1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 /* 7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 8 * or rs-channels. It also implements echoing, cooked mode etc. 9 * 10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 11 * 12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 13 * tty_struct and tty_queue structures. Previously there was an array 14 * of 256 tty_struct's which was statically allocated, and the 15 * tty_queue structures were allocated at boot time. Both are now 16 * dynamically allocated only when the tty is open. 17 * 18 * Also restructured routines so that there is more of a separation 19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 20 * the low-level tty routines (serial.c, pty.c, console.c). This 21 * makes for cleaner and more compact code. -TYT, 9/17/92 22 * 23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 24 * which can be dynamically activated and de-activated by the line 25 * discipline handling modules (like SLIP). 26 * 27 * NOTE: pay no attention to the line discipline code (yet); its 28 * interface is still subject to change in this version... 29 * -- TYT, 1/31/92 30 * 31 * Added functionality to the OPOST tty handling. No delays, but all 32 * other bits should be there. 33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 34 * 35 * Rewrote canonical mode and added more termios flags. 36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 37 * 38 * Reorganized FASYNC support so mouse code can share it. 39 * -- ctm@ardi.com, 9Sep95 40 * 41 * New TIOCLINUX variants added. 42 * -- mj@k332.feld.cvut.cz, 19-Nov-95 43 * 44 * Restrict vt switching via ioctl() 45 * -- grif@cs.ucr.edu, 5-Dec-95 46 * 47 * Move console and virtual terminal code to more appropriate files, 48 * implement CONFIG_VT and generalize console device interface. 49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 50 * 51 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 52 * -- Bill Hawes <whawes@star.net>, June 97 53 * 54 * Added devfs support. 55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 56 * 57 * Added support for a Unix98-style ptmx device. 58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 59 * 60 * Reduced memory usage for older ARM systems 61 * -- Russell King <rmk@arm.linux.org.uk> 62 * 63 * Move do_SAK() into process context. Less stack use in devfs functions. 64 * alloc_tty_struct() always uses kmalloc() 65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 66 */ 67 68 #include <linux/types.h> 69 #include <linux/major.h> 70 #include <linux/errno.h> 71 #include <linux/signal.h> 72 #include <linux/fcntl.h> 73 #include <linux/sched/signal.h> 74 #include <linux/sched/task.h> 75 #include <linux/interrupt.h> 76 #include <linux/tty.h> 77 #include <linux/tty_driver.h> 78 #include <linux/tty_flip.h> 79 #include <linux/devpts_fs.h> 80 #include <linux/file.h> 81 #include <linux/fdtable.h> 82 #include <linux/console.h> 83 #include <linux/timer.h> 84 #include <linux/ctype.h> 85 #include <linux/kd.h> 86 #include <linux/mm.h> 87 #include <linux/string.h> 88 #include <linux/slab.h> 89 #include <linux/poll.h> 90 #include <linux/ppp-ioctl.h> 91 #include <linux/proc_fs.h> 92 #include <linux/init.h> 93 #include <linux/module.h> 94 #include <linux/device.h> 95 #include <linux/wait.h> 96 #include <linux/bitops.h> 97 #include <linux/delay.h> 98 #include <linux/seq_file.h> 99 #include <linux/serial.h> 100 #include <linux/ratelimit.h> 101 #include <linux/compat.h> 102 #include <linux/uaccess.h> 103 #include <linux/termios_internal.h> 104 #include <linux/fs.h> 105 106 #include <linux/kbd_kern.h> 107 #include <linux/vt_kern.h> 108 #include <linux/selection.h> 109 110 #include <linux/kmod.h> 111 #include <linux/nsproxy.h> 112 #include "tty.h" 113 114 #undef TTY_DEBUG_HANGUP 115 #ifdef TTY_DEBUG_HANGUP 116 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 117 #else 118 # define tty_debug_hangup(tty, f, args...) do { } while (0) 119 #endif 120 121 #define TTY_PARANOIA_CHECK 1 122 #define CHECK_TTY_COUNT 1 123 124 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 125 .c_iflag = ICRNL | IXON, 126 .c_oflag = OPOST | ONLCR, 127 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 128 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 129 ECHOCTL | ECHOKE | IEXTEN, 130 .c_cc = INIT_C_CC, 131 .c_ispeed = 38400, 132 .c_ospeed = 38400, 133 /* .c_line = N_TTY, */ 134 }; 135 EXPORT_SYMBOL(tty_std_termios); 136 137 /* This list gets poked at by procfs and various bits of boot up code. This 138 * could do with some rationalisation such as pulling the tty proc function 139 * into this file. 140 */ 141 142 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 143 144 /* Mutex to protect creating and releasing a tty */ 145 DEFINE_MUTEX(tty_mutex); 146 147 static ssize_t tty_read(struct kiocb *, struct iov_iter *); 148 static ssize_t tty_write(struct kiocb *, struct iov_iter *); 149 static __poll_t tty_poll(struct file *, poll_table *); 150 static int tty_open(struct inode *, struct file *); 151 #ifdef CONFIG_COMPAT 152 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 153 unsigned long arg); 154 #else 155 #define tty_compat_ioctl NULL 156 #endif 157 static int __tty_fasync(int fd, struct file *filp, int on); 158 static int tty_fasync(int fd, struct file *filp, int on); 159 static void release_tty(struct tty_struct *tty, int idx); 160 161 /** 162 * free_tty_struct - free a disused tty 163 * @tty: tty struct to free 164 * 165 * Free the write buffers, tty queue and tty memory itself. 166 * 167 * Locking: none. Must be called after tty is definitely unused 168 */ free_tty_struct(struct tty_struct * tty)169 static void free_tty_struct(struct tty_struct *tty) 170 { 171 tty_ldisc_deinit(tty); 172 put_device(tty->dev); 173 kvfree(tty->write_buf); 174 kfree(tty); 175 } 176 file_tty(struct file * file)177 static inline struct tty_struct *file_tty(struct file *file) 178 { 179 return ((struct tty_file_private *)file->private_data)->tty; 180 } 181 tty_alloc_file(struct file * file)182 int tty_alloc_file(struct file *file) 183 { 184 struct tty_file_private *priv; 185 186 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 187 if (!priv) 188 return -ENOMEM; 189 190 file->private_data = priv; 191 192 return 0; 193 } 194 195 /* Associate a new file with the tty structure */ tty_add_file(struct tty_struct * tty,struct file * file)196 void tty_add_file(struct tty_struct *tty, struct file *file) 197 { 198 struct tty_file_private *priv = file->private_data; 199 200 priv->tty = tty; 201 priv->file = file; 202 203 spin_lock(&tty->files_lock); 204 list_add(&priv->list, &tty->tty_files); 205 spin_unlock(&tty->files_lock); 206 } 207 208 /** 209 * tty_free_file - free file->private_data 210 * @file: to free private_data of 211 * 212 * This shall be used only for fail path handling when tty_add_file was not 213 * called yet. 214 */ tty_free_file(struct file * file)215 void tty_free_file(struct file *file) 216 { 217 struct tty_file_private *priv = file->private_data; 218 219 file->private_data = NULL; 220 kfree(priv); 221 } 222 223 /* Delete file from its tty */ tty_del_file(struct file * file)224 static void tty_del_file(struct file *file) 225 { 226 struct tty_file_private *priv = file->private_data; 227 struct tty_struct *tty = priv->tty; 228 229 spin_lock(&tty->files_lock); 230 list_del(&priv->list); 231 spin_unlock(&tty->files_lock); 232 tty_free_file(file); 233 } 234 235 /** 236 * tty_name - return tty naming 237 * @tty: tty structure 238 * 239 * Convert a tty structure into a name. The name reflects the kernel naming 240 * policy and if udev is in use may not reflect user space 241 * 242 * Locking: none 243 */ tty_name(const struct tty_struct * tty)244 const char *tty_name(const struct tty_struct *tty) 245 { 246 if (!tty) /* Hmm. NULL pointer. That's fun. */ 247 return "NULL tty"; 248 return tty->name; 249 } 250 EXPORT_SYMBOL(tty_name); 251 tty_driver_name(const struct tty_struct * tty)252 const char *tty_driver_name(const struct tty_struct *tty) 253 { 254 if (!tty || !tty->driver) 255 return ""; 256 return tty->driver->name; 257 } 258 tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)259 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 260 const char *routine) 261 { 262 #ifdef TTY_PARANOIA_CHECK 263 if (!tty) { 264 pr_warn("(%d:%d): %s: NULL tty\n", 265 imajor(inode), iminor(inode), routine); 266 return 1; 267 } 268 #endif 269 return 0; 270 } 271 272 /* Caller must hold tty_lock */ check_tty_count(struct tty_struct * tty,const char * routine)273 static void check_tty_count(struct tty_struct *tty, const char *routine) 274 { 275 #ifdef CHECK_TTY_COUNT 276 struct list_head *p; 277 int count = 0, kopen_count = 0; 278 279 spin_lock(&tty->files_lock); 280 list_for_each(p, &tty->tty_files) { 281 count++; 282 } 283 spin_unlock(&tty->files_lock); 284 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 285 tty->driver->subtype == PTY_TYPE_SLAVE && 286 tty->link && tty->link->count) 287 count++; 288 if (tty_port_kopened(tty->port)) 289 kopen_count++; 290 if (tty->count != (count + kopen_count)) { 291 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n", 292 routine, tty->count, count, kopen_count); 293 } 294 #endif 295 } 296 297 /** 298 * get_tty_driver - find device of a tty 299 * @device: device identifier 300 * @index: returns the index of the tty 301 * 302 * This routine returns a tty driver structure, given a device number and also 303 * passes back the index number. 304 * 305 * Locking: caller must hold tty_mutex 306 */ get_tty_driver(dev_t device,int * index)307 static struct tty_driver *get_tty_driver(dev_t device, int *index) 308 { 309 struct tty_driver *p; 310 311 list_for_each_entry(p, &tty_drivers, tty_drivers) { 312 dev_t base = MKDEV(p->major, p->minor_start); 313 314 if (device < base || device >= base + p->num) 315 continue; 316 *index = device - base; 317 return tty_driver_kref_get(p); 318 } 319 return NULL; 320 } 321 322 /** 323 * tty_dev_name_to_number - return dev_t for device name 324 * @name: user space name of device under /dev 325 * @number: pointer to dev_t that this function will populate 326 * 327 * This function converts device names like ttyS0 or ttyUSB1 into dev_t like 328 * (4, 64) or (188, 1). If no corresponding driver is registered then the 329 * function returns -%ENODEV. 330 * 331 * Locking: this acquires tty_mutex to protect the tty_drivers list from 332 * being modified while we are traversing it, and makes sure to 333 * release it before exiting. 334 */ tty_dev_name_to_number(const char * name,dev_t * number)335 int tty_dev_name_to_number(const char *name, dev_t *number) 336 { 337 struct tty_driver *p; 338 int ret; 339 int index, prefix_length = 0; 340 const char *str; 341 342 for (str = name; *str && !isdigit(*str); str++) 343 ; 344 345 if (!*str) 346 return -EINVAL; 347 348 ret = kstrtoint(str, 10, &index); 349 if (ret) 350 return ret; 351 352 prefix_length = str - name; 353 mutex_lock(&tty_mutex); 354 355 list_for_each_entry(p, &tty_drivers, tty_drivers) 356 if (prefix_length == strlen(p->name) && strncmp(name, 357 p->name, prefix_length) == 0) { 358 if (index < p->num) { 359 *number = MKDEV(p->major, p->minor_start + index); 360 goto out; 361 } 362 } 363 364 /* if here then driver wasn't found */ 365 ret = -ENODEV; 366 out: 367 mutex_unlock(&tty_mutex); 368 return ret; 369 } 370 EXPORT_SYMBOL_GPL(tty_dev_name_to_number); 371 372 #ifdef CONFIG_CONSOLE_POLL 373 374 /** 375 * tty_find_polling_driver - find device of a polled tty 376 * @name: name string to match 377 * @line: pointer to resulting tty line nr 378 * 379 * This routine returns a tty driver structure, given a name and the condition 380 * that the tty driver is capable of polled operation. 381 */ tty_find_polling_driver(char * name,int * line)382 struct tty_driver *tty_find_polling_driver(char *name, int *line) 383 { 384 struct tty_driver *p, *res = NULL; 385 int tty_line = 0; 386 int len; 387 char *str, *stp; 388 389 for (str = name; *str; str++) 390 if ((*str >= '0' && *str <= '9') || *str == ',') 391 break; 392 if (!*str) 393 return NULL; 394 395 len = str - name; 396 tty_line = simple_strtoul(str, &str, 10); 397 398 mutex_lock(&tty_mutex); 399 /* Search through the tty devices to look for a match */ 400 list_for_each_entry(p, &tty_drivers, tty_drivers) { 401 if (!len || strncmp(name, p->name, len) != 0) 402 continue; 403 stp = str; 404 if (*stp == ',') 405 stp++; 406 if (*stp == '\0') 407 stp = NULL; 408 409 if (tty_line >= 0 && tty_line < p->num && p->ops && 410 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 411 res = tty_driver_kref_get(p); 412 *line = tty_line; 413 break; 414 } 415 } 416 mutex_unlock(&tty_mutex); 417 418 return res; 419 } 420 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 421 #endif 422 hung_up_tty_read(struct kiocb * iocb,struct iov_iter * to)423 static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to) 424 { 425 return 0; 426 } 427 hung_up_tty_write(struct kiocb * iocb,struct iov_iter * from)428 static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from) 429 { 430 return -EIO; 431 } 432 433 /* No kernel lock held - none needed ;) */ hung_up_tty_poll(struct file * filp,poll_table * wait)434 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait) 435 { 436 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM; 437 } 438 hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)439 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 440 unsigned long arg) 441 { 442 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 443 } 444 hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)445 static long hung_up_tty_compat_ioctl(struct file *file, 446 unsigned int cmd, unsigned long arg) 447 { 448 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 449 } 450 hung_up_tty_fasync(int fd,struct file * file,int on)451 static int hung_up_tty_fasync(int fd, struct file *file, int on) 452 { 453 return -ENOTTY; 454 } 455 tty_show_fdinfo(struct seq_file * m,struct file * file)456 static void tty_show_fdinfo(struct seq_file *m, struct file *file) 457 { 458 struct tty_struct *tty = file_tty(file); 459 460 if (tty && tty->ops && tty->ops->show_fdinfo) 461 tty->ops->show_fdinfo(tty, m); 462 } 463 464 static const struct file_operations tty_fops = { 465 .llseek = no_llseek, 466 .read_iter = tty_read, 467 .write_iter = tty_write, 468 .splice_read = copy_splice_read, 469 .splice_write = iter_file_splice_write, 470 .poll = tty_poll, 471 .unlocked_ioctl = tty_ioctl, 472 .compat_ioctl = tty_compat_ioctl, 473 .open = tty_open, 474 .release = tty_release, 475 .fasync = tty_fasync, 476 .show_fdinfo = tty_show_fdinfo, 477 }; 478 479 static const struct file_operations console_fops = { 480 .llseek = no_llseek, 481 .read_iter = tty_read, 482 .write_iter = redirected_tty_write, 483 .splice_read = copy_splice_read, 484 .splice_write = iter_file_splice_write, 485 .poll = tty_poll, 486 .unlocked_ioctl = tty_ioctl, 487 .compat_ioctl = tty_compat_ioctl, 488 .open = tty_open, 489 .release = tty_release, 490 .fasync = tty_fasync, 491 }; 492 493 static const struct file_operations hung_up_tty_fops = { 494 .llseek = no_llseek, 495 .read_iter = hung_up_tty_read, 496 .write_iter = hung_up_tty_write, 497 .poll = hung_up_tty_poll, 498 .unlocked_ioctl = hung_up_tty_ioctl, 499 .compat_ioctl = hung_up_tty_compat_ioctl, 500 .release = tty_release, 501 .fasync = hung_up_tty_fasync, 502 }; 503 504 static DEFINE_SPINLOCK(redirect_lock); 505 static struct file *redirect; 506 507 /** 508 * tty_wakeup - request more data 509 * @tty: terminal 510 * 511 * Internal and external helper for wakeups of tty. This function informs the 512 * line discipline if present that the driver is ready to receive more output 513 * data. 514 */ tty_wakeup(struct tty_struct * tty)515 void tty_wakeup(struct tty_struct *tty) 516 { 517 struct tty_ldisc *ld; 518 519 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 520 ld = tty_ldisc_ref(tty); 521 if (ld) { 522 if (ld->ops->write_wakeup) 523 ld->ops->write_wakeup(tty); 524 tty_ldisc_deref(ld); 525 } 526 } 527 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 528 } 529 EXPORT_SYMBOL_GPL(tty_wakeup); 530 531 /** 532 * tty_release_redirect - Release a redirect on a pty if present 533 * @tty: tty device 534 * 535 * This is available to the pty code so if the master closes, if the slave is a 536 * redirect it can release the redirect. 537 */ tty_release_redirect(struct tty_struct * tty)538 static struct file *tty_release_redirect(struct tty_struct *tty) 539 { 540 struct file *f = NULL; 541 542 spin_lock(&redirect_lock); 543 if (redirect && file_tty(redirect) == tty) { 544 f = redirect; 545 redirect = NULL; 546 } 547 spin_unlock(&redirect_lock); 548 549 return f; 550 } 551 552 /** 553 * __tty_hangup - actual handler for hangup events 554 * @tty: tty device 555 * @exit_session: if non-zero, signal all foreground group processes 556 * 557 * This can be called by a "kworker" kernel thread. That is process synchronous 558 * but doesn't hold any locks, so we need to make sure we have the appropriate 559 * locks for what we're doing. 560 * 561 * The hangup event clears any pending redirections onto the hung up device. It 562 * ensures future writes will error and it does the needed line discipline 563 * hangup and signal delivery. The tty object itself remains intact. 564 * 565 * Locking: 566 * * BTM 567 * 568 * * redirect lock for undoing redirection 569 * * file list lock for manipulating list of ttys 570 * * tty_ldiscs_lock from called functions 571 * * termios_rwsem resetting termios data 572 * * tasklist_lock to walk task list for hangup event 573 * 574 * * ->siglock to protect ->signal/->sighand 575 * 576 */ __tty_hangup(struct tty_struct * tty,int exit_session)577 static void __tty_hangup(struct tty_struct *tty, int exit_session) 578 { 579 struct file *cons_filp = NULL; 580 struct file *filp, *f; 581 struct tty_file_private *priv; 582 int closecount = 0, n; 583 int refs; 584 585 if (!tty) 586 return; 587 588 f = tty_release_redirect(tty); 589 590 tty_lock(tty); 591 592 if (test_bit(TTY_HUPPED, &tty->flags)) { 593 tty_unlock(tty); 594 return; 595 } 596 597 /* 598 * Some console devices aren't actually hung up for technical and 599 * historical reasons, which can lead to indefinite interruptible 600 * sleep in n_tty_read(). The following explicitly tells 601 * n_tty_read() to abort readers. 602 */ 603 set_bit(TTY_HUPPING, &tty->flags); 604 605 /* inuse_filps is protected by the single tty lock, 606 * this really needs to change if we want to flush the 607 * workqueue with the lock held. 608 */ 609 check_tty_count(tty, "tty_hangup"); 610 611 spin_lock(&tty->files_lock); 612 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 613 list_for_each_entry(priv, &tty->tty_files, list) { 614 filp = priv->file; 615 if (filp->f_op->write_iter == redirected_tty_write) 616 cons_filp = filp; 617 if (filp->f_op->write_iter != tty_write) 618 continue; 619 closecount++; 620 __tty_fasync(-1, filp, 0); /* can't block */ 621 filp->f_op = &hung_up_tty_fops; 622 } 623 spin_unlock(&tty->files_lock); 624 625 refs = tty_signal_session_leader(tty, exit_session); 626 /* Account for the p->signal references we killed */ 627 while (refs--) 628 tty_kref_put(tty); 629 630 tty_ldisc_hangup(tty, cons_filp != NULL); 631 632 spin_lock_irq(&tty->ctrl.lock); 633 clear_bit(TTY_THROTTLED, &tty->flags); 634 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 635 put_pid(tty->ctrl.session); 636 put_pid(tty->ctrl.pgrp); 637 tty->ctrl.session = NULL; 638 tty->ctrl.pgrp = NULL; 639 tty->ctrl.pktstatus = 0; 640 spin_unlock_irq(&tty->ctrl.lock); 641 642 /* 643 * If one of the devices matches a console pointer, we 644 * cannot just call hangup() because that will cause 645 * tty->count and state->count to go out of sync. 646 * So we just call close() the right number of times. 647 */ 648 if (cons_filp) { 649 if (tty->ops->close) 650 for (n = 0; n < closecount; n++) 651 tty->ops->close(tty, cons_filp); 652 } else if (tty->ops->hangup) 653 tty->ops->hangup(tty); 654 /* 655 * We don't want to have driver/ldisc interactions beyond the ones 656 * we did here. The driver layer expects no calls after ->hangup() 657 * from the ldisc side, which is now guaranteed. 658 */ 659 set_bit(TTY_HUPPED, &tty->flags); 660 clear_bit(TTY_HUPPING, &tty->flags); 661 tty_unlock(tty); 662 663 if (f) 664 fput(f); 665 } 666 do_tty_hangup(struct work_struct * work)667 static void do_tty_hangup(struct work_struct *work) 668 { 669 struct tty_struct *tty = 670 container_of(work, struct tty_struct, hangup_work); 671 672 __tty_hangup(tty, 0); 673 } 674 675 /** 676 * tty_hangup - trigger a hangup event 677 * @tty: tty to hangup 678 * 679 * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a 680 * hangup sequence to run after this event. 681 */ tty_hangup(struct tty_struct * tty)682 void tty_hangup(struct tty_struct *tty) 683 { 684 tty_debug_hangup(tty, "hangup\n"); 685 schedule_work(&tty->hangup_work); 686 } 687 EXPORT_SYMBOL(tty_hangup); 688 689 /** 690 * tty_vhangup - process vhangup 691 * @tty: tty to hangup 692 * 693 * The user has asked via system call for the terminal to be hung up. We do 694 * this synchronously so that when the syscall returns the process is complete. 695 * That guarantee is necessary for security reasons. 696 */ tty_vhangup(struct tty_struct * tty)697 void tty_vhangup(struct tty_struct *tty) 698 { 699 tty_debug_hangup(tty, "vhangup\n"); 700 __tty_hangup(tty, 0); 701 } 702 EXPORT_SYMBOL(tty_vhangup); 703 704 705 /** 706 * tty_vhangup_self - process vhangup for own ctty 707 * 708 * Perform a vhangup on the current controlling tty 709 */ tty_vhangup_self(void)710 void tty_vhangup_self(void) 711 { 712 struct tty_struct *tty; 713 714 tty = get_current_tty(); 715 if (tty) { 716 tty_vhangup(tty); 717 tty_kref_put(tty); 718 } 719 } 720 721 /** 722 * tty_vhangup_session - hangup session leader exit 723 * @tty: tty to hangup 724 * 725 * The session leader is exiting and hanging up its controlling terminal. 726 * Every process in the foreground process group is signalled %SIGHUP. 727 * 728 * We do this synchronously so that when the syscall returns the process is 729 * complete. That guarantee is necessary for security reasons. 730 */ tty_vhangup_session(struct tty_struct * tty)731 void tty_vhangup_session(struct tty_struct *tty) 732 { 733 tty_debug_hangup(tty, "session hangup\n"); 734 __tty_hangup(tty, 1); 735 } 736 737 /** 738 * tty_hung_up_p - was tty hung up 739 * @filp: file pointer of tty 740 * 741 * Return: true if the tty has been subject to a vhangup or a carrier loss 742 */ tty_hung_up_p(struct file * filp)743 int tty_hung_up_p(struct file *filp) 744 { 745 return (filp && filp->f_op == &hung_up_tty_fops); 746 } 747 EXPORT_SYMBOL(tty_hung_up_p); 748 __stop_tty(struct tty_struct * tty)749 void __stop_tty(struct tty_struct *tty) 750 { 751 if (tty->flow.stopped) 752 return; 753 tty->flow.stopped = true; 754 if (tty->ops->stop) 755 tty->ops->stop(tty); 756 } 757 758 /** 759 * stop_tty - propagate flow control 760 * @tty: tty to stop 761 * 762 * Perform flow control to the driver. May be called on an already stopped 763 * device and will not re-call the &tty_driver->stop() method. 764 * 765 * This functionality is used by both the line disciplines for halting incoming 766 * flow and by the driver. It may therefore be called from any context, may be 767 * under the tty %atomic_write_lock but not always. 768 * 769 * Locking: 770 * flow.lock 771 */ stop_tty(struct tty_struct * tty)772 void stop_tty(struct tty_struct *tty) 773 { 774 unsigned long flags; 775 776 spin_lock_irqsave(&tty->flow.lock, flags); 777 __stop_tty(tty); 778 spin_unlock_irqrestore(&tty->flow.lock, flags); 779 } 780 EXPORT_SYMBOL(stop_tty); 781 __start_tty(struct tty_struct * tty)782 void __start_tty(struct tty_struct *tty) 783 { 784 if (!tty->flow.stopped || tty->flow.tco_stopped) 785 return; 786 tty->flow.stopped = false; 787 if (tty->ops->start) 788 tty->ops->start(tty); 789 tty_wakeup(tty); 790 } 791 792 /** 793 * start_tty - propagate flow control 794 * @tty: tty to start 795 * 796 * Start a tty that has been stopped if at all possible. If @tty was previously 797 * stopped and is now being started, the &tty_driver->start() method is invoked 798 * and the line discipline woken. 799 * 800 * Locking: 801 * flow.lock 802 */ start_tty(struct tty_struct * tty)803 void start_tty(struct tty_struct *tty) 804 { 805 unsigned long flags; 806 807 spin_lock_irqsave(&tty->flow.lock, flags); 808 __start_tty(tty); 809 spin_unlock_irqrestore(&tty->flow.lock, flags); 810 } 811 EXPORT_SYMBOL(start_tty); 812 tty_update_time(struct tty_struct * tty,bool mtime)813 static void tty_update_time(struct tty_struct *tty, bool mtime) 814 { 815 time64_t sec = ktime_get_real_seconds(); 816 struct tty_file_private *priv; 817 818 spin_lock(&tty->files_lock); 819 list_for_each_entry(priv, &tty->tty_files, list) { 820 struct inode *inode = file_inode(priv->file); 821 struct timespec64 *time = mtime ? &inode->i_mtime : &inode->i_atime; 822 823 /* 824 * We only care if the two values differ in anything other than the 825 * lower three bits (i.e every 8 seconds). If so, then we can update 826 * the time of the tty device, otherwise it could be construded as a 827 * security leak to let userspace know the exact timing of the tty. 828 */ 829 if ((sec ^ time->tv_sec) & ~7) 830 time->tv_sec = sec; 831 } 832 spin_unlock(&tty->files_lock); 833 } 834 835 /* 836 * Iterate on the ldisc ->read() function until we've gotten all 837 * the data the ldisc has for us. 838 * 839 * The "cookie" is something that the ldisc read function can fill 840 * in to let us know that there is more data to be had. 841 * 842 * We promise to continue to call the ldisc until it stops returning 843 * data or clears the cookie. The cookie may be something that the 844 * ldisc maintains state for and needs to free. 845 */ iterate_tty_read(struct tty_ldisc * ld,struct tty_struct * tty,struct file * file,struct iov_iter * to)846 static ssize_t iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty, 847 struct file *file, struct iov_iter *to) 848 { 849 void *cookie = NULL; 850 unsigned long offset = 0; 851 char kernel_buf[64]; 852 ssize_t retval = 0; 853 size_t copied, count = iov_iter_count(to); 854 855 do { 856 ssize_t size = min(count, sizeof(kernel_buf)); 857 858 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset); 859 if (!size) 860 break; 861 862 if (size < 0) { 863 /* Did we have an earlier error (ie -EFAULT)? */ 864 if (retval) 865 break; 866 retval = size; 867 868 /* 869 * -EOVERFLOW means we didn't have enough space 870 * for a whole packet, and we shouldn't return 871 * a partial result. 872 */ 873 if (retval == -EOVERFLOW) 874 offset = 0; 875 break; 876 } 877 878 copied = copy_to_iter(kernel_buf, size, to); 879 offset += copied; 880 count -= copied; 881 882 /* 883 * If the user copy failed, we still need to do another ->read() 884 * call if we had a cookie to let the ldisc clear up. 885 * 886 * But make sure size is zeroed. 887 */ 888 if (unlikely(copied != size)) { 889 count = 0; 890 retval = -EFAULT; 891 } 892 } while (cookie); 893 894 /* We always clear tty buffer in case they contained passwords */ 895 memzero_explicit(kernel_buf, sizeof(kernel_buf)); 896 return offset ? offset : retval; 897 } 898 899 900 /** 901 * tty_read - read method for tty device files 902 * @iocb: kernel I/O control block 903 * @to: destination for the data read 904 * 905 * Perform the read system call function on this terminal device. Checks 906 * for hung up devices before calling the line discipline method. 907 * 908 * Locking: 909 * Locks the line discipline internally while needed. Multiple read calls 910 * may be outstanding in parallel. 911 */ tty_read(struct kiocb * iocb,struct iov_iter * to)912 static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to) 913 { 914 struct file *file = iocb->ki_filp; 915 struct inode *inode = file_inode(file); 916 struct tty_struct *tty = file_tty(file); 917 struct tty_ldisc *ld; 918 ssize_t ret; 919 920 if (tty_paranoia_check(tty, inode, "tty_read")) 921 return -EIO; 922 if (!tty || tty_io_error(tty)) 923 return -EIO; 924 925 /* We want to wait for the line discipline to sort out in this 926 * situation. 927 */ 928 ld = tty_ldisc_ref_wait(tty); 929 if (!ld) 930 return hung_up_tty_read(iocb, to); 931 ret = -EIO; 932 if (ld->ops->read) 933 ret = iterate_tty_read(ld, tty, file, to); 934 tty_ldisc_deref(ld); 935 936 if (ret > 0) 937 tty_update_time(tty, false); 938 939 return ret; 940 } 941 tty_write_unlock(struct tty_struct * tty)942 void tty_write_unlock(struct tty_struct *tty) 943 { 944 mutex_unlock(&tty->atomic_write_lock); 945 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 946 } 947 tty_write_lock(struct tty_struct * tty,bool ndelay)948 int tty_write_lock(struct tty_struct *tty, bool ndelay) 949 { 950 if (!mutex_trylock(&tty->atomic_write_lock)) { 951 if (ndelay) 952 return -EAGAIN; 953 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 954 return -ERESTARTSYS; 955 } 956 return 0; 957 } 958 959 /* 960 * Split writes up in sane blocksizes to avoid 961 * denial-of-service type attacks 962 */ iterate_tty_write(struct tty_ldisc * ld,struct tty_struct * tty,struct file * file,struct iov_iter * from)963 static ssize_t iterate_tty_write(struct tty_ldisc *ld, struct tty_struct *tty, 964 struct file *file, struct iov_iter *from) 965 { 966 size_t chunk, count = iov_iter_count(from); 967 ssize_t ret, written = 0; 968 969 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 970 if (ret < 0) 971 return ret; 972 973 /* 974 * We chunk up writes into a temporary buffer. This 975 * simplifies low-level drivers immensely, since they 976 * don't have locking issues and user mode accesses. 977 * 978 * But if TTY_NO_WRITE_SPLIT is set, we should use a 979 * big chunk-size.. 980 * 981 * The default chunk-size is 2kB, because the NTTY 982 * layer has problems with bigger chunks. It will 983 * claim to be able to handle more characters than 984 * it actually does. 985 */ 986 chunk = 2048; 987 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 988 chunk = 65536; 989 if (count < chunk) 990 chunk = count; 991 992 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 993 if (tty->write_cnt < chunk) { 994 unsigned char *buf_chunk; 995 996 if (chunk < 1024) 997 chunk = 1024; 998 999 buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL); 1000 if (!buf_chunk) { 1001 ret = -ENOMEM; 1002 goto out; 1003 } 1004 kvfree(tty->write_buf); 1005 tty->write_cnt = chunk; 1006 tty->write_buf = buf_chunk; 1007 } 1008 1009 /* Do the write .. */ 1010 for (;;) { 1011 size_t size = min(chunk, count); 1012 1013 ret = -EFAULT; 1014 if (copy_from_iter(tty->write_buf, size, from) != size) 1015 break; 1016 1017 ret = ld->ops->write(tty, file, tty->write_buf, size); 1018 if (ret <= 0) 1019 break; 1020 1021 written += ret; 1022 if (ret > size) 1023 break; 1024 1025 /* FIXME! Have Al check this! */ 1026 if (ret != size) 1027 iov_iter_revert(from, size-ret); 1028 1029 count -= ret; 1030 if (!count) 1031 break; 1032 ret = -ERESTARTSYS; 1033 if (signal_pending(current)) 1034 break; 1035 cond_resched(); 1036 } 1037 if (written) { 1038 tty_update_time(tty, true); 1039 ret = written; 1040 } 1041 out: 1042 tty_write_unlock(tty); 1043 return ret; 1044 } 1045 1046 /** 1047 * tty_write_message - write a message to a certain tty, not just the console. 1048 * @tty: the destination tty_struct 1049 * @msg: the message to write 1050 * 1051 * This is used for messages that need to be redirected to a specific tty. We 1052 * don't put it into the syslog queue right now maybe in the future if really 1053 * needed. 1054 * 1055 * We must still hold the BTM and test the CLOSING flag for the moment. 1056 */ tty_write_message(struct tty_struct * tty,char * msg)1057 void tty_write_message(struct tty_struct *tty, char *msg) 1058 { 1059 if (tty) { 1060 mutex_lock(&tty->atomic_write_lock); 1061 tty_lock(tty); 1062 if (tty->ops->write && tty->count > 0) 1063 tty->ops->write(tty, msg, strlen(msg)); 1064 tty_unlock(tty); 1065 tty_write_unlock(tty); 1066 } 1067 } 1068 file_tty_write(struct file * file,struct kiocb * iocb,struct iov_iter * from)1069 static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from) 1070 { 1071 struct tty_struct *tty = file_tty(file); 1072 struct tty_ldisc *ld; 1073 ssize_t ret; 1074 1075 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1076 return -EIO; 1077 if (!tty || !tty->ops->write || tty_io_error(tty)) 1078 return -EIO; 1079 /* Short term debug to catch buggy drivers */ 1080 if (tty->ops->write_room == NULL) 1081 tty_err(tty, "missing write_room method\n"); 1082 ld = tty_ldisc_ref_wait(tty); 1083 if (!ld) 1084 return hung_up_tty_write(iocb, from); 1085 if (!ld->ops->write) 1086 ret = -EIO; 1087 else 1088 ret = iterate_tty_write(ld, tty, file, from); 1089 tty_ldisc_deref(ld); 1090 return ret; 1091 } 1092 1093 /** 1094 * tty_write - write method for tty device file 1095 * @iocb: kernel I/O control block 1096 * @from: iov_iter with data to write 1097 * 1098 * Write data to a tty device via the line discipline. 1099 * 1100 * Locking: 1101 * Locks the line discipline as required 1102 * Writes to the tty driver are serialized by the atomic_write_lock 1103 * and are then processed in chunks to the device. The line 1104 * discipline write method will not be invoked in parallel for 1105 * each device. 1106 */ tty_write(struct kiocb * iocb,struct iov_iter * from)1107 static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from) 1108 { 1109 return file_tty_write(iocb->ki_filp, iocb, from); 1110 } 1111 redirected_tty_write(struct kiocb * iocb,struct iov_iter * iter)1112 ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter) 1113 { 1114 struct file *p = NULL; 1115 1116 spin_lock(&redirect_lock); 1117 if (redirect) 1118 p = get_file(redirect); 1119 spin_unlock(&redirect_lock); 1120 1121 /* 1122 * We know the redirected tty is just another tty, we can 1123 * call file_tty_write() directly with that file pointer. 1124 */ 1125 if (p) { 1126 ssize_t res; 1127 1128 res = file_tty_write(p, iocb, iter); 1129 fput(p); 1130 return res; 1131 } 1132 return tty_write(iocb, iter); 1133 } 1134 1135 /** 1136 * tty_send_xchar - send priority character 1137 * @tty: the tty to send to 1138 * @ch: xchar to send 1139 * 1140 * Send a high priority character to the tty even if stopped. 1141 * 1142 * Locking: none for xchar method, write ordering for write method. 1143 */ tty_send_xchar(struct tty_struct * tty,char ch)1144 int tty_send_xchar(struct tty_struct *tty, char ch) 1145 { 1146 bool was_stopped = tty->flow.stopped; 1147 1148 if (tty->ops->send_xchar) { 1149 down_read(&tty->termios_rwsem); 1150 tty->ops->send_xchar(tty, ch); 1151 up_read(&tty->termios_rwsem); 1152 return 0; 1153 } 1154 1155 if (tty_write_lock(tty, false) < 0) 1156 return -ERESTARTSYS; 1157 1158 down_read(&tty->termios_rwsem); 1159 if (was_stopped) 1160 start_tty(tty); 1161 tty->ops->write(tty, &ch, 1); 1162 if (was_stopped) 1163 stop_tty(tty); 1164 up_read(&tty->termios_rwsem); 1165 tty_write_unlock(tty); 1166 return 0; 1167 } 1168 1169 /** 1170 * pty_line_name - generate name for a pty 1171 * @driver: the tty driver in use 1172 * @index: the minor number 1173 * @p: output buffer of at least 6 bytes 1174 * 1175 * Generate a name from a @driver reference and write it to the output buffer 1176 * @p. 1177 * 1178 * Locking: None 1179 */ pty_line_name(struct tty_driver * driver,int index,char * p)1180 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1181 { 1182 static const char ptychar[] = "pqrstuvwxyzabcde"; 1183 int i = index + driver->name_base; 1184 /* ->name is initialized to "ttyp", but "tty" is expected */ 1185 sprintf(p, "%s%c%x", 1186 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1187 ptychar[i >> 4 & 0xf], i & 0xf); 1188 } 1189 1190 /** 1191 * tty_line_name - generate name for a tty 1192 * @driver: the tty driver in use 1193 * @index: the minor number 1194 * @p: output buffer of at least 7 bytes 1195 * 1196 * Generate a name from a @driver reference and write it to the output buffer 1197 * @p. 1198 * 1199 * Locking: None 1200 */ tty_line_name(struct tty_driver * driver,int index,char * p)1201 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1202 { 1203 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1204 return sprintf(p, "%s", driver->name); 1205 else 1206 return sprintf(p, "%s%d", driver->name, 1207 index + driver->name_base); 1208 } 1209 1210 /** 1211 * tty_driver_lookup_tty() - find an existing tty, if any 1212 * @driver: the driver for the tty 1213 * @file: file object 1214 * @idx: the minor number 1215 * 1216 * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the 1217 * driver lookup() method returns an error. 1218 * 1219 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1220 */ tty_driver_lookup_tty(struct tty_driver * driver,struct file * file,int idx)1221 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1222 struct file *file, int idx) 1223 { 1224 struct tty_struct *tty; 1225 1226 if (driver->ops->lookup) { 1227 if (!file) 1228 tty = ERR_PTR(-EIO); 1229 else 1230 tty = driver->ops->lookup(driver, file, idx); 1231 } else { 1232 if (idx >= driver->num) 1233 return ERR_PTR(-EINVAL); 1234 tty = driver->ttys[idx]; 1235 } 1236 if (!IS_ERR(tty)) 1237 tty_kref_get(tty); 1238 return tty; 1239 } 1240 1241 /** 1242 * tty_init_termios - helper for termios setup 1243 * @tty: the tty to set up 1244 * 1245 * Initialise the termios structure for this tty. This runs under the 1246 * %tty_mutex currently so we can be relaxed about ordering. 1247 */ tty_init_termios(struct tty_struct * tty)1248 void tty_init_termios(struct tty_struct *tty) 1249 { 1250 struct ktermios *tp; 1251 int idx = tty->index; 1252 1253 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1254 tty->termios = tty->driver->init_termios; 1255 else { 1256 /* Check for lazy saved data */ 1257 tp = tty->driver->termios[idx]; 1258 if (tp != NULL) { 1259 tty->termios = *tp; 1260 tty->termios.c_line = tty->driver->init_termios.c_line; 1261 } else 1262 tty->termios = tty->driver->init_termios; 1263 } 1264 /* Compatibility until drivers always set this */ 1265 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1266 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1267 } 1268 EXPORT_SYMBOL_GPL(tty_init_termios); 1269 1270 /** 1271 * tty_standard_install - usual tty->ops->install 1272 * @driver: the driver for the tty 1273 * @tty: the tty 1274 * 1275 * If the @driver overrides @tty->ops->install, it still can call this function 1276 * to perform the standard install operations. 1277 */ tty_standard_install(struct tty_driver * driver,struct tty_struct * tty)1278 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1279 { 1280 tty_init_termios(tty); 1281 tty_driver_kref_get(driver); 1282 tty->count++; 1283 driver->ttys[tty->index] = tty; 1284 return 0; 1285 } 1286 EXPORT_SYMBOL_GPL(tty_standard_install); 1287 1288 /** 1289 * tty_driver_install_tty() - install a tty entry in the driver 1290 * @driver: the driver for the tty 1291 * @tty: the tty 1292 * 1293 * Install a tty object into the driver tables. The @tty->index field will be 1294 * set by the time this is called. This method is responsible for ensuring any 1295 * need additional structures are allocated and configured. 1296 * 1297 * Locking: tty_mutex for now 1298 */ tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1299 static int tty_driver_install_tty(struct tty_driver *driver, 1300 struct tty_struct *tty) 1301 { 1302 return driver->ops->install ? driver->ops->install(driver, tty) : 1303 tty_standard_install(driver, tty); 1304 } 1305 1306 /** 1307 * tty_driver_remove_tty() - remove a tty from the driver tables 1308 * @driver: the driver for the tty 1309 * @tty: tty to remove 1310 * 1311 * Remove a tty object from the driver tables. The tty->index field will be set 1312 * by the time this is called. 1313 * 1314 * Locking: tty_mutex for now 1315 */ tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1316 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1317 { 1318 if (driver->ops->remove) 1319 driver->ops->remove(driver, tty); 1320 else 1321 driver->ttys[tty->index] = NULL; 1322 } 1323 1324 /** 1325 * tty_reopen() - fast re-open of an open tty 1326 * @tty: the tty to open 1327 * 1328 * Re-opens on master ptys are not allowed and return -%EIO. 1329 * 1330 * Locking: Caller must hold tty_lock 1331 * Return: 0 on success, -errno on error. 1332 */ tty_reopen(struct tty_struct * tty)1333 static int tty_reopen(struct tty_struct *tty) 1334 { 1335 struct tty_driver *driver = tty->driver; 1336 struct tty_ldisc *ld; 1337 int retval = 0; 1338 1339 if (driver->type == TTY_DRIVER_TYPE_PTY && 1340 driver->subtype == PTY_TYPE_MASTER) 1341 return -EIO; 1342 1343 if (!tty->count) 1344 return -EAGAIN; 1345 1346 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1347 return -EBUSY; 1348 1349 ld = tty_ldisc_ref_wait(tty); 1350 if (ld) { 1351 tty_ldisc_deref(ld); 1352 } else { 1353 retval = tty_ldisc_lock(tty, 5 * HZ); 1354 if (retval) 1355 return retval; 1356 1357 if (!tty->ldisc) 1358 retval = tty_ldisc_reinit(tty, tty->termios.c_line); 1359 tty_ldisc_unlock(tty); 1360 } 1361 1362 if (retval == 0) 1363 tty->count++; 1364 1365 return retval; 1366 } 1367 1368 /** 1369 * tty_init_dev - initialise a tty device 1370 * @driver: tty driver we are opening a device on 1371 * @idx: device index 1372 * 1373 * Prepare a tty device. This may not be a "new" clean device but could also be 1374 * an active device. The pty drivers require special handling because of this. 1375 * 1376 * Locking: 1377 * The function is called under the tty_mutex, which protects us from the 1378 * tty struct or driver itself going away. 1379 * 1380 * On exit the tty device has the line discipline attached and a reference 1381 * count of 1. If a pair was created for pty/tty use and the other was a pty 1382 * master then it too has a reference count of 1. 1383 * 1384 * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed 1385 * open. The new code protects the open with a mutex, so it's really quite 1386 * straightforward. The mutex locking can probably be relaxed for the (most 1387 * common) case of reopening a tty. 1388 * 1389 * Return: new tty structure 1390 */ tty_init_dev(struct tty_driver * driver,int idx)1391 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1392 { 1393 struct tty_struct *tty; 1394 int retval; 1395 1396 /* 1397 * First time open is complex, especially for PTY devices. 1398 * This code guarantees that either everything succeeds and the 1399 * TTY is ready for operation, or else the table slots are vacated 1400 * and the allocated memory released. (Except that the termios 1401 * may be retained.) 1402 */ 1403 1404 if (!try_module_get(driver->owner)) 1405 return ERR_PTR(-ENODEV); 1406 1407 tty = alloc_tty_struct(driver, idx); 1408 if (!tty) { 1409 retval = -ENOMEM; 1410 goto err_module_put; 1411 } 1412 1413 tty_lock(tty); 1414 retval = tty_driver_install_tty(driver, tty); 1415 if (retval < 0) 1416 goto err_free_tty; 1417 1418 if (!tty->port) 1419 tty->port = driver->ports[idx]; 1420 1421 if (WARN_RATELIMIT(!tty->port, 1422 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n", 1423 __func__, tty->driver->name)) { 1424 retval = -EINVAL; 1425 goto err_release_lock; 1426 } 1427 1428 retval = tty_ldisc_lock(tty, 5 * HZ); 1429 if (retval) 1430 goto err_release_lock; 1431 tty->port->itty = tty; 1432 1433 /* 1434 * Structures all installed ... call the ldisc open routines. 1435 * If we fail here just call release_tty to clean up. No need 1436 * to decrement the use counts, as release_tty doesn't care. 1437 */ 1438 retval = tty_ldisc_setup(tty, tty->link); 1439 if (retval) 1440 goto err_release_tty; 1441 tty_ldisc_unlock(tty); 1442 /* Return the tty locked so that it cannot vanish under the caller */ 1443 return tty; 1444 1445 err_free_tty: 1446 tty_unlock(tty); 1447 free_tty_struct(tty); 1448 err_module_put: 1449 module_put(driver->owner); 1450 return ERR_PTR(retval); 1451 1452 /* call the tty release_tty routine to clean out this slot */ 1453 err_release_tty: 1454 tty_ldisc_unlock(tty); 1455 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", 1456 retval, idx); 1457 err_release_lock: 1458 tty_unlock(tty); 1459 release_tty(tty, idx); 1460 return ERR_PTR(retval); 1461 } 1462 1463 /** 1464 * tty_save_termios() - save tty termios data in driver table 1465 * @tty: tty whose termios data to save 1466 * 1467 * Locking: Caller guarantees serialisation with tty_init_termios(). 1468 */ tty_save_termios(struct tty_struct * tty)1469 void tty_save_termios(struct tty_struct *tty) 1470 { 1471 struct ktermios *tp; 1472 int idx = tty->index; 1473 1474 /* If the port is going to reset then it has no termios to save */ 1475 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1476 return; 1477 1478 /* Stash the termios data */ 1479 tp = tty->driver->termios[idx]; 1480 if (tp == NULL) { 1481 tp = kmalloc(sizeof(*tp), GFP_KERNEL); 1482 if (tp == NULL) 1483 return; 1484 tty->driver->termios[idx] = tp; 1485 } 1486 *tp = tty->termios; 1487 } 1488 EXPORT_SYMBOL_GPL(tty_save_termios); 1489 1490 /** 1491 * tty_flush_works - flush all works of a tty/pty pair 1492 * @tty: tty device to flush works for (or either end of a pty pair) 1493 * 1494 * Sync flush all works belonging to @tty (and the 'other' tty). 1495 */ tty_flush_works(struct tty_struct * tty)1496 static void tty_flush_works(struct tty_struct *tty) 1497 { 1498 flush_work(&tty->SAK_work); 1499 flush_work(&tty->hangup_work); 1500 if (tty->link) { 1501 flush_work(&tty->link->SAK_work); 1502 flush_work(&tty->link->hangup_work); 1503 } 1504 } 1505 1506 /** 1507 * release_one_tty - release tty structure memory 1508 * @work: work of tty we are obliterating 1509 * 1510 * Releases memory associated with a tty structure, and clears out the 1511 * driver table slots. This function is called when a device is no longer 1512 * in use. It also gets called when setup of a device fails. 1513 * 1514 * Locking: 1515 * takes the file list lock internally when working on the list of ttys 1516 * that the driver keeps. 1517 * 1518 * This method gets called from a work queue so that the driver private 1519 * cleanup ops can sleep (needed for USB at least) 1520 */ release_one_tty(struct work_struct * work)1521 static void release_one_tty(struct work_struct *work) 1522 { 1523 struct tty_struct *tty = 1524 container_of(work, struct tty_struct, hangup_work); 1525 struct tty_driver *driver = tty->driver; 1526 struct module *owner = driver->owner; 1527 1528 if (tty->ops->cleanup) 1529 tty->ops->cleanup(tty); 1530 1531 tty_driver_kref_put(driver); 1532 module_put(owner); 1533 1534 spin_lock(&tty->files_lock); 1535 list_del_init(&tty->tty_files); 1536 spin_unlock(&tty->files_lock); 1537 1538 put_pid(tty->ctrl.pgrp); 1539 put_pid(tty->ctrl.session); 1540 free_tty_struct(tty); 1541 } 1542 queue_release_one_tty(struct kref * kref)1543 static void queue_release_one_tty(struct kref *kref) 1544 { 1545 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1546 1547 /* The hangup queue is now free so we can reuse it rather than 1548 * waste a chunk of memory for each port. 1549 */ 1550 INIT_WORK(&tty->hangup_work, release_one_tty); 1551 schedule_work(&tty->hangup_work); 1552 } 1553 1554 /** 1555 * tty_kref_put - release a tty kref 1556 * @tty: tty device 1557 * 1558 * Release a reference to the @tty device and if need be let the kref layer 1559 * destruct the object for us. 1560 */ tty_kref_put(struct tty_struct * tty)1561 void tty_kref_put(struct tty_struct *tty) 1562 { 1563 if (tty) 1564 kref_put(&tty->kref, queue_release_one_tty); 1565 } 1566 EXPORT_SYMBOL(tty_kref_put); 1567 1568 /** 1569 * release_tty - release tty structure memory 1570 * @tty: tty device release 1571 * @idx: index of the tty device release 1572 * 1573 * Release both @tty and a possible linked partner (think pty pair), 1574 * and decrement the refcount of the backing module. 1575 * 1576 * Locking: 1577 * tty_mutex 1578 * takes the file list lock internally when working on the list of ttys 1579 * that the driver keeps. 1580 */ release_tty(struct tty_struct * tty,int idx)1581 static void release_tty(struct tty_struct *tty, int idx) 1582 { 1583 /* This should always be true but check for the moment */ 1584 WARN_ON(tty->index != idx); 1585 WARN_ON(!mutex_is_locked(&tty_mutex)); 1586 if (tty->ops->shutdown) 1587 tty->ops->shutdown(tty); 1588 tty_save_termios(tty); 1589 tty_driver_remove_tty(tty->driver, tty); 1590 if (tty->port) 1591 tty->port->itty = NULL; 1592 if (tty->link) 1593 tty->link->port->itty = NULL; 1594 if (tty->port) 1595 tty_buffer_cancel_work(tty->port); 1596 if (tty->link) 1597 tty_buffer_cancel_work(tty->link->port); 1598 1599 tty_kref_put(tty->link); 1600 tty_kref_put(tty); 1601 } 1602 1603 /** 1604 * tty_release_checks - check a tty before real release 1605 * @tty: tty to check 1606 * @idx: index of the tty 1607 * 1608 * Performs some paranoid checking before true release of the @tty. This is a 1609 * no-op unless %TTY_PARANOIA_CHECK is defined. 1610 */ tty_release_checks(struct tty_struct * tty,int idx)1611 static int tty_release_checks(struct tty_struct *tty, int idx) 1612 { 1613 #ifdef TTY_PARANOIA_CHECK 1614 if (idx < 0 || idx >= tty->driver->num) { 1615 tty_debug(tty, "bad idx %d\n", idx); 1616 return -1; 1617 } 1618 1619 /* not much to check for devpts */ 1620 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1621 return 0; 1622 1623 if (tty != tty->driver->ttys[idx]) { 1624 tty_debug(tty, "bad driver table[%d] = %p\n", 1625 idx, tty->driver->ttys[idx]); 1626 return -1; 1627 } 1628 if (tty->driver->other) { 1629 struct tty_struct *o_tty = tty->link; 1630 1631 if (o_tty != tty->driver->other->ttys[idx]) { 1632 tty_debug(tty, "bad other table[%d] = %p\n", 1633 idx, tty->driver->other->ttys[idx]); 1634 return -1; 1635 } 1636 if (o_tty->link != tty) { 1637 tty_debug(tty, "bad link = %p\n", o_tty->link); 1638 return -1; 1639 } 1640 } 1641 #endif 1642 return 0; 1643 } 1644 1645 /** 1646 * tty_kclose - closes tty opened by tty_kopen 1647 * @tty: tty device 1648 * 1649 * Performs the final steps to release and free a tty device. It is the same as 1650 * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on 1651 * @tty->port. 1652 */ tty_kclose(struct tty_struct * tty)1653 void tty_kclose(struct tty_struct *tty) 1654 { 1655 /* 1656 * Ask the line discipline code to release its structures 1657 */ 1658 tty_ldisc_release(tty); 1659 1660 /* Wait for pending work before tty destruction commences */ 1661 tty_flush_works(tty); 1662 1663 tty_debug_hangup(tty, "freeing structure\n"); 1664 /* 1665 * The release_tty function takes care of the details of clearing 1666 * the slots and preserving the termios structure. 1667 */ 1668 mutex_lock(&tty_mutex); 1669 tty_port_set_kopened(tty->port, 0); 1670 release_tty(tty, tty->index); 1671 mutex_unlock(&tty_mutex); 1672 } 1673 EXPORT_SYMBOL_GPL(tty_kclose); 1674 1675 /** 1676 * tty_release_struct - release a tty struct 1677 * @tty: tty device 1678 * @idx: index of the tty 1679 * 1680 * Performs the final steps to release and free a tty device. It is roughly the 1681 * reverse of tty_init_dev(). 1682 */ tty_release_struct(struct tty_struct * tty,int idx)1683 void tty_release_struct(struct tty_struct *tty, int idx) 1684 { 1685 /* 1686 * Ask the line discipline code to release its structures 1687 */ 1688 tty_ldisc_release(tty); 1689 1690 /* Wait for pending work before tty destruction commmences */ 1691 tty_flush_works(tty); 1692 1693 tty_debug_hangup(tty, "freeing structure\n"); 1694 /* 1695 * The release_tty function takes care of the details of clearing 1696 * the slots and preserving the termios structure. 1697 */ 1698 mutex_lock(&tty_mutex); 1699 release_tty(tty, idx); 1700 mutex_unlock(&tty_mutex); 1701 } 1702 EXPORT_SYMBOL_GPL(tty_release_struct); 1703 1704 /** 1705 * tty_release - vfs callback for close 1706 * @inode: inode of tty 1707 * @filp: file pointer for handle to tty 1708 * 1709 * Called the last time each file handle is closed that references this tty. 1710 * There may however be several such references. 1711 * 1712 * Locking: 1713 * Takes BKL. See tty_release_dev(). 1714 * 1715 * Even releasing the tty structures is a tricky business. We have to be very 1716 * careful that the structures are all released at the same time, as interrupts 1717 * might otherwise get the wrong pointers. 1718 * 1719 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1720 * lead to double frees or releasing memory still in use. 1721 */ tty_release(struct inode * inode,struct file * filp)1722 int tty_release(struct inode *inode, struct file *filp) 1723 { 1724 struct tty_struct *tty = file_tty(filp); 1725 struct tty_struct *o_tty = NULL; 1726 int do_sleep, final; 1727 int idx; 1728 long timeout = 0; 1729 int once = 1; 1730 1731 if (tty_paranoia_check(tty, inode, __func__)) 1732 return 0; 1733 1734 tty_lock(tty); 1735 check_tty_count(tty, __func__); 1736 1737 __tty_fasync(-1, filp, 0); 1738 1739 idx = tty->index; 1740 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1741 tty->driver->subtype == PTY_TYPE_MASTER) 1742 o_tty = tty->link; 1743 1744 if (tty_release_checks(tty, idx)) { 1745 tty_unlock(tty); 1746 return 0; 1747 } 1748 1749 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count); 1750 1751 if (tty->ops->close) 1752 tty->ops->close(tty, filp); 1753 1754 /* If tty is pty master, lock the slave pty (stable lock order) */ 1755 tty_lock_slave(o_tty); 1756 1757 /* 1758 * Sanity check: if tty->count is going to zero, there shouldn't be 1759 * any waiters on tty->read_wait or tty->write_wait. We test the 1760 * wait queues and kick everyone out _before_ actually starting to 1761 * close. This ensures that we won't block while releasing the tty 1762 * structure. 1763 * 1764 * The test for the o_tty closing is necessary, since the master and 1765 * slave sides may close in any order. If the slave side closes out 1766 * first, its count will be one, since the master side holds an open. 1767 * Thus this test wouldn't be triggered at the time the slave closed, 1768 * so we do it now. 1769 */ 1770 while (1) { 1771 do_sleep = 0; 1772 1773 if (tty->count <= 1) { 1774 if (waitqueue_active(&tty->read_wait)) { 1775 wake_up_poll(&tty->read_wait, EPOLLIN); 1776 do_sleep++; 1777 } 1778 if (waitqueue_active(&tty->write_wait)) { 1779 wake_up_poll(&tty->write_wait, EPOLLOUT); 1780 do_sleep++; 1781 } 1782 } 1783 if (o_tty && o_tty->count <= 1) { 1784 if (waitqueue_active(&o_tty->read_wait)) { 1785 wake_up_poll(&o_tty->read_wait, EPOLLIN); 1786 do_sleep++; 1787 } 1788 if (waitqueue_active(&o_tty->write_wait)) { 1789 wake_up_poll(&o_tty->write_wait, EPOLLOUT); 1790 do_sleep++; 1791 } 1792 } 1793 if (!do_sleep) 1794 break; 1795 1796 if (once) { 1797 once = 0; 1798 tty_warn(tty, "read/write wait queue active!\n"); 1799 } 1800 schedule_timeout_killable(timeout); 1801 if (timeout < 120 * HZ) 1802 timeout = 2 * timeout + 1; 1803 else 1804 timeout = MAX_SCHEDULE_TIMEOUT; 1805 } 1806 1807 if (o_tty) { 1808 if (--o_tty->count < 0) { 1809 tty_warn(tty, "bad slave count (%d)\n", o_tty->count); 1810 o_tty->count = 0; 1811 } 1812 } 1813 if (--tty->count < 0) { 1814 tty_warn(tty, "bad tty->count (%d)\n", tty->count); 1815 tty->count = 0; 1816 } 1817 1818 /* 1819 * We've decremented tty->count, so we need to remove this file 1820 * descriptor off the tty->tty_files list; this serves two 1821 * purposes: 1822 * - check_tty_count sees the correct number of file descriptors 1823 * associated with this tty. 1824 * - do_tty_hangup no longer sees this file descriptor as 1825 * something that needs to be handled for hangups. 1826 */ 1827 tty_del_file(filp); 1828 1829 /* 1830 * Perform some housekeeping before deciding whether to return. 1831 * 1832 * If _either_ side is closing, make sure there aren't any 1833 * processes that still think tty or o_tty is their controlling 1834 * tty. 1835 */ 1836 if (!tty->count) { 1837 read_lock(&tasklist_lock); 1838 session_clear_tty(tty->ctrl.session); 1839 if (o_tty) 1840 session_clear_tty(o_tty->ctrl.session); 1841 read_unlock(&tasklist_lock); 1842 } 1843 1844 /* check whether both sides are closing ... */ 1845 final = !tty->count && !(o_tty && o_tty->count); 1846 1847 tty_unlock_slave(o_tty); 1848 tty_unlock(tty); 1849 1850 /* At this point, the tty->count == 0 should ensure a dead tty 1851 * cannot be re-opened by a racing opener. 1852 */ 1853 1854 if (!final) 1855 return 0; 1856 1857 tty_debug_hangup(tty, "final close\n"); 1858 1859 tty_release_struct(tty, idx); 1860 return 0; 1861 } 1862 1863 /** 1864 * tty_open_current_tty - get locked tty of current task 1865 * @device: device number 1866 * @filp: file pointer to tty 1867 * @return: locked tty of the current task iff @device is /dev/tty 1868 * 1869 * Performs a re-open of the current task's controlling tty. 1870 * 1871 * We cannot return driver and index like for the other nodes because devpts 1872 * will not work then. It expects inodes to be from devpts FS. 1873 */ tty_open_current_tty(dev_t device,struct file * filp)1874 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1875 { 1876 struct tty_struct *tty; 1877 int retval; 1878 1879 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1880 return NULL; 1881 1882 tty = get_current_tty(); 1883 if (!tty) 1884 return ERR_PTR(-ENXIO); 1885 1886 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1887 /* noctty = 1; */ 1888 tty_lock(tty); 1889 tty_kref_put(tty); /* safe to drop the kref now */ 1890 1891 retval = tty_reopen(tty); 1892 if (retval < 0) { 1893 tty_unlock(tty); 1894 tty = ERR_PTR(retval); 1895 } 1896 return tty; 1897 } 1898 1899 /** 1900 * tty_lookup_driver - lookup a tty driver for a given device file 1901 * @device: device number 1902 * @filp: file pointer to tty 1903 * @index: index for the device in the @return driver 1904 * 1905 * If returned value is not erroneous, the caller is responsible to decrement 1906 * the refcount by tty_driver_kref_put(). 1907 * 1908 * Locking: %tty_mutex protects get_tty_driver() 1909 * 1910 * Return: driver for this inode (with increased refcount) 1911 */ tty_lookup_driver(dev_t device,struct file * filp,int * index)1912 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1913 int *index) 1914 { 1915 struct tty_driver *driver = NULL; 1916 1917 switch (device) { 1918 #ifdef CONFIG_VT 1919 case MKDEV(TTY_MAJOR, 0): { 1920 extern struct tty_driver *console_driver; 1921 1922 driver = tty_driver_kref_get(console_driver); 1923 *index = fg_console; 1924 break; 1925 } 1926 #endif 1927 case MKDEV(TTYAUX_MAJOR, 1): { 1928 struct tty_driver *console_driver = console_device(index); 1929 1930 if (console_driver) { 1931 driver = tty_driver_kref_get(console_driver); 1932 if (driver && filp) { 1933 /* Don't let /dev/console block */ 1934 filp->f_flags |= O_NONBLOCK; 1935 break; 1936 } 1937 } 1938 if (driver) 1939 tty_driver_kref_put(driver); 1940 return ERR_PTR(-ENODEV); 1941 } 1942 default: 1943 driver = get_tty_driver(device, index); 1944 if (!driver) 1945 return ERR_PTR(-ENODEV); 1946 break; 1947 } 1948 return driver; 1949 } 1950 tty_kopen(dev_t device,int shared)1951 static struct tty_struct *tty_kopen(dev_t device, int shared) 1952 { 1953 struct tty_struct *tty; 1954 struct tty_driver *driver; 1955 int index = -1; 1956 1957 mutex_lock(&tty_mutex); 1958 driver = tty_lookup_driver(device, NULL, &index); 1959 if (IS_ERR(driver)) { 1960 mutex_unlock(&tty_mutex); 1961 return ERR_CAST(driver); 1962 } 1963 1964 /* check whether we're reopening an existing tty */ 1965 tty = tty_driver_lookup_tty(driver, NULL, index); 1966 if (IS_ERR(tty) || shared) 1967 goto out; 1968 1969 if (tty) { 1970 /* drop kref from tty_driver_lookup_tty() */ 1971 tty_kref_put(tty); 1972 tty = ERR_PTR(-EBUSY); 1973 } else { /* tty_init_dev returns tty with the tty_lock held */ 1974 tty = tty_init_dev(driver, index); 1975 if (IS_ERR(tty)) 1976 goto out; 1977 tty_port_set_kopened(tty->port, 1); 1978 } 1979 out: 1980 mutex_unlock(&tty_mutex); 1981 tty_driver_kref_put(driver); 1982 return tty; 1983 } 1984 1985 /** 1986 * tty_kopen_exclusive - open a tty device for kernel 1987 * @device: dev_t of device to open 1988 * 1989 * Opens tty exclusively for kernel. Performs the driver lookup, makes sure 1990 * it's not already opened and performs the first-time tty initialization. 1991 * 1992 * Claims the global %tty_mutex to serialize: 1993 * * concurrent first-time tty initialization 1994 * * concurrent tty driver removal w/ lookup 1995 * * concurrent tty removal from driver table 1996 * 1997 * Return: the locked initialized &tty_struct 1998 */ tty_kopen_exclusive(dev_t device)1999 struct tty_struct *tty_kopen_exclusive(dev_t device) 2000 { 2001 return tty_kopen(device, 0); 2002 } 2003 EXPORT_SYMBOL_GPL(tty_kopen_exclusive); 2004 2005 /** 2006 * tty_kopen_shared - open a tty device for shared in-kernel use 2007 * @device: dev_t of device to open 2008 * 2009 * Opens an already existing tty for in-kernel use. Compared to 2010 * tty_kopen_exclusive() above it doesn't ensure to be the only user. 2011 * 2012 * Locking: identical to tty_kopen() above. 2013 */ tty_kopen_shared(dev_t device)2014 struct tty_struct *tty_kopen_shared(dev_t device) 2015 { 2016 return tty_kopen(device, 1); 2017 } 2018 EXPORT_SYMBOL_GPL(tty_kopen_shared); 2019 2020 /** 2021 * tty_open_by_driver - open a tty device 2022 * @device: dev_t of device to open 2023 * @filp: file pointer to tty 2024 * 2025 * Performs the driver lookup, checks for a reopen, or otherwise performs the 2026 * first-time tty initialization. 2027 * 2028 * 2029 * Claims the global tty_mutex to serialize: 2030 * * concurrent first-time tty initialization 2031 * * concurrent tty driver removal w/ lookup 2032 * * concurrent tty removal from driver table 2033 * 2034 * Return: the locked initialized or re-opened &tty_struct 2035 */ tty_open_by_driver(dev_t device,struct file * filp)2036 static struct tty_struct *tty_open_by_driver(dev_t device, 2037 struct file *filp) 2038 { 2039 struct tty_struct *tty; 2040 struct tty_driver *driver = NULL; 2041 int index = -1; 2042 int retval; 2043 2044 mutex_lock(&tty_mutex); 2045 driver = tty_lookup_driver(device, filp, &index); 2046 if (IS_ERR(driver)) { 2047 mutex_unlock(&tty_mutex); 2048 return ERR_CAST(driver); 2049 } 2050 2051 /* check whether we're reopening an existing tty */ 2052 tty = tty_driver_lookup_tty(driver, filp, index); 2053 if (IS_ERR(tty)) { 2054 mutex_unlock(&tty_mutex); 2055 goto out; 2056 } 2057 2058 if (tty) { 2059 if (tty_port_kopened(tty->port)) { 2060 tty_kref_put(tty); 2061 mutex_unlock(&tty_mutex); 2062 tty = ERR_PTR(-EBUSY); 2063 goto out; 2064 } 2065 mutex_unlock(&tty_mutex); 2066 retval = tty_lock_interruptible(tty); 2067 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */ 2068 if (retval) { 2069 if (retval == -EINTR) 2070 retval = -ERESTARTSYS; 2071 tty = ERR_PTR(retval); 2072 goto out; 2073 } 2074 retval = tty_reopen(tty); 2075 if (retval < 0) { 2076 tty_unlock(tty); 2077 tty = ERR_PTR(retval); 2078 } 2079 } else { /* Returns with the tty_lock held for now */ 2080 tty = tty_init_dev(driver, index); 2081 mutex_unlock(&tty_mutex); 2082 } 2083 out: 2084 tty_driver_kref_put(driver); 2085 return tty; 2086 } 2087 2088 /** 2089 * tty_open - open a tty device 2090 * @inode: inode of device file 2091 * @filp: file pointer to tty 2092 * 2093 * tty_open() and tty_release() keep up the tty count that contains the number 2094 * of opens done on a tty. We cannot use the inode-count, as different inodes 2095 * might point to the same tty. 2096 * 2097 * Open-counting is needed for pty masters, as well as for keeping track of 2098 * serial lines: DTR is dropped when the last close happens. 2099 * (This is not done solely through tty->count, now. - Ted 1/27/92) 2100 * 2101 * The termios state of a pty is reset on the first open so that settings don't 2102 * persist across reuse. 2103 * 2104 * Locking: 2105 * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev(). 2106 * * @tty->count should protect the rest. 2107 * * ->siglock protects ->signal/->sighand 2108 * 2109 * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex 2110 */ tty_open(struct inode * inode,struct file * filp)2111 static int tty_open(struct inode *inode, struct file *filp) 2112 { 2113 struct tty_struct *tty; 2114 int noctty, retval; 2115 dev_t device = inode->i_rdev; 2116 unsigned saved_flags = filp->f_flags; 2117 2118 nonseekable_open(inode, filp); 2119 2120 retry_open: 2121 retval = tty_alloc_file(filp); 2122 if (retval) 2123 return -ENOMEM; 2124 2125 tty = tty_open_current_tty(device, filp); 2126 if (!tty) 2127 tty = tty_open_by_driver(device, filp); 2128 2129 if (IS_ERR(tty)) { 2130 tty_free_file(filp); 2131 retval = PTR_ERR(tty); 2132 if (retval != -EAGAIN || signal_pending(current)) 2133 return retval; 2134 schedule(); 2135 goto retry_open; 2136 } 2137 2138 tty_add_file(tty, filp); 2139 2140 check_tty_count(tty, __func__); 2141 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 2142 2143 if (tty->ops->open) 2144 retval = tty->ops->open(tty, filp); 2145 else 2146 retval = -ENODEV; 2147 filp->f_flags = saved_flags; 2148 2149 if (retval) { 2150 tty_debug_hangup(tty, "open error %d, releasing\n", retval); 2151 2152 tty_unlock(tty); /* need to call tty_release without BTM */ 2153 tty_release(inode, filp); 2154 if (retval != -ERESTARTSYS) 2155 return retval; 2156 2157 if (signal_pending(current)) 2158 return retval; 2159 2160 schedule(); 2161 /* 2162 * Need to reset f_op in case a hangup happened. 2163 */ 2164 if (tty_hung_up_p(filp)) 2165 filp->f_op = &tty_fops; 2166 goto retry_open; 2167 } 2168 clear_bit(TTY_HUPPED, &tty->flags); 2169 2170 noctty = (filp->f_flags & O_NOCTTY) || 2171 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) || 2172 device == MKDEV(TTYAUX_MAJOR, 1) || 2173 (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2174 tty->driver->subtype == PTY_TYPE_MASTER); 2175 if (!noctty) 2176 tty_open_proc_set_tty(filp, tty); 2177 tty_unlock(tty); 2178 return 0; 2179 } 2180 2181 2182 /** 2183 * tty_poll - check tty status 2184 * @filp: file being polled 2185 * @wait: poll wait structures to update 2186 * 2187 * Call the line discipline polling method to obtain the poll status of the 2188 * device. 2189 * 2190 * Locking: locks called line discipline but ldisc poll method may be 2191 * re-entered freely by other callers. 2192 */ tty_poll(struct file * filp,poll_table * wait)2193 static __poll_t tty_poll(struct file *filp, poll_table *wait) 2194 { 2195 struct tty_struct *tty = file_tty(filp); 2196 struct tty_ldisc *ld; 2197 __poll_t ret = 0; 2198 2199 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2200 return 0; 2201 2202 ld = tty_ldisc_ref_wait(tty); 2203 if (!ld) 2204 return hung_up_tty_poll(filp, wait); 2205 if (ld->ops->poll) 2206 ret = ld->ops->poll(tty, filp, wait); 2207 tty_ldisc_deref(ld); 2208 return ret; 2209 } 2210 __tty_fasync(int fd,struct file * filp,int on)2211 static int __tty_fasync(int fd, struct file *filp, int on) 2212 { 2213 struct tty_struct *tty = file_tty(filp); 2214 unsigned long flags; 2215 int retval = 0; 2216 2217 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2218 goto out; 2219 2220 retval = fasync_helper(fd, filp, on, &tty->fasync); 2221 if (retval <= 0) 2222 goto out; 2223 2224 if (on) { 2225 enum pid_type type; 2226 struct pid *pid; 2227 2228 spin_lock_irqsave(&tty->ctrl.lock, flags); 2229 if (tty->ctrl.pgrp) { 2230 pid = tty->ctrl.pgrp; 2231 type = PIDTYPE_PGID; 2232 } else { 2233 pid = task_pid(current); 2234 type = PIDTYPE_TGID; 2235 } 2236 get_pid(pid); 2237 spin_unlock_irqrestore(&tty->ctrl.lock, flags); 2238 __f_setown(filp, pid, type, 0); 2239 put_pid(pid); 2240 retval = 0; 2241 } 2242 out: 2243 return retval; 2244 } 2245 tty_fasync(int fd,struct file * filp,int on)2246 static int tty_fasync(int fd, struct file *filp, int on) 2247 { 2248 struct tty_struct *tty = file_tty(filp); 2249 int retval = -ENOTTY; 2250 2251 tty_lock(tty); 2252 if (!tty_hung_up_p(filp)) 2253 retval = __tty_fasync(fd, filp, on); 2254 tty_unlock(tty); 2255 2256 return retval; 2257 } 2258 2259 static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI); 2260 /** 2261 * tiocsti - fake input character 2262 * @tty: tty to fake input into 2263 * @p: pointer to character 2264 * 2265 * Fake input to a tty device. Does the necessary locking and input management. 2266 * 2267 * FIXME: does not honour flow control ?? 2268 * 2269 * Locking: 2270 * * Called functions take tty_ldiscs_lock 2271 * * current->signal->tty check is safe without locks 2272 */ tiocsti(struct tty_struct * tty,char __user * p)2273 static int tiocsti(struct tty_struct *tty, char __user *p) 2274 { 2275 char ch, mbz = 0; 2276 struct tty_ldisc *ld; 2277 2278 if (!tty_legacy_tiocsti && !capable(CAP_SYS_ADMIN)) 2279 return -EIO; 2280 2281 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2282 return -EPERM; 2283 if (get_user(ch, p)) 2284 return -EFAULT; 2285 tty_audit_tiocsti(tty, ch); 2286 ld = tty_ldisc_ref_wait(tty); 2287 if (!ld) 2288 return -EIO; 2289 tty_buffer_lock_exclusive(tty->port); 2290 if (ld->ops->receive_buf) 2291 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2292 tty_buffer_unlock_exclusive(tty->port); 2293 tty_ldisc_deref(ld); 2294 return 0; 2295 } 2296 2297 /** 2298 * tiocgwinsz - implement window query ioctl 2299 * @tty: tty 2300 * @arg: user buffer for result 2301 * 2302 * Copies the kernel idea of the window size into the user buffer. 2303 * 2304 * Locking: @tty->winsize_mutex is taken to ensure the winsize data is 2305 * consistent. 2306 */ tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2307 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2308 { 2309 int err; 2310 2311 mutex_lock(&tty->winsize_mutex); 2312 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2313 mutex_unlock(&tty->winsize_mutex); 2314 2315 return err ? -EFAULT : 0; 2316 } 2317 2318 /** 2319 * tty_do_resize - resize event 2320 * @tty: tty being resized 2321 * @ws: new dimensions 2322 * 2323 * Update the termios variables and send the necessary signals to peform a 2324 * terminal resize correctly. 2325 */ tty_do_resize(struct tty_struct * tty,struct winsize * ws)2326 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2327 { 2328 struct pid *pgrp; 2329 2330 /* Lock the tty */ 2331 mutex_lock(&tty->winsize_mutex); 2332 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2333 goto done; 2334 2335 /* Signal the foreground process group */ 2336 pgrp = tty_get_pgrp(tty); 2337 if (pgrp) 2338 kill_pgrp(pgrp, SIGWINCH, 1); 2339 put_pid(pgrp); 2340 2341 tty->winsize = *ws; 2342 done: 2343 mutex_unlock(&tty->winsize_mutex); 2344 return 0; 2345 } 2346 EXPORT_SYMBOL(tty_do_resize); 2347 2348 /** 2349 * tiocswinsz - implement window size set ioctl 2350 * @tty: tty side of tty 2351 * @arg: user buffer for result 2352 * 2353 * Copies the user idea of the window size to the kernel. Traditionally this is 2354 * just advisory information but for the Linux console it actually has driver 2355 * level meaning and triggers a VC resize. 2356 * 2357 * Locking: 2358 * Driver dependent. The default do_resize method takes the tty termios 2359 * mutex and ctrl.lock. The console takes its own lock then calls into the 2360 * default method. 2361 */ tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2362 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2363 { 2364 struct winsize tmp_ws; 2365 2366 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2367 return -EFAULT; 2368 2369 if (tty->ops->resize) 2370 return tty->ops->resize(tty, &tmp_ws); 2371 else 2372 return tty_do_resize(tty, &tmp_ws); 2373 } 2374 2375 /** 2376 * tioccons - allow admin to move logical console 2377 * @file: the file to become console 2378 * 2379 * Allow the administrator to move the redirected console device. 2380 * 2381 * Locking: uses redirect_lock to guard the redirect information 2382 */ tioccons(struct file * file)2383 static int tioccons(struct file *file) 2384 { 2385 if (!capable(CAP_SYS_ADMIN)) 2386 return -EPERM; 2387 if (file->f_op->write_iter == redirected_tty_write) { 2388 struct file *f; 2389 2390 spin_lock(&redirect_lock); 2391 f = redirect; 2392 redirect = NULL; 2393 spin_unlock(&redirect_lock); 2394 if (f) 2395 fput(f); 2396 return 0; 2397 } 2398 if (file->f_op->write_iter != tty_write) 2399 return -ENOTTY; 2400 if (!(file->f_mode & FMODE_WRITE)) 2401 return -EBADF; 2402 if (!(file->f_mode & FMODE_CAN_WRITE)) 2403 return -EINVAL; 2404 spin_lock(&redirect_lock); 2405 if (redirect) { 2406 spin_unlock(&redirect_lock); 2407 return -EBUSY; 2408 } 2409 redirect = get_file(file); 2410 spin_unlock(&redirect_lock); 2411 return 0; 2412 } 2413 2414 /** 2415 * tiocsetd - set line discipline 2416 * @tty: tty device 2417 * @p: pointer to user data 2418 * 2419 * Set the line discipline according to user request. 2420 * 2421 * Locking: see tty_set_ldisc(), this function is just a helper 2422 */ tiocsetd(struct tty_struct * tty,int __user * p)2423 static int tiocsetd(struct tty_struct *tty, int __user *p) 2424 { 2425 int disc; 2426 int ret; 2427 2428 if (get_user(disc, p)) 2429 return -EFAULT; 2430 2431 ret = tty_set_ldisc(tty, disc); 2432 2433 return ret; 2434 } 2435 2436 /** 2437 * tiocgetd - get line discipline 2438 * @tty: tty device 2439 * @p: pointer to user data 2440 * 2441 * Retrieves the line discipline id directly from the ldisc. 2442 * 2443 * Locking: waits for ldisc reference (in case the line discipline is changing 2444 * or the @tty is being hungup) 2445 */ tiocgetd(struct tty_struct * tty,int __user * p)2446 static int tiocgetd(struct tty_struct *tty, int __user *p) 2447 { 2448 struct tty_ldisc *ld; 2449 int ret; 2450 2451 ld = tty_ldisc_ref_wait(tty); 2452 if (!ld) 2453 return -EIO; 2454 ret = put_user(ld->ops->num, p); 2455 tty_ldisc_deref(ld); 2456 return ret; 2457 } 2458 2459 /** 2460 * send_break - performed time break 2461 * @tty: device to break on 2462 * @duration: timeout in mS 2463 * 2464 * Perform a timed break on hardware that lacks its own driver level timed 2465 * break functionality. 2466 * 2467 * Locking: 2468 * @tty->atomic_write_lock serializes 2469 */ send_break(struct tty_struct * tty,unsigned int duration)2470 static int send_break(struct tty_struct *tty, unsigned int duration) 2471 { 2472 int retval; 2473 2474 if (tty->ops->break_ctl == NULL) 2475 return 0; 2476 2477 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2478 return tty->ops->break_ctl(tty, duration); 2479 2480 /* Do the work ourselves */ 2481 if (tty_write_lock(tty, false) < 0) 2482 return -EINTR; 2483 2484 retval = tty->ops->break_ctl(tty, -1); 2485 if (!retval) { 2486 msleep_interruptible(duration); 2487 retval = tty->ops->break_ctl(tty, 0); 2488 } else if (retval == -EOPNOTSUPP) { 2489 /* some drivers can tell only dynamically */ 2490 retval = 0; 2491 } 2492 tty_write_unlock(tty); 2493 2494 if (signal_pending(current)) 2495 retval = -EINTR; 2496 2497 return retval; 2498 } 2499 2500 /** 2501 * tty_tiocmget - get modem status 2502 * @tty: tty device 2503 * @p: pointer to result 2504 * 2505 * Obtain the modem status bits from the tty driver if the feature is 2506 * supported. Return -%ENOTTY if it is not available. 2507 * 2508 * Locking: none (up to the driver) 2509 */ tty_tiocmget(struct tty_struct * tty,int __user * p)2510 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2511 { 2512 int retval = -ENOTTY; 2513 2514 if (tty->ops->tiocmget) { 2515 retval = tty->ops->tiocmget(tty); 2516 2517 if (retval >= 0) 2518 retval = put_user(retval, p); 2519 } 2520 return retval; 2521 } 2522 2523 /** 2524 * tty_tiocmset - set modem status 2525 * @tty: tty device 2526 * @cmd: command - clear bits, set bits or set all 2527 * @p: pointer to desired bits 2528 * 2529 * Set the modem status bits from the tty driver if the feature 2530 * is supported. Return -%ENOTTY if it is not available. 2531 * 2532 * Locking: none (up to the driver) 2533 */ tty_tiocmset(struct tty_struct * tty,unsigned int cmd,unsigned __user * p)2534 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2535 unsigned __user *p) 2536 { 2537 int retval; 2538 unsigned int set, clear, val; 2539 2540 if (tty->ops->tiocmset == NULL) 2541 return -ENOTTY; 2542 2543 retval = get_user(val, p); 2544 if (retval) 2545 return retval; 2546 set = clear = 0; 2547 switch (cmd) { 2548 case TIOCMBIS: 2549 set = val; 2550 break; 2551 case TIOCMBIC: 2552 clear = val; 2553 break; 2554 case TIOCMSET: 2555 set = val; 2556 clear = ~val; 2557 break; 2558 } 2559 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2560 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2561 return tty->ops->tiocmset(tty, set, clear); 2562 } 2563 2564 /** 2565 * tty_get_icount - get tty statistics 2566 * @tty: tty device 2567 * @icount: output parameter 2568 * 2569 * Gets a copy of the @tty's icount statistics. 2570 * 2571 * Locking: none (up to the driver) 2572 */ tty_get_icount(struct tty_struct * tty,struct serial_icounter_struct * icount)2573 int tty_get_icount(struct tty_struct *tty, 2574 struct serial_icounter_struct *icount) 2575 { 2576 memset(icount, 0, sizeof(*icount)); 2577 2578 if (tty->ops->get_icount) 2579 return tty->ops->get_icount(tty, icount); 2580 else 2581 return -ENOTTY; 2582 } 2583 EXPORT_SYMBOL_GPL(tty_get_icount); 2584 tty_tiocgicount(struct tty_struct * tty,void __user * arg)2585 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2586 { 2587 struct serial_icounter_struct icount; 2588 int retval; 2589 2590 retval = tty_get_icount(tty, &icount); 2591 if (retval != 0) 2592 return retval; 2593 2594 if (copy_to_user(arg, &icount, sizeof(icount))) 2595 return -EFAULT; 2596 return 0; 2597 } 2598 tty_set_serial(struct tty_struct * tty,struct serial_struct * ss)2599 static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss) 2600 { 2601 char comm[TASK_COMM_LEN]; 2602 int flags; 2603 2604 flags = ss->flags & ASYNC_DEPRECATED; 2605 2606 if (flags) 2607 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2608 __func__, get_task_comm(comm, current), flags); 2609 2610 if (!tty->ops->set_serial) 2611 return -ENOTTY; 2612 2613 return tty->ops->set_serial(tty, ss); 2614 } 2615 tty_tiocsserial(struct tty_struct * tty,struct serial_struct __user * ss)2616 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss) 2617 { 2618 struct serial_struct v; 2619 2620 if (copy_from_user(&v, ss, sizeof(*ss))) 2621 return -EFAULT; 2622 2623 return tty_set_serial(tty, &v); 2624 } 2625 tty_tiocgserial(struct tty_struct * tty,struct serial_struct __user * ss)2626 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss) 2627 { 2628 struct serial_struct v; 2629 int err; 2630 2631 memset(&v, 0, sizeof(v)); 2632 if (!tty->ops->get_serial) 2633 return -ENOTTY; 2634 err = tty->ops->get_serial(tty, &v); 2635 if (!err && copy_to_user(ss, &v, sizeof(v))) 2636 err = -EFAULT; 2637 return err; 2638 } 2639 2640 /* 2641 * if pty, return the slave side (real_tty) 2642 * otherwise, return self 2643 */ tty_pair_get_tty(struct tty_struct * tty)2644 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2645 { 2646 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2647 tty->driver->subtype == PTY_TYPE_MASTER) 2648 tty = tty->link; 2649 return tty; 2650 } 2651 2652 /* 2653 * Split this up, as gcc can choke on it otherwise.. 2654 */ tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2655 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2656 { 2657 struct tty_struct *tty = file_tty(file); 2658 struct tty_struct *real_tty; 2659 void __user *p = (void __user *)arg; 2660 int retval; 2661 struct tty_ldisc *ld; 2662 2663 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2664 return -EINVAL; 2665 2666 real_tty = tty_pair_get_tty(tty); 2667 2668 /* 2669 * Factor out some common prep work 2670 */ 2671 switch (cmd) { 2672 case TIOCSETD: 2673 case TIOCSBRK: 2674 case TIOCCBRK: 2675 case TCSBRK: 2676 case TCSBRKP: 2677 retval = tty_check_change(tty); 2678 if (retval) 2679 return retval; 2680 if (cmd != TIOCCBRK) { 2681 tty_wait_until_sent(tty, 0); 2682 if (signal_pending(current)) 2683 return -EINTR; 2684 } 2685 break; 2686 } 2687 2688 /* 2689 * Now do the stuff. 2690 */ 2691 switch (cmd) { 2692 case TIOCSTI: 2693 return tiocsti(tty, p); 2694 case TIOCGWINSZ: 2695 return tiocgwinsz(real_tty, p); 2696 case TIOCSWINSZ: 2697 return tiocswinsz(real_tty, p); 2698 case TIOCCONS: 2699 return real_tty != tty ? -EINVAL : tioccons(file); 2700 case TIOCEXCL: 2701 set_bit(TTY_EXCLUSIVE, &tty->flags); 2702 return 0; 2703 case TIOCNXCL: 2704 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2705 return 0; 2706 case TIOCGEXCL: 2707 { 2708 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2709 2710 return put_user(excl, (int __user *)p); 2711 } 2712 case TIOCGETD: 2713 return tiocgetd(tty, p); 2714 case TIOCSETD: 2715 return tiocsetd(tty, p); 2716 case TIOCVHANGUP: 2717 if (!capable(CAP_SYS_ADMIN)) 2718 return -EPERM; 2719 tty_vhangup(tty); 2720 return 0; 2721 case TIOCGDEV: 2722 { 2723 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2724 2725 return put_user(ret, (unsigned int __user *)p); 2726 } 2727 /* 2728 * Break handling 2729 */ 2730 case TIOCSBRK: /* Turn break on, unconditionally */ 2731 if (tty->ops->break_ctl) 2732 return tty->ops->break_ctl(tty, -1); 2733 return 0; 2734 case TIOCCBRK: /* Turn break off, unconditionally */ 2735 if (tty->ops->break_ctl) 2736 return tty->ops->break_ctl(tty, 0); 2737 return 0; 2738 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2739 /* non-zero arg means wait for all output data 2740 * to be sent (performed above) but don't send break. 2741 * This is used by the tcdrain() termios function. 2742 */ 2743 if (!arg) 2744 return send_break(tty, 250); 2745 return 0; 2746 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2747 return send_break(tty, arg ? arg*100 : 250); 2748 2749 case TIOCMGET: 2750 return tty_tiocmget(tty, p); 2751 case TIOCMSET: 2752 case TIOCMBIC: 2753 case TIOCMBIS: 2754 return tty_tiocmset(tty, cmd, p); 2755 case TIOCGICOUNT: 2756 return tty_tiocgicount(tty, p); 2757 case TCFLSH: 2758 switch (arg) { 2759 case TCIFLUSH: 2760 case TCIOFLUSH: 2761 /* flush tty buffer and allow ldisc to process ioctl */ 2762 tty_buffer_flush(tty, NULL); 2763 break; 2764 } 2765 break; 2766 case TIOCSSERIAL: 2767 return tty_tiocsserial(tty, p); 2768 case TIOCGSERIAL: 2769 return tty_tiocgserial(tty, p); 2770 case TIOCGPTPEER: 2771 /* Special because the struct file is needed */ 2772 return ptm_open_peer(file, tty, (int)arg); 2773 default: 2774 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg); 2775 if (retval != -ENOIOCTLCMD) 2776 return retval; 2777 } 2778 if (tty->ops->ioctl) { 2779 retval = tty->ops->ioctl(tty, cmd, arg); 2780 if (retval != -ENOIOCTLCMD) 2781 return retval; 2782 } 2783 ld = tty_ldisc_ref_wait(tty); 2784 if (!ld) 2785 return hung_up_tty_ioctl(file, cmd, arg); 2786 retval = -EINVAL; 2787 if (ld->ops->ioctl) { 2788 retval = ld->ops->ioctl(tty, cmd, arg); 2789 if (retval == -ENOIOCTLCMD) 2790 retval = -ENOTTY; 2791 } 2792 tty_ldisc_deref(ld); 2793 return retval; 2794 } 2795 2796 #ifdef CONFIG_COMPAT 2797 2798 struct serial_struct32 { 2799 compat_int_t type; 2800 compat_int_t line; 2801 compat_uint_t port; 2802 compat_int_t irq; 2803 compat_int_t flags; 2804 compat_int_t xmit_fifo_size; 2805 compat_int_t custom_divisor; 2806 compat_int_t baud_base; 2807 unsigned short close_delay; 2808 char io_type; 2809 char reserved_char; 2810 compat_int_t hub6; 2811 unsigned short closing_wait; /* time to wait before closing */ 2812 unsigned short closing_wait2; /* no longer used... */ 2813 compat_uint_t iomem_base; 2814 unsigned short iomem_reg_shift; 2815 unsigned int port_high; 2816 /* compat_ulong_t iomap_base FIXME */ 2817 compat_int_t reserved; 2818 }; 2819 compat_tty_tiocsserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2820 static int compat_tty_tiocsserial(struct tty_struct *tty, 2821 struct serial_struct32 __user *ss) 2822 { 2823 struct serial_struct32 v32; 2824 struct serial_struct v; 2825 2826 if (copy_from_user(&v32, ss, sizeof(*ss))) 2827 return -EFAULT; 2828 2829 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base)); 2830 v.iomem_base = compat_ptr(v32.iomem_base); 2831 v.iomem_reg_shift = v32.iomem_reg_shift; 2832 v.port_high = v32.port_high; 2833 v.iomap_base = 0; 2834 2835 return tty_set_serial(tty, &v); 2836 } 2837 compat_tty_tiocgserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2838 static int compat_tty_tiocgserial(struct tty_struct *tty, 2839 struct serial_struct32 __user *ss) 2840 { 2841 struct serial_struct32 v32; 2842 struct serial_struct v; 2843 int err; 2844 2845 memset(&v, 0, sizeof(v)); 2846 memset(&v32, 0, sizeof(v32)); 2847 2848 if (!tty->ops->get_serial) 2849 return -ENOTTY; 2850 err = tty->ops->get_serial(tty, &v); 2851 if (!err) { 2852 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base)); 2853 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ? 2854 0xfffffff : ptr_to_compat(v.iomem_base); 2855 v32.iomem_reg_shift = v.iomem_reg_shift; 2856 v32.port_high = v.port_high; 2857 if (copy_to_user(ss, &v32, sizeof(v32))) 2858 err = -EFAULT; 2859 } 2860 return err; 2861 } tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2862 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2863 unsigned long arg) 2864 { 2865 struct tty_struct *tty = file_tty(file); 2866 struct tty_ldisc *ld; 2867 int retval = -ENOIOCTLCMD; 2868 2869 switch (cmd) { 2870 case TIOCOUTQ: 2871 case TIOCSTI: 2872 case TIOCGWINSZ: 2873 case TIOCSWINSZ: 2874 case TIOCGEXCL: 2875 case TIOCGETD: 2876 case TIOCSETD: 2877 case TIOCGDEV: 2878 case TIOCMGET: 2879 case TIOCMSET: 2880 case TIOCMBIC: 2881 case TIOCMBIS: 2882 case TIOCGICOUNT: 2883 case TIOCGPGRP: 2884 case TIOCSPGRP: 2885 case TIOCGSID: 2886 case TIOCSERGETLSR: 2887 case TIOCGRS485: 2888 case TIOCSRS485: 2889 #ifdef TIOCGETP 2890 case TIOCGETP: 2891 case TIOCSETP: 2892 case TIOCSETN: 2893 #endif 2894 #ifdef TIOCGETC 2895 case TIOCGETC: 2896 case TIOCSETC: 2897 #endif 2898 #ifdef TIOCGLTC 2899 case TIOCGLTC: 2900 case TIOCSLTC: 2901 #endif 2902 case TCSETSF: 2903 case TCSETSW: 2904 case TCSETS: 2905 case TCGETS: 2906 #ifdef TCGETS2 2907 case TCGETS2: 2908 case TCSETSF2: 2909 case TCSETSW2: 2910 case TCSETS2: 2911 #endif 2912 case TCGETA: 2913 case TCSETAF: 2914 case TCSETAW: 2915 case TCSETA: 2916 case TIOCGLCKTRMIOS: 2917 case TIOCSLCKTRMIOS: 2918 #ifdef TCGETX 2919 case TCGETX: 2920 case TCSETX: 2921 case TCSETXW: 2922 case TCSETXF: 2923 #endif 2924 case TIOCGSOFTCAR: 2925 case TIOCSSOFTCAR: 2926 2927 case PPPIOCGCHAN: 2928 case PPPIOCGUNIT: 2929 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 2930 case TIOCCONS: 2931 case TIOCEXCL: 2932 case TIOCNXCL: 2933 case TIOCVHANGUP: 2934 case TIOCSBRK: 2935 case TIOCCBRK: 2936 case TCSBRK: 2937 case TCSBRKP: 2938 case TCFLSH: 2939 case TIOCGPTPEER: 2940 case TIOCNOTTY: 2941 case TIOCSCTTY: 2942 case TCXONC: 2943 case TIOCMIWAIT: 2944 case TIOCSERCONFIG: 2945 return tty_ioctl(file, cmd, arg); 2946 } 2947 2948 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2949 return -EINVAL; 2950 2951 switch (cmd) { 2952 case TIOCSSERIAL: 2953 return compat_tty_tiocsserial(tty, compat_ptr(arg)); 2954 case TIOCGSERIAL: 2955 return compat_tty_tiocgserial(tty, compat_ptr(arg)); 2956 } 2957 if (tty->ops->compat_ioctl) { 2958 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2959 if (retval != -ENOIOCTLCMD) 2960 return retval; 2961 } 2962 2963 ld = tty_ldisc_ref_wait(tty); 2964 if (!ld) 2965 return hung_up_tty_compat_ioctl(file, cmd, arg); 2966 if (ld->ops->compat_ioctl) 2967 retval = ld->ops->compat_ioctl(tty, cmd, arg); 2968 if (retval == -ENOIOCTLCMD && ld->ops->ioctl) 2969 retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd), 2970 arg); 2971 tty_ldisc_deref(ld); 2972 2973 return retval; 2974 } 2975 #endif 2976 this_tty(const void * t,struct file * file,unsigned fd)2977 static int this_tty(const void *t, struct file *file, unsigned fd) 2978 { 2979 if (likely(file->f_op->read_iter != tty_read)) 2980 return 0; 2981 return file_tty(file) != t ? 0 : fd + 1; 2982 } 2983 2984 /* 2985 * This implements the "Secure Attention Key" --- the idea is to 2986 * prevent trojan horses by killing all processes associated with this 2987 * tty when the user hits the "Secure Attention Key". Required for 2988 * super-paranoid applications --- see the Orange Book for more details. 2989 * 2990 * This code could be nicer; ideally it should send a HUP, wait a few 2991 * seconds, then send a INT, and then a KILL signal. But you then 2992 * have to coordinate with the init process, since all processes associated 2993 * with the current tty must be dead before the new getty is allowed 2994 * to spawn. 2995 * 2996 * Now, if it would be correct ;-/ The current code has a nasty hole - 2997 * it doesn't catch files in flight. We may send the descriptor to ourselves 2998 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2999 * 3000 * Nasty bug: do_SAK is being called in interrupt context. This can 3001 * deadlock. We punt it up to process context. AKPM - 16Mar2001 3002 */ __do_SAK(struct tty_struct * tty)3003 void __do_SAK(struct tty_struct *tty) 3004 { 3005 struct task_struct *g, *p; 3006 struct pid *session; 3007 int i; 3008 unsigned long flags; 3009 3010 spin_lock_irqsave(&tty->ctrl.lock, flags); 3011 session = get_pid(tty->ctrl.session); 3012 spin_unlock_irqrestore(&tty->ctrl.lock, flags); 3013 3014 tty_ldisc_flush(tty); 3015 3016 tty_driver_flush_buffer(tty); 3017 3018 read_lock(&tasklist_lock); 3019 /* Kill the entire session */ 3020 do_each_pid_task(session, PIDTYPE_SID, p) { 3021 tty_notice(tty, "SAK: killed process %d (%s): by session\n", 3022 task_pid_nr(p), p->comm); 3023 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 3024 } while_each_pid_task(session, PIDTYPE_SID, p); 3025 3026 /* Now kill any processes that happen to have the tty open */ 3027 for_each_process_thread(g, p) { 3028 if (p->signal->tty == tty) { 3029 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n", 3030 task_pid_nr(p), p->comm); 3031 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, 3032 PIDTYPE_SID); 3033 continue; 3034 } 3035 task_lock(p); 3036 i = iterate_fd(p->files, 0, this_tty, tty); 3037 if (i != 0) { 3038 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n", 3039 task_pid_nr(p), p->comm, i - 1); 3040 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, 3041 PIDTYPE_SID); 3042 } 3043 task_unlock(p); 3044 } 3045 read_unlock(&tasklist_lock); 3046 put_pid(session); 3047 } 3048 do_SAK_work(struct work_struct * work)3049 static void do_SAK_work(struct work_struct *work) 3050 { 3051 struct tty_struct *tty = 3052 container_of(work, struct tty_struct, SAK_work); 3053 __do_SAK(tty); 3054 } 3055 3056 /* 3057 * The tq handling here is a little racy - tty->SAK_work may already be queued. 3058 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 3059 * the values which we write to it will be identical to the values which it 3060 * already has. --akpm 3061 */ do_SAK(struct tty_struct * tty)3062 void do_SAK(struct tty_struct *tty) 3063 { 3064 if (!tty) 3065 return; 3066 schedule_work(&tty->SAK_work); 3067 } 3068 EXPORT_SYMBOL(do_SAK); 3069 3070 /* Must put_device() after it's unused! */ tty_get_device(struct tty_struct * tty)3071 static struct device *tty_get_device(struct tty_struct *tty) 3072 { 3073 dev_t devt = tty_devnum(tty); 3074 3075 return class_find_device_by_devt(&tty_class, devt); 3076 } 3077 3078 3079 /** 3080 * alloc_tty_struct - allocate a new tty 3081 * @driver: driver which will handle the returned tty 3082 * @idx: minor of the tty 3083 * 3084 * This subroutine allocates and initializes a tty structure. 3085 * 3086 * Locking: none - @tty in question is not exposed at this point 3087 */ alloc_tty_struct(struct tty_driver * driver,int idx)3088 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 3089 { 3090 struct tty_struct *tty; 3091 3092 tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT); 3093 if (!tty) 3094 return NULL; 3095 3096 kref_init(&tty->kref); 3097 if (tty_ldisc_init(tty)) { 3098 kfree(tty); 3099 return NULL; 3100 } 3101 tty->ctrl.session = NULL; 3102 tty->ctrl.pgrp = NULL; 3103 mutex_init(&tty->legacy_mutex); 3104 mutex_init(&tty->throttle_mutex); 3105 init_rwsem(&tty->termios_rwsem); 3106 mutex_init(&tty->winsize_mutex); 3107 init_ldsem(&tty->ldisc_sem); 3108 init_waitqueue_head(&tty->write_wait); 3109 init_waitqueue_head(&tty->read_wait); 3110 INIT_WORK(&tty->hangup_work, do_tty_hangup); 3111 mutex_init(&tty->atomic_write_lock); 3112 spin_lock_init(&tty->ctrl.lock); 3113 spin_lock_init(&tty->flow.lock); 3114 spin_lock_init(&tty->files_lock); 3115 INIT_LIST_HEAD(&tty->tty_files); 3116 INIT_WORK(&tty->SAK_work, do_SAK_work); 3117 3118 tty->driver = driver; 3119 tty->ops = driver->ops; 3120 tty->index = idx; 3121 tty_line_name(driver, idx, tty->name); 3122 tty->dev = tty_get_device(tty); 3123 3124 return tty; 3125 } 3126 3127 /** 3128 * tty_put_char - write one character to a tty 3129 * @tty: tty 3130 * @ch: character to write 3131 * 3132 * Write one byte to the @tty using the provided @tty->ops->put_char() method 3133 * if present. 3134 * 3135 * Note: the specific put_char operation in the driver layer may go 3136 * away soon. Don't call it directly, use this method 3137 * 3138 * Return: the number of characters successfully output. 3139 */ tty_put_char(struct tty_struct * tty,unsigned char ch)3140 int tty_put_char(struct tty_struct *tty, unsigned char ch) 3141 { 3142 if (tty->ops->put_char) 3143 return tty->ops->put_char(tty, ch); 3144 return tty->ops->write(tty, &ch, 1); 3145 } 3146 EXPORT_SYMBOL_GPL(tty_put_char); 3147 tty_cdev_add(struct tty_driver * driver,dev_t dev,unsigned int index,unsigned int count)3148 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3149 unsigned int index, unsigned int count) 3150 { 3151 int err; 3152 3153 /* init here, since reused cdevs cause crashes */ 3154 driver->cdevs[index] = cdev_alloc(); 3155 if (!driver->cdevs[index]) 3156 return -ENOMEM; 3157 driver->cdevs[index]->ops = &tty_fops; 3158 driver->cdevs[index]->owner = driver->owner; 3159 err = cdev_add(driver->cdevs[index], dev, count); 3160 if (err) 3161 kobject_put(&driver->cdevs[index]->kobj); 3162 return err; 3163 } 3164 3165 /** 3166 * tty_register_device - register a tty device 3167 * @driver: the tty driver that describes the tty device 3168 * @index: the index in the tty driver for this tty device 3169 * @device: a struct device that is associated with this tty device. 3170 * This field is optional, if there is no known struct device 3171 * for this tty device it can be set to NULL safely. 3172 * 3173 * This call is required to be made to register an individual tty device 3174 * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If 3175 * that bit is not set, this function should not be called by a tty 3176 * driver. 3177 * 3178 * Locking: ?? 3179 * 3180 * Return: A pointer to the struct device for this tty device (or 3181 * ERR_PTR(-EFOO) on error). 3182 */ tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)3183 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3184 struct device *device) 3185 { 3186 return tty_register_device_attr(driver, index, device, NULL, NULL); 3187 } 3188 EXPORT_SYMBOL(tty_register_device); 3189 tty_device_create_release(struct device * dev)3190 static void tty_device_create_release(struct device *dev) 3191 { 3192 dev_dbg(dev, "releasing...\n"); 3193 kfree(dev); 3194 } 3195 3196 /** 3197 * tty_register_device_attr - register a tty device 3198 * @driver: the tty driver that describes the tty device 3199 * @index: the index in the tty driver for this tty device 3200 * @device: a struct device that is associated with this tty device. 3201 * This field is optional, if there is no known struct device 3202 * for this tty device it can be set to %NULL safely. 3203 * @drvdata: Driver data to be set to device. 3204 * @attr_grp: Attribute group to be set on device. 3205 * 3206 * This call is required to be made to register an individual tty device if the 3207 * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is 3208 * not set, this function should not be called by a tty driver. 3209 * 3210 * Locking: ?? 3211 * 3212 * Return: A pointer to the struct device for this tty device (or 3213 * ERR_PTR(-EFOO) on error). 3214 */ tty_register_device_attr(struct tty_driver * driver,unsigned index,struct device * device,void * drvdata,const struct attribute_group ** attr_grp)3215 struct device *tty_register_device_attr(struct tty_driver *driver, 3216 unsigned index, struct device *device, 3217 void *drvdata, 3218 const struct attribute_group **attr_grp) 3219 { 3220 char name[64]; 3221 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3222 struct ktermios *tp; 3223 struct device *dev; 3224 int retval; 3225 3226 if (index >= driver->num) { 3227 pr_err("%s: Attempt to register invalid tty line number (%d)\n", 3228 driver->name, index); 3229 return ERR_PTR(-EINVAL); 3230 } 3231 3232 if (driver->type == TTY_DRIVER_TYPE_PTY) 3233 pty_line_name(driver, index, name); 3234 else 3235 tty_line_name(driver, index, name); 3236 3237 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3238 if (!dev) 3239 return ERR_PTR(-ENOMEM); 3240 3241 dev->devt = devt; 3242 dev->class = &tty_class; 3243 dev->parent = device; 3244 dev->release = tty_device_create_release; 3245 dev_set_name(dev, "%s", name); 3246 dev->groups = attr_grp; 3247 dev_set_drvdata(dev, drvdata); 3248 3249 dev_set_uevent_suppress(dev, 1); 3250 3251 retval = device_register(dev); 3252 if (retval) 3253 goto err_put; 3254 3255 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3256 /* 3257 * Free any saved termios data so that the termios state is 3258 * reset when reusing a minor number. 3259 */ 3260 tp = driver->termios[index]; 3261 if (tp) { 3262 driver->termios[index] = NULL; 3263 kfree(tp); 3264 } 3265 3266 retval = tty_cdev_add(driver, devt, index, 1); 3267 if (retval) 3268 goto err_del; 3269 } 3270 3271 dev_set_uevent_suppress(dev, 0); 3272 kobject_uevent(&dev->kobj, KOBJ_ADD); 3273 3274 return dev; 3275 3276 err_del: 3277 device_del(dev); 3278 err_put: 3279 put_device(dev); 3280 3281 return ERR_PTR(retval); 3282 } 3283 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3284 3285 /** 3286 * tty_unregister_device - unregister a tty device 3287 * @driver: the tty driver that describes the tty device 3288 * @index: the index in the tty driver for this tty device 3289 * 3290 * If a tty device is registered with a call to tty_register_device() then 3291 * this function must be called when the tty device is gone. 3292 * 3293 * Locking: ?? 3294 */ tty_unregister_device(struct tty_driver * driver,unsigned index)3295 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3296 { 3297 device_destroy(&tty_class, MKDEV(driver->major, driver->minor_start) + index); 3298 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3299 cdev_del(driver->cdevs[index]); 3300 driver->cdevs[index] = NULL; 3301 } 3302 } 3303 EXPORT_SYMBOL(tty_unregister_device); 3304 3305 /** 3306 * __tty_alloc_driver -- allocate tty driver 3307 * @lines: count of lines this driver can handle at most 3308 * @owner: module which is responsible for this driver 3309 * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags 3310 * 3311 * This should not be called directly, some of the provided macros should be 3312 * used instead. Use IS_ERR() and friends on @retval. 3313 */ __tty_alloc_driver(unsigned int lines,struct module * owner,unsigned long flags)3314 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3315 unsigned long flags) 3316 { 3317 struct tty_driver *driver; 3318 unsigned int cdevs = 1; 3319 int err; 3320 3321 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3322 return ERR_PTR(-EINVAL); 3323 3324 driver = kzalloc(sizeof(*driver), GFP_KERNEL); 3325 if (!driver) 3326 return ERR_PTR(-ENOMEM); 3327 3328 kref_init(&driver->kref); 3329 driver->num = lines; 3330 driver->owner = owner; 3331 driver->flags = flags; 3332 3333 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3334 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3335 GFP_KERNEL); 3336 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3337 GFP_KERNEL); 3338 if (!driver->ttys || !driver->termios) { 3339 err = -ENOMEM; 3340 goto err_free_all; 3341 } 3342 } 3343 3344 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3345 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3346 GFP_KERNEL); 3347 if (!driver->ports) { 3348 err = -ENOMEM; 3349 goto err_free_all; 3350 } 3351 cdevs = lines; 3352 } 3353 3354 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3355 if (!driver->cdevs) { 3356 err = -ENOMEM; 3357 goto err_free_all; 3358 } 3359 3360 return driver; 3361 err_free_all: 3362 kfree(driver->ports); 3363 kfree(driver->ttys); 3364 kfree(driver->termios); 3365 kfree(driver->cdevs); 3366 kfree(driver); 3367 return ERR_PTR(err); 3368 } 3369 EXPORT_SYMBOL(__tty_alloc_driver); 3370 destruct_tty_driver(struct kref * kref)3371 static void destruct_tty_driver(struct kref *kref) 3372 { 3373 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3374 int i; 3375 struct ktermios *tp; 3376 3377 if (driver->flags & TTY_DRIVER_INSTALLED) { 3378 for (i = 0; i < driver->num; i++) { 3379 tp = driver->termios[i]; 3380 if (tp) { 3381 driver->termios[i] = NULL; 3382 kfree(tp); 3383 } 3384 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3385 tty_unregister_device(driver, i); 3386 } 3387 proc_tty_unregister_driver(driver); 3388 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3389 cdev_del(driver->cdevs[0]); 3390 } 3391 kfree(driver->cdevs); 3392 kfree(driver->ports); 3393 kfree(driver->termios); 3394 kfree(driver->ttys); 3395 kfree(driver); 3396 } 3397 3398 /** 3399 * tty_driver_kref_put -- drop a reference to a tty driver 3400 * @driver: driver of which to drop the reference 3401 * 3402 * The final put will destroy and free up the driver. 3403 */ tty_driver_kref_put(struct tty_driver * driver)3404 void tty_driver_kref_put(struct tty_driver *driver) 3405 { 3406 kref_put(&driver->kref, destruct_tty_driver); 3407 } 3408 EXPORT_SYMBOL(tty_driver_kref_put); 3409 3410 /** 3411 * tty_register_driver -- register a tty driver 3412 * @driver: driver to register 3413 * 3414 * Called by a tty driver to register itself. 3415 */ tty_register_driver(struct tty_driver * driver)3416 int tty_register_driver(struct tty_driver *driver) 3417 { 3418 int error; 3419 int i; 3420 dev_t dev; 3421 struct device *d; 3422 3423 if (!driver->major) { 3424 error = alloc_chrdev_region(&dev, driver->minor_start, 3425 driver->num, driver->name); 3426 if (!error) { 3427 driver->major = MAJOR(dev); 3428 driver->minor_start = MINOR(dev); 3429 } 3430 } else { 3431 dev = MKDEV(driver->major, driver->minor_start); 3432 error = register_chrdev_region(dev, driver->num, driver->name); 3433 } 3434 if (error < 0) 3435 goto err; 3436 3437 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3438 error = tty_cdev_add(driver, dev, 0, driver->num); 3439 if (error) 3440 goto err_unreg_char; 3441 } 3442 3443 mutex_lock(&tty_mutex); 3444 list_add(&driver->tty_drivers, &tty_drivers); 3445 mutex_unlock(&tty_mutex); 3446 3447 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3448 for (i = 0; i < driver->num; i++) { 3449 d = tty_register_device(driver, i, NULL); 3450 if (IS_ERR(d)) { 3451 error = PTR_ERR(d); 3452 goto err_unreg_devs; 3453 } 3454 } 3455 } 3456 proc_tty_register_driver(driver); 3457 driver->flags |= TTY_DRIVER_INSTALLED; 3458 return 0; 3459 3460 err_unreg_devs: 3461 for (i--; i >= 0; i--) 3462 tty_unregister_device(driver, i); 3463 3464 mutex_lock(&tty_mutex); 3465 list_del(&driver->tty_drivers); 3466 mutex_unlock(&tty_mutex); 3467 3468 err_unreg_char: 3469 unregister_chrdev_region(dev, driver->num); 3470 err: 3471 return error; 3472 } 3473 EXPORT_SYMBOL(tty_register_driver); 3474 3475 /** 3476 * tty_unregister_driver -- unregister a tty driver 3477 * @driver: driver to unregister 3478 * 3479 * Called by a tty driver to unregister itself. 3480 */ tty_unregister_driver(struct tty_driver * driver)3481 void tty_unregister_driver(struct tty_driver *driver) 3482 { 3483 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3484 driver->num); 3485 mutex_lock(&tty_mutex); 3486 list_del(&driver->tty_drivers); 3487 mutex_unlock(&tty_mutex); 3488 } 3489 EXPORT_SYMBOL(tty_unregister_driver); 3490 tty_devnum(struct tty_struct * tty)3491 dev_t tty_devnum(struct tty_struct *tty) 3492 { 3493 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3494 } 3495 EXPORT_SYMBOL(tty_devnum); 3496 tty_default_fops(struct file_operations * fops)3497 void tty_default_fops(struct file_operations *fops) 3498 { 3499 *fops = tty_fops; 3500 } 3501 tty_devnode(const struct device * dev,umode_t * mode)3502 static char *tty_devnode(const struct device *dev, umode_t *mode) 3503 { 3504 if (!mode) 3505 return NULL; 3506 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3507 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3508 *mode = 0666; 3509 return NULL; 3510 } 3511 3512 const struct class tty_class = { 3513 .name = "tty", 3514 .devnode = tty_devnode, 3515 }; 3516 tty_class_init(void)3517 static int __init tty_class_init(void) 3518 { 3519 return class_register(&tty_class); 3520 } 3521 3522 postcore_initcall(tty_class_init); 3523 3524 /* 3/2004 jmc: why do these devices exist? */ 3525 static struct cdev tty_cdev, console_cdev; 3526 show_cons_active(struct device * dev,struct device_attribute * attr,char * buf)3527 static ssize_t show_cons_active(struct device *dev, 3528 struct device_attribute *attr, char *buf) 3529 { 3530 struct console *cs[16]; 3531 int i = 0; 3532 struct console *c; 3533 ssize_t count = 0; 3534 3535 /* 3536 * Hold the console_list_lock to guarantee that no consoles are 3537 * unregistered until all console processing is complete. 3538 * This also allows safe traversal of the console list and 3539 * race-free reading of @flags. 3540 */ 3541 console_list_lock(); 3542 3543 for_each_console(c) { 3544 if (!c->device) 3545 continue; 3546 if (!c->write) 3547 continue; 3548 if ((c->flags & CON_ENABLED) == 0) 3549 continue; 3550 cs[i++] = c; 3551 if (i >= ARRAY_SIZE(cs)) 3552 break; 3553 } 3554 3555 /* 3556 * Take console_lock to serialize device() callback with 3557 * other console operations. For example, fg_console is 3558 * modified under console_lock when switching vt. 3559 */ 3560 console_lock(); 3561 while (i--) { 3562 int index = cs[i]->index; 3563 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3564 3565 /* don't resolve tty0 as some programs depend on it */ 3566 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3567 count += tty_line_name(drv, index, buf + count); 3568 else 3569 count += sprintf(buf + count, "%s%d", 3570 cs[i]->name, cs[i]->index); 3571 3572 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3573 } 3574 console_unlock(); 3575 3576 console_list_unlock(); 3577 3578 return count; 3579 } 3580 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3581 3582 static struct attribute *cons_dev_attrs[] = { 3583 &dev_attr_active.attr, 3584 NULL 3585 }; 3586 3587 ATTRIBUTE_GROUPS(cons_dev); 3588 3589 static struct device *consdev; 3590 console_sysfs_notify(void)3591 void console_sysfs_notify(void) 3592 { 3593 if (consdev) 3594 sysfs_notify(&consdev->kobj, NULL, "active"); 3595 } 3596 3597 static struct ctl_table tty_table[] = { 3598 { 3599 .procname = "legacy_tiocsti", 3600 .data = &tty_legacy_tiocsti, 3601 .maxlen = sizeof(tty_legacy_tiocsti), 3602 .mode = 0644, 3603 .proc_handler = proc_dobool, 3604 }, 3605 { 3606 .procname = "ldisc_autoload", 3607 .data = &tty_ldisc_autoload, 3608 .maxlen = sizeof(tty_ldisc_autoload), 3609 .mode = 0644, 3610 .proc_handler = proc_dointvec_minmax, 3611 .extra1 = SYSCTL_ZERO, 3612 .extra2 = SYSCTL_ONE, 3613 }, 3614 { } 3615 }; 3616 3617 /* 3618 * Ok, now we can initialize the rest of the tty devices and can count 3619 * on memory allocations, interrupts etc.. 3620 */ tty_init(void)3621 int __init tty_init(void) 3622 { 3623 register_sysctl_init("dev/tty", tty_table); 3624 cdev_init(&tty_cdev, &tty_fops); 3625 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3626 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3627 panic("Couldn't register /dev/tty driver\n"); 3628 device_create(&tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3629 3630 cdev_init(&console_cdev, &console_fops); 3631 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3632 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3633 panic("Couldn't register /dev/console driver\n"); 3634 consdev = device_create_with_groups(&tty_class, NULL, 3635 MKDEV(TTYAUX_MAJOR, 1), NULL, 3636 cons_dev_groups, "console"); 3637 if (IS_ERR(consdev)) 3638 consdev = NULL; 3639 3640 #ifdef CONFIG_VT 3641 vty_init(&console_fops); 3642 #endif 3643 return 0; 3644 } 3645