1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6 /*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68 #include <linux/types.h>
69 #include <linux/major.h>
70 #include <linux/errno.h>
71 #include <linux/signal.h>
72 #include <linux/fcntl.h>
73 #include <linux/sched/signal.h>
74 #include <linux/sched/task.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/ppp-ioctl.h>
91 #include <linux/proc_fs.h>
92 #include <linux/init.h>
93 #include <linux/module.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99 #include <linux/serial.h>
100 #include <linux/ratelimit.h>
101 #include <linux/compat.h>
102
103 #include <linux/uaccess.h>
104
105 #include <linux/kbd_kern.h>
106 #include <linux/vt_kern.h>
107 #include <linux/selection.h>
108
109 #include <linux/kmod.h>
110 #include <linux/nsproxy.h>
111 #include "tty.h"
112
113 #undef TTY_DEBUG_HANGUP
114 #ifdef TTY_DEBUG_HANGUP
115 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
116 #else
117 # define tty_debug_hangup(tty, f, args...) do { } while (0)
118 #endif
119
120 #define TTY_PARANOIA_CHECK 1
121 #define CHECK_TTY_COUNT 1
122
123 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
124 .c_iflag = ICRNL | IXON,
125 .c_oflag = OPOST | ONLCR,
126 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
127 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
128 ECHOCTL | ECHOKE | IEXTEN,
129 .c_cc = INIT_C_CC,
130 .c_ispeed = 38400,
131 .c_ospeed = 38400,
132 /* .c_line = N_TTY, */
133 };
134 EXPORT_SYMBOL(tty_std_termios);
135
136 /* This list gets poked at by procfs and various bits of boot up code. This
137 * could do with some rationalisation such as pulling the tty proc function
138 * into this file.
139 */
140
141 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
142
143 /* Mutex to protect creating and releasing a tty */
144 DEFINE_MUTEX(tty_mutex);
145
146 static ssize_t tty_read(struct kiocb *, struct iov_iter *);
147 static ssize_t tty_write(struct kiocb *, struct iov_iter *);
148 static __poll_t tty_poll(struct file *, poll_table *);
149 static int tty_open(struct inode *, struct file *);
150 #ifdef CONFIG_COMPAT
151 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
152 unsigned long arg);
153 #else
154 #define tty_compat_ioctl NULL
155 #endif
156 static int __tty_fasync(int fd, struct file *filp, int on);
157 static int tty_fasync(int fd, struct file *filp, int on);
158 static void release_tty(struct tty_struct *tty, int idx);
159
160 /**
161 * free_tty_struct - free a disused tty
162 * @tty: tty struct to free
163 *
164 * Free the write buffers, tty queue and tty memory itself.
165 *
166 * Locking: none. Must be called after tty is definitely unused
167 */
168
free_tty_struct(struct tty_struct * tty)169 static void free_tty_struct(struct tty_struct *tty)
170 {
171 tty_ldisc_deinit(tty);
172 put_device(tty->dev);
173 kfree(tty->write_buf);
174 tty->magic = 0xDEADDEAD;
175 kfree(tty);
176 }
177
file_tty(struct file * file)178 static inline struct tty_struct *file_tty(struct file *file)
179 {
180 return ((struct tty_file_private *)file->private_data)->tty;
181 }
182
tty_alloc_file(struct file * file)183 int tty_alloc_file(struct file *file)
184 {
185 struct tty_file_private *priv;
186
187 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
188 if (!priv)
189 return -ENOMEM;
190
191 file->private_data = priv;
192
193 return 0;
194 }
195
196 /* Associate a new file with the tty structure */
tty_add_file(struct tty_struct * tty,struct file * file)197 void tty_add_file(struct tty_struct *tty, struct file *file)
198 {
199 struct tty_file_private *priv = file->private_data;
200
201 priv->tty = tty;
202 priv->file = file;
203
204 spin_lock(&tty->files_lock);
205 list_add(&priv->list, &tty->tty_files);
206 spin_unlock(&tty->files_lock);
207 }
208
209 /*
210 * tty_free_file - free file->private_data
211 *
212 * This shall be used only for fail path handling when tty_add_file was not
213 * called yet.
214 */
tty_free_file(struct file * file)215 void tty_free_file(struct file *file)
216 {
217 struct tty_file_private *priv = file->private_data;
218
219 file->private_data = NULL;
220 kfree(priv);
221 }
222
223 /* Delete file from its tty */
tty_del_file(struct file * file)224 static void tty_del_file(struct file *file)
225 {
226 struct tty_file_private *priv = file->private_data;
227 struct tty_struct *tty = priv->tty;
228
229 spin_lock(&tty->files_lock);
230 list_del(&priv->list);
231 spin_unlock(&tty->files_lock);
232 tty_free_file(file);
233 }
234
235 /**
236 * tty_name - return tty naming
237 * @tty: tty structure
238 *
239 * Convert a tty structure into a name. The name reflects the kernel
240 * naming policy and if udev is in use may not reflect user space
241 *
242 * Locking: none
243 */
244
tty_name(const struct tty_struct * tty)245 const char *tty_name(const struct tty_struct *tty)
246 {
247 if (!tty) /* Hmm. NULL pointer. That's fun. */
248 return "NULL tty";
249 return tty->name;
250 }
251 EXPORT_SYMBOL(tty_name);
252
tty_driver_name(const struct tty_struct * tty)253 const char *tty_driver_name(const struct tty_struct *tty)
254 {
255 if (!tty || !tty->driver)
256 return "";
257 return tty->driver->name;
258 }
259
tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)260 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
261 const char *routine)
262 {
263 #ifdef TTY_PARANOIA_CHECK
264 if (!tty) {
265 pr_warn("(%d:%d): %s: NULL tty\n",
266 imajor(inode), iminor(inode), routine);
267 return 1;
268 }
269 if (tty->magic != TTY_MAGIC) {
270 pr_warn("(%d:%d): %s: bad magic number\n",
271 imajor(inode), iminor(inode), routine);
272 return 1;
273 }
274 #endif
275 return 0;
276 }
277
278 /* Caller must hold tty_lock */
check_tty_count(struct tty_struct * tty,const char * routine)279 static int check_tty_count(struct tty_struct *tty, const char *routine)
280 {
281 #ifdef CHECK_TTY_COUNT
282 struct list_head *p;
283 int count = 0, kopen_count = 0;
284
285 spin_lock(&tty->files_lock);
286 list_for_each(p, &tty->tty_files) {
287 count++;
288 }
289 spin_unlock(&tty->files_lock);
290 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
291 tty->driver->subtype == PTY_TYPE_SLAVE &&
292 tty->link && tty->link->count)
293 count++;
294 if (tty_port_kopened(tty->port))
295 kopen_count++;
296 if (tty->count != (count + kopen_count)) {
297 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
298 routine, tty->count, count, kopen_count);
299 return (count + kopen_count);
300 }
301 #endif
302 return 0;
303 }
304
305 /**
306 * get_tty_driver - find device of a tty
307 * @device: device identifier
308 * @index: returns the index of the tty
309 *
310 * This routine returns a tty driver structure, given a device number
311 * and also passes back the index number.
312 *
313 * Locking: caller must hold tty_mutex
314 */
315
get_tty_driver(dev_t device,int * index)316 static struct tty_driver *get_tty_driver(dev_t device, int *index)
317 {
318 struct tty_driver *p;
319
320 list_for_each_entry(p, &tty_drivers, tty_drivers) {
321 dev_t base = MKDEV(p->major, p->minor_start);
322
323 if (device < base || device >= base + p->num)
324 continue;
325 *index = device - base;
326 return tty_driver_kref_get(p);
327 }
328 return NULL;
329 }
330
331 /**
332 * tty_dev_name_to_number - return dev_t for device name
333 * @name: user space name of device under /dev
334 * @number: pointer to dev_t that this function will populate
335 *
336 * This function converts device names like ttyS0 or ttyUSB1 into dev_t
337 * like (4, 64) or (188, 1). If no corresponding driver is registered then
338 * the function returns -ENODEV.
339 *
340 * Locking: this acquires tty_mutex to protect the tty_drivers list from
341 * being modified while we are traversing it, and makes sure to
342 * release it before exiting.
343 */
tty_dev_name_to_number(const char * name,dev_t * number)344 int tty_dev_name_to_number(const char *name, dev_t *number)
345 {
346 struct tty_driver *p;
347 int ret;
348 int index, prefix_length = 0;
349 const char *str;
350
351 for (str = name; *str && !isdigit(*str); str++)
352 ;
353
354 if (!*str)
355 return -EINVAL;
356
357 ret = kstrtoint(str, 10, &index);
358 if (ret)
359 return ret;
360
361 prefix_length = str - name;
362 mutex_lock(&tty_mutex);
363
364 list_for_each_entry(p, &tty_drivers, tty_drivers)
365 if (prefix_length == strlen(p->name) && strncmp(name,
366 p->name, prefix_length) == 0) {
367 if (index < p->num) {
368 *number = MKDEV(p->major, p->minor_start + index);
369 goto out;
370 }
371 }
372
373 /* if here then driver wasn't found */
374 ret = -ENODEV;
375 out:
376 mutex_unlock(&tty_mutex);
377 return ret;
378 }
379 EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
380
381 #ifdef CONFIG_CONSOLE_POLL
382
383 /**
384 * tty_find_polling_driver - find device of a polled tty
385 * @name: name string to match
386 * @line: pointer to resulting tty line nr
387 *
388 * This routine returns a tty driver structure, given a name
389 * and the condition that the tty driver is capable of polled
390 * operation.
391 */
tty_find_polling_driver(char * name,int * line)392 struct tty_driver *tty_find_polling_driver(char *name, int *line)
393 {
394 struct tty_driver *p, *res = NULL;
395 int tty_line = 0;
396 int len;
397 char *str, *stp;
398
399 for (str = name; *str; str++)
400 if ((*str >= '0' && *str <= '9') || *str == ',')
401 break;
402 if (!*str)
403 return NULL;
404
405 len = str - name;
406 tty_line = simple_strtoul(str, &str, 10);
407
408 mutex_lock(&tty_mutex);
409 /* Search through the tty devices to look for a match */
410 list_for_each_entry(p, &tty_drivers, tty_drivers) {
411 if (!len || strncmp(name, p->name, len) != 0)
412 continue;
413 stp = str;
414 if (*stp == ',')
415 stp++;
416 if (*stp == '\0')
417 stp = NULL;
418
419 if (tty_line >= 0 && tty_line < p->num && p->ops &&
420 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
421 res = tty_driver_kref_get(p);
422 *line = tty_line;
423 break;
424 }
425 }
426 mutex_unlock(&tty_mutex);
427
428 return res;
429 }
430 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
431 #endif
432
hung_up_tty_read(struct kiocb * iocb,struct iov_iter * to)433 static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
434 {
435 return 0;
436 }
437
hung_up_tty_write(struct kiocb * iocb,struct iov_iter * from)438 static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
439 {
440 return -EIO;
441 }
442
443 /* No kernel lock held - none needed ;) */
hung_up_tty_poll(struct file * filp,poll_table * wait)444 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
445 {
446 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
447 }
448
hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)449 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
450 unsigned long arg)
451 {
452 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
453 }
454
hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)455 static long hung_up_tty_compat_ioctl(struct file *file,
456 unsigned int cmd, unsigned long arg)
457 {
458 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
459 }
460
hung_up_tty_fasync(int fd,struct file * file,int on)461 static int hung_up_tty_fasync(int fd, struct file *file, int on)
462 {
463 return -ENOTTY;
464 }
465
tty_show_fdinfo(struct seq_file * m,struct file * file)466 static void tty_show_fdinfo(struct seq_file *m, struct file *file)
467 {
468 struct tty_struct *tty = file_tty(file);
469
470 if (tty && tty->ops && tty->ops->show_fdinfo)
471 tty->ops->show_fdinfo(tty, m);
472 }
473
474 static const struct file_operations tty_fops = {
475 .llseek = no_llseek,
476 .read_iter = tty_read,
477 .write_iter = tty_write,
478 .splice_read = generic_file_splice_read,
479 .splice_write = iter_file_splice_write,
480 .poll = tty_poll,
481 .unlocked_ioctl = tty_ioctl,
482 .compat_ioctl = tty_compat_ioctl,
483 .open = tty_open,
484 .release = tty_release,
485 .fasync = tty_fasync,
486 .show_fdinfo = tty_show_fdinfo,
487 };
488
489 static const struct file_operations console_fops = {
490 .llseek = no_llseek,
491 .read_iter = tty_read,
492 .write_iter = redirected_tty_write,
493 .splice_read = generic_file_splice_read,
494 .splice_write = iter_file_splice_write,
495 .poll = tty_poll,
496 .unlocked_ioctl = tty_ioctl,
497 .compat_ioctl = tty_compat_ioctl,
498 .open = tty_open,
499 .release = tty_release,
500 .fasync = tty_fasync,
501 };
502
503 static const struct file_operations hung_up_tty_fops = {
504 .llseek = no_llseek,
505 .read_iter = hung_up_tty_read,
506 .write_iter = hung_up_tty_write,
507 .poll = hung_up_tty_poll,
508 .unlocked_ioctl = hung_up_tty_ioctl,
509 .compat_ioctl = hung_up_tty_compat_ioctl,
510 .release = tty_release,
511 .fasync = hung_up_tty_fasync,
512 };
513
514 static DEFINE_SPINLOCK(redirect_lock);
515 static struct file *redirect;
516
517 /**
518 * tty_wakeup - request more data
519 * @tty: terminal
520 *
521 * Internal and external helper for wakeups of tty. This function
522 * informs the line discipline if present that the driver is ready
523 * to receive more output data.
524 */
525
tty_wakeup(struct tty_struct * tty)526 void tty_wakeup(struct tty_struct *tty)
527 {
528 struct tty_ldisc *ld;
529
530 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
531 ld = tty_ldisc_ref(tty);
532 if (ld) {
533 if (ld->ops->write_wakeup)
534 ld->ops->write_wakeup(tty);
535 tty_ldisc_deref(ld);
536 }
537 }
538 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
539 }
540 EXPORT_SYMBOL_GPL(tty_wakeup);
541
542 /**
543 * tty_release_redirect - Release a redirect on a pty if present
544 * @tty: tty device
545 *
546 * This is available to the pty code so if the master closes, if the
547 * slave is a redirect it can release the redirect.
548 */
tty_release_redirect(struct tty_struct * tty)549 static struct file *tty_release_redirect(struct tty_struct *tty)
550 {
551 struct file *f = NULL;
552
553 spin_lock(&redirect_lock);
554 if (redirect && file_tty(redirect) == tty) {
555 f = redirect;
556 redirect = NULL;
557 }
558 spin_unlock(&redirect_lock);
559
560 return f;
561 }
562
563 /**
564 * __tty_hangup - actual handler for hangup events
565 * @tty: tty device
566 * @exit_session: if non-zero, signal all foreground group processes
567 *
568 * This can be called by a "kworker" kernel thread. That is process
569 * synchronous but doesn't hold any locks, so we need to make sure we
570 * have the appropriate locks for what we're doing.
571 *
572 * The hangup event clears any pending redirections onto the hung up
573 * device. It ensures future writes will error and it does the needed
574 * line discipline hangup and signal delivery. The tty object itself
575 * remains intact.
576 *
577 * Locking:
578 * BTM
579 * redirect lock for undoing redirection
580 * file list lock for manipulating list of ttys
581 * tty_ldiscs_lock from called functions
582 * termios_rwsem resetting termios data
583 * tasklist_lock to walk task list for hangup event
584 * ->siglock to protect ->signal/->sighand
585 */
__tty_hangup(struct tty_struct * tty,int exit_session)586 static void __tty_hangup(struct tty_struct *tty, int exit_session)
587 {
588 struct file *cons_filp = NULL;
589 struct file *filp, *f;
590 struct tty_file_private *priv;
591 int closecount = 0, n;
592 int refs;
593
594 if (!tty)
595 return;
596
597 f = tty_release_redirect(tty);
598
599 tty_lock(tty);
600
601 if (test_bit(TTY_HUPPED, &tty->flags)) {
602 tty_unlock(tty);
603 return;
604 }
605
606 /*
607 * Some console devices aren't actually hung up for technical and
608 * historical reasons, which can lead to indefinite interruptible
609 * sleep in n_tty_read(). The following explicitly tells
610 * n_tty_read() to abort readers.
611 */
612 set_bit(TTY_HUPPING, &tty->flags);
613
614 /* inuse_filps is protected by the single tty lock,
615 * this really needs to change if we want to flush the
616 * workqueue with the lock held.
617 */
618 check_tty_count(tty, "tty_hangup");
619
620 spin_lock(&tty->files_lock);
621 /* This breaks for file handles being sent over AF_UNIX sockets ? */
622 list_for_each_entry(priv, &tty->tty_files, list) {
623 filp = priv->file;
624 if (filp->f_op->write_iter == redirected_tty_write)
625 cons_filp = filp;
626 if (filp->f_op->write_iter != tty_write)
627 continue;
628 closecount++;
629 __tty_fasync(-1, filp, 0); /* can't block */
630 filp->f_op = &hung_up_tty_fops;
631 }
632 spin_unlock(&tty->files_lock);
633
634 refs = tty_signal_session_leader(tty, exit_session);
635 /* Account for the p->signal references we killed */
636 while (refs--)
637 tty_kref_put(tty);
638
639 tty_ldisc_hangup(tty, cons_filp != NULL);
640
641 spin_lock_irq(&tty->ctrl.lock);
642 clear_bit(TTY_THROTTLED, &tty->flags);
643 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
644 put_pid(tty->ctrl.session);
645 put_pid(tty->ctrl.pgrp);
646 tty->ctrl.session = NULL;
647 tty->ctrl.pgrp = NULL;
648 tty->ctrl.pktstatus = 0;
649 spin_unlock_irq(&tty->ctrl.lock);
650
651 /*
652 * If one of the devices matches a console pointer, we
653 * cannot just call hangup() because that will cause
654 * tty->count and state->count to go out of sync.
655 * So we just call close() the right number of times.
656 */
657 if (cons_filp) {
658 if (tty->ops->close)
659 for (n = 0; n < closecount; n++)
660 tty->ops->close(tty, cons_filp);
661 } else if (tty->ops->hangup)
662 tty->ops->hangup(tty);
663 /*
664 * We don't want to have driver/ldisc interactions beyond the ones
665 * we did here. The driver layer expects no calls after ->hangup()
666 * from the ldisc side, which is now guaranteed.
667 */
668 set_bit(TTY_HUPPED, &tty->flags);
669 clear_bit(TTY_HUPPING, &tty->flags);
670 tty_unlock(tty);
671
672 if (f)
673 fput(f);
674 }
675
do_tty_hangup(struct work_struct * work)676 static void do_tty_hangup(struct work_struct *work)
677 {
678 struct tty_struct *tty =
679 container_of(work, struct tty_struct, hangup_work);
680
681 __tty_hangup(tty, 0);
682 }
683
684 /**
685 * tty_hangup - trigger a hangup event
686 * @tty: tty to hangup
687 *
688 * A carrier loss (virtual or otherwise) has occurred on this like
689 * schedule a hangup sequence to run after this event.
690 */
691
tty_hangup(struct tty_struct * tty)692 void tty_hangup(struct tty_struct *tty)
693 {
694 tty_debug_hangup(tty, "hangup\n");
695 schedule_work(&tty->hangup_work);
696 }
697 EXPORT_SYMBOL(tty_hangup);
698
699 /**
700 * tty_vhangup - process vhangup
701 * @tty: tty to hangup
702 *
703 * The user has asked via system call for the terminal to be hung up.
704 * We do this synchronously so that when the syscall returns the process
705 * is complete. That guarantee is necessary for security reasons.
706 */
707
tty_vhangup(struct tty_struct * tty)708 void tty_vhangup(struct tty_struct *tty)
709 {
710 tty_debug_hangup(tty, "vhangup\n");
711 __tty_hangup(tty, 0);
712 }
713 EXPORT_SYMBOL(tty_vhangup);
714
715
716 /**
717 * tty_vhangup_self - process vhangup for own ctty
718 *
719 * Perform a vhangup on the current controlling tty
720 */
721
tty_vhangup_self(void)722 void tty_vhangup_self(void)
723 {
724 struct tty_struct *tty;
725
726 tty = get_current_tty();
727 if (tty) {
728 tty_vhangup(tty);
729 tty_kref_put(tty);
730 }
731 }
732
733 /**
734 * tty_vhangup_session - hangup session leader exit
735 * @tty: tty to hangup
736 *
737 * The session leader is exiting and hanging up its controlling terminal.
738 * Every process in the foreground process group is signalled SIGHUP.
739 *
740 * We do this synchronously so that when the syscall returns the process
741 * is complete. That guarantee is necessary for security reasons.
742 */
743
tty_vhangup_session(struct tty_struct * tty)744 void tty_vhangup_session(struct tty_struct *tty)
745 {
746 tty_debug_hangup(tty, "session hangup\n");
747 __tty_hangup(tty, 1);
748 }
749
750 /**
751 * tty_hung_up_p - was tty hung up
752 * @filp: file pointer of tty
753 *
754 * Return true if the tty has been subject to a vhangup or a carrier
755 * loss
756 */
757
tty_hung_up_p(struct file * filp)758 int tty_hung_up_p(struct file *filp)
759 {
760 return (filp && filp->f_op == &hung_up_tty_fops);
761 }
762 EXPORT_SYMBOL(tty_hung_up_p);
763
__stop_tty(struct tty_struct * tty)764 void __stop_tty(struct tty_struct *tty)
765 {
766 if (tty->flow.stopped)
767 return;
768 tty->flow.stopped = true;
769 if (tty->ops->stop)
770 tty->ops->stop(tty);
771 }
772
773 /**
774 * stop_tty - propagate flow control
775 * @tty: tty to stop
776 *
777 * Perform flow control to the driver. May be called
778 * on an already stopped device and will not re-call the driver
779 * method.
780 *
781 * This functionality is used by both the line disciplines for
782 * halting incoming flow and by the driver. It may therefore be
783 * called from any context, may be under the tty atomic_write_lock
784 * but not always.
785 *
786 * Locking:
787 * flow.lock
788 */
stop_tty(struct tty_struct * tty)789 void stop_tty(struct tty_struct *tty)
790 {
791 unsigned long flags;
792
793 spin_lock_irqsave(&tty->flow.lock, flags);
794 __stop_tty(tty);
795 spin_unlock_irqrestore(&tty->flow.lock, flags);
796 }
797 EXPORT_SYMBOL(stop_tty);
798
__start_tty(struct tty_struct * tty)799 void __start_tty(struct tty_struct *tty)
800 {
801 if (!tty->flow.stopped || tty->flow.tco_stopped)
802 return;
803 tty->flow.stopped = false;
804 if (tty->ops->start)
805 tty->ops->start(tty);
806 tty_wakeup(tty);
807 }
808
809 /**
810 * start_tty - propagate flow control
811 * @tty: tty to start
812 *
813 * Start a tty that has been stopped if at all possible. If this
814 * tty was previous stopped and is now being started, the driver
815 * start method is invoked and the line discipline woken.
816 *
817 * Locking:
818 * flow.lock
819 */
start_tty(struct tty_struct * tty)820 void start_tty(struct tty_struct *tty)
821 {
822 unsigned long flags;
823
824 spin_lock_irqsave(&tty->flow.lock, flags);
825 __start_tty(tty);
826 spin_unlock_irqrestore(&tty->flow.lock, flags);
827 }
828 EXPORT_SYMBOL(start_tty);
829
tty_update_time(struct timespec64 * time)830 static void tty_update_time(struct timespec64 *time)
831 {
832 time64_t sec = ktime_get_real_seconds();
833
834 /*
835 * We only care if the two values differ in anything other than the
836 * lower three bits (i.e every 8 seconds). If so, then we can update
837 * the time of the tty device, otherwise it could be construded as a
838 * security leak to let userspace know the exact timing of the tty.
839 */
840 if ((sec ^ time->tv_sec) & ~7)
841 time->tv_sec = sec;
842 }
843
844 /*
845 * Iterate on the ldisc ->read() function until we've gotten all
846 * the data the ldisc has for us.
847 *
848 * The "cookie" is something that the ldisc read function can fill
849 * in to let us know that there is more data to be had.
850 *
851 * We promise to continue to call the ldisc until it stops returning
852 * data or clears the cookie. The cookie may be something that the
853 * ldisc maintains state for and needs to free.
854 */
iterate_tty_read(struct tty_ldisc * ld,struct tty_struct * tty,struct file * file,struct iov_iter * to)855 static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
856 struct file *file, struct iov_iter *to)
857 {
858 int retval = 0;
859 void *cookie = NULL;
860 unsigned long offset = 0;
861 char kernel_buf[64];
862 size_t count = iov_iter_count(to);
863
864 do {
865 int size, copied;
866
867 size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
868 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
869 if (!size)
870 break;
871
872 if (size < 0) {
873 /* Did we have an earlier error (ie -EFAULT)? */
874 if (retval)
875 break;
876 retval = size;
877
878 /*
879 * -EOVERFLOW means we didn't have enough space
880 * for a whole packet, and we shouldn't return
881 * a partial result.
882 */
883 if (retval == -EOVERFLOW)
884 offset = 0;
885 break;
886 }
887
888 copied = copy_to_iter(kernel_buf, size, to);
889 offset += copied;
890 count -= copied;
891
892 /*
893 * If the user copy failed, we still need to do another ->read()
894 * call if we had a cookie to let the ldisc clear up.
895 *
896 * But make sure size is zeroed.
897 */
898 if (unlikely(copied != size)) {
899 count = 0;
900 retval = -EFAULT;
901 }
902 } while (cookie);
903
904 /* We always clear tty buffer in case they contained passwords */
905 memzero_explicit(kernel_buf, sizeof(kernel_buf));
906 return offset ? offset : retval;
907 }
908
909
910 /**
911 * tty_read - read method for tty device files
912 * @iocb: kernel I/O control block
913 * @to: destination for the data read
914 *
915 * Perform the read system call function on this terminal device. Checks
916 * for hung up devices before calling the line discipline method.
917 *
918 * Locking:
919 * Locks the line discipline internally while needed. Multiple
920 * read calls may be outstanding in parallel.
921 */
922
tty_read(struct kiocb * iocb,struct iov_iter * to)923 static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
924 {
925 int i;
926 struct file *file = iocb->ki_filp;
927 struct inode *inode = file_inode(file);
928 struct tty_struct *tty = file_tty(file);
929 struct tty_ldisc *ld;
930
931 if (tty_paranoia_check(tty, inode, "tty_read"))
932 return -EIO;
933 if (!tty || tty_io_error(tty))
934 return -EIO;
935
936 /* We want to wait for the line discipline to sort out in this
937 * situation.
938 */
939 ld = tty_ldisc_ref_wait(tty);
940 if (!ld)
941 return hung_up_tty_read(iocb, to);
942 i = -EIO;
943 if (ld->ops->read)
944 i = iterate_tty_read(ld, tty, file, to);
945 tty_ldisc_deref(ld);
946
947 if (i > 0)
948 tty_update_time(&inode->i_atime);
949
950 return i;
951 }
952
tty_write_unlock(struct tty_struct * tty)953 void tty_write_unlock(struct tty_struct *tty)
954 {
955 mutex_unlock(&tty->atomic_write_lock);
956 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
957 }
958
tty_write_lock(struct tty_struct * tty,bool ndelay)959 int tty_write_lock(struct tty_struct *tty, bool ndelay)
960 {
961 if (!mutex_trylock(&tty->atomic_write_lock)) {
962 if (ndelay)
963 return -EAGAIN;
964 if (mutex_lock_interruptible(&tty->atomic_write_lock))
965 return -ERESTARTSYS;
966 }
967 return 0;
968 }
969
970 /*
971 * Split writes up in sane blocksizes to avoid
972 * denial-of-service type attacks
973 */
do_tty_write(ssize_t (* write)(struct tty_struct *,struct file *,const unsigned char *,size_t),struct tty_struct * tty,struct file * file,struct iov_iter * from)974 static inline ssize_t do_tty_write(
975 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
976 struct tty_struct *tty,
977 struct file *file,
978 struct iov_iter *from)
979 {
980 size_t count = iov_iter_count(from);
981 ssize_t ret, written = 0;
982 unsigned int chunk;
983
984 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
985 if (ret < 0)
986 return ret;
987
988 /*
989 * We chunk up writes into a temporary buffer. This
990 * simplifies low-level drivers immensely, since they
991 * don't have locking issues and user mode accesses.
992 *
993 * But if TTY_NO_WRITE_SPLIT is set, we should use a
994 * big chunk-size..
995 *
996 * The default chunk-size is 2kB, because the NTTY
997 * layer has problems with bigger chunks. It will
998 * claim to be able to handle more characters than
999 * it actually does.
1000 *
1001 * FIXME: This can probably go away now except that 64K chunks
1002 * are too likely to fail unless switched to vmalloc...
1003 */
1004 chunk = 2048;
1005 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1006 chunk = 65536;
1007 if (count < chunk)
1008 chunk = count;
1009
1010 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1011 if (tty->write_cnt < chunk) {
1012 unsigned char *buf_chunk;
1013
1014 if (chunk < 1024)
1015 chunk = 1024;
1016
1017 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1018 if (!buf_chunk) {
1019 ret = -ENOMEM;
1020 goto out;
1021 }
1022 kfree(tty->write_buf);
1023 tty->write_cnt = chunk;
1024 tty->write_buf = buf_chunk;
1025 }
1026
1027 /* Do the write .. */
1028 for (;;) {
1029 size_t size = count;
1030
1031 if (size > chunk)
1032 size = chunk;
1033
1034 ret = -EFAULT;
1035 if (copy_from_iter(tty->write_buf, size, from) != size)
1036 break;
1037
1038 ret = write(tty, file, tty->write_buf, size);
1039 if (ret <= 0)
1040 break;
1041
1042 written += ret;
1043 if (ret > size)
1044 break;
1045
1046 /* FIXME! Have Al check this! */
1047 if (ret != size)
1048 iov_iter_revert(from, size-ret);
1049
1050 count -= ret;
1051 if (!count)
1052 break;
1053 ret = -ERESTARTSYS;
1054 if (signal_pending(current))
1055 break;
1056 cond_resched();
1057 }
1058 if (written) {
1059 tty_update_time(&file_inode(file)->i_mtime);
1060 ret = written;
1061 }
1062 out:
1063 tty_write_unlock(tty);
1064 return ret;
1065 }
1066
1067 /**
1068 * tty_write_message - write a message to a certain tty, not just the console.
1069 * @tty: the destination tty_struct
1070 * @msg: the message to write
1071 *
1072 * This is used for messages that need to be redirected to a specific tty.
1073 * We don't put it into the syslog queue right now maybe in the future if
1074 * really needed.
1075 *
1076 * We must still hold the BTM and test the CLOSING flag for the moment.
1077 */
1078
tty_write_message(struct tty_struct * tty,char * msg)1079 void tty_write_message(struct tty_struct *tty, char *msg)
1080 {
1081 if (tty) {
1082 mutex_lock(&tty->atomic_write_lock);
1083 tty_lock(tty);
1084 if (tty->ops->write && tty->count > 0)
1085 tty->ops->write(tty, msg, strlen(msg));
1086 tty_unlock(tty);
1087 tty_write_unlock(tty);
1088 }
1089 }
1090
file_tty_write(struct file * file,struct kiocb * iocb,struct iov_iter * from)1091 static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1092 {
1093 struct tty_struct *tty = file_tty(file);
1094 struct tty_ldisc *ld;
1095 ssize_t ret;
1096
1097 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1098 return -EIO;
1099 if (!tty || !tty->ops->write || tty_io_error(tty))
1100 return -EIO;
1101 /* Short term debug to catch buggy drivers */
1102 if (tty->ops->write_room == NULL)
1103 tty_err(tty, "missing write_room method\n");
1104 ld = tty_ldisc_ref_wait(tty);
1105 if (!ld)
1106 return hung_up_tty_write(iocb, from);
1107 if (!ld->ops->write)
1108 ret = -EIO;
1109 else
1110 ret = do_tty_write(ld->ops->write, tty, file, from);
1111 tty_ldisc_deref(ld);
1112 return ret;
1113 }
1114
1115 /**
1116 * tty_write - write method for tty device file
1117 * @iocb: kernel I/O control block
1118 * @from: iov_iter with data to write
1119 *
1120 * Write data to a tty device via the line discipline.
1121 *
1122 * Locking:
1123 * Locks the line discipline as required
1124 * Writes to the tty driver are serialized by the atomic_write_lock
1125 * and are then processed in chunks to the device. The line
1126 * discipline write method will not be invoked in parallel for
1127 * each device.
1128 */
tty_write(struct kiocb * iocb,struct iov_iter * from)1129 static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1130 {
1131 return file_tty_write(iocb->ki_filp, iocb, from);
1132 }
1133
redirected_tty_write(struct kiocb * iocb,struct iov_iter * iter)1134 ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1135 {
1136 struct file *p = NULL;
1137
1138 spin_lock(&redirect_lock);
1139 if (redirect)
1140 p = get_file(redirect);
1141 spin_unlock(&redirect_lock);
1142
1143 /*
1144 * We know the redirected tty is just another tty, we can
1145 * call file_tty_write() directly with that file pointer.
1146 */
1147 if (p) {
1148 ssize_t res;
1149
1150 res = file_tty_write(p, iocb, iter);
1151 fput(p);
1152 return res;
1153 }
1154 return tty_write(iocb, iter);
1155 }
1156
1157 /*
1158 * tty_send_xchar - send priority character
1159 *
1160 * Send a high priority character to the tty even if stopped
1161 *
1162 * Locking: none for xchar method, write ordering for write method.
1163 */
1164
tty_send_xchar(struct tty_struct * tty,char ch)1165 int tty_send_xchar(struct tty_struct *tty, char ch)
1166 {
1167 bool was_stopped = tty->flow.stopped;
1168
1169 if (tty->ops->send_xchar) {
1170 down_read(&tty->termios_rwsem);
1171 tty->ops->send_xchar(tty, ch);
1172 up_read(&tty->termios_rwsem);
1173 return 0;
1174 }
1175
1176 if (tty_write_lock(tty, false) < 0)
1177 return -ERESTARTSYS;
1178
1179 down_read(&tty->termios_rwsem);
1180 if (was_stopped)
1181 start_tty(tty);
1182 tty->ops->write(tty, &ch, 1);
1183 if (was_stopped)
1184 stop_tty(tty);
1185 up_read(&tty->termios_rwsem);
1186 tty_write_unlock(tty);
1187 return 0;
1188 }
1189
1190 /**
1191 * pty_line_name - generate name for a pty
1192 * @driver: the tty driver in use
1193 * @index: the minor number
1194 * @p: output buffer of at least 6 bytes
1195 *
1196 * Generate a name from a driver reference and write it to the output
1197 * buffer.
1198 *
1199 * Locking: None
1200 */
pty_line_name(struct tty_driver * driver,int index,char * p)1201 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1202 {
1203 static const char ptychar[] = "pqrstuvwxyzabcde";
1204 int i = index + driver->name_base;
1205 /* ->name is initialized to "ttyp", but "tty" is expected */
1206 sprintf(p, "%s%c%x",
1207 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1208 ptychar[i >> 4 & 0xf], i & 0xf);
1209 }
1210
1211 /**
1212 * tty_line_name - generate name for a tty
1213 * @driver: the tty driver in use
1214 * @index: the minor number
1215 * @p: output buffer of at least 7 bytes
1216 *
1217 * Generate a name from a driver reference and write it to the output
1218 * buffer.
1219 *
1220 * Locking: None
1221 */
tty_line_name(struct tty_driver * driver,int index,char * p)1222 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1223 {
1224 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1225 return sprintf(p, "%s", driver->name);
1226 else
1227 return sprintf(p, "%s%d", driver->name,
1228 index + driver->name_base);
1229 }
1230
1231 /**
1232 * tty_driver_lookup_tty() - find an existing tty, if any
1233 * @driver: the driver for the tty
1234 * @file: file object
1235 * @idx: the minor number
1236 *
1237 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1238 * driver lookup() method returns an error.
1239 *
1240 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1241 */
tty_driver_lookup_tty(struct tty_driver * driver,struct file * file,int idx)1242 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1243 struct file *file, int idx)
1244 {
1245 struct tty_struct *tty;
1246
1247 if (driver->ops->lookup) {
1248 if (!file)
1249 tty = ERR_PTR(-EIO);
1250 else
1251 tty = driver->ops->lookup(driver, file, idx);
1252 } else {
1253 if (idx >= driver->num)
1254 return ERR_PTR(-EINVAL);
1255 tty = driver->ttys[idx];
1256 }
1257 if (!IS_ERR(tty))
1258 tty_kref_get(tty);
1259 return tty;
1260 }
1261
1262 /**
1263 * tty_init_termios - helper for termios setup
1264 * @tty: the tty to set up
1265 *
1266 * Initialise the termios structure for this tty. This runs under
1267 * the tty_mutex currently so we can be relaxed about ordering.
1268 */
1269
tty_init_termios(struct tty_struct * tty)1270 void tty_init_termios(struct tty_struct *tty)
1271 {
1272 struct ktermios *tp;
1273 int idx = tty->index;
1274
1275 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1276 tty->termios = tty->driver->init_termios;
1277 else {
1278 /* Check for lazy saved data */
1279 tp = tty->driver->termios[idx];
1280 if (tp != NULL) {
1281 tty->termios = *tp;
1282 tty->termios.c_line = tty->driver->init_termios.c_line;
1283 } else
1284 tty->termios = tty->driver->init_termios;
1285 }
1286 /* Compatibility until drivers always set this */
1287 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1288 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1289 }
1290 EXPORT_SYMBOL_GPL(tty_init_termios);
1291
tty_standard_install(struct tty_driver * driver,struct tty_struct * tty)1292 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1293 {
1294 tty_init_termios(tty);
1295 tty_driver_kref_get(driver);
1296 tty->count++;
1297 driver->ttys[tty->index] = tty;
1298 return 0;
1299 }
1300 EXPORT_SYMBOL_GPL(tty_standard_install);
1301
1302 /**
1303 * tty_driver_install_tty() - install a tty entry in the driver
1304 * @driver: the driver for the tty
1305 * @tty: the tty
1306 *
1307 * Install a tty object into the driver tables. The tty->index field
1308 * will be set by the time this is called. This method is responsible
1309 * for ensuring any need additional structures are allocated and
1310 * configured.
1311 *
1312 * Locking: tty_mutex for now
1313 */
tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1314 static int tty_driver_install_tty(struct tty_driver *driver,
1315 struct tty_struct *tty)
1316 {
1317 return driver->ops->install ? driver->ops->install(driver, tty) :
1318 tty_standard_install(driver, tty);
1319 }
1320
1321 /**
1322 * tty_driver_remove_tty() - remove a tty from the driver tables
1323 * @driver: the driver for the tty
1324 * @tty: tty to remove
1325 *
1326 * Remvoe a tty object from the driver tables. The tty->index field
1327 * will be set by the time this is called.
1328 *
1329 * Locking: tty_mutex for now
1330 */
tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1331 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1332 {
1333 if (driver->ops->remove)
1334 driver->ops->remove(driver, tty);
1335 else
1336 driver->ttys[tty->index] = NULL;
1337 }
1338
1339 /**
1340 * tty_reopen() - fast re-open of an open tty
1341 * @tty: the tty to open
1342 *
1343 * Return 0 on success, -errno on error.
1344 * Re-opens on master ptys are not allowed and return -EIO.
1345 *
1346 * Locking: Caller must hold tty_lock
1347 */
tty_reopen(struct tty_struct * tty)1348 static int tty_reopen(struct tty_struct *tty)
1349 {
1350 struct tty_driver *driver = tty->driver;
1351 struct tty_ldisc *ld;
1352 int retval = 0;
1353
1354 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1355 driver->subtype == PTY_TYPE_MASTER)
1356 return -EIO;
1357
1358 if (!tty->count)
1359 return -EAGAIN;
1360
1361 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1362 return -EBUSY;
1363
1364 ld = tty_ldisc_ref_wait(tty);
1365 if (ld) {
1366 tty_ldisc_deref(ld);
1367 } else {
1368 retval = tty_ldisc_lock(tty, 5 * HZ);
1369 if (retval)
1370 return retval;
1371
1372 if (!tty->ldisc)
1373 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1374 tty_ldisc_unlock(tty);
1375 }
1376
1377 if (retval == 0)
1378 tty->count++;
1379
1380 return retval;
1381 }
1382
1383 /**
1384 * tty_init_dev - initialise a tty device
1385 * @driver: tty driver we are opening a device on
1386 * @idx: device index
1387 *
1388 * Prepare a tty device. This may not be a "new" clean device but
1389 * could also be an active device. The pty drivers require special
1390 * handling because of this.
1391 *
1392 * Locking:
1393 * The function is called under the tty_mutex, which
1394 * protects us from the tty struct or driver itself going away.
1395 *
1396 * On exit the tty device has the line discipline attached and
1397 * a reference count of 1. If a pair was created for pty/tty use
1398 * and the other was a pty master then it too has a reference count of 1.
1399 *
1400 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1401 * failed open. The new code protects the open with a mutex, so it's
1402 * really quite straightforward. The mutex locking can probably be
1403 * relaxed for the (most common) case of reopening a tty.
1404 *
1405 * Return: returned tty structure
1406 */
1407
tty_init_dev(struct tty_driver * driver,int idx)1408 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1409 {
1410 struct tty_struct *tty;
1411 int retval;
1412
1413 /*
1414 * First time open is complex, especially for PTY devices.
1415 * This code guarantees that either everything succeeds and the
1416 * TTY is ready for operation, or else the table slots are vacated
1417 * and the allocated memory released. (Except that the termios
1418 * may be retained.)
1419 */
1420
1421 if (!try_module_get(driver->owner))
1422 return ERR_PTR(-ENODEV);
1423
1424 tty = alloc_tty_struct(driver, idx);
1425 if (!tty) {
1426 retval = -ENOMEM;
1427 goto err_module_put;
1428 }
1429
1430 tty_lock(tty);
1431 retval = tty_driver_install_tty(driver, tty);
1432 if (retval < 0)
1433 goto err_free_tty;
1434
1435 if (!tty->port)
1436 tty->port = driver->ports[idx];
1437
1438 if (WARN_RATELIMIT(!tty->port,
1439 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1440 __func__, tty->driver->name)) {
1441 retval = -EINVAL;
1442 goto err_release_lock;
1443 }
1444
1445 retval = tty_ldisc_lock(tty, 5 * HZ);
1446 if (retval)
1447 goto err_release_lock;
1448 tty->port->itty = tty;
1449
1450 /*
1451 * Structures all installed ... call the ldisc open routines.
1452 * If we fail here just call release_tty to clean up. No need
1453 * to decrement the use counts, as release_tty doesn't care.
1454 */
1455 retval = tty_ldisc_setup(tty, tty->link);
1456 if (retval)
1457 goto err_release_tty;
1458 tty_ldisc_unlock(tty);
1459 /* Return the tty locked so that it cannot vanish under the caller */
1460 return tty;
1461
1462 err_free_tty:
1463 tty_unlock(tty);
1464 free_tty_struct(tty);
1465 err_module_put:
1466 module_put(driver->owner);
1467 return ERR_PTR(retval);
1468
1469 /* call the tty release_tty routine to clean out this slot */
1470 err_release_tty:
1471 tty_ldisc_unlock(tty);
1472 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1473 retval, idx);
1474 err_release_lock:
1475 tty_unlock(tty);
1476 release_tty(tty, idx);
1477 return ERR_PTR(retval);
1478 }
1479
1480 /**
1481 * tty_save_termios() - save tty termios data in driver table
1482 * @tty: tty whose termios data to save
1483 *
1484 * Locking: Caller guarantees serialisation with tty_init_termios().
1485 */
tty_save_termios(struct tty_struct * tty)1486 void tty_save_termios(struct tty_struct *tty)
1487 {
1488 struct ktermios *tp;
1489 int idx = tty->index;
1490
1491 /* If the port is going to reset then it has no termios to save */
1492 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1493 return;
1494
1495 /* Stash the termios data */
1496 tp = tty->driver->termios[idx];
1497 if (tp == NULL) {
1498 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1499 if (tp == NULL)
1500 return;
1501 tty->driver->termios[idx] = tp;
1502 }
1503 *tp = tty->termios;
1504 }
1505 EXPORT_SYMBOL_GPL(tty_save_termios);
1506
1507 /**
1508 * tty_flush_works - flush all works of a tty/pty pair
1509 * @tty: tty device to flush works for (or either end of a pty pair)
1510 *
1511 * Sync flush all works belonging to @tty (and the 'other' tty).
1512 */
tty_flush_works(struct tty_struct * tty)1513 static void tty_flush_works(struct tty_struct *tty)
1514 {
1515 flush_work(&tty->SAK_work);
1516 flush_work(&tty->hangup_work);
1517 if (tty->link) {
1518 flush_work(&tty->link->SAK_work);
1519 flush_work(&tty->link->hangup_work);
1520 }
1521 }
1522
1523 /**
1524 * release_one_tty - release tty structure memory
1525 * @work: work of tty we are obliterating
1526 *
1527 * Releases memory associated with a tty structure, and clears out the
1528 * driver table slots. This function is called when a device is no longer
1529 * in use. It also gets called when setup of a device fails.
1530 *
1531 * Locking:
1532 * takes the file list lock internally when working on the list
1533 * of ttys that the driver keeps.
1534 *
1535 * This method gets called from a work queue so that the driver private
1536 * cleanup ops can sleep (needed for USB at least)
1537 */
release_one_tty(struct work_struct * work)1538 static void release_one_tty(struct work_struct *work)
1539 {
1540 struct tty_struct *tty =
1541 container_of(work, struct tty_struct, hangup_work);
1542 struct tty_driver *driver = tty->driver;
1543 struct module *owner = driver->owner;
1544
1545 if (tty->ops->cleanup)
1546 tty->ops->cleanup(tty);
1547
1548 tty->magic = 0;
1549 tty_driver_kref_put(driver);
1550 module_put(owner);
1551
1552 spin_lock(&tty->files_lock);
1553 list_del_init(&tty->tty_files);
1554 spin_unlock(&tty->files_lock);
1555
1556 put_pid(tty->ctrl.pgrp);
1557 put_pid(tty->ctrl.session);
1558 free_tty_struct(tty);
1559 }
1560
queue_release_one_tty(struct kref * kref)1561 static void queue_release_one_tty(struct kref *kref)
1562 {
1563 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1564
1565 /* The hangup queue is now free so we can reuse it rather than
1566 * waste a chunk of memory for each port.
1567 */
1568 INIT_WORK(&tty->hangup_work, release_one_tty);
1569 schedule_work(&tty->hangup_work);
1570 }
1571
1572 /**
1573 * tty_kref_put - release a tty kref
1574 * @tty: tty device
1575 *
1576 * Release a reference to a tty device and if need be let the kref
1577 * layer destruct the object for us
1578 */
1579
tty_kref_put(struct tty_struct * tty)1580 void tty_kref_put(struct tty_struct *tty)
1581 {
1582 if (tty)
1583 kref_put(&tty->kref, queue_release_one_tty);
1584 }
1585 EXPORT_SYMBOL(tty_kref_put);
1586
1587 /**
1588 * release_tty - release tty structure memory
1589 * @tty: tty device release
1590 * @idx: index of the tty device release
1591 *
1592 * Release both @tty and a possible linked partner (think pty pair),
1593 * and decrement the refcount of the backing module.
1594 *
1595 * Locking:
1596 * tty_mutex
1597 * takes the file list lock internally when working on the list
1598 * of ttys that the driver keeps.
1599 *
1600 */
release_tty(struct tty_struct * tty,int idx)1601 static void release_tty(struct tty_struct *tty, int idx)
1602 {
1603 /* This should always be true but check for the moment */
1604 WARN_ON(tty->index != idx);
1605 WARN_ON(!mutex_is_locked(&tty_mutex));
1606 if (tty->ops->shutdown)
1607 tty->ops->shutdown(tty);
1608 tty_save_termios(tty);
1609 tty_driver_remove_tty(tty->driver, tty);
1610 if (tty->port)
1611 tty->port->itty = NULL;
1612 if (tty->link)
1613 tty->link->port->itty = NULL;
1614 if (tty->port)
1615 tty_buffer_cancel_work(tty->port);
1616 if (tty->link)
1617 tty_buffer_cancel_work(tty->link->port);
1618
1619 tty_kref_put(tty->link);
1620 tty_kref_put(tty);
1621 }
1622
1623 /**
1624 * tty_release_checks - check a tty before real release
1625 * @tty: tty to check
1626 * @idx: index of the tty
1627 *
1628 * Performs some paranoid checking before true release of the @tty.
1629 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1630 */
tty_release_checks(struct tty_struct * tty,int idx)1631 static int tty_release_checks(struct tty_struct *tty, int idx)
1632 {
1633 #ifdef TTY_PARANOIA_CHECK
1634 if (idx < 0 || idx >= tty->driver->num) {
1635 tty_debug(tty, "bad idx %d\n", idx);
1636 return -1;
1637 }
1638
1639 /* not much to check for devpts */
1640 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1641 return 0;
1642
1643 if (tty != tty->driver->ttys[idx]) {
1644 tty_debug(tty, "bad driver table[%d] = %p\n",
1645 idx, tty->driver->ttys[idx]);
1646 return -1;
1647 }
1648 if (tty->driver->other) {
1649 struct tty_struct *o_tty = tty->link;
1650
1651 if (o_tty != tty->driver->other->ttys[idx]) {
1652 tty_debug(tty, "bad other table[%d] = %p\n",
1653 idx, tty->driver->other->ttys[idx]);
1654 return -1;
1655 }
1656 if (o_tty->link != tty) {
1657 tty_debug(tty, "bad link = %p\n", o_tty->link);
1658 return -1;
1659 }
1660 }
1661 #endif
1662 return 0;
1663 }
1664
1665 /**
1666 * tty_kclose - closes tty opened by tty_kopen
1667 * @tty: tty device
1668 *
1669 * Performs the final steps to release and free a tty device. It is the
1670 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED
1671 * flag on tty->port.
1672 */
tty_kclose(struct tty_struct * tty)1673 void tty_kclose(struct tty_struct *tty)
1674 {
1675 /*
1676 * Ask the line discipline code to release its structures
1677 */
1678 tty_ldisc_release(tty);
1679
1680 /* Wait for pending work before tty destruction commmences */
1681 tty_flush_works(tty);
1682
1683 tty_debug_hangup(tty, "freeing structure\n");
1684 /*
1685 * The release_tty function takes care of the details of clearing
1686 * the slots and preserving the termios structure.
1687 */
1688 mutex_lock(&tty_mutex);
1689 tty_port_set_kopened(tty->port, 0);
1690 release_tty(tty, tty->index);
1691 mutex_unlock(&tty_mutex);
1692 }
1693 EXPORT_SYMBOL_GPL(tty_kclose);
1694
1695 /**
1696 * tty_release_struct - release a tty struct
1697 * @tty: tty device
1698 * @idx: index of the tty
1699 *
1700 * Performs the final steps to release and free a tty device. It is
1701 * roughly the reverse of tty_init_dev.
1702 */
tty_release_struct(struct tty_struct * tty,int idx)1703 void tty_release_struct(struct tty_struct *tty, int idx)
1704 {
1705 /*
1706 * Ask the line discipline code to release its structures
1707 */
1708 tty_ldisc_release(tty);
1709
1710 /* Wait for pending work before tty destruction commmences */
1711 tty_flush_works(tty);
1712
1713 tty_debug_hangup(tty, "freeing structure\n");
1714 /*
1715 * The release_tty function takes care of the details of clearing
1716 * the slots and preserving the termios structure.
1717 */
1718 mutex_lock(&tty_mutex);
1719 release_tty(tty, idx);
1720 mutex_unlock(&tty_mutex);
1721 }
1722 EXPORT_SYMBOL_GPL(tty_release_struct);
1723
1724 /**
1725 * tty_release - vfs callback for close
1726 * @inode: inode of tty
1727 * @filp: file pointer for handle to tty
1728 *
1729 * Called the last time each file handle is closed that references
1730 * this tty. There may however be several such references.
1731 *
1732 * Locking:
1733 * Takes bkl. See tty_release_dev
1734 *
1735 * Even releasing the tty structures is a tricky business.. We have
1736 * to be very careful that the structures are all released at the
1737 * same time, as interrupts might otherwise get the wrong pointers.
1738 *
1739 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1740 * lead to double frees or releasing memory still in use.
1741 */
1742
tty_release(struct inode * inode,struct file * filp)1743 int tty_release(struct inode *inode, struct file *filp)
1744 {
1745 struct tty_struct *tty = file_tty(filp);
1746 struct tty_struct *o_tty = NULL;
1747 int do_sleep, final;
1748 int idx;
1749 long timeout = 0;
1750 int once = 1;
1751
1752 if (tty_paranoia_check(tty, inode, __func__))
1753 return 0;
1754
1755 tty_lock(tty);
1756 check_tty_count(tty, __func__);
1757
1758 __tty_fasync(-1, filp, 0);
1759
1760 idx = tty->index;
1761 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1762 tty->driver->subtype == PTY_TYPE_MASTER)
1763 o_tty = tty->link;
1764
1765 if (tty_release_checks(tty, idx)) {
1766 tty_unlock(tty);
1767 return 0;
1768 }
1769
1770 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1771
1772 if (tty->ops->close)
1773 tty->ops->close(tty, filp);
1774
1775 /* If tty is pty master, lock the slave pty (stable lock order) */
1776 tty_lock_slave(o_tty);
1777
1778 /*
1779 * Sanity check: if tty->count is going to zero, there shouldn't be
1780 * any waiters on tty->read_wait or tty->write_wait. We test the
1781 * wait queues and kick everyone out _before_ actually starting to
1782 * close. This ensures that we won't block while releasing the tty
1783 * structure.
1784 *
1785 * The test for the o_tty closing is necessary, since the master and
1786 * slave sides may close in any order. If the slave side closes out
1787 * first, its count will be one, since the master side holds an open.
1788 * Thus this test wouldn't be triggered at the time the slave closed,
1789 * so we do it now.
1790 */
1791 while (1) {
1792 do_sleep = 0;
1793
1794 if (tty->count <= 1) {
1795 if (waitqueue_active(&tty->read_wait)) {
1796 wake_up_poll(&tty->read_wait, EPOLLIN);
1797 do_sleep++;
1798 }
1799 if (waitqueue_active(&tty->write_wait)) {
1800 wake_up_poll(&tty->write_wait, EPOLLOUT);
1801 do_sleep++;
1802 }
1803 }
1804 if (o_tty && o_tty->count <= 1) {
1805 if (waitqueue_active(&o_tty->read_wait)) {
1806 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1807 do_sleep++;
1808 }
1809 if (waitqueue_active(&o_tty->write_wait)) {
1810 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1811 do_sleep++;
1812 }
1813 }
1814 if (!do_sleep)
1815 break;
1816
1817 if (once) {
1818 once = 0;
1819 tty_warn(tty, "read/write wait queue active!\n");
1820 }
1821 schedule_timeout_killable(timeout);
1822 if (timeout < 120 * HZ)
1823 timeout = 2 * timeout + 1;
1824 else
1825 timeout = MAX_SCHEDULE_TIMEOUT;
1826 }
1827
1828 if (o_tty) {
1829 if (--o_tty->count < 0) {
1830 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1831 o_tty->count = 0;
1832 }
1833 }
1834 if (--tty->count < 0) {
1835 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1836 tty->count = 0;
1837 }
1838
1839 /*
1840 * We've decremented tty->count, so we need to remove this file
1841 * descriptor off the tty->tty_files list; this serves two
1842 * purposes:
1843 * - check_tty_count sees the correct number of file descriptors
1844 * associated with this tty.
1845 * - do_tty_hangup no longer sees this file descriptor as
1846 * something that needs to be handled for hangups.
1847 */
1848 tty_del_file(filp);
1849
1850 /*
1851 * Perform some housekeeping before deciding whether to return.
1852 *
1853 * If _either_ side is closing, make sure there aren't any
1854 * processes that still think tty or o_tty is their controlling
1855 * tty.
1856 */
1857 if (!tty->count) {
1858 read_lock(&tasklist_lock);
1859 session_clear_tty(tty->ctrl.session);
1860 if (o_tty)
1861 session_clear_tty(o_tty->ctrl.session);
1862 read_unlock(&tasklist_lock);
1863 }
1864
1865 /* check whether both sides are closing ... */
1866 final = !tty->count && !(o_tty && o_tty->count);
1867
1868 tty_unlock_slave(o_tty);
1869 tty_unlock(tty);
1870
1871 /* At this point, the tty->count == 0 should ensure a dead tty
1872 * cannot be re-opened by a racing opener.
1873 */
1874
1875 if (!final)
1876 return 0;
1877
1878 tty_debug_hangup(tty, "final close\n");
1879
1880 tty_release_struct(tty, idx);
1881 return 0;
1882 }
1883
1884 /**
1885 * tty_open_current_tty - get locked tty of current task
1886 * @device: device number
1887 * @filp: file pointer to tty
1888 * @return: locked tty of the current task iff @device is /dev/tty
1889 *
1890 * Performs a re-open of the current task's controlling tty.
1891 *
1892 * We cannot return driver and index like for the other nodes because
1893 * devpts will not work then. It expects inodes to be from devpts FS.
1894 */
tty_open_current_tty(dev_t device,struct file * filp)1895 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1896 {
1897 struct tty_struct *tty;
1898 int retval;
1899
1900 if (device != MKDEV(TTYAUX_MAJOR, 0))
1901 return NULL;
1902
1903 tty = get_current_tty();
1904 if (!tty)
1905 return ERR_PTR(-ENXIO);
1906
1907 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1908 /* noctty = 1; */
1909 tty_lock(tty);
1910 tty_kref_put(tty); /* safe to drop the kref now */
1911
1912 retval = tty_reopen(tty);
1913 if (retval < 0) {
1914 tty_unlock(tty);
1915 tty = ERR_PTR(retval);
1916 }
1917 return tty;
1918 }
1919
1920 /**
1921 * tty_lookup_driver - lookup a tty driver for a given device file
1922 * @device: device number
1923 * @filp: file pointer to tty
1924 * @index: index for the device in the @return driver
1925 * @return: driver for this inode (with increased refcount)
1926 *
1927 * If @return is not erroneous, the caller is responsible to decrement the
1928 * refcount by tty_driver_kref_put.
1929 *
1930 * Locking: tty_mutex protects get_tty_driver
1931 */
tty_lookup_driver(dev_t device,struct file * filp,int * index)1932 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1933 int *index)
1934 {
1935 struct tty_driver *driver = NULL;
1936
1937 switch (device) {
1938 #ifdef CONFIG_VT
1939 case MKDEV(TTY_MAJOR, 0): {
1940 extern struct tty_driver *console_driver;
1941
1942 driver = tty_driver_kref_get(console_driver);
1943 *index = fg_console;
1944 break;
1945 }
1946 #endif
1947 case MKDEV(TTYAUX_MAJOR, 1): {
1948 struct tty_driver *console_driver = console_device(index);
1949
1950 if (console_driver) {
1951 driver = tty_driver_kref_get(console_driver);
1952 if (driver && filp) {
1953 /* Don't let /dev/console block */
1954 filp->f_flags |= O_NONBLOCK;
1955 break;
1956 }
1957 }
1958 if (driver)
1959 tty_driver_kref_put(driver);
1960 return ERR_PTR(-ENODEV);
1961 }
1962 default:
1963 driver = get_tty_driver(device, index);
1964 if (!driver)
1965 return ERR_PTR(-ENODEV);
1966 break;
1967 }
1968 return driver;
1969 }
1970
tty_kopen(dev_t device,int shared)1971 static struct tty_struct *tty_kopen(dev_t device, int shared)
1972 {
1973 struct tty_struct *tty;
1974 struct tty_driver *driver;
1975 int index = -1;
1976
1977 mutex_lock(&tty_mutex);
1978 driver = tty_lookup_driver(device, NULL, &index);
1979 if (IS_ERR(driver)) {
1980 mutex_unlock(&tty_mutex);
1981 return ERR_CAST(driver);
1982 }
1983
1984 /* check whether we're reopening an existing tty */
1985 tty = tty_driver_lookup_tty(driver, NULL, index);
1986 if (IS_ERR(tty) || shared)
1987 goto out;
1988
1989 if (tty) {
1990 /* drop kref from tty_driver_lookup_tty() */
1991 tty_kref_put(tty);
1992 tty = ERR_PTR(-EBUSY);
1993 } else { /* tty_init_dev returns tty with the tty_lock held */
1994 tty = tty_init_dev(driver, index);
1995 if (IS_ERR(tty))
1996 goto out;
1997 tty_port_set_kopened(tty->port, 1);
1998 }
1999 out:
2000 mutex_unlock(&tty_mutex);
2001 tty_driver_kref_put(driver);
2002 return tty;
2003 }
2004
2005 /**
2006 * tty_kopen_exclusive - open a tty device for kernel
2007 * @device: dev_t of device to open
2008 *
2009 * Opens tty exclusively for kernel. Performs the driver lookup,
2010 * makes sure it's not already opened and performs the first-time
2011 * tty initialization.
2012 *
2013 * Returns the locked initialized &tty_struct
2014 *
2015 * Claims the global tty_mutex to serialize:
2016 * - concurrent first-time tty initialization
2017 * - concurrent tty driver removal w/ lookup
2018 * - concurrent tty removal from driver table
2019 */
tty_kopen_exclusive(dev_t device)2020 struct tty_struct *tty_kopen_exclusive(dev_t device)
2021 {
2022 return tty_kopen(device, 0);
2023 }
2024 EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2025
2026 /**
2027 * tty_kopen_shared - open a tty device for shared in-kernel use
2028 * @device: dev_t of device to open
2029 *
2030 * Opens an already existing tty for in-kernel use. Compared to
2031 * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2032 *
2033 * Locking is identical to tty_kopen() above.
2034 */
tty_kopen_shared(dev_t device)2035 struct tty_struct *tty_kopen_shared(dev_t device)
2036 {
2037 return tty_kopen(device, 1);
2038 }
2039 EXPORT_SYMBOL_GPL(tty_kopen_shared);
2040
2041 /**
2042 * tty_open_by_driver - open a tty device
2043 * @device: dev_t of device to open
2044 * @filp: file pointer to tty
2045 *
2046 * Performs the driver lookup, checks for a reopen, or otherwise
2047 * performs the first-time tty initialization.
2048 *
2049 * Returns the locked initialized or re-opened &tty_struct
2050 *
2051 * Claims the global tty_mutex to serialize:
2052 * - concurrent first-time tty initialization
2053 * - concurrent tty driver removal w/ lookup
2054 * - concurrent tty removal from driver table
2055 */
tty_open_by_driver(dev_t device,struct file * filp)2056 static struct tty_struct *tty_open_by_driver(dev_t device,
2057 struct file *filp)
2058 {
2059 struct tty_struct *tty;
2060 struct tty_driver *driver = NULL;
2061 int index = -1;
2062 int retval;
2063
2064 mutex_lock(&tty_mutex);
2065 driver = tty_lookup_driver(device, filp, &index);
2066 if (IS_ERR(driver)) {
2067 mutex_unlock(&tty_mutex);
2068 return ERR_CAST(driver);
2069 }
2070
2071 /* check whether we're reopening an existing tty */
2072 tty = tty_driver_lookup_tty(driver, filp, index);
2073 if (IS_ERR(tty)) {
2074 mutex_unlock(&tty_mutex);
2075 goto out;
2076 }
2077
2078 if (tty) {
2079 if (tty_port_kopened(tty->port)) {
2080 tty_kref_put(tty);
2081 mutex_unlock(&tty_mutex);
2082 tty = ERR_PTR(-EBUSY);
2083 goto out;
2084 }
2085 mutex_unlock(&tty_mutex);
2086 retval = tty_lock_interruptible(tty);
2087 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2088 if (retval) {
2089 if (retval == -EINTR)
2090 retval = -ERESTARTSYS;
2091 tty = ERR_PTR(retval);
2092 goto out;
2093 }
2094 retval = tty_reopen(tty);
2095 if (retval < 0) {
2096 tty_unlock(tty);
2097 tty = ERR_PTR(retval);
2098 }
2099 } else { /* Returns with the tty_lock held for now */
2100 tty = tty_init_dev(driver, index);
2101 mutex_unlock(&tty_mutex);
2102 }
2103 out:
2104 tty_driver_kref_put(driver);
2105 return tty;
2106 }
2107
2108 /**
2109 * tty_open - open a tty device
2110 * @inode: inode of device file
2111 * @filp: file pointer to tty
2112 *
2113 * tty_open and tty_release keep up the tty count that contains the
2114 * number of opens done on a tty. We cannot use the inode-count, as
2115 * different inodes might point to the same tty.
2116 *
2117 * Open-counting is needed for pty masters, as well as for keeping
2118 * track of serial lines: DTR is dropped when the last close happens.
2119 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2120 *
2121 * The termios state of a pty is reset on first open so that
2122 * settings don't persist across reuse.
2123 *
2124 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2125 * tty->count should protect the rest.
2126 * ->siglock protects ->signal/->sighand
2127 *
2128 * Note: the tty_unlock/lock cases without a ref are only safe due to
2129 * tty_mutex
2130 */
2131
tty_open(struct inode * inode,struct file * filp)2132 static int tty_open(struct inode *inode, struct file *filp)
2133 {
2134 struct tty_struct *tty;
2135 int noctty, retval;
2136 dev_t device = inode->i_rdev;
2137 unsigned saved_flags = filp->f_flags;
2138
2139 nonseekable_open(inode, filp);
2140
2141 retry_open:
2142 retval = tty_alloc_file(filp);
2143 if (retval)
2144 return -ENOMEM;
2145
2146 tty = tty_open_current_tty(device, filp);
2147 if (!tty)
2148 tty = tty_open_by_driver(device, filp);
2149
2150 if (IS_ERR(tty)) {
2151 tty_free_file(filp);
2152 retval = PTR_ERR(tty);
2153 if (retval != -EAGAIN || signal_pending(current))
2154 return retval;
2155 schedule();
2156 goto retry_open;
2157 }
2158
2159 tty_add_file(tty, filp);
2160
2161 check_tty_count(tty, __func__);
2162 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2163
2164 if (tty->ops->open)
2165 retval = tty->ops->open(tty, filp);
2166 else
2167 retval = -ENODEV;
2168 filp->f_flags = saved_flags;
2169
2170 if (retval) {
2171 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2172
2173 tty_unlock(tty); /* need to call tty_release without BTM */
2174 tty_release(inode, filp);
2175 if (retval != -ERESTARTSYS)
2176 return retval;
2177
2178 if (signal_pending(current))
2179 return retval;
2180
2181 schedule();
2182 /*
2183 * Need to reset f_op in case a hangup happened.
2184 */
2185 if (tty_hung_up_p(filp))
2186 filp->f_op = &tty_fops;
2187 goto retry_open;
2188 }
2189 clear_bit(TTY_HUPPED, &tty->flags);
2190
2191 noctty = (filp->f_flags & O_NOCTTY) ||
2192 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2193 device == MKDEV(TTYAUX_MAJOR, 1) ||
2194 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2195 tty->driver->subtype == PTY_TYPE_MASTER);
2196 if (!noctty)
2197 tty_open_proc_set_tty(filp, tty);
2198 tty_unlock(tty);
2199 return 0;
2200 }
2201
2202
2203
2204 /**
2205 * tty_poll - check tty status
2206 * @filp: file being polled
2207 * @wait: poll wait structures to update
2208 *
2209 * Call the line discipline polling method to obtain the poll
2210 * status of the device.
2211 *
2212 * Locking: locks called line discipline but ldisc poll method
2213 * may be re-entered freely by other callers.
2214 */
2215
tty_poll(struct file * filp,poll_table * wait)2216 static __poll_t tty_poll(struct file *filp, poll_table *wait)
2217 {
2218 struct tty_struct *tty = file_tty(filp);
2219 struct tty_ldisc *ld;
2220 __poll_t ret = 0;
2221
2222 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2223 return 0;
2224
2225 ld = tty_ldisc_ref_wait(tty);
2226 if (!ld)
2227 return hung_up_tty_poll(filp, wait);
2228 if (ld->ops->poll)
2229 ret = ld->ops->poll(tty, filp, wait);
2230 tty_ldisc_deref(ld);
2231 return ret;
2232 }
2233
__tty_fasync(int fd,struct file * filp,int on)2234 static int __tty_fasync(int fd, struct file *filp, int on)
2235 {
2236 struct tty_struct *tty = file_tty(filp);
2237 unsigned long flags;
2238 int retval = 0;
2239
2240 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2241 goto out;
2242
2243 retval = fasync_helper(fd, filp, on, &tty->fasync);
2244 if (retval <= 0)
2245 goto out;
2246
2247 if (on) {
2248 enum pid_type type;
2249 struct pid *pid;
2250
2251 spin_lock_irqsave(&tty->ctrl.lock, flags);
2252 if (tty->ctrl.pgrp) {
2253 pid = tty->ctrl.pgrp;
2254 type = PIDTYPE_PGID;
2255 } else {
2256 pid = task_pid(current);
2257 type = PIDTYPE_TGID;
2258 }
2259 get_pid(pid);
2260 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2261 __f_setown(filp, pid, type, 0);
2262 put_pid(pid);
2263 retval = 0;
2264 }
2265 out:
2266 return retval;
2267 }
2268
tty_fasync(int fd,struct file * filp,int on)2269 static int tty_fasync(int fd, struct file *filp, int on)
2270 {
2271 struct tty_struct *tty = file_tty(filp);
2272 int retval = -ENOTTY;
2273
2274 tty_lock(tty);
2275 if (!tty_hung_up_p(filp))
2276 retval = __tty_fasync(fd, filp, on);
2277 tty_unlock(tty);
2278
2279 return retval;
2280 }
2281
2282 /**
2283 * tiocsti - fake input character
2284 * @tty: tty to fake input into
2285 * @p: pointer to character
2286 *
2287 * Fake input to a tty device. Does the necessary locking and
2288 * input management.
2289 *
2290 * FIXME: does not honour flow control ??
2291 *
2292 * Locking:
2293 * Called functions take tty_ldiscs_lock
2294 * current->signal->tty check is safe without locks
2295 */
2296
tiocsti(struct tty_struct * tty,char __user * p)2297 static int tiocsti(struct tty_struct *tty, char __user *p)
2298 {
2299 char ch, mbz = 0;
2300 struct tty_ldisc *ld;
2301
2302 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2303 return -EPERM;
2304 if (get_user(ch, p))
2305 return -EFAULT;
2306 tty_audit_tiocsti(tty, ch);
2307 ld = tty_ldisc_ref_wait(tty);
2308 if (!ld)
2309 return -EIO;
2310 tty_buffer_lock_exclusive(tty->port);
2311 if (ld->ops->receive_buf)
2312 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2313 tty_buffer_unlock_exclusive(tty->port);
2314 tty_ldisc_deref(ld);
2315 return 0;
2316 }
2317
2318 /**
2319 * tiocgwinsz - implement window query ioctl
2320 * @tty: tty
2321 * @arg: user buffer for result
2322 *
2323 * Copies the kernel idea of the window size into the user buffer.
2324 *
2325 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2326 * is consistent.
2327 */
2328
tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2329 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2330 {
2331 int err;
2332
2333 mutex_lock(&tty->winsize_mutex);
2334 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2335 mutex_unlock(&tty->winsize_mutex);
2336
2337 return err ? -EFAULT : 0;
2338 }
2339
2340 /**
2341 * tty_do_resize - resize event
2342 * @tty: tty being resized
2343 * @ws: new dimensions
2344 *
2345 * Update the termios variables and send the necessary signals to
2346 * peform a terminal resize correctly
2347 */
2348
tty_do_resize(struct tty_struct * tty,struct winsize * ws)2349 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2350 {
2351 struct pid *pgrp;
2352
2353 /* Lock the tty */
2354 mutex_lock(&tty->winsize_mutex);
2355 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2356 goto done;
2357
2358 /* Signal the foreground process group */
2359 pgrp = tty_get_pgrp(tty);
2360 if (pgrp)
2361 kill_pgrp(pgrp, SIGWINCH, 1);
2362 put_pid(pgrp);
2363
2364 tty->winsize = *ws;
2365 done:
2366 mutex_unlock(&tty->winsize_mutex);
2367 return 0;
2368 }
2369 EXPORT_SYMBOL(tty_do_resize);
2370
2371 /**
2372 * tiocswinsz - implement window size set ioctl
2373 * @tty: tty side of tty
2374 * @arg: user buffer for result
2375 *
2376 * Copies the user idea of the window size to the kernel. Traditionally
2377 * this is just advisory information but for the Linux console it
2378 * actually has driver level meaning and triggers a VC resize.
2379 *
2380 * Locking:
2381 * Driver dependent. The default do_resize method takes the
2382 * tty termios mutex and ctrl.lock. The console takes its own lock
2383 * then calls into the default method.
2384 */
2385
tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2386 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2387 {
2388 struct winsize tmp_ws;
2389
2390 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2391 return -EFAULT;
2392
2393 if (tty->ops->resize)
2394 return tty->ops->resize(tty, &tmp_ws);
2395 else
2396 return tty_do_resize(tty, &tmp_ws);
2397 }
2398
2399 /**
2400 * tioccons - allow admin to move logical console
2401 * @file: the file to become console
2402 *
2403 * Allow the administrator to move the redirected console device
2404 *
2405 * Locking: uses redirect_lock to guard the redirect information
2406 */
2407
tioccons(struct file * file)2408 static int tioccons(struct file *file)
2409 {
2410 if (!capable(CAP_SYS_ADMIN))
2411 return -EPERM;
2412 if (file->f_op->write_iter == redirected_tty_write) {
2413 struct file *f;
2414
2415 spin_lock(&redirect_lock);
2416 f = redirect;
2417 redirect = NULL;
2418 spin_unlock(&redirect_lock);
2419 if (f)
2420 fput(f);
2421 return 0;
2422 }
2423 if (file->f_op->write_iter != tty_write)
2424 return -ENOTTY;
2425 if (!(file->f_mode & FMODE_WRITE))
2426 return -EBADF;
2427 if (!(file->f_mode & FMODE_CAN_WRITE))
2428 return -EINVAL;
2429 spin_lock(&redirect_lock);
2430 if (redirect) {
2431 spin_unlock(&redirect_lock);
2432 return -EBUSY;
2433 }
2434 redirect = get_file(file);
2435 spin_unlock(&redirect_lock);
2436 return 0;
2437 }
2438
2439 /**
2440 * tiocsetd - set line discipline
2441 * @tty: tty device
2442 * @p: pointer to user data
2443 *
2444 * Set the line discipline according to user request.
2445 *
2446 * Locking: see tty_set_ldisc, this function is just a helper
2447 */
2448
tiocsetd(struct tty_struct * tty,int __user * p)2449 static int tiocsetd(struct tty_struct *tty, int __user *p)
2450 {
2451 int disc;
2452 int ret;
2453
2454 if (get_user(disc, p))
2455 return -EFAULT;
2456
2457 ret = tty_set_ldisc(tty, disc);
2458
2459 return ret;
2460 }
2461
2462 /**
2463 * tiocgetd - get line discipline
2464 * @tty: tty device
2465 * @p: pointer to user data
2466 *
2467 * Retrieves the line discipline id directly from the ldisc.
2468 *
2469 * Locking: waits for ldisc reference (in case the line discipline
2470 * is changing or the tty is being hungup)
2471 */
2472
tiocgetd(struct tty_struct * tty,int __user * p)2473 static int tiocgetd(struct tty_struct *tty, int __user *p)
2474 {
2475 struct tty_ldisc *ld;
2476 int ret;
2477
2478 ld = tty_ldisc_ref_wait(tty);
2479 if (!ld)
2480 return -EIO;
2481 ret = put_user(ld->ops->num, p);
2482 tty_ldisc_deref(ld);
2483 return ret;
2484 }
2485
2486 /**
2487 * send_break - performed time break
2488 * @tty: device to break on
2489 * @duration: timeout in mS
2490 *
2491 * Perform a timed break on hardware that lacks its own driver level
2492 * timed break functionality.
2493 *
2494 * Locking:
2495 * atomic_write_lock serializes
2496 *
2497 */
2498
send_break(struct tty_struct * tty,unsigned int duration)2499 static int send_break(struct tty_struct *tty, unsigned int duration)
2500 {
2501 int retval;
2502
2503 if (tty->ops->break_ctl == NULL)
2504 return 0;
2505
2506 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2507 return tty->ops->break_ctl(tty, duration);
2508
2509 /* Do the work ourselves */
2510 if (tty_write_lock(tty, false) < 0)
2511 return -EINTR;
2512
2513 retval = tty->ops->break_ctl(tty, -1);
2514 if (!retval) {
2515 msleep_interruptible(duration);
2516 retval = tty->ops->break_ctl(tty, 0);
2517 } else if (retval == -EOPNOTSUPP) {
2518 /* some drivers can tell only dynamically */
2519 retval = 0;
2520 }
2521 tty_write_unlock(tty);
2522
2523 if (signal_pending(current))
2524 retval = -EINTR;
2525
2526 return retval;
2527 }
2528
2529 /**
2530 * tty_tiocmget - get modem status
2531 * @tty: tty device
2532 * @p: pointer to result
2533 *
2534 * Obtain the modem status bits from the tty driver if the feature
2535 * is supported. Return -ENOTTY if it is not available.
2536 *
2537 * Locking: none (up to the driver)
2538 */
2539
tty_tiocmget(struct tty_struct * tty,int __user * p)2540 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2541 {
2542 int retval = -ENOTTY;
2543
2544 if (tty->ops->tiocmget) {
2545 retval = tty->ops->tiocmget(tty);
2546
2547 if (retval >= 0)
2548 retval = put_user(retval, p);
2549 }
2550 return retval;
2551 }
2552
2553 /**
2554 * tty_tiocmset - set modem status
2555 * @tty: tty device
2556 * @cmd: command - clear bits, set bits or set all
2557 * @p: pointer to desired bits
2558 *
2559 * Set the modem status bits from the tty driver if the feature
2560 * is supported. Return -ENOTTY if it is not available.
2561 *
2562 * Locking: none (up to the driver)
2563 */
2564
tty_tiocmset(struct tty_struct * tty,unsigned int cmd,unsigned __user * p)2565 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2566 unsigned __user *p)
2567 {
2568 int retval;
2569 unsigned int set, clear, val;
2570
2571 if (tty->ops->tiocmset == NULL)
2572 return -ENOTTY;
2573
2574 retval = get_user(val, p);
2575 if (retval)
2576 return retval;
2577 set = clear = 0;
2578 switch (cmd) {
2579 case TIOCMBIS:
2580 set = val;
2581 break;
2582 case TIOCMBIC:
2583 clear = val;
2584 break;
2585 case TIOCMSET:
2586 set = val;
2587 clear = ~val;
2588 break;
2589 }
2590 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2591 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2592 return tty->ops->tiocmset(tty, set, clear);
2593 }
2594
2595 /**
2596 * tty_get_icount - get tty statistics
2597 * @tty: tty device
2598 * @icount: output parameter
2599 *
2600 * Gets a copy of the tty's icount statistics.
2601 *
2602 * Locking: none (up to the driver)
2603 */
tty_get_icount(struct tty_struct * tty,struct serial_icounter_struct * icount)2604 int tty_get_icount(struct tty_struct *tty,
2605 struct serial_icounter_struct *icount)
2606 {
2607 memset(icount, 0, sizeof(*icount));
2608
2609 if (tty->ops->get_icount)
2610 return tty->ops->get_icount(tty, icount);
2611 else
2612 return -ENOTTY;
2613 }
2614 EXPORT_SYMBOL_GPL(tty_get_icount);
2615
tty_tiocgicount(struct tty_struct * tty,void __user * arg)2616 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2617 {
2618 struct serial_icounter_struct icount;
2619 int retval;
2620
2621 retval = tty_get_icount(tty, &icount);
2622 if (retval != 0)
2623 return retval;
2624
2625 if (copy_to_user(arg, &icount, sizeof(icount)))
2626 return -EFAULT;
2627 return 0;
2628 }
2629
tty_set_serial(struct tty_struct * tty,struct serial_struct * ss)2630 static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2631 {
2632 char comm[TASK_COMM_LEN];
2633 int flags;
2634
2635 flags = ss->flags & ASYNC_DEPRECATED;
2636
2637 if (flags)
2638 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2639 __func__, get_task_comm(comm, current), flags);
2640
2641 if (!tty->ops->set_serial)
2642 return -ENOTTY;
2643
2644 return tty->ops->set_serial(tty, ss);
2645 }
2646
tty_tiocsserial(struct tty_struct * tty,struct serial_struct __user * ss)2647 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2648 {
2649 struct serial_struct v;
2650
2651 if (copy_from_user(&v, ss, sizeof(*ss)))
2652 return -EFAULT;
2653
2654 return tty_set_serial(tty, &v);
2655 }
2656
tty_tiocgserial(struct tty_struct * tty,struct serial_struct __user * ss)2657 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2658 {
2659 struct serial_struct v;
2660 int err;
2661
2662 memset(&v, 0, sizeof(v));
2663 if (!tty->ops->get_serial)
2664 return -ENOTTY;
2665 err = tty->ops->get_serial(tty, &v);
2666 if (!err && copy_to_user(ss, &v, sizeof(v)))
2667 err = -EFAULT;
2668 return err;
2669 }
2670
2671 /*
2672 * if pty, return the slave side (real_tty)
2673 * otherwise, return self
2674 */
tty_pair_get_tty(struct tty_struct * tty)2675 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2676 {
2677 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2678 tty->driver->subtype == PTY_TYPE_MASTER)
2679 tty = tty->link;
2680 return tty;
2681 }
2682
2683 /*
2684 * Split this up, as gcc can choke on it otherwise..
2685 */
tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2686 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2687 {
2688 struct tty_struct *tty = file_tty(file);
2689 struct tty_struct *real_tty;
2690 void __user *p = (void __user *)arg;
2691 int retval;
2692 struct tty_ldisc *ld;
2693
2694 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2695 return -EINVAL;
2696
2697 real_tty = tty_pair_get_tty(tty);
2698
2699 /*
2700 * Factor out some common prep work
2701 */
2702 switch (cmd) {
2703 case TIOCSETD:
2704 case TIOCSBRK:
2705 case TIOCCBRK:
2706 case TCSBRK:
2707 case TCSBRKP:
2708 retval = tty_check_change(tty);
2709 if (retval)
2710 return retval;
2711 if (cmd != TIOCCBRK) {
2712 tty_wait_until_sent(tty, 0);
2713 if (signal_pending(current))
2714 return -EINTR;
2715 }
2716 break;
2717 }
2718
2719 /*
2720 * Now do the stuff.
2721 */
2722 switch (cmd) {
2723 case TIOCSTI:
2724 return tiocsti(tty, p);
2725 case TIOCGWINSZ:
2726 return tiocgwinsz(real_tty, p);
2727 case TIOCSWINSZ:
2728 return tiocswinsz(real_tty, p);
2729 case TIOCCONS:
2730 return real_tty != tty ? -EINVAL : tioccons(file);
2731 case TIOCEXCL:
2732 set_bit(TTY_EXCLUSIVE, &tty->flags);
2733 return 0;
2734 case TIOCNXCL:
2735 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2736 return 0;
2737 case TIOCGEXCL:
2738 {
2739 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2740
2741 return put_user(excl, (int __user *)p);
2742 }
2743 case TIOCGETD:
2744 return tiocgetd(tty, p);
2745 case TIOCSETD:
2746 return tiocsetd(tty, p);
2747 case TIOCVHANGUP:
2748 if (!capable(CAP_SYS_ADMIN))
2749 return -EPERM;
2750 tty_vhangup(tty);
2751 return 0;
2752 case TIOCGDEV:
2753 {
2754 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2755
2756 return put_user(ret, (unsigned int __user *)p);
2757 }
2758 /*
2759 * Break handling
2760 */
2761 case TIOCSBRK: /* Turn break on, unconditionally */
2762 if (tty->ops->break_ctl)
2763 return tty->ops->break_ctl(tty, -1);
2764 return 0;
2765 case TIOCCBRK: /* Turn break off, unconditionally */
2766 if (tty->ops->break_ctl)
2767 return tty->ops->break_ctl(tty, 0);
2768 return 0;
2769 case TCSBRK: /* SVID version: non-zero arg --> no break */
2770 /* non-zero arg means wait for all output data
2771 * to be sent (performed above) but don't send break.
2772 * This is used by the tcdrain() termios function.
2773 */
2774 if (!arg)
2775 return send_break(tty, 250);
2776 return 0;
2777 case TCSBRKP: /* support for POSIX tcsendbreak() */
2778 return send_break(tty, arg ? arg*100 : 250);
2779
2780 case TIOCMGET:
2781 return tty_tiocmget(tty, p);
2782 case TIOCMSET:
2783 case TIOCMBIC:
2784 case TIOCMBIS:
2785 return tty_tiocmset(tty, cmd, p);
2786 case TIOCGICOUNT:
2787 return tty_tiocgicount(tty, p);
2788 case TCFLSH:
2789 switch (arg) {
2790 case TCIFLUSH:
2791 case TCIOFLUSH:
2792 /* flush tty buffer and allow ldisc to process ioctl */
2793 tty_buffer_flush(tty, NULL);
2794 break;
2795 }
2796 break;
2797 case TIOCSSERIAL:
2798 return tty_tiocsserial(tty, p);
2799 case TIOCGSERIAL:
2800 return tty_tiocgserial(tty, p);
2801 case TIOCGPTPEER:
2802 /* Special because the struct file is needed */
2803 return ptm_open_peer(file, tty, (int)arg);
2804 default:
2805 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2806 if (retval != -ENOIOCTLCMD)
2807 return retval;
2808 }
2809 if (tty->ops->ioctl) {
2810 retval = tty->ops->ioctl(tty, cmd, arg);
2811 if (retval != -ENOIOCTLCMD)
2812 return retval;
2813 }
2814 ld = tty_ldisc_ref_wait(tty);
2815 if (!ld)
2816 return hung_up_tty_ioctl(file, cmd, arg);
2817 retval = -EINVAL;
2818 if (ld->ops->ioctl) {
2819 retval = ld->ops->ioctl(tty, file, cmd, arg);
2820 if (retval == -ENOIOCTLCMD)
2821 retval = -ENOTTY;
2822 }
2823 tty_ldisc_deref(ld);
2824 return retval;
2825 }
2826
2827 #ifdef CONFIG_COMPAT
2828
2829 struct serial_struct32 {
2830 compat_int_t type;
2831 compat_int_t line;
2832 compat_uint_t port;
2833 compat_int_t irq;
2834 compat_int_t flags;
2835 compat_int_t xmit_fifo_size;
2836 compat_int_t custom_divisor;
2837 compat_int_t baud_base;
2838 unsigned short close_delay;
2839 char io_type;
2840 char reserved_char;
2841 compat_int_t hub6;
2842 unsigned short closing_wait; /* time to wait before closing */
2843 unsigned short closing_wait2; /* no longer used... */
2844 compat_uint_t iomem_base;
2845 unsigned short iomem_reg_shift;
2846 unsigned int port_high;
2847 /* compat_ulong_t iomap_base FIXME */
2848 compat_int_t reserved;
2849 };
2850
compat_tty_tiocsserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2851 static int compat_tty_tiocsserial(struct tty_struct *tty,
2852 struct serial_struct32 __user *ss)
2853 {
2854 struct serial_struct32 v32;
2855 struct serial_struct v;
2856
2857 if (copy_from_user(&v32, ss, sizeof(*ss)))
2858 return -EFAULT;
2859
2860 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2861 v.iomem_base = compat_ptr(v32.iomem_base);
2862 v.iomem_reg_shift = v32.iomem_reg_shift;
2863 v.port_high = v32.port_high;
2864 v.iomap_base = 0;
2865
2866 return tty_set_serial(tty, &v);
2867 }
2868
compat_tty_tiocgserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2869 static int compat_tty_tiocgserial(struct tty_struct *tty,
2870 struct serial_struct32 __user *ss)
2871 {
2872 struct serial_struct32 v32;
2873 struct serial_struct v;
2874 int err;
2875
2876 memset(&v, 0, sizeof(v));
2877 memset(&v32, 0, sizeof(v32));
2878
2879 if (!tty->ops->get_serial)
2880 return -ENOTTY;
2881 err = tty->ops->get_serial(tty, &v);
2882 if (!err) {
2883 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2884 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2885 0xfffffff : ptr_to_compat(v.iomem_base);
2886 v32.iomem_reg_shift = v.iomem_reg_shift;
2887 v32.port_high = v.port_high;
2888 if (copy_to_user(ss, &v32, sizeof(v32)))
2889 err = -EFAULT;
2890 }
2891 return err;
2892 }
tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2893 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2894 unsigned long arg)
2895 {
2896 struct tty_struct *tty = file_tty(file);
2897 struct tty_ldisc *ld;
2898 int retval = -ENOIOCTLCMD;
2899
2900 switch (cmd) {
2901 case TIOCOUTQ:
2902 case TIOCSTI:
2903 case TIOCGWINSZ:
2904 case TIOCSWINSZ:
2905 case TIOCGEXCL:
2906 case TIOCGETD:
2907 case TIOCSETD:
2908 case TIOCGDEV:
2909 case TIOCMGET:
2910 case TIOCMSET:
2911 case TIOCMBIC:
2912 case TIOCMBIS:
2913 case TIOCGICOUNT:
2914 case TIOCGPGRP:
2915 case TIOCSPGRP:
2916 case TIOCGSID:
2917 case TIOCSERGETLSR:
2918 case TIOCGRS485:
2919 case TIOCSRS485:
2920 #ifdef TIOCGETP
2921 case TIOCGETP:
2922 case TIOCSETP:
2923 case TIOCSETN:
2924 #endif
2925 #ifdef TIOCGETC
2926 case TIOCGETC:
2927 case TIOCSETC:
2928 #endif
2929 #ifdef TIOCGLTC
2930 case TIOCGLTC:
2931 case TIOCSLTC:
2932 #endif
2933 case TCSETSF:
2934 case TCSETSW:
2935 case TCSETS:
2936 case TCGETS:
2937 #ifdef TCGETS2
2938 case TCGETS2:
2939 case TCSETSF2:
2940 case TCSETSW2:
2941 case TCSETS2:
2942 #endif
2943 case TCGETA:
2944 case TCSETAF:
2945 case TCSETAW:
2946 case TCSETA:
2947 case TIOCGLCKTRMIOS:
2948 case TIOCSLCKTRMIOS:
2949 #ifdef TCGETX
2950 case TCGETX:
2951 case TCSETX:
2952 case TCSETXW:
2953 case TCSETXF:
2954 #endif
2955 case TIOCGSOFTCAR:
2956 case TIOCSSOFTCAR:
2957
2958 case PPPIOCGCHAN:
2959 case PPPIOCGUNIT:
2960 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2961 case TIOCCONS:
2962 case TIOCEXCL:
2963 case TIOCNXCL:
2964 case TIOCVHANGUP:
2965 case TIOCSBRK:
2966 case TIOCCBRK:
2967 case TCSBRK:
2968 case TCSBRKP:
2969 case TCFLSH:
2970 case TIOCGPTPEER:
2971 case TIOCNOTTY:
2972 case TIOCSCTTY:
2973 case TCXONC:
2974 case TIOCMIWAIT:
2975 case TIOCSERCONFIG:
2976 return tty_ioctl(file, cmd, arg);
2977 }
2978
2979 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2980 return -EINVAL;
2981
2982 switch (cmd) {
2983 case TIOCSSERIAL:
2984 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2985 case TIOCGSERIAL:
2986 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2987 }
2988 if (tty->ops->compat_ioctl) {
2989 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2990 if (retval != -ENOIOCTLCMD)
2991 return retval;
2992 }
2993
2994 ld = tty_ldisc_ref_wait(tty);
2995 if (!ld)
2996 return hung_up_tty_compat_ioctl(file, cmd, arg);
2997 if (ld->ops->compat_ioctl)
2998 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2999 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
3000 retval = ld->ops->ioctl(tty, file,
3001 (unsigned long)compat_ptr(cmd), arg);
3002 tty_ldisc_deref(ld);
3003
3004 return retval;
3005 }
3006 #endif
3007
this_tty(const void * t,struct file * file,unsigned fd)3008 static int this_tty(const void *t, struct file *file, unsigned fd)
3009 {
3010 if (likely(file->f_op->read_iter != tty_read))
3011 return 0;
3012 return file_tty(file) != t ? 0 : fd + 1;
3013 }
3014
3015 /*
3016 * This implements the "Secure Attention Key" --- the idea is to
3017 * prevent trojan horses by killing all processes associated with this
3018 * tty when the user hits the "Secure Attention Key". Required for
3019 * super-paranoid applications --- see the Orange Book for more details.
3020 *
3021 * This code could be nicer; ideally it should send a HUP, wait a few
3022 * seconds, then send a INT, and then a KILL signal. But you then
3023 * have to coordinate with the init process, since all processes associated
3024 * with the current tty must be dead before the new getty is allowed
3025 * to spawn.
3026 *
3027 * Now, if it would be correct ;-/ The current code has a nasty hole -
3028 * it doesn't catch files in flight. We may send the descriptor to ourselves
3029 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3030 *
3031 * Nasty bug: do_SAK is being called in interrupt context. This can
3032 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3033 */
__do_SAK(struct tty_struct * tty)3034 void __do_SAK(struct tty_struct *tty)
3035 {
3036 #ifdef TTY_SOFT_SAK
3037 tty_hangup(tty);
3038 #else
3039 struct task_struct *g, *p;
3040 struct pid *session;
3041 int i;
3042 unsigned long flags;
3043
3044 if (!tty)
3045 return;
3046
3047 spin_lock_irqsave(&tty->ctrl.lock, flags);
3048 session = get_pid(tty->ctrl.session);
3049 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3050
3051 tty_ldisc_flush(tty);
3052
3053 tty_driver_flush_buffer(tty);
3054
3055 read_lock(&tasklist_lock);
3056 /* Kill the entire session */
3057 do_each_pid_task(session, PIDTYPE_SID, p) {
3058 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3059 task_pid_nr(p), p->comm);
3060 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3061 } while_each_pid_task(session, PIDTYPE_SID, p);
3062
3063 /* Now kill any processes that happen to have the tty open */
3064 do_each_thread(g, p) {
3065 if (p->signal->tty == tty) {
3066 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3067 task_pid_nr(p), p->comm);
3068 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3069 continue;
3070 }
3071 task_lock(p);
3072 i = iterate_fd(p->files, 0, this_tty, tty);
3073 if (i != 0) {
3074 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3075 task_pid_nr(p), p->comm, i - 1);
3076 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3077 }
3078 task_unlock(p);
3079 } while_each_thread(g, p);
3080 read_unlock(&tasklist_lock);
3081 put_pid(session);
3082 #endif
3083 }
3084
do_SAK_work(struct work_struct * work)3085 static void do_SAK_work(struct work_struct *work)
3086 {
3087 struct tty_struct *tty =
3088 container_of(work, struct tty_struct, SAK_work);
3089 __do_SAK(tty);
3090 }
3091
3092 /*
3093 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3094 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3095 * the values which we write to it will be identical to the values which it
3096 * already has. --akpm
3097 */
do_SAK(struct tty_struct * tty)3098 void do_SAK(struct tty_struct *tty)
3099 {
3100 if (!tty)
3101 return;
3102 schedule_work(&tty->SAK_work);
3103 }
3104 EXPORT_SYMBOL(do_SAK);
3105
3106 /* Must put_device() after it's unused! */
tty_get_device(struct tty_struct * tty)3107 static struct device *tty_get_device(struct tty_struct *tty)
3108 {
3109 dev_t devt = tty_devnum(tty);
3110
3111 return class_find_device_by_devt(tty_class, devt);
3112 }
3113
3114
3115 /*
3116 * alloc_tty_struct
3117 *
3118 * This subroutine allocates and initializes a tty structure.
3119 *
3120 * Locking: none - tty in question is not exposed at this point
3121 */
3122
alloc_tty_struct(struct tty_driver * driver,int idx)3123 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3124 {
3125 struct tty_struct *tty;
3126
3127 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3128 if (!tty)
3129 return NULL;
3130
3131 kref_init(&tty->kref);
3132 tty->magic = TTY_MAGIC;
3133 if (tty_ldisc_init(tty)) {
3134 kfree(tty);
3135 return NULL;
3136 }
3137 tty->ctrl.session = NULL;
3138 tty->ctrl.pgrp = NULL;
3139 mutex_init(&tty->legacy_mutex);
3140 mutex_init(&tty->throttle_mutex);
3141 init_rwsem(&tty->termios_rwsem);
3142 mutex_init(&tty->winsize_mutex);
3143 init_ldsem(&tty->ldisc_sem);
3144 init_waitqueue_head(&tty->write_wait);
3145 init_waitqueue_head(&tty->read_wait);
3146 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3147 mutex_init(&tty->atomic_write_lock);
3148 spin_lock_init(&tty->ctrl.lock);
3149 spin_lock_init(&tty->flow.lock);
3150 spin_lock_init(&tty->files_lock);
3151 INIT_LIST_HEAD(&tty->tty_files);
3152 INIT_WORK(&tty->SAK_work, do_SAK_work);
3153
3154 tty->driver = driver;
3155 tty->ops = driver->ops;
3156 tty->index = idx;
3157 tty_line_name(driver, idx, tty->name);
3158 tty->dev = tty_get_device(tty);
3159
3160 return tty;
3161 }
3162
3163 /**
3164 * tty_put_char - write one character to a tty
3165 * @tty: tty
3166 * @ch: character
3167 *
3168 * Write one byte to the tty using the provided put_char method
3169 * if present. Returns the number of characters successfully output.
3170 *
3171 * Note: the specific put_char operation in the driver layer may go
3172 * away soon. Don't call it directly, use this method
3173 */
3174
tty_put_char(struct tty_struct * tty,unsigned char ch)3175 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3176 {
3177 if (tty->ops->put_char)
3178 return tty->ops->put_char(tty, ch);
3179 return tty->ops->write(tty, &ch, 1);
3180 }
3181 EXPORT_SYMBOL_GPL(tty_put_char);
3182
3183 struct class *tty_class;
3184
tty_cdev_add(struct tty_driver * driver,dev_t dev,unsigned int index,unsigned int count)3185 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3186 unsigned int index, unsigned int count)
3187 {
3188 int err;
3189
3190 /* init here, since reused cdevs cause crashes */
3191 driver->cdevs[index] = cdev_alloc();
3192 if (!driver->cdevs[index])
3193 return -ENOMEM;
3194 driver->cdevs[index]->ops = &tty_fops;
3195 driver->cdevs[index]->owner = driver->owner;
3196 err = cdev_add(driver->cdevs[index], dev, count);
3197 if (err)
3198 kobject_put(&driver->cdevs[index]->kobj);
3199 return err;
3200 }
3201
3202 /**
3203 * tty_register_device - register a tty device
3204 * @driver: the tty driver that describes the tty device
3205 * @index: the index in the tty driver for this tty device
3206 * @device: a struct device that is associated with this tty device.
3207 * This field is optional, if there is no known struct device
3208 * for this tty device it can be set to NULL safely.
3209 *
3210 * Returns a pointer to the struct device for this tty device
3211 * (or ERR_PTR(-EFOO) on error).
3212 *
3213 * This call is required to be made to register an individual tty device
3214 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3215 * that bit is not set, this function should not be called by a tty
3216 * driver.
3217 *
3218 * Locking: ??
3219 */
3220
tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)3221 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3222 struct device *device)
3223 {
3224 return tty_register_device_attr(driver, index, device, NULL, NULL);
3225 }
3226 EXPORT_SYMBOL(tty_register_device);
3227
tty_device_create_release(struct device * dev)3228 static void tty_device_create_release(struct device *dev)
3229 {
3230 dev_dbg(dev, "releasing...\n");
3231 kfree(dev);
3232 }
3233
3234 /**
3235 * tty_register_device_attr - register a tty device
3236 * @driver: the tty driver that describes the tty device
3237 * @index: the index in the tty driver for this tty device
3238 * @device: a struct device that is associated with this tty device.
3239 * This field is optional, if there is no known struct device
3240 * for this tty device it can be set to NULL safely.
3241 * @drvdata: Driver data to be set to device.
3242 * @attr_grp: Attribute group to be set on device.
3243 *
3244 * Returns a pointer to the struct device for this tty device
3245 * (or ERR_PTR(-EFOO) on error).
3246 *
3247 * This call is required to be made to register an individual tty device
3248 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3249 * that bit is not set, this function should not be called by a tty
3250 * driver.
3251 *
3252 * Locking: ??
3253 */
tty_register_device_attr(struct tty_driver * driver,unsigned index,struct device * device,void * drvdata,const struct attribute_group ** attr_grp)3254 struct device *tty_register_device_attr(struct tty_driver *driver,
3255 unsigned index, struct device *device,
3256 void *drvdata,
3257 const struct attribute_group **attr_grp)
3258 {
3259 char name[64];
3260 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3261 struct ktermios *tp;
3262 struct device *dev;
3263 int retval;
3264
3265 if (index >= driver->num) {
3266 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3267 driver->name, index);
3268 return ERR_PTR(-EINVAL);
3269 }
3270
3271 if (driver->type == TTY_DRIVER_TYPE_PTY)
3272 pty_line_name(driver, index, name);
3273 else
3274 tty_line_name(driver, index, name);
3275
3276 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3277 if (!dev)
3278 return ERR_PTR(-ENOMEM);
3279
3280 dev->devt = devt;
3281 dev->class = tty_class;
3282 dev->parent = device;
3283 dev->release = tty_device_create_release;
3284 dev_set_name(dev, "%s", name);
3285 dev->groups = attr_grp;
3286 dev_set_drvdata(dev, drvdata);
3287
3288 dev_set_uevent_suppress(dev, 1);
3289
3290 retval = device_register(dev);
3291 if (retval)
3292 goto err_put;
3293
3294 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3295 /*
3296 * Free any saved termios data so that the termios state is
3297 * reset when reusing a minor number.
3298 */
3299 tp = driver->termios[index];
3300 if (tp) {
3301 driver->termios[index] = NULL;
3302 kfree(tp);
3303 }
3304
3305 retval = tty_cdev_add(driver, devt, index, 1);
3306 if (retval)
3307 goto err_del;
3308 }
3309
3310 dev_set_uevent_suppress(dev, 0);
3311 kobject_uevent(&dev->kobj, KOBJ_ADD);
3312
3313 return dev;
3314
3315 err_del:
3316 device_del(dev);
3317 err_put:
3318 put_device(dev);
3319
3320 return ERR_PTR(retval);
3321 }
3322 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3323
3324 /**
3325 * tty_unregister_device - unregister a tty device
3326 * @driver: the tty driver that describes the tty device
3327 * @index: the index in the tty driver for this tty device
3328 *
3329 * If a tty device is registered with a call to tty_register_device() then
3330 * this function must be called when the tty device is gone.
3331 *
3332 * Locking: ??
3333 */
3334
tty_unregister_device(struct tty_driver * driver,unsigned index)3335 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3336 {
3337 device_destroy(tty_class,
3338 MKDEV(driver->major, driver->minor_start) + index);
3339 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3340 cdev_del(driver->cdevs[index]);
3341 driver->cdevs[index] = NULL;
3342 }
3343 }
3344 EXPORT_SYMBOL(tty_unregister_device);
3345
3346 /**
3347 * __tty_alloc_driver -- allocate tty driver
3348 * @lines: count of lines this driver can handle at most
3349 * @owner: module which is responsible for this driver
3350 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3351 *
3352 * This should not be called directly, some of the provided macros should be
3353 * used instead. Use IS_ERR and friends on @retval.
3354 */
__tty_alloc_driver(unsigned int lines,struct module * owner,unsigned long flags)3355 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3356 unsigned long flags)
3357 {
3358 struct tty_driver *driver;
3359 unsigned int cdevs = 1;
3360 int err;
3361
3362 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3363 return ERR_PTR(-EINVAL);
3364
3365 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3366 if (!driver)
3367 return ERR_PTR(-ENOMEM);
3368
3369 kref_init(&driver->kref);
3370 driver->magic = TTY_DRIVER_MAGIC;
3371 driver->num = lines;
3372 driver->owner = owner;
3373 driver->flags = flags;
3374
3375 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3376 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3377 GFP_KERNEL);
3378 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3379 GFP_KERNEL);
3380 if (!driver->ttys || !driver->termios) {
3381 err = -ENOMEM;
3382 goto err_free_all;
3383 }
3384 }
3385
3386 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3387 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3388 GFP_KERNEL);
3389 if (!driver->ports) {
3390 err = -ENOMEM;
3391 goto err_free_all;
3392 }
3393 cdevs = lines;
3394 }
3395
3396 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3397 if (!driver->cdevs) {
3398 err = -ENOMEM;
3399 goto err_free_all;
3400 }
3401
3402 return driver;
3403 err_free_all:
3404 kfree(driver->ports);
3405 kfree(driver->ttys);
3406 kfree(driver->termios);
3407 kfree(driver->cdevs);
3408 kfree(driver);
3409 return ERR_PTR(err);
3410 }
3411 EXPORT_SYMBOL(__tty_alloc_driver);
3412
destruct_tty_driver(struct kref * kref)3413 static void destruct_tty_driver(struct kref *kref)
3414 {
3415 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3416 int i;
3417 struct ktermios *tp;
3418
3419 if (driver->flags & TTY_DRIVER_INSTALLED) {
3420 for (i = 0; i < driver->num; i++) {
3421 tp = driver->termios[i];
3422 if (tp) {
3423 driver->termios[i] = NULL;
3424 kfree(tp);
3425 }
3426 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3427 tty_unregister_device(driver, i);
3428 }
3429 proc_tty_unregister_driver(driver);
3430 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3431 cdev_del(driver->cdevs[0]);
3432 }
3433 kfree(driver->cdevs);
3434 kfree(driver->ports);
3435 kfree(driver->termios);
3436 kfree(driver->ttys);
3437 kfree(driver);
3438 }
3439
tty_driver_kref_put(struct tty_driver * driver)3440 void tty_driver_kref_put(struct tty_driver *driver)
3441 {
3442 kref_put(&driver->kref, destruct_tty_driver);
3443 }
3444 EXPORT_SYMBOL(tty_driver_kref_put);
3445
3446 /*
3447 * Called by a tty driver to register itself.
3448 */
tty_register_driver(struct tty_driver * driver)3449 int tty_register_driver(struct tty_driver *driver)
3450 {
3451 int error;
3452 int i;
3453 dev_t dev;
3454 struct device *d;
3455
3456 if (!driver->major) {
3457 error = alloc_chrdev_region(&dev, driver->minor_start,
3458 driver->num, driver->name);
3459 if (!error) {
3460 driver->major = MAJOR(dev);
3461 driver->minor_start = MINOR(dev);
3462 }
3463 } else {
3464 dev = MKDEV(driver->major, driver->minor_start);
3465 error = register_chrdev_region(dev, driver->num, driver->name);
3466 }
3467 if (error < 0)
3468 goto err;
3469
3470 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3471 error = tty_cdev_add(driver, dev, 0, driver->num);
3472 if (error)
3473 goto err_unreg_char;
3474 }
3475
3476 mutex_lock(&tty_mutex);
3477 list_add(&driver->tty_drivers, &tty_drivers);
3478 mutex_unlock(&tty_mutex);
3479
3480 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3481 for (i = 0; i < driver->num; i++) {
3482 d = tty_register_device(driver, i, NULL);
3483 if (IS_ERR(d)) {
3484 error = PTR_ERR(d);
3485 goto err_unreg_devs;
3486 }
3487 }
3488 }
3489 proc_tty_register_driver(driver);
3490 driver->flags |= TTY_DRIVER_INSTALLED;
3491 return 0;
3492
3493 err_unreg_devs:
3494 for (i--; i >= 0; i--)
3495 tty_unregister_device(driver, i);
3496
3497 mutex_lock(&tty_mutex);
3498 list_del(&driver->tty_drivers);
3499 mutex_unlock(&tty_mutex);
3500
3501 err_unreg_char:
3502 unregister_chrdev_region(dev, driver->num);
3503 err:
3504 return error;
3505 }
3506 EXPORT_SYMBOL(tty_register_driver);
3507
3508 /*
3509 * Called by a tty driver to unregister itself.
3510 */
tty_unregister_driver(struct tty_driver * driver)3511 void tty_unregister_driver(struct tty_driver *driver)
3512 {
3513 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3514 driver->num);
3515 mutex_lock(&tty_mutex);
3516 list_del(&driver->tty_drivers);
3517 mutex_unlock(&tty_mutex);
3518 }
3519 EXPORT_SYMBOL(tty_unregister_driver);
3520
tty_devnum(struct tty_struct * tty)3521 dev_t tty_devnum(struct tty_struct *tty)
3522 {
3523 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3524 }
3525 EXPORT_SYMBOL(tty_devnum);
3526
tty_default_fops(struct file_operations * fops)3527 void tty_default_fops(struct file_operations *fops)
3528 {
3529 *fops = tty_fops;
3530 }
3531
tty_devnode(struct device * dev,umode_t * mode)3532 static char *tty_devnode(struct device *dev, umode_t *mode)
3533 {
3534 if (!mode)
3535 return NULL;
3536 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3537 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3538 *mode = 0666;
3539 return NULL;
3540 }
3541
tty_class_init(void)3542 static int __init tty_class_init(void)
3543 {
3544 tty_class = class_create(THIS_MODULE, "tty");
3545 if (IS_ERR(tty_class))
3546 return PTR_ERR(tty_class);
3547 tty_class->devnode = tty_devnode;
3548 return 0;
3549 }
3550
3551 postcore_initcall(tty_class_init);
3552
3553 /* 3/2004 jmc: why do these devices exist? */
3554 static struct cdev tty_cdev, console_cdev;
3555
show_cons_active(struct device * dev,struct device_attribute * attr,char * buf)3556 static ssize_t show_cons_active(struct device *dev,
3557 struct device_attribute *attr, char *buf)
3558 {
3559 struct console *cs[16];
3560 int i = 0;
3561 struct console *c;
3562 ssize_t count = 0;
3563
3564 console_lock();
3565 for_each_console(c) {
3566 if (!c->device)
3567 continue;
3568 if (!c->write)
3569 continue;
3570 if ((c->flags & CON_ENABLED) == 0)
3571 continue;
3572 cs[i++] = c;
3573 if (i >= ARRAY_SIZE(cs))
3574 break;
3575 }
3576 while (i--) {
3577 int index = cs[i]->index;
3578 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3579
3580 /* don't resolve tty0 as some programs depend on it */
3581 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3582 count += tty_line_name(drv, index, buf + count);
3583 else
3584 count += sprintf(buf + count, "%s%d",
3585 cs[i]->name, cs[i]->index);
3586
3587 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3588 }
3589 console_unlock();
3590
3591 return count;
3592 }
3593 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3594
3595 static struct attribute *cons_dev_attrs[] = {
3596 &dev_attr_active.attr,
3597 NULL
3598 };
3599
3600 ATTRIBUTE_GROUPS(cons_dev);
3601
3602 static struct device *consdev;
3603
console_sysfs_notify(void)3604 void console_sysfs_notify(void)
3605 {
3606 if (consdev)
3607 sysfs_notify(&consdev->kobj, NULL, "active");
3608 }
3609
3610 /*
3611 * Ok, now we can initialize the rest of the tty devices and can count
3612 * on memory allocations, interrupts etc..
3613 */
tty_init(void)3614 int __init tty_init(void)
3615 {
3616 tty_sysctl_init();
3617 cdev_init(&tty_cdev, &tty_fops);
3618 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3619 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3620 panic("Couldn't register /dev/tty driver\n");
3621 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3622
3623 cdev_init(&console_cdev, &console_fops);
3624 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3625 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3626 panic("Couldn't register /dev/console driver\n");
3627 consdev = device_create_with_groups(tty_class, NULL,
3628 MKDEV(TTYAUX_MAJOR, 1), NULL,
3629 cons_dev_groups, "console");
3630 if (IS_ERR(consdev))
3631 consdev = NULL;
3632
3633 #ifdef CONFIG_VT
3634 vty_init(&console_fops);
3635 #endif
3636 return 0;
3637 }
3638
3639