1 /* 2 * Copyright (C) 1991, 1992 Linus Torvalds 3 */ 4 5 /* 6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 7 * or rs-channels. It also implements echoing, cooked mode etc. 8 * 9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 10 * 11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 12 * tty_struct and tty_queue structures. Previously there was an array 13 * of 256 tty_struct's which was statically allocated, and the 14 * tty_queue structures were allocated at boot time. Both are now 15 * dynamically allocated only when the tty is open. 16 * 17 * Also restructured routines so that there is more of a separation 18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 19 * the low-level tty routines (serial.c, pty.c, console.c). This 20 * makes for cleaner and more compact code. -TYT, 9/17/92 21 * 22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 23 * which can be dynamically activated and de-activated by the line 24 * discipline handling modules (like SLIP). 25 * 26 * NOTE: pay no attention to the line discipline code (yet); its 27 * interface is still subject to change in this version... 28 * -- TYT, 1/31/92 29 * 30 * Added functionality to the OPOST tty handling. No delays, but all 31 * other bits should be there. 32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 33 * 34 * Rewrote canonical mode and added more termios flags. 35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 36 * 37 * Reorganized FASYNC support so mouse code can share it. 38 * -- ctm@ardi.com, 9Sep95 39 * 40 * New TIOCLINUX variants added. 41 * -- mj@k332.feld.cvut.cz, 19-Nov-95 42 * 43 * Restrict vt switching via ioctl() 44 * -- grif@cs.ucr.edu, 5-Dec-95 45 * 46 * Move console and virtual terminal code to more appropriate files, 47 * implement CONFIG_VT and generalize console device interface. 48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 49 * 50 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 51 * -- Bill Hawes <whawes@star.net>, June 97 52 * 53 * Added devfs support. 54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 55 * 56 * Added support for a Unix98-style ptmx device. 57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 58 * 59 * Reduced memory usage for older ARM systems 60 * -- Russell King <rmk@arm.linux.org.uk> 61 * 62 * Move do_SAK() into process context. Less stack use in devfs functions. 63 * alloc_tty_struct() always uses kmalloc() 64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 65 */ 66 67 #include <linux/types.h> 68 #include <linux/major.h> 69 #include <linux/errno.h> 70 #include <linux/signal.h> 71 #include <linux/fcntl.h> 72 #include <linux/sched.h> 73 #include <linux/interrupt.h> 74 #include <linux/tty.h> 75 #include <linux/tty_driver.h> 76 #include <linux/tty_flip.h> 77 #include <linux/devpts_fs.h> 78 #include <linux/file.h> 79 #include <linux/fdtable.h> 80 #include <linux/console.h> 81 #include <linux/timer.h> 82 #include <linux/ctype.h> 83 #include <linux/kd.h> 84 #include <linux/mm.h> 85 #include <linux/string.h> 86 #include <linux/slab.h> 87 #include <linux/poll.h> 88 #include <linux/proc_fs.h> 89 #include <linux/init.h> 90 #include <linux/module.h> 91 #include <linux/device.h> 92 #include <linux/wait.h> 93 #include <linux/bitops.h> 94 #include <linux/delay.h> 95 #include <linux/seq_file.h> 96 #include <linux/serial.h> 97 #include <linux/ratelimit.h> 98 99 #include <linux/uaccess.h> 100 101 #include <linux/kbd_kern.h> 102 #include <linux/vt_kern.h> 103 #include <linux/selection.h> 104 105 #include <linux/kmod.h> 106 #include <linux/nsproxy.h> 107 108 #undef TTY_DEBUG_HANGUP 109 110 #define TTY_PARANOIA_CHECK 1 111 #define CHECK_TTY_COUNT 1 112 113 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 114 .c_iflag = ICRNL | IXON, 115 .c_oflag = OPOST | ONLCR, 116 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 118 ECHOCTL | ECHOKE | IEXTEN, 119 .c_cc = INIT_C_CC, 120 .c_ispeed = 38400, 121 .c_ospeed = 38400 122 }; 123 124 EXPORT_SYMBOL(tty_std_termios); 125 126 /* This list gets poked at by procfs and various bits of boot up code. This 127 could do with some rationalisation such as pulling the tty proc function 128 into this file */ 129 130 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 131 132 /* Mutex to protect creating and releasing a tty. This is shared with 133 vt.c for deeply disgusting hack reasons */ 134 DEFINE_MUTEX(tty_mutex); 135 EXPORT_SYMBOL(tty_mutex); 136 137 /* Spinlock to protect the tty->tty_files list */ 138 DEFINE_SPINLOCK(tty_files_lock); 139 140 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 141 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); 142 ssize_t redirected_tty_write(struct file *, const char __user *, 143 size_t, loff_t *); 144 static unsigned int tty_poll(struct file *, poll_table *); 145 static int tty_open(struct inode *, struct file *); 146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 147 #ifdef CONFIG_COMPAT 148 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 149 unsigned long arg); 150 #else 151 #define tty_compat_ioctl NULL 152 #endif 153 static int __tty_fasync(int fd, struct file *filp, int on); 154 static int tty_fasync(int fd, struct file *filp, int on); 155 static void release_tty(struct tty_struct *tty, int idx); 156 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty); 157 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty); 158 159 /** 160 * alloc_tty_struct - allocate a tty object 161 * 162 * Return a new empty tty structure. The data fields have not 163 * been initialized in any way but has been zeroed 164 * 165 * Locking: none 166 */ 167 168 struct tty_struct *alloc_tty_struct(void) 169 { 170 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL); 171 } 172 173 /** 174 * free_tty_struct - free a disused tty 175 * @tty: tty struct to free 176 * 177 * Free the write buffers, tty queue and tty memory itself. 178 * 179 * Locking: none. Must be called after tty is definitely unused 180 */ 181 182 void free_tty_struct(struct tty_struct *tty) 183 { 184 if (!tty) 185 return; 186 if (tty->dev) 187 put_device(tty->dev); 188 kfree(tty->write_buf); 189 tty->magic = 0xDEADDEAD; 190 kfree(tty); 191 } 192 193 static inline struct tty_struct *file_tty(struct file *file) 194 { 195 return ((struct tty_file_private *)file->private_data)->tty; 196 } 197 198 int tty_alloc_file(struct file *file) 199 { 200 struct tty_file_private *priv; 201 202 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 203 if (!priv) 204 return -ENOMEM; 205 206 file->private_data = priv; 207 208 return 0; 209 } 210 211 /* Associate a new file with the tty structure */ 212 void tty_add_file(struct tty_struct *tty, struct file *file) 213 { 214 struct tty_file_private *priv = file->private_data; 215 216 priv->tty = tty; 217 priv->file = file; 218 219 spin_lock(&tty_files_lock); 220 list_add(&priv->list, &tty->tty_files); 221 spin_unlock(&tty_files_lock); 222 } 223 224 /** 225 * tty_free_file - free file->private_data 226 * 227 * This shall be used only for fail path handling when tty_add_file was not 228 * called yet. 229 */ 230 void tty_free_file(struct file *file) 231 { 232 struct tty_file_private *priv = file->private_data; 233 234 file->private_data = NULL; 235 kfree(priv); 236 } 237 238 /* Delete file from its tty */ 239 static void tty_del_file(struct file *file) 240 { 241 struct tty_file_private *priv = file->private_data; 242 243 spin_lock(&tty_files_lock); 244 list_del(&priv->list); 245 spin_unlock(&tty_files_lock); 246 tty_free_file(file); 247 } 248 249 250 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base) 251 252 /** 253 * tty_name - return tty naming 254 * @tty: tty structure 255 * @buf: buffer for output 256 * 257 * Convert a tty structure into a name. The name reflects the kernel 258 * naming policy and if udev is in use may not reflect user space 259 * 260 * Locking: none 261 */ 262 263 char *tty_name(struct tty_struct *tty, char *buf) 264 { 265 if (!tty) /* Hmm. NULL pointer. That's fun. */ 266 strcpy(buf, "NULL tty"); 267 else 268 strcpy(buf, tty->name); 269 return buf; 270 } 271 272 EXPORT_SYMBOL(tty_name); 273 274 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 275 const char *routine) 276 { 277 #ifdef TTY_PARANOIA_CHECK 278 if (!tty) { 279 printk(KERN_WARNING 280 "null TTY for (%d:%d) in %s\n", 281 imajor(inode), iminor(inode), routine); 282 return 1; 283 } 284 if (tty->magic != TTY_MAGIC) { 285 printk(KERN_WARNING 286 "bad magic number for tty struct (%d:%d) in %s\n", 287 imajor(inode), iminor(inode), routine); 288 return 1; 289 } 290 #endif 291 return 0; 292 } 293 294 static int check_tty_count(struct tty_struct *tty, const char *routine) 295 { 296 #ifdef CHECK_TTY_COUNT 297 struct list_head *p; 298 int count = 0; 299 300 spin_lock(&tty_files_lock); 301 list_for_each(p, &tty->tty_files) { 302 count++; 303 } 304 spin_unlock(&tty_files_lock); 305 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 306 tty->driver->subtype == PTY_TYPE_SLAVE && 307 tty->link && tty->link->count) 308 count++; 309 if (tty->count != count) { 310 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) " 311 "!= #fd's(%d) in %s\n", 312 tty->name, tty->count, count, routine); 313 return count; 314 } 315 #endif 316 return 0; 317 } 318 319 /** 320 * get_tty_driver - find device of a tty 321 * @dev_t: device identifier 322 * @index: returns the index of the tty 323 * 324 * This routine returns a tty driver structure, given a device number 325 * and also passes back the index number. 326 * 327 * Locking: caller must hold tty_mutex 328 */ 329 330 static struct tty_driver *get_tty_driver(dev_t device, int *index) 331 { 332 struct tty_driver *p; 333 334 list_for_each_entry(p, &tty_drivers, tty_drivers) { 335 dev_t base = MKDEV(p->major, p->minor_start); 336 if (device < base || device >= base + p->num) 337 continue; 338 *index = device - base; 339 return tty_driver_kref_get(p); 340 } 341 return NULL; 342 } 343 344 #ifdef CONFIG_CONSOLE_POLL 345 346 /** 347 * tty_find_polling_driver - find device of a polled tty 348 * @name: name string to match 349 * @line: pointer to resulting tty line nr 350 * 351 * This routine returns a tty driver structure, given a name 352 * and the condition that the tty driver is capable of polled 353 * operation. 354 */ 355 struct tty_driver *tty_find_polling_driver(char *name, int *line) 356 { 357 struct tty_driver *p, *res = NULL; 358 int tty_line = 0; 359 int len; 360 char *str, *stp; 361 362 for (str = name; *str; str++) 363 if ((*str >= '0' && *str <= '9') || *str == ',') 364 break; 365 if (!*str) 366 return NULL; 367 368 len = str - name; 369 tty_line = simple_strtoul(str, &str, 10); 370 371 mutex_lock(&tty_mutex); 372 /* Search through the tty devices to look for a match */ 373 list_for_each_entry(p, &tty_drivers, tty_drivers) { 374 if (strncmp(name, p->name, len) != 0) 375 continue; 376 stp = str; 377 if (*stp == ',') 378 stp++; 379 if (*stp == '\0') 380 stp = NULL; 381 382 if (tty_line >= 0 && tty_line < p->num && p->ops && 383 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 384 res = tty_driver_kref_get(p); 385 *line = tty_line; 386 break; 387 } 388 } 389 mutex_unlock(&tty_mutex); 390 391 return res; 392 } 393 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 394 #endif 395 396 /** 397 * tty_check_change - check for POSIX terminal changes 398 * @tty: tty to check 399 * 400 * If we try to write to, or set the state of, a terminal and we're 401 * not in the foreground, send a SIGTTOU. If the signal is blocked or 402 * ignored, go ahead and perform the operation. (POSIX 7.2) 403 * 404 * Locking: ctrl_lock 405 */ 406 407 int tty_check_change(struct tty_struct *tty) 408 { 409 unsigned long flags; 410 int ret = 0; 411 412 if (current->signal->tty != tty) 413 return 0; 414 415 spin_lock_irqsave(&tty->ctrl_lock, flags); 416 417 if (!tty->pgrp) { 418 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n"); 419 goto out_unlock; 420 } 421 if (task_pgrp(current) == tty->pgrp) 422 goto out_unlock; 423 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 424 if (is_ignored(SIGTTOU)) 425 goto out; 426 if (is_current_pgrp_orphaned()) { 427 ret = -EIO; 428 goto out; 429 } 430 kill_pgrp(task_pgrp(current), SIGTTOU, 1); 431 set_thread_flag(TIF_SIGPENDING); 432 ret = -ERESTARTSYS; 433 out: 434 return ret; 435 out_unlock: 436 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 437 return ret; 438 } 439 440 EXPORT_SYMBOL(tty_check_change); 441 442 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 443 size_t count, loff_t *ppos) 444 { 445 return 0; 446 } 447 448 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 449 size_t count, loff_t *ppos) 450 { 451 return -EIO; 452 } 453 454 /* No kernel lock held - none needed ;) */ 455 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait) 456 { 457 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM; 458 } 459 460 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 461 unsigned long arg) 462 { 463 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 464 } 465 466 static long hung_up_tty_compat_ioctl(struct file *file, 467 unsigned int cmd, unsigned long arg) 468 { 469 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 470 } 471 472 static const struct file_operations tty_fops = { 473 .llseek = no_llseek, 474 .read = tty_read, 475 .write = tty_write, 476 .poll = tty_poll, 477 .unlocked_ioctl = tty_ioctl, 478 .compat_ioctl = tty_compat_ioctl, 479 .open = tty_open, 480 .release = tty_release, 481 .fasync = tty_fasync, 482 }; 483 484 static const struct file_operations console_fops = { 485 .llseek = no_llseek, 486 .read = tty_read, 487 .write = redirected_tty_write, 488 .poll = tty_poll, 489 .unlocked_ioctl = tty_ioctl, 490 .compat_ioctl = tty_compat_ioctl, 491 .open = tty_open, 492 .release = tty_release, 493 .fasync = tty_fasync, 494 }; 495 496 static const struct file_operations hung_up_tty_fops = { 497 .llseek = no_llseek, 498 .read = hung_up_tty_read, 499 .write = hung_up_tty_write, 500 .poll = hung_up_tty_poll, 501 .unlocked_ioctl = hung_up_tty_ioctl, 502 .compat_ioctl = hung_up_tty_compat_ioctl, 503 .release = tty_release, 504 }; 505 506 static DEFINE_SPINLOCK(redirect_lock); 507 static struct file *redirect; 508 509 /** 510 * tty_wakeup - request more data 511 * @tty: terminal 512 * 513 * Internal and external helper for wakeups of tty. This function 514 * informs the line discipline if present that the driver is ready 515 * to receive more output data. 516 */ 517 518 void tty_wakeup(struct tty_struct *tty) 519 { 520 struct tty_ldisc *ld; 521 522 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 523 ld = tty_ldisc_ref(tty); 524 if (ld) { 525 if (ld->ops->write_wakeup) 526 ld->ops->write_wakeup(tty); 527 tty_ldisc_deref(ld); 528 } 529 } 530 wake_up_interruptible_poll(&tty->write_wait, POLLOUT); 531 } 532 533 EXPORT_SYMBOL_GPL(tty_wakeup); 534 535 /** 536 * __tty_hangup - actual handler for hangup events 537 * @work: tty device 538 * 539 * This can be called by a "kworker" kernel thread. That is process 540 * synchronous but doesn't hold any locks, so we need to make sure we 541 * have the appropriate locks for what we're doing. 542 * 543 * The hangup event clears any pending redirections onto the hung up 544 * device. It ensures future writes will error and it does the needed 545 * line discipline hangup and signal delivery. The tty object itself 546 * remains intact. 547 * 548 * Locking: 549 * BTM 550 * redirect lock for undoing redirection 551 * file list lock for manipulating list of ttys 552 * tty_ldisc_lock from called functions 553 * termios_mutex resetting termios data 554 * tasklist_lock to walk task list for hangup event 555 * ->siglock to protect ->signal/->sighand 556 */ 557 static void __tty_hangup(struct tty_struct *tty) 558 { 559 struct file *cons_filp = NULL; 560 struct file *filp, *f = NULL; 561 struct task_struct *p; 562 struct tty_file_private *priv; 563 int closecount = 0, n; 564 unsigned long flags; 565 int refs = 0; 566 567 if (!tty) 568 return; 569 570 571 spin_lock(&redirect_lock); 572 if (redirect && file_tty(redirect) == tty) { 573 f = redirect; 574 redirect = NULL; 575 } 576 spin_unlock(&redirect_lock); 577 578 tty_lock(tty); 579 580 /* some functions below drop BTM, so we need this bit */ 581 set_bit(TTY_HUPPING, &tty->flags); 582 583 /* inuse_filps is protected by the single tty lock, 584 this really needs to change if we want to flush the 585 workqueue with the lock held */ 586 check_tty_count(tty, "tty_hangup"); 587 588 spin_lock(&tty_files_lock); 589 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 590 list_for_each_entry(priv, &tty->tty_files, list) { 591 filp = priv->file; 592 if (filp->f_op->write == redirected_tty_write) 593 cons_filp = filp; 594 if (filp->f_op->write != tty_write) 595 continue; 596 closecount++; 597 __tty_fasync(-1, filp, 0); /* can't block */ 598 filp->f_op = &hung_up_tty_fops; 599 } 600 spin_unlock(&tty_files_lock); 601 602 /* 603 * it drops BTM and thus races with reopen 604 * we protect the race by TTY_HUPPING 605 */ 606 tty_ldisc_hangup(tty); 607 608 read_lock(&tasklist_lock); 609 if (tty->session) { 610 do_each_pid_task(tty->session, PIDTYPE_SID, p) { 611 spin_lock_irq(&p->sighand->siglock); 612 if (p->signal->tty == tty) { 613 p->signal->tty = NULL; 614 /* We defer the dereferences outside fo 615 the tasklist lock */ 616 refs++; 617 } 618 if (!p->signal->leader) { 619 spin_unlock_irq(&p->sighand->siglock); 620 continue; 621 } 622 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p); 623 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p); 624 put_pid(p->signal->tty_old_pgrp); /* A noop */ 625 spin_lock_irqsave(&tty->ctrl_lock, flags); 626 if (tty->pgrp) 627 p->signal->tty_old_pgrp = get_pid(tty->pgrp); 628 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 629 spin_unlock_irq(&p->sighand->siglock); 630 } while_each_pid_task(tty->session, PIDTYPE_SID, p); 631 } 632 read_unlock(&tasklist_lock); 633 634 spin_lock_irqsave(&tty->ctrl_lock, flags); 635 clear_bit(TTY_THROTTLED, &tty->flags); 636 clear_bit(TTY_PUSH, &tty->flags); 637 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 638 put_pid(tty->session); 639 put_pid(tty->pgrp); 640 tty->session = NULL; 641 tty->pgrp = NULL; 642 tty->ctrl_status = 0; 643 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 644 645 /* Account for the p->signal references we killed */ 646 while (refs--) 647 tty_kref_put(tty); 648 649 /* 650 * If one of the devices matches a console pointer, we 651 * cannot just call hangup() because that will cause 652 * tty->count and state->count to go out of sync. 653 * So we just call close() the right number of times. 654 */ 655 if (cons_filp) { 656 if (tty->ops->close) 657 for (n = 0; n < closecount; n++) 658 tty->ops->close(tty, cons_filp); 659 } else if (tty->ops->hangup) 660 (tty->ops->hangup)(tty); 661 /* 662 * We don't want to have driver/ldisc interactions beyond 663 * the ones we did here. The driver layer expects no 664 * calls after ->hangup() from the ldisc side. However we 665 * can't yet guarantee all that. 666 */ 667 set_bit(TTY_HUPPED, &tty->flags); 668 clear_bit(TTY_HUPPING, &tty->flags); 669 tty_ldisc_enable(tty); 670 671 tty_unlock(tty); 672 673 if (f) 674 fput(f); 675 } 676 677 static void do_tty_hangup(struct work_struct *work) 678 { 679 struct tty_struct *tty = 680 container_of(work, struct tty_struct, hangup_work); 681 682 __tty_hangup(tty); 683 } 684 685 /** 686 * tty_hangup - trigger a hangup event 687 * @tty: tty to hangup 688 * 689 * A carrier loss (virtual or otherwise) has occurred on this like 690 * schedule a hangup sequence to run after this event. 691 */ 692 693 void tty_hangup(struct tty_struct *tty) 694 { 695 #ifdef TTY_DEBUG_HANGUP 696 char buf[64]; 697 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf)); 698 #endif 699 schedule_work(&tty->hangup_work); 700 } 701 702 EXPORT_SYMBOL(tty_hangup); 703 704 /** 705 * tty_vhangup - process vhangup 706 * @tty: tty to hangup 707 * 708 * The user has asked via system call for the terminal to be hung up. 709 * We do this synchronously so that when the syscall returns the process 710 * is complete. That guarantee is necessary for security reasons. 711 */ 712 713 void tty_vhangup(struct tty_struct *tty) 714 { 715 #ifdef TTY_DEBUG_HANGUP 716 char buf[64]; 717 718 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf)); 719 #endif 720 __tty_hangup(tty); 721 } 722 723 EXPORT_SYMBOL(tty_vhangup); 724 725 726 /** 727 * tty_vhangup_self - process vhangup for own ctty 728 * 729 * Perform a vhangup on the current controlling tty 730 */ 731 732 void tty_vhangup_self(void) 733 { 734 struct tty_struct *tty; 735 736 tty = get_current_tty(); 737 if (tty) { 738 tty_vhangup(tty); 739 tty_kref_put(tty); 740 } 741 } 742 743 /** 744 * tty_hung_up_p - was tty hung up 745 * @filp: file pointer of tty 746 * 747 * Return true if the tty has been subject to a vhangup or a carrier 748 * loss 749 */ 750 751 int tty_hung_up_p(struct file *filp) 752 { 753 return (filp->f_op == &hung_up_tty_fops); 754 } 755 756 EXPORT_SYMBOL(tty_hung_up_p); 757 758 static void session_clear_tty(struct pid *session) 759 { 760 struct task_struct *p; 761 do_each_pid_task(session, PIDTYPE_SID, p) { 762 proc_clear_tty(p); 763 } while_each_pid_task(session, PIDTYPE_SID, p); 764 } 765 766 /** 767 * disassociate_ctty - disconnect controlling tty 768 * @on_exit: true if exiting so need to "hang up" the session 769 * 770 * This function is typically called only by the session leader, when 771 * it wants to disassociate itself from its controlling tty. 772 * 773 * It performs the following functions: 774 * (1) Sends a SIGHUP and SIGCONT to the foreground process group 775 * (2) Clears the tty from being controlling the session 776 * (3) Clears the controlling tty for all processes in the 777 * session group. 778 * 779 * The argument on_exit is set to 1 if called when a process is 780 * exiting; it is 0 if called by the ioctl TIOCNOTTY. 781 * 782 * Locking: 783 * BTM is taken for hysterical raisins, and held when 784 * called from no_tty(). 785 * tty_mutex is taken to protect tty 786 * ->siglock is taken to protect ->signal/->sighand 787 * tasklist_lock is taken to walk process list for sessions 788 * ->siglock is taken to protect ->signal/->sighand 789 */ 790 791 void disassociate_ctty(int on_exit) 792 { 793 struct tty_struct *tty; 794 795 if (!current->signal->leader) 796 return; 797 798 tty = get_current_tty(); 799 if (tty) { 800 struct pid *tty_pgrp = get_pid(tty->pgrp); 801 if (on_exit) { 802 if (tty->driver->type != TTY_DRIVER_TYPE_PTY) 803 tty_vhangup(tty); 804 } 805 tty_kref_put(tty); 806 if (tty_pgrp) { 807 kill_pgrp(tty_pgrp, SIGHUP, on_exit); 808 if (!on_exit) 809 kill_pgrp(tty_pgrp, SIGCONT, on_exit); 810 put_pid(tty_pgrp); 811 } 812 } else if (on_exit) { 813 struct pid *old_pgrp; 814 spin_lock_irq(¤t->sighand->siglock); 815 old_pgrp = current->signal->tty_old_pgrp; 816 current->signal->tty_old_pgrp = NULL; 817 spin_unlock_irq(¤t->sighand->siglock); 818 if (old_pgrp) { 819 kill_pgrp(old_pgrp, SIGHUP, on_exit); 820 kill_pgrp(old_pgrp, SIGCONT, on_exit); 821 put_pid(old_pgrp); 822 } 823 return; 824 } 825 826 spin_lock_irq(¤t->sighand->siglock); 827 put_pid(current->signal->tty_old_pgrp); 828 current->signal->tty_old_pgrp = NULL; 829 spin_unlock_irq(¤t->sighand->siglock); 830 831 tty = get_current_tty(); 832 if (tty) { 833 unsigned long flags; 834 spin_lock_irqsave(&tty->ctrl_lock, flags); 835 put_pid(tty->session); 836 put_pid(tty->pgrp); 837 tty->session = NULL; 838 tty->pgrp = NULL; 839 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 840 tty_kref_put(tty); 841 } else { 842 #ifdef TTY_DEBUG_HANGUP 843 printk(KERN_DEBUG "error attempted to write to tty [0x%p]" 844 " = NULL", tty); 845 #endif 846 } 847 848 /* Now clear signal->tty under the lock */ 849 read_lock(&tasklist_lock); 850 session_clear_tty(task_session(current)); 851 read_unlock(&tasklist_lock); 852 } 853 854 /** 855 * 856 * no_tty - Ensure the current process does not have a controlling tty 857 */ 858 void no_tty(void) 859 { 860 /* FIXME: Review locking here. The tty_lock never covered any race 861 between a new association and proc_clear_tty but possible we need 862 to protect against this anyway */ 863 struct task_struct *tsk = current; 864 disassociate_ctty(0); 865 proc_clear_tty(tsk); 866 } 867 868 869 /** 870 * stop_tty - propagate flow control 871 * @tty: tty to stop 872 * 873 * Perform flow control to the driver. For PTY/TTY pairs we 874 * must also propagate the TIOCKPKT status. May be called 875 * on an already stopped device and will not re-call the driver 876 * method. 877 * 878 * This functionality is used by both the line disciplines for 879 * halting incoming flow and by the driver. It may therefore be 880 * called from any context, may be under the tty atomic_write_lock 881 * but not always. 882 * 883 * Locking: 884 * Uses the tty control lock internally 885 */ 886 887 void stop_tty(struct tty_struct *tty) 888 { 889 unsigned long flags; 890 spin_lock_irqsave(&tty->ctrl_lock, flags); 891 if (tty->stopped) { 892 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 893 return; 894 } 895 tty->stopped = 1; 896 if (tty->link && tty->link->packet) { 897 tty->ctrl_status &= ~TIOCPKT_START; 898 tty->ctrl_status |= TIOCPKT_STOP; 899 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN); 900 } 901 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 902 if (tty->ops->stop) 903 (tty->ops->stop)(tty); 904 } 905 906 EXPORT_SYMBOL(stop_tty); 907 908 /** 909 * start_tty - propagate flow control 910 * @tty: tty to start 911 * 912 * Start a tty that has been stopped if at all possible. Perform 913 * any necessary wakeups and propagate the TIOCPKT status. If this 914 * is the tty was previous stopped and is being started then the 915 * driver start method is invoked and the line discipline woken. 916 * 917 * Locking: 918 * ctrl_lock 919 */ 920 921 void start_tty(struct tty_struct *tty) 922 { 923 unsigned long flags; 924 spin_lock_irqsave(&tty->ctrl_lock, flags); 925 if (!tty->stopped || tty->flow_stopped) { 926 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 927 return; 928 } 929 tty->stopped = 0; 930 if (tty->link && tty->link->packet) { 931 tty->ctrl_status &= ~TIOCPKT_STOP; 932 tty->ctrl_status |= TIOCPKT_START; 933 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN); 934 } 935 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 936 if (tty->ops->start) 937 (tty->ops->start)(tty); 938 /* If we have a running line discipline it may need kicking */ 939 tty_wakeup(tty); 940 } 941 942 EXPORT_SYMBOL(start_tty); 943 944 static void tty_update_time(struct timespec *time) 945 { 946 unsigned long sec = get_seconds(); 947 sec -= sec % 60; 948 if ((long)(sec - time->tv_sec) > 0) 949 time->tv_sec = sec; 950 } 951 952 /** 953 * tty_read - read method for tty device files 954 * @file: pointer to tty file 955 * @buf: user buffer 956 * @count: size of user buffer 957 * @ppos: unused 958 * 959 * Perform the read system call function on this terminal device. Checks 960 * for hung up devices before calling the line discipline method. 961 * 962 * Locking: 963 * Locks the line discipline internally while needed. Multiple 964 * read calls may be outstanding in parallel. 965 */ 966 967 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 968 loff_t *ppos) 969 { 970 int i; 971 struct inode *inode = file_inode(file); 972 struct tty_struct *tty = file_tty(file); 973 struct tty_ldisc *ld; 974 975 if (tty_paranoia_check(tty, inode, "tty_read")) 976 return -EIO; 977 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags))) 978 return -EIO; 979 980 /* We want to wait for the line discipline to sort out in this 981 situation */ 982 ld = tty_ldisc_ref_wait(tty); 983 if (ld->ops->read) 984 i = (ld->ops->read)(tty, file, buf, count); 985 else 986 i = -EIO; 987 tty_ldisc_deref(ld); 988 989 if (i > 0) 990 tty_update_time(&inode->i_atime); 991 992 return i; 993 } 994 995 void tty_write_unlock(struct tty_struct *tty) 996 __releases(&tty->atomic_write_lock) 997 { 998 mutex_unlock(&tty->atomic_write_lock); 999 wake_up_interruptible_poll(&tty->write_wait, POLLOUT); 1000 } 1001 1002 int tty_write_lock(struct tty_struct *tty, int ndelay) 1003 __acquires(&tty->atomic_write_lock) 1004 { 1005 if (!mutex_trylock(&tty->atomic_write_lock)) { 1006 if (ndelay) 1007 return -EAGAIN; 1008 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 1009 return -ERESTARTSYS; 1010 } 1011 return 0; 1012 } 1013 1014 /* 1015 * Split writes up in sane blocksizes to avoid 1016 * denial-of-service type attacks 1017 */ 1018 static inline ssize_t do_tty_write( 1019 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 1020 struct tty_struct *tty, 1021 struct file *file, 1022 const char __user *buf, 1023 size_t count) 1024 { 1025 ssize_t ret, written = 0; 1026 unsigned int chunk; 1027 1028 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 1029 if (ret < 0) 1030 return ret; 1031 1032 /* 1033 * We chunk up writes into a temporary buffer. This 1034 * simplifies low-level drivers immensely, since they 1035 * don't have locking issues and user mode accesses. 1036 * 1037 * But if TTY_NO_WRITE_SPLIT is set, we should use a 1038 * big chunk-size.. 1039 * 1040 * The default chunk-size is 2kB, because the NTTY 1041 * layer has problems with bigger chunks. It will 1042 * claim to be able to handle more characters than 1043 * it actually does. 1044 * 1045 * FIXME: This can probably go away now except that 64K chunks 1046 * are too likely to fail unless switched to vmalloc... 1047 */ 1048 chunk = 2048; 1049 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 1050 chunk = 65536; 1051 if (count < chunk) 1052 chunk = count; 1053 1054 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 1055 if (tty->write_cnt < chunk) { 1056 unsigned char *buf_chunk; 1057 1058 if (chunk < 1024) 1059 chunk = 1024; 1060 1061 buf_chunk = kmalloc(chunk, GFP_KERNEL); 1062 if (!buf_chunk) { 1063 ret = -ENOMEM; 1064 goto out; 1065 } 1066 kfree(tty->write_buf); 1067 tty->write_cnt = chunk; 1068 tty->write_buf = buf_chunk; 1069 } 1070 1071 /* Do the write .. */ 1072 for (;;) { 1073 size_t size = count; 1074 if (size > chunk) 1075 size = chunk; 1076 ret = -EFAULT; 1077 if (copy_from_user(tty->write_buf, buf, size)) 1078 break; 1079 ret = write(tty, file, tty->write_buf, size); 1080 if (ret <= 0) 1081 break; 1082 written += ret; 1083 buf += ret; 1084 count -= ret; 1085 if (!count) 1086 break; 1087 ret = -ERESTARTSYS; 1088 if (signal_pending(current)) 1089 break; 1090 cond_resched(); 1091 } 1092 if (written) { 1093 tty_update_time(&file_inode(file)->i_mtime); 1094 ret = written; 1095 } 1096 out: 1097 tty_write_unlock(tty); 1098 return ret; 1099 } 1100 1101 /** 1102 * tty_write_message - write a message to a certain tty, not just the console. 1103 * @tty: the destination tty_struct 1104 * @msg: the message to write 1105 * 1106 * This is used for messages that need to be redirected to a specific tty. 1107 * We don't put it into the syslog queue right now maybe in the future if 1108 * really needed. 1109 * 1110 * We must still hold the BTM and test the CLOSING flag for the moment. 1111 */ 1112 1113 void tty_write_message(struct tty_struct *tty, char *msg) 1114 { 1115 if (tty) { 1116 mutex_lock(&tty->atomic_write_lock); 1117 tty_lock(tty); 1118 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) { 1119 tty_unlock(tty); 1120 tty->ops->write(tty, msg, strlen(msg)); 1121 } else 1122 tty_unlock(tty); 1123 tty_write_unlock(tty); 1124 } 1125 return; 1126 } 1127 1128 1129 /** 1130 * tty_write - write method for tty device file 1131 * @file: tty file pointer 1132 * @buf: user data to write 1133 * @count: bytes to write 1134 * @ppos: unused 1135 * 1136 * Write data to a tty device via the line discipline. 1137 * 1138 * Locking: 1139 * Locks the line discipline as required 1140 * Writes to the tty driver are serialized by the atomic_write_lock 1141 * and are then processed in chunks to the device. The line discipline 1142 * write method will not be invoked in parallel for each device. 1143 */ 1144 1145 static ssize_t tty_write(struct file *file, const char __user *buf, 1146 size_t count, loff_t *ppos) 1147 { 1148 struct tty_struct *tty = file_tty(file); 1149 struct tty_ldisc *ld; 1150 ssize_t ret; 1151 1152 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1153 return -EIO; 1154 if (!tty || !tty->ops->write || 1155 (test_bit(TTY_IO_ERROR, &tty->flags))) 1156 return -EIO; 1157 /* Short term debug to catch buggy drivers */ 1158 if (tty->ops->write_room == NULL) 1159 printk(KERN_ERR "tty driver %s lacks a write_room method.\n", 1160 tty->driver->name); 1161 ld = tty_ldisc_ref_wait(tty); 1162 if (!ld->ops->write) 1163 ret = -EIO; 1164 else 1165 ret = do_tty_write(ld->ops->write, tty, file, buf, count); 1166 tty_ldisc_deref(ld); 1167 return ret; 1168 } 1169 1170 ssize_t redirected_tty_write(struct file *file, const char __user *buf, 1171 size_t count, loff_t *ppos) 1172 { 1173 struct file *p = NULL; 1174 1175 spin_lock(&redirect_lock); 1176 if (redirect) 1177 p = get_file(redirect); 1178 spin_unlock(&redirect_lock); 1179 1180 if (p) { 1181 ssize_t res; 1182 res = vfs_write(p, buf, count, &p->f_pos); 1183 fput(p); 1184 return res; 1185 } 1186 return tty_write(file, buf, count, ppos); 1187 } 1188 1189 static char ptychar[] = "pqrstuvwxyzabcde"; 1190 1191 /** 1192 * pty_line_name - generate name for a pty 1193 * @driver: the tty driver in use 1194 * @index: the minor number 1195 * @p: output buffer of at least 6 bytes 1196 * 1197 * Generate a name from a driver reference and write it to the output 1198 * buffer. 1199 * 1200 * Locking: None 1201 */ 1202 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1203 { 1204 int i = index + driver->name_base; 1205 /* ->name is initialized to "ttyp", but "tty" is expected */ 1206 sprintf(p, "%s%c%x", 1207 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1208 ptychar[i >> 4 & 0xf], i & 0xf); 1209 } 1210 1211 /** 1212 * tty_line_name - generate name for a tty 1213 * @driver: the tty driver in use 1214 * @index: the minor number 1215 * @p: output buffer of at least 7 bytes 1216 * 1217 * Generate a name from a driver reference and write it to the output 1218 * buffer. 1219 * 1220 * Locking: None 1221 */ 1222 static void tty_line_name(struct tty_driver *driver, int index, char *p) 1223 { 1224 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1225 strcpy(p, driver->name); 1226 else 1227 sprintf(p, "%s%d", driver->name, index + driver->name_base); 1228 } 1229 1230 /** 1231 * tty_driver_lookup_tty() - find an existing tty, if any 1232 * @driver: the driver for the tty 1233 * @idx: the minor number 1234 * 1235 * Return the tty, if found or ERR_PTR() otherwise. 1236 * 1237 * Locking: tty_mutex must be held. If tty is found, the mutex must 1238 * be held until the 'fast-open' is also done. Will change once we 1239 * have refcounting in the driver and per driver locking 1240 */ 1241 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1242 struct inode *inode, int idx) 1243 { 1244 if (driver->ops->lookup) 1245 return driver->ops->lookup(driver, inode, idx); 1246 1247 return driver->ttys[idx]; 1248 } 1249 1250 /** 1251 * tty_init_termios - helper for termios setup 1252 * @tty: the tty to set up 1253 * 1254 * Initialise the termios structures for this tty. Thus runs under 1255 * the tty_mutex currently so we can be relaxed about ordering. 1256 */ 1257 1258 int tty_init_termios(struct tty_struct *tty) 1259 { 1260 struct ktermios *tp; 1261 int idx = tty->index; 1262 1263 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1264 tty->termios = tty->driver->init_termios; 1265 else { 1266 /* Check for lazy saved data */ 1267 tp = tty->driver->termios[idx]; 1268 if (tp != NULL) 1269 tty->termios = *tp; 1270 else 1271 tty->termios = tty->driver->init_termios; 1272 } 1273 /* Compatibility until drivers always set this */ 1274 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1275 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1276 return 0; 1277 } 1278 EXPORT_SYMBOL_GPL(tty_init_termios); 1279 1280 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1281 { 1282 int ret = tty_init_termios(tty); 1283 if (ret) 1284 return ret; 1285 1286 tty_driver_kref_get(driver); 1287 tty->count++; 1288 driver->ttys[tty->index] = tty; 1289 return 0; 1290 } 1291 EXPORT_SYMBOL_GPL(tty_standard_install); 1292 1293 /** 1294 * tty_driver_install_tty() - install a tty entry in the driver 1295 * @driver: the driver for the tty 1296 * @tty: the tty 1297 * 1298 * Install a tty object into the driver tables. The tty->index field 1299 * will be set by the time this is called. This method is responsible 1300 * for ensuring any need additional structures are allocated and 1301 * configured. 1302 * 1303 * Locking: tty_mutex for now 1304 */ 1305 static int tty_driver_install_tty(struct tty_driver *driver, 1306 struct tty_struct *tty) 1307 { 1308 return driver->ops->install ? driver->ops->install(driver, tty) : 1309 tty_standard_install(driver, tty); 1310 } 1311 1312 /** 1313 * tty_driver_remove_tty() - remove a tty from the driver tables 1314 * @driver: the driver for the tty 1315 * @idx: the minor number 1316 * 1317 * Remvoe a tty object from the driver tables. The tty->index field 1318 * will be set by the time this is called. 1319 * 1320 * Locking: tty_mutex for now 1321 */ 1322 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1323 { 1324 if (driver->ops->remove) 1325 driver->ops->remove(driver, tty); 1326 else 1327 driver->ttys[tty->index] = NULL; 1328 } 1329 1330 /* 1331 * tty_reopen() - fast re-open of an open tty 1332 * @tty - the tty to open 1333 * 1334 * Return 0 on success, -errno on error. 1335 * 1336 * Locking: tty_mutex must be held from the time the tty was found 1337 * till this open completes. 1338 */ 1339 static int tty_reopen(struct tty_struct *tty) 1340 { 1341 struct tty_driver *driver = tty->driver; 1342 1343 if (test_bit(TTY_CLOSING, &tty->flags) || 1344 test_bit(TTY_HUPPING, &tty->flags) || 1345 test_bit(TTY_LDISC_CHANGING, &tty->flags)) 1346 return -EIO; 1347 1348 if (driver->type == TTY_DRIVER_TYPE_PTY && 1349 driver->subtype == PTY_TYPE_MASTER) { 1350 /* 1351 * special case for PTY masters: only one open permitted, 1352 * and the slave side open count is incremented as well. 1353 */ 1354 if (tty->count) 1355 return -EIO; 1356 1357 tty->link->count++; 1358 } 1359 tty->count++; 1360 1361 mutex_lock(&tty->ldisc_mutex); 1362 WARN_ON(!test_bit(TTY_LDISC, &tty->flags)); 1363 mutex_unlock(&tty->ldisc_mutex); 1364 1365 return 0; 1366 } 1367 1368 /** 1369 * tty_init_dev - initialise a tty device 1370 * @driver: tty driver we are opening a device on 1371 * @idx: device index 1372 * @ret_tty: returned tty structure 1373 * 1374 * Prepare a tty device. This may not be a "new" clean device but 1375 * could also be an active device. The pty drivers require special 1376 * handling because of this. 1377 * 1378 * Locking: 1379 * The function is called under the tty_mutex, which 1380 * protects us from the tty struct or driver itself going away. 1381 * 1382 * On exit the tty device has the line discipline attached and 1383 * a reference count of 1. If a pair was created for pty/tty use 1384 * and the other was a pty master then it too has a reference count of 1. 1385 * 1386 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1387 * failed open. The new code protects the open with a mutex, so it's 1388 * really quite straightforward. The mutex locking can probably be 1389 * relaxed for the (most common) case of reopening a tty. 1390 */ 1391 1392 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1393 { 1394 struct tty_struct *tty; 1395 int retval; 1396 1397 /* 1398 * First time open is complex, especially for PTY devices. 1399 * This code guarantees that either everything succeeds and the 1400 * TTY is ready for operation, or else the table slots are vacated 1401 * and the allocated memory released. (Except that the termios 1402 * and locked termios may be retained.) 1403 */ 1404 1405 if (!try_module_get(driver->owner)) 1406 return ERR_PTR(-ENODEV); 1407 1408 tty = alloc_tty_struct(); 1409 if (!tty) { 1410 retval = -ENOMEM; 1411 goto err_module_put; 1412 } 1413 initialize_tty_struct(tty, driver, idx); 1414 1415 tty_lock(tty); 1416 retval = tty_driver_install_tty(driver, tty); 1417 if (retval < 0) 1418 goto err_deinit_tty; 1419 1420 if (!tty->port) 1421 tty->port = driver->ports[idx]; 1422 1423 WARN_RATELIMIT(!tty->port, 1424 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", 1425 __func__, tty->driver->name); 1426 1427 tty->port->itty = tty; 1428 1429 /* 1430 * Structures all installed ... call the ldisc open routines. 1431 * If we fail here just call release_tty to clean up. No need 1432 * to decrement the use counts, as release_tty doesn't care. 1433 */ 1434 retval = tty_ldisc_setup(tty, tty->link); 1435 if (retval) 1436 goto err_release_tty; 1437 /* Return the tty locked so that it cannot vanish under the caller */ 1438 return tty; 1439 1440 err_deinit_tty: 1441 tty_unlock(tty); 1442 deinitialize_tty_struct(tty); 1443 free_tty_struct(tty); 1444 err_module_put: 1445 module_put(driver->owner); 1446 return ERR_PTR(retval); 1447 1448 /* call the tty release_tty routine to clean out this slot */ 1449 err_release_tty: 1450 tty_unlock(tty); 1451 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, " 1452 "clearing slot %d\n", idx); 1453 release_tty(tty, idx); 1454 return ERR_PTR(retval); 1455 } 1456 1457 void tty_free_termios(struct tty_struct *tty) 1458 { 1459 struct ktermios *tp; 1460 int idx = tty->index; 1461 1462 /* If the port is going to reset then it has no termios to save */ 1463 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1464 return; 1465 1466 /* Stash the termios data */ 1467 tp = tty->driver->termios[idx]; 1468 if (tp == NULL) { 1469 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL); 1470 if (tp == NULL) { 1471 pr_warn("tty: no memory to save termios state.\n"); 1472 return; 1473 } 1474 tty->driver->termios[idx] = tp; 1475 } 1476 *tp = tty->termios; 1477 } 1478 EXPORT_SYMBOL(tty_free_termios); 1479 1480 1481 /** 1482 * release_one_tty - release tty structure memory 1483 * @kref: kref of tty we are obliterating 1484 * 1485 * Releases memory associated with a tty structure, and clears out the 1486 * driver table slots. This function is called when a device is no longer 1487 * in use. It also gets called when setup of a device fails. 1488 * 1489 * Locking: 1490 * takes the file list lock internally when working on the list 1491 * of ttys that the driver keeps. 1492 * 1493 * This method gets called from a work queue so that the driver private 1494 * cleanup ops can sleep (needed for USB at least) 1495 */ 1496 static void release_one_tty(struct work_struct *work) 1497 { 1498 struct tty_struct *tty = 1499 container_of(work, struct tty_struct, hangup_work); 1500 struct tty_driver *driver = tty->driver; 1501 1502 if (tty->ops->cleanup) 1503 tty->ops->cleanup(tty); 1504 1505 tty->magic = 0; 1506 tty_driver_kref_put(driver); 1507 module_put(driver->owner); 1508 1509 spin_lock(&tty_files_lock); 1510 list_del_init(&tty->tty_files); 1511 spin_unlock(&tty_files_lock); 1512 1513 put_pid(tty->pgrp); 1514 put_pid(tty->session); 1515 free_tty_struct(tty); 1516 } 1517 1518 static void queue_release_one_tty(struct kref *kref) 1519 { 1520 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1521 1522 /* The hangup queue is now free so we can reuse it rather than 1523 waste a chunk of memory for each port */ 1524 INIT_WORK(&tty->hangup_work, release_one_tty); 1525 schedule_work(&tty->hangup_work); 1526 } 1527 1528 /** 1529 * tty_kref_put - release a tty kref 1530 * @tty: tty device 1531 * 1532 * Release a reference to a tty device and if need be let the kref 1533 * layer destruct the object for us 1534 */ 1535 1536 void tty_kref_put(struct tty_struct *tty) 1537 { 1538 if (tty) 1539 kref_put(&tty->kref, queue_release_one_tty); 1540 } 1541 EXPORT_SYMBOL(tty_kref_put); 1542 1543 /** 1544 * release_tty - release tty structure memory 1545 * 1546 * Release both @tty and a possible linked partner (think pty pair), 1547 * and decrement the refcount of the backing module. 1548 * 1549 * Locking: 1550 * tty_mutex 1551 * takes the file list lock internally when working on the list 1552 * of ttys that the driver keeps. 1553 * 1554 */ 1555 static void release_tty(struct tty_struct *tty, int idx) 1556 { 1557 /* This should always be true but check for the moment */ 1558 WARN_ON(tty->index != idx); 1559 WARN_ON(!mutex_is_locked(&tty_mutex)); 1560 if (tty->ops->shutdown) 1561 tty->ops->shutdown(tty); 1562 tty_free_termios(tty); 1563 tty_driver_remove_tty(tty->driver, tty); 1564 tty->port->itty = NULL; 1565 1566 if (tty->link) 1567 tty_kref_put(tty->link); 1568 tty_kref_put(tty); 1569 } 1570 1571 /** 1572 * tty_release_checks - check a tty before real release 1573 * @tty: tty to check 1574 * @o_tty: link of @tty (if any) 1575 * @idx: index of the tty 1576 * 1577 * Performs some paranoid checking before true release of the @tty. 1578 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1579 */ 1580 static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty, 1581 int idx) 1582 { 1583 #ifdef TTY_PARANOIA_CHECK 1584 if (idx < 0 || idx >= tty->driver->num) { 1585 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n", 1586 __func__, tty->name); 1587 return -1; 1588 } 1589 1590 /* not much to check for devpts */ 1591 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1592 return 0; 1593 1594 if (tty != tty->driver->ttys[idx]) { 1595 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n", 1596 __func__, idx, tty->name); 1597 return -1; 1598 } 1599 if (tty->driver->other) { 1600 if (o_tty != tty->driver->other->ttys[idx]) { 1601 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n", 1602 __func__, idx, tty->name); 1603 return -1; 1604 } 1605 if (o_tty->link != tty) { 1606 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__); 1607 return -1; 1608 } 1609 } 1610 #endif 1611 return 0; 1612 } 1613 1614 /** 1615 * tty_release - vfs callback for close 1616 * @inode: inode of tty 1617 * @filp: file pointer for handle to tty 1618 * 1619 * Called the last time each file handle is closed that references 1620 * this tty. There may however be several such references. 1621 * 1622 * Locking: 1623 * Takes bkl. See tty_release_dev 1624 * 1625 * Even releasing the tty structures is a tricky business.. We have 1626 * to be very careful that the structures are all released at the 1627 * same time, as interrupts might otherwise get the wrong pointers. 1628 * 1629 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1630 * lead to double frees or releasing memory still in use. 1631 */ 1632 1633 int tty_release(struct inode *inode, struct file *filp) 1634 { 1635 struct tty_struct *tty = file_tty(filp); 1636 struct tty_struct *o_tty; 1637 int pty_master, tty_closing, o_tty_closing, do_sleep; 1638 int idx; 1639 char buf[64]; 1640 1641 if (tty_paranoia_check(tty, inode, __func__)) 1642 return 0; 1643 1644 tty_lock(tty); 1645 check_tty_count(tty, __func__); 1646 1647 __tty_fasync(-1, filp, 0); 1648 1649 idx = tty->index; 1650 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1651 tty->driver->subtype == PTY_TYPE_MASTER); 1652 /* Review: parallel close */ 1653 o_tty = tty->link; 1654 1655 if (tty_release_checks(tty, o_tty, idx)) { 1656 tty_unlock(tty); 1657 return 0; 1658 } 1659 1660 #ifdef TTY_DEBUG_HANGUP 1661 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__, 1662 tty_name(tty, buf), tty->count); 1663 #endif 1664 1665 if (tty->ops->close) 1666 tty->ops->close(tty, filp); 1667 1668 tty_unlock(tty); 1669 /* 1670 * Sanity check: if tty->count is going to zero, there shouldn't be 1671 * any waiters on tty->read_wait or tty->write_wait. We test the 1672 * wait queues and kick everyone out _before_ actually starting to 1673 * close. This ensures that we won't block while releasing the tty 1674 * structure. 1675 * 1676 * The test for the o_tty closing is necessary, since the master and 1677 * slave sides may close in any order. If the slave side closes out 1678 * first, its count will be one, since the master side holds an open. 1679 * Thus this test wouldn't be triggered at the time the slave closes, 1680 * so we do it now. 1681 * 1682 * Note that it's possible for the tty to be opened again while we're 1683 * flushing out waiters. By recalculating the closing flags before 1684 * each iteration we avoid any problems. 1685 */ 1686 while (1) { 1687 /* Guard against races with tty->count changes elsewhere and 1688 opens on /dev/tty */ 1689 1690 mutex_lock(&tty_mutex); 1691 tty_lock_pair(tty, o_tty); 1692 tty_closing = tty->count <= 1; 1693 o_tty_closing = o_tty && 1694 (o_tty->count <= (pty_master ? 1 : 0)); 1695 do_sleep = 0; 1696 1697 if (tty_closing) { 1698 if (waitqueue_active(&tty->read_wait)) { 1699 wake_up_poll(&tty->read_wait, POLLIN); 1700 do_sleep++; 1701 } 1702 if (waitqueue_active(&tty->write_wait)) { 1703 wake_up_poll(&tty->write_wait, POLLOUT); 1704 do_sleep++; 1705 } 1706 } 1707 if (o_tty_closing) { 1708 if (waitqueue_active(&o_tty->read_wait)) { 1709 wake_up_poll(&o_tty->read_wait, POLLIN); 1710 do_sleep++; 1711 } 1712 if (waitqueue_active(&o_tty->write_wait)) { 1713 wake_up_poll(&o_tty->write_wait, POLLOUT); 1714 do_sleep++; 1715 } 1716 } 1717 if (!do_sleep) 1718 break; 1719 1720 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n", 1721 __func__, tty_name(tty, buf)); 1722 tty_unlock_pair(tty, o_tty); 1723 mutex_unlock(&tty_mutex); 1724 schedule(); 1725 } 1726 1727 /* 1728 * The closing flags are now consistent with the open counts on 1729 * both sides, and we've completed the last operation that could 1730 * block, so it's safe to proceed with closing. 1731 * 1732 * We must *not* drop the tty_mutex until we ensure that a further 1733 * entry into tty_open can not pick up this tty. 1734 */ 1735 if (pty_master) { 1736 if (--o_tty->count < 0) { 1737 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n", 1738 __func__, o_tty->count, tty_name(o_tty, buf)); 1739 o_tty->count = 0; 1740 } 1741 } 1742 if (--tty->count < 0) { 1743 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n", 1744 __func__, tty->count, tty_name(tty, buf)); 1745 tty->count = 0; 1746 } 1747 1748 /* 1749 * We've decremented tty->count, so we need to remove this file 1750 * descriptor off the tty->tty_files list; this serves two 1751 * purposes: 1752 * - check_tty_count sees the correct number of file descriptors 1753 * associated with this tty. 1754 * - do_tty_hangup no longer sees this file descriptor as 1755 * something that needs to be handled for hangups. 1756 */ 1757 tty_del_file(filp); 1758 1759 /* 1760 * Perform some housekeeping before deciding whether to return. 1761 * 1762 * Set the TTY_CLOSING flag if this was the last open. In the 1763 * case of a pty we may have to wait around for the other side 1764 * to close, and TTY_CLOSING makes sure we can't be reopened. 1765 */ 1766 if (tty_closing) 1767 set_bit(TTY_CLOSING, &tty->flags); 1768 if (o_tty_closing) 1769 set_bit(TTY_CLOSING, &o_tty->flags); 1770 1771 /* 1772 * If _either_ side is closing, make sure there aren't any 1773 * processes that still think tty or o_tty is their controlling 1774 * tty. 1775 */ 1776 if (tty_closing || o_tty_closing) { 1777 read_lock(&tasklist_lock); 1778 session_clear_tty(tty->session); 1779 if (o_tty) 1780 session_clear_tty(o_tty->session); 1781 read_unlock(&tasklist_lock); 1782 } 1783 1784 mutex_unlock(&tty_mutex); 1785 tty_unlock_pair(tty, o_tty); 1786 /* At this point the TTY_CLOSING flag should ensure a dead tty 1787 cannot be re-opened by a racing opener */ 1788 1789 /* check whether both sides are closing ... */ 1790 if (!tty_closing || (o_tty && !o_tty_closing)) 1791 return 0; 1792 1793 #ifdef TTY_DEBUG_HANGUP 1794 printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__); 1795 #endif 1796 /* 1797 * Ask the line discipline code to release its structures 1798 */ 1799 tty_ldisc_release(tty, o_tty); 1800 /* 1801 * The release_tty function takes care of the details of clearing 1802 * the slots and preserving the termios structure. The tty_unlock_pair 1803 * should be safe as we keep a kref while the tty is locked (so the 1804 * unlock never unlocks a freed tty). 1805 */ 1806 mutex_lock(&tty_mutex); 1807 release_tty(tty, idx); 1808 mutex_unlock(&tty_mutex); 1809 1810 return 0; 1811 } 1812 1813 /** 1814 * tty_open_current_tty - get tty of current task for open 1815 * @device: device number 1816 * @filp: file pointer to tty 1817 * @return: tty of the current task iff @device is /dev/tty 1818 * 1819 * We cannot return driver and index like for the other nodes because 1820 * devpts will not work then. It expects inodes to be from devpts FS. 1821 * 1822 * We need to move to returning a refcounted object from all the lookup 1823 * paths including this one. 1824 */ 1825 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1826 { 1827 struct tty_struct *tty; 1828 1829 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1830 return NULL; 1831 1832 tty = get_current_tty(); 1833 if (!tty) 1834 return ERR_PTR(-ENXIO); 1835 1836 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1837 /* noctty = 1; */ 1838 tty_kref_put(tty); 1839 /* FIXME: we put a reference and return a TTY! */ 1840 /* This is only safe because the caller holds tty_mutex */ 1841 return tty; 1842 } 1843 1844 /** 1845 * tty_lookup_driver - lookup a tty driver for a given device file 1846 * @device: device number 1847 * @filp: file pointer to tty 1848 * @noctty: set if the device should not become a controlling tty 1849 * @index: index for the device in the @return driver 1850 * @return: driver for this inode (with increased refcount) 1851 * 1852 * If @return is not erroneous, the caller is responsible to decrement the 1853 * refcount by tty_driver_kref_put. 1854 * 1855 * Locking: tty_mutex protects get_tty_driver 1856 */ 1857 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1858 int *noctty, int *index) 1859 { 1860 struct tty_driver *driver; 1861 1862 switch (device) { 1863 #ifdef CONFIG_VT 1864 case MKDEV(TTY_MAJOR, 0): { 1865 extern struct tty_driver *console_driver; 1866 driver = tty_driver_kref_get(console_driver); 1867 *index = fg_console; 1868 *noctty = 1; 1869 break; 1870 } 1871 #endif 1872 case MKDEV(TTYAUX_MAJOR, 1): { 1873 struct tty_driver *console_driver = console_device(index); 1874 if (console_driver) { 1875 driver = tty_driver_kref_get(console_driver); 1876 if (driver) { 1877 /* Don't let /dev/console block */ 1878 filp->f_flags |= O_NONBLOCK; 1879 *noctty = 1; 1880 break; 1881 } 1882 } 1883 return ERR_PTR(-ENODEV); 1884 } 1885 default: 1886 driver = get_tty_driver(device, index); 1887 if (!driver) 1888 return ERR_PTR(-ENODEV); 1889 break; 1890 } 1891 return driver; 1892 } 1893 1894 /** 1895 * tty_open - open a tty device 1896 * @inode: inode of device file 1897 * @filp: file pointer to tty 1898 * 1899 * tty_open and tty_release keep up the tty count that contains the 1900 * number of opens done on a tty. We cannot use the inode-count, as 1901 * different inodes might point to the same tty. 1902 * 1903 * Open-counting is needed for pty masters, as well as for keeping 1904 * track of serial lines: DTR is dropped when the last close happens. 1905 * (This is not done solely through tty->count, now. - Ted 1/27/92) 1906 * 1907 * The termios state of a pty is reset on first open so that 1908 * settings don't persist across reuse. 1909 * 1910 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 1911 * tty->count should protect the rest. 1912 * ->siglock protects ->signal/->sighand 1913 * 1914 * Note: the tty_unlock/lock cases without a ref are only safe due to 1915 * tty_mutex 1916 */ 1917 1918 static int tty_open(struct inode *inode, struct file *filp) 1919 { 1920 struct tty_struct *tty; 1921 int noctty, retval; 1922 struct tty_driver *driver = NULL; 1923 int index; 1924 dev_t device = inode->i_rdev; 1925 unsigned saved_flags = filp->f_flags; 1926 1927 nonseekable_open(inode, filp); 1928 1929 retry_open: 1930 retval = tty_alloc_file(filp); 1931 if (retval) 1932 return -ENOMEM; 1933 1934 noctty = filp->f_flags & O_NOCTTY; 1935 index = -1; 1936 retval = 0; 1937 1938 mutex_lock(&tty_mutex); 1939 /* This is protected by the tty_mutex */ 1940 tty = tty_open_current_tty(device, filp); 1941 if (IS_ERR(tty)) { 1942 retval = PTR_ERR(tty); 1943 goto err_unlock; 1944 } else if (!tty) { 1945 driver = tty_lookup_driver(device, filp, &noctty, &index); 1946 if (IS_ERR(driver)) { 1947 retval = PTR_ERR(driver); 1948 goto err_unlock; 1949 } 1950 1951 /* check whether we're reopening an existing tty */ 1952 tty = tty_driver_lookup_tty(driver, inode, index); 1953 if (IS_ERR(tty)) { 1954 retval = PTR_ERR(tty); 1955 goto err_unlock; 1956 } 1957 } 1958 1959 if (tty) { 1960 tty_lock(tty); 1961 retval = tty_reopen(tty); 1962 if (retval < 0) { 1963 tty_unlock(tty); 1964 tty = ERR_PTR(retval); 1965 } 1966 } else /* Returns with the tty_lock held for now */ 1967 tty = tty_init_dev(driver, index); 1968 1969 mutex_unlock(&tty_mutex); 1970 if (driver) 1971 tty_driver_kref_put(driver); 1972 if (IS_ERR(tty)) { 1973 retval = PTR_ERR(tty); 1974 goto err_file; 1975 } 1976 1977 tty_add_file(tty, filp); 1978 1979 check_tty_count(tty, __func__); 1980 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1981 tty->driver->subtype == PTY_TYPE_MASTER) 1982 noctty = 1; 1983 #ifdef TTY_DEBUG_HANGUP 1984 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name); 1985 #endif 1986 if (tty->ops->open) 1987 retval = tty->ops->open(tty, filp); 1988 else 1989 retval = -ENODEV; 1990 filp->f_flags = saved_flags; 1991 1992 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && 1993 !capable(CAP_SYS_ADMIN)) 1994 retval = -EBUSY; 1995 1996 if (retval) { 1997 #ifdef TTY_DEBUG_HANGUP 1998 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__, 1999 retval, tty->name); 2000 #endif 2001 tty_unlock(tty); /* need to call tty_release without BTM */ 2002 tty_release(inode, filp); 2003 if (retval != -ERESTARTSYS) 2004 return retval; 2005 2006 if (signal_pending(current)) 2007 return retval; 2008 2009 schedule(); 2010 /* 2011 * Need to reset f_op in case a hangup happened. 2012 */ 2013 if (filp->f_op == &hung_up_tty_fops) 2014 filp->f_op = &tty_fops; 2015 goto retry_open; 2016 } 2017 tty_unlock(tty); 2018 2019 2020 mutex_lock(&tty_mutex); 2021 tty_lock(tty); 2022 spin_lock_irq(¤t->sighand->siglock); 2023 if (!noctty && 2024 current->signal->leader && 2025 !current->signal->tty && 2026 tty->session == NULL) 2027 __proc_set_tty(current, tty); 2028 spin_unlock_irq(¤t->sighand->siglock); 2029 tty_unlock(tty); 2030 mutex_unlock(&tty_mutex); 2031 return 0; 2032 err_unlock: 2033 mutex_unlock(&tty_mutex); 2034 /* after locks to avoid deadlock */ 2035 if (!IS_ERR_OR_NULL(driver)) 2036 tty_driver_kref_put(driver); 2037 err_file: 2038 tty_free_file(filp); 2039 return retval; 2040 } 2041 2042 2043 2044 /** 2045 * tty_poll - check tty status 2046 * @filp: file being polled 2047 * @wait: poll wait structures to update 2048 * 2049 * Call the line discipline polling method to obtain the poll 2050 * status of the device. 2051 * 2052 * Locking: locks called line discipline but ldisc poll method 2053 * may be re-entered freely by other callers. 2054 */ 2055 2056 static unsigned int tty_poll(struct file *filp, poll_table *wait) 2057 { 2058 struct tty_struct *tty = file_tty(filp); 2059 struct tty_ldisc *ld; 2060 int ret = 0; 2061 2062 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2063 return 0; 2064 2065 ld = tty_ldisc_ref_wait(tty); 2066 if (ld->ops->poll) 2067 ret = (ld->ops->poll)(tty, filp, wait); 2068 tty_ldisc_deref(ld); 2069 return ret; 2070 } 2071 2072 static int __tty_fasync(int fd, struct file *filp, int on) 2073 { 2074 struct tty_struct *tty = file_tty(filp); 2075 unsigned long flags; 2076 int retval = 0; 2077 2078 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2079 goto out; 2080 2081 retval = fasync_helper(fd, filp, on, &tty->fasync); 2082 if (retval <= 0) 2083 goto out; 2084 2085 if (on) { 2086 enum pid_type type; 2087 struct pid *pid; 2088 if (!waitqueue_active(&tty->read_wait)) 2089 tty->minimum_to_wake = 1; 2090 spin_lock_irqsave(&tty->ctrl_lock, flags); 2091 if (tty->pgrp) { 2092 pid = tty->pgrp; 2093 type = PIDTYPE_PGID; 2094 } else { 2095 pid = task_pid(current); 2096 type = PIDTYPE_PID; 2097 } 2098 get_pid(pid); 2099 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2100 retval = __f_setown(filp, pid, type, 0); 2101 put_pid(pid); 2102 if (retval) 2103 goto out; 2104 } else { 2105 if (!tty->fasync && !waitqueue_active(&tty->read_wait)) 2106 tty->minimum_to_wake = N_TTY_BUF_SIZE; 2107 } 2108 retval = 0; 2109 out: 2110 return retval; 2111 } 2112 2113 static int tty_fasync(int fd, struct file *filp, int on) 2114 { 2115 struct tty_struct *tty = file_tty(filp); 2116 int retval; 2117 2118 tty_lock(tty); 2119 retval = __tty_fasync(fd, filp, on); 2120 tty_unlock(tty); 2121 2122 return retval; 2123 } 2124 2125 /** 2126 * tiocsti - fake input character 2127 * @tty: tty to fake input into 2128 * @p: pointer to character 2129 * 2130 * Fake input to a tty device. Does the necessary locking and 2131 * input management. 2132 * 2133 * FIXME: does not honour flow control ?? 2134 * 2135 * Locking: 2136 * Called functions take tty_ldisc_lock 2137 * current->signal->tty check is safe without locks 2138 * 2139 * FIXME: may race normal receive processing 2140 */ 2141 2142 static int tiocsti(struct tty_struct *tty, char __user *p) 2143 { 2144 char ch, mbz = 0; 2145 struct tty_ldisc *ld; 2146 2147 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2148 return -EPERM; 2149 if (get_user(ch, p)) 2150 return -EFAULT; 2151 tty_audit_tiocsti(tty, ch); 2152 ld = tty_ldisc_ref_wait(tty); 2153 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2154 tty_ldisc_deref(ld); 2155 return 0; 2156 } 2157 2158 /** 2159 * tiocgwinsz - implement window query ioctl 2160 * @tty; tty 2161 * @arg: user buffer for result 2162 * 2163 * Copies the kernel idea of the window size into the user buffer. 2164 * 2165 * Locking: tty->termios_mutex is taken to ensure the winsize data 2166 * is consistent. 2167 */ 2168 2169 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2170 { 2171 int err; 2172 2173 mutex_lock(&tty->termios_mutex); 2174 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2175 mutex_unlock(&tty->termios_mutex); 2176 2177 return err ? -EFAULT: 0; 2178 } 2179 2180 /** 2181 * tty_do_resize - resize event 2182 * @tty: tty being resized 2183 * @rows: rows (character) 2184 * @cols: cols (character) 2185 * 2186 * Update the termios variables and send the necessary signals to 2187 * peform a terminal resize correctly 2188 */ 2189 2190 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2191 { 2192 struct pid *pgrp; 2193 unsigned long flags; 2194 2195 /* Lock the tty */ 2196 mutex_lock(&tty->termios_mutex); 2197 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2198 goto done; 2199 /* Get the PID values and reference them so we can 2200 avoid holding the tty ctrl lock while sending signals */ 2201 spin_lock_irqsave(&tty->ctrl_lock, flags); 2202 pgrp = get_pid(tty->pgrp); 2203 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2204 2205 if (pgrp) 2206 kill_pgrp(pgrp, SIGWINCH, 1); 2207 put_pid(pgrp); 2208 2209 tty->winsize = *ws; 2210 done: 2211 mutex_unlock(&tty->termios_mutex); 2212 return 0; 2213 } 2214 EXPORT_SYMBOL(tty_do_resize); 2215 2216 /** 2217 * tiocswinsz - implement window size set ioctl 2218 * @tty; tty side of tty 2219 * @arg: user buffer for result 2220 * 2221 * Copies the user idea of the window size to the kernel. Traditionally 2222 * this is just advisory information but for the Linux console it 2223 * actually has driver level meaning and triggers a VC resize. 2224 * 2225 * Locking: 2226 * Driver dependent. The default do_resize method takes the 2227 * tty termios mutex and ctrl_lock. The console takes its own lock 2228 * then calls into the default method. 2229 */ 2230 2231 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2232 { 2233 struct winsize tmp_ws; 2234 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2235 return -EFAULT; 2236 2237 if (tty->ops->resize) 2238 return tty->ops->resize(tty, &tmp_ws); 2239 else 2240 return tty_do_resize(tty, &tmp_ws); 2241 } 2242 2243 /** 2244 * tioccons - allow admin to move logical console 2245 * @file: the file to become console 2246 * 2247 * Allow the administrator to move the redirected console device 2248 * 2249 * Locking: uses redirect_lock to guard the redirect information 2250 */ 2251 2252 static int tioccons(struct file *file) 2253 { 2254 if (!capable(CAP_SYS_ADMIN)) 2255 return -EPERM; 2256 if (file->f_op->write == redirected_tty_write) { 2257 struct file *f; 2258 spin_lock(&redirect_lock); 2259 f = redirect; 2260 redirect = NULL; 2261 spin_unlock(&redirect_lock); 2262 if (f) 2263 fput(f); 2264 return 0; 2265 } 2266 spin_lock(&redirect_lock); 2267 if (redirect) { 2268 spin_unlock(&redirect_lock); 2269 return -EBUSY; 2270 } 2271 redirect = get_file(file); 2272 spin_unlock(&redirect_lock); 2273 return 0; 2274 } 2275 2276 /** 2277 * fionbio - non blocking ioctl 2278 * @file: file to set blocking value 2279 * @p: user parameter 2280 * 2281 * Historical tty interfaces had a blocking control ioctl before 2282 * the generic functionality existed. This piece of history is preserved 2283 * in the expected tty API of posix OS's. 2284 * 2285 * Locking: none, the open file handle ensures it won't go away. 2286 */ 2287 2288 static int fionbio(struct file *file, int __user *p) 2289 { 2290 int nonblock; 2291 2292 if (get_user(nonblock, p)) 2293 return -EFAULT; 2294 2295 spin_lock(&file->f_lock); 2296 if (nonblock) 2297 file->f_flags |= O_NONBLOCK; 2298 else 2299 file->f_flags &= ~O_NONBLOCK; 2300 spin_unlock(&file->f_lock); 2301 return 0; 2302 } 2303 2304 /** 2305 * tiocsctty - set controlling tty 2306 * @tty: tty structure 2307 * @arg: user argument 2308 * 2309 * This ioctl is used to manage job control. It permits a session 2310 * leader to set this tty as the controlling tty for the session. 2311 * 2312 * Locking: 2313 * Takes tty_mutex() to protect tty instance 2314 * Takes tasklist_lock internally to walk sessions 2315 * Takes ->siglock() when updating signal->tty 2316 */ 2317 2318 static int tiocsctty(struct tty_struct *tty, int arg) 2319 { 2320 int ret = 0; 2321 if (current->signal->leader && (task_session(current) == tty->session)) 2322 return ret; 2323 2324 mutex_lock(&tty_mutex); 2325 /* 2326 * The process must be a session leader and 2327 * not have a controlling tty already. 2328 */ 2329 if (!current->signal->leader || current->signal->tty) { 2330 ret = -EPERM; 2331 goto unlock; 2332 } 2333 2334 if (tty->session) { 2335 /* 2336 * This tty is already the controlling 2337 * tty for another session group! 2338 */ 2339 if (arg == 1 && capable(CAP_SYS_ADMIN)) { 2340 /* 2341 * Steal it away 2342 */ 2343 read_lock(&tasklist_lock); 2344 session_clear_tty(tty->session); 2345 read_unlock(&tasklist_lock); 2346 } else { 2347 ret = -EPERM; 2348 goto unlock; 2349 } 2350 } 2351 proc_set_tty(current, tty); 2352 unlock: 2353 mutex_unlock(&tty_mutex); 2354 return ret; 2355 } 2356 2357 /** 2358 * tty_get_pgrp - return a ref counted pgrp pid 2359 * @tty: tty to read 2360 * 2361 * Returns a refcounted instance of the pid struct for the process 2362 * group controlling the tty. 2363 */ 2364 2365 struct pid *tty_get_pgrp(struct tty_struct *tty) 2366 { 2367 unsigned long flags; 2368 struct pid *pgrp; 2369 2370 spin_lock_irqsave(&tty->ctrl_lock, flags); 2371 pgrp = get_pid(tty->pgrp); 2372 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2373 2374 return pgrp; 2375 } 2376 EXPORT_SYMBOL_GPL(tty_get_pgrp); 2377 2378 /** 2379 * tiocgpgrp - get process group 2380 * @tty: tty passed by user 2381 * @real_tty: tty side of the tty passed by the user if a pty else the tty 2382 * @p: returned pid 2383 * 2384 * Obtain the process group of the tty. If there is no process group 2385 * return an error. 2386 * 2387 * Locking: none. Reference to current->signal->tty is safe. 2388 */ 2389 2390 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2391 { 2392 struct pid *pid; 2393 int ret; 2394 /* 2395 * (tty == real_tty) is a cheap way of 2396 * testing if the tty is NOT a master pty. 2397 */ 2398 if (tty == real_tty && current->signal->tty != real_tty) 2399 return -ENOTTY; 2400 pid = tty_get_pgrp(real_tty); 2401 ret = put_user(pid_vnr(pid), p); 2402 put_pid(pid); 2403 return ret; 2404 } 2405 2406 /** 2407 * tiocspgrp - attempt to set process group 2408 * @tty: tty passed by user 2409 * @real_tty: tty side device matching tty passed by user 2410 * @p: pid pointer 2411 * 2412 * Set the process group of the tty to the session passed. Only 2413 * permitted where the tty session is our session. 2414 * 2415 * Locking: RCU, ctrl lock 2416 */ 2417 2418 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2419 { 2420 struct pid *pgrp; 2421 pid_t pgrp_nr; 2422 int retval = tty_check_change(real_tty); 2423 unsigned long flags; 2424 2425 if (retval == -EIO) 2426 return -ENOTTY; 2427 if (retval) 2428 return retval; 2429 if (!current->signal->tty || 2430 (current->signal->tty != real_tty) || 2431 (real_tty->session != task_session(current))) 2432 return -ENOTTY; 2433 if (get_user(pgrp_nr, p)) 2434 return -EFAULT; 2435 if (pgrp_nr < 0) 2436 return -EINVAL; 2437 rcu_read_lock(); 2438 pgrp = find_vpid(pgrp_nr); 2439 retval = -ESRCH; 2440 if (!pgrp) 2441 goto out_unlock; 2442 retval = -EPERM; 2443 if (session_of_pgrp(pgrp) != task_session(current)) 2444 goto out_unlock; 2445 retval = 0; 2446 spin_lock_irqsave(&tty->ctrl_lock, flags); 2447 put_pid(real_tty->pgrp); 2448 real_tty->pgrp = get_pid(pgrp); 2449 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2450 out_unlock: 2451 rcu_read_unlock(); 2452 return retval; 2453 } 2454 2455 /** 2456 * tiocgsid - get session id 2457 * @tty: tty passed by user 2458 * @real_tty: tty side of the tty passed by the user if a pty else the tty 2459 * @p: pointer to returned session id 2460 * 2461 * Obtain the session id of the tty. If there is no session 2462 * return an error. 2463 * 2464 * Locking: none. Reference to current->signal->tty is safe. 2465 */ 2466 2467 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2468 { 2469 /* 2470 * (tty == real_tty) is a cheap way of 2471 * testing if the tty is NOT a master pty. 2472 */ 2473 if (tty == real_tty && current->signal->tty != real_tty) 2474 return -ENOTTY; 2475 if (!real_tty->session) 2476 return -ENOTTY; 2477 return put_user(pid_vnr(real_tty->session), p); 2478 } 2479 2480 /** 2481 * tiocsetd - set line discipline 2482 * @tty: tty device 2483 * @p: pointer to user data 2484 * 2485 * Set the line discipline according to user request. 2486 * 2487 * Locking: see tty_set_ldisc, this function is just a helper 2488 */ 2489 2490 static int tiocsetd(struct tty_struct *tty, int __user *p) 2491 { 2492 int ldisc; 2493 int ret; 2494 2495 if (get_user(ldisc, p)) 2496 return -EFAULT; 2497 2498 ret = tty_set_ldisc(tty, ldisc); 2499 2500 return ret; 2501 } 2502 2503 /** 2504 * send_break - performed time break 2505 * @tty: device to break on 2506 * @duration: timeout in mS 2507 * 2508 * Perform a timed break on hardware that lacks its own driver level 2509 * timed break functionality. 2510 * 2511 * Locking: 2512 * atomic_write_lock serializes 2513 * 2514 */ 2515 2516 static int send_break(struct tty_struct *tty, unsigned int duration) 2517 { 2518 int retval; 2519 2520 if (tty->ops->break_ctl == NULL) 2521 return 0; 2522 2523 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2524 retval = tty->ops->break_ctl(tty, duration); 2525 else { 2526 /* Do the work ourselves */ 2527 if (tty_write_lock(tty, 0) < 0) 2528 return -EINTR; 2529 retval = tty->ops->break_ctl(tty, -1); 2530 if (retval) 2531 goto out; 2532 if (!signal_pending(current)) 2533 msleep_interruptible(duration); 2534 retval = tty->ops->break_ctl(tty, 0); 2535 out: 2536 tty_write_unlock(tty); 2537 if (signal_pending(current)) 2538 retval = -EINTR; 2539 } 2540 return retval; 2541 } 2542 2543 /** 2544 * tty_tiocmget - get modem status 2545 * @tty: tty device 2546 * @file: user file pointer 2547 * @p: pointer to result 2548 * 2549 * Obtain the modem status bits from the tty driver if the feature 2550 * is supported. Return -EINVAL if it is not available. 2551 * 2552 * Locking: none (up to the driver) 2553 */ 2554 2555 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2556 { 2557 int retval = -EINVAL; 2558 2559 if (tty->ops->tiocmget) { 2560 retval = tty->ops->tiocmget(tty); 2561 2562 if (retval >= 0) 2563 retval = put_user(retval, p); 2564 } 2565 return retval; 2566 } 2567 2568 /** 2569 * tty_tiocmset - set modem status 2570 * @tty: tty device 2571 * @cmd: command - clear bits, set bits or set all 2572 * @p: pointer to desired bits 2573 * 2574 * Set the modem status bits from the tty driver if the feature 2575 * is supported. Return -EINVAL if it is not available. 2576 * 2577 * Locking: none (up to the driver) 2578 */ 2579 2580 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2581 unsigned __user *p) 2582 { 2583 int retval; 2584 unsigned int set, clear, val; 2585 2586 if (tty->ops->tiocmset == NULL) 2587 return -EINVAL; 2588 2589 retval = get_user(val, p); 2590 if (retval) 2591 return retval; 2592 set = clear = 0; 2593 switch (cmd) { 2594 case TIOCMBIS: 2595 set = val; 2596 break; 2597 case TIOCMBIC: 2598 clear = val; 2599 break; 2600 case TIOCMSET: 2601 set = val; 2602 clear = ~val; 2603 break; 2604 } 2605 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2606 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2607 return tty->ops->tiocmset(tty, set, clear); 2608 } 2609 2610 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2611 { 2612 int retval = -EINVAL; 2613 struct serial_icounter_struct icount; 2614 memset(&icount, 0, sizeof(icount)); 2615 if (tty->ops->get_icount) 2616 retval = tty->ops->get_icount(tty, &icount); 2617 if (retval != 0) 2618 return retval; 2619 if (copy_to_user(arg, &icount, sizeof(icount))) 2620 return -EFAULT; 2621 return 0; 2622 } 2623 2624 struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2625 { 2626 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2627 tty->driver->subtype == PTY_TYPE_MASTER) 2628 tty = tty->link; 2629 return tty; 2630 } 2631 EXPORT_SYMBOL(tty_pair_get_tty); 2632 2633 struct tty_struct *tty_pair_get_pty(struct tty_struct *tty) 2634 { 2635 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2636 tty->driver->subtype == PTY_TYPE_MASTER) 2637 return tty; 2638 return tty->link; 2639 } 2640 EXPORT_SYMBOL(tty_pair_get_pty); 2641 2642 /* 2643 * Split this up, as gcc can choke on it otherwise.. 2644 */ 2645 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2646 { 2647 struct tty_struct *tty = file_tty(file); 2648 struct tty_struct *real_tty; 2649 void __user *p = (void __user *)arg; 2650 int retval; 2651 struct tty_ldisc *ld; 2652 2653 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2654 return -EINVAL; 2655 2656 real_tty = tty_pair_get_tty(tty); 2657 2658 /* 2659 * Factor out some common prep work 2660 */ 2661 switch (cmd) { 2662 case TIOCSETD: 2663 case TIOCSBRK: 2664 case TIOCCBRK: 2665 case TCSBRK: 2666 case TCSBRKP: 2667 retval = tty_check_change(tty); 2668 if (retval) 2669 return retval; 2670 if (cmd != TIOCCBRK) { 2671 tty_wait_until_sent(tty, 0); 2672 if (signal_pending(current)) 2673 return -EINTR; 2674 } 2675 break; 2676 } 2677 2678 /* 2679 * Now do the stuff. 2680 */ 2681 switch (cmd) { 2682 case TIOCSTI: 2683 return tiocsti(tty, p); 2684 case TIOCGWINSZ: 2685 return tiocgwinsz(real_tty, p); 2686 case TIOCSWINSZ: 2687 return tiocswinsz(real_tty, p); 2688 case TIOCCONS: 2689 return real_tty != tty ? -EINVAL : tioccons(file); 2690 case FIONBIO: 2691 return fionbio(file, p); 2692 case TIOCEXCL: 2693 set_bit(TTY_EXCLUSIVE, &tty->flags); 2694 return 0; 2695 case TIOCNXCL: 2696 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2697 return 0; 2698 case TIOCGEXCL: 2699 { 2700 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2701 return put_user(excl, (int __user *)p); 2702 } 2703 case TIOCNOTTY: 2704 if (current->signal->tty != tty) 2705 return -ENOTTY; 2706 no_tty(); 2707 return 0; 2708 case TIOCSCTTY: 2709 return tiocsctty(tty, arg); 2710 case TIOCGPGRP: 2711 return tiocgpgrp(tty, real_tty, p); 2712 case TIOCSPGRP: 2713 return tiocspgrp(tty, real_tty, p); 2714 case TIOCGSID: 2715 return tiocgsid(tty, real_tty, p); 2716 case TIOCGETD: 2717 return put_user(tty->ldisc->ops->num, (int __user *)p); 2718 case TIOCSETD: 2719 return tiocsetd(tty, p); 2720 case TIOCVHANGUP: 2721 if (!capable(CAP_SYS_ADMIN)) 2722 return -EPERM; 2723 tty_vhangup(tty); 2724 return 0; 2725 case TIOCGDEV: 2726 { 2727 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2728 return put_user(ret, (unsigned int __user *)p); 2729 } 2730 /* 2731 * Break handling 2732 */ 2733 case TIOCSBRK: /* Turn break on, unconditionally */ 2734 if (tty->ops->break_ctl) 2735 return tty->ops->break_ctl(tty, -1); 2736 return 0; 2737 case TIOCCBRK: /* Turn break off, unconditionally */ 2738 if (tty->ops->break_ctl) 2739 return tty->ops->break_ctl(tty, 0); 2740 return 0; 2741 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2742 /* non-zero arg means wait for all output data 2743 * to be sent (performed above) but don't send break. 2744 * This is used by the tcdrain() termios function. 2745 */ 2746 if (!arg) 2747 return send_break(tty, 250); 2748 return 0; 2749 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2750 return send_break(tty, arg ? arg*100 : 250); 2751 2752 case TIOCMGET: 2753 return tty_tiocmget(tty, p); 2754 case TIOCMSET: 2755 case TIOCMBIC: 2756 case TIOCMBIS: 2757 return tty_tiocmset(tty, cmd, p); 2758 case TIOCGICOUNT: 2759 retval = tty_tiocgicount(tty, p); 2760 /* For the moment allow fall through to the old method */ 2761 if (retval != -EINVAL) 2762 return retval; 2763 break; 2764 case TCFLSH: 2765 switch (arg) { 2766 case TCIFLUSH: 2767 case TCIOFLUSH: 2768 /* flush tty buffer and allow ldisc to process ioctl */ 2769 tty_buffer_flush(tty); 2770 break; 2771 } 2772 break; 2773 } 2774 if (tty->ops->ioctl) { 2775 retval = (tty->ops->ioctl)(tty, cmd, arg); 2776 if (retval != -ENOIOCTLCMD) 2777 return retval; 2778 } 2779 ld = tty_ldisc_ref_wait(tty); 2780 retval = -EINVAL; 2781 if (ld->ops->ioctl) { 2782 retval = ld->ops->ioctl(tty, file, cmd, arg); 2783 if (retval == -ENOIOCTLCMD) 2784 retval = -ENOTTY; 2785 } 2786 tty_ldisc_deref(ld); 2787 return retval; 2788 } 2789 2790 #ifdef CONFIG_COMPAT 2791 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2792 unsigned long arg) 2793 { 2794 struct tty_struct *tty = file_tty(file); 2795 struct tty_ldisc *ld; 2796 int retval = -ENOIOCTLCMD; 2797 2798 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2799 return -EINVAL; 2800 2801 if (tty->ops->compat_ioctl) { 2802 retval = (tty->ops->compat_ioctl)(tty, cmd, arg); 2803 if (retval != -ENOIOCTLCMD) 2804 return retval; 2805 } 2806 2807 ld = tty_ldisc_ref_wait(tty); 2808 if (ld->ops->compat_ioctl) 2809 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2810 else 2811 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg); 2812 tty_ldisc_deref(ld); 2813 2814 return retval; 2815 } 2816 #endif 2817 2818 static int this_tty(const void *t, struct file *file, unsigned fd) 2819 { 2820 if (likely(file->f_op->read != tty_read)) 2821 return 0; 2822 return file_tty(file) != t ? 0 : fd + 1; 2823 } 2824 2825 /* 2826 * This implements the "Secure Attention Key" --- the idea is to 2827 * prevent trojan horses by killing all processes associated with this 2828 * tty when the user hits the "Secure Attention Key". Required for 2829 * super-paranoid applications --- see the Orange Book for more details. 2830 * 2831 * This code could be nicer; ideally it should send a HUP, wait a few 2832 * seconds, then send a INT, and then a KILL signal. But you then 2833 * have to coordinate with the init process, since all processes associated 2834 * with the current tty must be dead before the new getty is allowed 2835 * to spawn. 2836 * 2837 * Now, if it would be correct ;-/ The current code has a nasty hole - 2838 * it doesn't catch files in flight. We may send the descriptor to ourselves 2839 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2840 * 2841 * Nasty bug: do_SAK is being called in interrupt context. This can 2842 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2843 */ 2844 void __do_SAK(struct tty_struct *tty) 2845 { 2846 #ifdef TTY_SOFT_SAK 2847 tty_hangup(tty); 2848 #else 2849 struct task_struct *g, *p; 2850 struct pid *session; 2851 int i; 2852 2853 if (!tty) 2854 return; 2855 session = tty->session; 2856 2857 tty_ldisc_flush(tty); 2858 2859 tty_driver_flush_buffer(tty); 2860 2861 read_lock(&tasklist_lock); 2862 /* Kill the entire session */ 2863 do_each_pid_task(session, PIDTYPE_SID, p) { 2864 printk(KERN_NOTICE "SAK: killed process %d" 2865 " (%s): task_session(p)==tty->session\n", 2866 task_pid_nr(p), p->comm); 2867 send_sig(SIGKILL, p, 1); 2868 } while_each_pid_task(session, PIDTYPE_SID, p); 2869 /* Now kill any processes that happen to have the 2870 * tty open. 2871 */ 2872 do_each_thread(g, p) { 2873 if (p->signal->tty == tty) { 2874 printk(KERN_NOTICE "SAK: killed process %d" 2875 " (%s): task_session(p)==tty->session\n", 2876 task_pid_nr(p), p->comm); 2877 send_sig(SIGKILL, p, 1); 2878 continue; 2879 } 2880 task_lock(p); 2881 i = iterate_fd(p->files, 0, this_tty, tty); 2882 if (i != 0) { 2883 printk(KERN_NOTICE "SAK: killed process %d" 2884 " (%s): fd#%d opened to the tty\n", 2885 task_pid_nr(p), p->comm, i - 1); 2886 force_sig(SIGKILL, p); 2887 } 2888 task_unlock(p); 2889 } while_each_thread(g, p); 2890 read_unlock(&tasklist_lock); 2891 #endif 2892 } 2893 2894 static void do_SAK_work(struct work_struct *work) 2895 { 2896 struct tty_struct *tty = 2897 container_of(work, struct tty_struct, SAK_work); 2898 __do_SAK(tty); 2899 } 2900 2901 /* 2902 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2903 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2904 * the values which we write to it will be identical to the values which it 2905 * already has. --akpm 2906 */ 2907 void do_SAK(struct tty_struct *tty) 2908 { 2909 if (!tty) 2910 return; 2911 schedule_work(&tty->SAK_work); 2912 } 2913 2914 EXPORT_SYMBOL(do_SAK); 2915 2916 static int dev_match_devt(struct device *dev, const void *data) 2917 { 2918 const dev_t *devt = data; 2919 return dev->devt == *devt; 2920 } 2921 2922 /* Must put_device() after it's unused! */ 2923 static struct device *tty_get_device(struct tty_struct *tty) 2924 { 2925 dev_t devt = tty_devnum(tty); 2926 return class_find_device(tty_class, NULL, &devt, dev_match_devt); 2927 } 2928 2929 2930 /** 2931 * initialize_tty_struct 2932 * @tty: tty to initialize 2933 * 2934 * This subroutine initializes a tty structure that has been newly 2935 * allocated. 2936 * 2937 * Locking: none - tty in question must not be exposed at this point 2938 */ 2939 2940 void initialize_tty_struct(struct tty_struct *tty, 2941 struct tty_driver *driver, int idx) 2942 { 2943 memset(tty, 0, sizeof(struct tty_struct)); 2944 kref_init(&tty->kref); 2945 tty->magic = TTY_MAGIC; 2946 tty_ldisc_init(tty); 2947 tty->session = NULL; 2948 tty->pgrp = NULL; 2949 mutex_init(&tty->legacy_mutex); 2950 mutex_init(&tty->termios_mutex); 2951 mutex_init(&tty->ldisc_mutex); 2952 init_waitqueue_head(&tty->write_wait); 2953 init_waitqueue_head(&tty->read_wait); 2954 INIT_WORK(&tty->hangup_work, do_tty_hangup); 2955 mutex_init(&tty->atomic_write_lock); 2956 spin_lock_init(&tty->ctrl_lock); 2957 INIT_LIST_HEAD(&tty->tty_files); 2958 INIT_WORK(&tty->SAK_work, do_SAK_work); 2959 2960 tty->driver = driver; 2961 tty->ops = driver->ops; 2962 tty->index = idx; 2963 tty_line_name(driver, idx, tty->name); 2964 tty->dev = tty_get_device(tty); 2965 } 2966 2967 /** 2968 * deinitialize_tty_struct 2969 * @tty: tty to deinitialize 2970 * 2971 * This subroutine deinitializes a tty structure that has been newly 2972 * allocated but tty_release cannot be called on that yet. 2973 * 2974 * Locking: none - tty in question must not be exposed at this point 2975 */ 2976 void deinitialize_tty_struct(struct tty_struct *tty) 2977 { 2978 tty_ldisc_deinit(tty); 2979 } 2980 2981 /** 2982 * tty_put_char - write one character to a tty 2983 * @tty: tty 2984 * @ch: character 2985 * 2986 * Write one byte to the tty using the provided put_char method 2987 * if present. Returns the number of characters successfully output. 2988 * 2989 * Note: the specific put_char operation in the driver layer may go 2990 * away soon. Don't call it directly, use this method 2991 */ 2992 2993 int tty_put_char(struct tty_struct *tty, unsigned char ch) 2994 { 2995 if (tty->ops->put_char) 2996 return tty->ops->put_char(tty, ch); 2997 return tty->ops->write(tty, &ch, 1); 2998 } 2999 EXPORT_SYMBOL_GPL(tty_put_char); 3000 3001 struct class *tty_class; 3002 3003 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3004 unsigned int index, unsigned int count) 3005 { 3006 /* init here, since reused cdevs cause crashes */ 3007 cdev_init(&driver->cdevs[index], &tty_fops); 3008 driver->cdevs[index].owner = driver->owner; 3009 return cdev_add(&driver->cdevs[index], dev, count); 3010 } 3011 3012 /** 3013 * tty_register_device - register a tty device 3014 * @driver: the tty driver that describes the tty device 3015 * @index: the index in the tty driver for this tty device 3016 * @device: a struct device that is associated with this tty device. 3017 * This field is optional, if there is no known struct device 3018 * for this tty device it can be set to NULL safely. 3019 * 3020 * Returns a pointer to the struct device for this tty device 3021 * (or ERR_PTR(-EFOO) on error). 3022 * 3023 * This call is required to be made to register an individual tty device 3024 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3025 * that bit is not set, this function should not be called by a tty 3026 * driver. 3027 * 3028 * Locking: ?? 3029 */ 3030 3031 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3032 struct device *device) 3033 { 3034 return tty_register_device_attr(driver, index, device, NULL, NULL); 3035 } 3036 EXPORT_SYMBOL(tty_register_device); 3037 3038 static void tty_device_create_release(struct device *dev) 3039 { 3040 pr_debug("device: '%s': %s\n", dev_name(dev), __func__); 3041 kfree(dev); 3042 } 3043 3044 /** 3045 * tty_register_device_attr - register a tty device 3046 * @driver: the tty driver that describes the tty device 3047 * @index: the index in the tty driver for this tty device 3048 * @device: a struct device that is associated with this tty device. 3049 * This field is optional, if there is no known struct device 3050 * for this tty device it can be set to NULL safely. 3051 * @drvdata: Driver data to be set to device. 3052 * @attr_grp: Attribute group to be set on device. 3053 * 3054 * Returns a pointer to the struct device for this tty device 3055 * (or ERR_PTR(-EFOO) on error). 3056 * 3057 * This call is required to be made to register an individual tty device 3058 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3059 * that bit is not set, this function should not be called by a tty 3060 * driver. 3061 * 3062 * Locking: ?? 3063 */ 3064 struct device *tty_register_device_attr(struct tty_driver *driver, 3065 unsigned index, struct device *device, 3066 void *drvdata, 3067 const struct attribute_group **attr_grp) 3068 { 3069 char name[64]; 3070 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3071 struct device *dev = NULL; 3072 int retval = -ENODEV; 3073 bool cdev = false; 3074 3075 if (index >= driver->num) { 3076 printk(KERN_ERR "Attempt to register invalid tty line number " 3077 " (%d).\n", index); 3078 return ERR_PTR(-EINVAL); 3079 } 3080 3081 if (driver->type == TTY_DRIVER_TYPE_PTY) 3082 pty_line_name(driver, index, name); 3083 else 3084 tty_line_name(driver, index, name); 3085 3086 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3087 retval = tty_cdev_add(driver, devt, index, 1); 3088 if (retval) 3089 goto error; 3090 cdev = true; 3091 } 3092 3093 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3094 if (!dev) { 3095 retval = -ENOMEM; 3096 goto error; 3097 } 3098 3099 dev->devt = devt; 3100 dev->class = tty_class; 3101 dev->parent = device; 3102 dev->release = tty_device_create_release; 3103 dev_set_name(dev, "%s", name); 3104 dev->groups = attr_grp; 3105 dev_set_drvdata(dev, drvdata); 3106 3107 retval = device_register(dev); 3108 if (retval) 3109 goto error; 3110 3111 return dev; 3112 3113 error: 3114 put_device(dev); 3115 if (cdev) 3116 cdev_del(&driver->cdevs[index]); 3117 return ERR_PTR(retval); 3118 } 3119 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3120 3121 /** 3122 * tty_unregister_device - unregister a tty device 3123 * @driver: the tty driver that describes the tty device 3124 * @index: the index in the tty driver for this tty device 3125 * 3126 * If a tty device is registered with a call to tty_register_device() then 3127 * this function must be called when the tty device is gone. 3128 * 3129 * Locking: ?? 3130 */ 3131 3132 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3133 { 3134 device_destroy(tty_class, 3135 MKDEV(driver->major, driver->minor_start) + index); 3136 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) 3137 cdev_del(&driver->cdevs[index]); 3138 } 3139 EXPORT_SYMBOL(tty_unregister_device); 3140 3141 /** 3142 * __tty_alloc_driver -- allocate tty driver 3143 * @lines: count of lines this driver can handle at most 3144 * @owner: module which is repsonsible for this driver 3145 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3146 * 3147 * This should not be called directly, some of the provided macros should be 3148 * used instead. Use IS_ERR and friends on @retval. 3149 */ 3150 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3151 unsigned long flags) 3152 { 3153 struct tty_driver *driver; 3154 unsigned int cdevs = 1; 3155 int err; 3156 3157 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3158 return ERR_PTR(-EINVAL); 3159 3160 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL); 3161 if (!driver) 3162 return ERR_PTR(-ENOMEM); 3163 3164 kref_init(&driver->kref); 3165 driver->magic = TTY_DRIVER_MAGIC; 3166 driver->num = lines; 3167 driver->owner = owner; 3168 driver->flags = flags; 3169 3170 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3171 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3172 GFP_KERNEL); 3173 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3174 GFP_KERNEL); 3175 if (!driver->ttys || !driver->termios) { 3176 err = -ENOMEM; 3177 goto err_free_all; 3178 } 3179 } 3180 3181 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3182 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3183 GFP_KERNEL); 3184 if (!driver->ports) { 3185 err = -ENOMEM; 3186 goto err_free_all; 3187 } 3188 cdevs = lines; 3189 } 3190 3191 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3192 if (!driver->cdevs) { 3193 err = -ENOMEM; 3194 goto err_free_all; 3195 } 3196 3197 return driver; 3198 err_free_all: 3199 kfree(driver->ports); 3200 kfree(driver->ttys); 3201 kfree(driver->termios); 3202 kfree(driver); 3203 return ERR_PTR(err); 3204 } 3205 EXPORT_SYMBOL(__tty_alloc_driver); 3206 3207 static void destruct_tty_driver(struct kref *kref) 3208 { 3209 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3210 int i; 3211 struct ktermios *tp; 3212 3213 if (driver->flags & TTY_DRIVER_INSTALLED) { 3214 /* 3215 * Free the termios and termios_locked structures because 3216 * we don't want to get memory leaks when modular tty 3217 * drivers are removed from the kernel. 3218 */ 3219 for (i = 0; i < driver->num; i++) { 3220 tp = driver->termios[i]; 3221 if (tp) { 3222 driver->termios[i] = NULL; 3223 kfree(tp); 3224 } 3225 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3226 tty_unregister_device(driver, i); 3227 } 3228 proc_tty_unregister_driver(driver); 3229 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3230 cdev_del(&driver->cdevs[0]); 3231 } 3232 kfree(driver->cdevs); 3233 kfree(driver->ports); 3234 kfree(driver->termios); 3235 kfree(driver->ttys); 3236 kfree(driver); 3237 } 3238 3239 void tty_driver_kref_put(struct tty_driver *driver) 3240 { 3241 kref_put(&driver->kref, destruct_tty_driver); 3242 } 3243 EXPORT_SYMBOL(tty_driver_kref_put); 3244 3245 void tty_set_operations(struct tty_driver *driver, 3246 const struct tty_operations *op) 3247 { 3248 driver->ops = op; 3249 }; 3250 EXPORT_SYMBOL(tty_set_operations); 3251 3252 void put_tty_driver(struct tty_driver *d) 3253 { 3254 tty_driver_kref_put(d); 3255 } 3256 EXPORT_SYMBOL(put_tty_driver); 3257 3258 /* 3259 * Called by a tty driver to register itself. 3260 */ 3261 int tty_register_driver(struct tty_driver *driver) 3262 { 3263 int error; 3264 int i; 3265 dev_t dev; 3266 struct device *d; 3267 3268 if (!driver->major) { 3269 error = alloc_chrdev_region(&dev, driver->minor_start, 3270 driver->num, driver->name); 3271 if (!error) { 3272 driver->major = MAJOR(dev); 3273 driver->minor_start = MINOR(dev); 3274 } 3275 } else { 3276 dev = MKDEV(driver->major, driver->minor_start); 3277 error = register_chrdev_region(dev, driver->num, driver->name); 3278 } 3279 if (error < 0) 3280 goto err; 3281 3282 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3283 error = tty_cdev_add(driver, dev, 0, driver->num); 3284 if (error) 3285 goto err_unreg_char; 3286 } 3287 3288 mutex_lock(&tty_mutex); 3289 list_add(&driver->tty_drivers, &tty_drivers); 3290 mutex_unlock(&tty_mutex); 3291 3292 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3293 for (i = 0; i < driver->num; i++) { 3294 d = tty_register_device(driver, i, NULL); 3295 if (IS_ERR(d)) { 3296 error = PTR_ERR(d); 3297 goto err_unreg_devs; 3298 } 3299 } 3300 } 3301 proc_tty_register_driver(driver); 3302 driver->flags |= TTY_DRIVER_INSTALLED; 3303 return 0; 3304 3305 err_unreg_devs: 3306 for (i--; i >= 0; i--) 3307 tty_unregister_device(driver, i); 3308 3309 mutex_lock(&tty_mutex); 3310 list_del(&driver->tty_drivers); 3311 mutex_unlock(&tty_mutex); 3312 3313 err_unreg_char: 3314 unregister_chrdev_region(dev, driver->num); 3315 err: 3316 return error; 3317 } 3318 EXPORT_SYMBOL(tty_register_driver); 3319 3320 /* 3321 * Called by a tty driver to unregister itself. 3322 */ 3323 int tty_unregister_driver(struct tty_driver *driver) 3324 { 3325 #if 0 3326 /* FIXME */ 3327 if (driver->refcount) 3328 return -EBUSY; 3329 #endif 3330 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3331 driver->num); 3332 mutex_lock(&tty_mutex); 3333 list_del(&driver->tty_drivers); 3334 mutex_unlock(&tty_mutex); 3335 return 0; 3336 } 3337 3338 EXPORT_SYMBOL(tty_unregister_driver); 3339 3340 dev_t tty_devnum(struct tty_struct *tty) 3341 { 3342 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3343 } 3344 EXPORT_SYMBOL(tty_devnum); 3345 3346 void proc_clear_tty(struct task_struct *p) 3347 { 3348 unsigned long flags; 3349 struct tty_struct *tty; 3350 spin_lock_irqsave(&p->sighand->siglock, flags); 3351 tty = p->signal->tty; 3352 p->signal->tty = NULL; 3353 spin_unlock_irqrestore(&p->sighand->siglock, flags); 3354 tty_kref_put(tty); 3355 } 3356 3357 /* Called under the sighand lock */ 3358 3359 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty) 3360 { 3361 if (tty) { 3362 unsigned long flags; 3363 /* We should not have a session or pgrp to put here but.... */ 3364 spin_lock_irqsave(&tty->ctrl_lock, flags); 3365 put_pid(tty->session); 3366 put_pid(tty->pgrp); 3367 tty->pgrp = get_pid(task_pgrp(tsk)); 3368 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 3369 tty->session = get_pid(task_session(tsk)); 3370 if (tsk->signal->tty) { 3371 printk(KERN_DEBUG "tty not NULL!!\n"); 3372 tty_kref_put(tsk->signal->tty); 3373 } 3374 } 3375 put_pid(tsk->signal->tty_old_pgrp); 3376 tsk->signal->tty = tty_kref_get(tty); 3377 tsk->signal->tty_old_pgrp = NULL; 3378 } 3379 3380 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty) 3381 { 3382 spin_lock_irq(&tsk->sighand->siglock); 3383 __proc_set_tty(tsk, tty); 3384 spin_unlock_irq(&tsk->sighand->siglock); 3385 } 3386 3387 struct tty_struct *get_current_tty(void) 3388 { 3389 struct tty_struct *tty; 3390 unsigned long flags; 3391 3392 spin_lock_irqsave(¤t->sighand->siglock, flags); 3393 tty = tty_kref_get(current->signal->tty); 3394 spin_unlock_irqrestore(¤t->sighand->siglock, flags); 3395 return tty; 3396 } 3397 EXPORT_SYMBOL_GPL(get_current_tty); 3398 3399 void tty_default_fops(struct file_operations *fops) 3400 { 3401 *fops = tty_fops; 3402 } 3403 3404 /* 3405 * Initialize the console device. This is called *early*, so 3406 * we can't necessarily depend on lots of kernel help here. 3407 * Just do some early initializations, and do the complex setup 3408 * later. 3409 */ 3410 void __init console_init(void) 3411 { 3412 initcall_t *call; 3413 3414 /* Setup the default TTY line discipline. */ 3415 tty_ldisc_begin(); 3416 3417 /* 3418 * set up the console device so that later boot sequences can 3419 * inform about problems etc.. 3420 */ 3421 call = __con_initcall_start; 3422 while (call < __con_initcall_end) { 3423 (*call)(); 3424 call++; 3425 } 3426 } 3427 3428 static char *tty_devnode(struct device *dev, umode_t *mode) 3429 { 3430 if (!mode) 3431 return NULL; 3432 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3433 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3434 *mode = 0666; 3435 return NULL; 3436 } 3437 3438 static int __init tty_class_init(void) 3439 { 3440 tty_class = class_create(THIS_MODULE, "tty"); 3441 if (IS_ERR(tty_class)) 3442 return PTR_ERR(tty_class); 3443 tty_class->devnode = tty_devnode; 3444 return 0; 3445 } 3446 3447 postcore_initcall(tty_class_init); 3448 3449 /* 3/2004 jmc: why do these devices exist? */ 3450 static struct cdev tty_cdev, console_cdev; 3451 3452 static ssize_t show_cons_active(struct device *dev, 3453 struct device_attribute *attr, char *buf) 3454 { 3455 struct console *cs[16]; 3456 int i = 0; 3457 struct console *c; 3458 ssize_t count = 0; 3459 3460 console_lock(); 3461 for_each_console(c) { 3462 if (!c->device) 3463 continue; 3464 if (!c->write) 3465 continue; 3466 if ((c->flags & CON_ENABLED) == 0) 3467 continue; 3468 cs[i++] = c; 3469 if (i >= ARRAY_SIZE(cs)) 3470 break; 3471 } 3472 while (i--) 3473 count += sprintf(buf + count, "%s%d%c", 3474 cs[i]->name, cs[i]->index, i ? ' ':'\n'); 3475 console_unlock(); 3476 3477 return count; 3478 } 3479 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3480 3481 static struct device *consdev; 3482 3483 void console_sysfs_notify(void) 3484 { 3485 if (consdev) 3486 sysfs_notify(&consdev->kobj, NULL, "active"); 3487 } 3488 3489 /* 3490 * Ok, now we can initialize the rest of the tty devices and can count 3491 * on memory allocations, interrupts etc.. 3492 */ 3493 int __init tty_init(void) 3494 { 3495 cdev_init(&tty_cdev, &tty_fops); 3496 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3497 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3498 panic("Couldn't register /dev/tty driver\n"); 3499 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3500 3501 cdev_init(&console_cdev, &console_fops); 3502 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3503 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3504 panic("Couldn't register /dev/console driver\n"); 3505 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL, 3506 "console"); 3507 if (IS_ERR(consdev)) 3508 consdev = NULL; 3509 else 3510 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0); 3511 3512 #ifdef CONFIG_VT 3513 vty_init(&console_fops); 3514 #endif 3515 return 0; 3516 } 3517 3518