1 /* 2 * Copyright (C) 1991, 1992 Linus Torvalds 3 */ 4 5 /* 6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 7 * or rs-channels. It also implements echoing, cooked mode etc. 8 * 9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 10 * 11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 12 * tty_struct and tty_queue structures. Previously there was an array 13 * of 256 tty_struct's which was statically allocated, and the 14 * tty_queue structures were allocated at boot time. Both are now 15 * dynamically allocated only when the tty is open. 16 * 17 * Also restructured routines so that there is more of a separation 18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 19 * the low-level tty routines (serial.c, pty.c, console.c). This 20 * makes for cleaner and more compact code. -TYT, 9/17/92 21 * 22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 23 * which can be dynamically activated and de-activated by the line 24 * discipline handling modules (like SLIP). 25 * 26 * NOTE: pay no attention to the line discipline code (yet); its 27 * interface is still subject to change in this version... 28 * -- TYT, 1/31/92 29 * 30 * Added functionality to the OPOST tty handling. No delays, but all 31 * other bits should be there. 32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 33 * 34 * Rewrote canonical mode and added more termios flags. 35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 36 * 37 * Reorganized FASYNC support so mouse code can share it. 38 * -- ctm@ardi.com, 9Sep95 39 * 40 * New TIOCLINUX variants added. 41 * -- mj@k332.feld.cvut.cz, 19-Nov-95 42 * 43 * Restrict vt switching via ioctl() 44 * -- grif@cs.ucr.edu, 5-Dec-95 45 * 46 * Move console and virtual terminal code to more appropriate files, 47 * implement CONFIG_VT and generalize console device interface. 48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 49 * 50 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 51 * -- Bill Hawes <whawes@star.net>, June 97 52 * 53 * Added devfs support. 54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 55 * 56 * Added support for a Unix98-style ptmx device. 57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 58 * 59 * Reduced memory usage for older ARM systems 60 * -- Russell King <rmk@arm.linux.org.uk> 61 * 62 * Move do_SAK() into process context. Less stack use in devfs functions. 63 * alloc_tty_struct() always uses kmalloc() 64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 65 */ 66 67 #include <linux/types.h> 68 #include <linux/major.h> 69 #include <linux/errno.h> 70 #include <linux/signal.h> 71 #include <linux/fcntl.h> 72 #include <linux/sched.h> 73 #include <linux/interrupt.h> 74 #include <linux/tty.h> 75 #include <linux/tty_driver.h> 76 #include <linux/tty_flip.h> 77 #include <linux/devpts_fs.h> 78 #include <linux/file.h> 79 #include <linux/fdtable.h> 80 #include <linux/console.h> 81 #include <linux/timer.h> 82 #include <linux/ctype.h> 83 #include <linux/kd.h> 84 #include <linux/mm.h> 85 #include <linux/string.h> 86 #include <linux/slab.h> 87 #include <linux/poll.h> 88 #include <linux/proc_fs.h> 89 #include <linux/init.h> 90 #include <linux/module.h> 91 #include <linux/device.h> 92 #include <linux/wait.h> 93 #include <linux/bitops.h> 94 #include <linux/delay.h> 95 #include <linux/seq_file.h> 96 #include <linux/serial.h> 97 #include <linux/ratelimit.h> 98 99 #include <linux/uaccess.h> 100 101 #include <linux/kbd_kern.h> 102 #include <linux/vt_kern.h> 103 #include <linux/selection.h> 104 105 #include <linux/kmod.h> 106 #include <linux/nsproxy.h> 107 108 #undef TTY_DEBUG_HANGUP 109 #ifdef TTY_DEBUG_HANGUP 110 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 111 #else 112 # define tty_debug_hangup(tty, f, args...) do { } while (0) 113 #endif 114 115 #define TTY_PARANOIA_CHECK 1 116 #define CHECK_TTY_COUNT 1 117 118 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 119 .c_iflag = ICRNL | IXON, 120 .c_oflag = OPOST | ONLCR, 121 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 122 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 123 ECHOCTL | ECHOKE | IEXTEN, 124 .c_cc = INIT_C_CC, 125 .c_ispeed = 38400, 126 .c_ospeed = 38400 127 }; 128 129 EXPORT_SYMBOL(tty_std_termios); 130 131 /* This list gets poked at by procfs and various bits of boot up code. This 132 could do with some rationalisation such as pulling the tty proc function 133 into this file */ 134 135 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 136 137 /* Mutex to protect creating and releasing a tty. This is shared with 138 vt.c for deeply disgusting hack reasons */ 139 DEFINE_MUTEX(tty_mutex); 140 EXPORT_SYMBOL(tty_mutex); 141 142 /* Spinlock to protect the tty->tty_files list */ 143 DEFINE_SPINLOCK(tty_files_lock); 144 145 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 146 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); 147 ssize_t redirected_tty_write(struct file *, const char __user *, 148 size_t, loff_t *); 149 static unsigned int tty_poll(struct file *, poll_table *); 150 static int tty_open(struct inode *, struct file *); 151 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 152 #ifdef CONFIG_COMPAT 153 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 154 unsigned long arg); 155 #else 156 #define tty_compat_ioctl NULL 157 #endif 158 static int __tty_fasync(int fd, struct file *filp, int on); 159 static int tty_fasync(int fd, struct file *filp, int on); 160 static void release_tty(struct tty_struct *tty, int idx); 161 162 /** 163 * free_tty_struct - free a disused tty 164 * @tty: tty struct to free 165 * 166 * Free the write buffers, tty queue and tty memory itself. 167 * 168 * Locking: none. Must be called after tty is definitely unused 169 */ 170 171 void free_tty_struct(struct tty_struct *tty) 172 { 173 if (!tty) 174 return; 175 put_device(tty->dev); 176 kfree(tty->write_buf); 177 tty->magic = 0xDEADDEAD; 178 kfree(tty); 179 } 180 181 static inline struct tty_struct *file_tty(struct file *file) 182 { 183 return ((struct tty_file_private *)file->private_data)->tty; 184 } 185 186 int tty_alloc_file(struct file *file) 187 { 188 struct tty_file_private *priv; 189 190 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 191 if (!priv) 192 return -ENOMEM; 193 194 file->private_data = priv; 195 196 return 0; 197 } 198 199 /* Associate a new file with the tty structure */ 200 void tty_add_file(struct tty_struct *tty, struct file *file) 201 { 202 struct tty_file_private *priv = file->private_data; 203 204 priv->tty = tty; 205 priv->file = file; 206 207 spin_lock(&tty_files_lock); 208 list_add(&priv->list, &tty->tty_files); 209 spin_unlock(&tty_files_lock); 210 } 211 212 /** 213 * tty_free_file - free file->private_data 214 * 215 * This shall be used only for fail path handling when tty_add_file was not 216 * called yet. 217 */ 218 void tty_free_file(struct file *file) 219 { 220 struct tty_file_private *priv = file->private_data; 221 222 file->private_data = NULL; 223 kfree(priv); 224 } 225 226 /* Delete file from its tty */ 227 static void tty_del_file(struct file *file) 228 { 229 struct tty_file_private *priv = file->private_data; 230 231 spin_lock(&tty_files_lock); 232 list_del(&priv->list); 233 spin_unlock(&tty_files_lock); 234 tty_free_file(file); 235 } 236 237 238 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base) 239 240 /** 241 * tty_name - return tty naming 242 * @tty: tty structure 243 * 244 * Convert a tty structure into a name. The name reflects the kernel 245 * naming policy and if udev is in use may not reflect user space 246 * 247 * Locking: none 248 */ 249 250 const char *tty_name(const struct tty_struct *tty) 251 { 252 if (!tty) /* Hmm. NULL pointer. That's fun. */ 253 return "NULL tty"; 254 return tty->name; 255 } 256 257 EXPORT_SYMBOL(tty_name); 258 259 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 260 const char *routine) 261 { 262 #ifdef TTY_PARANOIA_CHECK 263 if (!tty) { 264 printk(KERN_WARNING 265 "null TTY for (%d:%d) in %s\n", 266 imajor(inode), iminor(inode), routine); 267 return 1; 268 } 269 if (tty->magic != TTY_MAGIC) { 270 printk(KERN_WARNING 271 "bad magic number for tty struct (%d:%d) in %s\n", 272 imajor(inode), iminor(inode), routine); 273 return 1; 274 } 275 #endif 276 return 0; 277 } 278 279 /* Caller must hold tty_lock */ 280 static int check_tty_count(struct tty_struct *tty, const char *routine) 281 { 282 #ifdef CHECK_TTY_COUNT 283 struct list_head *p; 284 int count = 0; 285 286 spin_lock(&tty_files_lock); 287 list_for_each(p, &tty->tty_files) { 288 count++; 289 } 290 spin_unlock(&tty_files_lock); 291 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 292 tty->driver->subtype == PTY_TYPE_SLAVE && 293 tty->link && tty->link->count) 294 count++; 295 if (tty->count != count) { 296 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) " 297 "!= #fd's(%d) in %s\n", 298 tty->name, tty->count, count, routine); 299 return count; 300 } 301 #endif 302 return 0; 303 } 304 305 /** 306 * get_tty_driver - find device of a tty 307 * @dev_t: device identifier 308 * @index: returns the index of the tty 309 * 310 * This routine returns a tty driver structure, given a device number 311 * and also passes back the index number. 312 * 313 * Locking: caller must hold tty_mutex 314 */ 315 316 static struct tty_driver *get_tty_driver(dev_t device, int *index) 317 { 318 struct tty_driver *p; 319 320 list_for_each_entry(p, &tty_drivers, tty_drivers) { 321 dev_t base = MKDEV(p->major, p->minor_start); 322 if (device < base || device >= base + p->num) 323 continue; 324 *index = device - base; 325 return tty_driver_kref_get(p); 326 } 327 return NULL; 328 } 329 330 #ifdef CONFIG_CONSOLE_POLL 331 332 /** 333 * tty_find_polling_driver - find device of a polled tty 334 * @name: name string to match 335 * @line: pointer to resulting tty line nr 336 * 337 * This routine returns a tty driver structure, given a name 338 * and the condition that the tty driver is capable of polled 339 * operation. 340 */ 341 struct tty_driver *tty_find_polling_driver(char *name, int *line) 342 { 343 struct tty_driver *p, *res = NULL; 344 int tty_line = 0; 345 int len; 346 char *str, *stp; 347 348 for (str = name; *str; str++) 349 if ((*str >= '0' && *str <= '9') || *str == ',') 350 break; 351 if (!*str) 352 return NULL; 353 354 len = str - name; 355 tty_line = simple_strtoul(str, &str, 10); 356 357 mutex_lock(&tty_mutex); 358 /* Search through the tty devices to look for a match */ 359 list_for_each_entry(p, &tty_drivers, tty_drivers) { 360 if (strncmp(name, p->name, len) != 0) 361 continue; 362 stp = str; 363 if (*stp == ',') 364 stp++; 365 if (*stp == '\0') 366 stp = NULL; 367 368 if (tty_line >= 0 && tty_line < p->num && p->ops && 369 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 370 res = tty_driver_kref_get(p); 371 *line = tty_line; 372 break; 373 } 374 } 375 mutex_unlock(&tty_mutex); 376 377 return res; 378 } 379 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 380 #endif 381 382 /** 383 * tty_check_change - check for POSIX terminal changes 384 * @tty: tty to check 385 * 386 * If we try to write to, or set the state of, a terminal and we're 387 * not in the foreground, send a SIGTTOU. If the signal is blocked or 388 * ignored, go ahead and perform the operation. (POSIX 7.2) 389 * 390 * Locking: ctrl_lock 391 */ 392 393 int tty_check_change(struct tty_struct *tty) 394 { 395 unsigned long flags; 396 struct pid *pgrp; 397 int ret = 0; 398 399 if (current->signal->tty != tty) 400 return 0; 401 402 rcu_read_lock(); 403 pgrp = task_pgrp(current); 404 405 spin_lock_irqsave(&tty->ctrl_lock, flags); 406 407 if (!tty->pgrp) { 408 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n"); 409 goto out_unlock; 410 } 411 if (pgrp == tty->pgrp) 412 goto out_unlock; 413 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 414 415 if (is_ignored(SIGTTOU)) 416 goto out_rcuunlock; 417 if (is_current_pgrp_orphaned()) { 418 ret = -EIO; 419 goto out_rcuunlock; 420 } 421 kill_pgrp(pgrp, SIGTTOU, 1); 422 rcu_read_unlock(); 423 set_thread_flag(TIF_SIGPENDING); 424 ret = -ERESTARTSYS; 425 return ret; 426 out_unlock: 427 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 428 out_rcuunlock: 429 rcu_read_unlock(); 430 return ret; 431 } 432 433 EXPORT_SYMBOL(tty_check_change); 434 435 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 436 size_t count, loff_t *ppos) 437 { 438 return 0; 439 } 440 441 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 442 size_t count, loff_t *ppos) 443 { 444 return -EIO; 445 } 446 447 /* No kernel lock held - none needed ;) */ 448 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait) 449 { 450 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM; 451 } 452 453 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 454 unsigned long arg) 455 { 456 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 457 } 458 459 static long hung_up_tty_compat_ioctl(struct file *file, 460 unsigned int cmd, unsigned long arg) 461 { 462 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 463 } 464 465 static const struct file_operations tty_fops = { 466 .llseek = no_llseek, 467 .read = tty_read, 468 .write = tty_write, 469 .poll = tty_poll, 470 .unlocked_ioctl = tty_ioctl, 471 .compat_ioctl = tty_compat_ioctl, 472 .open = tty_open, 473 .release = tty_release, 474 .fasync = tty_fasync, 475 }; 476 477 static const struct file_operations console_fops = { 478 .llseek = no_llseek, 479 .read = tty_read, 480 .write = redirected_tty_write, 481 .poll = tty_poll, 482 .unlocked_ioctl = tty_ioctl, 483 .compat_ioctl = tty_compat_ioctl, 484 .open = tty_open, 485 .release = tty_release, 486 .fasync = tty_fasync, 487 }; 488 489 static const struct file_operations hung_up_tty_fops = { 490 .llseek = no_llseek, 491 .read = hung_up_tty_read, 492 .write = hung_up_tty_write, 493 .poll = hung_up_tty_poll, 494 .unlocked_ioctl = hung_up_tty_ioctl, 495 .compat_ioctl = hung_up_tty_compat_ioctl, 496 .release = tty_release, 497 }; 498 499 static DEFINE_SPINLOCK(redirect_lock); 500 static struct file *redirect; 501 502 503 void proc_clear_tty(struct task_struct *p) 504 { 505 unsigned long flags; 506 struct tty_struct *tty; 507 spin_lock_irqsave(&p->sighand->siglock, flags); 508 tty = p->signal->tty; 509 p->signal->tty = NULL; 510 spin_unlock_irqrestore(&p->sighand->siglock, flags); 511 tty_kref_put(tty); 512 } 513 514 /** 515 * proc_set_tty - set the controlling terminal 516 * 517 * Only callable by the session leader and only if it does not already have 518 * a controlling terminal. 519 * 520 * Caller must hold: tty_lock() 521 * a readlock on tasklist_lock 522 * sighand lock 523 */ 524 static void __proc_set_tty(struct tty_struct *tty) 525 { 526 unsigned long flags; 527 528 spin_lock_irqsave(&tty->ctrl_lock, flags); 529 /* 530 * The session and fg pgrp references will be non-NULL if 531 * tiocsctty() is stealing the controlling tty 532 */ 533 put_pid(tty->session); 534 put_pid(tty->pgrp); 535 tty->pgrp = get_pid(task_pgrp(current)); 536 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 537 tty->session = get_pid(task_session(current)); 538 if (current->signal->tty) { 539 tty_debug(tty, "current tty %s not NULL!!\n", 540 current->signal->tty->name); 541 tty_kref_put(current->signal->tty); 542 } 543 put_pid(current->signal->tty_old_pgrp); 544 current->signal->tty = tty_kref_get(tty); 545 current->signal->tty_old_pgrp = NULL; 546 } 547 548 static void proc_set_tty(struct tty_struct *tty) 549 { 550 spin_lock_irq(¤t->sighand->siglock); 551 __proc_set_tty(tty); 552 spin_unlock_irq(¤t->sighand->siglock); 553 } 554 555 struct tty_struct *get_current_tty(void) 556 { 557 struct tty_struct *tty; 558 unsigned long flags; 559 560 spin_lock_irqsave(¤t->sighand->siglock, flags); 561 tty = tty_kref_get(current->signal->tty); 562 spin_unlock_irqrestore(¤t->sighand->siglock, flags); 563 return tty; 564 } 565 EXPORT_SYMBOL_GPL(get_current_tty); 566 567 static void session_clear_tty(struct pid *session) 568 { 569 struct task_struct *p; 570 do_each_pid_task(session, PIDTYPE_SID, p) { 571 proc_clear_tty(p); 572 } while_each_pid_task(session, PIDTYPE_SID, p); 573 } 574 575 /** 576 * tty_wakeup - request more data 577 * @tty: terminal 578 * 579 * Internal and external helper for wakeups of tty. This function 580 * informs the line discipline if present that the driver is ready 581 * to receive more output data. 582 */ 583 584 void tty_wakeup(struct tty_struct *tty) 585 { 586 struct tty_ldisc *ld; 587 588 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 589 ld = tty_ldisc_ref(tty); 590 if (ld) { 591 if (ld->ops->write_wakeup) 592 ld->ops->write_wakeup(tty); 593 tty_ldisc_deref(ld); 594 } 595 } 596 wake_up_interruptible_poll(&tty->write_wait, POLLOUT); 597 } 598 599 EXPORT_SYMBOL_GPL(tty_wakeup); 600 601 /** 602 * tty_signal_session_leader - sends SIGHUP to session leader 603 * @tty controlling tty 604 * @exit_session if non-zero, signal all foreground group processes 605 * 606 * Send SIGHUP and SIGCONT to the session leader and its process group. 607 * Optionally, signal all processes in the foreground process group. 608 * 609 * Returns the number of processes in the session with this tty 610 * as their controlling terminal. This value is used to drop 611 * tty references for those processes. 612 */ 613 static int tty_signal_session_leader(struct tty_struct *tty, int exit_session) 614 { 615 struct task_struct *p; 616 int refs = 0; 617 struct pid *tty_pgrp = NULL; 618 619 read_lock(&tasklist_lock); 620 if (tty->session) { 621 do_each_pid_task(tty->session, PIDTYPE_SID, p) { 622 spin_lock_irq(&p->sighand->siglock); 623 if (p->signal->tty == tty) { 624 p->signal->tty = NULL; 625 /* We defer the dereferences outside fo 626 the tasklist lock */ 627 refs++; 628 } 629 if (!p->signal->leader) { 630 spin_unlock_irq(&p->sighand->siglock); 631 continue; 632 } 633 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p); 634 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p); 635 put_pid(p->signal->tty_old_pgrp); /* A noop */ 636 spin_lock(&tty->ctrl_lock); 637 tty_pgrp = get_pid(tty->pgrp); 638 if (tty->pgrp) 639 p->signal->tty_old_pgrp = get_pid(tty->pgrp); 640 spin_unlock(&tty->ctrl_lock); 641 spin_unlock_irq(&p->sighand->siglock); 642 } while_each_pid_task(tty->session, PIDTYPE_SID, p); 643 } 644 read_unlock(&tasklist_lock); 645 646 if (tty_pgrp) { 647 if (exit_session) 648 kill_pgrp(tty_pgrp, SIGHUP, exit_session); 649 put_pid(tty_pgrp); 650 } 651 652 return refs; 653 } 654 655 /** 656 * __tty_hangup - actual handler for hangup events 657 * @work: tty device 658 * 659 * This can be called by a "kworker" kernel thread. That is process 660 * synchronous but doesn't hold any locks, so we need to make sure we 661 * have the appropriate locks for what we're doing. 662 * 663 * The hangup event clears any pending redirections onto the hung up 664 * device. It ensures future writes will error and it does the needed 665 * line discipline hangup and signal delivery. The tty object itself 666 * remains intact. 667 * 668 * Locking: 669 * BTM 670 * redirect lock for undoing redirection 671 * file list lock for manipulating list of ttys 672 * tty_ldiscs_lock from called functions 673 * termios_rwsem resetting termios data 674 * tasklist_lock to walk task list for hangup event 675 * ->siglock to protect ->signal/->sighand 676 */ 677 static void __tty_hangup(struct tty_struct *tty, int exit_session) 678 { 679 struct file *cons_filp = NULL; 680 struct file *filp, *f = NULL; 681 struct tty_file_private *priv; 682 int closecount = 0, n; 683 int refs; 684 685 if (!tty) 686 return; 687 688 689 spin_lock(&redirect_lock); 690 if (redirect && file_tty(redirect) == tty) { 691 f = redirect; 692 redirect = NULL; 693 } 694 spin_unlock(&redirect_lock); 695 696 tty_lock(tty); 697 698 if (test_bit(TTY_HUPPED, &tty->flags)) { 699 tty_unlock(tty); 700 return; 701 } 702 703 /* inuse_filps is protected by the single tty lock, 704 this really needs to change if we want to flush the 705 workqueue with the lock held */ 706 check_tty_count(tty, "tty_hangup"); 707 708 spin_lock(&tty_files_lock); 709 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 710 list_for_each_entry(priv, &tty->tty_files, list) { 711 filp = priv->file; 712 if (filp->f_op->write == redirected_tty_write) 713 cons_filp = filp; 714 if (filp->f_op->write != tty_write) 715 continue; 716 closecount++; 717 __tty_fasync(-1, filp, 0); /* can't block */ 718 filp->f_op = &hung_up_tty_fops; 719 } 720 spin_unlock(&tty_files_lock); 721 722 refs = tty_signal_session_leader(tty, exit_session); 723 /* Account for the p->signal references we killed */ 724 while (refs--) 725 tty_kref_put(tty); 726 727 tty_ldisc_hangup(tty); 728 729 spin_lock_irq(&tty->ctrl_lock); 730 clear_bit(TTY_THROTTLED, &tty->flags); 731 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 732 put_pid(tty->session); 733 put_pid(tty->pgrp); 734 tty->session = NULL; 735 tty->pgrp = NULL; 736 tty->ctrl_status = 0; 737 spin_unlock_irq(&tty->ctrl_lock); 738 739 /* 740 * If one of the devices matches a console pointer, we 741 * cannot just call hangup() because that will cause 742 * tty->count and state->count to go out of sync. 743 * So we just call close() the right number of times. 744 */ 745 if (cons_filp) { 746 if (tty->ops->close) 747 for (n = 0; n < closecount; n++) 748 tty->ops->close(tty, cons_filp); 749 } else if (tty->ops->hangup) 750 tty->ops->hangup(tty); 751 /* 752 * We don't want to have driver/ldisc interactions beyond 753 * the ones we did here. The driver layer expects no 754 * calls after ->hangup() from the ldisc side. However we 755 * can't yet guarantee all that. 756 */ 757 set_bit(TTY_HUPPED, &tty->flags); 758 tty_unlock(tty); 759 760 if (f) 761 fput(f); 762 } 763 764 static void do_tty_hangup(struct work_struct *work) 765 { 766 struct tty_struct *tty = 767 container_of(work, struct tty_struct, hangup_work); 768 769 __tty_hangup(tty, 0); 770 } 771 772 /** 773 * tty_hangup - trigger a hangup event 774 * @tty: tty to hangup 775 * 776 * A carrier loss (virtual or otherwise) has occurred on this like 777 * schedule a hangup sequence to run after this event. 778 */ 779 780 void tty_hangup(struct tty_struct *tty) 781 { 782 tty_debug_hangup(tty, "\n"); 783 schedule_work(&tty->hangup_work); 784 } 785 786 EXPORT_SYMBOL(tty_hangup); 787 788 /** 789 * tty_vhangup - process vhangup 790 * @tty: tty to hangup 791 * 792 * The user has asked via system call for the terminal to be hung up. 793 * We do this synchronously so that when the syscall returns the process 794 * is complete. That guarantee is necessary for security reasons. 795 */ 796 797 void tty_vhangup(struct tty_struct *tty) 798 { 799 tty_debug_hangup(tty, "\n"); 800 __tty_hangup(tty, 0); 801 } 802 803 EXPORT_SYMBOL(tty_vhangup); 804 805 806 /** 807 * tty_vhangup_self - process vhangup for own ctty 808 * 809 * Perform a vhangup on the current controlling tty 810 */ 811 812 void tty_vhangup_self(void) 813 { 814 struct tty_struct *tty; 815 816 tty = get_current_tty(); 817 if (tty) { 818 tty_vhangup(tty); 819 tty_kref_put(tty); 820 } 821 } 822 823 /** 824 * tty_vhangup_session - hangup session leader exit 825 * @tty: tty to hangup 826 * 827 * The session leader is exiting and hanging up its controlling terminal. 828 * Every process in the foreground process group is signalled SIGHUP. 829 * 830 * We do this synchronously so that when the syscall returns the process 831 * is complete. That guarantee is necessary for security reasons. 832 */ 833 834 static void tty_vhangup_session(struct tty_struct *tty) 835 { 836 tty_debug_hangup(tty, "\n"); 837 __tty_hangup(tty, 1); 838 } 839 840 /** 841 * tty_hung_up_p - was tty hung up 842 * @filp: file pointer of tty 843 * 844 * Return true if the tty has been subject to a vhangup or a carrier 845 * loss 846 */ 847 848 int tty_hung_up_p(struct file *filp) 849 { 850 return (filp->f_op == &hung_up_tty_fops); 851 } 852 853 EXPORT_SYMBOL(tty_hung_up_p); 854 855 /** 856 * disassociate_ctty - disconnect controlling tty 857 * @on_exit: true if exiting so need to "hang up" the session 858 * 859 * This function is typically called only by the session leader, when 860 * it wants to disassociate itself from its controlling tty. 861 * 862 * It performs the following functions: 863 * (1) Sends a SIGHUP and SIGCONT to the foreground process group 864 * (2) Clears the tty from being controlling the session 865 * (3) Clears the controlling tty for all processes in the 866 * session group. 867 * 868 * The argument on_exit is set to 1 if called when a process is 869 * exiting; it is 0 if called by the ioctl TIOCNOTTY. 870 * 871 * Locking: 872 * BTM is taken for hysterical raisins, and held when 873 * called from no_tty(). 874 * tty_mutex is taken to protect tty 875 * ->siglock is taken to protect ->signal/->sighand 876 * tasklist_lock is taken to walk process list for sessions 877 * ->siglock is taken to protect ->signal/->sighand 878 */ 879 880 void disassociate_ctty(int on_exit) 881 { 882 struct tty_struct *tty; 883 884 if (!current->signal->leader) 885 return; 886 887 tty = get_current_tty(); 888 if (tty) { 889 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) { 890 tty_vhangup_session(tty); 891 } else { 892 struct pid *tty_pgrp = tty_get_pgrp(tty); 893 if (tty_pgrp) { 894 kill_pgrp(tty_pgrp, SIGHUP, on_exit); 895 if (!on_exit) 896 kill_pgrp(tty_pgrp, SIGCONT, on_exit); 897 put_pid(tty_pgrp); 898 } 899 } 900 tty_kref_put(tty); 901 902 } else if (on_exit) { 903 struct pid *old_pgrp; 904 spin_lock_irq(¤t->sighand->siglock); 905 old_pgrp = current->signal->tty_old_pgrp; 906 current->signal->tty_old_pgrp = NULL; 907 spin_unlock_irq(¤t->sighand->siglock); 908 if (old_pgrp) { 909 kill_pgrp(old_pgrp, SIGHUP, on_exit); 910 kill_pgrp(old_pgrp, SIGCONT, on_exit); 911 put_pid(old_pgrp); 912 } 913 return; 914 } 915 916 spin_lock_irq(¤t->sighand->siglock); 917 put_pid(current->signal->tty_old_pgrp); 918 current->signal->tty_old_pgrp = NULL; 919 920 tty = tty_kref_get(current->signal->tty); 921 if (tty) { 922 unsigned long flags; 923 spin_lock_irqsave(&tty->ctrl_lock, flags); 924 put_pid(tty->session); 925 put_pid(tty->pgrp); 926 tty->session = NULL; 927 tty->pgrp = NULL; 928 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 929 tty_kref_put(tty); 930 } else 931 tty_debug_hangup(tty, "no current tty\n"); 932 933 spin_unlock_irq(¤t->sighand->siglock); 934 /* Now clear signal->tty under the lock */ 935 read_lock(&tasklist_lock); 936 session_clear_tty(task_session(current)); 937 read_unlock(&tasklist_lock); 938 } 939 940 /** 941 * 942 * no_tty - Ensure the current process does not have a controlling tty 943 */ 944 void no_tty(void) 945 { 946 /* FIXME: Review locking here. The tty_lock never covered any race 947 between a new association and proc_clear_tty but possible we need 948 to protect against this anyway */ 949 struct task_struct *tsk = current; 950 disassociate_ctty(0); 951 proc_clear_tty(tsk); 952 } 953 954 955 /** 956 * stop_tty - propagate flow control 957 * @tty: tty to stop 958 * 959 * Perform flow control to the driver. May be called 960 * on an already stopped device and will not re-call the driver 961 * method. 962 * 963 * This functionality is used by both the line disciplines for 964 * halting incoming flow and by the driver. It may therefore be 965 * called from any context, may be under the tty atomic_write_lock 966 * but not always. 967 * 968 * Locking: 969 * flow_lock 970 */ 971 972 void __stop_tty(struct tty_struct *tty) 973 { 974 if (tty->stopped) 975 return; 976 tty->stopped = 1; 977 if (tty->ops->stop) 978 tty->ops->stop(tty); 979 } 980 981 void stop_tty(struct tty_struct *tty) 982 { 983 unsigned long flags; 984 985 spin_lock_irqsave(&tty->flow_lock, flags); 986 __stop_tty(tty); 987 spin_unlock_irqrestore(&tty->flow_lock, flags); 988 } 989 EXPORT_SYMBOL(stop_tty); 990 991 /** 992 * start_tty - propagate flow control 993 * @tty: tty to start 994 * 995 * Start a tty that has been stopped if at all possible. If this 996 * tty was previous stopped and is now being started, the driver 997 * start method is invoked and the line discipline woken. 998 * 999 * Locking: 1000 * flow_lock 1001 */ 1002 1003 void __start_tty(struct tty_struct *tty) 1004 { 1005 if (!tty->stopped || tty->flow_stopped) 1006 return; 1007 tty->stopped = 0; 1008 if (tty->ops->start) 1009 tty->ops->start(tty); 1010 tty_wakeup(tty); 1011 } 1012 1013 void start_tty(struct tty_struct *tty) 1014 { 1015 unsigned long flags; 1016 1017 spin_lock_irqsave(&tty->flow_lock, flags); 1018 __start_tty(tty); 1019 spin_unlock_irqrestore(&tty->flow_lock, flags); 1020 } 1021 EXPORT_SYMBOL(start_tty); 1022 1023 static void tty_update_time(struct timespec *time) 1024 { 1025 unsigned long sec = get_seconds(); 1026 1027 /* 1028 * We only care if the two values differ in anything other than the 1029 * lower three bits (i.e every 8 seconds). If so, then we can update 1030 * the time of the tty device, otherwise it could be construded as a 1031 * security leak to let userspace know the exact timing of the tty. 1032 */ 1033 if ((sec ^ time->tv_sec) & ~7) 1034 time->tv_sec = sec; 1035 } 1036 1037 /** 1038 * tty_read - read method for tty device files 1039 * @file: pointer to tty file 1040 * @buf: user buffer 1041 * @count: size of user buffer 1042 * @ppos: unused 1043 * 1044 * Perform the read system call function on this terminal device. Checks 1045 * for hung up devices before calling the line discipline method. 1046 * 1047 * Locking: 1048 * Locks the line discipline internally while needed. Multiple 1049 * read calls may be outstanding in parallel. 1050 */ 1051 1052 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 1053 loff_t *ppos) 1054 { 1055 int i; 1056 struct inode *inode = file_inode(file); 1057 struct tty_struct *tty = file_tty(file); 1058 struct tty_ldisc *ld; 1059 1060 if (tty_paranoia_check(tty, inode, "tty_read")) 1061 return -EIO; 1062 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags))) 1063 return -EIO; 1064 1065 /* We want to wait for the line discipline to sort out in this 1066 situation */ 1067 ld = tty_ldisc_ref_wait(tty); 1068 if (ld->ops->read) 1069 i = ld->ops->read(tty, file, buf, count); 1070 else 1071 i = -EIO; 1072 tty_ldisc_deref(ld); 1073 1074 if (i > 0) 1075 tty_update_time(&inode->i_atime); 1076 1077 return i; 1078 } 1079 1080 static void tty_write_unlock(struct tty_struct *tty) 1081 { 1082 mutex_unlock(&tty->atomic_write_lock); 1083 wake_up_interruptible_poll(&tty->write_wait, POLLOUT); 1084 } 1085 1086 static int tty_write_lock(struct tty_struct *tty, int ndelay) 1087 { 1088 if (!mutex_trylock(&tty->atomic_write_lock)) { 1089 if (ndelay) 1090 return -EAGAIN; 1091 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 1092 return -ERESTARTSYS; 1093 } 1094 return 0; 1095 } 1096 1097 /* 1098 * Split writes up in sane blocksizes to avoid 1099 * denial-of-service type attacks 1100 */ 1101 static inline ssize_t do_tty_write( 1102 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 1103 struct tty_struct *tty, 1104 struct file *file, 1105 const char __user *buf, 1106 size_t count) 1107 { 1108 ssize_t ret, written = 0; 1109 unsigned int chunk; 1110 1111 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 1112 if (ret < 0) 1113 return ret; 1114 1115 /* 1116 * We chunk up writes into a temporary buffer. This 1117 * simplifies low-level drivers immensely, since they 1118 * don't have locking issues and user mode accesses. 1119 * 1120 * But if TTY_NO_WRITE_SPLIT is set, we should use a 1121 * big chunk-size.. 1122 * 1123 * The default chunk-size is 2kB, because the NTTY 1124 * layer has problems with bigger chunks. It will 1125 * claim to be able to handle more characters than 1126 * it actually does. 1127 * 1128 * FIXME: This can probably go away now except that 64K chunks 1129 * are too likely to fail unless switched to vmalloc... 1130 */ 1131 chunk = 2048; 1132 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 1133 chunk = 65536; 1134 if (count < chunk) 1135 chunk = count; 1136 1137 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 1138 if (tty->write_cnt < chunk) { 1139 unsigned char *buf_chunk; 1140 1141 if (chunk < 1024) 1142 chunk = 1024; 1143 1144 buf_chunk = kmalloc(chunk, GFP_KERNEL); 1145 if (!buf_chunk) { 1146 ret = -ENOMEM; 1147 goto out; 1148 } 1149 kfree(tty->write_buf); 1150 tty->write_cnt = chunk; 1151 tty->write_buf = buf_chunk; 1152 } 1153 1154 /* Do the write .. */ 1155 for (;;) { 1156 size_t size = count; 1157 if (size > chunk) 1158 size = chunk; 1159 ret = -EFAULT; 1160 if (copy_from_user(tty->write_buf, buf, size)) 1161 break; 1162 ret = write(tty, file, tty->write_buf, size); 1163 if (ret <= 0) 1164 break; 1165 written += ret; 1166 buf += ret; 1167 count -= ret; 1168 if (!count) 1169 break; 1170 ret = -ERESTARTSYS; 1171 if (signal_pending(current)) 1172 break; 1173 cond_resched(); 1174 } 1175 if (written) { 1176 tty_update_time(&file_inode(file)->i_mtime); 1177 ret = written; 1178 } 1179 out: 1180 tty_write_unlock(tty); 1181 return ret; 1182 } 1183 1184 /** 1185 * tty_write_message - write a message to a certain tty, not just the console. 1186 * @tty: the destination tty_struct 1187 * @msg: the message to write 1188 * 1189 * This is used for messages that need to be redirected to a specific tty. 1190 * We don't put it into the syslog queue right now maybe in the future if 1191 * really needed. 1192 * 1193 * We must still hold the BTM and test the CLOSING flag for the moment. 1194 */ 1195 1196 void tty_write_message(struct tty_struct *tty, char *msg) 1197 { 1198 if (tty) { 1199 mutex_lock(&tty->atomic_write_lock); 1200 tty_lock(tty); 1201 if (tty->ops->write && tty->count > 0) { 1202 tty_unlock(tty); 1203 tty->ops->write(tty, msg, strlen(msg)); 1204 } else 1205 tty_unlock(tty); 1206 tty_write_unlock(tty); 1207 } 1208 return; 1209 } 1210 1211 1212 /** 1213 * tty_write - write method for tty device file 1214 * @file: tty file pointer 1215 * @buf: user data to write 1216 * @count: bytes to write 1217 * @ppos: unused 1218 * 1219 * Write data to a tty device via the line discipline. 1220 * 1221 * Locking: 1222 * Locks the line discipline as required 1223 * Writes to the tty driver are serialized by the atomic_write_lock 1224 * and are then processed in chunks to the device. The line discipline 1225 * write method will not be invoked in parallel for each device. 1226 */ 1227 1228 static ssize_t tty_write(struct file *file, const char __user *buf, 1229 size_t count, loff_t *ppos) 1230 { 1231 struct tty_struct *tty = file_tty(file); 1232 struct tty_ldisc *ld; 1233 ssize_t ret; 1234 1235 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1236 return -EIO; 1237 if (!tty || !tty->ops->write || 1238 (test_bit(TTY_IO_ERROR, &tty->flags))) 1239 return -EIO; 1240 /* Short term debug to catch buggy drivers */ 1241 if (tty->ops->write_room == NULL) 1242 printk(KERN_ERR "tty driver %s lacks a write_room method.\n", 1243 tty->driver->name); 1244 ld = tty_ldisc_ref_wait(tty); 1245 if (!ld->ops->write) 1246 ret = -EIO; 1247 else 1248 ret = do_tty_write(ld->ops->write, tty, file, buf, count); 1249 tty_ldisc_deref(ld); 1250 return ret; 1251 } 1252 1253 ssize_t redirected_tty_write(struct file *file, const char __user *buf, 1254 size_t count, loff_t *ppos) 1255 { 1256 struct file *p = NULL; 1257 1258 spin_lock(&redirect_lock); 1259 if (redirect) 1260 p = get_file(redirect); 1261 spin_unlock(&redirect_lock); 1262 1263 if (p) { 1264 ssize_t res; 1265 res = vfs_write(p, buf, count, &p->f_pos); 1266 fput(p); 1267 return res; 1268 } 1269 return tty_write(file, buf, count, ppos); 1270 } 1271 1272 /** 1273 * tty_send_xchar - send priority character 1274 * 1275 * Send a high priority character to the tty even if stopped 1276 * 1277 * Locking: none for xchar method, write ordering for write method. 1278 */ 1279 1280 int tty_send_xchar(struct tty_struct *tty, char ch) 1281 { 1282 int was_stopped = tty->stopped; 1283 1284 if (tty->ops->send_xchar) { 1285 tty->ops->send_xchar(tty, ch); 1286 return 0; 1287 } 1288 1289 if (tty_write_lock(tty, 0) < 0) 1290 return -ERESTARTSYS; 1291 1292 if (was_stopped) 1293 start_tty(tty); 1294 tty->ops->write(tty, &ch, 1); 1295 if (was_stopped) 1296 stop_tty(tty); 1297 tty_write_unlock(tty); 1298 return 0; 1299 } 1300 1301 static char ptychar[] = "pqrstuvwxyzabcde"; 1302 1303 /** 1304 * pty_line_name - generate name for a pty 1305 * @driver: the tty driver in use 1306 * @index: the minor number 1307 * @p: output buffer of at least 6 bytes 1308 * 1309 * Generate a name from a driver reference and write it to the output 1310 * buffer. 1311 * 1312 * Locking: None 1313 */ 1314 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1315 { 1316 int i = index + driver->name_base; 1317 /* ->name is initialized to "ttyp", but "tty" is expected */ 1318 sprintf(p, "%s%c%x", 1319 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1320 ptychar[i >> 4 & 0xf], i & 0xf); 1321 } 1322 1323 /** 1324 * tty_line_name - generate name for a tty 1325 * @driver: the tty driver in use 1326 * @index: the minor number 1327 * @p: output buffer of at least 7 bytes 1328 * 1329 * Generate a name from a driver reference and write it to the output 1330 * buffer. 1331 * 1332 * Locking: None 1333 */ 1334 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1335 { 1336 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1337 return sprintf(p, "%s", driver->name); 1338 else 1339 return sprintf(p, "%s%d", driver->name, 1340 index + driver->name_base); 1341 } 1342 1343 /** 1344 * tty_driver_lookup_tty() - find an existing tty, if any 1345 * @driver: the driver for the tty 1346 * @idx: the minor number 1347 * 1348 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the 1349 * driver lookup() method returns an error. 1350 * 1351 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1352 */ 1353 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1354 struct inode *inode, int idx) 1355 { 1356 struct tty_struct *tty; 1357 1358 if (driver->ops->lookup) 1359 tty = driver->ops->lookup(driver, inode, idx); 1360 else 1361 tty = driver->ttys[idx]; 1362 1363 if (!IS_ERR(tty)) 1364 tty_kref_get(tty); 1365 return tty; 1366 } 1367 1368 /** 1369 * tty_init_termios - helper for termios setup 1370 * @tty: the tty to set up 1371 * 1372 * Initialise the termios structures for this tty. Thus runs under 1373 * the tty_mutex currently so we can be relaxed about ordering. 1374 */ 1375 1376 int tty_init_termios(struct tty_struct *tty) 1377 { 1378 struct ktermios *tp; 1379 int idx = tty->index; 1380 1381 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1382 tty->termios = tty->driver->init_termios; 1383 else { 1384 /* Check for lazy saved data */ 1385 tp = tty->driver->termios[idx]; 1386 if (tp != NULL) 1387 tty->termios = *tp; 1388 else 1389 tty->termios = tty->driver->init_termios; 1390 } 1391 /* Compatibility until drivers always set this */ 1392 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1393 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1394 return 0; 1395 } 1396 EXPORT_SYMBOL_GPL(tty_init_termios); 1397 1398 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1399 { 1400 int ret = tty_init_termios(tty); 1401 if (ret) 1402 return ret; 1403 1404 tty_driver_kref_get(driver); 1405 tty->count++; 1406 driver->ttys[tty->index] = tty; 1407 return 0; 1408 } 1409 EXPORT_SYMBOL_GPL(tty_standard_install); 1410 1411 /** 1412 * tty_driver_install_tty() - install a tty entry in the driver 1413 * @driver: the driver for the tty 1414 * @tty: the tty 1415 * 1416 * Install a tty object into the driver tables. The tty->index field 1417 * will be set by the time this is called. This method is responsible 1418 * for ensuring any need additional structures are allocated and 1419 * configured. 1420 * 1421 * Locking: tty_mutex for now 1422 */ 1423 static int tty_driver_install_tty(struct tty_driver *driver, 1424 struct tty_struct *tty) 1425 { 1426 return driver->ops->install ? driver->ops->install(driver, tty) : 1427 tty_standard_install(driver, tty); 1428 } 1429 1430 /** 1431 * tty_driver_remove_tty() - remove a tty from the driver tables 1432 * @driver: the driver for the tty 1433 * @idx: the minor number 1434 * 1435 * Remvoe a tty object from the driver tables. The tty->index field 1436 * will be set by the time this is called. 1437 * 1438 * Locking: tty_mutex for now 1439 */ 1440 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1441 { 1442 if (driver->ops->remove) 1443 driver->ops->remove(driver, tty); 1444 else 1445 driver->ttys[tty->index] = NULL; 1446 } 1447 1448 /* 1449 * tty_reopen() - fast re-open of an open tty 1450 * @tty - the tty to open 1451 * 1452 * Return 0 on success, -errno on error. 1453 * Re-opens on master ptys are not allowed and return -EIO. 1454 * 1455 * Locking: Caller must hold tty_lock 1456 */ 1457 static int tty_reopen(struct tty_struct *tty) 1458 { 1459 struct tty_driver *driver = tty->driver; 1460 1461 if (!tty->count) 1462 return -EIO; 1463 1464 if (driver->type == TTY_DRIVER_TYPE_PTY && 1465 driver->subtype == PTY_TYPE_MASTER) 1466 return -EIO; 1467 1468 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1469 return -EBUSY; 1470 1471 tty->count++; 1472 1473 WARN_ON(!tty->ldisc); 1474 1475 return 0; 1476 } 1477 1478 /** 1479 * tty_init_dev - initialise a tty device 1480 * @driver: tty driver we are opening a device on 1481 * @idx: device index 1482 * @ret_tty: returned tty structure 1483 * 1484 * Prepare a tty device. This may not be a "new" clean device but 1485 * could also be an active device. The pty drivers require special 1486 * handling because of this. 1487 * 1488 * Locking: 1489 * The function is called under the tty_mutex, which 1490 * protects us from the tty struct or driver itself going away. 1491 * 1492 * On exit the tty device has the line discipline attached and 1493 * a reference count of 1. If a pair was created for pty/tty use 1494 * and the other was a pty master then it too has a reference count of 1. 1495 * 1496 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1497 * failed open. The new code protects the open with a mutex, so it's 1498 * really quite straightforward. The mutex locking can probably be 1499 * relaxed for the (most common) case of reopening a tty. 1500 */ 1501 1502 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1503 { 1504 struct tty_struct *tty; 1505 int retval; 1506 1507 /* 1508 * First time open is complex, especially for PTY devices. 1509 * This code guarantees that either everything succeeds and the 1510 * TTY is ready for operation, or else the table slots are vacated 1511 * and the allocated memory released. (Except that the termios 1512 * and locked termios may be retained.) 1513 */ 1514 1515 if (!try_module_get(driver->owner)) 1516 return ERR_PTR(-ENODEV); 1517 1518 tty = alloc_tty_struct(driver, idx); 1519 if (!tty) { 1520 retval = -ENOMEM; 1521 goto err_module_put; 1522 } 1523 1524 tty_lock(tty); 1525 retval = tty_driver_install_tty(driver, tty); 1526 if (retval < 0) 1527 goto err_deinit_tty; 1528 1529 if (!tty->port) 1530 tty->port = driver->ports[idx]; 1531 1532 WARN_RATELIMIT(!tty->port, 1533 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", 1534 __func__, tty->driver->name); 1535 1536 tty->port->itty = tty; 1537 1538 /* 1539 * Structures all installed ... call the ldisc open routines. 1540 * If we fail here just call release_tty to clean up. No need 1541 * to decrement the use counts, as release_tty doesn't care. 1542 */ 1543 retval = tty_ldisc_setup(tty, tty->link); 1544 if (retval) 1545 goto err_release_tty; 1546 /* Return the tty locked so that it cannot vanish under the caller */ 1547 return tty; 1548 1549 err_deinit_tty: 1550 tty_unlock(tty); 1551 deinitialize_tty_struct(tty); 1552 free_tty_struct(tty); 1553 err_module_put: 1554 module_put(driver->owner); 1555 return ERR_PTR(retval); 1556 1557 /* call the tty release_tty routine to clean out this slot */ 1558 err_release_tty: 1559 tty_unlock(tty); 1560 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, " 1561 "clearing slot %d\n", idx); 1562 release_tty(tty, idx); 1563 return ERR_PTR(retval); 1564 } 1565 1566 void tty_free_termios(struct tty_struct *tty) 1567 { 1568 struct ktermios *tp; 1569 int idx = tty->index; 1570 1571 /* If the port is going to reset then it has no termios to save */ 1572 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1573 return; 1574 1575 /* Stash the termios data */ 1576 tp = tty->driver->termios[idx]; 1577 if (tp == NULL) { 1578 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL); 1579 if (tp == NULL) { 1580 pr_warn("tty: no memory to save termios state.\n"); 1581 return; 1582 } 1583 tty->driver->termios[idx] = tp; 1584 } 1585 *tp = tty->termios; 1586 } 1587 EXPORT_SYMBOL(tty_free_termios); 1588 1589 /** 1590 * tty_flush_works - flush all works of a tty/pty pair 1591 * @tty: tty device to flush works for (or either end of a pty pair) 1592 * 1593 * Sync flush all works belonging to @tty (and the 'other' tty). 1594 */ 1595 static void tty_flush_works(struct tty_struct *tty) 1596 { 1597 flush_work(&tty->SAK_work); 1598 flush_work(&tty->hangup_work); 1599 if (tty->link) { 1600 flush_work(&tty->link->SAK_work); 1601 flush_work(&tty->link->hangup_work); 1602 } 1603 } 1604 1605 /** 1606 * release_one_tty - release tty structure memory 1607 * @kref: kref of tty we are obliterating 1608 * 1609 * Releases memory associated with a tty structure, and clears out the 1610 * driver table slots. This function is called when a device is no longer 1611 * in use. It also gets called when setup of a device fails. 1612 * 1613 * Locking: 1614 * takes the file list lock internally when working on the list 1615 * of ttys that the driver keeps. 1616 * 1617 * This method gets called from a work queue so that the driver private 1618 * cleanup ops can sleep (needed for USB at least) 1619 */ 1620 static void release_one_tty(struct work_struct *work) 1621 { 1622 struct tty_struct *tty = 1623 container_of(work, struct tty_struct, hangup_work); 1624 struct tty_driver *driver = tty->driver; 1625 struct module *owner = driver->owner; 1626 1627 if (tty->ops->cleanup) 1628 tty->ops->cleanup(tty); 1629 1630 tty->magic = 0; 1631 tty_driver_kref_put(driver); 1632 module_put(owner); 1633 1634 spin_lock(&tty_files_lock); 1635 list_del_init(&tty->tty_files); 1636 spin_unlock(&tty_files_lock); 1637 1638 put_pid(tty->pgrp); 1639 put_pid(tty->session); 1640 free_tty_struct(tty); 1641 } 1642 1643 static void queue_release_one_tty(struct kref *kref) 1644 { 1645 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1646 1647 /* The hangup queue is now free so we can reuse it rather than 1648 waste a chunk of memory for each port */ 1649 INIT_WORK(&tty->hangup_work, release_one_tty); 1650 schedule_work(&tty->hangup_work); 1651 } 1652 1653 /** 1654 * tty_kref_put - release a tty kref 1655 * @tty: tty device 1656 * 1657 * Release a reference to a tty device and if need be let the kref 1658 * layer destruct the object for us 1659 */ 1660 1661 void tty_kref_put(struct tty_struct *tty) 1662 { 1663 if (tty) 1664 kref_put(&tty->kref, queue_release_one_tty); 1665 } 1666 EXPORT_SYMBOL(tty_kref_put); 1667 1668 /** 1669 * release_tty - release tty structure memory 1670 * 1671 * Release both @tty and a possible linked partner (think pty pair), 1672 * and decrement the refcount of the backing module. 1673 * 1674 * Locking: 1675 * tty_mutex 1676 * takes the file list lock internally when working on the list 1677 * of ttys that the driver keeps. 1678 * 1679 */ 1680 static void release_tty(struct tty_struct *tty, int idx) 1681 { 1682 /* This should always be true but check for the moment */ 1683 WARN_ON(tty->index != idx); 1684 WARN_ON(!mutex_is_locked(&tty_mutex)); 1685 if (tty->ops->shutdown) 1686 tty->ops->shutdown(tty); 1687 tty_free_termios(tty); 1688 tty_driver_remove_tty(tty->driver, tty); 1689 tty->port->itty = NULL; 1690 if (tty->link) 1691 tty->link->port->itty = NULL; 1692 cancel_work_sync(&tty->port->buf.work); 1693 1694 tty_kref_put(tty->link); 1695 tty_kref_put(tty); 1696 } 1697 1698 /** 1699 * tty_release_checks - check a tty before real release 1700 * @tty: tty to check 1701 * @o_tty: link of @tty (if any) 1702 * @idx: index of the tty 1703 * 1704 * Performs some paranoid checking before true release of the @tty. 1705 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1706 */ 1707 static int tty_release_checks(struct tty_struct *tty, int idx) 1708 { 1709 #ifdef TTY_PARANOIA_CHECK 1710 if (idx < 0 || idx >= tty->driver->num) { 1711 tty_debug(tty, "bad idx %d\n", idx); 1712 return -1; 1713 } 1714 1715 /* not much to check for devpts */ 1716 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1717 return 0; 1718 1719 if (tty != tty->driver->ttys[idx]) { 1720 tty_debug(tty, "bad driver table[%d] = %p\n", 1721 idx, tty->driver->ttys[idx]); 1722 return -1; 1723 } 1724 if (tty->driver->other) { 1725 struct tty_struct *o_tty = tty->link; 1726 1727 if (o_tty != tty->driver->other->ttys[idx]) { 1728 tty_debug(tty, "bad other table[%d] = %p\n", 1729 idx, tty->driver->other->ttys[idx]); 1730 return -1; 1731 } 1732 if (o_tty->link != tty) { 1733 tty_debug(tty, "bad link = %p\n", o_tty->link); 1734 return -1; 1735 } 1736 } 1737 #endif 1738 return 0; 1739 } 1740 1741 /** 1742 * tty_release - vfs callback for close 1743 * @inode: inode of tty 1744 * @filp: file pointer for handle to tty 1745 * 1746 * Called the last time each file handle is closed that references 1747 * this tty. There may however be several such references. 1748 * 1749 * Locking: 1750 * Takes bkl. See tty_release_dev 1751 * 1752 * Even releasing the tty structures is a tricky business.. We have 1753 * to be very careful that the structures are all released at the 1754 * same time, as interrupts might otherwise get the wrong pointers. 1755 * 1756 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1757 * lead to double frees or releasing memory still in use. 1758 */ 1759 1760 int tty_release(struct inode *inode, struct file *filp) 1761 { 1762 struct tty_struct *tty = file_tty(filp); 1763 struct tty_struct *o_tty = NULL; 1764 int do_sleep, final; 1765 int idx; 1766 long timeout = 0; 1767 int once = 1; 1768 1769 if (tty_paranoia_check(tty, inode, __func__)) 1770 return 0; 1771 1772 tty_lock(tty); 1773 check_tty_count(tty, __func__); 1774 1775 __tty_fasync(-1, filp, 0); 1776 1777 idx = tty->index; 1778 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1779 tty->driver->subtype == PTY_TYPE_MASTER) 1780 o_tty = tty->link; 1781 1782 if (tty_release_checks(tty, idx)) { 1783 tty_unlock(tty); 1784 return 0; 1785 } 1786 1787 tty_debug_hangup(tty, "(tty count=%d)...\n", tty->count); 1788 1789 if (tty->ops->close) 1790 tty->ops->close(tty, filp); 1791 1792 /* If tty is pty master, lock the slave pty (stable lock order) */ 1793 tty_lock_slave(o_tty); 1794 1795 /* 1796 * Sanity check: if tty->count is going to zero, there shouldn't be 1797 * any waiters on tty->read_wait or tty->write_wait. We test the 1798 * wait queues and kick everyone out _before_ actually starting to 1799 * close. This ensures that we won't block while releasing the tty 1800 * structure. 1801 * 1802 * The test for the o_tty closing is necessary, since the master and 1803 * slave sides may close in any order. If the slave side closes out 1804 * first, its count will be one, since the master side holds an open. 1805 * Thus this test wouldn't be triggered at the time the slave closed, 1806 * so we do it now. 1807 */ 1808 while (1) { 1809 do_sleep = 0; 1810 1811 if (tty->count <= 1) { 1812 if (waitqueue_active(&tty->read_wait)) { 1813 wake_up_poll(&tty->read_wait, POLLIN); 1814 do_sleep++; 1815 } 1816 if (waitqueue_active(&tty->write_wait)) { 1817 wake_up_poll(&tty->write_wait, POLLOUT); 1818 do_sleep++; 1819 } 1820 } 1821 if (o_tty && o_tty->count <= 1) { 1822 if (waitqueue_active(&o_tty->read_wait)) { 1823 wake_up_poll(&o_tty->read_wait, POLLIN); 1824 do_sleep++; 1825 } 1826 if (waitqueue_active(&o_tty->write_wait)) { 1827 wake_up_poll(&o_tty->write_wait, POLLOUT); 1828 do_sleep++; 1829 } 1830 } 1831 if (!do_sleep) 1832 break; 1833 1834 if (once) { 1835 once = 0; 1836 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n", 1837 __func__, tty_name(tty)); 1838 } 1839 schedule_timeout_killable(timeout); 1840 if (timeout < 120 * HZ) 1841 timeout = 2 * timeout + 1; 1842 else 1843 timeout = MAX_SCHEDULE_TIMEOUT; 1844 } 1845 1846 if (o_tty) { 1847 if (--o_tty->count < 0) { 1848 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n", 1849 __func__, o_tty->count, tty_name(o_tty)); 1850 o_tty->count = 0; 1851 } 1852 } 1853 if (--tty->count < 0) { 1854 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n", 1855 __func__, tty->count, tty_name(tty)); 1856 tty->count = 0; 1857 } 1858 1859 /* 1860 * We've decremented tty->count, so we need to remove this file 1861 * descriptor off the tty->tty_files list; this serves two 1862 * purposes: 1863 * - check_tty_count sees the correct number of file descriptors 1864 * associated with this tty. 1865 * - do_tty_hangup no longer sees this file descriptor as 1866 * something that needs to be handled for hangups. 1867 */ 1868 tty_del_file(filp); 1869 1870 /* 1871 * Perform some housekeeping before deciding whether to return. 1872 * 1873 * If _either_ side is closing, make sure there aren't any 1874 * processes that still think tty or o_tty is their controlling 1875 * tty. 1876 */ 1877 if (!tty->count) { 1878 read_lock(&tasklist_lock); 1879 session_clear_tty(tty->session); 1880 if (o_tty) 1881 session_clear_tty(o_tty->session); 1882 read_unlock(&tasklist_lock); 1883 } 1884 1885 /* check whether both sides are closing ... */ 1886 final = !tty->count && !(o_tty && o_tty->count); 1887 1888 tty_unlock_slave(o_tty); 1889 tty_unlock(tty); 1890 1891 /* At this point, the tty->count == 0 should ensure a dead tty 1892 cannot be re-opened by a racing opener */ 1893 1894 if (!final) 1895 return 0; 1896 1897 tty_debug_hangup(tty, "final close\n"); 1898 /* 1899 * Ask the line discipline code to release its structures 1900 */ 1901 tty_ldisc_release(tty); 1902 1903 /* Wait for pending work before tty destruction commmences */ 1904 tty_flush_works(tty); 1905 1906 tty_debug_hangup(tty, "freeing structure...\n"); 1907 /* 1908 * The release_tty function takes care of the details of clearing 1909 * the slots and preserving the termios structure. The tty_unlock_pair 1910 * should be safe as we keep a kref while the tty is locked (so the 1911 * unlock never unlocks a freed tty). 1912 */ 1913 mutex_lock(&tty_mutex); 1914 release_tty(tty, idx); 1915 mutex_unlock(&tty_mutex); 1916 1917 return 0; 1918 } 1919 1920 /** 1921 * tty_open_current_tty - get locked tty of current task 1922 * @device: device number 1923 * @filp: file pointer to tty 1924 * @return: locked tty of the current task iff @device is /dev/tty 1925 * 1926 * Performs a re-open of the current task's controlling tty. 1927 * 1928 * We cannot return driver and index like for the other nodes because 1929 * devpts will not work then. It expects inodes to be from devpts FS. 1930 */ 1931 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1932 { 1933 struct tty_struct *tty; 1934 int retval; 1935 1936 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1937 return NULL; 1938 1939 tty = get_current_tty(); 1940 if (!tty) 1941 return ERR_PTR(-ENXIO); 1942 1943 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1944 /* noctty = 1; */ 1945 tty_lock(tty); 1946 tty_kref_put(tty); /* safe to drop the kref now */ 1947 1948 retval = tty_reopen(tty); 1949 if (retval < 0) { 1950 tty_unlock(tty); 1951 tty = ERR_PTR(retval); 1952 } 1953 return tty; 1954 } 1955 1956 /** 1957 * tty_lookup_driver - lookup a tty driver for a given device file 1958 * @device: device number 1959 * @filp: file pointer to tty 1960 * @noctty: set if the device should not become a controlling tty 1961 * @index: index for the device in the @return driver 1962 * @return: driver for this inode (with increased refcount) 1963 * 1964 * If @return is not erroneous, the caller is responsible to decrement the 1965 * refcount by tty_driver_kref_put. 1966 * 1967 * Locking: tty_mutex protects get_tty_driver 1968 */ 1969 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1970 int *noctty, int *index) 1971 { 1972 struct tty_driver *driver; 1973 1974 switch (device) { 1975 #ifdef CONFIG_VT 1976 case MKDEV(TTY_MAJOR, 0): { 1977 extern struct tty_driver *console_driver; 1978 driver = tty_driver_kref_get(console_driver); 1979 *index = fg_console; 1980 *noctty = 1; 1981 break; 1982 } 1983 #endif 1984 case MKDEV(TTYAUX_MAJOR, 1): { 1985 struct tty_driver *console_driver = console_device(index); 1986 if (console_driver) { 1987 driver = tty_driver_kref_get(console_driver); 1988 if (driver) { 1989 /* Don't let /dev/console block */ 1990 filp->f_flags |= O_NONBLOCK; 1991 *noctty = 1; 1992 break; 1993 } 1994 } 1995 return ERR_PTR(-ENODEV); 1996 } 1997 default: 1998 driver = get_tty_driver(device, index); 1999 if (!driver) 2000 return ERR_PTR(-ENODEV); 2001 break; 2002 } 2003 return driver; 2004 } 2005 2006 /** 2007 * tty_open - open a tty device 2008 * @inode: inode of device file 2009 * @filp: file pointer to tty 2010 * 2011 * tty_open and tty_release keep up the tty count that contains the 2012 * number of opens done on a tty. We cannot use the inode-count, as 2013 * different inodes might point to the same tty. 2014 * 2015 * Open-counting is needed for pty masters, as well as for keeping 2016 * track of serial lines: DTR is dropped when the last close happens. 2017 * (This is not done solely through tty->count, now. - Ted 1/27/92) 2018 * 2019 * The termios state of a pty is reset on first open so that 2020 * settings don't persist across reuse. 2021 * 2022 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 2023 * tty->count should protect the rest. 2024 * ->siglock protects ->signal/->sighand 2025 * 2026 * Note: the tty_unlock/lock cases without a ref are only safe due to 2027 * tty_mutex 2028 */ 2029 2030 static int tty_open(struct inode *inode, struct file *filp) 2031 { 2032 struct tty_struct *tty; 2033 int noctty, retval; 2034 struct tty_driver *driver = NULL; 2035 int index; 2036 dev_t device = inode->i_rdev; 2037 unsigned saved_flags = filp->f_flags; 2038 2039 nonseekable_open(inode, filp); 2040 2041 retry_open: 2042 retval = tty_alloc_file(filp); 2043 if (retval) 2044 return -ENOMEM; 2045 2046 noctty = filp->f_flags & O_NOCTTY; 2047 index = -1; 2048 retval = 0; 2049 2050 tty = tty_open_current_tty(device, filp); 2051 if (!tty) { 2052 mutex_lock(&tty_mutex); 2053 driver = tty_lookup_driver(device, filp, &noctty, &index); 2054 if (IS_ERR(driver)) { 2055 retval = PTR_ERR(driver); 2056 goto err_unlock; 2057 } 2058 2059 /* check whether we're reopening an existing tty */ 2060 tty = tty_driver_lookup_tty(driver, inode, index); 2061 if (IS_ERR(tty)) { 2062 retval = PTR_ERR(tty); 2063 goto err_unlock; 2064 } 2065 2066 if (tty) { 2067 mutex_unlock(&tty_mutex); 2068 tty_lock(tty); 2069 /* safe to drop the kref from tty_driver_lookup_tty() */ 2070 tty_kref_put(tty); 2071 retval = tty_reopen(tty); 2072 if (retval < 0) { 2073 tty_unlock(tty); 2074 tty = ERR_PTR(retval); 2075 } 2076 } else { /* Returns with the tty_lock held for now */ 2077 tty = tty_init_dev(driver, index); 2078 mutex_unlock(&tty_mutex); 2079 } 2080 2081 tty_driver_kref_put(driver); 2082 } 2083 2084 if (IS_ERR(tty)) { 2085 retval = PTR_ERR(tty); 2086 goto err_file; 2087 } 2088 2089 tty_add_file(tty, filp); 2090 2091 check_tty_count(tty, __func__); 2092 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2093 tty->driver->subtype == PTY_TYPE_MASTER) 2094 noctty = 1; 2095 2096 tty_debug_hangup(tty, "(tty count=%d)\n", tty->count); 2097 2098 if (tty->ops->open) 2099 retval = tty->ops->open(tty, filp); 2100 else 2101 retval = -ENODEV; 2102 filp->f_flags = saved_flags; 2103 2104 if (retval) { 2105 tty_debug_hangup(tty, "error %d, releasing...\n", retval); 2106 2107 tty_unlock(tty); /* need to call tty_release without BTM */ 2108 tty_release(inode, filp); 2109 if (retval != -ERESTARTSYS) 2110 return retval; 2111 2112 if (signal_pending(current)) 2113 return retval; 2114 2115 schedule(); 2116 /* 2117 * Need to reset f_op in case a hangup happened. 2118 */ 2119 if (tty_hung_up_p(filp)) 2120 filp->f_op = &tty_fops; 2121 goto retry_open; 2122 } 2123 clear_bit(TTY_HUPPED, &tty->flags); 2124 2125 2126 read_lock(&tasklist_lock); 2127 spin_lock_irq(¤t->sighand->siglock); 2128 if (!noctty && 2129 current->signal->leader && 2130 !current->signal->tty && 2131 tty->session == NULL) { 2132 /* 2133 * Don't let a process that only has write access to the tty 2134 * obtain the privileges associated with having a tty as 2135 * controlling terminal (being able to reopen it with full 2136 * access through /dev/tty, being able to perform pushback). 2137 * Many distributions set the group of all ttys to "tty" and 2138 * grant write-only access to all terminals for setgid tty 2139 * binaries, which should not imply full privileges on all ttys. 2140 * 2141 * This could theoretically break old code that performs open() 2142 * on a write-only file descriptor. In that case, it might be 2143 * necessary to also permit this if 2144 * inode_permission(inode, MAY_READ) == 0. 2145 */ 2146 if (filp->f_mode & FMODE_READ) 2147 __proc_set_tty(tty); 2148 } 2149 spin_unlock_irq(¤t->sighand->siglock); 2150 read_unlock(&tasklist_lock); 2151 tty_unlock(tty); 2152 return 0; 2153 err_unlock: 2154 mutex_unlock(&tty_mutex); 2155 /* after locks to avoid deadlock */ 2156 if (!IS_ERR_OR_NULL(driver)) 2157 tty_driver_kref_put(driver); 2158 err_file: 2159 tty_free_file(filp); 2160 return retval; 2161 } 2162 2163 2164 2165 /** 2166 * tty_poll - check tty status 2167 * @filp: file being polled 2168 * @wait: poll wait structures to update 2169 * 2170 * Call the line discipline polling method to obtain the poll 2171 * status of the device. 2172 * 2173 * Locking: locks called line discipline but ldisc poll method 2174 * may be re-entered freely by other callers. 2175 */ 2176 2177 static unsigned int tty_poll(struct file *filp, poll_table *wait) 2178 { 2179 struct tty_struct *tty = file_tty(filp); 2180 struct tty_ldisc *ld; 2181 int ret = 0; 2182 2183 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2184 return 0; 2185 2186 ld = tty_ldisc_ref_wait(tty); 2187 if (ld->ops->poll) 2188 ret = ld->ops->poll(tty, filp, wait); 2189 tty_ldisc_deref(ld); 2190 return ret; 2191 } 2192 2193 static int __tty_fasync(int fd, struct file *filp, int on) 2194 { 2195 struct tty_struct *tty = file_tty(filp); 2196 struct tty_ldisc *ldisc; 2197 unsigned long flags; 2198 int retval = 0; 2199 2200 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2201 goto out; 2202 2203 retval = fasync_helper(fd, filp, on, &tty->fasync); 2204 if (retval <= 0) 2205 goto out; 2206 2207 ldisc = tty_ldisc_ref(tty); 2208 if (ldisc) { 2209 if (ldisc->ops->fasync) 2210 ldisc->ops->fasync(tty, on); 2211 tty_ldisc_deref(ldisc); 2212 } 2213 2214 if (on) { 2215 enum pid_type type; 2216 struct pid *pid; 2217 2218 spin_lock_irqsave(&tty->ctrl_lock, flags); 2219 if (tty->pgrp) { 2220 pid = tty->pgrp; 2221 type = PIDTYPE_PGID; 2222 } else { 2223 pid = task_pid(current); 2224 type = PIDTYPE_PID; 2225 } 2226 get_pid(pid); 2227 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2228 __f_setown(filp, pid, type, 0); 2229 put_pid(pid); 2230 retval = 0; 2231 } 2232 out: 2233 return retval; 2234 } 2235 2236 static int tty_fasync(int fd, struct file *filp, int on) 2237 { 2238 struct tty_struct *tty = file_tty(filp); 2239 int retval; 2240 2241 tty_lock(tty); 2242 retval = __tty_fasync(fd, filp, on); 2243 tty_unlock(tty); 2244 2245 return retval; 2246 } 2247 2248 /** 2249 * tiocsti - fake input character 2250 * @tty: tty to fake input into 2251 * @p: pointer to character 2252 * 2253 * Fake input to a tty device. Does the necessary locking and 2254 * input management. 2255 * 2256 * FIXME: does not honour flow control ?? 2257 * 2258 * Locking: 2259 * Called functions take tty_ldiscs_lock 2260 * current->signal->tty check is safe without locks 2261 * 2262 * FIXME: may race normal receive processing 2263 */ 2264 2265 static int tiocsti(struct tty_struct *tty, char __user *p) 2266 { 2267 char ch, mbz = 0; 2268 struct tty_ldisc *ld; 2269 2270 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2271 return -EPERM; 2272 if (get_user(ch, p)) 2273 return -EFAULT; 2274 tty_audit_tiocsti(tty, ch); 2275 ld = tty_ldisc_ref_wait(tty); 2276 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2277 tty_ldisc_deref(ld); 2278 return 0; 2279 } 2280 2281 /** 2282 * tiocgwinsz - implement window query ioctl 2283 * @tty; tty 2284 * @arg: user buffer for result 2285 * 2286 * Copies the kernel idea of the window size into the user buffer. 2287 * 2288 * Locking: tty->winsize_mutex is taken to ensure the winsize data 2289 * is consistent. 2290 */ 2291 2292 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2293 { 2294 int err; 2295 2296 mutex_lock(&tty->winsize_mutex); 2297 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2298 mutex_unlock(&tty->winsize_mutex); 2299 2300 return err ? -EFAULT: 0; 2301 } 2302 2303 /** 2304 * tty_do_resize - resize event 2305 * @tty: tty being resized 2306 * @rows: rows (character) 2307 * @cols: cols (character) 2308 * 2309 * Update the termios variables and send the necessary signals to 2310 * peform a terminal resize correctly 2311 */ 2312 2313 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2314 { 2315 struct pid *pgrp; 2316 2317 /* Lock the tty */ 2318 mutex_lock(&tty->winsize_mutex); 2319 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2320 goto done; 2321 2322 /* Signal the foreground process group */ 2323 pgrp = tty_get_pgrp(tty); 2324 if (pgrp) 2325 kill_pgrp(pgrp, SIGWINCH, 1); 2326 put_pid(pgrp); 2327 2328 tty->winsize = *ws; 2329 done: 2330 mutex_unlock(&tty->winsize_mutex); 2331 return 0; 2332 } 2333 EXPORT_SYMBOL(tty_do_resize); 2334 2335 /** 2336 * tiocswinsz - implement window size set ioctl 2337 * @tty; tty side of tty 2338 * @arg: user buffer for result 2339 * 2340 * Copies the user idea of the window size to the kernel. Traditionally 2341 * this is just advisory information but for the Linux console it 2342 * actually has driver level meaning and triggers a VC resize. 2343 * 2344 * Locking: 2345 * Driver dependent. The default do_resize method takes the 2346 * tty termios mutex and ctrl_lock. The console takes its own lock 2347 * then calls into the default method. 2348 */ 2349 2350 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2351 { 2352 struct winsize tmp_ws; 2353 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2354 return -EFAULT; 2355 2356 if (tty->ops->resize) 2357 return tty->ops->resize(tty, &tmp_ws); 2358 else 2359 return tty_do_resize(tty, &tmp_ws); 2360 } 2361 2362 /** 2363 * tioccons - allow admin to move logical console 2364 * @file: the file to become console 2365 * 2366 * Allow the administrator to move the redirected console device 2367 * 2368 * Locking: uses redirect_lock to guard the redirect information 2369 */ 2370 2371 static int tioccons(struct file *file) 2372 { 2373 if (!capable(CAP_SYS_ADMIN)) 2374 return -EPERM; 2375 if (file->f_op->write == redirected_tty_write) { 2376 struct file *f; 2377 spin_lock(&redirect_lock); 2378 f = redirect; 2379 redirect = NULL; 2380 spin_unlock(&redirect_lock); 2381 if (f) 2382 fput(f); 2383 return 0; 2384 } 2385 spin_lock(&redirect_lock); 2386 if (redirect) { 2387 spin_unlock(&redirect_lock); 2388 return -EBUSY; 2389 } 2390 redirect = get_file(file); 2391 spin_unlock(&redirect_lock); 2392 return 0; 2393 } 2394 2395 /** 2396 * fionbio - non blocking ioctl 2397 * @file: file to set blocking value 2398 * @p: user parameter 2399 * 2400 * Historical tty interfaces had a blocking control ioctl before 2401 * the generic functionality existed. This piece of history is preserved 2402 * in the expected tty API of posix OS's. 2403 * 2404 * Locking: none, the open file handle ensures it won't go away. 2405 */ 2406 2407 static int fionbio(struct file *file, int __user *p) 2408 { 2409 int nonblock; 2410 2411 if (get_user(nonblock, p)) 2412 return -EFAULT; 2413 2414 spin_lock(&file->f_lock); 2415 if (nonblock) 2416 file->f_flags |= O_NONBLOCK; 2417 else 2418 file->f_flags &= ~O_NONBLOCK; 2419 spin_unlock(&file->f_lock); 2420 return 0; 2421 } 2422 2423 /** 2424 * tiocsctty - set controlling tty 2425 * @tty: tty structure 2426 * @arg: user argument 2427 * 2428 * This ioctl is used to manage job control. It permits a session 2429 * leader to set this tty as the controlling tty for the session. 2430 * 2431 * Locking: 2432 * Takes tty_lock() to serialize proc_set_tty() for this tty 2433 * Takes tasklist_lock internally to walk sessions 2434 * Takes ->siglock() when updating signal->tty 2435 */ 2436 2437 static int tiocsctty(struct tty_struct *tty, struct file *file, int arg) 2438 { 2439 int ret = 0; 2440 2441 tty_lock(tty); 2442 read_lock(&tasklist_lock); 2443 2444 if (current->signal->leader && (task_session(current) == tty->session)) 2445 goto unlock; 2446 2447 /* 2448 * The process must be a session leader and 2449 * not have a controlling tty already. 2450 */ 2451 if (!current->signal->leader || current->signal->tty) { 2452 ret = -EPERM; 2453 goto unlock; 2454 } 2455 2456 if (tty->session) { 2457 /* 2458 * This tty is already the controlling 2459 * tty for another session group! 2460 */ 2461 if (arg == 1 && capable(CAP_SYS_ADMIN)) { 2462 /* 2463 * Steal it away 2464 */ 2465 session_clear_tty(tty->session); 2466 } else { 2467 ret = -EPERM; 2468 goto unlock; 2469 } 2470 } 2471 2472 /* See the comment in tty_open(). */ 2473 if ((file->f_mode & FMODE_READ) == 0 && !capable(CAP_SYS_ADMIN)) { 2474 ret = -EPERM; 2475 goto unlock; 2476 } 2477 2478 proc_set_tty(tty); 2479 unlock: 2480 read_unlock(&tasklist_lock); 2481 tty_unlock(tty); 2482 return ret; 2483 } 2484 2485 /** 2486 * tty_get_pgrp - return a ref counted pgrp pid 2487 * @tty: tty to read 2488 * 2489 * Returns a refcounted instance of the pid struct for the process 2490 * group controlling the tty. 2491 */ 2492 2493 struct pid *tty_get_pgrp(struct tty_struct *tty) 2494 { 2495 unsigned long flags; 2496 struct pid *pgrp; 2497 2498 spin_lock_irqsave(&tty->ctrl_lock, flags); 2499 pgrp = get_pid(tty->pgrp); 2500 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2501 2502 return pgrp; 2503 } 2504 EXPORT_SYMBOL_GPL(tty_get_pgrp); 2505 2506 /* 2507 * This checks not only the pgrp, but falls back on the pid if no 2508 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly 2509 * without this... 2510 * 2511 * The caller must hold rcu lock or the tasklist lock. 2512 */ 2513 static struct pid *session_of_pgrp(struct pid *pgrp) 2514 { 2515 struct task_struct *p; 2516 struct pid *sid = NULL; 2517 2518 p = pid_task(pgrp, PIDTYPE_PGID); 2519 if (p == NULL) 2520 p = pid_task(pgrp, PIDTYPE_PID); 2521 if (p != NULL) 2522 sid = task_session(p); 2523 2524 return sid; 2525 } 2526 2527 /** 2528 * tiocgpgrp - get process group 2529 * @tty: tty passed by user 2530 * @real_tty: tty side of the tty passed by the user if a pty else the tty 2531 * @p: returned pid 2532 * 2533 * Obtain the process group of the tty. If there is no process group 2534 * return an error. 2535 * 2536 * Locking: none. Reference to current->signal->tty is safe. 2537 */ 2538 2539 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2540 { 2541 struct pid *pid; 2542 int ret; 2543 /* 2544 * (tty == real_tty) is a cheap way of 2545 * testing if the tty is NOT a master pty. 2546 */ 2547 if (tty == real_tty && current->signal->tty != real_tty) 2548 return -ENOTTY; 2549 pid = tty_get_pgrp(real_tty); 2550 ret = put_user(pid_vnr(pid), p); 2551 put_pid(pid); 2552 return ret; 2553 } 2554 2555 /** 2556 * tiocspgrp - attempt to set process group 2557 * @tty: tty passed by user 2558 * @real_tty: tty side device matching tty passed by user 2559 * @p: pid pointer 2560 * 2561 * Set the process group of the tty to the session passed. Only 2562 * permitted where the tty session is our session. 2563 * 2564 * Locking: RCU, ctrl lock 2565 */ 2566 2567 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2568 { 2569 struct pid *pgrp; 2570 pid_t pgrp_nr; 2571 int retval = tty_check_change(real_tty); 2572 unsigned long flags; 2573 2574 if (retval == -EIO) 2575 return -ENOTTY; 2576 if (retval) 2577 return retval; 2578 if (!current->signal->tty || 2579 (current->signal->tty != real_tty) || 2580 (real_tty->session != task_session(current))) 2581 return -ENOTTY; 2582 if (get_user(pgrp_nr, p)) 2583 return -EFAULT; 2584 if (pgrp_nr < 0) 2585 return -EINVAL; 2586 rcu_read_lock(); 2587 pgrp = find_vpid(pgrp_nr); 2588 retval = -ESRCH; 2589 if (!pgrp) 2590 goto out_unlock; 2591 retval = -EPERM; 2592 if (session_of_pgrp(pgrp) != task_session(current)) 2593 goto out_unlock; 2594 retval = 0; 2595 spin_lock_irqsave(&tty->ctrl_lock, flags); 2596 put_pid(real_tty->pgrp); 2597 real_tty->pgrp = get_pid(pgrp); 2598 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2599 out_unlock: 2600 rcu_read_unlock(); 2601 return retval; 2602 } 2603 2604 /** 2605 * tiocgsid - get session id 2606 * @tty: tty passed by user 2607 * @real_tty: tty side of the tty passed by the user if a pty else the tty 2608 * @p: pointer to returned session id 2609 * 2610 * Obtain the session id of the tty. If there is no session 2611 * return an error. 2612 * 2613 * Locking: none. Reference to current->signal->tty is safe. 2614 */ 2615 2616 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p) 2617 { 2618 /* 2619 * (tty == real_tty) is a cheap way of 2620 * testing if the tty is NOT a master pty. 2621 */ 2622 if (tty == real_tty && current->signal->tty != real_tty) 2623 return -ENOTTY; 2624 if (!real_tty->session) 2625 return -ENOTTY; 2626 return put_user(pid_vnr(real_tty->session), p); 2627 } 2628 2629 /** 2630 * tiocsetd - set line discipline 2631 * @tty: tty device 2632 * @p: pointer to user data 2633 * 2634 * Set the line discipline according to user request. 2635 * 2636 * Locking: see tty_set_ldisc, this function is just a helper 2637 */ 2638 2639 static int tiocsetd(struct tty_struct *tty, int __user *p) 2640 { 2641 int ldisc; 2642 int ret; 2643 2644 if (get_user(ldisc, p)) 2645 return -EFAULT; 2646 2647 ret = tty_set_ldisc(tty, ldisc); 2648 2649 return ret; 2650 } 2651 2652 /** 2653 * send_break - performed time break 2654 * @tty: device to break on 2655 * @duration: timeout in mS 2656 * 2657 * Perform a timed break on hardware that lacks its own driver level 2658 * timed break functionality. 2659 * 2660 * Locking: 2661 * atomic_write_lock serializes 2662 * 2663 */ 2664 2665 static int send_break(struct tty_struct *tty, unsigned int duration) 2666 { 2667 int retval; 2668 2669 if (tty->ops->break_ctl == NULL) 2670 return 0; 2671 2672 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2673 retval = tty->ops->break_ctl(tty, duration); 2674 else { 2675 /* Do the work ourselves */ 2676 if (tty_write_lock(tty, 0) < 0) 2677 return -EINTR; 2678 retval = tty->ops->break_ctl(tty, -1); 2679 if (retval) 2680 goto out; 2681 if (!signal_pending(current)) 2682 msleep_interruptible(duration); 2683 retval = tty->ops->break_ctl(tty, 0); 2684 out: 2685 tty_write_unlock(tty); 2686 if (signal_pending(current)) 2687 retval = -EINTR; 2688 } 2689 return retval; 2690 } 2691 2692 /** 2693 * tty_tiocmget - get modem status 2694 * @tty: tty device 2695 * @file: user file pointer 2696 * @p: pointer to result 2697 * 2698 * Obtain the modem status bits from the tty driver if the feature 2699 * is supported. Return -EINVAL if it is not available. 2700 * 2701 * Locking: none (up to the driver) 2702 */ 2703 2704 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2705 { 2706 int retval = -EINVAL; 2707 2708 if (tty->ops->tiocmget) { 2709 retval = tty->ops->tiocmget(tty); 2710 2711 if (retval >= 0) 2712 retval = put_user(retval, p); 2713 } 2714 return retval; 2715 } 2716 2717 /** 2718 * tty_tiocmset - set modem status 2719 * @tty: tty device 2720 * @cmd: command - clear bits, set bits or set all 2721 * @p: pointer to desired bits 2722 * 2723 * Set the modem status bits from the tty driver if the feature 2724 * is supported. Return -EINVAL if it is not available. 2725 * 2726 * Locking: none (up to the driver) 2727 */ 2728 2729 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2730 unsigned __user *p) 2731 { 2732 int retval; 2733 unsigned int set, clear, val; 2734 2735 if (tty->ops->tiocmset == NULL) 2736 return -EINVAL; 2737 2738 retval = get_user(val, p); 2739 if (retval) 2740 return retval; 2741 set = clear = 0; 2742 switch (cmd) { 2743 case TIOCMBIS: 2744 set = val; 2745 break; 2746 case TIOCMBIC: 2747 clear = val; 2748 break; 2749 case TIOCMSET: 2750 set = val; 2751 clear = ~val; 2752 break; 2753 } 2754 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2755 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2756 return tty->ops->tiocmset(tty, set, clear); 2757 } 2758 2759 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2760 { 2761 int retval = -EINVAL; 2762 struct serial_icounter_struct icount; 2763 memset(&icount, 0, sizeof(icount)); 2764 if (tty->ops->get_icount) 2765 retval = tty->ops->get_icount(tty, &icount); 2766 if (retval != 0) 2767 return retval; 2768 if (copy_to_user(arg, &icount, sizeof(icount))) 2769 return -EFAULT; 2770 return 0; 2771 } 2772 2773 static void tty_warn_deprecated_flags(struct serial_struct __user *ss) 2774 { 2775 static DEFINE_RATELIMIT_STATE(depr_flags, 2776 DEFAULT_RATELIMIT_INTERVAL, 2777 DEFAULT_RATELIMIT_BURST); 2778 char comm[TASK_COMM_LEN]; 2779 int flags; 2780 2781 if (get_user(flags, &ss->flags)) 2782 return; 2783 2784 flags &= ASYNC_DEPRECATED; 2785 2786 if (flags && __ratelimit(&depr_flags)) 2787 pr_warning("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2788 __func__, get_task_comm(comm, current), flags); 2789 } 2790 2791 /* 2792 * if pty, return the slave side (real_tty) 2793 * otherwise, return self 2794 */ 2795 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2796 { 2797 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2798 tty->driver->subtype == PTY_TYPE_MASTER) 2799 tty = tty->link; 2800 return tty; 2801 } 2802 2803 /* 2804 * Split this up, as gcc can choke on it otherwise.. 2805 */ 2806 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2807 { 2808 struct tty_struct *tty = file_tty(file); 2809 struct tty_struct *real_tty; 2810 void __user *p = (void __user *)arg; 2811 int retval; 2812 struct tty_ldisc *ld; 2813 2814 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2815 return -EINVAL; 2816 2817 real_tty = tty_pair_get_tty(tty); 2818 2819 /* 2820 * Factor out some common prep work 2821 */ 2822 switch (cmd) { 2823 case TIOCSETD: 2824 case TIOCSBRK: 2825 case TIOCCBRK: 2826 case TCSBRK: 2827 case TCSBRKP: 2828 retval = tty_check_change(tty); 2829 if (retval) 2830 return retval; 2831 if (cmd != TIOCCBRK) { 2832 tty_wait_until_sent(tty, 0); 2833 if (signal_pending(current)) 2834 return -EINTR; 2835 } 2836 break; 2837 } 2838 2839 /* 2840 * Now do the stuff. 2841 */ 2842 switch (cmd) { 2843 case TIOCSTI: 2844 return tiocsti(tty, p); 2845 case TIOCGWINSZ: 2846 return tiocgwinsz(real_tty, p); 2847 case TIOCSWINSZ: 2848 return tiocswinsz(real_tty, p); 2849 case TIOCCONS: 2850 return real_tty != tty ? -EINVAL : tioccons(file); 2851 case FIONBIO: 2852 return fionbio(file, p); 2853 case TIOCEXCL: 2854 set_bit(TTY_EXCLUSIVE, &tty->flags); 2855 return 0; 2856 case TIOCNXCL: 2857 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2858 return 0; 2859 case TIOCGEXCL: 2860 { 2861 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2862 return put_user(excl, (int __user *)p); 2863 } 2864 case TIOCNOTTY: 2865 if (current->signal->tty != tty) 2866 return -ENOTTY; 2867 no_tty(); 2868 return 0; 2869 case TIOCSCTTY: 2870 return tiocsctty(tty, file, arg); 2871 case TIOCGPGRP: 2872 return tiocgpgrp(tty, real_tty, p); 2873 case TIOCSPGRP: 2874 return tiocspgrp(tty, real_tty, p); 2875 case TIOCGSID: 2876 return tiocgsid(tty, real_tty, p); 2877 case TIOCGETD: 2878 return put_user(tty->ldisc->ops->num, (int __user *)p); 2879 case TIOCSETD: 2880 return tiocsetd(tty, p); 2881 case TIOCVHANGUP: 2882 if (!capable(CAP_SYS_ADMIN)) 2883 return -EPERM; 2884 tty_vhangup(tty); 2885 return 0; 2886 case TIOCGDEV: 2887 { 2888 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2889 return put_user(ret, (unsigned int __user *)p); 2890 } 2891 /* 2892 * Break handling 2893 */ 2894 case TIOCSBRK: /* Turn break on, unconditionally */ 2895 if (tty->ops->break_ctl) 2896 return tty->ops->break_ctl(tty, -1); 2897 return 0; 2898 case TIOCCBRK: /* Turn break off, unconditionally */ 2899 if (tty->ops->break_ctl) 2900 return tty->ops->break_ctl(tty, 0); 2901 return 0; 2902 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2903 /* non-zero arg means wait for all output data 2904 * to be sent (performed above) but don't send break. 2905 * This is used by the tcdrain() termios function. 2906 */ 2907 if (!arg) 2908 return send_break(tty, 250); 2909 return 0; 2910 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2911 return send_break(tty, arg ? arg*100 : 250); 2912 2913 case TIOCMGET: 2914 return tty_tiocmget(tty, p); 2915 case TIOCMSET: 2916 case TIOCMBIC: 2917 case TIOCMBIS: 2918 return tty_tiocmset(tty, cmd, p); 2919 case TIOCGICOUNT: 2920 retval = tty_tiocgicount(tty, p); 2921 /* For the moment allow fall through to the old method */ 2922 if (retval != -EINVAL) 2923 return retval; 2924 break; 2925 case TCFLSH: 2926 switch (arg) { 2927 case TCIFLUSH: 2928 case TCIOFLUSH: 2929 /* flush tty buffer and allow ldisc to process ioctl */ 2930 tty_buffer_flush(tty, NULL); 2931 break; 2932 } 2933 break; 2934 case TIOCSSERIAL: 2935 tty_warn_deprecated_flags(p); 2936 break; 2937 } 2938 if (tty->ops->ioctl) { 2939 retval = tty->ops->ioctl(tty, cmd, arg); 2940 if (retval != -ENOIOCTLCMD) 2941 return retval; 2942 } 2943 ld = tty_ldisc_ref_wait(tty); 2944 retval = -EINVAL; 2945 if (ld->ops->ioctl) { 2946 retval = ld->ops->ioctl(tty, file, cmd, arg); 2947 if (retval == -ENOIOCTLCMD) 2948 retval = -ENOTTY; 2949 } 2950 tty_ldisc_deref(ld); 2951 return retval; 2952 } 2953 2954 #ifdef CONFIG_COMPAT 2955 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2956 unsigned long arg) 2957 { 2958 struct tty_struct *tty = file_tty(file); 2959 struct tty_ldisc *ld; 2960 int retval = -ENOIOCTLCMD; 2961 2962 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2963 return -EINVAL; 2964 2965 if (tty->ops->compat_ioctl) { 2966 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2967 if (retval != -ENOIOCTLCMD) 2968 return retval; 2969 } 2970 2971 ld = tty_ldisc_ref_wait(tty); 2972 if (ld->ops->compat_ioctl) 2973 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2974 else 2975 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg); 2976 tty_ldisc_deref(ld); 2977 2978 return retval; 2979 } 2980 #endif 2981 2982 static int this_tty(const void *t, struct file *file, unsigned fd) 2983 { 2984 if (likely(file->f_op->read != tty_read)) 2985 return 0; 2986 return file_tty(file) != t ? 0 : fd + 1; 2987 } 2988 2989 /* 2990 * This implements the "Secure Attention Key" --- the idea is to 2991 * prevent trojan horses by killing all processes associated with this 2992 * tty when the user hits the "Secure Attention Key". Required for 2993 * super-paranoid applications --- see the Orange Book for more details. 2994 * 2995 * This code could be nicer; ideally it should send a HUP, wait a few 2996 * seconds, then send a INT, and then a KILL signal. But you then 2997 * have to coordinate with the init process, since all processes associated 2998 * with the current tty must be dead before the new getty is allowed 2999 * to spawn. 3000 * 3001 * Now, if it would be correct ;-/ The current code has a nasty hole - 3002 * it doesn't catch files in flight. We may send the descriptor to ourselves 3003 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 3004 * 3005 * Nasty bug: do_SAK is being called in interrupt context. This can 3006 * deadlock. We punt it up to process context. AKPM - 16Mar2001 3007 */ 3008 void __do_SAK(struct tty_struct *tty) 3009 { 3010 #ifdef TTY_SOFT_SAK 3011 tty_hangup(tty); 3012 #else 3013 struct task_struct *g, *p; 3014 struct pid *session; 3015 int i; 3016 3017 if (!tty) 3018 return; 3019 session = tty->session; 3020 3021 tty_ldisc_flush(tty); 3022 3023 tty_driver_flush_buffer(tty); 3024 3025 read_lock(&tasklist_lock); 3026 /* Kill the entire session */ 3027 do_each_pid_task(session, PIDTYPE_SID, p) { 3028 printk(KERN_NOTICE "SAK: killed process %d" 3029 " (%s): task_session(p)==tty->session\n", 3030 task_pid_nr(p), p->comm); 3031 send_sig(SIGKILL, p, 1); 3032 } while_each_pid_task(session, PIDTYPE_SID, p); 3033 /* Now kill any processes that happen to have the 3034 * tty open. 3035 */ 3036 do_each_thread(g, p) { 3037 if (p->signal->tty == tty) { 3038 printk(KERN_NOTICE "SAK: killed process %d" 3039 " (%s): task_session(p)==tty->session\n", 3040 task_pid_nr(p), p->comm); 3041 send_sig(SIGKILL, p, 1); 3042 continue; 3043 } 3044 task_lock(p); 3045 i = iterate_fd(p->files, 0, this_tty, tty); 3046 if (i != 0) { 3047 printk(KERN_NOTICE "SAK: killed process %d" 3048 " (%s): fd#%d opened to the tty\n", 3049 task_pid_nr(p), p->comm, i - 1); 3050 force_sig(SIGKILL, p); 3051 } 3052 task_unlock(p); 3053 } while_each_thread(g, p); 3054 read_unlock(&tasklist_lock); 3055 #endif 3056 } 3057 3058 static void do_SAK_work(struct work_struct *work) 3059 { 3060 struct tty_struct *tty = 3061 container_of(work, struct tty_struct, SAK_work); 3062 __do_SAK(tty); 3063 } 3064 3065 /* 3066 * The tq handling here is a little racy - tty->SAK_work may already be queued. 3067 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 3068 * the values which we write to it will be identical to the values which it 3069 * already has. --akpm 3070 */ 3071 void do_SAK(struct tty_struct *tty) 3072 { 3073 if (!tty) 3074 return; 3075 schedule_work(&tty->SAK_work); 3076 } 3077 3078 EXPORT_SYMBOL(do_SAK); 3079 3080 static int dev_match_devt(struct device *dev, const void *data) 3081 { 3082 const dev_t *devt = data; 3083 return dev->devt == *devt; 3084 } 3085 3086 /* Must put_device() after it's unused! */ 3087 static struct device *tty_get_device(struct tty_struct *tty) 3088 { 3089 dev_t devt = tty_devnum(tty); 3090 return class_find_device(tty_class, NULL, &devt, dev_match_devt); 3091 } 3092 3093 3094 /** 3095 * alloc_tty_struct 3096 * 3097 * This subroutine allocates and initializes a tty structure. 3098 * 3099 * Locking: none - tty in question is not exposed at this point 3100 */ 3101 3102 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 3103 { 3104 struct tty_struct *tty; 3105 3106 tty = kzalloc(sizeof(*tty), GFP_KERNEL); 3107 if (!tty) 3108 return NULL; 3109 3110 kref_init(&tty->kref); 3111 tty->magic = TTY_MAGIC; 3112 tty_ldisc_init(tty); 3113 tty->session = NULL; 3114 tty->pgrp = NULL; 3115 mutex_init(&tty->legacy_mutex); 3116 mutex_init(&tty->throttle_mutex); 3117 init_rwsem(&tty->termios_rwsem); 3118 mutex_init(&tty->winsize_mutex); 3119 init_ldsem(&tty->ldisc_sem); 3120 init_waitqueue_head(&tty->write_wait); 3121 init_waitqueue_head(&tty->read_wait); 3122 INIT_WORK(&tty->hangup_work, do_tty_hangup); 3123 mutex_init(&tty->atomic_write_lock); 3124 spin_lock_init(&tty->ctrl_lock); 3125 spin_lock_init(&tty->flow_lock); 3126 INIT_LIST_HEAD(&tty->tty_files); 3127 INIT_WORK(&tty->SAK_work, do_SAK_work); 3128 3129 tty->driver = driver; 3130 tty->ops = driver->ops; 3131 tty->index = idx; 3132 tty_line_name(driver, idx, tty->name); 3133 tty->dev = tty_get_device(tty); 3134 3135 return tty; 3136 } 3137 3138 /** 3139 * deinitialize_tty_struct 3140 * @tty: tty to deinitialize 3141 * 3142 * This subroutine deinitializes a tty structure that has been newly 3143 * allocated but tty_release cannot be called on that yet. 3144 * 3145 * Locking: none - tty in question must not be exposed at this point 3146 */ 3147 void deinitialize_tty_struct(struct tty_struct *tty) 3148 { 3149 tty_ldisc_deinit(tty); 3150 } 3151 3152 /** 3153 * tty_put_char - write one character to a tty 3154 * @tty: tty 3155 * @ch: character 3156 * 3157 * Write one byte to the tty using the provided put_char method 3158 * if present. Returns the number of characters successfully output. 3159 * 3160 * Note: the specific put_char operation in the driver layer may go 3161 * away soon. Don't call it directly, use this method 3162 */ 3163 3164 int tty_put_char(struct tty_struct *tty, unsigned char ch) 3165 { 3166 if (tty->ops->put_char) 3167 return tty->ops->put_char(tty, ch); 3168 return tty->ops->write(tty, &ch, 1); 3169 } 3170 EXPORT_SYMBOL_GPL(tty_put_char); 3171 3172 struct class *tty_class; 3173 3174 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3175 unsigned int index, unsigned int count) 3176 { 3177 int err; 3178 3179 /* init here, since reused cdevs cause crashes */ 3180 driver->cdevs[index] = cdev_alloc(); 3181 if (!driver->cdevs[index]) 3182 return -ENOMEM; 3183 driver->cdevs[index]->ops = &tty_fops; 3184 driver->cdevs[index]->owner = driver->owner; 3185 err = cdev_add(driver->cdevs[index], dev, count); 3186 if (err) 3187 kobject_put(&driver->cdevs[index]->kobj); 3188 return err; 3189 } 3190 3191 /** 3192 * tty_register_device - register a tty device 3193 * @driver: the tty driver that describes the tty device 3194 * @index: the index in the tty driver for this tty device 3195 * @device: a struct device that is associated with this tty device. 3196 * This field is optional, if there is no known struct device 3197 * for this tty device it can be set to NULL safely. 3198 * 3199 * Returns a pointer to the struct device for this tty device 3200 * (or ERR_PTR(-EFOO) on error). 3201 * 3202 * This call is required to be made to register an individual tty device 3203 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3204 * that bit is not set, this function should not be called by a tty 3205 * driver. 3206 * 3207 * Locking: ?? 3208 */ 3209 3210 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3211 struct device *device) 3212 { 3213 return tty_register_device_attr(driver, index, device, NULL, NULL); 3214 } 3215 EXPORT_SYMBOL(tty_register_device); 3216 3217 static void tty_device_create_release(struct device *dev) 3218 { 3219 pr_debug("device: '%s': %s\n", dev_name(dev), __func__); 3220 kfree(dev); 3221 } 3222 3223 /** 3224 * tty_register_device_attr - register a tty device 3225 * @driver: the tty driver that describes the tty device 3226 * @index: the index in the tty driver for this tty device 3227 * @device: a struct device that is associated with this tty device. 3228 * This field is optional, if there is no known struct device 3229 * for this tty device it can be set to NULL safely. 3230 * @drvdata: Driver data to be set to device. 3231 * @attr_grp: Attribute group to be set on device. 3232 * 3233 * Returns a pointer to the struct device for this tty device 3234 * (or ERR_PTR(-EFOO) on error). 3235 * 3236 * This call is required to be made to register an individual tty device 3237 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3238 * that bit is not set, this function should not be called by a tty 3239 * driver. 3240 * 3241 * Locking: ?? 3242 */ 3243 struct device *tty_register_device_attr(struct tty_driver *driver, 3244 unsigned index, struct device *device, 3245 void *drvdata, 3246 const struct attribute_group **attr_grp) 3247 { 3248 char name[64]; 3249 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3250 struct device *dev = NULL; 3251 int retval = -ENODEV; 3252 bool cdev = false; 3253 3254 if (index >= driver->num) { 3255 printk(KERN_ERR "Attempt to register invalid tty line number " 3256 " (%d).\n", index); 3257 return ERR_PTR(-EINVAL); 3258 } 3259 3260 if (driver->type == TTY_DRIVER_TYPE_PTY) 3261 pty_line_name(driver, index, name); 3262 else 3263 tty_line_name(driver, index, name); 3264 3265 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3266 retval = tty_cdev_add(driver, devt, index, 1); 3267 if (retval) 3268 goto error; 3269 cdev = true; 3270 } 3271 3272 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3273 if (!dev) { 3274 retval = -ENOMEM; 3275 goto error; 3276 } 3277 3278 dev->devt = devt; 3279 dev->class = tty_class; 3280 dev->parent = device; 3281 dev->release = tty_device_create_release; 3282 dev_set_name(dev, "%s", name); 3283 dev->groups = attr_grp; 3284 dev_set_drvdata(dev, drvdata); 3285 3286 retval = device_register(dev); 3287 if (retval) 3288 goto error; 3289 3290 return dev; 3291 3292 error: 3293 put_device(dev); 3294 if (cdev) { 3295 cdev_del(driver->cdevs[index]); 3296 driver->cdevs[index] = NULL; 3297 } 3298 return ERR_PTR(retval); 3299 } 3300 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3301 3302 /** 3303 * tty_unregister_device - unregister a tty device 3304 * @driver: the tty driver that describes the tty device 3305 * @index: the index in the tty driver for this tty device 3306 * 3307 * If a tty device is registered with a call to tty_register_device() then 3308 * this function must be called when the tty device is gone. 3309 * 3310 * Locking: ?? 3311 */ 3312 3313 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3314 { 3315 device_destroy(tty_class, 3316 MKDEV(driver->major, driver->minor_start) + index); 3317 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3318 cdev_del(driver->cdevs[index]); 3319 driver->cdevs[index] = NULL; 3320 } 3321 } 3322 EXPORT_SYMBOL(tty_unregister_device); 3323 3324 /** 3325 * __tty_alloc_driver -- allocate tty driver 3326 * @lines: count of lines this driver can handle at most 3327 * @owner: module which is repsonsible for this driver 3328 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3329 * 3330 * This should not be called directly, some of the provided macros should be 3331 * used instead. Use IS_ERR and friends on @retval. 3332 */ 3333 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3334 unsigned long flags) 3335 { 3336 struct tty_driver *driver; 3337 unsigned int cdevs = 1; 3338 int err; 3339 3340 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3341 return ERR_PTR(-EINVAL); 3342 3343 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL); 3344 if (!driver) 3345 return ERR_PTR(-ENOMEM); 3346 3347 kref_init(&driver->kref); 3348 driver->magic = TTY_DRIVER_MAGIC; 3349 driver->num = lines; 3350 driver->owner = owner; 3351 driver->flags = flags; 3352 3353 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3354 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3355 GFP_KERNEL); 3356 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3357 GFP_KERNEL); 3358 if (!driver->ttys || !driver->termios) { 3359 err = -ENOMEM; 3360 goto err_free_all; 3361 } 3362 } 3363 3364 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3365 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3366 GFP_KERNEL); 3367 if (!driver->ports) { 3368 err = -ENOMEM; 3369 goto err_free_all; 3370 } 3371 cdevs = lines; 3372 } 3373 3374 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3375 if (!driver->cdevs) { 3376 err = -ENOMEM; 3377 goto err_free_all; 3378 } 3379 3380 return driver; 3381 err_free_all: 3382 kfree(driver->ports); 3383 kfree(driver->ttys); 3384 kfree(driver->termios); 3385 kfree(driver->cdevs); 3386 kfree(driver); 3387 return ERR_PTR(err); 3388 } 3389 EXPORT_SYMBOL(__tty_alloc_driver); 3390 3391 static void destruct_tty_driver(struct kref *kref) 3392 { 3393 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3394 int i; 3395 struct ktermios *tp; 3396 3397 if (driver->flags & TTY_DRIVER_INSTALLED) { 3398 /* 3399 * Free the termios and termios_locked structures because 3400 * we don't want to get memory leaks when modular tty 3401 * drivers are removed from the kernel. 3402 */ 3403 for (i = 0; i < driver->num; i++) { 3404 tp = driver->termios[i]; 3405 if (tp) { 3406 driver->termios[i] = NULL; 3407 kfree(tp); 3408 } 3409 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3410 tty_unregister_device(driver, i); 3411 } 3412 proc_tty_unregister_driver(driver); 3413 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3414 cdev_del(driver->cdevs[0]); 3415 } 3416 kfree(driver->cdevs); 3417 kfree(driver->ports); 3418 kfree(driver->termios); 3419 kfree(driver->ttys); 3420 kfree(driver); 3421 } 3422 3423 void tty_driver_kref_put(struct tty_driver *driver) 3424 { 3425 kref_put(&driver->kref, destruct_tty_driver); 3426 } 3427 EXPORT_SYMBOL(tty_driver_kref_put); 3428 3429 void tty_set_operations(struct tty_driver *driver, 3430 const struct tty_operations *op) 3431 { 3432 driver->ops = op; 3433 }; 3434 EXPORT_SYMBOL(tty_set_operations); 3435 3436 void put_tty_driver(struct tty_driver *d) 3437 { 3438 tty_driver_kref_put(d); 3439 } 3440 EXPORT_SYMBOL(put_tty_driver); 3441 3442 /* 3443 * Called by a tty driver to register itself. 3444 */ 3445 int tty_register_driver(struct tty_driver *driver) 3446 { 3447 int error; 3448 int i; 3449 dev_t dev; 3450 struct device *d; 3451 3452 if (!driver->major) { 3453 error = alloc_chrdev_region(&dev, driver->minor_start, 3454 driver->num, driver->name); 3455 if (!error) { 3456 driver->major = MAJOR(dev); 3457 driver->minor_start = MINOR(dev); 3458 } 3459 } else { 3460 dev = MKDEV(driver->major, driver->minor_start); 3461 error = register_chrdev_region(dev, driver->num, driver->name); 3462 } 3463 if (error < 0) 3464 goto err; 3465 3466 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3467 error = tty_cdev_add(driver, dev, 0, driver->num); 3468 if (error) 3469 goto err_unreg_char; 3470 } 3471 3472 mutex_lock(&tty_mutex); 3473 list_add(&driver->tty_drivers, &tty_drivers); 3474 mutex_unlock(&tty_mutex); 3475 3476 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3477 for (i = 0; i < driver->num; i++) { 3478 d = tty_register_device(driver, i, NULL); 3479 if (IS_ERR(d)) { 3480 error = PTR_ERR(d); 3481 goto err_unreg_devs; 3482 } 3483 } 3484 } 3485 proc_tty_register_driver(driver); 3486 driver->flags |= TTY_DRIVER_INSTALLED; 3487 return 0; 3488 3489 err_unreg_devs: 3490 for (i--; i >= 0; i--) 3491 tty_unregister_device(driver, i); 3492 3493 mutex_lock(&tty_mutex); 3494 list_del(&driver->tty_drivers); 3495 mutex_unlock(&tty_mutex); 3496 3497 err_unreg_char: 3498 unregister_chrdev_region(dev, driver->num); 3499 err: 3500 return error; 3501 } 3502 EXPORT_SYMBOL(tty_register_driver); 3503 3504 /* 3505 * Called by a tty driver to unregister itself. 3506 */ 3507 int tty_unregister_driver(struct tty_driver *driver) 3508 { 3509 #if 0 3510 /* FIXME */ 3511 if (driver->refcount) 3512 return -EBUSY; 3513 #endif 3514 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3515 driver->num); 3516 mutex_lock(&tty_mutex); 3517 list_del(&driver->tty_drivers); 3518 mutex_unlock(&tty_mutex); 3519 return 0; 3520 } 3521 3522 EXPORT_SYMBOL(tty_unregister_driver); 3523 3524 dev_t tty_devnum(struct tty_struct *tty) 3525 { 3526 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3527 } 3528 EXPORT_SYMBOL(tty_devnum); 3529 3530 void tty_default_fops(struct file_operations *fops) 3531 { 3532 *fops = tty_fops; 3533 } 3534 3535 /* 3536 * Initialize the console device. This is called *early*, so 3537 * we can't necessarily depend on lots of kernel help here. 3538 * Just do some early initializations, and do the complex setup 3539 * later. 3540 */ 3541 void __init console_init(void) 3542 { 3543 initcall_t *call; 3544 3545 /* Setup the default TTY line discipline. */ 3546 tty_ldisc_begin(); 3547 3548 /* 3549 * set up the console device so that later boot sequences can 3550 * inform about problems etc.. 3551 */ 3552 call = __con_initcall_start; 3553 while (call < __con_initcall_end) { 3554 (*call)(); 3555 call++; 3556 } 3557 } 3558 3559 static char *tty_devnode(struct device *dev, umode_t *mode) 3560 { 3561 if (!mode) 3562 return NULL; 3563 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3564 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3565 *mode = 0666; 3566 return NULL; 3567 } 3568 3569 static int __init tty_class_init(void) 3570 { 3571 tty_class = class_create(THIS_MODULE, "tty"); 3572 if (IS_ERR(tty_class)) 3573 return PTR_ERR(tty_class); 3574 tty_class->devnode = tty_devnode; 3575 return 0; 3576 } 3577 3578 postcore_initcall(tty_class_init); 3579 3580 /* 3/2004 jmc: why do these devices exist? */ 3581 static struct cdev tty_cdev, console_cdev; 3582 3583 static ssize_t show_cons_active(struct device *dev, 3584 struct device_attribute *attr, char *buf) 3585 { 3586 struct console *cs[16]; 3587 int i = 0; 3588 struct console *c; 3589 ssize_t count = 0; 3590 3591 console_lock(); 3592 for_each_console(c) { 3593 if (!c->device) 3594 continue; 3595 if (!c->write) 3596 continue; 3597 if ((c->flags & CON_ENABLED) == 0) 3598 continue; 3599 cs[i++] = c; 3600 if (i >= ARRAY_SIZE(cs)) 3601 break; 3602 } 3603 while (i--) { 3604 int index = cs[i]->index; 3605 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3606 3607 /* don't resolve tty0 as some programs depend on it */ 3608 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3609 count += tty_line_name(drv, index, buf + count); 3610 else 3611 count += sprintf(buf + count, "%s%d", 3612 cs[i]->name, cs[i]->index); 3613 3614 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3615 } 3616 console_unlock(); 3617 3618 return count; 3619 } 3620 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3621 3622 static struct attribute *cons_dev_attrs[] = { 3623 &dev_attr_active.attr, 3624 NULL 3625 }; 3626 3627 ATTRIBUTE_GROUPS(cons_dev); 3628 3629 static struct device *consdev; 3630 3631 void console_sysfs_notify(void) 3632 { 3633 if (consdev) 3634 sysfs_notify(&consdev->kobj, NULL, "active"); 3635 } 3636 3637 /* 3638 * Ok, now we can initialize the rest of the tty devices and can count 3639 * on memory allocations, interrupts etc.. 3640 */ 3641 int __init tty_init(void) 3642 { 3643 cdev_init(&tty_cdev, &tty_fops); 3644 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3645 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3646 panic("Couldn't register /dev/tty driver\n"); 3647 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3648 3649 cdev_init(&console_cdev, &console_fops); 3650 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3651 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3652 panic("Couldn't register /dev/console driver\n"); 3653 consdev = device_create_with_groups(tty_class, NULL, 3654 MKDEV(TTYAUX_MAJOR, 1), NULL, 3655 cons_dev_groups, "console"); 3656 if (IS_ERR(consdev)) 3657 consdev = NULL; 3658 3659 #ifdef CONFIG_VT 3660 vty_init(&console_fops); 3661 #endif 3662 return 0; 3663 } 3664 3665