1/* 2 * Copyright (c) 1997-2010 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28/* 29 * Copyright (c) 1982, 1986, 1989, 1993 30 * The Regents of the University of California. All rights reserved. 31 * 32 * Redistribution and use in source and binary forms, with or without 33 * modification, are permitted provided that the following conditions 34 * are met: 35 * 1. Redistributions of source code must retain the above copyright 36 * notice, this list of conditions and the following disclaimer. 37 * 2. Redistributions in binary form must reproduce the above copyright 38 * notice, this list of conditions and the following disclaimer in the 39 * documentation and/or other materials provided with the distribution. 40 * 3. All advertising materials mentioning features or use of this software 41 * must display the following acknowledgement: 42 * This product includes software developed by the University of 43 * California, Berkeley and its contributors. 44 * 4. Neither the name of the University nor the names of its contributors 45 * may be used to endorse or promote products derived from this software 46 * without specific prior written permission. 47 * 48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 58 * SUCH DAMAGE. 59 * 60 * @(#)tty_pty.c 8.4 (Berkeley) 2/20/95 61 */ 62 63/* 64 * Pseudo-teletype Driver 65 * (Actually two drivers, requiring two entries in 'cdevsw') 66 */ 67#include "pty.h" /* XXX */ 68 69#include <sys/param.h> 70#include <sys/systm.h> 71#include <sys/ioctl.h> 72#include <sys/proc_internal.h> 73#include <sys/kauth.h> 74#include <sys/tty.h> 75#include <sys/conf.h> 76#include <sys/file_internal.h> 77#include <sys/uio_internal.h> 78#include <sys/kernel.h> 79#include <sys/vnode.h> 80#include <sys/vnode_internal.h> /* _devfs_setattr() */ 81#include <sys/stat.h> /* _devfs_setattr() */ 82#include <sys/user.h> 83#include <sys/signalvar.h> 84#include <sys/sysctl.h> 85#include <miscfs/devfs/devfs.h> 86#include <miscfs/devfs/devfsdefs.h> /* DEVFS_LOCK()/DEVFS_UNLOCK() */ 87 88/* XXX belongs in devfs somewhere - LATER */ 89int _devfs_setattr(void *, unsigned short, uid_t, gid_t); 90 91 92#define FREE_BSDSTATIC __private_extern__ 93#define d_devtotty_t struct tty ** 94 95/* 96 * Forward declarations 97 */ 98int ptmx_init(int n_ptys); 99static void ptsd_start(struct tty *tp); 100static void ptmx_wakeup(struct tty *tp, int flag); 101FREE_BSDSTATIC d_open_t ptsd_open; 102FREE_BSDSTATIC d_close_t ptsd_close; 103FREE_BSDSTATIC d_read_t ptsd_read; 104FREE_BSDSTATIC d_write_t ptsd_write; 105FREE_BSDSTATIC d_ioctl_t cptyioctl; /* common ioctl */ 106FREE_BSDSTATIC d_stop_t ptsd_stop; 107FREE_BSDSTATIC d_reset_t ptsd_reset; 108FREE_BSDSTATIC d_devtotty_t ptydevtotty; 109FREE_BSDSTATIC d_open_t ptmx_open; 110FREE_BSDSTATIC d_close_t ptmx_close; 111FREE_BSDSTATIC d_read_t ptmx_read; 112FREE_BSDSTATIC d_write_t ptmx_write; 113FREE_BSDSTATIC d_stop_t ptmx_stop; /* NO-OP */ 114FREE_BSDSTATIC d_reset_t ptmx_reset; 115FREE_BSDSTATIC d_select_t ptmx_select; 116FREE_BSDSTATIC d_select_t ptsd_select; 117 118static int ptmx_major; /* dynamically assigned major number */ 119static struct cdevsw ptmx_cdev = { 120 ptmx_open, ptmx_close, ptmx_read, ptmx_write, 121 cptyioctl, ptmx_stop, ptmx_reset, 0, 122 ptmx_select, eno_mmap, eno_strat, eno_getc, 123 eno_putc, D_TTY 124}; 125 126static int ptsd_major; /* dynamically assigned major number */ 127static struct cdevsw ptsd_cdev = { 128 ptsd_open, ptsd_close, ptsd_read, ptsd_write, 129 cptyioctl, ptsd_stop, ptsd_reset, 0, 130 ptsd_select, eno_mmap, eno_strat, eno_getc, 131 eno_putc, D_TTY 132}; 133 134/* 135 * XXX Should be devfs function... and use VATTR mechanisms, per 136 * XXX vnode_setattr2(); only we maybe can't really get back to the 137 * XXX vnode here for cloning devices (but it works for *cloned* devices 138 * XXX that are not themselves cloning). 139 * 140 * Returns: 0 Success 141 * namei:??? 142 * vnode_setattr:??? 143 */ 144int 145_devfs_setattr(void * handle, unsigned short mode, uid_t uid, gid_t gid) 146{ 147 devdirent_t *direntp = (devdirent_t *)handle; 148 devnode_t *devnodep; 149 int error = EACCES; 150 vfs_context_t ctx = vfs_context_current();; 151 struct vnode_attr va; 152 153 VATTR_INIT(&va); 154 VATTR_SET(&va, va_uid, uid); 155 VATTR_SET(&va, va_gid, gid); 156 VATTR_SET(&va, va_mode, mode & ALLPERMS); 157 158 /* 159 * If the TIOCPTYGRANT loses the race with the clone operation because 160 * this function is not part of devfs, and therefore can't take the 161 * devfs lock to protect the direntp update, then force user space to 162 * redrive the grant request. 163 */ 164 if (direntp == NULL || (devnodep = direntp->de_dnp) == NULL) { 165 error = ERESTART; 166 goto out; 167 } 168 169 /* 170 * Only do this if we are operating on device that doesn't clone 171 * each time it's referenced. We perform a lookup on the device 172 * to insure we get the right instance. We can't just use the call 173 * to devfs_dntovn() to get the vp for the operation, because 174 * dn_dvm may not have been initialized. 175 */ 176 if (devnodep->dn_clone == NULL) { 177 struct nameidata nd; 178 char name[128]; 179 180 snprintf(name, sizeof(name), "/dev/%s", direntp->de_name); 181 NDINIT(&nd, LOOKUP, OP_SETATTR, FOLLOW, UIO_SYSSPACE, CAST_USER_ADDR_T(name), ctx); 182 error = namei(&nd); 183 if (error) 184 goto out; 185 error = vnode_setattr(nd.ni_vp, &va, ctx); 186 vnode_put(nd.ni_vp); 187 nameidone(&nd); 188 goto out; 189 } 190 191out: 192 return(error); 193} 194 195 196 197#define BUFSIZ 100 /* Chunk size iomoved to/from user */ 198 199/* 200 * ptmx == /dev/ptmx 201 * ptsd == /dev/pts[0123456789]{3} 202 */ 203#define PTMX_TEMPLATE "ptmx" 204#define PTSD_TEMPLATE "ttys%03d" 205 206/* 207 * System-wide limit on the max number of cloned ptys 208 */ 209#define PTMX_MAX_DEFAULT 127 /* 128 entries */ 210#define PTMX_MAX_HARD 999 /* 1000 entries, due to PTSD_TEMPLATE */ 211 212static int ptmx_max = PTMX_MAX_DEFAULT; /* default # of clones we allow */ 213 214/* Range enforcement for the sysctl */ 215static int 216sysctl_ptmx_max(__unused struct sysctl_oid *oidp, __unused void *arg1, 217 __unused int arg2, struct sysctl_req *req) 218{ 219 int new_value, changed; 220 int error = sysctl_io_number(req, ptmx_max, sizeof(int), &new_value, &changed); 221 if (changed) { 222 if (new_value > 0 && new_value <= PTMX_MAX_HARD) 223 ptmx_max = new_value; 224 else 225 error = EINVAL; 226 } 227 return(error); 228} 229 230SYSCTL_NODE(_kern, KERN_TTY, tty, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "TTY"); 231SYSCTL_PROC(_kern_tty, OID_AUTO, ptmx_max, 232 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED, 233 &ptmx_max, 0, &sysctl_ptmx_max, "I", "ptmx_max"); 234 235 236/* 237 * ptmx_ioctl is a pointer to a list of pointers to tty structures which is 238 * grown, as necessary, copied, and replaced, but never shrunk. The ioctl 239 * structures themselves pointed to from this list come and go as needed. 240 */ 241struct ptmx_ioctl { 242 struct tty *pt_tty; /* pointer to ttymalloc()'ed data */ 243 int pt_flags; 244 struct selinfo pt_selr; 245 struct selinfo pt_selw; 246 u_char pt_send; 247 u_char pt_ucntl; 248 void *pt_devhandle; /* cloned slave device handle */ 249}; 250 251#define PF_PKT 0x0008 /* packet mode */ 252#define PF_STOPPED 0x0010 /* user told stopped */ 253#define PF_REMOTE 0x0020 /* remote and flow controlled input */ 254#define PF_NOSTOP 0x0040 255#define PF_UCNTL 0x0080 /* user control mode */ 256#define PF_UNLOCKED 0x0100 /* slave unlock (master open resets) */ 257#define PF_OPEN_M 0x0200 /* master is open */ 258#define PF_OPEN_S 0x0400 /* slave is open */ 259 260static int ptmx_clone(dev_t dev, int minor); 261 262/* 263 * Set of locks to keep the interaction between kevents and revoke 264 * from causing havoc. 265 */ 266 267#define LOG2_PTSD_KE_NLCK 2 268#define PTSD_KE_NLCK (1l << LOG2_PTSD_KE_NLCK) 269#define PTSD_KE_LOCK_INDEX(x) ((x) & (PTSD_KE_NLCK - 1)) 270 271static lck_mtx_t ptsd_kevent_lock[PTSD_KE_NLCK]; 272 273static void 274ptsd_kevent_lock_init(void) 275{ 276 int i; 277 lck_grp_t *lgrp = lck_grp_alloc_init("ptsd kevent", LCK_GRP_ATTR_NULL); 278 279 for (i = 0; i < PTSD_KE_NLCK; i++) 280 lck_mtx_init(&ptsd_kevent_lock[i], lgrp, LCK_ATTR_NULL); 281} 282 283static void 284ptsd_kevent_mtx_lock(int minor) 285{ 286 lck_mtx_lock(&ptsd_kevent_lock[PTSD_KE_LOCK_INDEX(minor)]); 287} 288 289static void 290ptsd_kevent_mtx_unlock(int minor) 291{ 292 lck_mtx_unlock(&ptsd_kevent_lock[PTSD_KE_LOCK_INDEX(minor)]); 293} 294 295int 296ptmx_init( __unused int config_count) 297{ 298 /* 299 * We start looking at slot 10, since there are inits that will 300 * stomp explicit slots (e.g. vndevice stomps 1) below that. 301 */ 302 303 /* Get a major number for /dev/ptmx */ 304 if((ptmx_major = cdevsw_add(-15, &ptmx_cdev)) == -1) { 305 printf("ptmx_init: failed to obtain /dev/ptmx major number\n"); 306 return (ENOENT); 307 } 308 309 if (cdevsw_setkqueueok(ptmx_major, &ptmx_cdev, 0) == -1) { 310 panic("Failed to set flags on ptmx cdevsw entry."); 311 } 312 313 /* Get a major number for /dev/pts/nnn */ 314 if ((ptsd_major = cdevsw_add(-15, &ptsd_cdev)) == -1) { 315 (void)cdevsw_remove(ptmx_major, &ptmx_cdev); 316 printf("ptmx_init: failed to obtain /dev/ptmx major number\n"); 317 return (ENOENT); 318 } 319 320 if (cdevsw_setkqueueok(ptsd_major, &ptsd_cdev, 0) == -1) { 321 panic("Failed to set flags on ptmx cdevsw entry."); 322 } 323 324 /* 325 * Locks to guard against races between revoke and kevents 326 */ 327 ptsd_kevent_lock_init(); 328 329 /* Create the /dev/ptmx device {<major>,0} */ 330 (void)devfs_make_node_clone(makedev(ptmx_major, 0), 331 DEVFS_CHAR, UID_ROOT, GID_TTY, 0666, 332 ptmx_clone, PTMX_TEMPLATE); 333 return (0); 334} 335 336 337static struct _ptmx_ioctl_state { 338 struct ptmx_ioctl **pis_ioctl_list; /* pointer vector */ 339 int pis_total; /* total slots */ 340 int pis_free; /* free slots */ 341} _state; 342#define PTMX_GROW_VECTOR 16 /* Grow by this many slots at a time */ 343 344/* 345 * Given a minor number, return the corresponding structure for that minor 346 * number. If there isn't one, and the create flag is specified, we create 347 * one if possible. 348 * 349 * Parameters: minor Minor number of ptmx device 350 * open_flag PF_OPEN_M First open of master 351 * PF_OPEN_S First open of slave 352 * 0 Just want ioctl struct 353 * 354 * Returns: NULL Did not exist/could not create 355 * !NULL structure corresponding minor number 356 * 357 * Locks: tty_lock() on ptmx_ioctl->pt_tty NOT held on entry or exit. 358 */ 359static struct ptmx_ioctl * 360ptmx_get_ioctl(int minor, int open_flag) 361{ 362 struct ptmx_ioctl *new_ptmx_ioctl; 363 364 if (open_flag & PF_OPEN_M) { 365 366 /* 367 * If we are about to allocate more memory, but we have 368 * already hit the administrative limit, then fail the 369 * operation. 370 * 371 * Note: Subtract free from total when making this 372 * check to allow unit increments, rather than 373 * snapping to the nearest PTMX_GROW_VECTOR... 374 */ 375 if ((_state.pis_total - _state.pis_free) >= ptmx_max) { 376 return (NULL); 377 } 378 379 MALLOC(new_ptmx_ioctl, struct ptmx_ioctl *, sizeof(struct ptmx_ioctl), M_TTYS, M_WAITOK|M_ZERO); 380 if (new_ptmx_ioctl == NULL) { 381 return (NULL); 382 } 383 384 if ((new_ptmx_ioctl->pt_tty = ttymalloc()) == NULL) { 385 FREE(new_ptmx_ioctl, M_TTYS); 386 return (NULL); 387 } 388 389 /* 390 * Hold the DEVFS_LOCK() over this whole operation; devfs 391 * itself does this over malloc/free as well, so this should 392 * be safe to do. We hold it longer than we want to, but 393 * doing so avoids a reallocation race on the minor number. 394 */ 395 DEVFS_LOCK(); 396 /* Need to allocate a larger vector? */ 397 if (_state.pis_free == 0) { 398 struct ptmx_ioctl **new_pis_ioctl_list; 399 struct ptmx_ioctl **old_pis_ioctl_list = NULL; 400 401 /* Yes. */ 402 MALLOC(new_pis_ioctl_list, struct ptmx_ioctl **, sizeof(struct ptmx_ioctl *) * (_state.pis_total + PTMX_GROW_VECTOR), M_TTYS, M_WAITOK|M_ZERO); 403 if (new_pis_ioctl_list == NULL) { 404 ttyfree(new_ptmx_ioctl->pt_tty); 405 DEVFS_UNLOCK(); 406 FREE(new_ptmx_ioctl, M_TTYS); 407 return (NULL); 408 } 409 410 /* If this is not the first time, copy the old over */ 411 bcopy(_state.pis_ioctl_list, new_pis_ioctl_list, sizeof(struct ptmx_ioctl *) * _state.pis_total); 412 old_pis_ioctl_list = _state.pis_ioctl_list; 413 _state.pis_ioctl_list = new_pis_ioctl_list; 414 _state.pis_free += PTMX_GROW_VECTOR; 415 _state.pis_total += PTMX_GROW_VECTOR; 416 if (old_pis_ioctl_list) 417 FREE(old_pis_ioctl_list, M_TTYS); 418 } 419 420 if (_state.pis_ioctl_list[minor] != NULL) { 421 ttyfree(new_ptmx_ioctl->pt_tty); 422 DEVFS_UNLOCK(); 423 FREE(new_ptmx_ioctl, M_TTYS); 424 425 /* Special error value so we know to redrive the open, we've been raced */ 426 return (struct ptmx_ioctl*)-1; 427 428 } 429 430 /* Vector is large enough; grab a new ptmx_ioctl */ 431 432 /* Now grab a free slot... */ 433 _state.pis_ioctl_list[minor] = new_ptmx_ioctl; 434 435 /* reduce free count */ 436 _state.pis_free--; 437 438 _state.pis_ioctl_list[minor]->pt_flags |= PF_OPEN_M; 439 DEVFS_UNLOCK(); 440 441 /* Create the /dev/ttysXXX device {<major>,XXX} */ 442 _state.pis_ioctl_list[minor]->pt_devhandle = devfs_make_node( 443 makedev(ptsd_major, minor), 444 DEVFS_CHAR, UID_ROOT, GID_TTY, 0620, 445 PTSD_TEMPLATE, minor); 446 if (_state.pis_ioctl_list[minor]->pt_devhandle == NULL) { 447 printf("devfs_make_node() call failed for ptmx_get_ioctl()!!!!\n"); 448 } 449 } else if (open_flag & PF_OPEN_S) { 450 DEVFS_LOCK(); 451 _state.pis_ioctl_list[minor]->pt_flags |= PF_OPEN_S; 452 DEVFS_UNLOCK(); 453 } 454 return (_state.pis_ioctl_list[minor]); 455} 456 457/* 458 * Locks: tty_lock() of old_ptmx_ioctl->pt_tty NOT held for this call. 459 */ 460static int 461ptmx_free_ioctl(int minor, int open_flag) 462{ 463 struct ptmx_ioctl *old_ptmx_ioctl = NULL; 464 465 DEVFS_LOCK(); 466 _state.pis_ioctl_list[minor]->pt_flags &= ~(open_flag); 467 468 /* 469 * Was this the last close? We will recognize it because we only get 470 * a notification on the last close of a device, and we will have 471 * cleared both the master and the slave open bits in the flags. 472 */ 473 if (!(_state.pis_ioctl_list[minor]->pt_flags & (PF_OPEN_M|PF_OPEN_S))) { 474 /* Mark as free so it can be reallocated later */ 475 old_ptmx_ioctl = _state.pis_ioctl_list[ minor]; 476 } 477 DEVFS_UNLOCK(); 478 479 /* Free old after dropping lock */ 480 if (old_ptmx_ioctl != NULL) { 481 /* 482 * XXX See <rdar://5348651> and <rdar://4854638> 483 * 484 * XXX Conditional to be removed when/if tty/pty reference 485 * XXX counting and mutex implemented. 486 */ 487 if (old_ptmx_ioctl->pt_devhandle != NULL) 488 devfs_remove(old_ptmx_ioctl->pt_devhandle); 489 ttyfree(old_ptmx_ioctl->pt_tty); 490 FREE(old_ptmx_ioctl, M_TTYS); 491 492 /* Don't remove the entry until the devfs slot is free */ 493 DEVFS_LOCK(); 494 _state.pis_ioctl_list[ minor] = NULL; 495 _state.pis_free++; 496 DEVFS_UNLOCK(); 497 } 498 499 return (0); /* Success */ 500} 501 502 503 504 505/* 506 * Given the dev entry that's being opened, we clone the device. This driver 507 * doesn't actually use the dev entry, since we alreaqdy know who we are by 508 * being called from this code. This routine is a callback registered from 509 * devfs_make_node_clone() in ptmx_init(); it's purpose is to provide a new 510 * minor number, or to return -1, if one can't be provided. 511 * 512 * Parameters: dev The device we are cloning from 513 * 514 * Returns: >= 0 A new minor device number 515 * -1 Error: ENOMEM ("Can't alloc device") 516 * 517 * NOTE: Called with DEVFS_LOCK() held 518 */ 519static int 520ptmx_clone(__unused dev_t dev, int action) 521{ 522 int i; 523 524 if (action == DEVFS_CLONE_ALLOC) { 525 /* First one */ 526 if (_state.pis_total == 0) 527 return (0); 528 529 /* 530 * Note: We can add hinting on free slots, if this linear search 531 * ends up being a performance bottleneck... 532 */ 533 for(i = 0; i < _state.pis_total; i++) { 534 if (_state.pis_ioctl_list[ i] == NULL) 535 break; 536 } 537 538 /* 539 * XXX We fall off the end here; if we did this twice at the 540 * XXX same time, we could return the same minor to two 541 * XXX callers; we should probably exand the pointer vector 542 * XXX here, but I need more information on the MALLOC/FREE 543 * XXX locking to ensure against a deadlock. Maybe we can 544 * XXX just high watermark it at 1/2 of PTMX_GROW_VECTOR? 545 * XXX That would require returning &minor as implict return 546 * XXX and an error code ("EAGAIN/ERESTART") or 0 as our 547 * XXX explicit return. 548 */ 549 550 return (i); /* empty slot or next slot */ 551 } 552 return(-1); 553} 554 555FREE_BSDSTATIC int 556ptsd_open(dev_t dev, int flag, __unused int devtype, __unused proc_t p) 557{ 558 struct tty *tp; 559 struct ptmx_ioctl *pti; 560 int error; 561 562 if ((pti = ptmx_get_ioctl(minor(dev), 0)) == NULL) { 563 return (ENXIO); 564 } 565 566 if (!(pti->pt_flags & PF_UNLOCKED)) { 567 return (EAGAIN); 568 } 569 570 tp = pti->pt_tty; 571 tty_lock(tp); 572 573 if ((tp->t_state & TS_ISOPEN) == 0) { 574 termioschars(&tp->t_termios); /* Set up default chars */ 575 tp->t_iflag = TTYDEF_IFLAG; 576 tp->t_oflag = TTYDEF_OFLAG; 577 tp->t_lflag = TTYDEF_LFLAG; 578 tp->t_cflag = TTYDEF_CFLAG; 579 tp->t_ispeed = tp->t_ospeed = TTYDEF_SPEED; 580 ttsetwater(tp); /* would be done in xxparam() */ 581 } else if (tp->t_state&TS_XCLUDE && suser(kauth_cred_get(), NULL)) { 582 error = EBUSY; 583 goto out; 584 } 585 if (tp->t_oproc) /* Ctrlr still around. */ 586 (void)(*linesw[tp->t_line].l_modem)(tp, 1); 587 while ((tp->t_state & TS_CARR_ON) == 0) { 588 if (flag&FNONBLOCK) 589 break; 590 error = ttysleep(tp, TSA_CARR_ON(tp), TTIPRI | PCATCH, 591 "ptsd_opn", 0); 592 if (error) 593 goto out; 594 } 595 error = (*linesw[tp->t_line].l_open)(dev, tp); 596 /* Successful open; mark as open by the slave */ 597 pti->pt_flags |= PF_OPEN_S; 598 CLR(tp->t_state, TS_IOCTL_NOT_OK); 599 if (error == 0) 600 ptmx_wakeup(tp, FREAD|FWRITE); 601out: 602 tty_unlock(tp); 603 return (error); 604} 605 606static void ptsd_revoke_knotes(dev_t, struct tty *); 607 608FREE_BSDSTATIC int 609ptsd_close(dev_t dev, int flag, __unused int mode, __unused proc_t p) 610{ 611 struct tty *tp; 612 struct ptmx_ioctl *pti; 613 int err; 614 615 /* 616 * This is temporary until the VSX conformance tests 617 * are fixed. They are hanging with a deadlock 618 * where close(ptsd) will not complete without t_timeout set 619 */ 620#define FIX_VSX_HANG 1 621#ifdef FIX_VSX_HANG 622 int save_timeout; 623#endif 624 pti = ptmx_get_ioctl(minor(dev), 0); 625 626 tp = pti->pt_tty; 627 tty_lock(tp); 628 629#ifdef FIX_VSX_HANG 630 save_timeout = tp->t_timeout; 631 tp->t_timeout = 60; 632#endif 633 err = (*linesw[tp->t_line].l_close)(tp, flag); 634 ptsd_stop(tp, FREAD|FWRITE); 635 (void) ttyclose(tp); 636#ifdef FIX_VSX_HANG 637 tp->t_timeout = save_timeout; 638#endif 639 tty_unlock(tp); 640 641 if ((flag & IO_REVOKE) == IO_REVOKE) 642 ptsd_revoke_knotes(dev, tp); 643 644 /* unconditional, just like ttyclose() */ 645 ptmx_free_ioctl(minor(dev), PF_OPEN_S); 646 647 return (err); 648} 649 650FREE_BSDSTATIC int 651ptsd_read(dev_t dev, struct uio *uio, int flag) 652{ 653 proc_t p = current_proc(); 654 655 struct tty *tp; 656 struct ptmx_ioctl *pti; 657 int error = 0; 658 struct uthread *ut; 659 struct pgrp * pg; 660 661 pti = ptmx_get_ioctl(minor(dev), 0); 662 663 tp = pti->pt_tty; 664 tty_lock(tp); 665 666 ut = (struct uthread *)get_bsdthread_info(current_thread()); 667again: 668 if (pti->pt_flags & PF_REMOTE) { 669 while (isbackground(p, tp)) { 670 if ((p->p_sigignore & sigmask(SIGTTIN)) || 671 (ut->uu_sigmask & sigmask(SIGTTIN)) || 672 p->p_lflag & P_LPPWAIT) { 673 error = EIO; 674 goto out; 675 } 676 pg = proc_pgrp(p); 677 if (pg == PGRP_NULL) { 678 error = EIO; 679 goto out; 680 } 681 /* 682 * SAFE: We about to drop the lock ourselves by 683 * SAFE: erroring out or sleeping anyway. 684 */ 685 tty_unlock(tp); 686 if (pg->pg_jobc == 0) { 687 pg_rele(pg); 688 tty_lock(tp); 689 error = EIO; 690 goto out; 691 } 692 pgsignal(pg, SIGTTIN, 1); 693 pg_rele(pg); 694 tty_lock(tp); 695 696 error = ttysleep(tp, &lbolt, TTIPRI | PCATCH | PTTYBLOCK, "ptsd_bg", 697 0); 698 if (error) 699 goto out; 700 } 701 if (tp->t_canq.c_cc == 0) { 702 if (flag & IO_NDELAY) { 703 error = EWOULDBLOCK; 704 goto out; 705 } 706 error = ttysleep(tp, TSA_PTS_READ(tp), TTIPRI | PCATCH, 707 "ptsd_in", 0); 708 if (error) 709 goto out; 710 goto again; 711 } 712 while (tp->t_canq.c_cc > 1 && uio_resid(uio) > 0) { 713 int cc; 714 char buf[BUFSIZ]; 715 716 cc = min(uio_resid(uio), BUFSIZ); 717 // Don't copy the very last byte 718 cc = min(cc, tp->t_canq.c_cc - 1); 719 cc = q_to_b(&tp->t_canq, (u_char *)buf, cc); 720 error = uiomove(buf, cc, uio); 721 if (error) 722 break; 723 } 724 if (tp->t_canq.c_cc == 1) 725 (void) getc(&tp->t_canq); 726 if (tp->t_canq.c_cc) 727 goto out; 728 } else 729 if (tp->t_oproc) 730 error = (*linesw[tp->t_line].l_read)(tp, uio, flag); 731 ptmx_wakeup(tp, FWRITE); 732out: 733 tty_unlock(tp); 734 return (error); 735} 736 737/* 738 * Write to pseudo-tty. 739 * Wakeups of controlling tty will happen 740 * indirectly, when tty driver calls ptsd_start. 741 */ 742FREE_BSDSTATIC int 743ptsd_write(dev_t dev, struct uio *uio, int flag) 744{ 745 struct tty *tp; 746 struct ptmx_ioctl *pti; 747 int error; 748 749 pti = ptmx_get_ioctl(minor(dev), 0); 750 751 tp = pti->pt_tty; 752 tty_lock(tp); 753 754 if (tp->t_oproc == 0) 755 error = EIO; 756 else 757 error = (*linesw[tp->t_line].l_write)(tp, uio, flag); 758 759 tty_unlock(tp); 760 return (error); 761} 762 763/* 764 * Start output on pseudo-tty. 765 * Wake up process selecting or sleeping for input from controlling tty. 766 * 767 * t_oproc for this driver; called from within the line discipline 768 * 769 * Locks: Assumes tp is locked on entry, remains locked on exit 770 */ 771static void 772ptsd_start(struct tty *tp) 773{ 774 struct ptmx_ioctl *pti; 775 776 pti = ptmx_get_ioctl(minor(tp->t_dev), 0); 777 778 if (tp->t_state & TS_TTSTOP) 779 goto out; 780 if (pti->pt_flags & PF_STOPPED) { 781 pti->pt_flags &= ~PF_STOPPED; 782 pti->pt_send = TIOCPKT_START; 783 } 784 ptmx_wakeup(tp, FREAD); 785out: 786 return; 787} 788 789/* 790 * Locks: Assumes tty_lock() is held over this call. 791 */ 792static void 793ptmx_wakeup(struct tty *tp, int flag) 794{ 795 struct ptmx_ioctl *pti; 796 797 pti = ptmx_get_ioctl(minor(tp->t_dev), 0); 798 799 if (flag & FREAD) { 800 selwakeup(&pti->pt_selr); 801 wakeup(TSA_PTC_READ(tp)); 802 } 803 if (flag & FWRITE) { 804 selwakeup(&pti->pt_selw); 805 wakeup(TSA_PTC_WRITE(tp)); 806 } 807} 808 809FREE_BSDSTATIC int 810ptmx_open(dev_t dev, __unused int flag, __unused int devtype, __unused proc_t p) 811{ 812 struct tty *tp; 813 struct ptmx_ioctl *pti; 814 int error = 0; 815 816 pti = ptmx_get_ioctl(minor(dev), PF_OPEN_M); 817 if (pti == NULL) { 818 return (ENXIO); 819 } else if (pti == (struct ptmx_ioctl*)-1) { 820 return (EREDRIVEOPEN); 821 } 822 823 tp = pti->pt_tty; 824 tty_lock(tp); 825 826 /* If master is open OR slave is still draining, pty is still busy */ 827 if (tp->t_oproc || (tp->t_state & TS_ISOPEN)) { 828 tty_unlock(tp); 829 /* 830 * If master is closed, we are the only reference, so we 831 * need to clear the master open bit 832 */ 833 if (!tp->t_oproc) 834 ptmx_free_ioctl(minor(dev), PF_OPEN_M); 835 error = EBUSY; 836 goto err; 837 } 838 tp->t_oproc = ptsd_start; 839 CLR(tp->t_state, TS_ZOMBIE); 840 SET(tp->t_state, TS_IOCTL_NOT_OK); 841#ifdef sun4c 842 tp->t_stop = ptsd_stop; 843#endif 844 (void)(*linesw[tp->t_line].l_modem)(tp, 1); 845 tp->t_lflag &= ~EXTPROC; 846 847 tty_unlock(tp); 848err: 849 return (error); 850} 851 852FREE_BSDSTATIC int 853ptmx_close(dev_t dev, __unused int flags, __unused int fmt, __unused proc_t p) 854{ 855 struct tty *tp; 856 struct ptmx_ioctl *pti; 857 858 pti = ptmx_get_ioctl(minor(dev), 0); 859 860 tp = pti->pt_tty; 861 tty_lock(tp); 862 863 (void)(*linesw[tp->t_line].l_modem)(tp, 0); 864 865 /* 866 * XXX MDMBUF makes no sense for ptys but would inhibit the above 867 * l_modem(). CLOCAL makes sense but isn't supported. Special 868 * l_modem()s that ignore carrier drop make no sense for ptys but 869 * may be in use because other parts of the line discipline make 870 * sense for ptys. Recover by doing everything that a normal 871 * ttymodem() would have done except for sending a SIGHUP. 872 */ 873 if (tp->t_state & TS_ISOPEN) { 874 tp->t_state &= ~(TS_CARR_ON | TS_CONNECTED); 875 tp->t_state |= TS_ZOMBIE; 876 ttyflush(tp, FREAD | FWRITE); 877 } 878 879 tp->t_oproc = 0; /* mark closed */ 880 881 tty_unlock(tp); 882 883 ptmx_free_ioctl(minor(dev), PF_OPEN_M); 884 885 return (0); 886} 887 888FREE_BSDSTATIC int 889ptmx_read(dev_t dev, struct uio *uio, int flag) 890{ 891 struct tty *tp; 892 struct ptmx_ioctl *pti; 893 char buf[BUFSIZ]; 894 int error = 0, cc; 895 896 pti = ptmx_get_ioctl(minor(dev), 0); 897 898 tp = pti->pt_tty; 899 tty_lock(tp); 900 901 /* 902 * We want to block until the slave 903 * is open, and there's something to read; 904 * but if we lost the slave or we're NBIO, 905 * then return the appropriate error instead. 906 */ 907 for (;;) { 908 if (tp->t_state&TS_ISOPEN) { 909 if (pti->pt_flags & PF_PKT && pti->pt_send) { 910 error = ureadc((int)pti->pt_send, uio); 911 if (error) 912 goto out; 913 if (pti->pt_send & TIOCPKT_IOCTL) { 914 cc = min(uio_resid(uio), 915 sizeof(tp->t_termios)); 916 uiomove((caddr_t)&tp->t_termios, cc, 917 uio); 918 } 919 pti->pt_send = 0; 920 goto out; 921 } 922 if (pti->pt_flags & PF_UCNTL && pti->pt_ucntl) { 923 error = ureadc((int)pti->pt_ucntl, uio); 924 if (error) 925 goto out; 926 pti->pt_ucntl = 0; 927 goto out; 928 } 929 if (tp->t_outq.c_cc && (tp->t_state&TS_TTSTOP) == 0) 930 break; 931 } 932 if ((tp->t_state & TS_CONNECTED) == 0) 933 goto out; /* EOF */ 934 if (flag & IO_NDELAY) { 935 error = EWOULDBLOCK; 936 goto out; 937 } 938 error = ttysleep(tp, TSA_PTC_READ(tp), TTIPRI | PCATCH, "ptmx_in", 0); 939 if (error) 940 goto out; 941 } 942 if (pti->pt_flags & (PF_PKT|PF_UCNTL)) 943 error = ureadc(0, uio); 944 while (uio_resid(uio) > 0 && error == 0) { 945 cc = q_to_b(&tp->t_outq, (u_char *)buf, min(uio_resid(uio), BUFSIZ)); 946 if (cc <= 0) 947 break; 948 error = uiomove(buf, cc, uio); 949 } 950 (*linesw[tp->t_line].l_start)(tp); 951 952out: 953 tty_unlock(tp); 954 return (error); 955} 956 957/* 958 * Line discipline callback 959 * 960 * Locks: tty_lock() is assumed held on entry and exit. 961 */ 962FREE_BSDSTATIC int 963ptsd_stop(struct tty *tp, int flush) 964{ 965 struct ptmx_ioctl *pti; 966 int flag; 967 968 pti = ptmx_get_ioctl(minor(tp->t_dev), 0); 969 970 /* note: FLUSHREAD and FLUSHWRITE already ok */ 971 if (flush == 0) { 972 flush = TIOCPKT_STOP; 973 pti->pt_flags |= PF_STOPPED; 974 } else 975 pti->pt_flags &= ~PF_STOPPED; 976 pti->pt_send |= flush; 977 /* change of perspective */ 978 flag = 0; 979 if (flush & FREAD) 980 flag |= FWRITE; 981 if (flush & FWRITE) 982 flag |= FREAD; 983 ptmx_wakeup(tp, flag); 984 985 return (0); 986} 987 988FREE_BSDSTATIC int 989ptsd_reset(__unused int uban) 990{ 991 return (0); 992} 993 994/* 995 * Reinput pending characters after state switch 996 * call at spltty(). 997 * 998 * XXX Code duplication: static function, should be inlined 999 */ 1000static void 1001ttypend(struct tty *tp) 1002{ 1003 struct clist tq; 1004 int c; 1005 1006 CLR(tp->t_lflag, PENDIN); 1007 SET(tp->t_state, TS_TYPEN); 1008 tq = tp->t_rawq; 1009 tp->t_rawq.c_cc = 0; 1010 tp->t_rawq.c_cf = tp->t_rawq.c_cl = 0; 1011 while ((c = getc(&tq)) >= 0) 1012 ttyinput(c, tp); 1013 CLR(tp->t_state, TS_TYPEN); 1014} 1015 1016/* 1017 * Must be called at spltty(). 1018 * 1019 * XXX Code duplication: static function, should be inlined 1020 */ 1021static int 1022ttnread(struct tty *tp) 1023{ 1024 int nread; 1025 1026 if (ISSET(tp->t_lflag, PENDIN)) 1027 ttypend(tp); 1028 nread = tp->t_canq.c_cc; 1029 if (!ISSET(tp->t_lflag, ICANON)) { 1030 nread += tp->t_rawq.c_cc; 1031 if (nread < tp->t_cc[VMIN] && tp->t_cc[VTIME] == 0) 1032 nread = 0; 1033 } 1034 return (nread); 1035} 1036 1037int 1038ptsd_select(dev_t dev, int rw, void *wql, proc_t p) 1039{ 1040 struct ptmx_ioctl *pti; 1041 struct tty *tp; 1042 int retval = 0; 1043 1044 pti = ptmx_get_ioctl(minor(dev), 0); 1045 1046 tp = pti->pt_tty; 1047 1048 if (tp == NULL) 1049 return (ENXIO); 1050 1051 tty_lock(tp); 1052 1053 switch (rw) { 1054 case FREAD: 1055 if (ISSET(tp->t_state, TS_ZOMBIE)) { 1056 retval = 1; 1057 break; 1058 } 1059 1060 retval = ttnread(tp); 1061 if (retval > 0) { 1062 break; 1063 } 1064 1065 selrecord(p, &tp->t_rsel, wql); 1066 break; 1067 case FWRITE: 1068 if (ISSET(tp->t_state, TS_ZOMBIE)) { 1069 retval = 1; 1070 break; 1071 } 1072 1073 if ((tp->t_outq.c_cc <= tp->t_lowat) && 1074 ISSET(tp->t_state, TS_CONNECTED)) { 1075 retval = tp->t_hiwat - tp->t_outq.c_cc; 1076 break; 1077 } 1078 1079 selrecord(p, &tp->t_wsel, wql); 1080 break; 1081 } 1082 1083 tty_unlock(tp); 1084 return (retval); 1085} 1086 1087FREE_BSDSTATIC int 1088ptmx_select(dev_t dev, int rw, void *wql, proc_t p) 1089{ 1090 struct tty *tp; 1091 struct ptmx_ioctl *pti; 1092 int retval = 0; 1093 1094 pti = ptmx_get_ioctl(minor(dev), 0); 1095 1096 tp = pti->pt_tty; 1097 tty_lock(tp); 1098 1099 if ((tp->t_state & TS_CONNECTED) == 0) { 1100 retval = 1; 1101 goto out; 1102 } 1103 switch (rw) { 1104 case FREAD: 1105 /* 1106 * Need to block timeouts (ttrstart). 1107 */ 1108 if ((tp->t_state&TS_ISOPEN) && 1109 tp->t_outq.c_cc && (tp->t_state&TS_TTSTOP) == 0) { 1110 retval = tp->t_outq.c_cc; 1111 break; 1112 } 1113 /* FALLTHROUGH */ 1114 1115 case 0: /* exceptional */ 1116 if ((tp->t_state&TS_ISOPEN) && 1117 ((pti->pt_flags & PF_PKT && pti->pt_send) || 1118 (pti->pt_flags & PF_UCNTL && pti->pt_ucntl))) { 1119 retval = 1; 1120 break; 1121 } 1122 selrecord(p, &pti->pt_selr, wql); 1123 break; 1124 1125 case FWRITE: 1126 if (tp->t_state&TS_ISOPEN) { 1127 if (pti->pt_flags & PF_REMOTE) { 1128 if (tp->t_canq.c_cc == 0) { 1129 retval = (TTYHOG -1) ; 1130 break; 1131 } 1132 } else { 1133 retval = (TTYHOG - 2) - (tp->t_rawq.c_cc + tp->t_canq.c_cc); 1134 if (retval > 0) { 1135 break; 1136 } 1137 if (tp->t_canq.c_cc == 0 && (tp->t_lflag&ICANON)) { 1138 retval = 1; 1139 break; 1140 } 1141 retval = 0; 1142 } 1143 } 1144 selrecord(p, &pti->pt_selw, wql); 1145 break; 1146 1147 } 1148out: 1149 tty_unlock(tp); 1150 return (retval); 1151} 1152 1153FREE_BSDSTATIC int 1154ptmx_stop(__unused struct tty *tp, __unused int flush) 1155{ 1156 return (0); 1157} 1158 1159FREE_BSDSTATIC int 1160ptmx_reset(__unused int uban) 1161{ 1162 return (0); 1163} 1164 1165FREE_BSDSTATIC int 1166ptmx_write(dev_t dev, struct uio *uio, int flag) 1167{ 1168 struct tty *tp; 1169 struct ptmx_ioctl *pti; 1170 u_char *cp = NULL; 1171 int cc = 0; 1172 u_char locbuf[BUFSIZ]; 1173 int wcnt = 0; 1174 int error = 0; 1175 1176 pti = ptmx_get_ioctl(minor(dev), 0); 1177 1178 tp = pti->pt_tty; 1179 tty_lock(tp); 1180 1181again: 1182 if ((tp->t_state&TS_ISOPEN) == 0) 1183 goto block; 1184 if (pti->pt_flags & PF_REMOTE) { 1185 if (tp->t_canq.c_cc) 1186 goto block; 1187 while ((uio_resid(uio) > 0 || cc > 0) && 1188 tp->t_canq.c_cc < TTYHOG - 1) { 1189 if (cc == 0) { 1190 cc = min(uio_resid(uio), BUFSIZ); 1191 cc = min(cc, TTYHOG - 1 - tp->t_canq.c_cc); 1192 cp = locbuf; 1193 error = uiomove((caddr_t)cp, cc, uio); 1194 if (error) 1195 goto out; 1196 /* check again for safety */ 1197 if ((tp->t_state & TS_ISOPEN) == 0) { 1198 /* adjust as usual */ 1199 uio_setresid(uio, (uio_resid(uio) + cc)); 1200 error = EIO; 1201 goto out; 1202 } 1203 } 1204 if (cc > 0) { 1205 cc = b_to_q((u_char *)cp, cc, &tp->t_canq); 1206 /* 1207 * XXX we don't guarantee that the canq size 1208 * is >= TTYHOG, so the above b_to_q() may 1209 * leave some bytes uncopied. However, space 1210 * is guaranteed for the null terminator if 1211 * we don't fail here since (TTYHOG - 1) is 1212 * not a multiple of CBSIZE. 1213 */ 1214 if (cc > 0) 1215 break; 1216 } 1217 } 1218 /* adjust for data copied in but not written */ 1219 uio_setresid(uio, (uio_resid(uio) + cc)); 1220 (void) putc(0, &tp->t_canq); 1221 ttwakeup(tp); 1222 wakeup(TSA_PTS_READ(tp)); 1223 goto out; 1224 } 1225 while (uio_resid(uio) > 0 || cc > 0) { 1226 if (cc == 0) { 1227 cc = min(uio_resid(uio), BUFSIZ); 1228 cp = locbuf; 1229 error = uiomove((caddr_t)cp, cc, uio); 1230 if (error) 1231 goto out; 1232 /* check again for safety */ 1233 if ((tp->t_state & TS_ISOPEN) == 0) { 1234 /* adjust for data copied in but not written */ 1235 uio_setresid(uio, (uio_resid(uio) + cc)); 1236 error = EIO; 1237 goto out; 1238 } 1239 } 1240 while (cc > 0) { 1241 if ((tp->t_rawq.c_cc + tp->t_canq.c_cc) >= TTYHOG - 2 && 1242 (tp->t_canq.c_cc > 0 || !(tp->t_lflag&ICANON))) { 1243 wakeup(TSA_HUP_OR_INPUT(tp)); 1244 goto block; 1245 } 1246 (*linesw[tp->t_line].l_rint)(*cp++, tp); 1247 wcnt++; 1248 cc--; 1249 } 1250 cc = 0; 1251 } 1252 1253out: 1254 tty_unlock(tp); 1255 return (error); 1256 1257block: 1258 /* 1259 * Come here to wait for slave to open, for space 1260 * in outq, or space in rawq, or an empty canq. 1261 */ 1262 if ((tp->t_state & TS_CONNECTED) == 0) { 1263 /* adjust for data copied in but not written */ 1264 uio_setresid(uio, (uio_resid(uio) + cc)); 1265 error = EIO; 1266 goto out; 1267 } 1268 if (flag & IO_NDELAY) { 1269 /* adjust for data copied in but not written */ 1270 uio_setresid(uio, (uio_resid(uio) + cc)); 1271 if (wcnt == 0) 1272 error = EWOULDBLOCK; 1273 goto out; 1274 } 1275 error = ttysleep(tp, TSA_PTC_WRITE(tp), TTOPRI | PCATCH, "ptmx_out", 0); 1276 if (error) { 1277 /* adjust for data copied in but not written */ 1278 uio_setresid(uio, (uio_resid(uio) + cc)); 1279 goto out; 1280 } 1281 goto again; 1282} 1283 1284 1285FREE_BSDSTATIC int 1286cptyioctl(dev_t dev, u_long cmd, caddr_t data, int flag, proc_t p) 1287{ 1288 struct tty *tp; 1289 struct ptmx_ioctl *pti; 1290 u_char *cc; 1291 int stop, error = 0; 1292 int allow_ext_ioctl = 1; 1293 1294 pti = ptmx_get_ioctl(minor(dev), 0); 1295 1296 tp = pti->pt_tty; 1297 tty_lock(tp); 1298 1299 cc = tp->t_cc; 1300 1301 /* 1302 * Do not permit extended ioctls on the master side of the pty unless 1303 * the slave side has been successfully opened and initialized. 1304 */ 1305 if (cdevsw[major(dev)].d_open == ptmx_open && ISSET(tp->t_state, TS_IOCTL_NOT_OK)) 1306 allow_ext_ioctl = 0; 1307 1308 /* 1309 * IF CONTROLLER STTY THEN MUST FLUSH TO PREVENT A HANG. 1310 * ttywflush(tp) will hang if there are characters in the outq. 1311 */ 1312 if (cmd == TIOCEXT && allow_ext_ioctl) { 1313 /* 1314 * When the EXTPROC bit is being toggled, we need 1315 * to send an TIOCPKT_IOCTL if the packet driver 1316 * is turned on. 1317 */ 1318 if (*(int *)data) { 1319 if (pti->pt_flags & PF_PKT) { 1320 pti->pt_send |= TIOCPKT_IOCTL; 1321 ptmx_wakeup(tp, FREAD); 1322 } 1323 tp->t_lflag |= EXTPROC; 1324 } else { 1325 if ((tp->t_lflag & EXTPROC) && 1326 (pti->pt_flags & PF_PKT)) { 1327 pti->pt_send |= TIOCPKT_IOCTL; 1328 ptmx_wakeup(tp, FREAD); 1329 } 1330 tp->t_lflag &= ~EXTPROC; 1331 } 1332 goto out; 1333 } else 1334 if (cdevsw[major(dev)].d_open == ptmx_open) { 1335 switch (cmd) { 1336 1337 case TIOCGPGRP: 1338 /* 1339 * We aviod calling ttioctl on the controller since, 1340 * in that case, tp must be the controlling terminal. 1341 */ 1342 *(int *)data = tp->t_pgrp ? tp->t_pgrp->pg_id : 0; 1343 goto out; 1344 1345 case TIOCPKT: 1346 if (*(int *)data) { 1347 if (pti->pt_flags & PF_UCNTL) { 1348 error = EINVAL; 1349 goto out; 1350 } 1351 pti->pt_flags |= PF_PKT; 1352 } else 1353 pti->pt_flags &= ~PF_PKT; 1354 goto out; 1355 1356 case TIOCUCNTL: 1357 if (*(int *)data) { 1358 if (pti->pt_flags & PF_PKT) { 1359 error = EINVAL; 1360 goto out; 1361 } 1362 pti->pt_flags |= PF_UCNTL; 1363 } else 1364 pti->pt_flags &= ~PF_UCNTL; 1365 goto out; 1366 1367 case TIOCREMOTE: 1368 if (*(int *)data) 1369 pti->pt_flags |= PF_REMOTE; 1370 else 1371 pti->pt_flags &= ~PF_REMOTE; 1372 ttyflush(tp, FREAD|FWRITE); 1373 goto out; 1374 1375 case TIOCSETP: 1376 case TIOCSETN: 1377 case TIOCSETD: 1378 case TIOCSETA_32: 1379 case TIOCSETAW_32: 1380 case TIOCSETAF_32: 1381 case TIOCSETA_64: 1382 case TIOCSETAW_64: 1383 case TIOCSETAF_64: 1384 ndflush(&tp->t_outq, tp->t_outq.c_cc); 1385 break; 1386 1387 case TIOCSIG: 1388 if (*(unsigned int *)data >= NSIG || 1389 *(unsigned int *)data == 0) { 1390 error = EINVAL; 1391 goto out; 1392 } 1393 if ((tp->t_lflag&NOFLSH) == 0) 1394 ttyflush(tp, FREAD|FWRITE); 1395 if ((*(unsigned int *)data == SIGINFO) && 1396 ((tp->t_lflag&NOKERNINFO) == 0)) 1397 ttyinfo_locked(tp); 1398 /* 1399 * SAFE: All callers drop the lock on return and 1400 * SAFE: the linesw[] will short circut this call 1401 * SAFE: if the ioctl() is eaten before the lower 1402 * SAFE: level code gets to see it. 1403 */ 1404 tty_unlock(tp); 1405 tty_pgsignal(tp, *(unsigned int *)data, 1); 1406 tty_lock(tp); 1407 goto out; 1408 1409 case TIOCPTYGRANT: /* grantpt(3) */ 1410 /* 1411 * Change the uid of the slave to that of the calling 1412 * thread, change the gid of the slave to GID_TTY, 1413 * change the mode to 0620 (rw--w----). 1414 */ 1415 { 1416 error = _devfs_setattr(pti->pt_devhandle, 0620, kauth_getuid(), GID_TTY); 1417 goto out; 1418 } 1419 1420 case TIOCPTYGNAME: /* ptsname(3) */ 1421 /* 1422 * Report the name of the slave device in *data 1423 * (128 bytes max.). Use the same template string 1424 * used for calling devfs_make_node() to create it. 1425 */ 1426 snprintf(data, 128, "/dev/" PTSD_TEMPLATE, minor(dev)); 1427 error = 0; 1428 goto out; 1429 1430 case TIOCPTYUNLK: /* unlockpt(3) */ 1431 /* 1432 * Unlock the slave device so that it can be opened. 1433 */ 1434 pti->pt_flags |= PF_UNLOCKED; 1435 error = 0; 1436 goto out; 1437 } 1438 1439 /* 1440 * Fail all other calls; pty masters are not serial devices; 1441 * we only pretend they are when the slave side of the pty is 1442 * already open. 1443 */ 1444 if (!allow_ext_ioctl) { 1445 error = ENOTTY; 1446 goto out; 1447 } 1448 } 1449 error = (*linesw[tp->t_line].l_ioctl)(tp, cmd, data, flag, p); 1450 if (error == ENOTTY) { 1451 error = ttioctl_locked(tp, cmd, data, flag, p); 1452 if (error == ENOTTY) { 1453 if (pti->pt_flags & PF_UCNTL && (cmd & ~0xff) == UIOCCMD(0)) { 1454 /* Process the UIOCMD ioctl group */ 1455 if (cmd & 0xff) { 1456 pti->pt_ucntl = (u_char)cmd; 1457 ptmx_wakeup(tp, FREAD); 1458 } 1459 error = 0; 1460 goto out; 1461 } else if (cmd == TIOCSBRK || cmd == TIOCCBRK) { 1462 /* 1463 * POSIX conformance; rdar://3936338 1464 * 1465 * Clear ENOTTY in the case of setting or 1466 * clearing a break failing because pty's 1467 * don't support break like real serial 1468 * ports. 1469 */ 1470 error = 0; 1471 goto out; 1472 } 1473 } 1474 } 1475 1476 /* 1477 * If external processing and packet mode send ioctl packet. 1478 */ 1479 if ((tp->t_lflag&EXTPROC) && (pti->pt_flags & PF_PKT)) { 1480 switch(cmd) { 1481 case TIOCSETA_32: 1482 case TIOCSETAW_32: 1483 case TIOCSETAF_32: 1484 case TIOCSETA_64: 1485 case TIOCSETAW_64: 1486 case TIOCSETAF_64: 1487 case TIOCSETP: 1488 case TIOCSETN: 1489 case TIOCSETC: 1490 case TIOCSLTC: 1491 case TIOCLBIS: 1492 case TIOCLBIC: 1493 case TIOCLSET: 1494 pti->pt_send |= TIOCPKT_IOCTL; 1495 ptmx_wakeup(tp, FREAD); 1496 default: 1497 break; 1498 } 1499 } 1500 stop = (tp->t_iflag & IXON) && CCEQ(cc[VSTOP], CTRL('s')) 1501 && CCEQ(cc[VSTART], CTRL('q')); 1502 if (pti->pt_flags & PF_NOSTOP) { 1503 if (stop) { 1504 pti->pt_send &= ~TIOCPKT_NOSTOP; 1505 pti->pt_send |= TIOCPKT_DOSTOP; 1506 pti->pt_flags &= ~PF_NOSTOP; 1507 ptmx_wakeup(tp, FREAD); 1508 } 1509 } else { 1510 if (!stop) { 1511 pti->pt_send &= ~TIOCPKT_DOSTOP; 1512 pti->pt_send |= TIOCPKT_NOSTOP; 1513 pti->pt_flags |= PF_NOSTOP; 1514 ptmx_wakeup(tp, FREAD); 1515 } 1516 } 1517out: 1518 tty_unlock(tp); 1519 return (error); 1520} 1521 1522/* 1523 * kqueue support. 1524 */ 1525int ptsd_kqfilter(dev_t, struct knote *); 1526static void ptsd_kqops_detach(struct knote *); 1527static int ptsd_kqops_event(struct knote *, long); 1528 1529static struct filterops ptsd_kqops = { 1530 .f_isfd = 1, 1531 .f_detach = ptsd_kqops_detach, 1532 .f_event = ptsd_kqops_event, 1533}; 1534 1535#define PTSD_KNOTE_VALID NULL 1536#define PTSD_KNOTE_REVOKED ((void *)-911l) 1537 1538/* 1539 * In the normal case, by the time the driver_close() routine is called 1540 * on the slave, all knotes have been detached. However in the revoke(2) 1541 * case, the driver's close routine is called while there are knotes active 1542 * that reference the handlers below. And we have no obvious means to 1543 * reach from the driver out to the kqueue's that reference them to get 1544 * them to stop. 1545 */ 1546 1547static void 1548ptsd_kqops_detach(struct knote *kn) 1549{ 1550 struct ptmx_ioctl *pti; 1551 struct tty *tp; 1552 dev_t dev, lockdev = (dev_t)kn->kn_hookid; 1553 1554 ptsd_kevent_mtx_lock(minor(lockdev)); 1555 1556 if ((dev = (dev_t)kn->kn_hookid) != 0) { 1557 pti = ptmx_get_ioctl(minor(dev), 0); 1558 if (pti != NULL && (tp = pti->pt_tty) != NULL) { 1559 tty_lock(tp); 1560 if (kn->kn_filter == EVFILT_READ) 1561 KNOTE_DETACH(&tp->t_rsel.si_note, kn); 1562 else 1563 KNOTE_DETACH(&tp->t_wsel.si_note, kn); 1564 tty_unlock(tp); 1565 kn->kn_hookid = 0; 1566 } 1567 } 1568 1569 ptsd_kevent_mtx_unlock(minor(lockdev)); 1570} 1571 1572static int 1573ptsd_kqops_event(struct knote *kn, long hint) 1574{ 1575 struct ptmx_ioctl *pti; 1576 struct tty *tp; 1577 dev_t dev = (dev_t)kn->kn_hookid; 1578 int retval = 0; 1579 1580 ptsd_kevent_mtx_lock(minor(dev)); 1581 1582 do { 1583 if (kn->kn_hook != PTSD_KNOTE_VALID ) { 1584 /* We were revoked */ 1585 kn->kn_data = 0; 1586 kn->kn_flags |= EV_EOF; 1587 retval = 1; 1588 break; 1589 } 1590 1591 pti = ptmx_get_ioctl(minor(dev), 0); 1592 if (pti == NULL || (tp = pti->pt_tty) == NULL) { 1593 kn->kn_data = ENXIO; 1594 kn->kn_flags |= EV_ERROR; 1595 retval = 1; 1596 break; 1597 } 1598 1599 if (hint == 0) 1600 tty_lock(tp); 1601 1602 if (kn->kn_filter == EVFILT_READ) { 1603 kn->kn_data = ttnread(tp); 1604 if (kn->kn_data > 0) 1605 retval = 1; 1606 if (ISSET(tp->t_state, TS_ZOMBIE)) { 1607 kn->kn_flags |= EV_EOF; 1608 retval = 1; 1609 } 1610 } else { /* EVFILT_WRITE */ 1611 if ((tp->t_outq.c_cc <= tp->t_lowat) && 1612 ISSET(tp->t_state, TS_CONNECTED)) { 1613 kn->kn_data = tp->t_outq.c_cn - tp->t_outq.c_cc; 1614 retval = 1; 1615 } 1616 if (ISSET(tp->t_state, TS_ZOMBIE)) { 1617 kn->kn_flags |= EV_EOF; 1618 retval = 1; 1619 } 1620 } 1621 1622 if (hint == 0) 1623 tty_unlock(tp); 1624 } while (0); 1625 1626 ptsd_kevent_mtx_unlock(minor(dev)); 1627 1628 return (retval); 1629} 1630int 1631ptsd_kqfilter(dev_t dev, struct knote *kn) 1632{ 1633 struct tty *tp = NULL; 1634 struct ptmx_ioctl *pti = NULL; 1635 int retval = 0; 1636 1637 /* make sure we're talking about the right device type */ 1638 if (cdevsw[major(dev)].d_open != ptsd_open) { 1639 return (EINVAL); 1640 } 1641 1642 if ((pti = ptmx_get_ioctl(minor(dev), 0)) == NULL) { 1643 return (ENXIO); 1644 } 1645 1646 tp = pti->pt_tty; 1647 tty_lock(tp); 1648 1649 kn->kn_hookid = dev; 1650 kn->kn_hook = PTSD_KNOTE_VALID; 1651 kn->kn_fop = &ptsd_kqops; 1652 1653 switch (kn->kn_filter) { 1654 case EVFILT_READ: 1655 KNOTE_ATTACH(&tp->t_rsel.si_note, kn); 1656 break; 1657 case EVFILT_WRITE: 1658 KNOTE_ATTACH(&tp->t_wsel.si_note, kn); 1659 break; 1660 default: 1661 retval = EINVAL; 1662 break; 1663 } 1664 1665 tty_unlock(tp); 1666 return (retval); 1667} 1668 1669/* 1670 * Support for revoke(2). 1671 * 1672 * Mark all the kn_hook fields so that future invocations of the 1673 * f_event op will just say "EOF" *without* looking at the 1674 * ptmx_ioctl structure (which may disappear or be recycled at 1675 * the end of ptsd_close). Issue wakeups to post that EOF to 1676 * anyone listening. And finally remove the knotes from the 1677 * tty's klists to keep ttyclose() happy, and set the hookid to 1678 * zero to make the final detach passively successful. 1679 */ 1680static void 1681ptsd_revoke_knotes(dev_t dev, struct tty *tp) 1682{ 1683 struct klist *list; 1684 struct knote *kn, *tkn; 1685 1686 /* (Hold and drop the right locks in the right order.) */ 1687 1688 ptsd_kevent_mtx_lock(minor(dev)); 1689 tty_lock(tp); 1690 1691 list = &tp->t_rsel.si_note; 1692 SLIST_FOREACH(kn, list, kn_selnext) 1693 kn->kn_hook = PTSD_KNOTE_REVOKED; 1694 1695 list = &tp->t_wsel.si_note; 1696 SLIST_FOREACH(kn, list, kn_selnext) 1697 kn->kn_hook = PTSD_KNOTE_REVOKED; 1698 1699 tty_unlock(tp); 1700 ptsd_kevent_mtx_unlock(minor(dev)); 1701 1702 tty_lock(tp); 1703 ttwakeup(tp); 1704 ttwwakeup(tp); 1705 tty_unlock(tp); 1706 1707 ptsd_kevent_mtx_lock(minor(dev)); 1708 tty_lock(tp); 1709 1710 list = &tp->t_rsel.si_note; 1711 SLIST_FOREACH_SAFE(kn, list, kn_selnext, tkn) { 1712 (void) KNOTE_DETACH(list, kn); 1713 kn->kn_hookid = 0; 1714 } 1715 1716 list = &tp->t_wsel.si_note; 1717 SLIST_FOREACH_SAFE(kn, list, kn_selnext, tkn) { 1718 (void) KNOTE_DETACH(list, kn); 1719 kn->kn_hookid = 0; 1720 } 1721 1722 tty_unlock(tp); 1723 ptsd_kevent_mtx_unlock(minor(dev)); 1724} 1725