1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6 /*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68 #include <linux/types.h>
69 #include <linux/major.h>
70 #include <linux/errno.h>
71 #include <linux/signal.h>
72 #include <linux/fcntl.h>
73 #include <linux/sched/signal.h>
74 #include <linux/sched/task.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/ppp-ioctl.h>
91 #include <linux/proc_fs.h>
92 #include <linux/init.h>
93 #include <linux/module.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99 #include <linux/serial.h>
100 #include <linux/ratelimit.h>
101 #include <linux/compat.h>
102 #include <linux/uaccess.h>
103 #include <linux/termios_internal.h>
104 #include <linux/fs.h>
105
106 #include <linux/kbd_kern.h>
107 #include <linux/vt_kern.h>
108 #include <linux/selection.h>
109
110 #include <linux/kmod.h>
111 #include <linux/nsproxy.h>
112 #include "tty.h"
113
114 #undef TTY_DEBUG_HANGUP
115 #ifdef TTY_DEBUG_HANGUP
116 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
117 #else
118 # define tty_debug_hangup(tty, f, args...) do { } while (0)
119 #endif
120
121 #define TTY_PARANOIA_CHECK 1
122 #define CHECK_TTY_COUNT 1
123
124 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
125 .c_iflag = ICRNL | IXON,
126 .c_oflag = OPOST | ONLCR,
127 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
128 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
129 ECHOCTL | ECHOKE | IEXTEN,
130 .c_cc = INIT_C_CC,
131 .c_ispeed = 38400,
132 .c_ospeed = 38400,
133 /* .c_line = N_TTY, */
134 };
135 EXPORT_SYMBOL(tty_std_termios);
136
137 /* This list gets poked at by procfs and various bits of boot up code. This
138 * could do with some rationalisation such as pulling the tty proc function
139 * into this file.
140 */
141
142 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
143
144 /* Mutex to protect creating and releasing a tty */
145 DEFINE_MUTEX(tty_mutex);
146
147 static ssize_t tty_read(struct kiocb *, struct iov_iter *);
148 static ssize_t tty_write(struct kiocb *, struct iov_iter *);
149 static __poll_t tty_poll(struct file *, poll_table *);
150 static int tty_open(struct inode *, struct file *);
151 #ifdef CONFIG_COMPAT
152 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
153 unsigned long arg);
154 #else
155 #define tty_compat_ioctl NULL
156 #endif
157 static int __tty_fasync(int fd, struct file *filp, int on);
158 static int tty_fasync(int fd, struct file *filp, int on);
159 static void release_tty(struct tty_struct *tty, int idx);
160
161 /**
162 * free_tty_struct - free a disused tty
163 * @tty: tty struct to free
164 *
165 * Free the write buffers, tty queue and tty memory itself.
166 *
167 * Locking: none. Must be called after tty is definitely unused
168 */
free_tty_struct(struct tty_struct * tty)169 static void free_tty_struct(struct tty_struct *tty)
170 {
171 tty_ldisc_deinit(tty);
172 put_device(tty->dev);
173 kvfree(tty->write_buf);
174 kfree(tty);
175 }
176
file_tty(struct file * file)177 static inline struct tty_struct *file_tty(struct file *file)
178 {
179 return ((struct tty_file_private *)file->private_data)->tty;
180 }
181
tty_alloc_file(struct file * file)182 int tty_alloc_file(struct file *file)
183 {
184 struct tty_file_private *priv;
185
186 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 if (!priv)
188 return -ENOMEM;
189
190 file->private_data = priv;
191
192 return 0;
193 }
194
195 /* Associate a new file with the tty structure */
tty_add_file(struct tty_struct * tty,struct file * file)196 void tty_add_file(struct tty_struct *tty, struct file *file)
197 {
198 struct tty_file_private *priv = file->private_data;
199
200 priv->tty = tty;
201 priv->file = file;
202
203 spin_lock(&tty->files_lock);
204 list_add(&priv->list, &tty->tty_files);
205 spin_unlock(&tty->files_lock);
206 }
207
208 /**
209 * tty_free_file - free file->private_data
210 * @file: to free private_data of
211 *
212 * This shall be used only for fail path handling when tty_add_file was not
213 * called yet.
214 */
tty_free_file(struct file * file)215 void tty_free_file(struct file *file)
216 {
217 struct tty_file_private *priv = file->private_data;
218
219 file->private_data = NULL;
220 kfree(priv);
221 }
222
223 /* Delete file from its tty */
tty_del_file(struct file * file)224 static void tty_del_file(struct file *file)
225 {
226 struct tty_file_private *priv = file->private_data;
227 struct tty_struct *tty = priv->tty;
228
229 spin_lock(&tty->files_lock);
230 list_del(&priv->list);
231 spin_unlock(&tty->files_lock);
232 tty_free_file(file);
233 }
234
235 /**
236 * tty_name - return tty naming
237 * @tty: tty structure
238 *
239 * Convert a tty structure into a name. The name reflects the kernel naming
240 * policy and if udev is in use may not reflect user space
241 *
242 * Locking: none
243 */
tty_name(const struct tty_struct * tty)244 const char *tty_name(const struct tty_struct *tty)
245 {
246 if (!tty) /* Hmm. NULL pointer. That's fun. */
247 return "NULL tty";
248 return tty->name;
249 }
250 EXPORT_SYMBOL(tty_name);
251
tty_driver_name(const struct tty_struct * tty)252 const char *tty_driver_name(const struct tty_struct *tty)
253 {
254 if (!tty || !tty->driver)
255 return "";
256 return tty->driver->name;
257 }
258
tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)259 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 const char *routine)
261 {
262 #ifdef TTY_PARANOIA_CHECK
263 if (!tty) {
264 pr_warn("(%d:%d): %s: NULL tty\n",
265 imajor(inode), iminor(inode), routine);
266 return 1;
267 }
268 #endif
269 return 0;
270 }
271
272 /* Caller must hold tty_lock */
check_tty_count(struct tty_struct * tty,const char * routine)273 static void check_tty_count(struct tty_struct *tty, const char *routine)
274 {
275 #ifdef CHECK_TTY_COUNT
276 struct list_head *p;
277 int count = 0, kopen_count = 0;
278
279 spin_lock(&tty->files_lock);
280 list_for_each(p, &tty->tty_files) {
281 count++;
282 }
283 spin_unlock(&tty->files_lock);
284 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
285 tty->driver->subtype == PTY_TYPE_SLAVE &&
286 tty->link && tty->link->count)
287 count++;
288 if (tty_port_kopened(tty->port))
289 kopen_count++;
290 if (tty->count != (count + kopen_count)) {
291 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
292 routine, tty->count, count, kopen_count);
293 }
294 #endif
295 }
296
297 /**
298 * get_tty_driver - find device of a tty
299 * @device: device identifier
300 * @index: returns the index of the tty
301 *
302 * This routine returns a tty driver structure, given a device number and also
303 * passes back the index number.
304 *
305 * Locking: caller must hold tty_mutex
306 */
get_tty_driver(dev_t device,int * index)307 static struct tty_driver *get_tty_driver(dev_t device, int *index)
308 {
309 struct tty_driver *p;
310
311 list_for_each_entry(p, &tty_drivers, tty_drivers) {
312 dev_t base = MKDEV(p->major, p->minor_start);
313
314 if (device < base || device >= base + p->num)
315 continue;
316 *index = device - base;
317 return tty_driver_kref_get(p);
318 }
319 return NULL;
320 }
321
322 /**
323 * tty_dev_name_to_number - return dev_t for device name
324 * @name: user space name of device under /dev
325 * @number: pointer to dev_t that this function will populate
326 *
327 * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
328 * (4, 64) or (188, 1). If no corresponding driver is registered then the
329 * function returns -%ENODEV.
330 *
331 * Locking: this acquires tty_mutex to protect the tty_drivers list from
332 * being modified while we are traversing it, and makes sure to
333 * release it before exiting.
334 */
tty_dev_name_to_number(const char * name,dev_t * number)335 int tty_dev_name_to_number(const char *name, dev_t *number)
336 {
337 struct tty_driver *p;
338 int ret;
339 int index, prefix_length = 0;
340 const char *str;
341
342 for (str = name; *str && !isdigit(*str); str++)
343 ;
344
345 if (!*str)
346 return -EINVAL;
347
348 ret = kstrtoint(str, 10, &index);
349 if (ret)
350 return ret;
351
352 prefix_length = str - name;
353 mutex_lock(&tty_mutex);
354
355 list_for_each_entry(p, &tty_drivers, tty_drivers)
356 if (prefix_length == strlen(p->name) && strncmp(name,
357 p->name, prefix_length) == 0) {
358 if (index < p->num) {
359 *number = MKDEV(p->major, p->minor_start + index);
360 goto out;
361 }
362 }
363
364 /* if here then driver wasn't found */
365 ret = -ENODEV;
366 out:
367 mutex_unlock(&tty_mutex);
368 return ret;
369 }
370 EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
371
372 #ifdef CONFIG_CONSOLE_POLL
373
374 /**
375 * tty_find_polling_driver - find device of a polled tty
376 * @name: name string to match
377 * @line: pointer to resulting tty line nr
378 *
379 * This routine returns a tty driver structure, given a name and the condition
380 * that the tty driver is capable of polled operation.
381 */
tty_find_polling_driver(char * name,int * line)382 struct tty_driver *tty_find_polling_driver(char *name, int *line)
383 {
384 struct tty_driver *p, *res = NULL;
385 int tty_line = 0;
386 int len;
387 char *str, *stp;
388
389 for (str = name; *str; str++)
390 if ((*str >= '0' && *str <= '9') || *str == ',')
391 break;
392 if (!*str)
393 return NULL;
394
395 len = str - name;
396 tty_line = simple_strtoul(str, &str, 10);
397
398 mutex_lock(&tty_mutex);
399 /* Search through the tty devices to look for a match */
400 list_for_each_entry(p, &tty_drivers, tty_drivers) {
401 if (!len || strncmp(name, p->name, len) != 0)
402 continue;
403 stp = str;
404 if (*stp == ',')
405 stp++;
406 if (*stp == '\0')
407 stp = NULL;
408
409 if (tty_line >= 0 && tty_line < p->num && p->ops &&
410 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
411 res = tty_driver_kref_get(p);
412 *line = tty_line;
413 break;
414 }
415 }
416 mutex_unlock(&tty_mutex);
417
418 return res;
419 }
420 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
421 #endif
422
hung_up_tty_read(struct kiocb * iocb,struct iov_iter * to)423 static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
424 {
425 return 0;
426 }
427
hung_up_tty_write(struct kiocb * iocb,struct iov_iter * from)428 static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
429 {
430 return -EIO;
431 }
432
433 /* No kernel lock held - none needed ;) */
hung_up_tty_poll(struct file * filp,poll_table * wait)434 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
435 {
436 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
437 }
438
hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)439 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
440 unsigned long arg)
441 {
442 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
443 }
444
hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)445 static long hung_up_tty_compat_ioctl(struct file *file,
446 unsigned int cmd, unsigned long arg)
447 {
448 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
449 }
450
hung_up_tty_fasync(int fd,struct file * file,int on)451 static int hung_up_tty_fasync(int fd, struct file *file, int on)
452 {
453 return -ENOTTY;
454 }
455
tty_show_fdinfo(struct seq_file * m,struct file * file)456 static void tty_show_fdinfo(struct seq_file *m, struct file *file)
457 {
458 struct tty_struct *tty = file_tty(file);
459
460 if (tty && tty->ops && tty->ops->show_fdinfo)
461 tty->ops->show_fdinfo(tty, m);
462 }
463
464 static const struct file_operations tty_fops = {
465 .llseek = no_llseek,
466 .read_iter = tty_read,
467 .write_iter = tty_write,
468 .splice_read = copy_splice_read,
469 .splice_write = iter_file_splice_write,
470 .poll = tty_poll,
471 .unlocked_ioctl = tty_ioctl,
472 .compat_ioctl = tty_compat_ioctl,
473 .open = tty_open,
474 .release = tty_release,
475 .fasync = tty_fasync,
476 .show_fdinfo = tty_show_fdinfo,
477 };
478
479 static const struct file_operations console_fops = {
480 .llseek = no_llseek,
481 .read_iter = tty_read,
482 .write_iter = redirected_tty_write,
483 .splice_read = copy_splice_read,
484 .splice_write = iter_file_splice_write,
485 .poll = tty_poll,
486 .unlocked_ioctl = tty_ioctl,
487 .compat_ioctl = tty_compat_ioctl,
488 .open = tty_open,
489 .release = tty_release,
490 .fasync = tty_fasync,
491 };
492
493 static const struct file_operations hung_up_tty_fops = {
494 .llseek = no_llseek,
495 .read_iter = hung_up_tty_read,
496 .write_iter = hung_up_tty_write,
497 .poll = hung_up_tty_poll,
498 .unlocked_ioctl = hung_up_tty_ioctl,
499 .compat_ioctl = hung_up_tty_compat_ioctl,
500 .release = tty_release,
501 .fasync = hung_up_tty_fasync,
502 };
503
504 static DEFINE_SPINLOCK(redirect_lock);
505 static struct file *redirect;
506
507 /**
508 * tty_wakeup - request more data
509 * @tty: terminal
510 *
511 * Internal and external helper for wakeups of tty. This function informs the
512 * line discipline if present that the driver is ready to receive more output
513 * data.
514 */
tty_wakeup(struct tty_struct * tty)515 void tty_wakeup(struct tty_struct *tty)
516 {
517 struct tty_ldisc *ld;
518
519 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
520 ld = tty_ldisc_ref(tty);
521 if (ld) {
522 if (ld->ops->write_wakeup)
523 ld->ops->write_wakeup(tty);
524 tty_ldisc_deref(ld);
525 }
526 }
527 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
528 }
529 EXPORT_SYMBOL_GPL(tty_wakeup);
530
531 /**
532 * tty_release_redirect - Release a redirect on a pty if present
533 * @tty: tty device
534 *
535 * This is available to the pty code so if the master closes, if the slave is a
536 * redirect it can release the redirect.
537 */
tty_release_redirect(struct tty_struct * tty)538 static struct file *tty_release_redirect(struct tty_struct *tty)
539 {
540 struct file *f = NULL;
541
542 spin_lock(&redirect_lock);
543 if (redirect && file_tty(redirect) == tty) {
544 f = redirect;
545 redirect = NULL;
546 }
547 spin_unlock(&redirect_lock);
548
549 return f;
550 }
551
552 /**
553 * __tty_hangup - actual handler for hangup events
554 * @tty: tty device
555 * @exit_session: if non-zero, signal all foreground group processes
556 *
557 * This can be called by a "kworker" kernel thread. That is process synchronous
558 * but doesn't hold any locks, so we need to make sure we have the appropriate
559 * locks for what we're doing.
560 *
561 * The hangup event clears any pending redirections onto the hung up device. It
562 * ensures future writes will error and it does the needed line discipline
563 * hangup and signal delivery. The tty object itself remains intact.
564 *
565 * Locking:
566 * * BTM
567 *
568 * * redirect lock for undoing redirection
569 * * file list lock for manipulating list of ttys
570 * * tty_ldiscs_lock from called functions
571 * * termios_rwsem resetting termios data
572 * * tasklist_lock to walk task list for hangup event
573 *
574 * * ->siglock to protect ->signal/->sighand
575 *
576 */
__tty_hangup(struct tty_struct * tty,int exit_session)577 static void __tty_hangup(struct tty_struct *tty, int exit_session)
578 {
579 struct file *cons_filp = NULL;
580 struct file *filp, *f;
581 struct tty_file_private *priv;
582 int closecount = 0, n;
583 int refs;
584
585 if (!tty)
586 return;
587
588 f = tty_release_redirect(tty);
589
590 tty_lock(tty);
591
592 if (test_bit(TTY_HUPPED, &tty->flags)) {
593 tty_unlock(tty);
594 return;
595 }
596
597 /*
598 * Some console devices aren't actually hung up for technical and
599 * historical reasons, which can lead to indefinite interruptible
600 * sleep in n_tty_read(). The following explicitly tells
601 * n_tty_read() to abort readers.
602 */
603 set_bit(TTY_HUPPING, &tty->flags);
604
605 /* inuse_filps is protected by the single tty lock,
606 * this really needs to change if we want to flush the
607 * workqueue with the lock held.
608 */
609 check_tty_count(tty, "tty_hangup");
610
611 spin_lock(&tty->files_lock);
612 /* This breaks for file handles being sent over AF_UNIX sockets ? */
613 list_for_each_entry(priv, &tty->tty_files, list) {
614 filp = priv->file;
615 if (filp->f_op->write_iter == redirected_tty_write)
616 cons_filp = filp;
617 if (filp->f_op->write_iter != tty_write)
618 continue;
619 closecount++;
620 __tty_fasync(-1, filp, 0); /* can't block */
621 filp->f_op = &hung_up_tty_fops;
622 }
623 spin_unlock(&tty->files_lock);
624
625 refs = tty_signal_session_leader(tty, exit_session);
626 /* Account for the p->signal references we killed */
627 while (refs--)
628 tty_kref_put(tty);
629
630 tty_ldisc_hangup(tty, cons_filp != NULL);
631
632 spin_lock_irq(&tty->ctrl.lock);
633 clear_bit(TTY_THROTTLED, &tty->flags);
634 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
635 put_pid(tty->ctrl.session);
636 put_pid(tty->ctrl.pgrp);
637 tty->ctrl.session = NULL;
638 tty->ctrl.pgrp = NULL;
639 tty->ctrl.pktstatus = 0;
640 spin_unlock_irq(&tty->ctrl.lock);
641
642 /*
643 * If one of the devices matches a console pointer, we
644 * cannot just call hangup() because that will cause
645 * tty->count and state->count to go out of sync.
646 * So we just call close() the right number of times.
647 */
648 if (cons_filp) {
649 if (tty->ops->close)
650 for (n = 0; n < closecount; n++)
651 tty->ops->close(tty, cons_filp);
652 } else if (tty->ops->hangup)
653 tty->ops->hangup(tty);
654 /*
655 * We don't want to have driver/ldisc interactions beyond the ones
656 * we did here. The driver layer expects no calls after ->hangup()
657 * from the ldisc side, which is now guaranteed.
658 */
659 set_bit(TTY_HUPPED, &tty->flags);
660 clear_bit(TTY_HUPPING, &tty->flags);
661 tty_unlock(tty);
662
663 if (f)
664 fput(f);
665 }
666
do_tty_hangup(struct work_struct * work)667 static void do_tty_hangup(struct work_struct *work)
668 {
669 struct tty_struct *tty =
670 container_of(work, struct tty_struct, hangup_work);
671
672 __tty_hangup(tty, 0);
673 }
674
675 /**
676 * tty_hangup - trigger a hangup event
677 * @tty: tty to hangup
678 *
679 * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
680 * hangup sequence to run after this event.
681 */
tty_hangup(struct tty_struct * tty)682 void tty_hangup(struct tty_struct *tty)
683 {
684 tty_debug_hangup(tty, "hangup\n");
685 schedule_work(&tty->hangup_work);
686 }
687 EXPORT_SYMBOL(tty_hangup);
688
689 /**
690 * tty_vhangup - process vhangup
691 * @tty: tty to hangup
692 *
693 * The user has asked via system call for the terminal to be hung up. We do
694 * this synchronously so that when the syscall returns the process is complete.
695 * That guarantee is necessary for security reasons.
696 */
tty_vhangup(struct tty_struct * tty)697 void tty_vhangup(struct tty_struct *tty)
698 {
699 tty_debug_hangup(tty, "vhangup\n");
700 __tty_hangup(tty, 0);
701 }
702 EXPORT_SYMBOL(tty_vhangup);
703
704
705 /**
706 * tty_vhangup_self - process vhangup for own ctty
707 *
708 * Perform a vhangup on the current controlling tty
709 */
tty_vhangup_self(void)710 void tty_vhangup_self(void)
711 {
712 struct tty_struct *tty;
713
714 tty = get_current_tty();
715 if (tty) {
716 tty_vhangup(tty);
717 tty_kref_put(tty);
718 }
719 }
720
721 /**
722 * tty_vhangup_session - hangup session leader exit
723 * @tty: tty to hangup
724 *
725 * The session leader is exiting and hanging up its controlling terminal.
726 * Every process in the foreground process group is signalled %SIGHUP.
727 *
728 * We do this synchronously so that when the syscall returns the process is
729 * complete. That guarantee is necessary for security reasons.
730 */
tty_vhangup_session(struct tty_struct * tty)731 void tty_vhangup_session(struct tty_struct *tty)
732 {
733 tty_debug_hangup(tty, "session hangup\n");
734 __tty_hangup(tty, 1);
735 }
736
737 /**
738 * tty_hung_up_p - was tty hung up
739 * @filp: file pointer of tty
740 *
741 * Return: true if the tty has been subject to a vhangup or a carrier loss
742 */
tty_hung_up_p(struct file * filp)743 int tty_hung_up_p(struct file *filp)
744 {
745 return (filp && filp->f_op == &hung_up_tty_fops);
746 }
747 EXPORT_SYMBOL(tty_hung_up_p);
748
__stop_tty(struct tty_struct * tty)749 void __stop_tty(struct tty_struct *tty)
750 {
751 if (tty->flow.stopped)
752 return;
753 tty->flow.stopped = true;
754 if (tty->ops->stop)
755 tty->ops->stop(tty);
756 }
757
758 /**
759 * stop_tty - propagate flow control
760 * @tty: tty to stop
761 *
762 * Perform flow control to the driver. May be called on an already stopped
763 * device and will not re-call the &tty_driver->stop() method.
764 *
765 * This functionality is used by both the line disciplines for halting incoming
766 * flow and by the driver. It may therefore be called from any context, may be
767 * under the tty %atomic_write_lock but not always.
768 *
769 * Locking:
770 * flow.lock
771 */
stop_tty(struct tty_struct * tty)772 void stop_tty(struct tty_struct *tty)
773 {
774 unsigned long flags;
775
776 spin_lock_irqsave(&tty->flow.lock, flags);
777 __stop_tty(tty);
778 spin_unlock_irqrestore(&tty->flow.lock, flags);
779 }
780 EXPORT_SYMBOL(stop_tty);
781
__start_tty(struct tty_struct * tty)782 void __start_tty(struct tty_struct *tty)
783 {
784 if (!tty->flow.stopped || tty->flow.tco_stopped)
785 return;
786 tty->flow.stopped = false;
787 if (tty->ops->start)
788 tty->ops->start(tty);
789 tty_wakeup(tty);
790 }
791
792 /**
793 * start_tty - propagate flow control
794 * @tty: tty to start
795 *
796 * Start a tty that has been stopped if at all possible. If @tty was previously
797 * stopped and is now being started, the &tty_driver->start() method is invoked
798 * and the line discipline woken.
799 *
800 * Locking:
801 * flow.lock
802 */
start_tty(struct tty_struct * tty)803 void start_tty(struct tty_struct *tty)
804 {
805 unsigned long flags;
806
807 spin_lock_irqsave(&tty->flow.lock, flags);
808 __start_tty(tty);
809 spin_unlock_irqrestore(&tty->flow.lock, flags);
810 }
811 EXPORT_SYMBOL(start_tty);
812
tty_update_time(struct tty_struct * tty,bool mtime)813 static void tty_update_time(struct tty_struct *tty, bool mtime)
814 {
815 time64_t sec = ktime_get_real_seconds();
816 struct tty_file_private *priv;
817
818 spin_lock(&tty->files_lock);
819 list_for_each_entry(priv, &tty->tty_files, list) {
820 struct inode *inode = file_inode(priv->file);
821 struct timespec64 *time = mtime ? &inode->i_mtime : &inode->i_atime;
822
823 /*
824 * We only care if the two values differ in anything other than the
825 * lower three bits (i.e every 8 seconds). If so, then we can update
826 * the time of the tty device, otherwise it could be construded as a
827 * security leak to let userspace know the exact timing of the tty.
828 */
829 if ((sec ^ time->tv_sec) & ~7)
830 time->tv_sec = sec;
831 }
832 spin_unlock(&tty->files_lock);
833 }
834
835 /*
836 * Iterate on the ldisc ->read() function until we've gotten all
837 * the data the ldisc has for us.
838 *
839 * The "cookie" is something that the ldisc read function can fill
840 * in to let us know that there is more data to be had.
841 *
842 * We promise to continue to call the ldisc until it stops returning
843 * data or clears the cookie. The cookie may be something that the
844 * ldisc maintains state for and needs to free.
845 */
iterate_tty_read(struct tty_ldisc * ld,struct tty_struct * tty,struct file * file,struct iov_iter * to)846 static ssize_t iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
847 struct file *file, struct iov_iter *to)
848 {
849 void *cookie = NULL;
850 unsigned long offset = 0;
851 char kernel_buf[64];
852 ssize_t retval = 0;
853 size_t copied, count = iov_iter_count(to);
854
855 do {
856 ssize_t size = min(count, sizeof(kernel_buf));
857
858 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
859 if (!size)
860 break;
861
862 if (size < 0) {
863 /* Did we have an earlier error (ie -EFAULT)? */
864 if (retval)
865 break;
866 retval = size;
867
868 /*
869 * -EOVERFLOW means we didn't have enough space
870 * for a whole packet, and we shouldn't return
871 * a partial result.
872 */
873 if (retval == -EOVERFLOW)
874 offset = 0;
875 break;
876 }
877
878 copied = copy_to_iter(kernel_buf, size, to);
879 offset += copied;
880 count -= copied;
881
882 /*
883 * If the user copy failed, we still need to do another ->read()
884 * call if we had a cookie to let the ldisc clear up.
885 *
886 * But make sure size is zeroed.
887 */
888 if (unlikely(copied != size)) {
889 count = 0;
890 retval = -EFAULT;
891 }
892 } while (cookie);
893
894 /* We always clear tty buffer in case they contained passwords */
895 memzero_explicit(kernel_buf, sizeof(kernel_buf));
896 return offset ? offset : retval;
897 }
898
899
900 /**
901 * tty_read - read method for tty device files
902 * @iocb: kernel I/O control block
903 * @to: destination for the data read
904 *
905 * Perform the read system call function on this terminal device. Checks
906 * for hung up devices before calling the line discipline method.
907 *
908 * Locking:
909 * Locks the line discipline internally while needed. Multiple read calls
910 * may be outstanding in parallel.
911 */
tty_read(struct kiocb * iocb,struct iov_iter * to)912 static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
913 {
914 struct file *file = iocb->ki_filp;
915 struct inode *inode = file_inode(file);
916 struct tty_struct *tty = file_tty(file);
917 struct tty_ldisc *ld;
918 ssize_t ret;
919
920 if (tty_paranoia_check(tty, inode, "tty_read"))
921 return -EIO;
922 if (!tty || tty_io_error(tty))
923 return -EIO;
924
925 /* We want to wait for the line discipline to sort out in this
926 * situation.
927 */
928 ld = tty_ldisc_ref_wait(tty);
929 if (!ld)
930 return hung_up_tty_read(iocb, to);
931 ret = -EIO;
932 if (ld->ops->read)
933 ret = iterate_tty_read(ld, tty, file, to);
934 tty_ldisc_deref(ld);
935
936 if (ret > 0)
937 tty_update_time(tty, false);
938
939 return ret;
940 }
941
tty_write_unlock(struct tty_struct * tty)942 void tty_write_unlock(struct tty_struct *tty)
943 {
944 mutex_unlock(&tty->atomic_write_lock);
945 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
946 }
947
tty_write_lock(struct tty_struct * tty,bool ndelay)948 int tty_write_lock(struct tty_struct *tty, bool ndelay)
949 {
950 if (!mutex_trylock(&tty->atomic_write_lock)) {
951 if (ndelay)
952 return -EAGAIN;
953 if (mutex_lock_interruptible(&tty->atomic_write_lock))
954 return -ERESTARTSYS;
955 }
956 return 0;
957 }
958
959 /*
960 * Split writes up in sane blocksizes to avoid
961 * denial-of-service type attacks
962 */
iterate_tty_write(struct tty_ldisc * ld,struct tty_struct * tty,struct file * file,struct iov_iter * from)963 static ssize_t iterate_tty_write(struct tty_ldisc *ld, struct tty_struct *tty,
964 struct file *file, struct iov_iter *from)
965 {
966 size_t chunk, count = iov_iter_count(from);
967 ssize_t ret, written = 0;
968
969 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
970 if (ret < 0)
971 return ret;
972
973 /*
974 * We chunk up writes into a temporary buffer. This
975 * simplifies low-level drivers immensely, since they
976 * don't have locking issues and user mode accesses.
977 *
978 * But if TTY_NO_WRITE_SPLIT is set, we should use a
979 * big chunk-size..
980 *
981 * The default chunk-size is 2kB, because the NTTY
982 * layer has problems with bigger chunks. It will
983 * claim to be able to handle more characters than
984 * it actually does.
985 */
986 chunk = 2048;
987 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
988 chunk = 65536;
989 if (count < chunk)
990 chunk = count;
991
992 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
993 if (tty->write_cnt < chunk) {
994 unsigned char *buf_chunk;
995
996 if (chunk < 1024)
997 chunk = 1024;
998
999 buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1000 if (!buf_chunk) {
1001 ret = -ENOMEM;
1002 goto out;
1003 }
1004 kvfree(tty->write_buf);
1005 tty->write_cnt = chunk;
1006 tty->write_buf = buf_chunk;
1007 }
1008
1009 /* Do the write .. */
1010 for (;;) {
1011 size_t size = min(chunk, count);
1012
1013 ret = -EFAULT;
1014 if (copy_from_iter(tty->write_buf, size, from) != size)
1015 break;
1016
1017 ret = ld->ops->write(tty, file, tty->write_buf, size);
1018 if (ret <= 0)
1019 break;
1020
1021 written += ret;
1022 if (ret > size)
1023 break;
1024
1025 /* FIXME! Have Al check this! */
1026 if (ret != size)
1027 iov_iter_revert(from, size-ret);
1028
1029 count -= ret;
1030 if (!count)
1031 break;
1032 ret = -ERESTARTSYS;
1033 if (signal_pending(current))
1034 break;
1035 cond_resched();
1036 }
1037 if (written) {
1038 tty_update_time(tty, true);
1039 ret = written;
1040 }
1041 out:
1042 tty_write_unlock(tty);
1043 return ret;
1044 }
1045
1046 /**
1047 * tty_write_message - write a message to a certain tty, not just the console.
1048 * @tty: the destination tty_struct
1049 * @msg: the message to write
1050 *
1051 * This is used for messages that need to be redirected to a specific tty. We
1052 * don't put it into the syslog queue right now maybe in the future if really
1053 * needed.
1054 *
1055 * We must still hold the BTM and test the CLOSING flag for the moment.
1056 */
tty_write_message(struct tty_struct * tty,char * msg)1057 void tty_write_message(struct tty_struct *tty, char *msg)
1058 {
1059 if (tty) {
1060 mutex_lock(&tty->atomic_write_lock);
1061 tty_lock(tty);
1062 if (tty->ops->write && tty->count > 0)
1063 tty->ops->write(tty, msg, strlen(msg));
1064 tty_unlock(tty);
1065 tty_write_unlock(tty);
1066 }
1067 }
1068
file_tty_write(struct file * file,struct kiocb * iocb,struct iov_iter * from)1069 static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1070 {
1071 struct tty_struct *tty = file_tty(file);
1072 struct tty_ldisc *ld;
1073 ssize_t ret;
1074
1075 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1076 return -EIO;
1077 if (!tty || !tty->ops->write || tty_io_error(tty))
1078 return -EIO;
1079 /* Short term debug to catch buggy drivers */
1080 if (tty->ops->write_room == NULL)
1081 tty_err(tty, "missing write_room method\n");
1082 ld = tty_ldisc_ref_wait(tty);
1083 if (!ld)
1084 return hung_up_tty_write(iocb, from);
1085 if (!ld->ops->write)
1086 ret = -EIO;
1087 else
1088 ret = iterate_tty_write(ld, tty, file, from);
1089 tty_ldisc_deref(ld);
1090 return ret;
1091 }
1092
1093 /**
1094 * tty_write - write method for tty device file
1095 * @iocb: kernel I/O control block
1096 * @from: iov_iter with data to write
1097 *
1098 * Write data to a tty device via the line discipline.
1099 *
1100 * Locking:
1101 * Locks the line discipline as required
1102 * Writes to the tty driver are serialized by the atomic_write_lock
1103 * and are then processed in chunks to the device. The line
1104 * discipline write method will not be invoked in parallel for
1105 * each device.
1106 */
tty_write(struct kiocb * iocb,struct iov_iter * from)1107 static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1108 {
1109 return file_tty_write(iocb->ki_filp, iocb, from);
1110 }
1111
redirected_tty_write(struct kiocb * iocb,struct iov_iter * iter)1112 ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1113 {
1114 struct file *p = NULL;
1115
1116 spin_lock(&redirect_lock);
1117 if (redirect)
1118 p = get_file(redirect);
1119 spin_unlock(&redirect_lock);
1120
1121 /*
1122 * We know the redirected tty is just another tty, we can
1123 * call file_tty_write() directly with that file pointer.
1124 */
1125 if (p) {
1126 ssize_t res;
1127
1128 res = file_tty_write(p, iocb, iter);
1129 fput(p);
1130 return res;
1131 }
1132 return tty_write(iocb, iter);
1133 }
1134
1135 /**
1136 * tty_send_xchar - send priority character
1137 * @tty: the tty to send to
1138 * @ch: xchar to send
1139 *
1140 * Send a high priority character to the tty even if stopped.
1141 *
1142 * Locking: none for xchar method, write ordering for write method.
1143 */
tty_send_xchar(struct tty_struct * tty,char ch)1144 int tty_send_xchar(struct tty_struct *tty, char ch)
1145 {
1146 bool was_stopped = tty->flow.stopped;
1147
1148 if (tty->ops->send_xchar) {
1149 down_read(&tty->termios_rwsem);
1150 tty->ops->send_xchar(tty, ch);
1151 up_read(&tty->termios_rwsem);
1152 return 0;
1153 }
1154
1155 if (tty_write_lock(tty, false) < 0)
1156 return -ERESTARTSYS;
1157
1158 down_read(&tty->termios_rwsem);
1159 if (was_stopped)
1160 start_tty(tty);
1161 tty->ops->write(tty, &ch, 1);
1162 if (was_stopped)
1163 stop_tty(tty);
1164 up_read(&tty->termios_rwsem);
1165 tty_write_unlock(tty);
1166 return 0;
1167 }
1168
1169 /**
1170 * pty_line_name - generate name for a pty
1171 * @driver: the tty driver in use
1172 * @index: the minor number
1173 * @p: output buffer of at least 6 bytes
1174 *
1175 * Generate a name from a @driver reference and write it to the output buffer
1176 * @p.
1177 *
1178 * Locking: None
1179 */
pty_line_name(struct tty_driver * driver,int index,char * p)1180 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1181 {
1182 static const char ptychar[] = "pqrstuvwxyzabcde";
1183 int i = index + driver->name_base;
1184 /* ->name is initialized to "ttyp", but "tty" is expected */
1185 sprintf(p, "%s%c%x",
1186 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1187 ptychar[i >> 4 & 0xf], i & 0xf);
1188 }
1189
1190 /**
1191 * tty_line_name - generate name for a tty
1192 * @driver: the tty driver in use
1193 * @index: the minor number
1194 * @p: output buffer of at least 7 bytes
1195 *
1196 * Generate a name from a @driver reference and write it to the output buffer
1197 * @p.
1198 *
1199 * Locking: None
1200 */
tty_line_name(struct tty_driver * driver,int index,char * p)1201 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1202 {
1203 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1204 return sprintf(p, "%s", driver->name);
1205 else
1206 return sprintf(p, "%s%d", driver->name,
1207 index + driver->name_base);
1208 }
1209
1210 /**
1211 * tty_driver_lookup_tty() - find an existing tty, if any
1212 * @driver: the driver for the tty
1213 * @file: file object
1214 * @idx: the minor number
1215 *
1216 * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1217 * driver lookup() method returns an error.
1218 *
1219 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1220 */
tty_driver_lookup_tty(struct tty_driver * driver,struct file * file,int idx)1221 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1222 struct file *file, int idx)
1223 {
1224 struct tty_struct *tty;
1225
1226 if (driver->ops->lookup) {
1227 if (!file)
1228 tty = ERR_PTR(-EIO);
1229 else
1230 tty = driver->ops->lookup(driver, file, idx);
1231 } else {
1232 if (idx >= driver->num)
1233 return ERR_PTR(-EINVAL);
1234 tty = driver->ttys[idx];
1235 }
1236 if (!IS_ERR(tty))
1237 tty_kref_get(tty);
1238 return tty;
1239 }
1240
1241 /**
1242 * tty_init_termios - helper for termios setup
1243 * @tty: the tty to set up
1244 *
1245 * Initialise the termios structure for this tty. This runs under the
1246 * %tty_mutex currently so we can be relaxed about ordering.
1247 */
tty_init_termios(struct tty_struct * tty)1248 void tty_init_termios(struct tty_struct *tty)
1249 {
1250 struct ktermios *tp;
1251 int idx = tty->index;
1252
1253 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1254 tty->termios = tty->driver->init_termios;
1255 else {
1256 /* Check for lazy saved data */
1257 tp = tty->driver->termios[idx];
1258 if (tp != NULL) {
1259 tty->termios = *tp;
1260 tty->termios.c_line = tty->driver->init_termios.c_line;
1261 } else
1262 tty->termios = tty->driver->init_termios;
1263 }
1264 /* Compatibility until drivers always set this */
1265 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1266 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1267 }
1268 EXPORT_SYMBOL_GPL(tty_init_termios);
1269
1270 /**
1271 * tty_standard_install - usual tty->ops->install
1272 * @driver: the driver for the tty
1273 * @tty: the tty
1274 *
1275 * If the @driver overrides @tty->ops->install, it still can call this function
1276 * to perform the standard install operations.
1277 */
tty_standard_install(struct tty_driver * driver,struct tty_struct * tty)1278 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1279 {
1280 tty_init_termios(tty);
1281 tty_driver_kref_get(driver);
1282 tty->count++;
1283 driver->ttys[tty->index] = tty;
1284 return 0;
1285 }
1286 EXPORT_SYMBOL_GPL(tty_standard_install);
1287
1288 /**
1289 * tty_driver_install_tty() - install a tty entry in the driver
1290 * @driver: the driver for the tty
1291 * @tty: the tty
1292 *
1293 * Install a tty object into the driver tables. The @tty->index field will be
1294 * set by the time this is called. This method is responsible for ensuring any
1295 * need additional structures are allocated and configured.
1296 *
1297 * Locking: tty_mutex for now
1298 */
tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1299 static int tty_driver_install_tty(struct tty_driver *driver,
1300 struct tty_struct *tty)
1301 {
1302 return driver->ops->install ? driver->ops->install(driver, tty) :
1303 tty_standard_install(driver, tty);
1304 }
1305
1306 /**
1307 * tty_driver_remove_tty() - remove a tty from the driver tables
1308 * @driver: the driver for the tty
1309 * @tty: tty to remove
1310 *
1311 * Remove a tty object from the driver tables. The tty->index field will be set
1312 * by the time this is called.
1313 *
1314 * Locking: tty_mutex for now
1315 */
tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1316 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1317 {
1318 if (driver->ops->remove)
1319 driver->ops->remove(driver, tty);
1320 else
1321 driver->ttys[tty->index] = NULL;
1322 }
1323
1324 /**
1325 * tty_reopen() - fast re-open of an open tty
1326 * @tty: the tty to open
1327 *
1328 * Re-opens on master ptys are not allowed and return -%EIO.
1329 *
1330 * Locking: Caller must hold tty_lock
1331 * Return: 0 on success, -errno on error.
1332 */
tty_reopen(struct tty_struct * tty)1333 static int tty_reopen(struct tty_struct *tty)
1334 {
1335 struct tty_driver *driver = tty->driver;
1336 struct tty_ldisc *ld;
1337 int retval = 0;
1338
1339 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1340 driver->subtype == PTY_TYPE_MASTER)
1341 return -EIO;
1342
1343 if (!tty->count)
1344 return -EAGAIN;
1345
1346 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1347 return -EBUSY;
1348
1349 ld = tty_ldisc_ref_wait(tty);
1350 if (ld) {
1351 tty_ldisc_deref(ld);
1352 } else {
1353 retval = tty_ldisc_lock(tty, 5 * HZ);
1354 if (retval)
1355 return retval;
1356
1357 if (!tty->ldisc)
1358 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1359 tty_ldisc_unlock(tty);
1360 }
1361
1362 if (retval == 0)
1363 tty->count++;
1364
1365 return retval;
1366 }
1367
1368 /**
1369 * tty_init_dev - initialise a tty device
1370 * @driver: tty driver we are opening a device on
1371 * @idx: device index
1372 *
1373 * Prepare a tty device. This may not be a "new" clean device but could also be
1374 * an active device. The pty drivers require special handling because of this.
1375 *
1376 * Locking:
1377 * The function is called under the tty_mutex, which protects us from the
1378 * tty struct or driver itself going away.
1379 *
1380 * On exit the tty device has the line discipline attached and a reference
1381 * count of 1. If a pair was created for pty/tty use and the other was a pty
1382 * master then it too has a reference count of 1.
1383 *
1384 * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1385 * open. The new code protects the open with a mutex, so it's really quite
1386 * straightforward. The mutex locking can probably be relaxed for the (most
1387 * common) case of reopening a tty.
1388 *
1389 * Return: new tty structure
1390 */
tty_init_dev(struct tty_driver * driver,int idx)1391 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1392 {
1393 struct tty_struct *tty;
1394 int retval;
1395
1396 /*
1397 * First time open is complex, especially for PTY devices.
1398 * This code guarantees that either everything succeeds and the
1399 * TTY is ready for operation, or else the table slots are vacated
1400 * and the allocated memory released. (Except that the termios
1401 * may be retained.)
1402 */
1403
1404 if (!try_module_get(driver->owner))
1405 return ERR_PTR(-ENODEV);
1406
1407 tty = alloc_tty_struct(driver, idx);
1408 if (!tty) {
1409 retval = -ENOMEM;
1410 goto err_module_put;
1411 }
1412
1413 tty_lock(tty);
1414 retval = tty_driver_install_tty(driver, tty);
1415 if (retval < 0)
1416 goto err_free_tty;
1417
1418 if (!tty->port)
1419 tty->port = driver->ports[idx];
1420
1421 if (WARN_RATELIMIT(!tty->port,
1422 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1423 __func__, tty->driver->name)) {
1424 retval = -EINVAL;
1425 goto err_release_lock;
1426 }
1427
1428 retval = tty_ldisc_lock(tty, 5 * HZ);
1429 if (retval)
1430 goto err_release_lock;
1431 tty->port->itty = tty;
1432
1433 /*
1434 * Structures all installed ... call the ldisc open routines.
1435 * If we fail here just call release_tty to clean up. No need
1436 * to decrement the use counts, as release_tty doesn't care.
1437 */
1438 retval = tty_ldisc_setup(tty, tty->link);
1439 if (retval)
1440 goto err_release_tty;
1441 tty_ldisc_unlock(tty);
1442 /* Return the tty locked so that it cannot vanish under the caller */
1443 return tty;
1444
1445 err_free_tty:
1446 tty_unlock(tty);
1447 free_tty_struct(tty);
1448 err_module_put:
1449 module_put(driver->owner);
1450 return ERR_PTR(retval);
1451
1452 /* call the tty release_tty routine to clean out this slot */
1453 err_release_tty:
1454 tty_ldisc_unlock(tty);
1455 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1456 retval, idx);
1457 err_release_lock:
1458 tty_unlock(tty);
1459 release_tty(tty, idx);
1460 return ERR_PTR(retval);
1461 }
1462
1463 /**
1464 * tty_save_termios() - save tty termios data in driver table
1465 * @tty: tty whose termios data to save
1466 *
1467 * Locking: Caller guarantees serialisation with tty_init_termios().
1468 */
tty_save_termios(struct tty_struct * tty)1469 void tty_save_termios(struct tty_struct *tty)
1470 {
1471 struct ktermios *tp;
1472 int idx = tty->index;
1473
1474 /* If the port is going to reset then it has no termios to save */
1475 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1476 return;
1477
1478 /* Stash the termios data */
1479 tp = tty->driver->termios[idx];
1480 if (tp == NULL) {
1481 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1482 if (tp == NULL)
1483 return;
1484 tty->driver->termios[idx] = tp;
1485 }
1486 *tp = tty->termios;
1487 }
1488 EXPORT_SYMBOL_GPL(tty_save_termios);
1489
1490 /**
1491 * tty_flush_works - flush all works of a tty/pty pair
1492 * @tty: tty device to flush works for (or either end of a pty pair)
1493 *
1494 * Sync flush all works belonging to @tty (and the 'other' tty).
1495 */
tty_flush_works(struct tty_struct * tty)1496 static void tty_flush_works(struct tty_struct *tty)
1497 {
1498 flush_work(&tty->SAK_work);
1499 flush_work(&tty->hangup_work);
1500 if (tty->link) {
1501 flush_work(&tty->link->SAK_work);
1502 flush_work(&tty->link->hangup_work);
1503 }
1504 }
1505
1506 /**
1507 * release_one_tty - release tty structure memory
1508 * @work: work of tty we are obliterating
1509 *
1510 * Releases memory associated with a tty structure, and clears out the
1511 * driver table slots. This function is called when a device is no longer
1512 * in use. It also gets called when setup of a device fails.
1513 *
1514 * Locking:
1515 * takes the file list lock internally when working on the list of ttys
1516 * that the driver keeps.
1517 *
1518 * This method gets called from a work queue so that the driver private
1519 * cleanup ops can sleep (needed for USB at least)
1520 */
release_one_tty(struct work_struct * work)1521 static void release_one_tty(struct work_struct *work)
1522 {
1523 struct tty_struct *tty =
1524 container_of(work, struct tty_struct, hangup_work);
1525 struct tty_driver *driver = tty->driver;
1526 struct module *owner = driver->owner;
1527
1528 if (tty->ops->cleanup)
1529 tty->ops->cleanup(tty);
1530
1531 tty_driver_kref_put(driver);
1532 module_put(owner);
1533
1534 spin_lock(&tty->files_lock);
1535 list_del_init(&tty->tty_files);
1536 spin_unlock(&tty->files_lock);
1537
1538 put_pid(tty->ctrl.pgrp);
1539 put_pid(tty->ctrl.session);
1540 free_tty_struct(tty);
1541 }
1542
queue_release_one_tty(struct kref * kref)1543 static void queue_release_one_tty(struct kref *kref)
1544 {
1545 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1546
1547 /* The hangup queue is now free so we can reuse it rather than
1548 * waste a chunk of memory for each port.
1549 */
1550 INIT_WORK(&tty->hangup_work, release_one_tty);
1551 schedule_work(&tty->hangup_work);
1552 }
1553
1554 /**
1555 * tty_kref_put - release a tty kref
1556 * @tty: tty device
1557 *
1558 * Release a reference to the @tty device and if need be let the kref layer
1559 * destruct the object for us.
1560 */
tty_kref_put(struct tty_struct * tty)1561 void tty_kref_put(struct tty_struct *tty)
1562 {
1563 if (tty)
1564 kref_put(&tty->kref, queue_release_one_tty);
1565 }
1566 EXPORT_SYMBOL(tty_kref_put);
1567
1568 /**
1569 * release_tty - release tty structure memory
1570 * @tty: tty device release
1571 * @idx: index of the tty device release
1572 *
1573 * Release both @tty and a possible linked partner (think pty pair),
1574 * and decrement the refcount of the backing module.
1575 *
1576 * Locking:
1577 * tty_mutex
1578 * takes the file list lock internally when working on the list of ttys
1579 * that the driver keeps.
1580 */
release_tty(struct tty_struct * tty,int idx)1581 static void release_tty(struct tty_struct *tty, int idx)
1582 {
1583 /* This should always be true but check for the moment */
1584 WARN_ON(tty->index != idx);
1585 WARN_ON(!mutex_is_locked(&tty_mutex));
1586 if (tty->ops->shutdown)
1587 tty->ops->shutdown(tty);
1588 tty_save_termios(tty);
1589 tty_driver_remove_tty(tty->driver, tty);
1590 if (tty->port)
1591 tty->port->itty = NULL;
1592 if (tty->link)
1593 tty->link->port->itty = NULL;
1594 if (tty->port)
1595 tty_buffer_cancel_work(tty->port);
1596 if (tty->link)
1597 tty_buffer_cancel_work(tty->link->port);
1598
1599 tty_kref_put(tty->link);
1600 tty_kref_put(tty);
1601 }
1602
1603 /**
1604 * tty_release_checks - check a tty before real release
1605 * @tty: tty to check
1606 * @idx: index of the tty
1607 *
1608 * Performs some paranoid checking before true release of the @tty. This is a
1609 * no-op unless %TTY_PARANOIA_CHECK is defined.
1610 */
tty_release_checks(struct tty_struct * tty,int idx)1611 static int tty_release_checks(struct tty_struct *tty, int idx)
1612 {
1613 #ifdef TTY_PARANOIA_CHECK
1614 if (idx < 0 || idx >= tty->driver->num) {
1615 tty_debug(tty, "bad idx %d\n", idx);
1616 return -1;
1617 }
1618
1619 /* not much to check for devpts */
1620 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1621 return 0;
1622
1623 if (tty != tty->driver->ttys[idx]) {
1624 tty_debug(tty, "bad driver table[%d] = %p\n",
1625 idx, tty->driver->ttys[idx]);
1626 return -1;
1627 }
1628 if (tty->driver->other) {
1629 struct tty_struct *o_tty = tty->link;
1630
1631 if (o_tty != tty->driver->other->ttys[idx]) {
1632 tty_debug(tty, "bad other table[%d] = %p\n",
1633 idx, tty->driver->other->ttys[idx]);
1634 return -1;
1635 }
1636 if (o_tty->link != tty) {
1637 tty_debug(tty, "bad link = %p\n", o_tty->link);
1638 return -1;
1639 }
1640 }
1641 #endif
1642 return 0;
1643 }
1644
1645 /**
1646 * tty_kclose - closes tty opened by tty_kopen
1647 * @tty: tty device
1648 *
1649 * Performs the final steps to release and free a tty device. It is the same as
1650 * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1651 * @tty->port.
1652 */
tty_kclose(struct tty_struct * tty)1653 void tty_kclose(struct tty_struct *tty)
1654 {
1655 /*
1656 * Ask the line discipline code to release its structures
1657 */
1658 tty_ldisc_release(tty);
1659
1660 /* Wait for pending work before tty destruction commences */
1661 tty_flush_works(tty);
1662
1663 tty_debug_hangup(tty, "freeing structure\n");
1664 /*
1665 * The release_tty function takes care of the details of clearing
1666 * the slots and preserving the termios structure.
1667 */
1668 mutex_lock(&tty_mutex);
1669 tty_port_set_kopened(tty->port, 0);
1670 release_tty(tty, tty->index);
1671 mutex_unlock(&tty_mutex);
1672 }
1673 EXPORT_SYMBOL_GPL(tty_kclose);
1674
1675 /**
1676 * tty_release_struct - release a tty struct
1677 * @tty: tty device
1678 * @idx: index of the tty
1679 *
1680 * Performs the final steps to release and free a tty device. It is roughly the
1681 * reverse of tty_init_dev().
1682 */
tty_release_struct(struct tty_struct * tty,int idx)1683 void tty_release_struct(struct tty_struct *tty, int idx)
1684 {
1685 /*
1686 * Ask the line discipline code to release its structures
1687 */
1688 tty_ldisc_release(tty);
1689
1690 /* Wait for pending work before tty destruction commmences */
1691 tty_flush_works(tty);
1692
1693 tty_debug_hangup(tty, "freeing structure\n");
1694 /*
1695 * The release_tty function takes care of the details of clearing
1696 * the slots and preserving the termios structure.
1697 */
1698 mutex_lock(&tty_mutex);
1699 release_tty(tty, idx);
1700 mutex_unlock(&tty_mutex);
1701 }
1702 EXPORT_SYMBOL_GPL(tty_release_struct);
1703
1704 /**
1705 * tty_release - vfs callback for close
1706 * @inode: inode of tty
1707 * @filp: file pointer for handle to tty
1708 *
1709 * Called the last time each file handle is closed that references this tty.
1710 * There may however be several such references.
1711 *
1712 * Locking:
1713 * Takes BKL. See tty_release_dev().
1714 *
1715 * Even releasing the tty structures is a tricky business. We have to be very
1716 * careful that the structures are all released at the same time, as interrupts
1717 * might otherwise get the wrong pointers.
1718 *
1719 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1720 * lead to double frees or releasing memory still in use.
1721 */
tty_release(struct inode * inode,struct file * filp)1722 int tty_release(struct inode *inode, struct file *filp)
1723 {
1724 struct tty_struct *tty = file_tty(filp);
1725 struct tty_struct *o_tty = NULL;
1726 int do_sleep, final;
1727 int idx;
1728 long timeout = 0;
1729 int once = 1;
1730
1731 if (tty_paranoia_check(tty, inode, __func__))
1732 return 0;
1733
1734 tty_lock(tty);
1735 check_tty_count(tty, __func__);
1736
1737 __tty_fasync(-1, filp, 0);
1738
1739 idx = tty->index;
1740 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1741 tty->driver->subtype == PTY_TYPE_MASTER)
1742 o_tty = tty->link;
1743
1744 if (tty_release_checks(tty, idx)) {
1745 tty_unlock(tty);
1746 return 0;
1747 }
1748
1749 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1750
1751 if (tty->ops->close)
1752 tty->ops->close(tty, filp);
1753
1754 /* If tty is pty master, lock the slave pty (stable lock order) */
1755 tty_lock_slave(o_tty);
1756
1757 /*
1758 * Sanity check: if tty->count is going to zero, there shouldn't be
1759 * any waiters on tty->read_wait or tty->write_wait. We test the
1760 * wait queues and kick everyone out _before_ actually starting to
1761 * close. This ensures that we won't block while releasing the tty
1762 * structure.
1763 *
1764 * The test for the o_tty closing is necessary, since the master and
1765 * slave sides may close in any order. If the slave side closes out
1766 * first, its count will be one, since the master side holds an open.
1767 * Thus this test wouldn't be triggered at the time the slave closed,
1768 * so we do it now.
1769 */
1770 while (1) {
1771 do_sleep = 0;
1772
1773 if (tty->count <= 1) {
1774 if (waitqueue_active(&tty->read_wait)) {
1775 wake_up_poll(&tty->read_wait, EPOLLIN);
1776 do_sleep++;
1777 }
1778 if (waitqueue_active(&tty->write_wait)) {
1779 wake_up_poll(&tty->write_wait, EPOLLOUT);
1780 do_sleep++;
1781 }
1782 }
1783 if (o_tty && o_tty->count <= 1) {
1784 if (waitqueue_active(&o_tty->read_wait)) {
1785 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1786 do_sleep++;
1787 }
1788 if (waitqueue_active(&o_tty->write_wait)) {
1789 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1790 do_sleep++;
1791 }
1792 }
1793 if (!do_sleep)
1794 break;
1795
1796 if (once) {
1797 once = 0;
1798 tty_warn(tty, "read/write wait queue active!\n");
1799 }
1800 schedule_timeout_killable(timeout);
1801 if (timeout < 120 * HZ)
1802 timeout = 2 * timeout + 1;
1803 else
1804 timeout = MAX_SCHEDULE_TIMEOUT;
1805 }
1806
1807 if (o_tty) {
1808 if (--o_tty->count < 0) {
1809 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1810 o_tty->count = 0;
1811 }
1812 }
1813 if (--tty->count < 0) {
1814 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1815 tty->count = 0;
1816 }
1817
1818 /*
1819 * We've decremented tty->count, so we need to remove this file
1820 * descriptor off the tty->tty_files list; this serves two
1821 * purposes:
1822 * - check_tty_count sees the correct number of file descriptors
1823 * associated with this tty.
1824 * - do_tty_hangup no longer sees this file descriptor as
1825 * something that needs to be handled for hangups.
1826 */
1827 tty_del_file(filp);
1828
1829 /*
1830 * Perform some housekeeping before deciding whether to return.
1831 *
1832 * If _either_ side is closing, make sure there aren't any
1833 * processes that still think tty or o_tty is their controlling
1834 * tty.
1835 */
1836 if (!tty->count) {
1837 read_lock(&tasklist_lock);
1838 session_clear_tty(tty->ctrl.session);
1839 if (o_tty)
1840 session_clear_tty(o_tty->ctrl.session);
1841 read_unlock(&tasklist_lock);
1842 }
1843
1844 /* check whether both sides are closing ... */
1845 final = !tty->count && !(o_tty && o_tty->count);
1846
1847 tty_unlock_slave(o_tty);
1848 tty_unlock(tty);
1849
1850 /* At this point, the tty->count == 0 should ensure a dead tty
1851 * cannot be re-opened by a racing opener.
1852 */
1853
1854 if (!final)
1855 return 0;
1856
1857 tty_debug_hangup(tty, "final close\n");
1858
1859 tty_release_struct(tty, idx);
1860 return 0;
1861 }
1862
1863 /**
1864 * tty_open_current_tty - get locked tty of current task
1865 * @device: device number
1866 * @filp: file pointer to tty
1867 * @return: locked tty of the current task iff @device is /dev/tty
1868 *
1869 * Performs a re-open of the current task's controlling tty.
1870 *
1871 * We cannot return driver and index like for the other nodes because devpts
1872 * will not work then. It expects inodes to be from devpts FS.
1873 */
tty_open_current_tty(dev_t device,struct file * filp)1874 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1875 {
1876 struct tty_struct *tty;
1877 int retval;
1878
1879 if (device != MKDEV(TTYAUX_MAJOR, 0))
1880 return NULL;
1881
1882 tty = get_current_tty();
1883 if (!tty)
1884 return ERR_PTR(-ENXIO);
1885
1886 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1887 /* noctty = 1; */
1888 tty_lock(tty);
1889 tty_kref_put(tty); /* safe to drop the kref now */
1890
1891 retval = tty_reopen(tty);
1892 if (retval < 0) {
1893 tty_unlock(tty);
1894 tty = ERR_PTR(retval);
1895 }
1896 return tty;
1897 }
1898
1899 /**
1900 * tty_lookup_driver - lookup a tty driver for a given device file
1901 * @device: device number
1902 * @filp: file pointer to tty
1903 * @index: index for the device in the @return driver
1904 *
1905 * If returned value is not erroneous, the caller is responsible to decrement
1906 * the refcount by tty_driver_kref_put().
1907 *
1908 * Locking: %tty_mutex protects get_tty_driver()
1909 *
1910 * Return: driver for this inode (with increased refcount)
1911 */
tty_lookup_driver(dev_t device,struct file * filp,int * index)1912 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1913 int *index)
1914 {
1915 struct tty_driver *driver = NULL;
1916
1917 switch (device) {
1918 #ifdef CONFIG_VT
1919 case MKDEV(TTY_MAJOR, 0): {
1920 extern struct tty_driver *console_driver;
1921
1922 driver = tty_driver_kref_get(console_driver);
1923 *index = fg_console;
1924 break;
1925 }
1926 #endif
1927 case MKDEV(TTYAUX_MAJOR, 1): {
1928 struct tty_driver *console_driver = console_device(index);
1929
1930 if (console_driver) {
1931 driver = tty_driver_kref_get(console_driver);
1932 if (driver && filp) {
1933 /* Don't let /dev/console block */
1934 filp->f_flags |= O_NONBLOCK;
1935 break;
1936 }
1937 }
1938 if (driver)
1939 tty_driver_kref_put(driver);
1940 return ERR_PTR(-ENODEV);
1941 }
1942 default:
1943 driver = get_tty_driver(device, index);
1944 if (!driver)
1945 return ERR_PTR(-ENODEV);
1946 break;
1947 }
1948 return driver;
1949 }
1950
tty_kopen(dev_t device,int shared)1951 static struct tty_struct *tty_kopen(dev_t device, int shared)
1952 {
1953 struct tty_struct *tty;
1954 struct tty_driver *driver;
1955 int index = -1;
1956
1957 mutex_lock(&tty_mutex);
1958 driver = tty_lookup_driver(device, NULL, &index);
1959 if (IS_ERR(driver)) {
1960 mutex_unlock(&tty_mutex);
1961 return ERR_CAST(driver);
1962 }
1963
1964 /* check whether we're reopening an existing tty */
1965 tty = tty_driver_lookup_tty(driver, NULL, index);
1966 if (IS_ERR(tty) || shared)
1967 goto out;
1968
1969 if (tty) {
1970 /* drop kref from tty_driver_lookup_tty() */
1971 tty_kref_put(tty);
1972 tty = ERR_PTR(-EBUSY);
1973 } else { /* tty_init_dev returns tty with the tty_lock held */
1974 tty = tty_init_dev(driver, index);
1975 if (IS_ERR(tty))
1976 goto out;
1977 tty_port_set_kopened(tty->port, 1);
1978 }
1979 out:
1980 mutex_unlock(&tty_mutex);
1981 tty_driver_kref_put(driver);
1982 return tty;
1983 }
1984
1985 /**
1986 * tty_kopen_exclusive - open a tty device for kernel
1987 * @device: dev_t of device to open
1988 *
1989 * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
1990 * it's not already opened and performs the first-time tty initialization.
1991 *
1992 * Claims the global %tty_mutex to serialize:
1993 * * concurrent first-time tty initialization
1994 * * concurrent tty driver removal w/ lookup
1995 * * concurrent tty removal from driver table
1996 *
1997 * Return: the locked initialized &tty_struct
1998 */
tty_kopen_exclusive(dev_t device)1999 struct tty_struct *tty_kopen_exclusive(dev_t device)
2000 {
2001 return tty_kopen(device, 0);
2002 }
2003 EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2004
2005 /**
2006 * tty_kopen_shared - open a tty device for shared in-kernel use
2007 * @device: dev_t of device to open
2008 *
2009 * Opens an already existing tty for in-kernel use. Compared to
2010 * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2011 *
2012 * Locking: identical to tty_kopen() above.
2013 */
tty_kopen_shared(dev_t device)2014 struct tty_struct *tty_kopen_shared(dev_t device)
2015 {
2016 return tty_kopen(device, 1);
2017 }
2018 EXPORT_SYMBOL_GPL(tty_kopen_shared);
2019
2020 /**
2021 * tty_open_by_driver - open a tty device
2022 * @device: dev_t of device to open
2023 * @filp: file pointer to tty
2024 *
2025 * Performs the driver lookup, checks for a reopen, or otherwise performs the
2026 * first-time tty initialization.
2027 *
2028 *
2029 * Claims the global tty_mutex to serialize:
2030 * * concurrent first-time tty initialization
2031 * * concurrent tty driver removal w/ lookup
2032 * * concurrent tty removal from driver table
2033 *
2034 * Return: the locked initialized or re-opened &tty_struct
2035 */
tty_open_by_driver(dev_t device,struct file * filp)2036 static struct tty_struct *tty_open_by_driver(dev_t device,
2037 struct file *filp)
2038 {
2039 struct tty_struct *tty;
2040 struct tty_driver *driver = NULL;
2041 int index = -1;
2042 int retval;
2043
2044 mutex_lock(&tty_mutex);
2045 driver = tty_lookup_driver(device, filp, &index);
2046 if (IS_ERR(driver)) {
2047 mutex_unlock(&tty_mutex);
2048 return ERR_CAST(driver);
2049 }
2050
2051 /* check whether we're reopening an existing tty */
2052 tty = tty_driver_lookup_tty(driver, filp, index);
2053 if (IS_ERR(tty)) {
2054 mutex_unlock(&tty_mutex);
2055 goto out;
2056 }
2057
2058 if (tty) {
2059 if (tty_port_kopened(tty->port)) {
2060 tty_kref_put(tty);
2061 mutex_unlock(&tty_mutex);
2062 tty = ERR_PTR(-EBUSY);
2063 goto out;
2064 }
2065 mutex_unlock(&tty_mutex);
2066 retval = tty_lock_interruptible(tty);
2067 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2068 if (retval) {
2069 if (retval == -EINTR)
2070 retval = -ERESTARTSYS;
2071 tty = ERR_PTR(retval);
2072 goto out;
2073 }
2074 retval = tty_reopen(tty);
2075 if (retval < 0) {
2076 tty_unlock(tty);
2077 tty = ERR_PTR(retval);
2078 }
2079 } else { /* Returns with the tty_lock held for now */
2080 tty = tty_init_dev(driver, index);
2081 mutex_unlock(&tty_mutex);
2082 }
2083 out:
2084 tty_driver_kref_put(driver);
2085 return tty;
2086 }
2087
2088 /**
2089 * tty_open - open a tty device
2090 * @inode: inode of device file
2091 * @filp: file pointer to tty
2092 *
2093 * tty_open() and tty_release() keep up the tty count that contains the number
2094 * of opens done on a tty. We cannot use the inode-count, as different inodes
2095 * might point to the same tty.
2096 *
2097 * Open-counting is needed for pty masters, as well as for keeping track of
2098 * serial lines: DTR is dropped when the last close happens.
2099 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2100 *
2101 * The termios state of a pty is reset on the first open so that settings don't
2102 * persist across reuse.
2103 *
2104 * Locking:
2105 * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2106 * * @tty->count should protect the rest.
2107 * * ->siglock protects ->signal/->sighand
2108 *
2109 * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2110 */
tty_open(struct inode * inode,struct file * filp)2111 static int tty_open(struct inode *inode, struct file *filp)
2112 {
2113 struct tty_struct *tty;
2114 int noctty, retval;
2115 dev_t device = inode->i_rdev;
2116 unsigned saved_flags = filp->f_flags;
2117
2118 nonseekable_open(inode, filp);
2119
2120 retry_open:
2121 retval = tty_alloc_file(filp);
2122 if (retval)
2123 return -ENOMEM;
2124
2125 tty = tty_open_current_tty(device, filp);
2126 if (!tty)
2127 tty = tty_open_by_driver(device, filp);
2128
2129 if (IS_ERR(tty)) {
2130 tty_free_file(filp);
2131 retval = PTR_ERR(tty);
2132 if (retval != -EAGAIN || signal_pending(current))
2133 return retval;
2134 schedule();
2135 goto retry_open;
2136 }
2137
2138 tty_add_file(tty, filp);
2139
2140 check_tty_count(tty, __func__);
2141 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2142
2143 if (tty->ops->open)
2144 retval = tty->ops->open(tty, filp);
2145 else
2146 retval = -ENODEV;
2147 filp->f_flags = saved_flags;
2148
2149 if (retval) {
2150 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2151
2152 tty_unlock(tty); /* need to call tty_release without BTM */
2153 tty_release(inode, filp);
2154 if (retval != -ERESTARTSYS)
2155 return retval;
2156
2157 if (signal_pending(current))
2158 return retval;
2159
2160 schedule();
2161 /*
2162 * Need to reset f_op in case a hangup happened.
2163 */
2164 if (tty_hung_up_p(filp))
2165 filp->f_op = &tty_fops;
2166 goto retry_open;
2167 }
2168 clear_bit(TTY_HUPPED, &tty->flags);
2169
2170 noctty = (filp->f_flags & O_NOCTTY) ||
2171 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2172 device == MKDEV(TTYAUX_MAJOR, 1) ||
2173 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2174 tty->driver->subtype == PTY_TYPE_MASTER);
2175 if (!noctty)
2176 tty_open_proc_set_tty(filp, tty);
2177 tty_unlock(tty);
2178 return 0;
2179 }
2180
2181
2182 /**
2183 * tty_poll - check tty status
2184 * @filp: file being polled
2185 * @wait: poll wait structures to update
2186 *
2187 * Call the line discipline polling method to obtain the poll status of the
2188 * device.
2189 *
2190 * Locking: locks called line discipline but ldisc poll method may be
2191 * re-entered freely by other callers.
2192 */
tty_poll(struct file * filp,poll_table * wait)2193 static __poll_t tty_poll(struct file *filp, poll_table *wait)
2194 {
2195 struct tty_struct *tty = file_tty(filp);
2196 struct tty_ldisc *ld;
2197 __poll_t ret = 0;
2198
2199 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2200 return 0;
2201
2202 ld = tty_ldisc_ref_wait(tty);
2203 if (!ld)
2204 return hung_up_tty_poll(filp, wait);
2205 if (ld->ops->poll)
2206 ret = ld->ops->poll(tty, filp, wait);
2207 tty_ldisc_deref(ld);
2208 return ret;
2209 }
2210
__tty_fasync(int fd,struct file * filp,int on)2211 static int __tty_fasync(int fd, struct file *filp, int on)
2212 {
2213 struct tty_struct *tty = file_tty(filp);
2214 unsigned long flags;
2215 int retval = 0;
2216
2217 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2218 goto out;
2219
2220 retval = fasync_helper(fd, filp, on, &tty->fasync);
2221 if (retval <= 0)
2222 goto out;
2223
2224 if (on) {
2225 enum pid_type type;
2226 struct pid *pid;
2227
2228 spin_lock_irqsave(&tty->ctrl.lock, flags);
2229 if (tty->ctrl.pgrp) {
2230 pid = tty->ctrl.pgrp;
2231 type = PIDTYPE_PGID;
2232 } else {
2233 pid = task_pid(current);
2234 type = PIDTYPE_TGID;
2235 }
2236 get_pid(pid);
2237 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2238 __f_setown(filp, pid, type, 0);
2239 put_pid(pid);
2240 retval = 0;
2241 }
2242 out:
2243 return retval;
2244 }
2245
tty_fasync(int fd,struct file * filp,int on)2246 static int tty_fasync(int fd, struct file *filp, int on)
2247 {
2248 struct tty_struct *tty = file_tty(filp);
2249 int retval = -ENOTTY;
2250
2251 tty_lock(tty);
2252 if (!tty_hung_up_p(filp))
2253 retval = __tty_fasync(fd, filp, on);
2254 tty_unlock(tty);
2255
2256 return retval;
2257 }
2258
2259 static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
2260 /**
2261 * tiocsti - fake input character
2262 * @tty: tty to fake input into
2263 * @p: pointer to character
2264 *
2265 * Fake input to a tty device. Does the necessary locking and input management.
2266 *
2267 * FIXME: does not honour flow control ??
2268 *
2269 * Locking:
2270 * * Called functions take tty_ldiscs_lock
2271 * * current->signal->tty check is safe without locks
2272 */
tiocsti(struct tty_struct * tty,char __user * p)2273 static int tiocsti(struct tty_struct *tty, char __user *p)
2274 {
2275 char ch, mbz = 0;
2276 struct tty_ldisc *ld;
2277
2278 if (!tty_legacy_tiocsti && !capable(CAP_SYS_ADMIN))
2279 return -EIO;
2280
2281 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2282 return -EPERM;
2283 if (get_user(ch, p))
2284 return -EFAULT;
2285 tty_audit_tiocsti(tty, ch);
2286 ld = tty_ldisc_ref_wait(tty);
2287 if (!ld)
2288 return -EIO;
2289 tty_buffer_lock_exclusive(tty->port);
2290 if (ld->ops->receive_buf)
2291 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2292 tty_buffer_unlock_exclusive(tty->port);
2293 tty_ldisc_deref(ld);
2294 return 0;
2295 }
2296
2297 /**
2298 * tiocgwinsz - implement window query ioctl
2299 * @tty: tty
2300 * @arg: user buffer for result
2301 *
2302 * Copies the kernel idea of the window size into the user buffer.
2303 *
2304 * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2305 * consistent.
2306 */
tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2307 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2308 {
2309 int err;
2310
2311 mutex_lock(&tty->winsize_mutex);
2312 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2313 mutex_unlock(&tty->winsize_mutex);
2314
2315 return err ? -EFAULT : 0;
2316 }
2317
2318 /**
2319 * tty_do_resize - resize event
2320 * @tty: tty being resized
2321 * @ws: new dimensions
2322 *
2323 * Update the termios variables and send the necessary signals to peform a
2324 * terminal resize correctly.
2325 */
tty_do_resize(struct tty_struct * tty,struct winsize * ws)2326 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2327 {
2328 struct pid *pgrp;
2329
2330 /* Lock the tty */
2331 mutex_lock(&tty->winsize_mutex);
2332 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2333 goto done;
2334
2335 /* Signal the foreground process group */
2336 pgrp = tty_get_pgrp(tty);
2337 if (pgrp)
2338 kill_pgrp(pgrp, SIGWINCH, 1);
2339 put_pid(pgrp);
2340
2341 tty->winsize = *ws;
2342 done:
2343 mutex_unlock(&tty->winsize_mutex);
2344 return 0;
2345 }
2346 EXPORT_SYMBOL(tty_do_resize);
2347
2348 /**
2349 * tiocswinsz - implement window size set ioctl
2350 * @tty: tty side of tty
2351 * @arg: user buffer for result
2352 *
2353 * Copies the user idea of the window size to the kernel. Traditionally this is
2354 * just advisory information but for the Linux console it actually has driver
2355 * level meaning and triggers a VC resize.
2356 *
2357 * Locking:
2358 * Driver dependent. The default do_resize method takes the tty termios
2359 * mutex and ctrl.lock. The console takes its own lock then calls into the
2360 * default method.
2361 */
tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2362 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2363 {
2364 struct winsize tmp_ws;
2365
2366 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2367 return -EFAULT;
2368
2369 if (tty->ops->resize)
2370 return tty->ops->resize(tty, &tmp_ws);
2371 else
2372 return tty_do_resize(tty, &tmp_ws);
2373 }
2374
2375 /**
2376 * tioccons - allow admin to move logical console
2377 * @file: the file to become console
2378 *
2379 * Allow the administrator to move the redirected console device.
2380 *
2381 * Locking: uses redirect_lock to guard the redirect information
2382 */
tioccons(struct file * file)2383 static int tioccons(struct file *file)
2384 {
2385 if (!capable(CAP_SYS_ADMIN))
2386 return -EPERM;
2387 if (file->f_op->write_iter == redirected_tty_write) {
2388 struct file *f;
2389
2390 spin_lock(&redirect_lock);
2391 f = redirect;
2392 redirect = NULL;
2393 spin_unlock(&redirect_lock);
2394 if (f)
2395 fput(f);
2396 return 0;
2397 }
2398 if (file->f_op->write_iter != tty_write)
2399 return -ENOTTY;
2400 if (!(file->f_mode & FMODE_WRITE))
2401 return -EBADF;
2402 if (!(file->f_mode & FMODE_CAN_WRITE))
2403 return -EINVAL;
2404 spin_lock(&redirect_lock);
2405 if (redirect) {
2406 spin_unlock(&redirect_lock);
2407 return -EBUSY;
2408 }
2409 redirect = get_file(file);
2410 spin_unlock(&redirect_lock);
2411 return 0;
2412 }
2413
2414 /**
2415 * tiocsetd - set line discipline
2416 * @tty: tty device
2417 * @p: pointer to user data
2418 *
2419 * Set the line discipline according to user request.
2420 *
2421 * Locking: see tty_set_ldisc(), this function is just a helper
2422 */
tiocsetd(struct tty_struct * tty,int __user * p)2423 static int tiocsetd(struct tty_struct *tty, int __user *p)
2424 {
2425 int disc;
2426 int ret;
2427
2428 if (get_user(disc, p))
2429 return -EFAULT;
2430
2431 ret = tty_set_ldisc(tty, disc);
2432
2433 return ret;
2434 }
2435
2436 /**
2437 * tiocgetd - get line discipline
2438 * @tty: tty device
2439 * @p: pointer to user data
2440 *
2441 * Retrieves the line discipline id directly from the ldisc.
2442 *
2443 * Locking: waits for ldisc reference (in case the line discipline is changing
2444 * or the @tty is being hungup)
2445 */
tiocgetd(struct tty_struct * tty,int __user * p)2446 static int tiocgetd(struct tty_struct *tty, int __user *p)
2447 {
2448 struct tty_ldisc *ld;
2449 int ret;
2450
2451 ld = tty_ldisc_ref_wait(tty);
2452 if (!ld)
2453 return -EIO;
2454 ret = put_user(ld->ops->num, p);
2455 tty_ldisc_deref(ld);
2456 return ret;
2457 }
2458
2459 /**
2460 * send_break - performed time break
2461 * @tty: device to break on
2462 * @duration: timeout in mS
2463 *
2464 * Perform a timed break on hardware that lacks its own driver level timed
2465 * break functionality.
2466 *
2467 * Locking:
2468 * @tty->atomic_write_lock serializes
2469 */
send_break(struct tty_struct * tty,unsigned int duration)2470 static int send_break(struct tty_struct *tty, unsigned int duration)
2471 {
2472 int retval;
2473
2474 if (tty->ops->break_ctl == NULL)
2475 return 0;
2476
2477 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2478 return tty->ops->break_ctl(tty, duration);
2479
2480 /* Do the work ourselves */
2481 if (tty_write_lock(tty, false) < 0)
2482 return -EINTR;
2483
2484 retval = tty->ops->break_ctl(tty, -1);
2485 if (!retval) {
2486 msleep_interruptible(duration);
2487 retval = tty->ops->break_ctl(tty, 0);
2488 } else if (retval == -EOPNOTSUPP) {
2489 /* some drivers can tell only dynamically */
2490 retval = 0;
2491 }
2492 tty_write_unlock(tty);
2493
2494 if (signal_pending(current))
2495 retval = -EINTR;
2496
2497 return retval;
2498 }
2499
2500 /**
2501 * tty_tiocmget - get modem status
2502 * @tty: tty device
2503 * @p: pointer to result
2504 *
2505 * Obtain the modem status bits from the tty driver if the feature is
2506 * supported. Return -%ENOTTY if it is not available.
2507 *
2508 * Locking: none (up to the driver)
2509 */
tty_tiocmget(struct tty_struct * tty,int __user * p)2510 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2511 {
2512 int retval = -ENOTTY;
2513
2514 if (tty->ops->tiocmget) {
2515 retval = tty->ops->tiocmget(tty);
2516
2517 if (retval >= 0)
2518 retval = put_user(retval, p);
2519 }
2520 return retval;
2521 }
2522
2523 /**
2524 * tty_tiocmset - set modem status
2525 * @tty: tty device
2526 * @cmd: command - clear bits, set bits or set all
2527 * @p: pointer to desired bits
2528 *
2529 * Set the modem status bits from the tty driver if the feature
2530 * is supported. Return -%ENOTTY if it is not available.
2531 *
2532 * Locking: none (up to the driver)
2533 */
tty_tiocmset(struct tty_struct * tty,unsigned int cmd,unsigned __user * p)2534 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2535 unsigned __user *p)
2536 {
2537 int retval;
2538 unsigned int set, clear, val;
2539
2540 if (tty->ops->tiocmset == NULL)
2541 return -ENOTTY;
2542
2543 retval = get_user(val, p);
2544 if (retval)
2545 return retval;
2546 set = clear = 0;
2547 switch (cmd) {
2548 case TIOCMBIS:
2549 set = val;
2550 break;
2551 case TIOCMBIC:
2552 clear = val;
2553 break;
2554 case TIOCMSET:
2555 set = val;
2556 clear = ~val;
2557 break;
2558 }
2559 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2560 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2561 return tty->ops->tiocmset(tty, set, clear);
2562 }
2563
2564 /**
2565 * tty_get_icount - get tty statistics
2566 * @tty: tty device
2567 * @icount: output parameter
2568 *
2569 * Gets a copy of the @tty's icount statistics.
2570 *
2571 * Locking: none (up to the driver)
2572 */
tty_get_icount(struct tty_struct * tty,struct serial_icounter_struct * icount)2573 int tty_get_icount(struct tty_struct *tty,
2574 struct serial_icounter_struct *icount)
2575 {
2576 memset(icount, 0, sizeof(*icount));
2577
2578 if (tty->ops->get_icount)
2579 return tty->ops->get_icount(tty, icount);
2580 else
2581 return -ENOTTY;
2582 }
2583 EXPORT_SYMBOL_GPL(tty_get_icount);
2584
tty_tiocgicount(struct tty_struct * tty,void __user * arg)2585 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2586 {
2587 struct serial_icounter_struct icount;
2588 int retval;
2589
2590 retval = tty_get_icount(tty, &icount);
2591 if (retval != 0)
2592 return retval;
2593
2594 if (copy_to_user(arg, &icount, sizeof(icount)))
2595 return -EFAULT;
2596 return 0;
2597 }
2598
tty_set_serial(struct tty_struct * tty,struct serial_struct * ss)2599 static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2600 {
2601 char comm[TASK_COMM_LEN];
2602 int flags;
2603
2604 flags = ss->flags & ASYNC_DEPRECATED;
2605
2606 if (flags)
2607 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2608 __func__, get_task_comm(comm, current), flags);
2609
2610 if (!tty->ops->set_serial)
2611 return -ENOTTY;
2612
2613 return tty->ops->set_serial(tty, ss);
2614 }
2615
tty_tiocsserial(struct tty_struct * tty,struct serial_struct __user * ss)2616 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2617 {
2618 struct serial_struct v;
2619
2620 if (copy_from_user(&v, ss, sizeof(*ss)))
2621 return -EFAULT;
2622
2623 return tty_set_serial(tty, &v);
2624 }
2625
tty_tiocgserial(struct tty_struct * tty,struct serial_struct __user * ss)2626 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2627 {
2628 struct serial_struct v;
2629 int err;
2630
2631 memset(&v, 0, sizeof(v));
2632 if (!tty->ops->get_serial)
2633 return -ENOTTY;
2634 err = tty->ops->get_serial(tty, &v);
2635 if (!err && copy_to_user(ss, &v, sizeof(v)))
2636 err = -EFAULT;
2637 return err;
2638 }
2639
2640 /*
2641 * if pty, return the slave side (real_tty)
2642 * otherwise, return self
2643 */
tty_pair_get_tty(struct tty_struct * tty)2644 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2645 {
2646 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2647 tty->driver->subtype == PTY_TYPE_MASTER)
2648 tty = tty->link;
2649 return tty;
2650 }
2651
2652 /*
2653 * Split this up, as gcc can choke on it otherwise..
2654 */
tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2655 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2656 {
2657 struct tty_struct *tty = file_tty(file);
2658 struct tty_struct *real_tty;
2659 void __user *p = (void __user *)arg;
2660 int retval;
2661 struct tty_ldisc *ld;
2662
2663 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2664 return -EINVAL;
2665
2666 real_tty = tty_pair_get_tty(tty);
2667
2668 /*
2669 * Factor out some common prep work
2670 */
2671 switch (cmd) {
2672 case TIOCSETD:
2673 case TIOCSBRK:
2674 case TIOCCBRK:
2675 case TCSBRK:
2676 case TCSBRKP:
2677 retval = tty_check_change(tty);
2678 if (retval)
2679 return retval;
2680 if (cmd != TIOCCBRK) {
2681 tty_wait_until_sent(tty, 0);
2682 if (signal_pending(current))
2683 return -EINTR;
2684 }
2685 break;
2686 }
2687
2688 /*
2689 * Now do the stuff.
2690 */
2691 switch (cmd) {
2692 case TIOCSTI:
2693 return tiocsti(tty, p);
2694 case TIOCGWINSZ:
2695 return tiocgwinsz(real_tty, p);
2696 case TIOCSWINSZ:
2697 return tiocswinsz(real_tty, p);
2698 case TIOCCONS:
2699 return real_tty != tty ? -EINVAL : tioccons(file);
2700 case TIOCEXCL:
2701 set_bit(TTY_EXCLUSIVE, &tty->flags);
2702 return 0;
2703 case TIOCNXCL:
2704 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2705 return 0;
2706 case TIOCGEXCL:
2707 {
2708 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2709
2710 return put_user(excl, (int __user *)p);
2711 }
2712 case TIOCGETD:
2713 return tiocgetd(tty, p);
2714 case TIOCSETD:
2715 return tiocsetd(tty, p);
2716 case TIOCVHANGUP:
2717 if (!capable(CAP_SYS_ADMIN))
2718 return -EPERM;
2719 tty_vhangup(tty);
2720 return 0;
2721 case TIOCGDEV:
2722 {
2723 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2724
2725 return put_user(ret, (unsigned int __user *)p);
2726 }
2727 /*
2728 * Break handling
2729 */
2730 case TIOCSBRK: /* Turn break on, unconditionally */
2731 if (tty->ops->break_ctl)
2732 return tty->ops->break_ctl(tty, -1);
2733 return 0;
2734 case TIOCCBRK: /* Turn break off, unconditionally */
2735 if (tty->ops->break_ctl)
2736 return tty->ops->break_ctl(tty, 0);
2737 return 0;
2738 case TCSBRK: /* SVID version: non-zero arg --> no break */
2739 /* non-zero arg means wait for all output data
2740 * to be sent (performed above) but don't send break.
2741 * This is used by the tcdrain() termios function.
2742 */
2743 if (!arg)
2744 return send_break(tty, 250);
2745 return 0;
2746 case TCSBRKP: /* support for POSIX tcsendbreak() */
2747 return send_break(tty, arg ? arg*100 : 250);
2748
2749 case TIOCMGET:
2750 return tty_tiocmget(tty, p);
2751 case TIOCMSET:
2752 case TIOCMBIC:
2753 case TIOCMBIS:
2754 return tty_tiocmset(tty, cmd, p);
2755 case TIOCGICOUNT:
2756 return tty_tiocgicount(tty, p);
2757 case TCFLSH:
2758 switch (arg) {
2759 case TCIFLUSH:
2760 case TCIOFLUSH:
2761 /* flush tty buffer and allow ldisc to process ioctl */
2762 tty_buffer_flush(tty, NULL);
2763 break;
2764 }
2765 break;
2766 case TIOCSSERIAL:
2767 return tty_tiocsserial(tty, p);
2768 case TIOCGSERIAL:
2769 return tty_tiocgserial(tty, p);
2770 case TIOCGPTPEER:
2771 /* Special because the struct file is needed */
2772 return ptm_open_peer(file, tty, (int)arg);
2773 default:
2774 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2775 if (retval != -ENOIOCTLCMD)
2776 return retval;
2777 }
2778 if (tty->ops->ioctl) {
2779 retval = tty->ops->ioctl(tty, cmd, arg);
2780 if (retval != -ENOIOCTLCMD)
2781 return retval;
2782 }
2783 ld = tty_ldisc_ref_wait(tty);
2784 if (!ld)
2785 return hung_up_tty_ioctl(file, cmd, arg);
2786 retval = -EINVAL;
2787 if (ld->ops->ioctl) {
2788 retval = ld->ops->ioctl(tty, cmd, arg);
2789 if (retval == -ENOIOCTLCMD)
2790 retval = -ENOTTY;
2791 }
2792 tty_ldisc_deref(ld);
2793 return retval;
2794 }
2795
2796 #ifdef CONFIG_COMPAT
2797
2798 struct serial_struct32 {
2799 compat_int_t type;
2800 compat_int_t line;
2801 compat_uint_t port;
2802 compat_int_t irq;
2803 compat_int_t flags;
2804 compat_int_t xmit_fifo_size;
2805 compat_int_t custom_divisor;
2806 compat_int_t baud_base;
2807 unsigned short close_delay;
2808 char io_type;
2809 char reserved_char;
2810 compat_int_t hub6;
2811 unsigned short closing_wait; /* time to wait before closing */
2812 unsigned short closing_wait2; /* no longer used... */
2813 compat_uint_t iomem_base;
2814 unsigned short iomem_reg_shift;
2815 unsigned int port_high;
2816 /* compat_ulong_t iomap_base FIXME */
2817 compat_int_t reserved;
2818 };
2819
compat_tty_tiocsserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2820 static int compat_tty_tiocsserial(struct tty_struct *tty,
2821 struct serial_struct32 __user *ss)
2822 {
2823 struct serial_struct32 v32;
2824 struct serial_struct v;
2825
2826 if (copy_from_user(&v32, ss, sizeof(*ss)))
2827 return -EFAULT;
2828
2829 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2830 v.iomem_base = compat_ptr(v32.iomem_base);
2831 v.iomem_reg_shift = v32.iomem_reg_shift;
2832 v.port_high = v32.port_high;
2833 v.iomap_base = 0;
2834
2835 return tty_set_serial(tty, &v);
2836 }
2837
compat_tty_tiocgserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2838 static int compat_tty_tiocgserial(struct tty_struct *tty,
2839 struct serial_struct32 __user *ss)
2840 {
2841 struct serial_struct32 v32;
2842 struct serial_struct v;
2843 int err;
2844
2845 memset(&v, 0, sizeof(v));
2846 memset(&v32, 0, sizeof(v32));
2847
2848 if (!tty->ops->get_serial)
2849 return -ENOTTY;
2850 err = tty->ops->get_serial(tty, &v);
2851 if (!err) {
2852 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2853 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2854 0xfffffff : ptr_to_compat(v.iomem_base);
2855 v32.iomem_reg_shift = v.iomem_reg_shift;
2856 v32.port_high = v.port_high;
2857 if (copy_to_user(ss, &v32, sizeof(v32)))
2858 err = -EFAULT;
2859 }
2860 return err;
2861 }
tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2862 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2863 unsigned long arg)
2864 {
2865 struct tty_struct *tty = file_tty(file);
2866 struct tty_ldisc *ld;
2867 int retval = -ENOIOCTLCMD;
2868
2869 switch (cmd) {
2870 case TIOCOUTQ:
2871 case TIOCSTI:
2872 case TIOCGWINSZ:
2873 case TIOCSWINSZ:
2874 case TIOCGEXCL:
2875 case TIOCGETD:
2876 case TIOCSETD:
2877 case TIOCGDEV:
2878 case TIOCMGET:
2879 case TIOCMSET:
2880 case TIOCMBIC:
2881 case TIOCMBIS:
2882 case TIOCGICOUNT:
2883 case TIOCGPGRP:
2884 case TIOCSPGRP:
2885 case TIOCGSID:
2886 case TIOCSERGETLSR:
2887 case TIOCGRS485:
2888 case TIOCSRS485:
2889 #ifdef TIOCGETP
2890 case TIOCGETP:
2891 case TIOCSETP:
2892 case TIOCSETN:
2893 #endif
2894 #ifdef TIOCGETC
2895 case TIOCGETC:
2896 case TIOCSETC:
2897 #endif
2898 #ifdef TIOCGLTC
2899 case TIOCGLTC:
2900 case TIOCSLTC:
2901 #endif
2902 case TCSETSF:
2903 case TCSETSW:
2904 case TCSETS:
2905 case TCGETS:
2906 #ifdef TCGETS2
2907 case TCGETS2:
2908 case TCSETSF2:
2909 case TCSETSW2:
2910 case TCSETS2:
2911 #endif
2912 case TCGETA:
2913 case TCSETAF:
2914 case TCSETAW:
2915 case TCSETA:
2916 case TIOCGLCKTRMIOS:
2917 case TIOCSLCKTRMIOS:
2918 #ifdef TCGETX
2919 case TCGETX:
2920 case TCSETX:
2921 case TCSETXW:
2922 case TCSETXF:
2923 #endif
2924 case TIOCGSOFTCAR:
2925 case TIOCSSOFTCAR:
2926
2927 case PPPIOCGCHAN:
2928 case PPPIOCGUNIT:
2929 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2930 case TIOCCONS:
2931 case TIOCEXCL:
2932 case TIOCNXCL:
2933 case TIOCVHANGUP:
2934 case TIOCSBRK:
2935 case TIOCCBRK:
2936 case TCSBRK:
2937 case TCSBRKP:
2938 case TCFLSH:
2939 case TIOCGPTPEER:
2940 case TIOCNOTTY:
2941 case TIOCSCTTY:
2942 case TCXONC:
2943 case TIOCMIWAIT:
2944 case TIOCSERCONFIG:
2945 return tty_ioctl(file, cmd, arg);
2946 }
2947
2948 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2949 return -EINVAL;
2950
2951 switch (cmd) {
2952 case TIOCSSERIAL:
2953 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2954 case TIOCGSERIAL:
2955 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2956 }
2957 if (tty->ops->compat_ioctl) {
2958 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2959 if (retval != -ENOIOCTLCMD)
2960 return retval;
2961 }
2962
2963 ld = tty_ldisc_ref_wait(tty);
2964 if (!ld)
2965 return hung_up_tty_compat_ioctl(file, cmd, arg);
2966 if (ld->ops->compat_ioctl)
2967 retval = ld->ops->compat_ioctl(tty, cmd, arg);
2968 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2969 retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2970 arg);
2971 tty_ldisc_deref(ld);
2972
2973 return retval;
2974 }
2975 #endif
2976
this_tty(const void * t,struct file * file,unsigned fd)2977 static int this_tty(const void *t, struct file *file, unsigned fd)
2978 {
2979 if (likely(file->f_op->read_iter != tty_read))
2980 return 0;
2981 return file_tty(file) != t ? 0 : fd + 1;
2982 }
2983
2984 /*
2985 * This implements the "Secure Attention Key" --- the idea is to
2986 * prevent trojan horses by killing all processes associated with this
2987 * tty when the user hits the "Secure Attention Key". Required for
2988 * super-paranoid applications --- see the Orange Book for more details.
2989 *
2990 * This code could be nicer; ideally it should send a HUP, wait a few
2991 * seconds, then send a INT, and then a KILL signal. But you then
2992 * have to coordinate with the init process, since all processes associated
2993 * with the current tty must be dead before the new getty is allowed
2994 * to spawn.
2995 *
2996 * Now, if it would be correct ;-/ The current code has a nasty hole -
2997 * it doesn't catch files in flight. We may send the descriptor to ourselves
2998 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2999 *
3000 * Nasty bug: do_SAK is being called in interrupt context. This can
3001 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3002 */
__do_SAK(struct tty_struct * tty)3003 void __do_SAK(struct tty_struct *tty)
3004 {
3005 struct task_struct *g, *p;
3006 struct pid *session;
3007 int i;
3008 unsigned long flags;
3009
3010 spin_lock_irqsave(&tty->ctrl.lock, flags);
3011 session = get_pid(tty->ctrl.session);
3012 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3013
3014 tty_ldisc_flush(tty);
3015
3016 tty_driver_flush_buffer(tty);
3017
3018 read_lock(&tasklist_lock);
3019 /* Kill the entire session */
3020 do_each_pid_task(session, PIDTYPE_SID, p) {
3021 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3022 task_pid_nr(p), p->comm);
3023 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3024 } while_each_pid_task(session, PIDTYPE_SID, p);
3025
3026 /* Now kill any processes that happen to have the tty open */
3027 for_each_process_thread(g, p) {
3028 if (p->signal->tty == tty) {
3029 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3030 task_pid_nr(p), p->comm);
3031 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3032 PIDTYPE_SID);
3033 continue;
3034 }
3035 task_lock(p);
3036 i = iterate_fd(p->files, 0, this_tty, tty);
3037 if (i != 0) {
3038 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3039 task_pid_nr(p), p->comm, i - 1);
3040 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3041 PIDTYPE_SID);
3042 }
3043 task_unlock(p);
3044 }
3045 read_unlock(&tasklist_lock);
3046 put_pid(session);
3047 }
3048
do_SAK_work(struct work_struct * work)3049 static void do_SAK_work(struct work_struct *work)
3050 {
3051 struct tty_struct *tty =
3052 container_of(work, struct tty_struct, SAK_work);
3053 __do_SAK(tty);
3054 }
3055
3056 /*
3057 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3058 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3059 * the values which we write to it will be identical to the values which it
3060 * already has. --akpm
3061 */
do_SAK(struct tty_struct * tty)3062 void do_SAK(struct tty_struct *tty)
3063 {
3064 if (!tty)
3065 return;
3066 schedule_work(&tty->SAK_work);
3067 }
3068 EXPORT_SYMBOL(do_SAK);
3069
3070 /* Must put_device() after it's unused! */
tty_get_device(struct tty_struct * tty)3071 static struct device *tty_get_device(struct tty_struct *tty)
3072 {
3073 dev_t devt = tty_devnum(tty);
3074
3075 return class_find_device_by_devt(&tty_class, devt);
3076 }
3077
3078
3079 /**
3080 * alloc_tty_struct - allocate a new tty
3081 * @driver: driver which will handle the returned tty
3082 * @idx: minor of the tty
3083 *
3084 * This subroutine allocates and initializes a tty structure.
3085 *
3086 * Locking: none - @tty in question is not exposed at this point
3087 */
alloc_tty_struct(struct tty_driver * driver,int idx)3088 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3089 {
3090 struct tty_struct *tty;
3091
3092 tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3093 if (!tty)
3094 return NULL;
3095
3096 kref_init(&tty->kref);
3097 if (tty_ldisc_init(tty)) {
3098 kfree(tty);
3099 return NULL;
3100 }
3101 tty->ctrl.session = NULL;
3102 tty->ctrl.pgrp = NULL;
3103 mutex_init(&tty->legacy_mutex);
3104 mutex_init(&tty->throttle_mutex);
3105 init_rwsem(&tty->termios_rwsem);
3106 mutex_init(&tty->winsize_mutex);
3107 init_ldsem(&tty->ldisc_sem);
3108 init_waitqueue_head(&tty->write_wait);
3109 init_waitqueue_head(&tty->read_wait);
3110 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3111 mutex_init(&tty->atomic_write_lock);
3112 spin_lock_init(&tty->ctrl.lock);
3113 spin_lock_init(&tty->flow.lock);
3114 spin_lock_init(&tty->files_lock);
3115 INIT_LIST_HEAD(&tty->tty_files);
3116 INIT_WORK(&tty->SAK_work, do_SAK_work);
3117
3118 tty->driver = driver;
3119 tty->ops = driver->ops;
3120 tty->index = idx;
3121 tty_line_name(driver, idx, tty->name);
3122 tty->dev = tty_get_device(tty);
3123
3124 return tty;
3125 }
3126
3127 /**
3128 * tty_put_char - write one character to a tty
3129 * @tty: tty
3130 * @ch: character to write
3131 *
3132 * Write one byte to the @tty using the provided @tty->ops->put_char() method
3133 * if present.
3134 *
3135 * Note: the specific put_char operation in the driver layer may go
3136 * away soon. Don't call it directly, use this method
3137 *
3138 * Return: the number of characters successfully output.
3139 */
tty_put_char(struct tty_struct * tty,unsigned char ch)3140 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3141 {
3142 if (tty->ops->put_char)
3143 return tty->ops->put_char(tty, ch);
3144 return tty->ops->write(tty, &ch, 1);
3145 }
3146 EXPORT_SYMBOL_GPL(tty_put_char);
3147
tty_cdev_add(struct tty_driver * driver,dev_t dev,unsigned int index,unsigned int count)3148 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3149 unsigned int index, unsigned int count)
3150 {
3151 int err;
3152
3153 /* init here, since reused cdevs cause crashes */
3154 driver->cdevs[index] = cdev_alloc();
3155 if (!driver->cdevs[index])
3156 return -ENOMEM;
3157 driver->cdevs[index]->ops = &tty_fops;
3158 driver->cdevs[index]->owner = driver->owner;
3159 err = cdev_add(driver->cdevs[index], dev, count);
3160 if (err)
3161 kobject_put(&driver->cdevs[index]->kobj);
3162 return err;
3163 }
3164
3165 /**
3166 * tty_register_device - register a tty device
3167 * @driver: the tty driver that describes the tty device
3168 * @index: the index in the tty driver for this tty device
3169 * @device: a struct device that is associated with this tty device.
3170 * This field is optional, if there is no known struct device
3171 * for this tty device it can be set to NULL safely.
3172 *
3173 * This call is required to be made to register an individual tty device
3174 * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3175 * that bit is not set, this function should not be called by a tty
3176 * driver.
3177 *
3178 * Locking: ??
3179 *
3180 * Return: A pointer to the struct device for this tty device (or
3181 * ERR_PTR(-EFOO) on error).
3182 */
tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)3183 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3184 struct device *device)
3185 {
3186 return tty_register_device_attr(driver, index, device, NULL, NULL);
3187 }
3188 EXPORT_SYMBOL(tty_register_device);
3189
tty_device_create_release(struct device * dev)3190 static void tty_device_create_release(struct device *dev)
3191 {
3192 dev_dbg(dev, "releasing...\n");
3193 kfree(dev);
3194 }
3195
3196 /**
3197 * tty_register_device_attr - register a tty device
3198 * @driver: the tty driver that describes the tty device
3199 * @index: the index in the tty driver for this tty device
3200 * @device: a struct device that is associated with this tty device.
3201 * This field is optional, if there is no known struct device
3202 * for this tty device it can be set to %NULL safely.
3203 * @drvdata: Driver data to be set to device.
3204 * @attr_grp: Attribute group to be set on device.
3205 *
3206 * This call is required to be made to register an individual tty device if the
3207 * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3208 * not set, this function should not be called by a tty driver.
3209 *
3210 * Locking: ??
3211 *
3212 * Return: A pointer to the struct device for this tty device (or
3213 * ERR_PTR(-EFOO) on error).
3214 */
tty_register_device_attr(struct tty_driver * driver,unsigned index,struct device * device,void * drvdata,const struct attribute_group ** attr_grp)3215 struct device *tty_register_device_attr(struct tty_driver *driver,
3216 unsigned index, struct device *device,
3217 void *drvdata,
3218 const struct attribute_group **attr_grp)
3219 {
3220 char name[64];
3221 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3222 struct ktermios *tp;
3223 struct device *dev;
3224 int retval;
3225
3226 if (index >= driver->num) {
3227 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3228 driver->name, index);
3229 return ERR_PTR(-EINVAL);
3230 }
3231
3232 if (driver->type == TTY_DRIVER_TYPE_PTY)
3233 pty_line_name(driver, index, name);
3234 else
3235 tty_line_name(driver, index, name);
3236
3237 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3238 if (!dev)
3239 return ERR_PTR(-ENOMEM);
3240
3241 dev->devt = devt;
3242 dev->class = &tty_class;
3243 dev->parent = device;
3244 dev->release = tty_device_create_release;
3245 dev_set_name(dev, "%s", name);
3246 dev->groups = attr_grp;
3247 dev_set_drvdata(dev, drvdata);
3248
3249 dev_set_uevent_suppress(dev, 1);
3250
3251 retval = device_register(dev);
3252 if (retval)
3253 goto err_put;
3254
3255 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3256 /*
3257 * Free any saved termios data so that the termios state is
3258 * reset when reusing a minor number.
3259 */
3260 tp = driver->termios[index];
3261 if (tp) {
3262 driver->termios[index] = NULL;
3263 kfree(tp);
3264 }
3265
3266 retval = tty_cdev_add(driver, devt, index, 1);
3267 if (retval)
3268 goto err_del;
3269 }
3270
3271 dev_set_uevent_suppress(dev, 0);
3272 kobject_uevent(&dev->kobj, KOBJ_ADD);
3273
3274 return dev;
3275
3276 err_del:
3277 device_del(dev);
3278 err_put:
3279 put_device(dev);
3280
3281 return ERR_PTR(retval);
3282 }
3283 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3284
3285 /**
3286 * tty_unregister_device - unregister a tty device
3287 * @driver: the tty driver that describes the tty device
3288 * @index: the index in the tty driver for this tty device
3289 *
3290 * If a tty device is registered with a call to tty_register_device() then
3291 * this function must be called when the tty device is gone.
3292 *
3293 * Locking: ??
3294 */
tty_unregister_device(struct tty_driver * driver,unsigned index)3295 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3296 {
3297 device_destroy(&tty_class, MKDEV(driver->major, driver->minor_start) + index);
3298 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3299 cdev_del(driver->cdevs[index]);
3300 driver->cdevs[index] = NULL;
3301 }
3302 }
3303 EXPORT_SYMBOL(tty_unregister_device);
3304
3305 /**
3306 * __tty_alloc_driver -- allocate tty driver
3307 * @lines: count of lines this driver can handle at most
3308 * @owner: module which is responsible for this driver
3309 * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
3310 *
3311 * This should not be called directly, some of the provided macros should be
3312 * used instead. Use IS_ERR() and friends on @retval.
3313 */
__tty_alloc_driver(unsigned int lines,struct module * owner,unsigned long flags)3314 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3315 unsigned long flags)
3316 {
3317 struct tty_driver *driver;
3318 unsigned int cdevs = 1;
3319 int err;
3320
3321 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3322 return ERR_PTR(-EINVAL);
3323
3324 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3325 if (!driver)
3326 return ERR_PTR(-ENOMEM);
3327
3328 kref_init(&driver->kref);
3329 driver->num = lines;
3330 driver->owner = owner;
3331 driver->flags = flags;
3332
3333 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3334 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3335 GFP_KERNEL);
3336 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3337 GFP_KERNEL);
3338 if (!driver->ttys || !driver->termios) {
3339 err = -ENOMEM;
3340 goto err_free_all;
3341 }
3342 }
3343
3344 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3345 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3346 GFP_KERNEL);
3347 if (!driver->ports) {
3348 err = -ENOMEM;
3349 goto err_free_all;
3350 }
3351 cdevs = lines;
3352 }
3353
3354 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3355 if (!driver->cdevs) {
3356 err = -ENOMEM;
3357 goto err_free_all;
3358 }
3359
3360 return driver;
3361 err_free_all:
3362 kfree(driver->ports);
3363 kfree(driver->ttys);
3364 kfree(driver->termios);
3365 kfree(driver->cdevs);
3366 kfree(driver);
3367 return ERR_PTR(err);
3368 }
3369 EXPORT_SYMBOL(__tty_alloc_driver);
3370
destruct_tty_driver(struct kref * kref)3371 static void destruct_tty_driver(struct kref *kref)
3372 {
3373 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3374 int i;
3375 struct ktermios *tp;
3376
3377 if (driver->flags & TTY_DRIVER_INSTALLED) {
3378 for (i = 0; i < driver->num; i++) {
3379 tp = driver->termios[i];
3380 if (tp) {
3381 driver->termios[i] = NULL;
3382 kfree(tp);
3383 }
3384 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3385 tty_unregister_device(driver, i);
3386 }
3387 proc_tty_unregister_driver(driver);
3388 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3389 cdev_del(driver->cdevs[0]);
3390 }
3391 kfree(driver->cdevs);
3392 kfree(driver->ports);
3393 kfree(driver->termios);
3394 kfree(driver->ttys);
3395 kfree(driver);
3396 }
3397
3398 /**
3399 * tty_driver_kref_put -- drop a reference to a tty driver
3400 * @driver: driver of which to drop the reference
3401 *
3402 * The final put will destroy and free up the driver.
3403 */
tty_driver_kref_put(struct tty_driver * driver)3404 void tty_driver_kref_put(struct tty_driver *driver)
3405 {
3406 kref_put(&driver->kref, destruct_tty_driver);
3407 }
3408 EXPORT_SYMBOL(tty_driver_kref_put);
3409
3410 /**
3411 * tty_register_driver -- register a tty driver
3412 * @driver: driver to register
3413 *
3414 * Called by a tty driver to register itself.
3415 */
tty_register_driver(struct tty_driver * driver)3416 int tty_register_driver(struct tty_driver *driver)
3417 {
3418 int error;
3419 int i;
3420 dev_t dev;
3421 struct device *d;
3422
3423 if (!driver->major) {
3424 error = alloc_chrdev_region(&dev, driver->minor_start,
3425 driver->num, driver->name);
3426 if (!error) {
3427 driver->major = MAJOR(dev);
3428 driver->minor_start = MINOR(dev);
3429 }
3430 } else {
3431 dev = MKDEV(driver->major, driver->minor_start);
3432 error = register_chrdev_region(dev, driver->num, driver->name);
3433 }
3434 if (error < 0)
3435 goto err;
3436
3437 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3438 error = tty_cdev_add(driver, dev, 0, driver->num);
3439 if (error)
3440 goto err_unreg_char;
3441 }
3442
3443 mutex_lock(&tty_mutex);
3444 list_add(&driver->tty_drivers, &tty_drivers);
3445 mutex_unlock(&tty_mutex);
3446
3447 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3448 for (i = 0; i < driver->num; i++) {
3449 d = tty_register_device(driver, i, NULL);
3450 if (IS_ERR(d)) {
3451 error = PTR_ERR(d);
3452 goto err_unreg_devs;
3453 }
3454 }
3455 }
3456 proc_tty_register_driver(driver);
3457 driver->flags |= TTY_DRIVER_INSTALLED;
3458 return 0;
3459
3460 err_unreg_devs:
3461 for (i--; i >= 0; i--)
3462 tty_unregister_device(driver, i);
3463
3464 mutex_lock(&tty_mutex);
3465 list_del(&driver->tty_drivers);
3466 mutex_unlock(&tty_mutex);
3467
3468 err_unreg_char:
3469 unregister_chrdev_region(dev, driver->num);
3470 err:
3471 return error;
3472 }
3473 EXPORT_SYMBOL(tty_register_driver);
3474
3475 /**
3476 * tty_unregister_driver -- unregister a tty driver
3477 * @driver: driver to unregister
3478 *
3479 * Called by a tty driver to unregister itself.
3480 */
tty_unregister_driver(struct tty_driver * driver)3481 void tty_unregister_driver(struct tty_driver *driver)
3482 {
3483 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3484 driver->num);
3485 mutex_lock(&tty_mutex);
3486 list_del(&driver->tty_drivers);
3487 mutex_unlock(&tty_mutex);
3488 }
3489 EXPORT_SYMBOL(tty_unregister_driver);
3490
tty_devnum(struct tty_struct * tty)3491 dev_t tty_devnum(struct tty_struct *tty)
3492 {
3493 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3494 }
3495 EXPORT_SYMBOL(tty_devnum);
3496
tty_default_fops(struct file_operations * fops)3497 void tty_default_fops(struct file_operations *fops)
3498 {
3499 *fops = tty_fops;
3500 }
3501
tty_devnode(const struct device * dev,umode_t * mode)3502 static char *tty_devnode(const struct device *dev, umode_t *mode)
3503 {
3504 if (!mode)
3505 return NULL;
3506 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3507 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3508 *mode = 0666;
3509 return NULL;
3510 }
3511
3512 const struct class tty_class = {
3513 .name = "tty",
3514 .devnode = tty_devnode,
3515 };
3516
tty_class_init(void)3517 static int __init tty_class_init(void)
3518 {
3519 return class_register(&tty_class);
3520 }
3521
3522 postcore_initcall(tty_class_init);
3523
3524 /* 3/2004 jmc: why do these devices exist? */
3525 static struct cdev tty_cdev, console_cdev;
3526
show_cons_active(struct device * dev,struct device_attribute * attr,char * buf)3527 static ssize_t show_cons_active(struct device *dev,
3528 struct device_attribute *attr, char *buf)
3529 {
3530 struct console *cs[16];
3531 int i = 0;
3532 struct console *c;
3533 ssize_t count = 0;
3534
3535 /*
3536 * Hold the console_list_lock to guarantee that no consoles are
3537 * unregistered until all console processing is complete.
3538 * This also allows safe traversal of the console list and
3539 * race-free reading of @flags.
3540 */
3541 console_list_lock();
3542
3543 for_each_console(c) {
3544 if (!c->device)
3545 continue;
3546 if (!c->write)
3547 continue;
3548 if ((c->flags & CON_ENABLED) == 0)
3549 continue;
3550 cs[i++] = c;
3551 if (i >= ARRAY_SIZE(cs))
3552 break;
3553 }
3554
3555 /*
3556 * Take console_lock to serialize device() callback with
3557 * other console operations. For example, fg_console is
3558 * modified under console_lock when switching vt.
3559 */
3560 console_lock();
3561 while (i--) {
3562 int index = cs[i]->index;
3563 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3564
3565 /* don't resolve tty0 as some programs depend on it */
3566 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3567 count += tty_line_name(drv, index, buf + count);
3568 else
3569 count += sprintf(buf + count, "%s%d",
3570 cs[i]->name, cs[i]->index);
3571
3572 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3573 }
3574 console_unlock();
3575
3576 console_list_unlock();
3577
3578 return count;
3579 }
3580 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3581
3582 static struct attribute *cons_dev_attrs[] = {
3583 &dev_attr_active.attr,
3584 NULL
3585 };
3586
3587 ATTRIBUTE_GROUPS(cons_dev);
3588
3589 static struct device *consdev;
3590
console_sysfs_notify(void)3591 void console_sysfs_notify(void)
3592 {
3593 if (consdev)
3594 sysfs_notify(&consdev->kobj, NULL, "active");
3595 }
3596
3597 static struct ctl_table tty_table[] = {
3598 {
3599 .procname = "legacy_tiocsti",
3600 .data = &tty_legacy_tiocsti,
3601 .maxlen = sizeof(tty_legacy_tiocsti),
3602 .mode = 0644,
3603 .proc_handler = proc_dobool,
3604 },
3605 {
3606 .procname = "ldisc_autoload",
3607 .data = &tty_ldisc_autoload,
3608 .maxlen = sizeof(tty_ldisc_autoload),
3609 .mode = 0644,
3610 .proc_handler = proc_dointvec_minmax,
3611 .extra1 = SYSCTL_ZERO,
3612 .extra2 = SYSCTL_ONE,
3613 },
3614 { }
3615 };
3616
3617 /*
3618 * Ok, now we can initialize the rest of the tty devices and can count
3619 * on memory allocations, interrupts etc..
3620 */
tty_init(void)3621 int __init tty_init(void)
3622 {
3623 register_sysctl_init("dev/tty", tty_table);
3624 cdev_init(&tty_cdev, &tty_fops);
3625 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3626 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3627 panic("Couldn't register /dev/tty driver\n");
3628 device_create(&tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3629
3630 cdev_init(&console_cdev, &console_fops);
3631 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3632 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3633 panic("Couldn't register /dev/console driver\n");
3634 consdev = device_create_with_groups(&tty_class, NULL,
3635 MKDEV(TTYAUX_MAJOR, 1), NULL,
3636 cons_dev_groups, "console");
3637 if (IS_ERR(consdev))
3638 consdev = NULL;
3639
3640 #ifdef CONFIG_VT
3641 vty_init(&console_fops);
3642 #endif
3643 return 0;
3644 }
3645