freebsd-dev/sys/kern/tty_pty.c

803 lines
18 KiB
C
Raw Normal View History

/*-
1994-05-24 10:09:53 +00:00
* Copyright (c) 1982, 1986, 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)tty_pty.c 8.4 (Berkeley) 2/20/95
1994-05-24 10:09:53 +00:00
*/
2003-06-11 00:56:59 +00:00
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
1994-05-24 10:09:53 +00:00
/*
* Pseudo-teletype Driver
* (Actually two drivers, requiring two entries in 'cdevsw')
*/
#include "opt_compat.h"
#include "opt_tty.h"
1994-05-24 10:09:53 +00:00
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/lock.h>
#include <sys/mutex.h>
#include <sys/sx.h>
#if defined(COMPAT_43TTY)
#include <sys/ioctl_compat.h>
#endif
#include <sys/priv.h>
1994-05-24 10:09:53 +00:00
#include <sys/proc.h>
#include <sys/tty.h>
#include <sys/conf.h>
#include <sys/fcntl.h>
#include <sys/poll.h>
1994-05-24 10:09:53 +00:00
#include <sys/kernel.h>
#include <sys/uio.h>
#include <sys/signalvar.h>
#include <sys/malloc.h>
1994-05-24 10:09:53 +00:00
2000-12-08 20:09:00 +00:00
static MALLOC_DEFINE(M_PTY, "ptys", "pty data structures");
2002-03-19 21:25:46 +00:00
static void ptsstart(struct tty *tp);
static void ptsstop(struct tty *tp, int rw);
static void ptcwakeup(struct tty *tp, int flag);
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
static struct cdev *ptyinit(struct cdev *cdev, struct thread *td);
static d_open_t ptsopen;
static d_close_t ptsclose;
static d_read_t ptsread;
static d_write_t ptswrite;
static d_ioctl_t ptsioctl;
static d_open_t ptcopen;
static d_close_t ptcclose;
static d_read_t ptcread;
static d_ioctl_t ptcioctl;
static d_write_t ptcwrite;
static d_poll_t ptcpoll;
static struct cdevsw pts_cdevsw = {
.d_version = D_VERSION,
.d_open = ptsopen,
.d_close = ptsclose,
.d_read = ptsread,
.d_write = ptswrite,
.d_ioctl = ptsioctl,
.d_name = "pts",
.d_flags = D_TTY | D_NEEDGIANT,
};
static struct cdevsw ptc_cdevsw = {
.d_version = D_VERSION,
.d_open = ptcopen,
.d_close = ptcclose,
.d_read = ptcread,
.d_write = ptcwrite,
.d_ioctl = ptcioctl,
.d_poll = ptcpoll,
.d_name = "ptc",
.d_flags = D_TTY | D_NEEDGIANT,
};
1994-05-24 10:09:53 +00:00
#define BUFSIZ 100 /* Chunk size iomoved to/from user */
struct ptsc {
1994-05-24 10:09:53 +00:00
int pt_flags;
struct selinfo pt_selr, pt_selw;
u_char pt_send;
u_char pt_ucntl;
struct tty *pt_tty;
struct cdev *devs, *devc;
int pt_devs_open, pt_devc_open;
struct prison *pt_prison;
};
1994-05-24 10:09:53 +00:00
#define PF_PKT 0x08 /* packet mode */
#define PF_STOPPED 0x10 /* user told stopped */
#define PF_NOSTOP 0x40
#define PF_UCNTL 0x80 /* user control mode */
#define TSA_PTC_READ(tp) ((void *)&(tp)->t_outq.c_cf)
#define TSA_PTC_WRITE(tp) ((void *)&(tp)->t_rawq.c_cl)
#define TSA_PTS_READ(tp) ((void *)&(tp)->t_canq)
static char *names = "pqrsPQRS";
1994-05-24 10:09:53 +00:00
/*
* This function creates and initializes a pts/ptc pair
*
* pts == /dev/tty[pqrsPQRS][0123456789abcdefghijklmnopqrstuv]
* ptc == /dev/pty[pqrsPQRS][0123456789abcdefghijklmnopqrstuv]
1994-05-24 10:09:53 +00:00
*
* XXX: define and add mapping of upper minor bits to allow more
* than 256 ptys.
1994-05-24 10:09:53 +00:00
*/
static struct cdev *
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
ptyinit(struct cdev *devc, struct thread *td)
1994-05-24 10:09:53 +00:00
{
struct ptsc *pt;
int n;
n = minor(devc);
/* For now we only map the lower 8 bits of the minor */
if (n & ~0xff)
return (NULL);
devc->si_flags &= ~SI_CHEAPCLONE;
/*
* Initially do not create a slave endpoint.
*/
pt = malloc(sizeof(*pt), M_PTY, M_WAITOK | M_ZERO);
pt->devc = devc;
2006-01-04 09:09:46 +00:00
pt->pt_tty = ttyalloc();
pt->pt_tty->t_sc = pt;
devc->si_drv1 = pt;
devc->si_tty = pt->pt_tty;
return (devc);
1994-05-24 10:09:53 +00:00
}
static void
pty_create_slave(struct ucred *cred, struct ptsc *pt, int n)
{
pt->devs = make_dev_cred(&pts_cdevsw, n, cred, UID_ROOT, GID_WHEEL,
0666, "tty%c%r", names[n / 32], n % 32);
pt->devs->si_drv1 = pt;
pt->devs->si_tty = pt->pt_tty;
pt->pt_tty->t_dev = pt->devs;
}
static void
pty_destroy_slave(struct ptsc *pt)
{
if (pt->pt_tty->t_refcnt > 1)
return;
pt->pt_tty->t_dev = NULL;
ttyrel(pt->pt_tty);
pt->pt_tty = NULL;
destroy_dev(pt->devs);
pt->devs = NULL;
}
static void
pty_maybe_destroy_slave(struct ptsc *pt)
{
/*
* vfs bugs and complications near revoke() make
* it currently impossible to destroy struct cdev
*/
if (0 && pt->pt_devc_open == 0 && pt->pt_devs_open == 0)
pty_destroy_slave(pt);
}
1994-05-24 10:09:53 +00:00
/*ARGSUSED*/
static int
ptsopen(struct cdev *dev, int flag, int devtype, struct thread *td)
1994-05-24 10:09:53 +00:00
{
struct tty *tp;
1994-05-24 10:09:53 +00:00
int error;
struct ptsc *pt;
1994-05-24 10:09:53 +00:00
if (!dev->si_drv1)
return(ENXIO);
pt = dev->si_drv1;
1999-08-30 10:35:37 +00:00
tp = dev->si_tty;
1994-05-24 10:09:53 +00:00
if ((tp->t_state & TS_ISOPEN) == 0) {
ttyinitmode(tp, 1, 0);
} else if (tp->t_state & TS_XCLUDE && priv_check(td,
PRIV_TTY_EXCLUSIVE))
1994-05-24 10:09:53 +00:00
return (EBUSY);
else if (pt->pt_prison != td->td_ucred->cr_prison &&
priv_check(td, PRIV_TTY_PRISON))
return (EBUSY);
1994-05-24 10:09:53 +00:00
if (tp->t_oproc) /* Ctrlr still around. */
(void)ttyld_modem(tp, 1);
1994-05-24 10:09:53 +00:00
while ((tp->t_state & TS_CARR_ON) == 0) {
if (flag&FNONBLOCK)
break;
error = ttysleep(tp, TSA_CARR_ON(tp), TTIPRI | PCATCH,
"ptsopn", 0);
if (error)
1994-05-24 10:09:53 +00:00
return (error);
}
error = ttyld_open(tp, dev);
if (error == 0) {
ptcwakeup(tp, FREAD|FWRITE);
pt->pt_devs_open = 1;
} else
pty_maybe_destroy_slave(pt);
1994-05-24 10:09:53 +00:00
return (error);
}
static int
ptsclose(struct cdev *dev, int flag, int mode, struct thread *td)
1994-05-24 10:09:53 +00:00
{
struct ptsc *pti;
struct tty *tp;
1994-05-24 10:09:53 +00:00
int err;
1999-08-30 10:35:37 +00:00
tp = dev->si_tty;
pti = dev->si_drv1;
KASSERT(dev == pti->devs, ("ptsclose: dev != pti->devs"));
err = ttyld_close(tp, flag);
(void) tty_close(tp);
pti->pt_devs_open = 0;
pty_maybe_destroy_slave(pti);
1994-05-24 10:09:53 +00:00
return (err);
}
static int
ptsread(struct cdev *dev, struct uio *uio, int flag)
1994-05-24 10:09:53 +00:00
{
struct tty *tp = dev->si_tty;
1994-05-24 10:09:53 +00:00
int error = 0;
if (tp->t_oproc)
error = ttyld_read(tp, uio, flag);
1994-05-24 10:09:53 +00:00
ptcwakeup(tp, FWRITE);
return (error);
}
/*
* Write to pseudo-tty.
* Wakeups of controlling tty will happen
* indirectly, when tty driver calls ptsstart.
*/
static int
ptswrite(struct cdev *dev, struct uio *uio, int flag)
1994-05-24 10:09:53 +00:00
{
struct tty *tp;
1994-05-24 10:09:53 +00:00
1999-08-30 10:35:37 +00:00
tp = dev->si_tty;
1994-05-24 10:09:53 +00:00
if (tp->t_oproc == 0)
return (EIO);
return (ttyld_write(tp, uio, flag));
1994-05-24 10:09:53 +00:00
}
/*
* Start output on pseudo-tty.
* Wake up process selecting or sleeping for input from controlling tty.
*/
static void
2004-06-09 10:16:14 +00:00
ptsstart(struct tty *tp)
1994-05-24 10:09:53 +00:00
{
struct ptsc *pt = tp->t_sc;
1994-05-24 10:09:53 +00:00
if (tp->t_state & TS_TTSTOP)
return;
if (pt->pt_flags & PF_STOPPED) {
pt->pt_flags &= ~PF_STOPPED;
pt->pt_send = TIOCPKT_START;
1994-05-24 10:09:53 +00:00
}
ptcwakeup(tp, FREAD);
}
static void
2004-06-09 10:16:14 +00:00
ptcwakeup(struct tty *tp, int flag)
1994-05-24 10:09:53 +00:00
{
struct ptsc *pt = tp->t_sc;
1994-05-24 10:09:53 +00:00
if (flag & FREAD) {
selwakeuppri(&pt->pt_selr, TTIPRI);
wakeup(TSA_PTC_READ(tp));
1994-05-24 10:09:53 +00:00
}
if (flag & FWRITE) {
selwakeuppri(&pt->pt_selw, TTOPRI);
wakeup(TSA_PTC_WRITE(tp));
1994-05-24 10:09:53 +00:00
}
}
static int
ptcopen(struct cdev *dev, int flag, int devtype, struct thread *td)
1994-05-24 10:09:53 +00:00
{
struct tty *tp;
struct ptsc *pt;
1994-05-24 10:09:53 +00:00
if (!dev->si_drv1)
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
ptyinit(dev, td);
if (!dev->si_drv1)
return(ENXIO);
pt = dev->si_drv1;
/*
* In case we have destroyed the struct tty at the last connect time,
* we need to recreate it.
*/
if (pt->pt_tty == NULL) {
pt->pt_tty = ttyalloc();
pt->pt_tty->t_sc = pt;
dev->si_tty = pt->pt_tty;
}
tp = dev->si_tty;
if (tp->t_oproc)
return (EIO);
tp->t_timeout = -1;
1994-05-24 10:09:53 +00:00
tp->t_oproc = ptsstart;
tp->t_stop = ptsstop;
(void)ttyld_modem(tp, 1);
1994-05-24 10:09:53 +00:00
tp->t_lflag &= ~EXTPROC;
pt->pt_prison = td->td_ucred->cr_prison;
pt->pt_flags = 0;
pt->pt_send = 0;
pt->pt_ucntl = 0;
if (!pt->devs)
pty_create_slave(td->td_ucred, pt, minor(dev));
pt->pt_devc_open = 1;
1994-05-24 10:09:53 +00:00
return (0);
}
static int
ptcclose(struct cdev *dev, int flags, int fmt, struct thread *td)
1994-05-24 10:09:53 +00:00
{
struct ptsc *pti = dev->si_drv1;
struct tty *tp;
1994-05-24 10:09:53 +00:00
1999-08-30 10:35:37 +00:00
tp = dev->si_tty;
(void)ttyld_modem(tp, 0);
Obtained from: partly from ancient patches of mine via 1.1.5 Introduce TS_CONNECTED and TS_ZOMBIE states. TS_CONNECTED is set while a connection is established. It is set while (TS_CARR_ON or CLOCAL is set) and TS_ZOMBIE is clear. TS_ZOMBIE is set for on to off transitions of TS_CARR_ON that occur when CLOCAL is clear and is cleared for off to on transitions of CLOCAL. I/o can only occur while TS_CONNECTED is set. TS_ZOMBIE prevents further i/o. Split the input-event sleep address TSA_CARR_ON(tp) into TSA_CARR_ON(tp) and TSA_HUP_OR_INPUT(tp). The former address is now used only for off to on carrier transitions and equivalent CLOCAL transitions. The latter is used for all input events, all carrier transitions and certain CLOCAL transitions. There are some harmless extra wakeups for rare connection- related events. Previously there were too many extra wakeups for non-rare input events. Drivers now call l_modem() instead of setting TS_CARR_ON directly to handle even the initial off to on transition of carrier. They should always have done this. l_modem() now handles TS_CONNECTED and TS_ZOMBIE as well as TS_CARR_ON. gnu/isdn/iitty.c: Set TS_CONNECTED for first open ourself to go with bogusly setting CLOCAL. i386/isa/syscons.c, i386/isa/pcvt/pcvt_drv.c: We fake carrier, so don't also fake CLOCAL. kern/tty.c: Testing TS_CONNECTED instead of TS_CARR_ON fixes TIOCCONS forgetting to test CLOCAL. TS_ISOPEN was tested instead, but that broke when we disabled the clearing of TS_ISOPEN for certain transitions of CLOCAL. Testing TS_CONNECTED fixes ttyselect() returning false success for output to devices in state !TS_CARR_ON && !CLOCAL. Optimize the other selwakeup() call (this is not related to the other changes). kern/tty_pty.c: ptcopen() can be declared in traditional C now that dev_t isn't short.
1995-07-31 21:02:00 +00:00
/*
* XXX MDMBUF makes no sense for ptys but would inhibit the above
* l_modem(). CLOCAL makes sense but isn't supported. Special
* l_modem()s that ignore carrier drop make no sense for ptys but
* may be in use because other parts of the line discipline make
* sense for ptys. Recover by doing everything that a normal
* ttymodem() would have done except for sending a SIGHUP.
*/
if (tp->t_state & TS_ISOPEN) {
tp->t_state &= ~(TS_CARR_ON | TS_CONNECTED);
tp->t_state |= TS_ZOMBIE;
ttyflush(tp, FREAD | FWRITE);
}
Obtained from: partly from ancient patches of mine via 1.1.5 Introduce TS_CONNECTED and TS_ZOMBIE states. TS_CONNECTED is set while a connection is established. It is set while (TS_CARR_ON or CLOCAL is set) and TS_ZOMBIE is clear. TS_ZOMBIE is set for on to off transitions of TS_CARR_ON that occur when CLOCAL is clear and is cleared for off to on transitions of CLOCAL. I/o can only occur while TS_CONNECTED is set. TS_ZOMBIE prevents further i/o. Split the input-event sleep address TSA_CARR_ON(tp) into TSA_CARR_ON(tp) and TSA_HUP_OR_INPUT(tp). The former address is now used only for off to on carrier transitions and equivalent CLOCAL transitions. The latter is used for all input events, all carrier transitions and certain CLOCAL transitions. There are some harmless extra wakeups for rare connection- related events. Previously there were too many extra wakeups for non-rare input events. Drivers now call l_modem() instead of setting TS_CARR_ON directly to handle even the initial off to on transition of carrier. They should always have done this. l_modem() now handles TS_CONNECTED and TS_ZOMBIE as well as TS_CARR_ON. gnu/isdn/iitty.c: Set TS_CONNECTED for first open ourself to go with bogusly setting CLOCAL. i386/isa/syscons.c, i386/isa/pcvt/pcvt_drv.c: We fake carrier, so don't also fake CLOCAL. kern/tty.c: Testing TS_CONNECTED instead of TS_CARR_ON fixes TIOCCONS forgetting to test CLOCAL. TS_ISOPEN was tested instead, but that broke when we disabled the clearing of TS_ISOPEN for certain transitions of CLOCAL. Testing TS_CONNECTED fixes ttyselect() returning false success for output to devices in state !TS_CARR_ON && !CLOCAL. Optimize the other selwakeup() call (this is not related to the other changes). kern/tty_pty.c: ptcopen() can be declared in traditional C now that dev_t isn't short.
1995-07-31 21:02:00 +00:00
1994-05-24 10:09:53 +00:00
tp->t_oproc = 0; /* mark closed */
pti->pt_devc_open = 0;
pty_maybe_destroy_slave(pti);
1994-05-24 10:09:53 +00:00
return (0);
}
static int
ptcread(struct cdev *dev, struct uio *uio, int flag)
1994-05-24 10:09:53 +00:00
{
struct tty *tp = dev->si_tty;
struct ptsc *pt = dev->si_drv1;
1994-05-24 10:09:53 +00:00
char buf[BUFSIZ];
int error = 0, cc;
/*
* We want to block until the slave
* is open, and there's something to read;
* but if we lost the slave or we're NBIO,
* then return the appropriate error instead.
*/
for (;;) {
if (tp->t_state&TS_ISOPEN) {
if (pt->pt_flags&PF_PKT && pt->pt_send) {
error = ureadc((int)pt->pt_send, uio);
1994-05-24 10:09:53 +00:00
if (error)
return (error);
if (pt->pt_send & TIOCPKT_IOCTL) {
1994-05-24 10:09:53 +00:00
cc = min(uio->uio_resid,
sizeof(tp->t_termios));
uiomove(&tp->t_termios, cc, uio);
1994-05-24 10:09:53 +00:00
}
pt->pt_send = 0;
1994-05-24 10:09:53 +00:00
return (0);
}
if (pt->pt_flags&PF_UCNTL && pt->pt_ucntl) {
error = ureadc((int)pt->pt_ucntl, uio);
1994-05-24 10:09:53 +00:00
if (error)
return (error);
pt->pt_ucntl = 0;
1994-05-24 10:09:53 +00:00
return (0);
}
if (tp->t_outq.c_cc && (tp->t_state&TS_TTSTOP) == 0)
break;
}
Obtained from: partly from ancient patches of mine via 1.1.5 Introduce TS_CONNECTED and TS_ZOMBIE states. TS_CONNECTED is set while a connection is established. It is set while (TS_CARR_ON or CLOCAL is set) and TS_ZOMBIE is clear. TS_ZOMBIE is set for on to off transitions of TS_CARR_ON that occur when CLOCAL is clear and is cleared for off to on transitions of CLOCAL. I/o can only occur while TS_CONNECTED is set. TS_ZOMBIE prevents further i/o. Split the input-event sleep address TSA_CARR_ON(tp) into TSA_CARR_ON(tp) and TSA_HUP_OR_INPUT(tp). The former address is now used only for off to on carrier transitions and equivalent CLOCAL transitions. The latter is used for all input events, all carrier transitions and certain CLOCAL transitions. There are some harmless extra wakeups for rare connection- related events. Previously there were too many extra wakeups for non-rare input events. Drivers now call l_modem() instead of setting TS_CARR_ON directly to handle even the initial off to on transition of carrier. They should always have done this. l_modem() now handles TS_CONNECTED and TS_ZOMBIE as well as TS_CARR_ON. gnu/isdn/iitty.c: Set TS_CONNECTED for first open ourself to go with bogusly setting CLOCAL. i386/isa/syscons.c, i386/isa/pcvt/pcvt_drv.c: We fake carrier, so don't also fake CLOCAL. kern/tty.c: Testing TS_CONNECTED instead of TS_CARR_ON fixes TIOCCONS forgetting to test CLOCAL. TS_ISOPEN was tested instead, but that broke when we disabled the clearing of TS_ISOPEN for certain transitions of CLOCAL. Testing TS_CONNECTED fixes ttyselect() returning false success for output to devices in state !TS_CARR_ON && !CLOCAL. Optimize the other selwakeup() call (this is not related to the other changes). kern/tty_pty.c: ptcopen() can be declared in traditional C now that dev_t isn't short.
1995-07-31 21:02:00 +00:00
if ((tp->t_state & TS_CONNECTED) == 0)
1994-05-24 10:09:53 +00:00
return (0); /* EOF */
if (flag & O_NONBLOCK)
1994-05-24 10:09:53 +00:00
return (EWOULDBLOCK);
error = tsleep(TSA_PTC_READ(tp), TTIPRI | PCATCH, "ptcin", 0);
if (error)
1994-05-24 10:09:53 +00:00
return (error);
}
if (pt->pt_flags & (PF_PKT|PF_UCNTL))
1994-05-24 10:09:53 +00:00
error = ureadc(0, uio);
while (uio->uio_resid > 0 && error == 0) {
cc = q_to_b(&tp->t_outq, buf, min(uio->uio_resid, BUFSIZ));
if (cc <= 0)
break;
error = uiomove(buf, cc, uio);
}
ttwwakeup(tp);
1994-05-24 10:09:53 +00:00
return (error);
}
static void
2004-06-09 10:16:14 +00:00
ptsstop(struct tty *tp, int flush)
1994-05-24 10:09:53 +00:00
{
struct ptsc *pt = tp->t_sc;
1994-05-24 10:09:53 +00:00
int flag;
/* note: FLUSHREAD and FLUSHWRITE already ok */
if (flush == 0) {
flush = TIOCPKT_STOP;
pt->pt_flags |= PF_STOPPED;
1994-05-24 10:09:53 +00:00
} else
pt->pt_flags &= ~PF_STOPPED;
pt->pt_send |= flush;
1994-05-24 10:09:53 +00:00
/* change of perspective */
flag = 0;
if (flush & FREAD)
flag |= FWRITE;
if (flush & FWRITE)
flag |= FREAD;
ptcwakeup(tp, flag);
}
static int
ptcpoll(struct cdev *dev, int events, struct thread *td)
1994-05-24 10:09:53 +00:00
{
struct tty *tp = dev->si_tty;
struct ptsc *pt = dev->si_drv1;
int revents = 0;
1994-05-24 10:09:53 +00:00
int s;
Obtained from: partly from ancient patches of mine via 1.1.5 Introduce TS_CONNECTED and TS_ZOMBIE states. TS_CONNECTED is set while a connection is established. It is set while (TS_CARR_ON or CLOCAL is set) and TS_ZOMBIE is clear. TS_ZOMBIE is set for on to off transitions of TS_CARR_ON that occur when CLOCAL is clear and is cleared for off to on transitions of CLOCAL. I/o can only occur while TS_CONNECTED is set. TS_ZOMBIE prevents further i/o. Split the input-event sleep address TSA_CARR_ON(tp) into TSA_CARR_ON(tp) and TSA_HUP_OR_INPUT(tp). The former address is now used only for off to on carrier transitions and equivalent CLOCAL transitions. The latter is used for all input events, all carrier transitions and certain CLOCAL transitions. There are some harmless extra wakeups for rare connection- related events. Previously there were too many extra wakeups for non-rare input events. Drivers now call l_modem() instead of setting TS_CARR_ON directly to handle even the initial off to on transition of carrier. They should always have done this. l_modem() now handles TS_CONNECTED and TS_ZOMBIE as well as TS_CARR_ON. gnu/isdn/iitty.c: Set TS_CONNECTED for first open ourself to go with bogusly setting CLOCAL. i386/isa/syscons.c, i386/isa/pcvt/pcvt_drv.c: We fake carrier, so don't also fake CLOCAL. kern/tty.c: Testing TS_CONNECTED instead of TS_CARR_ON fixes TIOCCONS forgetting to test CLOCAL. TS_ISOPEN was tested instead, but that broke when we disabled the clearing of TS_ISOPEN for certain transitions of CLOCAL. Testing TS_CONNECTED fixes ttyselect() returning false success for output to devices in state !TS_CARR_ON && !CLOCAL. Optimize the other selwakeup() call (this is not related to the other changes). kern/tty_pty.c: ptcopen() can be declared in traditional C now that dev_t isn't short.
1995-07-31 21:02:00 +00:00
if ((tp->t_state & TS_CONNECTED) == 0)
return (events &
(POLLHUP | POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM));
1994-05-24 10:09:53 +00:00
/*
* Need to block timeouts (ttrstart).
*/
s = spltty();
if (events & (POLLIN | POLLRDNORM))
if ((tp->t_state & TS_ISOPEN) &&
((tp->t_outq.c_cc && (tp->t_state & TS_TTSTOP) == 0) ||
((pt->pt_flags & PF_PKT) && pt->pt_send) ||
((pt->pt_flags & PF_UCNTL) && pt->pt_ucntl)))
revents |= events & (POLLIN | POLLRDNORM);
if (events & (POLLOUT | POLLWRNORM))
if (tp->t_state & TS_ISOPEN &&
(((tp->t_rawq.c_cc + tp->t_canq.c_cc < TTYHOG - 2) ||
(tp->t_canq.c_cc == 0 && (tp->t_lflag & ICANON)))))
revents |= events & (POLLOUT | POLLWRNORM);
if (events & POLLHUP)
if ((tp->t_state & TS_CARR_ON) == 0)
revents |= POLLHUP;
if (revents == 0) {
if (events & (POLLIN | POLLRDNORM))
selrecord(td, &pt->pt_selr);
if (events & (POLLOUT | POLLWRNORM))
selrecord(td, &pt->pt_selw);
1994-05-24 10:09:53 +00:00
}
splx(s);
return (revents);
1994-05-24 10:09:53 +00:00
}
static int
ptcwrite(struct cdev *dev, struct uio *uio, int flag)
1994-05-24 10:09:53 +00:00
{
struct tty *tp = dev->si_tty;
u_char *cp = 0;
int cc = 0;
1994-05-24 10:09:53 +00:00
u_char locbuf[BUFSIZ];
int cnt = 0;
int error = 0;
again:
if ((tp->t_state&TS_ISOPEN) == 0)
goto block;
while (uio->uio_resid > 0 || cc > 0) {
1994-05-24 10:09:53 +00:00
if (cc == 0) {
cc = min(uio->uio_resid, BUFSIZ);
cp = locbuf;
error = uiomove(cp, cc, uio);
1994-05-24 10:09:53 +00:00
if (error)
return (error);
/* check again for safety */
if ((tp->t_state & TS_ISOPEN) == 0) {
/* adjust for data copied in but not written */
uio->uio_resid += cc;
1994-05-24 10:09:53 +00:00
return (EIO);
}
1994-05-24 10:09:53 +00:00
}
while (cc > 0) {
if ((tp->t_rawq.c_cc + tp->t_canq.c_cc) >= TTYHOG - 2 &&
(tp->t_canq.c_cc > 0 || !(tp->t_lflag&ICANON))) {
Obtained from: partly from ancient patches of mine via 1.1.5 Introduce TS_CONNECTED and TS_ZOMBIE states. TS_CONNECTED is set while a connection is established. It is set while (TS_CARR_ON or CLOCAL is set) and TS_ZOMBIE is clear. TS_ZOMBIE is set for on to off transitions of TS_CARR_ON that occur when CLOCAL is clear and is cleared for off to on transitions of CLOCAL. I/o can only occur while TS_CONNECTED is set. TS_ZOMBIE prevents further i/o. Split the input-event sleep address TSA_CARR_ON(tp) into TSA_CARR_ON(tp) and TSA_HUP_OR_INPUT(tp). The former address is now used only for off to on carrier transitions and equivalent CLOCAL transitions. The latter is used for all input events, all carrier transitions and certain CLOCAL transitions. There are some harmless extra wakeups for rare connection- related events. Previously there were too many extra wakeups for non-rare input events. Drivers now call l_modem() instead of setting TS_CARR_ON directly to handle even the initial off to on transition of carrier. They should always have done this. l_modem() now handles TS_CONNECTED and TS_ZOMBIE as well as TS_CARR_ON. gnu/isdn/iitty.c: Set TS_CONNECTED for first open ourself to go with bogusly setting CLOCAL. i386/isa/syscons.c, i386/isa/pcvt/pcvt_drv.c: We fake carrier, so don't also fake CLOCAL. kern/tty.c: Testing TS_CONNECTED instead of TS_CARR_ON fixes TIOCCONS forgetting to test CLOCAL. TS_ISOPEN was tested instead, but that broke when we disabled the clearing of TS_ISOPEN for certain transitions of CLOCAL. Testing TS_CONNECTED fixes ttyselect() returning false success for output to devices in state !TS_CARR_ON && !CLOCAL. Optimize the other selwakeup() call (this is not related to the other changes). kern/tty_pty.c: ptcopen() can be declared in traditional C now that dev_t isn't short.
1995-07-31 21:02:00 +00:00
wakeup(TSA_HUP_OR_INPUT(tp));
1994-05-24 10:09:53 +00:00
goto block;
}
ttyld_rint(tp, *cp++);
1994-05-24 10:09:53 +00:00
cnt++;
cc--;
}
cc = 0;
}
return (0);
block:
/*
* Come here to wait for slave to open, for space
* in outq, or space in rawq, or an empty canq.
1994-05-24 10:09:53 +00:00
*/
if ((tp->t_state & TS_CONNECTED) == 0) {
/* adjust for data copied in but not written */
uio->uio_resid += cc;
1994-05-24 10:09:53 +00:00
return (EIO);
}
if (flag & O_NONBLOCK) {
1994-05-24 10:09:53 +00:00
/* adjust for data copied in but not written */
uio->uio_resid += cc;
if (cnt == 0)
return (EWOULDBLOCK);
return (0);
}
error = tsleep(TSA_PTC_WRITE(tp), TTOPRI | PCATCH, "ptcout", 0);
if (error) {
1994-05-24 10:09:53 +00:00
/* adjust for data copied in but not written */
uio->uio_resid += cc;
return (error);
}
goto again;
}
/*ARGSUSED*/
static int
ptcioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td)
1994-05-24 10:09:53 +00:00
{
struct tty *tp = dev->si_tty;
struct ptsc *pt = dev->si_drv1;
#if defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD5) || \
defined(COMPAT_FREEBSD4) || defined(COMPAT_43)
int ival;
#endif
1994-05-24 10:09:53 +00:00
switch (cmd) {
case TIOCGPGRP:
/*
* We avoid calling ttioctl on the controller since,
* in that case, tp must be the controlling terminal.
*/
*(int *)data = tp->t_pgrp ? tp->t_pgrp->pg_id : 0;
return (0);
case TIOCPKT:
if (*(int *)data) {
if (pt->pt_flags & PF_UCNTL)
return (EINVAL);
pt->pt_flags |= PF_PKT;
} else
pt->pt_flags &= ~PF_PKT;
return (0);
case TIOCUCNTL:
if (*(int *)data) {
if (pt->pt_flags & PF_PKT)
return (EINVAL);
pt->pt_flags |= PF_UCNTL;
} else
pt->pt_flags &= ~PF_UCNTL;
return (0);
}
/*
* The rest of the ioctls shouldn't be called until
* the slave is open.
*/
if ((tp->t_state & TS_ISOPEN) == 0)
return (EAGAIN);
1994-05-24 10:09:53 +00:00
switch (cmd) {
#ifdef COMPAT_43TTY
case TIOCSETP:
case TIOCSETN:
1994-05-24 10:09:53 +00:00
#endif
case TIOCSETD:
case TIOCSETA:
case TIOCSETAW:
case TIOCSETAF:
/*
* IF CONTROLLER STTY THEN MUST FLUSH TO PREVENT A HANG.
* ttywflush(tp) will hang if there are characters in
* the outq.
*/
ndflush(&tp->t_outq, tp->t_outq.c_cc);
break;
#if defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD5) || \
defined(COMPAT_FREEBSD4) || defined(COMPAT_43)
case _IO('t', 95):
ival = IOCPARM_IVAL(data);
data = (caddr_t)&ival;
/* FALLTHROUGH */
#endif
case TIOCSIG:
if (*(unsigned int *)data >= NSIG ||
*(unsigned int *)data == 0)
return(EINVAL);
if ((tp->t_lflag&NOFLSH) == 0)
ttyflush(tp, FREAD|FWRITE);
if (tp->t_pgrp != NULL) {
PGRP_LOCK(tp->t_pgrp);
pgsignal(tp->t_pgrp, *(unsigned int *)data, 1);
PGRP_UNLOCK(tp->t_pgrp);
1994-05-24 10:09:53 +00:00
}
if ((*(unsigned int *)data == SIGINFO) &&
((tp->t_lflag&NOKERNINFO) == 0))
ttyinfo(tp);
return(0);
}
return (ptsioctl(dev, cmd, data, flag, td));
}
/*ARGSUSED*/
static int
ptsioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, struct thread *td)
{
struct tty *tp = dev->si_tty;
struct ptsc *pt = dev->si_drv1;
u_char *cc = tp->t_cc;
int stop, error;
if (cmd == TIOCEXT) {
/*
* When the EXTPROC bit is being toggled, we need
* to send an TIOCPKT_IOCTL if the packet driver
* is turned on.
*/
if (*(int *)data) {
if (pt->pt_flags & PF_PKT) {
pt->pt_send |= TIOCPKT_IOCTL;
ptcwakeup(tp, FREAD);
}
tp->t_lflag |= EXTPROC;
} else {
if ((tp->t_lflag & EXTPROC) &&
(pt->pt_flags & PF_PKT)) {
pt->pt_send |= TIOCPKT_IOCTL;
ptcwakeup(tp, FREAD);
}
tp->t_lflag &= ~EXTPROC;
}
return(0);
}
error = ttyioctl(dev, cmd, data, flag, td);
if (error == ENOTTY) {
if (pt->pt_flags & PF_UCNTL &&
1994-05-24 10:09:53 +00:00
(cmd & ~0xff) == UIOCCMD(0)) {
if (cmd & 0xff) {
pt->pt_ucntl = (u_char)cmd;
1994-05-24 10:09:53 +00:00
ptcwakeup(tp, FREAD);
}
return (0);
}
error = ENOTTY;
}
/*
* If external processing and packet mode send ioctl packet.
*/
if ((tp->t_lflag&EXTPROC) && (pt->pt_flags & PF_PKT)) {
1994-05-24 10:09:53 +00:00
switch(cmd) {
case TIOCSETA:
case TIOCSETAW:
case TIOCSETAF:
#ifdef COMPAT_43TTY
1994-05-24 10:09:53 +00:00
case TIOCSETP:
case TIOCSETN:
case TIOCSETC:
case TIOCSLTC:
case TIOCLBIS:
case TIOCLBIC:
case TIOCLSET:
#endif
pt->pt_send |= TIOCPKT_IOCTL;
1994-05-24 10:09:53 +00:00
ptcwakeup(tp, FREAD);
break;
1994-05-24 10:09:53 +00:00
default:
break;
}
}
1995-05-30 08:16:23 +00:00
stop = (tp->t_iflag & IXON) && CCEQ(cc[VSTOP], CTRL('s'))
1994-05-24 10:09:53 +00:00
&& CCEQ(cc[VSTART], CTRL('q'));
if (pt->pt_flags & PF_NOSTOP) {
1994-05-24 10:09:53 +00:00
if (stop) {
pt->pt_send &= ~TIOCPKT_NOSTOP;
pt->pt_send |= TIOCPKT_DOSTOP;
pt->pt_flags &= ~PF_NOSTOP;
1994-05-24 10:09:53 +00:00
ptcwakeup(tp, FREAD);
}
} else {
if (!stop) {
pt->pt_send &= ~TIOCPKT_DOSTOP;
pt->pt_send |= TIOCPKT_NOSTOP;
pt->pt_flags |= PF_NOSTOP;
1994-05-24 10:09:53 +00:00
ptcwakeup(tp, FREAD);
}
}
return (error);
}
static void
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
pty_clone(void *arg, struct ucred *cr, char *name, int namelen,
struct cdev **dev)
{
int u;
if (*dev != NULL)
return;
if (bcmp(name, "pty", 3) != 0)
return;
if (name[5] != '\0')
return;
switch (name[3]) {
case 'p': u = 0; break;
case 'q': u = 32; break;
case 'r': u = 64; break;
case 's': u = 96; break;
case 'P': u = 128; break;
case 'Q': u = 160; break;
case 'R': u = 192; break;
case 'S': u = 224; break;
default: return;
}
if (name[4] >= '0' && name[4] <= '9')
u += name[4] - '0';
else if (name[4] >= 'a' && name[4] <= 'v')
u += name[4] - 'a' + 10;
else
return;
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
*dev = make_dev_cred(&ptc_cdevsw, u, cr,
UID_ROOT, GID_WHEEL, 0666, "pty%c%r", names[u / 32], u % 32);
dev_ref(*dev);
(*dev)->si_flags |= SI_CHEAPCLONE;
return;
}
static void
2004-06-09 10:16:14 +00:00
ptc_drvinit(void *unused)
{
EVENTHANDLER_REGISTER(dev_clone, pty_clone, 0, 1000);
}
2005-02-27 22:02:03 +00:00
SYSINIT(ptcdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE,ptc_drvinit,NULL)