sdev_ptsops.c revision da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * CDDL HEADER START
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * The contents of this file are subject to the terms of the
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * Common Development and Distribution License (the "License").
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * You may not use this file except in compliance with the License.
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * See the License for the specific language governing permissions
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * and limitations under the License.
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * When distributing Covered Code, include this CDDL HEADER in each
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * If applicable, add the following below this CDDL HEADER, with the
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * fields enclosed by brackets "[]" replaced with your own identifying
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * information: Portions Copyright [yyyy] [name of copyright owner]
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * CDDL HEADER END
49e92448e558772c002444c0d92e7a31d529d046vikram * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * Use is subject to license terms.
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai#pragma ident "%Z%%M% %I% %E% SMI"
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * vnode ops for the /dev/pts directory
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * The lookup is based on the internal pty table. We also
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * override readdir in order to delete pts nodes no longer
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai 0 /* 0 hereafter */
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * Convert string to minor number. Some care must be taken
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * as we are processing user input. Catch cases like
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai return (0);
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * Check if a pts sdev_node is still valid - i.e. it represents a current pty.
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * This serves two purposes
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * - only valid pts nodes are returned during lookup() and readdir().
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * - since pts sdev_nodes are not actively destroyed when a pty goes
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * away, we use the validator to do deferred cleanup i.e. when such
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * nodes are encountered during subsequent lookup() and readdir().
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai/*ARGSUSED*/
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai /* validate only READY nodes */
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai sdcmn_err7(("devpts_validate: not a valid minor: %s\n", nm));
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * Check if pts driver is attached
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai sdcmn_err7(("devpts_validate: valid in different zone "
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai if (dv->sdev_attr->va_uid != uid || dv->sdev_attr->va_gid != gid) {
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai sdcmn_err7(("devpts_validate: update uid/gid/times%s\n", nm));
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * This callback is invoked from devname_lookup_func() to create
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * a pts entry when the node is not found in the cache.
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai/*ARGSUSED*/
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai void **arg, cred_t *cred, void *whatever, char *whichever)
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai sdcmn_err7(("devpts_create_rvp: not a valid minor: %s\n", nm));
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai return (-1);
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * Check if pts driver is attached and if it is
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * get the major number.
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai sdcmn_err7(("devpts_create_rvp: slave not attached\n"));
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai return (-1);
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * Only allow creation of ptys allocated to our zone
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai return (-1);
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * This is a valid pty (at least at this point in time).
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * Create the node by setting the attribute. The rest
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * is taken care of by devname_lookup_func().
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai return (0);
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * Clean pts sdev_nodes that are no longer valid.
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllaistatic void
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai vtor = (int (*)(struct sdev_node *))sdev_get_vtor(ddv);
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai /* skip stale nodes */
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai /* validate and prune only ready nodes */
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai /* remove the cache node */
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * Lookup for /dev/pts directory
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * If the entry does not exist, the devpts_create_rvp() callback
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * is invoked to create it. Nodes do not persist across reboot.
49e92448e558772c002444c0d92e7a31d529d046vikram * There is a potential denial of service here via
49e92448e558772c002444c0d92e7a31d529d046vikram * fattach on top of a /dev/pts node - any permission changes
49e92448e558772c002444c0d92e7a31d529d046vikram * applied to the node, apply to the fattached file and not
49e92448e558772c002444c0d92e7a31d529d046vikram * to the underlying pts node. As a result when the previous
49e92448e558772c002444c0d92e7a31d529d046vikram * user fdetaches, the pts node is still owned by the previous
49e92448e558772c002444c0d92e7a31d529d046vikram * owner. To prevent this we don't allow fattach() on top of a pts
49e92448e558772c002444c0d92e7a31d529d046vikram * node. This is done by a modification in the namefs filesystem
49e92448e558772c002444c0d92e7a31d529d046vikram * where we check if the underlying node has the /dev/pts vnodeops.
49e92448e558772c002444c0d92e7a31d529d046vikram * We do this via VOP_REALVP() on the underlying specfs node.
49e92448e558772c002444c0d92e7a31d529d046vikram * sdev_nodes currently don't have a realvp. If a realvp is ever
49e92448e558772c002444c0d92e7a31d529d046vikram * created for sdev_nodes, then VOP_REALVP() will return the
49e92448e558772c002444c0d92e7a31d529d046vikram * actual realvp (possibly a ufs vnode). This will defeat the check
49e92448e558772c002444c0d92e7a31d529d046vikram * in namefs code which checks if VOP_REALVP() returns a devpts
49e92448e558772c002444c0d92e7a31d529d046vikram * node. We add an ASSERT here in /dev/pts lookup() to check for
49e92448e558772c002444c0d92e7a31d529d046vikram * this condition. If sdev_nodes ever get a VOP_REALVP() entry point,
49e92448e558772c002444c0d92e7a31d529d046vikram * change the code in the namefs filesystem code (in nm_mount()) to
49e92448e558772c002444c0d92e7a31d529d046vikram * access the realvp of the specfs node directly instead of using
49e92448e558772c002444c0d92e7a31d529d046vikram * VOP_REALVP().
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai/*ARGSUSED3*/
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllaidevpts_lookup(struct vnode *dvp, char *nm, struct vnode **vpp,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw struct pathname *pnp, int flags, struct vnode *rdir, struct cred *cred,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw caller_context_t *ct, int *direntflags, pathname_t *realpnp)
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai error = devname_lookup_func(sdvp, nm, vpp, cred, devpts_create_rvp,
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai if (error == 0) {
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * We allow create to find existing nodes
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * - if the node doesn't exist - EROFS
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * - creating an existing dir read-only succeeds, otherwise EISDIR
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * - exclusive creates fail - EEXIST
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai/*ARGSUSED2*/
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllaidevpts_create(struct vnode *dvp, char *nm, struct vattr *vap, vcexcl_t excl,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw int mode, struct vnode **vpp, struct cred *cred, int flag,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw error = devpts_lookup(dvp, nm, &vp, NULL, 0, NULL, cred, ct, NULL,
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai if (error == 0) {
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * Display all instantiated pts (slave) device nodes.
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * A /dev/pts entry will be created only after the first lookup of the slave
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * device succeeds.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw/*ARGSUSED4*/
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllaidevpts_readdir(struct vnode *dvp, struct uio *uiop, struct cred *cred,
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai return (devname_readdir_func(dvp, uiop, cred, eofp, 0));
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllaidevpts_set_id(struct sdev_node *dv, struct vattr *vap, int protocol)
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai return (0);
cbcfaf83d8f1bf6aa00c793903a55685cac2c548jg/*ARGSUSED4*/
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllaidevpts_setattr(struct vnode *vp, struct vattr *vap, int flags,
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * We override lookup and readdir to build entries based on the
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * in kernel pty table. Also override setattr/setsecattr to
facf4a8d7b59fde89a8662b4f4c73a758e6c402cllai * avoid persisting permissions.