1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 /* 7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 8 * or rs-channels. It also implements echoing, cooked mode etc. 9 * 10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 11 * 12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 13 * tty_struct and tty_queue structures. Previously there was an array 14 * of 256 tty_struct's which was statically allocated, and the 15 * tty_queue structures were allocated at boot time. Both are now 16 * dynamically allocated only when the tty is open. 17 * 18 * Also restructured routines so that there is more of a separation 19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 20 * the low-level tty routines (serial.c, pty.c, console.c). This 21 * makes for cleaner and more compact code. -TYT, 9/17/92 22 * 23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 24 * which can be dynamically activated and de-activated by the line 25 * discipline handling modules (like SLIP). 26 * 27 * NOTE: pay no attention to the line discipline code (yet); its 28 * interface is still subject to change in this version... 29 * -- TYT, 1/31/92 30 * 31 * Added functionality to the OPOST tty handling. No delays, but all 32 * other bits should be there. 33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 34 * 35 * Rewrote canonical mode and added more termios flags. 36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 37 * 38 * Reorganized FASYNC support so mouse code can share it. 39 * -- ctm@ardi.com, 9Sep95 40 * 41 * New TIOCLINUX variants added. 42 * -- mj@k332.feld.cvut.cz, 19-Nov-95 43 * 44 * Restrict vt switching via ioctl() 45 * -- grif@cs.ucr.edu, 5-Dec-95 46 * 47 * Move console and virtual terminal code to more appropriate files, 48 * implement CONFIG_VT and generalize console device interface. 49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 50 * 51 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 52 * -- Bill Hawes <whawes@star.net>, June 97 53 * 54 * Added devfs support. 55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 56 * 57 * Added support for a Unix98-style ptmx device. 58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 59 * 60 * Reduced memory usage for older ARM systems 61 * -- Russell King <rmk@arm.linux.org.uk> 62 * 63 * Move do_SAK() into process context. Less stack use in devfs functions. 64 * alloc_tty_struct() always uses kmalloc() 65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 66 */ 67 68 #include <linux/types.h> 69 #include <linux/major.h> 70 #include <linux/errno.h> 71 #include <linux/signal.h> 72 #include <linux/fcntl.h> 73 #include <linux/sched/signal.h> 74 #include <linux/sched/task.h> 75 #include <linux/interrupt.h> 76 #include <linux/tty.h> 77 #include <linux/tty_driver.h> 78 #include <linux/tty_flip.h> 79 #include <linux/devpts_fs.h> 80 #include <linux/file.h> 81 #include <linux/fdtable.h> 82 #include <linux/console.h> 83 #include <linux/timer.h> 84 #include <linux/ctype.h> 85 #include <linux/kd.h> 86 #include <linux/mm.h> 87 #include <linux/string.h> 88 #include <linux/slab.h> 89 #include <linux/poll.h> 90 #include <linux/proc_fs.h> 91 #include <linux/init.h> 92 #include <linux/module.h> 93 #include <linux/device.h> 94 #include <linux/wait.h> 95 #include <linux/bitops.h> 96 #include <linux/delay.h> 97 #include <linux/seq_file.h> 98 #include <linux/serial.h> 99 #include <linux/ratelimit.h> 100 #include <linux/compat.h> 101 102 #include <linux/uaccess.h> 103 104 #include <linux/kbd_kern.h> 105 #include <linux/vt_kern.h> 106 #include <linux/selection.h> 107 108 #include <linux/kmod.h> 109 #include <linux/nsproxy.h> 110 111 #undef TTY_DEBUG_HANGUP 112 #ifdef TTY_DEBUG_HANGUP 113 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 114 #else 115 # define tty_debug_hangup(tty, f, args...) do { } while (0) 116 #endif 117 118 #define TTY_PARANOIA_CHECK 1 119 #define CHECK_TTY_COUNT 1 120 121 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 122 .c_iflag = ICRNL | IXON, 123 .c_oflag = OPOST | ONLCR, 124 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 125 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 126 ECHOCTL | ECHOKE | IEXTEN, 127 .c_cc = INIT_C_CC, 128 .c_ispeed = 38400, 129 .c_ospeed = 38400, 130 /* .c_line = N_TTY, */ 131 }; 132 133 EXPORT_SYMBOL(tty_std_termios); 134 135 /* This list gets poked at by procfs and various bits of boot up code. This 136 could do with some rationalisation such as pulling the tty proc function 137 into this file */ 138 139 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 140 141 /* Mutex to protect creating and releasing a tty */ 142 DEFINE_MUTEX(tty_mutex); 143 144 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 145 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); 146 ssize_t redirected_tty_write(struct file *, const char __user *, 147 size_t, loff_t *); 148 static __poll_t tty_poll(struct file *, poll_table *); 149 static int tty_open(struct inode *, struct file *); 150 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 151 #ifdef CONFIG_COMPAT 152 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 153 unsigned long arg); 154 #else 155 #define tty_compat_ioctl NULL 156 #endif 157 static int __tty_fasync(int fd, struct file *filp, int on); 158 static int tty_fasync(int fd, struct file *filp, int on); 159 static void release_tty(struct tty_struct *tty, int idx); 160 161 /** 162 * free_tty_struct - free a disused tty 163 * @tty: tty struct to free 164 * 165 * Free the write buffers, tty queue and tty memory itself. 166 * 167 * Locking: none. Must be called after tty is definitely unused 168 */ 169 170 static void free_tty_struct(struct tty_struct *tty) 171 { 172 tty_ldisc_deinit(tty); 173 put_device(tty->dev); 174 kfree(tty->write_buf); 175 tty->magic = 0xDEADDEAD; 176 kfree(tty); 177 } 178 179 static inline struct tty_struct *file_tty(struct file *file) 180 { 181 return ((struct tty_file_private *)file->private_data)->tty; 182 } 183 184 int tty_alloc_file(struct file *file) 185 { 186 struct tty_file_private *priv; 187 188 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 189 if (!priv) 190 return -ENOMEM; 191 192 file->private_data = priv; 193 194 return 0; 195 } 196 197 /* Associate a new file with the tty structure */ 198 void tty_add_file(struct tty_struct *tty, struct file *file) 199 { 200 struct tty_file_private *priv = file->private_data; 201 202 priv->tty = tty; 203 priv->file = file; 204 205 spin_lock(&tty->files_lock); 206 list_add(&priv->list, &tty->tty_files); 207 spin_unlock(&tty->files_lock); 208 } 209 210 /** 211 * tty_free_file - free file->private_data 212 * 213 * This shall be used only for fail path handling when tty_add_file was not 214 * called yet. 215 */ 216 void tty_free_file(struct file *file) 217 { 218 struct tty_file_private *priv = file->private_data; 219 220 file->private_data = NULL; 221 kfree(priv); 222 } 223 224 /* Delete file from its tty */ 225 static void tty_del_file(struct file *file) 226 { 227 struct tty_file_private *priv = file->private_data; 228 struct tty_struct *tty = priv->tty; 229 230 spin_lock(&tty->files_lock); 231 list_del(&priv->list); 232 spin_unlock(&tty->files_lock); 233 tty_free_file(file); 234 } 235 236 /** 237 * tty_name - return tty naming 238 * @tty: tty structure 239 * 240 * Convert a tty structure into a name. The name reflects the kernel 241 * naming policy and if udev is in use may not reflect user space 242 * 243 * Locking: none 244 */ 245 246 const char *tty_name(const struct tty_struct *tty) 247 { 248 if (!tty) /* Hmm. NULL pointer. That's fun. */ 249 return "NULL tty"; 250 return tty->name; 251 } 252 253 EXPORT_SYMBOL(tty_name); 254 255 const char *tty_driver_name(const struct tty_struct *tty) 256 { 257 if (!tty || !tty->driver) 258 return ""; 259 return tty->driver->name; 260 } 261 262 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 263 const char *routine) 264 { 265 #ifdef TTY_PARANOIA_CHECK 266 if (!tty) { 267 pr_warn("(%d:%d): %s: NULL tty\n", 268 imajor(inode), iminor(inode), routine); 269 return 1; 270 } 271 if (tty->magic != TTY_MAGIC) { 272 pr_warn("(%d:%d): %s: bad magic number\n", 273 imajor(inode), iminor(inode), routine); 274 return 1; 275 } 276 #endif 277 return 0; 278 } 279 280 /* Caller must hold tty_lock */ 281 static int check_tty_count(struct tty_struct *tty, const char *routine) 282 { 283 #ifdef CHECK_TTY_COUNT 284 struct list_head *p; 285 int count = 0, kopen_count = 0; 286 287 spin_lock(&tty->files_lock); 288 list_for_each(p, &tty->tty_files) { 289 count++; 290 } 291 spin_unlock(&tty->files_lock); 292 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 293 tty->driver->subtype == PTY_TYPE_SLAVE && 294 tty->link && tty->link->count) 295 count++; 296 if (tty_port_kopened(tty->port)) 297 kopen_count++; 298 if (tty->count != (count + kopen_count)) { 299 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n", 300 routine, tty->count, count, kopen_count); 301 return (count + kopen_count); 302 } 303 #endif 304 return 0; 305 } 306 307 /** 308 * get_tty_driver - find device of a tty 309 * @dev_t: device identifier 310 * @index: returns the index of the tty 311 * 312 * This routine returns a tty driver structure, given a device number 313 * and also passes back the index number. 314 * 315 * Locking: caller must hold tty_mutex 316 */ 317 318 static struct tty_driver *get_tty_driver(dev_t device, int *index) 319 { 320 struct tty_driver *p; 321 322 list_for_each_entry(p, &tty_drivers, tty_drivers) { 323 dev_t base = MKDEV(p->major, p->minor_start); 324 if (device < base || device >= base + p->num) 325 continue; 326 *index = device - base; 327 return tty_driver_kref_get(p); 328 } 329 return NULL; 330 } 331 332 /** 333 * tty_dev_name_to_number - return dev_t for device name 334 * @name: user space name of device under /dev 335 * @number: pointer to dev_t that this function will populate 336 * 337 * This function converts device names like ttyS0 or ttyUSB1 into dev_t 338 * like (4, 64) or (188, 1). If no corresponding driver is registered then 339 * the function returns -ENODEV. 340 * 341 * Locking: this acquires tty_mutex to protect the tty_drivers list from 342 * being modified while we are traversing it, and makes sure to 343 * release it before exiting. 344 */ 345 int tty_dev_name_to_number(const char *name, dev_t *number) 346 { 347 struct tty_driver *p; 348 int ret; 349 int index, prefix_length = 0; 350 const char *str; 351 352 for (str = name; *str && !isdigit(*str); str++) 353 ; 354 355 if (!*str) 356 return -EINVAL; 357 358 ret = kstrtoint(str, 10, &index); 359 if (ret) 360 return ret; 361 362 prefix_length = str - name; 363 mutex_lock(&tty_mutex); 364 365 list_for_each_entry(p, &tty_drivers, tty_drivers) 366 if (prefix_length == strlen(p->name) && strncmp(name, 367 p->name, prefix_length) == 0) { 368 if (index < p->num) { 369 *number = MKDEV(p->major, p->minor_start + index); 370 goto out; 371 } 372 } 373 374 /* if here then driver wasn't found */ 375 ret = -ENODEV; 376 out: 377 mutex_unlock(&tty_mutex); 378 return ret; 379 } 380 EXPORT_SYMBOL_GPL(tty_dev_name_to_number); 381 382 #ifdef CONFIG_CONSOLE_POLL 383 384 /** 385 * tty_find_polling_driver - find device of a polled tty 386 * @name: name string to match 387 * @line: pointer to resulting tty line nr 388 * 389 * This routine returns a tty driver structure, given a name 390 * and the condition that the tty driver is capable of polled 391 * operation. 392 */ 393 struct tty_driver *tty_find_polling_driver(char *name, int *line) 394 { 395 struct tty_driver *p, *res = NULL; 396 int tty_line = 0; 397 int len; 398 char *str, *stp; 399 400 for (str = name; *str; str++) 401 if ((*str >= '0' && *str <= '9') || *str == ',') 402 break; 403 if (!*str) 404 return NULL; 405 406 len = str - name; 407 tty_line = simple_strtoul(str, &str, 10); 408 409 mutex_lock(&tty_mutex); 410 /* Search through the tty devices to look for a match */ 411 list_for_each_entry(p, &tty_drivers, tty_drivers) { 412 if (!len || strncmp(name, p->name, len) != 0) 413 continue; 414 stp = str; 415 if (*stp == ',') 416 stp++; 417 if (*stp == '\0') 418 stp = NULL; 419 420 if (tty_line >= 0 && tty_line < p->num && p->ops && 421 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 422 res = tty_driver_kref_get(p); 423 *line = tty_line; 424 break; 425 } 426 } 427 mutex_unlock(&tty_mutex); 428 429 return res; 430 } 431 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 432 #endif 433 434 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 435 size_t count, loff_t *ppos) 436 { 437 return 0; 438 } 439 440 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 441 size_t count, loff_t *ppos) 442 { 443 return -EIO; 444 } 445 446 /* No kernel lock held - none needed ;) */ 447 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait) 448 { 449 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM; 450 } 451 452 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 453 unsigned long arg) 454 { 455 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 456 } 457 458 static long hung_up_tty_compat_ioctl(struct file *file, 459 unsigned int cmd, unsigned long arg) 460 { 461 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 462 } 463 464 static int hung_up_tty_fasync(int fd, struct file *file, int on) 465 { 466 return -ENOTTY; 467 } 468 469 static void tty_show_fdinfo(struct seq_file *m, struct file *file) 470 { 471 struct tty_struct *tty = file_tty(file); 472 473 if (tty && tty->ops && tty->ops->show_fdinfo) 474 tty->ops->show_fdinfo(tty, m); 475 } 476 477 static const struct file_operations tty_fops = { 478 .llseek = no_llseek, 479 .read = tty_read, 480 .write = tty_write, 481 .poll = tty_poll, 482 .unlocked_ioctl = tty_ioctl, 483 .compat_ioctl = tty_compat_ioctl, 484 .open = tty_open, 485 .release = tty_release, 486 .fasync = tty_fasync, 487 .show_fdinfo = tty_show_fdinfo, 488 }; 489 490 static const struct file_operations console_fops = { 491 .llseek = no_llseek, 492 .read = tty_read, 493 .write = redirected_tty_write, 494 .poll = tty_poll, 495 .unlocked_ioctl = tty_ioctl, 496 .compat_ioctl = tty_compat_ioctl, 497 .open = tty_open, 498 .release = tty_release, 499 .fasync = tty_fasync, 500 }; 501 502 static const struct file_operations hung_up_tty_fops = { 503 .llseek = no_llseek, 504 .read = hung_up_tty_read, 505 .write = hung_up_tty_write, 506 .poll = hung_up_tty_poll, 507 .unlocked_ioctl = hung_up_tty_ioctl, 508 .compat_ioctl = hung_up_tty_compat_ioctl, 509 .release = tty_release, 510 .fasync = hung_up_tty_fasync, 511 }; 512 513 static DEFINE_SPINLOCK(redirect_lock); 514 static struct file *redirect; 515 516 /** 517 * tty_wakeup - request more data 518 * @tty: terminal 519 * 520 * Internal and external helper for wakeups of tty. This function 521 * informs the line discipline if present that the driver is ready 522 * to receive more output data. 523 */ 524 525 void tty_wakeup(struct tty_struct *tty) 526 { 527 struct tty_ldisc *ld; 528 529 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 530 ld = tty_ldisc_ref(tty); 531 if (ld) { 532 if (ld->ops->write_wakeup) 533 ld->ops->write_wakeup(tty); 534 tty_ldisc_deref(ld); 535 } 536 } 537 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 538 } 539 540 EXPORT_SYMBOL_GPL(tty_wakeup); 541 542 /** 543 * __tty_hangup - actual handler for hangup events 544 * @work: tty device 545 * 546 * This can be called by a "kworker" kernel thread. That is process 547 * synchronous but doesn't hold any locks, so we need to make sure we 548 * have the appropriate locks for what we're doing. 549 * 550 * The hangup event clears any pending redirections onto the hung up 551 * device. It ensures future writes will error and it does the needed 552 * line discipline hangup and signal delivery. The tty object itself 553 * remains intact. 554 * 555 * Locking: 556 * BTM 557 * redirect lock for undoing redirection 558 * file list lock for manipulating list of ttys 559 * tty_ldiscs_lock from called functions 560 * termios_rwsem resetting termios data 561 * tasklist_lock to walk task list for hangup event 562 * ->siglock to protect ->signal/->sighand 563 */ 564 static void __tty_hangup(struct tty_struct *tty, int exit_session) 565 { 566 struct file *cons_filp = NULL; 567 struct file *filp, *f = NULL; 568 struct tty_file_private *priv; 569 int closecount = 0, n; 570 int refs; 571 572 if (!tty) 573 return; 574 575 576 spin_lock(&redirect_lock); 577 if (redirect && file_tty(redirect) == tty) { 578 f = redirect; 579 redirect = NULL; 580 } 581 spin_unlock(&redirect_lock); 582 583 tty_lock(tty); 584 585 if (test_bit(TTY_HUPPED, &tty->flags)) { 586 tty_unlock(tty); 587 return; 588 } 589 590 /* 591 * Some console devices aren't actually hung up for technical and 592 * historical reasons, which can lead to indefinite interruptible 593 * sleep in n_tty_read(). The following explicitly tells 594 * n_tty_read() to abort readers. 595 */ 596 set_bit(TTY_HUPPING, &tty->flags); 597 598 /* inuse_filps is protected by the single tty lock, 599 this really needs to change if we want to flush the 600 workqueue with the lock held */ 601 check_tty_count(tty, "tty_hangup"); 602 603 spin_lock(&tty->files_lock); 604 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 605 list_for_each_entry(priv, &tty->tty_files, list) { 606 filp = priv->file; 607 if (filp->f_op->write == redirected_tty_write) 608 cons_filp = filp; 609 if (filp->f_op->write != tty_write) 610 continue; 611 closecount++; 612 __tty_fasync(-1, filp, 0); /* can't block */ 613 filp->f_op = &hung_up_tty_fops; 614 } 615 spin_unlock(&tty->files_lock); 616 617 refs = tty_signal_session_leader(tty, exit_session); 618 /* Account for the p->signal references we killed */ 619 while (refs--) 620 tty_kref_put(tty); 621 622 tty_ldisc_hangup(tty, cons_filp != NULL); 623 624 spin_lock_irq(&tty->ctrl_lock); 625 clear_bit(TTY_THROTTLED, &tty->flags); 626 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 627 put_pid(tty->session); 628 put_pid(tty->pgrp); 629 tty->session = NULL; 630 tty->pgrp = NULL; 631 tty->ctrl_status = 0; 632 spin_unlock_irq(&tty->ctrl_lock); 633 634 /* 635 * If one of the devices matches a console pointer, we 636 * cannot just call hangup() because that will cause 637 * tty->count and state->count to go out of sync. 638 * So we just call close() the right number of times. 639 */ 640 if (cons_filp) { 641 if (tty->ops->close) 642 for (n = 0; n < closecount; n++) 643 tty->ops->close(tty, cons_filp); 644 } else if (tty->ops->hangup) 645 tty->ops->hangup(tty); 646 /* 647 * We don't want to have driver/ldisc interactions beyond the ones 648 * we did here. The driver layer expects no calls after ->hangup() 649 * from the ldisc side, which is now guaranteed. 650 */ 651 set_bit(TTY_HUPPED, &tty->flags); 652 clear_bit(TTY_HUPPING, &tty->flags); 653 tty_unlock(tty); 654 655 if (f) 656 fput(f); 657 } 658 659 static void do_tty_hangup(struct work_struct *work) 660 { 661 struct tty_struct *tty = 662 container_of(work, struct tty_struct, hangup_work); 663 664 __tty_hangup(tty, 0); 665 } 666 667 /** 668 * tty_hangup - trigger a hangup event 669 * @tty: tty to hangup 670 * 671 * A carrier loss (virtual or otherwise) has occurred on this like 672 * schedule a hangup sequence to run after this event. 673 */ 674 675 void tty_hangup(struct tty_struct *tty) 676 { 677 tty_debug_hangup(tty, "hangup\n"); 678 schedule_work(&tty->hangup_work); 679 } 680 681 EXPORT_SYMBOL(tty_hangup); 682 683 /** 684 * tty_vhangup - process vhangup 685 * @tty: tty to hangup 686 * 687 * The user has asked via system call for the terminal to be hung up. 688 * We do this synchronously so that when the syscall returns the process 689 * is complete. That guarantee is necessary for security reasons. 690 */ 691 692 void tty_vhangup(struct tty_struct *tty) 693 { 694 tty_debug_hangup(tty, "vhangup\n"); 695 __tty_hangup(tty, 0); 696 } 697 698 EXPORT_SYMBOL(tty_vhangup); 699 700 701 /** 702 * tty_vhangup_self - process vhangup for own ctty 703 * 704 * Perform a vhangup on the current controlling tty 705 */ 706 707 void tty_vhangup_self(void) 708 { 709 struct tty_struct *tty; 710 711 tty = get_current_tty(); 712 if (tty) { 713 tty_vhangup(tty); 714 tty_kref_put(tty); 715 } 716 } 717 718 /** 719 * tty_vhangup_session - hangup session leader exit 720 * @tty: tty to hangup 721 * 722 * The session leader is exiting and hanging up its controlling terminal. 723 * Every process in the foreground process group is signalled SIGHUP. 724 * 725 * We do this synchronously so that when the syscall returns the process 726 * is complete. That guarantee is necessary for security reasons. 727 */ 728 729 void tty_vhangup_session(struct tty_struct *tty) 730 { 731 tty_debug_hangup(tty, "session hangup\n"); 732 __tty_hangup(tty, 1); 733 } 734 735 /** 736 * tty_hung_up_p - was tty hung up 737 * @filp: file pointer of tty 738 * 739 * Return true if the tty has been subject to a vhangup or a carrier 740 * loss 741 */ 742 743 int tty_hung_up_p(struct file *filp) 744 { 745 return (filp && filp->f_op == &hung_up_tty_fops); 746 } 747 748 EXPORT_SYMBOL(tty_hung_up_p); 749 750 /** 751 * stop_tty - propagate flow control 752 * @tty: tty to stop 753 * 754 * Perform flow control to the driver. May be called 755 * on an already stopped device and will not re-call the driver 756 * method. 757 * 758 * This functionality is used by both the line disciplines for 759 * halting incoming flow and by the driver. It may therefore be 760 * called from any context, may be under the tty atomic_write_lock 761 * but not always. 762 * 763 * Locking: 764 * flow_lock 765 */ 766 767 void __stop_tty(struct tty_struct *tty) 768 { 769 if (tty->stopped) 770 return; 771 tty->stopped = 1; 772 if (tty->ops->stop) 773 tty->ops->stop(tty); 774 } 775 776 void stop_tty(struct tty_struct *tty) 777 { 778 unsigned long flags; 779 780 spin_lock_irqsave(&tty->flow_lock, flags); 781 __stop_tty(tty); 782 spin_unlock_irqrestore(&tty->flow_lock, flags); 783 } 784 EXPORT_SYMBOL(stop_tty); 785 786 /** 787 * start_tty - propagate flow control 788 * @tty: tty to start 789 * 790 * Start a tty that has been stopped if at all possible. If this 791 * tty was previous stopped and is now being started, the driver 792 * start method is invoked and the line discipline woken. 793 * 794 * Locking: 795 * flow_lock 796 */ 797 798 void __start_tty(struct tty_struct *tty) 799 { 800 if (!tty->stopped || tty->flow_stopped) 801 return; 802 tty->stopped = 0; 803 if (tty->ops->start) 804 tty->ops->start(tty); 805 tty_wakeup(tty); 806 } 807 808 void start_tty(struct tty_struct *tty) 809 { 810 unsigned long flags; 811 812 spin_lock_irqsave(&tty->flow_lock, flags); 813 __start_tty(tty); 814 spin_unlock_irqrestore(&tty->flow_lock, flags); 815 } 816 EXPORT_SYMBOL(start_tty); 817 818 static void tty_update_time(struct timespec64 *time) 819 { 820 time64_t sec = ktime_get_real_seconds(); 821 822 /* 823 * We only care if the two values differ in anything other than the 824 * lower three bits (i.e every 8 seconds). If so, then we can update 825 * the time of the tty device, otherwise it could be construded as a 826 * security leak to let userspace know the exact timing of the tty. 827 */ 828 if ((sec ^ time->tv_sec) & ~7) 829 time->tv_sec = sec; 830 } 831 832 /** 833 * tty_read - read method for tty device files 834 * @file: pointer to tty file 835 * @buf: user buffer 836 * @count: size of user buffer 837 * @ppos: unused 838 * 839 * Perform the read system call function on this terminal device. Checks 840 * for hung up devices before calling the line discipline method. 841 * 842 * Locking: 843 * Locks the line discipline internally while needed. Multiple 844 * read calls may be outstanding in parallel. 845 */ 846 847 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 848 loff_t *ppos) 849 { 850 int i; 851 struct inode *inode = file_inode(file); 852 struct tty_struct *tty = file_tty(file); 853 struct tty_ldisc *ld; 854 855 if (tty_paranoia_check(tty, inode, "tty_read")) 856 return -EIO; 857 if (!tty || tty_io_error(tty)) 858 return -EIO; 859 860 /* We want to wait for the line discipline to sort out in this 861 situation */ 862 ld = tty_ldisc_ref_wait(tty); 863 if (!ld) 864 return hung_up_tty_read(file, buf, count, ppos); 865 if (ld->ops->read) 866 i = ld->ops->read(tty, file, buf, count); 867 else 868 i = -EIO; 869 tty_ldisc_deref(ld); 870 871 if (i > 0) 872 tty_update_time(&inode->i_atime); 873 874 return i; 875 } 876 877 static void tty_write_unlock(struct tty_struct *tty) 878 { 879 mutex_unlock(&tty->atomic_write_lock); 880 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 881 } 882 883 static int tty_write_lock(struct tty_struct *tty, int ndelay) 884 { 885 if (!mutex_trylock(&tty->atomic_write_lock)) { 886 if (ndelay) 887 return -EAGAIN; 888 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 889 return -ERESTARTSYS; 890 } 891 return 0; 892 } 893 894 /* 895 * Split writes up in sane blocksizes to avoid 896 * denial-of-service type attacks 897 */ 898 static inline ssize_t do_tty_write( 899 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 900 struct tty_struct *tty, 901 struct file *file, 902 const char __user *buf, 903 size_t count) 904 { 905 ssize_t ret, written = 0; 906 unsigned int chunk; 907 908 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 909 if (ret < 0) 910 return ret; 911 912 /* 913 * We chunk up writes into a temporary buffer. This 914 * simplifies low-level drivers immensely, since they 915 * don't have locking issues and user mode accesses. 916 * 917 * But if TTY_NO_WRITE_SPLIT is set, we should use a 918 * big chunk-size.. 919 * 920 * The default chunk-size is 2kB, because the NTTY 921 * layer has problems with bigger chunks. It will 922 * claim to be able to handle more characters than 923 * it actually does. 924 * 925 * FIXME: This can probably go away now except that 64K chunks 926 * are too likely to fail unless switched to vmalloc... 927 */ 928 chunk = 2048; 929 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 930 chunk = 65536; 931 if (count < chunk) 932 chunk = count; 933 934 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 935 if (tty->write_cnt < chunk) { 936 unsigned char *buf_chunk; 937 938 if (chunk < 1024) 939 chunk = 1024; 940 941 buf_chunk = kmalloc(chunk, GFP_KERNEL); 942 if (!buf_chunk) { 943 ret = -ENOMEM; 944 goto out; 945 } 946 kfree(tty->write_buf); 947 tty->write_cnt = chunk; 948 tty->write_buf = buf_chunk; 949 } 950 951 /* Do the write .. */ 952 for (;;) { 953 size_t size = count; 954 if (size > chunk) 955 size = chunk; 956 ret = -EFAULT; 957 if (copy_from_user(tty->write_buf, buf, size)) 958 break; 959 ret = write(tty, file, tty->write_buf, size); 960 if (ret <= 0) 961 break; 962 written += ret; 963 buf += ret; 964 count -= ret; 965 if (!count) 966 break; 967 ret = -ERESTARTSYS; 968 if (signal_pending(current)) 969 break; 970 cond_resched(); 971 } 972 if (written) { 973 tty_update_time(&file_inode(file)->i_mtime); 974 ret = written; 975 } 976 out: 977 tty_write_unlock(tty); 978 return ret; 979 } 980 981 /** 982 * tty_write_message - write a message to a certain tty, not just the console. 983 * @tty: the destination tty_struct 984 * @msg: the message to write 985 * 986 * This is used for messages that need to be redirected to a specific tty. 987 * We don't put it into the syslog queue right now maybe in the future if 988 * really needed. 989 * 990 * We must still hold the BTM and test the CLOSING flag for the moment. 991 */ 992 993 void tty_write_message(struct tty_struct *tty, char *msg) 994 { 995 if (tty) { 996 mutex_lock(&tty->atomic_write_lock); 997 tty_lock(tty); 998 if (tty->ops->write && tty->count > 0) 999 tty->ops->write(tty, msg, strlen(msg)); 1000 tty_unlock(tty); 1001 tty_write_unlock(tty); 1002 } 1003 return; 1004 } 1005 1006 1007 /** 1008 * tty_write - write method for tty device file 1009 * @file: tty file pointer 1010 * @buf: user data to write 1011 * @count: bytes to write 1012 * @ppos: unused 1013 * 1014 * Write data to a tty device via the line discipline. 1015 * 1016 * Locking: 1017 * Locks the line discipline as required 1018 * Writes to the tty driver are serialized by the atomic_write_lock 1019 * and are then processed in chunks to the device. The line discipline 1020 * write method will not be invoked in parallel for each device. 1021 */ 1022 1023 static ssize_t tty_write(struct file *file, const char __user *buf, 1024 size_t count, loff_t *ppos) 1025 { 1026 struct tty_struct *tty = file_tty(file); 1027 struct tty_ldisc *ld; 1028 ssize_t ret; 1029 1030 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1031 return -EIO; 1032 if (!tty || !tty->ops->write || tty_io_error(tty)) 1033 return -EIO; 1034 /* Short term debug to catch buggy drivers */ 1035 if (tty->ops->write_room == NULL) 1036 tty_err(tty, "missing write_room method\n"); 1037 ld = tty_ldisc_ref_wait(tty); 1038 if (!ld) 1039 return hung_up_tty_write(file, buf, count, ppos); 1040 if (!ld->ops->write) 1041 ret = -EIO; 1042 else 1043 ret = do_tty_write(ld->ops->write, tty, file, buf, count); 1044 tty_ldisc_deref(ld); 1045 return ret; 1046 } 1047 1048 ssize_t redirected_tty_write(struct file *file, const char __user *buf, 1049 size_t count, loff_t *ppos) 1050 { 1051 struct file *p = NULL; 1052 1053 spin_lock(&redirect_lock); 1054 if (redirect) 1055 p = get_file(redirect); 1056 spin_unlock(&redirect_lock); 1057 1058 if (p) { 1059 ssize_t res; 1060 res = vfs_write(p, buf, count, &p->f_pos); 1061 fput(p); 1062 return res; 1063 } 1064 return tty_write(file, buf, count, ppos); 1065 } 1066 1067 /** 1068 * tty_send_xchar - send priority character 1069 * 1070 * Send a high priority character to the tty even if stopped 1071 * 1072 * Locking: none for xchar method, write ordering for write method. 1073 */ 1074 1075 int tty_send_xchar(struct tty_struct *tty, char ch) 1076 { 1077 int was_stopped = tty->stopped; 1078 1079 if (tty->ops->send_xchar) { 1080 down_read(&tty->termios_rwsem); 1081 tty->ops->send_xchar(tty, ch); 1082 up_read(&tty->termios_rwsem); 1083 return 0; 1084 } 1085 1086 if (tty_write_lock(tty, 0) < 0) 1087 return -ERESTARTSYS; 1088 1089 down_read(&tty->termios_rwsem); 1090 if (was_stopped) 1091 start_tty(tty); 1092 tty->ops->write(tty, &ch, 1); 1093 if (was_stopped) 1094 stop_tty(tty); 1095 up_read(&tty->termios_rwsem); 1096 tty_write_unlock(tty); 1097 return 0; 1098 } 1099 1100 static char ptychar[] = "pqrstuvwxyzabcde"; 1101 1102 /** 1103 * pty_line_name - generate name for a pty 1104 * @driver: the tty driver in use 1105 * @index: the minor number 1106 * @p: output buffer of at least 6 bytes 1107 * 1108 * Generate a name from a driver reference and write it to the output 1109 * buffer. 1110 * 1111 * Locking: None 1112 */ 1113 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1114 { 1115 int i = index + driver->name_base; 1116 /* ->name is initialized to "ttyp", but "tty" is expected */ 1117 sprintf(p, "%s%c%x", 1118 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1119 ptychar[i >> 4 & 0xf], i & 0xf); 1120 } 1121 1122 /** 1123 * tty_line_name - generate name for a tty 1124 * @driver: the tty driver in use 1125 * @index: the minor number 1126 * @p: output buffer of at least 7 bytes 1127 * 1128 * Generate a name from a driver reference and write it to the output 1129 * buffer. 1130 * 1131 * Locking: None 1132 */ 1133 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1134 { 1135 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1136 return sprintf(p, "%s", driver->name); 1137 else 1138 return sprintf(p, "%s%d", driver->name, 1139 index + driver->name_base); 1140 } 1141 1142 /** 1143 * tty_driver_lookup_tty() - find an existing tty, if any 1144 * @driver: the driver for the tty 1145 * @idx: the minor number 1146 * 1147 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the 1148 * driver lookup() method returns an error. 1149 * 1150 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1151 */ 1152 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1153 struct file *file, int idx) 1154 { 1155 struct tty_struct *tty; 1156 1157 if (driver->ops->lookup) 1158 if (!file) 1159 tty = ERR_PTR(-EIO); 1160 else 1161 tty = driver->ops->lookup(driver, file, idx); 1162 else 1163 tty = driver->ttys[idx]; 1164 1165 if (!IS_ERR(tty)) 1166 tty_kref_get(tty); 1167 return tty; 1168 } 1169 1170 /** 1171 * tty_init_termios - helper for termios setup 1172 * @tty: the tty to set up 1173 * 1174 * Initialise the termios structures for this tty. Thus runs under 1175 * the tty_mutex currently so we can be relaxed about ordering. 1176 */ 1177 1178 void tty_init_termios(struct tty_struct *tty) 1179 { 1180 struct ktermios *tp; 1181 int idx = tty->index; 1182 1183 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1184 tty->termios = tty->driver->init_termios; 1185 else { 1186 /* Check for lazy saved data */ 1187 tp = tty->driver->termios[idx]; 1188 if (tp != NULL) { 1189 tty->termios = *tp; 1190 tty->termios.c_line = tty->driver->init_termios.c_line; 1191 } else 1192 tty->termios = tty->driver->init_termios; 1193 } 1194 /* Compatibility until drivers always set this */ 1195 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1196 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1197 } 1198 EXPORT_SYMBOL_GPL(tty_init_termios); 1199 1200 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1201 { 1202 tty_init_termios(tty); 1203 tty_driver_kref_get(driver); 1204 tty->count++; 1205 driver->ttys[tty->index] = tty; 1206 return 0; 1207 } 1208 EXPORT_SYMBOL_GPL(tty_standard_install); 1209 1210 /** 1211 * tty_driver_install_tty() - install a tty entry in the driver 1212 * @driver: the driver for the tty 1213 * @tty: the tty 1214 * 1215 * Install a tty object into the driver tables. The tty->index field 1216 * will be set by the time this is called. This method is responsible 1217 * for ensuring any need additional structures are allocated and 1218 * configured. 1219 * 1220 * Locking: tty_mutex for now 1221 */ 1222 static int tty_driver_install_tty(struct tty_driver *driver, 1223 struct tty_struct *tty) 1224 { 1225 return driver->ops->install ? driver->ops->install(driver, tty) : 1226 tty_standard_install(driver, tty); 1227 } 1228 1229 /** 1230 * tty_driver_remove_tty() - remove a tty from the driver tables 1231 * @driver: the driver for the tty 1232 * @idx: the minor number 1233 * 1234 * Remvoe a tty object from the driver tables. The tty->index field 1235 * will be set by the time this is called. 1236 * 1237 * Locking: tty_mutex for now 1238 */ 1239 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1240 { 1241 if (driver->ops->remove) 1242 driver->ops->remove(driver, tty); 1243 else 1244 driver->ttys[tty->index] = NULL; 1245 } 1246 1247 /* 1248 * tty_reopen() - fast re-open of an open tty 1249 * @tty - the tty to open 1250 * 1251 * Return 0 on success, -errno on error. 1252 * Re-opens on master ptys are not allowed and return -EIO. 1253 * 1254 * Locking: Caller must hold tty_lock 1255 */ 1256 static int tty_reopen(struct tty_struct *tty) 1257 { 1258 struct tty_driver *driver = tty->driver; 1259 int retval; 1260 1261 if (driver->type == TTY_DRIVER_TYPE_PTY && 1262 driver->subtype == PTY_TYPE_MASTER) 1263 return -EIO; 1264 1265 if (!tty->count) 1266 return -EAGAIN; 1267 1268 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1269 return -EBUSY; 1270 1271 retval = tty_ldisc_lock(tty, 5 * HZ); 1272 if (retval) 1273 return retval; 1274 1275 if (!tty->ldisc) 1276 retval = tty_ldisc_reinit(tty, tty->termios.c_line); 1277 tty_ldisc_unlock(tty); 1278 1279 if (retval == 0) 1280 tty->count++; 1281 1282 return retval; 1283 } 1284 1285 /** 1286 * tty_init_dev - initialise a tty device 1287 * @driver: tty driver we are opening a device on 1288 * @idx: device index 1289 * @ret_tty: returned tty structure 1290 * 1291 * Prepare a tty device. This may not be a "new" clean device but 1292 * could also be an active device. The pty drivers require special 1293 * handling because of this. 1294 * 1295 * Locking: 1296 * The function is called under the tty_mutex, which 1297 * protects us from the tty struct or driver itself going away. 1298 * 1299 * On exit the tty device has the line discipline attached and 1300 * a reference count of 1. If a pair was created for pty/tty use 1301 * and the other was a pty master then it too has a reference count of 1. 1302 * 1303 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1304 * failed open. The new code protects the open with a mutex, so it's 1305 * really quite straightforward. The mutex locking can probably be 1306 * relaxed for the (most common) case of reopening a tty. 1307 */ 1308 1309 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1310 { 1311 struct tty_struct *tty; 1312 int retval; 1313 1314 /* 1315 * First time open is complex, especially for PTY devices. 1316 * This code guarantees that either everything succeeds and the 1317 * TTY is ready for operation, or else the table slots are vacated 1318 * and the allocated memory released. (Except that the termios 1319 * may be retained.) 1320 */ 1321 1322 if (!try_module_get(driver->owner)) 1323 return ERR_PTR(-ENODEV); 1324 1325 tty = alloc_tty_struct(driver, idx); 1326 if (!tty) { 1327 retval = -ENOMEM; 1328 goto err_module_put; 1329 } 1330 1331 tty_lock(tty); 1332 retval = tty_driver_install_tty(driver, tty); 1333 if (retval < 0) 1334 goto err_free_tty; 1335 1336 if (!tty->port) 1337 tty->port = driver->ports[idx]; 1338 1339 WARN_RATELIMIT(!tty->port, 1340 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", 1341 __func__, tty->driver->name); 1342 1343 retval = tty_ldisc_lock(tty, 5 * HZ); 1344 if (retval) 1345 goto err_release_lock; 1346 tty->port->itty = tty; 1347 1348 /* 1349 * Structures all installed ... call the ldisc open routines. 1350 * If we fail here just call release_tty to clean up. No need 1351 * to decrement the use counts, as release_tty doesn't care. 1352 */ 1353 retval = tty_ldisc_setup(tty, tty->link); 1354 if (retval) 1355 goto err_release_tty; 1356 tty_ldisc_unlock(tty); 1357 /* Return the tty locked so that it cannot vanish under the caller */ 1358 return tty; 1359 1360 err_free_tty: 1361 tty_unlock(tty); 1362 free_tty_struct(tty); 1363 err_module_put: 1364 module_put(driver->owner); 1365 return ERR_PTR(retval); 1366 1367 /* call the tty release_tty routine to clean out this slot */ 1368 err_release_tty: 1369 tty_ldisc_unlock(tty); 1370 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", 1371 retval, idx); 1372 err_release_lock: 1373 tty_unlock(tty); 1374 release_tty(tty, idx); 1375 return ERR_PTR(retval); 1376 } 1377 1378 /** 1379 * tty_save_termios() - save tty termios data in driver table 1380 * @tty: tty whose termios data to save 1381 * 1382 * Locking: Caller guarantees serialisation with tty_init_termios(). 1383 */ 1384 void tty_save_termios(struct tty_struct *tty) 1385 { 1386 struct ktermios *tp; 1387 int idx = tty->index; 1388 1389 /* If the port is going to reset then it has no termios to save */ 1390 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1391 return; 1392 1393 /* Stash the termios data */ 1394 tp = tty->driver->termios[idx]; 1395 if (tp == NULL) { 1396 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL); 1397 if (tp == NULL) 1398 return; 1399 tty->driver->termios[idx] = tp; 1400 } 1401 *tp = tty->termios; 1402 } 1403 EXPORT_SYMBOL_GPL(tty_save_termios); 1404 1405 /** 1406 * tty_flush_works - flush all works of a tty/pty pair 1407 * @tty: tty device to flush works for (or either end of a pty pair) 1408 * 1409 * Sync flush all works belonging to @tty (and the 'other' tty). 1410 */ 1411 static void tty_flush_works(struct tty_struct *tty) 1412 { 1413 flush_work(&tty->SAK_work); 1414 flush_work(&tty->hangup_work); 1415 if (tty->link) { 1416 flush_work(&tty->link->SAK_work); 1417 flush_work(&tty->link->hangup_work); 1418 } 1419 } 1420 1421 /** 1422 * release_one_tty - release tty structure memory 1423 * @kref: kref of tty we are obliterating 1424 * 1425 * Releases memory associated with a tty structure, and clears out the 1426 * driver table slots. This function is called when a device is no longer 1427 * in use. It also gets called when setup of a device fails. 1428 * 1429 * Locking: 1430 * takes the file list lock internally when working on the list 1431 * of ttys that the driver keeps. 1432 * 1433 * This method gets called from a work queue so that the driver private 1434 * cleanup ops can sleep (needed for USB at least) 1435 */ 1436 static void release_one_tty(struct work_struct *work) 1437 { 1438 struct tty_struct *tty = 1439 container_of(work, struct tty_struct, hangup_work); 1440 struct tty_driver *driver = tty->driver; 1441 struct module *owner = driver->owner; 1442 1443 if (tty->ops->cleanup) 1444 tty->ops->cleanup(tty); 1445 1446 tty->magic = 0; 1447 tty_driver_kref_put(driver); 1448 module_put(owner); 1449 1450 spin_lock(&tty->files_lock); 1451 list_del_init(&tty->tty_files); 1452 spin_unlock(&tty->files_lock); 1453 1454 put_pid(tty->pgrp); 1455 put_pid(tty->session); 1456 free_tty_struct(tty); 1457 } 1458 1459 static void queue_release_one_tty(struct kref *kref) 1460 { 1461 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1462 1463 /* The hangup queue is now free so we can reuse it rather than 1464 waste a chunk of memory for each port */ 1465 INIT_WORK(&tty->hangup_work, release_one_tty); 1466 schedule_work(&tty->hangup_work); 1467 } 1468 1469 /** 1470 * tty_kref_put - release a tty kref 1471 * @tty: tty device 1472 * 1473 * Release a reference to a tty device and if need be let the kref 1474 * layer destruct the object for us 1475 */ 1476 1477 void tty_kref_put(struct tty_struct *tty) 1478 { 1479 if (tty) 1480 kref_put(&tty->kref, queue_release_one_tty); 1481 } 1482 EXPORT_SYMBOL(tty_kref_put); 1483 1484 /** 1485 * release_tty - release tty structure memory 1486 * 1487 * Release both @tty and a possible linked partner (think pty pair), 1488 * and decrement the refcount of the backing module. 1489 * 1490 * Locking: 1491 * tty_mutex 1492 * takes the file list lock internally when working on the list 1493 * of ttys that the driver keeps. 1494 * 1495 */ 1496 static void release_tty(struct tty_struct *tty, int idx) 1497 { 1498 /* This should always be true but check for the moment */ 1499 WARN_ON(tty->index != idx); 1500 WARN_ON(!mutex_is_locked(&tty_mutex)); 1501 if (tty->ops->shutdown) 1502 tty->ops->shutdown(tty); 1503 tty_save_termios(tty); 1504 tty_driver_remove_tty(tty->driver, tty); 1505 tty->port->itty = NULL; 1506 if (tty->link) 1507 tty->link->port->itty = NULL; 1508 tty_buffer_cancel_work(tty->port); 1509 if (tty->link) 1510 tty_buffer_cancel_work(tty->link->port); 1511 1512 tty_kref_put(tty->link); 1513 tty_kref_put(tty); 1514 } 1515 1516 /** 1517 * tty_release_checks - check a tty before real release 1518 * @tty: tty to check 1519 * @o_tty: link of @tty (if any) 1520 * @idx: index of the tty 1521 * 1522 * Performs some paranoid checking before true release of the @tty. 1523 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1524 */ 1525 static int tty_release_checks(struct tty_struct *tty, int idx) 1526 { 1527 #ifdef TTY_PARANOIA_CHECK 1528 if (idx < 0 || idx >= tty->driver->num) { 1529 tty_debug(tty, "bad idx %d\n", idx); 1530 return -1; 1531 } 1532 1533 /* not much to check for devpts */ 1534 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1535 return 0; 1536 1537 if (tty != tty->driver->ttys[idx]) { 1538 tty_debug(tty, "bad driver table[%d] = %p\n", 1539 idx, tty->driver->ttys[idx]); 1540 return -1; 1541 } 1542 if (tty->driver->other) { 1543 struct tty_struct *o_tty = tty->link; 1544 1545 if (o_tty != tty->driver->other->ttys[idx]) { 1546 tty_debug(tty, "bad other table[%d] = %p\n", 1547 idx, tty->driver->other->ttys[idx]); 1548 return -1; 1549 } 1550 if (o_tty->link != tty) { 1551 tty_debug(tty, "bad link = %p\n", o_tty->link); 1552 return -1; 1553 } 1554 } 1555 #endif 1556 return 0; 1557 } 1558 1559 /** 1560 * tty_kclose - closes tty opened by tty_kopen 1561 * @tty: tty device 1562 * 1563 * Performs the final steps to release and free a tty device. It is the 1564 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED 1565 * flag on tty->port. 1566 */ 1567 void tty_kclose(struct tty_struct *tty) 1568 { 1569 /* 1570 * Ask the line discipline code to release its structures 1571 */ 1572 tty_ldisc_release(tty); 1573 1574 /* Wait for pending work before tty destruction commmences */ 1575 tty_flush_works(tty); 1576 1577 tty_debug_hangup(tty, "freeing structure\n"); 1578 /* 1579 * The release_tty function takes care of the details of clearing 1580 * the slots and preserving the termios structure. The tty_unlock_pair 1581 * should be safe as we keep a kref while the tty is locked (so the 1582 * unlock never unlocks a freed tty). 1583 */ 1584 mutex_lock(&tty_mutex); 1585 tty_port_set_kopened(tty->port, 0); 1586 release_tty(tty, tty->index); 1587 mutex_unlock(&tty_mutex); 1588 } 1589 EXPORT_SYMBOL_GPL(tty_kclose); 1590 1591 /** 1592 * tty_release_struct - release a tty struct 1593 * @tty: tty device 1594 * @idx: index of the tty 1595 * 1596 * Performs the final steps to release and free a tty device. It is 1597 * roughly the reverse of tty_init_dev. 1598 */ 1599 void tty_release_struct(struct tty_struct *tty, int idx) 1600 { 1601 /* 1602 * Ask the line discipline code to release its structures 1603 */ 1604 tty_ldisc_release(tty); 1605 1606 /* Wait for pending work before tty destruction commmences */ 1607 tty_flush_works(tty); 1608 1609 tty_debug_hangup(tty, "freeing structure\n"); 1610 /* 1611 * The release_tty function takes care of the details of clearing 1612 * the slots and preserving the termios structure. The tty_unlock_pair 1613 * should be safe as we keep a kref while the tty is locked (so the 1614 * unlock never unlocks a freed tty). 1615 */ 1616 mutex_lock(&tty_mutex); 1617 release_tty(tty, idx); 1618 mutex_unlock(&tty_mutex); 1619 } 1620 EXPORT_SYMBOL_GPL(tty_release_struct); 1621 1622 /** 1623 * tty_release - vfs callback for close 1624 * @inode: inode of tty 1625 * @filp: file pointer for handle to tty 1626 * 1627 * Called the last time each file handle is closed that references 1628 * this tty. There may however be several such references. 1629 * 1630 * Locking: 1631 * Takes bkl. See tty_release_dev 1632 * 1633 * Even releasing the tty structures is a tricky business.. We have 1634 * to be very careful that the structures are all released at the 1635 * same time, as interrupts might otherwise get the wrong pointers. 1636 * 1637 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1638 * lead to double frees or releasing memory still in use. 1639 */ 1640 1641 int tty_release(struct inode *inode, struct file *filp) 1642 { 1643 struct tty_struct *tty = file_tty(filp); 1644 struct tty_struct *o_tty = NULL; 1645 int do_sleep, final; 1646 int idx; 1647 long timeout = 0; 1648 int once = 1; 1649 1650 if (tty_paranoia_check(tty, inode, __func__)) 1651 return 0; 1652 1653 tty_lock(tty); 1654 check_tty_count(tty, __func__); 1655 1656 __tty_fasync(-1, filp, 0); 1657 1658 idx = tty->index; 1659 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1660 tty->driver->subtype == PTY_TYPE_MASTER) 1661 o_tty = tty->link; 1662 1663 if (tty_release_checks(tty, idx)) { 1664 tty_unlock(tty); 1665 return 0; 1666 } 1667 1668 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count); 1669 1670 if (tty->ops->close) 1671 tty->ops->close(tty, filp); 1672 1673 /* If tty is pty master, lock the slave pty (stable lock order) */ 1674 tty_lock_slave(o_tty); 1675 1676 /* 1677 * Sanity check: if tty->count is going to zero, there shouldn't be 1678 * any waiters on tty->read_wait or tty->write_wait. We test the 1679 * wait queues and kick everyone out _before_ actually starting to 1680 * close. This ensures that we won't block while releasing the tty 1681 * structure. 1682 * 1683 * The test for the o_tty closing is necessary, since the master and 1684 * slave sides may close in any order. If the slave side closes out 1685 * first, its count will be one, since the master side holds an open. 1686 * Thus this test wouldn't be triggered at the time the slave closed, 1687 * so we do it now. 1688 */ 1689 while (1) { 1690 do_sleep = 0; 1691 1692 if (tty->count <= 1) { 1693 if (waitqueue_active(&tty->read_wait)) { 1694 wake_up_poll(&tty->read_wait, EPOLLIN); 1695 do_sleep++; 1696 } 1697 if (waitqueue_active(&tty->write_wait)) { 1698 wake_up_poll(&tty->write_wait, EPOLLOUT); 1699 do_sleep++; 1700 } 1701 } 1702 if (o_tty && o_tty->count <= 1) { 1703 if (waitqueue_active(&o_tty->read_wait)) { 1704 wake_up_poll(&o_tty->read_wait, EPOLLIN); 1705 do_sleep++; 1706 } 1707 if (waitqueue_active(&o_tty->write_wait)) { 1708 wake_up_poll(&o_tty->write_wait, EPOLLOUT); 1709 do_sleep++; 1710 } 1711 } 1712 if (!do_sleep) 1713 break; 1714 1715 if (once) { 1716 once = 0; 1717 tty_warn(tty, "read/write wait queue active!\n"); 1718 } 1719 schedule_timeout_killable(timeout); 1720 if (timeout < 120 * HZ) 1721 timeout = 2 * timeout + 1; 1722 else 1723 timeout = MAX_SCHEDULE_TIMEOUT; 1724 } 1725 1726 if (o_tty) { 1727 if (--o_tty->count < 0) { 1728 tty_warn(tty, "bad slave count (%d)\n", o_tty->count); 1729 o_tty->count = 0; 1730 } 1731 } 1732 if (--tty->count < 0) { 1733 tty_warn(tty, "bad tty->count (%d)\n", tty->count); 1734 tty->count = 0; 1735 } 1736 1737 /* 1738 * We've decremented tty->count, so we need to remove this file 1739 * descriptor off the tty->tty_files list; this serves two 1740 * purposes: 1741 * - check_tty_count sees the correct number of file descriptors 1742 * associated with this tty. 1743 * - do_tty_hangup no longer sees this file descriptor as 1744 * something that needs to be handled for hangups. 1745 */ 1746 tty_del_file(filp); 1747 1748 /* 1749 * Perform some housekeeping before deciding whether to return. 1750 * 1751 * If _either_ side is closing, make sure there aren't any 1752 * processes that still think tty or o_tty is their controlling 1753 * tty. 1754 */ 1755 if (!tty->count) { 1756 read_lock(&tasklist_lock); 1757 session_clear_tty(tty->session); 1758 if (o_tty) 1759 session_clear_tty(o_tty->session); 1760 read_unlock(&tasklist_lock); 1761 } 1762 1763 /* check whether both sides are closing ... */ 1764 final = !tty->count && !(o_tty && o_tty->count); 1765 1766 tty_unlock_slave(o_tty); 1767 tty_unlock(tty); 1768 1769 /* At this point, the tty->count == 0 should ensure a dead tty 1770 cannot be re-opened by a racing opener */ 1771 1772 if (!final) 1773 return 0; 1774 1775 tty_debug_hangup(tty, "final close\n"); 1776 1777 tty_release_struct(tty, idx); 1778 return 0; 1779 } 1780 1781 /** 1782 * tty_open_current_tty - get locked tty of current task 1783 * @device: device number 1784 * @filp: file pointer to tty 1785 * @return: locked tty of the current task iff @device is /dev/tty 1786 * 1787 * Performs a re-open of the current task's controlling tty. 1788 * 1789 * We cannot return driver and index like for the other nodes because 1790 * devpts will not work then. It expects inodes to be from devpts FS. 1791 */ 1792 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1793 { 1794 struct tty_struct *tty; 1795 int retval; 1796 1797 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1798 return NULL; 1799 1800 tty = get_current_tty(); 1801 if (!tty) 1802 return ERR_PTR(-ENXIO); 1803 1804 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1805 /* noctty = 1; */ 1806 tty_lock(tty); 1807 tty_kref_put(tty); /* safe to drop the kref now */ 1808 1809 retval = tty_reopen(tty); 1810 if (retval < 0) { 1811 tty_unlock(tty); 1812 tty = ERR_PTR(retval); 1813 } 1814 return tty; 1815 } 1816 1817 /** 1818 * tty_lookup_driver - lookup a tty driver for a given device file 1819 * @device: device number 1820 * @filp: file pointer to tty 1821 * @index: index for the device in the @return driver 1822 * @return: driver for this inode (with increased refcount) 1823 * 1824 * If @return is not erroneous, the caller is responsible to decrement the 1825 * refcount by tty_driver_kref_put. 1826 * 1827 * Locking: tty_mutex protects get_tty_driver 1828 */ 1829 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1830 int *index) 1831 { 1832 struct tty_driver *driver; 1833 1834 switch (device) { 1835 #ifdef CONFIG_VT 1836 case MKDEV(TTY_MAJOR, 0): { 1837 extern struct tty_driver *console_driver; 1838 driver = tty_driver_kref_get(console_driver); 1839 *index = fg_console; 1840 break; 1841 } 1842 #endif 1843 case MKDEV(TTYAUX_MAJOR, 1): { 1844 struct tty_driver *console_driver = console_device(index); 1845 if (console_driver) { 1846 driver = tty_driver_kref_get(console_driver); 1847 if (driver && filp) { 1848 /* Don't let /dev/console block */ 1849 filp->f_flags |= O_NONBLOCK; 1850 break; 1851 } 1852 } 1853 return ERR_PTR(-ENODEV); 1854 } 1855 default: 1856 driver = get_tty_driver(device, index); 1857 if (!driver) 1858 return ERR_PTR(-ENODEV); 1859 break; 1860 } 1861 return driver; 1862 } 1863 1864 /** 1865 * tty_kopen - open a tty device for kernel 1866 * @device: dev_t of device to open 1867 * 1868 * Opens tty exclusively for kernel. Performs the driver lookup, 1869 * makes sure it's not already opened and performs the first-time 1870 * tty initialization. 1871 * 1872 * Returns the locked initialized &tty_struct 1873 * 1874 * Claims the global tty_mutex to serialize: 1875 * - concurrent first-time tty initialization 1876 * - concurrent tty driver removal w/ lookup 1877 * - concurrent tty removal from driver table 1878 */ 1879 struct tty_struct *tty_kopen(dev_t device) 1880 { 1881 struct tty_struct *tty; 1882 struct tty_driver *driver = NULL; 1883 int index = -1; 1884 1885 mutex_lock(&tty_mutex); 1886 driver = tty_lookup_driver(device, NULL, &index); 1887 if (IS_ERR(driver)) { 1888 mutex_unlock(&tty_mutex); 1889 return ERR_CAST(driver); 1890 } 1891 1892 /* check whether we're reopening an existing tty */ 1893 tty = tty_driver_lookup_tty(driver, NULL, index); 1894 if (IS_ERR(tty)) 1895 goto out; 1896 1897 if (tty) { 1898 /* drop kref from tty_driver_lookup_tty() */ 1899 tty_kref_put(tty); 1900 tty = ERR_PTR(-EBUSY); 1901 } else { /* tty_init_dev returns tty with the tty_lock held */ 1902 tty = tty_init_dev(driver, index); 1903 if (IS_ERR(tty)) 1904 goto out; 1905 tty_port_set_kopened(tty->port, 1); 1906 } 1907 out: 1908 mutex_unlock(&tty_mutex); 1909 tty_driver_kref_put(driver); 1910 return tty; 1911 } 1912 EXPORT_SYMBOL_GPL(tty_kopen); 1913 1914 /** 1915 * tty_open_by_driver - open a tty device 1916 * @device: dev_t of device to open 1917 * @inode: inode of device file 1918 * @filp: file pointer to tty 1919 * 1920 * Performs the driver lookup, checks for a reopen, or otherwise 1921 * performs the first-time tty initialization. 1922 * 1923 * Returns the locked initialized or re-opened &tty_struct 1924 * 1925 * Claims the global tty_mutex to serialize: 1926 * - concurrent first-time tty initialization 1927 * - concurrent tty driver removal w/ lookup 1928 * - concurrent tty removal from driver table 1929 */ 1930 static struct tty_struct *tty_open_by_driver(dev_t device, struct inode *inode, 1931 struct file *filp) 1932 { 1933 struct tty_struct *tty; 1934 struct tty_driver *driver = NULL; 1935 int index = -1; 1936 int retval; 1937 1938 mutex_lock(&tty_mutex); 1939 driver = tty_lookup_driver(device, filp, &index); 1940 if (IS_ERR(driver)) { 1941 mutex_unlock(&tty_mutex); 1942 return ERR_CAST(driver); 1943 } 1944 1945 /* check whether we're reopening an existing tty */ 1946 tty = tty_driver_lookup_tty(driver, filp, index); 1947 if (IS_ERR(tty)) { 1948 mutex_unlock(&tty_mutex); 1949 goto out; 1950 } 1951 1952 if (tty) { 1953 if (tty_port_kopened(tty->port)) { 1954 tty_kref_put(tty); 1955 mutex_unlock(&tty_mutex); 1956 tty = ERR_PTR(-EBUSY); 1957 goto out; 1958 } 1959 mutex_unlock(&tty_mutex); 1960 retval = tty_lock_interruptible(tty); 1961 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */ 1962 if (retval) { 1963 if (retval == -EINTR) 1964 retval = -ERESTARTSYS; 1965 tty = ERR_PTR(retval); 1966 goto out; 1967 } 1968 retval = tty_reopen(tty); 1969 if (retval < 0) { 1970 tty_unlock(tty); 1971 tty = ERR_PTR(retval); 1972 } 1973 } else { /* Returns with the tty_lock held for now */ 1974 tty = tty_init_dev(driver, index); 1975 mutex_unlock(&tty_mutex); 1976 } 1977 out: 1978 tty_driver_kref_put(driver); 1979 return tty; 1980 } 1981 1982 /** 1983 * tty_open - open a tty device 1984 * @inode: inode of device file 1985 * @filp: file pointer to tty 1986 * 1987 * tty_open and tty_release keep up the tty count that contains the 1988 * number of opens done on a tty. We cannot use the inode-count, as 1989 * different inodes might point to the same tty. 1990 * 1991 * Open-counting is needed for pty masters, as well as for keeping 1992 * track of serial lines: DTR is dropped when the last close happens. 1993 * (This is not done solely through tty->count, now. - Ted 1/27/92) 1994 * 1995 * The termios state of a pty is reset on first open so that 1996 * settings don't persist across reuse. 1997 * 1998 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 1999 * tty->count should protect the rest. 2000 * ->siglock protects ->signal/->sighand 2001 * 2002 * Note: the tty_unlock/lock cases without a ref are only safe due to 2003 * tty_mutex 2004 */ 2005 2006 static int tty_open(struct inode *inode, struct file *filp) 2007 { 2008 struct tty_struct *tty; 2009 int noctty, retval; 2010 dev_t device = inode->i_rdev; 2011 unsigned saved_flags = filp->f_flags; 2012 2013 nonseekable_open(inode, filp); 2014 2015 retry_open: 2016 retval = tty_alloc_file(filp); 2017 if (retval) 2018 return -ENOMEM; 2019 2020 tty = tty_open_current_tty(device, filp); 2021 if (!tty) 2022 tty = tty_open_by_driver(device, inode, filp); 2023 2024 if (IS_ERR(tty)) { 2025 tty_free_file(filp); 2026 retval = PTR_ERR(tty); 2027 if (retval != -EAGAIN || signal_pending(current)) 2028 return retval; 2029 schedule(); 2030 goto retry_open; 2031 } 2032 2033 tty_add_file(tty, filp); 2034 2035 check_tty_count(tty, __func__); 2036 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 2037 2038 if (tty->ops->open) 2039 retval = tty->ops->open(tty, filp); 2040 else 2041 retval = -ENODEV; 2042 filp->f_flags = saved_flags; 2043 2044 if (retval) { 2045 tty_debug_hangup(tty, "open error %d, releasing\n", retval); 2046 2047 tty_unlock(tty); /* need to call tty_release without BTM */ 2048 tty_release(inode, filp); 2049 if (retval != -ERESTARTSYS) 2050 return retval; 2051 2052 if (signal_pending(current)) 2053 return retval; 2054 2055 schedule(); 2056 /* 2057 * Need to reset f_op in case a hangup happened. 2058 */ 2059 if (tty_hung_up_p(filp)) 2060 filp->f_op = &tty_fops; 2061 goto retry_open; 2062 } 2063 clear_bit(TTY_HUPPED, &tty->flags); 2064 2065 noctty = (filp->f_flags & O_NOCTTY) || 2066 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) || 2067 device == MKDEV(TTYAUX_MAJOR, 1) || 2068 (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2069 tty->driver->subtype == PTY_TYPE_MASTER); 2070 if (!noctty) 2071 tty_open_proc_set_tty(filp, tty); 2072 tty_unlock(tty); 2073 return 0; 2074 } 2075 2076 2077 2078 /** 2079 * tty_poll - check tty status 2080 * @filp: file being polled 2081 * @wait: poll wait structures to update 2082 * 2083 * Call the line discipline polling method to obtain the poll 2084 * status of the device. 2085 * 2086 * Locking: locks called line discipline but ldisc poll method 2087 * may be re-entered freely by other callers. 2088 */ 2089 2090 static __poll_t tty_poll(struct file *filp, poll_table *wait) 2091 { 2092 struct tty_struct *tty = file_tty(filp); 2093 struct tty_ldisc *ld; 2094 __poll_t ret = 0; 2095 2096 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2097 return 0; 2098 2099 ld = tty_ldisc_ref_wait(tty); 2100 if (!ld) 2101 return hung_up_tty_poll(filp, wait); 2102 if (ld->ops->poll) 2103 ret = ld->ops->poll(tty, filp, wait); 2104 tty_ldisc_deref(ld); 2105 return ret; 2106 } 2107 2108 static int __tty_fasync(int fd, struct file *filp, int on) 2109 { 2110 struct tty_struct *tty = file_tty(filp); 2111 unsigned long flags; 2112 int retval = 0; 2113 2114 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2115 goto out; 2116 2117 retval = fasync_helper(fd, filp, on, &tty->fasync); 2118 if (retval <= 0) 2119 goto out; 2120 2121 if (on) { 2122 enum pid_type type; 2123 struct pid *pid; 2124 2125 spin_lock_irqsave(&tty->ctrl_lock, flags); 2126 if (tty->pgrp) { 2127 pid = tty->pgrp; 2128 type = PIDTYPE_PGID; 2129 } else { 2130 pid = task_pid(current); 2131 type = PIDTYPE_TGID; 2132 } 2133 get_pid(pid); 2134 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2135 __f_setown(filp, pid, type, 0); 2136 put_pid(pid); 2137 retval = 0; 2138 } 2139 out: 2140 return retval; 2141 } 2142 2143 static int tty_fasync(int fd, struct file *filp, int on) 2144 { 2145 struct tty_struct *tty = file_tty(filp); 2146 int retval = -ENOTTY; 2147 2148 tty_lock(tty); 2149 if (!tty_hung_up_p(filp)) 2150 retval = __tty_fasync(fd, filp, on); 2151 tty_unlock(tty); 2152 2153 return retval; 2154 } 2155 2156 /** 2157 * tiocsti - fake input character 2158 * @tty: tty to fake input into 2159 * @p: pointer to character 2160 * 2161 * Fake input to a tty device. Does the necessary locking and 2162 * input management. 2163 * 2164 * FIXME: does not honour flow control ?? 2165 * 2166 * Locking: 2167 * Called functions take tty_ldiscs_lock 2168 * current->signal->tty check is safe without locks 2169 * 2170 * FIXME: may race normal receive processing 2171 */ 2172 2173 static int tiocsti(struct tty_struct *tty, char __user *p) 2174 { 2175 char ch, mbz = 0; 2176 struct tty_ldisc *ld; 2177 2178 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2179 return -EPERM; 2180 if (get_user(ch, p)) 2181 return -EFAULT; 2182 tty_audit_tiocsti(tty, ch); 2183 ld = tty_ldisc_ref_wait(tty); 2184 if (!ld) 2185 return -EIO; 2186 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2187 tty_ldisc_deref(ld); 2188 return 0; 2189 } 2190 2191 /** 2192 * tiocgwinsz - implement window query ioctl 2193 * @tty; tty 2194 * @arg: user buffer for result 2195 * 2196 * Copies the kernel idea of the window size into the user buffer. 2197 * 2198 * Locking: tty->winsize_mutex is taken to ensure the winsize data 2199 * is consistent. 2200 */ 2201 2202 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2203 { 2204 int err; 2205 2206 mutex_lock(&tty->winsize_mutex); 2207 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2208 mutex_unlock(&tty->winsize_mutex); 2209 2210 return err ? -EFAULT: 0; 2211 } 2212 2213 /** 2214 * tty_do_resize - resize event 2215 * @tty: tty being resized 2216 * @rows: rows (character) 2217 * @cols: cols (character) 2218 * 2219 * Update the termios variables and send the necessary signals to 2220 * peform a terminal resize correctly 2221 */ 2222 2223 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2224 { 2225 struct pid *pgrp; 2226 2227 /* Lock the tty */ 2228 mutex_lock(&tty->winsize_mutex); 2229 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2230 goto done; 2231 2232 /* Signal the foreground process group */ 2233 pgrp = tty_get_pgrp(tty); 2234 if (pgrp) 2235 kill_pgrp(pgrp, SIGWINCH, 1); 2236 put_pid(pgrp); 2237 2238 tty->winsize = *ws; 2239 done: 2240 mutex_unlock(&tty->winsize_mutex); 2241 return 0; 2242 } 2243 EXPORT_SYMBOL(tty_do_resize); 2244 2245 /** 2246 * tiocswinsz - implement window size set ioctl 2247 * @tty; tty side of tty 2248 * @arg: user buffer for result 2249 * 2250 * Copies the user idea of the window size to the kernel. Traditionally 2251 * this is just advisory information but for the Linux console it 2252 * actually has driver level meaning and triggers a VC resize. 2253 * 2254 * Locking: 2255 * Driver dependent. The default do_resize method takes the 2256 * tty termios mutex and ctrl_lock. The console takes its own lock 2257 * then calls into the default method. 2258 */ 2259 2260 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2261 { 2262 struct winsize tmp_ws; 2263 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2264 return -EFAULT; 2265 2266 if (tty->ops->resize) 2267 return tty->ops->resize(tty, &tmp_ws); 2268 else 2269 return tty_do_resize(tty, &tmp_ws); 2270 } 2271 2272 /** 2273 * tioccons - allow admin to move logical console 2274 * @file: the file to become console 2275 * 2276 * Allow the administrator to move the redirected console device 2277 * 2278 * Locking: uses redirect_lock to guard the redirect information 2279 */ 2280 2281 static int tioccons(struct file *file) 2282 { 2283 if (!capable(CAP_SYS_ADMIN)) 2284 return -EPERM; 2285 if (file->f_op->write == redirected_tty_write) { 2286 struct file *f; 2287 spin_lock(&redirect_lock); 2288 f = redirect; 2289 redirect = NULL; 2290 spin_unlock(&redirect_lock); 2291 if (f) 2292 fput(f); 2293 return 0; 2294 } 2295 spin_lock(&redirect_lock); 2296 if (redirect) { 2297 spin_unlock(&redirect_lock); 2298 return -EBUSY; 2299 } 2300 redirect = get_file(file); 2301 spin_unlock(&redirect_lock); 2302 return 0; 2303 } 2304 2305 /** 2306 * tiocsetd - set line discipline 2307 * @tty: tty device 2308 * @p: pointer to user data 2309 * 2310 * Set the line discipline according to user request. 2311 * 2312 * Locking: see tty_set_ldisc, this function is just a helper 2313 */ 2314 2315 static int tiocsetd(struct tty_struct *tty, int __user *p) 2316 { 2317 int disc; 2318 int ret; 2319 2320 if (get_user(disc, p)) 2321 return -EFAULT; 2322 2323 ret = tty_set_ldisc(tty, disc); 2324 2325 return ret; 2326 } 2327 2328 /** 2329 * tiocgetd - get line discipline 2330 * @tty: tty device 2331 * @p: pointer to user data 2332 * 2333 * Retrieves the line discipline id directly from the ldisc. 2334 * 2335 * Locking: waits for ldisc reference (in case the line discipline 2336 * is changing or the tty is being hungup) 2337 */ 2338 2339 static int tiocgetd(struct tty_struct *tty, int __user *p) 2340 { 2341 struct tty_ldisc *ld; 2342 int ret; 2343 2344 ld = tty_ldisc_ref_wait(tty); 2345 if (!ld) 2346 return -EIO; 2347 ret = put_user(ld->ops->num, p); 2348 tty_ldisc_deref(ld); 2349 return ret; 2350 } 2351 2352 /** 2353 * send_break - performed time break 2354 * @tty: device to break on 2355 * @duration: timeout in mS 2356 * 2357 * Perform a timed break on hardware that lacks its own driver level 2358 * timed break functionality. 2359 * 2360 * Locking: 2361 * atomic_write_lock serializes 2362 * 2363 */ 2364 2365 static int send_break(struct tty_struct *tty, unsigned int duration) 2366 { 2367 int retval; 2368 2369 if (tty->ops->break_ctl == NULL) 2370 return 0; 2371 2372 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2373 retval = tty->ops->break_ctl(tty, duration); 2374 else { 2375 /* Do the work ourselves */ 2376 if (tty_write_lock(tty, 0) < 0) 2377 return -EINTR; 2378 retval = tty->ops->break_ctl(tty, -1); 2379 if (retval) 2380 goto out; 2381 if (!signal_pending(current)) 2382 msleep_interruptible(duration); 2383 retval = tty->ops->break_ctl(tty, 0); 2384 out: 2385 tty_write_unlock(tty); 2386 if (signal_pending(current)) 2387 retval = -EINTR; 2388 } 2389 return retval; 2390 } 2391 2392 /** 2393 * tty_tiocmget - get modem status 2394 * @tty: tty device 2395 * @file: user file pointer 2396 * @p: pointer to result 2397 * 2398 * Obtain the modem status bits from the tty driver if the feature 2399 * is supported. Return -EINVAL if it is not available. 2400 * 2401 * Locking: none (up to the driver) 2402 */ 2403 2404 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2405 { 2406 int retval = -EINVAL; 2407 2408 if (tty->ops->tiocmget) { 2409 retval = tty->ops->tiocmget(tty); 2410 2411 if (retval >= 0) 2412 retval = put_user(retval, p); 2413 } 2414 return retval; 2415 } 2416 2417 /** 2418 * tty_tiocmset - set modem status 2419 * @tty: tty device 2420 * @cmd: command - clear bits, set bits or set all 2421 * @p: pointer to desired bits 2422 * 2423 * Set the modem status bits from the tty driver if the feature 2424 * is supported. Return -EINVAL if it is not available. 2425 * 2426 * Locking: none (up to the driver) 2427 */ 2428 2429 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2430 unsigned __user *p) 2431 { 2432 int retval; 2433 unsigned int set, clear, val; 2434 2435 if (tty->ops->tiocmset == NULL) 2436 return -EINVAL; 2437 2438 retval = get_user(val, p); 2439 if (retval) 2440 return retval; 2441 set = clear = 0; 2442 switch (cmd) { 2443 case TIOCMBIS: 2444 set = val; 2445 break; 2446 case TIOCMBIC: 2447 clear = val; 2448 break; 2449 case TIOCMSET: 2450 set = val; 2451 clear = ~val; 2452 break; 2453 } 2454 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2455 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2456 return tty->ops->tiocmset(tty, set, clear); 2457 } 2458 2459 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2460 { 2461 int retval = -EINVAL; 2462 struct serial_icounter_struct icount; 2463 memset(&icount, 0, sizeof(icount)); 2464 if (tty->ops->get_icount) 2465 retval = tty->ops->get_icount(tty, &icount); 2466 if (retval != 0) 2467 return retval; 2468 if (copy_to_user(arg, &icount, sizeof(icount))) 2469 return -EFAULT; 2470 return 0; 2471 } 2472 2473 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss) 2474 { 2475 static DEFINE_RATELIMIT_STATE(depr_flags, 2476 DEFAULT_RATELIMIT_INTERVAL, 2477 DEFAULT_RATELIMIT_BURST); 2478 char comm[TASK_COMM_LEN]; 2479 struct serial_struct v; 2480 int flags; 2481 2482 if (copy_from_user(&v, ss, sizeof(struct serial_struct))) 2483 return -EFAULT; 2484 2485 flags = v.flags & ASYNC_DEPRECATED; 2486 2487 if (flags && __ratelimit(&depr_flags)) 2488 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2489 __func__, get_task_comm(comm, current), flags); 2490 if (!tty->ops->set_serial) 2491 return -ENOTTY; 2492 return tty->ops->set_serial(tty, &v); 2493 } 2494 2495 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss) 2496 { 2497 struct serial_struct v; 2498 int err; 2499 2500 memset(&v, 0, sizeof(struct serial_struct)); 2501 if (!tty->ops->get_serial) 2502 return -ENOTTY; 2503 err = tty->ops->get_serial(tty, &v); 2504 if (!err && copy_to_user(ss, &v, sizeof(struct serial_struct))) 2505 err = -EFAULT; 2506 return err; 2507 } 2508 2509 /* 2510 * if pty, return the slave side (real_tty) 2511 * otherwise, return self 2512 */ 2513 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2514 { 2515 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2516 tty->driver->subtype == PTY_TYPE_MASTER) 2517 tty = tty->link; 2518 return tty; 2519 } 2520 2521 /* 2522 * Split this up, as gcc can choke on it otherwise.. 2523 */ 2524 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2525 { 2526 struct tty_struct *tty = file_tty(file); 2527 struct tty_struct *real_tty; 2528 void __user *p = (void __user *)arg; 2529 int retval; 2530 struct tty_ldisc *ld; 2531 2532 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2533 return -EINVAL; 2534 2535 real_tty = tty_pair_get_tty(tty); 2536 2537 /* 2538 * Factor out some common prep work 2539 */ 2540 switch (cmd) { 2541 case TIOCSETD: 2542 case TIOCSBRK: 2543 case TIOCCBRK: 2544 case TCSBRK: 2545 case TCSBRKP: 2546 retval = tty_check_change(tty); 2547 if (retval) 2548 return retval; 2549 if (cmd != TIOCCBRK) { 2550 tty_wait_until_sent(tty, 0); 2551 if (signal_pending(current)) 2552 return -EINTR; 2553 } 2554 break; 2555 } 2556 2557 /* 2558 * Now do the stuff. 2559 */ 2560 switch (cmd) { 2561 case TIOCSTI: 2562 return tiocsti(tty, p); 2563 case TIOCGWINSZ: 2564 return tiocgwinsz(real_tty, p); 2565 case TIOCSWINSZ: 2566 return tiocswinsz(real_tty, p); 2567 case TIOCCONS: 2568 return real_tty != tty ? -EINVAL : tioccons(file); 2569 case TIOCEXCL: 2570 set_bit(TTY_EXCLUSIVE, &tty->flags); 2571 return 0; 2572 case TIOCNXCL: 2573 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2574 return 0; 2575 case TIOCGEXCL: 2576 { 2577 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2578 return put_user(excl, (int __user *)p); 2579 } 2580 case TIOCGETD: 2581 return tiocgetd(tty, p); 2582 case TIOCSETD: 2583 return tiocsetd(tty, p); 2584 case TIOCVHANGUP: 2585 if (!capable(CAP_SYS_ADMIN)) 2586 return -EPERM; 2587 tty_vhangup(tty); 2588 return 0; 2589 case TIOCGDEV: 2590 { 2591 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2592 return put_user(ret, (unsigned int __user *)p); 2593 } 2594 /* 2595 * Break handling 2596 */ 2597 case TIOCSBRK: /* Turn break on, unconditionally */ 2598 if (tty->ops->break_ctl) 2599 return tty->ops->break_ctl(tty, -1); 2600 return 0; 2601 case TIOCCBRK: /* Turn break off, unconditionally */ 2602 if (tty->ops->break_ctl) 2603 return tty->ops->break_ctl(tty, 0); 2604 return 0; 2605 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2606 /* non-zero arg means wait for all output data 2607 * to be sent (performed above) but don't send break. 2608 * This is used by the tcdrain() termios function. 2609 */ 2610 if (!arg) 2611 return send_break(tty, 250); 2612 return 0; 2613 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2614 return send_break(tty, arg ? arg*100 : 250); 2615 2616 case TIOCMGET: 2617 return tty_tiocmget(tty, p); 2618 case TIOCMSET: 2619 case TIOCMBIC: 2620 case TIOCMBIS: 2621 return tty_tiocmset(tty, cmd, p); 2622 case TIOCGICOUNT: 2623 return tty_tiocgicount(tty, p); 2624 case TCFLSH: 2625 switch (arg) { 2626 case TCIFLUSH: 2627 case TCIOFLUSH: 2628 /* flush tty buffer and allow ldisc to process ioctl */ 2629 tty_buffer_flush(tty, NULL); 2630 break; 2631 } 2632 break; 2633 case TIOCSSERIAL: 2634 return tty_tiocsserial(tty, p); 2635 case TIOCGSERIAL: 2636 return tty_tiocgserial(tty, p); 2637 case TIOCGPTPEER: 2638 /* Special because the struct file is needed */ 2639 return ptm_open_peer(file, tty, (int)arg); 2640 default: 2641 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg); 2642 if (retval != -ENOIOCTLCMD) 2643 return retval; 2644 } 2645 if (tty->ops->ioctl) { 2646 retval = tty->ops->ioctl(tty, cmd, arg); 2647 if (retval != -ENOIOCTLCMD) 2648 return retval; 2649 } 2650 ld = tty_ldisc_ref_wait(tty); 2651 if (!ld) 2652 return hung_up_tty_ioctl(file, cmd, arg); 2653 retval = -EINVAL; 2654 if (ld->ops->ioctl) { 2655 retval = ld->ops->ioctl(tty, file, cmd, arg); 2656 if (retval == -ENOIOCTLCMD) 2657 retval = -ENOTTY; 2658 } 2659 tty_ldisc_deref(ld); 2660 return retval; 2661 } 2662 2663 #ifdef CONFIG_COMPAT 2664 2665 struct serial_struct32 { 2666 compat_int_t type; 2667 compat_int_t line; 2668 compat_uint_t port; 2669 compat_int_t irq; 2670 compat_int_t flags; 2671 compat_int_t xmit_fifo_size; 2672 compat_int_t custom_divisor; 2673 compat_int_t baud_base; 2674 unsigned short close_delay; 2675 char io_type; 2676 char reserved_char[1]; 2677 compat_int_t hub6; 2678 unsigned short closing_wait; /* time to wait before closing */ 2679 unsigned short closing_wait2; /* no longer used... */ 2680 compat_uint_t iomem_base; 2681 unsigned short iomem_reg_shift; 2682 unsigned int port_high; 2683 /* compat_ulong_t iomap_base FIXME */ 2684 compat_int_t reserved[1]; 2685 }; 2686 2687 static int compat_tty_tiocsserial(struct tty_struct *tty, 2688 struct serial_struct32 __user *ss) 2689 { 2690 static DEFINE_RATELIMIT_STATE(depr_flags, 2691 DEFAULT_RATELIMIT_INTERVAL, 2692 DEFAULT_RATELIMIT_BURST); 2693 char comm[TASK_COMM_LEN]; 2694 struct serial_struct32 v32; 2695 struct serial_struct v; 2696 int flags; 2697 2698 if (copy_from_user(&v32, ss, sizeof(struct serial_struct32))) 2699 return -EFAULT; 2700 2701 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base)); 2702 v.iomem_base = compat_ptr(v32.iomem_base); 2703 v.iomem_reg_shift = v32.iomem_reg_shift; 2704 v.port_high = v32.port_high; 2705 v.iomap_base = 0; 2706 2707 flags = v.flags & ASYNC_DEPRECATED; 2708 2709 if (flags && __ratelimit(&depr_flags)) 2710 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2711 __func__, get_task_comm(comm, current), flags); 2712 if (!tty->ops->set_serial) 2713 return -ENOTTY; 2714 return tty->ops->set_serial(tty, &v); 2715 } 2716 2717 static int compat_tty_tiocgserial(struct tty_struct *tty, 2718 struct serial_struct32 __user *ss) 2719 { 2720 struct serial_struct32 v32; 2721 struct serial_struct v; 2722 int err; 2723 memset(&v, 0, sizeof(struct serial_struct)); 2724 2725 if (!tty->ops->set_serial) 2726 return -ENOTTY; 2727 err = tty->ops->get_serial(tty, &v); 2728 if (!err) { 2729 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base)); 2730 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ? 2731 0xfffffff : ptr_to_compat(v.iomem_base); 2732 v32.iomem_reg_shift = v.iomem_reg_shift; 2733 v32.port_high = v.port_high; 2734 if (copy_to_user(ss, &v32, sizeof(struct serial_struct32))) 2735 err = -EFAULT; 2736 } 2737 return err; 2738 } 2739 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2740 unsigned long arg) 2741 { 2742 struct tty_struct *tty = file_tty(file); 2743 struct tty_ldisc *ld; 2744 int retval = -ENOIOCTLCMD; 2745 2746 switch (cmd) { 2747 case TIOCSTI: 2748 case TIOCGWINSZ: 2749 case TIOCSWINSZ: 2750 case TIOCGEXCL: 2751 case TIOCGETD: 2752 case TIOCSETD: 2753 case TIOCGDEV: 2754 case TIOCMGET: 2755 case TIOCMSET: 2756 case TIOCMBIC: 2757 case TIOCMBIS: 2758 case TIOCGICOUNT: 2759 case TIOCGPGRP: 2760 case TIOCSPGRP: 2761 case TIOCGSID: 2762 case TIOCSERGETLSR: 2763 case TIOCGRS485: 2764 case TIOCSRS485: 2765 #ifdef TIOCGETP 2766 case TIOCGETP: 2767 case TIOCSETP: 2768 case TIOCSETN: 2769 #endif 2770 #ifdef TIOCGETC 2771 case TIOCGETC: 2772 case TIOCSETC: 2773 #endif 2774 #ifdef TIOCGLTC 2775 case TIOCGLTC: 2776 case TIOCSLTC: 2777 #endif 2778 case TCSETSF: 2779 case TCSETSW: 2780 case TCSETS: 2781 case TCGETS: 2782 #ifdef TCGETS2 2783 case TCGETS2: 2784 case TCSETSF2: 2785 case TCSETSW2: 2786 case TCSETS2: 2787 #endif 2788 case TCGETA: 2789 case TCSETAF: 2790 case TCSETAW: 2791 case TCSETA: 2792 case TIOCGLCKTRMIOS: 2793 case TIOCSLCKTRMIOS: 2794 #ifdef TCGETX 2795 case TCGETX: 2796 case TCSETX: 2797 case TCSETXW: 2798 case TCSETXF: 2799 #endif 2800 case TIOCGSOFTCAR: 2801 case TIOCSSOFTCAR: 2802 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 2803 case TIOCCONS: 2804 case TIOCEXCL: 2805 case TIOCNXCL: 2806 case TIOCVHANGUP: 2807 case TIOCSBRK: 2808 case TIOCCBRK: 2809 case TCSBRK: 2810 case TCSBRKP: 2811 case TCFLSH: 2812 case TIOCGPTPEER: 2813 case TIOCNOTTY: 2814 case TIOCSCTTY: 2815 case TCXONC: 2816 case TIOCMIWAIT: 2817 case TIOCSERCONFIG: 2818 return tty_ioctl(file, cmd, arg); 2819 } 2820 2821 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2822 return -EINVAL; 2823 2824 switch (cmd) { 2825 case TIOCSSERIAL: 2826 return compat_tty_tiocsserial(tty, compat_ptr(arg)); 2827 case TIOCGSERIAL: 2828 return compat_tty_tiocgserial(tty, compat_ptr(arg)); 2829 } 2830 if (tty->ops->compat_ioctl) { 2831 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2832 if (retval != -ENOIOCTLCMD) 2833 return retval; 2834 } 2835 2836 ld = tty_ldisc_ref_wait(tty); 2837 if (!ld) 2838 return hung_up_tty_compat_ioctl(file, cmd, arg); 2839 if (ld->ops->compat_ioctl) 2840 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2841 if (retval == -ENOIOCTLCMD && ld->ops->ioctl) 2842 retval = ld->ops->ioctl(tty, file, 2843 (unsigned long)compat_ptr(cmd), arg); 2844 tty_ldisc_deref(ld); 2845 2846 return retval; 2847 } 2848 #endif 2849 2850 static int this_tty(const void *t, struct file *file, unsigned fd) 2851 { 2852 if (likely(file->f_op->read != tty_read)) 2853 return 0; 2854 return file_tty(file) != t ? 0 : fd + 1; 2855 } 2856 2857 /* 2858 * This implements the "Secure Attention Key" --- the idea is to 2859 * prevent trojan horses by killing all processes associated with this 2860 * tty when the user hits the "Secure Attention Key". Required for 2861 * super-paranoid applications --- see the Orange Book for more details. 2862 * 2863 * This code could be nicer; ideally it should send a HUP, wait a few 2864 * seconds, then send a INT, and then a KILL signal. But you then 2865 * have to coordinate with the init process, since all processes associated 2866 * with the current tty must be dead before the new getty is allowed 2867 * to spawn. 2868 * 2869 * Now, if it would be correct ;-/ The current code has a nasty hole - 2870 * it doesn't catch files in flight. We may send the descriptor to ourselves 2871 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2872 * 2873 * Nasty bug: do_SAK is being called in interrupt context. This can 2874 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2875 */ 2876 void __do_SAK(struct tty_struct *tty) 2877 { 2878 #ifdef TTY_SOFT_SAK 2879 tty_hangup(tty); 2880 #else 2881 struct task_struct *g, *p; 2882 struct pid *session; 2883 int i; 2884 2885 if (!tty) 2886 return; 2887 session = tty->session; 2888 2889 tty_ldisc_flush(tty); 2890 2891 tty_driver_flush_buffer(tty); 2892 2893 read_lock(&tasklist_lock); 2894 /* Kill the entire session */ 2895 do_each_pid_task(session, PIDTYPE_SID, p) { 2896 tty_notice(tty, "SAK: killed process %d (%s): by session\n", 2897 task_pid_nr(p), p->comm); 2898 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2899 } while_each_pid_task(session, PIDTYPE_SID, p); 2900 2901 /* Now kill any processes that happen to have the tty open */ 2902 do_each_thread(g, p) { 2903 if (p->signal->tty == tty) { 2904 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n", 2905 task_pid_nr(p), p->comm); 2906 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2907 continue; 2908 } 2909 task_lock(p); 2910 i = iterate_fd(p->files, 0, this_tty, tty); 2911 if (i != 0) { 2912 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n", 2913 task_pid_nr(p), p->comm, i - 1); 2914 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2915 } 2916 task_unlock(p); 2917 } while_each_thread(g, p); 2918 read_unlock(&tasklist_lock); 2919 #endif 2920 } 2921 2922 static void do_SAK_work(struct work_struct *work) 2923 { 2924 struct tty_struct *tty = 2925 container_of(work, struct tty_struct, SAK_work); 2926 __do_SAK(tty); 2927 } 2928 2929 /* 2930 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2931 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2932 * the values which we write to it will be identical to the values which it 2933 * already has. --akpm 2934 */ 2935 void do_SAK(struct tty_struct *tty) 2936 { 2937 if (!tty) 2938 return; 2939 schedule_work(&tty->SAK_work); 2940 } 2941 2942 EXPORT_SYMBOL(do_SAK); 2943 2944 static int dev_match_devt(struct device *dev, const void *data) 2945 { 2946 const dev_t *devt = data; 2947 return dev->devt == *devt; 2948 } 2949 2950 /* Must put_device() after it's unused! */ 2951 static struct device *tty_get_device(struct tty_struct *tty) 2952 { 2953 dev_t devt = tty_devnum(tty); 2954 return class_find_device(tty_class, NULL, &devt, dev_match_devt); 2955 } 2956 2957 2958 /** 2959 * alloc_tty_struct 2960 * 2961 * This subroutine allocates and initializes a tty structure. 2962 * 2963 * Locking: none - tty in question is not exposed at this point 2964 */ 2965 2966 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 2967 { 2968 struct tty_struct *tty; 2969 2970 tty = kzalloc(sizeof(*tty), GFP_KERNEL); 2971 if (!tty) 2972 return NULL; 2973 2974 kref_init(&tty->kref); 2975 tty->magic = TTY_MAGIC; 2976 if (tty_ldisc_init(tty)) { 2977 kfree(tty); 2978 return NULL; 2979 } 2980 tty->session = NULL; 2981 tty->pgrp = NULL; 2982 mutex_init(&tty->legacy_mutex); 2983 mutex_init(&tty->throttle_mutex); 2984 init_rwsem(&tty->termios_rwsem); 2985 mutex_init(&tty->winsize_mutex); 2986 init_ldsem(&tty->ldisc_sem); 2987 init_waitqueue_head(&tty->write_wait); 2988 init_waitqueue_head(&tty->read_wait); 2989 INIT_WORK(&tty->hangup_work, do_tty_hangup); 2990 mutex_init(&tty->atomic_write_lock); 2991 spin_lock_init(&tty->ctrl_lock); 2992 spin_lock_init(&tty->flow_lock); 2993 spin_lock_init(&tty->files_lock); 2994 INIT_LIST_HEAD(&tty->tty_files); 2995 INIT_WORK(&tty->SAK_work, do_SAK_work); 2996 2997 tty->driver = driver; 2998 tty->ops = driver->ops; 2999 tty->index = idx; 3000 tty_line_name(driver, idx, tty->name); 3001 tty->dev = tty_get_device(tty); 3002 3003 return tty; 3004 } 3005 3006 /** 3007 * tty_put_char - write one character to a tty 3008 * @tty: tty 3009 * @ch: character 3010 * 3011 * Write one byte to the tty using the provided put_char method 3012 * if present. Returns the number of characters successfully output. 3013 * 3014 * Note: the specific put_char operation in the driver layer may go 3015 * away soon. Don't call it directly, use this method 3016 */ 3017 3018 int tty_put_char(struct tty_struct *tty, unsigned char ch) 3019 { 3020 if (tty->ops->put_char) 3021 return tty->ops->put_char(tty, ch); 3022 return tty->ops->write(tty, &ch, 1); 3023 } 3024 EXPORT_SYMBOL_GPL(tty_put_char); 3025 3026 struct class *tty_class; 3027 3028 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3029 unsigned int index, unsigned int count) 3030 { 3031 int err; 3032 3033 /* init here, since reused cdevs cause crashes */ 3034 driver->cdevs[index] = cdev_alloc(); 3035 if (!driver->cdevs[index]) 3036 return -ENOMEM; 3037 driver->cdevs[index]->ops = &tty_fops; 3038 driver->cdevs[index]->owner = driver->owner; 3039 err = cdev_add(driver->cdevs[index], dev, count); 3040 if (err) 3041 kobject_put(&driver->cdevs[index]->kobj); 3042 return err; 3043 } 3044 3045 /** 3046 * tty_register_device - register a tty device 3047 * @driver: the tty driver that describes the tty device 3048 * @index: the index in the tty driver for this tty device 3049 * @device: a struct device that is associated with this tty device. 3050 * This field is optional, if there is no known struct device 3051 * for this tty device it can be set to NULL safely. 3052 * 3053 * Returns a pointer to the struct device for this tty device 3054 * (or ERR_PTR(-EFOO) on error). 3055 * 3056 * This call is required to be made to register an individual tty device 3057 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3058 * that bit is not set, this function should not be called by a tty 3059 * driver. 3060 * 3061 * Locking: ?? 3062 */ 3063 3064 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3065 struct device *device) 3066 { 3067 return tty_register_device_attr(driver, index, device, NULL, NULL); 3068 } 3069 EXPORT_SYMBOL(tty_register_device); 3070 3071 static void tty_device_create_release(struct device *dev) 3072 { 3073 dev_dbg(dev, "releasing...\n"); 3074 kfree(dev); 3075 } 3076 3077 /** 3078 * tty_register_device_attr - register a tty device 3079 * @driver: the tty driver that describes the tty device 3080 * @index: the index in the tty driver for this tty device 3081 * @device: a struct device that is associated with this tty device. 3082 * This field is optional, if there is no known struct device 3083 * for this tty device it can be set to NULL safely. 3084 * @drvdata: Driver data to be set to device. 3085 * @attr_grp: Attribute group to be set on device. 3086 * 3087 * Returns a pointer to the struct device for this tty device 3088 * (or ERR_PTR(-EFOO) on error). 3089 * 3090 * This call is required to be made to register an individual tty device 3091 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3092 * that bit is not set, this function should not be called by a tty 3093 * driver. 3094 * 3095 * Locking: ?? 3096 */ 3097 struct device *tty_register_device_attr(struct tty_driver *driver, 3098 unsigned index, struct device *device, 3099 void *drvdata, 3100 const struct attribute_group **attr_grp) 3101 { 3102 char name[64]; 3103 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3104 struct ktermios *tp; 3105 struct device *dev; 3106 int retval; 3107 3108 if (index >= driver->num) { 3109 pr_err("%s: Attempt to register invalid tty line number (%d)\n", 3110 driver->name, index); 3111 return ERR_PTR(-EINVAL); 3112 } 3113 3114 if (driver->type == TTY_DRIVER_TYPE_PTY) 3115 pty_line_name(driver, index, name); 3116 else 3117 tty_line_name(driver, index, name); 3118 3119 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3120 if (!dev) 3121 return ERR_PTR(-ENOMEM); 3122 3123 dev->devt = devt; 3124 dev->class = tty_class; 3125 dev->parent = device; 3126 dev->release = tty_device_create_release; 3127 dev_set_name(dev, "%s", name); 3128 dev->groups = attr_grp; 3129 dev_set_drvdata(dev, drvdata); 3130 3131 dev_set_uevent_suppress(dev, 1); 3132 3133 retval = device_register(dev); 3134 if (retval) 3135 goto err_put; 3136 3137 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3138 /* 3139 * Free any saved termios data so that the termios state is 3140 * reset when reusing a minor number. 3141 */ 3142 tp = driver->termios[index]; 3143 if (tp) { 3144 driver->termios[index] = NULL; 3145 kfree(tp); 3146 } 3147 3148 retval = tty_cdev_add(driver, devt, index, 1); 3149 if (retval) 3150 goto err_del; 3151 } 3152 3153 dev_set_uevent_suppress(dev, 0); 3154 kobject_uevent(&dev->kobj, KOBJ_ADD); 3155 3156 return dev; 3157 3158 err_del: 3159 device_del(dev); 3160 err_put: 3161 put_device(dev); 3162 3163 return ERR_PTR(retval); 3164 } 3165 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3166 3167 /** 3168 * tty_unregister_device - unregister a tty device 3169 * @driver: the tty driver that describes the tty device 3170 * @index: the index in the tty driver for this tty device 3171 * 3172 * If a tty device is registered with a call to tty_register_device() then 3173 * this function must be called when the tty device is gone. 3174 * 3175 * Locking: ?? 3176 */ 3177 3178 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3179 { 3180 device_destroy(tty_class, 3181 MKDEV(driver->major, driver->minor_start) + index); 3182 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3183 cdev_del(driver->cdevs[index]); 3184 driver->cdevs[index] = NULL; 3185 } 3186 } 3187 EXPORT_SYMBOL(tty_unregister_device); 3188 3189 /** 3190 * __tty_alloc_driver -- allocate tty driver 3191 * @lines: count of lines this driver can handle at most 3192 * @owner: module which is responsible for this driver 3193 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3194 * 3195 * This should not be called directly, some of the provided macros should be 3196 * used instead. Use IS_ERR and friends on @retval. 3197 */ 3198 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3199 unsigned long flags) 3200 { 3201 struct tty_driver *driver; 3202 unsigned int cdevs = 1; 3203 int err; 3204 3205 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3206 return ERR_PTR(-EINVAL); 3207 3208 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL); 3209 if (!driver) 3210 return ERR_PTR(-ENOMEM); 3211 3212 kref_init(&driver->kref); 3213 driver->magic = TTY_DRIVER_MAGIC; 3214 driver->num = lines; 3215 driver->owner = owner; 3216 driver->flags = flags; 3217 3218 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3219 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3220 GFP_KERNEL); 3221 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3222 GFP_KERNEL); 3223 if (!driver->ttys || !driver->termios) { 3224 err = -ENOMEM; 3225 goto err_free_all; 3226 } 3227 } 3228 3229 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3230 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3231 GFP_KERNEL); 3232 if (!driver->ports) { 3233 err = -ENOMEM; 3234 goto err_free_all; 3235 } 3236 cdevs = lines; 3237 } 3238 3239 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3240 if (!driver->cdevs) { 3241 err = -ENOMEM; 3242 goto err_free_all; 3243 } 3244 3245 return driver; 3246 err_free_all: 3247 kfree(driver->ports); 3248 kfree(driver->ttys); 3249 kfree(driver->termios); 3250 kfree(driver->cdevs); 3251 kfree(driver); 3252 return ERR_PTR(err); 3253 } 3254 EXPORT_SYMBOL(__tty_alloc_driver); 3255 3256 static void destruct_tty_driver(struct kref *kref) 3257 { 3258 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3259 int i; 3260 struct ktermios *tp; 3261 3262 if (driver->flags & TTY_DRIVER_INSTALLED) { 3263 for (i = 0; i < driver->num; i++) { 3264 tp = driver->termios[i]; 3265 if (tp) { 3266 driver->termios[i] = NULL; 3267 kfree(tp); 3268 } 3269 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3270 tty_unregister_device(driver, i); 3271 } 3272 proc_tty_unregister_driver(driver); 3273 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3274 cdev_del(driver->cdevs[0]); 3275 } 3276 kfree(driver->cdevs); 3277 kfree(driver->ports); 3278 kfree(driver->termios); 3279 kfree(driver->ttys); 3280 kfree(driver); 3281 } 3282 3283 void tty_driver_kref_put(struct tty_driver *driver) 3284 { 3285 kref_put(&driver->kref, destruct_tty_driver); 3286 } 3287 EXPORT_SYMBOL(tty_driver_kref_put); 3288 3289 void tty_set_operations(struct tty_driver *driver, 3290 const struct tty_operations *op) 3291 { 3292 driver->ops = op; 3293 }; 3294 EXPORT_SYMBOL(tty_set_operations); 3295 3296 void put_tty_driver(struct tty_driver *d) 3297 { 3298 tty_driver_kref_put(d); 3299 } 3300 EXPORT_SYMBOL(put_tty_driver); 3301 3302 /* 3303 * Called by a tty driver to register itself. 3304 */ 3305 int tty_register_driver(struct tty_driver *driver) 3306 { 3307 int error; 3308 int i; 3309 dev_t dev; 3310 struct device *d; 3311 3312 if (!driver->major) { 3313 error = alloc_chrdev_region(&dev, driver->minor_start, 3314 driver->num, driver->name); 3315 if (!error) { 3316 driver->major = MAJOR(dev); 3317 driver->minor_start = MINOR(dev); 3318 } 3319 } else { 3320 dev = MKDEV(driver->major, driver->minor_start); 3321 error = register_chrdev_region(dev, driver->num, driver->name); 3322 } 3323 if (error < 0) 3324 goto err; 3325 3326 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3327 error = tty_cdev_add(driver, dev, 0, driver->num); 3328 if (error) 3329 goto err_unreg_char; 3330 } 3331 3332 mutex_lock(&tty_mutex); 3333 list_add(&driver->tty_drivers, &tty_drivers); 3334 mutex_unlock(&tty_mutex); 3335 3336 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3337 for (i = 0; i < driver->num; i++) { 3338 d = tty_register_device(driver, i, NULL); 3339 if (IS_ERR(d)) { 3340 error = PTR_ERR(d); 3341 goto err_unreg_devs; 3342 } 3343 } 3344 } 3345 proc_tty_register_driver(driver); 3346 driver->flags |= TTY_DRIVER_INSTALLED; 3347 return 0; 3348 3349 err_unreg_devs: 3350 for (i--; i >= 0; i--) 3351 tty_unregister_device(driver, i); 3352 3353 mutex_lock(&tty_mutex); 3354 list_del(&driver->tty_drivers); 3355 mutex_unlock(&tty_mutex); 3356 3357 err_unreg_char: 3358 unregister_chrdev_region(dev, driver->num); 3359 err: 3360 return error; 3361 } 3362 EXPORT_SYMBOL(tty_register_driver); 3363 3364 /* 3365 * Called by a tty driver to unregister itself. 3366 */ 3367 int tty_unregister_driver(struct tty_driver *driver) 3368 { 3369 #if 0 3370 /* FIXME */ 3371 if (driver->refcount) 3372 return -EBUSY; 3373 #endif 3374 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3375 driver->num); 3376 mutex_lock(&tty_mutex); 3377 list_del(&driver->tty_drivers); 3378 mutex_unlock(&tty_mutex); 3379 return 0; 3380 } 3381 3382 EXPORT_SYMBOL(tty_unregister_driver); 3383 3384 dev_t tty_devnum(struct tty_struct *tty) 3385 { 3386 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3387 } 3388 EXPORT_SYMBOL(tty_devnum); 3389 3390 void tty_default_fops(struct file_operations *fops) 3391 { 3392 *fops = tty_fops; 3393 } 3394 3395 static char *tty_devnode(struct device *dev, umode_t *mode) 3396 { 3397 if (!mode) 3398 return NULL; 3399 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3400 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3401 *mode = 0666; 3402 return NULL; 3403 } 3404 3405 static int __init tty_class_init(void) 3406 { 3407 tty_class = class_create(THIS_MODULE, "tty"); 3408 if (IS_ERR(tty_class)) 3409 return PTR_ERR(tty_class); 3410 tty_class->devnode = tty_devnode; 3411 return 0; 3412 } 3413 3414 postcore_initcall(tty_class_init); 3415 3416 /* 3/2004 jmc: why do these devices exist? */ 3417 static struct cdev tty_cdev, console_cdev; 3418 3419 static ssize_t show_cons_active(struct device *dev, 3420 struct device_attribute *attr, char *buf) 3421 { 3422 struct console *cs[16]; 3423 int i = 0; 3424 struct console *c; 3425 ssize_t count = 0; 3426 3427 console_lock(); 3428 for_each_console(c) { 3429 if (!c->device) 3430 continue; 3431 if (!c->write) 3432 continue; 3433 if ((c->flags & CON_ENABLED) == 0) 3434 continue; 3435 cs[i++] = c; 3436 if (i >= ARRAY_SIZE(cs)) 3437 break; 3438 } 3439 while (i--) { 3440 int index = cs[i]->index; 3441 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3442 3443 /* don't resolve tty0 as some programs depend on it */ 3444 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3445 count += tty_line_name(drv, index, buf + count); 3446 else 3447 count += sprintf(buf + count, "%s%d", 3448 cs[i]->name, cs[i]->index); 3449 3450 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3451 } 3452 console_unlock(); 3453 3454 return count; 3455 } 3456 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3457 3458 static struct attribute *cons_dev_attrs[] = { 3459 &dev_attr_active.attr, 3460 NULL 3461 }; 3462 3463 ATTRIBUTE_GROUPS(cons_dev); 3464 3465 static struct device *consdev; 3466 3467 void console_sysfs_notify(void) 3468 { 3469 if (consdev) 3470 sysfs_notify(&consdev->kobj, NULL, "active"); 3471 } 3472 3473 /* 3474 * Ok, now we can initialize the rest of the tty devices and can count 3475 * on memory allocations, interrupts etc.. 3476 */ 3477 int __init tty_init(void) 3478 { 3479 cdev_init(&tty_cdev, &tty_fops); 3480 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3481 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3482 panic("Couldn't register /dev/tty driver\n"); 3483 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3484 3485 cdev_init(&console_cdev, &console_fops); 3486 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3487 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3488 panic("Couldn't register /dev/console driver\n"); 3489 consdev = device_create_with_groups(tty_class, NULL, 3490 MKDEV(TTYAUX_MAJOR, 1), NULL, 3491 cons_dev_groups, "console"); 3492 if (IS_ERR(consdev)) 3493 consdev = NULL; 3494 3495 #ifdef CONFIG_VT 3496 vty_init(&console_fops); 3497 #endif 3498 return 0; 3499 } 3500 3501