#include "pty.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/ioctl.h>
#include <sys/proc_internal.h>
#include <sys/kauth.h>
#include <sys/tty.h>
#include <sys/conf.h>
#include <sys/file_internal.h>
#include <sys/uio_internal.h>
#include <sys/kernel.h>
#include <sys/vnode.h>
#include <sys/user.h>
#include <sys/signalvar.h>
#include <sys/sysctl.h>
#include <miscfs/devfs/devfs.h>
#include <miscfs/devfs/devfsdefs.h>
#include <libkern/section_keywords.h>
#if CONFIG_MACF
#include <security/mac_framework.h>
#endif
#include "tty_dev.h"
int ptmx_init(int n_ptys);
static struct ptmx_ioctl *ptmx_get_ioctl(int minor, int open_flag);
static int ptmx_free_ioctl(int minor, int open_flag);
static int ptmx_get_name(int minor, char *buffer, size_t size);
static void ptsd_revoke_knotes(int minor, struct tty *tp);
extern d_open_t ptsopen;
extern d_close_t ptsclose;
extern d_read_t ptsread;
extern d_write_t ptswrite;
extern d_ioctl_t ptyioctl;
extern d_stop_t ptsstop;
extern d_reset_t ptsreset;
extern d_select_t ptsselect;
extern d_open_t ptcopen;
extern d_close_t ptcclose;
extern d_read_t ptcread;
extern d_write_t ptcwrite;
extern d_stop_t ptcstop;
extern d_reset_t ptcreset;
extern d_select_t ptcselect;
static int ptmx_major;
static const struct cdevsw ptmx_cdev = {
.d_open = ptcopen,
.d_close = ptcclose,
.d_read = ptcread,
.d_write = ptcwrite,
.d_ioctl = ptyioctl,
.d_stop = ptcstop,
.d_reset = ptcreset,
.d_ttys = NULL,
.d_select = ptcselect,
.d_mmap = eno_mmap,
.d_strategy = eno_strat,
.d_reserved_1 = eno_getc,
.d_reserved_2 = eno_putc,
.d_type = D_TTY
};
static int ptsd_major;
static const struct cdevsw ptsd_cdev = {
.d_open = ptsopen,
.d_close = ptsclose,
.d_read = ptsread,
.d_write = ptswrite,
.d_ioctl = ptyioctl,
.d_stop = ptsstop,
.d_reset = ptsreset,
.d_ttys = NULL,
.d_select = ptsselect,
.d_mmap = eno_mmap,
.d_strategy = eno_strat,
.d_reserved_1 = eno_getc,
.d_reserved_2 = eno_putc,
.d_type = D_TTY
};
#define PTMX_TEMPLATE "ptmx"
#define PTSD_TEMPLATE "ttys%03d"
#define PTMX_MAX_DEFAULT 511
#define PTMX_MAX_HARD 999
static int ptmx_max = PTMX_MAX_DEFAULT;
static int
sysctl_ptmx_max(__unused struct sysctl_oid *oidp, __unused void *arg1,
__unused int arg2, struct sysctl_req *req)
{
int new_value, changed;
int error = sysctl_io_number(req, ptmx_max, sizeof(int), &new_value, &changed);
if (changed) {
if (new_value > 0 && new_value <= PTMX_MAX_HARD) {
ptmx_max = new_value;
} else {
error = EINVAL;
}
}
return error;
}
SYSCTL_NODE(_kern, KERN_TTY, tty, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "TTY");
SYSCTL_PROC(_kern_tty, OID_AUTO, ptmx_max,
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED,
&ptmx_max, 0, &sysctl_ptmx_max, "I", "ptmx_max");
static int ptmx_clone(dev_t dev, int minor);
static struct tty_dev_t _ptmx_driver;
int
ptmx_init( __unused int config_count)
{
if ((ptmx_major = cdevsw_add(-15, &ptmx_cdev)) == -1) {
printf("ptmx_init: failed to obtain /dev/ptmx major number\n");
return ENOENT;
}
if (cdevsw_setkqueueok(ptmx_major, &ptmx_cdev, CDEVSW_IS_PTC) == -1) {
panic("Failed to set flags on ptmx cdevsw entry.");
}
if ((ptsd_major = cdevsw_add(-15, &ptsd_cdev)) == -1) {
(void)cdevsw_remove(ptmx_major, &ptmx_cdev);
printf("ptmx_init: failed to obtain /dev/ptmx major number\n");
return ENOENT;
}
if (cdevsw_setkqueueok(ptsd_major, &ptsd_cdev, CDEVSW_IS_PTS) == -1) {
panic("Failed to set flags on ptmx cdevsw entry.");
}
(void)devfs_make_node_clone(makedev(ptmx_major, 0),
DEVFS_CHAR, UID_ROOT, GID_TTY, 0666,
ptmx_clone, PTMX_TEMPLATE);
_ptmx_driver.master = ptmx_major;
_ptmx_driver.slave = ptsd_major;
_ptmx_driver.fix_7828447 = 1;
_ptmx_driver.fix_7070978 = 1;
#if CONFIG_MACF
_ptmx_driver.mac_notify = 1;
#endif
_ptmx_driver.open = &ptmx_get_ioctl;
_ptmx_driver.free = &ptmx_free_ioctl;
_ptmx_driver.name = &ptmx_get_name;
_ptmx_driver.revoke = &ptsd_revoke_knotes;
tty_dev_register(&_ptmx_driver);
return 0;
}
static struct _ptmx_ioctl_state {
struct ptmx_ioctl **pis_ioctl_list;
int pis_total;
int pis_free;
} _state;
#define PTMX_GROW_VECTOR 16
static struct ptmx_ioctl *
ptmx_get_ioctl(int minor, int open_flag)
{
struct ptmx_ioctl *ptmx_ioctl = NULL;
if (open_flag & PF_OPEN_M) {
struct ptmx_ioctl *new_ptmx_ioctl;
DEVFS_LOCK();
if ((_state.pis_total - _state.pis_free) >= ptmx_max) {
DEVFS_UNLOCK();
return NULL;
}
DEVFS_UNLOCK();
MALLOC(new_ptmx_ioctl, struct ptmx_ioctl *, sizeof(struct ptmx_ioctl), M_TTYS, M_WAITOK | M_ZERO);
if (new_ptmx_ioctl == NULL) {
return NULL;
}
if ((new_ptmx_ioctl->pt_tty = ttymalloc()) == NULL) {
FREE(new_ptmx_ioctl, M_TTYS);
return NULL;
}
DEVFS_LOCK();
if ((_state.pis_total - _state.pis_free) >= ptmx_max) {
ttyfree(new_ptmx_ioctl->pt_tty);
DEVFS_UNLOCK();
FREE(new_ptmx_ioctl, M_TTYS);
return NULL;
}
if (_state.pis_free == 0) {
struct ptmx_ioctl **new_pis_ioctl_list;
struct ptmx_ioctl **old_pis_ioctl_list = NULL;
MALLOC(new_pis_ioctl_list, struct ptmx_ioctl **, sizeof(struct ptmx_ioctl *) * (_state.pis_total + PTMX_GROW_VECTOR), M_TTYS, M_WAITOK | M_ZERO);
if (new_pis_ioctl_list == NULL) {
ttyfree(new_ptmx_ioctl->pt_tty);
DEVFS_UNLOCK();
FREE(new_ptmx_ioctl, M_TTYS);
return NULL;
}
bcopy(_state.pis_ioctl_list, new_pis_ioctl_list, sizeof(struct ptmx_ioctl *) * _state.pis_total);
old_pis_ioctl_list = _state.pis_ioctl_list;
_state.pis_ioctl_list = new_pis_ioctl_list;
_state.pis_free += PTMX_GROW_VECTOR;
_state.pis_total += PTMX_GROW_VECTOR;
if (old_pis_ioctl_list) {
FREE(old_pis_ioctl_list, M_TTYS);
}
}
if (minor < 0 || minor >= _state.pis_total) {
ttyfree(new_ptmx_ioctl->pt_tty);
DEVFS_UNLOCK();
FREE(new_ptmx_ioctl, M_TTYS);
return NULL;
}
if (_state.pis_ioctl_list[minor] != NULL) {
ttyfree(new_ptmx_ioctl->pt_tty);
DEVFS_UNLOCK();
FREE(new_ptmx_ioctl, M_TTYS);
return (struct ptmx_ioctl*)-1;
}
_state.pis_ioctl_list[minor] = new_ptmx_ioctl;
_state.pis_free--;
_state.pis_ioctl_list[minor]->pt_flags |= PF_OPEN_M;
DEVFS_UNLOCK();
_state.pis_ioctl_list[minor]->pt_devhandle = devfs_make_node(
makedev(ptsd_major, minor),
DEVFS_CHAR, UID_ROOT, GID_TTY, 0620,
PTSD_TEMPLATE, minor);
if (_state.pis_ioctl_list[minor]->pt_devhandle == NULL) {
printf("devfs_make_node() call failed for ptmx_get_ioctl()!!!!\n");
}
}
DEVFS_LOCK();
if (minor >= 0 && minor < _state.pis_total) {
ptmx_ioctl = _state.pis_ioctl_list[minor];
}
DEVFS_UNLOCK();
return ptmx_ioctl;
}
static int
ptmx_free_ioctl(int minor, int open_flag)
{
struct ptmx_ioctl *old_ptmx_ioctl = NULL;
DEVFS_LOCK();
if (minor < 0 || minor >= _state.pis_total) {
DEVFS_UNLOCK();
return -1;
}
_state.pis_ioctl_list[minor]->pt_flags &= ~(open_flag);
if (!(_state.pis_ioctl_list[minor]->pt_flags & (PF_OPEN_M | PF_OPEN_S))) {
old_ptmx_ioctl = _state.pis_ioctl_list[minor];
_state.pis_ioctl_list[minor] = NULL;
_state.pis_free++;
}
DEVFS_UNLOCK();
if (old_ptmx_ioctl != NULL) {
if (old_ptmx_ioctl->pt_devhandle != NULL) {
devfs_remove(old_ptmx_ioctl->pt_devhandle);
}
ttyfree(old_ptmx_ioctl->pt_tty);
FREE(old_ptmx_ioctl, M_TTYS);
}
return 0;
}
static int
ptmx_get_name(int minor, char *buffer, size_t size)
{
return snprintf(buffer, size, "/dev/" PTSD_TEMPLATE, minor);
}
static int
ptmx_clone(__unused dev_t dev, int action)
{
int i;
if (action == DEVFS_CLONE_ALLOC) {
if (_state.pis_total == 0) {
return 0;
}
for (i = 0; i < _state.pis_total; i++) {
if (_state.pis_ioctl_list[i] == NULL) {
break;
}
}
return i;
}
return -1;
}
int ptsd_kqfilter(dev_t dev, struct knote *kn);
static void ptsd_kqops_detach(struct knote *);
static int ptsd_kqops_event(struct knote *, long);
static int ptsd_kqops_touch(struct knote *kn, struct kevent_qos_s *kev);
static int ptsd_kqops_process(struct knote *kn, struct kevent_qos_s *kev);
SECURITY_READ_ONLY_EARLY(struct filterops) ptsd_kqops = {
.f_isfd = 1,
.f_detach = ptsd_kqops_detach,
.f_event = ptsd_kqops_event,
.f_touch = ptsd_kqops_touch,
.f_process = ptsd_kqops_process,
};
static void
ptsd_kqops_detach(struct knote *kn)
{
struct tty *tp = kn->kn_hook;
tty_lock(tp);
if (tp->t_state & TS_ISOPEN) {
switch (kn->kn_filter) {
case EVFILT_READ:
KNOTE_DETACH(&tp->t_rsel.si_note, kn);
break;
case EVFILT_WRITE:
KNOTE_DETACH(&tp->t_wsel.si_note, kn);
break;
default:
panic("invalid knote %p detach, filter: %d", kn, kn->kn_filter);
break;
}
}
tty_unlock(tp);
ttyfree(tp);
}
static int
ptsd_kqops_common(struct knote *kn, struct kevent_qos_s *kev, struct tty *tp)
{
int retval = 0;
int64_t data = 0;
TTY_LOCK_OWNED(tp);
switch (kn->kn_filter) {
case EVFILT_READ:
data = ttnread(tp);
retval = (data > 0);
break;
case EVFILT_WRITE:
if ((tp->t_outq.c_cc <= tp->t_lowat) &&
(tp->t_state & TS_CONNECTED)) {
data = tp->t_outq.c_cn - tp->t_outq.c_cc;
retval = 1;
}
break;
default:
panic("ptsd kevent: unexpected filter: %d, kn = %p, tty = %p",
kn->kn_filter, kn, tp);
break;
}
if (tp->t_state & TS_ZOMBIE) {
kn->kn_flags |= EV_EOF;
}
if (kn->kn_flags & EV_EOF) {
retval = 1;
}
if (retval && kev) {
knote_fill_kevent(kn, kev, data);
}
return retval;
}
static int
ptsd_kqops_event(struct knote *kn, long hint)
{
struct tty *tp = kn->kn_hook;
int ret;
TTY_LOCK_OWNED(tp);
if (hint & NOTE_REVOKE) {
kn->kn_flags |= EV_EOF | EV_ONESHOT;
ret = 1;
} else {
ret = ptsd_kqops_common(kn, NULL, tp);
}
return ret;
}
static int
ptsd_kqops_touch(struct knote *kn, struct kevent_qos_s *kev)
{
struct tty *tp = kn->kn_hook;
int ret;
tty_lock(tp);
kn->kn_sfflags = kev->fflags;
kn->kn_sdata = kev->data;
ret = ptsd_kqops_common(kn, NULL, tp);
tty_unlock(tp);
return ret;
}
static int
ptsd_kqops_process(struct knote *kn, struct kevent_qos_s *kev)
{
struct tty *tp = kn->kn_hook;
int ret;
tty_lock(tp);
ret = ptsd_kqops_common(kn, kev, tp);
tty_unlock(tp);
return ret;
}
int
ptsd_kqfilter(dev_t dev, struct knote *kn)
{
struct tty *tp = NULL;
struct ptmx_ioctl *pti = NULL;
int ret;
if (cdevsw[major(dev)].d_open != ptsopen) {
knote_set_error(kn, ENODEV);
return 0;
}
if ((pti = ptmx_get_ioctl(minor(dev), 0)) == NULL) {
knote_set_error(kn, ENXIO);
return 0;
}
tp = pti->pt_tty;
tty_lock(tp);
assert(tp->t_state & TS_ISOPEN);
kn->kn_filtid = EVFILTID_PTSD;
ttyhold(tp);
kn->kn_hook = tp;
switch (kn->kn_filter) {
case EVFILT_READ:
KNOTE_ATTACH(&tp->t_rsel.si_note, kn);
break;
case EVFILT_WRITE:
KNOTE_ATTACH(&tp->t_wsel.si_note, kn);
break;
default:
panic("ptsd kevent: unexpected filter: %d, kn = %p, tty = %p",
kn->kn_filter, kn, tp);
break;
}
ret = ptsd_kqops_common(kn, NULL, tp);
tty_unlock(tp);
return ret;
}
static void
ptsd_revoke_knotes(__unused int minor, struct tty *tp)
{
tty_lock(tp);
ttwakeup(tp);
assert((tp->t_rsel.si_flags & SI_KNPOSTING) == 0);
KNOTE(&tp->t_rsel.si_note, NOTE_REVOKE);
ttwwakeup(tp);
assert((tp->t_wsel.si_flags & SI_KNPOSTING) == 0);
KNOTE(&tp->t_wsel.si_note, NOTE_REVOKE);
tty_unlock(tp);
}
int ptmx_kqfilter(dev_t dev, struct knote *kn);
static void ptmx_kqops_detach(struct knote *);
static int ptmx_kqops_event(struct knote *, long);
static int ptmx_kqops_touch(struct knote *kn, struct kevent_qos_s *kev);
static int ptmx_kqops_process(struct knote *kn, struct kevent_qos_s *kev);
static int ptmx_kqops_common(struct knote *kn, struct kevent_qos_s *kev,
struct ptmx_ioctl *pti, struct tty *tp);
SECURITY_READ_ONLY_EARLY(struct filterops) ptmx_kqops = {
.f_isfd = 1,
.f_detach = ptmx_kqops_detach,
.f_event = ptmx_kqops_event,
.f_touch = ptmx_kqops_touch,
.f_process = ptmx_kqops_process,
};
static struct ptmx_ioctl *
ptmx_knote_ioctl(struct knote *kn)
{
return (struct ptmx_ioctl *)kn->kn_hook;
}
static struct tty *
ptmx_knote_tty(struct knote *kn)
{
return ptmx_knote_ioctl(kn)->pt_tty;
}
int
ptmx_kqfilter(dev_t dev, struct knote *kn)
{
struct tty *tp = NULL;
struct ptmx_ioctl *pti = NULL;
int ret;
if (cdevsw[major(dev)].d_open != ptcopen) {
knote_set_error(kn, ENODEV);
return 0;
}
if ((pti = ptmx_get_ioctl(minor(dev), 0)) == NULL) {
knote_set_error(kn, ENXIO);
return 0;
}
tp = pti->pt_tty;
tty_lock(tp);
kn->kn_filtid = EVFILTID_PTMX;
ttyhold(tp);
kn->kn_hook = pti;
switch (kn->kn_filter) {
case EVFILT_READ:
KNOTE_ATTACH(&pti->pt_selr.si_note, kn);
break;
case EVFILT_WRITE:
KNOTE_ATTACH(&pti->pt_selw.si_note, kn);
break;
default:
panic("ptmx kevent: unexpected filter: %d, kn = %p, tty = %p",
kn->kn_filter, kn, tp);
break;
}
ret = ptmx_kqops_common(kn, NULL, pti, tp);
tty_unlock(tp);
return ret;
}
static void
ptmx_kqops_detach(struct knote *kn)
{
struct ptmx_ioctl *pti = kn->kn_hook;
struct tty *tp = pti->pt_tty;
tty_lock(tp);
switch (kn->kn_filter) {
case EVFILT_READ:
KNOTE_DETACH(&pti->pt_selr.si_note, kn);
break;
case EVFILT_WRITE:
KNOTE_DETACH(&pti->pt_selw.si_note, kn);
break;
default:
panic("invalid knote %p detach, filter: %d", kn, kn->kn_filter);
break;
}
tty_unlock(tp);
ttyfree(tp);
}
static int
ptmx_kqops_common(struct knote *kn, struct kevent_qos_s *kev,
struct ptmx_ioctl *pti, struct tty *tp)
{
int retval = 0;
int64_t data = 0;
TTY_LOCK_OWNED(tp);
switch (kn->kn_filter) {
case EVFILT_READ:
if (tp->t_outq.c_cc && !(tp->t_state & TS_TTSTOP)) {
data = tp->t_outq.c_cc;
retval = data > 0;
} else if (((pti->pt_flags & PF_PKT) && pti->pt_send) ||
((pti->pt_flags & PF_UCNTL) && pti->pt_ucntl)) {
retval = 1;
}
break;
case EVFILT_WRITE:
if (pti->pt_flags & PF_REMOTE) {
if (tp->t_canq.c_cc == 0) {
retval = TTYHOG - 1;
}
} else {
retval = (TTYHOG - 2) - (tp->t_rawq.c_cc + tp->t_canq.c_cc);
if (tp->t_canq.c_cc == 0 && (tp->t_lflag & ICANON)) {
retval = 1;
}
if (retval < 0) {
retval = 0;
}
}
break;
default:
panic("ptmx kevent: unexpected filter: %d, kn = %p, tty = %p",
kn->kn_filter, kn, tp);
break;
}
if (!(tp->t_state & TS_CONNECTED) || (tp->t_state & TS_ZOMBIE)) {
kn->kn_flags |= EV_EOF;
}
if (kn->kn_flags & EV_EOF) {
retval = 1;
}
if (retval && kev) {
knote_fill_kevent(kn, kev, data);
}
return retval;
}
static int
ptmx_kqops_event(struct knote *kn, long hint)
{
struct ptmx_ioctl *pti = ptmx_knote_ioctl(kn);
struct tty *tp = ptmx_knote_tty(kn);
int ret;
TTY_LOCK_OWNED(tp);
if (hint & NOTE_REVOKE) {
kn->kn_flags |= EV_EOF | EV_ONESHOT;
ret = 1;
} else {
ret = ptmx_kqops_common(kn, NULL, pti, tp);
}
return ret;
}
static int
ptmx_kqops_touch(struct knote *kn, struct kevent_qos_s *kev)
{
struct ptmx_ioctl *pti = ptmx_knote_ioctl(kn);
struct tty *tp = ptmx_knote_tty(kn);
int ret;
tty_lock(tp);
kn->kn_sfflags = kev->fflags;
kn->kn_sdata = kev->data;
ret = ptmx_kqops_common(kn, NULL, pti, tp);
tty_unlock(tp);
return ret;
}
static int
ptmx_kqops_process(struct knote *kn, struct kevent_qos_s *kev)
{
struct ptmx_ioctl *pti = ptmx_knote_ioctl(kn);
struct tty *tp = ptmx_knote_tty(kn);
int ret;
tty_lock(tp);
ret = ptmx_kqops_common(kn, kev, pti, tp);
tty_unlock(tp);
return ret;
}