1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6 /*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68 #include <linux/types.h>
69 #include <linux/major.h>
70 #include <linux/errno.h>
71 #include <linux/signal.h>
72 #include <linux/fcntl.h>
73 #include <linux/sched/signal.h>
74 #include <linux/sched/task.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/ppp-ioctl.h>
91 #include <linux/proc_fs.h>
92 #include <linux/init.h>
93 #include <linux/module.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99 #include <linux/serial.h>
100 #include <linux/ratelimit.h>
101 #include <linux/compat.h>
102 #include <linux/uaccess.h>
103 #include <linux/termios_internal.h>
104
105 #include <linux/kbd_kern.h>
106 #include <linux/vt_kern.h>
107 #include <linux/selection.h>
108
109 #include <linux/kmod.h>
110 #include <linux/nsproxy.h>
111 #include "tty.h"
112
113 #undef TTY_DEBUG_HANGUP
114 #ifdef TTY_DEBUG_HANGUP
115 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
116 #else
117 # define tty_debug_hangup(tty, f, args...) do { } while (0)
118 #endif
119
120 #define TTY_PARANOIA_CHECK 1
121 #define CHECK_TTY_COUNT 1
122
123 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
124 .c_iflag = ICRNL | IXON,
125 .c_oflag = OPOST | ONLCR,
126 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
127 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
128 ECHOCTL | ECHOKE | IEXTEN,
129 .c_cc = INIT_C_CC,
130 .c_ispeed = 38400,
131 .c_ospeed = 38400,
132 /* .c_line = N_TTY, */
133 };
134 EXPORT_SYMBOL(tty_std_termios);
135
136 /* This list gets poked at by procfs and various bits of boot up code. This
137 * could do with some rationalisation such as pulling the tty proc function
138 * into this file.
139 */
140
141 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
142
143 /* Mutex to protect creating and releasing a tty */
144 DEFINE_MUTEX(tty_mutex);
145
146 static ssize_t tty_read(struct kiocb *, struct iov_iter *);
147 static ssize_t tty_write(struct kiocb *, struct iov_iter *);
148 static __poll_t tty_poll(struct file *, poll_table *);
149 static int tty_open(struct inode *, struct file *);
150 #ifdef CONFIG_COMPAT
151 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
152 unsigned long arg);
153 #else
154 #define tty_compat_ioctl NULL
155 #endif
156 static int __tty_fasync(int fd, struct file *filp, int on);
157 static int tty_fasync(int fd, struct file *filp, int on);
158 static void release_tty(struct tty_struct *tty, int idx);
159
160 /**
161 * free_tty_struct - free a disused tty
162 * @tty: tty struct to free
163 *
164 * Free the write buffers, tty queue and tty memory itself.
165 *
166 * Locking: none. Must be called after tty is definitely unused
167 */
free_tty_struct(struct tty_struct * tty)168 static void free_tty_struct(struct tty_struct *tty)
169 {
170 tty_ldisc_deinit(tty);
171 put_device(tty->dev);
172 kvfree(tty->write_buf);
173 kfree(tty);
174 }
175
file_tty(struct file * file)176 static inline struct tty_struct *file_tty(struct file *file)
177 {
178 return ((struct tty_file_private *)file->private_data)->tty;
179 }
180
tty_alloc_file(struct file * file)181 int tty_alloc_file(struct file *file)
182 {
183 struct tty_file_private *priv;
184
185 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
186 if (!priv)
187 return -ENOMEM;
188
189 file->private_data = priv;
190
191 return 0;
192 }
193
194 /* Associate a new file with the tty structure */
tty_add_file(struct tty_struct * tty,struct file * file)195 void tty_add_file(struct tty_struct *tty, struct file *file)
196 {
197 struct tty_file_private *priv = file->private_data;
198
199 priv->tty = tty;
200 priv->file = file;
201
202 spin_lock(&tty->files_lock);
203 list_add(&priv->list, &tty->tty_files);
204 spin_unlock(&tty->files_lock);
205 }
206
207 /**
208 * tty_free_file - free file->private_data
209 * @file: to free private_data of
210 *
211 * This shall be used only for fail path handling when tty_add_file was not
212 * called yet.
213 */
tty_free_file(struct file * file)214 void tty_free_file(struct file *file)
215 {
216 struct tty_file_private *priv = file->private_data;
217
218 file->private_data = NULL;
219 kfree(priv);
220 }
221
222 /* Delete file from its tty */
tty_del_file(struct file * file)223 static void tty_del_file(struct file *file)
224 {
225 struct tty_file_private *priv = file->private_data;
226 struct tty_struct *tty = priv->tty;
227
228 spin_lock(&tty->files_lock);
229 list_del(&priv->list);
230 spin_unlock(&tty->files_lock);
231 tty_free_file(file);
232 }
233
234 /**
235 * tty_name - return tty naming
236 * @tty: tty structure
237 *
238 * Convert a tty structure into a name. The name reflects the kernel naming
239 * policy and if udev is in use may not reflect user space
240 *
241 * Locking: none
242 */
tty_name(const struct tty_struct * tty)243 const char *tty_name(const struct tty_struct *tty)
244 {
245 if (!tty) /* Hmm. NULL pointer. That's fun. */
246 return "NULL tty";
247 return tty->name;
248 }
249 EXPORT_SYMBOL(tty_name);
250
tty_driver_name(const struct tty_struct * tty)251 const char *tty_driver_name(const struct tty_struct *tty)
252 {
253 if (!tty || !tty->driver)
254 return "";
255 return tty->driver->name;
256 }
257
tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)258 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
259 const char *routine)
260 {
261 #ifdef TTY_PARANOIA_CHECK
262 if (!tty) {
263 pr_warn("(%d:%d): %s: NULL tty\n",
264 imajor(inode), iminor(inode), routine);
265 return 1;
266 }
267 #endif
268 return 0;
269 }
270
271 /* Caller must hold tty_lock */
check_tty_count(struct tty_struct * tty,const char * routine)272 static int check_tty_count(struct tty_struct *tty, const char *routine)
273 {
274 #ifdef CHECK_TTY_COUNT
275 struct list_head *p;
276 int count = 0, kopen_count = 0;
277
278 spin_lock(&tty->files_lock);
279 list_for_each(p, &tty->tty_files) {
280 count++;
281 }
282 spin_unlock(&tty->files_lock);
283 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
284 tty->driver->subtype == PTY_TYPE_SLAVE &&
285 tty->link && tty->link->count)
286 count++;
287 if (tty_port_kopened(tty->port))
288 kopen_count++;
289 if (tty->count != (count + kopen_count)) {
290 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
291 routine, tty->count, count, kopen_count);
292 return (count + kopen_count);
293 }
294 #endif
295 return 0;
296 }
297
298 /**
299 * get_tty_driver - find device of a tty
300 * @device: device identifier
301 * @index: returns the index of the tty
302 *
303 * This routine returns a tty driver structure, given a device number and also
304 * passes back the index number.
305 *
306 * Locking: caller must hold tty_mutex
307 */
get_tty_driver(dev_t device,int * index)308 static struct tty_driver *get_tty_driver(dev_t device, int *index)
309 {
310 struct tty_driver *p;
311
312 list_for_each_entry(p, &tty_drivers, tty_drivers) {
313 dev_t base = MKDEV(p->major, p->minor_start);
314
315 if (device < base || device >= base + p->num)
316 continue;
317 *index = device - base;
318 return tty_driver_kref_get(p);
319 }
320 return NULL;
321 }
322
323 /**
324 * tty_dev_name_to_number - return dev_t for device name
325 * @name: user space name of device under /dev
326 * @number: pointer to dev_t that this function will populate
327 *
328 * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
329 * (4, 64) or (188, 1). If no corresponding driver is registered then the
330 * function returns -%ENODEV.
331 *
332 * Locking: this acquires tty_mutex to protect the tty_drivers list from
333 * being modified while we are traversing it, and makes sure to
334 * release it before exiting.
335 */
tty_dev_name_to_number(const char * name,dev_t * number)336 int tty_dev_name_to_number(const char *name, dev_t *number)
337 {
338 struct tty_driver *p;
339 int ret;
340 int index, prefix_length = 0;
341 const char *str;
342
343 for (str = name; *str && !isdigit(*str); str++)
344 ;
345
346 if (!*str)
347 return -EINVAL;
348
349 ret = kstrtoint(str, 10, &index);
350 if (ret)
351 return ret;
352
353 prefix_length = str - name;
354 mutex_lock(&tty_mutex);
355
356 list_for_each_entry(p, &tty_drivers, tty_drivers)
357 if (prefix_length == strlen(p->name) && strncmp(name,
358 p->name, prefix_length) == 0) {
359 if (index < p->num) {
360 *number = MKDEV(p->major, p->minor_start + index);
361 goto out;
362 }
363 }
364
365 /* if here then driver wasn't found */
366 ret = -ENODEV;
367 out:
368 mutex_unlock(&tty_mutex);
369 return ret;
370 }
371 EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
372
373 #ifdef CONFIG_CONSOLE_POLL
374
375 /**
376 * tty_find_polling_driver - find device of a polled tty
377 * @name: name string to match
378 * @line: pointer to resulting tty line nr
379 *
380 * This routine returns a tty driver structure, given a name and the condition
381 * that the tty driver is capable of polled operation.
382 */
tty_find_polling_driver(char * name,int * line)383 struct tty_driver *tty_find_polling_driver(char *name, int *line)
384 {
385 struct tty_driver *p, *res = NULL;
386 int tty_line = 0;
387 int len;
388 char *str, *stp;
389
390 for (str = name; *str; str++)
391 if ((*str >= '0' && *str <= '9') || *str == ',')
392 break;
393 if (!*str)
394 return NULL;
395
396 len = str - name;
397 tty_line = simple_strtoul(str, &str, 10);
398
399 mutex_lock(&tty_mutex);
400 /* Search through the tty devices to look for a match */
401 list_for_each_entry(p, &tty_drivers, tty_drivers) {
402 if (!len || strncmp(name, p->name, len) != 0)
403 continue;
404 stp = str;
405 if (*stp == ',')
406 stp++;
407 if (*stp == '\0')
408 stp = NULL;
409
410 if (tty_line >= 0 && tty_line < p->num && p->ops &&
411 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
412 res = tty_driver_kref_get(p);
413 *line = tty_line;
414 break;
415 }
416 }
417 mutex_unlock(&tty_mutex);
418
419 return res;
420 }
421 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
422 #endif
423
hung_up_tty_read(struct kiocb * iocb,struct iov_iter * to)424 static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
425 {
426 return 0;
427 }
428
hung_up_tty_write(struct kiocb * iocb,struct iov_iter * from)429 static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
430 {
431 return -EIO;
432 }
433
434 /* No kernel lock held - none needed ;) */
hung_up_tty_poll(struct file * filp,poll_table * wait)435 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
436 {
437 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
438 }
439
hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)440 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
441 unsigned long arg)
442 {
443 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
444 }
445
hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)446 static long hung_up_tty_compat_ioctl(struct file *file,
447 unsigned int cmd, unsigned long arg)
448 {
449 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
450 }
451
hung_up_tty_fasync(int fd,struct file * file,int on)452 static int hung_up_tty_fasync(int fd, struct file *file, int on)
453 {
454 return -ENOTTY;
455 }
456
tty_show_fdinfo(struct seq_file * m,struct file * file)457 static void tty_show_fdinfo(struct seq_file *m, struct file *file)
458 {
459 struct tty_struct *tty = file_tty(file);
460
461 if (tty && tty->ops && tty->ops->show_fdinfo)
462 tty->ops->show_fdinfo(tty, m);
463 }
464
465 static const struct file_operations tty_fops = {
466 .llseek = no_llseek,
467 .read_iter = tty_read,
468 .write_iter = tty_write,
469 .splice_read = generic_file_splice_read,
470 .splice_write = iter_file_splice_write,
471 .poll = tty_poll,
472 .unlocked_ioctl = tty_ioctl,
473 .compat_ioctl = tty_compat_ioctl,
474 .open = tty_open,
475 .release = tty_release,
476 .fasync = tty_fasync,
477 .show_fdinfo = tty_show_fdinfo,
478 };
479
480 static const struct file_operations console_fops = {
481 .llseek = no_llseek,
482 .read_iter = tty_read,
483 .write_iter = redirected_tty_write,
484 .splice_read = generic_file_splice_read,
485 .splice_write = iter_file_splice_write,
486 .poll = tty_poll,
487 .unlocked_ioctl = tty_ioctl,
488 .compat_ioctl = tty_compat_ioctl,
489 .open = tty_open,
490 .release = tty_release,
491 .fasync = tty_fasync,
492 };
493
494 static const struct file_operations hung_up_tty_fops = {
495 .llseek = no_llseek,
496 .read_iter = hung_up_tty_read,
497 .write_iter = hung_up_tty_write,
498 .poll = hung_up_tty_poll,
499 .unlocked_ioctl = hung_up_tty_ioctl,
500 .compat_ioctl = hung_up_tty_compat_ioctl,
501 .release = tty_release,
502 .fasync = hung_up_tty_fasync,
503 };
504
505 static DEFINE_SPINLOCK(redirect_lock);
506 static struct file *redirect;
507
508 /**
509 * tty_wakeup - request more data
510 * @tty: terminal
511 *
512 * Internal and external helper for wakeups of tty. This function informs the
513 * line discipline if present that the driver is ready to receive more output
514 * data.
515 */
tty_wakeup(struct tty_struct * tty)516 void tty_wakeup(struct tty_struct *tty)
517 {
518 struct tty_ldisc *ld;
519
520 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
521 ld = tty_ldisc_ref(tty);
522 if (ld) {
523 if (ld->ops->write_wakeup)
524 ld->ops->write_wakeup(tty);
525 tty_ldisc_deref(ld);
526 }
527 }
528 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
529 }
530 EXPORT_SYMBOL_GPL(tty_wakeup);
531
532 /**
533 * tty_release_redirect - Release a redirect on a pty if present
534 * @tty: tty device
535 *
536 * This is available to the pty code so if the master closes, if the slave is a
537 * redirect it can release the redirect.
538 */
tty_release_redirect(struct tty_struct * tty)539 static struct file *tty_release_redirect(struct tty_struct *tty)
540 {
541 struct file *f = NULL;
542
543 spin_lock(&redirect_lock);
544 if (redirect && file_tty(redirect) == tty) {
545 f = redirect;
546 redirect = NULL;
547 }
548 spin_unlock(&redirect_lock);
549
550 return f;
551 }
552
553 /**
554 * __tty_hangup - actual handler for hangup events
555 * @tty: tty device
556 * @exit_session: if non-zero, signal all foreground group processes
557 *
558 * This can be called by a "kworker" kernel thread. That is process synchronous
559 * but doesn't hold any locks, so we need to make sure we have the appropriate
560 * locks for what we're doing.
561 *
562 * The hangup event clears any pending redirections onto the hung up device. It
563 * ensures future writes will error and it does the needed line discipline
564 * hangup and signal delivery. The tty object itself remains intact.
565 *
566 * Locking:
567 * * BTM
568 *
569 * * redirect lock for undoing redirection
570 * * file list lock for manipulating list of ttys
571 * * tty_ldiscs_lock from called functions
572 * * termios_rwsem resetting termios data
573 * * tasklist_lock to walk task list for hangup event
574 *
575 * * ->siglock to protect ->signal/->sighand
576 *
577 */
__tty_hangup(struct tty_struct * tty,int exit_session)578 static void __tty_hangup(struct tty_struct *tty, int exit_session)
579 {
580 struct file *cons_filp = NULL;
581 struct file *filp, *f;
582 struct tty_file_private *priv;
583 int closecount = 0, n;
584 int refs;
585
586 if (!tty)
587 return;
588
589 f = tty_release_redirect(tty);
590
591 tty_lock(tty);
592
593 if (test_bit(TTY_HUPPED, &tty->flags)) {
594 tty_unlock(tty);
595 return;
596 }
597
598 /*
599 * Some console devices aren't actually hung up for technical and
600 * historical reasons, which can lead to indefinite interruptible
601 * sleep in n_tty_read(). The following explicitly tells
602 * n_tty_read() to abort readers.
603 */
604 set_bit(TTY_HUPPING, &tty->flags);
605
606 /* inuse_filps is protected by the single tty lock,
607 * this really needs to change if we want to flush the
608 * workqueue with the lock held.
609 */
610 check_tty_count(tty, "tty_hangup");
611
612 spin_lock(&tty->files_lock);
613 /* This breaks for file handles being sent over AF_UNIX sockets ? */
614 list_for_each_entry(priv, &tty->tty_files, list) {
615 filp = priv->file;
616 if (filp->f_op->write_iter == redirected_tty_write)
617 cons_filp = filp;
618 if (filp->f_op->write_iter != tty_write)
619 continue;
620 closecount++;
621 __tty_fasync(-1, filp, 0); /* can't block */
622 filp->f_op = &hung_up_tty_fops;
623 }
624 spin_unlock(&tty->files_lock);
625
626 refs = tty_signal_session_leader(tty, exit_session);
627 /* Account for the p->signal references we killed */
628 while (refs--)
629 tty_kref_put(tty);
630
631 tty_ldisc_hangup(tty, cons_filp != NULL);
632
633 spin_lock_irq(&tty->ctrl.lock);
634 clear_bit(TTY_THROTTLED, &tty->flags);
635 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
636 put_pid(tty->ctrl.session);
637 put_pid(tty->ctrl.pgrp);
638 tty->ctrl.session = NULL;
639 tty->ctrl.pgrp = NULL;
640 tty->ctrl.pktstatus = 0;
641 spin_unlock_irq(&tty->ctrl.lock);
642
643 /*
644 * If one of the devices matches a console pointer, we
645 * cannot just call hangup() because that will cause
646 * tty->count and state->count to go out of sync.
647 * So we just call close() the right number of times.
648 */
649 if (cons_filp) {
650 if (tty->ops->close)
651 for (n = 0; n < closecount; n++)
652 tty->ops->close(tty, cons_filp);
653 } else if (tty->ops->hangup)
654 tty->ops->hangup(tty);
655 /*
656 * We don't want to have driver/ldisc interactions beyond the ones
657 * we did here. The driver layer expects no calls after ->hangup()
658 * from the ldisc side, which is now guaranteed.
659 */
660 set_bit(TTY_HUPPED, &tty->flags);
661 clear_bit(TTY_HUPPING, &tty->flags);
662 tty_unlock(tty);
663
664 if (f)
665 fput(f);
666 }
667
do_tty_hangup(struct work_struct * work)668 static void do_tty_hangup(struct work_struct *work)
669 {
670 struct tty_struct *tty =
671 container_of(work, struct tty_struct, hangup_work);
672
673 __tty_hangup(tty, 0);
674 }
675
676 /**
677 * tty_hangup - trigger a hangup event
678 * @tty: tty to hangup
679 *
680 * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
681 * hangup sequence to run after this event.
682 */
tty_hangup(struct tty_struct * tty)683 void tty_hangup(struct tty_struct *tty)
684 {
685 tty_debug_hangup(tty, "hangup\n");
686 schedule_work(&tty->hangup_work);
687 }
688 EXPORT_SYMBOL(tty_hangup);
689
690 /**
691 * tty_vhangup - process vhangup
692 * @tty: tty to hangup
693 *
694 * The user has asked via system call for the terminal to be hung up. We do
695 * this synchronously so that when the syscall returns the process is complete.
696 * That guarantee is necessary for security reasons.
697 */
tty_vhangup(struct tty_struct * tty)698 void tty_vhangup(struct tty_struct *tty)
699 {
700 tty_debug_hangup(tty, "vhangup\n");
701 __tty_hangup(tty, 0);
702 }
703 EXPORT_SYMBOL(tty_vhangup);
704
705
706 /**
707 * tty_vhangup_self - process vhangup for own ctty
708 *
709 * Perform a vhangup on the current controlling tty
710 */
tty_vhangup_self(void)711 void tty_vhangup_self(void)
712 {
713 struct tty_struct *tty;
714
715 tty = get_current_tty();
716 if (tty) {
717 tty_vhangup(tty);
718 tty_kref_put(tty);
719 }
720 }
721
722 /**
723 * tty_vhangup_session - hangup session leader exit
724 * @tty: tty to hangup
725 *
726 * The session leader is exiting and hanging up its controlling terminal.
727 * Every process in the foreground process group is signalled %SIGHUP.
728 *
729 * We do this synchronously so that when the syscall returns the process is
730 * complete. That guarantee is necessary for security reasons.
731 */
tty_vhangup_session(struct tty_struct * tty)732 void tty_vhangup_session(struct tty_struct *tty)
733 {
734 tty_debug_hangup(tty, "session hangup\n");
735 __tty_hangup(tty, 1);
736 }
737
738 /**
739 * tty_hung_up_p - was tty hung up
740 * @filp: file pointer of tty
741 *
742 * Return: true if the tty has been subject to a vhangup or a carrier loss
743 */
tty_hung_up_p(struct file * filp)744 int tty_hung_up_p(struct file *filp)
745 {
746 return (filp && filp->f_op == &hung_up_tty_fops);
747 }
748 EXPORT_SYMBOL(tty_hung_up_p);
749
__stop_tty(struct tty_struct * tty)750 void __stop_tty(struct tty_struct *tty)
751 {
752 if (tty->flow.stopped)
753 return;
754 tty->flow.stopped = true;
755 if (tty->ops->stop)
756 tty->ops->stop(tty);
757 }
758
759 /**
760 * stop_tty - propagate flow control
761 * @tty: tty to stop
762 *
763 * Perform flow control to the driver. May be called on an already stopped
764 * device and will not re-call the &tty_driver->stop() method.
765 *
766 * This functionality is used by both the line disciplines for halting incoming
767 * flow and by the driver. It may therefore be called from any context, may be
768 * under the tty %atomic_write_lock but not always.
769 *
770 * Locking:
771 * flow.lock
772 */
stop_tty(struct tty_struct * tty)773 void stop_tty(struct tty_struct *tty)
774 {
775 unsigned long flags;
776
777 spin_lock_irqsave(&tty->flow.lock, flags);
778 __stop_tty(tty);
779 spin_unlock_irqrestore(&tty->flow.lock, flags);
780 }
781 EXPORT_SYMBOL(stop_tty);
782
__start_tty(struct tty_struct * tty)783 void __start_tty(struct tty_struct *tty)
784 {
785 if (!tty->flow.stopped || tty->flow.tco_stopped)
786 return;
787 tty->flow.stopped = false;
788 if (tty->ops->start)
789 tty->ops->start(tty);
790 tty_wakeup(tty);
791 }
792
793 /**
794 * start_tty - propagate flow control
795 * @tty: tty to start
796 *
797 * Start a tty that has been stopped if at all possible. If @tty was previously
798 * stopped and is now being started, the &tty_driver->start() method is invoked
799 * and the line discipline woken.
800 *
801 * Locking:
802 * flow.lock
803 */
start_tty(struct tty_struct * tty)804 void start_tty(struct tty_struct *tty)
805 {
806 unsigned long flags;
807
808 spin_lock_irqsave(&tty->flow.lock, flags);
809 __start_tty(tty);
810 spin_unlock_irqrestore(&tty->flow.lock, flags);
811 }
812 EXPORT_SYMBOL(start_tty);
813
tty_update_time(struct timespec64 * time)814 static void tty_update_time(struct timespec64 *time)
815 {
816 time64_t sec = ktime_get_real_seconds();
817
818 /*
819 * We only care if the two values differ in anything other than the
820 * lower three bits (i.e every 8 seconds). If so, then we can update
821 * the time of the tty device, otherwise it could be construded as a
822 * security leak to let userspace know the exact timing of the tty.
823 */
824 if ((sec ^ time->tv_sec) & ~7)
825 time->tv_sec = sec;
826 }
827
828 /*
829 * Iterate on the ldisc ->read() function until we've gotten all
830 * the data the ldisc has for us.
831 *
832 * The "cookie" is something that the ldisc read function can fill
833 * in to let us know that there is more data to be had.
834 *
835 * We promise to continue to call the ldisc until it stops returning
836 * data or clears the cookie. The cookie may be something that the
837 * ldisc maintains state for and needs to free.
838 */
iterate_tty_read(struct tty_ldisc * ld,struct tty_struct * tty,struct file * file,struct iov_iter * to)839 static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
840 struct file *file, struct iov_iter *to)
841 {
842 int retval = 0;
843 void *cookie = NULL;
844 unsigned long offset = 0;
845 char kernel_buf[64];
846 size_t count = iov_iter_count(to);
847
848 do {
849 int size, copied;
850
851 size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
852 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
853 if (!size)
854 break;
855
856 if (size < 0) {
857 /* Did we have an earlier error (ie -EFAULT)? */
858 if (retval)
859 break;
860 retval = size;
861
862 /*
863 * -EOVERFLOW means we didn't have enough space
864 * for a whole packet, and we shouldn't return
865 * a partial result.
866 */
867 if (retval == -EOVERFLOW)
868 offset = 0;
869 break;
870 }
871
872 copied = copy_to_iter(kernel_buf, size, to);
873 offset += copied;
874 count -= copied;
875
876 /*
877 * If the user copy failed, we still need to do another ->read()
878 * call if we had a cookie to let the ldisc clear up.
879 *
880 * But make sure size is zeroed.
881 */
882 if (unlikely(copied != size)) {
883 count = 0;
884 retval = -EFAULT;
885 }
886 } while (cookie);
887
888 /* We always clear tty buffer in case they contained passwords */
889 memzero_explicit(kernel_buf, sizeof(kernel_buf));
890 return offset ? offset : retval;
891 }
892
893
894 /**
895 * tty_read - read method for tty device files
896 * @iocb: kernel I/O control block
897 * @to: destination for the data read
898 *
899 * Perform the read system call function on this terminal device. Checks
900 * for hung up devices before calling the line discipline method.
901 *
902 * Locking:
903 * Locks the line discipline internally while needed. Multiple read calls
904 * may be outstanding in parallel.
905 */
tty_read(struct kiocb * iocb,struct iov_iter * to)906 static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
907 {
908 int i;
909 struct file *file = iocb->ki_filp;
910 struct inode *inode = file_inode(file);
911 struct tty_struct *tty = file_tty(file);
912 struct tty_ldisc *ld;
913
914 if (tty_paranoia_check(tty, inode, "tty_read"))
915 return -EIO;
916 if (!tty || tty_io_error(tty))
917 return -EIO;
918
919 /* We want to wait for the line discipline to sort out in this
920 * situation.
921 */
922 ld = tty_ldisc_ref_wait(tty);
923 if (!ld)
924 return hung_up_tty_read(iocb, to);
925 i = -EIO;
926 if (ld->ops->read)
927 i = iterate_tty_read(ld, tty, file, to);
928 tty_ldisc_deref(ld);
929
930 if (i > 0)
931 tty_update_time(&inode->i_atime);
932
933 return i;
934 }
935
tty_write_unlock(struct tty_struct * tty)936 void tty_write_unlock(struct tty_struct *tty)
937 {
938 mutex_unlock(&tty->atomic_write_lock);
939 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
940 }
941
tty_write_lock(struct tty_struct * tty,bool ndelay)942 int tty_write_lock(struct tty_struct *tty, bool ndelay)
943 {
944 if (!mutex_trylock(&tty->atomic_write_lock)) {
945 if (ndelay)
946 return -EAGAIN;
947 if (mutex_lock_interruptible(&tty->atomic_write_lock))
948 return -ERESTARTSYS;
949 }
950 return 0;
951 }
952
953 /*
954 * Split writes up in sane blocksizes to avoid
955 * denial-of-service type attacks
956 */
do_tty_write(ssize_t (* write)(struct tty_struct *,struct file *,const unsigned char *,size_t),struct tty_struct * tty,struct file * file,struct iov_iter * from)957 static inline ssize_t do_tty_write(
958 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
959 struct tty_struct *tty,
960 struct file *file,
961 struct iov_iter *from)
962 {
963 size_t count = iov_iter_count(from);
964 ssize_t ret, written = 0;
965 unsigned int chunk;
966
967 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
968 if (ret < 0)
969 return ret;
970
971 /*
972 * We chunk up writes into a temporary buffer. This
973 * simplifies low-level drivers immensely, since they
974 * don't have locking issues and user mode accesses.
975 *
976 * But if TTY_NO_WRITE_SPLIT is set, we should use a
977 * big chunk-size..
978 *
979 * The default chunk-size is 2kB, because the NTTY
980 * layer has problems with bigger chunks. It will
981 * claim to be able to handle more characters than
982 * it actually does.
983 */
984 chunk = 2048;
985 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
986 chunk = 65536;
987 if (count < chunk)
988 chunk = count;
989
990 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
991 if (tty->write_cnt < chunk) {
992 unsigned char *buf_chunk;
993
994 if (chunk < 1024)
995 chunk = 1024;
996
997 buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
998 if (!buf_chunk) {
999 ret = -ENOMEM;
1000 goto out;
1001 }
1002 kvfree(tty->write_buf);
1003 tty->write_cnt = chunk;
1004 tty->write_buf = buf_chunk;
1005 }
1006
1007 /* Do the write .. */
1008 for (;;) {
1009 size_t size = count;
1010
1011 if (size > chunk)
1012 size = chunk;
1013
1014 ret = -EFAULT;
1015 if (copy_from_iter(tty->write_buf, size, from) != size)
1016 break;
1017
1018 ret = write(tty, file, tty->write_buf, size);
1019 if (ret <= 0)
1020 break;
1021
1022 written += ret;
1023 if (ret > size)
1024 break;
1025
1026 /* FIXME! Have Al check this! */
1027 if (ret != size)
1028 iov_iter_revert(from, size-ret);
1029
1030 count -= ret;
1031 if (!count)
1032 break;
1033 ret = -ERESTARTSYS;
1034 if (signal_pending(current))
1035 break;
1036 cond_resched();
1037 }
1038 if (written) {
1039 tty_update_time(&file_inode(file)->i_mtime);
1040 ret = written;
1041 }
1042 out:
1043 tty_write_unlock(tty);
1044 return ret;
1045 }
1046
1047 /**
1048 * tty_write_message - write a message to a certain tty, not just the console.
1049 * @tty: the destination tty_struct
1050 * @msg: the message to write
1051 *
1052 * This is used for messages that need to be redirected to a specific tty. We
1053 * don't put it into the syslog queue right now maybe in the future if really
1054 * needed.
1055 *
1056 * We must still hold the BTM and test the CLOSING flag for the moment.
1057 */
tty_write_message(struct tty_struct * tty,char * msg)1058 void tty_write_message(struct tty_struct *tty, char *msg)
1059 {
1060 if (tty) {
1061 mutex_lock(&tty->atomic_write_lock);
1062 tty_lock(tty);
1063 if (tty->ops->write && tty->count > 0)
1064 tty->ops->write(tty, msg, strlen(msg));
1065 tty_unlock(tty);
1066 tty_write_unlock(tty);
1067 }
1068 }
1069
file_tty_write(struct file * file,struct kiocb * iocb,struct iov_iter * from)1070 static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1071 {
1072 struct tty_struct *tty = file_tty(file);
1073 struct tty_ldisc *ld;
1074 ssize_t ret;
1075
1076 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1077 return -EIO;
1078 if (!tty || !tty->ops->write || tty_io_error(tty))
1079 return -EIO;
1080 /* Short term debug to catch buggy drivers */
1081 if (tty->ops->write_room == NULL)
1082 tty_err(tty, "missing write_room method\n");
1083 ld = tty_ldisc_ref_wait(tty);
1084 if (!ld)
1085 return hung_up_tty_write(iocb, from);
1086 if (!ld->ops->write)
1087 ret = -EIO;
1088 else
1089 ret = do_tty_write(ld->ops->write, tty, file, from);
1090 tty_ldisc_deref(ld);
1091 return ret;
1092 }
1093
1094 /**
1095 * tty_write - write method for tty device file
1096 * @iocb: kernel I/O control block
1097 * @from: iov_iter with data to write
1098 *
1099 * Write data to a tty device via the line discipline.
1100 *
1101 * Locking:
1102 * Locks the line discipline as required
1103 * Writes to the tty driver are serialized by the atomic_write_lock
1104 * and are then processed in chunks to the device. The line
1105 * discipline write method will not be invoked in parallel for
1106 * each device.
1107 */
tty_write(struct kiocb * iocb,struct iov_iter * from)1108 static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1109 {
1110 return file_tty_write(iocb->ki_filp, iocb, from);
1111 }
1112
redirected_tty_write(struct kiocb * iocb,struct iov_iter * iter)1113 ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1114 {
1115 struct file *p = NULL;
1116
1117 spin_lock(&redirect_lock);
1118 if (redirect)
1119 p = get_file(redirect);
1120 spin_unlock(&redirect_lock);
1121
1122 /*
1123 * We know the redirected tty is just another tty, we can
1124 * call file_tty_write() directly with that file pointer.
1125 */
1126 if (p) {
1127 ssize_t res;
1128
1129 res = file_tty_write(p, iocb, iter);
1130 fput(p);
1131 return res;
1132 }
1133 return tty_write(iocb, iter);
1134 }
1135
1136 /**
1137 * tty_send_xchar - send priority character
1138 * @tty: the tty to send to
1139 * @ch: xchar to send
1140 *
1141 * Send a high priority character to the tty even if stopped.
1142 *
1143 * Locking: none for xchar method, write ordering for write method.
1144 */
tty_send_xchar(struct tty_struct * tty,char ch)1145 int tty_send_xchar(struct tty_struct *tty, char ch)
1146 {
1147 bool was_stopped = tty->flow.stopped;
1148
1149 if (tty->ops->send_xchar) {
1150 down_read(&tty->termios_rwsem);
1151 tty->ops->send_xchar(tty, ch);
1152 up_read(&tty->termios_rwsem);
1153 return 0;
1154 }
1155
1156 if (tty_write_lock(tty, false) < 0)
1157 return -ERESTARTSYS;
1158
1159 down_read(&tty->termios_rwsem);
1160 if (was_stopped)
1161 start_tty(tty);
1162 tty->ops->write(tty, &ch, 1);
1163 if (was_stopped)
1164 stop_tty(tty);
1165 up_read(&tty->termios_rwsem);
1166 tty_write_unlock(tty);
1167 return 0;
1168 }
1169
1170 /**
1171 * pty_line_name - generate name for a pty
1172 * @driver: the tty driver in use
1173 * @index: the minor number
1174 * @p: output buffer of at least 6 bytes
1175 *
1176 * Generate a name from a @driver reference and write it to the output buffer
1177 * @p.
1178 *
1179 * Locking: None
1180 */
pty_line_name(struct tty_driver * driver,int index,char * p)1181 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1182 {
1183 static const char ptychar[] = "pqrstuvwxyzabcde";
1184 int i = index + driver->name_base;
1185 /* ->name is initialized to "ttyp", but "tty" is expected */
1186 sprintf(p, "%s%c%x",
1187 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1188 ptychar[i >> 4 & 0xf], i & 0xf);
1189 }
1190
1191 /**
1192 * tty_line_name - generate name for a tty
1193 * @driver: the tty driver in use
1194 * @index: the minor number
1195 * @p: output buffer of at least 7 bytes
1196 *
1197 * Generate a name from a @driver reference and write it to the output buffer
1198 * @p.
1199 *
1200 * Locking: None
1201 */
tty_line_name(struct tty_driver * driver,int index,char * p)1202 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1203 {
1204 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1205 return sprintf(p, "%s", driver->name);
1206 else
1207 return sprintf(p, "%s%d", driver->name,
1208 index + driver->name_base);
1209 }
1210
1211 /**
1212 * tty_driver_lookup_tty() - find an existing tty, if any
1213 * @driver: the driver for the tty
1214 * @file: file object
1215 * @idx: the minor number
1216 *
1217 * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1218 * driver lookup() method returns an error.
1219 *
1220 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1221 */
tty_driver_lookup_tty(struct tty_driver * driver,struct file * file,int idx)1222 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1223 struct file *file, int idx)
1224 {
1225 struct tty_struct *tty;
1226
1227 if (driver->ops->lookup) {
1228 if (!file)
1229 tty = ERR_PTR(-EIO);
1230 else
1231 tty = driver->ops->lookup(driver, file, idx);
1232 } else {
1233 if (idx >= driver->num)
1234 return ERR_PTR(-EINVAL);
1235 tty = driver->ttys[idx];
1236 }
1237 if (!IS_ERR(tty))
1238 tty_kref_get(tty);
1239 return tty;
1240 }
1241
1242 /**
1243 * tty_init_termios - helper for termios setup
1244 * @tty: the tty to set up
1245 *
1246 * Initialise the termios structure for this tty. This runs under the
1247 * %tty_mutex currently so we can be relaxed about ordering.
1248 */
tty_init_termios(struct tty_struct * tty)1249 void tty_init_termios(struct tty_struct *tty)
1250 {
1251 struct ktermios *tp;
1252 int idx = tty->index;
1253
1254 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1255 tty->termios = tty->driver->init_termios;
1256 else {
1257 /* Check for lazy saved data */
1258 tp = tty->driver->termios[idx];
1259 if (tp != NULL) {
1260 tty->termios = *tp;
1261 tty->termios.c_line = tty->driver->init_termios.c_line;
1262 } else
1263 tty->termios = tty->driver->init_termios;
1264 }
1265 /* Compatibility until drivers always set this */
1266 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1267 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1268 }
1269 EXPORT_SYMBOL_GPL(tty_init_termios);
1270
1271 /**
1272 * tty_standard_install - usual tty->ops->install
1273 * @driver: the driver for the tty
1274 * @tty: the tty
1275 *
1276 * If the @driver overrides @tty->ops->install, it still can call this function
1277 * to perform the standard install operations.
1278 */
tty_standard_install(struct tty_driver * driver,struct tty_struct * tty)1279 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1280 {
1281 tty_init_termios(tty);
1282 tty_driver_kref_get(driver);
1283 tty->count++;
1284 driver->ttys[tty->index] = tty;
1285 return 0;
1286 }
1287 EXPORT_SYMBOL_GPL(tty_standard_install);
1288
1289 /**
1290 * tty_driver_install_tty() - install a tty entry in the driver
1291 * @driver: the driver for the tty
1292 * @tty: the tty
1293 *
1294 * Install a tty object into the driver tables. The @tty->index field will be
1295 * set by the time this is called. This method is responsible for ensuring any
1296 * need additional structures are allocated and configured.
1297 *
1298 * Locking: tty_mutex for now
1299 */
tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1300 static int tty_driver_install_tty(struct tty_driver *driver,
1301 struct tty_struct *tty)
1302 {
1303 return driver->ops->install ? driver->ops->install(driver, tty) :
1304 tty_standard_install(driver, tty);
1305 }
1306
1307 /**
1308 * tty_driver_remove_tty() - remove a tty from the driver tables
1309 * @driver: the driver for the tty
1310 * @tty: tty to remove
1311 *
1312 * Remove a tty object from the driver tables. The tty->index field will be set
1313 * by the time this is called.
1314 *
1315 * Locking: tty_mutex for now
1316 */
tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1317 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1318 {
1319 if (driver->ops->remove)
1320 driver->ops->remove(driver, tty);
1321 else
1322 driver->ttys[tty->index] = NULL;
1323 }
1324
1325 /**
1326 * tty_reopen() - fast re-open of an open tty
1327 * @tty: the tty to open
1328 *
1329 * Re-opens on master ptys are not allowed and return -%EIO.
1330 *
1331 * Locking: Caller must hold tty_lock
1332 * Return: 0 on success, -errno on error.
1333 */
tty_reopen(struct tty_struct * tty)1334 static int tty_reopen(struct tty_struct *tty)
1335 {
1336 struct tty_driver *driver = tty->driver;
1337 struct tty_ldisc *ld;
1338 int retval = 0;
1339
1340 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1341 driver->subtype == PTY_TYPE_MASTER)
1342 return -EIO;
1343
1344 if (!tty->count)
1345 return -EAGAIN;
1346
1347 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1348 return -EBUSY;
1349
1350 ld = tty_ldisc_ref_wait(tty);
1351 if (ld) {
1352 tty_ldisc_deref(ld);
1353 } else {
1354 retval = tty_ldisc_lock(tty, 5 * HZ);
1355 if (retval)
1356 return retval;
1357
1358 if (!tty->ldisc)
1359 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1360 tty_ldisc_unlock(tty);
1361 }
1362
1363 if (retval == 0)
1364 tty->count++;
1365
1366 return retval;
1367 }
1368
1369 /**
1370 * tty_init_dev - initialise a tty device
1371 * @driver: tty driver we are opening a device on
1372 * @idx: device index
1373 *
1374 * Prepare a tty device. This may not be a "new" clean device but could also be
1375 * an active device. The pty drivers require special handling because of this.
1376 *
1377 * Locking:
1378 * The function is called under the tty_mutex, which protects us from the
1379 * tty struct or driver itself going away.
1380 *
1381 * On exit the tty device has the line discipline attached and a reference
1382 * count of 1. If a pair was created for pty/tty use and the other was a pty
1383 * master then it too has a reference count of 1.
1384 *
1385 * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1386 * open. The new code protects the open with a mutex, so it's really quite
1387 * straightforward. The mutex locking can probably be relaxed for the (most
1388 * common) case of reopening a tty.
1389 *
1390 * Return: new tty structure
1391 */
tty_init_dev(struct tty_driver * driver,int idx)1392 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1393 {
1394 struct tty_struct *tty;
1395 int retval;
1396
1397 /*
1398 * First time open is complex, especially for PTY devices.
1399 * This code guarantees that either everything succeeds and the
1400 * TTY is ready for operation, or else the table slots are vacated
1401 * and the allocated memory released. (Except that the termios
1402 * may be retained.)
1403 */
1404
1405 if (!try_module_get(driver->owner))
1406 return ERR_PTR(-ENODEV);
1407
1408 tty = alloc_tty_struct(driver, idx);
1409 if (!tty) {
1410 retval = -ENOMEM;
1411 goto err_module_put;
1412 }
1413
1414 tty_lock(tty);
1415 retval = tty_driver_install_tty(driver, tty);
1416 if (retval < 0)
1417 goto err_free_tty;
1418
1419 if (!tty->port)
1420 tty->port = driver->ports[idx];
1421
1422 if (WARN_RATELIMIT(!tty->port,
1423 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1424 __func__, tty->driver->name)) {
1425 retval = -EINVAL;
1426 goto err_release_lock;
1427 }
1428
1429 retval = tty_ldisc_lock(tty, 5 * HZ);
1430 if (retval)
1431 goto err_release_lock;
1432 tty->port->itty = tty;
1433
1434 /*
1435 * Structures all installed ... call the ldisc open routines.
1436 * If we fail here just call release_tty to clean up. No need
1437 * to decrement the use counts, as release_tty doesn't care.
1438 */
1439 retval = tty_ldisc_setup(tty, tty->link);
1440 if (retval)
1441 goto err_release_tty;
1442 tty_ldisc_unlock(tty);
1443 /* Return the tty locked so that it cannot vanish under the caller */
1444 return tty;
1445
1446 err_free_tty:
1447 tty_unlock(tty);
1448 free_tty_struct(tty);
1449 err_module_put:
1450 module_put(driver->owner);
1451 return ERR_PTR(retval);
1452
1453 /* call the tty release_tty routine to clean out this slot */
1454 err_release_tty:
1455 tty_ldisc_unlock(tty);
1456 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1457 retval, idx);
1458 err_release_lock:
1459 tty_unlock(tty);
1460 release_tty(tty, idx);
1461 return ERR_PTR(retval);
1462 }
1463
1464 /**
1465 * tty_save_termios() - save tty termios data in driver table
1466 * @tty: tty whose termios data to save
1467 *
1468 * Locking: Caller guarantees serialisation with tty_init_termios().
1469 */
tty_save_termios(struct tty_struct * tty)1470 void tty_save_termios(struct tty_struct *tty)
1471 {
1472 struct ktermios *tp;
1473 int idx = tty->index;
1474
1475 /* If the port is going to reset then it has no termios to save */
1476 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1477 return;
1478
1479 /* Stash the termios data */
1480 tp = tty->driver->termios[idx];
1481 if (tp == NULL) {
1482 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1483 if (tp == NULL)
1484 return;
1485 tty->driver->termios[idx] = tp;
1486 }
1487 *tp = tty->termios;
1488 }
1489 EXPORT_SYMBOL_GPL(tty_save_termios);
1490
1491 /**
1492 * tty_flush_works - flush all works of a tty/pty pair
1493 * @tty: tty device to flush works for (or either end of a pty pair)
1494 *
1495 * Sync flush all works belonging to @tty (and the 'other' tty).
1496 */
tty_flush_works(struct tty_struct * tty)1497 static void tty_flush_works(struct tty_struct *tty)
1498 {
1499 flush_work(&tty->SAK_work);
1500 flush_work(&tty->hangup_work);
1501 if (tty->link) {
1502 flush_work(&tty->link->SAK_work);
1503 flush_work(&tty->link->hangup_work);
1504 }
1505 }
1506
1507 /**
1508 * release_one_tty - release tty structure memory
1509 * @work: work of tty we are obliterating
1510 *
1511 * Releases memory associated with a tty structure, and clears out the
1512 * driver table slots. This function is called when a device is no longer
1513 * in use. It also gets called when setup of a device fails.
1514 *
1515 * Locking:
1516 * takes the file list lock internally when working on the list of ttys
1517 * that the driver keeps.
1518 *
1519 * This method gets called from a work queue so that the driver private
1520 * cleanup ops can sleep (needed for USB at least)
1521 */
release_one_tty(struct work_struct * work)1522 static void release_one_tty(struct work_struct *work)
1523 {
1524 struct tty_struct *tty =
1525 container_of(work, struct tty_struct, hangup_work);
1526 struct tty_driver *driver = tty->driver;
1527 struct module *owner = driver->owner;
1528
1529 if (tty->ops->cleanup)
1530 tty->ops->cleanup(tty);
1531
1532 tty_driver_kref_put(driver);
1533 module_put(owner);
1534
1535 spin_lock(&tty->files_lock);
1536 list_del_init(&tty->tty_files);
1537 spin_unlock(&tty->files_lock);
1538
1539 put_pid(tty->ctrl.pgrp);
1540 put_pid(tty->ctrl.session);
1541 free_tty_struct(tty);
1542 }
1543
queue_release_one_tty(struct kref * kref)1544 static void queue_release_one_tty(struct kref *kref)
1545 {
1546 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1547
1548 /* The hangup queue is now free so we can reuse it rather than
1549 * waste a chunk of memory for each port.
1550 */
1551 INIT_WORK(&tty->hangup_work, release_one_tty);
1552 schedule_work(&tty->hangup_work);
1553 }
1554
1555 /**
1556 * tty_kref_put - release a tty kref
1557 * @tty: tty device
1558 *
1559 * Release a reference to the @tty device and if need be let the kref layer
1560 * destruct the object for us.
1561 */
tty_kref_put(struct tty_struct * tty)1562 void tty_kref_put(struct tty_struct *tty)
1563 {
1564 if (tty)
1565 kref_put(&tty->kref, queue_release_one_tty);
1566 }
1567 EXPORT_SYMBOL(tty_kref_put);
1568
1569 /**
1570 * release_tty - release tty structure memory
1571 * @tty: tty device release
1572 * @idx: index of the tty device release
1573 *
1574 * Release both @tty and a possible linked partner (think pty pair),
1575 * and decrement the refcount of the backing module.
1576 *
1577 * Locking:
1578 * tty_mutex
1579 * takes the file list lock internally when working on the list of ttys
1580 * that the driver keeps.
1581 */
release_tty(struct tty_struct * tty,int idx)1582 static void release_tty(struct tty_struct *tty, int idx)
1583 {
1584 /* This should always be true but check for the moment */
1585 WARN_ON(tty->index != idx);
1586 WARN_ON(!mutex_is_locked(&tty_mutex));
1587 if (tty->ops->shutdown)
1588 tty->ops->shutdown(tty);
1589 tty_save_termios(tty);
1590 tty_driver_remove_tty(tty->driver, tty);
1591 if (tty->port)
1592 tty->port->itty = NULL;
1593 if (tty->link)
1594 tty->link->port->itty = NULL;
1595 if (tty->port)
1596 tty_buffer_cancel_work(tty->port);
1597 if (tty->link)
1598 tty_buffer_cancel_work(tty->link->port);
1599
1600 tty_kref_put(tty->link);
1601 tty_kref_put(tty);
1602 }
1603
1604 /**
1605 * tty_release_checks - check a tty before real release
1606 * @tty: tty to check
1607 * @idx: index of the tty
1608 *
1609 * Performs some paranoid checking before true release of the @tty. This is a
1610 * no-op unless %TTY_PARANOIA_CHECK is defined.
1611 */
tty_release_checks(struct tty_struct * tty,int idx)1612 static int tty_release_checks(struct tty_struct *tty, int idx)
1613 {
1614 #ifdef TTY_PARANOIA_CHECK
1615 if (idx < 0 || idx >= tty->driver->num) {
1616 tty_debug(tty, "bad idx %d\n", idx);
1617 return -1;
1618 }
1619
1620 /* not much to check for devpts */
1621 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1622 return 0;
1623
1624 if (tty != tty->driver->ttys[idx]) {
1625 tty_debug(tty, "bad driver table[%d] = %p\n",
1626 idx, tty->driver->ttys[idx]);
1627 return -1;
1628 }
1629 if (tty->driver->other) {
1630 struct tty_struct *o_tty = tty->link;
1631
1632 if (o_tty != tty->driver->other->ttys[idx]) {
1633 tty_debug(tty, "bad other table[%d] = %p\n",
1634 idx, tty->driver->other->ttys[idx]);
1635 return -1;
1636 }
1637 if (o_tty->link != tty) {
1638 tty_debug(tty, "bad link = %p\n", o_tty->link);
1639 return -1;
1640 }
1641 }
1642 #endif
1643 return 0;
1644 }
1645
1646 /**
1647 * tty_kclose - closes tty opened by tty_kopen
1648 * @tty: tty device
1649 *
1650 * Performs the final steps to release and free a tty device. It is the same as
1651 * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1652 * @tty->port.
1653 */
tty_kclose(struct tty_struct * tty)1654 void tty_kclose(struct tty_struct *tty)
1655 {
1656 /*
1657 * Ask the line discipline code to release its structures
1658 */
1659 tty_ldisc_release(tty);
1660
1661 /* Wait for pending work before tty destruction commences */
1662 tty_flush_works(tty);
1663
1664 tty_debug_hangup(tty, "freeing structure\n");
1665 /*
1666 * The release_tty function takes care of the details of clearing
1667 * the slots and preserving the termios structure.
1668 */
1669 mutex_lock(&tty_mutex);
1670 tty_port_set_kopened(tty->port, 0);
1671 release_tty(tty, tty->index);
1672 mutex_unlock(&tty_mutex);
1673 }
1674 EXPORT_SYMBOL_GPL(tty_kclose);
1675
1676 /**
1677 * tty_release_struct - release a tty struct
1678 * @tty: tty device
1679 * @idx: index of the tty
1680 *
1681 * Performs the final steps to release and free a tty device. It is roughly the
1682 * reverse of tty_init_dev().
1683 */
tty_release_struct(struct tty_struct * tty,int idx)1684 void tty_release_struct(struct tty_struct *tty, int idx)
1685 {
1686 /*
1687 * Ask the line discipline code to release its structures
1688 */
1689 tty_ldisc_release(tty);
1690
1691 /* Wait for pending work before tty destruction commmences */
1692 tty_flush_works(tty);
1693
1694 tty_debug_hangup(tty, "freeing structure\n");
1695 /*
1696 * The release_tty function takes care of the details of clearing
1697 * the slots and preserving the termios structure.
1698 */
1699 mutex_lock(&tty_mutex);
1700 release_tty(tty, idx);
1701 mutex_unlock(&tty_mutex);
1702 }
1703 EXPORT_SYMBOL_GPL(tty_release_struct);
1704
1705 /**
1706 * tty_release - vfs callback for close
1707 * @inode: inode of tty
1708 * @filp: file pointer for handle to tty
1709 *
1710 * Called the last time each file handle is closed that references this tty.
1711 * There may however be several such references.
1712 *
1713 * Locking:
1714 * Takes BKL. See tty_release_dev().
1715 *
1716 * Even releasing the tty structures is a tricky business. We have to be very
1717 * careful that the structures are all released at the same time, as interrupts
1718 * might otherwise get the wrong pointers.
1719 *
1720 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1721 * lead to double frees or releasing memory still in use.
1722 */
tty_release(struct inode * inode,struct file * filp)1723 int tty_release(struct inode *inode, struct file *filp)
1724 {
1725 struct tty_struct *tty = file_tty(filp);
1726 struct tty_struct *o_tty = NULL;
1727 int do_sleep, final;
1728 int idx;
1729 long timeout = 0;
1730 int once = 1;
1731
1732 if (tty_paranoia_check(tty, inode, __func__))
1733 return 0;
1734
1735 tty_lock(tty);
1736 check_tty_count(tty, __func__);
1737
1738 __tty_fasync(-1, filp, 0);
1739
1740 idx = tty->index;
1741 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1742 tty->driver->subtype == PTY_TYPE_MASTER)
1743 o_tty = tty->link;
1744
1745 if (tty_release_checks(tty, idx)) {
1746 tty_unlock(tty);
1747 return 0;
1748 }
1749
1750 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1751
1752 if (tty->ops->close)
1753 tty->ops->close(tty, filp);
1754
1755 /* If tty is pty master, lock the slave pty (stable lock order) */
1756 tty_lock_slave(o_tty);
1757
1758 /*
1759 * Sanity check: if tty->count is going to zero, there shouldn't be
1760 * any waiters on tty->read_wait or tty->write_wait. We test the
1761 * wait queues and kick everyone out _before_ actually starting to
1762 * close. This ensures that we won't block while releasing the tty
1763 * structure.
1764 *
1765 * The test for the o_tty closing is necessary, since the master and
1766 * slave sides may close in any order. If the slave side closes out
1767 * first, its count will be one, since the master side holds an open.
1768 * Thus this test wouldn't be triggered at the time the slave closed,
1769 * so we do it now.
1770 */
1771 while (1) {
1772 do_sleep = 0;
1773
1774 if (tty->count <= 1) {
1775 if (waitqueue_active(&tty->read_wait)) {
1776 wake_up_poll(&tty->read_wait, EPOLLIN);
1777 do_sleep++;
1778 }
1779 if (waitqueue_active(&tty->write_wait)) {
1780 wake_up_poll(&tty->write_wait, EPOLLOUT);
1781 do_sleep++;
1782 }
1783 }
1784 if (o_tty && o_tty->count <= 1) {
1785 if (waitqueue_active(&o_tty->read_wait)) {
1786 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1787 do_sleep++;
1788 }
1789 if (waitqueue_active(&o_tty->write_wait)) {
1790 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1791 do_sleep++;
1792 }
1793 }
1794 if (!do_sleep)
1795 break;
1796
1797 if (once) {
1798 once = 0;
1799 tty_warn(tty, "read/write wait queue active!\n");
1800 }
1801 schedule_timeout_killable(timeout);
1802 if (timeout < 120 * HZ)
1803 timeout = 2 * timeout + 1;
1804 else
1805 timeout = MAX_SCHEDULE_TIMEOUT;
1806 }
1807
1808 if (o_tty) {
1809 if (--o_tty->count < 0) {
1810 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1811 o_tty->count = 0;
1812 }
1813 }
1814 if (--tty->count < 0) {
1815 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1816 tty->count = 0;
1817 }
1818
1819 /*
1820 * We've decremented tty->count, so we need to remove this file
1821 * descriptor off the tty->tty_files list; this serves two
1822 * purposes:
1823 * - check_tty_count sees the correct number of file descriptors
1824 * associated with this tty.
1825 * - do_tty_hangup no longer sees this file descriptor as
1826 * something that needs to be handled for hangups.
1827 */
1828 tty_del_file(filp);
1829
1830 /*
1831 * Perform some housekeeping before deciding whether to return.
1832 *
1833 * If _either_ side is closing, make sure there aren't any
1834 * processes that still think tty or o_tty is their controlling
1835 * tty.
1836 */
1837 if (!tty->count) {
1838 read_lock(&tasklist_lock);
1839 session_clear_tty(tty->ctrl.session);
1840 if (o_tty)
1841 session_clear_tty(o_tty->ctrl.session);
1842 read_unlock(&tasklist_lock);
1843 }
1844
1845 /* check whether both sides are closing ... */
1846 final = !tty->count && !(o_tty && o_tty->count);
1847
1848 tty_unlock_slave(o_tty);
1849 tty_unlock(tty);
1850
1851 /* At this point, the tty->count == 0 should ensure a dead tty
1852 * cannot be re-opened by a racing opener.
1853 */
1854
1855 if (!final)
1856 return 0;
1857
1858 tty_debug_hangup(tty, "final close\n");
1859
1860 tty_release_struct(tty, idx);
1861 return 0;
1862 }
1863
1864 /**
1865 * tty_open_current_tty - get locked tty of current task
1866 * @device: device number
1867 * @filp: file pointer to tty
1868 * @return: locked tty of the current task iff @device is /dev/tty
1869 *
1870 * Performs a re-open of the current task's controlling tty.
1871 *
1872 * We cannot return driver and index like for the other nodes because devpts
1873 * will not work then. It expects inodes to be from devpts FS.
1874 */
tty_open_current_tty(dev_t device,struct file * filp)1875 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1876 {
1877 struct tty_struct *tty;
1878 int retval;
1879
1880 if (device != MKDEV(TTYAUX_MAJOR, 0))
1881 return NULL;
1882
1883 tty = get_current_tty();
1884 if (!tty)
1885 return ERR_PTR(-ENXIO);
1886
1887 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1888 /* noctty = 1; */
1889 tty_lock(tty);
1890 tty_kref_put(tty); /* safe to drop the kref now */
1891
1892 retval = tty_reopen(tty);
1893 if (retval < 0) {
1894 tty_unlock(tty);
1895 tty = ERR_PTR(retval);
1896 }
1897 return tty;
1898 }
1899
1900 /**
1901 * tty_lookup_driver - lookup a tty driver for a given device file
1902 * @device: device number
1903 * @filp: file pointer to tty
1904 * @index: index for the device in the @return driver
1905 *
1906 * If returned value is not erroneous, the caller is responsible to decrement
1907 * the refcount by tty_driver_kref_put().
1908 *
1909 * Locking: %tty_mutex protects get_tty_driver()
1910 *
1911 * Return: driver for this inode (with increased refcount)
1912 */
tty_lookup_driver(dev_t device,struct file * filp,int * index)1913 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1914 int *index)
1915 {
1916 struct tty_driver *driver = NULL;
1917
1918 switch (device) {
1919 #ifdef CONFIG_VT
1920 case MKDEV(TTY_MAJOR, 0): {
1921 extern struct tty_driver *console_driver;
1922
1923 driver = tty_driver_kref_get(console_driver);
1924 *index = fg_console;
1925 break;
1926 }
1927 #endif
1928 case MKDEV(TTYAUX_MAJOR, 1): {
1929 struct tty_driver *console_driver = console_device(index);
1930
1931 if (console_driver) {
1932 driver = tty_driver_kref_get(console_driver);
1933 if (driver && filp) {
1934 /* Don't let /dev/console block */
1935 filp->f_flags |= O_NONBLOCK;
1936 break;
1937 }
1938 }
1939 if (driver)
1940 tty_driver_kref_put(driver);
1941 return ERR_PTR(-ENODEV);
1942 }
1943 default:
1944 driver = get_tty_driver(device, index);
1945 if (!driver)
1946 return ERR_PTR(-ENODEV);
1947 break;
1948 }
1949 return driver;
1950 }
1951
tty_kopen(dev_t device,int shared)1952 static struct tty_struct *tty_kopen(dev_t device, int shared)
1953 {
1954 struct tty_struct *tty;
1955 struct tty_driver *driver;
1956 int index = -1;
1957
1958 mutex_lock(&tty_mutex);
1959 driver = tty_lookup_driver(device, NULL, &index);
1960 if (IS_ERR(driver)) {
1961 mutex_unlock(&tty_mutex);
1962 return ERR_CAST(driver);
1963 }
1964
1965 /* check whether we're reopening an existing tty */
1966 tty = tty_driver_lookup_tty(driver, NULL, index);
1967 if (IS_ERR(tty) || shared)
1968 goto out;
1969
1970 if (tty) {
1971 /* drop kref from tty_driver_lookup_tty() */
1972 tty_kref_put(tty);
1973 tty = ERR_PTR(-EBUSY);
1974 } else { /* tty_init_dev returns tty with the tty_lock held */
1975 tty = tty_init_dev(driver, index);
1976 if (IS_ERR(tty))
1977 goto out;
1978 tty_port_set_kopened(tty->port, 1);
1979 }
1980 out:
1981 mutex_unlock(&tty_mutex);
1982 tty_driver_kref_put(driver);
1983 return tty;
1984 }
1985
1986 /**
1987 * tty_kopen_exclusive - open a tty device for kernel
1988 * @device: dev_t of device to open
1989 *
1990 * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
1991 * it's not already opened and performs the first-time tty initialization.
1992 *
1993 * Claims the global %tty_mutex to serialize:
1994 * * concurrent first-time tty initialization
1995 * * concurrent tty driver removal w/ lookup
1996 * * concurrent tty removal from driver table
1997 *
1998 * Return: the locked initialized &tty_struct
1999 */
tty_kopen_exclusive(dev_t device)2000 struct tty_struct *tty_kopen_exclusive(dev_t device)
2001 {
2002 return tty_kopen(device, 0);
2003 }
2004 EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2005
2006 /**
2007 * tty_kopen_shared - open a tty device for shared in-kernel use
2008 * @device: dev_t of device to open
2009 *
2010 * Opens an already existing tty for in-kernel use. Compared to
2011 * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2012 *
2013 * Locking: identical to tty_kopen() above.
2014 */
tty_kopen_shared(dev_t device)2015 struct tty_struct *tty_kopen_shared(dev_t device)
2016 {
2017 return tty_kopen(device, 1);
2018 }
2019 EXPORT_SYMBOL_GPL(tty_kopen_shared);
2020
2021 /**
2022 * tty_open_by_driver - open a tty device
2023 * @device: dev_t of device to open
2024 * @filp: file pointer to tty
2025 *
2026 * Performs the driver lookup, checks for a reopen, or otherwise performs the
2027 * first-time tty initialization.
2028 *
2029 *
2030 * Claims the global tty_mutex to serialize:
2031 * * concurrent first-time tty initialization
2032 * * concurrent tty driver removal w/ lookup
2033 * * concurrent tty removal from driver table
2034 *
2035 * Return: the locked initialized or re-opened &tty_struct
2036 */
tty_open_by_driver(dev_t device,struct file * filp)2037 static struct tty_struct *tty_open_by_driver(dev_t device,
2038 struct file *filp)
2039 {
2040 struct tty_struct *tty;
2041 struct tty_driver *driver = NULL;
2042 int index = -1;
2043 int retval;
2044
2045 mutex_lock(&tty_mutex);
2046 driver = tty_lookup_driver(device, filp, &index);
2047 if (IS_ERR(driver)) {
2048 mutex_unlock(&tty_mutex);
2049 return ERR_CAST(driver);
2050 }
2051
2052 /* check whether we're reopening an existing tty */
2053 tty = tty_driver_lookup_tty(driver, filp, index);
2054 if (IS_ERR(tty)) {
2055 mutex_unlock(&tty_mutex);
2056 goto out;
2057 }
2058
2059 if (tty) {
2060 if (tty_port_kopened(tty->port)) {
2061 tty_kref_put(tty);
2062 mutex_unlock(&tty_mutex);
2063 tty = ERR_PTR(-EBUSY);
2064 goto out;
2065 }
2066 mutex_unlock(&tty_mutex);
2067 retval = tty_lock_interruptible(tty);
2068 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2069 if (retval) {
2070 if (retval == -EINTR)
2071 retval = -ERESTARTSYS;
2072 tty = ERR_PTR(retval);
2073 goto out;
2074 }
2075 retval = tty_reopen(tty);
2076 if (retval < 0) {
2077 tty_unlock(tty);
2078 tty = ERR_PTR(retval);
2079 }
2080 } else { /* Returns with the tty_lock held for now */
2081 tty = tty_init_dev(driver, index);
2082 mutex_unlock(&tty_mutex);
2083 }
2084 out:
2085 tty_driver_kref_put(driver);
2086 return tty;
2087 }
2088
2089 /**
2090 * tty_open - open a tty device
2091 * @inode: inode of device file
2092 * @filp: file pointer to tty
2093 *
2094 * tty_open() and tty_release() keep up the tty count that contains the number
2095 * of opens done on a tty. We cannot use the inode-count, as different inodes
2096 * might point to the same tty.
2097 *
2098 * Open-counting is needed for pty masters, as well as for keeping track of
2099 * serial lines: DTR is dropped when the last close happens.
2100 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2101 *
2102 * The termios state of a pty is reset on the first open so that settings don't
2103 * persist across reuse.
2104 *
2105 * Locking:
2106 * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2107 * * @tty->count should protect the rest.
2108 * * ->siglock protects ->signal/->sighand
2109 *
2110 * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2111 */
tty_open(struct inode * inode,struct file * filp)2112 static int tty_open(struct inode *inode, struct file *filp)
2113 {
2114 struct tty_struct *tty;
2115 int noctty, retval;
2116 dev_t device = inode->i_rdev;
2117 unsigned saved_flags = filp->f_flags;
2118
2119 nonseekable_open(inode, filp);
2120
2121 retry_open:
2122 retval = tty_alloc_file(filp);
2123 if (retval)
2124 return -ENOMEM;
2125
2126 tty = tty_open_current_tty(device, filp);
2127 if (!tty)
2128 tty = tty_open_by_driver(device, filp);
2129
2130 if (IS_ERR(tty)) {
2131 tty_free_file(filp);
2132 retval = PTR_ERR(tty);
2133 if (retval != -EAGAIN || signal_pending(current))
2134 return retval;
2135 schedule();
2136 goto retry_open;
2137 }
2138
2139 tty_add_file(tty, filp);
2140
2141 check_tty_count(tty, __func__);
2142 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2143
2144 if (tty->ops->open)
2145 retval = tty->ops->open(tty, filp);
2146 else
2147 retval = -ENODEV;
2148 filp->f_flags = saved_flags;
2149
2150 if (retval) {
2151 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2152
2153 tty_unlock(tty); /* need to call tty_release without BTM */
2154 tty_release(inode, filp);
2155 if (retval != -ERESTARTSYS)
2156 return retval;
2157
2158 if (signal_pending(current))
2159 return retval;
2160
2161 schedule();
2162 /*
2163 * Need to reset f_op in case a hangup happened.
2164 */
2165 if (tty_hung_up_p(filp))
2166 filp->f_op = &tty_fops;
2167 goto retry_open;
2168 }
2169 clear_bit(TTY_HUPPED, &tty->flags);
2170
2171 noctty = (filp->f_flags & O_NOCTTY) ||
2172 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2173 device == MKDEV(TTYAUX_MAJOR, 1) ||
2174 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2175 tty->driver->subtype == PTY_TYPE_MASTER);
2176 if (!noctty)
2177 tty_open_proc_set_tty(filp, tty);
2178 tty_unlock(tty);
2179 return 0;
2180 }
2181
2182
2183 /**
2184 * tty_poll - check tty status
2185 * @filp: file being polled
2186 * @wait: poll wait structures to update
2187 *
2188 * Call the line discipline polling method to obtain the poll status of the
2189 * device.
2190 *
2191 * Locking: locks called line discipline but ldisc poll method may be
2192 * re-entered freely by other callers.
2193 */
tty_poll(struct file * filp,poll_table * wait)2194 static __poll_t tty_poll(struct file *filp, poll_table *wait)
2195 {
2196 struct tty_struct *tty = file_tty(filp);
2197 struct tty_ldisc *ld;
2198 __poll_t ret = 0;
2199
2200 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2201 return 0;
2202
2203 ld = tty_ldisc_ref_wait(tty);
2204 if (!ld)
2205 return hung_up_tty_poll(filp, wait);
2206 if (ld->ops->poll)
2207 ret = ld->ops->poll(tty, filp, wait);
2208 tty_ldisc_deref(ld);
2209 return ret;
2210 }
2211
__tty_fasync(int fd,struct file * filp,int on)2212 static int __tty_fasync(int fd, struct file *filp, int on)
2213 {
2214 struct tty_struct *tty = file_tty(filp);
2215 unsigned long flags;
2216 int retval = 0;
2217
2218 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2219 goto out;
2220
2221 retval = fasync_helper(fd, filp, on, &tty->fasync);
2222 if (retval <= 0)
2223 goto out;
2224
2225 if (on) {
2226 enum pid_type type;
2227 struct pid *pid;
2228
2229 spin_lock_irqsave(&tty->ctrl.lock, flags);
2230 if (tty->ctrl.pgrp) {
2231 pid = tty->ctrl.pgrp;
2232 type = PIDTYPE_PGID;
2233 } else {
2234 pid = task_pid(current);
2235 type = PIDTYPE_TGID;
2236 }
2237 get_pid(pid);
2238 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2239 __f_setown(filp, pid, type, 0);
2240 put_pid(pid);
2241 retval = 0;
2242 }
2243 out:
2244 return retval;
2245 }
2246
tty_fasync(int fd,struct file * filp,int on)2247 static int tty_fasync(int fd, struct file *filp, int on)
2248 {
2249 struct tty_struct *tty = file_tty(filp);
2250 int retval = -ENOTTY;
2251
2252 tty_lock(tty);
2253 if (!tty_hung_up_p(filp))
2254 retval = __tty_fasync(fd, filp, on);
2255 tty_unlock(tty);
2256
2257 return retval;
2258 }
2259
2260 /**
2261 * tiocsti - fake input character
2262 * @tty: tty to fake input into
2263 * @p: pointer to character
2264 *
2265 * Fake input to a tty device. Does the necessary locking and input management.
2266 *
2267 * FIXME: does not honour flow control ??
2268 *
2269 * Locking:
2270 * * Called functions take tty_ldiscs_lock
2271 * * current->signal->tty check is safe without locks
2272 */
tiocsti(struct tty_struct * tty,char __user * p)2273 static int tiocsti(struct tty_struct *tty, char __user *p)
2274 {
2275 char ch, mbz = 0;
2276 struct tty_ldisc *ld;
2277
2278 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2279 return -EPERM;
2280 if (get_user(ch, p))
2281 return -EFAULT;
2282 tty_audit_tiocsti(tty, ch);
2283 ld = tty_ldisc_ref_wait(tty);
2284 if (!ld)
2285 return -EIO;
2286 tty_buffer_lock_exclusive(tty->port);
2287 if (ld->ops->receive_buf)
2288 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2289 tty_buffer_unlock_exclusive(tty->port);
2290 tty_ldisc_deref(ld);
2291 return 0;
2292 }
2293
2294 /**
2295 * tiocgwinsz - implement window query ioctl
2296 * @tty: tty
2297 * @arg: user buffer for result
2298 *
2299 * Copies the kernel idea of the window size into the user buffer.
2300 *
2301 * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2302 * consistent.
2303 */
tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2304 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2305 {
2306 int err;
2307
2308 mutex_lock(&tty->winsize_mutex);
2309 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2310 mutex_unlock(&tty->winsize_mutex);
2311
2312 return err ? -EFAULT : 0;
2313 }
2314
2315 /**
2316 * tty_do_resize - resize event
2317 * @tty: tty being resized
2318 * @ws: new dimensions
2319 *
2320 * Update the termios variables and send the necessary signals to peform a
2321 * terminal resize correctly.
2322 */
tty_do_resize(struct tty_struct * tty,struct winsize * ws)2323 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2324 {
2325 struct pid *pgrp;
2326
2327 /* Lock the tty */
2328 mutex_lock(&tty->winsize_mutex);
2329 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2330 goto done;
2331
2332 /* Signal the foreground process group */
2333 pgrp = tty_get_pgrp(tty);
2334 if (pgrp)
2335 kill_pgrp(pgrp, SIGWINCH, 1);
2336 put_pid(pgrp);
2337
2338 tty->winsize = *ws;
2339 done:
2340 mutex_unlock(&tty->winsize_mutex);
2341 return 0;
2342 }
2343 EXPORT_SYMBOL(tty_do_resize);
2344
2345 /**
2346 * tiocswinsz - implement window size set ioctl
2347 * @tty: tty side of tty
2348 * @arg: user buffer for result
2349 *
2350 * Copies the user idea of the window size to the kernel. Traditionally this is
2351 * just advisory information but for the Linux console it actually has driver
2352 * level meaning and triggers a VC resize.
2353 *
2354 * Locking:
2355 * Driver dependent. The default do_resize method takes the tty termios
2356 * mutex and ctrl.lock. The console takes its own lock then calls into the
2357 * default method.
2358 */
tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2359 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2360 {
2361 struct winsize tmp_ws;
2362
2363 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2364 return -EFAULT;
2365
2366 if (tty->ops->resize)
2367 return tty->ops->resize(tty, &tmp_ws);
2368 else
2369 return tty_do_resize(tty, &tmp_ws);
2370 }
2371
2372 /**
2373 * tioccons - allow admin to move logical console
2374 * @file: the file to become console
2375 *
2376 * Allow the administrator to move the redirected console device.
2377 *
2378 * Locking: uses redirect_lock to guard the redirect information
2379 */
tioccons(struct file * file)2380 static int tioccons(struct file *file)
2381 {
2382 if (!capable(CAP_SYS_ADMIN))
2383 return -EPERM;
2384 if (file->f_op->write_iter == redirected_tty_write) {
2385 struct file *f;
2386
2387 spin_lock(&redirect_lock);
2388 f = redirect;
2389 redirect = NULL;
2390 spin_unlock(&redirect_lock);
2391 if (f)
2392 fput(f);
2393 return 0;
2394 }
2395 if (file->f_op->write_iter != tty_write)
2396 return -ENOTTY;
2397 if (!(file->f_mode & FMODE_WRITE))
2398 return -EBADF;
2399 if (!(file->f_mode & FMODE_CAN_WRITE))
2400 return -EINVAL;
2401 spin_lock(&redirect_lock);
2402 if (redirect) {
2403 spin_unlock(&redirect_lock);
2404 return -EBUSY;
2405 }
2406 redirect = get_file(file);
2407 spin_unlock(&redirect_lock);
2408 return 0;
2409 }
2410
2411 /**
2412 * tiocsetd - set line discipline
2413 * @tty: tty device
2414 * @p: pointer to user data
2415 *
2416 * Set the line discipline according to user request.
2417 *
2418 * Locking: see tty_set_ldisc(), this function is just a helper
2419 */
tiocsetd(struct tty_struct * tty,int __user * p)2420 static int tiocsetd(struct tty_struct *tty, int __user *p)
2421 {
2422 int disc;
2423 int ret;
2424
2425 if (get_user(disc, p))
2426 return -EFAULT;
2427
2428 ret = tty_set_ldisc(tty, disc);
2429
2430 return ret;
2431 }
2432
2433 /**
2434 * tiocgetd - get line discipline
2435 * @tty: tty device
2436 * @p: pointer to user data
2437 *
2438 * Retrieves the line discipline id directly from the ldisc.
2439 *
2440 * Locking: waits for ldisc reference (in case the line discipline is changing
2441 * or the @tty is being hungup)
2442 */
tiocgetd(struct tty_struct * tty,int __user * p)2443 static int tiocgetd(struct tty_struct *tty, int __user *p)
2444 {
2445 struct tty_ldisc *ld;
2446 int ret;
2447
2448 ld = tty_ldisc_ref_wait(tty);
2449 if (!ld)
2450 return -EIO;
2451 ret = put_user(ld->ops->num, p);
2452 tty_ldisc_deref(ld);
2453 return ret;
2454 }
2455
2456 /**
2457 * send_break - performed time break
2458 * @tty: device to break on
2459 * @duration: timeout in mS
2460 *
2461 * Perform a timed break on hardware that lacks its own driver level timed
2462 * break functionality.
2463 *
2464 * Locking:
2465 * @tty->atomic_write_lock serializes
2466 */
send_break(struct tty_struct * tty,unsigned int duration)2467 static int send_break(struct tty_struct *tty, unsigned int duration)
2468 {
2469 int retval;
2470
2471 if (tty->ops->break_ctl == NULL)
2472 return 0;
2473
2474 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2475 return tty->ops->break_ctl(tty, duration);
2476
2477 /* Do the work ourselves */
2478 if (tty_write_lock(tty, false) < 0)
2479 return -EINTR;
2480
2481 retval = tty->ops->break_ctl(tty, -1);
2482 if (!retval) {
2483 msleep_interruptible(duration);
2484 retval = tty->ops->break_ctl(tty, 0);
2485 } else if (retval == -EOPNOTSUPP) {
2486 /* some drivers can tell only dynamically */
2487 retval = 0;
2488 }
2489 tty_write_unlock(tty);
2490
2491 if (signal_pending(current))
2492 retval = -EINTR;
2493
2494 return retval;
2495 }
2496
2497 /**
2498 * tty_tiocmget - get modem status
2499 * @tty: tty device
2500 * @p: pointer to result
2501 *
2502 * Obtain the modem status bits from the tty driver if the feature is
2503 * supported. Return -%ENOTTY if it is not available.
2504 *
2505 * Locking: none (up to the driver)
2506 */
tty_tiocmget(struct tty_struct * tty,int __user * p)2507 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2508 {
2509 int retval = -ENOTTY;
2510
2511 if (tty->ops->tiocmget) {
2512 retval = tty->ops->tiocmget(tty);
2513
2514 if (retval >= 0)
2515 retval = put_user(retval, p);
2516 }
2517 return retval;
2518 }
2519
2520 /**
2521 * tty_tiocmset - set modem status
2522 * @tty: tty device
2523 * @cmd: command - clear bits, set bits or set all
2524 * @p: pointer to desired bits
2525 *
2526 * Set the modem status bits from the tty driver if the feature
2527 * is supported. Return -%ENOTTY if it is not available.
2528 *
2529 * Locking: none (up to the driver)
2530 */
tty_tiocmset(struct tty_struct * tty,unsigned int cmd,unsigned __user * p)2531 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2532 unsigned __user *p)
2533 {
2534 int retval;
2535 unsigned int set, clear, val;
2536
2537 if (tty->ops->tiocmset == NULL)
2538 return -ENOTTY;
2539
2540 retval = get_user(val, p);
2541 if (retval)
2542 return retval;
2543 set = clear = 0;
2544 switch (cmd) {
2545 case TIOCMBIS:
2546 set = val;
2547 break;
2548 case TIOCMBIC:
2549 clear = val;
2550 break;
2551 case TIOCMSET:
2552 set = val;
2553 clear = ~val;
2554 break;
2555 }
2556 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2557 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2558 return tty->ops->tiocmset(tty, set, clear);
2559 }
2560
2561 /**
2562 * tty_get_icount - get tty statistics
2563 * @tty: tty device
2564 * @icount: output parameter
2565 *
2566 * Gets a copy of the @tty's icount statistics.
2567 *
2568 * Locking: none (up to the driver)
2569 */
tty_get_icount(struct tty_struct * tty,struct serial_icounter_struct * icount)2570 int tty_get_icount(struct tty_struct *tty,
2571 struct serial_icounter_struct *icount)
2572 {
2573 memset(icount, 0, sizeof(*icount));
2574
2575 if (tty->ops->get_icount)
2576 return tty->ops->get_icount(tty, icount);
2577 else
2578 return -ENOTTY;
2579 }
2580 EXPORT_SYMBOL_GPL(tty_get_icount);
2581
tty_tiocgicount(struct tty_struct * tty,void __user * arg)2582 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2583 {
2584 struct serial_icounter_struct icount;
2585 int retval;
2586
2587 retval = tty_get_icount(tty, &icount);
2588 if (retval != 0)
2589 return retval;
2590
2591 if (copy_to_user(arg, &icount, sizeof(icount)))
2592 return -EFAULT;
2593 return 0;
2594 }
2595
tty_set_serial(struct tty_struct * tty,struct serial_struct * ss)2596 static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2597 {
2598 char comm[TASK_COMM_LEN];
2599 int flags;
2600
2601 flags = ss->flags & ASYNC_DEPRECATED;
2602
2603 if (flags)
2604 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2605 __func__, get_task_comm(comm, current), flags);
2606
2607 if (!tty->ops->set_serial)
2608 return -ENOTTY;
2609
2610 return tty->ops->set_serial(tty, ss);
2611 }
2612
tty_tiocsserial(struct tty_struct * tty,struct serial_struct __user * ss)2613 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2614 {
2615 struct serial_struct v;
2616
2617 if (copy_from_user(&v, ss, sizeof(*ss)))
2618 return -EFAULT;
2619
2620 return tty_set_serial(tty, &v);
2621 }
2622
tty_tiocgserial(struct tty_struct * tty,struct serial_struct __user * ss)2623 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2624 {
2625 struct serial_struct v;
2626 int err;
2627
2628 memset(&v, 0, sizeof(v));
2629 if (!tty->ops->get_serial)
2630 return -ENOTTY;
2631 err = tty->ops->get_serial(tty, &v);
2632 if (!err && copy_to_user(ss, &v, sizeof(v)))
2633 err = -EFAULT;
2634 return err;
2635 }
2636
2637 /*
2638 * if pty, return the slave side (real_tty)
2639 * otherwise, return self
2640 */
tty_pair_get_tty(struct tty_struct * tty)2641 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2642 {
2643 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2644 tty->driver->subtype == PTY_TYPE_MASTER)
2645 tty = tty->link;
2646 return tty;
2647 }
2648
2649 /*
2650 * Split this up, as gcc can choke on it otherwise..
2651 */
tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2652 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2653 {
2654 struct tty_struct *tty = file_tty(file);
2655 struct tty_struct *real_tty;
2656 void __user *p = (void __user *)arg;
2657 int retval;
2658 struct tty_ldisc *ld;
2659
2660 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2661 return -EINVAL;
2662
2663 real_tty = tty_pair_get_tty(tty);
2664
2665 /*
2666 * Factor out some common prep work
2667 */
2668 switch (cmd) {
2669 case TIOCSETD:
2670 case TIOCSBRK:
2671 case TIOCCBRK:
2672 case TCSBRK:
2673 case TCSBRKP:
2674 retval = tty_check_change(tty);
2675 if (retval)
2676 return retval;
2677 if (cmd != TIOCCBRK) {
2678 tty_wait_until_sent(tty, 0);
2679 if (signal_pending(current))
2680 return -EINTR;
2681 }
2682 break;
2683 }
2684
2685 /*
2686 * Now do the stuff.
2687 */
2688 switch (cmd) {
2689 case TIOCSTI:
2690 return tiocsti(tty, p);
2691 case TIOCGWINSZ:
2692 return tiocgwinsz(real_tty, p);
2693 case TIOCSWINSZ:
2694 return tiocswinsz(real_tty, p);
2695 case TIOCCONS:
2696 return real_tty != tty ? -EINVAL : tioccons(file);
2697 case TIOCEXCL:
2698 set_bit(TTY_EXCLUSIVE, &tty->flags);
2699 return 0;
2700 case TIOCNXCL:
2701 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2702 return 0;
2703 case TIOCGEXCL:
2704 {
2705 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2706
2707 return put_user(excl, (int __user *)p);
2708 }
2709 case TIOCGETD:
2710 return tiocgetd(tty, p);
2711 case TIOCSETD:
2712 return tiocsetd(tty, p);
2713 case TIOCVHANGUP:
2714 if (!capable(CAP_SYS_ADMIN))
2715 return -EPERM;
2716 tty_vhangup(tty);
2717 return 0;
2718 case TIOCGDEV:
2719 {
2720 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2721
2722 return put_user(ret, (unsigned int __user *)p);
2723 }
2724 /*
2725 * Break handling
2726 */
2727 case TIOCSBRK: /* Turn break on, unconditionally */
2728 if (tty->ops->break_ctl)
2729 return tty->ops->break_ctl(tty, -1);
2730 return 0;
2731 case TIOCCBRK: /* Turn break off, unconditionally */
2732 if (tty->ops->break_ctl)
2733 return tty->ops->break_ctl(tty, 0);
2734 return 0;
2735 case TCSBRK: /* SVID version: non-zero arg --> no break */
2736 /* non-zero arg means wait for all output data
2737 * to be sent (performed above) but don't send break.
2738 * This is used by the tcdrain() termios function.
2739 */
2740 if (!arg)
2741 return send_break(tty, 250);
2742 return 0;
2743 case TCSBRKP: /* support for POSIX tcsendbreak() */
2744 return send_break(tty, arg ? arg*100 : 250);
2745
2746 case TIOCMGET:
2747 return tty_tiocmget(tty, p);
2748 case TIOCMSET:
2749 case TIOCMBIC:
2750 case TIOCMBIS:
2751 return tty_tiocmset(tty, cmd, p);
2752 case TIOCGICOUNT:
2753 return tty_tiocgicount(tty, p);
2754 case TCFLSH:
2755 switch (arg) {
2756 case TCIFLUSH:
2757 case TCIOFLUSH:
2758 /* flush tty buffer and allow ldisc to process ioctl */
2759 tty_buffer_flush(tty, NULL);
2760 break;
2761 }
2762 break;
2763 case TIOCSSERIAL:
2764 return tty_tiocsserial(tty, p);
2765 case TIOCGSERIAL:
2766 return tty_tiocgserial(tty, p);
2767 case TIOCGPTPEER:
2768 /* Special because the struct file is needed */
2769 return ptm_open_peer(file, tty, (int)arg);
2770 default:
2771 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2772 if (retval != -ENOIOCTLCMD)
2773 return retval;
2774 }
2775 if (tty->ops->ioctl) {
2776 retval = tty->ops->ioctl(tty, cmd, arg);
2777 if (retval != -ENOIOCTLCMD)
2778 return retval;
2779 }
2780 ld = tty_ldisc_ref_wait(tty);
2781 if (!ld)
2782 return hung_up_tty_ioctl(file, cmd, arg);
2783 retval = -EINVAL;
2784 if (ld->ops->ioctl) {
2785 retval = ld->ops->ioctl(tty, cmd, arg);
2786 if (retval == -ENOIOCTLCMD)
2787 retval = -ENOTTY;
2788 }
2789 tty_ldisc_deref(ld);
2790 return retval;
2791 }
2792
2793 #ifdef CONFIG_COMPAT
2794
2795 struct serial_struct32 {
2796 compat_int_t type;
2797 compat_int_t line;
2798 compat_uint_t port;
2799 compat_int_t irq;
2800 compat_int_t flags;
2801 compat_int_t xmit_fifo_size;
2802 compat_int_t custom_divisor;
2803 compat_int_t baud_base;
2804 unsigned short close_delay;
2805 char io_type;
2806 char reserved_char;
2807 compat_int_t hub6;
2808 unsigned short closing_wait; /* time to wait before closing */
2809 unsigned short closing_wait2; /* no longer used... */
2810 compat_uint_t iomem_base;
2811 unsigned short iomem_reg_shift;
2812 unsigned int port_high;
2813 /* compat_ulong_t iomap_base FIXME */
2814 compat_int_t reserved;
2815 };
2816
compat_tty_tiocsserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2817 static int compat_tty_tiocsserial(struct tty_struct *tty,
2818 struct serial_struct32 __user *ss)
2819 {
2820 struct serial_struct32 v32;
2821 struct serial_struct v;
2822
2823 if (copy_from_user(&v32, ss, sizeof(*ss)))
2824 return -EFAULT;
2825
2826 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2827 v.iomem_base = compat_ptr(v32.iomem_base);
2828 v.iomem_reg_shift = v32.iomem_reg_shift;
2829 v.port_high = v32.port_high;
2830 v.iomap_base = 0;
2831
2832 return tty_set_serial(tty, &v);
2833 }
2834
compat_tty_tiocgserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2835 static int compat_tty_tiocgserial(struct tty_struct *tty,
2836 struct serial_struct32 __user *ss)
2837 {
2838 struct serial_struct32 v32;
2839 struct serial_struct v;
2840 int err;
2841
2842 memset(&v, 0, sizeof(v));
2843 memset(&v32, 0, sizeof(v32));
2844
2845 if (!tty->ops->get_serial)
2846 return -ENOTTY;
2847 err = tty->ops->get_serial(tty, &v);
2848 if (!err) {
2849 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2850 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2851 0xfffffff : ptr_to_compat(v.iomem_base);
2852 v32.iomem_reg_shift = v.iomem_reg_shift;
2853 v32.port_high = v.port_high;
2854 if (copy_to_user(ss, &v32, sizeof(v32)))
2855 err = -EFAULT;
2856 }
2857 return err;
2858 }
tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2859 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2860 unsigned long arg)
2861 {
2862 struct tty_struct *tty = file_tty(file);
2863 struct tty_ldisc *ld;
2864 int retval = -ENOIOCTLCMD;
2865
2866 switch (cmd) {
2867 case TIOCOUTQ:
2868 case TIOCSTI:
2869 case TIOCGWINSZ:
2870 case TIOCSWINSZ:
2871 case TIOCGEXCL:
2872 case TIOCGETD:
2873 case TIOCSETD:
2874 case TIOCGDEV:
2875 case TIOCMGET:
2876 case TIOCMSET:
2877 case TIOCMBIC:
2878 case TIOCMBIS:
2879 case TIOCGICOUNT:
2880 case TIOCGPGRP:
2881 case TIOCSPGRP:
2882 case TIOCGSID:
2883 case TIOCSERGETLSR:
2884 case TIOCGRS485:
2885 case TIOCSRS485:
2886 #ifdef TIOCGETP
2887 case TIOCGETP:
2888 case TIOCSETP:
2889 case TIOCSETN:
2890 #endif
2891 #ifdef TIOCGETC
2892 case TIOCGETC:
2893 case TIOCSETC:
2894 #endif
2895 #ifdef TIOCGLTC
2896 case TIOCGLTC:
2897 case TIOCSLTC:
2898 #endif
2899 case TCSETSF:
2900 case TCSETSW:
2901 case TCSETS:
2902 case TCGETS:
2903 #ifdef TCGETS2
2904 case TCGETS2:
2905 case TCSETSF2:
2906 case TCSETSW2:
2907 case TCSETS2:
2908 #endif
2909 case TCGETA:
2910 case TCSETAF:
2911 case TCSETAW:
2912 case TCSETA:
2913 case TIOCGLCKTRMIOS:
2914 case TIOCSLCKTRMIOS:
2915 #ifdef TCGETX
2916 case TCGETX:
2917 case TCSETX:
2918 case TCSETXW:
2919 case TCSETXF:
2920 #endif
2921 case TIOCGSOFTCAR:
2922 case TIOCSSOFTCAR:
2923
2924 case PPPIOCGCHAN:
2925 case PPPIOCGUNIT:
2926 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2927 case TIOCCONS:
2928 case TIOCEXCL:
2929 case TIOCNXCL:
2930 case TIOCVHANGUP:
2931 case TIOCSBRK:
2932 case TIOCCBRK:
2933 case TCSBRK:
2934 case TCSBRKP:
2935 case TCFLSH:
2936 case TIOCGPTPEER:
2937 case TIOCNOTTY:
2938 case TIOCSCTTY:
2939 case TCXONC:
2940 case TIOCMIWAIT:
2941 case TIOCSERCONFIG:
2942 return tty_ioctl(file, cmd, arg);
2943 }
2944
2945 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2946 return -EINVAL;
2947
2948 switch (cmd) {
2949 case TIOCSSERIAL:
2950 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2951 case TIOCGSERIAL:
2952 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2953 }
2954 if (tty->ops->compat_ioctl) {
2955 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2956 if (retval != -ENOIOCTLCMD)
2957 return retval;
2958 }
2959
2960 ld = tty_ldisc_ref_wait(tty);
2961 if (!ld)
2962 return hung_up_tty_compat_ioctl(file, cmd, arg);
2963 if (ld->ops->compat_ioctl)
2964 retval = ld->ops->compat_ioctl(tty, cmd, arg);
2965 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2966 retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2967 arg);
2968 tty_ldisc_deref(ld);
2969
2970 return retval;
2971 }
2972 #endif
2973
this_tty(const void * t,struct file * file,unsigned fd)2974 static int this_tty(const void *t, struct file *file, unsigned fd)
2975 {
2976 if (likely(file->f_op->read_iter != tty_read))
2977 return 0;
2978 return file_tty(file) != t ? 0 : fd + 1;
2979 }
2980
2981 /*
2982 * This implements the "Secure Attention Key" --- the idea is to
2983 * prevent trojan horses by killing all processes associated with this
2984 * tty when the user hits the "Secure Attention Key". Required for
2985 * super-paranoid applications --- see the Orange Book for more details.
2986 *
2987 * This code could be nicer; ideally it should send a HUP, wait a few
2988 * seconds, then send a INT, and then a KILL signal. But you then
2989 * have to coordinate with the init process, since all processes associated
2990 * with the current tty must be dead before the new getty is allowed
2991 * to spawn.
2992 *
2993 * Now, if it would be correct ;-/ The current code has a nasty hole -
2994 * it doesn't catch files in flight. We may send the descriptor to ourselves
2995 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2996 *
2997 * Nasty bug: do_SAK is being called in interrupt context. This can
2998 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2999 */
__do_SAK(struct tty_struct * tty)3000 void __do_SAK(struct tty_struct *tty)
3001 {
3002 struct task_struct *g, *p;
3003 struct pid *session;
3004 int i;
3005 unsigned long flags;
3006
3007 spin_lock_irqsave(&tty->ctrl.lock, flags);
3008 session = get_pid(tty->ctrl.session);
3009 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3010
3011 tty_ldisc_flush(tty);
3012
3013 tty_driver_flush_buffer(tty);
3014
3015 read_lock(&tasklist_lock);
3016 /* Kill the entire session */
3017 do_each_pid_task(session, PIDTYPE_SID, p) {
3018 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3019 task_pid_nr(p), p->comm);
3020 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3021 } while_each_pid_task(session, PIDTYPE_SID, p);
3022
3023 /* Now kill any processes that happen to have the tty open */
3024 do_each_thread(g, p) {
3025 if (p->signal->tty == tty) {
3026 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3027 task_pid_nr(p), p->comm);
3028 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3029 PIDTYPE_SID);
3030 continue;
3031 }
3032 task_lock(p);
3033 i = iterate_fd(p->files, 0, this_tty, tty);
3034 if (i != 0) {
3035 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3036 task_pid_nr(p), p->comm, i - 1);
3037 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3038 PIDTYPE_SID);
3039 }
3040 task_unlock(p);
3041 } while_each_thread(g, p);
3042 read_unlock(&tasklist_lock);
3043 put_pid(session);
3044 }
3045
do_SAK_work(struct work_struct * work)3046 static void do_SAK_work(struct work_struct *work)
3047 {
3048 struct tty_struct *tty =
3049 container_of(work, struct tty_struct, SAK_work);
3050 __do_SAK(tty);
3051 }
3052
3053 /*
3054 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3055 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3056 * the values which we write to it will be identical to the values which it
3057 * already has. --akpm
3058 */
do_SAK(struct tty_struct * tty)3059 void do_SAK(struct tty_struct *tty)
3060 {
3061 if (!tty)
3062 return;
3063 schedule_work(&tty->SAK_work);
3064 }
3065 EXPORT_SYMBOL(do_SAK);
3066
3067 /* Must put_device() after it's unused! */
tty_get_device(struct tty_struct * tty)3068 static struct device *tty_get_device(struct tty_struct *tty)
3069 {
3070 dev_t devt = tty_devnum(tty);
3071
3072 return class_find_device_by_devt(tty_class, devt);
3073 }
3074
3075
3076 /**
3077 * alloc_tty_struct - allocate a new tty
3078 * @driver: driver which will handle the returned tty
3079 * @idx: minor of the tty
3080 *
3081 * This subroutine allocates and initializes a tty structure.
3082 *
3083 * Locking: none - @tty in question is not exposed at this point
3084 */
alloc_tty_struct(struct tty_driver * driver,int idx)3085 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3086 {
3087 struct tty_struct *tty;
3088
3089 tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3090 if (!tty)
3091 return NULL;
3092
3093 kref_init(&tty->kref);
3094 if (tty_ldisc_init(tty)) {
3095 kfree(tty);
3096 return NULL;
3097 }
3098 tty->ctrl.session = NULL;
3099 tty->ctrl.pgrp = NULL;
3100 mutex_init(&tty->legacy_mutex);
3101 mutex_init(&tty->throttle_mutex);
3102 init_rwsem(&tty->termios_rwsem);
3103 mutex_init(&tty->winsize_mutex);
3104 init_ldsem(&tty->ldisc_sem);
3105 init_waitqueue_head(&tty->write_wait);
3106 init_waitqueue_head(&tty->read_wait);
3107 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3108 mutex_init(&tty->atomic_write_lock);
3109 spin_lock_init(&tty->ctrl.lock);
3110 spin_lock_init(&tty->flow.lock);
3111 spin_lock_init(&tty->files_lock);
3112 INIT_LIST_HEAD(&tty->tty_files);
3113 INIT_WORK(&tty->SAK_work, do_SAK_work);
3114
3115 tty->driver = driver;
3116 tty->ops = driver->ops;
3117 tty->index = idx;
3118 tty_line_name(driver, idx, tty->name);
3119 tty->dev = tty_get_device(tty);
3120
3121 return tty;
3122 }
3123
3124 /**
3125 * tty_put_char - write one character to a tty
3126 * @tty: tty
3127 * @ch: character to write
3128 *
3129 * Write one byte to the @tty using the provided @tty->ops->put_char() method
3130 * if present.
3131 *
3132 * Note: the specific put_char operation in the driver layer may go
3133 * away soon. Don't call it directly, use this method
3134 *
3135 * Return: the number of characters successfully output.
3136 */
tty_put_char(struct tty_struct * tty,unsigned char ch)3137 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3138 {
3139 if (tty->ops->put_char)
3140 return tty->ops->put_char(tty, ch);
3141 return tty->ops->write(tty, &ch, 1);
3142 }
3143 EXPORT_SYMBOL_GPL(tty_put_char);
3144
3145 struct class *tty_class;
3146
tty_cdev_add(struct tty_driver * driver,dev_t dev,unsigned int index,unsigned int count)3147 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3148 unsigned int index, unsigned int count)
3149 {
3150 int err;
3151
3152 /* init here, since reused cdevs cause crashes */
3153 driver->cdevs[index] = cdev_alloc();
3154 if (!driver->cdevs[index])
3155 return -ENOMEM;
3156 driver->cdevs[index]->ops = &tty_fops;
3157 driver->cdevs[index]->owner = driver->owner;
3158 err = cdev_add(driver->cdevs[index], dev, count);
3159 if (err)
3160 kobject_put(&driver->cdevs[index]->kobj);
3161 return err;
3162 }
3163
3164 /**
3165 * tty_register_device - register a tty device
3166 * @driver: the tty driver that describes the tty device
3167 * @index: the index in the tty driver for this tty device
3168 * @device: a struct device that is associated with this tty device.
3169 * This field is optional, if there is no known struct device
3170 * for this tty device it can be set to NULL safely.
3171 *
3172 * This call is required to be made to register an individual tty device
3173 * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3174 * that bit is not set, this function should not be called by a tty
3175 * driver.
3176 *
3177 * Locking: ??
3178 *
3179 * Return: A pointer to the struct device for this tty device (or
3180 * ERR_PTR(-EFOO) on error).
3181 */
tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)3182 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3183 struct device *device)
3184 {
3185 return tty_register_device_attr(driver, index, device, NULL, NULL);
3186 }
3187 EXPORT_SYMBOL(tty_register_device);
3188
tty_device_create_release(struct device * dev)3189 static void tty_device_create_release(struct device *dev)
3190 {
3191 dev_dbg(dev, "releasing...\n");
3192 kfree(dev);
3193 }
3194
3195 /**
3196 * tty_register_device_attr - register a tty device
3197 * @driver: the tty driver that describes the tty device
3198 * @index: the index in the tty driver for this tty device
3199 * @device: a struct device that is associated with this tty device.
3200 * This field is optional, if there is no known struct device
3201 * for this tty device it can be set to %NULL safely.
3202 * @drvdata: Driver data to be set to device.
3203 * @attr_grp: Attribute group to be set on device.
3204 *
3205 * This call is required to be made to register an individual tty device if the
3206 * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3207 * not set, this function should not be called by a tty driver.
3208 *
3209 * Locking: ??
3210 *
3211 * Return: A pointer to the struct device for this tty device (or
3212 * ERR_PTR(-EFOO) on error).
3213 */
tty_register_device_attr(struct tty_driver * driver,unsigned index,struct device * device,void * drvdata,const struct attribute_group ** attr_grp)3214 struct device *tty_register_device_attr(struct tty_driver *driver,
3215 unsigned index, struct device *device,
3216 void *drvdata,
3217 const struct attribute_group **attr_grp)
3218 {
3219 char name[64];
3220 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3221 struct ktermios *tp;
3222 struct device *dev;
3223 int retval;
3224
3225 if (index >= driver->num) {
3226 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3227 driver->name, index);
3228 return ERR_PTR(-EINVAL);
3229 }
3230
3231 if (driver->type == TTY_DRIVER_TYPE_PTY)
3232 pty_line_name(driver, index, name);
3233 else
3234 tty_line_name(driver, index, name);
3235
3236 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3237 if (!dev)
3238 return ERR_PTR(-ENOMEM);
3239
3240 dev->devt = devt;
3241 dev->class = tty_class;
3242 dev->parent = device;
3243 dev->release = tty_device_create_release;
3244 dev_set_name(dev, "%s", name);
3245 dev->groups = attr_grp;
3246 dev_set_drvdata(dev, drvdata);
3247
3248 dev_set_uevent_suppress(dev, 1);
3249
3250 retval = device_register(dev);
3251 if (retval)
3252 goto err_put;
3253
3254 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3255 /*
3256 * Free any saved termios data so that the termios state is
3257 * reset when reusing a minor number.
3258 */
3259 tp = driver->termios[index];
3260 if (tp) {
3261 driver->termios[index] = NULL;
3262 kfree(tp);
3263 }
3264
3265 retval = tty_cdev_add(driver, devt, index, 1);
3266 if (retval)
3267 goto err_del;
3268 }
3269
3270 dev_set_uevent_suppress(dev, 0);
3271 kobject_uevent(&dev->kobj, KOBJ_ADD);
3272
3273 return dev;
3274
3275 err_del:
3276 device_del(dev);
3277 err_put:
3278 put_device(dev);
3279
3280 return ERR_PTR(retval);
3281 }
3282 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3283
3284 /**
3285 * tty_unregister_device - unregister a tty device
3286 * @driver: the tty driver that describes the tty device
3287 * @index: the index in the tty driver for this tty device
3288 *
3289 * If a tty device is registered with a call to tty_register_device() then
3290 * this function must be called when the tty device is gone.
3291 *
3292 * Locking: ??
3293 */
tty_unregister_device(struct tty_driver * driver,unsigned index)3294 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3295 {
3296 device_destroy(tty_class,
3297 MKDEV(driver->major, driver->minor_start) + index);
3298 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3299 cdev_del(driver->cdevs[index]);
3300 driver->cdevs[index] = NULL;
3301 }
3302 }
3303 EXPORT_SYMBOL(tty_unregister_device);
3304
3305 /**
3306 * __tty_alloc_driver -- allocate tty driver
3307 * @lines: count of lines this driver can handle at most
3308 * @owner: module which is responsible for this driver
3309 * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
3310 *
3311 * This should not be called directly, some of the provided macros should be
3312 * used instead. Use IS_ERR() and friends on @retval.
3313 */
__tty_alloc_driver(unsigned int lines,struct module * owner,unsigned long flags)3314 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3315 unsigned long flags)
3316 {
3317 struct tty_driver *driver;
3318 unsigned int cdevs = 1;
3319 int err;
3320
3321 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3322 return ERR_PTR(-EINVAL);
3323
3324 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3325 if (!driver)
3326 return ERR_PTR(-ENOMEM);
3327
3328 kref_init(&driver->kref);
3329 driver->num = lines;
3330 driver->owner = owner;
3331 driver->flags = flags;
3332
3333 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3334 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3335 GFP_KERNEL);
3336 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3337 GFP_KERNEL);
3338 if (!driver->ttys || !driver->termios) {
3339 err = -ENOMEM;
3340 goto err_free_all;
3341 }
3342 }
3343
3344 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3345 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3346 GFP_KERNEL);
3347 if (!driver->ports) {
3348 err = -ENOMEM;
3349 goto err_free_all;
3350 }
3351 cdevs = lines;
3352 }
3353
3354 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3355 if (!driver->cdevs) {
3356 err = -ENOMEM;
3357 goto err_free_all;
3358 }
3359
3360 return driver;
3361 err_free_all:
3362 kfree(driver->ports);
3363 kfree(driver->ttys);
3364 kfree(driver->termios);
3365 kfree(driver->cdevs);
3366 kfree(driver);
3367 return ERR_PTR(err);
3368 }
3369 EXPORT_SYMBOL(__tty_alloc_driver);
3370
destruct_tty_driver(struct kref * kref)3371 static void destruct_tty_driver(struct kref *kref)
3372 {
3373 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3374 int i;
3375 struct ktermios *tp;
3376
3377 if (driver->flags & TTY_DRIVER_INSTALLED) {
3378 for (i = 0; i < driver->num; i++) {
3379 tp = driver->termios[i];
3380 if (tp) {
3381 driver->termios[i] = NULL;
3382 kfree(tp);
3383 }
3384 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3385 tty_unregister_device(driver, i);
3386 }
3387 proc_tty_unregister_driver(driver);
3388 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3389 cdev_del(driver->cdevs[0]);
3390 }
3391 kfree(driver->cdevs);
3392 kfree(driver->ports);
3393 kfree(driver->termios);
3394 kfree(driver->ttys);
3395 kfree(driver);
3396 }
3397
3398 /**
3399 * tty_driver_kref_put -- drop a reference to a tty driver
3400 * @driver: driver of which to drop the reference
3401 *
3402 * The final put will destroy and free up the driver.
3403 */
tty_driver_kref_put(struct tty_driver * driver)3404 void tty_driver_kref_put(struct tty_driver *driver)
3405 {
3406 kref_put(&driver->kref, destruct_tty_driver);
3407 }
3408 EXPORT_SYMBOL(tty_driver_kref_put);
3409
3410 /**
3411 * tty_register_driver -- register a tty driver
3412 * @driver: driver to register
3413 *
3414 * Called by a tty driver to register itself.
3415 */
tty_register_driver(struct tty_driver * driver)3416 int tty_register_driver(struct tty_driver *driver)
3417 {
3418 int error;
3419 int i;
3420 dev_t dev;
3421 struct device *d;
3422
3423 if (!driver->major) {
3424 error = alloc_chrdev_region(&dev, driver->minor_start,
3425 driver->num, driver->name);
3426 if (!error) {
3427 driver->major = MAJOR(dev);
3428 driver->minor_start = MINOR(dev);
3429 }
3430 } else {
3431 dev = MKDEV(driver->major, driver->minor_start);
3432 error = register_chrdev_region(dev, driver->num, driver->name);
3433 }
3434 if (error < 0)
3435 goto err;
3436
3437 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3438 error = tty_cdev_add(driver, dev, 0, driver->num);
3439 if (error)
3440 goto err_unreg_char;
3441 }
3442
3443 mutex_lock(&tty_mutex);
3444 list_add(&driver->tty_drivers, &tty_drivers);
3445 mutex_unlock(&tty_mutex);
3446
3447 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3448 for (i = 0; i < driver->num; i++) {
3449 d = tty_register_device(driver, i, NULL);
3450 if (IS_ERR(d)) {
3451 error = PTR_ERR(d);
3452 goto err_unreg_devs;
3453 }
3454 }
3455 }
3456 proc_tty_register_driver(driver);
3457 driver->flags |= TTY_DRIVER_INSTALLED;
3458 return 0;
3459
3460 err_unreg_devs:
3461 for (i--; i >= 0; i--)
3462 tty_unregister_device(driver, i);
3463
3464 mutex_lock(&tty_mutex);
3465 list_del(&driver->tty_drivers);
3466 mutex_unlock(&tty_mutex);
3467
3468 err_unreg_char:
3469 unregister_chrdev_region(dev, driver->num);
3470 err:
3471 return error;
3472 }
3473 EXPORT_SYMBOL(tty_register_driver);
3474
3475 /**
3476 * tty_unregister_driver -- unregister a tty driver
3477 * @driver: driver to unregister
3478 *
3479 * Called by a tty driver to unregister itself.
3480 */
tty_unregister_driver(struct tty_driver * driver)3481 void tty_unregister_driver(struct tty_driver *driver)
3482 {
3483 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3484 driver->num);
3485 mutex_lock(&tty_mutex);
3486 list_del(&driver->tty_drivers);
3487 mutex_unlock(&tty_mutex);
3488 }
3489 EXPORT_SYMBOL(tty_unregister_driver);
3490
tty_devnum(struct tty_struct * tty)3491 dev_t tty_devnum(struct tty_struct *tty)
3492 {
3493 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3494 }
3495 EXPORT_SYMBOL(tty_devnum);
3496
tty_default_fops(struct file_operations * fops)3497 void tty_default_fops(struct file_operations *fops)
3498 {
3499 *fops = tty_fops;
3500 }
3501
tty_devnode(struct device * dev,umode_t * mode)3502 static char *tty_devnode(struct device *dev, umode_t *mode)
3503 {
3504 if (!mode)
3505 return NULL;
3506 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3507 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3508 *mode = 0666;
3509 return NULL;
3510 }
3511
tty_class_init(void)3512 static int __init tty_class_init(void)
3513 {
3514 tty_class = class_create(THIS_MODULE, "tty");
3515 if (IS_ERR(tty_class))
3516 return PTR_ERR(tty_class);
3517 tty_class->devnode = tty_devnode;
3518 return 0;
3519 }
3520
3521 postcore_initcall(tty_class_init);
3522
3523 /* 3/2004 jmc: why do these devices exist? */
3524 static struct cdev tty_cdev, console_cdev;
3525
show_cons_active(struct device * dev,struct device_attribute * attr,char * buf)3526 static ssize_t show_cons_active(struct device *dev,
3527 struct device_attribute *attr, char *buf)
3528 {
3529 struct console *cs[16];
3530 int i = 0;
3531 struct console *c;
3532 ssize_t count = 0;
3533
3534 console_lock();
3535 for_each_console(c) {
3536 if (!c->device)
3537 continue;
3538 if (!c->write)
3539 continue;
3540 if ((c->flags & CON_ENABLED) == 0)
3541 continue;
3542 cs[i++] = c;
3543 if (i >= ARRAY_SIZE(cs))
3544 break;
3545 }
3546 while (i--) {
3547 int index = cs[i]->index;
3548 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3549
3550 /* don't resolve tty0 as some programs depend on it */
3551 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3552 count += tty_line_name(drv, index, buf + count);
3553 else
3554 count += sprintf(buf + count, "%s%d",
3555 cs[i]->name, cs[i]->index);
3556
3557 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3558 }
3559 console_unlock();
3560
3561 return count;
3562 }
3563 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3564
3565 static struct attribute *cons_dev_attrs[] = {
3566 &dev_attr_active.attr,
3567 NULL
3568 };
3569
3570 ATTRIBUTE_GROUPS(cons_dev);
3571
3572 static struct device *consdev;
3573
console_sysfs_notify(void)3574 void console_sysfs_notify(void)
3575 {
3576 if (consdev)
3577 sysfs_notify(&consdev->kobj, NULL, "active");
3578 }
3579
3580 /*
3581 * Ok, now we can initialize the rest of the tty devices and can count
3582 * on memory allocations, interrupts etc..
3583 */
tty_init(void)3584 int __init tty_init(void)
3585 {
3586 tty_sysctl_init();
3587 cdev_init(&tty_cdev, &tty_fops);
3588 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3589 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3590 panic("Couldn't register /dev/tty driver\n");
3591 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3592
3593 cdev_init(&console_cdev, &console_fops);
3594 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3595 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3596 panic("Couldn't register /dev/console driver\n");
3597 consdev = device_create_with_groups(tty_class, NULL,
3598 MKDEV(TTYAUX_MAJOR, 1), NULL,
3599 cons_dev_groups, "console");
3600 if (IS_ERR(consdev))
3601 consdev = NULL;
3602
3603 #ifdef CONFIG_VT
3604 vty_init(&console_fops);
3605 #endif
3606 return 0;
3607 }
3608
3609