Re: Ptyfs correction.

[Ilia Zykov <netbsd%izyk.ru@localhost>]

On 15.10.2014 18:55, Christos Zoulas wrote:
> On Oct 15,  5:49pm, netbsd%izyk.ru@localhost (Ilia Zykov) wrote:
> -- Subject: Re: Ptyfs correction.
> 
> | 
> | On 15.10.2014 16:55, Christos Zoulas wrote:
> | > On Oct 15,  1:14pm, netbsd%izyk.ru@localhost (Ilia Zykov) wrote:
> | > -- Subject: Re: Ptyfs correction.
> | >
> | > | Hello!
> | > |  - corrects some wrong comments
> | > |  - add XXX warning
> | > |  - increase security
> | > |  - make pty_vn_open() private to tty_ptm.c
> | > | 
> | > | Thank you.
> | > | Ilia.
> | >
> | > Can you please explain this:
> | >
> | > -       if (type == PTYFSptc)
> | > +       /* Activate node only after we have grabbed device. */
> | > +       if (type == PTYFSpts)
> | >
> | >
> | > Thanks.
> | > christos
> | >
> | 
> | On SMP systems(with ptyfs multiple mounts) in this point (type ==
> | PTYFSptc) can be multiple threads.
> | Afterwards "ptm" driver leave only one(all other will grab other
> | devices), but will be time before ptyfs_inactive(),
> | when its will be have active this node for other mount points.
> | After, when "ptm" has grabbed device for this thread, it calls this
> | function only for one winner thread
> | with type == PTYFSpts.  It's situation very difficult usage because we
> | do VOP_REVOKE(), but theoretically
> | possible. And more reliable activate device only at one mount point when
> | we have grabbed device.
> 
> Thanks, makes sense.
> 
> christos
> 

Please.
Try this experiment, you need two terminals one for ordinary user, other for root.
1. In ordinary terminal run ptmxopen(output for sample):
./ptmxopen    
Pty device is : /dev/ptmx 
Name is : /dev/pts/3 
Opened : /dev/pts/3

   correct ptsopen.c for /dev/pts/3
   run
./ptsopen
Pty device is : /dev/pts/3 

2. In root terminal run 
./ptmxopen.
Pty device is : /dev/ptmx 
Name is : /dev/pts/3 
Opened : /dev/pts/3

3. In ordinary terminal I have this output:
Got it. Device name is : /dev/pts/3

It's happened only with /dev/ptmx device.
I don't know why it isn't happened with /dev/ptm, maybe it have some
kernel lock between operations.

This patch can help for this too:
-	if (type == PTYFSptc)
+	/* Activate node only after we have grabbed device. */
+	if (type == PTYFSpts)


Ilia.

#include <util.h>
#include <stdio.h>
#include <termios.h>
#include <err.h>
#include <stdlib.h>

#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/stat.h>

#include <errno.h>
#include <fcntl.h>
#include <grp.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>


main (){
    int master;
    char name[100] = "/dev/pts/3";
    printf("Pty device is : %s \n", name);
infloop:
	if ((master = open(name, O_RDWR)) != -1) {
	    printf("Got it. Device name is : %s \n", name);
	    exit(0);
	}
	goto infloop;
}

#include <util.h>
#include <stdio.h>
#include <termios.h>
#include <err.h>
#include <stdlib.h>

#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/stat.h>

#include <errno.h>
#include <fcntl.h>
#include <grp.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>


main (){
    int amaster, aslave, master;
    char name[100] = "/dev/ptmx";
    printf("Pty device is : %s \n", name);
	if ((master = open(name, O_RDWR)) != -1) {
		struct ptmget pt;
		if (ioctl(master, TIOCGRANTPT, 0) != -1 &&
		    ioctl(master, TIOCPTSNAME, &pt) != -1) {
			amaster = pt.cfd;
			aslave = pt.sfd;
			(void)strcpy(name, pt.sn);
			goto gotit;
		}
		err(EXIT_FAILURE, "Can't ioctl()\n");
	}
	err(EXIT_FAILURE, "Can't open /dev/ptmx\n");
gotit:
    printf("Name is : %s \n", name);
    if(open(name, O_RDWR) != -1) {
	printf("Opened : %s \n", name);
    } else {
	printf("Fault : %s \n", name);
    }
}