xref: /openbmc/linux/drivers/tty/tty_io.c (revision cd99b9eb)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  Copyright (C) 1991, 1992  Linus Torvalds
4  */
5 
6 /*
7  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8  * or rs-channels. It also implements echoing, cooked mode etc.
9  *
10  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11  *
12  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13  * tty_struct and tty_queue structures.  Previously there was an array
14  * of 256 tty_struct's which was statically allocated, and the
15  * tty_queue structures were allocated at boot time.  Both are now
16  * dynamically allocated only when the tty is open.
17  *
18  * Also restructured routines so that there is more of a separation
19  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20  * the low-level tty routines (serial.c, pty.c, console.c).  This
21  * makes for cleaner and more compact code.  -TYT, 9/17/92
22  *
23  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24  * which can be dynamically activated and de-activated by the line
25  * discipline handling modules (like SLIP).
26  *
27  * NOTE: pay no attention to the line discipline code (yet); its
28  * interface is still subject to change in this version...
29  * -- TYT, 1/31/92
30  *
31  * Added functionality to the OPOST tty handling.  No delays, but all
32  * other bits should be there.
33  *	-- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34  *
35  * Rewrote canonical mode and added more termios flags.
36  *	-- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37  *
38  * Reorganized FASYNC support so mouse code can share it.
39  *	-- ctm@ardi.com, 9Sep95
40  *
41  * New TIOCLINUX variants added.
42  *	-- mj@k332.feld.cvut.cz, 19-Nov-95
43  *
44  * Restrict vt switching via ioctl()
45  *      -- grif@cs.ucr.edu, 5-Dec-95
46  *
47  * Move console and virtual terminal code to more appropriate files,
48  * implement CONFIG_VT and generalize console device interface.
49  *	-- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50  *
51  * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52  *	-- Bill Hawes <whawes@star.net>, June 97
53  *
54  * Added devfs support.
55  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56  *
57  * Added support for a Unix98-style ptmx device.
58  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59  *
60  * Reduced memory usage for older ARM systems
61  *      -- Russell King <rmk@arm.linux.org.uk>
62  *
63  * Move do_SAK() into process context.  Less stack use in devfs functions.
64  * alloc_tty_struct() always uses kmalloc()
65  *			 -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66  */
67 
68 #include <linux/types.h>
69 #include <linux/major.h>
70 #include <linux/errno.h>
71 #include <linux/signal.h>
72 #include <linux/fcntl.h>
73 #include <linux/sched/signal.h>
74 #include <linux/sched/task.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/ppp-ioctl.h>
91 #include <linux/proc_fs.h>
92 #include <linux/init.h>
93 #include <linux/module.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99 #include <linux/serial.h>
100 #include <linux/ratelimit.h>
101 #include <linux/compat.h>
102 #include <linux/uaccess.h>
103 #include <linux/termios_internal.h>
104 #include <linux/fs.h>
105 
106 #include <linux/kbd_kern.h>
107 #include <linux/vt_kern.h>
108 #include <linux/selection.h>
109 
110 #include <linux/kmod.h>
111 #include <linux/nsproxy.h>
112 #include "tty.h"
113 
114 #undef TTY_DEBUG_HANGUP
115 #ifdef TTY_DEBUG_HANGUP
116 # define tty_debug_hangup(tty, f, args...)	tty_debug(tty, f, ##args)
117 #else
118 # define tty_debug_hangup(tty, f, args...)	do { } while (0)
119 #endif
120 
121 #define TTY_PARANOIA_CHECK 1
122 #define CHECK_TTY_COUNT 1
123 
124 struct ktermios tty_std_termios = {	/* for the benefit of tty drivers  */
125 	.c_iflag = ICRNL | IXON,
126 	.c_oflag = OPOST | ONLCR,
127 	.c_cflag = B38400 | CS8 | CREAD | HUPCL,
128 	.c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
129 		   ECHOCTL | ECHOKE | IEXTEN,
130 	.c_cc = INIT_C_CC,
131 	.c_ispeed = 38400,
132 	.c_ospeed = 38400,
133 	/* .c_line = N_TTY, */
134 };
135 EXPORT_SYMBOL(tty_std_termios);
136 
137 /* This list gets poked at by procfs and various bits of boot up code. This
138  * could do with some rationalisation such as pulling the tty proc function
139  * into this file.
140  */
141 
142 LIST_HEAD(tty_drivers);			/* linked list of tty drivers */
143 
144 /* Mutex to protect creating and releasing a tty */
145 DEFINE_MUTEX(tty_mutex);
146 
147 static ssize_t tty_read(struct kiocb *, struct iov_iter *);
148 static ssize_t tty_write(struct kiocb *, struct iov_iter *);
149 static __poll_t tty_poll(struct file *, poll_table *);
150 static int tty_open(struct inode *, struct file *);
151 #ifdef CONFIG_COMPAT
152 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
153 				unsigned long arg);
154 #else
155 #define tty_compat_ioctl NULL
156 #endif
157 static int __tty_fasync(int fd, struct file *filp, int on);
158 static int tty_fasync(int fd, struct file *filp, int on);
159 static void release_tty(struct tty_struct *tty, int idx);
160 
161 /**
162  * free_tty_struct	-	free a disused tty
163  * @tty: tty struct to free
164  *
165  * Free the write buffers, tty queue and tty memory itself.
166  *
167  * Locking: none. Must be called after tty is definitely unused
168  */
169 static void free_tty_struct(struct tty_struct *tty)
170 {
171 	tty_ldisc_deinit(tty);
172 	put_device(tty->dev);
173 	kvfree(tty->write_buf);
174 	kfree(tty);
175 }
176 
177 static inline struct tty_struct *file_tty(struct file *file)
178 {
179 	return ((struct tty_file_private *)file->private_data)->tty;
180 }
181 
182 int tty_alloc_file(struct file *file)
183 {
184 	struct tty_file_private *priv;
185 
186 	priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 	if (!priv)
188 		return -ENOMEM;
189 
190 	file->private_data = priv;
191 
192 	return 0;
193 }
194 
195 /* Associate a new file with the tty structure */
196 void tty_add_file(struct tty_struct *tty, struct file *file)
197 {
198 	struct tty_file_private *priv = file->private_data;
199 
200 	priv->tty = tty;
201 	priv->file = file;
202 
203 	spin_lock(&tty->files_lock);
204 	list_add(&priv->list, &tty->tty_files);
205 	spin_unlock(&tty->files_lock);
206 }
207 
208 /**
209  * tty_free_file - free file->private_data
210  * @file: to free private_data of
211  *
212  * This shall be used only for fail path handling when tty_add_file was not
213  * called yet.
214  */
215 void tty_free_file(struct file *file)
216 {
217 	struct tty_file_private *priv = file->private_data;
218 
219 	file->private_data = NULL;
220 	kfree(priv);
221 }
222 
223 /* Delete file from its tty */
224 static void tty_del_file(struct file *file)
225 {
226 	struct tty_file_private *priv = file->private_data;
227 	struct tty_struct *tty = priv->tty;
228 
229 	spin_lock(&tty->files_lock);
230 	list_del(&priv->list);
231 	spin_unlock(&tty->files_lock);
232 	tty_free_file(file);
233 }
234 
235 /**
236  * tty_name	-	return tty naming
237  * @tty: tty structure
238  *
239  * Convert a tty structure into a name. The name reflects the kernel naming
240  * policy and if udev is in use may not reflect user space
241  *
242  * Locking: none
243  */
244 const char *tty_name(const struct tty_struct *tty)
245 {
246 	if (!tty) /* Hmm.  NULL pointer.  That's fun. */
247 		return "NULL tty";
248 	return tty->name;
249 }
250 EXPORT_SYMBOL(tty_name);
251 
252 const char *tty_driver_name(const struct tty_struct *tty)
253 {
254 	if (!tty || !tty->driver)
255 		return "";
256 	return tty->driver->name;
257 }
258 
259 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 			      const char *routine)
261 {
262 #ifdef TTY_PARANOIA_CHECK
263 	if (!tty) {
264 		pr_warn("(%d:%d): %s: NULL tty\n",
265 			imajor(inode), iminor(inode), routine);
266 		return 1;
267 	}
268 #endif
269 	return 0;
270 }
271 
272 /* Caller must hold tty_lock */
273 static int check_tty_count(struct tty_struct *tty, const char *routine)
274 {
275 #ifdef CHECK_TTY_COUNT
276 	struct list_head *p;
277 	int count = 0, kopen_count = 0;
278 
279 	spin_lock(&tty->files_lock);
280 	list_for_each(p, &tty->tty_files) {
281 		count++;
282 	}
283 	spin_unlock(&tty->files_lock);
284 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
285 	    tty->driver->subtype == PTY_TYPE_SLAVE &&
286 	    tty->link && tty->link->count)
287 		count++;
288 	if (tty_port_kopened(tty->port))
289 		kopen_count++;
290 	if (tty->count != (count + kopen_count)) {
291 		tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
292 			 routine, tty->count, count, kopen_count);
293 		return (count + kopen_count);
294 	}
295 #endif
296 	return 0;
297 }
298 
299 /**
300  * get_tty_driver		-	find device of a tty
301  * @device: device identifier
302  * @index: returns the index of the tty
303  *
304  * This routine returns a tty driver structure, given a device number and also
305  * passes back the index number.
306  *
307  * Locking: caller must hold tty_mutex
308  */
309 static struct tty_driver *get_tty_driver(dev_t device, int *index)
310 {
311 	struct tty_driver *p;
312 
313 	list_for_each_entry(p, &tty_drivers, tty_drivers) {
314 		dev_t base = MKDEV(p->major, p->minor_start);
315 
316 		if (device < base || device >= base + p->num)
317 			continue;
318 		*index = device - base;
319 		return tty_driver_kref_get(p);
320 	}
321 	return NULL;
322 }
323 
324 /**
325  * tty_dev_name_to_number	-	return dev_t for device name
326  * @name: user space name of device under /dev
327  * @number: pointer to dev_t that this function will populate
328  *
329  * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
330  * (4, 64) or (188, 1). If no corresponding driver is registered then the
331  * function returns -%ENODEV.
332  *
333  * Locking: this acquires tty_mutex to protect the tty_drivers list from
334  *	being modified while we are traversing it, and makes sure to
335  *	release it before exiting.
336  */
337 int tty_dev_name_to_number(const char *name, dev_t *number)
338 {
339 	struct tty_driver *p;
340 	int ret;
341 	int index, prefix_length = 0;
342 	const char *str;
343 
344 	for (str = name; *str && !isdigit(*str); str++)
345 		;
346 
347 	if (!*str)
348 		return -EINVAL;
349 
350 	ret = kstrtoint(str, 10, &index);
351 	if (ret)
352 		return ret;
353 
354 	prefix_length = str - name;
355 	mutex_lock(&tty_mutex);
356 
357 	list_for_each_entry(p, &tty_drivers, tty_drivers)
358 		if (prefix_length == strlen(p->name) && strncmp(name,
359 					p->name, prefix_length) == 0) {
360 			if (index < p->num) {
361 				*number = MKDEV(p->major, p->minor_start + index);
362 				goto out;
363 			}
364 		}
365 
366 	/* if here then driver wasn't found */
367 	ret = -ENODEV;
368 out:
369 	mutex_unlock(&tty_mutex);
370 	return ret;
371 }
372 EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
373 
374 #ifdef CONFIG_CONSOLE_POLL
375 
376 /**
377  * tty_find_polling_driver	-	find device of a polled tty
378  * @name: name string to match
379  * @line: pointer to resulting tty line nr
380  *
381  * This routine returns a tty driver structure, given a name and the condition
382  * that the tty driver is capable of polled operation.
383  */
384 struct tty_driver *tty_find_polling_driver(char *name, int *line)
385 {
386 	struct tty_driver *p, *res = NULL;
387 	int tty_line = 0;
388 	int len;
389 	char *str, *stp;
390 
391 	for (str = name; *str; str++)
392 		if ((*str >= '0' && *str <= '9') || *str == ',')
393 			break;
394 	if (!*str)
395 		return NULL;
396 
397 	len = str - name;
398 	tty_line = simple_strtoul(str, &str, 10);
399 
400 	mutex_lock(&tty_mutex);
401 	/* Search through the tty devices to look for a match */
402 	list_for_each_entry(p, &tty_drivers, tty_drivers) {
403 		if (!len || strncmp(name, p->name, len) != 0)
404 			continue;
405 		stp = str;
406 		if (*stp == ',')
407 			stp++;
408 		if (*stp == '\0')
409 			stp = NULL;
410 
411 		if (tty_line >= 0 && tty_line < p->num && p->ops &&
412 		    p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
413 			res = tty_driver_kref_get(p);
414 			*line = tty_line;
415 			break;
416 		}
417 	}
418 	mutex_unlock(&tty_mutex);
419 
420 	return res;
421 }
422 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
423 #endif
424 
425 static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
426 {
427 	return 0;
428 }
429 
430 static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
431 {
432 	return -EIO;
433 }
434 
435 /* No kernel lock held - none needed ;) */
436 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
437 {
438 	return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
439 }
440 
441 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
442 		unsigned long arg)
443 {
444 	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
445 }
446 
447 static long hung_up_tty_compat_ioctl(struct file *file,
448 				     unsigned int cmd, unsigned long arg)
449 {
450 	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
451 }
452 
453 static int hung_up_tty_fasync(int fd, struct file *file, int on)
454 {
455 	return -ENOTTY;
456 }
457 
458 static void tty_show_fdinfo(struct seq_file *m, struct file *file)
459 {
460 	struct tty_struct *tty = file_tty(file);
461 
462 	if (tty && tty->ops && tty->ops->show_fdinfo)
463 		tty->ops->show_fdinfo(tty, m);
464 }
465 
466 static const struct file_operations tty_fops = {
467 	.llseek		= no_llseek,
468 	.read_iter	= tty_read,
469 	.write_iter	= tty_write,
470 	.splice_read	= copy_splice_read,
471 	.splice_write	= iter_file_splice_write,
472 	.poll		= tty_poll,
473 	.unlocked_ioctl	= tty_ioctl,
474 	.compat_ioctl	= tty_compat_ioctl,
475 	.open		= tty_open,
476 	.release	= tty_release,
477 	.fasync		= tty_fasync,
478 	.show_fdinfo	= tty_show_fdinfo,
479 };
480 
481 static const struct file_operations console_fops = {
482 	.llseek		= no_llseek,
483 	.read_iter	= tty_read,
484 	.write_iter	= redirected_tty_write,
485 	.splice_read	= copy_splice_read,
486 	.splice_write	= iter_file_splice_write,
487 	.poll		= tty_poll,
488 	.unlocked_ioctl	= tty_ioctl,
489 	.compat_ioctl	= tty_compat_ioctl,
490 	.open		= tty_open,
491 	.release	= tty_release,
492 	.fasync		= tty_fasync,
493 };
494 
495 static const struct file_operations hung_up_tty_fops = {
496 	.llseek		= no_llseek,
497 	.read_iter	= hung_up_tty_read,
498 	.write_iter	= hung_up_tty_write,
499 	.poll		= hung_up_tty_poll,
500 	.unlocked_ioctl	= hung_up_tty_ioctl,
501 	.compat_ioctl	= hung_up_tty_compat_ioctl,
502 	.release	= tty_release,
503 	.fasync		= hung_up_tty_fasync,
504 };
505 
506 static DEFINE_SPINLOCK(redirect_lock);
507 static struct file *redirect;
508 
509 /**
510  * tty_wakeup	-	request more data
511  * @tty: terminal
512  *
513  * Internal and external helper for wakeups of tty. This function informs the
514  * line discipline if present that the driver is ready to receive more output
515  * data.
516  */
517 void tty_wakeup(struct tty_struct *tty)
518 {
519 	struct tty_ldisc *ld;
520 
521 	if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
522 		ld = tty_ldisc_ref(tty);
523 		if (ld) {
524 			if (ld->ops->write_wakeup)
525 				ld->ops->write_wakeup(tty);
526 			tty_ldisc_deref(ld);
527 		}
528 	}
529 	wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
530 }
531 EXPORT_SYMBOL_GPL(tty_wakeup);
532 
533 /**
534  * tty_release_redirect	-	Release a redirect on a pty if present
535  * @tty: tty device
536  *
537  * This is available to the pty code so if the master closes, if the slave is a
538  * redirect it can release the redirect.
539  */
540 static struct file *tty_release_redirect(struct tty_struct *tty)
541 {
542 	struct file *f = NULL;
543 
544 	spin_lock(&redirect_lock);
545 	if (redirect && file_tty(redirect) == tty) {
546 		f = redirect;
547 		redirect = NULL;
548 	}
549 	spin_unlock(&redirect_lock);
550 
551 	return f;
552 }
553 
554 /**
555  * __tty_hangup		-	actual handler for hangup events
556  * @tty: tty device
557  * @exit_session: if non-zero, signal all foreground group processes
558  *
559  * This can be called by a "kworker" kernel thread. That is process synchronous
560  * but doesn't hold any locks, so we need to make sure we have the appropriate
561  * locks for what we're doing.
562  *
563  * The hangup event clears any pending redirections onto the hung up device. It
564  * ensures future writes will error and it does the needed line discipline
565  * hangup and signal delivery. The tty object itself remains intact.
566  *
567  * Locking:
568  *  * BTM
569  *
570  *   * redirect lock for undoing redirection
571  *   * file list lock for manipulating list of ttys
572  *   * tty_ldiscs_lock from called functions
573  *   * termios_rwsem resetting termios data
574  *   * tasklist_lock to walk task list for hangup event
575  *
576  *    * ->siglock to protect ->signal/->sighand
577  *
578  */
579 static void __tty_hangup(struct tty_struct *tty, int exit_session)
580 {
581 	struct file *cons_filp = NULL;
582 	struct file *filp, *f;
583 	struct tty_file_private *priv;
584 	int    closecount = 0, n;
585 	int refs;
586 
587 	if (!tty)
588 		return;
589 
590 	f = tty_release_redirect(tty);
591 
592 	tty_lock(tty);
593 
594 	if (test_bit(TTY_HUPPED, &tty->flags)) {
595 		tty_unlock(tty);
596 		return;
597 	}
598 
599 	/*
600 	 * Some console devices aren't actually hung up for technical and
601 	 * historical reasons, which can lead to indefinite interruptible
602 	 * sleep in n_tty_read().  The following explicitly tells
603 	 * n_tty_read() to abort readers.
604 	 */
605 	set_bit(TTY_HUPPING, &tty->flags);
606 
607 	/* inuse_filps is protected by the single tty lock,
608 	 * this really needs to change if we want to flush the
609 	 * workqueue with the lock held.
610 	 */
611 	check_tty_count(tty, "tty_hangup");
612 
613 	spin_lock(&tty->files_lock);
614 	/* This breaks for file handles being sent over AF_UNIX sockets ? */
615 	list_for_each_entry(priv, &tty->tty_files, list) {
616 		filp = priv->file;
617 		if (filp->f_op->write_iter == redirected_tty_write)
618 			cons_filp = filp;
619 		if (filp->f_op->write_iter != tty_write)
620 			continue;
621 		closecount++;
622 		__tty_fasync(-1, filp, 0);	/* can't block */
623 		filp->f_op = &hung_up_tty_fops;
624 	}
625 	spin_unlock(&tty->files_lock);
626 
627 	refs = tty_signal_session_leader(tty, exit_session);
628 	/* Account for the p->signal references we killed */
629 	while (refs--)
630 		tty_kref_put(tty);
631 
632 	tty_ldisc_hangup(tty, cons_filp != NULL);
633 
634 	spin_lock_irq(&tty->ctrl.lock);
635 	clear_bit(TTY_THROTTLED, &tty->flags);
636 	clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
637 	put_pid(tty->ctrl.session);
638 	put_pid(tty->ctrl.pgrp);
639 	tty->ctrl.session = NULL;
640 	tty->ctrl.pgrp = NULL;
641 	tty->ctrl.pktstatus = 0;
642 	spin_unlock_irq(&tty->ctrl.lock);
643 
644 	/*
645 	 * If one of the devices matches a console pointer, we
646 	 * cannot just call hangup() because that will cause
647 	 * tty->count and state->count to go out of sync.
648 	 * So we just call close() the right number of times.
649 	 */
650 	if (cons_filp) {
651 		if (tty->ops->close)
652 			for (n = 0; n < closecount; n++)
653 				tty->ops->close(tty, cons_filp);
654 	} else if (tty->ops->hangup)
655 		tty->ops->hangup(tty);
656 	/*
657 	 * We don't want to have driver/ldisc interactions beyond the ones
658 	 * we did here. The driver layer expects no calls after ->hangup()
659 	 * from the ldisc side, which is now guaranteed.
660 	 */
661 	set_bit(TTY_HUPPED, &tty->flags);
662 	clear_bit(TTY_HUPPING, &tty->flags);
663 	tty_unlock(tty);
664 
665 	if (f)
666 		fput(f);
667 }
668 
669 static void do_tty_hangup(struct work_struct *work)
670 {
671 	struct tty_struct *tty =
672 		container_of(work, struct tty_struct, hangup_work);
673 
674 	__tty_hangup(tty, 0);
675 }
676 
677 /**
678  * tty_hangup		-	trigger a hangup event
679  * @tty: tty to hangup
680  *
681  * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
682  * hangup sequence to run after this event.
683  */
684 void tty_hangup(struct tty_struct *tty)
685 {
686 	tty_debug_hangup(tty, "hangup\n");
687 	schedule_work(&tty->hangup_work);
688 }
689 EXPORT_SYMBOL(tty_hangup);
690 
691 /**
692  * tty_vhangup		-	process vhangup
693  * @tty: tty to hangup
694  *
695  * The user has asked via system call for the terminal to be hung up. We do
696  * this synchronously so that when the syscall returns the process is complete.
697  * That guarantee is necessary for security reasons.
698  */
699 void tty_vhangup(struct tty_struct *tty)
700 {
701 	tty_debug_hangup(tty, "vhangup\n");
702 	__tty_hangup(tty, 0);
703 }
704 EXPORT_SYMBOL(tty_vhangup);
705 
706 
707 /**
708  * tty_vhangup_self	-	process vhangup for own ctty
709  *
710  * Perform a vhangup on the current controlling tty
711  */
712 void tty_vhangup_self(void)
713 {
714 	struct tty_struct *tty;
715 
716 	tty = get_current_tty();
717 	if (tty) {
718 		tty_vhangup(tty);
719 		tty_kref_put(tty);
720 	}
721 }
722 
723 /**
724  * tty_vhangup_session	-	hangup session leader exit
725  * @tty: tty to hangup
726  *
727  * The session leader is exiting and hanging up its controlling terminal.
728  * Every process in the foreground process group is signalled %SIGHUP.
729  *
730  * We do this synchronously so that when the syscall returns the process is
731  * complete. That guarantee is necessary for security reasons.
732  */
733 void tty_vhangup_session(struct tty_struct *tty)
734 {
735 	tty_debug_hangup(tty, "session hangup\n");
736 	__tty_hangup(tty, 1);
737 }
738 
739 /**
740  * tty_hung_up_p	-	was tty hung up
741  * @filp: file pointer of tty
742  *
743  * Return: true if the tty has been subject to a vhangup or a carrier loss
744  */
745 int tty_hung_up_p(struct file *filp)
746 {
747 	return (filp && filp->f_op == &hung_up_tty_fops);
748 }
749 EXPORT_SYMBOL(tty_hung_up_p);
750 
751 void __stop_tty(struct tty_struct *tty)
752 {
753 	if (tty->flow.stopped)
754 		return;
755 	tty->flow.stopped = true;
756 	if (tty->ops->stop)
757 		tty->ops->stop(tty);
758 }
759 
760 /**
761  * stop_tty	-	propagate flow control
762  * @tty: tty to stop
763  *
764  * Perform flow control to the driver. May be called on an already stopped
765  * device and will not re-call the &tty_driver->stop() method.
766  *
767  * This functionality is used by both the line disciplines for halting incoming
768  * flow and by the driver. It may therefore be called from any context, may be
769  * under the tty %atomic_write_lock but not always.
770  *
771  * Locking:
772  *	flow.lock
773  */
774 void stop_tty(struct tty_struct *tty)
775 {
776 	unsigned long flags;
777 
778 	spin_lock_irqsave(&tty->flow.lock, flags);
779 	__stop_tty(tty);
780 	spin_unlock_irqrestore(&tty->flow.lock, flags);
781 }
782 EXPORT_SYMBOL(stop_tty);
783 
784 void __start_tty(struct tty_struct *tty)
785 {
786 	if (!tty->flow.stopped || tty->flow.tco_stopped)
787 		return;
788 	tty->flow.stopped = false;
789 	if (tty->ops->start)
790 		tty->ops->start(tty);
791 	tty_wakeup(tty);
792 }
793 
794 /**
795  * start_tty	-	propagate flow control
796  * @tty: tty to start
797  *
798  * Start a tty that has been stopped if at all possible. If @tty was previously
799  * stopped and is now being started, the &tty_driver->start() method is invoked
800  * and the line discipline woken.
801  *
802  * Locking:
803  *	flow.lock
804  */
805 void start_tty(struct tty_struct *tty)
806 {
807 	unsigned long flags;
808 
809 	spin_lock_irqsave(&tty->flow.lock, flags);
810 	__start_tty(tty);
811 	spin_unlock_irqrestore(&tty->flow.lock, flags);
812 }
813 EXPORT_SYMBOL(start_tty);
814 
815 static void tty_update_time(struct tty_struct *tty, bool mtime)
816 {
817 	time64_t sec = ktime_get_real_seconds();
818 	struct tty_file_private *priv;
819 
820 	spin_lock(&tty->files_lock);
821 	list_for_each_entry(priv, &tty->tty_files, list) {
822 		struct inode *inode = file_inode(priv->file);
823 		struct timespec64 *time = mtime ? &inode->i_mtime : &inode->i_atime;
824 
825 		/*
826 		 * We only care if the two values differ in anything other than the
827 		 * lower three bits (i.e every 8 seconds).  If so, then we can update
828 		 * the time of the tty device, otherwise it could be construded as a
829 		 * security leak to let userspace know the exact timing of the tty.
830 		 */
831 		if ((sec ^ time->tv_sec) & ~7)
832 			time->tv_sec = sec;
833 	}
834 	spin_unlock(&tty->files_lock);
835 }
836 
837 /*
838  * Iterate on the ldisc ->read() function until we've gotten all
839  * the data the ldisc has for us.
840  *
841  * The "cookie" is something that the ldisc read function can fill
842  * in to let us know that there is more data to be had.
843  *
844  * We promise to continue to call the ldisc until it stops returning
845  * data or clears the cookie. The cookie may be something that the
846  * ldisc maintains state for and needs to free.
847  */
848 static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
849 		struct file *file, struct iov_iter *to)
850 {
851 	int retval = 0;
852 	void *cookie = NULL;
853 	unsigned long offset = 0;
854 	char kernel_buf[64];
855 	size_t count = iov_iter_count(to);
856 
857 	do {
858 		int size, copied;
859 
860 		size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
861 		size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
862 		if (!size)
863 			break;
864 
865 		if (size < 0) {
866 			/* Did we have an earlier error (ie -EFAULT)? */
867 			if (retval)
868 				break;
869 			retval = size;
870 
871 			/*
872 			 * -EOVERFLOW means we didn't have enough space
873 			 * for a whole packet, and we shouldn't return
874 			 * a partial result.
875 			 */
876 			if (retval == -EOVERFLOW)
877 				offset = 0;
878 			break;
879 		}
880 
881 		copied = copy_to_iter(kernel_buf, size, to);
882 		offset += copied;
883 		count -= copied;
884 
885 		/*
886 		 * If the user copy failed, we still need to do another ->read()
887 		 * call if we had a cookie to let the ldisc clear up.
888 		 *
889 		 * But make sure size is zeroed.
890 		 */
891 		if (unlikely(copied != size)) {
892 			count = 0;
893 			retval = -EFAULT;
894 		}
895 	} while (cookie);
896 
897 	/* We always clear tty buffer in case they contained passwords */
898 	memzero_explicit(kernel_buf, sizeof(kernel_buf));
899 	return offset ? offset : retval;
900 }
901 
902 
903 /**
904  * tty_read	-	read method for tty device files
905  * @iocb: kernel I/O control block
906  * @to: destination for the data read
907  *
908  * Perform the read system call function on this terminal device. Checks
909  * for hung up devices before calling the line discipline method.
910  *
911  * Locking:
912  *	Locks the line discipline internally while needed. Multiple read calls
913  *	may be outstanding in parallel.
914  */
915 static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
916 {
917 	int i;
918 	struct file *file = iocb->ki_filp;
919 	struct inode *inode = file_inode(file);
920 	struct tty_struct *tty = file_tty(file);
921 	struct tty_ldisc *ld;
922 
923 	if (tty_paranoia_check(tty, inode, "tty_read"))
924 		return -EIO;
925 	if (!tty || tty_io_error(tty))
926 		return -EIO;
927 
928 	/* We want to wait for the line discipline to sort out in this
929 	 * situation.
930 	 */
931 	ld = tty_ldisc_ref_wait(tty);
932 	if (!ld)
933 		return hung_up_tty_read(iocb, to);
934 	i = -EIO;
935 	if (ld->ops->read)
936 		i = iterate_tty_read(ld, tty, file, to);
937 	tty_ldisc_deref(ld);
938 
939 	if (i > 0)
940 		tty_update_time(tty, false);
941 
942 	return i;
943 }
944 
945 void tty_write_unlock(struct tty_struct *tty)
946 {
947 	mutex_unlock(&tty->atomic_write_lock);
948 	wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
949 }
950 
951 int tty_write_lock(struct tty_struct *tty, int ndelay)
952 {
953 	if (!mutex_trylock(&tty->atomic_write_lock)) {
954 		if (ndelay)
955 			return -EAGAIN;
956 		if (mutex_lock_interruptible(&tty->atomic_write_lock))
957 			return -ERESTARTSYS;
958 	}
959 	return 0;
960 }
961 
962 /*
963  * Split writes up in sane blocksizes to avoid
964  * denial-of-service type attacks
965  */
966 static inline ssize_t do_tty_write(
967 	ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
968 	struct tty_struct *tty,
969 	struct file *file,
970 	struct iov_iter *from)
971 {
972 	size_t count = iov_iter_count(from);
973 	ssize_t ret, written = 0;
974 	unsigned int chunk;
975 
976 	ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
977 	if (ret < 0)
978 		return ret;
979 
980 	/*
981 	 * We chunk up writes into a temporary buffer. This
982 	 * simplifies low-level drivers immensely, since they
983 	 * don't have locking issues and user mode accesses.
984 	 *
985 	 * But if TTY_NO_WRITE_SPLIT is set, we should use a
986 	 * big chunk-size..
987 	 *
988 	 * The default chunk-size is 2kB, because the NTTY
989 	 * layer has problems with bigger chunks. It will
990 	 * claim to be able to handle more characters than
991 	 * it actually does.
992 	 */
993 	chunk = 2048;
994 	if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
995 		chunk = 65536;
996 	if (count < chunk)
997 		chunk = count;
998 
999 	/* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1000 	if (tty->write_cnt < chunk) {
1001 		unsigned char *buf_chunk;
1002 
1003 		if (chunk < 1024)
1004 			chunk = 1024;
1005 
1006 		buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1007 		if (!buf_chunk) {
1008 			ret = -ENOMEM;
1009 			goto out;
1010 		}
1011 		kvfree(tty->write_buf);
1012 		tty->write_cnt = chunk;
1013 		tty->write_buf = buf_chunk;
1014 	}
1015 
1016 	/* Do the write .. */
1017 	for (;;) {
1018 		size_t size = count;
1019 
1020 		if (size > chunk)
1021 			size = chunk;
1022 
1023 		ret = -EFAULT;
1024 		if (copy_from_iter(tty->write_buf, size, from) != size)
1025 			break;
1026 
1027 		ret = write(tty, file, tty->write_buf, size);
1028 		if (ret <= 0)
1029 			break;
1030 
1031 		written += ret;
1032 		if (ret > size)
1033 			break;
1034 
1035 		/* FIXME! Have Al check this! */
1036 		if (ret != size)
1037 			iov_iter_revert(from, size-ret);
1038 
1039 		count -= ret;
1040 		if (!count)
1041 			break;
1042 		ret = -ERESTARTSYS;
1043 		if (signal_pending(current))
1044 			break;
1045 		cond_resched();
1046 	}
1047 	if (written) {
1048 		tty_update_time(tty, true);
1049 		ret = written;
1050 	}
1051 out:
1052 	tty_write_unlock(tty);
1053 	return ret;
1054 }
1055 
1056 /**
1057  * tty_write_message - write a message to a certain tty, not just the console.
1058  * @tty: the destination tty_struct
1059  * @msg: the message to write
1060  *
1061  * This is used for messages that need to be redirected to a specific tty. We
1062  * don't put it into the syslog queue right now maybe in the future if really
1063  * needed.
1064  *
1065  * We must still hold the BTM and test the CLOSING flag for the moment.
1066  */
1067 void tty_write_message(struct tty_struct *tty, char *msg)
1068 {
1069 	if (tty) {
1070 		mutex_lock(&tty->atomic_write_lock);
1071 		tty_lock(tty);
1072 		if (tty->ops->write && tty->count > 0)
1073 			tty->ops->write(tty, msg, strlen(msg));
1074 		tty_unlock(tty);
1075 		tty_write_unlock(tty);
1076 	}
1077 }
1078 
1079 static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1080 {
1081 	struct tty_struct *tty = file_tty(file);
1082 	struct tty_ldisc *ld;
1083 	ssize_t ret;
1084 
1085 	if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1086 		return -EIO;
1087 	if (!tty || !tty->ops->write ||	tty_io_error(tty))
1088 		return -EIO;
1089 	/* Short term debug to catch buggy drivers */
1090 	if (tty->ops->write_room == NULL)
1091 		tty_err(tty, "missing write_room method\n");
1092 	ld = tty_ldisc_ref_wait(tty);
1093 	if (!ld)
1094 		return hung_up_tty_write(iocb, from);
1095 	if (!ld->ops->write)
1096 		ret = -EIO;
1097 	else
1098 		ret = do_tty_write(ld->ops->write, tty, file, from);
1099 	tty_ldisc_deref(ld);
1100 	return ret;
1101 }
1102 
1103 /**
1104  * tty_write		-	write method for tty device file
1105  * @iocb: kernel I/O control block
1106  * @from: iov_iter with data to write
1107  *
1108  * Write data to a tty device via the line discipline.
1109  *
1110  * Locking:
1111  *	Locks the line discipline as required
1112  *	Writes to the tty driver are serialized by the atomic_write_lock
1113  *	and are then processed in chunks to the device. The line
1114  *	discipline write method will not be invoked in parallel for
1115  *	each device.
1116  */
1117 static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1118 {
1119 	return file_tty_write(iocb->ki_filp, iocb, from);
1120 }
1121 
1122 ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1123 {
1124 	struct file *p = NULL;
1125 
1126 	spin_lock(&redirect_lock);
1127 	if (redirect)
1128 		p = get_file(redirect);
1129 	spin_unlock(&redirect_lock);
1130 
1131 	/*
1132 	 * We know the redirected tty is just another tty, we can
1133 	 * call file_tty_write() directly with that file pointer.
1134 	 */
1135 	if (p) {
1136 		ssize_t res;
1137 
1138 		res = file_tty_write(p, iocb, iter);
1139 		fput(p);
1140 		return res;
1141 	}
1142 	return tty_write(iocb, iter);
1143 }
1144 
1145 /**
1146  * tty_send_xchar	-	send priority character
1147  * @tty: the tty to send to
1148  * @ch: xchar to send
1149  *
1150  * Send a high priority character to the tty even if stopped.
1151  *
1152  * Locking: none for xchar method, write ordering for write method.
1153  */
1154 int tty_send_xchar(struct tty_struct *tty, char ch)
1155 {
1156 	bool was_stopped = tty->flow.stopped;
1157 
1158 	if (tty->ops->send_xchar) {
1159 		down_read(&tty->termios_rwsem);
1160 		tty->ops->send_xchar(tty, ch);
1161 		up_read(&tty->termios_rwsem);
1162 		return 0;
1163 	}
1164 
1165 	if (tty_write_lock(tty, 0) < 0)
1166 		return -ERESTARTSYS;
1167 
1168 	down_read(&tty->termios_rwsem);
1169 	if (was_stopped)
1170 		start_tty(tty);
1171 	tty->ops->write(tty, &ch, 1);
1172 	if (was_stopped)
1173 		stop_tty(tty);
1174 	up_read(&tty->termios_rwsem);
1175 	tty_write_unlock(tty);
1176 	return 0;
1177 }
1178 
1179 /**
1180  * pty_line_name	-	generate name for a pty
1181  * @driver: the tty driver in use
1182  * @index: the minor number
1183  * @p: output buffer of at least 6 bytes
1184  *
1185  * Generate a name from a @driver reference and write it to the output buffer
1186  * @p.
1187  *
1188  * Locking: None
1189  */
1190 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1191 {
1192 	static const char ptychar[] = "pqrstuvwxyzabcde";
1193 	int i = index + driver->name_base;
1194 	/* ->name is initialized to "ttyp", but "tty" is expected */
1195 	sprintf(p, "%s%c%x",
1196 		driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1197 		ptychar[i >> 4 & 0xf], i & 0xf);
1198 }
1199 
1200 /**
1201  * tty_line_name	-	generate name for a tty
1202  * @driver: the tty driver in use
1203  * @index: the minor number
1204  * @p: output buffer of at least 7 bytes
1205  *
1206  * Generate a name from a @driver reference and write it to the output buffer
1207  * @p.
1208  *
1209  * Locking: None
1210  */
1211 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1212 {
1213 	if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1214 		return sprintf(p, "%s", driver->name);
1215 	else
1216 		return sprintf(p, "%s%d", driver->name,
1217 			       index + driver->name_base);
1218 }
1219 
1220 /**
1221  * tty_driver_lookup_tty() - find an existing tty, if any
1222  * @driver: the driver for the tty
1223  * @file: file object
1224  * @idx: the minor number
1225  *
1226  * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1227  * driver lookup() method returns an error.
1228  *
1229  * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1230  */
1231 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1232 		struct file *file, int idx)
1233 {
1234 	struct tty_struct *tty;
1235 
1236 	if (driver->ops->lookup) {
1237 		if (!file)
1238 			tty = ERR_PTR(-EIO);
1239 		else
1240 			tty = driver->ops->lookup(driver, file, idx);
1241 	} else {
1242 		if (idx >= driver->num)
1243 			return ERR_PTR(-EINVAL);
1244 		tty = driver->ttys[idx];
1245 	}
1246 	if (!IS_ERR(tty))
1247 		tty_kref_get(tty);
1248 	return tty;
1249 }
1250 
1251 /**
1252  * tty_init_termios	-  helper for termios setup
1253  * @tty: the tty to set up
1254  *
1255  * Initialise the termios structure for this tty. This runs under the
1256  * %tty_mutex currently so we can be relaxed about ordering.
1257  */
1258 void tty_init_termios(struct tty_struct *tty)
1259 {
1260 	struct ktermios *tp;
1261 	int idx = tty->index;
1262 
1263 	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1264 		tty->termios = tty->driver->init_termios;
1265 	else {
1266 		/* Check for lazy saved data */
1267 		tp = tty->driver->termios[idx];
1268 		if (tp != NULL) {
1269 			tty->termios = *tp;
1270 			tty->termios.c_line  = tty->driver->init_termios.c_line;
1271 		} else
1272 			tty->termios = tty->driver->init_termios;
1273 	}
1274 	/* Compatibility until drivers always set this */
1275 	tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1276 	tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1277 }
1278 EXPORT_SYMBOL_GPL(tty_init_termios);
1279 
1280 /**
1281  * tty_standard_install - usual tty->ops->install
1282  * @driver: the driver for the tty
1283  * @tty: the tty
1284  *
1285  * If the @driver overrides @tty->ops->install, it still can call this function
1286  * to perform the standard install operations.
1287  */
1288 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1289 {
1290 	tty_init_termios(tty);
1291 	tty_driver_kref_get(driver);
1292 	tty->count++;
1293 	driver->ttys[tty->index] = tty;
1294 	return 0;
1295 }
1296 EXPORT_SYMBOL_GPL(tty_standard_install);
1297 
1298 /**
1299  * tty_driver_install_tty() - install a tty entry in the driver
1300  * @driver: the driver for the tty
1301  * @tty: the tty
1302  *
1303  * Install a tty object into the driver tables. The @tty->index field will be
1304  * set by the time this is called. This method is responsible for ensuring any
1305  * need additional structures are allocated and configured.
1306  *
1307  * Locking: tty_mutex for now
1308  */
1309 static int tty_driver_install_tty(struct tty_driver *driver,
1310 						struct tty_struct *tty)
1311 {
1312 	return driver->ops->install ? driver->ops->install(driver, tty) :
1313 		tty_standard_install(driver, tty);
1314 }
1315 
1316 /**
1317  * tty_driver_remove_tty() - remove a tty from the driver tables
1318  * @driver: the driver for the tty
1319  * @tty: tty to remove
1320  *
1321  * Remove a tty object from the driver tables. The tty->index field will be set
1322  * by the time this is called.
1323  *
1324  * Locking: tty_mutex for now
1325  */
1326 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1327 {
1328 	if (driver->ops->remove)
1329 		driver->ops->remove(driver, tty);
1330 	else
1331 		driver->ttys[tty->index] = NULL;
1332 }
1333 
1334 /**
1335  * tty_reopen()	- fast re-open of an open tty
1336  * @tty: the tty to open
1337  *
1338  * Re-opens on master ptys are not allowed and return -%EIO.
1339  *
1340  * Locking: Caller must hold tty_lock
1341  * Return: 0 on success, -errno on error.
1342  */
1343 static int tty_reopen(struct tty_struct *tty)
1344 {
1345 	struct tty_driver *driver = tty->driver;
1346 	struct tty_ldisc *ld;
1347 	int retval = 0;
1348 
1349 	if (driver->type == TTY_DRIVER_TYPE_PTY &&
1350 	    driver->subtype == PTY_TYPE_MASTER)
1351 		return -EIO;
1352 
1353 	if (!tty->count)
1354 		return -EAGAIN;
1355 
1356 	if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1357 		return -EBUSY;
1358 
1359 	ld = tty_ldisc_ref_wait(tty);
1360 	if (ld) {
1361 		tty_ldisc_deref(ld);
1362 	} else {
1363 		retval = tty_ldisc_lock(tty, 5 * HZ);
1364 		if (retval)
1365 			return retval;
1366 
1367 		if (!tty->ldisc)
1368 			retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1369 		tty_ldisc_unlock(tty);
1370 	}
1371 
1372 	if (retval == 0)
1373 		tty->count++;
1374 
1375 	return retval;
1376 }
1377 
1378 /**
1379  * tty_init_dev		-	initialise a tty device
1380  * @driver: tty driver we are opening a device on
1381  * @idx: device index
1382  *
1383  * Prepare a tty device. This may not be a "new" clean device but could also be
1384  * an active device. The pty drivers require special handling because of this.
1385  *
1386  * Locking:
1387  *	The function is called under the tty_mutex, which protects us from the
1388  *	tty struct or driver itself going away.
1389  *
1390  * On exit the tty device has the line discipline attached and a reference
1391  * count of 1. If a pair was created for pty/tty use and the other was a pty
1392  * master then it too has a reference count of 1.
1393  *
1394  * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1395  * open. The new code protects the open with a mutex, so it's really quite
1396  * straightforward. The mutex locking can probably be relaxed for the (most
1397  * common) case of reopening a tty.
1398  *
1399  * Return: new tty structure
1400  */
1401 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1402 {
1403 	struct tty_struct *tty;
1404 	int retval;
1405 
1406 	/*
1407 	 * First time open is complex, especially for PTY devices.
1408 	 * This code guarantees that either everything succeeds and the
1409 	 * TTY is ready for operation, or else the table slots are vacated
1410 	 * and the allocated memory released.  (Except that the termios
1411 	 * may be retained.)
1412 	 */
1413 
1414 	if (!try_module_get(driver->owner))
1415 		return ERR_PTR(-ENODEV);
1416 
1417 	tty = alloc_tty_struct(driver, idx);
1418 	if (!tty) {
1419 		retval = -ENOMEM;
1420 		goto err_module_put;
1421 	}
1422 
1423 	tty_lock(tty);
1424 	retval = tty_driver_install_tty(driver, tty);
1425 	if (retval < 0)
1426 		goto err_free_tty;
1427 
1428 	if (!tty->port)
1429 		tty->port = driver->ports[idx];
1430 
1431 	if (WARN_RATELIMIT(!tty->port,
1432 			"%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1433 			__func__, tty->driver->name)) {
1434 		retval = -EINVAL;
1435 		goto err_release_lock;
1436 	}
1437 
1438 	retval = tty_ldisc_lock(tty, 5 * HZ);
1439 	if (retval)
1440 		goto err_release_lock;
1441 	tty->port->itty = tty;
1442 
1443 	/*
1444 	 * Structures all installed ... call the ldisc open routines.
1445 	 * If we fail here just call release_tty to clean up.  No need
1446 	 * to decrement the use counts, as release_tty doesn't care.
1447 	 */
1448 	retval = tty_ldisc_setup(tty, tty->link);
1449 	if (retval)
1450 		goto err_release_tty;
1451 	tty_ldisc_unlock(tty);
1452 	/* Return the tty locked so that it cannot vanish under the caller */
1453 	return tty;
1454 
1455 err_free_tty:
1456 	tty_unlock(tty);
1457 	free_tty_struct(tty);
1458 err_module_put:
1459 	module_put(driver->owner);
1460 	return ERR_PTR(retval);
1461 
1462 	/* call the tty release_tty routine to clean out this slot */
1463 err_release_tty:
1464 	tty_ldisc_unlock(tty);
1465 	tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1466 			     retval, idx);
1467 err_release_lock:
1468 	tty_unlock(tty);
1469 	release_tty(tty, idx);
1470 	return ERR_PTR(retval);
1471 }
1472 
1473 /**
1474  * tty_save_termios() - save tty termios data in driver table
1475  * @tty: tty whose termios data to save
1476  *
1477  * Locking: Caller guarantees serialisation with tty_init_termios().
1478  */
1479 void tty_save_termios(struct tty_struct *tty)
1480 {
1481 	struct ktermios *tp;
1482 	int idx = tty->index;
1483 
1484 	/* If the port is going to reset then it has no termios to save */
1485 	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1486 		return;
1487 
1488 	/* Stash the termios data */
1489 	tp = tty->driver->termios[idx];
1490 	if (tp == NULL) {
1491 		tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1492 		if (tp == NULL)
1493 			return;
1494 		tty->driver->termios[idx] = tp;
1495 	}
1496 	*tp = tty->termios;
1497 }
1498 EXPORT_SYMBOL_GPL(tty_save_termios);
1499 
1500 /**
1501  * tty_flush_works	-	flush all works of a tty/pty pair
1502  * @tty: tty device to flush works for (or either end of a pty pair)
1503  *
1504  * Sync flush all works belonging to @tty (and the 'other' tty).
1505  */
1506 static void tty_flush_works(struct tty_struct *tty)
1507 {
1508 	flush_work(&tty->SAK_work);
1509 	flush_work(&tty->hangup_work);
1510 	if (tty->link) {
1511 		flush_work(&tty->link->SAK_work);
1512 		flush_work(&tty->link->hangup_work);
1513 	}
1514 }
1515 
1516 /**
1517  * release_one_tty	-	release tty structure memory
1518  * @work: work of tty we are obliterating
1519  *
1520  * Releases memory associated with a tty structure, and clears out the
1521  * driver table slots. This function is called when a device is no longer
1522  * in use. It also gets called when setup of a device fails.
1523  *
1524  * Locking:
1525  *	takes the file list lock internally when working on the list of ttys
1526  *	that the driver keeps.
1527  *
1528  * This method gets called from a work queue so that the driver private
1529  * cleanup ops can sleep (needed for USB at least)
1530  */
1531 static void release_one_tty(struct work_struct *work)
1532 {
1533 	struct tty_struct *tty =
1534 		container_of(work, struct tty_struct, hangup_work);
1535 	struct tty_driver *driver = tty->driver;
1536 	struct module *owner = driver->owner;
1537 
1538 	if (tty->ops->cleanup)
1539 		tty->ops->cleanup(tty);
1540 
1541 	tty_driver_kref_put(driver);
1542 	module_put(owner);
1543 
1544 	spin_lock(&tty->files_lock);
1545 	list_del_init(&tty->tty_files);
1546 	spin_unlock(&tty->files_lock);
1547 
1548 	put_pid(tty->ctrl.pgrp);
1549 	put_pid(tty->ctrl.session);
1550 	free_tty_struct(tty);
1551 }
1552 
1553 static void queue_release_one_tty(struct kref *kref)
1554 {
1555 	struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1556 
1557 	/* The hangup queue is now free so we can reuse it rather than
1558 	 *  waste a chunk of memory for each port.
1559 	 */
1560 	INIT_WORK(&tty->hangup_work, release_one_tty);
1561 	schedule_work(&tty->hangup_work);
1562 }
1563 
1564 /**
1565  * tty_kref_put		-	release a tty kref
1566  * @tty: tty device
1567  *
1568  * Release a reference to the @tty device and if need be let the kref layer
1569  * destruct the object for us.
1570  */
1571 void tty_kref_put(struct tty_struct *tty)
1572 {
1573 	if (tty)
1574 		kref_put(&tty->kref, queue_release_one_tty);
1575 }
1576 EXPORT_SYMBOL(tty_kref_put);
1577 
1578 /**
1579  * release_tty		-	release tty structure memory
1580  * @tty: tty device release
1581  * @idx: index of the tty device release
1582  *
1583  * Release both @tty and a possible linked partner (think pty pair),
1584  * and decrement the refcount of the backing module.
1585  *
1586  * Locking:
1587  *	tty_mutex
1588  *	takes the file list lock internally when working on the list of ttys
1589  *	that the driver keeps.
1590  */
1591 static void release_tty(struct tty_struct *tty, int idx)
1592 {
1593 	/* This should always be true but check for the moment */
1594 	WARN_ON(tty->index != idx);
1595 	WARN_ON(!mutex_is_locked(&tty_mutex));
1596 	if (tty->ops->shutdown)
1597 		tty->ops->shutdown(tty);
1598 	tty_save_termios(tty);
1599 	tty_driver_remove_tty(tty->driver, tty);
1600 	if (tty->port)
1601 		tty->port->itty = NULL;
1602 	if (tty->link)
1603 		tty->link->port->itty = NULL;
1604 	if (tty->port)
1605 		tty_buffer_cancel_work(tty->port);
1606 	if (tty->link)
1607 		tty_buffer_cancel_work(tty->link->port);
1608 
1609 	tty_kref_put(tty->link);
1610 	tty_kref_put(tty);
1611 }
1612 
1613 /**
1614  * tty_release_checks - check a tty before real release
1615  * @tty: tty to check
1616  * @idx: index of the tty
1617  *
1618  * Performs some paranoid checking before true release of the @tty. This is a
1619  * no-op unless %TTY_PARANOIA_CHECK is defined.
1620  */
1621 static int tty_release_checks(struct tty_struct *tty, int idx)
1622 {
1623 #ifdef TTY_PARANOIA_CHECK
1624 	if (idx < 0 || idx >= tty->driver->num) {
1625 		tty_debug(tty, "bad idx %d\n", idx);
1626 		return -1;
1627 	}
1628 
1629 	/* not much to check for devpts */
1630 	if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1631 		return 0;
1632 
1633 	if (tty != tty->driver->ttys[idx]) {
1634 		tty_debug(tty, "bad driver table[%d] = %p\n",
1635 			  idx, tty->driver->ttys[idx]);
1636 		return -1;
1637 	}
1638 	if (tty->driver->other) {
1639 		struct tty_struct *o_tty = tty->link;
1640 
1641 		if (o_tty != tty->driver->other->ttys[idx]) {
1642 			tty_debug(tty, "bad other table[%d] = %p\n",
1643 				  idx, tty->driver->other->ttys[idx]);
1644 			return -1;
1645 		}
1646 		if (o_tty->link != tty) {
1647 			tty_debug(tty, "bad link = %p\n", o_tty->link);
1648 			return -1;
1649 		}
1650 	}
1651 #endif
1652 	return 0;
1653 }
1654 
1655 /**
1656  * tty_kclose      -       closes tty opened by tty_kopen
1657  * @tty: tty device
1658  *
1659  * Performs the final steps to release and free a tty device. It is the same as
1660  * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1661  * @tty->port.
1662  */
1663 void tty_kclose(struct tty_struct *tty)
1664 {
1665 	/*
1666 	 * Ask the line discipline code to release its structures
1667 	 */
1668 	tty_ldisc_release(tty);
1669 
1670 	/* Wait for pending work before tty destruction commences */
1671 	tty_flush_works(tty);
1672 
1673 	tty_debug_hangup(tty, "freeing structure\n");
1674 	/*
1675 	 * The release_tty function takes care of the details of clearing
1676 	 * the slots and preserving the termios structure.
1677 	 */
1678 	mutex_lock(&tty_mutex);
1679 	tty_port_set_kopened(tty->port, 0);
1680 	release_tty(tty, tty->index);
1681 	mutex_unlock(&tty_mutex);
1682 }
1683 EXPORT_SYMBOL_GPL(tty_kclose);
1684 
1685 /**
1686  * tty_release_struct	-	release a tty struct
1687  * @tty: tty device
1688  * @idx: index of the tty
1689  *
1690  * Performs the final steps to release and free a tty device. It is roughly the
1691  * reverse of tty_init_dev().
1692  */
1693 void tty_release_struct(struct tty_struct *tty, int idx)
1694 {
1695 	/*
1696 	 * Ask the line discipline code to release its structures
1697 	 */
1698 	tty_ldisc_release(tty);
1699 
1700 	/* Wait for pending work before tty destruction commmences */
1701 	tty_flush_works(tty);
1702 
1703 	tty_debug_hangup(tty, "freeing structure\n");
1704 	/*
1705 	 * The release_tty function takes care of the details of clearing
1706 	 * the slots and preserving the termios structure.
1707 	 */
1708 	mutex_lock(&tty_mutex);
1709 	release_tty(tty, idx);
1710 	mutex_unlock(&tty_mutex);
1711 }
1712 EXPORT_SYMBOL_GPL(tty_release_struct);
1713 
1714 /**
1715  * tty_release		-	vfs callback for close
1716  * @inode: inode of tty
1717  * @filp: file pointer for handle to tty
1718  *
1719  * Called the last time each file handle is closed that references this tty.
1720  * There may however be several such references.
1721  *
1722  * Locking:
1723  *	Takes BKL. See tty_release_dev().
1724  *
1725  * Even releasing the tty structures is a tricky business. We have to be very
1726  * careful that the structures are all released at the same time, as interrupts
1727  * might otherwise get the wrong pointers.
1728  *
1729  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1730  * lead to double frees or releasing memory still in use.
1731  */
1732 int tty_release(struct inode *inode, struct file *filp)
1733 {
1734 	struct tty_struct *tty = file_tty(filp);
1735 	struct tty_struct *o_tty = NULL;
1736 	int	do_sleep, final;
1737 	int	idx;
1738 	long	timeout = 0;
1739 	int	once = 1;
1740 
1741 	if (tty_paranoia_check(tty, inode, __func__))
1742 		return 0;
1743 
1744 	tty_lock(tty);
1745 	check_tty_count(tty, __func__);
1746 
1747 	__tty_fasync(-1, filp, 0);
1748 
1749 	idx = tty->index;
1750 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1751 	    tty->driver->subtype == PTY_TYPE_MASTER)
1752 		o_tty = tty->link;
1753 
1754 	if (tty_release_checks(tty, idx)) {
1755 		tty_unlock(tty);
1756 		return 0;
1757 	}
1758 
1759 	tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1760 
1761 	if (tty->ops->close)
1762 		tty->ops->close(tty, filp);
1763 
1764 	/* If tty is pty master, lock the slave pty (stable lock order) */
1765 	tty_lock_slave(o_tty);
1766 
1767 	/*
1768 	 * Sanity check: if tty->count is going to zero, there shouldn't be
1769 	 * any waiters on tty->read_wait or tty->write_wait.  We test the
1770 	 * wait queues and kick everyone out _before_ actually starting to
1771 	 * close.  This ensures that we won't block while releasing the tty
1772 	 * structure.
1773 	 *
1774 	 * The test for the o_tty closing is necessary, since the master and
1775 	 * slave sides may close in any order.  If the slave side closes out
1776 	 * first, its count will be one, since the master side holds an open.
1777 	 * Thus this test wouldn't be triggered at the time the slave closed,
1778 	 * so we do it now.
1779 	 */
1780 	while (1) {
1781 		do_sleep = 0;
1782 
1783 		if (tty->count <= 1) {
1784 			if (waitqueue_active(&tty->read_wait)) {
1785 				wake_up_poll(&tty->read_wait, EPOLLIN);
1786 				do_sleep++;
1787 			}
1788 			if (waitqueue_active(&tty->write_wait)) {
1789 				wake_up_poll(&tty->write_wait, EPOLLOUT);
1790 				do_sleep++;
1791 			}
1792 		}
1793 		if (o_tty && o_tty->count <= 1) {
1794 			if (waitqueue_active(&o_tty->read_wait)) {
1795 				wake_up_poll(&o_tty->read_wait, EPOLLIN);
1796 				do_sleep++;
1797 			}
1798 			if (waitqueue_active(&o_tty->write_wait)) {
1799 				wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1800 				do_sleep++;
1801 			}
1802 		}
1803 		if (!do_sleep)
1804 			break;
1805 
1806 		if (once) {
1807 			once = 0;
1808 			tty_warn(tty, "read/write wait queue active!\n");
1809 		}
1810 		schedule_timeout_killable(timeout);
1811 		if (timeout < 120 * HZ)
1812 			timeout = 2 * timeout + 1;
1813 		else
1814 			timeout = MAX_SCHEDULE_TIMEOUT;
1815 	}
1816 
1817 	if (o_tty) {
1818 		if (--o_tty->count < 0) {
1819 			tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1820 			o_tty->count = 0;
1821 		}
1822 	}
1823 	if (--tty->count < 0) {
1824 		tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1825 		tty->count = 0;
1826 	}
1827 
1828 	/*
1829 	 * We've decremented tty->count, so we need to remove this file
1830 	 * descriptor off the tty->tty_files list; this serves two
1831 	 * purposes:
1832 	 *  - check_tty_count sees the correct number of file descriptors
1833 	 *    associated with this tty.
1834 	 *  - do_tty_hangup no longer sees this file descriptor as
1835 	 *    something that needs to be handled for hangups.
1836 	 */
1837 	tty_del_file(filp);
1838 
1839 	/*
1840 	 * Perform some housekeeping before deciding whether to return.
1841 	 *
1842 	 * If _either_ side is closing, make sure there aren't any
1843 	 * processes that still think tty or o_tty is their controlling
1844 	 * tty.
1845 	 */
1846 	if (!tty->count) {
1847 		read_lock(&tasklist_lock);
1848 		session_clear_tty(tty->ctrl.session);
1849 		if (o_tty)
1850 			session_clear_tty(o_tty->ctrl.session);
1851 		read_unlock(&tasklist_lock);
1852 	}
1853 
1854 	/* check whether both sides are closing ... */
1855 	final = !tty->count && !(o_tty && o_tty->count);
1856 
1857 	tty_unlock_slave(o_tty);
1858 	tty_unlock(tty);
1859 
1860 	/* At this point, the tty->count == 0 should ensure a dead tty
1861 	 * cannot be re-opened by a racing opener.
1862 	 */
1863 
1864 	if (!final)
1865 		return 0;
1866 
1867 	tty_debug_hangup(tty, "final close\n");
1868 
1869 	tty_release_struct(tty, idx);
1870 	return 0;
1871 }
1872 
1873 /**
1874  * tty_open_current_tty - get locked tty of current task
1875  * @device: device number
1876  * @filp: file pointer to tty
1877  * @return: locked tty of the current task iff @device is /dev/tty
1878  *
1879  * Performs a re-open of the current task's controlling tty.
1880  *
1881  * We cannot return driver and index like for the other nodes because devpts
1882  * will not work then. It expects inodes to be from devpts FS.
1883  */
1884 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1885 {
1886 	struct tty_struct *tty;
1887 	int retval;
1888 
1889 	if (device != MKDEV(TTYAUX_MAJOR, 0))
1890 		return NULL;
1891 
1892 	tty = get_current_tty();
1893 	if (!tty)
1894 		return ERR_PTR(-ENXIO);
1895 
1896 	filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1897 	/* noctty = 1; */
1898 	tty_lock(tty);
1899 	tty_kref_put(tty);	/* safe to drop the kref now */
1900 
1901 	retval = tty_reopen(tty);
1902 	if (retval < 0) {
1903 		tty_unlock(tty);
1904 		tty = ERR_PTR(retval);
1905 	}
1906 	return tty;
1907 }
1908 
1909 /**
1910  * tty_lookup_driver - lookup a tty driver for a given device file
1911  * @device: device number
1912  * @filp: file pointer to tty
1913  * @index: index for the device in the @return driver
1914  *
1915  * If returned value is not erroneous, the caller is responsible to decrement
1916  * the refcount by tty_driver_kref_put().
1917  *
1918  * Locking: %tty_mutex protects get_tty_driver()
1919  *
1920  * Return: driver for this inode (with increased refcount)
1921  */
1922 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1923 		int *index)
1924 {
1925 	struct tty_driver *driver = NULL;
1926 
1927 	switch (device) {
1928 #ifdef CONFIG_VT
1929 	case MKDEV(TTY_MAJOR, 0): {
1930 		extern struct tty_driver *console_driver;
1931 
1932 		driver = tty_driver_kref_get(console_driver);
1933 		*index = fg_console;
1934 		break;
1935 	}
1936 #endif
1937 	case MKDEV(TTYAUX_MAJOR, 1): {
1938 		struct tty_driver *console_driver = console_device(index);
1939 
1940 		if (console_driver) {
1941 			driver = tty_driver_kref_get(console_driver);
1942 			if (driver && filp) {
1943 				/* Don't let /dev/console block */
1944 				filp->f_flags |= O_NONBLOCK;
1945 				break;
1946 			}
1947 		}
1948 		if (driver)
1949 			tty_driver_kref_put(driver);
1950 		return ERR_PTR(-ENODEV);
1951 	}
1952 	default:
1953 		driver = get_tty_driver(device, index);
1954 		if (!driver)
1955 			return ERR_PTR(-ENODEV);
1956 		break;
1957 	}
1958 	return driver;
1959 }
1960 
1961 static struct tty_struct *tty_kopen(dev_t device, int shared)
1962 {
1963 	struct tty_struct *tty;
1964 	struct tty_driver *driver;
1965 	int index = -1;
1966 
1967 	mutex_lock(&tty_mutex);
1968 	driver = tty_lookup_driver(device, NULL, &index);
1969 	if (IS_ERR(driver)) {
1970 		mutex_unlock(&tty_mutex);
1971 		return ERR_CAST(driver);
1972 	}
1973 
1974 	/* check whether we're reopening an existing tty */
1975 	tty = tty_driver_lookup_tty(driver, NULL, index);
1976 	if (IS_ERR(tty) || shared)
1977 		goto out;
1978 
1979 	if (tty) {
1980 		/* drop kref from tty_driver_lookup_tty() */
1981 		tty_kref_put(tty);
1982 		tty = ERR_PTR(-EBUSY);
1983 	} else { /* tty_init_dev returns tty with the tty_lock held */
1984 		tty = tty_init_dev(driver, index);
1985 		if (IS_ERR(tty))
1986 			goto out;
1987 		tty_port_set_kopened(tty->port, 1);
1988 	}
1989 out:
1990 	mutex_unlock(&tty_mutex);
1991 	tty_driver_kref_put(driver);
1992 	return tty;
1993 }
1994 
1995 /**
1996  * tty_kopen_exclusive	-	open a tty device for kernel
1997  * @device: dev_t of device to open
1998  *
1999  * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
2000  * it's not already opened and performs the first-time tty initialization.
2001  *
2002  * Claims the global %tty_mutex to serialize:
2003  *  * concurrent first-time tty initialization
2004  *  * concurrent tty driver removal w/ lookup
2005  *  * concurrent tty removal from driver table
2006  *
2007  * Return: the locked initialized &tty_struct
2008  */
2009 struct tty_struct *tty_kopen_exclusive(dev_t device)
2010 {
2011 	return tty_kopen(device, 0);
2012 }
2013 EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2014 
2015 /**
2016  * tty_kopen_shared	-	open a tty device for shared in-kernel use
2017  * @device: dev_t of device to open
2018  *
2019  * Opens an already existing tty for in-kernel use. Compared to
2020  * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2021  *
2022  * Locking: identical to tty_kopen() above.
2023  */
2024 struct tty_struct *tty_kopen_shared(dev_t device)
2025 {
2026 	return tty_kopen(device, 1);
2027 }
2028 EXPORT_SYMBOL_GPL(tty_kopen_shared);
2029 
2030 /**
2031  * tty_open_by_driver	-	open a tty device
2032  * @device: dev_t of device to open
2033  * @filp: file pointer to tty
2034  *
2035  * Performs the driver lookup, checks for a reopen, or otherwise performs the
2036  * first-time tty initialization.
2037  *
2038  *
2039  * Claims the global tty_mutex to serialize:
2040  *  * concurrent first-time tty initialization
2041  *  * concurrent tty driver removal w/ lookup
2042  *  * concurrent tty removal from driver table
2043  *
2044  * Return: the locked initialized or re-opened &tty_struct
2045  */
2046 static struct tty_struct *tty_open_by_driver(dev_t device,
2047 					     struct file *filp)
2048 {
2049 	struct tty_struct *tty;
2050 	struct tty_driver *driver = NULL;
2051 	int index = -1;
2052 	int retval;
2053 
2054 	mutex_lock(&tty_mutex);
2055 	driver = tty_lookup_driver(device, filp, &index);
2056 	if (IS_ERR(driver)) {
2057 		mutex_unlock(&tty_mutex);
2058 		return ERR_CAST(driver);
2059 	}
2060 
2061 	/* check whether we're reopening an existing tty */
2062 	tty = tty_driver_lookup_tty(driver, filp, index);
2063 	if (IS_ERR(tty)) {
2064 		mutex_unlock(&tty_mutex);
2065 		goto out;
2066 	}
2067 
2068 	if (tty) {
2069 		if (tty_port_kopened(tty->port)) {
2070 			tty_kref_put(tty);
2071 			mutex_unlock(&tty_mutex);
2072 			tty = ERR_PTR(-EBUSY);
2073 			goto out;
2074 		}
2075 		mutex_unlock(&tty_mutex);
2076 		retval = tty_lock_interruptible(tty);
2077 		tty_kref_put(tty);  /* drop kref from tty_driver_lookup_tty() */
2078 		if (retval) {
2079 			if (retval == -EINTR)
2080 				retval = -ERESTARTSYS;
2081 			tty = ERR_PTR(retval);
2082 			goto out;
2083 		}
2084 		retval = tty_reopen(tty);
2085 		if (retval < 0) {
2086 			tty_unlock(tty);
2087 			tty = ERR_PTR(retval);
2088 		}
2089 	} else { /* Returns with the tty_lock held for now */
2090 		tty = tty_init_dev(driver, index);
2091 		mutex_unlock(&tty_mutex);
2092 	}
2093 out:
2094 	tty_driver_kref_put(driver);
2095 	return tty;
2096 }
2097 
2098 /**
2099  * tty_open	-	open a tty device
2100  * @inode: inode of device file
2101  * @filp: file pointer to tty
2102  *
2103  * tty_open() and tty_release() keep up the tty count that contains the number
2104  * of opens done on a tty. We cannot use the inode-count, as different inodes
2105  * might point to the same tty.
2106  *
2107  * Open-counting is needed for pty masters, as well as for keeping track of
2108  * serial lines: DTR is dropped when the last close happens.
2109  * (This is not done solely through tty->count, now.  - Ted 1/27/92)
2110  *
2111  * The termios state of a pty is reset on the first open so that settings don't
2112  * persist across reuse.
2113  *
2114  * Locking:
2115  *  * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2116  *  * @tty->count should protect the rest.
2117  *  * ->siglock protects ->signal/->sighand
2118  *
2119  * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2120  */
2121 static int tty_open(struct inode *inode, struct file *filp)
2122 {
2123 	struct tty_struct *tty;
2124 	int noctty, retval;
2125 	dev_t device = inode->i_rdev;
2126 	unsigned saved_flags = filp->f_flags;
2127 
2128 	nonseekable_open(inode, filp);
2129 
2130 retry_open:
2131 	retval = tty_alloc_file(filp);
2132 	if (retval)
2133 		return -ENOMEM;
2134 
2135 	tty = tty_open_current_tty(device, filp);
2136 	if (!tty)
2137 		tty = tty_open_by_driver(device, filp);
2138 
2139 	if (IS_ERR(tty)) {
2140 		tty_free_file(filp);
2141 		retval = PTR_ERR(tty);
2142 		if (retval != -EAGAIN || signal_pending(current))
2143 			return retval;
2144 		schedule();
2145 		goto retry_open;
2146 	}
2147 
2148 	tty_add_file(tty, filp);
2149 
2150 	check_tty_count(tty, __func__);
2151 	tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2152 
2153 	if (tty->ops->open)
2154 		retval = tty->ops->open(tty, filp);
2155 	else
2156 		retval = -ENODEV;
2157 	filp->f_flags = saved_flags;
2158 
2159 	if (retval) {
2160 		tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2161 
2162 		tty_unlock(tty); /* need to call tty_release without BTM */
2163 		tty_release(inode, filp);
2164 		if (retval != -ERESTARTSYS)
2165 			return retval;
2166 
2167 		if (signal_pending(current))
2168 			return retval;
2169 
2170 		schedule();
2171 		/*
2172 		 * Need to reset f_op in case a hangup happened.
2173 		 */
2174 		if (tty_hung_up_p(filp))
2175 			filp->f_op = &tty_fops;
2176 		goto retry_open;
2177 	}
2178 	clear_bit(TTY_HUPPED, &tty->flags);
2179 
2180 	noctty = (filp->f_flags & O_NOCTTY) ||
2181 		 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2182 		 device == MKDEV(TTYAUX_MAJOR, 1) ||
2183 		 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2184 		  tty->driver->subtype == PTY_TYPE_MASTER);
2185 	if (!noctty)
2186 		tty_open_proc_set_tty(filp, tty);
2187 	tty_unlock(tty);
2188 	return 0;
2189 }
2190 
2191 
2192 /**
2193  * tty_poll	-	check tty status
2194  * @filp: file being polled
2195  * @wait: poll wait structures to update
2196  *
2197  * Call the line discipline polling method to obtain the poll status of the
2198  * device.
2199  *
2200  * Locking: locks called line discipline but ldisc poll method may be
2201  * re-entered freely by other callers.
2202  */
2203 static __poll_t tty_poll(struct file *filp, poll_table *wait)
2204 {
2205 	struct tty_struct *tty = file_tty(filp);
2206 	struct tty_ldisc *ld;
2207 	__poll_t ret = 0;
2208 
2209 	if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2210 		return 0;
2211 
2212 	ld = tty_ldisc_ref_wait(tty);
2213 	if (!ld)
2214 		return hung_up_tty_poll(filp, wait);
2215 	if (ld->ops->poll)
2216 		ret = ld->ops->poll(tty, filp, wait);
2217 	tty_ldisc_deref(ld);
2218 	return ret;
2219 }
2220 
2221 static int __tty_fasync(int fd, struct file *filp, int on)
2222 {
2223 	struct tty_struct *tty = file_tty(filp);
2224 	unsigned long flags;
2225 	int retval = 0;
2226 
2227 	if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2228 		goto out;
2229 
2230 	retval = fasync_helper(fd, filp, on, &tty->fasync);
2231 	if (retval <= 0)
2232 		goto out;
2233 
2234 	if (on) {
2235 		enum pid_type type;
2236 		struct pid *pid;
2237 
2238 		spin_lock_irqsave(&tty->ctrl.lock, flags);
2239 		if (tty->ctrl.pgrp) {
2240 			pid = tty->ctrl.pgrp;
2241 			type = PIDTYPE_PGID;
2242 		} else {
2243 			pid = task_pid(current);
2244 			type = PIDTYPE_TGID;
2245 		}
2246 		get_pid(pid);
2247 		spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2248 		__f_setown(filp, pid, type, 0);
2249 		put_pid(pid);
2250 		retval = 0;
2251 	}
2252 out:
2253 	return retval;
2254 }
2255 
2256 static int tty_fasync(int fd, struct file *filp, int on)
2257 {
2258 	struct tty_struct *tty = file_tty(filp);
2259 	int retval = -ENOTTY;
2260 
2261 	tty_lock(tty);
2262 	if (!tty_hung_up_p(filp))
2263 		retval = __tty_fasync(fd, filp, on);
2264 	tty_unlock(tty);
2265 
2266 	return retval;
2267 }
2268 
2269 static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
2270 /**
2271  * tiocsti		-	fake input character
2272  * @tty: tty to fake input into
2273  * @p: pointer to character
2274  *
2275  * Fake input to a tty device. Does the necessary locking and input management.
2276  *
2277  * FIXME: does not honour flow control ??
2278  *
2279  * Locking:
2280  *  * Called functions take tty_ldiscs_lock
2281  *  * current->signal->tty check is safe without locks
2282  */
2283 static int tiocsti(struct tty_struct *tty, char __user *p)
2284 {
2285 	char ch, mbz = 0;
2286 	struct tty_ldisc *ld;
2287 
2288 	if (!tty_legacy_tiocsti && !capable(CAP_SYS_ADMIN))
2289 		return -EIO;
2290 
2291 	if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2292 		return -EPERM;
2293 	if (get_user(ch, p))
2294 		return -EFAULT;
2295 	tty_audit_tiocsti(tty, ch);
2296 	ld = tty_ldisc_ref_wait(tty);
2297 	if (!ld)
2298 		return -EIO;
2299 	tty_buffer_lock_exclusive(tty->port);
2300 	if (ld->ops->receive_buf)
2301 		ld->ops->receive_buf(tty, &ch, &mbz, 1);
2302 	tty_buffer_unlock_exclusive(tty->port);
2303 	tty_ldisc_deref(ld);
2304 	return 0;
2305 }
2306 
2307 /**
2308  * tiocgwinsz		-	implement window query ioctl
2309  * @tty: tty
2310  * @arg: user buffer for result
2311  *
2312  * Copies the kernel idea of the window size into the user buffer.
2313  *
2314  * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2315  * consistent.
2316  */
2317 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2318 {
2319 	int err;
2320 
2321 	mutex_lock(&tty->winsize_mutex);
2322 	err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2323 	mutex_unlock(&tty->winsize_mutex);
2324 
2325 	return err ? -EFAULT : 0;
2326 }
2327 
2328 /**
2329  * tty_do_resize	-	resize event
2330  * @tty: tty being resized
2331  * @ws: new dimensions
2332  *
2333  * Update the termios variables and send the necessary signals to peform a
2334  * terminal resize correctly.
2335  */
2336 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2337 {
2338 	struct pid *pgrp;
2339 
2340 	/* Lock the tty */
2341 	mutex_lock(&tty->winsize_mutex);
2342 	if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2343 		goto done;
2344 
2345 	/* Signal the foreground process group */
2346 	pgrp = tty_get_pgrp(tty);
2347 	if (pgrp)
2348 		kill_pgrp(pgrp, SIGWINCH, 1);
2349 	put_pid(pgrp);
2350 
2351 	tty->winsize = *ws;
2352 done:
2353 	mutex_unlock(&tty->winsize_mutex);
2354 	return 0;
2355 }
2356 EXPORT_SYMBOL(tty_do_resize);
2357 
2358 /**
2359  * tiocswinsz		-	implement window size set ioctl
2360  * @tty: tty side of tty
2361  * @arg: user buffer for result
2362  *
2363  * Copies the user idea of the window size to the kernel. Traditionally this is
2364  * just advisory information but for the Linux console it actually has driver
2365  * level meaning and triggers a VC resize.
2366  *
2367  * Locking:
2368  *	Driver dependent. The default do_resize method takes the tty termios
2369  *	mutex and ctrl.lock. The console takes its own lock then calls into the
2370  *	default method.
2371  */
2372 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2373 {
2374 	struct winsize tmp_ws;
2375 
2376 	if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2377 		return -EFAULT;
2378 
2379 	if (tty->ops->resize)
2380 		return tty->ops->resize(tty, &tmp_ws);
2381 	else
2382 		return tty_do_resize(tty, &tmp_ws);
2383 }
2384 
2385 /**
2386  * tioccons	-	allow admin to move logical console
2387  * @file: the file to become console
2388  *
2389  * Allow the administrator to move the redirected console device.
2390  *
2391  * Locking: uses redirect_lock to guard the redirect information
2392  */
2393 static int tioccons(struct file *file)
2394 {
2395 	if (!capable(CAP_SYS_ADMIN))
2396 		return -EPERM;
2397 	if (file->f_op->write_iter == redirected_tty_write) {
2398 		struct file *f;
2399 
2400 		spin_lock(&redirect_lock);
2401 		f = redirect;
2402 		redirect = NULL;
2403 		spin_unlock(&redirect_lock);
2404 		if (f)
2405 			fput(f);
2406 		return 0;
2407 	}
2408 	if (file->f_op->write_iter != tty_write)
2409 		return -ENOTTY;
2410 	if (!(file->f_mode & FMODE_WRITE))
2411 		return -EBADF;
2412 	if (!(file->f_mode & FMODE_CAN_WRITE))
2413 		return -EINVAL;
2414 	spin_lock(&redirect_lock);
2415 	if (redirect) {
2416 		spin_unlock(&redirect_lock);
2417 		return -EBUSY;
2418 	}
2419 	redirect = get_file(file);
2420 	spin_unlock(&redirect_lock);
2421 	return 0;
2422 }
2423 
2424 /**
2425  * tiocsetd	-	set line discipline
2426  * @tty: tty device
2427  * @p: pointer to user data
2428  *
2429  * Set the line discipline according to user request.
2430  *
2431  * Locking: see tty_set_ldisc(), this function is just a helper
2432  */
2433 static int tiocsetd(struct tty_struct *tty, int __user *p)
2434 {
2435 	int disc;
2436 	int ret;
2437 
2438 	if (get_user(disc, p))
2439 		return -EFAULT;
2440 
2441 	ret = tty_set_ldisc(tty, disc);
2442 
2443 	return ret;
2444 }
2445 
2446 /**
2447  * tiocgetd	-	get line discipline
2448  * @tty: tty device
2449  * @p: pointer to user data
2450  *
2451  * Retrieves the line discipline id directly from the ldisc.
2452  *
2453  * Locking: waits for ldisc reference (in case the line discipline is changing
2454  * or the @tty is being hungup)
2455  */
2456 static int tiocgetd(struct tty_struct *tty, int __user *p)
2457 {
2458 	struct tty_ldisc *ld;
2459 	int ret;
2460 
2461 	ld = tty_ldisc_ref_wait(tty);
2462 	if (!ld)
2463 		return -EIO;
2464 	ret = put_user(ld->ops->num, p);
2465 	tty_ldisc_deref(ld);
2466 	return ret;
2467 }
2468 
2469 /**
2470  * send_break	-	performed time break
2471  * @tty: device to break on
2472  * @duration: timeout in mS
2473  *
2474  * Perform a timed break on hardware that lacks its own driver level timed
2475  * break functionality.
2476  *
2477  * Locking:
2478  *	@tty->atomic_write_lock serializes
2479  */
2480 static int send_break(struct tty_struct *tty, unsigned int duration)
2481 {
2482 	int retval;
2483 
2484 	if (tty->ops->break_ctl == NULL)
2485 		return 0;
2486 
2487 	if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2488 		retval = tty->ops->break_ctl(tty, duration);
2489 	else {
2490 		/* Do the work ourselves */
2491 		if (tty_write_lock(tty, 0) < 0)
2492 			return -EINTR;
2493 		retval = tty->ops->break_ctl(tty, -1);
2494 		if (retval)
2495 			goto out;
2496 		if (!signal_pending(current))
2497 			msleep_interruptible(duration);
2498 		retval = tty->ops->break_ctl(tty, 0);
2499 out:
2500 		tty_write_unlock(tty);
2501 		if (signal_pending(current))
2502 			retval = -EINTR;
2503 	}
2504 	return retval;
2505 }
2506 
2507 /**
2508  * tty_tiocmget		-	get modem status
2509  * @tty: tty device
2510  * @p: pointer to result
2511  *
2512  * Obtain the modem status bits from the tty driver if the feature is
2513  * supported. Return -%ENOTTY if it is not available.
2514  *
2515  * Locking: none (up to the driver)
2516  */
2517 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2518 {
2519 	int retval = -ENOTTY;
2520 
2521 	if (tty->ops->tiocmget) {
2522 		retval = tty->ops->tiocmget(tty);
2523 
2524 		if (retval >= 0)
2525 			retval = put_user(retval, p);
2526 	}
2527 	return retval;
2528 }
2529 
2530 /**
2531  * tty_tiocmset		-	set modem status
2532  * @tty: tty device
2533  * @cmd: command - clear bits, set bits or set all
2534  * @p: pointer to desired bits
2535  *
2536  * Set the modem status bits from the tty driver if the feature
2537  * is supported. Return -%ENOTTY if it is not available.
2538  *
2539  * Locking: none (up to the driver)
2540  */
2541 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2542 	     unsigned __user *p)
2543 {
2544 	int retval;
2545 	unsigned int set, clear, val;
2546 
2547 	if (tty->ops->tiocmset == NULL)
2548 		return -ENOTTY;
2549 
2550 	retval = get_user(val, p);
2551 	if (retval)
2552 		return retval;
2553 	set = clear = 0;
2554 	switch (cmd) {
2555 	case TIOCMBIS:
2556 		set = val;
2557 		break;
2558 	case TIOCMBIC:
2559 		clear = val;
2560 		break;
2561 	case TIOCMSET:
2562 		set = val;
2563 		clear = ~val;
2564 		break;
2565 	}
2566 	set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2567 	clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2568 	return tty->ops->tiocmset(tty, set, clear);
2569 }
2570 
2571 /**
2572  * tty_get_icount	-	get tty statistics
2573  * @tty: tty device
2574  * @icount: output parameter
2575  *
2576  * Gets a copy of the @tty's icount statistics.
2577  *
2578  * Locking: none (up to the driver)
2579  */
2580 int tty_get_icount(struct tty_struct *tty,
2581 		   struct serial_icounter_struct *icount)
2582 {
2583 	memset(icount, 0, sizeof(*icount));
2584 
2585 	if (tty->ops->get_icount)
2586 		return tty->ops->get_icount(tty, icount);
2587 	else
2588 		return -ENOTTY;
2589 }
2590 EXPORT_SYMBOL_GPL(tty_get_icount);
2591 
2592 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2593 {
2594 	struct serial_icounter_struct icount;
2595 	int retval;
2596 
2597 	retval = tty_get_icount(tty, &icount);
2598 	if (retval != 0)
2599 		return retval;
2600 
2601 	if (copy_to_user(arg, &icount, sizeof(icount)))
2602 		return -EFAULT;
2603 	return 0;
2604 }
2605 
2606 static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2607 {
2608 	char comm[TASK_COMM_LEN];
2609 	int flags;
2610 
2611 	flags = ss->flags & ASYNC_DEPRECATED;
2612 
2613 	if (flags)
2614 		pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2615 				__func__, get_task_comm(comm, current), flags);
2616 
2617 	if (!tty->ops->set_serial)
2618 		return -ENOTTY;
2619 
2620 	return tty->ops->set_serial(tty, ss);
2621 }
2622 
2623 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2624 {
2625 	struct serial_struct v;
2626 
2627 	if (copy_from_user(&v, ss, sizeof(*ss)))
2628 		return -EFAULT;
2629 
2630 	return tty_set_serial(tty, &v);
2631 }
2632 
2633 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2634 {
2635 	struct serial_struct v;
2636 	int err;
2637 
2638 	memset(&v, 0, sizeof(v));
2639 	if (!tty->ops->get_serial)
2640 		return -ENOTTY;
2641 	err = tty->ops->get_serial(tty, &v);
2642 	if (!err && copy_to_user(ss, &v, sizeof(v)))
2643 		err = -EFAULT;
2644 	return err;
2645 }
2646 
2647 /*
2648  * if pty, return the slave side (real_tty)
2649  * otherwise, return self
2650  */
2651 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2652 {
2653 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2654 	    tty->driver->subtype == PTY_TYPE_MASTER)
2655 		tty = tty->link;
2656 	return tty;
2657 }
2658 
2659 /*
2660  * Split this up, as gcc can choke on it otherwise..
2661  */
2662 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2663 {
2664 	struct tty_struct *tty = file_tty(file);
2665 	struct tty_struct *real_tty;
2666 	void __user *p = (void __user *)arg;
2667 	int retval;
2668 	struct tty_ldisc *ld;
2669 
2670 	if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2671 		return -EINVAL;
2672 
2673 	real_tty = tty_pair_get_tty(tty);
2674 
2675 	/*
2676 	 * Factor out some common prep work
2677 	 */
2678 	switch (cmd) {
2679 	case TIOCSETD:
2680 	case TIOCSBRK:
2681 	case TIOCCBRK:
2682 	case TCSBRK:
2683 	case TCSBRKP:
2684 		retval = tty_check_change(tty);
2685 		if (retval)
2686 			return retval;
2687 		if (cmd != TIOCCBRK) {
2688 			tty_wait_until_sent(tty, 0);
2689 			if (signal_pending(current))
2690 				return -EINTR;
2691 		}
2692 		break;
2693 	}
2694 
2695 	/*
2696 	 *	Now do the stuff.
2697 	 */
2698 	switch (cmd) {
2699 	case TIOCSTI:
2700 		return tiocsti(tty, p);
2701 	case TIOCGWINSZ:
2702 		return tiocgwinsz(real_tty, p);
2703 	case TIOCSWINSZ:
2704 		return tiocswinsz(real_tty, p);
2705 	case TIOCCONS:
2706 		return real_tty != tty ? -EINVAL : tioccons(file);
2707 	case TIOCEXCL:
2708 		set_bit(TTY_EXCLUSIVE, &tty->flags);
2709 		return 0;
2710 	case TIOCNXCL:
2711 		clear_bit(TTY_EXCLUSIVE, &tty->flags);
2712 		return 0;
2713 	case TIOCGEXCL:
2714 	{
2715 		int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2716 
2717 		return put_user(excl, (int __user *)p);
2718 	}
2719 	case TIOCGETD:
2720 		return tiocgetd(tty, p);
2721 	case TIOCSETD:
2722 		return tiocsetd(tty, p);
2723 	case TIOCVHANGUP:
2724 		if (!capable(CAP_SYS_ADMIN))
2725 			return -EPERM;
2726 		tty_vhangup(tty);
2727 		return 0;
2728 	case TIOCGDEV:
2729 	{
2730 		unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2731 
2732 		return put_user(ret, (unsigned int __user *)p);
2733 	}
2734 	/*
2735 	 * Break handling
2736 	 */
2737 	case TIOCSBRK:	/* Turn break on, unconditionally */
2738 		if (tty->ops->break_ctl)
2739 			return tty->ops->break_ctl(tty, -1);
2740 		return 0;
2741 	case TIOCCBRK:	/* Turn break off, unconditionally */
2742 		if (tty->ops->break_ctl)
2743 			return tty->ops->break_ctl(tty, 0);
2744 		return 0;
2745 	case TCSBRK:   /* SVID version: non-zero arg --> no break */
2746 		/* non-zero arg means wait for all output data
2747 		 * to be sent (performed above) but don't send break.
2748 		 * This is used by the tcdrain() termios function.
2749 		 */
2750 		if (!arg)
2751 			return send_break(tty, 250);
2752 		return 0;
2753 	case TCSBRKP:	/* support for POSIX tcsendbreak() */
2754 		return send_break(tty, arg ? arg*100 : 250);
2755 
2756 	case TIOCMGET:
2757 		return tty_tiocmget(tty, p);
2758 	case TIOCMSET:
2759 	case TIOCMBIC:
2760 	case TIOCMBIS:
2761 		return tty_tiocmset(tty, cmd, p);
2762 	case TIOCGICOUNT:
2763 		return tty_tiocgicount(tty, p);
2764 	case TCFLSH:
2765 		switch (arg) {
2766 		case TCIFLUSH:
2767 		case TCIOFLUSH:
2768 		/* flush tty buffer and allow ldisc to process ioctl */
2769 			tty_buffer_flush(tty, NULL);
2770 			break;
2771 		}
2772 		break;
2773 	case TIOCSSERIAL:
2774 		return tty_tiocsserial(tty, p);
2775 	case TIOCGSERIAL:
2776 		return tty_tiocgserial(tty, p);
2777 	case TIOCGPTPEER:
2778 		/* Special because the struct file is needed */
2779 		return ptm_open_peer(file, tty, (int)arg);
2780 	default:
2781 		retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2782 		if (retval != -ENOIOCTLCMD)
2783 			return retval;
2784 	}
2785 	if (tty->ops->ioctl) {
2786 		retval = tty->ops->ioctl(tty, cmd, arg);
2787 		if (retval != -ENOIOCTLCMD)
2788 			return retval;
2789 	}
2790 	ld = tty_ldisc_ref_wait(tty);
2791 	if (!ld)
2792 		return hung_up_tty_ioctl(file, cmd, arg);
2793 	retval = -EINVAL;
2794 	if (ld->ops->ioctl) {
2795 		retval = ld->ops->ioctl(tty, cmd, arg);
2796 		if (retval == -ENOIOCTLCMD)
2797 			retval = -ENOTTY;
2798 	}
2799 	tty_ldisc_deref(ld);
2800 	return retval;
2801 }
2802 
2803 #ifdef CONFIG_COMPAT
2804 
2805 struct serial_struct32 {
2806 	compat_int_t    type;
2807 	compat_int_t    line;
2808 	compat_uint_t   port;
2809 	compat_int_t    irq;
2810 	compat_int_t    flags;
2811 	compat_int_t    xmit_fifo_size;
2812 	compat_int_t    custom_divisor;
2813 	compat_int_t    baud_base;
2814 	unsigned short  close_delay;
2815 	char    io_type;
2816 	char    reserved_char;
2817 	compat_int_t    hub6;
2818 	unsigned short  closing_wait; /* time to wait before closing */
2819 	unsigned short  closing_wait2; /* no longer used... */
2820 	compat_uint_t   iomem_base;
2821 	unsigned short  iomem_reg_shift;
2822 	unsigned int    port_high;
2823 	/* compat_ulong_t  iomap_base FIXME */
2824 	compat_int_t    reserved;
2825 };
2826 
2827 static int compat_tty_tiocsserial(struct tty_struct *tty,
2828 		struct serial_struct32 __user *ss)
2829 {
2830 	struct serial_struct32 v32;
2831 	struct serial_struct v;
2832 
2833 	if (copy_from_user(&v32, ss, sizeof(*ss)))
2834 		return -EFAULT;
2835 
2836 	memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2837 	v.iomem_base = compat_ptr(v32.iomem_base);
2838 	v.iomem_reg_shift = v32.iomem_reg_shift;
2839 	v.port_high = v32.port_high;
2840 	v.iomap_base = 0;
2841 
2842 	return tty_set_serial(tty, &v);
2843 }
2844 
2845 static int compat_tty_tiocgserial(struct tty_struct *tty,
2846 			struct serial_struct32 __user *ss)
2847 {
2848 	struct serial_struct32 v32;
2849 	struct serial_struct v;
2850 	int err;
2851 
2852 	memset(&v, 0, sizeof(v));
2853 	memset(&v32, 0, sizeof(v32));
2854 
2855 	if (!tty->ops->get_serial)
2856 		return -ENOTTY;
2857 	err = tty->ops->get_serial(tty, &v);
2858 	if (!err) {
2859 		memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2860 		v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2861 			0xfffffff : ptr_to_compat(v.iomem_base);
2862 		v32.iomem_reg_shift = v.iomem_reg_shift;
2863 		v32.port_high = v.port_high;
2864 		if (copy_to_user(ss, &v32, sizeof(v32)))
2865 			err = -EFAULT;
2866 	}
2867 	return err;
2868 }
2869 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2870 				unsigned long arg)
2871 {
2872 	struct tty_struct *tty = file_tty(file);
2873 	struct tty_ldisc *ld;
2874 	int retval = -ENOIOCTLCMD;
2875 
2876 	switch (cmd) {
2877 	case TIOCOUTQ:
2878 	case TIOCSTI:
2879 	case TIOCGWINSZ:
2880 	case TIOCSWINSZ:
2881 	case TIOCGEXCL:
2882 	case TIOCGETD:
2883 	case TIOCSETD:
2884 	case TIOCGDEV:
2885 	case TIOCMGET:
2886 	case TIOCMSET:
2887 	case TIOCMBIC:
2888 	case TIOCMBIS:
2889 	case TIOCGICOUNT:
2890 	case TIOCGPGRP:
2891 	case TIOCSPGRP:
2892 	case TIOCGSID:
2893 	case TIOCSERGETLSR:
2894 	case TIOCGRS485:
2895 	case TIOCSRS485:
2896 #ifdef TIOCGETP
2897 	case TIOCGETP:
2898 	case TIOCSETP:
2899 	case TIOCSETN:
2900 #endif
2901 #ifdef TIOCGETC
2902 	case TIOCGETC:
2903 	case TIOCSETC:
2904 #endif
2905 #ifdef TIOCGLTC
2906 	case TIOCGLTC:
2907 	case TIOCSLTC:
2908 #endif
2909 	case TCSETSF:
2910 	case TCSETSW:
2911 	case TCSETS:
2912 	case TCGETS:
2913 #ifdef TCGETS2
2914 	case TCGETS2:
2915 	case TCSETSF2:
2916 	case TCSETSW2:
2917 	case TCSETS2:
2918 #endif
2919 	case TCGETA:
2920 	case TCSETAF:
2921 	case TCSETAW:
2922 	case TCSETA:
2923 	case TIOCGLCKTRMIOS:
2924 	case TIOCSLCKTRMIOS:
2925 #ifdef TCGETX
2926 	case TCGETX:
2927 	case TCSETX:
2928 	case TCSETXW:
2929 	case TCSETXF:
2930 #endif
2931 	case TIOCGSOFTCAR:
2932 	case TIOCSSOFTCAR:
2933 
2934 	case PPPIOCGCHAN:
2935 	case PPPIOCGUNIT:
2936 		return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2937 	case TIOCCONS:
2938 	case TIOCEXCL:
2939 	case TIOCNXCL:
2940 	case TIOCVHANGUP:
2941 	case TIOCSBRK:
2942 	case TIOCCBRK:
2943 	case TCSBRK:
2944 	case TCSBRKP:
2945 	case TCFLSH:
2946 	case TIOCGPTPEER:
2947 	case TIOCNOTTY:
2948 	case TIOCSCTTY:
2949 	case TCXONC:
2950 	case TIOCMIWAIT:
2951 	case TIOCSERCONFIG:
2952 		return tty_ioctl(file, cmd, arg);
2953 	}
2954 
2955 	if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2956 		return -EINVAL;
2957 
2958 	switch (cmd) {
2959 	case TIOCSSERIAL:
2960 		return compat_tty_tiocsserial(tty, compat_ptr(arg));
2961 	case TIOCGSERIAL:
2962 		return compat_tty_tiocgserial(tty, compat_ptr(arg));
2963 	}
2964 	if (tty->ops->compat_ioctl) {
2965 		retval = tty->ops->compat_ioctl(tty, cmd, arg);
2966 		if (retval != -ENOIOCTLCMD)
2967 			return retval;
2968 	}
2969 
2970 	ld = tty_ldisc_ref_wait(tty);
2971 	if (!ld)
2972 		return hung_up_tty_compat_ioctl(file, cmd, arg);
2973 	if (ld->ops->compat_ioctl)
2974 		retval = ld->ops->compat_ioctl(tty, cmd, arg);
2975 	if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2976 		retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2977 				arg);
2978 	tty_ldisc_deref(ld);
2979 
2980 	return retval;
2981 }
2982 #endif
2983 
2984 static int this_tty(const void *t, struct file *file, unsigned fd)
2985 {
2986 	if (likely(file->f_op->read_iter != tty_read))
2987 		return 0;
2988 	return file_tty(file) != t ? 0 : fd + 1;
2989 }
2990 
2991 /*
2992  * This implements the "Secure Attention Key" ---  the idea is to
2993  * prevent trojan horses by killing all processes associated with this
2994  * tty when the user hits the "Secure Attention Key".  Required for
2995  * super-paranoid applications --- see the Orange Book for more details.
2996  *
2997  * This code could be nicer; ideally it should send a HUP, wait a few
2998  * seconds, then send a INT, and then a KILL signal.  But you then
2999  * have to coordinate with the init process, since all processes associated
3000  * with the current tty must be dead before the new getty is allowed
3001  * to spawn.
3002  *
3003  * Now, if it would be correct ;-/ The current code has a nasty hole -
3004  * it doesn't catch files in flight. We may send the descriptor to ourselves
3005  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3006  *
3007  * Nasty bug: do_SAK is being called in interrupt context.  This can
3008  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
3009  */
3010 void __do_SAK(struct tty_struct *tty)
3011 {
3012 	struct task_struct *g, *p;
3013 	struct pid *session;
3014 	int i;
3015 	unsigned long flags;
3016 
3017 	spin_lock_irqsave(&tty->ctrl.lock, flags);
3018 	session = get_pid(tty->ctrl.session);
3019 	spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3020 
3021 	tty_ldisc_flush(tty);
3022 
3023 	tty_driver_flush_buffer(tty);
3024 
3025 	read_lock(&tasklist_lock);
3026 	/* Kill the entire session */
3027 	do_each_pid_task(session, PIDTYPE_SID, p) {
3028 		tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3029 			   task_pid_nr(p), p->comm);
3030 		group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3031 	} while_each_pid_task(session, PIDTYPE_SID, p);
3032 
3033 	/* Now kill any processes that happen to have the tty open */
3034 	for_each_process_thread(g, p) {
3035 		if (p->signal->tty == tty) {
3036 			tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3037 				   task_pid_nr(p), p->comm);
3038 			group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3039 					PIDTYPE_SID);
3040 			continue;
3041 		}
3042 		task_lock(p);
3043 		i = iterate_fd(p->files, 0, this_tty, tty);
3044 		if (i != 0) {
3045 			tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3046 				   task_pid_nr(p), p->comm, i - 1);
3047 			group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3048 					PIDTYPE_SID);
3049 		}
3050 		task_unlock(p);
3051 	}
3052 	read_unlock(&tasklist_lock);
3053 	put_pid(session);
3054 }
3055 
3056 static void do_SAK_work(struct work_struct *work)
3057 {
3058 	struct tty_struct *tty =
3059 		container_of(work, struct tty_struct, SAK_work);
3060 	__do_SAK(tty);
3061 }
3062 
3063 /*
3064  * The tq handling here is a little racy - tty->SAK_work may already be queued.
3065  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3066  * the values which we write to it will be identical to the values which it
3067  * already has. --akpm
3068  */
3069 void do_SAK(struct tty_struct *tty)
3070 {
3071 	if (!tty)
3072 		return;
3073 	schedule_work(&tty->SAK_work);
3074 }
3075 EXPORT_SYMBOL(do_SAK);
3076 
3077 /* Must put_device() after it's unused! */
3078 static struct device *tty_get_device(struct tty_struct *tty)
3079 {
3080 	dev_t devt = tty_devnum(tty);
3081 
3082 	return class_find_device_by_devt(&tty_class, devt);
3083 }
3084 
3085 
3086 /**
3087  * alloc_tty_struct - allocate a new tty
3088  * @driver: driver which will handle the returned tty
3089  * @idx: minor of the tty
3090  *
3091  * This subroutine allocates and initializes a tty structure.
3092  *
3093  * Locking: none - @tty in question is not exposed at this point
3094  */
3095 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3096 {
3097 	struct tty_struct *tty;
3098 
3099 	tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3100 	if (!tty)
3101 		return NULL;
3102 
3103 	kref_init(&tty->kref);
3104 	if (tty_ldisc_init(tty)) {
3105 		kfree(tty);
3106 		return NULL;
3107 	}
3108 	tty->ctrl.session = NULL;
3109 	tty->ctrl.pgrp = NULL;
3110 	mutex_init(&tty->legacy_mutex);
3111 	mutex_init(&tty->throttle_mutex);
3112 	init_rwsem(&tty->termios_rwsem);
3113 	mutex_init(&tty->winsize_mutex);
3114 	init_ldsem(&tty->ldisc_sem);
3115 	init_waitqueue_head(&tty->write_wait);
3116 	init_waitqueue_head(&tty->read_wait);
3117 	INIT_WORK(&tty->hangup_work, do_tty_hangup);
3118 	mutex_init(&tty->atomic_write_lock);
3119 	spin_lock_init(&tty->ctrl.lock);
3120 	spin_lock_init(&tty->flow.lock);
3121 	spin_lock_init(&tty->files_lock);
3122 	INIT_LIST_HEAD(&tty->tty_files);
3123 	INIT_WORK(&tty->SAK_work, do_SAK_work);
3124 
3125 	tty->driver = driver;
3126 	tty->ops = driver->ops;
3127 	tty->index = idx;
3128 	tty_line_name(driver, idx, tty->name);
3129 	tty->dev = tty_get_device(tty);
3130 
3131 	return tty;
3132 }
3133 
3134 /**
3135  * tty_put_char	- write one character to a tty
3136  * @tty: tty
3137  * @ch: character to write
3138  *
3139  * Write one byte to the @tty using the provided @tty->ops->put_char() method
3140  * if present.
3141  *
3142  * Note: the specific put_char operation in the driver layer may go
3143  * away soon. Don't call it directly, use this method
3144  *
3145  * Return: the number of characters successfully output.
3146  */
3147 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3148 {
3149 	if (tty->ops->put_char)
3150 		return tty->ops->put_char(tty, ch);
3151 	return tty->ops->write(tty, &ch, 1);
3152 }
3153 EXPORT_SYMBOL_GPL(tty_put_char);
3154 
3155 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3156 		unsigned int index, unsigned int count)
3157 {
3158 	int err;
3159 
3160 	/* init here, since reused cdevs cause crashes */
3161 	driver->cdevs[index] = cdev_alloc();
3162 	if (!driver->cdevs[index])
3163 		return -ENOMEM;
3164 	driver->cdevs[index]->ops = &tty_fops;
3165 	driver->cdevs[index]->owner = driver->owner;
3166 	err = cdev_add(driver->cdevs[index], dev, count);
3167 	if (err)
3168 		kobject_put(&driver->cdevs[index]->kobj);
3169 	return err;
3170 }
3171 
3172 /**
3173  * tty_register_device - register a tty device
3174  * @driver: the tty driver that describes the tty device
3175  * @index: the index in the tty driver for this tty device
3176  * @device: a struct device that is associated with this tty device.
3177  *	This field is optional, if there is no known struct device
3178  *	for this tty device it can be set to NULL safely.
3179  *
3180  * This call is required to be made to register an individual tty device
3181  * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set.  If
3182  * that bit is not set, this function should not be called by a tty
3183  * driver.
3184  *
3185  * Locking: ??
3186  *
3187  * Return: A pointer to the struct device for this tty device (or
3188  * ERR_PTR(-EFOO) on error).
3189  */
3190 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3191 				   struct device *device)
3192 {
3193 	return tty_register_device_attr(driver, index, device, NULL, NULL);
3194 }
3195 EXPORT_SYMBOL(tty_register_device);
3196 
3197 static void tty_device_create_release(struct device *dev)
3198 {
3199 	dev_dbg(dev, "releasing...\n");
3200 	kfree(dev);
3201 }
3202 
3203 /**
3204  * tty_register_device_attr - register a tty device
3205  * @driver: the tty driver that describes the tty device
3206  * @index: the index in the tty driver for this tty device
3207  * @device: a struct device that is associated with this tty device.
3208  *	This field is optional, if there is no known struct device
3209  *	for this tty device it can be set to %NULL safely.
3210  * @drvdata: Driver data to be set to device.
3211  * @attr_grp: Attribute group to be set on device.
3212  *
3213  * This call is required to be made to register an individual tty device if the
3214  * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3215  * not set, this function should not be called by a tty driver.
3216  *
3217  * Locking: ??
3218  *
3219  * Return: A pointer to the struct device for this tty device (or
3220  * ERR_PTR(-EFOO) on error).
3221  */
3222 struct device *tty_register_device_attr(struct tty_driver *driver,
3223 				   unsigned index, struct device *device,
3224 				   void *drvdata,
3225 				   const struct attribute_group **attr_grp)
3226 {
3227 	char name[64];
3228 	dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3229 	struct ktermios *tp;
3230 	struct device *dev;
3231 	int retval;
3232 
3233 	if (index >= driver->num) {
3234 		pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3235 		       driver->name, index);
3236 		return ERR_PTR(-EINVAL);
3237 	}
3238 
3239 	if (driver->type == TTY_DRIVER_TYPE_PTY)
3240 		pty_line_name(driver, index, name);
3241 	else
3242 		tty_line_name(driver, index, name);
3243 
3244 	dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3245 	if (!dev)
3246 		return ERR_PTR(-ENOMEM);
3247 
3248 	dev->devt = devt;
3249 	dev->class = &tty_class;
3250 	dev->parent = device;
3251 	dev->release = tty_device_create_release;
3252 	dev_set_name(dev, "%s", name);
3253 	dev->groups = attr_grp;
3254 	dev_set_drvdata(dev, drvdata);
3255 
3256 	dev_set_uevent_suppress(dev, 1);
3257 
3258 	retval = device_register(dev);
3259 	if (retval)
3260 		goto err_put;
3261 
3262 	if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3263 		/*
3264 		 * Free any saved termios data so that the termios state is
3265 		 * reset when reusing a minor number.
3266 		 */
3267 		tp = driver->termios[index];
3268 		if (tp) {
3269 			driver->termios[index] = NULL;
3270 			kfree(tp);
3271 		}
3272 
3273 		retval = tty_cdev_add(driver, devt, index, 1);
3274 		if (retval)
3275 			goto err_del;
3276 	}
3277 
3278 	dev_set_uevent_suppress(dev, 0);
3279 	kobject_uevent(&dev->kobj, KOBJ_ADD);
3280 
3281 	return dev;
3282 
3283 err_del:
3284 	device_del(dev);
3285 err_put:
3286 	put_device(dev);
3287 
3288 	return ERR_PTR(retval);
3289 }
3290 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3291 
3292 /**
3293  * tty_unregister_device - unregister a tty device
3294  * @driver: the tty driver that describes the tty device
3295  * @index: the index in the tty driver for this tty device
3296  *
3297  * If a tty device is registered with a call to tty_register_device() then
3298  * this function must be called when the tty device is gone.
3299  *
3300  * Locking: ??
3301  */
3302 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3303 {
3304 	device_destroy(&tty_class, MKDEV(driver->major, driver->minor_start) + index);
3305 	if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3306 		cdev_del(driver->cdevs[index]);
3307 		driver->cdevs[index] = NULL;
3308 	}
3309 }
3310 EXPORT_SYMBOL(tty_unregister_device);
3311 
3312 /**
3313  * __tty_alloc_driver -- allocate tty driver
3314  * @lines: count of lines this driver can handle at most
3315  * @owner: module which is responsible for this driver
3316  * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
3317  *
3318  * This should not be called directly, some of the provided macros should be
3319  * used instead. Use IS_ERR() and friends on @retval.
3320  */
3321 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3322 		unsigned long flags)
3323 {
3324 	struct tty_driver *driver;
3325 	unsigned int cdevs = 1;
3326 	int err;
3327 
3328 	if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3329 		return ERR_PTR(-EINVAL);
3330 
3331 	driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3332 	if (!driver)
3333 		return ERR_PTR(-ENOMEM);
3334 
3335 	kref_init(&driver->kref);
3336 	driver->num = lines;
3337 	driver->owner = owner;
3338 	driver->flags = flags;
3339 
3340 	if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3341 		driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3342 				GFP_KERNEL);
3343 		driver->termios = kcalloc(lines, sizeof(*driver->termios),
3344 				GFP_KERNEL);
3345 		if (!driver->ttys || !driver->termios) {
3346 			err = -ENOMEM;
3347 			goto err_free_all;
3348 		}
3349 	}
3350 
3351 	if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3352 		driver->ports = kcalloc(lines, sizeof(*driver->ports),
3353 				GFP_KERNEL);
3354 		if (!driver->ports) {
3355 			err = -ENOMEM;
3356 			goto err_free_all;
3357 		}
3358 		cdevs = lines;
3359 	}
3360 
3361 	driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3362 	if (!driver->cdevs) {
3363 		err = -ENOMEM;
3364 		goto err_free_all;
3365 	}
3366 
3367 	return driver;
3368 err_free_all:
3369 	kfree(driver->ports);
3370 	kfree(driver->ttys);
3371 	kfree(driver->termios);
3372 	kfree(driver->cdevs);
3373 	kfree(driver);
3374 	return ERR_PTR(err);
3375 }
3376 EXPORT_SYMBOL(__tty_alloc_driver);
3377 
3378 static void destruct_tty_driver(struct kref *kref)
3379 {
3380 	struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3381 	int i;
3382 	struct ktermios *tp;
3383 
3384 	if (driver->flags & TTY_DRIVER_INSTALLED) {
3385 		for (i = 0; i < driver->num; i++) {
3386 			tp = driver->termios[i];
3387 			if (tp) {
3388 				driver->termios[i] = NULL;
3389 				kfree(tp);
3390 			}
3391 			if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3392 				tty_unregister_device(driver, i);
3393 		}
3394 		proc_tty_unregister_driver(driver);
3395 		if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3396 			cdev_del(driver->cdevs[0]);
3397 	}
3398 	kfree(driver->cdevs);
3399 	kfree(driver->ports);
3400 	kfree(driver->termios);
3401 	kfree(driver->ttys);
3402 	kfree(driver);
3403 }
3404 
3405 /**
3406  * tty_driver_kref_put -- drop a reference to a tty driver
3407  * @driver: driver of which to drop the reference
3408  *
3409  * The final put will destroy and free up the driver.
3410  */
3411 void tty_driver_kref_put(struct tty_driver *driver)
3412 {
3413 	kref_put(&driver->kref, destruct_tty_driver);
3414 }
3415 EXPORT_SYMBOL(tty_driver_kref_put);
3416 
3417 /**
3418  * tty_register_driver -- register a tty driver
3419  * @driver: driver to register
3420  *
3421  * Called by a tty driver to register itself.
3422  */
3423 int tty_register_driver(struct tty_driver *driver)
3424 {
3425 	int error;
3426 	int i;
3427 	dev_t dev;
3428 	struct device *d;
3429 
3430 	if (!driver->major) {
3431 		error = alloc_chrdev_region(&dev, driver->minor_start,
3432 						driver->num, driver->name);
3433 		if (!error) {
3434 			driver->major = MAJOR(dev);
3435 			driver->minor_start = MINOR(dev);
3436 		}
3437 	} else {
3438 		dev = MKDEV(driver->major, driver->minor_start);
3439 		error = register_chrdev_region(dev, driver->num, driver->name);
3440 	}
3441 	if (error < 0)
3442 		goto err;
3443 
3444 	if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3445 		error = tty_cdev_add(driver, dev, 0, driver->num);
3446 		if (error)
3447 			goto err_unreg_char;
3448 	}
3449 
3450 	mutex_lock(&tty_mutex);
3451 	list_add(&driver->tty_drivers, &tty_drivers);
3452 	mutex_unlock(&tty_mutex);
3453 
3454 	if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3455 		for (i = 0; i < driver->num; i++) {
3456 			d = tty_register_device(driver, i, NULL);
3457 			if (IS_ERR(d)) {
3458 				error = PTR_ERR(d);
3459 				goto err_unreg_devs;
3460 			}
3461 		}
3462 	}
3463 	proc_tty_register_driver(driver);
3464 	driver->flags |= TTY_DRIVER_INSTALLED;
3465 	return 0;
3466 
3467 err_unreg_devs:
3468 	for (i--; i >= 0; i--)
3469 		tty_unregister_device(driver, i);
3470 
3471 	mutex_lock(&tty_mutex);
3472 	list_del(&driver->tty_drivers);
3473 	mutex_unlock(&tty_mutex);
3474 
3475 err_unreg_char:
3476 	unregister_chrdev_region(dev, driver->num);
3477 err:
3478 	return error;
3479 }
3480 EXPORT_SYMBOL(tty_register_driver);
3481 
3482 /**
3483  * tty_unregister_driver -- unregister a tty driver
3484  * @driver: driver to unregister
3485  *
3486  * Called by a tty driver to unregister itself.
3487  */
3488 void tty_unregister_driver(struct tty_driver *driver)
3489 {
3490 	unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3491 				driver->num);
3492 	mutex_lock(&tty_mutex);
3493 	list_del(&driver->tty_drivers);
3494 	mutex_unlock(&tty_mutex);
3495 }
3496 EXPORT_SYMBOL(tty_unregister_driver);
3497 
3498 dev_t tty_devnum(struct tty_struct *tty)
3499 {
3500 	return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3501 }
3502 EXPORT_SYMBOL(tty_devnum);
3503 
3504 void tty_default_fops(struct file_operations *fops)
3505 {
3506 	*fops = tty_fops;
3507 }
3508 
3509 static char *tty_devnode(const struct device *dev, umode_t *mode)
3510 {
3511 	if (!mode)
3512 		return NULL;
3513 	if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3514 	    dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3515 		*mode = 0666;
3516 	return NULL;
3517 }
3518 
3519 const struct class tty_class = {
3520 	.name		= "tty",
3521 	.devnode	= tty_devnode,
3522 };
3523 
3524 static int __init tty_class_init(void)
3525 {
3526 	return class_register(&tty_class);
3527 }
3528 
3529 postcore_initcall(tty_class_init);
3530 
3531 /* 3/2004 jmc: why do these devices exist? */
3532 static struct cdev tty_cdev, console_cdev;
3533 
3534 static ssize_t show_cons_active(struct device *dev,
3535 				struct device_attribute *attr, char *buf)
3536 {
3537 	struct console *cs[16];
3538 	int i = 0;
3539 	struct console *c;
3540 	ssize_t count = 0;
3541 
3542 	/*
3543 	 * Hold the console_list_lock to guarantee that no consoles are
3544 	 * unregistered until all console processing is complete.
3545 	 * This also allows safe traversal of the console list and
3546 	 * race-free reading of @flags.
3547 	 */
3548 	console_list_lock();
3549 
3550 	for_each_console(c) {
3551 		if (!c->device)
3552 			continue;
3553 		if (!c->write)
3554 			continue;
3555 		if ((c->flags & CON_ENABLED) == 0)
3556 			continue;
3557 		cs[i++] = c;
3558 		if (i >= ARRAY_SIZE(cs))
3559 			break;
3560 	}
3561 
3562 	/*
3563 	 * Take console_lock to serialize device() callback with
3564 	 * other console operations. For example, fg_console is
3565 	 * modified under console_lock when switching vt.
3566 	 */
3567 	console_lock();
3568 	while (i--) {
3569 		int index = cs[i]->index;
3570 		struct tty_driver *drv = cs[i]->device(cs[i], &index);
3571 
3572 		/* don't resolve tty0 as some programs depend on it */
3573 		if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3574 			count += tty_line_name(drv, index, buf + count);
3575 		else
3576 			count += sprintf(buf + count, "%s%d",
3577 					 cs[i]->name, cs[i]->index);
3578 
3579 		count += sprintf(buf + count, "%c", i ? ' ':'\n');
3580 	}
3581 	console_unlock();
3582 
3583 	console_list_unlock();
3584 
3585 	return count;
3586 }
3587 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3588 
3589 static struct attribute *cons_dev_attrs[] = {
3590 	&dev_attr_active.attr,
3591 	NULL
3592 };
3593 
3594 ATTRIBUTE_GROUPS(cons_dev);
3595 
3596 static struct device *consdev;
3597 
3598 void console_sysfs_notify(void)
3599 {
3600 	if (consdev)
3601 		sysfs_notify(&consdev->kobj, NULL, "active");
3602 }
3603 
3604 static struct ctl_table tty_table[] = {
3605 	{
3606 		.procname	= "legacy_tiocsti",
3607 		.data		= &tty_legacy_tiocsti,
3608 		.maxlen		= sizeof(tty_legacy_tiocsti),
3609 		.mode		= 0644,
3610 		.proc_handler	= proc_dobool,
3611 	},
3612 	{
3613 		.procname	= "ldisc_autoload",
3614 		.data		= &tty_ldisc_autoload,
3615 		.maxlen		= sizeof(tty_ldisc_autoload),
3616 		.mode		= 0644,
3617 		.proc_handler	= proc_dointvec,
3618 		.extra1		= SYSCTL_ZERO,
3619 		.extra2		= SYSCTL_ONE,
3620 	},
3621 	{ }
3622 };
3623 
3624 /*
3625  * Ok, now we can initialize the rest of the tty devices and can count
3626  * on memory allocations, interrupts etc..
3627  */
3628 int __init tty_init(void)
3629 {
3630 	register_sysctl_init("dev/tty", tty_table);
3631 	cdev_init(&tty_cdev, &tty_fops);
3632 	if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3633 	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3634 		panic("Couldn't register /dev/tty driver\n");
3635 	device_create(&tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3636 
3637 	cdev_init(&console_cdev, &console_fops);
3638 	if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3639 	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3640 		panic("Couldn't register /dev/console driver\n");
3641 	consdev = device_create_with_groups(&tty_class, NULL,
3642 					    MKDEV(TTYAUX_MAJOR, 1), NULL,
3643 					    cons_dev_groups, "console");
3644 	if (IS_ERR(consdev))
3645 		consdev = NULL;
3646 
3647 #ifdef CONFIG_VT
3648 	vty_init(&console_fops);
3649 #endif
3650 	return 0;
3651 }
3652