1 /* 2 * Copyright (C) 1991, 1992 Linus Torvalds 3 */ 4 5 /* 6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 7 * or rs-channels. It also implements echoing, cooked mode etc. 8 * 9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 10 * 11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 12 * tty_struct and tty_queue structures. Previously there was an array 13 * of 256 tty_struct's which was statically allocated, and the 14 * tty_queue structures were allocated at boot time. Both are now 15 * dynamically allocated only when the tty is open. 16 * 17 * Also restructured routines so that there is more of a separation 18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 19 * the low-level tty routines (serial.c, pty.c, console.c). This 20 * makes for cleaner and more compact code. -TYT, 9/17/92 21 * 22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 23 * which can be dynamically activated and de-activated by the line 24 * discipline handling modules (like SLIP). 25 * 26 * NOTE: pay no attention to the line discipline code (yet); its 27 * interface is still subject to change in this version... 28 * -- TYT, 1/31/92 29 * 30 * Added functionality to the OPOST tty handling. No delays, but all 31 * other bits should be there. 32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 33 * 34 * Rewrote canonical mode and added more termios flags. 35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 36 * 37 * Reorganized FASYNC support so mouse code can share it. 38 * -- ctm@ardi.com, 9Sep95 39 * 40 * New TIOCLINUX variants added. 41 * -- mj@k332.feld.cvut.cz, 19-Nov-95 42 * 43 * Restrict vt switching via ioctl() 44 * -- grif@cs.ucr.edu, 5-Dec-95 45 * 46 * Move console and virtual terminal code to more appropriate files, 47 * implement CONFIG_VT and generalize console device interface. 48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 49 * 50 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 51 * -- Bill Hawes <whawes@star.net>, June 97 52 * 53 * Added devfs support. 54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 55 * 56 * Added support for a Unix98-style ptmx device. 57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 58 * 59 * Reduced memory usage for older ARM systems 60 * -- Russell King <rmk@arm.linux.org.uk> 61 * 62 * Move do_SAK() into process context. Less stack use in devfs functions. 63 * alloc_tty_struct() always uses kmalloc() 64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 65 */ 66 67 #include <linux/types.h> 68 #include <linux/major.h> 69 #include <linux/errno.h> 70 #include <linux/signal.h> 71 #include <linux/fcntl.h> 72 #include <linux/sched/signal.h> 73 #include <linux/sched/task.h> 74 #include <linux/interrupt.h> 75 #include <linux/tty.h> 76 #include <linux/tty_driver.h> 77 #include <linux/tty_flip.h> 78 #include <linux/devpts_fs.h> 79 #include <linux/file.h> 80 #include <linux/fdtable.h> 81 #include <linux/console.h> 82 #include <linux/timer.h> 83 #include <linux/ctype.h> 84 #include <linux/kd.h> 85 #include <linux/mm.h> 86 #include <linux/string.h> 87 #include <linux/slab.h> 88 #include <linux/poll.h> 89 #include <linux/proc_fs.h> 90 #include <linux/init.h> 91 #include <linux/module.h> 92 #include <linux/device.h> 93 #include <linux/wait.h> 94 #include <linux/bitops.h> 95 #include <linux/delay.h> 96 #include <linux/seq_file.h> 97 #include <linux/serial.h> 98 #include <linux/ratelimit.h> 99 100 #include <linux/uaccess.h> 101 102 #include <linux/kbd_kern.h> 103 #include <linux/vt_kern.h> 104 #include <linux/selection.h> 105 106 #include <linux/kmod.h> 107 #include <linux/nsproxy.h> 108 109 #undef TTY_DEBUG_HANGUP 110 #ifdef TTY_DEBUG_HANGUP 111 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 112 #else 113 # define tty_debug_hangup(tty, f, args...) do { } while (0) 114 #endif 115 116 #define TTY_PARANOIA_CHECK 1 117 #define CHECK_TTY_COUNT 1 118 119 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 120 .c_iflag = ICRNL | IXON, 121 .c_oflag = OPOST | ONLCR, 122 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 123 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 124 ECHOCTL | ECHOKE | IEXTEN, 125 .c_cc = INIT_C_CC, 126 .c_ispeed = 38400, 127 .c_ospeed = 38400, 128 /* .c_line = N_TTY, */ 129 }; 130 131 EXPORT_SYMBOL(tty_std_termios); 132 133 /* This list gets poked at by procfs and various bits of boot up code. This 134 could do with some rationalisation such as pulling the tty proc function 135 into this file */ 136 137 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 138 139 /* Mutex to protect creating and releasing a tty */ 140 DEFINE_MUTEX(tty_mutex); 141 142 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 143 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); 144 ssize_t redirected_tty_write(struct file *, const char __user *, 145 size_t, loff_t *); 146 static unsigned int tty_poll(struct file *, poll_table *); 147 static int tty_open(struct inode *, struct file *); 148 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 149 #ifdef CONFIG_COMPAT 150 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 151 unsigned long arg); 152 #else 153 #define tty_compat_ioctl NULL 154 #endif 155 static int __tty_fasync(int fd, struct file *filp, int on); 156 static int tty_fasync(int fd, struct file *filp, int on); 157 static void release_tty(struct tty_struct *tty, int idx); 158 159 /** 160 * free_tty_struct - free a disused tty 161 * @tty: tty struct to free 162 * 163 * Free the write buffers, tty queue and tty memory itself. 164 * 165 * Locking: none. Must be called after tty is definitely unused 166 */ 167 168 static void free_tty_struct(struct tty_struct *tty) 169 { 170 tty_ldisc_deinit(tty); 171 put_device(tty->dev); 172 kfree(tty->write_buf); 173 tty->magic = 0xDEADDEAD; 174 kfree(tty); 175 } 176 177 static inline struct tty_struct *file_tty(struct file *file) 178 { 179 return ((struct tty_file_private *)file->private_data)->tty; 180 } 181 182 int tty_alloc_file(struct file *file) 183 { 184 struct tty_file_private *priv; 185 186 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 187 if (!priv) 188 return -ENOMEM; 189 190 file->private_data = priv; 191 192 return 0; 193 } 194 195 /* Associate a new file with the tty structure */ 196 void tty_add_file(struct tty_struct *tty, struct file *file) 197 { 198 struct tty_file_private *priv = file->private_data; 199 200 priv->tty = tty; 201 priv->file = file; 202 203 spin_lock(&tty->files_lock); 204 list_add(&priv->list, &tty->tty_files); 205 spin_unlock(&tty->files_lock); 206 } 207 208 /** 209 * tty_free_file - free file->private_data 210 * 211 * This shall be used only for fail path handling when tty_add_file was not 212 * called yet. 213 */ 214 void tty_free_file(struct file *file) 215 { 216 struct tty_file_private *priv = file->private_data; 217 218 file->private_data = NULL; 219 kfree(priv); 220 } 221 222 /* Delete file from its tty */ 223 static void tty_del_file(struct file *file) 224 { 225 struct tty_file_private *priv = file->private_data; 226 struct tty_struct *tty = priv->tty; 227 228 spin_lock(&tty->files_lock); 229 list_del(&priv->list); 230 spin_unlock(&tty->files_lock); 231 tty_free_file(file); 232 } 233 234 /** 235 * tty_name - return tty naming 236 * @tty: tty structure 237 * 238 * Convert a tty structure into a name. The name reflects the kernel 239 * naming policy and if udev is in use may not reflect user space 240 * 241 * Locking: none 242 */ 243 244 const char *tty_name(const struct tty_struct *tty) 245 { 246 if (!tty) /* Hmm. NULL pointer. That's fun. */ 247 return "NULL tty"; 248 return tty->name; 249 } 250 251 EXPORT_SYMBOL(tty_name); 252 253 const char *tty_driver_name(const struct tty_struct *tty) 254 { 255 if (!tty || !tty->driver) 256 return ""; 257 return tty->driver->name; 258 } 259 260 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 261 const char *routine) 262 { 263 #ifdef TTY_PARANOIA_CHECK 264 if (!tty) { 265 pr_warn("(%d:%d): %s: NULL tty\n", 266 imajor(inode), iminor(inode), routine); 267 return 1; 268 } 269 if (tty->magic != TTY_MAGIC) { 270 pr_warn("(%d:%d): %s: bad magic number\n", 271 imajor(inode), iminor(inode), routine); 272 return 1; 273 } 274 #endif 275 return 0; 276 } 277 278 /* Caller must hold tty_lock */ 279 static int check_tty_count(struct tty_struct *tty, const char *routine) 280 { 281 #ifdef CHECK_TTY_COUNT 282 struct list_head *p; 283 int count = 0; 284 285 spin_lock(&tty->files_lock); 286 list_for_each(p, &tty->tty_files) { 287 count++; 288 } 289 spin_unlock(&tty->files_lock); 290 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 291 tty->driver->subtype == PTY_TYPE_SLAVE && 292 tty->link && tty->link->count) 293 count++; 294 if (tty->count != count) { 295 tty_warn(tty, "%s: tty->count(%d) != #fd's(%d)\n", 296 routine, tty->count, count); 297 return count; 298 } 299 #endif 300 return 0; 301 } 302 303 /** 304 * get_tty_driver - find device of a tty 305 * @dev_t: device identifier 306 * @index: returns the index of the tty 307 * 308 * This routine returns a tty driver structure, given a device number 309 * and also passes back the index number. 310 * 311 * Locking: caller must hold tty_mutex 312 */ 313 314 static struct tty_driver *get_tty_driver(dev_t device, int *index) 315 { 316 struct tty_driver *p; 317 318 list_for_each_entry(p, &tty_drivers, tty_drivers) { 319 dev_t base = MKDEV(p->major, p->minor_start); 320 if (device < base || device >= base + p->num) 321 continue; 322 *index = device - base; 323 return tty_driver_kref_get(p); 324 } 325 return NULL; 326 } 327 328 /** 329 * tty_dev_name_to_number - return dev_t for device name 330 * @name: user space name of device under /dev 331 * @number: pointer to dev_t that this function will populate 332 * 333 * This function converts device names like ttyS0 or ttyUSB1 into dev_t 334 * like (4, 64) or (188, 1). If no corresponding driver is registered then 335 * the function returns -ENODEV. 336 * 337 * Locking: this acquires tty_mutex to protect the tty_drivers list from 338 * being modified while we are traversing it, and makes sure to 339 * release it before exiting. 340 */ 341 int tty_dev_name_to_number(const char *name, dev_t *number) 342 { 343 struct tty_driver *p; 344 int ret; 345 int index, prefix_length = 0; 346 const char *str; 347 348 for (str = name; *str && !isdigit(*str); str++) 349 ; 350 351 if (!*str) 352 return -EINVAL; 353 354 ret = kstrtoint(str, 10, &index); 355 if (ret) 356 return ret; 357 358 prefix_length = str - name; 359 mutex_lock(&tty_mutex); 360 361 list_for_each_entry(p, &tty_drivers, tty_drivers) 362 if (prefix_length == strlen(p->name) && strncmp(name, 363 p->name, prefix_length) == 0) { 364 if (index < p->num) { 365 *number = MKDEV(p->major, p->minor_start + index); 366 goto out; 367 } 368 } 369 370 /* if here then driver wasn't found */ 371 ret = -ENODEV; 372 out: 373 mutex_unlock(&tty_mutex); 374 return ret; 375 } 376 EXPORT_SYMBOL_GPL(tty_dev_name_to_number); 377 378 #ifdef CONFIG_CONSOLE_POLL 379 380 /** 381 * tty_find_polling_driver - find device of a polled tty 382 * @name: name string to match 383 * @line: pointer to resulting tty line nr 384 * 385 * This routine returns a tty driver structure, given a name 386 * and the condition that the tty driver is capable of polled 387 * operation. 388 */ 389 struct tty_driver *tty_find_polling_driver(char *name, int *line) 390 { 391 struct tty_driver *p, *res = NULL; 392 int tty_line = 0; 393 int len; 394 char *str, *stp; 395 396 for (str = name; *str; str++) 397 if ((*str >= '0' && *str <= '9') || *str == ',') 398 break; 399 if (!*str) 400 return NULL; 401 402 len = str - name; 403 tty_line = simple_strtoul(str, &str, 10); 404 405 mutex_lock(&tty_mutex); 406 /* Search through the tty devices to look for a match */ 407 list_for_each_entry(p, &tty_drivers, tty_drivers) { 408 if (strncmp(name, p->name, len) != 0) 409 continue; 410 stp = str; 411 if (*stp == ',') 412 stp++; 413 if (*stp == '\0') 414 stp = NULL; 415 416 if (tty_line >= 0 && tty_line < p->num && p->ops && 417 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 418 res = tty_driver_kref_get(p); 419 *line = tty_line; 420 break; 421 } 422 } 423 mutex_unlock(&tty_mutex); 424 425 return res; 426 } 427 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 428 #endif 429 430 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 431 size_t count, loff_t *ppos) 432 { 433 return 0; 434 } 435 436 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 437 size_t count, loff_t *ppos) 438 { 439 return -EIO; 440 } 441 442 /* No kernel lock held - none needed ;) */ 443 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait) 444 { 445 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM; 446 } 447 448 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 449 unsigned long arg) 450 { 451 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 452 } 453 454 static long hung_up_tty_compat_ioctl(struct file *file, 455 unsigned int cmd, unsigned long arg) 456 { 457 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 458 } 459 460 static int hung_up_tty_fasync(int fd, struct file *file, int on) 461 { 462 return -ENOTTY; 463 } 464 465 static const struct file_operations tty_fops = { 466 .llseek = no_llseek, 467 .read = tty_read, 468 .write = tty_write, 469 .poll = tty_poll, 470 .unlocked_ioctl = tty_ioctl, 471 .compat_ioctl = tty_compat_ioctl, 472 .open = tty_open, 473 .release = tty_release, 474 .fasync = tty_fasync, 475 }; 476 477 static const struct file_operations console_fops = { 478 .llseek = no_llseek, 479 .read = tty_read, 480 .write = redirected_tty_write, 481 .poll = tty_poll, 482 .unlocked_ioctl = tty_ioctl, 483 .compat_ioctl = tty_compat_ioctl, 484 .open = tty_open, 485 .release = tty_release, 486 .fasync = tty_fasync, 487 }; 488 489 static const struct file_operations hung_up_tty_fops = { 490 .llseek = no_llseek, 491 .read = hung_up_tty_read, 492 .write = hung_up_tty_write, 493 .poll = hung_up_tty_poll, 494 .unlocked_ioctl = hung_up_tty_ioctl, 495 .compat_ioctl = hung_up_tty_compat_ioctl, 496 .release = tty_release, 497 .fasync = hung_up_tty_fasync, 498 }; 499 500 static DEFINE_SPINLOCK(redirect_lock); 501 static struct file *redirect; 502 503 /** 504 * tty_wakeup - request more data 505 * @tty: terminal 506 * 507 * Internal and external helper for wakeups of tty. This function 508 * informs the line discipline if present that the driver is ready 509 * to receive more output data. 510 */ 511 512 void tty_wakeup(struct tty_struct *tty) 513 { 514 struct tty_ldisc *ld; 515 516 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 517 ld = tty_ldisc_ref(tty); 518 if (ld) { 519 if (ld->ops->write_wakeup) 520 ld->ops->write_wakeup(tty); 521 tty_ldisc_deref(ld); 522 } 523 } 524 wake_up_interruptible_poll(&tty->write_wait, POLLOUT); 525 } 526 527 EXPORT_SYMBOL_GPL(tty_wakeup); 528 529 /** 530 * __tty_hangup - actual handler for hangup events 531 * @work: tty device 532 * 533 * This can be called by a "kworker" kernel thread. That is process 534 * synchronous but doesn't hold any locks, so we need to make sure we 535 * have the appropriate locks for what we're doing. 536 * 537 * The hangup event clears any pending redirections onto the hung up 538 * device. It ensures future writes will error and it does the needed 539 * line discipline hangup and signal delivery. The tty object itself 540 * remains intact. 541 * 542 * Locking: 543 * BTM 544 * redirect lock for undoing redirection 545 * file list lock for manipulating list of ttys 546 * tty_ldiscs_lock from called functions 547 * termios_rwsem resetting termios data 548 * tasklist_lock to walk task list for hangup event 549 * ->siglock to protect ->signal/->sighand 550 */ 551 static void __tty_hangup(struct tty_struct *tty, int exit_session) 552 { 553 struct file *cons_filp = NULL; 554 struct file *filp, *f = NULL; 555 struct tty_file_private *priv; 556 int closecount = 0, n; 557 int refs; 558 559 if (!tty) 560 return; 561 562 563 spin_lock(&redirect_lock); 564 if (redirect && file_tty(redirect) == tty) { 565 f = redirect; 566 redirect = NULL; 567 } 568 spin_unlock(&redirect_lock); 569 570 tty_lock(tty); 571 572 if (test_bit(TTY_HUPPED, &tty->flags)) { 573 tty_unlock(tty); 574 return; 575 } 576 577 /* inuse_filps is protected by the single tty lock, 578 this really needs to change if we want to flush the 579 workqueue with the lock held */ 580 check_tty_count(tty, "tty_hangup"); 581 582 spin_lock(&tty->files_lock); 583 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 584 list_for_each_entry(priv, &tty->tty_files, list) { 585 filp = priv->file; 586 if (filp->f_op->write == redirected_tty_write) 587 cons_filp = filp; 588 if (filp->f_op->write != tty_write) 589 continue; 590 closecount++; 591 __tty_fasync(-1, filp, 0); /* can't block */ 592 filp->f_op = &hung_up_tty_fops; 593 } 594 spin_unlock(&tty->files_lock); 595 596 refs = tty_signal_session_leader(tty, exit_session); 597 /* Account for the p->signal references we killed */ 598 while (refs--) 599 tty_kref_put(tty); 600 601 tty_ldisc_hangup(tty, cons_filp != NULL); 602 603 spin_lock_irq(&tty->ctrl_lock); 604 clear_bit(TTY_THROTTLED, &tty->flags); 605 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 606 put_pid(tty->session); 607 put_pid(tty->pgrp); 608 tty->session = NULL; 609 tty->pgrp = NULL; 610 tty->ctrl_status = 0; 611 spin_unlock_irq(&tty->ctrl_lock); 612 613 /* 614 * If one of the devices matches a console pointer, we 615 * cannot just call hangup() because that will cause 616 * tty->count and state->count to go out of sync. 617 * So we just call close() the right number of times. 618 */ 619 if (cons_filp) { 620 if (tty->ops->close) 621 for (n = 0; n < closecount; n++) 622 tty->ops->close(tty, cons_filp); 623 } else if (tty->ops->hangup) 624 tty->ops->hangup(tty); 625 /* 626 * We don't want to have driver/ldisc interactions beyond the ones 627 * we did here. The driver layer expects no calls after ->hangup() 628 * from the ldisc side, which is now guaranteed. 629 */ 630 set_bit(TTY_HUPPED, &tty->flags); 631 tty_unlock(tty); 632 633 if (f) 634 fput(f); 635 } 636 637 static void do_tty_hangup(struct work_struct *work) 638 { 639 struct tty_struct *tty = 640 container_of(work, struct tty_struct, hangup_work); 641 642 __tty_hangup(tty, 0); 643 } 644 645 /** 646 * tty_hangup - trigger a hangup event 647 * @tty: tty to hangup 648 * 649 * A carrier loss (virtual or otherwise) has occurred on this like 650 * schedule a hangup sequence to run after this event. 651 */ 652 653 void tty_hangup(struct tty_struct *tty) 654 { 655 tty_debug_hangup(tty, "hangup\n"); 656 schedule_work(&tty->hangup_work); 657 } 658 659 EXPORT_SYMBOL(tty_hangup); 660 661 /** 662 * tty_vhangup - process vhangup 663 * @tty: tty to hangup 664 * 665 * The user has asked via system call for the terminal to be hung up. 666 * We do this synchronously so that when the syscall returns the process 667 * is complete. That guarantee is necessary for security reasons. 668 */ 669 670 void tty_vhangup(struct tty_struct *tty) 671 { 672 tty_debug_hangup(tty, "vhangup\n"); 673 __tty_hangup(tty, 0); 674 } 675 676 EXPORT_SYMBOL(tty_vhangup); 677 678 679 /** 680 * tty_vhangup_self - process vhangup for own ctty 681 * 682 * Perform a vhangup on the current controlling tty 683 */ 684 685 void tty_vhangup_self(void) 686 { 687 struct tty_struct *tty; 688 689 tty = get_current_tty(); 690 if (tty) { 691 tty_vhangup(tty); 692 tty_kref_put(tty); 693 } 694 } 695 696 /** 697 * tty_vhangup_session - hangup session leader exit 698 * @tty: tty to hangup 699 * 700 * The session leader is exiting and hanging up its controlling terminal. 701 * Every process in the foreground process group is signalled SIGHUP. 702 * 703 * We do this synchronously so that when the syscall returns the process 704 * is complete. That guarantee is necessary for security reasons. 705 */ 706 707 void tty_vhangup_session(struct tty_struct *tty) 708 { 709 tty_debug_hangup(tty, "session hangup\n"); 710 __tty_hangup(tty, 1); 711 } 712 713 /** 714 * tty_hung_up_p - was tty hung up 715 * @filp: file pointer of tty 716 * 717 * Return true if the tty has been subject to a vhangup or a carrier 718 * loss 719 */ 720 721 int tty_hung_up_p(struct file *filp) 722 { 723 return (filp && filp->f_op == &hung_up_tty_fops); 724 } 725 726 EXPORT_SYMBOL(tty_hung_up_p); 727 728 /** 729 * stop_tty - propagate flow control 730 * @tty: tty to stop 731 * 732 * Perform flow control to the driver. May be called 733 * on an already stopped device and will not re-call the driver 734 * method. 735 * 736 * This functionality is used by both the line disciplines for 737 * halting incoming flow and by the driver. It may therefore be 738 * called from any context, may be under the tty atomic_write_lock 739 * but not always. 740 * 741 * Locking: 742 * flow_lock 743 */ 744 745 void __stop_tty(struct tty_struct *tty) 746 { 747 if (tty->stopped) 748 return; 749 tty->stopped = 1; 750 if (tty->ops->stop) 751 tty->ops->stop(tty); 752 } 753 754 void stop_tty(struct tty_struct *tty) 755 { 756 unsigned long flags; 757 758 spin_lock_irqsave(&tty->flow_lock, flags); 759 __stop_tty(tty); 760 spin_unlock_irqrestore(&tty->flow_lock, flags); 761 } 762 EXPORT_SYMBOL(stop_tty); 763 764 /** 765 * start_tty - propagate flow control 766 * @tty: tty to start 767 * 768 * Start a tty that has been stopped if at all possible. If this 769 * tty was previous stopped and is now being started, the driver 770 * start method is invoked and the line discipline woken. 771 * 772 * Locking: 773 * flow_lock 774 */ 775 776 void __start_tty(struct tty_struct *tty) 777 { 778 if (!tty->stopped || tty->flow_stopped) 779 return; 780 tty->stopped = 0; 781 if (tty->ops->start) 782 tty->ops->start(tty); 783 tty_wakeup(tty); 784 } 785 786 void start_tty(struct tty_struct *tty) 787 { 788 unsigned long flags; 789 790 spin_lock_irqsave(&tty->flow_lock, flags); 791 __start_tty(tty); 792 spin_unlock_irqrestore(&tty->flow_lock, flags); 793 } 794 EXPORT_SYMBOL(start_tty); 795 796 static void tty_update_time(struct timespec *time) 797 { 798 unsigned long sec = get_seconds(); 799 800 /* 801 * We only care if the two values differ in anything other than the 802 * lower three bits (i.e every 8 seconds). If so, then we can update 803 * the time of the tty device, otherwise it could be construded as a 804 * security leak to let userspace know the exact timing of the tty. 805 */ 806 if ((sec ^ time->tv_sec) & ~7) 807 time->tv_sec = sec; 808 } 809 810 /** 811 * tty_read - read method for tty device files 812 * @file: pointer to tty file 813 * @buf: user buffer 814 * @count: size of user buffer 815 * @ppos: unused 816 * 817 * Perform the read system call function on this terminal device. Checks 818 * for hung up devices before calling the line discipline method. 819 * 820 * Locking: 821 * Locks the line discipline internally while needed. Multiple 822 * read calls may be outstanding in parallel. 823 */ 824 825 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 826 loff_t *ppos) 827 { 828 int i; 829 struct inode *inode = file_inode(file); 830 struct tty_struct *tty = file_tty(file); 831 struct tty_ldisc *ld; 832 833 if (tty_paranoia_check(tty, inode, "tty_read")) 834 return -EIO; 835 if (!tty || tty_io_error(tty)) 836 return -EIO; 837 838 /* We want to wait for the line discipline to sort out in this 839 situation */ 840 ld = tty_ldisc_ref_wait(tty); 841 if (!ld) 842 return hung_up_tty_read(file, buf, count, ppos); 843 if (ld->ops->read) 844 i = ld->ops->read(tty, file, buf, count); 845 else 846 i = -EIO; 847 tty_ldisc_deref(ld); 848 849 if (i > 0) 850 tty_update_time(&inode->i_atime); 851 852 return i; 853 } 854 855 static void tty_write_unlock(struct tty_struct *tty) 856 { 857 mutex_unlock(&tty->atomic_write_lock); 858 wake_up_interruptible_poll(&tty->write_wait, POLLOUT); 859 } 860 861 static int tty_write_lock(struct tty_struct *tty, int ndelay) 862 { 863 if (!mutex_trylock(&tty->atomic_write_lock)) { 864 if (ndelay) 865 return -EAGAIN; 866 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 867 return -ERESTARTSYS; 868 } 869 return 0; 870 } 871 872 /* 873 * Split writes up in sane blocksizes to avoid 874 * denial-of-service type attacks 875 */ 876 static inline ssize_t do_tty_write( 877 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 878 struct tty_struct *tty, 879 struct file *file, 880 const char __user *buf, 881 size_t count) 882 { 883 ssize_t ret, written = 0; 884 unsigned int chunk; 885 886 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 887 if (ret < 0) 888 return ret; 889 890 /* 891 * We chunk up writes into a temporary buffer. This 892 * simplifies low-level drivers immensely, since they 893 * don't have locking issues and user mode accesses. 894 * 895 * But if TTY_NO_WRITE_SPLIT is set, we should use a 896 * big chunk-size.. 897 * 898 * The default chunk-size is 2kB, because the NTTY 899 * layer has problems with bigger chunks. It will 900 * claim to be able to handle more characters than 901 * it actually does. 902 * 903 * FIXME: This can probably go away now except that 64K chunks 904 * are too likely to fail unless switched to vmalloc... 905 */ 906 chunk = 2048; 907 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 908 chunk = 65536; 909 if (count < chunk) 910 chunk = count; 911 912 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 913 if (tty->write_cnt < chunk) { 914 unsigned char *buf_chunk; 915 916 if (chunk < 1024) 917 chunk = 1024; 918 919 buf_chunk = kmalloc(chunk, GFP_KERNEL); 920 if (!buf_chunk) { 921 ret = -ENOMEM; 922 goto out; 923 } 924 kfree(tty->write_buf); 925 tty->write_cnt = chunk; 926 tty->write_buf = buf_chunk; 927 } 928 929 /* Do the write .. */ 930 for (;;) { 931 size_t size = count; 932 if (size > chunk) 933 size = chunk; 934 ret = -EFAULT; 935 if (copy_from_user(tty->write_buf, buf, size)) 936 break; 937 ret = write(tty, file, tty->write_buf, size); 938 if (ret <= 0) 939 break; 940 written += ret; 941 buf += ret; 942 count -= ret; 943 if (!count) 944 break; 945 ret = -ERESTARTSYS; 946 if (signal_pending(current)) 947 break; 948 cond_resched(); 949 } 950 if (written) { 951 tty_update_time(&file_inode(file)->i_mtime); 952 ret = written; 953 } 954 out: 955 tty_write_unlock(tty); 956 return ret; 957 } 958 959 /** 960 * tty_write_message - write a message to a certain tty, not just the console. 961 * @tty: the destination tty_struct 962 * @msg: the message to write 963 * 964 * This is used for messages that need to be redirected to a specific tty. 965 * We don't put it into the syslog queue right now maybe in the future if 966 * really needed. 967 * 968 * We must still hold the BTM and test the CLOSING flag for the moment. 969 */ 970 971 void tty_write_message(struct tty_struct *tty, char *msg) 972 { 973 if (tty) { 974 mutex_lock(&tty->atomic_write_lock); 975 tty_lock(tty); 976 if (tty->ops->write && tty->count > 0) 977 tty->ops->write(tty, msg, strlen(msg)); 978 tty_unlock(tty); 979 tty_write_unlock(tty); 980 } 981 return; 982 } 983 984 985 /** 986 * tty_write - write method for tty device file 987 * @file: tty file pointer 988 * @buf: user data to write 989 * @count: bytes to write 990 * @ppos: unused 991 * 992 * Write data to a tty device via the line discipline. 993 * 994 * Locking: 995 * Locks the line discipline as required 996 * Writes to the tty driver are serialized by the atomic_write_lock 997 * and are then processed in chunks to the device. The line discipline 998 * write method will not be invoked in parallel for each device. 999 */ 1000 1001 static ssize_t tty_write(struct file *file, const char __user *buf, 1002 size_t count, loff_t *ppos) 1003 { 1004 struct tty_struct *tty = file_tty(file); 1005 struct tty_ldisc *ld; 1006 ssize_t ret; 1007 1008 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1009 return -EIO; 1010 if (!tty || !tty->ops->write || tty_io_error(tty)) 1011 return -EIO; 1012 /* Short term debug to catch buggy drivers */ 1013 if (tty->ops->write_room == NULL) 1014 tty_err(tty, "missing write_room method\n"); 1015 ld = tty_ldisc_ref_wait(tty); 1016 if (!ld) 1017 return hung_up_tty_write(file, buf, count, ppos); 1018 if (!ld->ops->write) 1019 ret = -EIO; 1020 else 1021 ret = do_tty_write(ld->ops->write, tty, file, buf, count); 1022 tty_ldisc_deref(ld); 1023 return ret; 1024 } 1025 1026 ssize_t redirected_tty_write(struct file *file, const char __user *buf, 1027 size_t count, loff_t *ppos) 1028 { 1029 struct file *p = NULL; 1030 1031 spin_lock(&redirect_lock); 1032 if (redirect) 1033 p = get_file(redirect); 1034 spin_unlock(&redirect_lock); 1035 1036 if (p) { 1037 ssize_t res; 1038 res = vfs_write(p, buf, count, &p->f_pos); 1039 fput(p); 1040 return res; 1041 } 1042 return tty_write(file, buf, count, ppos); 1043 } 1044 1045 /** 1046 * tty_send_xchar - send priority character 1047 * 1048 * Send a high priority character to the tty even if stopped 1049 * 1050 * Locking: none for xchar method, write ordering for write method. 1051 */ 1052 1053 int tty_send_xchar(struct tty_struct *tty, char ch) 1054 { 1055 int was_stopped = tty->stopped; 1056 1057 if (tty->ops->send_xchar) { 1058 down_read(&tty->termios_rwsem); 1059 tty->ops->send_xchar(tty, ch); 1060 up_read(&tty->termios_rwsem); 1061 return 0; 1062 } 1063 1064 if (tty_write_lock(tty, 0) < 0) 1065 return -ERESTARTSYS; 1066 1067 down_read(&tty->termios_rwsem); 1068 if (was_stopped) 1069 start_tty(tty); 1070 tty->ops->write(tty, &ch, 1); 1071 if (was_stopped) 1072 stop_tty(tty); 1073 up_read(&tty->termios_rwsem); 1074 tty_write_unlock(tty); 1075 return 0; 1076 } 1077 1078 static char ptychar[] = "pqrstuvwxyzabcde"; 1079 1080 /** 1081 * pty_line_name - generate name for a pty 1082 * @driver: the tty driver in use 1083 * @index: the minor number 1084 * @p: output buffer of at least 6 bytes 1085 * 1086 * Generate a name from a driver reference and write it to the output 1087 * buffer. 1088 * 1089 * Locking: None 1090 */ 1091 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1092 { 1093 int i = index + driver->name_base; 1094 /* ->name is initialized to "ttyp", but "tty" is expected */ 1095 sprintf(p, "%s%c%x", 1096 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1097 ptychar[i >> 4 & 0xf], i & 0xf); 1098 } 1099 1100 /** 1101 * tty_line_name - generate name for a tty 1102 * @driver: the tty driver in use 1103 * @index: the minor number 1104 * @p: output buffer of at least 7 bytes 1105 * 1106 * Generate a name from a driver reference and write it to the output 1107 * buffer. 1108 * 1109 * Locking: None 1110 */ 1111 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1112 { 1113 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1114 return sprintf(p, "%s", driver->name); 1115 else 1116 return sprintf(p, "%s%d", driver->name, 1117 index + driver->name_base); 1118 } 1119 1120 /** 1121 * tty_driver_lookup_tty() - find an existing tty, if any 1122 * @driver: the driver for the tty 1123 * @idx: the minor number 1124 * 1125 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the 1126 * driver lookup() method returns an error. 1127 * 1128 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1129 */ 1130 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1131 struct file *file, int idx) 1132 { 1133 struct tty_struct *tty; 1134 1135 if (driver->ops->lookup) 1136 if (!file) 1137 tty = ERR_PTR(-EIO); 1138 else 1139 tty = driver->ops->lookup(driver, file, idx); 1140 else 1141 tty = driver->ttys[idx]; 1142 1143 if (!IS_ERR(tty)) 1144 tty_kref_get(tty); 1145 return tty; 1146 } 1147 1148 /** 1149 * tty_init_termios - helper for termios setup 1150 * @tty: the tty to set up 1151 * 1152 * Initialise the termios structures for this tty. Thus runs under 1153 * the tty_mutex currently so we can be relaxed about ordering. 1154 */ 1155 1156 void tty_init_termios(struct tty_struct *tty) 1157 { 1158 struct ktermios *tp; 1159 int idx = tty->index; 1160 1161 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1162 tty->termios = tty->driver->init_termios; 1163 else { 1164 /* Check for lazy saved data */ 1165 tp = tty->driver->termios[idx]; 1166 if (tp != NULL) { 1167 tty->termios = *tp; 1168 tty->termios.c_line = tty->driver->init_termios.c_line; 1169 } else 1170 tty->termios = tty->driver->init_termios; 1171 } 1172 /* Compatibility until drivers always set this */ 1173 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1174 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1175 } 1176 EXPORT_SYMBOL_GPL(tty_init_termios); 1177 1178 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1179 { 1180 tty_init_termios(tty); 1181 tty_driver_kref_get(driver); 1182 tty->count++; 1183 driver->ttys[tty->index] = tty; 1184 return 0; 1185 } 1186 EXPORT_SYMBOL_GPL(tty_standard_install); 1187 1188 /** 1189 * tty_driver_install_tty() - install a tty entry in the driver 1190 * @driver: the driver for the tty 1191 * @tty: the tty 1192 * 1193 * Install a tty object into the driver tables. The tty->index field 1194 * will be set by the time this is called. This method is responsible 1195 * for ensuring any need additional structures are allocated and 1196 * configured. 1197 * 1198 * Locking: tty_mutex for now 1199 */ 1200 static int tty_driver_install_tty(struct tty_driver *driver, 1201 struct tty_struct *tty) 1202 { 1203 return driver->ops->install ? driver->ops->install(driver, tty) : 1204 tty_standard_install(driver, tty); 1205 } 1206 1207 /** 1208 * tty_driver_remove_tty() - remove a tty from the driver tables 1209 * @driver: the driver for the tty 1210 * @idx: the minor number 1211 * 1212 * Remvoe a tty object from the driver tables. The tty->index field 1213 * will be set by the time this is called. 1214 * 1215 * Locking: tty_mutex for now 1216 */ 1217 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1218 { 1219 if (driver->ops->remove) 1220 driver->ops->remove(driver, tty); 1221 else 1222 driver->ttys[tty->index] = NULL; 1223 } 1224 1225 /* 1226 * tty_reopen() - fast re-open of an open tty 1227 * @tty - the tty to open 1228 * 1229 * Return 0 on success, -errno on error. 1230 * Re-opens on master ptys are not allowed and return -EIO. 1231 * 1232 * Locking: Caller must hold tty_lock 1233 */ 1234 static int tty_reopen(struct tty_struct *tty) 1235 { 1236 struct tty_driver *driver = tty->driver; 1237 1238 if (driver->type == TTY_DRIVER_TYPE_PTY && 1239 driver->subtype == PTY_TYPE_MASTER) 1240 return -EIO; 1241 1242 if (!tty->count) 1243 return -EAGAIN; 1244 1245 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1246 return -EBUSY; 1247 1248 tty->count++; 1249 1250 if (!tty->ldisc) 1251 return tty_ldisc_reinit(tty, tty->termios.c_line); 1252 1253 return 0; 1254 } 1255 1256 /** 1257 * tty_init_dev - initialise a tty device 1258 * @driver: tty driver we are opening a device on 1259 * @idx: device index 1260 * @ret_tty: returned tty structure 1261 * 1262 * Prepare a tty device. This may not be a "new" clean device but 1263 * could also be an active device. The pty drivers require special 1264 * handling because of this. 1265 * 1266 * Locking: 1267 * The function is called under the tty_mutex, which 1268 * protects us from the tty struct or driver itself going away. 1269 * 1270 * On exit the tty device has the line discipline attached and 1271 * a reference count of 1. If a pair was created for pty/tty use 1272 * and the other was a pty master then it too has a reference count of 1. 1273 * 1274 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1275 * failed open. The new code protects the open with a mutex, so it's 1276 * really quite straightforward. The mutex locking can probably be 1277 * relaxed for the (most common) case of reopening a tty. 1278 */ 1279 1280 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1281 { 1282 struct tty_struct *tty; 1283 int retval; 1284 1285 /* 1286 * First time open is complex, especially for PTY devices. 1287 * This code guarantees that either everything succeeds and the 1288 * TTY is ready for operation, or else the table slots are vacated 1289 * and the allocated memory released. (Except that the termios 1290 * may be retained.) 1291 */ 1292 1293 if (!try_module_get(driver->owner)) 1294 return ERR_PTR(-ENODEV); 1295 1296 tty = alloc_tty_struct(driver, idx); 1297 if (!tty) { 1298 retval = -ENOMEM; 1299 goto err_module_put; 1300 } 1301 1302 tty_lock(tty); 1303 retval = tty_driver_install_tty(driver, tty); 1304 if (retval < 0) 1305 goto err_free_tty; 1306 1307 if (!tty->port) 1308 tty->port = driver->ports[idx]; 1309 1310 WARN_RATELIMIT(!tty->port, 1311 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", 1312 __func__, tty->driver->name); 1313 1314 tty->port->itty = tty; 1315 1316 /* 1317 * Structures all installed ... call the ldisc open routines. 1318 * If we fail here just call release_tty to clean up. No need 1319 * to decrement the use counts, as release_tty doesn't care. 1320 */ 1321 retval = tty_ldisc_setup(tty, tty->link); 1322 if (retval) 1323 goto err_release_tty; 1324 /* Return the tty locked so that it cannot vanish under the caller */ 1325 return tty; 1326 1327 err_free_tty: 1328 tty_unlock(tty); 1329 free_tty_struct(tty); 1330 err_module_put: 1331 module_put(driver->owner); 1332 return ERR_PTR(retval); 1333 1334 /* call the tty release_tty routine to clean out this slot */ 1335 err_release_tty: 1336 tty_unlock(tty); 1337 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", 1338 retval, idx); 1339 release_tty(tty, idx); 1340 return ERR_PTR(retval); 1341 } 1342 1343 static void tty_free_termios(struct tty_struct *tty) 1344 { 1345 struct ktermios *tp; 1346 int idx = tty->index; 1347 1348 /* If the port is going to reset then it has no termios to save */ 1349 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1350 return; 1351 1352 /* Stash the termios data */ 1353 tp = tty->driver->termios[idx]; 1354 if (tp == NULL) { 1355 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL); 1356 if (tp == NULL) 1357 return; 1358 tty->driver->termios[idx] = tp; 1359 } 1360 *tp = tty->termios; 1361 } 1362 1363 /** 1364 * tty_flush_works - flush all works of a tty/pty pair 1365 * @tty: tty device to flush works for (or either end of a pty pair) 1366 * 1367 * Sync flush all works belonging to @tty (and the 'other' tty). 1368 */ 1369 static void tty_flush_works(struct tty_struct *tty) 1370 { 1371 flush_work(&tty->SAK_work); 1372 flush_work(&tty->hangup_work); 1373 if (tty->link) { 1374 flush_work(&tty->link->SAK_work); 1375 flush_work(&tty->link->hangup_work); 1376 } 1377 } 1378 1379 /** 1380 * release_one_tty - release tty structure memory 1381 * @kref: kref of tty we are obliterating 1382 * 1383 * Releases memory associated with a tty structure, and clears out the 1384 * driver table slots. This function is called when a device is no longer 1385 * in use. It also gets called when setup of a device fails. 1386 * 1387 * Locking: 1388 * takes the file list lock internally when working on the list 1389 * of ttys that the driver keeps. 1390 * 1391 * This method gets called from a work queue so that the driver private 1392 * cleanup ops can sleep (needed for USB at least) 1393 */ 1394 static void release_one_tty(struct work_struct *work) 1395 { 1396 struct tty_struct *tty = 1397 container_of(work, struct tty_struct, hangup_work); 1398 struct tty_driver *driver = tty->driver; 1399 struct module *owner = driver->owner; 1400 1401 if (tty->ops->cleanup) 1402 tty->ops->cleanup(tty); 1403 1404 tty->magic = 0; 1405 tty_driver_kref_put(driver); 1406 module_put(owner); 1407 1408 spin_lock(&tty->files_lock); 1409 list_del_init(&tty->tty_files); 1410 spin_unlock(&tty->files_lock); 1411 1412 put_pid(tty->pgrp); 1413 put_pid(tty->session); 1414 free_tty_struct(tty); 1415 } 1416 1417 static void queue_release_one_tty(struct kref *kref) 1418 { 1419 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1420 1421 /* The hangup queue is now free so we can reuse it rather than 1422 waste a chunk of memory for each port */ 1423 INIT_WORK(&tty->hangup_work, release_one_tty); 1424 schedule_work(&tty->hangup_work); 1425 } 1426 1427 /** 1428 * tty_kref_put - release a tty kref 1429 * @tty: tty device 1430 * 1431 * Release a reference to a tty device and if need be let the kref 1432 * layer destruct the object for us 1433 */ 1434 1435 void tty_kref_put(struct tty_struct *tty) 1436 { 1437 if (tty) 1438 kref_put(&tty->kref, queue_release_one_tty); 1439 } 1440 EXPORT_SYMBOL(tty_kref_put); 1441 1442 /** 1443 * release_tty - release tty structure memory 1444 * 1445 * Release both @tty and a possible linked partner (think pty pair), 1446 * and decrement the refcount of the backing module. 1447 * 1448 * Locking: 1449 * tty_mutex 1450 * takes the file list lock internally when working on the list 1451 * of ttys that the driver keeps. 1452 * 1453 */ 1454 static void release_tty(struct tty_struct *tty, int idx) 1455 { 1456 /* This should always be true but check for the moment */ 1457 WARN_ON(tty->index != idx); 1458 WARN_ON(!mutex_is_locked(&tty_mutex)); 1459 if (tty->ops->shutdown) 1460 tty->ops->shutdown(tty); 1461 tty_free_termios(tty); 1462 tty_driver_remove_tty(tty->driver, tty); 1463 tty->port->itty = NULL; 1464 if (tty->link) 1465 tty->link->port->itty = NULL; 1466 tty_buffer_cancel_work(tty->port); 1467 1468 tty_kref_put(tty->link); 1469 tty_kref_put(tty); 1470 } 1471 1472 /** 1473 * tty_release_checks - check a tty before real release 1474 * @tty: tty to check 1475 * @o_tty: link of @tty (if any) 1476 * @idx: index of the tty 1477 * 1478 * Performs some paranoid checking before true release of the @tty. 1479 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1480 */ 1481 static int tty_release_checks(struct tty_struct *tty, int idx) 1482 { 1483 #ifdef TTY_PARANOIA_CHECK 1484 if (idx < 0 || idx >= tty->driver->num) { 1485 tty_debug(tty, "bad idx %d\n", idx); 1486 return -1; 1487 } 1488 1489 /* not much to check for devpts */ 1490 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1491 return 0; 1492 1493 if (tty != tty->driver->ttys[idx]) { 1494 tty_debug(tty, "bad driver table[%d] = %p\n", 1495 idx, tty->driver->ttys[idx]); 1496 return -1; 1497 } 1498 if (tty->driver->other) { 1499 struct tty_struct *o_tty = tty->link; 1500 1501 if (o_tty != tty->driver->other->ttys[idx]) { 1502 tty_debug(tty, "bad other table[%d] = %p\n", 1503 idx, tty->driver->other->ttys[idx]); 1504 return -1; 1505 } 1506 if (o_tty->link != tty) { 1507 tty_debug(tty, "bad link = %p\n", o_tty->link); 1508 return -1; 1509 } 1510 } 1511 #endif 1512 return 0; 1513 } 1514 1515 /** 1516 * tty_release_struct - release a tty struct 1517 * @tty: tty device 1518 * @idx: index of the tty 1519 * 1520 * Performs the final steps to release and free a tty device. It is 1521 * roughly the reverse of tty_init_dev. 1522 */ 1523 void tty_release_struct(struct tty_struct *tty, int idx) 1524 { 1525 /* 1526 * Ask the line discipline code to release its structures 1527 */ 1528 tty_ldisc_release(tty); 1529 1530 /* Wait for pending work before tty destruction commmences */ 1531 tty_flush_works(tty); 1532 1533 tty_debug_hangup(tty, "freeing structure\n"); 1534 /* 1535 * The release_tty function takes care of the details of clearing 1536 * the slots and preserving the termios structure. The tty_unlock_pair 1537 * should be safe as we keep a kref while the tty is locked (so the 1538 * unlock never unlocks a freed tty). 1539 */ 1540 mutex_lock(&tty_mutex); 1541 release_tty(tty, idx); 1542 mutex_unlock(&tty_mutex); 1543 } 1544 EXPORT_SYMBOL_GPL(tty_release_struct); 1545 1546 /** 1547 * tty_release - vfs callback for close 1548 * @inode: inode of tty 1549 * @filp: file pointer for handle to tty 1550 * 1551 * Called the last time each file handle is closed that references 1552 * this tty. There may however be several such references. 1553 * 1554 * Locking: 1555 * Takes bkl. See tty_release_dev 1556 * 1557 * Even releasing the tty structures is a tricky business.. We have 1558 * to be very careful that the structures are all released at the 1559 * same time, as interrupts might otherwise get the wrong pointers. 1560 * 1561 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1562 * lead to double frees or releasing memory still in use. 1563 */ 1564 1565 int tty_release(struct inode *inode, struct file *filp) 1566 { 1567 struct tty_struct *tty = file_tty(filp); 1568 struct tty_struct *o_tty = NULL; 1569 int do_sleep, final; 1570 int idx; 1571 long timeout = 0; 1572 int once = 1; 1573 1574 if (tty_paranoia_check(tty, inode, __func__)) 1575 return 0; 1576 1577 tty_lock(tty); 1578 check_tty_count(tty, __func__); 1579 1580 __tty_fasync(-1, filp, 0); 1581 1582 idx = tty->index; 1583 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1584 tty->driver->subtype == PTY_TYPE_MASTER) 1585 o_tty = tty->link; 1586 1587 if (tty_release_checks(tty, idx)) { 1588 tty_unlock(tty); 1589 return 0; 1590 } 1591 1592 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count); 1593 1594 if (tty->ops->close) 1595 tty->ops->close(tty, filp); 1596 1597 /* If tty is pty master, lock the slave pty (stable lock order) */ 1598 tty_lock_slave(o_tty); 1599 1600 /* 1601 * Sanity check: if tty->count is going to zero, there shouldn't be 1602 * any waiters on tty->read_wait or tty->write_wait. We test the 1603 * wait queues and kick everyone out _before_ actually starting to 1604 * close. This ensures that we won't block while releasing the tty 1605 * structure. 1606 * 1607 * The test for the o_tty closing is necessary, since the master and 1608 * slave sides may close in any order. If the slave side closes out 1609 * first, its count will be one, since the master side holds an open. 1610 * Thus this test wouldn't be triggered at the time the slave closed, 1611 * so we do it now. 1612 */ 1613 while (1) { 1614 do_sleep = 0; 1615 1616 if (tty->count <= 1) { 1617 if (waitqueue_active(&tty->read_wait)) { 1618 wake_up_poll(&tty->read_wait, POLLIN); 1619 do_sleep++; 1620 } 1621 if (waitqueue_active(&tty->write_wait)) { 1622 wake_up_poll(&tty->write_wait, POLLOUT); 1623 do_sleep++; 1624 } 1625 } 1626 if (o_tty && o_tty->count <= 1) { 1627 if (waitqueue_active(&o_tty->read_wait)) { 1628 wake_up_poll(&o_tty->read_wait, POLLIN); 1629 do_sleep++; 1630 } 1631 if (waitqueue_active(&o_tty->write_wait)) { 1632 wake_up_poll(&o_tty->write_wait, POLLOUT); 1633 do_sleep++; 1634 } 1635 } 1636 if (!do_sleep) 1637 break; 1638 1639 if (once) { 1640 once = 0; 1641 tty_warn(tty, "read/write wait queue active!\n"); 1642 } 1643 schedule_timeout_killable(timeout); 1644 if (timeout < 120 * HZ) 1645 timeout = 2 * timeout + 1; 1646 else 1647 timeout = MAX_SCHEDULE_TIMEOUT; 1648 } 1649 1650 if (o_tty) { 1651 if (--o_tty->count < 0) { 1652 tty_warn(tty, "bad slave count (%d)\n", o_tty->count); 1653 o_tty->count = 0; 1654 } 1655 } 1656 if (--tty->count < 0) { 1657 tty_warn(tty, "bad tty->count (%d)\n", tty->count); 1658 tty->count = 0; 1659 } 1660 1661 /* 1662 * We've decremented tty->count, so we need to remove this file 1663 * descriptor off the tty->tty_files list; this serves two 1664 * purposes: 1665 * - check_tty_count sees the correct number of file descriptors 1666 * associated with this tty. 1667 * - do_tty_hangup no longer sees this file descriptor as 1668 * something that needs to be handled for hangups. 1669 */ 1670 tty_del_file(filp); 1671 1672 /* 1673 * Perform some housekeeping before deciding whether to return. 1674 * 1675 * If _either_ side is closing, make sure there aren't any 1676 * processes that still think tty or o_tty is their controlling 1677 * tty. 1678 */ 1679 if (!tty->count) { 1680 read_lock(&tasklist_lock); 1681 session_clear_tty(tty->session); 1682 if (o_tty) 1683 session_clear_tty(o_tty->session); 1684 read_unlock(&tasklist_lock); 1685 } 1686 1687 /* check whether both sides are closing ... */ 1688 final = !tty->count && !(o_tty && o_tty->count); 1689 1690 tty_unlock_slave(o_tty); 1691 tty_unlock(tty); 1692 1693 /* At this point, the tty->count == 0 should ensure a dead tty 1694 cannot be re-opened by a racing opener */ 1695 1696 if (!final) 1697 return 0; 1698 1699 tty_debug_hangup(tty, "final close\n"); 1700 1701 tty_release_struct(tty, idx); 1702 return 0; 1703 } 1704 1705 /** 1706 * tty_open_current_tty - get locked tty of current task 1707 * @device: device number 1708 * @filp: file pointer to tty 1709 * @return: locked tty of the current task iff @device is /dev/tty 1710 * 1711 * Performs a re-open of the current task's controlling tty. 1712 * 1713 * We cannot return driver and index like for the other nodes because 1714 * devpts will not work then. It expects inodes to be from devpts FS. 1715 */ 1716 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1717 { 1718 struct tty_struct *tty; 1719 int retval; 1720 1721 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1722 return NULL; 1723 1724 tty = get_current_tty(); 1725 if (!tty) 1726 return ERR_PTR(-ENXIO); 1727 1728 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1729 /* noctty = 1; */ 1730 tty_lock(tty); 1731 tty_kref_put(tty); /* safe to drop the kref now */ 1732 1733 retval = tty_reopen(tty); 1734 if (retval < 0) { 1735 tty_unlock(tty); 1736 tty = ERR_PTR(retval); 1737 } 1738 return tty; 1739 } 1740 1741 /** 1742 * tty_lookup_driver - lookup a tty driver for a given device file 1743 * @device: device number 1744 * @filp: file pointer to tty 1745 * @index: index for the device in the @return driver 1746 * @return: driver for this inode (with increased refcount) 1747 * 1748 * If @return is not erroneous, the caller is responsible to decrement the 1749 * refcount by tty_driver_kref_put. 1750 * 1751 * Locking: tty_mutex protects get_tty_driver 1752 */ 1753 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1754 int *index) 1755 { 1756 struct tty_driver *driver; 1757 1758 switch (device) { 1759 #ifdef CONFIG_VT 1760 case MKDEV(TTY_MAJOR, 0): { 1761 extern struct tty_driver *console_driver; 1762 driver = tty_driver_kref_get(console_driver); 1763 *index = fg_console; 1764 break; 1765 } 1766 #endif 1767 case MKDEV(TTYAUX_MAJOR, 1): { 1768 struct tty_driver *console_driver = console_device(index); 1769 if (console_driver) { 1770 driver = tty_driver_kref_get(console_driver); 1771 if (driver && filp) { 1772 /* Don't let /dev/console block */ 1773 filp->f_flags |= O_NONBLOCK; 1774 break; 1775 } 1776 } 1777 return ERR_PTR(-ENODEV); 1778 } 1779 default: 1780 driver = get_tty_driver(device, index); 1781 if (!driver) 1782 return ERR_PTR(-ENODEV); 1783 break; 1784 } 1785 return driver; 1786 } 1787 1788 /** 1789 * tty_open_by_driver - open a tty device 1790 * @device: dev_t of device to open 1791 * @inode: inode of device file 1792 * @filp: file pointer to tty 1793 * 1794 * Performs the driver lookup, checks for a reopen, or otherwise 1795 * performs the first-time tty initialization. 1796 * 1797 * Returns the locked initialized or re-opened &tty_struct 1798 * 1799 * Claims the global tty_mutex to serialize: 1800 * - concurrent first-time tty initialization 1801 * - concurrent tty driver removal w/ lookup 1802 * - concurrent tty removal from driver table 1803 */ 1804 struct tty_struct *tty_open_by_driver(dev_t device, struct inode *inode, 1805 struct file *filp) 1806 { 1807 struct tty_struct *tty; 1808 struct tty_driver *driver = NULL; 1809 int index = -1; 1810 int retval; 1811 1812 mutex_lock(&tty_mutex); 1813 driver = tty_lookup_driver(device, filp, &index); 1814 if (IS_ERR(driver)) { 1815 mutex_unlock(&tty_mutex); 1816 return ERR_CAST(driver); 1817 } 1818 1819 /* check whether we're reopening an existing tty */ 1820 tty = tty_driver_lookup_tty(driver, filp, index); 1821 if (IS_ERR(tty)) { 1822 mutex_unlock(&tty_mutex); 1823 goto out; 1824 } 1825 1826 if (tty) { 1827 mutex_unlock(&tty_mutex); 1828 retval = tty_lock_interruptible(tty); 1829 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */ 1830 if (retval) { 1831 if (retval == -EINTR) 1832 retval = -ERESTARTSYS; 1833 tty = ERR_PTR(retval); 1834 goto out; 1835 } 1836 retval = tty_reopen(tty); 1837 if (retval < 0) { 1838 tty_unlock(tty); 1839 tty = ERR_PTR(retval); 1840 } 1841 } else { /* Returns with the tty_lock held for now */ 1842 tty = tty_init_dev(driver, index); 1843 mutex_unlock(&tty_mutex); 1844 } 1845 out: 1846 tty_driver_kref_put(driver); 1847 return tty; 1848 } 1849 EXPORT_SYMBOL_GPL(tty_open_by_driver); 1850 1851 /** 1852 * tty_open - open a tty device 1853 * @inode: inode of device file 1854 * @filp: file pointer to tty 1855 * 1856 * tty_open and tty_release keep up the tty count that contains the 1857 * number of opens done on a tty. We cannot use the inode-count, as 1858 * different inodes might point to the same tty. 1859 * 1860 * Open-counting is needed for pty masters, as well as for keeping 1861 * track of serial lines: DTR is dropped when the last close happens. 1862 * (This is not done solely through tty->count, now. - Ted 1/27/92) 1863 * 1864 * The termios state of a pty is reset on first open so that 1865 * settings don't persist across reuse. 1866 * 1867 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 1868 * tty->count should protect the rest. 1869 * ->siglock protects ->signal/->sighand 1870 * 1871 * Note: the tty_unlock/lock cases without a ref are only safe due to 1872 * tty_mutex 1873 */ 1874 1875 static int tty_open(struct inode *inode, struct file *filp) 1876 { 1877 struct tty_struct *tty; 1878 int noctty, retval; 1879 dev_t device = inode->i_rdev; 1880 unsigned saved_flags = filp->f_flags; 1881 1882 nonseekable_open(inode, filp); 1883 1884 retry_open: 1885 retval = tty_alloc_file(filp); 1886 if (retval) 1887 return -ENOMEM; 1888 1889 tty = tty_open_current_tty(device, filp); 1890 if (!tty) 1891 tty = tty_open_by_driver(device, inode, filp); 1892 1893 if (IS_ERR(tty)) { 1894 tty_free_file(filp); 1895 retval = PTR_ERR(tty); 1896 if (retval != -EAGAIN || signal_pending(current)) 1897 return retval; 1898 schedule(); 1899 goto retry_open; 1900 } 1901 1902 tty_add_file(tty, filp); 1903 1904 check_tty_count(tty, __func__); 1905 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 1906 1907 if (tty->ops->open) 1908 retval = tty->ops->open(tty, filp); 1909 else 1910 retval = -ENODEV; 1911 filp->f_flags = saved_flags; 1912 1913 if (retval) { 1914 tty_debug_hangup(tty, "open error %d, releasing\n", retval); 1915 1916 tty_unlock(tty); /* need to call tty_release without BTM */ 1917 tty_release(inode, filp); 1918 if (retval != -ERESTARTSYS) 1919 return retval; 1920 1921 if (signal_pending(current)) 1922 return retval; 1923 1924 schedule(); 1925 /* 1926 * Need to reset f_op in case a hangup happened. 1927 */ 1928 if (tty_hung_up_p(filp)) 1929 filp->f_op = &tty_fops; 1930 goto retry_open; 1931 } 1932 clear_bit(TTY_HUPPED, &tty->flags); 1933 1934 noctty = (filp->f_flags & O_NOCTTY) || 1935 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) || 1936 device == MKDEV(TTYAUX_MAJOR, 1) || 1937 (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1938 tty->driver->subtype == PTY_TYPE_MASTER); 1939 if (!noctty) 1940 tty_open_proc_set_tty(filp, tty); 1941 tty_unlock(tty); 1942 return 0; 1943 } 1944 1945 1946 1947 /** 1948 * tty_poll - check tty status 1949 * @filp: file being polled 1950 * @wait: poll wait structures to update 1951 * 1952 * Call the line discipline polling method to obtain the poll 1953 * status of the device. 1954 * 1955 * Locking: locks called line discipline but ldisc poll method 1956 * may be re-entered freely by other callers. 1957 */ 1958 1959 static unsigned int tty_poll(struct file *filp, poll_table *wait) 1960 { 1961 struct tty_struct *tty = file_tty(filp); 1962 struct tty_ldisc *ld; 1963 int ret = 0; 1964 1965 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 1966 return 0; 1967 1968 ld = tty_ldisc_ref_wait(tty); 1969 if (!ld) 1970 return hung_up_tty_poll(filp, wait); 1971 if (ld->ops->poll) 1972 ret = ld->ops->poll(tty, filp, wait); 1973 tty_ldisc_deref(ld); 1974 return ret; 1975 } 1976 1977 static int __tty_fasync(int fd, struct file *filp, int on) 1978 { 1979 struct tty_struct *tty = file_tty(filp); 1980 unsigned long flags; 1981 int retval = 0; 1982 1983 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 1984 goto out; 1985 1986 retval = fasync_helper(fd, filp, on, &tty->fasync); 1987 if (retval <= 0) 1988 goto out; 1989 1990 if (on) { 1991 enum pid_type type; 1992 struct pid *pid; 1993 1994 spin_lock_irqsave(&tty->ctrl_lock, flags); 1995 if (tty->pgrp) { 1996 pid = tty->pgrp; 1997 type = PIDTYPE_PGID; 1998 } else { 1999 pid = task_pid(current); 2000 type = PIDTYPE_PID; 2001 } 2002 get_pid(pid); 2003 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2004 __f_setown(filp, pid, type, 0); 2005 put_pid(pid); 2006 retval = 0; 2007 } 2008 out: 2009 return retval; 2010 } 2011 2012 static int tty_fasync(int fd, struct file *filp, int on) 2013 { 2014 struct tty_struct *tty = file_tty(filp); 2015 int retval = -ENOTTY; 2016 2017 tty_lock(tty); 2018 if (!tty_hung_up_p(filp)) 2019 retval = __tty_fasync(fd, filp, on); 2020 tty_unlock(tty); 2021 2022 return retval; 2023 } 2024 2025 /** 2026 * tiocsti - fake input character 2027 * @tty: tty to fake input into 2028 * @p: pointer to character 2029 * 2030 * Fake input to a tty device. Does the necessary locking and 2031 * input management. 2032 * 2033 * FIXME: does not honour flow control ?? 2034 * 2035 * Locking: 2036 * Called functions take tty_ldiscs_lock 2037 * current->signal->tty check is safe without locks 2038 * 2039 * FIXME: may race normal receive processing 2040 */ 2041 2042 static int tiocsti(struct tty_struct *tty, char __user *p) 2043 { 2044 char ch, mbz = 0; 2045 struct tty_ldisc *ld; 2046 2047 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2048 return -EPERM; 2049 if (get_user(ch, p)) 2050 return -EFAULT; 2051 tty_audit_tiocsti(tty, ch); 2052 ld = tty_ldisc_ref_wait(tty); 2053 if (!ld) 2054 return -EIO; 2055 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2056 tty_ldisc_deref(ld); 2057 return 0; 2058 } 2059 2060 /** 2061 * tiocgwinsz - implement window query ioctl 2062 * @tty; tty 2063 * @arg: user buffer for result 2064 * 2065 * Copies the kernel idea of the window size into the user buffer. 2066 * 2067 * Locking: tty->winsize_mutex is taken to ensure the winsize data 2068 * is consistent. 2069 */ 2070 2071 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2072 { 2073 int err; 2074 2075 mutex_lock(&tty->winsize_mutex); 2076 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2077 mutex_unlock(&tty->winsize_mutex); 2078 2079 return err ? -EFAULT: 0; 2080 } 2081 2082 /** 2083 * tty_do_resize - resize event 2084 * @tty: tty being resized 2085 * @rows: rows (character) 2086 * @cols: cols (character) 2087 * 2088 * Update the termios variables and send the necessary signals to 2089 * peform a terminal resize correctly 2090 */ 2091 2092 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2093 { 2094 struct pid *pgrp; 2095 2096 /* Lock the tty */ 2097 mutex_lock(&tty->winsize_mutex); 2098 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2099 goto done; 2100 2101 /* Signal the foreground process group */ 2102 pgrp = tty_get_pgrp(tty); 2103 if (pgrp) 2104 kill_pgrp(pgrp, SIGWINCH, 1); 2105 put_pid(pgrp); 2106 2107 tty->winsize = *ws; 2108 done: 2109 mutex_unlock(&tty->winsize_mutex); 2110 return 0; 2111 } 2112 EXPORT_SYMBOL(tty_do_resize); 2113 2114 /** 2115 * tiocswinsz - implement window size set ioctl 2116 * @tty; tty side of tty 2117 * @arg: user buffer for result 2118 * 2119 * Copies the user idea of the window size to the kernel. Traditionally 2120 * this is just advisory information but for the Linux console it 2121 * actually has driver level meaning and triggers a VC resize. 2122 * 2123 * Locking: 2124 * Driver dependent. The default do_resize method takes the 2125 * tty termios mutex and ctrl_lock. The console takes its own lock 2126 * then calls into the default method. 2127 */ 2128 2129 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2130 { 2131 struct winsize tmp_ws; 2132 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2133 return -EFAULT; 2134 2135 if (tty->ops->resize) 2136 return tty->ops->resize(tty, &tmp_ws); 2137 else 2138 return tty_do_resize(tty, &tmp_ws); 2139 } 2140 2141 /** 2142 * tioccons - allow admin to move logical console 2143 * @file: the file to become console 2144 * 2145 * Allow the administrator to move the redirected console device 2146 * 2147 * Locking: uses redirect_lock to guard the redirect information 2148 */ 2149 2150 static int tioccons(struct file *file) 2151 { 2152 if (!capable(CAP_SYS_ADMIN)) 2153 return -EPERM; 2154 if (file->f_op->write == redirected_tty_write) { 2155 struct file *f; 2156 spin_lock(&redirect_lock); 2157 f = redirect; 2158 redirect = NULL; 2159 spin_unlock(&redirect_lock); 2160 if (f) 2161 fput(f); 2162 return 0; 2163 } 2164 spin_lock(&redirect_lock); 2165 if (redirect) { 2166 spin_unlock(&redirect_lock); 2167 return -EBUSY; 2168 } 2169 redirect = get_file(file); 2170 spin_unlock(&redirect_lock); 2171 return 0; 2172 } 2173 2174 /** 2175 * fionbio - non blocking ioctl 2176 * @file: file to set blocking value 2177 * @p: user parameter 2178 * 2179 * Historical tty interfaces had a blocking control ioctl before 2180 * the generic functionality existed. This piece of history is preserved 2181 * in the expected tty API of posix OS's. 2182 * 2183 * Locking: none, the open file handle ensures it won't go away. 2184 */ 2185 2186 static int fionbio(struct file *file, int __user *p) 2187 { 2188 int nonblock; 2189 2190 if (get_user(nonblock, p)) 2191 return -EFAULT; 2192 2193 spin_lock(&file->f_lock); 2194 if (nonblock) 2195 file->f_flags |= O_NONBLOCK; 2196 else 2197 file->f_flags &= ~O_NONBLOCK; 2198 spin_unlock(&file->f_lock); 2199 return 0; 2200 } 2201 2202 /** 2203 * tiocsetd - set line discipline 2204 * @tty: tty device 2205 * @p: pointer to user data 2206 * 2207 * Set the line discipline according to user request. 2208 * 2209 * Locking: see tty_set_ldisc, this function is just a helper 2210 */ 2211 2212 static int tiocsetd(struct tty_struct *tty, int __user *p) 2213 { 2214 int disc; 2215 int ret; 2216 2217 if (get_user(disc, p)) 2218 return -EFAULT; 2219 2220 ret = tty_set_ldisc(tty, disc); 2221 2222 return ret; 2223 } 2224 2225 /** 2226 * tiocgetd - get line discipline 2227 * @tty: tty device 2228 * @p: pointer to user data 2229 * 2230 * Retrieves the line discipline id directly from the ldisc. 2231 * 2232 * Locking: waits for ldisc reference (in case the line discipline 2233 * is changing or the tty is being hungup) 2234 */ 2235 2236 static int tiocgetd(struct tty_struct *tty, int __user *p) 2237 { 2238 struct tty_ldisc *ld; 2239 int ret; 2240 2241 ld = tty_ldisc_ref_wait(tty); 2242 if (!ld) 2243 return -EIO; 2244 ret = put_user(ld->ops->num, p); 2245 tty_ldisc_deref(ld); 2246 return ret; 2247 } 2248 2249 /** 2250 * send_break - performed time break 2251 * @tty: device to break on 2252 * @duration: timeout in mS 2253 * 2254 * Perform a timed break on hardware that lacks its own driver level 2255 * timed break functionality. 2256 * 2257 * Locking: 2258 * atomic_write_lock serializes 2259 * 2260 */ 2261 2262 static int send_break(struct tty_struct *tty, unsigned int duration) 2263 { 2264 int retval; 2265 2266 if (tty->ops->break_ctl == NULL) 2267 return 0; 2268 2269 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2270 retval = tty->ops->break_ctl(tty, duration); 2271 else { 2272 /* Do the work ourselves */ 2273 if (tty_write_lock(tty, 0) < 0) 2274 return -EINTR; 2275 retval = tty->ops->break_ctl(tty, -1); 2276 if (retval) 2277 goto out; 2278 if (!signal_pending(current)) 2279 msleep_interruptible(duration); 2280 retval = tty->ops->break_ctl(tty, 0); 2281 out: 2282 tty_write_unlock(tty); 2283 if (signal_pending(current)) 2284 retval = -EINTR; 2285 } 2286 return retval; 2287 } 2288 2289 /** 2290 * tty_tiocmget - get modem status 2291 * @tty: tty device 2292 * @file: user file pointer 2293 * @p: pointer to result 2294 * 2295 * Obtain the modem status bits from the tty driver if the feature 2296 * is supported. Return -EINVAL if it is not available. 2297 * 2298 * Locking: none (up to the driver) 2299 */ 2300 2301 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2302 { 2303 int retval = -EINVAL; 2304 2305 if (tty->ops->tiocmget) { 2306 retval = tty->ops->tiocmget(tty); 2307 2308 if (retval >= 0) 2309 retval = put_user(retval, p); 2310 } 2311 return retval; 2312 } 2313 2314 /** 2315 * tty_tiocmset - set modem status 2316 * @tty: tty device 2317 * @cmd: command - clear bits, set bits or set all 2318 * @p: pointer to desired bits 2319 * 2320 * Set the modem status bits from the tty driver if the feature 2321 * is supported. Return -EINVAL if it is not available. 2322 * 2323 * Locking: none (up to the driver) 2324 */ 2325 2326 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2327 unsigned __user *p) 2328 { 2329 int retval; 2330 unsigned int set, clear, val; 2331 2332 if (tty->ops->tiocmset == NULL) 2333 return -EINVAL; 2334 2335 retval = get_user(val, p); 2336 if (retval) 2337 return retval; 2338 set = clear = 0; 2339 switch (cmd) { 2340 case TIOCMBIS: 2341 set = val; 2342 break; 2343 case TIOCMBIC: 2344 clear = val; 2345 break; 2346 case TIOCMSET: 2347 set = val; 2348 clear = ~val; 2349 break; 2350 } 2351 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2352 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2353 return tty->ops->tiocmset(tty, set, clear); 2354 } 2355 2356 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2357 { 2358 int retval = -EINVAL; 2359 struct serial_icounter_struct icount; 2360 memset(&icount, 0, sizeof(icount)); 2361 if (tty->ops->get_icount) 2362 retval = tty->ops->get_icount(tty, &icount); 2363 if (retval != 0) 2364 return retval; 2365 if (copy_to_user(arg, &icount, sizeof(icount))) 2366 return -EFAULT; 2367 return 0; 2368 } 2369 2370 static void tty_warn_deprecated_flags(struct serial_struct __user *ss) 2371 { 2372 static DEFINE_RATELIMIT_STATE(depr_flags, 2373 DEFAULT_RATELIMIT_INTERVAL, 2374 DEFAULT_RATELIMIT_BURST); 2375 char comm[TASK_COMM_LEN]; 2376 int flags; 2377 2378 if (get_user(flags, &ss->flags)) 2379 return; 2380 2381 flags &= ASYNC_DEPRECATED; 2382 2383 if (flags && __ratelimit(&depr_flags)) 2384 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2385 __func__, get_task_comm(comm, current), flags); 2386 } 2387 2388 /* 2389 * if pty, return the slave side (real_tty) 2390 * otherwise, return self 2391 */ 2392 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2393 { 2394 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2395 tty->driver->subtype == PTY_TYPE_MASTER) 2396 tty = tty->link; 2397 return tty; 2398 } 2399 2400 /* 2401 * Split this up, as gcc can choke on it otherwise.. 2402 */ 2403 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2404 { 2405 struct tty_struct *tty = file_tty(file); 2406 struct tty_struct *real_tty; 2407 void __user *p = (void __user *)arg; 2408 int retval; 2409 struct tty_ldisc *ld; 2410 2411 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2412 return -EINVAL; 2413 2414 real_tty = tty_pair_get_tty(tty); 2415 2416 /* 2417 * Factor out some common prep work 2418 */ 2419 switch (cmd) { 2420 case TIOCSETD: 2421 case TIOCSBRK: 2422 case TIOCCBRK: 2423 case TCSBRK: 2424 case TCSBRKP: 2425 retval = tty_check_change(tty); 2426 if (retval) 2427 return retval; 2428 if (cmd != TIOCCBRK) { 2429 tty_wait_until_sent(tty, 0); 2430 if (signal_pending(current)) 2431 return -EINTR; 2432 } 2433 break; 2434 } 2435 2436 /* 2437 * Now do the stuff. 2438 */ 2439 switch (cmd) { 2440 case TIOCSTI: 2441 return tiocsti(tty, p); 2442 case TIOCGWINSZ: 2443 return tiocgwinsz(real_tty, p); 2444 case TIOCSWINSZ: 2445 return tiocswinsz(real_tty, p); 2446 case TIOCCONS: 2447 return real_tty != tty ? -EINVAL : tioccons(file); 2448 case FIONBIO: 2449 return fionbio(file, p); 2450 case TIOCEXCL: 2451 set_bit(TTY_EXCLUSIVE, &tty->flags); 2452 return 0; 2453 case TIOCNXCL: 2454 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2455 return 0; 2456 case TIOCGEXCL: 2457 { 2458 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2459 return put_user(excl, (int __user *)p); 2460 } 2461 case TIOCGETD: 2462 return tiocgetd(tty, p); 2463 case TIOCSETD: 2464 return tiocsetd(tty, p); 2465 case TIOCVHANGUP: 2466 if (!capable(CAP_SYS_ADMIN)) 2467 return -EPERM; 2468 tty_vhangup(tty); 2469 return 0; 2470 case TIOCGDEV: 2471 { 2472 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2473 return put_user(ret, (unsigned int __user *)p); 2474 } 2475 /* 2476 * Break handling 2477 */ 2478 case TIOCSBRK: /* Turn break on, unconditionally */ 2479 if (tty->ops->break_ctl) 2480 return tty->ops->break_ctl(tty, -1); 2481 return 0; 2482 case TIOCCBRK: /* Turn break off, unconditionally */ 2483 if (tty->ops->break_ctl) 2484 return tty->ops->break_ctl(tty, 0); 2485 return 0; 2486 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2487 /* non-zero arg means wait for all output data 2488 * to be sent (performed above) but don't send break. 2489 * This is used by the tcdrain() termios function. 2490 */ 2491 if (!arg) 2492 return send_break(tty, 250); 2493 return 0; 2494 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2495 return send_break(tty, arg ? arg*100 : 250); 2496 2497 case TIOCMGET: 2498 return tty_tiocmget(tty, p); 2499 case TIOCMSET: 2500 case TIOCMBIC: 2501 case TIOCMBIS: 2502 return tty_tiocmset(tty, cmd, p); 2503 case TIOCGICOUNT: 2504 retval = tty_tiocgicount(tty, p); 2505 /* For the moment allow fall through to the old method */ 2506 if (retval != -EINVAL) 2507 return retval; 2508 break; 2509 case TCFLSH: 2510 switch (arg) { 2511 case TCIFLUSH: 2512 case TCIOFLUSH: 2513 /* flush tty buffer and allow ldisc to process ioctl */ 2514 tty_buffer_flush(tty, NULL); 2515 break; 2516 } 2517 break; 2518 case TIOCSSERIAL: 2519 tty_warn_deprecated_flags(p); 2520 break; 2521 default: 2522 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg); 2523 if (retval != -ENOIOCTLCMD) 2524 return retval; 2525 } 2526 if (tty->ops->ioctl) { 2527 retval = tty->ops->ioctl(tty, cmd, arg); 2528 if (retval != -ENOIOCTLCMD) 2529 return retval; 2530 } 2531 ld = tty_ldisc_ref_wait(tty); 2532 if (!ld) 2533 return hung_up_tty_ioctl(file, cmd, arg); 2534 retval = -EINVAL; 2535 if (ld->ops->ioctl) { 2536 retval = ld->ops->ioctl(tty, file, cmd, arg); 2537 if (retval == -ENOIOCTLCMD) 2538 retval = -ENOTTY; 2539 } 2540 tty_ldisc_deref(ld); 2541 return retval; 2542 } 2543 2544 #ifdef CONFIG_COMPAT 2545 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2546 unsigned long arg) 2547 { 2548 struct tty_struct *tty = file_tty(file); 2549 struct tty_ldisc *ld; 2550 int retval = -ENOIOCTLCMD; 2551 2552 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2553 return -EINVAL; 2554 2555 if (tty->ops->compat_ioctl) { 2556 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2557 if (retval != -ENOIOCTLCMD) 2558 return retval; 2559 } 2560 2561 ld = tty_ldisc_ref_wait(tty); 2562 if (!ld) 2563 return hung_up_tty_compat_ioctl(file, cmd, arg); 2564 if (ld->ops->compat_ioctl) 2565 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2566 else 2567 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg); 2568 tty_ldisc_deref(ld); 2569 2570 return retval; 2571 } 2572 #endif 2573 2574 static int this_tty(const void *t, struct file *file, unsigned fd) 2575 { 2576 if (likely(file->f_op->read != tty_read)) 2577 return 0; 2578 return file_tty(file) != t ? 0 : fd + 1; 2579 } 2580 2581 /* 2582 * This implements the "Secure Attention Key" --- the idea is to 2583 * prevent trojan horses by killing all processes associated with this 2584 * tty when the user hits the "Secure Attention Key". Required for 2585 * super-paranoid applications --- see the Orange Book for more details. 2586 * 2587 * This code could be nicer; ideally it should send a HUP, wait a few 2588 * seconds, then send a INT, and then a KILL signal. But you then 2589 * have to coordinate with the init process, since all processes associated 2590 * with the current tty must be dead before the new getty is allowed 2591 * to spawn. 2592 * 2593 * Now, if it would be correct ;-/ The current code has a nasty hole - 2594 * it doesn't catch files in flight. We may send the descriptor to ourselves 2595 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2596 * 2597 * Nasty bug: do_SAK is being called in interrupt context. This can 2598 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2599 */ 2600 void __do_SAK(struct tty_struct *tty) 2601 { 2602 #ifdef TTY_SOFT_SAK 2603 tty_hangup(tty); 2604 #else 2605 struct task_struct *g, *p; 2606 struct pid *session; 2607 int i; 2608 2609 if (!tty) 2610 return; 2611 session = tty->session; 2612 2613 tty_ldisc_flush(tty); 2614 2615 tty_driver_flush_buffer(tty); 2616 2617 read_lock(&tasklist_lock); 2618 /* Kill the entire session */ 2619 do_each_pid_task(session, PIDTYPE_SID, p) { 2620 tty_notice(tty, "SAK: killed process %d (%s): by session\n", 2621 task_pid_nr(p), p->comm); 2622 send_sig(SIGKILL, p, 1); 2623 } while_each_pid_task(session, PIDTYPE_SID, p); 2624 2625 /* Now kill any processes that happen to have the tty open */ 2626 do_each_thread(g, p) { 2627 if (p->signal->tty == tty) { 2628 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n", 2629 task_pid_nr(p), p->comm); 2630 send_sig(SIGKILL, p, 1); 2631 continue; 2632 } 2633 task_lock(p); 2634 i = iterate_fd(p->files, 0, this_tty, tty); 2635 if (i != 0) { 2636 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n", 2637 task_pid_nr(p), p->comm, i - 1); 2638 force_sig(SIGKILL, p); 2639 } 2640 task_unlock(p); 2641 } while_each_thread(g, p); 2642 read_unlock(&tasklist_lock); 2643 #endif 2644 } 2645 2646 static void do_SAK_work(struct work_struct *work) 2647 { 2648 struct tty_struct *tty = 2649 container_of(work, struct tty_struct, SAK_work); 2650 __do_SAK(tty); 2651 } 2652 2653 /* 2654 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2655 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2656 * the values which we write to it will be identical to the values which it 2657 * already has. --akpm 2658 */ 2659 void do_SAK(struct tty_struct *tty) 2660 { 2661 if (!tty) 2662 return; 2663 schedule_work(&tty->SAK_work); 2664 } 2665 2666 EXPORT_SYMBOL(do_SAK); 2667 2668 static int dev_match_devt(struct device *dev, const void *data) 2669 { 2670 const dev_t *devt = data; 2671 return dev->devt == *devt; 2672 } 2673 2674 /* Must put_device() after it's unused! */ 2675 static struct device *tty_get_device(struct tty_struct *tty) 2676 { 2677 dev_t devt = tty_devnum(tty); 2678 return class_find_device(tty_class, NULL, &devt, dev_match_devt); 2679 } 2680 2681 2682 /** 2683 * alloc_tty_struct 2684 * 2685 * This subroutine allocates and initializes a tty structure. 2686 * 2687 * Locking: none - tty in question is not exposed at this point 2688 */ 2689 2690 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 2691 { 2692 struct tty_struct *tty; 2693 2694 tty = kzalloc(sizeof(*tty), GFP_KERNEL); 2695 if (!tty) 2696 return NULL; 2697 2698 kref_init(&tty->kref); 2699 tty->magic = TTY_MAGIC; 2700 tty_ldisc_init(tty); 2701 tty->session = NULL; 2702 tty->pgrp = NULL; 2703 mutex_init(&tty->legacy_mutex); 2704 mutex_init(&tty->throttle_mutex); 2705 init_rwsem(&tty->termios_rwsem); 2706 mutex_init(&tty->winsize_mutex); 2707 init_ldsem(&tty->ldisc_sem); 2708 init_waitqueue_head(&tty->write_wait); 2709 init_waitqueue_head(&tty->read_wait); 2710 INIT_WORK(&tty->hangup_work, do_tty_hangup); 2711 mutex_init(&tty->atomic_write_lock); 2712 spin_lock_init(&tty->ctrl_lock); 2713 spin_lock_init(&tty->flow_lock); 2714 spin_lock_init(&tty->files_lock); 2715 INIT_LIST_HEAD(&tty->tty_files); 2716 INIT_WORK(&tty->SAK_work, do_SAK_work); 2717 2718 tty->driver = driver; 2719 tty->ops = driver->ops; 2720 tty->index = idx; 2721 tty_line_name(driver, idx, tty->name); 2722 tty->dev = tty_get_device(tty); 2723 2724 return tty; 2725 } 2726 2727 /** 2728 * tty_put_char - write one character to a tty 2729 * @tty: tty 2730 * @ch: character 2731 * 2732 * Write one byte to the tty using the provided put_char method 2733 * if present. Returns the number of characters successfully output. 2734 * 2735 * Note: the specific put_char operation in the driver layer may go 2736 * away soon. Don't call it directly, use this method 2737 */ 2738 2739 int tty_put_char(struct tty_struct *tty, unsigned char ch) 2740 { 2741 if (tty->ops->put_char) 2742 return tty->ops->put_char(tty, ch); 2743 return tty->ops->write(tty, &ch, 1); 2744 } 2745 EXPORT_SYMBOL_GPL(tty_put_char); 2746 2747 struct class *tty_class; 2748 2749 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 2750 unsigned int index, unsigned int count) 2751 { 2752 int err; 2753 2754 /* init here, since reused cdevs cause crashes */ 2755 driver->cdevs[index] = cdev_alloc(); 2756 if (!driver->cdevs[index]) 2757 return -ENOMEM; 2758 driver->cdevs[index]->ops = &tty_fops; 2759 driver->cdevs[index]->owner = driver->owner; 2760 err = cdev_add(driver->cdevs[index], dev, count); 2761 if (err) 2762 kobject_put(&driver->cdevs[index]->kobj); 2763 return err; 2764 } 2765 2766 /** 2767 * tty_register_device - register a tty device 2768 * @driver: the tty driver that describes the tty device 2769 * @index: the index in the tty driver for this tty device 2770 * @device: a struct device that is associated with this tty device. 2771 * This field is optional, if there is no known struct device 2772 * for this tty device it can be set to NULL safely. 2773 * 2774 * Returns a pointer to the struct device for this tty device 2775 * (or ERR_PTR(-EFOO) on error). 2776 * 2777 * This call is required to be made to register an individual tty device 2778 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 2779 * that bit is not set, this function should not be called by a tty 2780 * driver. 2781 * 2782 * Locking: ?? 2783 */ 2784 2785 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 2786 struct device *device) 2787 { 2788 return tty_register_device_attr(driver, index, device, NULL, NULL); 2789 } 2790 EXPORT_SYMBOL(tty_register_device); 2791 2792 static void tty_device_create_release(struct device *dev) 2793 { 2794 dev_dbg(dev, "releasing...\n"); 2795 kfree(dev); 2796 } 2797 2798 /** 2799 * tty_register_device_attr - register a tty device 2800 * @driver: the tty driver that describes the tty device 2801 * @index: the index in the tty driver for this tty device 2802 * @device: a struct device that is associated with this tty device. 2803 * This field is optional, if there is no known struct device 2804 * for this tty device it can be set to NULL safely. 2805 * @drvdata: Driver data to be set to device. 2806 * @attr_grp: Attribute group to be set on device. 2807 * 2808 * Returns a pointer to the struct device for this tty device 2809 * (or ERR_PTR(-EFOO) on error). 2810 * 2811 * This call is required to be made to register an individual tty device 2812 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 2813 * that bit is not set, this function should not be called by a tty 2814 * driver. 2815 * 2816 * Locking: ?? 2817 */ 2818 struct device *tty_register_device_attr(struct tty_driver *driver, 2819 unsigned index, struct device *device, 2820 void *drvdata, 2821 const struct attribute_group **attr_grp) 2822 { 2823 char name[64]; 2824 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 2825 struct ktermios *tp; 2826 struct device *dev; 2827 int retval; 2828 2829 if (index >= driver->num) { 2830 pr_err("%s: Attempt to register invalid tty line number (%d)\n", 2831 driver->name, index); 2832 return ERR_PTR(-EINVAL); 2833 } 2834 2835 if (driver->type == TTY_DRIVER_TYPE_PTY) 2836 pty_line_name(driver, index, name); 2837 else 2838 tty_line_name(driver, index, name); 2839 2840 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 2841 if (!dev) 2842 return ERR_PTR(-ENOMEM); 2843 2844 dev->devt = devt; 2845 dev->class = tty_class; 2846 dev->parent = device; 2847 dev->release = tty_device_create_release; 2848 dev_set_name(dev, "%s", name); 2849 dev->groups = attr_grp; 2850 dev_set_drvdata(dev, drvdata); 2851 2852 dev_set_uevent_suppress(dev, 1); 2853 2854 retval = device_register(dev); 2855 if (retval) 2856 goto err_put; 2857 2858 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 2859 /* 2860 * Free any saved termios data so that the termios state is 2861 * reset when reusing a minor number. 2862 */ 2863 tp = driver->termios[index]; 2864 if (tp) { 2865 driver->termios[index] = NULL; 2866 kfree(tp); 2867 } 2868 2869 retval = tty_cdev_add(driver, devt, index, 1); 2870 if (retval) 2871 goto err_del; 2872 } 2873 2874 dev_set_uevent_suppress(dev, 0); 2875 kobject_uevent(&dev->kobj, KOBJ_ADD); 2876 2877 return dev; 2878 2879 err_del: 2880 device_del(dev); 2881 err_put: 2882 put_device(dev); 2883 2884 return ERR_PTR(retval); 2885 } 2886 EXPORT_SYMBOL_GPL(tty_register_device_attr); 2887 2888 /** 2889 * tty_unregister_device - unregister a tty device 2890 * @driver: the tty driver that describes the tty device 2891 * @index: the index in the tty driver for this tty device 2892 * 2893 * If a tty device is registered with a call to tty_register_device() then 2894 * this function must be called when the tty device is gone. 2895 * 2896 * Locking: ?? 2897 */ 2898 2899 void tty_unregister_device(struct tty_driver *driver, unsigned index) 2900 { 2901 device_destroy(tty_class, 2902 MKDEV(driver->major, driver->minor_start) + index); 2903 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 2904 cdev_del(driver->cdevs[index]); 2905 driver->cdevs[index] = NULL; 2906 } 2907 } 2908 EXPORT_SYMBOL(tty_unregister_device); 2909 2910 /** 2911 * __tty_alloc_driver -- allocate tty driver 2912 * @lines: count of lines this driver can handle at most 2913 * @owner: module which is responsible for this driver 2914 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 2915 * 2916 * This should not be called directly, some of the provided macros should be 2917 * used instead. Use IS_ERR and friends on @retval. 2918 */ 2919 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 2920 unsigned long flags) 2921 { 2922 struct tty_driver *driver; 2923 unsigned int cdevs = 1; 2924 int err; 2925 2926 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 2927 return ERR_PTR(-EINVAL); 2928 2929 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL); 2930 if (!driver) 2931 return ERR_PTR(-ENOMEM); 2932 2933 kref_init(&driver->kref); 2934 driver->magic = TTY_DRIVER_MAGIC; 2935 driver->num = lines; 2936 driver->owner = owner; 2937 driver->flags = flags; 2938 2939 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 2940 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 2941 GFP_KERNEL); 2942 driver->termios = kcalloc(lines, sizeof(*driver->termios), 2943 GFP_KERNEL); 2944 if (!driver->ttys || !driver->termios) { 2945 err = -ENOMEM; 2946 goto err_free_all; 2947 } 2948 } 2949 2950 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 2951 driver->ports = kcalloc(lines, sizeof(*driver->ports), 2952 GFP_KERNEL); 2953 if (!driver->ports) { 2954 err = -ENOMEM; 2955 goto err_free_all; 2956 } 2957 cdevs = lines; 2958 } 2959 2960 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 2961 if (!driver->cdevs) { 2962 err = -ENOMEM; 2963 goto err_free_all; 2964 } 2965 2966 return driver; 2967 err_free_all: 2968 kfree(driver->ports); 2969 kfree(driver->ttys); 2970 kfree(driver->termios); 2971 kfree(driver->cdevs); 2972 kfree(driver); 2973 return ERR_PTR(err); 2974 } 2975 EXPORT_SYMBOL(__tty_alloc_driver); 2976 2977 static void destruct_tty_driver(struct kref *kref) 2978 { 2979 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 2980 int i; 2981 struct ktermios *tp; 2982 2983 if (driver->flags & TTY_DRIVER_INSTALLED) { 2984 for (i = 0; i < driver->num; i++) { 2985 tp = driver->termios[i]; 2986 if (tp) { 2987 driver->termios[i] = NULL; 2988 kfree(tp); 2989 } 2990 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 2991 tty_unregister_device(driver, i); 2992 } 2993 proc_tty_unregister_driver(driver); 2994 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 2995 cdev_del(driver->cdevs[0]); 2996 } 2997 kfree(driver->cdevs); 2998 kfree(driver->ports); 2999 kfree(driver->termios); 3000 kfree(driver->ttys); 3001 kfree(driver); 3002 } 3003 3004 void tty_driver_kref_put(struct tty_driver *driver) 3005 { 3006 kref_put(&driver->kref, destruct_tty_driver); 3007 } 3008 EXPORT_SYMBOL(tty_driver_kref_put); 3009 3010 void tty_set_operations(struct tty_driver *driver, 3011 const struct tty_operations *op) 3012 { 3013 driver->ops = op; 3014 }; 3015 EXPORT_SYMBOL(tty_set_operations); 3016 3017 void put_tty_driver(struct tty_driver *d) 3018 { 3019 tty_driver_kref_put(d); 3020 } 3021 EXPORT_SYMBOL(put_tty_driver); 3022 3023 /* 3024 * Called by a tty driver to register itself. 3025 */ 3026 int tty_register_driver(struct tty_driver *driver) 3027 { 3028 int error; 3029 int i; 3030 dev_t dev; 3031 struct device *d; 3032 3033 if (!driver->major) { 3034 error = alloc_chrdev_region(&dev, driver->minor_start, 3035 driver->num, driver->name); 3036 if (!error) { 3037 driver->major = MAJOR(dev); 3038 driver->minor_start = MINOR(dev); 3039 } 3040 } else { 3041 dev = MKDEV(driver->major, driver->minor_start); 3042 error = register_chrdev_region(dev, driver->num, driver->name); 3043 } 3044 if (error < 0) 3045 goto err; 3046 3047 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3048 error = tty_cdev_add(driver, dev, 0, driver->num); 3049 if (error) 3050 goto err_unreg_char; 3051 } 3052 3053 mutex_lock(&tty_mutex); 3054 list_add(&driver->tty_drivers, &tty_drivers); 3055 mutex_unlock(&tty_mutex); 3056 3057 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3058 for (i = 0; i < driver->num; i++) { 3059 d = tty_register_device(driver, i, NULL); 3060 if (IS_ERR(d)) { 3061 error = PTR_ERR(d); 3062 goto err_unreg_devs; 3063 } 3064 } 3065 } 3066 proc_tty_register_driver(driver); 3067 driver->flags |= TTY_DRIVER_INSTALLED; 3068 return 0; 3069 3070 err_unreg_devs: 3071 for (i--; i >= 0; i--) 3072 tty_unregister_device(driver, i); 3073 3074 mutex_lock(&tty_mutex); 3075 list_del(&driver->tty_drivers); 3076 mutex_unlock(&tty_mutex); 3077 3078 err_unreg_char: 3079 unregister_chrdev_region(dev, driver->num); 3080 err: 3081 return error; 3082 } 3083 EXPORT_SYMBOL(tty_register_driver); 3084 3085 /* 3086 * Called by a tty driver to unregister itself. 3087 */ 3088 int tty_unregister_driver(struct tty_driver *driver) 3089 { 3090 #if 0 3091 /* FIXME */ 3092 if (driver->refcount) 3093 return -EBUSY; 3094 #endif 3095 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3096 driver->num); 3097 mutex_lock(&tty_mutex); 3098 list_del(&driver->tty_drivers); 3099 mutex_unlock(&tty_mutex); 3100 return 0; 3101 } 3102 3103 EXPORT_SYMBOL(tty_unregister_driver); 3104 3105 dev_t tty_devnum(struct tty_struct *tty) 3106 { 3107 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3108 } 3109 EXPORT_SYMBOL(tty_devnum); 3110 3111 void tty_default_fops(struct file_operations *fops) 3112 { 3113 *fops = tty_fops; 3114 } 3115 3116 static char *tty_devnode(struct device *dev, umode_t *mode) 3117 { 3118 if (!mode) 3119 return NULL; 3120 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3121 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3122 *mode = 0666; 3123 return NULL; 3124 } 3125 3126 static int __init tty_class_init(void) 3127 { 3128 tty_class = class_create(THIS_MODULE, "tty"); 3129 if (IS_ERR(tty_class)) 3130 return PTR_ERR(tty_class); 3131 tty_class->devnode = tty_devnode; 3132 return 0; 3133 } 3134 3135 postcore_initcall(tty_class_init); 3136 3137 /* 3/2004 jmc: why do these devices exist? */ 3138 static struct cdev tty_cdev, console_cdev; 3139 3140 static ssize_t show_cons_active(struct device *dev, 3141 struct device_attribute *attr, char *buf) 3142 { 3143 struct console *cs[16]; 3144 int i = 0; 3145 struct console *c; 3146 ssize_t count = 0; 3147 3148 console_lock(); 3149 for_each_console(c) { 3150 if (!c->device) 3151 continue; 3152 if (!c->write) 3153 continue; 3154 if ((c->flags & CON_ENABLED) == 0) 3155 continue; 3156 cs[i++] = c; 3157 if (i >= ARRAY_SIZE(cs)) 3158 break; 3159 } 3160 while (i--) { 3161 int index = cs[i]->index; 3162 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3163 3164 /* don't resolve tty0 as some programs depend on it */ 3165 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3166 count += tty_line_name(drv, index, buf + count); 3167 else 3168 count += sprintf(buf + count, "%s%d", 3169 cs[i]->name, cs[i]->index); 3170 3171 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3172 } 3173 console_unlock(); 3174 3175 return count; 3176 } 3177 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3178 3179 static struct attribute *cons_dev_attrs[] = { 3180 &dev_attr_active.attr, 3181 NULL 3182 }; 3183 3184 ATTRIBUTE_GROUPS(cons_dev); 3185 3186 static struct device *consdev; 3187 3188 void console_sysfs_notify(void) 3189 { 3190 if (consdev) 3191 sysfs_notify(&consdev->kobj, NULL, "active"); 3192 } 3193 3194 /* 3195 * Ok, now we can initialize the rest of the tty devices and can count 3196 * on memory allocations, interrupts etc.. 3197 */ 3198 int __init tty_init(void) 3199 { 3200 cdev_init(&tty_cdev, &tty_fops); 3201 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3202 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3203 panic("Couldn't register /dev/tty driver\n"); 3204 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3205 3206 cdev_init(&console_cdev, &console_fops); 3207 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3208 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3209 panic("Couldn't register /dev/console driver\n"); 3210 consdev = device_create_with_groups(tty_class, NULL, 3211 MKDEV(TTYAUX_MAJOR, 1), NULL, 3212 cons_dev_groups, "console"); 3213 if (IS_ERR(consdev)) 3214 consdev = NULL; 3215 3216 #ifdef CONFIG_VT 3217 vty_init(&console_fops); 3218 #endif 3219 return 0; 3220 } 3221 3222