1 /* 2 * Copyright (C) 1991, 1992 Linus Torvalds 3 */ 4 5 /* 6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 7 * or rs-channels. It also implements echoing, cooked mode etc. 8 * 9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 10 * 11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 12 * tty_struct and tty_queue structures. Previously there was an array 13 * of 256 tty_struct's which was statically allocated, and the 14 * tty_queue structures were allocated at boot time. Both are now 15 * dynamically allocated only when the tty is open. 16 * 17 * Also restructured routines so that there is more of a separation 18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 19 * the low-level tty routines (serial.c, pty.c, console.c). This 20 * makes for cleaner and more compact code. -TYT, 9/17/92 21 * 22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 23 * which can be dynamically activated and de-activated by the line 24 * discipline handling modules (like SLIP). 25 * 26 * NOTE: pay no attention to the line discipline code (yet); its 27 * interface is still subject to change in this version... 28 * -- TYT, 1/31/92 29 * 30 * Added functionality to the OPOST tty handling. No delays, but all 31 * other bits should be there. 32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 33 * 34 * Rewrote canonical mode and added more termios flags. 35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 36 * 37 * Reorganized FASYNC support so mouse code can share it. 38 * -- ctm@ardi.com, 9Sep95 39 * 40 * New TIOCLINUX variants added. 41 * -- mj@k332.feld.cvut.cz, 19-Nov-95 42 * 43 * Restrict vt switching via ioctl() 44 * -- grif@cs.ucr.edu, 5-Dec-95 45 * 46 * Move console and virtual terminal code to more appropriate files, 47 * implement CONFIG_VT and generalize console device interface. 48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 49 * 50 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 51 * -- Bill Hawes <whawes@star.net>, June 97 52 * 53 * Added devfs support. 54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 55 * 56 * Added support for a Unix98-style ptmx device. 57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 58 * 59 * Reduced memory usage for older ARM systems 60 * -- Russell King <rmk@arm.linux.org.uk> 61 * 62 * Move do_SAK() into process context. Less stack use in devfs functions. 63 * alloc_tty_struct() always uses kmalloc() 64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 65 */ 66 67 #include <linux/types.h> 68 #include <linux/major.h> 69 #include <linux/errno.h> 70 #include <linux/signal.h> 71 #include <linux/fcntl.h> 72 #include <linux/sched.h> 73 #include <linux/interrupt.h> 74 #include <linux/tty.h> 75 #include <linux/tty_driver.h> 76 #include <linux/tty_flip.h> 77 #include <linux/devpts_fs.h> 78 #include <linux/file.h> 79 #include <linux/fdtable.h> 80 #include <linux/console.h> 81 #include <linux/timer.h> 82 #include <linux/ctype.h> 83 #include <linux/kd.h> 84 #include <linux/mm.h> 85 #include <linux/string.h> 86 #include <linux/slab.h> 87 #include <linux/poll.h> 88 #include <linux/proc_fs.h> 89 #include <linux/init.h> 90 #include <linux/module.h> 91 #include <linux/device.h> 92 #include <linux/wait.h> 93 #include <linux/bitops.h> 94 #include <linux/delay.h> 95 #include <linux/seq_file.h> 96 #include <linux/serial.h> 97 #include <linux/ratelimit.h> 98 99 #include <linux/uaccess.h> 100 101 #include <linux/kbd_kern.h> 102 #include <linux/vt_kern.h> 103 #include <linux/selection.h> 104 105 #include <linux/kmod.h> 106 #include <linux/nsproxy.h> 107 108 #undef TTY_DEBUG_HANGUP 109 110 #define TTY_PARANOIA_CHECK 1 111 #define CHECK_TTY_COUNT 1 112 113 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 114 .c_iflag = ICRNL | IXON, 115 .c_oflag = OPOST | ONLCR, 116 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 118 ECHOCTL | ECHOKE | IEXTEN, 119 .c_cc = INIT_C_CC, 120 .c_ispeed = 38400, 121 .c_ospeed = 38400 122 }; 123 124 EXPORT_SYMBOL(tty_std_termios); 125 126 /* This list gets poked at by procfs and various bits of boot up code. This 127 could do with some rationalisation such as pulling the tty proc function 128 into this file */ 129 130 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 131 132 /* Mutex to protect creating and releasing a tty. This is shared with 133 vt.c for deeply disgusting hack reasons */ 134 DEFINE_MUTEX(tty_mutex); 135 EXPORT_SYMBOL(tty_mutex); 136 137 /* Spinlock to protect the tty->tty_files list */ 138 DEFINE_SPINLOCK(tty_files_lock); 139 140 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 141 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); 142 ssize_t redirected_tty_write(struct file *, const char __user *, 143 size_t, loff_t *); 144 static unsigned int tty_poll(struct file *, poll_table *); 145 static int tty_open(struct inode *, struct file *); 146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 147 #ifdef CONFIG_COMPAT 148 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 149 unsigned long arg); 150 #else 151 #define tty_compat_ioctl NULL 152 #endif 153 static int __tty_fasync(int fd, struct file *filp, int on); 154 static int tty_fasync(int fd, struct file *filp, int on); 155 static void release_tty(struct tty_struct *tty, int idx); 156 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty); 157 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty); 158 159 /** 160 * alloc_tty_struct - allocate a tty object 161 * 162 * Return a new empty tty structure. The data fields have not 163 * been initialized in any way but has been zeroed 164 * 165 * Locking: none 166 */ 167 168 struct tty_struct *alloc_tty_struct(void) 169 { 170 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL); 171 } 172 173 /** 174 * free_tty_struct - free a disused tty 175 * @tty: tty struct to free 176 * 177 * Free the write buffers, tty queue and tty memory itself. 178 * 179 * Locking: none. Must be called after tty is definitely unused 180 */ 181 182 void free_tty_struct(struct tty_struct *tty) 183 { 184 if (!tty) 185 return; 186 if (tty->dev) 187 put_device(tty->dev); 188 kfree(tty->write_buf); 189 tty->magic = 0xDEADDEAD; 190 kfree(tty); 191 } 192 193 static inline struct tty_struct *file_tty(struct file *file) 194 { 195 return ((struct tty_file_private *)file->private_data)->tty; 196 } 197 198 int tty_alloc_file(struct file *file) 199 { 200 struct tty_file_private *priv; 201 202 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 203 if (!priv) 204 return -ENOMEM; 205 206 file->private_data = priv; 207 208 return 0; 209 } 210 211 /* Associate a new file with the tty structure */ 212 void tty_add_file(struct tty_struct *tty, struct file *file) 213 { 214 struct tty_file_private *priv = file->private_data; 215 216 priv->tty = tty; 217 priv->file = file; 218 219 spin_lock(&tty_files_lock); 220 list_add(&priv->list, &tty->tty_files); 221 spin_unlock(&tty_files_lock); 222 } 223 224 /** 225 * tty_free_file - free file->private_data 226 * 227 * This shall be used only for fail path handling when tty_add_file was not 228 * called yet. 229 */ 230 void tty_free_file(struct file *file) 231 { 232 struct tty_file_private *priv = file->private_data; 233 234 file->private_data = NULL; 235 kfree(priv); 236 } 237 238 /* Delete file from its tty */ 239 void tty_del_file(struct file *file) 240 { 241 struct tty_file_private *priv = file->private_data; 242 243 spin_lock(&tty_files_lock); 244 list_del(&priv->list); 245 spin_unlock(&tty_files_lock); 246 tty_free_file(file); 247 } 248 249 250 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base) 251 252 /** 253 * tty_name - return tty naming 254 * @tty: tty structure 255 * @buf: buffer for output 256 * 257 * Convert a tty structure into a name. The name reflects the kernel 258 * naming policy and if udev is in use may not reflect user space 259 * 260 * Locking: none 261 */ 262 263 char *tty_name(struct tty_struct *tty, char *buf) 264 { 265 if (!tty) /* Hmm. NULL pointer. That's fun. */ 266 strcpy(buf, "NULL tty"); 267 else 268 strcpy(buf, tty->name); 269 return buf; 270 } 271 272 EXPORT_SYMBOL(tty_name); 273 274 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 275 const char *routine) 276 { 277 #ifdef TTY_PARANOIA_CHECK 278 if (!tty) { 279 printk(KERN_WARNING 280 "null TTY for (%d:%d) in %s\n", 281 imajor(inode), iminor(inode), routine); 282 return 1; 283 } 284 if (tty->magic != TTY_MAGIC) { 285 printk(KERN_WARNING 286 "bad magic number for tty struct (%d:%d) in %s\n", 287 imajor(inode), iminor(inode), routine); 288 return 1; 289 } 290 #endif 291 return 0; 292 } 293 294 static int check_tty_count(struct tty_struct *tty, const char *routine) 295 { 296 #ifdef CHECK_TTY_COUNT 297 struct list_head *p; 298 int count = 0; 299 300 spin_lock(&tty_files_lock); 301 list_for_each(p, &tty->tty_files) { 302 count++; 303 } 304 spin_unlock(&tty_files_lock); 305 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 306 tty->driver->subtype == PTY_TYPE_SLAVE && 307 tty->link && tty->link->count) 308 count++; 309 if (tty->count != count) { 310 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) " 311 "!= #fd's(%d) in %s\n", 312 tty->name, tty->count, count, routine); 313 return count; 314 } 315 #endif 316 return 0; 317 } 318 319 /** 320 * get_tty_driver - find device of a tty 321 * @dev_t: device identifier 322 * @index: returns the index of the tty 323 * 324 * This routine returns a tty driver structure, given a device number 325 * and also passes back the index number. 326 * 327 * Locking: caller must hold tty_mutex 328 */ 329 330 static struct tty_driver *get_tty_driver(dev_t device, int *index) 331 { 332 struct tty_driver *p; 333 334 list_for_each_entry(p, &tty_drivers, tty_drivers) { 335 dev_t base = MKDEV(p->major, p->minor_start); 336 if (device < base || device >= base + p->num) 337 continue; 338 *index = device - base; 339 return tty_driver_kref_get(p); 340 } 341 return NULL; 342 } 343 344 #ifdef CONFIG_CONSOLE_POLL 345 346 /** 347 * tty_find_polling_driver - find device of a polled tty 348 * @name: name string to match 349 * @line: pointer to resulting tty line nr 350 * 351 * This routine returns a tty driver structure, given a name 352 * and the condition that the tty driver is capable of polled 353 * operation. 354 */ 355 struct tty_driver *tty_find_polling_driver(char *name, int *line) 356 { 357 struct tty_driver *p, *res = NULL; 358 int tty_line = 0; 359 int len; 360 char *str, *stp; 361 362 for (str = name; *str; str++) 363 if ((*str >= '0' && *str <= '9') || *str == ',') 364 break; 365 if (!*str) 366 return NULL; 367 368 len = str - name; 369 tty_line = simple_strtoul(str, &str, 10); 370 371 mutex_lock(&tty_mutex); 372 /* Search through the tty devices to look for a match */ 373 list_for_each_entry(p, &tty_drivers, tty_drivers) { 374 if (strncmp(name, p->name, len) != 0) 375 continue; 376 stp = str; 377 if (*stp == ',') 378 stp++; 379 if (*stp == '\0') 380 stp = NULL; 381 382 if (tty_line >= 0 && tty_line < p->num && p->ops && 383 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 384 res = tty_driver_kref_get(p); 385 *line = tty_line; 386 break; 387 } 388 } 389 mutex_unlock(&tty_mutex); 390 391 return res; 392 } 393 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 394 #endif 395 396 /** 397 * tty_check_change - check for POSIX terminal changes 398 * @tty: tty to check 399 * 400 * If we try to write to, or set the state of, a terminal and we're 401 * not in the foreground, send a SIGTTOU. If the signal is blocked or 402 * ignored, go ahead and perform the operation. (POSIX 7.2) 403 * 404 * Locking: ctrl_lock 405 */ 406 407 int tty_check_change(struct tty_struct *tty) 408 { 409 unsigned long flags; 410 int ret = 0; 411 412 if (current->signal->tty != tty) 413 return 0; 414 415 spin_lock_irqsave(&tty->ctrl_lock, flags); 416 417 if (!tty->pgrp) { 418 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n"); 419 goto out_unlock; 420 } 421 if (task_pgrp(current) == tty->pgrp) 422 goto out_unlock; 423 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 424 if (is_ignored(SIGTTOU)) 425 goto out; 426 if (is_current_pgrp_orphaned()) { 427 ret = -EIO; 428 goto out; 429 } 430 kill_pgrp(task_pgrp(current), SIGTTOU, 1); 431 set_thread_flag(TIF_SIGPENDING); 432 ret = -ERESTARTSYS; 433 out: 434 return ret; 435 out_unlock: 436 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 437 return ret; 438 } 439 440 EXPORT_SYMBOL(tty_check_change); 441 442 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 443 size_t count, loff_t *ppos) 444 { 445 return 0; 446 } 447 448 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 449 size_t count, loff_t *ppos) 450 { 451 return -EIO; 452 } 453 454 /* No kernel lock held - none needed ;) */ 455 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait) 456 { 457 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM; 458 } 459 460 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 461 unsigned long arg) 462 { 463 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 464 } 465 466 static long hung_up_tty_compat_ioctl(struct file *file, 467 unsigned int cmd, unsigned long arg) 468 { 469 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 470 } 471 472 static const struct file_operations tty_fops = { 473 .llseek = no_llseek, 474 .read = tty_read, 475 .write = tty_write, 476 .poll = tty_poll, 477 .unlocked_ioctl = tty_ioctl, 478 .compat_ioctl = tty_compat_ioctl, 479 .open = tty_open, 480 .release = tty_release, 481 .fasync = tty_fasync, 482 }; 483 484 static const struct file_operations console_fops = { 485 .llseek = no_llseek, 486 .read = tty_read, 487 .write = redirected_tty_write, 488 .poll = tty_poll, 489 .unlocked_ioctl = tty_ioctl, 490 .compat_ioctl = tty_compat_ioctl, 491 .open = tty_open, 492 .release = tty_release, 493 .fasync = tty_fasync, 494 }; 495 496 static const struct file_operations hung_up_tty_fops = { 497 .llseek = no_llseek, 498 .read = hung_up_tty_read, 499 .write = hung_up_tty_write, 500 .poll = hung_up_tty_poll, 501 .unlocked_ioctl = hung_up_tty_ioctl, 502 .compat_ioctl = hung_up_tty_compat_ioctl, 503 .release = tty_release, 504 }; 505 506 static DEFINE_SPINLOCK(redirect_lock); 507 static struct file *redirect; 508 509 /** 510 * tty_wakeup - request more data 511 * @tty: terminal 512 * 513 * Internal and external helper for wakeups of tty. This function 514 * informs the line discipline if present that the driver is ready 515 * to receive more output data. 516 */ 517 518 void tty_wakeup(struct tty_struct *tty) 519 { 520 struct tty_ldisc *ld; 521 522 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 523 ld = tty_ldisc_ref(tty); 524 if (ld) { 525 if (ld->ops->write_wakeup) 526 ld->ops->write_wakeup(tty); 527 tty_ldisc_deref(ld); 528 } 529 } 530 wake_up_interruptible_poll(&tty->write_wait, POLLOUT); 531 } 532 533 EXPORT_SYMBOL_GPL(tty_wakeup); 534 535 /** 536 * __tty_hangup - actual handler for hangup events 537 * @work: tty device 538 * 539 * This can be called by the "eventd" kernel thread. That is process 540 * synchronous but doesn't hold any locks, so we need to make sure we 541 * have the appropriate locks for what we're doing. 542 * 543 * The hangup event clears any pending redirections onto the hung up 544 * device. It ensures future writes will error and it does the needed 545 * line discipline hangup and signal delivery. The tty object itself 546 * remains intact. 547 * 548 * Locking: 549 * BTM 550 * redirect lock for undoing redirection 551 * file list lock for manipulating list of ttys 552 * tty_ldisc_lock from called functions 553 * termios_mutex resetting termios data 554 * tasklist_lock to walk task list for hangup event 555 * ->siglock to protect ->signal/->sighand 556 */ 557 void __tty_hangup(struct tty_struct *tty) 558 { 559 struct file *cons_filp = NULL; 560 struct file *filp, *f = NULL; 561 struct task_struct *p; 562 struct tty_file_private *priv; 563 int closecount = 0, n; 564 unsigned long flags; 565 int refs = 0; 566 567 if (!tty) 568 return; 569 570 571 spin_lock(&redirect_lock); 572 if (redirect && file_tty(redirect) == tty) { 573 f = redirect; 574 redirect = NULL; 575 } 576 spin_unlock(&redirect_lock); 577 578 tty_lock(tty); 579 580 /* some functions below drop BTM, so we need this bit */ 581 set_bit(TTY_HUPPING, &tty->flags); 582 583 /* inuse_filps is protected by the single tty lock, 584 this really needs to change if we want to flush the 585 workqueue with the lock held */ 586 check_tty_count(tty, "tty_hangup"); 587 588 spin_lock(&tty_files_lock); 589 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 590 list_for_each_entry(priv, &tty->tty_files, list) { 591 filp = priv->file; 592 if (filp->f_op->write == redirected_tty_write) 593 cons_filp = filp; 594 if (filp->f_op->write != tty_write) 595 continue; 596 closecount++; 597 __tty_fasync(-1, filp, 0); /* can't block */ 598 filp->f_op = &hung_up_tty_fops; 599 } 600 spin_unlock(&tty_files_lock); 601 602 /* 603 * it drops BTM and thus races with reopen 604 * we protect the race by TTY_HUPPING 605 */ 606 tty_ldisc_hangup(tty); 607 608 read_lock(&tasklist_lock); 609 if (tty->session) { 610 do_each_pid_task(tty->session, PIDTYPE_SID, p) { 611 spin_lock_irq(&p->sighand->siglock); 612 if (p->signal->tty == tty) { 613 p->signal->tty = NULL; 614 /* We defer the dereferences outside fo 615 the tasklist lock */ 616 refs++; 617 } 618 if (!p->signal->leader) { 619 spin_unlock_irq(&p->sighand->siglock); 620 continue; 621 } 622 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p); 623 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p); 624 put_pid(p->signal->tty_old_pgrp); /* A noop */ 625 spin_lock_irqsave(&tty->ctrl_lock, flags); 626 if (tty->pgrp) 627 p->signal->tty_old_pgrp = get_pid(tty->pgrp); 628 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 629 spin_unlock_irq(&p->sighand->siglock); 630 } while_each_pid_task(tty->session, PIDTYPE_SID, p); 631 } 632 read_unlock(&tasklist_lock); 633 634 spin_lock_irqsave(&tty->ctrl_lock, flags); 635 clear_bit(TTY_THROTTLED, &tty->flags); 636 clear_bit(TTY_PUSH, &tty->flags); 637 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 638 put_pid(tty->session); 639 put_pid(tty->pgrp); 640 tty->session = NULL; 641 tty->pgrp = NULL; 642 tty->ctrl_status = 0; 643 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 644 645 /* Account for the p->signal references we killed */ 646 while (refs--) 647 tty_kref_put(tty); 648 649 /* 650 * If one of the devices matches a console pointer, we 651 * cannot just call hangup() because that will cause 652 * tty->count and state->count to go out of sync. 653 * So we just call close() the right number of times. 654 */ 655 if (cons_filp) { 656 if (tty->ops->close) 657 for (n = 0; n < closecount; n++) 658 tty->ops->close(tty, cons_filp); 659 } else if (tty->ops->hangup) 660 (tty->ops->hangup)(tty); 661 /* 662 * We don't want to have driver/ldisc interactions beyond 663 * the ones we did here. The driver layer expects no 664 * calls after ->hangup() from the ldisc side. However we 665 * can't yet guarantee all that. 666 */ 667 set_bit(TTY_HUPPED, &tty->flags); 668 clear_bit(TTY_HUPPING, &tty->flags); 669 tty_ldisc_enable(tty); 670 671 tty_unlock(tty); 672 673 if (f) 674 fput(f); 675 } 676 677 static void do_tty_hangup(struct work_struct *work) 678 { 679 struct tty_struct *tty = 680 container_of(work, struct tty_struct, hangup_work); 681 682 __tty_hangup(tty); 683 } 684 685 /** 686 * tty_hangup - trigger a hangup event 687 * @tty: tty to hangup 688 * 689 * A carrier loss (virtual or otherwise) has occurred on this like 690 * schedule a hangup sequence to run after this event. 691 */ 692 693 void tty_hangup(struct tty_struct *tty) 694 { 695 #ifdef TTY_DEBUG_HANGUP 696 char buf[64]; 697 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf)); 698 #endif 699 schedule_work(&tty->hangup_work); 700 } 701 702 EXPORT_SYMBOL(tty_hangup); 703 704 /** 705 * tty_vhangup - process vhangup 706 * @tty: tty to hangup 707 * 708 * The user has asked via system call for the terminal to be hung up. 709 * We do this synchronously so that when the syscall returns the process 710 * is complete. That guarantee is necessary for security reasons. 711 */ 712 713 void tty_vhangup(struct tty_struct *tty) 714 { 715 #ifdef TTY_DEBUG_HANGUP 716 char buf[64]; 717 718 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf)); 719 #endif 720 __tty_hangup(tty); 721 } 722 723 EXPORT_SYMBOL(tty_vhangup); 724 725 726 /** 727 * tty_vhangup_self - process vhangup for own ctty 728 * 729 * Perform a vhangup on the current controlling tty 730 */ 731 732 void tty_vhangup_self(void) 733 { 734 struct tty_struct *tty; 735 736 tty = get_current_tty(); 737 if (tty) { 738 tty_vhangup(tty); 739 tty_kref_put(tty); 740 } 741 } 742 743 /** 744 * tty_hung_up_p - was tty hung up 745 * @filp: file pointer of tty 746 * 747 * Return true if the tty has been subject to a vhangup or a carrier 748 * loss 749 */ 750 751 int tty_hung_up_p(struct file *filp) 752 { 753 return (filp->f_op == &hung_up_tty_fops); 754 } 755 756 EXPORT_SYMBOL(tty_hung_up_p); 757 758 static void session_clear_tty(struct pid *session) 759 { 760 struct task_struct *p; 761 do_each_pid_task(session, PIDTYPE_SID, p) { 762 proc_clear_tty(p); 763 } while_each_pid_task(session, PIDTYPE_SID, p); 764 } 765 766 /** 767 * disassociate_ctty - disconnect controlling tty 768 * @on_exit: true if exiting so need to "hang up" the session 769 * 770 * This function is typically called only by the session leader, when 771 * it wants to disassociate itself from its controlling tty. 772 * 773 * It performs the following functions: 774 * (1) Sends a SIGHUP and SIGCONT to the foreground process group 775 * (2) Clears the tty from being controlling the session 776 * (3) Clears the controlling tty for all processes in the 777 * session group. 778 * 779 * The argument on_exit is set to 1 if called when a process is 780 * exiting; it is 0 if called by the ioctl TIOCNOTTY. 781 * 782 * Locking: 783 * BTM is taken for hysterical raisins, and held when 784 * called from no_tty(). 785 * tty_mutex is taken to protect tty 786 * ->siglock is taken to protect ->signal/->sighand 787 * tasklist_lock is taken to walk process list for sessions 788 * ->siglock is taken to protect ->signal/->sighand 789 */ 790 791 void disassociate_ctty(int on_exit) 792 { 793 struct tty_struct *tty; 794 795 if (!current->signal->leader) 796 return; 797 798 tty = get_current_tty(); 799 if (tty) { 800 struct pid *tty_pgrp = get_pid(tty->pgrp); 801 if (on_exit) { 802 if (tty->driver->type != TTY_DRIVER_TYPE_PTY) 803 tty_vhangup(tty); 804 } 805 tty_kref_put(tty); 806 if (tty_pgrp) { 807 kill_pgrp(tty_pgrp, SIGHUP, on_exit); 808 if (!on_exit) 809 kill_pgrp(tty_pgrp, SIGCONT, on_exit); 810 put_pid(tty_pgrp); 811 } 812 } else if (on_exit) { 813 struct pid *old_pgrp; 814 spin_lock_irq(¤t->sighand->siglock); 815 old_pgrp = current->signal->tty_old_pgrp; 816 current->signal->tty_old_pgrp = NULL; 817 spin_unlock_irq(¤t->sighand->siglock); 818 if (old_pgrp) { 819 kill_pgrp(old_pgrp, SIGHUP, on_exit); 820 kill_pgrp(old_pgrp, SIGCONT, on_exit); 821 put_pid(old_pgrp); 822 } 823 return; 824 } 825 826 spin_lock_irq(¤t->sighand->siglock); 827 put_pid(current->signal->tty_old_pgrp); 828 current->signal->tty_old_pgrp = NULL; 829 spin_unlock_irq(¤t->sighand->siglock); 830 831 tty = get_current_tty(); 832 if (tty) { 833 unsigned long flags; 834 spin_lock_irqsave(&tty->ctrl_lock, flags); 835 put_pid(tty->session); 836 put_pid(tty->pgrp); 837 tty->session = NULL; 838 tty->pgrp = NULL; 839 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 840 tty_kref_put(tty); 841 } else { 842 #ifdef TTY_DEBUG_HANGUP 843 printk(KERN_DEBUG "error attempted to write to tty [0x%p]" 844 " = NULL", tty); 845 #endif 846 } 847 848 /* Now clear signal->tty under the lock */ 849 read_lock(&tasklist_lock); 850 session_clear_tty(task_session(current)); 851 read_unlock(&tasklist_lock); 852 } 853 854 /** 855 * 856 * no_tty - Ensure the current process does not have a controlling tty 857 */ 858 void no_tty(void) 859 { 860 /* FIXME: Review locking here. The tty_lock never covered any race 861 between a new association and proc_clear_tty but possible we need 862 to protect against this anyway */ 863 struct task_struct *tsk = current; 864 disassociate_ctty(0); 865 proc_clear_tty(tsk); 866 } 867 868 869 /** 870 * stop_tty - propagate flow control 871 * @tty: tty to stop 872 * 873 * Perform flow control to the driver. For PTY/TTY pairs we 874 * must also propagate the TIOCKPKT status. May be called 875 * on an already stopped device and will not re-call the driver 876 * method. 877 * 878 * This functionality is used by both the line disciplines for 879 * halting incoming flow and by the driver. It may therefore be 880 * called from any context, may be under the tty atomic_write_lock 881 * but not always. 882 * 883 * Locking: 884 * Uses the tty control lock internally 885 */ 886 887 void stop_tty(struct tty_struct *tty) 888 { 889 unsigned long flags; 890 spin_lock_irqsave(&tty->ctrl_lock, flags); 891 if (tty->stopped) { 892 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 893 return; 894 } 895 tty->stopped = 1; 896 if (tty->link && tty->link->packet) { 897 tty->ctrl_status &= ~TIOCPKT_START; 898 tty->ctrl_status |= TIOCPKT_STOP; 899 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN); 900 } 901 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 902 if (tty->ops->stop) 903 (tty->ops->stop)(tty); 904 } 905 906 EXPORT_SYMBOL(stop_tty); 907 908 /** 909 * start_tty - propagate flow control 910 * @tty: tty to start 911 * 912 * Start a tty that has been stopped if at all possible. Perform 913 * any necessary wakeups and propagate the TIOCPKT status. If this 914 * is the tty was previous stopped and is being started then the 915 * driver start method is invoked and the line discipline woken. 916 * 917 * Locking: 918 * ctrl_lock 919 */ 920 921 void start_tty(struct tty_struct *tty) 922 { 923 unsigned long flags; 924 spin_lock_irqsave(&tty->ctrl_lock, flags); 925 if (!tty->stopped || tty->flow_stopped) { 926 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 927 return; 928 } 929 tty->stopped = 0; 930 if (tty->link && tty->link->packet) { 931 tty->ctrl_status &= ~TIOCPKT_STOP; 932 tty->ctrl_status |= TIOCPKT_START; 933 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN); 934 } 935 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 936 if (tty->ops->start) 937 (tty->ops->start)(tty); 938 /* If we have a running line discipline it may need kicking */ 939 tty_wakeup(tty); 940 } 941 942 EXPORT_SYMBOL(start_tty); 943 944 /** 945 * tty_read - read method for tty device files 946 * @file: pointer to tty file 947 * @buf: user buffer 948 * @count: size of user buffer 949 * @ppos: unused 950 * 951 * Perform the read system call function on this terminal device. Checks 952 * for hung up devices before calling the line discipline method. 953 * 954 * Locking: 955 * Locks the line discipline internally while needed. Multiple 956 * read calls may be outstanding in parallel. 957 */ 958 959 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 960 loff_t *ppos) 961 { 962 int i; 963 struct inode *inode = file->f_path.dentry->d_inode; 964 struct tty_struct *tty = file_tty(file); 965 struct tty_ldisc *ld; 966 967 if (tty_paranoia_check(tty, inode, "tty_read")) 968 return -EIO; 969 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags))) 970 return -EIO; 971 972 /* We want to wait for the line discipline to sort out in this 973 situation */ 974 ld = tty_ldisc_ref_wait(tty); 975 if (ld->ops->read) 976 i = (ld->ops->read)(tty, file, buf, count); 977 else 978 i = -EIO; 979 tty_ldisc_deref(ld); 980 if (i > 0) 981 inode->i_atime = current_fs_time(inode->i_sb); 982 return i; 983 } 984 985 void tty_write_unlock(struct tty_struct *tty) 986 __releases(&tty->atomic_write_lock) 987 { 988 mutex_unlock(&tty->atomic_write_lock); 989 wake_up_interruptible_poll(&tty->write_wait, POLLOUT); 990 } 991 992 int tty_write_lock(struct tty_struct *tty, int ndelay) 993 __acquires(&tty->atomic_write_lock) 994 { 995 if (!mutex_trylock(&tty->atomic_write_lock)) { 996 if (ndelay) 997 return -EAGAIN; 998 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 999 return -ERESTARTSYS; 1000 } 1001 return 0; 1002 } 1003 1004 /* 1005 * Split writes up in sane blocksizes to avoid 1006 * denial-of-service type attacks 1007 */ 1008 static inline ssize_t do_tty_write( 1009 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 1010 struct tty_struct *tty, 1011 struct file *file, 1012 const char __user *buf, 1013 size_t count) 1014 { 1015 ssize_t ret, written = 0; 1016 unsigned int chunk; 1017 1018 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 1019 if (ret < 0) 1020 return ret; 1021 1022 /* 1023 * We chunk up writes into a temporary buffer. This 1024 * simplifies low-level drivers immensely, since they 1025 * don't have locking issues and user mode accesses. 1026 * 1027 * But if TTY_NO_WRITE_SPLIT is set, we should use a 1028 * big chunk-size.. 1029 * 1030 * The default chunk-size is 2kB, because the NTTY 1031 * layer has problems with bigger chunks. It will 1032 * claim to be able to handle more characters than 1033 * it actually does. 1034 * 1035 * FIXME: This can probably go away now except that 64K chunks 1036 * are too likely to fail unless switched to vmalloc... 1037 */ 1038 chunk = 2048; 1039 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 1040 chunk = 65536; 1041 if (count < chunk) 1042 chunk = count; 1043 1044 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 1045 if (tty->write_cnt < chunk) { 1046 unsigned char *buf_chunk; 1047 1048 if (chunk < 1024) 1049 chunk = 1024; 1050 1051 buf_chunk = kmalloc(chunk, GFP_KERNEL); 1052 if (!buf_chunk) { 1053 ret = -ENOMEM; 1054 goto out; 1055 } 1056 kfree(tty->write_buf); 1057 tty->write_cnt = chunk; 1058 tty->write_buf = buf_chunk; 1059 } 1060 1061 /* Do the write .. */ 1062 for (;;) { 1063 size_t size = count; 1064 if (size > chunk) 1065 size = chunk; 1066 ret = -EFAULT; 1067 if (copy_from_user(tty->write_buf, buf, size)) 1068 break; 1069 ret = write(tty, file, tty->write_buf, size); 1070 if (ret <= 0) 1071 break; 1072 written += ret; 1073 buf += ret; 1074 count -= ret; 1075 if (!count) 1076 break; 1077 ret = -ERESTARTSYS; 1078 if (signal_pending(current)) 1079 break; 1080 cond_resched(); 1081 } 1082 if (written) { 1083 struct inode *inode = file->f_path.dentry->d_inode; 1084 inode->i_mtime = current_fs_time(inode->i_sb); 1085 ret = written; 1086 } 1087 out: 1088 tty_write_unlock(tty); 1089 return ret; 1090 } 1091 1092 /** 1093 * tty_write_message - write a message to a certain tty, not just the console. 1094 * @tty: the destination tty_struct 1095 * @msg: the message to write 1096 * 1097 * This is used for messages that need to be redirected to a specific tty. 1098 * We don't put it into the syslog queue right now maybe in the future if 1099 * really needed. 1100 * 1101 * We must still hold the BTM and test the CLOSING flag for the moment. 1102 */ 1103 1104 void tty_write_message(struct tty_struct *tty, char *msg) 1105 { 1106 if (tty) { 1107 mutex_lock(&tty->atomic_write_lock); 1108 tty_lock(tty); 1109 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) { 1110 tty_unlock(tty); 1111 tty->ops->write(tty, msg, strlen(msg)); 1112 } else 1113 tty_unlock(tty); 1114 tty_write_unlock(tty); 1115 } 1116 return; 1117 } 1118 1119 1120 /** 1121 * tty_write - write method for tty device file 1122 * @file: tty file pointer 1123 * @buf: user data to write 1124 * @count: bytes to write 1125 * @ppos: unused 1126 * 1127 * Write data to a tty device via the line discipline. 1128 * 1129 * Locking: 1130 * Locks the line discipline as required 1131 * Writes to the tty driver are serialized by the atomic_write_lock 1132 * and are then processed in chunks to the device. The line discipline 1133 * write method will not be invoked in parallel for each device. 1134 */ 1135 1136 static ssize_t tty_write(struct file *file, const char __user *buf, 1137 size_t count, loff_t *ppos) 1138 { 1139 struct inode *inode = file->f_path.dentry->d_inode; 1140 struct tty_struct *tty = file_tty(file); 1141 struct tty_ldisc *ld; 1142 ssize_t ret; 1143 1144 if (tty_paranoia_check(tty, inode, "tty_write")) 1145 return -EIO; 1146 if (!tty || !tty->ops->write || 1147 (test_bit(TTY_IO_ERROR, &tty->flags))) 1148 return -EIO; 1149 /* Short term debug to catch buggy drivers */ 1150 if (tty->ops->write_room == NULL) 1151 printk(KERN_ERR "tty driver %s lacks a write_room method.\n", 1152 tty->driver->name); 1153 ld = tty_ldisc_ref_wait(tty); 1154 if (!ld->ops->write) 1155 ret = -EIO; 1156 else 1157 ret = do_tty_write(ld->ops->write, tty, file, buf, count); 1158 tty_ldisc_deref(ld); 1159 return ret; 1160 } 1161 1162 ssize_t redirected_tty_write(struct file *file, const char __user *buf, 1163 size_t count, loff_t *ppos) 1164 { 1165 struct file *p = NULL; 1166 1167 spin_lock(&redirect_lock); 1168 if (redirect) 1169 p = get_file(redirect); 1170 spin_unlock(&redirect_lock); 1171 1172 if (p) { 1173 ssize_t res; 1174 res = vfs_write(p, buf, count, &p->f_pos); 1175 fput(p); 1176 return res; 1177 } 1178 return tty_write(file, buf, count, ppos); 1179 } 1180 1181 static char ptychar[] = "pqrstuvwxyzabcde"; 1182 1183 /** 1184 * pty_line_name - generate name for a pty 1185 * @driver: the tty driver in use 1186 * @index: the minor number 1187 * @p: output buffer of at least 6 bytes 1188 * 1189 * Generate a name from a driver reference and write it to the output 1190 * buffer. 1191 * 1192 * Locking: None 1193 */ 1194 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1195 { 1196 int i = index + driver->name_base; 1197 /* ->name is initialized to "ttyp", but "tty" is expected */ 1198 sprintf(p, "%s%c%x", 1199 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1200 ptychar[i >> 4 & 0xf], i & 0xf); 1201 } 1202 1203 /** 1204 * tty_line_name - generate name for a tty 1205 * @driver: the tty driver in use 1206 * @index: the minor number 1207 * @p: output buffer of at least 7 bytes 1208 * 1209 * Generate a name from a driver reference and write it to the output 1210 * buffer. 1211 * 1212 * Locking: None 1213 */ 1214 static void tty_line_name(struct tty_driver *driver, int index, char *p) 1215 { 1216 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1217 strcpy(p, driver->name); 1218 else 1219 sprintf(p, "%s%d", driver->name, index + driver->name_base); 1220 } 1221 1222 /** 1223 * tty_driver_lookup_tty() - find an existing tty, if any 1224 * @driver: the driver for the tty 1225 * @idx: the minor number 1226 * 1227 * Return the tty, if found or ERR_PTR() otherwise. 1228 * 1229 * Locking: tty_mutex must be held. If tty is found, the mutex must 1230 * be held until the 'fast-open' is also done. Will change once we 1231 * have refcounting in the driver and per driver locking 1232 */ 1233 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1234 struct inode *inode, int idx) 1235 { 1236 if (driver->ops->lookup) 1237 return driver->ops->lookup(driver, inode, idx); 1238 1239 return driver->ttys[idx]; 1240 } 1241 1242 /** 1243 * tty_init_termios - helper for termios setup 1244 * @tty: the tty to set up 1245 * 1246 * Initialise the termios structures for this tty. Thus runs under 1247 * the tty_mutex currently so we can be relaxed about ordering. 1248 */ 1249 1250 int tty_init_termios(struct tty_struct *tty) 1251 { 1252 struct ktermios *tp; 1253 int idx = tty->index; 1254 1255 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1256 tty->termios = tty->driver->init_termios; 1257 else { 1258 /* Check for lazy saved data */ 1259 tp = tty->driver->termios[idx]; 1260 if (tp != NULL) 1261 tty->termios = *tp; 1262 else 1263 tty->termios = tty->driver->init_termios; 1264 } 1265 /* Compatibility until drivers always set this */ 1266 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1267 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1268 return 0; 1269 } 1270 EXPORT_SYMBOL_GPL(tty_init_termios); 1271 1272 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1273 { 1274 int ret = tty_init_termios(tty); 1275 if (ret) 1276 return ret; 1277 1278 tty_driver_kref_get(driver); 1279 tty->count++; 1280 driver->ttys[tty->index] = tty; 1281 return 0; 1282 } 1283 EXPORT_SYMBOL_GPL(tty_standard_install); 1284 1285 /** 1286 * tty_driver_install_tty() - install a tty entry in the driver 1287 * @driver: the driver for the tty 1288 * @tty: the tty 1289 * 1290 * Install a tty object into the driver tables. The tty->index field 1291 * will be set by the time this is called. This method is responsible 1292 * for ensuring any need additional structures are allocated and 1293 * configured. 1294 * 1295 * Locking: tty_mutex for now 1296 */ 1297 static int tty_driver_install_tty(struct tty_driver *driver, 1298 struct tty_struct *tty) 1299 { 1300 return driver->ops->install ? driver->ops->install(driver, tty) : 1301 tty_standard_install(driver, tty); 1302 } 1303 1304 /** 1305 * tty_driver_remove_tty() - remove a tty from the driver tables 1306 * @driver: the driver for the tty 1307 * @idx: the minor number 1308 * 1309 * Remvoe a tty object from the driver tables. The tty->index field 1310 * will be set by the time this is called. 1311 * 1312 * Locking: tty_mutex for now 1313 */ 1314 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1315 { 1316 if (driver->ops->remove) 1317 driver->ops->remove(driver, tty); 1318 else 1319 driver->ttys[tty->index] = NULL; 1320 } 1321 1322 /* 1323 * tty_reopen() - fast re-open of an open tty 1324 * @tty - the tty to open 1325 * 1326 * Return 0 on success, -errno on error. 1327 * 1328 * Locking: tty_mutex must be held from the time the tty was found 1329 * till this open completes. 1330 */ 1331 static int tty_reopen(struct tty_struct *tty) 1332 { 1333 struct tty_driver *driver = tty->driver; 1334 1335 if (test_bit(TTY_CLOSING, &tty->flags) || 1336 test_bit(TTY_HUPPING, &tty->flags) || 1337 test_bit(TTY_LDISC_CHANGING, &tty->flags)) 1338 return -EIO; 1339 1340 if (driver->type == TTY_DRIVER_TYPE_PTY && 1341 driver->subtype == PTY_TYPE_MASTER) { 1342 /* 1343 * special case for PTY masters: only one open permitted, 1344 * and the slave side open count is incremented as well. 1345 */ 1346 if (tty->count) 1347 return -EIO; 1348 1349 tty->link->count++; 1350 } 1351 tty->count++; 1352 1353 mutex_lock(&tty->ldisc_mutex); 1354 WARN_ON(!test_bit(TTY_LDISC, &tty->flags)); 1355 mutex_unlock(&tty->ldisc_mutex); 1356 1357 return 0; 1358 } 1359 1360 /** 1361 * tty_init_dev - initialise a tty device 1362 * @driver: tty driver we are opening a device on 1363 * @idx: device index 1364 * @ret_tty: returned tty structure 1365 * 1366 * Prepare a tty device. This may not be a "new" clean device but 1367 * could also be an active device. The pty drivers require special 1368 * handling because of this. 1369 * 1370 * Locking: 1371 * The function is called under the tty_mutex, which 1372 * protects us from the tty struct or driver itself going away. 1373 * 1374 * On exit the tty device has the line discipline attached and 1375 * a reference count of 1. If a pair was created for pty/tty use 1376 * and the other was a pty master then it too has a reference count of 1. 1377 * 1378 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1379 * failed open. The new code protects the open with a mutex, so it's 1380 * really quite straightforward. The mutex locking can probably be 1381 * relaxed for the (most common) case of reopening a tty. 1382 */ 1383 1384 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1385 { 1386 struct tty_struct *tty; 1387 int retval; 1388 1389 /* 1390 * First time open is complex, especially for PTY devices. 1391 * This code guarantees that either everything succeeds and the 1392 * TTY is ready for operation, or else the table slots are vacated 1393 * and the allocated memory released. (Except that the termios 1394 * and locked termios may be retained.) 1395 */ 1396 1397 if (!try_module_get(driver->owner)) 1398 return ERR_PTR(-ENODEV); 1399 1400 tty = alloc_tty_struct(); 1401 if (!tty) { 1402 retval = -ENOMEM; 1403 goto err_module_put; 1404 } 1405 initialize_tty_struct(tty, driver, idx); 1406 1407 tty_lock(tty); 1408 retval = tty_driver_install_tty(driver, tty); 1409 if (retval < 0) 1410 goto err_deinit_tty; 1411 1412 if (!tty->port) 1413 tty->port = driver->ports[idx]; 1414 1415 WARN_RATELIMIT(!tty->port, 1416 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", 1417 __func__, tty->driver->name); 1418 1419 tty->port->itty = tty; 1420 1421 /* 1422 * Structures all installed ... call the ldisc open routines. 1423 * If we fail here just call release_tty to clean up. No need 1424 * to decrement the use counts, as release_tty doesn't care. 1425 */ 1426 retval = tty_ldisc_setup(tty, tty->link); 1427 if (retval) 1428 goto err_release_tty; 1429 /* Return the tty locked so that it cannot vanish under the caller */ 1430 return tty; 1431 1432 err_deinit_tty: 1433 tty_unlock(tty); 1434 deinitialize_tty_struct(tty); 1435 free_tty_struct(tty); 1436 err_module_put: 1437 module_put(driver->owner); 1438 return ERR_PTR(retval); 1439 1440 /* call the tty release_tty routine to clean out this slot */ 1441 err_release_tty: 1442 tty_unlock(tty); 1443 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, " 1444 "clearing slot %d\n", idx); 1445 release_tty(tty, idx); 1446 return ERR_PTR(retval); 1447 } 1448 1449 void tty_free_termios(struct tty_struct *tty) 1450 { 1451 struct ktermios *tp; 1452 int idx = tty->index; 1453 1454 /* If the port is going to reset then it has no termios to save */ 1455 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1456 return; 1457 1458 /* Stash the termios data */ 1459 tp = tty->driver->termios[idx]; 1460 if (tp == NULL) { 1461 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL); 1462 if (tp == NULL) { 1463 pr_warn("tty: no memory to save termios state.\n"); 1464 return; 1465 } 1466 tty->driver->termios[idx] = tp; 1467 } 1468 *tp = tty->termios; 1469 } 1470 EXPORT_SYMBOL(tty_free_termios); 1471 1472 1473 /** 1474 * release_one_tty - release tty structure memory 1475 * @kref: kref of tty we are obliterating 1476 * 1477 * Releases memory associated with a tty structure, and clears out the 1478 * driver table slots. This function is called when a device is no longer 1479 * in use. It also gets called when setup of a device fails. 1480 * 1481 * Locking: 1482 * takes the file list lock internally when working on the list 1483 * of ttys that the driver keeps. 1484 * 1485 * This method gets called from a work queue so that the driver private 1486 * cleanup ops can sleep (needed for USB at least) 1487 */ 1488 static void release_one_tty(struct work_struct *work) 1489 { 1490 struct tty_struct *tty = 1491 container_of(work, struct tty_struct, hangup_work); 1492 struct tty_driver *driver = tty->driver; 1493 1494 if (tty->ops->cleanup) 1495 tty->ops->cleanup(tty); 1496 1497 tty->magic = 0; 1498 tty_driver_kref_put(driver); 1499 module_put(driver->owner); 1500 1501 spin_lock(&tty_files_lock); 1502 list_del_init(&tty->tty_files); 1503 spin_unlock(&tty_files_lock); 1504 1505 put_pid(tty->pgrp); 1506 put_pid(tty->session); 1507 free_tty_struct(tty); 1508 } 1509 1510 static void queue_release_one_tty(struct kref *kref) 1511 { 1512 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1513 1514 /* The hangup queue is now free so we can reuse it rather than 1515 waste a chunk of memory for each port */ 1516 INIT_WORK(&tty->hangup_work, release_one_tty); 1517 schedule_work(&tty->hangup_work); 1518 } 1519 1520 /** 1521 * tty_kref_put - release a tty kref 1522 * @tty: tty device 1523 * 1524 * Release a reference to a tty device and if need be let the kref 1525 * layer destruct the object for us 1526 */ 1527 1528 void tty_kref_put(struct tty_struct *tty) 1529 { 1530 if (tty) 1531 kref_put(&tty->kref, queue_release_one_tty); 1532 } 1533 EXPORT_SYMBOL(tty_kref_put); 1534 1535 /** 1536 * release_tty - release tty structure memory 1537 * 1538 * Release both @tty and a possible linked partner (think pty pair), 1539 * and decrement the refcount of the backing module. 1540 * 1541 * Locking: 1542 * tty_mutex 1543 * takes the file list lock internally when working on the list 1544 * of ttys that the driver keeps. 1545 * 1546 */ 1547 static void release_tty(struct tty_struct *tty, int idx) 1548 { 1549 /* This should always be true but check for the moment */ 1550 WARN_ON(tty->index != idx); 1551 WARN_ON(!mutex_is_locked(&tty_mutex)); 1552 if (tty->ops->shutdown) 1553 tty->ops->shutdown(tty); 1554 tty_free_termios(tty); 1555 tty_driver_remove_tty(tty->driver, tty); 1556 tty->port->itty = NULL; 1557 1558 if (tty->link) 1559 tty_kref_put(tty->link); 1560 tty_kref_put(tty); 1561 } 1562 1563 /** 1564 * tty_release_checks - check a tty before real release 1565 * @tty: tty to check 1566 * @o_tty: link of @tty (if any) 1567 * @idx: index of the tty 1568 * 1569 * Performs some paranoid checking before true release of the @tty. 1570 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1571 */ 1572 static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty, 1573 int idx) 1574 { 1575 #ifdef TTY_PARANOIA_CHECK 1576 if (idx < 0 || idx >= tty->driver->num) { 1577 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n", 1578 __func__, tty->name); 1579 return -1; 1580 } 1581 1582 /* not much to check for devpts */ 1583 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1584 return 0; 1585 1586 if (tty != tty->driver->ttys[idx]) { 1587 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n", 1588 __func__, idx, tty->name); 1589 return -1; 1590 } 1591 if (tty->driver->other) { 1592 if (o_tty != tty->driver->other->ttys[idx]) { 1593 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n", 1594 __func__, idx, tty->name); 1595 return -1; 1596 } 1597 if (o_tty->link != tty) { 1598 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__); 1599 return -1; 1600 } 1601 } 1602 #endif 1603 return 0; 1604 } 1605 1606 /** 1607 * tty_release - vfs callback for close 1608 * @inode: inode of tty 1609 * @filp: file pointer for handle to tty 1610 * 1611 * Called the last time each file handle is closed that references 1612 * this tty. There may however be several such references. 1613 * 1614 * Locking: 1615 * Takes bkl. See tty_release_dev 1616 * 1617 * Even releasing the tty structures is a tricky business.. We have 1618 * to be very careful that the structures are all released at the 1619 * same time, as interrupts might otherwise get the wrong pointers. 1620 * 1621 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1622 * lead to double frees or releasing memory still in use. 1623 */ 1624 1625 int tty_release(struct inode *inode, struct file *filp) 1626 { 1627 struct tty_struct *tty = file_tty(filp); 1628 struct tty_struct *o_tty; 1629 int pty_master, tty_closing, o_tty_closing, do_sleep; 1630 int idx; 1631 char buf[64]; 1632 1633 if (tty_paranoia_check(tty, inode, __func__)) 1634 return 0; 1635 1636 tty_lock(tty); 1637 check_tty_count(tty, __func__); 1638 1639 __tty_fasync(-1, filp, 0); 1640 1641 idx = tty->index; 1642 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1643 tty->driver->subtype == PTY_TYPE_MASTER); 1644 /* Review: parallel close */ 1645 o_tty = tty->link; 1646 1647 if (tty_release_checks(tty, o_tty, idx)) { 1648 tty_unlock(tty); 1649 return 0; 1650 } 1651 1652 #ifdef TTY_DEBUG_HANGUP 1653 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__, 1654 tty_name(tty, buf), tty->count); 1655 #endif 1656 1657 if (tty->ops->close) 1658 tty->ops->close(tty, filp); 1659 1660 tty_unlock(tty); 1661 /* 1662 * Sanity check: if tty->count is going to zero, there shouldn't be 1663 * any waiters on tty->read_wait or tty->write_wait. We test the 1664 * wait queues and kick everyone out _before_ actually starting to 1665 * close. This ensures that we won't block while releasing the tty 1666 * structure. 1667 * 1668 * The test for the o_tty closing is necessary, since the master and 1669 * slave sides may close in any order. If the slave side closes out 1670 * first, its count will be one, since the master side holds an open. 1671 * Thus this test wouldn't be triggered at the time the slave closes, 1672 * so we do it now. 1673 * 1674 * Note that it's possible for the tty to be opened again while we're 1675 * flushing out waiters. By recalculating the closing flags before 1676 * each iteration we avoid any problems. 1677 */ 1678 while (1) { 1679 /* Guard against races with tty->count changes elsewhere and 1680 opens on /dev/tty */ 1681 1682 mutex_lock(&tty_mutex); 1683 tty_lock_pair(tty, o_tty); 1684 tty_closing = tty->count <= 1; 1685 o_tty_closing = o_tty && 1686 (o_tty->count <= (pty_master ? 1 : 0)); 1687 do_sleep = 0; 1688 1689 if (tty_closing) { 1690 if (waitqueue_active(&tty->read_wait)) { 1691 wake_up_poll(&tty->read_wait, POLLIN); 1692 do_sleep++; 1693 } 1694 if (waitqueue_active(&tty->write_wait)) { 1695 wake_up_poll(&tty->write_wait, POLLOUT); 1696 do_sleep++; 1697 } 1698 } 1699 if (o_tty_closing) { 1700 if (waitqueue_active(&o_tty->read_wait)) { 1701 wake_up_poll(&o_tty->read_wait, POLLIN); 1702 do_sleep++; 1703 } 1704 if (waitqueue_active(&o_tty->write_wait)) { 1705 wake_up_poll(&o_tty->write_wait, POLLOUT); 1706 do_sleep++; 1707 } 1708 } 1709 if (!do_sleep) 1710 break; 1711 1712 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n", 1713 __func__, tty_name(tty, buf)); 1714 tty_unlock_pair(tty, o_tty); 1715 mutex_unlock(&tty_mutex); 1716 schedule(); 1717 } 1718 1719 /* 1720 * The closing flags are now consistent with the open counts on 1721 * both sides, and we've completed the last operation that could 1722 * block, so it's safe to proceed with closing. 1723 * 1724 * We must *not* drop the tty_mutex until we ensure that a further 1725 * entry into tty_open can not pick up this tty. 1726 */ 1727 if (pty_master) { 1728 if (--o_tty->count < 0) { 1729 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n", 1730 __func__, o_tty->count, tty_name(o_tty, buf)); 1731 o_tty->count = 0; 1732 } 1733 } 1734 if (--tty->count < 0) { 1735 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n", 1736 __func__, tty->count, tty_name(tty, buf)); 1737 tty->count = 0; 1738 } 1739 1740 /* 1741 * We've decremented tty->count, so we need to remove this file 1742 * descriptor off the tty->tty_files list; this serves two 1743 * purposes: 1744 * - check_tty_count sees the correct number of file descriptors 1745 * associated with this tty. 1746 * - do_tty_hangup no longer sees this file descriptor as 1747 * something that needs to be handled for hangups. 1748 */ 1749 tty_del_file(filp); 1750 1751 /* 1752 * Perform some housekeeping before deciding whether to return. 1753 * 1754 * Set the TTY_CLOSING flag if this was the last open. In the 1755 * case of a pty we may have to wait around for the other side 1756 * to close, and TTY_CLOSING makes sure we can't be reopened. 1757 */ 1758 if (tty_closing) 1759 set_bit(TTY_CLOSING, &tty->flags); 1760 if (o_tty_closing) 1761 set_bit(TTY_CLOSING, &o_tty->flags); 1762 1763 /* 1764 * If _either_ side is closing, make sure there aren't any 1765 * processes that still think tty or o_tty is their controlling 1766 * tty. 1767 */ 1768 if (tty_closing || o_tty_closing) { 1769 read_lock(&tasklist_lock); 1770 session_clear_tty(tty->session); 1771 if (o_tty) 1772 session_clear_tty(o_tty->session); 1773 read_unlock(&tasklist_lock); 1774 } 1775 1776 mutex_unlock(&tty_mutex); 1777 tty_unlock_pair(tty, o_tty); 1778 /* At this point the TTY_CLOSING flag should ensure a dead tty 1779 cannot be re-opened by a racing opener */ 1780 1781 /* check whether both sides are closing ... */ 1782 if (!tty_closing || (o_tty && !o_tty_closing)) 1783 return 0; 1784 1785 #ifdef TTY_DEBUG_HANGUP 1786 printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__); 1787 #endif 1788 /* 1789 * Ask the line discipline code to release its structures 1790 */ 1791 tty_ldisc_release(tty, o_tty); 1792 /* 1793 * The release_tty function takes care of the details of clearing 1794 * the slots and preserving the termios structure. The tty_unlock_pair 1795 * should be safe as we keep a kref while the tty is locked (so the 1796 * unlock never unlocks a freed tty). 1797 */ 1798 mutex_lock(&tty_mutex); 1799 release_tty(tty, idx); 1800 mutex_unlock(&tty_mutex); 1801 1802 return 0; 1803 } 1804 1805 /** 1806 * tty_open_current_tty - get tty of current task for open 1807 * @device: device number 1808 * @filp: file pointer to tty 1809 * @return: tty of the current task iff @device is /dev/tty 1810 * 1811 * We cannot return driver and index like for the other nodes because 1812 * devpts will not work then. It expects inodes to be from devpts FS. 1813 * 1814 * We need to move to returning a refcounted object from all the lookup 1815 * paths including this one. 1816 */ 1817 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1818 { 1819 struct tty_struct *tty; 1820 1821 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1822 return NULL; 1823 1824 tty = get_current_tty(); 1825 if (!tty) 1826 return ERR_PTR(-ENXIO); 1827 1828 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1829 /* noctty = 1; */ 1830 tty_kref_put(tty); 1831 /* FIXME: we put a reference and return a TTY! */ 1832 /* This is only safe because the caller holds tty_mutex */ 1833 return tty; 1834 } 1835 1836 /** 1837 * tty_lookup_driver - lookup a tty driver for a given device file 1838 * @device: device number 1839 * @filp: file pointer to tty 1840 * @noctty: set if the device should not become a controlling tty 1841 * @index: index for the device in the @return driver 1842 * @return: driver for this inode (with increased refcount) 1843 * 1844 * If @return is not erroneous, the caller is responsible to decrement the 1845 * refcount by tty_driver_kref_put. 1846 * 1847 * Locking: tty_mutex protects get_tty_driver 1848 */ 1849 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1850 int *noctty, int *index) 1851 { 1852 struct tty_driver *driver; 1853 1854 switch (device) { 1855 #ifdef CONFIG_VT 1856 case MKDEV(TTY_MAJOR, 0): { 1857 extern struct tty_driver *console_driver; 1858 driver = tty_driver_kref_get(console_driver); 1859 *index = fg_console; 1860 *noctty = 1; 1861 break; 1862 } 1863 #endif 1864 case MKDEV(TTYAUX_MAJOR, 1): { 1865 struct tty_driver *console_driver = console_device(index); 1866 if (console_driver) { 1867 driver = tty_driver_kref_get(console_driver); 1868 if (driver) { 1869 /* Don't let /dev/console block */ 1870 filp->f_flags |= O_NONBLOCK; 1871 *noctty = 1; 1872 break; 1873 } 1874 } 1875 return ERR_PTR(-ENODEV); 1876 } 1877 default: 1878 driver = get_tty_driver(device, index); 1879 if (!driver) 1880 return ERR_PTR(-ENODEV); 1881 break; 1882 } 1883 return driver; 1884 } 1885 1886 /** 1887 * tty_open - open a tty device 1888 * @inode: inode of device file 1889 * @filp: file pointer to tty 1890 * 1891 * tty_open and tty_release keep up the tty count that contains the 1892 * number of opens done on a tty. We cannot use the inode-count, as 1893 * different inodes might point to the same tty. 1894 * 1895 * Open-counting is needed for pty masters, as well as for keeping 1896 * track of serial lines: DTR is dropped when the last close happens. 1897 * (This is not done solely through tty->count, now. - Ted 1/27/92) 1898 * 1899 * The termios state of a pty is reset on first open so that 1900 * settings don't persist across reuse. 1901 * 1902 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 1903 * tty->count should protect the rest. 1904 * ->siglock protects ->signal/->sighand 1905 * 1906 * Note: the tty_unlock/lock cases without a ref are only safe due to 1907 * tty_mutex 1908 */ 1909 1910 static int tty_open(struct inode *inode, struct file *filp) 1911 { 1912 struct tty_struct *tty; 1913 int noctty, retval; 1914 struct tty_driver *driver = NULL; 1915 int index; 1916 dev_t device = inode->i_rdev; 1917 unsigned saved_flags = filp->f_flags; 1918 1919 nonseekable_open(inode, filp); 1920 1921 retry_open: 1922 retval = tty_alloc_file(filp); 1923 if (retval) 1924 return -ENOMEM; 1925 1926 noctty = filp->f_flags & O_NOCTTY; 1927 index = -1; 1928 retval = 0; 1929 1930 mutex_lock(&tty_mutex); 1931 /* This is protected by the tty_mutex */ 1932 tty = tty_open_current_tty(device, filp); 1933 if (IS_ERR(tty)) { 1934 retval = PTR_ERR(tty); 1935 goto err_unlock; 1936 } else if (!tty) { 1937 driver = tty_lookup_driver(device, filp, &noctty, &index); 1938 if (IS_ERR(driver)) { 1939 retval = PTR_ERR(driver); 1940 goto err_unlock; 1941 } 1942 1943 /* check whether we're reopening an existing tty */ 1944 tty = tty_driver_lookup_tty(driver, inode, index); 1945 if (IS_ERR(tty)) { 1946 retval = PTR_ERR(tty); 1947 goto err_unlock; 1948 } 1949 } 1950 1951 if (tty) { 1952 tty_lock(tty); 1953 retval = tty_reopen(tty); 1954 if (retval < 0) { 1955 tty_unlock(tty); 1956 tty = ERR_PTR(retval); 1957 } 1958 } else /* Returns with the tty_lock held for now */ 1959 tty = tty_init_dev(driver, index); 1960 1961 mutex_unlock(&tty_mutex); 1962 if (driver) 1963 tty_driver_kref_put(driver); 1964 if (IS_ERR(tty)) { 1965 retval = PTR_ERR(tty); 1966 goto err_file; 1967 } 1968 1969 tty_add_file(tty, filp); 1970 1971 check_tty_count(tty, __func__); 1972 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1973 tty->driver->subtype == PTY_TYPE_MASTER) 1974 noctty = 1; 1975 #ifdef TTY_DEBUG_HANGUP 1976 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name); 1977 #endif 1978 if (tty->ops->open) 1979 retval = tty->ops->open(tty, filp); 1980 else 1981 retval = -ENODEV; 1982 filp->f_flags = saved_flags; 1983 1984 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && 1985 !capable(CAP_SYS_ADMIN)) 1986 retval = -EBUSY; 1987 1988 if (retval) { 1989 #ifdef TTY_DEBUG_HANGUP 1990 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__, 1991 retval, tty->name); 1992 #endif 1993 tty_unlock(tty); /* need to call tty_release without BTM */ 1994 tty_release(inode, filp); 1995 if (retval != -ERESTARTSYS) 1996 return retval; 1997 1998 if (signal_pending(current)) 1999 return retval; 2000 2001 schedule(); 2002 /* 2003 * Need to reset f_op in case a hangup happened. 2004 */ 2005 if (filp->f_op == &hung_up_tty_fops) 2006 filp->f_op = &tty_fops; 2007 goto retry_open; 2008 } 2009 tty_unlock(tty); 2010 2011 2012 mutex_lock(&tty_mutex); 2013 tty_lock(tty); 2014 spin_lock_irq(¤t->sighand->siglock); 2015 if (!noctty && 2016 current->signal->leader && 2017 !current->signal->tty && 2018 tty->session == NULL) 2019 __proc_set_tty(current, tty); 2020 spin_unlock_irq(¤t->sighand->siglock); 2021 tty_unlock(tty); 2022 mutex_unlock(&tty_mutex); 2023 return 0; 2024 err_unlock: 2025 mutex_unlock(&tty_mutex); 2026 /* after locks to avoid deadlock */ 2027 if (!IS_ERR_OR_NULL(driver)) 2028 tty_driver_kref_put(driver); 2029 err_file: 2030 tty_free_file(filp); 2031 return retval; 2032 } 2033 2034 2035 2036 /** 2037 * tty_poll - check tty status 2038 * @filp: file being polled 2039 * @wait: poll wait structures to update 2040 * 2041 * Call the line discipline polling method to obtain the poll 2042 * status of the device. 2043 * 2044 * Locking: locks called line discipline but ldisc poll method 2045 * may be re-entered freely by other callers. 2046 */ 2047 2048 static unsigned int tty_poll(struct file *filp, poll_table *wait) 2049 { 2050 struct tty_struct *tty = file_tty(filp); 2051 struct tty_ldisc *ld; 2052 int ret = 0; 2053 2054 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll")) 2055 return 0; 2056 2057 ld = tty_ldisc_ref_wait(tty); 2058 if (ld->ops->poll) 2059 ret = (ld->ops->poll)(tty, filp, wait); 2060 tty_ldisc_deref(ld); 2061 return ret; 2062 } 2063 2064 static int __tty_fasync(int fd, struct file *filp, int on) 2065 { 2066 struct tty_struct *tty = file_tty(filp); 2067 unsigned long flags; 2068 int retval = 0; 2069 2070 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync")) 2071 goto out; 2072 2073 retval = fasync_helper(fd, filp, on, &tty->fasync); 2074 if (retval <= 0) 2075 goto out; 2076 2077 if (on) { 2078 enum pid_type type; 2079 struct pid *pid; 2080 if (!waitqueue_active(&tty->read_wait)) 2081 tty->minimum_to_wake = 1; 2082 spin_lock_irqsave(&tty->ctrl_lock, flags); 2083 if (tty->pgrp) { 2084 pid = tty->pgrp; 2085 type = PIDTYPE_PGID; 2086 } else { 2087 pid = task_pid(current); 2088 type = PIDTYPE_PID; 2089 } 2090 get_pid(pid); 2091 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2092 retval = __f_setown(filp, pid, type, 0); 2093 put_pid(pid); 2094 if (retval) 2095 goto out; 2096 } else { 2097 if (!tty->fasync && !waitqueue_active(&tty->read_wait)) 2098 tty->minimum_to_wake = N_TTY_BUF_SIZE; 2099 } 2100 retval = 0; 2101 out: 2102 return retval; 2103 } 2104 2105 static int tty_fasync(int fd, struct file *filp, int on) 2106 { 2107 struct tty_struct *tty = file_tty(filp); 2108 int retval; 2109 2110 tty_lock(tty); 2111 retval = __tty_fasync(fd, filp, on); 2112 tty_unlock(tty); 2113 2114 return retval; 2115 } 2116 2117 /** 2118 * tiocsti - fake input character 2119 * @tty: tty to fake input into 2120 * @p: pointer to character 2121 * 2122 * Fake input to a tty device. Does the necessary locking and 2123 * input management. 2124 * 2125 * FIXME: does not honour flow control ?? 2126 * 2127 * Locking: 2128 * Called functions take tty_ldisc_lock 2129 * current->signal->tty check is safe without locks 2130 * 2131 * FIXME: may race normal receive processing 2132 */ 2133 2134 static int tiocsti(struct tty_struct *tty, char __user *p) 2135 { 2136 char ch, mbz = 0; 2137 struct tty_ldisc *ld; 2138 2139 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2140 return -EPERM; 2141 if (get_user(ch, p)) 2142 return -EFAULT; 2143 tty_audit_tiocsti(tty, ch); 2144 ld = tty_ldisc_ref_wait(tty); 2145 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2146 tty_ldisc_deref(ld); 2147 return 0; 2148 } 2149 2150 /** 2151 * tiocgwinsz - implement window query ioctl 2152 * @tty; tty 2153 * @arg: user buffer for result 2154 * 2155 * Copies the kernel idea of the window size into the user buffer. 2156 * 2157 * Locking: tty->termios_mutex is taken to ensure the winsize data 2158 * is consistent. 2159 */ 2160 2161 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2162 { 2163 int err; 2164 2165 mutex_lock(&tty->termios_mutex); 2166 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2167 mutex_unlock(&tty->termios_mutex); 2168 2169 return err ? -EFAULT: 0; 2170 } 2171 2172 /** 2173 * tty_do_resize - resize event 2174 * @tty: tty being resized 2175 * @rows: rows (character) 2176 * @cols: cols (character) 2177 * 2178 * Update the termios variables and send the necessary signals to 2179 * peform a terminal resize correctly 2180 */ 2181 2182 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2183 { 2184 struct pid *pgrp; 2185 unsigned long flags; 2186 2187 /* Lock the tty */ 2188 mutex_lock(&tty->termios_mutex); 2189 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2190 goto done; 2191 /* Get the PID values and reference them so we can 2192 avoid holding the tty ctrl lock while sending signals */ 2193 spin_lock_irqsave(&tty->ctrl_lock, flags); 2194 pgrp = get_pid(tty->pgrp); 2195 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2196 2197 if (pgrp) 2198 kill_pgrp(pgrp, SIGWINCH, 1); 2199 put_pid(pgrp); 2200 2201 tty->winsize = *ws; 2202 done: 2203 mutex_unlock(&tty->termios_mutex); 2204 return 0; 2205 } 2206 2207 /** 2208 * tiocswinsz - implement window size set ioctl 2209 * @tty; tty side of tty 2210 * @arg: user buffer for result 2211 * 2212 * Copies the user idea of the window size to the kernel. Traditionally 2213 * this is just advisory information but for the Linux console it 2214 * actually has driver level meaning and triggers a VC resize. 2215 * 2216 * Locking: 2217 * Driver dependent. The default do_resize method takes the 2218 * tty termios mutex and ctrl_lock. The console takes its own lock 2219 * then calls into the default method. 2220 */ 2221 2222 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2223 { 2224 struct winsize tmp_ws; 2225 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2226 return -EFAULT; 2227 2228 if (tty->ops->resize) 2229 return tty->ops->resize(tty, &tmp_ws); 2230 else 2231 return tty_do_resize(tty, &tmp_ws); 2232 } 2233 2234 /** 2235 * tioccons - allow admin to move logical console 2236 * @file: the file to become console 2237 * 2238 * Allow the administrator to move the redirected console device 2239 * 2240 * Locking: uses redirect_lock to guard the redirect information 2241 */ 2242 2243 static int tioccons(struct file *file) 2244 { 2245 if (!capable(CAP_SYS_ADMIN)) 2246 return -EPERM; 2247 if (file->f_op->write == redirected_tty_write) { 2248 struct file *f; 2249 spin_lock(&redirect_lock); 2250 f = redirect; 2251 redirect = NULL; 2252 spin_unlock(&redirect_lock); 2253 if (f) 2254 fput(f); 2255 return 0; 2256 } 2257 spin_lock(&redirect_lock); 2258 if (redirect) { 2259 spin_unlock(&redirect_lock); 2260 return -EBUSY; 2261 } 2262 redirect = get_file(file); 2263 spin_unlock(&redirect_lock); 2264 return 0; 2265 } 2266 2267 /** 2268 * fionbio - non blocking ioctl 2269 * @file: file to set blocking value 2270 * @p: user parameter 2271 * 2272 * Historical tty interfaces had a blocking control ioctl before 2273 * the generic functionality existed. This piece of history is preserved 2274 * in the expected tty API of posix OS's. 2275 * 2276 * Locking: none, the open file handle ensures it won't go away. 2277 */ 2278 2279 static int fionbio(struct file *file, int __user *p) 2280 { 2281 int nonblock; 2282 2283 if (get_user(nonblock, p)) 2284 return -EFAULT; 2285 2286 spin_lock(&file->f_lock); 2287 if (nonblock) 2288 file->f_flags |= O_NONBLOCK; 2289 else 2290 file->f_flags &= ~O_NONBLOCK; 2291 spin_unlock(&file->f_lock); 2292 return 0; 2293 } 2294 2295 /** 2296 * tiocsctty - set controlling tty 2297 * @tty: tty structure 2298 * @arg: user argument 2299 * 2300 * This ioctl is used to manage job control. It permits a session 2301 * leader to set this tty as the controlling tty for the session. 2302 * 2303 * Locking: 2304 * Takes tty_mutex() to protect tty instance 2305 * Takes tasklist_lock internally to walk sessions 2306 * Takes ->siglock() when updating signal->tty 2307 */ 2308 2309 static int tiocsctty(struct tty_struct *tty, int arg) 2310 { 2311 int ret = 0; 2312 if (current->signal->leader && (task_session(current) == tty->session)) 2313 return ret; 2314 2315 mutex_lock(&tty_mutex); 2316 /* 2317 * The process must be a session leader and 2318 * not have a controlling tty already. 2319 */ 2320 if (!current->signal->leader || current->signal->tty) { 2321 ret = -EPERM; 2322 goto unlock; 2323 } 2324 2325 if (tty->session) { 2326 /* 2327 * This tty is already the controlling 2328 * tty for another session group! 2329 */ 2330 if (arg == 1 && capable(CAP_SYS_ADMIN)) { 2331 /* 2332 * Steal it away 2333 */ 2334 read_lock(&tasklist_lock); 2335 session_clear_tty(tty->session); 2336 read_unlock(&tasklist_lock); 2337 } else { 2338 ret = -EPERM; 2339 goto unlock; 2340 } 2341 } 2342 proc_set_tty(current, tty); 2343 unlock: 2344 mutex_unlock(&tty_mutex); 2345 return ret; 2346 } 2347 2348 /** 2349 * tty_get_pgrp - return a ref counted pgrp pid 2350 * @tty: tty to read 2351 * 2352 * Returns a refcounted instance of the pid struct for the process 2353 * group controlling the tty. 2354 */ 2355 2356 struct pid *tty_get_pgrp(struct tty_struct *tty) 2357 { 2358 unsigned long flags; 2359 struct pid *pgrp; 2360 2361 spin_lock_irqsave(&tty->ctrl_lock, flags); 2362 pgrp = get_pid(tty->pgrp); 2363 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2364 2365 return pgrp; 2366 } 2367 EXPORT_SYMBOL_GPL(tty_get_pgrp); 2368 2369 /** 2370 * tiocgpgrp - get process group 2371 * @tty: tty passed by user 2372 * @real_tty: tty side of the tty passed by the user if a pty else the tty 2373 * @p: returned pid 2374 * 2375 * Obtain the process group of the tty. If there is no process group 2376 * return an error. 2377 * 2378 * Locking: none. Reference to current->signal->tty is safe. 2379 */ 2380 2381 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2382 { 2383 struct pid *pid; 2384 int ret; 2385 /* 2386 * (tty == real_tty) is a cheap way of 2387 * testing if the tty is NOT a master pty. 2388 */ 2389 if (tty == real_tty && current->signal->tty != real_tty) 2390 return -ENOTTY; 2391 pid = tty_get_pgrp(real_tty); 2392 ret = put_user(pid_vnr(pid), p); 2393 put_pid(pid); 2394 return ret; 2395 } 2396 2397 /** 2398 * tiocspgrp - attempt to set process group 2399 * @tty: tty passed by user 2400 * @real_tty: tty side device matching tty passed by user 2401 * @p: pid pointer 2402 * 2403 * Set the process group of the tty to the session passed. Only 2404 * permitted where the tty session is our session. 2405 * 2406 * Locking: RCU, ctrl lock 2407 */ 2408 2409 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2410 { 2411 struct pid *pgrp; 2412 pid_t pgrp_nr; 2413 int retval = tty_check_change(real_tty); 2414 unsigned long flags; 2415 2416 if (retval == -EIO) 2417 return -ENOTTY; 2418 if (retval) 2419 return retval; 2420 if (!current->signal->tty || 2421 (current->signal->tty != real_tty) || 2422 (real_tty->session != task_session(current))) 2423 return -ENOTTY; 2424 if (get_user(pgrp_nr, p)) 2425 return -EFAULT; 2426 if (pgrp_nr < 0) 2427 return -EINVAL; 2428 rcu_read_lock(); 2429 pgrp = find_vpid(pgrp_nr); 2430 retval = -ESRCH; 2431 if (!pgrp) 2432 goto out_unlock; 2433 retval = -EPERM; 2434 if (session_of_pgrp(pgrp) != task_session(current)) 2435 goto out_unlock; 2436 retval = 0; 2437 spin_lock_irqsave(&tty->ctrl_lock, flags); 2438 put_pid(real_tty->pgrp); 2439 real_tty->pgrp = get_pid(pgrp); 2440 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2441 out_unlock: 2442 rcu_read_unlock(); 2443 return retval; 2444 } 2445 2446 /** 2447 * tiocgsid - get session id 2448 * @tty: tty passed by user 2449 * @real_tty: tty side of the tty passed by the user if a pty else the tty 2450 * @p: pointer to returned session id 2451 * 2452 * Obtain the session id of the tty. If there is no session 2453 * return an error. 2454 * 2455 * Locking: none. Reference to current->signal->tty is safe. 2456 */ 2457 2458 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2459 { 2460 /* 2461 * (tty == real_tty) is a cheap way of 2462 * testing if the tty is NOT a master pty. 2463 */ 2464 if (tty == real_tty && current->signal->tty != real_tty) 2465 return -ENOTTY; 2466 if (!real_tty->session) 2467 return -ENOTTY; 2468 return put_user(pid_vnr(real_tty->session), p); 2469 } 2470 2471 /** 2472 * tiocsetd - set line discipline 2473 * @tty: tty device 2474 * @p: pointer to user data 2475 * 2476 * Set the line discipline according to user request. 2477 * 2478 * Locking: see tty_set_ldisc, this function is just a helper 2479 */ 2480 2481 static int tiocsetd(struct tty_struct *tty, int __user *p) 2482 { 2483 int ldisc; 2484 int ret; 2485 2486 if (get_user(ldisc, p)) 2487 return -EFAULT; 2488 2489 ret = tty_set_ldisc(tty, ldisc); 2490 2491 return ret; 2492 } 2493 2494 /** 2495 * send_break - performed time break 2496 * @tty: device to break on 2497 * @duration: timeout in mS 2498 * 2499 * Perform a timed break on hardware that lacks its own driver level 2500 * timed break functionality. 2501 * 2502 * Locking: 2503 * atomic_write_lock serializes 2504 * 2505 */ 2506 2507 static int send_break(struct tty_struct *tty, unsigned int duration) 2508 { 2509 int retval; 2510 2511 if (tty->ops->break_ctl == NULL) 2512 return 0; 2513 2514 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2515 retval = tty->ops->break_ctl(tty, duration); 2516 else { 2517 /* Do the work ourselves */ 2518 if (tty_write_lock(tty, 0) < 0) 2519 return -EINTR; 2520 retval = tty->ops->break_ctl(tty, -1); 2521 if (retval) 2522 goto out; 2523 if (!signal_pending(current)) 2524 msleep_interruptible(duration); 2525 retval = tty->ops->break_ctl(tty, 0); 2526 out: 2527 tty_write_unlock(tty); 2528 if (signal_pending(current)) 2529 retval = -EINTR; 2530 } 2531 return retval; 2532 } 2533 2534 /** 2535 * tty_tiocmget - get modem status 2536 * @tty: tty device 2537 * @file: user file pointer 2538 * @p: pointer to result 2539 * 2540 * Obtain the modem status bits from the tty driver if the feature 2541 * is supported. Return -EINVAL if it is not available. 2542 * 2543 * Locking: none (up to the driver) 2544 */ 2545 2546 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2547 { 2548 int retval = -EINVAL; 2549 2550 if (tty->ops->tiocmget) { 2551 retval = tty->ops->tiocmget(tty); 2552 2553 if (retval >= 0) 2554 retval = put_user(retval, p); 2555 } 2556 return retval; 2557 } 2558 2559 /** 2560 * tty_tiocmset - set modem status 2561 * @tty: tty device 2562 * @cmd: command - clear bits, set bits or set all 2563 * @p: pointer to desired bits 2564 * 2565 * Set the modem status bits from the tty driver if the feature 2566 * is supported. Return -EINVAL if it is not available. 2567 * 2568 * Locking: none (up to the driver) 2569 */ 2570 2571 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2572 unsigned __user *p) 2573 { 2574 int retval; 2575 unsigned int set, clear, val; 2576 2577 if (tty->ops->tiocmset == NULL) 2578 return -EINVAL; 2579 2580 retval = get_user(val, p); 2581 if (retval) 2582 return retval; 2583 set = clear = 0; 2584 switch (cmd) { 2585 case TIOCMBIS: 2586 set = val; 2587 break; 2588 case TIOCMBIC: 2589 clear = val; 2590 break; 2591 case TIOCMSET: 2592 set = val; 2593 clear = ~val; 2594 break; 2595 } 2596 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2597 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2598 return tty->ops->tiocmset(tty, set, clear); 2599 } 2600 2601 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2602 { 2603 int retval = -EINVAL; 2604 struct serial_icounter_struct icount; 2605 memset(&icount, 0, sizeof(icount)); 2606 if (tty->ops->get_icount) 2607 retval = tty->ops->get_icount(tty, &icount); 2608 if (retval != 0) 2609 return retval; 2610 if (copy_to_user(arg, &icount, sizeof(icount))) 2611 return -EFAULT; 2612 return 0; 2613 } 2614 2615 struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2616 { 2617 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2618 tty->driver->subtype == PTY_TYPE_MASTER) 2619 tty = tty->link; 2620 return tty; 2621 } 2622 EXPORT_SYMBOL(tty_pair_get_tty); 2623 2624 struct tty_struct *tty_pair_get_pty(struct tty_struct *tty) 2625 { 2626 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2627 tty->driver->subtype == PTY_TYPE_MASTER) 2628 return tty; 2629 return tty->link; 2630 } 2631 EXPORT_SYMBOL(tty_pair_get_pty); 2632 2633 /* 2634 * Split this up, as gcc can choke on it otherwise.. 2635 */ 2636 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2637 { 2638 struct tty_struct *tty = file_tty(file); 2639 struct tty_struct *real_tty; 2640 void __user *p = (void __user *)arg; 2641 int retval; 2642 struct tty_ldisc *ld; 2643 struct inode *inode = file->f_dentry->d_inode; 2644 2645 if (tty_paranoia_check(tty, inode, "tty_ioctl")) 2646 return -EINVAL; 2647 2648 real_tty = tty_pair_get_tty(tty); 2649 2650 /* 2651 * Factor out some common prep work 2652 */ 2653 switch (cmd) { 2654 case TIOCSETD: 2655 case TIOCSBRK: 2656 case TIOCCBRK: 2657 case TCSBRK: 2658 case TCSBRKP: 2659 retval = tty_check_change(tty); 2660 if (retval) 2661 return retval; 2662 if (cmd != TIOCCBRK) { 2663 tty_wait_until_sent(tty, 0); 2664 if (signal_pending(current)) 2665 return -EINTR; 2666 } 2667 break; 2668 } 2669 2670 /* 2671 * Now do the stuff. 2672 */ 2673 switch (cmd) { 2674 case TIOCSTI: 2675 return tiocsti(tty, p); 2676 case TIOCGWINSZ: 2677 return tiocgwinsz(real_tty, p); 2678 case TIOCSWINSZ: 2679 return tiocswinsz(real_tty, p); 2680 case TIOCCONS: 2681 return real_tty != tty ? -EINVAL : tioccons(file); 2682 case FIONBIO: 2683 return fionbio(file, p); 2684 case TIOCEXCL: 2685 set_bit(TTY_EXCLUSIVE, &tty->flags); 2686 return 0; 2687 case TIOCNXCL: 2688 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2689 return 0; 2690 case TIOCNOTTY: 2691 if (current->signal->tty != tty) 2692 return -ENOTTY; 2693 no_tty(); 2694 return 0; 2695 case TIOCSCTTY: 2696 return tiocsctty(tty, arg); 2697 case TIOCGPGRP: 2698 return tiocgpgrp(tty, real_tty, p); 2699 case TIOCSPGRP: 2700 return tiocspgrp(tty, real_tty, p); 2701 case TIOCGSID: 2702 return tiocgsid(tty, real_tty, p); 2703 case TIOCGETD: 2704 return put_user(tty->ldisc->ops->num, (int __user *)p); 2705 case TIOCSETD: 2706 return tiocsetd(tty, p); 2707 case TIOCVHANGUP: 2708 if (!capable(CAP_SYS_ADMIN)) 2709 return -EPERM; 2710 tty_vhangup(tty); 2711 return 0; 2712 case TIOCGDEV: 2713 { 2714 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2715 return put_user(ret, (unsigned int __user *)p); 2716 } 2717 /* 2718 * Break handling 2719 */ 2720 case TIOCSBRK: /* Turn break on, unconditionally */ 2721 if (tty->ops->break_ctl) 2722 return tty->ops->break_ctl(tty, -1); 2723 return 0; 2724 case TIOCCBRK: /* Turn break off, unconditionally */ 2725 if (tty->ops->break_ctl) 2726 return tty->ops->break_ctl(tty, 0); 2727 return 0; 2728 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2729 /* non-zero arg means wait for all output data 2730 * to be sent (performed above) but don't send break. 2731 * This is used by the tcdrain() termios function. 2732 */ 2733 if (!arg) 2734 return send_break(tty, 250); 2735 return 0; 2736 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2737 return send_break(tty, arg ? arg*100 : 250); 2738 2739 case TIOCMGET: 2740 return tty_tiocmget(tty, p); 2741 case TIOCMSET: 2742 case TIOCMBIC: 2743 case TIOCMBIS: 2744 return tty_tiocmset(tty, cmd, p); 2745 case TIOCGICOUNT: 2746 retval = tty_tiocgicount(tty, p); 2747 /* For the moment allow fall through to the old method */ 2748 if (retval != -EINVAL) 2749 return retval; 2750 break; 2751 case TCFLSH: 2752 switch (arg) { 2753 case TCIFLUSH: 2754 case TCIOFLUSH: 2755 /* flush tty buffer and allow ldisc to process ioctl */ 2756 tty_buffer_flush(tty); 2757 break; 2758 } 2759 break; 2760 } 2761 if (tty->ops->ioctl) { 2762 retval = (tty->ops->ioctl)(tty, cmd, arg); 2763 if (retval != -ENOIOCTLCMD) 2764 return retval; 2765 } 2766 ld = tty_ldisc_ref_wait(tty); 2767 retval = -EINVAL; 2768 if (ld->ops->ioctl) { 2769 retval = ld->ops->ioctl(tty, file, cmd, arg); 2770 if (retval == -ENOIOCTLCMD) 2771 retval = -ENOTTY; 2772 } 2773 tty_ldisc_deref(ld); 2774 return retval; 2775 } 2776 2777 #ifdef CONFIG_COMPAT 2778 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2779 unsigned long arg) 2780 { 2781 struct inode *inode = file->f_dentry->d_inode; 2782 struct tty_struct *tty = file_tty(file); 2783 struct tty_ldisc *ld; 2784 int retval = -ENOIOCTLCMD; 2785 2786 if (tty_paranoia_check(tty, inode, "tty_ioctl")) 2787 return -EINVAL; 2788 2789 if (tty->ops->compat_ioctl) { 2790 retval = (tty->ops->compat_ioctl)(tty, cmd, arg); 2791 if (retval != -ENOIOCTLCMD) 2792 return retval; 2793 } 2794 2795 ld = tty_ldisc_ref_wait(tty); 2796 if (ld->ops->compat_ioctl) 2797 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2798 else 2799 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg); 2800 tty_ldisc_deref(ld); 2801 2802 return retval; 2803 } 2804 #endif 2805 2806 static int this_tty(const void *t, struct file *file, unsigned fd) 2807 { 2808 if (likely(file->f_op->read != tty_read)) 2809 return 0; 2810 return file_tty(file) != t ? 0 : fd + 1; 2811 } 2812 2813 /* 2814 * This implements the "Secure Attention Key" --- the idea is to 2815 * prevent trojan horses by killing all processes associated with this 2816 * tty when the user hits the "Secure Attention Key". Required for 2817 * super-paranoid applications --- see the Orange Book for more details. 2818 * 2819 * This code could be nicer; ideally it should send a HUP, wait a few 2820 * seconds, then send a INT, and then a KILL signal. But you then 2821 * have to coordinate with the init process, since all processes associated 2822 * with the current tty must be dead before the new getty is allowed 2823 * to spawn. 2824 * 2825 * Now, if it would be correct ;-/ The current code has a nasty hole - 2826 * it doesn't catch files in flight. We may send the descriptor to ourselves 2827 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2828 * 2829 * Nasty bug: do_SAK is being called in interrupt context. This can 2830 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2831 */ 2832 void __do_SAK(struct tty_struct *tty) 2833 { 2834 #ifdef TTY_SOFT_SAK 2835 tty_hangup(tty); 2836 #else 2837 struct task_struct *g, *p; 2838 struct pid *session; 2839 int i; 2840 2841 if (!tty) 2842 return; 2843 session = tty->session; 2844 2845 tty_ldisc_flush(tty); 2846 2847 tty_driver_flush_buffer(tty); 2848 2849 read_lock(&tasklist_lock); 2850 /* Kill the entire session */ 2851 do_each_pid_task(session, PIDTYPE_SID, p) { 2852 printk(KERN_NOTICE "SAK: killed process %d" 2853 " (%s): task_session(p)==tty->session\n", 2854 task_pid_nr(p), p->comm); 2855 send_sig(SIGKILL, p, 1); 2856 } while_each_pid_task(session, PIDTYPE_SID, p); 2857 /* Now kill any processes that happen to have the 2858 * tty open. 2859 */ 2860 do_each_thread(g, p) { 2861 if (p->signal->tty == tty) { 2862 printk(KERN_NOTICE "SAK: killed process %d" 2863 " (%s): task_session(p)==tty->session\n", 2864 task_pid_nr(p), p->comm); 2865 send_sig(SIGKILL, p, 1); 2866 continue; 2867 } 2868 task_lock(p); 2869 i = iterate_fd(p->files, 0, this_tty, tty); 2870 if (i != 0) { 2871 printk(KERN_NOTICE "SAK: killed process %d" 2872 " (%s): fd#%d opened to the tty\n", 2873 task_pid_nr(p), p->comm, i - 1); 2874 force_sig(SIGKILL, p); 2875 } 2876 task_unlock(p); 2877 } while_each_thread(g, p); 2878 read_unlock(&tasklist_lock); 2879 #endif 2880 } 2881 2882 static void do_SAK_work(struct work_struct *work) 2883 { 2884 struct tty_struct *tty = 2885 container_of(work, struct tty_struct, SAK_work); 2886 __do_SAK(tty); 2887 } 2888 2889 /* 2890 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2891 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2892 * the values which we write to it will be identical to the values which it 2893 * already has. --akpm 2894 */ 2895 void do_SAK(struct tty_struct *tty) 2896 { 2897 if (!tty) 2898 return; 2899 schedule_work(&tty->SAK_work); 2900 } 2901 2902 EXPORT_SYMBOL(do_SAK); 2903 2904 static int dev_match_devt(struct device *dev, void *data) 2905 { 2906 dev_t *devt = data; 2907 return dev->devt == *devt; 2908 } 2909 2910 /* Must put_device() after it's unused! */ 2911 static struct device *tty_get_device(struct tty_struct *tty) 2912 { 2913 dev_t devt = tty_devnum(tty); 2914 return class_find_device(tty_class, NULL, &devt, dev_match_devt); 2915 } 2916 2917 2918 /** 2919 * initialize_tty_struct 2920 * @tty: tty to initialize 2921 * 2922 * This subroutine initializes a tty structure that has been newly 2923 * allocated. 2924 * 2925 * Locking: none - tty in question must not be exposed at this point 2926 */ 2927 2928 void initialize_tty_struct(struct tty_struct *tty, 2929 struct tty_driver *driver, int idx) 2930 { 2931 memset(tty, 0, sizeof(struct tty_struct)); 2932 kref_init(&tty->kref); 2933 tty->magic = TTY_MAGIC; 2934 tty_ldisc_init(tty); 2935 tty->session = NULL; 2936 tty->pgrp = NULL; 2937 mutex_init(&tty->legacy_mutex); 2938 mutex_init(&tty->termios_mutex); 2939 mutex_init(&tty->ldisc_mutex); 2940 init_waitqueue_head(&tty->write_wait); 2941 init_waitqueue_head(&tty->read_wait); 2942 INIT_WORK(&tty->hangup_work, do_tty_hangup); 2943 mutex_init(&tty->atomic_write_lock); 2944 spin_lock_init(&tty->ctrl_lock); 2945 INIT_LIST_HEAD(&tty->tty_files); 2946 INIT_WORK(&tty->SAK_work, do_SAK_work); 2947 2948 tty->driver = driver; 2949 tty->ops = driver->ops; 2950 tty->index = idx; 2951 tty_line_name(driver, idx, tty->name); 2952 tty->dev = tty_get_device(tty); 2953 } 2954 2955 /** 2956 * deinitialize_tty_struct 2957 * @tty: tty to deinitialize 2958 * 2959 * This subroutine deinitializes a tty structure that has been newly 2960 * allocated but tty_release cannot be called on that yet. 2961 * 2962 * Locking: none - tty in question must not be exposed at this point 2963 */ 2964 void deinitialize_tty_struct(struct tty_struct *tty) 2965 { 2966 tty_ldisc_deinit(tty); 2967 } 2968 2969 /** 2970 * tty_put_char - write one character to a tty 2971 * @tty: tty 2972 * @ch: character 2973 * 2974 * Write one byte to the tty using the provided put_char method 2975 * if present. Returns the number of characters successfully output. 2976 * 2977 * Note: the specific put_char operation in the driver layer may go 2978 * away soon. Don't call it directly, use this method 2979 */ 2980 2981 int tty_put_char(struct tty_struct *tty, unsigned char ch) 2982 { 2983 if (tty->ops->put_char) 2984 return tty->ops->put_char(tty, ch); 2985 return tty->ops->write(tty, &ch, 1); 2986 } 2987 EXPORT_SYMBOL_GPL(tty_put_char); 2988 2989 struct class *tty_class; 2990 2991 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 2992 unsigned int index, unsigned int count) 2993 { 2994 /* init here, since reused cdevs cause crashes */ 2995 cdev_init(&driver->cdevs[index], &tty_fops); 2996 driver->cdevs[index].owner = driver->owner; 2997 return cdev_add(&driver->cdevs[index], dev, count); 2998 } 2999 3000 /** 3001 * tty_register_device - register a tty device 3002 * @driver: the tty driver that describes the tty device 3003 * @index: the index in the tty driver for this tty device 3004 * @device: a struct device that is associated with this tty device. 3005 * This field is optional, if there is no known struct device 3006 * for this tty device it can be set to NULL safely. 3007 * 3008 * Returns a pointer to the struct device for this tty device 3009 * (or ERR_PTR(-EFOO) on error). 3010 * 3011 * This call is required to be made to register an individual tty device 3012 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3013 * that bit is not set, this function should not be called by a tty 3014 * driver. 3015 * 3016 * Locking: ?? 3017 */ 3018 3019 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3020 struct device *device) 3021 { 3022 return tty_register_device_attr(driver, index, device, NULL, NULL); 3023 } 3024 EXPORT_SYMBOL(tty_register_device); 3025 3026 static void tty_device_create_release(struct device *dev) 3027 { 3028 pr_debug("device: '%s': %s\n", dev_name(dev), __func__); 3029 kfree(dev); 3030 } 3031 3032 /** 3033 * tty_register_device_attr - register a tty device 3034 * @driver: the tty driver that describes the tty device 3035 * @index: the index in the tty driver for this tty device 3036 * @device: a struct device that is associated with this tty device. 3037 * This field is optional, if there is no known struct device 3038 * for this tty device it can be set to NULL safely. 3039 * @drvdata: Driver data to be set to device. 3040 * @attr_grp: Attribute group to be set on device. 3041 * 3042 * Returns a pointer to the struct device for this tty device 3043 * (or ERR_PTR(-EFOO) on error). 3044 * 3045 * This call is required to be made to register an individual tty device 3046 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3047 * that bit is not set, this function should not be called by a tty 3048 * driver. 3049 * 3050 * Locking: ?? 3051 */ 3052 struct device *tty_register_device_attr(struct tty_driver *driver, 3053 unsigned index, struct device *device, 3054 void *drvdata, 3055 const struct attribute_group **attr_grp) 3056 { 3057 char name[64]; 3058 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3059 struct device *dev = NULL; 3060 int retval = -ENODEV; 3061 bool cdev = false; 3062 3063 if (index >= driver->num) { 3064 printk(KERN_ERR "Attempt to register invalid tty line number " 3065 " (%d).\n", index); 3066 return ERR_PTR(-EINVAL); 3067 } 3068 3069 if (driver->type == TTY_DRIVER_TYPE_PTY) 3070 pty_line_name(driver, index, name); 3071 else 3072 tty_line_name(driver, index, name); 3073 3074 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3075 retval = tty_cdev_add(driver, devt, index, 1); 3076 if (retval) 3077 goto error; 3078 cdev = true; 3079 } 3080 3081 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3082 if (!dev) { 3083 retval = -ENOMEM; 3084 goto error; 3085 } 3086 3087 dev->devt = devt; 3088 dev->class = tty_class; 3089 dev->parent = device; 3090 dev->release = tty_device_create_release; 3091 dev_set_name(dev, "%s", name); 3092 dev->groups = attr_grp; 3093 dev_set_drvdata(dev, drvdata); 3094 3095 retval = device_register(dev); 3096 if (retval) 3097 goto error; 3098 3099 return dev; 3100 3101 error: 3102 put_device(dev); 3103 if (cdev) 3104 cdev_del(&driver->cdevs[index]); 3105 return ERR_PTR(retval); 3106 } 3107 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3108 3109 /** 3110 * tty_unregister_device - unregister a tty device 3111 * @driver: the tty driver that describes the tty device 3112 * @index: the index in the tty driver for this tty device 3113 * 3114 * If a tty device is registered with a call to tty_register_device() then 3115 * this function must be called when the tty device is gone. 3116 * 3117 * Locking: ?? 3118 */ 3119 3120 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3121 { 3122 device_destroy(tty_class, 3123 MKDEV(driver->major, driver->minor_start) + index); 3124 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) 3125 cdev_del(&driver->cdevs[index]); 3126 } 3127 EXPORT_SYMBOL(tty_unregister_device); 3128 3129 /** 3130 * __tty_alloc_driver -- allocate tty driver 3131 * @lines: count of lines this driver can handle at most 3132 * @owner: module which is repsonsible for this driver 3133 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3134 * 3135 * This should not be called directly, some of the provided macros should be 3136 * used instead. Use IS_ERR and friends on @retval. 3137 */ 3138 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3139 unsigned long flags) 3140 { 3141 struct tty_driver *driver; 3142 unsigned int cdevs = 1; 3143 int err; 3144 3145 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3146 return ERR_PTR(-EINVAL); 3147 3148 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL); 3149 if (!driver) 3150 return ERR_PTR(-ENOMEM); 3151 3152 kref_init(&driver->kref); 3153 driver->magic = TTY_DRIVER_MAGIC; 3154 driver->num = lines; 3155 driver->owner = owner; 3156 driver->flags = flags; 3157 3158 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3159 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3160 GFP_KERNEL); 3161 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3162 GFP_KERNEL); 3163 if (!driver->ttys || !driver->termios) { 3164 err = -ENOMEM; 3165 goto err_free_all; 3166 } 3167 } 3168 3169 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3170 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3171 GFP_KERNEL); 3172 if (!driver->ports) { 3173 err = -ENOMEM; 3174 goto err_free_all; 3175 } 3176 cdevs = lines; 3177 } 3178 3179 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3180 if (!driver->cdevs) { 3181 err = -ENOMEM; 3182 goto err_free_all; 3183 } 3184 3185 return driver; 3186 err_free_all: 3187 kfree(driver->ports); 3188 kfree(driver->ttys); 3189 kfree(driver->termios); 3190 kfree(driver); 3191 return ERR_PTR(err); 3192 } 3193 EXPORT_SYMBOL(__tty_alloc_driver); 3194 3195 static void destruct_tty_driver(struct kref *kref) 3196 { 3197 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3198 int i; 3199 struct ktermios *tp; 3200 3201 if (driver->flags & TTY_DRIVER_INSTALLED) { 3202 /* 3203 * Free the termios and termios_locked structures because 3204 * we don't want to get memory leaks when modular tty 3205 * drivers are removed from the kernel. 3206 */ 3207 for (i = 0; i < driver->num; i++) { 3208 tp = driver->termios[i]; 3209 if (tp) { 3210 driver->termios[i] = NULL; 3211 kfree(tp); 3212 } 3213 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3214 tty_unregister_device(driver, i); 3215 } 3216 proc_tty_unregister_driver(driver); 3217 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3218 cdev_del(&driver->cdevs[0]); 3219 } 3220 kfree(driver->cdevs); 3221 kfree(driver->ports); 3222 kfree(driver->termios); 3223 kfree(driver->ttys); 3224 kfree(driver); 3225 } 3226 3227 void tty_driver_kref_put(struct tty_driver *driver) 3228 { 3229 kref_put(&driver->kref, destruct_tty_driver); 3230 } 3231 EXPORT_SYMBOL(tty_driver_kref_put); 3232 3233 void tty_set_operations(struct tty_driver *driver, 3234 const struct tty_operations *op) 3235 { 3236 driver->ops = op; 3237 }; 3238 EXPORT_SYMBOL(tty_set_operations); 3239 3240 void put_tty_driver(struct tty_driver *d) 3241 { 3242 tty_driver_kref_put(d); 3243 } 3244 EXPORT_SYMBOL(put_tty_driver); 3245 3246 /* 3247 * Called by a tty driver to register itself. 3248 */ 3249 int tty_register_driver(struct tty_driver *driver) 3250 { 3251 int error; 3252 int i; 3253 dev_t dev; 3254 struct device *d; 3255 3256 if (!driver->major) { 3257 error = alloc_chrdev_region(&dev, driver->minor_start, 3258 driver->num, driver->name); 3259 if (!error) { 3260 driver->major = MAJOR(dev); 3261 driver->minor_start = MINOR(dev); 3262 } 3263 } else { 3264 dev = MKDEV(driver->major, driver->minor_start); 3265 error = register_chrdev_region(dev, driver->num, driver->name); 3266 } 3267 if (error < 0) 3268 goto err; 3269 3270 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3271 error = tty_cdev_add(driver, dev, 0, driver->num); 3272 if (error) 3273 goto err_unreg_char; 3274 } 3275 3276 mutex_lock(&tty_mutex); 3277 list_add(&driver->tty_drivers, &tty_drivers); 3278 mutex_unlock(&tty_mutex); 3279 3280 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3281 for (i = 0; i < driver->num; i++) { 3282 d = tty_register_device(driver, i, NULL); 3283 if (IS_ERR(d)) { 3284 error = PTR_ERR(d); 3285 goto err_unreg_devs; 3286 } 3287 } 3288 } 3289 proc_tty_register_driver(driver); 3290 driver->flags |= TTY_DRIVER_INSTALLED; 3291 return 0; 3292 3293 err_unreg_devs: 3294 for (i--; i >= 0; i--) 3295 tty_unregister_device(driver, i); 3296 3297 mutex_lock(&tty_mutex); 3298 list_del(&driver->tty_drivers); 3299 mutex_unlock(&tty_mutex); 3300 3301 err_unreg_char: 3302 unregister_chrdev_region(dev, driver->num); 3303 err: 3304 return error; 3305 } 3306 EXPORT_SYMBOL(tty_register_driver); 3307 3308 /* 3309 * Called by a tty driver to unregister itself. 3310 */ 3311 int tty_unregister_driver(struct tty_driver *driver) 3312 { 3313 #if 0 3314 /* FIXME */ 3315 if (driver->refcount) 3316 return -EBUSY; 3317 #endif 3318 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3319 driver->num); 3320 mutex_lock(&tty_mutex); 3321 list_del(&driver->tty_drivers); 3322 mutex_unlock(&tty_mutex); 3323 return 0; 3324 } 3325 3326 EXPORT_SYMBOL(tty_unregister_driver); 3327 3328 dev_t tty_devnum(struct tty_struct *tty) 3329 { 3330 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3331 } 3332 EXPORT_SYMBOL(tty_devnum); 3333 3334 void proc_clear_tty(struct task_struct *p) 3335 { 3336 unsigned long flags; 3337 struct tty_struct *tty; 3338 spin_lock_irqsave(&p->sighand->siglock, flags); 3339 tty = p->signal->tty; 3340 p->signal->tty = NULL; 3341 spin_unlock_irqrestore(&p->sighand->siglock, flags); 3342 tty_kref_put(tty); 3343 } 3344 3345 /* Called under the sighand lock */ 3346 3347 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty) 3348 { 3349 if (tty) { 3350 unsigned long flags; 3351 /* We should not have a session or pgrp to put here but.... */ 3352 spin_lock_irqsave(&tty->ctrl_lock, flags); 3353 put_pid(tty->session); 3354 put_pid(tty->pgrp); 3355 tty->pgrp = get_pid(task_pgrp(tsk)); 3356 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 3357 tty->session = get_pid(task_session(tsk)); 3358 if (tsk->signal->tty) { 3359 printk(KERN_DEBUG "tty not NULL!!\n"); 3360 tty_kref_put(tsk->signal->tty); 3361 } 3362 } 3363 put_pid(tsk->signal->tty_old_pgrp); 3364 tsk->signal->tty = tty_kref_get(tty); 3365 tsk->signal->tty_old_pgrp = NULL; 3366 } 3367 3368 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty) 3369 { 3370 spin_lock_irq(&tsk->sighand->siglock); 3371 __proc_set_tty(tsk, tty); 3372 spin_unlock_irq(&tsk->sighand->siglock); 3373 } 3374 3375 struct tty_struct *get_current_tty(void) 3376 { 3377 struct tty_struct *tty; 3378 unsigned long flags; 3379 3380 spin_lock_irqsave(¤t->sighand->siglock, flags); 3381 tty = tty_kref_get(current->signal->tty); 3382 spin_unlock_irqrestore(¤t->sighand->siglock, flags); 3383 return tty; 3384 } 3385 EXPORT_SYMBOL_GPL(get_current_tty); 3386 3387 void tty_default_fops(struct file_operations *fops) 3388 { 3389 *fops = tty_fops; 3390 } 3391 3392 /* 3393 * Initialize the console device. This is called *early*, so 3394 * we can't necessarily depend on lots of kernel help here. 3395 * Just do some early initializations, and do the complex setup 3396 * later. 3397 */ 3398 void __init console_init(void) 3399 { 3400 initcall_t *call; 3401 3402 /* Setup the default TTY line discipline. */ 3403 tty_ldisc_begin(); 3404 3405 /* 3406 * set up the console device so that later boot sequences can 3407 * inform about problems etc.. 3408 */ 3409 call = __con_initcall_start; 3410 while (call < __con_initcall_end) { 3411 (*call)(); 3412 call++; 3413 } 3414 } 3415 3416 static char *tty_devnode(struct device *dev, umode_t *mode) 3417 { 3418 if (!mode) 3419 return NULL; 3420 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3421 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3422 *mode = 0666; 3423 return NULL; 3424 } 3425 3426 static int __init tty_class_init(void) 3427 { 3428 tty_class = class_create(THIS_MODULE, "tty"); 3429 if (IS_ERR(tty_class)) 3430 return PTR_ERR(tty_class); 3431 tty_class->devnode = tty_devnode; 3432 return 0; 3433 } 3434 3435 postcore_initcall(tty_class_init); 3436 3437 /* 3/2004 jmc: why do these devices exist? */ 3438 static struct cdev tty_cdev, console_cdev; 3439 3440 static ssize_t show_cons_active(struct device *dev, 3441 struct device_attribute *attr, char *buf) 3442 { 3443 struct console *cs[16]; 3444 int i = 0; 3445 struct console *c; 3446 ssize_t count = 0; 3447 3448 console_lock(); 3449 for_each_console(c) { 3450 if (!c->device) 3451 continue; 3452 if (!c->write) 3453 continue; 3454 if ((c->flags & CON_ENABLED) == 0) 3455 continue; 3456 cs[i++] = c; 3457 if (i >= ARRAY_SIZE(cs)) 3458 break; 3459 } 3460 while (i--) 3461 count += sprintf(buf + count, "%s%d%c", 3462 cs[i]->name, cs[i]->index, i ? ' ':'\n'); 3463 console_unlock(); 3464 3465 return count; 3466 } 3467 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3468 3469 static struct device *consdev; 3470 3471 void console_sysfs_notify(void) 3472 { 3473 if (consdev) 3474 sysfs_notify(&consdev->kobj, NULL, "active"); 3475 } 3476 3477 /* 3478 * Ok, now we can initialize the rest of the tty devices and can count 3479 * on memory allocations, interrupts etc.. 3480 */ 3481 int __init tty_init(void) 3482 { 3483 cdev_init(&tty_cdev, &tty_fops); 3484 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3485 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3486 panic("Couldn't register /dev/tty driver\n"); 3487 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3488 3489 cdev_init(&console_cdev, &console_fops); 3490 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3491 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3492 panic("Couldn't register /dev/console driver\n"); 3493 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL, 3494 "console"); 3495 if (IS_ERR(consdev)) 3496 consdev = NULL; 3497 else 3498 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0); 3499 3500 #ifdef CONFIG_VT 3501 vty_init(&console_fops); 3502 #endif 3503 return 0; 3504 } 3505 3506