1 /*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5 /*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67 #include <linux/types.h>
68 #include <linux/major.h>
69 #include <linux/errno.h>
70 #include <linux/signal.h>
71 #include <linux/fcntl.h>
72 #include <linux/sched.h>
73 #include <linux/interrupt.h>
74 #include <linux/tty.h>
75 #include <linux/tty_driver.h>
76 #include <linux/tty_flip.h>
77 #include <linux/devpts_fs.h>
78 #include <linux/file.h>
79 #include <linux/fdtable.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/device.h>
92 #include <linux/wait.h>
93 #include <linux/bitops.h>
94 #include <linux/delay.h>
95 #include <linux/seq_file.h>
96 #include <linux/serial.h>
97 #include <linux/ratelimit.h>
98
99 #include <linux/uaccess.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106 #include <linux/nsproxy.h>
107
108 #undef TTY_DEBUG_HANGUP
109 #ifdef TTY_DEBUG_HANGUP
110 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
111 #else
112 # define tty_debug_hangup(tty, f, args...) do { } while (0)
113 #endif
114
115 #define TTY_PARANOIA_CHECK 1
116 #define CHECK_TTY_COUNT 1
117
118 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
119 .c_iflag = ICRNL | IXON,
120 .c_oflag = OPOST | ONLCR,
121 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
122 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
123 ECHOCTL | ECHOKE | IEXTEN,
124 .c_cc = INIT_C_CC,
125 .c_ispeed = 38400,
126 .c_ospeed = 38400,
127 /* .c_line = N_TTY, */
128 };
129
130 EXPORT_SYMBOL(tty_std_termios);
131
132 /* This list gets poked at by procfs and various bits of boot up code. This
133 could do with some rationalisation such as pulling the tty proc function
134 into this file */
135
136 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
137
138 /* Mutex to protect creating and releasing a tty */
139 DEFINE_MUTEX(tty_mutex);
140
141 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
142 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
143 ssize_t redirected_tty_write(struct file *, const char __user *,
144 size_t, loff_t *);
145 static unsigned int tty_poll(struct file *, poll_table *);
146 static int tty_open(struct inode *, struct file *);
147 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
148 #ifdef CONFIG_COMPAT
149 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
150 unsigned long arg);
151 #else
152 #define tty_compat_ioctl NULL
153 #endif
154 static int __tty_fasync(int fd, struct file *filp, int on);
155 static int tty_fasync(int fd, struct file *filp, int on);
156 static void release_tty(struct tty_struct *tty, int idx);
157
158 /**
159 * free_tty_struct - free a disused tty
160 * @tty: tty struct to free
161 *
162 * Free the write buffers, tty queue and tty memory itself.
163 *
164 * Locking: none. Must be called after tty is definitely unused
165 */
166
free_tty_struct(struct tty_struct * tty)167 static void free_tty_struct(struct tty_struct *tty)
168 {
169 tty_ldisc_deinit(tty);
170 put_device(tty->dev);
171 kfree(tty->write_buf);
172 tty->magic = 0xDEADDEAD;
173 kfree(tty);
174 }
175
file_tty(struct file * file)176 static inline struct tty_struct *file_tty(struct file *file)
177 {
178 return ((struct tty_file_private *)file->private_data)->tty;
179 }
180
tty_alloc_file(struct file * file)181 int tty_alloc_file(struct file *file)
182 {
183 struct tty_file_private *priv;
184
185 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
186 if (!priv)
187 return -ENOMEM;
188
189 file->private_data = priv;
190
191 return 0;
192 }
193
194 /* Associate a new file with the tty structure */
tty_add_file(struct tty_struct * tty,struct file * file)195 void tty_add_file(struct tty_struct *tty, struct file *file)
196 {
197 struct tty_file_private *priv = file->private_data;
198
199 priv->tty = tty;
200 priv->file = file;
201
202 spin_lock(&tty->files_lock);
203 list_add(&priv->list, &tty->tty_files);
204 spin_unlock(&tty->files_lock);
205 }
206
207 /**
208 * tty_free_file - free file->private_data
209 *
210 * This shall be used only for fail path handling when tty_add_file was not
211 * called yet.
212 */
tty_free_file(struct file * file)213 void tty_free_file(struct file *file)
214 {
215 struct tty_file_private *priv = file->private_data;
216
217 file->private_data = NULL;
218 kfree(priv);
219 }
220
221 /* Delete file from its tty */
tty_del_file(struct file * file)222 static void tty_del_file(struct file *file)
223 {
224 struct tty_file_private *priv = file->private_data;
225 struct tty_struct *tty = priv->tty;
226
227 spin_lock(&tty->files_lock);
228 list_del(&priv->list);
229 spin_unlock(&tty->files_lock);
230 tty_free_file(file);
231 }
232
233 /**
234 * tty_name - return tty naming
235 * @tty: tty structure
236 *
237 * Convert a tty structure into a name. The name reflects the kernel
238 * naming policy and if udev is in use may not reflect user space
239 *
240 * Locking: none
241 */
242
tty_name(const struct tty_struct * tty)243 const char *tty_name(const struct tty_struct *tty)
244 {
245 if (!tty) /* Hmm. NULL pointer. That's fun. */
246 return "NULL tty";
247 return tty->name;
248 }
249
250 EXPORT_SYMBOL(tty_name);
251
tty_driver_name(const struct tty_struct * tty)252 const char *tty_driver_name(const struct tty_struct *tty)
253 {
254 if (!tty || !tty->driver)
255 return "";
256 return tty->driver->name;
257 }
258
tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)259 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 const char *routine)
261 {
262 #ifdef TTY_PARANOIA_CHECK
263 if (!tty) {
264 pr_warn("(%d:%d): %s: NULL tty\n",
265 imajor(inode), iminor(inode), routine);
266 return 1;
267 }
268 if (tty->magic != TTY_MAGIC) {
269 pr_warn("(%d:%d): %s: bad magic number\n",
270 imajor(inode), iminor(inode), routine);
271 return 1;
272 }
273 #endif
274 return 0;
275 }
276
277 /* Caller must hold tty_lock */
check_tty_count(struct tty_struct * tty,const char * routine)278 static int check_tty_count(struct tty_struct *tty, const char *routine)
279 {
280 #ifdef CHECK_TTY_COUNT
281 struct list_head *p;
282 int count = 0;
283
284 spin_lock(&tty->files_lock);
285 list_for_each(p, &tty->tty_files) {
286 count++;
287 }
288 spin_unlock(&tty->files_lock);
289 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
290 tty->driver->subtype == PTY_TYPE_SLAVE &&
291 tty->link && tty->link->count)
292 count++;
293 if (tty->count != count) {
294 tty_warn(tty, "%s: tty->count(%d) != #fd's(%d)\n",
295 routine, tty->count, count);
296 return count;
297 }
298 #endif
299 return 0;
300 }
301
302 /**
303 * get_tty_driver - find device of a tty
304 * @dev_t: device identifier
305 * @index: returns the index of the tty
306 *
307 * This routine returns a tty driver structure, given a device number
308 * and also passes back the index number.
309 *
310 * Locking: caller must hold tty_mutex
311 */
312
get_tty_driver(dev_t device,int * index)313 static struct tty_driver *get_tty_driver(dev_t device, int *index)
314 {
315 struct tty_driver *p;
316
317 list_for_each_entry(p, &tty_drivers, tty_drivers) {
318 dev_t base = MKDEV(p->major, p->minor_start);
319 if (device < base || device >= base + p->num)
320 continue;
321 *index = device - base;
322 return tty_driver_kref_get(p);
323 }
324 return NULL;
325 }
326
327 #ifdef CONFIG_CONSOLE_POLL
328
329 /**
330 * tty_find_polling_driver - find device of a polled tty
331 * @name: name string to match
332 * @line: pointer to resulting tty line nr
333 *
334 * This routine returns a tty driver structure, given a name
335 * and the condition that the tty driver is capable of polled
336 * operation.
337 */
tty_find_polling_driver(char * name,int * line)338 struct tty_driver *tty_find_polling_driver(char *name, int *line)
339 {
340 struct tty_driver *p, *res = NULL;
341 int tty_line = 0;
342 int len;
343 char *str, *stp;
344
345 for (str = name; *str; str++)
346 if ((*str >= '0' && *str <= '9') || *str == ',')
347 break;
348 if (!*str)
349 return NULL;
350
351 len = str - name;
352 tty_line = simple_strtoul(str, &str, 10);
353
354 mutex_lock(&tty_mutex);
355 /* Search through the tty devices to look for a match */
356 list_for_each_entry(p, &tty_drivers, tty_drivers) {
357 if (strncmp(name, p->name, len) != 0)
358 continue;
359 stp = str;
360 if (*stp == ',')
361 stp++;
362 if (*stp == '\0')
363 stp = NULL;
364
365 if (tty_line >= 0 && tty_line < p->num && p->ops &&
366 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
367 res = tty_driver_kref_get(p);
368 *line = tty_line;
369 break;
370 }
371 }
372 mutex_unlock(&tty_mutex);
373
374 return res;
375 }
376 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
377 #endif
378
is_ignored(int sig)379 static int is_ignored(int sig)
380 {
381 return (sigismember(¤t->blocked, sig) ||
382 current->sighand->action[sig-1].sa.sa_handler == SIG_IGN);
383 }
384
385 /**
386 * tty_check_change - check for POSIX terminal changes
387 * @tty: tty to check
388 *
389 * If we try to write to, or set the state of, a terminal and we're
390 * not in the foreground, send a SIGTTOU. If the signal is blocked or
391 * ignored, go ahead and perform the operation. (POSIX 7.2)
392 *
393 * Locking: ctrl_lock
394 */
395
__tty_check_change(struct tty_struct * tty,int sig)396 int __tty_check_change(struct tty_struct *tty, int sig)
397 {
398 unsigned long flags;
399 struct pid *pgrp, *tty_pgrp;
400 int ret = 0;
401
402 if (current->signal->tty != tty)
403 return 0;
404
405 rcu_read_lock();
406 pgrp = task_pgrp(current);
407
408 spin_lock_irqsave(&tty->ctrl_lock, flags);
409 tty_pgrp = tty->pgrp;
410 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
411
412 if (tty_pgrp && pgrp != tty->pgrp) {
413 if (is_ignored(sig)) {
414 if (sig == SIGTTIN)
415 ret = -EIO;
416 } else if (is_current_pgrp_orphaned())
417 ret = -EIO;
418 else {
419 kill_pgrp(pgrp, sig, 1);
420 set_thread_flag(TIF_SIGPENDING);
421 ret = -ERESTARTSYS;
422 }
423 }
424 rcu_read_unlock();
425
426 if (!tty_pgrp)
427 tty_warn(tty, "sig=%d, tty->pgrp == NULL!\n", sig);
428
429 return ret;
430 }
431
tty_check_change(struct tty_struct * tty)432 int tty_check_change(struct tty_struct *tty)
433 {
434 return __tty_check_change(tty, SIGTTOU);
435 }
436 EXPORT_SYMBOL(tty_check_change);
437
hung_up_tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)438 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
439 size_t count, loff_t *ppos)
440 {
441 return 0;
442 }
443
hung_up_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)444 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
445 size_t count, loff_t *ppos)
446 {
447 return -EIO;
448 }
449
450 /* No kernel lock held - none needed ;) */
hung_up_tty_poll(struct file * filp,poll_table * wait)451 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
452 {
453 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
454 }
455
hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)456 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
457 unsigned long arg)
458 {
459 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
460 }
461
hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)462 static long hung_up_tty_compat_ioctl(struct file *file,
463 unsigned int cmd, unsigned long arg)
464 {
465 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
466 }
467
hung_up_tty_fasync(int fd,struct file * file,int on)468 static int hung_up_tty_fasync(int fd, struct file *file, int on)
469 {
470 return -ENOTTY;
471 }
472
473 static const struct file_operations tty_fops = {
474 .llseek = no_llseek,
475 .read = tty_read,
476 .write = tty_write,
477 .poll = tty_poll,
478 .unlocked_ioctl = tty_ioctl,
479 .compat_ioctl = tty_compat_ioctl,
480 .open = tty_open,
481 .release = tty_release,
482 .fasync = tty_fasync,
483 };
484
485 static const struct file_operations console_fops = {
486 .llseek = no_llseek,
487 .read = tty_read,
488 .write = redirected_tty_write,
489 .poll = tty_poll,
490 .unlocked_ioctl = tty_ioctl,
491 .compat_ioctl = tty_compat_ioctl,
492 .open = tty_open,
493 .release = tty_release,
494 .fasync = tty_fasync,
495 };
496
497 static const struct file_operations hung_up_tty_fops = {
498 .llseek = no_llseek,
499 .read = hung_up_tty_read,
500 .write = hung_up_tty_write,
501 .poll = hung_up_tty_poll,
502 .unlocked_ioctl = hung_up_tty_ioctl,
503 .compat_ioctl = hung_up_tty_compat_ioctl,
504 .release = tty_release,
505 .fasync = hung_up_tty_fasync,
506 };
507
508 static DEFINE_SPINLOCK(redirect_lock);
509 static struct file *redirect;
510
511
proc_clear_tty(struct task_struct * p)512 void proc_clear_tty(struct task_struct *p)
513 {
514 unsigned long flags;
515 struct tty_struct *tty;
516 spin_lock_irqsave(&p->sighand->siglock, flags);
517 tty = p->signal->tty;
518 p->signal->tty = NULL;
519 spin_unlock_irqrestore(&p->sighand->siglock, flags);
520 tty_kref_put(tty);
521 }
522
523 /**
524 * proc_set_tty - set the controlling terminal
525 *
526 * Only callable by the session leader and only if it does not already have
527 * a controlling terminal.
528 *
529 * Caller must hold: tty_lock()
530 * a readlock on tasklist_lock
531 * sighand lock
532 */
__proc_set_tty(struct tty_struct * tty)533 static void __proc_set_tty(struct tty_struct *tty)
534 {
535 unsigned long flags;
536
537 spin_lock_irqsave(&tty->ctrl_lock, flags);
538 /*
539 * The session and fg pgrp references will be non-NULL if
540 * tiocsctty() is stealing the controlling tty
541 */
542 put_pid(tty->session);
543 put_pid(tty->pgrp);
544 tty->pgrp = get_pid(task_pgrp(current));
545 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
546 tty->session = get_pid(task_session(current));
547 if (current->signal->tty) {
548 tty_debug(tty, "current tty %s not NULL!!\n",
549 current->signal->tty->name);
550 tty_kref_put(current->signal->tty);
551 }
552 put_pid(current->signal->tty_old_pgrp);
553 current->signal->tty = tty_kref_get(tty);
554 current->signal->tty_old_pgrp = NULL;
555 }
556
proc_set_tty(struct tty_struct * tty)557 static void proc_set_tty(struct tty_struct *tty)
558 {
559 spin_lock_irq(¤t->sighand->siglock);
560 __proc_set_tty(tty);
561 spin_unlock_irq(¤t->sighand->siglock);
562 }
563
get_current_tty(void)564 struct tty_struct *get_current_tty(void)
565 {
566 struct tty_struct *tty;
567 unsigned long flags;
568
569 spin_lock_irqsave(¤t->sighand->siglock, flags);
570 tty = tty_kref_get(current->signal->tty);
571 spin_unlock_irqrestore(¤t->sighand->siglock, flags);
572 return tty;
573 }
574 EXPORT_SYMBOL_GPL(get_current_tty);
575
session_clear_tty(struct pid * session)576 static void session_clear_tty(struct pid *session)
577 {
578 struct task_struct *p;
579 do_each_pid_task(session, PIDTYPE_SID, p) {
580 proc_clear_tty(p);
581 } while_each_pid_task(session, PIDTYPE_SID, p);
582 }
583
584 /**
585 * tty_wakeup - request more data
586 * @tty: terminal
587 *
588 * Internal and external helper for wakeups of tty. This function
589 * informs the line discipline if present that the driver is ready
590 * to receive more output data.
591 */
592
tty_wakeup(struct tty_struct * tty)593 void tty_wakeup(struct tty_struct *tty)
594 {
595 struct tty_ldisc *ld;
596
597 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
598 ld = tty_ldisc_ref(tty);
599 if (ld) {
600 if (ld->ops->write_wakeup)
601 ld->ops->write_wakeup(tty);
602 tty_ldisc_deref(ld);
603 }
604 }
605 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
606 }
607
608 EXPORT_SYMBOL_GPL(tty_wakeup);
609
610 /**
611 * tty_signal_session_leader - sends SIGHUP to session leader
612 * @tty controlling tty
613 * @exit_session if non-zero, signal all foreground group processes
614 *
615 * Send SIGHUP and SIGCONT to the session leader and its process group.
616 * Optionally, signal all processes in the foreground process group.
617 *
618 * Returns the number of processes in the session with this tty
619 * as their controlling terminal. This value is used to drop
620 * tty references for those processes.
621 */
tty_signal_session_leader(struct tty_struct * tty,int exit_session)622 static int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
623 {
624 struct task_struct *p;
625 int refs = 0;
626 struct pid *tty_pgrp = NULL;
627
628 read_lock(&tasklist_lock);
629 if (tty->session) {
630 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
631 spin_lock_irq(&p->sighand->siglock);
632 if (p->signal->tty == tty) {
633 p->signal->tty = NULL;
634 /* We defer the dereferences outside fo
635 the tasklist lock */
636 refs++;
637 }
638 if (!p->signal->leader) {
639 spin_unlock_irq(&p->sighand->siglock);
640 continue;
641 }
642 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
643 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
644 put_pid(p->signal->tty_old_pgrp); /* A noop */
645 spin_lock(&tty->ctrl_lock);
646 tty_pgrp = get_pid(tty->pgrp);
647 if (tty->pgrp)
648 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
649 spin_unlock(&tty->ctrl_lock);
650 spin_unlock_irq(&p->sighand->siglock);
651 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
652 }
653 read_unlock(&tasklist_lock);
654
655 if (tty_pgrp) {
656 if (exit_session)
657 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
658 put_pid(tty_pgrp);
659 }
660
661 return refs;
662 }
663
664 /**
665 * __tty_hangup - actual handler for hangup events
666 * @work: tty device
667 *
668 * This can be called by a "kworker" kernel thread. That is process
669 * synchronous but doesn't hold any locks, so we need to make sure we
670 * have the appropriate locks for what we're doing.
671 *
672 * The hangup event clears any pending redirections onto the hung up
673 * device. It ensures future writes will error and it does the needed
674 * line discipline hangup and signal delivery. The tty object itself
675 * remains intact.
676 *
677 * Locking:
678 * BTM
679 * redirect lock for undoing redirection
680 * file list lock for manipulating list of ttys
681 * tty_ldiscs_lock from called functions
682 * termios_rwsem resetting termios data
683 * tasklist_lock to walk task list for hangup event
684 * ->siglock to protect ->signal/->sighand
685 */
__tty_hangup(struct tty_struct * tty,int exit_session)686 static void __tty_hangup(struct tty_struct *tty, int exit_session)
687 {
688 struct file *cons_filp = NULL;
689 struct file *filp, *f = NULL;
690 struct tty_file_private *priv;
691 int closecount = 0, n;
692 int refs;
693
694 if (!tty)
695 return;
696
697
698 spin_lock(&redirect_lock);
699 if (redirect && file_tty(redirect) == tty) {
700 f = redirect;
701 redirect = NULL;
702 }
703 spin_unlock(&redirect_lock);
704
705 tty_lock(tty);
706
707 if (test_bit(TTY_HUPPED, &tty->flags)) {
708 tty_unlock(tty);
709 return;
710 }
711
712 /*
713 * Some console devices aren't actually hung up for technical and
714 * historical reasons, which can lead to indefinite interruptible
715 * sleep in n_tty_read(). The following explicitly tells
716 * n_tty_read() to abort readers.
717 */
718 set_bit(TTY_HUPPING, &tty->flags);
719
720 /* inuse_filps is protected by the single tty lock,
721 this really needs to change if we want to flush the
722 workqueue with the lock held */
723 check_tty_count(tty, "tty_hangup");
724
725 spin_lock(&tty->files_lock);
726 /* This breaks for file handles being sent over AF_UNIX sockets ? */
727 list_for_each_entry(priv, &tty->tty_files, list) {
728 filp = priv->file;
729 if (filp->f_op->write == redirected_tty_write)
730 cons_filp = filp;
731 if (filp->f_op->write != tty_write)
732 continue;
733 closecount++;
734 __tty_fasync(-1, filp, 0); /* can't block */
735 filp->f_op = &hung_up_tty_fops;
736 }
737 spin_unlock(&tty->files_lock);
738
739 refs = tty_signal_session_leader(tty, exit_session);
740 /* Account for the p->signal references we killed */
741 while (refs--)
742 tty_kref_put(tty);
743
744 tty_ldisc_hangup(tty, cons_filp != NULL);
745
746 spin_lock_irq(&tty->ctrl_lock);
747 clear_bit(TTY_THROTTLED, &tty->flags);
748 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
749 put_pid(tty->session);
750 put_pid(tty->pgrp);
751 tty->session = NULL;
752 tty->pgrp = NULL;
753 tty->ctrl_status = 0;
754 spin_unlock_irq(&tty->ctrl_lock);
755
756 /*
757 * If one of the devices matches a console pointer, we
758 * cannot just call hangup() because that will cause
759 * tty->count and state->count to go out of sync.
760 * So we just call close() the right number of times.
761 */
762 if (cons_filp) {
763 if (tty->ops->close)
764 for (n = 0; n < closecount; n++)
765 tty->ops->close(tty, cons_filp);
766 } else if (tty->ops->hangup)
767 tty->ops->hangup(tty);
768 /*
769 * We don't want to have driver/ldisc interactions beyond the ones
770 * we did here. The driver layer expects no calls after ->hangup()
771 * from the ldisc side, which is now guaranteed.
772 */
773 set_bit(TTY_HUPPED, &tty->flags);
774 clear_bit(TTY_HUPPING, &tty->flags);
775 tty_unlock(tty);
776
777 if (f)
778 fput(f);
779 }
780
do_tty_hangup(struct work_struct * work)781 static void do_tty_hangup(struct work_struct *work)
782 {
783 struct tty_struct *tty =
784 container_of(work, struct tty_struct, hangup_work);
785
786 __tty_hangup(tty, 0);
787 }
788
789 /**
790 * tty_hangup - trigger a hangup event
791 * @tty: tty to hangup
792 *
793 * A carrier loss (virtual or otherwise) has occurred on this like
794 * schedule a hangup sequence to run after this event.
795 */
796
tty_hangup(struct tty_struct * tty)797 void tty_hangup(struct tty_struct *tty)
798 {
799 tty_debug_hangup(tty, "hangup\n");
800 schedule_work(&tty->hangup_work);
801 }
802
803 EXPORT_SYMBOL(tty_hangup);
804
805 /**
806 * tty_vhangup - process vhangup
807 * @tty: tty to hangup
808 *
809 * The user has asked via system call for the terminal to be hung up.
810 * We do this synchronously so that when the syscall returns the process
811 * is complete. That guarantee is necessary for security reasons.
812 */
813
tty_vhangup(struct tty_struct * tty)814 void tty_vhangup(struct tty_struct *tty)
815 {
816 tty_debug_hangup(tty, "vhangup\n");
817 __tty_hangup(tty, 0);
818 }
819
820 EXPORT_SYMBOL(tty_vhangup);
821
822
823 /**
824 * tty_vhangup_self - process vhangup for own ctty
825 *
826 * Perform a vhangup on the current controlling tty
827 */
828
tty_vhangup_self(void)829 void tty_vhangup_self(void)
830 {
831 struct tty_struct *tty;
832
833 tty = get_current_tty();
834 if (tty) {
835 tty_vhangup(tty);
836 tty_kref_put(tty);
837 }
838 }
839
840 /**
841 * tty_vhangup_session - hangup session leader exit
842 * @tty: tty to hangup
843 *
844 * The session leader is exiting and hanging up its controlling terminal.
845 * Every process in the foreground process group is signalled SIGHUP.
846 *
847 * We do this synchronously so that when the syscall returns the process
848 * is complete. That guarantee is necessary for security reasons.
849 */
850
tty_vhangup_session(struct tty_struct * tty)851 static void tty_vhangup_session(struct tty_struct *tty)
852 {
853 tty_debug_hangup(tty, "session hangup\n");
854 __tty_hangup(tty, 1);
855 }
856
857 /**
858 * tty_hung_up_p - was tty hung up
859 * @filp: file pointer of tty
860 *
861 * Return true if the tty has been subject to a vhangup or a carrier
862 * loss
863 */
864
tty_hung_up_p(struct file * filp)865 int tty_hung_up_p(struct file *filp)
866 {
867 return (filp->f_op == &hung_up_tty_fops);
868 }
869
870 EXPORT_SYMBOL(tty_hung_up_p);
871
872 /**
873 * disassociate_ctty - disconnect controlling tty
874 * @on_exit: true if exiting so need to "hang up" the session
875 *
876 * This function is typically called only by the session leader, when
877 * it wants to disassociate itself from its controlling tty.
878 *
879 * It performs the following functions:
880 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
881 * (2) Clears the tty from being controlling the session
882 * (3) Clears the controlling tty for all processes in the
883 * session group.
884 *
885 * The argument on_exit is set to 1 if called when a process is
886 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
887 *
888 * Locking:
889 * BTM is taken for hysterical raisins, and held when
890 * called from no_tty().
891 * tty_mutex is taken to protect tty
892 * ->siglock is taken to protect ->signal/->sighand
893 * tasklist_lock is taken to walk process list for sessions
894 * ->siglock is taken to protect ->signal/->sighand
895 */
896
disassociate_ctty(int on_exit)897 void disassociate_ctty(int on_exit)
898 {
899 struct tty_struct *tty;
900
901 if (!current->signal->leader)
902 return;
903
904 tty = get_current_tty();
905 if (tty) {
906 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
907 tty_vhangup_session(tty);
908 } else {
909 struct pid *tty_pgrp = tty_get_pgrp(tty);
910 if (tty_pgrp) {
911 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
912 if (!on_exit)
913 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
914 put_pid(tty_pgrp);
915 }
916 }
917 tty_kref_put(tty);
918
919 } else if (on_exit) {
920 struct pid *old_pgrp;
921 spin_lock_irq(¤t->sighand->siglock);
922 old_pgrp = current->signal->tty_old_pgrp;
923 current->signal->tty_old_pgrp = NULL;
924 spin_unlock_irq(¤t->sighand->siglock);
925 if (old_pgrp) {
926 kill_pgrp(old_pgrp, SIGHUP, on_exit);
927 kill_pgrp(old_pgrp, SIGCONT, on_exit);
928 put_pid(old_pgrp);
929 }
930 return;
931 }
932
933 spin_lock_irq(¤t->sighand->siglock);
934 put_pid(current->signal->tty_old_pgrp);
935 current->signal->tty_old_pgrp = NULL;
936
937 tty = tty_kref_get(current->signal->tty);
938 if (tty) {
939 unsigned long flags;
940 spin_lock_irqsave(&tty->ctrl_lock, flags);
941 put_pid(tty->session);
942 put_pid(tty->pgrp);
943 tty->session = NULL;
944 tty->pgrp = NULL;
945 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
946 tty_kref_put(tty);
947 } else
948 tty_debug_hangup(tty, "no current tty\n");
949
950 spin_unlock_irq(¤t->sighand->siglock);
951 /* Now clear signal->tty under the lock */
952 read_lock(&tasklist_lock);
953 session_clear_tty(task_session(current));
954 read_unlock(&tasklist_lock);
955 }
956
957 /**
958 *
959 * no_tty - Ensure the current process does not have a controlling tty
960 */
no_tty(void)961 void no_tty(void)
962 {
963 /* FIXME: Review locking here. The tty_lock never covered any race
964 between a new association and proc_clear_tty but possible we need
965 to protect against this anyway */
966 struct task_struct *tsk = current;
967 disassociate_ctty(0);
968 proc_clear_tty(tsk);
969 }
970
971
972 /**
973 * stop_tty - propagate flow control
974 * @tty: tty to stop
975 *
976 * Perform flow control to the driver. May be called
977 * on an already stopped device and will not re-call the driver
978 * method.
979 *
980 * This functionality is used by both the line disciplines for
981 * halting incoming flow and by the driver. It may therefore be
982 * called from any context, may be under the tty atomic_write_lock
983 * but not always.
984 *
985 * Locking:
986 * flow_lock
987 */
988
__stop_tty(struct tty_struct * tty)989 void __stop_tty(struct tty_struct *tty)
990 {
991 if (tty->stopped)
992 return;
993 tty->stopped = 1;
994 if (tty->ops->stop)
995 tty->ops->stop(tty);
996 }
997
stop_tty(struct tty_struct * tty)998 void stop_tty(struct tty_struct *tty)
999 {
1000 unsigned long flags;
1001
1002 spin_lock_irqsave(&tty->flow_lock, flags);
1003 __stop_tty(tty);
1004 spin_unlock_irqrestore(&tty->flow_lock, flags);
1005 }
1006 EXPORT_SYMBOL(stop_tty);
1007
1008 /**
1009 * start_tty - propagate flow control
1010 * @tty: tty to start
1011 *
1012 * Start a tty that has been stopped if at all possible. If this
1013 * tty was previous stopped and is now being started, the driver
1014 * start method is invoked and the line discipline woken.
1015 *
1016 * Locking:
1017 * flow_lock
1018 */
1019
__start_tty(struct tty_struct * tty)1020 void __start_tty(struct tty_struct *tty)
1021 {
1022 if (!tty->stopped || tty->flow_stopped)
1023 return;
1024 tty->stopped = 0;
1025 if (tty->ops->start)
1026 tty->ops->start(tty);
1027 tty_wakeup(tty);
1028 }
1029
start_tty(struct tty_struct * tty)1030 void start_tty(struct tty_struct *tty)
1031 {
1032 unsigned long flags;
1033
1034 spin_lock_irqsave(&tty->flow_lock, flags);
1035 __start_tty(tty);
1036 spin_unlock_irqrestore(&tty->flow_lock, flags);
1037 }
1038 EXPORT_SYMBOL(start_tty);
1039
tty_update_time(struct timespec * time)1040 static void tty_update_time(struct timespec *time)
1041 {
1042 unsigned long sec = get_seconds();
1043
1044 /*
1045 * We only care if the two values differ in anything other than the
1046 * lower three bits (i.e every 8 seconds). If so, then we can update
1047 * the time of the tty device, otherwise it could be construded as a
1048 * security leak to let userspace know the exact timing of the tty.
1049 */
1050 if ((sec ^ time->tv_sec) & ~7)
1051 time->tv_sec = sec;
1052 }
1053
1054 /**
1055 * tty_read - read method for tty device files
1056 * @file: pointer to tty file
1057 * @buf: user buffer
1058 * @count: size of user buffer
1059 * @ppos: unused
1060 *
1061 * Perform the read system call function on this terminal device. Checks
1062 * for hung up devices before calling the line discipline method.
1063 *
1064 * Locking:
1065 * Locks the line discipline internally while needed. Multiple
1066 * read calls may be outstanding in parallel.
1067 */
1068
tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)1069 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1070 loff_t *ppos)
1071 {
1072 int i;
1073 struct inode *inode = file_inode(file);
1074 struct tty_struct *tty = file_tty(file);
1075 struct tty_ldisc *ld;
1076
1077 if (tty_paranoia_check(tty, inode, "tty_read"))
1078 return -EIO;
1079 if (!tty || tty_io_error(tty))
1080 return -EIO;
1081
1082 /* We want to wait for the line discipline to sort out in this
1083 situation */
1084 ld = tty_ldisc_ref_wait(tty);
1085 if (!ld)
1086 return hung_up_tty_read(file, buf, count, ppos);
1087 if (ld->ops->read)
1088 i = ld->ops->read(tty, file, buf, count);
1089 else
1090 i = -EIO;
1091 tty_ldisc_deref(ld);
1092
1093 if (i > 0)
1094 tty_update_time(&inode->i_atime);
1095
1096 return i;
1097 }
1098
tty_write_unlock(struct tty_struct * tty)1099 static void tty_write_unlock(struct tty_struct *tty)
1100 {
1101 mutex_unlock(&tty->atomic_write_lock);
1102 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1103 }
1104
tty_write_lock(struct tty_struct * tty,int ndelay)1105 static int tty_write_lock(struct tty_struct *tty, int ndelay)
1106 {
1107 if (!mutex_trylock(&tty->atomic_write_lock)) {
1108 if (ndelay)
1109 return -EAGAIN;
1110 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1111 return -ERESTARTSYS;
1112 }
1113 return 0;
1114 }
1115
1116 /*
1117 * Split writes up in sane blocksizes to avoid
1118 * denial-of-service type attacks
1119 */
do_tty_write(ssize_t (* write)(struct tty_struct *,struct file *,const unsigned char *,size_t),struct tty_struct * tty,struct file * file,const char __user * buf,size_t count)1120 static inline ssize_t do_tty_write(
1121 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1122 struct tty_struct *tty,
1123 struct file *file,
1124 const char __user *buf,
1125 size_t count)
1126 {
1127 ssize_t ret, written = 0;
1128 unsigned int chunk;
1129
1130 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1131 if (ret < 0)
1132 return ret;
1133
1134 /*
1135 * We chunk up writes into a temporary buffer. This
1136 * simplifies low-level drivers immensely, since they
1137 * don't have locking issues and user mode accesses.
1138 *
1139 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1140 * big chunk-size..
1141 *
1142 * The default chunk-size is 2kB, because the NTTY
1143 * layer has problems with bigger chunks. It will
1144 * claim to be able to handle more characters than
1145 * it actually does.
1146 *
1147 * FIXME: This can probably go away now except that 64K chunks
1148 * are too likely to fail unless switched to vmalloc...
1149 */
1150 chunk = 2048;
1151 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1152 chunk = 65536;
1153 if (count < chunk)
1154 chunk = count;
1155
1156 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1157 if (tty->write_cnt < chunk) {
1158 unsigned char *buf_chunk;
1159
1160 if (chunk < 1024)
1161 chunk = 1024;
1162
1163 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1164 if (!buf_chunk) {
1165 ret = -ENOMEM;
1166 goto out;
1167 }
1168 kfree(tty->write_buf);
1169 tty->write_cnt = chunk;
1170 tty->write_buf = buf_chunk;
1171 }
1172
1173 /* Do the write .. */
1174 for (;;) {
1175 size_t size = count;
1176 if (size > chunk)
1177 size = chunk;
1178 ret = -EFAULT;
1179 if (copy_from_user(tty->write_buf, buf, size))
1180 break;
1181 ret = write(tty, file, tty->write_buf, size);
1182 if (ret <= 0)
1183 break;
1184 written += ret;
1185 buf += ret;
1186 count -= ret;
1187 if (!count)
1188 break;
1189 ret = -ERESTARTSYS;
1190 if (signal_pending(current))
1191 break;
1192 cond_resched();
1193 }
1194 if (written) {
1195 tty_update_time(&file_inode(file)->i_mtime);
1196 ret = written;
1197 }
1198 out:
1199 tty_write_unlock(tty);
1200 return ret;
1201 }
1202
1203 /**
1204 * tty_write_message - write a message to a certain tty, not just the console.
1205 * @tty: the destination tty_struct
1206 * @msg: the message to write
1207 *
1208 * This is used for messages that need to be redirected to a specific tty.
1209 * We don't put it into the syslog queue right now maybe in the future if
1210 * really needed.
1211 *
1212 * We must still hold the BTM and test the CLOSING flag for the moment.
1213 */
1214
tty_write_message(struct tty_struct * tty,char * msg)1215 void tty_write_message(struct tty_struct *tty, char *msg)
1216 {
1217 if (tty) {
1218 mutex_lock(&tty->atomic_write_lock);
1219 tty_lock(tty);
1220 if (tty->ops->write && tty->count > 0)
1221 tty->ops->write(tty, msg, strlen(msg));
1222 tty_unlock(tty);
1223 tty_write_unlock(tty);
1224 }
1225 return;
1226 }
1227
1228
1229 /**
1230 * tty_write - write method for tty device file
1231 * @file: tty file pointer
1232 * @buf: user data to write
1233 * @count: bytes to write
1234 * @ppos: unused
1235 *
1236 * Write data to a tty device via the line discipline.
1237 *
1238 * Locking:
1239 * Locks the line discipline as required
1240 * Writes to the tty driver are serialized by the atomic_write_lock
1241 * and are then processed in chunks to the device. The line discipline
1242 * write method will not be invoked in parallel for each device.
1243 */
1244
tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1245 static ssize_t tty_write(struct file *file, const char __user *buf,
1246 size_t count, loff_t *ppos)
1247 {
1248 struct tty_struct *tty = file_tty(file);
1249 struct tty_ldisc *ld;
1250 ssize_t ret;
1251
1252 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1253 return -EIO;
1254 if (!tty || !tty->ops->write || tty_io_error(tty))
1255 return -EIO;
1256 /* Short term debug to catch buggy drivers */
1257 if (tty->ops->write_room == NULL)
1258 tty_err(tty, "missing write_room method\n");
1259 ld = tty_ldisc_ref_wait(tty);
1260 if (!ld)
1261 return hung_up_tty_write(file, buf, count, ppos);
1262 if (!ld->ops->write)
1263 ret = -EIO;
1264 else
1265 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1266 tty_ldisc_deref(ld);
1267 return ret;
1268 }
1269
redirected_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1270 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1271 size_t count, loff_t *ppos)
1272 {
1273 struct file *p = NULL;
1274
1275 spin_lock(&redirect_lock);
1276 if (redirect)
1277 p = get_file(redirect);
1278 spin_unlock(&redirect_lock);
1279
1280 if (p) {
1281 ssize_t res;
1282 res = vfs_write(p, buf, count, &p->f_pos);
1283 fput(p);
1284 return res;
1285 }
1286 return tty_write(file, buf, count, ppos);
1287 }
1288
1289 /**
1290 * tty_send_xchar - send priority character
1291 *
1292 * Send a high priority character to the tty even if stopped
1293 *
1294 * Locking: none for xchar method, write ordering for write method.
1295 */
1296
tty_send_xchar(struct tty_struct * tty,char ch)1297 int tty_send_xchar(struct tty_struct *tty, char ch)
1298 {
1299 int was_stopped = tty->stopped;
1300
1301 if (tty->ops->send_xchar) {
1302 down_read(&tty->termios_rwsem);
1303 tty->ops->send_xchar(tty, ch);
1304 up_read(&tty->termios_rwsem);
1305 return 0;
1306 }
1307
1308 if (tty_write_lock(tty, 0) < 0)
1309 return -ERESTARTSYS;
1310
1311 down_read(&tty->termios_rwsem);
1312 if (was_stopped)
1313 start_tty(tty);
1314 tty->ops->write(tty, &ch, 1);
1315 if (was_stopped)
1316 stop_tty(tty);
1317 up_read(&tty->termios_rwsem);
1318 tty_write_unlock(tty);
1319 return 0;
1320 }
1321
1322 static char ptychar[] = "pqrstuvwxyzabcde";
1323
1324 /**
1325 * pty_line_name - generate name for a pty
1326 * @driver: the tty driver in use
1327 * @index: the minor number
1328 * @p: output buffer of at least 6 bytes
1329 *
1330 * Generate a name from a driver reference and write it to the output
1331 * buffer.
1332 *
1333 * Locking: None
1334 */
pty_line_name(struct tty_driver * driver,int index,char * p)1335 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1336 {
1337 int i = index + driver->name_base;
1338 /* ->name is initialized to "ttyp", but "tty" is expected */
1339 sprintf(p, "%s%c%x",
1340 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1341 ptychar[i >> 4 & 0xf], i & 0xf);
1342 }
1343
1344 /**
1345 * tty_line_name - generate name for a tty
1346 * @driver: the tty driver in use
1347 * @index: the minor number
1348 * @p: output buffer of at least 7 bytes
1349 *
1350 * Generate a name from a driver reference and write it to the output
1351 * buffer.
1352 *
1353 * Locking: None
1354 */
tty_line_name(struct tty_driver * driver,int index,char * p)1355 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1356 {
1357 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1358 return sprintf(p, "%s", driver->name);
1359 else
1360 return sprintf(p, "%s%d", driver->name,
1361 index + driver->name_base);
1362 }
1363
1364 /**
1365 * tty_driver_lookup_tty() - find an existing tty, if any
1366 * @driver: the driver for the tty
1367 * @idx: the minor number
1368 *
1369 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1370 * driver lookup() method returns an error.
1371 *
1372 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1373 */
tty_driver_lookup_tty(struct tty_driver * driver,struct file * file,int idx)1374 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1375 struct file *file, int idx)
1376 {
1377 struct tty_struct *tty;
1378
1379 if (driver->ops->lookup)
1380 tty = driver->ops->lookup(driver, file, idx);
1381 else
1382 tty = driver->ttys[idx];
1383
1384 if (!IS_ERR(tty))
1385 tty_kref_get(tty);
1386 return tty;
1387 }
1388
1389 /**
1390 * tty_init_termios - helper for termios setup
1391 * @tty: the tty to set up
1392 *
1393 * Initialise the termios structures for this tty. Thus runs under
1394 * the tty_mutex currently so we can be relaxed about ordering.
1395 */
1396
tty_init_termios(struct tty_struct * tty)1397 void tty_init_termios(struct tty_struct *tty)
1398 {
1399 struct ktermios *tp;
1400 int idx = tty->index;
1401
1402 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1403 tty->termios = tty->driver->init_termios;
1404 else {
1405 /* Check for lazy saved data */
1406 tp = tty->driver->termios[idx];
1407 if (tp != NULL) {
1408 tty->termios = *tp;
1409 tty->termios.c_line = tty->driver->init_termios.c_line;
1410 } else
1411 tty->termios = tty->driver->init_termios;
1412 }
1413 /* Compatibility until drivers always set this */
1414 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1415 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1416 }
1417 EXPORT_SYMBOL_GPL(tty_init_termios);
1418
tty_standard_install(struct tty_driver * driver,struct tty_struct * tty)1419 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1420 {
1421 tty_init_termios(tty);
1422 tty_driver_kref_get(driver);
1423 tty->count++;
1424 driver->ttys[tty->index] = tty;
1425 return 0;
1426 }
1427 EXPORT_SYMBOL_GPL(tty_standard_install);
1428
1429 /**
1430 * tty_driver_install_tty() - install a tty entry in the driver
1431 * @driver: the driver for the tty
1432 * @tty: the tty
1433 *
1434 * Install a tty object into the driver tables. The tty->index field
1435 * will be set by the time this is called. This method is responsible
1436 * for ensuring any need additional structures are allocated and
1437 * configured.
1438 *
1439 * Locking: tty_mutex for now
1440 */
tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1441 static int tty_driver_install_tty(struct tty_driver *driver,
1442 struct tty_struct *tty)
1443 {
1444 return driver->ops->install ? driver->ops->install(driver, tty) :
1445 tty_standard_install(driver, tty);
1446 }
1447
1448 /**
1449 * tty_driver_remove_tty() - remove a tty from the driver tables
1450 * @driver: the driver for the tty
1451 * @idx: the minor number
1452 *
1453 * Remvoe a tty object from the driver tables. The tty->index field
1454 * will be set by the time this is called.
1455 *
1456 * Locking: tty_mutex for now
1457 */
tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1458 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1459 {
1460 if (driver->ops->remove)
1461 driver->ops->remove(driver, tty);
1462 else
1463 driver->ttys[tty->index] = NULL;
1464 }
1465
1466 /*
1467 * tty_reopen() - fast re-open of an open tty
1468 * @tty - the tty to open
1469 *
1470 * Return 0 on success, -errno on error.
1471 * Re-opens on master ptys are not allowed and return -EIO.
1472 *
1473 * Locking: Caller must hold tty_lock
1474 */
tty_reopen(struct tty_struct * tty)1475 static int tty_reopen(struct tty_struct *tty)
1476 {
1477 struct tty_driver *driver = tty->driver;
1478
1479 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1480 driver->subtype == PTY_TYPE_MASTER)
1481 return -EIO;
1482
1483 if (!tty->count)
1484 return -EAGAIN;
1485
1486 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1487 return -EBUSY;
1488
1489 tty->count++;
1490
1491 if (!tty->ldisc)
1492 return tty_ldisc_reinit(tty, tty->termios.c_line);
1493
1494 return 0;
1495 }
1496
1497 /**
1498 * tty_init_dev - initialise a tty device
1499 * @driver: tty driver we are opening a device on
1500 * @idx: device index
1501 * @ret_tty: returned tty structure
1502 *
1503 * Prepare a tty device. This may not be a "new" clean device but
1504 * could also be an active device. The pty drivers require special
1505 * handling because of this.
1506 *
1507 * Locking:
1508 * The function is called under the tty_mutex, which
1509 * protects us from the tty struct or driver itself going away.
1510 *
1511 * On exit the tty device has the line discipline attached and
1512 * a reference count of 1. If a pair was created for pty/tty use
1513 * and the other was a pty master then it too has a reference count of 1.
1514 *
1515 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1516 * failed open. The new code protects the open with a mutex, so it's
1517 * really quite straightforward. The mutex locking can probably be
1518 * relaxed for the (most common) case of reopening a tty.
1519 */
1520
tty_init_dev(struct tty_driver * driver,int idx)1521 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1522 {
1523 struct tty_struct *tty;
1524 int retval;
1525
1526 /*
1527 * First time open is complex, especially for PTY devices.
1528 * This code guarantees that either everything succeeds and the
1529 * TTY is ready for operation, or else the table slots are vacated
1530 * and the allocated memory released. (Except that the termios
1531 * and locked termios may be retained.)
1532 */
1533
1534 if (!try_module_get(driver->owner))
1535 return ERR_PTR(-ENODEV);
1536
1537 tty = alloc_tty_struct(driver, idx);
1538 if (!tty) {
1539 retval = -ENOMEM;
1540 goto err_module_put;
1541 }
1542
1543 tty_lock(tty);
1544 retval = tty_driver_install_tty(driver, tty);
1545 if (retval < 0)
1546 goto err_free_tty;
1547
1548 if (!tty->port)
1549 tty->port = driver->ports[idx];
1550
1551 WARN_RATELIMIT(!tty->port,
1552 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1553 __func__, tty->driver->name);
1554
1555 retval = tty_ldisc_lock(tty, 5 * HZ);
1556 if (retval)
1557 goto err_release_lock;
1558 tty->port->itty = tty;
1559
1560 /*
1561 * Structures all installed ... call the ldisc open routines.
1562 * If we fail here just call release_tty to clean up. No need
1563 * to decrement the use counts, as release_tty doesn't care.
1564 */
1565 retval = tty_ldisc_setup(tty, tty->link);
1566 if (retval)
1567 goto err_release_tty;
1568 tty_ldisc_unlock(tty);
1569 /* Return the tty locked so that it cannot vanish under the caller */
1570 return tty;
1571
1572 err_free_tty:
1573 tty_unlock(tty);
1574 free_tty_struct(tty);
1575 err_module_put:
1576 module_put(driver->owner);
1577 return ERR_PTR(retval);
1578
1579 /* call the tty release_tty routine to clean out this slot */
1580 err_release_tty:
1581 tty_ldisc_unlock(tty);
1582 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1583 retval, idx);
1584 err_release_lock:
1585 tty_unlock(tty);
1586 release_tty(tty, idx);
1587 return ERR_PTR(retval);
1588 }
1589
tty_free_termios(struct tty_struct * tty)1590 static void tty_free_termios(struct tty_struct *tty)
1591 {
1592 struct ktermios *tp;
1593 int idx = tty->index;
1594
1595 /* If the port is going to reset then it has no termios to save */
1596 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1597 return;
1598
1599 /* Stash the termios data */
1600 tp = tty->driver->termios[idx];
1601 if (tp == NULL) {
1602 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1603 if (tp == NULL)
1604 return;
1605 tty->driver->termios[idx] = tp;
1606 }
1607 *tp = tty->termios;
1608 }
1609
1610 /**
1611 * tty_flush_works - flush all works of a tty/pty pair
1612 * @tty: tty device to flush works for (or either end of a pty pair)
1613 *
1614 * Sync flush all works belonging to @tty (and the 'other' tty).
1615 */
tty_flush_works(struct tty_struct * tty)1616 static void tty_flush_works(struct tty_struct *tty)
1617 {
1618 flush_work(&tty->SAK_work);
1619 flush_work(&tty->hangup_work);
1620 if (tty->link) {
1621 flush_work(&tty->link->SAK_work);
1622 flush_work(&tty->link->hangup_work);
1623 }
1624 }
1625
1626 /**
1627 * release_one_tty - release tty structure memory
1628 * @kref: kref of tty we are obliterating
1629 *
1630 * Releases memory associated with a tty structure, and clears out the
1631 * driver table slots. This function is called when a device is no longer
1632 * in use. It also gets called when setup of a device fails.
1633 *
1634 * Locking:
1635 * takes the file list lock internally when working on the list
1636 * of ttys that the driver keeps.
1637 *
1638 * This method gets called from a work queue so that the driver private
1639 * cleanup ops can sleep (needed for USB at least)
1640 */
release_one_tty(struct work_struct * work)1641 static void release_one_tty(struct work_struct *work)
1642 {
1643 struct tty_struct *tty =
1644 container_of(work, struct tty_struct, hangup_work);
1645 struct tty_driver *driver = tty->driver;
1646 struct module *owner = driver->owner;
1647
1648 if (tty->ops->cleanup)
1649 tty->ops->cleanup(tty);
1650
1651 tty->magic = 0;
1652 tty_driver_kref_put(driver);
1653 module_put(owner);
1654
1655 spin_lock(&tty->files_lock);
1656 list_del_init(&tty->tty_files);
1657 spin_unlock(&tty->files_lock);
1658
1659 put_pid(tty->pgrp);
1660 put_pid(tty->session);
1661 free_tty_struct(tty);
1662 }
1663
queue_release_one_tty(struct kref * kref)1664 static void queue_release_one_tty(struct kref *kref)
1665 {
1666 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1667
1668 /* The hangup queue is now free so we can reuse it rather than
1669 waste a chunk of memory for each port */
1670 INIT_WORK(&tty->hangup_work, release_one_tty);
1671 schedule_work(&tty->hangup_work);
1672 }
1673
1674 /**
1675 * tty_kref_put - release a tty kref
1676 * @tty: tty device
1677 *
1678 * Release a reference to a tty device and if need be let the kref
1679 * layer destruct the object for us
1680 */
1681
tty_kref_put(struct tty_struct * tty)1682 void tty_kref_put(struct tty_struct *tty)
1683 {
1684 if (tty)
1685 kref_put(&tty->kref, queue_release_one_tty);
1686 }
1687 EXPORT_SYMBOL(tty_kref_put);
1688
1689 /**
1690 * release_tty - release tty structure memory
1691 *
1692 * Release both @tty and a possible linked partner (think pty pair),
1693 * and decrement the refcount of the backing module.
1694 *
1695 * Locking:
1696 * tty_mutex
1697 * takes the file list lock internally when working on the list
1698 * of ttys that the driver keeps.
1699 *
1700 */
release_tty(struct tty_struct * tty,int idx)1701 static void release_tty(struct tty_struct *tty, int idx)
1702 {
1703 /* This should always be true but check for the moment */
1704 WARN_ON(tty->index != idx);
1705 WARN_ON(!mutex_is_locked(&tty_mutex));
1706 if (tty->ops->shutdown)
1707 tty->ops->shutdown(tty);
1708 tty_free_termios(tty);
1709 tty_driver_remove_tty(tty->driver, tty);
1710 tty->port->itty = NULL;
1711 if (tty->link)
1712 tty->link->port->itty = NULL;
1713 tty_buffer_cancel_work(tty->port);
1714 if (tty->link)
1715 tty_buffer_cancel_work(tty->link->port);
1716
1717 tty_kref_put(tty->link);
1718 tty_kref_put(tty);
1719 }
1720
1721 /**
1722 * tty_release_checks - check a tty before real release
1723 * @tty: tty to check
1724 * @o_tty: link of @tty (if any)
1725 * @idx: index of the tty
1726 *
1727 * Performs some paranoid checking before true release of the @tty.
1728 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1729 */
tty_release_checks(struct tty_struct * tty,int idx)1730 static int tty_release_checks(struct tty_struct *tty, int idx)
1731 {
1732 #ifdef TTY_PARANOIA_CHECK
1733 if (idx < 0 || idx >= tty->driver->num) {
1734 tty_debug(tty, "bad idx %d\n", idx);
1735 return -1;
1736 }
1737
1738 /* not much to check for devpts */
1739 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1740 return 0;
1741
1742 if (tty != tty->driver->ttys[idx]) {
1743 tty_debug(tty, "bad driver table[%d] = %p\n",
1744 idx, tty->driver->ttys[idx]);
1745 return -1;
1746 }
1747 if (tty->driver->other) {
1748 struct tty_struct *o_tty = tty->link;
1749
1750 if (o_tty != tty->driver->other->ttys[idx]) {
1751 tty_debug(tty, "bad other table[%d] = %p\n",
1752 idx, tty->driver->other->ttys[idx]);
1753 return -1;
1754 }
1755 if (o_tty->link != tty) {
1756 tty_debug(tty, "bad link = %p\n", o_tty->link);
1757 return -1;
1758 }
1759 }
1760 #endif
1761 return 0;
1762 }
1763
1764 /**
1765 * tty_release - vfs callback for close
1766 * @inode: inode of tty
1767 * @filp: file pointer for handle to tty
1768 *
1769 * Called the last time each file handle is closed that references
1770 * this tty. There may however be several such references.
1771 *
1772 * Locking:
1773 * Takes bkl. See tty_release_dev
1774 *
1775 * Even releasing the tty structures is a tricky business.. We have
1776 * to be very careful that the structures are all released at the
1777 * same time, as interrupts might otherwise get the wrong pointers.
1778 *
1779 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1780 * lead to double frees or releasing memory still in use.
1781 */
1782
tty_release(struct inode * inode,struct file * filp)1783 int tty_release(struct inode *inode, struct file *filp)
1784 {
1785 struct tty_struct *tty = file_tty(filp);
1786 struct tty_struct *o_tty = NULL;
1787 int do_sleep, final;
1788 int idx;
1789 long timeout = 0;
1790 int once = 1;
1791
1792 if (tty_paranoia_check(tty, inode, __func__))
1793 return 0;
1794
1795 tty_lock(tty);
1796 check_tty_count(tty, __func__);
1797
1798 __tty_fasync(-1, filp, 0);
1799
1800 idx = tty->index;
1801 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1802 tty->driver->subtype == PTY_TYPE_MASTER)
1803 o_tty = tty->link;
1804
1805 if (tty_release_checks(tty, idx)) {
1806 tty_unlock(tty);
1807 return 0;
1808 }
1809
1810 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1811
1812 if (tty->ops->close)
1813 tty->ops->close(tty, filp);
1814
1815 /* If tty is pty master, lock the slave pty (stable lock order) */
1816 tty_lock_slave(o_tty);
1817
1818 /*
1819 * Sanity check: if tty->count is going to zero, there shouldn't be
1820 * any waiters on tty->read_wait or tty->write_wait. We test the
1821 * wait queues and kick everyone out _before_ actually starting to
1822 * close. This ensures that we won't block while releasing the tty
1823 * structure.
1824 *
1825 * The test for the o_tty closing is necessary, since the master and
1826 * slave sides may close in any order. If the slave side closes out
1827 * first, its count will be one, since the master side holds an open.
1828 * Thus this test wouldn't be triggered at the time the slave closed,
1829 * so we do it now.
1830 */
1831 while (1) {
1832 do_sleep = 0;
1833
1834 if (tty->count <= 1) {
1835 if (waitqueue_active(&tty->read_wait)) {
1836 wake_up_poll(&tty->read_wait, POLLIN);
1837 do_sleep++;
1838 }
1839 if (waitqueue_active(&tty->write_wait)) {
1840 wake_up_poll(&tty->write_wait, POLLOUT);
1841 do_sleep++;
1842 }
1843 }
1844 if (o_tty && o_tty->count <= 1) {
1845 if (waitqueue_active(&o_tty->read_wait)) {
1846 wake_up_poll(&o_tty->read_wait, POLLIN);
1847 do_sleep++;
1848 }
1849 if (waitqueue_active(&o_tty->write_wait)) {
1850 wake_up_poll(&o_tty->write_wait, POLLOUT);
1851 do_sleep++;
1852 }
1853 }
1854 if (!do_sleep)
1855 break;
1856
1857 if (once) {
1858 once = 0;
1859 tty_warn(tty, "read/write wait queue active!\n");
1860 }
1861 schedule_timeout_killable(timeout);
1862 if (timeout < 120 * HZ)
1863 timeout = 2 * timeout + 1;
1864 else
1865 timeout = MAX_SCHEDULE_TIMEOUT;
1866 }
1867
1868 if (o_tty) {
1869 if (--o_tty->count < 0) {
1870 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1871 o_tty->count = 0;
1872 }
1873 }
1874 if (--tty->count < 0) {
1875 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1876 tty->count = 0;
1877 }
1878
1879 /*
1880 * We've decremented tty->count, so we need to remove this file
1881 * descriptor off the tty->tty_files list; this serves two
1882 * purposes:
1883 * - check_tty_count sees the correct number of file descriptors
1884 * associated with this tty.
1885 * - do_tty_hangup no longer sees this file descriptor as
1886 * something that needs to be handled for hangups.
1887 */
1888 tty_del_file(filp);
1889
1890 /*
1891 * Perform some housekeeping before deciding whether to return.
1892 *
1893 * If _either_ side is closing, make sure there aren't any
1894 * processes that still think tty or o_tty is their controlling
1895 * tty.
1896 */
1897 if (!tty->count) {
1898 read_lock(&tasklist_lock);
1899 session_clear_tty(tty->session);
1900 if (o_tty)
1901 session_clear_tty(o_tty->session);
1902 read_unlock(&tasklist_lock);
1903 }
1904
1905 /* check whether both sides are closing ... */
1906 final = !tty->count && !(o_tty && o_tty->count);
1907
1908 tty_unlock_slave(o_tty);
1909 tty_unlock(tty);
1910
1911 /* At this point, the tty->count == 0 should ensure a dead tty
1912 cannot be re-opened by a racing opener */
1913
1914 if (!final)
1915 return 0;
1916
1917 tty_debug_hangup(tty, "final close\n");
1918 /*
1919 * Ask the line discipline code to release its structures
1920 */
1921 tty_ldisc_release(tty);
1922
1923 /* Wait for pending work before tty destruction commmences */
1924 tty_flush_works(tty);
1925
1926 tty_debug_hangup(tty, "freeing structure\n");
1927 /*
1928 * The release_tty function takes care of the details of clearing
1929 * the slots and preserving the termios structure. The tty_unlock_pair
1930 * should be safe as we keep a kref while the tty is locked (so the
1931 * unlock never unlocks a freed tty).
1932 */
1933 mutex_lock(&tty_mutex);
1934 release_tty(tty, idx);
1935 mutex_unlock(&tty_mutex);
1936
1937 return 0;
1938 }
1939
1940 /**
1941 * tty_open_current_tty - get locked tty of current task
1942 * @device: device number
1943 * @filp: file pointer to tty
1944 * @return: locked tty of the current task iff @device is /dev/tty
1945 *
1946 * Performs a re-open of the current task's controlling tty.
1947 *
1948 * We cannot return driver and index like for the other nodes because
1949 * devpts will not work then. It expects inodes to be from devpts FS.
1950 */
tty_open_current_tty(dev_t device,struct file * filp)1951 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1952 {
1953 struct tty_struct *tty;
1954 int retval;
1955
1956 if (device != MKDEV(TTYAUX_MAJOR, 0))
1957 return NULL;
1958
1959 tty = get_current_tty();
1960 if (!tty)
1961 return ERR_PTR(-ENXIO);
1962
1963 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1964 /* noctty = 1; */
1965 tty_lock(tty);
1966 tty_kref_put(tty); /* safe to drop the kref now */
1967
1968 retval = tty_reopen(tty);
1969 if (retval < 0) {
1970 tty_unlock(tty);
1971 tty = ERR_PTR(retval);
1972 }
1973 return tty;
1974 }
1975
1976 /**
1977 * tty_lookup_driver - lookup a tty driver for a given device file
1978 * @device: device number
1979 * @filp: file pointer to tty
1980 * @index: index for the device in the @return driver
1981 * @return: driver for this inode (with increased refcount)
1982 *
1983 * If @return is not erroneous, the caller is responsible to decrement the
1984 * refcount by tty_driver_kref_put.
1985 *
1986 * Locking: tty_mutex protects get_tty_driver
1987 */
tty_lookup_driver(dev_t device,struct file * filp,int * index)1988 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1989 int *index)
1990 {
1991 struct tty_driver *driver;
1992
1993 switch (device) {
1994 #ifdef CONFIG_VT
1995 case MKDEV(TTY_MAJOR, 0): {
1996 extern struct tty_driver *console_driver;
1997 driver = tty_driver_kref_get(console_driver);
1998 *index = fg_console;
1999 break;
2000 }
2001 #endif
2002 case MKDEV(TTYAUX_MAJOR, 1): {
2003 struct tty_driver *console_driver = console_device(index);
2004 if (console_driver) {
2005 driver = tty_driver_kref_get(console_driver);
2006 if (driver) {
2007 /* Don't let /dev/console block */
2008 filp->f_flags |= O_NONBLOCK;
2009 break;
2010 }
2011 }
2012 return ERR_PTR(-ENODEV);
2013 }
2014 default:
2015 driver = get_tty_driver(device, index);
2016 if (!driver)
2017 return ERR_PTR(-ENODEV);
2018 break;
2019 }
2020 return driver;
2021 }
2022
2023 /**
2024 * tty_open_by_driver - open a tty device
2025 * @device: dev_t of device to open
2026 * @inode: inode of device file
2027 * @filp: file pointer to tty
2028 *
2029 * Performs the driver lookup, checks for a reopen, or otherwise
2030 * performs the first-time tty initialization.
2031 *
2032 * Returns the locked initialized or re-opened &tty_struct
2033 *
2034 * Claims the global tty_mutex to serialize:
2035 * - concurrent first-time tty initialization
2036 * - concurrent tty driver removal w/ lookup
2037 * - concurrent tty removal from driver table
2038 */
tty_open_by_driver(dev_t device,struct inode * inode,struct file * filp)2039 static struct tty_struct *tty_open_by_driver(dev_t device, struct inode *inode,
2040 struct file *filp)
2041 {
2042 struct tty_struct *tty;
2043 struct tty_driver *driver = NULL;
2044 int index = -1;
2045 int retval;
2046
2047 mutex_lock(&tty_mutex);
2048 driver = tty_lookup_driver(device, filp, &index);
2049 if (IS_ERR(driver)) {
2050 mutex_unlock(&tty_mutex);
2051 return ERR_CAST(driver);
2052 }
2053
2054 /* check whether we're reopening an existing tty */
2055 tty = tty_driver_lookup_tty(driver, filp, index);
2056 if (IS_ERR(tty)) {
2057 mutex_unlock(&tty_mutex);
2058 goto out;
2059 }
2060
2061 if (tty) {
2062 mutex_unlock(&tty_mutex);
2063 retval = tty_lock_interruptible(tty);
2064 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2065 if (retval) {
2066 if (retval == -EINTR)
2067 retval = -ERESTARTSYS;
2068 tty = ERR_PTR(retval);
2069 goto out;
2070 }
2071 retval = tty_reopen(tty);
2072 if (retval < 0) {
2073 tty_unlock(tty);
2074 tty = ERR_PTR(retval);
2075 }
2076 } else { /* Returns with the tty_lock held for now */
2077 tty = tty_init_dev(driver, index);
2078 mutex_unlock(&tty_mutex);
2079 }
2080 out:
2081 tty_driver_kref_put(driver);
2082 return tty;
2083 }
2084
2085 /**
2086 * tty_open - open a tty device
2087 * @inode: inode of device file
2088 * @filp: file pointer to tty
2089 *
2090 * tty_open and tty_release keep up the tty count that contains the
2091 * number of opens done on a tty. We cannot use the inode-count, as
2092 * different inodes might point to the same tty.
2093 *
2094 * Open-counting is needed for pty masters, as well as for keeping
2095 * track of serial lines: DTR is dropped when the last close happens.
2096 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2097 *
2098 * The termios state of a pty is reset on first open so that
2099 * settings don't persist across reuse.
2100 *
2101 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2102 * tty->count should protect the rest.
2103 * ->siglock protects ->signal/->sighand
2104 *
2105 * Note: the tty_unlock/lock cases without a ref are only safe due to
2106 * tty_mutex
2107 */
2108
tty_open(struct inode * inode,struct file * filp)2109 static int tty_open(struct inode *inode, struct file *filp)
2110 {
2111 struct tty_struct *tty;
2112 int noctty, retval;
2113 dev_t device = inode->i_rdev;
2114 unsigned saved_flags = filp->f_flags;
2115
2116 nonseekable_open(inode, filp);
2117
2118 retry_open:
2119 retval = tty_alloc_file(filp);
2120 if (retval)
2121 return -ENOMEM;
2122
2123 tty = tty_open_current_tty(device, filp);
2124 if (!tty)
2125 tty = tty_open_by_driver(device, inode, filp);
2126
2127 if (IS_ERR(tty)) {
2128 tty_free_file(filp);
2129 retval = PTR_ERR(tty);
2130 if (retval != -EAGAIN || signal_pending(current))
2131 return retval;
2132 schedule();
2133 goto retry_open;
2134 }
2135
2136 tty_add_file(tty, filp);
2137
2138 check_tty_count(tty, __func__);
2139 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2140
2141 if (tty->ops->open)
2142 retval = tty->ops->open(tty, filp);
2143 else
2144 retval = -ENODEV;
2145 filp->f_flags = saved_flags;
2146
2147 if (retval) {
2148 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2149
2150 tty_unlock(tty); /* need to call tty_release without BTM */
2151 tty_release(inode, filp);
2152 if (retval != -ERESTARTSYS)
2153 return retval;
2154
2155 if (signal_pending(current))
2156 return retval;
2157
2158 schedule();
2159 /*
2160 * Need to reset f_op in case a hangup happened.
2161 */
2162 if (tty_hung_up_p(filp))
2163 filp->f_op = &tty_fops;
2164 goto retry_open;
2165 }
2166 clear_bit(TTY_HUPPED, &tty->flags);
2167
2168
2169 read_lock(&tasklist_lock);
2170 spin_lock_irq(¤t->sighand->siglock);
2171 noctty = (filp->f_flags & O_NOCTTY) ||
2172 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2173 device == MKDEV(TTYAUX_MAJOR, 1) ||
2174 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2175 tty->driver->subtype == PTY_TYPE_MASTER);
2176
2177 if (!noctty &&
2178 current->signal->leader &&
2179 !current->signal->tty &&
2180 tty->session == NULL) {
2181 /*
2182 * Don't let a process that only has write access to the tty
2183 * obtain the privileges associated with having a tty as
2184 * controlling terminal (being able to reopen it with full
2185 * access through /dev/tty, being able to perform pushback).
2186 * Many distributions set the group of all ttys to "tty" and
2187 * grant write-only access to all terminals for setgid tty
2188 * binaries, which should not imply full privileges on all ttys.
2189 *
2190 * This could theoretically break old code that performs open()
2191 * on a write-only file descriptor. In that case, it might be
2192 * necessary to also permit this if
2193 * inode_permission(inode, MAY_READ) == 0.
2194 */
2195 if (filp->f_mode & FMODE_READ)
2196 __proc_set_tty(tty);
2197 }
2198 spin_unlock_irq(¤t->sighand->siglock);
2199 read_unlock(&tasklist_lock);
2200 tty_unlock(tty);
2201 return 0;
2202 }
2203
2204
2205
2206 /**
2207 * tty_poll - check tty status
2208 * @filp: file being polled
2209 * @wait: poll wait structures to update
2210 *
2211 * Call the line discipline polling method to obtain the poll
2212 * status of the device.
2213 *
2214 * Locking: locks called line discipline but ldisc poll method
2215 * may be re-entered freely by other callers.
2216 */
2217
tty_poll(struct file * filp,poll_table * wait)2218 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2219 {
2220 struct tty_struct *tty = file_tty(filp);
2221 struct tty_ldisc *ld;
2222 int ret = 0;
2223
2224 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2225 return 0;
2226
2227 ld = tty_ldisc_ref_wait(tty);
2228 if (!ld)
2229 return hung_up_tty_poll(filp, wait);
2230 if (ld->ops->poll)
2231 ret = ld->ops->poll(tty, filp, wait);
2232 tty_ldisc_deref(ld);
2233 return ret;
2234 }
2235
__tty_fasync(int fd,struct file * filp,int on)2236 static int __tty_fasync(int fd, struct file *filp, int on)
2237 {
2238 struct tty_struct *tty = file_tty(filp);
2239 unsigned long flags;
2240 int retval = 0;
2241
2242 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2243 goto out;
2244
2245 retval = fasync_helper(fd, filp, on, &tty->fasync);
2246 if (retval <= 0)
2247 goto out;
2248
2249 if (on) {
2250 enum pid_type type;
2251 struct pid *pid;
2252
2253 spin_lock_irqsave(&tty->ctrl_lock, flags);
2254 if (tty->pgrp) {
2255 pid = tty->pgrp;
2256 type = PIDTYPE_PGID;
2257 } else {
2258 pid = task_pid(current);
2259 type = PIDTYPE_PID;
2260 }
2261 get_pid(pid);
2262 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2263 __f_setown(filp, pid, type, 0);
2264 put_pid(pid);
2265 retval = 0;
2266 }
2267 out:
2268 return retval;
2269 }
2270
tty_fasync(int fd,struct file * filp,int on)2271 static int tty_fasync(int fd, struct file *filp, int on)
2272 {
2273 struct tty_struct *tty = file_tty(filp);
2274 int retval = -ENOTTY;
2275
2276 tty_lock(tty);
2277 if (!tty_hung_up_p(filp))
2278 retval = __tty_fasync(fd, filp, on);
2279 tty_unlock(tty);
2280
2281 return retval;
2282 }
2283
2284 /**
2285 * tiocsti - fake input character
2286 * @tty: tty to fake input into
2287 * @p: pointer to character
2288 *
2289 * Fake input to a tty device. Does the necessary locking and
2290 * input management.
2291 *
2292 * FIXME: does not honour flow control ??
2293 *
2294 * Locking:
2295 * Called functions take tty_ldiscs_lock
2296 * current->signal->tty check is safe without locks
2297 *
2298 * FIXME: may race normal receive processing
2299 */
2300
tiocsti(struct tty_struct * tty,char __user * p)2301 static int tiocsti(struct tty_struct *tty, char __user *p)
2302 {
2303 char ch, mbz = 0;
2304 struct tty_ldisc *ld;
2305
2306 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2307 return -EPERM;
2308 if (get_user(ch, p))
2309 return -EFAULT;
2310 tty_audit_tiocsti(tty, ch);
2311 ld = tty_ldisc_ref_wait(tty);
2312 if (!ld)
2313 return -EIO;
2314 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2315 tty_ldisc_deref(ld);
2316 return 0;
2317 }
2318
2319 /**
2320 * tiocgwinsz - implement window query ioctl
2321 * @tty; tty
2322 * @arg: user buffer for result
2323 *
2324 * Copies the kernel idea of the window size into the user buffer.
2325 *
2326 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2327 * is consistent.
2328 */
2329
tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2330 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2331 {
2332 int err;
2333
2334 mutex_lock(&tty->winsize_mutex);
2335 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2336 mutex_unlock(&tty->winsize_mutex);
2337
2338 return err ? -EFAULT: 0;
2339 }
2340
2341 /**
2342 * tty_do_resize - resize event
2343 * @tty: tty being resized
2344 * @rows: rows (character)
2345 * @cols: cols (character)
2346 *
2347 * Update the termios variables and send the necessary signals to
2348 * peform a terminal resize correctly
2349 */
2350
tty_do_resize(struct tty_struct * tty,struct winsize * ws)2351 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2352 {
2353 struct pid *pgrp;
2354
2355 /* Lock the tty */
2356 mutex_lock(&tty->winsize_mutex);
2357 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2358 goto done;
2359
2360 /* Signal the foreground process group */
2361 pgrp = tty_get_pgrp(tty);
2362 if (pgrp)
2363 kill_pgrp(pgrp, SIGWINCH, 1);
2364 put_pid(pgrp);
2365
2366 tty->winsize = *ws;
2367 done:
2368 mutex_unlock(&tty->winsize_mutex);
2369 return 0;
2370 }
2371 EXPORT_SYMBOL(tty_do_resize);
2372
2373 /**
2374 * tiocswinsz - implement window size set ioctl
2375 * @tty; tty side of tty
2376 * @arg: user buffer for result
2377 *
2378 * Copies the user idea of the window size to the kernel. Traditionally
2379 * this is just advisory information but for the Linux console it
2380 * actually has driver level meaning and triggers a VC resize.
2381 *
2382 * Locking:
2383 * Driver dependent. The default do_resize method takes the
2384 * tty termios mutex and ctrl_lock. The console takes its own lock
2385 * then calls into the default method.
2386 */
2387
tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2388 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2389 {
2390 struct winsize tmp_ws;
2391 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2392 return -EFAULT;
2393
2394 if (tty->ops->resize)
2395 return tty->ops->resize(tty, &tmp_ws);
2396 else
2397 return tty_do_resize(tty, &tmp_ws);
2398 }
2399
2400 /**
2401 * tioccons - allow admin to move logical console
2402 * @file: the file to become console
2403 *
2404 * Allow the administrator to move the redirected console device
2405 *
2406 * Locking: uses redirect_lock to guard the redirect information
2407 */
2408
tioccons(struct file * file)2409 static int tioccons(struct file *file)
2410 {
2411 if (!capable(CAP_SYS_ADMIN))
2412 return -EPERM;
2413 if (file->f_op->write == redirected_tty_write) {
2414 struct file *f;
2415 spin_lock(&redirect_lock);
2416 f = redirect;
2417 redirect = NULL;
2418 spin_unlock(&redirect_lock);
2419 if (f)
2420 fput(f);
2421 return 0;
2422 }
2423 spin_lock(&redirect_lock);
2424 if (redirect) {
2425 spin_unlock(&redirect_lock);
2426 return -EBUSY;
2427 }
2428 redirect = get_file(file);
2429 spin_unlock(&redirect_lock);
2430 return 0;
2431 }
2432
2433 /**
2434 * fionbio - non blocking ioctl
2435 * @file: file to set blocking value
2436 * @p: user parameter
2437 *
2438 * Historical tty interfaces had a blocking control ioctl before
2439 * the generic functionality existed. This piece of history is preserved
2440 * in the expected tty API of posix OS's.
2441 *
2442 * Locking: none, the open file handle ensures it won't go away.
2443 */
2444
fionbio(struct file * file,int __user * p)2445 static int fionbio(struct file *file, int __user *p)
2446 {
2447 int nonblock;
2448
2449 if (get_user(nonblock, p))
2450 return -EFAULT;
2451
2452 spin_lock(&file->f_lock);
2453 if (nonblock)
2454 file->f_flags |= O_NONBLOCK;
2455 else
2456 file->f_flags &= ~O_NONBLOCK;
2457 spin_unlock(&file->f_lock);
2458 return 0;
2459 }
2460
2461 /**
2462 * tiocsctty - set controlling tty
2463 * @tty: tty structure
2464 * @arg: user argument
2465 *
2466 * This ioctl is used to manage job control. It permits a session
2467 * leader to set this tty as the controlling tty for the session.
2468 *
2469 * Locking:
2470 * Takes tty_lock() to serialize proc_set_tty() for this tty
2471 * Takes tasklist_lock internally to walk sessions
2472 * Takes ->siglock() when updating signal->tty
2473 */
2474
tiocsctty(struct tty_struct * tty,struct file * file,int arg)2475 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
2476 {
2477 int ret = 0;
2478
2479 tty_lock(tty);
2480 read_lock(&tasklist_lock);
2481
2482 if (current->signal->leader && (task_session(current) == tty->session))
2483 goto unlock;
2484
2485 /*
2486 * The process must be a session leader and
2487 * not have a controlling tty already.
2488 */
2489 if (!current->signal->leader || current->signal->tty) {
2490 ret = -EPERM;
2491 goto unlock;
2492 }
2493
2494 if (tty->session) {
2495 /*
2496 * This tty is already the controlling
2497 * tty for another session group!
2498 */
2499 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2500 /*
2501 * Steal it away
2502 */
2503 session_clear_tty(tty->session);
2504 } else {
2505 ret = -EPERM;
2506 goto unlock;
2507 }
2508 }
2509
2510 /* See the comment in tty_open(). */
2511 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
2512 ret = -EPERM;
2513 goto unlock;
2514 }
2515
2516 proc_set_tty(tty);
2517 unlock:
2518 read_unlock(&tasklist_lock);
2519 tty_unlock(tty);
2520 return ret;
2521 }
2522
2523 /**
2524 * tty_get_pgrp - return a ref counted pgrp pid
2525 * @tty: tty to read
2526 *
2527 * Returns a refcounted instance of the pid struct for the process
2528 * group controlling the tty.
2529 */
2530
tty_get_pgrp(struct tty_struct * tty)2531 struct pid *tty_get_pgrp(struct tty_struct *tty)
2532 {
2533 unsigned long flags;
2534 struct pid *pgrp;
2535
2536 spin_lock_irqsave(&tty->ctrl_lock, flags);
2537 pgrp = get_pid(tty->pgrp);
2538 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2539
2540 return pgrp;
2541 }
2542 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2543
2544 /*
2545 * This checks not only the pgrp, but falls back on the pid if no
2546 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
2547 * without this...
2548 *
2549 * The caller must hold rcu lock or the tasklist lock.
2550 */
session_of_pgrp(struct pid * pgrp)2551 static struct pid *session_of_pgrp(struct pid *pgrp)
2552 {
2553 struct task_struct *p;
2554 struct pid *sid = NULL;
2555
2556 p = pid_task(pgrp, PIDTYPE_PGID);
2557 if (p == NULL)
2558 p = pid_task(pgrp, PIDTYPE_PID);
2559 if (p != NULL)
2560 sid = task_session(p);
2561
2562 return sid;
2563 }
2564
2565 /**
2566 * tiocgpgrp - get process group
2567 * @tty: tty passed by user
2568 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2569 * @p: returned pid
2570 *
2571 * Obtain the process group of the tty. If there is no process group
2572 * return an error.
2573 *
2574 * Locking: none. Reference to current->signal->tty is safe.
2575 */
2576
tiocgpgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2577 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2578 {
2579 struct pid *pid;
2580 int ret;
2581 /*
2582 * (tty == real_tty) is a cheap way of
2583 * testing if the tty is NOT a master pty.
2584 */
2585 if (tty == real_tty && current->signal->tty != real_tty)
2586 return -ENOTTY;
2587 pid = tty_get_pgrp(real_tty);
2588 ret = put_user(pid_vnr(pid), p);
2589 put_pid(pid);
2590 return ret;
2591 }
2592
2593 /**
2594 * tiocspgrp - attempt to set process group
2595 * @tty: tty passed by user
2596 * @real_tty: tty side device matching tty passed by user
2597 * @p: pid pointer
2598 *
2599 * Set the process group of the tty to the session passed. Only
2600 * permitted where the tty session is our session.
2601 *
2602 * Locking: RCU, ctrl lock
2603 */
2604
tiocspgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2605 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2606 {
2607 struct pid *pgrp;
2608 pid_t pgrp_nr;
2609 int retval = tty_check_change(real_tty);
2610
2611 if (retval == -EIO)
2612 return -ENOTTY;
2613 if (retval)
2614 return retval;
2615 if (!current->signal->tty ||
2616 (current->signal->tty != real_tty) ||
2617 (real_tty->session != task_session(current)))
2618 return -ENOTTY;
2619 if (get_user(pgrp_nr, p))
2620 return -EFAULT;
2621 if (pgrp_nr < 0)
2622 return -EINVAL;
2623 rcu_read_lock();
2624 pgrp = find_vpid(pgrp_nr);
2625 retval = -ESRCH;
2626 if (!pgrp)
2627 goto out_unlock;
2628 retval = -EPERM;
2629 if (session_of_pgrp(pgrp) != task_session(current))
2630 goto out_unlock;
2631 retval = 0;
2632 spin_lock_irq(&tty->ctrl_lock);
2633 put_pid(real_tty->pgrp);
2634 real_tty->pgrp = get_pid(pgrp);
2635 spin_unlock_irq(&tty->ctrl_lock);
2636 out_unlock:
2637 rcu_read_unlock();
2638 return retval;
2639 }
2640
2641 /**
2642 * tiocgsid - get session id
2643 * @tty: tty passed by user
2644 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2645 * @p: pointer to returned session id
2646 *
2647 * Obtain the session id of the tty. If there is no session
2648 * return an error.
2649 *
2650 * Locking: none. Reference to current->signal->tty is safe.
2651 */
2652
tiocgsid(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2653 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2654 {
2655 /*
2656 * (tty == real_tty) is a cheap way of
2657 * testing if the tty is NOT a master pty.
2658 */
2659 if (tty == real_tty && current->signal->tty != real_tty)
2660 return -ENOTTY;
2661 if (!real_tty->session)
2662 return -ENOTTY;
2663 return put_user(pid_vnr(real_tty->session), p);
2664 }
2665
2666 /**
2667 * tiocsetd - set line discipline
2668 * @tty: tty device
2669 * @p: pointer to user data
2670 *
2671 * Set the line discipline according to user request.
2672 *
2673 * Locking: see tty_set_ldisc, this function is just a helper
2674 */
2675
tiocsetd(struct tty_struct * tty,int __user * p)2676 static int tiocsetd(struct tty_struct *tty, int __user *p)
2677 {
2678 int disc;
2679 int ret;
2680
2681 if (get_user(disc, p))
2682 return -EFAULT;
2683
2684 ret = tty_set_ldisc(tty, disc);
2685
2686 return ret;
2687 }
2688
2689 /**
2690 * tiocgetd - get line discipline
2691 * @tty: tty device
2692 * @p: pointer to user data
2693 *
2694 * Retrieves the line discipline id directly from the ldisc.
2695 *
2696 * Locking: waits for ldisc reference (in case the line discipline
2697 * is changing or the tty is being hungup)
2698 */
2699
tiocgetd(struct tty_struct * tty,int __user * p)2700 static int tiocgetd(struct tty_struct *tty, int __user *p)
2701 {
2702 struct tty_ldisc *ld;
2703 int ret;
2704
2705 ld = tty_ldisc_ref_wait(tty);
2706 if (!ld)
2707 return -EIO;
2708 ret = put_user(ld->ops->num, p);
2709 tty_ldisc_deref(ld);
2710 return ret;
2711 }
2712
2713 /**
2714 * send_break - performed time break
2715 * @tty: device to break on
2716 * @duration: timeout in mS
2717 *
2718 * Perform a timed break on hardware that lacks its own driver level
2719 * timed break functionality.
2720 *
2721 * Locking:
2722 * atomic_write_lock serializes
2723 *
2724 */
2725
send_break(struct tty_struct * tty,unsigned int duration)2726 static int send_break(struct tty_struct *tty, unsigned int duration)
2727 {
2728 int retval;
2729
2730 if (tty->ops->break_ctl == NULL)
2731 return 0;
2732
2733 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2734 retval = tty->ops->break_ctl(tty, duration);
2735 else {
2736 /* Do the work ourselves */
2737 if (tty_write_lock(tty, 0) < 0)
2738 return -EINTR;
2739 retval = tty->ops->break_ctl(tty, -1);
2740 if (retval)
2741 goto out;
2742 if (!signal_pending(current))
2743 msleep_interruptible(duration);
2744 retval = tty->ops->break_ctl(tty, 0);
2745 out:
2746 tty_write_unlock(tty);
2747 if (signal_pending(current))
2748 retval = -EINTR;
2749 }
2750 return retval;
2751 }
2752
2753 /**
2754 * tty_tiocmget - get modem status
2755 * @tty: tty device
2756 * @file: user file pointer
2757 * @p: pointer to result
2758 *
2759 * Obtain the modem status bits from the tty driver if the feature
2760 * is supported. Return -EINVAL if it is not available.
2761 *
2762 * Locking: none (up to the driver)
2763 */
2764
tty_tiocmget(struct tty_struct * tty,int __user * p)2765 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2766 {
2767 int retval = -EINVAL;
2768
2769 if (tty->ops->tiocmget) {
2770 retval = tty->ops->tiocmget(tty);
2771
2772 if (retval >= 0)
2773 retval = put_user(retval, p);
2774 }
2775 return retval;
2776 }
2777
2778 /**
2779 * tty_tiocmset - set modem status
2780 * @tty: tty device
2781 * @cmd: command - clear bits, set bits or set all
2782 * @p: pointer to desired bits
2783 *
2784 * Set the modem status bits from the tty driver if the feature
2785 * is supported. Return -EINVAL if it is not available.
2786 *
2787 * Locking: none (up to the driver)
2788 */
2789
tty_tiocmset(struct tty_struct * tty,unsigned int cmd,unsigned __user * p)2790 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2791 unsigned __user *p)
2792 {
2793 int retval;
2794 unsigned int set, clear, val;
2795
2796 if (tty->ops->tiocmset == NULL)
2797 return -EINVAL;
2798
2799 retval = get_user(val, p);
2800 if (retval)
2801 return retval;
2802 set = clear = 0;
2803 switch (cmd) {
2804 case TIOCMBIS:
2805 set = val;
2806 break;
2807 case TIOCMBIC:
2808 clear = val;
2809 break;
2810 case TIOCMSET:
2811 set = val;
2812 clear = ~val;
2813 break;
2814 }
2815 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2816 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2817 return tty->ops->tiocmset(tty, set, clear);
2818 }
2819
tty_tiocgicount(struct tty_struct * tty,void __user * arg)2820 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2821 {
2822 int retval = -EINVAL;
2823 struct serial_icounter_struct icount;
2824 memset(&icount, 0, sizeof(icount));
2825 if (tty->ops->get_icount)
2826 retval = tty->ops->get_icount(tty, &icount);
2827 if (retval != 0)
2828 return retval;
2829 if (copy_to_user(arg, &icount, sizeof(icount)))
2830 return -EFAULT;
2831 return 0;
2832 }
2833
tty_warn_deprecated_flags(struct serial_struct __user * ss)2834 static void tty_warn_deprecated_flags(struct serial_struct __user *ss)
2835 {
2836 static DEFINE_RATELIMIT_STATE(depr_flags,
2837 DEFAULT_RATELIMIT_INTERVAL,
2838 DEFAULT_RATELIMIT_BURST);
2839 char comm[TASK_COMM_LEN];
2840 int flags;
2841
2842 if (get_user(flags, &ss->flags))
2843 return;
2844
2845 flags &= ASYNC_DEPRECATED;
2846
2847 if (flags && __ratelimit(&depr_flags))
2848 pr_warning("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2849 __func__, get_task_comm(comm, current), flags);
2850 }
2851
2852 /*
2853 * if pty, return the slave side (real_tty)
2854 * otherwise, return self
2855 */
tty_pair_get_tty(struct tty_struct * tty)2856 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2857 {
2858 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2859 tty->driver->subtype == PTY_TYPE_MASTER)
2860 tty = tty->link;
2861 return tty;
2862 }
2863
2864 /*
2865 * Split this up, as gcc can choke on it otherwise..
2866 */
tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2867 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2868 {
2869 struct tty_struct *tty = file_tty(file);
2870 struct tty_struct *real_tty;
2871 void __user *p = (void __user *)arg;
2872 int retval;
2873 struct tty_ldisc *ld;
2874
2875 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2876 return -EINVAL;
2877
2878 real_tty = tty_pair_get_tty(tty);
2879
2880 /*
2881 * Factor out some common prep work
2882 */
2883 switch (cmd) {
2884 case TIOCSETD:
2885 case TIOCSBRK:
2886 case TIOCCBRK:
2887 case TCSBRK:
2888 case TCSBRKP:
2889 retval = tty_check_change(tty);
2890 if (retval)
2891 return retval;
2892 if (cmd != TIOCCBRK) {
2893 tty_wait_until_sent(tty, 0);
2894 if (signal_pending(current))
2895 return -EINTR;
2896 }
2897 break;
2898 }
2899
2900 /*
2901 * Now do the stuff.
2902 */
2903 switch (cmd) {
2904 case TIOCSTI:
2905 return tiocsti(tty, p);
2906 case TIOCGWINSZ:
2907 return tiocgwinsz(real_tty, p);
2908 case TIOCSWINSZ:
2909 return tiocswinsz(real_tty, p);
2910 case TIOCCONS:
2911 return real_tty != tty ? -EINVAL : tioccons(file);
2912 case FIONBIO:
2913 return fionbio(file, p);
2914 case TIOCEXCL:
2915 set_bit(TTY_EXCLUSIVE, &tty->flags);
2916 return 0;
2917 case TIOCNXCL:
2918 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2919 return 0;
2920 case TIOCGEXCL:
2921 {
2922 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2923 return put_user(excl, (int __user *)p);
2924 }
2925 case TIOCNOTTY:
2926 if (current->signal->tty != tty)
2927 return -ENOTTY;
2928 no_tty();
2929 return 0;
2930 case TIOCSCTTY:
2931 return tiocsctty(real_tty, file, arg);
2932 case TIOCGPGRP:
2933 return tiocgpgrp(tty, real_tty, p);
2934 case TIOCSPGRP:
2935 return tiocspgrp(tty, real_tty, p);
2936 case TIOCGSID:
2937 return tiocgsid(tty, real_tty, p);
2938 case TIOCGETD:
2939 return tiocgetd(tty, p);
2940 case TIOCSETD:
2941 return tiocsetd(tty, p);
2942 case TIOCVHANGUP:
2943 if (!capable(CAP_SYS_ADMIN))
2944 return -EPERM;
2945 tty_vhangup(tty);
2946 return 0;
2947 case TIOCGDEV:
2948 {
2949 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2950 return put_user(ret, (unsigned int __user *)p);
2951 }
2952 /*
2953 * Break handling
2954 */
2955 case TIOCSBRK: /* Turn break on, unconditionally */
2956 if (tty->ops->break_ctl)
2957 return tty->ops->break_ctl(tty, -1);
2958 return 0;
2959 case TIOCCBRK: /* Turn break off, unconditionally */
2960 if (tty->ops->break_ctl)
2961 return tty->ops->break_ctl(tty, 0);
2962 return 0;
2963 case TCSBRK: /* SVID version: non-zero arg --> no break */
2964 /* non-zero arg means wait for all output data
2965 * to be sent (performed above) but don't send break.
2966 * This is used by the tcdrain() termios function.
2967 */
2968 if (!arg)
2969 return send_break(tty, 250);
2970 return 0;
2971 case TCSBRKP: /* support for POSIX tcsendbreak() */
2972 return send_break(tty, arg ? arg*100 : 250);
2973
2974 case TIOCMGET:
2975 return tty_tiocmget(tty, p);
2976 case TIOCMSET:
2977 case TIOCMBIC:
2978 case TIOCMBIS:
2979 return tty_tiocmset(tty, cmd, p);
2980 case TIOCGICOUNT:
2981 retval = tty_tiocgicount(tty, p);
2982 /* For the moment allow fall through to the old method */
2983 if (retval != -EINVAL)
2984 return retval;
2985 break;
2986 case TCFLSH:
2987 switch (arg) {
2988 case TCIFLUSH:
2989 case TCIOFLUSH:
2990 /* flush tty buffer and allow ldisc to process ioctl */
2991 tty_buffer_flush(tty, NULL);
2992 break;
2993 }
2994 break;
2995 case TIOCSSERIAL:
2996 tty_warn_deprecated_flags(p);
2997 break;
2998 }
2999 if (tty->ops->ioctl) {
3000 retval = tty->ops->ioctl(tty, cmd, arg);
3001 if (retval != -ENOIOCTLCMD)
3002 return retval;
3003 }
3004 ld = tty_ldisc_ref_wait(tty);
3005 if (!ld)
3006 return hung_up_tty_ioctl(file, cmd, arg);
3007 retval = -EINVAL;
3008 if (ld->ops->ioctl) {
3009 retval = ld->ops->ioctl(tty, file, cmd, arg);
3010 if (retval == -ENOIOCTLCMD)
3011 retval = -ENOTTY;
3012 }
3013 tty_ldisc_deref(ld);
3014 return retval;
3015 }
3016
3017 #ifdef CONFIG_COMPAT
tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)3018 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3019 unsigned long arg)
3020 {
3021 struct tty_struct *tty = file_tty(file);
3022 struct tty_ldisc *ld;
3023 int retval = -ENOIOCTLCMD;
3024
3025 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
3026 return -EINVAL;
3027
3028 if (tty->ops->compat_ioctl) {
3029 retval = tty->ops->compat_ioctl(tty, cmd, arg);
3030 if (retval != -ENOIOCTLCMD)
3031 return retval;
3032 }
3033
3034 ld = tty_ldisc_ref_wait(tty);
3035 if (!ld)
3036 return hung_up_tty_compat_ioctl(file, cmd, arg);
3037 if (ld->ops->compat_ioctl)
3038 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
3039 else
3040 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
3041 tty_ldisc_deref(ld);
3042
3043 return retval;
3044 }
3045 #endif
3046
this_tty(const void * t,struct file * file,unsigned fd)3047 static int this_tty(const void *t, struct file *file, unsigned fd)
3048 {
3049 if (likely(file->f_op->read != tty_read))
3050 return 0;
3051 return file_tty(file) != t ? 0 : fd + 1;
3052 }
3053
3054 /*
3055 * This implements the "Secure Attention Key" --- the idea is to
3056 * prevent trojan horses by killing all processes associated with this
3057 * tty when the user hits the "Secure Attention Key". Required for
3058 * super-paranoid applications --- see the Orange Book for more details.
3059 *
3060 * This code could be nicer; ideally it should send a HUP, wait a few
3061 * seconds, then send a INT, and then a KILL signal. But you then
3062 * have to coordinate with the init process, since all processes associated
3063 * with the current tty must be dead before the new getty is allowed
3064 * to spawn.
3065 *
3066 * Now, if it would be correct ;-/ The current code has a nasty hole -
3067 * it doesn't catch files in flight. We may send the descriptor to ourselves
3068 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3069 *
3070 * Nasty bug: do_SAK is being called in interrupt context. This can
3071 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3072 */
__do_SAK(struct tty_struct * tty)3073 void __do_SAK(struct tty_struct *tty)
3074 {
3075 #ifdef TTY_SOFT_SAK
3076 tty_hangup(tty);
3077 #else
3078 struct task_struct *g, *p;
3079 struct pid *session;
3080 int i;
3081
3082 if (!tty)
3083 return;
3084 session = tty->session;
3085
3086 tty_ldisc_flush(tty);
3087
3088 tty_driver_flush_buffer(tty);
3089
3090 read_lock(&tasklist_lock);
3091 /* Kill the entire session */
3092 do_each_pid_task(session, PIDTYPE_SID, p) {
3093 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3094 task_pid_nr(p), p->comm);
3095 send_sig(SIGKILL, p, 1);
3096 } while_each_pid_task(session, PIDTYPE_SID, p);
3097
3098 /* Now kill any processes that happen to have the tty open */
3099 do_each_thread(g, p) {
3100 if (p->signal->tty == tty) {
3101 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3102 task_pid_nr(p), p->comm);
3103 send_sig(SIGKILL, p, 1);
3104 continue;
3105 }
3106 task_lock(p);
3107 i = iterate_fd(p->files, 0, this_tty, tty);
3108 if (i != 0) {
3109 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3110 task_pid_nr(p), p->comm, i - 1);
3111 force_sig(SIGKILL, p);
3112 }
3113 task_unlock(p);
3114 } while_each_thread(g, p);
3115 read_unlock(&tasklist_lock);
3116 #endif
3117 }
3118
do_SAK_work(struct work_struct * work)3119 static void do_SAK_work(struct work_struct *work)
3120 {
3121 struct tty_struct *tty =
3122 container_of(work, struct tty_struct, SAK_work);
3123 __do_SAK(tty);
3124 }
3125
3126 /*
3127 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3128 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3129 * the values which we write to it will be identical to the values which it
3130 * already has. --akpm
3131 */
do_SAK(struct tty_struct * tty)3132 void do_SAK(struct tty_struct *tty)
3133 {
3134 if (!tty)
3135 return;
3136 schedule_work(&tty->SAK_work);
3137 }
3138
3139 EXPORT_SYMBOL(do_SAK);
3140
dev_match_devt(struct device * dev,const void * data)3141 static int dev_match_devt(struct device *dev, const void *data)
3142 {
3143 const dev_t *devt = data;
3144 return dev->devt == *devt;
3145 }
3146
3147 /* Must put_device() after it's unused! */
tty_get_device(struct tty_struct * tty)3148 static struct device *tty_get_device(struct tty_struct *tty)
3149 {
3150 dev_t devt = tty_devnum(tty);
3151 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
3152 }
3153
3154
3155 /**
3156 * alloc_tty_struct
3157 *
3158 * This subroutine allocates and initializes a tty structure.
3159 *
3160 * Locking: none - tty in question is not exposed at this point
3161 */
3162
alloc_tty_struct(struct tty_driver * driver,int idx)3163 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3164 {
3165 struct tty_struct *tty;
3166
3167 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3168 if (!tty)
3169 return NULL;
3170
3171 kref_init(&tty->kref);
3172 tty->magic = TTY_MAGIC;
3173 tty_ldisc_init(tty);
3174 tty->session = NULL;
3175 tty->pgrp = NULL;
3176 mutex_init(&tty->legacy_mutex);
3177 mutex_init(&tty->throttle_mutex);
3178 init_rwsem(&tty->termios_rwsem);
3179 mutex_init(&tty->winsize_mutex);
3180 init_ldsem(&tty->ldisc_sem);
3181 init_waitqueue_head(&tty->write_wait);
3182 init_waitqueue_head(&tty->read_wait);
3183 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3184 mutex_init(&tty->atomic_write_lock);
3185 spin_lock_init(&tty->ctrl_lock);
3186 spin_lock_init(&tty->flow_lock);
3187 spin_lock_init(&tty->files_lock);
3188 INIT_LIST_HEAD(&tty->tty_files);
3189 INIT_WORK(&tty->SAK_work, do_SAK_work);
3190
3191 tty->driver = driver;
3192 tty->ops = driver->ops;
3193 tty->index = idx;
3194 tty_line_name(driver, idx, tty->name);
3195 tty->dev = tty_get_device(tty);
3196
3197 return tty;
3198 }
3199
3200 /**
3201 * tty_put_char - write one character to a tty
3202 * @tty: tty
3203 * @ch: character
3204 *
3205 * Write one byte to the tty using the provided put_char method
3206 * if present. Returns the number of characters successfully output.
3207 *
3208 * Note: the specific put_char operation in the driver layer may go
3209 * away soon. Don't call it directly, use this method
3210 */
3211
tty_put_char(struct tty_struct * tty,unsigned char ch)3212 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3213 {
3214 if (tty->ops->put_char)
3215 return tty->ops->put_char(tty, ch);
3216 return tty->ops->write(tty, &ch, 1);
3217 }
3218 EXPORT_SYMBOL_GPL(tty_put_char);
3219
3220 struct class *tty_class;
3221
tty_cdev_add(struct tty_driver * driver,dev_t dev,unsigned int index,unsigned int count)3222 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3223 unsigned int index, unsigned int count)
3224 {
3225 int err;
3226
3227 /* init here, since reused cdevs cause crashes */
3228 driver->cdevs[index] = cdev_alloc();
3229 if (!driver->cdevs[index])
3230 return -ENOMEM;
3231 driver->cdevs[index]->ops = &tty_fops;
3232 driver->cdevs[index]->owner = driver->owner;
3233 err = cdev_add(driver->cdevs[index], dev, count);
3234 if (err)
3235 kobject_put(&driver->cdevs[index]->kobj);
3236 return err;
3237 }
3238
3239 /**
3240 * tty_register_device - register a tty device
3241 * @driver: the tty driver that describes the tty device
3242 * @index: the index in the tty driver for this tty device
3243 * @device: a struct device that is associated with this tty device.
3244 * This field is optional, if there is no known struct device
3245 * for this tty device it can be set to NULL safely.
3246 *
3247 * Returns a pointer to the struct device for this tty device
3248 * (or ERR_PTR(-EFOO) on error).
3249 *
3250 * This call is required to be made to register an individual tty device
3251 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3252 * that bit is not set, this function should not be called by a tty
3253 * driver.
3254 *
3255 * Locking: ??
3256 */
3257
tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)3258 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3259 struct device *device)
3260 {
3261 return tty_register_device_attr(driver, index, device, NULL, NULL);
3262 }
3263 EXPORT_SYMBOL(tty_register_device);
3264
tty_device_create_release(struct device * dev)3265 static void tty_device_create_release(struct device *dev)
3266 {
3267 dev_dbg(dev, "releasing...\n");
3268 kfree(dev);
3269 }
3270
3271 /**
3272 * tty_register_device_attr - register a tty device
3273 * @driver: the tty driver that describes the tty device
3274 * @index: the index in the tty driver for this tty device
3275 * @device: a struct device that is associated with this tty device.
3276 * This field is optional, if there is no known struct device
3277 * for this tty device it can be set to NULL safely.
3278 * @drvdata: Driver data to be set to device.
3279 * @attr_grp: Attribute group to be set on device.
3280 *
3281 * Returns a pointer to the struct device for this tty device
3282 * (or ERR_PTR(-EFOO) on error).
3283 *
3284 * This call is required to be made to register an individual tty device
3285 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3286 * that bit is not set, this function should not be called by a tty
3287 * driver.
3288 *
3289 * Locking: ??
3290 */
tty_register_device_attr(struct tty_driver * driver,unsigned index,struct device * device,void * drvdata,const struct attribute_group ** attr_grp)3291 struct device *tty_register_device_attr(struct tty_driver *driver,
3292 unsigned index, struct device *device,
3293 void *drvdata,
3294 const struct attribute_group **attr_grp)
3295 {
3296 char name[64];
3297 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3298 struct device *dev = NULL;
3299 int retval = -ENODEV;
3300 bool cdev = false;
3301
3302 if (index >= driver->num) {
3303 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3304 driver->name, index);
3305 return ERR_PTR(-EINVAL);
3306 }
3307
3308 if (driver->type == TTY_DRIVER_TYPE_PTY)
3309 pty_line_name(driver, index, name);
3310 else
3311 tty_line_name(driver, index, name);
3312
3313 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3314 retval = tty_cdev_add(driver, devt, index, 1);
3315 if (retval)
3316 goto error;
3317 cdev = true;
3318 }
3319
3320 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3321 if (!dev) {
3322 retval = -ENOMEM;
3323 goto error;
3324 }
3325
3326 dev->devt = devt;
3327 dev->class = tty_class;
3328 dev->parent = device;
3329 dev->release = tty_device_create_release;
3330 dev_set_name(dev, "%s", name);
3331 dev->groups = attr_grp;
3332 dev_set_drvdata(dev, drvdata);
3333
3334 retval = device_register(dev);
3335 if (retval)
3336 goto error;
3337
3338 return dev;
3339
3340 error:
3341 put_device(dev);
3342 if (cdev) {
3343 cdev_del(driver->cdevs[index]);
3344 driver->cdevs[index] = NULL;
3345 }
3346 return ERR_PTR(retval);
3347 }
3348 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3349
3350 /**
3351 * tty_unregister_device - unregister a tty device
3352 * @driver: the tty driver that describes the tty device
3353 * @index: the index in the tty driver for this tty device
3354 *
3355 * If a tty device is registered with a call to tty_register_device() then
3356 * this function must be called when the tty device is gone.
3357 *
3358 * Locking: ??
3359 */
3360
tty_unregister_device(struct tty_driver * driver,unsigned index)3361 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3362 {
3363 device_destroy(tty_class,
3364 MKDEV(driver->major, driver->minor_start) + index);
3365 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3366 cdev_del(driver->cdevs[index]);
3367 driver->cdevs[index] = NULL;
3368 }
3369 }
3370 EXPORT_SYMBOL(tty_unregister_device);
3371
3372 /**
3373 * __tty_alloc_driver -- allocate tty driver
3374 * @lines: count of lines this driver can handle at most
3375 * @owner: module which is repsonsible for this driver
3376 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3377 *
3378 * This should not be called directly, some of the provided macros should be
3379 * used instead. Use IS_ERR and friends on @retval.
3380 */
__tty_alloc_driver(unsigned int lines,struct module * owner,unsigned long flags)3381 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3382 unsigned long flags)
3383 {
3384 struct tty_driver *driver;
3385 unsigned int cdevs = 1;
3386 int err;
3387
3388 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3389 return ERR_PTR(-EINVAL);
3390
3391 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3392 if (!driver)
3393 return ERR_PTR(-ENOMEM);
3394
3395 kref_init(&driver->kref);
3396 driver->magic = TTY_DRIVER_MAGIC;
3397 driver->num = lines;
3398 driver->owner = owner;
3399 driver->flags = flags;
3400
3401 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3402 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3403 GFP_KERNEL);
3404 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3405 GFP_KERNEL);
3406 if (!driver->ttys || !driver->termios) {
3407 err = -ENOMEM;
3408 goto err_free_all;
3409 }
3410 }
3411
3412 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3413 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3414 GFP_KERNEL);
3415 if (!driver->ports) {
3416 err = -ENOMEM;
3417 goto err_free_all;
3418 }
3419 cdevs = lines;
3420 }
3421
3422 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3423 if (!driver->cdevs) {
3424 err = -ENOMEM;
3425 goto err_free_all;
3426 }
3427
3428 return driver;
3429 err_free_all:
3430 kfree(driver->ports);
3431 kfree(driver->ttys);
3432 kfree(driver->termios);
3433 kfree(driver->cdevs);
3434 kfree(driver);
3435 return ERR_PTR(err);
3436 }
3437 EXPORT_SYMBOL(__tty_alloc_driver);
3438
destruct_tty_driver(struct kref * kref)3439 static void destruct_tty_driver(struct kref *kref)
3440 {
3441 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3442 int i;
3443 struct ktermios *tp;
3444
3445 if (driver->flags & TTY_DRIVER_INSTALLED) {
3446 /*
3447 * Free the termios and termios_locked structures because
3448 * we don't want to get memory leaks when modular tty
3449 * drivers are removed from the kernel.
3450 */
3451 for (i = 0; i < driver->num; i++) {
3452 tp = driver->termios[i];
3453 if (tp) {
3454 driver->termios[i] = NULL;
3455 kfree(tp);
3456 }
3457 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3458 tty_unregister_device(driver, i);
3459 }
3460 proc_tty_unregister_driver(driver);
3461 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3462 cdev_del(driver->cdevs[0]);
3463 }
3464 kfree(driver->cdevs);
3465 kfree(driver->ports);
3466 kfree(driver->termios);
3467 kfree(driver->ttys);
3468 kfree(driver);
3469 }
3470
tty_driver_kref_put(struct tty_driver * driver)3471 void tty_driver_kref_put(struct tty_driver *driver)
3472 {
3473 kref_put(&driver->kref, destruct_tty_driver);
3474 }
3475 EXPORT_SYMBOL(tty_driver_kref_put);
3476
tty_set_operations(struct tty_driver * driver,const struct tty_operations * op)3477 void tty_set_operations(struct tty_driver *driver,
3478 const struct tty_operations *op)
3479 {
3480 driver->ops = op;
3481 };
3482 EXPORT_SYMBOL(tty_set_operations);
3483
put_tty_driver(struct tty_driver * d)3484 void put_tty_driver(struct tty_driver *d)
3485 {
3486 tty_driver_kref_put(d);
3487 }
3488 EXPORT_SYMBOL(put_tty_driver);
3489
3490 /*
3491 * Called by a tty driver to register itself.
3492 */
tty_register_driver(struct tty_driver * driver)3493 int tty_register_driver(struct tty_driver *driver)
3494 {
3495 int error;
3496 int i;
3497 dev_t dev;
3498 struct device *d;
3499
3500 if (!driver->major) {
3501 error = alloc_chrdev_region(&dev, driver->minor_start,
3502 driver->num, driver->name);
3503 if (!error) {
3504 driver->major = MAJOR(dev);
3505 driver->minor_start = MINOR(dev);
3506 }
3507 } else {
3508 dev = MKDEV(driver->major, driver->minor_start);
3509 error = register_chrdev_region(dev, driver->num, driver->name);
3510 }
3511 if (error < 0)
3512 goto err;
3513
3514 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3515 error = tty_cdev_add(driver, dev, 0, driver->num);
3516 if (error)
3517 goto err_unreg_char;
3518 }
3519
3520 mutex_lock(&tty_mutex);
3521 list_add(&driver->tty_drivers, &tty_drivers);
3522 mutex_unlock(&tty_mutex);
3523
3524 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3525 for (i = 0; i < driver->num; i++) {
3526 d = tty_register_device(driver, i, NULL);
3527 if (IS_ERR(d)) {
3528 error = PTR_ERR(d);
3529 goto err_unreg_devs;
3530 }
3531 }
3532 }
3533 proc_tty_register_driver(driver);
3534 driver->flags |= TTY_DRIVER_INSTALLED;
3535 return 0;
3536
3537 err_unreg_devs:
3538 for (i--; i >= 0; i--)
3539 tty_unregister_device(driver, i);
3540
3541 mutex_lock(&tty_mutex);
3542 list_del(&driver->tty_drivers);
3543 mutex_unlock(&tty_mutex);
3544
3545 err_unreg_char:
3546 unregister_chrdev_region(dev, driver->num);
3547 err:
3548 return error;
3549 }
3550 EXPORT_SYMBOL(tty_register_driver);
3551
3552 /*
3553 * Called by a tty driver to unregister itself.
3554 */
tty_unregister_driver(struct tty_driver * driver)3555 int tty_unregister_driver(struct tty_driver *driver)
3556 {
3557 #if 0
3558 /* FIXME */
3559 if (driver->refcount)
3560 return -EBUSY;
3561 #endif
3562 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3563 driver->num);
3564 mutex_lock(&tty_mutex);
3565 list_del(&driver->tty_drivers);
3566 mutex_unlock(&tty_mutex);
3567 return 0;
3568 }
3569
3570 EXPORT_SYMBOL(tty_unregister_driver);
3571
tty_devnum(struct tty_struct * tty)3572 dev_t tty_devnum(struct tty_struct *tty)
3573 {
3574 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3575 }
3576 EXPORT_SYMBOL(tty_devnum);
3577
tty_default_fops(struct file_operations * fops)3578 void tty_default_fops(struct file_operations *fops)
3579 {
3580 *fops = tty_fops;
3581 }
3582
3583 /*
3584 * Initialize the console device. This is called *early*, so
3585 * we can't necessarily depend on lots of kernel help here.
3586 * Just do some early initializations, and do the complex setup
3587 * later.
3588 */
console_init(void)3589 void __init console_init(void)
3590 {
3591 initcall_t *call;
3592
3593 /* Setup the default TTY line discipline. */
3594 n_tty_init();
3595
3596 /*
3597 * set up the console device so that later boot sequences can
3598 * inform about problems etc..
3599 */
3600 call = __con_initcall_start;
3601 while (call < __con_initcall_end) {
3602 (*call)();
3603 call++;
3604 }
3605 }
3606
tty_devnode(struct device * dev,umode_t * mode)3607 static char *tty_devnode(struct device *dev, umode_t *mode)
3608 {
3609 if (!mode)
3610 return NULL;
3611 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3612 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3613 *mode = 0666;
3614 return NULL;
3615 }
3616
tty_class_init(void)3617 static int __init tty_class_init(void)
3618 {
3619 tty_class = class_create(THIS_MODULE, "tty");
3620 if (IS_ERR(tty_class))
3621 return PTR_ERR(tty_class);
3622 tty_class->devnode = tty_devnode;
3623 return 0;
3624 }
3625
3626 postcore_initcall(tty_class_init);
3627
3628 /* 3/2004 jmc: why do these devices exist? */
3629 static struct cdev tty_cdev, console_cdev;
3630
show_cons_active(struct device * dev,struct device_attribute * attr,char * buf)3631 static ssize_t show_cons_active(struct device *dev,
3632 struct device_attribute *attr, char *buf)
3633 {
3634 struct console *cs[16];
3635 int i = 0;
3636 struct console *c;
3637 ssize_t count = 0;
3638
3639 console_lock();
3640 for_each_console(c) {
3641 if (!c->device)
3642 continue;
3643 if (!c->write)
3644 continue;
3645 if ((c->flags & CON_ENABLED) == 0)
3646 continue;
3647 cs[i++] = c;
3648 if (i >= ARRAY_SIZE(cs))
3649 break;
3650 }
3651 while (i--) {
3652 int index = cs[i]->index;
3653 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3654
3655 /* don't resolve tty0 as some programs depend on it */
3656 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3657 count += tty_line_name(drv, index, buf + count);
3658 else
3659 count += sprintf(buf + count, "%s%d",
3660 cs[i]->name, cs[i]->index);
3661
3662 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3663 }
3664 console_unlock();
3665
3666 return count;
3667 }
3668 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3669
3670 static struct attribute *cons_dev_attrs[] = {
3671 &dev_attr_active.attr,
3672 NULL
3673 };
3674
3675 ATTRIBUTE_GROUPS(cons_dev);
3676
3677 static struct device *consdev;
3678
console_sysfs_notify(void)3679 void console_sysfs_notify(void)
3680 {
3681 if (consdev)
3682 sysfs_notify(&consdev->kobj, NULL, "active");
3683 }
3684
3685 /*
3686 * Ok, now we can initialize the rest of the tty devices and can count
3687 * on memory allocations, interrupts etc..
3688 */
tty_init(void)3689 int __init tty_init(void)
3690 {
3691 cdev_init(&tty_cdev, &tty_fops);
3692 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3693 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3694 panic("Couldn't register /dev/tty driver\n");
3695 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3696
3697 cdev_init(&console_cdev, &console_fops);
3698 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3699 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3700 panic("Couldn't register /dev/console driver\n");
3701 consdev = device_create_with_groups(tty_class, NULL,
3702 MKDEV(TTYAUX_MAJOR, 1), NULL,
3703 cons_dev_groups, "console");
3704 if (IS_ERR(consdev))
3705 consdev = NULL;
3706
3707 #ifdef CONFIG_VT
3708 vty_init(&console_fops);
3709 #endif
3710 return 0;
3711 }
3712
3713