1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 /* 7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 8 * or rs-channels. It also implements echoing, cooked mode etc. 9 * 10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 11 * 12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 13 * tty_struct and tty_queue structures. Previously there was an array 14 * of 256 tty_struct's which was statically allocated, and the 15 * tty_queue structures were allocated at boot time. Both are now 16 * dynamically allocated only when the tty is open. 17 * 18 * Also restructured routines so that there is more of a separation 19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 20 * the low-level tty routines (serial.c, pty.c, console.c). This 21 * makes for cleaner and more compact code. -TYT, 9/17/92 22 * 23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 24 * which can be dynamically activated and de-activated by the line 25 * discipline handling modules (like SLIP). 26 * 27 * NOTE: pay no attention to the line discipline code (yet); its 28 * interface is still subject to change in this version... 29 * -- TYT, 1/31/92 30 * 31 * Added functionality to the OPOST tty handling. No delays, but all 32 * other bits should be there. 33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 34 * 35 * Rewrote canonical mode and added more termios flags. 36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 37 * 38 * Reorganized FASYNC support so mouse code can share it. 39 * -- ctm@ardi.com, 9Sep95 40 * 41 * New TIOCLINUX variants added. 42 * -- mj@k332.feld.cvut.cz, 19-Nov-95 43 * 44 * Restrict vt switching via ioctl() 45 * -- grif@cs.ucr.edu, 5-Dec-95 46 * 47 * Move console and virtual terminal code to more appropriate files, 48 * implement CONFIG_VT and generalize console device interface. 49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 50 * 51 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 52 * -- Bill Hawes <whawes@star.net>, June 97 53 * 54 * Added devfs support. 55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 56 * 57 * Added support for a Unix98-style ptmx device. 58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 59 * 60 * Reduced memory usage for older ARM systems 61 * -- Russell King <rmk@arm.linux.org.uk> 62 * 63 * Move do_SAK() into process context. Less stack use in devfs functions. 64 * alloc_tty_struct() always uses kmalloc() 65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 66 */ 67 68 #include <linux/types.h> 69 #include <linux/major.h> 70 #include <linux/errno.h> 71 #include <linux/signal.h> 72 #include <linux/fcntl.h> 73 #include <linux/sched/signal.h> 74 #include <linux/sched/task.h> 75 #include <linux/interrupt.h> 76 #include <linux/tty.h> 77 #include <linux/tty_driver.h> 78 #include <linux/tty_flip.h> 79 #include <linux/devpts_fs.h> 80 #include <linux/file.h> 81 #include <linux/fdtable.h> 82 #include <linux/console.h> 83 #include <linux/timer.h> 84 #include <linux/ctype.h> 85 #include <linux/kd.h> 86 #include <linux/mm.h> 87 #include <linux/string.h> 88 #include <linux/slab.h> 89 #include <linux/poll.h> 90 #include <linux/proc_fs.h> 91 #include <linux/init.h> 92 #include <linux/module.h> 93 #include <linux/device.h> 94 #include <linux/wait.h> 95 #include <linux/bitops.h> 96 #include <linux/delay.h> 97 #include <linux/seq_file.h> 98 #include <linux/serial.h> 99 #include <linux/ratelimit.h> 100 #include <linux/compat.h> 101 102 #include <linux/uaccess.h> 103 104 #include <linux/kbd_kern.h> 105 #include <linux/vt_kern.h> 106 #include <linux/selection.h> 107 108 #include <linux/kmod.h> 109 #include <linux/nsproxy.h> 110 111 #undef TTY_DEBUG_HANGUP 112 #ifdef TTY_DEBUG_HANGUP 113 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 114 #else 115 # define tty_debug_hangup(tty, f, args...) do { } while (0) 116 #endif 117 118 #define TTY_PARANOIA_CHECK 1 119 #define CHECK_TTY_COUNT 1 120 121 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 122 .c_iflag = ICRNL | IXON, 123 .c_oflag = OPOST | ONLCR, 124 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 125 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 126 ECHOCTL | ECHOKE | IEXTEN, 127 .c_cc = INIT_C_CC, 128 .c_ispeed = 38400, 129 .c_ospeed = 38400, 130 /* .c_line = N_TTY, */ 131 }; 132 133 EXPORT_SYMBOL(tty_std_termios); 134 135 /* This list gets poked at by procfs and various bits of boot up code. This 136 could do with some rationalisation such as pulling the tty proc function 137 into this file */ 138 139 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 140 141 /* Mutex to protect creating and releasing a tty */ 142 DEFINE_MUTEX(tty_mutex); 143 144 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 145 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); 146 ssize_t redirected_tty_write(struct file *, const char __user *, 147 size_t, loff_t *); 148 static __poll_t tty_poll(struct file *, poll_table *); 149 static int tty_open(struct inode *, struct file *); 150 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 151 #ifdef CONFIG_COMPAT 152 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 153 unsigned long arg); 154 #else 155 #define tty_compat_ioctl NULL 156 #endif 157 static int __tty_fasync(int fd, struct file *filp, int on); 158 static int tty_fasync(int fd, struct file *filp, int on); 159 static void release_tty(struct tty_struct *tty, int idx); 160 161 /** 162 * free_tty_struct - free a disused tty 163 * @tty: tty struct to free 164 * 165 * Free the write buffers, tty queue and tty memory itself. 166 * 167 * Locking: none. Must be called after tty is definitely unused 168 */ 169 170 static void free_tty_struct(struct tty_struct *tty) 171 { 172 tty_ldisc_deinit(tty); 173 put_device(tty->dev); 174 kfree(tty->write_buf); 175 tty->magic = 0xDEADDEAD; 176 kfree(tty); 177 } 178 179 static inline struct tty_struct *file_tty(struct file *file) 180 { 181 return ((struct tty_file_private *)file->private_data)->tty; 182 } 183 184 int tty_alloc_file(struct file *file) 185 { 186 struct tty_file_private *priv; 187 188 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 189 if (!priv) 190 return -ENOMEM; 191 192 file->private_data = priv; 193 194 return 0; 195 } 196 197 /* Associate a new file with the tty structure */ 198 void tty_add_file(struct tty_struct *tty, struct file *file) 199 { 200 struct tty_file_private *priv = file->private_data; 201 202 priv->tty = tty; 203 priv->file = file; 204 205 spin_lock(&tty->files_lock); 206 list_add(&priv->list, &tty->tty_files); 207 spin_unlock(&tty->files_lock); 208 } 209 210 /** 211 * tty_free_file - free file->private_data 212 * 213 * This shall be used only for fail path handling when tty_add_file was not 214 * called yet. 215 */ 216 void tty_free_file(struct file *file) 217 { 218 struct tty_file_private *priv = file->private_data; 219 220 file->private_data = NULL; 221 kfree(priv); 222 } 223 224 /* Delete file from its tty */ 225 static void tty_del_file(struct file *file) 226 { 227 struct tty_file_private *priv = file->private_data; 228 struct tty_struct *tty = priv->tty; 229 230 spin_lock(&tty->files_lock); 231 list_del(&priv->list); 232 spin_unlock(&tty->files_lock); 233 tty_free_file(file); 234 } 235 236 /** 237 * tty_name - return tty naming 238 * @tty: tty structure 239 * 240 * Convert a tty structure into a name. The name reflects the kernel 241 * naming policy and if udev is in use may not reflect user space 242 * 243 * Locking: none 244 */ 245 246 const char *tty_name(const struct tty_struct *tty) 247 { 248 if (!tty) /* Hmm. NULL pointer. That's fun. */ 249 return "NULL tty"; 250 return tty->name; 251 } 252 253 EXPORT_SYMBOL(tty_name); 254 255 const char *tty_driver_name(const struct tty_struct *tty) 256 { 257 if (!tty || !tty->driver) 258 return ""; 259 return tty->driver->name; 260 } 261 262 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 263 const char *routine) 264 { 265 #ifdef TTY_PARANOIA_CHECK 266 if (!tty) { 267 pr_warn("(%d:%d): %s: NULL tty\n", 268 imajor(inode), iminor(inode), routine); 269 return 1; 270 } 271 if (tty->magic != TTY_MAGIC) { 272 pr_warn("(%d:%d): %s: bad magic number\n", 273 imajor(inode), iminor(inode), routine); 274 return 1; 275 } 276 #endif 277 return 0; 278 } 279 280 /* Caller must hold tty_lock */ 281 static int check_tty_count(struct tty_struct *tty, const char *routine) 282 { 283 #ifdef CHECK_TTY_COUNT 284 struct list_head *p; 285 int count = 0, kopen_count = 0; 286 287 spin_lock(&tty->files_lock); 288 list_for_each(p, &tty->tty_files) { 289 count++; 290 } 291 spin_unlock(&tty->files_lock); 292 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 293 tty->driver->subtype == PTY_TYPE_SLAVE && 294 tty->link && tty->link->count) 295 count++; 296 if (tty_port_kopened(tty->port)) 297 kopen_count++; 298 if (tty->count != (count + kopen_count)) { 299 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n", 300 routine, tty->count, count, kopen_count); 301 return (count + kopen_count); 302 } 303 #endif 304 return 0; 305 } 306 307 /** 308 * get_tty_driver - find device of a tty 309 * @dev_t: device identifier 310 * @index: returns the index of the tty 311 * 312 * This routine returns a tty driver structure, given a device number 313 * and also passes back the index number. 314 * 315 * Locking: caller must hold tty_mutex 316 */ 317 318 static struct tty_driver *get_tty_driver(dev_t device, int *index) 319 { 320 struct tty_driver *p; 321 322 list_for_each_entry(p, &tty_drivers, tty_drivers) { 323 dev_t base = MKDEV(p->major, p->minor_start); 324 if (device < base || device >= base + p->num) 325 continue; 326 *index = device - base; 327 return tty_driver_kref_get(p); 328 } 329 return NULL; 330 } 331 332 /** 333 * tty_dev_name_to_number - return dev_t for device name 334 * @name: user space name of device under /dev 335 * @number: pointer to dev_t that this function will populate 336 * 337 * This function converts device names like ttyS0 or ttyUSB1 into dev_t 338 * like (4, 64) or (188, 1). If no corresponding driver is registered then 339 * the function returns -ENODEV. 340 * 341 * Locking: this acquires tty_mutex to protect the tty_drivers list from 342 * being modified while we are traversing it, and makes sure to 343 * release it before exiting. 344 */ 345 int tty_dev_name_to_number(const char *name, dev_t *number) 346 { 347 struct tty_driver *p; 348 int ret; 349 int index, prefix_length = 0; 350 const char *str; 351 352 for (str = name; *str && !isdigit(*str); str++) 353 ; 354 355 if (!*str) 356 return -EINVAL; 357 358 ret = kstrtoint(str, 10, &index); 359 if (ret) 360 return ret; 361 362 prefix_length = str - name; 363 mutex_lock(&tty_mutex); 364 365 list_for_each_entry(p, &tty_drivers, tty_drivers) 366 if (prefix_length == strlen(p->name) && strncmp(name, 367 p->name, prefix_length) == 0) { 368 if (index < p->num) { 369 *number = MKDEV(p->major, p->minor_start + index); 370 goto out; 371 } 372 } 373 374 /* if here then driver wasn't found */ 375 ret = -ENODEV; 376 out: 377 mutex_unlock(&tty_mutex); 378 return ret; 379 } 380 EXPORT_SYMBOL_GPL(tty_dev_name_to_number); 381 382 #ifdef CONFIG_CONSOLE_POLL 383 384 /** 385 * tty_find_polling_driver - find device of a polled tty 386 * @name: name string to match 387 * @line: pointer to resulting tty line nr 388 * 389 * This routine returns a tty driver structure, given a name 390 * and the condition that the tty driver is capable of polled 391 * operation. 392 */ 393 struct tty_driver *tty_find_polling_driver(char *name, int *line) 394 { 395 struct tty_driver *p, *res = NULL; 396 int tty_line = 0; 397 int len; 398 char *str, *stp; 399 400 for (str = name; *str; str++) 401 if ((*str >= '0' && *str <= '9') || *str == ',') 402 break; 403 if (!*str) 404 return NULL; 405 406 len = str - name; 407 tty_line = simple_strtoul(str, &str, 10); 408 409 mutex_lock(&tty_mutex); 410 /* Search through the tty devices to look for a match */ 411 list_for_each_entry(p, &tty_drivers, tty_drivers) { 412 if (strncmp(name, p->name, len) != 0) 413 continue; 414 stp = str; 415 if (*stp == ',') 416 stp++; 417 if (*stp == '\0') 418 stp = NULL; 419 420 if (tty_line >= 0 && tty_line < p->num && p->ops && 421 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 422 res = tty_driver_kref_get(p); 423 *line = tty_line; 424 break; 425 } 426 } 427 mutex_unlock(&tty_mutex); 428 429 return res; 430 } 431 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 432 #endif 433 434 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 435 size_t count, loff_t *ppos) 436 { 437 return 0; 438 } 439 440 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 441 size_t count, loff_t *ppos) 442 { 443 return -EIO; 444 } 445 446 /* No kernel lock held - none needed ;) */ 447 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait) 448 { 449 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM; 450 } 451 452 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 453 unsigned long arg) 454 { 455 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 456 } 457 458 static long hung_up_tty_compat_ioctl(struct file *file, 459 unsigned int cmd, unsigned long arg) 460 { 461 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 462 } 463 464 static int hung_up_tty_fasync(int fd, struct file *file, int on) 465 { 466 return -ENOTTY; 467 } 468 469 static void tty_show_fdinfo(struct seq_file *m, struct file *file) 470 { 471 struct tty_struct *tty = file_tty(file); 472 473 if (tty && tty->ops && tty->ops->show_fdinfo) 474 tty->ops->show_fdinfo(tty, m); 475 } 476 477 static const struct file_operations tty_fops = { 478 .llseek = no_llseek, 479 .read = tty_read, 480 .write = tty_write, 481 .poll = tty_poll, 482 .unlocked_ioctl = tty_ioctl, 483 .compat_ioctl = tty_compat_ioctl, 484 .open = tty_open, 485 .release = tty_release, 486 .fasync = tty_fasync, 487 .show_fdinfo = tty_show_fdinfo, 488 }; 489 490 static const struct file_operations console_fops = { 491 .llseek = no_llseek, 492 .read = tty_read, 493 .write = redirected_tty_write, 494 .poll = tty_poll, 495 .unlocked_ioctl = tty_ioctl, 496 .compat_ioctl = tty_compat_ioctl, 497 .open = tty_open, 498 .release = tty_release, 499 .fasync = tty_fasync, 500 }; 501 502 static const struct file_operations hung_up_tty_fops = { 503 .llseek = no_llseek, 504 .read = hung_up_tty_read, 505 .write = hung_up_tty_write, 506 .poll = hung_up_tty_poll, 507 .unlocked_ioctl = hung_up_tty_ioctl, 508 .compat_ioctl = hung_up_tty_compat_ioctl, 509 .release = tty_release, 510 .fasync = hung_up_tty_fasync, 511 }; 512 513 static DEFINE_SPINLOCK(redirect_lock); 514 static struct file *redirect; 515 516 /** 517 * tty_wakeup - request more data 518 * @tty: terminal 519 * 520 * Internal and external helper for wakeups of tty. This function 521 * informs the line discipline if present that the driver is ready 522 * to receive more output data. 523 */ 524 525 void tty_wakeup(struct tty_struct *tty) 526 { 527 struct tty_ldisc *ld; 528 529 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 530 ld = tty_ldisc_ref(tty); 531 if (ld) { 532 if (ld->ops->write_wakeup) 533 ld->ops->write_wakeup(tty); 534 tty_ldisc_deref(ld); 535 } 536 } 537 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 538 } 539 540 EXPORT_SYMBOL_GPL(tty_wakeup); 541 542 /** 543 * __tty_hangup - actual handler for hangup events 544 * @work: tty device 545 * 546 * This can be called by a "kworker" kernel thread. That is process 547 * synchronous but doesn't hold any locks, so we need to make sure we 548 * have the appropriate locks for what we're doing. 549 * 550 * The hangup event clears any pending redirections onto the hung up 551 * device. It ensures future writes will error and it does the needed 552 * line discipline hangup and signal delivery. The tty object itself 553 * remains intact. 554 * 555 * Locking: 556 * BTM 557 * redirect lock for undoing redirection 558 * file list lock for manipulating list of ttys 559 * tty_ldiscs_lock from called functions 560 * termios_rwsem resetting termios data 561 * tasklist_lock to walk task list for hangup event 562 * ->siglock to protect ->signal/->sighand 563 */ 564 static void __tty_hangup(struct tty_struct *tty, int exit_session) 565 { 566 struct file *cons_filp = NULL; 567 struct file *filp, *f = NULL; 568 struct tty_file_private *priv; 569 int closecount = 0, n; 570 int refs; 571 572 if (!tty) 573 return; 574 575 576 spin_lock(&redirect_lock); 577 if (redirect && file_tty(redirect) == tty) { 578 f = redirect; 579 redirect = NULL; 580 } 581 spin_unlock(&redirect_lock); 582 583 tty_lock(tty); 584 585 if (test_bit(TTY_HUPPED, &tty->flags)) { 586 tty_unlock(tty); 587 return; 588 } 589 590 /* 591 * Some console devices aren't actually hung up for technical and 592 * historical reasons, which can lead to indefinite interruptible 593 * sleep in n_tty_read(). The following explicitly tells 594 * n_tty_read() to abort readers. 595 */ 596 set_bit(TTY_HUPPING, &tty->flags); 597 598 /* inuse_filps is protected by the single tty lock, 599 this really needs to change if we want to flush the 600 workqueue with the lock held */ 601 check_tty_count(tty, "tty_hangup"); 602 603 spin_lock(&tty->files_lock); 604 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 605 list_for_each_entry(priv, &tty->tty_files, list) { 606 filp = priv->file; 607 if (filp->f_op->write == redirected_tty_write) 608 cons_filp = filp; 609 if (filp->f_op->write != tty_write) 610 continue; 611 closecount++; 612 __tty_fasync(-1, filp, 0); /* can't block */ 613 filp->f_op = &hung_up_tty_fops; 614 } 615 spin_unlock(&tty->files_lock); 616 617 refs = tty_signal_session_leader(tty, exit_session); 618 /* Account for the p->signal references we killed */ 619 while (refs--) 620 tty_kref_put(tty); 621 622 tty_ldisc_hangup(tty, cons_filp != NULL); 623 624 spin_lock_irq(&tty->ctrl_lock); 625 clear_bit(TTY_THROTTLED, &tty->flags); 626 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 627 put_pid(tty->session); 628 put_pid(tty->pgrp); 629 tty->session = NULL; 630 tty->pgrp = NULL; 631 tty->ctrl_status = 0; 632 spin_unlock_irq(&tty->ctrl_lock); 633 634 /* 635 * If one of the devices matches a console pointer, we 636 * cannot just call hangup() because that will cause 637 * tty->count and state->count to go out of sync. 638 * So we just call close() the right number of times. 639 */ 640 if (cons_filp) { 641 if (tty->ops->close) 642 for (n = 0; n < closecount; n++) 643 tty->ops->close(tty, cons_filp); 644 } else if (tty->ops->hangup) 645 tty->ops->hangup(tty); 646 /* 647 * We don't want to have driver/ldisc interactions beyond the ones 648 * we did here. The driver layer expects no calls after ->hangup() 649 * from the ldisc side, which is now guaranteed. 650 */ 651 set_bit(TTY_HUPPED, &tty->flags); 652 clear_bit(TTY_HUPPING, &tty->flags); 653 tty_unlock(tty); 654 655 if (f) 656 fput(f); 657 } 658 659 static void do_tty_hangup(struct work_struct *work) 660 { 661 struct tty_struct *tty = 662 container_of(work, struct tty_struct, hangup_work); 663 664 __tty_hangup(tty, 0); 665 } 666 667 /** 668 * tty_hangup - trigger a hangup event 669 * @tty: tty to hangup 670 * 671 * A carrier loss (virtual or otherwise) has occurred on this like 672 * schedule a hangup sequence to run after this event. 673 */ 674 675 void tty_hangup(struct tty_struct *tty) 676 { 677 tty_debug_hangup(tty, "hangup\n"); 678 schedule_work(&tty->hangup_work); 679 } 680 681 EXPORT_SYMBOL(tty_hangup); 682 683 /** 684 * tty_vhangup - process vhangup 685 * @tty: tty to hangup 686 * 687 * The user has asked via system call for the terminal to be hung up. 688 * We do this synchronously so that when the syscall returns the process 689 * is complete. That guarantee is necessary for security reasons. 690 */ 691 692 void tty_vhangup(struct tty_struct *tty) 693 { 694 tty_debug_hangup(tty, "vhangup\n"); 695 __tty_hangup(tty, 0); 696 } 697 698 EXPORT_SYMBOL(tty_vhangup); 699 700 701 /** 702 * tty_vhangup_self - process vhangup for own ctty 703 * 704 * Perform a vhangup on the current controlling tty 705 */ 706 707 void tty_vhangup_self(void) 708 { 709 struct tty_struct *tty; 710 711 tty = get_current_tty(); 712 if (tty) { 713 tty_vhangup(tty); 714 tty_kref_put(tty); 715 } 716 } 717 718 /** 719 * tty_vhangup_session - hangup session leader exit 720 * @tty: tty to hangup 721 * 722 * The session leader is exiting and hanging up its controlling terminal. 723 * Every process in the foreground process group is signalled SIGHUP. 724 * 725 * We do this synchronously so that when the syscall returns the process 726 * is complete. That guarantee is necessary for security reasons. 727 */ 728 729 void tty_vhangup_session(struct tty_struct *tty) 730 { 731 tty_debug_hangup(tty, "session hangup\n"); 732 __tty_hangup(tty, 1); 733 } 734 735 /** 736 * tty_hung_up_p - was tty hung up 737 * @filp: file pointer of tty 738 * 739 * Return true if the tty has been subject to a vhangup or a carrier 740 * loss 741 */ 742 743 int tty_hung_up_p(struct file *filp) 744 { 745 return (filp && filp->f_op == &hung_up_tty_fops); 746 } 747 748 EXPORT_SYMBOL(tty_hung_up_p); 749 750 /** 751 * stop_tty - propagate flow control 752 * @tty: tty to stop 753 * 754 * Perform flow control to the driver. May be called 755 * on an already stopped device and will not re-call the driver 756 * method. 757 * 758 * This functionality is used by both the line disciplines for 759 * halting incoming flow and by the driver. It may therefore be 760 * called from any context, may be under the tty atomic_write_lock 761 * but not always. 762 * 763 * Locking: 764 * flow_lock 765 */ 766 767 void __stop_tty(struct tty_struct *tty) 768 { 769 if (tty->stopped) 770 return; 771 tty->stopped = 1; 772 if (tty->ops->stop) 773 tty->ops->stop(tty); 774 } 775 776 void stop_tty(struct tty_struct *tty) 777 { 778 unsigned long flags; 779 780 spin_lock_irqsave(&tty->flow_lock, flags); 781 __stop_tty(tty); 782 spin_unlock_irqrestore(&tty->flow_lock, flags); 783 } 784 EXPORT_SYMBOL(stop_tty); 785 786 /** 787 * start_tty - propagate flow control 788 * @tty: tty to start 789 * 790 * Start a tty that has been stopped if at all possible. If this 791 * tty was previous stopped and is now being started, the driver 792 * start method is invoked and the line discipline woken. 793 * 794 * Locking: 795 * flow_lock 796 */ 797 798 void __start_tty(struct tty_struct *tty) 799 { 800 if (!tty->stopped || tty->flow_stopped) 801 return; 802 tty->stopped = 0; 803 if (tty->ops->start) 804 tty->ops->start(tty); 805 tty_wakeup(tty); 806 } 807 808 void start_tty(struct tty_struct *tty) 809 { 810 unsigned long flags; 811 812 spin_lock_irqsave(&tty->flow_lock, flags); 813 __start_tty(tty); 814 spin_unlock_irqrestore(&tty->flow_lock, flags); 815 } 816 EXPORT_SYMBOL(start_tty); 817 818 static void tty_update_time(struct timespec64 *time) 819 { 820 time64_t sec = ktime_get_real_seconds(); 821 822 /* 823 * We only care if the two values differ in anything other than the 824 * lower three bits (i.e every 8 seconds). If so, then we can update 825 * the time of the tty device, otherwise it could be construded as a 826 * security leak to let userspace know the exact timing of the tty. 827 */ 828 if ((sec ^ time->tv_sec) & ~7) 829 time->tv_sec = sec; 830 } 831 832 /** 833 * tty_read - read method for tty device files 834 * @file: pointer to tty file 835 * @buf: user buffer 836 * @count: size of user buffer 837 * @ppos: unused 838 * 839 * Perform the read system call function on this terminal device. Checks 840 * for hung up devices before calling the line discipline method. 841 * 842 * Locking: 843 * Locks the line discipline internally while needed. Multiple 844 * read calls may be outstanding in parallel. 845 */ 846 847 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 848 loff_t *ppos) 849 { 850 int i; 851 struct inode *inode = file_inode(file); 852 struct tty_struct *tty = file_tty(file); 853 struct tty_ldisc *ld; 854 855 if (tty_paranoia_check(tty, inode, "tty_read")) 856 return -EIO; 857 if (!tty || tty_io_error(tty)) 858 return -EIO; 859 860 /* We want to wait for the line discipline to sort out in this 861 situation */ 862 ld = tty_ldisc_ref_wait(tty); 863 if (!ld) 864 return hung_up_tty_read(file, buf, count, ppos); 865 if (ld->ops->read) 866 i = ld->ops->read(tty, file, buf, count); 867 else 868 i = -EIO; 869 tty_ldisc_deref(ld); 870 871 if (i > 0) 872 tty_update_time(&inode->i_atime); 873 874 return i; 875 } 876 877 static void tty_write_unlock(struct tty_struct *tty) 878 { 879 mutex_unlock(&tty->atomic_write_lock); 880 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 881 } 882 883 static int tty_write_lock(struct tty_struct *tty, int ndelay) 884 { 885 if (!mutex_trylock(&tty->atomic_write_lock)) { 886 if (ndelay) 887 return -EAGAIN; 888 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 889 return -ERESTARTSYS; 890 } 891 return 0; 892 } 893 894 /* 895 * Split writes up in sane blocksizes to avoid 896 * denial-of-service type attacks 897 */ 898 static inline ssize_t do_tty_write( 899 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 900 struct tty_struct *tty, 901 struct file *file, 902 const char __user *buf, 903 size_t count) 904 { 905 ssize_t ret, written = 0; 906 unsigned int chunk; 907 908 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 909 if (ret < 0) 910 return ret; 911 912 /* 913 * We chunk up writes into a temporary buffer. This 914 * simplifies low-level drivers immensely, since they 915 * don't have locking issues and user mode accesses. 916 * 917 * But if TTY_NO_WRITE_SPLIT is set, we should use a 918 * big chunk-size.. 919 * 920 * The default chunk-size is 2kB, because the NTTY 921 * layer has problems with bigger chunks. It will 922 * claim to be able to handle more characters than 923 * it actually does. 924 * 925 * FIXME: This can probably go away now except that 64K chunks 926 * are too likely to fail unless switched to vmalloc... 927 */ 928 chunk = 2048; 929 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 930 chunk = 65536; 931 if (count < chunk) 932 chunk = count; 933 934 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 935 if (tty->write_cnt < chunk) { 936 unsigned char *buf_chunk; 937 938 if (chunk < 1024) 939 chunk = 1024; 940 941 buf_chunk = kmalloc(chunk, GFP_KERNEL); 942 if (!buf_chunk) { 943 ret = -ENOMEM; 944 goto out; 945 } 946 kfree(tty->write_buf); 947 tty->write_cnt = chunk; 948 tty->write_buf = buf_chunk; 949 } 950 951 /* Do the write .. */ 952 for (;;) { 953 size_t size = count; 954 if (size > chunk) 955 size = chunk; 956 ret = -EFAULT; 957 if (copy_from_user(tty->write_buf, buf, size)) 958 break; 959 ret = write(tty, file, tty->write_buf, size); 960 if (ret <= 0) 961 break; 962 written += ret; 963 buf += ret; 964 count -= ret; 965 if (!count) 966 break; 967 ret = -ERESTARTSYS; 968 if (signal_pending(current)) 969 break; 970 cond_resched(); 971 } 972 if (written) { 973 tty_update_time(&file_inode(file)->i_mtime); 974 ret = written; 975 } 976 out: 977 tty_write_unlock(tty); 978 return ret; 979 } 980 981 /** 982 * tty_write_message - write a message to a certain tty, not just the console. 983 * @tty: the destination tty_struct 984 * @msg: the message to write 985 * 986 * This is used for messages that need to be redirected to a specific tty. 987 * We don't put it into the syslog queue right now maybe in the future if 988 * really needed. 989 * 990 * We must still hold the BTM and test the CLOSING flag for the moment. 991 */ 992 993 void tty_write_message(struct tty_struct *tty, char *msg) 994 { 995 if (tty) { 996 mutex_lock(&tty->atomic_write_lock); 997 tty_lock(tty); 998 if (tty->ops->write && tty->count > 0) 999 tty->ops->write(tty, msg, strlen(msg)); 1000 tty_unlock(tty); 1001 tty_write_unlock(tty); 1002 } 1003 return; 1004 } 1005 1006 1007 /** 1008 * tty_write - write method for tty device file 1009 * @file: tty file pointer 1010 * @buf: user data to write 1011 * @count: bytes to write 1012 * @ppos: unused 1013 * 1014 * Write data to a tty device via the line discipline. 1015 * 1016 * Locking: 1017 * Locks the line discipline as required 1018 * Writes to the tty driver are serialized by the atomic_write_lock 1019 * and are then processed in chunks to the device. The line discipline 1020 * write method will not be invoked in parallel for each device. 1021 */ 1022 1023 static ssize_t tty_write(struct file *file, const char __user *buf, 1024 size_t count, loff_t *ppos) 1025 { 1026 struct tty_struct *tty = file_tty(file); 1027 struct tty_ldisc *ld; 1028 ssize_t ret; 1029 1030 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1031 return -EIO; 1032 if (!tty || !tty->ops->write || tty_io_error(tty)) 1033 return -EIO; 1034 /* Short term debug to catch buggy drivers */ 1035 if (tty->ops->write_room == NULL) 1036 tty_err(tty, "missing write_room method\n"); 1037 ld = tty_ldisc_ref_wait(tty); 1038 if (!ld) 1039 return hung_up_tty_write(file, buf, count, ppos); 1040 if (!ld->ops->write) 1041 ret = -EIO; 1042 else 1043 ret = do_tty_write(ld->ops->write, tty, file, buf, count); 1044 tty_ldisc_deref(ld); 1045 return ret; 1046 } 1047 1048 ssize_t redirected_tty_write(struct file *file, const char __user *buf, 1049 size_t count, loff_t *ppos) 1050 { 1051 struct file *p = NULL; 1052 1053 spin_lock(&redirect_lock); 1054 if (redirect) 1055 p = get_file(redirect); 1056 spin_unlock(&redirect_lock); 1057 1058 if (p) { 1059 ssize_t res; 1060 res = vfs_write(p, buf, count, &p->f_pos); 1061 fput(p); 1062 return res; 1063 } 1064 return tty_write(file, buf, count, ppos); 1065 } 1066 1067 /** 1068 * tty_send_xchar - send priority character 1069 * 1070 * Send a high priority character to the tty even if stopped 1071 * 1072 * Locking: none for xchar method, write ordering for write method. 1073 */ 1074 1075 int tty_send_xchar(struct tty_struct *tty, char ch) 1076 { 1077 int was_stopped = tty->stopped; 1078 1079 if (tty->ops->send_xchar) { 1080 down_read(&tty->termios_rwsem); 1081 tty->ops->send_xchar(tty, ch); 1082 up_read(&tty->termios_rwsem); 1083 return 0; 1084 } 1085 1086 if (tty_write_lock(tty, 0) < 0) 1087 return -ERESTARTSYS; 1088 1089 down_read(&tty->termios_rwsem); 1090 if (was_stopped) 1091 start_tty(tty); 1092 tty->ops->write(tty, &ch, 1); 1093 if (was_stopped) 1094 stop_tty(tty); 1095 up_read(&tty->termios_rwsem); 1096 tty_write_unlock(tty); 1097 return 0; 1098 } 1099 1100 static char ptychar[] = "pqrstuvwxyzabcde"; 1101 1102 /** 1103 * pty_line_name - generate name for a pty 1104 * @driver: the tty driver in use 1105 * @index: the minor number 1106 * @p: output buffer of at least 6 bytes 1107 * 1108 * Generate a name from a driver reference and write it to the output 1109 * buffer. 1110 * 1111 * Locking: None 1112 */ 1113 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1114 { 1115 int i = index + driver->name_base; 1116 /* ->name is initialized to "ttyp", but "tty" is expected */ 1117 sprintf(p, "%s%c%x", 1118 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1119 ptychar[i >> 4 & 0xf], i & 0xf); 1120 } 1121 1122 /** 1123 * tty_line_name - generate name for a tty 1124 * @driver: the tty driver in use 1125 * @index: the minor number 1126 * @p: output buffer of at least 7 bytes 1127 * 1128 * Generate a name from a driver reference and write it to the output 1129 * buffer. 1130 * 1131 * Locking: None 1132 */ 1133 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1134 { 1135 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1136 return sprintf(p, "%s", driver->name); 1137 else 1138 return sprintf(p, "%s%d", driver->name, 1139 index + driver->name_base); 1140 } 1141 1142 /** 1143 * tty_driver_lookup_tty() - find an existing tty, if any 1144 * @driver: the driver for the tty 1145 * @idx: the minor number 1146 * 1147 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the 1148 * driver lookup() method returns an error. 1149 * 1150 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1151 */ 1152 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1153 struct file *file, int idx) 1154 { 1155 struct tty_struct *tty; 1156 1157 if (driver->ops->lookup) 1158 if (!file) 1159 tty = ERR_PTR(-EIO); 1160 else 1161 tty = driver->ops->lookup(driver, file, idx); 1162 else 1163 tty = driver->ttys[idx]; 1164 1165 if (!IS_ERR(tty)) 1166 tty_kref_get(tty); 1167 return tty; 1168 } 1169 1170 /** 1171 * tty_init_termios - helper for termios setup 1172 * @tty: the tty to set up 1173 * 1174 * Initialise the termios structures for this tty. Thus runs under 1175 * the tty_mutex currently so we can be relaxed about ordering. 1176 */ 1177 1178 void tty_init_termios(struct tty_struct *tty) 1179 { 1180 struct ktermios *tp; 1181 int idx = tty->index; 1182 1183 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1184 tty->termios = tty->driver->init_termios; 1185 else { 1186 /* Check for lazy saved data */ 1187 tp = tty->driver->termios[idx]; 1188 if (tp != NULL) { 1189 tty->termios = *tp; 1190 tty->termios.c_line = tty->driver->init_termios.c_line; 1191 } else 1192 tty->termios = tty->driver->init_termios; 1193 } 1194 /* Compatibility until drivers always set this */ 1195 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1196 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1197 } 1198 EXPORT_SYMBOL_GPL(tty_init_termios); 1199 1200 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1201 { 1202 tty_init_termios(tty); 1203 tty_driver_kref_get(driver); 1204 tty->count++; 1205 driver->ttys[tty->index] = tty; 1206 return 0; 1207 } 1208 EXPORT_SYMBOL_GPL(tty_standard_install); 1209 1210 /** 1211 * tty_driver_install_tty() - install a tty entry in the driver 1212 * @driver: the driver for the tty 1213 * @tty: the tty 1214 * 1215 * Install a tty object into the driver tables. The tty->index field 1216 * will be set by the time this is called. This method is responsible 1217 * for ensuring any need additional structures are allocated and 1218 * configured. 1219 * 1220 * Locking: tty_mutex for now 1221 */ 1222 static int tty_driver_install_tty(struct tty_driver *driver, 1223 struct tty_struct *tty) 1224 { 1225 return driver->ops->install ? driver->ops->install(driver, tty) : 1226 tty_standard_install(driver, tty); 1227 } 1228 1229 /** 1230 * tty_driver_remove_tty() - remove a tty from the driver tables 1231 * @driver: the driver for the tty 1232 * @idx: the minor number 1233 * 1234 * Remvoe a tty object from the driver tables. The tty->index field 1235 * will be set by the time this is called. 1236 * 1237 * Locking: tty_mutex for now 1238 */ 1239 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1240 { 1241 if (driver->ops->remove) 1242 driver->ops->remove(driver, tty); 1243 else 1244 driver->ttys[tty->index] = NULL; 1245 } 1246 1247 /* 1248 * tty_reopen() - fast re-open of an open tty 1249 * @tty - the tty to open 1250 * 1251 * Return 0 on success, -errno on error. 1252 * Re-opens on master ptys are not allowed and return -EIO. 1253 * 1254 * Locking: Caller must hold tty_lock 1255 */ 1256 static int tty_reopen(struct tty_struct *tty) 1257 { 1258 struct tty_driver *driver = tty->driver; 1259 1260 if (driver->type == TTY_DRIVER_TYPE_PTY && 1261 driver->subtype == PTY_TYPE_MASTER) 1262 return -EIO; 1263 1264 if (!tty->count) 1265 return -EAGAIN; 1266 1267 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1268 return -EBUSY; 1269 1270 tty->count++; 1271 1272 if (!tty->ldisc) 1273 return tty_ldisc_reinit(tty, tty->termios.c_line); 1274 1275 return 0; 1276 } 1277 1278 /** 1279 * tty_init_dev - initialise a tty device 1280 * @driver: tty driver we are opening a device on 1281 * @idx: device index 1282 * @ret_tty: returned tty structure 1283 * 1284 * Prepare a tty device. This may not be a "new" clean device but 1285 * could also be an active device. The pty drivers require special 1286 * handling because of this. 1287 * 1288 * Locking: 1289 * The function is called under the tty_mutex, which 1290 * protects us from the tty struct or driver itself going away. 1291 * 1292 * On exit the tty device has the line discipline attached and 1293 * a reference count of 1. If a pair was created for pty/tty use 1294 * and the other was a pty master then it too has a reference count of 1. 1295 * 1296 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1297 * failed open. The new code protects the open with a mutex, so it's 1298 * really quite straightforward. The mutex locking can probably be 1299 * relaxed for the (most common) case of reopening a tty. 1300 */ 1301 1302 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1303 { 1304 struct tty_struct *tty; 1305 int retval; 1306 1307 /* 1308 * First time open is complex, especially for PTY devices. 1309 * This code guarantees that either everything succeeds and the 1310 * TTY is ready for operation, or else the table slots are vacated 1311 * and the allocated memory released. (Except that the termios 1312 * may be retained.) 1313 */ 1314 1315 if (!try_module_get(driver->owner)) 1316 return ERR_PTR(-ENODEV); 1317 1318 tty = alloc_tty_struct(driver, idx); 1319 if (!tty) { 1320 retval = -ENOMEM; 1321 goto err_module_put; 1322 } 1323 1324 tty_lock(tty); 1325 retval = tty_driver_install_tty(driver, tty); 1326 if (retval < 0) 1327 goto err_free_tty; 1328 1329 if (!tty->port) 1330 tty->port = driver->ports[idx]; 1331 1332 WARN_RATELIMIT(!tty->port, 1333 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", 1334 __func__, tty->driver->name); 1335 1336 retval = tty_ldisc_lock(tty, 5 * HZ); 1337 if (retval) 1338 goto err_release_lock; 1339 tty->port->itty = tty; 1340 1341 /* 1342 * Structures all installed ... call the ldisc open routines. 1343 * If we fail here just call release_tty to clean up. No need 1344 * to decrement the use counts, as release_tty doesn't care. 1345 */ 1346 retval = tty_ldisc_setup(tty, tty->link); 1347 if (retval) 1348 goto err_release_tty; 1349 tty_ldisc_unlock(tty); 1350 /* Return the tty locked so that it cannot vanish under the caller */ 1351 return tty; 1352 1353 err_free_tty: 1354 tty_unlock(tty); 1355 free_tty_struct(tty); 1356 err_module_put: 1357 module_put(driver->owner); 1358 return ERR_PTR(retval); 1359 1360 /* call the tty release_tty routine to clean out this slot */ 1361 err_release_tty: 1362 tty_ldisc_unlock(tty); 1363 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", 1364 retval, idx); 1365 err_release_lock: 1366 tty_unlock(tty); 1367 release_tty(tty, idx); 1368 return ERR_PTR(retval); 1369 } 1370 1371 static void tty_free_termios(struct tty_struct *tty) 1372 { 1373 struct ktermios *tp; 1374 int idx = tty->index; 1375 1376 /* If the port is going to reset then it has no termios to save */ 1377 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1378 return; 1379 1380 /* Stash the termios data */ 1381 tp = tty->driver->termios[idx]; 1382 if (tp == NULL) { 1383 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL); 1384 if (tp == NULL) 1385 return; 1386 tty->driver->termios[idx] = tp; 1387 } 1388 *tp = tty->termios; 1389 } 1390 1391 /** 1392 * tty_flush_works - flush all works of a tty/pty pair 1393 * @tty: tty device to flush works for (or either end of a pty pair) 1394 * 1395 * Sync flush all works belonging to @tty (and the 'other' tty). 1396 */ 1397 static void tty_flush_works(struct tty_struct *tty) 1398 { 1399 flush_work(&tty->SAK_work); 1400 flush_work(&tty->hangup_work); 1401 if (tty->link) { 1402 flush_work(&tty->link->SAK_work); 1403 flush_work(&tty->link->hangup_work); 1404 } 1405 } 1406 1407 /** 1408 * release_one_tty - release tty structure memory 1409 * @kref: kref of tty we are obliterating 1410 * 1411 * Releases memory associated with a tty structure, and clears out the 1412 * driver table slots. This function is called when a device is no longer 1413 * in use. It also gets called when setup of a device fails. 1414 * 1415 * Locking: 1416 * takes the file list lock internally when working on the list 1417 * of ttys that the driver keeps. 1418 * 1419 * This method gets called from a work queue so that the driver private 1420 * cleanup ops can sleep (needed for USB at least) 1421 */ 1422 static void release_one_tty(struct work_struct *work) 1423 { 1424 struct tty_struct *tty = 1425 container_of(work, struct tty_struct, hangup_work); 1426 struct tty_driver *driver = tty->driver; 1427 struct module *owner = driver->owner; 1428 1429 if (tty->ops->cleanup) 1430 tty->ops->cleanup(tty); 1431 1432 tty->magic = 0; 1433 tty_driver_kref_put(driver); 1434 module_put(owner); 1435 1436 spin_lock(&tty->files_lock); 1437 list_del_init(&tty->tty_files); 1438 spin_unlock(&tty->files_lock); 1439 1440 put_pid(tty->pgrp); 1441 put_pid(tty->session); 1442 free_tty_struct(tty); 1443 } 1444 1445 static void queue_release_one_tty(struct kref *kref) 1446 { 1447 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1448 1449 /* The hangup queue is now free so we can reuse it rather than 1450 waste a chunk of memory for each port */ 1451 INIT_WORK(&tty->hangup_work, release_one_tty); 1452 schedule_work(&tty->hangup_work); 1453 } 1454 1455 /** 1456 * tty_kref_put - release a tty kref 1457 * @tty: tty device 1458 * 1459 * Release a reference to a tty device and if need be let the kref 1460 * layer destruct the object for us 1461 */ 1462 1463 void tty_kref_put(struct tty_struct *tty) 1464 { 1465 if (tty) 1466 kref_put(&tty->kref, queue_release_one_tty); 1467 } 1468 EXPORT_SYMBOL(tty_kref_put); 1469 1470 /** 1471 * release_tty - release tty structure memory 1472 * 1473 * Release both @tty and a possible linked partner (think pty pair), 1474 * and decrement the refcount of the backing module. 1475 * 1476 * Locking: 1477 * tty_mutex 1478 * takes the file list lock internally when working on the list 1479 * of ttys that the driver keeps. 1480 * 1481 */ 1482 static void release_tty(struct tty_struct *tty, int idx) 1483 { 1484 /* This should always be true but check for the moment */ 1485 WARN_ON(tty->index != idx); 1486 WARN_ON(!mutex_is_locked(&tty_mutex)); 1487 if (tty->ops->shutdown) 1488 tty->ops->shutdown(tty); 1489 tty_free_termios(tty); 1490 tty_driver_remove_tty(tty->driver, tty); 1491 tty->port->itty = NULL; 1492 if (tty->link) 1493 tty->link->port->itty = NULL; 1494 tty_buffer_cancel_work(tty->port); 1495 if (tty->link) 1496 tty_buffer_cancel_work(tty->link->port); 1497 1498 tty_kref_put(tty->link); 1499 tty_kref_put(tty); 1500 } 1501 1502 /** 1503 * tty_release_checks - check a tty before real release 1504 * @tty: tty to check 1505 * @o_tty: link of @tty (if any) 1506 * @idx: index of the tty 1507 * 1508 * Performs some paranoid checking before true release of the @tty. 1509 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1510 */ 1511 static int tty_release_checks(struct tty_struct *tty, int idx) 1512 { 1513 #ifdef TTY_PARANOIA_CHECK 1514 if (idx < 0 || idx >= tty->driver->num) { 1515 tty_debug(tty, "bad idx %d\n", idx); 1516 return -1; 1517 } 1518 1519 /* not much to check for devpts */ 1520 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1521 return 0; 1522 1523 if (tty != tty->driver->ttys[idx]) { 1524 tty_debug(tty, "bad driver table[%d] = %p\n", 1525 idx, tty->driver->ttys[idx]); 1526 return -1; 1527 } 1528 if (tty->driver->other) { 1529 struct tty_struct *o_tty = tty->link; 1530 1531 if (o_tty != tty->driver->other->ttys[idx]) { 1532 tty_debug(tty, "bad other table[%d] = %p\n", 1533 idx, tty->driver->other->ttys[idx]); 1534 return -1; 1535 } 1536 if (o_tty->link != tty) { 1537 tty_debug(tty, "bad link = %p\n", o_tty->link); 1538 return -1; 1539 } 1540 } 1541 #endif 1542 return 0; 1543 } 1544 1545 /** 1546 * tty_kclose - closes tty opened by tty_kopen 1547 * @tty: tty device 1548 * 1549 * Performs the final steps to release and free a tty device. It is the 1550 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED 1551 * flag on tty->port. 1552 */ 1553 void tty_kclose(struct tty_struct *tty) 1554 { 1555 /* 1556 * Ask the line discipline code to release its structures 1557 */ 1558 tty_ldisc_release(tty); 1559 1560 /* Wait for pending work before tty destruction commmences */ 1561 tty_flush_works(tty); 1562 1563 tty_debug_hangup(tty, "freeing structure\n"); 1564 /* 1565 * The release_tty function takes care of the details of clearing 1566 * the slots and preserving the termios structure. The tty_unlock_pair 1567 * should be safe as we keep a kref while the tty is locked (so the 1568 * unlock never unlocks a freed tty). 1569 */ 1570 mutex_lock(&tty_mutex); 1571 tty_port_set_kopened(tty->port, 0); 1572 release_tty(tty, tty->index); 1573 mutex_unlock(&tty_mutex); 1574 } 1575 EXPORT_SYMBOL_GPL(tty_kclose); 1576 1577 /** 1578 * tty_release_struct - release a tty struct 1579 * @tty: tty device 1580 * @idx: index of the tty 1581 * 1582 * Performs the final steps to release and free a tty device. It is 1583 * roughly the reverse of tty_init_dev. 1584 */ 1585 void tty_release_struct(struct tty_struct *tty, int idx) 1586 { 1587 /* 1588 * Ask the line discipline code to release its structures 1589 */ 1590 tty_ldisc_release(tty); 1591 1592 /* Wait for pending work before tty destruction commmences */ 1593 tty_flush_works(tty); 1594 1595 tty_debug_hangup(tty, "freeing structure\n"); 1596 /* 1597 * The release_tty function takes care of the details of clearing 1598 * the slots and preserving the termios structure. The tty_unlock_pair 1599 * should be safe as we keep a kref while the tty is locked (so the 1600 * unlock never unlocks a freed tty). 1601 */ 1602 mutex_lock(&tty_mutex); 1603 release_tty(tty, idx); 1604 mutex_unlock(&tty_mutex); 1605 } 1606 EXPORT_SYMBOL_GPL(tty_release_struct); 1607 1608 /** 1609 * tty_release - vfs callback for close 1610 * @inode: inode of tty 1611 * @filp: file pointer for handle to tty 1612 * 1613 * Called the last time each file handle is closed that references 1614 * this tty. There may however be several such references. 1615 * 1616 * Locking: 1617 * Takes bkl. See tty_release_dev 1618 * 1619 * Even releasing the tty structures is a tricky business.. We have 1620 * to be very careful that the structures are all released at the 1621 * same time, as interrupts might otherwise get the wrong pointers. 1622 * 1623 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1624 * lead to double frees or releasing memory still in use. 1625 */ 1626 1627 int tty_release(struct inode *inode, struct file *filp) 1628 { 1629 struct tty_struct *tty = file_tty(filp); 1630 struct tty_struct *o_tty = NULL; 1631 int do_sleep, final; 1632 int idx; 1633 long timeout = 0; 1634 int once = 1; 1635 1636 if (tty_paranoia_check(tty, inode, __func__)) 1637 return 0; 1638 1639 tty_lock(tty); 1640 check_tty_count(tty, __func__); 1641 1642 __tty_fasync(-1, filp, 0); 1643 1644 idx = tty->index; 1645 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1646 tty->driver->subtype == PTY_TYPE_MASTER) 1647 o_tty = tty->link; 1648 1649 if (tty_release_checks(tty, idx)) { 1650 tty_unlock(tty); 1651 return 0; 1652 } 1653 1654 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count); 1655 1656 if (tty->ops->close) 1657 tty->ops->close(tty, filp); 1658 1659 /* If tty is pty master, lock the slave pty (stable lock order) */ 1660 tty_lock_slave(o_tty); 1661 1662 /* 1663 * Sanity check: if tty->count is going to zero, there shouldn't be 1664 * any waiters on tty->read_wait or tty->write_wait. We test the 1665 * wait queues and kick everyone out _before_ actually starting to 1666 * close. This ensures that we won't block while releasing the tty 1667 * structure. 1668 * 1669 * The test for the o_tty closing is necessary, since the master and 1670 * slave sides may close in any order. If the slave side closes out 1671 * first, its count will be one, since the master side holds an open. 1672 * Thus this test wouldn't be triggered at the time the slave closed, 1673 * so we do it now. 1674 */ 1675 while (1) { 1676 do_sleep = 0; 1677 1678 if (tty->count <= 1) { 1679 if (waitqueue_active(&tty->read_wait)) { 1680 wake_up_poll(&tty->read_wait, EPOLLIN); 1681 do_sleep++; 1682 } 1683 if (waitqueue_active(&tty->write_wait)) { 1684 wake_up_poll(&tty->write_wait, EPOLLOUT); 1685 do_sleep++; 1686 } 1687 } 1688 if (o_tty && o_tty->count <= 1) { 1689 if (waitqueue_active(&o_tty->read_wait)) { 1690 wake_up_poll(&o_tty->read_wait, EPOLLIN); 1691 do_sleep++; 1692 } 1693 if (waitqueue_active(&o_tty->write_wait)) { 1694 wake_up_poll(&o_tty->write_wait, EPOLLOUT); 1695 do_sleep++; 1696 } 1697 } 1698 if (!do_sleep) 1699 break; 1700 1701 if (once) { 1702 once = 0; 1703 tty_warn(tty, "read/write wait queue active!\n"); 1704 } 1705 schedule_timeout_killable(timeout); 1706 if (timeout < 120 * HZ) 1707 timeout = 2 * timeout + 1; 1708 else 1709 timeout = MAX_SCHEDULE_TIMEOUT; 1710 } 1711 1712 if (o_tty) { 1713 if (--o_tty->count < 0) { 1714 tty_warn(tty, "bad slave count (%d)\n", o_tty->count); 1715 o_tty->count = 0; 1716 } 1717 } 1718 if (--tty->count < 0) { 1719 tty_warn(tty, "bad tty->count (%d)\n", tty->count); 1720 tty->count = 0; 1721 } 1722 1723 /* 1724 * We've decremented tty->count, so we need to remove this file 1725 * descriptor off the tty->tty_files list; this serves two 1726 * purposes: 1727 * - check_tty_count sees the correct number of file descriptors 1728 * associated with this tty. 1729 * - do_tty_hangup no longer sees this file descriptor as 1730 * something that needs to be handled for hangups. 1731 */ 1732 tty_del_file(filp); 1733 1734 /* 1735 * Perform some housekeeping before deciding whether to return. 1736 * 1737 * If _either_ side is closing, make sure there aren't any 1738 * processes that still think tty or o_tty is their controlling 1739 * tty. 1740 */ 1741 if (!tty->count) { 1742 read_lock(&tasklist_lock); 1743 session_clear_tty(tty->session); 1744 if (o_tty) 1745 session_clear_tty(o_tty->session); 1746 read_unlock(&tasklist_lock); 1747 } 1748 1749 /* check whether both sides are closing ... */ 1750 final = !tty->count && !(o_tty && o_tty->count); 1751 1752 tty_unlock_slave(o_tty); 1753 tty_unlock(tty); 1754 1755 /* At this point, the tty->count == 0 should ensure a dead tty 1756 cannot be re-opened by a racing opener */ 1757 1758 if (!final) 1759 return 0; 1760 1761 tty_debug_hangup(tty, "final close\n"); 1762 1763 tty_release_struct(tty, idx); 1764 return 0; 1765 } 1766 1767 /** 1768 * tty_open_current_tty - get locked tty of current task 1769 * @device: device number 1770 * @filp: file pointer to tty 1771 * @return: locked tty of the current task iff @device is /dev/tty 1772 * 1773 * Performs a re-open of the current task's controlling tty. 1774 * 1775 * We cannot return driver and index like for the other nodes because 1776 * devpts will not work then. It expects inodes to be from devpts FS. 1777 */ 1778 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1779 { 1780 struct tty_struct *tty; 1781 int retval; 1782 1783 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1784 return NULL; 1785 1786 tty = get_current_tty(); 1787 if (!tty) 1788 return ERR_PTR(-ENXIO); 1789 1790 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1791 /* noctty = 1; */ 1792 tty_lock(tty); 1793 tty_kref_put(tty); /* safe to drop the kref now */ 1794 1795 retval = tty_reopen(tty); 1796 if (retval < 0) { 1797 tty_unlock(tty); 1798 tty = ERR_PTR(retval); 1799 } 1800 return tty; 1801 } 1802 1803 /** 1804 * tty_lookup_driver - lookup a tty driver for a given device file 1805 * @device: device number 1806 * @filp: file pointer to tty 1807 * @index: index for the device in the @return driver 1808 * @return: driver for this inode (with increased refcount) 1809 * 1810 * If @return is not erroneous, the caller is responsible to decrement the 1811 * refcount by tty_driver_kref_put. 1812 * 1813 * Locking: tty_mutex protects get_tty_driver 1814 */ 1815 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1816 int *index) 1817 { 1818 struct tty_driver *driver; 1819 1820 switch (device) { 1821 #ifdef CONFIG_VT 1822 case MKDEV(TTY_MAJOR, 0): { 1823 extern struct tty_driver *console_driver; 1824 driver = tty_driver_kref_get(console_driver); 1825 *index = fg_console; 1826 break; 1827 } 1828 #endif 1829 case MKDEV(TTYAUX_MAJOR, 1): { 1830 struct tty_driver *console_driver = console_device(index); 1831 if (console_driver) { 1832 driver = tty_driver_kref_get(console_driver); 1833 if (driver && filp) { 1834 /* Don't let /dev/console block */ 1835 filp->f_flags |= O_NONBLOCK; 1836 break; 1837 } 1838 } 1839 return ERR_PTR(-ENODEV); 1840 } 1841 default: 1842 driver = get_tty_driver(device, index); 1843 if (!driver) 1844 return ERR_PTR(-ENODEV); 1845 break; 1846 } 1847 return driver; 1848 } 1849 1850 /** 1851 * tty_kopen - open a tty device for kernel 1852 * @device: dev_t of device to open 1853 * 1854 * Opens tty exclusively for kernel. Performs the driver lookup, 1855 * makes sure it's not already opened and performs the first-time 1856 * tty initialization. 1857 * 1858 * Returns the locked initialized &tty_struct 1859 * 1860 * Claims the global tty_mutex to serialize: 1861 * - concurrent first-time tty initialization 1862 * - concurrent tty driver removal w/ lookup 1863 * - concurrent tty removal from driver table 1864 */ 1865 struct tty_struct *tty_kopen(dev_t device) 1866 { 1867 struct tty_struct *tty; 1868 struct tty_driver *driver = NULL; 1869 int index = -1; 1870 1871 mutex_lock(&tty_mutex); 1872 driver = tty_lookup_driver(device, NULL, &index); 1873 if (IS_ERR(driver)) { 1874 mutex_unlock(&tty_mutex); 1875 return ERR_CAST(driver); 1876 } 1877 1878 /* check whether we're reopening an existing tty */ 1879 tty = tty_driver_lookup_tty(driver, NULL, index); 1880 if (IS_ERR(tty)) 1881 goto out; 1882 1883 if (tty) { 1884 /* drop kref from tty_driver_lookup_tty() */ 1885 tty_kref_put(tty); 1886 tty = ERR_PTR(-EBUSY); 1887 } else { /* tty_init_dev returns tty with the tty_lock held */ 1888 tty = tty_init_dev(driver, index); 1889 if (IS_ERR(tty)) 1890 goto out; 1891 tty_port_set_kopened(tty->port, 1); 1892 } 1893 out: 1894 mutex_unlock(&tty_mutex); 1895 tty_driver_kref_put(driver); 1896 return tty; 1897 } 1898 EXPORT_SYMBOL_GPL(tty_kopen); 1899 1900 /** 1901 * tty_open_by_driver - open a tty device 1902 * @device: dev_t of device to open 1903 * @inode: inode of device file 1904 * @filp: file pointer to tty 1905 * 1906 * Performs the driver lookup, checks for a reopen, or otherwise 1907 * performs the first-time tty initialization. 1908 * 1909 * Returns the locked initialized or re-opened &tty_struct 1910 * 1911 * Claims the global tty_mutex to serialize: 1912 * - concurrent first-time tty initialization 1913 * - concurrent tty driver removal w/ lookup 1914 * - concurrent tty removal from driver table 1915 */ 1916 static struct tty_struct *tty_open_by_driver(dev_t device, struct inode *inode, 1917 struct file *filp) 1918 { 1919 struct tty_struct *tty; 1920 struct tty_driver *driver = NULL; 1921 int index = -1; 1922 int retval; 1923 1924 mutex_lock(&tty_mutex); 1925 driver = tty_lookup_driver(device, filp, &index); 1926 if (IS_ERR(driver)) { 1927 mutex_unlock(&tty_mutex); 1928 return ERR_CAST(driver); 1929 } 1930 1931 /* check whether we're reopening an existing tty */ 1932 tty = tty_driver_lookup_tty(driver, filp, index); 1933 if (IS_ERR(tty)) { 1934 mutex_unlock(&tty_mutex); 1935 goto out; 1936 } 1937 1938 if (tty) { 1939 if (tty_port_kopened(tty->port)) { 1940 tty_kref_put(tty); 1941 mutex_unlock(&tty_mutex); 1942 tty = ERR_PTR(-EBUSY); 1943 goto out; 1944 } 1945 mutex_unlock(&tty_mutex); 1946 retval = tty_lock_interruptible(tty); 1947 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */ 1948 if (retval) { 1949 if (retval == -EINTR) 1950 retval = -ERESTARTSYS; 1951 tty = ERR_PTR(retval); 1952 goto out; 1953 } 1954 retval = tty_reopen(tty); 1955 if (retval < 0) { 1956 tty_unlock(tty); 1957 tty = ERR_PTR(retval); 1958 } 1959 } else { /* Returns with the tty_lock held for now */ 1960 tty = tty_init_dev(driver, index); 1961 mutex_unlock(&tty_mutex); 1962 } 1963 out: 1964 tty_driver_kref_put(driver); 1965 return tty; 1966 } 1967 1968 /** 1969 * tty_open - open a tty device 1970 * @inode: inode of device file 1971 * @filp: file pointer to tty 1972 * 1973 * tty_open and tty_release keep up the tty count that contains the 1974 * number of opens done on a tty. We cannot use the inode-count, as 1975 * different inodes might point to the same tty. 1976 * 1977 * Open-counting is needed for pty masters, as well as for keeping 1978 * track of serial lines: DTR is dropped when the last close happens. 1979 * (This is not done solely through tty->count, now. - Ted 1/27/92) 1980 * 1981 * The termios state of a pty is reset on first open so that 1982 * settings don't persist across reuse. 1983 * 1984 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 1985 * tty->count should protect the rest. 1986 * ->siglock protects ->signal/->sighand 1987 * 1988 * Note: the tty_unlock/lock cases without a ref are only safe due to 1989 * tty_mutex 1990 */ 1991 1992 static int tty_open(struct inode *inode, struct file *filp) 1993 { 1994 struct tty_struct *tty; 1995 int noctty, retval; 1996 dev_t device = inode->i_rdev; 1997 unsigned saved_flags = filp->f_flags; 1998 1999 nonseekable_open(inode, filp); 2000 2001 retry_open: 2002 retval = tty_alloc_file(filp); 2003 if (retval) 2004 return -ENOMEM; 2005 2006 tty = tty_open_current_tty(device, filp); 2007 if (!tty) 2008 tty = tty_open_by_driver(device, inode, filp); 2009 2010 if (IS_ERR(tty)) { 2011 tty_free_file(filp); 2012 retval = PTR_ERR(tty); 2013 if (retval != -EAGAIN || signal_pending(current)) 2014 return retval; 2015 schedule(); 2016 goto retry_open; 2017 } 2018 2019 tty_add_file(tty, filp); 2020 2021 check_tty_count(tty, __func__); 2022 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 2023 2024 if (tty->ops->open) 2025 retval = tty->ops->open(tty, filp); 2026 else 2027 retval = -ENODEV; 2028 filp->f_flags = saved_flags; 2029 2030 if (retval) { 2031 tty_debug_hangup(tty, "open error %d, releasing\n", retval); 2032 2033 tty_unlock(tty); /* need to call tty_release without BTM */ 2034 tty_release(inode, filp); 2035 if (retval != -ERESTARTSYS) 2036 return retval; 2037 2038 if (signal_pending(current)) 2039 return retval; 2040 2041 schedule(); 2042 /* 2043 * Need to reset f_op in case a hangup happened. 2044 */ 2045 if (tty_hung_up_p(filp)) 2046 filp->f_op = &tty_fops; 2047 goto retry_open; 2048 } 2049 clear_bit(TTY_HUPPED, &tty->flags); 2050 2051 noctty = (filp->f_flags & O_NOCTTY) || 2052 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) || 2053 device == MKDEV(TTYAUX_MAJOR, 1) || 2054 (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2055 tty->driver->subtype == PTY_TYPE_MASTER); 2056 if (!noctty) 2057 tty_open_proc_set_tty(filp, tty); 2058 tty_unlock(tty); 2059 return 0; 2060 } 2061 2062 2063 2064 /** 2065 * tty_poll - check tty status 2066 * @filp: file being polled 2067 * @wait: poll wait structures to update 2068 * 2069 * Call the line discipline polling method to obtain the poll 2070 * status of the device. 2071 * 2072 * Locking: locks called line discipline but ldisc poll method 2073 * may be re-entered freely by other callers. 2074 */ 2075 2076 static __poll_t tty_poll(struct file *filp, poll_table *wait) 2077 { 2078 struct tty_struct *tty = file_tty(filp); 2079 struct tty_ldisc *ld; 2080 __poll_t ret = 0; 2081 2082 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2083 return 0; 2084 2085 ld = tty_ldisc_ref_wait(tty); 2086 if (!ld) 2087 return hung_up_tty_poll(filp, wait); 2088 if (ld->ops->poll) 2089 ret = ld->ops->poll(tty, filp, wait); 2090 tty_ldisc_deref(ld); 2091 return ret; 2092 } 2093 2094 static int __tty_fasync(int fd, struct file *filp, int on) 2095 { 2096 struct tty_struct *tty = file_tty(filp); 2097 unsigned long flags; 2098 int retval = 0; 2099 2100 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2101 goto out; 2102 2103 retval = fasync_helper(fd, filp, on, &tty->fasync); 2104 if (retval <= 0) 2105 goto out; 2106 2107 if (on) { 2108 enum pid_type type; 2109 struct pid *pid; 2110 2111 spin_lock_irqsave(&tty->ctrl_lock, flags); 2112 if (tty->pgrp) { 2113 pid = tty->pgrp; 2114 type = PIDTYPE_PGID; 2115 } else { 2116 pid = task_pid(current); 2117 type = PIDTYPE_TGID; 2118 } 2119 get_pid(pid); 2120 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2121 __f_setown(filp, pid, type, 0); 2122 put_pid(pid); 2123 retval = 0; 2124 } 2125 out: 2126 return retval; 2127 } 2128 2129 static int tty_fasync(int fd, struct file *filp, int on) 2130 { 2131 struct tty_struct *tty = file_tty(filp); 2132 int retval = -ENOTTY; 2133 2134 tty_lock(tty); 2135 if (!tty_hung_up_p(filp)) 2136 retval = __tty_fasync(fd, filp, on); 2137 tty_unlock(tty); 2138 2139 return retval; 2140 } 2141 2142 /** 2143 * tiocsti - fake input character 2144 * @tty: tty to fake input into 2145 * @p: pointer to character 2146 * 2147 * Fake input to a tty device. Does the necessary locking and 2148 * input management. 2149 * 2150 * FIXME: does not honour flow control ?? 2151 * 2152 * Locking: 2153 * Called functions take tty_ldiscs_lock 2154 * current->signal->tty check is safe without locks 2155 * 2156 * FIXME: may race normal receive processing 2157 */ 2158 2159 static int tiocsti(struct tty_struct *tty, char __user *p) 2160 { 2161 char ch, mbz = 0; 2162 struct tty_ldisc *ld; 2163 2164 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2165 return -EPERM; 2166 if (get_user(ch, p)) 2167 return -EFAULT; 2168 tty_audit_tiocsti(tty, ch); 2169 ld = tty_ldisc_ref_wait(tty); 2170 if (!ld) 2171 return -EIO; 2172 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2173 tty_ldisc_deref(ld); 2174 return 0; 2175 } 2176 2177 /** 2178 * tiocgwinsz - implement window query ioctl 2179 * @tty; tty 2180 * @arg: user buffer for result 2181 * 2182 * Copies the kernel idea of the window size into the user buffer. 2183 * 2184 * Locking: tty->winsize_mutex is taken to ensure the winsize data 2185 * is consistent. 2186 */ 2187 2188 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2189 { 2190 int err; 2191 2192 mutex_lock(&tty->winsize_mutex); 2193 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2194 mutex_unlock(&tty->winsize_mutex); 2195 2196 return err ? -EFAULT: 0; 2197 } 2198 2199 /** 2200 * tty_do_resize - resize event 2201 * @tty: tty being resized 2202 * @rows: rows (character) 2203 * @cols: cols (character) 2204 * 2205 * Update the termios variables and send the necessary signals to 2206 * peform a terminal resize correctly 2207 */ 2208 2209 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2210 { 2211 struct pid *pgrp; 2212 2213 /* Lock the tty */ 2214 mutex_lock(&tty->winsize_mutex); 2215 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2216 goto done; 2217 2218 /* Signal the foreground process group */ 2219 pgrp = tty_get_pgrp(tty); 2220 if (pgrp) 2221 kill_pgrp(pgrp, SIGWINCH, 1); 2222 put_pid(pgrp); 2223 2224 tty->winsize = *ws; 2225 done: 2226 mutex_unlock(&tty->winsize_mutex); 2227 return 0; 2228 } 2229 EXPORT_SYMBOL(tty_do_resize); 2230 2231 /** 2232 * tiocswinsz - implement window size set ioctl 2233 * @tty; tty side of tty 2234 * @arg: user buffer for result 2235 * 2236 * Copies the user idea of the window size to the kernel. Traditionally 2237 * this is just advisory information but for the Linux console it 2238 * actually has driver level meaning and triggers a VC resize. 2239 * 2240 * Locking: 2241 * Driver dependent. The default do_resize method takes the 2242 * tty termios mutex and ctrl_lock. The console takes its own lock 2243 * then calls into the default method. 2244 */ 2245 2246 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2247 { 2248 struct winsize tmp_ws; 2249 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2250 return -EFAULT; 2251 2252 if (tty->ops->resize) 2253 return tty->ops->resize(tty, &tmp_ws); 2254 else 2255 return tty_do_resize(tty, &tmp_ws); 2256 } 2257 2258 /** 2259 * tioccons - allow admin to move logical console 2260 * @file: the file to become console 2261 * 2262 * Allow the administrator to move the redirected console device 2263 * 2264 * Locking: uses redirect_lock to guard the redirect information 2265 */ 2266 2267 static int tioccons(struct file *file) 2268 { 2269 if (!capable(CAP_SYS_ADMIN)) 2270 return -EPERM; 2271 if (file->f_op->write == redirected_tty_write) { 2272 struct file *f; 2273 spin_lock(&redirect_lock); 2274 f = redirect; 2275 redirect = NULL; 2276 spin_unlock(&redirect_lock); 2277 if (f) 2278 fput(f); 2279 return 0; 2280 } 2281 spin_lock(&redirect_lock); 2282 if (redirect) { 2283 spin_unlock(&redirect_lock); 2284 return -EBUSY; 2285 } 2286 redirect = get_file(file); 2287 spin_unlock(&redirect_lock); 2288 return 0; 2289 } 2290 2291 /** 2292 * tiocsetd - set line discipline 2293 * @tty: tty device 2294 * @p: pointer to user data 2295 * 2296 * Set the line discipline according to user request. 2297 * 2298 * Locking: see tty_set_ldisc, this function is just a helper 2299 */ 2300 2301 static int tiocsetd(struct tty_struct *tty, int __user *p) 2302 { 2303 int disc; 2304 int ret; 2305 2306 if (get_user(disc, p)) 2307 return -EFAULT; 2308 2309 ret = tty_set_ldisc(tty, disc); 2310 2311 return ret; 2312 } 2313 2314 /** 2315 * tiocgetd - get line discipline 2316 * @tty: tty device 2317 * @p: pointer to user data 2318 * 2319 * Retrieves the line discipline id directly from the ldisc. 2320 * 2321 * Locking: waits for ldisc reference (in case the line discipline 2322 * is changing or the tty is being hungup) 2323 */ 2324 2325 static int tiocgetd(struct tty_struct *tty, int __user *p) 2326 { 2327 struct tty_ldisc *ld; 2328 int ret; 2329 2330 ld = tty_ldisc_ref_wait(tty); 2331 if (!ld) 2332 return -EIO; 2333 ret = put_user(ld->ops->num, p); 2334 tty_ldisc_deref(ld); 2335 return ret; 2336 } 2337 2338 /** 2339 * send_break - performed time break 2340 * @tty: device to break on 2341 * @duration: timeout in mS 2342 * 2343 * Perform a timed break on hardware that lacks its own driver level 2344 * timed break functionality. 2345 * 2346 * Locking: 2347 * atomic_write_lock serializes 2348 * 2349 */ 2350 2351 static int send_break(struct tty_struct *tty, unsigned int duration) 2352 { 2353 int retval; 2354 2355 if (tty->ops->break_ctl == NULL) 2356 return 0; 2357 2358 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2359 retval = tty->ops->break_ctl(tty, duration); 2360 else { 2361 /* Do the work ourselves */ 2362 if (tty_write_lock(tty, 0) < 0) 2363 return -EINTR; 2364 retval = tty->ops->break_ctl(tty, -1); 2365 if (retval) 2366 goto out; 2367 if (!signal_pending(current)) 2368 msleep_interruptible(duration); 2369 retval = tty->ops->break_ctl(tty, 0); 2370 out: 2371 tty_write_unlock(tty); 2372 if (signal_pending(current)) 2373 retval = -EINTR; 2374 } 2375 return retval; 2376 } 2377 2378 /** 2379 * tty_tiocmget - get modem status 2380 * @tty: tty device 2381 * @file: user file pointer 2382 * @p: pointer to result 2383 * 2384 * Obtain the modem status bits from the tty driver if the feature 2385 * is supported. Return -EINVAL if it is not available. 2386 * 2387 * Locking: none (up to the driver) 2388 */ 2389 2390 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2391 { 2392 int retval = -EINVAL; 2393 2394 if (tty->ops->tiocmget) { 2395 retval = tty->ops->tiocmget(tty); 2396 2397 if (retval >= 0) 2398 retval = put_user(retval, p); 2399 } 2400 return retval; 2401 } 2402 2403 /** 2404 * tty_tiocmset - set modem status 2405 * @tty: tty device 2406 * @cmd: command - clear bits, set bits or set all 2407 * @p: pointer to desired bits 2408 * 2409 * Set the modem status bits from the tty driver if the feature 2410 * is supported. Return -EINVAL if it is not available. 2411 * 2412 * Locking: none (up to the driver) 2413 */ 2414 2415 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2416 unsigned __user *p) 2417 { 2418 int retval; 2419 unsigned int set, clear, val; 2420 2421 if (tty->ops->tiocmset == NULL) 2422 return -EINVAL; 2423 2424 retval = get_user(val, p); 2425 if (retval) 2426 return retval; 2427 set = clear = 0; 2428 switch (cmd) { 2429 case TIOCMBIS: 2430 set = val; 2431 break; 2432 case TIOCMBIC: 2433 clear = val; 2434 break; 2435 case TIOCMSET: 2436 set = val; 2437 clear = ~val; 2438 break; 2439 } 2440 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2441 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2442 return tty->ops->tiocmset(tty, set, clear); 2443 } 2444 2445 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2446 { 2447 int retval = -EINVAL; 2448 struct serial_icounter_struct icount; 2449 memset(&icount, 0, sizeof(icount)); 2450 if (tty->ops->get_icount) 2451 retval = tty->ops->get_icount(tty, &icount); 2452 if (retval != 0) 2453 return retval; 2454 if (copy_to_user(arg, &icount, sizeof(icount))) 2455 return -EFAULT; 2456 return 0; 2457 } 2458 2459 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss) 2460 { 2461 static DEFINE_RATELIMIT_STATE(depr_flags, 2462 DEFAULT_RATELIMIT_INTERVAL, 2463 DEFAULT_RATELIMIT_BURST); 2464 char comm[TASK_COMM_LEN]; 2465 struct serial_struct v; 2466 int flags; 2467 2468 if (copy_from_user(&v, ss, sizeof(struct serial_struct))) 2469 return -EFAULT; 2470 2471 flags = v.flags & ASYNC_DEPRECATED; 2472 2473 if (flags && __ratelimit(&depr_flags)) 2474 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2475 __func__, get_task_comm(comm, current), flags); 2476 if (!tty->ops->set_serial) 2477 return -ENOIOCTLCMD; 2478 return tty->ops->set_serial(tty, &v); 2479 } 2480 2481 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss) 2482 { 2483 struct serial_struct v; 2484 int err; 2485 2486 memset(&v, 0, sizeof(struct serial_struct)); 2487 if (!tty->ops->get_serial) 2488 return -ENOIOCTLCMD; 2489 err = tty->ops->get_serial(tty, &v); 2490 if (!err && copy_to_user(ss, &v, sizeof(struct serial_struct))) 2491 err = -EFAULT; 2492 return err; 2493 } 2494 2495 /* 2496 * if pty, return the slave side (real_tty) 2497 * otherwise, return self 2498 */ 2499 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2500 { 2501 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2502 tty->driver->subtype == PTY_TYPE_MASTER) 2503 tty = tty->link; 2504 return tty; 2505 } 2506 2507 /* 2508 * Split this up, as gcc can choke on it otherwise.. 2509 */ 2510 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2511 { 2512 struct tty_struct *tty = file_tty(file); 2513 struct tty_struct *real_tty; 2514 void __user *p = (void __user *)arg; 2515 int retval; 2516 struct tty_ldisc *ld; 2517 2518 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2519 return -EINVAL; 2520 2521 real_tty = tty_pair_get_tty(tty); 2522 2523 /* 2524 * Factor out some common prep work 2525 */ 2526 switch (cmd) { 2527 case TIOCSETD: 2528 case TIOCSBRK: 2529 case TIOCCBRK: 2530 case TCSBRK: 2531 case TCSBRKP: 2532 retval = tty_check_change(tty); 2533 if (retval) 2534 return retval; 2535 if (cmd != TIOCCBRK) { 2536 tty_wait_until_sent(tty, 0); 2537 if (signal_pending(current)) 2538 return -EINTR; 2539 } 2540 break; 2541 } 2542 2543 /* 2544 * Now do the stuff. 2545 */ 2546 switch (cmd) { 2547 case TIOCSTI: 2548 return tiocsti(tty, p); 2549 case TIOCGWINSZ: 2550 return tiocgwinsz(real_tty, p); 2551 case TIOCSWINSZ: 2552 return tiocswinsz(real_tty, p); 2553 case TIOCCONS: 2554 return real_tty != tty ? -EINVAL : tioccons(file); 2555 case TIOCEXCL: 2556 set_bit(TTY_EXCLUSIVE, &tty->flags); 2557 return 0; 2558 case TIOCNXCL: 2559 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2560 return 0; 2561 case TIOCGEXCL: 2562 { 2563 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2564 return put_user(excl, (int __user *)p); 2565 } 2566 case TIOCGETD: 2567 return tiocgetd(tty, p); 2568 case TIOCSETD: 2569 return tiocsetd(tty, p); 2570 case TIOCVHANGUP: 2571 if (!capable(CAP_SYS_ADMIN)) 2572 return -EPERM; 2573 tty_vhangup(tty); 2574 return 0; 2575 case TIOCGDEV: 2576 { 2577 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2578 return put_user(ret, (unsigned int __user *)p); 2579 } 2580 /* 2581 * Break handling 2582 */ 2583 case TIOCSBRK: /* Turn break on, unconditionally */ 2584 if (tty->ops->break_ctl) 2585 return tty->ops->break_ctl(tty, -1); 2586 return 0; 2587 case TIOCCBRK: /* Turn break off, unconditionally */ 2588 if (tty->ops->break_ctl) 2589 return tty->ops->break_ctl(tty, 0); 2590 return 0; 2591 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2592 /* non-zero arg means wait for all output data 2593 * to be sent (performed above) but don't send break. 2594 * This is used by the tcdrain() termios function. 2595 */ 2596 if (!arg) 2597 return send_break(tty, 250); 2598 return 0; 2599 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2600 return send_break(tty, arg ? arg*100 : 250); 2601 2602 case TIOCMGET: 2603 return tty_tiocmget(tty, p); 2604 case TIOCMSET: 2605 case TIOCMBIC: 2606 case TIOCMBIS: 2607 return tty_tiocmset(tty, cmd, p); 2608 case TIOCGICOUNT: 2609 retval = tty_tiocgicount(tty, p); 2610 /* For the moment allow fall through to the old method */ 2611 if (retval != -EINVAL) 2612 return retval; 2613 break; 2614 case TCFLSH: 2615 switch (arg) { 2616 case TCIFLUSH: 2617 case TCIOFLUSH: 2618 /* flush tty buffer and allow ldisc to process ioctl */ 2619 tty_buffer_flush(tty, NULL); 2620 break; 2621 } 2622 break; 2623 case TIOCSSERIAL: 2624 retval = tty_tiocsserial(tty, p); 2625 if (retval != -ENOIOCTLCMD) 2626 return retval; 2627 break; 2628 case TIOCGSERIAL: 2629 retval = tty_tiocgserial(tty, p); 2630 if (retval != -ENOIOCTLCMD) 2631 return retval; 2632 break; 2633 case TIOCGPTPEER: 2634 /* Special because the struct file is needed */ 2635 return ptm_open_peer(file, tty, (int)arg); 2636 default: 2637 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg); 2638 if (retval != -ENOIOCTLCMD) 2639 return retval; 2640 } 2641 if (tty->ops->ioctl) { 2642 retval = tty->ops->ioctl(tty, cmd, arg); 2643 if (retval != -ENOIOCTLCMD) 2644 return retval; 2645 } 2646 ld = tty_ldisc_ref_wait(tty); 2647 if (!ld) 2648 return hung_up_tty_ioctl(file, cmd, arg); 2649 retval = -EINVAL; 2650 if (ld->ops->ioctl) { 2651 retval = ld->ops->ioctl(tty, file, cmd, arg); 2652 if (retval == -ENOIOCTLCMD) 2653 retval = -ENOTTY; 2654 } 2655 tty_ldisc_deref(ld); 2656 return retval; 2657 } 2658 2659 #ifdef CONFIG_COMPAT 2660 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2661 unsigned long arg) 2662 { 2663 struct tty_struct *tty = file_tty(file); 2664 struct tty_ldisc *ld; 2665 int retval = -ENOIOCTLCMD; 2666 2667 switch (cmd) { 2668 case TIOCSTI: 2669 case TIOCGWINSZ: 2670 case TIOCSWINSZ: 2671 case TIOCGEXCL: 2672 case TIOCGETD: 2673 case TIOCSETD: 2674 case TIOCGDEV: 2675 case TIOCMGET: 2676 case TIOCMSET: 2677 case TIOCMBIC: 2678 case TIOCMBIS: 2679 case TIOCGICOUNT: 2680 case TIOCGPGRP: 2681 case TIOCSPGRP: 2682 case TIOCGSID: 2683 case TIOCSERGETLSR: 2684 case TIOCGRS485: 2685 case TIOCSRS485: 2686 #ifdef TIOCGETP 2687 case TIOCGETP: 2688 case TIOCSETP: 2689 case TIOCSETN: 2690 #endif 2691 #ifdef TIOCGETC 2692 case TIOCGETC: 2693 case TIOCSETC: 2694 #endif 2695 #ifdef TIOCGLTC 2696 case TIOCGLTC: 2697 case TIOCSLTC: 2698 #endif 2699 case TCSETSF: 2700 case TCSETSW: 2701 case TCSETS: 2702 case TCGETS: 2703 #ifdef TCGETS2 2704 case TCGETS2: 2705 case TCSETSF2: 2706 case TCSETSW2: 2707 case TCSETS2: 2708 #endif 2709 case TCGETA: 2710 case TCSETAF: 2711 case TCSETAW: 2712 case TCSETA: 2713 case TIOCGLCKTRMIOS: 2714 case TIOCSLCKTRMIOS: 2715 #ifdef TCGETX 2716 case TCGETX: 2717 case TCSETX: 2718 case TCSETXW: 2719 case TCSETXF: 2720 #endif 2721 case TIOCGSOFTCAR: 2722 case TIOCSSOFTCAR: 2723 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 2724 case TIOCCONS: 2725 case TIOCEXCL: 2726 case TIOCNXCL: 2727 case TIOCVHANGUP: 2728 case TIOCSBRK: 2729 case TIOCCBRK: 2730 case TCSBRK: 2731 case TCSBRKP: 2732 case TCFLSH: 2733 case TIOCGPTPEER: 2734 case TIOCNOTTY: 2735 case TIOCSCTTY: 2736 case TCXONC: 2737 case TIOCMIWAIT: 2738 case TIOCSERCONFIG: 2739 return tty_ioctl(file, cmd, arg); 2740 } 2741 2742 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2743 return -EINVAL; 2744 2745 if (tty->ops->compat_ioctl) { 2746 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2747 if (retval != -ENOIOCTLCMD) 2748 return retval; 2749 } 2750 2751 ld = tty_ldisc_ref_wait(tty); 2752 if (!ld) 2753 return hung_up_tty_compat_ioctl(file, cmd, arg); 2754 if (ld->ops->compat_ioctl) 2755 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2756 tty_ldisc_deref(ld); 2757 2758 return retval; 2759 } 2760 #endif 2761 2762 static int this_tty(const void *t, struct file *file, unsigned fd) 2763 { 2764 if (likely(file->f_op->read != tty_read)) 2765 return 0; 2766 return file_tty(file) != t ? 0 : fd + 1; 2767 } 2768 2769 /* 2770 * This implements the "Secure Attention Key" --- the idea is to 2771 * prevent trojan horses by killing all processes associated with this 2772 * tty when the user hits the "Secure Attention Key". Required for 2773 * super-paranoid applications --- see the Orange Book for more details. 2774 * 2775 * This code could be nicer; ideally it should send a HUP, wait a few 2776 * seconds, then send a INT, and then a KILL signal. But you then 2777 * have to coordinate with the init process, since all processes associated 2778 * with the current tty must be dead before the new getty is allowed 2779 * to spawn. 2780 * 2781 * Now, if it would be correct ;-/ The current code has a nasty hole - 2782 * it doesn't catch files in flight. We may send the descriptor to ourselves 2783 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2784 * 2785 * Nasty bug: do_SAK is being called in interrupt context. This can 2786 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2787 */ 2788 void __do_SAK(struct tty_struct *tty) 2789 { 2790 #ifdef TTY_SOFT_SAK 2791 tty_hangup(tty); 2792 #else 2793 struct task_struct *g, *p; 2794 struct pid *session; 2795 int i; 2796 2797 if (!tty) 2798 return; 2799 session = tty->session; 2800 2801 tty_ldisc_flush(tty); 2802 2803 tty_driver_flush_buffer(tty); 2804 2805 read_lock(&tasklist_lock); 2806 /* Kill the entire session */ 2807 do_each_pid_task(session, PIDTYPE_SID, p) { 2808 tty_notice(tty, "SAK: killed process %d (%s): by session\n", 2809 task_pid_nr(p), p->comm); 2810 send_sig(SIGKILL, p, 1); 2811 } while_each_pid_task(session, PIDTYPE_SID, p); 2812 2813 /* Now kill any processes that happen to have the tty open */ 2814 do_each_thread(g, p) { 2815 if (p->signal->tty == tty) { 2816 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n", 2817 task_pid_nr(p), p->comm); 2818 send_sig(SIGKILL, p, 1); 2819 continue; 2820 } 2821 task_lock(p); 2822 i = iterate_fd(p->files, 0, this_tty, tty); 2823 if (i != 0) { 2824 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n", 2825 task_pid_nr(p), p->comm, i - 1); 2826 force_sig(SIGKILL, p); 2827 } 2828 task_unlock(p); 2829 } while_each_thread(g, p); 2830 read_unlock(&tasklist_lock); 2831 #endif 2832 } 2833 2834 static void do_SAK_work(struct work_struct *work) 2835 { 2836 struct tty_struct *tty = 2837 container_of(work, struct tty_struct, SAK_work); 2838 __do_SAK(tty); 2839 } 2840 2841 /* 2842 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2843 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2844 * the values which we write to it will be identical to the values which it 2845 * already has. --akpm 2846 */ 2847 void do_SAK(struct tty_struct *tty) 2848 { 2849 if (!tty) 2850 return; 2851 schedule_work(&tty->SAK_work); 2852 } 2853 2854 EXPORT_SYMBOL(do_SAK); 2855 2856 static int dev_match_devt(struct device *dev, const void *data) 2857 { 2858 const dev_t *devt = data; 2859 return dev->devt == *devt; 2860 } 2861 2862 /* Must put_device() after it's unused! */ 2863 static struct device *tty_get_device(struct tty_struct *tty) 2864 { 2865 dev_t devt = tty_devnum(tty); 2866 return class_find_device(tty_class, NULL, &devt, dev_match_devt); 2867 } 2868 2869 2870 /** 2871 * alloc_tty_struct 2872 * 2873 * This subroutine allocates and initializes a tty structure. 2874 * 2875 * Locking: none - tty in question is not exposed at this point 2876 */ 2877 2878 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 2879 { 2880 struct tty_struct *tty; 2881 2882 tty = kzalloc(sizeof(*tty), GFP_KERNEL); 2883 if (!tty) 2884 return NULL; 2885 2886 kref_init(&tty->kref); 2887 tty->magic = TTY_MAGIC; 2888 if (tty_ldisc_init(tty)) { 2889 kfree(tty); 2890 return NULL; 2891 } 2892 tty->session = NULL; 2893 tty->pgrp = NULL; 2894 mutex_init(&tty->legacy_mutex); 2895 mutex_init(&tty->throttle_mutex); 2896 init_rwsem(&tty->termios_rwsem); 2897 mutex_init(&tty->winsize_mutex); 2898 init_ldsem(&tty->ldisc_sem); 2899 init_waitqueue_head(&tty->write_wait); 2900 init_waitqueue_head(&tty->read_wait); 2901 INIT_WORK(&tty->hangup_work, do_tty_hangup); 2902 mutex_init(&tty->atomic_write_lock); 2903 spin_lock_init(&tty->ctrl_lock); 2904 spin_lock_init(&tty->flow_lock); 2905 spin_lock_init(&tty->files_lock); 2906 INIT_LIST_HEAD(&tty->tty_files); 2907 INIT_WORK(&tty->SAK_work, do_SAK_work); 2908 2909 tty->driver = driver; 2910 tty->ops = driver->ops; 2911 tty->index = idx; 2912 tty_line_name(driver, idx, tty->name); 2913 tty->dev = tty_get_device(tty); 2914 2915 return tty; 2916 } 2917 2918 /** 2919 * tty_put_char - write one character to a tty 2920 * @tty: tty 2921 * @ch: character 2922 * 2923 * Write one byte to the tty using the provided put_char method 2924 * if present. Returns the number of characters successfully output. 2925 * 2926 * Note: the specific put_char operation in the driver layer may go 2927 * away soon. Don't call it directly, use this method 2928 */ 2929 2930 int tty_put_char(struct tty_struct *tty, unsigned char ch) 2931 { 2932 if (tty->ops->put_char) 2933 return tty->ops->put_char(tty, ch); 2934 return tty->ops->write(tty, &ch, 1); 2935 } 2936 EXPORT_SYMBOL_GPL(tty_put_char); 2937 2938 struct class *tty_class; 2939 2940 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 2941 unsigned int index, unsigned int count) 2942 { 2943 int err; 2944 2945 /* init here, since reused cdevs cause crashes */ 2946 driver->cdevs[index] = cdev_alloc(); 2947 if (!driver->cdevs[index]) 2948 return -ENOMEM; 2949 driver->cdevs[index]->ops = &tty_fops; 2950 driver->cdevs[index]->owner = driver->owner; 2951 err = cdev_add(driver->cdevs[index], dev, count); 2952 if (err) 2953 kobject_put(&driver->cdevs[index]->kobj); 2954 return err; 2955 } 2956 2957 /** 2958 * tty_register_device - register a tty device 2959 * @driver: the tty driver that describes the tty device 2960 * @index: the index in the tty driver for this tty device 2961 * @device: a struct device that is associated with this tty device. 2962 * This field is optional, if there is no known struct device 2963 * for this tty device it can be set to NULL safely. 2964 * 2965 * Returns a pointer to the struct device for this tty device 2966 * (or ERR_PTR(-EFOO) on error). 2967 * 2968 * This call is required to be made to register an individual tty device 2969 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 2970 * that bit is not set, this function should not be called by a tty 2971 * driver. 2972 * 2973 * Locking: ?? 2974 */ 2975 2976 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 2977 struct device *device) 2978 { 2979 return tty_register_device_attr(driver, index, device, NULL, NULL); 2980 } 2981 EXPORT_SYMBOL(tty_register_device); 2982 2983 static void tty_device_create_release(struct device *dev) 2984 { 2985 dev_dbg(dev, "releasing...\n"); 2986 kfree(dev); 2987 } 2988 2989 /** 2990 * tty_register_device_attr - register a tty device 2991 * @driver: the tty driver that describes the tty device 2992 * @index: the index in the tty driver for this tty device 2993 * @device: a struct device that is associated with this tty device. 2994 * This field is optional, if there is no known struct device 2995 * for this tty device it can be set to NULL safely. 2996 * @drvdata: Driver data to be set to device. 2997 * @attr_grp: Attribute group to be set on device. 2998 * 2999 * Returns a pointer to the struct device for this tty device 3000 * (or ERR_PTR(-EFOO) on error). 3001 * 3002 * This call is required to be made to register an individual tty device 3003 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3004 * that bit is not set, this function should not be called by a tty 3005 * driver. 3006 * 3007 * Locking: ?? 3008 */ 3009 struct device *tty_register_device_attr(struct tty_driver *driver, 3010 unsigned index, struct device *device, 3011 void *drvdata, 3012 const struct attribute_group **attr_grp) 3013 { 3014 char name[64]; 3015 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3016 struct ktermios *tp; 3017 struct device *dev; 3018 int retval; 3019 3020 if (index >= driver->num) { 3021 pr_err("%s: Attempt to register invalid tty line number (%d)\n", 3022 driver->name, index); 3023 return ERR_PTR(-EINVAL); 3024 } 3025 3026 if (driver->type == TTY_DRIVER_TYPE_PTY) 3027 pty_line_name(driver, index, name); 3028 else 3029 tty_line_name(driver, index, name); 3030 3031 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3032 if (!dev) 3033 return ERR_PTR(-ENOMEM); 3034 3035 dev->devt = devt; 3036 dev->class = tty_class; 3037 dev->parent = device; 3038 dev->release = tty_device_create_release; 3039 dev_set_name(dev, "%s", name); 3040 dev->groups = attr_grp; 3041 dev_set_drvdata(dev, drvdata); 3042 3043 dev_set_uevent_suppress(dev, 1); 3044 3045 retval = device_register(dev); 3046 if (retval) 3047 goto err_put; 3048 3049 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3050 /* 3051 * Free any saved termios data so that the termios state is 3052 * reset when reusing a minor number. 3053 */ 3054 tp = driver->termios[index]; 3055 if (tp) { 3056 driver->termios[index] = NULL; 3057 kfree(tp); 3058 } 3059 3060 retval = tty_cdev_add(driver, devt, index, 1); 3061 if (retval) 3062 goto err_del; 3063 } 3064 3065 dev_set_uevent_suppress(dev, 0); 3066 kobject_uevent(&dev->kobj, KOBJ_ADD); 3067 3068 return dev; 3069 3070 err_del: 3071 device_del(dev); 3072 err_put: 3073 put_device(dev); 3074 3075 return ERR_PTR(retval); 3076 } 3077 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3078 3079 /** 3080 * tty_unregister_device - unregister a tty device 3081 * @driver: the tty driver that describes the tty device 3082 * @index: the index in the tty driver for this tty device 3083 * 3084 * If a tty device is registered with a call to tty_register_device() then 3085 * this function must be called when the tty device is gone. 3086 * 3087 * Locking: ?? 3088 */ 3089 3090 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3091 { 3092 device_destroy(tty_class, 3093 MKDEV(driver->major, driver->minor_start) + index); 3094 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3095 cdev_del(driver->cdevs[index]); 3096 driver->cdevs[index] = NULL; 3097 } 3098 } 3099 EXPORT_SYMBOL(tty_unregister_device); 3100 3101 /** 3102 * __tty_alloc_driver -- allocate tty driver 3103 * @lines: count of lines this driver can handle at most 3104 * @owner: module which is responsible for this driver 3105 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3106 * 3107 * This should not be called directly, some of the provided macros should be 3108 * used instead. Use IS_ERR and friends on @retval. 3109 */ 3110 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3111 unsigned long flags) 3112 { 3113 struct tty_driver *driver; 3114 unsigned int cdevs = 1; 3115 int err; 3116 3117 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3118 return ERR_PTR(-EINVAL); 3119 3120 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL); 3121 if (!driver) 3122 return ERR_PTR(-ENOMEM); 3123 3124 kref_init(&driver->kref); 3125 driver->magic = TTY_DRIVER_MAGIC; 3126 driver->num = lines; 3127 driver->owner = owner; 3128 driver->flags = flags; 3129 3130 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3131 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3132 GFP_KERNEL); 3133 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3134 GFP_KERNEL); 3135 if (!driver->ttys || !driver->termios) { 3136 err = -ENOMEM; 3137 goto err_free_all; 3138 } 3139 } 3140 3141 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3142 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3143 GFP_KERNEL); 3144 if (!driver->ports) { 3145 err = -ENOMEM; 3146 goto err_free_all; 3147 } 3148 cdevs = lines; 3149 } 3150 3151 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3152 if (!driver->cdevs) { 3153 err = -ENOMEM; 3154 goto err_free_all; 3155 } 3156 3157 return driver; 3158 err_free_all: 3159 kfree(driver->ports); 3160 kfree(driver->ttys); 3161 kfree(driver->termios); 3162 kfree(driver->cdevs); 3163 kfree(driver); 3164 return ERR_PTR(err); 3165 } 3166 EXPORT_SYMBOL(__tty_alloc_driver); 3167 3168 static void destruct_tty_driver(struct kref *kref) 3169 { 3170 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3171 int i; 3172 struct ktermios *tp; 3173 3174 if (driver->flags & TTY_DRIVER_INSTALLED) { 3175 for (i = 0; i < driver->num; i++) { 3176 tp = driver->termios[i]; 3177 if (tp) { 3178 driver->termios[i] = NULL; 3179 kfree(tp); 3180 } 3181 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3182 tty_unregister_device(driver, i); 3183 } 3184 proc_tty_unregister_driver(driver); 3185 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3186 cdev_del(driver->cdevs[0]); 3187 } 3188 kfree(driver->cdevs); 3189 kfree(driver->ports); 3190 kfree(driver->termios); 3191 kfree(driver->ttys); 3192 kfree(driver); 3193 } 3194 3195 void tty_driver_kref_put(struct tty_driver *driver) 3196 { 3197 kref_put(&driver->kref, destruct_tty_driver); 3198 } 3199 EXPORT_SYMBOL(tty_driver_kref_put); 3200 3201 void tty_set_operations(struct tty_driver *driver, 3202 const struct tty_operations *op) 3203 { 3204 driver->ops = op; 3205 }; 3206 EXPORT_SYMBOL(tty_set_operations); 3207 3208 void put_tty_driver(struct tty_driver *d) 3209 { 3210 tty_driver_kref_put(d); 3211 } 3212 EXPORT_SYMBOL(put_tty_driver); 3213 3214 /* 3215 * Called by a tty driver to register itself. 3216 */ 3217 int tty_register_driver(struct tty_driver *driver) 3218 { 3219 int error; 3220 int i; 3221 dev_t dev; 3222 struct device *d; 3223 3224 if (!driver->major) { 3225 error = alloc_chrdev_region(&dev, driver->minor_start, 3226 driver->num, driver->name); 3227 if (!error) { 3228 driver->major = MAJOR(dev); 3229 driver->minor_start = MINOR(dev); 3230 } 3231 } else { 3232 dev = MKDEV(driver->major, driver->minor_start); 3233 error = register_chrdev_region(dev, driver->num, driver->name); 3234 } 3235 if (error < 0) 3236 goto err; 3237 3238 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3239 error = tty_cdev_add(driver, dev, 0, driver->num); 3240 if (error) 3241 goto err_unreg_char; 3242 } 3243 3244 mutex_lock(&tty_mutex); 3245 list_add(&driver->tty_drivers, &tty_drivers); 3246 mutex_unlock(&tty_mutex); 3247 3248 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3249 for (i = 0; i < driver->num; i++) { 3250 d = tty_register_device(driver, i, NULL); 3251 if (IS_ERR(d)) { 3252 error = PTR_ERR(d); 3253 goto err_unreg_devs; 3254 } 3255 } 3256 } 3257 proc_tty_register_driver(driver); 3258 driver->flags |= TTY_DRIVER_INSTALLED; 3259 return 0; 3260 3261 err_unreg_devs: 3262 for (i--; i >= 0; i--) 3263 tty_unregister_device(driver, i); 3264 3265 mutex_lock(&tty_mutex); 3266 list_del(&driver->tty_drivers); 3267 mutex_unlock(&tty_mutex); 3268 3269 err_unreg_char: 3270 unregister_chrdev_region(dev, driver->num); 3271 err: 3272 return error; 3273 } 3274 EXPORT_SYMBOL(tty_register_driver); 3275 3276 /* 3277 * Called by a tty driver to unregister itself. 3278 */ 3279 int tty_unregister_driver(struct tty_driver *driver) 3280 { 3281 #if 0 3282 /* FIXME */ 3283 if (driver->refcount) 3284 return -EBUSY; 3285 #endif 3286 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3287 driver->num); 3288 mutex_lock(&tty_mutex); 3289 list_del(&driver->tty_drivers); 3290 mutex_unlock(&tty_mutex); 3291 return 0; 3292 } 3293 3294 EXPORT_SYMBOL(tty_unregister_driver); 3295 3296 dev_t tty_devnum(struct tty_struct *tty) 3297 { 3298 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3299 } 3300 EXPORT_SYMBOL(tty_devnum); 3301 3302 void tty_default_fops(struct file_operations *fops) 3303 { 3304 *fops = tty_fops; 3305 } 3306 3307 static char *tty_devnode(struct device *dev, umode_t *mode) 3308 { 3309 if (!mode) 3310 return NULL; 3311 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3312 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3313 *mode = 0666; 3314 return NULL; 3315 } 3316 3317 static int __init tty_class_init(void) 3318 { 3319 tty_class = class_create(THIS_MODULE, "tty"); 3320 if (IS_ERR(tty_class)) 3321 return PTR_ERR(tty_class); 3322 tty_class->devnode = tty_devnode; 3323 return 0; 3324 } 3325 3326 postcore_initcall(tty_class_init); 3327 3328 /* 3/2004 jmc: why do these devices exist? */ 3329 static struct cdev tty_cdev, console_cdev; 3330 3331 static ssize_t show_cons_active(struct device *dev, 3332 struct device_attribute *attr, char *buf) 3333 { 3334 struct console *cs[16]; 3335 int i = 0; 3336 struct console *c; 3337 ssize_t count = 0; 3338 3339 console_lock(); 3340 for_each_console(c) { 3341 if (!c->device) 3342 continue; 3343 if (!c->write) 3344 continue; 3345 if ((c->flags & CON_ENABLED) == 0) 3346 continue; 3347 cs[i++] = c; 3348 if (i >= ARRAY_SIZE(cs)) 3349 break; 3350 } 3351 while (i--) { 3352 int index = cs[i]->index; 3353 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3354 3355 /* don't resolve tty0 as some programs depend on it */ 3356 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3357 count += tty_line_name(drv, index, buf + count); 3358 else 3359 count += sprintf(buf + count, "%s%d", 3360 cs[i]->name, cs[i]->index); 3361 3362 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3363 } 3364 console_unlock(); 3365 3366 return count; 3367 } 3368 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3369 3370 static struct attribute *cons_dev_attrs[] = { 3371 &dev_attr_active.attr, 3372 NULL 3373 }; 3374 3375 ATTRIBUTE_GROUPS(cons_dev); 3376 3377 static struct device *consdev; 3378 3379 void console_sysfs_notify(void) 3380 { 3381 if (consdev) 3382 sysfs_notify(&consdev->kobj, NULL, "active"); 3383 } 3384 3385 /* 3386 * Ok, now we can initialize the rest of the tty devices and can count 3387 * on memory allocations, interrupts etc.. 3388 */ 3389 int __init tty_init(void) 3390 { 3391 cdev_init(&tty_cdev, &tty_fops); 3392 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3393 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3394 panic("Couldn't register /dev/tty driver\n"); 3395 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3396 3397 cdev_init(&console_cdev, &console_fops); 3398 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3399 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3400 panic("Couldn't register /dev/console driver\n"); 3401 consdev = device_create_with_groups(tty_class, NULL, 3402 MKDEV(TTYAUX_MAJOR, 1), NULL, 3403 cons_dev_groups, "console"); 3404 if (IS_ERR(consdev)) 3405 consdev = NULL; 3406 3407 #ifdef CONFIG_VT 3408 vty_init(&console_fops); 3409 #endif 3410 return 0; 3411 } 3412 3413