1 /*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5 /*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67 #include <linux/types.h>
68 #include <linux/major.h>
69 #include <linux/errno.h>
70 #include <linux/signal.h>
71 #include <linux/fcntl.h>
72 #include <linux/sched.h>
73 #include <linux/interrupt.h>
74 #include <linux/tty.h>
75 #include <linux/tty_driver.h>
76 #include <linux/tty_flip.h>
77 #include <linux/devpts_fs.h>
78 #include <linux/file.h>
79 #include <linux/fdtable.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/device.h>
92 #include <linux/wait.h>
93 #include <linux/bitops.h>
94 #include <linux/delay.h>
95 #include <linux/seq_file.h>
96 #include <linux/serial.h>
97 #include <linux/ratelimit.h>
98
99 #include <linux/uaccess.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106 #include <linux/nsproxy.h>
107
108 #undef TTY_DEBUG_HANGUP
109 #ifdef TTY_DEBUG_HANGUP
110 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
111 #else
112 # define tty_debug_hangup(tty, f, args...) do { } while (0)
113 #endif
114
115 #define TTY_PARANOIA_CHECK 1
116 #define CHECK_TTY_COUNT 1
117
118 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
119 .c_iflag = ICRNL | IXON,
120 .c_oflag = OPOST | ONLCR,
121 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
122 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
123 ECHOCTL | ECHOKE | IEXTEN,
124 .c_cc = INIT_C_CC,
125 .c_ispeed = 38400,
126 .c_ospeed = 38400
127 };
128
129 EXPORT_SYMBOL(tty_std_termios);
130
131 /* This list gets poked at by procfs and various bits of boot up code. This
132 could do with some rationalisation such as pulling the tty proc function
133 into this file */
134
135 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
136
137 /* Mutex to protect creating and releasing a tty. This is shared with
138 vt.c for deeply disgusting hack reasons */
139 DEFINE_MUTEX(tty_mutex);
140 EXPORT_SYMBOL(tty_mutex);
141
142 /* Spinlock to protect the tty->tty_files list */
143 DEFINE_SPINLOCK(tty_files_lock);
144
145 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
146 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
147 ssize_t redirected_tty_write(struct file *, const char __user *,
148 size_t, loff_t *);
149 static unsigned int tty_poll(struct file *, poll_table *);
150 static int tty_open(struct inode *, struct file *);
151 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
152 #ifdef CONFIG_COMPAT
153 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
154 unsigned long arg);
155 #else
156 #define tty_compat_ioctl NULL
157 #endif
158 static int __tty_fasync(int fd, struct file *filp, int on);
159 static int tty_fasync(int fd, struct file *filp, int on);
160 static void release_tty(struct tty_struct *tty, int idx);
161
162 /**
163 * free_tty_struct - free a disused tty
164 * @tty: tty struct to free
165 *
166 * Free the write buffers, tty queue and tty memory itself.
167 *
168 * Locking: none. Must be called after tty is definitely unused
169 */
170
free_tty_struct(struct tty_struct * tty)171 void free_tty_struct(struct tty_struct *tty)
172 {
173 if (!tty)
174 return;
175 put_device(tty->dev);
176 kfree(tty->write_buf);
177 tty->magic = 0xDEADDEAD;
178 kfree(tty);
179 }
180
file_tty(struct file * file)181 static inline struct tty_struct *file_tty(struct file *file)
182 {
183 return ((struct tty_file_private *)file->private_data)->tty;
184 }
185
tty_alloc_file(struct file * file)186 int tty_alloc_file(struct file *file)
187 {
188 struct tty_file_private *priv;
189
190 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
191 if (!priv)
192 return -ENOMEM;
193
194 file->private_data = priv;
195
196 return 0;
197 }
198
199 /* Associate a new file with the tty structure */
tty_add_file(struct tty_struct * tty,struct file * file)200 void tty_add_file(struct tty_struct *tty, struct file *file)
201 {
202 struct tty_file_private *priv = file->private_data;
203
204 priv->tty = tty;
205 priv->file = file;
206
207 spin_lock(&tty_files_lock);
208 list_add(&priv->list, &tty->tty_files);
209 spin_unlock(&tty_files_lock);
210 }
211
212 /**
213 * tty_free_file - free file->private_data
214 *
215 * This shall be used only for fail path handling when tty_add_file was not
216 * called yet.
217 */
tty_free_file(struct file * file)218 void tty_free_file(struct file *file)
219 {
220 struct tty_file_private *priv = file->private_data;
221
222 file->private_data = NULL;
223 kfree(priv);
224 }
225
226 /* Delete file from its tty */
tty_del_file(struct file * file)227 static void tty_del_file(struct file *file)
228 {
229 struct tty_file_private *priv = file->private_data;
230
231 spin_lock(&tty_files_lock);
232 list_del(&priv->list);
233 spin_unlock(&tty_files_lock);
234 tty_free_file(file);
235 }
236
237
238 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
239
240 /**
241 * tty_name - return tty naming
242 * @tty: tty structure
243 *
244 * Convert a tty structure into a name. The name reflects the kernel
245 * naming policy and if udev is in use may not reflect user space
246 *
247 * Locking: none
248 */
249
tty_name(const struct tty_struct * tty)250 const char *tty_name(const struct tty_struct *tty)
251 {
252 if (!tty) /* Hmm. NULL pointer. That's fun. */
253 return "NULL tty";
254 return tty->name;
255 }
256
257 EXPORT_SYMBOL(tty_name);
258
tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)259 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 const char *routine)
261 {
262 #ifdef TTY_PARANOIA_CHECK
263 if (!tty) {
264 printk(KERN_WARNING
265 "null TTY for (%d:%d) in %s\n",
266 imajor(inode), iminor(inode), routine);
267 return 1;
268 }
269 if (tty->magic != TTY_MAGIC) {
270 printk(KERN_WARNING
271 "bad magic number for tty struct (%d:%d) in %s\n",
272 imajor(inode), iminor(inode), routine);
273 return 1;
274 }
275 #endif
276 return 0;
277 }
278
279 /* Caller must hold tty_lock */
check_tty_count(struct tty_struct * tty,const char * routine)280 static int check_tty_count(struct tty_struct *tty, const char *routine)
281 {
282 #ifdef CHECK_TTY_COUNT
283 struct list_head *p;
284 int count = 0;
285
286 spin_lock(&tty_files_lock);
287 list_for_each(p, &tty->tty_files) {
288 count++;
289 }
290 spin_unlock(&tty_files_lock);
291 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
292 tty->driver->subtype == PTY_TYPE_SLAVE &&
293 tty->link && tty->link->count)
294 count++;
295 if (tty->count != count) {
296 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
297 "!= #fd's(%d) in %s\n",
298 tty->name, tty->count, count, routine);
299 return count;
300 }
301 #endif
302 return 0;
303 }
304
305 /**
306 * get_tty_driver - find device of a tty
307 * @dev_t: device identifier
308 * @index: returns the index of the tty
309 *
310 * This routine returns a tty driver structure, given a device number
311 * and also passes back the index number.
312 *
313 * Locking: caller must hold tty_mutex
314 */
315
get_tty_driver(dev_t device,int * index)316 static struct tty_driver *get_tty_driver(dev_t device, int *index)
317 {
318 struct tty_driver *p;
319
320 list_for_each_entry(p, &tty_drivers, tty_drivers) {
321 dev_t base = MKDEV(p->major, p->minor_start);
322 if (device < base || device >= base + p->num)
323 continue;
324 *index = device - base;
325 return tty_driver_kref_get(p);
326 }
327 return NULL;
328 }
329
330 #ifdef CONFIG_CONSOLE_POLL
331
332 /**
333 * tty_find_polling_driver - find device of a polled tty
334 * @name: name string to match
335 * @line: pointer to resulting tty line nr
336 *
337 * This routine returns a tty driver structure, given a name
338 * and the condition that the tty driver is capable of polled
339 * operation.
340 */
tty_find_polling_driver(char * name,int * line)341 struct tty_driver *tty_find_polling_driver(char *name, int *line)
342 {
343 struct tty_driver *p, *res = NULL;
344 int tty_line = 0;
345 int len;
346 char *str, *stp;
347
348 for (str = name; *str; str++)
349 if ((*str >= '0' && *str <= '9') || *str == ',')
350 break;
351 if (!*str)
352 return NULL;
353
354 len = str - name;
355 tty_line = simple_strtoul(str, &str, 10);
356
357 mutex_lock(&tty_mutex);
358 /* Search through the tty devices to look for a match */
359 list_for_each_entry(p, &tty_drivers, tty_drivers) {
360 if (strncmp(name, p->name, len) != 0)
361 continue;
362 stp = str;
363 if (*stp == ',')
364 stp++;
365 if (*stp == '\0')
366 stp = NULL;
367
368 if (tty_line >= 0 && tty_line < p->num && p->ops &&
369 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
370 res = tty_driver_kref_get(p);
371 *line = tty_line;
372 break;
373 }
374 }
375 mutex_unlock(&tty_mutex);
376
377 return res;
378 }
379 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
380 #endif
381
382 /**
383 * tty_check_change - check for POSIX terminal changes
384 * @tty: tty to check
385 *
386 * If we try to write to, or set the state of, a terminal and we're
387 * not in the foreground, send a SIGTTOU. If the signal is blocked or
388 * ignored, go ahead and perform the operation. (POSIX 7.2)
389 *
390 * Locking: ctrl_lock
391 */
392
__tty_check_change(struct tty_struct * tty,int sig)393 int __tty_check_change(struct tty_struct *tty, int sig)
394 {
395 unsigned long flags;
396 struct pid *pgrp, *tty_pgrp;
397 int ret = 0;
398
399 if (current->signal->tty != tty)
400 return 0;
401
402 rcu_read_lock();
403 pgrp = task_pgrp(current);
404
405 spin_lock_irqsave(&tty->ctrl_lock, flags);
406 tty_pgrp = tty->pgrp;
407 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
408
409 if (tty_pgrp && pgrp != tty->pgrp) {
410 if (is_ignored(sig)) {
411 if (sig == SIGTTIN)
412 ret = -EIO;
413 } else if (is_current_pgrp_orphaned())
414 ret = -EIO;
415 else {
416 kill_pgrp(pgrp, sig, 1);
417 set_thread_flag(TIF_SIGPENDING);
418 ret = -ERESTARTSYS;
419 }
420 }
421 rcu_read_unlock();
422
423 if (!tty_pgrp) {
424 pr_warn("%s: tty_check_change: sig=%d, tty->pgrp == NULL!\n",
425 tty_name(tty), sig);
426 }
427
428 return ret;
429 }
430
tty_check_change(struct tty_struct * tty)431 int tty_check_change(struct tty_struct *tty)
432 {
433 return __tty_check_change(tty, SIGTTOU);
434 }
435 EXPORT_SYMBOL(tty_check_change);
436
hung_up_tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)437 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
438 size_t count, loff_t *ppos)
439 {
440 return 0;
441 }
442
hung_up_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)443 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
444 size_t count, loff_t *ppos)
445 {
446 return -EIO;
447 }
448
449 /* No kernel lock held - none needed ;) */
hung_up_tty_poll(struct file * filp,poll_table * wait)450 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
451 {
452 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
453 }
454
hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)455 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
456 unsigned long arg)
457 {
458 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
459 }
460
hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)461 static long hung_up_tty_compat_ioctl(struct file *file,
462 unsigned int cmd, unsigned long arg)
463 {
464 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
465 }
466
467 static const struct file_operations tty_fops = {
468 .llseek = no_llseek,
469 .read = tty_read,
470 .write = tty_write,
471 .poll = tty_poll,
472 .unlocked_ioctl = tty_ioctl,
473 .compat_ioctl = tty_compat_ioctl,
474 .open = tty_open,
475 .release = tty_release,
476 .fasync = tty_fasync,
477 };
478
479 static const struct file_operations console_fops = {
480 .llseek = no_llseek,
481 .read = tty_read,
482 .write = redirected_tty_write,
483 .poll = tty_poll,
484 .unlocked_ioctl = tty_ioctl,
485 .compat_ioctl = tty_compat_ioctl,
486 .open = tty_open,
487 .release = tty_release,
488 .fasync = tty_fasync,
489 };
490
491 static const struct file_operations hung_up_tty_fops = {
492 .llseek = no_llseek,
493 .read = hung_up_tty_read,
494 .write = hung_up_tty_write,
495 .poll = hung_up_tty_poll,
496 .unlocked_ioctl = hung_up_tty_ioctl,
497 .compat_ioctl = hung_up_tty_compat_ioctl,
498 .release = tty_release,
499 };
500
501 static DEFINE_SPINLOCK(redirect_lock);
502 static struct file *redirect;
503
504
proc_clear_tty(struct task_struct * p)505 void proc_clear_tty(struct task_struct *p)
506 {
507 unsigned long flags;
508 struct tty_struct *tty;
509 spin_lock_irqsave(&p->sighand->siglock, flags);
510 tty = p->signal->tty;
511 p->signal->tty = NULL;
512 spin_unlock_irqrestore(&p->sighand->siglock, flags);
513 tty_kref_put(tty);
514 }
515
516 /**
517 * proc_set_tty - set the controlling terminal
518 *
519 * Only callable by the session leader and only if it does not already have
520 * a controlling terminal.
521 *
522 * Caller must hold: tty_lock()
523 * a readlock on tasklist_lock
524 * sighand lock
525 */
__proc_set_tty(struct tty_struct * tty)526 static void __proc_set_tty(struct tty_struct *tty)
527 {
528 unsigned long flags;
529
530 spin_lock_irqsave(&tty->ctrl_lock, flags);
531 /*
532 * The session and fg pgrp references will be non-NULL if
533 * tiocsctty() is stealing the controlling tty
534 */
535 put_pid(tty->session);
536 put_pid(tty->pgrp);
537 tty->pgrp = get_pid(task_pgrp(current));
538 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
539 tty->session = get_pid(task_session(current));
540 if (current->signal->tty) {
541 tty_debug(tty, "current tty %s not NULL!!\n",
542 current->signal->tty->name);
543 tty_kref_put(current->signal->tty);
544 }
545 put_pid(current->signal->tty_old_pgrp);
546 current->signal->tty = tty_kref_get(tty);
547 current->signal->tty_old_pgrp = NULL;
548 }
549
proc_set_tty(struct tty_struct * tty)550 static void proc_set_tty(struct tty_struct *tty)
551 {
552 spin_lock_irq(¤t->sighand->siglock);
553 __proc_set_tty(tty);
554 spin_unlock_irq(¤t->sighand->siglock);
555 }
556
get_current_tty(void)557 struct tty_struct *get_current_tty(void)
558 {
559 struct tty_struct *tty;
560 unsigned long flags;
561
562 spin_lock_irqsave(¤t->sighand->siglock, flags);
563 tty = tty_kref_get(current->signal->tty);
564 spin_unlock_irqrestore(¤t->sighand->siglock, flags);
565 return tty;
566 }
567 EXPORT_SYMBOL_GPL(get_current_tty);
568
session_clear_tty(struct pid * session)569 static void session_clear_tty(struct pid *session)
570 {
571 struct task_struct *p;
572 do_each_pid_task(session, PIDTYPE_SID, p) {
573 proc_clear_tty(p);
574 } while_each_pid_task(session, PIDTYPE_SID, p);
575 }
576
577 /**
578 * tty_wakeup - request more data
579 * @tty: terminal
580 *
581 * Internal and external helper for wakeups of tty. This function
582 * informs the line discipline if present that the driver is ready
583 * to receive more output data.
584 */
585
tty_wakeup(struct tty_struct * tty)586 void tty_wakeup(struct tty_struct *tty)
587 {
588 struct tty_ldisc *ld;
589
590 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
591 ld = tty_ldisc_ref(tty);
592 if (ld) {
593 if (ld->ops->write_wakeup)
594 ld->ops->write_wakeup(tty);
595 tty_ldisc_deref(ld);
596 }
597 }
598 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
599 }
600
601 EXPORT_SYMBOL_GPL(tty_wakeup);
602
603 /**
604 * tty_signal_session_leader - sends SIGHUP to session leader
605 * @tty controlling tty
606 * @exit_session if non-zero, signal all foreground group processes
607 *
608 * Send SIGHUP and SIGCONT to the session leader and its process group.
609 * Optionally, signal all processes in the foreground process group.
610 *
611 * Returns the number of processes in the session with this tty
612 * as their controlling terminal. This value is used to drop
613 * tty references for those processes.
614 */
tty_signal_session_leader(struct tty_struct * tty,int exit_session)615 static int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
616 {
617 struct task_struct *p;
618 int refs = 0;
619 struct pid *tty_pgrp = NULL;
620
621 read_lock(&tasklist_lock);
622 if (tty->session) {
623 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
624 spin_lock_irq(&p->sighand->siglock);
625 if (p->signal->tty == tty) {
626 p->signal->tty = NULL;
627 /* We defer the dereferences outside fo
628 the tasklist lock */
629 refs++;
630 }
631 if (!p->signal->leader) {
632 spin_unlock_irq(&p->sighand->siglock);
633 continue;
634 }
635 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
636 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
637 put_pid(p->signal->tty_old_pgrp); /* A noop */
638 spin_lock(&tty->ctrl_lock);
639 tty_pgrp = get_pid(tty->pgrp);
640 if (tty->pgrp)
641 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
642 spin_unlock(&tty->ctrl_lock);
643 spin_unlock_irq(&p->sighand->siglock);
644 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
645 }
646 read_unlock(&tasklist_lock);
647
648 if (tty_pgrp) {
649 if (exit_session)
650 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
651 put_pid(tty_pgrp);
652 }
653
654 return refs;
655 }
656
657 /**
658 * __tty_hangup - actual handler for hangup events
659 * @work: tty device
660 *
661 * This can be called by a "kworker" kernel thread. That is process
662 * synchronous but doesn't hold any locks, so we need to make sure we
663 * have the appropriate locks for what we're doing.
664 *
665 * The hangup event clears any pending redirections onto the hung up
666 * device. It ensures future writes will error and it does the needed
667 * line discipline hangup and signal delivery. The tty object itself
668 * remains intact.
669 *
670 * Locking:
671 * BTM
672 * redirect lock for undoing redirection
673 * file list lock for manipulating list of ttys
674 * tty_ldiscs_lock from called functions
675 * termios_rwsem resetting termios data
676 * tasklist_lock to walk task list for hangup event
677 * ->siglock to protect ->signal/->sighand
678 */
__tty_hangup(struct tty_struct * tty,int exit_session)679 static void __tty_hangup(struct tty_struct *tty, int exit_session)
680 {
681 struct file *cons_filp = NULL;
682 struct file *filp, *f = NULL;
683 struct tty_file_private *priv;
684 int closecount = 0, n;
685 int refs;
686
687 if (!tty)
688 return;
689
690
691 spin_lock(&redirect_lock);
692 if (redirect && file_tty(redirect) == tty) {
693 f = redirect;
694 redirect = NULL;
695 }
696 spin_unlock(&redirect_lock);
697
698 tty_lock(tty);
699
700 if (test_bit(TTY_HUPPED, &tty->flags)) {
701 tty_unlock(tty);
702 return;
703 }
704
705 /* inuse_filps is protected by the single tty lock,
706 this really needs to change if we want to flush the
707 workqueue with the lock held */
708 check_tty_count(tty, "tty_hangup");
709
710 spin_lock(&tty_files_lock);
711 /* This breaks for file handles being sent over AF_UNIX sockets ? */
712 list_for_each_entry(priv, &tty->tty_files, list) {
713 filp = priv->file;
714 if (filp->f_op->write == redirected_tty_write)
715 cons_filp = filp;
716 if (filp->f_op->write != tty_write)
717 continue;
718 closecount++;
719 __tty_fasync(-1, filp, 0); /* can't block */
720 filp->f_op = &hung_up_tty_fops;
721 }
722 spin_unlock(&tty_files_lock);
723
724 refs = tty_signal_session_leader(tty, exit_session);
725 /* Account for the p->signal references we killed */
726 while (refs--)
727 tty_kref_put(tty);
728
729 tty_ldisc_hangup(tty);
730
731 spin_lock_irq(&tty->ctrl_lock);
732 clear_bit(TTY_THROTTLED, &tty->flags);
733 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
734 put_pid(tty->session);
735 put_pid(tty->pgrp);
736 tty->session = NULL;
737 tty->pgrp = NULL;
738 tty->ctrl_status = 0;
739 spin_unlock_irq(&tty->ctrl_lock);
740
741 /*
742 * If one of the devices matches a console pointer, we
743 * cannot just call hangup() because that will cause
744 * tty->count and state->count to go out of sync.
745 * So we just call close() the right number of times.
746 */
747 if (cons_filp) {
748 if (tty->ops->close)
749 for (n = 0; n < closecount; n++)
750 tty->ops->close(tty, cons_filp);
751 } else if (tty->ops->hangup)
752 tty->ops->hangup(tty);
753 /*
754 * We don't want to have driver/ldisc interactions beyond
755 * the ones we did here. The driver layer expects no
756 * calls after ->hangup() from the ldisc side. However we
757 * can't yet guarantee all that.
758 */
759 set_bit(TTY_HUPPED, &tty->flags);
760 tty_unlock(tty);
761
762 if (f)
763 fput(f);
764 }
765
do_tty_hangup(struct work_struct * work)766 static void do_tty_hangup(struct work_struct *work)
767 {
768 struct tty_struct *tty =
769 container_of(work, struct tty_struct, hangup_work);
770
771 __tty_hangup(tty, 0);
772 }
773
774 /**
775 * tty_hangup - trigger a hangup event
776 * @tty: tty to hangup
777 *
778 * A carrier loss (virtual or otherwise) has occurred on this like
779 * schedule a hangup sequence to run after this event.
780 */
781
tty_hangup(struct tty_struct * tty)782 void tty_hangup(struct tty_struct *tty)
783 {
784 tty_debug_hangup(tty, "\n");
785 schedule_work(&tty->hangup_work);
786 }
787
788 EXPORT_SYMBOL(tty_hangup);
789
790 /**
791 * tty_vhangup - process vhangup
792 * @tty: tty to hangup
793 *
794 * The user has asked via system call for the terminal to be hung up.
795 * We do this synchronously so that when the syscall returns the process
796 * is complete. That guarantee is necessary for security reasons.
797 */
798
tty_vhangup(struct tty_struct * tty)799 void tty_vhangup(struct tty_struct *tty)
800 {
801 tty_debug_hangup(tty, "\n");
802 __tty_hangup(tty, 0);
803 }
804
805 EXPORT_SYMBOL(tty_vhangup);
806
807
808 /**
809 * tty_vhangup_self - process vhangup for own ctty
810 *
811 * Perform a vhangup on the current controlling tty
812 */
813
tty_vhangup_self(void)814 void tty_vhangup_self(void)
815 {
816 struct tty_struct *tty;
817
818 tty = get_current_tty();
819 if (tty) {
820 tty_vhangup(tty);
821 tty_kref_put(tty);
822 }
823 }
824
825 /**
826 * tty_vhangup_session - hangup session leader exit
827 * @tty: tty to hangup
828 *
829 * The session leader is exiting and hanging up its controlling terminal.
830 * Every process in the foreground process group is signalled SIGHUP.
831 *
832 * We do this synchronously so that when the syscall returns the process
833 * is complete. That guarantee is necessary for security reasons.
834 */
835
tty_vhangup_session(struct tty_struct * tty)836 static void tty_vhangup_session(struct tty_struct *tty)
837 {
838 tty_debug_hangup(tty, "\n");
839 __tty_hangup(tty, 1);
840 }
841
842 /**
843 * tty_hung_up_p - was tty hung up
844 * @filp: file pointer of tty
845 *
846 * Return true if the tty has been subject to a vhangup or a carrier
847 * loss
848 */
849
tty_hung_up_p(struct file * filp)850 int tty_hung_up_p(struct file *filp)
851 {
852 return (filp->f_op == &hung_up_tty_fops);
853 }
854
855 EXPORT_SYMBOL(tty_hung_up_p);
856
857 /**
858 * disassociate_ctty - disconnect controlling tty
859 * @on_exit: true if exiting so need to "hang up" the session
860 *
861 * This function is typically called only by the session leader, when
862 * it wants to disassociate itself from its controlling tty.
863 *
864 * It performs the following functions:
865 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
866 * (2) Clears the tty from being controlling the session
867 * (3) Clears the controlling tty for all processes in the
868 * session group.
869 *
870 * The argument on_exit is set to 1 if called when a process is
871 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
872 *
873 * Locking:
874 * BTM is taken for hysterical raisins, and held when
875 * called from no_tty().
876 * tty_mutex is taken to protect tty
877 * ->siglock is taken to protect ->signal/->sighand
878 * tasklist_lock is taken to walk process list for sessions
879 * ->siglock is taken to protect ->signal/->sighand
880 */
881
disassociate_ctty(int on_exit)882 void disassociate_ctty(int on_exit)
883 {
884 struct tty_struct *tty;
885
886 if (!current->signal->leader)
887 return;
888
889 tty = get_current_tty();
890 if (tty) {
891 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
892 tty_vhangup_session(tty);
893 } else {
894 struct pid *tty_pgrp = tty_get_pgrp(tty);
895 if (tty_pgrp) {
896 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
897 if (!on_exit)
898 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
899 put_pid(tty_pgrp);
900 }
901 }
902 tty_kref_put(tty);
903
904 } else if (on_exit) {
905 struct pid *old_pgrp;
906 spin_lock_irq(¤t->sighand->siglock);
907 old_pgrp = current->signal->tty_old_pgrp;
908 current->signal->tty_old_pgrp = NULL;
909 spin_unlock_irq(¤t->sighand->siglock);
910 if (old_pgrp) {
911 kill_pgrp(old_pgrp, SIGHUP, on_exit);
912 kill_pgrp(old_pgrp, SIGCONT, on_exit);
913 put_pid(old_pgrp);
914 }
915 return;
916 }
917
918 spin_lock_irq(¤t->sighand->siglock);
919 put_pid(current->signal->tty_old_pgrp);
920 current->signal->tty_old_pgrp = NULL;
921
922 tty = tty_kref_get(current->signal->tty);
923 if (tty) {
924 unsigned long flags;
925 spin_lock_irqsave(&tty->ctrl_lock, flags);
926 put_pid(tty->session);
927 put_pid(tty->pgrp);
928 tty->session = NULL;
929 tty->pgrp = NULL;
930 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
931 tty_kref_put(tty);
932 } else
933 tty_debug_hangup(tty, "no current tty\n");
934
935 spin_unlock_irq(¤t->sighand->siglock);
936 /* Now clear signal->tty under the lock */
937 read_lock(&tasklist_lock);
938 session_clear_tty(task_session(current));
939 read_unlock(&tasklist_lock);
940 }
941
942 /**
943 *
944 * no_tty - Ensure the current process does not have a controlling tty
945 */
no_tty(void)946 void no_tty(void)
947 {
948 /* FIXME: Review locking here. The tty_lock never covered any race
949 between a new association and proc_clear_tty but possible we need
950 to protect against this anyway */
951 struct task_struct *tsk = current;
952 disassociate_ctty(0);
953 proc_clear_tty(tsk);
954 }
955
956
957 /**
958 * stop_tty - propagate flow control
959 * @tty: tty to stop
960 *
961 * Perform flow control to the driver. May be called
962 * on an already stopped device and will not re-call the driver
963 * method.
964 *
965 * This functionality is used by both the line disciplines for
966 * halting incoming flow and by the driver. It may therefore be
967 * called from any context, may be under the tty atomic_write_lock
968 * but not always.
969 *
970 * Locking:
971 * flow_lock
972 */
973
__stop_tty(struct tty_struct * tty)974 void __stop_tty(struct tty_struct *tty)
975 {
976 if (tty->stopped)
977 return;
978 tty->stopped = 1;
979 if (tty->ops->stop)
980 tty->ops->stop(tty);
981 }
982
stop_tty(struct tty_struct * tty)983 void stop_tty(struct tty_struct *tty)
984 {
985 unsigned long flags;
986
987 spin_lock_irqsave(&tty->flow_lock, flags);
988 __stop_tty(tty);
989 spin_unlock_irqrestore(&tty->flow_lock, flags);
990 }
991 EXPORT_SYMBOL(stop_tty);
992
993 /**
994 * start_tty - propagate flow control
995 * @tty: tty to start
996 *
997 * Start a tty that has been stopped if at all possible. If this
998 * tty was previous stopped and is now being started, the driver
999 * start method is invoked and the line discipline woken.
1000 *
1001 * Locking:
1002 * flow_lock
1003 */
1004
__start_tty(struct tty_struct * tty)1005 void __start_tty(struct tty_struct *tty)
1006 {
1007 if (!tty->stopped || tty->flow_stopped)
1008 return;
1009 tty->stopped = 0;
1010 if (tty->ops->start)
1011 tty->ops->start(tty);
1012 tty_wakeup(tty);
1013 }
1014
start_tty(struct tty_struct * tty)1015 void start_tty(struct tty_struct *tty)
1016 {
1017 unsigned long flags;
1018
1019 spin_lock_irqsave(&tty->flow_lock, flags);
1020 __start_tty(tty);
1021 spin_unlock_irqrestore(&tty->flow_lock, flags);
1022 }
1023 EXPORT_SYMBOL(start_tty);
1024
tty_update_time(struct timespec * time)1025 static void tty_update_time(struct timespec *time)
1026 {
1027 unsigned long sec = get_seconds();
1028
1029 /*
1030 * We only care if the two values differ in anything other than the
1031 * lower three bits (i.e every 8 seconds). If so, then we can update
1032 * the time of the tty device, otherwise it could be construded as a
1033 * security leak to let userspace know the exact timing of the tty.
1034 */
1035 if ((sec ^ time->tv_sec) & ~7)
1036 time->tv_sec = sec;
1037 }
1038
1039 /**
1040 * tty_read - read method for tty device files
1041 * @file: pointer to tty file
1042 * @buf: user buffer
1043 * @count: size of user buffer
1044 * @ppos: unused
1045 *
1046 * Perform the read system call function on this terminal device. Checks
1047 * for hung up devices before calling the line discipline method.
1048 *
1049 * Locking:
1050 * Locks the line discipline internally while needed. Multiple
1051 * read calls may be outstanding in parallel.
1052 */
1053
tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)1054 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1055 loff_t *ppos)
1056 {
1057 int i;
1058 struct inode *inode = file_inode(file);
1059 struct tty_struct *tty = file_tty(file);
1060 struct tty_ldisc *ld;
1061
1062 if (tty_paranoia_check(tty, inode, "tty_read"))
1063 return -EIO;
1064 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1065 return -EIO;
1066
1067 /* We want to wait for the line discipline to sort out in this
1068 situation */
1069 ld = tty_ldisc_ref_wait(tty);
1070 if (ld->ops->read)
1071 i = ld->ops->read(tty, file, buf, count);
1072 else
1073 i = -EIO;
1074 tty_ldisc_deref(ld);
1075
1076 if (i > 0)
1077 tty_update_time(&inode->i_atime);
1078
1079 return i;
1080 }
1081
tty_write_unlock(struct tty_struct * tty)1082 static void tty_write_unlock(struct tty_struct *tty)
1083 {
1084 mutex_unlock(&tty->atomic_write_lock);
1085 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1086 }
1087
tty_write_lock(struct tty_struct * tty,int ndelay)1088 static int tty_write_lock(struct tty_struct *tty, int ndelay)
1089 {
1090 if (!mutex_trylock(&tty->atomic_write_lock)) {
1091 if (ndelay)
1092 return -EAGAIN;
1093 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1094 return -ERESTARTSYS;
1095 }
1096 return 0;
1097 }
1098
1099 /*
1100 * Split writes up in sane blocksizes to avoid
1101 * denial-of-service type attacks
1102 */
do_tty_write(ssize_t (* write)(struct tty_struct *,struct file *,const unsigned char *,size_t),struct tty_struct * tty,struct file * file,const char __user * buf,size_t count)1103 static inline ssize_t do_tty_write(
1104 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1105 struct tty_struct *tty,
1106 struct file *file,
1107 const char __user *buf,
1108 size_t count)
1109 {
1110 ssize_t ret, written = 0;
1111 unsigned int chunk;
1112
1113 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1114 if (ret < 0)
1115 return ret;
1116
1117 /*
1118 * We chunk up writes into a temporary buffer. This
1119 * simplifies low-level drivers immensely, since they
1120 * don't have locking issues and user mode accesses.
1121 *
1122 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1123 * big chunk-size..
1124 *
1125 * The default chunk-size is 2kB, because the NTTY
1126 * layer has problems with bigger chunks. It will
1127 * claim to be able to handle more characters than
1128 * it actually does.
1129 *
1130 * FIXME: This can probably go away now except that 64K chunks
1131 * are too likely to fail unless switched to vmalloc...
1132 */
1133 chunk = 2048;
1134 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1135 chunk = 65536;
1136 if (count < chunk)
1137 chunk = count;
1138
1139 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1140 if (tty->write_cnt < chunk) {
1141 unsigned char *buf_chunk;
1142
1143 if (chunk < 1024)
1144 chunk = 1024;
1145
1146 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1147 if (!buf_chunk) {
1148 ret = -ENOMEM;
1149 goto out;
1150 }
1151 kfree(tty->write_buf);
1152 tty->write_cnt = chunk;
1153 tty->write_buf = buf_chunk;
1154 }
1155
1156 /* Do the write .. */
1157 for (;;) {
1158 size_t size = count;
1159 if (size > chunk)
1160 size = chunk;
1161 ret = -EFAULT;
1162 if (copy_from_user(tty->write_buf, buf, size))
1163 break;
1164 ret = write(tty, file, tty->write_buf, size);
1165 if (ret <= 0)
1166 break;
1167 written += ret;
1168 buf += ret;
1169 count -= ret;
1170 if (!count)
1171 break;
1172 ret = -ERESTARTSYS;
1173 if (signal_pending(current))
1174 break;
1175 cond_resched();
1176 }
1177 if (written) {
1178 tty_update_time(&file_inode(file)->i_mtime);
1179 ret = written;
1180 }
1181 out:
1182 tty_write_unlock(tty);
1183 return ret;
1184 }
1185
1186 /**
1187 * tty_write_message - write a message to a certain tty, not just the console.
1188 * @tty: the destination tty_struct
1189 * @msg: the message to write
1190 *
1191 * This is used for messages that need to be redirected to a specific tty.
1192 * We don't put it into the syslog queue right now maybe in the future if
1193 * really needed.
1194 *
1195 * We must still hold the BTM and test the CLOSING flag for the moment.
1196 */
1197
tty_write_message(struct tty_struct * tty,char * msg)1198 void tty_write_message(struct tty_struct *tty, char *msg)
1199 {
1200 if (tty) {
1201 mutex_lock(&tty->atomic_write_lock);
1202 tty_lock(tty);
1203 if (tty->ops->write && tty->count > 0)
1204 tty->ops->write(tty, msg, strlen(msg));
1205 tty_unlock(tty);
1206 tty_write_unlock(tty);
1207 }
1208 return;
1209 }
1210
1211
1212 /**
1213 * tty_write - write method for tty device file
1214 * @file: tty file pointer
1215 * @buf: user data to write
1216 * @count: bytes to write
1217 * @ppos: unused
1218 *
1219 * Write data to a tty device via the line discipline.
1220 *
1221 * Locking:
1222 * Locks the line discipline as required
1223 * Writes to the tty driver are serialized by the atomic_write_lock
1224 * and are then processed in chunks to the device. The line discipline
1225 * write method will not be invoked in parallel for each device.
1226 */
1227
tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1228 static ssize_t tty_write(struct file *file, const char __user *buf,
1229 size_t count, loff_t *ppos)
1230 {
1231 struct tty_struct *tty = file_tty(file);
1232 struct tty_ldisc *ld;
1233 ssize_t ret;
1234
1235 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1236 return -EIO;
1237 if (!tty || !tty->ops->write ||
1238 (test_bit(TTY_IO_ERROR, &tty->flags)))
1239 return -EIO;
1240 /* Short term debug to catch buggy drivers */
1241 if (tty->ops->write_room == NULL)
1242 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1243 tty->driver->name);
1244 ld = tty_ldisc_ref_wait(tty);
1245 if (!ld->ops->write)
1246 ret = -EIO;
1247 else
1248 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1249 tty_ldisc_deref(ld);
1250 return ret;
1251 }
1252
redirected_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1253 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1254 size_t count, loff_t *ppos)
1255 {
1256 struct file *p = NULL;
1257
1258 spin_lock(&redirect_lock);
1259 if (redirect)
1260 p = get_file(redirect);
1261 spin_unlock(&redirect_lock);
1262
1263 if (p) {
1264 ssize_t res;
1265 res = vfs_write(p, buf, count, &p->f_pos);
1266 fput(p);
1267 return res;
1268 }
1269 return tty_write(file, buf, count, ppos);
1270 }
1271
1272 /**
1273 * tty_send_xchar - send priority character
1274 *
1275 * Send a high priority character to the tty even if stopped
1276 *
1277 * Locking: none for xchar method, write ordering for write method.
1278 */
1279
tty_send_xchar(struct tty_struct * tty,char ch)1280 int tty_send_xchar(struct tty_struct *tty, char ch)
1281 {
1282 int was_stopped = tty->stopped;
1283
1284 if (tty->ops->send_xchar) {
1285 down_read(&tty->termios_rwsem);
1286 tty->ops->send_xchar(tty, ch);
1287 up_read(&tty->termios_rwsem);
1288 return 0;
1289 }
1290
1291 if (tty_write_lock(tty, 0) < 0)
1292 return -ERESTARTSYS;
1293
1294 down_read(&tty->termios_rwsem);
1295 if (was_stopped)
1296 start_tty(tty);
1297 tty->ops->write(tty, &ch, 1);
1298 if (was_stopped)
1299 stop_tty(tty);
1300 up_read(&tty->termios_rwsem);
1301 tty_write_unlock(tty);
1302 return 0;
1303 }
1304
1305 static char ptychar[] = "pqrstuvwxyzabcde";
1306
1307 /**
1308 * pty_line_name - generate name for a pty
1309 * @driver: the tty driver in use
1310 * @index: the minor number
1311 * @p: output buffer of at least 6 bytes
1312 *
1313 * Generate a name from a driver reference and write it to the output
1314 * buffer.
1315 *
1316 * Locking: None
1317 */
pty_line_name(struct tty_driver * driver,int index,char * p)1318 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1319 {
1320 int i = index + driver->name_base;
1321 /* ->name is initialized to "ttyp", but "tty" is expected */
1322 sprintf(p, "%s%c%x",
1323 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1324 ptychar[i >> 4 & 0xf], i & 0xf);
1325 }
1326
1327 /**
1328 * tty_line_name - generate name for a tty
1329 * @driver: the tty driver in use
1330 * @index: the minor number
1331 * @p: output buffer of at least 7 bytes
1332 *
1333 * Generate a name from a driver reference and write it to the output
1334 * buffer.
1335 *
1336 * Locking: None
1337 */
tty_line_name(struct tty_driver * driver,int index,char * p)1338 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1339 {
1340 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1341 return sprintf(p, "%s", driver->name);
1342 else
1343 return sprintf(p, "%s%d", driver->name,
1344 index + driver->name_base);
1345 }
1346
1347 /**
1348 * tty_driver_lookup_tty() - find an existing tty, if any
1349 * @driver: the driver for the tty
1350 * @idx: the minor number
1351 *
1352 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1353 * driver lookup() method returns an error.
1354 *
1355 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1356 */
tty_driver_lookup_tty(struct tty_driver * driver,struct inode * inode,int idx)1357 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1358 struct inode *inode, int idx)
1359 {
1360 struct tty_struct *tty;
1361
1362 if (driver->ops->lookup)
1363 tty = driver->ops->lookup(driver, inode, idx);
1364 else
1365 tty = driver->ttys[idx];
1366
1367 if (!IS_ERR(tty))
1368 tty_kref_get(tty);
1369 return tty;
1370 }
1371
1372 /**
1373 * tty_init_termios - helper for termios setup
1374 * @tty: the tty to set up
1375 *
1376 * Initialise the termios structures for this tty. Thus runs under
1377 * the tty_mutex currently so we can be relaxed about ordering.
1378 */
1379
tty_init_termios(struct tty_struct * tty)1380 int tty_init_termios(struct tty_struct *tty)
1381 {
1382 struct ktermios *tp;
1383 int idx = tty->index;
1384
1385 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1386 tty->termios = tty->driver->init_termios;
1387 else {
1388 /* Check for lazy saved data */
1389 tp = tty->driver->termios[idx];
1390 if (tp != NULL)
1391 tty->termios = *tp;
1392 else
1393 tty->termios = tty->driver->init_termios;
1394 }
1395 /* Compatibility until drivers always set this */
1396 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1397 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1398 return 0;
1399 }
1400 EXPORT_SYMBOL_GPL(tty_init_termios);
1401
tty_standard_install(struct tty_driver * driver,struct tty_struct * tty)1402 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1403 {
1404 int ret = tty_init_termios(tty);
1405 if (ret)
1406 return ret;
1407
1408 tty_driver_kref_get(driver);
1409 tty->count++;
1410 driver->ttys[tty->index] = tty;
1411 return 0;
1412 }
1413 EXPORT_SYMBOL_GPL(tty_standard_install);
1414
1415 /**
1416 * tty_driver_install_tty() - install a tty entry in the driver
1417 * @driver: the driver for the tty
1418 * @tty: the tty
1419 *
1420 * Install a tty object into the driver tables. The tty->index field
1421 * will be set by the time this is called. This method is responsible
1422 * for ensuring any need additional structures are allocated and
1423 * configured.
1424 *
1425 * Locking: tty_mutex for now
1426 */
tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1427 static int tty_driver_install_tty(struct tty_driver *driver,
1428 struct tty_struct *tty)
1429 {
1430 return driver->ops->install ? driver->ops->install(driver, tty) :
1431 tty_standard_install(driver, tty);
1432 }
1433
1434 /**
1435 * tty_driver_remove_tty() - remove a tty from the driver tables
1436 * @driver: the driver for the tty
1437 * @idx: the minor number
1438 *
1439 * Remvoe a tty object from the driver tables. The tty->index field
1440 * will be set by the time this is called.
1441 *
1442 * Locking: tty_mutex for now
1443 */
tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1444 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1445 {
1446 if (driver->ops->remove)
1447 driver->ops->remove(driver, tty);
1448 else
1449 driver->ttys[tty->index] = NULL;
1450 }
1451
1452 /*
1453 * tty_reopen() - fast re-open of an open tty
1454 * @tty - the tty to open
1455 *
1456 * Return 0 on success, -errno on error.
1457 * Re-opens on master ptys are not allowed and return -EIO.
1458 *
1459 * Locking: Caller must hold tty_lock
1460 */
tty_reopen(struct tty_struct * tty)1461 static int tty_reopen(struct tty_struct *tty)
1462 {
1463 struct tty_driver *driver = tty->driver;
1464
1465 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1466 driver->subtype == PTY_TYPE_MASTER)
1467 return -EIO;
1468
1469 if (!tty->count)
1470 return -EAGAIN;
1471
1472 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1473 return -EBUSY;
1474
1475 tty->count++;
1476
1477 WARN_ON(!tty->ldisc);
1478
1479 return 0;
1480 }
1481
1482 /**
1483 * tty_init_dev - initialise a tty device
1484 * @driver: tty driver we are opening a device on
1485 * @idx: device index
1486 * @ret_tty: returned tty structure
1487 *
1488 * Prepare a tty device. This may not be a "new" clean device but
1489 * could also be an active device. The pty drivers require special
1490 * handling because of this.
1491 *
1492 * Locking:
1493 * The function is called under the tty_mutex, which
1494 * protects us from the tty struct or driver itself going away.
1495 *
1496 * On exit the tty device has the line discipline attached and
1497 * a reference count of 1. If a pair was created for pty/tty use
1498 * and the other was a pty master then it too has a reference count of 1.
1499 *
1500 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1501 * failed open. The new code protects the open with a mutex, so it's
1502 * really quite straightforward. The mutex locking can probably be
1503 * relaxed for the (most common) case of reopening a tty.
1504 */
1505
tty_init_dev(struct tty_driver * driver,int idx)1506 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1507 {
1508 struct tty_struct *tty;
1509 int retval;
1510
1511 /*
1512 * First time open is complex, especially for PTY devices.
1513 * This code guarantees that either everything succeeds and the
1514 * TTY is ready for operation, or else the table slots are vacated
1515 * and the allocated memory released. (Except that the termios
1516 * and locked termios may be retained.)
1517 */
1518
1519 if (!try_module_get(driver->owner))
1520 return ERR_PTR(-ENODEV);
1521
1522 tty = alloc_tty_struct(driver, idx);
1523 if (!tty) {
1524 retval = -ENOMEM;
1525 goto err_module_put;
1526 }
1527
1528 tty_lock(tty);
1529 retval = tty_driver_install_tty(driver, tty);
1530 if (retval < 0)
1531 goto err_deinit_tty;
1532
1533 if (!tty->port)
1534 tty->port = driver->ports[idx];
1535
1536 WARN_RATELIMIT(!tty->port,
1537 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1538 __func__, tty->driver->name);
1539
1540 tty->port->itty = tty;
1541
1542 /*
1543 * Structures all installed ... call the ldisc open routines.
1544 * If we fail here just call release_tty to clean up. No need
1545 * to decrement the use counts, as release_tty doesn't care.
1546 */
1547 retval = tty_ldisc_setup(tty, tty->link);
1548 if (retval)
1549 goto err_release_tty;
1550 /* Return the tty locked so that it cannot vanish under the caller */
1551 return tty;
1552
1553 err_deinit_tty:
1554 tty_unlock(tty);
1555 deinitialize_tty_struct(tty);
1556 free_tty_struct(tty);
1557 err_module_put:
1558 module_put(driver->owner);
1559 return ERR_PTR(retval);
1560
1561 /* call the tty release_tty routine to clean out this slot */
1562 err_release_tty:
1563 tty_unlock(tty);
1564 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1565 "clearing slot %d\n", idx);
1566 release_tty(tty, idx);
1567 return ERR_PTR(retval);
1568 }
1569
tty_free_termios(struct tty_struct * tty)1570 void tty_free_termios(struct tty_struct *tty)
1571 {
1572 struct ktermios *tp;
1573 int idx = tty->index;
1574
1575 /* If the port is going to reset then it has no termios to save */
1576 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1577 return;
1578
1579 /* Stash the termios data */
1580 tp = tty->driver->termios[idx];
1581 if (tp == NULL) {
1582 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1583 if (tp == NULL) {
1584 pr_warn("tty: no memory to save termios state.\n");
1585 return;
1586 }
1587 tty->driver->termios[idx] = tp;
1588 }
1589 *tp = tty->termios;
1590 }
1591 EXPORT_SYMBOL(tty_free_termios);
1592
1593 /**
1594 * tty_flush_works - flush all works of a tty/pty pair
1595 * @tty: tty device to flush works for (or either end of a pty pair)
1596 *
1597 * Sync flush all works belonging to @tty (and the 'other' tty).
1598 */
tty_flush_works(struct tty_struct * tty)1599 static void tty_flush_works(struct tty_struct *tty)
1600 {
1601 flush_work(&tty->SAK_work);
1602 flush_work(&tty->hangup_work);
1603 if (tty->link) {
1604 flush_work(&tty->link->SAK_work);
1605 flush_work(&tty->link->hangup_work);
1606 }
1607 }
1608
1609 /**
1610 * release_one_tty - release tty structure memory
1611 * @kref: kref of tty we are obliterating
1612 *
1613 * Releases memory associated with a tty structure, and clears out the
1614 * driver table slots. This function is called when a device is no longer
1615 * in use. It also gets called when setup of a device fails.
1616 *
1617 * Locking:
1618 * takes the file list lock internally when working on the list
1619 * of ttys that the driver keeps.
1620 *
1621 * This method gets called from a work queue so that the driver private
1622 * cleanup ops can sleep (needed for USB at least)
1623 */
release_one_tty(struct work_struct * work)1624 static void release_one_tty(struct work_struct *work)
1625 {
1626 struct tty_struct *tty =
1627 container_of(work, struct tty_struct, hangup_work);
1628 struct tty_driver *driver = tty->driver;
1629 struct module *owner = driver->owner;
1630
1631 if (tty->ops->cleanup)
1632 tty->ops->cleanup(tty);
1633
1634 tty->magic = 0;
1635 tty_driver_kref_put(driver);
1636 module_put(owner);
1637
1638 spin_lock(&tty_files_lock);
1639 list_del_init(&tty->tty_files);
1640 spin_unlock(&tty_files_lock);
1641
1642 put_pid(tty->pgrp);
1643 put_pid(tty->session);
1644 free_tty_struct(tty);
1645 }
1646
queue_release_one_tty(struct kref * kref)1647 static void queue_release_one_tty(struct kref *kref)
1648 {
1649 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1650
1651 /* The hangup queue is now free so we can reuse it rather than
1652 waste a chunk of memory for each port */
1653 INIT_WORK(&tty->hangup_work, release_one_tty);
1654 schedule_work(&tty->hangup_work);
1655 }
1656
1657 /**
1658 * tty_kref_put - release a tty kref
1659 * @tty: tty device
1660 *
1661 * Release a reference to a tty device and if need be let the kref
1662 * layer destruct the object for us
1663 */
1664
tty_kref_put(struct tty_struct * tty)1665 void tty_kref_put(struct tty_struct *tty)
1666 {
1667 if (tty)
1668 kref_put(&tty->kref, queue_release_one_tty);
1669 }
1670 EXPORT_SYMBOL(tty_kref_put);
1671
1672 /**
1673 * release_tty - release tty structure memory
1674 *
1675 * Release both @tty and a possible linked partner (think pty pair),
1676 * and decrement the refcount of the backing module.
1677 *
1678 * Locking:
1679 * tty_mutex
1680 * takes the file list lock internally when working on the list
1681 * of ttys that the driver keeps.
1682 *
1683 */
release_tty(struct tty_struct * tty,int idx)1684 static void release_tty(struct tty_struct *tty, int idx)
1685 {
1686 /* This should always be true but check for the moment */
1687 WARN_ON(tty->index != idx);
1688 WARN_ON(!mutex_is_locked(&tty_mutex));
1689 if (tty->ops->shutdown)
1690 tty->ops->shutdown(tty);
1691 tty_free_termios(tty);
1692 tty_driver_remove_tty(tty->driver, tty);
1693 tty->port->itty = NULL;
1694 if (tty->link)
1695 tty->link->port->itty = NULL;
1696 tty_buffer_cancel_work(tty->port);
1697
1698 tty_kref_put(tty->link);
1699 tty_kref_put(tty);
1700 }
1701
1702 /**
1703 * tty_release_checks - check a tty before real release
1704 * @tty: tty to check
1705 * @o_tty: link of @tty (if any)
1706 * @idx: index of the tty
1707 *
1708 * Performs some paranoid checking before true release of the @tty.
1709 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1710 */
tty_release_checks(struct tty_struct * tty,int idx)1711 static int tty_release_checks(struct tty_struct *tty, int idx)
1712 {
1713 #ifdef TTY_PARANOIA_CHECK
1714 if (idx < 0 || idx >= tty->driver->num) {
1715 tty_debug(tty, "bad idx %d\n", idx);
1716 return -1;
1717 }
1718
1719 /* not much to check for devpts */
1720 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1721 return 0;
1722
1723 if (tty != tty->driver->ttys[idx]) {
1724 tty_debug(tty, "bad driver table[%d] = %p\n",
1725 idx, tty->driver->ttys[idx]);
1726 return -1;
1727 }
1728 if (tty->driver->other) {
1729 struct tty_struct *o_tty = tty->link;
1730
1731 if (o_tty != tty->driver->other->ttys[idx]) {
1732 tty_debug(tty, "bad other table[%d] = %p\n",
1733 idx, tty->driver->other->ttys[idx]);
1734 return -1;
1735 }
1736 if (o_tty->link != tty) {
1737 tty_debug(tty, "bad link = %p\n", o_tty->link);
1738 return -1;
1739 }
1740 }
1741 #endif
1742 return 0;
1743 }
1744
1745 /**
1746 * tty_release - vfs callback for close
1747 * @inode: inode of tty
1748 * @filp: file pointer for handle to tty
1749 *
1750 * Called the last time each file handle is closed that references
1751 * this tty. There may however be several such references.
1752 *
1753 * Locking:
1754 * Takes bkl. See tty_release_dev
1755 *
1756 * Even releasing the tty structures is a tricky business.. We have
1757 * to be very careful that the structures are all released at the
1758 * same time, as interrupts might otherwise get the wrong pointers.
1759 *
1760 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1761 * lead to double frees or releasing memory still in use.
1762 */
1763
tty_release(struct inode * inode,struct file * filp)1764 int tty_release(struct inode *inode, struct file *filp)
1765 {
1766 struct tty_struct *tty = file_tty(filp);
1767 struct tty_struct *o_tty = NULL;
1768 int do_sleep, final;
1769 int idx;
1770 long timeout = 0;
1771 int once = 1;
1772
1773 if (tty_paranoia_check(tty, inode, __func__))
1774 return 0;
1775
1776 tty_lock(tty);
1777 check_tty_count(tty, __func__);
1778
1779 __tty_fasync(-1, filp, 0);
1780
1781 idx = tty->index;
1782 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1783 tty->driver->subtype == PTY_TYPE_MASTER)
1784 o_tty = tty->link;
1785
1786 if (tty_release_checks(tty, idx)) {
1787 tty_unlock(tty);
1788 return 0;
1789 }
1790
1791 tty_debug_hangup(tty, "(tty count=%d)...\n", tty->count);
1792
1793 if (tty->ops->close)
1794 tty->ops->close(tty, filp);
1795
1796 /* If tty is pty master, lock the slave pty (stable lock order) */
1797 tty_lock_slave(o_tty);
1798
1799 /*
1800 * Sanity check: if tty->count is going to zero, there shouldn't be
1801 * any waiters on tty->read_wait or tty->write_wait. We test the
1802 * wait queues and kick everyone out _before_ actually starting to
1803 * close. This ensures that we won't block while releasing the tty
1804 * structure.
1805 *
1806 * The test for the o_tty closing is necessary, since the master and
1807 * slave sides may close in any order. If the slave side closes out
1808 * first, its count will be one, since the master side holds an open.
1809 * Thus this test wouldn't be triggered at the time the slave closed,
1810 * so we do it now.
1811 */
1812 while (1) {
1813 do_sleep = 0;
1814
1815 if (tty->count <= 1) {
1816 if (waitqueue_active(&tty->read_wait)) {
1817 wake_up_poll(&tty->read_wait, POLLIN);
1818 do_sleep++;
1819 }
1820 if (waitqueue_active(&tty->write_wait)) {
1821 wake_up_poll(&tty->write_wait, POLLOUT);
1822 do_sleep++;
1823 }
1824 }
1825 if (o_tty && o_tty->count <= 1) {
1826 if (waitqueue_active(&o_tty->read_wait)) {
1827 wake_up_poll(&o_tty->read_wait, POLLIN);
1828 do_sleep++;
1829 }
1830 if (waitqueue_active(&o_tty->write_wait)) {
1831 wake_up_poll(&o_tty->write_wait, POLLOUT);
1832 do_sleep++;
1833 }
1834 }
1835 if (!do_sleep)
1836 break;
1837
1838 if (once) {
1839 once = 0;
1840 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1841 __func__, tty_name(tty));
1842 }
1843 schedule_timeout_killable(timeout);
1844 if (timeout < 120 * HZ)
1845 timeout = 2 * timeout + 1;
1846 else
1847 timeout = MAX_SCHEDULE_TIMEOUT;
1848 }
1849
1850 if (o_tty) {
1851 if (--o_tty->count < 0) {
1852 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1853 __func__, o_tty->count, tty_name(o_tty));
1854 o_tty->count = 0;
1855 }
1856 }
1857 if (--tty->count < 0) {
1858 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1859 __func__, tty->count, tty_name(tty));
1860 tty->count = 0;
1861 }
1862
1863 /*
1864 * We've decremented tty->count, so we need to remove this file
1865 * descriptor off the tty->tty_files list; this serves two
1866 * purposes:
1867 * - check_tty_count sees the correct number of file descriptors
1868 * associated with this tty.
1869 * - do_tty_hangup no longer sees this file descriptor as
1870 * something that needs to be handled for hangups.
1871 */
1872 tty_del_file(filp);
1873
1874 /*
1875 * Perform some housekeeping before deciding whether to return.
1876 *
1877 * If _either_ side is closing, make sure there aren't any
1878 * processes that still think tty or o_tty is their controlling
1879 * tty.
1880 */
1881 if (!tty->count) {
1882 read_lock(&tasklist_lock);
1883 session_clear_tty(tty->session);
1884 if (o_tty)
1885 session_clear_tty(o_tty->session);
1886 read_unlock(&tasklist_lock);
1887 }
1888
1889 /* check whether both sides are closing ... */
1890 final = !tty->count && !(o_tty && o_tty->count);
1891
1892 tty_unlock_slave(o_tty);
1893 tty_unlock(tty);
1894
1895 /* At this point, the tty->count == 0 should ensure a dead tty
1896 cannot be re-opened by a racing opener */
1897
1898 if (!final)
1899 return 0;
1900
1901 tty_debug_hangup(tty, "final close\n");
1902 /*
1903 * Ask the line discipline code to release its structures
1904 */
1905 tty_ldisc_release(tty);
1906
1907 /* Wait for pending work before tty destruction commmences */
1908 tty_flush_works(tty);
1909
1910 tty_debug_hangup(tty, "freeing structure...\n");
1911 /*
1912 * The release_tty function takes care of the details of clearing
1913 * the slots and preserving the termios structure. The tty_unlock_pair
1914 * should be safe as we keep a kref while the tty is locked (so the
1915 * unlock never unlocks a freed tty).
1916 */
1917 mutex_lock(&tty_mutex);
1918 release_tty(tty, idx);
1919 mutex_unlock(&tty_mutex);
1920
1921 return 0;
1922 }
1923
1924 /**
1925 * tty_open_current_tty - get locked tty of current task
1926 * @device: device number
1927 * @filp: file pointer to tty
1928 * @return: locked tty of the current task iff @device is /dev/tty
1929 *
1930 * Performs a re-open of the current task's controlling tty.
1931 *
1932 * We cannot return driver and index like for the other nodes because
1933 * devpts will not work then. It expects inodes to be from devpts FS.
1934 */
tty_open_current_tty(dev_t device,struct file * filp)1935 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1936 {
1937 struct tty_struct *tty;
1938 int retval;
1939
1940 if (device != MKDEV(TTYAUX_MAJOR, 0))
1941 return NULL;
1942
1943 tty = get_current_tty();
1944 if (!tty)
1945 return ERR_PTR(-ENXIO);
1946
1947 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1948 /* noctty = 1; */
1949 tty_lock(tty);
1950 tty_kref_put(tty); /* safe to drop the kref now */
1951
1952 retval = tty_reopen(tty);
1953 if (retval < 0) {
1954 tty_unlock(tty);
1955 tty = ERR_PTR(retval);
1956 }
1957 return tty;
1958 }
1959
1960 /**
1961 * tty_lookup_driver - lookup a tty driver for a given device file
1962 * @device: device number
1963 * @filp: file pointer to tty
1964 * @noctty: set if the device should not become a controlling tty
1965 * @index: index for the device in the @return driver
1966 * @return: driver for this inode (with increased refcount)
1967 *
1968 * If @return is not erroneous, the caller is responsible to decrement the
1969 * refcount by tty_driver_kref_put.
1970 *
1971 * Locking: tty_mutex protects get_tty_driver
1972 */
tty_lookup_driver(dev_t device,struct file * filp,int * noctty,int * index)1973 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1974 int *noctty, int *index)
1975 {
1976 struct tty_driver *driver;
1977
1978 switch (device) {
1979 #ifdef CONFIG_VT
1980 case MKDEV(TTY_MAJOR, 0): {
1981 extern struct tty_driver *console_driver;
1982 driver = tty_driver_kref_get(console_driver);
1983 *index = fg_console;
1984 *noctty = 1;
1985 break;
1986 }
1987 #endif
1988 case MKDEV(TTYAUX_MAJOR, 1): {
1989 struct tty_driver *console_driver = console_device(index);
1990 if (console_driver) {
1991 driver = tty_driver_kref_get(console_driver);
1992 if (driver) {
1993 /* Don't let /dev/console block */
1994 filp->f_flags |= O_NONBLOCK;
1995 *noctty = 1;
1996 break;
1997 }
1998 }
1999 return ERR_PTR(-ENODEV);
2000 }
2001 default:
2002 driver = get_tty_driver(device, index);
2003 if (!driver)
2004 return ERR_PTR(-ENODEV);
2005 break;
2006 }
2007 return driver;
2008 }
2009
2010 /**
2011 * tty_open - open a tty device
2012 * @inode: inode of device file
2013 * @filp: file pointer to tty
2014 *
2015 * tty_open and tty_release keep up the tty count that contains the
2016 * number of opens done on a tty. We cannot use the inode-count, as
2017 * different inodes might point to the same tty.
2018 *
2019 * Open-counting is needed for pty masters, as well as for keeping
2020 * track of serial lines: DTR is dropped when the last close happens.
2021 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2022 *
2023 * The termios state of a pty is reset on first open so that
2024 * settings don't persist across reuse.
2025 *
2026 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2027 * tty->count should protect the rest.
2028 * ->siglock protects ->signal/->sighand
2029 *
2030 * Note: the tty_unlock/lock cases without a ref are only safe due to
2031 * tty_mutex
2032 */
2033
tty_open(struct inode * inode,struct file * filp)2034 static int tty_open(struct inode *inode, struct file *filp)
2035 {
2036 struct tty_struct *tty;
2037 int noctty, retval;
2038 struct tty_driver *driver = NULL;
2039 int index;
2040 dev_t device = inode->i_rdev;
2041 unsigned saved_flags = filp->f_flags;
2042
2043 nonseekable_open(inode, filp);
2044
2045 retry_open:
2046 retval = tty_alloc_file(filp);
2047 if (retval)
2048 return -ENOMEM;
2049
2050 noctty = filp->f_flags & O_NOCTTY;
2051 index = -1;
2052 retval = 0;
2053
2054 tty = tty_open_current_tty(device, filp);
2055 if (!tty) {
2056 mutex_lock(&tty_mutex);
2057 driver = tty_lookup_driver(device, filp, &noctty, &index);
2058 if (IS_ERR(driver)) {
2059 retval = PTR_ERR(driver);
2060 goto err_unlock;
2061 }
2062
2063 /* check whether we're reopening an existing tty */
2064 tty = tty_driver_lookup_tty(driver, inode, index);
2065 if (IS_ERR(tty)) {
2066 retval = PTR_ERR(tty);
2067 goto err_unlock;
2068 }
2069
2070 if (tty) {
2071 mutex_unlock(&tty_mutex);
2072 retval = tty_lock_interruptible(tty);
2073 if (retval) {
2074 if (retval == -EINTR)
2075 retval = -ERESTARTSYS;
2076 goto err_unref;
2077 }
2078 /* safe to drop the kref from tty_driver_lookup_tty() */
2079 tty_kref_put(tty);
2080 retval = tty_reopen(tty);
2081 if (retval < 0) {
2082 tty_unlock(tty);
2083 tty = ERR_PTR(retval);
2084 }
2085 } else { /* Returns with the tty_lock held for now */
2086 tty = tty_init_dev(driver, index);
2087 mutex_unlock(&tty_mutex);
2088 }
2089
2090 tty_driver_kref_put(driver);
2091 }
2092
2093 if (IS_ERR(tty)) {
2094 retval = PTR_ERR(tty);
2095 if (retval != -EAGAIN || signal_pending(current))
2096 goto err_file;
2097 tty_free_file(filp);
2098 schedule();
2099 goto retry_open;
2100 }
2101
2102 tty_add_file(tty, filp);
2103
2104 check_tty_count(tty, __func__);
2105 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2106 tty->driver->subtype == PTY_TYPE_MASTER)
2107 noctty = 1;
2108
2109 tty_debug_hangup(tty, "(tty count=%d)\n", tty->count);
2110
2111 if (tty->ops->open)
2112 retval = tty->ops->open(tty, filp);
2113 else
2114 retval = -ENODEV;
2115 filp->f_flags = saved_flags;
2116
2117 if (retval) {
2118 tty_debug_hangup(tty, "error %d, releasing...\n", retval);
2119
2120 tty_unlock(tty); /* need to call tty_release without BTM */
2121 tty_release(inode, filp);
2122 if (retval != -ERESTARTSYS)
2123 return retval;
2124
2125 if (signal_pending(current))
2126 return retval;
2127
2128 schedule();
2129 /*
2130 * Need to reset f_op in case a hangup happened.
2131 */
2132 if (tty_hung_up_p(filp))
2133 filp->f_op = &tty_fops;
2134 goto retry_open;
2135 }
2136 clear_bit(TTY_HUPPED, &tty->flags);
2137
2138
2139 read_lock(&tasklist_lock);
2140 spin_lock_irq(¤t->sighand->siglock);
2141 if (!noctty &&
2142 current->signal->leader &&
2143 !current->signal->tty &&
2144 tty->session == NULL) {
2145 /*
2146 * Don't let a process that only has write access to the tty
2147 * obtain the privileges associated with having a tty as
2148 * controlling terminal (being able to reopen it with full
2149 * access through /dev/tty, being able to perform pushback).
2150 * Many distributions set the group of all ttys to "tty" and
2151 * grant write-only access to all terminals for setgid tty
2152 * binaries, which should not imply full privileges on all ttys.
2153 *
2154 * This could theoretically break old code that performs open()
2155 * on a write-only file descriptor. In that case, it might be
2156 * necessary to also permit this if
2157 * inode_permission(inode, MAY_READ) == 0.
2158 */
2159 if (filp->f_mode & FMODE_READ)
2160 __proc_set_tty(tty);
2161 }
2162 spin_unlock_irq(¤t->sighand->siglock);
2163 read_unlock(&tasklist_lock);
2164 tty_unlock(tty);
2165 return 0;
2166 err_unlock:
2167 mutex_unlock(&tty_mutex);
2168 err_unref:
2169 /* after locks to avoid deadlock */
2170 if (!IS_ERR_OR_NULL(driver))
2171 tty_driver_kref_put(driver);
2172 err_file:
2173 tty_free_file(filp);
2174 return retval;
2175 }
2176
2177
2178
2179 /**
2180 * tty_poll - check tty status
2181 * @filp: file being polled
2182 * @wait: poll wait structures to update
2183 *
2184 * Call the line discipline polling method to obtain the poll
2185 * status of the device.
2186 *
2187 * Locking: locks called line discipline but ldisc poll method
2188 * may be re-entered freely by other callers.
2189 */
2190
tty_poll(struct file * filp,poll_table * wait)2191 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2192 {
2193 struct tty_struct *tty = file_tty(filp);
2194 struct tty_ldisc *ld;
2195 int ret = 0;
2196
2197 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2198 return 0;
2199
2200 ld = tty_ldisc_ref_wait(tty);
2201 if (ld->ops->poll)
2202 ret = ld->ops->poll(tty, filp, wait);
2203 tty_ldisc_deref(ld);
2204 return ret;
2205 }
2206
__tty_fasync(int fd,struct file * filp,int on)2207 static int __tty_fasync(int fd, struct file *filp, int on)
2208 {
2209 struct tty_struct *tty = file_tty(filp);
2210 struct tty_ldisc *ldisc;
2211 unsigned long flags;
2212 int retval = 0;
2213
2214 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2215 goto out;
2216
2217 retval = fasync_helper(fd, filp, on, &tty->fasync);
2218 if (retval <= 0)
2219 goto out;
2220
2221 ldisc = tty_ldisc_ref(tty);
2222 if (ldisc) {
2223 if (ldisc->ops->fasync)
2224 ldisc->ops->fasync(tty, on);
2225 tty_ldisc_deref(ldisc);
2226 }
2227
2228 if (on) {
2229 enum pid_type type;
2230 struct pid *pid;
2231
2232 spin_lock_irqsave(&tty->ctrl_lock, flags);
2233 if (tty->pgrp) {
2234 pid = tty->pgrp;
2235 type = PIDTYPE_PGID;
2236 } else {
2237 pid = task_pid(current);
2238 type = PIDTYPE_PID;
2239 }
2240 get_pid(pid);
2241 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2242 __f_setown(filp, pid, type, 0);
2243 put_pid(pid);
2244 retval = 0;
2245 }
2246 out:
2247 return retval;
2248 }
2249
tty_fasync(int fd,struct file * filp,int on)2250 static int tty_fasync(int fd, struct file *filp, int on)
2251 {
2252 struct tty_struct *tty = file_tty(filp);
2253 int retval;
2254
2255 tty_lock(tty);
2256 retval = __tty_fasync(fd, filp, on);
2257 tty_unlock(tty);
2258
2259 return retval;
2260 }
2261
2262 /**
2263 * tiocsti - fake input character
2264 * @tty: tty to fake input into
2265 * @p: pointer to character
2266 *
2267 * Fake input to a tty device. Does the necessary locking and
2268 * input management.
2269 *
2270 * FIXME: does not honour flow control ??
2271 *
2272 * Locking:
2273 * Called functions take tty_ldiscs_lock
2274 * current->signal->tty check is safe without locks
2275 *
2276 * FIXME: may race normal receive processing
2277 */
2278
tiocsti(struct tty_struct * tty,char __user * p)2279 static int tiocsti(struct tty_struct *tty, char __user *p)
2280 {
2281 char ch, mbz = 0;
2282 struct tty_ldisc *ld;
2283
2284 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2285 return -EPERM;
2286 if (get_user(ch, p))
2287 return -EFAULT;
2288 tty_audit_tiocsti(tty, ch);
2289 ld = tty_ldisc_ref_wait(tty);
2290 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2291 tty_ldisc_deref(ld);
2292 return 0;
2293 }
2294
2295 /**
2296 * tiocgwinsz - implement window query ioctl
2297 * @tty; tty
2298 * @arg: user buffer for result
2299 *
2300 * Copies the kernel idea of the window size into the user buffer.
2301 *
2302 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2303 * is consistent.
2304 */
2305
tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2306 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2307 {
2308 int err;
2309
2310 mutex_lock(&tty->winsize_mutex);
2311 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2312 mutex_unlock(&tty->winsize_mutex);
2313
2314 return err ? -EFAULT: 0;
2315 }
2316
2317 /**
2318 * tty_do_resize - resize event
2319 * @tty: tty being resized
2320 * @rows: rows (character)
2321 * @cols: cols (character)
2322 *
2323 * Update the termios variables and send the necessary signals to
2324 * peform a terminal resize correctly
2325 */
2326
tty_do_resize(struct tty_struct * tty,struct winsize * ws)2327 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2328 {
2329 struct pid *pgrp;
2330
2331 /* Lock the tty */
2332 mutex_lock(&tty->winsize_mutex);
2333 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2334 goto done;
2335
2336 /* Signal the foreground process group */
2337 pgrp = tty_get_pgrp(tty);
2338 if (pgrp)
2339 kill_pgrp(pgrp, SIGWINCH, 1);
2340 put_pid(pgrp);
2341
2342 tty->winsize = *ws;
2343 done:
2344 mutex_unlock(&tty->winsize_mutex);
2345 return 0;
2346 }
2347 EXPORT_SYMBOL(tty_do_resize);
2348
2349 /**
2350 * tiocswinsz - implement window size set ioctl
2351 * @tty; tty side of tty
2352 * @arg: user buffer for result
2353 *
2354 * Copies the user idea of the window size to the kernel. Traditionally
2355 * this is just advisory information but for the Linux console it
2356 * actually has driver level meaning and triggers a VC resize.
2357 *
2358 * Locking:
2359 * Driver dependent. The default do_resize method takes the
2360 * tty termios mutex and ctrl_lock. The console takes its own lock
2361 * then calls into the default method.
2362 */
2363
tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2364 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2365 {
2366 struct winsize tmp_ws;
2367 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2368 return -EFAULT;
2369
2370 if (tty->ops->resize)
2371 return tty->ops->resize(tty, &tmp_ws);
2372 else
2373 return tty_do_resize(tty, &tmp_ws);
2374 }
2375
2376 /**
2377 * tioccons - allow admin to move logical console
2378 * @file: the file to become console
2379 *
2380 * Allow the administrator to move the redirected console device
2381 *
2382 * Locking: uses redirect_lock to guard the redirect information
2383 */
2384
tioccons(struct file * file)2385 static int tioccons(struct file *file)
2386 {
2387 if (!capable(CAP_SYS_ADMIN))
2388 return -EPERM;
2389 if (file->f_op->write == redirected_tty_write) {
2390 struct file *f;
2391 spin_lock(&redirect_lock);
2392 f = redirect;
2393 redirect = NULL;
2394 spin_unlock(&redirect_lock);
2395 if (f)
2396 fput(f);
2397 return 0;
2398 }
2399 spin_lock(&redirect_lock);
2400 if (redirect) {
2401 spin_unlock(&redirect_lock);
2402 return -EBUSY;
2403 }
2404 redirect = get_file(file);
2405 spin_unlock(&redirect_lock);
2406 return 0;
2407 }
2408
2409 /**
2410 * fionbio - non blocking ioctl
2411 * @file: file to set blocking value
2412 * @p: user parameter
2413 *
2414 * Historical tty interfaces had a blocking control ioctl before
2415 * the generic functionality existed. This piece of history is preserved
2416 * in the expected tty API of posix OS's.
2417 *
2418 * Locking: none, the open file handle ensures it won't go away.
2419 */
2420
fionbio(struct file * file,int __user * p)2421 static int fionbio(struct file *file, int __user *p)
2422 {
2423 int nonblock;
2424
2425 if (get_user(nonblock, p))
2426 return -EFAULT;
2427
2428 spin_lock(&file->f_lock);
2429 if (nonblock)
2430 file->f_flags |= O_NONBLOCK;
2431 else
2432 file->f_flags &= ~O_NONBLOCK;
2433 spin_unlock(&file->f_lock);
2434 return 0;
2435 }
2436
2437 /**
2438 * tiocsctty - set controlling tty
2439 * @tty: tty structure
2440 * @arg: user argument
2441 *
2442 * This ioctl is used to manage job control. It permits a session
2443 * leader to set this tty as the controlling tty for the session.
2444 *
2445 * Locking:
2446 * Takes tty_lock() to serialize proc_set_tty() for this tty
2447 * Takes tasklist_lock internally to walk sessions
2448 * Takes ->siglock() when updating signal->tty
2449 */
2450
tiocsctty(struct tty_struct * tty,struct file * file,int arg)2451 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
2452 {
2453 int ret = 0;
2454
2455 tty_lock(tty);
2456 read_lock(&tasklist_lock);
2457
2458 if (current->signal->leader && (task_session(current) == tty->session))
2459 goto unlock;
2460
2461 /*
2462 * The process must be a session leader and
2463 * not have a controlling tty already.
2464 */
2465 if (!current->signal->leader || current->signal->tty) {
2466 ret = -EPERM;
2467 goto unlock;
2468 }
2469
2470 if (tty->session) {
2471 /*
2472 * This tty is already the controlling
2473 * tty for another session group!
2474 */
2475 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2476 /*
2477 * Steal it away
2478 */
2479 session_clear_tty(tty->session);
2480 } else {
2481 ret = -EPERM;
2482 goto unlock;
2483 }
2484 }
2485
2486 /* See the comment in tty_open(). */
2487 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
2488 ret = -EPERM;
2489 goto unlock;
2490 }
2491
2492 proc_set_tty(tty);
2493 unlock:
2494 read_unlock(&tasklist_lock);
2495 tty_unlock(tty);
2496 return ret;
2497 }
2498
2499 /**
2500 * tty_get_pgrp - return a ref counted pgrp pid
2501 * @tty: tty to read
2502 *
2503 * Returns a refcounted instance of the pid struct for the process
2504 * group controlling the tty.
2505 */
2506
tty_get_pgrp(struct tty_struct * tty)2507 struct pid *tty_get_pgrp(struct tty_struct *tty)
2508 {
2509 unsigned long flags;
2510 struct pid *pgrp;
2511
2512 spin_lock_irqsave(&tty->ctrl_lock, flags);
2513 pgrp = get_pid(tty->pgrp);
2514 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2515
2516 return pgrp;
2517 }
2518 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2519
2520 /*
2521 * This checks not only the pgrp, but falls back on the pid if no
2522 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
2523 * without this...
2524 *
2525 * The caller must hold rcu lock or the tasklist lock.
2526 */
session_of_pgrp(struct pid * pgrp)2527 static struct pid *session_of_pgrp(struct pid *pgrp)
2528 {
2529 struct task_struct *p;
2530 struct pid *sid = NULL;
2531
2532 p = pid_task(pgrp, PIDTYPE_PGID);
2533 if (p == NULL)
2534 p = pid_task(pgrp, PIDTYPE_PID);
2535 if (p != NULL)
2536 sid = task_session(p);
2537
2538 return sid;
2539 }
2540
2541 /**
2542 * tiocgpgrp - get process group
2543 * @tty: tty passed by user
2544 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2545 * @p: returned pid
2546 *
2547 * Obtain the process group of the tty. If there is no process group
2548 * return an error.
2549 *
2550 * Locking: none. Reference to current->signal->tty is safe.
2551 */
2552
tiocgpgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2553 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2554 {
2555 struct pid *pid;
2556 int ret;
2557 /*
2558 * (tty == real_tty) is a cheap way of
2559 * testing if the tty is NOT a master pty.
2560 */
2561 if (tty == real_tty && current->signal->tty != real_tty)
2562 return -ENOTTY;
2563 pid = tty_get_pgrp(real_tty);
2564 ret = put_user(pid_vnr(pid), p);
2565 put_pid(pid);
2566 return ret;
2567 }
2568
2569 /**
2570 * tiocspgrp - attempt to set process group
2571 * @tty: tty passed by user
2572 * @real_tty: tty side device matching tty passed by user
2573 * @p: pid pointer
2574 *
2575 * Set the process group of the tty to the session passed. Only
2576 * permitted where the tty session is our session.
2577 *
2578 * Locking: RCU, ctrl lock
2579 */
2580
tiocspgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2581 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2582 {
2583 struct pid *pgrp;
2584 pid_t pgrp_nr;
2585 int retval = tty_check_change(real_tty);
2586
2587 if (retval == -EIO)
2588 return -ENOTTY;
2589 if (retval)
2590 return retval;
2591 if (!current->signal->tty ||
2592 (current->signal->tty != real_tty) ||
2593 (real_tty->session != task_session(current)))
2594 return -ENOTTY;
2595 if (get_user(pgrp_nr, p))
2596 return -EFAULT;
2597 if (pgrp_nr < 0)
2598 return -EINVAL;
2599 rcu_read_lock();
2600 pgrp = find_vpid(pgrp_nr);
2601 retval = -ESRCH;
2602 if (!pgrp)
2603 goto out_unlock;
2604 retval = -EPERM;
2605 if (session_of_pgrp(pgrp) != task_session(current))
2606 goto out_unlock;
2607 retval = 0;
2608 spin_lock_irq(&tty->ctrl_lock);
2609 put_pid(real_tty->pgrp);
2610 real_tty->pgrp = get_pid(pgrp);
2611 spin_unlock_irq(&tty->ctrl_lock);
2612 out_unlock:
2613 rcu_read_unlock();
2614 return retval;
2615 }
2616
2617 /**
2618 * tiocgsid - get session id
2619 * @tty: tty passed by user
2620 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2621 * @p: pointer to returned session id
2622 *
2623 * Obtain the session id of the tty. If there is no session
2624 * return an error.
2625 *
2626 * Locking: none. Reference to current->signal->tty is safe.
2627 */
2628
tiocgsid(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2629 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2630 {
2631 /*
2632 * (tty == real_tty) is a cheap way of
2633 * testing if the tty is NOT a master pty.
2634 */
2635 if (tty == real_tty && current->signal->tty != real_tty)
2636 return -ENOTTY;
2637 if (!real_tty->session)
2638 return -ENOTTY;
2639 return put_user(pid_vnr(real_tty->session), p);
2640 }
2641
2642 /**
2643 * tiocsetd - set line discipline
2644 * @tty: tty device
2645 * @p: pointer to user data
2646 *
2647 * Set the line discipline according to user request.
2648 *
2649 * Locking: see tty_set_ldisc, this function is just a helper
2650 */
2651
tiocsetd(struct tty_struct * tty,int __user * p)2652 static int tiocsetd(struct tty_struct *tty, int __user *p)
2653 {
2654 int ldisc;
2655 int ret;
2656
2657 if (get_user(ldisc, p))
2658 return -EFAULT;
2659
2660 ret = tty_set_ldisc(tty, ldisc);
2661
2662 return ret;
2663 }
2664
2665 /**
2666 * tiocgetd - get line discipline
2667 * @tty: tty device
2668 * @p: pointer to user data
2669 *
2670 * Retrieves the line discipline id directly from the ldisc.
2671 *
2672 * Locking: waits for ldisc reference (in case the line discipline
2673 * is changing or the tty is being hungup)
2674 */
2675
tiocgetd(struct tty_struct * tty,int __user * p)2676 static int tiocgetd(struct tty_struct *tty, int __user *p)
2677 {
2678 struct tty_ldisc *ld;
2679 int ret;
2680
2681 ld = tty_ldisc_ref_wait(tty);
2682 ret = put_user(ld->ops->num, p);
2683 tty_ldisc_deref(ld);
2684 return ret;
2685 }
2686
2687 /**
2688 * send_break - performed time break
2689 * @tty: device to break on
2690 * @duration: timeout in mS
2691 *
2692 * Perform a timed break on hardware that lacks its own driver level
2693 * timed break functionality.
2694 *
2695 * Locking:
2696 * atomic_write_lock serializes
2697 *
2698 */
2699
send_break(struct tty_struct * tty,unsigned int duration)2700 static int send_break(struct tty_struct *tty, unsigned int duration)
2701 {
2702 int retval;
2703
2704 if (tty->ops->break_ctl == NULL)
2705 return 0;
2706
2707 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2708 retval = tty->ops->break_ctl(tty, duration);
2709 else {
2710 /* Do the work ourselves */
2711 if (tty_write_lock(tty, 0) < 0)
2712 return -EINTR;
2713 retval = tty->ops->break_ctl(tty, -1);
2714 if (retval)
2715 goto out;
2716 if (!signal_pending(current))
2717 msleep_interruptible(duration);
2718 retval = tty->ops->break_ctl(tty, 0);
2719 out:
2720 tty_write_unlock(tty);
2721 if (signal_pending(current))
2722 retval = -EINTR;
2723 }
2724 return retval;
2725 }
2726
2727 /**
2728 * tty_tiocmget - get modem status
2729 * @tty: tty device
2730 * @file: user file pointer
2731 * @p: pointer to result
2732 *
2733 * Obtain the modem status bits from the tty driver if the feature
2734 * is supported. Return -EINVAL if it is not available.
2735 *
2736 * Locking: none (up to the driver)
2737 */
2738
tty_tiocmget(struct tty_struct * tty,int __user * p)2739 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2740 {
2741 int retval = -EINVAL;
2742
2743 if (tty->ops->tiocmget) {
2744 retval = tty->ops->tiocmget(tty);
2745
2746 if (retval >= 0)
2747 retval = put_user(retval, p);
2748 }
2749 return retval;
2750 }
2751
2752 /**
2753 * tty_tiocmset - set modem status
2754 * @tty: tty device
2755 * @cmd: command - clear bits, set bits or set all
2756 * @p: pointer to desired bits
2757 *
2758 * Set the modem status bits from the tty driver if the feature
2759 * is supported. Return -EINVAL if it is not available.
2760 *
2761 * Locking: none (up to the driver)
2762 */
2763
tty_tiocmset(struct tty_struct * tty,unsigned int cmd,unsigned __user * p)2764 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2765 unsigned __user *p)
2766 {
2767 int retval;
2768 unsigned int set, clear, val;
2769
2770 if (tty->ops->tiocmset == NULL)
2771 return -EINVAL;
2772
2773 retval = get_user(val, p);
2774 if (retval)
2775 return retval;
2776 set = clear = 0;
2777 switch (cmd) {
2778 case TIOCMBIS:
2779 set = val;
2780 break;
2781 case TIOCMBIC:
2782 clear = val;
2783 break;
2784 case TIOCMSET:
2785 set = val;
2786 clear = ~val;
2787 break;
2788 }
2789 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2790 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2791 return tty->ops->tiocmset(tty, set, clear);
2792 }
2793
tty_tiocgicount(struct tty_struct * tty,void __user * arg)2794 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2795 {
2796 int retval = -EINVAL;
2797 struct serial_icounter_struct icount;
2798 memset(&icount, 0, sizeof(icount));
2799 if (tty->ops->get_icount)
2800 retval = tty->ops->get_icount(tty, &icount);
2801 if (retval != 0)
2802 return retval;
2803 if (copy_to_user(arg, &icount, sizeof(icount)))
2804 return -EFAULT;
2805 return 0;
2806 }
2807
tty_warn_deprecated_flags(struct serial_struct __user * ss)2808 static void tty_warn_deprecated_flags(struct serial_struct __user *ss)
2809 {
2810 static DEFINE_RATELIMIT_STATE(depr_flags,
2811 DEFAULT_RATELIMIT_INTERVAL,
2812 DEFAULT_RATELIMIT_BURST);
2813 char comm[TASK_COMM_LEN];
2814 int flags;
2815
2816 if (get_user(flags, &ss->flags))
2817 return;
2818
2819 flags &= ASYNC_DEPRECATED;
2820
2821 if (flags && __ratelimit(&depr_flags))
2822 pr_warning("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2823 __func__, get_task_comm(comm, current), flags);
2824 }
2825
2826 /*
2827 * if pty, return the slave side (real_tty)
2828 * otherwise, return self
2829 */
tty_pair_get_tty(struct tty_struct * tty)2830 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2831 {
2832 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2833 tty->driver->subtype == PTY_TYPE_MASTER)
2834 tty = tty->link;
2835 return tty;
2836 }
2837
2838 /*
2839 * Split this up, as gcc can choke on it otherwise..
2840 */
tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2841 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2842 {
2843 struct tty_struct *tty = file_tty(file);
2844 struct tty_struct *real_tty;
2845 void __user *p = (void __user *)arg;
2846 int retval;
2847 struct tty_ldisc *ld;
2848
2849 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2850 return -EINVAL;
2851
2852 real_tty = tty_pair_get_tty(tty);
2853
2854 /*
2855 * Factor out some common prep work
2856 */
2857 switch (cmd) {
2858 case TIOCSETD:
2859 case TIOCSBRK:
2860 case TIOCCBRK:
2861 case TCSBRK:
2862 case TCSBRKP:
2863 retval = tty_check_change(tty);
2864 if (retval)
2865 return retval;
2866 if (cmd != TIOCCBRK) {
2867 tty_wait_until_sent(tty, 0);
2868 if (signal_pending(current))
2869 return -EINTR;
2870 }
2871 break;
2872 }
2873
2874 /*
2875 * Now do the stuff.
2876 */
2877 switch (cmd) {
2878 case TIOCSTI:
2879 return tiocsti(tty, p);
2880 case TIOCGWINSZ:
2881 return tiocgwinsz(real_tty, p);
2882 case TIOCSWINSZ:
2883 return tiocswinsz(real_tty, p);
2884 case TIOCCONS:
2885 return real_tty != tty ? -EINVAL : tioccons(file);
2886 case FIONBIO:
2887 return fionbio(file, p);
2888 case TIOCEXCL:
2889 set_bit(TTY_EXCLUSIVE, &tty->flags);
2890 return 0;
2891 case TIOCNXCL:
2892 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2893 return 0;
2894 case TIOCGEXCL:
2895 {
2896 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2897 return put_user(excl, (int __user *)p);
2898 }
2899 case TIOCNOTTY:
2900 if (current->signal->tty != tty)
2901 return -ENOTTY;
2902 no_tty();
2903 return 0;
2904 case TIOCSCTTY:
2905 return tiocsctty(tty, file, arg);
2906 case TIOCGPGRP:
2907 return tiocgpgrp(tty, real_tty, p);
2908 case TIOCSPGRP:
2909 return tiocspgrp(tty, real_tty, p);
2910 case TIOCGSID:
2911 return tiocgsid(tty, real_tty, p);
2912 case TIOCGETD:
2913 return tiocgetd(tty, p);
2914 case TIOCSETD:
2915 return tiocsetd(tty, p);
2916 case TIOCVHANGUP:
2917 if (!capable(CAP_SYS_ADMIN))
2918 return -EPERM;
2919 tty_vhangup(tty);
2920 return 0;
2921 case TIOCGDEV:
2922 {
2923 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2924 return put_user(ret, (unsigned int __user *)p);
2925 }
2926 /*
2927 * Break handling
2928 */
2929 case TIOCSBRK: /* Turn break on, unconditionally */
2930 if (tty->ops->break_ctl)
2931 return tty->ops->break_ctl(tty, -1);
2932 return 0;
2933 case TIOCCBRK: /* Turn break off, unconditionally */
2934 if (tty->ops->break_ctl)
2935 return tty->ops->break_ctl(tty, 0);
2936 return 0;
2937 case TCSBRK: /* SVID version: non-zero arg --> no break */
2938 /* non-zero arg means wait for all output data
2939 * to be sent (performed above) but don't send break.
2940 * This is used by the tcdrain() termios function.
2941 */
2942 if (!arg)
2943 return send_break(tty, 250);
2944 return 0;
2945 case TCSBRKP: /* support for POSIX tcsendbreak() */
2946 return send_break(tty, arg ? arg*100 : 250);
2947
2948 case TIOCMGET:
2949 return tty_tiocmget(tty, p);
2950 case TIOCMSET:
2951 case TIOCMBIC:
2952 case TIOCMBIS:
2953 return tty_tiocmset(tty, cmd, p);
2954 case TIOCGICOUNT:
2955 retval = tty_tiocgicount(tty, p);
2956 /* For the moment allow fall through to the old method */
2957 if (retval != -EINVAL)
2958 return retval;
2959 break;
2960 case TCFLSH:
2961 switch (arg) {
2962 case TCIFLUSH:
2963 case TCIOFLUSH:
2964 /* flush tty buffer and allow ldisc to process ioctl */
2965 tty_buffer_flush(tty, NULL);
2966 break;
2967 }
2968 break;
2969 case TIOCSSERIAL:
2970 tty_warn_deprecated_flags(p);
2971 break;
2972 }
2973 if (tty->ops->ioctl) {
2974 retval = tty->ops->ioctl(tty, cmd, arg);
2975 if (retval != -ENOIOCTLCMD)
2976 return retval;
2977 }
2978 ld = tty_ldisc_ref_wait(tty);
2979 retval = -EINVAL;
2980 if (ld->ops->ioctl) {
2981 retval = ld->ops->ioctl(tty, file, cmd, arg);
2982 if (retval == -ENOIOCTLCMD)
2983 retval = -ENOTTY;
2984 }
2985 tty_ldisc_deref(ld);
2986 return retval;
2987 }
2988
2989 #ifdef CONFIG_COMPAT
tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2990 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2991 unsigned long arg)
2992 {
2993 struct tty_struct *tty = file_tty(file);
2994 struct tty_ldisc *ld;
2995 int retval = -ENOIOCTLCMD;
2996
2997 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2998 return -EINVAL;
2999
3000 if (tty->ops->compat_ioctl) {
3001 retval = tty->ops->compat_ioctl(tty, cmd, arg);
3002 if (retval != -ENOIOCTLCMD)
3003 return retval;
3004 }
3005
3006 ld = tty_ldisc_ref_wait(tty);
3007 if (ld->ops->compat_ioctl)
3008 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
3009 else
3010 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
3011 tty_ldisc_deref(ld);
3012
3013 return retval;
3014 }
3015 #endif
3016
this_tty(const void * t,struct file * file,unsigned fd)3017 static int this_tty(const void *t, struct file *file, unsigned fd)
3018 {
3019 if (likely(file->f_op->read != tty_read))
3020 return 0;
3021 return file_tty(file) != t ? 0 : fd + 1;
3022 }
3023
3024 /*
3025 * This implements the "Secure Attention Key" --- the idea is to
3026 * prevent trojan horses by killing all processes associated with this
3027 * tty when the user hits the "Secure Attention Key". Required for
3028 * super-paranoid applications --- see the Orange Book for more details.
3029 *
3030 * This code could be nicer; ideally it should send a HUP, wait a few
3031 * seconds, then send a INT, and then a KILL signal. But you then
3032 * have to coordinate with the init process, since all processes associated
3033 * with the current tty must be dead before the new getty is allowed
3034 * to spawn.
3035 *
3036 * Now, if it would be correct ;-/ The current code has a nasty hole -
3037 * it doesn't catch files in flight. We may send the descriptor to ourselves
3038 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3039 *
3040 * Nasty bug: do_SAK is being called in interrupt context. This can
3041 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3042 */
__do_SAK(struct tty_struct * tty)3043 void __do_SAK(struct tty_struct *tty)
3044 {
3045 #ifdef TTY_SOFT_SAK
3046 tty_hangup(tty);
3047 #else
3048 struct task_struct *g, *p;
3049 struct pid *session;
3050 int i;
3051
3052 if (!tty)
3053 return;
3054 session = tty->session;
3055
3056 tty_ldisc_flush(tty);
3057
3058 tty_driver_flush_buffer(tty);
3059
3060 read_lock(&tasklist_lock);
3061 /* Kill the entire session */
3062 do_each_pid_task(session, PIDTYPE_SID, p) {
3063 printk(KERN_NOTICE "SAK: killed process %d"
3064 " (%s): task_session(p)==tty->session\n",
3065 task_pid_nr(p), p->comm);
3066 send_sig(SIGKILL, p, 1);
3067 } while_each_pid_task(session, PIDTYPE_SID, p);
3068 /* Now kill any processes that happen to have the
3069 * tty open.
3070 */
3071 do_each_thread(g, p) {
3072 if (p->signal->tty == tty) {
3073 printk(KERN_NOTICE "SAK: killed process %d"
3074 " (%s): task_session(p)==tty->session\n",
3075 task_pid_nr(p), p->comm);
3076 send_sig(SIGKILL, p, 1);
3077 continue;
3078 }
3079 task_lock(p);
3080 i = iterate_fd(p->files, 0, this_tty, tty);
3081 if (i != 0) {
3082 printk(KERN_NOTICE "SAK: killed process %d"
3083 " (%s): fd#%d opened to the tty\n",
3084 task_pid_nr(p), p->comm, i - 1);
3085 force_sig(SIGKILL, p);
3086 }
3087 task_unlock(p);
3088 } while_each_thread(g, p);
3089 read_unlock(&tasklist_lock);
3090 #endif
3091 }
3092
do_SAK_work(struct work_struct * work)3093 static void do_SAK_work(struct work_struct *work)
3094 {
3095 struct tty_struct *tty =
3096 container_of(work, struct tty_struct, SAK_work);
3097 __do_SAK(tty);
3098 }
3099
3100 /*
3101 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3102 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3103 * the values which we write to it will be identical to the values which it
3104 * already has. --akpm
3105 */
do_SAK(struct tty_struct * tty)3106 void do_SAK(struct tty_struct *tty)
3107 {
3108 if (!tty)
3109 return;
3110 schedule_work(&tty->SAK_work);
3111 }
3112
3113 EXPORT_SYMBOL(do_SAK);
3114
dev_match_devt(struct device * dev,const void * data)3115 static int dev_match_devt(struct device *dev, const void *data)
3116 {
3117 const dev_t *devt = data;
3118 return dev->devt == *devt;
3119 }
3120
3121 /* Must put_device() after it's unused! */
tty_get_device(struct tty_struct * tty)3122 static struct device *tty_get_device(struct tty_struct *tty)
3123 {
3124 dev_t devt = tty_devnum(tty);
3125 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
3126 }
3127
3128
3129 /**
3130 * alloc_tty_struct
3131 *
3132 * This subroutine allocates and initializes a tty structure.
3133 *
3134 * Locking: none - tty in question is not exposed at this point
3135 */
3136
alloc_tty_struct(struct tty_driver * driver,int idx)3137 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3138 {
3139 struct tty_struct *tty;
3140
3141 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3142 if (!tty)
3143 return NULL;
3144
3145 kref_init(&tty->kref);
3146 tty->magic = TTY_MAGIC;
3147 tty_ldisc_init(tty);
3148 tty->session = NULL;
3149 tty->pgrp = NULL;
3150 mutex_init(&tty->legacy_mutex);
3151 mutex_init(&tty->throttle_mutex);
3152 init_rwsem(&tty->termios_rwsem);
3153 mutex_init(&tty->winsize_mutex);
3154 init_ldsem(&tty->ldisc_sem);
3155 init_waitqueue_head(&tty->write_wait);
3156 init_waitqueue_head(&tty->read_wait);
3157 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3158 mutex_init(&tty->atomic_write_lock);
3159 spin_lock_init(&tty->ctrl_lock);
3160 spin_lock_init(&tty->flow_lock);
3161 INIT_LIST_HEAD(&tty->tty_files);
3162 INIT_WORK(&tty->SAK_work, do_SAK_work);
3163
3164 tty->driver = driver;
3165 tty->ops = driver->ops;
3166 tty->index = idx;
3167 tty_line_name(driver, idx, tty->name);
3168 tty->dev = tty_get_device(tty);
3169
3170 return tty;
3171 }
3172
3173 /**
3174 * deinitialize_tty_struct
3175 * @tty: tty to deinitialize
3176 *
3177 * This subroutine deinitializes a tty structure that has been newly
3178 * allocated but tty_release cannot be called on that yet.
3179 *
3180 * Locking: none - tty in question must not be exposed at this point
3181 */
deinitialize_tty_struct(struct tty_struct * tty)3182 void deinitialize_tty_struct(struct tty_struct *tty)
3183 {
3184 tty_ldisc_deinit(tty);
3185 }
3186
3187 /**
3188 * tty_put_char - write one character to a tty
3189 * @tty: tty
3190 * @ch: character
3191 *
3192 * Write one byte to the tty using the provided put_char method
3193 * if present. Returns the number of characters successfully output.
3194 *
3195 * Note: the specific put_char operation in the driver layer may go
3196 * away soon. Don't call it directly, use this method
3197 */
3198
tty_put_char(struct tty_struct * tty,unsigned char ch)3199 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3200 {
3201 if (tty->ops->put_char)
3202 return tty->ops->put_char(tty, ch);
3203 return tty->ops->write(tty, &ch, 1);
3204 }
3205 EXPORT_SYMBOL_GPL(tty_put_char);
3206
3207 struct class *tty_class;
3208
tty_cdev_add(struct tty_driver * driver,dev_t dev,unsigned int index,unsigned int count)3209 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3210 unsigned int index, unsigned int count)
3211 {
3212 int err;
3213
3214 /* init here, since reused cdevs cause crashes */
3215 driver->cdevs[index] = cdev_alloc();
3216 if (!driver->cdevs[index])
3217 return -ENOMEM;
3218 driver->cdevs[index]->ops = &tty_fops;
3219 driver->cdevs[index]->owner = driver->owner;
3220 err = cdev_add(driver->cdevs[index], dev, count);
3221 if (err)
3222 kobject_put(&driver->cdevs[index]->kobj);
3223 return err;
3224 }
3225
3226 /**
3227 * tty_register_device - register a tty device
3228 * @driver: the tty driver that describes the tty device
3229 * @index: the index in the tty driver for this tty device
3230 * @device: a struct device that is associated with this tty device.
3231 * This field is optional, if there is no known struct device
3232 * for this tty device it can be set to NULL safely.
3233 *
3234 * Returns a pointer to the struct device for this tty device
3235 * (or ERR_PTR(-EFOO) on error).
3236 *
3237 * This call is required to be made to register an individual tty device
3238 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3239 * that bit is not set, this function should not be called by a tty
3240 * driver.
3241 *
3242 * Locking: ??
3243 */
3244
tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)3245 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3246 struct device *device)
3247 {
3248 return tty_register_device_attr(driver, index, device, NULL, NULL);
3249 }
3250 EXPORT_SYMBOL(tty_register_device);
3251
tty_device_create_release(struct device * dev)3252 static void tty_device_create_release(struct device *dev)
3253 {
3254 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3255 kfree(dev);
3256 }
3257
3258 /**
3259 * tty_register_device_attr - register a tty device
3260 * @driver: the tty driver that describes the tty device
3261 * @index: the index in the tty driver for this tty device
3262 * @device: a struct device that is associated with this tty device.
3263 * This field is optional, if there is no known struct device
3264 * for this tty device it can be set to NULL safely.
3265 * @drvdata: Driver data to be set to device.
3266 * @attr_grp: Attribute group to be set on device.
3267 *
3268 * Returns a pointer to the struct device for this tty device
3269 * (or ERR_PTR(-EFOO) on error).
3270 *
3271 * This call is required to be made to register an individual tty device
3272 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3273 * that bit is not set, this function should not be called by a tty
3274 * driver.
3275 *
3276 * Locking: ??
3277 */
tty_register_device_attr(struct tty_driver * driver,unsigned index,struct device * device,void * drvdata,const struct attribute_group ** attr_grp)3278 struct device *tty_register_device_attr(struct tty_driver *driver,
3279 unsigned index, struct device *device,
3280 void *drvdata,
3281 const struct attribute_group **attr_grp)
3282 {
3283 char name[64];
3284 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3285 struct device *dev = NULL;
3286 int retval = -ENODEV;
3287 bool cdev = false;
3288
3289 if (index >= driver->num) {
3290 printk(KERN_ERR "Attempt to register invalid tty line number "
3291 " (%d).\n", index);
3292 return ERR_PTR(-EINVAL);
3293 }
3294
3295 if (driver->type == TTY_DRIVER_TYPE_PTY)
3296 pty_line_name(driver, index, name);
3297 else
3298 tty_line_name(driver, index, name);
3299
3300 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3301 retval = tty_cdev_add(driver, devt, index, 1);
3302 if (retval)
3303 goto error;
3304 cdev = true;
3305 }
3306
3307 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3308 if (!dev) {
3309 retval = -ENOMEM;
3310 goto error;
3311 }
3312
3313 dev->devt = devt;
3314 dev->class = tty_class;
3315 dev->parent = device;
3316 dev->release = tty_device_create_release;
3317 dev_set_name(dev, "%s", name);
3318 dev->groups = attr_grp;
3319 dev_set_drvdata(dev, drvdata);
3320
3321 retval = device_register(dev);
3322 if (retval)
3323 goto error;
3324
3325 return dev;
3326
3327 error:
3328 put_device(dev);
3329 if (cdev) {
3330 cdev_del(driver->cdevs[index]);
3331 driver->cdevs[index] = NULL;
3332 }
3333 return ERR_PTR(retval);
3334 }
3335 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3336
3337 /**
3338 * tty_unregister_device - unregister a tty device
3339 * @driver: the tty driver that describes the tty device
3340 * @index: the index in the tty driver for this tty device
3341 *
3342 * If a tty device is registered with a call to tty_register_device() then
3343 * this function must be called when the tty device is gone.
3344 *
3345 * Locking: ??
3346 */
3347
tty_unregister_device(struct tty_driver * driver,unsigned index)3348 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3349 {
3350 device_destroy(tty_class,
3351 MKDEV(driver->major, driver->minor_start) + index);
3352 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3353 cdev_del(driver->cdevs[index]);
3354 driver->cdevs[index] = NULL;
3355 }
3356 }
3357 EXPORT_SYMBOL(tty_unregister_device);
3358
3359 /**
3360 * __tty_alloc_driver -- allocate tty driver
3361 * @lines: count of lines this driver can handle at most
3362 * @owner: module which is repsonsible for this driver
3363 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3364 *
3365 * This should not be called directly, some of the provided macros should be
3366 * used instead. Use IS_ERR and friends on @retval.
3367 */
__tty_alloc_driver(unsigned int lines,struct module * owner,unsigned long flags)3368 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3369 unsigned long flags)
3370 {
3371 struct tty_driver *driver;
3372 unsigned int cdevs = 1;
3373 int err;
3374
3375 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3376 return ERR_PTR(-EINVAL);
3377
3378 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3379 if (!driver)
3380 return ERR_PTR(-ENOMEM);
3381
3382 kref_init(&driver->kref);
3383 driver->magic = TTY_DRIVER_MAGIC;
3384 driver->num = lines;
3385 driver->owner = owner;
3386 driver->flags = flags;
3387
3388 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3389 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3390 GFP_KERNEL);
3391 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3392 GFP_KERNEL);
3393 if (!driver->ttys || !driver->termios) {
3394 err = -ENOMEM;
3395 goto err_free_all;
3396 }
3397 }
3398
3399 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3400 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3401 GFP_KERNEL);
3402 if (!driver->ports) {
3403 err = -ENOMEM;
3404 goto err_free_all;
3405 }
3406 cdevs = lines;
3407 }
3408
3409 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3410 if (!driver->cdevs) {
3411 err = -ENOMEM;
3412 goto err_free_all;
3413 }
3414
3415 return driver;
3416 err_free_all:
3417 kfree(driver->ports);
3418 kfree(driver->ttys);
3419 kfree(driver->termios);
3420 kfree(driver->cdevs);
3421 kfree(driver);
3422 return ERR_PTR(err);
3423 }
3424 EXPORT_SYMBOL(__tty_alloc_driver);
3425
destruct_tty_driver(struct kref * kref)3426 static void destruct_tty_driver(struct kref *kref)
3427 {
3428 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3429 int i;
3430 struct ktermios *tp;
3431
3432 if (driver->flags & TTY_DRIVER_INSTALLED) {
3433 /*
3434 * Free the termios and termios_locked structures because
3435 * we don't want to get memory leaks when modular tty
3436 * drivers are removed from the kernel.
3437 */
3438 for (i = 0; i < driver->num; i++) {
3439 tp = driver->termios[i];
3440 if (tp) {
3441 driver->termios[i] = NULL;
3442 kfree(tp);
3443 }
3444 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3445 tty_unregister_device(driver, i);
3446 }
3447 proc_tty_unregister_driver(driver);
3448 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3449 cdev_del(driver->cdevs[0]);
3450 }
3451 kfree(driver->cdevs);
3452 kfree(driver->ports);
3453 kfree(driver->termios);
3454 kfree(driver->ttys);
3455 kfree(driver);
3456 }
3457
tty_driver_kref_put(struct tty_driver * driver)3458 void tty_driver_kref_put(struct tty_driver *driver)
3459 {
3460 kref_put(&driver->kref, destruct_tty_driver);
3461 }
3462 EXPORT_SYMBOL(tty_driver_kref_put);
3463
tty_set_operations(struct tty_driver * driver,const struct tty_operations * op)3464 void tty_set_operations(struct tty_driver *driver,
3465 const struct tty_operations *op)
3466 {
3467 driver->ops = op;
3468 };
3469 EXPORT_SYMBOL(tty_set_operations);
3470
put_tty_driver(struct tty_driver * d)3471 void put_tty_driver(struct tty_driver *d)
3472 {
3473 tty_driver_kref_put(d);
3474 }
3475 EXPORT_SYMBOL(put_tty_driver);
3476
3477 /*
3478 * Called by a tty driver to register itself.
3479 */
tty_register_driver(struct tty_driver * driver)3480 int tty_register_driver(struct tty_driver *driver)
3481 {
3482 int error;
3483 int i;
3484 dev_t dev;
3485 struct device *d;
3486
3487 if (!driver->major) {
3488 error = alloc_chrdev_region(&dev, driver->minor_start,
3489 driver->num, driver->name);
3490 if (!error) {
3491 driver->major = MAJOR(dev);
3492 driver->minor_start = MINOR(dev);
3493 }
3494 } else {
3495 dev = MKDEV(driver->major, driver->minor_start);
3496 error = register_chrdev_region(dev, driver->num, driver->name);
3497 }
3498 if (error < 0)
3499 goto err;
3500
3501 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3502 error = tty_cdev_add(driver, dev, 0, driver->num);
3503 if (error)
3504 goto err_unreg_char;
3505 }
3506
3507 mutex_lock(&tty_mutex);
3508 list_add(&driver->tty_drivers, &tty_drivers);
3509 mutex_unlock(&tty_mutex);
3510
3511 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3512 for (i = 0; i < driver->num; i++) {
3513 d = tty_register_device(driver, i, NULL);
3514 if (IS_ERR(d)) {
3515 error = PTR_ERR(d);
3516 goto err_unreg_devs;
3517 }
3518 }
3519 }
3520 proc_tty_register_driver(driver);
3521 driver->flags |= TTY_DRIVER_INSTALLED;
3522 return 0;
3523
3524 err_unreg_devs:
3525 for (i--; i >= 0; i--)
3526 tty_unregister_device(driver, i);
3527
3528 mutex_lock(&tty_mutex);
3529 list_del(&driver->tty_drivers);
3530 mutex_unlock(&tty_mutex);
3531
3532 err_unreg_char:
3533 unregister_chrdev_region(dev, driver->num);
3534 err:
3535 return error;
3536 }
3537 EXPORT_SYMBOL(tty_register_driver);
3538
3539 /*
3540 * Called by a tty driver to unregister itself.
3541 */
tty_unregister_driver(struct tty_driver * driver)3542 int tty_unregister_driver(struct tty_driver *driver)
3543 {
3544 #if 0
3545 /* FIXME */
3546 if (driver->refcount)
3547 return -EBUSY;
3548 #endif
3549 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3550 driver->num);
3551 mutex_lock(&tty_mutex);
3552 list_del(&driver->tty_drivers);
3553 mutex_unlock(&tty_mutex);
3554 return 0;
3555 }
3556
3557 EXPORT_SYMBOL(tty_unregister_driver);
3558
tty_devnum(struct tty_struct * tty)3559 dev_t tty_devnum(struct tty_struct *tty)
3560 {
3561 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3562 }
3563 EXPORT_SYMBOL(tty_devnum);
3564
tty_default_fops(struct file_operations * fops)3565 void tty_default_fops(struct file_operations *fops)
3566 {
3567 *fops = tty_fops;
3568 }
3569
3570 /*
3571 * Initialize the console device. This is called *early*, so
3572 * we can't necessarily depend on lots of kernel help here.
3573 * Just do some early initializations, and do the complex setup
3574 * later.
3575 */
console_init(void)3576 void __init console_init(void)
3577 {
3578 initcall_t *call;
3579
3580 /* Setup the default TTY line discipline. */
3581 tty_ldisc_begin();
3582
3583 /*
3584 * set up the console device so that later boot sequences can
3585 * inform about problems etc..
3586 */
3587 call = __con_initcall_start;
3588 while (call < __con_initcall_end) {
3589 (*call)();
3590 call++;
3591 }
3592 }
3593
tty_devnode(struct device * dev,umode_t * mode)3594 static char *tty_devnode(struct device *dev, umode_t *mode)
3595 {
3596 if (!mode)
3597 return NULL;
3598 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3599 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3600 *mode = 0666;
3601 return NULL;
3602 }
3603
tty_class_init(void)3604 static int __init tty_class_init(void)
3605 {
3606 tty_class = class_create(THIS_MODULE, "tty");
3607 if (IS_ERR(tty_class))
3608 return PTR_ERR(tty_class);
3609 tty_class->devnode = tty_devnode;
3610 return 0;
3611 }
3612
3613 postcore_initcall(tty_class_init);
3614
3615 /* 3/2004 jmc: why do these devices exist? */
3616 static struct cdev tty_cdev, console_cdev;
3617
show_cons_active(struct device * dev,struct device_attribute * attr,char * buf)3618 static ssize_t show_cons_active(struct device *dev,
3619 struct device_attribute *attr, char *buf)
3620 {
3621 struct console *cs[16];
3622 int i = 0;
3623 struct console *c;
3624 ssize_t count = 0;
3625
3626 console_lock();
3627 for_each_console(c) {
3628 if (!c->device)
3629 continue;
3630 if (!c->write)
3631 continue;
3632 if ((c->flags & CON_ENABLED) == 0)
3633 continue;
3634 cs[i++] = c;
3635 if (i >= ARRAY_SIZE(cs))
3636 break;
3637 }
3638 while (i--) {
3639 int index = cs[i]->index;
3640 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3641
3642 /* don't resolve tty0 as some programs depend on it */
3643 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3644 count += tty_line_name(drv, index, buf + count);
3645 else
3646 count += sprintf(buf + count, "%s%d",
3647 cs[i]->name, cs[i]->index);
3648
3649 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3650 }
3651 console_unlock();
3652
3653 return count;
3654 }
3655 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3656
3657 static struct attribute *cons_dev_attrs[] = {
3658 &dev_attr_active.attr,
3659 NULL
3660 };
3661
3662 ATTRIBUTE_GROUPS(cons_dev);
3663
3664 static struct device *consdev;
3665
console_sysfs_notify(void)3666 void console_sysfs_notify(void)
3667 {
3668 if (consdev)
3669 sysfs_notify(&consdev->kobj, NULL, "active");
3670 }
3671
3672 /*
3673 * Ok, now we can initialize the rest of the tty devices and can count
3674 * on memory allocations, interrupts etc..
3675 */
tty_init(void)3676 int __init tty_init(void)
3677 {
3678 cdev_init(&tty_cdev, &tty_fops);
3679 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3680 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3681 panic("Couldn't register /dev/tty driver\n");
3682 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3683
3684 cdev_init(&console_cdev, &console_fops);
3685 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3686 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3687 panic("Couldn't register /dev/console driver\n");
3688 consdev = device_create_with_groups(tty_class, NULL,
3689 MKDEV(TTYAUX_MAJOR, 1), NULL,
3690 cons_dev_groups, "console");
3691 if (IS_ERR(consdev))
3692 consdev = NULL;
3693
3694 #ifdef CONFIG_VT
3695 vty_init(&console_fops);
3696 #endif
3697 return 0;
3698 }
3699
3700