1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 /* 7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 8 * or rs-channels. It also implements echoing, cooked mode etc. 9 * 10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 11 * 12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 13 * tty_struct and tty_queue structures. Previously there was an array 14 * of 256 tty_struct's which was statically allocated, and the 15 * tty_queue structures were allocated at boot time. Both are now 16 * dynamically allocated only when the tty is open. 17 * 18 * Also restructured routines so that there is more of a separation 19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 20 * the low-level tty routines (serial.c, pty.c, console.c). This 21 * makes for cleaner and more compact code. -TYT, 9/17/92 22 * 23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 24 * which can be dynamically activated and de-activated by the line 25 * discipline handling modules (like SLIP). 26 * 27 * NOTE: pay no attention to the line discipline code (yet); its 28 * interface is still subject to change in this version... 29 * -- TYT, 1/31/92 30 * 31 * Added functionality to the OPOST tty handling. No delays, but all 32 * other bits should be there. 33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 34 * 35 * Rewrote canonical mode and added more termios flags. 36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 37 * 38 * Reorganized FASYNC support so mouse code can share it. 39 * -- ctm@ardi.com, 9Sep95 40 * 41 * New TIOCLINUX variants added. 42 * -- mj@k332.feld.cvut.cz, 19-Nov-95 43 * 44 * Restrict vt switching via ioctl() 45 * -- grif@cs.ucr.edu, 5-Dec-95 46 * 47 * Move console and virtual terminal code to more appropriate files, 48 * implement CONFIG_VT and generalize console device interface. 49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 50 * 51 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 52 * -- Bill Hawes <whawes@star.net>, June 97 53 * 54 * Added devfs support. 55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 56 * 57 * Added support for a Unix98-style ptmx device. 58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 59 * 60 * Reduced memory usage for older ARM systems 61 * -- Russell King <rmk@arm.linux.org.uk> 62 * 63 * Move do_SAK() into process context. Less stack use in devfs functions. 64 * alloc_tty_struct() always uses kmalloc() 65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 66 */ 67 68 #include <linux/types.h> 69 #include <linux/major.h> 70 #include <linux/errno.h> 71 #include <linux/signal.h> 72 #include <linux/fcntl.h> 73 #include <linux/sched/signal.h> 74 #include <linux/sched/task.h> 75 #include <linux/interrupt.h> 76 #include <linux/tty.h> 77 #include <linux/tty_driver.h> 78 #include <linux/tty_flip.h> 79 #include <linux/devpts_fs.h> 80 #include <linux/file.h> 81 #include <linux/fdtable.h> 82 #include <linux/console.h> 83 #include <linux/timer.h> 84 #include <linux/ctype.h> 85 #include <linux/kd.h> 86 #include <linux/mm.h> 87 #include <linux/string.h> 88 #include <linux/slab.h> 89 #include <linux/poll.h> 90 #include <linux/proc_fs.h> 91 #include <linux/init.h> 92 #include <linux/module.h> 93 #include <linux/device.h> 94 #include <linux/wait.h> 95 #include <linux/bitops.h> 96 #include <linux/delay.h> 97 #include <linux/seq_file.h> 98 #include <linux/serial.h> 99 #include <linux/ratelimit.h> 100 #include <linux/compat.h> 101 102 #include <linux/uaccess.h> 103 104 #include <linux/kbd_kern.h> 105 #include <linux/vt_kern.h> 106 #include <linux/selection.h> 107 108 #include <linux/kmod.h> 109 #include <linux/nsproxy.h> 110 111 #undef TTY_DEBUG_HANGUP 112 #ifdef TTY_DEBUG_HANGUP 113 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 114 #else 115 # define tty_debug_hangup(tty, f, args...) do { } while (0) 116 #endif 117 118 #define TTY_PARANOIA_CHECK 1 119 #define CHECK_TTY_COUNT 1 120 121 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 122 .c_iflag = ICRNL | IXON, 123 .c_oflag = OPOST | ONLCR, 124 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 125 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 126 ECHOCTL | ECHOKE | IEXTEN, 127 .c_cc = INIT_C_CC, 128 .c_ispeed = 38400, 129 .c_ospeed = 38400, 130 /* .c_line = N_TTY, */ 131 }; 132 133 EXPORT_SYMBOL(tty_std_termios); 134 135 /* This list gets poked at by procfs and various bits of boot up code. This 136 could do with some rationalisation such as pulling the tty proc function 137 into this file */ 138 139 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 140 141 /* Mutex to protect creating and releasing a tty */ 142 DEFINE_MUTEX(tty_mutex); 143 144 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 145 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); 146 ssize_t redirected_tty_write(struct file *, const char __user *, 147 size_t, loff_t *); 148 static __poll_t tty_poll(struct file *, poll_table *); 149 static int tty_open(struct inode *, struct file *); 150 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 151 #ifdef CONFIG_COMPAT 152 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 153 unsigned long arg); 154 #else 155 #define tty_compat_ioctl NULL 156 #endif 157 static int __tty_fasync(int fd, struct file *filp, int on); 158 static int tty_fasync(int fd, struct file *filp, int on); 159 static void release_tty(struct tty_struct *tty, int idx); 160 161 /** 162 * free_tty_struct - free a disused tty 163 * @tty: tty struct to free 164 * 165 * Free the write buffers, tty queue and tty memory itself. 166 * 167 * Locking: none. Must be called after tty is definitely unused 168 */ 169 170 static void free_tty_struct(struct tty_struct *tty) 171 { 172 tty_ldisc_deinit(tty); 173 put_device(tty->dev); 174 kfree(tty->write_buf); 175 tty->magic = 0xDEADDEAD; 176 kfree(tty); 177 } 178 179 static inline struct tty_struct *file_tty(struct file *file) 180 { 181 return ((struct tty_file_private *)file->private_data)->tty; 182 } 183 184 int tty_alloc_file(struct file *file) 185 { 186 struct tty_file_private *priv; 187 188 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 189 if (!priv) 190 return -ENOMEM; 191 192 file->private_data = priv; 193 194 return 0; 195 } 196 197 /* Associate a new file with the tty structure */ 198 void tty_add_file(struct tty_struct *tty, struct file *file) 199 { 200 struct tty_file_private *priv = file->private_data; 201 202 priv->tty = tty; 203 priv->file = file; 204 205 spin_lock(&tty->files_lock); 206 list_add(&priv->list, &tty->tty_files); 207 spin_unlock(&tty->files_lock); 208 } 209 210 /** 211 * tty_free_file - free file->private_data 212 * 213 * This shall be used only for fail path handling when tty_add_file was not 214 * called yet. 215 */ 216 void tty_free_file(struct file *file) 217 { 218 struct tty_file_private *priv = file->private_data; 219 220 file->private_data = NULL; 221 kfree(priv); 222 } 223 224 /* Delete file from its tty */ 225 static void tty_del_file(struct file *file) 226 { 227 struct tty_file_private *priv = file->private_data; 228 struct tty_struct *tty = priv->tty; 229 230 spin_lock(&tty->files_lock); 231 list_del(&priv->list); 232 spin_unlock(&tty->files_lock); 233 tty_free_file(file); 234 } 235 236 /** 237 * tty_name - return tty naming 238 * @tty: tty structure 239 * 240 * Convert a tty structure into a name. The name reflects the kernel 241 * naming policy and if udev is in use may not reflect user space 242 * 243 * Locking: none 244 */ 245 246 const char *tty_name(const struct tty_struct *tty) 247 { 248 if (!tty) /* Hmm. NULL pointer. That's fun. */ 249 return "NULL tty"; 250 return tty->name; 251 } 252 253 EXPORT_SYMBOL(tty_name); 254 255 const char *tty_driver_name(const struct tty_struct *tty) 256 { 257 if (!tty || !tty->driver) 258 return ""; 259 return tty->driver->name; 260 } 261 262 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 263 const char *routine) 264 { 265 #ifdef TTY_PARANOIA_CHECK 266 if (!tty) { 267 pr_warn("(%d:%d): %s: NULL tty\n", 268 imajor(inode), iminor(inode), routine); 269 return 1; 270 } 271 if (tty->magic != TTY_MAGIC) { 272 pr_warn("(%d:%d): %s: bad magic number\n", 273 imajor(inode), iminor(inode), routine); 274 return 1; 275 } 276 #endif 277 return 0; 278 } 279 280 /* Caller must hold tty_lock */ 281 static int check_tty_count(struct tty_struct *tty, const char *routine) 282 { 283 #ifdef CHECK_TTY_COUNT 284 struct list_head *p; 285 int count = 0, kopen_count = 0; 286 287 spin_lock(&tty->files_lock); 288 list_for_each(p, &tty->tty_files) { 289 count++; 290 } 291 spin_unlock(&tty->files_lock); 292 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 293 tty->driver->subtype == PTY_TYPE_SLAVE && 294 tty->link && tty->link->count) 295 count++; 296 if (tty_port_kopened(tty->port)) 297 kopen_count++; 298 if (tty->count != (count + kopen_count)) { 299 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n", 300 routine, tty->count, count, kopen_count); 301 return (count + kopen_count); 302 } 303 #endif 304 return 0; 305 } 306 307 /** 308 * get_tty_driver - find device of a tty 309 * @dev_t: device identifier 310 * @index: returns the index of the tty 311 * 312 * This routine returns a tty driver structure, given a device number 313 * and also passes back the index number. 314 * 315 * Locking: caller must hold tty_mutex 316 */ 317 318 static struct tty_driver *get_tty_driver(dev_t device, int *index) 319 { 320 struct tty_driver *p; 321 322 list_for_each_entry(p, &tty_drivers, tty_drivers) { 323 dev_t base = MKDEV(p->major, p->minor_start); 324 if (device < base || device >= base + p->num) 325 continue; 326 *index = device - base; 327 return tty_driver_kref_get(p); 328 } 329 return NULL; 330 } 331 332 /** 333 * tty_dev_name_to_number - return dev_t for device name 334 * @name: user space name of device under /dev 335 * @number: pointer to dev_t that this function will populate 336 * 337 * This function converts device names like ttyS0 or ttyUSB1 into dev_t 338 * like (4, 64) or (188, 1). If no corresponding driver is registered then 339 * the function returns -ENODEV. 340 * 341 * Locking: this acquires tty_mutex to protect the tty_drivers list from 342 * being modified while we are traversing it, and makes sure to 343 * release it before exiting. 344 */ 345 int tty_dev_name_to_number(const char *name, dev_t *number) 346 { 347 struct tty_driver *p; 348 int ret; 349 int index, prefix_length = 0; 350 const char *str; 351 352 for (str = name; *str && !isdigit(*str); str++) 353 ; 354 355 if (!*str) 356 return -EINVAL; 357 358 ret = kstrtoint(str, 10, &index); 359 if (ret) 360 return ret; 361 362 prefix_length = str - name; 363 mutex_lock(&tty_mutex); 364 365 list_for_each_entry(p, &tty_drivers, tty_drivers) 366 if (prefix_length == strlen(p->name) && strncmp(name, 367 p->name, prefix_length) == 0) { 368 if (index < p->num) { 369 *number = MKDEV(p->major, p->minor_start + index); 370 goto out; 371 } 372 } 373 374 /* if here then driver wasn't found */ 375 ret = -ENODEV; 376 out: 377 mutex_unlock(&tty_mutex); 378 return ret; 379 } 380 EXPORT_SYMBOL_GPL(tty_dev_name_to_number); 381 382 #ifdef CONFIG_CONSOLE_POLL 383 384 /** 385 * tty_find_polling_driver - find device of a polled tty 386 * @name: name string to match 387 * @line: pointer to resulting tty line nr 388 * 389 * This routine returns a tty driver structure, given a name 390 * and the condition that the tty driver is capable of polled 391 * operation. 392 */ 393 struct tty_driver *tty_find_polling_driver(char *name, int *line) 394 { 395 struct tty_driver *p, *res = NULL; 396 int tty_line = 0; 397 int len; 398 char *str, *stp; 399 400 for (str = name; *str; str++) 401 if ((*str >= '0' && *str <= '9') || *str == ',') 402 break; 403 if (!*str) 404 return NULL; 405 406 len = str - name; 407 tty_line = simple_strtoul(str, &str, 10); 408 409 mutex_lock(&tty_mutex); 410 /* Search through the tty devices to look for a match */ 411 list_for_each_entry(p, &tty_drivers, tty_drivers) { 412 if (!len || strncmp(name, p->name, len) != 0) 413 continue; 414 stp = str; 415 if (*stp == ',') 416 stp++; 417 if (*stp == '\0') 418 stp = NULL; 419 420 if (tty_line >= 0 && tty_line < p->num && p->ops && 421 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 422 res = tty_driver_kref_get(p); 423 *line = tty_line; 424 break; 425 } 426 } 427 mutex_unlock(&tty_mutex); 428 429 return res; 430 } 431 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 432 #endif 433 434 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 435 size_t count, loff_t *ppos) 436 { 437 return 0; 438 } 439 440 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 441 size_t count, loff_t *ppos) 442 { 443 return -EIO; 444 } 445 446 /* No kernel lock held - none needed ;) */ 447 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait) 448 { 449 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM; 450 } 451 452 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 453 unsigned long arg) 454 { 455 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 456 } 457 458 static long hung_up_tty_compat_ioctl(struct file *file, 459 unsigned int cmd, unsigned long arg) 460 { 461 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 462 } 463 464 static int hung_up_tty_fasync(int fd, struct file *file, int on) 465 { 466 return -ENOTTY; 467 } 468 469 static void tty_show_fdinfo(struct seq_file *m, struct file *file) 470 { 471 struct tty_struct *tty = file_tty(file); 472 473 if (tty && tty->ops && tty->ops->show_fdinfo) 474 tty->ops->show_fdinfo(tty, m); 475 } 476 477 static const struct file_operations tty_fops = { 478 .llseek = no_llseek, 479 .read = tty_read, 480 .write = tty_write, 481 .poll = tty_poll, 482 .unlocked_ioctl = tty_ioctl, 483 .compat_ioctl = tty_compat_ioctl, 484 .open = tty_open, 485 .release = tty_release, 486 .fasync = tty_fasync, 487 .show_fdinfo = tty_show_fdinfo, 488 }; 489 490 static const struct file_operations console_fops = { 491 .llseek = no_llseek, 492 .read = tty_read, 493 .write = redirected_tty_write, 494 .poll = tty_poll, 495 .unlocked_ioctl = tty_ioctl, 496 .compat_ioctl = tty_compat_ioctl, 497 .open = tty_open, 498 .release = tty_release, 499 .fasync = tty_fasync, 500 }; 501 502 static const struct file_operations hung_up_tty_fops = { 503 .llseek = no_llseek, 504 .read = hung_up_tty_read, 505 .write = hung_up_tty_write, 506 .poll = hung_up_tty_poll, 507 .unlocked_ioctl = hung_up_tty_ioctl, 508 .compat_ioctl = hung_up_tty_compat_ioctl, 509 .release = tty_release, 510 .fasync = hung_up_tty_fasync, 511 }; 512 513 static DEFINE_SPINLOCK(redirect_lock); 514 static struct file *redirect; 515 516 /** 517 * tty_wakeup - request more data 518 * @tty: terminal 519 * 520 * Internal and external helper for wakeups of tty. This function 521 * informs the line discipline if present that the driver is ready 522 * to receive more output data. 523 */ 524 525 void tty_wakeup(struct tty_struct *tty) 526 { 527 struct tty_ldisc *ld; 528 529 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 530 ld = tty_ldisc_ref(tty); 531 if (ld) { 532 if (ld->ops->write_wakeup) 533 ld->ops->write_wakeup(tty); 534 tty_ldisc_deref(ld); 535 } 536 } 537 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 538 } 539 540 EXPORT_SYMBOL_GPL(tty_wakeup); 541 542 /** 543 * __tty_hangup - actual handler for hangup events 544 * @work: tty device 545 * 546 * This can be called by a "kworker" kernel thread. That is process 547 * synchronous but doesn't hold any locks, so we need to make sure we 548 * have the appropriate locks for what we're doing. 549 * 550 * The hangup event clears any pending redirections onto the hung up 551 * device. It ensures future writes will error and it does the needed 552 * line discipline hangup and signal delivery. The tty object itself 553 * remains intact. 554 * 555 * Locking: 556 * BTM 557 * redirect lock for undoing redirection 558 * file list lock for manipulating list of ttys 559 * tty_ldiscs_lock from called functions 560 * termios_rwsem resetting termios data 561 * tasklist_lock to walk task list for hangup event 562 * ->siglock to protect ->signal/->sighand 563 */ 564 static void __tty_hangup(struct tty_struct *tty, int exit_session) 565 { 566 struct file *cons_filp = NULL; 567 struct file *filp, *f = NULL; 568 struct tty_file_private *priv; 569 int closecount = 0, n; 570 int refs; 571 572 if (!tty) 573 return; 574 575 576 spin_lock(&redirect_lock); 577 if (redirect && file_tty(redirect) == tty) { 578 f = redirect; 579 redirect = NULL; 580 } 581 spin_unlock(&redirect_lock); 582 583 tty_lock(tty); 584 585 if (test_bit(TTY_HUPPED, &tty->flags)) { 586 tty_unlock(tty); 587 return; 588 } 589 590 /* 591 * Some console devices aren't actually hung up for technical and 592 * historical reasons, which can lead to indefinite interruptible 593 * sleep in n_tty_read(). The following explicitly tells 594 * n_tty_read() to abort readers. 595 */ 596 set_bit(TTY_HUPPING, &tty->flags); 597 598 /* inuse_filps is protected by the single tty lock, 599 this really needs to change if we want to flush the 600 workqueue with the lock held */ 601 check_tty_count(tty, "tty_hangup"); 602 603 spin_lock(&tty->files_lock); 604 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 605 list_for_each_entry(priv, &tty->tty_files, list) { 606 filp = priv->file; 607 if (filp->f_op->write == redirected_tty_write) 608 cons_filp = filp; 609 if (filp->f_op->write != tty_write) 610 continue; 611 closecount++; 612 __tty_fasync(-1, filp, 0); /* can't block */ 613 filp->f_op = &hung_up_tty_fops; 614 } 615 spin_unlock(&tty->files_lock); 616 617 refs = tty_signal_session_leader(tty, exit_session); 618 /* Account for the p->signal references we killed */ 619 while (refs--) 620 tty_kref_put(tty); 621 622 tty_ldisc_hangup(tty, cons_filp != NULL); 623 624 spin_lock_irq(&tty->ctrl_lock); 625 clear_bit(TTY_THROTTLED, &tty->flags); 626 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 627 put_pid(tty->session); 628 put_pid(tty->pgrp); 629 tty->session = NULL; 630 tty->pgrp = NULL; 631 tty->ctrl_status = 0; 632 spin_unlock_irq(&tty->ctrl_lock); 633 634 /* 635 * If one of the devices matches a console pointer, we 636 * cannot just call hangup() because that will cause 637 * tty->count and state->count to go out of sync. 638 * So we just call close() the right number of times. 639 */ 640 if (cons_filp) { 641 if (tty->ops->close) 642 for (n = 0; n < closecount; n++) 643 tty->ops->close(tty, cons_filp); 644 } else if (tty->ops->hangup) 645 tty->ops->hangup(tty); 646 /* 647 * We don't want to have driver/ldisc interactions beyond the ones 648 * we did here. The driver layer expects no calls after ->hangup() 649 * from the ldisc side, which is now guaranteed. 650 */ 651 set_bit(TTY_HUPPED, &tty->flags); 652 clear_bit(TTY_HUPPING, &tty->flags); 653 tty_unlock(tty); 654 655 if (f) 656 fput(f); 657 } 658 659 static void do_tty_hangup(struct work_struct *work) 660 { 661 struct tty_struct *tty = 662 container_of(work, struct tty_struct, hangup_work); 663 664 __tty_hangup(tty, 0); 665 } 666 667 /** 668 * tty_hangup - trigger a hangup event 669 * @tty: tty to hangup 670 * 671 * A carrier loss (virtual or otherwise) has occurred on this like 672 * schedule a hangup sequence to run after this event. 673 */ 674 675 void tty_hangup(struct tty_struct *tty) 676 { 677 tty_debug_hangup(tty, "hangup\n"); 678 schedule_work(&tty->hangup_work); 679 } 680 681 EXPORT_SYMBOL(tty_hangup); 682 683 /** 684 * tty_vhangup - process vhangup 685 * @tty: tty to hangup 686 * 687 * The user has asked via system call for the terminal to be hung up. 688 * We do this synchronously so that when the syscall returns the process 689 * is complete. That guarantee is necessary for security reasons. 690 */ 691 692 void tty_vhangup(struct tty_struct *tty) 693 { 694 tty_debug_hangup(tty, "vhangup\n"); 695 __tty_hangup(tty, 0); 696 } 697 698 EXPORT_SYMBOL(tty_vhangup); 699 700 701 /** 702 * tty_vhangup_self - process vhangup for own ctty 703 * 704 * Perform a vhangup on the current controlling tty 705 */ 706 707 void tty_vhangup_self(void) 708 { 709 struct tty_struct *tty; 710 711 tty = get_current_tty(); 712 if (tty) { 713 tty_vhangup(tty); 714 tty_kref_put(tty); 715 } 716 } 717 718 /** 719 * tty_vhangup_session - hangup session leader exit 720 * @tty: tty to hangup 721 * 722 * The session leader is exiting and hanging up its controlling terminal. 723 * Every process in the foreground process group is signalled SIGHUP. 724 * 725 * We do this synchronously so that when the syscall returns the process 726 * is complete. That guarantee is necessary for security reasons. 727 */ 728 729 void tty_vhangup_session(struct tty_struct *tty) 730 { 731 tty_debug_hangup(tty, "session hangup\n"); 732 __tty_hangup(tty, 1); 733 } 734 735 /** 736 * tty_hung_up_p - was tty hung up 737 * @filp: file pointer of tty 738 * 739 * Return true if the tty has been subject to a vhangup or a carrier 740 * loss 741 */ 742 743 int tty_hung_up_p(struct file *filp) 744 { 745 return (filp && filp->f_op == &hung_up_tty_fops); 746 } 747 748 EXPORT_SYMBOL(tty_hung_up_p); 749 750 /** 751 * stop_tty - propagate flow control 752 * @tty: tty to stop 753 * 754 * Perform flow control to the driver. May be called 755 * on an already stopped device and will not re-call the driver 756 * method. 757 * 758 * This functionality is used by both the line disciplines for 759 * halting incoming flow and by the driver. It may therefore be 760 * called from any context, may be under the tty atomic_write_lock 761 * but not always. 762 * 763 * Locking: 764 * flow_lock 765 */ 766 767 void __stop_tty(struct tty_struct *tty) 768 { 769 if (tty->stopped) 770 return; 771 tty->stopped = 1; 772 if (tty->ops->stop) 773 tty->ops->stop(tty); 774 } 775 776 void stop_tty(struct tty_struct *tty) 777 { 778 unsigned long flags; 779 780 spin_lock_irqsave(&tty->flow_lock, flags); 781 __stop_tty(tty); 782 spin_unlock_irqrestore(&tty->flow_lock, flags); 783 } 784 EXPORT_SYMBOL(stop_tty); 785 786 /** 787 * start_tty - propagate flow control 788 * @tty: tty to start 789 * 790 * Start a tty that has been stopped if at all possible. If this 791 * tty was previous stopped and is now being started, the driver 792 * start method is invoked and the line discipline woken. 793 * 794 * Locking: 795 * flow_lock 796 */ 797 798 void __start_tty(struct tty_struct *tty) 799 { 800 if (!tty->stopped || tty->flow_stopped) 801 return; 802 tty->stopped = 0; 803 if (tty->ops->start) 804 tty->ops->start(tty); 805 tty_wakeup(tty); 806 } 807 808 void start_tty(struct tty_struct *tty) 809 { 810 unsigned long flags; 811 812 spin_lock_irqsave(&tty->flow_lock, flags); 813 __start_tty(tty); 814 spin_unlock_irqrestore(&tty->flow_lock, flags); 815 } 816 EXPORT_SYMBOL(start_tty); 817 818 static void tty_update_time(struct timespec64 *time) 819 { 820 time64_t sec = ktime_get_real_seconds(); 821 822 /* 823 * We only care if the two values differ in anything other than the 824 * lower three bits (i.e every 8 seconds). If so, then we can update 825 * the time of the tty device, otherwise it could be construded as a 826 * security leak to let userspace know the exact timing of the tty. 827 */ 828 if ((sec ^ time->tv_sec) & ~7) 829 time->tv_sec = sec; 830 } 831 832 /** 833 * tty_read - read method for tty device files 834 * @file: pointer to tty file 835 * @buf: user buffer 836 * @count: size of user buffer 837 * @ppos: unused 838 * 839 * Perform the read system call function on this terminal device. Checks 840 * for hung up devices before calling the line discipline method. 841 * 842 * Locking: 843 * Locks the line discipline internally while needed. Multiple 844 * read calls may be outstanding in parallel. 845 */ 846 847 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 848 loff_t *ppos) 849 { 850 int i; 851 struct inode *inode = file_inode(file); 852 struct tty_struct *tty = file_tty(file); 853 struct tty_ldisc *ld; 854 855 if (tty_paranoia_check(tty, inode, "tty_read")) 856 return -EIO; 857 if (!tty || tty_io_error(tty)) 858 return -EIO; 859 860 /* We want to wait for the line discipline to sort out in this 861 situation */ 862 ld = tty_ldisc_ref_wait(tty); 863 if (!ld) 864 return hung_up_tty_read(file, buf, count, ppos); 865 if (ld->ops->read) 866 i = ld->ops->read(tty, file, buf, count); 867 else 868 i = -EIO; 869 tty_ldisc_deref(ld); 870 871 if (i > 0) 872 tty_update_time(&inode->i_atime); 873 874 return i; 875 } 876 877 static void tty_write_unlock(struct tty_struct *tty) 878 { 879 mutex_unlock(&tty->atomic_write_lock); 880 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 881 } 882 883 static int tty_write_lock(struct tty_struct *tty, int ndelay) 884 { 885 if (!mutex_trylock(&tty->atomic_write_lock)) { 886 if (ndelay) 887 return -EAGAIN; 888 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 889 return -ERESTARTSYS; 890 } 891 return 0; 892 } 893 894 /* 895 * Split writes up in sane blocksizes to avoid 896 * denial-of-service type attacks 897 */ 898 static inline ssize_t do_tty_write( 899 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 900 struct tty_struct *tty, 901 struct file *file, 902 const char __user *buf, 903 size_t count) 904 { 905 ssize_t ret, written = 0; 906 unsigned int chunk; 907 908 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 909 if (ret < 0) 910 return ret; 911 912 /* 913 * We chunk up writes into a temporary buffer. This 914 * simplifies low-level drivers immensely, since they 915 * don't have locking issues and user mode accesses. 916 * 917 * But if TTY_NO_WRITE_SPLIT is set, we should use a 918 * big chunk-size.. 919 * 920 * The default chunk-size is 2kB, because the NTTY 921 * layer has problems with bigger chunks. It will 922 * claim to be able to handle more characters than 923 * it actually does. 924 * 925 * FIXME: This can probably go away now except that 64K chunks 926 * are too likely to fail unless switched to vmalloc... 927 */ 928 chunk = 2048; 929 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 930 chunk = 65536; 931 if (count < chunk) 932 chunk = count; 933 934 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 935 if (tty->write_cnt < chunk) { 936 unsigned char *buf_chunk; 937 938 if (chunk < 1024) 939 chunk = 1024; 940 941 buf_chunk = kmalloc(chunk, GFP_KERNEL); 942 if (!buf_chunk) { 943 ret = -ENOMEM; 944 goto out; 945 } 946 kfree(tty->write_buf); 947 tty->write_cnt = chunk; 948 tty->write_buf = buf_chunk; 949 } 950 951 /* Do the write .. */ 952 for (;;) { 953 size_t size = count; 954 if (size > chunk) 955 size = chunk; 956 ret = -EFAULT; 957 if (copy_from_user(tty->write_buf, buf, size)) 958 break; 959 ret = write(tty, file, tty->write_buf, size); 960 if (ret <= 0) 961 break; 962 written += ret; 963 buf += ret; 964 count -= ret; 965 if (!count) 966 break; 967 ret = -ERESTARTSYS; 968 if (signal_pending(current)) 969 break; 970 cond_resched(); 971 } 972 if (written) { 973 tty_update_time(&file_inode(file)->i_mtime); 974 ret = written; 975 } 976 out: 977 tty_write_unlock(tty); 978 return ret; 979 } 980 981 /** 982 * tty_write_message - write a message to a certain tty, not just the console. 983 * @tty: the destination tty_struct 984 * @msg: the message to write 985 * 986 * This is used for messages that need to be redirected to a specific tty. 987 * We don't put it into the syslog queue right now maybe in the future if 988 * really needed. 989 * 990 * We must still hold the BTM and test the CLOSING flag for the moment. 991 */ 992 993 void tty_write_message(struct tty_struct *tty, char *msg) 994 { 995 if (tty) { 996 mutex_lock(&tty->atomic_write_lock); 997 tty_lock(tty); 998 if (tty->ops->write && tty->count > 0) 999 tty->ops->write(tty, msg, strlen(msg)); 1000 tty_unlock(tty); 1001 tty_write_unlock(tty); 1002 } 1003 return; 1004 } 1005 1006 1007 /** 1008 * tty_write - write method for tty device file 1009 * @file: tty file pointer 1010 * @buf: user data to write 1011 * @count: bytes to write 1012 * @ppos: unused 1013 * 1014 * Write data to a tty device via the line discipline. 1015 * 1016 * Locking: 1017 * Locks the line discipline as required 1018 * Writes to the tty driver are serialized by the atomic_write_lock 1019 * and are then processed in chunks to the device. The line discipline 1020 * write method will not be invoked in parallel for each device. 1021 */ 1022 1023 static ssize_t tty_write(struct file *file, const char __user *buf, 1024 size_t count, loff_t *ppos) 1025 { 1026 struct tty_struct *tty = file_tty(file); 1027 struct tty_ldisc *ld; 1028 ssize_t ret; 1029 1030 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1031 return -EIO; 1032 if (!tty || !tty->ops->write || tty_io_error(tty)) 1033 return -EIO; 1034 /* Short term debug to catch buggy drivers */ 1035 if (tty->ops->write_room == NULL) 1036 tty_err(tty, "missing write_room method\n"); 1037 ld = tty_ldisc_ref_wait(tty); 1038 if (!ld) 1039 return hung_up_tty_write(file, buf, count, ppos); 1040 if (!ld->ops->write) 1041 ret = -EIO; 1042 else 1043 ret = do_tty_write(ld->ops->write, tty, file, buf, count); 1044 tty_ldisc_deref(ld); 1045 return ret; 1046 } 1047 1048 ssize_t redirected_tty_write(struct file *file, const char __user *buf, 1049 size_t count, loff_t *ppos) 1050 { 1051 struct file *p = NULL; 1052 1053 spin_lock(&redirect_lock); 1054 if (redirect) 1055 p = get_file(redirect); 1056 spin_unlock(&redirect_lock); 1057 1058 if (p) { 1059 ssize_t res; 1060 res = vfs_write(p, buf, count, &p->f_pos); 1061 fput(p); 1062 return res; 1063 } 1064 return tty_write(file, buf, count, ppos); 1065 } 1066 1067 /** 1068 * tty_send_xchar - send priority character 1069 * 1070 * Send a high priority character to the tty even if stopped 1071 * 1072 * Locking: none for xchar method, write ordering for write method. 1073 */ 1074 1075 int tty_send_xchar(struct tty_struct *tty, char ch) 1076 { 1077 int was_stopped = tty->stopped; 1078 1079 if (tty->ops->send_xchar) { 1080 down_read(&tty->termios_rwsem); 1081 tty->ops->send_xchar(tty, ch); 1082 up_read(&tty->termios_rwsem); 1083 return 0; 1084 } 1085 1086 if (tty_write_lock(tty, 0) < 0) 1087 return -ERESTARTSYS; 1088 1089 down_read(&tty->termios_rwsem); 1090 if (was_stopped) 1091 start_tty(tty); 1092 tty->ops->write(tty, &ch, 1); 1093 if (was_stopped) 1094 stop_tty(tty); 1095 up_read(&tty->termios_rwsem); 1096 tty_write_unlock(tty); 1097 return 0; 1098 } 1099 1100 static char ptychar[] = "pqrstuvwxyzabcde"; 1101 1102 /** 1103 * pty_line_name - generate name for a pty 1104 * @driver: the tty driver in use 1105 * @index: the minor number 1106 * @p: output buffer of at least 6 bytes 1107 * 1108 * Generate a name from a driver reference and write it to the output 1109 * buffer. 1110 * 1111 * Locking: None 1112 */ 1113 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1114 { 1115 int i = index + driver->name_base; 1116 /* ->name is initialized to "ttyp", but "tty" is expected */ 1117 sprintf(p, "%s%c%x", 1118 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1119 ptychar[i >> 4 & 0xf], i & 0xf); 1120 } 1121 1122 /** 1123 * tty_line_name - generate name for a tty 1124 * @driver: the tty driver in use 1125 * @index: the minor number 1126 * @p: output buffer of at least 7 bytes 1127 * 1128 * Generate a name from a driver reference and write it to the output 1129 * buffer. 1130 * 1131 * Locking: None 1132 */ 1133 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1134 { 1135 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1136 return sprintf(p, "%s", driver->name); 1137 else 1138 return sprintf(p, "%s%d", driver->name, 1139 index + driver->name_base); 1140 } 1141 1142 /** 1143 * tty_driver_lookup_tty() - find an existing tty, if any 1144 * @driver: the driver for the tty 1145 * @idx: the minor number 1146 * 1147 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the 1148 * driver lookup() method returns an error. 1149 * 1150 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1151 */ 1152 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1153 struct file *file, int idx) 1154 { 1155 struct tty_struct *tty; 1156 1157 if (driver->ops->lookup) 1158 if (!file) 1159 tty = ERR_PTR(-EIO); 1160 else 1161 tty = driver->ops->lookup(driver, file, idx); 1162 else 1163 tty = driver->ttys[idx]; 1164 1165 if (!IS_ERR(tty)) 1166 tty_kref_get(tty); 1167 return tty; 1168 } 1169 1170 /** 1171 * tty_init_termios - helper for termios setup 1172 * @tty: the tty to set up 1173 * 1174 * Initialise the termios structures for this tty. Thus runs under 1175 * the tty_mutex currently so we can be relaxed about ordering. 1176 */ 1177 1178 void tty_init_termios(struct tty_struct *tty) 1179 { 1180 struct ktermios *tp; 1181 int idx = tty->index; 1182 1183 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1184 tty->termios = tty->driver->init_termios; 1185 else { 1186 /* Check for lazy saved data */ 1187 tp = tty->driver->termios[idx]; 1188 if (tp != NULL) { 1189 tty->termios = *tp; 1190 tty->termios.c_line = tty->driver->init_termios.c_line; 1191 } else 1192 tty->termios = tty->driver->init_termios; 1193 } 1194 /* Compatibility until drivers always set this */ 1195 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1196 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1197 } 1198 EXPORT_SYMBOL_GPL(tty_init_termios); 1199 1200 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1201 { 1202 tty_init_termios(tty); 1203 tty_driver_kref_get(driver); 1204 tty->count++; 1205 driver->ttys[tty->index] = tty; 1206 return 0; 1207 } 1208 EXPORT_SYMBOL_GPL(tty_standard_install); 1209 1210 /** 1211 * tty_driver_install_tty() - install a tty entry in the driver 1212 * @driver: the driver for the tty 1213 * @tty: the tty 1214 * 1215 * Install a tty object into the driver tables. The tty->index field 1216 * will be set by the time this is called. This method is responsible 1217 * for ensuring any need additional structures are allocated and 1218 * configured. 1219 * 1220 * Locking: tty_mutex for now 1221 */ 1222 static int tty_driver_install_tty(struct tty_driver *driver, 1223 struct tty_struct *tty) 1224 { 1225 return driver->ops->install ? driver->ops->install(driver, tty) : 1226 tty_standard_install(driver, tty); 1227 } 1228 1229 /** 1230 * tty_driver_remove_tty() - remove a tty from the driver tables 1231 * @driver: the driver for the tty 1232 * @idx: the minor number 1233 * 1234 * Remvoe a tty object from the driver tables. The tty->index field 1235 * will be set by the time this is called. 1236 * 1237 * Locking: tty_mutex for now 1238 */ 1239 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1240 { 1241 if (driver->ops->remove) 1242 driver->ops->remove(driver, tty); 1243 else 1244 driver->ttys[tty->index] = NULL; 1245 } 1246 1247 /* 1248 * tty_reopen() - fast re-open of an open tty 1249 * @tty - the tty to open 1250 * 1251 * Return 0 on success, -errno on error. 1252 * Re-opens on master ptys are not allowed and return -EIO. 1253 * 1254 * Locking: Caller must hold tty_lock 1255 */ 1256 static int tty_reopen(struct tty_struct *tty) 1257 { 1258 struct tty_driver *driver = tty->driver; 1259 struct tty_ldisc *ld; 1260 int retval = 0; 1261 1262 if (driver->type == TTY_DRIVER_TYPE_PTY && 1263 driver->subtype == PTY_TYPE_MASTER) 1264 return -EIO; 1265 1266 if (!tty->count) 1267 return -EAGAIN; 1268 1269 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1270 return -EBUSY; 1271 1272 ld = tty_ldisc_ref_wait(tty); 1273 if (ld) { 1274 tty_ldisc_deref(ld); 1275 } else { 1276 retval = tty_ldisc_lock(tty, 5 * HZ); 1277 if (retval) 1278 return retval; 1279 1280 if (!tty->ldisc) 1281 retval = tty_ldisc_reinit(tty, tty->termios.c_line); 1282 tty_ldisc_unlock(tty); 1283 } 1284 1285 if (retval == 0) 1286 tty->count++; 1287 1288 return retval; 1289 } 1290 1291 /** 1292 * tty_init_dev - initialise a tty device 1293 * @driver: tty driver we are opening a device on 1294 * @idx: device index 1295 * @ret_tty: returned tty structure 1296 * 1297 * Prepare a tty device. This may not be a "new" clean device but 1298 * could also be an active device. The pty drivers require special 1299 * handling because of this. 1300 * 1301 * Locking: 1302 * The function is called under the tty_mutex, which 1303 * protects us from the tty struct or driver itself going away. 1304 * 1305 * On exit the tty device has the line discipline attached and 1306 * a reference count of 1. If a pair was created for pty/tty use 1307 * and the other was a pty master then it too has a reference count of 1. 1308 * 1309 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1310 * failed open. The new code protects the open with a mutex, so it's 1311 * really quite straightforward. The mutex locking can probably be 1312 * relaxed for the (most common) case of reopening a tty. 1313 */ 1314 1315 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1316 { 1317 struct tty_struct *tty; 1318 int retval; 1319 1320 /* 1321 * First time open is complex, especially for PTY devices. 1322 * This code guarantees that either everything succeeds and the 1323 * TTY is ready for operation, or else the table slots are vacated 1324 * and the allocated memory released. (Except that the termios 1325 * may be retained.) 1326 */ 1327 1328 if (!try_module_get(driver->owner)) 1329 return ERR_PTR(-ENODEV); 1330 1331 tty = alloc_tty_struct(driver, idx); 1332 if (!tty) { 1333 retval = -ENOMEM; 1334 goto err_module_put; 1335 } 1336 1337 tty_lock(tty); 1338 retval = tty_driver_install_tty(driver, tty); 1339 if (retval < 0) 1340 goto err_free_tty; 1341 1342 if (!tty->port) 1343 tty->port = driver->ports[idx]; 1344 1345 WARN_RATELIMIT(!tty->port, 1346 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", 1347 __func__, tty->driver->name); 1348 1349 retval = tty_ldisc_lock(tty, 5 * HZ); 1350 if (retval) 1351 goto err_release_lock; 1352 tty->port->itty = tty; 1353 1354 /* 1355 * Structures all installed ... call the ldisc open routines. 1356 * If we fail here just call release_tty to clean up. No need 1357 * to decrement the use counts, as release_tty doesn't care. 1358 */ 1359 retval = tty_ldisc_setup(tty, tty->link); 1360 if (retval) 1361 goto err_release_tty; 1362 tty_ldisc_unlock(tty); 1363 /* Return the tty locked so that it cannot vanish under the caller */ 1364 return tty; 1365 1366 err_free_tty: 1367 tty_unlock(tty); 1368 free_tty_struct(tty); 1369 err_module_put: 1370 module_put(driver->owner); 1371 return ERR_PTR(retval); 1372 1373 /* call the tty release_tty routine to clean out this slot */ 1374 err_release_tty: 1375 tty_ldisc_unlock(tty); 1376 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", 1377 retval, idx); 1378 err_release_lock: 1379 tty_unlock(tty); 1380 release_tty(tty, idx); 1381 return ERR_PTR(retval); 1382 } 1383 1384 /** 1385 * tty_save_termios() - save tty termios data in driver table 1386 * @tty: tty whose termios data to save 1387 * 1388 * Locking: Caller guarantees serialisation with tty_init_termios(). 1389 */ 1390 void tty_save_termios(struct tty_struct *tty) 1391 { 1392 struct ktermios *tp; 1393 int idx = tty->index; 1394 1395 /* If the port is going to reset then it has no termios to save */ 1396 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1397 return; 1398 1399 /* Stash the termios data */ 1400 tp = tty->driver->termios[idx]; 1401 if (tp == NULL) { 1402 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL); 1403 if (tp == NULL) 1404 return; 1405 tty->driver->termios[idx] = tp; 1406 } 1407 *tp = tty->termios; 1408 } 1409 EXPORT_SYMBOL_GPL(tty_save_termios); 1410 1411 /** 1412 * tty_flush_works - flush all works of a tty/pty pair 1413 * @tty: tty device to flush works for (or either end of a pty pair) 1414 * 1415 * Sync flush all works belonging to @tty (and the 'other' tty). 1416 */ 1417 static void tty_flush_works(struct tty_struct *tty) 1418 { 1419 flush_work(&tty->SAK_work); 1420 flush_work(&tty->hangup_work); 1421 if (tty->link) { 1422 flush_work(&tty->link->SAK_work); 1423 flush_work(&tty->link->hangup_work); 1424 } 1425 } 1426 1427 /** 1428 * release_one_tty - release tty structure memory 1429 * @kref: kref of tty we are obliterating 1430 * 1431 * Releases memory associated with a tty structure, and clears out the 1432 * driver table slots. This function is called when a device is no longer 1433 * in use. It also gets called when setup of a device fails. 1434 * 1435 * Locking: 1436 * takes the file list lock internally when working on the list 1437 * of ttys that the driver keeps. 1438 * 1439 * This method gets called from a work queue so that the driver private 1440 * cleanup ops can sleep (needed for USB at least) 1441 */ 1442 static void release_one_tty(struct work_struct *work) 1443 { 1444 struct tty_struct *tty = 1445 container_of(work, struct tty_struct, hangup_work); 1446 struct tty_driver *driver = tty->driver; 1447 struct module *owner = driver->owner; 1448 1449 if (tty->ops->cleanup) 1450 tty->ops->cleanup(tty); 1451 1452 tty->magic = 0; 1453 tty_driver_kref_put(driver); 1454 module_put(owner); 1455 1456 spin_lock(&tty->files_lock); 1457 list_del_init(&tty->tty_files); 1458 spin_unlock(&tty->files_lock); 1459 1460 put_pid(tty->pgrp); 1461 put_pid(tty->session); 1462 free_tty_struct(tty); 1463 } 1464 1465 static void queue_release_one_tty(struct kref *kref) 1466 { 1467 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1468 1469 /* The hangup queue is now free so we can reuse it rather than 1470 waste a chunk of memory for each port */ 1471 INIT_WORK(&tty->hangup_work, release_one_tty); 1472 schedule_work(&tty->hangup_work); 1473 } 1474 1475 /** 1476 * tty_kref_put - release a tty kref 1477 * @tty: tty device 1478 * 1479 * Release a reference to a tty device and if need be let the kref 1480 * layer destruct the object for us 1481 */ 1482 1483 void tty_kref_put(struct tty_struct *tty) 1484 { 1485 if (tty) 1486 kref_put(&tty->kref, queue_release_one_tty); 1487 } 1488 EXPORT_SYMBOL(tty_kref_put); 1489 1490 /** 1491 * release_tty - release tty structure memory 1492 * 1493 * Release both @tty and a possible linked partner (think pty pair), 1494 * and decrement the refcount of the backing module. 1495 * 1496 * Locking: 1497 * tty_mutex 1498 * takes the file list lock internally when working on the list 1499 * of ttys that the driver keeps. 1500 * 1501 */ 1502 static void release_tty(struct tty_struct *tty, int idx) 1503 { 1504 /* This should always be true but check for the moment */ 1505 WARN_ON(tty->index != idx); 1506 WARN_ON(!mutex_is_locked(&tty_mutex)); 1507 if (tty->ops->shutdown) 1508 tty->ops->shutdown(tty); 1509 tty_save_termios(tty); 1510 tty_driver_remove_tty(tty->driver, tty); 1511 tty->port->itty = NULL; 1512 if (tty->link) 1513 tty->link->port->itty = NULL; 1514 tty_buffer_cancel_work(tty->port); 1515 if (tty->link) 1516 tty_buffer_cancel_work(tty->link->port); 1517 1518 tty_kref_put(tty->link); 1519 tty_kref_put(tty); 1520 } 1521 1522 /** 1523 * tty_release_checks - check a tty before real release 1524 * @tty: tty to check 1525 * @o_tty: link of @tty (if any) 1526 * @idx: index of the tty 1527 * 1528 * Performs some paranoid checking before true release of the @tty. 1529 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1530 */ 1531 static int tty_release_checks(struct tty_struct *tty, int idx) 1532 { 1533 #ifdef TTY_PARANOIA_CHECK 1534 if (idx < 0 || idx >= tty->driver->num) { 1535 tty_debug(tty, "bad idx %d\n", idx); 1536 return -1; 1537 } 1538 1539 /* not much to check for devpts */ 1540 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1541 return 0; 1542 1543 if (tty != tty->driver->ttys[idx]) { 1544 tty_debug(tty, "bad driver table[%d] = %p\n", 1545 idx, tty->driver->ttys[idx]); 1546 return -1; 1547 } 1548 if (tty->driver->other) { 1549 struct tty_struct *o_tty = tty->link; 1550 1551 if (o_tty != tty->driver->other->ttys[idx]) { 1552 tty_debug(tty, "bad other table[%d] = %p\n", 1553 idx, tty->driver->other->ttys[idx]); 1554 return -1; 1555 } 1556 if (o_tty->link != tty) { 1557 tty_debug(tty, "bad link = %p\n", o_tty->link); 1558 return -1; 1559 } 1560 } 1561 #endif 1562 return 0; 1563 } 1564 1565 /** 1566 * tty_kclose - closes tty opened by tty_kopen 1567 * @tty: tty device 1568 * 1569 * Performs the final steps to release and free a tty device. It is the 1570 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED 1571 * flag on tty->port. 1572 */ 1573 void tty_kclose(struct tty_struct *tty) 1574 { 1575 /* 1576 * Ask the line discipline code to release its structures 1577 */ 1578 tty_ldisc_release(tty); 1579 1580 /* Wait for pending work before tty destruction commmences */ 1581 tty_flush_works(tty); 1582 1583 tty_debug_hangup(tty, "freeing structure\n"); 1584 /* 1585 * The release_tty function takes care of the details of clearing 1586 * the slots and preserving the termios structure. The tty_unlock_pair 1587 * should be safe as we keep a kref while the tty is locked (so the 1588 * unlock never unlocks a freed tty). 1589 */ 1590 mutex_lock(&tty_mutex); 1591 tty_port_set_kopened(tty->port, 0); 1592 release_tty(tty, tty->index); 1593 mutex_unlock(&tty_mutex); 1594 } 1595 EXPORT_SYMBOL_GPL(tty_kclose); 1596 1597 /** 1598 * tty_release_struct - release a tty struct 1599 * @tty: tty device 1600 * @idx: index of the tty 1601 * 1602 * Performs the final steps to release and free a tty device. It is 1603 * roughly the reverse of tty_init_dev. 1604 */ 1605 void tty_release_struct(struct tty_struct *tty, int idx) 1606 { 1607 /* 1608 * Ask the line discipline code to release its structures 1609 */ 1610 tty_ldisc_release(tty); 1611 1612 /* Wait for pending work before tty destruction commmences */ 1613 tty_flush_works(tty); 1614 1615 tty_debug_hangup(tty, "freeing structure\n"); 1616 /* 1617 * The release_tty function takes care of the details of clearing 1618 * the slots and preserving the termios structure. The tty_unlock_pair 1619 * should be safe as we keep a kref while the tty is locked (so the 1620 * unlock never unlocks a freed tty). 1621 */ 1622 mutex_lock(&tty_mutex); 1623 release_tty(tty, idx); 1624 mutex_unlock(&tty_mutex); 1625 } 1626 EXPORT_SYMBOL_GPL(tty_release_struct); 1627 1628 /** 1629 * tty_release - vfs callback for close 1630 * @inode: inode of tty 1631 * @filp: file pointer for handle to tty 1632 * 1633 * Called the last time each file handle is closed that references 1634 * this tty. There may however be several such references. 1635 * 1636 * Locking: 1637 * Takes bkl. See tty_release_dev 1638 * 1639 * Even releasing the tty structures is a tricky business.. We have 1640 * to be very careful that the structures are all released at the 1641 * same time, as interrupts might otherwise get the wrong pointers. 1642 * 1643 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1644 * lead to double frees or releasing memory still in use. 1645 */ 1646 1647 int tty_release(struct inode *inode, struct file *filp) 1648 { 1649 struct tty_struct *tty = file_tty(filp); 1650 struct tty_struct *o_tty = NULL; 1651 int do_sleep, final; 1652 int idx; 1653 long timeout = 0; 1654 int once = 1; 1655 1656 if (tty_paranoia_check(tty, inode, __func__)) 1657 return 0; 1658 1659 tty_lock(tty); 1660 check_tty_count(tty, __func__); 1661 1662 __tty_fasync(-1, filp, 0); 1663 1664 idx = tty->index; 1665 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1666 tty->driver->subtype == PTY_TYPE_MASTER) 1667 o_tty = tty->link; 1668 1669 if (tty_release_checks(tty, idx)) { 1670 tty_unlock(tty); 1671 return 0; 1672 } 1673 1674 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count); 1675 1676 if (tty->ops->close) 1677 tty->ops->close(tty, filp); 1678 1679 /* If tty is pty master, lock the slave pty (stable lock order) */ 1680 tty_lock_slave(o_tty); 1681 1682 /* 1683 * Sanity check: if tty->count is going to zero, there shouldn't be 1684 * any waiters on tty->read_wait or tty->write_wait. We test the 1685 * wait queues and kick everyone out _before_ actually starting to 1686 * close. This ensures that we won't block while releasing the tty 1687 * structure. 1688 * 1689 * The test for the o_tty closing is necessary, since the master and 1690 * slave sides may close in any order. If the slave side closes out 1691 * first, its count will be one, since the master side holds an open. 1692 * Thus this test wouldn't be triggered at the time the slave closed, 1693 * so we do it now. 1694 */ 1695 while (1) { 1696 do_sleep = 0; 1697 1698 if (tty->count <= 1) { 1699 if (waitqueue_active(&tty->read_wait)) { 1700 wake_up_poll(&tty->read_wait, EPOLLIN); 1701 do_sleep++; 1702 } 1703 if (waitqueue_active(&tty->write_wait)) { 1704 wake_up_poll(&tty->write_wait, EPOLLOUT); 1705 do_sleep++; 1706 } 1707 } 1708 if (o_tty && o_tty->count <= 1) { 1709 if (waitqueue_active(&o_tty->read_wait)) { 1710 wake_up_poll(&o_tty->read_wait, EPOLLIN); 1711 do_sleep++; 1712 } 1713 if (waitqueue_active(&o_tty->write_wait)) { 1714 wake_up_poll(&o_tty->write_wait, EPOLLOUT); 1715 do_sleep++; 1716 } 1717 } 1718 if (!do_sleep) 1719 break; 1720 1721 if (once) { 1722 once = 0; 1723 tty_warn(tty, "read/write wait queue active!\n"); 1724 } 1725 schedule_timeout_killable(timeout); 1726 if (timeout < 120 * HZ) 1727 timeout = 2 * timeout + 1; 1728 else 1729 timeout = MAX_SCHEDULE_TIMEOUT; 1730 } 1731 1732 if (o_tty) { 1733 if (--o_tty->count < 0) { 1734 tty_warn(tty, "bad slave count (%d)\n", o_tty->count); 1735 o_tty->count = 0; 1736 } 1737 } 1738 if (--tty->count < 0) { 1739 tty_warn(tty, "bad tty->count (%d)\n", tty->count); 1740 tty->count = 0; 1741 } 1742 1743 /* 1744 * We've decremented tty->count, so we need to remove this file 1745 * descriptor off the tty->tty_files list; this serves two 1746 * purposes: 1747 * - check_tty_count sees the correct number of file descriptors 1748 * associated with this tty. 1749 * - do_tty_hangup no longer sees this file descriptor as 1750 * something that needs to be handled for hangups. 1751 */ 1752 tty_del_file(filp); 1753 1754 /* 1755 * Perform some housekeeping before deciding whether to return. 1756 * 1757 * If _either_ side is closing, make sure there aren't any 1758 * processes that still think tty or o_tty is their controlling 1759 * tty. 1760 */ 1761 if (!tty->count) { 1762 read_lock(&tasklist_lock); 1763 session_clear_tty(tty->session); 1764 if (o_tty) 1765 session_clear_tty(o_tty->session); 1766 read_unlock(&tasklist_lock); 1767 } 1768 1769 /* check whether both sides are closing ... */ 1770 final = !tty->count && !(o_tty && o_tty->count); 1771 1772 tty_unlock_slave(o_tty); 1773 tty_unlock(tty); 1774 1775 /* At this point, the tty->count == 0 should ensure a dead tty 1776 cannot be re-opened by a racing opener */ 1777 1778 if (!final) 1779 return 0; 1780 1781 tty_debug_hangup(tty, "final close\n"); 1782 1783 tty_release_struct(tty, idx); 1784 return 0; 1785 } 1786 1787 /** 1788 * tty_open_current_tty - get locked tty of current task 1789 * @device: device number 1790 * @filp: file pointer to tty 1791 * @return: locked tty of the current task iff @device is /dev/tty 1792 * 1793 * Performs a re-open of the current task's controlling tty. 1794 * 1795 * We cannot return driver and index like for the other nodes because 1796 * devpts will not work then. It expects inodes to be from devpts FS. 1797 */ 1798 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1799 { 1800 struct tty_struct *tty; 1801 int retval; 1802 1803 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1804 return NULL; 1805 1806 tty = get_current_tty(); 1807 if (!tty) 1808 return ERR_PTR(-ENXIO); 1809 1810 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1811 /* noctty = 1; */ 1812 tty_lock(tty); 1813 tty_kref_put(tty); /* safe to drop the kref now */ 1814 1815 retval = tty_reopen(tty); 1816 if (retval < 0) { 1817 tty_unlock(tty); 1818 tty = ERR_PTR(retval); 1819 } 1820 return tty; 1821 } 1822 1823 /** 1824 * tty_lookup_driver - lookup a tty driver for a given device file 1825 * @device: device number 1826 * @filp: file pointer to tty 1827 * @index: index for the device in the @return driver 1828 * @return: driver for this inode (with increased refcount) 1829 * 1830 * If @return is not erroneous, the caller is responsible to decrement the 1831 * refcount by tty_driver_kref_put. 1832 * 1833 * Locking: tty_mutex protects get_tty_driver 1834 */ 1835 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1836 int *index) 1837 { 1838 struct tty_driver *driver; 1839 1840 switch (device) { 1841 #ifdef CONFIG_VT 1842 case MKDEV(TTY_MAJOR, 0): { 1843 extern struct tty_driver *console_driver; 1844 driver = tty_driver_kref_get(console_driver); 1845 *index = fg_console; 1846 break; 1847 } 1848 #endif 1849 case MKDEV(TTYAUX_MAJOR, 1): { 1850 struct tty_driver *console_driver = console_device(index); 1851 if (console_driver) { 1852 driver = tty_driver_kref_get(console_driver); 1853 if (driver && filp) { 1854 /* Don't let /dev/console block */ 1855 filp->f_flags |= O_NONBLOCK; 1856 break; 1857 } 1858 } 1859 return ERR_PTR(-ENODEV); 1860 } 1861 default: 1862 driver = get_tty_driver(device, index); 1863 if (!driver) 1864 return ERR_PTR(-ENODEV); 1865 break; 1866 } 1867 return driver; 1868 } 1869 1870 /** 1871 * tty_kopen - open a tty device for kernel 1872 * @device: dev_t of device to open 1873 * 1874 * Opens tty exclusively for kernel. Performs the driver lookup, 1875 * makes sure it's not already opened and performs the first-time 1876 * tty initialization. 1877 * 1878 * Returns the locked initialized &tty_struct 1879 * 1880 * Claims the global tty_mutex to serialize: 1881 * - concurrent first-time tty initialization 1882 * - concurrent tty driver removal w/ lookup 1883 * - concurrent tty removal from driver table 1884 */ 1885 struct tty_struct *tty_kopen(dev_t device) 1886 { 1887 struct tty_struct *tty; 1888 struct tty_driver *driver = NULL; 1889 int index = -1; 1890 1891 mutex_lock(&tty_mutex); 1892 driver = tty_lookup_driver(device, NULL, &index); 1893 if (IS_ERR(driver)) { 1894 mutex_unlock(&tty_mutex); 1895 return ERR_CAST(driver); 1896 } 1897 1898 /* check whether we're reopening an existing tty */ 1899 tty = tty_driver_lookup_tty(driver, NULL, index); 1900 if (IS_ERR(tty)) 1901 goto out; 1902 1903 if (tty) { 1904 /* drop kref from tty_driver_lookup_tty() */ 1905 tty_kref_put(tty); 1906 tty = ERR_PTR(-EBUSY); 1907 } else { /* tty_init_dev returns tty with the tty_lock held */ 1908 tty = tty_init_dev(driver, index); 1909 if (IS_ERR(tty)) 1910 goto out; 1911 tty_port_set_kopened(tty->port, 1); 1912 } 1913 out: 1914 mutex_unlock(&tty_mutex); 1915 tty_driver_kref_put(driver); 1916 return tty; 1917 } 1918 EXPORT_SYMBOL_GPL(tty_kopen); 1919 1920 /** 1921 * tty_open_by_driver - open a tty device 1922 * @device: dev_t of device to open 1923 * @inode: inode of device file 1924 * @filp: file pointer to tty 1925 * 1926 * Performs the driver lookup, checks for a reopen, or otherwise 1927 * performs the first-time tty initialization. 1928 * 1929 * Returns the locked initialized or re-opened &tty_struct 1930 * 1931 * Claims the global tty_mutex to serialize: 1932 * - concurrent first-time tty initialization 1933 * - concurrent tty driver removal w/ lookup 1934 * - concurrent tty removal from driver table 1935 */ 1936 static struct tty_struct *tty_open_by_driver(dev_t device, struct inode *inode, 1937 struct file *filp) 1938 { 1939 struct tty_struct *tty; 1940 struct tty_driver *driver = NULL; 1941 int index = -1; 1942 int retval; 1943 1944 mutex_lock(&tty_mutex); 1945 driver = tty_lookup_driver(device, filp, &index); 1946 if (IS_ERR(driver)) { 1947 mutex_unlock(&tty_mutex); 1948 return ERR_CAST(driver); 1949 } 1950 1951 /* check whether we're reopening an existing tty */ 1952 tty = tty_driver_lookup_tty(driver, filp, index); 1953 if (IS_ERR(tty)) { 1954 mutex_unlock(&tty_mutex); 1955 goto out; 1956 } 1957 1958 if (tty) { 1959 if (tty_port_kopened(tty->port)) { 1960 tty_kref_put(tty); 1961 mutex_unlock(&tty_mutex); 1962 tty = ERR_PTR(-EBUSY); 1963 goto out; 1964 } 1965 mutex_unlock(&tty_mutex); 1966 retval = tty_lock_interruptible(tty); 1967 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */ 1968 if (retval) { 1969 if (retval == -EINTR) 1970 retval = -ERESTARTSYS; 1971 tty = ERR_PTR(retval); 1972 goto out; 1973 } 1974 retval = tty_reopen(tty); 1975 if (retval < 0) { 1976 tty_unlock(tty); 1977 tty = ERR_PTR(retval); 1978 } 1979 } else { /* Returns with the tty_lock held for now */ 1980 tty = tty_init_dev(driver, index); 1981 mutex_unlock(&tty_mutex); 1982 } 1983 out: 1984 tty_driver_kref_put(driver); 1985 return tty; 1986 } 1987 1988 /** 1989 * tty_open - open a tty device 1990 * @inode: inode of device file 1991 * @filp: file pointer to tty 1992 * 1993 * tty_open and tty_release keep up the tty count that contains the 1994 * number of opens done on a tty. We cannot use the inode-count, as 1995 * different inodes might point to the same tty. 1996 * 1997 * Open-counting is needed for pty masters, as well as for keeping 1998 * track of serial lines: DTR is dropped when the last close happens. 1999 * (This is not done solely through tty->count, now. - Ted 1/27/92) 2000 * 2001 * The termios state of a pty is reset on first open so that 2002 * settings don't persist across reuse. 2003 * 2004 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 2005 * tty->count should protect the rest. 2006 * ->siglock protects ->signal/->sighand 2007 * 2008 * Note: the tty_unlock/lock cases without a ref are only safe due to 2009 * tty_mutex 2010 */ 2011 2012 static int tty_open(struct inode *inode, struct file *filp) 2013 { 2014 struct tty_struct *tty; 2015 int noctty, retval; 2016 dev_t device = inode->i_rdev; 2017 unsigned saved_flags = filp->f_flags; 2018 2019 nonseekable_open(inode, filp); 2020 2021 retry_open: 2022 retval = tty_alloc_file(filp); 2023 if (retval) 2024 return -ENOMEM; 2025 2026 tty = tty_open_current_tty(device, filp); 2027 if (!tty) 2028 tty = tty_open_by_driver(device, inode, filp); 2029 2030 if (IS_ERR(tty)) { 2031 tty_free_file(filp); 2032 retval = PTR_ERR(tty); 2033 if (retval != -EAGAIN || signal_pending(current)) 2034 return retval; 2035 schedule(); 2036 goto retry_open; 2037 } 2038 2039 tty_add_file(tty, filp); 2040 2041 check_tty_count(tty, __func__); 2042 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 2043 2044 if (tty->ops->open) 2045 retval = tty->ops->open(tty, filp); 2046 else 2047 retval = -ENODEV; 2048 filp->f_flags = saved_flags; 2049 2050 if (retval) { 2051 tty_debug_hangup(tty, "open error %d, releasing\n", retval); 2052 2053 tty_unlock(tty); /* need to call tty_release without BTM */ 2054 tty_release(inode, filp); 2055 if (retval != -ERESTARTSYS) 2056 return retval; 2057 2058 if (signal_pending(current)) 2059 return retval; 2060 2061 schedule(); 2062 /* 2063 * Need to reset f_op in case a hangup happened. 2064 */ 2065 if (tty_hung_up_p(filp)) 2066 filp->f_op = &tty_fops; 2067 goto retry_open; 2068 } 2069 clear_bit(TTY_HUPPED, &tty->flags); 2070 2071 noctty = (filp->f_flags & O_NOCTTY) || 2072 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) || 2073 device == MKDEV(TTYAUX_MAJOR, 1) || 2074 (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2075 tty->driver->subtype == PTY_TYPE_MASTER); 2076 if (!noctty) 2077 tty_open_proc_set_tty(filp, tty); 2078 tty_unlock(tty); 2079 return 0; 2080 } 2081 2082 2083 2084 /** 2085 * tty_poll - check tty status 2086 * @filp: file being polled 2087 * @wait: poll wait structures to update 2088 * 2089 * Call the line discipline polling method to obtain the poll 2090 * status of the device. 2091 * 2092 * Locking: locks called line discipline but ldisc poll method 2093 * may be re-entered freely by other callers. 2094 */ 2095 2096 static __poll_t tty_poll(struct file *filp, poll_table *wait) 2097 { 2098 struct tty_struct *tty = file_tty(filp); 2099 struct tty_ldisc *ld; 2100 __poll_t ret = 0; 2101 2102 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2103 return 0; 2104 2105 ld = tty_ldisc_ref_wait(tty); 2106 if (!ld) 2107 return hung_up_tty_poll(filp, wait); 2108 if (ld->ops->poll) 2109 ret = ld->ops->poll(tty, filp, wait); 2110 tty_ldisc_deref(ld); 2111 return ret; 2112 } 2113 2114 static int __tty_fasync(int fd, struct file *filp, int on) 2115 { 2116 struct tty_struct *tty = file_tty(filp); 2117 unsigned long flags; 2118 int retval = 0; 2119 2120 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2121 goto out; 2122 2123 retval = fasync_helper(fd, filp, on, &tty->fasync); 2124 if (retval <= 0) 2125 goto out; 2126 2127 if (on) { 2128 enum pid_type type; 2129 struct pid *pid; 2130 2131 spin_lock_irqsave(&tty->ctrl_lock, flags); 2132 if (tty->pgrp) { 2133 pid = tty->pgrp; 2134 type = PIDTYPE_PGID; 2135 } else { 2136 pid = task_pid(current); 2137 type = PIDTYPE_TGID; 2138 } 2139 get_pid(pid); 2140 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2141 __f_setown(filp, pid, type, 0); 2142 put_pid(pid); 2143 retval = 0; 2144 } 2145 out: 2146 return retval; 2147 } 2148 2149 static int tty_fasync(int fd, struct file *filp, int on) 2150 { 2151 struct tty_struct *tty = file_tty(filp); 2152 int retval = -ENOTTY; 2153 2154 tty_lock(tty); 2155 if (!tty_hung_up_p(filp)) 2156 retval = __tty_fasync(fd, filp, on); 2157 tty_unlock(tty); 2158 2159 return retval; 2160 } 2161 2162 /** 2163 * tiocsti - fake input character 2164 * @tty: tty to fake input into 2165 * @p: pointer to character 2166 * 2167 * Fake input to a tty device. Does the necessary locking and 2168 * input management. 2169 * 2170 * FIXME: does not honour flow control ?? 2171 * 2172 * Locking: 2173 * Called functions take tty_ldiscs_lock 2174 * current->signal->tty check is safe without locks 2175 * 2176 * FIXME: may race normal receive processing 2177 */ 2178 2179 static int tiocsti(struct tty_struct *tty, char __user *p) 2180 { 2181 char ch, mbz = 0; 2182 struct tty_ldisc *ld; 2183 2184 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2185 return -EPERM; 2186 if (get_user(ch, p)) 2187 return -EFAULT; 2188 tty_audit_tiocsti(tty, ch); 2189 ld = tty_ldisc_ref_wait(tty); 2190 if (!ld) 2191 return -EIO; 2192 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2193 tty_ldisc_deref(ld); 2194 return 0; 2195 } 2196 2197 /** 2198 * tiocgwinsz - implement window query ioctl 2199 * @tty; tty 2200 * @arg: user buffer for result 2201 * 2202 * Copies the kernel idea of the window size into the user buffer. 2203 * 2204 * Locking: tty->winsize_mutex is taken to ensure the winsize data 2205 * is consistent. 2206 */ 2207 2208 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2209 { 2210 int err; 2211 2212 mutex_lock(&tty->winsize_mutex); 2213 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2214 mutex_unlock(&tty->winsize_mutex); 2215 2216 return err ? -EFAULT: 0; 2217 } 2218 2219 /** 2220 * tty_do_resize - resize event 2221 * @tty: tty being resized 2222 * @rows: rows (character) 2223 * @cols: cols (character) 2224 * 2225 * Update the termios variables and send the necessary signals to 2226 * peform a terminal resize correctly 2227 */ 2228 2229 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2230 { 2231 struct pid *pgrp; 2232 2233 /* Lock the tty */ 2234 mutex_lock(&tty->winsize_mutex); 2235 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2236 goto done; 2237 2238 /* Signal the foreground process group */ 2239 pgrp = tty_get_pgrp(tty); 2240 if (pgrp) 2241 kill_pgrp(pgrp, SIGWINCH, 1); 2242 put_pid(pgrp); 2243 2244 tty->winsize = *ws; 2245 done: 2246 mutex_unlock(&tty->winsize_mutex); 2247 return 0; 2248 } 2249 EXPORT_SYMBOL(tty_do_resize); 2250 2251 /** 2252 * tiocswinsz - implement window size set ioctl 2253 * @tty; tty side of tty 2254 * @arg: user buffer for result 2255 * 2256 * Copies the user idea of the window size to the kernel. Traditionally 2257 * this is just advisory information but for the Linux console it 2258 * actually has driver level meaning and triggers a VC resize. 2259 * 2260 * Locking: 2261 * Driver dependent. The default do_resize method takes the 2262 * tty termios mutex and ctrl_lock. The console takes its own lock 2263 * then calls into the default method. 2264 */ 2265 2266 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2267 { 2268 struct winsize tmp_ws; 2269 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2270 return -EFAULT; 2271 2272 if (tty->ops->resize) 2273 return tty->ops->resize(tty, &tmp_ws); 2274 else 2275 return tty_do_resize(tty, &tmp_ws); 2276 } 2277 2278 /** 2279 * tioccons - allow admin to move logical console 2280 * @file: the file to become console 2281 * 2282 * Allow the administrator to move the redirected console device 2283 * 2284 * Locking: uses redirect_lock to guard the redirect information 2285 */ 2286 2287 static int tioccons(struct file *file) 2288 { 2289 if (!capable(CAP_SYS_ADMIN)) 2290 return -EPERM; 2291 if (file->f_op->write == redirected_tty_write) { 2292 struct file *f; 2293 spin_lock(&redirect_lock); 2294 f = redirect; 2295 redirect = NULL; 2296 spin_unlock(&redirect_lock); 2297 if (f) 2298 fput(f); 2299 return 0; 2300 } 2301 spin_lock(&redirect_lock); 2302 if (redirect) { 2303 spin_unlock(&redirect_lock); 2304 return -EBUSY; 2305 } 2306 redirect = get_file(file); 2307 spin_unlock(&redirect_lock); 2308 return 0; 2309 } 2310 2311 /** 2312 * tiocsetd - set line discipline 2313 * @tty: tty device 2314 * @p: pointer to user data 2315 * 2316 * Set the line discipline according to user request. 2317 * 2318 * Locking: see tty_set_ldisc, this function is just a helper 2319 */ 2320 2321 static int tiocsetd(struct tty_struct *tty, int __user *p) 2322 { 2323 int disc; 2324 int ret; 2325 2326 if (get_user(disc, p)) 2327 return -EFAULT; 2328 2329 ret = tty_set_ldisc(tty, disc); 2330 2331 return ret; 2332 } 2333 2334 /** 2335 * tiocgetd - get line discipline 2336 * @tty: tty device 2337 * @p: pointer to user data 2338 * 2339 * Retrieves the line discipline id directly from the ldisc. 2340 * 2341 * Locking: waits for ldisc reference (in case the line discipline 2342 * is changing or the tty is being hungup) 2343 */ 2344 2345 static int tiocgetd(struct tty_struct *tty, int __user *p) 2346 { 2347 struct tty_ldisc *ld; 2348 int ret; 2349 2350 ld = tty_ldisc_ref_wait(tty); 2351 if (!ld) 2352 return -EIO; 2353 ret = put_user(ld->ops->num, p); 2354 tty_ldisc_deref(ld); 2355 return ret; 2356 } 2357 2358 /** 2359 * send_break - performed time break 2360 * @tty: device to break on 2361 * @duration: timeout in mS 2362 * 2363 * Perform a timed break on hardware that lacks its own driver level 2364 * timed break functionality. 2365 * 2366 * Locking: 2367 * atomic_write_lock serializes 2368 * 2369 */ 2370 2371 static int send_break(struct tty_struct *tty, unsigned int duration) 2372 { 2373 int retval; 2374 2375 if (tty->ops->break_ctl == NULL) 2376 return 0; 2377 2378 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2379 retval = tty->ops->break_ctl(tty, duration); 2380 else { 2381 /* Do the work ourselves */ 2382 if (tty_write_lock(tty, 0) < 0) 2383 return -EINTR; 2384 retval = tty->ops->break_ctl(tty, -1); 2385 if (retval) 2386 goto out; 2387 if (!signal_pending(current)) 2388 msleep_interruptible(duration); 2389 retval = tty->ops->break_ctl(tty, 0); 2390 out: 2391 tty_write_unlock(tty); 2392 if (signal_pending(current)) 2393 retval = -EINTR; 2394 } 2395 return retval; 2396 } 2397 2398 /** 2399 * tty_tiocmget - get modem status 2400 * @tty: tty device 2401 * @file: user file pointer 2402 * @p: pointer to result 2403 * 2404 * Obtain the modem status bits from the tty driver if the feature 2405 * is supported. Return -EINVAL if it is not available. 2406 * 2407 * Locking: none (up to the driver) 2408 */ 2409 2410 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2411 { 2412 int retval = -EINVAL; 2413 2414 if (tty->ops->tiocmget) { 2415 retval = tty->ops->tiocmget(tty); 2416 2417 if (retval >= 0) 2418 retval = put_user(retval, p); 2419 } 2420 return retval; 2421 } 2422 2423 /** 2424 * tty_tiocmset - set modem status 2425 * @tty: tty device 2426 * @cmd: command - clear bits, set bits or set all 2427 * @p: pointer to desired bits 2428 * 2429 * Set the modem status bits from the tty driver if the feature 2430 * is supported. Return -EINVAL if it is not available. 2431 * 2432 * Locking: none (up to the driver) 2433 */ 2434 2435 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2436 unsigned __user *p) 2437 { 2438 int retval; 2439 unsigned int set, clear, val; 2440 2441 if (tty->ops->tiocmset == NULL) 2442 return -EINVAL; 2443 2444 retval = get_user(val, p); 2445 if (retval) 2446 return retval; 2447 set = clear = 0; 2448 switch (cmd) { 2449 case TIOCMBIS: 2450 set = val; 2451 break; 2452 case TIOCMBIC: 2453 clear = val; 2454 break; 2455 case TIOCMSET: 2456 set = val; 2457 clear = ~val; 2458 break; 2459 } 2460 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2461 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2462 return tty->ops->tiocmset(tty, set, clear); 2463 } 2464 2465 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2466 { 2467 int retval = -EINVAL; 2468 struct serial_icounter_struct icount; 2469 memset(&icount, 0, sizeof(icount)); 2470 if (tty->ops->get_icount) 2471 retval = tty->ops->get_icount(tty, &icount); 2472 if (retval != 0) 2473 return retval; 2474 if (copy_to_user(arg, &icount, sizeof(icount))) 2475 return -EFAULT; 2476 return 0; 2477 } 2478 2479 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss) 2480 { 2481 static DEFINE_RATELIMIT_STATE(depr_flags, 2482 DEFAULT_RATELIMIT_INTERVAL, 2483 DEFAULT_RATELIMIT_BURST); 2484 char comm[TASK_COMM_LEN]; 2485 struct serial_struct v; 2486 int flags; 2487 2488 if (copy_from_user(&v, ss, sizeof(struct serial_struct))) 2489 return -EFAULT; 2490 2491 flags = v.flags & ASYNC_DEPRECATED; 2492 2493 if (flags && __ratelimit(&depr_flags)) 2494 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2495 __func__, get_task_comm(comm, current), flags); 2496 if (!tty->ops->set_serial) 2497 return -ENOTTY; 2498 return tty->ops->set_serial(tty, &v); 2499 } 2500 2501 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss) 2502 { 2503 struct serial_struct v; 2504 int err; 2505 2506 memset(&v, 0, sizeof(struct serial_struct)); 2507 if (!tty->ops->get_serial) 2508 return -ENOTTY; 2509 err = tty->ops->get_serial(tty, &v); 2510 if (!err && copy_to_user(ss, &v, sizeof(struct serial_struct))) 2511 err = -EFAULT; 2512 return err; 2513 } 2514 2515 /* 2516 * if pty, return the slave side (real_tty) 2517 * otherwise, return self 2518 */ 2519 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2520 { 2521 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2522 tty->driver->subtype == PTY_TYPE_MASTER) 2523 tty = tty->link; 2524 return tty; 2525 } 2526 2527 /* 2528 * Split this up, as gcc can choke on it otherwise.. 2529 */ 2530 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2531 { 2532 struct tty_struct *tty = file_tty(file); 2533 struct tty_struct *real_tty; 2534 void __user *p = (void __user *)arg; 2535 int retval; 2536 struct tty_ldisc *ld; 2537 2538 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2539 return -EINVAL; 2540 2541 real_tty = tty_pair_get_tty(tty); 2542 2543 /* 2544 * Factor out some common prep work 2545 */ 2546 switch (cmd) { 2547 case TIOCSETD: 2548 case TIOCSBRK: 2549 case TIOCCBRK: 2550 case TCSBRK: 2551 case TCSBRKP: 2552 retval = tty_check_change(tty); 2553 if (retval) 2554 return retval; 2555 if (cmd != TIOCCBRK) { 2556 tty_wait_until_sent(tty, 0); 2557 if (signal_pending(current)) 2558 return -EINTR; 2559 } 2560 break; 2561 } 2562 2563 /* 2564 * Now do the stuff. 2565 */ 2566 switch (cmd) { 2567 case TIOCSTI: 2568 return tiocsti(tty, p); 2569 case TIOCGWINSZ: 2570 return tiocgwinsz(real_tty, p); 2571 case TIOCSWINSZ: 2572 return tiocswinsz(real_tty, p); 2573 case TIOCCONS: 2574 return real_tty != tty ? -EINVAL : tioccons(file); 2575 case TIOCEXCL: 2576 set_bit(TTY_EXCLUSIVE, &tty->flags); 2577 return 0; 2578 case TIOCNXCL: 2579 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2580 return 0; 2581 case TIOCGEXCL: 2582 { 2583 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2584 return put_user(excl, (int __user *)p); 2585 } 2586 case TIOCGETD: 2587 return tiocgetd(tty, p); 2588 case TIOCSETD: 2589 return tiocsetd(tty, p); 2590 case TIOCVHANGUP: 2591 if (!capable(CAP_SYS_ADMIN)) 2592 return -EPERM; 2593 tty_vhangup(tty); 2594 return 0; 2595 case TIOCGDEV: 2596 { 2597 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2598 return put_user(ret, (unsigned int __user *)p); 2599 } 2600 /* 2601 * Break handling 2602 */ 2603 case TIOCSBRK: /* Turn break on, unconditionally */ 2604 if (tty->ops->break_ctl) 2605 return tty->ops->break_ctl(tty, -1); 2606 return 0; 2607 case TIOCCBRK: /* Turn break off, unconditionally */ 2608 if (tty->ops->break_ctl) 2609 return tty->ops->break_ctl(tty, 0); 2610 return 0; 2611 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2612 /* non-zero arg means wait for all output data 2613 * to be sent (performed above) but don't send break. 2614 * This is used by the tcdrain() termios function. 2615 */ 2616 if (!arg) 2617 return send_break(tty, 250); 2618 return 0; 2619 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2620 return send_break(tty, arg ? arg*100 : 250); 2621 2622 case TIOCMGET: 2623 return tty_tiocmget(tty, p); 2624 case TIOCMSET: 2625 case TIOCMBIC: 2626 case TIOCMBIS: 2627 return tty_tiocmset(tty, cmd, p); 2628 case TIOCGICOUNT: 2629 return tty_tiocgicount(tty, p); 2630 case TCFLSH: 2631 switch (arg) { 2632 case TCIFLUSH: 2633 case TCIOFLUSH: 2634 /* flush tty buffer and allow ldisc to process ioctl */ 2635 tty_buffer_flush(tty, NULL); 2636 break; 2637 } 2638 break; 2639 case TIOCSSERIAL: 2640 return tty_tiocsserial(tty, p); 2641 case TIOCGSERIAL: 2642 return tty_tiocgserial(tty, p); 2643 case TIOCGPTPEER: 2644 /* Special because the struct file is needed */ 2645 return ptm_open_peer(file, tty, (int)arg); 2646 default: 2647 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg); 2648 if (retval != -ENOIOCTLCMD) 2649 return retval; 2650 } 2651 if (tty->ops->ioctl) { 2652 retval = tty->ops->ioctl(tty, cmd, arg); 2653 if (retval != -ENOIOCTLCMD) 2654 return retval; 2655 } 2656 ld = tty_ldisc_ref_wait(tty); 2657 if (!ld) 2658 return hung_up_tty_ioctl(file, cmd, arg); 2659 retval = -EINVAL; 2660 if (ld->ops->ioctl) { 2661 retval = ld->ops->ioctl(tty, file, cmd, arg); 2662 if (retval == -ENOIOCTLCMD) 2663 retval = -ENOTTY; 2664 } 2665 tty_ldisc_deref(ld); 2666 return retval; 2667 } 2668 2669 #ifdef CONFIG_COMPAT 2670 2671 struct serial_struct32 { 2672 compat_int_t type; 2673 compat_int_t line; 2674 compat_uint_t port; 2675 compat_int_t irq; 2676 compat_int_t flags; 2677 compat_int_t xmit_fifo_size; 2678 compat_int_t custom_divisor; 2679 compat_int_t baud_base; 2680 unsigned short close_delay; 2681 char io_type; 2682 char reserved_char[1]; 2683 compat_int_t hub6; 2684 unsigned short closing_wait; /* time to wait before closing */ 2685 unsigned short closing_wait2; /* no longer used... */ 2686 compat_uint_t iomem_base; 2687 unsigned short iomem_reg_shift; 2688 unsigned int port_high; 2689 /* compat_ulong_t iomap_base FIXME */ 2690 compat_int_t reserved[1]; 2691 }; 2692 2693 static int compat_tty_tiocsserial(struct tty_struct *tty, 2694 struct serial_struct32 __user *ss) 2695 { 2696 static DEFINE_RATELIMIT_STATE(depr_flags, 2697 DEFAULT_RATELIMIT_INTERVAL, 2698 DEFAULT_RATELIMIT_BURST); 2699 char comm[TASK_COMM_LEN]; 2700 struct serial_struct32 v32; 2701 struct serial_struct v; 2702 int flags; 2703 2704 if (copy_from_user(&v32, ss, sizeof(struct serial_struct32))) 2705 return -EFAULT; 2706 2707 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base)); 2708 v.iomem_base = compat_ptr(v32.iomem_base); 2709 v.iomem_reg_shift = v32.iomem_reg_shift; 2710 v.port_high = v32.port_high; 2711 v.iomap_base = 0; 2712 2713 flags = v.flags & ASYNC_DEPRECATED; 2714 2715 if (flags && __ratelimit(&depr_flags)) 2716 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2717 __func__, get_task_comm(comm, current), flags); 2718 if (!tty->ops->set_serial) 2719 return -ENOTTY; 2720 return tty->ops->set_serial(tty, &v); 2721 } 2722 2723 static int compat_tty_tiocgserial(struct tty_struct *tty, 2724 struct serial_struct32 __user *ss) 2725 { 2726 struct serial_struct32 v32; 2727 struct serial_struct v; 2728 int err; 2729 memset(&v, 0, sizeof(struct serial_struct)); 2730 2731 if (!tty->ops->set_serial) 2732 return -ENOTTY; 2733 err = tty->ops->get_serial(tty, &v); 2734 if (!err) { 2735 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base)); 2736 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ? 2737 0xfffffff : ptr_to_compat(v.iomem_base); 2738 v32.iomem_reg_shift = v.iomem_reg_shift; 2739 v32.port_high = v.port_high; 2740 if (copy_to_user(ss, &v32, sizeof(struct serial_struct32))) 2741 err = -EFAULT; 2742 } 2743 return err; 2744 } 2745 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2746 unsigned long arg) 2747 { 2748 struct tty_struct *tty = file_tty(file); 2749 struct tty_ldisc *ld; 2750 int retval = -ENOIOCTLCMD; 2751 2752 switch (cmd) { 2753 case TIOCSTI: 2754 case TIOCGWINSZ: 2755 case TIOCSWINSZ: 2756 case TIOCGEXCL: 2757 case TIOCGETD: 2758 case TIOCSETD: 2759 case TIOCGDEV: 2760 case TIOCMGET: 2761 case TIOCMSET: 2762 case TIOCMBIC: 2763 case TIOCMBIS: 2764 case TIOCGICOUNT: 2765 case TIOCGPGRP: 2766 case TIOCSPGRP: 2767 case TIOCGSID: 2768 case TIOCSERGETLSR: 2769 case TIOCGRS485: 2770 case TIOCSRS485: 2771 #ifdef TIOCGETP 2772 case TIOCGETP: 2773 case TIOCSETP: 2774 case TIOCSETN: 2775 #endif 2776 #ifdef TIOCGETC 2777 case TIOCGETC: 2778 case TIOCSETC: 2779 #endif 2780 #ifdef TIOCGLTC 2781 case TIOCGLTC: 2782 case TIOCSLTC: 2783 #endif 2784 case TCSETSF: 2785 case TCSETSW: 2786 case TCSETS: 2787 case TCGETS: 2788 #ifdef TCGETS2 2789 case TCGETS2: 2790 case TCSETSF2: 2791 case TCSETSW2: 2792 case TCSETS2: 2793 #endif 2794 case TCGETA: 2795 case TCSETAF: 2796 case TCSETAW: 2797 case TCSETA: 2798 case TIOCGLCKTRMIOS: 2799 case TIOCSLCKTRMIOS: 2800 #ifdef TCGETX 2801 case TCGETX: 2802 case TCSETX: 2803 case TCSETXW: 2804 case TCSETXF: 2805 #endif 2806 case TIOCGSOFTCAR: 2807 case TIOCSSOFTCAR: 2808 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 2809 case TIOCCONS: 2810 case TIOCEXCL: 2811 case TIOCNXCL: 2812 case TIOCVHANGUP: 2813 case TIOCSBRK: 2814 case TIOCCBRK: 2815 case TCSBRK: 2816 case TCSBRKP: 2817 case TCFLSH: 2818 case TIOCGPTPEER: 2819 case TIOCNOTTY: 2820 case TIOCSCTTY: 2821 case TCXONC: 2822 case TIOCMIWAIT: 2823 case TIOCSERCONFIG: 2824 return tty_ioctl(file, cmd, arg); 2825 } 2826 2827 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2828 return -EINVAL; 2829 2830 switch (cmd) { 2831 case TIOCSSERIAL: 2832 return compat_tty_tiocsserial(tty, compat_ptr(arg)); 2833 case TIOCGSERIAL: 2834 return compat_tty_tiocgserial(tty, compat_ptr(arg)); 2835 } 2836 if (tty->ops->compat_ioctl) { 2837 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2838 if (retval != -ENOIOCTLCMD) 2839 return retval; 2840 } 2841 2842 ld = tty_ldisc_ref_wait(tty); 2843 if (!ld) 2844 return hung_up_tty_compat_ioctl(file, cmd, arg); 2845 if (ld->ops->compat_ioctl) 2846 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2847 if (retval == -ENOIOCTLCMD && ld->ops->ioctl) 2848 retval = ld->ops->ioctl(tty, file, 2849 (unsigned long)compat_ptr(cmd), arg); 2850 tty_ldisc_deref(ld); 2851 2852 return retval; 2853 } 2854 #endif 2855 2856 static int this_tty(const void *t, struct file *file, unsigned fd) 2857 { 2858 if (likely(file->f_op->read != tty_read)) 2859 return 0; 2860 return file_tty(file) != t ? 0 : fd + 1; 2861 } 2862 2863 /* 2864 * This implements the "Secure Attention Key" --- the idea is to 2865 * prevent trojan horses by killing all processes associated with this 2866 * tty when the user hits the "Secure Attention Key". Required for 2867 * super-paranoid applications --- see the Orange Book for more details. 2868 * 2869 * This code could be nicer; ideally it should send a HUP, wait a few 2870 * seconds, then send a INT, and then a KILL signal. But you then 2871 * have to coordinate with the init process, since all processes associated 2872 * with the current tty must be dead before the new getty is allowed 2873 * to spawn. 2874 * 2875 * Now, if it would be correct ;-/ The current code has a nasty hole - 2876 * it doesn't catch files in flight. We may send the descriptor to ourselves 2877 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2878 * 2879 * Nasty bug: do_SAK is being called in interrupt context. This can 2880 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2881 */ 2882 void __do_SAK(struct tty_struct *tty) 2883 { 2884 #ifdef TTY_SOFT_SAK 2885 tty_hangup(tty); 2886 #else 2887 struct task_struct *g, *p; 2888 struct pid *session; 2889 int i; 2890 2891 if (!tty) 2892 return; 2893 session = tty->session; 2894 2895 tty_ldisc_flush(tty); 2896 2897 tty_driver_flush_buffer(tty); 2898 2899 read_lock(&tasklist_lock); 2900 /* Kill the entire session */ 2901 do_each_pid_task(session, PIDTYPE_SID, p) { 2902 tty_notice(tty, "SAK: killed process %d (%s): by session\n", 2903 task_pid_nr(p), p->comm); 2904 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2905 } while_each_pid_task(session, PIDTYPE_SID, p); 2906 2907 /* Now kill any processes that happen to have the tty open */ 2908 do_each_thread(g, p) { 2909 if (p->signal->tty == tty) { 2910 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n", 2911 task_pid_nr(p), p->comm); 2912 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2913 continue; 2914 } 2915 task_lock(p); 2916 i = iterate_fd(p->files, 0, this_tty, tty); 2917 if (i != 0) { 2918 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n", 2919 task_pid_nr(p), p->comm, i - 1); 2920 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2921 } 2922 task_unlock(p); 2923 } while_each_thread(g, p); 2924 read_unlock(&tasklist_lock); 2925 #endif 2926 } 2927 2928 static void do_SAK_work(struct work_struct *work) 2929 { 2930 struct tty_struct *tty = 2931 container_of(work, struct tty_struct, SAK_work); 2932 __do_SAK(tty); 2933 } 2934 2935 /* 2936 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2937 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2938 * the values which we write to it will be identical to the values which it 2939 * already has. --akpm 2940 */ 2941 void do_SAK(struct tty_struct *tty) 2942 { 2943 if (!tty) 2944 return; 2945 schedule_work(&tty->SAK_work); 2946 } 2947 2948 EXPORT_SYMBOL(do_SAK); 2949 2950 static int dev_match_devt(struct device *dev, const void *data) 2951 { 2952 const dev_t *devt = data; 2953 return dev->devt == *devt; 2954 } 2955 2956 /* Must put_device() after it's unused! */ 2957 static struct device *tty_get_device(struct tty_struct *tty) 2958 { 2959 dev_t devt = tty_devnum(tty); 2960 return class_find_device(tty_class, NULL, &devt, dev_match_devt); 2961 } 2962 2963 2964 /** 2965 * alloc_tty_struct 2966 * 2967 * This subroutine allocates and initializes a tty structure. 2968 * 2969 * Locking: none - tty in question is not exposed at this point 2970 */ 2971 2972 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 2973 { 2974 struct tty_struct *tty; 2975 2976 tty = kzalloc(sizeof(*tty), GFP_KERNEL); 2977 if (!tty) 2978 return NULL; 2979 2980 kref_init(&tty->kref); 2981 tty->magic = TTY_MAGIC; 2982 if (tty_ldisc_init(tty)) { 2983 kfree(tty); 2984 return NULL; 2985 } 2986 tty->session = NULL; 2987 tty->pgrp = NULL; 2988 mutex_init(&tty->legacy_mutex); 2989 mutex_init(&tty->throttle_mutex); 2990 init_rwsem(&tty->termios_rwsem); 2991 mutex_init(&tty->winsize_mutex); 2992 init_ldsem(&tty->ldisc_sem); 2993 init_waitqueue_head(&tty->write_wait); 2994 init_waitqueue_head(&tty->read_wait); 2995 INIT_WORK(&tty->hangup_work, do_tty_hangup); 2996 mutex_init(&tty->atomic_write_lock); 2997 spin_lock_init(&tty->ctrl_lock); 2998 spin_lock_init(&tty->flow_lock); 2999 spin_lock_init(&tty->files_lock); 3000 INIT_LIST_HEAD(&tty->tty_files); 3001 INIT_WORK(&tty->SAK_work, do_SAK_work); 3002 3003 tty->driver = driver; 3004 tty->ops = driver->ops; 3005 tty->index = idx; 3006 tty_line_name(driver, idx, tty->name); 3007 tty->dev = tty_get_device(tty); 3008 3009 return tty; 3010 } 3011 3012 /** 3013 * tty_put_char - write one character to a tty 3014 * @tty: tty 3015 * @ch: character 3016 * 3017 * Write one byte to the tty using the provided put_char method 3018 * if present. Returns the number of characters successfully output. 3019 * 3020 * Note: the specific put_char operation in the driver layer may go 3021 * away soon. Don't call it directly, use this method 3022 */ 3023 3024 int tty_put_char(struct tty_struct *tty, unsigned char ch) 3025 { 3026 if (tty->ops->put_char) 3027 return tty->ops->put_char(tty, ch); 3028 return tty->ops->write(tty, &ch, 1); 3029 } 3030 EXPORT_SYMBOL_GPL(tty_put_char); 3031 3032 struct class *tty_class; 3033 3034 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3035 unsigned int index, unsigned int count) 3036 { 3037 int err; 3038 3039 /* init here, since reused cdevs cause crashes */ 3040 driver->cdevs[index] = cdev_alloc(); 3041 if (!driver->cdevs[index]) 3042 return -ENOMEM; 3043 driver->cdevs[index]->ops = &tty_fops; 3044 driver->cdevs[index]->owner = driver->owner; 3045 err = cdev_add(driver->cdevs[index], dev, count); 3046 if (err) 3047 kobject_put(&driver->cdevs[index]->kobj); 3048 return err; 3049 } 3050 3051 /** 3052 * tty_register_device - register a tty device 3053 * @driver: the tty driver that describes the tty device 3054 * @index: the index in the tty driver for this tty device 3055 * @device: a struct device that is associated with this tty device. 3056 * This field is optional, if there is no known struct device 3057 * for this tty device it can be set to NULL safely. 3058 * 3059 * Returns a pointer to the struct device for this tty device 3060 * (or ERR_PTR(-EFOO) on error). 3061 * 3062 * This call is required to be made to register an individual tty device 3063 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3064 * that bit is not set, this function should not be called by a tty 3065 * driver. 3066 * 3067 * Locking: ?? 3068 */ 3069 3070 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3071 struct device *device) 3072 { 3073 return tty_register_device_attr(driver, index, device, NULL, NULL); 3074 } 3075 EXPORT_SYMBOL(tty_register_device); 3076 3077 static void tty_device_create_release(struct device *dev) 3078 { 3079 dev_dbg(dev, "releasing...\n"); 3080 kfree(dev); 3081 } 3082 3083 /** 3084 * tty_register_device_attr - register a tty device 3085 * @driver: the tty driver that describes the tty device 3086 * @index: the index in the tty driver for this tty device 3087 * @device: a struct device that is associated with this tty device. 3088 * This field is optional, if there is no known struct device 3089 * for this tty device it can be set to NULL safely. 3090 * @drvdata: Driver data to be set to device. 3091 * @attr_grp: Attribute group to be set on device. 3092 * 3093 * Returns a pointer to the struct device for this tty device 3094 * (or ERR_PTR(-EFOO) on error). 3095 * 3096 * This call is required to be made to register an individual tty device 3097 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3098 * that bit is not set, this function should not be called by a tty 3099 * driver. 3100 * 3101 * Locking: ?? 3102 */ 3103 struct device *tty_register_device_attr(struct tty_driver *driver, 3104 unsigned index, struct device *device, 3105 void *drvdata, 3106 const struct attribute_group **attr_grp) 3107 { 3108 char name[64]; 3109 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3110 struct ktermios *tp; 3111 struct device *dev; 3112 int retval; 3113 3114 if (index >= driver->num) { 3115 pr_err("%s: Attempt to register invalid tty line number (%d)\n", 3116 driver->name, index); 3117 return ERR_PTR(-EINVAL); 3118 } 3119 3120 if (driver->type == TTY_DRIVER_TYPE_PTY) 3121 pty_line_name(driver, index, name); 3122 else 3123 tty_line_name(driver, index, name); 3124 3125 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3126 if (!dev) 3127 return ERR_PTR(-ENOMEM); 3128 3129 dev->devt = devt; 3130 dev->class = tty_class; 3131 dev->parent = device; 3132 dev->release = tty_device_create_release; 3133 dev_set_name(dev, "%s", name); 3134 dev->groups = attr_grp; 3135 dev_set_drvdata(dev, drvdata); 3136 3137 dev_set_uevent_suppress(dev, 1); 3138 3139 retval = device_register(dev); 3140 if (retval) 3141 goto err_put; 3142 3143 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3144 /* 3145 * Free any saved termios data so that the termios state is 3146 * reset when reusing a minor number. 3147 */ 3148 tp = driver->termios[index]; 3149 if (tp) { 3150 driver->termios[index] = NULL; 3151 kfree(tp); 3152 } 3153 3154 retval = tty_cdev_add(driver, devt, index, 1); 3155 if (retval) 3156 goto err_del; 3157 } 3158 3159 dev_set_uevent_suppress(dev, 0); 3160 kobject_uevent(&dev->kobj, KOBJ_ADD); 3161 3162 return dev; 3163 3164 err_del: 3165 device_del(dev); 3166 err_put: 3167 put_device(dev); 3168 3169 return ERR_PTR(retval); 3170 } 3171 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3172 3173 /** 3174 * tty_unregister_device - unregister a tty device 3175 * @driver: the tty driver that describes the tty device 3176 * @index: the index in the tty driver for this tty device 3177 * 3178 * If a tty device is registered with a call to tty_register_device() then 3179 * this function must be called when the tty device is gone. 3180 * 3181 * Locking: ?? 3182 */ 3183 3184 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3185 { 3186 device_destroy(tty_class, 3187 MKDEV(driver->major, driver->minor_start) + index); 3188 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3189 cdev_del(driver->cdevs[index]); 3190 driver->cdevs[index] = NULL; 3191 } 3192 } 3193 EXPORT_SYMBOL(tty_unregister_device); 3194 3195 /** 3196 * __tty_alloc_driver -- allocate tty driver 3197 * @lines: count of lines this driver can handle at most 3198 * @owner: module which is responsible for this driver 3199 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3200 * 3201 * This should not be called directly, some of the provided macros should be 3202 * used instead. Use IS_ERR and friends on @retval. 3203 */ 3204 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3205 unsigned long flags) 3206 { 3207 struct tty_driver *driver; 3208 unsigned int cdevs = 1; 3209 int err; 3210 3211 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3212 return ERR_PTR(-EINVAL); 3213 3214 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL); 3215 if (!driver) 3216 return ERR_PTR(-ENOMEM); 3217 3218 kref_init(&driver->kref); 3219 driver->magic = TTY_DRIVER_MAGIC; 3220 driver->num = lines; 3221 driver->owner = owner; 3222 driver->flags = flags; 3223 3224 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3225 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3226 GFP_KERNEL); 3227 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3228 GFP_KERNEL); 3229 if (!driver->ttys || !driver->termios) { 3230 err = -ENOMEM; 3231 goto err_free_all; 3232 } 3233 } 3234 3235 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3236 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3237 GFP_KERNEL); 3238 if (!driver->ports) { 3239 err = -ENOMEM; 3240 goto err_free_all; 3241 } 3242 cdevs = lines; 3243 } 3244 3245 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3246 if (!driver->cdevs) { 3247 err = -ENOMEM; 3248 goto err_free_all; 3249 } 3250 3251 return driver; 3252 err_free_all: 3253 kfree(driver->ports); 3254 kfree(driver->ttys); 3255 kfree(driver->termios); 3256 kfree(driver->cdevs); 3257 kfree(driver); 3258 return ERR_PTR(err); 3259 } 3260 EXPORT_SYMBOL(__tty_alloc_driver); 3261 3262 static void destruct_tty_driver(struct kref *kref) 3263 { 3264 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3265 int i; 3266 struct ktermios *tp; 3267 3268 if (driver->flags & TTY_DRIVER_INSTALLED) { 3269 for (i = 0; i < driver->num; i++) { 3270 tp = driver->termios[i]; 3271 if (tp) { 3272 driver->termios[i] = NULL; 3273 kfree(tp); 3274 } 3275 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3276 tty_unregister_device(driver, i); 3277 } 3278 proc_tty_unregister_driver(driver); 3279 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3280 cdev_del(driver->cdevs[0]); 3281 } 3282 kfree(driver->cdevs); 3283 kfree(driver->ports); 3284 kfree(driver->termios); 3285 kfree(driver->ttys); 3286 kfree(driver); 3287 } 3288 3289 void tty_driver_kref_put(struct tty_driver *driver) 3290 { 3291 kref_put(&driver->kref, destruct_tty_driver); 3292 } 3293 EXPORT_SYMBOL(tty_driver_kref_put); 3294 3295 void tty_set_operations(struct tty_driver *driver, 3296 const struct tty_operations *op) 3297 { 3298 driver->ops = op; 3299 }; 3300 EXPORT_SYMBOL(tty_set_operations); 3301 3302 void put_tty_driver(struct tty_driver *d) 3303 { 3304 tty_driver_kref_put(d); 3305 } 3306 EXPORT_SYMBOL(put_tty_driver); 3307 3308 /* 3309 * Called by a tty driver to register itself. 3310 */ 3311 int tty_register_driver(struct tty_driver *driver) 3312 { 3313 int error; 3314 int i; 3315 dev_t dev; 3316 struct device *d; 3317 3318 if (!driver->major) { 3319 error = alloc_chrdev_region(&dev, driver->minor_start, 3320 driver->num, driver->name); 3321 if (!error) { 3322 driver->major = MAJOR(dev); 3323 driver->minor_start = MINOR(dev); 3324 } 3325 } else { 3326 dev = MKDEV(driver->major, driver->minor_start); 3327 error = register_chrdev_region(dev, driver->num, driver->name); 3328 } 3329 if (error < 0) 3330 goto err; 3331 3332 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3333 error = tty_cdev_add(driver, dev, 0, driver->num); 3334 if (error) 3335 goto err_unreg_char; 3336 } 3337 3338 mutex_lock(&tty_mutex); 3339 list_add(&driver->tty_drivers, &tty_drivers); 3340 mutex_unlock(&tty_mutex); 3341 3342 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3343 for (i = 0; i < driver->num; i++) { 3344 d = tty_register_device(driver, i, NULL); 3345 if (IS_ERR(d)) { 3346 error = PTR_ERR(d); 3347 goto err_unreg_devs; 3348 } 3349 } 3350 } 3351 proc_tty_register_driver(driver); 3352 driver->flags |= TTY_DRIVER_INSTALLED; 3353 return 0; 3354 3355 err_unreg_devs: 3356 for (i--; i >= 0; i--) 3357 tty_unregister_device(driver, i); 3358 3359 mutex_lock(&tty_mutex); 3360 list_del(&driver->tty_drivers); 3361 mutex_unlock(&tty_mutex); 3362 3363 err_unreg_char: 3364 unregister_chrdev_region(dev, driver->num); 3365 err: 3366 return error; 3367 } 3368 EXPORT_SYMBOL(tty_register_driver); 3369 3370 /* 3371 * Called by a tty driver to unregister itself. 3372 */ 3373 int tty_unregister_driver(struct tty_driver *driver) 3374 { 3375 #if 0 3376 /* FIXME */ 3377 if (driver->refcount) 3378 return -EBUSY; 3379 #endif 3380 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3381 driver->num); 3382 mutex_lock(&tty_mutex); 3383 list_del(&driver->tty_drivers); 3384 mutex_unlock(&tty_mutex); 3385 return 0; 3386 } 3387 3388 EXPORT_SYMBOL(tty_unregister_driver); 3389 3390 dev_t tty_devnum(struct tty_struct *tty) 3391 { 3392 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3393 } 3394 EXPORT_SYMBOL(tty_devnum); 3395 3396 void tty_default_fops(struct file_operations *fops) 3397 { 3398 *fops = tty_fops; 3399 } 3400 3401 static char *tty_devnode(struct device *dev, umode_t *mode) 3402 { 3403 if (!mode) 3404 return NULL; 3405 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3406 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3407 *mode = 0666; 3408 return NULL; 3409 } 3410 3411 static int __init tty_class_init(void) 3412 { 3413 tty_class = class_create(THIS_MODULE, "tty"); 3414 if (IS_ERR(tty_class)) 3415 return PTR_ERR(tty_class); 3416 tty_class->devnode = tty_devnode; 3417 return 0; 3418 } 3419 3420 postcore_initcall(tty_class_init); 3421 3422 /* 3/2004 jmc: why do these devices exist? */ 3423 static struct cdev tty_cdev, console_cdev; 3424 3425 static ssize_t show_cons_active(struct device *dev, 3426 struct device_attribute *attr, char *buf) 3427 { 3428 struct console *cs[16]; 3429 int i = 0; 3430 struct console *c; 3431 ssize_t count = 0; 3432 3433 console_lock(); 3434 for_each_console(c) { 3435 if (!c->device) 3436 continue; 3437 if (!c->write) 3438 continue; 3439 if ((c->flags & CON_ENABLED) == 0) 3440 continue; 3441 cs[i++] = c; 3442 if (i >= ARRAY_SIZE(cs)) 3443 break; 3444 } 3445 while (i--) { 3446 int index = cs[i]->index; 3447 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3448 3449 /* don't resolve tty0 as some programs depend on it */ 3450 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3451 count += tty_line_name(drv, index, buf + count); 3452 else 3453 count += sprintf(buf + count, "%s%d", 3454 cs[i]->name, cs[i]->index); 3455 3456 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3457 } 3458 console_unlock(); 3459 3460 return count; 3461 } 3462 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3463 3464 static struct attribute *cons_dev_attrs[] = { 3465 &dev_attr_active.attr, 3466 NULL 3467 }; 3468 3469 ATTRIBUTE_GROUPS(cons_dev); 3470 3471 static struct device *consdev; 3472 3473 void console_sysfs_notify(void) 3474 { 3475 if (consdev) 3476 sysfs_notify(&consdev->kobj, NULL, "active"); 3477 } 3478 3479 /* 3480 * Ok, now we can initialize the rest of the tty devices and can count 3481 * on memory allocations, interrupts etc.. 3482 */ 3483 int __init tty_init(void) 3484 { 3485 cdev_init(&tty_cdev, &tty_fops); 3486 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3487 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3488 panic("Couldn't register /dev/tty driver\n"); 3489 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3490 3491 cdev_init(&console_cdev, &console_fops); 3492 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3493 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3494 panic("Couldn't register /dev/console driver\n"); 3495 consdev = device_create_with_groups(tty_class, NULL, 3496 MKDEV(TTYAUX_MAJOR, 1), NULL, 3497 cons_dev_groups, "console"); 3498 if (IS_ERR(consdev)) 3499 consdev = NULL; 3500 3501 #ifdef CONFIG_VT 3502 vty_init(&console_fops); 3503 #endif 3504 return 0; 3505 } 3506 3507