1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6 /*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68 #include <linux/types.h>
69 #include <linux/major.h>
70 #include <linux/errno.h>
71 #include <linux/signal.h>
72 #include <linux/fcntl.h>
73 #include <linux/sched/signal.h>
74 #include <linux/sched/task.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/ppp-ioctl.h>
91 #include <linux/proc_fs.h>
92 #include <linux/init.h>
93 #include <linux/module.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99 #include <linux/serial.h>
100 #include <linux/ratelimit.h>
101 #include <linux/compat.h>
102 #include <linux/uaccess.h>
103 #include <linux/termios_internal.h>
104 #include <linux/fs.h>
105
106 #include <linux/kbd_kern.h>
107 #include <linux/vt_kern.h>
108 #include <linux/selection.h>
109
110 #include <linux/kmod.h>
111 #include <linux/nsproxy.h>
112 #include "tty.h"
113
114 #undef TTY_DEBUG_HANGUP
115 #ifdef TTY_DEBUG_HANGUP
116 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
117 #else
118 # define tty_debug_hangup(tty, f, args...) do { } while (0)
119 #endif
120
121 #define TTY_PARANOIA_CHECK 1
122 #define CHECK_TTY_COUNT 1
123
124 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
125 .c_iflag = ICRNL | IXON,
126 .c_oflag = OPOST | ONLCR,
127 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
128 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
129 ECHOCTL | ECHOKE | IEXTEN,
130 .c_cc = INIT_C_CC,
131 .c_ispeed = 38400,
132 .c_ospeed = 38400,
133 /* .c_line = N_TTY, */
134 };
135 EXPORT_SYMBOL(tty_std_termios);
136
137 /* This list gets poked at by procfs and various bits of boot up code. This
138 * could do with some rationalisation such as pulling the tty proc function
139 * into this file.
140 */
141
142 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
143
144 /* Mutex to protect creating and releasing a tty */
145 DEFINE_MUTEX(tty_mutex);
146
147 static ssize_t tty_read(struct kiocb *, struct iov_iter *);
148 static ssize_t tty_write(struct kiocb *, struct iov_iter *);
149 static __poll_t tty_poll(struct file *, poll_table *);
150 static int tty_open(struct inode *, struct file *);
151 #ifdef CONFIG_COMPAT
152 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
153 unsigned long arg);
154 #else
155 #define tty_compat_ioctl NULL
156 #endif
157 static int __tty_fasync(int fd, struct file *filp, int on);
158 static int tty_fasync(int fd, struct file *filp, int on);
159 static void release_tty(struct tty_struct *tty, int idx);
160
161 /**
162 * free_tty_struct - free a disused tty
163 * @tty: tty struct to free
164 *
165 * Free the write buffers, tty queue and tty memory itself.
166 *
167 * Locking: none. Must be called after tty is definitely unused
168 */
free_tty_struct(struct tty_struct * tty)169 static void free_tty_struct(struct tty_struct *tty)
170 {
171 tty_ldisc_deinit(tty);
172 put_device(tty->dev);
173 kvfree(tty->write_buf);
174 kfree(tty);
175 }
176
file_tty(struct file * file)177 static inline struct tty_struct *file_tty(struct file *file)
178 {
179 return ((struct tty_file_private *)file->private_data)->tty;
180 }
181
tty_alloc_file(struct file * file)182 int tty_alloc_file(struct file *file)
183 {
184 struct tty_file_private *priv;
185
186 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 if (!priv)
188 return -ENOMEM;
189
190 file->private_data = priv;
191
192 return 0;
193 }
194
195 /* Associate a new file with the tty structure */
tty_add_file(struct tty_struct * tty,struct file * file)196 void tty_add_file(struct tty_struct *tty, struct file *file)
197 {
198 struct tty_file_private *priv = file->private_data;
199
200 priv->tty = tty;
201 priv->file = file;
202
203 spin_lock(&tty->files_lock);
204 list_add(&priv->list, &tty->tty_files);
205 spin_unlock(&tty->files_lock);
206 }
207
208 /**
209 * tty_free_file - free file->private_data
210 * @file: to free private_data of
211 *
212 * This shall be used only for fail path handling when tty_add_file was not
213 * called yet.
214 */
tty_free_file(struct file * file)215 void tty_free_file(struct file *file)
216 {
217 struct tty_file_private *priv = file->private_data;
218
219 file->private_data = NULL;
220 kfree(priv);
221 }
222
223 /* Delete file from its tty */
tty_del_file(struct file * file)224 static void tty_del_file(struct file *file)
225 {
226 struct tty_file_private *priv = file->private_data;
227 struct tty_struct *tty = priv->tty;
228
229 spin_lock(&tty->files_lock);
230 list_del(&priv->list);
231 spin_unlock(&tty->files_lock);
232 tty_free_file(file);
233 }
234
235 /**
236 * tty_name - return tty naming
237 * @tty: tty structure
238 *
239 * Convert a tty structure into a name. The name reflects the kernel naming
240 * policy and if udev is in use may not reflect user space
241 *
242 * Locking: none
243 */
tty_name(const struct tty_struct * tty)244 const char *tty_name(const struct tty_struct *tty)
245 {
246 if (!tty) /* Hmm. NULL pointer. That's fun. */
247 return "NULL tty";
248 return tty->name;
249 }
250 EXPORT_SYMBOL(tty_name);
251
tty_driver_name(const struct tty_struct * tty)252 const char *tty_driver_name(const struct tty_struct *tty)
253 {
254 if (!tty || !tty->driver)
255 return "";
256 return tty->driver->name;
257 }
258
tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)259 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 const char *routine)
261 {
262 #ifdef TTY_PARANOIA_CHECK
263 if (!tty) {
264 pr_warn("(%d:%d): %s: NULL tty\n",
265 imajor(inode), iminor(inode), routine);
266 return 1;
267 }
268 #endif
269 return 0;
270 }
271
272 /* Caller must hold tty_lock */
check_tty_count(struct tty_struct * tty,const char * routine)273 static void check_tty_count(struct tty_struct *tty, const char *routine)
274 {
275 #ifdef CHECK_TTY_COUNT
276 struct list_head *p;
277 int count = 0, kopen_count = 0;
278
279 scoped_guard(spinlock, &tty->files_lock)
280 list_for_each(p, &tty->tty_files)
281 count++;
282
283 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
284 tty->driver->subtype == PTY_TYPE_SLAVE &&
285 tty->link && tty->link->count)
286 count++;
287 if (tty_port_kopened(tty->port))
288 kopen_count++;
289 if (tty->count != (count + kopen_count)) {
290 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
291 routine, tty->count, count, kopen_count);
292 }
293 #endif
294 }
295
296 /**
297 * get_tty_driver - find device of a tty
298 * @device: device identifier
299 * @index: returns the index of the tty
300 *
301 * This routine returns a tty driver structure, given a device number and also
302 * passes back the index number.
303 *
304 * Locking: caller must hold tty_mutex
305 */
get_tty_driver(dev_t device,int * index)306 static struct tty_driver *get_tty_driver(dev_t device, int *index)
307 {
308 struct tty_driver *p;
309
310 list_for_each_entry(p, &tty_drivers, tty_drivers) {
311 dev_t base = MKDEV(p->major, p->minor_start);
312
313 if (device < base || device >= base + p->num)
314 continue;
315 *index = device - base;
316 return tty_driver_kref_get(p);
317 }
318 return NULL;
319 }
320
321 /**
322 * tty_dev_name_to_number - return dev_t for device name
323 * @name: user space name of device under /dev
324 * @number: pointer to dev_t that this function will populate
325 *
326 * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
327 * (4, 64) or (188, 1). If no corresponding driver is registered then the
328 * function returns -%ENODEV.
329 *
330 * Locking: this acquires tty_mutex to protect the tty_drivers list from
331 * being modified while we are traversing it, and makes sure to
332 * release it before exiting.
333 */
tty_dev_name_to_number(const char * name,dev_t * number)334 int tty_dev_name_to_number(const char *name, dev_t *number)
335 {
336 struct tty_driver *p;
337 int ret;
338 int index, prefix_length = 0;
339 const char *str;
340
341 for (str = name; *str && !isdigit(*str); str++)
342 ;
343
344 if (!*str)
345 return -EINVAL;
346
347 ret = kstrtoint(str, 10, &index);
348 if (ret)
349 return ret;
350
351 prefix_length = str - name;
352
353 guard(mutex)(&tty_mutex);
354
355 list_for_each_entry(p, &tty_drivers, tty_drivers)
356 if (prefix_length == strlen(p->name) && strncmp(name,
357 p->name, prefix_length) == 0) {
358 if (index < p->num) {
359 *number = MKDEV(p->major, p->minor_start + index);
360 return 0;
361 }
362 }
363
364 return -ENODEV;
365 }
366 EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
367
368 #ifdef CONFIG_CONSOLE_POLL
369
370 /**
371 * tty_find_polling_driver - find device of a polled tty
372 * @name: name string to match
373 * @line: pointer to resulting tty line nr
374 *
375 * This routine returns a tty driver structure, given a name and the condition
376 * that the tty driver is capable of polled operation.
377 */
tty_find_polling_driver(char * name,int * line)378 struct tty_driver *tty_find_polling_driver(char *name, int *line)
379 {
380 struct tty_driver *p;
381 int tty_line = 0;
382 int len;
383 char *str, *stp;
384
385 for (str = name; *str; str++)
386 if ((*str >= '0' && *str <= '9') || *str == ',')
387 break;
388 if (!*str)
389 return NULL;
390
391 len = str - name;
392 tty_line = simple_strtoul(str, &str, 10);
393
394 guard(mutex)(&tty_mutex);
395
396 /* Search through the tty devices to look for a match */
397 list_for_each_entry(p, &tty_drivers, tty_drivers) {
398 if (!len || strncmp(name, p->name, len) != 0)
399 continue;
400 stp = str;
401 if (*stp == ',')
402 stp++;
403 if (*stp == '\0')
404 stp = NULL;
405
406 if (tty_line >= 0 && tty_line < p->num && p->ops &&
407 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
408 *line = tty_line;
409 return tty_driver_kref_get(p);
410 }
411 }
412
413 return NULL;
414 }
415 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
416 #endif
417
hung_up_tty_read(struct kiocb * iocb,struct iov_iter * to)418 static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
419 {
420 return 0;
421 }
422
hung_up_tty_write(struct kiocb * iocb,struct iov_iter * from)423 static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
424 {
425 return -EIO;
426 }
427
428 /* No kernel lock held - none needed ;) */
hung_up_tty_poll(struct file * filp,poll_table * wait)429 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
430 {
431 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
432 }
433
hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)434 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
435 unsigned long arg)
436 {
437 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
438 }
439
hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)440 static long hung_up_tty_compat_ioctl(struct file *file,
441 unsigned int cmd, unsigned long arg)
442 {
443 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
444 }
445
hung_up_tty_fasync(int fd,struct file * file,int on)446 static int hung_up_tty_fasync(int fd, struct file *file, int on)
447 {
448 return -ENOTTY;
449 }
450
tty_show_fdinfo(struct seq_file * m,struct file * file)451 static void tty_show_fdinfo(struct seq_file *m, struct file *file)
452 {
453 struct tty_struct *tty = file_tty(file);
454
455 if (tty && tty->ops && tty->ops->show_fdinfo)
456 tty->ops->show_fdinfo(tty, m);
457 }
458
459 static const struct file_operations tty_fops = {
460 .read_iter = tty_read,
461 .write_iter = tty_write,
462 .splice_read = copy_splice_read,
463 .splice_write = iter_file_splice_write,
464 .poll = tty_poll,
465 .unlocked_ioctl = tty_ioctl,
466 .compat_ioctl = tty_compat_ioctl,
467 .open = tty_open,
468 .release = tty_release,
469 .fasync = tty_fasync,
470 .show_fdinfo = tty_show_fdinfo,
471 };
472
473 static const struct file_operations console_fops = {
474 .read_iter = tty_read,
475 .write_iter = redirected_tty_write,
476 .splice_read = copy_splice_read,
477 .splice_write = iter_file_splice_write,
478 .poll = tty_poll,
479 .unlocked_ioctl = tty_ioctl,
480 .compat_ioctl = tty_compat_ioctl,
481 .open = tty_open,
482 .release = tty_release,
483 .fasync = tty_fasync,
484 };
485
486 static const struct file_operations hung_up_tty_fops = {
487 .read_iter = hung_up_tty_read,
488 .write_iter = hung_up_tty_write,
489 .poll = hung_up_tty_poll,
490 .unlocked_ioctl = hung_up_tty_ioctl,
491 .compat_ioctl = hung_up_tty_compat_ioctl,
492 .release = tty_release,
493 .fasync = hung_up_tty_fasync,
494 };
495
496 static DEFINE_SPINLOCK(redirect_lock);
497 static struct file *redirect;
498
499 /**
500 * tty_wakeup - request more data
501 * @tty: terminal
502 *
503 * Internal and external helper for wakeups of tty. This function informs the
504 * line discipline if present that the driver is ready to receive more output
505 * data.
506 */
tty_wakeup(struct tty_struct * tty)507 void tty_wakeup(struct tty_struct *tty)
508 {
509 struct tty_ldisc *ld;
510
511 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
512 ld = tty_ldisc_ref(tty);
513 if (ld) {
514 if (ld->ops->write_wakeup)
515 ld->ops->write_wakeup(tty);
516 tty_ldisc_deref(ld);
517 }
518 }
519 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
520 }
521 EXPORT_SYMBOL_GPL(tty_wakeup);
522
523 /**
524 * tty_release_redirect - Release a redirect on a pty if present
525 * @tty: tty device
526 *
527 * This is available to the pty code so if the master closes, if the slave is a
528 * redirect it can release the redirect.
529 */
tty_release_redirect(struct tty_struct * tty)530 static struct file *tty_release_redirect(struct tty_struct *tty)
531 {
532 guard(spinlock)(&redirect_lock);
533
534 if (redirect && file_tty(redirect) == tty) {
535 struct file *f = redirect;
536 redirect = NULL;
537 return f;
538 }
539
540 return NULL;
541 }
542
543 /**
544 * __tty_hangup - actual handler for hangup events
545 * @tty: tty device
546 * @exit_session: if non-zero, signal all foreground group processes
547 *
548 * This can be called by a "kworker" kernel thread. That is process synchronous
549 * but doesn't hold any locks, so we need to make sure we have the appropriate
550 * locks for what we're doing.
551 *
552 * The hangup event clears any pending redirections onto the hung up device. It
553 * ensures future writes will error and it does the needed line discipline
554 * hangup and signal delivery. The tty object itself remains intact.
555 *
556 * Locking:
557 * * BTM
558 *
559 * * redirect lock for undoing redirection
560 * * file list lock for manipulating list of ttys
561 * * tty_ldiscs_lock from called functions
562 * * termios_rwsem resetting termios data
563 * * tasklist_lock to walk task list for hangup event
564 *
565 * * ->siglock to protect ->signal/->sighand
566 *
567 */
__tty_hangup(struct tty_struct * tty,int exit_session)568 static void __tty_hangup(struct tty_struct *tty, int exit_session)
569 {
570 struct file *cons_filp = NULL;
571 struct file *filp, *f;
572 struct tty_file_private *priv;
573 int closecount = 0, n;
574 int refs;
575
576 if (!tty)
577 return;
578
579 f = tty_release_redirect(tty);
580
581 tty_lock(tty);
582
583 if (test_bit(TTY_HUPPED, &tty->flags)) {
584 tty_unlock(tty);
585 return;
586 }
587
588 /*
589 * Some console devices aren't actually hung up for technical and
590 * historical reasons, which can lead to indefinite interruptible
591 * sleep in n_tty_read(). The following explicitly tells
592 * n_tty_read() to abort readers.
593 */
594 set_bit(TTY_HUPPING, &tty->flags);
595
596 /* inuse_filps is protected by the single tty lock,
597 * this really needs to change if we want to flush the
598 * workqueue with the lock held.
599 */
600 check_tty_count(tty, "tty_hangup");
601
602 spin_lock(&tty->files_lock);
603 /* This breaks for file handles being sent over AF_UNIX sockets ? */
604 list_for_each_entry(priv, &tty->tty_files, list) {
605 filp = priv->file;
606 if (filp->f_op->write_iter == redirected_tty_write)
607 cons_filp = filp;
608 if (filp->f_op->write_iter != tty_write)
609 continue;
610 closecount++;
611 __tty_fasync(-1, filp, 0); /* can't block */
612 filp->f_op = &hung_up_tty_fops;
613 }
614 spin_unlock(&tty->files_lock);
615
616 refs = tty_signal_session_leader(tty, exit_session);
617 /* Account for the p->signal references we killed */
618 while (refs--)
619 tty_kref_put(tty);
620
621 tty_ldisc_hangup(tty, cons_filp != NULL);
622
623 spin_lock_irq(&tty->ctrl.lock);
624 clear_bit(TTY_THROTTLED, &tty->flags);
625 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
626 put_pid(tty->ctrl.session);
627 put_pid(tty->ctrl.pgrp);
628 tty->ctrl.session = NULL;
629 tty->ctrl.pgrp = NULL;
630 tty->ctrl.pktstatus = 0;
631 spin_unlock_irq(&tty->ctrl.lock);
632
633 /*
634 * If one of the devices matches a console pointer, we
635 * cannot just call hangup() because that will cause
636 * tty->count and state->count to go out of sync.
637 * So we just call close() the right number of times.
638 */
639 if (cons_filp) {
640 if (tty->ops->close)
641 for (n = 0; n < closecount; n++)
642 tty->ops->close(tty, cons_filp);
643 } else if (tty->ops->hangup)
644 tty->ops->hangup(tty);
645 /*
646 * We don't want to have driver/ldisc interactions beyond the ones
647 * we did here. The driver layer expects no calls after ->hangup()
648 * from the ldisc side, which is now guaranteed.
649 */
650 set_bit(TTY_HUPPED, &tty->flags);
651 clear_bit(TTY_HUPPING, &tty->flags);
652 tty_unlock(tty);
653
654 if (f)
655 fput(f);
656 }
657
do_tty_hangup(struct work_struct * work)658 static void do_tty_hangup(struct work_struct *work)
659 {
660 struct tty_struct *tty =
661 container_of(work, struct tty_struct, hangup_work);
662
663 __tty_hangup(tty, 0);
664 }
665
666 /**
667 * tty_hangup - trigger a hangup event
668 * @tty: tty to hangup
669 *
670 * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
671 * hangup sequence to run after this event.
672 */
tty_hangup(struct tty_struct * tty)673 void tty_hangup(struct tty_struct *tty)
674 {
675 tty_debug_hangup(tty, "hangup\n");
676 schedule_work(&tty->hangup_work);
677 }
678 EXPORT_SYMBOL(tty_hangup);
679
680 /**
681 * tty_vhangup - process vhangup
682 * @tty: tty to hangup
683 *
684 * The user has asked via system call for the terminal to be hung up. We do
685 * this synchronously so that when the syscall returns the process is complete.
686 * That guarantee is necessary for security reasons.
687 */
tty_vhangup(struct tty_struct * tty)688 void tty_vhangup(struct tty_struct *tty)
689 {
690 tty_debug_hangup(tty, "vhangup\n");
691 __tty_hangup(tty, 0);
692 }
693 EXPORT_SYMBOL(tty_vhangup);
694
695
696 /**
697 * tty_vhangup_self - process vhangup for own ctty
698 *
699 * Perform a vhangup on the current controlling tty
700 */
tty_vhangup_self(void)701 void tty_vhangup_self(void)
702 {
703 struct tty_struct *tty;
704
705 tty = get_current_tty();
706 if (tty) {
707 tty_vhangup(tty);
708 tty_kref_put(tty);
709 }
710 }
711
712 /**
713 * tty_vhangup_session - hangup session leader exit
714 * @tty: tty to hangup
715 *
716 * The session leader is exiting and hanging up its controlling terminal.
717 * Every process in the foreground process group is signalled %SIGHUP.
718 *
719 * We do this synchronously so that when the syscall returns the process is
720 * complete. That guarantee is necessary for security reasons.
721 */
tty_vhangup_session(struct tty_struct * tty)722 void tty_vhangup_session(struct tty_struct *tty)
723 {
724 tty_debug_hangup(tty, "session hangup\n");
725 __tty_hangup(tty, 1);
726 }
727
728 /**
729 * tty_hung_up_p - was tty hung up
730 * @filp: file pointer of tty
731 *
732 * Return: true if the tty has been subject to a vhangup or a carrier loss
733 */
tty_hung_up_p(struct file * filp)734 int tty_hung_up_p(struct file *filp)
735 {
736 return (filp && filp->f_op == &hung_up_tty_fops);
737 }
738 EXPORT_SYMBOL(tty_hung_up_p);
739
__stop_tty(struct tty_struct * tty)740 void __stop_tty(struct tty_struct *tty)
741 {
742 if (tty->flow.stopped)
743 return;
744 tty->flow.stopped = true;
745 if (tty->ops->stop)
746 tty->ops->stop(tty);
747 }
748
749 /**
750 * stop_tty - propagate flow control
751 * @tty: tty to stop
752 *
753 * Perform flow control to the driver. May be called on an already stopped
754 * device and will not re-call the &tty_driver->stop() method.
755 *
756 * This functionality is used by both the line disciplines for halting incoming
757 * flow and by the driver. It may therefore be called from any context, may be
758 * under the tty %atomic_write_lock but not always.
759 *
760 * Locking:
761 * flow.lock
762 */
stop_tty(struct tty_struct * tty)763 void stop_tty(struct tty_struct *tty)
764 {
765 guard(spinlock_irqsave)(&tty->flow.lock);
766 __stop_tty(tty);
767 }
768 EXPORT_SYMBOL(stop_tty);
769
__start_tty(struct tty_struct * tty)770 void __start_tty(struct tty_struct *tty)
771 {
772 if (!tty->flow.stopped || tty->flow.tco_stopped)
773 return;
774 tty->flow.stopped = false;
775 if (tty->ops->start)
776 tty->ops->start(tty);
777 tty_wakeup(tty);
778 }
779
780 /**
781 * start_tty - propagate flow control
782 * @tty: tty to start
783 *
784 * Start a tty that has been stopped if at all possible. If @tty was previously
785 * stopped and is now being started, the &tty_driver->start() method is invoked
786 * and the line discipline woken.
787 *
788 * Locking:
789 * flow.lock
790 */
start_tty(struct tty_struct * tty)791 void start_tty(struct tty_struct *tty)
792 {
793 guard(spinlock_irqsave)(&tty->flow.lock);
794 __start_tty(tty);
795 }
796 EXPORT_SYMBOL(start_tty);
797
tty_update_time(struct tty_struct * tty,bool mtime)798 static void tty_update_time(struct tty_struct *tty, bool mtime)
799 {
800 time64_t sec = ktime_get_real_seconds();
801 struct tty_file_private *priv;
802
803 guard(spinlock)(&tty->files_lock);
804
805 list_for_each_entry(priv, &tty->tty_files, list) {
806 struct inode *inode = file_inode(priv->file);
807 struct timespec64 time = mtime ? inode_get_mtime(inode) : inode_get_atime(inode);
808
809 /*
810 * We only care if the two values differ in anything other than the
811 * lower three bits (i.e every 8 seconds). If so, then we can update
812 * the time of the tty device, otherwise it could be construded as a
813 * security leak to let userspace know the exact timing of the tty.
814 */
815 if ((sec ^ time.tv_sec) & ~7) {
816 if (mtime)
817 inode_set_mtime(inode, sec, 0);
818 else
819 inode_set_atime(inode, sec, 0);
820 }
821 }
822 }
823
824 /*
825 * Iterate on the ldisc ->read() function until we've gotten all
826 * the data the ldisc has for us.
827 *
828 * The "cookie" is something that the ldisc read function can fill
829 * in to let us know that there is more data to be had.
830 *
831 * We promise to continue to call the ldisc until it stops returning
832 * data or clears the cookie. The cookie may be something that the
833 * ldisc maintains state for and needs to free.
834 */
iterate_tty_read(struct tty_ldisc * ld,struct tty_struct * tty,struct file * file,struct iov_iter * to)835 static ssize_t iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
836 struct file *file, struct iov_iter *to)
837 {
838 void *cookie = NULL;
839 unsigned long offset = 0;
840 ssize_t retval = 0;
841 size_t copied, count = iov_iter_count(to);
842 u8 kernel_buf[64];
843
844 do {
845 ssize_t size = min(count, sizeof(kernel_buf));
846
847 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
848 if (!size)
849 break;
850
851 if (size < 0) {
852 /* Did we have an earlier error (ie -EFAULT)? */
853 if (retval)
854 break;
855 retval = size;
856
857 /*
858 * -EOVERFLOW means we didn't have enough space
859 * for a whole packet, and we shouldn't return
860 * a partial result.
861 */
862 if (retval == -EOVERFLOW)
863 offset = 0;
864 break;
865 }
866
867 copied = copy_to_iter(kernel_buf, size, to);
868 offset += copied;
869 count -= copied;
870
871 /*
872 * If the user copy failed, we still need to do another ->read()
873 * call if we had a cookie to let the ldisc clear up.
874 *
875 * But make sure size is zeroed.
876 */
877 if (unlikely(copied != size)) {
878 count = 0;
879 retval = -EFAULT;
880 }
881 } while (cookie);
882
883 /* We always clear tty buffer in case they contained passwords */
884 memzero_explicit(kernel_buf, sizeof(kernel_buf));
885 return offset ? offset : retval;
886 }
887
888
889 /**
890 * tty_read - read method for tty device files
891 * @iocb: kernel I/O control block
892 * @to: destination for the data read
893 *
894 * Perform the read system call function on this terminal device. Checks
895 * for hung up devices before calling the line discipline method.
896 *
897 * Locking:
898 * Locks the line discipline internally while needed. Multiple read calls
899 * may be outstanding in parallel.
900 */
tty_read(struct kiocb * iocb,struct iov_iter * to)901 static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
902 {
903 struct file *file = iocb->ki_filp;
904 struct inode *inode = file_inode(file);
905 struct tty_struct *tty = file_tty(file);
906 struct tty_ldisc *ld;
907 ssize_t ret;
908
909 if (tty_paranoia_check(tty, inode, "tty_read"))
910 return -EIO;
911 if (!tty || tty_io_error(tty))
912 return -EIO;
913
914 /* We want to wait for the line discipline to sort out in this
915 * situation.
916 */
917 ld = tty_ldisc_ref_wait(tty);
918 if (!ld)
919 return hung_up_tty_read(iocb, to);
920 ret = -EIO;
921 if (ld->ops->read)
922 ret = iterate_tty_read(ld, tty, file, to);
923 tty_ldisc_deref(ld);
924
925 if (ret > 0)
926 tty_update_time(tty, false);
927
928 return ret;
929 }
930
tty_write_unlock(struct tty_struct * tty)931 void tty_write_unlock(struct tty_struct *tty)
932 {
933 mutex_unlock(&tty->atomic_write_lock);
934 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
935 }
936
tty_write_lock(struct tty_struct * tty,bool ndelay)937 int tty_write_lock(struct tty_struct *tty, bool ndelay)
938 {
939 if (!mutex_trylock(&tty->atomic_write_lock)) {
940 if (ndelay)
941 return -EAGAIN;
942 if (mutex_lock_interruptible(&tty->atomic_write_lock))
943 return -ERESTARTSYS;
944 }
945 return 0;
946 }
947
948 /*
949 * Split writes up in sane blocksizes to avoid
950 * denial-of-service type attacks
951 */
iterate_tty_write(struct tty_ldisc * ld,struct tty_struct * tty,struct file * file,struct iov_iter * from)952 static ssize_t iterate_tty_write(struct tty_ldisc *ld, struct tty_struct *tty,
953 struct file *file, struct iov_iter *from)
954 {
955 size_t chunk, count = iov_iter_count(from);
956 ssize_t ret, written = 0;
957
958 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
959 if (ret < 0)
960 return ret;
961
962 /*
963 * We chunk up writes into a temporary buffer. This
964 * simplifies low-level drivers immensely, since they
965 * don't have locking issues and user mode accesses.
966 *
967 * But if TTY_NO_WRITE_SPLIT is set, we should use a
968 * big chunk-size..
969 *
970 * The default chunk-size is 2kB, because the NTTY
971 * layer has problems with bigger chunks. It will
972 * claim to be able to handle more characters than
973 * it actually does.
974 */
975 chunk = 2048;
976 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
977 chunk = 65536;
978 if (count < chunk)
979 chunk = count;
980
981 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
982 if (tty->write_cnt < chunk) {
983 u8 *buf_chunk;
984
985 if (chunk < 1024)
986 chunk = 1024;
987
988 buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
989 if (!buf_chunk) {
990 ret = -ENOMEM;
991 goto out;
992 }
993 kvfree(tty->write_buf);
994 tty->write_cnt = chunk;
995 tty->write_buf = buf_chunk;
996 }
997
998 /* Do the write .. */
999 for (;;) {
1000 size_t size = min(chunk, count);
1001
1002 ret = -EFAULT;
1003 if (copy_from_iter(tty->write_buf, size, from) != size)
1004 break;
1005
1006 ret = ld->ops->write(tty, file, tty->write_buf, size);
1007 if (ret <= 0)
1008 break;
1009
1010 written += ret;
1011 if (ret > size)
1012 break;
1013
1014 /* FIXME! Have Al check this! */
1015 if (ret != size)
1016 iov_iter_revert(from, size-ret);
1017
1018 count -= ret;
1019 if (!count)
1020 break;
1021 ret = -ERESTARTSYS;
1022 if (signal_pending(current))
1023 break;
1024 cond_resched();
1025 }
1026 if (written) {
1027 tty_update_time(tty, true);
1028 ret = written;
1029 }
1030 out:
1031 tty_write_unlock(tty);
1032 return ret;
1033 }
1034
1035 #ifdef CONFIG_PRINT_QUOTA_WARNING
1036 /**
1037 * tty_write_message - write a message to a certain tty, not just the console.
1038 * @tty: the destination tty_struct
1039 * @msg: the message to write
1040 *
1041 * This is used for messages that need to be redirected to a specific tty. We
1042 * don't put it into the syslog queue right now maybe in the future if really
1043 * needed.
1044 *
1045 * We must still hold the BTM and test the CLOSING flag for the moment.
1046 *
1047 * This function is DEPRECATED, do not use in new code.
1048 */
tty_write_message(struct tty_struct * tty,char * msg)1049 void tty_write_message(struct tty_struct *tty, char *msg)
1050 {
1051 if (tty) {
1052 mutex_lock(&tty->atomic_write_lock);
1053 tty_lock(tty);
1054 if (tty->ops->write && tty->count > 0)
1055 tty->ops->write(tty, msg, strlen(msg));
1056 tty_unlock(tty);
1057 tty_write_unlock(tty);
1058 }
1059 }
1060 #endif
1061
file_tty_write(struct file * file,struct kiocb * iocb,struct iov_iter * from)1062 static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1063 {
1064 struct tty_struct *tty = file_tty(file);
1065 struct tty_ldisc *ld;
1066 ssize_t ret;
1067
1068 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1069 return -EIO;
1070 if (!tty || !tty->ops->write || tty_io_error(tty))
1071 return -EIO;
1072 /* Short term debug to catch buggy drivers */
1073 if (tty->ops->write_room == NULL)
1074 tty_err(tty, "missing write_room method\n");
1075 ld = tty_ldisc_ref_wait(tty);
1076 if (!ld)
1077 return hung_up_tty_write(iocb, from);
1078 if (!ld->ops->write)
1079 ret = -EIO;
1080 else
1081 ret = iterate_tty_write(ld, tty, file, from);
1082 tty_ldisc_deref(ld);
1083 return ret;
1084 }
1085
1086 /**
1087 * tty_write - write method for tty device file
1088 * @iocb: kernel I/O control block
1089 * @from: iov_iter with data to write
1090 *
1091 * Write data to a tty device via the line discipline.
1092 *
1093 * Locking:
1094 * Locks the line discipline as required
1095 * Writes to the tty driver are serialized by the atomic_write_lock
1096 * and are then processed in chunks to the device. The line
1097 * discipline write method will not be invoked in parallel for
1098 * each device.
1099 */
tty_write(struct kiocb * iocb,struct iov_iter * from)1100 static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1101 {
1102 return file_tty_write(iocb->ki_filp, iocb, from);
1103 }
1104
redirected_tty_write(struct kiocb * iocb,struct iov_iter * iter)1105 ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1106 {
1107 struct file *p = NULL;
1108
1109 spin_lock(&redirect_lock);
1110 if (redirect)
1111 p = get_file(redirect);
1112 spin_unlock(&redirect_lock);
1113
1114 /*
1115 * We know the redirected tty is just another tty, we can
1116 * call file_tty_write() directly with that file pointer.
1117 */
1118 if (p) {
1119 ssize_t res;
1120
1121 res = file_tty_write(p, iocb, iter);
1122 fput(p);
1123 return res;
1124 }
1125 return tty_write(iocb, iter);
1126 }
1127
1128 /**
1129 * tty_send_xchar - send priority character
1130 * @tty: the tty to send to
1131 * @ch: xchar to send
1132 *
1133 * Send a high priority character to the tty even if stopped.
1134 *
1135 * Locking: none for xchar method, write ordering for write method.
1136 */
tty_send_xchar(struct tty_struct * tty,u8 ch)1137 int tty_send_xchar(struct tty_struct *tty, u8 ch)
1138 {
1139 bool was_stopped = tty->flow.stopped;
1140
1141 if (tty->ops->send_xchar) {
1142 down_read(&tty->termios_rwsem);
1143 tty->ops->send_xchar(tty, ch);
1144 up_read(&tty->termios_rwsem);
1145 return 0;
1146 }
1147
1148 if (tty_write_lock(tty, false) < 0)
1149 return -ERESTARTSYS;
1150
1151 down_read(&tty->termios_rwsem);
1152 if (was_stopped)
1153 start_tty(tty);
1154 tty->ops->write(tty, &ch, 1);
1155 if (was_stopped)
1156 stop_tty(tty);
1157 up_read(&tty->termios_rwsem);
1158 tty_write_unlock(tty);
1159 return 0;
1160 }
1161
1162 /**
1163 * pty_line_name - generate name for a pty
1164 * @driver: the tty driver in use
1165 * @index: the minor number
1166 * @p: output buffer of at least 6 bytes
1167 *
1168 * Generate a name from a @driver reference and write it to the output buffer
1169 * @p.
1170 *
1171 * Locking: None
1172 */
pty_line_name(struct tty_driver * driver,int index,char * p)1173 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1174 {
1175 static const char ptychar[] = "pqrstuvwxyzabcde";
1176 int i = index + driver->name_base;
1177 /* ->name is initialized to "ttyp", but "tty" is expected */
1178 sprintf(p, "%s%c%x",
1179 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1180 ptychar[i >> 4 & 0xf], i & 0xf);
1181 }
1182
1183 /**
1184 * tty_line_name - generate name for a tty
1185 * @driver: the tty driver in use
1186 * @index: the minor number
1187 * @p: output buffer of at least 7 bytes
1188 *
1189 * Generate a name from a @driver reference and write it to the output buffer
1190 * @p.
1191 *
1192 * Locking: None
1193 */
tty_line_name(struct tty_driver * driver,int index,char * p)1194 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1195 {
1196 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1197 return sprintf(p, "%s", driver->name);
1198 else
1199 return sprintf(p, "%s%d", driver->name,
1200 index + driver->name_base);
1201 }
1202
1203 /**
1204 * tty_driver_lookup_tty() - find an existing tty, if any
1205 * @driver: the driver for the tty
1206 * @file: file object
1207 * @idx: the minor number
1208 *
1209 * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1210 * driver lookup() method returns an error.
1211 *
1212 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1213 */
tty_driver_lookup_tty(struct tty_driver * driver,struct file * file,int idx)1214 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1215 struct file *file, int idx)
1216 {
1217 struct tty_struct *tty;
1218
1219 if (driver->ops->lookup) {
1220 if (!file)
1221 tty = ERR_PTR(-EIO);
1222 else
1223 tty = driver->ops->lookup(driver, file, idx);
1224 } else {
1225 if (idx >= driver->num)
1226 return ERR_PTR(-EINVAL);
1227 tty = driver->ttys[idx];
1228 }
1229 if (!IS_ERR(tty))
1230 tty_kref_get(tty);
1231 return tty;
1232 }
1233
1234 /**
1235 * tty_init_termios - helper for termios setup
1236 * @tty: the tty to set up
1237 *
1238 * Initialise the termios structure for this tty. This runs under the
1239 * %tty_mutex currently so we can be relaxed about ordering.
1240 */
tty_init_termios(struct tty_struct * tty)1241 void tty_init_termios(struct tty_struct *tty)
1242 {
1243 struct ktermios *tp;
1244 int idx = tty->index;
1245
1246 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1247 tty->termios = tty->driver->init_termios;
1248 else {
1249 /* Check for lazy saved data */
1250 tp = tty->driver->termios[idx];
1251 if (tp != NULL) {
1252 tty->termios = *tp;
1253 tty->termios.c_line = tty->driver->init_termios.c_line;
1254 } else
1255 tty->termios = tty->driver->init_termios;
1256 }
1257 /* Compatibility until drivers always set this */
1258 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1259 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1260 }
1261 EXPORT_SYMBOL_GPL(tty_init_termios);
1262
1263 /**
1264 * tty_standard_install - usual tty->ops->install
1265 * @driver: the driver for the tty
1266 * @tty: the tty
1267 *
1268 * If the @driver overrides @tty->ops->install, it still can call this function
1269 * to perform the standard install operations.
1270 */
tty_standard_install(struct tty_driver * driver,struct tty_struct * tty)1271 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1272 {
1273 tty_init_termios(tty);
1274 tty_driver_kref_get(driver);
1275 tty->count++;
1276 driver->ttys[tty->index] = tty;
1277 return 0;
1278 }
1279 EXPORT_SYMBOL_GPL(tty_standard_install);
1280
1281 /**
1282 * tty_driver_install_tty() - install a tty entry in the driver
1283 * @driver: the driver for the tty
1284 * @tty: the tty
1285 *
1286 * Install a tty object into the driver tables. The @tty->index field will be
1287 * set by the time this is called. This method is responsible for ensuring any
1288 * need additional structures are allocated and configured.
1289 *
1290 * Locking: tty_mutex for now
1291 */
tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1292 static int tty_driver_install_tty(struct tty_driver *driver,
1293 struct tty_struct *tty)
1294 {
1295 return driver->ops->install ? driver->ops->install(driver, tty) :
1296 tty_standard_install(driver, tty);
1297 }
1298
1299 /**
1300 * tty_driver_remove_tty() - remove a tty from the driver tables
1301 * @driver: the driver for the tty
1302 * @tty: tty to remove
1303 *
1304 * Remove a tty object from the driver tables. The tty->index field will be set
1305 * by the time this is called.
1306 *
1307 * Locking: tty_mutex for now
1308 */
tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1309 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1310 {
1311 if (driver->ops->remove)
1312 driver->ops->remove(driver, tty);
1313 else
1314 driver->ttys[tty->index] = NULL;
1315 }
1316
1317 /**
1318 * tty_reopen() - fast re-open of an open tty
1319 * @tty: the tty to open
1320 *
1321 * Re-opens on master ptys are not allowed and return -%EIO.
1322 *
1323 * Locking: Caller must hold tty_lock
1324 * Return: 0 on success, -errno on error.
1325 */
tty_reopen(struct tty_struct * tty)1326 static int tty_reopen(struct tty_struct *tty)
1327 {
1328 struct tty_driver *driver = tty->driver;
1329 struct tty_ldisc *ld;
1330 int retval = 0;
1331
1332 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1333 driver->subtype == PTY_TYPE_MASTER)
1334 return -EIO;
1335
1336 if (!tty->count)
1337 return -EAGAIN;
1338
1339 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1340 return -EBUSY;
1341
1342 ld = tty_ldisc_ref_wait(tty);
1343 if (ld) {
1344 tty_ldisc_deref(ld);
1345 } else {
1346 retval = tty_ldisc_lock(tty, 5 * HZ);
1347 if (retval)
1348 return retval;
1349
1350 if (!tty->ldisc)
1351 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1352 tty_ldisc_unlock(tty);
1353 }
1354
1355 if (retval == 0)
1356 tty->count++;
1357
1358 return retval;
1359 }
1360
1361 /**
1362 * tty_init_dev - initialise a tty device
1363 * @driver: tty driver we are opening a device on
1364 * @idx: device index
1365 *
1366 * Prepare a tty device. This may not be a "new" clean device but could also be
1367 * an active device. The pty drivers require special handling because of this.
1368 *
1369 * Locking:
1370 * The function is called under the tty_mutex, which protects us from the
1371 * tty struct or driver itself going away.
1372 *
1373 * On exit the tty device has the line discipline attached and a reference
1374 * count of 1. If a pair was created for pty/tty use and the other was a pty
1375 * master then it too has a reference count of 1.
1376 *
1377 * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1378 * open. The new code protects the open with a mutex, so it's really quite
1379 * straightforward. The mutex locking can probably be relaxed for the (most
1380 * common) case of reopening a tty.
1381 *
1382 * Return: new tty structure
1383 */
tty_init_dev(struct tty_driver * driver,int idx)1384 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1385 {
1386 struct tty_struct *tty;
1387 int retval;
1388
1389 /*
1390 * First time open is complex, especially for PTY devices.
1391 * This code guarantees that either everything succeeds and the
1392 * TTY is ready for operation, or else the table slots are vacated
1393 * and the allocated memory released. (Except that the termios
1394 * may be retained.)
1395 */
1396
1397 if (!try_module_get(driver->owner))
1398 return ERR_PTR(-ENODEV);
1399
1400 tty = alloc_tty_struct(driver, idx);
1401 if (!tty) {
1402 retval = -ENOMEM;
1403 goto err_module_put;
1404 }
1405
1406 tty_lock(tty);
1407 retval = tty_driver_install_tty(driver, tty);
1408 if (retval < 0)
1409 goto err_free_tty;
1410
1411 if (!tty->port)
1412 tty->port = driver->ports[idx];
1413
1414 if (WARN_RATELIMIT(!tty->port,
1415 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1416 __func__, tty->driver->name)) {
1417 retval = -EINVAL;
1418 goto err_release_lock;
1419 }
1420
1421 retval = tty_ldisc_lock(tty, 5 * HZ);
1422 if (retval)
1423 goto err_release_lock;
1424 tty->port->itty = tty;
1425
1426 /*
1427 * Structures all installed ... call the ldisc open routines.
1428 * If we fail here just call release_tty to clean up. No need
1429 * to decrement the use counts, as release_tty doesn't care.
1430 */
1431 retval = tty_ldisc_setup(tty, tty->link);
1432 if (retval)
1433 goto err_release_tty;
1434 tty_ldisc_unlock(tty);
1435 /* Return the tty locked so that it cannot vanish under the caller */
1436 return tty;
1437
1438 err_free_tty:
1439 tty_unlock(tty);
1440 free_tty_struct(tty);
1441 err_module_put:
1442 module_put(driver->owner);
1443 return ERR_PTR(retval);
1444
1445 /* call the tty release_tty routine to clean out this slot */
1446 err_release_tty:
1447 tty_ldisc_unlock(tty);
1448 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1449 retval, idx);
1450 err_release_lock:
1451 tty_unlock(tty);
1452 release_tty(tty, idx);
1453 return ERR_PTR(retval);
1454 }
1455
1456 /**
1457 * tty_save_termios() - save tty termios data in driver table
1458 * @tty: tty whose termios data to save
1459 *
1460 * Locking: Caller guarantees serialisation with tty_init_termios().
1461 */
tty_save_termios(struct tty_struct * tty)1462 void tty_save_termios(struct tty_struct *tty)
1463 {
1464 struct ktermios *tp;
1465 int idx = tty->index;
1466
1467 /* If the port is going to reset then it has no termios to save */
1468 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1469 return;
1470
1471 /* Stash the termios data */
1472 tp = tty->driver->termios[idx];
1473 if (tp == NULL) {
1474 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1475 if (tp == NULL)
1476 return;
1477 tty->driver->termios[idx] = tp;
1478 }
1479 *tp = tty->termios;
1480 }
1481 EXPORT_SYMBOL_GPL(tty_save_termios);
1482
1483 /**
1484 * tty_flush_works - flush all works of a tty/pty pair
1485 * @tty: tty device to flush works for (or either end of a pty pair)
1486 *
1487 * Sync flush all works belonging to @tty (and the 'other' tty).
1488 */
tty_flush_works(struct tty_struct * tty)1489 static void tty_flush_works(struct tty_struct *tty)
1490 {
1491 flush_work(&tty->SAK_work);
1492 flush_work(&tty->hangup_work);
1493 if (tty->link) {
1494 flush_work(&tty->link->SAK_work);
1495 flush_work(&tty->link->hangup_work);
1496 }
1497 }
1498
1499 /**
1500 * release_one_tty - release tty structure memory
1501 * @work: work of tty we are obliterating
1502 *
1503 * Releases memory associated with a tty structure, and clears out the
1504 * driver table slots. This function is called when a device is no longer
1505 * in use. It also gets called when setup of a device fails.
1506 *
1507 * Locking:
1508 * takes the file list lock internally when working on the list of ttys
1509 * that the driver keeps.
1510 *
1511 * This method gets called from a work queue so that the driver private
1512 * cleanup ops can sleep (needed for USB at least)
1513 */
release_one_tty(struct work_struct * work)1514 static void release_one_tty(struct work_struct *work)
1515 {
1516 struct tty_struct *tty =
1517 container_of(work, struct tty_struct, hangup_work);
1518 struct tty_driver *driver = tty->driver;
1519 struct module *owner = driver->owner;
1520
1521 if (tty->ops->cleanup)
1522 tty->ops->cleanup(tty);
1523
1524 tty_driver_kref_put(driver);
1525 module_put(owner);
1526
1527 spin_lock(&tty->files_lock);
1528 list_del_init(&tty->tty_files);
1529 spin_unlock(&tty->files_lock);
1530
1531 put_pid(tty->ctrl.pgrp);
1532 put_pid(tty->ctrl.session);
1533 free_tty_struct(tty);
1534 }
1535
queue_release_one_tty(struct kref * kref)1536 static void queue_release_one_tty(struct kref *kref)
1537 {
1538 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1539
1540 /* The hangup queue is now free so we can reuse it rather than
1541 * waste a chunk of memory for each port.
1542 */
1543 INIT_WORK(&tty->hangup_work, release_one_tty);
1544 schedule_work(&tty->hangup_work);
1545 }
1546
1547 /**
1548 * tty_kref_put - release a tty kref
1549 * @tty: tty device
1550 *
1551 * Release a reference to the @tty device and if need be let the kref layer
1552 * destruct the object for us.
1553 */
tty_kref_put(struct tty_struct * tty)1554 void tty_kref_put(struct tty_struct *tty)
1555 {
1556 if (tty)
1557 kref_put(&tty->kref, queue_release_one_tty);
1558 }
1559 EXPORT_SYMBOL(tty_kref_put);
1560
1561 /**
1562 * release_tty - release tty structure memory
1563 * @tty: tty device release
1564 * @idx: index of the tty device release
1565 *
1566 * Release both @tty and a possible linked partner (think pty pair),
1567 * and decrement the refcount of the backing module.
1568 *
1569 * Locking:
1570 * tty_mutex
1571 * takes the file list lock internally when working on the list of ttys
1572 * that the driver keeps.
1573 */
release_tty(struct tty_struct * tty,int idx)1574 static void release_tty(struct tty_struct *tty, int idx)
1575 {
1576 /* This should always be true but check for the moment */
1577 WARN_ON(tty->index != idx);
1578 WARN_ON(!mutex_is_locked(&tty_mutex));
1579 if (tty->ops->shutdown)
1580 tty->ops->shutdown(tty);
1581 tty_save_termios(tty);
1582 tty_driver_remove_tty(tty->driver, tty);
1583 if (tty->port)
1584 tty->port->itty = NULL;
1585 if (tty->link)
1586 tty->link->port->itty = NULL;
1587 if (tty->port)
1588 tty_buffer_cancel_work(tty->port);
1589 if (tty->link)
1590 tty_buffer_cancel_work(tty->link->port);
1591
1592 tty_kref_put(tty->link);
1593 tty_kref_put(tty);
1594 }
1595
1596 /**
1597 * tty_release_checks - check a tty before real release
1598 * @tty: tty to check
1599 * @idx: index of the tty
1600 *
1601 * Performs some paranoid checking before true release of the @tty. This is a
1602 * no-op unless %TTY_PARANOIA_CHECK is defined.
1603 */
tty_release_checks(struct tty_struct * tty,int idx)1604 static int tty_release_checks(struct tty_struct *tty, int idx)
1605 {
1606 #ifdef TTY_PARANOIA_CHECK
1607 if (idx < 0 || idx >= tty->driver->num) {
1608 tty_debug(tty, "bad idx %d\n", idx);
1609 return -1;
1610 }
1611
1612 /* not much to check for devpts */
1613 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1614 return 0;
1615
1616 if (tty != tty->driver->ttys[idx]) {
1617 tty_debug(tty, "bad driver table[%d] = %p\n",
1618 idx, tty->driver->ttys[idx]);
1619 return -1;
1620 }
1621 if (tty->driver->other) {
1622 struct tty_struct *o_tty = tty->link;
1623
1624 if (o_tty != tty->driver->other->ttys[idx]) {
1625 tty_debug(tty, "bad other table[%d] = %p\n",
1626 idx, tty->driver->other->ttys[idx]);
1627 return -1;
1628 }
1629 if (o_tty->link != tty) {
1630 tty_debug(tty, "bad link = %p\n", o_tty->link);
1631 return -1;
1632 }
1633 }
1634 #endif
1635 return 0;
1636 }
1637
1638 /**
1639 * tty_kclose - closes tty opened by tty_kopen
1640 * @tty: tty device
1641 *
1642 * Performs the final steps to release and free a tty device. It is the same as
1643 * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1644 * @tty->port.
1645 */
tty_kclose(struct tty_struct * tty)1646 void tty_kclose(struct tty_struct *tty)
1647 {
1648 /*
1649 * Ask the line discipline code to release its structures
1650 */
1651 tty_ldisc_release(tty);
1652
1653 /* Wait for pending work before tty destruction commences */
1654 tty_flush_works(tty);
1655
1656 tty_debug_hangup(tty, "freeing structure\n");
1657 /*
1658 * The release_tty function takes care of the details of clearing
1659 * the slots and preserving the termios structure.
1660 */
1661 mutex_lock(&tty_mutex);
1662 tty_port_set_kopened(tty->port, 0);
1663 release_tty(tty, tty->index);
1664 mutex_unlock(&tty_mutex);
1665 }
1666 EXPORT_SYMBOL_GPL(tty_kclose);
1667
1668 /**
1669 * tty_release_struct - release a tty struct
1670 * @tty: tty device
1671 * @idx: index of the tty
1672 *
1673 * Performs the final steps to release and free a tty device. It is roughly the
1674 * reverse of tty_init_dev().
1675 */
tty_release_struct(struct tty_struct * tty,int idx)1676 void tty_release_struct(struct tty_struct *tty, int idx)
1677 {
1678 /*
1679 * Ask the line discipline code to release its structures
1680 */
1681 tty_ldisc_release(tty);
1682
1683 /* Wait for pending work before tty destruction commmences */
1684 tty_flush_works(tty);
1685
1686 tty_debug_hangup(tty, "freeing structure\n");
1687 /*
1688 * The release_tty function takes care of the details of clearing
1689 * the slots and preserving the termios structure.
1690 */
1691 mutex_lock(&tty_mutex);
1692 release_tty(tty, idx);
1693 mutex_unlock(&tty_mutex);
1694 }
1695 EXPORT_SYMBOL_GPL(tty_release_struct);
1696
1697 /**
1698 * tty_release - vfs callback for close
1699 * @inode: inode of tty
1700 * @filp: file pointer for handle to tty
1701 *
1702 * Called the last time each file handle is closed that references this tty.
1703 * There may however be several such references.
1704 *
1705 * Locking:
1706 * Takes BKL. See tty_release_dev().
1707 *
1708 * Even releasing the tty structures is a tricky business. We have to be very
1709 * careful that the structures are all released at the same time, as interrupts
1710 * might otherwise get the wrong pointers.
1711 *
1712 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1713 * lead to double frees or releasing memory still in use.
1714 */
tty_release(struct inode * inode,struct file * filp)1715 int tty_release(struct inode *inode, struct file *filp)
1716 {
1717 struct tty_struct *tty = file_tty(filp);
1718 struct tty_struct *o_tty = NULL;
1719 int do_sleep, final;
1720 int idx;
1721 long timeout = 0;
1722 int once = 1;
1723
1724 if (tty_paranoia_check(tty, inode, __func__))
1725 return 0;
1726
1727 tty_lock(tty);
1728 check_tty_count(tty, __func__);
1729
1730 __tty_fasync(-1, filp, 0);
1731
1732 idx = tty->index;
1733 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1734 tty->driver->subtype == PTY_TYPE_MASTER)
1735 o_tty = tty->link;
1736
1737 if (tty_release_checks(tty, idx)) {
1738 tty_unlock(tty);
1739 return 0;
1740 }
1741
1742 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1743
1744 if (tty->ops->close)
1745 tty->ops->close(tty, filp);
1746
1747 /* If tty is pty master, lock the slave pty (stable lock order) */
1748 tty_lock_slave(o_tty);
1749
1750 /*
1751 * Sanity check: if tty->count is going to zero, there shouldn't be
1752 * any waiters on tty->read_wait or tty->write_wait. We test the
1753 * wait queues and kick everyone out _before_ actually starting to
1754 * close. This ensures that we won't block while releasing the tty
1755 * structure.
1756 *
1757 * The test for the o_tty closing is necessary, since the master and
1758 * slave sides may close in any order. If the slave side closes out
1759 * first, its count will be one, since the master side holds an open.
1760 * Thus this test wouldn't be triggered at the time the slave closed,
1761 * so we do it now.
1762 */
1763 while (1) {
1764 do_sleep = 0;
1765
1766 if (tty->count <= 1) {
1767 if (waitqueue_active(&tty->read_wait)) {
1768 wake_up_poll(&tty->read_wait, EPOLLIN);
1769 do_sleep++;
1770 }
1771 if (waitqueue_active(&tty->write_wait)) {
1772 wake_up_poll(&tty->write_wait, EPOLLOUT);
1773 do_sleep++;
1774 }
1775 }
1776 if (o_tty && o_tty->count <= 1) {
1777 if (waitqueue_active(&o_tty->read_wait)) {
1778 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1779 do_sleep++;
1780 }
1781 if (waitqueue_active(&o_tty->write_wait)) {
1782 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1783 do_sleep++;
1784 }
1785 }
1786 if (!do_sleep)
1787 break;
1788
1789 if (once) {
1790 once = 0;
1791 tty_warn(tty, "read/write wait queue active!\n");
1792 }
1793 schedule_timeout_killable(timeout);
1794 if (timeout < 120 * HZ)
1795 timeout = 2 * timeout + 1;
1796 else
1797 timeout = MAX_SCHEDULE_TIMEOUT;
1798 }
1799
1800 if (o_tty) {
1801 if (--o_tty->count < 0) {
1802 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1803 o_tty->count = 0;
1804 }
1805 }
1806 if (--tty->count < 0) {
1807 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1808 tty->count = 0;
1809 }
1810
1811 /*
1812 * We've decremented tty->count, so we need to remove this file
1813 * descriptor off the tty->tty_files list; this serves two
1814 * purposes:
1815 * - check_tty_count sees the correct number of file descriptors
1816 * associated with this tty.
1817 * - do_tty_hangup no longer sees this file descriptor as
1818 * something that needs to be handled for hangups.
1819 */
1820 tty_del_file(filp);
1821
1822 /*
1823 * Perform some housekeeping before deciding whether to return.
1824 *
1825 * If _either_ side is closing, make sure there aren't any
1826 * processes that still think tty or o_tty is their controlling
1827 * tty.
1828 */
1829 if (!tty->count) {
1830 read_lock(&tasklist_lock);
1831 session_clear_tty(tty->ctrl.session);
1832 if (o_tty)
1833 session_clear_tty(o_tty->ctrl.session);
1834 read_unlock(&tasklist_lock);
1835 }
1836
1837 /* check whether both sides are closing ... */
1838 final = !tty->count && !(o_tty && o_tty->count);
1839
1840 tty_unlock_slave(o_tty);
1841 tty_unlock(tty);
1842
1843 /* At this point, the tty->count == 0 should ensure a dead tty
1844 * cannot be re-opened by a racing opener.
1845 */
1846
1847 if (!final)
1848 return 0;
1849
1850 tty_debug_hangup(tty, "final close\n");
1851
1852 tty_release_struct(tty, idx);
1853 return 0;
1854 }
1855
1856 /**
1857 * tty_open_current_tty - get locked tty of current task
1858 * @device: device number
1859 * @filp: file pointer to tty
1860 * @return: locked tty of the current task iff @device is /dev/tty
1861 *
1862 * Performs a re-open of the current task's controlling tty.
1863 *
1864 * We cannot return driver and index like for the other nodes because devpts
1865 * will not work then. It expects inodes to be from devpts FS.
1866 */
tty_open_current_tty(dev_t device,struct file * filp)1867 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1868 {
1869 struct tty_struct *tty;
1870 int retval;
1871
1872 if (device != MKDEV(TTYAUX_MAJOR, 0))
1873 return NULL;
1874
1875 tty = get_current_tty();
1876 if (!tty)
1877 return ERR_PTR(-ENXIO);
1878
1879 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1880 /* noctty = 1; */
1881 tty_lock(tty);
1882 tty_kref_put(tty); /* safe to drop the kref now */
1883
1884 retval = tty_reopen(tty);
1885 if (retval < 0) {
1886 tty_unlock(tty);
1887 tty = ERR_PTR(retval);
1888 }
1889 return tty;
1890 }
1891
1892 /**
1893 * tty_lookup_driver - lookup a tty driver for a given device file
1894 * @device: device number
1895 * @filp: file pointer to tty
1896 * @index: index for the device in the @return driver
1897 *
1898 * If returned value is not erroneous, the caller is responsible to decrement
1899 * the refcount by tty_driver_kref_put().
1900 *
1901 * Locking: %tty_mutex protects get_tty_driver()
1902 *
1903 * Return: driver for this inode (with increased refcount)
1904 */
tty_lookup_driver(dev_t device,struct file * filp,int * index)1905 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1906 int *index)
1907 {
1908 struct tty_driver *driver = NULL;
1909
1910 switch (device) {
1911 #ifdef CONFIG_VT
1912 case MKDEV(TTY_MAJOR, 0): {
1913 extern struct tty_driver *console_driver;
1914
1915 driver = tty_driver_kref_get(console_driver);
1916 *index = fg_console;
1917 break;
1918 }
1919 #endif
1920 case MKDEV(TTYAUX_MAJOR, 1): {
1921 struct tty_driver *console_driver = console_device(index);
1922
1923 if (console_driver) {
1924 driver = tty_driver_kref_get(console_driver);
1925 if (driver && filp) {
1926 /* Don't let /dev/console block */
1927 filp->f_flags |= O_NONBLOCK;
1928 break;
1929 }
1930 }
1931 if (driver)
1932 tty_driver_kref_put(driver);
1933 return ERR_PTR(-ENODEV);
1934 }
1935 default:
1936 driver = get_tty_driver(device, index);
1937 if (!driver)
1938 return ERR_PTR(-ENODEV);
1939 break;
1940 }
1941 return driver;
1942 }
1943
tty_kopen(dev_t device,int shared)1944 static struct tty_struct *tty_kopen(dev_t device, int shared)
1945 {
1946 struct tty_struct *tty;
1947 struct tty_driver *driver;
1948 int index = -1;
1949
1950 mutex_lock(&tty_mutex);
1951 driver = tty_lookup_driver(device, NULL, &index);
1952 if (IS_ERR(driver)) {
1953 mutex_unlock(&tty_mutex);
1954 return ERR_CAST(driver);
1955 }
1956
1957 /* check whether we're reopening an existing tty */
1958 tty = tty_driver_lookup_tty(driver, NULL, index);
1959 if (IS_ERR(tty) || shared)
1960 goto out;
1961
1962 if (tty) {
1963 /* drop kref from tty_driver_lookup_tty() */
1964 tty_kref_put(tty);
1965 tty = ERR_PTR(-EBUSY);
1966 } else { /* tty_init_dev returns tty with the tty_lock held */
1967 tty = tty_init_dev(driver, index);
1968 if (IS_ERR(tty))
1969 goto out;
1970 tty_port_set_kopened(tty->port, 1);
1971 }
1972 out:
1973 mutex_unlock(&tty_mutex);
1974 tty_driver_kref_put(driver);
1975 return tty;
1976 }
1977
1978 /**
1979 * tty_kopen_exclusive - open a tty device for kernel
1980 * @device: dev_t of device to open
1981 *
1982 * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
1983 * it's not already opened and performs the first-time tty initialization.
1984 *
1985 * Claims the global %tty_mutex to serialize:
1986 * * concurrent first-time tty initialization
1987 * * concurrent tty driver removal w/ lookup
1988 * * concurrent tty removal from driver table
1989 *
1990 * Return: the locked initialized &tty_struct
1991 */
tty_kopen_exclusive(dev_t device)1992 struct tty_struct *tty_kopen_exclusive(dev_t device)
1993 {
1994 return tty_kopen(device, 0);
1995 }
1996 EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
1997
1998 /**
1999 * tty_kopen_shared - open a tty device for shared in-kernel use
2000 * @device: dev_t of device to open
2001 *
2002 * Opens an already existing tty for in-kernel use. Compared to
2003 * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2004 *
2005 * Locking: identical to tty_kopen() above.
2006 */
tty_kopen_shared(dev_t device)2007 struct tty_struct *tty_kopen_shared(dev_t device)
2008 {
2009 return tty_kopen(device, 1);
2010 }
2011 EXPORT_SYMBOL_GPL(tty_kopen_shared);
2012
2013 /**
2014 * tty_open_by_driver - open a tty device
2015 * @device: dev_t of device to open
2016 * @filp: file pointer to tty
2017 *
2018 * Performs the driver lookup, checks for a reopen, or otherwise performs the
2019 * first-time tty initialization.
2020 *
2021 *
2022 * Claims the global tty_mutex to serialize:
2023 * * concurrent first-time tty initialization
2024 * * concurrent tty driver removal w/ lookup
2025 * * concurrent tty removal from driver table
2026 *
2027 * Return: the locked initialized or re-opened &tty_struct
2028 */
tty_open_by_driver(dev_t device,struct file * filp)2029 static struct tty_struct *tty_open_by_driver(dev_t device,
2030 struct file *filp)
2031 {
2032 struct tty_struct *tty;
2033 struct tty_driver *driver = NULL;
2034 int index = -1;
2035 int retval;
2036
2037 mutex_lock(&tty_mutex);
2038 driver = tty_lookup_driver(device, filp, &index);
2039 if (IS_ERR(driver)) {
2040 mutex_unlock(&tty_mutex);
2041 return ERR_CAST(driver);
2042 }
2043
2044 /* check whether we're reopening an existing tty */
2045 tty = tty_driver_lookup_tty(driver, filp, index);
2046 if (IS_ERR(tty)) {
2047 mutex_unlock(&tty_mutex);
2048 goto out;
2049 }
2050
2051 if (tty) {
2052 if (tty_port_kopened(tty->port)) {
2053 tty_kref_put(tty);
2054 mutex_unlock(&tty_mutex);
2055 tty = ERR_PTR(-EBUSY);
2056 goto out;
2057 }
2058 mutex_unlock(&tty_mutex);
2059 retval = tty_lock_interruptible(tty);
2060 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2061 if (retval) {
2062 if (retval == -EINTR)
2063 retval = -ERESTARTSYS;
2064 tty = ERR_PTR(retval);
2065 goto out;
2066 }
2067 retval = tty_reopen(tty);
2068 if (retval < 0) {
2069 tty_unlock(tty);
2070 tty = ERR_PTR(retval);
2071 }
2072 } else { /* Returns with the tty_lock held for now */
2073 tty = tty_init_dev(driver, index);
2074 mutex_unlock(&tty_mutex);
2075 }
2076 out:
2077 tty_driver_kref_put(driver);
2078 return tty;
2079 }
2080
2081 /**
2082 * tty_open - open a tty device
2083 * @inode: inode of device file
2084 * @filp: file pointer to tty
2085 *
2086 * tty_open() and tty_release() keep up the tty count that contains the number
2087 * of opens done on a tty. We cannot use the inode-count, as different inodes
2088 * might point to the same tty.
2089 *
2090 * Open-counting is needed for pty masters, as well as for keeping track of
2091 * serial lines: DTR is dropped when the last close happens.
2092 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2093 *
2094 * The termios state of a pty is reset on the first open so that settings don't
2095 * persist across reuse.
2096 *
2097 * Locking:
2098 * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2099 * * @tty->count should protect the rest.
2100 * * ->siglock protects ->signal/->sighand
2101 *
2102 * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2103 */
tty_open(struct inode * inode,struct file * filp)2104 static int tty_open(struct inode *inode, struct file *filp)
2105 {
2106 struct tty_struct *tty;
2107 int noctty, retval;
2108 dev_t device = inode->i_rdev;
2109 unsigned saved_flags = filp->f_flags;
2110
2111 nonseekable_open(inode, filp);
2112
2113 retry_open:
2114 retval = tty_alloc_file(filp);
2115 if (retval)
2116 return -ENOMEM;
2117
2118 tty = tty_open_current_tty(device, filp);
2119 if (!tty)
2120 tty = tty_open_by_driver(device, filp);
2121
2122 if (IS_ERR(tty)) {
2123 tty_free_file(filp);
2124 retval = PTR_ERR(tty);
2125 if (retval != -EAGAIN || signal_pending(current))
2126 return retval;
2127 schedule();
2128 goto retry_open;
2129 }
2130
2131 tty_add_file(tty, filp);
2132
2133 check_tty_count(tty, __func__);
2134 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2135
2136 if (tty->ops->open)
2137 retval = tty->ops->open(tty, filp);
2138 else
2139 retval = -ENODEV;
2140 filp->f_flags = saved_flags;
2141
2142 if (retval) {
2143 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2144
2145 tty_unlock(tty); /* need to call tty_release without BTM */
2146 tty_release(inode, filp);
2147 if (retval != -ERESTARTSYS)
2148 return retval;
2149
2150 if (signal_pending(current))
2151 return retval;
2152
2153 schedule();
2154 /*
2155 * Need to reset f_op in case a hangup happened.
2156 */
2157 if (tty_hung_up_p(filp))
2158 filp->f_op = &tty_fops;
2159 goto retry_open;
2160 }
2161 clear_bit(TTY_HUPPED, &tty->flags);
2162
2163 noctty = (filp->f_flags & O_NOCTTY) ||
2164 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2165 device == MKDEV(TTYAUX_MAJOR, 1) ||
2166 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2167 tty->driver->subtype == PTY_TYPE_MASTER);
2168 if (!noctty)
2169 tty_open_proc_set_tty(filp, tty);
2170 tty_unlock(tty);
2171 return 0;
2172 }
2173
2174
2175 /**
2176 * tty_poll - check tty status
2177 * @filp: file being polled
2178 * @wait: poll wait structures to update
2179 *
2180 * Call the line discipline polling method to obtain the poll status of the
2181 * device.
2182 *
2183 * Locking: locks called line discipline but ldisc poll method may be
2184 * re-entered freely by other callers.
2185 */
tty_poll(struct file * filp,poll_table * wait)2186 static __poll_t tty_poll(struct file *filp, poll_table *wait)
2187 {
2188 struct tty_struct *tty = file_tty(filp);
2189 struct tty_ldisc *ld;
2190 __poll_t ret = 0;
2191
2192 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2193 return 0;
2194
2195 ld = tty_ldisc_ref_wait(tty);
2196 if (!ld)
2197 return hung_up_tty_poll(filp, wait);
2198 if (ld->ops->poll)
2199 ret = ld->ops->poll(tty, filp, wait);
2200 tty_ldisc_deref(ld);
2201 return ret;
2202 }
2203
__tty_fasync(int fd,struct file * filp,int on)2204 static int __tty_fasync(int fd, struct file *filp, int on)
2205 {
2206 struct tty_struct *tty = file_tty(filp);
2207 unsigned long flags;
2208 int retval = 0;
2209
2210 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2211 goto out;
2212
2213 if (on) {
2214 retval = file_f_owner_allocate(filp);
2215 if (retval)
2216 goto out;
2217 }
2218
2219 retval = fasync_helper(fd, filp, on, &tty->fasync);
2220 if (retval <= 0)
2221 goto out;
2222
2223 if (on) {
2224 enum pid_type type;
2225 struct pid *pid;
2226
2227 spin_lock_irqsave(&tty->ctrl.lock, flags);
2228 if (tty->ctrl.pgrp) {
2229 pid = tty->ctrl.pgrp;
2230 type = PIDTYPE_PGID;
2231 } else {
2232 pid = task_pid(current);
2233 type = PIDTYPE_TGID;
2234 }
2235 get_pid(pid);
2236 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2237 __f_setown(filp, pid, type, 0);
2238 put_pid(pid);
2239 retval = 0;
2240 }
2241 out:
2242 return retval;
2243 }
2244
tty_fasync(int fd,struct file * filp,int on)2245 static int tty_fasync(int fd, struct file *filp, int on)
2246 {
2247 struct tty_struct *tty = file_tty(filp);
2248 int retval = -ENOTTY;
2249
2250 tty_lock(tty);
2251 if (!tty_hung_up_p(filp))
2252 retval = __tty_fasync(fd, filp, on);
2253 tty_unlock(tty);
2254
2255 return retval;
2256 }
2257
2258 static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
2259 /**
2260 * tiocsti - fake input character
2261 * @tty: tty to fake input into
2262 * @p: pointer to character
2263 *
2264 * Fake input to a tty device. Does the necessary locking and input management.
2265 *
2266 * FIXME: does not honour flow control ??
2267 *
2268 * Locking:
2269 * * Called functions take tty_ldiscs_lock
2270 * * current->signal->tty check is safe without locks
2271 */
tiocsti(struct tty_struct * tty,u8 __user * p)2272 static int tiocsti(struct tty_struct *tty, u8 __user *p)
2273 {
2274 struct tty_ldisc *ld;
2275 u8 ch;
2276
2277 if (!tty_legacy_tiocsti && !capable(CAP_SYS_ADMIN))
2278 return -EIO;
2279
2280 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2281 return -EPERM;
2282 if (get_user(ch, p))
2283 return -EFAULT;
2284 tty_audit_tiocsti(tty, ch);
2285 ld = tty_ldisc_ref_wait(tty);
2286 if (!ld)
2287 return -EIO;
2288 tty_buffer_lock_exclusive(tty->port);
2289 if (ld->ops->receive_buf)
2290 ld->ops->receive_buf(tty, &ch, NULL, 1);
2291 tty_buffer_unlock_exclusive(tty->port);
2292 tty_ldisc_deref(ld);
2293 return 0;
2294 }
2295
2296 /**
2297 * tiocgwinsz - implement window query ioctl
2298 * @tty: tty
2299 * @arg: user buffer for result
2300 *
2301 * Copies the kernel idea of the window size into the user buffer.
2302 *
2303 * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2304 * consistent.
2305 */
tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2306 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2307 {
2308 guard(mutex)(&tty->winsize_mutex);
2309
2310 if (copy_to_user(arg, &tty->winsize, sizeof(*arg)))
2311 return -EFAULT;
2312
2313 return 0;
2314 }
2315
2316 /**
2317 * tty_do_resize - resize event
2318 * @tty: tty being resized
2319 * @ws: new dimensions
2320 *
2321 * Update the termios variables and send the necessary signals to peform a
2322 * terminal resize correctly.
2323 */
tty_do_resize(struct tty_struct * tty,struct winsize * ws)2324 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2325 {
2326 struct pid *pgrp;
2327
2328 guard(mutex)(&tty->winsize_mutex);
2329
2330 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2331 return 0;
2332
2333 /* Signal the foreground process group */
2334 pgrp = tty_get_pgrp(tty);
2335 if (pgrp)
2336 kill_pgrp(pgrp, SIGWINCH, 1);
2337 put_pid(pgrp);
2338
2339 tty->winsize = *ws;
2340
2341 return 0;
2342 }
2343 EXPORT_SYMBOL(tty_do_resize);
2344
2345 /**
2346 * tiocswinsz - implement window size set ioctl
2347 * @tty: tty side of tty
2348 * @arg: user buffer for result
2349 *
2350 * Copies the user idea of the window size to the kernel. Traditionally this is
2351 * just advisory information but for the Linux console it actually has driver
2352 * level meaning and triggers a VC resize.
2353 *
2354 * Locking:
2355 * Driver dependent. The default do_resize method takes the tty termios
2356 * mutex and ctrl.lock. The console takes its own lock then calls into the
2357 * default method.
2358 */
tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2359 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2360 {
2361 struct winsize tmp_ws;
2362
2363 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2364 return -EFAULT;
2365
2366 if (tty->ops->resize)
2367 return tty->ops->resize(tty, &tmp_ws);
2368 else
2369 return tty_do_resize(tty, &tmp_ws);
2370 }
2371
2372 /**
2373 * tioccons - allow admin to move logical console
2374 * @file: the file to become console
2375 *
2376 * Allow the administrator to move the redirected console device.
2377 *
2378 * Locking: uses redirect_lock to guard the redirect information
2379 */
tioccons(struct file * file)2380 static int tioccons(struct file *file)
2381 {
2382 if (!capable(CAP_SYS_ADMIN))
2383 return -EPERM;
2384 if (file->f_op->write_iter == redirected_tty_write) {
2385 struct file *f;
2386
2387 spin_lock(&redirect_lock);
2388 f = redirect;
2389 redirect = NULL;
2390 spin_unlock(&redirect_lock);
2391 if (f)
2392 fput(f);
2393 return 0;
2394 }
2395 if (file->f_op->write_iter != tty_write)
2396 return -ENOTTY;
2397 if (!(file->f_mode & FMODE_WRITE))
2398 return -EBADF;
2399 if (!(file->f_mode & FMODE_CAN_WRITE))
2400 return -EINVAL;
2401
2402 guard(spinlock)(&redirect_lock);
2403
2404 if (redirect)
2405 return -EBUSY;
2406
2407 redirect = get_file(file);
2408
2409 return 0;
2410 }
2411
2412 /**
2413 * tiocsetd - set line discipline
2414 * @tty: tty device
2415 * @p: pointer to user data
2416 *
2417 * Set the line discipline according to user request.
2418 *
2419 * Locking: see tty_set_ldisc(), this function is just a helper
2420 */
tiocsetd(struct tty_struct * tty,int __user * p)2421 static int tiocsetd(struct tty_struct *tty, int __user *p)
2422 {
2423 int disc;
2424 int ret;
2425
2426 if (get_user(disc, p))
2427 return -EFAULT;
2428
2429 ret = tty_set_ldisc(tty, disc);
2430
2431 return ret;
2432 }
2433
2434 /**
2435 * tiocgetd - get line discipline
2436 * @tty: tty device
2437 * @p: pointer to user data
2438 *
2439 * Retrieves the line discipline id directly from the ldisc.
2440 *
2441 * Locking: waits for ldisc reference (in case the line discipline is changing
2442 * or the @tty is being hungup)
2443 */
tiocgetd(struct tty_struct * tty,int __user * p)2444 static int tiocgetd(struct tty_struct *tty, int __user *p)
2445 {
2446 struct tty_ldisc *ld;
2447 int ret;
2448
2449 ld = tty_ldisc_ref_wait(tty);
2450 if (!ld)
2451 return -EIO;
2452 ret = put_user(ld->ops->num, p);
2453 tty_ldisc_deref(ld);
2454 return ret;
2455 }
2456
2457 /**
2458 * send_break - performed time break
2459 * @tty: device to break on
2460 * @duration: timeout in mS
2461 *
2462 * Perform a timed break on hardware that lacks its own driver level timed
2463 * break functionality.
2464 *
2465 * Locking:
2466 * @tty->atomic_write_lock serializes
2467 */
send_break(struct tty_struct * tty,unsigned int duration)2468 static int send_break(struct tty_struct *tty, unsigned int duration)
2469 {
2470 int retval;
2471
2472 if (tty->ops->break_ctl == NULL)
2473 return 0;
2474
2475 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2476 return tty->ops->break_ctl(tty, duration);
2477
2478 /* Do the work ourselves */
2479 if (tty_write_lock(tty, false) < 0)
2480 return -EINTR;
2481
2482 retval = tty->ops->break_ctl(tty, -1);
2483 if (!retval) {
2484 msleep_interruptible(duration);
2485 retval = tty->ops->break_ctl(tty, 0);
2486 } else if (retval == -EOPNOTSUPP) {
2487 /* some drivers can tell only dynamically */
2488 retval = 0;
2489 }
2490 tty_write_unlock(tty);
2491
2492 if (signal_pending(current))
2493 retval = -EINTR;
2494
2495 return retval;
2496 }
2497
2498 /**
2499 * tty_get_tiocm - get tiocm status register
2500 * @tty: tty device
2501 *
2502 * Obtain the modem status bits from the tty driver if the feature
2503 * is supported.
2504 */
tty_get_tiocm(struct tty_struct * tty)2505 int tty_get_tiocm(struct tty_struct *tty)
2506 {
2507 int retval = -ENOTTY;
2508
2509 if (tty->ops->tiocmget)
2510 retval = tty->ops->tiocmget(tty);
2511
2512 return retval;
2513 }
2514 EXPORT_SYMBOL_GPL(tty_get_tiocm);
2515
2516 /**
2517 * tty_tiocmget - get modem status
2518 * @tty: tty device
2519 * @p: pointer to result
2520 *
2521 * Obtain the modem status bits from the tty driver if the feature is
2522 * supported. Return -%ENOTTY if it is not available.
2523 *
2524 * Locking: none (up to the driver)
2525 */
tty_tiocmget(struct tty_struct * tty,int __user * p)2526 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2527 {
2528 int retval;
2529
2530 retval = tty_get_tiocm(tty);
2531 if (retval >= 0)
2532 retval = put_user(retval, p);
2533
2534 return retval;
2535 }
2536
2537 /**
2538 * tty_tiocmset - set modem status
2539 * @tty: tty device
2540 * @cmd: command - clear bits, set bits or set all
2541 * @p: pointer to desired bits
2542 *
2543 * Set the modem status bits from the tty driver if the feature
2544 * is supported. Return -%ENOTTY if it is not available.
2545 *
2546 * Locking: none (up to the driver)
2547 */
tty_tiocmset(struct tty_struct * tty,unsigned int cmd,unsigned __user * p)2548 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2549 unsigned __user *p)
2550 {
2551 int retval;
2552 unsigned int set, clear, val;
2553
2554 if (tty->ops->tiocmset == NULL)
2555 return -ENOTTY;
2556
2557 retval = get_user(val, p);
2558 if (retval)
2559 return retval;
2560 set = clear = 0;
2561 switch (cmd) {
2562 case TIOCMBIS:
2563 set = val;
2564 break;
2565 case TIOCMBIC:
2566 clear = val;
2567 break;
2568 case TIOCMSET:
2569 set = val;
2570 clear = ~val;
2571 break;
2572 }
2573 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2574 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2575 return tty->ops->tiocmset(tty, set, clear);
2576 }
2577
2578 /**
2579 * tty_get_icount - get tty statistics
2580 * @tty: tty device
2581 * @icount: output parameter
2582 *
2583 * Gets a copy of the @tty's icount statistics.
2584 *
2585 * Locking: none (up to the driver)
2586 */
tty_get_icount(struct tty_struct * tty,struct serial_icounter_struct * icount)2587 int tty_get_icount(struct tty_struct *tty,
2588 struct serial_icounter_struct *icount)
2589 {
2590 memset(icount, 0, sizeof(*icount));
2591
2592 if (tty->ops->get_icount)
2593 return tty->ops->get_icount(tty, icount);
2594 else
2595 return -ENOTTY;
2596 }
2597 EXPORT_SYMBOL_GPL(tty_get_icount);
2598
tty_tiocgicount(struct tty_struct * tty,void __user * arg)2599 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2600 {
2601 struct serial_icounter_struct icount;
2602 int retval;
2603
2604 retval = tty_get_icount(tty, &icount);
2605 if (retval != 0)
2606 return retval;
2607
2608 if (copy_to_user(arg, &icount, sizeof(icount)))
2609 return -EFAULT;
2610 return 0;
2611 }
2612
tty_set_serial(struct tty_struct * tty,struct serial_struct * ss)2613 static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2614 {
2615 int flags;
2616
2617 flags = ss->flags & ASYNC_DEPRECATED;
2618
2619 if (flags)
2620 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2621 __func__, current->comm, flags);
2622
2623 if (!tty->ops->set_serial)
2624 return -ENOTTY;
2625
2626 return tty->ops->set_serial(tty, ss);
2627 }
2628
tty_tiocsserial(struct tty_struct * tty,struct serial_struct __user * ss)2629 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2630 {
2631 struct serial_struct v;
2632
2633 if (copy_from_user(&v, ss, sizeof(*ss)))
2634 return -EFAULT;
2635
2636 return tty_set_serial(tty, &v);
2637 }
2638
tty_tiocgserial(struct tty_struct * tty,struct serial_struct __user * ss)2639 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2640 {
2641 struct serial_struct v;
2642 int err;
2643
2644 memset(&v, 0, sizeof(v));
2645 if (!tty->ops->get_serial)
2646 return -ENOTTY;
2647 err = tty->ops->get_serial(tty, &v);
2648 if (!err && copy_to_user(ss, &v, sizeof(v)))
2649 err = -EFAULT;
2650 return err;
2651 }
2652
2653 /*
2654 * if pty, return the slave side (real_tty)
2655 * otherwise, return self
2656 */
tty_pair_get_tty(struct tty_struct * tty)2657 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2658 {
2659 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2660 tty->driver->subtype == PTY_TYPE_MASTER)
2661 tty = tty->link;
2662 return tty;
2663 }
2664
2665 /*
2666 * Split this up, as gcc can choke on it otherwise..
2667 */
tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2668 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2669 {
2670 struct tty_struct *tty = file_tty(file);
2671 struct tty_struct *real_tty;
2672 void __user *p = (void __user *)arg;
2673 int retval;
2674 struct tty_ldisc *ld;
2675
2676 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2677 return -EINVAL;
2678
2679 real_tty = tty_pair_get_tty(tty);
2680
2681 /*
2682 * Factor out some common prep work
2683 */
2684 switch (cmd) {
2685 case TIOCSETD:
2686 case TIOCSBRK:
2687 case TIOCCBRK:
2688 case TCSBRK:
2689 case TCSBRKP:
2690 retval = tty_check_change(tty);
2691 if (retval)
2692 return retval;
2693 if (cmd != TIOCCBRK) {
2694 tty_wait_until_sent(tty, 0);
2695 if (signal_pending(current))
2696 return -EINTR;
2697 }
2698 break;
2699 }
2700
2701 /*
2702 * Now do the stuff.
2703 */
2704 switch (cmd) {
2705 case TIOCSTI:
2706 return tiocsti(tty, p);
2707 case TIOCGWINSZ:
2708 return tiocgwinsz(real_tty, p);
2709 case TIOCSWINSZ:
2710 return tiocswinsz(real_tty, p);
2711 case TIOCCONS:
2712 return real_tty != tty ? -EINVAL : tioccons(file);
2713 case TIOCEXCL:
2714 set_bit(TTY_EXCLUSIVE, &tty->flags);
2715 return 0;
2716 case TIOCNXCL:
2717 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2718 return 0;
2719 case TIOCGEXCL:
2720 {
2721 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2722
2723 return put_user(excl, (int __user *)p);
2724 }
2725 case TIOCGETD:
2726 return tiocgetd(tty, p);
2727 case TIOCSETD:
2728 return tiocsetd(tty, p);
2729 case TIOCVHANGUP:
2730 if (!capable(CAP_SYS_ADMIN))
2731 return -EPERM;
2732 tty_vhangup(tty);
2733 return 0;
2734 case TIOCGDEV:
2735 {
2736 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2737
2738 return put_user(ret, (unsigned int __user *)p);
2739 }
2740 /*
2741 * Break handling
2742 */
2743 case TIOCSBRK: /* Turn break on, unconditionally */
2744 if (tty->ops->break_ctl)
2745 return tty->ops->break_ctl(tty, -1);
2746 return 0;
2747 case TIOCCBRK: /* Turn break off, unconditionally */
2748 if (tty->ops->break_ctl)
2749 return tty->ops->break_ctl(tty, 0);
2750 return 0;
2751 case TCSBRK: /* SVID version: non-zero arg --> no break */
2752 /* non-zero arg means wait for all output data
2753 * to be sent (performed above) but don't send break.
2754 * This is used by the tcdrain() termios function.
2755 */
2756 if (!arg)
2757 return send_break(tty, 250);
2758 return 0;
2759 case TCSBRKP: /* support for POSIX tcsendbreak() */
2760 return send_break(tty, arg ? arg*100 : 250);
2761
2762 case TIOCMGET:
2763 return tty_tiocmget(tty, p);
2764 case TIOCMSET:
2765 case TIOCMBIC:
2766 case TIOCMBIS:
2767 return tty_tiocmset(tty, cmd, p);
2768 case TIOCGICOUNT:
2769 return tty_tiocgicount(tty, p);
2770 case TCFLSH:
2771 switch (arg) {
2772 case TCIFLUSH:
2773 case TCIOFLUSH:
2774 /* flush tty buffer and allow ldisc to process ioctl */
2775 tty_buffer_flush(tty, NULL);
2776 break;
2777 }
2778 break;
2779 case TIOCSSERIAL:
2780 return tty_tiocsserial(tty, p);
2781 case TIOCGSERIAL:
2782 return tty_tiocgserial(tty, p);
2783 case TIOCGPTPEER:
2784 /* Special because the struct file is needed */
2785 return ptm_open_peer(file, tty, (int)arg);
2786 default:
2787 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2788 if (retval != -ENOIOCTLCMD)
2789 return retval;
2790 }
2791 if (tty->ops->ioctl) {
2792 retval = tty->ops->ioctl(tty, cmd, arg);
2793 if (retval != -ENOIOCTLCMD)
2794 return retval;
2795 }
2796 ld = tty_ldisc_ref_wait(tty);
2797 if (!ld)
2798 return hung_up_tty_ioctl(file, cmd, arg);
2799 retval = -EINVAL;
2800 if (ld->ops->ioctl) {
2801 retval = ld->ops->ioctl(tty, cmd, arg);
2802 if (retval == -ENOIOCTLCMD)
2803 retval = -ENOTTY;
2804 }
2805 tty_ldisc_deref(ld);
2806 return retval;
2807 }
2808
2809 #ifdef CONFIG_COMPAT
2810
2811 struct serial_struct32 {
2812 compat_int_t type;
2813 compat_int_t line;
2814 compat_uint_t port;
2815 compat_int_t irq;
2816 compat_int_t flags;
2817 compat_int_t xmit_fifo_size;
2818 compat_int_t custom_divisor;
2819 compat_int_t baud_base;
2820 unsigned short close_delay;
2821 char io_type;
2822 char reserved_char;
2823 compat_int_t hub6;
2824 unsigned short closing_wait; /* time to wait before closing */
2825 unsigned short closing_wait2; /* no longer used... */
2826 compat_uint_t iomem_base;
2827 unsigned short iomem_reg_shift;
2828 unsigned int port_high;
2829 /* compat_ulong_t iomap_base FIXME */
2830 compat_int_t reserved;
2831 };
2832
compat_tty_tiocsserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2833 static int compat_tty_tiocsserial(struct tty_struct *tty,
2834 struct serial_struct32 __user *ss)
2835 {
2836 struct serial_struct32 v32;
2837 struct serial_struct v;
2838
2839 if (copy_from_user(&v32, ss, sizeof(*ss)))
2840 return -EFAULT;
2841
2842 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2843 v.iomem_base = compat_ptr(v32.iomem_base);
2844 v.iomem_reg_shift = v32.iomem_reg_shift;
2845 v.port_high = v32.port_high;
2846 v.iomap_base = 0;
2847
2848 return tty_set_serial(tty, &v);
2849 }
2850
compat_tty_tiocgserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2851 static int compat_tty_tiocgserial(struct tty_struct *tty,
2852 struct serial_struct32 __user *ss)
2853 {
2854 struct serial_struct32 v32;
2855 struct serial_struct v;
2856 int err;
2857
2858 memset(&v, 0, sizeof(v));
2859 memset(&v32, 0, sizeof(v32));
2860
2861 if (!tty->ops->get_serial)
2862 return -ENOTTY;
2863 err = tty->ops->get_serial(tty, &v);
2864 if (!err) {
2865 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2866 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2867 0xfffffff : ptr_to_compat(v.iomem_base);
2868 v32.iomem_reg_shift = v.iomem_reg_shift;
2869 v32.port_high = v.port_high;
2870 if (copy_to_user(ss, &v32, sizeof(v32)))
2871 err = -EFAULT;
2872 }
2873 return err;
2874 }
tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2875 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2876 unsigned long arg)
2877 {
2878 struct tty_struct *tty = file_tty(file);
2879 struct tty_ldisc *ld;
2880 int retval = -ENOIOCTLCMD;
2881
2882 switch (cmd) {
2883 case TIOCOUTQ:
2884 case TIOCSTI:
2885 case TIOCGWINSZ:
2886 case TIOCSWINSZ:
2887 case TIOCGEXCL:
2888 case TIOCGETD:
2889 case TIOCSETD:
2890 case TIOCGDEV:
2891 case TIOCMGET:
2892 case TIOCMSET:
2893 case TIOCMBIC:
2894 case TIOCMBIS:
2895 case TIOCGICOUNT:
2896 case TIOCGPGRP:
2897 case TIOCSPGRP:
2898 case TIOCGSID:
2899 case TIOCSERGETLSR:
2900 case TIOCGRS485:
2901 case TIOCSRS485:
2902 #ifdef TIOCGETP
2903 case TIOCGETP:
2904 case TIOCSETP:
2905 case TIOCSETN:
2906 #endif
2907 #ifdef TIOCGETC
2908 case TIOCGETC:
2909 case TIOCSETC:
2910 #endif
2911 #ifdef TIOCGLTC
2912 case TIOCGLTC:
2913 case TIOCSLTC:
2914 #endif
2915 case TCSETSF:
2916 case TCSETSW:
2917 case TCSETS:
2918 case TCGETS:
2919 #ifdef TCGETS2
2920 case TCGETS2:
2921 case TCSETSF2:
2922 case TCSETSW2:
2923 case TCSETS2:
2924 #endif
2925 case TCGETA:
2926 case TCSETAF:
2927 case TCSETAW:
2928 case TCSETA:
2929 case TIOCGLCKTRMIOS:
2930 case TIOCSLCKTRMIOS:
2931 #ifdef TCGETX
2932 case TCGETX:
2933 case TCSETX:
2934 case TCSETXW:
2935 case TCSETXF:
2936 #endif
2937 case TIOCGSOFTCAR:
2938 case TIOCSSOFTCAR:
2939
2940 case PPPIOCGCHAN:
2941 case PPPIOCGUNIT:
2942 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2943 case TIOCCONS:
2944 case TIOCEXCL:
2945 case TIOCNXCL:
2946 case TIOCVHANGUP:
2947 case TIOCSBRK:
2948 case TIOCCBRK:
2949 case TCSBRK:
2950 case TCSBRKP:
2951 case TCFLSH:
2952 case TIOCGPTPEER:
2953 case TIOCNOTTY:
2954 case TIOCSCTTY:
2955 case TCXONC:
2956 case TIOCMIWAIT:
2957 case TIOCSERCONFIG:
2958 return tty_ioctl(file, cmd, arg);
2959 }
2960
2961 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2962 return -EINVAL;
2963
2964 switch (cmd) {
2965 case TIOCSSERIAL:
2966 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2967 case TIOCGSERIAL:
2968 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2969 }
2970 if (tty->ops->compat_ioctl) {
2971 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2972 if (retval != -ENOIOCTLCMD)
2973 return retval;
2974 }
2975
2976 ld = tty_ldisc_ref_wait(tty);
2977 if (!ld)
2978 return hung_up_tty_compat_ioctl(file, cmd, arg);
2979 if (ld->ops->compat_ioctl)
2980 retval = ld->ops->compat_ioctl(tty, cmd, arg);
2981 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2982 retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2983 arg);
2984 tty_ldisc_deref(ld);
2985
2986 return retval;
2987 }
2988 #endif
2989
this_tty(const void * t,struct file * file,unsigned fd)2990 static int this_tty(const void *t, struct file *file, unsigned fd)
2991 {
2992 if (likely(file->f_op->read_iter != tty_read))
2993 return 0;
2994 return file_tty(file) != t ? 0 : fd + 1;
2995 }
2996
2997 /*
2998 * This implements the "Secure Attention Key" --- the idea is to
2999 * prevent trojan horses by killing all processes associated with this
3000 * tty when the user hits the "Secure Attention Key". Required for
3001 * super-paranoid applications --- see the Orange Book for more details.
3002 *
3003 * This code could be nicer; ideally it should send a HUP, wait a few
3004 * seconds, then send a INT, and then a KILL signal. But you then
3005 * have to coordinate with the init process, since all processes associated
3006 * with the current tty must be dead before the new getty is allowed
3007 * to spawn.
3008 *
3009 * Now, if it would be correct ;-/ The current code has a nasty hole -
3010 * it doesn't catch files in flight. We may send the descriptor to ourselves
3011 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3012 *
3013 * Nasty bug: do_SAK is being called in interrupt context. This can
3014 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3015 */
__do_SAK(struct tty_struct * tty)3016 void __do_SAK(struct tty_struct *tty)
3017 {
3018 struct task_struct *g, *p;
3019 struct pid *session;
3020 int i;
3021
3022 scoped_guard(spinlock_irqsave, &tty->ctrl.lock)
3023 session = get_pid(tty->ctrl.session);
3024
3025 tty_ldisc_flush(tty);
3026
3027 tty_driver_flush_buffer(tty);
3028
3029 read_lock(&tasklist_lock);
3030 /* Kill the entire session */
3031 do_each_pid_task(session, PIDTYPE_SID, p) {
3032 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3033 task_pid_nr(p), p->comm);
3034 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3035 } while_each_pid_task(session, PIDTYPE_SID, p);
3036
3037 /* Now kill any processes that happen to have the tty open */
3038 for_each_process_thread(g, p) {
3039 if (p->signal->tty == tty) {
3040 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3041 task_pid_nr(p), p->comm);
3042 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3043 PIDTYPE_SID);
3044 continue;
3045 }
3046 guard(task_lock)(p);
3047 i = iterate_fd(p->files, 0, this_tty, tty);
3048 if (i != 0) {
3049 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3050 task_pid_nr(p), p->comm, i - 1);
3051 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3052 PIDTYPE_SID);
3053 }
3054 }
3055 read_unlock(&tasklist_lock);
3056 put_pid(session);
3057 }
3058
do_SAK_work(struct work_struct * work)3059 static void do_SAK_work(struct work_struct *work)
3060 {
3061 struct tty_struct *tty =
3062 container_of(work, struct tty_struct, SAK_work);
3063 __do_SAK(tty);
3064 }
3065
3066 /*
3067 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3068 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3069 * the values which we write to it will be identical to the values which it
3070 * already has. --akpm
3071 */
do_SAK(struct tty_struct * tty)3072 void do_SAK(struct tty_struct *tty)
3073 {
3074 if (!tty)
3075 return;
3076 schedule_work(&tty->SAK_work);
3077 }
3078 EXPORT_SYMBOL(do_SAK);
3079
3080 /* Must put_device() after it's unused! */
tty_get_device(struct tty_struct * tty)3081 static struct device *tty_get_device(struct tty_struct *tty)
3082 {
3083 dev_t devt = tty_devnum(tty);
3084
3085 return class_find_device_by_devt(&tty_class, devt);
3086 }
3087
3088
3089 /**
3090 * alloc_tty_struct - allocate a new tty
3091 * @driver: driver which will handle the returned tty
3092 * @idx: minor of the tty
3093 *
3094 * This subroutine allocates and initializes a tty structure.
3095 *
3096 * Locking: none - @tty in question is not exposed at this point
3097 */
alloc_tty_struct(struct tty_driver * driver,int idx)3098 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3099 {
3100 struct tty_struct *tty;
3101
3102 tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3103 if (!tty)
3104 return NULL;
3105
3106 kref_init(&tty->kref);
3107 if (tty_ldisc_init(tty)) {
3108 kfree(tty);
3109 return NULL;
3110 }
3111 tty->ctrl.session = NULL;
3112 tty->ctrl.pgrp = NULL;
3113 mutex_init(&tty->legacy_mutex);
3114 mutex_init(&tty->throttle_mutex);
3115 init_rwsem(&tty->termios_rwsem);
3116 mutex_init(&tty->winsize_mutex);
3117 init_ldsem(&tty->ldisc_sem);
3118 init_waitqueue_head(&tty->write_wait);
3119 init_waitqueue_head(&tty->read_wait);
3120 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3121 mutex_init(&tty->atomic_write_lock);
3122 spin_lock_init(&tty->ctrl.lock);
3123 spin_lock_init(&tty->flow.lock);
3124 spin_lock_init(&tty->files_lock);
3125 INIT_LIST_HEAD(&tty->tty_files);
3126 INIT_WORK(&tty->SAK_work, do_SAK_work);
3127
3128 tty->driver = driver;
3129 tty->ops = driver->ops;
3130 tty->index = idx;
3131 tty_line_name(driver, idx, tty->name);
3132 tty->dev = tty_get_device(tty);
3133
3134 return tty;
3135 }
3136
3137 /**
3138 * tty_put_char - write one character to a tty
3139 * @tty: tty
3140 * @ch: character to write
3141 *
3142 * Write one byte to the @tty using the provided @tty->ops->put_char() method
3143 * if present.
3144 *
3145 * Note: the specific put_char operation in the driver layer may go
3146 * away soon. Don't call it directly, use this method
3147 *
3148 * Return: the number of characters successfully output.
3149 */
tty_put_char(struct tty_struct * tty,u8 ch)3150 int tty_put_char(struct tty_struct *tty, u8 ch)
3151 {
3152 if (tty->ops->put_char)
3153 return tty->ops->put_char(tty, ch);
3154 return tty->ops->write(tty, &ch, 1);
3155 }
3156 EXPORT_SYMBOL_GPL(tty_put_char);
3157
tty_cdev_add(struct tty_driver * driver,dev_t dev,unsigned int index,unsigned int count)3158 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3159 unsigned int index, unsigned int count)
3160 {
3161 int err;
3162
3163 /* init here, since reused cdevs cause crashes */
3164 driver->cdevs[index] = cdev_alloc();
3165 if (!driver->cdevs[index])
3166 return -ENOMEM;
3167 driver->cdevs[index]->ops = &tty_fops;
3168 driver->cdevs[index]->owner = driver->owner;
3169 err = cdev_add(driver->cdevs[index], dev, count);
3170 if (err)
3171 kobject_put(&driver->cdevs[index]->kobj);
3172 return err;
3173 }
3174
3175 /**
3176 * tty_register_device - register a tty device
3177 * @driver: the tty driver that describes the tty device
3178 * @index: the index in the tty driver for this tty device
3179 * @device: a struct device that is associated with this tty device.
3180 * This field is optional, if there is no known struct device
3181 * for this tty device it can be set to NULL safely.
3182 *
3183 * This call is required to be made to register an individual tty device
3184 * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3185 * that bit is not set, this function should not be called by a tty
3186 * driver.
3187 *
3188 * Locking: ??
3189 *
3190 * Return: A pointer to the struct device for this tty device (or
3191 * ERR_PTR(-EFOO) on error).
3192 */
tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)3193 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3194 struct device *device)
3195 {
3196 return tty_register_device_attr(driver, index, device, NULL, NULL);
3197 }
3198 EXPORT_SYMBOL(tty_register_device);
3199
tty_device_create_release(struct device * dev)3200 static void tty_device_create_release(struct device *dev)
3201 {
3202 dev_dbg(dev, "releasing...\n");
3203 kfree(dev);
3204 }
3205
3206 /**
3207 * tty_register_device_attr - register a tty device
3208 * @driver: the tty driver that describes the tty device
3209 * @index: the index in the tty driver for this tty device
3210 * @device: a struct device that is associated with this tty device.
3211 * This field is optional, if there is no known struct device
3212 * for this tty device it can be set to %NULL safely.
3213 * @drvdata: Driver data to be set to device.
3214 * @attr_grp: Attribute group to be set on device.
3215 *
3216 * This call is required to be made to register an individual tty device if the
3217 * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3218 * not set, this function should not be called by a tty driver.
3219 *
3220 * Locking: ??
3221 *
3222 * Return: A pointer to the struct device for this tty device (or
3223 * ERR_PTR(-EFOO) on error).
3224 */
tty_register_device_attr(struct tty_driver * driver,unsigned index,struct device * device,void * drvdata,const struct attribute_group ** attr_grp)3225 struct device *tty_register_device_attr(struct tty_driver *driver,
3226 unsigned index, struct device *device,
3227 void *drvdata,
3228 const struct attribute_group **attr_grp)
3229 {
3230 char name[64];
3231 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3232 struct ktermios *tp;
3233 struct device *dev;
3234 int retval;
3235
3236 if (index >= driver->num) {
3237 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3238 driver->name, index);
3239 return ERR_PTR(-EINVAL);
3240 }
3241
3242 if (driver->type == TTY_DRIVER_TYPE_PTY)
3243 pty_line_name(driver, index, name);
3244 else
3245 tty_line_name(driver, index, name);
3246
3247 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3248 if (!dev)
3249 return ERR_PTR(-ENOMEM);
3250
3251 dev->devt = devt;
3252 dev->class = &tty_class;
3253 dev->parent = device;
3254 dev->release = tty_device_create_release;
3255 dev_set_name(dev, "%s", name);
3256 dev->groups = attr_grp;
3257 dev_set_drvdata(dev, drvdata);
3258
3259 dev_set_uevent_suppress(dev, 1);
3260
3261 retval = device_register(dev);
3262 if (retval)
3263 goto err_put;
3264
3265 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3266 /*
3267 * Free any saved termios data so that the termios state is
3268 * reset when reusing a minor number.
3269 */
3270 tp = driver->termios[index];
3271 if (tp) {
3272 driver->termios[index] = NULL;
3273 kfree(tp);
3274 }
3275
3276 retval = tty_cdev_add(driver, devt, index, 1);
3277 if (retval)
3278 goto err_del;
3279 }
3280
3281 dev_set_uevent_suppress(dev, 0);
3282 kobject_uevent(&dev->kobj, KOBJ_ADD);
3283
3284 return dev;
3285
3286 err_del:
3287 device_del(dev);
3288 err_put:
3289 put_device(dev);
3290
3291 return ERR_PTR(retval);
3292 }
3293 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3294
3295 /**
3296 * tty_unregister_device - unregister a tty device
3297 * @driver: the tty driver that describes the tty device
3298 * @index: the index in the tty driver for this tty device
3299 *
3300 * If a tty device is registered with a call to tty_register_device() then
3301 * this function must be called when the tty device is gone.
3302 *
3303 * Locking: ??
3304 */
tty_unregister_device(struct tty_driver * driver,unsigned index)3305 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3306 {
3307 device_destroy(&tty_class, MKDEV(driver->major, driver->minor_start) + index);
3308 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3309 cdev_del(driver->cdevs[index]);
3310 driver->cdevs[index] = NULL;
3311 }
3312 }
3313 EXPORT_SYMBOL(tty_unregister_device);
3314
3315 /**
3316 * __tty_alloc_driver - allocate tty driver
3317 * @lines: count of lines this driver can handle at most
3318 * @owner: module which is responsible for this driver
3319 * @flags: some of enum tty_driver_flag, will be set in driver->flags
3320 *
3321 * This should not be called directly, tty_alloc_driver() should be used
3322 * instead.
3323 *
3324 * Returns: struct tty_driver or a PTR-encoded error (use IS_ERR() and friends).
3325 */
__tty_alloc_driver(unsigned int lines,struct module * owner,unsigned long flags)3326 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3327 unsigned long flags)
3328 {
3329 struct tty_driver *driver;
3330 unsigned int cdevs = 1;
3331 int err;
3332
3333 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3334 return ERR_PTR(-EINVAL);
3335
3336 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3337 if (!driver)
3338 return ERR_PTR(-ENOMEM);
3339
3340 kref_init(&driver->kref);
3341 driver->num = lines;
3342 driver->owner = owner;
3343 driver->flags = flags;
3344
3345 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3346 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3347 GFP_KERNEL);
3348 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3349 GFP_KERNEL);
3350 if (!driver->ttys || !driver->termios) {
3351 err = -ENOMEM;
3352 goto err_free_all;
3353 }
3354 }
3355
3356 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3357 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3358 GFP_KERNEL);
3359 if (!driver->ports) {
3360 err = -ENOMEM;
3361 goto err_free_all;
3362 }
3363 cdevs = lines;
3364 }
3365
3366 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3367 if (!driver->cdevs) {
3368 err = -ENOMEM;
3369 goto err_free_all;
3370 }
3371
3372 return driver;
3373 err_free_all:
3374 kfree(driver->ports);
3375 kfree(driver->ttys);
3376 kfree(driver->termios);
3377 kfree(driver->cdevs);
3378 kfree(driver);
3379 return ERR_PTR(err);
3380 }
3381 EXPORT_SYMBOL(__tty_alloc_driver);
3382
destruct_tty_driver(struct kref * kref)3383 static void destruct_tty_driver(struct kref *kref)
3384 {
3385 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3386 int i;
3387 struct ktermios *tp;
3388
3389 if (driver->flags & TTY_DRIVER_INSTALLED) {
3390 for (i = 0; i < driver->num; i++) {
3391 tp = driver->termios[i];
3392 if (tp) {
3393 driver->termios[i] = NULL;
3394 kfree(tp);
3395 }
3396 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3397 tty_unregister_device(driver, i);
3398 }
3399 proc_tty_unregister_driver(driver);
3400 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3401 cdev_del(driver->cdevs[0]);
3402 }
3403 kfree(driver->cdevs);
3404 kfree(driver->ports);
3405 kfree(driver->termios);
3406 kfree(driver->ttys);
3407 kfree(driver);
3408 }
3409
3410 /**
3411 * tty_driver_kref_put - drop a reference to a tty driver
3412 * @driver: driver of which to drop the reference
3413 *
3414 * The final put will destroy and free up the driver.
3415 */
tty_driver_kref_put(struct tty_driver * driver)3416 void tty_driver_kref_put(struct tty_driver *driver)
3417 {
3418 kref_put(&driver->kref, destruct_tty_driver);
3419 }
3420 EXPORT_SYMBOL(tty_driver_kref_put);
3421
3422 /**
3423 * tty_register_driver - register a tty driver
3424 * @driver: driver to register
3425 *
3426 * Called by a tty driver to register itself.
3427 */
tty_register_driver(struct tty_driver * driver)3428 int tty_register_driver(struct tty_driver *driver)
3429 {
3430 int error;
3431 int i;
3432 dev_t dev;
3433 struct device *d;
3434
3435 if (!driver->major) {
3436 error = alloc_chrdev_region(&dev, driver->minor_start,
3437 driver->num, driver->name);
3438 if (!error) {
3439 driver->major = MAJOR(dev);
3440 driver->minor_start = MINOR(dev);
3441 }
3442 } else {
3443 dev = MKDEV(driver->major, driver->minor_start);
3444 error = register_chrdev_region(dev, driver->num, driver->name);
3445 }
3446 if (error < 0)
3447 goto err;
3448
3449 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3450 error = tty_cdev_add(driver, dev, 0, driver->num);
3451 if (error)
3452 goto err_unreg_char;
3453 }
3454
3455 scoped_guard(mutex, &tty_mutex)
3456 list_add(&driver->tty_drivers, &tty_drivers);
3457
3458 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3459 for (i = 0; i < driver->num; i++) {
3460 d = tty_register_device(driver, i, NULL);
3461 if (IS_ERR(d)) {
3462 error = PTR_ERR(d);
3463 goto err_unreg_devs;
3464 }
3465 }
3466 }
3467 proc_tty_register_driver(driver);
3468 driver->flags |= TTY_DRIVER_INSTALLED;
3469 return 0;
3470
3471 err_unreg_devs:
3472 for (i--; i >= 0; i--)
3473 tty_unregister_device(driver, i);
3474
3475 scoped_guard(mutex, &tty_mutex)
3476 list_del(&driver->tty_drivers);
3477
3478 err_unreg_char:
3479 unregister_chrdev_region(dev, driver->num);
3480 err:
3481 return error;
3482 }
3483 EXPORT_SYMBOL(tty_register_driver);
3484
3485 /**
3486 * tty_unregister_driver - unregister a tty driver
3487 * @driver: driver to unregister
3488 *
3489 * Called by a tty driver to unregister itself.
3490 */
tty_unregister_driver(struct tty_driver * driver)3491 void tty_unregister_driver(struct tty_driver *driver)
3492 {
3493 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3494 driver->num);
3495 scoped_guard(mutex, &tty_mutex)
3496 list_del(&driver->tty_drivers);
3497 }
3498 EXPORT_SYMBOL(tty_unregister_driver);
3499
tty_devnum(struct tty_struct * tty)3500 dev_t tty_devnum(struct tty_struct *tty)
3501 {
3502 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3503 }
3504 EXPORT_SYMBOL(tty_devnum);
3505
tty_default_fops(struct file_operations * fops)3506 void tty_default_fops(struct file_operations *fops)
3507 {
3508 *fops = tty_fops;
3509 }
3510
tty_devnode(const struct device * dev,umode_t * mode)3511 static char *tty_devnode(const struct device *dev, umode_t *mode)
3512 {
3513 if (!mode)
3514 return NULL;
3515 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3516 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3517 *mode = 0666;
3518 return NULL;
3519 }
3520
3521 const struct class tty_class = {
3522 .name = "tty",
3523 .devnode = tty_devnode,
3524 };
3525
tty_class_init(void)3526 static int __init tty_class_init(void)
3527 {
3528 return class_register(&tty_class);
3529 }
3530
3531 postcore_initcall(tty_class_init);
3532
3533 /* 3/2004 jmc: why do these devices exist? */
3534 static struct cdev tty_cdev, console_cdev;
3535
show_cons_active(struct device * dev,struct device_attribute * attr,char * buf)3536 static ssize_t show_cons_active(struct device *dev,
3537 struct device_attribute *attr, char *buf)
3538 {
3539 struct console *cs[16];
3540 int i = 0;
3541 struct console *c;
3542 ssize_t count = 0;
3543
3544 /*
3545 * Hold the console_list_lock to guarantee that no consoles are
3546 * unregistered until all console processing is complete.
3547 * This also allows safe traversal of the console list and
3548 * race-free reading of @flags.
3549 */
3550 console_list_lock();
3551
3552 for_each_console(c) {
3553 if (!c->device)
3554 continue;
3555 if (!(c->flags & CON_NBCON) && !c->write)
3556 continue;
3557 if ((c->flags & CON_ENABLED) == 0)
3558 continue;
3559 cs[i++] = c;
3560 if (i >= ARRAY_SIZE(cs))
3561 break;
3562 }
3563
3564 /*
3565 * Take console_lock to serialize device() callback with
3566 * other console operations. For example, fg_console is
3567 * modified under console_lock when switching vt.
3568 */
3569 console_lock();
3570 while (i--) {
3571 int index = cs[i]->index;
3572 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3573
3574 /* don't resolve tty0 as some programs depend on it */
3575 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3576 count += tty_line_name(drv, index, buf + count);
3577 else
3578 count += sprintf(buf + count, "%s%d",
3579 cs[i]->name, cs[i]->index);
3580
3581 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3582 }
3583 console_unlock();
3584
3585 console_list_unlock();
3586
3587 return count;
3588 }
3589 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3590
3591 static struct attribute *cons_dev_attrs[] = {
3592 &dev_attr_active.attr,
3593 NULL
3594 };
3595
3596 ATTRIBUTE_GROUPS(cons_dev);
3597
3598 static struct device *consdev;
3599
console_sysfs_notify(void)3600 void console_sysfs_notify(void)
3601 {
3602 if (consdev)
3603 sysfs_notify(&consdev->kobj, NULL, "active");
3604 }
3605
3606 static const struct ctl_table tty_table[] = {
3607 {
3608 .procname = "legacy_tiocsti",
3609 .data = &tty_legacy_tiocsti,
3610 .maxlen = sizeof(tty_legacy_tiocsti),
3611 .mode = 0644,
3612 .proc_handler = proc_dobool,
3613 },
3614 {
3615 .procname = "ldisc_autoload",
3616 .data = &tty_ldisc_autoload,
3617 .maxlen = sizeof(tty_ldisc_autoload),
3618 .mode = 0644,
3619 .proc_handler = proc_dointvec_minmax,
3620 .extra1 = SYSCTL_ZERO,
3621 .extra2 = SYSCTL_ONE,
3622 },
3623 };
3624
3625 /*
3626 * Ok, now we can initialize the rest of the tty devices and can count
3627 * on memory allocations, interrupts etc..
3628 */
tty_init(void)3629 int __init tty_init(void)
3630 {
3631 register_sysctl_init("dev/tty", tty_table);
3632 cdev_init(&tty_cdev, &tty_fops);
3633 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3634 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3635 panic("Couldn't register /dev/tty driver\n");
3636 device_create(&tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3637
3638 cdev_init(&console_cdev, &console_fops);
3639 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3640 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3641 panic("Couldn't register /dev/console driver\n");
3642 consdev = device_create_with_groups(&tty_class, NULL,
3643 MKDEV(TTYAUX_MAJOR, 1), NULL,
3644 cons_dev_groups, "console");
3645 if (IS_ERR(consdev))
3646 consdev = NULL;
3647
3648 #ifdef CONFIG_VT
3649 vty_init(&console_fops);
3650 #endif
3651 return 0;
3652 }
3653