2 * Copyright (c) 1997-2013 Apple Inc. All rights reserved.
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
29 * Copyright (c) 1982, 1986, 1989, 1993
30 * The Regents of the University of California. All rights reserved.
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. All advertising materials mentioning features or use of this software
41 * must display the following acknowledgement:
42 * This product includes software developed by the University of
43 * California, Berkeley and its contributors.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 * @(#)tty_pty.c 8.4 (Berkeley) 2/20/95
64 * Pseudo-teletype Driver
65 * (Actually two drivers, requiring two entries in 'cdevsw')
67 #include "pty.h" /* XXX */
69 #include <sys/param.h>
70 #include <sys/systm.h>
71 #include <sys/ioctl.h>
72 #include <sys/proc_internal.h>
73 #include <sys/kauth.h>
76 #include <sys/file_internal.h>
77 #include <sys/uio_internal.h>
78 #include <sys/kernel.h>
79 #include <sys/vnode.h>
81 #include <sys/signalvar.h>
82 #include <sys/sysctl.h>
83 #include <miscfs/devfs/devfs.h>
84 #include <miscfs/devfs/devfsdefs.h> /* DEVFS_LOCK()/DEVFS_UNLOCK() */
87 #include <security/mac_framework.h>
93 * Forward declarations
95 int ptmx_init(int n_ptys
);
96 static struct ptmx_ioctl
*ptmx_get_ioctl(int minor
, int open_flag
);
97 static int ptmx_free_ioctl(int minor
, int open_flag
);
98 static int ptmx_get_name(int minor
, char *buffer
, size_t size
);
99 static void ptsd_revoke_knotes(int minor
, struct tty
*tp
);
101 extern d_open_t ptsopen
;
102 extern d_close_t ptsclose
;
103 extern d_read_t ptsread
;
104 extern d_write_t ptswrite
;
105 extern d_ioctl_t ptyioctl
;
106 extern d_stop_t ptsstop
;
107 extern d_reset_t ptsreset
;
108 extern d_select_t ptsselect
;
110 extern d_open_t ptcopen
;
111 extern d_close_t ptcclose
;
112 extern d_read_t ptcread
;
113 extern d_write_t ptcwrite
;
114 extern d_stop_t ptcstop
;
115 extern d_reset_t ptcreset
;
116 extern d_select_t ptcselect
;
118 static int ptmx_major
; /* dynamically assigned major number */
119 static struct cdevsw ptmx_cdev
= {
120 ptcopen
, ptcclose
, ptcread
, ptcwrite
,
121 ptyioctl
, ptcstop
, ptcreset
, 0,
122 ptcselect
, eno_mmap
, eno_strat
, eno_getc
,
126 static int ptsd_major
; /* dynamically assigned major number */
127 static struct cdevsw ptsd_cdev
= {
128 ptsopen
, ptsclose
, ptsread
, ptswrite
,
129 ptyioctl
, ptsstop
, ptsreset
, 0,
130 ptsselect
, eno_mmap
, eno_strat
, eno_getc
,
136 * ptsd == /dev/pts[0123456789]{3}
138 #define PTMX_TEMPLATE "ptmx"
139 #define PTSD_TEMPLATE "ttys%03d"
142 * System-wide limit on the max number of cloned ptys
144 #define PTMX_MAX_DEFAULT 127 /* 128 entries */
145 #define PTMX_MAX_HARD 999 /* 1000 entries, due to PTSD_TEMPLATE */
147 static int ptmx_max
= PTMX_MAX_DEFAULT
; /* default # of clones we allow */
149 /* Range enforcement for the sysctl */
151 sysctl_ptmx_max(__unused
struct sysctl_oid
*oidp
, __unused
void *arg1
,
152 __unused
int arg2
, struct sysctl_req
*req
)
154 int new_value
, changed
;
155 int error
= sysctl_io_number(req
, ptmx_max
, sizeof(int), &new_value
, &changed
);
157 if (new_value
> 0 && new_value
<= PTMX_MAX_HARD
)
158 ptmx_max
= new_value
;
165 SYSCTL_NODE(_kern
, KERN_TTY
, tty
, CTLFLAG_RW
|CTLFLAG_LOCKED
, 0, "TTY");
166 SYSCTL_PROC(_kern_tty
, OID_AUTO
, ptmx_max
,
167 CTLTYPE_INT
| CTLFLAG_RW
| CTLFLAG_LOCKED
,
168 &ptmx_max
, 0, &sysctl_ptmx_max
, "I", "ptmx_max");
170 static int ptmx_clone(dev_t dev
, int minor
);
173 * Set of locks to keep the interaction between kevents and revoke
174 * from causing havoc.
177 #define LOG2_PTSD_KE_NLCK 2
178 #define PTSD_KE_NLCK (1l << LOG2_PTSD_KE_NLCK)
179 #define PTSD_KE_LOCK_INDEX(x) ((x) & (PTSD_KE_NLCK - 1))
181 static lck_mtx_t ptsd_kevent_lock
[PTSD_KE_NLCK
];
184 ptsd_kevent_lock_init(void)
187 lck_grp_t
*lgrp
= lck_grp_alloc_init("ptsd kevent", LCK_GRP_ATTR_NULL
);
189 for (i
= 0; i
< PTSD_KE_NLCK
; i
++)
190 lck_mtx_init(&ptsd_kevent_lock
[i
], lgrp
, LCK_ATTR_NULL
);
194 ptsd_kevent_mtx_lock(int minor
)
196 lck_mtx_lock(&ptsd_kevent_lock
[PTSD_KE_LOCK_INDEX(minor
)]);
200 ptsd_kevent_mtx_unlock(int minor
)
202 lck_mtx_unlock(&ptsd_kevent_lock
[PTSD_KE_LOCK_INDEX(minor
)]);
205 static struct tty_dev_t _ptmx_driver
;
208 ptmx_init( __unused
int config_count
)
211 * We start looking at slot 10, since there are inits that will
212 * stomp explicit slots (e.g. vndevice stomps 1) below that.
215 /* Get a major number for /dev/ptmx */
216 if((ptmx_major
= cdevsw_add(-15, &ptmx_cdev
)) == -1) {
217 printf("ptmx_init: failed to obtain /dev/ptmx major number\n");
221 if (cdevsw_setkqueueok(ptmx_major
, &ptmx_cdev
, 0) == -1) {
222 panic("Failed to set flags on ptmx cdevsw entry.");
225 /* Get a major number for /dev/pts/nnn */
226 if ((ptsd_major
= cdevsw_add(-15, &ptsd_cdev
)) == -1) {
227 (void)cdevsw_remove(ptmx_major
, &ptmx_cdev
);
228 printf("ptmx_init: failed to obtain /dev/ptmx major number\n");
232 if (cdevsw_setkqueueok(ptsd_major
, &ptsd_cdev
, 0) == -1) {
233 panic("Failed to set flags on ptmx cdevsw entry.");
237 * Locks to guard against races between revoke and kevents
239 ptsd_kevent_lock_init();
241 /* Create the /dev/ptmx device {<major>,0} */
242 (void)devfs_make_node_clone(makedev(ptmx_major
, 0),
243 DEVFS_CHAR
, UID_ROOT
, GID_TTY
, 0666,
244 ptmx_clone
, PTMX_TEMPLATE
);
246 _ptmx_driver
.master
= ptmx_major
;
247 _ptmx_driver
.slave
= ptsd_major
;
248 _ptmx_driver
.fix_7828447
= 1;
249 _ptmx_driver
.fix_7070978
= 1;
251 _ptmx_driver
.mac_notify
= 1;
253 _ptmx_driver
.open
= &ptmx_get_ioctl
;
254 _ptmx_driver
.free
= &ptmx_free_ioctl
;
255 _ptmx_driver
.name
= &ptmx_get_name
;
256 _ptmx_driver
.revoke
= &ptsd_revoke_knotes
;
257 tty_dev_register(&_ptmx_driver
);
263 static struct _ptmx_ioctl_state
{
264 struct ptmx_ioctl
**pis_ioctl_list
; /* pointer vector */
265 int pis_total
; /* total slots */
266 int pis_free
; /* free slots */
268 #define PTMX_GROW_VECTOR 16 /* Grow by this many slots at a time */
271 * Given a minor number, return the corresponding structure for that minor
272 * number. If there isn't one, and the create flag is specified, we create
275 * Parameters: minor Minor number of ptmx device
276 * open_flag PF_OPEN_M First open of master
277 * PF_OPEN_S First open of slave
278 * 0 Just want ioctl struct
280 * Returns: NULL Did not exist/could not create
281 * !NULL structure corresponding minor number
283 * Locks: tty_lock() on ptmx_ioctl->pt_tty NOT held on entry or exit.
285 static struct ptmx_ioctl
*
286 ptmx_get_ioctl(int minor
, int open_flag
)
288 struct ptmx_ioctl
*new_ptmx_ioctl
;
290 if (open_flag
& PF_OPEN_M
) {
293 * If we are about to allocate more memory, but we have
294 * already hit the administrative limit, then fail the
297 * Note: Subtract free from total when making this
298 * check to allow unit increments, rather than
299 * snapping to the nearest PTMX_GROW_VECTOR...
301 if ((_state
.pis_total
- _state
.pis_free
) >= ptmx_max
) {
305 MALLOC(new_ptmx_ioctl
, struct ptmx_ioctl
*, sizeof(struct ptmx_ioctl
), M_TTYS
, M_WAITOK
|M_ZERO
);
306 if (new_ptmx_ioctl
== NULL
) {
310 if ((new_ptmx_ioctl
->pt_tty
= ttymalloc()) == NULL
) {
311 FREE(new_ptmx_ioctl
, M_TTYS
);
316 * Hold the DEVFS_LOCK() over this whole operation; devfs
317 * itself does this over malloc/free as well, so this should
318 * be safe to do. We hold it longer than we want to, but
319 * doing so avoids a reallocation race on the minor number.
322 /* Need to allocate a larger vector? */
323 if (_state
.pis_free
== 0) {
324 struct ptmx_ioctl
**new_pis_ioctl_list
;
325 struct ptmx_ioctl
**old_pis_ioctl_list
= NULL
;
328 MALLOC(new_pis_ioctl_list
, struct ptmx_ioctl
**, sizeof(struct ptmx_ioctl
*) * (_state
.pis_total
+ PTMX_GROW_VECTOR
), M_TTYS
, M_WAITOK
|M_ZERO
);
329 if (new_pis_ioctl_list
== NULL
) {
330 ttyfree(new_ptmx_ioctl
->pt_tty
);
332 FREE(new_ptmx_ioctl
, M_TTYS
);
336 /* If this is not the first time, copy the old over */
337 bcopy(_state
.pis_ioctl_list
, new_pis_ioctl_list
, sizeof(struct ptmx_ioctl
*) * _state
.pis_total
);
338 old_pis_ioctl_list
= _state
.pis_ioctl_list
;
339 _state
.pis_ioctl_list
= new_pis_ioctl_list
;
340 _state
.pis_free
+= PTMX_GROW_VECTOR
;
341 _state
.pis_total
+= PTMX_GROW_VECTOR
;
342 if (old_pis_ioctl_list
)
343 FREE(old_pis_ioctl_list
, M_TTYS
);
346 /* is minor in range now? */
347 if (minor
< 0 || minor
>= _state
.pis_total
) {
348 ttyfree(new_ptmx_ioctl
->pt_tty
);
350 FREE(new_ptmx_ioctl
, M_TTYS
);
354 if (_state
.pis_ioctl_list
[minor
] != NULL
) {
355 ttyfree(new_ptmx_ioctl
->pt_tty
);
357 FREE(new_ptmx_ioctl
, M_TTYS
);
359 /* Special error value so we know to redrive the open, we've been raced */
360 return (struct ptmx_ioctl
*)-1;
364 /* Vector is large enough; grab a new ptmx_ioctl */
366 /* Now grab a free slot... */
367 _state
.pis_ioctl_list
[minor
] = new_ptmx_ioctl
;
369 /* reduce free count */
372 _state
.pis_ioctl_list
[minor
]->pt_flags
|= PF_OPEN_M
;
375 /* Create the /dev/ttysXXX device {<major>,XXX} */
376 _state
.pis_ioctl_list
[minor
]->pt_devhandle
= devfs_make_node(
377 makedev(ptsd_major
, minor
),
378 DEVFS_CHAR
, UID_ROOT
, GID_TTY
, 0620,
379 PTSD_TEMPLATE
, minor
);
380 if (_state
.pis_ioctl_list
[minor
]->pt_devhandle
== NULL
) {
381 printf("devfs_make_node() call failed for ptmx_get_ioctl()!!!!\n");
385 if (minor
< 0 || minor
>= _state
.pis_total
) {
389 return (_state
.pis_ioctl_list
[minor
]);
393 * Locks: tty_lock() of old_ptmx_ioctl->pt_tty NOT held for this call.
396 ptmx_free_ioctl(int minor
, int open_flag
)
398 struct ptmx_ioctl
*old_ptmx_ioctl
= NULL
;
402 if (minor
< 0 || minor
>= _state
.pis_total
) {
407 _state
.pis_ioctl_list
[minor
]->pt_flags
&= ~(open_flag
);
410 * Was this the last close? We will recognize it because we only get
411 * a notification on the last close of a device, and we will have
412 * cleared both the master and the slave open bits in the flags.
414 if (!(_state
.pis_ioctl_list
[minor
]->pt_flags
& (PF_OPEN_M
|PF_OPEN_S
))) {
415 /* Mark as free so it can be reallocated later */
416 old_ptmx_ioctl
= _state
.pis_ioctl_list
[ minor
];
420 /* Free old after dropping lock */
421 if (old_ptmx_ioctl
!= NULL
) {
423 * XXX See <rdar://5348651> and <rdar://4854638>
425 * XXX Conditional to be removed when/if tty/pty reference
426 * XXX counting and mutex implemented.
428 if (old_ptmx_ioctl
->pt_devhandle
!= NULL
)
429 devfs_remove(old_ptmx_ioctl
->pt_devhandle
);
430 ttyfree(old_ptmx_ioctl
->pt_tty
);
431 FREE(old_ptmx_ioctl
, M_TTYS
);
433 /* Don't remove the entry until the devfs slot is free */
435 _state
.pis_ioctl_list
[minor
] = NULL
;
440 return (0); /* Success */
444 ptmx_get_name(int minor
, char *buffer
, size_t size
)
446 return snprintf(buffer
, size
, "/dev/" PTSD_TEMPLATE
, minor
);
452 * Given the dev entry that's being opened, we clone the device. This driver
453 * doesn't actually use the dev entry, since we alreaqdy know who we are by
454 * being called from this code. This routine is a callback registered from
455 * devfs_make_node_clone() in ptmx_init(); it's purpose is to provide a new
456 * minor number, or to return -1, if one can't be provided.
458 * Parameters: dev The device we are cloning from
460 * Returns: >= 0 A new minor device number
461 * -1 Error: ENOMEM ("Can't alloc device")
463 * NOTE: Called with DEVFS_LOCK() held
466 ptmx_clone(__unused dev_t dev
, int action
)
470 if (action
== DEVFS_CLONE_ALLOC
) {
472 if (_state
.pis_total
== 0)
476 * Note: We can add hinting on free slots, if this linear search
477 * ends up being a performance bottleneck...
479 for(i
= 0; i
< _state
.pis_total
; i
++) {
480 if (_state
.pis_ioctl_list
[ i
] == NULL
)
485 * XXX We fall off the end here; if we did this twice at the
486 * XXX same time, we could return the same minor to two
487 * XXX callers; we should probably exand the pointer vector
488 * XXX here, but I need more information on the MALLOC/FREE
489 * XXX locking to ensure against a deadlock. Maybe we can
490 * XXX just high watermark it at 1/2 of PTMX_GROW_VECTOR?
491 * XXX That would require returning &minor as implict return
492 * XXX and an error code ("EAGAIN/ERESTART") or 0 as our
493 * XXX explicit return.
496 return (i
); /* empty slot or next slot */
505 int ptsd_kqfilter(dev_t
, struct knote
*);
506 static void ptsd_kqops_detach(struct knote
*);
507 static int ptsd_kqops_event(struct knote
*, long);
509 static struct filterops ptsd_kqops
= {
511 .f_detach
= ptsd_kqops_detach
,
512 .f_event
= ptsd_kqops_event
,
515 #define PTSD_KNOTE_VALID NULL
516 #define PTSD_KNOTE_REVOKED ((void *)-911l)
519 * In the normal case, by the time the driver_close() routine is called
520 * on the slave, all knotes have been detached. However in the revoke(2)
521 * case, the driver's close routine is called while there are knotes active
522 * that reference the handlers below. And we have no obvious means to
523 * reach from the driver out to the kqueue's that reference them to get
528 ptsd_kqops_detach(struct knote
*kn
)
530 struct ptmx_ioctl
*pti
;
532 dev_t dev
, lockdev
= (dev_t
)kn
->kn_hookid
;
534 ptsd_kevent_mtx_lock(minor(lockdev
));
536 if ((dev
= (dev_t
)kn
->kn_hookid
) != 0) {
537 pti
= ptmx_get_ioctl(minor(dev
), 0);
538 if (pti
!= NULL
&& (tp
= pti
->pt_tty
) != NULL
) {
540 if (kn
->kn_filter
== EVFILT_READ
)
541 KNOTE_DETACH(&tp
->t_rsel
.si_note
, kn
);
543 KNOTE_DETACH(&tp
->t_wsel
.si_note
, kn
);
549 ptsd_kevent_mtx_unlock(minor(lockdev
));
553 ptsd_kqops_event(struct knote
*kn
, long hint
)
555 struct ptmx_ioctl
*pti
;
557 dev_t dev
= (dev_t
)kn
->kn_hookid
;
560 ptsd_kevent_mtx_lock(minor(dev
));
563 if (kn
->kn_hook
!= PTSD_KNOTE_VALID
) {
564 /* We were revoked */
566 kn
->kn_flags
|= EV_EOF
;
571 pti
= ptmx_get_ioctl(minor(dev
), 0);
572 if (pti
== NULL
|| (tp
= pti
->pt_tty
) == NULL
) {
574 kn
->kn_flags
|= EV_ERROR
;
582 if (kn
->kn_filter
== EVFILT_READ
) {
583 kn
->kn_data
= ttnread(tp
);
586 if (ISSET(tp
->t_state
, TS_ZOMBIE
)) {
587 kn
->kn_flags
|= EV_EOF
;
590 } else { /* EVFILT_WRITE */
591 if ((tp
->t_outq
.c_cc
<= tp
->t_lowat
) &&
592 ISSET(tp
->t_state
, TS_CONNECTED
)) {
593 kn
->kn_data
= tp
->t_outq
.c_cn
- tp
->t_outq
.c_cc
;
596 if (ISSET(tp
->t_state
, TS_ZOMBIE
)) {
597 kn
->kn_flags
|= EV_EOF
;
606 ptsd_kevent_mtx_unlock(minor(dev
));
611 ptsd_kqfilter(dev_t dev
, struct knote
*kn
)
613 struct tty
*tp
= NULL
;
614 struct ptmx_ioctl
*pti
= NULL
;
617 /* make sure we're talking about the right device type */
618 if (cdevsw
[major(dev
)].d_open
!= ptsopen
) {
622 if ((pti
= ptmx_get_ioctl(minor(dev
), 0)) == NULL
) {
630 kn
->kn_hook
= PTSD_KNOTE_VALID
;
631 kn
->kn_fop
= &ptsd_kqops
;
633 switch (kn
->kn_filter
) {
635 KNOTE_ATTACH(&tp
->t_rsel
.si_note
, kn
);
638 KNOTE_ATTACH(&tp
->t_wsel
.si_note
, kn
);
650 * Support for revoke(2).
652 * Mark all the kn_hook fields so that future invocations of the
653 * f_event op will just say "EOF" *without* looking at the
654 * ptmx_ioctl structure (which may disappear or be recycled at
655 * the end of ptsd_close). Issue wakeups to post that EOF to
656 * anyone listening. And finally remove the knotes from the
657 * tty's klists to keep ttyclose() happy, and set the hookid to
658 * zero to make the final detach passively successful.
661 ptsd_revoke_knotes(int minor
, struct tty
*tp
)
664 struct knote
*kn
, *tkn
;
666 /* (Hold and drop the right locks in the right order.) */
668 ptsd_kevent_mtx_lock(minor
);
671 list
= &tp
->t_rsel
.si_note
;
672 SLIST_FOREACH(kn
, list
, kn_selnext
)
673 kn
->kn_hook
= PTSD_KNOTE_REVOKED
;
675 list
= &tp
->t_wsel
.si_note
;
676 SLIST_FOREACH(kn
, list
, kn_selnext
)
677 kn
->kn_hook
= PTSD_KNOTE_REVOKED
;
680 ptsd_kevent_mtx_unlock(minor
);
687 ptsd_kevent_mtx_lock(minor
);
690 list
= &tp
->t_rsel
.si_note
;
691 SLIST_FOREACH_SAFE(kn
, list
, kn_selnext
, tkn
) {
692 (void) KNOTE_DETACH(list
, kn
);
696 list
= &tp
->t_wsel
.si_note
;
697 SLIST_FOREACH_SAFE(kn
, list
, kn_selnext
, tkn
) {
698 (void) KNOTE_DETACH(list
, kn
);
703 ptsd_kevent_mtx_unlock(minor
);