fs/devpts/inode.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /* -*- linux-c -*- --------------------------------------------------------- *
0003  *
0004  * linux/fs/devpts/inode.c
0005  *
0006  *  Copyright 1998-2004 H. Peter Anvin -- All Rights Reserved
0007  *
0008  * ------------------------------------------------------------------------- */
0009
0010 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0011
0012 #include <linux/module.h>
0013 #include <linux/init.h>
0014 #include <linux/fs.h>
0015 #include <linux/sched.h>
0016 #include <linux/namei.h>
0017 #include <linux/slab.h>
0018 #include <linux/mount.h>
0019 #include <linux/tty.h>
0020 #include <linux/mutex.h>
0021 #include <linux/magic.h>
0022 #include <linux/idr.h>
0023 #include <linux/devpts_fs.h>
0024 #include <linux/parser.h>
0025 #include <linux/fsnotify.h>
0026 #include <linux/seq_file.h>
0027
0028 #define DEVPTS_DEFAULT_MODE 0600
0029 /*
0030  * ptmx is a new node in /dev/pts and will be unused in legacy (single-
0031  * instance) mode. To prevent surprises in user space, set permissions of
0032  * ptmx to 0. Use 'chmod' or remount with '-o ptmxmode' to set meaningful
0033  * permissions.
0034  */
0035 #define DEVPTS_DEFAULT_PTMX_MODE 0000
0036 #define PTMX_MINOR  2
0037
0038 /*
0039  * sysctl support for setting limits on the number of Unix98 ptys allocated.
0040  * Otherwise one can eat up all kernel memory by opening /dev/ptmx repeatedly.
0041  */
0042 static int pty_limit = NR_UNIX98_PTY_DEFAULT;
0043 static int pty_reserve = NR_UNIX98_PTY_RESERVE;
0044 static int pty_limit_min;
0045 static int pty_limit_max = INT_MAX;
0046 static atomic_t pty_count = ATOMIC_INIT(0);
0047
0048 static struct ctl_table pty_table[] = {
0049     {
0050         .procname   = "max",
0051         .maxlen     = sizeof(int),
0052         .mode       = 0644,
0053         .data       = &pty_limit,
0054         .proc_handler   = proc_dointvec_minmax,
0055         .extra1     = &pty_limit_min,
0056         .extra2     = &pty_limit_max,
0057     }, {
0058         .procname   = "reserve",
0059         .maxlen     = sizeof(int),
0060         .mode       = 0644,
0061         .data       = &pty_reserve,
0062         .proc_handler   = proc_dointvec_minmax,
0063         .extra1     = &pty_limit_min,
0064         .extra2     = &pty_limit_max,
0065     }, {
0066         .procname   = "nr",
0067         .maxlen     = sizeof(int),
0068         .mode       = 0444,
0069         .data       = &pty_count,
0070         .proc_handler   = proc_dointvec,
0071     },
0072     {}
0073 };
0074
0075 static struct ctl_table pty_kern_table[] = {
0076     {
0077         .procname   = "pty",
0078         .mode       = 0555,
0079         .child      = pty_table,
0080     },
0081     {}
0082 };
0083
0084 static struct ctl_table pty_root_table[] = {
0085     {
0086         .procname   = "kernel",
0087         .mode       = 0555,
0088         .child      = pty_kern_table,
0089     },
0090     {}
0091 };
0092
0093 struct pts_mount_opts {
0094     int setuid;
0095     int setgid;
0096     kuid_t   uid;
0097     kgid_t   gid;
0098     umode_t mode;
0099     umode_t ptmxmode;
0100     int reserve;
0101     int max;
0102 };
0103
0104 enum {
0105     Opt_uid, Opt_gid, Opt_mode, Opt_ptmxmode, Opt_newinstance,  Opt_max,
0106     Opt_err
0107 };
0108
0109 static const match_table_t tokens = {
0110     {Opt_uid, "uid=%u"},
0111     {Opt_gid, "gid=%u"},
0112     {Opt_mode, "mode=%o"},
0113     {Opt_ptmxmode, "ptmxmode=%o"},
0114     {Opt_newinstance, "newinstance"},
0115     {Opt_max, "max=%d"},
0116     {Opt_err, NULL}
0117 };
0118
0119 struct pts_fs_info {
0120     struct ida allocated_ptys;
0121     struct pts_mount_opts mount_opts;
0122     struct super_block *sb;
0123     struct dentry *ptmx_dentry;
0124 };
0125
0126 static inline struct pts_fs_info *DEVPTS_SB(struct super_block *sb)
0127 {
0128     return sb->s_fs_info;
0129 }
0130
0131 static int devpts_ptmx_path(struct path *path)
0132 {
0133     struct super_block *sb;
0134     int err;
0135
0136     /* Is a devpts filesystem at "pts" in the same directory? */
0137     err = path_pts(path);
0138     if (err)
0139         return err;
0140
0141     /* Is the path the root of a devpts filesystem? */
0142     sb = path->mnt->mnt_sb;
0143     if ((sb->s_magic != DEVPTS_SUPER_MAGIC) ||
0144         (path->mnt->mnt_root != sb->s_root))
0145         return -ENODEV;
0146
0147     return 0;
0148 }
0149
0150 /*
0151  * Try to find a suitable devpts filesystem. We support the following
0152  * scenarios:
0153  * - The ptmx device node is located in the same directory as the devpts
0154  *   mount where the pts device nodes are located.
0155  *   This is e.g. the case when calling open on the /dev/pts/ptmx device
0156  *   node when the devpts filesystem is mounted at /dev/pts.
0157  * - The ptmx device node is located outside the devpts filesystem mount
0158  *   where the pts device nodes are located. For example, the ptmx device
0159  *   is a symlink, separate device node, or bind-mount.
0160  *   A supported scenario is bind-mounting /dev/pts/ptmx to /dev/ptmx and
0161  *   then calling open on /dev/ptmx. In this case a suitable pts
0162  *   subdirectory can be found in the common parent directory /dev of the
0163  *   devpts mount and the ptmx bind-mount, after resolving the /dev/ptmx
0164  *   bind-mount.
0165  *   If no suitable pts subdirectory can be found this function will fail.
0166  *   This is e.g. the case when bind-mounting /dev/pts/ptmx to /ptmx.
0167  */
0168 struct vfsmount *devpts_mntget(struct file *filp, struct pts_fs_info *fsi)
0169 {
0170     struct path path;
0171     int err = 0;
0172
0173     path = filp->f_path;
0174     path_get(&path);
0175
0176     /* Walk upward while the start point is a bind mount of
0177      * a single file.
0178      */
0179     while (path.mnt->mnt_root == path.dentry)
0180         if (follow_up(&path) == 0)
0181             break;
0182
0183     /* devpts_ptmx_path() finds a devpts fs or returns an error. */
0184     if ((path.mnt->mnt_sb->s_magic != DEVPTS_SUPER_MAGIC) ||
0185         (DEVPTS_SB(path.mnt->mnt_sb) != fsi))
0186         err = devpts_ptmx_path(&path);
0187     dput(path.dentry);
0188     if (!err) {
0189         if (DEVPTS_SB(path.mnt->mnt_sb) == fsi)
0190             return path.mnt;
0191
0192         err = -ENODEV;
0193     }
0194
0195     mntput(path.mnt);
0196     return ERR_PTR(err);
0197 }
0198
0199 struct pts_fs_info *devpts_acquire(struct file *filp)
0200 {
0201     struct pts_fs_info *result;
0202     struct path path;
0203     struct super_block *sb;
0204
0205     path = filp->f_path;
0206     path_get(&path);
0207
0208     /* Has the devpts filesystem already been found? */
0209     if (path.mnt->mnt_sb->s_magic != DEVPTS_SUPER_MAGIC) {
0210         int err;
0211
0212         err = devpts_ptmx_path(&path);
0213         if (err) {
0214             result = ERR_PTR(err);
0215             goto out;
0216         }
0217     }
0218
0219     /*
0220      * pty code needs to hold extra references in case of last /dev/tty close
0221      */
0222     sb = path.mnt->mnt_sb;
0223     atomic_inc(&sb->s_active);
0224     result = DEVPTS_SB(sb);
0225
0226 out:
0227     path_put(&path);
0228     return result;
0229 }
0230
0231 void devpts_release(struct pts_fs_info *fsi)
0232 {
0233     deactivate_super(fsi->sb);
0234 }
0235
0236 #define PARSE_MOUNT 0
0237 #define PARSE_REMOUNT   1
0238
0239 /*
0240  * parse_mount_options():
0241  *  Set @opts to mount options specified in @data. If an option is not
0242  *  specified in @data, set it to its default value.
0243  *
0244  * Note: @data may be NULL (in which case all options are set to default).
0245  */
0246 static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts)
0247 {
0248     char *p;
0249     kuid_t uid;
0250     kgid_t gid;
0251
0252     opts->setuid  = 0;
0253     opts->setgid  = 0;
0254     opts->uid     = GLOBAL_ROOT_UID;
0255     opts->gid     = GLOBAL_ROOT_GID;
0256     opts->mode    = DEVPTS_DEFAULT_MODE;
0257     opts->ptmxmode = DEVPTS_DEFAULT_PTMX_MODE;
0258     opts->max     = NR_UNIX98_PTY_MAX;
0259
0260     /* Only allow instances mounted from the initial mount
0261      * namespace to tap the reserve pool of ptys.
0262      */
0263     if (op == PARSE_MOUNT)
0264         opts->reserve =
0265             (current->nsproxy->mnt_ns == init_task.nsproxy->mnt_ns);
0266
0267     while ((p = strsep(&data, ",")) != NULL) {
0268         substring_t args[MAX_OPT_ARGS];
0269         int token;
0270         int option;
0271
0272         if (!*p)
0273             continue;
0274
0275         token = match_token(p, tokens, args);
0276         switch (token) {
0277         case Opt_uid:
0278             if (match_int(&args[0], &option))
0279                 return -EINVAL;
0280             uid = make_kuid(current_user_ns(), option);
0281             if (!uid_valid(uid))
0282                 return -EINVAL;
0283             opts->uid = uid;
0284             opts->setuid = 1;
0285             break;
0286         case Opt_gid:
0287             if (match_int(&args[0], &option))
0288                 return -EINVAL;
0289             gid = make_kgid(current_user_ns(), option);
0290             if (!gid_valid(gid))
0291                 return -EINVAL;
0292             opts->gid = gid;
0293             opts->setgid = 1;
0294             break;
0295         case Opt_mode:
0296             if (match_octal(&args[0], &option))
0297                 return -EINVAL;
0298             opts->mode = option & S_IALLUGO;
0299             break;
0300         case Opt_ptmxmode:
0301             if (match_octal(&args[0], &option))
0302                 return -EINVAL;
0303             opts->ptmxmode = option & S_IALLUGO;
0304             break;
0305         case Opt_newinstance:
0306             break;
0307         case Opt_max:
0308             if (match_int(&args[0], &option) ||
0309                 option < 0 || option > NR_UNIX98_PTY_MAX)
0310                 return -EINVAL;
0311             opts->max = option;
0312             break;
0313         default:
0314             pr_err("called with bogus options\n");
0315             return -EINVAL;
0316         }
0317     }
0318
0319     return 0;
0320 }
0321
0322 static int mknod_ptmx(struct super_block *sb)
0323 {
0324     int mode;
0325     int rc = -ENOMEM;
0326     struct dentry *dentry;
0327     struct inode *inode;
0328     struct dentry *root = sb->s_root;
0329     struct pts_fs_info *fsi = DEVPTS_SB(sb);
0330     struct pts_mount_opts *opts = &fsi->mount_opts;
0331     kuid_t ptmx_uid = current_fsuid();
0332     kgid_t ptmx_gid = current_fsgid();
0333
0334     inode_lock(d_inode(root));
0335
0336     /* If we have already created ptmx node, return */
0337     if (fsi->ptmx_dentry) {
0338         rc = 0;
0339         goto out;
0340     }
0341
0342     dentry = d_alloc_name(root, "ptmx");
0343     if (!dentry) {
0344         pr_err("Unable to alloc dentry for ptmx node\n");
0345         goto out;
0346     }
0347
0348     /*
0349      * Create a new 'ptmx' node in this mount of devpts.
0350      */
0351     inode = new_inode(sb);
0352     if (!inode) {
0353         pr_err("Unable to alloc inode for ptmx node\n");
0354         dput(dentry);
0355         goto out;
0356     }
0357
0358     inode->i_ino = 2;
0359     inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode);
0360
0361     mode = S_IFCHR|opts->ptmxmode;
0362     init_special_inode(inode, mode, MKDEV(TTYAUX_MAJOR, 2));
0363     inode->i_uid = ptmx_uid;
0364     inode->i_gid = ptmx_gid;
0365
0366     d_add(dentry, inode);
0367
0368     fsi->ptmx_dentry = dentry;
0369     rc = 0;
0370 out:
0371     inode_unlock(d_inode(root));
0372     return rc;
0373 }
0374
0375 static void update_ptmx_mode(struct pts_fs_info *fsi)
0376 {
0377     struct inode *inode;
0378     if (fsi->ptmx_dentry) {
0379         inode = d_inode(fsi->ptmx_dentry);
0380         inode->i_mode = S_IFCHR|fsi->mount_opts.ptmxmode;
0381     }
0382 }
0383
0384 static int devpts_remount(struct super_block *sb, int *flags, char *data)
0385 {
0386     int err;
0387     struct pts_fs_info *fsi = DEVPTS_SB(sb);
0388     struct pts_mount_opts *opts = &fsi->mount_opts;
0389
0390     err = parse_mount_options(data, PARSE_REMOUNT, opts);
0391
0392     /*
0393      * parse_mount_options() restores options to default values
0394      * before parsing and may have changed ptmxmode. So, update the
0395      * mode in the inode too. Bogus options don't fail the remount,
0396      * so do this even on error return.
0397      */
0398     update_ptmx_mode(fsi);
0399
0400     return err;
0401 }
0402
0403 static int devpts_show_options(struct seq_file *seq, struct dentry *root)
0404 {
0405     struct pts_fs_info *fsi = DEVPTS_SB(root->d_sb);
0406     struct pts_mount_opts *opts = &fsi->mount_opts;
0407
0408     if (opts->setuid)
0409         seq_printf(seq, ",uid=%u",
0410                from_kuid_munged(&init_user_ns, opts->uid));
0411     if (opts->setgid)
0412         seq_printf(seq, ",gid=%u",
0413                from_kgid_munged(&init_user_ns, opts->gid));
0414     seq_printf(seq, ",mode=%03o", opts->mode);
0415     seq_printf(seq, ",ptmxmode=%03o", opts->ptmxmode);
0416     if (opts->max < NR_UNIX98_PTY_MAX)
0417         seq_printf(seq, ",max=%d", opts->max);
0418
0419     return 0;
0420 }
0421
0422 static const struct super_operations devpts_sops = {
0423     .statfs     = simple_statfs,
0424     .remount_fs = devpts_remount,
0425     .show_options   = devpts_show_options,
0426 };
0427
0428 static void *new_pts_fs_info(struct super_block *sb)
0429 {
0430     struct pts_fs_info *fsi;
0431
0432     fsi = kzalloc(sizeof(struct pts_fs_info), GFP_KERNEL);
0433     if (!fsi)
0434         return NULL;
0435
0436     ida_init(&fsi->allocated_ptys);
0437     fsi->mount_opts.mode = DEVPTS_DEFAULT_MODE;
0438     fsi->mount_opts.ptmxmode = DEVPTS_DEFAULT_PTMX_MODE;
0439     fsi->sb = sb;
0440
0441     return fsi;
0442 }
0443
0444 static int
0445 devpts_fill_super(struct super_block *s, void *data, int silent)
0446 {
0447     struct inode *inode;
0448     int error;
0449
0450     s->s_iflags &= ~SB_I_NODEV;
0451     s->s_blocksize = 1024;
0452     s->s_blocksize_bits = 10;
0453     s->s_magic = DEVPTS_SUPER_MAGIC;
0454     s->s_op = &devpts_sops;
0455     s->s_d_op = &simple_dentry_operations;
0456     s->s_time_gran = 1;
0457
0458     error = -ENOMEM;
0459     s->s_fs_info = new_pts_fs_info(s);
0460     if (!s->s_fs_info)
0461         goto fail;
0462
0463     error = parse_mount_options(data, PARSE_MOUNT, &DEVPTS_SB(s)->mount_opts);
0464     if (error)
0465         goto fail;
0466
0467     error = -ENOMEM;
0468     inode = new_inode(s);
0469     if (!inode)
0470         goto fail;
0471     inode->i_ino = 1;
0472     inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode);
0473     inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR;
0474     inode->i_op = &simple_dir_inode_operations;
0475     inode->i_fop = &simple_dir_operations;
0476     set_nlink(inode, 2);
0477
0478     s->s_root = d_make_root(inode);
0479     if (!s->s_root) {
0480         pr_err("get root dentry failed\n");
0481         goto fail;
0482     }
0483
0484     error = mknod_ptmx(s);
0485     if (error)
0486         goto fail_dput;
0487
0488     return 0;
0489 fail_dput:
0490     dput(s->s_root);
0491     s->s_root = NULL;
0492 fail:
0493     return error;
0494 }
0495
0496 /*
0497  * devpts_mount()
0498  *
0499  *     Mount a new (private) instance of devpts.  PTYs created in this
0500  *     instance are independent of the PTYs in other devpts instances.
0501  */
0502 static struct dentry *devpts_mount(struct file_system_type *fs_type,
0503     int flags, const char *dev_name, void *data)
0504 {
0505     return mount_nodev(fs_type, flags, data, devpts_fill_super);
0506 }
0507
0508 static void devpts_kill_sb(struct super_block *sb)
0509 {
0510     struct pts_fs_info *fsi = DEVPTS_SB(sb);
0511
0512     if (fsi)
0513         ida_destroy(&fsi->allocated_ptys);
0514     kfree(fsi);
0515     kill_litter_super(sb);
0516 }
0517
0518 static struct file_system_type devpts_fs_type = {
0519     .name       = "devpts",
0520     .mount      = devpts_mount,
0521     .kill_sb    = devpts_kill_sb,
0522     .fs_flags   = FS_USERNS_MOUNT,
0523 };
0524
0525 /*
0526  * The normal naming convention is simply /dev/pts/<number>; this conforms
0527  * to the System V naming convention
0528  */
0529
0530 int devpts_new_index(struct pts_fs_info *fsi)
0531 {
0532     int index = -ENOSPC;
0533
0534     if (atomic_inc_return(&pty_count) >= (pty_limit -
0535               (fsi->mount_opts.reserve ? 0 : pty_reserve)))
0536         goto out;
0537
0538     index = ida_alloc_max(&fsi->allocated_ptys, fsi->mount_opts.max - 1,
0539             GFP_KERNEL);
0540
0541 out:
0542     if (index < 0)
0543         atomic_dec(&pty_count);
0544     return index;
0545 }
0546
0547 void devpts_kill_index(struct pts_fs_info *fsi, int idx)
0548 {
0549     ida_free(&fsi->allocated_ptys, idx);
0550     atomic_dec(&pty_count);
0551 }
0552
0553 /**
0554  * devpts_pty_new -- create a new inode in /dev/pts/
0555  * @ptmx_inode: inode of the master
0556  * @device: major+minor of the node to be created
0557  * @index: used as a name of the node
0558  * @priv: what's given back by devpts_get_priv
0559  *
0560  * The created inode is returned. Remove it from /dev/pts/ by devpts_pty_kill.
0561  */
0562 struct dentry *devpts_pty_new(struct pts_fs_info *fsi, int index, void *priv)
0563 {
0564     struct dentry *dentry;
0565     struct super_block *sb = fsi->sb;
0566     struct inode *inode;
0567     struct dentry *root;
0568     struct pts_mount_opts *opts;
0569     char s[12];
0570
0571     root = sb->s_root;
0572     opts = &fsi->mount_opts;
0573
0574     inode = new_inode(sb);
0575     if (!inode)
0576         return ERR_PTR(-ENOMEM);
0577
0578     inode->i_ino = index + 3;
0579     inode->i_uid = opts->setuid ? opts->uid : current_fsuid();
0580     inode->i_gid = opts->setgid ? opts->gid : current_fsgid();
0581     inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode);
0582     init_special_inode(inode, S_IFCHR|opts->mode, MKDEV(UNIX98_PTY_SLAVE_MAJOR, index));
0583
0584     sprintf(s, "%d", index);
0585
0586     dentry = d_alloc_name(root, s);
0587     if (dentry) {
0588         dentry->d_fsdata = priv;
0589         d_add(dentry, inode);
0590         fsnotify_create(d_inode(root), dentry);
0591     } else {
0592         iput(inode);
0593         dentry = ERR_PTR(-ENOMEM);
0594     }
0595
0596     return dentry;
0597 }
0598
0599 /**
0600  * devpts_get_priv -- get private data for a slave
0601  * @pts_inode: inode of the slave
0602  *
0603  * Returns whatever was passed as priv in devpts_pty_new for a given inode.
0604  */
0605 void *devpts_get_priv(struct dentry *dentry)
0606 {
0607     if (dentry->d_sb->s_magic != DEVPTS_SUPER_MAGIC)
0608         return NULL;
0609     return dentry->d_fsdata;
0610 }
0611
0612 /**
0613  * devpts_pty_kill -- remove inode form /dev/pts/
0614  * @inode: inode of the slave to be removed
0615  *
0616  * This is an inverse operation of devpts_pty_new.
0617  */
0618 void devpts_pty_kill(struct dentry *dentry)
0619 {
0620     WARN_ON_ONCE(dentry->d_sb->s_magic != DEVPTS_SUPER_MAGIC);
0621
0622     dentry->d_fsdata = NULL;
0623     drop_nlink(dentry->d_inode);
0624     d_drop(dentry);
0625     fsnotify_unlink(d_inode(dentry->d_parent), dentry);
0626     dput(dentry);   /* d_alloc_name() in devpts_pty_new() */
0627 }
0628
0629 static int __init init_devpts_fs(void)
0630 {
0631     int err = register_filesystem(&devpts_fs_type);
0632     if (!err) {
0633         register_sysctl_table(pty_root_table);
0634     }
0635     return err;
0636 }
0637 module_init(init_devpts_fs)