1 /* -*- linux-c -*- --------------------------------------------------------- *
2 *
3 * linux/fs/devpts/inode.c
4 *
5 * Copyright 1998-2004 H. Peter Anvin -- All Rights Reserved
6 *
7 * This file is part of the Linux kernel and is made available under
8 * the terms of the GNU General Public License, version 2, or at your
9 * option, any later version, incorporated herein by reference.
10 *
11 * ------------------------------------------------------------------------- */
12
13 #include <linux/module.h>
14 #include <linux/init.h>
15 #include <linux/fs.h>
16 #include <linux/sched.h>
17 #include <linux/namei.h>
18 #include <linux/slab.h>
19 #include <linux/mount.h>
20 #include <linux/tty.h>
21 #include <linux/mutex.h>
22 #include <linux/magic.h>
23 #include <linux/idr.h>
24 #include <linux/devpts_fs.h>
25 #include <linux/parser.h>
26 #include <linux/fsnotify.h>
27 #include <linux/seq_file.h>
28
29 #define DEVPTS_DEFAULT_MODE 0600
30 /*
31 * ptmx is a new node in /dev/pts and will be unused in legacy (single-
32 * instance) mode. To prevent surprises in user space, set permissions of
33 * ptmx to 0. Use 'chmod' or remount with '-o ptmxmode' to set meaningful
34 * permissions.
35 */
36 #define DEVPTS_DEFAULT_PTMX_MODE 0000
37 #define PTMX_MINOR 2
38
39 /*
40 * sysctl support for setting limits on the number of Unix98 ptys allocated.
41 * Otherwise one can eat up all kernel memory by opening /dev/ptmx repeatedly.
42 */
43 static int pty_limit = NR_UNIX98_PTY_DEFAULT;
44 static int pty_reserve = NR_UNIX98_PTY_RESERVE;
45 static int pty_limit_min;
46 static int pty_limit_max = INT_MAX;
47 static int pty_count;
48
49 static struct ctl_table pty_table[] = {
50 {
51 .procname = "max",
52 .maxlen = sizeof(int),
53 .mode = 0644,
54 .data = &pty_limit,
55 .proc_handler = proc_dointvec_minmax,
56 .extra1 = &pty_limit_min,
57 .extra2 = &pty_limit_max,
58 }, {
59 .procname = "reserve",
60 .maxlen = sizeof(int),
61 .mode = 0644,
62 .data = &pty_reserve,
63 .proc_handler = proc_dointvec_minmax,
64 .extra1 = &pty_limit_min,
65 .extra2 = &pty_limit_max,
66 }, {
67 .procname = "nr",
68 .maxlen = sizeof(int),
69 .mode = 0444,
70 .data = &pty_count,
71 .proc_handler = proc_dointvec,
72 },
73 {}
74 };
75
76 static struct ctl_table pty_kern_table[] = {
77 {
78 .procname = "pty",
79 .mode = 0555,
80 .child = pty_table,
81 },
82 {}
83 };
84
85 static struct ctl_table pty_root_table[] = {
86 {
87 .procname = "kernel",
88 .mode = 0555,
89 .child = pty_kern_table,
90 },
91 {}
92 };
93
94 static DEFINE_MUTEX(allocated_ptys_lock);
95
96 static struct vfsmount *devpts_mnt;
97
98 struct pts_mount_opts {
99 int setuid;
100 int setgid;
101 uid_t uid;
102 gid_t gid;
103 umode_t mode;
104 umode_t ptmxmode;
105 int newinstance;
106 int max;
107 };
108
109 enum {
110 Opt_uid, Opt_gid, Opt_mode, Opt_ptmxmode, Opt_newinstance, Opt_max,
111 Opt_err
112 };
113
114 static const match_table_t tokens = {
115 {Opt_uid, "uid=%u"},
116 {Opt_gid, "gid=%u"},
117 {Opt_mode, "mode=%o"},
118 #ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
119 {Opt_ptmxmode, "ptmxmode=%o"},
120 {Opt_newinstance, "newinstance"},
121 {Opt_max, "max=%d"},
122 #endif
123 {Opt_err, NULL}
124 };
125
126 struct pts_fs_info {
127 struct ida allocated_ptys;
128 struct pts_mount_opts mount_opts;
129 struct dentry *ptmx_dentry;
130 };
131
DEVPTS_SB(struct super_block * sb)132 static inline struct pts_fs_info *DEVPTS_SB(struct super_block *sb)
133 {
134 return sb->s_fs_info;
135 }
136
pts_sb_from_inode(struct inode * inode)137 static inline struct super_block *pts_sb_from_inode(struct inode *inode)
138 {
139 #ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
140 if (inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC)
141 return inode->i_sb;
142 #endif
143 return devpts_mnt->mnt_sb;
144 }
145
146 #define PARSE_MOUNT 0
147 #define PARSE_REMOUNT 1
148
149 /*
150 * parse_mount_options():
151 * Set @opts to mount options specified in @data. If an option is not
152 * specified in @data, set it to its default value. The exception is
153 * 'newinstance' option which can only be set/cleared on a mount (i.e.
154 * cannot be changed during remount).
155 *
156 * Note: @data may be NULL (in which case all options are set to default).
157 */
parse_mount_options(char * data,int op,struct pts_mount_opts * opts)158 static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts)
159 {
160 char *p;
161
162 opts->setuid = 0;
163 opts->setgid = 0;
164 opts->uid = 0;
165 opts->gid = 0;
166 opts->mode = DEVPTS_DEFAULT_MODE;
167 opts->ptmxmode = DEVPTS_DEFAULT_PTMX_MODE;
168 opts->max = NR_UNIX98_PTY_MAX;
169
170 /* newinstance makes sense only on initial mount */
171 if (op == PARSE_MOUNT)
172 opts->newinstance = 0;
173
174 while ((p = strsep(&data, ",")) != NULL) {
175 substring_t args[MAX_OPT_ARGS];
176 int token;
177 int option;
178
179 if (!*p)
180 continue;
181
182 token = match_token(p, tokens, args);
183 switch (token) {
184 case Opt_uid:
185 if (match_int(&args[0], &option))
186 return -EINVAL;
187 opts->uid = option;
188 opts->setuid = 1;
189 break;
190 case Opt_gid:
191 if (match_int(&args[0], &option))
192 return -EINVAL;
193 opts->gid = option;
194 opts->setgid = 1;
195 break;
196 case Opt_mode:
197 if (match_octal(&args[0], &option))
198 return -EINVAL;
199 opts->mode = option & S_IALLUGO;
200 break;
201 #ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
202 case Opt_ptmxmode:
203 if (match_octal(&args[0], &option))
204 return -EINVAL;
205 opts->ptmxmode = option & S_IALLUGO;
206 break;
207 case Opt_newinstance:
208 /* newinstance makes sense only on initial mount */
209 if (op == PARSE_MOUNT)
210 opts->newinstance = 1;
211 break;
212 case Opt_max:
213 if (match_int(&args[0], &option) ||
214 option < 0 || option > NR_UNIX98_PTY_MAX)
215 return -EINVAL;
216 opts->max = option;
217 break;
218 #endif
219 default:
220 printk(KERN_ERR "devpts: called with bogus options\n");
221 return -EINVAL;
222 }
223 }
224
225 return 0;
226 }
227
228 #ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
mknod_ptmx(struct super_block * sb)229 static int mknod_ptmx(struct super_block *sb)
230 {
231 int mode;
232 int rc = -ENOMEM;
233 struct dentry *dentry;
234 struct inode *inode;
235 struct dentry *root = sb->s_root;
236 struct pts_fs_info *fsi = DEVPTS_SB(sb);
237 struct pts_mount_opts *opts = &fsi->mount_opts;
238
239 mutex_lock(&root->d_inode->i_mutex);
240
241 /* If we have already created ptmx node, return */
242 if (fsi->ptmx_dentry) {
243 rc = 0;
244 goto out;
245 }
246
247 dentry = d_alloc_name(root, "ptmx");
248 if (!dentry) {
249 printk(KERN_NOTICE "Unable to alloc dentry for ptmx node\n");
250 goto out;
251 }
252
253 /*
254 * Create a new 'ptmx' node in this mount of devpts.
255 */
256 inode = new_inode(sb);
257 if (!inode) {
258 printk(KERN_ERR "Unable to alloc inode for ptmx node\n");
259 dput(dentry);
260 goto out;
261 }
262
263 inode->i_ino = 2;
264 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
265
266 mode = S_IFCHR|opts->ptmxmode;
267 init_special_inode(inode, mode, MKDEV(TTYAUX_MAJOR, 2));
268
269 d_add(dentry, inode);
270
271 fsi->ptmx_dentry = dentry;
272 rc = 0;
273 out:
274 mutex_unlock(&root->d_inode->i_mutex);
275 return rc;
276 }
277
update_ptmx_mode(struct pts_fs_info * fsi)278 static void update_ptmx_mode(struct pts_fs_info *fsi)
279 {
280 struct inode *inode;
281 if (fsi->ptmx_dentry) {
282 inode = fsi->ptmx_dentry->d_inode;
283 inode->i_mode = S_IFCHR|fsi->mount_opts.ptmxmode;
284 }
285 }
286 #else
update_ptmx_mode(struct pts_fs_info * fsi)287 static inline void update_ptmx_mode(struct pts_fs_info *fsi)
288 {
289 return;
290 }
291 #endif
292
devpts_remount(struct super_block * sb,int * flags,char * data)293 static int devpts_remount(struct super_block *sb, int *flags, char *data)
294 {
295 int err;
296 struct pts_fs_info *fsi = DEVPTS_SB(sb);
297 struct pts_mount_opts *opts = &fsi->mount_opts;
298
299 err = parse_mount_options(data, PARSE_REMOUNT, opts);
300
301 /*
302 * parse_mount_options() restores options to default values
303 * before parsing and may have changed ptmxmode. So, update the
304 * mode in the inode too. Bogus options don't fail the remount,
305 * so do this even on error return.
306 */
307 update_ptmx_mode(fsi);
308
309 return err;
310 }
311
devpts_show_options(struct seq_file * seq,struct dentry * root)312 static int devpts_show_options(struct seq_file *seq, struct dentry *root)
313 {
314 struct pts_fs_info *fsi = DEVPTS_SB(root->d_sb);
315 struct pts_mount_opts *opts = &fsi->mount_opts;
316
317 if (opts->setuid)
318 seq_printf(seq, ",uid=%u", opts->uid);
319 if (opts->setgid)
320 seq_printf(seq, ",gid=%u", opts->gid);
321 seq_printf(seq, ",mode=%03o", opts->mode);
322 #ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
323 seq_printf(seq, ",ptmxmode=%03o", opts->ptmxmode);
324 if (opts->max < NR_UNIX98_PTY_MAX)
325 seq_printf(seq, ",max=%d", opts->max);
326 #endif
327
328 return 0;
329 }
330
331 static const struct super_operations devpts_sops = {
332 .statfs = simple_statfs,
333 .remount_fs = devpts_remount,
334 .show_options = devpts_show_options,
335 };
336
new_pts_fs_info(void)337 static void *new_pts_fs_info(void)
338 {
339 struct pts_fs_info *fsi;
340
341 fsi = kzalloc(sizeof(struct pts_fs_info), GFP_KERNEL);
342 if (!fsi)
343 return NULL;
344
345 ida_init(&fsi->allocated_ptys);
346 fsi->mount_opts.mode = DEVPTS_DEFAULT_MODE;
347 fsi->mount_opts.ptmxmode = DEVPTS_DEFAULT_PTMX_MODE;
348
349 return fsi;
350 }
351
352 static int
devpts_fill_super(struct super_block * s,void * data,int silent)353 devpts_fill_super(struct super_block *s, void *data, int silent)
354 {
355 struct inode *inode;
356
357 s->s_blocksize = 1024;
358 s->s_blocksize_bits = 10;
359 s->s_magic = DEVPTS_SUPER_MAGIC;
360 s->s_op = &devpts_sops;
361 s->s_time_gran = 1;
362
363 s->s_fs_info = new_pts_fs_info();
364 if (!s->s_fs_info)
365 goto fail;
366
367 inode = new_inode(s);
368 if (!inode)
369 goto fail;
370 inode->i_ino = 1;
371 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
372 inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR;
373 inode->i_op = &simple_dir_inode_operations;
374 inode->i_fop = &simple_dir_operations;
375 set_nlink(inode, 2);
376
377 s->s_root = d_make_root(inode);
378 if (s->s_root)
379 return 0;
380
381 printk(KERN_ERR "devpts: get root dentry failed\n");
382
383 fail:
384 return -ENOMEM;
385 }
386
387 #ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
compare_init_pts_sb(struct super_block * s,void * p)388 static int compare_init_pts_sb(struct super_block *s, void *p)
389 {
390 if (devpts_mnt)
391 return devpts_mnt->mnt_sb == s;
392 return 0;
393 }
394
395 /*
396 * devpts_mount()
397 *
398 * If the '-o newinstance' mount option was specified, mount a new
399 * (private) instance of devpts. PTYs created in this instance are
400 * independent of the PTYs in other devpts instances.
401 *
402 * If the '-o newinstance' option was not specified, mount/remount the
403 * initial kernel mount of devpts. This type of mount gives the
404 * legacy, single-instance semantics.
405 *
406 * The 'newinstance' option is needed to support multiple namespace
407 * semantics in devpts while preserving backward compatibility of the
408 * current 'single-namespace' semantics. i.e all mounts of devpts
409 * without the 'newinstance' mount option should bind to the initial
410 * kernel mount, like mount_single().
411 *
412 * Mounts with 'newinstance' option create a new, private namespace.
413 *
414 * NOTE:
415 *
416 * For single-mount semantics, devpts cannot use mount_single(),
417 * because mount_single()/sget() find and use the super-block from
418 * the most recent mount of devpts. But that recent mount may be a
419 * 'newinstance' mount and mount_single() would pick the newinstance
420 * super-block instead of the initial super-block.
421 */
devpts_mount(struct file_system_type * fs_type,int flags,const char * dev_name,void * data)422 static struct dentry *devpts_mount(struct file_system_type *fs_type,
423 int flags, const char *dev_name, void *data)
424 {
425 int error;
426 struct pts_mount_opts opts;
427 struct super_block *s;
428
429 error = parse_mount_options(data, PARSE_MOUNT, &opts);
430 if (error)
431 return ERR_PTR(error);
432
433 if (opts.newinstance)
434 s = sget(fs_type, NULL, set_anon_super, NULL);
435 else
436 s = sget(fs_type, compare_init_pts_sb, set_anon_super, NULL);
437
438 if (IS_ERR(s))
439 return ERR_CAST(s);
440
441 if (!s->s_root) {
442 s->s_flags = flags;
443 error = devpts_fill_super(s, data, flags & MS_SILENT ? 1 : 0);
444 if (error)
445 goto out_undo_sget;
446 s->s_flags |= MS_ACTIVE;
447 }
448
449 memcpy(&(DEVPTS_SB(s))->mount_opts, &opts, sizeof(opts));
450
451 error = mknod_ptmx(s);
452 if (error)
453 goto out_undo_sget;
454
455 return dget(s->s_root);
456
457 out_undo_sget:
458 deactivate_locked_super(s);
459 return ERR_PTR(error);
460 }
461
462 #else
463 /*
464 * This supports only the legacy single-instance semantics (no
465 * multiple-instance semantics)
466 */
devpts_mount(struct file_system_type * fs_type,int flags,const char * dev_name,void * data)467 static struct dentry *devpts_mount(struct file_system_type *fs_type, int flags,
468 const char *dev_name, void *data)
469 {
470 return mount_single(fs_type, flags, data, devpts_fill_super);
471 }
472 #endif
473
devpts_kill_sb(struct super_block * sb)474 static void devpts_kill_sb(struct super_block *sb)
475 {
476 struct pts_fs_info *fsi = DEVPTS_SB(sb);
477
478 kfree(fsi);
479 kill_litter_super(sb);
480 }
481
482 static struct file_system_type devpts_fs_type = {
483 .name = "devpts",
484 .mount = devpts_mount,
485 .kill_sb = devpts_kill_sb,
486 };
487
488 /*
489 * The normal naming convention is simply /dev/pts/<number>; this conforms
490 * to the System V naming convention
491 */
492
devpts_new_index(struct inode * ptmx_inode)493 int devpts_new_index(struct inode *ptmx_inode)
494 {
495 struct super_block *sb = pts_sb_from_inode(ptmx_inode);
496 struct pts_fs_info *fsi = DEVPTS_SB(sb);
497 int index;
498 int ida_ret;
499
500 retry:
501 if (!ida_pre_get(&fsi->allocated_ptys, GFP_KERNEL))
502 return -ENOMEM;
503
504 mutex_lock(&allocated_ptys_lock);
505 if (pty_count >= pty_limit -
506 (fsi->mount_opts.newinstance ? pty_reserve : 0)) {
507 mutex_unlock(&allocated_ptys_lock);
508 return -ENOSPC;
509 }
510
511 ida_ret = ida_get_new(&fsi->allocated_ptys, &index);
512 if (ida_ret < 0) {
513 mutex_unlock(&allocated_ptys_lock);
514 if (ida_ret == -EAGAIN)
515 goto retry;
516 return -EIO;
517 }
518
519 if (index >= fsi->mount_opts.max) {
520 ida_remove(&fsi->allocated_ptys, index);
521 mutex_unlock(&allocated_ptys_lock);
522 return -ENOSPC;
523 }
524 pty_count++;
525 mutex_unlock(&allocated_ptys_lock);
526 return index;
527 }
528
devpts_kill_index(struct inode * ptmx_inode,int idx)529 void devpts_kill_index(struct inode *ptmx_inode, int idx)
530 {
531 struct super_block *sb = pts_sb_from_inode(ptmx_inode);
532 struct pts_fs_info *fsi = DEVPTS_SB(sb);
533
534 mutex_lock(&allocated_ptys_lock);
535 ida_remove(&fsi->allocated_ptys, idx);
536 pty_count--;
537 mutex_unlock(&allocated_ptys_lock);
538 }
539
devpts_pty_new(struct inode * ptmx_inode,struct tty_struct * tty)540 int devpts_pty_new(struct inode *ptmx_inode, struct tty_struct *tty)
541 {
542 /* tty layer puts index from devpts_new_index() in here */
543 int number = tty->index;
544 struct tty_driver *driver = tty->driver;
545 dev_t device = MKDEV(driver->major, driver->minor_start+number);
546 struct dentry *dentry;
547 struct super_block *sb = pts_sb_from_inode(ptmx_inode);
548 struct inode *inode = new_inode(sb);
549 struct dentry *root = sb->s_root;
550 struct pts_fs_info *fsi = DEVPTS_SB(sb);
551 struct pts_mount_opts *opts = &fsi->mount_opts;
552 int ret = 0;
553 char s[12];
554
555 /* We're supposed to be given the slave end of a pty */
556 BUG_ON(driver->type != TTY_DRIVER_TYPE_PTY);
557 BUG_ON(driver->subtype != PTY_TYPE_SLAVE);
558
559 if (!inode)
560 return -ENOMEM;
561
562 inode->i_ino = number + 3;
563 inode->i_uid = opts->setuid ? opts->uid : current_fsuid();
564 inode->i_gid = opts->setgid ? opts->gid : current_fsgid();
565 inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
566 init_special_inode(inode, S_IFCHR|opts->mode, device);
567 inode->i_private = tty;
568 tty->driver_data = inode;
569
570 sprintf(s, "%d", number);
571
572 mutex_lock(&root->d_inode->i_mutex);
573
574 dentry = d_alloc_name(root, s);
575 if (dentry) {
576 d_add(dentry, inode);
577 fsnotify_create(root->d_inode, dentry);
578 } else {
579 iput(inode);
580 ret = -ENOMEM;
581 }
582
583 mutex_unlock(&root->d_inode->i_mutex);
584
585 return ret;
586 }
587
devpts_get_tty(struct inode * pts_inode,int number)588 struct tty_struct *devpts_get_tty(struct inode *pts_inode, int number)
589 {
590 struct dentry *dentry;
591 struct tty_struct *tty;
592
593 BUG_ON(pts_inode->i_rdev == MKDEV(TTYAUX_MAJOR, PTMX_MINOR));
594
595 /* Ensure dentry has not been deleted by devpts_pty_kill() */
596 dentry = d_find_alias(pts_inode);
597 if (!dentry)
598 return NULL;
599
600 tty = NULL;
601 if (pts_inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC)
602 tty = (struct tty_struct *)pts_inode->i_private;
603
604 dput(dentry);
605
606 return tty;
607 }
608
devpts_pty_kill(struct tty_struct * tty)609 void devpts_pty_kill(struct tty_struct *tty)
610 {
611 struct inode *inode = tty->driver_data;
612 struct super_block *sb = pts_sb_from_inode(inode);
613 struct dentry *root = sb->s_root;
614 struct dentry *dentry;
615
616 BUG_ON(inode->i_rdev == MKDEV(TTYAUX_MAJOR, PTMX_MINOR));
617
618 mutex_lock(&root->d_inode->i_mutex);
619
620 dentry = d_find_alias(inode);
621
622 drop_nlink(inode);
623 d_delete(dentry);
624 dput(dentry); /* d_alloc_name() in devpts_pty_new() */
625 dput(dentry); /* d_find_alias above */
626
627 mutex_unlock(&root->d_inode->i_mutex);
628 }
629
init_devpts_fs(void)630 static int __init init_devpts_fs(void)
631 {
632 int err = register_filesystem(&devpts_fs_type);
633 struct ctl_table_header *table;
634
635 if (!err) {
636 table = register_sysctl_table(pty_root_table);
637 devpts_mnt = kern_mount(&devpts_fs_type);
638 if (IS_ERR(devpts_mnt)) {
639 err = PTR_ERR(devpts_mnt);
640 unregister_filesystem(&devpts_fs_type);
641 unregister_sysctl_table(table);
642 }
643 }
644 return err;
645 }
646 module_init(init_devpts_fs)
647