int
cttyopen(__unused dev_t dev, int flag, __unused int mode, proc_t p)
{
vnode_t ttyvp = cttyvp(p);
struct vfs_context context;
int error;
if (ttyvp == NULL)
return (ENXIO);
context.vc_thread = current_thread();
context.vc_ucred = kauth_cred_proc_ref(p);
error = VNOP_OPEN(ttyvp, flag, &context);
vnode_put(ttyvp);
kauth_cred_unref(&context.vc_ucred);
return (error);
}
static int
nullfs_open(struct vnop_open_args * args)
{
int error;
struct vnode *vp, *lvp;
NULLFSDEBUG("%s %p\n", __FUNCTION__, args->a_vp);
if (nullfs_checkspecialvp(args->a_vp)) {
return 0; /* nothing extra needed */
}
vp = args->a_vp;
lvp = NULLVPTOLOWERVP(vp);
error = vnode_getwithref(lvp);
if (error == 0) {
error = VNOP_OPEN(lvp, args->a_mode, args->a_context);
vnode_put(lvp);
}
return error;
}
int
cttyopen(dev_t dev, int flag, __unused int mode, proc_t p)
{
vnode_t ttyvp = cttyvp(p);
struct vfs_context context;
int error = 0;
int cttyflag, doclose = 0;
struct session *sessp;
if (ttyvp == NULL)
return (ENXIO);
context.vc_thread = current_thread();
context.vc_ucred = kauth_cred_proc_ref(p);
sessp = proc_session(p);
session_lock(sessp);
cttyflag = sessp->s_flags & S_CTTYREF;
session_unlock(sessp);
/*
* A little hack--this device, used by many processes,
* happens to do an open on another device, which can
* cause unhappiness if the second-level open blocks indefinitely
* (as could be the case if the master side has hung up). Since
* we know that this driver doesn't care about the serializing
* opens and closes, we can drop the lock. To avoid opencount leak,
* open the vnode only for the first time.
*/
if (cttyflag == 0) {
devsw_unlock(dev, S_IFCHR);
error = VNOP_OPEN(ttyvp, flag, &context);
devsw_lock(dev, S_IFCHR);
if (error)
goto out;
/*
* If S_CTTYREF is set, some other thread did an open
* and was able to set the flag, now perform a close, else
* set the flag.
*/
session_lock(sessp);
if (cttyflag == (sessp->s_flags & S_CTTYREF))
sessp->s_flags |= S_CTTYREF;
else
doclose = 1;
session_unlock(sessp);
/*
* We have to take a reference here to make sure a close
* gets called during revoke. Note that once a controlling
* tty gets opened by this driver, the only way close will
* get called is when the session leader , whose controlling
* tty is ttyvp, exits and vnode is revoked. We cannot
* redirect close from this driver because underlying controlling
* terminal might change and close may get redirected to a
* wrong vnode causing panic.
*/
if (doclose) {
devsw_unlock(dev, S_IFCHR);
VNOP_CLOSE(ttyvp, flag, &context);
devsw_lock(dev, S_IFCHR);
} else {
error = vnode_ref(ttyvp);
}
}
out:
session_rele(sessp);
vnode_put(ttyvp);
kauth_cred_unref(&context.vc_ucred);
return (error);
}
/*
* This routine exists to support the load_dylinker().
*
* This routine has its own, separate, understanding of the FAT file format,
* which is terrifically unfortunate.
*/
static
load_return_t
get_macho_vnode(
char *path,
integer_t archbits,
struct mach_header *mach_header,
off_t *file_offset,
off_t *macho_size,
struct vnode **vpp
)
{
struct vnode *vp;
vfs_context_t ctx = vfs_context_current();
proc_t p = vfs_context_proc(ctx);
kauth_cred_t kerncred;
struct nameidata nid, *ndp;
boolean_t is_fat;
struct fat_arch fat_arch;
int error = LOAD_SUCCESS;
int resid;
union {
struct mach_header mach_header;
struct fat_header fat_header;
char pad[512];
} header;
off_t fsize = (off_t)0;
int err2;
/*
* Capture the kernel credential for use in the actual read of the
* file, since the user doing the execution may have execute rights
* but not read rights, but to exec something, we have to either map
* or read it into the new process address space, which requires
* read rights. This is to deal with lack of common credential
* serialization code which would treat NOCRED as "serialize 'root'".
*/
kerncred = vfs_context_ucred(vfs_context_kernel());
ndp = &nid;
/* init the namei data to point the file user's program name */
NDINIT(ndp, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE32, CAST_USER_ADDR_T(path), ctx);
if ((error = namei(ndp)) != 0) {
if (error == ENOENT) {
error = LOAD_ENOENT;
} else {
error = LOAD_FAILURE;
}
return(error);
}
nameidone(ndp);
vp = ndp->ni_vp;
/* check for regular file */
if (vp->v_type != VREG) {
error = LOAD_PROTECT;
goto bad1;
}
/* get size */
if ((error = vnode_size(vp, &fsize, ctx)) != 0) {
error = LOAD_FAILURE;
goto bad1;
}
/* Check mount point */
if (vp->v_mount->mnt_flag & MNT_NOEXEC) {
error = LOAD_PROTECT;
goto bad1;
}
/* check access */
if ((error = vnode_authorize(vp, NULL, KAUTH_VNODE_EXECUTE, ctx)) != 0) {
error = LOAD_PROTECT;
goto bad1;
}
/* try to open it */
if ((error = VNOP_OPEN(vp, FREAD, ctx)) != 0) {
error = LOAD_PROTECT;
goto bad1;
}
if ((error = vn_rdwr(UIO_READ, vp, (caddr_t)&header, sizeof(header), 0,
UIO_SYSSPACE32, IO_NODELOCKED, kerncred, &resid, p)) != 0) {
error = LOAD_IOERROR;
goto bad2;
}
if (header.mach_header.magic == MH_MAGIC ||
header.mach_header.magic == MH_MAGIC_64)
is_fat = FALSE;
else if (header.fat_header.magic == FAT_MAGIC ||
header.fat_header.magic == FAT_CIGAM)
is_fat = TRUE;
else {
error = LOAD_BADMACHO;
goto bad2;
}
if (is_fat) {
/* Look up our architecture in the fat file. */
error = fatfile_getarch_with_bits(vp, archbits, (vm_offset_t)(&header.fat_header), &fat_arch);
if (error != LOAD_SUCCESS)
goto bad2;
/* Read the Mach-O header out of it */
error = vn_rdwr(UIO_READ, vp, (caddr_t)&header.mach_header,
sizeof(header.mach_header), fat_arch.offset,
UIO_SYSSPACE32, IO_NODELOCKED, kerncred, &resid, p);
if (error) {
error = LOAD_IOERROR;
goto bad2;
}
/* Is this really a Mach-O? */
if (header.mach_header.magic != MH_MAGIC &&
header.mach_header.magic != MH_MAGIC_64) {
error = LOAD_BADMACHO;
goto bad2;
}
*file_offset = fat_arch.offset;
*macho_size = fat_arch.size;
} else {
/*
* Force get_macho_vnode() to fail if the architecture bits
* do not match the expected architecture bits. This in
* turn causes load_dylinker() to fail for the same reason,
* so it ensures the dynamic linker and the binary are in
* lock-step. This is potentially bad, if we ever add to
* the CPU_ARCH_* bits any bits that are desirable but not
* required, since the dynamic linker might work, but we will
* refuse to load it because of this check.
*/
if ((cpu_type_t)(header.mach_header.cputype & CPU_ARCH_MASK) != archbits)
return(LOAD_BADARCH);
*file_offset = 0;
*macho_size = fsize;
}
*mach_header = header.mach_header;
*vpp = vp;
ubc_setsize(vp, fsize);
return (error);
bad2:
err2 = VNOP_CLOSE(vp, FREAD, ctx);
vnode_put(vp);
return (error);
bad1:
vnode_put(vp);
return(error);
}
