1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2008 Ed Schouten <ed@FreeBSD.org>
5  * All rights reserved.
6  *
7  * Portions of this software were developed under sponsorship from Snow
8  * B.V., the Netherlands.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD: stable/12/sys/kern/tty_pts.c 356020 2019-12-22 19:06:45Z kevans $");
34 
35 /* Add compatibility bits for FreeBSD. */
36 #define PTS_COMPAT
37 /* Add pty(4) compat bits. */
38 #define PTS_EXTERNAL
39 /* Add bits to make Linux binaries work. */
40 #define PTS_LINUX
41 
42 #include <sys/param.h>
43 #include <sys/lock.h>
44 #include <sys/condvar.h>
45 #include <sys/conf.h>
46 #include <sys/fcntl.h>
47 #include <sys/file.h>
48 #include <sys/filedesc.h>
49 #include <sys/filio.h>
50 #include <sys/kernel.h>
51 #include <sys/limits.h>
52 #include <sys/malloc.h>
53 #include <sys/mutex.h>
54 #include <sys/poll.h>
55 #include <sys/proc.h>
56 #include <sys/racct.h>
57 #include <sys/resourcevar.h>
58 #include <sys/serial.h>
59 #include <sys/stat.h>
60 #include <sys/syscall.h>
61 #include <sys/syscallsubr.h>
62 #include <sys/sysctl.h>
63 #include <sys/sysent.h>
64 #include <sys/sysproto.h>
65 #include <sys/systm.h>
66 #include <sys/tty.h>
67 #include <sys/ttycom.h>
68 #include <sys/uio.h>
69 #include <sys/user.h>
70 
71 #include <machine/stdarg.h>
72 
73 /*
74  * Our utmp(5) format is limited to 8-byte TTY line names.  This means
75  * we can at most allocate 1000 pseudo-terminals ("pts/999").  Allow
76  * users to increase this number, assuming they have manually increased
77  * UT_LINESIZE.
78  */
79 static struct unrhdr *pts_pool;
80 
81 static MALLOC_DEFINE(M_PTS, "pts", "pseudo tty device");
82 
83 /*
84  * Per-PTS structure.
85  *
86  * List of locks
87  * (t)	locked by tty_lock()
88  * (c)	const until freeing
89  */
90 struct pts_softc {
91 	int		pts_unit;	/* (c) Device unit number. */
92 	unsigned int	pts_flags;	/* (t) Device flags. */
93 #define	PTS_PKT		0x1	/* Packet mode. */
94 #define	PTS_FINISHED	0x2	/* Return errors on read()/write(). */
95 	char		pts_pkt;	/* (t) Unread packet mode data. */
96 
97 	struct cv	pts_inwait;	/* (t) Blocking write() on master. */
98 	struct selinfo	pts_inpoll;	/* (t) Select queue for write(). */
99 	struct cv	pts_outwait;	/* (t) Blocking read() on master. */
100 	struct selinfo	pts_outpoll;	/* (t) Select queue for read(). */
101 
102 #ifdef PTS_EXTERNAL
103 	struct cdev	*pts_cdev;	/* (c) Master device node. */
104 #endif /* PTS_EXTERNAL */
105 
106 	struct ucred	*pts_cred;	/* (c) Resource limit. */
107 };
108 
109 /*
110  * Controller-side file operations.
111  */
112 
113 static int
ptsdev_read(struct file * fp,struct uio * uio,struct ucred * active_cred,int flags,struct thread * td)114 ptsdev_read(struct file *fp, struct uio *uio, struct ucred *active_cred,
115     int flags, struct thread *td)
116 {
117 	struct tty *tp = fp->f_data;
118 	struct pts_softc *psc = tty_softc(tp);
119 	int error = 0;
120 	char pkt;
121 
122 	if (uio->uio_resid == 0)
123 		return (0);
124 
125 	tty_lock(tp);
126 
127 	for (;;) {
128 		/*
129 		 * Implement packet mode. When packet mode is turned on,
130 		 * the first byte contains a bitmask of events that
131 		 * occurred (start, stop, flush, window size, etc).
132 		 */
133 		if (psc->pts_flags & PTS_PKT && psc->pts_pkt) {
134 			pkt = psc->pts_pkt;
135 			psc->pts_pkt = 0;
136 			tty_unlock(tp);
137 
138 			error = ureadc(pkt, uio);
139 			return (error);
140 		}
141 
142 		/*
143 		 * Transmit regular data.
144 		 *
145 		 * XXX: We shouldn't use ttydisc_getc_poll()! Even
146 		 * though in this implementation, there is likely going
147 		 * to be data, we should just call ttydisc_getc_uio()
148 		 * and use its return value to sleep.
149 		 */
150 		if (ttydisc_getc_poll(tp)) {
151 			if (psc->pts_flags & PTS_PKT) {
152 				/*
153 				 * XXX: Small race. Fortunately PTY
154 				 * consumers aren't multithreaded.
155 				 */
156 
157 				tty_unlock(tp);
158 				error = ureadc(TIOCPKT_DATA, uio);
159 				if (error)
160 					return (error);
161 				tty_lock(tp);
162 			}
163 
164 			error = ttydisc_getc_uio(tp, uio);
165 			break;
166 		}
167 
168 		/* Maybe the device isn't used anyway. */
169 		if (psc->pts_flags & PTS_FINISHED)
170 			break;
171 
172 		/* Wait for more data. */
173 		if (fp->f_flag & O_NONBLOCK) {
174 			error = EWOULDBLOCK;
175 			break;
176 		}
177 		error = cv_wait_sig(&psc->pts_outwait, tp->t_mtx);
178 		if (error != 0)
179 			break;
180 	}
181 
182 	tty_unlock(tp);
183 
184 	return (error);
185 }
186 
187 static int
ptsdev_write(struct file * fp,struct uio * uio,struct ucred * active_cred,int flags,struct thread * td)188 ptsdev_write(struct file *fp, struct uio *uio, struct ucred *active_cred,
189     int flags, struct thread *td)
190 {
191 	struct tty *tp = fp->f_data;
192 	struct pts_softc *psc = tty_softc(tp);
193 	char ib[256], *ibstart;
194 	size_t iblen, rintlen;
195 	int error = 0;
196 
197 	if (uio->uio_resid == 0)
198 		return (0);
199 
200 	for (;;) {
201 		ibstart = ib;
202 		iblen = MIN(uio->uio_resid, sizeof ib);
203 		error = uiomove(ib, iblen, uio);
204 
205 		tty_lock(tp);
206 		if (error != 0) {
207 			iblen = 0;
208 			goto done;
209 		}
210 
211 		/*
212 		 * When possible, avoid the slow path. rint_bypass()
213 		 * copies all input to the input queue at once.
214 		 */
215 		MPASS(iblen > 0);
216 		do {
217 			rintlen = ttydisc_rint_simple(tp, ibstart, iblen);
218 			ibstart += rintlen;
219 			iblen -= rintlen;
220 			if (iblen == 0) {
221 				/* All data written. */
222 				break;
223 			}
224 
225 			/* Maybe the device isn't used anyway. */
226 			if (psc->pts_flags & PTS_FINISHED) {
227 				error = EIO;
228 				goto done;
229 			}
230 
231 			/* Wait for more data. */
232 			if (fp->f_flag & O_NONBLOCK) {
233 				error = EWOULDBLOCK;
234 				goto done;
235 			}
236 
237 			/* Wake up users on the slave side. */
238 			ttydisc_rint_done(tp);
239 			error = cv_wait_sig(&psc->pts_inwait, tp->t_mtx);
240 			if (error != 0)
241 				goto done;
242 		} while (iblen > 0);
243 
244 		if (uio->uio_resid == 0)
245 			break;
246 		tty_unlock(tp);
247 	}
248 
249 done:	ttydisc_rint_done(tp);
250 	tty_unlock(tp);
251 
252 	/*
253 	 * Don't account for the part of the buffer that we couldn't
254 	 * pass to the TTY.
255 	 */
256 	uio->uio_resid += iblen;
257 	return (error);
258 }
259 
260 static int
ptsdev_ioctl(struct file * fp,u_long cmd,void * data,struct ucred * active_cred,struct thread * td)261 ptsdev_ioctl(struct file *fp, u_long cmd, void *data,
262     struct ucred *active_cred, struct thread *td)
263 {
264 	struct tty *tp = fp->f_data;
265 	struct pts_softc *psc = tty_softc(tp);
266 	int error = 0, sig;
267 
268 	switch (cmd) {
269 	case FIODTYPE:
270 		*(int *)data = D_TTY;
271 		return (0);
272 	case FIONBIO:
273 		/* This device supports non-blocking operation. */
274 		return (0);
275 	case FIONREAD:
276 		tty_lock(tp);
277 		if (psc->pts_flags & PTS_FINISHED) {
278 			/* Force read() to be called. */
279 			*(int *)data = 1;
280 		} else {
281 			*(int *)data = ttydisc_getc_poll(tp);
282 		}
283 		tty_unlock(tp);
284 		return (0);
285 	case FIODGNAME: {
286 		struct fiodgname_arg *fgn;
287 		const char *p;
288 		int i;
289 
290 		/* Reverse device name lookups, for ptsname() and ttyname(). */
291 		fgn = data;
292 		p = tty_devname(tp);
293 		i = strlen(p) + 1;
294 		if (i > fgn->len)
295 			return (EINVAL);
296 		return copyout(p, fgn->buf, i);
297 	}
298 
299 	/*
300 	 * We need to implement TIOCGPGRP and TIOCGSID here again. When
301 	 * called on the pseudo-terminal master, it should not check if
302 	 * the terminal is the foreground terminal of the calling
303 	 * process.
304 	 *
305 	 * TIOCGETA is also implemented here. Various Linux PTY routines
306 	 * often call isatty(), which is implemented by tcgetattr().
307 	 */
308 #ifdef PTS_LINUX
309 	case TIOCGETA:
310 		/* Obtain terminal flags through tcgetattr(). */
311 		tty_lock(tp);
312 		*(struct termios*)data = tp->t_termios;
313 		tty_unlock(tp);
314 		return (0);
315 #endif /* PTS_LINUX */
316 	case TIOCSETAF:
317 	case TIOCSETAW:
318 		/*
319 		 * We must make sure we turn tcsetattr() calls of TCSAFLUSH and
320 		 * TCSADRAIN into something different. If an application would
321 		 * call TCSAFLUSH or TCSADRAIN on the master descriptor, it may
322 		 * deadlock waiting for all data to be read.
323 		 */
324 		cmd = TIOCSETA;
325 		break;
326 #if defined(PTS_COMPAT) || defined(PTS_LINUX)
327 	case TIOCGPTN:
328 		/*
329 		 * Get the device unit number.
330 		 */
331 		if (psc->pts_unit < 0)
332 			return (ENOTTY);
333 		*(unsigned int *)data = psc->pts_unit;
334 		return (0);
335 #endif /* PTS_COMPAT || PTS_LINUX */
336 	case TIOCGPGRP:
337 		/* Get the foreground process group ID. */
338 		tty_lock(tp);
339 		if (tp->t_pgrp != NULL)
340 			*(int *)data = tp->t_pgrp->pg_id;
341 		else
342 			*(int *)data = NO_PID;
343 		tty_unlock(tp);
344 		return (0);
345 	case TIOCGSID:
346 		/* Get the session leader process ID. */
347 		tty_lock(tp);
348 		if (tp->t_session == NULL)
349 			error = ENOTTY;
350 		else
351 			*(int *)data = tp->t_session->s_sid;
352 		tty_unlock(tp);
353 		return (error);
354 	case TIOCPTMASTER:
355 		/* Yes, we are a pseudo-terminal master. */
356 		return (0);
357 	case TIOCSIG:
358 		/* Signal the foreground process group. */
359 		sig = *(int *)data;
360 		if (sig < 1 || sig >= NSIG)
361 			return (EINVAL);
362 
363 		tty_lock(tp);
364 		tty_signal_pgrp(tp, sig);
365 		tty_unlock(tp);
366 		return (0);
367 	case TIOCPKT:
368 		/* Enable/disable packet mode. */
369 		tty_lock(tp);
370 		if (*(int *)data)
371 			psc->pts_flags |= PTS_PKT;
372 		else
373 			psc->pts_flags &= ~PTS_PKT;
374 		tty_unlock(tp);
375 		return (0);
376 	}
377 
378 	/* Just redirect this ioctl to the slave device. */
379 	tty_lock(tp);
380 	error = tty_ioctl(tp, cmd, data, fp->f_flag, td);
381 	tty_unlock(tp);
382 	if (error == ENOIOCTL)
383 		error = ENOTTY;
384 
385 	return (error);
386 }
387 
388 static int
ptsdev_poll(struct file * fp,int events,struct ucred * active_cred,struct thread * td)389 ptsdev_poll(struct file *fp, int events, struct ucred *active_cred,
390     struct thread *td)
391 {
392 	struct tty *tp = fp->f_data;
393 	struct pts_softc *psc = tty_softc(tp);
394 	int revents = 0;
395 
396 	tty_lock(tp);
397 
398 	if (psc->pts_flags & PTS_FINISHED) {
399 		/* Slave device is not opened. */
400 		tty_unlock(tp);
401 		return ((events & (POLLIN|POLLRDNORM)) | POLLHUP);
402 	}
403 
404 	if (events & (POLLIN|POLLRDNORM)) {
405 		/* See if we can getc something. */
406 		if (ttydisc_getc_poll(tp) ||
407 		    (psc->pts_flags & PTS_PKT && psc->pts_pkt))
408 			revents |= events & (POLLIN|POLLRDNORM);
409 	}
410 	if (events & (POLLOUT|POLLWRNORM)) {
411 		/* See if we can rint something. */
412 		if (ttydisc_rint_poll(tp))
413 			revents |= events & (POLLOUT|POLLWRNORM);
414 	}
415 
416 	/*
417 	 * No need to check for POLLHUP here. This device cannot be used
418 	 * as a callout device, which means we always have a carrier,
419 	 * because the master is.
420 	 */
421 
422 	if (revents == 0) {
423 		/*
424 		 * This code might look misleading, but the naming of
425 		 * poll events on this side is the opposite of the slave
426 		 * device.
427 		 */
428 		if (events & (POLLIN|POLLRDNORM))
429 			selrecord(td, &psc->pts_outpoll);
430 		if (events & (POLLOUT|POLLWRNORM))
431 			selrecord(td, &psc->pts_inpoll);
432 	}
433 
434 	tty_unlock(tp);
435 
436 	return (revents);
437 }
438 
439 /*
440  * kqueue support.
441  */
442 
443 static void
pts_kqops_read_detach(struct knote * kn)444 pts_kqops_read_detach(struct knote *kn)
445 {
446 	struct file *fp = kn->kn_fp;
447 	struct tty *tp = fp->f_data;
448 	struct pts_softc *psc = tty_softc(tp);
449 
450 	knlist_remove(&psc->pts_outpoll.si_note, kn, 0);
451 }
452 
453 static int
pts_kqops_read_event(struct knote * kn,long hint)454 pts_kqops_read_event(struct knote *kn, long hint)
455 {
456 	struct file *fp = kn->kn_fp;
457 	struct tty *tp = fp->f_data;
458 	struct pts_softc *psc = tty_softc(tp);
459 
460 	if (psc->pts_flags & PTS_FINISHED) {
461 		kn->kn_flags |= EV_EOF;
462 		return (1);
463 	} else {
464 		kn->kn_data = ttydisc_getc_poll(tp);
465 		return (kn->kn_data > 0);
466 	}
467 }
468 
469 static void
pts_kqops_write_detach(struct knote * kn)470 pts_kqops_write_detach(struct knote *kn)
471 {
472 	struct file *fp = kn->kn_fp;
473 	struct tty *tp = fp->f_data;
474 	struct pts_softc *psc = tty_softc(tp);
475 
476 	knlist_remove(&psc->pts_inpoll.si_note, kn, 0);
477 }
478 
479 static int
pts_kqops_write_event(struct knote * kn,long hint)480 pts_kqops_write_event(struct knote *kn, long hint)
481 {
482 	struct file *fp = kn->kn_fp;
483 	struct tty *tp = fp->f_data;
484 	struct pts_softc *psc = tty_softc(tp);
485 
486 	if (psc->pts_flags & PTS_FINISHED) {
487 		kn->kn_flags |= EV_EOF;
488 		return (1);
489 	} else {
490 		kn->kn_data = ttydisc_rint_poll(tp);
491 		return (kn->kn_data > 0);
492 	}
493 }
494 
495 static struct filterops pts_kqops_read = {
496 	.f_isfd = 1,
497 	.f_detach = pts_kqops_read_detach,
498 	.f_event = pts_kqops_read_event,
499 };
500 static struct filterops pts_kqops_write = {
501 	.f_isfd = 1,
502 	.f_detach = pts_kqops_write_detach,
503 	.f_event = pts_kqops_write_event,
504 };
505 
506 static int
ptsdev_kqfilter(struct file * fp,struct knote * kn)507 ptsdev_kqfilter(struct file *fp, struct knote *kn)
508 {
509 	struct tty *tp = fp->f_data;
510 	struct pts_softc *psc = tty_softc(tp);
511 	int error = 0;
512 
513 	tty_lock(tp);
514 
515 	switch (kn->kn_filter) {
516 	case EVFILT_READ:
517 		kn->kn_fop = &pts_kqops_read;
518 		knlist_add(&psc->pts_outpoll.si_note, kn, 1);
519 		break;
520 	case EVFILT_WRITE:
521 		kn->kn_fop = &pts_kqops_write;
522 		knlist_add(&psc->pts_inpoll.si_note, kn, 1);
523 		break;
524 	default:
525 		error = EINVAL;
526 		break;
527 	}
528 
529 	tty_unlock(tp);
530 	return (error);
531 }
532 
533 static int
ptsdev_stat(struct file * fp,struct stat * sb,struct ucred * active_cred,struct thread * td)534 ptsdev_stat(struct file *fp, struct stat *sb, struct ucred *active_cred,
535     struct thread *td)
536 {
537 	struct tty *tp = fp->f_data;
538 #ifdef PTS_EXTERNAL
539 	struct pts_softc *psc = tty_softc(tp);
540 #endif /* PTS_EXTERNAL */
541 	struct cdev *dev = tp->t_dev;
542 
543 	/*
544 	 * According to POSIX, we must implement an fstat(). This also
545 	 * makes this implementation compatible with Linux binaries,
546 	 * because Linux calls fstat() on the pseudo-terminal master to
547 	 * obtain st_rdev.
548 	 *
549 	 * XXX: POSIX also mentions we must fill in st_dev, but how?
550 	 */
551 
552 	bzero(sb, sizeof *sb);
553 #ifdef PTS_EXTERNAL
554 	if (psc->pts_cdev != NULL)
555 		sb->st_ino = sb->st_rdev = dev2udev(psc->pts_cdev);
556 	else
557 #endif /* PTS_EXTERNAL */
558 		sb->st_ino = sb->st_rdev = tty_udev(tp);
559 
560 	sb->st_atim = dev->si_atime;
561 	sb->st_ctim = dev->si_ctime;
562 	sb->st_mtim = dev->si_mtime;
563 	sb->st_uid = dev->si_uid;
564 	sb->st_gid = dev->si_gid;
565 	sb->st_mode = dev->si_mode | S_IFCHR;
566 
567 	return (0);
568 }
569 
570 static int
ptsdev_close(struct file * fp,struct thread * td)571 ptsdev_close(struct file *fp, struct thread *td)
572 {
573 	struct tty *tp = fp->f_data;
574 
575 	/* Deallocate TTY device. */
576 	tty_lock(tp);
577 	tty_rel_gone(tp);
578 
579 	/*
580 	 * Open of /dev/ptmx or /dev/ptyXX changes the type of file
581 	 * from DTYPE_VNODE to DTYPE_PTS. vn_open() increases vnode
582 	 * use count, we need to decrement it, and possibly do other
583 	 * required cleanup.
584 	 */
585 	if (fp->f_vnode != NULL)
586 		return (vnops.fo_close(fp, td));
587 
588 	return (0);
589 }
590 
591 static int
ptsdev_fill_kinfo(struct file * fp,struct kinfo_file * kif,struct filedesc * fdp)592 ptsdev_fill_kinfo(struct file *fp, struct kinfo_file *kif, struct filedesc *fdp)
593 {
594 	struct tty *tp;
595 
596 	kif->kf_type = KF_TYPE_PTS;
597 	tp = fp->f_data;
598 	kif->kf_un.kf_pts.kf_pts_dev = tty_udev(tp);
599 	kif->kf_un.kf_pts.kf_pts_dev_freebsd11 =
600 	    kif->kf_un.kf_pts.kf_pts_dev; /* truncate */
601 	strlcpy(kif->kf_path, tty_devname(tp), sizeof(kif->kf_path));
602 	return (0);
603 }
604 
605 static struct fileops ptsdev_ops = {
606 	.fo_read	= ptsdev_read,
607 	.fo_write	= ptsdev_write,
608 	.fo_truncate	= invfo_truncate,
609 	.fo_ioctl	= ptsdev_ioctl,
610 	.fo_poll	= ptsdev_poll,
611 	.fo_kqfilter	= ptsdev_kqfilter,
612 	.fo_stat	= ptsdev_stat,
613 	.fo_close	= ptsdev_close,
614 	.fo_chmod	= invfo_chmod,
615 	.fo_chown	= invfo_chown,
616 	.fo_sendfile	= invfo_sendfile,
617 	.fo_fill_kinfo	= ptsdev_fill_kinfo,
618 	.fo_flags	= DFLAG_PASSABLE,
619 };
620 
621 /*
622  * Driver-side hooks.
623  */
624 
625 static void
ptsdrv_outwakeup(struct tty * tp)626 ptsdrv_outwakeup(struct tty *tp)
627 {
628 	struct pts_softc *psc = tty_softc(tp);
629 
630 	cv_broadcast(&psc->pts_outwait);
631 	selwakeup(&psc->pts_outpoll);
632 	KNOTE_LOCKED(&psc->pts_outpoll.si_note, 0);
633 }
634 
635 static void
ptsdrv_inwakeup(struct tty * tp)636 ptsdrv_inwakeup(struct tty *tp)
637 {
638 	struct pts_softc *psc = tty_softc(tp);
639 
640 	cv_broadcast(&psc->pts_inwait);
641 	selwakeup(&psc->pts_inpoll);
642 	KNOTE_LOCKED(&psc->pts_inpoll.si_note, 0);
643 }
644 
645 static int
ptsdrv_open(struct tty * tp)646 ptsdrv_open(struct tty *tp)
647 {
648 	struct pts_softc *psc = tty_softc(tp);
649 
650 	psc->pts_flags &= ~PTS_FINISHED;
651 
652 	return (0);
653 }
654 
655 static void
ptsdrv_close(struct tty * tp)656 ptsdrv_close(struct tty *tp)
657 {
658 	struct pts_softc *psc = tty_softc(tp);
659 
660 	/* Wake up any blocked readers/writers. */
661 	psc->pts_flags |= PTS_FINISHED;
662 	ptsdrv_outwakeup(tp);
663 	ptsdrv_inwakeup(tp);
664 }
665 
666 static void
ptsdrv_pktnotify(struct tty * tp,char event)667 ptsdrv_pktnotify(struct tty *tp, char event)
668 {
669 	struct pts_softc *psc = tty_softc(tp);
670 
671 	/*
672 	 * Clear conflicting flags.
673 	 */
674 
675 	switch (event) {
676 	case TIOCPKT_STOP:
677 		psc->pts_pkt &= ~TIOCPKT_START;
678 		break;
679 	case TIOCPKT_START:
680 		psc->pts_pkt &= ~TIOCPKT_STOP;
681 		break;
682 	case TIOCPKT_NOSTOP:
683 		psc->pts_pkt &= ~TIOCPKT_DOSTOP;
684 		break;
685 	case TIOCPKT_DOSTOP:
686 		psc->pts_pkt &= ~TIOCPKT_NOSTOP;
687 		break;
688 	}
689 
690 	psc->pts_pkt |= event;
691 	ptsdrv_outwakeup(tp);
692 }
693 
694 static void
ptsdrv_free(void * softc)695 ptsdrv_free(void *softc)
696 {
697 	struct pts_softc *psc = softc;
698 
699 	/* Make device number available again. */
700 	if (psc->pts_unit >= 0)
701 		free_unr(pts_pool, psc->pts_unit);
702 
703 	chgptscnt(psc->pts_cred->cr_ruidinfo, -1, 0);
704 	racct_sub_cred(psc->pts_cred, RACCT_NPTS, 1);
705 	crfree(psc->pts_cred);
706 
707 	seldrain(&psc->pts_inpoll);
708 	seldrain(&psc->pts_outpoll);
709 	knlist_destroy(&psc->pts_inpoll.si_note);
710 	knlist_destroy(&psc->pts_outpoll.si_note);
711 
712 #ifdef PTS_EXTERNAL
713 	/* Destroy master device as well. */
714 	if (psc->pts_cdev != NULL)
715 		destroy_dev_sched(psc->pts_cdev);
716 #endif /* PTS_EXTERNAL */
717 
718 	free(psc, M_PTS);
719 }
720 
721 static struct ttydevsw pts_class = {
722 	.tsw_flags	= TF_NOPREFIX,
723 	.tsw_outwakeup	= ptsdrv_outwakeup,
724 	.tsw_inwakeup	= ptsdrv_inwakeup,
725 	.tsw_open	= ptsdrv_open,
726 	.tsw_close	= ptsdrv_close,
727 	.tsw_pktnotify	= ptsdrv_pktnotify,
728 	.tsw_free	= ptsdrv_free,
729 };
730 
731 #ifndef PTS_EXTERNAL
732 static
733 #endif /* !PTS_EXTERNAL */
734 int
pts_alloc(int fflags,struct thread * td,struct file * fp)735 pts_alloc(int fflags, struct thread *td, struct file *fp)
736 {
737 	int unit, ok, error;
738 	struct tty *tp;
739 	struct pts_softc *psc;
740 	struct proc *p = td->td_proc;
741 	struct ucred *cred = td->td_ucred;
742 
743 	/* Resource limiting. */
744 	PROC_LOCK(p);
745 	error = racct_add(p, RACCT_NPTS, 1);
746 	if (error != 0) {
747 		PROC_UNLOCK(p);
748 		return (EAGAIN);
749 	}
750 	ok = chgptscnt(cred->cr_ruidinfo, 1, lim_cur(td, RLIMIT_NPTS));
751 	if (!ok) {
752 		racct_sub(p, RACCT_NPTS, 1);
753 		PROC_UNLOCK(p);
754 		return (EAGAIN);
755 	}
756 	PROC_UNLOCK(p);
757 
758 	/* Try to allocate a new pts unit number. */
759 	unit = alloc_unr(pts_pool);
760 	if (unit < 0) {
761 		racct_sub(p, RACCT_NPTS, 1);
762 		chgptscnt(cred->cr_ruidinfo, -1, 0);
763 		return (EAGAIN);
764 	}
765 
766 	/* Allocate TTY and softc. */
767 	psc = malloc(sizeof(struct pts_softc), M_PTS, M_WAITOK|M_ZERO);
768 	cv_init(&psc->pts_inwait, "ptsin");
769 	cv_init(&psc->pts_outwait, "ptsout");
770 
771 	psc->pts_unit = unit;
772 	psc->pts_cred = crhold(cred);
773 
774 	tp = tty_alloc(&pts_class, psc);
775 	knlist_init_mtx(&psc->pts_inpoll.si_note, tp->t_mtx);
776 	knlist_init_mtx(&psc->pts_outpoll.si_note, tp->t_mtx);
777 
778 	/* Expose the slave device as well. */
779 	tty_makedev(tp, td->td_ucred, "pts/%u", psc->pts_unit);
780 
781 	finit(fp, fflags, DTYPE_PTS, tp, &ptsdev_ops);
782 
783 	return (0);
784 }
785 
786 #ifdef PTS_EXTERNAL
787 int
pts_alloc_external(int fflags,struct thread * td,struct file * fp,struct cdev * dev,const char * name)788 pts_alloc_external(int fflags, struct thread *td, struct file *fp,
789     struct cdev *dev, const char *name)
790 {
791 	int ok, error;
792 	struct tty *tp;
793 	struct pts_softc *psc;
794 	struct proc *p = td->td_proc;
795 	struct ucred *cred = td->td_ucred;
796 
797 	/* Resource limiting. */
798 	PROC_LOCK(p);
799 	error = racct_add(p, RACCT_NPTS, 1);
800 	if (error != 0) {
801 		PROC_UNLOCK(p);
802 		return (EAGAIN);
803 	}
804 	ok = chgptscnt(cred->cr_ruidinfo, 1, lim_cur(td, RLIMIT_NPTS));
805 	if (!ok) {
806 		racct_sub(p, RACCT_NPTS, 1);
807 		PROC_UNLOCK(p);
808 		return (EAGAIN);
809 	}
810 	PROC_UNLOCK(p);
811 
812 	/* Allocate TTY and softc. */
813 	psc = malloc(sizeof(struct pts_softc), M_PTS, M_WAITOK|M_ZERO);
814 	cv_init(&psc->pts_inwait, "ptsin");
815 	cv_init(&psc->pts_outwait, "ptsout");
816 
817 	psc->pts_unit = -1;
818 	psc->pts_cdev = dev;
819 	psc->pts_cred = crhold(cred);
820 
821 	tp = tty_alloc(&pts_class, psc);
822 	knlist_init_mtx(&psc->pts_inpoll.si_note, tp->t_mtx);
823 	knlist_init_mtx(&psc->pts_outpoll.si_note, tp->t_mtx);
824 
825 	/* Expose the slave device as well. */
826 	tty_makedev(tp, td->td_ucred, "%s", name);
827 
828 	finit(fp, fflags, DTYPE_PTS, tp, &ptsdev_ops);
829 
830 	return (0);
831 }
832 #endif /* PTS_EXTERNAL */
833 
834 int
sys_posix_openpt(struct thread * td,struct posix_openpt_args * uap)835 sys_posix_openpt(struct thread *td, struct posix_openpt_args *uap)
836 {
837 	int error, fd;
838 	struct file *fp;
839 
840 	/*
841 	 * POSIX states it's unspecified when other flags are passed. We
842 	 * don't allow this.
843 	 */
844 	if (uap->flags & ~(O_RDWR|O_NOCTTY|O_CLOEXEC))
845 		return (EINVAL);
846 
847 	error = falloc(td, &fp, &fd, uap->flags);
848 	if (error)
849 		return (error);
850 
851 	/* Allocate the actual pseudo-TTY. */
852 	error = pts_alloc(FFLAGS(uap->flags & O_ACCMODE), td, fp);
853 	if (error != 0) {
854 		fdclose(td, fp, fd);
855 		fdrop(fp, td);
856 		return (error);
857 	}
858 
859 	/* Pass it back to userspace. */
860 	td->td_retval[0] = fd;
861 	fdrop(fp, td);
862 
863 	return (0);
864 }
865 
866 static void
pts_init(void * unused)867 pts_init(void *unused)
868 {
869 
870 	pts_pool = new_unrhdr(0, INT_MAX, NULL);
871 }
872 
873 SYSINIT(pts, SI_SUB_DRIVERS, SI_ORDER_MIDDLE, pts_init, NULL);
874