1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 /* 7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 8 * or rs-channels. It also implements echoing, cooked mode etc. 9 * 10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 11 * 12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 13 * tty_struct and tty_queue structures. Previously there was an array 14 * of 256 tty_struct's which was statically allocated, and the 15 * tty_queue structures were allocated at boot time. Both are now 16 * dynamically allocated only when the tty is open. 17 * 18 * Also restructured routines so that there is more of a separation 19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 20 * the low-level tty routines (serial.c, pty.c, console.c). This 21 * makes for cleaner and more compact code. -TYT, 9/17/92 22 * 23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 24 * which can be dynamically activated and de-activated by the line 25 * discipline handling modules (like SLIP). 26 * 27 * NOTE: pay no attention to the line discipline code (yet); its 28 * interface is still subject to change in this version... 29 * -- TYT, 1/31/92 30 * 31 * Added functionality to the OPOST tty handling. No delays, but all 32 * other bits should be there. 33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 34 * 35 * Rewrote canonical mode and added more termios flags. 36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 37 * 38 * Reorganized FASYNC support so mouse code can share it. 39 * -- ctm@ardi.com, 9Sep95 40 * 41 * New TIOCLINUX variants added. 42 * -- mj@k332.feld.cvut.cz, 19-Nov-95 43 * 44 * Restrict vt switching via ioctl() 45 * -- grif@cs.ucr.edu, 5-Dec-95 46 * 47 * Move console and virtual terminal code to more appropriate files, 48 * implement CONFIG_VT and generalize console device interface. 49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 50 * 51 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 52 * -- Bill Hawes <whawes@star.net>, June 97 53 * 54 * Added devfs support. 55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 56 * 57 * Added support for a Unix98-style ptmx device. 58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 59 * 60 * Reduced memory usage for older ARM systems 61 * -- Russell King <rmk@arm.linux.org.uk> 62 * 63 * Move do_SAK() into process context. Less stack use in devfs functions. 64 * alloc_tty_struct() always uses kmalloc() 65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 66 */ 67 68 #include <linux/types.h> 69 #include <linux/major.h> 70 #include <linux/errno.h> 71 #include <linux/signal.h> 72 #include <linux/fcntl.h> 73 #include <linux/sched/signal.h> 74 #include <linux/sched/task.h> 75 #include <linux/interrupt.h> 76 #include <linux/tty.h> 77 #include <linux/tty_driver.h> 78 #include <linux/tty_flip.h> 79 #include <linux/devpts_fs.h> 80 #include <linux/file.h> 81 #include <linux/fdtable.h> 82 #include <linux/console.h> 83 #include <linux/timer.h> 84 #include <linux/ctype.h> 85 #include <linux/kd.h> 86 #include <linux/mm.h> 87 #include <linux/string.h> 88 #include <linux/slab.h> 89 #include <linux/poll.h> 90 #include <linux/proc_fs.h> 91 #include <linux/init.h> 92 #include <linux/module.h> 93 #include <linux/device.h> 94 #include <linux/wait.h> 95 #include <linux/bitops.h> 96 #include <linux/delay.h> 97 #include <linux/seq_file.h> 98 #include <linux/serial.h> 99 #include <linux/ratelimit.h> 100 #include <linux/compat.h> 101 102 #include <linux/uaccess.h> 103 104 #include <linux/kbd_kern.h> 105 #include <linux/vt_kern.h> 106 #include <linux/selection.h> 107 108 #include <linux/kmod.h> 109 #include <linux/nsproxy.h> 110 111 #undef TTY_DEBUG_HANGUP 112 #ifdef TTY_DEBUG_HANGUP 113 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 114 #else 115 # define tty_debug_hangup(tty, f, args...) do { } while (0) 116 #endif 117 118 #define TTY_PARANOIA_CHECK 1 119 #define CHECK_TTY_COUNT 1 120 121 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 122 .c_iflag = ICRNL | IXON, 123 .c_oflag = OPOST | ONLCR, 124 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 125 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 126 ECHOCTL | ECHOKE | IEXTEN, 127 .c_cc = INIT_C_CC, 128 .c_ispeed = 38400, 129 .c_ospeed = 38400, 130 /* .c_line = N_TTY, */ 131 }; 132 133 EXPORT_SYMBOL(tty_std_termios); 134 135 /* This list gets poked at by procfs and various bits of boot up code. This 136 could do with some rationalisation such as pulling the tty proc function 137 into this file */ 138 139 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 140 141 /* Mutex to protect creating and releasing a tty */ 142 DEFINE_MUTEX(tty_mutex); 143 144 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 145 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); 146 ssize_t redirected_tty_write(struct file *, const char __user *, 147 size_t, loff_t *); 148 static __poll_t tty_poll(struct file *, poll_table *); 149 static int tty_open(struct inode *, struct file *); 150 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 151 #ifdef CONFIG_COMPAT 152 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 153 unsigned long arg); 154 #else 155 #define tty_compat_ioctl NULL 156 #endif 157 static int __tty_fasync(int fd, struct file *filp, int on); 158 static int tty_fasync(int fd, struct file *filp, int on); 159 static void release_tty(struct tty_struct *tty, int idx); 160 161 /** 162 * free_tty_struct - free a disused tty 163 * @tty: tty struct to free 164 * 165 * Free the write buffers, tty queue and tty memory itself. 166 * 167 * Locking: none. Must be called after tty is definitely unused 168 */ 169 170 static void free_tty_struct(struct tty_struct *tty) 171 { 172 tty_ldisc_deinit(tty); 173 put_device(tty->dev); 174 kfree(tty->write_buf); 175 tty->magic = 0xDEADDEAD; 176 kfree(tty); 177 } 178 179 static inline struct tty_struct *file_tty(struct file *file) 180 { 181 return ((struct tty_file_private *)file->private_data)->tty; 182 } 183 184 int tty_alloc_file(struct file *file) 185 { 186 struct tty_file_private *priv; 187 188 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 189 if (!priv) 190 return -ENOMEM; 191 192 file->private_data = priv; 193 194 return 0; 195 } 196 197 /* Associate a new file with the tty structure */ 198 void tty_add_file(struct tty_struct *tty, struct file *file) 199 { 200 struct tty_file_private *priv = file->private_data; 201 202 priv->tty = tty; 203 priv->file = file; 204 205 spin_lock(&tty->files_lock); 206 list_add(&priv->list, &tty->tty_files); 207 spin_unlock(&tty->files_lock); 208 } 209 210 /** 211 * tty_free_file - free file->private_data 212 * 213 * This shall be used only for fail path handling when tty_add_file was not 214 * called yet. 215 */ 216 void tty_free_file(struct file *file) 217 { 218 struct tty_file_private *priv = file->private_data; 219 220 file->private_data = NULL; 221 kfree(priv); 222 } 223 224 /* Delete file from its tty */ 225 static void tty_del_file(struct file *file) 226 { 227 struct tty_file_private *priv = file->private_data; 228 struct tty_struct *tty = priv->tty; 229 230 spin_lock(&tty->files_lock); 231 list_del(&priv->list); 232 spin_unlock(&tty->files_lock); 233 tty_free_file(file); 234 } 235 236 /** 237 * tty_name - return tty naming 238 * @tty: tty structure 239 * 240 * Convert a tty structure into a name. The name reflects the kernel 241 * naming policy and if udev is in use may not reflect user space 242 * 243 * Locking: none 244 */ 245 246 const char *tty_name(const struct tty_struct *tty) 247 { 248 if (!tty) /* Hmm. NULL pointer. That's fun. */ 249 return "NULL tty"; 250 return tty->name; 251 } 252 253 EXPORT_SYMBOL(tty_name); 254 255 const char *tty_driver_name(const struct tty_struct *tty) 256 { 257 if (!tty || !tty->driver) 258 return ""; 259 return tty->driver->name; 260 } 261 262 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 263 const char *routine) 264 { 265 #ifdef TTY_PARANOIA_CHECK 266 if (!tty) { 267 pr_warn("(%d:%d): %s: NULL tty\n", 268 imajor(inode), iminor(inode), routine); 269 return 1; 270 } 271 if (tty->magic != TTY_MAGIC) { 272 pr_warn("(%d:%d): %s: bad magic number\n", 273 imajor(inode), iminor(inode), routine); 274 return 1; 275 } 276 #endif 277 return 0; 278 } 279 280 /* Caller must hold tty_lock */ 281 static int check_tty_count(struct tty_struct *tty, const char *routine) 282 { 283 #ifdef CHECK_TTY_COUNT 284 struct list_head *p; 285 int count = 0, kopen_count = 0; 286 287 spin_lock(&tty->files_lock); 288 list_for_each(p, &tty->tty_files) { 289 count++; 290 } 291 spin_unlock(&tty->files_lock); 292 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 293 tty->driver->subtype == PTY_TYPE_SLAVE && 294 tty->link && tty->link->count) 295 count++; 296 if (tty_port_kopened(tty->port)) 297 kopen_count++; 298 if (tty->count != (count + kopen_count)) { 299 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n", 300 routine, tty->count, count, kopen_count); 301 return (count + kopen_count); 302 } 303 #endif 304 return 0; 305 } 306 307 /** 308 * get_tty_driver - find device of a tty 309 * @dev_t: device identifier 310 * @index: returns the index of the tty 311 * 312 * This routine returns a tty driver structure, given a device number 313 * and also passes back the index number. 314 * 315 * Locking: caller must hold tty_mutex 316 */ 317 318 static struct tty_driver *get_tty_driver(dev_t device, int *index) 319 { 320 struct tty_driver *p; 321 322 list_for_each_entry(p, &tty_drivers, tty_drivers) { 323 dev_t base = MKDEV(p->major, p->minor_start); 324 if (device < base || device >= base + p->num) 325 continue; 326 *index = device - base; 327 return tty_driver_kref_get(p); 328 } 329 return NULL; 330 } 331 332 /** 333 * tty_dev_name_to_number - return dev_t for device name 334 * @name: user space name of device under /dev 335 * @number: pointer to dev_t that this function will populate 336 * 337 * This function converts device names like ttyS0 or ttyUSB1 into dev_t 338 * like (4, 64) or (188, 1). If no corresponding driver is registered then 339 * the function returns -ENODEV. 340 * 341 * Locking: this acquires tty_mutex to protect the tty_drivers list from 342 * being modified while we are traversing it, and makes sure to 343 * release it before exiting. 344 */ 345 int tty_dev_name_to_number(const char *name, dev_t *number) 346 { 347 struct tty_driver *p; 348 int ret; 349 int index, prefix_length = 0; 350 const char *str; 351 352 for (str = name; *str && !isdigit(*str); str++) 353 ; 354 355 if (!*str) 356 return -EINVAL; 357 358 ret = kstrtoint(str, 10, &index); 359 if (ret) 360 return ret; 361 362 prefix_length = str - name; 363 mutex_lock(&tty_mutex); 364 365 list_for_each_entry(p, &tty_drivers, tty_drivers) 366 if (prefix_length == strlen(p->name) && strncmp(name, 367 p->name, prefix_length) == 0) { 368 if (index < p->num) { 369 *number = MKDEV(p->major, p->minor_start + index); 370 goto out; 371 } 372 } 373 374 /* if here then driver wasn't found */ 375 ret = -ENODEV; 376 out: 377 mutex_unlock(&tty_mutex); 378 return ret; 379 } 380 EXPORT_SYMBOL_GPL(tty_dev_name_to_number); 381 382 #ifdef CONFIG_CONSOLE_POLL 383 384 /** 385 * tty_find_polling_driver - find device of a polled tty 386 * @name: name string to match 387 * @line: pointer to resulting tty line nr 388 * 389 * This routine returns a tty driver structure, given a name 390 * and the condition that the tty driver is capable of polled 391 * operation. 392 */ 393 struct tty_driver *tty_find_polling_driver(char *name, int *line) 394 { 395 struct tty_driver *p, *res = NULL; 396 int tty_line = 0; 397 int len; 398 char *str, *stp; 399 400 for (str = name; *str; str++) 401 if ((*str >= '0' && *str <= '9') || *str == ',') 402 break; 403 if (!*str) 404 return NULL; 405 406 len = str - name; 407 tty_line = simple_strtoul(str, &str, 10); 408 409 mutex_lock(&tty_mutex); 410 /* Search through the tty devices to look for a match */ 411 list_for_each_entry(p, &tty_drivers, tty_drivers) { 412 if (!len || strncmp(name, p->name, len) != 0) 413 continue; 414 stp = str; 415 if (*stp == ',') 416 stp++; 417 if (*stp == '\0') 418 stp = NULL; 419 420 if (tty_line >= 0 && tty_line < p->num && p->ops && 421 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 422 res = tty_driver_kref_get(p); 423 *line = tty_line; 424 break; 425 } 426 } 427 mutex_unlock(&tty_mutex); 428 429 return res; 430 } 431 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 432 #endif 433 434 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 435 size_t count, loff_t *ppos) 436 { 437 return 0; 438 } 439 440 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 441 size_t count, loff_t *ppos) 442 { 443 return -EIO; 444 } 445 446 /* No kernel lock held - none needed ;) */ 447 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait) 448 { 449 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM; 450 } 451 452 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 453 unsigned long arg) 454 { 455 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 456 } 457 458 static long hung_up_tty_compat_ioctl(struct file *file, 459 unsigned int cmd, unsigned long arg) 460 { 461 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 462 } 463 464 static int hung_up_tty_fasync(int fd, struct file *file, int on) 465 { 466 return -ENOTTY; 467 } 468 469 static void tty_show_fdinfo(struct seq_file *m, struct file *file) 470 { 471 struct tty_struct *tty = file_tty(file); 472 473 if (tty && tty->ops && tty->ops->show_fdinfo) 474 tty->ops->show_fdinfo(tty, m); 475 } 476 477 static const struct file_operations tty_fops = { 478 .llseek = no_llseek, 479 .read = tty_read, 480 .write = tty_write, 481 .poll = tty_poll, 482 .unlocked_ioctl = tty_ioctl, 483 .compat_ioctl = tty_compat_ioctl, 484 .open = tty_open, 485 .release = tty_release, 486 .fasync = tty_fasync, 487 .show_fdinfo = tty_show_fdinfo, 488 }; 489 490 static const struct file_operations console_fops = { 491 .llseek = no_llseek, 492 .read = tty_read, 493 .write = redirected_tty_write, 494 .poll = tty_poll, 495 .unlocked_ioctl = tty_ioctl, 496 .compat_ioctl = tty_compat_ioctl, 497 .open = tty_open, 498 .release = tty_release, 499 .fasync = tty_fasync, 500 }; 501 502 static const struct file_operations hung_up_tty_fops = { 503 .llseek = no_llseek, 504 .read = hung_up_tty_read, 505 .write = hung_up_tty_write, 506 .poll = hung_up_tty_poll, 507 .unlocked_ioctl = hung_up_tty_ioctl, 508 .compat_ioctl = hung_up_tty_compat_ioctl, 509 .release = tty_release, 510 .fasync = hung_up_tty_fasync, 511 }; 512 513 static DEFINE_SPINLOCK(redirect_lock); 514 static struct file *redirect; 515 516 /** 517 * tty_wakeup - request more data 518 * @tty: terminal 519 * 520 * Internal and external helper for wakeups of tty. This function 521 * informs the line discipline if present that the driver is ready 522 * to receive more output data. 523 */ 524 525 void tty_wakeup(struct tty_struct *tty) 526 { 527 struct tty_ldisc *ld; 528 529 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 530 ld = tty_ldisc_ref(tty); 531 if (ld) { 532 if (ld->ops->write_wakeup) 533 ld->ops->write_wakeup(tty); 534 tty_ldisc_deref(ld); 535 } 536 } 537 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 538 } 539 540 EXPORT_SYMBOL_GPL(tty_wakeup); 541 542 /** 543 * __tty_hangup - actual handler for hangup events 544 * @work: tty device 545 * 546 * This can be called by a "kworker" kernel thread. That is process 547 * synchronous but doesn't hold any locks, so we need to make sure we 548 * have the appropriate locks for what we're doing. 549 * 550 * The hangup event clears any pending redirections onto the hung up 551 * device. It ensures future writes will error and it does the needed 552 * line discipline hangup and signal delivery. The tty object itself 553 * remains intact. 554 * 555 * Locking: 556 * BTM 557 * redirect lock for undoing redirection 558 * file list lock for manipulating list of ttys 559 * tty_ldiscs_lock from called functions 560 * termios_rwsem resetting termios data 561 * tasklist_lock to walk task list for hangup event 562 * ->siglock to protect ->signal/->sighand 563 */ 564 static void __tty_hangup(struct tty_struct *tty, int exit_session) 565 { 566 struct file *cons_filp = NULL; 567 struct file *filp, *f = NULL; 568 struct tty_file_private *priv; 569 int closecount = 0, n; 570 int refs; 571 572 if (!tty) 573 return; 574 575 576 spin_lock(&redirect_lock); 577 if (redirect && file_tty(redirect) == tty) { 578 f = redirect; 579 redirect = NULL; 580 } 581 spin_unlock(&redirect_lock); 582 583 tty_lock(tty); 584 585 if (test_bit(TTY_HUPPED, &tty->flags)) { 586 tty_unlock(tty); 587 return; 588 } 589 590 /* 591 * Some console devices aren't actually hung up for technical and 592 * historical reasons, which can lead to indefinite interruptible 593 * sleep in n_tty_read(). The following explicitly tells 594 * n_tty_read() to abort readers. 595 */ 596 set_bit(TTY_HUPPING, &tty->flags); 597 598 /* inuse_filps is protected by the single tty lock, 599 this really needs to change if we want to flush the 600 workqueue with the lock held */ 601 check_tty_count(tty, "tty_hangup"); 602 603 spin_lock(&tty->files_lock); 604 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 605 list_for_each_entry(priv, &tty->tty_files, list) { 606 filp = priv->file; 607 if (filp->f_op->write == redirected_tty_write) 608 cons_filp = filp; 609 if (filp->f_op->write != tty_write) 610 continue; 611 closecount++; 612 __tty_fasync(-1, filp, 0); /* can't block */ 613 filp->f_op = &hung_up_tty_fops; 614 } 615 spin_unlock(&tty->files_lock); 616 617 refs = tty_signal_session_leader(tty, exit_session); 618 /* Account for the p->signal references we killed */ 619 while (refs--) 620 tty_kref_put(tty); 621 622 tty_ldisc_hangup(tty, cons_filp != NULL); 623 624 spin_lock_irq(&tty->ctrl_lock); 625 clear_bit(TTY_THROTTLED, &tty->flags); 626 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 627 put_pid(tty->session); 628 put_pid(tty->pgrp); 629 tty->session = NULL; 630 tty->pgrp = NULL; 631 tty->ctrl_status = 0; 632 spin_unlock_irq(&tty->ctrl_lock); 633 634 /* 635 * If one of the devices matches a console pointer, we 636 * cannot just call hangup() because that will cause 637 * tty->count and state->count to go out of sync. 638 * So we just call close() the right number of times. 639 */ 640 if (cons_filp) { 641 if (tty->ops->close) 642 for (n = 0; n < closecount; n++) 643 tty->ops->close(tty, cons_filp); 644 } else if (tty->ops->hangup) 645 tty->ops->hangup(tty); 646 /* 647 * We don't want to have driver/ldisc interactions beyond the ones 648 * we did here. The driver layer expects no calls after ->hangup() 649 * from the ldisc side, which is now guaranteed. 650 */ 651 set_bit(TTY_HUPPED, &tty->flags); 652 clear_bit(TTY_HUPPING, &tty->flags); 653 tty_unlock(tty); 654 655 if (f) 656 fput(f); 657 } 658 659 static void do_tty_hangup(struct work_struct *work) 660 { 661 struct tty_struct *tty = 662 container_of(work, struct tty_struct, hangup_work); 663 664 __tty_hangup(tty, 0); 665 } 666 667 /** 668 * tty_hangup - trigger a hangup event 669 * @tty: tty to hangup 670 * 671 * A carrier loss (virtual or otherwise) has occurred on this like 672 * schedule a hangup sequence to run after this event. 673 */ 674 675 void tty_hangup(struct tty_struct *tty) 676 { 677 tty_debug_hangup(tty, "hangup\n"); 678 schedule_work(&tty->hangup_work); 679 } 680 681 EXPORT_SYMBOL(tty_hangup); 682 683 /** 684 * tty_vhangup - process vhangup 685 * @tty: tty to hangup 686 * 687 * The user has asked via system call for the terminal to be hung up. 688 * We do this synchronously so that when the syscall returns the process 689 * is complete. That guarantee is necessary for security reasons. 690 */ 691 692 void tty_vhangup(struct tty_struct *tty) 693 { 694 tty_debug_hangup(tty, "vhangup\n"); 695 __tty_hangup(tty, 0); 696 } 697 698 EXPORT_SYMBOL(tty_vhangup); 699 700 701 /** 702 * tty_vhangup_self - process vhangup for own ctty 703 * 704 * Perform a vhangup on the current controlling tty 705 */ 706 707 void tty_vhangup_self(void) 708 { 709 struct tty_struct *tty; 710 711 tty = get_current_tty(); 712 if (tty) { 713 tty_vhangup(tty); 714 tty_kref_put(tty); 715 } 716 } 717 718 /** 719 * tty_vhangup_session - hangup session leader exit 720 * @tty: tty to hangup 721 * 722 * The session leader is exiting and hanging up its controlling terminal. 723 * Every process in the foreground process group is signalled SIGHUP. 724 * 725 * We do this synchronously so that when the syscall returns the process 726 * is complete. That guarantee is necessary for security reasons. 727 */ 728 729 void tty_vhangup_session(struct tty_struct *tty) 730 { 731 tty_debug_hangup(tty, "session hangup\n"); 732 __tty_hangup(tty, 1); 733 } 734 735 /** 736 * tty_hung_up_p - was tty hung up 737 * @filp: file pointer of tty 738 * 739 * Return true if the tty has been subject to a vhangup or a carrier 740 * loss 741 */ 742 743 int tty_hung_up_p(struct file *filp) 744 { 745 return (filp && filp->f_op == &hung_up_tty_fops); 746 } 747 748 EXPORT_SYMBOL(tty_hung_up_p); 749 750 /** 751 * stop_tty - propagate flow control 752 * @tty: tty to stop 753 * 754 * Perform flow control to the driver. May be called 755 * on an already stopped device and will not re-call the driver 756 * method. 757 * 758 * This functionality is used by both the line disciplines for 759 * halting incoming flow and by the driver. It may therefore be 760 * called from any context, may be under the tty atomic_write_lock 761 * but not always. 762 * 763 * Locking: 764 * flow_lock 765 */ 766 767 void __stop_tty(struct tty_struct *tty) 768 { 769 if (tty->stopped) 770 return; 771 tty->stopped = 1; 772 if (tty->ops->stop) 773 tty->ops->stop(tty); 774 } 775 776 void stop_tty(struct tty_struct *tty) 777 { 778 unsigned long flags; 779 780 spin_lock_irqsave(&tty->flow_lock, flags); 781 __stop_tty(tty); 782 spin_unlock_irqrestore(&tty->flow_lock, flags); 783 } 784 EXPORT_SYMBOL(stop_tty); 785 786 /** 787 * start_tty - propagate flow control 788 * @tty: tty to start 789 * 790 * Start a tty that has been stopped if at all possible. If this 791 * tty was previous stopped and is now being started, the driver 792 * start method is invoked and the line discipline woken. 793 * 794 * Locking: 795 * flow_lock 796 */ 797 798 void __start_tty(struct tty_struct *tty) 799 { 800 if (!tty->stopped || tty->flow_stopped) 801 return; 802 tty->stopped = 0; 803 if (tty->ops->start) 804 tty->ops->start(tty); 805 tty_wakeup(tty); 806 } 807 808 void start_tty(struct tty_struct *tty) 809 { 810 unsigned long flags; 811 812 spin_lock_irqsave(&tty->flow_lock, flags); 813 __start_tty(tty); 814 spin_unlock_irqrestore(&tty->flow_lock, flags); 815 } 816 EXPORT_SYMBOL(start_tty); 817 818 static void tty_update_time(struct timespec64 *time) 819 { 820 time64_t sec = ktime_get_real_seconds(); 821 822 /* 823 * We only care if the two values differ in anything other than the 824 * lower three bits (i.e every 8 seconds). If so, then we can update 825 * the time of the tty device, otherwise it could be construded as a 826 * security leak to let userspace know the exact timing of the tty. 827 */ 828 if ((sec ^ time->tv_sec) & ~7) 829 time->tv_sec = sec; 830 } 831 832 /** 833 * tty_read - read method for tty device files 834 * @file: pointer to tty file 835 * @buf: user buffer 836 * @count: size of user buffer 837 * @ppos: unused 838 * 839 * Perform the read system call function on this terminal device. Checks 840 * for hung up devices before calling the line discipline method. 841 * 842 * Locking: 843 * Locks the line discipline internally while needed. Multiple 844 * read calls may be outstanding in parallel. 845 */ 846 847 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 848 loff_t *ppos) 849 { 850 int i; 851 struct inode *inode = file_inode(file); 852 struct tty_struct *tty = file_tty(file); 853 struct tty_ldisc *ld; 854 855 if (tty_paranoia_check(tty, inode, "tty_read")) 856 return -EIO; 857 if (!tty || tty_io_error(tty)) 858 return -EIO; 859 860 /* We want to wait for the line discipline to sort out in this 861 situation */ 862 ld = tty_ldisc_ref_wait(tty); 863 if (!ld) 864 return hung_up_tty_read(file, buf, count, ppos); 865 if (ld->ops->read) 866 i = ld->ops->read(tty, file, buf, count); 867 else 868 i = -EIO; 869 tty_ldisc_deref(ld); 870 871 if (i > 0) 872 tty_update_time(&inode->i_atime); 873 874 return i; 875 } 876 877 static void tty_write_unlock(struct tty_struct *tty) 878 { 879 mutex_unlock(&tty->atomic_write_lock); 880 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 881 } 882 883 static int tty_write_lock(struct tty_struct *tty, int ndelay) 884 { 885 if (!mutex_trylock(&tty->atomic_write_lock)) { 886 if (ndelay) 887 return -EAGAIN; 888 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 889 return -ERESTARTSYS; 890 } 891 return 0; 892 } 893 894 /* 895 * Split writes up in sane blocksizes to avoid 896 * denial-of-service type attacks 897 */ 898 static inline ssize_t do_tty_write( 899 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 900 struct tty_struct *tty, 901 struct file *file, 902 const char __user *buf, 903 size_t count) 904 { 905 ssize_t ret, written = 0; 906 unsigned int chunk; 907 908 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 909 if (ret < 0) 910 return ret; 911 912 /* 913 * We chunk up writes into a temporary buffer. This 914 * simplifies low-level drivers immensely, since they 915 * don't have locking issues and user mode accesses. 916 * 917 * But if TTY_NO_WRITE_SPLIT is set, we should use a 918 * big chunk-size.. 919 * 920 * The default chunk-size is 2kB, because the NTTY 921 * layer has problems with bigger chunks. It will 922 * claim to be able to handle more characters than 923 * it actually does. 924 * 925 * FIXME: This can probably go away now except that 64K chunks 926 * are too likely to fail unless switched to vmalloc... 927 */ 928 chunk = 2048; 929 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 930 chunk = 65536; 931 if (count < chunk) 932 chunk = count; 933 934 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 935 if (tty->write_cnt < chunk) { 936 unsigned char *buf_chunk; 937 938 if (chunk < 1024) 939 chunk = 1024; 940 941 buf_chunk = kmalloc(chunk, GFP_KERNEL); 942 if (!buf_chunk) { 943 ret = -ENOMEM; 944 goto out; 945 } 946 kfree(tty->write_buf); 947 tty->write_cnt = chunk; 948 tty->write_buf = buf_chunk; 949 } 950 951 /* Do the write .. */ 952 for (;;) { 953 size_t size = count; 954 if (size > chunk) 955 size = chunk; 956 ret = -EFAULT; 957 if (copy_from_user(tty->write_buf, buf, size)) 958 break; 959 ret = write(tty, file, tty->write_buf, size); 960 if (ret <= 0) 961 break; 962 written += ret; 963 buf += ret; 964 count -= ret; 965 if (!count) 966 break; 967 ret = -ERESTARTSYS; 968 if (signal_pending(current)) 969 break; 970 cond_resched(); 971 } 972 if (written) { 973 tty_update_time(&file_inode(file)->i_mtime); 974 ret = written; 975 } 976 out: 977 tty_write_unlock(tty); 978 return ret; 979 } 980 981 /** 982 * tty_write_message - write a message to a certain tty, not just the console. 983 * @tty: the destination tty_struct 984 * @msg: the message to write 985 * 986 * This is used for messages that need to be redirected to a specific tty. 987 * We don't put it into the syslog queue right now maybe in the future if 988 * really needed. 989 * 990 * We must still hold the BTM and test the CLOSING flag for the moment. 991 */ 992 993 void tty_write_message(struct tty_struct *tty, char *msg) 994 { 995 if (tty) { 996 mutex_lock(&tty->atomic_write_lock); 997 tty_lock(tty); 998 if (tty->ops->write && tty->count > 0) 999 tty->ops->write(tty, msg, strlen(msg)); 1000 tty_unlock(tty); 1001 tty_write_unlock(tty); 1002 } 1003 return; 1004 } 1005 1006 1007 /** 1008 * tty_write - write method for tty device file 1009 * @file: tty file pointer 1010 * @buf: user data to write 1011 * @count: bytes to write 1012 * @ppos: unused 1013 * 1014 * Write data to a tty device via the line discipline. 1015 * 1016 * Locking: 1017 * Locks the line discipline as required 1018 * Writes to the tty driver are serialized by the atomic_write_lock 1019 * and are then processed in chunks to the device. The line discipline 1020 * write method will not be invoked in parallel for each device. 1021 */ 1022 1023 static ssize_t tty_write(struct file *file, const char __user *buf, 1024 size_t count, loff_t *ppos) 1025 { 1026 struct tty_struct *tty = file_tty(file); 1027 struct tty_ldisc *ld; 1028 ssize_t ret; 1029 1030 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1031 return -EIO; 1032 if (!tty || !tty->ops->write || tty_io_error(tty)) 1033 return -EIO; 1034 /* Short term debug to catch buggy drivers */ 1035 if (tty->ops->write_room == NULL) 1036 tty_err(tty, "missing write_room method\n"); 1037 ld = tty_ldisc_ref_wait(tty); 1038 if (!ld) 1039 return hung_up_tty_write(file, buf, count, ppos); 1040 if (!ld->ops->write) 1041 ret = -EIO; 1042 else 1043 ret = do_tty_write(ld->ops->write, tty, file, buf, count); 1044 tty_ldisc_deref(ld); 1045 return ret; 1046 } 1047 1048 ssize_t redirected_tty_write(struct file *file, const char __user *buf, 1049 size_t count, loff_t *ppos) 1050 { 1051 struct file *p = NULL; 1052 1053 spin_lock(&redirect_lock); 1054 if (redirect) 1055 p = get_file(redirect); 1056 spin_unlock(&redirect_lock); 1057 1058 if (p) { 1059 ssize_t res; 1060 res = vfs_write(p, buf, count, &p->f_pos); 1061 fput(p); 1062 return res; 1063 } 1064 return tty_write(file, buf, count, ppos); 1065 } 1066 1067 /** 1068 * tty_send_xchar - send priority character 1069 * 1070 * Send a high priority character to the tty even if stopped 1071 * 1072 * Locking: none for xchar method, write ordering for write method. 1073 */ 1074 1075 int tty_send_xchar(struct tty_struct *tty, char ch) 1076 { 1077 int was_stopped = tty->stopped; 1078 1079 if (tty->ops->send_xchar) { 1080 down_read(&tty->termios_rwsem); 1081 tty->ops->send_xchar(tty, ch); 1082 up_read(&tty->termios_rwsem); 1083 return 0; 1084 } 1085 1086 if (tty_write_lock(tty, 0) < 0) 1087 return -ERESTARTSYS; 1088 1089 down_read(&tty->termios_rwsem); 1090 if (was_stopped) 1091 start_tty(tty); 1092 tty->ops->write(tty, &ch, 1); 1093 if (was_stopped) 1094 stop_tty(tty); 1095 up_read(&tty->termios_rwsem); 1096 tty_write_unlock(tty); 1097 return 0; 1098 } 1099 1100 static char ptychar[] = "pqrstuvwxyzabcde"; 1101 1102 /** 1103 * pty_line_name - generate name for a pty 1104 * @driver: the tty driver in use 1105 * @index: the minor number 1106 * @p: output buffer of at least 6 bytes 1107 * 1108 * Generate a name from a driver reference and write it to the output 1109 * buffer. 1110 * 1111 * Locking: None 1112 */ 1113 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1114 { 1115 int i = index + driver->name_base; 1116 /* ->name is initialized to "ttyp", but "tty" is expected */ 1117 sprintf(p, "%s%c%x", 1118 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1119 ptychar[i >> 4 & 0xf], i & 0xf); 1120 } 1121 1122 /** 1123 * tty_line_name - generate name for a tty 1124 * @driver: the tty driver in use 1125 * @index: the minor number 1126 * @p: output buffer of at least 7 bytes 1127 * 1128 * Generate a name from a driver reference and write it to the output 1129 * buffer. 1130 * 1131 * Locking: None 1132 */ 1133 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1134 { 1135 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1136 return sprintf(p, "%s", driver->name); 1137 else 1138 return sprintf(p, "%s%d", driver->name, 1139 index + driver->name_base); 1140 } 1141 1142 /** 1143 * tty_driver_lookup_tty() - find an existing tty, if any 1144 * @driver: the driver for the tty 1145 * @idx: the minor number 1146 * 1147 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the 1148 * driver lookup() method returns an error. 1149 * 1150 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1151 */ 1152 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1153 struct file *file, int idx) 1154 { 1155 struct tty_struct *tty; 1156 1157 if (driver->ops->lookup) 1158 if (!file) 1159 tty = ERR_PTR(-EIO); 1160 else 1161 tty = driver->ops->lookup(driver, file, idx); 1162 else 1163 tty = driver->ttys[idx]; 1164 1165 if (!IS_ERR(tty)) 1166 tty_kref_get(tty); 1167 return tty; 1168 } 1169 1170 /** 1171 * tty_init_termios - helper for termios setup 1172 * @tty: the tty to set up 1173 * 1174 * Initialise the termios structures for this tty. Thus runs under 1175 * the tty_mutex currently so we can be relaxed about ordering. 1176 */ 1177 1178 void tty_init_termios(struct tty_struct *tty) 1179 { 1180 struct ktermios *tp; 1181 int idx = tty->index; 1182 1183 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1184 tty->termios = tty->driver->init_termios; 1185 else { 1186 /* Check for lazy saved data */ 1187 tp = tty->driver->termios[idx]; 1188 if (tp != NULL) { 1189 tty->termios = *tp; 1190 tty->termios.c_line = tty->driver->init_termios.c_line; 1191 } else 1192 tty->termios = tty->driver->init_termios; 1193 } 1194 /* Compatibility until drivers always set this */ 1195 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1196 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1197 } 1198 EXPORT_SYMBOL_GPL(tty_init_termios); 1199 1200 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1201 { 1202 tty_init_termios(tty); 1203 tty_driver_kref_get(driver); 1204 tty->count++; 1205 driver->ttys[tty->index] = tty; 1206 return 0; 1207 } 1208 EXPORT_SYMBOL_GPL(tty_standard_install); 1209 1210 /** 1211 * tty_driver_install_tty() - install a tty entry in the driver 1212 * @driver: the driver for the tty 1213 * @tty: the tty 1214 * 1215 * Install a tty object into the driver tables. The tty->index field 1216 * will be set by the time this is called. This method is responsible 1217 * for ensuring any need additional structures are allocated and 1218 * configured. 1219 * 1220 * Locking: tty_mutex for now 1221 */ 1222 static int tty_driver_install_tty(struct tty_driver *driver, 1223 struct tty_struct *tty) 1224 { 1225 return driver->ops->install ? driver->ops->install(driver, tty) : 1226 tty_standard_install(driver, tty); 1227 } 1228 1229 /** 1230 * tty_driver_remove_tty() - remove a tty from the driver tables 1231 * @driver: the driver for the tty 1232 * @idx: the minor number 1233 * 1234 * Remvoe a tty object from the driver tables. The tty->index field 1235 * will be set by the time this is called. 1236 * 1237 * Locking: tty_mutex for now 1238 */ 1239 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1240 { 1241 if (driver->ops->remove) 1242 driver->ops->remove(driver, tty); 1243 else 1244 driver->ttys[tty->index] = NULL; 1245 } 1246 1247 /* 1248 * tty_reopen() - fast re-open of an open tty 1249 * @tty - the tty to open 1250 * 1251 * Return 0 on success, -errno on error. 1252 * Re-opens on master ptys are not allowed and return -EIO. 1253 * 1254 * Locking: Caller must hold tty_lock 1255 */ 1256 static int tty_reopen(struct tty_struct *tty) 1257 { 1258 struct tty_driver *driver = tty->driver; 1259 struct tty_ldisc *ld; 1260 int retval = 0; 1261 1262 if (driver->type == TTY_DRIVER_TYPE_PTY && 1263 driver->subtype == PTY_TYPE_MASTER) 1264 return -EIO; 1265 1266 if (!tty->count) 1267 return -EAGAIN; 1268 1269 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1270 return -EBUSY; 1271 1272 ld = tty_ldisc_ref_wait(tty); 1273 if (ld) { 1274 tty_ldisc_deref(ld); 1275 } else { 1276 retval = tty_ldisc_lock(tty, 5 * HZ); 1277 if (retval) 1278 return retval; 1279 1280 if (!tty->ldisc) 1281 retval = tty_ldisc_reinit(tty, tty->termios.c_line); 1282 tty_ldisc_unlock(tty); 1283 } 1284 1285 if (retval == 0) 1286 tty->count++; 1287 1288 return retval; 1289 } 1290 1291 /** 1292 * tty_init_dev - initialise a tty device 1293 * @driver: tty driver we are opening a device on 1294 * @idx: device index 1295 * @ret_tty: returned tty structure 1296 * 1297 * Prepare a tty device. This may not be a "new" clean device but 1298 * could also be an active device. The pty drivers require special 1299 * handling because of this. 1300 * 1301 * Locking: 1302 * The function is called under the tty_mutex, which 1303 * protects us from the tty struct or driver itself going away. 1304 * 1305 * On exit the tty device has the line discipline attached and 1306 * a reference count of 1. If a pair was created for pty/tty use 1307 * and the other was a pty master then it too has a reference count of 1. 1308 * 1309 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1310 * failed open. The new code protects the open with a mutex, so it's 1311 * really quite straightforward. The mutex locking can probably be 1312 * relaxed for the (most common) case of reopening a tty. 1313 */ 1314 1315 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1316 { 1317 struct tty_struct *tty; 1318 int retval; 1319 1320 /* 1321 * First time open is complex, especially for PTY devices. 1322 * This code guarantees that either everything succeeds and the 1323 * TTY is ready for operation, or else the table slots are vacated 1324 * and the allocated memory released. (Except that the termios 1325 * may be retained.) 1326 */ 1327 1328 if (!try_module_get(driver->owner)) 1329 return ERR_PTR(-ENODEV); 1330 1331 tty = alloc_tty_struct(driver, idx); 1332 if (!tty) { 1333 retval = -ENOMEM; 1334 goto err_module_put; 1335 } 1336 1337 tty_lock(tty); 1338 retval = tty_driver_install_tty(driver, tty); 1339 if (retval < 0) 1340 goto err_free_tty; 1341 1342 if (!tty->port) 1343 tty->port = driver->ports[idx]; 1344 1345 WARN_RATELIMIT(!tty->port, 1346 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", 1347 __func__, tty->driver->name); 1348 1349 retval = tty_ldisc_lock(tty, 5 * HZ); 1350 if (retval) 1351 goto err_release_lock; 1352 tty->port->itty = tty; 1353 1354 /* 1355 * Structures all installed ... call the ldisc open routines. 1356 * If we fail here just call release_tty to clean up. No need 1357 * to decrement the use counts, as release_tty doesn't care. 1358 */ 1359 retval = tty_ldisc_setup(tty, tty->link); 1360 if (retval) 1361 goto err_release_tty; 1362 tty_ldisc_unlock(tty); 1363 /* Return the tty locked so that it cannot vanish under the caller */ 1364 return tty; 1365 1366 err_free_tty: 1367 tty_unlock(tty); 1368 free_tty_struct(tty); 1369 err_module_put: 1370 module_put(driver->owner); 1371 return ERR_PTR(retval); 1372 1373 /* call the tty release_tty routine to clean out this slot */ 1374 err_release_tty: 1375 tty_ldisc_unlock(tty); 1376 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", 1377 retval, idx); 1378 err_release_lock: 1379 tty_unlock(tty); 1380 release_tty(tty, idx); 1381 return ERR_PTR(retval); 1382 } 1383 1384 /** 1385 * tty_save_termios() - save tty termios data in driver table 1386 * @tty: tty whose termios data to save 1387 * 1388 * Locking: Caller guarantees serialisation with tty_init_termios(). 1389 */ 1390 void tty_save_termios(struct tty_struct *tty) 1391 { 1392 struct ktermios *tp; 1393 int idx = tty->index; 1394 1395 /* If the port is going to reset then it has no termios to save */ 1396 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1397 return; 1398 1399 /* Stash the termios data */ 1400 tp = tty->driver->termios[idx]; 1401 if (tp == NULL) { 1402 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL); 1403 if (tp == NULL) 1404 return; 1405 tty->driver->termios[idx] = tp; 1406 } 1407 *tp = tty->termios; 1408 } 1409 EXPORT_SYMBOL_GPL(tty_save_termios); 1410 1411 /** 1412 * tty_flush_works - flush all works of a tty/pty pair 1413 * @tty: tty device to flush works for (or either end of a pty pair) 1414 * 1415 * Sync flush all works belonging to @tty (and the 'other' tty). 1416 */ 1417 static void tty_flush_works(struct tty_struct *tty) 1418 { 1419 flush_work(&tty->SAK_work); 1420 flush_work(&tty->hangup_work); 1421 if (tty->link) { 1422 flush_work(&tty->link->SAK_work); 1423 flush_work(&tty->link->hangup_work); 1424 } 1425 } 1426 1427 /** 1428 * release_one_tty - release tty structure memory 1429 * @kref: kref of tty we are obliterating 1430 * 1431 * Releases memory associated with a tty structure, and clears out the 1432 * driver table slots. This function is called when a device is no longer 1433 * in use. It also gets called when setup of a device fails. 1434 * 1435 * Locking: 1436 * takes the file list lock internally when working on the list 1437 * of ttys that the driver keeps. 1438 * 1439 * This method gets called from a work queue so that the driver private 1440 * cleanup ops can sleep (needed for USB at least) 1441 */ 1442 static void release_one_tty(struct work_struct *work) 1443 { 1444 struct tty_struct *tty = 1445 container_of(work, struct tty_struct, hangup_work); 1446 struct tty_driver *driver = tty->driver; 1447 struct module *owner = driver->owner; 1448 1449 if (tty->ops->cleanup) 1450 tty->ops->cleanup(tty); 1451 1452 tty->magic = 0; 1453 tty_driver_kref_put(driver); 1454 module_put(owner); 1455 1456 spin_lock(&tty->files_lock); 1457 list_del_init(&tty->tty_files); 1458 spin_unlock(&tty->files_lock); 1459 1460 put_pid(tty->pgrp); 1461 put_pid(tty->session); 1462 free_tty_struct(tty); 1463 } 1464 1465 static void queue_release_one_tty(struct kref *kref) 1466 { 1467 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1468 1469 /* The hangup queue is now free so we can reuse it rather than 1470 waste a chunk of memory for each port */ 1471 INIT_WORK(&tty->hangup_work, release_one_tty); 1472 schedule_work(&tty->hangup_work); 1473 } 1474 1475 /** 1476 * tty_kref_put - release a tty kref 1477 * @tty: tty device 1478 * 1479 * Release a reference to a tty device and if need be let the kref 1480 * layer destruct the object for us 1481 */ 1482 1483 void tty_kref_put(struct tty_struct *tty) 1484 { 1485 if (tty) 1486 kref_put(&tty->kref, queue_release_one_tty); 1487 } 1488 EXPORT_SYMBOL(tty_kref_put); 1489 1490 /** 1491 * release_tty - release tty structure memory 1492 * 1493 * Release both @tty and a possible linked partner (think pty pair), 1494 * and decrement the refcount of the backing module. 1495 * 1496 * Locking: 1497 * tty_mutex 1498 * takes the file list lock internally when working on the list 1499 * of ttys that the driver keeps. 1500 * 1501 */ 1502 static void release_tty(struct tty_struct *tty, int idx) 1503 { 1504 /* This should always be true but check for the moment */ 1505 WARN_ON(tty->index != idx); 1506 WARN_ON(!mutex_is_locked(&tty_mutex)); 1507 if (tty->ops->shutdown) 1508 tty->ops->shutdown(tty); 1509 tty_save_termios(tty); 1510 tty_driver_remove_tty(tty->driver, tty); 1511 tty->port->itty = NULL; 1512 if (tty->link) 1513 tty->link->port->itty = NULL; 1514 tty_buffer_cancel_work(tty->port); 1515 if (tty->link) 1516 tty_buffer_cancel_work(tty->link->port); 1517 1518 tty_kref_put(tty->link); 1519 tty_kref_put(tty); 1520 } 1521 1522 /** 1523 * tty_release_checks - check a tty before real release 1524 * @tty: tty to check 1525 * @o_tty: link of @tty (if any) 1526 * @idx: index of the tty 1527 * 1528 * Performs some paranoid checking before true release of the @tty. 1529 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1530 */ 1531 static int tty_release_checks(struct tty_struct *tty, int idx) 1532 { 1533 #ifdef TTY_PARANOIA_CHECK 1534 if (idx < 0 || idx >= tty->driver->num) { 1535 tty_debug(tty, "bad idx %d\n", idx); 1536 return -1; 1537 } 1538 1539 /* not much to check for devpts */ 1540 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1541 return 0; 1542 1543 if (tty != tty->driver->ttys[idx]) { 1544 tty_debug(tty, "bad driver table[%d] = %p\n", 1545 idx, tty->driver->ttys[idx]); 1546 return -1; 1547 } 1548 if (tty->driver->other) { 1549 struct tty_struct *o_tty = tty->link; 1550 1551 if (o_tty != tty->driver->other->ttys[idx]) { 1552 tty_debug(tty, "bad other table[%d] = %p\n", 1553 idx, tty->driver->other->ttys[idx]); 1554 return -1; 1555 } 1556 if (o_tty->link != tty) { 1557 tty_debug(tty, "bad link = %p\n", o_tty->link); 1558 return -1; 1559 } 1560 } 1561 #endif 1562 return 0; 1563 } 1564 1565 /** 1566 * tty_kclose - closes tty opened by tty_kopen 1567 * @tty: tty device 1568 * 1569 * Performs the final steps to release and free a tty device. It is the 1570 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED 1571 * flag on tty->port. 1572 */ 1573 void tty_kclose(struct tty_struct *tty) 1574 { 1575 /* 1576 * Ask the line discipline code to release its structures 1577 */ 1578 tty_ldisc_release(tty); 1579 1580 /* Wait for pending work before tty destruction commmences */ 1581 tty_flush_works(tty); 1582 1583 tty_debug_hangup(tty, "freeing structure\n"); 1584 /* 1585 * The release_tty function takes care of the details of clearing 1586 * the slots and preserving the termios structure. The tty_unlock_pair 1587 * should be safe as we keep a kref while the tty is locked (so the 1588 * unlock never unlocks a freed tty). 1589 */ 1590 mutex_lock(&tty_mutex); 1591 tty_port_set_kopened(tty->port, 0); 1592 release_tty(tty, tty->index); 1593 mutex_unlock(&tty_mutex); 1594 } 1595 EXPORT_SYMBOL_GPL(tty_kclose); 1596 1597 /** 1598 * tty_release_struct - release a tty struct 1599 * @tty: tty device 1600 * @idx: index of the tty 1601 * 1602 * Performs the final steps to release and free a tty device. It is 1603 * roughly the reverse of tty_init_dev. 1604 */ 1605 void tty_release_struct(struct tty_struct *tty, int idx) 1606 { 1607 /* 1608 * Ask the line discipline code to release its structures 1609 */ 1610 tty_ldisc_release(tty); 1611 1612 /* Wait for pending work before tty destruction commmences */ 1613 tty_flush_works(tty); 1614 1615 tty_debug_hangup(tty, "freeing structure\n"); 1616 /* 1617 * The release_tty function takes care of the details of clearing 1618 * the slots and preserving the termios structure. The tty_unlock_pair 1619 * should be safe as we keep a kref while the tty is locked (so the 1620 * unlock never unlocks a freed tty). 1621 */ 1622 mutex_lock(&tty_mutex); 1623 release_tty(tty, idx); 1624 mutex_unlock(&tty_mutex); 1625 } 1626 EXPORT_SYMBOL_GPL(tty_release_struct); 1627 1628 /** 1629 * tty_release - vfs callback for close 1630 * @inode: inode of tty 1631 * @filp: file pointer for handle to tty 1632 * 1633 * Called the last time each file handle is closed that references 1634 * this tty. There may however be several such references. 1635 * 1636 * Locking: 1637 * Takes bkl. See tty_release_dev 1638 * 1639 * Even releasing the tty structures is a tricky business.. We have 1640 * to be very careful that the structures are all released at the 1641 * same time, as interrupts might otherwise get the wrong pointers. 1642 * 1643 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1644 * lead to double frees or releasing memory still in use. 1645 */ 1646 1647 int tty_release(struct inode *inode, struct file *filp) 1648 { 1649 struct tty_struct *tty = file_tty(filp); 1650 struct tty_struct *o_tty = NULL; 1651 int do_sleep, final; 1652 int idx; 1653 long timeout = 0; 1654 int once = 1; 1655 1656 if (tty_paranoia_check(tty, inode, __func__)) 1657 return 0; 1658 1659 tty_lock(tty); 1660 check_tty_count(tty, __func__); 1661 1662 __tty_fasync(-1, filp, 0); 1663 1664 idx = tty->index; 1665 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1666 tty->driver->subtype == PTY_TYPE_MASTER) 1667 o_tty = tty->link; 1668 1669 if (tty_release_checks(tty, idx)) { 1670 tty_unlock(tty); 1671 return 0; 1672 } 1673 1674 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count); 1675 1676 if (tty->ops->close) 1677 tty->ops->close(tty, filp); 1678 1679 /* If tty is pty master, lock the slave pty (stable lock order) */ 1680 tty_lock_slave(o_tty); 1681 1682 /* 1683 * Sanity check: if tty->count is going to zero, there shouldn't be 1684 * any waiters on tty->read_wait or tty->write_wait. We test the 1685 * wait queues and kick everyone out _before_ actually starting to 1686 * close. This ensures that we won't block while releasing the tty 1687 * structure. 1688 * 1689 * The test for the o_tty closing is necessary, since the master and 1690 * slave sides may close in any order. If the slave side closes out 1691 * first, its count will be one, since the master side holds an open. 1692 * Thus this test wouldn't be triggered at the time the slave closed, 1693 * so we do it now. 1694 */ 1695 while (1) { 1696 do_sleep = 0; 1697 1698 if (tty->count <= 1) { 1699 if (waitqueue_active(&tty->read_wait)) { 1700 wake_up_poll(&tty->read_wait, EPOLLIN); 1701 do_sleep++; 1702 } 1703 if (waitqueue_active(&tty->write_wait)) { 1704 wake_up_poll(&tty->write_wait, EPOLLOUT); 1705 do_sleep++; 1706 } 1707 } 1708 if (o_tty && o_tty->count <= 1) { 1709 if (waitqueue_active(&o_tty->read_wait)) { 1710 wake_up_poll(&o_tty->read_wait, EPOLLIN); 1711 do_sleep++; 1712 } 1713 if (waitqueue_active(&o_tty->write_wait)) { 1714 wake_up_poll(&o_tty->write_wait, EPOLLOUT); 1715 do_sleep++; 1716 } 1717 } 1718 if (!do_sleep) 1719 break; 1720 1721 if (once) { 1722 once = 0; 1723 tty_warn(tty, "read/write wait queue active!\n"); 1724 } 1725 schedule_timeout_killable(timeout); 1726 if (timeout < 120 * HZ) 1727 timeout = 2 * timeout + 1; 1728 else 1729 timeout = MAX_SCHEDULE_TIMEOUT; 1730 } 1731 1732 if (o_tty) { 1733 if (--o_tty->count < 0) { 1734 tty_warn(tty, "bad slave count (%d)\n", o_tty->count); 1735 o_tty->count = 0; 1736 } 1737 } 1738 if (--tty->count < 0) { 1739 tty_warn(tty, "bad tty->count (%d)\n", tty->count); 1740 tty->count = 0; 1741 } 1742 1743 /* 1744 * We've decremented tty->count, so we need to remove this file 1745 * descriptor off the tty->tty_files list; this serves two 1746 * purposes: 1747 * - check_tty_count sees the correct number of file descriptors 1748 * associated with this tty. 1749 * - do_tty_hangup no longer sees this file descriptor as 1750 * something that needs to be handled for hangups. 1751 */ 1752 tty_del_file(filp); 1753 1754 /* 1755 * Perform some housekeeping before deciding whether to return. 1756 * 1757 * If _either_ side is closing, make sure there aren't any 1758 * processes that still think tty or o_tty is their controlling 1759 * tty. 1760 */ 1761 if (!tty->count) { 1762 read_lock(&tasklist_lock); 1763 session_clear_tty(tty->session); 1764 if (o_tty) 1765 session_clear_tty(o_tty->session); 1766 read_unlock(&tasklist_lock); 1767 } 1768 1769 /* check whether both sides are closing ... */ 1770 final = !tty->count && !(o_tty && o_tty->count); 1771 1772 tty_unlock_slave(o_tty); 1773 tty_unlock(tty); 1774 1775 /* At this point, the tty->count == 0 should ensure a dead tty 1776 cannot be re-opened by a racing opener */ 1777 1778 if (!final) 1779 return 0; 1780 1781 tty_debug_hangup(tty, "final close\n"); 1782 1783 tty_release_struct(tty, idx); 1784 return 0; 1785 } 1786 1787 /** 1788 * tty_open_current_tty - get locked tty of current task 1789 * @device: device number 1790 * @filp: file pointer to tty 1791 * @return: locked tty of the current task iff @device is /dev/tty 1792 * 1793 * Performs a re-open of the current task's controlling tty. 1794 * 1795 * We cannot return driver and index like for the other nodes because 1796 * devpts will not work then. It expects inodes to be from devpts FS. 1797 */ 1798 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1799 { 1800 struct tty_struct *tty; 1801 int retval; 1802 1803 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1804 return NULL; 1805 1806 tty = get_current_tty(); 1807 if (!tty) 1808 return ERR_PTR(-ENXIO); 1809 1810 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1811 /* noctty = 1; */ 1812 tty_lock(tty); 1813 tty_kref_put(tty); /* safe to drop the kref now */ 1814 1815 retval = tty_reopen(tty); 1816 if (retval < 0) { 1817 tty_unlock(tty); 1818 tty = ERR_PTR(retval); 1819 } 1820 return tty; 1821 } 1822 1823 /** 1824 * tty_lookup_driver - lookup a tty driver for a given device file 1825 * @device: device number 1826 * @filp: file pointer to tty 1827 * @index: index for the device in the @return driver 1828 * @return: driver for this inode (with increased refcount) 1829 * 1830 * If @return is not erroneous, the caller is responsible to decrement the 1831 * refcount by tty_driver_kref_put. 1832 * 1833 * Locking: tty_mutex protects get_tty_driver 1834 */ 1835 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1836 int *index) 1837 { 1838 struct tty_driver *driver; 1839 1840 switch (device) { 1841 #ifdef CONFIG_VT 1842 case MKDEV(TTY_MAJOR, 0): { 1843 extern struct tty_driver *console_driver; 1844 driver = tty_driver_kref_get(console_driver); 1845 *index = fg_console; 1846 break; 1847 } 1848 #endif 1849 case MKDEV(TTYAUX_MAJOR, 1): { 1850 struct tty_driver *console_driver = console_device(index); 1851 if (console_driver) { 1852 driver = tty_driver_kref_get(console_driver); 1853 if (driver && filp) { 1854 /* Don't let /dev/console block */ 1855 filp->f_flags |= O_NONBLOCK; 1856 break; 1857 } 1858 } 1859 return ERR_PTR(-ENODEV); 1860 } 1861 default: 1862 driver = get_tty_driver(device, index); 1863 if (!driver) 1864 return ERR_PTR(-ENODEV); 1865 break; 1866 } 1867 return driver; 1868 } 1869 1870 /** 1871 * tty_kopen - open a tty device for kernel 1872 * @device: dev_t of device to open 1873 * 1874 * Opens tty exclusively for kernel. Performs the driver lookup, 1875 * makes sure it's not already opened and performs the first-time 1876 * tty initialization. 1877 * 1878 * Returns the locked initialized &tty_struct 1879 * 1880 * Claims the global tty_mutex to serialize: 1881 * - concurrent first-time tty initialization 1882 * - concurrent tty driver removal w/ lookup 1883 * - concurrent tty removal from driver table 1884 */ 1885 struct tty_struct *tty_kopen(dev_t device) 1886 { 1887 struct tty_struct *tty; 1888 struct tty_driver *driver = NULL; 1889 int index = -1; 1890 1891 mutex_lock(&tty_mutex); 1892 driver = tty_lookup_driver(device, NULL, &index); 1893 if (IS_ERR(driver)) { 1894 mutex_unlock(&tty_mutex); 1895 return ERR_CAST(driver); 1896 } 1897 1898 /* check whether we're reopening an existing tty */ 1899 tty = tty_driver_lookup_tty(driver, NULL, index); 1900 if (IS_ERR(tty)) 1901 goto out; 1902 1903 if (tty) { 1904 /* drop kref from tty_driver_lookup_tty() */ 1905 tty_kref_put(tty); 1906 tty = ERR_PTR(-EBUSY); 1907 } else { /* tty_init_dev returns tty with the tty_lock held */ 1908 tty = tty_init_dev(driver, index); 1909 if (IS_ERR(tty)) 1910 goto out; 1911 tty_port_set_kopened(tty->port, 1); 1912 } 1913 out: 1914 mutex_unlock(&tty_mutex); 1915 tty_driver_kref_put(driver); 1916 return tty; 1917 } 1918 EXPORT_SYMBOL_GPL(tty_kopen); 1919 1920 /** 1921 * tty_open_by_driver - open a tty device 1922 * @device: dev_t of device to open 1923 * @inode: inode of device file 1924 * @filp: file pointer to tty 1925 * 1926 * Performs the driver lookup, checks for a reopen, or otherwise 1927 * performs the first-time tty initialization. 1928 * 1929 * Returns the locked initialized or re-opened &tty_struct 1930 * 1931 * Claims the global tty_mutex to serialize: 1932 * - concurrent first-time tty initialization 1933 * - concurrent tty driver removal w/ lookup 1934 * - concurrent tty removal from driver table 1935 */ 1936 static struct tty_struct *tty_open_by_driver(dev_t device, struct inode *inode, 1937 struct file *filp) 1938 { 1939 struct tty_struct *tty; 1940 struct tty_driver *driver = NULL; 1941 int index = -1; 1942 int retval; 1943 1944 mutex_lock(&tty_mutex); 1945 driver = tty_lookup_driver(device, filp, &index); 1946 if (IS_ERR(driver)) { 1947 mutex_unlock(&tty_mutex); 1948 return ERR_CAST(driver); 1949 } 1950 1951 /* check whether we're reopening an existing tty */ 1952 tty = tty_driver_lookup_tty(driver, filp, index); 1953 if (IS_ERR(tty)) { 1954 mutex_unlock(&tty_mutex); 1955 goto out; 1956 } 1957 1958 if (tty) { 1959 if (tty_port_kopened(tty->port)) { 1960 tty_kref_put(tty); 1961 mutex_unlock(&tty_mutex); 1962 tty = ERR_PTR(-EBUSY); 1963 goto out; 1964 } 1965 mutex_unlock(&tty_mutex); 1966 retval = tty_lock_interruptible(tty); 1967 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */ 1968 if (retval) { 1969 if (retval == -EINTR) 1970 retval = -ERESTARTSYS; 1971 tty = ERR_PTR(retval); 1972 goto out; 1973 } 1974 retval = tty_reopen(tty); 1975 if (retval < 0) { 1976 tty_unlock(tty); 1977 tty = ERR_PTR(retval); 1978 } 1979 } else { /* Returns with the tty_lock held for now */ 1980 tty = tty_init_dev(driver, index); 1981 mutex_unlock(&tty_mutex); 1982 } 1983 out: 1984 tty_driver_kref_put(driver); 1985 return tty; 1986 } 1987 1988 /** 1989 * tty_open - open a tty device 1990 * @inode: inode of device file 1991 * @filp: file pointer to tty 1992 * 1993 * tty_open and tty_release keep up the tty count that contains the 1994 * number of opens done on a tty. We cannot use the inode-count, as 1995 * different inodes might point to the same tty. 1996 * 1997 * Open-counting is needed for pty masters, as well as for keeping 1998 * track of serial lines: DTR is dropped when the last close happens. 1999 * (This is not done solely through tty->count, now. - Ted 1/27/92) 2000 * 2001 * The termios state of a pty is reset on first open so that 2002 * settings don't persist across reuse. 2003 * 2004 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 2005 * tty->count should protect the rest. 2006 * ->siglock protects ->signal/->sighand 2007 * 2008 * Note: the tty_unlock/lock cases without a ref are only safe due to 2009 * tty_mutex 2010 */ 2011 2012 static int tty_open(struct inode *inode, struct file *filp) 2013 { 2014 struct tty_struct *tty; 2015 int noctty, retval; 2016 dev_t device = inode->i_rdev; 2017 unsigned saved_flags = filp->f_flags; 2018 2019 nonseekable_open(inode, filp); 2020 2021 retry_open: 2022 retval = tty_alloc_file(filp); 2023 if (retval) 2024 return -ENOMEM; 2025 2026 tty = tty_open_current_tty(device, filp); 2027 if (!tty) 2028 tty = tty_open_by_driver(device, inode, filp); 2029 2030 if (IS_ERR(tty)) { 2031 tty_free_file(filp); 2032 retval = PTR_ERR(tty); 2033 if (retval != -EAGAIN || signal_pending(current)) 2034 return retval; 2035 schedule(); 2036 goto retry_open; 2037 } 2038 2039 tty_add_file(tty, filp); 2040 2041 check_tty_count(tty, __func__); 2042 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 2043 2044 if (tty->ops->open) 2045 retval = tty->ops->open(tty, filp); 2046 else 2047 retval = -ENODEV; 2048 filp->f_flags = saved_flags; 2049 2050 if (retval) { 2051 tty_debug_hangup(tty, "open error %d, releasing\n", retval); 2052 2053 tty_unlock(tty); /* need to call tty_release without BTM */ 2054 tty_release(inode, filp); 2055 if (retval != -ERESTARTSYS) 2056 return retval; 2057 2058 if (signal_pending(current)) 2059 return retval; 2060 2061 schedule(); 2062 /* 2063 * Need to reset f_op in case a hangup happened. 2064 */ 2065 if (tty_hung_up_p(filp)) 2066 filp->f_op = &tty_fops; 2067 goto retry_open; 2068 } 2069 clear_bit(TTY_HUPPED, &tty->flags); 2070 2071 noctty = (filp->f_flags & O_NOCTTY) || 2072 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) || 2073 device == MKDEV(TTYAUX_MAJOR, 1) || 2074 (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2075 tty->driver->subtype == PTY_TYPE_MASTER); 2076 if (!noctty) 2077 tty_open_proc_set_tty(filp, tty); 2078 tty_unlock(tty); 2079 return 0; 2080 } 2081 2082 2083 2084 /** 2085 * tty_poll - check tty status 2086 * @filp: file being polled 2087 * @wait: poll wait structures to update 2088 * 2089 * Call the line discipline polling method to obtain the poll 2090 * status of the device. 2091 * 2092 * Locking: locks called line discipline but ldisc poll method 2093 * may be re-entered freely by other callers. 2094 */ 2095 2096 static __poll_t tty_poll(struct file *filp, poll_table *wait) 2097 { 2098 struct tty_struct *tty = file_tty(filp); 2099 struct tty_ldisc *ld; 2100 __poll_t ret = 0; 2101 2102 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2103 return 0; 2104 2105 ld = tty_ldisc_ref_wait(tty); 2106 if (!ld) 2107 return hung_up_tty_poll(filp, wait); 2108 if (ld->ops->poll) 2109 ret = ld->ops->poll(tty, filp, wait); 2110 tty_ldisc_deref(ld); 2111 return ret; 2112 } 2113 2114 static int __tty_fasync(int fd, struct file *filp, int on) 2115 { 2116 struct tty_struct *tty = file_tty(filp); 2117 unsigned long flags; 2118 int retval = 0; 2119 2120 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2121 goto out; 2122 2123 retval = fasync_helper(fd, filp, on, &tty->fasync); 2124 if (retval <= 0) 2125 goto out; 2126 2127 if (on) { 2128 enum pid_type type; 2129 struct pid *pid; 2130 2131 spin_lock_irqsave(&tty->ctrl_lock, flags); 2132 if (tty->pgrp) { 2133 pid = tty->pgrp; 2134 type = PIDTYPE_PGID; 2135 } else { 2136 pid = task_pid(current); 2137 type = PIDTYPE_TGID; 2138 } 2139 get_pid(pid); 2140 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2141 __f_setown(filp, pid, type, 0); 2142 put_pid(pid); 2143 retval = 0; 2144 } 2145 out: 2146 return retval; 2147 } 2148 2149 static int tty_fasync(int fd, struct file *filp, int on) 2150 { 2151 struct tty_struct *tty = file_tty(filp); 2152 int retval = -ENOTTY; 2153 2154 tty_lock(tty); 2155 if (!tty_hung_up_p(filp)) 2156 retval = __tty_fasync(fd, filp, on); 2157 tty_unlock(tty); 2158 2159 return retval; 2160 } 2161 2162 /** 2163 * tiocsti - fake input character 2164 * @tty: tty to fake input into 2165 * @p: pointer to character 2166 * 2167 * Fake input to a tty device. Does the necessary locking and 2168 * input management. 2169 * 2170 * FIXME: does not honour flow control ?? 2171 * 2172 * Locking: 2173 * Called functions take tty_ldiscs_lock 2174 * current->signal->tty check is safe without locks 2175 * 2176 * FIXME: may race normal receive processing 2177 */ 2178 2179 static int tiocsti(struct tty_struct *tty, char __user *p) 2180 { 2181 char ch, mbz = 0; 2182 struct tty_ldisc *ld; 2183 2184 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2185 return -EPERM; 2186 if (get_user(ch, p)) 2187 return -EFAULT; 2188 tty_audit_tiocsti(tty, ch); 2189 ld = tty_ldisc_ref_wait(tty); 2190 if (!ld) 2191 return -EIO; 2192 if (ld->ops->receive_buf) 2193 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2194 tty_ldisc_deref(ld); 2195 return 0; 2196 } 2197 2198 /** 2199 * tiocgwinsz - implement window query ioctl 2200 * @tty; tty 2201 * @arg: user buffer for result 2202 * 2203 * Copies the kernel idea of the window size into the user buffer. 2204 * 2205 * Locking: tty->winsize_mutex is taken to ensure the winsize data 2206 * is consistent. 2207 */ 2208 2209 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2210 { 2211 int err; 2212 2213 mutex_lock(&tty->winsize_mutex); 2214 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2215 mutex_unlock(&tty->winsize_mutex); 2216 2217 return err ? -EFAULT: 0; 2218 } 2219 2220 /** 2221 * tty_do_resize - resize event 2222 * @tty: tty being resized 2223 * @rows: rows (character) 2224 * @cols: cols (character) 2225 * 2226 * Update the termios variables and send the necessary signals to 2227 * peform a terminal resize correctly 2228 */ 2229 2230 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2231 { 2232 struct pid *pgrp; 2233 2234 /* Lock the tty */ 2235 mutex_lock(&tty->winsize_mutex); 2236 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2237 goto done; 2238 2239 /* Signal the foreground process group */ 2240 pgrp = tty_get_pgrp(tty); 2241 if (pgrp) 2242 kill_pgrp(pgrp, SIGWINCH, 1); 2243 put_pid(pgrp); 2244 2245 tty->winsize = *ws; 2246 done: 2247 mutex_unlock(&tty->winsize_mutex); 2248 return 0; 2249 } 2250 EXPORT_SYMBOL(tty_do_resize); 2251 2252 /** 2253 * tiocswinsz - implement window size set ioctl 2254 * @tty; tty side of tty 2255 * @arg: user buffer for result 2256 * 2257 * Copies the user idea of the window size to the kernel. Traditionally 2258 * this is just advisory information but for the Linux console it 2259 * actually has driver level meaning and triggers a VC resize. 2260 * 2261 * Locking: 2262 * Driver dependent. The default do_resize method takes the 2263 * tty termios mutex and ctrl_lock. The console takes its own lock 2264 * then calls into the default method. 2265 */ 2266 2267 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2268 { 2269 struct winsize tmp_ws; 2270 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2271 return -EFAULT; 2272 2273 if (tty->ops->resize) 2274 return tty->ops->resize(tty, &tmp_ws); 2275 else 2276 return tty_do_resize(tty, &tmp_ws); 2277 } 2278 2279 /** 2280 * tioccons - allow admin to move logical console 2281 * @file: the file to become console 2282 * 2283 * Allow the administrator to move the redirected console device 2284 * 2285 * Locking: uses redirect_lock to guard the redirect information 2286 */ 2287 2288 static int tioccons(struct file *file) 2289 { 2290 if (!capable(CAP_SYS_ADMIN)) 2291 return -EPERM; 2292 if (file->f_op->write == redirected_tty_write) { 2293 struct file *f; 2294 spin_lock(&redirect_lock); 2295 f = redirect; 2296 redirect = NULL; 2297 spin_unlock(&redirect_lock); 2298 if (f) 2299 fput(f); 2300 return 0; 2301 } 2302 spin_lock(&redirect_lock); 2303 if (redirect) { 2304 spin_unlock(&redirect_lock); 2305 return -EBUSY; 2306 } 2307 redirect = get_file(file); 2308 spin_unlock(&redirect_lock); 2309 return 0; 2310 } 2311 2312 /** 2313 * tiocsetd - set line discipline 2314 * @tty: tty device 2315 * @p: pointer to user data 2316 * 2317 * Set the line discipline according to user request. 2318 * 2319 * Locking: see tty_set_ldisc, this function is just a helper 2320 */ 2321 2322 static int tiocsetd(struct tty_struct *tty, int __user *p) 2323 { 2324 int disc; 2325 int ret; 2326 2327 if (get_user(disc, p)) 2328 return -EFAULT; 2329 2330 ret = tty_set_ldisc(tty, disc); 2331 2332 return ret; 2333 } 2334 2335 /** 2336 * tiocgetd - get line discipline 2337 * @tty: tty device 2338 * @p: pointer to user data 2339 * 2340 * Retrieves the line discipline id directly from the ldisc. 2341 * 2342 * Locking: waits for ldisc reference (in case the line discipline 2343 * is changing or the tty is being hungup) 2344 */ 2345 2346 static int tiocgetd(struct tty_struct *tty, int __user *p) 2347 { 2348 struct tty_ldisc *ld; 2349 int ret; 2350 2351 ld = tty_ldisc_ref_wait(tty); 2352 if (!ld) 2353 return -EIO; 2354 ret = put_user(ld->ops->num, p); 2355 tty_ldisc_deref(ld); 2356 return ret; 2357 } 2358 2359 /** 2360 * send_break - performed time break 2361 * @tty: device to break on 2362 * @duration: timeout in mS 2363 * 2364 * Perform a timed break on hardware that lacks its own driver level 2365 * timed break functionality. 2366 * 2367 * Locking: 2368 * atomic_write_lock serializes 2369 * 2370 */ 2371 2372 static int send_break(struct tty_struct *tty, unsigned int duration) 2373 { 2374 int retval; 2375 2376 if (tty->ops->break_ctl == NULL) 2377 return 0; 2378 2379 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2380 retval = tty->ops->break_ctl(tty, duration); 2381 else { 2382 /* Do the work ourselves */ 2383 if (tty_write_lock(tty, 0) < 0) 2384 return -EINTR; 2385 retval = tty->ops->break_ctl(tty, -1); 2386 if (retval) 2387 goto out; 2388 if (!signal_pending(current)) 2389 msleep_interruptible(duration); 2390 retval = tty->ops->break_ctl(tty, 0); 2391 out: 2392 tty_write_unlock(tty); 2393 if (signal_pending(current)) 2394 retval = -EINTR; 2395 } 2396 return retval; 2397 } 2398 2399 /** 2400 * tty_tiocmget - get modem status 2401 * @tty: tty device 2402 * @file: user file pointer 2403 * @p: pointer to result 2404 * 2405 * Obtain the modem status bits from the tty driver if the feature 2406 * is supported. Return -EINVAL if it is not available. 2407 * 2408 * Locking: none (up to the driver) 2409 */ 2410 2411 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2412 { 2413 int retval = -EINVAL; 2414 2415 if (tty->ops->tiocmget) { 2416 retval = tty->ops->tiocmget(tty); 2417 2418 if (retval >= 0) 2419 retval = put_user(retval, p); 2420 } 2421 return retval; 2422 } 2423 2424 /** 2425 * tty_tiocmset - set modem status 2426 * @tty: tty device 2427 * @cmd: command - clear bits, set bits or set all 2428 * @p: pointer to desired bits 2429 * 2430 * Set the modem status bits from the tty driver if the feature 2431 * is supported. Return -EINVAL if it is not available. 2432 * 2433 * Locking: none (up to the driver) 2434 */ 2435 2436 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2437 unsigned __user *p) 2438 { 2439 int retval; 2440 unsigned int set, clear, val; 2441 2442 if (tty->ops->tiocmset == NULL) 2443 return -EINVAL; 2444 2445 retval = get_user(val, p); 2446 if (retval) 2447 return retval; 2448 set = clear = 0; 2449 switch (cmd) { 2450 case TIOCMBIS: 2451 set = val; 2452 break; 2453 case TIOCMBIC: 2454 clear = val; 2455 break; 2456 case TIOCMSET: 2457 set = val; 2458 clear = ~val; 2459 break; 2460 } 2461 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2462 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2463 return tty->ops->tiocmset(tty, set, clear); 2464 } 2465 2466 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2467 { 2468 int retval = -EINVAL; 2469 struct serial_icounter_struct icount; 2470 memset(&icount, 0, sizeof(icount)); 2471 if (tty->ops->get_icount) 2472 retval = tty->ops->get_icount(tty, &icount); 2473 if (retval != 0) 2474 return retval; 2475 if (copy_to_user(arg, &icount, sizeof(icount))) 2476 return -EFAULT; 2477 return 0; 2478 } 2479 2480 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss) 2481 { 2482 static DEFINE_RATELIMIT_STATE(depr_flags, 2483 DEFAULT_RATELIMIT_INTERVAL, 2484 DEFAULT_RATELIMIT_BURST); 2485 char comm[TASK_COMM_LEN]; 2486 struct serial_struct v; 2487 int flags; 2488 2489 if (copy_from_user(&v, ss, sizeof(struct serial_struct))) 2490 return -EFAULT; 2491 2492 flags = v.flags & ASYNC_DEPRECATED; 2493 2494 if (flags && __ratelimit(&depr_flags)) 2495 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2496 __func__, get_task_comm(comm, current), flags); 2497 if (!tty->ops->set_serial) 2498 return -ENOTTY; 2499 return tty->ops->set_serial(tty, &v); 2500 } 2501 2502 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss) 2503 { 2504 struct serial_struct v; 2505 int err; 2506 2507 memset(&v, 0, sizeof(struct serial_struct)); 2508 if (!tty->ops->get_serial) 2509 return -ENOTTY; 2510 err = tty->ops->get_serial(tty, &v); 2511 if (!err && copy_to_user(ss, &v, sizeof(struct serial_struct))) 2512 err = -EFAULT; 2513 return err; 2514 } 2515 2516 /* 2517 * if pty, return the slave side (real_tty) 2518 * otherwise, return self 2519 */ 2520 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2521 { 2522 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2523 tty->driver->subtype == PTY_TYPE_MASTER) 2524 tty = tty->link; 2525 return tty; 2526 } 2527 2528 /* 2529 * Split this up, as gcc can choke on it otherwise.. 2530 */ 2531 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2532 { 2533 struct tty_struct *tty = file_tty(file); 2534 struct tty_struct *real_tty; 2535 void __user *p = (void __user *)arg; 2536 int retval; 2537 struct tty_ldisc *ld; 2538 2539 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2540 return -EINVAL; 2541 2542 real_tty = tty_pair_get_tty(tty); 2543 2544 /* 2545 * Factor out some common prep work 2546 */ 2547 switch (cmd) { 2548 case TIOCSETD: 2549 case TIOCSBRK: 2550 case TIOCCBRK: 2551 case TCSBRK: 2552 case TCSBRKP: 2553 retval = tty_check_change(tty); 2554 if (retval) 2555 return retval; 2556 if (cmd != TIOCCBRK) { 2557 tty_wait_until_sent(tty, 0); 2558 if (signal_pending(current)) 2559 return -EINTR; 2560 } 2561 break; 2562 } 2563 2564 /* 2565 * Now do the stuff. 2566 */ 2567 switch (cmd) { 2568 case TIOCSTI: 2569 return tiocsti(tty, p); 2570 case TIOCGWINSZ: 2571 return tiocgwinsz(real_tty, p); 2572 case TIOCSWINSZ: 2573 return tiocswinsz(real_tty, p); 2574 case TIOCCONS: 2575 return real_tty != tty ? -EINVAL : tioccons(file); 2576 case TIOCEXCL: 2577 set_bit(TTY_EXCLUSIVE, &tty->flags); 2578 return 0; 2579 case TIOCNXCL: 2580 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2581 return 0; 2582 case TIOCGEXCL: 2583 { 2584 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2585 return put_user(excl, (int __user *)p); 2586 } 2587 case TIOCGETD: 2588 return tiocgetd(tty, p); 2589 case TIOCSETD: 2590 return tiocsetd(tty, p); 2591 case TIOCVHANGUP: 2592 if (!capable(CAP_SYS_ADMIN)) 2593 return -EPERM; 2594 tty_vhangup(tty); 2595 return 0; 2596 case TIOCGDEV: 2597 { 2598 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2599 return put_user(ret, (unsigned int __user *)p); 2600 } 2601 /* 2602 * Break handling 2603 */ 2604 case TIOCSBRK: /* Turn break on, unconditionally */ 2605 if (tty->ops->break_ctl) 2606 return tty->ops->break_ctl(tty, -1); 2607 return 0; 2608 case TIOCCBRK: /* Turn break off, unconditionally */ 2609 if (tty->ops->break_ctl) 2610 return tty->ops->break_ctl(tty, 0); 2611 return 0; 2612 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2613 /* non-zero arg means wait for all output data 2614 * to be sent (performed above) but don't send break. 2615 * This is used by the tcdrain() termios function. 2616 */ 2617 if (!arg) 2618 return send_break(tty, 250); 2619 return 0; 2620 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2621 return send_break(tty, arg ? arg*100 : 250); 2622 2623 case TIOCMGET: 2624 return tty_tiocmget(tty, p); 2625 case TIOCMSET: 2626 case TIOCMBIC: 2627 case TIOCMBIS: 2628 return tty_tiocmset(tty, cmd, p); 2629 case TIOCGICOUNT: 2630 return tty_tiocgicount(tty, p); 2631 case TCFLSH: 2632 switch (arg) { 2633 case TCIFLUSH: 2634 case TCIOFLUSH: 2635 /* flush tty buffer and allow ldisc to process ioctl */ 2636 tty_buffer_flush(tty, NULL); 2637 break; 2638 } 2639 break; 2640 case TIOCSSERIAL: 2641 return tty_tiocsserial(tty, p); 2642 case TIOCGSERIAL: 2643 return tty_tiocgserial(tty, p); 2644 case TIOCGPTPEER: 2645 /* Special because the struct file is needed */ 2646 return ptm_open_peer(file, tty, (int)arg); 2647 default: 2648 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg); 2649 if (retval != -ENOIOCTLCMD) 2650 return retval; 2651 } 2652 if (tty->ops->ioctl) { 2653 retval = tty->ops->ioctl(tty, cmd, arg); 2654 if (retval != -ENOIOCTLCMD) 2655 return retval; 2656 } 2657 ld = tty_ldisc_ref_wait(tty); 2658 if (!ld) 2659 return hung_up_tty_ioctl(file, cmd, arg); 2660 retval = -EINVAL; 2661 if (ld->ops->ioctl) { 2662 retval = ld->ops->ioctl(tty, file, cmd, arg); 2663 if (retval == -ENOIOCTLCMD) 2664 retval = -ENOTTY; 2665 } 2666 tty_ldisc_deref(ld); 2667 return retval; 2668 } 2669 2670 #ifdef CONFIG_COMPAT 2671 2672 struct serial_struct32 { 2673 compat_int_t type; 2674 compat_int_t line; 2675 compat_uint_t port; 2676 compat_int_t irq; 2677 compat_int_t flags; 2678 compat_int_t xmit_fifo_size; 2679 compat_int_t custom_divisor; 2680 compat_int_t baud_base; 2681 unsigned short close_delay; 2682 char io_type; 2683 char reserved_char[1]; 2684 compat_int_t hub6; 2685 unsigned short closing_wait; /* time to wait before closing */ 2686 unsigned short closing_wait2; /* no longer used... */ 2687 compat_uint_t iomem_base; 2688 unsigned short iomem_reg_shift; 2689 unsigned int port_high; 2690 /* compat_ulong_t iomap_base FIXME */ 2691 compat_int_t reserved[1]; 2692 }; 2693 2694 static int compat_tty_tiocsserial(struct tty_struct *tty, 2695 struct serial_struct32 __user *ss) 2696 { 2697 static DEFINE_RATELIMIT_STATE(depr_flags, 2698 DEFAULT_RATELIMIT_INTERVAL, 2699 DEFAULT_RATELIMIT_BURST); 2700 char comm[TASK_COMM_LEN]; 2701 struct serial_struct32 v32; 2702 struct serial_struct v; 2703 int flags; 2704 2705 if (copy_from_user(&v32, ss, sizeof(struct serial_struct32))) 2706 return -EFAULT; 2707 2708 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base)); 2709 v.iomem_base = compat_ptr(v32.iomem_base); 2710 v.iomem_reg_shift = v32.iomem_reg_shift; 2711 v.port_high = v32.port_high; 2712 v.iomap_base = 0; 2713 2714 flags = v.flags & ASYNC_DEPRECATED; 2715 2716 if (flags && __ratelimit(&depr_flags)) 2717 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2718 __func__, get_task_comm(comm, current), flags); 2719 if (!tty->ops->set_serial) 2720 return -ENOTTY; 2721 return tty->ops->set_serial(tty, &v); 2722 } 2723 2724 static int compat_tty_tiocgserial(struct tty_struct *tty, 2725 struct serial_struct32 __user *ss) 2726 { 2727 struct serial_struct32 v32; 2728 struct serial_struct v; 2729 int err; 2730 memset(&v, 0, sizeof(struct serial_struct)); 2731 2732 if (!tty->ops->set_serial) 2733 return -ENOTTY; 2734 err = tty->ops->get_serial(tty, &v); 2735 if (!err) { 2736 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base)); 2737 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ? 2738 0xfffffff : ptr_to_compat(v.iomem_base); 2739 v32.iomem_reg_shift = v.iomem_reg_shift; 2740 v32.port_high = v.port_high; 2741 if (copy_to_user(ss, &v32, sizeof(struct serial_struct32))) 2742 err = -EFAULT; 2743 } 2744 return err; 2745 } 2746 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2747 unsigned long arg) 2748 { 2749 struct tty_struct *tty = file_tty(file); 2750 struct tty_ldisc *ld; 2751 int retval = -ENOIOCTLCMD; 2752 2753 switch (cmd) { 2754 case TIOCSTI: 2755 case TIOCGWINSZ: 2756 case TIOCSWINSZ: 2757 case TIOCGEXCL: 2758 case TIOCGETD: 2759 case TIOCSETD: 2760 case TIOCGDEV: 2761 case TIOCMGET: 2762 case TIOCMSET: 2763 case TIOCMBIC: 2764 case TIOCMBIS: 2765 case TIOCGICOUNT: 2766 case TIOCGPGRP: 2767 case TIOCSPGRP: 2768 case TIOCGSID: 2769 case TIOCSERGETLSR: 2770 case TIOCGRS485: 2771 case TIOCSRS485: 2772 #ifdef TIOCGETP 2773 case TIOCGETP: 2774 case TIOCSETP: 2775 case TIOCSETN: 2776 #endif 2777 #ifdef TIOCGETC 2778 case TIOCGETC: 2779 case TIOCSETC: 2780 #endif 2781 #ifdef TIOCGLTC 2782 case TIOCGLTC: 2783 case TIOCSLTC: 2784 #endif 2785 case TCSETSF: 2786 case TCSETSW: 2787 case TCSETS: 2788 case TCGETS: 2789 #ifdef TCGETS2 2790 case TCGETS2: 2791 case TCSETSF2: 2792 case TCSETSW2: 2793 case TCSETS2: 2794 #endif 2795 case TCGETA: 2796 case TCSETAF: 2797 case TCSETAW: 2798 case TCSETA: 2799 case TIOCGLCKTRMIOS: 2800 case TIOCSLCKTRMIOS: 2801 #ifdef TCGETX 2802 case TCGETX: 2803 case TCSETX: 2804 case TCSETXW: 2805 case TCSETXF: 2806 #endif 2807 case TIOCGSOFTCAR: 2808 case TIOCSSOFTCAR: 2809 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 2810 case TIOCCONS: 2811 case TIOCEXCL: 2812 case TIOCNXCL: 2813 case TIOCVHANGUP: 2814 case TIOCSBRK: 2815 case TIOCCBRK: 2816 case TCSBRK: 2817 case TCSBRKP: 2818 case TCFLSH: 2819 case TIOCGPTPEER: 2820 case TIOCNOTTY: 2821 case TIOCSCTTY: 2822 case TCXONC: 2823 case TIOCMIWAIT: 2824 case TIOCSERCONFIG: 2825 return tty_ioctl(file, cmd, arg); 2826 } 2827 2828 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2829 return -EINVAL; 2830 2831 switch (cmd) { 2832 case TIOCSSERIAL: 2833 return compat_tty_tiocsserial(tty, compat_ptr(arg)); 2834 case TIOCGSERIAL: 2835 return compat_tty_tiocgserial(tty, compat_ptr(arg)); 2836 } 2837 if (tty->ops->compat_ioctl) { 2838 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2839 if (retval != -ENOIOCTLCMD) 2840 return retval; 2841 } 2842 2843 ld = tty_ldisc_ref_wait(tty); 2844 if (!ld) 2845 return hung_up_tty_compat_ioctl(file, cmd, arg); 2846 if (ld->ops->compat_ioctl) 2847 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2848 if (retval == -ENOIOCTLCMD && ld->ops->ioctl) 2849 retval = ld->ops->ioctl(tty, file, 2850 (unsigned long)compat_ptr(cmd), arg); 2851 tty_ldisc_deref(ld); 2852 2853 return retval; 2854 } 2855 #endif 2856 2857 static int this_tty(const void *t, struct file *file, unsigned fd) 2858 { 2859 if (likely(file->f_op->read != tty_read)) 2860 return 0; 2861 return file_tty(file) != t ? 0 : fd + 1; 2862 } 2863 2864 /* 2865 * This implements the "Secure Attention Key" --- the idea is to 2866 * prevent trojan horses by killing all processes associated with this 2867 * tty when the user hits the "Secure Attention Key". Required for 2868 * super-paranoid applications --- see the Orange Book for more details. 2869 * 2870 * This code could be nicer; ideally it should send a HUP, wait a few 2871 * seconds, then send a INT, and then a KILL signal. But you then 2872 * have to coordinate with the init process, since all processes associated 2873 * with the current tty must be dead before the new getty is allowed 2874 * to spawn. 2875 * 2876 * Now, if it would be correct ;-/ The current code has a nasty hole - 2877 * it doesn't catch files in flight. We may send the descriptor to ourselves 2878 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2879 * 2880 * Nasty bug: do_SAK is being called in interrupt context. This can 2881 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2882 */ 2883 void __do_SAK(struct tty_struct *tty) 2884 { 2885 #ifdef TTY_SOFT_SAK 2886 tty_hangup(tty); 2887 #else 2888 struct task_struct *g, *p; 2889 struct pid *session; 2890 int i; 2891 2892 if (!tty) 2893 return; 2894 session = tty->session; 2895 2896 tty_ldisc_flush(tty); 2897 2898 tty_driver_flush_buffer(tty); 2899 2900 read_lock(&tasklist_lock); 2901 /* Kill the entire session */ 2902 do_each_pid_task(session, PIDTYPE_SID, p) { 2903 tty_notice(tty, "SAK: killed process %d (%s): by session\n", 2904 task_pid_nr(p), p->comm); 2905 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2906 } while_each_pid_task(session, PIDTYPE_SID, p); 2907 2908 /* Now kill any processes that happen to have the tty open */ 2909 do_each_thread(g, p) { 2910 if (p->signal->tty == tty) { 2911 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n", 2912 task_pid_nr(p), p->comm); 2913 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2914 continue; 2915 } 2916 task_lock(p); 2917 i = iterate_fd(p->files, 0, this_tty, tty); 2918 if (i != 0) { 2919 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n", 2920 task_pid_nr(p), p->comm, i - 1); 2921 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2922 } 2923 task_unlock(p); 2924 } while_each_thread(g, p); 2925 read_unlock(&tasklist_lock); 2926 #endif 2927 } 2928 2929 static void do_SAK_work(struct work_struct *work) 2930 { 2931 struct tty_struct *tty = 2932 container_of(work, struct tty_struct, SAK_work); 2933 __do_SAK(tty); 2934 } 2935 2936 /* 2937 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2938 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2939 * the values which we write to it will be identical to the values which it 2940 * already has. --akpm 2941 */ 2942 void do_SAK(struct tty_struct *tty) 2943 { 2944 if (!tty) 2945 return; 2946 schedule_work(&tty->SAK_work); 2947 } 2948 2949 EXPORT_SYMBOL(do_SAK); 2950 2951 static int dev_match_devt(struct device *dev, const void *data) 2952 { 2953 const dev_t *devt = data; 2954 return dev->devt == *devt; 2955 } 2956 2957 /* Must put_device() after it's unused! */ 2958 static struct device *tty_get_device(struct tty_struct *tty) 2959 { 2960 dev_t devt = tty_devnum(tty); 2961 return class_find_device(tty_class, NULL, &devt, dev_match_devt); 2962 } 2963 2964 2965 /** 2966 * alloc_tty_struct 2967 * 2968 * This subroutine allocates and initializes a tty structure. 2969 * 2970 * Locking: none - tty in question is not exposed at this point 2971 */ 2972 2973 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 2974 { 2975 struct tty_struct *tty; 2976 2977 tty = kzalloc(sizeof(*tty), GFP_KERNEL); 2978 if (!tty) 2979 return NULL; 2980 2981 kref_init(&tty->kref); 2982 tty->magic = TTY_MAGIC; 2983 if (tty_ldisc_init(tty)) { 2984 kfree(tty); 2985 return NULL; 2986 } 2987 tty->session = NULL; 2988 tty->pgrp = NULL; 2989 mutex_init(&tty->legacy_mutex); 2990 mutex_init(&tty->throttle_mutex); 2991 init_rwsem(&tty->termios_rwsem); 2992 mutex_init(&tty->winsize_mutex); 2993 init_ldsem(&tty->ldisc_sem); 2994 init_waitqueue_head(&tty->write_wait); 2995 init_waitqueue_head(&tty->read_wait); 2996 INIT_WORK(&tty->hangup_work, do_tty_hangup); 2997 mutex_init(&tty->atomic_write_lock); 2998 spin_lock_init(&tty->ctrl_lock); 2999 spin_lock_init(&tty->flow_lock); 3000 spin_lock_init(&tty->files_lock); 3001 INIT_LIST_HEAD(&tty->tty_files); 3002 INIT_WORK(&tty->SAK_work, do_SAK_work); 3003 3004 tty->driver = driver; 3005 tty->ops = driver->ops; 3006 tty->index = idx; 3007 tty_line_name(driver, idx, tty->name); 3008 tty->dev = tty_get_device(tty); 3009 3010 return tty; 3011 } 3012 3013 /** 3014 * tty_put_char - write one character to a tty 3015 * @tty: tty 3016 * @ch: character 3017 * 3018 * Write one byte to the tty using the provided put_char method 3019 * if present. Returns the number of characters successfully output. 3020 * 3021 * Note: the specific put_char operation in the driver layer may go 3022 * away soon. Don't call it directly, use this method 3023 */ 3024 3025 int tty_put_char(struct tty_struct *tty, unsigned char ch) 3026 { 3027 if (tty->ops->put_char) 3028 return tty->ops->put_char(tty, ch); 3029 return tty->ops->write(tty, &ch, 1); 3030 } 3031 EXPORT_SYMBOL_GPL(tty_put_char); 3032 3033 struct class *tty_class; 3034 3035 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3036 unsigned int index, unsigned int count) 3037 { 3038 int err; 3039 3040 /* init here, since reused cdevs cause crashes */ 3041 driver->cdevs[index] = cdev_alloc(); 3042 if (!driver->cdevs[index]) 3043 return -ENOMEM; 3044 driver->cdevs[index]->ops = &tty_fops; 3045 driver->cdevs[index]->owner = driver->owner; 3046 err = cdev_add(driver->cdevs[index], dev, count); 3047 if (err) 3048 kobject_put(&driver->cdevs[index]->kobj); 3049 return err; 3050 } 3051 3052 /** 3053 * tty_register_device - register a tty device 3054 * @driver: the tty driver that describes the tty device 3055 * @index: the index in the tty driver for this tty device 3056 * @device: a struct device that is associated with this tty device. 3057 * This field is optional, if there is no known struct device 3058 * for this tty device it can be set to NULL safely. 3059 * 3060 * Returns a pointer to the struct device for this tty device 3061 * (or ERR_PTR(-EFOO) on error). 3062 * 3063 * This call is required to be made to register an individual tty device 3064 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3065 * that bit is not set, this function should not be called by a tty 3066 * driver. 3067 * 3068 * Locking: ?? 3069 */ 3070 3071 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3072 struct device *device) 3073 { 3074 return tty_register_device_attr(driver, index, device, NULL, NULL); 3075 } 3076 EXPORT_SYMBOL(tty_register_device); 3077 3078 static void tty_device_create_release(struct device *dev) 3079 { 3080 dev_dbg(dev, "releasing...\n"); 3081 kfree(dev); 3082 } 3083 3084 /** 3085 * tty_register_device_attr - register a tty device 3086 * @driver: the tty driver that describes the tty device 3087 * @index: the index in the tty driver for this tty device 3088 * @device: a struct device that is associated with this tty device. 3089 * This field is optional, if there is no known struct device 3090 * for this tty device it can be set to NULL safely. 3091 * @drvdata: Driver data to be set to device. 3092 * @attr_grp: Attribute group to be set on device. 3093 * 3094 * Returns a pointer to the struct device for this tty device 3095 * (or ERR_PTR(-EFOO) on error). 3096 * 3097 * This call is required to be made to register an individual tty device 3098 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3099 * that bit is not set, this function should not be called by a tty 3100 * driver. 3101 * 3102 * Locking: ?? 3103 */ 3104 struct device *tty_register_device_attr(struct tty_driver *driver, 3105 unsigned index, struct device *device, 3106 void *drvdata, 3107 const struct attribute_group **attr_grp) 3108 { 3109 char name[64]; 3110 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3111 struct ktermios *tp; 3112 struct device *dev; 3113 int retval; 3114 3115 if (index >= driver->num) { 3116 pr_err("%s: Attempt to register invalid tty line number (%d)\n", 3117 driver->name, index); 3118 return ERR_PTR(-EINVAL); 3119 } 3120 3121 if (driver->type == TTY_DRIVER_TYPE_PTY) 3122 pty_line_name(driver, index, name); 3123 else 3124 tty_line_name(driver, index, name); 3125 3126 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3127 if (!dev) 3128 return ERR_PTR(-ENOMEM); 3129 3130 dev->devt = devt; 3131 dev->class = tty_class; 3132 dev->parent = device; 3133 dev->release = tty_device_create_release; 3134 dev_set_name(dev, "%s", name); 3135 dev->groups = attr_grp; 3136 dev_set_drvdata(dev, drvdata); 3137 3138 dev_set_uevent_suppress(dev, 1); 3139 3140 retval = device_register(dev); 3141 if (retval) 3142 goto err_put; 3143 3144 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3145 /* 3146 * Free any saved termios data so that the termios state is 3147 * reset when reusing a minor number. 3148 */ 3149 tp = driver->termios[index]; 3150 if (tp) { 3151 driver->termios[index] = NULL; 3152 kfree(tp); 3153 } 3154 3155 retval = tty_cdev_add(driver, devt, index, 1); 3156 if (retval) 3157 goto err_del; 3158 } 3159 3160 dev_set_uevent_suppress(dev, 0); 3161 kobject_uevent(&dev->kobj, KOBJ_ADD); 3162 3163 return dev; 3164 3165 err_del: 3166 device_del(dev); 3167 err_put: 3168 put_device(dev); 3169 3170 return ERR_PTR(retval); 3171 } 3172 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3173 3174 /** 3175 * tty_unregister_device - unregister a tty device 3176 * @driver: the tty driver that describes the tty device 3177 * @index: the index in the tty driver for this tty device 3178 * 3179 * If a tty device is registered with a call to tty_register_device() then 3180 * this function must be called when the tty device is gone. 3181 * 3182 * Locking: ?? 3183 */ 3184 3185 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3186 { 3187 device_destroy(tty_class, 3188 MKDEV(driver->major, driver->minor_start) + index); 3189 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3190 cdev_del(driver->cdevs[index]); 3191 driver->cdevs[index] = NULL; 3192 } 3193 } 3194 EXPORT_SYMBOL(tty_unregister_device); 3195 3196 /** 3197 * __tty_alloc_driver -- allocate tty driver 3198 * @lines: count of lines this driver can handle at most 3199 * @owner: module which is responsible for this driver 3200 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3201 * 3202 * This should not be called directly, some of the provided macros should be 3203 * used instead. Use IS_ERR and friends on @retval. 3204 */ 3205 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3206 unsigned long flags) 3207 { 3208 struct tty_driver *driver; 3209 unsigned int cdevs = 1; 3210 int err; 3211 3212 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3213 return ERR_PTR(-EINVAL); 3214 3215 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL); 3216 if (!driver) 3217 return ERR_PTR(-ENOMEM); 3218 3219 kref_init(&driver->kref); 3220 driver->magic = TTY_DRIVER_MAGIC; 3221 driver->num = lines; 3222 driver->owner = owner; 3223 driver->flags = flags; 3224 3225 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3226 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3227 GFP_KERNEL); 3228 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3229 GFP_KERNEL); 3230 if (!driver->ttys || !driver->termios) { 3231 err = -ENOMEM; 3232 goto err_free_all; 3233 } 3234 } 3235 3236 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3237 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3238 GFP_KERNEL); 3239 if (!driver->ports) { 3240 err = -ENOMEM; 3241 goto err_free_all; 3242 } 3243 cdevs = lines; 3244 } 3245 3246 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3247 if (!driver->cdevs) { 3248 err = -ENOMEM; 3249 goto err_free_all; 3250 } 3251 3252 return driver; 3253 err_free_all: 3254 kfree(driver->ports); 3255 kfree(driver->ttys); 3256 kfree(driver->termios); 3257 kfree(driver->cdevs); 3258 kfree(driver); 3259 return ERR_PTR(err); 3260 } 3261 EXPORT_SYMBOL(__tty_alloc_driver); 3262 3263 static void destruct_tty_driver(struct kref *kref) 3264 { 3265 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3266 int i; 3267 struct ktermios *tp; 3268 3269 if (driver->flags & TTY_DRIVER_INSTALLED) { 3270 for (i = 0; i < driver->num; i++) { 3271 tp = driver->termios[i]; 3272 if (tp) { 3273 driver->termios[i] = NULL; 3274 kfree(tp); 3275 } 3276 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3277 tty_unregister_device(driver, i); 3278 } 3279 proc_tty_unregister_driver(driver); 3280 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3281 cdev_del(driver->cdevs[0]); 3282 } 3283 kfree(driver->cdevs); 3284 kfree(driver->ports); 3285 kfree(driver->termios); 3286 kfree(driver->ttys); 3287 kfree(driver); 3288 } 3289 3290 void tty_driver_kref_put(struct tty_driver *driver) 3291 { 3292 kref_put(&driver->kref, destruct_tty_driver); 3293 } 3294 EXPORT_SYMBOL(tty_driver_kref_put); 3295 3296 void tty_set_operations(struct tty_driver *driver, 3297 const struct tty_operations *op) 3298 { 3299 driver->ops = op; 3300 }; 3301 EXPORT_SYMBOL(tty_set_operations); 3302 3303 void put_tty_driver(struct tty_driver *d) 3304 { 3305 tty_driver_kref_put(d); 3306 } 3307 EXPORT_SYMBOL(put_tty_driver); 3308 3309 /* 3310 * Called by a tty driver to register itself. 3311 */ 3312 int tty_register_driver(struct tty_driver *driver) 3313 { 3314 int error; 3315 int i; 3316 dev_t dev; 3317 struct device *d; 3318 3319 if (!driver->major) { 3320 error = alloc_chrdev_region(&dev, driver->minor_start, 3321 driver->num, driver->name); 3322 if (!error) { 3323 driver->major = MAJOR(dev); 3324 driver->minor_start = MINOR(dev); 3325 } 3326 } else { 3327 dev = MKDEV(driver->major, driver->minor_start); 3328 error = register_chrdev_region(dev, driver->num, driver->name); 3329 } 3330 if (error < 0) 3331 goto err; 3332 3333 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3334 error = tty_cdev_add(driver, dev, 0, driver->num); 3335 if (error) 3336 goto err_unreg_char; 3337 } 3338 3339 mutex_lock(&tty_mutex); 3340 list_add(&driver->tty_drivers, &tty_drivers); 3341 mutex_unlock(&tty_mutex); 3342 3343 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3344 for (i = 0; i < driver->num; i++) { 3345 d = tty_register_device(driver, i, NULL); 3346 if (IS_ERR(d)) { 3347 error = PTR_ERR(d); 3348 goto err_unreg_devs; 3349 } 3350 } 3351 } 3352 proc_tty_register_driver(driver); 3353 driver->flags |= TTY_DRIVER_INSTALLED; 3354 return 0; 3355 3356 err_unreg_devs: 3357 for (i--; i >= 0; i--) 3358 tty_unregister_device(driver, i); 3359 3360 mutex_lock(&tty_mutex); 3361 list_del(&driver->tty_drivers); 3362 mutex_unlock(&tty_mutex); 3363 3364 err_unreg_char: 3365 unregister_chrdev_region(dev, driver->num); 3366 err: 3367 return error; 3368 } 3369 EXPORT_SYMBOL(tty_register_driver); 3370 3371 /* 3372 * Called by a tty driver to unregister itself. 3373 */ 3374 int tty_unregister_driver(struct tty_driver *driver) 3375 { 3376 #if 0 3377 /* FIXME */ 3378 if (driver->refcount) 3379 return -EBUSY; 3380 #endif 3381 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3382 driver->num); 3383 mutex_lock(&tty_mutex); 3384 list_del(&driver->tty_drivers); 3385 mutex_unlock(&tty_mutex); 3386 return 0; 3387 } 3388 3389 EXPORT_SYMBOL(tty_unregister_driver); 3390 3391 dev_t tty_devnum(struct tty_struct *tty) 3392 { 3393 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3394 } 3395 EXPORT_SYMBOL(tty_devnum); 3396 3397 void tty_default_fops(struct file_operations *fops) 3398 { 3399 *fops = tty_fops; 3400 } 3401 3402 static char *tty_devnode(struct device *dev, umode_t *mode) 3403 { 3404 if (!mode) 3405 return NULL; 3406 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3407 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3408 *mode = 0666; 3409 return NULL; 3410 } 3411 3412 static int __init tty_class_init(void) 3413 { 3414 tty_class = class_create(THIS_MODULE, "tty"); 3415 if (IS_ERR(tty_class)) 3416 return PTR_ERR(tty_class); 3417 tty_class->devnode = tty_devnode; 3418 return 0; 3419 } 3420 3421 postcore_initcall(tty_class_init); 3422 3423 /* 3/2004 jmc: why do these devices exist? */ 3424 static struct cdev tty_cdev, console_cdev; 3425 3426 static ssize_t show_cons_active(struct device *dev, 3427 struct device_attribute *attr, char *buf) 3428 { 3429 struct console *cs[16]; 3430 int i = 0; 3431 struct console *c; 3432 ssize_t count = 0; 3433 3434 console_lock(); 3435 for_each_console(c) { 3436 if (!c->device) 3437 continue; 3438 if (!c->write) 3439 continue; 3440 if ((c->flags & CON_ENABLED) == 0) 3441 continue; 3442 cs[i++] = c; 3443 if (i >= ARRAY_SIZE(cs)) 3444 break; 3445 } 3446 while (i--) { 3447 int index = cs[i]->index; 3448 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3449 3450 /* don't resolve tty0 as some programs depend on it */ 3451 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3452 count += tty_line_name(drv, index, buf + count); 3453 else 3454 count += sprintf(buf + count, "%s%d", 3455 cs[i]->name, cs[i]->index); 3456 3457 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3458 } 3459 console_unlock(); 3460 3461 return count; 3462 } 3463 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3464 3465 static struct attribute *cons_dev_attrs[] = { 3466 &dev_attr_active.attr, 3467 NULL 3468 }; 3469 3470 ATTRIBUTE_GROUPS(cons_dev); 3471 3472 static struct device *consdev; 3473 3474 void console_sysfs_notify(void) 3475 { 3476 if (consdev) 3477 sysfs_notify(&consdev->kobj, NULL, "active"); 3478 } 3479 3480 /* 3481 * Ok, now we can initialize the rest of the tty devices and can count 3482 * on memory allocations, interrupts etc.. 3483 */ 3484 int __init tty_init(void) 3485 { 3486 cdev_init(&tty_cdev, &tty_fops); 3487 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3488 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3489 panic("Couldn't register /dev/tty driver\n"); 3490 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3491 3492 cdev_init(&console_cdev, &console_fops); 3493 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3494 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3495 panic("Couldn't register /dev/console driver\n"); 3496 consdev = device_create_with_groups(tty_class, NULL, 3497 MKDEV(TTYAUX_MAJOR, 1), NULL, 3498 cons_dev_groups, "console"); 3499 if (IS_ERR(consdev)) 3500 consdev = NULL; 3501 3502 #ifdef CONFIG_VT 3503 vty_init(&console_fops); 3504 #endif 3505 return 0; 3506 } 3507 3508