Eric W. Biederman [] - 24 August 2017 16:23 UTC

The implementation of TIOCGPTPEER has two issues.

When /dev/ptmx (as opposed to /dev/pts/ptmx) is opened the wrong
vfsmount is passed to dentry_open. Which results in the kernel displaying the wrong pathname for the peer.

The second is simply by caching the vfsmount and dentry of the peer it leaves them open, in a way they were not previously Which because of the inreased reference counts can cause unnecessary behaviour differences resulting in regressions.

To fix these move the ioctl into tty_io.c at a generic level allowing the ioctl to have access to the struct file on which the ioctl is being called. This allows the path of the slave to be derived when opening the slave through TIOCGPTPEER instead of requiring the path to the slave be cached. Thus removing the need for caching the path.

A new function devpts_ptmx_path is factored out of devpts_acquire and used to implement a function devpts_mntget. The new function devpts_mntget takes a filp to perform the lookup on and fsi so that it can confirm that the superblock that is found by devpts_ptmx_path is the proper superblock.

v2: Lots of fixes to make the code actually work
v3: Suggestions by Linus- Removed the unnecessary initialization of filp in ptm_open_peer- Simplified devpts_ptmx_path as gotos are no longer required

[ This is the fix for the issue that was reverted in commit 143c97cc6529, but this time without breaking 'pbuilder' due to increased reference counts - Linus ]

Fixes: 54ebbfb16034 ("tty: add TIOCGPTPEER ioctl")

311fc65 pty: Repair TIOCGPTPEER
drivers/tty/pty.c | 64 ++++++++++++++++++++--------------------------
drivers/tty/tty_io.c | 3 +++
fs/devpts/inode.c | 65 +++++++++++++++++++++++++++++++++++------------
include/linux/devpts_fs.h | 10 ++++++++
4 files changed, 89 insertions(+), 53 deletions(-)


