1/* -*- linux-c -*- --------------------------------------------------------- *
2 *
3 * linux/fs/devpts/inode.c
4 *
5 *  Copyright 1998-2004 H. Peter Anvin -- All Rights Reserved
6 *
7 * This file is part of the Linux kernel and is made available under
8 * the terms of the GNU General Public License, version 2, or at your
9 * option, any later version, incorporated herein by reference.
10 *
11 * ------------------------------------------------------------------------- */
12
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15#include <linux/module.h>
16#include <linux/init.h>
17#include <linux/fs.h>
18#include <linux/sched.h>
19#include <linux/namei.h>
20#include <linux/slab.h>
21#include <linux/mount.h>
22#include <linux/tty.h>
23#include <linux/mutex.h>
24#include <linux/magic.h>
25#include <linux/idr.h>
26#include <linux/devpts_fs.h>
27#include <linux/parser.h>
28#include <linux/fsnotify.h>
29#include <linux/seq_file.h>
30
31#define DEVPTS_DEFAULT_MODE 0600
32/*
33 * ptmx is a new node in /dev/pts and will be unused in legacy (single-
34 * instance) mode. To prevent surprises in user space, set permissions of
35 * ptmx to 0. Use 'chmod' or remount with '-o ptmxmode' to set meaningful
36 * permissions.
37 */
38#define DEVPTS_DEFAULT_PTMX_MODE 0000
39#define PTMX_MINOR	2
40
41/*
42 * sysctl support for setting limits on the number of Unix98 ptys allocated.
43 * Otherwise one can eat up all kernel memory by opening /dev/ptmx repeatedly.
44 */
45static int pty_limit = NR_UNIX98_PTY_DEFAULT;
46static int pty_reserve = NR_UNIX98_PTY_RESERVE;
47static int pty_limit_min;
48static int pty_limit_max = INT_MAX;
49static int pty_count;
50
51static struct ctl_table pty_table[] = {
52	{
53		.procname	= "max",
54		.maxlen		= sizeof(int),
55		.mode		= 0644,
56		.data		= &pty_limit,
57		.proc_handler	= proc_dointvec_minmax,
58		.extra1		= &pty_limit_min,
59		.extra2		= &pty_limit_max,
60	}, {
61		.procname	= "reserve",
62		.maxlen		= sizeof(int),
63		.mode		= 0644,
64		.data		= &pty_reserve,
65		.proc_handler	= proc_dointvec_minmax,
66		.extra1		= &pty_limit_min,
67		.extra2		= &pty_limit_max,
68	}, {
69		.procname	= "nr",
70		.maxlen		= sizeof(int),
71		.mode		= 0444,
72		.data		= &pty_count,
73		.proc_handler	= proc_dointvec,
74	},
75	{}
76};
77
78static struct ctl_table pty_kern_table[] = {
79	{
80		.procname	= "pty",
81		.mode		= 0555,
82		.child		= pty_table,
83	},
84	{}
85};
86
87static struct ctl_table pty_root_table[] = {
88	{
89		.procname	= "kernel",
90		.mode		= 0555,
91		.child		= pty_kern_table,
92	},
93	{}
94};
95
96static DEFINE_MUTEX(allocated_ptys_lock);
97
98static struct vfsmount *devpts_mnt;
99
100struct pts_mount_opts {
101	int setuid;
102	int setgid;
103	kuid_t   uid;
104	kgid_t   gid;
105	umode_t mode;
106	umode_t ptmxmode;
107	int newinstance;
108	int max;
109};
110
111enum {
112	Opt_uid, Opt_gid, Opt_mode, Opt_ptmxmode, Opt_newinstance,  Opt_max,
113	Opt_err
114};
115
116static const match_table_t tokens = {
117	{Opt_uid, "uid=%u"},
118	{Opt_gid, "gid=%u"},
119	{Opt_mode, "mode=%o"},
120#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
121	{Opt_ptmxmode, "ptmxmode=%o"},
122	{Opt_newinstance, "newinstance"},
123	{Opt_max, "max=%d"},
124#endif
125	{Opt_err, NULL}
126};
127
128struct pts_fs_info {
129	struct ida allocated_ptys;
130	struct pts_mount_opts mount_opts;
131	struct dentry *ptmx_dentry;
132};
133
134static inline struct pts_fs_info *DEVPTS_SB(struct super_block *sb)
135{
136	return sb->s_fs_info;
137}
138
139static inline struct super_block *pts_sb_from_inode(struct inode *inode)
140{
141#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
142	if (inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC)
143		return inode->i_sb;
144#endif
145	if (!devpts_mnt)
146		return NULL;
147	return devpts_mnt->mnt_sb;
148}
149
150#define PARSE_MOUNT	0
151#define PARSE_REMOUNT	1
152
153/*
154 * parse_mount_options():
155 *	Set @opts to mount options specified in @data. If an option is not
156 *	specified in @data, set it to its default value. The exception is
157 *	'newinstance' option which can only be set/cleared on a mount (i.e.
158 *	cannot be changed during remount).
159 *
160 * Note: @data may be NULL (in which case all options are set to default).
161 */
162static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts)
163{
164	char *p;
165	kuid_t uid;
166	kgid_t gid;
167
168	opts->setuid  = 0;
169	opts->setgid  = 0;
170	opts->uid     = GLOBAL_ROOT_UID;
171	opts->gid     = GLOBAL_ROOT_GID;
172	opts->mode    = DEVPTS_DEFAULT_MODE;
173	opts->ptmxmode = DEVPTS_DEFAULT_PTMX_MODE;
174	opts->max     = NR_UNIX98_PTY_MAX;
175
176	/* newinstance makes sense only on initial mount */
177	if (op == PARSE_MOUNT)
178		opts->newinstance = 0;
179
180	while ((p = strsep(&data, ",")) != NULL) {
181		substring_t args[MAX_OPT_ARGS];
182		int token;
183		int option;
184
185		if (!*p)
186			continue;
187
188		token = match_token(p, tokens, args);
189		switch (token) {
190		case Opt_uid:
191			if (match_int(&args[0], &option))
192				return -EINVAL;
193			uid = make_kuid(current_user_ns(), option);
194			if (!uid_valid(uid))
195				return -EINVAL;
196			opts->uid = uid;
197			opts->setuid = 1;
198			break;
199		case Opt_gid:
200			if (match_int(&args[0], &option))
201				return -EINVAL;
202			gid = make_kgid(current_user_ns(), option);
203			if (!gid_valid(gid))
204				return -EINVAL;
205			opts->gid = gid;
206			opts->setgid = 1;
207			break;
208		case Opt_mode:
209			if (match_octal(&args[0], &option))
210				return -EINVAL;
211			opts->mode = option & S_IALLUGO;
212			break;
213#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
214		case Opt_ptmxmode:
215			if (match_octal(&args[0], &option))
216				return -EINVAL;
217			opts->ptmxmode = option & S_IALLUGO;
218			break;
219		case Opt_newinstance:
220			/* newinstance makes sense only on initial mount */
221			if (op == PARSE_MOUNT)
222				opts->newinstance = 1;
223			break;
224		case Opt_max:
225			if (match_int(&args[0], &option) ||
226			    option < 0 || option > NR_UNIX98_PTY_MAX)
227				return -EINVAL;
228			opts->max = option;
229			break;
230#endif
231		default:
232			pr_err("called with bogus options\n");
233			return -EINVAL;
234		}
235	}
236
237	return 0;
238}
239
240#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
241static int mknod_ptmx(struct super_block *sb)
242{
243	int mode;
244	int rc = -ENOMEM;
245	struct dentry *dentry;
246	struct inode *inode;
247	struct dentry *root = sb->s_root;
248	struct pts_fs_info *fsi = DEVPTS_SB(sb);
249	struct pts_mount_opts *opts = &fsi->mount_opts;
250	kuid_t root_uid;
251	kgid_t root_gid;
252
253	root_uid = make_kuid(current_user_ns(), 0);
254	root_gid = make_kgid(current_user_ns(), 0);
255	if (!uid_valid(root_uid) || !gid_valid(root_gid))
256		return -EINVAL;
257
258	mutex_lock(&d_inode(root)->i_mutex);
259
260	/* If we have already created ptmx node, return */
261	if (fsi->ptmx_dentry) {
262		rc = 0;
263		goto out;
264	}
265
266	dentry = d_alloc_name(root, "ptmx");
267	if (!dentry) {
268		pr_err("Unable to alloc dentry for ptmx node\n");
269		goto out;
270	}
271
272	/*
273	 * Create a new 'ptmx' node in this mount of devpts.
274	 */
275	inode = new_inode(sb);
276	if (!inode) {
277		pr_err("Unable to alloc inode for ptmx node\n");
278		dput(dentry);
279		goto out;
280	}
281
282	inode->i_ino = 2;
283	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
284
285	mode = S_IFCHR|opts->ptmxmode;
286	init_special_inode(inode, mode, MKDEV(TTYAUX_MAJOR, 2));
287	inode->i_uid = root_uid;
288	inode->i_gid = root_gid;
289
290	d_add(dentry, inode);
291
292	fsi->ptmx_dentry = dentry;
293	rc = 0;
294out:
295	mutex_unlock(&d_inode(root)->i_mutex);
296	return rc;
297}
298
299static void update_ptmx_mode(struct pts_fs_info *fsi)
300{
301	struct inode *inode;
302	if (fsi->ptmx_dentry) {
303		inode = d_inode(fsi->ptmx_dentry);
304		inode->i_mode = S_IFCHR|fsi->mount_opts.ptmxmode;
305	}
306}
307#else
308static inline void update_ptmx_mode(struct pts_fs_info *fsi)
309{
310	return;
311}
312#endif
313
314static int devpts_remount(struct super_block *sb, int *flags, char *data)
315{
316	int err;
317	struct pts_fs_info *fsi = DEVPTS_SB(sb);
318	struct pts_mount_opts *opts = &fsi->mount_opts;
319
320	sync_filesystem(sb);
321	err = parse_mount_options(data, PARSE_REMOUNT, opts);
322
323	/*
324	 * parse_mount_options() restores options to default values
325	 * before parsing and may have changed ptmxmode. So, update the
326	 * mode in the inode too. Bogus options don't fail the remount,
327	 * so do this even on error return.
328	 */
329	update_ptmx_mode(fsi);
330
331	return err;
332}
333
334static int devpts_show_options(struct seq_file *seq, struct dentry *root)
335{
336	struct pts_fs_info *fsi = DEVPTS_SB(root->d_sb);
337	struct pts_mount_opts *opts = &fsi->mount_opts;
338
339	if (opts->setuid)
340		seq_printf(seq, ",uid=%u",
341			   from_kuid_munged(&init_user_ns, opts->uid));
342	if (opts->setgid)
343		seq_printf(seq, ",gid=%u",
344			   from_kgid_munged(&init_user_ns, opts->gid));
345	seq_printf(seq, ",mode=%03o", opts->mode);
346#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
347	seq_printf(seq, ",ptmxmode=%03o", opts->ptmxmode);
348	if (opts->max < NR_UNIX98_PTY_MAX)
349		seq_printf(seq, ",max=%d", opts->max);
350#endif
351
352	return 0;
353}
354
355static const struct super_operations devpts_sops = {
356	.statfs		= simple_statfs,
357	.remount_fs	= devpts_remount,
358	.show_options	= devpts_show_options,
359};
360
361static void *new_pts_fs_info(void)
362{
363	struct pts_fs_info *fsi;
364
365	fsi = kzalloc(sizeof(struct pts_fs_info), GFP_KERNEL);
366	if (!fsi)
367		return NULL;
368
369	ida_init(&fsi->allocated_ptys);
370	fsi->mount_opts.mode = DEVPTS_DEFAULT_MODE;
371	fsi->mount_opts.ptmxmode = DEVPTS_DEFAULT_PTMX_MODE;
372
373	return fsi;
374}
375
376static int
377devpts_fill_super(struct super_block *s, void *data, int silent)
378{
379	struct inode *inode;
380
381	s->s_blocksize = 1024;
382	s->s_blocksize_bits = 10;
383	s->s_magic = DEVPTS_SUPER_MAGIC;
384	s->s_op = &devpts_sops;
385	s->s_time_gran = 1;
386
387	s->s_fs_info = new_pts_fs_info();
388	if (!s->s_fs_info)
389		goto fail;
390
391	inode = new_inode(s);
392	if (!inode)
393		goto fail;
394	inode->i_ino = 1;
395	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
396	inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR;
397	inode->i_op = &simple_dir_inode_operations;
398	inode->i_fop = &simple_dir_operations;
399	set_nlink(inode, 2);
400
401	s->s_root = d_make_root(inode);
402	if (s->s_root)
403		return 0;
404
405	pr_err("get root dentry failed\n");
406
407fail:
408	return -ENOMEM;
409}
410
411#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
412static int compare_init_pts_sb(struct super_block *s, void *p)
413{
414	if (devpts_mnt)
415		return devpts_mnt->mnt_sb == s;
416	return 0;
417}
418
419/*
420 * devpts_mount()
421 *
422 *     If the '-o newinstance' mount option was specified, mount a new
423 *     (private) instance of devpts.  PTYs created in this instance are
424 *     independent of the PTYs in other devpts instances.
425 *
426 *     If the '-o newinstance' option was not specified, mount/remount the
427 *     initial kernel mount of devpts.  This type of mount gives the
428 *     legacy, single-instance semantics.
429 *
430 *     The 'newinstance' option is needed to support multiple namespace
431 *     semantics in devpts while preserving backward compatibility of the
432 *     current 'single-namespace' semantics. i.e all mounts of devpts
433 *     without the 'newinstance' mount option should bind to the initial
434 *     kernel mount, like mount_single().
435 *
436 *     Mounts with 'newinstance' option create a new, private namespace.
437 *
438 *     NOTE:
439 *
440 *     For single-mount semantics, devpts cannot use mount_single(),
441 *     because mount_single()/sget() find and use the super-block from
442 *     the most recent mount of devpts. But that recent mount may be a
443 *     'newinstance' mount and mount_single() would pick the newinstance
444 *     super-block instead of the initial super-block.
445 */
446static struct dentry *devpts_mount(struct file_system_type *fs_type,
447	int flags, const char *dev_name, void *data)
448{
449	int error;
450	struct pts_mount_opts opts;
451	struct super_block *s;
452
453	error = parse_mount_options(data, PARSE_MOUNT, &opts);
454	if (error)
455		return ERR_PTR(error);
456
457	/* Require newinstance for all user namespace mounts to ensure
458	 * the mount options are not changed.
459	 */
460	if ((current_user_ns() != &init_user_ns) && !opts.newinstance)
461		return ERR_PTR(-EINVAL);
462
463	if (opts.newinstance)
464		s = sget(fs_type, NULL, set_anon_super, flags, NULL);
465	else
466		s = sget(fs_type, compare_init_pts_sb, set_anon_super, flags,
467			 NULL);
468
469	if (IS_ERR(s))
470		return ERR_CAST(s);
471
472	if (!s->s_root) {
473		error = devpts_fill_super(s, data, flags & MS_SILENT ? 1 : 0);
474		if (error)
475			goto out_undo_sget;
476		s->s_flags |= MS_ACTIVE;
477	}
478
479	memcpy(&(DEVPTS_SB(s))->mount_opts, &opts, sizeof(opts));
480
481	error = mknod_ptmx(s);
482	if (error)
483		goto out_undo_sget;
484
485	return dget(s->s_root);
486
487out_undo_sget:
488	deactivate_locked_super(s);
489	return ERR_PTR(error);
490}
491
492#else
493/*
494 * This supports only the legacy single-instance semantics (no
495 * multiple-instance semantics)
496 */
497static struct dentry *devpts_mount(struct file_system_type *fs_type, int flags,
498		const char *dev_name, void *data)
499{
500	return mount_single(fs_type, flags, data, devpts_fill_super);
501}
502#endif
503
504static void devpts_kill_sb(struct super_block *sb)
505{
506	struct pts_fs_info *fsi = DEVPTS_SB(sb);
507
508	ida_destroy(&fsi->allocated_ptys);
509	kfree(fsi);
510	kill_litter_super(sb);
511}
512
513static struct file_system_type devpts_fs_type = {
514	.name		= "devpts",
515	.mount		= devpts_mount,
516	.kill_sb	= devpts_kill_sb,
517#ifdef CONFIG_DEVPTS_MULTIPLE_INSTANCES
518	.fs_flags	= FS_USERNS_MOUNT | FS_USERNS_DEV_MOUNT,
519#endif
520};
521
522/*
523 * The normal naming convention is simply /dev/pts/<number>; this conforms
524 * to the System V naming convention
525 */
526
527int devpts_new_index(struct inode *ptmx_inode)
528{
529	struct super_block *sb = pts_sb_from_inode(ptmx_inode);
530	struct pts_fs_info *fsi;
531	int index;
532	int ida_ret;
533
534	if (!sb)
535		return -ENODEV;
536
537	fsi = DEVPTS_SB(sb);
538retry:
539	if (!ida_pre_get(&fsi->allocated_ptys, GFP_KERNEL))
540		return -ENOMEM;
541
542	mutex_lock(&allocated_ptys_lock);
543	if (pty_count >= pty_limit -
544			(fsi->mount_opts.newinstance ? pty_reserve : 0)) {
545		mutex_unlock(&allocated_ptys_lock);
546		return -ENOSPC;
547	}
548
549	ida_ret = ida_get_new(&fsi->allocated_ptys, &index);
550	if (ida_ret < 0) {
551		mutex_unlock(&allocated_ptys_lock);
552		if (ida_ret == -EAGAIN)
553			goto retry;
554		return -EIO;
555	}
556
557	if (index >= fsi->mount_opts.max) {
558		ida_remove(&fsi->allocated_ptys, index);
559		mutex_unlock(&allocated_ptys_lock);
560		return -ENOSPC;
561	}
562	pty_count++;
563	mutex_unlock(&allocated_ptys_lock);
564	return index;
565}
566
567void devpts_kill_index(struct inode *ptmx_inode, int idx)
568{
569	struct super_block *sb = pts_sb_from_inode(ptmx_inode);
570	struct pts_fs_info *fsi = DEVPTS_SB(sb);
571
572	mutex_lock(&allocated_ptys_lock);
573	ida_remove(&fsi->allocated_ptys, idx);
574	pty_count--;
575	mutex_unlock(&allocated_ptys_lock);
576}
577
578/*
579 * pty code needs to hold extra references in case of last /dev/tty close
580 */
581
582void devpts_add_ref(struct inode *ptmx_inode)
583{
584	struct super_block *sb = pts_sb_from_inode(ptmx_inode);
585
586	atomic_inc(&sb->s_active);
587	ihold(ptmx_inode);
588}
589
590void devpts_del_ref(struct inode *ptmx_inode)
591{
592	struct super_block *sb = pts_sb_from_inode(ptmx_inode);
593
594	iput(ptmx_inode);
595	deactivate_super(sb);
596}
597
598/**
599 * devpts_pty_new -- create a new inode in /dev/pts/
600 * @ptmx_inode: inode of the master
601 * @device: major+minor of the node to be created
602 * @index: used as a name of the node
603 * @priv: what's given back by devpts_get_priv
604 *
605 * The created inode is returned. Remove it from /dev/pts/ by devpts_pty_kill.
606 */
607struct inode *devpts_pty_new(struct inode *ptmx_inode, dev_t device, int index,
608		void *priv)
609{
610	struct dentry *dentry;
611	struct super_block *sb = pts_sb_from_inode(ptmx_inode);
612	struct inode *inode;
613	struct dentry *root;
614	struct pts_fs_info *fsi;
615	struct pts_mount_opts *opts;
616	char s[12];
617
618	if (!sb)
619		return ERR_PTR(-ENODEV);
620
621	root = sb->s_root;
622	fsi = DEVPTS_SB(sb);
623	opts = &fsi->mount_opts;
624
625	inode = new_inode(sb);
626	if (!inode)
627		return ERR_PTR(-ENOMEM);
628
629	inode->i_ino = index + 3;
630	inode->i_uid = opts->setuid ? opts->uid : current_fsuid();
631	inode->i_gid = opts->setgid ? opts->gid : current_fsgid();
632	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
633	init_special_inode(inode, S_IFCHR|opts->mode, device);
634	inode->i_private = priv;
635
636	sprintf(s, "%d", index);
637
638	mutex_lock(&d_inode(root)->i_mutex);
639
640	dentry = d_alloc_name(root, s);
641	if (dentry) {
642		d_add(dentry, inode);
643		fsnotify_create(d_inode(root), dentry);
644	} else {
645		iput(inode);
646		inode = ERR_PTR(-ENOMEM);
647	}
648
649	mutex_unlock(&d_inode(root)->i_mutex);
650
651	return inode;
652}
653
654/**
655 * devpts_get_priv -- get private data for a slave
656 * @pts_inode: inode of the slave
657 *
658 * Returns whatever was passed as priv in devpts_pty_new for a given inode.
659 */
660void *devpts_get_priv(struct inode *pts_inode)
661{
662	struct dentry *dentry;
663	void *priv = NULL;
664
665	BUG_ON(pts_inode->i_rdev == MKDEV(TTYAUX_MAJOR, PTMX_MINOR));
666
667	/* Ensure dentry has not been deleted by devpts_pty_kill() */
668	dentry = d_find_alias(pts_inode);
669	if (!dentry)
670		return NULL;
671
672	if (pts_inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC)
673		priv = pts_inode->i_private;
674
675	dput(dentry);
676
677	return priv;
678}
679
680/**
681 * devpts_pty_kill -- remove inode form /dev/pts/
682 * @inode: inode of the slave to be removed
683 *
684 * This is an inverse operation of devpts_pty_new.
685 */
686void devpts_pty_kill(struct inode *inode)
687{
688	struct super_block *sb = pts_sb_from_inode(inode);
689	struct dentry *root = sb->s_root;
690	struct dentry *dentry;
691
692	BUG_ON(inode->i_rdev == MKDEV(TTYAUX_MAJOR, PTMX_MINOR));
693
694	mutex_lock(&d_inode(root)->i_mutex);
695
696	dentry = d_find_alias(inode);
697
698	drop_nlink(inode);
699	d_delete(dentry);
700	dput(dentry);	/* d_alloc_name() in devpts_pty_new() */
701	dput(dentry);		/* d_find_alias above */
702
703	mutex_unlock(&d_inode(root)->i_mutex);
704}
705
706static int __init init_devpts_fs(void)
707{
708	int err = register_filesystem(&devpts_fs_type);
709	struct ctl_table_header *table;
710
711	if (!err) {
712		struct vfsmount *mnt;
713
714		table = register_sysctl_table(pty_root_table);
715		mnt = kern_mount(&devpts_fs_type);
716		if (IS_ERR(mnt)) {
717			err = PTR_ERR(mnt);
718			unregister_filesystem(&devpts_fs_type);
719			unregister_sysctl_table(table);
720		} else {
721			devpts_mnt = mnt;
722		}
723	}
724	return err;
725}
726module_init(init_devpts_fs)
727