1 /* 2 * Copyright (C) 1991, 1992 Linus Torvalds 3 */ 4 5 /* 6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 7 * or rs-channels. It also implements echoing, cooked mode etc. 8 * 9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 10 * 11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 12 * tty_struct and tty_queue structures. Previously there was an array 13 * of 256 tty_struct's which was statically allocated, and the 14 * tty_queue structures were allocated at boot time. Both are now 15 * dynamically allocated only when the tty is open. 16 * 17 * Also restructured routines so that there is more of a separation 18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 19 * the low-level tty routines (serial.c, pty.c, console.c). This 20 * makes for cleaner and more compact code. -TYT, 9/17/92 21 * 22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 23 * which can be dynamically activated and de-activated by the line 24 * discipline handling modules (like SLIP). 25 * 26 * NOTE: pay no attention to the line discipline code (yet); its 27 * interface is still subject to change in this version... 28 * -- TYT, 1/31/92 29 * 30 * Added functionality to the OPOST tty handling. No delays, but all 31 * other bits should be there. 32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 33 * 34 * Rewrote canonical mode and added more termios flags. 35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 36 * 37 * Reorganized FASYNC support so mouse code can share it. 38 * -- ctm@ardi.com, 9Sep95 39 * 40 * New TIOCLINUX variants added. 41 * -- mj@k332.feld.cvut.cz, 19-Nov-95 42 * 43 * Restrict vt switching via ioctl() 44 * -- grif@cs.ucr.edu, 5-Dec-95 45 * 46 * Move console and virtual terminal code to more appropriate files, 47 * implement CONFIG_VT and generalize console device interface. 48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 49 * 50 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 51 * -- Bill Hawes <whawes@star.net>, June 97 52 * 53 * Added devfs support. 54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 55 * 56 * Added support for a Unix98-style ptmx device. 57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 58 * 59 * Reduced memory usage for older ARM systems 60 * -- Russell King <rmk@arm.linux.org.uk> 61 * 62 * Move do_SAK() into process context. Less stack use in devfs functions. 63 * alloc_tty_struct() always uses kmalloc() 64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 65 */ 66 67 #include <linux/types.h> 68 #include <linux/major.h> 69 #include <linux/errno.h> 70 #include <linux/signal.h> 71 #include <linux/fcntl.h> 72 #include <linux/sched.h> 73 #include <linux/interrupt.h> 74 #include <linux/tty.h> 75 #include <linux/tty_driver.h> 76 #include <linux/tty_flip.h> 77 #include <linux/devpts_fs.h> 78 #include <linux/file.h> 79 #include <linux/fdtable.h> 80 #include <linux/console.h> 81 #include <linux/timer.h> 82 #include <linux/ctype.h> 83 #include <linux/kd.h> 84 #include <linux/mm.h> 85 #include <linux/string.h> 86 #include <linux/slab.h> 87 #include <linux/poll.h> 88 #include <linux/proc_fs.h> 89 #include <linux/init.h> 90 #include <linux/module.h> 91 #include <linux/device.h> 92 #include <linux/wait.h> 93 #include <linux/bitops.h> 94 #include <linux/delay.h> 95 #include <linux/seq_file.h> 96 #include <linux/serial.h> 97 #include <linux/ratelimit.h> 98 99 #include <linux/uaccess.h> 100 101 #include <linux/kbd_kern.h> 102 #include <linux/vt_kern.h> 103 #include <linux/selection.h> 104 105 #include <linux/kmod.h> 106 #include <linux/nsproxy.h> 107 108 #undef TTY_DEBUG_HANGUP 109 110 #define TTY_PARANOIA_CHECK 1 111 #define CHECK_TTY_COUNT 1 112 113 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 114 .c_iflag = ICRNL | IXON, 115 .c_oflag = OPOST | ONLCR, 116 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 118 ECHOCTL | ECHOKE | IEXTEN, 119 .c_cc = INIT_C_CC, 120 .c_ispeed = 38400, 121 .c_ospeed = 38400 122 }; 123 124 EXPORT_SYMBOL(tty_std_termios); 125 126 /* This list gets poked at by procfs and various bits of boot up code. This 127 could do with some rationalisation such as pulling the tty proc function 128 into this file */ 129 130 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 131 132 /* Mutex to protect creating and releasing a tty. This is shared with 133 vt.c for deeply disgusting hack reasons */ 134 DEFINE_MUTEX(tty_mutex); 135 EXPORT_SYMBOL(tty_mutex); 136 137 /* Spinlock to protect the tty->tty_files list */ 138 DEFINE_SPINLOCK(tty_files_lock); 139 140 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 141 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); 142 ssize_t redirected_tty_write(struct file *, const char __user *, 143 size_t, loff_t *); 144 static unsigned int tty_poll(struct file *, poll_table *); 145 static int tty_open(struct inode *, struct file *); 146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 147 #ifdef CONFIG_COMPAT 148 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 149 unsigned long arg); 150 #else 151 #define tty_compat_ioctl NULL 152 #endif 153 static int __tty_fasync(int fd, struct file *filp, int on); 154 static int tty_fasync(int fd, struct file *filp, int on); 155 static void release_tty(struct tty_struct *tty, int idx); 156 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty); 157 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty); 158 159 /** 160 * alloc_tty_struct - allocate a tty object 161 * 162 * Return a new empty tty structure. The data fields have not 163 * been initialized in any way but has been zeroed 164 * 165 * Locking: none 166 */ 167 168 struct tty_struct *alloc_tty_struct(void) 169 { 170 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL); 171 } 172 173 /** 174 * free_tty_struct - free a disused tty 175 * @tty: tty struct to free 176 * 177 * Free the write buffers, tty queue and tty memory itself. 178 * 179 * Locking: none. Must be called after tty is definitely unused 180 */ 181 182 void free_tty_struct(struct tty_struct *tty) 183 { 184 if (!tty) 185 return; 186 if (tty->dev) 187 put_device(tty->dev); 188 kfree(tty->write_buf); 189 tty_buffer_free_all(tty); 190 tty->magic = 0xDEADDEAD; 191 kfree(tty); 192 } 193 194 static inline struct tty_struct *file_tty(struct file *file) 195 { 196 return ((struct tty_file_private *)file->private_data)->tty; 197 } 198 199 int tty_alloc_file(struct file *file) 200 { 201 struct tty_file_private *priv; 202 203 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 204 if (!priv) 205 return -ENOMEM; 206 207 file->private_data = priv; 208 209 return 0; 210 } 211 212 /* Associate a new file with the tty structure */ 213 void tty_add_file(struct tty_struct *tty, struct file *file) 214 { 215 struct tty_file_private *priv = file->private_data; 216 217 priv->tty = tty; 218 priv->file = file; 219 220 spin_lock(&tty_files_lock); 221 list_add(&priv->list, &tty->tty_files); 222 spin_unlock(&tty_files_lock); 223 } 224 225 /** 226 * tty_free_file - free file->private_data 227 * 228 * This shall be used only for fail path handling when tty_add_file was not 229 * called yet. 230 */ 231 void tty_free_file(struct file *file) 232 { 233 struct tty_file_private *priv = file->private_data; 234 235 file->private_data = NULL; 236 kfree(priv); 237 } 238 239 /* Delete file from its tty */ 240 void tty_del_file(struct file *file) 241 { 242 struct tty_file_private *priv = file->private_data; 243 244 spin_lock(&tty_files_lock); 245 list_del(&priv->list); 246 spin_unlock(&tty_files_lock); 247 tty_free_file(file); 248 } 249 250 251 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base) 252 253 /** 254 * tty_name - return tty naming 255 * @tty: tty structure 256 * @buf: buffer for output 257 * 258 * Convert a tty structure into a name. The name reflects the kernel 259 * naming policy and if udev is in use may not reflect user space 260 * 261 * Locking: none 262 */ 263 264 char *tty_name(struct tty_struct *tty, char *buf) 265 { 266 if (!tty) /* Hmm. NULL pointer. That's fun. */ 267 strcpy(buf, "NULL tty"); 268 else 269 strcpy(buf, tty->name); 270 return buf; 271 } 272 273 EXPORT_SYMBOL(tty_name); 274 275 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 276 const char *routine) 277 { 278 #ifdef TTY_PARANOIA_CHECK 279 if (!tty) { 280 printk(KERN_WARNING 281 "null TTY for (%d:%d) in %s\n", 282 imajor(inode), iminor(inode), routine); 283 return 1; 284 } 285 if (tty->magic != TTY_MAGIC) { 286 printk(KERN_WARNING 287 "bad magic number for tty struct (%d:%d) in %s\n", 288 imajor(inode), iminor(inode), routine); 289 return 1; 290 } 291 #endif 292 return 0; 293 } 294 295 static int check_tty_count(struct tty_struct *tty, const char *routine) 296 { 297 #ifdef CHECK_TTY_COUNT 298 struct list_head *p; 299 int count = 0; 300 301 spin_lock(&tty_files_lock); 302 list_for_each(p, &tty->tty_files) { 303 count++; 304 } 305 spin_unlock(&tty_files_lock); 306 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 307 tty->driver->subtype == PTY_TYPE_SLAVE && 308 tty->link && tty->link->count) 309 count++; 310 if (tty->count != count) { 311 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) " 312 "!= #fd's(%d) in %s\n", 313 tty->name, tty->count, count, routine); 314 return count; 315 } 316 #endif 317 return 0; 318 } 319 320 /** 321 * get_tty_driver - find device of a tty 322 * @dev_t: device identifier 323 * @index: returns the index of the tty 324 * 325 * This routine returns a tty driver structure, given a device number 326 * and also passes back the index number. 327 * 328 * Locking: caller must hold tty_mutex 329 */ 330 331 static struct tty_driver *get_tty_driver(dev_t device, int *index) 332 { 333 struct tty_driver *p; 334 335 list_for_each_entry(p, &tty_drivers, tty_drivers) { 336 dev_t base = MKDEV(p->major, p->minor_start); 337 if (device < base || device >= base + p->num) 338 continue; 339 *index = device - base; 340 return tty_driver_kref_get(p); 341 } 342 return NULL; 343 } 344 345 #ifdef CONFIG_CONSOLE_POLL 346 347 /** 348 * tty_find_polling_driver - find device of a polled tty 349 * @name: name string to match 350 * @line: pointer to resulting tty line nr 351 * 352 * This routine returns a tty driver structure, given a name 353 * and the condition that the tty driver is capable of polled 354 * operation. 355 */ 356 struct tty_driver *tty_find_polling_driver(char *name, int *line) 357 { 358 struct tty_driver *p, *res = NULL; 359 int tty_line = 0; 360 int len; 361 char *str, *stp; 362 363 for (str = name; *str; str++) 364 if ((*str >= '0' && *str <= '9') || *str == ',') 365 break; 366 if (!*str) 367 return NULL; 368 369 len = str - name; 370 tty_line = simple_strtoul(str, &str, 10); 371 372 mutex_lock(&tty_mutex); 373 /* Search through the tty devices to look for a match */ 374 list_for_each_entry(p, &tty_drivers, tty_drivers) { 375 if (strncmp(name, p->name, len) != 0) 376 continue; 377 stp = str; 378 if (*stp == ',') 379 stp++; 380 if (*stp == '\0') 381 stp = NULL; 382 383 if (tty_line >= 0 && tty_line < p->num && p->ops && 384 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 385 res = tty_driver_kref_get(p); 386 *line = tty_line; 387 break; 388 } 389 } 390 mutex_unlock(&tty_mutex); 391 392 return res; 393 } 394 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 395 #endif 396 397 /** 398 * tty_check_change - check for POSIX terminal changes 399 * @tty: tty to check 400 * 401 * If we try to write to, or set the state of, a terminal and we're 402 * not in the foreground, send a SIGTTOU. If the signal is blocked or 403 * ignored, go ahead and perform the operation. (POSIX 7.2) 404 * 405 * Locking: ctrl_lock 406 */ 407 408 int tty_check_change(struct tty_struct *tty) 409 { 410 unsigned long flags; 411 int ret = 0; 412 413 if (current->signal->tty != tty) 414 return 0; 415 416 spin_lock_irqsave(&tty->ctrl_lock, flags); 417 418 if (!tty->pgrp) { 419 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n"); 420 goto out_unlock; 421 } 422 if (task_pgrp(current) == tty->pgrp) 423 goto out_unlock; 424 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 425 if (is_ignored(SIGTTOU)) 426 goto out; 427 if (is_current_pgrp_orphaned()) { 428 ret = -EIO; 429 goto out; 430 } 431 kill_pgrp(task_pgrp(current), SIGTTOU, 1); 432 set_thread_flag(TIF_SIGPENDING); 433 ret = -ERESTARTSYS; 434 out: 435 return ret; 436 out_unlock: 437 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 438 return ret; 439 } 440 441 EXPORT_SYMBOL(tty_check_change); 442 443 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 444 size_t count, loff_t *ppos) 445 { 446 return 0; 447 } 448 449 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 450 size_t count, loff_t *ppos) 451 { 452 return -EIO; 453 } 454 455 /* No kernel lock held - none needed ;) */ 456 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait) 457 { 458 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM; 459 } 460 461 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 462 unsigned long arg) 463 { 464 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 465 } 466 467 static long hung_up_tty_compat_ioctl(struct file *file, 468 unsigned int cmd, unsigned long arg) 469 { 470 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 471 } 472 473 static const struct file_operations tty_fops = { 474 .llseek = no_llseek, 475 .read = tty_read, 476 .write = tty_write, 477 .poll = tty_poll, 478 .unlocked_ioctl = tty_ioctl, 479 .compat_ioctl = tty_compat_ioctl, 480 .open = tty_open, 481 .release = tty_release, 482 .fasync = tty_fasync, 483 }; 484 485 static const struct file_operations console_fops = { 486 .llseek = no_llseek, 487 .read = tty_read, 488 .write = redirected_tty_write, 489 .poll = tty_poll, 490 .unlocked_ioctl = tty_ioctl, 491 .compat_ioctl = tty_compat_ioctl, 492 .open = tty_open, 493 .release = tty_release, 494 .fasync = tty_fasync, 495 }; 496 497 static const struct file_operations hung_up_tty_fops = { 498 .llseek = no_llseek, 499 .read = hung_up_tty_read, 500 .write = hung_up_tty_write, 501 .poll = hung_up_tty_poll, 502 .unlocked_ioctl = hung_up_tty_ioctl, 503 .compat_ioctl = hung_up_tty_compat_ioctl, 504 .release = tty_release, 505 }; 506 507 static DEFINE_SPINLOCK(redirect_lock); 508 static struct file *redirect; 509 510 /** 511 * tty_wakeup - request more data 512 * @tty: terminal 513 * 514 * Internal and external helper for wakeups of tty. This function 515 * informs the line discipline if present that the driver is ready 516 * to receive more output data. 517 */ 518 519 void tty_wakeup(struct tty_struct *tty) 520 { 521 struct tty_ldisc *ld; 522 523 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 524 ld = tty_ldisc_ref(tty); 525 if (ld) { 526 if (ld->ops->write_wakeup) 527 ld->ops->write_wakeup(tty); 528 tty_ldisc_deref(ld); 529 } 530 } 531 wake_up_interruptible_poll(&tty->write_wait, POLLOUT); 532 } 533 534 EXPORT_SYMBOL_GPL(tty_wakeup); 535 536 /** 537 * __tty_hangup - actual handler for hangup events 538 * @work: tty device 539 * 540 * This can be called by the "eventd" kernel thread. That is process 541 * synchronous but doesn't hold any locks, so we need to make sure we 542 * have the appropriate locks for what we're doing. 543 * 544 * The hangup event clears any pending redirections onto the hung up 545 * device. It ensures future writes will error and it does the needed 546 * line discipline hangup and signal delivery. The tty object itself 547 * remains intact. 548 * 549 * Locking: 550 * BTM 551 * redirect lock for undoing redirection 552 * file list lock for manipulating list of ttys 553 * tty_ldisc_lock from called functions 554 * termios_mutex resetting termios data 555 * tasklist_lock to walk task list for hangup event 556 * ->siglock to protect ->signal/->sighand 557 */ 558 void __tty_hangup(struct tty_struct *tty) 559 { 560 struct file *cons_filp = NULL; 561 struct file *filp, *f = NULL; 562 struct task_struct *p; 563 struct tty_file_private *priv; 564 int closecount = 0, n; 565 unsigned long flags; 566 int refs = 0; 567 568 if (!tty) 569 return; 570 571 572 spin_lock(&redirect_lock); 573 if (redirect && file_tty(redirect) == tty) { 574 f = redirect; 575 redirect = NULL; 576 } 577 spin_unlock(&redirect_lock); 578 579 tty_lock(tty); 580 581 /* some functions below drop BTM, so we need this bit */ 582 set_bit(TTY_HUPPING, &tty->flags); 583 584 /* inuse_filps is protected by the single tty lock, 585 this really needs to change if we want to flush the 586 workqueue with the lock held */ 587 check_tty_count(tty, "tty_hangup"); 588 589 spin_lock(&tty_files_lock); 590 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 591 list_for_each_entry(priv, &tty->tty_files, list) { 592 filp = priv->file; 593 if (filp->f_op->write == redirected_tty_write) 594 cons_filp = filp; 595 if (filp->f_op->write != tty_write) 596 continue; 597 closecount++; 598 __tty_fasync(-1, filp, 0); /* can't block */ 599 filp->f_op = &hung_up_tty_fops; 600 } 601 spin_unlock(&tty_files_lock); 602 603 /* 604 * it drops BTM and thus races with reopen 605 * we protect the race by TTY_HUPPING 606 */ 607 tty_ldisc_hangup(tty); 608 609 read_lock(&tasklist_lock); 610 if (tty->session) { 611 do_each_pid_task(tty->session, PIDTYPE_SID, p) { 612 spin_lock_irq(&p->sighand->siglock); 613 if (p->signal->tty == tty) { 614 p->signal->tty = NULL; 615 /* We defer the dereferences outside fo 616 the tasklist lock */ 617 refs++; 618 } 619 if (!p->signal->leader) { 620 spin_unlock_irq(&p->sighand->siglock); 621 continue; 622 } 623 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p); 624 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p); 625 put_pid(p->signal->tty_old_pgrp); /* A noop */ 626 spin_lock_irqsave(&tty->ctrl_lock, flags); 627 if (tty->pgrp) 628 p->signal->tty_old_pgrp = get_pid(tty->pgrp); 629 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 630 spin_unlock_irq(&p->sighand->siglock); 631 } while_each_pid_task(tty->session, PIDTYPE_SID, p); 632 } 633 read_unlock(&tasklist_lock); 634 635 spin_lock_irqsave(&tty->ctrl_lock, flags); 636 clear_bit(TTY_THROTTLED, &tty->flags); 637 clear_bit(TTY_PUSH, &tty->flags); 638 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 639 put_pid(tty->session); 640 put_pid(tty->pgrp); 641 tty->session = NULL; 642 tty->pgrp = NULL; 643 tty->ctrl_status = 0; 644 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 645 646 /* Account for the p->signal references we killed */ 647 while (refs--) 648 tty_kref_put(tty); 649 650 /* 651 * If one of the devices matches a console pointer, we 652 * cannot just call hangup() because that will cause 653 * tty->count and state->count to go out of sync. 654 * So we just call close() the right number of times. 655 */ 656 if (cons_filp) { 657 if (tty->ops->close) 658 for (n = 0; n < closecount; n++) 659 tty->ops->close(tty, cons_filp); 660 } else if (tty->ops->hangup) 661 (tty->ops->hangup)(tty); 662 /* 663 * We don't want to have driver/ldisc interactions beyond 664 * the ones we did here. The driver layer expects no 665 * calls after ->hangup() from the ldisc side. However we 666 * can't yet guarantee all that. 667 */ 668 set_bit(TTY_HUPPED, &tty->flags); 669 clear_bit(TTY_HUPPING, &tty->flags); 670 tty_ldisc_enable(tty); 671 672 tty_unlock(tty); 673 674 if (f) 675 fput(f); 676 } 677 678 static void do_tty_hangup(struct work_struct *work) 679 { 680 struct tty_struct *tty = 681 container_of(work, struct tty_struct, hangup_work); 682 683 __tty_hangup(tty); 684 } 685 686 /** 687 * tty_hangup - trigger a hangup event 688 * @tty: tty to hangup 689 * 690 * A carrier loss (virtual or otherwise) has occurred on this like 691 * schedule a hangup sequence to run after this event. 692 */ 693 694 void tty_hangup(struct tty_struct *tty) 695 { 696 #ifdef TTY_DEBUG_HANGUP 697 char buf[64]; 698 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf)); 699 #endif 700 schedule_work(&tty->hangup_work); 701 } 702 703 EXPORT_SYMBOL(tty_hangup); 704 705 /** 706 * tty_vhangup - process vhangup 707 * @tty: tty to hangup 708 * 709 * The user has asked via system call for the terminal to be hung up. 710 * We do this synchronously so that when the syscall returns the process 711 * is complete. That guarantee is necessary for security reasons. 712 */ 713 714 void tty_vhangup(struct tty_struct *tty) 715 { 716 #ifdef TTY_DEBUG_HANGUP 717 char buf[64]; 718 719 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf)); 720 #endif 721 __tty_hangup(tty); 722 } 723 724 EXPORT_SYMBOL(tty_vhangup); 725 726 727 /** 728 * tty_vhangup_self - process vhangup for own ctty 729 * 730 * Perform a vhangup on the current controlling tty 731 */ 732 733 void tty_vhangup_self(void) 734 { 735 struct tty_struct *tty; 736 737 tty = get_current_tty(); 738 if (tty) { 739 tty_vhangup(tty); 740 tty_kref_put(tty); 741 } 742 } 743 744 /** 745 * tty_hung_up_p - was tty hung up 746 * @filp: file pointer of tty 747 * 748 * Return true if the tty has been subject to a vhangup or a carrier 749 * loss 750 */ 751 752 int tty_hung_up_p(struct file *filp) 753 { 754 return (filp->f_op == &hung_up_tty_fops); 755 } 756 757 EXPORT_SYMBOL(tty_hung_up_p); 758 759 static void session_clear_tty(struct pid *session) 760 { 761 struct task_struct *p; 762 do_each_pid_task(session, PIDTYPE_SID, p) { 763 proc_clear_tty(p); 764 } while_each_pid_task(session, PIDTYPE_SID, p); 765 } 766 767 /** 768 * disassociate_ctty - disconnect controlling tty 769 * @on_exit: true if exiting so need to "hang up" the session 770 * 771 * This function is typically called only by the session leader, when 772 * it wants to disassociate itself from its controlling tty. 773 * 774 * It performs the following functions: 775 * (1) Sends a SIGHUP and SIGCONT to the foreground process group 776 * (2) Clears the tty from being controlling the session 777 * (3) Clears the controlling tty for all processes in the 778 * session group. 779 * 780 * The argument on_exit is set to 1 if called when a process is 781 * exiting; it is 0 if called by the ioctl TIOCNOTTY. 782 * 783 * Locking: 784 * BTM is taken for hysterical raisins, and held when 785 * called from no_tty(). 786 * tty_mutex is taken to protect tty 787 * ->siglock is taken to protect ->signal/->sighand 788 * tasklist_lock is taken to walk process list for sessions 789 * ->siglock is taken to protect ->signal/->sighand 790 */ 791 792 void disassociate_ctty(int on_exit) 793 { 794 struct tty_struct *tty; 795 796 if (!current->signal->leader) 797 return; 798 799 tty = get_current_tty(); 800 if (tty) { 801 struct pid *tty_pgrp = get_pid(tty->pgrp); 802 if (on_exit) { 803 if (tty->driver->type != TTY_DRIVER_TYPE_PTY) 804 tty_vhangup(tty); 805 } 806 tty_kref_put(tty); 807 if (tty_pgrp) { 808 kill_pgrp(tty_pgrp, SIGHUP, on_exit); 809 if (!on_exit) 810 kill_pgrp(tty_pgrp, SIGCONT, on_exit); 811 put_pid(tty_pgrp); 812 } 813 } else if (on_exit) { 814 struct pid *old_pgrp; 815 spin_lock_irq(¤t->sighand->siglock); 816 old_pgrp = current->signal->tty_old_pgrp; 817 current->signal->tty_old_pgrp = NULL; 818 spin_unlock_irq(¤t->sighand->siglock); 819 if (old_pgrp) { 820 kill_pgrp(old_pgrp, SIGHUP, on_exit); 821 kill_pgrp(old_pgrp, SIGCONT, on_exit); 822 put_pid(old_pgrp); 823 } 824 return; 825 } 826 827 spin_lock_irq(¤t->sighand->siglock); 828 put_pid(current->signal->tty_old_pgrp); 829 current->signal->tty_old_pgrp = NULL; 830 spin_unlock_irq(¤t->sighand->siglock); 831 832 tty = get_current_tty(); 833 if (tty) { 834 unsigned long flags; 835 spin_lock_irqsave(&tty->ctrl_lock, flags); 836 put_pid(tty->session); 837 put_pid(tty->pgrp); 838 tty->session = NULL; 839 tty->pgrp = NULL; 840 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 841 tty_kref_put(tty); 842 } else { 843 #ifdef TTY_DEBUG_HANGUP 844 printk(KERN_DEBUG "error attempted to write to tty [0x%p]" 845 " = NULL", tty); 846 #endif 847 } 848 849 /* Now clear signal->tty under the lock */ 850 read_lock(&tasklist_lock); 851 session_clear_tty(task_session(current)); 852 read_unlock(&tasklist_lock); 853 } 854 855 /** 856 * 857 * no_tty - Ensure the current process does not have a controlling tty 858 */ 859 void no_tty(void) 860 { 861 /* FIXME: Review locking here. The tty_lock never covered any race 862 between a new association and proc_clear_tty but possible we need 863 to protect against this anyway */ 864 struct task_struct *tsk = current; 865 disassociate_ctty(0); 866 proc_clear_tty(tsk); 867 } 868 869 870 /** 871 * stop_tty - propagate flow control 872 * @tty: tty to stop 873 * 874 * Perform flow control to the driver. For PTY/TTY pairs we 875 * must also propagate the TIOCKPKT status. May be called 876 * on an already stopped device and will not re-call the driver 877 * method. 878 * 879 * This functionality is used by both the line disciplines for 880 * halting incoming flow and by the driver. It may therefore be 881 * called from any context, may be under the tty atomic_write_lock 882 * but not always. 883 * 884 * Locking: 885 * Uses the tty control lock internally 886 */ 887 888 void stop_tty(struct tty_struct *tty) 889 { 890 unsigned long flags; 891 spin_lock_irqsave(&tty->ctrl_lock, flags); 892 if (tty->stopped) { 893 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 894 return; 895 } 896 tty->stopped = 1; 897 if (tty->link && tty->link->packet) { 898 tty->ctrl_status &= ~TIOCPKT_START; 899 tty->ctrl_status |= TIOCPKT_STOP; 900 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN); 901 } 902 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 903 if (tty->ops->stop) 904 (tty->ops->stop)(tty); 905 } 906 907 EXPORT_SYMBOL(stop_tty); 908 909 /** 910 * start_tty - propagate flow control 911 * @tty: tty to start 912 * 913 * Start a tty that has been stopped if at all possible. Perform 914 * any necessary wakeups and propagate the TIOCPKT status. If this 915 * is the tty was previous stopped and is being started then the 916 * driver start method is invoked and the line discipline woken. 917 * 918 * Locking: 919 * ctrl_lock 920 */ 921 922 void start_tty(struct tty_struct *tty) 923 { 924 unsigned long flags; 925 spin_lock_irqsave(&tty->ctrl_lock, flags); 926 if (!tty->stopped || tty->flow_stopped) { 927 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 928 return; 929 } 930 tty->stopped = 0; 931 if (tty->link && tty->link->packet) { 932 tty->ctrl_status &= ~TIOCPKT_STOP; 933 tty->ctrl_status |= TIOCPKT_START; 934 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN); 935 } 936 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 937 if (tty->ops->start) 938 (tty->ops->start)(tty); 939 /* If we have a running line discipline it may need kicking */ 940 tty_wakeup(tty); 941 } 942 943 EXPORT_SYMBOL(start_tty); 944 945 /** 946 * tty_read - read method for tty device files 947 * @file: pointer to tty file 948 * @buf: user buffer 949 * @count: size of user buffer 950 * @ppos: unused 951 * 952 * Perform the read system call function on this terminal device. Checks 953 * for hung up devices before calling the line discipline method. 954 * 955 * Locking: 956 * Locks the line discipline internally while needed. Multiple 957 * read calls may be outstanding in parallel. 958 */ 959 960 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 961 loff_t *ppos) 962 { 963 int i; 964 struct inode *inode = file->f_path.dentry->d_inode; 965 struct tty_struct *tty = file_tty(file); 966 struct tty_ldisc *ld; 967 968 if (tty_paranoia_check(tty, inode, "tty_read")) 969 return -EIO; 970 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags))) 971 return -EIO; 972 973 /* We want to wait for the line discipline to sort out in this 974 situation */ 975 ld = tty_ldisc_ref_wait(tty); 976 if (ld->ops->read) 977 i = (ld->ops->read)(tty, file, buf, count); 978 else 979 i = -EIO; 980 tty_ldisc_deref(ld); 981 if (i > 0) 982 inode->i_atime = current_fs_time(inode->i_sb); 983 return i; 984 } 985 986 void tty_write_unlock(struct tty_struct *tty) 987 __releases(&tty->atomic_write_lock) 988 { 989 mutex_unlock(&tty->atomic_write_lock); 990 wake_up_interruptible_poll(&tty->write_wait, POLLOUT); 991 } 992 993 int tty_write_lock(struct tty_struct *tty, int ndelay) 994 __acquires(&tty->atomic_write_lock) 995 { 996 if (!mutex_trylock(&tty->atomic_write_lock)) { 997 if (ndelay) 998 return -EAGAIN; 999 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 1000 return -ERESTARTSYS; 1001 } 1002 return 0; 1003 } 1004 1005 /* 1006 * Split writes up in sane blocksizes to avoid 1007 * denial-of-service type attacks 1008 */ 1009 static inline ssize_t do_tty_write( 1010 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 1011 struct tty_struct *tty, 1012 struct file *file, 1013 const char __user *buf, 1014 size_t count) 1015 { 1016 ssize_t ret, written = 0; 1017 unsigned int chunk; 1018 1019 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 1020 if (ret < 0) 1021 return ret; 1022 1023 /* 1024 * We chunk up writes into a temporary buffer. This 1025 * simplifies low-level drivers immensely, since they 1026 * don't have locking issues and user mode accesses. 1027 * 1028 * But if TTY_NO_WRITE_SPLIT is set, we should use a 1029 * big chunk-size.. 1030 * 1031 * The default chunk-size is 2kB, because the NTTY 1032 * layer has problems with bigger chunks. It will 1033 * claim to be able to handle more characters than 1034 * it actually does. 1035 * 1036 * FIXME: This can probably go away now except that 64K chunks 1037 * are too likely to fail unless switched to vmalloc... 1038 */ 1039 chunk = 2048; 1040 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 1041 chunk = 65536; 1042 if (count < chunk) 1043 chunk = count; 1044 1045 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 1046 if (tty->write_cnt < chunk) { 1047 unsigned char *buf_chunk; 1048 1049 if (chunk < 1024) 1050 chunk = 1024; 1051 1052 buf_chunk = kmalloc(chunk, GFP_KERNEL); 1053 if (!buf_chunk) { 1054 ret = -ENOMEM; 1055 goto out; 1056 } 1057 kfree(tty->write_buf); 1058 tty->write_cnt = chunk; 1059 tty->write_buf = buf_chunk; 1060 } 1061 1062 /* Do the write .. */ 1063 for (;;) { 1064 size_t size = count; 1065 if (size > chunk) 1066 size = chunk; 1067 ret = -EFAULT; 1068 if (copy_from_user(tty->write_buf, buf, size)) 1069 break; 1070 ret = write(tty, file, tty->write_buf, size); 1071 if (ret <= 0) 1072 break; 1073 written += ret; 1074 buf += ret; 1075 count -= ret; 1076 if (!count) 1077 break; 1078 ret = -ERESTARTSYS; 1079 if (signal_pending(current)) 1080 break; 1081 cond_resched(); 1082 } 1083 if (written) { 1084 struct inode *inode = file->f_path.dentry->d_inode; 1085 inode->i_mtime = current_fs_time(inode->i_sb); 1086 ret = written; 1087 } 1088 out: 1089 tty_write_unlock(tty); 1090 return ret; 1091 } 1092 1093 /** 1094 * tty_write_message - write a message to a certain tty, not just the console. 1095 * @tty: the destination tty_struct 1096 * @msg: the message to write 1097 * 1098 * This is used for messages that need to be redirected to a specific tty. 1099 * We don't put it into the syslog queue right now maybe in the future if 1100 * really needed. 1101 * 1102 * We must still hold the BTM and test the CLOSING flag for the moment. 1103 */ 1104 1105 void tty_write_message(struct tty_struct *tty, char *msg) 1106 { 1107 if (tty) { 1108 mutex_lock(&tty->atomic_write_lock); 1109 tty_lock(tty); 1110 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) { 1111 tty_unlock(tty); 1112 tty->ops->write(tty, msg, strlen(msg)); 1113 } else 1114 tty_unlock(tty); 1115 tty_write_unlock(tty); 1116 } 1117 return; 1118 } 1119 1120 1121 /** 1122 * tty_write - write method for tty device file 1123 * @file: tty file pointer 1124 * @buf: user data to write 1125 * @count: bytes to write 1126 * @ppos: unused 1127 * 1128 * Write data to a tty device via the line discipline. 1129 * 1130 * Locking: 1131 * Locks the line discipline as required 1132 * Writes to the tty driver are serialized by the atomic_write_lock 1133 * and are then processed in chunks to the device. The line discipline 1134 * write method will not be invoked in parallel for each device. 1135 */ 1136 1137 static ssize_t tty_write(struct file *file, const char __user *buf, 1138 size_t count, loff_t *ppos) 1139 { 1140 struct inode *inode = file->f_path.dentry->d_inode; 1141 struct tty_struct *tty = file_tty(file); 1142 struct tty_ldisc *ld; 1143 ssize_t ret; 1144 1145 if (tty_paranoia_check(tty, inode, "tty_write")) 1146 return -EIO; 1147 if (!tty || !tty->ops->write || 1148 (test_bit(TTY_IO_ERROR, &tty->flags))) 1149 return -EIO; 1150 /* Short term debug to catch buggy drivers */ 1151 if (tty->ops->write_room == NULL) 1152 printk(KERN_ERR "tty driver %s lacks a write_room method.\n", 1153 tty->driver->name); 1154 ld = tty_ldisc_ref_wait(tty); 1155 if (!ld->ops->write) 1156 ret = -EIO; 1157 else 1158 ret = do_tty_write(ld->ops->write, tty, file, buf, count); 1159 tty_ldisc_deref(ld); 1160 return ret; 1161 } 1162 1163 ssize_t redirected_tty_write(struct file *file, const char __user *buf, 1164 size_t count, loff_t *ppos) 1165 { 1166 struct file *p = NULL; 1167 1168 spin_lock(&redirect_lock); 1169 if (redirect) 1170 p = get_file(redirect); 1171 spin_unlock(&redirect_lock); 1172 1173 if (p) { 1174 ssize_t res; 1175 res = vfs_write(p, buf, count, &p->f_pos); 1176 fput(p); 1177 return res; 1178 } 1179 return tty_write(file, buf, count, ppos); 1180 } 1181 1182 static char ptychar[] = "pqrstuvwxyzabcde"; 1183 1184 /** 1185 * pty_line_name - generate name for a pty 1186 * @driver: the tty driver in use 1187 * @index: the minor number 1188 * @p: output buffer of at least 6 bytes 1189 * 1190 * Generate a name from a driver reference and write it to the output 1191 * buffer. 1192 * 1193 * Locking: None 1194 */ 1195 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1196 { 1197 int i = index + driver->name_base; 1198 /* ->name is initialized to "ttyp", but "tty" is expected */ 1199 sprintf(p, "%s%c%x", 1200 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1201 ptychar[i >> 4 & 0xf], i & 0xf); 1202 } 1203 1204 /** 1205 * tty_line_name - generate name for a tty 1206 * @driver: the tty driver in use 1207 * @index: the minor number 1208 * @p: output buffer of at least 7 bytes 1209 * 1210 * Generate a name from a driver reference and write it to the output 1211 * buffer. 1212 * 1213 * Locking: None 1214 */ 1215 static void tty_line_name(struct tty_driver *driver, int index, char *p) 1216 { 1217 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1218 strcpy(p, driver->name); 1219 else 1220 sprintf(p, "%s%d", driver->name, index + driver->name_base); 1221 } 1222 1223 /** 1224 * tty_driver_lookup_tty() - find an existing tty, if any 1225 * @driver: the driver for the tty 1226 * @idx: the minor number 1227 * 1228 * Return the tty, if found or ERR_PTR() otherwise. 1229 * 1230 * Locking: tty_mutex must be held. If tty is found, the mutex must 1231 * be held until the 'fast-open' is also done. Will change once we 1232 * have refcounting in the driver and per driver locking 1233 */ 1234 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1235 struct inode *inode, int idx) 1236 { 1237 if (driver->ops->lookup) 1238 return driver->ops->lookup(driver, inode, idx); 1239 1240 return driver->ttys[idx]; 1241 } 1242 1243 /** 1244 * tty_init_termios - helper for termios setup 1245 * @tty: the tty to set up 1246 * 1247 * Initialise the termios structures for this tty. Thus runs under 1248 * the tty_mutex currently so we can be relaxed about ordering. 1249 */ 1250 1251 int tty_init_termios(struct tty_struct *tty) 1252 { 1253 struct ktermios *tp; 1254 int idx = tty->index; 1255 1256 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1257 tty->termios = tty->driver->init_termios; 1258 else { 1259 /* Check for lazy saved data */ 1260 tp = tty->driver->termios[idx]; 1261 if (tp != NULL) 1262 tty->termios = *tp; 1263 else 1264 tty->termios = tty->driver->init_termios; 1265 } 1266 /* Compatibility until drivers always set this */ 1267 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1268 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1269 return 0; 1270 } 1271 EXPORT_SYMBOL_GPL(tty_init_termios); 1272 1273 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1274 { 1275 int ret = tty_init_termios(tty); 1276 if (ret) 1277 return ret; 1278 1279 tty_driver_kref_get(driver); 1280 tty->count++; 1281 driver->ttys[tty->index] = tty; 1282 return 0; 1283 } 1284 EXPORT_SYMBOL_GPL(tty_standard_install); 1285 1286 /** 1287 * tty_driver_install_tty() - install a tty entry in the driver 1288 * @driver: the driver for the tty 1289 * @tty: the tty 1290 * 1291 * Install a tty object into the driver tables. The tty->index field 1292 * will be set by the time this is called. This method is responsible 1293 * for ensuring any need additional structures are allocated and 1294 * configured. 1295 * 1296 * Locking: tty_mutex for now 1297 */ 1298 static int tty_driver_install_tty(struct tty_driver *driver, 1299 struct tty_struct *tty) 1300 { 1301 return driver->ops->install ? driver->ops->install(driver, tty) : 1302 tty_standard_install(driver, tty); 1303 } 1304 1305 /** 1306 * tty_driver_remove_tty() - remove a tty from the driver tables 1307 * @driver: the driver for the tty 1308 * @idx: the minor number 1309 * 1310 * Remvoe a tty object from the driver tables. The tty->index field 1311 * will be set by the time this is called. 1312 * 1313 * Locking: tty_mutex for now 1314 */ 1315 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1316 { 1317 if (driver->ops->remove) 1318 driver->ops->remove(driver, tty); 1319 else 1320 driver->ttys[tty->index] = NULL; 1321 } 1322 1323 /* 1324 * tty_reopen() - fast re-open of an open tty 1325 * @tty - the tty to open 1326 * 1327 * Return 0 on success, -errno on error. 1328 * 1329 * Locking: tty_mutex must be held from the time the tty was found 1330 * till this open completes. 1331 */ 1332 static int tty_reopen(struct tty_struct *tty) 1333 { 1334 struct tty_driver *driver = tty->driver; 1335 1336 if (test_bit(TTY_CLOSING, &tty->flags) || 1337 test_bit(TTY_HUPPING, &tty->flags) || 1338 test_bit(TTY_LDISC_CHANGING, &tty->flags)) 1339 return -EIO; 1340 1341 if (driver->type == TTY_DRIVER_TYPE_PTY && 1342 driver->subtype == PTY_TYPE_MASTER) { 1343 /* 1344 * special case for PTY masters: only one open permitted, 1345 * and the slave side open count is incremented as well. 1346 */ 1347 if (tty->count) 1348 return -EIO; 1349 1350 tty->link->count++; 1351 } 1352 tty->count++; 1353 1354 mutex_lock(&tty->ldisc_mutex); 1355 WARN_ON(!test_bit(TTY_LDISC, &tty->flags)); 1356 mutex_unlock(&tty->ldisc_mutex); 1357 1358 return 0; 1359 } 1360 1361 /** 1362 * tty_init_dev - initialise a tty device 1363 * @driver: tty driver we are opening a device on 1364 * @idx: device index 1365 * @ret_tty: returned tty structure 1366 * 1367 * Prepare a tty device. This may not be a "new" clean device but 1368 * could also be an active device. The pty drivers require special 1369 * handling because of this. 1370 * 1371 * Locking: 1372 * The function is called under the tty_mutex, which 1373 * protects us from the tty struct or driver itself going away. 1374 * 1375 * On exit the tty device has the line discipline attached and 1376 * a reference count of 1. If a pair was created for pty/tty use 1377 * and the other was a pty master then it too has a reference count of 1. 1378 * 1379 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1380 * failed open. The new code protects the open with a mutex, so it's 1381 * really quite straightforward. The mutex locking can probably be 1382 * relaxed for the (most common) case of reopening a tty. 1383 */ 1384 1385 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1386 { 1387 struct tty_struct *tty; 1388 int retval; 1389 1390 /* 1391 * First time open is complex, especially for PTY devices. 1392 * This code guarantees that either everything succeeds and the 1393 * TTY is ready for operation, or else the table slots are vacated 1394 * and the allocated memory released. (Except that the termios 1395 * and locked termios may be retained.) 1396 */ 1397 1398 if (!try_module_get(driver->owner)) 1399 return ERR_PTR(-ENODEV); 1400 1401 tty = alloc_tty_struct(); 1402 if (!tty) { 1403 retval = -ENOMEM; 1404 goto err_module_put; 1405 } 1406 initialize_tty_struct(tty, driver, idx); 1407 1408 tty_lock(tty); 1409 retval = tty_driver_install_tty(driver, tty); 1410 if (retval < 0) 1411 goto err_deinit_tty; 1412 1413 if (!tty->port) 1414 tty->port = driver->ports[idx]; 1415 1416 WARN_RATELIMIT(!tty->port, 1417 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", 1418 __func__, tty->driver->name); 1419 1420 /* 1421 * Structures all installed ... call the ldisc open routines. 1422 * If we fail here just call release_tty to clean up. No need 1423 * to decrement the use counts, as release_tty doesn't care. 1424 */ 1425 retval = tty_ldisc_setup(tty, tty->link); 1426 if (retval) 1427 goto err_release_tty; 1428 /* Return the tty locked so that it cannot vanish under the caller */ 1429 return tty; 1430 1431 err_deinit_tty: 1432 tty_unlock(tty); 1433 deinitialize_tty_struct(tty); 1434 free_tty_struct(tty); 1435 err_module_put: 1436 module_put(driver->owner); 1437 return ERR_PTR(retval); 1438 1439 /* call the tty release_tty routine to clean out this slot */ 1440 err_release_tty: 1441 tty_unlock(tty); 1442 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, " 1443 "clearing slot %d\n", idx); 1444 release_tty(tty, idx); 1445 return ERR_PTR(retval); 1446 } 1447 1448 void tty_free_termios(struct tty_struct *tty) 1449 { 1450 struct ktermios *tp; 1451 int idx = tty->index; 1452 1453 /* If the port is going to reset then it has no termios to save */ 1454 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1455 return; 1456 1457 /* Stash the termios data */ 1458 tp = tty->driver->termios[idx]; 1459 if (tp == NULL) { 1460 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL); 1461 if (tp == NULL) { 1462 pr_warn("tty: no memory to save termios state.\n"); 1463 return; 1464 } 1465 tty->driver->termios[idx] = tp; 1466 } 1467 *tp = tty->termios; 1468 } 1469 EXPORT_SYMBOL(tty_free_termios); 1470 1471 1472 /** 1473 * release_one_tty - release tty structure memory 1474 * @kref: kref of tty we are obliterating 1475 * 1476 * Releases memory associated with a tty structure, and clears out the 1477 * driver table slots. This function is called when a device is no longer 1478 * in use. It also gets called when setup of a device fails. 1479 * 1480 * Locking: 1481 * takes the file list lock internally when working on the list 1482 * of ttys that the driver keeps. 1483 * 1484 * This method gets called from a work queue so that the driver private 1485 * cleanup ops can sleep (needed for USB at least) 1486 */ 1487 static void release_one_tty(struct work_struct *work) 1488 { 1489 struct tty_struct *tty = 1490 container_of(work, struct tty_struct, hangup_work); 1491 struct tty_driver *driver = tty->driver; 1492 1493 if (tty->ops->cleanup) 1494 tty->ops->cleanup(tty); 1495 1496 tty->magic = 0; 1497 tty_driver_kref_put(driver); 1498 module_put(driver->owner); 1499 1500 spin_lock(&tty_files_lock); 1501 list_del_init(&tty->tty_files); 1502 spin_unlock(&tty_files_lock); 1503 1504 put_pid(tty->pgrp); 1505 put_pid(tty->session); 1506 free_tty_struct(tty); 1507 } 1508 1509 static void queue_release_one_tty(struct kref *kref) 1510 { 1511 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1512 1513 /* The hangup queue is now free so we can reuse it rather than 1514 waste a chunk of memory for each port */ 1515 INIT_WORK(&tty->hangup_work, release_one_tty); 1516 schedule_work(&tty->hangup_work); 1517 } 1518 1519 /** 1520 * tty_kref_put - release a tty kref 1521 * @tty: tty device 1522 * 1523 * Release a reference to a tty device and if need be let the kref 1524 * layer destruct the object for us 1525 */ 1526 1527 void tty_kref_put(struct tty_struct *tty) 1528 { 1529 if (tty) 1530 kref_put(&tty->kref, queue_release_one_tty); 1531 } 1532 EXPORT_SYMBOL(tty_kref_put); 1533 1534 /** 1535 * release_tty - release tty structure memory 1536 * 1537 * Release both @tty and a possible linked partner (think pty pair), 1538 * and decrement the refcount of the backing module. 1539 * 1540 * Locking: 1541 * tty_mutex 1542 * takes the file list lock internally when working on the list 1543 * of ttys that the driver keeps. 1544 * 1545 */ 1546 static void release_tty(struct tty_struct *tty, int idx) 1547 { 1548 /* This should always be true but check for the moment */ 1549 WARN_ON(tty->index != idx); 1550 WARN_ON(!mutex_is_locked(&tty_mutex)); 1551 if (tty->ops->shutdown) 1552 tty->ops->shutdown(tty); 1553 tty_free_termios(tty); 1554 tty_driver_remove_tty(tty->driver, tty); 1555 1556 if (tty->link) 1557 tty_kref_put(tty->link); 1558 tty_kref_put(tty); 1559 } 1560 1561 /** 1562 * tty_release_checks - check a tty before real release 1563 * @tty: tty to check 1564 * @o_tty: link of @tty (if any) 1565 * @idx: index of the tty 1566 * 1567 * Performs some paranoid checking before true release of the @tty. 1568 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1569 */ 1570 static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty, 1571 int idx) 1572 { 1573 #ifdef TTY_PARANOIA_CHECK 1574 if (idx < 0 || idx >= tty->driver->num) { 1575 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n", 1576 __func__, tty->name); 1577 return -1; 1578 } 1579 1580 /* not much to check for devpts */ 1581 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1582 return 0; 1583 1584 if (tty != tty->driver->ttys[idx]) { 1585 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n", 1586 __func__, idx, tty->name); 1587 return -1; 1588 } 1589 if (tty->driver->other) { 1590 if (o_tty != tty->driver->other->ttys[idx]) { 1591 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n", 1592 __func__, idx, tty->name); 1593 return -1; 1594 } 1595 if (o_tty->link != tty) { 1596 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__); 1597 return -1; 1598 } 1599 } 1600 #endif 1601 return 0; 1602 } 1603 1604 /** 1605 * tty_release - vfs callback for close 1606 * @inode: inode of tty 1607 * @filp: file pointer for handle to tty 1608 * 1609 * Called the last time each file handle is closed that references 1610 * this tty. There may however be several such references. 1611 * 1612 * Locking: 1613 * Takes bkl. See tty_release_dev 1614 * 1615 * Even releasing the tty structures is a tricky business.. We have 1616 * to be very careful that the structures are all released at the 1617 * same time, as interrupts might otherwise get the wrong pointers. 1618 * 1619 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1620 * lead to double frees or releasing memory still in use. 1621 */ 1622 1623 int tty_release(struct inode *inode, struct file *filp) 1624 { 1625 struct tty_struct *tty = file_tty(filp); 1626 struct tty_struct *o_tty; 1627 int pty_master, tty_closing, o_tty_closing, do_sleep; 1628 int devpts; 1629 int idx; 1630 char buf[64]; 1631 1632 if (tty_paranoia_check(tty, inode, __func__)) 1633 return 0; 1634 1635 tty_lock(tty); 1636 check_tty_count(tty, __func__); 1637 1638 __tty_fasync(-1, filp, 0); 1639 1640 idx = tty->index; 1641 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1642 tty->driver->subtype == PTY_TYPE_MASTER); 1643 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0; 1644 /* Review: parallel close */ 1645 o_tty = tty->link; 1646 1647 if (tty_release_checks(tty, o_tty, idx)) { 1648 tty_unlock(tty); 1649 return 0; 1650 } 1651 1652 #ifdef TTY_DEBUG_HANGUP 1653 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__, 1654 tty_name(tty, buf), tty->count); 1655 #endif 1656 1657 if (tty->ops->close) 1658 tty->ops->close(tty, filp); 1659 1660 tty_unlock(tty); 1661 /* 1662 * Sanity check: if tty->count is going to zero, there shouldn't be 1663 * any waiters on tty->read_wait or tty->write_wait. We test the 1664 * wait queues and kick everyone out _before_ actually starting to 1665 * close. This ensures that we won't block while releasing the tty 1666 * structure. 1667 * 1668 * The test for the o_tty closing is necessary, since the master and 1669 * slave sides may close in any order. If the slave side closes out 1670 * first, its count will be one, since the master side holds an open. 1671 * Thus this test wouldn't be triggered at the time the slave closes, 1672 * so we do it now. 1673 * 1674 * Note that it's possible for the tty to be opened again while we're 1675 * flushing out waiters. By recalculating the closing flags before 1676 * each iteration we avoid any problems. 1677 */ 1678 while (1) { 1679 /* Guard against races with tty->count changes elsewhere and 1680 opens on /dev/tty */ 1681 1682 mutex_lock(&tty_mutex); 1683 tty_lock_pair(tty, o_tty); 1684 tty_closing = tty->count <= 1; 1685 o_tty_closing = o_tty && 1686 (o_tty->count <= (pty_master ? 1 : 0)); 1687 do_sleep = 0; 1688 1689 if (tty_closing) { 1690 if (waitqueue_active(&tty->read_wait)) { 1691 wake_up_poll(&tty->read_wait, POLLIN); 1692 do_sleep++; 1693 } 1694 if (waitqueue_active(&tty->write_wait)) { 1695 wake_up_poll(&tty->write_wait, POLLOUT); 1696 do_sleep++; 1697 } 1698 } 1699 if (o_tty_closing) { 1700 if (waitqueue_active(&o_tty->read_wait)) { 1701 wake_up_poll(&o_tty->read_wait, POLLIN); 1702 do_sleep++; 1703 } 1704 if (waitqueue_active(&o_tty->write_wait)) { 1705 wake_up_poll(&o_tty->write_wait, POLLOUT); 1706 do_sleep++; 1707 } 1708 } 1709 if (!do_sleep) 1710 break; 1711 1712 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n", 1713 __func__, tty_name(tty, buf)); 1714 tty_unlock_pair(tty, o_tty); 1715 mutex_unlock(&tty_mutex); 1716 schedule(); 1717 } 1718 1719 /* 1720 * The closing flags are now consistent with the open counts on 1721 * both sides, and we've completed the last operation that could 1722 * block, so it's safe to proceed with closing. 1723 * 1724 * We must *not* drop the tty_mutex until we ensure that a further 1725 * entry into tty_open can not pick up this tty. 1726 */ 1727 if (pty_master) { 1728 if (--o_tty->count < 0) { 1729 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n", 1730 __func__, o_tty->count, tty_name(o_tty, buf)); 1731 o_tty->count = 0; 1732 } 1733 } 1734 if (--tty->count < 0) { 1735 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n", 1736 __func__, tty->count, tty_name(tty, buf)); 1737 tty->count = 0; 1738 } 1739 1740 /* 1741 * We've decremented tty->count, so we need to remove this file 1742 * descriptor off the tty->tty_files list; this serves two 1743 * purposes: 1744 * - check_tty_count sees the correct number of file descriptors 1745 * associated with this tty. 1746 * - do_tty_hangup no longer sees this file descriptor as 1747 * something that needs to be handled for hangups. 1748 */ 1749 tty_del_file(filp); 1750 1751 /* 1752 * Perform some housekeeping before deciding whether to return. 1753 * 1754 * Set the TTY_CLOSING flag if this was the last open. In the 1755 * case of a pty we may have to wait around for the other side 1756 * to close, and TTY_CLOSING makes sure we can't be reopened. 1757 */ 1758 if (tty_closing) 1759 set_bit(TTY_CLOSING, &tty->flags); 1760 if (o_tty_closing) 1761 set_bit(TTY_CLOSING, &o_tty->flags); 1762 1763 /* 1764 * If _either_ side is closing, make sure there aren't any 1765 * processes that still think tty or o_tty is their controlling 1766 * tty. 1767 */ 1768 if (tty_closing || o_tty_closing) { 1769 read_lock(&tasklist_lock); 1770 session_clear_tty(tty->session); 1771 if (o_tty) 1772 session_clear_tty(o_tty->session); 1773 read_unlock(&tasklist_lock); 1774 } 1775 1776 mutex_unlock(&tty_mutex); 1777 tty_unlock_pair(tty, o_tty); 1778 /* At this point the TTY_CLOSING flag should ensure a dead tty 1779 cannot be re-opened by a racing opener */ 1780 1781 /* check whether both sides are closing ... */ 1782 if (!tty_closing || (o_tty && !o_tty_closing)) 1783 return 0; 1784 1785 #ifdef TTY_DEBUG_HANGUP 1786 printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__); 1787 #endif 1788 /* 1789 * Ask the line discipline code to release its structures 1790 */ 1791 tty_ldisc_release(tty, o_tty); 1792 /* 1793 * The release_tty function takes care of the details of clearing 1794 * the slots and preserving the termios structure. The tty_unlock_pair 1795 * should be safe as we keep a kref while the tty is locked (so the 1796 * unlock never unlocks a freed tty). 1797 */ 1798 mutex_lock(&tty_mutex); 1799 release_tty(tty, idx); 1800 mutex_unlock(&tty_mutex); 1801 1802 /* Make this pty number available for reallocation */ 1803 if (devpts) 1804 devpts_kill_index(inode, idx); 1805 return 0; 1806 } 1807 1808 /** 1809 * tty_open_current_tty - get tty of current task for open 1810 * @device: device number 1811 * @filp: file pointer to tty 1812 * @return: tty of the current task iff @device is /dev/tty 1813 * 1814 * We cannot return driver and index like for the other nodes because 1815 * devpts will not work then. It expects inodes to be from devpts FS. 1816 * 1817 * We need to move to returning a refcounted object from all the lookup 1818 * paths including this one. 1819 */ 1820 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1821 { 1822 struct tty_struct *tty; 1823 1824 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1825 return NULL; 1826 1827 tty = get_current_tty(); 1828 if (!tty) 1829 return ERR_PTR(-ENXIO); 1830 1831 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1832 /* noctty = 1; */ 1833 tty_kref_put(tty); 1834 /* FIXME: we put a reference and return a TTY! */ 1835 /* This is only safe because the caller holds tty_mutex */ 1836 return tty; 1837 } 1838 1839 /** 1840 * tty_lookup_driver - lookup a tty driver for a given device file 1841 * @device: device number 1842 * @filp: file pointer to tty 1843 * @noctty: set if the device should not become a controlling tty 1844 * @index: index for the device in the @return driver 1845 * @return: driver for this inode (with increased refcount) 1846 * 1847 * If @return is not erroneous, the caller is responsible to decrement the 1848 * refcount by tty_driver_kref_put. 1849 * 1850 * Locking: tty_mutex protects get_tty_driver 1851 */ 1852 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1853 int *noctty, int *index) 1854 { 1855 struct tty_driver *driver; 1856 1857 switch (device) { 1858 #ifdef CONFIG_VT 1859 case MKDEV(TTY_MAJOR, 0): { 1860 extern struct tty_driver *console_driver; 1861 driver = tty_driver_kref_get(console_driver); 1862 *index = fg_console; 1863 *noctty = 1; 1864 break; 1865 } 1866 #endif 1867 case MKDEV(TTYAUX_MAJOR, 1): { 1868 struct tty_driver *console_driver = console_device(index); 1869 if (console_driver) { 1870 driver = tty_driver_kref_get(console_driver); 1871 if (driver) { 1872 /* Don't let /dev/console block */ 1873 filp->f_flags |= O_NONBLOCK; 1874 *noctty = 1; 1875 break; 1876 } 1877 } 1878 return ERR_PTR(-ENODEV); 1879 } 1880 default: 1881 driver = get_tty_driver(device, index); 1882 if (!driver) 1883 return ERR_PTR(-ENODEV); 1884 break; 1885 } 1886 return driver; 1887 } 1888 1889 /** 1890 * tty_open - open a tty device 1891 * @inode: inode of device file 1892 * @filp: file pointer to tty 1893 * 1894 * tty_open and tty_release keep up the tty count that contains the 1895 * number of opens done on a tty. We cannot use the inode-count, as 1896 * different inodes might point to the same tty. 1897 * 1898 * Open-counting is needed for pty masters, as well as for keeping 1899 * track of serial lines: DTR is dropped when the last close happens. 1900 * (This is not done solely through tty->count, now. - Ted 1/27/92) 1901 * 1902 * The termios state of a pty is reset on first open so that 1903 * settings don't persist across reuse. 1904 * 1905 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 1906 * tty->count should protect the rest. 1907 * ->siglock protects ->signal/->sighand 1908 * 1909 * Note: the tty_unlock/lock cases without a ref are only safe due to 1910 * tty_mutex 1911 */ 1912 1913 static int tty_open(struct inode *inode, struct file *filp) 1914 { 1915 struct tty_struct *tty; 1916 int noctty, retval; 1917 struct tty_driver *driver = NULL; 1918 int index; 1919 dev_t device = inode->i_rdev; 1920 unsigned saved_flags = filp->f_flags; 1921 1922 nonseekable_open(inode, filp); 1923 1924 retry_open: 1925 retval = tty_alloc_file(filp); 1926 if (retval) 1927 return -ENOMEM; 1928 1929 noctty = filp->f_flags & O_NOCTTY; 1930 index = -1; 1931 retval = 0; 1932 1933 mutex_lock(&tty_mutex); 1934 /* This is protected by the tty_mutex */ 1935 tty = tty_open_current_tty(device, filp); 1936 if (IS_ERR(tty)) { 1937 retval = PTR_ERR(tty); 1938 goto err_unlock; 1939 } else if (!tty) { 1940 driver = tty_lookup_driver(device, filp, &noctty, &index); 1941 if (IS_ERR(driver)) { 1942 retval = PTR_ERR(driver); 1943 goto err_unlock; 1944 } 1945 1946 /* check whether we're reopening an existing tty */ 1947 tty = tty_driver_lookup_tty(driver, inode, index); 1948 if (IS_ERR(tty)) { 1949 retval = PTR_ERR(tty); 1950 goto err_unlock; 1951 } 1952 } 1953 1954 if (tty) { 1955 tty_lock(tty); 1956 retval = tty_reopen(tty); 1957 if (retval < 0) { 1958 tty_unlock(tty); 1959 tty = ERR_PTR(retval); 1960 } 1961 } else /* Returns with the tty_lock held for now */ 1962 tty = tty_init_dev(driver, index); 1963 1964 mutex_unlock(&tty_mutex); 1965 if (driver) 1966 tty_driver_kref_put(driver); 1967 if (IS_ERR(tty)) { 1968 retval = PTR_ERR(tty); 1969 goto err_file; 1970 } 1971 1972 tty_add_file(tty, filp); 1973 1974 check_tty_count(tty, __func__); 1975 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1976 tty->driver->subtype == PTY_TYPE_MASTER) 1977 noctty = 1; 1978 #ifdef TTY_DEBUG_HANGUP 1979 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name); 1980 #endif 1981 if (tty->ops->open) 1982 retval = tty->ops->open(tty, filp); 1983 else 1984 retval = -ENODEV; 1985 filp->f_flags = saved_flags; 1986 1987 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && 1988 !capable(CAP_SYS_ADMIN)) 1989 retval = -EBUSY; 1990 1991 if (retval) { 1992 #ifdef TTY_DEBUG_HANGUP 1993 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__, 1994 retval, tty->name); 1995 #endif 1996 tty_unlock(tty); /* need to call tty_release without BTM */ 1997 tty_release(inode, filp); 1998 if (retval != -ERESTARTSYS) 1999 return retval; 2000 2001 if (signal_pending(current)) 2002 return retval; 2003 2004 schedule(); 2005 /* 2006 * Need to reset f_op in case a hangup happened. 2007 */ 2008 if (filp->f_op == &hung_up_tty_fops) 2009 filp->f_op = &tty_fops; 2010 goto retry_open; 2011 } 2012 tty_unlock(tty); 2013 2014 2015 mutex_lock(&tty_mutex); 2016 tty_lock(tty); 2017 spin_lock_irq(¤t->sighand->siglock); 2018 if (!noctty && 2019 current->signal->leader && 2020 !current->signal->tty && 2021 tty->session == NULL) 2022 __proc_set_tty(current, tty); 2023 spin_unlock_irq(¤t->sighand->siglock); 2024 tty_unlock(tty); 2025 mutex_unlock(&tty_mutex); 2026 return 0; 2027 err_unlock: 2028 mutex_unlock(&tty_mutex); 2029 /* after locks to avoid deadlock */ 2030 if (!IS_ERR_OR_NULL(driver)) 2031 tty_driver_kref_put(driver); 2032 err_file: 2033 tty_free_file(filp); 2034 return retval; 2035 } 2036 2037 2038 2039 /** 2040 * tty_poll - check tty status 2041 * @filp: file being polled 2042 * @wait: poll wait structures to update 2043 * 2044 * Call the line discipline polling method to obtain the poll 2045 * status of the device. 2046 * 2047 * Locking: locks called line discipline but ldisc poll method 2048 * may be re-entered freely by other callers. 2049 */ 2050 2051 static unsigned int tty_poll(struct file *filp, poll_table *wait) 2052 { 2053 struct tty_struct *tty = file_tty(filp); 2054 struct tty_ldisc *ld; 2055 int ret = 0; 2056 2057 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll")) 2058 return 0; 2059 2060 ld = tty_ldisc_ref_wait(tty); 2061 if (ld->ops->poll) 2062 ret = (ld->ops->poll)(tty, filp, wait); 2063 tty_ldisc_deref(ld); 2064 return ret; 2065 } 2066 2067 static int __tty_fasync(int fd, struct file *filp, int on) 2068 { 2069 struct tty_struct *tty = file_tty(filp); 2070 unsigned long flags; 2071 int retval = 0; 2072 2073 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync")) 2074 goto out; 2075 2076 retval = fasync_helper(fd, filp, on, &tty->fasync); 2077 if (retval <= 0) 2078 goto out; 2079 2080 if (on) { 2081 enum pid_type type; 2082 struct pid *pid; 2083 if (!waitqueue_active(&tty->read_wait)) 2084 tty->minimum_to_wake = 1; 2085 spin_lock_irqsave(&tty->ctrl_lock, flags); 2086 if (tty->pgrp) { 2087 pid = tty->pgrp; 2088 type = PIDTYPE_PGID; 2089 } else { 2090 pid = task_pid(current); 2091 type = PIDTYPE_PID; 2092 } 2093 get_pid(pid); 2094 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2095 retval = __f_setown(filp, pid, type, 0); 2096 put_pid(pid); 2097 if (retval) 2098 goto out; 2099 } else { 2100 if (!tty->fasync && !waitqueue_active(&tty->read_wait)) 2101 tty->minimum_to_wake = N_TTY_BUF_SIZE; 2102 } 2103 retval = 0; 2104 out: 2105 return retval; 2106 } 2107 2108 static int tty_fasync(int fd, struct file *filp, int on) 2109 { 2110 struct tty_struct *tty = file_tty(filp); 2111 int retval; 2112 2113 tty_lock(tty); 2114 retval = __tty_fasync(fd, filp, on); 2115 tty_unlock(tty); 2116 2117 return retval; 2118 } 2119 2120 /** 2121 * tiocsti - fake input character 2122 * @tty: tty to fake input into 2123 * @p: pointer to character 2124 * 2125 * Fake input to a tty device. Does the necessary locking and 2126 * input management. 2127 * 2128 * FIXME: does not honour flow control ?? 2129 * 2130 * Locking: 2131 * Called functions take tty_ldisc_lock 2132 * current->signal->tty check is safe without locks 2133 * 2134 * FIXME: may race normal receive processing 2135 */ 2136 2137 static int tiocsti(struct tty_struct *tty, char __user *p) 2138 { 2139 char ch, mbz = 0; 2140 struct tty_ldisc *ld; 2141 2142 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2143 return -EPERM; 2144 if (get_user(ch, p)) 2145 return -EFAULT; 2146 tty_audit_tiocsti(tty, ch); 2147 ld = tty_ldisc_ref_wait(tty); 2148 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2149 tty_ldisc_deref(ld); 2150 return 0; 2151 } 2152 2153 /** 2154 * tiocgwinsz - implement window query ioctl 2155 * @tty; tty 2156 * @arg: user buffer for result 2157 * 2158 * Copies the kernel idea of the window size into the user buffer. 2159 * 2160 * Locking: tty->termios_mutex is taken to ensure the winsize data 2161 * is consistent. 2162 */ 2163 2164 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2165 { 2166 int err; 2167 2168 mutex_lock(&tty->termios_mutex); 2169 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2170 mutex_unlock(&tty->termios_mutex); 2171 2172 return err ? -EFAULT: 0; 2173 } 2174 2175 /** 2176 * tty_do_resize - resize event 2177 * @tty: tty being resized 2178 * @rows: rows (character) 2179 * @cols: cols (character) 2180 * 2181 * Update the termios variables and send the necessary signals to 2182 * peform a terminal resize correctly 2183 */ 2184 2185 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2186 { 2187 struct pid *pgrp; 2188 unsigned long flags; 2189 2190 /* Lock the tty */ 2191 mutex_lock(&tty->termios_mutex); 2192 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2193 goto done; 2194 /* Get the PID values and reference them so we can 2195 avoid holding the tty ctrl lock while sending signals */ 2196 spin_lock_irqsave(&tty->ctrl_lock, flags); 2197 pgrp = get_pid(tty->pgrp); 2198 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2199 2200 if (pgrp) 2201 kill_pgrp(pgrp, SIGWINCH, 1); 2202 put_pid(pgrp); 2203 2204 tty->winsize = *ws; 2205 done: 2206 mutex_unlock(&tty->termios_mutex); 2207 return 0; 2208 } 2209 2210 /** 2211 * tiocswinsz - implement window size set ioctl 2212 * @tty; tty side of tty 2213 * @arg: user buffer for result 2214 * 2215 * Copies the user idea of the window size to the kernel. Traditionally 2216 * this is just advisory information but for the Linux console it 2217 * actually has driver level meaning and triggers a VC resize. 2218 * 2219 * Locking: 2220 * Driver dependent. The default do_resize method takes the 2221 * tty termios mutex and ctrl_lock. The console takes its own lock 2222 * then calls into the default method. 2223 */ 2224 2225 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2226 { 2227 struct winsize tmp_ws; 2228 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2229 return -EFAULT; 2230 2231 if (tty->ops->resize) 2232 return tty->ops->resize(tty, &tmp_ws); 2233 else 2234 return tty_do_resize(tty, &tmp_ws); 2235 } 2236 2237 /** 2238 * tioccons - allow admin to move logical console 2239 * @file: the file to become console 2240 * 2241 * Allow the administrator to move the redirected console device 2242 * 2243 * Locking: uses redirect_lock to guard the redirect information 2244 */ 2245 2246 static int tioccons(struct file *file) 2247 { 2248 if (!capable(CAP_SYS_ADMIN)) 2249 return -EPERM; 2250 if (file->f_op->write == redirected_tty_write) { 2251 struct file *f; 2252 spin_lock(&redirect_lock); 2253 f = redirect; 2254 redirect = NULL; 2255 spin_unlock(&redirect_lock); 2256 if (f) 2257 fput(f); 2258 return 0; 2259 } 2260 spin_lock(&redirect_lock); 2261 if (redirect) { 2262 spin_unlock(&redirect_lock); 2263 return -EBUSY; 2264 } 2265 redirect = get_file(file); 2266 spin_unlock(&redirect_lock); 2267 return 0; 2268 } 2269 2270 /** 2271 * fionbio - non blocking ioctl 2272 * @file: file to set blocking value 2273 * @p: user parameter 2274 * 2275 * Historical tty interfaces had a blocking control ioctl before 2276 * the generic functionality existed. This piece of history is preserved 2277 * in the expected tty API of posix OS's. 2278 * 2279 * Locking: none, the open file handle ensures it won't go away. 2280 */ 2281 2282 static int fionbio(struct file *file, int __user *p) 2283 { 2284 int nonblock; 2285 2286 if (get_user(nonblock, p)) 2287 return -EFAULT; 2288 2289 spin_lock(&file->f_lock); 2290 if (nonblock) 2291 file->f_flags |= O_NONBLOCK; 2292 else 2293 file->f_flags &= ~O_NONBLOCK; 2294 spin_unlock(&file->f_lock); 2295 return 0; 2296 } 2297 2298 /** 2299 * tiocsctty - set controlling tty 2300 * @tty: tty structure 2301 * @arg: user argument 2302 * 2303 * This ioctl is used to manage job control. It permits a session 2304 * leader to set this tty as the controlling tty for the session. 2305 * 2306 * Locking: 2307 * Takes tty_mutex() to protect tty instance 2308 * Takes tasklist_lock internally to walk sessions 2309 * Takes ->siglock() when updating signal->tty 2310 */ 2311 2312 static int tiocsctty(struct tty_struct *tty, int arg) 2313 { 2314 int ret = 0; 2315 if (current->signal->leader && (task_session(current) == tty->session)) 2316 return ret; 2317 2318 mutex_lock(&tty_mutex); 2319 /* 2320 * The process must be a session leader and 2321 * not have a controlling tty already. 2322 */ 2323 if (!current->signal->leader || current->signal->tty) { 2324 ret = -EPERM; 2325 goto unlock; 2326 } 2327 2328 if (tty->session) { 2329 /* 2330 * This tty is already the controlling 2331 * tty for another session group! 2332 */ 2333 if (arg == 1 && capable(CAP_SYS_ADMIN)) { 2334 /* 2335 * Steal it away 2336 */ 2337 read_lock(&tasklist_lock); 2338 session_clear_tty(tty->session); 2339 read_unlock(&tasklist_lock); 2340 } else { 2341 ret = -EPERM; 2342 goto unlock; 2343 } 2344 } 2345 proc_set_tty(current, tty); 2346 unlock: 2347 mutex_unlock(&tty_mutex); 2348 return ret; 2349 } 2350 2351 /** 2352 * tty_get_pgrp - return a ref counted pgrp pid 2353 * @tty: tty to read 2354 * 2355 * Returns a refcounted instance of the pid struct for the process 2356 * group controlling the tty. 2357 */ 2358 2359 struct pid *tty_get_pgrp(struct tty_struct *tty) 2360 { 2361 unsigned long flags; 2362 struct pid *pgrp; 2363 2364 spin_lock_irqsave(&tty->ctrl_lock, flags); 2365 pgrp = get_pid(tty->pgrp); 2366 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2367 2368 return pgrp; 2369 } 2370 EXPORT_SYMBOL_GPL(tty_get_pgrp); 2371 2372 /** 2373 * tiocgpgrp - get process group 2374 * @tty: tty passed by user 2375 * @real_tty: tty side of the tty passed by the user if a pty else the tty 2376 * @p: returned pid 2377 * 2378 * Obtain the process group of the tty. If there is no process group 2379 * return an error. 2380 * 2381 * Locking: none. Reference to current->signal->tty is safe. 2382 */ 2383 2384 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2385 { 2386 struct pid *pid; 2387 int ret; 2388 /* 2389 * (tty == real_tty) is a cheap way of 2390 * testing if the tty is NOT a master pty. 2391 */ 2392 if (tty == real_tty && current->signal->tty != real_tty) 2393 return -ENOTTY; 2394 pid = tty_get_pgrp(real_tty); 2395 ret = put_user(pid_vnr(pid), p); 2396 put_pid(pid); 2397 return ret; 2398 } 2399 2400 /** 2401 * tiocspgrp - attempt to set process group 2402 * @tty: tty passed by user 2403 * @real_tty: tty side device matching tty passed by user 2404 * @p: pid pointer 2405 * 2406 * Set the process group of the tty to the session passed. Only 2407 * permitted where the tty session is our session. 2408 * 2409 * Locking: RCU, ctrl lock 2410 */ 2411 2412 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2413 { 2414 struct pid *pgrp; 2415 pid_t pgrp_nr; 2416 int retval = tty_check_change(real_tty); 2417 unsigned long flags; 2418 2419 if (retval == -EIO) 2420 return -ENOTTY; 2421 if (retval) 2422 return retval; 2423 if (!current->signal->tty || 2424 (current->signal->tty != real_tty) || 2425 (real_tty->session != task_session(current))) 2426 return -ENOTTY; 2427 if (get_user(pgrp_nr, p)) 2428 return -EFAULT; 2429 if (pgrp_nr < 0) 2430 return -EINVAL; 2431 rcu_read_lock(); 2432 pgrp = find_vpid(pgrp_nr); 2433 retval = -ESRCH; 2434 if (!pgrp) 2435 goto out_unlock; 2436 retval = -EPERM; 2437 if (session_of_pgrp(pgrp) != task_session(current)) 2438 goto out_unlock; 2439 retval = 0; 2440 spin_lock_irqsave(&tty->ctrl_lock, flags); 2441 put_pid(real_tty->pgrp); 2442 real_tty->pgrp = get_pid(pgrp); 2443 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2444 out_unlock: 2445 rcu_read_unlock(); 2446 return retval; 2447 } 2448 2449 /** 2450 * tiocgsid - get session id 2451 * @tty: tty passed by user 2452 * @real_tty: tty side of the tty passed by the user if a pty else the tty 2453 * @p: pointer to returned session id 2454 * 2455 * Obtain the session id of the tty. If there is no session 2456 * return an error. 2457 * 2458 * Locking: none. Reference to current->signal->tty is safe. 2459 */ 2460 2461 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2462 { 2463 /* 2464 * (tty == real_tty) is a cheap way of 2465 * testing if the tty is NOT a master pty. 2466 */ 2467 if (tty == real_tty && current->signal->tty != real_tty) 2468 return -ENOTTY; 2469 if (!real_tty->session) 2470 return -ENOTTY; 2471 return put_user(pid_vnr(real_tty->session), p); 2472 } 2473 2474 /** 2475 * tiocsetd - set line discipline 2476 * @tty: tty device 2477 * @p: pointer to user data 2478 * 2479 * Set the line discipline according to user request. 2480 * 2481 * Locking: see tty_set_ldisc, this function is just a helper 2482 */ 2483 2484 static int tiocsetd(struct tty_struct *tty, int __user *p) 2485 { 2486 int ldisc; 2487 int ret; 2488 2489 if (get_user(ldisc, p)) 2490 return -EFAULT; 2491 2492 ret = tty_set_ldisc(tty, ldisc); 2493 2494 return ret; 2495 } 2496 2497 /** 2498 * send_break - performed time break 2499 * @tty: device to break on 2500 * @duration: timeout in mS 2501 * 2502 * Perform a timed break on hardware that lacks its own driver level 2503 * timed break functionality. 2504 * 2505 * Locking: 2506 * atomic_write_lock serializes 2507 * 2508 */ 2509 2510 static int send_break(struct tty_struct *tty, unsigned int duration) 2511 { 2512 int retval; 2513 2514 if (tty->ops->break_ctl == NULL) 2515 return 0; 2516 2517 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2518 retval = tty->ops->break_ctl(tty, duration); 2519 else { 2520 /* Do the work ourselves */ 2521 if (tty_write_lock(tty, 0) < 0) 2522 return -EINTR; 2523 retval = tty->ops->break_ctl(tty, -1); 2524 if (retval) 2525 goto out; 2526 if (!signal_pending(current)) 2527 msleep_interruptible(duration); 2528 retval = tty->ops->break_ctl(tty, 0); 2529 out: 2530 tty_write_unlock(tty); 2531 if (signal_pending(current)) 2532 retval = -EINTR; 2533 } 2534 return retval; 2535 } 2536 2537 /** 2538 * tty_tiocmget - get modem status 2539 * @tty: tty device 2540 * @file: user file pointer 2541 * @p: pointer to result 2542 * 2543 * Obtain the modem status bits from the tty driver if the feature 2544 * is supported. Return -EINVAL if it is not available. 2545 * 2546 * Locking: none (up to the driver) 2547 */ 2548 2549 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2550 { 2551 int retval = -EINVAL; 2552 2553 if (tty->ops->tiocmget) { 2554 retval = tty->ops->tiocmget(tty); 2555 2556 if (retval >= 0) 2557 retval = put_user(retval, p); 2558 } 2559 return retval; 2560 } 2561 2562 /** 2563 * tty_tiocmset - set modem status 2564 * @tty: tty device 2565 * @cmd: command - clear bits, set bits or set all 2566 * @p: pointer to desired bits 2567 * 2568 * Set the modem status bits from the tty driver if the feature 2569 * is supported. Return -EINVAL if it is not available. 2570 * 2571 * Locking: none (up to the driver) 2572 */ 2573 2574 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2575 unsigned __user *p) 2576 { 2577 int retval; 2578 unsigned int set, clear, val; 2579 2580 if (tty->ops->tiocmset == NULL) 2581 return -EINVAL; 2582 2583 retval = get_user(val, p); 2584 if (retval) 2585 return retval; 2586 set = clear = 0; 2587 switch (cmd) { 2588 case TIOCMBIS: 2589 set = val; 2590 break; 2591 case TIOCMBIC: 2592 clear = val; 2593 break; 2594 case TIOCMSET: 2595 set = val; 2596 clear = ~val; 2597 break; 2598 } 2599 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2600 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2601 return tty->ops->tiocmset(tty, set, clear); 2602 } 2603 2604 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2605 { 2606 int retval = -EINVAL; 2607 struct serial_icounter_struct icount; 2608 memset(&icount, 0, sizeof(icount)); 2609 if (tty->ops->get_icount) 2610 retval = tty->ops->get_icount(tty, &icount); 2611 if (retval != 0) 2612 return retval; 2613 if (copy_to_user(arg, &icount, sizeof(icount))) 2614 return -EFAULT; 2615 return 0; 2616 } 2617 2618 struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2619 { 2620 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2621 tty->driver->subtype == PTY_TYPE_MASTER) 2622 tty = tty->link; 2623 return tty; 2624 } 2625 EXPORT_SYMBOL(tty_pair_get_tty); 2626 2627 struct tty_struct *tty_pair_get_pty(struct tty_struct *tty) 2628 { 2629 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2630 tty->driver->subtype == PTY_TYPE_MASTER) 2631 return tty; 2632 return tty->link; 2633 } 2634 EXPORT_SYMBOL(tty_pair_get_pty); 2635 2636 /* 2637 * Split this up, as gcc can choke on it otherwise.. 2638 */ 2639 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2640 { 2641 struct tty_struct *tty = file_tty(file); 2642 struct tty_struct *real_tty; 2643 void __user *p = (void __user *)arg; 2644 int retval; 2645 struct tty_ldisc *ld; 2646 struct inode *inode = file->f_dentry->d_inode; 2647 2648 if (tty_paranoia_check(tty, inode, "tty_ioctl")) 2649 return -EINVAL; 2650 2651 real_tty = tty_pair_get_tty(tty); 2652 2653 /* 2654 * Factor out some common prep work 2655 */ 2656 switch (cmd) { 2657 case TIOCSETD: 2658 case TIOCSBRK: 2659 case TIOCCBRK: 2660 case TCSBRK: 2661 case TCSBRKP: 2662 retval = tty_check_change(tty); 2663 if (retval) 2664 return retval; 2665 if (cmd != TIOCCBRK) { 2666 tty_wait_until_sent(tty, 0); 2667 if (signal_pending(current)) 2668 return -EINTR; 2669 } 2670 break; 2671 } 2672 2673 /* 2674 * Now do the stuff. 2675 */ 2676 switch (cmd) { 2677 case TIOCSTI: 2678 return tiocsti(tty, p); 2679 case TIOCGWINSZ: 2680 return tiocgwinsz(real_tty, p); 2681 case TIOCSWINSZ: 2682 return tiocswinsz(real_tty, p); 2683 case TIOCCONS: 2684 return real_tty != tty ? -EINVAL : tioccons(file); 2685 case FIONBIO: 2686 return fionbio(file, p); 2687 case TIOCEXCL: 2688 set_bit(TTY_EXCLUSIVE, &tty->flags); 2689 return 0; 2690 case TIOCNXCL: 2691 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2692 return 0; 2693 case TIOCNOTTY: 2694 if (current->signal->tty != tty) 2695 return -ENOTTY; 2696 no_tty(); 2697 return 0; 2698 case TIOCSCTTY: 2699 return tiocsctty(tty, arg); 2700 case TIOCGPGRP: 2701 return tiocgpgrp(tty, real_tty, p); 2702 case TIOCSPGRP: 2703 return tiocspgrp(tty, real_tty, p); 2704 case TIOCGSID: 2705 return tiocgsid(tty, real_tty, p); 2706 case TIOCGETD: 2707 return put_user(tty->ldisc->ops->num, (int __user *)p); 2708 case TIOCSETD: 2709 return tiocsetd(tty, p); 2710 case TIOCVHANGUP: 2711 if (!capable(CAP_SYS_ADMIN)) 2712 return -EPERM; 2713 tty_vhangup(tty); 2714 return 0; 2715 case TIOCGDEV: 2716 { 2717 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2718 return put_user(ret, (unsigned int __user *)p); 2719 } 2720 /* 2721 * Break handling 2722 */ 2723 case TIOCSBRK: /* Turn break on, unconditionally */ 2724 if (tty->ops->break_ctl) 2725 return tty->ops->break_ctl(tty, -1); 2726 return 0; 2727 case TIOCCBRK: /* Turn break off, unconditionally */ 2728 if (tty->ops->break_ctl) 2729 return tty->ops->break_ctl(tty, 0); 2730 return 0; 2731 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2732 /* non-zero arg means wait for all output data 2733 * to be sent (performed above) but don't send break. 2734 * This is used by the tcdrain() termios function. 2735 */ 2736 if (!arg) 2737 return send_break(tty, 250); 2738 return 0; 2739 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2740 return send_break(tty, arg ? arg*100 : 250); 2741 2742 case TIOCMGET: 2743 return tty_tiocmget(tty, p); 2744 case TIOCMSET: 2745 case TIOCMBIC: 2746 case TIOCMBIS: 2747 return tty_tiocmset(tty, cmd, p); 2748 case TIOCGICOUNT: 2749 retval = tty_tiocgicount(tty, p); 2750 /* For the moment allow fall through to the old method */ 2751 if (retval != -EINVAL) 2752 return retval; 2753 break; 2754 case TCFLSH: 2755 switch (arg) { 2756 case TCIFLUSH: 2757 case TCIOFLUSH: 2758 /* flush tty buffer and allow ldisc to process ioctl */ 2759 tty_buffer_flush(tty); 2760 break; 2761 } 2762 break; 2763 } 2764 if (tty->ops->ioctl) { 2765 retval = (tty->ops->ioctl)(tty, cmd, arg); 2766 if (retval != -ENOIOCTLCMD) 2767 return retval; 2768 } 2769 ld = tty_ldisc_ref_wait(tty); 2770 retval = -EINVAL; 2771 if (ld->ops->ioctl) { 2772 retval = ld->ops->ioctl(tty, file, cmd, arg); 2773 if (retval == -ENOIOCTLCMD) 2774 retval = -ENOTTY; 2775 } 2776 tty_ldisc_deref(ld); 2777 return retval; 2778 } 2779 2780 #ifdef CONFIG_COMPAT 2781 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2782 unsigned long arg) 2783 { 2784 struct inode *inode = file->f_dentry->d_inode; 2785 struct tty_struct *tty = file_tty(file); 2786 struct tty_ldisc *ld; 2787 int retval = -ENOIOCTLCMD; 2788 2789 if (tty_paranoia_check(tty, inode, "tty_ioctl")) 2790 return -EINVAL; 2791 2792 if (tty->ops->compat_ioctl) { 2793 retval = (tty->ops->compat_ioctl)(tty, cmd, arg); 2794 if (retval != -ENOIOCTLCMD) 2795 return retval; 2796 } 2797 2798 ld = tty_ldisc_ref_wait(tty); 2799 if (ld->ops->compat_ioctl) 2800 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2801 else 2802 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg); 2803 tty_ldisc_deref(ld); 2804 2805 return retval; 2806 } 2807 #endif 2808 2809 static int this_tty(const void *t, struct file *file, unsigned fd) 2810 { 2811 if (likely(file->f_op->read != tty_read)) 2812 return 0; 2813 return file_tty(file) != t ? 0 : fd + 1; 2814 } 2815 2816 /* 2817 * This implements the "Secure Attention Key" --- the idea is to 2818 * prevent trojan horses by killing all processes associated with this 2819 * tty when the user hits the "Secure Attention Key". Required for 2820 * super-paranoid applications --- see the Orange Book for more details. 2821 * 2822 * This code could be nicer; ideally it should send a HUP, wait a few 2823 * seconds, then send a INT, and then a KILL signal. But you then 2824 * have to coordinate with the init process, since all processes associated 2825 * with the current tty must be dead before the new getty is allowed 2826 * to spawn. 2827 * 2828 * Now, if it would be correct ;-/ The current code has a nasty hole - 2829 * it doesn't catch files in flight. We may send the descriptor to ourselves 2830 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2831 * 2832 * Nasty bug: do_SAK is being called in interrupt context. This can 2833 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2834 */ 2835 void __do_SAK(struct tty_struct *tty) 2836 { 2837 #ifdef TTY_SOFT_SAK 2838 tty_hangup(tty); 2839 #else 2840 struct task_struct *g, *p; 2841 struct pid *session; 2842 int i; 2843 2844 if (!tty) 2845 return; 2846 session = tty->session; 2847 2848 tty_ldisc_flush(tty); 2849 2850 tty_driver_flush_buffer(tty); 2851 2852 read_lock(&tasklist_lock); 2853 /* Kill the entire session */ 2854 do_each_pid_task(session, PIDTYPE_SID, p) { 2855 printk(KERN_NOTICE "SAK: killed process %d" 2856 " (%s): task_session(p)==tty->session\n", 2857 task_pid_nr(p), p->comm); 2858 send_sig(SIGKILL, p, 1); 2859 } while_each_pid_task(session, PIDTYPE_SID, p); 2860 /* Now kill any processes that happen to have the 2861 * tty open. 2862 */ 2863 do_each_thread(g, p) { 2864 if (p->signal->tty == tty) { 2865 printk(KERN_NOTICE "SAK: killed process %d" 2866 " (%s): task_session(p)==tty->session\n", 2867 task_pid_nr(p), p->comm); 2868 send_sig(SIGKILL, p, 1); 2869 continue; 2870 } 2871 task_lock(p); 2872 i = iterate_fd(p->files, 0, this_tty, tty); 2873 if (i != 0) { 2874 printk(KERN_NOTICE "SAK: killed process %d" 2875 " (%s): fd#%d opened to the tty\n", 2876 task_pid_nr(p), p->comm, i - 1); 2877 force_sig(SIGKILL, p); 2878 } 2879 task_unlock(p); 2880 } while_each_thread(g, p); 2881 read_unlock(&tasklist_lock); 2882 #endif 2883 } 2884 2885 static void do_SAK_work(struct work_struct *work) 2886 { 2887 struct tty_struct *tty = 2888 container_of(work, struct tty_struct, SAK_work); 2889 __do_SAK(tty); 2890 } 2891 2892 /* 2893 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2894 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2895 * the values which we write to it will be identical to the values which it 2896 * already has. --akpm 2897 */ 2898 void do_SAK(struct tty_struct *tty) 2899 { 2900 if (!tty) 2901 return; 2902 schedule_work(&tty->SAK_work); 2903 } 2904 2905 EXPORT_SYMBOL(do_SAK); 2906 2907 static int dev_match_devt(struct device *dev, void *data) 2908 { 2909 dev_t *devt = data; 2910 return dev->devt == *devt; 2911 } 2912 2913 /* Must put_device() after it's unused! */ 2914 static struct device *tty_get_device(struct tty_struct *tty) 2915 { 2916 dev_t devt = tty_devnum(tty); 2917 return class_find_device(tty_class, NULL, &devt, dev_match_devt); 2918 } 2919 2920 2921 /** 2922 * initialize_tty_struct 2923 * @tty: tty to initialize 2924 * 2925 * This subroutine initializes a tty structure that has been newly 2926 * allocated. 2927 * 2928 * Locking: none - tty in question must not be exposed at this point 2929 */ 2930 2931 void initialize_tty_struct(struct tty_struct *tty, 2932 struct tty_driver *driver, int idx) 2933 { 2934 memset(tty, 0, sizeof(struct tty_struct)); 2935 kref_init(&tty->kref); 2936 tty->magic = TTY_MAGIC; 2937 tty_ldisc_init(tty); 2938 tty->session = NULL; 2939 tty->pgrp = NULL; 2940 tty->overrun_time = jiffies; 2941 tty_buffer_init(tty); 2942 mutex_init(&tty->legacy_mutex); 2943 mutex_init(&tty->termios_mutex); 2944 mutex_init(&tty->ldisc_mutex); 2945 init_waitqueue_head(&tty->write_wait); 2946 init_waitqueue_head(&tty->read_wait); 2947 INIT_WORK(&tty->hangup_work, do_tty_hangup); 2948 mutex_init(&tty->atomic_read_lock); 2949 mutex_init(&tty->atomic_write_lock); 2950 mutex_init(&tty->output_lock); 2951 mutex_init(&tty->echo_lock); 2952 spin_lock_init(&tty->read_lock); 2953 spin_lock_init(&tty->ctrl_lock); 2954 INIT_LIST_HEAD(&tty->tty_files); 2955 INIT_WORK(&tty->SAK_work, do_SAK_work); 2956 2957 tty->driver = driver; 2958 tty->ops = driver->ops; 2959 tty->index = idx; 2960 tty_line_name(driver, idx, tty->name); 2961 tty->dev = tty_get_device(tty); 2962 } 2963 2964 /** 2965 * deinitialize_tty_struct 2966 * @tty: tty to deinitialize 2967 * 2968 * This subroutine deinitializes a tty structure that has been newly 2969 * allocated but tty_release cannot be called on that yet. 2970 * 2971 * Locking: none - tty in question must not be exposed at this point 2972 */ 2973 void deinitialize_tty_struct(struct tty_struct *tty) 2974 { 2975 tty_ldisc_deinit(tty); 2976 } 2977 2978 /** 2979 * tty_put_char - write one character to a tty 2980 * @tty: tty 2981 * @ch: character 2982 * 2983 * Write one byte to the tty using the provided put_char method 2984 * if present. Returns the number of characters successfully output. 2985 * 2986 * Note: the specific put_char operation in the driver layer may go 2987 * away soon. Don't call it directly, use this method 2988 */ 2989 2990 int tty_put_char(struct tty_struct *tty, unsigned char ch) 2991 { 2992 if (tty->ops->put_char) 2993 return tty->ops->put_char(tty, ch); 2994 return tty->ops->write(tty, &ch, 1); 2995 } 2996 EXPORT_SYMBOL_GPL(tty_put_char); 2997 2998 struct class *tty_class; 2999 3000 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3001 unsigned int index, unsigned int count) 3002 { 3003 /* init here, since reused cdevs cause crashes */ 3004 cdev_init(&driver->cdevs[index], &tty_fops); 3005 driver->cdevs[index].owner = driver->owner; 3006 return cdev_add(&driver->cdevs[index], dev, count); 3007 } 3008 3009 /** 3010 * tty_register_device - register a tty device 3011 * @driver: the tty driver that describes the tty device 3012 * @index: the index in the tty driver for this tty device 3013 * @device: a struct device that is associated with this tty device. 3014 * This field is optional, if there is no known struct device 3015 * for this tty device it can be set to NULL safely. 3016 * 3017 * Returns a pointer to the struct device for this tty device 3018 * (or ERR_PTR(-EFOO) on error). 3019 * 3020 * This call is required to be made to register an individual tty device 3021 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3022 * that bit is not set, this function should not be called by a tty 3023 * driver. 3024 * 3025 * Locking: ?? 3026 */ 3027 3028 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3029 struct device *device) 3030 { 3031 return tty_register_device_attr(driver, index, device, NULL, NULL); 3032 } 3033 EXPORT_SYMBOL(tty_register_device); 3034 3035 static void tty_device_create_release(struct device *dev) 3036 { 3037 pr_debug("device: '%s': %s\n", dev_name(dev), __func__); 3038 kfree(dev); 3039 } 3040 3041 /** 3042 * tty_register_device_attr - register a tty device 3043 * @driver: the tty driver that describes the tty device 3044 * @index: the index in the tty driver for this tty device 3045 * @device: a struct device that is associated with this tty device. 3046 * This field is optional, if there is no known struct device 3047 * for this tty device it can be set to NULL safely. 3048 * @drvdata: Driver data to be set to device. 3049 * @attr_grp: Attribute group to be set on device. 3050 * 3051 * Returns a pointer to the struct device for this tty device 3052 * (or ERR_PTR(-EFOO) on error). 3053 * 3054 * This call is required to be made to register an individual tty device 3055 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3056 * that bit is not set, this function should not be called by a tty 3057 * driver. 3058 * 3059 * Locking: ?? 3060 */ 3061 struct device *tty_register_device_attr(struct tty_driver *driver, 3062 unsigned index, struct device *device, 3063 void *drvdata, 3064 const struct attribute_group **attr_grp) 3065 { 3066 char name[64]; 3067 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3068 struct device *dev = NULL; 3069 int retval = -ENODEV; 3070 bool cdev = false; 3071 3072 if (index >= driver->num) { 3073 printk(KERN_ERR "Attempt to register invalid tty line number " 3074 " (%d).\n", index); 3075 return ERR_PTR(-EINVAL); 3076 } 3077 3078 if (driver->type == TTY_DRIVER_TYPE_PTY) 3079 pty_line_name(driver, index, name); 3080 else 3081 tty_line_name(driver, index, name); 3082 3083 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3084 retval = tty_cdev_add(driver, devt, index, 1); 3085 if (retval) 3086 goto error; 3087 cdev = true; 3088 } 3089 3090 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3091 if (!dev) { 3092 retval = -ENOMEM; 3093 goto error; 3094 } 3095 3096 dev->devt = devt; 3097 dev->class = tty_class; 3098 dev->parent = device; 3099 dev->release = tty_device_create_release; 3100 dev_set_name(dev, "%s", name); 3101 dev->groups = attr_grp; 3102 dev_set_drvdata(dev, drvdata); 3103 3104 retval = device_register(dev); 3105 if (retval) 3106 goto error; 3107 3108 return dev; 3109 3110 error: 3111 put_device(dev); 3112 if (cdev) 3113 cdev_del(&driver->cdevs[index]); 3114 return ERR_PTR(retval); 3115 } 3116 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3117 3118 /** 3119 * tty_unregister_device - unregister a tty device 3120 * @driver: the tty driver that describes the tty device 3121 * @index: the index in the tty driver for this tty device 3122 * 3123 * If a tty device is registered with a call to tty_register_device() then 3124 * this function must be called when the tty device is gone. 3125 * 3126 * Locking: ?? 3127 */ 3128 3129 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3130 { 3131 device_destroy(tty_class, 3132 MKDEV(driver->major, driver->minor_start) + index); 3133 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) 3134 cdev_del(&driver->cdevs[index]); 3135 } 3136 EXPORT_SYMBOL(tty_unregister_device); 3137 3138 /** 3139 * __tty_alloc_driver -- allocate tty driver 3140 * @lines: count of lines this driver can handle at most 3141 * @owner: module which is repsonsible for this driver 3142 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3143 * 3144 * This should not be called directly, some of the provided macros should be 3145 * used instead. Use IS_ERR and friends on @retval. 3146 */ 3147 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3148 unsigned long flags) 3149 { 3150 struct tty_driver *driver; 3151 unsigned int cdevs = 1; 3152 int err; 3153 3154 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3155 return ERR_PTR(-EINVAL); 3156 3157 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL); 3158 if (!driver) 3159 return ERR_PTR(-ENOMEM); 3160 3161 kref_init(&driver->kref); 3162 driver->magic = TTY_DRIVER_MAGIC; 3163 driver->num = lines; 3164 driver->owner = owner; 3165 driver->flags = flags; 3166 3167 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3168 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3169 GFP_KERNEL); 3170 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3171 GFP_KERNEL); 3172 if (!driver->ttys || !driver->termios) { 3173 err = -ENOMEM; 3174 goto err_free_all; 3175 } 3176 } 3177 3178 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3179 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3180 GFP_KERNEL); 3181 if (!driver->ports) { 3182 err = -ENOMEM; 3183 goto err_free_all; 3184 } 3185 cdevs = lines; 3186 } 3187 3188 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3189 if (!driver->cdevs) { 3190 err = -ENOMEM; 3191 goto err_free_all; 3192 } 3193 3194 return driver; 3195 err_free_all: 3196 kfree(driver->ports); 3197 kfree(driver->ttys); 3198 kfree(driver->termios); 3199 kfree(driver); 3200 return ERR_PTR(err); 3201 } 3202 EXPORT_SYMBOL(__tty_alloc_driver); 3203 3204 static void destruct_tty_driver(struct kref *kref) 3205 { 3206 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3207 int i; 3208 struct ktermios *tp; 3209 3210 if (driver->flags & TTY_DRIVER_INSTALLED) { 3211 /* 3212 * Free the termios and termios_locked structures because 3213 * we don't want to get memory leaks when modular tty 3214 * drivers are removed from the kernel. 3215 */ 3216 for (i = 0; i < driver->num; i++) { 3217 tp = driver->termios[i]; 3218 if (tp) { 3219 driver->termios[i] = NULL; 3220 kfree(tp); 3221 } 3222 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3223 tty_unregister_device(driver, i); 3224 } 3225 proc_tty_unregister_driver(driver); 3226 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3227 cdev_del(&driver->cdevs[0]); 3228 } 3229 kfree(driver->cdevs); 3230 kfree(driver->ports); 3231 kfree(driver->termios); 3232 kfree(driver->ttys); 3233 kfree(driver); 3234 } 3235 3236 void tty_driver_kref_put(struct tty_driver *driver) 3237 { 3238 kref_put(&driver->kref, destruct_tty_driver); 3239 } 3240 EXPORT_SYMBOL(tty_driver_kref_put); 3241 3242 void tty_set_operations(struct tty_driver *driver, 3243 const struct tty_operations *op) 3244 { 3245 driver->ops = op; 3246 }; 3247 EXPORT_SYMBOL(tty_set_operations); 3248 3249 void put_tty_driver(struct tty_driver *d) 3250 { 3251 tty_driver_kref_put(d); 3252 } 3253 EXPORT_SYMBOL(put_tty_driver); 3254 3255 /* 3256 * Called by a tty driver to register itself. 3257 */ 3258 int tty_register_driver(struct tty_driver *driver) 3259 { 3260 int error; 3261 int i; 3262 dev_t dev; 3263 struct device *d; 3264 3265 if (!driver->major) { 3266 error = alloc_chrdev_region(&dev, driver->minor_start, 3267 driver->num, driver->name); 3268 if (!error) { 3269 driver->major = MAJOR(dev); 3270 driver->minor_start = MINOR(dev); 3271 } 3272 } else { 3273 dev = MKDEV(driver->major, driver->minor_start); 3274 error = register_chrdev_region(dev, driver->num, driver->name); 3275 } 3276 if (error < 0) 3277 goto err; 3278 3279 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3280 error = tty_cdev_add(driver, dev, 0, driver->num); 3281 if (error) 3282 goto err_unreg_char; 3283 } 3284 3285 mutex_lock(&tty_mutex); 3286 list_add(&driver->tty_drivers, &tty_drivers); 3287 mutex_unlock(&tty_mutex); 3288 3289 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3290 for (i = 0; i < driver->num; i++) { 3291 d = tty_register_device(driver, i, NULL); 3292 if (IS_ERR(d)) { 3293 error = PTR_ERR(d); 3294 goto err_unreg_devs; 3295 } 3296 } 3297 } 3298 proc_tty_register_driver(driver); 3299 driver->flags |= TTY_DRIVER_INSTALLED; 3300 return 0; 3301 3302 err_unreg_devs: 3303 for (i--; i >= 0; i--) 3304 tty_unregister_device(driver, i); 3305 3306 mutex_lock(&tty_mutex); 3307 list_del(&driver->tty_drivers); 3308 mutex_unlock(&tty_mutex); 3309 3310 err_unreg_char: 3311 unregister_chrdev_region(dev, driver->num); 3312 err: 3313 return error; 3314 } 3315 EXPORT_SYMBOL(tty_register_driver); 3316 3317 /* 3318 * Called by a tty driver to unregister itself. 3319 */ 3320 int tty_unregister_driver(struct tty_driver *driver) 3321 { 3322 #if 0 3323 /* FIXME */ 3324 if (driver->refcount) 3325 return -EBUSY; 3326 #endif 3327 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3328 driver->num); 3329 mutex_lock(&tty_mutex); 3330 list_del(&driver->tty_drivers); 3331 mutex_unlock(&tty_mutex); 3332 return 0; 3333 } 3334 3335 EXPORT_SYMBOL(tty_unregister_driver); 3336 3337 dev_t tty_devnum(struct tty_struct *tty) 3338 { 3339 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3340 } 3341 EXPORT_SYMBOL(tty_devnum); 3342 3343 void proc_clear_tty(struct task_struct *p) 3344 { 3345 unsigned long flags; 3346 struct tty_struct *tty; 3347 spin_lock_irqsave(&p->sighand->siglock, flags); 3348 tty = p->signal->tty; 3349 p->signal->tty = NULL; 3350 spin_unlock_irqrestore(&p->sighand->siglock, flags); 3351 tty_kref_put(tty); 3352 } 3353 3354 /* Called under the sighand lock */ 3355 3356 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty) 3357 { 3358 if (tty) { 3359 unsigned long flags; 3360 /* We should not have a session or pgrp to put here but.... */ 3361 spin_lock_irqsave(&tty->ctrl_lock, flags); 3362 put_pid(tty->session); 3363 put_pid(tty->pgrp); 3364 tty->pgrp = get_pid(task_pgrp(tsk)); 3365 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 3366 tty->session = get_pid(task_session(tsk)); 3367 if (tsk->signal->tty) { 3368 printk(KERN_DEBUG "tty not NULL!!\n"); 3369 tty_kref_put(tsk->signal->tty); 3370 } 3371 } 3372 put_pid(tsk->signal->tty_old_pgrp); 3373 tsk->signal->tty = tty_kref_get(tty); 3374 tsk->signal->tty_old_pgrp = NULL; 3375 } 3376 3377 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty) 3378 { 3379 spin_lock_irq(&tsk->sighand->siglock); 3380 __proc_set_tty(tsk, tty); 3381 spin_unlock_irq(&tsk->sighand->siglock); 3382 } 3383 3384 struct tty_struct *get_current_tty(void) 3385 { 3386 struct tty_struct *tty; 3387 unsigned long flags; 3388 3389 spin_lock_irqsave(¤t->sighand->siglock, flags); 3390 tty = tty_kref_get(current->signal->tty); 3391 spin_unlock_irqrestore(¤t->sighand->siglock, flags); 3392 return tty; 3393 } 3394 EXPORT_SYMBOL_GPL(get_current_tty); 3395 3396 void tty_default_fops(struct file_operations *fops) 3397 { 3398 *fops = tty_fops; 3399 } 3400 3401 /* 3402 * Initialize the console device. This is called *early*, so 3403 * we can't necessarily depend on lots of kernel help here. 3404 * Just do some early initializations, and do the complex setup 3405 * later. 3406 */ 3407 void __init console_init(void) 3408 { 3409 initcall_t *call; 3410 3411 /* Setup the default TTY line discipline. */ 3412 tty_ldisc_begin(); 3413 3414 /* 3415 * set up the console device so that later boot sequences can 3416 * inform about problems etc.. 3417 */ 3418 call = __con_initcall_start; 3419 while (call < __con_initcall_end) { 3420 (*call)(); 3421 call++; 3422 } 3423 } 3424 3425 static char *tty_devnode(struct device *dev, umode_t *mode) 3426 { 3427 if (!mode) 3428 return NULL; 3429 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3430 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3431 *mode = 0666; 3432 return NULL; 3433 } 3434 3435 static int __init tty_class_init(void) 3436 { 3437 tty_class = class_create(THIS_MODULE, "tty"); 3438 if (IS_ERR(tty_class)) 3439 return PTR_ERR(tty_class); 3440 tty_class->devnode = tty_devnode; 3441 return 0; 3442 } 3443 3444 postcore_initcall(tty_class_init); 3445 3446 /* 3/2004 jmc: why do these devices exist? */ 3447 static struct cdev tty_cdev, console_cdev; 3448 3449 static ssize_t show_cons_active(struct device *dev, 3450 struct device_attribute *attr, char *buf) 3451 { 3452 struct console *cs[16]; 3453 int i = 0; 3454 struct console *c; 3455 ssize_t count = 0; 3456 3457 console_lock(); 3458 for_each_console(c) { 3459 if (!c->device) 3460 continue; 3461 if (!c->write) 3462 continue; 3463 if ((c->flags & CON_ENABLED) == 0) 3464 continue; 3465 cs[i++] = c; 3466 if (i >= ARRAY_SIZE(cs)) 3467 break; 3468 } 3469 while (i--) 3470 count += sprintf(buf + count, "%s%d%c", 3471 cs[i]->name, cs[i]->index, i ? ' ':'\n'); 3472 console_unlock(); 3473 3474 return count; 3475 } 3476 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3477 3478 static struct device *consdev; 3479 3480 void console_sysfs_notify(void) 3481 { 3482 if (consdev) 3483 sysfs_notify(&consdev->kobj, NULL, "active"); 3484 } 3485 3486 /* 3487 * Ok, now we can initialize the rest of the tty devices and can count 3488 * on memory allocations, interrupts etc.. 3489 */ 3490 int __init tty_init(void) 3491 { 3492 cdev_init(&tty_cdev, &tty_fops); 3493 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3494 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3495 panic("Couldn't register /dev/tty driver\n"); 3496 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3497 3498 cdev_init(&console_cdev, &console_fops); 3499 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3500 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3501 panic("Couldn't register /dev/console driver\n"); 3502 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL, 3503 "console"); 3504 if (IS_ERR(consdev)) 3505 consdev = NULL; 3506 else 3507 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0); 3508 3509 #ifdef CONFIG_VT 3510 vty_init(&console_fops); 3511 #endif 3512 return 0; 3513 } 3514 3515