1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 /* 7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 8 * or rs-channels. It also implements echoing, cooked mode etc. 9 * 10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 11 * 12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 13 * tty_struct and tty_queue structures. Previously there was an array 14 * of 256 tty_struct's which was statically allocated, and the 15 * tty_queue structures were allocated at boot time. Both are now 16 * dynamically allocated only when the tty is open. 17 * 18 * Also restructured routines so that there is more of a separation 19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 20 * the low-level tty routines (serial.c, pty.c, console.c). This 21 * makes for cleaner and more compact code. -TYT, 9/17/92 22 * 23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 24 * which can be dynamically activated and de-activated by the line 25 * discipline handling modules (like SLIP). 26 * 27 * NOTE: pay no attention to the line discipline code (yet); its 28 * interface is still subject to change in this version... 29 * -- TYT, 1/31/92 30 * 31 * Added functionality to the OPOST tty handling. No delays, but all 32 * other bits should be there. 33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 34 * 35 * Rewrote canonical mode and added more termios flags. 36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 37 * 38 * Reorganized FASYNC support so mouse code can share it. 39 * -- ctm@ardi.com, 9Sep95 40 * 41 * New TIOCLINUX variants added. 42 * -- mj@k332.feld.cvut.cz, 19-Nov-95 43 * 44 * Restrict vt switching via ioctl() 45 * -- grif@cs.ucr.edu, 5-Dec-95 46 * 47 * Move console and virtual terminal code to more appropriate files, 48 * implement CONFIG_VT and generalize console device interface. 49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 50 * 51 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 52 * -- Bill Hawes <whawes@star.net>, June 97 53 * 54 * Added devfs support. 55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 56 * 57 * Added support for a Unix98-style ptmx device. 58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 59 * 60 * Reduced memory usage for older ARM systems 61 * -- Russell King <rmk@arm.linux.org.uk> 62 * 63 * Move do_SAK() into process context. Less stack use in devfs functions. 64 * alloc_tty_struct() always uses kmalloc() 65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 66 */ 67 68 #include <linux/types.h> 69 #include <linux/major.h> 70 #include <linux/errno.h> 71 #include <linux/signal.h> 72 #include <linux/fcntl.h> 73 #include <linux/sched/signal.h> 74 #include <linux/sched/task.h> 75 #include <linux/interrupt.h> 76 #include <linux/tty.h> 77 #include <linux/tty_driver.h> 78 #include <linux/tty_flip.h> 79 #include <linux/devpts_fs.h> 80 #include <linux/file.h> 81 #include <linux/fdtable.h> 82 #include <linux/console.h> 83 #include <linux/timer.h> 84 #include <linux/ctype.h> 85 #include <linux/kd.h> 86 #include <linux/mm.h> 87 #include <linux/string.h> 88 #include <linux/slab.h> 89 #include <linux/poll.h> 90 #include <linux/ppp-ioctl.h> 91 #include <linux/proc_fs.h> 92 #include <linux/init.h> 93 #include <linux/module.h> 94 #include <linux/device.h> 95 #include <linux/wait.h> 96 #include <linux/bitops.h> 97 #include <linux/delay.h> 98 #include <linux/seq_file.h> 99 #include <linux/serial.h> 100 #include <linux/ratelimit.h> 101 #include <linux/compat.h> 102 103 #include <linux/uaccess.h> 104 105 #include <linux/kbd_kern.h> 106 #include <linux/vt_kern.h> 107 #include <linux/selection.h> 108 109 #include <linux/kmod.h> 110 #include <linux/nsproxy.h> 111 112 #undef TTY_DEBUG_HANGUP 113 #ifdef TTY_DEBUG_HANGUP 114 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 115 #else 116 # define tty_debug_hangup(tty, f, args...) do { } while (0) 117 #endif 118 119 #define TTY_PARANOIA_CHECK 1 120 #define CHECK_TTY_COUNT 1 121 122 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 123 .c_iflag = ICRNL | IXON, 124 .c_oflag = OPOST | ONLCR, 125 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 126 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 127 ECHOCTL | ECHOKE | IEXTEN, 128 .c_cc = INIT_C_CC, 129 .c_ispeed = 38400, 130 .c_ospeed = 38400, 131 /* .c_line = N_TTY, */ 132 }; 133 134 EXPORT_SYMBOL(tty_std_termios); 135 136 /* This list gets poked at by procfs and various bits of boot up code. This 137 could do with some rationalisation such as pulling the tty proc function 138 into this file */ 139 140 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 141 142 /* Mutex to protect creating and releasing a tty */ 143 DEFINE_MUTEX(tty_mutex); 144 145 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 146 static ssize_t tty_write(struct kiocb *, struct iov_iter *); 147 ssize_t redirected_tty_write(struct kiocb *, struct iov_iter *); 148 static __poll_t tty_poll(struct file *, poll_table *); 149 static int tty_open(struct inode *, struct file *); 150 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 151 #ifdef CONFIG_COMPAT 152 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 153 unsigned long arg); 154 #else 155 #define tty_compat_ioctl NULL 156 #endif 157 static int __tty_fasync(int fd, struct file *filp, int on); 158 static int tty_fasync(int fd, struct file *filp, int on); 159 static void release_tty(struct tty_struct *tty, int idx); 160 161 /** 162 * free_tty_struct - free a disused tty 163 * @tty: tty struct to free 164 * 165 * Free the write buffers, tty queue and tty memory itself. 166 * 167 * Locking: none. Must be called after tty is definitely unused 168 */ 169 170 static void free_tty_struct(struct tty_struct *tty) 171 { 172 tty_ldisc_deinit(tty); 173 put_device(tty->dev); 174 kfree(tty->write_buf); 175 tty->magic = 0xDEADDEAD; 176 kfree(tty); 177 } 178 179 static inline struct tty_struct *file_tty(struct file *file) 180 { 181 return ((struct tty_file_private *)file->private_data)->tty; 182 } 183 184 int tty_alloc_file(struct file *file) 185 { 186 struct tty_file_private *priv; 187 188 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 189 if (!priv) 190 return -ENOMEM; 191 192 file->private_data = priv; 193 194 return 0; 195 } 196 197 /* Associate a new file with the tty structure */ 198 void tty_add_file(struct tty_struct *tty, struct file *file) 199 { 200 struct tty_file_private *priv = file->private_data; 201 202 priv->tty = tty; 203 priv->file = file; 204 205 spin_lock(&tty->files_lock); 206 list_add(&priv->list, &tty->tty_files); 207 spin_unlock(&tty->files_lock); 208 } 209 210 /** 211 * tty_free_file - free file->private_data 212 * 213 * This shall be used only for fail path handling when tty_add_file was not 214 * called yet. 215 */ 216 void tty_free_file(struct file *file) 217 { 218 struct tty_file_private *priv = file->private_data; 219 220 file->private_data = NULL; 221 kfree(priv); 222 } 223 224 /* Delete file from its tty */ 225 static void tty_del_file(struct file *file) 226 { 227 struct tty_file_private *priv = file->private_data; 228 struct tty_struct *tty = priv->tty; 229 230 spin_lock(&tty->files_lock); 231 list_del(&priv->list); 232 spin_unlock(&tty->files_lock); 233 tty_free_file(file); 234 } 235 236 /** 237 * tty_name - return tty naming 238 * @tty: tty structure 239 * 240 * Convert a tty structure into a name. The name reflects the kernel 241 * naming policy and if udev is in use may not reflect user space 242 * 243 * Locking: none 244 */ 245 246 const char *tty_name(const struct tty_struct *tty) 247 { 248 if (!tty) /* Hmm. NULL pointer. That's fun. */ 249 return "NULL tty"; 250 return tty->name; 251 } 252 253 EXPORT_SYMBOL(tty_name); 254 255 const char *tty_driver_name(const struct tty_struct *tty) 256 { 257 if (!tty || !tty->driver) 258 return ""; 259 return tty->driver->name; 260 } 261 262 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 263 const char *routine) 264 { 265 #ifdef TTY_PARANOIA_CHECK 266 if (!tty) { 267 pr_warn("(%d:%d): %s: NULL tty\n", 268 imajor(inode), iminor(inode), routine); 269 return 1; 270 } 271 if (tty->magic != TTY_MAGIC) { 272 pr_warn("(%d:%d): %s: bad magic number\n", 273 imajor(inode), iminor(inode), routine); 274 return 1; 275 } 276 #endif 277 return 0; 278 } 279 280 /* Caller must hold tty_lock */ 281 static int check_tty_count(struct tty_struct *tty, const char *routine) 282 { 283 #ifdef CHECK_TTY_COUNT 284 struct list_head *p; 285 int count = 0, kopen_count = 0; 286 287 spin_lock(&tty->files_lock); 288 list_for_each(p, &tty->tty_files) { 289 count++; 290 } 291 spin_unlock(&tty->files_lock); 292 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 293 tty->driver->subtype == PTY_TYPE_SLAVE && 294 tty->link && tty->link->count) 295 count++; 296 if (tty_port_kopened(tty->port)) 297 kopen_count++; 298 if (tty->count != (count + kopen_count)) { 299 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n", 300 routine, tty->count, count, kopen_count); 301 return (count + kopen_count); 302 } 303 #endif 304 return 0; 305 } 306 307 /** 308 * get_tty_driver - find device of a tty 309 * @device: device identifier 310 * @index: returns the index of the tty 311 * 312 * This routine returns a tty driver structure, given a device number 313 * and also passes back the index number. 314 * 315 * Locking: caller must hold tty_mutex 316 */ 317 318 static struct tty_driver *get_tty_driver(dev_t device, int *index) 319 { 320 struct tty_driver *p; 321 322 list_for_each_entry(p, &tty_drivers, tty_drivers) { 323 dev_t base = MKDEV(p->major, p->minor_start); 324 if (device < base || device >= base + p->num) 325 continue; 326 *index = device - base; 327 return tty_driver_kref_get(p); 328 } 329 return NULL; 330 } 331 332 /** 333 * tty_dev_name_to_number - return dev_t for device name 334 * @name: user space name of device under /dev 335 * @number: pointer to dev_t that this function will populate 336 * 337 * This function converts device names like ttyS0 or ttyUSB1 into dev_t 338 * like (4, 64) or (188, 1). If no corresponding driver is registered then 339 * the function returns -ENODEV. 340 * 341 * Locking: this acquires tty_mutex to protect the tty_drivers list from 342 * being modified while we are traversing it, and makes sure to 343 * release it before exiting. 344 */ 345 int tty_dev_name_to_number(const char *name, dev_t *number) 346 { 347 struct tty_driver *p; 348 int ret; 349 int index, prefix_length = 0; 350 const char *str; 351 352 for (str = name; *str && !isdigit(*str); str++) 353 ; 354 355 if (!*str) 356 return -EINVAL; 357 358 ret = kstrtoint(str, 10, &index); 359 if (ret) 360 return ret; 361 362 prefix_length = str - name; 363 mutex_lock(&tty_mutex); 364 365 list_for_each_entry(p, &tty_drivers, tty_drivers) 366 if (prefix_length == strlen(p->name) && strncmp(name, 367 p->name, prefix_length) == 0) { 368 if (index < p->num) { 369 *number = MKDEV(p->major, p->minor_start + index); 370 goto out; 371 } 372 } 373 374 /* if here then driver wasn't found */ 375 ret = -ENODEV; 376 out: 377 mutex_unlock(&tty_mutex); 378 return ret; 379 } 380 EXPORT_SYMBOL_GPL(tty_dev_name_to_number); 381 382 #ifdef CONFIG_CONSOLE_POLL 383 384 /** 385 * tty_find_polling_driver - find device of a polled tty 386 * @name: name string to match 387 * @line: pointer to resulting tty line nr 388 * 389 * This routine returns a tty driver structure, given a name 390 * and the condition that the tty driver is capable of polled 391 * operation. 392 */ 393 struct tty_driver *tty_find_polling_driver(char *name, int *line) 394 { 395 struct tty_driver *p, *res = NULL; 396 int tty_line = 0; 397 int len; 398 char *str, *stp; 399 400 for (str = name; *str; str++) 401 if ((*str >= '0' && *str <= '9') || *str == ',') 402 break; 403 if (!*str) 404 return NULL; 405 406 len = str - name; 407 tty_line = simple_strtoul(str, &str, 10); 408 409 mutex_lock(&tty_mutex); 410 /* Search through the tty devices to look for a match */ 411 list_for_each_entry(p, &tty_drivers, tty_drivers) { 412 if (!len || strncmp(name, p->name, len) != 0) 413 continue; 414 stp = str; 415 if (*stp == ',') 416 stp++; 417 if (*stp == '\0') 418 stp = NULL; 419 420 if (tty_line >= 0 && tty_line < p->num && p->ops && 421 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 422 res = tty_driver_kref_get(p); 423 *line = tty_line; 424 break; 425 } 426 } 427 mutex_unlock(&tty_mutex); 428 429 return res; 430 } 431 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 432 #endif 433 434 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 435 size_t count, loff_t *ppos) 436 { 437 return 0; 438 } 439 440 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 441 size_t count, loff_t *ppos) 442 { 443 return -EIO; 444 } 445 446 /* No kernel lock held - none needed ;) */ 447 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait) 448 { 449 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM; 450 } 451 452 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 453 unsigned long arg) 454 { 455 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 456 } 457 458 static long hung_up_tty_compat_ioctl(struct file *file, 459 unsigned int cmd, unsigned long arg) 460 { 461 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 462 } 463 464 static int hung_up_tty_fasync(int fd, struct file *file, int on) 465 { 466 return -ENOTTY; 467 } 468 469 static void tty_show_fdinfo(struct seq_file *m, struct file *file) 470 { 471 struct tty_struct *tty = file_tty(file); 472 473 if (tty && tty->ops && tty->ops->show_fdinfo) 474 tty->ops->show_fdinfo(tty, m); 475 } 476 477 static const struct file_operations tty_fops = { 478 .llseek = no_llseek, 479 .read = tty_read, 480 .write_iter = tty_write, 481 .splice_write = iter_file_splice_write, 482 .poll = tty_poll, 483 .unlocked_ioctl = tty_ioctl, 484 .compat_ioctl = tty_compat_ioctl, 485 .open = tty_open, 486 .release = tty_release, 487 .fasync = tty_fasync, 488 .show_fdinfo = tty_show_fdinfo, 489 }; 490 491 static const struct file_operations console_fops = { 492 .llseek = no_llseek, 493 .read = tty_read, 494 .write_iter = redirected_tty_write, 495 .splice_write = iter_file_splice_write, 496 .poll = tty_poll, 497 .unlocked_ioctl = tty_ioctl, 498 .compat_ioctl = tty_compat_ioctl, 499 .open = tty_open, 500 .release = tty_release, 501 .fasync = tty_fasync, 502 }; 503 504 static const struct file_operations hung_up_tty_fops = { 505 .llseek = no_llseek, 506 .read = hung_up_tty_read, 507 .write = hung_up_tty_write, 508 .poll = hung_up_tty_poll, 509 .unlocked_ioctl = hung_up_tty_ioctl, 510 .compat_ioctl = hung_up_tty_compat_ioctl, 511 .release = tty_release, 512 .fasync = hung_up_tty_fasync, 513 }; 514 515 static DEFINE_SPINLOCK(redirect_lock); 516 static struct file *redirect; 517 518 extern void tty_sysctl_init(void); 519 520 /** 521 * tty_wakeup - request more data 522 * @tty: terminal 523 * 524 * Internal and external helper for wakeups of tty. This function 525 * informs the line discipline if present that the driver is ready 526 * to receive more output data. 527 */ 528 529 void tty_wakeup(struct tty_struct *tty) 530 { 531 struct tty_ldisc *ld; 532 533 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 534 ld = tty_ldisc_ref(tty); 535 if (ld) { 536 if (ld->ops->write_wakeup) 537 ld->ops->write_wakeup(tty); 538 tty_ldisc_deref(ld); 539 } 540 } 541 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 542 } 543 544 EXPORT_SYMBOL_GPL(tty_wakeup); 545 546 /** 547 * __tty_hangup - actual handler for hangup events 548 * @tty: tty device 549 * 550 * This can be called by a "kworker" kernel thread. That is process 551 * synchronous but doesn't hold any locks, so we need to make sure we 552 * have the appropriate locks for what we're doing. 553 * 554 * The hangup event clears any pending redirections onto the hung up 555 * device. It ensures future writes will error and it does the needed 556 * line discipline hangup and signal delivery. The tty object itself 557 * remains intact. 558 * 559 * Locking: 560 * BTM 561 * redirect lock for undoing redirection 562 * file list lock for manipulating list of ttys 563 * tty_ldiscs_lock from called functions 564 * termios_rwsem resetting termios data 565 * tasklist_lock to walk task list for hangup event 566 * ->siglock to protect ->signal/->sighand 567 */ 568 static void __tty_hangup(struct tty_struct *tty, int exit_session) 569 { 570 struct file *cons_filp = NULL; 571 struct file *filp, *f = NULL; 572 struct tty_file_private *priv; 573 int closecount = 0, n; 574 int refs; 575 576 if (!tty) 577 return; 578 579 580 spin_lock(&redirect_lock); 581 if (redirect && file_tty(redirect) == tty) { 582 f = redirect; 583 redirect = NULL; 584 } 585 spin_unlock(&redirect_lock); 586 587 tty_lock(tty); 588 589 if (test_bit(TTY_HUPPED, &tty->flags)) { 590 tty_unlock(tty); 591 return; 592 } 593 594 /* 595 * Some console devices aren't actually hung up for technical and 596 * historical reasons, which can lead to indefinite interruptible 597 * sleep in n_tty_read(). The following explicitly tells 598 * n_tty_read() to abort readers. 599 */ 600 set_bit(TTY_HUPPING, &tty->flags); 601 602 /* inuse_filps is protected by the single tty lock, 603 this really needs to change if we want to flush the 604 workqueue with the lock held */ 605 check_tty_count(tty, "tty_hangup"); 606 607 spin_lock(&tty->files_lock); 608 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 609 list_for_each_entry(priv, &tty->tty_files, list) { 610 filp = priv->file; 611 if (filp->f_op->write_iter == redirected_tty_write) 612 cons_filp = filp; 613 if (filp->f_op->write_iter != tty_write) 614 continue; 615 closecount++; 616 __tty_fasync(-1, filp, 0); /* can't block */ 617 filp->f_op = &hung_up_tty_fops; 618 } 619 spin_unlock(&tty->files_lock); 620 621 refs = tty_signal_session_leader(tty, exit_session); 622 /* Account for the p->signal references we killed */ 623 while (refs--) 624 tty_kref_put(tty); 625 626 tty_ldisc_hangup(tty, cons_filp != NULL); 627 628 spin_lock_irq(&tty->ctrl_lock); 629 clear_bit(TTY_THROTTLED, &tty->flags); 630 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 631 put_pid(tty->session); 632 put_pid(tty->pgrp); 633 tty->session = NULL; 634 tty->pgrp = NULL; 635 tty->ctrl_status = 0; 636 spin_unlock_irq(&tty->ctrl_lock); 637 638 /* 639 * If one of the devices matches a console pointer, we 640 * cannot just call hangup() because that will cause 641 * tty->count and state->count to go out of sync. 642 * So we just call close() the right number of times. 643 */ 644 if (cons_filp) { 645 if (tty->ops->close) 646 for (n = 0; n < closecount; n++) 647 tty->ops->close(tty, cons_filp); 648 } else if (tty->ops->hangup) 649 tty->ops->hangup(tty); 650 /* 651 * We don't want to have driver/ldisc interactions beyond the ones 652 * we did here. The driver layer expects no calls after ->hangup() 653 * from the ldisc side, which is now guaranteed. 654 */ 655 set_bit(TTY_HUPPED, &tty->flags); 656 clear_bit(TTY_HUPPING, &tty->flags); 657 tty_unlock(tty); 658 659 if (f) 660 fput(f); 661 } 662 663 static void do_tty_hangup(struct work_struct *work) 664 { 665 struct tty_struct *tty = 666 container_of(work, struct tty_struct, hangup_work); 667 668 __tty_hangup(tty, 0); 669 } 670 671 /** 672 * tty_hangup - trigger a hangup event 673 * @tty: tty to hangup 674 * 675 * A carrier loss (virtual or otherwise) has occurred on this like 676 * schedule a hangup sequence to run after this event. 677 */ 678 679 void tty_hangup(struct tty_struct *tty) 680 { 681 tty_debug_hangup(tty, "hangup\n"); 682 schedule_work(&tty->hangup_work); 683 } 684 685 EXPORT_SYMBOL(tty_hangup); 686 687 /** 688 * tty_vhangup - process vhangup 689 * @tty: tty to hangup 690 * 691 * The user has asked via system call for the terminal to be hung up. 692 * We do this synchronously so that when the syscall returns the process 693 * is complete. That guarantee is necessary for security reasons. 694 */ 695 696 void tty_vhangup(struct tty_struct *tty) 697 { 698 tty_debug_hangup(tty, "vhangup\n"); 699 __tty_hangup(tty, 0); 700 } 701 702 EXPORT_SYMBOL(tty_vhangup); 703 704 705 /** 706 * tty_vhangup_self - process vhangup for own ctty 707 * 708 * Perform a vhangup on the current controlling tty 709 */ 710 711 void tty_vhangup_self(void) 712 { 713 struct tty_struct *tty; 714 715 tty = get_current_tty(); 716 if (tty) { 717 tty_vhangup(tty); 718 tty_kref_put(tty); 719 } 720 } 721 722 /** 723 * tty_vhangup_session - hangup session leader exit 724 * @tty: tty to hangup 725 * 726 * The session leader is exiting and hanging up its controlling terminal. 727 * Every process in the foreground process group is signalled SIGHUP. 728 * 729 * We do this synchronously so that when the syscall returns the process 730 * is complete. That guarantee is necessary for security reasons. 731 */ 732 733 void tty_vhangup_session(struct tty_struct *tty) 734 { 735 tty_debug_hangup(tty, "session hangup\n"); 736 __tty_hangup(tty, 1); 737 } 738 739 /** 740 * tty_hung_up_p - was tty hung up 741 * @filp: file pointer of tty 742 * 743 * Return true if the tty has been subject to a vhangup or a carrier 744 * loss 745 */ 746 747 int tty_hung_up_p(struct file *filp) 748 { 749 return (filp && filp->f_op == &hung_up_tty_fops); 750 } 751 752 EXPORT_SYMBOL(tty_hung_up_p); 753 754 /** 755 * stop_tty - propagate flow control 756 * @tty: tty to stop 757 * 758 * Perform flow control to the driver. May be called 759 * on an already stopped device and will not re-call the driver 760 * method. 761 * 762 * This functionality is used by both the line disciplines for 763 * halting incoming flow and by the driver. It may therefore be 764 * called from any context, may be under the tty atomic_write_lock 765 * but not always. 766 * 767 * Locking: 768 * flow_lock 769 */ 770 771 void __stop_tty(struct tty_struct *tty) 772 { 773 if (tty->stopped) 774 return; 775 tty->stopped = 1; 776 if (tty->ops->stop) 777 tty->ops->stop(tty); 778 } 779 780 void stop_tty(struct tty_struct *tty) 781 { 782 unsigned long flags; 783 784 spin_lock_irqsave(&tty->flow_lock, flags); 785 __stop_tty(tty); 786 spin_unlock_irqrestore(&tty->flow_lock, flags); 787 } 788 EXPORT_SYMBOL(stop_tty); 789 790 /** 791 * start_tty - propagate flow control 792 * @tty: tty to start 793 * 794 * Start a tty that has been stopped if at all possible. If this 795 * tty was previous stopped and is now being started, the driver 796 * start method is invoked and the line discipline woken. 797 * 798 * Locking: 799 * flow_lock 800 */ 801 802 void __start_tty(struct tty_struct *tty) 803 { 804 if (!tty->stopped || tty->flow_stopped) 805 return; 806 tty->stopped = 0; 807 if (tty->ops->start) 808 tty->ops->start(tty); 809 tty_wakeup(tty); 810 } 811 812 void start_tty(struct tty_struct *tty) 813 { 814 unsigned long flags; 815 816 spin_lock_irqsave(&tty->flow_lock, flags); 817 __start_tty(tty); 818 spin_unlock_irqrestore(&tty->flow_lock, flags); 819 } 820 EXPORT_SYMBOL(start_tty); 821 822 static void tty_update_time(struct timespec64 *time) 823 { 824 time64_t sec = ktime_get_real_seconds(); 825 826 /* 827 * We only care if the two values differ in anything other than the 828 * lower three bits (i.e every 8 seconds). If so, then we can update 829 * the time of the tty device, otherwise it could be construded as a 830 * security leak to let userspace know the exact timing of the tty. 831 */ 832 if ((sec ^ time->tv_sec) & ~7) 833 time->tv_sec = sec; 834 } 835 836 /** 837 * tty_read - read method for tty device files 838 * @file: pointer to tty file 839 * @buf: user buffer 840 * @count: size of user buffer 841 * @ppos: unused 842 * 843 * Perform the read system call function on this terminal device. Checks 844 * for hung up devices before calling the line discipline method. 845 * 846 * Locking: 847 * Locks the line discipline internally while needed. Multiple 848 * read calls may be outstanding in parallel. 849 */ 850 851 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 852 loff_t *ppos) 853 { 854 int i; 855 struct inode *inode = file_inode(file); 856 struct tty_struct *tty = file_tty(file); 857 struct tty_ldisc *ld; 858 859 if (tty_paranoia_check(tty, inode, "tty_read")) 860 return -EIO; 861 if (!tty || tty_io_error(tty)) 862 return -EIO; 863 864 /* We want to wait for the line discipline to sort out in this 865 situation */ 866 ld = tty_ldisc_ref_wait(tty); 867 if (!ld) 868 return hung_up_tty_read(file, buf, count, ppos); 869 if (ld->ops->read) 870 i = ld->ops->read(tty, file, buf, count); 871 else 872 i = -EIO; 873 tty_ldisc_deref(ld); 874 875 if (i > 0) 876 tty_update_time(&inode->i_atime); 877 878 return i; 879 } 880 881 static void tty_write_unlock(struct tty_struct *tty) 882 { 883 mutex_unlock(&tty->atomic_write_lock); 884 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 885 } 886 887 static int tty_write_lock(struct tty_struct *tty, int ndelay) 888 { 889 if (!mutex_trylock(&tty->atomic_write_lock)) { 890 if (ndelay) 891 return -EAGAIN; 892 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 893 return -ERESTARTSYS; 894 } 895 return 0; 896 } 897 898 /* 899 * Split writes up in sane blocksizes to avoid 900 * denial-of-service type attacks 901 */ 902 static inline ssize_t do_tty_write( 903 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 904 struct tty_struct *tty, 905 struct file *file, 906 struct iov_iter *from) 907 { 908 size_t count = iov_iter_count(from); 909 ssize_t ret, written = 0; 910 unsigned int chunk; 911 912 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 913 if (ret < 0) 914 return ret; 915 916 /* 917 * We chunk up writes into a temporary buffer. This 918 * simplifies low-level drivers immensely, since they 919 * don't have locking issues and user mode accesses. 920 * 921 * But if TTY_NO_WRITE_SPLIT is set, we should use a 922 * big chunk-size.. 923 * 924 * The default chunk-size is 2kB, because the NTTY 925 * layer has problems with bigger chunks. It will 926 * claim to be able to handle more characters than 927 * it actually does. 928 * 929 * FIXME: This can probably go away now except that 64K chunks 930 * are too likely to fail unless switched to vmalloc... 931 */ 932 chunk = 2048; 933 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 934 chunk = 65536; 935 if (count < chunk) 936 chunk = count; 937 938 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 939 if (tty->write_cnt < chunk) { 940 unsigned char *buf_chunk; 941 942 if (chunk < 1024) 943 chunk = 1024; 944 945 buf_chunk = kmalloc(chunk, GFP_KERNEL); 946 if (!buf_chunk) { 947 ret = -ENOMEM; 948 goto out; 949 } 950 kfree(tty->write_buf); 951 tty->write_cnt = chunk; 952 tty->write_buf = buf_chunk; 953 } 954 955 /* Do the write .. */ 956 for (;;) { 957 size_t size = count; 958 if (size > chunk) 959 size = chunk; 960 961 ret = -EFAULT; 962 if (copy_from_iter(tty->write_buf, size, from) != size) 963 break; 964 965 ret = write(tty, file, tty->write_buf, size); 966 if (ret <= 0) 967 break; 968 969 /* FIXME! Have Al check this! */ 970 if (ret != size) 971 iov_iter_revert(from, size-ret); 972 973 written += ret; 974 count -= ret; 975 if (!count) 976 break; 977 ret = -ERESTARTSYS; 978 if (signal_pending(current)) 979 break; 980 cond_resched(); 981 } 982 if (written) { 983 tty_update_time(&file_inode(file)->i_mtime); 984 ret = written; 985 } 986 out: 987 tty_write_unlock(tty); 988 return ret; 989 } 990 991 /** 992 * tty_write_message - write a message to a certain tty, not just the console. 993 * @tty: the destination tty_struct 994 * @msg: the message to write 995 * 996 * This is used for messages that need to be redirected to a specific tty. 997 * We don't put it into the syslog queue right now maybe in the future if 998 * really needed. 999 * 1000 * We must still hold the BTM and test the CLOSING flag for the moment. 1001 */ 1002 1003 void tty_write_message(struct tty_struct *tty, char *msg) 1004 { 1005 if (tty) { 1006 mutex_lock(&tty->atomic_write_lock); 1007 tty_lock(tty); 1008 if (tty->ops->write && tty->count > 0) 1009 tty->ops->write(tty, msg, strlen(msg)); 1010 tty_unlock(tty); 1011 tty_write_unlock(tty); 1012 } 1013 return; 1014 } 1015 1016 1017 /** 1018 * tty_write - write method for tty device file 1019 * @file: tty file pointer 1020 * @buf: user data to write 1021 * @count: bytes to write 1022 * @ppos: unused 1023 * 1024 * Write data to a tty device via the line discipline. 1025 * 1026 * Locking: 1027 * Locks the line discipline as required 1028 * Writes to the tty driver are serialized by the atomic_write_lock 1029 * and are then processed in chunks to the device. The line discipline 1030 * write method will not be invoked in parallel for each device. 1031 */ 1032 1033 static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from) 1034 { 1035 struct file *file = iocb->ki_filp; 1036 struct tty_struct *tty = file_tty(file); 1037 struct tty_ldisc *ld; 1038 ssize_t ret; 1039 1040 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1041 return -EIO; 1042 if (!tty || !tty->ops->write || tty_io_error(tty)) 1043 return -EIO; 1044 /* Short term debug to catch buggy drivers */ 1045 if (tty->ops->write_room == NULL) 1046 tty_err(tty, "missing write_room method\n"); 1047 ld = tty_ldisc_ref_wait(tty); 1048 if (!ld || !ld->ops->write) 1049 ret = -EIO; 1050 else 1051 ret = do_tty_write(ld->ops->write, tty, file, from); 1052 tty_ldisc_deref(ld); 1053 return ret; 1054 } 1055 1056 ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter) 1057 { 1058 struct file *p = NULL; 1059 1060 spin_lock(&redirect_lock); 1061 if (redirect) 1062 p = get_file(redirect); 1063 spin_unlock(&redirect_lock); 1064 1065 if (p) { 1066 ssize_t res; 1067 res = vfs_iocb_iter_write(p, iocb, iter); 1068 fput(p); 1069 return res; 1070 } 1071 return tty_write(iocb, iter); 1072 } 1073 1074 /** 1075 * tty_send_xchar - send priority character 1076 * 1077 * Send a high priority character to the tty even if stopped 1078 * 1079 * Locking: none for xchar method, write ordering for write method. 1080 */ 1081 1082 int tty_send_xchar(struct tty_struct *tty, char ch) 1083 { 1084 int was_stopped = tty->stopped; 1085 1086 if (tty->ops->send_xchar) { 1087 down_read(&tty->termios_rwsem); 1088 tty->ops->send_xchar(tty, ch); 1089 up_read(&tty->termios_rwsem); 1090 return 0; 1091 } 1092 1093 if (tty_write_lock(tty, 0) < 0) 1094 return -ERESTARTSYS; 1095 1096 down_read(&tty->termios_rwsem); 1097 if (was_stopped) 1098 start_tty(tty); 1099 tty->ops->write(tty, &ch, 1); 1100 if (was_stopped) 1101 stop_tty(tty); 1102 up_read(&tty->termios_rwsem); 1103 tty_write_unlock(tty); 1104 return 0; 1105 } 1106 1107 static char ptychar[] = "pqrstuvwxyzabcde"; 1108 1109 /** 1110 * pty_line_name - generate name for a pty 1111 * @driver: the tty driver in use 1112 * @index: the minor number 1113 * @p: output buffer of at least 6 bytes 1114 * 1115 * Generate a name from a driver reference and write it to the output 1116 * buffer. 1117 * 1118 * Locking: None 1119 */ 1120 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1121 { 1122 int i = index + driver->name_base; 1123 /* ->name is initialized to "ttyp", but "tty" is expected */ 1124 sprintf(p, "%s%c%x", 1125 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1126 ptychar[i >> 4 & 0xf], i & 0xf); 1127 } 1128 1129 /** 1130 * tty_line_name - generate name for a tty 1131 * @driver: the tty driver in use 1132 * @index: the minor number 1133 * @p: output buffer of at least 7 bytes 1134 * 1135 * Generate a name from a driver reference and write it to the output 1136 * buffer. 1137 * 1138 * Locking: None 1139 */ 1140 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1141 { 1142 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1143 return sprintf(p, "%s", driver->name); 1144 else 1145 return sprintf(p, "%s%d", driver->name, 1146 index + driver->name_base); 1147 } 1148 1149 /** 1150 * tty_driver_lookup_tty() - find an existing tty, if any 1151 * @driver: the driver for the tty 1152 * @idx: the minor number 1153 * 1154 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the 1155 * driver lookup() method returns an error. 1156 * 1157 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1158 */ 1159 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1160 struct file *file, int idx) 1161 { 1162 struct tty_struct *tty; 1163 1164 if (driver->ops->lookup) 1165 if (!file) 1166 tty = ERR_PTR(-EIO); 1167 else 1168 tty = driver->ops->lookup(driver, file, idx); 1169 else 1170 tty = driver->ttys[idx]; 1171 1172 if (!IS_ERR(tty)) 1173 tty_kref_get(tty); 1174 return tty; 1175 } 1176 1177 /** 1178 * tty_init_termios - helper for termios setup 1179 * @tty: the tty to set up 1180 * 1181 * Initialise the termios structure for this tty. This runs under 1182 * the tty_mutex currently so we can be relaxed about ordering. 1183 */ 1184 1185 void tty_init_termios(struct tty_struct *tty) 1186 { 1187 struct ktermios *tp; 1188 int idx = tty->index; 1189 1190 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1191 tty->termios = tty->driver->init_termios; 1192 else { 1193 /* Check for lazy saved data */ 1194 tp = tty->driver->termios[idx]; 1195 if (tp != NULL) { 1196 tty->termios = *tp; 1197 tty->termios.c_line = tty->driver->init_termios.c_line; 1198 } else 1199 tty->termios = tty->driver->init_termios; 1200 } 1201 /* Compatibility until drivers always set this */ 1202 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1203 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1204 } 1205 EXPORT_SYMBOL_GPL(tty_init_termios); 1206 1207 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1208 { 1209 tty_init_termios(tty); 1210 tty_driver_kref_get(driver); 1211 tty->count++; 1212 driver->ttys[tty->index] = tty; 1213 return 0; 1214 } 1215 EXPORT_SYMBOL_GPL(tty_standard_install); 1216 1217 /** 1218 * tty_driver_install_tty() - install a tty entry in the driver 1219 * @driver: the driver for the tty 1220 * @tty: the tty 1221 * 1222 * Install a tty object into the driver tables. The tty->index field 1223 * will be set by the time this is called. This method is responsible 1224 * for ensuring any need additional structures are allocated and 1225 * configured. 1226 * 1227 * Locking: tty_mutex for now 1228 */ 1229 static int tty_driver_install_tty(struct tty_driver *driver, 1230 struct tty_struct *tty) 1231 { 1232 return driver->ops->install ? driver->ops->install(driver, tty) : 1233 tty_standard_install(driver, tty); 1234 } 1235 1236 /** 1237 * tty_driver_remove_tty() - remove a tty from the driver tables 1238 * @driver: the driver for the tty 1239 * @tty: tty to remove 1240 * 1241 * Remvoe a tty object from the driver tables. The tty->index field 1242 * will be set by the time this is called. 1243 * 1244 * Locking: tty_mutex for now 1245 */ 1246 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1247 { 1248 if (driver->ops->remove) 1249 driver->ops->remove(driver, tty); 1250 else 1251 driver->ttys[tty->index] = NULL; 1252 } 1253 1254 /** 1255 * tty_reopen() - fast re-open of an open tty 1256 * @tty: the tty to open 1257 * 1258 * Return 0 on success, -errno on error. 1259 * Re-opens on master ptys are not allowed and return -EIO. 1260 * 1261 * Locking: Caller must hold tty_lock 1262 */ 1263 static int tty_reopen(struct tty_struct *tty) 1264 { 1265 struct tty_driver *driver = tty->driver; 1266 struct tty_ldisc *ld; 1267 int retval = 0; 1268 1269 if (driver->type == TTY_DRIVER_TYPE_PTY && 1270 driver->subtype == PTY_TYPE_MASTER) 1271 return -EIO; 1272 1273 if (!tty->count) 1274 return -EAGAIN; 1275 1276 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1277 return -EBUSY; 1278 1279 ld = tty_ldisc_ref_wait(tty); 1280 if (ld) { 1281 tty_ldisc_deref(ld); 1282 } else { 1283 retval = tty_ldisc_lock(tty, 5 * HZ); 1284 if (retval) 1285 return retval; 1286 1287 if (!tty->ldisc) 1288 retval = tty_ldisc_reinit(tty, tty->termios.c_line); 1289 tty_ldisc_unlock(tty); 1290 } 1291 1292 if (retval == 0) 1293 tty->count++; 1294 1295 return retval; 1296 } 1297 1298 /** 1299 * tty_init_dev - initialise a tty device 1300 * @driver: tty driver we are opening a device on 1301 * @idx: device index 1302 * 1303 * Prepare a tty device. This may not be a "new" clean device but 1304 * could also be an active device. The pty drivers require special 1305 * handling because of this. 1306 * 1307 * Locking: 1308 * The function is called under the tty_mutex, which 1309 * protects us from the tty struct or driver itself going away. 1310 * 1311 * On exit the tty device has the line discipline attached and 1312 * a reference count of 1. If a pair was created for pty/tty use 1313 * and the other was a pty master then it too has a reference count of 1. 1314 * 1315 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1316 * failed open. The new code protects the open with a mutex, so it's 1317 * really quite straightforward. The mutex locking can probably be 1318 * relaxed for the (most common) case of reopening a tty. 1319 * 1320 * Return: returned tty structure 1321 */ 1322 1323 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1324 { 1325 struct tty_struct *tty; 1326 int retval; 1327 1328 /* 1329 * First time open is complex, especially for PTY devices. 1330 * This code guarantees that either everything succeeds and the 1331 * TTY is ready for operation, or else the table slots are vacated 1332 * and the allocated memory released. (Except that the termios 1333 * may be retained.) 1334 */ 1335 1336 if (!try_module_get(driver->owner)) 1337 return ERR_PTR(-ENODEV); 1338 1339 tty = alloc_tty_struct(driver, idx); 1340 if (!tty) { 1341 retval = -ENOMEM; 1342 goto err_module_put; 1343 } 1344 1345 tty_lock(tty); 1346 retval = tty_driver_install_tty(driver, tty); 1347 if (retval < 0) 1348 goto err_free_tty; 1349 1350 if (!tty->port) 1351 tty->port = driver->ports[idx]; 1352 1353 if (WARN_RATELIMIT(!tty->port, 1354 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n", 1355 __func__, tty->driver->name)) { 1356 retval = -EINVAL; 1357 goto err_release_lock; 1358 } 1359 1360 retval = tty_ldisc_lock(tty, 5 * HZ); 1361 if (retval) 1362 goto err_release_lock; 1363 tty->port->itty = tty; 1364 1365 /* 1366 * Structures all installed ... call the ldisc open routines. 1367 * If we fail here just call release_tty to clean up. No need 1368 * to decrement the use counts, as release_tty doesn't care. 1369 */ 1370 retval = tty_ldisc_setup(tty, tty->link); 1371 if (retval) 1372 goto err_release_tty; 1373 tty_ldisc_unlock(tty); 1374 /* Return the tty locked so that it cannot vanish under the caller */ 1375 return tty; 1376 1377 err_free_tty: 1378 tty_unlock(tty); 1379 free_tty_struct(tty); 1380 err_module_put: 1381 module_put(driver->owner); 1382 return ERR_PTR(retval); 1383 1384 /* call the tty release_tty routine to clean out this slot */ 1385 err_release_tty: 1386 tty_ldisc_unlock(tty); 1387 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", 1388 retval, idx); 1389 err_release_lock: 1390 tty_unlock(tty); 1391 release_tty(tty, idx); 1392 return ERR_PTR(retval); 1393 } 1394 1395 /** 1396 * tty_save_termios() - save tty termios data in driver table 1397 * @tty: tty whose termios data to save 1398 * 1399 * Locking: Caller guarantees serialisation with tty_init_termios(). 1400 */ 1401 void tty_save_termios(struct tty_struct *tty) 1402 { 1403 struct ktermios *tp; 1404 int idx = tty->index; 1405 1406 /* If the port is going to reset then it has no termios to save */ 1407 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1408 return; 1409 1410 /* Stash the termios data */ 1411 tp = tty->driver->termios[idx]; 1412 if (tp == NULL) { 1413 tp = kmalloc(sizeof(*tp), GFP_KERNEL); 1414 if (tp == NULL) 1415 return; 1416 tty->driver->termios[idx] = tp; 1417 } 1418 *tp = tty->termios; 1419 } 1420 EXPORT_SYMBOL_GPL(tty_save_termios); 1421 1422 /** 1423 * tty_flush_works - flush all works of a tty/pty pair 1424 * @tty: tty device to flush works for (or either end of a pty pair) 1425 * 1426 * Sync flush all works belonging to @tty (and the 'other' tty). 1427 */ 1428 static void tty_flush_works(struct tty_struct *tty) 1429 { 1430 flush_work(&tty->SAK_work); 1431 flush_work(&tty->hangup_work); 1432 if (tty->link) { 1433 flush_work(&tty->link->SAK_work); 1434 flush_work(&tty->link->hangup_work); 1435 } 1436 } 1437 1438 /** 1439 * release_one_tty - release tty structure memory 1440 * @work: work of tty we are obliterating 1441 * 1442 * Releases memory associated with a tty structure, and clears out the 1443 * driver table slots. This function is called when a device is no longer 1444 * in use. It also gets called when setup of a device fails. 1445 * 1446 * Locking: 1447 * takes the file list lock internally when working on the list 1448 * of ttys that the driver keeps. 1449 * 1450 * This method gets called from a work queue so that the driver private 1451 * cleanup ops can sleep (needed for USB at least) 1452 */ 1453 static void release_one_tty(struct work_struct *work) 1454 { 1455 struct tty_struct *tty = 1456 container_of(work, struct tty_struct, hangup_work); 1457 struct tty_driver *driver = tty->driver; 1458 struct module *owner = driver->owner; 1459 1460 if (tty->ops->cleanup) 1461 tty->ops->cleanup(tty); 1462 1463 tty->magic = 0; 1464 tty_driver_kref_put(driver); 1465 module_put(owner); 1466 1467 spin_lock(&tty->files_lock); 1468 list_del_init(&tty->tty_files); 1469 spin_unlock(&tty->files_lock); 1470 1471 put_pid(tty->pgrp); 1472 put_pid(tty->session); 1473 free_tty_struct(tty); 1474 } 1475 1476 static void queue_release_one_tty(struct kref *kref) 1477 { 1478 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1479 1480 /* The hangup queue is now free so we can reuse it rather than 1481 waste a chunk of memory for each port */ 1482 INIT_WORK(&tty->hangup_work, release_one_tty); 1483 schedule_work(&tty->hangup_work); 1484 } 1485 1486 /** 1487 * tty_kref_put - release a tty kref 1488 * @tty: tty device 1489 * 1490 * Release a reference to a tty device and if need be let the kref 1491 * layer destruct the object for us 1492 */ 1493 1494 void tty_kref_put(struct tty_struct *tty) 1495 { 1496 if (tty) 1497 kref_put(&tty->kref, queue_release_one_tty); 1498 } 1499 EXPORT_SYMBOL(tty_kref_put); 1500 1501 /** 1502 * release_tty - release tty structure memory 1503 * 1504 * Release both @tty and a possible linked partner (think pty pair), 1505 * and decrement the refcount of the backing module. 1506 * 1507 * Locking: 1508 * tty_mutex 1509 * takes the file list lock internally when working on the list 1510 * of ttys that the driver keeps. 1511 * 1512 */ 1513 static void release_tty(struct tty_struct *tty, int idx) 1514 { 1515 /* This should always be true but check for the moment */ 1516 WARN_ON(tty->index != idx); 1517 WARN_ON(!mutex_is_locked(&tty_mutex)); 1518 if (tty->ops->shutdown) 1519 tty->ops->shutdown(tty); 1520 tty_save_termios(tty); 1521 tty_driver_remove_tty(tty->driver, tty); 1522 if (tty->port) 1523 tty->port->itty = NULL; 1524 if (tty->link) 1525 tty->link->port->itty = NULL; 1526 if (tty->port) 1527 tty_buffer_cancel_work(tty->port); 1528 if (tty->link) 1529 tty_buffer_cancel_work(tty->link->port); 1530 1531 tty_kref_put(tty->link); 1532 tty_kref_put(tty); 1533 } 1534 1535 /** 1536 * tty_release_checks - check a tty before real release 1537 * @tty: tty to check 1538 * @idx: index of the tty 1539 * 1540 * Performs some paranoid checking before true release of the @tty. 1541 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1542 */ 1543 static int tty_release_checks(struct tty_struct *tty, int idx) 1544 { 1545 #ifdef TTY_PARANOIA_CHECK 1546 if (idx < 0 || idx >= tty->driver->num) { 1547 tty_debug(tty, "bad idx %d\n", idx); 1548 return -1; 1549 } 1550 1551 /* not much to check for devpts */ 1552 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1553 return 0; 1554 1555 if (tty != tty->driver->ttys[idx]) { 1556 tty_debug(tty, "bad driver table[%d] = %p\n", 1557 idx, tty->driver->ttys[idx]); 1558 return -1; 1559 } 1560 if (tty->driver->other) { 1561 struct tty_struct *o_tty = tty->link; 1562 1563 if (o_tty != tty->driver->other->ttys[idx]) { 1564 tty_debug(tty, "bad other table[%d] = %p\n", 1565 idx, tty->driver->other->ttys[idx]); 1566 return -1; 1567 } 1568 if (o_tty->link != tty) { 1569 tty_debug(tty, "bad link = %p\n", o_tty->link); 1570 return -1; 1571 } 1572 } 1573 #endif 1574 return 0; 1575 } 1576 1577 /** 1578 * tty_kclose - closes tty opened by tty_kopen 1579 * @tty: tty device 1580 * 1581 * Performs the final steps to release and free a tty device. It is the 1582 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED 1583 * flag on tty->port. 1584 */ 1585 void tty_kclose(struct tty_struct *tty) 1586 { 1587 /* 1588 * Ask the line discipline code to release its structures 1589 */ 1590 tty_ldisc_release(tty); 1591 1592 /* Wait for pending work before tty destruction commmences */ 1593 tty_flush_works(tty); 1594 1595 tty_debug_hangup(tty, "freeing structure\n"); 1596 /* 1597 * The release_tty function takes care of the details of clearing 1598 * the slots and preserving the termios structure. 1599 */ 1600 mutex_lock(&tty_mutex); 1601 tty_port_set_kopened(tty->port, 0); 1602 release_tty(tty, tty->index); 1603 mutex_unlock(&tty_mutex); 1604 } 1605 EXPORT_SYMBOL_GPL(tty_kclose); 1606 1607 /** 1608 * tty_release_struct - release a tty struct 1609 * @tty: tty device 1610 * @idx: index of the tty 1611 * 1612 * Performs the final steps to release and free a tty device. It is 1613 * roughly the reverse of tty_init_dev. 1614 */ 1615 void tty_release_struct(struct tty_struct *tty, int idx) 1616 { 1617 /* 1618 * Ask the line discipline code to release its structures 1619 */ 1620 tty_ldisc_release(tty); 1621 1622 /* Wait for pending work before tty destruction commmences */ 1623 tty_flush_works(tty); 1624 1625 tty_debug_hangup(tty, "freeing structure\n"); 1626 /* 1627 * The release_tty function takes care of the details of clearing 1628 * the slots and preserving the termios structure. 1629 */ 1630 mutex_lock(&tty_mutex); 1631 release_tty(tty, idx); 1632 mutex_unlock(&tty_mutex); 1633 } 1634 EXPORT_SYMBOL_GPL(tty_release_struct); 1635 1636 /** 1637 * tty_release - vfs callback for close 1638 * @inode: inode of tty 1639 * @filp: file pointer for handle to tty 1640 * 1641 * Called the last time each file handle is closed that references 1642 * this tty. There may however be several such references. 1643 * 1644 * Locking: 1645 * Takes bkl. See tty_release_dev 1646 * 1647 * Even releasing the tty structures is a tricky business.. We have 1648 * to be very careful that the structures are all released at the 1649 * same time, as interrupts might otherwise get the wrong pointers. 1650 * 1651 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1652 * lead to double frees or releasing memory still in use. 1653 */ 1654 1655 int tty_release(struct inode *inode, struct file *filp) 1656 { 1657 struct tty_struct *tty = file_tty(filp); 1658 struct tty_struct *o_tty = NULL; 1659 int do_sleep, final; 1660 int idx; 1661 long timeout = 0; 1662 int once = 1; 1663 1664 if (tty_paranoia_check(tty, inode, __func__)) 1665 return 0; 1666 1667 tty_lock(tty); 1668 check_tty_count(tty, __func__); 1669 1670 __tty_fasync(-1, filp, 0); 1671 1672 idx = tty->index; 1673 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1674 tty->driver->subtype == PTY_TYPE_MASTER) 1675 o_tty = tty->link; 1676 1677 if (tty_release_checks(tty, idx)) { 1678 tty_unlock(tty); 1679 return 0; 1680 } 1681 1682 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count); 1683 1684 if (tty->ops->close) 1685 tty->ops->close(tty, filp); 1686 1687 /* If tty is pty master, lock the slave pty (stable lock order) */ 1688 tty_lock_slave(o_tty); 1689 1690 /* 1691 * Sanity check: if tty->count is going to zero, there shouldn't be 1692 * any waiters on tty->read_wait or tty->write_wait. We test the 1693 * wait queues and kick everyone out _before_ actually starting to 1694 * close. This ensures that we won't block while releasing the tty 1695 * structure. 1696 * 1697 * The test for the o_tty closing is necessary, since the master and 1698 * slave sides may close in any order. If the slave side closes out 1699 * first, its count will be one, since the master side holds an open. 1700 * Thus this test wouldn't be triggered at the time the slave closed, 1701 * so we do it now. 1702 */ 1703 while (1) { 1704 do_sleep = 0; 1705 1706 if (tty->count <= 1) { 1707 if (waitqueue_active(&tty->read_wait)) { 1708 wake_up_poll(&tty->read_wait, EPOLLIN); 1709 do_sleep++; 1710 } 1711 if (waitqueue_active(&tty->write_wait)) { 1712 wake_up_poll(&tty->write_wait, EPOLLOUT); 1713 do_sleep++; 1714 } 1715 } 1716 if (o_tty && o_tty->count <= 1) { 1717 if (waitqueue_active(&o_tty->read_wait)) { 1718 wake_up_poll(&o_tty->read_wait, EPOLLIN); 1719 do_sleep++; 1720 } 1721 if (waitqueue_active(&o_tty->write_wait)) { 1722 wake_up_poll(&o_tty->write_wait, EPOLLOUT); 1723 do_sleep++; 1724 } 1725 } 1726 if (!do_sleep) 1727 break; 1728 1729 if (once) { 1730 once = 0; 1731 tty_warn(tty, "read/write wait queue active!\n"); 1732 } 1733 schedule_timeout_killable(timeout); 1734 if (timeout < 120 * HZ) 1735 timeout = 2 * timeout + 1; 1736 else 1737 timeout = MAX_SCHEDULE_TIMEOUT; 1738 } 1739 1740 if (o_tty) { 1741 if (--o_tty->count < 0) { 1742 tty_warn(tty, "bad slave count (%d)\n", o_tty->count); 1743 o_tty->count = 0; 1744 } 1745 } 1746 if (--tty->count < 0) { 1747 tty_warn(tty, "bad tty->count (%d)\n", tty->count); 1748 tty->count = 0; 1749 } 1750 1751 /* 1752 * We've decremented tty->count, so we need to remove this file 1753 * descriptor off the tty->tty_files list; this serves two 1754 * purposes: 1755 * - check_tty_count sees the correct number of file descriptors 1756 * associated with this tty. 1757 * - do_tty_hangup no longer sees this file descriptor as 1758 * something that needs to be handled for hangups. 1759 */ 1760 tty_del_file(filp); 1761 1762 /* 1763 * Perform some housekeeping before deciding whether to return. 1764 * 1765 * If _either_ side is closing, make sure there aren't any 1766 * processes that still think tty or o_tty is their controlling 1767 * tty. 1768 */ 1769 if (!tty->count) { 1770 read_lock(&tasklist_lock); 1771 session_clear_tty(tty->session); 1772 if (o_tty) 1773 session_clear_tty(o_tty->session); 1774 read_unlock(&tasklist_lock); 1775 } 1776 1777 /* check whether both sides are closing ... */ 1778 final = !tty->count && !(o_tty && o_tty->count); 1779 1780 tty_unlock_slave(o_tty); 1781 tty_unlock(tty); 1782 1783 /* At this point, the tty->count == 0 should ensure a dead tty 1784 cannot be re-opened by a racing opener */ 1785 1786 if (!final) 1787 return 0; 1788 1789 tty_debug_hangup(tty, "final close\n"); 1790 1791 tty_release_struct(tty, idx); 1792 return 0; 1793 } 1794 1795 /** 1796 * tty_open_current_tty - get locked tty of current task 1797 * @device: device number 1798 * @filp: file pointer to tty 1799 * @return: locked tty of the current task iff @device is /dev/tty 1800 * 1801 * Performs a re-open of the current task's controlling tty. 1802 * 1803 * We cannot return driver and index like for the other nodes because 1804 * devpts will not work then. It expects inodes to be from devpts FS. 1805 */ 1806 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1807 { 1808 struct tty_struct *tty; 1809 int retval; 1810 1811 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1812 return NULL; 1813 1814 tty = get_current_tty(); 1815 if (!tty) 1816 return ERR_PTR(-ENXIO); 1817 1818 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1819 /* noctty = 1; */ 1820 tty_lock(tty); 1821 tty_kref_put(tty); /* safe to drop the kref now */ 1822 1823 retval = tty_reopen(tty); 1824 if (retval < 0) { 1825 tty_unlock(tty); 1826 tty = ERR_PTR(retval); 1827 } 1828 return tty; 1829 } 1830 1831 /** 1832 * tty_lookup_driver - lookup a tty driver for a given device file 1833 * @device: device number 1834 * @filp: file pointer to tty 1835 * @index: index for the device in the @return driver 1836 * @return: driver for this inode (with increased refcount) 1837 * 1838 * If @return is not erroneous, the caller is responsible to decrement the 1839 * refcount by tty_driver_kref_put. 1840 * 1841 * Locking: tty_mutex protects get_tty_driver 1842 */ 1843 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1844 int *index) 1845 { 1846 struct tty_driver *driver = NULL; 1847 1848 switch (device) { 1849 #ifdef CONFIG_VT 1850 case MKDEV(TTY_MAJOR, 0): { 1851 extern struct tty_driver *console_driver; 1852 driver = tty_driver_kref_get(console_driver); 1853 *index = fg_console; 1854 break; 1855 } 1856 #endif 1857 case MKDEV(TTYAUX_MAJOR, 1): { 1858 struct tty_driver *console_driver = console_device(index); 1859 if (console_driver) { 1860 driver = tty_driver_kref_get(console_driver); 1861 if (driver && filp) { 1862 /* Don't let /dev/console block */ 1863 filp->f_flags |= O_NONBLOCK; 1864 break; 1865 } 1866 } 1867 if (driver) 1868 tty_driver_kref_put(driver); 1869 return ERR_PTR(-ENODEV); 1870 } 1871 default: 1872 driver = get_tty_driver(device, index); 1873 if (!driver) 1874 return ERR_PTR(-ENODEV); 1875 break; 1876 } 1877 return driver; 1878 } 1879 1880 /** 1881 * tty_kopen - open a tty device for kernel 1882 * @device: dev_t of device to open 1883 * 1884 * Opens tty exclusively for kernel. Performs the driver lookup, 1885 * makes sure it's not already opened and performs the first-time 1886 * tty initialization. 1887 * 1888 * Returns the locked initialized &tty_struct 1889 * 1890 * Claims the global tty_mutex to serialize: 1891 * - concurrent first-time tty initialization 1892 * - concurrent tty driver removal w/ lookup 1893 * - concurrent tty removal from driver table 1894 */ 1895 struct tty_struct *tty_kopen(dev_t device) 1896 { 1897 struct tty_struct *tty; 1898 struct tty_driver *driver; 1899 int index = -1; 1900 1901 mutex_lock(&tty_mutex); 1902 driver = tty_lookup_driver(device, NULL, &index); 1903 if (IS_ERR(driver)) { 1904 mutex_unlock(&tty_mutex); 1905 return ERR_CAST(driver); 1906 } 1907 1908 /* check whether we're reopening an existing tty */ 1909 tty = tty_driver_lookup_tty(driver, NULL, index); 1910 if (IS_ERR(tty)) 1911 goto out; 1912 1913 if (tty) { 1914 /* drop kref from tty_driver_lookup_tty() */ 1915 tty_kref_put(tty); 1916 tty = ERR_PTR(-EBUSY); 1917 } else { /* tty_init_dev returns tty with the tty_lock held */ 1918 tty = tty_init_dev(driver, index); 1919 if (IS_ERR(tty)) 1920 goto out; 1921 tty_port_set_kopened(tty->port, 1); 1922 } 1923 out: 1924 mutex_unlock(&tty_mutex); 1925 tty_driver_kref_put(driver); 1926 return tty; 1927 } 1928 EXPORT_SYMBOL_GPL(tty_kopen); 1929 1930 /** 1931 * tty_open_by_driver - open a tty device 1932 * @device: dev_t of device to open 1933 * @filp: file pointer to tty 1934 * 1935 * Performs the driver lookup, checks for a reopen, or otherwise 1936 * performs the first-time tty initialization. 1937 * 1938 * Returns the locked initialized or re-opened &tty_struct 1939 * 1940 * Claims the global tty_mutex to serialize: 1941 * - concurrent first-time tty initialization 1942 * - concurrent tty driver removal w/ lookup 1943 * - concurrent tty removal from driver table 1944 */ 1945 static struct tty_struct *tty_open_by_driver(dev_t device, 1946 struct file *filp) 1947 { 1948 struct tty_struct *tty; 1949 struct tty_driver *driver = NULL; 1950 int index = -1; 1951 int retval; 1952 1953 mutex_lock(&tty_mutex); 1954 driver = tty_lookup_driver(device, filp, &index); 1955 if (IS_ERR(driver)) { 1956 mutex_unlock(&tty_mutex); 1957 return ERR_CAST(driver); 1958 } 1959 1960 /* check whether we're reopening an existing tty */ 1961 tty = tty_driver_lookup_tty(driver, filp, index); 1962 if (IS_ERR(tty)) { 1963 mutex_unlock(&tty_mutex); 1964 goto out; 1965 } 1966 1967 if (tty) { 1968 if (tty_port_kopened(tty->port)) { 1969 tty_kref_put(tty); 1970 mutex_unlock(&tty_mutex); 1971 tty = ERR_PTR(-EBUSY); 1972 goto out; 1973 } 1974 mutex_unlock(&tty_mutex); 1975 retval = tty_lock_interruptible(tty); 1976 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */ 1977 if (retval) { 1978 if (retval == -EINTR) 1979 retval = -ERESTARTSYS; 1980 tty = ERR_PTR(retval); 1981 goto out; 1982 } 1983 retval = tty_reopen(tty); 1984 if (retval < 0) { 1985 tty_unlock(tty); 1986 tty = ERR_PTR(retval); 1987 } 1988 } else { /* Returns with the tty_lock held for now */ 1989 tty = tty_init_dev(driver, index); 1990 mutex_unlock(&tty_mutex); 1991 } 1992 out: 1993 tty_driver_kref_put(driver); 1994 return tty; 1995 } 1996 1997 /** 1998 * tty_open - open a tty device 1999 * @inode: inode of device file 2000 * @filp: file pointer to tty 2001 * 2002 * tty_open and tty_release keep up the tty count that contains the 2003 * number of opens done on a tty. We cannot use the inode-count, as 2004 * different inodes might point to the same tty. 2005 * 2006 * Open-counting is needed for pty masters, as well as for keeping 2007 * track of serial lines: DTR is dropped when the last close happens. 2008 * (This is not done solely through tty->count, now. - Ted 1/27/92) 2009 * 2010 * The termios state of a pty is reset on first open so that 2011 * settings don't persist across reuse. 2012 * 2013 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 2014 * tty->count should protect the rest. 2015 * ->siglock protects ->signal/->sighand 2016 * 2017 * Note: the tty_unlock/lock cases without a ref are only safe due to 2018 * tty_mutex 2019 */ 2020 2021 static int tty_open(struct inode *inode, struct file *filp) 2022 { 2023 struct tty_struct *tty; 2024 int noctty, retval; 2025 dev_t device = inode->i_rdev; 2026 unsigned saved_flags = filp->f_flags; 2027 2028 nonseekable_open(inode, filp); 2029 2030 retry_open: 2031 retval = tty_alloc_file(filp); 2032 if (retval) 2033 return -ENOMEM; 2034 2035 tty = tty_open_current_tty(device, filp); 2036 if (!tty) 2037 tty = tty_open_by_driver(device, filp); 2038 2039 if (IS_ERR(tty)) { 2040 tty_free_file(filp); 2041 retval = PTR_ERR(tty); 2042 if (retval != -EAGAIN || signal_pending(current)) 2043 return retval; 2044 schedule(); 2045 goto retry_open; 2046 } 2047 2048 tty_add_file(tty, filp); 2049 2050 check_tty_count(tty, __func__); 2051 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 2052 2053 if (tty->ops->open) 2054 retval = tty->ops->open(tty, filp); 2055 else 2056 retval = -ENODEV; 2057 filp->f_flags = saved_flags; 2058 2059 if (retval) { 2060 tty_debug_hangup(tty, "open error %d, releasing\n", retval); 2061 2062 tty_unlock(tty); /* need to call tty_release without BTM */ 2063 tty_release(inode, filp); 2064 if (retval != -ERESTARTSYS) 2065 return retval; 2066 2067 if (signal_pending(current)) 2068 return retval; 2069 2070 schedule(); 2071 /* 2072 * Need to reset f_op in case a hangup happened. 2073 */ 2074 if (tty_hung_up_p(filp)) 2075 filp->f_op = &tty_fops; 2076 goto retry_open; 2077 } 2078 clear_bit(TTY_HUPPED, &tty->flags); 2079 2080 noctty = (filp->f_flags & O_NOCTTY) || 2081 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) || 2082 device == MKDEV(TTYAUX_MAJOR, 1) || 2083 (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2084 tty->driver->subtype == PTY_TYPE_MASTER); 2085 if (!noctty) 2086 tty_open_proc_set_tty(filp, tty); 2087 tty_unlock(tty); 2088 return 0; 2089 } 2090 2091 2092 2093 /** 2094 * tty_poll - check tty status 2095 * @filp: file being polled 2096 * @wait: poll wait structures to update 2097 * 2098 * Call the line discipline polling method to obtain the poll 2099 * status of the device. 2100 * 2101 * Locking: locks called line discipline but ldisc poll method 2102 * may be re-entered freely by other callers. 2103 */ 2104 2105 static __poll_t tty_poll(struct file *filp, poll_table *wait) 2106 { 2107 struct tty_struct *tty = file_tty(filp); 2108 struct tty_ldisc *ld; 2109 __poll_t ret = 0; 2110 2111 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2112 return 0; 2113 2114 ld = tty_ldisc_ref_wait(tty); 2115 if (!ld) 2116 return hung_up_tty_poll(filp, wait); 2117 if (ld->ops->poll) 2118 ret = ld->ops->poll(tty, filp, wait); 2119 tty_ldisc_deref(ld); 2120 return ret; 2121 } 2122 2123 static int __tty_fasync(int fd, struct file *filp, int on) 2124 { 2125 struct tty_struct *tty = file_tty(filp); 2126 unsigned long flags; 2127 int retval = 0; 2128 2129 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2130 goto out; 2131 2132 retval = fasync_helper(fd, filp, on, &tty->fasync); 2133 if (retval <= 0) 2134 goto out; 2135 2136 if (on) { 2137 enum pid_type type; 2138 struct pid *pid; 2139 2140 spin_lock_irqsave(&tty->ctrl_lock, flags); 2141 if (tty->pgrp) { 2142 pid = tty->pgrp; 2143 type = PIDTYPE_PGID; 2144 } else { 2145 pid = task_pid(current); 2146 type = PIDTYPE_TGID; 2147 } 2148 get_pid(pid); 2149 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2150 __f_setown(filp, pid, type, 0); 2151 put_pid(pid); 2152 retval = 0; 2153 } 2154 out: 2155 return retval; 2156 } 2157 2158 static int tty_fasync(int fd, struct file *filp, int on) 2159 { 2160 struct tty_struct *tty = file_tty(filp); 2161 int retval = -ENOTTY; 2162 2163 tty_lock(tty); 2164 if (!tty_hung_up_p(filp)) 2165 retval = __tty_fasync(fd, filp, on); 2166 tty_unlock(tty); 2167 2168 return retval; 2169 } 2170 2171 /** 2172 * tiocsti - fake input character 2173 * @tty: tty to fake input into 2174 * @p: pointer to character 2175 * 2176 * Fake input to a tty device. Does the necessary locking and 2177 * input management. 2178 * 2179 * FIXME: does not honour flow control ?? 2180 * 2181 * Locking: 2182 * Called functions take tty_ldiscs_lock 2183 * current->signal->tty check is safe without locks 2184 * 2185 * FIXME: may race normal receive processing 2186 */ 2187 2188 static int tiocsti(struct tty_struct *tty, char __user *p) 2189 { 2190 char ch, mbz = 0; 2191 struct tty_ldisc *ld; 2192 2193 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2194 return -EPERM; 2195 if (get_user(ch, p)) 2196 return -EFAULT; 2197 tty_audit_tiocsti(tty, ch); 2198 ld = tty_ldisc_ref_wait(tty); 2199 if (!ld) 2200 return -EIO; 2201 if (ld->ops->receive_buf) 2202 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2203 tty_ldisc_deref(ld); 2204 return 0; 2205 } 2206 2207 /** 2208 * tiocgwinsz - implement window query ioctl 2209 * @tty: tty 2210 * @arg: user buffer for result 2211 * 2212 * Copies the kernel idea of the window size into the user buffer. 2213 * 2214 * Locking: tty->winsize_mutex is taken to ensure the winsize data 2215 * is consistent. 2216 */ 2217 2218 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2219 { 2220 int err; 2221 2222 mutex_lock(&tty->winsize_mutex); 2223 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2224 mutex_unlock(&tty->winsize_mutex); 2225 2226 return err ? -EFAULT: 0; 2227 } 2228 2229 /** 2230 * tty_do_resize - resize event 2231 * @tty: tty being resized 2232 * @ws: new dimensions 2233 * 2234 * Update the termios variables and send the necessary signals to 2235 * peform a terminal resize correctly 2236 */ 2237 2238 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2239 { 2240 struct pid *pgrp; 2241 2242 /* Lock the tty */ 2243 mutex_lock(&tty->winsize_mutex); 2244 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2245 goto done; 2246 2247 /* Signal the foreground process group */ 2248 pgrp = tty_get_pgrp(tty); 2249 if (pgrp) 2250 kill_pgrp(pgrp, SIGWINCH, 1); 2251 put_pid(pgrp); 2252 2253 tty->winsize = *ws; 2254 done: 2255 mutex_unlock(&tty->winsize_mutex); 2256 return 0; 2257 } 2258 EXPORT_SYMBOL(tty_do_resize); 2259 2260 /** 2261 * tiocswinsz - implement window size set ioctl 2262 * @tty: tty side of tty 2263 * @arg: user buffer for result 2264 * 2265 * Copies the user idea of the window size to the kernel. Traditionally 2266 * this is just advisory information but for the Linux console it 2267 * actually has driver level meaning and triggers a VC resize. 2268 * 2269 * Locking: 2270 * Driver dependent. The default do_resize method takes the 2271 * tty termios mutex and ctrl_lock. The console takes its own lock 2272 * then calls into the default method. 2273 */ 2274 2275 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2276 { 2277 struct winsize tmp_ws; 2278 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2279 return -EFAULT; 2280 2281 if (tty->ops->resize) 2282 return tty->ops->resize(tty, &tmp_ws); 2283 else 2284 return tty_do_resize(tty, &tmp_ws); 2285 } 2286 2287 /** 2288 * tioccons - allow admin to move logical console 2289 * @file: the file to become console 2290 * 2291 * Allow the administrator to move the redirected console device 2292 * 2293 * Locking: uses redirect_lock to guard the redirect information 2294 */ 2295 2296 static int tioccons(struct file *file) 2297 { 2298 if (!capable(CAP_SYS_ADMIN)) 2299 return -EPERM; 2300 if (file->f_op->write_iter == redirected_tty_write) { 2301 struct file *f; 2302 spin_lock(&redirect_lock); 2303 f = redirect; 2304 redirect = NULL; 2305 spin_unlock(&redirect_lock); 2306 if (f) 2307 fput(f); 2308 return 0; 2309 } 2310 spin_lock(&redirect_lock); 2311 if (redirect) { 2312 spin_unlock(&redirect_lock); 2313 return -EBUSY; 2314 } 2315 redirect = get_file(file); 2316 spin_unlock(&redirect_lock); 2317 return 0; 2318 } 2319 2320 /** 2321 * tiocsetd - set line discipline 2322 * @tty: tty device 2323 * @p: pointer to user data 2324 * 2325 * Set the line discipline according to user request. 2326 * 2327 * Locking: see tty_set_ldisc, this function is just a helper 2328 */ 2329 2330 static int tiocsetd(struct tty_struct *tty, int __user *p) 2331 { 2332 int disc; 2333 int ret; 2334 2335 if (get_user(disc, p)) 2336 return -EFAULT; 2337 2338 ret = tty_set_ldisc(tty, disc); 2339 2340 return ret; 2341 } 2342 2343 /** 2344 * tiocgetd - get line discipline 2345 * @tty: tty device 2346 * @p: pointer to user data 2347 * 2348 * Retrieves the line discipline id directly from the ldisc. 2349 * 2350 * Locking: waits for ldisc reference (in case the line discipline 2351 * is changing or the tty is being hungup) 2352 */ 2353 2354 static int tiocgetd(struct tty_struct *tty, int __user *p) 2355 { 2356 struct tty_ldisc *ld; 2357 int ret; 2358 2359 ld = tty_ldisc_ref_wait(tty); 2360 if (!ld) 2361 return -EIO; 2362 ret = put_user(ld->ops->num, p); 2363 tty_ldisc_deref(ld); 2364 return ret; 2365 } 2366 2367 /** 2368 * send_break - performed time break 2369 * @tty: device to break on 2370 * @duration: timeout in mS 2371 * 2372 * Perform a timed break on hardware that lacks its own driver level 2373 * timed break functionality. 2374 * 2375 * Locking: 2376 * atomic_write_lock serializes 2377 * 2378 */ 2379 2380 static int send_break(struct tty_struct *tty, unsigned int duration) 2381 { 2382 int retval; 2383 2384 if (tty->ops->break_ctl == NULL) 2385 return 0; 2386 2387 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2388 retval = tty->ops->break_ctl(tty, duration); 2389 else { 2390 /* Do the work ourselves */ 2391 if (tty_write_lock(tty, 0) < 0) 2392 return -EINTR; 2393 retval = tty->ops->break_ctl(tty, -1); 2394 if (retval) 2395 goto out; 2396 if (!signal_pending(current)) 2397 msleep_interruptible(duration); 2398 retval = tty->ops->break_ctl(tty, 0); 2399 out: 2400 tty_write_unlock(tty); 2401 if (signal_pending(current)) 2402 retval = -EINTR; 2403 } 2404 return retval; 2405 } 2406 2407 /** 2408 * tty_tiocmget - get modem status 2409 * @tty: tty device 2410 * @p: pointer to result 2411 * 2412 * Obtain the modem status bits from the tty driver if the feature 2413 * is supported. Return -EINVAL if it is not available. 2414 * 2415 * Locking: none (up to the driver) 2416 */ 2417 2418 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2419 { 2420 int retval = -EINVAL; 2421 2422 if (tty->ops->tiocmget) { 2423 retval = tty->ops->tiocmget(tty); 2424 2425 if (retval >= 0) 2426 retval = put_user(retval, p); 2427 } 2428 return retval; 2429 } 2430 2431 /** 2432 * tty_tiocmset - set modem status 2433 * @tty: tty device 2434 * @cmd: command - clear bits, set bits or set all 2435 * @p: pointer to desired bits 2436 * 2437 * Set the modem status bits from the tty driver if the feature 2438 * is supported. Return -EINVAL if it is not available. 2439 * 2440 * Locking: none (up to the driver) 2441 */ 2442 2443 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2444 unsigned __user *p) 2445 { 2446 int retval; 2447 unsigned int set, clear, val; 2448 2449 if (tty->ops->tiocmset == NULL) 2450 return -EINVAL; 2451 2452 retval = get_user(val, p); 2453 if (retval) 2454 return retval; 2455 set = clear = 0; 2456 switch (cmd) { 2457 case TIOCMBIS: 2458 set = val; 2459 break; 2460 case TIOCMBIC: 2461 clear = val; 2462 break; 2463 case TIOCMSET: 2464 set = val; 2465 clear = ~val; 2466 break; 2467 } 2468 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2469 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2470 return tty->ops->tiocmset(tty, set, clear); 2471 } 2472 2473 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2474 { 2475 int retval = -EINVAL; 2476 struct serial_icounter_struct icount; 2477 memset(&icount, 0, sizeof(icount)); 2478 if (tty->ops->get_icount) 2479 retval = tty->ops->get_icount(tty, &icount); 2480 if (retval != 0) 2481 return retval; 2482 if (copy_to_user(arg, &icount, sizeof(icount))) 2483 return -EFAULT; 2484 return 0; 2485 } 2486 2487 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss) 2488 { 2489 static DEFINE_RATELIMIT_STATE(depr_flags, 2490 DEFAULT_RATELIMIT_INTERVAL, 2491 DEFAULT_RATELIMIT_BURST); 2492 char comm[TASK_COMM_LEN]; 2493 struct serial_struct v; 2494 int flags; 2495 2496 if (copy_from_user(&v, ss, sizeof(*ss))) 2497 return -EFAULT; 2498 2499 flags = v.flags & ASYNC_DEPRECATED; 2500 2501 if (flags && __ratelimit(&depr_flags)) 2502 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2503 __func__, get_task_comm(comm, current), flags); 2504 if (!tty->ops->set_serial) 2505 return -ENOTTY; 2506 return tty->ops->set_serial(tty, &v); 2507 } 2508 2509 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss) 2510 { 2511 struct serial_struct v; 2512 int err; 2513 2514 memset(&v, 0, sizeof(v)); 2515 if (!tty->ops->get_serial) 2516 return -ENOTTY; 2517 err = tty->ops->get_serial(tty, &v); 2518 if (!err && copy_to_user(ss, &v, sizeof(v))) 2519 err = -EFAULT; 2520 return err; 2521 } 2522 2523 /* 2524 * if pty, return the slave side (real_tty) 2525 * otherwise, return self 2526 */ 2527 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2528 { 2529 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2530 tty->driver->subtype == PTY_TYPE_MASTER) 2531 tty = tty->link; 2532 return tty; 2533 } 2534 2535 /* 2536 * Split this up, as gcc can choke on it otherwise.. 2537 */ 2538 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2539 { 2540 struct tty_struct *tty = file_tty(file); 2541 struct tty_struct *real_tty; 2542 void __user *p = (void __user *)arg; 2543 int retval; 2544 struct tty_ldisc *ld; 2545 2546 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2547 return -EINVAL; 2548 2549 real_tty = tty_pair_get_tty(tty); 2550 2551 /* 2552 * Factor out some common prep work 2553 */ 2554 switch (cmd) { 2555 case TIOCSETD: 2556 case TIOCSBRK: 2557 case TIOCCBRK: 2558 case TCSBRK: 2559 case TCSBRKP: 2560 retval = tty_check_change(tty); 2561 if (retval) 2562 return retval; 2563 if (cmd != TIOCCBRK) { 2564 tty_wait_until_sent(tty, 0); 2565 if (signal_pending(current)) 2566 return -EINTR; 2567 } 2568 break; 2569 } 2570 2571 /* 2572 * Now do the stuff. 2573 */ 2574 switch (cmd) { 2575 case TIOCSTI: 2576 return tiocsti(tty, p); 2577 case TIOCGWINSZ: 2578 return tiocgwinsz(real_tty, p); 2579 case TIOCSWINSZ: 2580 return tiocswinsz(real_tty, p); 2581 case TIOCCONS: 2582 return real_tty != tty ? -EINVAL : tioccons(file); 2583 case TIOCEXCL: 2584 set_bit(TTY_EXCLUSIVE, &tty->flags); 2585 return 0; 2586 case TIOCNXCL: 2587 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2588 return 0; 2589 case TIOCGEXCL: 2590 { 2591 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2592 return put_user(excl, (int __user *)p); 2593 } 2594 case TIOCGETD: 2595 return tiocgetd(tty, p); 2596 case TIOCSETD: 2597 return tiocsetd(tty, p); 2598 case TIOCVHANGUP: 2599 if (!capable(CAP_SYS_ADMIN)) 2600 return -EPERM; 2601 tty_vhangup(tty); 2602 return 0; 2603 case TIOCGDEV: 2604 { 2605 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2606 return put_user(ret, (unsigned int __user *)p); 2607 } 2608 /* 2609 * Break handling 2610 */ 2611 case TIOCSBRK: /* Turn break on, unconditionally */ 2612 if (tty->ops->break_ctl) 2613 return tty->ops->break_ctl(tty, -1); 2614 return 0; 2615 case TIOCCBRK: /* Turn break off, unconditionally */ 2616 if (tty->ops->break_ctl) 2617 return tty->ops->break_ctl(tty, 0); 2618 return 0; 2619 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2620 /* non-zero arg means wait for all output data 2621 * to be sent (performed above) but don't send break. 2622 * This is used by the tcdrain() termios function. 2623 */ 2624 if (!arg) 2625 return send_break(tty, 250); 2626 return 0; 2627 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2628 return send_break(tty, arg ? arg*100 : 250); 2629 2630 case TIOCMGET: 2631 return tty_tiocmget(tty, p); 2632 case TIOCMSET: 2633 case TIOCMBIC: 2634 case TIOCMBIS: 2635 return tty_tiocmset(tty, cmd, p); 2636 case TIOCGICOUNT: 2637 return tty_tiocgicount(tty, p); 2638 case TCFLSH: 2639 switch (arg) { 2640 case TCIFLUSH: 2641 case TCIOFLUSH: 2642 /* flush tty buffer and allow ldisc to process ioctl */ 2643 tty_buffer_flush(tty, NULL); 2644 break; 2645 } 2646 break; 2647 case TIOCSSERIAL: 2648 return tty_tiocsserial(tty, p); 2649 case TIOCGSERIAL: 2650 return tty_tiocgserial(tty, p); 2651 case TIOCGPTPEER: 2652 /* Special because the struct file is needed */ 2653 return ptm_open_peer(file, tty, (int)arg); 2654 default: 2655 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg); 2656 if (retval != -ENOIOCTLCMD) 2657 return retval; 2658 } 2659 if (tty->ops->ioctl) { 2660 retval = tty->ops->ioctl(tty, cmd, arg); 2661 if (retval != -ENOIOCTLCMD) 2662 return retval; 2663 } 2664 ld = tty_ldisc_ref_wait(tty); 2665 if (!ld) 2666 return hung_up_tty_ioctl(file, cmd, arg); 2667 retval = -EINVAL; 2668 if (ld->ops->ioctl) { 2669 retval = ld->ops->ioctl(tty, file, cmd, arg); 2670 if (retval == -ENOIOCTLCMD) 2671 retval = -ENOTTY; 2672 } 2673 tty_ldisc_deref(ld); 2674 return retval; 2675 } 2676 2677 #ifdef CONFIG_COMPAT 2678 2679 struct serial_struct32 { 2680 compat_int_t type; 2681 compat_int_t line; 2682 compat_uint_t port; 2683 compat_int_t irq; 2684 compat_int_t flags; 2685 compat_int_t xmit_fifo_size; 2686 compat_int_t custom_divisor; 2687 compat_int_t baud_base; 2688 unsigned short close_delay; 2689 char io_type; 2690 char reserved_char; 2691 compat_int_t hub6; 2692 unsigned short closing_wait; /* time to wait before closing */ 2693 unsigned short closing_wait2; /* no longer used... */ 2694 compat_uint_t iomem_base; 2695 unsigned short iomem_reg_shift; 2696 unsigned int port_high; 2697 /* compat_ulong_t iomap_base FIXME */ 2698 compat_int_t reserved; 2699 }; 2700 2701 static int compat_tty_tiocsserial(struct tty_struct *tty, 2702 struct serial_struct32 __user *ss) 2703 { 2704 static DEFINE_RATELIMIT_STATE(depr_flags, 2705 DEFAULT_RATELIMIT_INTERVAL, 2706 DEFAULT_RATELIMIT_BURST); 2707 char comm[TASK_COMM_LEN]; 2708 struct serial_struct32 v32; 2709 struct serial_struct v; 2710 int flags; 2711 2712 if (copy_from_user(&v32, ss, sizeof(*ss))) 2713 return -EFAULT; 2714 2715 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base)); 2716 v.iomem_base = compat_ptr(v32.iomem_base); 2717 v.iomem_reg_shift = v32.iomem_reg_shift; 2718 v.port_high = v32.port_high; 2719 v.iomap_base = 0; 2720 2721 flags = v.flags & ASYNC_DEPRECATED; 2722 2723 if (flags && __ratelimit(&depr_flags)) 2724 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2725 __func__, get_task_comm(comm, current), flags); 2726 if (!tty->ops->set_serial) 2727 return -ENOTTY; 2728 return tty->ops->set_serial(tty, &v); 2729 } 2730 2731 static int compat_tty_tiocgserial(struct tty_struct *tty, 2732 struct serial_struct32 __user *ss) 2733 { 2734 struct serial_struct32 v32; 2735 struct serial_struct v; 2736 int err; 2737 2738 memset(&v, 0, sizeof(v)); 2739 memset(&v32, 0, sizeof(v32)); 2740 2741 if (!tty->ops->get_serial) 2742 return -ENOTTY; 2743 err = tty->ops->get_serial(tty, &v); 2744 if (!err) { 2745 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base)); 2746 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ? 2747 0xfffffff : ptr_to_compat(v.iomem_base); 2748 v32.iomem_reg_shift = v.iomem_reg_shift; 2749 v32.port_high = v.port_high; 2750 if (copy_to_user(ss, &v32, sizeof(v32))) 2751 err = -EFAULT; 2752 } 2753 return err; 2754 } 2755 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2756 unsigned long arg) 2757 { 2758 struct tty_struct *tty = file_tty(file); 2759 struct tty_ldisc *ld; 2760 int retval = -ENOIOCTLCMD; 2761 2762 switch (cmd) { 2763 case TIOCOUTQ: 2764 case TIOCSTI: 2765 case TIOCGWINSZ: 2766 case TIOCSWINSZ: 2767 case TIOCGEXCL: 2768 case TIOCGETD: 2769 case TIOCSETD: 2770 case TIOCGDEV: 2771 case TIOCMGET: 2772 case TIOCMSET: 2773 case TIOCMBIC: 2774 case TIOCMBIS: 2775 case TIOCGICOUNT: 2776 case TIOCGPGRP: 2777 case TIOCSPGRP: 2778 case TIOCGSID: 2779 case TIOCSERGETLSR: 2780 case TIOCGRS485: 2781 case TIOCSRS485: 2782 #ifdef TIOCGETP 2783 case TIOCGETP: 2784 case TIOCSETP: 2785 case TIOCSETN: 2786 #endif 2787 #ifdef TIOCGETC 2788 case TIOCGETC: 2789 case TIOCSETC: 2790 #endif 2791 #ifdef TIOCGLTC 2792 case TIOCGLTC: 2793 case TIOCSLTC: 2794 #endif 2795 case TCSETSF: 2796 case TCSETSW: 2797 case TCSETS: 2798 case TCGETS: 2799 #ifdef TCGETS2 2800 case TCGETS2: 2801 case TCSETSF2: 2802 case TCSETSW2: 2803 case TCSETS2: 2804 #endif 2805 case TCGETA: 2806 case TCSETAF: 2807 case TCSETAW: 2808 case TCSETA: 2809 case TIOCGLCKTRMIOS: 2810 case TIOCSLCKTRMIOS: 2811 #ifdef TCGETX 2812 case TCGETX: 2813 case TCSETX: 2814 case TCSETXW: 2815 case TCSETXF: 2816 #endif 2817 case TIOCGSOFTCAR: 2818 case TIOCSSOFTCAR: 2819 2820 case PPPIOCGCHAN: 2821 case PPPIOCGUNIT: 2822 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 2823 case TIOCCONS: 2824 case TIOCEXCL: 2825 case TIOCNXCL: 2826 case TIOCVHANGUP: 2827 case TIOCSBRK: 2828 case TIOCCBRK: 2829 case TCSBRK: 2830 case TCSBRKP: 2831 case TCFLSH: 2832 case TIOCGPTPEER: 2833 case TIOCNOTTY: 2834 case TIOCSCTTY: 2835 case TCXONC: 2836 case TIOCMIWAIT: 2837 case TIOCSERCONFIG: 2838 return tty_ioctl(file, cmd, arg); 2839 } 2840 2841 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2842 return -EINVAL; 2843 2844 switch (cmd) { 2845 case TIOCSSERIAL: 2846 return compat_tty_tiocsserial(tty, compat_ptr(arg)); 2847 case TIOCGSERIAL: 2848 return compat_tty_tiocgserial(tty, compat_ptr(arg)); 2849 } 2850 if (tty->ops->compat_ioctl) { 2851 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2852 if (retval != -ENOIOCTLCMD) 2853 return retval; 2854 } 2855 2856 ld = tty_ldisc_ref_wait(tty); 2857 if (!ld) 2858 return hung_up_tty_compat_ioctl(file, cmd, arg); 2859 if (ld->ops->compat_ioctl) 2860 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2861 if (retval == -ENOIOCTLCMD && ld->ops->ioctl) 2862 retval = ld->ops->ioctl(tty, file, 2863 (unsigned long)compat_ptr(cmd), arg); 2864 tty_ldisc_deref(ld); 2865 2866 return retval; 2867 } 2868 #endif 2869 2870 static int this_tty(const void *t, struct file *file, unsigned fd) 2871 { 2872 if (likely(file->f_op->read != tty_read)) 2873 return 0; 2874 return file_tty(file) != t ? 0 : fd + 1; 2875 } 2876 2877 /* 2878 * This implements the "Secure Attention Key" --- the idea is to 2879 * prevent trojan horses by killing all processes associated with this 2880 * tty when the user hits the "Secure Attention Key". Required for 2881 * super-paranoid applications --- see the Orange Book for more details. 2882 * 2883 * This code could be nicer; ideally it should send a HUP, wait a few 2884 * seconds, then send a INT, and then a KILL signal. But you then 2885 * have to coordinate with the init process, since all processes associated 2886 * with the current tty must be dead before the new getty is allowed 2887 * to spawn. 2888 * 2889 * Now, if it would be correct ;-/ The current code has a nasty hole - 2890 * it doesn't catch files in flight. We may send the descriptor to ourselves 2891 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2892 * 2893 * Nasty bug: do_SAK is being called in interrupt context. This can 2894 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2895 */ 2896 void __do_SAK(struct tty_struct *tty) 2897 { 2898 #ifdef TTY_SOFT_SAK 2899 tty_hangup(tty); 2900 #else 2901 struct task_struct *g, *p; 2902 struct pid *session; 2903 int i; 2904 unsigned long flags; 2905 2906 if (!tty) 2907 return; 2908 2909 spin_lock_irqsave(&tty->ctrl_lock, flags); 2910 session = get_pid(tty->session); 2911 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2912 2913 tty_ldisc_flush(tty); 2914 2915 tty_driver_flush_buffer(tty); 2916 2917 read_lock(&tasklist_lock); 2918 /* Kill the entire session */ 2919 do_each_pid_task(session, PIDTYPE_SID, p) { 2920 tty_notice(tty, "SAK: killed process %d (%s): by session\n", 2921 task_pid_nr(p), p->comm); 2922 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2923 } while_each_pid_task(session, PIDTYPE_SID, p); 2924 2925 /* Now kill any processes that happen to have the tty open */ 2926 do_each_thread(g, p) { 2927 if (p->signal->tty == tty) { 2928 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n", 2929 task_pid_nr(p), p->comm); 2930 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2931 continue; 2932 } 2933 task_lock(p); 2934 i = iterate_fd(p->files, 0, this_tty, tty); 2935 if (i != 0) { 2936 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n", 2937 task_pid_nr(p), p->comm, i - 1); 2938 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2939 } 2940 task_unlock(p); 2941 } while_each_thread(g, p); 2942 read_unlock(&tasklist_lock); 2943 put_pid(session); 2944 #endif 2945 } 2946 2947 static void do_SAK_work(struct work_struct *work) 2948 { 2949 struct tty_struct *tty = 2950 container_of(work, struct tty_struct, SAK_work); 2951 __do_SAK(tty); 2952 } 2953 2954 /* 2955 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2956 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2957 * the values which we write to it will be identical to the values which it 2958 * already has. --akpm 2959 */ 2960 void do_SAK(struct tty_struct *tty) 2961 { 2962 if (!tty) 2963 return; 2964 schedule_work(&tty->SAK_work); 2965 } 2966 2967 EXPORT_SYMBOL(do_SAK); 2968 2969 /* Must put_device() after it's unused! */ 2970 static struct device *tty_get_device(struct tty_struct *tty) 2971 { 2972 dev_t devt = tty_devnum(tty); 2973 return class_find_device_by_devt(tty_class, devt); 2974 } 2975 2976 2977 /** 2978 * alloc_tty_struct 2979 * 2980 * This subroutine allocates and initializes a tty structure. 2981 * 2982 * Locking: none - tty in question is not exposed at this point 2983 */ 2984 2985 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 2986 { 2987 struct tty_struct *tty; 2988 2989 tty = kzalloc(sizeof(*tty), GFP_KERNEL); 2990 if (!tty) 2991 return NULL; 2992 2993 kref_init(&tty->kref); 2994 tty->magic = TTY_MAGIC; 2995 if (tty_ldisc_init(tty)) { 2996 kfree(tty); 2997 return NULL; 2998 } 2999 tty->session = NULL; 3000 tty->pgrp = NULL; 3001 mutex_init(&tty->legacy_mutex); 3002 mutex_init(&tty->throttle_mutex); 3003 init_rwsem(&tty->termios_rwsem); 3004 mutex_init(&tty->winsize_mutex); 3005 init_ldsem(&tty->ldisc_sem); 3006 init_waitqueue_head(&tty->write_wait); 3007 init_waitqueue_head(&tty->read_wait); 3008 INIT_WORK(&tty->hangup_work, do_tty_hangup); 3009 mutex_init(&tty->atomic_write_lock); 3010 spin_lock_init(&tty->ctrl_lock); 3011 spin_lock_init(&tty->flow_lock); 3012 spin_lock_init(&tty->files_lock); 3013 INIT_LIST_HEAD(&tty->tty_files); 3014 INIT_WORK(&tty->SAK_work, do_SAK_work); 3015 3016 tty->driver = driver; 3017 tty->ops = driver->ops; 3018 tty->index = idx; 3019 tty_line_name(driver, idx, tty->name); 3020 tty->dev = tty_get_device(tty); 3021 3022 return tty; 3023 } 3024 3025 /** 3026 * tty_put_char - write one character to a tty 3027 * @tty: tty 3028 * @ch: character 3029 * 3030 * Write one byte to the tty using the provided put_char method 3031 * if present. Returns the number of characters successfully output. 3032 * 3033 * Note: the specific put_char operation in the driver layer may go 3034 * away soon. Don't call it directly, use this method 3035 */ 3036 3037 int tty_put_char(struct tty_struct *tty, unsigned char ch) 3038 { 3039 if (tty->ops->put_char) 3040 return tty->ops->put_char(tty, ch); 3041 return tty->ops->write(tty, &ch, 1); 3042 } 3043 EXPORT_SYMBOL_GPL(tty_put_char); 3044 3045 struct class *tty_class; 3046 3047 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3048 unsigned int index, unsigned int count) 3049 { 3050 int err; 3051 3052 /* init here, since reused cdevs cause crashes */ 3053 driver->cdevs[index] = cdev_alloc(); 3054 if (!driver->cdevs[index]) 3055 return -ENOMEM; 3056 driver->cdevs[index]->ops = &tty_fops; 3057 driver->cdevs[index]->owner = driver->owner; 3058 err = cdev_add(driver->cdevs[index], dev, count); 3059 if (err) 3060 kobject_put(&driver->cdevs[index]->kobj); 3061 return err; 3062 } 3063 3064 /** 3065 * tty_register_device - register a tty device 3066 * @driver: the tty driver that describes the tty device 3067 * @index: the index in the tty driver for this tty device 3068 * @device: a struct device that is associated with this tty device. 3069 * This field is optional, if there is no known struct device 3070 * for this tty device it can be set to NULL safely. 3071 * 3072 * Returns a pointer to the struct device for this tty device 3073 * (or ERR_PTR(-EFOO) on error). 3074 * 3075 * This call is required to be made to register an individual tty device 3076 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3077 * that bit is not set, this function should not be called by a tty 3078 * driver. 3079 * 3080 * Locking: ?? 3081 */ 3082 3083 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3084 struct device *device) 3085 { 3086 return tty_register_device_attr(driver, index, device, NULL, NULL); 3087 } 3088 EXPORT_SYMBOL(tty_register_device); 3089 3090 static void tty_device_create_release(struct device *dev) 3091 { 3092 dev_dbg(dev, "releasing...\n"); 3093 kfree(dev); 3094 } 3095 3096 /** 3097 * tty_register_device_attr - register a tty device 3098 * @driver: the tty driver that describes the tty device 3099 * @index: the index in the tty driver for this tty device 3100 * @device: a struct device that is associated with this tty device. 3101 * This field is optional, if there is no known struct device 3102 * for this tty device it can be set to NULL safely. 3103 * @drvdata: Driver data to be set to device. 3104 * @attr_grp: Attribute group to be set on device. 3105 * 3106 * Returns a pointer to the struct device for this tty device 3107 * (or ERR_PTR(-EFOO) on error). 3108 * 3109 * This call is required to be made to register an individual tty device 3110 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3111 * that bit is not set, this function should not be called by a tty 3112 * driver. 3113 * 3114 * Locking: ?? 3115 */ 3116 struct device *tty_register_device_attr(struct tty_driver *driver, 3117 unsigned index, struct device *device, 3118 void *drvdata, 3119 const struct attribute_group **attr_grp) 3120 { 3121 char name[64]; 3122 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3123 struct ktermios *tp; 3124 struct device *dev; 3125 int retval; 3126 3127 if (index >= driver->num) { 3128 pr_err("%s: Attempt to register invalid tty line number (%d)\n", 3129 driver->name, index); 3130 return ERR_PTR(-EINVAL); 3131 } 3132 3133 if (driver->type == TTY_DRIVER_TYPE_PTY) 3134 pty_line_name(driver, index, name); 3135 else 3136 tty_line_name(driver, index, name); 3137 3138 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3139 if (!dev) 3140 return ERR_PTR(-ENOMEM); 3141 3142 dev->devt = devt; 3143 dev->class = tty_class; 3144 dev->parent = device; 3145 dev->release = tty_device_create_release; 3146 dev_set_name(dev, "%s", name); 3147 dev->groups = attr_grp; 3148 dev_set_drvdata(dev, drvdata); 3149 3150 dev_set_uevent_suppress(dev, 1); 3151 3152 retval = device_register(dev); 3153 if (retval) 3154 goto err_put; 3155 3156 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3157 /* 3158 * Free any saved termios data so that the termios state is 3159 * reset when reusing a minor number. 3160 */ 3161 tp = driver->termios[index]; 3162 if (tp) { 3163 driver->termios[index] = NULL; 3164 kfree(tp); 3165 } 3166 3167 retval = tty_cdev_add(driver, devt, index, 1); 3168 if (retval) 3169 goto err_del; 3170 } 3171 3172 dev_set_uevent_suppress(dev, 0); 3173 kobject_uevent(&dev->kobj, KOBJ_ADD); 3174 3175 return dev; 3176 3177 err_del: 3178 device_del(dev); 3179 err_put: 3180 put_device(dev); 3181 3182 return ERR_PTR(retval); 3183 } 3184 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3185 3186 /** 3187 * tty_unregister_device - unregister a tty device 3188 * @driver: the tty driver that describes the tty device 3189 * @index: the index in the tty driver for this tty device 3190 * 3191 * If a tty device is registered with a call to tty_register_device() then 3192 * this function must be called when the tty device is gone. 3193 * 3194 * Locking: ?? 3195 */ 3196 3197 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3198 { 3199 device_destroy(tty_class, 3200 MKDEV(driver->major, driver->minor_start) + index); 3201 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3202 cdev_del(driver->cdevs[index]); 3203 driver->cdevs[index] = NULL; 3204 } 3205 } 3206 EXPORT_SYMBOL(tty_unregister_device); 3207 3208 /** 3209 * __tty_alloc_driver -- allocate tty driver 3210 * @lines: count of lines this driver can handle at most 3211 * @owner: module which is responsible for this driver 3212 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3213 * 3214 * This should not be called directly, some of the provided macros should be 3215 * used instead. Use IS_ERR and friends on @retval. 3216 */ 3217 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3218 unsigned long flags) 3219 { 3220 struct tty_driver *driver; 3221 unsigned int cdevs = 1; 3222 int err; 3223 3224 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3225 return ERR_PTR(-EINVAL); 3226 3227 driver = kzalloc(sizeof(*driver), GFP_KERNEL); 3228 if (!driver) 3229 return ERR_PTR(-ENOMEM); 3230 3231 kref_init(&driver->kref); 3232 driver->magic = TTY_DRIVER_MAGIC; 3233 driver->num = lines; 3234 driver->owner = owner; 3235 driver->flags = flags; 3236 3237 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3238 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3239 GFP_KERNEL); 3240 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3241 GFP_KERNEL); 3242 if (!driver->ttys || !driver->termios) { 3243 err = -ENOMEM; 3244 goto err_free_all; 3245 } 3246 } 3247 3248 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3249 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3250 GFP_KERNEL); 3251 if (!driver->ports) { 3252 err = -ENOMEM; 3253 goto err_free_all; 3254 } 3255 cdevs = lines; 3256 } 3257 3258 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3259 if (!driver->cdevs) { 3260 err = -ENOMEM; 3261 goto err_free_all; 3262 } 3263 3264 return driver; 3265 err_free_all: 3266 kfree(driver->ports); 3267 kfree(driver->ttys); 3268 kfree(driver->termios); 3269 kfree(driver->cdevs); 3270 kfree(driver); 3271 return ERR_PTR(err); 3272 } 3273 EXPORT_SYMBOL(__tty_alloc_driver); 3274 3275 static void destruct_tty_driver(struct kref *kref) 3276 { 3277 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3278 int i; 3279 struct ktermios *tp; 3280 3281 if (driver->flags & TTY_DRIVER_INSTALLED) { 3282 for (i = 0; i < driver->num; i++) { 3283 tp = driver->termios[i]; 3284 if (tp) { 3285 driver->termios[i] = NULL; 3286 kfree(tp); 3287 } 3288 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3289 tty_unregister_device(driver, i); 3290 } 3291 proc_tty_unregister_driver(driver); 3292 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3293 cdev_del(driver->cdevs[0]); 3294 } 3295 kfree(driver->cdevs); 3296 kfree(driver->ports); 3297 kfree(driver->termios); 3298 kfree(driver->ttys); 3299 kfree(driver); 3300 } 3301 3302 void tty_driver_kref_put(struct tty_driver *driver) 3303 { 3304 kref_put(&driver->kref, destruct_tty_driver); 3305 } 3306 EXPORT_SYMBOL(tty_driver_kref_put); 3307 3308 void tty_set_operations(struct tty_driver *driver, 3309 const struct tty_operations *op) 3310 { 3311 driver->ops = op; 3312 }; 3313 EXPORT_SYMBOL(tty_set_operations); 3314 3315 void put_tty_driver(struct tty_driver *d) 3316 { 3317 tty_driver_kref_put(d); 3318 } 3319 EXPORT_SYMBOL(put_tty_driver); 3320 3321 /* 3322 * Called by a tty driver to register itself. 3323 */ 3324 int tty_register_driver(struct tty_driver *driver) 3325 { 3326 int error; 3327 int i; 3328 dev_t dev; 3329 struct device *d; 3330 3331 if (!driver->major) { 3332 error = alloc_chrdev_region(&dev, driver->minor_start, 3333 driver->num, driver->name); 3334 if (!error) { 3335 driver->major = MAJOR(dev); 3336 driver->minor_start = MINOR(dev); 3337 } 3338 } else { 3339 dev = MKDEV(driver->major, driver->minor_start); 3340 error = register_chrdev_region(dev, driver->num, driver->name); 3341 } 3342 if (error < 0) 3343 goto err; 3344 3345 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3346 error = tty_cdev_add(driver, dev, 0, driver->num); 3347 if (error) 3348 goto err_unreg_char; 3349 } 3350 3351 mutex_lock(&tty_mutex); 3352 list_add(&driver->tty_drivers, &tty_drivers); 3353 mutex_unlock(&tty_mutex); 3354 3355 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3356 for (i = 0; i < driver->num; i++) { 3357 d = tty_register_device(driver, i, NULL); 3358 if (IS_ERR(d)) { 3359 error = PTR_ERR(d); 3360 goto err_unreg_devs; 3361 } 3362 } 3363 } 3364 proc_tty_register_driver(driver); 3365 driver->flags |= TTY_DRIVER_INSTALLED; 3366 return 0; 3367 3368 err_unreg_devs: 3369 for (i--; i >= 0; i--) 3370 tty_unregister_device(driver, i); 3371 3372 mutex_lock(&tty_mutex); 3373 list_del(&driver->tty_drivers); 3374 mutex_unlock(&tty_mutex); 3375 3376 err_unreg_char: 3377 unregister_chrdev_region(dev, driver->num); 3378 err: 3379 return error; 3380 } 3381 EXPORT_SYMBOL(tty_register_driver); 3382 3383 /* 3384 * Called by a tty driver to unregister itself. 3385 */ 3386 int tty_unregister_driver(struct tty_driver *driver) 3387 { 3388 #if 0 3389 /* FIXME */ 3390 if (driver->refcount) 3391 return -EBUSY; 3392 #endif 3393 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3394 driver->num); 3395 mutex_lock(&tty_mutex); 3396 list_del(&driver->tty_drivers); 3397 mutex_unlock(&tty_mutex); 3398 return 0; 3399 } 3400 3401 EXPORT_SYMBOL(tty_unregister_driver); 3402 3403 dev_t tty_devnum(struct tty_struct *tty) 3404 { 3405 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3406 } 3407 EXPORT_SYMBOL(tty_devnum); 3408 3409 void tty_default_fops(struct file_operations *fops) 3410 { 3411 *fops = tty_fops; 3412 } 3413 3414 static char *tty_devnode(struct device *dev, umode_t *mode) 3415 { 3416 if (!mode) 3417 return NULL; 3418 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3419 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3420 *mode = 0666; 3421 return NULL; 3422 } 3423 3424 static int __init tty_class_init(void) 3425 { 3426 tty_class = class_create(THIS_MODULE, "tty"); 3427 if (IS_ERR(tty_class)) 3428 return PTR_ERR(tty_class); 3429 tty_class->devnode = tty_devnode; 3430 return 0; 3431 } 3432 3433 postcore_initcall(tty_class_init); 3434 3435 /* 3/2004 jmc: why do these devices exist? */ 3436 static struct cdev tty_cdev, console_cdev; 3437 3438 static ssize_t show_cons_active(struct device *dev, 3439 struct device_attribute *attr, char *buf) 3440 { 3441 struct console *cs[16]; 3442 int i = 0; 3443 struct console *c; 3444 ssize_t count = 0; 3445 3446 console_lock(); 3447 for_each_console(c) { 3448 if (!c->device) 3449 continue; 3450 if (!c->write) 3451 continue; 3452 if ((c->flags & CON_ENABLED) == 0) 3453 continue; 3454 cs[i++] = c; 3455 if (i >= ARRAY_SIZE(cs)) 3456 break; 3457 } 3458 while (i--) { 3459 int index = cs[i]->index; 3460 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3461 3462 /* don't resolve tty0 as some programs depend on it */ 3463 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3464 count += tty_line_name(drv, index, buf + count); 3465 else 3466 count += sprintf(buf + count, "%s%d", 3467 cs[i]->name, cs[i]->index); 3468 3469 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3470 } 3471 console_unlock(); 3472 3473 return count; 3474 } 3475 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3476 3477 static struct attribute *cons_dev_attrs[] = { 3478 &dev_attr_active.attr, 3479 NULL 3480 }; 3481 3482 ATTRIBUTE_GROUPS(cons_dev); 3483 3484 static struct device *consdev; 3485 3486 void console_sysfs_notify(void) 3487 { 3488 if (consdev) 3489 sysfs_notify(&consdev->kobj, NULL, "active"); 3490 } 3491 3492 /* 3493 * Ok, now we can initialize the rest of the tty devices and can count 3494 * on memory allocations, interrupts etc.. 3495 */ 3496 int __init tty_init(void) 3497 { 3498 tty_sysctl_init(); 3499 cdev_init(&tty_cdev, &tty_fops); 3500 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3501 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3502 panic("Couldn't register /dev/tty driver\n"); 3503 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3504 3505 cdev_init(&console_cdev, &console_fops); 3506 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3507 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3508 panic("Couldn't register /dev/console driver\n"); 3509 consdev = device_create_with_groups(tty_class, NULL, 3510 MKDEV(TTYAUX_MAJOR, 1), NULL, 3511 cons_dev_groups, "console"); 3512 if (IS_ERR(consdev)) 3513 consdev = NULL; 3514 3515 #ifdef CONFIG_VT 3516 vty_init(&console_fops); 3517 #endif 3518 return 0; 3519 } 3520 3521