1 /*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5 /*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67 #include <linux/types.h>
68 #include <linux/major.h>
69 #include <linux/errno.h>
70 #include <linux/signal.h>
71 #include <linux/fcntl.h>
72 #include <linux/sched.h>
73 #include <linux/interrupt.h>
74 #include <linux/tty.h>
75 #include <linux/tty_driver.h>
76 #include <linux/tty_flip.h>
77 #include <linux/devpts_fs.h>
78 #include <linux/file.h>
79 #include <linux/fdtable.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/device.h>
92 #include <linux/wait.h>
93 #include <linux/bitops.h>
94 #include <linux/delay.h>
95 #include <linux/seq_file.h>
96 #include <linux/serial.h>
97 #include <linux/ratelimit.h>
98
99 #include <linux/uaccess.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106 #include <linux/nsproxy.h>
107
108 #undef TTY_DEBUG_HANGUP
109
110 #define TTY_PARANOIA_CHECK 1
111 #define CHECK_TTY_COUNT 1
112
113 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
122 };
123
124 EXPORT_SYMBOL(tty_std_termios);
125
126 /* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
129
130 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132 /* Mutex to protect creating and releasing a tty. This is shared with
133 vt.c for deeply disgusting hack reasons */
134 DEFINE_MUTEX(tty_mutex);
135 EXPORT_SYMBOL(tty_mutex);
136
137 /* Spinlock to protect the tty->tty_files list */
138 DEFINE_SPINLOCK(tty_files_lock);
139
140 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142 ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
144 static unsigned int tty_poll(struct file *, poll_table *);
145 static int tty_open(struct inode *, struct file *);
146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147 #ifdef CONFIG_COMPAT
148 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 unsigned long arg);
150 #else
151 #define tty_compat_ioctl NULL
152 #endif
153 static int __tty_fasync(int fd, struct file *filp, int on);
154 static int tty_fasync(int fd, struct file *filp, int on);
155 static void release_tty(struct tty_struct *tty, int idx);
156
157 /**
158 * free_tty_struct - free a disused tty
159 * @tty: tty struct to free
160 *
161 * Free the write buffers, tty queue and tty memory itself.
162 *
163 * Locking: none. Must be called after tty is definitely unused
164 */
165
free_tty_struct(struct tty_struct * tty)166 void free_tty_struct(struct tty_struct *tty)
167 {
168 if (!tty)
169 return;
170 put_device(tty->dev);
171 kfree(tty->write_buf);
172 tty->magic = 0xDEADDEAD;
173 kfree(tty);
174 }
175
file_tty(struct file * file)176 static inline struct tty_struct *file_tty(struct file *file)
177 {
178 return ((struct tty_file_private *)file->private_data)->tty;
179 }
180
tty_alloc_file(struct file * file)181 int tty_alloc_file(struct file *file)
182 {
183 struct tty_file_private *priv;
184
185 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
186 if (!priv)
187 return -ENOMEM;
188
189 file->private_data = priv;
190
191 return 0;
192 }
193
194 /* Associate a new file with the tty structure */
tty_add_file(struct tty_struct * tty,struct file * file)195 void tty_add_file(struct tty_struct *tty, struct file *file)
196 {
197 struct tty_file_private *priv = file->private_data;
198
199 priv->tty = tty;
200 priv->file = file;
201
202 spin_lock(&tty_files_lock);
203 list_add(&priv->list, &tty->tty_files);
204 spin_unlock(&tty_files_lock);
205 }
206
207 /**
208 * tty_free_file - free file->private_data
209 *
210 * This shall be used only for fail path handling when tty_add_file was not
211 * called yet.
212 */
tty_free_file(struct file * file)213 void tty_free_file(struct file *file)
214 {
215 struct tty_file_private *priv = file->private_data;
216
217 file->private_data = NULL;
218 kfree(priv);
219 }
220
221 /* Delete file from its tty */
tty_del_file(struct file * file)222 static void tty_del_file(struct file *file)
223 {
224 struct tty_file_private *priv = file->private_data;
225
226 spin_lock(&tty_files_lock);
227 list_del(&priv->list);
228 spin_unlock(&tty_files_lock);
229 tty_free_file(file);
230 }
231
232
233 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
234
235 /**
236 * tty_name - return tty naming
237 * @tty: tty structure
238 * @buf: buffer for output
239 *
240 * Convert a tty structure into a name. The name reflects the kernel
241 * naming policy and if udev is in use may not reflect user space
242 *
243 * Locking: none
244 */
245
tty_name(struct tty_struct * tty,char * buf)246 char *tty_name(struct tty_struct *tty, char *buf)
247 {
248 if (!tty) /* Hmm. NULL pointer. That's fun. */
249 strcpy(buf, "NULL tty");
250 else
251 strcpy(buf, tty->name);
252 return buf;
253 }
254
255 EXPORT_SYMBOL(tty_name);
256
tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)257 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
258 const char *routine)
259 {
260 #ifdef TTY_PARANOIA_CHECK
261 if (!tty) {
262 printk(KERN_WARNING
263 "null TTY for (%d:%d) in %s\n",
264 imajor(inode), iminor(inode), routine);
265 return 1;
266 }
267 if (tty->magic != TTY_MAGIC) {
268 printk(KERN_WARNING
269 "bad magic number for tty struct (%d:%d) in %s\n",
270 imajor(inode), iminor(inode), routine);
271 return 1;
272 }
273 #endif
274 return 0;
275 }
276
277 /* Caller must hold tty_lock */
check_tty_count(struct tty_struct * tty,const char * routine)278 static int check_tty_count(struct tty_struct *tty, const char *routine)
279 {
280 #ifdef CHECK_TTY_COUNT
281 struct list_head *p;
282 int count = 0;
283
284 spin_lock(&tty_files_lock);
285 list_for_each(p, &tty->tty_files) {
286 count++;
287 }
288 spin_unlock(&tty_files_lock);
289 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
290 tty->driver->subtype == PTY_TYPE_SLAVE &&
291 tty->link && tty->link->count)
292 count++;
293 if (tty->count != count) {
294 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
295 "!= #fd's(%d) in %s\n",
296 tty->name, tty->count, count, routine);
297 return count;
298 }
299 #endif
300 return 0;
301 }
302
303 /**
304 * get_tty_driver - find device of a tty
305 * @dev_t: device identifier
306 * @index: returns the index of the tty
307 *
308 * This routine returns a tty driver structure, given a device number
309 * and also passes back the index number.
310 *
311 * Locking: caller must hold tty_mutex
312 */
313
get_tty_driver(dev_t device,int * index)314 static struct tty_driver *get_tty_driver(dev_t device, int *index)
315 {
316 struct tty_driver *p;
317
318 list_for_each_entry(p, &tty_drivers, tty_drivers) {
319 dev_t base = MKDEV(p->major, p->minor_start);
320 if (device < base || device >= base + p->num)
321 continue;
322 *index = device - base;
323 return tty_driver_kref_get(p);
324 }
325 return NULL;
326 }
327
328 #ifdef CONFIG_CONSOLE_POLL
329
330 /**
331 * tty_find_polling_driver - find device of a polled tty
332 * @name: name string to match
333 * @line: pointer to resulting tty line nr
334 *
335 * This routine returns a tty driver structure, given a name
336 * and the condition that the tty driver is capable of polled
337 * operation.
338 */
tty_find_polling_driver(char * name,int * line)339 struct tty_driver *tty_find_polling_driver(char *name, int *line)
340 {
341 struct tty_driver *p, *res = NULL;
342 int tty_line = 0;
343 int len;
344 char *str, *stp;
345
346 for (str = name; *str; str++)
347 if ((*str >= '0' && *str <= '9') || *str == ',')
348 break;
349 if (!*str)
350 return NULL;
351
352 len = str - name;
353 tty_line = simple_strtoul(str, &str, 10);
354
355 mutex_lock(&tty_mutex);
356 /* Search through the tty devices to look for a match */
357 list_for_each_entry(p, &tty_drivers, tty_drivers) {
358 if (strncmp(name, p->name, len) != 0)
359 continue;
360 stp = str;
361 if (*stp == ',')
362 stp++;
363 if (*stp == '\0')
364 stp = NULL;
365
366 if (tty_line >= 0 && tty_line < p->num && p->ops &&
367 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
368 res = tty_driver_kref_get(p);
369 *line = tty_line;
370 break;
371 }
372 }
373 mutex_unlock(&tty_mutex);
374
375 return res;
376 }
377 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
378 #endif
379
380 /**
381 * tty_check_change - check for POSIX terminal changes
382 * @tty: tty to check
383 *
384 * If we try to write to, or set the state of, a terminal and we're
385 * not in the foreground, send a SIGTTOU. If the signal is blocked or
386 * ignored, go ahead and perform the operation. (POSIX 7.2)
387 *
388 * Locking: ctrl_lock
389 */
390
tty_check_change(struct tty_struct * tty)391 int tty_check_change(struct tty_struct *tty)
392 {
393 unsigned long flags;
394 int ret = 0;
395
396 if (current->signal->tty != tty)
397 return 0;
398
399 spin_lock_irqsave(&tty->ctrl_lock, flags);
400
401 if (!tty->pgrp) {
402 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
403 goto out_unlock;
404 }
405 if (task_pgrp(current) == tty->pgrp)
406 goto out_unlock;
407 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
408 if (is_ignored(SIGTTOU))
409 goto out;
410 if (is_current_pgrp_orphaned()) {
411 ret = -EIO;
412 goto out;
413 }
414 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
415 set_thread_flag(TIF_SIGPENDING);
416 ret = -ERESTARTSYS;
417 out:
418 return ret;
419 out_unlock:
420 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
421 return ret;
422 }
423
424 EXPORT_SYMBOL(tty_check_change);
425
hung_up_tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)426 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
427 size_t count, loff_t *ppos)
428 {
429 return 0;
430 }
431
hung_up_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)432 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
433 size_t count, loff_t *ppos)
434 {
435 return -EIO;
436 }
437
438 /* No kernel lock held - none needed ;) */
hung_up_tty_poll(struct file * filp,poll_table * wait)439 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
440 {
441 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
442 }
443
hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)444 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
445 unsigned long arg)
446 {
447 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
448 }
449
hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)450 static long hung_up_tty_compat_ioctl(struct file *file,
451 unsigned int cmd, unsigned long arg)
452 {
453 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
454 }
455
456 static const struct file_operations tty_fops = {
457 .llseek = no_llseek,
458 .read = tty_read,
459 .write = tty_write,
460 .poll = tty_poll,
461 .unlocked_ioctl = tty_ioctl,
462 .compat_ioctl = tty_compat_ioctl,
463 .open = tty_open,
464 .release = tty_release,
465 .fasync = tty_fasync,
466 };
467
468 static const struct file_operations console_fops = {
469 .llseek = no_llseek,
470 .read = tty_read,
471 .write = redirected_tty_write,
472 .poll = tty_poll,
473 .unlocked_ioctl = tty_ioctl,
474 .compat_ioctl = tty_compat_ioctl,
475 .open = tty_open,
476 .release = tty_release,
477 .fasync = tty_fasync,
478 };
479
480 static const struct file_operations hung_up_tty_fops = {
481 .llseek = no_llseek,
482 .read = hung_up_tty_read,
483 .write = hung_up_tty_write,
484 .poll = hung_up_tty_poll,
485 .unlocked_ioctl = hung_up_tty_ioctl,
486 .compat_ioctl = hung_up_tty_compat_ioctl,
487 .release = tty_release,
488 };
489
490 static DEFINE_SPINLOCK(redirect_lock);
491 static struct file *redirect;
492
493
proc_clear_tty(struct task_struct * p)494 void proc_clear_tty(struct task_struct *p)
495 {
496 unsigned long flags;
497 struct tty_struct *tty;
498 spin_lock_irqsave(&p->sighand->siglock, flags);
499 tty = p->signal->tty;
500 p->signal->tty = NULL;
501 spin_unlock_irqrestore(&p->sighand->siglock, flags);
502 tty_kref_put(tty);
503 }
504
505 /**
506 * proc_set_tty - set the controlling terminal
507 *
508 * Only callable by the session leader and only if it does not already have
509 * a controlling terminal.
510 *
511 * Caller must hold: tty_lock()
512 * a readlock on tasklist_lock
513 * sighand lock
514 */
__proc_set_tty(struct tty_struct * tty)515 static void __proc_set_tty(struct tty_struct *tty)
516 {
517 unsigned long flags;
518
519 spin_lock_irqsave(&tty->ctrl_lock, flags);
520 /*
521 * The session and fg pgrp references will be non-NULL if
522 * tiocsctty() is stealing the controlling tty
523 */
524 put_pid(tty->session);
525 put_pid(tty->pgrp);
526 tty->pgrp = get_pid(task_pgrp(current));
527 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
528 tty->session = get_pid(task_session(current));
529 if (current->signal->tty) {
530 printk(KERN_DEBUG "tty not NULL!!\n");
531 tty_kref_put(current->signal->tty);
532 }
533 put_pid(current->signal->tty_old_pgrp);
534 current->signal->tty = tty_kref_get(tty);
535 current->signal->tty_old_pgrp = NULL;
536 }
537
proc_set_tty(struct tty_struct * tty)538 static void proc_set_tty(struct tty_struct *tty)
539 {
540 spin_lock_irq(¤t->sighand->siglock);
541 __proc_set_tty(tty);
542 spin_unlock_irq(¤t->sighand->siglock);
543 }
544
get_current_tty(void)545 struct tty_struct *get_current_tty(void)
546 {
547 struct tty_struct *tty;
548 unsigned long flags;
549
550 spin_lock_irqsave(¤t->sighand->siglock, flags);
551 tty = tty_kref_get(current->signal->tty);
552 spin_unlock_irqrestore(¤t->sighand->siglock, flags);
553 return tty;
554 }
555 EXPORT_SYMBOL_GPL(get_current_tty);
556
session_clear_tty(struct pid * session)557 static void session_clear_tty(struct pid *session)
558 {
559 struct task_struct *p;
560 do_each_pid_task(session, PIDTYPE_SID, p) {
561 proc_clear_tty(p);
562 } while_each_pid_task(session, PIDTYPE_SID, p);
563 }
564
565 /**
566 * tty_wakeup - request more data
567 * @tty: terminal
568 *
569 * Internal and external helper for wakeups of tty. This function
570 * informs the line discipline if present that the driver is ready
571 * to receive more output data.
572 */
573
tty_wakeup(struct tty_struct * tty)574 void tty_wakeup(struct tty_struct *tty)
575 {
576 struct tty_ldisc *ld;
577
578 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
579 ld = tty_ldisc_ref(tty);
580 if (ld) {
581 if (ld->ops->write_wakeup)
582 ld->ops->write_wakeup(tty);
583 tty_ldisc_deref(ld);
584 }
585 }
586 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
587 }
588
589 EXPORT_SYMBOL_GPL(tty_wakeup);
590
591 /**
592 * tty_signal_session_leader - sends SIGHUP to session leader
593 * @tty controlling tty
594 * @exit_session if non-zero, signal all foreground group processes
595 *
596 * Send SIGHUP and SIGCONT to the session leader and its process group.
597 * Optionally, signal all processes in the foreground process group.
598 *
599 * Returns the number of processes in the session with this tty
600 * as their controlling terminal. This value is used to drop
601 * tty references for those processes.
602 */
tty_signal_session_leader(struct tty_struct * tty,int exit_session)603 static int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
604 {
605 struct task_struct *p;
606 int refs = 0;
607 struct pid *tty_pgrp = NULL;
608
609 read_lock(&tasklist_lock);
610 if (tty->session) {
611 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
612 spin_lock_irq(&p->sighand->siglock);
613 if (p->signal->tty == tty) {
614 p->signal->tty = NULL;
615 /* We defer the dereferences outside fo
616 the tasklist lock */
617 refs++;
618 }
619 if (!p->signal->leader) {
620 spin_unlock_irq(&p->sighand->siglock);
621 continue;
622 }
623 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
624 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
625 put_pid(p->signal->tty_old_pgrp); /* A noop */
626 spin_lock(&tty->ctrl_lock);
627 tty_pgrp = get_pid(tty->pgrp);
628 if (tty->pgrp)
629 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
630 spin_unlock(&tty->ctrl_lock);
631 spin_unlock_irq(&p->sighand->siglock);
632 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
633 }
634 read_unlock(&tasklist_lock);
635
636 if (tty_pgrp) {
637 if (exit_session)
638 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
639 put_pid(tty_pgrp);
640 }
641
642 return refs;
643 }
644
645 /**
646 * __tty_hangup - actual handler for hangup events
647 * @work: tty device
648 *
649 * This can be called by a "kworker" kernel thread. That is process
650 * synchronous but doesn't hold any locks, so we need to make sure we
651 * have the appropriate locks for what we're doing.
652 *
653 * The hangup event clears any pending redirections onto the hung up
654 * device. It ensures future writes will error and it does the needed
655 * line discipline hangup and signal delivery. The tty object itself
656 * remains intact.
657 *
658 * Locking:
659 * BTM
660 * redirect lock for undoing redirection
661 * file list lock for manipulating list of ttys
662 * tty_ldiscs_lock from called functions
663 * termios_rwsem resetting termios data
664 * tasklist_lock to walk task list for hangup event
665 * ->siglock to protect ->signal/->sighand
666 */
__tty_hangup(struct tty_struct * tty,int exit_session)667 static void __tty_hangup(struct tty_struct *tty, int exit_session)
668 {
669 struct file *cons_filp = NULL;
670 struct file *filp, *f = NULL;
671 struct tty_file_private *priv;
672 int closecount = 0, n;
673 int refs;
674
675 if (!tty)
676 return;
677
678
679 spin_lock(&redirect_lock);
680 if (redirect && file_tty(redirect) == tty) {
681 f = redirect;
682 redirect = NULL;
683 }
684 spin_unlock(&redirect_lock);
685
686 tty_lock(tty);
687
688 if (test_bit(TTY_HUPPED, &tty->flags)) {
689 tty_unlock(tty);
690 return;
691 }
692
693 /* inuse_filps is protected by the single tty lock,
694 this really needs to change if we want to flush the
695 workqueue with the lock held */
696 check_tty_count(tty, "tty_hangup");
697
698 spin_lock(&tty_files_lock);
699 /* This breaks for file handles being sent over AF_UNIX sockets ? */
700 list_for_each_entry(priv, &tty->tty_files, list) {
701 filp = priv->file;
702 if (filp->f_op->write == redirected_tty_write)
703 cons_filp = filp;
704 if (filp->f_op->write != tty_write)
705 continue;
706 closecount++;
707 __tty_fasync(-1, filp, 0); /* can't block */
708 filp->f_op = &hung_up_tty_fops;
709 }
710 spin_unlock(&tty_files_lock);
711
712 refs = tty_signal_session_leader(tty, exit_session);
713 /* Account for the p->signal references we killed */
714 while (refs--)
715 tty_kref_put(tty);
716
717 tty_ldisc_hangup(tty);
718
719 spin_lock_irq(&tty->ctrl_lock);
720 clear_bit(TTY_THROTTLED, &tty->flags);
721 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
722 put_pid(tty->session);
723 put_pid(tty->pgrp);
724 tty->session = NULL;
725 tty->pgrp = NULL;
726 tty->ctrl_status = 0;
727 spin_unlock_irq(&tty->ctrl_lock);
728
729 /*
730 * If one of the devices matches a console pointer, we
731 * cannot just call hangup() because that will cause
732 * tty->count and state->count to go out of sync.
733 * So we just call close() the right number of times.
734 */
735 if (cons_filp) {
736 if (tty->ops->close)
737 for (n = 0; n < closecount; n++)
738 tty->ops->close(tty, cons_filp);
739 } else if (tty->ops->hangup)
740 tty->ops->hangup(tty);
741 /*
742 * We don't want to have driver/ldisc interactions beyond
743 * the ones we did here. The driver layer expects no
744 * calls after ->hangup() from the ldisc side. However we
745 * can't yet guarantee all that.
746 */
747 set_bit(TTY_HUPPED, &tty->flags);
748 tty_unlock(tty);
749
750 if (f)
751 fput(f);
752 }
753
do_tty_hangup(struct work_struct * work)754 static void do_tty_hangup(struct work_struct *work)
755 {
756 struct tty_struct *tty =
757 container_of(work, struct tty_struct, hangup_work);
758
759 __tty_hangup(tty, 0);
760 }
761
762 /**
763 * tty_hangup - trigger a hangup event
764 * @tty: tty to hangup
765 *
766 * A carrier loss (virtual or otherwise) has occurred on this like
767 * schedule a hangup sequence to run after this event.
768 */
769
tty_hangup(struct tty_struct * tty)770 void tty_hangup(struct tty_struct *tty)
771 {
772 #ifdef TTY_DEBUG_HANGUP
773 char buf[64];
774 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
775 #endif
776 schedule_work(&tty->hangup_work);
777 }
778
779 EXPORT_SYMBOL(tty_hangup);
780
781 /**
782 * tty_vhangup - process vhangup
783 * @tty: tty to hangup
784 *
785 * The user has asked via system call for the terminal to be hung up.
786 * We do this synchronously so that when the syscall returns the process
787 * is complete. That guarantee is necessary for security reasons.
788 */
789
tty_vhangup(struct tty_struct * tty)790 void tty_vhangup(struct tty_struct *tty)
791 {
792 #ifdef TTY_DEBUG_HANGUP
793 char buf[64];
794
795 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
796 #endif
797 __tty_hangup(tty, 0);
798 }
799
800 EXPORT_SYMBOL(tty_vhangup);
801
802
803 /**
804 * tty_vhangup_self - process vhangup for own ctty
805 *
806 * Perform a vhangup on the current controlling tty
807 */
808
tty_vhangup_self(void)809 void tty_vhangup_self(void)
810 {
811 struct tty_struct *tty;
812
813 tty = get_current_tty();
814 if (tty) {
815 tty_vhangup(tty);
816 tty_kref_put(tty);
817 }
818 }
819
820 /**
821 * tty_vhangup_session - hangup session leader exit
822 * @tty: tty to hangup
823 *
824 * The session leader is exiting and hanging up its controlling terminal.
825 * Every process in the foreground process group is signalled SIGHUP.
826 *
827 * We do this synchronously so that when the syscall returns the process
828 * is complete. That guarantee is necessary for security reasons.
829 */
830
tty_vhangup_session(struct tty_struct * tty)831 static void tty_vhangup_session(struct tty_struct *tty)
832 {
833 #ifdef TTY_DEBUG_HANGUP
834 char buf[64];
835
836 printk(KERN_DEBUG "%s vhangup session...\n", tty_name(tty, buf));
837 #endif
838 __tty_hangup(tty, 1);
839 }
840
841 /**
842 * tty_hung_up_p - was tty hung up
843 * @filp: file pointer of tty
844 *
845 * Return true if the tty has been subject to a vhangup or a carrier
846 * loss
847 */
848
tty_hung_up_p(struct file * filp)849 int tty_hung_up_p(struct file *filp)
850 {
851 return (filp->f_op == &hung_up_tty_fops);
852 }
853
854 EXPORT_SYMBOL(tty_hung_up_p);
855
856 /**
857 * disassociate_ctty - disconnect controlling tty
858 * @on_exit: true if exiting so need to "hang up" the session
859 *
860 * This function is typically called only by the session leader, when
861 * it wants to disassociate itself from its controlling tty.
862 *
863 * It performs the following functions:
864 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
865 * (2) Clears the tty from being controlling the session
866 * (3) Clears the controlling tty for all processes in the
867 * session group.
868 *
869 * The argument on_exit is set to 1 if called when a process is
870 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
871 *
872 * Locking:
873 * BTM is taken for hysterical raisins, and held when
874 * called from no_tty().
875 * tty_mutex is taken to protect tty
876 * ->siglock is taken to protect ->signal/->sighand
877 * tasklist_lock is taken to walk process list for sessions
878 * ->siglock is taken to protect ->signal/->sighand
879 */
880
disassociate_ctty(int on_exit)881 void disassociate_ctty(int on_exit)
882 {
883 struct tty_struct *tty;
884
885 if (!current->signal->leader)
886 return;
887
888 tty = get_current_tty();
889 if (tty) {
890 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
891 tty_vhangup_session(tty);
892 } else {
893 struct pid *tty_pgrp = tty_get_pgrp(tty);
894 if (tty_pgrp) {
895 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
896 if (!on_exit)
897 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
898 put_pid(tty_pgrp);
899 }
900 }
901 tty_kref_put(tty);
902
903 } else if (on_exit) {
904 struct pid *old_pgrp;
905 spin_lock_irq(¤t->sighand->siglock);
906 old_pgrp = current->signal->tty_old_pgrp;
907 current->signal->tty_old_pgrp = NULL;
908 spin_unlock_irq(¤t->sighand->siglock);
909 if (old_pgrp) {
910 kill_pgrp(old_pgrp, SIGHUP, on_exit);
911 kill_pgrp(old_pgrp, SIGCONT, on_exit);
912 put_pid(old_pgrp);
913 }
914 return;
915 }
916
917 spin_lock_irq(¤t->sighand->siglock);
918 put_pid(current->signal->tty_old_pgrp);
919 current->signal->tty_old_pgrp = NULL;
920
921 tty = tty_kref_get(current->signal->tty);
922 if (tty) {
923 unsigned long flags;
924 spin_lock_irqsave(&tty->ctrl_lock, flags);
925 put_pid(tty->session);
926 put_pid(tty->pgrp);
927 tty->session = NULL;
928 tty->pgrp = NULL;
929 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
930 tty_kref_put(tty);
931 } else {
932 #ifdef TTY_DEBUG_HANGUP
933 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
934 " = NULL", tty);
935 #endif
936 }
937
938 spin_unlock_irq(¤t->sighand->siglock);
939 /* Now clear signal->tty under the lock */
940 read_lock(&tasklist_lock);
941 session_clear_tty(task_session(current));
942 read_unlock(&tasklist_lock);
943 }
944
945 /**
946 *
947 * no_tty - Ensure the current process does not have a controlling tty
948 */
no_tty(void)949 void no_tty(void)
950 {
951 /* FIXME: Review locking here. The tty_lock never covered any race
952 between a new association and proc_clear_tty but possible we need
953 to protect against this anyway */
954 struct task_struct *tsk = current;
955 disassociate_ctty(0);
956 proc_clear_tty(tsk);
957 }
958
959
960 /**
961 * stop_tty - propagate flow control
962 * @tty: tty to stop
963 *
964 * Perform flow control to the driver. May be called
965 * on an already stopped device and will not re-call the driver
966 * method.
967 *
968 * This functionality is used by both the line disciplines for
969 * halting incoming flow and by the driver. It may therefore be
970 * called from any context, may be under the tty atomic_write_lock
971 * but not always.
972 *
973 * Locking:
974 * flow_lock
975 */
976
__stop_tty(struct tty_struct * tty)977 void __stop_tty(struct tty_struct *tty)
978 {
979 if (tty->stopped)
980 return;
981 tty->stopped = 1;
982 if (tty->ops->stop)
983 tty->ops->stop(tty);
984 }
985
stop_tty(struct tty_struct * tty)986 void stop_tty(struct tty_struct *tty)
987 {
988 unsigned long flags;
989
990 spin_lock_irqsave(&tty->flow_lock, flags);
991 __stop_tty(tty);
992 spin_unlock_irqrestore(&tty->flow_lock, flags);
993 }
994 EXPORT_SYMBOL(stop_tty);
995
996 /**
997 * start_tty - propagate flow control
998 * @tty: tty to start
999 *
1000 * Start a tty that has been stopped if at all possible. If this
1001 * tty was previous stopped and is now being started, the driver
1002 * start method is invoked and the line discipline woken.
1003 *
1004 * Locking:
1005 * flow_lock
1006 */
1007
__start_tty(struct tty_struct * tty)1008 void __start_tty(struct tty_struct *tty)
1009 {
1010 if (!tty->stopped || tty->flow_stopped)
1011 return;
1012 tty->stopped = 0;
1013 if (tty->ops->start)
1014 tty->ops->start(tty);
1015 tty_wakeup(tty);
1016 }
1017
start_tty(struct tty_struct * tty)1018 void start_tty(struct tty_struct *tty)
1019 {
1020 unsigned long flags;
1021
1022 spin_lock_irqsave(&tty->flow_lock, flags);
1023 __start_tty(tty);
1024 spin_unlock_irqrestore(&tty->flow_lock, flags);
1025 }
1026 EXPORT_SYMBOL(start_tty);
1027
tty_update_time(struct timespec * time)1028 static void tty_update_time(struct timespec *time)
1029 {
1030 unsigned long sec = get_seconds();
1031
1032 /*
1033 * We only care if the two values differ in anything other than the
1034 * lower three bits (i.e every 8 seconds). If so, then we can update
1035 * the time of the tty device, otherwise it could be construded as a
1036 * security leak to let userspace know the exact timing of the tty.
1037 */
1038 if ((sec ^ time->tv_sec) & ~7)
1039 time->tv_sec = sec;
1040 }
1041
1042 /**
1043 * tty_read - read method for tty device files
1044 * @file: pointer to tty file
1045 * @buf: user buffer
1046 * @count: size of user buffer
1047 * @ppos: unused
1048 *
1049 * Perform the read system call function on this terminal device. Checks
1050 * for hung up devices before calling the line discipline method.
1051 *
1052 * Locking:
1053 * Locks the line discipline internally while needed. Multiple
1054 * read calls may be outstanding in parallel.
1055 */
1056
tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)1057 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1058 loff_t *ppos)
1059 {
1060 int i;
1061 struct inode *inode = file_inode(file);
1062 struct tty_struct *tty = file_tty(file);
1063 struct tty_ldisc *ld;
1064
1065 if (tty_paranoia_check(tty, inode, "tty_read"))
1066 return -EIO;
1067 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1068 return -EIO;
1069
1070 /* We want to wait for the line discipline to sort out in this
1071 situation */
1072 ld = tty_ldisc_ref_wait(tty);
1073 if (ld->ops->read)
1074 i = ld->ops->read(tty, file, buf, count);
1075 else
1076 i = -EIO;
1077 tty_ldisc_deref(ld);
1078
1079 if (i > 0)
1080 tty_update_time(&inode->i_atime);
1081
1082 return i;
1083 }
1084
tty_write_unlock(struct tty_struct * tty)1085 static void tty_write_unlock(struct tty_struct *tty)
1086 {
1087 mutex_unlock(&tty->atomic_write_lock);
1088 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1089 }
1090
tty_write_lock(struct tty_struct * tty,int ndelay)1091 static int tty_write_lock(struct tty_struct *tty, int ndelay)
1092 {
1093 if (!mutex_trylock(&tty->atomic_write_lock)) {
1094 if (ndelay)
1095 return -EAGAIN;
1096 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1097 return -ERESTARTSYS;
1098 }
1099 return 0;
1100 }
1101
1102 /*
1103 * Split writes up in sane blocksizes to avoid
1104 * denial-of-service type attacks
1105 */
do_tty_write(ssize_t (* write)(struct tty_struct *,struct file *,const unsigned char *,size_t),struct tty_struct * tty,struct file * file,const char __user * buf,size_t count)1106 static inline ssize_t do_tty_write(
1107 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1108 struct tty_struct *tty,
1109 struct file *file,
1110 const char __user *buf,
1111 size_t count)
1112 {
1113 ssize_t ret, written = 0;
1114 unsigned int chunk;
1115
1116 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1117 if (ret < 0)
1118 return ret;
1119
1120 /*
1121 * We chunk up writes into a temporary buffer. This
1122 * simplifies low-level drivers immensely, since they
1123 * don't have locking issues and user mode accesses.
1124 *
1125 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1126 * big chunk-size..
1127 *
1128 * The default chunk-size is 2kB, because the NTTY
1129 * layer has problems with bigger chunks. It will
1130 * claim to be able to handle more characters than
1131 * it actually does.
1132 *
1133 * FIXME: This can probably go away now except that 64K chunks
1134 * are too likely to fail unless switched to vmalloc...
1135 */
1136 chunk = 2048;
1137 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1138 chunk = 65536;
1139 if (count < chunk)
1140 chunk = count;
1141
1142 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1143 if (tty->write_cnt < chunk) {
1144 unsigned char *buf_chunk;
1145
1146 if (chunk < 1024)
1147 chunk = 1024;
1148
1149 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1150 if (!buf_chunk) {
1151 ret = -ENOMEM;
1152 goto out;
1153 }
1154 kfree(tty->write_buf);
1155 tty->write_cnt = chunk;
1156 tty->write_buf = buf_chunk;
1157 }
1158
1159 /* Do the write .. */
1160 for (;;) {
1161 size_t size = count;
1162 if (size > chunk)
1163 size = chunk;
1164 ret = -EFAULT;
1165 if (copy_from_user(tty->write_buf, buf, size))
1166 break;
1167 ret = write(tty, file, tty->write_buf, size);
1168 if (ret <= 0)
1169 break;
1170 written += ret;
1171 buf += ret;
1172 count -= ret;
1173 if (!count)
1174 break;
1175 ret = -ERESTARTSYS;
1176 if (signal_pending(current))
1177 break;
1178 cond_resched();
1179 }
1180 if (written) {
1181 tty_update_time(&file_inode(file)->i_mtime);
1182 ret = written;
1183 }
1184 out:
1185 tty_write_unlock(tty);
1186 return ret;
1187 }
1188
1189 /**
1190 * tty_write_message - write a message to a certain tty, not just the console.
1191 * @tty: the destination tty_struct
1192 * @msg: the message to write
1193 *
1194 * This is used for messages that need to be redirected to a specific tty.
1195 * We don't put it into the syslog queue right now maybe in the future if
1196 * really needed.
1197 *
1198 * We must still hold the BTM and test the CLOSING flag for the moment.
1199 */
1200
tty_write_message(struct tty_struct * tty,char * msg)1201 void tty_write_message(struct tty_struct *tty, char *msg)
1202 {
1203 if (tty) {
1204 mutex_lock(&tty->atomic_write_lock);
1205 tty_lock(tty);
1206 if (tty->ops->write && tty->count > 0) {
1207 tty_unlock(tty);
1208 tty->ops->write(tty, msg, strlen(msg));
1209 } else
1210 tty_unlock(tty);
1211 tty_write_unlock(tty);
1212 }
1213 return;
1214 }
1215
1216
1217 /**
1218 * tty_write - write method for tty device file
1219 * @file: tty file pointer
1220 * @buf: user data to write
1221 * @count: bytes to write
1222 * @ppos: unused
1223 *
1224 * Write data to a tty device via the line discipline.
1225 *
1226 * Locking:
1227 * Locks the line discipline as required
1228 * Writes to the tty driver are serialized by the atomic_write_lock
1229 * and are then processed in chunks to the device. The line discipline
1230 * write method will not be invoked in parallel for each device.
1231 */
1232
tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1233 static ssize_t tty_write(struct file *file, const char __user *buf,
1234 size_t count, loff_t *ppos)
1235 {
1236 struct tty_struct *tty = file_tty(file);
1237 struct tty_ldisc *ld;
1238 ssize_t ret;
1239
1240 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1241 return -EIO;
1242 if (!tty || !tty->ops->write ||
1243 (test_bit(TTY_IO_ERROR, &tty->flags)))
1244 return -EIO;
1245 /* Short term debug to catch buggy drivers */
1246 if (tty->ops->write_room == NULL)
1247 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1248 tty->driver->name);
1249 ld = tty_ldisc_ref_wait(tty);
1250 if (!ld->ops->write)
1251 ret = -EIO;
1252 else
1253 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1254 tty_ldisc_deref(ld);
1255 return ret;
1256 }
1257
redirected_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1258 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1259 size_t count, loff_t *ppos)
1260 {
1261 struct file *p = NULL;
1262
1263 spin_lock(&redirect_lock);
1264 if (redirect)
1265 p = get_file(redirect);
1266 spin_unlock(&redirect_lock);
1267
1268 if (p) {
1269 ssize_t res;
1270 res = vfs_write(p, buf, count, &p->f_pos);
1271 fput(p);
1272 return res;
1273 }
1274 return tty_write(file, buf, count, ppos);
1275 }
1276
1277 /**
1278 * tty_send_xchar - send priority character
1279 *
1280 * Send a high priority character to the tty even if stopped
1281 *
1282 * Locking: none for xchar method, write ordering for write method.
1283 */
1284
tty_send_xchar(struct tty_struct * tty,char ch)1285 int tty_send_xchar(struct tty_struct *tty, char ch)
1286 {
1287 int was_stopped = tty->stopped;
1288
1289 if (tty->ops->send_xchar) {
1290 down_read(&tty->termios_rwsem);
1291 tty->ops->send_xchar(tty, ch);
1292 up_read(&tty->termios_rwsem);
1293 return 0;
1294 }
1295
1296 if (tty_write_lock(tty, 0) < 0)
1297 return -ERESTARTSYS;
1298
1299 down_read(&tty->termios_rwsem);
1300 if (was_stopped)
1301 start_tty(tty);
1302 tty->ops->write(tty, &ch, 1);
1303 if (was_stopped)
1304 stop_tty(tty);
1305 up_read(&tty->termios_rwsem);
1306 tty_write_unlock(tty);
1307 return 0;
1308 }
1309
1310 static char ptychar[] = "pqrstuvwxyzabcde";
1311
1312 /**
1313 * pty_line_name - generate name for a pty
1314 * @driver: the tty driver in use
1315 * @index: the minor number
1316 * @p: output buffer of at least 6 bytes
1317 *
1318 * Generate a name from a driver reference and write it to the output
1319 * buffer.
1320 *
1321 * Locking: None
1322 */
pty_line_name(struct tty_driver * driver,int index,char * p)1323 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1324 {
1325 int i = index + driver->name_base;
1326 /* ->name is initialized to "ttyp", but "tty" is expected */
1327 sprintf(p, "%s%c%x",
1328 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1329 ptychar[i >> 4 & 0xf], i & 0xf);
1330 }
1331
1332 /**
1333 * tty_line_name - generate name for a tty
1334 * @driver: the tty driver in use
1335 * @index: the minor number
1336 * @p: output buffer of at least 7 bytes
1337 *
1338 * Generate a name from a driver reference and write it to the output
1339 * buffer.
1340 *
1341 * Locking: None
1342 */
tty_line_name(struct tty_driver * driver,int index,char * p)1343 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1344 {
1345 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1346 return sprintf(p, "%s", driver->name);
1347 else
1348 return sprintf(p, "%s%d", driver->name,
1349 index + driver->name_base);
1350 }
1351
1352 /**
1353 * tty_driver_lookup_tty() - find an existing tty, if any
1354 * @driver: the driver for the tty
1355 * @idx: the minor number
1356 *
1357 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1358 * driver lookup() method returns an error.
1359 *
1360 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1361 */
tty_driver_lookup_tty(struct tty_driver * driver,struct inode * inode,int idx)1362 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1363 struct inode *inode, int idx)
1364 {
1365 struct tty_struct *tty;
1366
1367 if (driver->ops->lookup)
1368 tty = driver->ops->lookup(driver, inode, idx);
1369 else
1370 tty = driver->ttys[idx];
1371
1372 if (!IS_ERR(tty))
1373 tty_kref_get(tty);
1374 return tty;
1375 }
1376
1377 /**
1378 * tty_init_termios - helper for termios setup
1379 * @tty: the tty to set up
1380 *
1381 * Initialise the termios structures for this tty. Thus runs under
1382 * the tty_mutex currently so we can be relaxed about ordering.
1383 */
1384
tty_init_termios(struct tty_struct * tty)1385 int tty_init_termios(struct tty_struct *tty)
1386 {
1387 struct ktermios *tp;
1388 int idx = tty->index;
1389
1390 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1391 tty->termios = tty->driver->init_termios;
1392 else {
1393 /* Check for lazy saved data */
1394 tp = tty->driver->termios[idx];
1395 if (tp != NULL)
1396 tty->termios = *tp;
1397 else
1398 tty->termios = tty->driver->init_termios;
1399 }
1400 /* Compatibility until drivers always set this */
1401 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1402 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1403 return 0;
1404 }
1405 EXPORT_SYMBOL_GPL(tty_init_termios);
1406
tty_standard_install(struct tty_driver * driver,struct tty_struct * tty)1407 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1408 {
1409 int ret = tty_init_termios(tty);
1410 if (ret)
1411 return ret;
1412
1413 tty_driver_kref_get(driver);
1414 tty->count++;
1415 driver->ttys[tty->index] = tty;
1416 return 0;
1417 }
1418 EXPORT_SYMBOL_GPL(tty_standard_install);
1419
1420 /**
1421 * tty_driver_install_tty() - install a tty entry in the driver
1422 * @driver: the driver for the tty
1423 * @tty: the tty
1424 *
1425 * Install a tty object into the driver tables. The tty->index field
1426 * will be set by the time this is called. This method is responsible
1427 * for ensuring any need additional structures are allocated and
1428 * configured.
1429 *
1430 * Locking: tty_mutex for now
1431 */
tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1432 static int tty_driver_install_tty(struct tty_driver *driver,
1433 struct tty_struct *tty)
1434 {
1435 return driver->ops->install ? driver->ops->install(driver, tty) :
1436 tty_standard_install(driver, tty);
1437 }
1438
1439 /**
1440 * tty_driver_remove_tty() - remove a tty from the driver tables
1441 * @driver: the driver for the tty
1442 * @idx: the minor number
1443 *
1444 * Remvoe a tty object from the driver tables. The tty->index field
1445 * will be set by the time this is called.
1446 *
1447 * Locking: tty_mutex for now
1448 */
tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1449 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1450 {
1451 if (driver->ops->remove)
1452 driver->ops->remove(driver, tty);
1453 else
1454 driver->ttys[tty->index] = NULL;
1455 }
1456
1457 /*
1458 * tty_reopen() - fast re-open of an open tty
1459 * @tty - the tty to open
1460 *
1461 * Return 0 on success, -errno on error.
1462 * Re-opens on master ptys are not allowed and return -EIO.
1463 *
1464 * Locking: Caller must hold tty_lock
1465 */
tty_reopen(struct tty_struct * tty)1466 static int tty_reopen(struct tty_struct *tty)
1467 {
1468 struct tty_driver *driver = tty->driver;
1469
1470 if (!tty->count)
1471 return -EIO;
1472
1473 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1474 driver->subtype == PTY_TYPE_MASTER)
1475 return -EIO;
1476
1477 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1478 return -EBUSY;
1479
1480 tty->count++;
1481
1482 WARN_ON(!tty->ldisc);
1483
1484 return 0;
1485 }
1486
1487 /**
1488 * tty_init_dev - initialise a tty device
1489 * @driver: tty driver we are opening a device on
1490 * @idx: device index
1491 * @ret_tty: returned tty structure
1492 *
1493 * Prepare a tty device. This may not be a "new" clean device but
1494 * could also be an active device. The pty drivers require special
1495 * handling because of this.
1496 *
1497 * Locking:
1498 * The function is called under the tty_mutex, which
1499 * protects us from the tty struct or driver itself going away.
1500 *
1501 * On exit the tty device has the line discipline attached and
1502 * a reference count of 1. If a pair was created for pty/tty use
1503 * and the other was a pty master then it too has a reference count of 1.
1504 *
1505 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1506 * failed open. The new code protects the open with a mutex, so it's
1507 * really quite straightforward. The mutex locking can probably be
1508 * relaxed for the (most common) case of reopening a tty.
1509 */
1510
tty_init_dev(struct tty_driver * driver,int idx)1511 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1512 {
1513 struct tty_struct *tty;
1514 int retval;
1515
1516 /*
1517 * First time open is complex, especially for PTY devices.
1518 * This code guarantees that either everything succeeds and the
1519 * TTY is ready for operation, or else the table slots are vacated
1520 * and the allocated memory released. (Except that the termios
1521 * and locked termios may be retained.)
1522 */
1523
1524 if (!try_module_get(driver->owner))
1525 return ERR_PTR(-ENODEV);
1526
1527 tty = alloc_tty_struct(driver, idx);
1528 if (!tty) {
1529 retval = -ENOMEM;
1530 goto err_module_put;
1531 }
1532
1533 tty_lock(tty);
1534 retval = tty_driver_install_tty(driver, tty);
1535 if (retval < 0)
1536 goto err_deinit_tty;
1537
1538 if (!tty->port)
1539 tty->port = driver->ports[idx];
1540
1541 WARN_RATELIMIT(!tty->port,
1542 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1543 __func__, tty->driver->name);
1544
1545 tty->port->itty = tty;
1546
1547 /*
1548 * Structures all installed ... call the ldisc open routines.
1549 * If we fail here just call release_tty to clean up. No need
1550 * to decrement the use counts, as release_tty doesn't care.
1551 */
1552 retval = tty_ldisc_setup(tty, tty->link);
1553 if (retval)
1554 goto err_release_tty;
1555 /* Return the tty locked so that it cannot vanish under the caller */
1556 return tty;
1557
1558 err_deinit_tty:
1559 tty_unlock(tty);
1560 deinitialize_tty_struct(tty);
1561 free_tty_struct(tty);
1562 err_module_put:
1563 module_put(driver->owner);
1564 return ERR_PTR(retval);
1565
1566 /* call the tty release_tty routine to clean out this slot */
1567 err_release_tty:
1568 tty_unlock(tty);
1569 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1570 "clearing slot %d\n", idx);
1571 release_tty(tty, idx);
1572 return ERR_PTR(retval);
1573 }
1574
tty_free_termios(struct tty_struct * tty)1575 void tty_free_termios(struct tty_struct *tty)
1576 {
1577 struct ktermios *tp;
1578 int idx = tty->index;
1579
1580 /* If the port is going to reset then it has no termios to save */
1581 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1582 return;
1583
1584 /* Stash the termios data */
1585 tp = tty->driver->termios[idx];
1586 if (tp == NULL) {
1587 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1588 if (tp == NULL) {
1589 pr_warn("tty: no memory to save termios state.\n");
1590 return;
1591 }
1592 tty->driver->termios[idx] = tp;
1593 }
1594 *tp = tty->termios;
1595 }
1596 EXPORT_SYMBOL(tty_free_termios);
1597
1598 /**
1599 * tty_flush_works - flush all works of a tty/pty pair
1600 * @tty: tty device to flush works for (or either end of a pty pair)
1601 *
1602 * Sync flush all works belonging to @tty (and the 'other' tty).
1603 */
tty_flush_works(struct tty_struct * tty)1604 static void tty_flush_works(struct tty_struct *tty)
1605 {
1606 flush_work(&tty->SAK_work);
1607 flush_work(&tty->hangup_work);
1608 if (tty->link) {
1609 flush_work(&tty->link->SAK_work);
1610 flush_work(&tty->link->hangup_work);
1611 }
1612 }
1613
1614 /**
1615 * release_one_tty - release tty structure memory
1616 * @kref: kref of tty we are obliterating
1617 *
1618 * Releases memory associated with a tty structure, and clears out the
1619 * driver table slots. This function is called when a device is no longer
1620 * in use. It also gets called when setup of a device fails.
1621 *
1622 * Locking:
1623 * takes the file list lock internally when working on the list
1624 * of ttys that the driver keeps.
1625 *
1626 * This method gets called from a work queue so that the driver private
1627 * cleanup ops can sleep (needed for USB at least)
1628 */
release_one_tty(struct work_struct * work)1629 static void release_one_tty(struct work_struct *work)
1630 {
1631 struct tty_struct *tty =
1632 container_of(work, struct tty_struct, hangup_work);
1633 struct tty_driver *driver = tty->driver;
1634 struct module *owner = driver->owner;
1635
1636 if (tty->ops->cleanup)
1637 tty->ops->cleanup(tty);
1638
1639 tty->magic = 0;
1640 tty_driver_kref_put(driver);
1641 module_put(owner);
1642
1643 spin_lock(&tty_files_lock);
1644 list_del_init(&tty->tty_files);
1645 spin_unlock(&tty_files_lock);
1646
1647 put_pid(tty->pgrp);
1648 put_pid(tty->session);
1649 free_tty_struct(tty);
1650 }
1651
queue_release_one_tty(struct kref * kref)1652 static void queue_release_one_tty(struct kref *kref)
1653 {
1654 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1655
1656 /* The hangup queue is now free so we can reuse it rather than
1657 waste a chunk of memory for each port */
1658 INIT_WORK(&tty->hangup_work, release_one_tty);
1659 schedule_work(&tty->hangup_work);
1660 }
1661
1662 /**
1663 * tty_kref_put - release a tty kref
1664 * @tty: tty device
1665 *
1666 * Release a reference to a tty device and if need be let the kref
1667 * layer destruct the object for us
1668 */
1669
tty_kref_put(struct tty_struct * tty)1670 void tty_kref_put(struct tty_struct *tty)
1671 {
1672 if (tty)
1673 kref_put(&tty->kref, queue_release_one_tty);
1674 }
1675 EXPORT_SYMBOL(tty_kref_put);
1676
1677 /**
1678 * release_tty - release tty structure memory
1679 *
1680 * Release both @tty and a possible linked partner (think pty pair),
1681 * and decrement the refcount of the backing module.
1682 *
1683 * Locking:
1684 * tty_mutex
1685 * takes the file list lock internally when working on the list
1686 * of ttys that the driver keeps.
1687 *
1688 */
release_tty(struct tty_struct * tty,int idx)1689 static void release_tty(struct tty_struct *tty, int idx)
1690 {
1691 /* This should always be true but check for the moment */
1692 WARN_ON(tty->index != idx);
1693 WARN_ON(!mutex_is_locked(&tty_mutex));
1694 if (tty->ops->shutdown)
1695 tty->ops->shutdown(tty);
1696 tty_free_termios(tty);
1697 tty_driver_remove_tty(tty->driver, tty);
1698 tty->port->itty = NULL;
1699 if (tty->link)
1700 tty->link->port->itty = NULL;
1701 cancel_work_sync(&tty->port->buf.work);
1702
1703 tty_kref_put(tty->link);
1704 tty_kref_put(tty);
1705 }
1706
1707 /**
1708 * tty_release_checks - check a tty before real release
1709 * @tty: tty to check
1710 * @o_tty: link of @tty (if any)
1711 * @idx: index of the tty
1712 *
1713 * Performs some paranoid checking before true release of the @tty.
1714 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1715 */
tty_release_checks(struct tty_struct * tty,int idx)1716 static int tty_release_checks(struct tty_struct *tty, int idx)
1717 {
1718 #ifdef TTY_PARANOIA_CHECK
1719 if (idx < 0 || idx >= tty->driver->num) {
1720 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1721 __func__, tty->name);
1722 return -1;
1723 }
1724
1725 /* not much to check for devpts */
1726 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1727 return 0;
1728
1729 if (tty != tty->driver->ttys[idx]) {
1730 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1731 __func__, idx, tty->name);
1732 return -1;
1733 }
1734 if (tty->driver->other) {
1735 struct tty_struct *o_tty = tty->link;
1736
1737 if (o_tty != tty->driver->other->ttys[idx]) {
1738 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1739 __func__, idx, tty->name);
1740 return -1;
1741 }
1742 if (o_tty->link != tty) {
1743 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1744 return -1;
1745 }
1746 }
1747 #endif
1748 return 0;
1749 }
1750
1751 /**
1752 * tty_release - vfs callback for close
1753 * @inode: inode of tty
1754 * @filp: file pointer for handle to tty
1755 *
1756 * Called the last time each file handle is closed that references
1757 * this tty. There may however be several such references.
1758 *
1759 * Locking:
1760 * Takes bkl. See tty_release_dev
1761 *
1762 * Even releasing the tty structures is a tricky business.. We have
1763 * to be very careful that the structures are all released at the
1764 * same time, as interrupts might otherwise get the wrong pointers.
1765 *
1766 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1767 * lead to double frees or releasing memory still in use.
1768 */
1769
tty_release(struct inode * inode,struct file * filp)1770 int tty_release(struct inode *inode, struct file *filp)
1771 {
1772 struct tty_struct *tty = file_tty(filp);
1773 struct tty_struct *o_tty = NULL;
1774 int do_sleep, final;
1775 int idx;
1776 char buf[64];
1777 long timeout = 0;
1778 int once = 1;
1779
1780 if (tty_paranoia_check(tty, inode, __func__))
1781 return 0;
1782
1783 tty_lock(tty);
1784 check_tty_count(tty, __func__);
1785
1786 __tty_fasync(-1, filp, 0);
1787
1788 idx = tty->index;
1789 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1790 tty->driver->subtype == PTY_TYPE_MASTER)
1791 o_tty = tty->link;
1792
1793 if (tty_release_checks(tty, idx)) {
1794 tty_unlock(tty);
1795 return 0;
1796 }
1797
1798 #ifdef TTY_DEBUG_HANGUP
1799 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1800 tty_name(tty, buf), tty->count);
1801 #endif
1802
1803 if (tty->ops->close)
1804 tty->ops->close(tty, filp);
1805
1806 /* If tty is pty master, lock the slave pty (stable lock order) */
1807 tty_lock_slave(o_tty);
1808
1809 /*
1810 * Sanity check: if tty->count is going to zero, there shouldn't be
1811 * any waiters on tty->read_wait or tty->write_wait. We test the
1812 * wait queues and kick everyone out _before_ actually starting to
1813 * close. This ensures that we won't block while releasing the tty
1814 * structure.
1815 *
1816 * The test for the o_tty closing is necessary, since the master and
1817 * slave sides may close in any order. If the slave side closes out
1818 * first, its count will be one, since the master side holds an open.
1819 * Thus this test wouldn't be triggered at the time the slave closed,
1820 * so we do it now.
1821 */
1822 while (1) {
1823 do_sleep = 0;
1824
1825 if (tty->count <= 1) {
1826 if (waitqueue_active(&tty->read_wait)) {
1827 wake_up_poll(&tty->read_wait, POLLIN);
1828 do_sleep++;
1829 }
1830 if (waitqueue_active(&tty->write_wait)) {
1831 wake_up_poll(&tty->write_wait, POLLOUT);
1832 do_sleep++;
1833 }
1834 }
1835 if (o_tty && o_tty->count <= 1) {
1836 if (waitqueue_active(&o_tty->read_wait)) {
1837 wake_up_poll(&o_tty->read_wait, POLLIN);
1838 do_sleep++;
1839 }
1840 if (waitqueue_active(&o_tty->write_wait)) {
1841 wake_up_poll(&o_tty->write_wait, POLLOUT);
1842 do_sleep++;
1843 }
1844 }
1845 if (!do_sleep)
1846 break;
1847
1848 if (once) {
1849 once = 0;
1850 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1851 __func__, tty_name(tty, buf));
1852 }
1853 schedule_timeout_killable(timeout);
1854 if (timeout < 120 * HZ)
1855 timeout = 2 * timeout + 1;
1856 else
1857 timeout = MAX_SCHEDULE_TIMEOUT;
1858 }
1859
1860 if (o_tty) {
1861 if (--o_tty->count < 0) {
1862 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1863 __func__, o_tty->count, tty_name(o_tty, buf));
1864 o_tty->count = 0;
1865 }
1866 }
1867 if (--tty->count < 0) {
1868 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1869 __func__, tty->count, tty_name(tty, buf));
1870 tty->count = 0;
1871 }
1872
1873 /*
1874 * We've decremented tty->count, so we need to remove this file
1875 * descriptor off the tty->tty_files list; this serves two
1876 * purposes:
1877 * - check_tty_count sees the correct number of file descriptors
1878 * associated with this tty.
1879 * - do_tty_hangup no longer sees this file descriptor as
1880 * something that needs to be handled for hangups.
1881 */
1882 tty_del_file(filp);
1883
1884 /*
1885 * Perform some housekeeping before deciding whether to return.
1886 *
1887 * If _either_ side is closing, make sure there aren't any
1888 * processes that still think tty or o_tty is their controlling
1889 * tty.
1890 */
1891 if (!tty->count) {
1892 read_lock(&tasklist_lock);
1893 session_clear_tty(tty->session);
1894 if (o_tty)
1895 session_clear_tty(o_tty->session);
1896 read_unlock(&tasklist_lock);
1897 }
1898
1899 /* check whether both sides are closing ... */
1900 final = !tty->count && !(o_tty && o_tty->count);
1901
1902 tty_unlock_slave(o_tty);
1903 tty_unlock(tty);
1904
1905 /* At this point, the tty->count == 0 should ensure a dead tty
1906 cannot be re-opened by a racing opener */
1907
1908 if (!final)
1909 return 0;
1910
1911 #ifdef TTY_DEBUG_HANGUP
1912 printk(KERN_DEBUG "%s: %s: final close\n", __func__, tty_name(tty, buf));
1913 #endif
1914 /*
1915 * Ask the line discipline code to release its structures
1916 */
1917 tty_ldisc_release(tty);
1918
1919 /* Wait for pending work before tty destruction commmences */
1920 tty_flush_works(tty);
1921
1922 #ifdef TTY_DEBUG_HANGUP
1923 printk(KERN_DEBUG "%s: %s: freeing structure...\n", __func__, tty_name(tty, buf));
1924 #endif
1925 /*
1926 * The release_tty function takes care of the details of clearing
1927 * the slots and preserving the termios structure. The tty_unlock_pair
1928 * should be safe as we keep a kref while the tty is locked (so the
1929 * unlock never unlocks a freed tty).
1930 */
1931 mutex_lock(&tty_mutex);
1932 release_tty(tty, idx);
1933 mutex_unlock(&tty_mutex);
1934
1935 return 0;
1936 }
1937
1938 /**
1939 * tty_open_current_tty - get locked tty of current task
1940 * @device: device number
1941 * @filp: file pointer to tty
1942 * @return: locked tty of the current task iff @device is /dev/tty
1943 *
1944 * Performs a re-open of the current task's controlling tty.
1945 *
1946 * We cannot return driver and index like for the other nodes because
1947 * devpts will not work then. It expects inodes to be from devpts FS.
1948 */
tty_open_current_tty(dev_t device,struct file * filp)1949 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1950 {
1951 struct tty_struct *tty;
1952 int retval;
1953
1954 if (device != MKDEV(TTYAUX_MAJOR, 0))
1955 return NULL;
1956
1957 tty = get_current_tty();
1958 if (!tty)
1959 return ERR_PTR(-ENXIO);
1960
1961 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1962 /* noctty = 1; */
1963 tty_lock(tty);
1964 tty_kref_put(tty); /* safe to drop the kref now */
1965
1966 retval = tty_reopen(tty);
1967 if (retval < 0) {
1968 tty_unlock(tty);
1969 tty = ERR_PTR(retval);
1970 }
1971 return tty;
1972 }
1973
1974 /**
1975 * tty_lookup_driver - lookup a tty driver for a given device file
1976 * @device: device number
1977 * @filp: file pointer to tty
1978 * @noctty: set if the device should not become a controlling tty
1979 * @index: index for the device in the @return driver
1980 * @return: driver for this inode (with increased refcount)
1981 *
1982 * If @return is not erroneous, the caller is responsible to decrement the
1983 * refcount by tty_driver_kref_put.
1984 *
1985 * Locking: tty_mutex protects get_tty_driver
1986 */
tty_lookup_driver(dev_t device,struct file * filp,int * noctty,int * index)1987 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1988 int *noctty, int *index)
1989 {
1990 struct tty_driver *driver;
1991
1992 switch (device) {
1993 #ifdef CONFIG_VT
1994 case MKDEV(TTY_MAJOR, 0): {
1995 extern struct tty_driver *console_driver;
1996 driver = tty_driver_kref_get(console_driver);
1997 *index = fg_console;
1998 *noctty = 1;
1999 break;
2000 }
2001 #endif
2002 case MKDEV(TTYAUX_MAJOR, 1): {
2003 struct tty_driver *console_driver = console_device(index);
2004 if (console_driver) {
2005 driver = tty_driver_kref_get(console_driver);
2006 if (driver) {
2007 /* Don't let /dev/console block */
2008 filp->f_flags |= O_NONBLOCK;
2009 *noctty = 1;
2010 break;
2011 }
2012 }
2013 return ERR_PTR(-ENODEV);
2014 }
2015 default:
2016 driver = get_tty_driver(device, index);
2017 if (!driver)
2018 return ERR_PTR(-ENODEV);
2019 break;
2020 }
2021 return driver;
2022 }
2023
2024 /**
2025 * tty_open - open a tty device
2026 * @inode: inode of device file
2027 * @filp: file pointer to tty
2028 *
2029 * tty_open and tty_release keep up the tty count that contains the
2030 * number of opens done on a tty. We cannot use the inode-count, as
2031 * different inodes might point to the same tty.
2032 *
2033 * Open-counting is needed for pty masters, as well as for keeping
2034 * track of serial lines: DTR is dropped when the last close happens.
2035 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2036 *
2037 * The termios state of a pty is reset on first open so that
2038 * settings don't persist across reuse.
2039 *
2040 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2041 * tty->count should protect the rest.
2042 * ->siglock protects ->signal/->sighand
2043 *
2044 * Note: the tty_unlock/lock cases without a ref are only safe due to
2045 * tty_mutex
2046 */
2047
tty_open(struct inode * inode,struct file * filp)2048 static int tty_open(struct inode *inode, struct file *filp)
2049 {
2050 struct tty_struct *tty;
2051 int noctty, retval;
2052 struct tty_driver *driver = NULL;
2053 int index;
2054 dev_t device = inode->i_rdev;
2055 unsigned saved_flags = filp->f_flags;
2056
2057 nonseekable_open(inode, filp);
2058
2059 retry_open:
2060 retval = tty_alloc_file(filp);
2061 if (retval)
2062 return -ENOMEM;
2063
2064 noctty = filp->f_flags & O_NOCTTY;
2065 index = -1;
2066 retval = 0;
2067
2068 tty = tty_open_current_tty(device, filp);
2069 if (!tty) {
2070 mutex_lock(&tty_mutex);
2071 driver = tty_lookup_driver(device, filp, &noctty, &index);
2072 if (IS_ERR(driver)) {
2073 retval = PTR_ERR(driver);
2074 goto err_unlock;
2075 }
2076
2077 /* check whether we're reopening an existing tty */
2078 tty = tty_driver_lookup_tty(driver, inode, index);
2079 if (IS_ERR(tty)) {
2080 retval = PTR_ERR(tty);
2081 goto err_unlock;
2082 }
2083
2084 if (tty) {
2085 mutex_unlock(&tty_mutex);
2086 tty_lock(tty);
2087 /* safe to drop the kref from tty_driver_lookup_tty() */
2088 tty_kref_put(tty);
2089 retval = tty_reopen(tty);
2090 if (retval < 0) {
2091 tty_unlock(tty);
2092 tty = ERR_PTR(retval);
2093 }
2094 } else { /* Returns with the tty_lock held for now */
2095 tty = tty_init_dev(driver, index);
2096 mutex_unlock(&tty_mutex);
2097 }
2098
2099 tty_driver_kref_put(driver);
2100 }
2101
2102 if (IS_ERR(tty)) {
2103 retval = PTR_ERR(tty);
2104 goto err_file;
2105 }
2106
2107 tty_add_file(tty, filp);
2108
2109 check_tty_count(tty, __func__);
2110 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2111 tty->driver->subtype == PTY_TYPE_MASTER)
2112 noctty = 1;
2113 #ifdef TTY_DEBUG_HANGUP
2114 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
2115 #endif
2116 if (tty->ops->open)
2117 retval = tty->ops->open(tty, filp);
2118 else
2119 retval = -ENODEV;
2120 filp->f_flags = saved_flags;
2121
2122 if (retval) {
2123 #ifdef TTY_DEBUG_HANGUP
2124 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
2125 retval, tty->name);
2126 #endif
2127 tty_unlock(tty); /* need to call tty_release without BTM */
2128 tty_release(inode, filp);
2129 if (retval != -ERESTARTSYS)
2130 return retval;
2131
2132 if (signal_pending(current))
2133 return retval;
2134
2135 schedule();
2136 /*
2137 * Need to reset f_op in case a hangup happened.
2138 */
2139 if (tty_hung_up_p(filp))
2140 filp->f_op = &tty_fops;
2141 goto retry_open;
2142 }
2143 clear_bit(TTY_HUPPED, &tty->flags);
2144
2145
2146 read_lock(&tasklist_lock);
2147 spin_lock_irq(¤t->sighand->siglock);
2148 if (!noctty &&
2149 current->signal->leader &&
2150 !current->signal->tty &&
2151 tty->session == NULL) {
2152 /*
2153 * Don't let a process that only has write access to the tty
2154 * obtain the privileges associated with having a tty as
2155 * controlling terminal (being able to reopen it with full
2156 * access through /dev/tty, being able to perform pushback).
2157 * Many distributions set the group of all ttys to "tty" and
2158 * grant write-only access to all terminals for setgid tty
2159 * binaries, which should not imply full privileges on all ttys.
2160 *
2161 * This could theoretically break old code that performs open()
2162 * on a write-only file descriptor. In that case, it might be
2163 * necessary to also permit this if
2164 * inode_permission(inode, MAY_READ) == 0.
2165 */
2166 if (filp->f_mode & FMODE_READ)
2167 __proc_set_tty(tty);
2168 }
2169 spin_unlock_irq(¤t->sighand->siglock);
2170 read_unlock(&tasklist_lock);
2171 tty_unlock(tty);
2172 return 0;
2173 err_unlock:
2174 mutex_unlock(&tty_mutex);
2175 /* after locks to avoid deadlock */
2176 if (!IS_ERR_OR_NULL(driver))
2177 tty_driver_kref_put(driver);
2178 err_file:
2179 tty_free_file(filp);
2180 return retval;
2181 }
2182
2183
2184
2185 /**
2186 * tty_poll - check tty status
2187 * @filp: file being polled
2188 * @wait: poll wait structures to update
2189 *
2190 * Call the line discipline polling method to obtain the poll
2191 * status of the device.
2192 *
2193 * Locking: locks called line discipline but ldisc poll method
2194 * may be re-entered freely by other callers.
2195 */
2196
tty_poll(struct file * filp,poll_table * wait)2197 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2198 {
2199 struct tty_struct *tty = file_tty(filp);
2200 struct tty_ldisc *ld;
2201 int ret = 0;
2202
2203 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2204 return 0;
2205
2206 ld = tty_ldisc_ref_wait(tty);
2207 if (ld->ops->poll)
2208 ret = ld->ops->poll(tty, filp, wait);
2209 tty_ldisc_deref(ld);
2210 return ret;
2211 }
2212
__tty_fasync(int fd,struct file * filp,int on)2213 static int __tty_fasync(int fd, struct file *filp, int on)
2214 {
2215 struct tty_struct *tty = file_tty(filp);
2216 struct tty_ldisc *ldisc;
2217 unsigned long flags;
2218 int retval = 0;
2219
2220 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2221 goto out;
2222
2223 retval = fasync_helper(fd, filp, on, &tty->fasync);
2224 if (retval <= 0)
2225 goto out;
2226
2227 ldisc = tty_ldisc_ref(tty);
2228 if (ldisc) {
2229 if (ldisc->ops->fasync)
2230 ldisc->ops->fasync(tty, on);
2231 tty_ldisc_deref(ldisc);
2232 }
2233
2234 if (on) {
2235 enum pid_type type;
2236 struct pid *pid;
2237
2238 spin_lock_irqsave(&tty->ctrl_lock, flags);
2239 if (tty->pgrp) {
2240 pid = tty->pgrp;
2241 type = PIDTYPE_PGID;
2242 } else {
2243 pid = task_pid(current);
2244 type = PIDTYPE_PID;
2245 }
2246 get_pid(pid);
2247 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2248 __f_setown(filp, pid, type, 0);
2249 put_pid(pid);
2250 retval = 0;
2251 }
2252 out:
2253 return retval;
2254 }
2255
tty_fasync(int fd,struct file * filp,int on)2256 static int tty_fasync(int fd, struct file *filp, int on)
2257 {
2258 struct tty_struct *tty = file_tty(filp);
2259 int retval;
2260
2261 tty_lock(tty);
2262 retval = __tty_fasync(fd, filp, on);
2263 tty_unlock(tty);
2264
2265 return retval;
2266 }
2267
2268 /**
2269 * tiocsti - fake input character
2270 * @tty: tty to fake input into
2271 * @p: pointer to character
2272 *
2273 * Fake input to a tty device. Does the necessary locking and
2274 * input management.
2275 *
2276 * FIXME: does not honour flow control ??
2277 *
2278 * Locking:
2279 * Called functions take tty_ldiscs_lock
2280 * current->signal->tty check is safe without locks
2281 *
2282 * FIXME: may race normal receive processing
2283 */
2284
tiocsti(struct tty_struct * tty,char __user * p)2285 static int tiocsti(struct tty_struct *tty, char __user *p)
2286 {
2287 char ch, mbz = 0;
2288 struct tty_ldisc *ld;
2289
2290 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2291 return -EPERM;
2292 if (get_user(ch, p))
2293 return -EFAULT;
2294 tty_audit_tiocsti(tty, ch);
2295 ld = tty_ldisc_ref_wait(tty);
2296 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2297 tty_ldisc_deref(ld);
2298 return 0;
2299 }
2300
2301 /**
2302 * tiocgwinsz - implement window query ioctl
2303 * @tty; tty
2304 * @arg: user buffer for result
2305 *
2306 * Copies the kernel idea of the window size into the user buffer.
2307 *
2308 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2309 * is consistent.
2310 */
2311
tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2312 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2313 {
2314 int err;
2315
2316 mutex_lock(&tty->winsize_mutex);
2317 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2318 mutex_unlock(&tty->winsize_mutex);
2319
2320 return err ? -EFAULT: 0;
2321 }
2322
2323 /**
2324 * tty_do_resize - resize event
2325 * @tty: tty being resized
2326 * @rows: rows (character)
2327 * @cols: cols (character)
2328 *
2329 * Update the termios variables and send the necessary signals to
2330 * peform a terminal resize correctly
2331 */
2332
tty_do_resize(struct tty_struct * tty,struct winsize * ws)2333 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2334 {
2335 struct pid *pgrp;
2336
2337 /* Lock the tty */
2338 mutex_lock(&tty->winsize_mutex);
2339 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2340 goto done;
2341
2342 /* Signal the foreground process group */
2343 pgrp = tty_get_pgrp(tty);
2344 if (pgrp)
2345 kill_pgrp(pgrp, SIGWINCH, 1);
2346 put_pid(pgrp);
2347
2348 tty->winsize = *ws;
2349 done:
2350 mutex_unlock(&tty->winsize_mutex);
2351 return 0;
2352 }
2353 EXPORT_SYMBOL(tty_do_resize);
2354
2355 /**
2356 * tiocswinsz - implement window size set ioctl
2357 * @tty; tty side of tty
2358 * @arg: user buffer for result
2359 *
2360 * Copies the user idea of the window size to the kernel. Traditionally
2361 * this is just advisory information but for the Linux console it
2362 * actually has driver level meaning and triggers a VC resize.
2363 *
2364 * Locking:
2365 * Driver dependent. The default do_resize method takes the
2366 * tty termios mutex and ctrl_lock. The console takes its own lock
2367 * then calls into the default method.
2368 */
2369
tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2370 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2371 {
2372 struct winsize tmp_ws;
2373 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2374 return -EFAULT;
2375
2376 if (tty->ops->resize)
2377 return tty->ops->resize(tty, &tmp_ws);
2378 else
2379 return tty_do_resize(tty, &tmp_ws);
2380 }
2381
2382 /**
2383 * tioccons - allow admin to move logical console
2384 * @file: the file to become console
2385 *
2386 * Allow the administrator to move the redirected console device
2387 *
2388 * Locking: uses redirect_lock to guard the redirect information
2389 */
2390
tioccons(struct file * file)2391 static int tioccons(struct file *file)
2392 {
2393 if (!capable(CAP_SYS_ADMIN))
2394 return -EPERM;
2395 if (file->f_op->write == redirected_tty_write) {
2396 struct file *f;
2397 spin_lock(&redirect_lock);
2398 f = redirect;
2399 redirect = NULL;
2400 spin_unlock(&redirect_lock);
2401 if (f)
2402 fput(f);
2403 return 0;
2404 }
2405 spin_lock(&redirect_lock);
2406 if (redirect) {
2407 spin_unlock(&redirect_lock);
2408 return -EBUSY;
2409 }
2410 redirect = get_file(file);
2411 spin_unlock(&redirect_lock);
2412 return 0;
2413 }
2414
2415 /**
2416 * fionbio - non blocking ioctl
2417 * @file: file to set blocking value
2418 * @p: user parameter
2419 *
2420 * Historical tty interfaces had a blocking control ioctl before
2421 * the generic functionality existed. This piece of history is preserved
2422 * in the expected tty API of posix OS's.
2423 *
2424 * Locking: none, the open file handle ensures it won't go away.
2425 */
2426
fionbio(struct file * file,int __user * p)2427 static int fionbio(struct file *file, int __user *p)
2428 {
2429 int nonblock;
2430
2431 if (get_user(nonblock, p))
2432 return -EFAULT;
2433
2434 spin_lock(&file->f_lock);
2435 if (nonblock)
2436 file->f_flags |= O_NONBLOCK;
2437 else
2438 file->f_flags &= ~O_NONBLOCK;
2439 spin_unlock(&file->f_lock);
2440 return 0;
2441 }
2442
2443 /**
2444 * tiocsctty - set controlling tty
2445 * @tty: tty structure
2446 * @arg: user argument
2447 *
2448 * This ioctl is used to manage job control. It permits a session
2449 * leader to set this tty as the controlling tty for the session.
2450 *
2451 * Locking:
2452 * Takes tty_lock() to serialize proc_set_tty() for this tty
2453 * Takes tasklist_lock internally to walk sessions
2454 * Takes ->siglock() when updating signal->tty
2455 */
2456
tiocsctty(struct tty_struct * tty,struct file * file,int arg)2457 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg)
2458 {
2459 int ret = 0;
2460
2461 tty_lock(tty);
2462 read_lock(&tasklist_lock);
2463
2464 if (current->signal->leader && (task_session(current) == tty->session))
2465 goto unlock;
2466
2467 /*
2468 * The process must be a session leader and
2469 * not have a controlling tty already.
2470 */
2471 if (!current->signal->leader || current->signal->tty) {
2472 ret = -EPERM;
2473 goto unlock;
2474 }
2475
2476 if (tty->session) {
2477 /*
2478 * This tty is already the controlling
2479 * tty for another session group!
2480 */
2481 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2482 /*
2483 * Steal it away
2484 */
2485 session_clear_tty(tty->session);
2486 } else {
2487 ret = -EPERM;
2488 goto unlock;
2489 }
2490 }
2491
2492 /* See the comment in tty_open(). */
2493 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) {
2494 ret = -EPERM;
2495 goto unlock;
2496 }
2497
2498 proc_set_tty(tty);
2499 unlock:
2500 read_unlock(&tasklist_lock);
2501 tty_unlock(tty);
2502 return ret;
2503 }
2504
2505 /**
2506 * tty_get_pgrp - return a ref counted pgrp pid
2507 * @tty: tty to read
2508 *
2509 * Returns a refcounted instance of the pid struct for the process
2510 * group controlling the tty.
2511 */
2512
tty_get_pgrp(struct tty_struct * tty)2513 struct pid *tty_get_pgrp(struct tty_struct *tty)
2514 {
2515 unsigned long flags;
2516 struct pid *pgrp;
2517
2518 spin_lock_irqsave(&tty->ctrl_lock, flags);
2519 pgrp = get_pid(tty->pgrp);
2520 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2521
2522 return pgrp;
2523 }
2524 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2525
2526 /*
2527 * This checks not only the pgrp, but falls back on the pid if no
2528 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
2529 * without this...
2530 *
2531 * The caller must hold rcu lock or the tasklist lock.
2532 */
session_of_pgrp(struct pid * pgrp)2533 static struct pid *session_of_pgrp(struct pid *pgrp)
2534 {
2535 struct task_struct *p;
2536 struct pid *sid = NULL;
2537
2538 p = pid_task(pgrp, PIDTYPE_PGID);
2539 if (p == NULL)
2540 p = pid_task(pgrp, PIDTYPE_PID);
2541 if (p != NULL)
2542 sid = task_session(p);
2543
2544 return sid;
2545 }
2546
2547 /**
2548 * tiocgpgrp - get process group
2549 * @tty: tty passed by user
2550 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2551 * @p: returned pid
2552 *
2553 * Obtain the process group of the tty. If there is no process group
2554 * return an error.
2555 *
2556 * Locking: none. Reference to current->signal->tty is safe.
2557 */
2558
tiocgpgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2559 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2560 {
2561 struct pid *pid;
2562 int ret;
2563 /*
2564 * (tty == real_tty) is a cheap way of
2565 * testing if the tty is NOT a master pty.
2566 */
2567 if (tty == real_tty && current->signal->tty != real_tty)
2568 return -ENOTTY;
2569 pid = tty_get_pgrp(real_tty);
2570 ret = put_user(pid_vnr(pid), p);
2571 put_pid(pid);
2572 return ret;
2573 }
2574
2575 /**
2576 * tiocspgrp - attempt to set process group
2577 * @tty: tty passed by user
2578 * @real_tty: tty side device matching tty passed by user
2579 * @p: pid pointer
2580 *
2581 * Set the process group of the tty to the session passed. Only
2582 * permitted where the tty session is our session.
2583 *
2584 * Locking: RCU, ctrl lock
2585 */
2586
tiocspgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2587 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2588 {
2589 struct pid *pgrp;
2590 pid_t pgrp_nr;
2591 int retval = tty_check_change(real_tty);
2592 unsigned long flags;
2593
2594 if (retval == -EIO)
2595 return -ENOTTY;
2596 if (retval)
2597 return retval;
2598 if (!current->signal->tty ||
2599 (current->signal->tty != real_tty) ||
2600 (real_tty->session != task_session(current)))
2601 return -ENOTTY;
2602 if (get_user(pgrp_nr, p))
2603 return -EFAULT;
2604 if (pgrp_nr < 0)
2605 return -EINVAL;
2606 rcu_read_lock();
2607 pgrp = find_vpid(pgrp_nr);
2608 retval = -ESRCH;
2609 if (!pgrp)
2610 goto out_unlock;
2611 retval = -EPERM;
2612 if (session_of_pgrp(pgrp) != task_session(current))
2613 goto out_unlock;
2614 retval = 0;
2615 spin_lock_irqsave(&tty->ctrl_lock, flags);
2616 put_pid(real_tty->pgrp);
2617 real_tty->pgrp = get_pid(pgrp);
2618 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2619 out_unlock:
2620 rcu_read_unlock();
2621 return retval;
2622 }
2623
2624 /**
2625 * tiocgsid - get session id
2626 * @tty: tty passed by user
2627 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2628 * @p: pointer to returned session id
2629 *
2630 * Obtain the session id of the tty. If there is no session
2631 * return an error.
2632 *
2633 * Locking: none. Reference to current->signal->tty is safe.
2634 */
2635
tiocgsid(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2636 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2637 {
2638 /*
2639 * (tty == real_tty) is a cheap way of
2640 * testing if the tty is NOT a master pty.
2641 */
2642 if (tty == real_tty && current->signal->tty != real_tty)
2643 return -ENOTTY;
2644 if (!real_tty->session)
2645 return -ENOTTY;
2646 return put_user(pid_vnr(real_tty->session), p);
2647 }
2648
2649 /**
2650 * tiocsetd - set line discipline
2651 * @tty: tty device
2652 * @p: pointer to user data
2653 *
2654 * Set the line discipline according to user request.
2655 *
2656 * Locking: see tty_set_ldisc, this function is just a helper
2657 */
2658
tiocsetd(struct tty_struct * tty,int __user * p)2659 static int tiocsetd(struct tty_struct *tty, int __user *p)
2660 {
2661 int ldisc;
2662 int ret;
2663
2664 if (get_user(ldisc, p))
2665 return -EFAULT;
2666
2667 ret = tty_set_ldisc(tty, ldisc);
2668
2669 return ret;
2670 }
2671
2672 /**
2673 * tiocgetd - get line discipline
2674 * @tty: tty device
2675 * @p: pointer to user data
2676 *
2677 * Retrieves the line discipline id directly from the ldisc.
2678 *
2679 * Locking: waits for ldisc reference (in case the line discipline
2680 * is changing or the tty is being hungup)
2681 */
2682
tiocgetd(struct tty_struct * tty,int __user * p)2683 static int tiocgetd(struct tty_struct *tty, int __user *p)
2684 {
2685 struct tty_ldisc *ld;
2686 int ret;
2687
2688 ld = tty_ldisc_ref_wait(tty);
2689 ret = put_user(ld->ops->num, p);
2690 tty_ldisc_deref(ld);
2691 return ret;
2692 }
2693
2694 /**
2695 * send_break - performed time break
2696 * @tty: device to break on
2697 * @duration: timeout in mS
2698 *
2699 * Perform a timed break on hardware that lacks its own driver level
2700 * timed break functionality.
2701 *
2702 * Locking:
2703 * atomic_write_lock serializes
2704 *
2705 */
2706
send_break(struct tty_struct * tty,unsigned int duration)2707 static int send_break(struct tty_struct *tty, unsigned int duration)
2708 {
2709 int retval;
2710
2711 if (tty->ops->break_ctl == NULL)
2712 return 0;
2713
2714 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2715 retval = tty->ops->break_ctl(tty, duration);
2716 else {
2717 /* Do the work ourselves */
2718 if (tty_write_lock(tty, 0) < 0)
2719 return -EINTR;
2720 retval = tty->ops->break_ctl(tty, -1);
2721 if (retval)
2722 goto out;
2723 if (!signal_pending(current))
2724 msleep_interruptible(duration);
2725 retval = tty->ops->break_ctl(tty, 0);
2726 out:
2727 tty_write_unlock(tty);
2728 if (signal_pending(current))
2729 retval = -EINTR;
2730 }
2731 return retval;
2732 }
2733
2734 /**
2735 * tty_tiocmget - get modem status
2736 * @tty: tty device
2737 * @file: user file pointer
2738 * @p: pointer to result
2739 *
2740 * Obtain the modem status bits from the tty driver if the feature
2741 * is supported. Return -EINVAL if it is not available.
2742 *
2743 * Locking: none (up to the driver)
2744 */
2745
tty_tiocmget(struct tty_struct * tty,int __user * p)2746 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2747 {
2748 int retval = -EINVAL;
2749
2750 if (tty->ops->tiocmget) {
2751 retval = tty->ops->tiocmget(tty);
2752
2753 if (retval >= 0)
2754 retval = put_user(retval, p);
2755 }
2756 return retval;
2757 }
2758
2759 /**
2760 * tty_tiocmset - set modem status
2761 * @tty: tty device
2762 * @cmd: command - clear bits, set bits or set all
2763 * @p: pointer to desired bits
2764 *
2765 * Set the modem status bits from the tty driver if the feature
2766 * is supported. Return -EINVAL if it is not available.
2767 *
2768 * Locking: none (up to the driver)
2769 */
2770
tty_tiocmset(struct tty_struct * tty,unsigned int cmd,unsigned __user * p)2771 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2772 unsigned __user *p)
2773 {
2774 int retval;
2775 unsigned int set, clear, val;
2776
2777 if (tty->ops->tiocmset == NULL)
2778 return -EINVAL;
2779
2780 retval = get_user(val, p);
2781 if (retval)
2782 return retval;
2783 set = clear = 0;
2784 switch (cmd) {
2785 case TIOCMBIS:
2786 set = val;
2787 break;
2788 case TIOCMBIC:
2789 clear = val;
2790 break;
2791 case TIOCMSET:
2792 set = val;
2793 clear = ~val;
2794 break;
2795 }
2796 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2797 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2798 return tty->ops->tiocmset(tty, set, clear);
2799 }
2800
tty_tiocgicount(struct tty_struct * tty,void __user * arg)2801 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2802 {
2803 int retval = -EINVAL;
2804 struct serial_icounter_struct icount;
2805 memset(&icount, 0, sizeof(icount));
2806 if (tty->ops->get_icount)
2807 retval = tty->ops->get_icount(tty, &icount);
2808 if (retval != 0)
2809 return retval;
2810 if (copy_to_user(arg, &icount, sizeof(icount)))
2811 return -EFAULT;
2812 return 0;
2813 }
2814
tty_warn_deprecated_flags(struct serial_struct __user * ss)2815 static void tty_warn_deprecated_flags(struct serial_struct __user *ss)
2816 {
2817 static DEFINE_RATELIMIT_STATE(depr_flags,
2818 DEFAULT_RATELIMIT_INTERVAL,
2819 DEFAULT_RATELIMIT_BURST);
2820 char comm[TASK_COMM_LEN];
2821 int flags;
2822
2823 if (get_user(flags, &ss->flags))
2824 return;
2825
2826 flags &= ASYNC_DEPRECATED;
2827
2828 if (flags && __ratelimit(&depr_flags))
2829 pr_warning("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2830 __func__, get_task_comm(comm, current), flags);
2831 }
2832
2833 /*
2834 * if pty, return the slave side (real_tty)
2835 * otherwise, return self
2836 */
tty_pair_get_tty(struct tty_struct * tty)2837 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2838 {
2839 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2840 tty->driver->subtype == PTY_TYPE_MASTER)
2841 tty = tty->link;
2842 return tty;
2843 }
2844
2845 /*
2846 * Split this up, as gcc can choke on it otherwise..
2847 */
tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2848 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2849 {
2850 struct tty_struct *tty = file_tty(file);
2851 struct tty_struct *real_tty;
2852 void __user *p = (void __user *)arg;
2853 int retval;
2854 struct tty_ldisc *ld;
2855
2856 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2857 return -EINVAL;
2858
2859 real_tty = tty_pair_get_tty(tty);
2860
2861 /*
2862 * Factor out some common prep work
2863 */
2864 switch (cmd) {
2865 case TIOCSETD:
2866 case TIOCSBRK:
2867 case TIOCCBRK:
2868 case TCSBRK:
2869 case TCSBRKP:
2870 retval = tty_check_change(tty);
2871 if (retval)
2872 return retval;
2873 if (cmd != TIOCCBRK) {
2874 tty_wait_until_sent(tty, 0);
2875 if (signal_pending(current))
2876 return -EINTR;
2877 }
2878 break;
2879 }
2880
2881 /*
2882 * Now do the stuff.
2883 */
2884 switch (cmd) {
2885 case TIOCSTI:
2886 return tiocsti(tty, p);
2887 case TIOCGWINSZ:
2888 return tiocgwinsz(real_tty, p);
2889 case TIOCSWINSZ:
2890 return tiocswinsz(real_tty, p);
2891 case TIOCCONS:
2892 return real_tty != tty ? -EINVAL : tioccons(file);
2893 case FIONBIO:
2894 return fionbio(file, p);
2895 case TIOCEXCL:
2896 set_bit(TTY_EXCLUSIVE, &tty->flags);
2897 return 0;
2898 case TIOCNXCL:
2899 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2900 return 0;
2901 case TIOCGEXCL:
2902 {
2903 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2904 return put_user(excl, (int __user *)p);
2905 }
2906 case TIOCNOTTY:
2907 if (current->signal->tty != tty)
2908 return -ENOTTY;
2909 no_tty();
2910 return 0;
2911 case TIOCSCTTY:
2912 return tiocsctty(tty, file, arg);
2913 case TIOCGPGRP:
2914 return tiocgpgrp(tty, real_tty, p);
2915 case TIOCSPGRP:
2916 return tiocspgrp(tty, real_tty, p);
2917 case TIOCGSID:
2918 return tiocgsid(tty, real_tty, p);
2919 case TIOCGETD:
2920 return tiocgetd(tty, p);
2921 case TIOCSETD:
2922 return tiocsetd(tty, p);
2923 case TIOCVHANGUP:
2924 if (!capable(CAP_SYS_ADMIN))
2925 return -EPERM;
2926 tty_vhangup(tty);
2927 return 0;
2928 case TIOCGDEV:
2929 {
2930 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2931 return put_user(ret, (unsigned int __user *)p);
2932 }
2933 /*
2934 * Break handling
2935 */
2936 case TIOCSBRK: /* Turn break on, unconditionally */
2937 if (tty->ops->break_ctl)
2938 return tty->ops->break_ctl(tty, -1);
2939 return 0;
2940 case TIOCCBRK: /* Turn break off, unconditionally */
2941 if (tty->ops->break_ctl)
2942 return tty->ops->break_ctl(tty, 0);
2943 return 0;
2944 case TCSBRK: /* SVID version: non-zero arg --> no break */
2945 /* non-zero arg means wait for all output data
2946 * to be sent (performed above) but don't send break.
2947 * This is used by the tcdrain() termios function.
2948 */
2949 if (!arg)
2950 return send_break(tty, 250);
2951 return 0;
2952 case TCSBRKP: /* support for POSIX tcsendbreak() */
2953 return send_break(tty, arg ? arg*100 : 250);
2954
2955 case TIOCMGET:
2956 return tty_tiocmget(tty, p);
2957 case TIOCMSET:
2958 case TIOCMBIC:
2959 case TIOCMBIS:
2960 return tty_tiocmset(tty, cmd, p);
2961 case TIOCGICOUNT:
2962 retval = tty_tiocgicount(tty, p);
2963 /* For the moment allow fall through to the old method */
2964 if (retval != -EINVAL)
2965 return retval;
2966 break;
2967 case TCFLSH:
2968 switch (arg) {
2969 case TCIFLUSH:
2970 case TCIOFLUSH:
2971 /* flush tty buffer and allow ldisc to process ioctl */
2972 tty_buffer_flush(tty, NULL);
2973 break;
2974 }
2975 break;
2976 case TIOCSSERIAL:
2977 tty_warn_deprecated_flags(p);
2978 break;
2979 }
2980 if (tty->ops->ioctl) {
2981 retval = tty->ops->ioctl(tty, cmd, arg);
2982 if (retval != -ENOIOCTLCMD)
2983 return retval;
2984 }
2985 ld = tty_ldisc_ref_wait(tty);
2986 retval = -EINVAL;
2987 if (ld->ops->ioctl) {
2988 retval = ld->ops->ioctl(tty, file, cmd, arg);
2989 if (retval == -ENOIOCTLCMD)
2990 retval = -ENOTTY;
2991 }
2992 tty_ldisc_deref(ld);
2993 return retval;
2994 }
2995
2996 #ifdef CONFIG_COMPAT
tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2997 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2998 unsigned long arg)
2999 {
3000 struct tty_struct *tty = file_tty(file);
3001 struct tty_ldisc *ld;
3002 int retval = -ENOIOCTLCMD;
3003
3004 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
3005 return -EINVAL;
3006
3007 if (tty->ops->compat_ioctl) {
3008 retval = tty->ops->compat_ioctl(tty, cmd, arg);
3009 if (retval != -ENOIOCTLCMD)
3010 return retval;
3011 }
3012
3013 ld = tty_ldisc_ref_wait(tty);
3014 if (ld->ops->compat_ioctl)
3015 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
3016 else
3017 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
3018 tty_ldisc_deref(ld);
3019
3020 return retval;
3021 }
3022 #endif
3023
this_tty(const void * t,struct file * file,unsigned fd)3024 static int this_tty(const void *t, struct file *file, unsigned fd)
3025 {
3026 if (likely(file->f_op->read != tty_read))
3027 return 0;
3028 return file_tty(file) != t ? 0 : fd + 1;
3029 }
3030
3031 /*
3032 * This implements the "Secure Attention Key" --- the idea is to
3033 * prevent trojan horses by killing all processes associated with this
3034 * tty when the user hits the "Secure Attention Key". Required for
3035 * super-paranoid applications --- see the Orange Book for more details.
3036 *
3037 * This code could be nicer; ideally it should send a HUP, wait a few
3038 * seconds, then send a INT, and then a KILL signal. But you then
3039 * have to coordinate with the init process, since all processes associated
3040 * with the current tty must be dead before the new getty is allowed
3041 * to spawn.
3042 *
3043 * Now, if it would be correct ;-/ The current code has a nasty hole -
3044 * it doesn't catch files in flight. We may send the descriptor to ourselves
3045 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3046 *
3047 * Nasty bug: do_SAK is being called in interrupt context. This can
3048 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3049 */
__do_SAK(struct tty_struct * tty)3050 void __do_SAK(struct tty_struct *tty)
3051 {
3052 #ifdef TTY_SOFT_SAK
3053 tty_hangup(tty);
3054 #else
3055 struct task_struct *g, *p;
3056 struct pid *session;
3057 int i;
3058
3059 if (!tty)
3060 return;
3061 session = tty->session;
3062
3063 tty_ldisc_flush(tty);
3064
3065 tty_driver_flush_buffer(tty);
3066
3067 read_lock(&tasklist_lock);
3068 /* Kill the entire session */
3069 do_each_pid_task(session, PIDTYPE_SID, p) {
3070 printk(KERN_NOTICE "SAK: killed process %d"
3071 " (%s): task_session(p)==tty->session\n",
3072 task_pid_nr(p), p->comm);
3073 send_sig(SIGKILL, p, 1);
3074 } while_each_pid_task(session, PIDTYPE_SID, p);
3075 /* Now kill any processes that happen to have the
3076 * tty open.
3077 */
3078 do_each_thread(g, p) {
3079 if (p->signal->tty == tty) {
3080 printk(KERN_NOTICE "SAK: killed process %d"
3081 " (%s): task_session(p)==tty->session\n",
3082 task_pid_nr(p), p->comm);
3083 send_sig(SIGKILL, p, 1);
3084 continue;
3085 }
3086 task_lock(p);
3087 i = iterate_fd(p->files, 0, this_tty, tty);
3088 if (i != 0) {
3089 printk(KERN_NOTICE "SAK: killed process %d"
3090 " (%s): fd#%d opened to the tty\n",
3091 task_pid_nr(p), p->comm, i - 1);
3092 force_sig(SIGKILL, p);
3093 }
3094 task_unlock(p);
3095 } while_each_thread(g, p);
3096 read_unlock(&tasklist_lock);
3097 #endif
3098 }
3099
do_SAK_work(struct work_struct * work)3100 static void do_SAK_work(struct work_struct *work)
3101 {
3102 struct tty_struct *tty =
3103 container_of(work, struct tty_struct, SAK_work);
3104 __do_SAK(tty);
3105 }
3106
3107 /*
3108 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3109 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3110 * the values which we write to it will be identical to the values which it
3111 * already has. --akpm
3112 */
do_SAK(struct tty_struct * tty)3113 void do_SAK(struct tty_struct *tty)
3114 {
3115 if (!tty)
3116 return;
3117 schedule_work(&tty->SAK_work);
3118 }
3119
3120 EXPORT_SYMBOL(do_SAK);
3121
dev_match_devt(struct device * dev,const void * data)3122 static int dev_match_devt(struct device *dev, const void *data)
3123 {
3124 const dev_t *devt = data;
3125 return dev->devt == *devt;
3126 }
3127
3128 /* Must put_device() after it's unused! */
tty_get_device(struct tty_struct * tty)3129 static struct device *tty_get_device(struct tty_struct *tty)
3130 {
3131 dev_t devt = tty_devnum(tty);
3132 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
3133 }
3134
3135
3136 /**
3137 * alloc_tty_struct
3138 *
3139 * This subroutine allocates and initializes a tty structure.
3140 *
3141 * Locking: none - tty in question is not exposed at this point
3142 */
3143
alloc_tty_struct(struct tty_driver * driver,int idx)3144 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3145 {
3146 struct tty_struct *tty;
3147
3148 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3149 if (!tty)
3150 return NULL;
3151
3152 kref_init(&tty->kref);
3153 tty->magic = TTY_MAGIC;
3154 tty_ldisc_init(tty);
3155 tty->session = NULL;
3156 tty->pgrp = NULL;
3157 mutex_init(&tty->legacy_mutex);
3158 mutex_init(&tty->throttle_mutex);
3159 init_rwsem(&tty->termios_rwsem);
3160 mutex_init(&tty->winsize_mutex);
3161 init_ldsem(&tty->ldisc_sem);
3162 init_waitqueue_head(&tty->write_wait);
3163 init_waitqueue_head(&tty->read_wait);
3164 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3165 mutex_init(&tty->atomic_write_lock);
3166 spin_lock_init(&tty->ctrl_lock);
3167 spin_lock_init(&tty->flow_lock);
3168 INIT_LIST_HEAD(&tty->tty_files);
3169 INIT_WORK(&tty->SAK_work, do_SAK_work);
3170
3171 tty->driver = driver;
3172 tty->ops = driver->ops;
3173 tty->index = idx;
3174 tty_line_name(driver, idx, tty->name);
3175 tty->dev = tty_get_device(tty);
3176
3177 return tty;
3178 }
3179
3180 /**
3181 * deinitialize_tty_struct
3182 * @tty: tty to deinitialize
3183 *
3184 * This subroutine deinitializes a tty structure that has been newly
3185 * allocated but tty_release cannot be called on that yet.
3186 *
3187 * Locking: none - tty in question must not be exposed at this point
3188 */
deinitialize_tty_struct(struct tty_struct * tty)3189 void deinitialize_tty_struct(struct tty_struct *tty)
3190 {
3191 tty_ldisc_deinit(tty);
3192 }
3193
3194 /**
3195 * tty_put_char - write one character to a tty
3196 * @tty: tty
3197 * @ch: character
3198 *
3199 * Write one byte to the tty using the provided put_char method
3200 * if present. Returns the number of characters successfully output.
3201 *
3202 * Note: the specific put_char operation in the driver layer may go
3203 * away soon. Don't call it directly, use this method
3204 */
3205
tty_put_char(struct tty_struct * tty,unsigned char ch)3206 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3207 {
3208 if (tty->ops->put_char)
3209 return tty->ops->put_char(tty, ch);
3210 return tty->ops->write(tty, &ch, 1);
3211 }
3212 EXPORT_SYMBOL_GPL(tty_put_char);
3213
3214 struct class *tty_class;
3215
tty_cdev_add(struct tty_driver * driver,dev_t dev,unsigned int index,unsigned int count)3216 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3217 unsigned int index, unsigned int count)
3218 {
3219 /* init here, since reused cdevs cause crashes */
3220 cdev_init(&driver->cdevs[index], &tty_fops);
3221 driver->cdevs[index].owner = driver->owner;
3222 return cdev_add(&driver->cdevs[index], dev, count);
3223 }
3224
3225 /**
3226 * tty_register_device - register a tty device
3227 * @driver: the tty driver that describes the tty device
3228 * @index: the index in the tty driver for this tty device
3229 * @device: a struct device that is associated with this tty device.
3230 * This field is optional, if there is no known struct device
3231 * for this tty device it can be set to NULL safely.
3232 *
3233 * Returns a pointer to the struct device for this tty device
3234 * (or ERR_PTR(-EFOO) on error).
3235 *
3236 * This call is required to be made to register an individual tty device
3237 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3238 * that bit is not set, this function should not be called by a tty
3239 * driver.
3240 *
3241 * Locking: ??
3242 */
3243
tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)3244 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3245 struct device *device)
3246 {
3247 return tty_register_device_attr(driver, index, device, NULL, NULL);
3248 }
3249 EXPORT_SYMBOL(tty_register_device);
3250
tty_device_create_release(struct device * dev)3251 static void tty_device_create_release(struct device *dev)
3252 {
3253 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3254 kfree(dev);
3255 }
3256
3257 /**
3258 * tty_register_device_attr - register a tty device
3259 * @driver: the tty driver that describes the tty device
3260 * @index: the index in the tty driver for this tty device
3261 * @device: a struct device that is associated with this tty device.
3262 * This field is optional, if there is no known struct device
3263 * for this tty device it can be set to NULL safely.
3264 * @drvdata: Driver data to be set to device.
3265 * @attr_grp: Attribute group to be set on device.
3266 *
3267 * Returns a pointer to the struct device for this tty device
3268 * (or ERR_PTR(-EFOO) on error).
3269 *
3270 * This call is required to be made to register an individual tty device
3271 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3272 * that bit is not set, this function should not be called by a tty
3273 * driver.
3274 *
3275 * Locking: ??
3276 */
tty_register_device_attr(struct tty_driver * driver,unsigned index,struct device * device,void * drvdata,const struct attribute_group ** attr_grp)3277 struct device *tty_register_device_attr(struct tty_driver *driver,
3278 unsigned index, struct device *device,
3279 void *drvdata,
3280 const struct attribute_group **attr_grp)
3281 {
3282 char name[64];
3283 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3284 struct device *dev = NULL;
3285 int retval = -ENODEV;
3286 bool cdev = false;
3287
3288 if (index >= driver->num) {
3289 printk(KERN_ERR "Attempt to register invalid tty line number "
3290 " (%d).\n", index);
3291 return ERR_PTR(-EINVAL);
3292 }
3293
3294 if (driver->type == TTY_DRIVER_TYPE_PTY)
3295 pty_line_name(driver, index, name);
3296 else
3297 tty_line_name(driver, index, name);
3298
3299 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3300 retval = tty_cdev_add(driver, devt, index, 1);
3301 if (retval)
3302 goto error;
3303 cdev = true;
3304 }
3305
3306 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3307 if (!dev) {
3308 retval = -ENOMEM;
3309 goto error;
3310 }
3311
3312 dev->devt = devt;
3313 dev->class = tty_class;
3314 dev->parent = device;
3315 dev->release = tty_device_create_release;
3316 dev_set_name(dev, "%s", name);
3317 dev->groups = attr_grp;
3318 dev_set_drvdata(dev, drvdata);
3319
3320 retval = device_register(dev);
3321 if (retval)
3322 goto error;
3323
3324 return dev;
3325
3326 error:
3327 put_device(dev);
3328 if (cdev)
3329 cdev_del(&driver->cdevs[index]);
3330 return ERR_PTR(retval);
3331 }
3332 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3333
3334 /**
3335 * tty_unregister_device - unregister a tty device
3336 * @driver: the tty driver that describes the tty device
3337 * @index: the index in the tty driver for this tty device
3338 *
3339 * If a tty device is registered with a call to tty_register_device() then
3340 * this function must be called when the tty device is gone.
3341 *
3342 * Locking: ??
3343 */
3344
tty_unregister_device(struct tty_driver * driver,unsigned index)3345 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3346 {
3347 device_destroy(tty_class,
3348 MKDEV(driver->major, driver->minor_start) + index);
3349 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3350 cdev_del(&driver->cdevs[index]);
3351 }
3352 EXPORT_SYMBOL(tty_unregister_device);
3353
3354 /**
3355 * __tty_alloc_driver -- allocate tty driver
3356 * @lines: count of lines this driver can handle at most
3357 * @owner: module which is repsonsible for this driver
3358 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3359 *
3360 * This should not be called directly, some of the provided macros should be
3361 * used instead. Use IS_ERR and friends on @retval.
3362 */
__tty_alloc_driver(unsigned int lines,struct module * owner,unsigned long flags)3363 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3364 unsigned long flags)
3365 {
3366 struct tty_driver *driver;
3367 unsigned int cdevs = 1;
3368 int err;
3369
3370 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3371 return ERR_PTR(-EINVAL);
3372
3373 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3374 if (!driver)
3375 return ERR_PTR(-ENOMEM);
3376
3377 kref_init(&driver->kref);
3378 driver->magic = TTY_DRIVER_MAGIC;
3379 driver->num = lines;
3380 driver->owner = owner;
3381 driver->flags = flags;
3382
3383 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3384 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3385 GFP_KERNEL);
3386 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3387 GFP_KERNEL);
3388 if (!driver->ttys || !driver->termios) {
3389 err = -ENOMEM;
3390 goto err_free_all;
3391 }
3392 }
3393
3394 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3395 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3396 GFP_KERNEL);
3397 if (!driver->ports) {
3398 err = -ENOMEM;
3399 goto err_free_all;
3400 }
3401 cdevs = lines;
3402 }
3403
3404 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3405 if (!driver->cdevs) {
3406 err = -ENOMEM;
3407 goto err_free_all;
3408 }
3409
3410 return driver;
3411 err_free_all:
3412 kfree(driver->ports);
3413 kfree(driver->ttys);
3414 kfree(driver->termios);
3415 kfree(driver);
3416 return ERR_PTR(err);
3417 }
3418 EXPORT_SYMBOL(__tty_alloc_driver);
3419
destruct_tty_driver(struct kref * kref)3420 static void destruct_tty_driver(struct kref *kref)
3421 {
3422 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3423 int i;
3424 struct ktermios *tp;
3425
3426 if (driver->flags & TTY_DRIVER_INSTALLED) {
3427 /*
3428 * Free the termios and termios_locked structures because
3429 * we don't want to get memory leaks when modular tty
3430 * drivers are removed from the kernel.
3431 */
3432 for (i = 0; i < driver->num; i++) {
3433 tp = driver->termios[i];
3434 if (tp) {
3435 driver->termios[i] = NULL;
3436 kfree(tp);
3437 }
3438 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3439 tty_unregister_device(driver, i);
3440 }
3441 proc_tty_unregister_driver(driver);
3442 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3443 cdev_del(&driver->cdevs[0]);
3444 }
3445 kfree(driver->cdevs);
3446 kfree(driver->ports);
3447 kfree(driver->termios);
3448 kfree(driver->ttys);
3449 kfree(driver);
3450 }
3451
tty_driver_kref_put(struct tty_driver * driver)3452 void tty_driver_kref_put(struct tty_driver *driver)
3453 {
3454 kref_put(&driver->kref, destruct_tty_driver);
3455 }
3456 EXPORT_SYMBOL(tty_driver_kref_put);
3457
tty_set_operations(struct tty_driver * driver,const struct tty_operations * op)3458 void tty_set_operations(struct tty_driver *driver,
3459 const struct tty_operations *op)
3460 {
3461 driver->ops = op;
3462 };
3463 EXPORT_SYMBOL(tty_set_operations);
3464
put_tty_driver(struct tty_driver * d)3465 void put_tty_driver(struct tty_driver *d)
3466 {
3467 tty_driver_kref_put(d);
3468 }
3469 EXPORT_SYMBOL(put_tty_driver);
3470
3471 /*
3472 * Called by a tty driver to register itself.
3473 */
tty_register_driver(struct tty_driver * driver)3474 int tty_register_driver(struct tty_driver *driver)
3475 {
3476 int error;
3477 int i;
3478 dev_t dev;
3479 struct device *d;
3480
3481 if (!driver->major) {
3482 error = alloc_chrdev_region(&dev, driver->minor_start,
3483 driver->num, driver->name);
3484 if (!error) {
3485 driver->major = MAJOR(dev);
3486 driver->minor_start = MINOR(dev);
3487 }
3488 } else {
3489 dev = MKDEV(driver->major, driver->minor_start);
3490 error = register_chrdev_region(dev, driver->num, driver->name);
3491 }
3492 if (error < 0)
3493 goto err;
3494
3495 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3496 error = tty_cdev_add(driver, dev, 0, driver->num);
3497 if (error)
3498 goto err_unreg_char;
3499 }
3500
3501 mutex_lock(&tty_mutex);
3502 list_add(&driver->tty_drivers, &tty_drivers);
3503 mutex_unlock(&tty_mutex);
3504
3505 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3506 for (i = 0; i < driver->num; i++) {
3507 d = tty_register_device(driver, i, NULL);
3508 if (IS_ERR(d)) {
3509 error = PTR_ERR(d);
3510 goto err_unreg_devs;
3511 }
3512 }
3513 }
3514 proc_tty_register_driver(driver);
3515 driver->flags |= TTY_DRIVER_INSTALLED;
3516 return 0;
3517
3518 err_unreg_devs:
3519 for (i--; i >= 0; i--)
3520 tty_unregister_device(driver, i);
3521
3522 mutex_lock(&tty_mutex);
3523 list_del(&driver->tty_drivers);
3524 mutex_unlock(&tty_mutex);
3525
3526 err_unreg_char:
3527 unregister_chrdev_region(dev, driver->num);
3528 err:
3529 return error;
3530 }
3531 EXPORT_SYMBOL(tty_register_driver);
3532
3533 /*
3534 * Called by a tty driver to unregister itself.
3535 */
tty_unregister_driver(struct tty_driver * driver)3536 int tty_unregister_driver(struct tty_driver *driver)
3537 {
3538 #if 0
3539 /* FIXME */
3540 if (driver->refcount)
3541 return -EBUSY;
3542 #endif
3543 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3544 driver->num);
3545 mutex_lock(&tty_mutex);
3546 list_del(&driver->tty_drivers);
3547 mutex_unlock(&tty_mutex);
3548 return 0;
3549 }
3550
3551 EXPORT_SYMBOL(tty_unregister_driver);
3552
tty_devnum(struct tty_struct * tty)3553 dev_t tty_devnum(struct tty_struct *tty)
3554 {
3555 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3556 }
3557 EXPORT_SYMBOL(tty_devnum);
3558
tty_default_fops(struct file_operations * fops)3559 void tty_default_fops(struct file_operations *fops)
3560 {
3561 *fops = tty_fops;
3562 }
3563
3564 /*
3565 * Initialize the console device. This is called *early*, so
3566 * we can't necessarily depend on lots of kernel help here.
3567 * Just do some early initializations, and do the complex setup
3568 * later.
3569 */
console_init(void)3570 void __init console_init(void)
3571 {
3572 initcall_t *call;
3573
3574 /* Setup the default TTY line discipline. */
3575 tty_ldisc_begin();
3576
3577 /*
3578 * set up the console device so that later boot sequences can
3579 * inform about problems etc..
3580 */
3581 call = __con_initcall_start;
3582 while (call < __con_initcall_end) {
3583 (*call)();
3584 call++;
3585 }
3586 }
3587
tty_devnode(struct device * dev,umode_t * mode)3588 static char *tty_devnode(struct device *dev, umode_t *mode)
3589 {
3590 if (!mode)
3591 return NULL;
3592 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3593 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3594 *mode = 0666;
3595 return NULL;
3596 }
3597
tty_class_init(void)3598 static int __init tty_class_init(void)
3599 {
3600 tty_class = class_create(THIS_MODULE, "tty");
3601 if (IS_ERR(tty_class))
3602 return PTR_ERR(tty_class);
3603 tty_class->devnode = tty_devnode;
3604 return 0;
3605 }
3606
3607 postcore_initcall(tty_class_init);
3608
3609 /* 3/2004 jmc: why do these devices exist? */
3610 static struct cdev tty_cdev, console_cdev;
3611
show_cons_active(struct device * dev,struct device_attribute * attr,char * buf)3612 static ssize_t show_cons_active(struct device *dev,
3613 struct device_attribute *attr, char *buf)
3614 {
3615 struct console *cs[16];
3616 int i = 0;
3617 struct console *c;
3618 ssize_t count = 0;
3619
3620 console_lock();
3621 for_each_console(c) {
3622 if (!c->device)
3623 continue;
3624 if (!c->write)
3625 continue;
3626 if ((c->flags & CON_ENABLED) == 0)
3627 continue;
3628 cs[i++] = c;
3629 if (i >= ARRAY_SIZE(cs))
3630 break;
3631 }
3632 while (i--) {
3633 int index = cs[i]->index;
3634 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3635
3636 /* don't resolve tty0 as some programs depend on it */
3637 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3638 count += tty_line_name(drv, index, buf + count);
3639 else
3640 count += sprintf(buf + count, "%s%d",
3641 cs[i]->name, cs[i]->index);
3642
3643 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3644 }
3645 console_unlock();
3646
3647 return count;
3648 }
3649 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3650
3651 static struct attribute *cons_dev_attrs[] = {
3652 &dev_attr_active.attr,
3653 NULL
3654 };
3655
3656 ATTRIBUTE_GROUPS(cons_dev);
3657
3658 static struct device *consdev;
3659
console_sysfs_notify(void)3660 void console_sysfs_notify(void)
3661 {
3662 if (consdev)
3663 sysfs_notify(&consdev->kobj, NULL, "active");
3664 }
3665
3666 /*
3667 * Ok, now we can initialize the rest of the tty devices and can count
3668 * on memory allocations, interrupts etc..
3669 */
tty_init(void)3670 int __init tty_init(void)
3671 {
3672 cdev_init(&tty_cdev, &tty_fops);
3673 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3674 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3675 panic("Couldn't register /dev/tty driver\n");
3676 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3677
3678 cdev_init(&console_cdev, &console_fops);
3679 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3680 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3681 panic("Couldn't register /dev/console driver\n");
3682 consdev = device_create_with_groups(tty_class, NULL,
3683 MKDEV(TTYAUX_MAJOR, 1), NULL,
3684 cons_dev_groups, "console");
3685 if (IS_ERR(consdev))
3686 consdev = NULL;
3687
3688 #ifdef CONFIG_VT
3689 vty_init(&console_fops);
3690 #endif
3691 return 0;
3692 }
3693
3694