1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 /* 7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 8 * or rs-channels. It also implements echoing, cooked mode etc. 9 * 10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 11 * 12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 13 * tty_struct and tty_queue structures. Previously there was an array 14 * of 256 tty_struct's which was statically allocated, and the 15 * tty_queue structures were allocated at boot time. Both are now 16 * dynamically allocated only when the tty is open. 17 * 18 * Also restructured routines so that there is more of a separation 19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 20 * the low-level tty routines (serial.c, pty.c, console.c). This 21 * makes for cleaner and more compact code. -TYT, 9/17/92 22 * 23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 24 * which can be dynamically activated and de-activated by the line 25 * discipline handling modules (like SLIP). 26 * 27 * NOTE: pay no attention to the line discipline code (yet); its 28 * interface is still subject to change in this version... 29 * -- TYT, 1/31/92 30 * 31 * Added functionality to the OPOST tty handling. No delays, but all 32 * other bits should be there. 33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 34 * 35 * Rewrote canonical mode and added more termios flags. 36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 37 * 38 * Reorganized FASYNC support so mouse code can share it. 39 * -- ctm@ardi.com, 9Sep95 40 * 41 * New TIOCLINUX variants added. 42 * -- mj@k332.feld.cvut.cz, 19-Nov-95 43 * 44 * Restrict vt switching via ioctl() 45 * -- grif@cs.ucr.edu, 5-Dec-95 46 * 47 * Move console and virtual terminal code to more appropriate files, 48 * implement CONFIG_VT and generalize console device interface. 49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 50 * 51 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 52 * -- Bill Hawes <whawes@star.net>, June 97 53 * 54 * Added devfs support. 55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 56 * 57 * Added support for a Unix98-style ptmx device. 58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 59 * 60 * Reduced memory usage for older ARM systems 61 * -- Russell King <rmk@arm.linux.org.uk> 62 * 63 * Move do_SAK() into process context. Less stack use in devfs functions. 64 * alloc_tty_struct() always uses kmalloc() 65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 66 */ 67 68 #include <linux/types.h> 69 #include <linux/major.h> 70 #include <linux/errno.h> 71 #include <linux/signal.h> 72 #include <linux/fcntl.h> 73 #include <linux/sched/signal.h> 74 #include <linux/sched/task.h> 75 #include <linux/interrupt.h> 76 #include <linux/tty.h> 77 #include <linux/tty_driver.h> 78 #include <linux/tty_flip.h> 79 #include <linux/devpts_fs.h> 80 #include <linux/file.h> 81 #include <linux/fdtable.h> 82 #include <linux/console.h> 83 #include <linux/timer.h> 84 #include <linux/ctype.h> 85 #include <linux/kd.h> 86 #include <linux/mm.h> 87 #include <linux/string.h> 88 #include <linux/slab.h> 89 #include <linux/poll.h> 90 #include <linux/proc_fs.h> 91 #include <linux/init.h> 92 #include <linux/module.h> 93 #include <linux/device.h> 94 #include <linux/wait.h> 95 #include <linux/bitops.h> 96 #include <linux/delay.h> 97 #include <linux/seq_file.h> 98 #include <linux/serial.h> 99 #include <linux/ratelimit.h> 100 #include <linux/compat.h> 101 102 #include <linux/uaccess.h> 103 104 #include <linux/kbd_kern.h> 105 #include <linux/vt_kern.h> 106 #include <linux/selection.h> 107 108 #include <linux/kmod.h> 109 #include <linux/nsproxy.h> 110 111 #undef TTY_DEBUG_HANGUP 112 #ifdef TTY_DEBUG_HANGUP 113 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 114 #else 115 # define tty_debug_hangup(tty, f, args...) do { } while (0) 116 #endif 117 118 #define TTY_PARANOIA_CHECK 1 119 #define CHECK_TTY_COUNT 1 120 121 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 122 .c_iflag = ICRNL | IXON, 123 .c_oflag = OPOST | ONLCR, 124 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 125 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 126 ECHOCTL | ECHOKE | IEXTEN, 127 .c_cc = INIT_C_CC, 128 .c_ispeed = 38400, 129 .c_ospeed = 38400, 130 /* .c_line = N_TTY, */ 131 }; 132 133 EXPORT_SYMBOL(tty_std_termios); 134 135 /* This list gets poked at by procfs and various bits of boot up code. This 136 could do with some rationalisation such as pulling the tty proc function 137 into this file */ 138 139 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 140 141 /* Mutex to protect creating and releasing a tty */ 142 DEFINE_MUTEX(tty_mutex); 143 144 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 145 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); 146 ssize_t redirected_tty_write(struct file *, const char __user *, 147 size_t, loff_t *); 148 static __poll_t tty_poll(struct file *, poll_table *); 149 static int tty_open(struct inode *, struct file *); 150 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 151 #ifdef CONFIG_COMPAT 152 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 153 unsigned long arg); 154 #else 155 #define tty_compat_ioctl NULL 156 #endif 157 static int __tty_fasync(int fd, struct file *filp, int on); 158 static int tty_fasync(int fd, struct file *filp, int on); 159 static void release_tty(struct tty_struct *tty, int idx); 160 161 /** 162 * free_tty_struct - free a disused tty 163 * @tty: tty struct to free 164 * 165 * Free the write buffers, tty queue and tty memory itself. 166 * 167 * Locking: none. Must be called after tty is definitely unused 168 */ 169 170 static void free_tty_struct(struct tty_struct *tty) 171 { 172 tty_ldisc_deinit(tty); 173 put_device(tty->dev); 174 kfree(tty->write_buf); 175 tty->magic = 0xDEADDEAD; 176 kfree(tty); 177 } 178 179 static inline struct tty_struct *file_tty(struct file *file) 180 { 181 return ((struct tty_file_private *)file->private_data)->tty; 182 } 183 184 int tty_alloc_file(struct file *file) 185 { 186 struct tty_file_private *priv; 187 188 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 189 if (!priv) 190 return -ENOMEM; 191 192 file->private_data = priv; 193 194 return 0; 195 } 196 197 /* Associate a new file with the tty structure */ 198 void tty_add_file(struct tty_struct *tty, struct file *file) 199 { 200 struct tty_file_private *priv = file->private_data; 201 202 priv->tty = tty; 203 priv->file = file; 204 205 spin_lock(&tty->files_lock); 206 list_add(&priv->list, &tty->tty_files); 207 spin_unlock(&tty->files_lock); 208 } 209 210 /** 211 * tty_free_file - free file->private_data 212 * 213 * This shall be used only for fail path handling when tty_add_file was not 214 * called yet. 215 */ 216 void tty_free_file(struct file *file) 217 { 218 struct tty_file_private *priv = file->private_data; 219 220 file->private_data = NULL; 221 kfree(priv); 222 } 223 224 /* Delete file from its tty */ 225 static void tty_del_file(struct file *file) 226 { 227 struct tty_file_private *priv = file->private_data; 228 struct tty_struct *tty = priv->tty; 229 230 spin_lock(&tty->files_lock); 231 list_del(&priv->list); 232 spin_unlock(&tty->files_lock); 233 tty_free_file(file); 234 } 235 236 /** 237 * tty_name - return tty naming 238 * @tty: tty structure 239 * 240 * Convert a tty structure into a name. The name reflects the kernel 241 * naming policy and if udev is in use may not reflect user space 242 * 243 * Locking: none 244 */ 245 246 const char *tty_name(const struct tty_struct *tty) 247 { 248 if (!tty) /* Hmm. NULL pointer. That's fun. */ 249 return "NULL tty"; 250 return tty->name; 251 } 252 253 EXPORT_SYMBOL(tty_name); 254 255 const char *tty_driver_name(const struct tty_struct *tty) 256 { 257 if (!tty || !tty->driver) 258 return ""; 259 return tty->driver->name; 260 } 261 262 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 263 const char *routine) 264 { 265 #ifdef TTY_PARANOIA_CHECK 266 if (!tty) { 267 pr_warn("(%d:%d): %s: NULL tty\n", 268 imajor(inode), iminor(inode), routine); 269 return 1; 270 } 271 if (tty->magic != TTY_MAGIC) { 272 pr_warn("(%d:%d): %s: bad magic number\n", 273 imajor(inode), iminor(inode), routine); 274 return 1; 275 } 276 #endif 277 return 0; 278 } 279 280 /* Caller must hold tty_lock */ 281 static int check_tty_count(struct tty_struct *tty, const char *routine) 282 { 283 #ifdef CHECK_TTY_COUNT 284 struct list_head *p; 285 int count = 0, kopen_count = 0; 286 287 spin_lock(&tty->files_lock); 288 list_for_each(p, &tty->tty_files) { 289 count++; 290 } 291 spin_unlock(&tty->files_lock); 292 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 293 tty->driver->subtype == PTY_TYPE_SLAVE && 294 tty->link && tty->link->count) 295 count++; 296 if (tty_port_kopened(tty->port)) 297 kopen_count++; 298 if (tty->count != (count + kopen_count)) { 299 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n", 300 routine, tty->count, count, kopen_count); 301 return (count + kopen_count); 302 } 303 #endif 304 return 0; 305 } 306 307 /** 308 * get_tty_driver - find device of a tty 309 * @dev_t: device identifier 310 * @index: returns the index of the tty 311 * 312 * This routine returns a tty driver structure, given a device number 313 * and also passes back the index number. 314 * 315 * Locking: caller must hold tty_mutex 316 */ 317 318 static struct tty_driver *get_tty_driver(dev_t device, int *index) 319 { 320 struct tty_driver *p; 321 322 list_for_each_entry(p, &tty_drivers, tty_drivers) { 323 dev_t base = MKDEV(p->major, p->minor_start); 324 if (device < base || device >= base + p->num) 325 continue; 326 *index = device - base; 327 return tty_driver_kref_get(p); 328 } 329 return NULL; 330 } 331 332 /** 333 * tty_dev_name_to_number - return dev_t for device name 334 * @name: user space name of device under /dev 335 * @number: pointer to dev_t that this function will populate 336 * 337 * This function converts device names like ttyS0 or ttyUSB1 into dev_t 338 * like (4, 64) or (188, 1). If no corresponding driver is registered then 339 * the function returns -ENODEV. 340 * 341 * Locking: this acquires tty_mutex to protect the tty_drivers list from 342 * being modified while we are traversing it, and makes sure to 343 * release it before exiting. 344 */ 345 int tty_dev_name_to_number(const char *name, dev_t *number) 346 { 347 struct tty_driver *p; 348 int ret; 349 int index, prefix_length = 0; 350 const char *str; 351 352 for (str = name; *str && !isdigit(*str); str++) 353 ; 354 355 if (!*str) 356 return -EINVAL; 357 358 ret = kstrtoint(str, 10, &index); 359 if (ret) 360 return ret; 361 362 prefix_length = str - name; 363 mutex_lock(&tty_mutex); 364 365 list_for_each_entry(p, &tty_drivers, tty_drivers) 366 if (prefix_length == strlen(p->name) && strncmp(name, 367 p->name, prefix_length) == 0) { 368 if (index < p->num) { 369 *number = MKDEV(p->major, p->minor_start + index); 370 goto out; 371 } 372 } 373 374 /* if here then driver wasn't found */ 375 ret = -ENODEV; 376 out: 377 mutex_unlock(&tty_mutex); 378 return ret; 379 } 380 EXPORT_SYMBOL_GPL(tty_dev_name_to_number); 381 382 #ifdef CONFIG_CONSOLE_POLL 383 384 /** 385 * tty_find_polling_driver - find device of a polled tty 386 * @name: name string to match 387 * @line: pointer to resulting tty line nr 388 * 389 * This routine returns a tty driver structure, given a name 390 * and the condition that the tty driver is capable of polled 391 * operation. 392 */ 393 struct tty_driver *tty_find_polling_driver(char *name, int *line) 394 { 395 struct tty_driver *p, *res = NULL; 396 int tty_line = 0; 397 int len; 398 char *str, *stp; 399 400 for (str = name; *str; str++) 401 if ((*str >= '0' && *str <= '9') || *str == ',') 402 break; 403 if (!*str) 404 return NULL; 405 406 len = str - name; 407 tty_line = simple_strtoul(str, &str, 10); 408 409 mutex_lock(&tty_mutex); 410 /* Search through the tty devices to look for a match */ 411 list_for_each_entry(p, &tty_drivers, tty_drivers) { 412 if (!len || strncmp(name, p->name, len) != 0) 413 continue; 414 stp = str; 415 if (*stp == ',') 416 stp++; 417 if (*stp == '\0') 418 stp = NULL; 419 420 if (tty_line >= 0 && tty_line < p->num && p->ops && 421 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 422 res = tty_driver_kref_get(p); 423 *line = tty_line; 424 break; 425 } 426 } 427 mutex_unlock(&tty_mutex); 428 429 return res; 430 } 431 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 432 #endif 433 434 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 435 size_t count, loff_t *ppos) 436 { 437 return 0; 438 } 439 440 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 441 size_t count, loff_t *ppos) 442 { 443 return -EIO; 444 } 445 446 /* No kernel lock held - none needed ;) */ 447 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait) 448 { 449 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM; 450 } 451 452 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 453 unsigned long arg) 454 { 455 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 456 } 457 458 static long hung_up_tty_compat_ioctl(struct file *file, 459 unsigned int cmd, unsigned long arg) 460 { 461 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 462 } 463 464 static int hung_up_tty_fasync(int fd, struct file *file, int on) 465 { 466 return -ENOTTY; 467 } 468 469 static void tty_show_fdinfo(struct seq_file *m, struct file *file) 470 { 471 struct tty_struct *tty = file_tty(file); 472 473 if (tty && tty->ops && tty->ops->show_fdinfo) 474 tty->ops->show_fdinfo(tty, m); 475 } 476 477 static const struct file_operations tty_fops = { 478 .llseek = no_llseek, 479 .read = tty_read, 480 .write = tty_write, 481 .poll = tty_poll, 482 .unlocked_ioctl = tty_ioctl, 483 .compat_ioctl = tty_compat_ioctl, 484 .open = tty_open, 485 .release = tty_release, 486 .fasync = tty_fasync, 487 .show_fdinfo = tty_show_fdinfo, 488 }; 489 490 static const struct file_operations console_fops = { 491 .llseek = no_llseek, 492 .read = tty_read, 493 .write = redirected_tty_write, 494 .poll = tty_poll, 495 .unlocked_ioctl = tty_ioctl, 496 .compat_ioctl = tty_compat_ioctl, 497 .open = tty_open, 498 .release = tty_release, 499 .fasync = tty_fasync, 500 }; 501 502 static const struct file_operations hung_up_tty_fops = { 503 .llseek = no_llseek, 504 .read = hung_up_tty_read, 505 .write = hung_up_tty_write, 506 .poll = hung_up_tty_poll, 507 .unlocked_ioctl = hung_up_tty_ioctl, 508 .compat_ioctl = hung_up_tty_compat_ioctl, 509 .release = tty_release, 510 .fasync = hung_up_tty_fasync, 511 }; 512 513 static DEFINE_SPINLOCK(redirect_lock); 514 static struct file *redirect; 515 516 /** 517 * tty_wakeup - request more data 518 * @tty: terminal 519 * 520 * Internal and external helper for wakeups of tty. This function 521 * informs the line discipline if present that the driver is ready 522 * to receive more output data. 523 */ 524 525 void tty_wakeup(struct tty_struct *tty) 526 { 527 struct tty_ldisc *ld; 528 529 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 530 ld = tty_ldisc_ref(tty); 531 if (ld) { 532 if (ld->ops->write_wakeup) 533 ld->ops->write_wakeup(tty); 534 tty_ldisc_deref(ld); 535 } 536 } 537 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 538 } 539 540 EXPORT_SYMBOL_GPL(tty_wakeup); 541 542 /** 543 * __tty_hangup - actual handler for hangup events 544 * @work: tty device 545 * 546 * This can be called by a "kworker" kernel thread. That is process 547 * synchronous but doesn't hold any locks, so we need to make sure we 548 * have the appropriate locks for what we're doing. 549 * 550 * The hangup event clears any pending redirections onto the hung up 551 * device. It ensures future writes will error and it does the needed 552 * line discipline hangup and signal delivery. The tty object itself 553 * remains intact. 554 * 555 * Locking: 556 * BTM 557 * redirect lock for undoing redirection 558 * file list lock for manipulating list of ttys 559 * tty_ldiscs_lock from called functions 560 * termios_rwsem resetting termios data 561 * tasklist_lock to walk task list for hangup event 562 * ->siglock to protect ->signal/->sighand 563 */ 564 static void __tty_hangup(struct tty_struct *tty, int exit_session) 565 { 566 struct file *cons_filp = NULL; 567 struct file *filp, *f = NULL; 568 struct tty_file_private *priv; 569 int closecount = 0, n; 570 int refs; 571 572 if (!tty) 573 return; 574 575 576 spin_lock(&redirect_lock); 577 if (redirect && file_tty(redirect) == tty) { 578 f = redirect; 579 redirect = NULL; 580 } 581 spin_unlock(&redirect_lock); 582 583 tty_lock(tty); 584 585 if (test_bit(TTY_HUPPED, &tty->flags)) { 586 tty_unlock(tty); 587 return; 588 } 589 590 /* 591 * Some console devices aren't actually hung up for technical and 592 * historical reasons, which can lead to indefinite interruptible 593 * sleep in n_tty_read(). The following explicitly tells 594 * n_tty_read() to abort readers. 595 */ 596 set_bit(TTY_HUPPING, &tty->flags); 597 598 /* inuse_filps is protected by the single tty lock, 599 this really needs to change if we want to flush the 600 workqueue with the lock held */ 601 check_tty_count(tty, "tty_hangup"); 602 603 spin_lock(&tty->files_lock); 604 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 605 list_for_each_entry(priv, &tty->tty_files, list) { 606 filp = priv->file; 607 if (filp->f_op->write == redirected_tty_write) 608 cons_filp = filp; 609 if (filp->f_op->write != tty_write) 610 continue; 611 closecount++; 612 __tty_fasync(-1, filp, 0); /* can't block */ 613 filp->f_op = &hung_up_tty_fops; 614 } 615 spin_unlock(&tty->files_lock); 616 617 refs = tty_signal_session_leader(tty, exit_session); 618 /* Account for the p->signal references we killed */ 619 while (refs--) 620 tty_kref_put(tty); 621 622 tty_ldisc_hangup(tty, cons_filp != NULL); 623 624 spin_lock_irq(&tty->ctrl_lock); 625 clear_bit(TTY_THROTTLED, &tty->flags); 626 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 627 put_pid(tty->session); 628 put_pid(tty->pgrp); 629 tty->session = NULL; 630 tty->pgrp = NULL; 631 tty->ctrl_status = 0; 632 spin_unlock_irq(&tty->ctrl_lock); 633 634 /* 635 * If one of the devices matches a console pointer, we 636 * cannot just call hangup() because that will cause 637 * tty->count and state->count to go out of sync. 638 * So we just call close() the right number of times. 639 */ 640 if (cons_filp) { 641 if (tty->ops->close) 642 for (n = 0; n < closecount; n++) 643 tty->ops->close(tty, cons_filp); 644 } else if (tty->ops->hangup) 645 tty->ops->hangup(tty); 646 /* 647 * We don't want to have driver/ldisc interactions beyond the ones 648 * we did here. The driver layer expects no calls after ->hangup() 649 * from the ldisc side, which is now guaranteed. 650 */ 651 set_bit(TTY_HUPPED, &tty->flags); 652 clear_bit(TTY_HUPPING, &tty->flags); 653 tty_unlock(tty); 654 655 if (f) 656 fput(f); 657 } 658 659 static void do_tty_hangup(struct work_struct *work) 660 { 661 struct tty_struct *tty = 662 container_of(work, struct tty_struct, hangup_work); 663 664 __tty_hangup(tty, 0); 665 } 666 667 /** 668 * tty_hangup - trigger a hangup event 669 * @tty: tty to hangup 670 * 671 * A carrier loss (virtual or otherwise) has occurred on this like 672 * schedule a hangup sequence to run after this event. 673 */ 674 675 void tty_hangup(struct tty_struct *tty) 676 { 677 tty_debug_hangup(tty, "hangup\n"); 678 schedule_work(&tty->hangup_work); 679 } 680 681 EXPORT_SYMBOL(tty_hangup); 682 683 /** 684 * tty_vhangup - process vhangup 685 * @tty: tty to hangup 686 * 687 * The user has asked via system call for the terminal to be hung up. 688 * We do this synchronously so that when the syscall returns the process 689 * is complete. That guarantee is necessary for security reasons. 690 */ 691 692 void tty_vhangup(struct tty_struct *tty) 693 { 694 tty_debug_hangup(tty, "vhangup\n"); 695 __tty_hangup(tty, 0); 696 } 697 698 EXPORT_SYMBOL(tty_vhangup); 699 700 701 /** 702 * tty_vhangup_self - process vhangup for own ctty 703 * 704 * Perform a vhangup on the current controlling tty 705 */ 706 707 void tty_vhangup_self(void) 708 { 709 struct tty_struct *tty; 710 711 tty = get_current_tty(); 712 if (tty) { 713 tty_vhangup(tty); 714 tty_kref_put(tty); 715 } 716 } 717 718 /** 719 * tty_vhangup_session - hangup session leader exit 720 * @tty: tty to hangup 721 * 722 * The session leader is exiting and hanging up its controlling terminal. 723 * Every process in the foreground process group is signalled SIGHUP. 724 * 725 * We do this synchronously so that when the syscall returns the process 726 * is complete. That guarantee is necessary for security reasons. 727 */ 728 729 void tty_vhangup_session(struct tty_struct *tty) 730 { 731 tty_debug_hangup(tty, "session hangup\n"); 732 __tty_hangup(tty, 1); 733 } 734 735 /** 736 * tty_hung_up_p - was tty hung up 737 * @filp: file pointer of tty 738 * 739 * Return true if the tty has been subject to a vhangup or a carrier 740 * loss 741 */ 742 743 int tty_hung_up_p(struct file *filp) 744 { 745 return (filp && filp->f_op == &hung_up_tty_fops); 746 } 747 748 EXPORT_SYMBOL(tty_hung_up_p); 749 750 /** 751 * stop_tty - propagate flow control 752 * @tty: tty to stop 753 * 754 * Perform flow control to the driver. May be called 755 * on an already stopped device and will not re-call the driver 756 * method. 757 * 758 * This functionality is used by both the line disciplines for 759 * halting incoming flow and by the driver. It may therefore be 760 * called from any context, may be under the tty atomic_write_lock 761 * but not always. 762 * 763 * Locking: 764 * flow_lock 765 */ 766 767 void __stop_tty(struct tty_struct *tty) 768 { 769 if (tty->stopped) 770 return; 771 tty->stopped = 1; 772 if (tty->ops->stop) 773 tty->ops->stop(tty); 774 } 775 776 void stop_tty(struct tty_struct *tty) 777 { 778 unsigned long flags; 779 780 spin_lock_irqsave(&tty->flow_lock, flags); 781 __stop_tty(tty); 782 spin_unlock_irqrestore(&tty->flow_lock, flags); 783 } 784 EXPORT_SYMBOL(stop_tty); 785 786 /** 787 * start_tty - propagate flow control 788 * @tty: tty to start 789 * 790 * Start a tty that has been stopped if at all possible. If this 791 * tty was previous stopped and is now being started, the driver 792 * start method is invoked and the line discipline woken. 793 * 794 * Locking: 795 * flow_lock 796 */ 797 798 void __start_tty(struct tty_struct *tty) 799 { 800 if (!tty->stopped || tty->flow_stopped) 801 return; 802 tty->stopped = 0; 803 if (tty->ops->start) 804 tty->ops->start(tty); 805 tty_wakeup(tty); 806 } 807 808 void start_tty(struct tty_struct *tty) 809 { 810 unsigned long flags; 811 812 spin_lock_irqsave(&tty->flow_lock, flags); 813 __start_tty(tty); 814 spin_unlock_irqrestore(&tty->flow_lock, flags); 815 } 816 EXPORT_SYMBOL(start_tty); 817 818 static void tty_update_time(struct timespec64 *time) 819 { 820 time64_t sec = ktime_get_real_seconds(); 821 822 /* 823 * We only care if the two values differ in anything other than the 824 * lower three bits (i.e every 8 seconds). If so, then we can update 825 * the time of the tty device, otherwise it could be construded as a 826 * security leak to let userspace know the exact timing of the tty. 827 */ 828 if ((sec ^ time->tv_sec) & ~7) 829 time->tv_sec = sec; 830 } 831 832 /** 833 * tty_read - read method for tty device files 834 * @file: pointer to tty file 835 * @buf: user buffer 836 * @count: size of user buffer 837 * @ppos: unused 838 * 839 * Perform the read system call function on this terminal device. Checks 840 * for hung up devices before calling the line discipline method. 841 * 842 * Locking: 843 * Locks the line discipline internally while needed. Multiple 844 * read calls may be outstanding in parallel. 845 */ 846 847 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 848 loff_t *ppos) 849 { 850 int i; 851 struct inode *inode = file_inode(file); 852 struct tty_struct *tty = file_tty(file); 853 struct tty_ldisc *ld; 854 855 if (tty_paranoia_check(tty, inode, "tty_read")) 856 return -EIO; 857 if (!tty || tty_io_error(tty)) 858 return -EIO; 859 860 /* We want to wait for the line discipline to sort out in this 861 situation */ 862 ld = tty_ldisc_ref_wait(tty); 863 if (!ld) 864 return hung_up_tty_read(file, buf, count, ppos); 865 if (ld->ops->read) 866 i = ld->ops->read(tty, file, buf, count); 867 else 868 i = -EIO; 869 tty_ldisc_deref(ld); 870 871 if (i > 0) 872 tty_update_time(&inode->i_atime); 873 874 return i; 875 } 876 877 static void tty_write_unlock(struct tty_struct *tty) 878 { 879 mutex_unlock(&tty->atomic_write_lock); 880 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 881 } 882 883 static int tty_write_lock(struct tty_struct *tty, int ndelay) 884 { 885 if (!mutex_trylock(&tty->atomic_write_lock)) { 886 if (ndelay) 887 return -EAGAIN; 888 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 889 return -ERESTARTSYS; 890 } 891 return 0; 892 } 893 894 /* 895 * Split writes up in sane blocksizes to avoid 896 * denial-of-service type attacks 897 */ 898 static inline ssize_t do_tty_write( 899 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 900 struct tty_struct *tty, 901 struct file *file, 902 const char __user *buf, 903 size_t count) 904 { 905 ssize_t ret, written = 0; 906 unsigned int chunk; 907 908 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 909 if (ret < 0) 910 return ret; 911 912 /* 913 * We chunk up writes into a temporary buffer. This 914 * simplifies low-level drivers immensely, since they 915 * don't have locking issues and user mode accesses. 916 * 917 * But if TTY_NO_WRITE_SPLIT is set, we should use a 918 * big chunk-size.. 919 * 920 * The default chunk-size is 2kB, because the NTTY 921 * layer has problems with bigger chunks. It will 922 * claim to be able to handle more characters than 923 * it actually does. 924 * 925 * FIXME: This can probably go away now except that 64K chunks 926 * are too likely to fail unless switched to vmalloc... 927 */ 928 chunk = 2048; 929 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 930 chunk = 65536; 931 if (count < chunk) 932 chunk = count; 933 934 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 935 if (tty->write_cnt < chunk) { 936 unsigned char *buf_chunk; 937 938 if (chunk < 1024) 939 chunk = 1024; 940 941 buf_chunk = kmalloc(chunk, GFP_KERNEL); 942 if (!buf_chunk) { 943 ret = -ENOMEM; 944 goto out; 945 } 946 kfree(tty->write_buf); 947 tty->write_cnt = chunk; 948 tty->write_buf = buf_chunk; 949 } 950 951 /* Do the write .. */ 952 for (;;) { 953 size_t size = count; 954 if (size > chunk) 955 size = chunk; 956 ret = -EFAULT; 957 if (copy_from_user(tty->write_buf, buf, size)) 958 break; 959 ret = write(tty, file, tty->write_buf, size); 960 if (ret <= 0) 961 break; 962 written += ret; 963 buf += ret; 964 count -= ret; 965 if (!count) 966 break; 967 ret = -ERESTARTSYS; 968 if (signal_pending(current)) 969 break; 970 cond_resched(); 971 } 972 if (written) { 973 tty_update_time(&file_inode(file)->i_mtime); 974 ret = written; 975 } 976 out: 977 tty_write_unlock(tty); 978 return ret; 979 } 980 981 /** 982 * tty_write_message - write a message to a certain tty, not just the console. 983 * @tty: the destination tty_struct 984 * @msg: the message to write 985 * 986 * This is used for messages that need to be redirected to a specific tty. 987 * We don't put it into the syslog queue right now maybe in the future if 988 * really needed. 989 * 990 * We must still hold the BTM and test the CLOSING flag for the moment. 991 */ 992 993 void tty_write_message(struct tty_struct *tty, char *msg) 994 { 995 if (tty) { 996 mutex_lock(&tty->atomic_write_lock); 997 tty_lock(tty); 998 if (tty->ops->write && tty->count > 0) 999 tty->ops->write(tty, msg, strlen(msg)); 1000 tty_unlock(tty); 1001 tty_write_unlock(tty); 1002 } 1003 return; 1004 } 1005 1006 1007 /** 1008 * tty_write - write method for tty device file 1009 * @file: tty file pointer 1010 * @buf: user data to write 1011 * @count: bytes to write 1012 * @ppos: unused 1013 * 1014 * Write data to a tty device via the line discipline. 1015 * 1016 * Locking: 1017 * Locks the line discipline as required 1018 * Writes to the tty driver are serialized by the atomic_write_lock 1019 * and are then processed in chunks to the device. The line discipline 1020 * write method will not be invoked in parallel for each device. 1021 */ 1022 1023 static ssize_t tty_write(struct file *file, const char __user *buf, 1024 size_t count, loff_t *ppos) 1025 { 1026 struct tty_struct *tty = file_tty(file); 1027 struct tty_ldisc *ld; 1028 ssize_t ret; 1029 1030 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1031 return -EIO; 1032 if (!tty || !tty->ops->write || tty_io_error(tty)) 1033 return -EIO; 1034 /* Short term debug to catch buggy drivers */ 1035 if (tty->ops->write_room == NULL) 1036 tty_err(tty, "missing write_room method\n"); 1037 ld = tty_ldisc_ref_wait(tty); 1038 if (!ld) 1039 return hung_up_tty_write(file, buf, count, ppos); 1040 if (!ld->ops->write) 1041 ret = -EIO; 1042 else 1043 ret = do_tty_write(ld->ops->write, tty, file, buf, count); 1044 tty_ldisc_deref(ld); 1045 return ret; 1046 } 1047 1048 ssize_t redirected_tty_write(struct file *file, const char __user *buf, 1049 size_t count, loff_t *ppos) 1050 { 1051 struct file *p = NULL; 1052 1053 spin_lock(&redirect_lock); 1054 if (redirect) 1055 p = get_file(redirect); 1056 spin_unlock(&redirect_lock); 1057 1058 if (p) { 1059 ssize_t res; 1060 res = vfs_write(p, buf, count, &p->f_pos); 1061 fput(p); 1062 return res; 1063 } 1064 return tty_write(file, buf, count, ppos); 1065 } 1066 1067 /** 1068 * tty_send_xchar - send priority character 1069 * 1070 * Send a high priority character to the tty even if stopped 1071 * 1072 * Locking: none for xchar method, write ordering for write method. 1073 */ 1074 1075 int tty_send_xchar(struct tty_struct *tty, char ch) 1076 { 1077 int was_stopped = tty->stopped; 1078 1079 if (tty->ops->send_xchar) { 1080 down_read(&tty->termios_rwsem); 1081 tty->ops->send_xchar(tty, ch); 1082 up_read(&tty->termios_rwsem); 1083 return 0; 1084 } 1085 1086 if (tty_write_lock(tty, 0) < 0) 1087 return -ERESTARTSYS; 1088 1089 down_read(&tty->termios_rwsem); 1090 if (was_stopped) 1091 start_tty(tty); 1092 tty->ops->write(tty, &ch, 1); 1093 if (was_stopped) 1094 stop_tty(tty); 1095 up_read(&tty->termios_rwsem); 1096 tty_write_unlock(tty); 1097 return 0; 1098 } 1099 1100 static char ptychar[] = "pqrstuvwxyzabcde"; 1101 1102 /** 1103 * pty_line_name - generate name for a pty 1104 * @driver: the tty driver in use 1105 * @index: the minor number 1106 * @p: output buffer of at least 6 bytes 1107 * 1108 * Generate a name from a driver reference and write it to the output 1109 * buffer. 1110 * 1111 * Locking: None 1112 */ 1113 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1114 { 1115 int i = index + driver->name_base; 1116 /* ->name is initialized to "ttyp", but "tty" is expected */ 1117 sprintf(p, "%s%c%x", 1118 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1119 ptychar[i >> 4 & 0xf], i & 0xf); 1120 } 1121 1122 /** 1123 * tty_line_name - generate name for a tty 1124 * @driver: the tty driver in use 1125 * @index: the minor number 1126 * @p: output buffer of at least 7 bytes 1127 * 1128 * Generate a name from a driver reference and write it to the output 1129 * buffer. 1130 * 1131 * Locking: None 1132 */ 1133 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1134 { 1135 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1136 return sprintf(p, "%s", driver->name); 1137 else 1138 return sprintf(p, "%s%d", driver->name, 1139 index + driver->name_base); 1140 } 1141 1142 /** 1143 * tty_driver_lookup_tty() - find an existing tty, if any 1144 * @driver: the driver for the tty 1145 * @idx: the minor number 1146 * 1147 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the 1148 * driver lookup() method returns an error. 1149 * 1150 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1151 */ 1152 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1153 struct file *file, int idx) 1154 { 1155 struct tty_struct *tty; 1156 1157 if (driver->ops->lookup) 1158 if (!file) 1159 tty = ERR_PTR(-EIO); 1160 else 1161 tty = driver->ops->lookup(driver, file, idx); 1162 else 1163 tty = driver->ttys[idx]; 1164 1165 if (!IS_ERR(tty)) 1166 tty_kref_get(tty); 1167 return tty; 1168 } 1169 1170 /** 1171 * tty_init_termios - helper for termios setup 1172 * @tty: the tty to set up 1173 * 1174 * Initialise the termios structures for this tty. Thus runs under 1175 * the tty_mutex currently so we can be relaxed about ordering. 1176 */ 1177 1178 void tty_init_termios(struct tty_struct *tty) 1179 { 1180 struct ktermios *tp; 1181 int idx = tty->index; 1182 1183 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1184 tty->termios = tty->driver->init_termios; 1185 else { 1186 /* Check for lazy saved data */ 1187 tp = tty->driver->termios[idx]; 1188 if (tp != NULL) { 1189 tty->termios = *tp; 1190 tty->termios.c_line = tty->driver->init_termios.c_line; 1191 } else 1192 tty->termios = tty->driver->init_termios; 1193 } 1194 /* Compatibility until drivers always set this */ 1195 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1196 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1197 } 1198 EXPORT_SYMBOL_GPL(tty_init_termios); 1199 1200 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1201 { 1202 tty_init_termios(tty); 1203 tty_driver_kref_get(driver); 1204 tty->count++; 1205 driver->ttys[tty->index] = tty; 1206 return 0; 1207 } 1208 EXPORT_SYMBOL_GPL(tty_standard_install); 1209 1210 /** 1211 * tty_driver_install_tty() - install a tty entry in the driver 1212 * @driver: the driver for the tty 1213 * @tty: the tty 1214 * 1215 * Install a tty object into the driver tables. The tty->index field 1216 * will be set by the time this is called. This method is responsible 1217 * for ensuring any need additional structures are allocated and 1218 * configured. 1219 * 1220 * Locking: tty_mutex for now 1221 */ 1222 static int tty_driver_install_tty(struct tty_driver *driver, 1223 struct tty_struct *tty) 1224 { 1225 return driver->ops->install ? driver->ops->install(driver, tty) : 1226 tty_standard_install(driver, tty); 1227 } 1228 1229 /** 1230 * tty_driver_remove_tty() - remove a tty from the driver tables 1231 * @driver: the driver for the tty 1232 * @idx: the minor number 1233 * 1234 * Remvoe a tty object from the driver tables. The tty->index field 1235 * will be set by the time this is called. 1236 * 1237 * Locking: tty_mutex for now 1238 */ 1239 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1240 { 1241 if (driver->ops->remove) 1242 driver->ops->remove(driver, tty); 1243 else 1244 driver->ttys[tty->index] = NULL; 1245 } 1246 1247 /* 1248 * tty_reopen() - fast re-open of an open tty 1249 * @tty - the tty to open 1250 * 1251 * Return 0 on success, -errno on error. 1252 * Re-opens on master ptys are not allowed and return -EIO. 1253 * 1254 * Locking: Caller must hold tty_lock 1255 */ 1256 static int tty_reopen(struct tty_struct *tty) 1257 { 1258 struct tty_driver *driver = tty->driver; 1259 int retval; 1260 1261 if (driver->type == TTY_DRIVER_TYPE_PTY && 1262 driver->subtype == PTY_TYPE_MASTER) 1263 return -EIO; 1264 1265 if (!tty->count) 1266 return -EAGAIN; 1267 1268 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1269 return -EBUSY; 1270 1271 tty->count++; 1272 1273 if (tty->ldisc) 1274 return 0; 1275 1276 retval = tty_ldisc_reinit(tty, tty->termios.c_line); 1277 if (retval) 1278 tty->count--; 1279 1280 return retval; 1281 } 1282 1283 /** 1284 * tty_init_dev - initialise a tty device 1285 * @driver: tty driver we are opening a device on 1286 * @idx: device index 1287 * @ret_tty: returned tty structure 1288 * 1289 * Prepare a tty device. This may not be a "new" clean device but 1290 * could also be an active device. The pty drivers require special 1291 * handling because of this. 1292 * 1293 * Locking: 1294 * The function is called under the tty_mutex, which 1295 * protects us from the tty struct or driver itself going away. 1296 * 1297 * On exit the tty device has the line discipline attached and 1298 * a reference count of 1. If a pair was created for pty/tty use 1299 * and the other was a pty master then it too has a reference count of 1. 1300 * 1301 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1302 * failed open. The new code protects the open with a mutex, so it's 1303 * really quite straightforward. The mutex locking can probably be 1304 * relaxed for the (most common) case of reopening a tty. 1305 */ 1306 1307 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1308 { 1309 struct tty_struct *tty; 1310 int retval; 1311 1312 /* 1313 * First time open is complex, especially for PTY devices. 1314 * This code guarantees that either everything succeeds and the 1315 * TTY is ready for operation, or else the table slots are vacated 1316 * and the allocated memory released. (Except that the termios 1317 * may be retained.) 1318 */ 1319 1320 if (!try_module_get(driver->owner)) 1321 return ERR_PTR(-ENODEV); 1322 1323 tty = alloc_tty_struct(driver, idx); 1324 if (!tty) { 1325 retval = -ENOMEM; 1326 goto err_module_put; 1327 } 1328 1329 tty_lock(tty); 1330 retval = tty_driver_install_tty(driver, tty); 1331 if (retval < 0) 1332 goto err_free_tty; 1333 1334 if (!tty->port) 1335 tty->port = driver->ports[idx]; 1336 1337 WARN_RATELIMIT(!tty->port, 1338 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", 1339 __func__, tty->driver->name); 1340 1341 retval = tty_ldisc_lock(tty, 5 * HZ); 1342 if (retval) 1343 goto err_release_lock; 1344 tty->port->itty = tty; 1345 1346 /* 1347 * Structures all installed ... call the ldisc open routines. 1348 * If we fail here just call release_tty to clean up. No need 1349 * to decrement the use counts, as release_tty doesn't care. 1350 */ 1351 retval = tty_ldisc_setup(tty, tty->link); 1352 if (retval) 1353 goto err_release_tty; 1354 tty_ldisc_unlock(tty); 1355 /* Return the tty locked so that it cannot vanish under the caller */ 1356 return tty; 1357 1358 err_free_tty: 1359 tty_unlock(tty); 1360 free_tty_struct(tty); 1361 err_module_put: 1362 module_put(driver->owner); 1363 return ERR_PTR(retval); 1364 1365 /* call the tty release_tty routine to clean out this slot */ 1366 err_release_tty: 1367 tty_ldisc_unlock(tty); 1368 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", 1369 retval, idx); 1370 err_release_lock: 1371 tty_unlock(tty); 1372 release_tty(tty, idx); 1373 return ERR_PTR(retval); 1374 } 1375 1376 static void tty_free_termios(struct tty_struct *tty) 1377 { 1378 struct ktermios *tp; 1379 int idx = tty->index; 1380 1381 /* If the port is going to reset then it has no termios to save */ 1382 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1383 return; 1384 1385 /* Stash the termios data */ 1386 tp = tty->driver->termios[idx]; 1387 if (tp == NULL) { 1388 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL); 1389 if (tp == NULL) 1390 return; 1391 tty->driver->termios[idx] = tp; 1392 } 1393 *tp = tty->termios; 1394 } 1395 1396 /** 1397 * tty_flush_works - flush all works of a tty/pty pair 1398 * @tty: tty device to flush works for (or either end of a pty pair) 1399 * 1400 * Sync flush all works belonging to @tty (and the 'other' tty). 1401 */ 1402 static void tty_flush_works(struct tty_struct *tty) 1403 { 1404 flush_work(&tty->SAK_work); 1405 flush_work(&tty->hangup_work); 1406 if (tty->link) { 1407 flush_work(&tty->link->SAK_work); 1408 flush_work(&tty->link->hangup_work); 1409 } 1410 } 1411 1412 /** 1413 * release_one_tty - release tty structure memory 1414 * @kref: kref of tty we are obliterating 1415 * 1416 * Releases memory associated with a tty structure, and clears out the 1417 * driver table slots. This function is called when a device is no longer 1418 * in use. It also gets called when setup of a device fails. 1419 * 1420 * Locking: 1421 * takes the file list lock internally when working on the list 1422 * of ttys that the driver keeps. 1423 * 1424 * This method gets called from a work queue so that the driver private 1425 * cleanup ops can sleep (needed for USB at least) 1426 */ 1427 static void release_one_tty(struct work_struct *work) 1428 { 1429 struct tty_struct *tty = 1430 container_of(work, struct tty_struct, hangup_work); 1431 struct tty_driver *driver = tty->driver; 1432 struct module *owner = driver->owner; 1433 1434 if (tty->ops->cleanup) 1435 tty->ops->cleanup(tty); 1436 1437 tty->magic = 0; 1438 tty_driver_kref_put(driver); 1439 module_put(owner); 1440 1441 spin_lock(&tty->files_lock); 1442 list_del_init(&tty->tty_files); 1443 spin_unlock(&tty->files_lock); 1444 1445 put_pid(tty->pgrp); 1446 put_pid(tty->session); 1447 free_tty_struct(tty); 1448 } 1449 1450 static void queue_release_one_tty(struct kref *kref) 1451 { 1452 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1453 1454 /* The hangup queue is now free so we can reuse it rather than 1455 waste a chunk of memory for each port */ 1456 INIT_WORK(&tty->hangup_work, release_one_tty); 1457 schedule_work(&tty->hangup_work); 1458 } 1459 1460 /** 1461 * tty_kref_put - release a tty kref 1462 * @tty: tty device 1463 * 1464 * Release a reference to a tty device and if need be let the kref 1465 * layer destruct the object for us 1466 */ 1467 1468 void tty_kref_put(struct tty_struct *tty) 1469 { 1470 if (tty) 1471 kref_put(&tty->kref, queue_release_one_tty); 1472 } 1473 EXPORT_SYMBOL(tty_kref_put); 1474 1475 /** 1476 * release_tty - release tty structure memory 1477 * 1478 * Release both @tty and a possible linked partner (think pty pair), 1479 * and decrement the refcount of the backing module. 1480 * 1481 * Locking: 1482 * tty_mutex 1483 * takes the file list lock internally when working on the list 1484 * of ttys that the driver keeps. 1485 * 1486 */ 1487 static void release_tty(struct tty_struct *tty, int idx) 1488 { 1489 /* This should always be true but check for the moment */ 1490 WARN_ON(tty->index != idx); 1491 WARN_ON(!mutex_is_locked(&tty_mutex)); 1492 if (tty->ops->shutdown) 1493 tty->ops->shutdown(tty); 1494 tty_free_termios(tty); 1495 tty_driver_remove_tty(tty->driver, tty); 1496 tty->port->itty = NULL; 1497 if (tty->link) 1498 tty->link->port->itty = NULL; 1499 tty_buffer_cancel_work(tty->port); 1500 if (tty->link) 1501 tty_buffer_cancel_work(tty->link->port); 1502 1503 tty_kref_put(tty->link); 1504 tty_kref_put(tty); 1505 } 1506 1507 /** 1508 * tty_release_checks - check a tty before real release 1509 * @tty: tty to check 1510 * @o_tty: link of @tty (if any) 1511 * @idx: index of the tty 1512 * 1513 * Performs some paranoid checking before true release of the @tty. 1514 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1515 */ 1516 static int tty_release_checks(struct tty_struct *tty, int idx) 1517 { 1518 #ifdef TTY_PARANOIA_CHECK 1519 if (idx < 0 || idx >= tty->driver->num) { 1520 tty_debug(tty, "bad idx %d\n", idx); 1521 return -1; 1522 } 1523 1524 /* not much to check for devpts */ 1525 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1526 return 0; 1527 1528 if (tty != tty->driver->ttys[idx]) { 1529 tty_debug(tty, "bad driver table[%d] = %p\n", 1530 idx, tty->driver->ttys[idx]); 1531 return -1; 1532 } 1533 if (tty->driver->other) { 1534 struct tty_struct *o_tty = tty->link; 1535 1536 if (o_tty != tty->driver->other->ttys[idx]) { 1537 tty_debug(tty, "bad other table[%d] = %p\n", 1538 idx, tty->driver->other->ttys[idx]); 1539 return -1; 1540 } 1541 if (o_tty->link != tty) { 1542 tty_debug(tty, "bad link = %p\n", o_tty->link); 1543 return -1; 1544 } 1545 } 1546 #endif 1547 return 0; 1548 } 1549 1550 /** 1551 * tty_kclose - closes tty opened by tty_kopen 1552 * @tty: tty device 1553 * 1554 * Performs the final steps to release and free a tty device. It is the 1555 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED 1556 * flag on tty->port. 1557 */ 1558 void tty_kclose(struct tty_struct *tty) 1559 { 1560 /* 1561 * Ask the line discipline code to release its structures 1562 */ 1563 tty_ldisc_release(tty); 1564 1565 /* Wait for pending work before tty destruction commmences */ 1566 tty_flush_works(tty); 1567 1568 tty_debug_hangup(tty, "freeing structure\n"); 1569 /* 1570 * The release_tty function takes care of the details of clearing 1571 * the slots and preserving the termios structure. The tty_unlock_pair 1572 * should be safe as we keep a kref while the tty is locked (so the 1573 * unlock never unlocks a freed tty). 1574 */ 1575 mutex_lock(&tty_mutex); 1576 tty_port_set_kopened(tty->port, 0); 1577 release_tty(tty, tty->index); 1578 mutex_unlock(&tty_mutex); 1579 } 1580 EXPORT_SYMBOL_GPL(tty_kclose); 1581 1582 /** 1583 * tty_release_struct - release a tty struct 1584 * @tty: tty device 1585 * @idx: index of the tty 1586 * 1587 * Performs the final steps to release and free a tty device. It is 1588 * roughly the reverse of tty_init_dev. 1589 */ 1590 void tty_release_struct(struct tty_struct *tty, int idx) 1591 { 1592 /* 1593 * Ask the line discipline code to release its structures 1594 */ 1595 tty_ldisc_release(tty); 1596 1597 /* Wait for pending work before tty destruction commmences */ 1598 tty_flush_works(tty); 1599 1600 tty_debug_hangup(tty, "freeing structure\n"); 1601 /* 1602 * The release_tty function takes care of the details of clearing 1603 * the slots and preserving the termios structure. The tty_unlock_pair 1604 * should be safe as we keep a kref while the tty is locked (so the 1605 * unlock never unlocks a freed tty). 1606 */ 1607 mutex_lock(&tty_mutex); 1608 release_tty(tty, idx); 1609 mutex_unlock(&tty_mutex); 1610 } 1611 EXPORT_SYMBOL_GPL(tty_release_struct); 1612 1613 /** 1614 * tty_release - vfs callback for close 1615 * @inode: inode of tty 1616 * @filp: file pointer for handle to tty 1617 * 1618 * Called the last time each file handle is closed that references 1619 * this tty. There may however be several such references. 1620 * 1621 * Locking: 1622 * Takes bkl. See tty_release_dev 1623 * 1624 * Even releasing the tty structures is a tricky business.. We have 1625 * to be very careful that the structures are all released at the 1626 * same time, as interrupts might otherwise get the wrong pointers. 1627 * 1628 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1629 * lead to double frees or releasing memory still in use. 1630 */ 1631 1632 int tty_release(struct inode *inode, struct file *filp) 1633 { 1634 struct tty_struct *tty = file_tty(filp); 1635 struct tty_struct *o_tty = NULL; 1636 int do_sleep, final; 1637 int idx; 1638 long timeout = 0; 1639 int once = 1; 1640 1641 if (tty_paranoia_check(tty, inode, __func__)) 1642 return 0; 1643 1644 tty_lock(tty); 1645 check_tty_count(tty, __func__); 1646 1647 __tty_fasync(-1, filp, 0); 1648 1649 idx = tty->index; 1650 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1651 tty->driver->subtype == PTY_TYPE_MASTER) 1652 o_tty = tty->link; 1653 1654 if (tty_release_checks(tty, idx)) { 1655 tty_unlock(tty); 1656 return 0; 1657 } 1658 1659 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count); 1660 1661 if (tty->ops->close) 1662 tty->ops->close(tty, filp); 1663 1664 /* If tty is pty master, lock the slave pty (stable lock order) */ 1665 tty_lock_slave(o_tty); 1666 1667 /* 1668 * Sanity check: if tty->count is going to zero, there shouldn't be 1669 * any waiters on tty->read_wait or tty->write_wait. We test the 1670 * wait queues and kick everyone out _before_ actually starting to 1671 * close. This ensures that we won't block while releasing the tty 1672 * structure. 1673 * 1674 * The test for the o_tty closing is necessary, since the master and 1675 * slave sides may close in any order. If the slave side closes out 1676 * first, its count will be one, since the master side holds an open. 1677 * Thus this test wouldn't be triggered at the time the slave closed, 1678 * so we do it now. 1679 */ 1680 while (1) { 1681 do_sleep = 0; 1682 1683 if (tty->count <= 1) { 1684 if (waitqueue_active(&tty->read_wait)) { 1685 wake_up_poll(&tty->read_wait, EPOLLIN); 1686 do_sleep++; 1687 } 1688 if (waitqueue_active(&tty->write_wait)) { 1689 wake_up_poll(&tty->write_wait, EPOLLOUT); 1690 do_sleep++; 1691 } 1692 } 1693 if (o_tty && o_tty->count <= 1) { 1694 if (waitqueue_active(&o_tty->read_wait)) { 1695 wake_up_poll(&o_tty->read_wait, EPOLLIN); 1696 do_sleep++; 1697 } 1698 if (waitqueue_active(&o_tty->write_wait)) { 1699 wake_up_poll(&o_tty->write_wait, EPOLLOUT); 1700 do_sleep++; 1701 } 1702 } 1703 if (!do_sleep) 1704 break; 1705 1706 if (once) { 1707 once = 0; 1708 tty_warn(tty, "read/write wait queue active!\n"); 1709 } 1710 schedule_timeout_killable(timeout); 1711 if (timeout < 120 * HZ) 1712 timeout = 2 * timeout + 1; 1713 else 1714 timeout = MAX_SCHEDULE_TIMEOUT; 1715 } 1716 1717 if (o_tty) { 1718 if (--o_tty->count < 0) { 1719 tty_warn(tty, "bad slave count (%d)\n", o_tty->count); 1720 o_tty->count = 0; 1721 } 1722 } 1723 if (--tty->count < 0) { 1724 tty_warn(tty, "bad tty->count (%d)\n", tty->count); 1725 tty->count = 0; 1726 } 1727 1728 /* 1729 * We've decremented tty->count, so we need to remove this file 1730 * descriptor off the tty->tty_files list; this serves two 1731 * purposes: 1732 * - check_tty_count sees the correct number of file descriptors 1733 * associated with this tty. 1734 * - do_tty_hangup no longer sees this file descriptor as 1735 * something that needs to be handled for hangups. 1736 */ 1737 tty_del_file(filp); 1738 1739 /* 1740 * Perform some housekeeping before deciding whether to return. 1741 * 1742 * If _either_ side is closing, make sure there aren't any 1743 * processes that still think tty or o_tty is their controlling 1744 * tty. 1745 */ 1746 if (!tty->count) { 1747 read_lock(&tasklist_lock); 1748 session_clear_tty(tty->session); 1749 if (o_tty) 1750 session_clear_tty(o_tty->session); 1751 read_unlock(&tasklist_lock); 1752 } 1753 1754 /* check whether both sides are closing ... */ 1755 final = !tty->count && !(o_tty && o_tty->count); 1756 1757 tty_unlock_slave(o_tty); 1758 tty_unlock(tty); 1759 1760 /* At this point, the tty->count == 0 should ensure a dead tty 1761 cannot be re-opened by a racing opener */ 1762 1763 if (!final) 1764 return 0; 1765 1766 tty_debug_hangup(tty, "final close\n"); 1767 1768 tty_release_struct(tty, idx); 1769 return 0; 1770 } 1771 1772 /** 1773 * tty_open_current_tty - get locked tty of current task 1774 * @device: device number 1775 * @filp: file pointer to tty 1776 * @return: locked tty of the current task iff @device is /dev/tty 1777 * 1778 * Performs a re-open of the current task's controlling tty. 1779 * 1780 * We cannot return driver and index like for the other nodes because 1781 * devpts will not work then. It expects inodes to be from devpts FS. 1782 */ 1783 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1784 { 1785 struct tty_struct *tty; 1786 int retval; 1787 1788 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1789 return NULL; 1790 1791 tty = get_current_tty(); 1792 if (!tty) 1793 return ERR_PTR(-ENXIO); 1794 1795 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1796 /* noctty = 1; */ 1797 tty_lock(tty); 1798 tty_kref_put(tty); /* safe to drop the kref now */ 1799 1800 retval = tty_reopen(tty); 1801 if (retval < 0) { 1802 tty_unlock(tty); 1803 tty = ERR_PTR(retval); 1804 } 1805 return tty; 1806 } 1807 1808 /** 1809 * tty_lookup_driver - lookup a tty driver for a given device file 1810 * @device: device number 1811 * @filp: file pointer to tty 1812 * @index: index for the device in the @return driver 1813 * @return: driver for this inode (with increased refcount) 1814 * 1815 * If @return is not erroneous, the caller is responsible to decrement the 1816 * refcount by tty_driver_kref_put. 1817 * 1818 * Locking: tty_mutex protects get_tty_driver 1819 */ 1820 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1821 int *index) 1822 { 1823 struct tty_driver *driver; 1824 1825 switch (device) { 1826 #ifdef CONFIG_VT 1827 case MKDEV(TTY_MAJOR, 0): { 1828 extern struct tty_driver *console_driver; 1829 driver = tty_driver_kref_get(console_driver); 1830 *index = fg_console; 1831 break; 1832 } 1833 #endif 1834 case MKDEV(TTYAUX_MAJOR, 1): { 1835 struct tty_driver *console_driver = console_device(index); 1836 if (console_driver) { 1837 driver = tty_driver_kref_get(console_driver); 1838 if (driver && filp) { 1839 /* Don't let /dev/console block */ 1840 filp->f_flags |= O_NONBLOCK; 1841 break; 1842 } 1843 } 1844 return ERR_PTR(-ENODEV); 1845 } 1846 default: 1847 driver = get_tty_driver(device, index); 1848 if (!driver) 1849 return ERR_PTR(-ENODEV); 1850 break; 1851 } 1852 return driver; 1853 } 1854 1855 /** 1856 * tty_kopen - open a tty device for kernel 1857 * @device: dev_t of device to open 1858 * 1859 * Opens tty exclusively for kernel. Performs the driver lookup, 1860 * makes sure it's not already opened and performs the first-time 1861 * tty initialization. 1862 * 1863 * Returns the locked initialized &tty_struct 1864 * 1865 * Claims the global tty_mutex to serialize: 1866 * - concurrent first-time tty initialization 1867 * - concurrent tty driver removal w/ lookup 1868 * - concurrent tty removal from driver table 1869 */ 1870 struct tty_struct *tty_kopen(dev_t device) 1871 { 1872 struct tty_struct *tty; 1873 struct tty_driver *driver = NULL; 1874 int index = -1; 1875 1876 mutex_lock(&tty_mutex); 1877 driver = tty_lookup_driver(device, NULL, &index); 1878 if (IS_ERR(driver)) { 1879 mutex_unlock(&tty_mutex); 1880 return ERR_CAST(driver); 1881 } 1882 1883 /* check whether we're reopening an existing tty */ 1884 tty = tty_driver_lookup_tty(driver, NULL, index); 1885 if (IS_ERR(tty)) 1886 goto out; 1887 1888 if (tty) { 1889 /* drop kref from tty_driver_lookup_tty() */ 1890 tty_kref_put(tty); 1891 tty = ERR_PTR(-EBUSY); 1892 } else { /* tty_init_dev returns tty with the tty_lock held */ 1893 tty = tty_init_dev(driver, index); 1894 if (IS_ERR(tty)) 1895 goto out; 1896 tty_port_set_kopened(tty->port, 1); 1897 } 1898 out: 1899 mutex_unlock(&tty_mutex); 1900 tty_driver_kref_put(driver); 1901 return tty; 1902 } 1903 EXPORT_SYMBOL_GPL(tty_kopen); 1904 1905 /** 1906 * tty_open_by_driver - open a tty device 1907 * @device: dev_t of device to open 1908 * @inode: inode of device file 1909 * @filp: file pointer to tty 1910 * 1911 * Performs the driver lookup, checks for a reopen, or otherwise 1912 * performs the first-time tty initialization. 1913 * 1914 * Returns the locked initialized or re-opened &tty_struct 1915 * 1916 * Claims the global tty_mutex to serialize: 1917 * - concurrent first-time tty initialization 1918 * - concurrent tty driver removal w/ lookup 1919 * - concurrent tty removal from driver table 1920 */ 1921 static struct tty_struct *tty_open_by_driver(dev_t device, struct inode *inode, 1922 struct file *filp) 1923 { 1924 struct tty_struct *tty; 1925 struct tty_driver *driver = NULL; 1926 int index = -1; 1927 int retval; 1928 1929 mutex_lock(&tty_mutex); 1930 driver = tty_lookup_driver(device, filp, &index); 1931 if (IS_ERR(driver)) { 1932 mutex_unlock(&tty_mutex); 1933 return ERR_CAST(driver); 1934 } 1935 1936 /* check whether we're reopening an existing tty */ 1937 tty = tty_driver_lookup_tty(driver, filp, index); 1938 if (IS_ERR(tty)) { 1939 mutex_unlock(&tty_mutex); 1940 goto out; 1941 } 1942 1943 if (tty) { 1944 if (tty_port_kopened(tty->port)) { 1945 tty_kref_put(tty); 1946 mutex_unlock(&tty_mutex); 1947 tty = ERR_PTR(-EBUSY); 1948 goto out; 1949 } 1950 mutex_unlock(&tty_mutex); 1951 retval = tty_lock_interruptible(tty); 1952 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */ 1953 if (retval) { 1954 if (retval == -EINTR) 1955 retval = -ERESTARTSYS; 1956 tty = ERR_PTR(retval); 1957 goto out; 1958 } 1959 retval = tty_reopen(tty); 1960 if (retval < 0) { 1961 tty_unlock(tty); 1962 tty = ERR_PTR(retval); 1963 } 1964 } else { /* Returns with the tty_lock held for now */ 1965 tty = tty_init_dev(driver, index); 1966 mutex_unlock(&tty_mutex); 1967 } 1968 out: 1969 tty_driver_kref_put(driver); 1970 return tty; 1971 } 1972 1973 /** 1974 * tty_open - open a tty device 1975 * @inode: inode of device file 1976 * @filp: file pointer to tty 1977 * 1978 * tty_open and tty_release keep up the tty count that contains the 1979 * number of opens done on a tty. We cannot use the inode-count, as 1980 * different inodes might point to the same tty. 1981 * 1982 * Open-counting is needed for pty masters, as well as for keeping 1983 * track of serial lines: DTR is dropped when the last close happens. 1984 * (This is not done solely through tty->count, now. - Ted 1/27/92) 1985 * 1986 * The termios state of a pty is reset on first open so that 1987 * settings don't persist across reuse. 1988 * 1989 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 1990 * tty->count should protect the rest. 1991 * ->siglock protects ->signal/->sighand 1992 * 1993 * Note: the tty_unlock/lock cases without a ref are only safe due to 1994 * tty_mutex 1995 */ 1996 1997 static int tty_open(struct inode *inode, struct file *filp) 1998 { 1999 struct tty_struct *tty; 2000 int noctty, retval; 2001 dev_t device = inode->i_rdev; 2002 unsigned saved_flags = filp->f_flags; 2003 2004 nonseekable_open(inode, filp); 2005 2006 retry_open: 2007 retval = tty_alloc_file(filp); 2008 if (retval) 2009 return -ENOMEM; 2010 2011 tty = tty_open_current_tty(device, filp); 2012 if (!tty) 2013 tty = tty_open_by_driver(device, inode, filp); 2014 2015 if (IS_ERR(tty)) { 2016 tty_free_file(filp); 2017 retval = PTR_ERR(tty); 2018 if (retval != -EAGAIN || signal_pending(current)) 2019 return retval; 2020 schedule(); 2021 goto retry_open; 2022 } 2023 2024 tty_add_file(tty, filp); 2025 2026 check_tty_count(tty, __func__); 2027 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 2028 2029 if (tty->ops->open) 2030 retval = tty->ops->open(tty, filp); 2031 else 2032 retval = -ENODEV; 2033 filp->f_flags = saved_flags; 2034 2035 if (retval) { 2036 tty_debug_hangup(tty, "open error %d, releasing\n", retval); 2037 2038 tty_unlock(tty); /* need to call tty_release without BTM */ 2039 tty_release(inode, filp); 2040 if (retval != -ERESTARTSYS) 2041 return retval; 2042 2043 if (signal_pending(current)) 2044 return retval; 2045 2046 schedule(); 2047 /* 2048 * Need to reset f_op in case a hangup happened. 2049 */ 2050 if (tty_hung_up_p(filp)) 2051 filp->f_op = &tty_fops; 2052 goto retry_open; 2053 } 2054 clear_bit(TTY_HUPPED, &tty->flags); 2055 2056 noctty = (filp->f_flags & O_NOCTTY) || 2057 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) || 2058 device == MKDEV(TTYAUX_MAJOR, 1) || 2059 (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2060 tty->driver->subtype == PTY_TYPE_MASTER); 2061 if (!noctty) 2062 tty_open_proc_set_tty(filp, tty); 2063 tty_unlock(tty); 2064 return 0; 2065 } 2066 2067 2068 2069 /** 2070 * tty_poll - check tty status 2071 * @filp: file being polled 2072 * @wait: poll wait structures to update 2073 * 2074 * Call the line discipline polling method to obtain the poll 2075 * status of the device. 2076 * 2077 * Locking: locks called line discipline but ldisc poll method 2078 * may be re-entered freely by other callers. 2079 */ 2080 2081 static __poll_t tty_poll(struct file *filp, poll_table *wait) 2082 { 2083 struct tty_struct *tty = file_tty(filp); 2084 struct tty_ldisc *ld; 2085 __poll_t ret = 0; 2086 2087 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2088 return 0; 2089 2090 ld = tty_ldisc_ref_wait(tty); 2091 if (!ld) 2092 return hung_up_tty_poll(filp, wait); 2093 if (ld->ops->poll) 2094 ret = ld->ops->poll(tty, filp, wait); 2095 tty_ldisc_deref(ld); 2096 return ret; 2097 } 2098 2099 static int __tty_fasync(int fd, struct file *filp, int on) 2100 { 2101 struct tty_struct *tty = file_tty(filp); 2102 unsigned long flags; 2103 int retval = 0; 2104 2105 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2106 goto out; 2107 2108 retval = fasync_helper(fd, filp, on, &tty->fasync); 2109 if (retval <= 0) 2110 goto out; 2111 2112 if (on) { 2113 enum pid_type type; 2114 struct pid *pid; 2115 2116 spin_lock_irqsave(&tty->ctrl_lock, flags); 2117 if (tty->pgrp) { 2118 pid = tty->pgrp; 2119 type = PIDTYPE_PGID; 2120 } else { 2121 pid = task_pid(current); 2122 type = PIDTYPE_TGID; 2123 } 2124 get_pid(pid); 2125 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2126 __f_setown(filp, pid, type, 0); 2127 put_pid(pid); 2128 retval = 0; 2129 } 2130 out: 2131 return retval; 2132 } 2133 2134 static int tty_fasync(int fd, struct file *filp, int on) 2135 { 2136 struct tty_struct *tty = file_tty(filp); 2137 int retval = -ENOTTY; 2138 2139 tty_lock(tty); 2140 if (!tty_hung_up_p(filp)) 2141 retval = __tty_fasync(fd, filp, on); 2142 tty_unlock(tty); 2143 2144 return retval; 2145 } 2146 2147 /** 2148 * tiocsti - fake input character 2149 * @tty: tty to fake input into 2150 * @p: pointer to character 2151 * 2152 * Fake input to a tty device. Does the necessary locking and 2153 * input management. 2154 * 2155 * FIXME: does not honour flow control ?? 2156 * 2157 * Locking: 2158 * Called functions take tty_ldiscs_lock 2159 * current->signal->tty check is safe without locks 2160 * 2161 * FIXME: may race normal receive processing 2162 */ 2163 2164 static int tiocsti(struct tty_struct *tty, char __user *p) 2165 { 2166 char ch, mbz = 0; 2167 struct tty_ldisc *ld; 2168 2169 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2170 return -EPERM; 2171 if (get_user(ch, p)) 2172 return -EFAULT; 2173 tty_audit_tiocsti(tty, ch); 2174 ld = tty_ldisc_ref_wait(tty); 2175 if (!ld) 2176 return -EIO; 2177 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2178 tty_ldisc_deref(ld); 2179 return 0; 2180 } 2181 2182 /** 2183 * tiocgwinsz - implement window query ioctl 2184 * @tty; tty 2185 * @arg: user buffer for result 2186 * 2187 * Copies the kernel idea of the window size into the user buffer. 2188 * 2189 * Locking: tty->winsize_mutex is taken to ensure the winsize data 2190 * is consistent. 2191 */ 2192 2193 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2194 { 2195 int err; 2196 2197 mutex_lock(&tty->winsize_mutex); 2198 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2199 mutex_unlock(&tty->winsize_mutex); 2200 2201 return err ? -EFAULT: 0; 2202 } 2203 2204 /** 2205 * tty_do_resize - resize event 2206 * @tty: tty being resized 2207 * @rows: rows (character) 2208 * @cols: cols (character) 2209 * 2210 * Update the termios variables and send the necessary signals to 2211 * peform a terminal resize correctly 2212 */ 2213 2214 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2215 { 2216 struct pid *pgrp; 2217 2218 /* Lock the tty */ 2219 mutex_lock(&tty->winsize_mutex); 2220 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2221 goto done; 2222 2223 /* Signal the foreground process group */ 2224 pgrp = tty_get_pgrp(tty); 2225 if (pgrp) 2226 kill_pgrp(pgrp, SIGWINCH, 1); 2227 put_pid(pgrp); 2228 2229 tty->winsize = *ws; 2230 done: 2231 mutex_unlock(&tty->winsize_mutex); 2232 return 0; 2233 } 2234 EXPORT_SYMBOL(tty_do_resize); 2235 2236 /** 2237 * tiocswinsz - implement window size set ioctl 2238 * @tty; tty side of tty 2239 * @arg: user buffer for result 2240 * 2241 * Copies the user idea of the window size to the kernel. Traditionally 2242 * this is just advisory information but for the Linux console it 2243 * actually has driver level meaning and triggers a VC resize. 2244 * 2245 * Locking: 2246 * Driver dependent. The default do_resize method takes the 2247 * tty termios mutex and ctrl_lock. The console takes its own lock 2248 * then calls into the default method. 2249 */ 2250 2251 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2252 { 2253 struct winsize tmp_ws; 2254 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2255 return -EFAULT; 2256 2257 if (tty->ops->resize) 2258 return tty->ops->resize(tty, &tmp_ws); 2259 else 2260 return tty_do_resize(tty, &tmp_ws); 2261 } 2262 2263 /** 2264 * tioccons - allow admin to move logical console 2265 * @file: the file to become console 2266 * 2267 * Allow the administrator to move the redirected console device 2268 * 2269 * Locking: uses redirect_lock to guard the redirect information 2270 */ 2271 2272 static int tioccons(struct file *file) 2273 { 2274 if (!capable(CAP_SYS_ADMIN)) 2275 return -EPERM; 2276 if (file->f_op->write == redirected_tty_write) { 2277 struct file *f; 2278 spin_lock(&redirect_lock); 2279 f = redirect; 2280 redirect = NULL; 2281 spin_unlock(&redirect_lock); 2282 if (f) 2283 fput(f); 2284 return 0; 2285 } 2286 spin_lock(&redirect_lock); 2287 if (redirect) { 2288 spin_unlock(&redirect_lock); 2289 return -EBUSY; 2290 } 2291 redirect = get_file(file); 2292 spin_unlock(&redirect_lock); 2293 return 0; 2294 } 2295 2296 /** 2297 * tiocsetd - set line discipline 2298 * @tty: tty device 2299 * @p: pointer to user data 2300 * 2301 * Set the line discipline according to user request. 2302 * 2303 * Locking: see tty_set_ldisc, this function is just a helper 2304 */ 2305 2306 static int tiocsetd(struct tty_struct *tty, int __user *p) 2307 { 2308 int disc; 2309 int ret; 2310 2311 if (get_user(disc, p)) 2312 return -EFAULT; 2313 2314 ret = tty_set_ldisc(tty, disc); 2315 2316 return ret; 2317 } 2318 2319 /** 2320 * tiocgetd - get line discipline 2321 * @tty: tty device 2322 * @p: pointer to user data 2323 * 2324 * Retrieves the line discipline id directly from the ldisc. 2325 * 2326 * Locking: waits for ldisc reference (in case the line discipline 2327 * is changing or the tty is being hungup) 2328 */ 2329 2330 static int tiocgetd(struct tty_struct *tty, int __user *p) 2331 { 2332 struct tty_ldisc *ld; 2333 int ret; 2334 2335 ld = tty_ldisc_ref_wait(tty); 2336 if (!ld) 2337 return -EIO; 2338 ret = put_user(ld->ops->num, p); 2339 tty_ldisc_deref(ld); 2340 return ret; 2341 } 2342 2343 /** 2344 * send_break - performed time break 2345 * @tty: device to break on 2346 * @duration: timeout in mS 2347 * 2348 * Perform a timed break on hardware that lacks its own driver level 2349 * timed break functionality. 2350 * 2351 * Locking: 2352 * atomic_write_lock serializes 2353 * 2354 */ 2355 2356 static int send_break(struct tty_struct *tty, unsigned int duration) 2357 { 2358 int retval; 2359 2360 if (tty->ops->break_ctl == NULL) 2361 return 0; 2362 2363 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2364 retval = tty->ops->break_ctl(tty, duration); 2365 else { 2366 /* Do the work ourselves */ 2367 if (tty_write_lock(tty, 0) < 0) 2368 return -EINTR; 2369 retval = tty->ops->break_ctl(tty, -1); 2370 if (retval) 2371 goto out; 2372 if (!signal_pending(current)) 2373 msleep_interruptible(duration); 2374 retval = tty->ops->break_ctl(tty, 0); 2375 out: 2376 tty_write_unlock(tty); 2377 if (signal_pending(current)) 2378 retval = -EINTR; 2379 } 2380 return retval; 2381 } 2382 2383 /** 2384 * tty_tiocmget - get modem status 2385 * @tty: tty device 2386 * @file: user file pointer 2387 * @p: pointer to result 2388 * 2389 * Obtain the modem status bits from the tty driver if the feature 2390 * is supported. Return -EINVAL if it is not available. 2391 * 2392 * Locking: none (up to the driver) 2393 */ 2394 2395 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2396 { 2397 int retval = -EINVAL; 2398 2399 if (tty->ops->tiocmget) { 2400 retval = tty->ops->tiocmget(tty); 2401 2402 if (retval >= 0) 2403 retval = put_user(retval, p); 2404 } 2405 return retval; 2406 } 2407 2408 /** 2409 * tty_tiocmset - set modem status 2410 * @tty: tty device 2411 * @cmd: command - clear bits, set bits or set all 2412 * @p: pointer to desired bits 2413 * 2414 * Set the modem status bits from the tty driver if the feature 2415 * is supported. Return -EINVAL if it is not available. 2416 * 2417 * Locking: none (up to the driver) 2418 */ 2419 2420 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2421 unsigned __user *p) 2422 { 2423 int retval; 2424 unsigned int set, clear, val; 2425 2426 if (tty->ops->tiocmset == NULL) 2427 return -EINVAL; 2428 2429 retval = get_user(val, p); 2430 if (retval) 2431 return retval; 2432 set = clear = 0; 2433 switch (cmd) { 2434 case TIOCMBIS: 2435 set = val; 2436 break; 2437 case TIOCMBIC: 2438 clear = val; 2439 break; 2440 case TIOCMSET: 2441 set = val; 2442 clear = ~val; 2443 break; 2444 } 2445 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2446 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2447 return tty->ops->tiocmset(tty, set, clear); 2448 } 2449 2450 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2451 { 2452 int retval = -EINVAL; 2453 struct serial_icounter_struct icount; 2454 memset(&icount, 0, sizeof(icount)); 2455 if (tty->ops->get_icount) 2456 retval = tty->ops->get_icount(tty, &icount); 2457 if (retval != 0) 2458 return retval; 2459 if (copy_to_user(arg, &icount, sizeof(icount))) 2460 return -EFAULT; 2461 return 0; 2462 } 2463 2464 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss) 2465 { 2466 static DEFINE_RATELIMIT_STATE(depr_flags, 2467 DEFAULT_RATELIMIT_INTERVAL, 2468 DEFAULT_RATELIMIT_BURST); 2469 char comm[TASK_COMM_LEN]; 2470 struct serial_struct v; 2471 int flags; 2472 2473 if (copy_from_user(&v, ss, sizeof(struct serial_struct))) 2474 return -EFAULT; 2475 2476 flags = v.flags & ASYNC_DEPRECATED; 2477 2478 if (flags && __ratelimit(&depr_flags)) 2479 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2480 __func__, get_task_comm(comm, current), flags); 2481 if (!tty->ops->set_serial) 2482 return -ENOTTY; 2483 return tty->ops->set_serial(tty, &v); 2484 } 2485 2486 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss) 2487 { 2488 struct serial_struct v; 2489 int err; 2490 2491 memset(&v, 0, sizeof(struct serial_struct)); 2492 if (!tty->ops->get_serial) 2493 return -ENOTTY; 2494 err = tty->ops->get_serial(tty, &v); 2495 if (!err && copy_to_user(ss, &v, sizeof(struct serial_struct))) 2496 err = -EFAULT; 2497 return err; 2498 } 2499 2500 /* 2501 * if pty, return the slave side (real_tty) 2502 * otherwise, return self 2503 */ 2504 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2505 { 2506 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2507 tty->driver->subtype == PTY_TYPE_MASTER) 2508 tty = tty->link; 2509 return tty; 2510 } 2511 2512 /* 2513 * Split this up, as gcc can choke on it otherwise.. 2514 */ 2515 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2516 { 2517 struct tty_struct *tty = file_tty(file); 2518 struct tty_struct *real_tty; 2519 void __user *p = (void __user *)arg; 2520 int retval; 2521 struct tty_ldisc *ld; 2522 2523 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2524 return -EINVAL; 2525 2526 real_tty = tty_pair_get_tty(tty); 2527 2528 /* 2529 * Factor out some common prep work 2530 */ 2531 switch (cmd) { 2532 case TIOCSETD: 2533 case TIOCSBRK: 2534 case TIOCCBRK: 2535 case TCSBRK: 2536 case TCSBRKP: 2537 retval = tty_check_change(tty); 2538 if (retval) 2539 return retval; 2540 if (cmd != TIOCCBRK) { 2541 tty_wait_until_sent(tty, 0); 2542 if (signal_pending(current)) 2543 return -EINTR; 2544 } 2545 break; 2546 } 2547 2548 /* 2549 * Now do the stuff. 2550 */ 2551 switch (cmd) { 2552 case TIOCSTI: 2553 return tiocsti(tty, p); 2554 case TIOCGWINSZ: 2555 return tiocgwinsz(real_tty, p); 2556 case TIOCSWINSZ: 2557 return tiocswinsz(real_tty, p); 2558 case TIOCCONS: 2559 return real_tty != tty ? -EINVAL : tioccons(file); 2560 case TIOCEXCL: 2561 set_bit(TTY_EXCLUSIVE, &tty->flags); 2562 return 0; 2563 case TIOCNXCL: 2564 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2565 return 0; 2566 case TIOCGEXCL: 2567 { 2568 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2569 return put_user(excl, (int __user *)p); 2570 } 2571 case TIOCGETD: 2572 return tiocgetd(tty, p); 2573 case TIOCSETD: 2574 return tiocsetd(tty, p); 2575 case TIOCVHANGUP: 2576 if (!capable(CAP_SYS_ADMIN)) 2577 return -EPERM; 2578 tty_vhangup(tty); 2579 return 0; 2580 case TIOCGDEV: 2581 { 2582 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2583 return put_user(ret, (unsigned int __user *)p); 2584 } 2585 /* 2586 * Break handling 2587 */ 2588 case TIOCSBRK: /* Turn break on, unconditionally */ 2589 if (tty->ops->break_ctl) 2590 return tty->ops->break_ctl(tty, -1); 2591 return 0; 2592 case TIOCCBRK: /* Turn break off, unconditionally */ 2593 if (tty->ops->break_ctl) 2594 return tty->ops->break_ctl(tty, 0); 2595 return 0; 2596 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2597 /* non-zero arg means wait for all output data 2598 * to be sent (performed above) but don't send break. 2599 * This is used by the tcdrain() termios function. 2600 */ 2601 if (!arg) 2602 return send_break(tty, 250); 2603 return 0; 2604 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2605 return send_break(tty, arg ? arg*100 : 250); 2606 2607 case TIOCMGET: 2608 return tty_tiocmget(tty, p); 2609 case TIOCMSET: 2610 case TIOCMBIC: 2611 case TIOCMBIS: 2612 return tty_tiocmset(tty, cmd, p); 2613 case TIOCGICOUNT: 2614 return tty_tiocgicount(tty, p); 2615 case TCFLSH: 2616 switch (arg) { 2617 case TCIFLUSH: 2618 case TCIOFLUSH: 2619 /* flush tty buffer and allow ldisc to process ioctl */ 2620 tty_buffer_flush(tty, NULL); 2621 break; 2622 } 2623 break; 2624 case TIOCSSERIAL: 2625 return tty_tiocsserial(tty, p); 2626 case TIOCGSERIAL: 2627 return tty_tiocgserial(tty, p); 2628 case TIOCGPTPEER: 2629 /* Special because the struct file is needed */ 2630 return ptm_open_peer(file, tty, (int)arg); 2631 default: 2632 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg); 2633 if (retval != -ENOIOCTLCMD) 2634 return retval; 2635 } 2636 if (tty->ops->ioctl) { 2637 retval = tty->ops->ioctl(tty, cmd, arg); 2638 if (retval != -ENOIOCTLCMD) 2639 return retval; 2640 } 2641 ld = tty_ldisc_ref_wait(tty); 2642 if (!ld) 2643 return hung_up_tty_ioctl(file, cmd, arg); 2644 retval = -EINVAL; 2645 if (ld->ops->ioctl) { 2646 retval = ld->ops->ioctl(tty, file, cmd, arg); 2647 if (retval == -ENOIOCTLCMD) 2648 retval = -ENOTTY; 2649 } 2650 tty_ldisc_deref(ld); 2651 return retval; 2652 } 2653 2654 #ifdef CONFIG_COMPAT 2655 2656 struct serial_struct32 { 2657 compat_int_t type; 2658 compat_int_t line; 2659 compat_uint_t port; 2660 compat_int_t irq; 2661 compat_int_t flags; 2662 compat_int_t xmit_fifo_size; 2663 compat_int_t custom_divisor; 2664 compat_int_t baud_base; 2665 unsigned short close_delay; 2666 char io_type; 2667 char reserved_char[1]; 2668 compat_int_t hub6; 2669 unsigned short closing_wait; /* time to wait before closing */ 2670 unsigned short closing_wait2; /* no longer used... */ 2671 compat_uint_t iomem_base; 2672 unsigned short iomem_reg_shift; 2673 unsigned int port_high; 2674 /* compat_ulong_t iomap_base FIXME */ 2675 compat_int_t reserved[1]; 2676 }; 2677 2678 static int compat_tty_tiocsserial(struct tty_struct *tty, 2679 struct serial_struct32 __user *ss) 2680 { 2681 static DEFINE_RATELIMIT_STATE(depr_flags, 2682 DEFAULT_RATELIMIT_INTERVAL, 2683 DEFAULT_RATELIMIT_BURST); 2684 char comm[TASK_COMM_LEN]; 2685 struct serial_struct32 v32; 2686 struct serial_struct v; 2687 int flags; 2688 2689 if (copy_from_user(&v32, ss, sizeof(struct serial_struct32))) 2690 return -EFAULT; 2691 2692 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base)); 2693 v.iomem_base = compat_ptr(v32.iomem_base); 2694 v.iomem_reg_shift = v32.iomem_reg_shift; 2695 v.port_high = v32.port_high; 2696 v.iomap_base = 0; 2697 2698 flags = v.flags & ASYNC_DEPRECATED; 2699 2700 if (flags && __ratelimit(&depr_flags)) 2701 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2702 __func__, get_task_comm(comm, current), flags); 2703 if (!tty->ops->set_serial) 2704 return -ENOTTY; 2705 return tty->ops->set_serial(tty, &v); 2706 } 2707 2708 static int compat_tty_tiocgserial(struct tty_struct *tty, 2709 struct serial_struct32 __user *ss) 2710 { 2711 struct serial_struct32 v32; 2712 struct serial_struct v; 2713 int err; 2714 memset(&v, 0, sizeof(struct serial_struct)); 2715 2716 if (!tty->ops->set_serial) 2717 return -ENOTTY; 2718 err = tty->ops->get_serial(tty, &v); 2719 if (!err) { 2720 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base)); 2721 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ? 2722 0xfffffff : ptr_to_compat(v.iomem_base); 2723 v32.iomem_reg_shift = v.iomem_reg_shift; 2724 v32.port_high = v.port_high; 2725 if (copy_to_user(ss, &v32, sizeof(struct serial_struct32))) 2726 err = -EFAULT; 2727 } 2728 return err; 2729 } 2730 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2731 unsigned long arg) 2732 { 2733 struct tty_struct *tty = file_tty(file); 2734 struct tty_ldisc *ld; 2735 int retval = -ENOIOCTLCMD; 2736 2737 switch (cmd) { 2738 case TIOCSTI: 2739 case TIOCGWINSZ: 2740 case TIOCSWINSZ: 2741 case TIOCGEXCL: 2742 case TIOCGETD: 2743 case TIOCSETD: 2744 case TIOCGDEV: 2745 case TIOCMGET: 2746 case TIOCMSET: 2747 case TIOCMBIC: 2748 case TIOCMBIS: 2749 case TIOCGICOUNT: 2750 case TIOCGPGRP: 2751 case TIOCSPGRP: 2752 case TIOCGSID: 2753 case TIOCSERGETLSR: 2754 case TIOCGRS485: 2755 case TIOCSRS485: 2756 #ifdef TIOCGETP 2757 case TIOCGETP: 2758 case TIOCSETP: 2759 case TIOCSETN: 2760 #endif 2761 #ifdef TIOCGETC 2762 case TIOCGETC: 2763 case TIOCSETC: 2764 #endif 2765 #ifdef TIOCGLTC 2766 case TIOCGLTC: 2767 case TIOCSLTC: 2768 #endif 2769 case TCSETSF: 2770 case TCSETSW: 2771 case TCSETS: 2772 case TCGETS: 2773 #ifdef TCGETS2 2774 case TCGETS2: 2775 case TCSETSF2: 2776 case TCSETSW2: 2777 case TCSETS2: 2778 #endif 2779 case TCGETA: 2780 case TCSETAF: 2781 case TCSETAW: 2782 case TCSETA: 2783 case TIOCGLCKTRMIOS: 2784 case TIOCSLCKTRMIOS: 2785 #ifdef TCGETX 2786 case TCGETX: 2787 case TCSETX: 2788 case TCSETXW: 2789 case TCSETXF: 2790 #endif 2791 case TIOCGSOFTCAR: 2792 case TIOCSSOFTCAR: 2793 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 2794 case TIOCCONS: 2795 case TIOCEXCL: 2796 case TIOCNXCL: 2797 case TIOCVHANGUP: 2798 case TIOCSBRK: 2799 case TIOCCBRK: 2800 case TCSBRK: 2801 case TCSBRKP: 2802 case TCFLSH: 2803 case TIOCGPTPEER: 2804 case TIOCNOTTY: 2805 case TIOCSCTTY: 2806 case TCXONC: 2807 case TIOCMIWAIT: 2808 case TIOCSERCONFIG: 2809 return tty_ioctl(file, cmd, arg); 2810 } 2811 2812 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2813 return -EINVAL; 2814 2815 switch (cmd) { 2816 case TIOCSSERIAL: 2817 return compat_tty_tiocsserial(tty, compat_ptr(arg)); 2818 case TIOCGSERIAL: 2819 return compat_tty_tiocgserial(tty, compat_ptr(arg)); 2820 } 2821 if (tty->ops->compat_ioctl) { 2822 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2823 if (retval != -ENOIOCTLCMD) 2824 return retval; 2825 } 2826 2827 ld = tty_ldisc_ref_wait(tty); 2828 if (!ld) 2829 return hung_up_tty_compat_ioctl(file, cmd, arg); 2830 if (ld->ops->compat_ioctl) 2831 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2832 if (retval == -ENOIOCTLCMD && ld->ops->ioctl) 2833 retval = ld->ops->ioctl(tty, file, 2834 (unsigned long)compat_ptr(cmd), arg); 2835 tty_ldisc_deref(ld); 2836 2837 return retval; 2838 } 2839 #endif 2840 2841 static int this_tty(const void *t, struct file *file, unsigned fd) 2842 { 2843 if (likely(file->f_op->read != tty_read)) 2844 return 0; 2845 return file_tty(file) != t ? 0 : fd + 1; 2846 } 2847 2848 /* 2849 * This implements the "Secure Attention Key" --- the idea is to 2850 * prevent trojan horses by killing all processes associated with this 2851 * tty when the user hits the "Secure Attention Key". Required for 2852 * super-paranoid applications --- see the Orange Book for more details. 2853 * 2854 * This code could be nicer; ideally it should send a HUP, wait a few 2855 * seconds, then send a INT, and then a KILL signal. But you then 2856 * have to coordinate with the init process, since all processes associated 2857 * with the current tty must be dead before the new getty is allowed 2858 * to spawn. 2859 * 2860 * Now, if it would be correct ;-/ The current code has a nasty hole - 2861 * it doesn't catch files in flight. We may send the descriptor to ourselves 2862 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2863 * 2864 * Nasty bug: do_SAK is being called in interrupt context. This can 2865 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2866 */ 2867 void __do_SAK(struct tty_struct *tty) 2868 { 2869 #ifdef TTY_SOFT_SAK 2870 tty_hangup(tty); 2871 #else 2872 struct task_struct *g, *p; 2873 struct pid *session; 2874 int i; 2875 2876 if (!tty) 2877 return; 2878 session = tty->session; 2879 2880 tty_ldisc_flush(tty); 2881 2882 tty_driver_flush_buffer(tty); 2883 2884 read_lock(&tasklist_lock); 2885 /* Kill the entire session */ 2886 do_each_pid_task(session, PIDTYPE_SID, p) { 2887 tty_notice(tty, "SAK: killed process %d (%s): by session\n", 2888 task_pid_nr(p), p->comm); 2889 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2890 } while_each_pid_task(session, PIDTYPE_SID, p); 2891 2892 /* Now kill any processes that happen to have the tty open */ 2893 do_each_thread(g, p) { 2894 if (p->signal->tty == tty) { 2895 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n", 2896 task_pid_nr(p), p->comm); 2897 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2898 continue; 2899 } 2900 task_lock(p); 2901 i = iterate_fd(p->files, 0, this_tty, tty); 2902 if (i != 0) { 2903 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n", 2904 task_pid_nr(p), p->comm, i - 1); 2905 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2906 } 2907 task_unlock(p); 2908 } while_each_thread(g, p); 2909 read_unlock(&tasklist_lock); 2910 #endif 2911 } 2912 2913 static void do_SAK_work(struct work_struct *work) 2914 { 2915 struct tty_struct *tty = 2916 container_of(work, struct tty_struct, SAK_work); 2917 __do_SAK(tty); 2918 } 2919 2920 /* 2921 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2922 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2923 * the values which we write to it will be identical to the values which it 2924 * already has. --akpm 2925 */ 2926 void do_SAK(struct tty_struct *tty) 2927 { 2928 if (!tty) 2929 return; 2930 schedule_work(&tty->SAK_work); 2931 } 2932 2933 EXPORT_SYMBOL(do_SAK); 2934 2935 static int dev_match_devt(struct device *dev, const void *data) 2936 { 2937 const dev_t *devt = data; 2938 return dev->devt == *devt; 2939 } 2940 2941 /* Must put_device() after it's unused! */ 2942 static struct device *tty_get_device(struct tty_struct *tty) 2943 { 2944 dev_t devt = tty_devnum(tty); 2945 return class_find_device(tty_class, NULL, &devt, dev_match_devt); 2946 } 2947 2948 2949 /** 2950 * alloc_tty_struct 2951 * 2952 * This subroutine allocates and initializes a tty structure. 2953 * 2954 * Locking: none - tty in question is not exposed at this point 2955 */ 2956 2957 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 2958 { 2959 struct tty_struct *tty; 2960 2961 tty = kzalloc(sizeof(*tty), GFP_KERNEL); 2962 if (!tty) 2963 return NULL; 2964 2965 kref_init(&tty->kref); 2966 tty->magic = TTY_MAGIC; 2967 if (tty_ldisc_init(tty)) { 2968 kfree(tty); 2969 return NULL; 2970 } 2971 tty->session = NULL; 2972 tty->pgrp = NULL; 2973 mutex_init(&tty->legacy_mutex); 2974 mutex_init(&tty->throttle_mutex); 2975 init_rwsem(&tty->termios_rwsem); 2976 mutex_init(&tty->winsize_mutex); 2977 init_ldsem(&tty->ldisc_sem); 2978 init_waitqueue_head(&tty->write_wait); 2979 init_waitqueue_head(&tty->read_wait); 2980 INIT_WORK(&tty->hangup_work, do_tty_hangup); 2981 mutex_init(&tty->atomic_write_lock); 2982 spin_lock_init(&tty->ctrl_lock); 2983 spin_lock_init(&tty->flow_lock); 2984 spin_lock_init(&tty->files_lock); 2985 INIT_LIST_HEAD(&tty->tty_files); 2986 INIT_WORK(&tty->SAK_work, do_SAK_work); 2987 2988 tty->driver = driver; 2989 tty->ops = driver->ops; 2990 tty->index = idx; 2991 tty_line_name(driver, idx, tty->name); 2992 tty->dev = tty_get_device(tty); 2993 2994 return tty; 2995 } 2996 2997 /** 2998 * tty_put_char - write one character to a tty 2999 * @tty: tty 3000 * @ch: character 3001 * 3002 * Write one byte to the tty using the provided put_char method 3003 * if present. Returns the number of characters successfully output. 3004 * 3005 * Note: the specific put_char operation in the driver layer may go 3006 * away soon. Don't call it directly, use this method 3007 */ 3008 3009 int tty_put_char(struct tty_struct *tty, unsigned char ch) 3010 { 3011 if (tty->ops->put_char) 3012 return tty->ops->put_char(tty, ch); 3013 return tty->ops->write(tty, &ch, 1); 3014 } 3015 EXPORT_SYMBOL_GPL(tty_put_char); 3016 3017 struct class *tty_class; 3018 3019 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3020 unsigned int index, unsigned int count) 3021 { 3022 int err; 3023 3024 /* init here, since reused cdevs cause crashes */ 3025 driver->cdevs[index] = cdev_alloc(); 3026 if (!driver->cdevs[index]) 3027 return -ENOMEM; 3028 driver->cdevs[index]->ops = &tty_fops; 3029 driver->cdevs[index]->owner = driver->owner; 3030 err = cdev_add(driver->cdevs[index], dev, count); 3031 if (err) 3032 kobject_put(&driver->cdevs[index]->kobj); 3033 return err; 3034 } 3035 3036 /** 3037 * tty_register_device - register a tty device 3038 * @driver: the tty driver that describes the tty device 3039 * @index: the index in the tty driver for this tty device 3040 * @device: a struct device that is associated with this tty device. 3041 * This field is optional, if there is no known struct device 3042 * for this tty device it can be set to NULL safely. 3043 * 3044 * Returns a pointer to the struct device for this tty device 3045 * (or ERR_PTR(-EFOO) on error). 3046 * 3047 * This call is required to be made to register an individual tty device 3048 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3049 * that bit is not set, this function should not be called by a tty 3050 * driver. 3051 * 3052 * Locking: ?? 3053 */ 3054 3055 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3056 struct device *device) 3057 { 3058 return tty_register_device_attr(driver, index, device, NULL, NULL); 3059 } 3060 EXPORT_SYMBOL(tty_register_device); 3061 3062 static void tty_device_create_release(struct device *dev) 3063 { 3064 dev_dbg(dev, "releasing...\n"); 3065 kfree(dev); 3066 } 3067 3068 /** 3069 * tty_register_device_attr - register a tty device 3070 * @driver: the tty driver that describes the tty device 3071 * @index: the index in the tty driver for this tty device 3072 * @device: a struct device that is associated with this tty device. 3073 * This field is optional, if there is no known struct device 3074 * for this tty device it can be set to NULL safely. 3075 * @drvdata: Driver data to be set to device. 3076 * @attr_grp: Attribute group to be set on device. 3077 * 3078 * Returns a pointer to the struct device for this tty device 3079 * (or ERR_PTR(-EFOO) on error). 3080 * 3081 * This call is required to be made to register an individual tty device 3082 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3083 * that bit is not set, this function should not be called by a tty 3084 * driver. 3085 * 3086 * Locking: ?? 3087 */ 3088 struct device *tty_register_device_attr(struct tty_driver *driver, 3089 unsigned index, struct device *device, 3090 void *drvdata, 3091 const struct attribute_group **attr_grp) 3092 { 3093 char name[64]; 3094 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3095 struct ktermios *tp; 3096 struct device *dev; 3097 int retval; 3098 3099 if (index >= driver->num) { 3100 pr_err("%s: Attempt to register invalid tty line number (%d)\n", 3101 driver->name, index); 3102 return ERR_PTR(-EINVAL); 3103 } 3104 3105 if (driver->type == TTY_DRIVER_TYPE_PTY) 3106 pty_line_name(driver, index, name); 3107 else 3108 tty_line_name(driver, index, name); 3109 3110 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3111 if (!dev) 3112 return ERR_PTR(-ENOMEM); 3113 3114 dev->devt = devt; 3115 dev->class = tty_class; 3116 dev->parent = device; 3117 dev->release = tty_device_create_release; 3118 dev_set_name(dev, "%s", name); 3119 dev->groups = attr_grp; 3120 dev_set_drvdata(dev, drvdata); 3121 3122 dev_set_uevent_suppress(dev, 1); 3123 3124 retval = device_register(dev); 3125 if (retval) 3126 goto err_put; 3127 3128 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3129 /* 3130 * Free any saved termios data so that the termios state is 3131 * reset when reusing a minor number. 3132 */ 3133 tp = driver->termios[index]; 3134 if (tp) { 3135 driver->termios[index] = NULL; 3136 kfree(tp); 3137 } 3138 3139 retval = tty_cdev_add(driver, devt, index, 1); 3140 if (retval) 3141 goto err_del; 3142 } 3143 3144 dev_set_uevent_suppress(dev, 0); 3145 kobject_uevent(&dev->kobj, KOBJ_ADD); 3146 3147 return dev; 3148 3149 err_del: 3150 device_del(dev); 3151 err_put: 3152 put_device(dev); 3153 3154 return ERR_PTR(retval); 3155 } 3156 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3157 3158 /** 3159 * tty_unregister_device - unregister a tty device 3160 * @driver: the tty driver that describes the tty device 3161 * @index: the index in the tty driver for this tty device 3162 * 3163 * If a tty device is registered with a call to tty_register_device() then 3164 * this function must be called when the tty device is gone. 3165 * 3166 * Locking: ?? 3167 */ 3168 3169 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3170 { 3171 device_destroy(tty_class, 3172 MKDEV(driver->major, driver->minor_start) + index); 3173 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3174 cdev_del(driver->cdevs[index]); 3175 driver->cdevs[index] = NULL; 3176 } 3177 } 3178 EXPORT_SYMBOL(tty_unregister_device); 3179 3180 /** 3181 * __tty_alloc_driver -- allocate tty driver 3182 * @lines: count of lines this driver can handle at most 3183 * @owner: module which is responsible for this driver 3184 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3185 * 3186 * This should not be called directly, some of the provided macros should be 3187 * used instead. Use IS_ERR and friends on @retval. 3188 */ 3189 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3190 unsigned long flags) 3191 { 3192 struct tty_driver *driver; 3193 unsigned int cdevs = 1; 3194 int err; 3195 3196 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3197 return ERR_PTR(-EINVAL); 3198 3199 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL); 3200 if (!driver) 3201 return ERR_PTR(-ENOMEM); 3202 3203 kref_init(&driver->kref); 3204 driver->magic = TTY_DRIVER_MAGIC; 3205 driver->num = lines; 3206 driver->owner = owner; 3207 driver->flags = flags; 3208 3209 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3210 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3211 GFP_KERNEL); 3212 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3213 GFP_KERNEL); 3214 if (!driver->ttys || !driver->termios) { 3215 err = -ENOMEM; 3216 goto err_free_all; 3217 } 3218 } 3219 3220 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3221 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3222 GFP_KERNEL); 3223 if (!driver->ports) { 3224 err = -ENOMEM; 3225 goto err_free_all; 3226 } 3227 cdevs = lines; 3228 } 3229 3230 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3231 if (!driver->cdevs) { 3232 err = -ENOMEM; 3233 goto err_free_all; 3234 } 3235 3236 return driver; 3237 err_free_all: 3238 kfree(driver->ports); 3239 kfree(driver->ttys); 3240 kfree(driver->termios); 3241 kfree(driver->cdevs); 3242 kfree(driver); 3243 return ERR_PTR(err); 3244 } 3245 EXPORT_SYMBOL(__tty_alloc_driver); 3246 3247 static void destruct_tty_driver(struct kref *kref) 3248 { 3249 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3250 int i; 3251 struct ktermios *tp; 3252 3253 if (driver->flags & TTY_DRIVER_INSTALLED) { 3254 for (i = 0; i < driver->num; i++) { 3255 tp = driver->termios[i]; 3256 if (tp) { 3257 driver->termios[i] = NULL; 3258 kfree(tp); 3259 } 3260 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3261 tty_unregister_device(driver, i); 3262 } 3263 proc_tty_unregister_driver(driver); 3264 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3265 cdev_del(driver->cdevs[0]); 3266 } 3267 kfree(driver->cdevs); 3268 kfree(driver->ports); 3269 kfree(driver->termios); 3270 kfree(driver->ttys); 3271 kfree(driver); 3272 } 3273 3274 void tty_driver_kref_put(struct tty_driver *driver) 3275 { 3276 kref_put(&driver->kref, destruct_tty_driver); 3277 } 3278 EXPORT_SYMBOL(tty_driver_kref_put); 3279 3280 void tty_set_operations(struct tty_driver *driver, 3281 const struct tty_operations *op) 3282 { 3283 driver->ops = op; 3284 }; 3285 EXPORT_SYMBOL(tty_set_operations); 3286 3287 void put_tty_driver(struct tty_driver *d) 3288 { 3289 tty_driver_kref_put(d); 3290 } 3291 EXPORT_SYMBOL(put_tty_driver); 3292 3293 /* 3294 * Called by a tty driver to register itself. 3295 */ 3296 int tty_register_driver(struct tty_driver *driver) 3297 { 3298 int error; 3299 int i; 3300 dev_t dev; 3301 struct device *d; 3302 3303 if (!driver->major) { 3304 error = alloc_chrdev_region(&dev, driver->minor_start, 3305 driver->num, driver->name); 3306 if (!error) { 3307 driver->major = MAJOR(dev); 3308 driver->minor_start = MINOR(dev); 3309 } 3310 } else { 3311 dev = MKDEV(driver->major, driver->minor_start); 3312 error = register_chrdev_region(dev, driver->num, driver->name); 3313 } 3314 if (error < 0) 3315 goto err; 3316 3317 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3318 error = tty_cdev_add(driver, dev, 0, driver->num); 3319 if (error) 3320 goto err_unreg_char; 3321 } 3322 3323 mutex_lock(&tty_mutex); 3324 list_add(&driver->tty_drivers, &tty_drivers); 3325 mutex_unlock(&tty_mutex); 3326 3327 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3328 for (i = 0; i < driver->num; i++) { 3329 d = tty_register_device(driver, i, NULL); 3330 if (IS_ERR(d)) { 3331 error = PTR_ERR(d); 3332 goto err_unreg_devs; 3333 } 3334 } 3335 } 3336 proc_tty_register_driver(driver); 3337 driver->flags |= TTY_DRIVER_INSTALLED; 3338 return 0; 3339 3340 err_unreg_devs: 3341 for (i--; i >= 0; i--) 3342 tty_unregister_device(driver, i); 3343 3344 mutex_lock(&tty_mutex); 3345 list_del(&driver->tty_drivers); 3346 mutex_unlock(&tty_mutex); 3347 3348 err_unreg_char: 3349 unregister_chrdev_region(dev, driver->num); 3350 err: 3351 return error; 3352 } 3353 EXPORT_SYMBOL(tty_register_driver); 3354 3355 /* 3356 * Called by a tty driver to unregister itself. 3357 */ 3358 int tty_unregister_driver(struct tty_driver *driver) 3359 { 3360 #if 0 3361 /* FIXME */ 3362 if (driver->refcount) 3363 return -EBUSY; 3364 #endif 3365 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3366 driver->num); 3367 mutex_lock(&tty_mutex); 3368 list_del(&driver->tty_drivers); 3369 mutex_unlock(&tty_mutex); 3370 return 0; 3371 } 3372 3373 EXPORT_SYMBOL(tty_unregister_driver); 3374 3375 dev_t tty_devnum(struct tty_struct *tty) 3376 { 3377 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3378 } 3379 EXPORT_SYMBOL(tty_devnum); 3380 3381 void tty_default_fops(struct file_operations *fops) 3382 { 3383 *fops = tty_fops; 3384 } 3385 3386 static char *tty_devnode(struct device *dev, umode_t *mode) 3387 { 3388 if (!mode) 3389 return NULL; 3390 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3391 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3392 *mode = 0666; 3393 return NULL; 3394 } 3395 3396 static int __init tty_class_init(void) 3397 { 3398 tty_class = class_create(THIS_MODULE, "tty"); 3399 if (IS_ERR(tty_class)) 3400 return PTR_ERR(tty_class); 3401 tty_class->devnode = tty_devnode; 3402 return 0; 3403 } 3404 3405 postcore_initcall(tty_class_init); 3406 3407 /* 3/2004 jmc: why do these devices exist? */ 3408 static struct cdev tty_cdev, console_cdev; 3409 3410 static ssize_t show_cons_active(struct device *dev, 3411 struct device_attribute *attr, char *buf) 3412 { 3413 struct console *cs[16]; 3414 int i = 0; 3415 struct console *c; 3416 ssize_t count = 0; 3417 3418 console_lock(); 3419 for_each_console(c) { 3420 if (!c->device) 3421 continue; 3422 if (!c->write) 3423 continue; 3424 if ((c->flags & CON_ENABLED) == 0) 3425 continue; 3426 cs[i++] = c; 3427 if (i >= ARRAY_SIZE(cs)) 3428 break; 3429 } 3430 while (i--) { 3431 int index = cs[i]->index; 3432 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3433 3434 /* don't resolve tty0 as some programs depend on it */ 3435 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3436 count += tty_line_name(drv, index, buf + count); 3437 else 3438 count += sprintf(buf + count, "%s%d", 3439 cs[i]->name, cs[i]->index); 3440 3441 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3442 } 3443 console_unlock(); 3444 3445 return count; 3446 } 3447 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3448 3449 static struct attribute *cons_dev_attrs[] = { 3450 &dev_attr_active.attr, 3451 NULL 3452 }; 3453 3454 ATTRIBUTE_GROUPS(cons_dev); 3455 3456 static struct device *consdev; 3457 3458 void console_sysfs_notify(void) 3459 { 3460 if (consdev) 3461 sysfs_notify(&consdev->kobj, NULL, "active"); 3462 } 3463 3464 /* 3465 * Ok, now we can initialize the rest of the tty devices and can count 3466 * on memory allocations, interrupts etc.. 3467 */ 3468 int __init tty_init(void) 3469 { 3470 cdev_init(&tty_cdev, &tty_fops); 3471 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3472 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3473 panic("Couldn't register /dev/tty driver\n"); 3474 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3475 3476 cdev_init(&console_cdev, &console_fops); 3477 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3478 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3479 panic("Couldn't register /dev/console driver\n"); 3480 consdev = device_create_with_groups(tty_class, NULL, 3481 MKDEV(TTYAUX_MAJOR, 1), NULL, 3482 cons_dev_groups, "console"); 3483 if (IS_ERR(consdev)) 3484 consdev = NULL; 3485 3486 #ifdef CONFIG_VT 3487 vty_init(&console_fops); 3488 #endif 3489 return 0; 3490 } 3491 3492