_S;
457 DEVFS_UNLOCK();
458 }
459 return (_state.pis_ioctl_list[minor]);
460 }
461
462 /*
463 * Locks: tty_lock() of old_ptmx_ioctl->pt_tty NOT held for this call.
464 */
465 static int
466 ptmx_free_ioctl(int minor, int open_flag)
467 {
468 struct ptmx_ioctl *old_ptmx_ioctl = NULL;
469
470 DEVFS_LOCK();
471 _state.pis_ioctl_list[minor]->pt_flags &= ~(open_flag);
472
473 /*
474 * Was this the last close? We will recognize it because we only get
475 * a notification on the last close of a device, and we will have
476 * cleared both the master and the slave open bits in the flags.
477 */
478 if (!(_state.pis_ioctl_list[minor]->pt_flags & (PF_OPEN_M|PF_OPEN_S))) {
479 /* Mark as free so it can be reallocated later */
480 old_ptmx_ioctl = _state.pis_ioctl_list[ minor];
481 }
482 DEVFS_UNLOCK();
483
484 /* Free old after dropping lock */
485 if (old_ptmx_ioctl != NULL) {
486 /*
487 * XXX See <rdar://5348651> and <rdar://4854638>
488 *
489 * XXX Conditional to be removed when/if tty/pty reference
490 * XXX counting and mutex implemented.
491 */
492 if (old_ptmx_ioctl->pt_devhandle != NULL)
493 devfs_remove(old_ptmx_ioctl->pt_devhandle);
494 ttyfree(old_ptmx_ioctl->pt_tty);
495 FREE(old_ptmx_ioctl, M_TTYS);
496
497 /* Don't remove the entry until the devfs slot is free */
498 DEVFS_LOCK();
499 _state.pis_ioctl_list[ minor] = NULL;
500 _state.pis_free++;
501 DEVFS_UNLOCK();
502 }
503
504 return (0); /* Success */
505 }
506
507
508
509
510 /*
511 * Given the dev entry that's being opened, we clone the device. This driver
512 * doesn't actually use the dev entry, since we alreaqdy know who we are by
513 * being called from this code. This routine is a callback registered from
514 * devfs_make_node_clone() in ptmx_init(); it's purpose is to provide a new
515 * minor number, or to return -1, if one can't be provided.
516 *
517 * Parameters: dev The device we are cloning from
518 *
519 * Returns: >= 0 A new minor device number
520 * -1 Error: ENOMEM ("Can't alloc device")
521 *
522 * NOTE: Called with DEVFS_LOCK() held
523 */
524 static int
525 ptmx_clone(__unused dev_t dev, int action)
526 {
527 int i;
528
529 if (action == DEVFS_CLONE_ALLOC) {
530 /* First one */
531 if (_state.pis_total == 0)
532 return (0);
533
534 /*
535 * Note: We can add hinting on free slots, if this linear search
536 * ends up being a performance bottleneck...
537 */
538 for(i = 0; i < _state.pis_total; i++) {
539 if (_state.pis_ioctl_list[ i] == NULL)
540 break;
541 }
542
543 /*
544 * XXX We fall off the end here; if we did this twice at the
545 * XXX same time, we could return the same minor to two
546 * XXX callers; we should probably exand the pointer vector
547 * XXX here, but I need more information on the MALLOC/FREE
548 * XXX locking to ensure against a deadlock. Maybe we can
549 * XXX just high watermark it at 1/2 of PTMX_GROW_VECTOR?
550 * XXX That would require returning &minor as implict return
551 * XXX and an error code ("EAGAIN/ERESTART") or 0 as our
552 * XXX explicit return.
553 */
554
555 return (i); /* empty slot or next slot */
556 }
557 return(-1);
558 }
559
560 FREE_BSDSTATIC int
561 ptsd_open(dev_t dev, int flag, __unused int devtype, __unused proc_t p)
562 {
563 struct tty *tp;
564 struct ptmx_ioctl *pti;
565 int error;
566
567 if ((pti = ptmx_get_ioctl(minor(dev), 0)) == NULL) {
568 return (ENXIO);
569 }
570
571 if (!(pti->pt_flags & PF_UNLOCKED)) {
572 return (EAGAIN);
573 }
574
575 tp = pti->pt_tty;
576 tty_lock(tp);
577
578 if ((tp->t_state & TS_ISOPEN) == 0) {
579 termioschars(&tp->t_termios); /* Set up default chars */
580 tp->t_iflag = TTYDEF_IFLAG;
581 tp->t_oflag = TTYDEF_OFLAG;
582 tp->t_lflag = TTYDEF_LFLAG;
583 tp->t_cflag = TTYDEF_CFLAG;
584 tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED;
585 ttsetwater(tp); /* would be done in xxparam() */
586 } else if (tp->t_state&TS_XCLUDE && suser(kauth_cred_get(), NULL)) {
587 error = EBUSY;
588 goto out;
589 }
590 if (tp->t_oproc) /* Ctrlr still around. */
591 (void)(*linesw[tp->t_line].l_modem)(tp, 1);
592 while ((tp->t_state & TS_CARR_ON) == 0) {
593 if (flag&FNONBLOCK)
594 break;
595 error = ttysleep(tp, TSA_CARR_ON(tp), TTIPRI | PCATCH,
596 "ptsd_opn", 0);
597 if (error)
598 goto out;
599 }
600 error = (*linesw[tp->t_line].l_open)(dev, tp);
601 /* Successful open; mark as open by the slave */
602 pti->pt_flags |= PF_OPEN_S;
603 CLR(tp->t_state, TS_IOCTL_NOT_OK);
604 if (error == 0)
605 ptmx_wakeup(tp, FREAD|FWRITE);
606 out:
607 tty_unlock(tp);
608 return (error);
609 }
610
611 static void ptsd_revoke_knotes(dev_t, struct tty *);
612
613 FREE_BSDSTATIC int
614 ptsd_close(dev_t dev, int flag, __unused int mode, __unused proc_t p)
615 {
616 struct tty *tp;
617 struct ptmx_ioctl *pti;
618 int err;
619
620 /*
621 * This is temporary until the VSX conformance tests
622 * are fixed. They are hanging with a deadlock
623 * where close(ptsd) will not complete without t_timeout set
624 */
625 #define FIX_VSX_HANG 1
626 #ifdef FIX_VSX_HANG
627 int save_timeout;
628 #endif
629 pti = ptmx_get_ioctl(minor(dev), 0);
630
631 tp = pti->pt_tty;
632 tty_lock(tp);
633
634 #ifdef FIX_VSX_HANG
635 save_timeout = tp->t_timeout;
636 tp->t_timeout = 60;
637 #endif
638 err = (*linesw[tp->t_line].l_close)(tp, flag);
639 ptsd_stop(tp, FREAD|FWRITE);
640 (void) ttyclose(tp);
641 #ifdef FIX_VSX_HANG
642 tp->t_timeout = save_timeout;
643 #endif
644 tty_unlock(tp);
645
646 if ((flag & IO_REVOKE) == IO_REVOKE)
647 ptsd_revoke_knotes(dev, tp);
648
649 /* unconditional, just like ttyclose() */
650 ptmx_free_ioctl(minor(dev), PF_OPEN_S);
651
652 return (err);
653 }
654
655 FREE_BSDSTATIC int
656 ptsd_read(dev_t dev, struct uio *uio, int flag)
657 {
658 proc_t p = current_proc();
659
660 struct tty *tp;
661 struct ptmx_ioctl *pti;
662 int error = 0;
663 struct uthread *ut;
664 struct pgrp * pg;
665
666 pti = ptmx_get_ioctl(minor(dev), 0);
667
668 tp = pti->pt_tty;
669 tty_lock(tp);
670
671 ut = (struct uthread *)get_bsdthread_info(current_thread());
672 again:
673 if (pti->pt_flags & PF_REMOTE) {
674 while (isbackground(p, tp)) {
675 if ((p->p_sigignore & sigmask(SIGTTIN)) ||
676 (ut->uu_sigmask & sigmask(SIGTTIN)) ||
677 p->p_lflag & P_LPPWAIT) {
678 error = EIO;
679 goto out;
680 }
681 pg = proc_pgrp(p);
682 if (pg == PGRP_NULL) {
683 error = EIO;
684 goto out;
685 }
686 /*
687 * SAFE: We about to drop the lock ourselves by
688 * SAFE: erroring out or sleeping anyway.
689 */
690 tty_unlock(tp);
691 if (pg->pg_jobc == 0) {
692 pg_rele(pg);
693 tty_lock(tp);
694 error = EIO;
695 goto out;
696 }
697 pgsignal(pg, SIGTTIN, 1);
698 pg_rele(pg);
699 tty_lock(tp);
700
701 error = ttysleep(tp, &ptsd_read, TTIPRI | PCATCH | PTTYBLOCK, "ptsd_bg",
702 hz);
703 if (error)
704 goto out;
705 }
706 if (tp->t_canq.c_cc == 0) {
707 if (flag & IO_NDELAY) {
708 error = EWOULDBLOCK;
709 goto out;
710 }
711 error = ttysleep(tp, TSA_PTS_READ(tp), TTIPRI | PCATCH,
712 "ptsd_in", 0);
713 if (error)
714 goto out;
715 goto again;
716 }
717 while (tp->t_canq.c_cc > 1 && uio_resid(uio) > 0) {
718 int cc;
719 char buf[BUFSIZ];
720
721 cc = MIN(uio_resid(uio), BUFSIZ);
722 // Don't copy the very last byte
723 cc = MIN(cc, tp->t_canq.c_cc - 1);
724 cc = q_to_b(&tp->t_canq, (u_char *)buf, cc);
725 error = uiomove(buf, cc, uio);
726 if (error)
727 break;
728 }
729 if (tp->t_canq.c_cc == 1)
730 (void) getc(&tp->t_canq);
731 if (tp->t_canq.c_cc)
732 goto out;
733 } else
734 if (tp->t_oproc)
735 error = (*linesw[tp->t_line].l_read)(tp, uio, flag);
736 ptmx_wakeup(tp, FWRITE);
737 out:
738 tty_unlock(tp);
739 return (error);
740 }
741
742 /*
743 * Write to pseudo-tty.
744 * Wakeups of controlling tty will happen
745 * indirectly, when tty driver calls ptsd_start.
746 */
747 FREE_BSDSTATIC int
748 ptsd_write(dev_t dev, struct uio *uio, int flag)
749 {
750 struct tty *tp;
751 struct ptmx_ioctl *pti;
752 int error;
753
754 pti = ptmx_get_ioctl(minor(dev), 0);
755
756 tp = pti->pt_tty;
757 tty_lock(tp);
758
759 if (tp->t_oproc == 0)
760 error = EIO;
761 else
762 error = (*linesw[tp->t_line].l_write)(tp, uio, flag);
763
764 tty_unlock(tp);
765 return (error);
766 }
767
768 /*
769 * Start output on pseudo-tty.
770 * Wake up process selecting or sleeping for input from controlling tty.
771 *
772 * t_oproc for this driver; called from within the line discipline
773 *
774 * Locks: Assumes tp is locked on entry, remains locked on exit
775 */
776 static void
777 ptsd_start(struct tty *tp)
778 {
779 struct ptmx_ioctl *pti;
780
781 pti = ptmx_get_ioctl(minor(tp->t_dev), 0);
782
783 if (tp->t_state & TS_TTSTOP)
784 goto out;
785 if (pti->pt_flags & PF_STOPPED) {
786 pti->pt_flags &= ~PF_STOPPED;
787 pti->pt_send = TIOCPKT_START;
788 }
789 ptmx_wakeup(tp, FREAD);
790 out:
791 return;
792 }
793
794 /*
795 * Locks: Assumes tty_lock() is held over this call.
796 */
797 static void
798 ptmx_wakeup(struct tty *tp, int flag)
799 {
800 struct ptmx_ioctl *pti;
801
802 pti = ptmx_get_ioctl(minor(tp->t_dev), 0);
803
804 if (flag & FREAD) {
805 selwakeup(&pti->pt_selr);
806 wakeup(TSA_PTC_READ(tp));
807 }
808 if (flag & FWRITE) {
809 selwakeup(&pti->pt_selw);
810 wakeup(TSA_PTC_WRITE(tp));
811 }
812 }
813
814 FREE_BSDSTATIC int
815 ptmx_open(dev_t dev, __unused int flag, __unused int devtype, __unused proc_t p)
816 {
817 struct tty *tp;
818 struct ptmx_ioctl *pti;
819 int error = 0;
820
821 pti = ptmx_get_ioctl(minor(dev), PF_OPEN_M);
822 if (pti == NULL) {
823 return (ENXIO);
824 } else if (pti == (struct ptmx_ioctl*)-1) {
825 return (EREDRIVEOPEN);
826 }
827
828 tp = pti->pt_tty;
829 tty_lock(tp);
830
831 /* If master is open OR slave is still draining, pty is still busy */
832 if (tp->t_oproc || (tp->t_state & TS_ISOPEN)) {
833 tty_unlock(tp);
834 /*
835 * If master is closed, we are the only reference, so we
836 * need to clear the master open bit
837 */
838 if (!tp->t_oproc)
839 ptmx_free_ioctl(minor(dev), PF_OPEN_M);
840 error = EBUSY;
841 goto err;
842 }
843 tp->t_oproc = ptsd_start;
844 CLR(tp->t_state, TS_ZOMBIE);
845 SET(tp->t_state, TS_IOCTL_NOT_OK);
846 #ifdef sun4c
847 tp->t_stop = ptsd_stop;
848 #endif
849 (void)(*linesw[tp->t_line].l_modem)(tp, 1);
850 tp->t_lflag &= ~EXTPROC;
851
852 tty_unlock(tp);
853 err:
854 return (error);
855 }
856
857 FREE_BSDSTATIC int
858 ptmx_close(dev_t dev, __unused int flags, __unused int fmt, __unused proc_t p)
859 {
860 struct tty *tp;
861 struct ptmx_ioctl *pti;
862
863 pti = ptmx_get_ioctl(minor(dev), 0);
864
865 tp = pti->pt_tty;
866 tty_lock(tp);
867
868 (void)(*linesw[tp->t_line].l_modem)(tp, 0);
869
870 /*
871 * XXX MDMBUF makes no sense for ptys but would inhibit the above
872 * l_modem(). CLOCAL makes sense but isn't supported. Special
873 * l_modem()s that ignore carrier drop make no sense for ptys but
874 * may be in use because other parts of the line discipline make
875 * sense for ptys. Recover by doing everything that a normal
876 * ttymodem() would have done except for sending a SIGHUP.
877 */
878 if (tp->t_state & TS_ISOPEN) {
879 tp->t_state &= ~(TS_CARR_ON | TS_CONNECTED);
880 tp->t_state |= TS_ZOMBIE;
881 ttyflush(tp, FREAD | FWRITE);
882 }
883
884 tp->t_oproc = 0; /* mark closed */
885
886 tty_unlock(tp);
887
888 ptmx_free_ioctl(minor(dev), PF_OPEN_M);
889
890 #if CONFIG_MACF
891 mac_pty_notify_close(p, tp, dev, NULL);
892 #endif
893
894 return (0);
895 }
896
897 FREE_BSDSTATIC int
898 ptmx_read(dev_t dev, struct uio *uio, int flag)
899 {
900 struct tty *tp;
901 struct ptmx_ioctl *pti;
902 char buf[BUFSIZ];
903 int error = 0, cc;
904
905 pti = ptmx_get_ioctl(minor(dev), 0);
906
907 tp = pti->pt_tty;
908 tty_lock(tp);
909
910 /*
911 * We want to block until the slave
912 * is open, and there's something to read;
913 * but if we lost the slave or we're NBIO,
914 * then return the appropriate error instead.
915 */
916 for (;;) {
917 if (tp->t_state&TS_ISOPEN) {
918 if (pti->pt_flags & PF_PKT && pti->pt_send) {
919 error = ureadc((int)pti->pt_send, uio);
920 if (error)
921 goto out;
922 if (pti->pt_send & TIOCPKT_IOCTL) {
923 cc = MIN(uio_resid(uio),
924 (user_ssize_t)sizeof(tp->t_termios));
925 uiomove((caddr_t)&tp->t_termios, cc,
926 uio);
927 }
928 pti->pt_send = 0;
929 goto out;
930 }
931 if (pti->pt_flags & PF_UCNTL && pti->pt_ucntl) {
932 error = ureadc((int)pti->pt_ucntl, uio);
933 if (error)
934 goto out;
935 pti->pt_ucntl = 0;
936 goto out;
937 }
938 if (tp->t_outq.c_cc && (tp->t_state&TS_TTSTOP) == 0)
939 break;
940 }
941 if ((tp->t_state & TS_CONNECTED) == 0)
942 goto out; /* EOF */
943 if (flag & IO_NDELAY) {
944 error = EWOULDBLOCK;
945 goto out;
946 }
947 error = ttysleep(tp, TSA_PTC_READ(tp), TTIPRI | PCATCH, "ptmx_in", 0);
948 if (error)
949 goto out;
950 }
951 if (pti->pt_flags & (PF_PKT|PF_UCNTL))
952 error = ureadc(0, uio);
953 while (uio_resid(uio) > 0 && error == 0) {
954 cc = q_to_b(&tp->t_outq, (u_char *)buf, MIN(uio_resid(uio), BUFSIZ));
955 if (cc <= 0)
956 break;
957 error = uiomove(buf, cc, uio);
958 }
959 (*linesw[tp->t_line].l_start)(tp);
960
961 out:
962 tty_unlock(tp);
963 return (error);
964 }
965
966 /*
967 * Line discipline callback
968 *
969 * Locks: tty_lock() is assumed held on entry and exit.
970 */
971 FREE_BSDSTATIC int
972 ptsd_stop(struct tty *tp, int flush)
973 {
974 struct ptmx_ioctl *pti;
975 int flag;
976
977 pti = ptmx_get_ioctl(minor(tp->t_dev), 0);
978
979 /* note: FLUSHREAD and FLUSHWRITE already ok */
980 if (flush == 0) {
981 flush = TIOCPKT_STOP;
982 pti->pt_flags |= PF_STOPPED;
983 } else
984 pti->pt_flags &= ~PF_STOPPED;
985 pti->pt_send |= flush;
986 /* change of perspective */
987 flag = 0;
988 if (flush & FREAD)
989 flag |= FWRITE;
990 if (flush & FWRITE)
991 flag |= FREAD;
992 ptmx_wakeup(tp, flag);
993
994 return (0);
995 }
996
997 FREE_BSDSTATIC int
998 ptsd_reset(__unused int uban)
999 {
1000 return (0);
1001 }
1002
1003 /*
1004 * Reinput pending characters after state switch
1005 * call at spltty().
1006 *
1007 * XXX Code duplication: static function, should be inlined
1008 */
1009 static void
1010 ttypend(struct tty *tp)
1011 {
1012 struct clist tq;
1013 int c;
1014
1015 CLR(tp->t_lflag, PENDIN);
1016 SET(tp->t_state, TS_TYPEN);
1017 tq = tp->t_rawq;
1018 tp->t_rawq.c_cc = 0;
1019 tp->t_rawq.c_cf = tp->t_rawq.c_cl = 0;
1020 while ((c = getc(&tq)) >= 0)
1021 ttyinput(c, tp);
1022 CLR(tp->t_state, TS_TYPEN);
1023 }
1024
1025 /*
1026 * Must be called at spltty().
1027 *
1028 * XXX Code duplication: static function, should be inlined
1029 */
1030 static int
1031 ttnread(struct tty *tp)
1032 {
1033 int nread;
1034
1035 if (ISSET(tp->t_lflag, PENDIN))
1036 ttypend(tp);
1037 nread = tp->t_canq.c_cc;
1038 if (!ISSET(tp->t_lflag, ICANON)) {
1039 nread += tp->t_rawq.c_cc;
1040 if (nread < tp->t_cc[VMIN] && tp->t_cc[VTIME] == 0)
1041 nread = 0;
1042 }
1043 return (nread);
1044 }
1045
1046 int
1047 ptsd_select(dev_t dev, int rw, void *wql, proc_t p)
1048 {
1049 struct ptmx_ioctl *pti;
1050 struct tty *tp;
1051 int retval = 0;
1052
1053 pti = ptmx_get_ioctl(minor(dev), 0);
1054
1055 tp = pti->pt_tty;
1056
1057 if (tp == NULL)
1058 return (ENXIO);
1059
1060 tty_lock(tp);
1061
1062 switch (rw) {
1063 case FREAD:
1064 if (ISSET(tp->t_state, TS_ZOMBIE)) {
1065 retval = 1;
1066 break;
1067 }
1068
1069 retval = ttnread(tp);
1070 if (retval > 0) {
1071 break;
1072 }
1073
1074 selrecord(p, &tp->t_rsel, wql);
1075 break;
1076 case FWRITE:
1077 if (ISSET(tp->t_state, TS_ZOMBIE)) {
1078 retval = 1;
1079 break;
1080 }
1081
1082 if ((tp->t_outq.c_cc <= tp->t_lowat) &&
1083 ISSET(tp->t_state, TS_CONNECTED)) {
1084 retval = tp->t_hiwat - tp->t_outq.c_cc;
1085 break;
1086 }
1087
1088 selrecord(p, &tp->t_wsel, wql);
1089 break;
1090 }
1091
1092 tty_unlock(tp);
1093 return (retval);
1094 }
1095
1096 FREE_BSDSTATIC int
1097 ptmx_select(dev_t dev, int rw, void *wql, proc_t p)
1098 {
1099 struct tty *tp;
1100 struct ptmx_ioctl *pti;
1101 int retval = 0;
1102
1103 pti = ptmx_get_ioctl(minor(dev), 0);
1104
1105 tp = pti->pt_tty;
1106 tty_lock(tp);
1107
1108 if ((tp->t_state & TS_CONNECTED) == 0) {
1109 retval = 1;
1110 goto out;
1111 }
1112 switch (rw) {
1113 case FREAD:
1114 /*
1115 * Need to block timeouts (ttrstart).
1116 */
1117 if ((tp->t_state&TS_ISOPEN) &&
1118 tp->t_outq.c_cc && (tp->t_state&TS_TTSTOP) == 0) {
1119 retval = tp->t_outq.c_cc;
1120 break;
1121 }
1122 /* FALLTHROUGH */
1123
1124 case 0: /* exceptional */
1125 if ((tp->t_state&TS_ISOPEN) &&
1126 ((pti->pt_flags & PF_PKT && pti->pt_send) ||
1127 (pti->pt_flags & PF_UCNTL && pti->pt_ucntl))) {
1128 retval = 1;
1129 break;
1130 }
1131 selrecord(p, &pti->pt_selr, wql);
1132 break;
1133
1134 case FWRITE:
1135 if (tp->t_state&TS_ISOPEN) {
1136 if (pti->pt_flags & PF_REMOTE) {
1137 if (tp->t_canq.c_cc == 0) {
1138 retval = (TTYHOG -1) ;
1139 break;
1140 }
1141 } else {
1142 retval = (TTYHOG - 2) - (tp->t_rawq.c_cc + tp->t_canq.c_cc);
1143 if (retval > 0) {
1144 break;
1145 }
1146 if (tp->t_canq.c_cc == 0 && (tp->t_lflag&ICANON)) {
1147 retval = 1;
1148 break;
1149 }
1150 retval = 0;
1151 }
1152 }
1153 selrecord(p, &pti->pt_selw, wql);
1154 break;
1155
1156 }
1157 out:
1158 tty_unlock(tp);
1159 return (retval);
1160 }
1161
1162 FREE_BSDSTATIC int
1163 ptmx_stop(__unused struct tty *tp, __unused int flush)
1164 {
1165 return (0);
1166 }
1167
1168 FREE_BSDSTATIC int
1169 ptmx_reset(__unused int uban)
1170 {
1171 return (0);
1172 }
1173
1174 FREE_BSDSTATIC int
1175 ptmx_write(dev_t dev, struct uio *uio, int flag)
1176 {
1177 struct tty *tp;
1178 struct ptmx_ioctl *pti;
1179 u_char *cp = NULL;
1180 int cc = 0;
1181 u_char locbuf[BUFSIZ];
1182 int wcnt = 0;
1183 int error = 0;
1184
1185 pti = ptmx_get_ioctl(minor(dev), 0);
1186
1187 tp = pti->pt_tty;
1188 tty_lock(tp);
1189
1190 again:
1191 if ((tp->t_state&TS_ISOPEN) == 0)
1192 goto block;
1193 if (pti->pt_flags & PF_REMOTE) {
1194 if (tp->t_canq.c_cc)
1195 goto block;
1196 while ((uio_resid(uio) > 0 || cc > 0) &&
1197 tp->t_canq.c_cc < TTYHOG - 1) {
1198 if (cc == 0) {
1199 cc = MIN(uio_resid(uio), BUFSIZ);
1200 cc = MIN(cc, TTYHOG - 1 - tp->t_canq.c_cc);
1201 cp = locbuf;
1202 error = uiomove((caddr_t)cp, cc, uio);
1203 if (error)
1204 goto out;
1205 /* check again for safety */
1206 if ((tp->t_state & TS_ISOPEN) == 0) {
1207 /* adjust as usual */
1208 uio_setresid(uio, (uio_resid(uio) + cc));
1209 error = EIO;
1210 goto out;
1211 }
1212 }
1213 if (cc > 0) {
1214 cc = b_to_q((u_char *)cp, cc, &tp->t_canq);
1215 /*
1216 * XXX we don't guarantee that the canq size
1217 * is >= TTYHOG, so the above b_to_q() may
1218 * leave some bytes uncopied. However, space
1219 * is guaranteed for the null terminator if
1220 * we don't fail here since (TTYHOG - 1) is
1221 * not a multiple of CBSIZE.
1222 */
1223 if (cc > 0)
1224 break;
1225 }
1226 }
1227 /* adjust for data copied in but not written */
1228 uio_setresid(uio, (uio_resid(uio) + cc));
1229 (void) putc(0, &tp->t_canq);
1230 ttwakeup(tp);
1231 wakeup(TSA_PTS_READ(tp));
1232 goto out;
1233 }
1234 while (uio_resid(uio) > 0 || cc > 0) {
1235 if (cc == 0) {
1236 cc = MIN(uio_resid(uio), BUFSIZ);
1237 cp = locbuf;
1238 error = uiomove((caddr_t)cp, cc, uio);
1239 if (error)
1240 goto out;
1241 /* check again for safety */
1242 if ((tp->t_state & TS_ISOPEN) == 0) {
1243 /* adjust for data copied in but not written */
1244 uio_setresid(uio, (uio_resid(uio) + cc));
1245 error = EIO;
1246 goto out;
1247 }
1248 }
1249 while (cc > 0) {
1250 if ((tp->t_rawq.c_cc + tp->t_canq.c_cc) >= TTYHOG - 2 &&
1251 (tp->t_canq.c_cc > 0 || !(tp->t_lflag&ICANON))) {
1252 wakeup(TSA_HUP_OR_INPUT(tp));
1253 goto block;
1254 }
1255 (*linesw[tp->t_line].l_rint)(*cp++, tp);
1256 wcnt++;
1257 cc--;
1258 }
1259 cc = 0;
1260 }
1261
1262 out:
1263 tty_unlock(tp);
1264 return (error);
1265
1266 block:
1267 /*
1268 * Come here to wait for slave to open, for space
1269 * in outq, or space in rawq, or an empty canq.
1270 */
1271 if ((tp->t_state & TS_CONNECTED) == 0) {
1272 /* adjust for data copied in but not written */
1273 uio_setresid(uio, (uio_resid(uio) + cc));
1274 error = EIO;
1275 goto out;
1276 }
1277 if (flag & IO_NDELAY) {
1278 /* adjust for data copied in but not written */
1279 uio_setresid(uio, (uio_resid(uio) + cc));
1280 if (wcnt == 0)
1281 error = EWOULDBLOCK;
1282 goto out;
1283 }
1284 error = ttysleep(tp, TSA_PTC_WRITE(tp), TTOPRI | PCATCH, "ptmx_out", 0);
1285 if (error) {
1286 /* adjust for data copied in but not written */
1287 uio_setresid(uio, (uio_resid(uio) + cc));
1288 goto out;
1289 }
1290 goto again;
1291 }
1292
1293
1294 FREE_BSDSTATIC int
1295 cptyioctl(dev_t dev, u_long cmd, caddr_t data, int flag, proc_t p)
1296 {
1297 struct tty *tp;
1298 struct ptmx_ioctl *pti;
1299 u_char *cc;
1300 int stop, error = 0;
1301 int allow_ext_ioctl = 1;
1302
1303 pti = ptmx_get_ioctl(minor(dev), 0);
1304
1305 tp = pti->pt_tty;
1306 tty_lock(tp);
1307
1308 cc = tp->t_cc;
1309
1310 /*
1311 * Do not permit extended ioctls on the master side of the pty unless
1312 * the slave side has been successfully opened and initialized.
1313 */
1314 if (cdevsw[major(dev)].d_open == ptmx_open && ISSET(tp->t_state, TS_IOCTL_NOT_OK))
1315 allow_ext_ioctl = 0;
1316
1317 /*
1318 * IF CONTROLLER STTY THEN MUST FLUSH TO PREVENT A HANG.
1319 * ttywflush(tp) will hang if there are characters in the outq.
1320 */
1321 if (cmd == TIOCEXT && allow_ext_ioctl) {
1322 /*
1323 * When the EXTPROC bit is being toggled, we need
1324 * to send an TIOCPKT_IOCTL if the packet driver
1325 * is turned on.
1326 */
1327 if (*(int *)data) {
1328 if (pti->pt_flags & PF_PKT) {
1329 pti->pt_send |= TIOCPKT_IOCTL;
1330 ptmx_wakeup(tp, FREAD);
1331 }
1332 tp->t_lflag |= EXTPROC;
1333 } else {
1334 if ((tp->t_lflag & EXTPROC) &&
1335 (pti->pt_flags & PF_PKT)) {
1336 pti->pt_send |= TIOCPKT_IOCTL;
1337 ptmx_wakeup(tp, FREAD);
1338 }
1339 tp->t_lflag &= ~EXTPROC;
1340 }
1341 goto out;
1342 } else
1343 if (cdevsw[major(dev)].d_open == ptmx_open) {
1344 switch (cmd) {
1345
1346 case TIOCGPGRP:
1347 /*
1348 * We aviod calling ttioctl on the controller since,
1349 * in that case, tp must be the controlling terminal.
1350 */
1351 *(int *)data = tp->t_pgrp ? tp->t_pgrp->pg_id : 0;
1352 goto out;
1353
1354 case TIOCPKT:
1355 if (*(int *)data) {
1356 if (pti->pt_flags & PF_UCNTL) {
1357 error = EINVAL;
1358 goto out;
1359 }
1360 pti->pt_flags |= PF_PKT;
1361 } else
1362 pti->pt_flags &= ~PF_PKT;
1363 goto out;
1364
1365 case TIOCUCNTL:
1366 if (*(int *)data) {
1367 if (pti->pt_flags & PF_PKT) {
1368 error = EINVAL;
1369 goto out;
1370 }
1371 pti->pt_flags |= PF_UCNTL;
1372 } else
1373 pti->pt_flags &= ~PF_UCNTL;
1374 goto out;
1375
1376 case TIOCREMOTE:
1377 if (*(int *)data)
1378 pti->pt_flags |= PF_REMOTE;
1379 else
1380 pti->pt_flags &= ~PF_REMOTE;
1381 ttyflush(tp, FREAD|FWRITE);
1382 goto out;
1383
1384 case TIOCSETP:
1385 case TIOCSETN:
1386 case TIOCSETD:
1387 case TIOCSETA_32:
1388 case TIOCSETAW_32:
1389 case TIOCSETAF_32:
1390 case TIOCSETA_64:
1391 case TIOCSETAW_64:
1392 case TIOCSETAF_64:
1393 ndflush(&tp->t_outq, tp->t_outq.c_cc);
1394 break;
1395
1396 case TIOCSIG:
1397 if (*(unsigned int *)data >= NSIG ||
1398 *(unsigned int *)data == 0) {
1399 error = EINVAL;
1400 goto out;
1401 }
1402 if ((tp->t_lflag&NOFLSH) == 0)
1403 ttyflush(tp, FREAD|FWRITE);
1404 if ((*(unsigned int *)data == SIGINFO) &&
1405 ((tp->t_lflag&NOKERNINFO) == 0))
1406 ttyinfo_locked(tp);
1407 /*
1408 * SAFE: All callers drop the lock on return and
1409 * SAFE: the linesw[] will short circut this call
1410 * SAFE: if the ioctl() is eaten before the lower
1411 * SAFE: level code gets to see it.
1412 */
1413 tty_unlock(tp);
1414 tty_pgsignal(tp, *(unsigned int *)data, 1);
1415 tty_lock(tp);
1416 goto out;
1417
1418 case TIOCPTYGRANT: /* grantpt(3) */
1419 /*
1420 * Change the uid of the slave to that of the calling
1421 * thread, change the gid of the slave to GID_TTY,
1422 * change the mode to 0620 (rw--w----).
1423 */
1424 {
1425 error = _devfs_setattr(pti->pt_devhandle, 0620, kauth_getuid(), GID_TTY);
1426 #if CONFIG_MACF
1427 if (!error) {
1428 tty_unlock(tp);
1429 mac_pty_notify_grant(p, tp, dev, NULL);
1430 tty_lock(tp);
1431 }
1432 #endif
1433 goto out;
1434 }
1435
1436 case TIOCPTYGNAME: /* ptsname(3) */
1437 /*
1438 * Report the name of the slave device in *data
1439 * (128 bytes max.). Use the same template string
1440 * used for calling devfs_make_node() to create it.
1441 */
1442 snprintf(data, 128, "/dev/" PTSD_TEMPLATE, minor(dev));
1443 error = 0;
1444 goto out;
1445
1446 case TIOCPTYUNLK: /* unlockpt(3) */
1447 /*
1448 * Unlock the slave device so that it can be opened.
1449 */
1450 pti->pt_flags |= PF_UNLOCKED;
1451 error = 0;
1452 goto out;
1453 }
1454
1455 /*
1456 * Fail all other calls; pty masters are not serial devices;
1457 * we only pretend they are when the slave side of the pty is
1458 * already open.
1459 */
1460 if (!allow_ext_ioctl) {
1461 error = ENOTTY;
1462 goto out;
1463 }
1464 }
1465 error = (*linesw[tp->t_line].l_ioctl)(tp, cmd, data, flag, p);
1466 if (error == ENOTTY) {
1467 error = ttioctl_locked(tp, cmd, data, flag, p);
1468 if (error == ENOTTY) {
1469 if (pti->pt_flags & PF_UCNTL && (cmd & ~0xff) == UIOCCMD(0)) {
1470 /* Process the UIOCMD ioctl group */
1471 if (cmd & 0xff) {
1472 pti->pt_ucntl = (u_char)cmd;
1473 ptmx_wakeup(tp, FREAD);
1474 }
1475 error = 0;
1476 goto out;
1477 } else if (cmd == TIOCSBRK || cmd == TIOCCBRK) {
1478 /*
1479 * POSIX conformance; rdar://3936338
1480 *
1481 * Clear ENOTTY in the case of setting or
1482 * clearing a break failing because pty's
1483 * don't support break like real serial
1484 * ports.
1485 */
1486 error = 0;
1487 goto out;
1488 }
1489 }
1490 }
1491
1492 /*
1493 * If external processing and packet mode send ioctl packet.
1494 */
1495 if ((tp->t_lflag&EXTPROC) && (pti->pt_flags & PF_PKT)) {
1496 switch(cmd) {
1497 case TIOCSETA_32:
1498 case TIOCSETAW_32:
1499 case TIOCSETAF_32:
1500 case TIOCSETA_64:
1501 case TIOCSETAW_64:
1502 case TIOCSETAF_64:
1503 case TIOCSETP:
1504 case TIOCSETN:
1505 case TIOCSETC:
1506 case TIOCSLTC:
1507 case TIOCLBIS:
1508 case TIOCLBIC:
1509 case TIOCLSET:
1510 pti->pt_send |= TIOCPKT_IOCTL;
1511 ptmx_wakeup(tp, FREAD);
1512 default:
1513 break;
1514 }
1515 }
1516 stop = (tp->t_iflag & IXON) && CCEQ(cc[VSTOP], CTRL('s'))
1517 && CCEQ(cc[VSTART], CTRL('q'));
1518 if (pti->pt_flags & PF_NOSTOP) {
1519 if (stop) {
1520 pti->pt_send &= ~TIOCPKT_NOSTOP;
1521 pti->pt_send |= TIOCPKT_DOSTOP;
1522 pti->pt_flags &= ~PF_NOSTOP;
1523 ptmx_wakeup(tp, FREAD);
1524 }
1525 } else {
1526 if (!stop) {
1527 pti->pt_send &= ~TIOCPKT_DOSTOP;
1528 pti->pt_send |= TIOCPKT_NOSTOP;
1529 pti->pt_flags |= PF_NOSTOP;
1530 ptmx_wakeup(tp, FREAD);
1531 }
1532 }
1533 out:
1534 tty_unlock(tp);
1535 return (error);
1536 }
1537
1538 /*
1539 * kqueue support.
1540 */
1541 int ptsd_kqfilter(dev_t, struct knote *);
1542 static void ptsd_kqops_detach(struct knote *);
1543 static int ptsd_kqops_event(struct knote *, long);
1544
1545 static struct filterops ptsd_kqops = {
1546 .f_isfd = 1,
1547 .f_detach = ptsd_kqops_detach,
1548 .f_event = ptsd_kqops_event,
1549 };
1550
1551 #define PTSD_KNOTE_VALID NULL
1552 #define PTSD_KNOTE_REVOKED ((void *)-911l)
1553
1554 /*
1555 * In the normal case, by the time the driver_close() routine is called
1556 * on the slave, all knotes have been detached. However in the revoke(2)
1557 * case, the driver's close routine is called while there are knotes active
1558 * that reference the handlers below. And we have no obvious means to
1559 * reach from the driver out to the kqueue's that reference them to get
1560 * them to stop.
1561 */
1562
1563 static void
1564 ptsd_kqops_detach(struct knote *kn)
1565 {
1566 struct ptmx_ioctl *pti;
1567 struct tty *tp;
1568 dev_t dev, lockdev = (dev_t)kn->kn_hookid;
1569
1570 ptsd_kevent_mtx_lock(minor(lockdev));
1571
1572 if ((dev = (dev_t)kn->kn_hookid) != 0) {
1573 pti = ptmx_get_ioctl(minor(dev), 0);
1574 if (pti != NULL && (tp = pti->pt_tty) != NULL) {
1575 tty_lock(tp);
1576 if (kn->kn_filter == EVFILT_READ)
1577 KNOTE_DETACH(&tp->t_rsel.si_note, kn);
1578 else
1579 KNOTE_DETACH(&tp->t_wsel.si_note, kn);
1580 tty_unlock(tp);
1581 kn->kn_hookid = 0;
1582 }
1583 }
1584
1585 ptsd_kevent_mtx_unlock(minor(lockdev));
1586 }
1587
1588 static int
1589 ptsd_kqops_event(struct knote *kn, long hint)
1590 {
1591 struct ptmx_ioctl *pti;
1592 struct tty *tp;
1593 dev_t dev = (dev_t)kn->kn_hookid;
1594 int retval = 0;
1595
1596 ptsd_kevent_mtx_lock(minor(dev));
1597
1598 do {
1599 if (kn->kn_hook != PTSD_KNOTE_VALID ) {
1600 /* We were revoked */
1601 kn->kn_data = 0;
1602 kn->kn_flags |= EV_EOF;
1603 retval = 1;
1604 break;
1605 }
1606
1607 pti = ptmx_get_ioctl(minor(dev), 0);
1608 if (pti == NULL || (tp = pti->pt_tty) == NULL) {
1609 kn->kn_data = ENXIO;
1610 kn->kn_flags |= EV_ERROR;
1611 retval = 1;
1612 break;
1613 }
1614
1615 if (hint == 0)
1616 tty_lock(tp);
1617
1618 if (kn->kn_filter == EVFILT_READ) {
1619 kn->kn_data = ttnread(tp);
1620 if (kn->kn_data > 0)
1621 retval = 1;
1622 if (ISSET(tp->t_state, TS_ZOMBIE)) {
1623 kn->kn_flags |= EV_EOF;
1624 retval = 1;
1625 }
1626 } else { /* EVFILT_WRITE */
1627 if ((tp->t_outq.c_cc <= tp->t_lowat) &&
1628 ISSET(tp->t_state, TS_CONNECTED)) {
1629 kn->kn_data = tp->t_outq.c_cn - tp->t_outq.c_cc;
1630 retval = 1;
1631 }
1632 if (ISSET(tp->t_state, TS_ZOMBIE)) {
1633 kn->kn_flags |= EV_EOF;
1634 retval = 1;
1635 }
1636 }
1637
1638 if (hint == 0)
1639 tty_unlock(tp);
1640 } while (0);
1641
1642 ptsd_kevent_mtx_unlock(minor(dev));
1643
1644 return (retval);
1645 }
1646 int
1647 ptsd_kqfilter(dev_t dev, struct knote *kn)
1648 {
1649 struct tty *tp = NULL;
1650 struct ptmx_ioctl *pti = NULL;
1651 int retval = 0;
1652
1653 /* make sure we're talking about the right device type */
1654 if (cdevsw[major(dev)].d_open != ptsd_open) {
1655 return (EINVAL);
1656 }
1657
1658 if ((pti = ptmx_get_ioctl(minor(dev), 0)) == NULL) {
1659 return (ENXIO);
1660 }
1661
1662 tp = pti->pt_tty;
1663 tty_lock(tp);
1664
1665 kn->kn_hookid = dev;
1666 kn->kn_hook = PTSD_KNOTE_VALID;
1667 kn->kn_fop = &ptsd_kqops;
1668
1669 switch (kn->kn_filter) {
1670 case EVFILT_READ:
1671 KNOTE_ATTACH(&tp->t_rsel.si_note, kn);
1672 break;
1673 case EVFILT_WRITE:
1674 KNOTE_ATTACH(&tp->t_wsel.si_note, kn);
1675 break;
1676 default:
1677 retval = EINVAL;
1678 break;
1679 }
1680
1681 tty_unlock(tp);
1682 return (retval);
1683 }
1684
1685 /*
1686 * Support for revoke(2).
1687 *
1688 * Mark all the kn_hook fields so that future invocations of the
1689 * f_event op will just say "EOF" *without* looking at the
1690 * ptmx_ioctl structure (which may disappear or be recycled at
1691 * the end of ptsd_close). Issue wakeups to post that EOF to
1692 * anyone listening. And finally remove the knotes from the
1693 * tty's klists to keep ttyclose() happy, and set the hookid to
1694 * zero to make the final detach passively successful.
1695 */
1696 static void
1697 ptsd_revoke_knotes(dev_t dev, struct tty *tp)
1698 {
1699 struct klist *list;
1700 struct knote *kn, *tkn;
1701
1702 /* (Hold and drop the right locks in the right order.) */
1703
1704 ptsd_kevent_mtx_lock(minor(dev));
1705 tty_lock(tp);
1706
1707 list = &tp->t_rsel.si_note;
1708 SLIST_FOREACH(kn, list, kn_selnext)
1709 kn->kn_hook = PTSD_KNOTE_REVOKED;
1710
1711 list = &tp->t_wsel.si_note;
1712 SLIST_FOREACH(kn, list, kn_selnext)
1713 kn->kn_hook = PTSD_KNOTE_REVOKED;
1714
1715 tty_unlock(tp);
1716 ptsd_kevent_mtx_unlock(minor(dev));
1717
1718 tty_lock(tp);
1719 ttwakeup(tp);
1720 ttwwakeup(tp);
1721 tty_unlock(tp);
1722
1723 ptsd_kevent_mtx_lock(minor(dev));
1724 tty_lock(tp);
1725
1726 list = &tp->t_rsel.si_note;
1727 SLIST_FOREACH_SAFE(kn, list, kn_selnext, tkn) {
1728 (void) KNOTE_DETACH(list, kn);
1729 kn->kn_hookid = 0;
1730 }
1731
1732 list = &tp->t_wsel.si_note;
1733 SLIST_FOREACH_SAFE(kn, list, kn_selnext, tkn) {
1734 (void) KNOTE_DETACH(list, kn);
1735 kn->kn_hookid = 0;
1736 }
1737
1738 tty_unlock(tp);
1739 ptsd_kevent_mtx_unlock(minor(dev));
1740 }
mirror of XNU