1 /*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5 /*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67 #include <linux/types.h>
68 #include <linux/major.h>
69 #include <linux/errno.h>
70 #include <linux/signal.h>
71 #include <linux/fcntl.h>
72 #include <linux/sched.h>
73 #include <linux/interrupt.h>
74 #include <linux/tty.h>
75 #include <linux/tty_driver.h>
76 #include <linux/tty_flip.h>
77 #include <linux/devpts_fs.h>
78 #include <linux/file.h>
79 #include <linux/fdtable.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/device.h>
92 #include <linux/wait.h>
93 #include <linux/bitops.h>
94 #include <linux/delay.h>
95 #include <linux/seq_file.h>
96 #include <linux/serial.h>
97 #include <linux/ratelimit.h>
98
99 #include <linux/uaccess.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106 #include <linux/nsproxy.h>
107
108 #undef TTY_DEBUG_HANGUP
109 #ifdef TTY_DEBUG_HANGUP
110 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
111 #else
112 # define tty_debug_hangup(tty, f, args...) do { } while (0)
113 #endif
114
115 #define TTY_PARANOIA_CHECK 1
116 #define CHECK_TTY_COUNT 1
117
118 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
119 .c_iflag = ICRNL | IXON,
120 .c_oflag = OPOST | ONLCR,
121 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
122 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
123 ECHOCTL | ECHOKE | IEXTEN,
124 .c_cc = INIT_C_CC,
125 .c_ispeed = 38400,
126 .c_ospeed = 38400
127 };
128
129 EXPORT_SYMBOL(tty_std_termios);
130
131 /* This list gets poked at by procfs and various bits of boot up code. This
132 could do with some rationalisation such as pulling the tty proc function
133 into this file */
134
135 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
136
137 /* Mutex to protect creating and releasing a tty. This is shared with
138 vt.c for deeply disgusting hack reasons */
139 DEFINE_MUTEX(tty_mutex);
140 EXPORT_SYMBOL(tty_mutex);
141
142 /* Spinlock to protect the tty->tty_files list */
143 DEFINE_SPINLOCK(tty_files_lock);
144
145 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
146 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
147 ssize_t redirected_tty_write(struct file *, const char __user *,
148 size_t, loff_t *);
149 static unsigned int tty_poll(struct file *, poll_table *);
150 static int tty_open(struct inode *, struct file *);
151 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
152 #ifdef CONFIG_COMPAT
153 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
154 unsigned long arg);
155 #else
156 #define tty_compat_ioctl NULL
157 #endif
158 static int __tty_fasync(int fd, struct file *filp, int on);
159 static int tty_fasync(int fd, struct file *filp, int on);
160 static void release_tty(struct tty_struct *tty, int idx);
161
162 /**
163 * free_tty_struct - free a disused tty
164 * @tty: tty struct to free
165 *
166 * Free the write buffers, tty queue and tty memory itself.
167 *
168 * Locking: none. Must be called after tty is definitely unused
169 */
170
free_tty_struct(struct tty_struct * tty)171 void free_tty_struct(struct tty_struct *tty)
172 {
173 if (!tty)
174 return;
175 put_device(tty->dev);
176 kfree(tty->write_buf);
177 tty->magic = 0xDEADDEAD;
178 kfree(tty);
179 }
180
file_tty(struct file * file)181 static inline struct tty_struct *file_tty(struct file *file)
182 {
183 return ((struct tty_file_private *)file->private_data)->tty;
184 }
185
tty_alloc_file(struct file * file)186 int tty_alloc_file(struct file *file)
187 {
188 struct tty_file_private *priv;
189
190 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
191 if (!priv)
192 return -ENOMEM;
193
194 file->private_data = priv;
195
196 return 0;
197 }
198
199 /* Associate a new file with the tty structure */
tty_add_file(struct tty_struct * tty,struct file * file)200 void tty_add_file(struct tty_struct *tty, struct file *file)
201 {
202 struct tty_file_private *priv = file->private_data;
203
204 priv->tty = tty;
205 priv->file = file;
206
207 spin_lock(&tty_files_lock);
208 list_add(&priv->list, &tty->tty_files);
209 spin_unlock(&tty_files_lock);
210 }
211
212 /**
213 * tty_free_file - free file->private_data
214 *
215 * This shall be used only for fail path handling when tty_add_file was not
216 * called yet.
217 */
tty_free_file(struct file * file)218 void tty_free_file(struct file *file)
219 {
220 struct tty_file_private *priv = file->private_data;
221
222 file->private_data = NULL;
223 kfree(priv);
224 }
225
226 /* Delete file from its tty */
tty_del_file(struct file * file)227 static void tty_del_file(struct file *file)
228 {
229 struct tty_file_private *priv = file->private_data;
230
231 spin_lock(&tty_files_lock);
232 list_del(&priv->list);
233 spin_unlock(&tty_files_lock);
234 tty_free_file(file);
235 }
236
237
238 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
239
240 /**
241 * tty_name - return tty naming
242 * @tty: tty structure
243 *
244 * Convert a tty structure into a name. The name reflects the kernel
245 * naming policy and if udev is in use may not reflect user space
246 *
247 * Locking: none
248 */
249
tty_name(const struct tty_struct * tty)250 const char *tty_name(const struct tty_struct *tty)
251 {
252 if (!tty) /* Hmm. NULL pointer. That's fun. */
253 return "NULL tty";
254 return tty->name;
255 }
256
257 EXPORT_SYMBOL(tty_name);
258
tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)259 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 const char *routine)
261 {
262 #ifdef TTY_PARANOIA_CHECK
263 if (!tty) {
264 printk(KERN_WARNING
265 "null TTY for (%d:%d) in %s\n",
266 imajor(inode), iminor(inode), routine);
267 return 1;
268 }
269 if (tty->magic != TTY_MAGIC) {
270 printk(KERN_WARNING
271 "bad magic number for tty struct (%d:%d) in %s\n",
272 imajor(inode), iminor(inode), routine);
273 return 1;
274 }
275 #endif
276 return 0;
277 }
278
279 /* Caller must hold tty_lock */
check_tty_count(struct tty_struct * tty,const char * routine)280 static int check_tty_count(struct tty_struct *tty, const char *routine)
281 {
282 #ifdef CHECK_TTY_COUNT
283 struct list_head *p;
284 int count = 0;
285
286 spin_lock(&tty_files_lock);
287 list_for_each(p, &tty->tty_files) {
288 count++;
289 }
290 spin_unlock(&tty_files_lock);
291 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
292 tty->driver->subtype == PTY_TYPE_SLAVE &&
293 tty->link && tty->link->count)
294 count++;
295 if (tty->count != count) {
296 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
297 "!= #fd's(%d) in %s\n",
298 tty->name, tty->count, count, routine);
299 return count;
300 }
301 #endif
302 return 0;
303 }
304
305 /**
306 * get_tty_driver - find device of a tty
307 * @dev_t: device identifier
308 * @index: returns the index of the tty
309 *
310 * This routine returns a tty driver structure, given a device number
311 * and also passes back the index number.
312 *
313 * Locking: caller must hold tty_mutex
314 */
315
get_tty_driver(dev_t device,int * index)316 static struct tty_driver *get_tty_driver(dev_t device, int *index)
317 {
318 struct tty_driver *p;
319
320 list_for_each_entry(p, &tty_drivers, tty_drivers) {
321 dev_t base = MKDEV(p->major, p->minor_start);
322 if (device < base || device >= base + p->num)
323 continue;
324 *index = device - base;
325 return tty_driver_kref_get(p);
326 }
327 return NULL;
328 }
329
330 #ifdef CONFIG_CONSOLE_POLL
331
332 /**
333 * tty_find_polling_driver - find device of a polled tty
334 * @name: name string to match
335 * @line: pointer to resulting tty line nr
336 *
337 * This routine returns a tty driver structure, given a name
338 * and the condition that the tty driver is capable of polled
339 * operation.
340 */
tty_find_polling_driver(char * name,int * line)341 struct tty_driver *tty_find_polling_driver(char *name, int *line)
342 {
343 struct tty_driver *p, *res = NULL;
344 int tty_line = 0;
345 int len;
346 char *str, *stp;
347
348 for (str = name; *str; str++)
349 if ((*str >= '0' && *str <= '9') || *str == ',')
350 break;
351 if (!*str)
352 return NULL;
353
354 len = str - name;
355 tty_line = simple_strtoul(str, &str, 10);
356
357 mutex_lock(&tty_mutex);
358 /* Search through the tty devices to look for a match */
359 list_for_each_entry(p, &tty_drivers, tty_drivers) {
360 if (!len || strncmp(name, p->name, len) != 0)
361 continue;
362 stp = str;
363 if (*stp == ',')
364 stp++;
365 if (*stp == '\0')
366 stp = NULL;
367
368 if (tty_line >= 0 && tty_line < p->num && p->ops &&
369 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
370 res = tty_driver_kref_get(p);
371 *line = tty_line;
372 break;
373 }
374 }
375 mutex_unlock(&tty_mutex);
376
377 return res;
378 }
379 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
380 #endif
381
382 /**
383 * tty_check_change - check for POSIX terminal changes
384 * @tty: tty to check
385 *
386 * If we try to write to, or set the state of, a terminal and we're
387 * not in the foreground, send a SIGTTOU. If the signal is blocked or
388 * ignored, go ahead and perform the operation. (POSIX 7.2)
389 *
390 * Locking: ctrl_lock
391 */
392
__tty_check_change(struct tty_struct * tty,int sig)393 int __tty_check_change(struct tty_struct *tty, int sig)
394 {
395 unsigned long flags;
396 struct pid *pgrp, *tty_pgrp;
397 int ret = 0;
398
399 if (current->signal->tty != tty)
400 return 0;
401
402 rcu_read_lock();
403 pgrp = task_pgrp(current);
404
405 spin_lock_irqsave(&tty->ctrl_lock, flags);
406 tty_pgrp = tty->pgrp;
407 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
408
409 if (tty_pgrp && pgrp != tty->pgrp) {
410 if (is_ignored(sig)) {
411 if (sig == SIGTTIN)
412 ret = -EIO;
413 } else if (is_current_pgrp_orphaned())
414 ret = -EIO;
415 else {
416 kill_pgrp(pgrp, sig, 1);
417 set_thread_flag(TIF_SIGPENDING);
418 ret = -ERESTARTSYS;
419 }
420 }
421 rcu_read_unlock();
422
423 if (!tty_pgrp) {
424 pr_warn("%s: tty_check_change: sig=%d, tty->pgrp == NULL!\n",
425 tty_name(tty), sig);
426 }
427
428 return ret;
429 }
430
tty_check_change(struct tty_struct * tty)431 int tty_check_change(struct tty_struct *tty)
432 {
433 return __tty_check_change(tty, SIGTTOU);
434 }
435 EXPORT_SYMBOL(tty_check_change);
436
hung_up_tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)437 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
438 size_t count, loff_t *ppos)
439 {
440 return 0;
441 }
442
hung_up_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)443 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
444 size_t count, loff_t *ppos)
445 {
446 return -EIO;
447 }
448
449 /* No kernel lock held - none needed ;) */
hung_up_tty_poll(struct file * filp,poll_table * wait)450 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
451 {
452 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
453 }
454
hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)455 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
456 unsigned long arg)
457 {
458 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
459 }
460
hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)461 static long hung_up_tty_compat_ioctl(struct file *file,
462 unsigned int cmd, unsigned long arg)
463 {
464 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
465 }
466
467 static const struct file_operations tty_fops = {
468 .llseek = no_llseek,
469 .read = tty_read,
470 .write = tty_write,
471 .poll = tty_poll,
472 .unlocked_ioctl = tty_ioctl,
473 .compat_ioctl = tty_compat_ioctl,
474 .open = tty_open,
475 .release = tty_release,
476 .fasync = tty_fasync,
477 };
478
479 static const struct file_operations console_fops = {
480 .llseek = no_llseek,
481 .read = tty_read,
482 .write = redirected_tty_write,
483 .poll = tty_poll,
484 .unlocked_ioctl = tty_ioctl,
485 .compat_ioctl = tty_compat_ioctl,
486 .open = tty_open,
487 .release = tty_release,
488 .fasync = tty_fasync,
489 };
490
491 static const struct file_operations hung_up_tty_fops = {
492 .llseek = no_llseek,
493 .read = hung_up_tty_read,
494 .write = hung_up_tty_write,
495 .poll = hung_up_tty_poll,
496 .unlocked_ioctl = hung_up_tty_ioctl,
497 .compat_ioctl = hung_up_tty_compat_ioctl,
498 .release = tty_release,
499 };
500
501 static DEFINE_SPINLOCK(redirect_lock);
502 static struct file *redirect;
503
504
proc_clear_tty(struct task_struct * p)505 void proc_clear_tty(struct task_struct *p)
506 {
507 unsigned long flags;
508 struct tty_struct *tty;
509 spin_lock_irqsave(&p->sighand->siglock, flags);
510 tty = p->signal->tty;
511 p->signal->tty = NULL;
512 spin_unlock_irqrestore(&p->sighand->siglock, flags);
513 tty_kref_put(tty);
514 }
515
516 extern void tty_sysctl_init(void);
517
518 /**
519 * proc_set_tty - set the controlling terminal
520 *
521 * Only callable by the session leader and only if it does not already have
522 * a controlling terminal.
523 *
524 * Caller must hold: tty_lock()
525 * a readlock on tasklist_lock
526 * sighand lock
527 */
__proc_set_tty(struct tty_struct * tty)528 static void __proc_set_tty(struct tty_struct *tty)
529 {
530 unsigned long flags;
531
532 spin_lock_irqsave(&tty->ctrl_lock, flags);
533 /*
534 * The session and fg pgrp references will be non-NULL if
535 * tiocsctty() is stealing the controlling tty
536 */
537 put_pid(tty->session);
538 put_pid(tty->pgrp);
539 tty->pgrp = get_pid(task_pgrp(current));
540 tty->session = get_pid(task_session(current));
541 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
542 if (current->signal->tty) {
543 tty_debug(tty, "current tty %s not NULL!!\n",
544 current->signal->tty->name);
545 tty_kref_put(current->signal->tty);
546 }
547 put_pid(current->signal->tty_old_pgrp);
548 current->signal->tty = tty_kref_get(tty);
549 current->signal->tty_old_pgrp = NULL;
550 }
551
proc_set_tty(struct tty_struct * tty)552 static void proc_set_tty(struct tty_struct *tty)
553 {
554 spin_lock_irq(¤t->sighand->siglock);
555 __proc_set_tty(tty);
556 spin_unlock_irq(¤t->sighand->siglock);
557 }
558
get_current_tty(void)559 struct tty_struct *get_current_tty(void)
560 {
561 struct tty_struct *tty;
562 unsigned long flags;
563
564 spin_lock_irqsave(¤t->sighand->siglock, flags);
565 tty = tty_kref_get(current->signal->tty);
566 spin_unlock_irqrestore(¤t->sighand->siglock, flags);
567 return tty;
568 }
569 EXPORT_SYMBOL_GPL(get_current_tty);
570
session_clear_tty(struct pid * session)571 static void session_clear_tty(struct pid *session)
572 {
573 struct task_struct *p;
574 do_each_pid_task(session, PIDTYPE_SID, p) {
575 proc_clear_tty(p);
576 } while_each_pid_task(session, PIDTYPE_SID, p);
577 }
578
579 /**
580 * tty_wakeup - request more data
581 * @tty: terminal
582 *
583 * Internal and external helper for wakeups of tty. This function
584 * informs the line discipline if present that the driver is ready
585 * to receive more output data.
586 */
587
tty_wakeup(struct tty_struct * tty)588 void tty_wakeup(struct tty_struct *tty)
589 {
590 struct tty_ldisc *ld;
591
592 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
593 ld = tty_ldisc_ref(tty);
594 if (ld) {
595 if (ld->ops->write_wakeup)
596 ld->ops->write_wakeup(tty);
597 tty_ldisc_deref(ld);
598 }
599 }
600 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
601 }
602
603 EXPORT_SYMBOL_GPL(tty_wakeup);
604
605 /**
606 * tty_signal_session_leader - sends SIGHUP to session leader
607 * @tty controlling tty
608 * @exit_session if non-zero, signal all foreground group processes
609 *
610 * Send SIGHUP and SIGCONT to the session leader and its process group.
611 * Optionally, signal all processes in the foreground process group.
612 *
613 * Returns the number of processes in the session with this tty
614 * as their controlling terminal. This value is used to drop
615 * tty references for those processes.
616 */
tty_signal_session_leader(struct tty_struct * tty,int exit_session)617 static int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
618 {
619 struct task_struct *p;
620 int refs = 0;
621 struct pid *tty_pgrp = NULL;
622
623 read_lock(&tasklist_lock);
624 if (tty->session) {
625 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
626 spin_lock_irq(&p->sighand->siglock);
627 if (p->signal->tty == tty) {
628 p->signal->tty = NULL;
629 /* We defer the dereferences outside fo
630 the tasklist lock */
631 refs++;
632 }
633 if (!p->signal->leader) {
634 spin_unlock_irq(&p->sighand->siglock);
635 continue;
636 }
637 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
638 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
639 put_pid(p->signal->tty_old_pgrp); /* A noop */
640 spin_lock(&tty->ctrl_lock);
641 tty_pgrp = get_pid(tty->pgrp);
642 if (tty->pgrp)
643 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
644 spin_unlock(&tty->ctrl_lock);
645 spin_unlock_irq(&p->sighand->siglock);
646 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
647 }
648 read_unlock(&tasklist_lock);
649
650 if (tty_pgrp) {
651 if (exit_session)
652 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
653 put_pid(tty_pgrp);
654 }
655
656 return refs;
657 }
658
659 /**
660 * __tty_hangup - actual handler for hangup events
661 * @work: tty device
662 *
663 * This can be called by a "kworker" kernel thread. That is process
664 * synchronous but doesn't hold any locks, so we need to make sure we
665 * have the appropriate locks for what we're doing.
666 *
667 * The hangup event clears any pending redirections onto the hung up
668 * device. It ensures future writes will error and it does the needed
669 * line discipline hangup and signal delivery. The tty object itself
670 * remains intact.
671 *
672 * Locking:
673 * BTM
674 * redirect lock for undoing redirection
675 * file list lock for manipulating list of ttys
676 * tty_ldiscs_lock from called functions
677 * termios_rwsem resetting termios data
678 * tasklist_lock to walk task list for hangup event
679 * ->siglock to protect ->signal/->sighand
680 */
__tty_hangup(struct tty_struct * tty,int exit_session)681 static void __tty_hangup(struct tty_struct *tty, int exit_session)
682 {
683 struct file *cons_filp = NULL;
684 struct file *filp, *f = NULL;
685 struct tty_file_private *priv;
686 int closecount = 0, n;
687 int refs;
688
689 if (!tty)
690 return;
691
692
693 spin_lock(&redirect_lock);
694 if (redirect && file_tty(redirect) == tty) {
695 f = redirect;
696 redirect = NULL;
697 }
698 spin_unlock(&redirect_lock);
699
700 tty_lock(tty);
701
702 if (test_bit(TTY_HUPPED, &tty->flags)) {
703 tty_unlock(tty);
704 return;
705 }
706
707 /*
708 * Some console devices aren't actually hung up for technical and
709 * historical reasons, which can lead to indefinite interruptible
710 * sleep in n_tty_read(). The following explicitly tells
711 * n_tty_read() to abort readers.
712 */
713 set_bit(TTY_HUPPING, &tty->flags);
714
715 /* inuse_filps is protected by the single tty lock,
716 this really needs to change if we want to flush the
717 workqueue with the lock held */
718 check_tty_count(tty, "tty_hangup");
719
720 spin_lock(&tty_files_lock);
721 /* This breaks for file handles being sent over AF_UNIX sockets ? */
722 list_for_each_entry(priv, &tty->tty_files, list) {
723 filp = priv->file;
724 if (filp->f_op->write == redirected_tty_write)
725 cons_filp = filp;
726 if (filp->f_op->write != tty_write)
727 continue;
728 closecount++;
729 __tty_fasync(-1, filp, 0); /* can't block */
730 filp->f_op = &hung_up_tty_fops;
731 }
732 spin_unlock(&tty_files_lock);
733
734 refs = tty_signal_session_leader(tty, exit_session);
735 /* Account for the p->signal references we killed */
736 while (refs--)
737 tty_kref_put(tty);
738
739 tty_ldisc_hangup(tty);
740
741 spin_lock_irq(&tty->ctrl_lock);
742 clear_bit(TTY_THROTTLED, &tty->flags);
743 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
744 put_pid(tty->session);
745 put_pid(tty->pgrp);
746 tty->session = NULL;
747 tty->pgrp = NULL;
748 tty->ctrl_status = 0;
749 spin_unlock_irq(&tty->ctrl_lock);
750
751 /*
752 * If one of the devices matches a console pointer, we
753 * cannot just call hangup() because that will cause
754 * tty->count and state->count to go out of sync.
755 * So we just call close() the right number of times.
756 */
757 if (cons_filp) {
758 if (tty->ops->close)
759 for (n = 0; n < closecount; n++)
760 tty->ops->close(tty, cons_filp);
761 } else if (tty->ops->hangup)
762 tty->ops->hangup(tty);
763 /*
764 * We don't want to have driver/ldisc interactions beyond
765 * the ones we did here. The driver layer expects no
766 * calls after ->hangup() from the ldisc side. However we
767 * can't yet guarantee all that.
768 */
769 set_bit(TTY_HUPPED, &tty->flags);
770 clear_bit(TTY_HUPPING, &tty->flags);
771 tty_unlock(tty);
772
773 if (f)
774 fput(f);
775 }
776
do_tty_hangup(struct work_struct * work)777 static void do_tty_hangup(struct work_struct *work)
778 {
779 struct tty_struct *tty =
780 container_of(work, struct tty_struct, hangup_work);
781
782 __tty_hangup(tty, 0);
783 }
784
785 /**
786 * tty_hangup - trigger a hangup event
787 * @tty: tty to hangup
788 *
789 * A carrier loss (virtual or otherwise) has occurred on this like
790 * schedule a hangup sequence to run after this event.
791 */
792
tty_hangup(struct tty_struct * tty)793 void tty_hangup(struct tty_struct *tty)
794 {
795 tty_debug_hangup(tty, "\n");
796 schedule_work(&tty->hangup_work);
797 }
798
799 EXPORT_SYMBOL(tty_hangup);
800
801 /**
802 * tty_vhangup - process vhangup
803 * @tty: tty to hangup
804 *
805 * The user has asked via system call for the terminal to be hung up.
806 * We do this synchronously so that when the syscall returns the process
807 * is complete. That guarantee is necessary for security reasons.
808 */
809
tty_vhangup(struct tty_struct * tty)810 void tty_vhangup(struct tty_struct *tty)
811 {
812 tty_debug_hangup(tty, "\n");
813 __tty_hangup(tty, 0);
814 }
815
816 EXPORT_SYMBOL(tty_vhangup);
817
818
819 /**
820 * tty_vhangup_self - process vhangup for own ctty
821 *
822 * Perform a vhangup on the current controlling tty
823 */
824
tty_vhangup_self(void)825 void tty_vhangup_self(void)
826 {
827 struct tty_struct *tty;
828
829 tty = get_current_tty();
830 if (tty) {
831 tty_vhangup(tty);
832 tty_kref_put(tty);
833 }
834 }
835
836 /**
837 * tty_vhangup_session - hangup session leader exit
838 * @tty: tty to hangup
839 *
840 * The session leader is exiting and hanging up its controlling terminal.
841 * Every process in the foreground process group is signalled SIGHUP.
842 *
843 * We do this synchronously so that when the syscall returns the process
844 * is complete. That guarantee is necessary for security reasons.
845 */
846
tty_vhangup_session(struct tty_struct * tty)847 static void tty_vhangup_session(struct tty_struct *tty)
848 {
849 tty_debug_hangup(tty, "\n");
850 __tty_hangup(tty, 1);
851 }
852
853 /**
854 * tty_hung_up_p - was tty hung up
855 * @filp: file pointer of tty
856 *
857 * Return true if the tty has been subject to a vhangup or a carrier
858 * loss
859 */
860
tty_hung_up_p(struct file * filp)861 int tty_hung_up_p(struct file *filp)
862 {
863 return (filp->f_op == &hung_up_tty_fops);
864 }
865
866 EXPORT_SYMBOL(tty_hung_up_p);
867
868 /**
869 * disassociate_ctty - disconnect controlling tty
870 * @on_exit: true if exiting so need to "hang up" the session
871 *
872 * This function is typically called only by the session leader, when
873 * it wants to disassociate itself from its controlling tty.
874 *
875 * It performs the following functions:
876 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
877 * (2) Clears the tty from being controlling the session
878 * (3) Clears the controlling tty for all processes in the
879 * session group.
880 *
881 * The argument on_exit is set to 1 if called when a process is
882 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
883 *
884 * Locking:
885 * BTM is taken for hysterical raisins, and held when
886 * called from no_tty().
887 * tty_mutex is taken to protect tty
888 * ->siglock is taken to protect ->signal/->sighand
889 * tasklist_lock is taken to walk process list for sessions
890 * ->siglock is taken to protect ->signal/->sighand
891 */
892
disassociate_ctty(int on_exit)893 void disassociate_ctty(int on_exit)
894 {
895 struct tty_struct *tty;
896
897 if (!current->signal->leader)
898 return;
899
900 tty = get_current_tty();
901 if (tty) {
902 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
903 tty_vhangup_session(tty);
904 } else {
905 struct pid *tty_pgrp = tty_get_pgrp(tty);
906 if (tty_pgrp) {
907 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
908 if (!on_exit)
909 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
910 put_pid(tty_pgrp);
911 }
912 }
913 tty_kref_put(tty);
914
915 } else if (on_exit) {
916 struct pid *old_pgrp;
917 spin_lock_irq(¤t->sighand->siglock);
918 old_pgrp = current->signal->tty_old_pgrp;
919 current->signal->tty_old_pgrp = NULL;
920 spin_unlock_irq(¤t->sighand->siglock);
921 if (old_pgrp) {
922 kill_pgrp(old_pgrp, SIGHUP, on_exit);
923 kill_pgrp(old_pgrp, SIGCONT, on_exit);
924 put_pid(old_pgrp);
925 }
926 return;
927 }
928
929 spin_lock_irq(¤t->sighand->siglock);
930 put_pid(current->signal->tty_old_pgrp);
931 current->signal->tty_old_pgrp = NULL;
932 tty = tty_kref_get(current->signal->tty);
933 spin_unlock_irq(¤t->sighand->siglock);
934
935 if (tty) {
936 unsigned long flags;
937
938 tty_lock(tty);
939 spin_lock_irqsave(&tty->ctrl_lock, flags);
940 put_pid(tty->session);
941 put_pid(tty->pgrp);
942 tty->session = NULL;
943 tty->pgrp = NULL;
944 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
945 tty_unlock(tty);
946 tty_kref_put(tty);
947 } else
948 tty_debug_hangup(tty, "no current tty\n");
949
950 /* Now clear signal->tty under the lock */
951 read_lock(&tasklist_lock);
952 session_clear_tty(task_session(current));
953 read_unlock(&tasklist_lock);
954 }
955
956 /**
957 *
958 * no_tty - Ensure the current process does not have a controlling tty
959 */
no_tty(void)960 void no_tty(void)
961 {
962 /* FIXME: Review locking here. The tty_lock never covered any race
963 between a new association and proc_clear_tty but possible we need
964 to protect against this anyway */
965 struct task_struct *tsk = current;
966 disassociate_ctty(0);
967 proc_clear_tty(tsk);
968 }
969
970
971 /**
972 * stop_tty - propagate flow control
973 * @tty: tty to stop
974 *
975 * Perform flow control to the driver. May be called
976 * on an already stopped device and will not re-call the driver
977 * method.
978 *
979 * This functionality is used by both the line disciplines for
980 * halting incoming flow and by the driver. It may therefore be
981 * called from any context, may be under the tty atomic_write_lock
982 * but not always.
983 *
984 * Locking:
985 * flow_lock
986 */
987
__stop_tty(struct tty_struct * tty)988 void __stop_tty(struct tty_struct *tty)
989 {
990 if (tty->stopped)
991 return;
992 tty->stopped = 1;
993 if (tty->ops->stop)
994 tty->ops->stop(tty);
995 }
996
stop_tty(struct tty_struct * tty)997 void stop_tty(struct tty_struct *tty)
998 {
999 unsigned long flags;
1000
1001 spin_lock_irqsave(&tty->flow_lock, flags);
1002 __stop_tty(tty);
1003 spin_unlock_irqrestore(&tty->flow_lock, flags);
1004 }
1005 EXPORT_SYMBOL(stop_tty);
1006
1007 /**
1008 * start_tty - propagate flow control
1009 * @tty: tty to start
1010 *
1011 * Start a tty that has been stopped if at all possible. If this
1012 * tty was previous stopped and is now being started, the driver
1013 * start method is invoked and the line discipline woken.
1014 *
1015 * Locking:
1016 * flow_lock
1017 */
1018
__start_tty(struct tty_struct * tty)1019 void __start_tty(struct tty_struct *tty)
1020 {
1021 if (!tty->stopped || tty->flow_stopped)
1022 return;
1023 tty->stopped = 0;
1024 if (tty->ops->start)
1025 tty->ops->start(tty);
1026 tty_wakeup(tty);
1027 }
1028
start_tty(struct tty_struct * tty)1029 void start_tty(struct tty_struct *tty)
1030 {
1031 unsigned long flags;
1032
1033 spin_lock_irqsave(&tty->flow_lock, flags);
1034 __start_tty(tty);
1035 spin_unlock_irqrestore(&tty->flow_lock, flags);
1036 }
1037 EXPORT_SYMBOL(start_tty);
1038
tty_update_time(struct timespec * time)1039 static void tty_update_time(struct timespec *time)
1040 {
1041 unsigned long sec = get_seconds();
1042
1043 /*
1044 * We only care if the two values differ in anything other than the
1045 * lower three bits (i.e every 8 seconds). If so, then we can update
1046 * the time of the tty device, otherwise it could be construded as a
1047 * security leak to let userspace know the exact timing of the tty.
1048 */
1049 if ((sec ^ time->tv_sec) & ~7)
1050 time->tv_sec = sec;
1051 }
1052
1053 /**
1054 * tty_read - read method for tty device files
1055 * @file: pointer to tty file
1056 * @buf: user buffer
1057 * @count: size of user buffer
1058 * @ppos: unused
1059 *
1060 * Perform the read system call function on this terminal device. Checks
1061 * for hung up devices before calling the line discipline method.
1062 *
1063 * Locking:
1064 * Locks the line discipline internally while needed. Multiple
1065 * read calls may be outstanding in parallel.
1066 */
1067
tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)1068 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1069 loff_t *ppos)
1070 {
1071 int i;
1072 struct inode *inode = file_inode(file);
1073 struct tty_struct *tty = file_tty(file);
1074 struct tty_ldisc *ld;
1075
1076 if (tty_paranoia_check(tty, inode, "tty_read"))
1077 return -EIO;
1078 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1079 return -EIO;
1080
1081 /* We want to wait for the line discipline to sort out in this
1082 situation */
1083 ld = tty_ldisc_ref_wait(tty);
1084 if (ld->ops->read)
1085 i = ld->ops->read(tty, file, buf, count);
1086 else
1087 i = -EIO;
1088 tty_ldisc_deref(ld);
1089
1090 if (i > 0)
1091 tty_update_time(&inode->i_atime);
1092
1093 return i;
1094 }
1095
tty_write_unlock(struct tty_struct * tty)1096 static void tty_write_unlock(struct tty_struct *tty)
1097 {
1098 mutex_unlock(&tty->atomic_write_lock);
1099 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1100 }
1101
tty_write_lock(struct tty_struct * tty,int ndelay)1102 static int tty_write_lock(struct tty_struct *tty, int ndelay)
1103 {
1104 if (!mutex_trylock(&tty->atomic_write_lock)) {
1105 if (ndelay)
1106 return -EAGAIN;
1107 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1108 return -ERESTARTSYS;
1109 }
1110 return 0;
1111 }
1112
1113 /*
1114 * Split writes up in sane blocksizes to avoid
1115 * denial-of-service type attacks
1116 */
do_tty_write(ssize_t (* write)(struct tty_struct *,struct file *,const unsigned char *,size_t),struct tty_struct * tty,struct file * file,const char __user * buf,size_t count)1117 static inline ssize_t do_tty_write(
1118 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1119 struct tty_struct *tty,
1120 struct file *file,
1121 const char __user *buf,
1122 size_t count)
1123 {
1124 ssize_t ret, written = 0;
1125 unsigned int chunk;
1126
1127 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1128 if (ret < 0)
1129 return ret;
1130
1131 /*
1132 * We chunk up writes into a temporary buffer. This
1133 * simplifies low-level drivers immensely, since they
1134 * don't have locking issues and user mode accesses.
1135 *
1136 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1137 * big chunk-size..
1138 *
1139 * The default chunk-size is 2kB, because the NTTY
1140 * layer has problems with bigger chunks. It will
1141 * claim to be able to handle more characters than
1142 * it actually does.
1143 *
1144 * FIXME: This can probably go away now except that 64K chunks
1145 * are too likely to fail unless switched to vmalloc...
1146 */
1147 chunk = 2048;
1148 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1149 chunk = 65536;
1150 if (count < chunk)
1151 chunk = count;
1152
1153 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1154 if (tty->write_cnt < chunk) {
1155 unsigned char *buf_chunk;
1156
1157 if (chunk < 1024)
1158 chunk = 1024;
1159
1160 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1161 if (!buf_chunk) {
1162 ret = -ENOMEM;
1163 goto out;
1164 }
1165 kfree(tty->write_buf);
1166 tty->write_cnt = chunk;
1167 tty->write_buf = buf_chunk;
1168 }
1169
1170 /* Do the write .. */
1171 for (;;) {
1172 size_t size = count;
1173 if (size > chunk)
1174 size = chunk;
1175 ret = -EFAULT;
1176 if (copy_from_user(tty->write_buf, buf, size))
1177 break;
1178 ret = write(tty, file, tty->write_buf, size);
1179 if (ret <= 0)
1180 break;
1181 written += ret;
1182 buf += ret;
1183 count -= ret;
1184 if (!count)
1185 break;
1186 ret = -ERESTARTSYS;
1187 if (signal_pending(current))
1188 break;
1189 cond_resched();
1190 }
1191 if (written) {
1192 tty_update_time(&file_inode(file)->i_mtime);
1193 ret = written;
1194 }
1195 out:
1196 tty_write_unlock(tty);
1197 return ret;
1198 }
1199
1200 /**
1201 * tty_write_message - write a message to a certain tty, not just the console.
1202 * @tty: the destination tty_struct
1203 * @msg: the message to write
1204 *
1205 * This is used for messages that need to be redirected to a specific tty.
1206 * We don't put it into the syslog queue right now maybe in the future if
1207 * really needed.
1208 *
1209 * We must still hold the BTM and test the CLOSING flag for the moment.
1210 */
1211
tty_write_message(struct tty_struct * tty,char * msg)1212 void tty_write_message(struct tty_struct *tty, char *msg)
1213 {
1214 if (tty) {
1215 mutex_lock(&tty->atomic_write_lock);
1216 tty_lock(tty);
1217 if (tty->ops->write && tty->count > 0)
1218 tty->ops->write(tty, msg, strlen(msg));
1219 tty_unlock(tty);
1220 tty_write_unlock(tty);
1221 }
1222 return;
1223 }
1224
1225
1226 /**
1227 * tty_write - write method for tty device file
1228 * @file: tty file pointer
1229 * @buf: user data to write
1230 * @count: bytes to write
1231 * @ppos: unused
1232 *
1233 * Write data to a tty device via the line discipline.
1234 *
1235 * Locking:
1236 * Locks the line discipline as required
1237 * Writes to the tty driver are serialized by the atomic_write_lock
1238 * and are then processed in chunks to the device. The line discipline
1239 * write method will not be invoked in parallel for each device.
1240 */
1241
tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1242 static ssize_t tty_write(struct file *file, const char __user *buf,
1243 size_t count, loff_t *ppos)
1244 {
1245 struct tty_struct *tty = file_tty(file);
1246 struct tty_ldisc *ld;
1247 ssize_t ret;
1248
1249 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1250 return -EIO;
1251 if (!tty || !tty->ops->write ||
1252 (test_bit(TTY_IO_ERROR, &tty->flags)))
1253 return -EIO;
1254 /* Short term debug to catch buggy drivers */
1255 if (tty->ops->write_room == NULL)
1256 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1257 tty->driver->name);
1258 ld = tty_ldisc_ref_wait(tty);
1259 if (!ld->ops->write)
1260 ret = -EIO;
1261 else
1262 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1263 tty_ldisc_deref(ld);
1264 return ret;
1265 }
1266
redirected_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1267 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1268 size_t count, loff_t *ppos)
1269 {
1270 struct file *p = NULL;
1271
1272 spin_lock(&redirect_lock);
1273 if (redirect)
1274 p = get_file(redirect);
1275 spin_unlock(&redirect_lock);
1276
1277 if (p) {
1278 ssize_t res;
1279 res = vfs_write(p, buf, count, &p->f_pos);
1280 fput(p);
1281 return res;
1282 }
1283 return tty_write(file, buf, count, ppos);
1284 }
1285
1286 /**
1287 * tty_send_xchar - send priority character
1288 *
1289 * Send a high priority character to the tty even if stopped
1290 *
1291 * Locking: none for xchar method, write ordering for write method.
1292 */
1293
tty_send_xchar(struct tty_struct * tty,char ch)1294 int tty_send_xchar(struct tty_struct *tty, char ch)
1295 {
1296 int was_stopped = tty->stopped;
1297
1298 if (tty->ops->send_xchar) {
1299 down_read(&tty->termios_rwsem);
1300 tty->ops->send_xchar(tty, ch);
1301 up_read(&tty->termios_rwsem);
1302 return 0;
1303 }
1304
1305 if (tty_write_lock(tty, 0) < 0)
1306 return -ERESTARTSYS;
1307
1308 down_read(&tty->termios_rwsem);
1309 if (was_stopped)
1310 start_tty(tty);
1311 tty->ops->write(tty, &ch, 1);
1312 if (was_stopped)
1313 stop_tty(tty);
1314 up_read(&tty->termios_rwsem);
1315 tty_write_unlock(tty);
1316 return 0;
1317 }
1318
1319 static char ptychar[] = "pqrstuvwxyzabcde";
1320
1321 /**
1322 * pty_line_name - generate name for a pty
1323 * @driver: the tty driver in use
1324 * @index: the minor number
1325 * @p: output buffer of at least 6 bytes
1326 *
1327 * Generate a name from a driver reference and write it to the output
1328 * buffer.
1329 *
1330 * Locking: None
1331 */
pty_line_name(struct tty_driver * driver,int index,char * p)1332 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1333 {
1334 int i = index + driver->name_base;
1335 /* ->name is initialized to "ttyp", but "tty" is expected */
1336 sprintf(p, "%s%c%x",
1337 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1338 ptychar[i >> 4 & 0xf], i & 0xf);
1339 }
1340
1341 /**
1342 * tty_line_name - generate name for a tty
1343 * @driver: the tty driver in use
1344 * @index: the minor number
1345 * @p: output buffer of at least 7 bytes
1346 *
1347 * Generate a name from a driver reference and write it to the output
1348 * buffer.
1349 *
1350 * Locking: None
1351 */
tty_line_name(struct tty_driver * driver,int index,char * p)1352 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1353 {
1354 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1355 return sprintf(p, "%s", driver->name);
1356 else
1357 return sprintf(p, "%s%d", driver->name,
1358 index + driver->name_base);
1359 }
1360
1361 /**
1362 * tty_driver_lookup_tty() - find an existing tty, if any
1363 * @driver: the driver for the tty
1364 * @idx: the minor number
1365 *
1366 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1367 * driver lookup() method returns an error.
1368 *
1369 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1370 */
tty_driver_lookup_tty(struct tty_driver * driver,struct inode * inode,int idx)1371 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1372 struct inode *inode, int idx)
1373 {
1374 struct tty_struct *tty;
1375
1376 if (driver->ops->lookup)
1377 tty = driver->ops->lookup(driver, inode, idx);
1378 else
1379 tty = driver->ttys[idx];
1380
1381 if (!IS_ERR(tty))
1382 tty_kref_get(tty);
1383 return tty;
1384 }
1385
1386 /**
1387 * tty_init_termios - helper for termios setup
1388 * @tty: the tty to set up
1389 *
1390 * Initialise the termios structures for this tty. Thus runs under
1391 * the tty_mutex currently so we can be relaxed about ordering.
1392 */
1393
tty_init_termios(struct tty_struct * tty)1394 int tty_init_termios(struct tty_struct *tty)
1395 {
1396 struct ktermios *tp;
1397 int idx = tty->index;
1398
1399 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1400 tty->termios = tty->driver->init_termios;
1401 else {
1402 /* Check for lazy saved data */
1403 tp = tty->driver->termios[idx];
1404 if (tp != NULL)
1405 tty->termios = *tp;
1406 else
1407 tty->termios = tty->driver->init_termios;
1408 }
1409 /* Compatibility until drivers always set this */
1410 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1411 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1412 return 0;
1413 }
1414 EXPORT_SYMBOL_GPL(tty_init_termios);
1415
tty_standard_install(struct tty_driver * driver,struct tty_struct * tty)1416 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1417 {
1418 int ret = tty_init_termios(tty);
1419 if (ret)
1420 return ret;
1421
1422 tty_driver_kref_get(driver);
1423 tty->count++;
1424 driver->ttys[tty->index] = tty;
1425 return 0;
1426 }
1427 EXPORT_SYMBOL_GPL(tty_standard_install);
1428
1429 /**
1430 * tty_driver_install_tty() - install a tty entry in the driver
1431 * @driver: the driver for the tty
1432 * @tty: the tty
1433 *
1434 * Install a tty object into the driver tables. The tty->index field
1435 * will be set by the time this is called. This method is responsible
1436 * for ensuring any need additional structures are allocated and
1437 * configured.
1438 *
1439 * Locking: tty_mutex for now
1440 */
tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1441 static int tty_driver_install_tty(struct tty_driver *driver,
1442 struct tty_struct *tty)
1443 {
1444 return driver->ops->install ? driver->ops->install(driver, tty) :
1445 tty_standard_install(driver, tty);
1446 }
1447
1448 /**
1449 * tty_driver_remove_tty() - remove a tty from the driver tables
1450 * @driver: the driver for the tty
1451 * @idx: the minor number
1452 *
1453 * Remvoe a tty object from the driver tables. The tty->index field
1454 * will be set by the time this is called.
1455 *
1456 * Locking: tty_mutex for now
1457 */
tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1458 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1459 {
1460 if (driver->ops->remove)
1461 driver->ops->remove(driver, tty);
1462 else
1463 driver->ttys[tty->index] = NULL;
1464 }
1465
1466 /*
1467 * tty_reopen() - fast re-open of an open tty
1468 * @tty - the tty to open
1469 *
1470 * Return 0 on success, -errno on error.
1471 * Re-opens on master ptys are not allowed and return -EIO.
1472 *
1473 * Locking: Caller must hold tty_lock
1474 */
tty_reopen(struct tty_struct * tty)1475 static int tty_reopen(struct tty_struct *tty)
1476 {
1477 struct tty_driver *driver = tty->driver;
1478
1479 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1480 driver->subtype == PTY_TYPE_MASTER)
1481 return -EIO;
1482
1483 if (!tty->count)
1484 return -EAGAIN;
1485
1486 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1487 return -EBUSY;
1488
1489 tty->count++;
1490
1491 WARN_ON(!tty->ldisc);
1492
1493 return 0;
1494 }
1495
1496 /**
1497 * tty_init_dev - initialise a tty device
1498 * @driver: tty driver we are opening a device on
1499 * @idx: device index
1500 * @ret_tty: returned tty structure
1501 *
1502 * Prepare a tty device. This may not be a "new" clean device but
1503 * could also be an active device. The pty drivers require special
1504 * handling because of this.
1505 *
1506 * Locking:
1507 * The function is called under the tty_mutex, which
1508 * protects us from the tty struct or driver itself going away.
1509 *
1510 * On exit the tty device has the line discipline attached and
1511 * a reference count of 1. If a pair was created for pty/tty use
1512 * and the other was a pty master then it too has a reference count of 1.
1513 *
1514 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1515 * failed open. The new code protects the open with a mutex, so it's
1516 * really quite straightforward. The mutex locking can probably be
1517 * relaxed for the (most common) case of reopening a tty.
1518 */
1519
tty_init_dev(struct tty_driver * driver,int idx)1520 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1521 {
1522 struct tty_struct *tty;
1523 int retval;
1524
1525 /*
1526 * First time open is complex, especially for PTY devices.
1527 * This code guarantees that either everything succeeds and the
1528 * TTY is ready for operation, or else the table slots are vacated
1529 * and the allocated memory released. (Except that the termios
1530 * and locked termios may be retained.)
1531 */
1532
1533 if (!try_module_get(driver->owner))
1534 return ERR_PTR(-ENODEV);
1535
1536 tty = alloc_tty_struct(driver, idx);
1537 if (!tty) {
1538 retval = -ENOMEM;
1539 goto err_module_put;
1540 }
1541
1542 tty_lock(tty);
1543 retval = tty_driver_install_tty(driver, tty);
1544 if (retval < 0)
1545 goto err_deinit_tty;
1546
1547 if (!tty->port)
1548 tty->port = driver->ports[idx];
1549
1550 WARN_RATELIMIT(!tty->port,
1551 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1552 __func__, tty->driver->name);
1553
1554 tty->port->itty = tty;
1555
1556 /*
1557 * Structures all installed ... call the ldisc open routines.
1558 * If we fail here just call release_tty to clean up. No need
1559 * to decrement the use counts, as release_tty doesn't care.
1560 */
1561 retval = tty_ldisc_setup(tty, tty->link);
1562 if (retval)
1563 goto err_release_tty;
1564 /* Return the tty locked so that it cannot vanish under the caller */
1565 return tty;
1566
1567 err_deinit_tty:
1568 tty_unlock(tty);
1569 deinitialize_tty_struct(tty);
1570 free_tty_struct(tty);
1571 err_module_put:
1572 module_put(driver->owner);
1573 return ERR_PTR(retval);
1574
1575 /* call the tty release_tty routine to clean out this slot */
1576 err_release_tty:
1577 tty_unlock(tty);
1578 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1579 "clearing slot %d\n", idx);
1580 release_tty(tty, idx);
1581 return ERR_PTR(retval);
1582 }
1583
tty_free_termios(struct tty_struct * tty)1584 void tty_free_termios(struct tty_struct *tty)
1585 {
1586 struct ktermios *tp;
1587 int idx = tty->index;
1588
1589 /* If the port is going to reset then it has no termios to save */
1590 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1591 return;
1592
1593 /* Stash the termios data */
1594 tp = tty->driver->termios[idx];
1595 if (tp == NULL) {
1596 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1597 if (tp == NULL) {
1598 pr_warn("tty: no memory to save termios state.\n");
1599 return;
1600 }
1601 tty->driver->termios[idx] = tp;
1602 }
1603 *tp = tty->termios;
1604 }
1605 EXPORT_SYMBOL(tty_free_termios);
1606
1607 /**
1608 * tty_flush_works - flush all works of a tty/pty pair
1609 * @tty: tty device to flush works for (or either end of a pty pair)
1610 *
1611 * Sync flush all works belonging to @tty (and the 'other' tty).
1612 */
tty_flush_works(struct tty_struct * tty)1613 static void tty_flush_works(struct tty_struct *tty)
1614 {
1615 flush_work(&tty->SAK_work);
1616 flush_work(&tty->hangup_work);
1617 if (tty->link) {
1618 flush_work(&tty->link->SAK_work);
1619 flush_work(&tty->link->hangup_work);
1620 }
1621 }
1622
1623 /**
1624 * release_one_tty - release tty structure memory
1625 * @kref: kref of tty we are obliterating
1626 *
1627 * Releases memory associated with a tty structure, and clears out the
1628 * driver table slots. This function is called when a device is no longer
1629 * in use. It also gets called when setup of a device fails.
1630 *
1631 * Locking:
1632 * takes the file list lock internally when working on the list
1633 * of ttys that the driver keeps.
1634 *
1635 * This method gets called from a work queue so that the driver private
1636 * cleanup ops can sleep (needed for USB at least)
1637 */
release_one_tty(struct work_struct * work)1638 static void release_one_tty(struct work_struct *work)
1639 {
1640 struct tty_struct *tty =
1641 container_of(work, struct tty_struct, hangup_work);
1642 struct tty_driver *driver = tty->driver;
1643 struct module *owner = driver->owner;
1644
1645 if (tty->ops->cleanup)
1646 tty->ops->cleanup(tty);
1647
1648 tty->magic = 0;
1649 tty_driver_kref_put(driver);
1650 module_put(owner);
1651
1652 spin_lock(&tty_files_lock);
1653 list_del_init(&tty->tty_files);
1654 spin_unlock(&tty_files_lock);
1655
1656 put_pid(tty->pgrp);
1657 put_pid(tty->session);
1658 free_tty_struct(tty);
1659 }
1660
queue_release_one_tty(struct kref * kref)1661 static void queue_release_one_tty(struct kref *kref)
1662 {
1663 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1664
1665 /* The hangup queue is now free so we can reuse it rather than
1666 waste a chunk of memory for each port */
1667 INIT_WORK(&tty->hangup_work, release_one_tty);
1668 schedule_work(&tty->hangup_work);
1669 }
1670
1671 /**
1672 * tty_kref_put - release a tty kref
1673 * @tty: tty device
1674 *
1675 * Release a reference to a tty device and if need be let the kref
1676 * layer destruct the object for us
1677 */
1678
tty_kref_put(struct tty_struct * tty)1679 void tty_kref_put(struct tty_struct *tty)
1680 {
1681 if (tty)
1682 kref_put(&tty->kref, queue_release_one_tty);
1683 }
1684 EXPORT_SYMBOL(tty_kref_put);
1685
1686 /**
1687 * release_tty - release tty structure memory
1688 *
1689 * Release both @tty and a possible linked partner (think pty pair),
1690 * and decrement the refcount of the backing module.
1691 *
1692 * Locking:
1693 * tty_mutex
1694 * takes the file list lock internally when working on the list
1695 * of ttys that the driver keeps.
1696 *
1697 */
release_tty(struct tty_struct * tty,int idx)1698 static void release_tty(struct tty_struct *tty, int idx)
1699 {
1700 /* This should always be true but check for the moment */
1701 WARN_ON(tty->index != idx);
1702 WARN_ON(!mutex_is_locked(&tty_mutex));
1703 if (tty->ops->shutdown)
1704 tty->ops->shutdown(tty);
1705 tty_free_termios(tty);
1706 tty_driver_remove_tty(tty->driver, tty);
1707 tty->port->itty = NULL;
1708 if (tty->link)
1709 tty->link->port->itty = NULL;
1710 tty_buffer_cancel_work(tty->port);
1711 if (tty->link)
1712 tty_buffer_cancel_work(tty->link->port);
1713
1714 tty_kref_put(tty->link);
1715 tty_kref_put(tty);
1716 }
1717
1718 /**
1719 * tty_release_checks - check a tty before real release
1720 * @tty: tty to check
1721 * @o_tty: link of @tty (if any)
1722 * @idx: index of the tty
1723 *
1724 * Performs some paranoid checking before true release of the @tty.
1725 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1726 */
tty_release_checks(struct tty_struct * tty,int idx)1727 static int tty_release_checks(struct tty_struct *tty, int idx)
1728 {
1729 #ifdef TTY_PARANOIA_CHECK
1730 if (idx < 0 || idx >= tty->driver->num) {
1731 tty_debug(tty, "bad idx %d\n", idx);
1732 return -1;
1733 }
1734
1735 /* not much to check for devpts */
1736 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1737 return 0;
1738
1739 if (tty != tty->driver->ttys[idx]) {
1740 tty_debug(tty, "bad driver table[%d] = %p\n",
1741 idx, tty->driver->ttys[idx]);
1742 return -1;
1743 }
1744 if (tty->driver->other) {
1745 struct tty_struct *o_tty = tty->link;
1746
1747 if (o_tty != tty->driver->other->ttys[idx]) {
1748 tty_debug(tty, "bad other table[%d] = %p\n",
1749 idx, tty->driver->other->ttys[idx]);
1750 return -1;
1751 }
1752 if (o_tty->link != tty) {
1753 tty_debug(tty, "bad link = %p\n", o_tty->link);
1754 return -1;
1755 }
1756 }
1757 #endif
1758 return 0;
1759 }
1760
1761 /**
1762 * tty_release - vfs callback for close
1763 * @inode: inode of tty
1764 * @filp: file pointer for handle to tty
1765 *
1766 * Called the last time each file handle is closed that references
1767 * this tty. There may however be several such references.
1768 *
1769 * Locking:
1770 * Takes bkl. See tty_release_dev
1771 *
1772 * Even releasing the tty structures is a tricky business.. We have
1773 * to be very careful that the structures are all released at the
1774 * same time, as interrupts might otherwise get the wrong pointers.
1775 *
1776 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1777 * lead to double frees or releasing memory still in use.
1778 */
1779
tty_release(struct inode * inode,struct file * filp)1780 int tty_release(struct inode *inode, struct file *filp)
1781 {
1782 struct tty_struct *tty = file_tty(filp);
1783 struct tty_struct *o_tty = NULL;
1784 int do_sleep, final;
1785 int idx;
1786 long timeout = 0;
1787 int once = 1;
1788
1789 if (tty_paranoia_check(tty, inode, __func__))
1790 return 0;
1791
1792 tty_lock(tty);
1793 check_tty_count(tty, __func__);
1794
1795 __tty_fasync(-1, filp, 0);
1796
1797 idx = tty->index;
1798 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1799 tty->driver->subtype == PTY_TYPE_MASTER)
1800 o_tty = tty->link;
1801
1802 if (tty_release_checks(tty, idx)) {
1803 tty_unlock(tty);
1804 return 0;
1805 }
1806
1807 tty_debug_hangup(tty, "(tty count=%d)...\n", tty->count);
1808
1809 if (tty->ops->close)
1810 tty->ops->close(tty, filp);
1811
1812 /* If tty is pty master, lock the slave pty (stable lock order) */
1813 tty_lock_slave(o_tty);
1814
1815 /*
1816 * Sanity check: if tty->count is going to zero, there shouldn't be
1817 * any waiters on tty->read_wait or tty->write_wait. We test the
1818 * wait queues and kick everyone out _before_ actually starting to
1819 * close. This ensures that we won't block while releasing the tty
1820 * structure.
1821 *
1822 * The test for the o_tty closing is necessary, since the master and
1823 * slave sides may close in any order. If the slave side closes out
1824 * first, its count will be one, since the master side holds an open.
1825 * Thus this test wouldn't be triggered at the time the slave closed,
1826 * so we do it now.
1827 */
1828 while (1) {
1829 do_sleep = 0;
1830
1831 if (tty->count <= 1) {
1832 if (waitqueue_active(&tty->read_wait)) {
1833 wake_up_poll(&tty->read_wait, POLLIN);
1834 do_sleep++;
1835 }
1836 if (waitqueue_active(&tty->write_wait)) {
1837 wake_up_poll(&tty->write_wait, POLLOUT);
1838 do_sleep++;
1839 }
1840 }
1841 if (o_tty && o_tty->count <= 1) {
1842 if (waitqueue_active(&o_tty->read_wait)) {
1843 wake_up_poll(&o_tty->read_wait, POLLIN);
1844 do_sleep++;
1845 }
1846 if (waitqueue_active(&o_tty->write_wait)) {
1847 wake_up_poll(&o_tty->write_wait, POLLOUT);
1848 do_sleep++;
1849 }
1850 }
1851 if (!do_sleep)
1852 break;
1853
1854 if (once) {
1855 once = 0;
1856 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1857 __func__, tty_name(tty));
1858 }
1859 schedule_timeout_killable(timeout);
1860 if (timeout < 120 * HZ)
1861 timeout = 2 * timeout + 1;
1862 else
1863 timeout = MAX_SCHEDULE_TIMEOUT;
1864 }
1865
1866 if (o_tty) {
1867 if (--o_tty->count < 0) {
1868 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1869 __func__, o_tty->count, tty_name(o_tty));
1870 o_tty->count = 0;
1871 }
1872 }
1873 if (--tty->count < 0) {
1874 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1875 __func__, tty->count, tty_name(tty));
1876 tty->count = 0;
1877 }
1878
1879 /*
1880 * We've decremented tty->count, so we need to remove this file
1881 * descriptor off the tty->tty_files list; this serves two
1882 * purposes:
1883 * - check_tty_count sees the correct number of file descriptors
1884 * associated with this tty.
1885 * - do_tty_hangup no longer sees this file descriptor as
1886 * something that needs to be handled for hangups.
1887 */
1888 tty_del_file(filp);
1889
1890 /*
1891 * Perform some housekeeping before deciding whether to return.
1892 *
1893 * If _either_ side is closing, make sure there aren't any
1894 * processes that still think tty or o_tty is their controlling
1895 * tty.
1896 */
1897 if (!tty->count) {
1898 read_lock(&tasklist_lock);
1899 session_clear_tty(tty->session);
1900 if (o_tty)
1901 session_clear_tty(o_tty->session);
1902 read_unlock(&tasklist_lock);
1903 }
1904
1905 /* check whether both sides are closing ... */
1906 final = !tty->count && !(o_tty && o_tty->count);
1907
1908 tty_unlock_slave(o_tty);
1909 tty_unlock(tty);
1910
1911 /* At this point, the tty->count == 0 should ensure a dead tty
1912 cannot be re-opened by a racing opener */
1913
1914 if (!final)
1915 return 0;
1916
1917 tty_debug_hangup(tty, "final close\n");
1918 /*
1919 * Ask the line discipline code to release its structures
1920 */
1921 tty_ldisc_release(tty);
1922
1923 /* Wait for pending work before tty destruction commmences */
1924 tty_flush_works(tty);
1925
1926 tty_debug_hangup(tty, "freeing structure...\n");
1927 /*
1928 * The release_tty function takes care of the details of clearing
1929 * the slots and preserving the termios structure. The tty_unlock_pair
1930 * should be safe as we keep a kref while the tty is locked (so the
1931 * unlock never unlocks a freed tty).
1932 */
1933 mutex_lock(&tty_mutex);
1934 release_tty(tty, idx);
1935 mutex_unlock(&tty_mutex);
1936
1937 return 0;
1938 }
1939
1940 /**
1941 * tty_open_current_tty - get locked tty of current task
1942 * @device: device number
1943 * @filp: file pointer to tty
1944 * @return: locked tty of the current task iff @device is /dev/tty
1945 *
1946 * Performs a re-open of the current task's controlling tty.
1947 *
1948 * We cannot return driver and index like for the other nodes because
1949 * devpts will not work then. It expects inodes to be from devpts FS.
1950 */
tty_open_current_tty(dev_t device,struct file * filp)1951 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1952 {
1953 struct tty_struct *tty;
1954 int retval;
1955
1956 if (device != MKDEV(TTYAUX_MAJOR, 0))
1957 return NULL;
1958
1959 tty = get_current_tty();
1960 if (!tty)
1961 return ERR_PTR(-ENXIO);
1962
1963 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1964 /* noctty = 1; */
1965 tty_lock(tty);
1966 tty_kref_put(tty); /* safe to drop the kref now */
1967
1968 retval = tty_reopen(tty);
1969 if (retval < 0) {
1970 tty_unlock(tty);
1971 tty = ERR_PTR(retval);
1972 }
1973 return tty;
1974 }
1975
1976 /**
1977 * tty_lookup_driver - lookup a tty driver for a given device file
1978 * @device: device number
1979 * @filp: file pointer to tty
1980 * @noctty: set if the device should not become a controlling tty
1981 * @index: index for the device in the @return driver
1982 * @return: driver for this inode (with increased refcount)
1983 *
1984 * If @return is not erroneous, the caller is responsible to decrement the
1985 * refcount by tty_driver_kref_put.
1986 *
1987 * Locking: tty_mutex protects get_tty_driver
1988 */
tty_lookup_driver(dev_t device,struct file * filp,int * noctty,int * index)1989 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1990 int *noctty, int *index)
1991 {
1992 struct tty_driver *driver;
1993
1994 switch (device) {
1995 #ifdef CONFIG_VT
1996 case MKDEV(TTY_MAJOR, 0): {
1997 extern struct tty_driver *console_driver;
1998 driver = tty_driver_kref_get(console_driver);
1999 *index = fg_console;
2000 *noctty = 1;
2001 break;
2002 }
2003 #endif
2004 case MKDEV(TTYAUX_MAJOR, 1): {
2005 struct tty_driver *console_driver = console_device(index);
2006 if (console_driver) {
2007 driver = tty_driver_kref_get(console_driver);
2008 if (driver) {
2009 /* Don't let /dev/console block */
2010 filp->f_flags |= O_NONBLOCK;
2011 *noctty = 1;
2012 break;
2013 }
2014 }
2015 return ERR_PTR(-ENODEV);
2016 }
2017 default:
2018 driver = get_tty_driver(device, index);
2019 if (!driver)
2020 return ERR_PTR(-ENODEV);
2021 break;
2022 }
2023 return driver;
2024 }
2025
2026 /**
2027 * tty_open - open a tty device
2028 * @inode: inode of device file
2029 * @filp: file pointer to tty
2030 *
2031 * tty_open and tty_release keep up the tty count that contains the
2032 * number of opens done on a tty. We cannot use the inode-count, as
2033 * different inodes might point to the same tty.
2034 *
2035 * Open-counting is needed for pty masters, as well as for keeping
2036 * track of serial lines: DTR is dropped when the last close happens.
2037 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2038 *
2039 * The termios state of a pty is reset on first open so that
2040 * settings don't persist across reuse.
2041 *
2042 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2043 * tty->count should protect the rest.
2044 * ->siglock protects ->signal/->sighand
2045 *
2046 * Note: the tty_unlock/lock cases without a ref are only safe due to
2047 * tty_mutex
2048 */
2049
tty_open(struct inode * inode,struct file * filp)2050 static int tty_open(struct inode *inode, struct file *filp)
2051 {
2052 struct tty_struct *tty;
2053 int noctty, retval;
2054 struct tty_driver *driver = NULL;
2055 int index;
2056 dev_t device = inode->i_rdev;
2057 unsigned saved_flags = filp->f_flags;
2058
2059 nonseekable_open(inode, filp);
2060
2061 retry_open:
2062 retval = tty_alloc_file(filp);
2063 if (retval)
2064 return -ENOMEM;
2065
2066 noctty = filp->f_flags & O_NOCTTY;
2067 index = -1;
2068 retval = 0;
2069
2070 tty = tty_open_current_tty(device, filp);
2071 if (!tty) {
2072 mutex_lock(&tty_mutex);
2073 driver = tty_lookup_driver(device, filp, &noctty, &index);
2074 if (IS_ERR(driver)) {
2075 retval = PTR_ERR(driver);
2076 goto err_unlock;
2077 }
2078
2079 /* check whether we're reopening an existing tty */
2080 tty = tty_driver_lookup_tty(driver, inode, index);
2081 if (IS_ERR(tty)) {
2082 retval = PTR_ERR(tty);
2083 goto err_unlock;
2084 }
2085
2086 if (tty) {
2087 mutex_unlock(&tty_mutex);
2088 retval = tty_lock_interruptible(tty);
2089 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2090 if (retval) {
2091 if (retval == -EINTR)
2092 retval = -ERESTARTSYS;
2093 goto err_unref;
2094 }
2095 retval = tty_reopen(tty);
2096 if (retval < 0) {
2097 tty_unlock(tty);
2098 tty = ERR_PTR(retval);
2099 }
2100 } else { /* Returns with the tty_lock held for now */
2101 tty = tty_init_dev(driver, index);
2102 mutex_unlock(&tty_mutex);
2103 }
2104
2105 tty_driver_kref_put(driver);
2106 }
2107
2108 if (IS_ERR(tty)) {
2109 retval = PTR_ERR(tty);
2110 if (retval != -EAGAIN || signal_pending(current))
2111 goto err_file;
2112 tty_free_file(filp);
2113 schedule();
2114 goto retry_open;
2115 }
2116
2117 tty_add_file(tty, filp);
2118
2119 check_tty_count(tty, __func__);
2120 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2121 tty->driver->subtype == PTY_TYPE_MASTER)
2122 noctty = 1;
2123
2124 tty_debug_hangup(tty, "(tty count=%d)\n", tty->count);
2125
2126 if (tty->ops->open)
2127 retval = tty->ops->open(tty, filp);
2128 else
2129 retval = -ENODEV;
2130 filp->f_flags = saved_flags;
2131
2132 if (retval) {
2133 tty_debug_hangup(tty, "error %d, releasing...\n", retval);
2134
2135 tty_unlock(tty); /* need to call tty_release without BTM */
2136 tty_release(inode, filp);
2137 if (retval != -ERESTARTSYS)
2138 return retval;
2139
2140 if (signal_pending(current))
2141 return retval;
2142
2143 schedule();
2144 /*
2145 * Need to reset f_op in case a hangup happened.
2146 */
2147 if (tty_hung_up_p(filp))
2148 filp->f_op = &tty_fops;
2149 goto retry_open;
2150 }
2151 clear_bit(TTY_HUPPED, &tty->flags);
2152
2153
2154 read_lock(&tasklist_lock);
2155 spin_lock_irq(¤t->sighand->siglock);
2156 if (!noctty &&
2157 current->signal->leader &&
2158 !current->signal->tty &&
2159 tty->session == NULL) {
2160 /*
2161 * Don't let a process that only has write access to the tty
2162 * obtain the privileges associated with having a tty as
2163 * controlling terminal (being able to reopen it with full
2164 * access through /dev/tty, being able to perform pushback).
2165 * Many distributions set the group of all ttys to "tty" and
2166 * grant write-only access to all terminals for setgid tty
2167 * binaries, which should not imply full privileges on all ttys.
2168 *
2169 * This could theoretically break old code that performs open()
2170 * on a write-only file descriptor. In that case, it might be
2171 * necessary to also permit this if
2172 * inode_permission(inode, MAY_READ) == 0.
2173 */
2174 if (filp->f_mode & FMODE_READ)
2175 __proc_set_tty(tty);
2176 }
2177 spin_unlock_irq(¤t->sighand->siglock);
2178 read_unlock(&tasklist_lock);
2179 tty_unlock(tty);
2180 return 0;
2181 err_unlock:
2182 mutex_unlock(&tty_mutex);
2183 err_unref:
2184 /* after locks to avoid deadlock */
2185 if (!IS_ERR_OR_NULL(driver))
2186 tty_driver_kref_put(driver);
2187 err_file:
2188 tty_free_file(filp);
2189 return retval;
2190 }
2191
2192
2193
2194 /**
2195 * tty_poll - check tty status
2196 * @filp: file being polled
2197 * @wait: poll wait structures to update
2198 *
2199 * Call the line discipline polling method to obtain the poll
2200 * status of the device.
2201 *
2202 * Locking: locks called line discipline but ldisc poll method
2203 * may be re-entered freely by other callers.
2204 */
2205
tty_poll(struct file * filp,poll_table * wait)2206 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2207 {
2208 struct tty_struct *tty = file_tty(filp);
2209 struct tty_ldisc *ld;
2210 int ret = 0;
2211
2212 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2213 return 0;
2214
2215 ld = tty_ldisc_ref_wait(tty);
2216 if (ld->ops->poll)
2217 ret = ld->ops->poll(tty, filp, wait);
2218 tty_ldisc_deref(ld);
2219 return ret;
2220 }
2221
__tty_fasync(int fd,struct file * filp,int on)2222 static int __tty_fasync(int fd, struct file *filp, int on)
2223 {
2224 struct tty_struct *tty = file_tty(filp);
2225 struct tty_ldisc *ldisc;
2226 unsigned long flags;
2227 int retval = 0;
2228
2229 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2230 goto out;
2231
2232 retval = fasync_helper(fd, filp, on, &tty->fasync);
2233 if (retval <= 0)
2234 goto out;
2235
2236 ldisc = tty_ldisc_ref(tty);
2237 if (ldisc) {
2238 if (ldisc->ops->fasync)
2239 ldisc->ops->fasync(tty, on);
2240 tty_ldisc_deref(ldisc);
2241 }
2242
2243 if (on) {
2244 enum pid_type type;
2245 struct pid *pid;
2246
2247 spin_lock_irqsave(&tty->ctrl_lock, flags);
2248 if (tty->pgrp) {
2249 pid = tty->pgrp;
2250 type = PIDTYPE_PGID;
2251 } else {
2252 pid = task_pid(current);
2253 type = PIDTYPE_PID;
2254 }
2255 get_pid(pid);
2256 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2257 __f_setown(filp, pid, type, 0);
2258 put_pid(pid);
2259 retval = 0;
2260 }
2261 out:
2262 return retval;
2263 }
2264
tty_fasync(int fd,struct file * filp,int on)2265 static int tty_fasync(int fd, struct file *filp, int on)
2266 {
2267 struct tty_struct *tty = file_tty(filp);
2268 int retval;
2269
2270 tty_lock(tty);
2271 retval = __tty_fasync(fd, filp, on);
2272 tty_unlock(tty);
2273
2274 return retval;
2275 }
2276
2277 /**
2278 * tiocsti - fake input character
2279 * @tty: tty to fake input into
2280 * @p: pointer to character
2281 *
2282 * Fake input to a tty device. Does the necessary locking and
2283 * input management.
2284 *
2285 * FIXME: does not honour flow control ??
2286 *
2287 * Locking:
2288 * Called functions take tty_ldiscs_lock
2289 * current->signal->tty check is safe without locks
2290 */
2291
tiocsti(struct tty_struct * tty,char __user * p)2292 static int tiocsti(struct tty_struct *tty, char __user *p)
2293 {
2294 char ch, mbz = 0;
2295 struct tty_ldisc *ld;
2296
2297 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2298 return -EPERM;
2299 if (get_user(ch, p))
2300 return -EFAULT;
2301 tty_audit_tiocsti(tty, ch);
2302 ld = tty_ldisc_ref_wait(tty);
2303 tty_buffer_lock_exclusive(tty->port);
2304 if (ld->ops->receive_buf)
2305 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2306 tty_buffer_unlock_exclusive(tty->port);
2307 tty_ldisc_deref(ld);
2308 return 0;
2309 }
2310
2311 /**
2312 * tiocgwinsz - implement window query ioctl
2313 * @tty; tty
2314 * @arg: user buffer for result
2315 *
2316 * Copies the kernel idea of the window size into the user buffer.
2317 *
2318 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2319 * is consistent.
2320 */
2321
tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2322 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2323 {
2324 int err;
2325
2326 mutex_lock(&tty->winsize_mutex);
2327 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2328 mutex_unlock(&tty->winsize_mutex);
2329
2330 return err ? -EFAULT: 0;
2331 }
2332
2333 /**
2334 * tty_do_resize - resize event
2335 * @tty: tty being resized
2336 * @rows: rows (character)
2337 * @cols: cols (character)
2338 *
2339 * Update the termios variables and send the necessary signals to
2340 * peform a terminal resize correctly
2341 */
2342
tty_do_resize(struct tty_struct * tty,struct winsize * ws)2343 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2344 {
2345 struct pid *pgrp;
2346
2347 /* Lock the tty */
2348 mutex_lock(&tty->winsize_mutex);
2349 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2350 goto done;
2351
2352 /* Signal the foreground process group */
2353 pgrp = tty_get_pgrp(tty);
2354 if (pgrp)
2355 kill_pgrp(pgrp, SIGWINCH, 1);
2356 put_pid(pgrp);
2357
2358 tty->winsize = *ws;
2359 done:
2360 mutex_unlock(&tty->winsize_mutex);
2361 return 0;
2362 }
2363 EXPORT_SYMBOL(tty_do_resize);
2364
2365 /**
2366 * tiocswinsz - implement window size set ioctl
2367 * @tty; tty side of tty
2368 * @arg: user buffer for result
2369 *
2370 * Copies the user idea of the window size to the kernel. Traditionally
2371 * this is just advisory information but for the Linux console it
2372 * actually has driver level meaning and triggers a VC resize.
2373 *
2374 * Locking:
2375 * Driver dependent. The default do_resize method takes the
2376 * tty termios mutex and ctrl_lock. The console takes its own lock
2377 * then calls into the default method.
2378 */
2379
tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2380 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2381 {
2382 struct winsize tmp_ws;
2383 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2384 return -EFAULT;
2385
2386 if (tty->ops->resize)
2387 return tty->ops->resize(tty, &tmp_ws);
2388 else
2389 return tty_do_resize(tty, &tmp_ws);
2390 }
2391
2392 /**
2393 * tioccons - allow admin to move logical console
2394 * @file: the file to become console
2395 *
2396 * Allow the administrator to move the redirected console device
2397 *
2398 * Locking: uses redirect_lock to guard the redirect information
2399 */
2400
tioccons(struct file * file)2401 static int tioccons(struct file *file)
2402 {
2403 if (!capable(CAP_SYS_ADMIN))
2404 return -EPERM;
2405 if (file->f_op->write == redirected_tty_write) {
2406 struct file *f;
2407 spin_lock(&redirect_lock);
2408 f = redirect;
2409 redirect = NULL;
2410 spin_unlock(&redirect_lock);
2411 if (f)
2412 fput(f);
2413 return 0;
2414 }
2415 spin_lock(&redirect_lock);
2416 if (redirect) {
2417 spin_unlock(&redirect_lock);
2418 return -EBUSY;
2419 }
2420 redirect = get_file(file);
2421 spin_unlock(&redirect_lock);
2422 return 0;
2423 }
2424
2425 /**
2426 * fionbio - non blocking ioctl
2427 * @file: file to set blocking value
2428 * @p: user parameter
2429 *
2430 * Historical tty interfaces had a blocking control ioctl before
2431 * the generic functionality existed. This piece of history is preserved
2432 * in the expected tty API of posix OS's.
2433 *
2434 * Locking: none, the open file handle ensures it won't go away.
2435 */
2436
fionbio(struct file * file,int __user * p)2437 static int fionbio(struct file *file, int __user *p)
2438 {
2439 int nonblock;
2440
2441 if (get_user(nonblock, p))
2442 return -EFAULT;
2443
2444 spin_lock(&file->f_lock);
2445 if (nonblock)
2446 file->f_flags |= O_NONBLOCK;
2447 else
2448 file->f_flags &= ~O_NONBLOCK;
2449 spin_unlock(&file->f_lock);
2450 return 0;
2451 }
2452
2453 /**
2454 * tiocsctty - set controlling tty
2455 * @tty: tty structure
2456 * @arg: user argument
2457 *
2458 * This ioctl is used to manage job control. It permits a session
2459 * leader to set this tty as the controlling tty for the session.
2460 *
2461 * Locking:
2462 * Takes tty_lock() to serialize proc_set_tty() for this tty
2463 * Takes tasklist_lock internally to walk sessions
2464 * Takes ->siglock() when updating signal->tty
2465 */
2466
tiocsctty(struct tty_struct * tty,struct file * file,int arg)2467 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
2468 {
2469 int ret = 0;
2470
2471 tty_lock(tty);
2472 read_lock(&tasklist_lock);
2473
2474 if (current->signal->leader && (task_session(current) == tty->session))
2475 goto unlock;
2476
2477 /*
2478 * The process must be a session leader and
2479 * not have a controlling tty already.
2480 */
2481 if (!current->signal->leader || current->signal->tty) {
2482 ret = -EPERM;
2483 goto unlock;
2484 }
2485
2486 if (tty->session) {
2487 /*
2488 * This tty is already the controlling
2489 * tty for another session group!
2490 */
2491 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2492 /*
2493 * Steal it away
2494 */
2495 session_clear_tty(tty->session);
2496 } else {
2497 ret = -EPERM;
2498 goto unlock;
2499 }
2500 }
2501
2502 /* See the comment in tty_open(). */
2503 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
2504 ret = -EPERM;
2505 goto unlock;
2506 }
2507
2508 proc_set_tty(tty);
2509 unlock:
2510 read_unlock(&tasklist_lock);
2511 tty_unlock(tty);
2512 return ret;
2513 }
2514
2515 /**
2516 * tty_get_pgrp - return a ref counted pgrp pid
2517 * @tty: tty to read
2518 *
2519 * Returns a refcounted instance of the pid struct for the process
2520 * group controlling the tty.
2521 */
2522
tty_get_pgrp(struct tty_struct * tty)2523 struct pid *tty_get_pgrp(struct tty_struct *tty)
2524 {
2525 unsigned long flags;
2526 struct pid *pgrp;
2527
2528 spin_lock_irqsave(&tty->ctrl_lock, flags);
2529 pgrp = get_pid(tty->pgrp);
2530 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2531
2532 return pgrp;
2533 }
2534 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2535
2536 /*
2537 * This checks not only the pgrp, but falls back on the pid if no
2538 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
2539 * without this...
2540 *
2541 * The caller must hold rcu lock or the tasklist lock.
2542 */
session_of_pgrp(struct pid * pgrp)2543 static struct pid *session_of_pgrp(struct pid *pgrp)
2544 {
2545 struct task_struct *p;
2546 struct pid *sid = NULL;
2547
2548 p = pid_task(pgrp, PIDTYPE_PGID);
2549 if (p == NULL)
2550 p = pid_task(pgrp, PIDTYPE_PID);
2551 if (p != NULL)
2552 sid = task_session(p);
2553
2554 return sid;
2555 }
2556
2557 /**
2558 * tiocgpgrp - get process group
2559 * @tty: tty passed by user
2560 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2561 * @p: returned pid
2562 *
2563 * Obtain the process group of the tty. If there is no process group
2564 * return an error.
2565 *
2566 * Locking: none. Reference to current->signal->tty is safe.
2567 */
2568
tiocgpgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2569 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2570 {
2571 struct pid *pid;
2572 int ret;
2573 /*
2574 * (tty == real_tty) is a cheap way of
2575 * testing if the tty is NOT a master pty.
2576 */
2577 if (tty == real_tty && current->signal->tty != real_tty)
2578 return -ENOTTY;
2579 pid = tty_get_pgrp(real_tty);
2580 ret = put_user(pid_vnr(pid), p);
2581 put_pid(pid);
2582 return ret;
2583 }
2584
2585 /**
2586 * tiocspgrp - attempt to set process group
2587 * @tty: tty passed by user
2588 * @real_tty: tty side device matching tty passed by user
2589 * @p: pid pointer
2590 *
2591 * Set the process group of the tty to the session passed. Only
2592 * permitted where the tty session is our session.
2593 *
2594 * Locking: RCU, ctrl lock
2595 */
2596
tiocspgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2597 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2598 {
2599 struct pid *pgrp;
2600 pid_t pgrp_nr;
2601 int retval = tty_check_change(real_tty);
2602
2603 if (retval == -EIO)
2604 return -ENOTTY;
2605 if (retval)
2606 return retval;
2607
2608 if (get_user(pgrp_nr, p))
2609 return -EFAULT;
2610 if (pgrp_nr < 0)
2611 return -EINVAL;
2612
2613 spin_lock_irq(&real_tty->ctrl_lock);
2614 if (!current->signal->tty ||
2615 (current->signal->tty != real_tty) ||
2616 (real_tty->session != task_session(current))) {
2617 retval = -ENOTTY;
2618 goto out_unlock_ctrl;
2619 }
2620 rcu_read_lock();
2621 pgrp = find_vpid(pgrp_nr);
2622 retval = -ESRCH;
2623 if (!pgrp)
2624 goto out_unlock;
2625 retval = -EPERM;
2626 if (session_of_pgrp(pgrp) != task_session(current))
2627 goto out_unlock;
2628 retval = 0;
2629 put_pid(real_tty->pgrp);
2630 real_tty->pgrp = get_pid(pgrp);
2631 out_unlock:
2632 rcu_read_unlock();
2633 out_unlock_ctrl:
2634 spin_unlock_irq(&real_tty->ctrl_lock);
2635 return retval;
2636 }
2637
2638 /**
2639 * tiocgsid - get session id
2640 * @tty: tty passed by user
2641 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2642 * @p: pointer to returned session id
2643 *
2644 * Obtain the session id of the tty. If there is no session
2645 * return an error.
2646 */
2647
tiocgsid(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2648 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2649 {
2650 unsigned long flags;
2651 pid_t sid;
2652
2653 /*
2654 * (tty == real_tty) is a cheap way of
2655 * testing if the tty is NOT a master pty.
2656 */
2657 if (tty == real_tty && current->signal->tty != real_tty)
2658 return -ENOTTY;
2659
2660 spin_lock_irqsave(&real_tty->ctrl_lock, flags);
2661 if (!real_tty->session)
2662 goto err;
2663 sid = pid_vnr(real_tty->session);
2664 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags);
2665
2666 return put_user(sid, p);
2667
2668 err:
2669 spin_unlock_irqrestore(&real_tty->ctrl_lock, flags);
2670 return -ENOTTY;
2671 }
2672
2673 /**
2674 * tiocsetd - set line discipline
2675 * @tty: tty device
2676 * @p: pointer to user data
2677 *
2678 * Set the line discipline according to user request.
2679 *
2680 * Locking: see tty_set_ldisc, this function is just a helper
2681 */
2682
tiocsetd(struct tty_struct * tty,int __user * p)2683 static int tiocsetd(struct tty_struct *tty, int __user *p)
2684 {
2685 int ldisc;
2686 int ret;
2687
2688 if (get_user(ldisc, p))
2689 return -EFAULT;
2690
2691 ret = tty_set_ldisc(tty, ldisc);
2692
2693 return ret;
2694 }
2695
2696 /**
2697 * tiocgetd - get line discipline
2698 * @tty: tty device
2699 * @p: pointer to user data
2700 *
2701 * Retrieves the line discipline id directly from the ldisc.
2702 *
2703 * Locking: waits for ldisc reference (in case the line discipline
2704 * is changing or the tty is being hungup)
2705 */
2706
tiocgetd(struct tty_struct * tty,int __user * p)2707 static int tiocgetd(struct tty_struct *tty, int __user *p)
2708 {
2709 struct tty_ldisc *ld;
2710 int ret;
2711
2712 ld = tty_ldisc_ref_wait(tty);
2713 ret = put_user(ld->ops->num, p);
2714 tty_ldisc_deref(ld);
2715 return ret;
2716 }
2717
2718 /**
2719 * send_break - performed time break
2720 * @tty: device to break on
2721 * @duration: timeout in mS
2722 *
2723 * Perform a timed break on hardware that lacks its own driver level
2724 * timed break functionality.
2725 *
2726 * Locking:
2727 * atomic_write_lock serializes
2728 *
2729 */
2730
send_break(struct tty_struct * tty,unsigned int duration)2731 static int send_break(struct tty_struct *tty, unsigned int duration)
2732 {
2733 int retval;
2734
2735 if (tty->ops->break_ctl == NULL)
2736 return 0;
2737
2738 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2739 retval = tty->ops->break_ctl(tty, duration);
2740 else {
2741 /* Do the work ourselves */
2742 if (tty_write_lock(tty, 0) < 0)
2743 return -EINTR;
2744 retval = tty->ops->break_ctl(tty, -1);
2745 if (retval)
2746 goto out;
2747 if (!signal_pending(current))
2748 msleep_interruptible(duration);
2749 retval = tty->ops->break_ctl(tty, 0);
2750 out:
2751 tty_write_unlock(tty);
2752 if (signal_pending(current))
2753 retval = -EINTR;
2754 }
2755 return retval;
2756 }
2757
2758 /**
2759 * tty_tiocmget - get modem status
2760 * @tty: tty device
2761 * @file: user file pointer
2762 * @p: pointer to result
2763 *
2764 * Obtain the modem status bits from the tty driver if the feature
2765 * is supported. Return -ENOTTY if it is not available.
2766 *
2767 * Locking: none (up to the driver)
2768 */
2769
tty_tiocmget(struct tty_struct * tty,int __user * p)2770 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2771 {
2772 int retval = -ENOTTY;
2773
2774 if (tty->ops->tiocmget) {
2775 retval = tty->ops->tiocmget(tty);
2776
2777 if (retval >= 0)
2778 retval = put_user(retval, p);
2779 }
2780 return retval;
2781 }
2782
2783 /**
2784 * tty_tiocmset - set modem status
2785 * @tty: tty device
2786 * @cmd: command - clear bits, set bits or set all
2787 * @p: pointer to desired bits
2788 *
2789 * Set the modem status bits from the tty driver if the feature
2790 * is supported. Return -ENOTTY if it is not available.
2791 *
2792 * Locking: none (up to the driver)
2793 */
2794
tty_tiocmset(struct tty_struct * tty,unsigned int cmd,unsigned __user * p)2795 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2796 unsigned __user *p)
2797 {
2798 int retval;
2799 unsigned int set, clear, val;
2800
2801 if (tty->ops->tiocmset == NULL)
2802 return -ENOTTY;
2803
2804 retval = get_user(val, p);
2805 if (retval)
2806 return retval;
2807 set = clear = 0;
2808 switch (cmd) {
2809 case TIOCMBIS:
2810 set = val;
2811 break;
2812 case TIOCMBIC:
2813 clear = val;
2814 break;
2815 case TIOCMSET:
2816 set = val;
2817 clear = ~val;
2818 break;
2819 }
2820 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2821 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2822 return tty->ops->tiocmset(tty, set, clear);
2823 }
2824
tty_tiocgicount(struct tty_struct * tty,void __user * arg)2825 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2826 {
2827 int retval = -EINVAL;
2828 struct serial_icounter_struct icount;
2829 memset(&icount, 0, sizeof(icount));
2830 if (tty->ops->get_icount)
2831 retval = tty->ops->get_icount(tty, &icount);
2832 if (retval != 0)
2833 return retval;
2834 if (copy_to_user(arg, &icount, sizeof(icount)))
2835 return -EFAULT;
2836 return 0;
2837 }
2838
tty_warn_deprecated_flags(struct serial_struct __user * ss)2839 static void tty_warn_deprecated_flags(struct serial_struct __user *ss)
2840 {
2841 static DEFINE_RATELIMIT_STATE(depr_flags,
2842 DEFAULT_RATELIMIT_INTERVAL,
2843 DEFAULT_RATELIMIT_BURST);
2844 char comm[TASK_COMM_LEN];
2845 int flags;
2846
2847 if (get_user(flags, &ss->flags))
2848 return;
2849
2850 flags &= ASYNC_DEPRECATED;
2851
2852 if (flags && __ratelimit(&depr_flags))
2853 pr_warning("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2854 __func__, get_task_comm(comm, current), flags);
2855 }
2856
2857 /*
2858 * if pty, return the slave side (real_tty)
2859 * otherwise, return self
2860 */
tty_pair_get_tty(struct tty_struct * tty)2861 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2862 {
2863 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2864 tty->driver->subtype == PTY_TYPE_MASTER)
2865 tty = tty->link;
2866 return tty;
2867 }
2868
2869 /*
2870 * Split this up, as gcc can choke on it otherwise..
2871 */
tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2872 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2873 {
2874 struct tty_struct *tty = file_tty(file);
2875 struct tty_struct *real_tty;
2876 void __user *p = (void __user *)arg;
2877 int retval;
2878 struct tty_ldisc *ld;
2879
2880 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2881 return -EINVAL;
2882
2883 real_tty = tty_pair_get_tty(tty);
2884
2885 /*
2886 * Factor out some common prep work
2887 */
2888 switch (cmd) {
2889 case TIOCSETD:
2890 case TIOCSBRK:
2891 case TIOCCBRK:
2892 case TCSBRK:
2893 case TCSBRKP:
2894 retval = tty_check_change(tty);
2895 if (retval)
2896 return retval;
2897 if (cmd != TIOCCBRK) {
2898 tty_wait_until_sent(tty, 0);
2899 if (signal_pending(current))
2900 return -EINTR;
2901 }
2902 break;
2903 }
2904
2905 /*
2906 * Now do the stuff.
2907 */
2908 switch (cmd) {
2909 case TIOCSTI:
2910 return tiocsti(tty, p);
2911 case TIOCGWINSZ:
2912 return tiocgwinsz(real_tty, p);
2913 case TIOCSWINSZ:
2914 return tiocswinsz(real_tty, p);
2915 case TIOCCONS:
2916 return real_tty != tty ? -EINVAL : tioccons(file);
2917 case FIONBIO:
2918 return fionbio(file, p);
2919 case TIOCEXCL:
2920 set_bit(TTY_EXCLUSIVE, &tty->flags);
2921 return 0;
2922 case TIOCNXCL:
2923 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2924 return 0;
2925 case TIOCGEXCL:
2926 {
2927 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2928 return put_user(excl, (int __user *)p);
2929 }
2930 case TIOCNOTTY:
2931 if (current->signal->tty != tty)
2932 return -ENOTTY;
2933 no_tty();
2934 return 0;
2935 case TIOCSCTTY:
2936 return tiocsctty(tty, file, arg);
2937 case TIOCGPGRP:
2938 return tiocgpgrp(tty, real_tty, p);
2939 case TIOCSPGRP:
2940 return tiocspgrp(tty, real_tty, p);
2941 case TIOCGSID:
2942 return tiocgsid(tty, real_tty, p);
2943 case TIOCGETD:
2944 return tiocgetd(tty, p);
2945 case TIOCSETD:
2946 return tiocsetd(tty, p);
2947 case TIOCVHANGUP:
2948 if (!capable(CAP_SYS_ADMIN))
2949 return -EPERM;
2950 tty_vhangup(tty);
2951 return 0;
2952 case TIOCGDEV:
2953 {
2954 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2955 return put_user(ret, (unsigned int __user *)p);
2956 }
2957 /*
2958 * Break handling
2959 */
2960 case TIOCSBRK: /* Turn break on, unconditionally */
2961 if (tty->ops->break_ctl)
2962 return tty->ops->break_ctl(tty, -1);
2963 return 0;
2964 case TIOCCBRK: /* Turn break off, unconditionally */
2965 if (tty->ops->break_ctl)
2966 return tty->ops->break_ctl(tty, 0);
2967 return 0;
2968 case TCSBRK: /* SVID version: non-zero arg --> no break */
2969 /* non-zero arg means wait for all output data
2970 * to be sent (performed above) but don't send break.
2971 * This is used by the tcdrain() termios function.
2972 */
2973 if (!arg)
2974 return send_break(tty, 250);
2975 return 0;
2976 case TCSBRKP: /* support for POSIX tcsendbreak() */
2977 return send_break(tty, arg ? arg*100 : 250);
2978
2979 case TIOCMGET:
2980 return tty_tiocmget(tty, p);
2981 case TIOCMSET:
2982 case TIOCMBIC:
2983 case TIOCMBIS:
2984 return tty_tiocmset(tty, cmd, p);
2985 case TIOCGICOUNT:
2986 retval = tty_tiocgicount(tty, p);
2987 /* For the moment allow fall through to the old method */
2988 if (retval != -EINVAL)
2989 return retval;
2990 break;
2991 case TCFLSH:
2992 switch (arg) {
2993 case TCIFLUSH:
2994 case TCIOFLUSH:
2995 /* flush tty buffer and allow ldisc to process ioctl */
2996 tty_buffer_flush(tty, NULL);
2997 break;
2998 }
2999 break;
3000 case TIOCSSERIAL:
3001 tty_warn_deprecated_flags(p);
3002 break;
3003 }
3004 if (tty->ops->ioctl) {
3005 retval = tty->ops->ioctl(tty, cmd, arg);
3006 if (retval != -ENOIOCTLCMD)
3007 return retval;
3008 }
3009 ld = tty_ldisc_ref_wait(tty);
3010 retval = -EINVAL;
3011 if (ld->ops->ioctl) {
3012 retval = ld->ops->ioctl(tty, file, cmd, arg);
3013 if (retval == -ENOIOCTLCMD)
3014 retval = -ENOTTY;
3015 }
3016 tty_ldisc_deref(ld);
3017 return retval;
3018 }
3019
3020 #ifdef CONFIG_COMPAT
tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)3021 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3022 unsigned long arg)
3023 {
3024 struct tty_struct *tty = file_tty(file);
3025 struct tty_ldisc *ld;
3026 int retval = -ENOIOCTLCMD;
3027
3028 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
3029 return -EINVAL;
3030
3031 if (tty->ops->compat_ioctl) {
3032 retval = tty->ops->compat_ioctl(tty, cmd, arg);
3033 if (retval != -ENOIOCTLCMD)
3034 return retval;
3035 }
3036
3037 ld = tty_ldisc_ref_wait(tty);
3038 if (ld->ops->compat_ioctl)
3039 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
3040 else
3041 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
3042 tty_ldisc_deref(ld);
3043
3044 return retval;
3045 }
3046 #endif
3047
this_tty(const void * t,struct file * file,unsigned fd)3048 static int this_tty(const void *t, struct file *file, unsigned fd)
3049 {
3050 if (likely(file->f_op->read != tty_read))
3051 return 0;
3052 return file_tty(file) != t ? 0 : fd + 1;
3053 }
3054
3055 /*
3056 * This implements the "Secure Attention Key" --- the idea is to
3057 * prevent trojan horses by killing all processes associated with this
3058 * tty when the user hits the "Secure Attention Key". Required for
3059 * super-paranoid applications --- see the Orange Book for more details.
3060 *
3061 * This code could be nicer; ideally it should send a HUP, wait a few
3062 * seconds, then send a INT, and then a KILL signal. But you then
3063 * have to coordinate with the init process, since all processes associated
3064 * with the current tty must be dead before the new getty is allowed
3065 * to spawn.
3066 *
3067 * Now, if it would be correct ;-/ The current code has a nasty hole -
3068 * it doesn't catch files in flight. We may send the descriptor to ourselves
3069 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3070 *
3071 * Nasty bug: do_SAK is being called in interrupt context. This can
3072 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3073 */
__do_SAK(struct tty_struct * tty)3074 void __do_SAK(struct tty_struct *tty)
3075 {
3076 #ifdef TTY_SOFT_SAK
3077 tty_hangup(tty);
3078 #else
3079 struct task_struct *g, *p;
3080 struct pid *session;
3081 int i;
3082 unsigned long flags;
3083
3084 if (!tty)
3085 return;
3086
3087 spin_lock_irqsave(&tty->ctrl_lock, flags);
3088 session = get_pid(tty->session);
3089 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3090
3091 tty_ldisc_flush(tty);
3092
3093 tty_driver_flush_buffer(tty);
3094
3095 read_lock(&tasklist_lock);
3096 /* Kill the entire session */
3097 do_each_pid_task(session, PIDTYPE_SID, p) {
3098 printk(KERN_NOTICE "SAK: killed process %d"
3099 " (%s): task_session(p)==tty->session\n",
3100 task_pid_nr(p), p->comm);
3101 send_sig(SIGKILL, p, 1);
3102 } while_each_pid_task(session, PIDTYPE_SID, p);
3103 /* Now kill any processes that happen to have the
3104 * tty open.
3105 */
3106 do_each_thread(g, p) {
3107 if (p->signal->tty == tty) {
3108 printk(KERN_NOTICE "SAK: killed process %d"
3109 " (%s): task_session(p)==tty->session\n",
3110 task_pid_nr(p), p->comm);
3111 send_sig(SIGKILL, p, 1);
3112 continue;
3113 }
3114 task_lock(p);
3115 i = iterate_fd(p->files, 0, this_tty, tty);
3116 if (i != 0) {
3117 printk(KERN_NOTICE "SAK: killed process %d"
3118 " (%s): fd#%d opened to the tty\n",
3119 task_pid_nr(p), p->comm, i - 1);
3120 force_sig(SIGKILL, p);
3121 }
3122 task_unlock(p);
3123 } while_each_thread(g, p);
3124 read_unlock(&tasklist_lock);
3125 put_pid(session);
3126 #endif
3127 }
3128
do_SAK_work(struct work_struct * work)3129 static void do_SAK_work(struct work_struct *work)
3130 {
3131 struct tty_struct *tty =
3132 container_of(work, struct tty_struct, SAK_work);
3133 __do_SAK(tty);
3134 }
3135
3136 /*
3137 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3138 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3139 * the values which we write to it will be identical to the values which it
3140 * already has. --akpm
3141 */
do_SAK(struct tty_struct * tty)3142 void do_SAK(struct tty_struct *tty)
3143 {
3144 if (!tty)
3145 return;
3146 schedule_work(&tty->SAK_work);
3147 }
3148
3149 EXPORT_SYMBOL(do_SAK);
3150
dev_match_devt(struct device * dev,const void * data)3151 static int dev_match_devt(struct device *dev, const void *data)
3152 {
3153 const dev_t *devt = data;
3154 return dev->devt == *devt;
3155 }
3156
3157 /* Must put_device() after it's unused! */
tty_get_device(struct tty_struct * tty)3158 static struct device *tty_get_device(struct tty_struct *tty)
3159 {
3160 dev_t devt = tty_devnum(tty);
3161 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
3162 }
3163
3164
3165 /**
3166 * alloc_tty_struct
3167 *
3168 * This subroutine allocates and initializes a tty structure.
3169 *
3170 * Locking: none - tty in question is not exposed at this point
3171 */
3172
alloc_tty_struct(struct tty_driver * driver,int idx)3173 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3174 {
3175 struct tty_struct *tty;
3176
3177 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3178 if (!tty)
3179 return NULL;
3180
3181 kref_init(&tty->kref);
3182 tty->magic = TTY_MAGIC;
3183 if (tty_ldisc_init(tty)) {
3184 kfree(tty);
3185 return NULL;
3186 }
3187 tty->session = NULL;
3188 tty->pgrp = NULL;
3189 mutex_init(&tty->legacy_mutex);
3190 mutex_init(&tty->throttle_mutex);
3191 init_rwsem(&tty->termios_rwsem);
3192 mutex_init(&tty->winsize_mutex);
3193 init_ldsem(&tty->ldisc_sem);
3194 init_waitqueue_head(&tty->write_wait);
3195 init_waitqueue_head(&tty->read_wait);
3196 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3197 mutex_init(&tty->atomic_write_lock);
3198 spin_lock_init(&tty->ctrl_lock);
3199 spin_lock_init(&tty->flow_lock);
3200 INIT_LIST_HEAD(&tty->tty_files);
3201 INIT_WORK(&tty->SAK_work, do_SAK_work);
3202
3203 tty->driver = driver;
3204 tty->ops = driver->ops;
3205 tty->index = idx;
3206 tty_line_name(driver, idx, tty->name);
3207 tty->dev = tty_get_device(tty);
3208
3209 return tty;
3210 }
3211
3212 /**
3213 * deinitialize_tty_struct
3214 * @tty: tty to deinitialize
3215 *
3216 * This subroutine deinitializes a tty structure that has been newly
3217 * allocated but tty_release cannot be called on that yet.
3218 *
3219 * Locking: none - tty in question must not be exposed at this point
3220 */
deinitialize_tty_struct(struct tty_struct * tty)3221 void deinitialize_tty_struct(struct tty_struct *tty)
3222 {
3223 tty_ldisc_deinit(tty);
3224 }
3225
3226 /**
3227 * tty_put_char - write one character to a tty
3228 * @tty: tty
3229 * @ch: character
3230 *
3231 * Write one byte to the tty using the provided put_char method
3232 * if present. Returns the number of characters successfully output.
3233 *
3234 * Note: the specific put_char operation in the driver layer may go
3235 * away soon. Don't call it directly, use this method
3236 */
3237
tty_put_char(struct tty_struct * tty,unsigned char ch)3238 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3239 {
3240 if (tty->ops->put_char)
3241 return tty->ops->put_char(tty, ch);
3242 return tty->ops->write(tty, &ch, 1);
3243 }
3244 EXPORT_SYMBOL_GPL(tty_put_char);
3245
3246 struct class *tty_class;
3247
tty_cdev_add(struct tty_driver * driver,dev_t dev,unsigned int index,unsigned int count)3248 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3249 unsigned int index, unsigned int count)
3250 {
3251 int err;
3252
3253 /* init here, since reused cdevs cause crashes */
3254 driver->cdevs[index] = cdev_alloc();
3255 if (!driver->cdevs[index])
3256 return -ENOMEM;
3257 driver->cdevs[index]->ops = &tty_fops;
3258 driver->cdevs[index]->owner = driver->owner;
3259 err = cdev_add(driver->cdevs[index], dev, count);
3260 if (err)
3261 kobject_put(&driver->cdevs[index]->kobj);
3262 return err;
3263 }
3264
3265 /**
3266 * tty_register_device - register a tty device
3267 * @driver: the tty driver that describes the tty device
3268 * @index: the index in the tty driver for this tty device
3269 * @device: a struct device that is associated with this tty device.
3270 * This field is optional, if there is no known struct device
3271 * for this tty device it can be set to NULL safely.
3272 *
3273 * Returns a pointer to the struct device for this tty device
3274 * (or ERR_PTR(-EFOO) on error).
3275 *
3276 * This call is required to be made to register an individual tty device
3277 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3278 * that bit is not set, this function should not be called by a tty
3279 * driver.
3280 *
3281 * Locking: ??
3282 */
3283
tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)3284 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3285 struct device *device)
3286 {
3287 return tty_register_device_attr(driver, index, device, NULL, NULL);
3288 }
3289 EXPORT_SYMBOL(tty_register_device);
3290
tty_device_create_release(struct device * dev)3291 static void tty_device_create_release(struct device *dev)
3292 {
3293 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3294 kfree(dev);
3295 }
3296
3297 /**
3298 * tty_register_device_attr - register a tty device
3299 * @driver: the tty driver that describes the tty device
3300 * @index: the index in the tty driver for this tty device
3301 * @device: a struct device that is associated with this tty device.
3302 * This field is optional, if there is no known struct device
3303 * for this tty device it can be set to NULL safely.
3304 * @drvdata: Driver data to be set to device.
3305 * @attr_grp: Attribute group to be set on device.
3306 *
3307 * Returns a pointer to the struct device for this tty device
3308 * (or ERR_PTR(-EFOO) on error).
3309 *
3310 * This call is required to be made to register an individual tty device
3311 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3312 * that bit is not set, this function should not be called by a tty
3313 * driver.
3314 *
3315 * Locking: ??
3316 */
tty_register_device_attr(struct tty_driver * driver,unsigned index,struct device * device,void * drvdata,const struct attribute_group ** attr_grp)3317 struct device *tty_register_device_attr(struct tty_driver *driver,
3318 unsigned index, struct device *device,
3319 void *drvdata,
3320 const struct attribute_group **attr_grp)
3321 {
3322 char name[64];
3323 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3324 struct device *dev = NULL;
3325 int retval = -ENODEV;
3326 bool cdev = false;
3327
3328 if (index >= driver->num) {
3329 printk(KERN_ERR "Attempt to register invalid tty line number "
3330 " (%d).\n", index);
3331 return ERR_PTR(-EINVAL);
3332 }
3333
3334 if (driver->type == TTY_DRIVER_TYPE_PTY)
3335 pty_line_name(driver, index, name);
3336 else
3337 tty_line_name(driver, index, name);
3338
3339 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3340 retval = tty_cdev_add(driver, devt, index, 1);
3341 if (retval)
3342 goto error;
3343 cdev = true;
3344 }
3345
3346 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3347 if (!dev) {
3348 retval = -ENOMEM;
3349 goto error;
3350 }
3351
3352 dev->devt = devt;
3353 dev->class = tty_class;
3354 dev->parent = device;
3355 dev->release = tty_device_create_release;
3356 dev_set_name(dev, "%s", name);
3357 dev->groups = attr_grp;
3358 dev_set_drvdata(dev, drvdata);
3359
3360 retval = device_register(dev);
3361 if (retval)
3362 goto error;
3363
3364 return dev;
3365
3366 error:
3367 put_device(dev);
3368 if (cdev) {
3369 cdev_del(driver->cdevs[index]);
3370 driver->cdevs[index] = NULL;
3371 }
3372 return ERR_PTR(retval);
3373 }
3374 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3375
3376 /**
3377 * tty_unregister_device - unregister a tty device
3378 * @driver: the tty driver that describes the tty device
3379 * @index: the index in the tty driver for this tty device
3380 *
3381 * If a tty device is registered with a call to tty_register_device() then
3382 * this function must be called when the tty device is gone.
3383 *
3384 * Locking: ??
3385 */
3386
tty_unregister_device(struct tty_driver * driver,unsigned index)3387 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3388 {
3389 device_destroy(tty_class,
3390 MKDEV(driver->major, driver->minor_start) + index);
3391 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3392 cdev_del(driver->cdevs[index]);
3393 driver->cdevs[index] = NULL;
3394 }
3395 }
3396 EXPORT_SYMBOL(tty_unregister_device);
3397
3398 /**
3399 * __tty_alloc_driver -- allocate tty driver
3400 * @lines: count of lines this driver can handle at most
3401 * @owner: module which is repsonsible for this driver
3402 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3403 *
3404 * This should not be called directly, some of the provided macros should be
3405 * used instead. Use IS_ERR and friends on @retval.
3406 */
__tty_alloc_driver(unsigned int lines,struct module * owner,unsigned long flags)3407 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3408 unsigned long flags)
3409 {
3410 struct tty_driver *driver;
3411 unsigned int cdevs = 1;
3412 int err;
3413
3414 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3415 return ERR_PTR(-EINVAL);
3416
3417 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3418 if (!driver)
3419 return ERR_PTR(-ENOMEM);
3420
3421 kref_init(&driver->kref);
3422 driver->magic = TTY_DRIVER_MAGIC;
3423 driver->num = lines;
3424 driver->owner = owner;
3425 driver->flags = flags;
3426
3427 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3428 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3429 GFP_KERNEL);
3430 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3431 GFP_KERNEL);
3432 if (!driver->ttys || !driver->termios) {
3433 err = -ENOMEM;
3434 goto err_free_all;
3435 }
3436 }
3437
3438 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3439 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3440 GFP_KERNEL);
3441 if (!driver->ports) {
3442 err = -ENOMEM;
3443 goto err_free_all;
3444 }
3445 cdevs = lines;
3446 }
3447
3448 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3449 if (!driver->cdevs) {
3450 err = -ENOMEM;
3451 goto err_free_all;
3452 }
3453
3454 return driver;
3455 err_free_all:
3456 kfree(driver->ports);
3457 kfree(driver->ttys);
3458 kfree(driver->termios);
3459 kfree(driver->cdevs);
3460 kfree(driver);
3461 return ERR_PTR(err);
3462 }
3463 EXPORT_SYMBOL(__tty_alloc_driver);
3464
destruct_tty_driver(struct kref * kref)3465 static void destruct_tty_driver(struct kref *kref)
3466 {
3467 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3468 int i;
3469 struct ktermios *tp;
3470
3471 if (driver->flags & TTY_DRIVER_INSTALLED) {
3472 /*
3473 * Free the termios and termios_locked structures because
3474 * we don't want to get memory leaks when modular tty
3475 * drivers are removed from the kernel.
3476 */
3477 for (i = 0; i < driver->num; i++) {
3478 tp = driver->termios[i];
3479 if (tp) {
3480 driver->termios[i] = NULL;
3481 kfree(tp);
3482 }
3483 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3484 tty_unregister_device(driver, i);
3485 }
3486 proc_tty_unregister_driver(driver);
3487 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3488 cdev_del(driver->cdevs[0]);
3489 }
3490 kfree(driver->cdevs);
3491 kfree(driver->ports);
3492 kfree(driver->termios);
3493 kfree(driver->ttys);
3494 kfree(driver);
3495 }
3496
tty_driver_kref_put(struct tty_driver * driver)3497 void tty_driver_kref_put(struct tty_driver *driver)
3498 {
3499 kref_put(&driver->kref, destruct_tty_driver);
3500 }
3501 EXPORT_SYMBOL(tty_driver_kref_put);
3502
tty_set_operations(struct tty_driver * driver,const struct tty_operations * op)3503 void tty_set_operations(struct tty_driver *driver,
3504 const struct tty_operations *op)
3505 {
3506 driver->ops = op;
3507 };
3508 EXPORT_SYMBOL(tty_set_operations);
3509
put_tty_driver(struct tty_driver * d)3510 void put_tty_driver(struct tty_driver *d)
3511 {
3512 tty_driver_kref_put(d);
3513 }
3514 EXPORT_SYMBOL(put_tty_driver);
3515
3516 /*
3517 * Called by a tty driver to register itself.
3518 */
tty_register_driver(struct tty_driver * driver)3519 int tty_register_driver(struct tty_driver *driver)
3520 {
3521 int error;
3522 int i;
3523 dev_t dev;
3524 struct device *d;
3525
3526 if (!driver->major) {
3527 error = alloc_chrdev_region(&dev, driver->minor_start,
3528 driver->num, driver->name);
3529 if (!error) {
3530 driver->major = MAJOR(dev);
3531 driver->minor_start = MINOR(dev);
3532 }
3533 } else {
3534 dev = MKDEV(driver->major, driver->minor_start);
3535 error = register_chrdev_region(dev, driver->num, driver->name);
3536 }
3537 if (error < 0)
3538 goto err;
3539
3540 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3541 error = tty_cdev_add(driver, dev, 0, driver->num);
3542 if (error)
3543 goto err_unreg_char;
3544 }
3545
3546 mutex_lock(&tty_mutex);
3547 list_add(&driver->tty_drivers, &tty_drivers);
3548 mutex_unlock(&tty_mutex);
3549
3550 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3551 for (i = 0; i < driver->num; i++) {
3552 d = tty_register_device(driver, i, NULL);
3553 if (IS_ERR(d)) {
3554 error = PTR_ERR(d);
3555 goto err_unreg_devs;
3556 }
3557 }
3558 }
3559 proc_tty_register_driver(driver);
3560 driver->flags |= TTY_DRIVER_INSTALLED;
3561 return 0;
3562
3563 err_unreg_devs:
3564 for (i--; i >= 0; i--)
3565 tty_unregister_device(driver, i);
3566
3567 mutex_lock(&tty_mutex);
3568 list_del(&driver->tty_drivers);
3569 mutex_unlock(&tty_mutex);
3570
3571 err_unreg_char:
3572 unregister_chrdev_region(dev, driver->num);
3573 err:
3574 return error;
3575 }
3576 EXPORT_SYMBOL(tty_register_driver);
3577
3578 /*
3579 * Called by a tty driver to unregister itself.
3580 */
tty_unregister_driver(struct tty_driver * driver)3581 int tty_unregister_driver(struct tty_driver *driver)
3582 {
3583 #if 0
3584 /* FIXME */
3585 if (driver->refcount)
3586 return -EBUSY;
3587 #endif
3588 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3589 driver->num);
3590 mutex_lock(&tty_mutex);
3591 list_del(&driver->tty_drivers);
3592 mutex_unlock(&tty_mutex);
3593 return 0;
3594 }
3595
3596 EXPORT_SYMBOL(tty_unregister_driver);
3597
tty_devnum(struct tty_struct * tty)3598 dev_t tty_devnum(struct tty_struct *tty)
3599 {
3600 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3601 }
3602 EXPORT_SYMBOL(tty_devnum);
3603
tty_default_fops(struct file_operations * fops)3604 void tty_default_fops(struct file_operations *fops)
3605 {
3606 *fops = tty_fops;
3607 }
3608
3609 /*
3610 * Initialize the console device. This is called *early*, so
3611 * we can't necessarily depend on lots of kernel help here.
3612 * Just do some early initializations, and do the complex setup
3613 * later.
3614 */
console_init(void)3615 void __init console_init(void)
3616 {
3617 initcall_t *call;
3618
3619 /* Setup the default TTY line discipline. */
3620 tty_ldisc_begin();
3621
3622 /*
3623 * set up the console device so that later boot sequences can
3624 * inform about problems etc..
3625 */
3626 call = __con_initcall_start;
3627 while (call < __con_initcall_end) {
3628 (*call)();
3629 call++;
3630 }
3631 }
3632
tty_devnode(struct device * dev,umode_t * mode)3633 static char *tty_devnode(struct device *dev, umode_t *mode)
3634 {
3635 if (!mode)
3636 return NULL;
3637 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3638 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3639 *mode = 0666;
3640 return NULL;
3641 }
3642
tty_class_init(void)3643 static int __init tty_class_init(void)
3644 {
3645 tty_class = class_create(THIS_MODULE, "tty");
3646 if (IS_ERR(tty_class))
3647 return PTR_ERR(tty_class);
3648 tty_class->devnode = tty_devnode;
3649 return 0;
3650 }
3651
3652 postcore_initcall(tty_class_init);
3653
3654 /* 3/2004 jmc: why do these devices exist? */
3655 static struct cdev tty_cdev, console_cdev;
3656
show_cons_active(struct device * dev,struct device_attribute * attr,char * buf)3657 static ssize_t show_cons_active(struct device *dev,
3658 struct device_attribute *attr, char *buf)
3659 {
3660 struct console *cs[16];
3661 int i = 0;
3662 struct console *c;
3663 ssize_t count = 0;
3664
3665 console_lock();
3666 for_each_console(c) {
3667 if (!c->device)
3668 continue;
3669 if (!c->write)
3670 continue;
3671 if ((c->flags & CON_ENABLED) == 0)
3672 continue;
3673 cs[i++] = c;
3674 if (i >= ARRAY_SIZE(cs))
3675 break;
3676 }
3677 while (i--) {
3678 int index = cs[i]->index;
3679 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3680
3681 /* don't resolve tty0 as some programs depend on it */
3682 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3683 count += tty_line_name(drv, index, buf + count);
3684 else
3685 count += sprintf(buf + count, "%s%d",
3686 cs[i]->name, cs[i]->index);
3687
3688 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3689 }
3690 console_unlock();
3691
3692 return count;
3693 }
3694 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3695
3696 static struct attribute *cons_dev_attrs[] = {
3697 &dev_attr_active.attr,
3698 NULL
3699 };
3700
3701 ATTRIBUTE_GROUPS(cons_dev);
3702
3703 static struct device *consdev;
3704
console_sysfs_notify(void)3705 void console_sysfs_notify(void)
3706 {
3707 if (consdev)
3708 sysfs_notify(&consdev->kobj, NULL, "active");
3709 }
3710
3711 /*
3712 * Ok, now we can initialize the rest of the tty devices and can count
3713 * on memory allocations, interrupts etc..
3714 */
tty_init(void)3715 int __init tty_init(void)
3716 {
3717 tty_sysctl_init();
3718 cdev_init(&tty_cdev, &tty_fops);
3719 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3720 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3721 panic("Couldn't register /dev/tty driver\n");
3722 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3723
3724 cdev_init(&console_cdev, &console_fops);
3725 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3726 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3727 panic("Couldn't register /dev/console driver\n");
3728 consdev = device_create_with_groups(tty_class, NULL,
3729 MKDEV(TTYAUX_MAJOR, 1), NULL,
3730 cons_dev_groups, "console");
3731 if (IS_ERR(consdev))
3732 consdev = NULL;
3733
3734 #ifdef CONFIG_VT
3735 vty_init(&console_fops);
3736 #endif
3737 return 0;
3738 }
3739
3740