1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 /* 7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 8 * or rs-channels. It also implements echoing, cooked mode etc. 9 * 10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 11 * 12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 13 * tty_struct and tty_queue structures. Previously there was an array 14 * of 256 tty_struct's which was statically allocated, and the 15 * tty_queue structures were allocated at boot time. Both are now 16 * dynamically allocated only when the tty is open. 17 * 18 * Also restructured routines so that there is more of a separation 19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 20 * the low-level tty routines (serial.c, pty.c, console.c). This 21 * makes for cleaner and more compact code. -TYT, 9/17/92 22 * 23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 24 * which can be dynamically activated and de-activated by the line 25 * discipline handling modules (like SLIP). 26 * 27 * NOTE: pay no attention to the line discipline code (yet); its 28 * interface is still subject to change in this version... 29 * -- TYT, 1/31/92 30 * 31 * Added functionality to the OPOST tty handling. No delays, but all 32 * other bits should be there. 33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 34 * 35 * Rewrote canonical mode and added more termios flags. 36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 37 * 38 * Reorganized FASYNC support so mouse code can share it. 39 * -- ctm@ardi.com, 9Sep95 40 * 41 * New TIOCLINUX variants added. 42 * -- mj@k332.feld.cvut.cz, 19-Nov-95 43 * 44 * Restrict vt switching via ioctl() 45 * -- grif@cs.ucr.edu, 5-Dec-95 46 * 47 * Move console and virtual terminal code to more appropriate files, 48 * implement CONFIG_VT and generalize console device interface. 49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 50 * 51 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 52 * -- Bill Hawes <whawes@star.net>, June 97 53 * 54 * Added devfs support. 55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 56 * 57 * Added support for a Unix98-style ptmx device. 58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 59 * 60 * Reduced memory usage for older ARM systems 61 * -- Russell King <rmk@arm.linux.org.uk> 62 * 63 * Move do_SAK() into process context. Less stack use in devfs functions. 64 * alloc_tty_struct() always uses kmalloc() 65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 66 */ 67 68 #include <linux/types.h> 69 #include <linux/major.h> 70 #include <linux/errno.h> 71 #include <linux/signal.h> 72 #include <linux/fcntl.h> 73 #include <linux/sched/signal.h> 74 #include <linux/sched/task.h> 75 #include <linux/interrupt.h> 76 #include <linux/tty.h> 77 #include <linux/tty_driver.h> 78 #include <linux/tty_flip.h> 79 #include <linux/devpts_fs.h> 80 #include <linux/file.h> 81 #include <linux/fdtable.h> 82 #include <linux/console.h> 83 #include <linux/timer.h> 84 #include <linux/ctype.h> 85 #include <linux/kd.h> 86 #include <linux/mm.h> 87 #include <linux/string.h> 88 #include <linux/slab.h> 89 #include <linux/poll.h> 90 #include <linux/ppp-ioctl.h> 91 #include <linux/proc_fs.h> 92 #include <linux/init.h> 93 #include <linux/module.h> 94 #include <linux/device.h> 95 #include <linux/wait.h> 96 #include <linux/bitops.h> 97 #include <linux/delay.h> 98 #include <linux/seq_file.h> 99 #include <linux/serial.h> 100 #include <linux/ratelimit.h> 101 #include <linux/compat.h> 102 103 #include <linux/uaccess.h> 104 105 #include <linux/kbd_kern.h> 106 #include <linux/vt_kern.h> 107 #include <linux/selection.h> 108 109 #include <linux/kmod.h> 110 #include <linux/nsproxy.h> 111 112 #undef TTY_DEBUG_HANGUP 113 #ifdef TTY_DEBUG_HANGUP 114 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 115 #else 116 # define tty_debug_hangup(tty, f, args...) do { } while (0) 117 #endif 118 119 #define TTY_PARANOIA_CHECK 1 120 #define CHECK_TTY_COUNT 1 121 122 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 123 .c_iflag = ICRNL | IXON, 124 .c_oflag = OPOST | ONLCR, 125 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 126 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 127 ECHOCTL | ECHOKE | IEXTEN, 128 .c_cc = INIT_C_CC, 129 .c_ispeed = 38400, 130 .c_ospeed = 38400, 131 /* .c_line = N_TTY, */ 132 }; 133 134 EXPORT_SYMBOL(tty_std_termios); 135 136 /* This list gets poked at by procfs and various bits of boot up code. This 137 could do with some rationalisation such as pulling the tty proc function 138 into this file */ 139 140 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 141 142 /* Mutex to protect creating and releasing a tty */ 143 DEFINE_MUTEX(tty_mutex); 144 145 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 146 static ssize_t tty_write(struct kiocb *, struct iov_iter *); 147 static __poll_t tty_poll(struct file *, poll_table *); 148 static int tty_open(struct inode *, struct file *); 149 #ifdef CONFIG_COMPAT 150 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 151 unsigned long arg); 152 #else 153 #define tty_compat_ioctl NULL 154 #endif 155 static int __tty_fasync(int fd, struct file *filp, int on); 156 static int tty_fasync(int fd, struct file *filp, int on); 157 static void release_tty(struct tty_struct *tty, int idx); 158 159 /** 160 * free_tty_struct - free a disused tty 161 * @tty: tty struct to free 162 * 163 * Free the write buffers, tty queue and tty memory itself. 164 * 165 * Locking: none. Must be called after tty is definitely unused 166 */ 167 168 static void free_tty_struct(struct tty_struct *tty) 169 { 170 tty_ldisc_deinit(tty); 171 put_device(tty->dev); 172 kfree(tty->write_buf); 173 tty->magic = 0xDEADDEAD; 174 kfree(tty); 175 } 176 177 static inline struct tty_struct *file_tty(struct file *file) 178 { 179 return ((struct tty_file_private *)file->private_data)->tty; 180 } 181 182 int tty_alloc_file(struct file *file) 183 { 184 struct tty_file_private *priv; 185 186 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 187 if (!priv) 188 return -ENOMEM; 189 190 file->private_data = priv; 191 192 return 0; 193 } 194 195 /* Associate a new file with the tty structure */ 196 void tty_add_file(struct tty_struct *tty, struct file *file) 197 { 198 struct tty_file_private *priv = file->private_data; 199 200 priv->tty = tty; 201 priv->file = file; 202 203 spin_lock(&tty->files_lock); 204 list_add(&priv->list, &tty->tty_files); 205 spin_unlock(&tty->files_lock); 206 } 207 208 /* 209 * tty_free_file - free file->private_data 210 * 211 * This shall be used only for fail path handling when tty_add_file was not 212 * called yet. 213 */ 214 void tty_free_file(struct file *file) 215 { 216 struct tty_file_private *priv = file->private_data; 217 218 file->private_data = NULL; 219 kfree(priv); 220 } 221 222 /* Delete file from its tty */ 223 static void tty_del_file(struct file *file) 224 { 225 struct tty_file_private *priv = file->private_data; 226 struct tty_struct *tty = priv->tty; 227 228 spin_lock(&tty->files_lock); 229 list_del(&priv->list); 230 spin_unlock(&tty->files_lock); 231 tty_free_file(file); 232 } 233 234 /** 235 * tty_name - return tty naming 236 * @tty: tty structure 237 * 238 * Convert a tty structure into a name. The name reflects the kernel 239 * naming policy and if udev is in use may not reflect user space 240 * 241 * Locking: none 242 */ 243 244 const char *tty_name(const struct tty_struct *tty) 245 { 246 if (!tty) /* Hmm. NULL pointer. That's fun. */ 247 return "NULL tty"; 248 return tty->name; 249 } 250 251 EXPORT_SYMBOL(tty_name); 252 253 const char *tty_driver_name(const struct tty_struct *tty) 254 { 255 if (!tty || !tty->driver) 256 return ""; 257 return tty->driver->name; 258 } 259 260 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 261 const char *routine) 262 { 263 #ifdef TTY_PARANOIA_CHECK 264 if (!tty) { 265 pr_warn("(%d:%d): %s: NULL tty\n", 266 imajor(inode), iminor(inode), routine); 267 return 1; 268 } 269 if (tty->magic != TTY_MAGIC) { 270 pr_warn("(%d:%d): %s: bad magic number\n", 271 imajor(inode), iminor(inode), routine); 272 return 1; 273 } 274 #endif 275 return 0; 276 } 277 278 /* Caller must hold tty_lock */ 279 static int check_tty_count(struct tty_struct *tty, const char *routine) 280 { 281 #ifdef CHECK_TTY_COUNT 282 struct list_head *p; 283 int count = 0, kopen_count = 0; 284 285 spin_lock(&tty->files_lock); 286 list_for_each(p, &tty->tty_files) { 287 count++; 288 } 289 spin_unlock(&tty->files_lock); 290 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 291 tty->driver->subtype == PTY_TYPE_SLAVE && 292 tty->link && tty->link->count) 293 count++; 294 if (tty_port_kopened(tty->port)) 295 kopen_count++; 296 if (tty->count != (count + kopen_count)) { 297 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n", 298 routine, tty->count, count, kopen_count); 299 return (count + kopen_count); 300 } 301 #endif 302 return 0; 303 } 304 305 /** 306 * get_tty_driver - find device of a tty 307 * @device: device identifier 308 * @index: returns the index of the tty 309 * 310 * This routine returns a tty driver structure, given a device number 311 * and also passes back the index number. 312 * 313 * Locking: caller must hold tty_mutex 314 */ 315 316 static struct tty_driver *get_tty_driver(dev_t device, int *index) 317 { 318 struct tty_driver *p; 319 320 list_for_each_entry(p, &tty_drivers, tty_drivers) { 321 dev_t base = MKDEV(p->major, p->minor_start); 322 if (device < base || device >= base + p->num) 323 continue; 324 *index = device - base; 325 return tty_driver_kref_get(p); 326 } 327 return NULL; 328 } 329 330 /** 331 * tty_dev_name_to_number - return dev_t for device name 332 * @name: user space name of device under /dev 333 * @number: pointer to dev_t that this function will populate 334 * 335 * This function converts device names like ttyS0 or ttyUSB1 into dev_t 336 * like (4, 64) or (188, 1). If no corresponding driver is registered then 337 * the function returns -ENODEV. 338 * 339 * Locking: this acquires tty_mutex to protect the tty_drivers list from 340 * being modified while we are traversing it, and makes sure to 341 * release it before exiting. 342 */ 343 int tty_dev_name_to_number(const char *name, dev_t *number) 344 { 345 struct tty_driver *p; 346 int ret; 347 int index, prefix_length = 0; 348 const char *str; 349 350 for (str = name; *str && !isdigit(*str); str++) 351 ; 352 353 if (!*str) 354 return -EINVAL; 355 356 ret = kstrtoint(str, 10, &index); 357 if (ret) 358 return ret; 359 360 prefix_length = str - name; 361 mutex_lock(&tty_mutex); 362 363 list_for_each_entry(p, &tty_drivers, tty_drivers) 364 if (prefix_length == strlen(p->name) && strncmp(name, 365 p->name, prefix_length) == 0) { 366 if (index < p->num) { 367 *number = MKDEV(p->major, p->minor_start + index); 368 goto out; 369 } 370 } 371 372 /* if here then driver wasn't found */ 373 ret = -ENODEV; 374 out: 375 mutex_unlock(&tty_mutex); 376 return ret; 377 } 378 EXPORT_SYMBOL_GPL(tty_dev_name_to_number); 379 380 #ifdef CONFIG_CONSOLE_POLL 381 382 /** 383 * tty_find_polling_driver - find device of a polled tty 384 * @name: name string to match 385 * @line: pointer to resulting tty line nr 386 * 387 * This routine returns a tty driver structure, given a name 388 * and the condition that the tty driver is capable of polled 389 * operation. 390 */ 391 struct tty_driver *tty_find_polling_driver(char *name, int *line) 392 { 393 struct tty_driver *p, *res = NULL; 394 int tty_line = 0; 395 int len; 396 char *str, *stp; 397 398 for (str = name; *str; str++) 399 if ((*str >= '0' && *str <= '9') || *str == ',') 400 break; 401 if (!*str) 402 return NULL; 403 404 len = str - name; 405 tty_line = simple_strtoul(str, &str, 10); 406 407 mutex_lock(&tty_mutex); 408 /* Search through the tty devices to look for a match */ 409 list_for_each_entry(p, &tty_drivers, tty_drivers) { 410 if (!len || strncmp(name, p->name, len) != 0) 411 continue; 412 stp = str; 413 if (*stp == ',') 414 stp++; 415 if (*stp == '\0') 416 stp = NULL; 417 418 if (tty_line >= 0 && tty_line < p->num && p->ops && 419 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 420 res = tty_driver_kref_get(p); 421 *line = tty_line; 422 break; 423 } 424 } 425 mutex_unlock(&tty_mutex); 426 427 return res; 428 } 429 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 430 #endif 431 432 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 433 size_t count, loff_t *ppos) 434 { 435 return 0; 436 } 437 438 static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from) 439 { 440 return -EIO; 441 } 442 443 /* No kernel lock held - none needed ;) */ 444 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait) 445 { 446 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM; 447 } 448 449 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 450 unsigned long arg) 451 { 452 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 453 } 454 455 static long hung_up_tty_compat_ioctl(struct file *file, 456 unsigned int cmd, unsigned long arg) 457 { 458 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 459 } 460 461 static int hung_up_tty_fasync(int fd, struct file *file, int on) 462 { 463 return -ENOTTY; 464 } 465 466 static void tty_show_fdinfo(struct seq_file *m, struct file *file) 467 { 468 struct tty_struct *tty = file_tty(file); 469 470 if (tty && tty->ops && tty->ops->show_fdinfo) 471 tty->ops->show_fdinfo(tty, m); 472 } 473 474 static const struct file_operations tty_fops = { 475 .llseek = no_llseek, 476 .read = tty_read, 477 .write_iter = tty_write, 478 .splice_write = iter_file_splice_write, 479 .poll = tty_poll, 480 .unlocked_ioctl = tty_ioctl, 481 .compat_ioctl = tty_compat_ioctl, 482 .open = tty_open, 483 .release = tty_release, 484 .fasync = tty_fasync, 485 .show_fdinfo = tty_show_fdinfo, 486 }; 487 488 static const struct file_operations console_fops = { 489 .llseek = no_llseek, 490 .read = tty_read, 491 .write_iter = redirected_tty_write, 492 .splice_write = iter_file_splice_write, 493 .poll = tty_poll, 494 .unlocked_ioctl = tty_ioctl, 495 .compat_ioctl = tty_compat_ioctl, 496 .open = tty_open, 497 .release = tty_release, 498 .fasync = tty_fasync, 499 }; 500 501 static const struct file_operations hung_up_tty_fops = { 502 .llseek = no_llseek, 503 .read = hung_up_tty_read, 504 .write_iter = hung_up_tty_write, 505 .poll = hung_up_tty_poll, 506 .unlocked_ioctl = hung_up_tty_ioctl, 507 .compat_ioctl = hung_up_tty_compat_ioctl, 508 .release = tty_release, 509 .fasync = hung_up_tty_fasync, 510 }; 511 512 static DEFINE_SPINLOCK(redirect_lock); 513 static struct file *redirect; 514 515 /** 516 * tty_wakeup - request more data 517 * @tty: terminal 518 * 519 * Internal and external helper for wakeups of tty. This function 520 * informs the line discipline if present that the driver is ready 521 * to receive more output data. 522 */ 523 524 void tty_wakeup(struct tty_struct *tty) 525 { 526 struct tty_ldisc *ld; 527 528 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 529 ld = tty_ldisc_ref(tty); 530 if (ld) { 531 if (ld->ops->write_wakeup) 532 ld->ops->write_wakeup(tty); 533 tty_ldisc_deref(ld); 534 } 535 } 536 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 537 } 538 539 EXPORT_SYMBOL_GPL(tty_wakeup); 540 541 /** 542 * __tty_hangup - actual handler for hangup events 543 * @tty: tty device 544 * @exit_session: if non-zero, signal all foreground group processes 545 * 546 * This can be called by a "kworker" kernel thread. That is process 547 * synchronous but doesn't hold any locks, so we need to make sure we 548 * have the appropriate locks for what we're doing. 549 * 550 * The hangup event clears any pending redirections onto the hung up 551 * device. It ensures future writes will error and it does the needed 552 * line discipline hangup and signal delivery. The tty object itself 553 * remains intact. 554 * 555 * Locking: 556 * BTM 557 * redirect lock for undoing redirection 558 * file list lock for manipulating list of ttys 559 * tty_ldiscs_lock from called functions 560 * termios_rwsem resetting termios data 561 * tasklist_lock to walk task list for hangup event 562 * ->siglock to protect ->signal/->sighand 563 */ 564 static void __tty_hangup(struct tty_struct *tty, int exit_session) 565 { 566 struct file *cons_filp = NULL; 567 struct file *filp, *f = NULL; 568 struct tty_file_private *priv; 569 int closecount = 0, n; 570 int refs; 571 572 if (!tty) 573 return; 574 575 576 spin_lock(&redirect_lock); 577 if (redirect && file_tty(redirect) == tty) { 578 f = redirect; 579 redirect = NULL; 580 } 581 spin_unlock(&redirect_lock); 582 583 tty_lock(tty); 584 585 if (test_bit(TTY_HUPPED, &tty->flags)) { 586 tty_unlock(tty); 587 return; 588 } 589 590 /* 591 * Some console devices aren't actually hung up for technical and 592 * historical reasons, which can lead to indefinite interruptible 593 * sleep in n_tty_read(). The following explicitly tells 594 * n_tty_read() to abort readers. 595 */ 596 set_bit(TTY_HUPPING, &tty->flags); 597 598 /* inuse_filps is protected by the single tty lock, 599 this really needs to change if we want to flush the 600 workqueue with the lock held */ 601 check_tty_count(tty, "tty_hangup"); 602 603 spin_lock(&tty->files_lock); 604 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 605 list_for_each_entry(priv, &tty->tty_files, list) { 606 filp = priv->file; 607 if (filp->f_op->write_iter == redirected_tty_write) 608 cons_filp = filp; 609 if (filp->f_op->write_iter != tty_write) 610 continue; 611 closecount++; 612 __tty_fasync(-1, filp, 0); /* can't block */ 613 filp->f_op = &hung_up_tty_fops; 614 } 615 spin_unlock(&tty->files_lock); 616 617 refs = tty_signal_session_leader(tty, exit_session); 618 /* Account for the p->signal references we killed */ 619 while (refs--) 620 tty_kref_put(tty); 621 622 tty_ldisc_hangup(tty, cons_filp != NULL); 623 624 spin_lock_irq(&tty->ctrl_lock); 625 clear_bit(TTY_THROTTLED, &tty->flags); 626 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 627 put_pid(tty->session); 628 put_pid(tty->pgrp); 629 tty->session = NULL; 630 tty->pgrp = NULL; 631 tty->ctrl_status = 0; 632 spin_unlock_irq(&tty->ctrl_lock); 633 634 /* 635 * If one of the devices matches a console pointer, we 636 * cannot just call hangup() because that will cause 637 * tty->count and state->count to go out of sync. 638 * So we just call close() the right number of times. 639 */ 640 if (cons_filp) { 641 if (tty->ops->close) 642 for (n = 0; n < closecount; n++) 643 tty->ops->close(tty, cons_filp); 644 } else if (tty->ops->hangup) 645 tty->ops->hangup(tty); 646 /* 647 * We don't want to have driver/ldisc interactions beyond the ones 648 * we did here. The driver layer expects no calls after ->hangup() 649 * from the ldisc side, which is now guaranteed. 650 */ 651 set_bit(TTY_HUPPED, &tty->flags); 652 clear_bit(TTY_HUPPING, &tty->flags); 653 tty_unlock(tty); 654 655 if (f) 656 fput(f); 657 } 658 659 static void do_tty_hangup(struct work_struct *work) 660 { 661 struct tty_struct *tty = 662 container_of(work, struct tty_struct, hangup_work); 663 664 __tty_hangup(tty, 0); 665 } 666 667 /** 668 * tty_hangup - trigger a hangup event 669 * @tty: tty to hangup 670 * 671 * A carrier loss (virtual or otherwise) has occurred on this like 672 * schedule a hangup sequence to run after this event. 673 */ 674 675 void tty_hangup(struct tty_struct *tty) 676 { 677 tty_debug_hangup(tty, "hangup\n"); 678 schedule_work(&tty->hangup_work); 679 } 680 681 EXPORT_SYMBOL(tty_hangup); 682 683 /** 684 * tty_vhangup - process vhangup 685 * @tty: tty to hangup 686 * 687 * The user has asked via system call for the terminal to be hung up. 688 * We do this synchronously so that when the syscall returns the process 689 * is complete. That guarantee is necessary for security reasons. 690 */ 691 692 void tty_vhangup(struct tty_struct *tty) 693 { 694 tty_debug_hangup(tty, "vhangup\n"); 695 __tty_hangup(tty, 0); 696 } 697 698 EXPORT_SYMBOL(tty_vhangup); 699 700 701 /** 702 * tty_vhangup_self - process vhangup for own ctty 703 * 704 * Perform a vhangup on the current controlling tty 705 */ 706 707 void tty_vhangup_self(void) 708 { 709 struct tty_struct *tty; 710 711 tty = get_current_tty(); 712 if (tty) { 713 tty_vhangup(tty); 714 tty_kref_put(tty); 715 } 716 } 717 718 /** 719 * tty_vhangup_session - hangup session leader exit 720 * @tty: tty to hangup 721 * 722 * The session leader is exiting and hanging up its controlling terminal. 723 * Every process in the foreground process group is signalled SIGHUP. 724 * 725 * We do this synchronously so that when the syscall returns the process 726 * is complete. That guarantee is necessary for security reasons. 727 */ 728 729 void tty_vhangup_session(struct tty_struct *tty) 730 { 731 tty_debug_hangup(tty, "session hangup\n"); 732 __tty_hangup(tty, 1); 733 } 734 735 /** 736 * tty_hung_up_p - was tty hung up 737 * @filp: file pointer of tty 738 * 739 * Return true if the tty has been subject to a vhangup or a carrier 740 * loss 741 */ 742 743 int tty_hung_up_p(struct file *filp) 744 { 745 return (filp && filp->f_op == &hung_up_tty_fops); 746 } 747 748 EXPORT_SYMBOL(tty_hung_up_p); 749 750 /** 751 * stop_tty - propagate flow control 752 * @tty: tty to stop 753 * 754 * Perform flow control to the driver. May be called 755 * on an already stopped device and will not re-call the driver 756 * method. 757 * 758 * This functionality is used by both the line disciplines for 759 * halting incoming flow and by the driver. It may therefore be 760 * called from any context, may be under the tty atomic_write_lock 761 * but not always. 762 * 763 * Locking: 764 * flow_lock 765 */ 766 767 void __stop_tty(struct tty_struct *tty) 768 { 769 if (tty->stopped) 770 return; 771 tty->stopped = 1; 772 if (tty->ops->stop) 773 tty->ops->stop(tty); 774 } 775 776 void stop_tty(struct tty_struct *tty) 777 { 778 unsigned long flags; 779 780 spin_lock_irqsave(&tty->flow_lock, flags); 781 __stop_tty(tty); 782 spin_unlock_irqrestore(&tty->flow_lock, flags); 783 } 784 EXPORT_SYMBOL(stop_tty); 785 786 /** 787 * start_tty - propagate flow control 788 * @tty: tty to start 789 * 790 * Start a tty that has been stopped if at all possible. If this 791 * tty was previous stopped and is now being started, the driver 792 * start method is invoked and the line discipline woken. 793 * 794 * Locking: 795 * flow_lock 796 */ 797 798 void __start_tty(struct tty_struct *tty) 799 { 800 if (!tty->stopped || tty->flow_stopped) 801 return; 802 tty->stopped = 0; 803 if (tty->ops->start) 804 tty->ops->start(tty); 805 tty_wakeup(tty); 806 } 807 808 void start_tty(struct tty_struct *tty) 809 { 810 unsigned long flags; 811 812 spin_lock_irqsave(&tty->flow_lock, flags); 813 __start_tty(tty); 814 spin_unlock_irqrestore(&tty->flow_lock, flags); 815 } 816 EXPORT_SYMBOL(start_tty); 817 818 static void tty_update_time(struct timespec64 *time) 819 { 820 time64_t sec = ktime_get_real_seconds(); 821 822 /* 823 * We only care if the two values differ in anything other than the 824 * lower three bits (i.e every 8 seconds). If so, then we can update 825 * the time of the tty device, otherwise it could be construded as a 826 * security leak to let userspace know the exact timing of the tty. 827 */ 828 if ((sec ^ time->tv_sec) & ~7) 829 time->tv_sec = sec; 830 } 831 832 /** 833 * tty_read - read method for tty device files 834 * @file: pointer to tty file 835 * @buf: user buffer 836 * @count: size of user buffer 837 * @ppos: unused 838 * 839 * Perform the read system call function on this terminal device. Checks 840 * for hung up devices before calling the line discipline method. 841 * 842 * Locking: 843 * Locks the line discipline internally while needed. Multiple 844 * read calls may be outstanding in parallel. 845 */ 846 847 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 848 loff_t *ppos) 849 { 850 int i; 851 struct inode *inode = file_inode(file); 852 struct tty_struct *tty = file_tty(file); 853 struct tty_ldisc *ld; 854 855 if (tty_paranoia_check(tty, inode, "tty_read")) 856 return -EIO; 857 if (!tty || tty_io_error(tty)) 858 return -EIO; 859 860 /* We want to wait for the line discipline to sort out in this 861 situation */ 862 ld = tty_ldisc_ref_wait(tty); 863 if (!ld) 864 return hung_up_tty_read(file, buf, count, ppos); 865 if (ld->ops->read) 866 i = ld->ops->read(tty, file, buf, count); 867 else 868 i = -EIO; 869 tty_ldisc_deref(ld); 870 871 if (i > 0) 872 tty_update_time(&inode->i_atime); 873 874 return i; 875 } 876 877 static void tty_write_unlock(struct tty_struct *tty) 878 { 879 mutex_unlock(&tty->atomic_write_lock); 880 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 881 } 882 883 static int tty_write_lock(struct tty_struct *tty, int ndelay) 884 { 885 if (!mutex_trylock(&tty->atomic_write_lock)) { 886 if (ndelay) 887 return -EAGAIN; 888 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 889 return -ERESTARTSYS; 890 } 891 return 0; 892 } 893 894 /* 895 * Split writes up in sane blocksizes to avoid 896 * denial-of-service type attacks 897 */ 898 static inline ssize_t do_tty_write( 899 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 900 struct tty_struct *tty, 901 struct file *file, 902 struct iov_iter *from) 903 { 904 size_t count = iov_iter_count(from); 905 ssize_t ret, written = 0; 906 unsigned int chunk; 907 908 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 909 if (ret < 0) 910 return ret; 911 912 /* 913 * We chunk up writes into a temporary buffer. This 914 * simplifies low-level drivers immensely, since they 915 * don't have locking issues and user mode accesses. 916 * 917 * But if TTY_NO_WRITE_SPLIT is set, we should use a 918 * big chunk-size.. 919 * 920 * The default chunk-size is 2kB, because the NTTY 921 * layer has problems with bigger chunks. It will 922 * claim to be able to handle more characters than 923 * it actually does. 924 * 925 * FIXME: This can probably go away now except that 64K chunks 926 * are too likely to fail unless switched to vmalloc... 927 */ 928 chunk = 2048; 929 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 930 chunk = 65536; 931 if (count < chunk) 932 chunk = count; 933 934 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 935 if (tty->write_cnt < chunk) { 936 unsigned char *buf_chunk; 937 938 if (chunk < 1024) 939 chunk = 1024; 940 941 buf_chunk = kmalloc(chunk, GFP_KERNEL); 942 if (!buf_chunk) { 943 ret = -ENOMEM; 944 goto out; 945 } 946 kfree(tty->write_buf); 947 tty->write_cnt = chunk; 948 tty->write_buf = buf_chunk; 949 } 950 951 /* Do the write .. */ 952 for (;;) { 953 size_t size = count; 954 if (size > chunk) 955 size = chunk; 956 957 ret = -EFAULT; 958 if (copy_from_iter(tty->write_buf, size, from) != size) 959 break; 960 961 ret = write(tty, file, tty->write_buf, size); 962 if (ret <= 0) 963 break; 964 965 /* FIXME! Have Al check this! */ 966 if (ret != size) 967 iov_iter_revert(from, size-ret); 968 969 written += ret; 970 count -= ret; 971 if (!count) 972 break; 973 ret = -ERESTARTSYS; 974 if (signal_pending(current)) 975 break; 976 cond_resched(); 977 } 978 if (written) { 979 tty_update_time(&file_inode(file)->i_mtime); 980 ret = written; 981 } 982 out: 983 tty_write_unlock(tty); 984 return ret; 985 } 986 987 /** 988 * tty_write_message - write a message to a certain tty, not just the console. 989 * @tty: the destination tty_struct 990 * @msg: the message to write 991 * 992 * This is used for messages that need to be redirected to a specific tty. 993 * We don't put it into the syslog queue right now maybe in the future if 994 * really needed. 995 * 996 * We must still hold the BTM and test the CLOSING flag for the moment. 997 */ 998 999 void tty_write_message(struct tty_struct *tty, char *msg) 1000 { 1001 if (tty) { 1002 mutex_lock(&tty->atomic_write_lock); 1003 tty_lock(tty); 1004 if (tty->ops->write && tty->count > 0) 1005 tty->ops->write(tty, msg, strlen(msg)); 1006 tty_unlock(tty); 1007 tty_write_unlock(tty); 1008 } 1009 return; 1010 } 1011 1012 1013 /** 1014 * tty_write - write method for tty device file 1015 * @file: tty file pointer 1016 * @buf: user data to write 1017 * @count: bytes to write 1018 * @ppos: unused 1019 * 1020 * Write data to a tty device via the line discipline. 1021 * 1022 * Locking: 1023 * Locks the line discipline as required 1024 * Writes to the tty driver are serialized by the atomic_write_lock 1025 * and are then processed in chunks to the device. The line discipline 1026 * write method will not be invoked in parallel for each device. 1027 */ 1028 1029 static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from) 1030 { 1031 struct file *file = iocb->ki_filp; 1032 struct tty_struct *tty = file_tty(file); 1033 struct tty_ldisc *ld; 1034 ssize_t ret; 1035 1036 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1037 return -EIO; 1038 if (!tty || !tty->ops->write || tty_io_error(tty)) 1039 return -EIO; 1040 /* Short term debug to catch buggy drivers */ 1041 if (tty->ops->write_room == NULL) 1042 tty_err(tty, "missing write_room method\n"); 1043 ld = tty_ldisc_ref_wait(tty); 1044 if (!ld) 1045 return hung_up_tty_write(iocb, from); 1046 if (!ld->ops->write) 1047 ret = -EIO; 1048 else 1049 ret = do_tty_write(ld->ops->write, tty, file, from); 1050 tty_ldisc_deref(ld); 1051 return ret; 1052 } 1053 1054 ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter) 1055 { 1056 struct file *p = NULL; 1057 1058 spin_lock(&redirect_lock); 1059 if (redirect) 1060 p = get_file(redirect); 1061 spin_unlock(&redirect_lock); 1062 1063 if (p) { 1064 ssize_t res; 1065 res = vfs_iocb_iter_write(p, iocb, iter); 1066 fput(p); 1067 return res; 1068 } 1069 return tty_write(iocb, iter); 1070 } 1071 1072 /* 1073 * tty_send_xchar - send priority character 1074 * 1075 * Send a high priority character to the tty even if stopped 1076 * 1077 * Locking: none for xchar method, write ordering for write method. 1078 */ 1079 1080 int tty_send_xchar(struct tty_struct *tty, char ch) 1081 { 1082 int was_stopped = tty->stopped; 1083 1084 if (tty->ops->send_xchar) { 1085 down_read(&tty->termios_rwsem); 1086 tty->ops->send_xchar(tty, ch); 1087 up_read(&tty->termios_rwsem); 1088 return 0; 1089 } 1090 1091 if (tty_write_lock(tty, 0) < 0) 1092 return -ERESTARTSYS; 1093 1094 down_read(&tty->termios_rwsem); 1095 if (was_stopped) 1096 start_tty(tty); 1097 tty->ops->write(tty, &ch, 1); 1098 if (was_stopped) 1099 stop_tty(tty); 1100 up_read(&tty->termios_rwsem); 1101 tty_write_unlock(tty); 1102 return 0; 1103 } 1104 1105 static char ptychar[] = "pqrstuvwxyzabcde"; 1106 1107 /** 1108 * pty_line_name - generate name for a pty 1109 * @driver: the tty driver in use 1110 * @index: the minor number 1111 * @p: output buffer of at least 6 bytes 1112 * 1113 * Generate a name from a driver reference and write it to the output 1114 * buffer. 1115 * 1116 * Locking: None 1117 */ 1118 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1119 { 1120 int i = index + driver->name_base; 1121 /* ->name is initialized to "ttyp", but "tty" is expected */ 1122 sprintf(p, "%s%c%x", 1123 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1124 ptychar[i >> 4 & 0xf], i & 0xf); 1125 } 1126 1127 /** 1128 * tty_line_name - generate name for a tty 1129 * @driver: the tty driver in use 1130 * @index: the minor number 1131 * @p: output buffer of at least 7 bytes 1132 * 1133 * Generate a name from a driver reference and write it to the output 1134 * buffer. 1135 * 1136 * Locking: None 1137 */ 1138 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1139 { 1140 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1141 return sprintf(p, "%s", driver->name); 1142 else 1143 return sprintf(p, "%s%d", driver->name, 1144 index + driver->name_base); 1145 } 1146 1147 /** 1148 * tty_driver_lookup_tty() - find an existing tty, if any 1149 * @driver: the driver for the tty 1150 * @file: file object 1151 * @idx: the minor number 1152 * 1153 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the 1154 * driver lookup() method returns an error. 1155 * 1156 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1157 */ 1158 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1159 struct file *file, int idx) 1160 { 1161 struct tty_struct *tty; 1162 1163 if (driver->ops->lookup) 1164 if (!file) 1165 tty = ERR_PTR(-EIO); 1166 else 1167 tty = driver->ops->lookup(driver, file, idx); 1168 else 1169 tty = driver->ttys[idx]; 1170 1171 if (!IS_ERR(tty)) 1172 tty_kref_get(tty); 1173 return tty; 1174 } 1175 1176 /** 1177 * tty_init_termios - helper for termios setup 1178 * @tty: the tty to set up 1179 * 1180 * Initialise the termios structure for this tty. This runs under 1181 * the tty_mutex currently so we can be relaxed about ordering. 1182 */ 1183 1184 void tty_init_termios(struct tty_struct *tty) 1185 { 1186 struct ktermios *tp; 1187 int idx = tty->index; 1188 1189 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1190 tty->termios = tty->driver->init_termios; 1191 else { 1192 /* Check for lazy saved data */ 1193 tp = tty->driver->termios[idx]; 1194 if (tp != NULL) { 1195 tty->termios = *tp; 1196 tty->termios.c_line = tty->driver->init_termios.c_line; 1197 } else 1198 tty->termios = tty->driver->init_termios; 1199 } 1200 /* Compatibility until drivers always set this */ 1201 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1202 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1203 } 1204 EXPORT_SYMBOL_GPL(tty_init_termios); 1205 1206 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1207 { 1208 tty_init_termios(tty); 1209 tty_driver_kref_get(driver); 1210 tty->count++; 1211 driver->ttys[tty->index] = tty; 1212 return 0; 1213 } 1214 EXPORT_SYMBOL_GPL(tty_standard_install); 1215 1216 /** 1217 * tty_driver_install_tty() - install a tty entry in the driver 1218 * @driver: the driver for the tty 1219 * @tty: the tty 1220 * 1221 * Install a tty object into the driver tables. The tty->index field 1222 * will be set by the time this is called. This method is responsible 1223 * for ensuring any need additional structures are allocated and 1224 * configured. 1225 * 1226 * Locking: tty_mutex for now 1227 */ 1228 static int tty_driver_install_tty(struct tty_driver *driver, 1229 struct tty_struct *tty) 1230 { 1231 return driver->ops->install ? driver->ops->install(driver, tty) : 1232 tty_standard_install(driver, tty); 1233 } 1234 1235 /** 1236 * tty_driver_remove_tty() - remove a tty from the driver tables 1237 * @driver: the driver for the tty 1238 * @tty: tty to remove 1239 * 1240 * Remvoe a tty object from the driver tables. The tty->index field 1241 * will be set by the time this is called. 1242 * 1243 * Locking: tty_mutex for now 1244 */ 1245 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1246 { 1247 if (driver->ops->remove) 1248 driver->ops->remove(driver, tty); 1249 else 1250 driver->ttys[tty->index] = NULL; 1251 } 1252 1253 /** 1254 * tty_reopen() - fast re-open of an open tty 1255 * @tty: the tty to open 1256 * 1257 * Return 0 on success, -errno on error. 1258 * Re-opens on master ptys are not allowed and return -EIO. 1259 * 1260 * Locking: Caller must hold tty_lock 1261 */ 1262 static int tty_reopen(struct tty_struct *tty) 1263 { 1264 struct tty_driver *driver = tty->driver; 1265 struct tty_ldisc *ld; 1266 int retval = 0; 1267 1268 if (driver->type == TTY_DRIVER_TYPE_PTY && 1269 driver->subtype == PTY_TYPE_MASTER) 1270 return -EIO; 1271 1272 if (!tty->count) 1273 return -EAGAIN; 1274 1275 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1276 return -EBUSY; 1277 1278 ld = tty_ldisc_ref_wait(tty); 1279 if (ld) { 1280 tty_ldisc_deref(ld); 1281 } else { 1282 retval = tty_ldisc_lock(tty, 5 * HZ); 1283 if (retval) 1284 return retval; 1285 1286 if (!tty->ldisc) 1287 retval = tty_ldisc_reinit(tty, tty->termios.c_line); 1288 tty_ldisc_unlock(tty); 1289 } 1290 1291 if (retval == 0) 1292 tty->count++; 1293 1294 return retval; 1295 } 1296 1297 /** 1298 * tty_init_dev - initialise a tty device 1299 * @driver: tty driver we are opening a device on 1300 * @idx: device index 1301 * 1302 * Prepare a tty device. This may not be a "new" clean device but 1303 * could also be an active device. The pty drivers require special 1304 * handling because of this. 1305 * 1306 * Locking: 1307 * The function is called under the tty_mutex, which 1308 * protects us from the tty struct or driver itself going away. 1309 * 1310 * On exit the tty device has the line discipline attached and 1311 * a reference count of 1. If a pair was created for pty/tty use 1312 * and the other was a pty master then it too has a reference count of 1. 1313 * 1314 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1315 * failed open. The new code protects the open with a mutex, so it's 1316 * really quite straightforward. The mutex locking can probably be 1317 * relaxed for the (most common) case of reopening a tty. 1318 * 1319 * Return: returned tty structure 1320 */ 1321 1322 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1323 { 1324 struct tty_struct *tty; 1325 int retval; 1326 1327 /* 1328 * First time open is complex, especially for PTY devices. 1329 * This code guarantees that either everything succeeds and the 1330 * TTY is ready for operation, or else the table slots are vacated 1331 * and the allocated memory released. (Except that the termios 1332 * may be retained.) 1333 */ 1334 1335 if (!try_module_get(driver->owner)) 1336 return ERR_PTR(-ENODEV); 1337 1338 tty = alloc_tty_struct(driver, idx); 1339 if (!tty) { 1340 retval = -ENOMEM; 1341 goto err_module_put; 1342 } 1343 1344 tty_lock(tty); 1345 retval = tty_driver_install_tty(driver, tty); 1346 if (retval < 0) 1347 goto err_free_tty; 1348 1349 if (!tty->port) 1350 tty->port = driver->ports[idx]; 1351 1352 if (WARN_RATELIMIT(!tty->port, 1353 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n", 1354 __func__, tty->driver->name)) { 1355 retval = -EINVAL; 1356 goto err_release_lock; 1357 } 1358 1359 retval = tty_ldisc_lock(tty, 5 * HZ); 1360 if (retval) 1361 goto err_release_lock; 1362 tty->port->itty = tty; 1363 1364 /* 1365 * Structures all installed ... call the ldisc open routines. 1366 * If we fail here just call release_tty to clean up. No need 1367 * to decrement the use counts, as release_tty doesn't care. 1368 */ 1369 retval = tty_ldisc_setup(tty, tty->link); 1370 if (retval) 1371 goto err_release_tty; 1372 tty_ldisc_unlock(tty); 1373 /* Return the tty locked so that it cannot vanish under the caller */ 1374 return tty; 1375 1376 err_free_tty: 1377 tty_unlock(tty); 1378 free_tty_struct(tty); 1379 err_module_put: 1380 module_put(driver->owner); 1381 return ERR_PTR(retval); 1382 1383 /* call the tty release_tty routine to clean out this slot */ 1384 err_release_tty: 1385 tty_ldisc_unlock(tty); 1386 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", 1387 retval, idx); 1388 err_release_lock: 1389 tty_unlock(tty); 1390 release_tty(tty, idx); 1391 return ERR_PTR(retval); 1392 } 1393 1394 /** 1395 * tty_save_termios() - save tty termios data in driver table 1396 * @tty: tty whose termios data to save 1397 * 1398 * Locking: Caller guarantees serialisation with tty_init_termios(). 1399 */ 1400 void tty_save_termios(struct tty_struct *tty) 1401 { 1402 struct ktermios *tp; 1403 int idx = tty->index; 1404 1405 /* If the port is going to reset then it has no termios to save */ 1406 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1407 return; 1408 1409 /* Stash the termios data */ 1410 tp = tty->driver->termios[idx]; 1411 if (tp == NULL) { 1412 tp = kmalloc(sizeof(*tp), GFP_KERNEL); 1413 if (tp == NULL) 1414 return; 1415 tty->driver->termios[idx] = tp; 1416 } 1417 *tp = tty->termios; 1418 } 1419 EXPORT_SYMBOL_GPL(tty_save_termios); 1420 1421 /** 1422 * tty_flush_works - flush all works of a tty/pty pair 1423 * @tty: tty device to flush works for (or either end of a pty pair) 1424 * 1425 * Sync flush all works belonging to @tty (and the 'other' tty). 1426 */ 1427 static void tty_flush_works(struct tty_struct *tty) 1428 { 1429 flush_work(&tty->SAK_work); 1430 flush_work(&tty->hangup_work); 1431 if (tty->link) { 1432 flush_work(&tty->link->SAK_work); 1433 flush_work(&tty->link->hangup_work); 1434 } 1435 } 1436 1437 /** 1438 * release_one_tty - release tty structure memory 1439 * @work: work of tty we are obliterating 1440 * 1441 * Releases memory associated with a tty structure, and clears out the 1442 * driver table slots. This function is called when a device is no longer 1443 * in use. It also gets called when setup of a device fails. 1444 * 1445 * Locking: 1446 * takes the file list lock internally when working on the list 1447 * of ttys that the driver keeps. 1448 * 1449 * This method gets called from a work queue so that the driver private 1450 * cleanup ops can sleep (needed for USB at least) 1451 */ 1452 static void release_one_tty(struct work_struct *work) 1453 { 1454 struct tty_struct *tty = 1455 container_of(work, struct tty_struct, hangup_work); 1456 struct tty_driver *driver = tty->driver; 1457 struct module *owner = driver->owner; 1458 1459 if (tty->ops->cleanup) 1460 tty->ops->cleanup(tty); 1461 1462 tty->magic = 0; 1463 tty_driver_kref_put(driver); 1464 module_put(owner); 1465 1466 spin_lock(&tty->files_lock); 1467 list_del_init(&tty->tty_files); 1468 spin_unlock(&tty->files_lock); 1469 1470 put_pid(tty->pgrp); 1471 put_pid(tty->session); 1472 free_tty_struct(tty); 1473 } 1474 1475 static void queue_release_one_tty(struct kref *kref) 1476 { 1477 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1478 1479 /* The hangup queue is now free so we can reuse it rather than 1480 waste a chunk of memory for each port */ 1481 INIT_WORK(&tty->hangup_work, release_one_tty); 1482 schedule_work(&tty->hangup_work); 1483 } 1484 1485 /** 1486 * tty_kref_put - release a tty kref 1487 * @tty: tty device 1488 * 1489 * Release a reference to a tty device and if need be let the kref 1490 * layer destruct the object for us 1491 */ 1492 1493 void tty_kref_put(struct tty_struct *tty) 1494 { 1495 if (tty) 1496 kref_put(&tty->kref, queue_release_one_tty); 1497 } 1498 EXPORT_SYMBOL(tty_kref_put); 1499 1500 /** 1501 * release_tty - release tty structure memory 1502 * @tty: tty device release 1503 * @idx: index of the tty device release 1504 * 1505 * Release both @tty and a possible linked partner (think pty pair), 1506 * and decrement the refcount of the backing module. 1507 * 1508 * Locking: 1509 * tty_mutex 1510 * takes the file list lock internally when working on the list 1511 * of ttys that the driver keeps. 1512 * 1513 */ 1514 static void release_tty(struct tty_struct *tty, int idx) 1515 { 1516 /* This should always be true but check for the moment */ 1517 WARN_ON(tty->index != idx); 1518 WARN_ON(!mutex_is_locked(&tty_mutex)); 1519 if (tty->ops->shutdown) 1520 tty->ops->shutdown(tty); 1521 tty_save_termios(tty); 1522 tty_driver_remove_tty(tty->driver, tty); 1523 if (tty->port) 1524 tty->port->itty = NULL; 1525 if (tty->link) 1526 tty->link->port->itty = NULL; 1527 if (tty->port) 1528 tty_buffer_cancel_work(tty->port); 1529 if (tty->link) 1530 tty_buffer_cancel_work(tty->link->port); 1531 1532 tty_kref_put(tty->link); 1533 tty_kref_put(tty); 1534 } 1535 1536 /** 1537 * tty_release_checks - check a tty before real release 1538 * @tty: tty to check 1539 * @idx: index of the tty 1540 * 1541 * Performs some paranoid checking before true release of the @tty. 1542 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1543 */ 1544 static int tty_release_checks(struct tty_struct *tty, int idx) 1545 { 1546 #ifdef TTY_PARANOIA_CHECK 1547 if (idx < 0 || idx >= tty->driver->num) { 1548 tty_debug(tty, "bad idx %d\n", idx); 1549 return -1; 1550 } 1551 1552 /* not much to check for devpts */ 1553 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1554 return 0; 1555 1556 if (tty != tty->driver->ttys[idx]) { 1557 tty_debug(tty, "bad driver table[%d] = %p\n", 1558 idx, tty->driver->ttys[idx]); 1559 return -1; 1560 } 1561 if (tty->driver->other) { 1562 struct tty_struct *o_tty = tty->link; 1563 1564 if (o_tty != tty->driver->other->ttys[idx]) { 1565 tty_debug(tty, "bad other table[%d] = %p\n", 1566 idx, tty->driver->other->ttys[idx]); 1567 return -1; 1568 } 1569 if (o_tty->link != tty) { 1570 tty_debug(tty, "bad link = %p\n", o_tty->link); 1571 return -1; 1572 } 1573 } 1574 #endif 1575 return 0; 1576 } 1577 1578 /** 1579 * tty_kclose - closes tty opened by tty_kopen 1580 * @tty: tty device 1581 * 1582 * Performs the final steps to release and free a tty device. It is the 1583 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED 1584 * flag on tty->port. 1585 */ 1586 void tty_kclose(struct tty_struct *tty) 1587 { 1588 /* 1589 * Ask the line discipline code to release its structures 1590 */ 1591 tty_ldisc_release(tty); 1592 1593 /* Wait for pending work before tty destruction commmences */ 1594 tty_flush_works(tty); 1595 1596 tty_debug_hangup(tty, "freeing structure\n"); 1597 /* 1598 * The release_tty function takes care of the details of clearing 1599 * the slots and preserving the termios structure. 1600 */ 1601 mutex_lock(&tty_mutex); 1602 tty_port_set_kopened(tty->port, 0); 1603 release_tty(tty, tty->index); 1604 mutex_unlock(&tty_mutex); 1605 } 1606 EXPORT_SYMBOL_GPL(tty_kclose); 1607 1608 /** 1609 * tty_release_struct - release a tty struct 1610 * @tty: tty device 1611 * @idx: index of the tty 1612 * 1613 * Performs the final steps to release and free a tty device. It is 1614 * roughly the reverse of tty_init_dev. 1615 */ 1616 void tty_release_struct(struct tty_struct *tty, int idx) 1617 { 1618 /* 1619 * Ask the line discipline code to release its structures 1620 */ 1621 tty_ldisc_release(tty); 1622 1623 /* Wait for pending work before tty destruction commmences */ 1624 tty_flush_works(tty); 1625 1626 tty_debug_hangup(tty, "freeing structure\n"); 1627 /* 1628 * The release_tty function takes care of the details of clearing 1629 * the slots and preserving the termios structure. 1630 */ 1631 mutex_lock(&tty_mutex); 1632 release_tty(tty, idx); 1633 mutex_unlock(&tty_mutex); 1634 } 1635 EXPORT_SYMBOL_GPL(tty_release_struct); 1636 1637 /** 1638 * tty_release - vfs callback for close 1639 * @inode: inode of tty 1640 * @filp: file pointer for handle to tty 1641 * 1642 * Called the last time each file handle is closed that references 1643 * this tty. There may however be several such references. 1644 * 1645 * Locking: 1646 * Takes bkl. See tty_release_dev 1647 * 1648 * Even releasing the tty structures is a tricky business.. We have 1649 * to be very careful that the structures are all released at the 1650 * same time, as interrupts might otherwise get the wrong pointers. 1651 * 1652 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1653 * lead to double frees or releasing memory still in use. 1654 */ 1655 1656 int tty_release(struct inode *inode, struct file *filp) 1657 { 1658 struct tty_struct *tty = file_tty(filp); 1659 struct tty_struct *o_tty = NULL; 1660 int do_sleep, final; 1661 int idx; 1662 long timeout = 0; 1663 int once = 1; 1664 1665 if (tty_paranoia_check(tty, inode, __func__)) 1666 return 0; 1667 1668 tty_lock(tty); 1669 check_tty_count(tty, __func__); 1670 1671 __tty_fasync(-1, filp, 0); 1672 1673 idx = tty->index; 1674 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1675 tty->driver->subtype == PTY_TYPE_MASTER) 1676 o_tty = tty->link; 1677 1678 if (tty_release_checks(tty, idx)) { 1679 tty_unlock(tty); 1680 return 0; 1681 } 1682 1683 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count); 1684 1685 if (tty->ops->close) 1686 tty->ops->close(tty, filp); 1687 1688 /* If tty is pty master, lock the slave pty (stable lock order) */ 1689 tty_lock_slave(o_tty); 1690 1691 /* 1692 * Sanity check: if tty->count is going to zero, there shouldn't be 1693 * any waiters on tty->read_wait or tty->write_wait. We test the 1694 * wait queues and kick everyone out _before_ actually starting to 1695 * close. This ensures that we won't block while releasing the tty 1696 * structure. 1697 * 1698 * The test for the o_tty closing is necessary, since the master and 1699 * slave sides may close in any order. If the slave side closes out 1700 * first, its count will be one, since the master side holds an open. 1701 * Thus this test wouldn't be triggered at the time the slave closed, 1702 * so we do it now. 1703 */ 1704 while (1) { 1705 do_sleep = 0; 1706 1707 if (tty->count <= 1) { 1708 if (waitqueue_active(&tty->read_wait)) { 1709 wake_up_poll(&tty->read_wait, EPOLLIN); 1710 do_sleep++; 1711 } 1712 if (waitqueue_active(&tty->write_wait)) { 1713 wake_up_poll(&tty->write_wait, EPOLLOUT); 1714 do_sleep++; 1715 } 1716 } 1717 if (o_tty && o_tty->count <= 1) { 1718 if (waitqueue_active(&o_tty->read_wait)) { 1719 wake_up_poll(&o_tty->read_wait, EPOLLIN); 1720 do_sleep++; 1721 } 1722 if (waitqueue_active(&o_tty->write_wait)) { 1723 wake_up_poll(&o_tty->write_wait, EPOLLOUT); 1724 do_sleep++; 1725 } 1726 } 1727 if (!do_sleep) 1728 break; 1729 1730 if (once) { 1731 once = 0; 1732 tty_warn(tty, "read/write wait queue active!\n"); 1733 } 1734 schedule_timeout_killable(timeout); 1735 if (timeout < 120 * HZ) 1736 timeout = 2 * timeout + 1; 1737 else 1738 timeout = MAX_SCHEDULE_TIMEOUT; 1739 } 1740 1741 if (o_tty) { 1742 if (--o_tty->count < 0) { 1743 tty_warn(tty, "bad slave count (%d)\n", o_tty->count); 1744 o_tty->count = 0; 1745 } 1746 } 1747 if (--tty->count < 0) { 1748 tty_warn(tty, "bad tty->count (%d)\n", tty->count); 1749 tty->count = 0; 1750 } 1751 1752 /* 1753 * We've decremented tty->count, so we need to remove this file 1754 * descriptor off the tty->tty_files list; this serves two 1755 * purposes: 1756 * - check_tty_count sees the correct number of file descriptors 1757 * associated with this tty. 1758 * - do_tty_hangup no longer sees this file descriptor as 1759 * something that needs to be handled for hangups. 1760 */ 1761 tty_del_file(filp); 1762 1763 /* 1764 * Perform some housekeeping before deciding whether to return. 1765 * 1766 * If _either_ side is closing, make sure there aren't any 1767 * processes that still think tty or o_tty is their controlling 1768 * tty. 1769 */ 1770 if (!tty->count) { 1771 read_lock(&tasklist_lock); 1772 session_clear_tty(tty->session); 1773 if (o_tty) 1774 session_clear_tty(o_tty->session); 1775 read_unlock(&tasklist_lock); 1776 } 1777 1778 /* check whether both sides are closing ... */ 1779 final = !tty->count && !(o_tty && o_tty->count); 1780 1781 tty_unlock_slave(o_tty); 1782 tty_unlock(tty); 1783 1784 /* At this point, the tty->count == 0 should ensure a dead tty 1785 cannot be re-opened by a racing opener */ 1786 1787 if (!final) 1788 return 0; 1789 1790 tty_debug_hangup(tty, "final close\n"); 1791 1792 tty_release_struct(tty, idx); 1793 return 0; 1794 } 1795 1796 /** 1797 * tty_open_current_tty - get locked tty of current task 1798 * @device: device number 1799 * @filp: file pointer to tty 1800 * @return: locked tty of the current task iff @device is /dev/tty 1801 * 1802 * Performs a re-open of the current task's controlling tty. 1803 * 1804 * We cannot return driver and index like for the other nodes because 1805 * devpts will not work then. It expects inodes to be from devpts FS. 1806 */ 1807 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1808 { 1809 struct tty_struct *tty; 1810 int retval; 1811 1812 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1813 return NULL; 1814 1815 tty = get_current_tty(); 1816 if (!tty) 1817 return ERR_PTR(-ENXIO); 1818 1819 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1820 /* noctty = 1; */ 1821 tty_lock(tty); 1822 tty_kref_put(tty); /* safe to drop the kref now */ 1823 1824 retval = tty_reopen(tty); 1825 if (retval < 0) { 1826 tty_unlock(tty); 1827 tty = ERR_PTR(retval); 1828 } 1829 return tty; 1830 } 1831 1832 /** 1833 * tty_lookup_driver - lookup a tty driver for a given device file 1834 * @device: device number 1835 * @filp: file pointer to tty 1836 * @index: index for the device in the @return driver 1837 * @return: driver for this inode (with increased refcount) 1838 * 1839 * If @return is not erroneous, the caller is responsible to decrement the 1840 * refcount by tty_driver_kref_put. 1841 * 1842 * Locking: tty_mutex protects get_tty_driver 1843 */ 1844 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1845 int *index) 1846 { 1847 struct tty_driver *driver = NULL; 1848 1849 switch (device) { 1850 #ifdef CONFIG_VT 1851 case MKDEV(TTY_MAJOR, 0): { 1852 extern struct tty_driver *console_driver; 1853 driver = tty_driver_kref_get(console_driver); 1854 *index = fg_console; 1855 break; 1856 } 1857 #endif 1858 case MKDEV(TTYAUX_MAJOR, 1): { 1859 struct tty_driver *console_driver = console_device(index); 1860 if (console_driver) { 1861 driver = tty_driver_kref_get(console_driver); 1862 if (driver && filp) { 1863 /* Don't let /dev/console block */ 1864 filp->f_flags |= O_NONBLOCK; 1865 break; 1866 } 1867 } 1868 if (driver) 1869 tty_driver_kref_put(driver); 1870 return ERR_PTR(-ENODEV); 1871 } 1872 default: 1873 driver = get_tty_driver(device, index); 1874 if (!driver) 1875 return ERR_PTR(-ENODEV); 1876 break; 1877 } 1878 return driver; 1879 } 1880 1881 /** 1882 * tty_kopen - open a tty device for kernel 1883 * @device: dev_t of device to open 1884 * 1885 * Opens tty exclusively for kernel. Performs the driver lookup, 1886 * makes sure it's not already opened and performs the first-time 1887 * tty initialization. 1888 * 1889 * Returns the locked initialized &tty_struct 1890 * 1891 * Claims the global tty_mutex to serialize: 1892 * - concurrent first-time tty initialization 1893 * - concurrent tty driver removal w/ lookup 1894 * - concurrent tty removal from driver table 1895 */ 1896 struct tty_struct *tty_kopen(dev_t device) 1897 { 1898 struct tty_struct *tty; 1899 struct tty_driver *driver; 1900 int index = -1; 1901 1902 mutex_lock(&tty_mutex); 1903 driver = tty_lookup_driver(device, NULL, &index); 1904 if (IS_ERR(driver)) { 1905 mutex_unlock(&tty_mutex); 1906 return ERR_CAST(driver); 1907 } 1908 1909 /* check whether we're reopening an existing tty */ 1910 tty = tty_driver_lookup_tty(driver, NULL, index); 1911 if (IS_ERR(tty)) 1912 goto out; 1913 1914 if (tty) { 1915 /* drop kref from tty_driver_lookup_tty() */ 1916 tty_kref_put(tty); 1917 tty = ERR_PTR(-EBUSY); 1918 } else { /* tty_init_dev returns tty with the tty_lock held */ 1919 tty = tty_init_dev(driver, index); 1920 if (IS_ERR(tty)) 1921 goto out; 1922 tty_port_set_kopened(tty->port, 1); 1923 } 1924 out: 1925 mutex_unlock(&tty_mutex); 1926 tty_driver_kref_put(driver); 1927 return tty; 1928 } 1929 EXPORT_SYMBOL_GPL(tty_kopen); 1930 1931 /** 1932 * tty_open_by_driver - open a tty device 1933 * @device: dev_t of device to open 1934 * @filp: file pointer to tty 1935 * 1936 * Performs the driver lookup, checks for a reopen, or otherwise 1937 * performs the first-time tty initialization. 1938 * 1939 * Returns the locked initialized or re-opened &tty_struct 1940 * 1941 * Claims the global tty_mutex to serialize: 1942 * - concurrent first-time tty initialization 1943 * - concurrent tty driver removal w/ lookup 1944 * - concurrent tty removal from driver table 1945 */ 1946 static struct tty_struct *tty_open_by_driver(dev_t device, 1947 struct file *filp) 1948 { 1949 struct tty_struct *tty; 1950 struct tty_driver *driver = NULL; 1951 int index = -1; 1952 int retval; 1953 1954 mutex_lock(&tty_mutex); 1955 driver = tty_lookup_driver(device, filp, &index); 1956 if (IS_ERR(driver)) { 1957 mutex_unlock(&tty_mutex); 1958 return ERR_CAST(driver); 1959 } 1960 1961 /* check whether we're reopening an existing tty */ 1962 tty = tty_driver_lookup_tty(driver, filp, index); 1963 if (IS_ERR(tty)) { 1964 mutex_unlock(&tty_mutex); 1965 goto out; 1966 } 1967 1968 if (tty) { 1969 if (tty_port_kopened(tty->port)) { 1970 tty_kref_put(tty); 1971 mutex_unlock(&tty_mutex); 1972 tty = ERR_PTR(-EBUSY); 1973 goto out; 1974 } 1975 mutex_unlock(&tty_mutex); 1976 retval = tty_lock_interruptible(tty); 1977 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */ 1978 if (retval) { 1979 if (retval == -EINTR) 1980 retval = -ERESTARTSYS; 1981 tty = ERR_PTR(retval); 1982 goto out; 1983 } 1984 retval = tty_reopen(tty); 1985 if (retval < 0) { 1986 tty_unlock(tty); 1987 tty = ERR_PTR(retval); 1988 } 1989 } else { /* Returns with the tty_lock held for now */ 1990 tty = tty_init_dev(driver, index); 1991 mutex_unlock(&tty_mutex); 1992 } 1993 out: 1994 tty_driver_kref_put(driver); 1995 return tty; 1996 } 1997 1998 /** 1999 * tty_open - open a tty device 2000 * @inode: inode of device file 2001 * @filp: file pointer to tty 2002 * 2003 * tty_open and tty_release keep up the tty count that contains the 2004 * number of opens done on a tty. We cannot use the inode-count, as 2005 * different inodes might point to the same tty. 2006 * 2007 * Open-counting is needed for pty masters, as well as for keeping 2008 * track of serial lines: DTR is dropped when the last close happens. 2009 * (This is not done solely through tty->count, now. - Ted 1/27/92) 2010 * 2011 * The termios state of a pty is reset on first open so that 2012 * settings don't persist across reuse. 2013 * 2014 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 2015 * tty->count should protect the rest. 2016 * ->siglock protects ->signal/->sighand 2017 * 2018 * Note: the tty_unlock/lock cases without a ref are only safe due to 2019 * tty_mutex 2020 */ 2021 2022 static int tty_open(struct inode *inode, struct file *filp) 2023 { 2024 struct tty_struct *tty; 2025 int noctty, retval; 2026 dev_t device = inode->i_rdev; 2027 unsigned saved_flags = filp->f_flags; 2028 2029 nonseekable_open(inode, filp); 2030 2031 retry_open: 2032 retval = tty_alloc_file(filp); 2033 if (retval) 2034 return -ENOMEM; 2035 2036 tty = tty_open_current_tty(device, filp); 2037 if (!tty) 2038 tty = tty_open_by_driver(device, filp); 2039 2040 if (IS_ERR(tty)) { 2041 tty_free_file(filp); 2042 retval = PTR_ERR(tty); 2043 if (retval != -EAGAIN || signal_pending(current)) 2044 return retval; 2045 schedule(); 2046 goto retry_open; 2047 } 2048 2049 tty_add_file(tty, filp); 2050 2051 check_tty_count(tty, __func__); 2052 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 2053 2054 if (tty->ops->open) 2055 retval = tty->ops->open(tty, filp); 2056 else 2057 retval = -ENODEV; 2058 filp->f_flags = saved_flags; 2059 2060 if (retval) { 2061 tty_debug_hangup(tty, "open error %d, releasing\n", retval); 2062 2063 tty_unlock(tty); /* need to call tty_release without BTM */ 2064 tty_release(inode, filp); 2065 if (retval != -ERESTARTSYS) 2066 return retval; 2067 2068 if (signal_pending(current)) 2069 return retval; 2070 2071 schedule(); 2072 /* 2073 * Need to reset f_op in case a hangup happened. 2074 */ 2075 if (tty_hung_up_p(filp)) 2076 filp->f_op = &tty_fops; 2077 goto retry_open; 2078 } 2079 clear_bit(TTY_HUPPED, &tty->flags); 2080 2081 noctty = (filp->f_flags & O_NOCTTY) || 2082 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) || 2083 device == MKDEV(TTYAUX_MAJOR, 1) || 2084 (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2085 tty->driver->subtype == PTY_TYPE_MASTER); 2086 if (!noctty) 2087 tty_open_proc_set_tty(filp, tty); 2088 tty_unlock(tty); 2089 return 0; 2090 } 2091 2092 2093 2094 /** 2095 * tty_poll - check tty status 2096 * @filp: file being polled 2097 * @wait: poll wait structures to update 2098 * 2099 * Call the line discipline polling method to obtain the poll 2100 * status of the device. 2101 * 2102 * Locking: locks called line discipline but ldisc poll method 2103 * may be re-entered freely by other callers. 2104 */ 2105 2106 static __poll_t tty_poll(struct file *filp, poll_table *wait) 2107 { 2108 struct tty_struct *tty = file_tty(filp); 2109 struct tty_ldisc *ld; 2110 __poll_t ret = 0; 2111 2112 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2113 return 0; 2114 2115 ld = tty_ldisc_ref_wait(tty); 2116 if (!ld) 2117 return hung_up_tty_poll(filp, wait); 2118 if (ld->ops->poll) 2119 ret = ld->ops->poll(tty, filp, wait); 2120 tty_ldisc_deref(ld); 2121 return ret; 2122 } 2123 2124 static int __tty_fasync(int fd, struct file *filp, int on) 2125 { 2126 struct tty_struct *tty = file_tty(filp); 2127 unsigned long flags; 2128 int retval = 0; 2129 2130 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2131 goto out; 2132 2133 retval = fasync_helper(fd, filp, on, &tty->fasync); 2134 if (retval <= 0) 2135 goto out; 2136 2137 if (on) { 2138 enum pid_type type; 2139 struct pid *pid; 2140 2141 spin_lock_irqsave(&tty->ctrl_lock, flags); 2142 if (tty->pgrp) { 2143 pid = tty->pgrp; 2144 type = PIDTYPE_PGID; 2145 } else { 2146 pid = task_pid(current); 2147 type = PIDTYPE_TGID; 2148 } 2149 get_pid(pid); 2150 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2151 __f_setown(filp, pid, type, 0); 2152 put_pid(pid); 2153 retval = 0; 2154 } 2155 out: 2156 return retval; 2157 } 2158 2159 static int tty_fasync(int fd, struct file *filp, int on) 2160 { 2161 struct tty_struct *tty = file_tty(filp); 2162 int retval = -ENOTTY; 2163 2164 tty_lock(tty); 2165 if (!tty_hung_up_p(filp)) 2166 retval = __tty_fasync(fd, filp, on); 2167 tty_unlock(tty); 2168 2169 return retval; 2170 } 2171 2172 /** 2173 * tiocsti - fake input character 2174 * @tty: tty to fake input into 2175 * @p: pointer to character 2176 * 2177 * Fake input to a tty device. Does the necessary locking and 2178 * input management. 2179 * 2180 * FIXME: does not honour flow control ?? 2181 * 2182 * Locking: 2183 * Called functions take tty_ldiscs_lock 2184 * current->signal->tty check is safe without locks 2185 * 2186 * FIXME: may race normal receive processing 2187 */ 2188 2189 static int tiocsti(struct tty_struct *tty, char __user *p) 2190 { 2191 char ch, mbz = 0; 2192 struct tty_ldisc *ld; 2193 2194 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2195 return -EPERM; 2196 if (get_user(ch, p)) 2197 return -EFAULT; 2198 tty_audit_tiocsti(tty, ch); 2199 ld = tty_ldisc_ref_wait(tty); 2200 if (!ld) 2201 return -EIO; 2202 if (ld->ops->receive_buf) 2203 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2204 tty_ldisc_deref(ld); 2205 return 0; 2206 } 2207 2208 /** 2209 * tiocgwinsz - implement window query ioctl 2210 * @tty: tty 2211 * @arg: user buffer for result 2212 * 2213 * Copies the kernel idea of the window size into the user buffer. 2214 * 2215 * Locking: tty->winsize_mutex is taken to ensure the winsize data 2216 * is consistent. 2217 */ 2218 2219 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2220 { 2221 int err; 2222 2223 mutex_lock(&tty->winsize_mutex); 2224 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2225 mutex_unlock(&tty->winsize_mutex); 2226 2227 return err ? -EFAULT: 0; 2228 } 2229 2230 /** 2231 * tty_do_resize - resize event 2232 * @tty: tty being resized 2233 * @ws: new dimensions 2234 * 2235 * Update the termios variables and send the necessary signals to 2236 * peform a terminal resize correctly 2237 */ 2238 2239 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2240 { 2241 struct pid *pgrp; 2242 2243 /* Lock the tty */ 2244 mutex_lock(&tty->winsize_mutex); 2245 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2246 goto done; 2247 2248 /* Signal the foreground process group */ 2249 pgrp = tty_get_pgrp(tty); 2250 if (pgrp) 2251 kill_pgrp(pgrp, SIGWINCH, 1); 2252 put_pid(pgrp); 2253 2254 tty->winsize = *ws; 2255 done: 2256 mutex_unlock(&tty->winsize_mutex); 2257 return 0; 2258 } 2259 EXPORT_SYMBOL(tty_do_resize); 2260 2261 /** 2262 * tiocswinsz - implement window size set ioctl 2263 * @tty: tty side of tty 2264 * @arg: user buffer for result 2265 * 2266 * Copies the user idea of the window size to the kernel. Traditionally 2267 * this is just advisory information but for the Linux console it 2268 * actually has driver level meaning and triggers a VC resize. 2269 * 2270 * Locking: 2271 * Driver dependent. The default do_resize method takes the 2272 * tty termios mutex and ctrl_lock. The console takes its own lock 2273 * then calls into the default method. 2274 */ 2275 2276 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2277 { 2278 struct winsize tmp_ws; 2279 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2280 return -EFAULT; 2281 2282 if (tty->ops->resize) 2283 return tty->ops->resize(tty, &tmp_ws); 2284 else 2285 return tty_do_resize(tty, &tmp_ws); 2286 } 2287 2288 /** 2289 * tioccons - allow admin to move logical console 2290 * @file: the file to become console 2291 * 2292 * Allow the administrator to move the redirected console device 2293 * 2294 * Locking: uses redirect_lock to guard the redirect information 2295 */ 2296 2297 static int tioccons(struct file *file) 2298 { 2299 if (!capable(CAP_SYS_ADMIN)) 2300 return -EPERM; 2301 if (file->f_op->write_iter == redirected_tty_write) { 2302 struct file *f; 2303 spin_lock(&redirect_lock); 2304 f = redirect; 2305 redirect = NULL; 2306 spin_unlock(&redirect_lock); 2307 if (f) 2308 fput(f); 2309 return 0; 2310 } 2311 spin_lock(&redirect_lock); 2312 if (redirect) { 2313 spin_unlock(&redirect_lock); 2314 return -EBUSY; 2315 } 2316 redirect = get_file(file); 2317 spin_unlock(&redirect_lock); 2318 return 0; 2319 } 2320 2321 /** 2322 * tiocsetd - set line discipline 2323 * @tty: tty device 2324 * @p: pointer to user data 2325 * 2326 * Set the line discipline according to user request. 2327 * 2328 * Locking: see tty_set_ldisc, this function is just a helper 2329 */ 2330 2331 static int tiocsetd(struct tty_struct *tty, int __user *p) 2332 { 2333 int disc; 2334 int ret; 2335 2336 if (get_user(disc, p)) 2337 return -EFAULT; 2338 2339 ret = tty_set_ldisc(tty, disc); 2340 2341 return ret; 2342 } 2343 2344 /** 2345 * tiocgetd - get line discipline 2346 * @tty: tty device 2347 * @p: pointer to user data 2348 * 2349 * Retrieves the line discipline id directly from the ldisc. 2350 * 2351 * Locking: waits for ldisc reference (in case the line discipline 2352 * is changing or the tty is being hungup) 2353 */ 2354 2355 static int tiocgetd(struct tty_struct *tty, int __user *p) 2356 { 2357 struct tty_ldisc *ld; 2358 int ret; 2359 2360 ld = tty_ldisc_ref_wait(tty); 2361 if (!ld) 2362 return -EIO; 2363 ret = put_user(ld->ops->num, p); 2364 tty_ldisc_deref(ld); 2365 return ret; 2366 } 2367 2368 /** 2369 * send_break - performed time break 2370 * @tty: device to break on 2371 * @duration: timeout in mS 2372 * 2373 * Perform a timed break on hardware that lacks its own driver level 2374 * timed break functionality. 2375 * 2376 * Locking: 2377 * atomic_write_lock serializes 2378 * 2379 */ 2380 2381 static int send_break(struct tty_struct *tty, unsigned int duration) 2382 { 2383 int retval; 2384 2385 if (tty->ops->break_ctl == NULL) 2386 return 0; 2387 2388 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2389 retval = tty->ops->break_ctl(tty, duration); 2390 else { 2391 /* Do the work ourselves */ 2392 if (tty_write_lock(tty, 0) < 0) 2393 return -EINTR; 2394 retval = tty->ops->break_ctl(tty, -1); 2395 if (retval) 2396 goto out; 2397 if (!signal_pending(current)) 2398 msleep_interruptible(duration); 2399 retval = tty->ops->break_ctl(tty, 0); 2400 out: 2401 tty_write_unlock(tty); 2402 if (signal_pending(current)) 2403 retval = -EINTR; 2404 } 2405 return retval; 2406 } 2407 2408 /** 2409 * tty_tiocmget - get modem status 2410 * @tty: tty device 2411 * @p: pointer to result 2412 * 2413 * Obtain the modem status bits from the tty driver if the feature 2414 * is supported. Return -EINVAL if it is not available. 2415 * 2416 * Locking: none (up to the driver) 2417 */ 2418 2419 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2420 { 2421 int retval = -EINVAL; 2422 2423 if (tty->ops->tiocmget) { 2424 retval = tty->ops->tiocmget(tty); 2425 2426 if (retval >= 0) 2427 retval = put_user(retval, p); 2428 } 2429 return retval; 2430 } 2431 2432 /** 2433 * tty_tiocmset - set modem status 2434 * @tty: tty device 2435 * @cmd: command - clear bits, set bits or set all 2436 * @p: pointer to desired bits 2437 * 2438 * Set the modem status bits from the tty driver if the feature 2439 * is supported. Return -EINVAL if it is not available. 2440 * 2441 * Locking: none (up to the driver) 2442 */ 2443 2444 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2445 unsigned __user *p) 2446 { 2447 int retval; 2448 unsigned int set, clear, val; 2449 2450 if (tty->ops->tiocmset == NULL) 2451 return -EINVAL; 2452 2453 retval = get_user(val, p); 2454 if (retval) 2455 return retval; 2456 set = clear = 0; 2457 switch (cmd) { 2458 case TIOCMBIS: 2459 set = val; 2460 break; 2461 case TIOCMBIC: 2462 clear = val; 2463 break; 2464 case TIOCMSET: 2465 set = val; 2466 clear = ~val; 2467 break; 2468 } 2469 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2470 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2471 return tty->ops->tiocmset(tty, set, clear); 2472 } 2473 2474 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2475 { 2476 int retval = -EINVAL; 2477 struct serial_icounter_struct icount; 2478 memset(&icount, 0, sizeof(icount)); 2479 if (tty->ops->get_icount) 2480 retval = tty->ops->get_icount(tty, &icount); 2481 if (retval != 0) 2482 return retval; 2483 if (copy_to_user(arg, &icount, sizeof(icount))) 2484 return -EFAULT; 2485 return 0; 2486 } 2487 2488 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss) 2489 { 2490 static DEFINE_RATELIMIT_STATE(depr_flags, 2491 DEFAULT_RATELIMIT_INTERVAL, 2492 DEFAULT_RATELIMIT_BURST); 2493 char comm[TASK_COMM_LEN]; 2494 struct serial_struct v; 2495 int flags; 2496 2497 if (copy_from_user(&v, ss, sizeof(*ss))) 2498 return -EFAULT; 2499 2500 flags = v.flags & ASYNC_DEPRECATED; 2501 2502 if (flags && __ratelimit(&depr_flags)) 2503 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2504 __func__, get_task_comm(comm, current), flags); 2505 if (!tty->ops->set_serial) 2506 return -ENOTTY; 2507 return tty->ops->set_serial(tty, &v); 2508 } 2509 2510 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss) 2511 { 2512 struct serial_struct v; 2513 int err; 2514 2515 memset(&v, 0, sizeof(v)); 2516 if (!tty->ops->get_serial) 2517 return -ENOTTY; 2518 err = tty->ops->get_serial(tty, &v); 2519 if (!err && copy_to_user(ss, &v, sizeof(v))) 2520 err = -EFAULT; 2521 return err; 2522 } 2523 2524 /* 2525 * if pty, return the slave side (real_tty) 2526 * otherwise, return self 2527 */ 2528 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2529 { 2530 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2531 tty->driver->subtype == PTY_TYPE_MASTER) 2532 tty = tty->link; 2533 return tty; 2534 } 2535 2536 /* 2537 * Split this up, as gcc can choke on it otherwise.. 2538 */ 2539 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2540 { 2541 struct tty_struct *tty = file_tty(file); 2542 struct tty_struct *real_tty; 2543 void __user *p = (void __user *)arg; 2544 int retval; 2545 struct tty_ldisc *ld; 2546 2547 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2548 return -EINVAL; 2549 2550 real_tty = tty_pair_get_tty(tty); 2551 2552 /* 2553 * Factor out some common prep work 2554 */ 2555 switch (cmd) { 2556 case TIOCSETD: 2557 case TIOCSBRK: 2558 case TIOCCBRK: 2559 case TCSBRK: 2560 case TCSBRKP: 2561 retval = tty_check_change(tty); 2562 if (retval) 2563 return retval; 2564 if (cmd != TIOCCBRK) { 2565 tty_wait_until_sent(tty, 0); 2566 if (signal_pending(current)) 2567 return -EINTR; 2568 } 2569 break; 2570 } 2571 2572 /* 2573 * Now do the stuff. 2574 */ 2575 switch (cmd) { 2576 case TIOCSTI: 2577 return tiocsti(tty, p); 2578 case TIOCGWINSZ: 2579 return tiocgwinsz(real_tty, p); 2580 case TIOCSWINSZ: 2581 return tiocswinsz(real_tty, p); 2582 case TIOCCONS: 2583 return real_tty != tty ? -EINVAL : tioccons(file); 2584 case TIOCEXCL: 2585 set_bit(TTY_EXCLUSIVE, &tty->flags); 2586 return 0; 2587 case TIOCNXCL: 2588 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2589 return 0; 2590 case TIOCGEXCL: 2591 { 2592 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2593 return put_user(excl, (int __user *)p); 2594 } 2595 case TIOCGETD: 2596 return tiocgetd(tty, p); 2597 case TIOCSETD: 2598 return tiocsetd(tty, p); 2599 case TIOCVHANGUP: 2600 if (!capable(CAP_SYS_ADMIN)) 2601 return -EPERM; 2602 tty_vhangup(tty); 2603 return 0; 2604 case TIOCGDEV: 2605 { 2606 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2607 return put_user(ret, (unsigned int __user *)p); 2608 } 2609 /* 2610 * Break handling 2611 */ 2612 case TIOCSBRK: /* Turn break on, unconditionally */ 2613 if (tty->ops->break_ctl) 2614 return tty->ops->break_ctl(tty, -1); 2615 return 0; 2616 case TIOCCBRK: /* Turn break off, unconditionally */ 2617 if (tty->ops->break_ctl) 2618 return tty->ops->break_ctl(tty, 0); 2619 return 0; 2620 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2621 /* non-zero arg means wait for all output data 2622 * to be sent (performed above) but don't send break. 2623 * This is used by the tcdrain() termios function. 2624 */ 2625 if (!arg) 2626 return send_break(tty, 250); 2627 return 0; 2628 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2629 return send_break(tty, arg ? arg*100 : 250); 2630 2631 case TIOCMGET: 2632 return tty_tiocmget(tty, p); 2633 case TIOCMSET: 2634 case TIOCMBIC: 2635 case TIOCMBIS: 2636 return tty_tiocmset(tty, cmd, p); 2637 case TIOCGICOUNT: 2638 return tty_tiocgicount(tty, p); 2639 case TCFLSH: 2640 switch (arg) { 2641 case TCIFLUSH: 2642 case TCIOFLUSH: 2643 /* flush tty buffer and allow ldisc to process ioctl */ 2644 tty_buffer_flush(tty, NULL); 2645 break; 2646 } 2647 break; 2648 case TIOCSSERIAL: 2649 return tty_tiocsserial(tty, p); 2650 case TIOCGSERIAL: 2651 return tty_tiocgserial(tty, p); 2652 case TIOCGPTPEER: 2653 /* Special because the struct file is needed */ 2654 return ptm_open_peer(file, tty, (int)arg); 2655 default: 2656 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg); 2657 if (retval != -ENOIOCTLCMD) 2658 return retval; 2659 } 2660 if (tty->ops->ioctl) { 2661 retval = tty->ops->ioctl(tty, cmd, arg); 2662 if (retval != -ENOIOCTLCMD) 2663 return retval; 2664 } 2665 ld = tty_ldisc_ref_wait(tty); 2666 if (!ld) 2667 return hung_up_tty_ioctl(file, cmd, arg); 2668 retval = -EINVAL; 2669 if (ld->ops->ioctl) { 2670 retval = ld->ops->ioctl(tty, file, cmd, arg); 2671 if (retval == -ENOIOCTLCMD) 2672 retval = -ENOTTY; 2673 } 2674 tty_ldisc_deref(ld); 2675 return retval; 2676 } 2677 2678 #ifdef CONFIG_COMPAT 2679 2680 struct serial_struct32 { 2681 compat_int_t type; 2682 compat_int_t line; 2683 compat_uint_t port; 2684 compat_int_t irq; 2685 compat_int_t flags; 2686 compat_int_t xmit_fifo_size; 2687 compat_int_t custom_divisor; 2688 compat_int_t baud_base; 2689 unsigned short close_delay; 2690 char io_type; 2691 char reserved_char; 2692 compat_int_t hub6; 2693 unsigned short closing_wait; /* time to wait before closing */ 2694 unsigned short closing_wait2; /* no longer used... */ 2695 compat_uint_t iomem_base; 2696 unsigned short iomem_reg_shift; 2697 unsigned int port_high; 2698 /* compat_ulong_t iomap_base FIXME */ 2699 compat_int_t reserved; 2700 }; 2701 2702 static int compat_tty_tiocsserial(struct tty_struct *tty, 2703 struct serial_struct32 __user *ss) 2704 { 2705 static DEFINE_RATELIMIT_STATE(depr_flags, 2706 DEFAULT_RATELIMIT_INTERVAL, 2707 DEFAULT_RATELIMIT_BURST); 2708 char comm[TASK_COMM_LEN]; 2709 struct serial_struct32 v32; 2710 struct serial_struct v; 2711 int flags; 2712 2713 if (copy_from_user(&v32, ss, sizeof(*ss))) 2714 return -EFAULT; 2715 2716 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base)); 2717 v.iomem_base = compat_ptr(v32.iomem_base); 2718 v.iomem_reg_shift = v32.iomem_reg_shift; 2719 v.port_high = v32.port_high; 2720 v.iomap_base = 0; 2721 2722 flags = v.flags & ASYNC_DEPRECATED; 2723 2724 if (flags && __ratelimit(&depr_flags)) 2725 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2726 __func__, get_task_comm(comm, current), flags); 2727 if (!tty->ops->set_serial) 2728 return -ENOTTY; 2729 return tty->ops->set_serial(tty, &v); 2730 } 2731 2732 static int compat_tty_tiocgserial(struct tty_struct *tty, 2733 struct serial_struct32 __user *ss) 2734 { 2735 struct serial_struct32 v32; 2736 struct serial_struct v; 2737 int err; 2738 2739 memset(&v, 0, sizeof(v)); 2740 memset(&v32, 0, sizeof(v32)); 2741 2742 if (!tty->ops->get_serial) 2743 return -ENOTTY; 2744 err = tty->ops->get_serial(tty, &v); 2745 if (!err) { 2746 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base)); 2747 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ? 2748 0xfffffff : ptr_to_compat(v.iomem_base); 2749 v32.iomem_reg_shift = v.iomem_reg_shift; 2750 v32.port_high = v.port_high; 2751 if (copy_to_user(ss, &v32, sizeof(v32))) 2752 err = -EFAULT; 2753 } 2754 return err; 2755 } 2756 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2757 unsigned long arg) 2758 { 2759 struct tty_struct *tty = file_tty(file); 2760 struct tty_ldisc *ld; 2761 int retval = -ENOIOCTLCMD; 2762 2763 switch (cmd) { 2764 case TIOCOUTQ: 2765 case TIOCSTI: 2766 case TIOCGWINSZ: 2767 case TIOCSWINSZ: 2768 case TIOCGEXCL: 2769 case TIOCGETD: 2770 case TIOCSETD: 2771 case TIOCGDEV: 2772 case TIOCMGET: 2773 case TIOCMSET: 2774 case TIOCMBIC: 2775 case TIOCMBIS: 2776 case TIOCGICOUNT: 2777 case TIOCGPGRP: 2778 case TIOCSPGRP: 2779 case TIOCGSID: 2780 case TIOCSERGETLSR: 2781 case TIOCGRS485: 2782 case TIOCSRS485: 2783 #ifdef TIOCGETP 2784 case TIOCGETP: 2785 case TIOCSETP: 2786 case TIOCSETN: 2787 #endif 2788 #ifdef TIOCGETC 2789 case TIOCGETC: 2790 case TIOCSETC: 2791 #endif 2792 #ifdef TIOCGLTC 2793 case TIOCGLTC: 2794 case TIOCSLTC: 2795 #endif 2796 case TCSETSF: 2797 case TCSETSW: 2798 case TCSETS: 2799 case TCGETS: 2800 #ifdef TCGETS2 2801 case TCGETS2: 2802 case TCSETSF2: 2803 case TCSETSW2: 2804 case TCSETS2: 2805 #endif 2806 case TCGETA: 2807 case TCSETAF: 2808 case TCSETAW: 2809 case TCSETA: 2810 case TIOCGLCKTRMIOS: 2811 case TIOCSLCKTRMIOS: 2812 #ifdef TCGETX 2813 case TCGETX: 2814 case TCSETX: 2815 case TCSETXW: 2816 case TCSETXF: 2817 #endif 2818 case TIOCGSOFTCAR: 2819 case TIOCSSOFTCAR: 2820 2821 case PPPIOCGCHAN: 2822 case PPPIOCGUNIT: 2823 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 2824 case TIOCCONS: 2825 case TIOCEXCL: 2826 case TIOCNXCL: 2827 case TIOCVHANGUP: 2828 case TIOCSBRK: 2829 case TIOCCBRK: 2830 case TCSBRK: 2831 case TCSBRKP: 2832 case TCFLSH: 2833 case TIOCGPTPEER: 2834 case TIOCNOTTY: 2835 case TIOCSCTTY: 2836 case TCXONC: 2837 case TIOCMIWAIT: 2838 case TIOCSERCONFIG: 2839 return tty_ioctl(file, cmd, arg); 2840 } 2841 2842 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2843 return -EINVAL; 2844 2845 switch (cmd) { 2846 case TIOCSSERIAL: 2847 return compat_tty_tiocsserial(tty, compat_ptr(arg)); 2848 case TIOCGSERIAL: 2849 return compat_tty_tiocgserial(tty, compat_ptr(arg)); 2850 } 2851 if (tty->ops->compat_ioctl) { 2852 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2853 if (retval != -ENOIOCTLCMD) 2854 return retval; 2855 } 2856 2857 ld = tty_ldisc_ref_wait(tty); 2858 if (!ld) 2859 return hung_up_tty_compat_ioctl(file, cmd, arg); 2860 if (ld->ops->compat_ioctl) 2861 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2862 if (retval == -ENOIOCTLCMD && ld->ops->ioctl) 2863 retval = ld->ops->ioctl(tty, file, 2864 (unsigned long)compat_ptr(cmd), arg); 2865 tty_ldisc_deref(ld); 2866 2867 return retval; 2868 } 2869 #endif 2870 2871 static int this_tty(const void *t, struct file *file, unsigned fd) 2872 { 2873 if (likely(file->f_op->read != tty_read)) 2874 return 0; 2875 return file_tty(file) != t ? 0 : fd + 1; 2876 } 2877 2878 /* 2879 * This implements the "Secure Attention Key" --- the idea is to 2880 * prevent trojan horses by killing all processes associated with this 2881 * tty when the user hits the "Secure Attention Key". Required for 2882 * super-paranoid applications --- see the Orange Book for more details. 2883 * 2884 * This code could be nicer; ideally it should send a HUP, wait a few 2885 * seconds, then send a INT, and then a KILL signal. But you then 2886 * have to coordinate with the init process, since all processes associated 2887 * with the current tty must be dead before the new getty is allowed 2888 * to spawn. 2889 * 2890 * Now, if it would be correct ;-/ The current code has a nasty hole - 2891 * it doesn't catch files in flight. We may send the descriptor to ourselves 2892 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2893 * 2894 * Nasty bug: do_SAK is being called in interrupt context. This can 2895 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2896 */ 2897 void __do_SAK(struct tty_struct *tty) 2898 { 2899 #ifdef TTY_SOFT_SAK 2900 tty_hangup(tty); 2901 #else 2902 struct task_struct *g, *p; 2903 struct pid *session; 2904 int i; 2905 unsigned long flags; 2906 2907 if (!tty) 2908 return; 2909 2910 spin_lock_irqsave(&tty->ctrl_lock, flags); 2911 session = get_pid(tty->session); 2912 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2913 2914 tty_ldisc_flush(tty); 2915 2916 tty_driver_flush_buffer(tty); 2917 2918 read_lock(&tasklist_lock); 2919 /* Kill the entire session */ 2920 do_each_pid_task(session, PIDTYPE_SID, p) { 2921 tty_notice(tty, "SAK: killed process %d (%s): by session\n", 2922 task_pid_nr(p), p->comm); 2923 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2924 } while_each_pid_task(session, PIDTYPE_SID, p); 2925 2926 /* Now kill any processes that happen to have the tty open */ 2927 do_each_thread(g, p) { 2928 if (p->signal->tty == tty) { 2929 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n", 2930 task_pid_nr(p), p->comm); 2931 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2932 continue; 2933 } 2934 task_lock(p); 2935 i = iterate_fd(p->files, 0, this_tty, tty); 2936 if (i != 0) { 2937 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n", 2938 task_pid_nr(p), p->comm, i - 1); 2939 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2940 } 2941 task_unlock(p); 2942 } while_each_thread(g, p); 2943 read_unlock(&tasklist_lock); 2944 put_pid(session); 2945 #endif 2946 } 2947 2948 static void do_SAK_work(struct work_struct *work) 2949 { 2950 struct tty_struct *tty = 2951 container_of(work, struct tty_struct, SAK_work); 2952 __do_SAK(tty); 2953 } 2954 2955 /* 2956 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2957 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2958 * the values which we write to it will be identical to the values which it 2959 * already has. --akpm 2960 */ 2961 void do_SAK(struct tty_struct *tty) 2962 { 2963 if (!tty) 2964 return; 2965 schedule_work(&tty->SAK_work); 2966 } 2967 2968 EXPORT_SYMBOL(do_SAK); 2969 2970 /* Must put_device() after it's unused! */ 2971 static struct device *tty_get_device(struct tty_struct *tty) 2972 { 2973 dev_t devt = tty_devnum(tty); 2974 return class_find_device_by_devt(tty_class, devt); 2975 } 2976 2977 2978 /* 2979 * alloc_tty_struct 2980 * 2981 * This subroutine allocates and initializes a tty structure. 2982 * 2983 * Locking: none - tty in question is not exposed at this point 2984 */ 2985 2986 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 2987 { 2988 struct tty_struct *tty; 2989 2990 tty = kzalloc(sizeof(*tty), GFP_KERNEL); 2991 if (!tty) 2992 return NULL; 2993 2994 kref_init(&tty->kref); 2995 tty->magic = TTY_MAGIC; 2996 if (tty_ldisc_init(tty)) { 2997 kfree(tty); 2998 return NULL; 2999 } 3000 tty->session = NULL; 3001 tty->pgrp = NULL; 3002 mutex_init(&tty->legacy_mutex); 3003 mutex_init(&tty->throttle_mutex); 3004 init_rwsem(&tty->termios_rwsem); 3005 mutex_init(&tty->winsize_mutex); 3006 init_ldsem(&tty->ldisc_sem); 3007 init_waitqueue_head(&tty->write_wait); 3008 init_waitqueue_head(&tty->read_wait); 3009 INIT_WORK(&tty->hangup_work, do_tty_hangup); 3010 mutex_init(&tty->atomic_write_lock); 3011 spin_lock_init(&tty->ctrl_lock); 3012 spin_lock_init(&tty->flow_lock); 3013 spin_lock_init(&tty->files_lock); 3014 INIT_LIST_HEAD(&tty->tty_files); 3015 INIT_WORK(&tty->SAK_work, do_SAK_work); 3016 3017 tty->driver = driver; 3018 tty->ops = driver->ops; 3019 tty->index = idx; 3020 tty_line_name(driver, idx, tty->name); 3021 tty->dev = tty_get_device(tty); 3022 3023 return tty; 3024 } 3025 3026 /** 3027 * tty_put_char - write one character to a tty 3028 * @tty: tty 3029 * @ch: character 3030 * 3031 * Write one byte to the tty using the provided put_char method 3032 * if present. Returns the number of characters successfully output. 3033 * 3034 * Note: the specific put_char operation in the driver layer may go 3035 * away soon. Don't call it directly, use this method 3036 */ 3037 3038 int tty_put_char(struct tty_struct *tty, unsigned char ch) 3039 { 3040 if (tty->ops->put_char) 3041 return tty->ops->put_char(tty, ch); 3042 return tty->ops->write(tty, &ch, 1); 3043 } 3044 EXPORT_SYMBOL_GPL(tty_put_char); 3045 3046 struct class *tty_class; 3047 3048 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3049 unsigned int index, unsigned int count) 3050 { 3051 int err; 3052 3053 /* init here, since reused cdevs cause crashes */ 3054 driver->cdevs[index] = cdev_alloc(); 3055 if (!driver->cdevs[index]) 3056 return -ENOMEM; 3057 driver->cdevs[index]->ops = &tty_fops; 3058 driver->cdevs[index]->owner = driver->owner; 3059 err = cdev_add(driver->cdevs[index], dev, count); 3060 if (err) 3061 kobject_put(&driver->cdevs[index]->kobj); 3062 return err; 3063 } 3064 3065 /** 3066 * tty_register_device - register a tty device 3067 * @driver: the tty driver that describes the tty device 3068 * @index: the index in the tty driver for this tty device 3069 * @device: a struct device that is associated with this tty device. 3070 * This field is optional, if there is no known struct device 3071 * for this tty device it can be set to NULL safely. 3072 * 3073 * Returns a pointer to the struct device for this tty device 3074 * (or ERR_PTR(-EFOO) on error). 3075 * 3076 * This call is required to be made to register an individual tty device 3077 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3078 * that bit is not set, this function should not be called by a tty 3079 * driver. 3080 * 3081 * Locking: ?? 3082 */ 3083 3084 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3085 struct device *device) 3086 { 3087 return tty_register_device_attr(driver, index, device, NULL, NULL); 3088 } 3089 EXPORT_SYMBOL(tty_register_device); 3090 3091 static void tty_device_create_release(struct device *dev) 3092 { 3093 dev_dbg(dev, "releasing...\n"); 3094 kfree(dev); 3095 } 3096 3097 /** 3098 * tty_register_device_attr - register a tty device 3099 * @driver: the tty driver that describes the tty device 3100 * @index: the index in the tty driver for this tty device 3101 * @device: a struct device that is associated with this tty device. 3102 * This field is optional, if there is no known struct device 3103 * for this tty device it can be set to NULL safely. 3104 * @drvdata: Driver data to be set to device. 3105 * @attr_grp: Attribute group to be set on device. 3106 * 3107 * Returns a pointer to the struct device for this tty device 3108 * (or ERR_PTR(-EFOO) on error). 3109 * 3110 * This call is required to be made to register an individual tty device 3111 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3112 * that bit is not set, this function should not be called by a tty 3113 * driver. 3114 * 3115 * Locking: ?? 3116 */ 3117 struct device *tty_register_device_attr(struct tty_driver *driver, 3118 unsigned index, struct device *device, 3119 void *drvdata, 3120 const struct attribute_group **attr_grp) 3121 { 3122 char name[64]; 3123 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3124 struct ktermios *tp; 3125 struct device *dev; 3126 int retval; 3127 3128 if (index >= driver->num) { 3129 pr_err("%s: Attempt to register invalid tty line number (%d)\n", 3130 driver->name, index); 3131 return ERR_PTR(-EINVAL); 3132 } 3133 3134 if (driver->type == TTY_DRIVER_TYPE_PTY) 3135 pty_line_name(driver, index, name); 3136 else 3137 tty_line_name(driver, index, name); 3138 3139 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3140 if (!dev) 3141 return ERR_PTR(-ENOMEM); 3142 3143 dev->devt = devt; 3144 dev->class = tty_class; 3145 dev->parent = device; 3146 dev->release = tty_device_create_release; 3147 dev_set_name(dev, "%s", name); 3148 dev->groups = attr_grp; 3149 dev_set_drvdata(dev, drvdata); 3150 3151 dev_set_uevent_suppress(dev, 1); 3152 3153 retval = device_register(dev); 3154 if (retval) 3155 goto err_put; 3156 3157 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3158 /* 3159 * Free any saved termios data so that the termios state is 3160 * reset when reusing a minor number. 3161 */ 3162 tp = driver->termios[index]; 3163 if (tp) { 3164 driver->termios[index] = NULL; 3165 kfree(tp); 3166 } 3167 3168 retval = tty_cdev_add(driver, devt, index, 1); 3169 if (retval) 3170 goto err_del; 3171 } 3172 3173 dev_set_uevent_suppress(dev, 0); 3174 kobject_uevent(&dev->kobj, KOBJ_ADD); 3175 3176 return dev; 3177 3178 err_del: 3179 device_del(dev); 3180 err_put: 3181 put_device(dev); 3182 3183 return ERR_PTR(retval); 3184 } 3185 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3186 3187 /** 3188 * tty_unregister_device - unregister a tty device 3189 * @driver: the tty driver that describes the tty device 3190 * @index: the index in the tty driver for this tty device 3191 * 3192 * If a tty device is registered with a call to tty_register_device() then 3193 * this function must be called when the tty device is gone. 3194 * 3195 * Locking: ?? 3196 */ 3197 3198 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3199 { 3200 device_destroy(tty_class, 3201 MKDEV(driver->major, driver->minor_start) + index); 3202 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3203 cdev_del(driver->cdevs[index]); 3204 driver->cdevs[index] = NULL; 3205 } 3206 } 3207 EXPORT_SYMBOL(tty_unregister_device); 3208 3209 /** 3210 * __tty_alloc_driver -- allocate tty driver 3211 * @lines: count of lines this driver can handle at most 3212 * @owner: module which is responsible for this driver 3213 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3214 * 3215 * This should not be called directly, some of the provided macros should be 3216 * used instead. Use IS_ERR and friends on @retval. 3217 */ 3218 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3219 unsigned long flags) 3220 { 3221 struct tty_driver *driver; 3222 unsigned int cdevs = 1; 3223 int err; 3224 3225 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3226 return ERR_PTR(-EINVAL); 3227 3228 driver = kzalloc(sizeof(*driver), GFP_KERNEL); 3229 if (!driver) 3230 return ERR_PTR(-ENOMEM); 3231 3232 kref_init(&driver->kref); 3233 driver->magic = TTY_DRIVER_MAGIC; 3234 driver->num = lines; 3235 driver->owner = owner; 3236 driver->flags = flags; 3237 3238 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3239 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3240 GFP_KERNEL); 3241 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3242 GFP_KERNEL); 3243 if (!driver->ttys || !driver->termios) { 3244 err = -ENOMEM; 3245 goto err_free_all; 3246 } 3247 } 3248 3249 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3250 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3251 GFP_KERNEL); 3252 if (!driver->ports) { 3253 err = -ENOMEM; 3254 goto err_free_all; 3255 } 3256 cdevs = lines; 3257 } 3258 3259 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3260 if (!driver->cdevs) { 3261 err = -ENOMEM; 3262 goto err_free_all; 3263 } 3264 3265 return driver; 3266 err_free_all: 3267 kfree(driver->ports); 3268 kfree(driver->ttys); 3269 kfree(driver->termios); 3270 kfree(driver->cdevs); 3271 kfree(driver); 3272 return ERR_PTR(err); 3273 } 3274 EXPORT_SYMBOL(__tty_alloc_driver); 3275 3276 static void destruct_tty_driver(struct kref *kref) 3277 { 3278 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3279 int i; 3280 struct ktermios *tp; 3281 3282 if (driver->flags & TTY_DRIVER_INSTALLED) { 3283 for (i = 0; i < driver->num; i++) { 3284 tp = driver->termios[i]; 3285 if (tp) { 3286 driver->termios[i] = NULL; 3287 kfree(tp); 3288 } 3289 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3290 tty_unregister_device(driver, i); 3291 } 3292 proc_tty_unregister_driver(driver); 3293 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3294 cdev_del(driver->cdevs[0]); 3295 } 3296 kfree(driver->cdevs); 3297 kfree(driver->ports); 3298 kfree(driver->termios); 3299 kfree(driver->ttys); 3300 kfree(driver); 3301 } 3302 3303 void tty_driver_kref_put(struct tty_driver *driver) 3304 { 3305 kref_put(&driver->kref, destruct_tty_driver); 3306 } 3307 EXPORT_SYMBOL(tty_driver_kref_put); 3308 3309 void tty_set_operations(struct tty_driver *driver, 3310 const struct tty_operations *op) 3311 { 3312 driver->ops = op; 3313 }; 3314 EXPORT_SYMBOL(tty_set_operations); 3315 3316 void put_tty_driver(struct tty_driver *d) 3317 { 3318 tty_driver_kref_put(d); 3319 } 3320 EXPORT_SYMBOL(put_tty_driver); 3321 3322 /* 3323 * Called by a tty driver to register itself. 3324 */ 3325 int tty_register_driver(struct tty_driver *driver) 3326 { 3327 int error; 3328 int i; 3329 dev_t dev; 3330 struct device *d; 3331 3332 if (!driver->major) { 3333 error = alloc_chrdev_region(&dev, driver->minor_start, 3334 driver->num, driver->name); 3335 if (!error) { 3336 driver->major = MAJOR(dev); 3337 driver->minor_start = MINOR(dev); 3338 } 3339 } else { 3340 dev = MKDEV(driver->major, driver->minor_start); 3341 error = register_chrdev_region(dev, driver->num, driver->name); 3342 } 3343 if (error < 0) 3344 goto err; 3345 3346 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3347 error = tty_cdev_add(driver, dev, 0, driver->num); 3348 if (error) 3349 goto err_unreg_char; 3350 } 3351 3352 mutex_lock(&tty_mutex); 3353 list_add(&driver->tty_drivers, &tty_drivers); 3354 mutex_unlock(&tty_mutex); 3355 3356 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3357 for (i = 0; i < driver->num; i++) { 3358 d = tty_register_device(driver, i, NULL); 3359 if (IS_ERR(d)) { 3360 error = PTR_ERR(d); 3361 goto err_unreg_devs; 3362 } 3363 } 3364 } 3365 proc_tty_register_driver(driver); 3366 driver->flags |= TTY_DRIVER_INSTALLED; 3367 return 0; 3368 3369 err_unreg_devs: 3370 for (i--; i >= 0; i--) 3371 tty_unregister_device(driver, i); 3372 3373 mutex_lock(&tty_mutex); 3374 list_del(&driver->tty_drivers); 3375 mutex_unlock(&tty_mutex); 3376 3377 err_unreg_char: 3378 unregister_chrdev_region(dev, driver->num); 3379 err: 3380 return error; 3381 } 3382 EXPORT_SYMBOL(tty_register_driver); 3383 3384 /* 3385 * Called by a tty driver to unregister itself. 3386 */ 3387 int tty_unregister_driver(struct tty_driver *driver) 3388 { 3389 #if 0 3390 /* FIXME */ 3391 if (driver->refcount) 3392 return -EBUSY; 3393 #endif 3394 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3395 driver->num); 3396 mutex_lock(&tty_mutex); 3397 list_del(&driver->tty_drivers); 3398 mutex_unlock(&tty_mutex); 3399 return 0; 3400 } 3401 3402 EXPORT_SYMBOL(tty_unregister_driver); 3403 3404 dev_t tty_devnum(struct tty_struct *tty) 3405 { 3406 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3407 } 3408 EXPORT_SYMBOL(tty_devnum); 3409 3410 void tty_default_fops(struct file_operations *fops) 3411 { 3412 *fops = tty_fops; 3413 } 3414 3415 static char *tty_devnode(struct device *dev, umode_t *mode) 3416 { 3417 if (!mode) 3418 return NULL; 3419 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3420 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3421 *mode = 0666; 3422 return NULL; 3423 } 3424 3425 static int __init tty_class_init(void) 3426 { 3427 tty_class = class_create(THIS_MODULE, "tty"); 3428 if (IS_ERR(tty_class)) 3429 return PTR_ERR(tty_class); 3430 tty_class->devnode = tty_devnode; 3431 return 0; 3432 } 3433 3434 postcore_initcall(tty_class_init); 3435 3436 /* 3/2004 jmc: why do these devices exist? */ 3437 static struct cdev tty_cdev, console_cdev; 3438 3439 static ssize_t show_cons_active(struct device *dev, 3440 struct device_attribute *attr, char *buf) 3441 { 3442 struct console *cs[16]; 3443 int i = 0; 3444 struct console *c; 3445 ssize_t count = 0; 3446 3447 console_lock(); 3448 for_each_console(c) { 3449 if (!c->device) 3450 continue; 3451 if (!c->write) 3452 continue; 3453 if ((c->flags & CON_ENABLED) == 0) 3454 continue; 3455 cs[i++] = c; 3456 if (i >= ARRAY_SIZE(cs)) 3457 break; 3458 } 3459 while (i--) { 3460 int index = cs[i]->index; 3461 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3462 3463 /* don't resolve tty0 as some programs depend on it */ 3464 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3465 count += tty_line_name(drv, index, buf + count); 3466 else 3467 count += sprintf(buf + count, "%s%d", 3468 cs[i]->name, cs[i]->index); 3469 3470 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3471 } 3472 console_unlock(); 3473 3474 return count; 3475 } 3476 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3477 3478 static struct attribute *cons_dev_attrs[] = { 3479 &dev_attr_active.attr, 3480 NULL 3481 }; 3482 3483 ATTRIBUTE_GROUPS(cons_dev); 3484 3485 static struct device *consdev; 3486 3487 void console_sysfs_notify(void) 3488 { 3489 if (consdev) 3490 sysfs_notify(&consdev->kobj, NULL, "active"); 3491 } 3492 3493 /* 3494 * Ok, now we can initialize the rest of the tty devices and can count 3495 * on memory allocations, interrupts etc.. 3496 */ 3497 int __init tty_init(void) 3498 { 3499 tty_sysctl_init(); 3500 cdev_init(&tty_cdev, &tty_fops); 3501 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3502 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3503 panic("Couldn't register /dev/tty driver\n"); 3504 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3505 3506 cdev_init(&console_cdev, &console_fops); 3507 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3508 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3509 panic("Couldn't register /dev/console driver\n"); 3510 consdev = device_create_with_groups(tty_class, NULL, 3511 MKDEV(TTYAUX_MAJOR, 1), NULL, 3512 cons_dev_groups, "console"); 3513 if (IS_ERR(consdev)) 3514 consdev = NULL; 3515 3516 #ifdef CONFIG_VT 3517 vty_init(&console_fops); 3518 #endif 3519 return 0; 3520 } 3521 3522