inode.c (15019B)
1// SPDX-License-Identifier: GPL-2.0-or-later 2/* -*- linux-c -*- --------------------------------------------------------- * 3 * 4 * linux/fs/devpts/inode.c 5 * 6 * Copyright 1998-2004 H. Peter Anvin -- All Rights Reserved 7 * 8 * ------------------------------------------------------------------------- */ 9 10#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 11 12#include <linux/module.h> 13#include <linux/init.h> 14#include <linux/fs.h> 15#include <linux/sched.h> 16#include <linux/namei.h> 17#include <linux/slab.h> 18#include <linux/mount.h> 19#include <linux/tty.h> 20#include <linux/mutex.h> 21#include <linux/magic.h> 22#include <linux/idr.h> 23#include <linux/devpts_fs.h> 24#include <linux/parser.h> 25#include <linux/fsnotify.h> 26#include <linux/seq_file.h> 27 28#define DEVPTS_DEFAULT_MODE 0600 29/* 30 * ptmx is a new node in /dev/pts and will be unused in legacy (single- 31 * instance) mode. To prevent surprises in user space, set permissions of 32 * ptmx to 0. Use 'chmod' or remount with '-o ptmxmode' to set meaningful 33 * permissions. 34 */ 35#define DEVPTS_DEFAULT_PTMX_MODE 0000 36#define PTMX_MINOR 2 37 38/* 39 * sysctl support for setting limits on the number of Unix98 ptys allocated. 40 * Otherwise one can eat up all kernel memory by opening /dev/ptmx repeatedly. 41 */ 42static int pty_limit = NR_UNIX98_PTY_DEFAULT; 43static int pty_reserve = NR_UNIX98_PTY_RESERVE; 44static int pty_limit_min; 45static int pty_limit_max = INT_MAX; 46static atomic_t pty_count = ATOMIC_INIT(0); 47 48static struct ctl_table pty_table[] = { 49 { 50 .procname = "max", 51 .maxlen = sizeof(int), 52 .mode = 0644, 53 .data = &pty_limit, 54 .proc_handler = proc_dointvec_minmax, 55 .extra1 = &pty_limit_min, 56 .extra2 = &pty_limit_max, 57 }, { 58 .procname = "reserve", 59 .maxlen = sizeof(int), 60 .mode = 0644, 61 .data = &pty_reserve, 62 .proc_handler = proc_dointvec_minmax, 63 .extra1 = &pty_limit_min, 64 .extra2 = &pty_limit_max, 65 }, { 66 .procname = "nr", 67 .maxlen = sizeof(int), 68 .mode = 0444, 69 .data = &pty_count, 70 .proc_handler = proc_dointvec, 71 }, 72 {} 73}; 74 75static struct ctl_table pty_kern_table[] = { 76 { 77 .procname = "pty", 78 .mode = 0555, 79 .child = pty_table, 80 }, 81 {} 82}; 83 84static struct ctl_table pty_root_table[] = { 85 { 86 .procname = "kernel", 87 .mode = 0555, 88 .child = pty_kern_table, 89 }, 90 {} 91}; 92 93struct pts_mount_opts { 94 int setuid; 95 int setgid; 96 kuid_t uid; 97 kgid_t gid; 98 umode_t mode; 99 umode_t ptmxmode; 100 int reserve; 101 int max; 102}; 103 104enum { 105 Opt_uid, Opt_gid, Opt_mode, Opt_ptmxmode, Opt_newinstance, Opt_max, 106 Opt_err 107}; 108 109static const match_table_t tokens = { 110 {Opt_uid, "uid=%u"}, 111 {Opt_gid, "gid=%u"}, 112 {Opt_mode, "mode=%o"}, 113 {Opt_ptmxmode, "ptmxmode=%o"}, 114 {Opt_newinstance, "newinstance"}, 115 {Opt_max, "max=%d"}, 116 {Opt_err, NULL} 117}; 118 119struct pts_fs_info { 120 struct ida allocated_ptys; 121 struct pts_mount_opts mount_opts; 122 struct super_block *sb; 123 struct dentry *ptmx_dentry; 124}; 125 126static inline struct pts_fs_info *DEVPTS_SB(struct super_block *sb) 127{ 128 return sb->s_fs_info; 129} 130 131static int devpts_ptmx_path(struct path *path) 132{ 133 struct super_block *sb; 134 int err; 135 136 /* Is a devpts filesystem at "pts" in the same directory? */ 137 err = path_pts(path); 138 if (err) 139 return err; 140 141 /* Is the path the root of a devpts filesystem? */ 142 sb = path->mnt->mnt_sb; 143 if ((sb->s_magic != DEVPTS_SUPER_MAGIC) || 144 (path->mnt->mnt_root != sb->s_root)) 145 return -ENODEV; 146 147 return 0; 148} 149 150/* 151 * Try to find a suitable devpts filesystem. We support the following 152 * scenarios: 153 * - The ptmx device node is located in the same directory as the devpts 154 * mount where the pts device nodes are located. 155 * This is e.g. the case when calling open on the /dev/pts/ptmx device 156 * node when the devpts filesystem is mounted at /dev/pts. 157 * - The ptmx device node is located outside the devpts filesystem mount 158 * where the pts device nodes are located. For example, the ptmx device 159 * is a symlink, separate device node, or bind-mount. 160 * A supported scenario is bind-mounting /dev/pts/ptmx to /dev/ptmx and 161 * then calling open on /dev/ptmx. In this case a suitable pts 162 * subdirectory can be found in the common parent directory /dev of the 163 * devpts mount and the ptmx bind-mount, after resolving the /dev/ptmx 164 * bind-mount. 165 * If no suitable pts subdirectory can be found this function will fail. 166 * This is e.g. the case when bind-mounting /dev/pts/ptmx to /ptmx. 167 */ 168struct vfsmount *devpts_mntget(struct file *filp, struct pts_fs_info *fsi) 169{ 170 struct path path; 171 int err = 0; 172 173 path = filp->f_path; 174 path_get(&path); 175 176 /* Walk upward while the start point is a bind mount of 177 * a single file. 178 */ 179 while (path.mnt->mnt_root == path.dentry) 180 if (follow_up(&path) == 0) 181 break; 182 183 /* devpts_ptmx_path() finds a devpts fs or returns an error. */ 184 if ((path.mnt->mnt_sb->s_magic != DEVPTS_SUPER_MAGIC) || 185 (DEVPTS_SB(path.mnt->mnt_sb) != fsi)) 186 err = devpts_ptmx_path(&path); 187 dput(path.dentry); 188 if (!err) { 189 if (DEVPTS_SB(path.mnt->mnt_sb) == fsi) 190 return path.mnt; 191 192 err = -ENODEV; 193 } 194 195 mntput(path.mnt); 196 return ERR_PTR(err); 197} 198 199struct pts_fs_info *devpts_acquire(struct file *filp) 200{ 201 struct pts_fs_info *result; 202 struct path path; 203 struct super_block *sb; 204 205 path = filp->f_path; 206 path_get(&path); 207 208 /* Has the devpts filesystem already been found? */ 209 if (path.mnt->mnt_sb->s_magic != DEVPTS_SUPER_MAGIC) { 210 int err; 211 212 err = devpts_ptmx_path(&path); 213 if (err) { 214 result = ERR_PTR(err); 215 goto out; 216 } 217 } 218 219 /* 220 * pty code needs to hold extra references in case of last /dev/tty close 221 */ 222 sb = path.mnt->mnt_sb; 223 atomic_inc(&sb->s_active); 224 result = DEVPTS_SB(sb); 225 226out: 227 path_put(&path); 228 return result; 229} 230 231void devpts_release(struct pts_fs_info *fsi) 232{ 233 deactivate_super(fsi->sb); 234} 235 236#define PARSE_MOUNT 0 237#define PARSE_REMOUNT 1 238 239/* 240 * parse_mount_options(): 241 * Set @opts to mount options specified in @data. If an option is not 242 * specified in @data, set it to its default value. 243 * 244 * Note: @data may be NULL (in which case all options are set to default). 245 */ 246static int parse_mount_options(char *data, int op, struct pts_mount_opts *opts) 247{ 248 char *p; 249 kuid_t uid; 250 kgid_t gid; 251 252 opts->setuid = 0; 253 opts->setgid = 0; 254 opts->uid = GLOBAL_ROOT_UID; 255 opts->gid = GLOBAL_ROOT_GID; 256 opts->mode = DEVPTS_DEFAULT_MODE; 257 opts->ptmxmode = DEVPTS_DEFAULT_PTMX_MODE; 258 opts->max = NR_UNIX98_PTY_MAX; 259 260 /* Only allow instances mounted from the initial mount 261 * namespace to tap the reserve pool of ptys. 262 */ 263 if (op == PARSE_MOUNT) 264 opts->reserve = 265 (current->nsproxy->mnt_ns == init_task.nsproxy->mnt_ns); 266 267 while ((p = strsep(&data, ",")) != NULL) { 268 substring_t args[MAX_OPT_ARGS]; 269 int token; 270 int option; 271 272 if (!*p) 273 continue; 274 275 token = match_token(p, tokens, args); 276 switch (token) { 277 case Opt_uid: 278 if (match_int(&args[0], &option)) 279 return -EINVAL; 280 uid = make_kuid(current_user_ns(), option); 281 if (!uid_valid(uid)) 282 return -EINVAL; 283 opts->uid = uid; 284 opts->setuid = 1; 285 break; 286 case Opt_gid: 287 if (match_int(&args[0], &option)) 288 return -EINVAL; 289 gid = make_kgid(current_user_ns(), option); 290 if (!gid_valid(gid)) 291 return -EINVAL; 292 opts->gid = gid; 293 opts->setgid = 1; 294 break; 295 case Opt_mode: 296 if (match_octal(&args[0], &option)) 297 return -EINVAL; 298 opts->mode = option & S_IALLUGO; 299 break; 300 case Opt_ptmxmode: 301 if (match_octal(&args[0], &option)) 302 return -EINVAL; 303 opts->ptmxmode = option & S_IALLUGO; 304 break; 305 case Opt_newinstance: 306 break; 307 case Opt_max: 308 if (match_int(&args[0], &option) || 309 option < 0 || option > NR_UNIX98_PTY_MAX) 310 return -EINVAL; 311 opts->max = option; 312 break; 313 default: 314 pr_err("called with bogus options\n"); 315 return -EINVAL; 316 } 317 } 318 319 return 0; 320} 321 322static int mknod_ptmx(struct super_block *sb) 323{ 324 int mode; 325 int rc = -ENOMEM; 326 struct dentry *dentry; 327 struct inode *inode; 328 struct dentry *root = sb->s_root; 329 struct pts_fs_info *fsi = DEVPTS_SB(sb); 330 struct pts_mount_opts *opts = &fsi->mount_opts; 331 kuid_t ptmx_uid = current_fsuid(); 332 kgid_t ptmx_gid = current_fsgid(); 333 334 inode_lock(d_inode(root)); 335 336 /* If we have already created ptmx node, return */ 337 if (fsi->ptmx_dentry) { 338 rc = 0; 339 goto out; 340 } 341 342 dentry = d_alloc_name(root, "ptmx"); 343 if (!dentry) { 344 pr_err("Unable to alloc dentry for ptmx node\n"); 345 goto out; 346 } 347 348 /* 349 * Create a new 'ptmx' node in this mount of devpts. 350 */ 351 inode = new_inode(sb); 352 if (!inode) { 353 pr_err("Unable to alloc inode for ptmx node\n"); 354 dput(dentry); 355 goto out; 356 } 357 358 inode->i_ino = 2; 359 inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); 360 361 mode = S_IFCHR|opts->ptmxmode; 362 init_special_inode(inode, mode, MKDEV(TTYAUX_MAJOR, 2)); 363 inode->i_uid = ptmx_uid; 364 inode->i_gid = ptmx_gid; 365 366 d_add(dentry, inode); 367 368 fsi->ptmx_dentry = dentry; 369 rc = 0; 370out: 371 inode_unlock(d_inode(root)); 372 return rc; 373} 374 375static void update_ptmx_mode(struct pts_fs_info *fsi) 376{ 377 struct inode *inode; 378 if (fsi->ptmx_dentry) { 379 inode = d_inode(fsi->ptmx_dentry); 380 inode->i_mode = S_IFCHR|fsi->mount_opts.ptmxmode; 381 } 382} 383 384static int devpts_remount(struct super_block *sb, int *flags, char *data) 385{ 386 int err; 387 struct pts_fs_info *fsi = DEVPTS_SB(sb); 388 struct pts_mount_opts *opts = &fsi->mount_opts; 389 390 err = parse_mount_options(data, PARSE_REMOUNT, opts); 391 392 /* 393 * parse_mount_options() restores options to default values 394 * before parsing and may have changed ptmxmode. So, update the 395 * mode in the inode too. Bogus options don't fail the remount, 396 * so do this even on error return. 397 */ 398 update_ptmx_mode(fsi); 399 400 return err; 401} 402 403static int devpts_show_options(struct seq_file *seq, struct dentry *root) 404{ 405 struct pts_fs_info *fsi = DEVPTS_SB(root->d_sb); 406 struct pts_mount_opts *opts = &fsi->mount_opts; 407 408 if (opts->setuid) 409 seq_printf(seq, ",uid=%u", 410 from_kuid_munged(&init_user_ns, opts->uid)); 411 if (opts->setgid) 412 seq_printf(seq, ",gid=%u", 413 from_kgid_munged(&init_user_ns, opts->gid)); 414 seq_printf(seq, ",mode=%03o", opts->mode); 415 seq_printf(seq, ",ptmxmode=%03o", opts->ptmxmode); 416 if (opts->max < NR_UNIX98_PTY_MAX) 417 seq_printf(seq, ",max=%d", opts->max); 418 419 return 0; 420} 421 422static const struct super_operations devpts_sops = { 423 .statfs = simple_statfs, 424 .remount_fs = devpts_remount, 425 .show_options = devpts_show_options, 426}; 427 428static void *new_pts_fs_info(struct super_block *sb) 429{ 430 struct pts_fs_info *fsi; 431 432 fsi = kzalloc(sizeof(struct pts_fs_info), GFP_KERNEL); 433 if (!fsi) 434 return NULL; 435 436 ida_init(&fsi->allocated_ptys); 437 fsi->mount_opts.mode = DEVPTS_DEFAULT_MODE; 438 fsi->mount_opts.ptmxmode = DEVPTS_DEFAULT_PTMX_MODE; 439 fsi->sb = sb; 440 441 return fsi; 442} 443 444static int 445devpts_fill_super(struct super_block *s, void *data, int silent) 446{ 447 struct inode *inode; 448 int error; 449 450 s->s_iflags &= ~SB_I_NODEV; 451 s->s_blocksize = 1024; 452 s->s_blocksize_bits = 10; 453 s->s_magic = DEVPTS_SUPER_MAGIC; 454 s->s_op = &devpts_sops; 455 s->s_d_op = &simple_dentry_operations; 456 s->s_time_gran = 1; 457 458 error = -ENOMEM; 459 s->s_fs_info = new_pts_fs_info(s); 460 if (!s->s_fs_info) 461 goto fail; 462 463 error = parse_mount_options(data, PARSE_MOUNT, &DEVPTS_SB(s)->mount_opts); 464 if (error) 465 goto fail; 466 467 error = -ENOMEM; 468 inode = new_inode(s); 469 if (!inode) 470 goto fail; 471 inode->i_ino = 1; 472 inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); 473 inode->i_mode = S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR; 474 inode->i_op = &simple_dir_inode_operations; 475 inode->i_fop = &simple_dir_operations; 476 set_nlink(inode, 2); 477 478 s->s_root = d_make_root(inode); 479 if (!s->s_root) { 480 pr_err("get root dentry failed\n"); 481 goto fail; 482 } 483 484 error = mknod_ptmx(s); 485 if (error) 486 goto fail_dput; 487 488 return 0; 489fail_dput: 490 dput(s->s_root); 491 s->s_root = NULL; 492fail: 493 return error; 494} 495 496/* 497 * devpts_mount() 498 * 499 * Mount a new (private) instance of devpts. PTYs created in this 500 * instance are independent of the PTYs in other devpts instances. 501 */ 502static struct dentry *devpts_mount(struct file_system_type *fs_type, 503 int flags, const char *dev_name, void *data) 504{ 505 return mount_nodev(fs_type, flags, data, devpts_fill_super); 506} 507 508static void devpts_kill_sb(struct super_block *sb) 509{ 510 struct pts_fs_info *fsi = DEVPTS_SB(sb); 511 512 if (fsi) 513 ida_destroy(&fsi->allocated_ptys); 514 kfree(fsi); 515 kill_litter_super(sb); 516} 517 518static struct file_system_type devpts_fs_type = { 519 .name = "devpts", 520 .mount = devpts_mount, 521 .kill_sb = devpts_kill_sb, 522 .fs_flags = FS_USERNS_MOUNT, 523}; 524 525/* 526 * The normal naming convention is simply /dev/pts/<number>; this conforms 527 * to the System V naming convention 528 */ 529 530int devpts_new_index(struct pts_fs_info *fsi) 531{ 532 int index = -ENOSPC; 533 534 if (atomic_inc_return(&pty_count) >= (pty_limit - 535 (fsi->mount_opts.reserve ? 0 : pty_reserve))) 536 goto out; 537 538 index = ida_alloc_max(&fsi->allocated_ptys, fsi->mount_opts.max - 1, 539 GFP_KERNEL); 540 541out: 542 if (index < 0) 543 atomic_dec(&pty_count); 544 return index; 545} 546 547void devpts_kill_index(struct pts_fs_info *fsi, int idx) 548{ 549 ida_free(&fsi->allocated_ptys, idx); 550 atomic_dec(&pty_count); 551} 552 553/** 554 * devpts_pty_new -- create a new inode in /dev/pts/ 555 * @ptmx_inode: inode of the master 556 * @device: major+minor of the node to be created 557 * @index: used as a name of the node 558 * @priv: what's given back by devpts_get_priv 559 * 560 * The created inode is returned. Remove it from /dev/pts/ by devpts_pty_kill. 561 */ 562struct dentry *devpts_pty_new(struct pts_fs_info *fsi, int index, void *priv) 563{ 564 struct dentry *dentry; 565 struct super_block *sb = fsi->sb; 566 struct inode *inode; 567 struct dentry *root; 568 struct pts_mount_opts *opts; 569 char s[12]; 570 571 root = sb->s_root; 572 opts = &fsi->mount_opts; 573 574 inode = new_inode(sb); 575 if (!inode) 576 return ERR_PTR(-ENOMEM); 577 578 inode->i_ino = index + 3; 579 inode->i_uid = opts->setuid ? opts->uid : current_fsuid(); 580 inode->i_gid = opts->setgid ? opts->gid : current_fsgid(); 581 inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); 582 init_special_inode(inode, S_IFCHR|opts->mode, MKDEV(UNIX98_PTY_SLAVE_MAJOR, index)); 583 584 sprintf(s, "%d", index); 585 586 dentry = d_alloc_name(root, s); 587 if (dentry) { 588 dentry->d_fsdata = priv; 589 d_add(dentry, inode); 590 fsnotify_create(d_inode(root), dentry); 591 } else { 592 iput(inode); 593 dentry = ERR_PTR(-ENOMEM); 594 } 595 596 return dentry; 597} 598 599/** 600 * devpts_get_priv -- get private data for a slave 601 * @pts_inode: inode of the slave 602 * 603 * Returns whatever was passed as priv in devpts_pty_new for a given inode. 604 */ 605void *devpts_get_priv(struct dentry *dentry) 606{ 607 if (dentry->d_sb->s_magic != DEVPTS_SUPER_MAGIC) 608 return NULL; 609 return dentry->d_fsdata; 610} 611 612/** 613 * devpts_pty_kill -- remove inode form /dev/pts/ 614 * @inode: inode of the slave to be removed 615 * 616 * This is an inverse operation of devpts_pty_new. 617 */ 618void devpts_pty_kill(struct dentry *dentry) 619{ 620 WARN_ON_ONCE(dentry->d_sb->s_magic != DEVPTS_SUPER_MAGIC); 621 622 dentry->d_fsdata = NULL; 623 drop_nlink(dentry->d_inode); 624 d_drop(dentry); 625 fsnotify_unlink(d_inode(dentry->d_parent), dentry); 626 dput(dentry); /* d_alloc_name() in devpts_pty_new() */ 627} 628 629static int __init init_devpts_fs(void) 630{ 631 int err = register_filesystem(&devpts_fs_type); 632 if (!err) { 633 register_sysctl_table(pty_root_table); 634 } 635 return err; 636} 637module_init(init_devpts_fs)