1 /*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7 /*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67 */
68
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/proc_fs.h>
91 #include <linux/init.h>
92 #include <linux/module.h>
93 #include <linux/smp_lock.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99
100 #include <linux/uaccess.h>
101 #include <asm/system.h>
102
103 #include <linux/kbd_kern.h>
104 #include <linux/vt_kern.h>
105 #include <linux/selection.h>
106
107 #include <linux/kmod.h>
108 #include <linux/nsproxy.h>
109
110 #undef TTY_DEBUG_HANGUP
111
112 #define TTY_PARANOIA_CHECK 1
113 #define CHECK_TTY_COUNT 1
114
115 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
116 .c_iflag = ICRNL | IXON,
117 .c_oflag = OPOST | ONLCR,
118 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
119 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
120 ECHOCTL | ECHOKE | IEXTEN,
121 .c_cc = INIT_C_CC,
122 .c_ispeed = 38400,
123 .c_ospeed = 38400
124 };
125
126 EXPORT_SYMBOL(tty_std_termios);
127
128 /* This list gets poked at by procfs and various bits of boot up code. This
129 could do with some rationalisation such as pulling the tty proc function
130 into this file */
131
132 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
133
134 /* Mutex to protect creating and releasing a tty. This is shared with
135 vt.c for deeply disgusting hack reasons */
136 DEFINE_MUTEX(tty_mutex);
137 EXPORT_SYMBOL(tty_mutex);
138
139 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
140 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
141 ssize_t redirected_tty_write(struct file *, const char __user *,
142 size_t, loff_t *);
143 static unsigned int tty_poll(struct file *, poll_table *);
144 static int tty_open(struct inode *, struct file *);
145 static int tty_release(struct inode *, struct file *);
146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147 #ifdef CONFIG_COMPAT
148 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 unsigned long arg);
150 #else
151 #define tty_compat_ioctl NULL
152 #endif
153 static int tty_fasync(int fd, struct file *filp, int on);
154 static void release_tty(struct tty_struct *tty, int idx);
155 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
156 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
157
158 /**
159 * alloc_tty_struct - allocate a tty object
160 *
161 * Return a new empty tty structure. The data fields have not
162 * been initialized in any way but has been zeroed
163 *
164 * Locking: none
165 */
166
alloc_tty_struct(void)167 struct tty_struct *alloc_tty_struct(void)
168 {
169 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
170 }
171
172 /**
173 * free_tty_struct - free a disused tty
174 * @tty: tty struct to free
175 *
176 * Free the write buffers, tty queue and tty memory itself.
177 *
178 * Locking: none. Must be called after tty is definitely unused
179 */
180
free_tty_struct(struct tty_struct * tty)181 void free_tty_struct(struct tty_struct *tty)
182 {
183 kfree(tty->write_buf);
184 tty_buffer_free_all(tty);
185 kfree(tty);
186 }
187
188 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
189
190 /**
191 * tty_name - return tty naming
192 * @tty: tty structure
193 * @buf: buffer for output
194 *
195 * Convert a tty structure into a name. The name reflects the kernel
196 * naming policy and if udev is in use may not reflect user space
197 *
198 * Locking: none
199 */
200
tty_name(struct tty_struct * tty,char * buf)201 char *tty_name(struct tty_struct *tty, char *buf)
202 {
203 if (!tty) /* Hmm. NULL pointer. That's fun. */
204 strcpy(buf, "NULL tty");
205 else
206 strcpy(buf, tty->name);
207 return buf;
208 }
209
210 EXPORT_SYMBOL(tty_name);
211
tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)212 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
213 const char *routine)
214 {
215 #ifdef TTY_PARANOIA_CHECK
216 if (!tty) {
217 printk(KERN_WARNING
218 "null TTY for (%d:%d) in %s\n",
219 imajor(inode), iminor(inode), routine);
220 return 1;
221 }
222 if (tty->magic != TTY_MAGIC) {
223 printk(KERN_WARNING
224 "bad magic number for tty struct (%d:%d) in %s\n",
225 imajor(inode), iminor(inode), routine);
226 return 1;
227 }
228 #endif
229 return 0;
230 }
231
check_tty_count(struct tty_struct * tty,const char * routine)232 static int check_tty_count(struct tty_struct *tty, const char *routine)
233 {
234 #ifdef CHECK_TTY_COUNT
235 struct list_head *p;
236 int count = 0;
237
238 file_list_lock();
239 list_for_each(p, &tty->tty_files) {
240 count++;
241 }
242 file_list_unlock();
243 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
244 tty->driver->subtype == PTY_TYPE_SLAVE &&
245 tty->link && tty->link->count)
246 count++;
247 if (tty->count != count) {
248 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
249 "!= #fd's(%d) in %s\n",
250 tty->name, tty->count, count, routine);
251 return count;
252 }
253 #endif
254 return 0;
255 }
256
257 /**
258 * get_tty_driver - find device of a tty
259 * @dev_t: device identifier
260 * @index: returns the index of the tty
261 *
262 * This routine returns a tty driver structure, given a device number
263 * and also passes back the index number.
264 *
265 * Locking: caller must hold tty_mutex
266 */
267
get_tty_driver(dev_t device,int * index)268 static struct tty_driver *get_tty_driver(dev_t device, int *index)
269 {
270 struct tty_driver *p;
271
272 list_for_each_entry(p, &tty_drivers, tty_drivers) {
273 dev_t base = MKDEV(p->major, p->minor_start);
274 if (device < base || device >= base + p->num)
275 continue;
276 *index = device - base;
277 return tty_driver_kref_get(p);
278 }
279 return NULL;
280 }
281
282 #ifdef CONFIG_CONSOLE_POLL
283
284 /**
285 * tty_find_polling_driver - find device of a polled tty
286 * @name: name string to match
287 * @line: pointer to resulting tty line nr
288 *
289 * This routine returns a tty driver structure, given a name
290 * and the condition that the tty driver is capable of polled
291 * operation.
292 */
tty_find_polling_driver(char * name,int * line)293 struct tty_driver *tty_find_polling_driver(char *name, int *line)
294 {
295 struct tty_driver *p, *res = NULL;
296 int tty_line = 0;
297 int len;
298 char *str;
299
300 for (str = name; *str; str++)
301 if ((*str >= '0' && *str <= '9') || *str == ',')
302 break;
303 if (!*str)
304 return NULL;
305
306 len = str - name;
307 tty_line = simple_strtoul(str, &str, 10);
308
309 mutex_lock(&tty_mutex);
310 /* Search through the tty devices to look for a match */
311 list_for_each_entry(p, &tty_drivers, tty_drivers) {
312 if (strncmp(name, p->name, len) != 0)
313 continue;
314 if (*str == ',')
315 str++;
316 if (*str == '\0')
317 str = NULL;
318
319 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
320 p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
321 res = tty_driver_kref_get(p);
322 *line = tty_line;
323 break;
324 }
325 }
326 mutex_unlock(&tty_mutex);
327
328 return res;
329 }
330 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
331 #endif
332
333 /**
334 * tty_check_change - check for POSIX terminal changes
335 * @tty: tty to check
336 *
337 * If we try to write to, or set the state of, a terminal and we're
338 * not in the foreground, send a SIGTTOU. If the signal is blocked or
339 * ignored, go ahead and perform the operation. (POSIX 7.2)
340 *
341 * Locking: ctrl_lock
342 */
343
tty_check_change(struct tty_struct * tty)344 int tty_check_change(struct tty_struct *tty)
345 {
346 unsigned long flags;
347 int ret = 0;
348
349 if (current->signal->tty != tty)
350 return 0;
351
352 spin_lock_irqsave(&tty->ctrl_lock, flags);
353
354 if (!tty->pgrp) {
355 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
356 goto out_unlock;
357 }
358 if (task_pgrp(current) == tty->pgrp)
359 goto out_unlock;
360 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
361 if (is_ignored(SIGTTOU))
362 goto out;
363 if (is_current_pgrp_orphaned()) {
364 ret = -EIO;
365 goto out;
366 }
367 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
368 set_thread_flag(TIF_SIGPENDING);
369 ret = -ERESTARTSYS;
370 out:
371 return ret;
372 out_unlock:
373 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
374 return ret;
375 }
376
377 EXPORT_SYMBOL(tty_check_change);
378
hung_up_tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)379 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
380 size_t count, loff_t *ppos)
381 {
382 return 0;
383 }
384
hung_up_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)385 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
386 size_t count, loff_t *ppos)
387 {
388 return -EIO;
389 }
390
391 /* No kernel lock held - none needed ;) */
hung_up_tty_poll(struct file * filp,poll_table * wait)392 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
393 {
394 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
395 }
396
hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)397 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
398 unsigned long arg)
399 {
400 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
401 }
402
hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)403 static long hung_up_tty_compat_ioctl(struct file *file,
404 unsigned int cmd, unsigned long arg)
405 {
406 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
407 }
408
409 static const struct file_operations tty_fops = {
410 .llseek = no_llseek,
411 .read = tty_read,
412 .write = tty_write,
413 .poll = tty_poll,
414 .unlocked_ioctl = tty_ioctl,
415 .compat_ioctl = tty_compat_ioctl,
416 .open = tty_open,
417 .release = tty_release,
418 .fasync = tty_fasync,
419 };
420
421 static const struct file_operations console_fops = {
422 .llseek = no_llseek,
423 .read = tty_read,
424 .write = redirected_tty_write,
425 .poll = tty_poll,
426 .unlocked_ioctl = tty_ioctl,
427 .compat_ioctl = tty_compat_ioctl,
428 .open = tty_open,
429 .release = tty_release,
430 .fasync = tty_fasync,
431 };
432
433 static const struct file_operations hung_up_tty_fops = {
434 .llseek = no_llseek,
435 .read = hung_up_tty_read,
436 .write = hung_up_tty_write,
437 .poll = hung_up_tty_poll,
438 .unlocked_ioctl = hung_up_tty_ioctl,
439 .compat_ioctl = hung_up_tty_compat_ioctl,
440 .release = tty_release,
441 };
442
443 static DEFINE_SPINLOCK(redirect_lock);
444 static struct file *redirect;
445
446 /**
447 * tty_wakeup - request more data
448 * @tty: terminal
449 *
450 * Internal and external helper for wakeups of tty. This function
451 * informs the line discipline if present that the driver is ready
452 * to receive more output data.
453 */
454
tty_wakeup(struct tty_struct * tty)455 void tty_wakeup(struct tty_struct *tty)
456 {
457 struct tty_ldisc *ld;
458
459 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
460 ld = tty_ldisc_ref(tty);
461 if (ld) {
462 if (ld->ops->write_wakeup)
463 ld->ops->write_wakeup(tty);
464 tty_ldisc_deref(ld);
465 }
466 }
467 wake_up_interruptible(&tty->write_wait);
468 }
469
470 EXPORT_SYMBOL_GPL(tty_wakeup);
471
472 /**
473 * tty_ldisc_flush - flush line discipline queue
474 * @tty: tty
475 *
476 * Flush the line discipline queue (if any) for this tty. If there
477 * is no line discipline active this is a no-op.
478 */
479
tty_ldisc_flush(struct tty_struct * tty)480 void tty_ldisc_flush(struct tty_struct *tty)
481 {
482 struct tty_ldisc *ld = tty_ldisc_ref(tty);
483 if (ld) {
484 if (ld->ops->flush_buffer)
485 ld->ops->flush_buffer(tty);
486 tty_ldisc_deref(ld);
487 }
488 tty_buffer_flush(tty);
489 }
490
491 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
492
493 /**
494 * tty_reset_termios - reset terminal state
495 * @tty: tty to reset
496 *
497 * Restore a terminal to the driver default state
498 */
499
tty_reset_termios(struct tty_struct * tty)500 static void tty_reset_termios(struct tty_struct *tty)
501 {
502 mutex_lock(&tty->termios_mutex);
503 *tty->termios = tty->driver->init_termios;
504 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
505 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
506 mutex_unlock(&tty->termios_mutex);
507 }
508
509 /**
510 * do_tty_hangup - actual handler for hangup events
511 * @work: tty device
512 *
513 * This can be called by the "eventd" kernel thread. That is process
514 * synchronous but doesn't hold any locks, so we need to make sure we
515 * have the appropriate locks for what we're doing.
516 *
517 * The hangup event clears any pending redirections onto the hung up
518 * device. It ensures future writes will error and it does the needed
519 * line discipline hangup and signal delivery. The tty object itself
520 * remains intact.
521 *
522 * Locking:
523 * BKL
524 * redirect lock for undoing redirection
525 * file list lock for manipulating list of ttys
526 * tty_ldisc_lock from called functions
527 * termios_mutex resetting termios data
528 * tasklist_lock to walk task list for hangup event
529 * ->siglock to protect ->signal/->sighand
530 */
do_tty_hangup(struct work_struct * work)531 static void do_tty_hangup(struct work_struct *work)
532 {
533 struct tty_struct *tty =
534 container_of(work, struct tty_struct, hangup_work);
535 struct file *cons_filp = NULL;
536 struct file *filp, *f = NULL;
537 struct task_struct *p;
538 struct tty_ldisc *ld;
539 int closecount = 0, n;
540 unsigned long flags;
541 int refs = 0;
542
543 if (!tty)
544 return;
545
546 /* inuse_filps is protected by the single kernel lock */
547 lock_kernel();
548
549 spin_lock(&redirect_lock);
550 if (redirect && redirect->private_data == tty) {
551 f = redirect;
552 redirect = NULL;
553 }
554 spin_unlock(&redirect_lock);
555
556 check_tty_count(tty, "do_tty_hangup");
557 file_list_lock();
558 /* This breaks for file handles being sent over AF_UNIX sockets ? */
559 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
560 if (filp->f_op->write == redirected_tty_write)
561 cons_filp = filp;
562 if (filp->f_op->write != tty_write)
563 continue;
564 closecount++;
565 tty_fasync(-1, filp, 0); /* can't block */
566 filp->f_op = &hung_up_tty_fops;
567 }
568 file_list_unlock();
569 /*
570 * FIXME! What are the locking issues here? This may me overdoing
571 * things... This question is especially important now that we've
572 * removed the irqlock.
573 */
574 ld = tty_ldisc_ref(tty);
575 if (ld != NULL) {
576 /* We may have no line discipline at this point */
577 if (ld->ops->flush_buffer)
578 ld->ops->flush_buffer(tty);
579 tty_driver_flush_buffer(tty);
580 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
581 ld->ops->write_wakeup)
582 ld->ops->write_wakeup(tty);
583 if (ld->ops->hangup)
584 ld->ops->hangup(tty);
585 }
586 /*
587 * FIXME: Once we trust the LDISC code better we can wait here for
588 * ldisc completion and fix the driver call race
589 */
590 wake_up_interruptible(&tty->write_wait);
591 wake_up_interruptible(&tty->read_wait);
592 /*
593 * Shutdown the current line discipline, and reset it to
594 * N_TTY.
595 */
596 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
597 tty_reset_termios(tty);
598 /* Defer ldisc switch */
599 /* tty_deferred_ldisc_switch(N_TTY);
600
601 This should get done automatically when the port closes and
602 tty_release is called */
603
604 read_lock(&tasklist_lock);
605 if (tty->session) {
606 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
607 spin_lock_irq(&p->sighand->siglock);
608 if (p->signal->tty == tty) {
609 p->signal->tty = NULL;
610 /* We defer the dereferences outside fo
611 the tasklist lock */
612 refs++;
613 }
614 if (!p->signal->leader) {
615 spin_unlock_irq(&p->sighand->siglock);
616 continue;
617 }
618 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
619 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
620 put_pid(p->signal->tty_old_pgrp); /* A noop */
621 spin_lock_irqsave(&tty->ctrl_lock, flags);
622 if (tty->pgrp)
623 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
624 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
625 spin_unlock_irq(&p->sighand->siglock);
626 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
627 }
628 read_unlock(&tasklist_lock);
629
630 spin_lock_irqsave(&tty->ctrl_lock, flags);
631 tty->flags = 0;
632 put_pid(tty->session);
633 put_pid(tty->pgrp);
634 tty->session = NULL;
635 tty->pgrp = NULL;
636 tty->ctrl_status = 0;
637 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
638
639 /* Account for the p->signal references we killed */
640 while (refs--)
641 tty_kref_put(tty);
642
643 /*
644 * If one of the devices matches a console pointer, we
645 * cannot just call hangup() because that will cause
646 * tty->count and state->count to go out of sync.
647 * So we just call close() the right number of times.
648 */
649 if (cons_filp) {
650 if (tty->ops->close)
651 for (n = 0; n < closecount; n++)
652 tty->ops->close(tty, cons_filp);
653 } else if (tty->ops->hangup)
654 (tty->ops->hangup)(tty);
655 /*
656 * We don't want to have driver/ldisc interactions beyond
657 * the ones we did here. The driver layer expects no
658 * calls after ->hangup() from the ldisc side. However we
659 * can't yet guarantee all that.
660 */
661 set_bit(TTY_HUPPED, &tty->flags);
662 if (ld) {
663 tty_ldisc_enable(tty);
664 tty_ldisc_deref(ld);
665 }
666 unlock_kernel();
667 if (f)
668 fput(f);
669 }
670
671 /**
672 * tty_hangup - trigger a hangup event
673 * @tty: tty to hangup
674 *
675 * A carrier loss (virtual or otherwise) has occurred on this like
676 * schedule a hangup sequence to run after this event.
677 */
678
tty_hangup(struct tty_struct * tty)679 void tty_hangup(struct tty_struct *tty)
680 {
681 #ifdef TTY_DEBUG_HANGUP
682 char buf[64];
683 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
684 #endif
685 schedule_work(&tty->hangup_work);
686 }
687
688 EXPORT_SYMBOL(tty_hangup);
689
690 /**
691 * tty_vhangup - process vhangup
692 * @tty: tty to hangup
693 *
694 * The user has asked via system call for the terminal to be hung up.
695 * We do this synchronously so that when the syscall returns the process
696 * is complete. That guarantee is necessary for security reasons.
697 */
698
tty_vhangup(struct tty_struct * tty)699 void tty_vhangup(struct tty_struct *tty)
700 {
701 #ifdef TTY_DEBUG_HANGUP
702 char buf[64];
703
704 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
705 #endif
706 do_tty_hangup(&tty->hangup_work);
707 }
708
709 EXPORT_SYMBOL(tty_vhangup);
710
711 /**
712 * tty_vhangup_self - process vhangup for own ctty
713 *
714 * Perform a vhangup on the current controlling tty
715 */
716
tty_vhangup_self(void)717 void tty_vhangup_self(void)
718 {
719 struct tty_struct *tty;
720
721 tty = get_current_tty();
722 if (tty) {
723 tty_vhangup(tty);
724 tty_kref_put(tty);
725 }
726 }
727
728 /**
729 * tty_hung_up_p - was tty hung up
730 * @filp: file pointer of tty
731 *
732 * Return true if the tty has been subject to a vhangup or a carrier
733 * loss
734 */
735
tty_hung_up_p(struct file * filp)736 int tty_hung_up_p(struct file *filp)
737 {
738 return (filp->f_op == &hung_up_tty_fops);
739 }
740
741 EXPORT_SYMBOL(tty_hung_up_p);
742
session_clear_tty(struct pid * session)743 static void session_clear_tty(struct pid *session)
744 {
745 struct task_struct *p;
746 do_each_pid_task(session, PIDTYPE_SID, p) {
747 proc_clear_tty(p);
748 } while_each_pid_task(session, PIDTYPE_SID, p);
749 }
750
751 /**
752 * disassociate_ctty - disconnect controlling tty
753 * @on_exit: true if exiting so need to "hang up" the session
754 *
755 * This function is typically called only by the session leader, when
756 * it wants to disassociate itself from its controlling tty.
757 *
758 * It performs the following functions:
759 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
760 * (2) Clears the tty from being controlling the session
761 * (3) Clears the controlling tty for all processes in the
762 * session group.
763 *
764 * The argument on_exit is set to 1 if called when a process is
765 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
766 *
767 * Locking:
768 * BKL is taken for hysterical raisins
769 * tty_mutex is taken to protect tty
770 * ->siglock is taken to protect ->signal/->sighand
771 * tasklist_lock is taken to walk process list for sessions
772 * ->siglock is taken to protect ->signal/->sighand
773 */
774
disassociate_ctty(int on_exit)775 void disassociate_ctty(int on_exit)
776 {
777 struct tty_struct *tty;
778 struct pid *tty_pgrp = NULL;
779
780
781 tty = get_current_tty();
782 if (tty) {
783 tty_pgrp = get_pid(tty->pgrp);
784 lock_kernel();
785 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
786 tty_vhangup(tty);
787 unlock_kernel();
788 tty_kref_put(tty);
789 } else if (on_exit) {
790 struct pid *old_pgrp;
791 spin_lock_irq(¤t->sighand->siglock);
792 old_pgrp = current->signal->tty_old_pgrp;
793 current->signal->tty_old_pgrp = NULL;
794 spin_unlock_irq(¤t->sighand->siglock);
795 if (old_pgrp) {
796 kill_pgrp(old_pgrp, SIGHUP, on_exit);
797 kill_pgrp(old_pgrp, SIGCONT, on_exit);
798 put_pid(old_pgrp);
799 }
800 return;
801 }
802 if (tty_pgrp) {
803 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
804 if (!on_exit)
805 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
806 put_pid(tty_pgrp);
807 }
808
809 spin_lock_irq(¤t->sighand->siglock);
810 put_pid(current->signal->tty_old_pgrp);
811 current->signal->tty_old_pgrp = NULL;
812 spin_unlock_irq(¤t->sighand->siglock);
813
814 tty = get_current_tty();
815 if (tty) {
816 unsigned long flags;
817 spin_lock_irqsave(&tty->ctrl_lock, flags);
818 put_pid(tty->session);
819 put_pid(tty->pgrp);
820 tty->session = NULL;
821 tty->pgrp = NULL;
822 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
823 tty_kref_put(tty);
824 } else {
825 #ifdef TTY_DEBUG_HANGUP
826 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
827 " = NULL", tty);
828 #endif
829 }
830
831 /* Now clear signal->tty under the lock */
832 read_lock(&tasklist_lock);
833 session_clear_tty(task_session(current));
834 read_unlock(&tasklist_lock);
835 }
836
837 /**
838 *
839 * no_tty - Ensure the current process does not have a controlling tty
840 */
no_tty(void)841 void no_tty(void)
842 {
843 struct task_struct *tsk = current;
844 lock_kernel();
845 if (tsk->signal->leader)
846 disassociate_ctty(0);
847 unlock_kernel();
848 proc_clear_tty(tsk);
849 }
850
851
852 /**
853 * stop_tty - propagate flow control
854 * @tty: tty to stop
855 *
856 * Perform flow control to the driver. For PTY/TTY pairs we
857 * must also propagate the TIOCKPKT status. May be called
858 * on an already stopped device and will not re-call the driver
859 * method.
860 *
861 * This functionality is used by both the line disciplines for
862 * halting incoming flow and by the driver. It may therefore be
863 * called from any context, may be under the tty atomic_write_lock
864 * but not always.
865 *
866 * Locking:
867 * Uses the tty control lock internally
868 */
869
stop_tty(struct tty_struct * tty)870 void stop_tty(struct tty_struct *tty)
871 {
872 unsigned long flags;
873 spin_lock_irqsave(&tty->ctrl_lock, flags);
874 if (tty->stopped) {
875 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
876 return;
877 }
878 tty->stopped = 1;
879 if (tty->link && tty->link->packet) {
880 tty->ctrl_status &= ~TIOCPKT_START;
881 tty->ctrl_status |= TIOCPKT_STOP;
882 wake_up_interruptible(&tty->link->read_wait);
883 }
884 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
885 if (tty->ops->stop)
886 (tty->ops->stop)(tty);
887 }
888
889 EXPORT_SYMBOL(stop_tty);
890
891 /**
892 * start_tty - propagate flow control
893 * @tty: tty to start
894 *
895 * Start a tty that has been stopped if at all possible. Perform
896 * any necessary wakeups and propagate the TIOCPKT status. If this
897 * is the tty was previous stopped and is being started then the
898 * driver start method is invoked and the line discipline woken.
899 *
900 * Locking:
901 * ctrl_lock
902 */
903
start_tty(struct tty_struct * tty)904 void start_tty(struct tty_struct *tty)
905 {
906 unsigned long flags;
907 spin_lock_irqsave(&tty->ctrl_lock, flags);
908 if (!tty->stopped || tty->flow_stopped) {
909 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
910 return;
911 }
912 tty->stopped = 0;
913 if (tty->link && tty->link->packet) {
914 tty->ctrl_status &= ~TIOCPKT_STOP;
915 tty->ctrl_status |= TIOCPKT_START;
916 wake_up_interruptible(&tty->link->read_wait);
917 }
918 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
919 if (tty->ops->start)
920 (tty->ops->start)(tty);
921 /* If we have a running line discipline it may need kicking */
922 tty_wakeup(tty);
923 }
924
925 EXPORT_SYMBOL(start_tty);
926
927 /**
928 * tty_read - read method for tty device files
929 * @file: pointer to tty file
930 * @buf: user buffer
931 * @count: size of user buffer
932 * @ppos: unused
933 *
934 * Perform the read system call function on this terminal device. Checks
935 * for hung up devices before calling the line discipline method.
936 *
937 * Locking:
938 * Locks the line discipline internally while needed. Multiple
939 * read calls may be outstanding in parallel.
940 */
941
tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)942 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
943 loff_t *ppos)
944 {
945 int i;
946 struct tty_struct *tty;
947 struct inode *inode;
948 struct tty_ldisc *ld;
949
950 tty = (struct tty_struct *)file->private_data;
951 inode = file->f_path.dentry->d_inode;
952 if (tty_paranoia_check(tty, inode, "tty_read"))
953 return -EIO;
954 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
955 return -EIO;
956
957 /* We want to wait for the line discipline to sort out in this
958 situation */
959 ld = tty_ldisc_ref_wait(tty);
960 if (ld->ops->read)
961 i = (ld->ops->read)(tty, file, buf, count);
962 else
963 i = -EIO;
964 tty_ldisc_deref(ld);
965 if (i > 0)
966 inode->i_atime = current_fs_time(inode->i_sb);
967 return i;
968 }
969
tty_write_unlock(struct tty_struct * tty)970 void tty_write_unlock(struct tty_struct *tty)
971 {
972 mutex_unlock(&tty->atomic_write_lock);
973 wake_up_interruptible(&tty->write_wait);
974 }
975
tty_write_lock(struct tty_struct * tty,int ndelay)976 int tty_write_lock(struct tty_struct *tty, int ndelay)
977 {
978 if (!mutex_trylock(&tty->atomic_write_lock)) {
979 if (ndelay)
980 return -EAGAIN;
981 if (mutex_lock_interruptible(&tty->atomic_write_lock))
982 return -ERESTARTSYS;
983 }
984 return 0;
985 }
986
987 /*
988 * Split writes up in sane blocksizes to avoid
989 * denial-of-service type attacks
990 */
do_tty_write(ssize_t (* write)(struct tty_struct *,struct file *,const unsigned char *,size_t),struct tty_struct * tty,struct file * file,const char __user * buf,size_t count)991 static inline ssize_t do_tty_write(
992 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
993 struct tty_struct *tty,
994 struct file *file,
995 const char __user *buf,
996 size_t count)
997 {
998 ssize_t ret, written = 0;
999 unsigned int chunk;
1000
1001 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1002 if (ret < 0)
1003 return ret;
1004
1005 /*
1006 * We chunk up writes into a temporary buffer. This
1007 * simplifies low-level drivers immensely, since they
1008 * don't have locking issues and user mode accesses.
1009 *
1010 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1011 * big chunk-size..
1012 *
1013 * The default chunk-size is 2kB, because the NTTY
1014 * layer has problems with bigger chunks. It will
1015 * claim to be able to handle more characters than
1016 * it actually does.
1017 *
1018 * FIXME: This can probably go away now except that 64K chunks
1019 * are too likely to fail unless switched to vmalloc...
1020 */
1021 chunk = 2048;
1022 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1023 chunk = 65536;
1024 if (count < chunk)
1025 chunk = count;
1026
1027 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1028 if (tty->write_cnt < chunk) {
1029 unsigned char *buf_chunk;
1030
1031 if (chunk < 1024)
1032 chunk = 1024;
1033
1034 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1035 if (!buf_chunk) {
1036 ret = -ENOMEM;
1037 goto out;
1038 }
1039 kfree(tty->write_buf);
1040 tty->write_cnt = chunk;
1041 tty->write_buf = buf_chunk;
1042 }
1043
1044 /* Do the write .. */
1045 for (;;) {
1046 size_t size = count;
1047 if (size > chunk)
1048 size = chunk;
1049 ret = -EFAULT;
1050 if (copy_from_user(tty->write_buf, buf, size))
1051 break;
1052 ret = write(tty, file, tty->write_buf, size);
1053 if (ret <= 0)
1054 break;
1055 written += ret;
1056 buf += ret;
1057 count -= ret;
1058 if (!count)
1059 break;
1060 ret = -ERESTARTSYS;
1061 if (signal_pending(current))
1062 break;
1063 cond_resched();
1064 }
1065 if (written) {
1066 struct inode *inode = file->f_path.dentry->d_inode;
1067 inode->i_mtime = current_fs_time(inode->i_sb);
1068 ret = written;
1069 }
1070 out:
1071 tty_write_unlock(tty);
1072 return ret;
1073 }
1074
1075 /**
1076 * tty_write_message - write a message to a certain tty, not just the console.
1077 * @tty: the destination tty_struct
1078 * @msg: the message to write
1079 *
1080 * This is used for messages that need to be redirected to a specific tty.
1081 * We don't put it into the syslog queue right now maybe in the future if
1082 * really needed.
1083 *
1084 * We must still hold the BKL and test the CLOSING flag for the moment.
1085 */
1086
tty_write_message(struct tty_struct * tty,char * msg)1087 void tty_write_message(struct tty_struct *tty, char *msg)
1088 {
1089 lock_kernel();
1090 if (tty) {
1091 mutex_lock(&tty->atomic_write_lock);
1092 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags))
1093 tty->ops->write(tty, msg, strlen(msg));
1094 tty_write_unlock(tty);
1095 }
1096 unlock_kernel();
1097 return;
1098 }
1099
1100
1101 /**
1102 * tty_write - write method for tty device file
1103 * @file: tty file pointer
1104 * @buf: user data to write
1105 * @count: bytes to write
1106 * @ppos: unused
1107 *
1108 * Write data to a tty device via the line discipline.
1109 *
1110 * Locking:
1111 * Locks the line discipline as required
1112 * Writes to the tty driver are serialized by the atomic_write_lock
1113 * and are then processed in chunks to the device. The line discipline
1114 * write method will not be invoked in parallel for each device.
1115 */
1116
tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1117 static ssize_t tty_write(struct file *file, const char __user *buf,
1118 size_t count, loff_t *ppos)
1119 {
1120 struct tty_struct *tty;
1121 struct inode *inode = file->f_path.dentry->d_inode;
1122 ssize_t ret;
1123 struct tty_ldisc *ld;
1124
1125 tty = (struct tty_struct *)file->private_data;
1126 if (tty_paranoia_check(tty, inode, "tty_write"))
1127 return -EIO;
1128 if (!tty || !tty->ops->write ||
1129 (test_bit(TTY_IO_ERROR, &tty->flags)))
1130 return -EIO;
1131 /* Short term debug to catch buggy drivers */
1132 if (tty->ops->write_room == NULL)
1133 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1134 tty->driver->name);
1135 ld = tty_ldisc_ref_wait(tty);
1136 if (!ld->ops->write)
1137 ret = -EIO;
1138 else
1139 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1140 tty_ldisc_deref(ld);
1141 return ret;
1142 }
1143
redirected_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1144 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1145 size_t count, loff_t *ppos)
1146 {
1147 struct file *p = NULL;
1148
1149 spin_lock(&redirect_lock);
1150 if (redirect) {
1151 get_file(redirect);
1152 p = redirect;
1153 }
1154 spin_unlock(&redirect_lock);
1155
1156 if (p) {
1157 ssize_t res;
1158 res = vfs_write(p, buf, count, &p->f_pos);
1159 fput(p);
1160 return res;
1161 }
1162 return tty_write(file, buf, count, ppos);
1163 }
1164
1165 static char ptychar[] = "pqrstuvwxyzabcde";
1166
1167 /**
1168 * pty_line_name - generate name for a pty
1169 * @driver: the tty driver in use
1170 * @index: the minor number
1171 * @p: output buffer of at least 6 bytes
1172 *
1173 * Generate a name from a driver reference and write it to the output
1174 * buffer.
1175 *
1176 * Locking: None
1177 */
pty_line_name(struct tty_driver * driver,int index,char * p)1178 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1179 {
1180 int i = index + driver->name_base;
1181 /* ->name is initialized to "ttyp", but "tty" is expected */
1182 sprintf(p, "%s%c%x",
1183 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1184 ptychar[i >> 4 & 0xf], i & 0xf);
1185 }
1186
1187 /**
1188 * tty_line_name - generate name for a tty
1189 * @driver: the tty driver in use
1190 * @index: the minor number
1191 * @p: output buffer of at least 7 bytes
1192 *
1193 * Generate a name from a driver reference and write it to the output
1194 * buffer.
1195 *
1196 * Locking: None
1197 */
tty_line_name(struct tty_driver * driver,int index,char * p)1198 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1199 {
1200 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1201 }
1202
1203 /**
1204 * tty_driver_lookup_tty() - find an existing tty, if any
1205 * @driver: the driver for the tty
1206 * @idx: the minor number
1207 *
1208 * Return the tty, if found or ERR_PTR() otherwise.
1209 *
1210 * Locking: tty_mutex must be held. If tty is found, the mutex must
1211 * be held until the 'fast-open' is also done. Will change once we
1212 * have refcounting in the driver and per driver locking
1213 */
tty_driver_lookup_tty(struct tty_driver * driver,struct inode * inode,int idx)1214 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1215 struct inode *inode, int idx)
1216 {
1217 struct tty_struct *tty;
1218
1219 if (driver->ops->lookup)
1220 return driver->ops->lookup(driver, inode, idx);
1221
1222 tty = driver->ttys[idx];
1223 return tty;
1224 }
1225
1226 /**
1227 * tty_init_termios - helper for termios setup
1228 * @tty: the tty to set up
1229 *
1230 * Initialise the termios structures for this tty. Thus runs under
1231 * the tty_mutex currently so we can be relaxed about ordering.
1232 */
1233
tty_init_termios(struct tty_struct * tty)1234 int tty_init_termios(struct tty_struct *tty)
1235 {
1236 struct ktermios *tp;
1237 int idx = tty->index;
1238
1239 tp = tty->driver->termios[idx];
1240 if (tp == NULL) {
1241 tp = kzalloc(sizeof(struct ktermios[2]), GFP_KERNEL);
1242 if (tp == NULL)
1243 return -ENOMEM;
1244 memcpy(tp, &tty->driver->init_termios,
1245 sizeof(struct ktermios));
1246 tty->driver->termios[idx] = tp;
1247 }
1248 tty->termios = tp;
1249 tty->termios_locked = tp + 1;
1250
1251 /* Compatibility until drivers always set this */
1252 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1253 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1254 return 0;
1255 }
1256
1257 /**
1258 * tty_driver_install_tty() - install a tty entry in the driver
1259 * @driver: the driver for the tty
1260 * @tty: the tty
1261 *
1262 * Install a tty object into the driver tables. The tty->index field
1263 * will be set by the time this is called. This method is responsible
1264 * for ensuring any need additional structures are allocated and
1265 * configured.
1266 *
1267 * Locking: tty_mutex for now
1268 */
tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1269 static int tty_driver_install_tty(struct tty_driver *driver,
1270 struct tty_struct *tty)
1271 {
1272 int idx = tty->index;
1273
1274 if (driver->ops->install)
1275 return driver->ops->install(driver, tty);
1276
1277 if (tty_init_termios(tty) == 0) {
1278 tty_driver_kref_get(driver);
1279 tty->count++;
1280 driver->ttys[idx] = tty;
1281 return 0;
1282 }
1283 return -ENOMEM;
1284 }
1285
1286 /**
1287 * tty_driver_remove_tty() - remove a tty from the driver tables
1288 * @driver: the driver for the tty
1289 * @idx: the minor number
1290 *
1291 * Remvoe a tty object from the driver tables. The tty->index field
1292 * will be set by the time this is called.
1293 *
1294 * Locking: tty_mutex for now
1295 */
tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1296 static void tty_driver_remove_tty(struct tty_driver *driver,
1297 struct tty_struct *tty)
1298 {
1299 if (driver->ops->remove)
1300 driver->ops->remove(driver, tty);
1301 else
1302 driver->ttys[tty->index] = NULL;
1303 }
1304
1305 /*
1306 * tty_reopen() - fast re-open of an open tty
1307 * @tty - the tty to open
1308 *
1309 * Return 0 on success, -errno on error.
1310 *
1311 * Locking: tty_mutex must be held from the time the tty was found
1312 * till this open completes.
1313 */
tty_reopen(struct tty_struct * tty)1314 static int tty_reopen(struct tty_struct *tty)
1315 {
1316 struct tty_driver *driver = tty->driver;
1317
1318 if (test_bit(TTY_CLOSING, &tty->flags))
1319 return -EIO;
1320
1321 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1322 driver->subtype == PTY_TYPE_MASTER) {
1323 /*
1324 * special case for PTY masters: only one open permitted,
1325 * and the slave side open count is incremented as well.
1326 */
1327 if (tty->count)
1328 return -EIO;
1329
1330 tty->link->count++;
1331 }
1332 tty->count++;
1333 tty->driver = driver; /* N.B. why do this every time?? */
1334
1335 WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1336
1337 return 0;
1338 }
1339
1340 /**
1341 * tty_init_dev - initialise a tty device
1342 * @driver: tty driver we are opening a device on
1343 * @idx: device index
1344 * @ret_tty: returned tty structure
1345 * @first_ok: ok to open a new device (used by ptmx)
1346 *
1347 * Prepare a tty device. This may not be a "new" clean device but
1348 * could also be an active device. The pty drivers require special
1349 * handling because of this.
1350 *
1351 * Locking:
1352 * The function is called under the tty_mutex, which
1353 * protects us from the tty struct or driver itself going away.
1354 *
1355 * On exit the tty device has the line discipline attached and
1356 * a reference count of 1. If a pair was created for pty/tty use
1357 * and the other was a pty master then it too has a reference count of 1.
1358 *
1359 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1360 * failed open. The new code protects the open with a mutex, so it's
1361 * really quite straightforward. The mutex locking can probably be
1362 * relaxed for the (most common) case of reopening a tty.
1363 */
1364
tty_init_dev(struct tty_driver * driver,int idx,int first_ok)1365 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx,
1366 int first_ok)
1367 {
1368 struct tty_struct *tty;
1369 int retval;
1370
1371 /* Check if pty master is being opened multiple times */
1372 if (driver->subtype == PTY_TYPE_MASTER &&
1373 (driver->flags & TTY_DRIVER_DEVPTS_MEM) && !first_ok)
1374 return ERR_PTR(-EIO);
1375
1376 /*
1377 * First time open is complex, especially for PTY devices.
1378 * This code guarantees that either everything succeeds and the
1379 * TTY is ready for operation, or else the table slots are vacated
1380 * and the allocated memory released. (Except that the termios
1381 * and locked termios may be retained.)
1382 */
1383
1384 if (!try_module_get(driver->owner))
1385 return ERR_PTR(-ENODEV);
1386
1387 tty = alloc_tty_struct();
1388 if (!tty)
1389 goto fail_no_mem;
1390 initialize_tty_struct(tty, driver, idx);
1391
1392 retval = tty_driver_install_tty(driver, tty);
1393 if (retval < 0) {
1394 free_tty_struct(tty);
1395 module_put(driver->owner);
1396 return ERR_PTR(retval);
1397 }
1398
1399 /*
1400 * Structures all installed ... call the ldisc open routines.
1401 * If we fail here just call release_tty to clean up. No need
1402 * to decrement the use counts, as release_tty doesn't care.
1403 */
1404
1405 retval = tty_ldisc_setup(tty, tty->link);
1406 if (retval)
1407 goto release_mem_out;
1408 return tty;
1409
1410 fail_no_mem:
1411 module_put(driver->owner);
1412 return ERR_PTR(-ENOMEM);
1413
1414 /* call the tty release_tty routine to clean out this slot */
1415 release_mem_out:
1416 if (printk_ratelimit())
1417 printk(KERN_INFO "tty_init_dev: ldisc open failed, "
1418 "clearing slot %d\n", idx);
1419 release_tty(tty, idx);
1420 return ERR_PTR(retval);
1421 }
1422
tty_free_termios(struct tty_struct * tty)1423 void tty_free_termios(struct tty_struct *tty)
1424 {
1425 struct ktermios *tp;
1426 int idx = tty->index;
1427 /* Kill this flag and push into drivers for locking etc */
1428 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1429 /* FIXME: Locking on ->termios array */
1430 tp = tty->termios;
1431 tty->driver->termios[idx] = NULL;
1432 kfree(tp);
1433 }
1434 }
1435 EXPORT_SYMBOL(tty_free_termios);
1436
tty_shutdown(struct tty_struct * tty)1437 void tty_shutdown(struct tty_struct *tty)
1438 {
1439 tty_driver_remove_tty(tty->driver, tty);
1440 tty_free_termios(tty);
1441 }
1442 EXPORT_SYMBOL(tty_shutdown);
1443
1444 /**
1445 * release_one_tty - release tty structure memory
1446 * @kref: kref of tty we are obliterating
1447 *
1448 * Releases memory associated with a tty structure, and clears out the
1449 * driver table slots. This function is called when a device is no longer
1450 * in use. It also gets called when setup of a device fails.
1451 *
1452 * Locking:
1453 * tty_mutex - sometimes only
1454 * takes the file list lock internally when working on the list
1455 * of ttys that the driver keeps.
1456 */
release_one_tty(struct kref * kref)1457 static void release_one_tty(struct kref *kref)
1458 {
1459 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1460 struct tty_driver *driver = tty->driver;
1461
1462 if (tty->ops->shutdown)
1463 tty->ops->shutdown(tty);
1464 else
1465 tty_shutdown(tty);
1466 tty->magic = 0;
1467 tty_driver_kref_put(driver);
1468 module_put(driver->owner);
1469
1470 file_list_lock();
1471 list_del_init(&tty->tty_files);
1472 file_list_unlock();
1473
1474 free_tty_struct(tty);
1475 }
1476
1477 /**
1478 * tty_kref_put - release a tty kref
1479 * @tty: tty device
1480 *
1481 * Release a reference to a tty device and if need be let the kref
1482 * layer destruct the object for us
1483 */
1484
tty_kref_put(struct tty_struct * tty)1485 void tty_kref_put(struct tty_struct *tty)
1486 {
1487 if (tty)
1488 kref_put(&tty->kref, release_one_tty);
1489 }
1490 EXPORT_SYMBOL(tty_kref_put);
1491
1492 /**
1493 * release_tty - release tty structure memory
1494 *
1495 * Release both @tty and a possible linked partner (think pty pair),
1496 * and decrement the refcount of the backing module.
1497 *
1498 * Locking:
1499 * tty_mutex - sometimes only
1500 * takes the file list lock internally when working on the list
1501 * of ttys that the driver keeps.
1502 * FIXME: should we require tty_mutex is held here ??
1503 *
1504 */
release_tty(struct tty_struct * tty,int idx)1505 static void release_tty(struct tty_struct *tty, int idx)
1506 {
1507 /* This should always be true but check for the moment */
1508 WARN_ON(tty->index != idx);
1509
1510 if (tty->link)
1511 tty_kref_put(tty->link);
1512 tty_kref_put(tty);
1513 }
1514
1515 /*
1516 * Even releasing the tty structures is a tricky business.. We have
1517 * to be very careful that the structures are all released at the
1518 * same time, as interrupts might otherwise get the wrong pointers.
1519 *
1520 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1521 * lead to double frees or releasing memory still in use.
1522 */
tty_release_dev(struct file * filp)1523 void tty_release_dev(struct file *filp)
1524 {
1525 struct tty_struct *tty, *o_tty;
1526 int pty_master, tty_closing, o_tty_closing, do_sleep;
1527 int devpts;
1528 int idx;
1529 char buf[64];
1530 struct inode *inode;
1531
1532 inode = filp->f_path.dentry->d_inode;
1533 tty = (struct tty_struct *)filp->private_data;
1534 if (tty_paranoia_check(tty, inode, "tty_release_dev"))
1535 return;
1536
1537 check_tty_count(tty, "tty_release_dev");
1538
1539 tty_fasync(-1, filp, 0);
1540
1541 idx = tty->index;
1542 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1543 tty->driver->subtype == PTY_TYPE_MASTER);
1544 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1545 o_tty = tty->link;
1546
1547 #ifdef TTY_PARANOIA_CHECK
1548 if (idx < 0 || idx >= tty->driver->num) {
1549 printk(KERN_DEBUG "tty_release_dev: bad idx when trying to "
1550 "free (%s)\n", tty->name);
1551 return;
1552 }
1553 if (!devpts) {
1554 if (tty != tty->driver->ttys[idx]) {
1555 printk(KERN_DEBUG "tty_release_dev: driver.table[%d] not tty "
1556 "for (%s)\n", idx, tty->name);
1557 return;
1558 }
1559 if (tty->termios != tty->driver->termios[idx]) {
1560 printk(KERN_DEBUG "tty_release_dev: driver.termios[%d] not termios "
1561 "for (%s)\n",
1562 idx, tty->name);
1563 return;
1564 }
1565 }
1566 #endif
1567
1568 #ifdef TTY_DEBUG_HANGUP
1569 printk(KERN_DEBUG "tty_release_dev of %s (tty count=%d)...",
1570 tty_name(tty, buf), tty->count);
1571 #endif
1572
1573 #ifdef TTY_PARANOIA_CHECK
1574 if (tty->driver->other &&
1575 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1576 if (o_tty != tty->driver->other->ttys[idx]) {
1577 printk(KERN_DEBUG "tty_release_dev: other->table[%d] "
1578 "not o_tty for (%s)\n",
1579 idx, tty->name);
1580 return;
1581 }
1582 if (o_tty->termios != tty->driver->other->termios[idx]) {
1583 printk(KERN_DEBUG "tty_release_dev: other->termios[%d] "
1584 "not o_termios for (%s)\n",
1585 idx, tty->name);
1586 return;
1587 }
1588 if (o_tty->link != tty) {
1589 printk(KERN_DEBUG "tty_release_dev: bad pty pointers\n");
1590 return;
1591 }
1592 }
1593 #endif
1594 if (tty->ops->close)
1595 tty->ops->close(tty, filp);
1596
1597 /*
1598 * Sanity check: if tty->count is going to zero, there shouldn't be
1599 * any waiters on tty->read_wait or tty->write_wait. We test the
1600 * wait queues and kick everyone out _before_ actually starting to
1601 * close. This ensures that we won't block while releasing the tty
1602 * structure.
1603 *
1604 * The test for the o_tty closing is necessary, since the master and
1605 * slave sides may close in any order. If the slave side closes out
1606 * first, its count will be one, since the master side holds an open.
1607 * Thus this test wouldn't be triggered at the time the slave closes,
1608 * so we do it now.
1609 *
1610 * Note that it's possible for the tty to be opened again while we're
1611 * flushing out waiters. By recalculating the closing flags before
1612 * each iteration we avoid any problems.
1613 */
1614 while (1) {
1615 /* Guard against races with tty->count changes elsewhere and
1616 opens on /dev/tty */
1617
1618 mutex_lock(&tty_mutex);
1619 tty_closing = tty->count <= 1;
1620 o_tty_closing = o_tty &&
1621 (o_tty->count <= (pty_master ? 1 : 0));
1622 do_sleep = 0;
1623
1624 if (tty_closing) {
1625 if (waitqueue_active(&tty->read_wait)) {
1626 wake_up(&tty->read_wait);
1627 do_sleep++;
1628 }
1629 if (waitqueue_active(&tty->write_wait)) {
1630 wake_up(&tty->write_wait);
1631 do_sleep++;
1632 }
1633 }
1634 if (o_tty_closing) {
1635 if (waitqueue_active(&o_tty->read_wait)) {
1636 wake_up(&o_tty->read_wait);
1637 do_sleep++;
1638 }
1639 if (waitqueue_active(&o_tty->write_wait)) {
1640 wake_up(&o_tty->write_wait);
1641 do_sleep++;
1642 }
1643 }
1644 if (!do_sleep)
1645 break;
1646
1647 printk(KERN_WARNING "tty_release_dev: %s: read/write wait queue "
1648 "active!\n", tty_name(tty, buf));
1649 mutex_unlock(&tty_mutex);
1650 schedule();
1651 }
1652
1653 /*
1654 * The closing flags are now consistent with the open counts on
1655 * both sides, and we've completed the last operation that could
1656 * block, so it's safe to proceed with closing.
1657 */
1658 if (pty_master) {
1659 if (--o_tty->count < 0) {
1660 printk(KERN_WARNING "tty_release_dev: bad pty slave count "
1661 "(%d) for %s\n",
1662 o_tty->count, tty_name(o_tty, buf));
1663 o_tty->count = 0;
1664 }
1665 }
1666 if (--tty->count < 0) {
1667 printk(KERN_WARNING "tty_release_dev: bad tty->count (%d) for %s\n",
1668 tty->count, tty_name(tty, buf));
1669 tty->count = 0;
1670 }
1671
1672 /*
1673 * We've decremented tty->count, so we need to remove this file
1674 * descriptor off the tty->tty_files list; this serves two
1675 * purposes:
1676 * - check_tty_count sees the correct number of file descriptors
1677 * associated with this tty.
1678 * - do_tty_hangup no longer sees this file descriptor as
1679 * something that needs to be handled for hangups.
1680 */
1681 file_kill(filp);
1682 filp->private_data = NULL;
1683
1684 /*
1685 * Perform some housekeeping before deciding whether to return.
1686 *
1687 * Set the TTY_CLOSING flag if this was the last open. In the
1688 * case of a pty we may have to wait around for the other side
1689 * to close, and TTY_CLOSING makes sure we can't be reopened.
1690 */
1691 if (tty_closing)
1692 set_bit(TTY_CLOSING, &tty->flags);
1693 if (o_tty_closing)
1694 set_bit(TTY_CLOSING, &o_tty->flags);
1695
1696 /*
1697 * If _either_ side is closing, make sure there aren't any
1698 * processes that still think tty or o_tty is their controlling
1699 * tty.
1700 */
1701 if (tty_closing || o_tty_closing) {
1702 read_lock(&tasklist_lock);
1703 session_clear_tty(tty->session);
1704 if (o_tty)
1705 session_clear_tty(o_tty->session);
1706 read_unlock(&tasklist_lock);
1707 }
1708
1709 mutex_unlock(&tty_mutex);
1710
1711 /* check whether both sides are closing ... */
1712 if (!tty_closing || (o_tty && !o_tty_closing))
1713 return;
1714
1715 #ifdef TTY_DEBUG_HANGUP
1716 printk(KERN_DEBUG "freeing tty structure...");
1717 #endif
1718 /*
1719 * Ask the line discipline code to release its structures
1720 */
1721 tty_ldisc_release(tty, o_tty);
1722 /*
1723 * The release_tty function takes care of the details of clearing
1724 * the slots and preserving the termios structure.
1725 */
1726 release_tty(tty, idx);
1727
1728 /* Make this pty number available for reallocation */
1729 if (devpts)
1730 devpts_kill_index(inode, idx);
1731 }
1732
1733 /**
1734 * __tty_open - open a tty device
1735 * @inode: inode of device file
1736 * @filp: file pointer to tty
1737 *
1738 * tty_open and tty_release keep up the tty count that contains the
1739 * number of opens done on a tty. We cannot use the inode-count, as
1740 * different inodes might point to the same tty.
1741 *
1742 * Open-counting is needed for pty masters, as well as for keeping
1743 * track of serial lines: DTR is dropped when the last close happens.
1744 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1745 *
1746 * The termios state of a pty is reset on first open so that
1747 * settings don't persist across reuse.
1748 *
1749 * Locking: tty_mutex protects tty, get_tty_driver and tty_init_dev work.
1750 * tty->count should protect the rest.
1751 * ->siglock protects ->signal/->sighand
1752 */
1753
__tty_open(struct inode * inode,struct file * filp)1754 static int __tty_open(struct inode *inode, struct file *filp)
1755 {
1756 struct tty_struct *tty = NULL;
1757 int noctty, retval;
1758 struct tty_driver *driver;
1759 int index;
1760 dev_t device = inode->i_rdev;
1761 unsigned short saved_flags = filp->f_flags;
1762
1763 nonseekable_open(inode, filp);
1764
1765 retry_open:
1766 noctty = filp->f_flags & O_NOCTTY;
1767 index = -1;
1768 retval = 0;
1769
1770 mutex_lock(&tty_mutex);
1771
1772 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
1773 tty = get_current_tty();
1774 if (!tty) {
1775 mutex_unlock(&tty_mutex);
1776 return -ENXIO;
1777 }
1778 driver = tty_driver_kref_get(tty->driver);
1779 index = tty->index;
1780 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1781 /* noctty = 1; */
1782 /* FIXME: Should we take a driver reference ? */
1783 tty_kref_put(tty);
1784 goto got_driver;
1785 }
1786 #ifdef CONFIG_VT
1787 if (device == MKDEV(TTY_MAJOR, 0)) {
1788 extern struct tty_driver *console_driver;
1789 driver = tty_driver_kref_get(console_driver);
1790 index = fg_console;
1791 noctty = 1;
1792 goto got_driver;
1793 }
1794 #endif
1795 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1796 struct tty_driver *console_driver = console_device(&index);
1797 if (console_driver) {
1798 driver = tty_driver_kref_get(console_driver);
1799 if (driver) {
1800 /* Don't let /dev/console block */
1801 filp->f_flags |= O_NONBLOCK;
1802 noctty = 1;
1803 goto got_driver;
1804 }
1805 }
1806 mutex_unlock(&tty_mutex);
1807 return -ENODEV;
1808 }
1809
1810 driver = get_tty_driver(device, &index);
1811 if (!driver) {
1812 mutex_unlock(&tty_mutex);
1813 return -ENODEV;
1814 }
1815 got_driver:
1816 if (!tty) {
1817 /* check whether we're reopening an existing tty */
1818 tty = tty_driver_lookup_tty(driver, inode, index);
1819
1820 if (IS_ERR(tty)) {
1821 mutex_unlock(&tty_mutex);
1822 return PTR_ERR(tty);
1823 }
1824 }
1825
1826 if (tty) {
1827 retval = tty_reopen(tty);
1828 if (retval)
1829 tty = ERR_PTR(retval);
1830 } else
1831 tty = tty_init_dev(driver, index, 0);
1832
1833 mutex_unlock(&tty_mutex);
1834 tty_driver_kref_put(driver);
1835 if (IS_ERR(tty))
1836 return PTR_ERR(tty);
1837
1838 filp->private_data = tty;
1839 file_move(filp, &tty->tty_files);
1840 check_tty_count(tty, "tty_open");
1841 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1842 tty->driver->subtype == PTY_TYPE_MASTER)
1843 noctty = 1;
1844 #ifdef TTY_DEBUG_HANGUP
1845 printk(KERN_DEBUG "opening %s...", tty->name);
1846 #endif
1847 if (!retval) {
1848 if (tty->ops->open)
1849 retval = tty->ops->open(tty, filp);
1850 else
1851 retval = -ENODEV;
1852 }
1853 filp->f_flags = saved_flags;
1854
1855 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1856 !capable(CAP_SYS_ADMIN))
1857 retval = -EBUSY;
1858
1859 if (retval) {
1860 #ifdef TTY_DEBUG_HANGUP
1861 printk(KERN_DEBUG "error %d in opening %s...", retval,
1862 tty->name);
1863 #endif
1864 tty_release_dev(filp);
1865 if (retval != -ERESTARTSYS)
1866 return retval;
1867 if (signal_pending(current))
1868 return retval;
1869 schedule();
1870 /*
1871 * Need to reset f_op in case a hangup happened.
1872 */
1873 if (filp->f_op == &hung_up_tty_fops)
1874 filp->f_op = &tty_fops;
1875 goto retry_open;
1876 }
1877
1878 mutex_lock(&tty_mutex);
1879 spin_lock_irq(¤t->sighand->siglock);
1880 if (!noctty &&
1881 current->signal->leader &&
1882 !current->signal->tty &&
1883 tty->session == NULL)
1884 __proc_set_tty(current, tty);
1885 spin_unlock_irq(¤t->sighand->siglock);
1886 mutex_unlock(&tty_mutex);
1887 return 0;
1888 }
1889
1890 /* BKL pushdown: scary code avoidance wrapper */
tty_open(struct inode * inode,struct file * filp)1891 static int tty_open(struct inode *inode, struct file *filp)
1892 {
1893 int ret;
1894
1895 lock_kernel();
1896 ret = __tty_open(inode, filp);
1897 unlock_kernel();
1898 return ret;
1899 }
1900
1901
1902
1903
1904 /**
1905 * tty_release - vfs callback for close
1906 * @inode: inode of tty
1907 * @filp: file pointer for handle to tty
1908 *
1909 * Called the last time each file handle is closed that references
1910 * this tty. There may however be several such references.
1911 *
1912 * Locking:
1913 * Takes bkl. See tty_release_dev
1914 */
1915
tty_release(struct inode * inode,struct file * filp)1916 static int tty_release(struct inode *inode, struct file *filp)
1917 {
1918 lock_kernel();
1919 tty_release_dev(filp);
1920 unlock_kernel();
1921 return 0;
1922 }
1923
1924 /**
1925 * tty_poll - check tty status
1926 * @filp: file being polled
1927 * @wait: poll wait structures to update
1928 *
1929 * Call the line discipline polling method to obtain the poll
1930 * status of the device.
1931 *
1932 * Locking: locks called line discipline but ldisc poll method
1933 * may be re-entered freely by other callers.
1934 */
1935
tty_poll(struct file * filp,poll_table * wait)1936 static unsigned int tty_poll(struct file *filp, poll_table *wait)
1937 {
1938 struct tty_struct *tty;
1939 struct tty_ldisc *ld;
1940 int ret = 0;
1941
1942 tty = (struct tty_struct *)filp->private_data;
1943 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1944 return 0;
1945
1946 ld = tty_ldisc_ref_wait(tty);
1947 if (ld->ops->poll)
1948 ret = (ld->ops->poll)(tty, filp, wait);
1949 tty_ldisc_deref(ld);
1950 return ret;
1951 }
1952
tty_fasync(int fd,struct file * filp,int on)1953 static int tty_fasync(int fd, struct file *filp, int on)
1954 {
1955 struct tty_struct *tty;
1956 unsigned long flags;
1957 int retval = 0;
1958
1959 lock_kernel();
1960 tty = (struct tty_struct *)filp->private_data;
1961 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
1962 goto out;
1963
1964 retval = fasync_helper(fd, filp, on, &tty->fasync);
1965 if (retval <= 0)
1966 goto out;
1967
1968 if (on) {
1969 enum pid_type type;
1970 struct pid *pid;
1971 if (!waitqueue_active(&tty->read_wait))
1972 tty->minimum_to_wake = 1;
1973 spin_lock_irqsave(&tty->ctrl_lock, flags);
1974 if (tty->pgrp) {
1975 pid = tty->pgrp;
1976 type = PIDTYPE_PGID;
1977 } else {
1978 pid = task_pid(current);
1979 type = PIDTYPE_PID;
1980 }
1981 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1982 retval = __f_setown(filp, pid, type, 0);
1983 if (retval)
1984 goto out;
1985 } else {
1986 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
1987 tty->minimum_to_wake = N_TTY_BUF_SIZE;
1988 }
1989 retval = 0;
1990 out:
1991 unlock_kernel();
1992 return retval;
1993 }
1994
1995 /**
1996 * tiocsti - fake input character
1997 * @tty: tty to fake input into
1998 * @p: pointer to character
1999 *
2000 * Fake input to a tty device. Does the necessary locking and
2001 * input management.
2002 *
2003 * FIXME: does not honour flow control ??
2004 *
2005 * Locking:
2006 * Called functions take tty_ldisc_lock
2007 * current->signal->tty check is safe without locks
2008 *
2009 * FIXME: may race normal receive processing
2010 */
2011
tiocsti(struct tty_struct * tty,char __user * p)2012 static int tiocsti(struct tty_struct *tty, char __user *p)
2013 {
2014 char ch, mbz = 0;
2015 struct tty_ldisc *ld;
2016
2017 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2018 return -EPERM;
2019 if (get_user(ch, p))
2020 return -EFAULT;
2021 tty_audit_tiocsti(tty, ch);
2022 ld = tty_ldisc_ref_wait(tty);
2023 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2024 tty_ldisc_deref(ld);
2025 return 0;
2026 }
2027
2028 /**
2029 * tiocgwinsz - implement window query ioctl
2030 * @tty; tty
2031 * @arg: user buffer for result
2032 *
2033 * Copies the kernel idea of the window size into the user buffer.
2034 *
2035 * Locking: tty->termios_mutex is taken to ensure the winsize data
2036 * is consistent.
2037 */
2038
tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2039 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2040 {
2041 int err;
2042
2043 mutex_lock(&tty->termios_mutex);
2044 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2045 mutex_unlock(&tty->termios_mutex);
2046
2047 return err ? -EFAULT: 0;
2048 }
2049
2050 /**
2051 * tty_do_resize - resize event
2052 * @tty: tty being resized
2053 * @rows: rows (character)
2054 * @cols: cols (character)
2055 *
2056 * Update the termios variables and send the neccessary signals to
2057 * peform a terminal resize correctly
2058 */
2059
tty_do_resize(struct tty_struct * tty,struct winsize * ws)2060 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2061 {
2062 struct pid *pgrp;
2063 unsigned long flags;
2064
2065 /* Lock the tty */
2066 mutex_lock(&tty->termios_mutex);
2067 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2068 goto done;
2069 /* Get the PID values and reference them so we can
2070 avoid holding the tty ctrl lock while sending signals */
2071 spin_lock_irqsave(&tty->ctrl_lock, flags);
2072 pgrp = get_pid(tty->pgrp);
2073 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2074
2075 if (pgrp)
2076 kill_pgrp(pgrp, SIGWINCH, 1);
2077 put_pid(pgrp);
2078
2079 tty->winsize = *ws;
2080 done:
2081 mutex_unlock(&tty->termios_mutex);
2082 return 0;
2083 }
2084
2085 /**
2086 * tiocswinsz - implement window size set ioctl
2087 * @tty; tty side of tty
2088 * @arg: user buffer for result
2089 *
2090 * Copies the user idea of the window size to the kernel. Traditionally
2091 * this is just advisory information but for the Linux console it
2092 * actually has driver level meaning and triggers a VC resize.
2093 *
2094 * Locking:
2095 * Driver dependant. The default do_resize method takes the
2096 * tty termios mutex and ctrl_lock. The console takes its own lock
2097 * then calls into the default method.
2098 */
2099
tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2100 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2101 {
2102 struct winsize tmp_ws;
2103 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2104 return -EFAULT;
2105
2106 if (tty->ops->resize)
2107 return tty->ops->resize(tty, &tmp_ws);
2108 else
2109 return tty_do_resize(tty, &tmp_ws);
2110 }
2111
2112 /**
2113 * tioccons - allow admin to move logical console
2114 * @file: the file to become console
2115 *
2116 * Allow the adminstrator to move the redirected console device
2117 *
2118 * Locking: uses redirect_lock to guard the redirect information
2119 */
2120
tioccons(struct file * file)2121 static int tioccons(struct file *file)
2122 {
2123 if (!capable(CAP_SYS_ADMIN))
2124 return -EPERM;
2125 if (file->f_op->write == redirected_tty_write) {
2126 struct file *f;
2127 spin_lock(&redirect_lock);
2128 f = redirect;
2129 redirect = NULL;
2130 spin_unlock(&redirect_lock);
2131 if (f)
2132 fput(f);
2133 return 0;
2134 }
2135 spin_lock(&redirect_lock);
2136 if (redirect) {
2137 spin_unlock(&redirect_lock);
2138 return -EBUSY;
2139 }
2140 get_file(file);
2141 redirect = file;
2142 spin_unlock(&redirect_lock);
2143 return 0;
2144 }
2145
2146 /**
2147 * fionbio - non blocking ioctl
2148 * @file: file to set blocking value
2149 * @p: user parameter
2150 *
2151 * Historical tty interfaces had a blocking control ioctl before
2152 * the generic functionality existed. This piece of history is preserved
2153 * in the expected tty API of posix OS's.
2154 *
2155 * Locking: none, the open fle handle ensures it won't go away.
2156 */
2157
fionbio(struct file * file,int __user * p)2158 static int fionbio(struct file *file, int __user *p)
2159 {
2160 int nonblock;
2161
2162 if (get_user(nonblock, p))
2163 return -EFAULT;
2164
2165 /* file->f_flags is still BKL protected in the fs layer - vomit */
2166 lock_kernel();
2167 if (nonblock)
2168 file->f_flags |= O_NONBLOCK;
2169 else
2170 file->f_flags &= ~O_NONBLOCK;
2171 unlock_kernel();
2172 return 0;
2173 }
2174
2175 /**
2176 * tiocsctty - set controlling tty
2177 * @tty: tty structure
2178 * @arg: user argument
2179 *
2180 * This ioctl is used to manage job control. It permits a session
2181 * leader to set this tty as the controlling tty for the session.
2182 *
2183 * Locking:
2184 * Takes tty_mutex() to protect tty instance
2185 * Takes tasklist_lock internally to walk sessions
2186 * Takes ->siglock() when updating signal->tty
2187 */
2188
tiocsctty(struct tty_struct * tty,int arg)2189 static int tiocsctty(struct tty_struct *tty, int arg)
2190 {
2191 int ret = 0;
2192 if (current->signal->leader && (task_session(current) == tty->session))
2193 return ret;
2194
2195 mutex_lock(&tty_mutex);
2196 /*
2197 * The process must be a session leader and
2198 * not have a controlling tty already.
2199 */
2200 if (!current->signal->leader || current->signal->tty) {
2201 ret = -EPERM;
2202 goto unlock;
2203 }
2204
2205 if (tty->session) {
2206 /*
2207 * This tty is already the controlling
2208 * tty for another session group!
2209 */
2210 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2211 /*
2212 * Steal it away
2213 */
2214 read_lock(&tasklist_lock);
2215 session_clear_tty(tty->session);
2216 read_unlock(&tasklist_lock);
2217 } else {
2218 ret = -EPERM;
2219 goto unlock;
2220 }
2221 }
2222 proc_set_tty(current, tty);
2223 unlock:
2224 mutex_unlock(&tty_mutex);
2225 return ret;
2226 }
2227
2228 /**
2229 * tty_get_pgrp - return a ref counted pgrp pid
2230 * @tty: tty to read
2231 *
2232 * Returns a refcounted instance of the pid struct for the process
2233 * group controlling the tty.
2234 */
2235
tty_get_pgrp(struct tty_struct * tty)2236 struct pid *tty_get_pgrp(struct tty_struct *tty)
2237 {
2238 unsigned long flags;
2239 struct pid *pgrp;
2240
2241 spin_lock_irqsave(&tty->ctrl_lock, flags);
2242 pgrp = get_pid(tty->pgrp);
2243 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2244
2245 return pgrp;
2246 }
2247 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2248
2249 /**
2250 * tiocgpgrp - get process group
2251 * @tty: tty passed by user
2252 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2253 * @p: returned pid
2254 *
2255 * Obtain the process group of the tty. If there is no process group
2256 * return an error.
2257 *
2258 * Locking: none. Reference to current->signal->tty is safe.
2259 */
2260
tiocgpgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2261 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2262 {
2263 struct pid *pid;
2264 int ret;
2265 /*
2266 * (tty == real_tty) is a cheap way of
2267 * testing if the tty is NOT a master pty.
2268 */
2269 if (tty == real_tty && current->signal->tty != real_tty)
2270 return -ENOTTY;
2271 pid = tty_get_pgrp(real_tty);
2272 ret = put_user(pid_vnr(pid), p);
2273 put_pid(pid);
2274 return ret;
2275 }
2276
2277 /**
2278 * tiocspgrp - attempt to set process group
2279 * @tty: tty passed by user
2280 * @real_tty: tty side device matching tty passed by user
2281 * @p: pid pointer
2282 *
2283 * Set the process group of the tty to the session passed. Only
2284 * permitted where the tty session is our session.
2285 *
2286 * Locking: RCU, ctrl lock
2287 */
2288
tiocspgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2289 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2290 {
2291 struct pid *pgrp;
2292 pid_t pgrp_nr;
2293 int retval = tty_check_change(real_tty);
2294 unsigned long flags;
2295
2296 if (retval == -EIO)
2297 return -ENOTTY;
2298 if (retval)
2299 return retval;
2300 if (!current->signal->tty ||
2301 (current->signal->tty != real_tty) ||
2302 (real_tty->session != task_session(current)))
2303 return -ENOTTY;
2304 if (get_user(pgrp_nr, p))
2305 return -EFAULT;
2306 if (pgrp_nr < 0)
2307 return -EINVAL;
2308 rcu_read_lock();
2309 pgrp = find_vpid(pgrp_nr);
2310 retval = -ESRCH;
2311 if (!pgrp)
2312 goto out_unlock;
2313 retval = -EPERM;
2314 if (session_of_pgrp(pgrp) != task_session(current))
2315 goto out_unlock;
2316 retval = 0;
2317 spin_lock_irqsave(&tty->ctrl_lock, flags);
2318 put_pid(real_tty->pgrp);
2319 real_tty->pgrp = get_pid(pgrp);
2320 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2321 out_unlock:
2322 rcu_read_unlock();
2323 return retval;
2324 }
2325
2326 /**
2327 * tiocgsid - get session id
2328 * @tty: tty passed by user
2329 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2330 * @p: pointer to returned session id
2331 *
2332 * Obtain the session id of the tty. If there is no session
2333 * return an error.
2334 *
2335 * Locking: none. Reference to current->signal->tty is safe.
2336 */
2337
tiocgsid(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2338 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2339 {
2340 /*
2341 * (tty == real_tty) is a cheap way of
2342 * testing if the tty is NOT a master pty.
2343 */
2344 if (tty == real_tty && current->signal->tty != real_tty)
2345 return -ENOTTY;
2346 if (!real_tty->session)
2347 return -ENOTTY;
2348 return put_user(pid_vnr(real_tty->session), p);
2349 }
2350
2351 /**
2352 * tiocsetd - set line discipline
2353 * @tty: tty device
2354 * @p: pointer to user data
2355 *
2356 * Set the line discipline according to user request.
2357 *
2358 * Locking: see tty_set_ldisc, this function is just a helper
2359 */
2360
tiocsetd(struct tty_struct * tty,int __user * p)2361 static int tiocsetd(struct tty_struct *tty, int __user *p)
2362 {
2363 int ldisc;
2364 int ret;
2365
2366 if (get_user(ldisc, p))
2367 return -EFAULT;
2368
2369 lock_kernel();
2370 ret = tty_set_ldisc(tty, ldisc);
2371 unlock_kernel();
2372
2373 return ret;
2374 }
2375
2376 /**
2377 * send_break - performed time break
2378 * @tty: device to break on
2379 * @duration: timeout in mS
2380 *
2381 * Perform a timed break on hardware that lacks its own driver level
2382 * timed break functionality.
2383 *
2384 * Locking:
2385 * atomic_write_lock serializes
2386 *
2387 */
2388
send_break(struct tty_struct * tty,unsigned int duration)2389 static int send_break(struct tty_struct *tty, unsigned int duration)
2390 {
2391 int retval;
2392
2393 if (tty->ops->break_ctl == NULL)
2394 return 0;
2395
2396 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2397 retval = tty->ops->break_ctl(tty, duration);
2398 else {
2399 /* Do the work ourselves */
2400 if (tty_write_lock(tty, 0) < 0)
2401 return -EINTR;
2402 retval = tty->ops->break_ctl(tty, -1);
2403 if (retval)
2404 goto out;
2405 if (!signal_pending(current))
2406 msleep_interruptible(duration);
2407 retval = tty->ops->break_ctl(tty, 0);
2408 out:
2409 tty_write_unlock(tty);
2410 if (signal_pending(current))
2411 retval = -EINTR;
2412 }
2413 return retval;
2414 }
2415
2416 /**
2417 * tty_tiocmget - get modem status
2418 * @tty: tty device
2419 * @file: user file pointer
2420 * @p: pointer to result
2421 *
2422 * Obtain the modem status bits from the tty driver if the feature
2423 * is supported. Return -EINVAL if it is not available.
2424 *
2425 * Locking: none (up to the driver)
2426 */
2427
tty_tiocmget(struct tty_struct * tty,struct file * file,int __user * p)2428 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2429 {
2430 int retval = -EINVAL;
2431
2432 if (tty->ops->tiocmget) {
2433 retval = tty->ops->tiocmget(tty, file);
2434
2435 if (retval >= 0)
2436 retval = put_user(retval, p);
2437 }
2438 return retval;
2439 }
2440
2441 /**
2442 * tty_tiocmset - set modem status
2443 * @tty: tty device
2444 * @file: user file pointer
2445 * @cmd: command - clear bits, set bits or set all
2446 * @p: pointer to desired bits
2447 *
2448 * Set the modem status bits from the tty driver if the feature
2449 * is supported. Return -EINVAL if it is not available.
2450 *
2451 * Locking: none (up to the driver)
2452 */
2453
tty_tiocmset(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned __user * p)2454 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2455 unsigned __user *p)
2456 {
2457 int retval;
2458 unsigned int set, clear, val;
2459
2460 if (tty->ops->tiocmset == NULL)
2461 return -EINVAL;
2462
2463 retval = get_user(val, p);
2464 if (retval)
2465 return retval;
2466 set = clear = 0;
2467 switch (cmd) {
2468 case TIOCMBIS:
2469 set = val;
2470 break;
2471 case TIOCMBIC:
2472 clear = val;
2473 break;
2474 case TIOCMSET:
2475 set = val;
2476 clear = ~val;
2477 break;
2478 }
2479 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2480 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2481 return tty->ops->tiocmset(tty, file, set, clear);
2482 }
2483
2484 /*
2485 * Split this up, as gcc can choke on it otherwise..
2486 */
tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2487 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2488 {
2489 struct tty_struct *tty, *real_tty;
2490 void __user *p = (void __user *)arg;
2491 int retval;
2492 struct tty_ldisc *ld;
2493 struct inode *inode = file->f_dentry->d_inode;
2494
2495 tty = (struct tty_struct *)file->private_data;
2496 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2497 return -EINVAL;
2498
2499 real_tty = tty;
2500 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2501 tty->driver->subtype == PTY_TYPE_MASTER)
2502 real_tty = tty->link;
2503
2504
2505 /*
2506 * Factor out some common prep work
2507 */
2508 switch (cmd) {
2509 case TIOCSETD:
2510 case TIOCSBRK:
2511 case TIOCCBRK:
2512 case TCSBRK:
2513 case TCSBRKP:
2514 retval = tty_check_change(tty);
2515 if (retval)
2516 return retval;
2517 if (cmd != TIOCCBRK) {
2518 tty_wait_until_sent(tty, 0);
2519 if (signal_pending(current))
2520 return -EINTR;
2521 }
2522 break;
2523 }
2524
2525 /*
2526 * Now do the stuff.
2527 */
2528 switch (cmd) {
2529 case TIOCSTI:
2530 return tiocsti(tty, p);
2531 case TIOCGWINSZ:
2532 return tiocgwinsz(real_tty, p);
2533 case TIOCSWINSZ:
2534 return tiocswinsz(real_tty, p);
2535 case TIOCCONS:
2536 return real_tty != tty ? -EINVAL : tioccons(file);
2537 case FIONBIO:
2538 return fionbio(file, p);
2539 case TIOCEXCL:
2540 set_bit(TTY_EXCLUSIVE, &tty->flags);
2541 return 0;
2542 case TIOCNXCL:
2543 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2544 return 0;
2545 case TIOCNOTTY:
2546 if (current->signal->tty != tty)
2547 return -ENOTTY;
2548 no_tty();
2549 return 0;
2550 case TIOCSCTTY:
2551 return tiocsctty(tty, arg);
2552 case TIOCGPGRP:
2553 return tiocgpgrp(tty, real_tty, p);
2554 case TIOCSPGRP:
2555 return tiocspgrp(tty, real_tty, p);
2556 case TIOCGSID:
2557 return tiocgsid(tty, real_tty, p);
2558 case TIOCGETD:
2559 return put_user(tty->ldisc.ops->num, (int __user *)p);
2560 case TIOCSETD:
2561 return tiocsetd(tty, p);
2562 /*
2563 * Break handling
2564 */
2565 case TIOCSBRK: /* Turn break on, unconditionally */
2566 if (tty->ops->break_ctl)
2567 return tty->ops->break_ctl(tty, -1);
2568 return 0;
2569 case TIOCCBRK: /* Turn break off, unconditionally */
2570 if (tty->ops->break_ctl)
2571 return tty->ops->break_ctl(tty, 0);
2572 return 0;
2573 case TCSBRK: /* SVID version: non-zero arg --> no break */
2574 /* non-zero arg means wait for all output data
2575 * to be sent (performed above) but don't send break.
2576 * This is used by the tcdrain() termios function.
2577 */
2578 if (!arg)
2579 return send_break(tty, 250);
2580 return 0;
2581 case TCSBRKP: /* support for POSIX tcsendbreak() */
2582 return send_break(tty, arg ? arg*100 : 250);
2583
2584 case TIOCMGET:
2585 return tty_tiocmget(tty, file, p);
2586 case TIOCMSET:
2587 case TIOCMBIC:
2588 case TIOCMBIS:
2589 return tty_tiocmset(tty, file, cmd, p);
2590 case TCFLSH:
2591 switch (arg) {
2592 case TCIFLUSH:
2593 case TCIOFLUSH:
2594 /* flush tty buffer and allow ldisc to process ioctl */
2595 tty_buffer_flush(tty);
2596 break;
2597 }
2598 break;
2599 }
2600 if (tty->ops->ioctl) {
2601 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
2602 if (retval != -ENOIOCTLCMD)
2603 return retval;
2604 }
2605 ld = tty_ldisc_ref_wait(tty);
2606 retval = -EINVAL;
2607 if (ld->ops->ioctl) {
2608 retval = ld->ops->ioctl(tty, file, cmd, arg);
2609 if (retval == -ENOIOCTLCMD)
2610 retval = -EINVAL;
2611 }
2612 tty_ldisc_deref(ld);
2613 return retval;
2614 }
2615
2616 #ifdef CONFIG_COMPAT
tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2617 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2618 unsigned long arg)
2619 {
2620 struct inode *inode = file->f_dentry->d_inode;
2621 struct tty_struct *tty = file->private_data;
2622 struct tty_ldisc *ld;
2623 int retval = -ENOIOCTLCMD;
2624
2625 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2626 return -EINVAL;
2627
2628 if (tty->ops->compat_ioctl) {
2629 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
2630 if (retval != -ENOIOCTLCMD)
2631 return retval;
2632 }
2633
2634 ld = tty_ldisc_ref_wait(tty);
2635 if (ld->ops->compat_ioctl)
2636 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2637 tty_ldisc_deref(ld);
2638
2639 return retval;
2640 }
2641 #endif
2642
2643 /*
2644 * This implements the "Secure Attention Key" --- the idea is to
2645 * prevent trojan horses by killing all processes associated with this
2646 * tty when the user hits the "Secure Attention Key". Required for
2647 * super-paranoid applications --- see the Orange Book for more details.
2648 *
2649 * This code could be nicer; ideally it should send a HUP, wait a few
2650 * seconds, then send a INT, and then a KILL signal. But you then
2651 * have to coordinate with the init process, since all processes associated
2652 * with the current tty must be dead before the new getty is allowed
2653 * to spawn.
2654 *
2655 * Now, if it would be correct ;-/ The current code has a nasty hole -
2656 * it doesn't catch files in flight. We may send the descriptor to ourselves
2657 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2658 *
2659 * Nasty bug: do_SAK is being called in interrupt context. This can
2660 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2661 */
__do_SAK(struct tty_struct * tty)2662 void __do_SAK(struct tty_struct *tty)
2663 {
2664 #ifdef TTY_SOFT_SAK
2665 tty_hangup(tty);
2666 #else
2667 struct task_struct *g, *p;
2668 struct pid *session;
2669 int i;
2670 struct file *filp;
2671 struct fdtable *fdt;
2672
2673 if (!tty)
2674 return;
2675 session = tty->session;
2676
2677 tty_ldisc_flush(tty);
2678
2679 tty_driver_flush_buffer(tty);
2680
2681 read_lock(&tasklist_lock);
2682 /* Kill the entire session */
2683 do_each_pid_task(session, PIDTYPE_SID, p) {
2684 printk(KERN_NOTICE "SAK: killed process %d"
2685 " (%s): task_session_nr(p)==tty->session\n",
2686 task_pid_nr(p), p->comm);
2687 send_sig(SIGKILL, p, 1);
2688 } while_each_pid_task(session, PIDTYPE_SID, p);
2689 /* Now kill any processes that happen to have the
2690 * tty open.
2691 */
2692 do_each_thread(g, p) {
2693 if (p->signal->tty == tty) {
2694 printk(KERN_NOTICE "SAK: killed process %d"
2695 " (%s): task_session_nr(p)==tty->session\n",
2696 task_pid_nr(p), p->comm);
2697 send_sig(SIGKILL, p, 1);
2698 continue;
2699 }
2700 task_lock(p);
2701 if (p->files) {
2702 /*
2703 * We don't take a ref to the file, so we must
2704 * hold ->file_lock instead.
2705 */
2706 spin_lock(&p->files->file_lock);
2707 fdt = files_fdtable(p->files);
2708 for (i = 0; i < fdt->max_fds; i++) {
2709 filp = fcheck_files(p->files, i);
2710 if (!filp)
2711 continue;
2712 if (filp->f_op->read == tty_read &&
2713 filp->private_data == tty) {
2714 printk(KERN_NOTICE "SAK: killed process %d"
2715 " (%s): fd#%d opened to the tty\n",
2716 task_pid_nr(p), p->comm, i);
2717 force_sig(SIGKILL, p);
2718 break;
2719 }
2720 }
2721 spin_unlock(&p->files->file_lock);
2722 }
2723 task_unlock(p);
2724 } while_each_thread(g, p);
2725 read_unlock(&tasklist_lock);
2726 #endif
2727 }
2728
do_SAK_work(struct work_struct * work)2729 static void do_SAK_work(struct work_struct *work)
2730 {
2731 struct tty_struct *tty =
2732 container_of(work, struct tty_struct, SAK_work);
2733 __do_SAK(tty);
2734 }
2735
2736 /*
2737 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2738 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2739 * the values which we write to it will be identical to the values which it
2740 * already has. --akpm
2741 */
do_SAK(struct tty_struct * tty)2742 void do_SAK(struct tty_struct *tty)
2743 {
2744 if (!tty)
2745 return;
2746 schedule_work(&tty->SAK_work);
2747 }
2748
2749 EXPORT_SYMBOL(do_SAK);
2750
2751 /**
2752 * initialize_tty_struct
2753 * @tty: tty to initialize
2754 *
2755 * This subroutine initializes a tty structure that has been newly
2756 * allocated.
2757 *
2758 * Locking: none - tty in question must not be exposed at this point
2759 */
2760
initialize_tty_struct(struct tty_struct * tty,struct tty_driver * driver,int idx)2761 void initialize_tty_struct(struct tty_struct *tty,
2762 struct tty_driver *driver, int idx)
2763 {
2764 memset(tty, 0, sizeof(struct tty_struct));
2765 kref_init(&tty->kref);
2766 tty->magic = TTY_MAGIC;
2767 tty_ldisc_init(tty);
2768 tty->session = NULL;
2769 tty->pgrp = NULL;
2770 tty->overrun_time = jiffies;
2771 tty->buf.head = tty->buf.tail = NULL;
2772 tty_buffer_init(tty);
2773 mutex_init(&tty->termios_mutex);
2774 init_waitqueue_head(&tty->write_wait);
2775 init_waitqueue_head(&tty->read_wait);
2776 INIT_WORK(&tty->hangup_work, do_tty_hangup);
2777 mutex_init(&tty->atomic_read_lock);
2778 mutex_init(&tty->atomic_write_lock);
2779 mutex_init(&tty->output_lock);
2780 mutex_init(&tty->echo_lock);
2781 spin_lock_init(&tty->read_lock);
2782 spin_lock_init(&tty->ctrl_lock);
2783 INIT_LIST_HEAD(&tty->tty_files);
2784 INIT_WORK(&tty->SAK_work, do_SAK_work);
2785
2786 tty->driver = driver;
2787 tty->ops = driver->ops;
2788 tty->index = idx;
2789 tty_line_name(driver, idx, tty->name);
2790 }
2791
2792 /**
2793 * tty_put_char - write one character to a tty
2794 * @tty: tty
2795 * @ch: character
2796 *
2797 * Write one byte to the tty using the provided put_char method
2798 * if present. Returns the number of characters successfully output.
2799 *
2800 * Note: the specific put_char operation in the driver layer may go
2801 * away soon. Don't call it directly, use this method
2802 */
2803
tty_put_char(struct tty_struct * tty,unsigned char ch)2804 int tty_put_char(struct tty_struct *tty, unsigned char ch)
2805 {
2806 if (tty->ops->put_char)
2807 return tty->ops->put_char(tty, ch);
2808 return tty->ops->write(tty, &ch, 1);
2809 }
2810 EXPORT_SYMBOL_GPL(tty_put_char);
2811
2812 struct class *tty_class;
2813
2814 /**
2815 * tty_register_device - register a tty device
2816 * @driver: the tty driver that describes the tty device
2817 * @index: the index in the tty driver for this tty device
2818 * @device: a struct device that is associated with this tty device.
2819 * This field is optional, if there is no known struct device
2820 * for this tty device it can be set to NULL safely.
2821 *
2822 * Returns a pointer to the struct device for this tty device
2823 * (or ERR_PTR(-EFOO) on error).
2824 *
2825 * This call is required to be made to register an individual tty device
2826 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
2827 * that bit is not set, this function should not be called by a tty
2828 * driver.
2829 *
2830 * Locking: ??
2831 */
2832
tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)2833 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
2834 struct device *device)
2835 {
2836 char name[64];
2837 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
2838
2839 if (index >= driver->num) {
2840 printk(KERN_ERR "Attempt to register invalid tty line number "
2841 " (%d).\n", index);
2842 return ERR_PTR(-EINVAL);
2843 }
2844
2845 if (driver->type == TTY_DRIVER_TYPE_PTY)
2846 pty_line_name(driver, index, name);
2847 else
2848 tty_line_name(driver, index, name);
2849
2850 return device_create(tty_class, device, dev, NULL, name);
2851 }
2852 EXPORT_SYMBOL(tty_register_device);
2853
2854 /**
2855 * tty_unregister_device - unregister a tty device
2856 * @driver: the tty driver that describes the tty device
2857 * @index: the index in the tty driver for this tty device
2858 *
2859 * If a tty device is registered with a call to tty_register_device() then
2860 * this function must be called when the tty device is gone.
2861 *
2862 * Locking: ??
2863 */
2864
tty_unregister_device(struct tty_driver * driver,unsigned index)2865 void tty_unregister_device(struct tty_driver *driver, unsigned index)
2866 {
2867 device_destroy(tty_class,
2868 MKDEV(driver->major, driver->minor_start) + index);
2869 }
2870 EXPORT_SYMBOL(tty_unregister_device);
2871
alloc_tty_driver(int lines)2872 struct tty_driver *alloc_tty_driver(int lines)
2873 {
2874 struct tty_driver *driver;
2875
2876 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
2877 if (driver) {
2878 kref_init(&driver->kref);
2879 driver->magic = TTY_DRIVER_MAGIC;
2880 driver->num = lines;
2881 /* later we'll move allocation of tables here */
2882 }
2883 return driver;
2884 }
2885 EXPORT_SYMBOL(alloc_tty_driver);
2886
destruct_tty_driver(struct kref * kref)2887 static void destruct_tty_driver(struct kref *kref)
2888 {
2889 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
2890 int i;
2891 struct ktermios *tp;
2892 void *p;
2893
2894 if (driver->flags & TTY_DRIVER_INSTALLED) {
2895 /*
2896 * Free the termios and termios_locked structures because
2897 * we don't want to get memory leaks when modular tty
2898 * drivers are removed from the kernel.
2899 */
2900 for (i = 0; i < driver->num; i++) {
2901 tp = driver->termios[i];
2902 if (tp) {
2903 driver->termios[i] = NULL;
2904 kfree(tp);
2905 }
2906 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
2907 tty_unregister_device(driver, i);
2908 }
2909 p = driver->ttys;
2910 proc_tty_unregister_driver(driver);
2911 driver->ttys = NULL;
2912 driver->termios = NULL;
2913 kfree(p);
2914 cdev_del(&driver->cdev);
2915 }
2916 kfree(driver);
2917 }
2918
tty_driver_kref_put(struct tty_driver * driver)2919 void tty_driver_kref_put(struct tty_driver *driver)
2920 {
2921 kref_put(&driver->kref, destruct_tty_driver);
2922 }
2923 EXPORT_SYMBOL(tty_driver_kref_put);
2924
tty_set_operations(struct tty_driver * driver,const struct tty_operations * op)2925 void tty_set_operations(struct tty_driver *driver,
2926 const struct tty_operations *op)
2927 {
2928 driver->ops = op;
2929 };
2930 EXPORT_SYMBOL(tty_set_operations);
2931
put_tty_driver(struct tty_driver * d)2932 void put_tty_driver(struct tty_driver *d)
2933 {
2934 tty_driver_kref_put(d);
2935 }
2936 EXPORT_SYMBOL(put_tty_driver);
2937
2938 /*
2939 * Called by a tty driver to register itself.
2940 */
tty_register_driver(struct tty_driver * driver)2941 int tty_register_driver(struct tty_driver *driver)
2942 {
2943 int error;
2944 int i;
2945 dev_t dev;
2946 void **p = NULL;
2947
2948 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
2949 p = kzalloc(driver->num * 2 * sizeof(void *), GFP_KERNEL);
2950 if (!p)
2951 return -ENOMEM;
2952 }
2953
2954 if (!driver->major) {
2955 error = alloc_chrdev_region(&dev, driver->minor_start,
2956 driver->num, driver->name);
2957 if (!error) {
2958 driver->major = MAJOR(dev);
2959 driver->minor_start = MINOR(dev);
2960 }
2961 } else {
2962 dev = MKDEV(driver->major, driver->minor_start);
2963 error = register_chrdev_region(dev, driver->num, driver->name);
2964 }
2965 if (error < 0) {
2966 kfree(p);
2967 return error;
2968 }
2969
2970 if (p) {
2971 driver->ttys = (struct tty_struct **)p;
2972 driver->termios = (struct ktermios **)(p + driver->num);
2973 } else {
2974 driver->ttys = NULL;
2975 driver->termios = NULL;
2976 }
2977
2978 cdev_init(&driver->cdev, &tty_fops);
2979 driver->cdev.owner = driver->owner;
2980 error = cdev_add(&driver->cdev, dev, driver->num);
2981 if (error) {
2982 unregister_chrdev_region(dev, driver->num);
2983 driver->ttys = NULL;
2984 driver->termios = NULL;
2985 kfree(p);
2986 return error;
2987 }
2988
2989 mutex_lock(&tty_mutex);
2990 list_add(&driver->tty_drivers, &tty_drivers);
2991 mutex_unlock(&tty_mutex);
2992
2993 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
2994 for (i = 0; i < driver->num; i++)
2995 tty_register_device(driver, i, NULL);
2996 }
2997 proc_tty_register_driver(driver);
2998 driver->flags |= TTY_DRIVER_INSTALLED;
2999 return 0;
3000 }
3001
3002 EXPORT_SYMBOL(tty_register_driver);
3003
3004 /*
3005 * Called by a tty driver to unregister itself.
3006 */
tty_unregister_driver(struct tty_driver * driver)3007 int tty_unregister_driver(struct tty_driver *driver)
3008 {
3009 #if 0
3010 /* FIXME */
3011 if (driver->refcount)
3012 return -EBUSY;
3013 #endif
3014 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3015 driver->num);
3016 mutex_lock(&tty_mutex);
3017 list_del(&driver->tty_drivers);
3018 mutex_unlock(&tty_mutex);
3019 return 0;
3020 }
3021
3022 EXPORT_SYMBOL(tty_unregister_driver);
3023
tty_devnum(struct tty_struct * tty)3024 dev_t tty_devnum(struct tty_struct *tty)
3025 {
3026 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3027 }
3028 EXPORT_SYMBOL(tty_devnum);
3029
proc_clear_tty(struct task_struct * p)3030 void proc_clear_tty(struct task_struct *p)
3031 {
3032 unsigned long flags;
3033 struct tty_struct *tty;
3034 spin_lock_irqsave(&p->sighand->siglock, flags);
3035 tty = p->signal->tty;
3036 p->signal->tty = NULL;
3037 spin_unlock_irqrestore(&p->sighand->siglock, flags);
3038 tty_kref_put(tty);
3039 }
3040
3041 /* Called under the sighand lock */
3042
__proc_set_tty(struct task_struct * tsk,struct tty_struct * tty)3043 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3044 {
3045 if (tty) {
3046 unsigned long flags;
3047 /* We should not have a session or pgrp to put here but.... */
3048 spin_lock_irqsave(&tty->ctrl_lock, flags);
3049 put_pid(tty->session);
3050 put_pid(tty->pgrp);
3051 tty->pgrp = get_pid(task_pgrp(tsk));
3052 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3053 tty->session = get_pid(task_session(tsk));
3054 if (tsk->signal->tty) {
3055 printk(KERN_DEBUG "tty not NULL!!\n");
3056 tty_kref_put(tsk->signal->tty);
3057 }
3058 }
3059 put_pid(tsk->signal->tty_old_pgrp);
3060 tsk->signal->tty = tty_kref_get(tty);
3061 tsk->signal->tty_old_pgrp = NULL;
3062 }
3063
proc_set_tty(struct task_struct * tsk,struct tty_struct * tty)3064 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3065 {
3066 spin_lock_irq(&tsk->sighand->siglock);
3067 __proc_set_tty(tsk, tty);
3068 spin_unlock_irq(&tsk->sighand->siglock);
3069 }
3070
get_current_tty(void)3071 struct tty_struct *get_current_tty(void)
3072 {
3073 struct tty_struct *tty;
3074 unsigned long flags;
3075
3076 spin_lock_irqsave(¤t->sighand->siglock, flags);
3077 tty = tty_kref_get(current->signal->tty);
3078 spin_unlock_irqrestore(¤t->sighand->siglock, flags);
3079 return tty;
3080 }
3081 EXPORT_SYMBOL_GPL(get_current_tty);
3082
tty_default_fops(struct file_operations * fops)3083 void tty_default_fops(struct file_operations *fops)
3084 {
3085 *fops = tty_fops;
3086 }
3087
3088 /*
3089 * Initialize the console device. This is called *early*, so
3090 * we can't necessarily depend on lots of kernel help here.
3091 * Just do some early initializations, and do the complex setup
3092 * later.
3093 */
console_init(void)3094 void __init console_init(void)
3095 {
3096 initcall_t *call;
3097
3098 /* Setup the default TTY line discipline. */
3099 tty_ldisc_begin();
3100
3101 /*
3102 * set up the console device so that later boot sequences can
3103 * inform about problems etc..
3104 */
3105 call = __con_initcall_start;
3106 while (call < __con_initcall_end) {
3107 (*call)();
3108 call++;
3109 }
3110 }
3111
tty_class_init(void)3112 static int __init tty_class_init(void)
3113 {
3114 tty_class = class_create(THIS_MODULE, "tty");
3115 if (IS_ERR(tty_class))
3116 return PTR_ERR(tty_class);
3117 return 0;
3118 }
3119
3120 postcore_initcall(tty_class_init);
3121
3122 /* 3/2004 jmc: why do these devices exist? */
3123
3124 static struct cdev tty_cdev, console_cdev;
3125
3126 /*
3127 * Ok, now we can initialize the rest of the tty devices and can count
3128 * on memory allocations, interrupts etc..
3129 */
tty_init(void)3130 static int __init tty_init(void)
3131 {
3132 cdev_init(&tty_cdev, &tty_fops);
3133 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3134 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3135 panic("Couldn't register /dev/tty driver\n");
3136 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL,
3137 "tty");
3138
3139 cdev_init(&console_cdev, &console_fops);
3140 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3141 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3142 panic("Couldn't register /dev/console driver\n");
3143 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3144 "console");
3145
3146 #ifdef CONFIG_VT
3147 vty_init(&console_fops);
3148 #endif
3149 return 0;
3150 }
3151 module_init(tty_init);
3152