1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 /* 7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 8 * or rs-channels. It also implements echoing, cooked mode etc. 9 * 10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 11 * 12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 13 * tty_struct and tty_queue structures. Previously there was an array 14 * of 256 tty_struct's which was statically allocated, and the 15 * tty_queue structures were allocated at boot time. Both are now 16 * dynamically allocated only when the tty is open. 17 * 18 * Also restructured routines so that there is more of a separation 19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 20 * the low-level tty routines (serial.c, pty.c, console.c). This 21 * makes for cleaner and more compact code. -TYT, 9/17/92 22 * 23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 24 * which can be dynamically activated and de-activated by the line 25 * discipline handling modules (like SLIP). 26 * 27 * NOTE: pay no attention to the line discipline code (yet); its 28 * interface is still subject to change in this version... 29 * -- TYT, 1/31/92 30 * 31 * Added functionality to the OPOST tty handling. No delays, but all 32 * other bits should be there. 33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 34 * 35 * Rewrote canonical mode and added more termios flags. 36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 37 * 38 * Reorganized FASYNC support so mouse code can share it. 39 * -- ctm@ardi.com, 9Sep95 40 * 41 * New TIOCLINUX variants added. 42 * -- mj@k332.feld.cvut.cz, 19-Nov-95 43 * 44 * Restrict vt switching via ioctl() 45 * -- grif@cs.ucr.edu, 5-Dec-95 46 * 47 * Move console and virtual terminal code to more appropriate files, 48 * implement CONFIG_VT and generalize console device interface. 49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 50 * 51 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 52 * -- Bill Hawes <whawes@star.net>, June 97 53 * 54 * Added devfs support. 55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 56 * 57 * Added support for a Unix98-style ptmx device. 58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 59 * 60 * Reduced memory usage for older ARM systems 61 * -- Russell King <rmk@arm.linux.org.uk> 62 * 63 * Move do_SAK() into process context. Less stack use in devfs functions. 64 * alloc_tty_struct() always uses kmalloc() 65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 66 */ 67 68 #include <linux/types.h> 69 #include <linux/major.h> 70 #include <linux/errno.h> 71 #include <linux/signal.h> 72 #include <linux/fcntl.h> 73 #include <linux/sched/signal.h> 74 #include <linux/sched/task.h> 75 #include <linux/interrupt.h> 76 #include <linux/tty.h> 77 #include <linux/tty_driver.h> 78 #include <linux/tty_flip.h> 79 #include <linux/devpts_fs.h> 80 #include <linux/file.h> 81 #include <linux/fdtable.h> 82 #include <linux/console.h> 83 #include <linux/timer.h> 84 #include <linux/ctype.h> 85 #include <linux/kd.h> 86 #include <linux/mm.h> 87 #include <linux/string.h> 88 #include <linux/slab.h> 89 #include <linux/poll.h> 90 #include <linux/ppp-ioctl.h> 91 #include <linux/proc_fs.h> 92 #include <linux/init.h> 93 #include <linux/module.h> 94 #include <linux/device.h> 95 #include <linux/wait.h> 96 #include <linux/bitops.h> 97 #include <linux/delay.h> 98 #include <linux/seq_file.h> 99 #include <linux/serial.h> 100 #include <linux/ratelimit.h> 101 #include <linux/compat.h> 102 103 #include <linux/uaccess.h> 104 105 #include <linux/kbd_kern.h> 106 #include <linux/vt_kern.h> 107 #include <linux/selection.h> 108 109 #include <linux/kmod.h> 110 #include <linux/nsproxy.h> 111 112 #undef TTY_DEBUG_HANGUP 113 #ifdef TTY_DEBUG_HANGUP 114 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 115 #else 116 # define tty_debug_hangup(tty, f, args...) do { } while (0) 117 #endif 118 119 #define TTY_PARANOIA_CHECK 1 120 #define CHECK_TTY_COUNT 1 121 122 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 123 .c_iflag = ICRNL | IXON, 124 .c_oflag = OPOST | ONLCR, 125 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 126 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 127 ECHOCTL | ECHOKE | IEXTEN, 128 .c_cc = INIT_C_CC, 129 .c_ispeed = 38400, 130 .c_ospeed = 38400, 131 /* .c_line = N_TTY, */ 132 }; 133 134 EXPORT_SYMBOL(tty_std_termios); 135 136 /* This list gets poked at by procfs and various bits of boot up code. This 137 could do with some rationalisation such as pulling the tty proc function 138 into this file */ 139 140 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 141 142 /* Mutex to protect creating and releasing a tty */ 143 DEFINE_MUTEX(tty_mutex); 144 145 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 146 static ssize_t tty_write(struct kiocb *, struct iov_iter *); 147 static __poll_t tty_poll(struct file *, poll_table *); 148 static int tty_open(struct inode *, struct file *); 149 #ifdef CONFIG_COMPAT 150 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 151 unsigned long arg); 152 #else 153 #define tty_compat_ioctl NULL 154 #endif 155 static int __tty_fasync(int fd, struct file *filp, int on); 156 static int tty_fasync(int fd, struct file *filp, int on); 157 static void release_tty(struct tty_struct *tty, int idx); 158 159 /** 160 * free_tty_struct - free a disused tty 161 * @tty: tty struct to free 162 * 163 * Free the write buffers, tty queue and tty memory itself. 164 * 165 * Locking: none. Must be called after tty is definitely unused 166 */ 167 168 static void free_tty_struct(struct tty_struct *tty) 169 { 170 tty_ldisc_deinit(tty); 171 put_device(tty->dev); 172 kfree(tty->write_buf); 173 tty->magic = 0xDEADDEAD; 174 kfree(tty); 175 } 176 177 static inline struct tty_struct *file_tty(struct file *file) 178 { 179 return ((struct tty_file_private *)file->private_data)->tty; 180 } 181 182 int tty_alloc_file(struct file *file) 183 { 184 struct tty_file_private *priv; 185 186 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 187 if (!priv) 188 return -ENOMEM; 189 190 file->private_data = priv; 191 192 return 0; 193 } 194 195 /* Associate a new file with the tty structure */ 196 void tty_add_file(struct tty_struct *tty, struct file *file) 197 { 198 struct tty_file_private *priv = file->private_data; 199 200 priv->tty = tty; 201 priv->file = file; 202 203 spin_lock(&tty->files_lock); 204 list_add(&priv->list, &tty->tty_files); 205 spin_unlock(&tty->files_lock); 206 } 207 208 /* 209 * tty_free_file - free file->private_data 210 * 211 * This shall be used only for fail path handling when tty_add_file was not 212 * called yet. 213 */ 214 void tty_free_file(struct file *file) 215 { 216 struct tty_file_private *priv = file->private_data; 217 218 file->private_data = NULL; 219 kfree(priv); 220 } 221 222 /* Delete file from its tty */ 223 static void tty_del_file(struct file *file) 224 { 225 struct tty_file_private *priv = file->private_data; 226 struct tty_struct *tty = priv->tty; 227 228 spin_lock(&tty->files_lock); 229 list_del(&priv->list); 230 spin_unlock(&tty->files_lock); 231 tty_free_file(file); 232 } 233 234 /** 235 * tty_name - return tty naming 236 * @tty: tty structure 237 * 238 * Convert a tty structure into a name. The name reflects the kernel 239 * naming policy and if udev is in use may not reflect user space 240 * 241 * Locking: none 242 */ 243 244 const char *tty_name(const struct tty_struct *tty) 245 { 246 if (!tty) /* Hmm. NULL pointer. That's fun. */ 247 return "NULL tty"; 248 return tty->name; 249 } 250 251 EXPORT_SYMBOL(tty_name); 252 253 const char *tty_driver_name(const struct tty_struct *tty) 254 { 255 if (!tty || !tty->driver) 256 return ""; 257 return tty->driver->name; 258 } 259 260 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 261 const char *routine) 262 { 263 #ifdef TTY_PARANOIA_CHECK 264 if (!tty) { 265 pr_warn("(%d:%d): %s: NULL tty\n", 266 imajor(inode), iminor(inode), routine); 267 return 1; 268 } 269 if (tty->magic != TTY_MAGIC) { 270 pr_warn("(%d:%d): %s: bad magic number\n", 271 imajor(inode), iminor(inode), routine); 272 return 1; 273 } 274 #endif 275 return 0; 276 } 277 278 /* Caller must hold tty_lock */ 279 static int check_tty_count(struct tty_struct *tty, const char *routine) 280 { 281 #ifdef CHECK_TTY_COUNT 282 struct list_head *p; 283 int count = 0, kopen_count = 0; 284 285 spin_lock(&tty->files_lock); 286 list_for_each(p, &tty->tty_files) { 287 count++; 288 } 289 spin_unlock(&tty->files_lock); 290 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 291 tty->driver->subtype == PTY_TYPE_SLAVE && 292 tty->link && tty->link->count) 293 count++; 294 if (tty_port_kopened(tty->port)) 295 kopen_count++; 296 if (tty->count != (count + kopen_count)) { 297 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n", 298 routine, tty->count, count, kopen_count); 299 return (count + kopen_count); 300 } 301 #endif 302 return 0; 303 } 304 305 /** 306 * get_tty_driver - find device of a tty 307 * @device: device identifier 308 * @index: returns the index of the tty 309 * 310 * This routine returns a tty driver structure, given a device number 311 * and also passes back the index number. 312 * 313 * Locking: caller must hold tty_mutex 314 */ 315 316 static struct tty_driver *get_tty_driver(dev_t device, int *index) 317 { 318 struct tty_driver *p; 319 320 list_for_each_entry(p, &tty_drivers, tty_drivers) { 321 dev_t base = MKDEV(p->major, p->minor_start); 322 if (device < base || device >= base + p->num) 323 continue; 324 *index = device - base; 325 return tty_driver_kref_get(p); 326 } 327 return NULL; 328 } 329 330 /** 331 * tty_dev_name_to_number - return dev_t for device name 332 * @name: user space name of device under /dev 333 * @number: pointer to dev_t that this function will populate 334 * 335 * This function converts device names like ttyS0 or ttyUSB1 into dev_t 336 * like (4, 64) or (188, 1). If no corresponding driver is registered then 337 * the function returns -ENODEV. 338 * 339 * Locking: this acquires tty_mutex to protect the tty_drivers list from 340 * being modified while we are traversing it, and makes sure to 341 * release it before exiting. 342 */ 343 int tty_dev_name_to_number(const char *name, dev_t *number) 344 { 345 struct tty_driver *p; 346 int ret; 347 int index, prefix_length = 0; 348 const char *str; 349 350 for (str = name; *str && !isdigit(*str); str++) 351 ; 352 353 if (!*str) 354 return -EINVAL; 355 356 ret = kstrtoint(str, 10, &index); 357 if (ret) 358 return ret; 359 360 prefix_length = str - name; 361 mutex_lock(&tty_mutex); 362 363 list_for_each_entry(p, &tty_drivers, tty_drivers) 364 if (prefix_length == strlen(p->name) && strncmp(name, 365 p->name, prefix_length) == 0) { 366 if (index < p->num) { 367 *number = MKDEV(p->major, p->minor_start + index); 368 goto out; 369 } 370 } 371 372 /* if here then driver wasn't found */ 373 ret = -ENODEV; 374 out: 375 mutex_unlock(&tty_mutex); 376 return ret; 377 } 378 EXPORT_SYMBOL_GPL(tty_dev_name_to_number); 379 380 #ifdef CONFIG_CONSOLE_POLL 381 382 /** 383 * tty_find_polling_driver - find device of a polled tty 384 * @name: name string to match 385 * @line: pointer to resulting tty line nr 386 * 387 * This routine returns a tty driver structure, given a name 388 * and the condition that the tty driver is capable of polled 389 * operation. 390 */ 391 struct tty_driver *tty_find_polling_driver(char *name, int *line) 392 { 393 struct tty_driver *p, *res = NULL; 394 int tty_line = 0; 395 int len; 396 char *str, *stp; 397 398 for (str = name; *str; str++) 399 if ((*str >= '0' && *str <= '9') || *str == ',') 400 break; 401 if (!*str) 402 return NULL; 403 404 len = str - name; 405 tty_line = simple_strtoul(str, &str, 10); 406 407 mutex_lock(&tty_mutex); 408 /* Search through the tty devices to look for a match */ 409 list_for_each_entry(p, &tty_drivers, tty_drivers) { 410 if (!len || strncmp(name, p->name, len) != 0) 411 continue; 412 stp = str; 413 if (*stp == ',') 414 stp++; 415 if (*stp == '\0') 416 stp = NULL; 417 418 if (tty_line >= 0 && tty_line < p->num && p->ops && 419 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 420 res = tty_driver_kref_get(p); 421 *line = tty_line; 422 break; 423 } 424 } 425 mutex_unlock(&tty_mutex); 426 427 return res; 428 } 429 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 430 #endif 431 432 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 433 size_t count, loff_t *ppos) 434 { 435 return 0; 436 } 437 438 static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from) 439 { 440 return -EIO; 441 } 442 443 /* No kernel lock held - none needed ;) */ 444 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait) 445 { 446 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM; 447 } 448 449 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 450 unsigned long arg) 451 { 452 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 453 } 454 455 static long hung_up_tty_compat_ioctl(struct file *file, 456 unsigned int cmd, unsigned long arg) 457 { 458 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 459 } 460 461 static int hung_up_tty_fasync(int fd, struct file *file, int on) 462 { 463 return -ENOTTY; 464 } 465 466 static void tty_show_fdinfo(struct seq_file *m, struct file *file) 467 { 468 struct tty_struct *tty = file_tty(file); 469 470 if (tty && tty->ops && tty->ops->show_fdinfo) 471 tty->ops->show_fdinfo(tty, m); 472 } 473 474 static const struct file_operations tty_fops = { 475 .llseek = no_llseek, 476 .read = tty_read, 477 .write_iter = tty_write, 478 .splice_write = iter_file_splice_write, 479 .poll = tty_poll, 480 .unlocked_ioctl = tty_ioctl, 481 .compat_ioctl = tty_compat_ioctl, 482 .open = tty_open, 483 .release = tty_release, 484 .fasync = tty_fasync, 485 .show_fdinfo = tty_show_fdinfo, 486 }; 487 488 static const struct file_operations console_fops = { 489 .llseek = no_llseek, 490 .read = tty_read, 491 .write_iter = redirected_tty_write, 492 .splice_write = iter_file_splice_write, 493 .poll = tty_poll, 494 .unlocked_ioctl = tty_ioctl, 495 .compat_ioctl = tty_compat_ioctl, 496 .open = tty_open, 497 .release = tty_release, 498 .fasync = tty_fasync, 499 }; 500 501 static const struct file_operations hung_up_tty_fops = { 502 .llseek = no_llseek, 503 .read = hung_up_tty_read, 504 .write_iter = hung_up_tty_write, 505 .poll = hung_up_tty_poll, 506 .unlocked_ioctl = hung_up_tty_ioctl, 507 .compat_ioctl = hung_up_tty_compat_ioctl, 508 .release = tty_release, 509 .fasync = hung_up_tty_fasync, 510 }; 511 512 static DEFINE_SPINLOCK(redirect_lock); 513 static struct file *redirect; 514 515 /** 516 * tty_wakeup - request more data 517 * @tty: terminal 518 * 519 * Internal and external helper for wakeups of tty. This function 520 * informs the line discipline if present that the driver is ready 521 * to receive more output data. 522 */ 523 524 void tty_wakeup(struct tty_struct *tty) 525 { 526 struct tty_ldisc *ld; 527 528 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 529 ld = tty_ldisc_ref(tty); 530 if (ld) { 531 if (ld->ops->write_wakeup) 532 ld->ops->write_wakeup(tty); 533 tty_ldisc_deref(ld); 534 } 535 } 536 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 537 } 538 539 EXPORT_SYMBOL_GPL(tty_wakeup); 540 541 /** 542 * __tty_hangup - actual handler for hangup events 543 * @tty: tty device 544 * @exit_session: if non-zero, signal all foreground group processes 545 * 546 * This can be called by a "kworker" kernel thread. That is process 547 * synchronous but doesn't hold any locks, so we need to make sure we 548 * have the appropriate locks for what we're doing. 549 * 550 * The hangup event clears any pending redirections onto the hung up 551 * device. It ensures future writes will error and it does the needed 552 * line discipline hangup and signal delivery. The tty object itself 553 * remains intact. 554 * 555 * Locking: 556 * BTM 557 * redirect lock for undoing redirection 558 * file list lock for manipulating list of ttys 559 * tty_ldiscs_lock from called functions 560 * termios_rwsem resetting termios data 561 * tasklist_lock to walk task list for hangup event 562 * ->siglock to protect ->signal/->sighand 563 */ 564 static void __tty_hangup(struct tty_struct *tty, int exit_session) 565 { 566 struct file *cons_filp = NULL; 567 struct file *filp, *f = NULL; 568 struct tty_file_private *priv; 569 int closecount = 0, n; 570 int refs; 571 572 if (!tty) 573 return; 574 575 576 spin_lock(&redirect_lock); 577 if (redirect && file_tty(redirect) == tty) { 578 f = redirect; 579 redirect = NULL; 580 } 581 spin_unlock(&redirect_lock); 582 583 tty_lock(tty); 584 585 if (test_bit(TTY_HUPPED, &tty->flags)) { 586 tty_unlock(tty); 587 return; 588 } 589 590 /* 591 * Some console devices aren't actually hung up for technical and 592 * historical reasons, which can lead to indefinite interruptible 593 * sleep in n_tty_read(). The following explicitly tells 594 * n_tty_read() to abort readers. 595 */ 596 set_bit(TTY_HUPPING, &tty->flags); 597 598 /* inuse_filps is protected by the single tty lock, 599 this really needs to change if we want to flush the 600 workqueue with the lock held */ 601 check_tty_count(tty, "tty_hangup"); 602 603 spin_lock(&tty->files_lock); 604 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 605 list_for_each_entry(priv, &tty->tty_files, list) { 606 filp = priv->file; 607 if (filp->f_op->write_iter == redirected_tty_write) 608 cons_filp = filp; 609 if (filp->f_op->write_iter != tty_write) 610 continue; 611 closecount++; 612 __tty_fasync(-1, filp, 0); /* can't block */ 613 filp->f_op = &hung_up_tty_fops; 614 } 615 spin_unlock(&tty->files_lock); 616 617 refs = tty_signal_session_leader(tty, exit_session); 618 /* Account for the p->signal references we killed */ 619 while (refs--) 620 tty_kref_put(tty); 621 622 tty_ldisc_hangup(tty, cons_filp != NULL); 623 624 spin_lock_irq(&tty->ctrl_lock); 625 clear_bit(TTY_THROTTLED, &tty->flags); 626 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 627 put_pid(tty->session); 628 put_pid(tty->pgrp); 629 tty->session = NULL; 630 tty->pgrp = NULL; 631 tty->ctrl_status = 0; 632 spin_unlock_irq(&tty->ctrl_lock); 633 634 /* 635 * If one of the devices matches a console pointer, we 636 * cannot just call hangup() because that will cause 637 * tty->count and state->count to go out of sync. 638 * So we just call close() the right number of times. 639 */ 640 if (cons_filp) { 641 if (tty->ops->close) 642 for (n = 0; n < closecount; n++) 643 tty->ops->close(tty, cons_filp); 644 } else if (tty->ops->hangup) 645 tty->ops->hangup(tty); 646 /* 647 * We don't want to have driver/ldisc interactions beyond the ones 648 * we did here. The driver layer expects no calls after ->hangup() 649 * from the ldisc side, which is now guaranteed. 650 */ 651 set_bit(TTY_HUPPED, &tty->flags); 652 clear_bit(TTY_HUPPING, &tty->flags); 653 tty_unlock(tty); 654 655 if (f) 656 fput(f); 657 } 658 659 static void do_tty_hangup(struct work_struct *work) 660 { 661 struct tty_struct *tty = 662 container_of(work, struct tty_struct, hangup_work); 663 664 __tty_hangup(tty, 0); 665 } 666 667 /** 668 * tty_hangup - trigger a hangup event 669 * @tty: tty to hangup 670 * 671 * A carrier loss (virtual or otherwise) has occurred on this like 672 * schedule a hangup sequence to run after this event. 673 */ 674 675 void tty_hangup(struct tty_struct *tty) 676 { 677 tty_debug_hangup(tty, "hangup\n"); 678 schedule_work(&tty->hangup_work); 679 } 680 681 EXPORT_SYMBOL(tty_hangup); 682 683 /** 684 * tty_vhangup - process vhangup 685 * @tty: tty to hangup 686 * 687 * The user has asked via system call for the terminal to be hung up. 688 * We do this synchronously so that when the syscall returns the process 689 * is complete. That guarantee is necessary for security reasons. 690 */ 691 692 void tty_vhangup(struct tty_struct *tty) 693 { 694 tty_debug_hangup(tty, "vhangup\n"); 695 __tty_hangup(tty, 0); 696 } 697 698 EXPORT_SYMBOL(tty_vhangup); 699 700 701 /** 702 * tty_vhangup_self - process vhangup for own ctty 703 * 704 * Perform a vhangup on the current controlling tty 705 */ 706 707 void tty_vhangup_self(void) 708 { 709 struct tty_struct *tty; 710 711 tty = get_current_tty(); 712 if (tty) { 713 tty_vhangup(tty); 714 tty_kref_put(tty); 715 } 716 } 717 718 /** 719 * tty_vhangup_session - hangup session leader exit 720 * @tty: tty to hangup 721 * 722 * The session leader is exiting and hanging up its controlling terminal. 723 * Every process in the foreground process group is signalled SIGHUP. 724 * 725 * We do this synchronously so that when the syscall returns the process 726 * is complete. That guarantee is necessary for security reasons. 727 */ 728 729 void tty_vhangup_session(struct tty_struct *tty) 730 { 731 tty_debug_hangup(tty, "session hangup\n"); 732 __tty_hangup(tty, 1); 733 } 734 735 /** 736 * tty_hung_up_p - was tty hung up 737 * @filp: file pointer of tty 738 * 739 * Return true if the tty has been subject to a vhangup or a carrier 740 * loss 741 */ 742 743 int tty_hung_up_p(struct file *filp) 744 { 745 return (filp && filp->f_op == &hung_up_tty_fops); 746 } 747 748 EXPORT_SYMBOL(tty_hung_up_p); 749 750 /** 751 * stop_tty - propagate flow control 752 * @tty: tty to stop 753 * 754 * Perform flow control to the driver. May be called 755 * on an already stopped device and will not re-call the driver 756 * method. 757 * 758 * This functionality is used by both the line disciplines for 759 * halting incoming flow and by the driver. It may therefore be 760 * called from any context, may be under the tty atomic_write_lock 761 * but not always. 762 * 763 * Locking: 764 * flow_lock 765 */ 766 767 void __stop_tty(struct tty_struct *tty) 768 { 769 if (tty->stopped) 770 return; 771 tty->stopped = 1; 772 if (tty->ops->stop) 773 tty->ops->stop(tty); 774 } 775 776 void stop_tty(struct tty_struct *tty) 777 { 778 unsigned long flags; 779 780 spin_lock_irqsave(&tty->flow_lock, flags); 781 __stop_tty(tty); 782 spin_unlock_irqrestore(&tty->flow_lock, flags); 783 } 784 EXPORT_SYMBOL(stop_tty); 785 786 /** 787 * start_tty - propagate flow control 788 * @tty: tty to start 789 * 790 * Start a tty that has been stopped if at all possible. If this 791 * tty was previous stopped and is now being started, the driver 792 * start method is invoked and the line discipline woken. 793 * 794 * Locking: 795 * flow_lock 796 */ 797 798 void __start_tty(struct tty_struct *tty) 799 { 800 if (!tty->stopped || tty->flow_stopped) 801 return; 802 tty->stopped = 0; 803 if (tty->ops->start) 804 tty->ops->start(tty); 805 tty_wakeup(tty); 806 } 807 808 void start_tty(struct tty_struct *tty) 809 { 810 unsigned long flags; 811 812 spin_lock_irqsave(&tty->flow_lock, flags); 813 __start_tty(tty); 814 spin_unlock_irqrestore(&tty->flow_lock, flags); 815 } 816 EXPORT_SYMBOL(start_tty); 817 818 static void tty_update_time(struct timespec64 *time) 819 { 820 time64_t sec = ktime_get_real_seconds(); 821 822 /* 823 * We only care if the two values differ in anything other than the 824 * lower three bits (i.e every 8 seconds). If so, then we can update 825 * the time of the tty device, otherwise it could be construded as a 826 * security leak to let userspace know the exact timing of the tty. 827 */ 828 if ((sec ^ time->tv_sec) & ~7) 829 time->tv_sec = sec; 830 } 831 832 /** 833 * tty_read - read method for tty device files 834 * @file: pointer to tty file 835 * @buf: user buffer 836 * @count: size of user buffer 837 * @ppos: unused 838 * 839 * Perform the read system call function on this terminal device. Checks 840 * for hung up devices before calling the line discipline method. 841 * 842 * Locking: 843 * Locks the line discipline internally while needed. Multiple 844 * read calls may be outstanding in parallel. 845 */ 846 847 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 848 loff_t *ppos) 849 { 850 int i; 851 struct inode *inode = file_inode(file); 852 struct tty_struct *tty = file_tty(file); 853 struct tty_ldisc *ld; 854 855 if (tty_paranoia_check(tty, inode, "tty_read")) 856 return -EIO; 857 if (!tty || tty_io_error(tty)) 858 return -EIO; 859 860 /* We want to wait for the line discipline to sort out in this 861 situation */ 862 ld = tty_ldisc_ref_wait(tty); 863 if (!ld) 864 return hung_up_tty_read(file, buf, count, ppos); 865 if (ld->ops->read) 866 i = ld->ops->read(tty, file, buf, count); 867 else 868 i = -EIO; 869 tty_ldisc_deref(ld); 870 871 if (i > 0) 872 tty_update_time(&inode->i_atime); 873 874 return i; 875 } 876 877 static void tty_write_unlock(struct tty_struct *tty) 878 { 879 mutex_unlock(&tty->atomic_write_lock); 880 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 881 } 882 883 static int tty_write_lock(struct tty_struct *tty, int ndelay) 884 { 885 if (!mutex_trylock(&tty->atomic_write_lock)) { 886 if (ndelay) 887 return -EAGAIN; 888 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 889 return -ERESTARTSYS; 890 } 891 return 0; 892 } 893 894 /* 895 * Split writes up in sane blocksizes to avoid 896 * denial-of-service type attacks 897 */ 898 static inline ssize_t do_tty_write( 899 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 900 struct tty_struct *tty, 901 struct file *file, 902 struct iov_iter *from) 903 { 904 size_t count = iov_iter_count(from); 905 ssize_t ret, written = 0; 906 unsigned int chunk; 907 908 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 909 if (ret < 0) 910 return ret; 911 912 /* 913 * We chunk up writes into a temporary buffer. This 914 * simplifies low-level drivers immensely, since they 915 * don't have locking issues and user mode accesses. 916 * 917 * But if TTY_NO_WRITE_SPLIT is set, we should use a 918 * big chunk-size.. 919 * 920 * The default chunk-size is 2kB, because the NTTY 921 * layer has problems with bigger chunks. It will 922 * claim to be able to handle more characters than 923 * it actually does. 924 * 925 * FIXME: This can probably go away now except that 64K chunks 926 * are too likely to fail unless switched to vmalloc... 927 */ 928 chunk = 2048; 929 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 930 chunk = 65536; 931 if (count < chunk) 932 chunk = count; 933 934 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 935 if (tty->write_cnt < chunk) { 936 unsigned char *buf_chunk; 937 938 if (chunk < 1024) 939 chunk = 1024; 940 941 buf_chunk = kmalloc(chunk, GFP_KERNEL); 942 if (!buf_chunk) { 943 ret = -ENOMEM; 944 goto out; 945 } 946 kfree(tty->write_buf); 947 tty->write_cnt = chunk; 948 tty->write_buf = buf_chunk; 949 } 950 951 /* Do the write .. */ 952 for (;;) { 953 size_t size = count; 954 if (size > chunk) 955 size = chunk; 956 957 ret = -EFAULT; 958 if (copy_from_iter(tty->write_buf, size, from) != size) 959 break; 960 961 ret = write(tty, file, tty->write_buf, size); 962 if (ret <= 0) 963 break; 964 965 /* FIXME! Have Al check this! */ 966 if (ret != size) 967 iov_iter_revert(from, size-ret); 968 969 written += ret; 970 count -= ret; 971 if (!count) 972 break; 973 ret = -ERESTARTSYS; 974 if (signal_pending(current)) 975 break; 976 cond_resched(); 977 } 978 if (written) { 979 tty_update_time(&file_inode(file)->i_mtime); 980 ret = written; 981 } 982 out: 983 tty_write_unlock(tty); 984 return ret; 985 } 986 987 /** 988 * tty_write_message - write a message to a certain tty, not just the console. 989 * @tty: the destination tty_struct 990 * @msg: the message to write 991 * 992 * This is used for messages that need to be redirected to a specific tty. 993 * We don't put it into the syslog queue right now maybe in the future if 994 * really needed. 995 * 996 * We must still hold the BTM and test the CLOSING flag for the moment. 997 */ 998 999 void tty_write_message(struct tty_struct *tty, char *msg) 1000 { 1001 if (tty) { 1002 mutex_lock(&tty->atomic_write_lock); 1003 tty_lock(tty); 1004 if (tty->ops->write && tty->count > 0) 1005 tty->ops->write(tty, msg, strlen(msg)); 1006 tty_unlock(tty); 1007 tty_write_unlock(tty); 1008 } 1009 return; 1010 } 1011 1012 1013 /** 1014 * tty_write - write method for tty device file 1015 * @file: tty file pointer 1016 * @buf: user data to write 1017 * @count: bytes to write 1018 * @ppos: unused 1019 * 1020 * Write data to a tty device via the line discipline. 1021 * 1022 * Locking: 1023 * Locks the line discipline as required 1024 * Writes to the tty driver are serialized by the atomic_write_lock 1025 * and are then processed in chunks to the device. The line discipline 1026 * write method will not be invoked in parallel for each device. 1027 */ 1028 1029 static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from) 1030 { 1031 struct tty_struct *tty = file_tty(file); 1032 struct tty_ldisc *ld; 1033 ssize_t ret; 1034 1035 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1036 return -EIO; 1037 if (!tty || !tty->ops->write || tty_io_error(tty)) 1038 return -EIO; 1039 /* Short term debug to catch buggy drivers */ 1040 if (tty->ops->write_room == NULL) 1041 tty_err(tty, "missing write_room method\n"); 1042 ld = tty_ldisc_ref_wait(tty); 1043 if (!ld) 1044 return hung_up_tty_write(iocb, from); 1045 if (!ld->ops->write) 1046 ret = -EIO; 1047 else 1048 ret = do_tty_write(ld->ops->write, tty, file, from); 1049 tty_ldisc_deref(ld); 1050 return ret; 1051 } 1052 1053 static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from) 1054 { 1055 return file_tty_write(iocb->ki_filp, iocb, from); 1056 } 1057 1058 ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter) 1059 { 1060 struct file *p = NULL; 1061 1062 spin_lock(&redirect_lock); 1063 if (redirect) 1064 p = get_file(redirect); 1065 spin_unlock(&redirect_lock); 1066 1067 /* 1068 * We know the redirected tty is just another tty, we can can 1069 * call file_tty_write() directly with that file pointer. 1070 */ 1071 if (p) { 1072 ssize_t res; 1073 res = file_tty_write(p, iocb, iter); 1074 fput(p); 1075 return res; 1076 } 1077 return tty_write(iocb, iter); 1078 } 1079 1080 /* 1081 * tty_send_xchar - send priority character 1082 * 1083 * Send a high priority character to the tty even if stopped 1084 * 1085 * Locking: none for xchar method, write ordering for write method. 1086 */ 1087 1088 int tty_send_xchar(struct tty_struct *tty, char ch) 1089 { 1090 int was_stopped = tty->stopped; 1091 1092 if (tty->ops->send_xchar) { 1093 down_read(&tty->termios_rwsem); 1094 tty->ops->send_xchar(tty, ch); 1095 up_read(&tty->termios_rwsem); 1096 return 0; 1097 } 1098 1099 if (tty_write_lock(tty, 0) < 0) 1100 return -ERESTARTSYS; 1101 1102 down_read(&tty->termios_rwsem); 1103 if (was_stopped) 1104 start_tty(tty); 1105 tty->ops->write(tty, &ch, 1); 1106 if (was_stopped) 1107 stop_tty(tty); 1108 up_read(&tty->termios_rwsem); 1109 tty_write_unlock(tty); 1110 return 0; 1111 } 1112 1113 static char ptychar[] = "pqrstuvwxyzabcde"; 1114 1115 /** 1116 * pty_line_name - generate name for a pty 1117 * @driver: the tty driver in use 1118 * @index: the minor number 1119 * @p: output buffer of at least 6 bytes 1120 * 1121 * Generate a name from a driver reference and write it to the output 1122 * buffer. 1123 * 1124 * Locking: None 1125 */ 1126 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1127 { 1128 int i = index + driver->name_base; 1129 /* ->name is initialized to "ttyp", but "tty" is expected */ 1130 sprintf(p, "%s%c%x", 1131 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1132 ptychar[i >> 4 & 0xf], i & 0xf); 1133 } 1134 1135 /** 1136 * tty_line_name - generate name for a tty 1137 * @driver: the tty driver in use 1138 * @index: the minor number 1139 * @p: output buffer of at least 7 bytes 1140 * 1141 * Generate a name from a driver reference and write it to the output 1142 * buffer. 1143 * 1144 * Locking: None 1145 */ 1146 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1147 { 1148 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1149 return sprintf(p, "%s", driver->name); 1150 else 1151 return sprintf(p, "%s%d", driver->name, 1152 index + driver->name_base); 1153 } 1154 1155 /** 1156 * tty_driver_lookup_tty() - find an existing tty, if any 1157 * @driver: the driver for the tty 1158 * @file: file object 1159 * @idx: the minor number 1160 * 1161 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the 1162 * driver lookup() method returns an error. 1163 * 1164 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1165 */ 1166 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1167 struct file *file, int idx) 1168 { 1169 struct tty_struct *tty; 1170 1171 if (driver->ops->lookup) 1172 if (!file) 1173 tty = ERR_PTR(-EIO); 1174 else 1175 tty = driver->ops->lookup(driver, file, idx); 1176 else 1177 tty = driver->ttys[idx]; 1178 1179 if (!IS_ERR(tty)) 1180 tty_kref_get(tty); 1181 return tty; 1182 } 1183 1184 /** 1185 * tty_init_termios - helper for termios setup 1186 * @tty: the tty to set up 1187 * 1188 * Initialise the termios structure for this tty. This runs under 1189 * the tty_mutex currently so we can be relaxed about ordering. 1190 */ 1191 1192 void tty_init_termios(struct tty_struct *tty) 1193 { 1194 struct ktermios *tp; 1195 int idx = tty->index; 1196 1197 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1198 tty->termios = tty->driver->init_termios; 1199 else { 1200 /* Check for lazy saved data */ 1201 tp = tty->driver->termios[idx]; 1202 if (tp != NULL) { 1203 tty->termios = *tp; 1204 tty->termios.c_line = tty->driver->init_termios.c_line; 1205 } else 1206 tty->termios = tty->driver->init_termios; 1207 } 1208 /* Compatibility until drivers always set this */ 1209 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1210 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1211 } 1212 EXPORT_SYMBOL_GPL(tty_init_termios); 1213 1214 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1215 { 1216 tty_init_termios(tty); 1217 tty_driver_kref_get(driver); 1218 tty->count++; 1219 driver->ttys[tty->index] = tty; 1220 return 0; 1221 } 1222 EXPORT_SYMBOL_GPL(tty_standard_install); 1223 1224 /** 1225 * tty_driver_install_tty() - install a tty entry in the driver 1226 * @driver: the driver for the tty 1227 * @tty: the tty 1228 * 1229 * Install a tty object into the driver tables. The tty->index field 1230 * will be set by the time this is called. This method is responsible 1231 * for ensuring any need additional structures are allocated and 1232 * configured. 1233 * 1234 * Locking: tty_mutex for now 1235 */ 1236 static int tty_driver_install_tty(struct tty_driver *driver, 1237 struct tty_struct *tty) 1238 { 1239 return driver->ops->install ? driver->ops->install(driver, tty) : 1240 tty_standard_install(driver, tty); 1241 } 1242 1243 /** 1244 * tty_driver_remove_tty() - remove a tty from the driver tables 1245 * @driver: the driver for the tty 1246 * @tty: tty to remove 1247 * 1248 * Remvoe a tty object from the driver tables. The tty->index field 1249 * will be set by the time this is called. 1250 * 1251 * Locking: tty_mutex for now 1252 */ 1253 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1254 { 1255 if (driver->ops->remove) 1256 driver->ops->remove(driver, tty); 1257 else 1258 driver->ttys[tty->index] = NULL; 1259 } 1260 1261 /** 1262 * tty_reopen() - fast re-open of an open tty 1263 * @tty: the tty to open 1264 * 1265 * Return 0 on success, -errno on error. 1266 * Re-opens on master ptys are not allowed and return -EIO. 1267 * 1268 * Locking: Caller must hold tty_lock 1269 */ 1270 static int tty_reopen(struct tty_struct *tty) 1271 { 1272 struct tty_driver *driver = tty->driver; 1273 struct tty_ldisc *ld; 1274 int retval = 0; 1275 1276 if (driver->type == TTY_DRIVER_TYPE_PTY && 1277 driver->subtype == PTY_TYPE_MASTER) 1278 return -EIO; 1279 1280 if (!tty->count) 1281 return -EAGAIN; 1282 1283 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1284 return -EBUSY; 1285 1286 ld = tty_ldisc_ref_wait(tty); 1287 if (ld) { 1288 tty_ldisc_deref(ld); 1289 } else { 1290 retval = tty_ldisc_lock(tty, 5 * HZ); 1291 if (retval) 1292 return retval; 1293 1294 if (!tty->ldisc) 1295 retval = tty_ldisc_reinit(tty, tty->termios.c_line); 1296 tty_ldisc_unlock(tty); 1297 } 1298 1299 if (retval == 0) 1300 tty->count++; 1301 1302 return retval; 1303 } 1304 1305 /** 1306 * tty_init_dev - initialise a tty device 1307 * @driver: tty driver we are opening a device on 1308 * @idx: device index 1309 * 1310 * Prepare a tty device. This may not be a "new" clean device but 1311 * could also be an active device. The pty drivers require special 1312 * handling because of this. 1313 * 1314 * Locking: 1315 * The function is called under the tty_mutex, which 1316 * protects us from the tty struct or driver itself going away. 1317 * 1318 * On exit the tty device has the line discipline attached and 1319 * a reference count of 1. If a pair was created for pty/tty use 1320 * and the other was a pty master then it too has a reference count of 1. 1321 * 1322 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1323 * failed open. The new code protects the open with a mutex, so it's 1324 * really quite straightforward. The mutex locking can probably be 1325 * relaxed for the (most common) case of reopening a tty. 1326 * 1327 * Return: returned tty structure 1328 */ 1329 1330 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1331 { 1332 struct tty_struct *tty; 1333 int retval; 1334 1335 /* 1336 * First time open is complex, especially for PTY devices. 1337 * This code guarantees that either everything succeeds and the 1338 * TTY is ready for operation, or else the table slots are vacated 1339 * and the allocated memory released. (Except that the termios 1340 * may be retained.) 1341 */ 1342 1343 if (!try_module_get(driver->owner)) 1344 return ERR_PTR(-ENODEV); 1345 1346 tty = alloc_tty_struct(driver, idx); 1347 if (!tty) { 1348 retval = -ENOMEM; 1349 goto err_module_put; 1350 } 1351 1352 tty_lock(tty); 1353 retval = tty_driver_install_tty(driver, tty); 1354 if (retval < 0) 1355 goto err_free_tty; 1356 1357 if (!tty->port) 1358 tty->port = driver->ports[idx]; 1359 1360 if (WARN_RATELIMIT(!tty->port, 1361 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n", 1362 __func__, tty->driver->name)) { 1363 retval = -EINVAL; 1364 goto err_release_lock; 1365 } 1366 1367 retval = tty_ldisc_lock(tty, 5 * HZ); 1368 if (retval) 1369 goto err_release_lock; 1370 tty->port->itty = tty; 1371 1372 /* 1373 * Structures all installed ... call the ldisc open routines. 1374 * If we fail here just call release_tty to clean up. No need 1375 * to decrement the use counts, as release_tty doesn't care. 1376 */ 1377 retval = tty_ldisc_setup(tty, tty->link); 1378 if (retval) 1379 goto err_release_tty; 1380 tty_ldisc_unlock(tty); 1381 /* Return the tty locked so that it cannot vanish under the caller */ 1382 return tty; 1383 1384 err_free_tty: 1385 tty_unlock(tty); 1386 free_tty_struct(tty); 1387 err_module_put: 1388 module_put(driver->owner); 1389 return ERR_PTR(retval); 1390 1391 /* call the tty release_tty routine to clean out this slot */ 1392 err_release_tty: 1393 tty_ldisc_unlock(tty); 1394 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", 1395 retval, idx); 1396 err_release_lock: 1397 tty_unlock(tty); 1398 release_tty(tty, idx); 1399 return ERR_PTR(retval); 1400 } 1401 1402 /** 1403 * tty_save_termios() - save tty termios data in driver table 1404 * @tty: tty whose termios data to save 1405 * 1406 * Locking: Caller guarantees serialisation with tty_init_termios(). 1407 */ 1408 void tty_save_termios(struct tty_struct *tty) 1409 { 1410 struct ktermios *tp; 1411 int idx = tty->index; 1412 1413 /* If the port is going to reset then it has no termios to save */ 1414 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1415 return; 1416 1417 /* Stash the termios data */ 1418 tp = tty->driver->termios[idx]; 1419 if (tp == NULL) { 1420 tp = kmalloc(sizeof(*tp), GFP_KERNEL); 1421 if (tp == NULL) 1422 return; 1423 tty->driver->termios[idx] = tp; 1424 } 1425 *tp = tty->termios; 1426 } 1427 EXPORT_SYMBOL_GPL(tty_save_termios); 1428 1429 /** 1430 * tty_flush_works - flush all works of a tty/pty pair 1431 * @tty: tty device to flush works for (or either end of a pty pair) 1432 * 1433 * Sync flush all works belonging to @tty (and the 'other' tty). 1434 */ 1435 static void tty_flush_works(struct tty_struct *tty) 1436 { 1437 flush_work(&tty->SAK_work); 1438 flush_work(&tty->hangup_work); 1439 if (tty->link) { 1440 flush_work(&tty->link->SAK_work); 1441 flush_work(&tty->link->hangup_work); 1442 } 1443 } 1444 1445 /** 1446 * release_one_tty - release tty structure memory 1447 * @work: work of tty we are obliterating 1448 * 1449 * Releases memory associated with a tty structure, and clears out the 1450 * driver table slots. This function is called when a device is no longer 1451 * in use. It also gets called when setup of a device fails. 1452 * 1453 * Locking: 1454 * takes the file list lock internally when working on the list 1455 * of ttys that the driver keeps. 1456 * 1457 * This method gets called from a work queue so that the driver private 1458 * cleanup ops can sleep (needed for USB at least) 1459 */ 1460 static void release_one_tty(struct work_struct *work) 1461 { 1462 struct tty_struct *tty = 1463 container_of(work, struct tty_struct, hangup_work); 1464 struct tty_driver *driver = tty->driver; 1465 struct module *owner = driver->owner; 1466 1467 if (tty->ops->cleanup) 1468 tty->ops->cleanup(tty); 1469 1470 tty->magic = 0; 1471 tty_driver_kref_put(driver); 1472 module_put(owner); 1473 1474 spin_lock(&tty->files_lock); 1475 list_del_init(&tty->tty_files); 1476 spin_unlock(&tty->files_lock); 1477 1478 put_pid(tty->pgrp); 1479 put_pid(tty->session); 1480 free_tty_struct(tty); 1481 } 1482 1483 static void queue_release_one_tty(struct kref *kref) 1484 { 1485 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1486 1487 /* The hangup queue is now free so we can reuse it rather than 1488 waste a chunk of memory for each port */ 1489 INIT_WORK(&tty->hangup_work, release_one_tty); 1490 schedule_work(&tty->hangup_work); 1491 } 1492 1493 /** 1494 * tty_kref_put - release a tty kref 1495 * @tty: tty device 1496 * 1497 * Release a reference to a tty device and if need be let the kref 1498 * layer destruct the object for us 1499 */ 1500 1501 void tty_kref_put(struct tty_struct *tty) 1502 { 1503 if (tty) 1504 kref_put(&tty->kref, queue_release_one_tty); 1505 } 1506 EXPORT_SYMBOL(tty_kref_put); 1507 1508 /** 1509 * release_tty - release tty structure memory 1510 * @tty: tty device release 1511 * @idx: index of the tty device release 1512 * 1513 * Release both @tty and a possible linked partner (think pty pair), 1514 * and decrement the refcount of the backing module. 1515 * 1516 * Locking: 1517 * tty_mutex 1518 * takes the file list lock internally when working on the list 1519 * of ttys that the driver keeps. 1520 * 1521 */ 1522 static void release_tty(struct tty_struct *tty, int idx) 1523 { 1524 /* This should always be true but check for the moment */ 1525 WARN_ON(tty->index != idx); 1526 WARN_ON(!mutex_is_locked(&tty_mutex)); 1527 if (tty->ops->shutdown) 1528 tty->ops->shutdown(tty); 1529 tty_save_termios(tty); 1530 tty_driver_remove_tty(tty->driver, tty); 1531 if (tty->port) 1532 tty->port->itty = NULL; 1533 if (tty->link) 1534 tty->link->port->itty = NULL; 1535 if (tty->port) 1536 tty_buffer_cancel_work(tty->port); 1537 if (tty->link) 1538 tty_buffer_cancel_work(tty->link->port); 1539 1540 tty_kref_put(tty->link); 1541 tty_kref_put(tty); 1542 } 1543 1544 /** 1545 * tty_release_checks - check a tty before real release 1546 * @tty: tty to check 1547 * @idx: index of the tty 1548 * 1549 * Performs some paranoid checking before true release of the @tty. 1550 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1551 */ 1552 static int tty_release_checks(struct tty_struct *tty, int idx) 1553 { 1554 #ifdef TTY_PARANOIA_CHECK 1555 if (idx < 0 || idx >= tty->driver->num) { 1556 tty_debug(tty, "bad idx %d\n", idx); 1557 return -1; 1558 } 1559 1560 /* not much to check for devpts */ 1561 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1562 return 0; 1563 1564 if (tty != tty->driver->ttys[idx]) { 1565 tty_debug(tty, "bad driver table[%d] = %p\n", 1566 idx, tty->driver->ttys[idx]); 1567 return -1; 1568 } 1569 if (tty->driver->other) { 1570 struct tty_struct *o_tty = tty->link; 1571 1572 if (o_tty != tty->driver->other->ttys[idx]) { 1573 tty_debug(tty, "bad other table[%d] = %p\n", 1574 idx, tty->driver->other->ttys[idx]); 1575 return -1; 1576 } 1577 if (o_tty->link != tty) { 1578 tty_debug(tty, "bad link = %p\n", o_tty->link); 1579 return -1; 1580 } 1581 } 1582 #endif 1583 return 0; 1584 } 1585 1586 /** 1587 * tty_kclose - closes tty opened by tty_kopen 1588 * @tty: tty device 1589 * 1590 * Performs the final steps to release and free a tty device. It is the 1591 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED 1592 * flag on tty->port. 1593 */ 1594 void tty_kclose(struct tty_struct *tty) 1595 { 1596 /* 1597 * Ask the line discipline code to release its structures 1598 */ 1599 tty_ldisc_release(tty); 1600 1601 /* Wait for pending work before tty destruction commmences */ 1602 tty_flush_works(tty); 1603 1604 tty_debug_hangup(tty, "freeing structure\n"); 1605 /* 1606 * The release_tty function takes care of the details of clearing 1607 * the slots and preserving the termios structure. 1608 */ 1609 mutex_lock(&tty_mutex); 1610 tty_port_set_kopened(tty->port, 0); 1611 release_tty(tty, tty->index); 1612 mutex_unlock(&tty_mutex); 1613 } 1614 EXPORT_SYMBOL_GPL(tty_kclose); 1615 1616 /** 1617 * tty_release_struct - release a tty struct 1618 * @tty: tty device 1619 * @idx: index of the tty 1620 * 1621 * Performs the final steps to release and free a tty device. It is 1622 * roughly the reverse of tty_init_dev. 1623 */ 1624 void tty_release_struct(struct tty_struct *tty, int idx) 1625 { 1626 /* 1627 * Ask the line discipline code to release its structures 1628 */ 1629 tty_ldisc_release(tty); 1630 1631 /* Wait for pending work before tty destruction commmences */ 1632 tty_flush_works(tty); 1633 1634 tty_debug_hangup(tty, "freeing structure\n"); 1635 /* 1636 * The release_tty function takes care of the details of clearing 1637 * the slots and preserving the termios structure. 1638 */ 1639 mutex_lock(&tty_mutex); 1640 release_tty(tty, idx); 1641 mutex_unlock(&tty_mutex); 1642 } 1643 EXPORT_SYMBOL_GPL(tty_release_struct); 1644 1645 /** 1646 * tty_release - vfs callback for close 1647 * @inode: inode of tty 1648 * @filp: file pointer for handle to tty 1649 * 1650 * Called the last time each file handle is closed that references 1651 * this tty. There may however be several such references. 1652 * 1653 * Locking: 1654 * Takes bkl. See tty_release_dev 1655 * 1656 * Even releasing the tty structures is a tricky business.. We have 1657 * to be very careful that the structures are all released at the 1658 * same time, as interrupts might otherwise get the wrong pointers. 1659 * 1660 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1661 * lead to double frees or releasing memory still in use. 1662 */ 1663 1664 int tty_release(struct inode *inode, struct file *filp) 1665 { 1666 struct tty_struct *tty = file_tty(filp); 1667 struct tty_struct *o_tty = NULL; 1668 int do_sleep, final; 1669 int idx; 1670 long timeout = 0; 1671 int once = 1; 1672 1673 if (tty_paranoia_check(tty, inode, __func__)) 1674 return 0; 1675 1676 tty_lock(tty); 1677 check_tty_count(tty, __func__); 1678 1679 __tty_fasync(-1, filp, 0); 1680 1681 idx = tty->index; 1682 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1683 tty->driver->subtype == PTY_TYPE_MASTER) 1684 o_tty = tty->link; 1685 1686 if (tty_release_checks(tty, idx)) { 1687 tty_unlock(tty); 1688 return 0; 1689 } 1690 1691 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count); 1692 1693 if (tty->ops->close) 1694 tty->ops->close(tty, filp); 1695 1696 /* If tty is pty master, lock the slave pty (stable lock order) */ 1697 tty_lock_slave(o_tty); 1698 1699 /* 1700 * Sanity check: if tty->count is going to zero, there shouldn't be 1701 * any waiters on tty->read_wait or tty->write_wait. We test the 1702 * wait queues and kick everyone out _before_ actually starting to 1703 * close. This ensures that we won't block while releasing the tty 1704 * structure. 1705 * 1706 * The test for the o_tty closing is necessary, since the master and 1707 * slave sides may close in any order. If the slave side closes out 1708 * first, its count will be one, since the master side holds an open. 1709 * Thus this test wouldn't be triggered at the time the slave closed, 1710 * so we do it now. 1711 */ 1712 while (1) { 1713 do_sleep = 0; 1714 1715 if (tty->count <= 1) { 1716 if (waitqueue_active(&tty->read_wait)) { 1717 wake_up_poll(&tty->read_wait, EPOLLIN); 1718 do_sleep++; 1719 } 1720 if (waitqueue_active(&tty->write_wait)) { 1721 wake_up_poll(&tty->write_wait, EPOLLOUT); 1722 do_sleep++; 1723 } 1724 } 1725 if (o_tty && o_tty->count <= 1) { 1726 if (waitqueue_active(&o_tty->read_wait)) { 1727 wake_up_poll(&o_tty->read_wait, EPOLLIN); 1728 do_sleep++; 1729 } 1730 if (waitqueue_active(&o_tty->write_wait)) { 1731 wake_up_poll(&o_tty->write_wait, EPOLLOUT); 1732 do_sleep++; 1733 } 1734 } 1735 if (!do_sleep) 1736 break; 1737 1738 if (once) { 1739 once = 0; 1740 tty_warn(tty, "read/write wait queue active!\n"); 1741 } 1742 schedule_timeout_killable(timeout); 1743 if (timeout < 120 * HZ) 1744 timeout = 2 * timeout + 1; 1745 else 1746 timeout = MAX_SCHEDULE_TIMEOUT; 1747 } 1748 1749 if (o_tty) { 1750 if (--o_tty->count < 0) { 1751 tty_warn(tty, "bad slave count (%d)\n", o_tty->count); 1752 o_tty->count = 0; 1753 } 1754 } 1755 if (--tty->count < 0) { 1756 tty_warn(tty, "bad tty->count (%d)\n", tty->count); 1757 tty->count = 0; 1758 } 1759 1760 /* 1761 * We've decremented tty->count, so we need to remove this file 1762 * descriptor off the tty->tty_files list; this serves two 1763 * purposes: 1764 * - check_tty_count sees the correct number of file descriptors 1765 * associated with this tty. 1766 * - do_tty_hangup no longer sees this file descriptor as 1767 * something that needs to be handled for hangups. 1768 */ 1769 tty_del_file(filp); 1770 1771 /* 1772 * Perform some housekeeping before deciding whether to return. 1773 * 1774 * If _either_ side is closing, make sure there aren't any 1775 * processes that still think tty or o_tty is their controlling 1776 * tty. 1777 */ 1778 if (!tty->count) { 1779 read_lock(&tasklist_lock); 1780 session_clear_tty(tty->session); 1781 if (o_tty) 1782 session_clear_tty(o_tty->session); 1783 read_unlock(&tasklist_lock); 1784 } 1785 1786 /* check whether both sides are closing ... */ 1787 final = !tty->count && !(o_tty && o_tty->count); 1788 1789 tty_unlock_slave(o_tty); 1790 tty_unlock(tty); 1791 1792 /* At this point, the tty->count == 0 should ensure a dead tty 1793 cannot be re-opened by a racing opener */ 1794 1795 if (!final) 1796 return 0; 1797 1798 tty_debug_hangup(tty, "final close\n"); 1799 1800 tty_release_struct(tty, idx); 1801 return 0; 1802 } 1803 1804 /** 1805 * tty_open_current_tty - get locked tty of current task 1806 * @device: device number 1807 * @filp: file pointer to tty 1808 * @return: locked tty of the current task iff @device is /dev/tty 1809 * 1810 * Performs a re-open of the current task's controlling tty. 1811 * 1812 * We cannot return driver and index like for the other nodes because 1813 * devpts will not work then. It expects inodes to be from devpts FS. 1814 */ 1815 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1816 { 1817 struct tty_struct *tty; 1818 int retval; 1819 1820 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1821 return NULL; 1822 1823 tty = get_current_tty(); 1824 if (!tty) 1825 return ERR_PTR(-ENXIO); 1826 1827 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1828 /* noctty = 1; */ 1829 tty_lock(tty); 1830 tty_kref_put(tty); /* safe to drop the kref now */ 1831 1832 retval = tty_reopen(tty); 1833 if (retval < 0) { 1834 tty_unlock(tty); 1835 tty = ERR_PTR(retval); 1836 } 1837 return tty; 1838 } 1839 1840 /** 1841 * tty_lookup_driver - lookup a tty driver for a given device file 1842 * @device: device number 1843 * @filp: file pointer to tty 1844 * @index: index for the device in the @return driver 1845 * @return: driver for this inode (with increased refcount) 1846 * 1847 * If @return is not erroneous, the caller is responsible to decrement the 1848 * refcount by tty_driver_kref_put. 1849 * 1850 * Locking: tty_mutex protects get_tty_driver 1851 */ 1852 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1853 int *index) 1854 { 1855 struct tty_driver *driver = NULL; 1856 1857 switch (device) { 1858 #ifdef CONFIG_VT 1859 case MKDEV(TTY_MAJOR, 0): { 1860 extern struct tty_driver *console_driver; 1861 driver = tty_driver_kref_get(console_driver); 1862 *index = fg_console; 1863 break; 1864 } 1865 #endif 1866 case MKDEV(TTYAUX_MAJOR, 1): { 1867 struct tty_driver *console_driver = console_device(index); 1868 if (console_driver) { 1869 driver = tty_driver_kref_get(console_driver); 1870 if (driver && filp) { 1871 /* Don't let /dev/console block */ 1872 filp->f_flags |= O_NONBLOCK; 1873 break; 1874 } 1875 } 1876 if (driver) 1877 tty_driver_kref_put(driver); 1878 return ERR_PTR(-ENODEV); 1879 } 1880 default: 1881 driver = get_tty_driver(device, index); 1882 if (!driver) 1883 return ERR_PTR(-ENODEV); 1884 break; 1885 } 1886 return driver; 1887 } 1888 1889 /** 1890 * tty_kopen - open a tty device for kernel 1891 * @device: dev_t of device to open 1892 * 1893 * Opens tty exclusively for kernel. Performs the driver lookup, 1894 * makes sure it's not already opened and performs the first-time 1895 * tty initialization. 1896 * 1897 * Returns the locked initialized &tty_struct 1898 * 1899 * Claims the global tty_mutex to serialize: 1900 * - concurrent first-time tty initialization 1901 * - concurrent tty driver removal w/ lookup 1902 * - concurrent tty removal from driver table 1903 */ 1904 struct tty_struct *tty_kopen(dev_t device) 1905 { 1906 struct tty_struct *tty; 1907 struct tty_driver *driver; 1908 int index = -1; 1909 1910 mutex_lock(&tty_mutex); 1911 driver = tty_lookup_driver(device, NULL, &index); 1912 if (IS_ERR(driver)) { 1913 mutex_unlock(&tty_mutex); 1914 return ERR_CAST(driver); 1915 } 1916 1917 /* check whether we're reopening an existing tty */ 1918 tty = tty_driver_lookup_tty(driver, NULL, index); 1919 if (IS_ERR(tty)) 1920 goto out; 1921 1922 if (tty) { 1923 /* drop kref from tty_driver_lookup_tty() */ 1924 tty_kref_put(tty); 1925 tty = ERR_PTR(-EBUSY); 1926 } else { /* tty_init_dev returns tty with the tty_lock held */ 1927 tty = tty_init_dev(driver, index); 1928 if (IS_ERR(tty)) 1929 goto out; 1930 tty_port_set_kopened(tty->port, 1); 1931 } 1932 out: 1933 mutex_unlock(&tty_mutex); 1934 tty_driver_kref_put(driver); 1935 return tty; 1936 } 1937 EXPORT_SYMBOL_GPL(tty_kopen); 1938 1939 /** 1940 * tty_open_by_driver - open a tty device 1941 * @device: dev_t of device to open 1942 * @filp: file pointer to tty 1943 * 1944 * Performs the driver lookup, checks for a reopen, or otherwise 1945 * performs the first-time tty initialization. 1946 * 1947 * Returns the locked initialized or re-opened &tty_struct 1948 * 1949 * Claims the global tty_mutex to serialize: 1950 * - concurrent first-time tty initialization 1951 * - concurrent tty driver removal w/ lookup 1952 * - concurrent tty removal from driver table 1953 */ 1954 static struct tty_struct *tty_open_by_driver(dev_t device, 1955 struct file *filp) 1956 { 1957 struct tty_struct *tty; 1958 struct tty_driver *driver = NULL; 1959 int index = -1; 1960 int retval; 1961 1962 mutex_lock(&tty_mutex); 1963 driver = tty_lookup_driver(device, filp, &index); 1964 if (IS_ERR(driver)) { 1965 mutex_unlock(&tty_mutex); 1966 return ERR_CAST(driver); 1967 } 1968 1969 /* check whether we're reopening an existing tty */ 1970 tty = tty_driver_lookup_tty(driver, filp, index); 1971 if (IS_ERR(tty)) { 1972 mutex_unlock(&tty_mutex); 1973 goto out; 1974 } 1975 1976 if (tty) { 1977 if (tty_port_kopened(tty->port)) { 1978 tty_kref_put(tty); 1979 mutex_unlock(&tty_mutex); 1980 tty = ERR_PTR(-EBUSY); 1981 goto out; 1982 } 1983 mutex_unlock(&tty_mutex); 1984 retval = tty_lock_interruptible(tty); 1985 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */ 1986 if (retval) { 1987 if (retval == -EINTR) 1988 retval = -ERESTARTSYS; 1989 tty = ERR_PTR(retval); 1990 goto out; 1991 } 1992 retval = tty_reopen(tty); 1993 if (retval < 0) { 1994 tty_unlock(tty); 1995 tty = ERR_PTR(retval); 1996 } 1997 } else { /* Returns with the tty_lock held for now */ 1998 tty = tty_init_dev(driver, index); 1999 mutex_unlock(&tty_mutex); 2000 } 2001 out: 2002 tty_driver_kref_put(driver); 2003 return tty; 2004 } 2005 2006 /** 2007 * tty_open - open a tty device 2008 * @inode: inode of device file 2009 * @filp: file pointer to tty 2010 * 2011 * tty_open and tty_release keep up the tty count that contains the 2012 * number of opens done on a tty. We cannot use the inode-count, as 2013 * different inodes might point to the same tty. 2014 * 2015 * Open-counting is needed for pty masters, as well as for keeping 2016 * track of serial lines: DTR is dropped when the last close happens. 2017 * (This is not done solely through tty->count, now. - Ted 1/27/92) 2018 * 2019 * The termios state of a pty is reset on first open so that 2020 * settings don't persist across reuse. 2021 * 2022 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 2023 * tty->count should protect the rest. 2024 * ->siglock protects ->signal/->sighand 2025 * 2026 * Note: the tty_unlock/lock cases without a ref are only safe due to 2027 * tty_mutex 2028 */ 2029 2030 static int tty_open(struct inode *inode, struct file *filp) 2031 { 2032 struct tty_struct *tty; 2033 int noctty, retval; 2034 dev_t device = inode->i_rdev; 2035 unsigned saved_flags = filp->f_flags; 2036 2037 nonseekable_open(inode, filp); 2038 2039 retry_open: 2040 retval = tty_alloc_file(filp); 2041 if (retval) 2042 return -ENOMEM; 2043 2044 tty = tty_open_current_tty(device, filp); 2045 if (!tty) 2046 tty = tty_open_by_driver(device, filp); 2047 2048 if (IS_ERR(tty)) { 2049 tty_free_file(filp); 2050 retval = PTR_ERR(tty); 2051 if (retval != -EAGAIN || signal_pending(current)) 2052 return retval; 2053 schedule(); 2054 goto retry_open; 2055 } 2056 2057 tty_add_file(tty, filp); 2058 2059 check_tty_count(tty, __func__); 2060 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 2061 2062 if (tty->ops->open) 2063 retval = tty->ops->open(tty, filp); 2064 else 2065 retval = -ENODEV; 2066 filp->f_flags = saved_flags; 2067 2068 if (retval) { 2069 tty_debug_hangup(tty, "open error %d, releasing\n", retval); 2070 2071 tty_unlock(tty); /* need to call tty_release without BTM */ 2072 tty_release(inode, filp); 2073 if (retval != -ERESTARTSYS) 2074 return retval; 2075 2076 if (signal_pending(current)) 2077 return retval; 2078 2079 schedule(); 2080 /* 2081 * Need to reset f_op in case a hangup happened. 2082 */ 2083 if (tty_hung_up_p(filp)) 2084 filp->f_op = &tty_fops; 2085 goto retry_open; 2086 } 2087 clear_bit(TTY_HUPPED, &tty->flags); 2088 2089 noctty = (filp->f_flags & O_NOCTTY) || 2090 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) || 2091 device == MKDEV(TTYAUX_MAJOR, 1) || 2092 (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2093 tty->driver->subtype == PTY_TYPE_MASTER); 2094 if (!noctty) 2095 tty_open_proc_set_tty(filp, tty); 2096 tty_unlock(tty); 2097 return 0; 2098 } 2099 2100 2101 2102 /** 2103 * tty_poll - check tty status 2104 * @filp: file being polled 2105 * @wait: poll wait structures to update 2106 * 2107 * Call the line discipline polling method to obtain the poll 2108 * status of the device. 2109 * 2110 * Locking: locks called line discipline but ldisc poll method 2111 * may be re-entered freely by other callers. 2112 */ 2113 2114 static __poll_t tty_poll(struct file *filp, poll_table *wait) 2115 { 2116 struct tty_struct *tty = file_tty(filp); 2117 struct tty_ldisc *ld; 2118 __poll_t ret = 0; 2119 2120 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2121 return 0; 2122 2123 ld = tty_ldisc_ref_wait(tty); 2124 if (!ld) 2125 return hung_up_tty_poll(filp, wait); 2126 if (ld->ops->poll) 2127 ret = ld->ops->poll(tty, filp, wait); 2128 tty_ldisc_deref(ld); 2129 return ret; 2130 } 2131 2132 static int __tty_fasync(int fd, struct file *filp, int on) 2133 { 2134 struct tty_struct *tty = file_tty(filp); 2135 unsigned long flags; 2136 int retval = 0; 2137 2138 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2139 goto out; 2140 2141 retval = fasync_helper(fd, filp, on, &tty->fasync); 2142 if (retval <= 0) 2143 goto out; 2144 2145 if (on) { 2146 enum pid_type type; 2147 struct pid *pid; 2148 2149 spin_lock_irqsave(&tty->ctrl_lock, flags); 2150 if (tty->pgrp) { 2151 pid = tty->pgrp; 2152 type = PIDTYPE_PGID; 2153 } else { 2154 pid = task_pid(current); 2155 type = PIDTYPE_TGID; 2156 } 2157 get_pid(pid); 2158 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2159 __f_setown(filp, pid, type, 0); 2160 put_pid(pid); 2161 retval = 0; 2162 } 2163 out: 2164 return retval; 2165 } 2166 2167 static int tty_fasync(int fd, struct file *filp, int on) 2168 { 2169 struct tty_struct *tty = file_tty(filp); 2170 int retval = -ENOTTY; 2171 2172 tty_lock(tty); 2173 if (!tty_hung_up_p(filp)) 2174 retval = __tty_fasync(fd, filp, on); 2175 tty_unlock(tty); 2176 2177 return retval; 2178 } 2179 2180 /** 2181 * tiocsti - fake input character 2182 * @tty: tty to fake input into 2183 * @p: pointer to character 2184 * 2185 * Fake input to a tty device. Does the necessary locking and 2186 * input management. 2187 * 2188 * FIXME: does not honour flow control ?? 2189 * 2190 * Locking: 2191 * Called functions take tty_ldiscs_lock 2192 * current->signal->tty check is safe without locks 2193 * 2194 * FIXME: may race normal receive processing 2195 */ 2196 2197 static int tiocsti(struct tty_struct *tty, char __user *p) 2198 { 2199 char ch, mbz = 0; 2200 struct tty_ldisc *ld; 2201 2202 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2203 return -EPERM; 2204 if (get_user(ch, p)) 2205 return -EFAULT; 2206 tty_audit_tiocsti(tty, ch); 2207 ld = tty_ldisc_ref_wait(tty); 2208 if (!ld) 2209 return -EIO; 2210 if (ld->ops->receive_buf) 2211 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2212 tty_ldisc_deref(ld); 2213 return 0; 2214 } 2215 2216 /** 2217 * tiocgwinsz - implement window query ioctl 2218 * @tty: tty 2219 * @arg: user buffer for result 2220 * 2221 * Copies the kernel idea of the window size into the user buffer. 2222 * 2223 * Locking: tty->winsize_mutex is taken to ensure the winsize data 2224 * is consistent. 2225 */ 2226 2227 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2228 { 2229 int err; 2230 2231 mutex_lock(&tty->winsize_mutex); 2232 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2233 mutex_unlock(&tty->winsize_mutex); 2234 2235 return err ? -EFAULT: 0; 2236 } 2237 2238 /** 2239 * tty_do_resize - resize event 2240 * @tty: tty being resized 2241 * @ws: new dimensions 2242 * 2243 * Update the termios variables and send the necessary signals to 2244 * peform a terminal resize correctly 2245 */ 2246 2247 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2248 { 2249 struct pid *pgrp; 2250 2251 /* Lock the tty */ 2252 mutex_lock(&tty->winsize_mutex); 2253 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2254 goto done; 2255 2256 /* Signal the foreground process group */ 2257 pgrp = tty_get_pgrp(tty); 2258 if (pgrp) 2259 kill_pgrp(pgrp, SIGWINCH, 1); 2260 put_pid(pgrp); 2261 2262 tty->winsize = *ws; 2263 done: 2264 mutex_unlock(&tty->winsize_mutex); 2265 return 0; 2266 } 2267 EXPORT_SYMBOL(tty_do_resize); 2268 2269 /** 2270 * tiocswinsz - implement window size set ioctl 2271 * @tty: tty side of tty 2272 * @arg: user buffer for result 2273 * 2274 * Copies the user idea of the window size to the kernel. Traditionally 2275 * this is just advisory information but for the Linux console it 2276 * actually has driver level meaning and triggers a VC resize. 2277 * 2278 * Locking: 2279 * Driver dependent. The default do_resize method takes the 2280 * tty termios mutex and ctrl_lock. The console takes its own lock 2281 * then calls into the default method. 2282 */ 2283 2284 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2285 { 2286 struct winsize tmp_ws; 2287 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2288 return -EFAULT; 2289 2290 if (tty->ops->resize) 2291 return tty->ops->resize(tty, &tmp_ws); 2292 else 2293 return tty_do_resize(tty, &tmp_ws); 2294 } 2295 2296 /** 2297 * tioccons - allow admin to move logical console 2298 * @file: the file to become console 2299 * 2300 * Allow the administrator to move the redirected console device 2301 * 2302 * Locking: uses redirect_lock to guard the redirect information 2303 */ 2304 2305 static int tioccons(struct file *file) 2306 { 2307 if (!capable(CAP_SYS_ADMIN)) 2308 return -EPERM; 2309 if (file->f_op->write_iter == redirected_tty_write) { 2310 struct file *f; 2311 spin_lock(&redirect_lock); 2312 f = redirect; 2313 redirect = NULL; 2314 spin_unlock(&redirect_lock); 2315 if (f) 2316 fput(f); 2317 return 0; 2318 } 2319 if (file->f_op->write_iter != tty_write) 2320 return -ENOTTY; 2321 if (!(file->f_mode & FMODE_WRITE)) 2322 return -EBADF; 2323 if (!(file->f_mode & FMODE_CAN_WRITE)) 2324 return -EINVAL; 2325 spin_lock(&redirect_lock); 2326 if (redirect) { 2327 spin_unlock(&redirect_lock); 2328 return -EBUSY; 2329 } 2330 redirect = get_file(file); 2331 spin_unlock(&redirect_lock); 2332 return 0; 2333 } 2334 2335 /** 2336 * tiocsetd - set line discipline 2337 * @tty: tty device 2338 * @p: pointer to user data 2339 * 2340 * Set the line discipline according to user request. 2341 * 2342 * Locking: see tty_set_ldisc, this function is just a helper 2343 */ 2344 2345 static int tiocsetd(struct tty_struct *tty, int __user *p) 2346 { 2347 int disc; 2348 int ret; 2349 2350 if (get_user(disc, p)) 2351 return -EFAULT; 2352 2353 ret = tty_set_ldisc(tty, disc); 2354 2355 return ret; 2356 } 2357 2358 /** 2359 * tiocgetd - get line discipline 2360 * @tty: tty device 2361 * @p: pointer to user data 2362 * 2363 * Retrieves the line discipline id directly from the ldisc. 2364 * 2365 * Locking: waits for ldisc reference (in case the line discipline 2366 * is changing or the tty is being hungup) 2367 */ 2368 2369 static int tiocgetd(struct tty_struct *tty, int __user *p) 2370 { 2371 struct tty_ldisc *ld; 2372 int ret; 2373 2374 ld = tty_ldisc_ref_wait(tty); 2375 if (!ld) 2376 return -EIO; 2377 ret = put_user(ld->ops->num, p); 2378 tty_ldisc_deref(ld); 2379 return ret; 2380 } 2381 2382 /** 2383 * send_break - performed time break 2384 * @tty: device to break on 2385 * @duration: timeout in mS 2386 * 2387 * Perform a timed break on hardware that lacks its own driver level 2388 * timed break functionality. 2389 * 2390 * Locking: 2391 * atomic_write_lock serializes 2392 * 2393 */ 2394 2395 static int send_break(struct tty_struct *tty, unsigned int duration) 2396 { 2397 int retval; 2398 2399 if (tty->ops->break_ctl == NULL) 2400 return 0; 2401 2402 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2403 retval = tty->ops->break_ctl(tty, duration); 2404 else { 2405 /* Do the work ourselves */ 2406 if (tty_write_lock(tty, 0) < 0) 2407 return -EINTR; 2408 retval = tty->ops->break_ctl(tty, -1); 2409 if (retval) 2410 goto out; 2411 if (!signal_pending(current)) 2412 msleep_interruptible(duration); 2413 retval = tty->ops->break_ctl(tty, 0); 2414 out: 2415 tty_write_unlock(tty); 2416 if (signal_pending(current)) 2417 retval = -EINTR; 2418 } 2419 return retval; 2420 } 2421 2422 /** 2423 * tty_tiocmget - get modem status 2424 * @tty: tty device 2425 * @p: pointer to result 2426 * 2427 * Obtain the modem status bits from the tty driver if the feature 2428 * is supported. Return -EINVAL if it is not available. 2429 * 2430 * Locking: none (up to the driver) 2431 */ 2432 2433 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2434 { 2435 int retval = -EINVAL; 2436 2437 if (tty->ops->tiocmget) { 2438 retval = tty->ops->tiocmget(tty); 2439 2440 if (retval >= 0) 2441 retval = put_user(retval, p); 2442 } 2443 return retval; 2444 } 2445 2446 /** 2447 * tty_tiocmset - set modem status 2448 * @tty: tty device 2449 * @cmd: command - clear bits, set bits or set all 2450 * @p: pointer to desired bits 2451 * 2452 * Set the modem status bits from the tty driver if the feature 2453 * is supported. Return -EINVAL if it is not available. 2454 * 2455 * Locking: none (up to the driver) 2456 */ 2457 2458 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2459 unsigned __user *p) 2460 { 2461 int retval; 2462 unsigned int set, clear, val; 2463 2464 if (tty->ops->tiocmset == NULL) 2465 return -EINVAL; 2466 2467 retval = get_user(val, p); 2468 if (retval) 2469 return retval; 2470 set = clear = 0; 2471 switch (cmd) { 2472 case TIOCMBIS: 2473 set = val; 2474 break; 2475 case TIOCMBIC: 2476 clear = val; 2477 break; 2478 case TIOCMSET: 2479 set = val; 2480 clear = ~val; 2481 break; 2482 } 2483 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2484 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2485 return tty->ops->tiocmset(tty, set, clear); 2486 } 2487 2488 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2489 { 2490 int retval = -EINVAL; 2491 struct serial_icounter_struct icount; 2492 memset(&icount, 0, sizeof(icount)); 2493 if (tty->ops->get_icount) 2494 retval = tty->ops->get_icount(tty, &icount); 2495 if (retval != 0) 2496 return retval; 2497 if (copy_to_user(arg, &icount, sizeof(icount))) 2498 return -EFAULT; 2499 return 0; 2500 } 2501 2502 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss) 2503 { 2504 static DEFINE_RATELIMIT_STATE(depr_flags, 2505 DEFAULT_RATELIMIT_INTERVAL, 2506 DEFAULT_RATELIMIT_BURST); 2507 char comm[TASK_COMM_LEN]; 2508 struct serial_struct v; 2509 int flags; 2510 2511 if (copy_from_user(&v, ss, sizeof(*ss))) 2512 return -EFAULT; 2513 2514 flags = v.flags & ASYNC_DEPRECATED; 2515 2516 if (flags && __ratelimit(&depr_flags)) 2517 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2518 __func__, get_task_comm(comm, current), flags); 2519 if (!tty->ops->set_serial) 2520 return -ENOTTY; 2521 return tty->ops->set_serial(tty, &v); 2522 } 2523 2524 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss) 2525 { 2526 struct serial_struct v; 2527 int err; 2528 2529 memset(&v, 0, sizeof(v)); 2530 if (!tty->ops->get_serial) 2531 return -ENOTTY; 2532 err = tty->ops->get_serial(tty, &v); 2533 if (!err && copy_to_user(ss, &v, sizeof(v))) 2534 err = -EFAULT; 2535 return err; 2536 } 2537 2538 /* 2539 * if pty, return the slave side (real_tty) 2540 * otherwise, return self 2541 */ 2542 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2543 { 2544 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2545 tty->driver->subtype == PTY_TYPE_MASTER) 2546 tty = tty->link; 2547 return tty; 2548 } 2549 2550 /* 2551 * Split this up, as gcc can choke on it otherwise.. 2552 */ 2553 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2554 { 2555 struct tty_struct *tty = file_tty(file); 2556 struct tty_struct *real_tty; 2557 void __user *p = (void __user *)arg; 2558 int retval; 2559 struct tty_ldisc *ld; 2560 2561 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2562 return -EINVAL; 2563 2564 real_tty = tty_pair_get_tty(tty); 2565 2566 /* 2567 * Factor out some common prep work 2568 */ 2569 switch (cmd) { 2570 case TIOCSETD: 2571 case TIOCSBRK: 2572 case TIOCCBRK: 2573 case TCSBRK: 2574 case TCSBRKP: 2575 retval = tty_check_change(tty); 2576 if (retval) 2577 return retval; 2578 if (cmd != TIOCCBRK) { 2579 tty_wait_until_sent(tty, 0); 2580 if (signal_pending(current)) 2581 return -EINTR; 2582 } 2583 break; 2584 } 2585 2586 /* 2587 * Now do the stuff. 2588 */ 2589 switch (cmd) { 2590 case TIOCSTI: 2591 return tiocsti(tty, p); 2592 case TIOCGWINSZ: 2593 return tiocgwinsz(real_tty, p); 2594 case TIOCSWINSZ: 2595 return tiocswinsz(real_tty, p); 2596 case TIOCCONS: 2597 return real_tty != tty ? -EINVAL : tioccons(file); 2598 case TIOCEXCL: 2599 set_bit(TTY_EXCLUSIVE, &tty->flags); 2600 return 0; 2601 case TIOCNXCL: 2602 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2603 return 0; 2604 case TIOCGEXCL: 2605 { 2606 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2607 return put_user(excl, (int __user *)p); 2608 } 2609 case TIOCGETD: 2610 return tiocgetd(tty, p); 2611 case TIOCSETD: 2612 return tiocsetd(tty, p); 2613 case TIOCVHANGUP: 2614 if (!capable(CAP_SYS_ADMIN)) 2615 return -EPERM; 2616 tty_vhangup(tty); 2617 return 0; 2618 case TIOCGDEV: 2619 { 2620 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2621 return put_user(ret, (unsigned int __user *)p); 2622 } 2623 /* 2624 * Break handling 2625 */ 2626 case TIOCSBRK: /* Turn break on, unconditionally */ 2627 if (tty->ops->break_ctl) 2628 return tty->ops->break_ctl(tty, -1); 2629 return 0; 2630 case TIOCCBRK: /* Turn break off, unconditionally */ 2631 if (tty->ops->break_ctl) 2632 return tty->ops->break_ctl(tty, 0); 2633 return 0; 2634 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2635 /* non-zero arg means wait for all output data 2636 * to be sent (performed above) but don't send break. 2637 * This is used by the tcdrain() termios function. 2638 */ 2639 if (!arg) 2640 return send_break(tty, 250); 2641 return 0; 2642 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2643 return send_break(tty, arg ? arg*100 : 250); 2644 2645 case TIOCMGET: 2646 return tty_tiocmget(tty, p); 2647 case TIOCMSET: 2648 case TIOCMBIC: 2649 case TIOCMBIS: 2650 return tty_tiocmset(tty, cmd, p); 2651 case TIOCGICOUNT: 2652 return tty_tiocgicount(tty, p); 2653 case TCFLSH: 2654 switch (arg) { 2655 case TCIFLUSH: 2656 case TCIOFLUSH: 2657 /* flush tty buffer and allow ldisc to process ioctl */ 2658 tty_buffer_flush(tty, NULL); 2659 break; 2660 } 2661 break; 2662 case TIOCSSERIAL: 2663 return tty_tiocsserial(tty, p); 2664 case TIOCGSERIAL: 2665 return tty_tiocgserial(tty, p); 2666 case TIOCGPTPEER: 2667 /* Special because the struct file is needed */ 2668 return ptm_open_peer(file, tty, (int)arg); 2669 default: 2670 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg); 2671 if (retval != -ENOIOCTLCMD) 2672 return retval; 2673 } 2674 if (tty->ops->ioctl) { 2675 retval = tty->ops->ioctl(tty, cmd, arg); 2676 if (retval != -ENOIOCTLCMD) 2677 return retval; 2678 } 2679 ld = tty_ldisc_ref_wait(tty); 2680 if (!ld) 2681 return hung_up_tty_ioctl(file, cmd, arg); 2682 retval = -EINVAL; 2683 if (ld->ops->ioctl) { 2684 retval = ld->ops->ioctl(tty, file, cmd, arg); 2685 if (retval == -ENOIOCTLCMD) 2686 retval = -ENOTTY; 2687 } 2688 tty_ldisc_deref(ld); 2689 return retval; 2690 } 2691 2692 #ifdef CONFIG_COMPAT 2693 2694 struct serial_struct32 { 2695 compat_int_t type; 2696 compat_int_t line; 2697 compat_uint_t port; 2698 compat_int_t irq; 2699 compat_int_t flags; 2700 compat_int_t xmit_fifo_size; 2701 compat_int_t custom_divisor; 2702 compat_int_t baud_base; 2703 unsigned short close_delay; 2704 char io_type; 2705 char reserved_char; 2706 compat_int_t hub6; 2707 unsigned short closing_wait; /* time to wait before closing */ 2708 unsigned short closing_wait2; /* no longer used... */ 2709 compat_uint_t iomem_base; 2710 unsigned short iomem_reg_shift; 2711 unsigned int port_high; 2712 /* compat_ulong_t iomap_base FIXME */ 2713 compat_int_t reserved; 2714 }; 2715 2716 static int compat_tty_tiocsserial(struct tty_struct *tty, 2717 struct serial_struct32 __user *ss) 2718 { 2719 static DEFINE_RATELIMIT_STATE(depr_flags, 2720 DEFAULT_RATELIMIT_INTERVAL, 2721 DEFAULT_RATELIMIT_BURST); 2722 char comm[TASK_COMM_LEN]; 2723 struct serial_struct32 v32; 2724 struct serial_struct v; 2725 int flags; 2726 2727 if (copy_from_user(&v32, ss, sizeof(*ss))) 2728 return -EFAULT; 2729 2730 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base)); 2731 v.iomem_base = compat_ptr(v32.iomem_base); 2732 v.iomem_reg_shift = v32.iomem_reg_shift; 2733 v.port_high = v32.port_high; 2734 v.iomap_base = 0; 2735 2736 flags = v.flags & ASYNC_DEPRECATED; 2737 2738 if (flags && __ratelimit(&depr_flags)) 2739 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2740 __func__, get_task_comm(comm, current), flags); 2741 if (!tty->ops->set_serial) 2742 return -ENOTTY; 2743 return tty->ops->set_serial(tty, &v); 2744 } 2745 2746 static int compat_tty_tiocgserial(struct tty_struct *tty, 2747 struct serial_struct32 __user *ss) 2748 { 2749 struct serial_struct32 v32; 2750 struct serial_struct v; 2751 int err; 2752 2753 memset(&v, 0, sizeof(v)); 2754 memset(&v32, 0, sizeof(v32)); 2755 2756 if (!tty->ops->get_serial) 2757 return -ENOTTY; 2758 err = tty->ops->get_serial(tty, &v); 2759 if (!err) { 2760 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base)); 2761 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ? 2762 0xfffffff : ptr_to_compat(v.iomem_base); 2763 v32.iomem_reg_shift = v.iomem_reg_shift; 2764 v32.port_high = v.port_high; 2765 if (copy_to_user(ss, &v32, sizeof(v32))) 2766 err = -EFAULT; 2767 } 2768 return err; 2769 } 2770 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2771 unsigned long arg) 2772 { 2773 struct tty_struct *tty = file_tty(file); 2774 struct tty_ldisc *ld; 2775 int retval = -ENOIOCTLCMD; 2776 2777 switch (cmd) { 2778 case TIOCOUTQ: 2779 case TIOCSTI: 2780 case TIOCGWINSZ: 2781 case TIOCSWINSZ: 2782 case TIOCGEXCL: 2783 case TIOCGETD: 2784 case TIOCSETD: 2785 case TIOCGDEV: 2786 case TIOCMGET: 2787 case TIOCMSET: 2788 case TIOCMBIC: 2789 case TIOCMBIS: 2790 case TIOCGICOUNT: 2791 case TIOCGPGRP: 2792 case TIOCSPGRP: 2793 case TIOCGSID: 2794 case TIOCSERGETLSR: 2795 case TIOCGRS485: 2796 case TIOCSRS485: 2797 #ifdef TIOCGETP 2798 case TIOCGETP: 2799 case TIOCSETP: 2800 case TIOCSETN: 2801 #endif 2802 #ifdef TIOCGETC 2803 case TIOCGETC: 2804 case TIOCSETC: 2805 #endif 2806 #ifdef TIOCGLTC 2807 case TIOCGLTC: 2808 case TIOCSLTC: 2809 #endif 2810 case TCSETSF: 2811 case TCSETSW: 2812 case TCSETS: 2813 case TCGETS: 2814 #ifdef TCGETS2 2815 case TCGETS2: 2816 case TCSETSF2: 2817 case TCSETSW2: 2818 case TCSETS2: 2819 #endif 2820 case TCGETA: 2821 case TCSETAF: 2822 case TCSETAW: 2823 case TCSETA: 2824 case TIOCGLCKTRMIOS: 2825 case TIOCSLCKTRMIOS: 2826 #ifdef TCGETX 2827 case TCGETX: 2828 case TCSETX: 2829 case TCSETXW: 2830 case TCSETXF: 2831 #endif 2832 case TIOCGSOFTCAR: 2833 case TIOCSSOFTCAR: 2834 2835 case PPPIOCGCHAN: 2836 case PPPIOCGUNIT: 2837 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 2838 case TIOCCONS: 2839 case TIOCEXCL: 2840 case TIOCNXCL: 2841 case TIOCVHANGUP: 2842 case TIOCSBRK: 2843 case TIOCCBRK: 2844 case TCSBRK: 2845 case TCSBRKP: 2846 case TCFLSH: 2847 case TIOCGPTPEER: 2848 case TIOCNOTTY: 2849 case TIOCSCTTY: 2850 case TCXONC: 2851 case TIOCMIWAIT: 2852 case TIOCSERCONFIG: 2853 return tty_ioctl(file, cmd, arg); 2854 } 2855 2856 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2857 return -EINVAL; 2858 2859 switch (cmd) { 2860 case TIOCSSERIAL: 2861 return compat_tty_tiocsserial(tty, compat_ptr(arg)); 2862 case TIOCGSERIAL: 2863 return compat_tty_tiocgserial(tty, compat_ptr(arg)); 2864 } 2865 if (tty->ops->compat_ioctl) { 2866 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2867 if (retval != -ENOIOCTLCMD) 2868 return retval; 2869 } 2870 2871 ld = tty_ldisc_ref_wait(tty); 2872 if (!ld) 2873 return hung_up_tty_compat_ioctl(file, cmd, arg); 2874 if (ld->ops->compat_ioctl) 2875 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2876 if (retval == -ENOIOCTLCMD && ld->ops->ioctl) 2877 retval = ld->ops->ioctl(tty, file, 2878 (unsigned long)compat_ptr(cmd), arg); 2879 tty_ldisc_deref(ld); 2880 2881 return retval; 2882 } 2883 #endif 2884 2885 static int this_tty(const void *t, struct file *file, unsigned fd) 2886 { 2887 if (likely(file->f_op->read != tty_read)) 2888 return 0; 2889 return file_tty(file) != t ? 0 : fd + 1; 2890 } 2891 2892 /* 2893 * This implements the "Secure Attention Key" --- the idea is to 2894 * prevent trojan horses by killing all processes associated with this 2895 * tty when the user hits the "Secure Attention Key". Required for 2896 * super-paranoid applications --- see the Orange Book for more details. 2897 * 2898 * This code could be nicer; ideally it should send a HUP, wait a few 2899 * seconds, then send a INT, and then a KILL signal. But you then 2900 * have to coordinate with the init process, since all processes associated 2901 * with the current tty must be dead before the new getty is allowed 2902 * to spawn. 2903 * 2904 * Now, if it would be correct ;-/ The current code has a nasty hole - 2905 * it doesn't catch files in flight. We may send the descriptor to ourselves 2906 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2907 * 2908 * Nasty bug: do_SAK is being called in interrupt context. This can 2909 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2910 */ 2911 void __do_SAK(struct tty_struct *tty) 2912 { 2913 #ifdef TTY_SOFT_SAK 2914 tty_hangup(tty); 2915 #else 2916 struct task_struct *g, *p; 2917 struct pid *session; 2918 int i; 2919 unsigned long flags; 2920 2921 if (!tty) 2922 return; 2923 2924 spin_lock_irqsave(&tty->ctrl_lock, flags); 2925 session = get_pid(tty->session); 2926 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2927 2928 tty_ldisc_flush(tty); 2929 2930 tty_driver_flush_buffer(tty); 2931 2932 read_lock(&tasklist_lock); 2933 /* Kill the entire session */ 2934 do_each_pid_task(session, PIDTYPE_SID, p) { 2935 tty_notice(tty, "SAK: killed process %d (%s): by session\n", 2936 task_pid_nr(p), p->comm); 2937 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2938 } while_each_pid_task(session, PIDTYPE_SID, p); 2939 2940 /* Now kill any processes that happen to have the tty open */ 2941 do_each_thread(g, p) { 2942 if (p->signal->tty == tty) { 2943 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n", 2944 task_pid_nr(p), p->comm); 2945 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2946 continue; 2947 } 2948 task_lock(p); 2949 i = iterate_fd(p->files, 0, this_tty, tty); 2950 if (i != 0) { 2951 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n", 2952 task_pid_nr(p), p->comm, i - 1); 2953 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2954 } 2955 task_unlock(p); 2956 } while_each_thread(g, p); 2957 read_unlock(&tasklist_lock); 2958 put_pid(session); 2959 #endif 2960 } 2961 2962 static void do_SAK_work(struct work_struct *work) 2963 { 2964 struct tty_struct *tty = 2965 container_of(work, struct tty_struct, SAK_work); 2966 __do_SAK(tty); 2967 } 2968 2969 /* 2970 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2971 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2972 * the values which we write to it will be identical to the values which it 2973 * already has. --akpm 2974 */ 2975 void do_SAK(struct tty_struct *tty) 2976 { 2977 if (!tty) 2978 return; 2979 schedule_work(&tty->SAK_work); 2980 } 2981 2982 EXPORT_SYMBOL(do_SAK); 2983 2984 /* Must put_device() after it's unused! */ 2985 static struct device *tty_get_device(struct tty_struct *tty) 2986 { 2987 dev_t devt = tty_devnum(tty); 2988 return class_find_device_by_devt(tty_class, devt); 2989 } 2990 2991 2992 /* 2993 * alloc_tty_struct 2994 * 2995 * This subroutine allocates and initializes a tty structure. 2996 * 2997 * Locking: none - tty in question is not exposed at this point 2998 */ 2999 3000 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 3001 { 3002 struct tty_struct *tty; 3003 3004 tty = kzalloc(sizeof(*tty), GFP_KERNEL); 3005 if (!tty) 3006 return NULL; 3007 3008 kref_init(&tty->kref); 3009 tty->magic = TTY_MAGIC; 3010 if (tty_ldisc_init(tty)) { 3011 kfree(tty); 3012 return NULL; 3013 } 3014 tty->session = NULL; 3015 tty->pgrp = NULL; 3016 mutex_init(&tty->legacy_mutex); 3017 mutex_init(&tty->throttle_mutex); 3018 init_rwsem(&tty->termios_rwsem); 3019 mutex_init(&tty->winsize_mutex); 3020 init_ldsem(&tty->ldisc_sem); 3021 init_waitqueue_head(&tty->write_wait); 3022 init_waitqueue_head(&tty->read_wait); 3023 INIT_WORK(&tty->hangup_work, do_tty_hangup); 3024 mutex_init(&tty->atomic_write_lock); 3025 spin_lock_init(&tty->ctrl_lock); 3026 spin_lock_init(&tty->flow_lock); 3027 spin_lock_init(&tty->files_lock); 3028 INIT_LIST_HEAD(&tty->tty_files); 3029 INIT_WORK(&tty->SAK_work, do_SAK_work); 3030 3031 tty->driver = driver; 3032 tty->ops = driver->ops; 3033 tty->index = idx; 3034 tty_line_name(driver, idx, tty->name); 3035 tty->dev = tty_get_device(tty); 3036 3037 return tty; 3038 } 3039 3040 /** 3041 * tty_put_char - write one character to a tty 3042 * @tty: tty 3043 * @ch: character 3044 * 3045 * Write one byte to the tty using the provided put_char method 3046 * if present. Returns the number of characters successfully output. 3047 * 3048 * Note: the specific put_char operation in the driver layer may go 3049 * away soon. Don't call it directly, use this method 3050 */ 3051 3052 int tty_put_char(struct tty_struct *tty, unsigned char ch) 3053 { 3054 if (tty->ops->put_char) 3055 return tty->ops->put_char(tty, ch); 3056 return tty->ops->write(tty, &ch, 1); 3057 } 3058 EXPORT_SYMBOL_GPL(tty_put_char); 3059 3060 struct class *tty_class; 3061 3062 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3063 unsigned int index, unsigned int count) 3064 { 3065 int err; 3066 3067 /* init here, since reused cdevs cause crashes */ 3068 driver->cdevs[index] = cdev_alloc(); 3069 if (!driver->cdevs[index]) 3070 return -ENOMEM; 3071 driver->cdevs[index]->ops = &tty_fops; 3072 driver->cdevs[index]->owner = driver->owner; 3073 err = cdev_add(driver->cdevs[index], dev, count); 3074 if (err) 3075 kobject_put(&driver->cdevs[index]->kobj); 3076 return err; 3077 } 3078 3079 /** 3080 * tty_register_device - register a tty device 3081 * @driver: the tty driver that describes the tty device 3082 * @index: the index in the tty driver for this tty device 3083 * @device: a struct device that is associated with this tty device. 3084 * This field is optional, if there is no known struct device 3085 * for this tty device it can be set to NULL safely. 3086 * 3087 * Returns a pointer to the struct device for this tty device 3088 * (or ERR_PTR(-EFOO) on error). 3089 * 3090 * This call is required to be made to register an individual tty device 3091 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3092 * that bit is not set, this function should not be called by a tty 3093 * driver. 3094 * 3095 * Locking: ?? 3096 */ 3097 3098 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3099 struct device *device) 3100 { 3101 return tty_register_device_attr(driver, index, device, NULL, NULL); 3102 } 3103 EXPORT_SYMBOL(tty_register_device); 3104 3105 static void tty_device_create_release(struct device *dev) 3106 { 3107 dev_dbg(dev, "releasing...\n"); 3108 kfree(dev); 3109 } 3110 3111 /** 3112 * tty_register_device_attr - register a tty device 3113 * @driver: the tty driver that describes the tty device 3114 * @index: the index in the tty driver for this tty device 3115 * @device: a struct device that is associated with this tty device. 3116 * This field is optional, if there is no known struct device 3117 * for this tty device it can be set to NULL safely. 3118 * @drvdata: Driver data to be set to device. 3119 * @attr_grp: Attribute group to be set on device. 3120 * 3121 * Returns a pointer to the struct device for this tty device 3122 * (or ERR_PTR(-EFOO) on error). 3123 * 3124 * This call is required to be made to register an individual tty device 3125 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3126 * that bit is not set, this function should not be called by a tty 3127 * driver. 3128 * 3129 * Locking: ?? 3130 */ 3131 struct device *tty_register_device_attr(struct tty_driver *driver, 3132 unsigned index, struct device *device, 3133 void *drvdata, 3134 const struct attribute_group **attr_grp) 3135 { 3136 char name[64]; 3137 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3138 struct ktermios *tp; 3139 struct device *dev; 3140 int retval; 3141 3142 if (index >= driver->num) { 3143 pr_err("%s: Attempt to register invalid tty line number (%d)\n", 3144 driver->name, index); 3145 return ERR_PTR(-EINVAL); 3146 } 3147 3148 if (driver->type == TTY_DRIVER_TYPE_PTY) 3149 pty_line_name(driver, index, name); 3150 else 3151 tty_line_name(driver, index, name); 3152 3153 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3154 if (!dev) 3155 return ERR_PTR(-ENOMEM); 3156 3157 dev->devt = devt; 3158 dev->class = tty_class; 3159 dev->parent = device; 3160 dev->release = tty_device_create_release; 3161 dev_set_name(dev, "%s", name); 3162 dev->groups = attr_grp; 3163 dev_set_drvdata(dev, drvdata); 3164 3165 dev_set_uevent_suppress(dev, 1); 3166 3167 retval = device_register(dev); 3168 if (retval) 3169 goto err_put; 3170 3171 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3172 /* 3173 * Free any saved termios data so that the termios state is 3174 * reset when reusing a minor number. 3175 */ 3176 tp = driver->termios[index]; 3177 if (tp) { 3178 driver->termios[index] = NULL; 3179 kfree(tp); 3180 } 3181 3182 retval = tty_cdev_add(driver, devt, index, 1); 3183 if (retval) 3184 goto err_del; 3185 } 3186 3187 dev_set_uevent_suppress(dev, 0); 3188 kobject_uevent(&dev->kobj, KOBJ_ADD); 3189 3190 return dev; 3191 3192 err_del: 3193 device_del(dev); 3194 err_put: 3195 put_device(dev); 3196 3197 return ERR_PTR(retval); 3198 } 3199 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3200 3201 /** 3202 * tty_unregister_device - unregister a tty device 3203 * @driver: the tty driver that describes the tty device 3204 * @index: the index in the tty driver for this tty device 3205 * 3206 * If a tty device is registered with a call to tty_register_device() then 3207 * this function must be called when the tty device is gone. 3208 * 3209 * Locking: ?? 3210 */ 3211 3212 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3213 { 3214 device_destroy(tty_class, 3215 MKDEV(driver->major, driver->minor_start) + index); 3216 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3217 cdev_del(driver->cdevs[index]); 3218 driver->cdevs[index] = NULL; 3219 } 3220 } 3221 EXPORT_SYMBOL(tty_unregister_device); 3222 3223 /** 3224 * __tty_alloc_driver -- allocate tty driver 3225 * @lines: count of lines this driver can handle at most 3226 * @owner: module which is responsible for this driver 3227 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3228 * 3229 * This should not be called directly, some of the provided macros should be 3230 * used instead. Use IS_ERR and friends on @retval. 3231 */ 3232 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3233 unsigned long flags) 3234 { 3235 struct tty_driver *driver; 3236 unsigned int cdevs = 1; 3237 int err; 3238 3239 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3240 return ERR_PTR(-EINVAL); 3241 3242 driver = kzalloc(sizeof(*driver), GFP_KERNEL); 3243 if (!driver) 3244 return ERR_PTR(-ENOMEM); 3245 3246 kref_init(&driver->kref); 3247 driver->magic = TTY_DRIVER_MAGIC; 3248 driver->num = lines; 3249 driver->owner = owner; 3250 driver->flags = flags; 3251 3252 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3253 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3254 GFP_KERNEL); 3255 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3256 GFP_KERNEL); 3257 if (!driver->ttys || !driver->termios) { 3258 err = -ENOMEM; 3259 goto err_free_all; 3260 } 3261 } 3262 3263 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3264 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3265 GFP_KERNEL); 3266 if (!driver->ports) { 3267 err = -ENOMEM; 3268 goto err_free_all; 3269 } 3270 cdevs = lines; 3271 } 3272 3273 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3274 if (!driver->cdevs) { 3275 err = -ENOMEM; 3276 goto err_free_all; 3277 } 3278 3279 return driver; 3280 err_free_all: 3281 kfree(driver->ports); 3282 kfree(driver->ttys); 3283 kfree(driver->termios); 3284 kfree(driver->cdevs); 3285 kfree(driver); 3286 return ERR_PTR(err); 3287 } 3288 EXPORT_SYMBOL(__tty_alloc_driver); 3289 3290 static void destruct_tty_driver(struct kref *kref) 3291 { 3292 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3293 int i; 3294 struct ktermios *tp; 3295 3296 if (driver->flags & TTY_DRIVER_INSTALLED) { 3297 for (i = 0; i < driver->num; i++) { 3298 tp = driver->termios[i]; 3299 if (tp) { 3300 driver->termios[i] = NULL; 3301 kfree(tp); 3302 } 3303 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3304 tty_unregister_device(driver, i); 3305 } 3306 proc_tty_unregister_driver(driver); 3307 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3308 cdev_del(driver->cdevs[0]); 3309 } 3310 kfree(driver->cdevs); 3311 kfree(driver->ports); 3312 kfree(driver->termios); 3313 kfree(driver->ttys); 3314 kfree(driver); 3315 } 3316 3317 void tty_driver_kref_put(struct tty_driver *driver) 3318 { 3319 kref_put(&driver->kref, destruct_tty_driver); 3320 } 3321 EXPORT_SYMBOL(tty_driver_kref_put); 3322 3323 void tty_set_operations(struct tty_driver *driver, 3324 const struct tty_operations *op) 3325 { 3326 driver->ops = op; 3327 }; 3328 EXPORT_SYMBOL(tty_set_operations); 3329 3330 void put_tty_driver(struct tty_driver *d) 3331 { 3332 tty_driver_kref_put(d); 3333 } 3334 EXPORT_SYMBOL(put_tty_driver); 3335 3336 /* 3337 * Called by a tty driver to register itself. 3338 */ 3339 int tty_register_driver(struct tty_driver *driver) 3340 { 3341 int error; 3342 int i; 3343 dev_t dev; 3344 struct device *d; 3345 3346 if (!driver->major) { 3347 error = alloc_chrdev_region(&dev, driver->minor_start, 3348 driver->num, driver->name); 3349 if (!error) { 3350 driver->major = MAJOR(dev); 3351 driver->minor_start = MINOR(dev); 3352 } 3353 } else { 3354 dev = MKDEV(driver->major, driver->minor_start); 3355 error = register_chrdev_region(dev, driver->num, driver->name); 3356 } 3357 if (error < 0) 3358 goto err; 3359 3360 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3361 error = tty_cdev_add(driver, dev, 0, driver->num); 3362 if (error) 3363 goto err_unreg_char; 3364 } 3365 3366 mutex_lock(&tty_mutex); 3367 list_add(&driver->tty_drivers, &tty_drivers); 3368 mutex_unlock(&tty_mutex); 3369 3370 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3371 for (i = 0; i < driver->num; i++) { 3372 d = tty_register_device(driver, i, NULL); 3373 if (IS_ERR(d)) { 3374 error = PTR_ERR(d); 3375 goto err_unreg_devs; 3376 } 3377 } 3378 } 3379 proc_tty_register_driver(driver); 3380 driver->flags |= TTY_DRIVER_INSTALLED; 3381 return 0; 3382 3383 err_unreg_devs: 3384 for (i--; i >= 0; i--) 3385 tty_unregister_device(driver, i); 3386 3387 mutex_lock(&tty_mutex); 3388 list_del(&driver->tty_drivers); 3389 mutex_unlock(&tty_mutex); 3390 3391 err_unreg_char: 3392 unregister_chrdev_region(dev, driver->num); 3393 err: 3394 return error; 3395 } 3396 EXPORT_SYMBOL(tty_register_driver); 3397 3398 /* 3399 * Called by a tty driver to unregister itself. 3400 */ 3401 int tty_unregister_driver(struct tty_driver *driver) 3402 { 3403 #if 0 3404 /* FIXME */ 3405 if (driver->refcount) 3406 return -EBUSY; 3407 #endif 3408 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3409 driver->num); 3410 mutex_lock(&tty_mutex); 3411 list_del(&driver->tty_drivers); 3412 mutex_unlock(&tty_mutex); 3413 return 0; 3414 } 3415 3416 EXPORT_SYMBOL(tty_unregister_driver); 3417 3418 dev_t tty_devnum(struct tty_struct *tty) 3419 { 3420 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3421 } 3422 EXPORT_SYMBOL(tty_devnum); 3423 3424 void tty_default_fops(struct file_operations *fops) 3425 { 3426 *fops = tty_fops; 3427 } 3428 3429 static char *tty_devnode(struct device *dev, umode_t *mode) 3430 { 3431 if (!mode) 3432 return NULL; 3433 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3434 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3435 *mode = 0666; 3436 return NULL; 3437 } 3438 3439 static int __init tty_class_init(void) 3440 { 3441 tty_class = class_create(THIS_MODULE, "tty"); 3442 if (IS_ERR(tty_class)) 3443 return PTR_ERR(tty_class); 3444 tty_class->devnode = tty_devnode; 3445 return 0; 3446 } 3447 3448 postcore_initcall(tty_class_init); 3449 3450 /* 3/2004 jmc: why do these devices exist? */ 3451 static struct cdev tty_cdev, console_cdev; 3452 3453 static ssize_t show_cons_active(struct device *dev, 3454 struct device_attribute *attr, char *buf) 3455 { 3456 struct console *cs[16]; 3457 int i = 0; 3458 struct console *c; 3459 ssize_t count = 0; 3460 3461 console_lock(); 3462 for_each_console(c) { 3463 if (!c->device) 3464 continue; 3465 if (!c->write) 3466 continue; 3467 if ((c->flags & CON_ENABLED) == 0) 3468 continue; 3469 cs[i++] = c; 3470 if (i >= ARRAY_SIZE(cs)) 3471 break; 3472 } 3473 while (i--) { 3474 int index = cs[i]->index; 3475 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3476 3477 /* don't resolve tty0 as some programs depend on it */ 3478 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3479 count += tty_line_name(drv, index, buf + count); 3480 else 3481 count += sprintf(buf + count, "%s%d", 3482 cs[i]->name, cs[i]->index); 3483 3484 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3485 } 3486 console_unlock(); 3487 3488 return count; 3489 } 3490 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3491 3492 static struct attribute *cons_dev_attrs[] = { 3493 &dev_attr_active.attr, 3494 NULL 3495 }; 3496 3497 ATTRIBUTE_GROUPS(cons_dev); 3498 3499 static struct device *consdev; 3500 3501 void console_sysfs_notify(void) 3502 { 3503 if (consdev) 3504 sysfs_notify(&consdev->kobj, NULL, "active"); 3505 } 3506 3507 /* 3508 * Ok, now we can initialize the rest of the tty devices and can count 3509 * on memory allocations, interrupts etc.. 3510 */ 3511 int __init tty_init(void) 3512 { 3513 tty_sysctl_init(); 3514 cdev_init(&tty_cdev, &tty_fops); 3515 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3516 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3517 panic("Couldn't register /dev/tty driver\n"); 3518 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3519 3520 cdev_init(&console_cdev, &console_fops); 3521 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3522 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3523 panic("Couldn't register /dev/console driver\n"); 3524 consdev = device_create_with_groups(tty_class, NULL, 3525 MKDEV(TTYAUX_MAJOR, 1), NULL, 3526 cons_dev_groups, "console"); 3527 if (IS_ERR(consdev)) 3528 consdev = NULL; 3529 3530 #ifdef CONFIG_VT 3531 vty_init(&console_fops); 3532 #endif 3533 return 0; 3534 } 3535 3536