1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (C) 1991, 1992 Linus Torvalds 4 */ 5 6 /* 7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles 8 * or rs-channels. It also implements echoing, cooked mode etc. 9 * 10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0. 11 * 12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the 13 * tty_struct and tty_queue structures. Previously there was an array 14 * of 256 tty_struct's which was statically allocated, and the 15 * tty_queue structures were allocated at boot time. Both are now 16 * dynamically allocated only when the tty is open. 17 * 18 * Also restructured routines so that there is more of a separation 19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and 20 * the low-level tty routines (serial.c, pty.c, console.c). This 21 * makes for cleaner and more compact code. -TYT, 9/17/92 22 * 23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines 24 * which can be dynamically activated and de-activated by the line 25 * discipline handling modules (like SLIP). 26 * 27 * NOTE: pay no attention to the line discipline code (yet); its 28 * interface is still subject to change in this version... 29 * -- TYT, 1/31/92 30 * 31 * Added functionality to the OPOST tty handling. No delays, but all 32 * other bits should be there. 33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993. 34 * 35 * Rewrote canonical mode and added more termios flags. 36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94 37 * 38 * Reorganized FASYNC support so mouse code can share it. 39 * -- ctm@ardi.com, 9Sep95 40 * 41 * New TIOCLINUX variants added. 42 * -- mj@k332.feld.cvut.cz, 19-Nov-95 43 * 44 * Restrict vt switching via ioctl() 45 * -- grif@cs.ucr.edu, 5-Dec-95 46 * 47 * Move console and virtual terminal code to more appropriate files, 48 * implement CONFIG_VT and generalize console device interface. 49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97 50 * 51 * Rewrote tty_init_dev and tty_release_dev to eliminate races. 52 * -- Bill Hawes <whawes@star.net>, June 97 53 * 54 * Added devfs support. 55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998 56 * 57 * Added support for a Unix98-style ptmx device. 58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998 59 * 60 * Reduced memory usage for older ARM systems 61 * -- Russell King <rmk@arm.linux.org.uk> 62 * 63 * Move do_SAK() into process context. Less stack use in devfs functions. 64 * alloc_tty_struct() always uses kmalloc() 65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01 66 */ 67 68 #include <linux/types.h> 69 #include <linux/major.h> 70 #include <linux/errno.h> 71 #include <linux/signal.h> 72 #include <linux/fcntl.h> 73 #include <linux/sched/signal.h> 74 #include <linux/sched/task.h> 75 #include <linux/interrupt.h> 76 #include <linux/tty.h> 77 #include <linux/tty_driver.h> 78 #include <linux/tty_flip.h> 79 #include <linux/devpts_fs.h> 80 #include <linux/file.h> 81 #include <linux/fdtable.h> 82 #include <linux/console.h> 83 #include <linux/timer.h> 84 #include <linux/ctype.h> 85 #include <linux/kd.h> 86 #include <linux/mm.h> 87 #include <linux/string.h> 88 #include <linux/slab.h> 89 #include <linux/poll.h> 90 #include <linux/proc_fs.h> 91 #include <linux/init.h> 92 #include <linux/module.h> 93 #include <linux/device.h> 94 #include <linux/wait.h> 95 #include <linux/bitops.h> 96 #include <linux/delay.h> 97 #include <linux/seq_file.h> 98 #include <linux/serial.h> 99 #include <linux/ratelimit.h> 100 #include <linux/compat.h> 101 102 #include <linux/uaccess.h> 103 104 #include <linux/kbd_kern.h> 105 #include <linux/vt_kern.h> 106 #include <linux/selection.h> 107 108 #include <linux/kmod.h> 109 #include <linux/nsproxy.h> 110 111 #undef TTY_DEBUG_HANGUP 112 #ifdef TTY_DEBUG_HANGUP 113 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args) 114 #else 115 # define tty_debug_hangup(tty, f, args...) do { } while (0) 116 #endif 117 118 #define TTY_PARANOIA_CHECK 1 119 #define CHECK_TTY_COUNT 1 120 121 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */ 122 .c_iflag = ICRNL | IXON, 123 .c_oflag = OPOST | ONLCR, 124 .c_cflag = B38400 | CS8 | CREAD | HUPCL, 125 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK | 126 ECHOCTL | ECHOKE | IEXTEN, 127 .c_cc = INIT_C_CC, 128 .c_ispeed = 38400, 129 .c_ospeed = 38400, 130 /* .c_line = N_TTY, */ 131 }; 132 133 EXPORT_SYMBOL(tty_std_termios); 134 135 /* This list gets poked at by procfs and various bits of boot up code. This 136 could do with some rationalisation such as pulling the tty proc function 137 into this file */ 138 139 LIST_HEAD(tty_drivers); /* linked list of tty drivers */ 140 141 /* Mutex to protect creating and releasing a tty */ 142 DEFINE_MUTEX(tty_mutex); 143 144 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *); 145 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *); 146 ssize_t redirected_tty_write(struct file *, const char __user *, 147 size_t, loff_t *); 148 static __poll_t tty_poll(struct file *, poll_table *); 149 static int tty_open(struct inode *, struct file *); 150 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 151 #ifdef CONFIG_COMPAT 152 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 153 unsigned long arg); 154 #else 155 #define tty_compat_ioctl NULL 156 #endif 157 static int __tty_fasync(int fd, struct file *filp, int on); 158 static int tty_fasync(int fd, struct file *filp, int on); 159 static void release_tty(struct tty_struct *tty, int idx); 160 161 /** 162 * free_tty_struct - free a disused tty 163 * @tty: tty struct to free 164 * 165 * Free the write buffers, tty queue and tty memory itself. 166 * 167 * Locking: none. Must be called after tty is definitely unused 168 */ 169 170 static void free_tty_struct(struct tty_struct *tty) 171 { 172 tty_ldisc_deinit(tty); 173 put_device(tty->dev); 174 kfree(tty->write_buf); 175 tty->magic = 0xDEADDEAD; 176 kfree(tty); 177 } 178 179 static inline struct tty_struct *file_tty(struct file *file) 180 { 181 return ((struct tty_file_private *)file->private_data)->tty; 182 } 183 184 int tty_alloc_file(struct file *file) 185 { 186 struct tty_file_private *priv; 187 188 priv = kmalloc(sizeof(*priv), GFP_KERNEL); 189 if (!priv) 190 return -ENOMEM; 191 192 file->private_data = priv; 193 194 return 0; 195 } 196 197 /* Associate a new file with the tty structure */ 198 void tty_add_file(struct tty_struct *tty, struct file *file) 199 { 200 struct tty_file_private *priv = file->private_data; 201 202 priv->tty = tty; 203 priv->file = file; 204 205 spin_lock(&tty->files_lock); 206 list_add(&priv->list, &tty->tty_files); 207 spin_unlock(&tty->files_lock); 208 } 209 210 /** 211 * tty_free_file - free file->private_data 212 * 213 * This shall be used only for fail path handling when tty_add_file was not 214 * called yet. 215 */ 216 void tty_free_file(struct file *file) 217 { 218 struct tty_file_private *priv = file->private_data; 219 220 file->private_data = NULL; 221 kfree(priv); 222 } 223 224 /* Delete file from its tty */ 225 static void tty_del_file(struct file *file) 226 { 227 struct tty_file_private *priv = file->private_data; 228 struct tty_struct *tty = priv->tty; 229 230 spin_lock(&tty->files_lock); 231 list_del(&priv->list); 232 spin_unlock(&tty->files_lock); 233 tty_free_file(file); 234 } 235 236 /** 237 * tty_name - return tty naming 238 * @tty: tty structure 239 * 240 * Convert a tty structure into a name. The name reflects the kernel 241 * naming policy and if udev is in use may not reflect user space 242 * 243 * Locking: none 244 */ 245 246 const char *tty_name(const struct tty_struct *tty) 247 { 248 if (!tty) /* Hmm. NULL pointer. That's fun. */ 249 return "NULL tty"; 250 return tty->name; 251 } 252 253 EXPORT_SYMBOL(tty_name); 254 255 const char *tty_driver_name(const struct tty_struct *tty) 256 { 257 if (!tty || !tty->driver) 258 return ""; 259 return tty->driver->name; 260 } 261 262 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, 263 const char *routine) 264 { 265 #ifdef TTY_PARANOIA_CHECK 266 if (!tty) { 267 pr_warn("(%d:%d): %s: NULL tty\n", 268 imajor(inode), iminor(inode), routine); 269 return 1; 270 } 271 if (tty->magic != TTY_MAGIC) { 272 pr_warn("(%d:%d): %s: bad magic number\n", 273 imajor(inode), iminor(inode), routine); 274 return 1; 275 } 276 #endif 277 return 0; 278 } 279 280 /* Caller must hold tty_lock */ 281 static int check_tty_count(struct tty_struct *tty, const char *routine) 282 { 283 #ifdef CHECK_TTY_COUNT 284 struct list_head *p; 285 int count = 0, kopen_count = 0; 286 287 spin_lock(&tty->files_lock); 288 list_for_each(p, &tty->tty_files) { 289 count++; 290 } 291 spin_unlock(&tty->files_lock); 292 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 293 tty->driver->subtype == PTY_TYPE_SLAVE && 294 tty->link && tty->link->count) 295 count++; 296 if (tty_port_kopened(tty->port)) 297 kopen_count++; 298 if (tty->count != (count + kopen_count)) { 299 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n", 300 routine, tty->count, count, kopen_count); 301 return (count + kopen_count); 302 } 303 #endif 304 return 0; 305 } 306 307 /** 308 * get_tty_driver - find device of a tty 309 * @dev_t: device identifier 310 * @index: returns the index of the tty 311 * 312 * This routine returns a tty driver structure, given a device number 313 * and also passes back the index number. 314 * 315 * Locking: caller must hold tty_mutex 316 */ 317 318 static struct tty_driver *get_tty_driver(dev_t device, int *index) 319 { 320 struct tty_driver *p; 321 322 list_for_each_entry(p, &tty_drivers, tty_drivers) { 323 dev_t base = MKDEV(p->major, p->minor_start); 324 if (device < base || device >= base + p->num) 325 continue; 326 *index = device - base; 327 return tty_driver_kref_get(p); 328 } 329 return NULL; 330 } 331 332 /** 333 * tty_dev_name_to_number - return dev_t for device name 334 * @name: user space name of device under /dev 335 * @number: pointer to dev_t that this function will populate 336 * 337 * This function converts device names like ttyS0 or ttyUSB1 into dev_t 338 * like (4, 64) or (188, 1). If no corresponding driver is registered then 339 * the function returns -ENODEV. 340 * 341 * Locking: this acquires tty_mutex to protect the tty_drivers list from 342 * being modified while we are traversing it, and makes sure to 343 * release it before exiting. 344 */ 345 int tty_dev_name_to_number(const char *name, dev_t *number) 346 { 347 struct tty_driver *p; 348 int ret; 349 int index, prefix_length = 0; 350 const char *str; 351 352 for (str = name; *str && !isdigit(*str); str++) 353 ; 354 355 if (!*str) 356 return -EINVAL; 357 358 ret = kstrtoint(str, 10, &index); 359 if (ret) 360 return ret; 361 362 prefix_length = str - name; 363 mutex_lock(&tty_mutex); 364 365 list_for_each_entry(p, &tty_drivers, tty_drivers) 366 if (prefix_length == strlen(p->name) && strncmp(name, 367 p->name, prefix_length) == 0) { 368 if (index < p->num) { 369 *number = MKDEV(p->major, p->minor_start + index); 370 goto out; 371 } 372 } 373 374 /* if here then driver wasn't found */ 375 ret = -ENODEV; 376 out: 377 mutex_unlock(&tty_mutex); 378 return ret; 379 } 380 EXPORT_SYMBOL_GPL(tty_dev_name_to_number); 381 382 #ifdef CONFIG_CONSOLE_POLL 383 384 /** 385 * tty_find_polling_driver - find device of a polled tty 386 * @name: name string to match 387 * @line: pointer to resulting tty line nr 388 * 389 * This routine returns a tty driver structure, given a name 390 * and the condition that the tty driver is capable of polled 391 * operation. 392 */ 393 struct tty_driver *tty_find_polling_driver(char *name, int *line) 394 { 395 struct tty_driver *p, *res = NULL; 396 int tty_line = 0; 397 int len; 398 char *str, *stp; 399 400 for (str = name; *str; str++) 401 if ((*str >= '0' && *str <= '9') || *str == ',') 402 break; 403 if (!*str) 404 return NULL; 405 406 len = str - name; 407 tty_line = simple_strtoul(str, &str, 10); 408 409 mutex_lock(&tty_mutex); 410 /* Search through the tty devices to look for a match */ 411 list_for_each_entry(p, &tty_drivers, tty_drivers) { 412 if (!len || strncmp(name, p->name, len) != 0) 413 continue; 414 stp = str; 415 if (*stp == ',') 416 stp++; 417 if (*stp == '\0') 418 stp = NULL; 419 420 if (tty_line >= 0 && tty_line < p->num && p->ops && 421 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) { 422 res = tty_driver_kref_get(p); 423 *line = tty_line; 424 break; 425 } 426 } 427 mutex_unlock(&tty_mutex); 428 429 return res; 430 } 431 EXPORT_SYMBOL_GPL(tty_find_polling_driver); 432 #endif 433 434 static ssize_t hung_up_tty_read(struct file *file, char __user *buf, 435 size_t count, loff_t *ppos) 436 { 437 return 0; 438 } 439 440 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf, 441 size_t count, loff_t *ppos) 442 { 443 return -EIO; 444 } 445 446 /* No kernel lock held - none needed ;) */ 447 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait) 448 { 449 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM; 450 } 451 452 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd, 453 unsigned long arg) 454 { 455 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 456 } 457 458 static long hung_up_tty_compat_ioctl(struct file *file, 459 unsigned int cmd, unsigned long arg) 460 { 461 return cmd == TIOCSPGRP ? -ENOTTY : -EIO; 462 } 463 464 static int hung_up_tty_fasync(int fd, struct file *file, int on) 465 { 466 return -ENOTTY; 467 } 468 469 static void tty_show_fdinfo(struct seq_file *m, struct file *file) 470 { 471 struct tty_struct *tty = file_tty(file); 472 473 if (tty && tty->ops && tty->ops->show_fdinfo) 474 tty->ops->show_fdinfo(tty, m); 475 } 476 477 static const struct file_operations tty_fops = { 478 .llseek = no_llseek, 479 .read = tty_read, 480 .write = tty_write, 481 .poll = tty_poll, 482 .unlocked_ioctl = tty_ioctl, 483 .compat_ioctl = tty_compat_ioctl, 484 .open = tty_open, 485 .release = tty_release, 486 .fasync = tty_fasync, 487 .show_fdinfo = tty_show_fdinfo, 488 }; 489 490 static const struct file_operations console_fops = { 491 .llseek = no_llseek, 492 .read = tty_read, 493 .write = redirected_tty_write, 494 .poll = tty_poll, 495 .unlocked_ioctl = tty_ioctl, 496 .compat_ioctl = tty_compat_ioctl, 497 .open = tty_open, 498 .release = tty_release, 499 .fasync = tty_fasync, 500 }; 501 502 static const struct file_operations hung_up_tty_fops = { 503 .llseek = no_llseek, 504 .read = hung_up_tty_read, 505 .write = hung_up_tty_write, 506 .poll = hung_up_tty_poll, 507 .unlocked_ioctl = hung_up_tty_ioctl, 508 .compat_ioctl = hung_up_tty_compat_ioctl, 509 .release = tty_release, 510 .fasync = hung_up_tty_fasync, 511 }; 512 513 static DEFINE_SPINLOCK(redirect_lock); 514 static struct file *redirect; 515 516 /** 517 * tty_wakeup - request more data 518 * @tty: terminal 519 * 520 * Internal and external helper for wakeups of tty. This function 521 * informs the line discipline if present that the driver is ready 522 * to receive more output data. 523 */ 524 525 void tty_wakeup(struct tty_struct *tty) 526 { 527 struct tty_ldisc *ld; 528 529 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { 530 ld = tty_ldisc_ref(tty); 531 if (ld) { 532 if (ld->ops->write_wakeup) 533 ld->ops->write_wakeup(tty); 534 tty_ldisc_deref(ld); 535 } 536 } 537 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 538 } 539 540 EXPORT_SYMBOL_GPL(tty_wakeup); 541 542 /** 543 * __tty_hangup - actual handler for hangup events 544 * @work: tty device 545 * 546 * This can be called by a "kworker" kernel thread. That is process 547 * synchronous but doesn't hold any locks, so we need to make sure we 548 * have the appropriate locks for what we're doing. 549 * 550 * The hangup event clears any pending redirections onto the hung up 551 * device. It ensures future writes will error and it does the needed 552 * line discipline hangup and signal delivery. The tty object itself 553 * remains intact. 554 * 555 * Locking: 556 * BTM 557 * redirect lock for undoing redirection 558 * file list lock for manipulating list of ttys 559 * tty_ldiscs_lock from called functions 560 * termios_rwsem resetting termios data 561 * tasklist_lock to walk task list for hangup event 562 * ->siglock to protect ->signal/->sighand 563 */ 564 static void __tty_hangup(struct tty_struct *tty, int exit_session) 565 { 566 struct file *cons_filp = NULL; 567 struct file *filp, *f = NULL; 568 struct tty_file_private *priv; 569 int closecount = 0, n; 570 int refs; 571 572 if (!tty) 573 return; 574 575 576 spin_lock(&redirect_lock); 577 if (redirect && file_tty(redirect) == tty) { 578 f = redirect; 579 redirect = NULL; 580 } 581 spin_unlock(&redirect_lock); 582 583 tty_lock(tty); 584 585 if (test_bit(TTY_HUPPED, &tty->flags)) { 586 tty_unlock(tty); 587 return; 588 } 589 590 /* 591 * Some console devices aren't actually hung up for technical and 592 * historical reasons, which can lead to indefinite interruptible 593 * sleep in n_tty_read(). The following explicitly tells 594 * n_tty_read() to abort readers. 595 */ 596 set_bit(TTY_HUPPING, &tty->flags); 597 598 /* inuse_filps is protected by the single tty lock, 599 this really needs to change if we want to flush the 600 workqueue with the lock held */ 601 check_tty_count(tty, "tty_hangup"); 602 603 spin_lock(&tty->files_lock); 604 /* This breaks for file handles being sent over AF_UNIX sockets ? */ 605 list_for_each_entry(priv, &tty->tty_files, list) { 606 filp = priv->file; 607 if (filp->f_op->write == redirected_tty_write) 608 cons_filp = filp; 609 if (filp->f_op->write != tty_write) 610 continue; 611 closecount++; 612 __tty_fasync(-1, filp, 0); /* can't block */ 613 filp->f_op = &hung_up_tty_fops; 614 } 615 spin_unlock(&tty->files_lock); 616 617 refs = tty_signal_session_leader(tty, exit_session); 618 /* Account for the p->signal references we killed */ 619 while (refs--) 620 tty_kref_put(tty); 621 622 tty_ldisc_hangup(tty, cons_filp != NULL); 623 624 spin_lock_irq(&tty->ctrl_lock); 625 clear_bit(TTY_THROTTLED, &tty->flags); 626 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags); 627 put_pid(tty->session); 628 put_pid(tty->pgrp); 629 tty->session = NULL; 630 tty->pgrp = NULL; 631 tty->ctrl_status = 0; 632 spin_unlock_irq(&tty->ctrl_lock); 633 634 /* 635 * If one of the devices matches a console pointer, we 636 * cannot just call hangup() because that will cause 637 * tty->count and state->count to go out of sync. 638 * So we just call close() the right number of times. 639 */ 640 if (cons_filp) { 641 if (tty->ops->close) 642 for (n = 0; n < closecount; n++) 643 tty->ops->close(tty, cons_filp); 644 } else if (tty->ops->hangup) 645 tty->ops->hangup(tty); 646 /* 647 * We don't want to have driver/ldisc interactions beyond the ones 648 * we did here. The driver layer expects no calls after ->hangup() 649 * from the ldisc side, which is now guaranteed. 650 */ 651 set_bit(TTY_HUPPED, &tty->flags); 652 clear_bit(TTY_HUPPING, &tty->flags); 653 tty_unlock(tty); 654 655 if (f) 656 fput(f); 657 } 658 659 static void do_tty_hangup(struct work_struct *work) 660 { 661 struct tty_struct *tty = 662 container_of(work, struct tty_struct, hangup_work); 663 664 __tty_hangup(tty, 0); 665 } 666 667 /** 668 * tty_hangup - trigger a hangup event 669 * @tty: tty to hangup 670 * 671 * A carrier loss (virtual or otherwise) has occurred on this like 672 * schedule a hangup sequence to run after this event. 673 */ 674 675 void tty_hangup(struct tty_struct *tty) 676 { 677 tty_debug_hangup(tty, "hangup\n"); 678 schedule_work(&tty->hangup_work); 679 } 680 681 EXPORT_SYMBOL(tty_hangup); 682 683 /** 684 * tty_vhangup - process vhangup 685 * @tty: tty to hangup 686 * 687 * The user has asked via system call for the terminal to be hung up. 688 * We do this synchronously so that when the syscall returns the process 689 * is complete. That guarantee is necessary for security reasons. 690 */ 691 692 void tty_vhangup(struct tty_struct *tty) 693 { 694 tty_debug_hangup(tty, "vhangup\n"); 695 __tty_hangup(tty, 0); 696 } 697 698 EXPORT_SYMBOL(tty_vhangup); 699 700 701 /** 702 * tty_vhangup_self - process vhangup for own ctty 703 * 704 * Perform a vhangup on the current controlling tty 705 */ 706 707 void tty_vhangup_self(void) 708 { 709 struct tty_struct *tty; 710 711 tty = get_current_tty(); 712 if (tty) { 713 tty_vhangup(tty); 714 tty_kref_put(tty); 715 } 716 } 717 718 /** 719 * tty_vhangup_session - hangup session leader exit 720 * @tty: tty to hangup 721 * 722 * The session leader is exiting and hanging up its controlling terminal. 723 * Every process in the foreground process group is signalled SIGHUP. 724 * 725 * We do this synchronously so that when the syscall returns the process 726 * is complete. That guarantee is necessary for security reasons. 727 */ 728 729 void tty_vhangup_session(struct tty_struct *tty) 730 { 731 tty_debug_hangup(tty, "session hangup\n"); 732 __tty_hangup(tty, 1); 733 } 734 735 /** 736 * tty_hung_up_p - was tty hung up 737 * @filp: file pointer of tty 738 * 739 * Return true if the tty has been subject to a vhangup or a carrier 740 * loss 741 */ 742 743 int tty_hung_up_p(struct file *filp) 744 { 745 return (filp && filp->f_op == &hung_up_tty_fops); 746 } 747 748 EXPORT_SYMBOL(tty_hung_up_p); 749 750 /** 751 * stop_tty - propagate flow control 752 * @tty: tty to stop 753 * 754 * Perform flow control to the driver. May be called 755 * on an already stopped device and will not re-call the driver 756 * method. 757 * 758 * This functionality is used by both the line disciplines for 759 * halting incoming flow and by the driver. It may therefore be 760 * called from any context, may be under the tty atomic_write_lock 761 * but not always. 762 * 763 * Locking: 764 * flow_lock 765 */ 766 767 void __stop_tty(struct tty_struct *tty) 768 { 769 if (tty->stopped) 770 return; 771 tty->stopped = 1; 772 if (tty->ops->stop) 773 tty->ops->stop(tty); 774 } 775 776 void stop_tty(struct tty_struct *tty) 777 { 778 unsigned long flags; 779 780 spin_lock_irqsave(&tty->flow_lock, flags); 781 __stop_tty(tty); 782 spin_unlock_irqrestore(&tty->flow_lock, flags); 783 } 784 EXPORT_SYMBOL(stop_tty); 785 786 /** 787 * start_tty - propagate flow control 788 * @tty: tty to start 789 * 790 * Start a tty that has been stopped if at all possible. If this 791 * tty was previous stopped and is now being started, the driver 792 * start method is invoked and the line discipline woken. 793 * 794 * Locking: 795 * flow_lock 796 */ 797 798 void __start_tty(struct tty_struct *tty) 799 { 800 if (!tty->stopped || tty->flow_stopped) 801 return; 802 tty->stopped = 0; 803 if (tty->ops->start) 804 tty->ops->start(tty); 805 tty_wakeup(tty); 806 } 807 808 void start_tty(struct tty_struct *tty) 809 { 810 unsigned long flags; 811 812 spin_lock_irqsave(&tty->flow_lock, flags); 813 __start_tty(tty); 814 spin_unlock_irqrestore(&tty->flow_lock, flags); 815 } 816 EXPORT_SYMBOL(start_tty); 817 818 static void tty_update_time(struct timespec64 *time) 819 { 820 time64_t sec = ktime_get_real_seconds(); 821 822 /* 823 * We only care if the two values differ in anything other than the 824 * lower three bits (i.e every 8 seconds). If so, then we can update 825 * the time of the tty device, otherwise it could be construded as a 826 * security leak to let userspace know the exact timing of the tty. 827 */ 828 if ((sec ^ time->tv_sec) & ~7) 829 time->tv_sec = sec; 830 } 831 832 /** 833 * tty_read - read method for tty device files 834 * @file: pointer to tty file 835 * @buf: user buffer 836 * @count: size of user buffer 837 * @ppos: unused 838 * 839 * Perform the read system call function on this terminal device. Checks 840 * for hung up devices before calling the line discipline method. 841 * 842 * Locking: 843 * Locks the line discipline internally while needed. Multiple 844 * read calls may be outstanding in parallel. 845 */ 846 847 static ssize_t tty_read(struct file *file, char __user *buf, size_t count, 848 loff_t *ppos) 849 { 850 int i; 851 struct inode *inode = file_inode(file); 852 struct tty_struct *tty = file_tty(file); 853 struct tty_ldisc *ld; 854 855 if (tty_paranoia_check(tty, inode, "tty_read")) 856 return -EIO; 857 if (!tty || tty_io_error(tty)) 858 return -EIO; 859 860 /* We want to wait for the line discipline to sort out in this 861 situation */ 862 ld = tty_ldisc_ref_wait(tty); 863 if (!ld) 864 return hung_up_tty_read(file, buf, count, ppos); 865 if (ld->ops->read) 866 i = ld->ops->read(tty, file, buf, count); 867 else 868 i = -EIO; 869 tty_ldisc_deref(ld); 870 871 if (i > 0) 872 tty_update_time(&inode->i_atime); 873 874 return i; 875 } 876 877 static void tty_write_unlock(struct tty_struct *tty) 878 { 879 mutex_unlock(&tty->atomic_write_lock); 880 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT); 881 } 882 883 static int tty_write_lock(struct tty_struct *tty, int ndelay) 884 { 885 if (!mutex_trylock(&tty->atomic_write_lock)) { 886 if (ndelay) 887 return -EAGAIN; 888 if (mutex_lock_interruptible(&tty->atomic_write_lock)) 889 return -ERESTARTSYS; 890 } 891 return 0; 892 } 893 894 /* 895 * Split writes up in sane blocksizes to avoid 896 * denial-of-service type attacks 897 */ 898 static inline ssize_t do_tty_write( 899 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t), 900 struct tty_struct *tty, 901 struct file *file, 902 const char __user *buf, 903 size_t count) 904 { 905 ssize_t ret, written = 0; 906 unsigned int chunk; 907 908 ret = tty_write_lock(tty, file->f_flags & O_NDELAY); 909 if (ret < 0) 910 return ret; 911 912 /* 913 * We chunk up writes into a temporary buffer. This 914 * simplifies low-level drivers immensely, since they 915 * don't have locking issues and user mode accesses. 916 * 917 * But if TTY_NO_WRITE_SPLIT is set, we should use a 918 * big chunk-size.. 919 * 920 * The default chunk-size is 2kB, because the NTTY 921 * layer has problems with bigger chunks. It will 922 * claim to be able to handle more characters than 923 * it actually does. 924 * 925 * FIXME: This can probably go away now except that 64K chunks 926 * are too likely to fail unless switched to vmalloc... 927 */ 928 chunk = 2048; 929 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags)) 930 chunk = 65536; 931 if (count < chunk) 932 chunk = count; 933 934 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */ 935 if (tty->write_cnt < chunk) { 936 unsigned char *buf_chunk; 937 938 if (chunk < 1024) 939 chunk = 1024; 940 941 buf_chunk = kmalloc(chunk, GFP_KERNEL); 942 if (!buf_chunk) { 943 ret = -ENOMEM; 944 goto out; 945 } 946 kfree(tty->write_buf); 947 tty->write_cnt = chunk; 948 tty->write_buf = buf_chunk; 949 } 950 951 /* Do the write .. */ 952 for (;;) { 953 size_t size = count; 954 if (size > chunk) 955 size = chunk; 956 ret = -EFAULT; 957 if (copy_from_user(tty->write_buf, buf, size)) 958 break; 959 ret = write(tty, file, tty->write_buf, size); 960 if (ret <= 0) 961 break; 962 written += ret; 963 buf += ret; 964 count -= ret; 965 if (!count) 966 break; 967 ret = -ERESTARTSYS; 968 if (signal_pending(current)) 969 break; 970 cond_resched(); 971 } 972 if (written) { 973 tty_update_time(&file_inode(file)->i_mtime); 974 ret = written; 975 } 976 out: 977 tty_write_unlock(tty); 978 return ret; 979 } 980 981 /** 982 * tty_write_message - write a message to a certain tty, not just the console. 983 * @tty: the destination tty_struct 984 * @msg: the message to write 985 * 986 * This is used for messages that need to be redirected to a specific tty. 987 * We don't put it into the syslog queue right now maybe in the future if 988 * really needed. 989 * 990 * We must still hold the BTM and test the CLOSING flag for the moment. 991 */ 992 993 void tty_write_message(struct tty_struct *tty, char *msg) 994 { 995 if (tty) { 996 mutex_lock(&tty->atomic_write_lock); 997 tty_lock(tty); 998 if (tty->ops->write && tty->count > 0) 999 tty->ops->write(tty, msg, strlen(msg)); 1000 tty_unlock(tty); 1001 tty_write_unlock(tty); 1002 } 1003 return; 1004 } 1005 1006 1007 /** 1008 * tty_write - write method for tty device file 1009 * @file: tty file pointer 1010 * @buf: user data to write 1011 * @count: bytes to write 1012 * @ppos: unused 1013 * 1014 * Write data to a tty device via the line discipline. 1015 * 1016 * Locking: 1017 * Locks the line discipline as required 1018 * Writes to the tty driver are serialized by the atomic_write_lock 1019 * and are then processed in chunks to the device. The line discipline 1020 * write method will not be invoked in parallel for each device. 1021 */ 1022 1023 static ssize_t tty_write(struct file *file, const char __user *buf, 1024 size_t count, loff_t *ppos) 1025 { 1026 struct tty_struct *tty = file_tty(file); 1027 struct tty_ldisc *ld; 1028 ssize_t ret; 1029 1030 if (tty_paranoia_check(tty, file_inode(file), "tty_write")) 1031 return -EIO; 1032 if (!tty || !tty->ops->write || tty_io_error(tty)) 1033 return -EIO; 1034 /* Short term debug to catch buggy drivers */ 1035 if (tty->ops->write_room == NULL) 1036 tty_err(tty, "missing write_room method\n"); 1037 ld = tty_ldisc_ref_wait(tty); 1038 if (!ld) 1039 return hung_up_tty_write(file, buf, count, ppos); 1040 if (!ld->ops->write) 1041 ret = -EIO; 1042 else 1043 ret = do_tty_write(ld->ops->write, tty, file, buf, count); 1044 tty_ldisc_deref(ld); 1045 return ret; 1046 } 1047 1048 ssize_t redirected_tty_write(struct file *file, const char __user *buf, 1049 size_t count, loff_t *ppos) 1050 { 1051 struct file *p = NULL; 1052 1053 spin_lock(&redirect_lock); 1054 if (redirect) 1055 p = get_file(redirect); 1056 spin_unlock(&redirect_lock); 1057 1058 if (p) { 1059 ssize_t res; 1060 res = vfs_write(p, buf, count, &p->f_pos); 1061 fput(p); 1062 return res; 1063 } 1064 return tty_write(file, buf, count, ppos); 1065 } 1066 1067 /** 1068 * tty_send_xchar - send priority character 1069 * 1070 * Send a high priority character to the tty even if stopped 1071 * 1072 * Locking: none for xchar method, write ordering for write method. 1073 */ 1074 1075 int tty_send_xchar(struct tty_struct *tty, char ch) 1076 { 1077 int was_stopped = tty->stopped; 1078 1079 if (tty->ops->send_xchar) { 1080 down_read(&tty->termios_rwsem); 1081 tty->ops->send_xchar(tty, ch); 1082 up_read(&tty->termios_rwsem); 1083 return 0; 1084 } 1085 1086 if (tty_write_lock(tty, 0) < 0) 1087 return -ERESTARTSYS; 1088 1089 down_read(&tty->termios_rwsem); 1090 if (was_stopped) 1091 start_tty(tty); 1092 tty->ops->write(tty, &ch, 1); 1093 if (was_stopped) 1094 stop_tty(tty); 1095 up_read(&tty->termios_rwsem); 1096 tty_write_unlock(tty); 1097 return 0; 1098 } 1099 1100 static char ptychar[] = "pqrstuvwxyzabcde"; 1101 1102 /** 1103 * pty_line_name - generate name for a pty 1104 * @driver: the tty driver in use 1105 * @index: the minor number 1106 * @p: output buffer of at least 6 bytes 1107 * 1108 * Generate a name from a driver reference and write it to the output 1109 * buffer. 1110 * 1111 * Locking: None 1112 */ 1113 static void pty_line_name(struct tty_driver *driver, int index, char *p) 1114 { 1115 int i = index + driver->name_base; 1116 /* ->name is initialized to "ttyp", but "tty" is expected */ 1117 sprintf(p, "%s%c%x", 1118 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name, 1119 ptychar[i >> 4 & 0xf], i & 0xf); 1120 } 1121 1122 /** 1123 * tty_line_name - generate name for a tty 1124 * @driver: the tty driver in use 1125 * @index: the minor number 1126 * @p: output buffer of at least 7 bytes 1127 * 1128 * Generate a name from a driver reference and write it to the output 1129 * buffer. 1130 * 1131 * Locking: None 1132 */ 1133 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p) 1134 { 1135 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE) 1136 return sprintf(p, "%s", driver->name); 1137 else 1138 return sprintf(p, "%s%d", driver->name, 1139 index + driver->name_base); 1140 } 1141 1142 /** 1143 * tty_driver_lookup_tty() - find an existing tty, if any 1144 * @driver: the driver for the tty 1145 * @idx: the minor number 1146 * 1147 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the 1148 * driver lookup() method returns an error. 1149 * 1150 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref. 1151 */ 1152 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, 1153 struct file *file, int idx) 1154 { 1155 struct tty_struct *tty; 1156 1157 if (driver->ops->lookup) 1158 if (!file) 1159 tty = ERR_PTR(-EIO); 1160 else 1161 tty = driver->ops->lookup(driver, file, idx); 1162 else 1163 tty = driver->ttys[idx]; 1164 1165 if (!IS_ERR(tty)) 1166 tty_kref_get(tty); 1167 return tty; 1168 } 1169 1170 /** 1171 * tty_init_termios - helper for termios setup 1172 * @tty: the tty to set up 1173 * 1174 * Initialise the termios structures for this tty. Thus runs under 1175 * the tty_mutex currently so we can be relaxed about ordering. 1176 */ 1177 1178 void tty_init_termios(struct tty_struct *tty) 1179 { 1180 struct ktermios *tp; 1181 int idx = tty->index; 1182 1183 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1184 tty->termios = tty->driver->init_termios; 1185 else { 1186 /* Check for lazy saved data */ 1187 tp = tty->driver->termios[idx]; 1188 if (tp != NULL) { 1189 tty->termios = *tp; 1190 tty->termios.c_line = tty->driver->init_termios.c_line; 1191 } else 1192 tty->termios = tty->driver->init_termios; 1193 } 1194 /* Compatibility until drivers always set this */ 1195 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios); 1196 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios); 1197 } 1198 EXPORT_SYMBOL_GPL(tty_init_termios); 1199 1200 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty) 1201 { 1202 tty_init_termios(tty); 1203 tty_driver_kref_get(driver); 1204 tty->count++; 1205 driver->ttys[tty->index] = tty; 1206 return 0; 1207 } 1208 EXPORT_SYMBOL_GPL(tty_standard_install); 1209 1210 /** 1211 * tty_driver_install_tty() - install a tty entry in the driver 1212 * @driver: the driver for the tty 1213 * @tty: the tty 1214 * 1215 * Install a tty object into the driver tables. The tty->index field 1216 * will be set by the time this is called. This method is responsible 1217 * for ensuring any need additional structures are allocated and 1218 * configured. 1219 * 1220 * Locking: tty_mutex for now 1221 */ 1222 static int tty_driver_install_tty(struct tty_driver *driver, 1223 struct tty_struct *tty) 1224 { 1225 return driver->ops->install ? driver->ops->install(driver, tty) : 1226 tty_standard_install(driver, tty); 1227 } 1228 1229 /** 1230 * tty_driver_remove_tty() - remove a tty from the driver tables 1231 * @driver: the driver for the tty 1232 * @idx: the minor number 1233 * 1234 * Remvoe a tty object from the driver tables. The tty->index field 1235 * will be set by the time this is called. 1236 * 1237 * Locking: tty_mutex for now 1238 */ 1239 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty) 1240 { 1241 if (driver->ops->remove) 1242 driver->ops->remove(driver, tty); 1243 else 1244 driver->ttys[tty->index] = NULL; 1245 } 1246 1247 /* 1248 * tty_reopen() - fast re-open of an open tty 1249 * @tty - the tty to open 1250 * 1251 * Return 0 on success, -errno on error. 1252 * Re-opens on master ptys are not allowed and return -EIO. 1253 * 1254 * Locking: Caller must hold tty_lock 1255 */ 1256 static int tty_reopen(struct tty_struct *tty) 1257 { 1258 struct tty_driver *driver = tty->driver; 1259 int retval; 1260 1261 if (driver->type == TTY_DRIVER_TYPE_PTY && 1262 driver->subtype == PTY_TYPE_MASTER) 1263 return -EIO; 1264 1265 if (!tty->count) 1266 return -EAGAIN; 1267 1268 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) 1269 return -EBUSY; 1270 1271 tty->count++; 1272 1273 if (tty->ldisc) 1274 return 0; 1275 1276 retval = tty_ldisc_reinit(tty, tty->termios.c_line); 1277 if (retval) 1278 tty->count--; 1279 1280 return retval; 1281 } 1282 1283 /** 1284 * tty_init_dev - initialise a tty device 1285 * @driver: tty driver we are opening a device on 1286 * @idx: device index 1287 * @ret_tty: returned tty structure 1288 * 1289 * Prepare a tty device. This may not be a "new" clean device but 1290 * could also be an active device. The pty drivers require special 1291 * handling because of this. 1292 * 1293 * Locking: 1294 * The function is called under the tty_mutex, which 1295 * protects us from the tty struct or driver itself going away. 1296 * 1297 * On exit the tty device has the line discipline attached and 1298 * a reference count of 1. If a pair was created for pty/tty use 1299 * and the other was a pty master then it too has a reference count of 1. 1300 * 1301 * WSH 06/09/97: Rewritten to remove races and properly clean up after a 1302 * failed open. The new code protects the open with a mutex, so it's 1303 * really quite straightforward. The mutex locking can probably be 1304 * relaxed for the (most common) case of reopening a tty. 1305 */ 1306 1307 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx) 1308 { 1309 struct tty_struct *tty; 1310 int retval; 1311 1312 /* 1313 * First time open is complex, especially for PTY devices. 1314 * This code guarantees that either everything succeeds and the 1315 * TTY is ready for operation, or else the table slots are vacated 1316 * and the allocated memory released. (Except that the termios 1317 * may be retained.) 1318 */ 1319 1320 if (!try_module_get(driver->owner)) 1321 return ERR_PTR(-ENODEV); 1322 1323 tty = alloc_tty_struct(driver, idx); 1324 if (!tty) { 1325 retval = -ENOMEM; 1326 goto err_module_put; 1327 } 1328 1329 tty_lock(tty); 1330 retval = tty_driver_install_tty(driver, tty); 1331 if (retval < 0) 1332 goto err_free_tty; 1333 1334 if (!tty->port) 1335 tty->port = driver->ports[idx]; 1336 1337 WARN_RATELIMIT(!tty->port, 1338 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n", 1339 __func__, tty->driver->name); 1340 1341 retval = tty_ldisc_lock(tty, 5 * HZ); 1342 if (retval) 1343 goto err_release_lock; 1344 tty->port->itty = tty; 1345 1346 /* 1347 * Structures all installed ... call the ldisc open routines. 1348 * If we fail here just call release_tty to clean up. No need 1349 * to decrement the use counts, as release_tty doesn't care. 1350 */ 1351 retval = tty_ldisc_setup(tty, tty->link); 1352 if (retval) 1353 goto err_release_tty; 1354 tty_ldisc_unlock(tty); 1355 /* Return the tty locked so that it cannot vanish under the caller */ 1356 return tty; 1357 1358 err_free_tty: 1359 tty_unlock(tty); 1360 free_tty_struct(tty); 1361 err_module_put: 1362 module_put(driver->owner); 1363 return ERR_PTR(retval); 1364 1365 /* call the tty release_tty routine to clean out this slot */ 1366 err_release_tty: 1367 tty_ldisc_unlock(tty); 1368 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n", 1369 retval, idx); 1370 err_release_lock: 1371 tty_unlock(tty); 1372 release_tty(tty, idx); 1373 return ERR_PTR(retval); 1374 } 1375 1376 /** 1377 * tty_save_termios() - save tty termios data in driver table 1378 * @tty: tty whose termios data to save 1379 * 1380 * Locking: Caller guarantees serialisation with tty_init_termios(). 1381 */ 1382 void tty_save_termios(struct tty_struct *tty) 1383 { 1384 struct ktermios *tp; 1385 int idx = tty->index; 1386 1387 /* If the port is going to reset then it has no termios to save */ 1388 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) 1389 return; 1390 1391 /* Stash the termios data */ 1392 tp = tty->driver->termios[idx]; 1393 if (tp == NULL) { 1394 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL); 1395 if (tp == NULL) 1396 return; 1397 tty->driver->termios[idx] = tp; 1398 } 1399 *tp = tty->termios; 1400 } 1401 EXPORT_SYMBOL_GPL(tty_save_termios); 1402 1403 /** 1404 * tty_flush_works - flush all works of a tty/pty pair 1405 * @tty: tty device to flush works for (or either end of a pty pair) 1406 * 1407 * Sync flush all works belonging to @tty (and the 'other' tty). 1408 */ 1409 static void tty_flush_works(struct tty_struct *tty) 1410 { 1411 flush_work(&tty->SAK_work); 1412 flush_work(&tty->hangup_work); 1413 if (tty->link) { 1414 flush_work(&tty->link->SAK_work); 1415 flush_work(&tty->link->hangup_work); 1416 } 1417 } 1418 1419 /** 1420 * release_one_tty - release tty structure memory 1421 * @kref: kref of tty we are obliterating 1422 * 1423 * Releases memory associated with a tty structure, and clears out the 1424 * driver table slots. This function is called when a device is no longer 1425 * in use. It also gets called when setup of a device fails. 1426 * 1427 * Locking: 1428 * takes the file list lock internally when working on the list 1429 * of ttys that the driver keeps. 1430 * 1431 * This method gets called from a work queue so that the driver private 1432 * cleanup ops can sleep (needed for USB at least) 1433 */ 1434 static void release_one_tty(struct work_struct *work) 1435 { 1436 struct tty_struct *tty = 1437 container_of(work, struct tty_struct, hangup_work); 1438 struct tty_driver *driver = tty->driver; 1439 struct module *owner = driver->owner; 1440 1441 if (tty->ops->cleanup) 1442 tty->ops->cleanup(tty); 1443 1444 tty->magic = 0; 1445 tty_driver_kref_put(driver); 1446 module_put(owner); 1447 1448 spin_lock(&tty->files_lock); 1449 list_del_init(&tty->tty_files); 1450 spin_unlock(&tty->files_lock); 1451 1452 put_pid(tty->pgrp); 1453 put_pid(tty->session); 1454 free_tty_struct(tty); 1455 } 1456 1457 static void queue_release_one_tty(struct kref *kref) 1458 { 1459 struct tty_struct *tty = container_of(kref, struct tty_struct, kref); 1460 1461 /* The hangup queue is now free so we can reuse it rather than 1462 waste a chunk of memory for each port */ 1463 INIT_WORK(&tty->hangup_work, release_one_tty); 1464 schedule_work(&tty->hangup_work); 1465 } 1466 1467 /** 1468 * tty_kref_put - release a tty kref 1469 * @tty: tty device 1470 * 1471 * Release a reference to a tty device and if need be let the kref 1472 * layer destruct the object for us 1473 */ 1474 1475 void tty_kref_put(struct tty_struct *tty) 1476 { 1477 if (tty) 1478 kref_put(&tty->kref, queue_release_one_tty); 1479 } 1480 EXPORT_SYMBOL(tty_kref_put); 1481 1482 /** 1483 * release_tty - release tty structure memory 1484 * 1485 * Release both @tty and a possible linked partner (think pty pair), 1486 * and decrement the refcount of the backing module. 1487 * 1488 * Locking: 1489 * tty_mutex 1490 * takes the file list lock internally when working on the list 1491 * of ttys that the driver keeps. 1492 * 1493 */ 1494 static void release_tty(struct tty_struct *tty, int idx) 1495 { 1496 /* This should always be true but check for the moment */ 1497 WARN_ON(tty->index != idx); 1498 WARN_ON(!mutex_is_locked(&tty_mutex)); 1499 if (tty->ops->shutdown) 1500 tty->ops->shutdown(tty); 1501 tty_save_termios(tty); 1502 tty_driver_remove_tty(tty->driver, tty); 1503 tty->port->itty = NULL; 1504 if (tty->link) 1505 tty->link->port->itty = NULL; 1506 tty_buffer_cancel_work(tty->port); 1507 if (tty->link) 1508 tty_buffer_cancel_work(tty->link->port); 1509 1510 tty_kref_put(tty->link); 1511 tty_kref_put(tty); 1512 } 1513 1514 /** 1515 * tty_release_checks - check a tty before real release 1516 * @tty: tty to check 1517 * @o_tty: link of @tty (if any) 1518 * @idx: index of the tty 1519 * 1520 * Performs some paranoid checking before true release of the @tty. 1521 * This is a no-op unless TTY_PARANOIA_CHECK is defined. 1522 */ 1523 static int tty_release_checks(struct tty_struct *tty, int idx) 1524 { 1525 #ifdef TTY_PARANOIA_CHECK 1526 if (idx < 0 || idx >= tty->driver->num) { 1527 tty_debug(tty, "bad idx %d\n", idx); 1528 return -1; 1529 } 1530 1531 /* not much to check for devpts */ 1532 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) 1533 return 0; 1534 1535 if (tty != tty->driver->ttys[idx]) { 1536 tty_debug(tty, "bad driver table[%d] = %p\n", 1537 idx, tty->driver->ttys[idx]); 1538 return -1; 1539 } 1540 if (tty->driver->other) { 1541 struct tty_struct *o_tty = tty->link; 1542 1543 if (o_tty != tty->driver->other->ttys[idx]) { 1544 tty_debug(tty, "bad other table[%d] = %p\n", 1545 idx, tty->driver->other->ttys[idx]); 1546 return -1; 1547 } 1548 if (o_tty->link != tty) { 1549 tty_debug(tty, "bad link = %p\n", o_tty->link); 1550 return -1; 1551 } 1552 } 1553 #endif 1554 return 0; 1555 } 1556 1557 /** 1558 * tty_kclose - closes tty opened by tty_kopen 1559 * @tty: tty device 1560 * 1561 * Performs the final steps to release and free a tty device. It is the 1562 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED 1563 * flag on tty->port. 1564 */ 1565 void tty_kclose(struct tty_struct *tty) 1566 { 1567 /* 1568 * Ask the line discipline code to release its structures 1569 */ 1570 tty_ldisc_release(tty); 1571 1572 /* Wait for pending work before tty destruction commmences */ 1573 tty_flush_works(tty); 1574 1575 tty_debug_hangup(tty, "freeing structure\n"); 1576 /* 1577 * The release_tty function takes care of the details of clearing 1578 * the slots and preserving the termios structure. The tty_unlock_pair 1579 * should be safe as we keep a kref while the tty is locked (so the 1580 * unlock never unlocks a freed tty). 1581 */ 1582 mutex_lock(&tty_mutex); 1583 tty_port_set_kopened(tty->port, 0); 1584 release_tty(tty, tty->index); 1585 mutex_unlock(&tty_mutex); 1586 } 1587 EXPORT_SYMBOL_GPL(tty_kclose); 1588 1589 /** 1590 * tty_release_struct - release a tty struct 1591 * @tty: tty device 1592 * @idx: index of the tty 1593 * 1594 * Performs the final steps to release and free a tty device. It is 1595 * roughly the reverse of tty_init_dev. 1596 */ 1597 void tty_release_struct(struct tty_struct *tty, int idx) 1598 { 1599 /* 1600 * Ask the line discipline code to release its structures 1601 */ 1602 tty_ldisc_release(tty); 1603 1604 /* Wait for pending work before tty destruction commmences */ 1605 tty_flush_works(tty); 1606 1607 tty_debug_hangup(tty, "freeing structure\n"); 1608 /* 1609 * The release_tty function takes care of the details of clearing 1610 * the slots and preserving the termios structure. The tty_unlock_pair 1611 * should be safe as we keep a kref while the tty is locked (so the 1612 * unlock never unlocks a freed tty). 1613 */ 1614 mutex_lock(&tty_mutex); 1615 release_tty(tty, idx); 1616 mutex_unlock(&tty_mutex); 1617 } 1618 EXPORT_SYMBOL_GPL(tty_release_struct); 1619 1620 /** 1621 * tty_release - vfs callback for close 1622 * @inode: inode of tty 1623 * @filp: file pointer for handle to tty 1624 * 1625 * Called the last time each file handle is closed that references 1626 * this tty. There may however be several such references. 1627 * 1628 * Locking: 1629 * Takes bkl. See tty_release_dev 1630 * 1631 * Even releasing the tty structures is a tricky business.. We have 1632 * to be very careful that the structures are all released at the 1633 * same time, as interrupts might otherwise get the wrong pointers. 1634 * 1635 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could 1636 * lead to double frees or releasing memory still in use. 1637 */ 1638 1639 int tty_release(struct inode *inode, struct file *filp) 1640 { 1641 struct tty_struct *tty = file_tty(filp); 1642 struct tty_struct *o_tty = NULL; 1643 int do_sleep, final; 1644 int idx; 1645 long timeout = 0; 1646 int once = 1; 1647 1648 if (tty_paranoia_check(tty, inode, __func__)) 1649 return 0; 1650 1651 tty_lock(tty); 1652 check_tty_count(tty, __func__); 1653 1654 __tty_fasync(-1, filp, 0); 1655 1656 idx = tty->index; 1657 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 1658 tty->driver->subtype == PTY_TYPE_MASTER) 1659 o_tty = tty->link; 1660 1661 if (tty_release_checks(tty, idx)) { 1662 tty_unlock(tty); 1663 return 0; 1664 } 1665 1666 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count); 1667 1668 if (tty->ops->close) 1669 tty->ops->close(tty, filp); 1670 1671 /* If tty is pty master, lock the slave pty (stable lock order) */ 1672 tty_lock_slave(o_tty); 1673 1674 /* 1675 * Sanity check: if tty->count is going to zero, there shouldn't be 1676 * any waiters on tty->read_wait or tty->write_wait. We test the 1677 * wait queues and kick everyone out _before_ actually starting to 1678 * close. This ensures that we won't block while releasing the tty 1679 * structure. 1680 * 1681 * The test for the o_tty closing is necessary, since the master and 1682 * slave sides may close in any order. If the slave side closes out 1683 * first, its count will be one, since the master side holds an open. 1684 * Thus this test wouldn't be triggered at the time the slave closed, 1685 * so we do it now. 1686 */ 1687 while (1) { 1688 do_sleep = 0; 1689 1690 if (tty->count <= 1) { 1691 if (waitqueue_active(&tty->read_wait)) { 1692 wake_up_poll(&tty->read_wait, EPOLLIN); 1693 do_sleep++; 1694 } 1695 if (waitqueue_active(&tty->write_wait)) { 1696 wake_up_poll(&tty->write_wait, EPOLLOUT); 1697 do_sleep++; 1698 } 1699 } 1700 if (o_tty && o_tty->count <= 1) { 1701 if (waitqueue_active(&o_tty->read_wait)) { 1702 wake_up_poll(&o_tty->read_wait, EPOLLIN); 1703 do_sleep++; 1704 } 1705 if (waitqueue_active(&o_tty->write_wait)) { 1706 wake_up_poll(&o_tty->write_wait, EPOLLOUT); 1707 do_sleep++; 1708 } 1709 } 1710 if (!do_sleep) 1711 break; 1712 1713 if (once) { 1714 once = 0; 1715 tty_warn(tty, "read/write wait queue active!\n"); 1716 } 1717 schedule_timeout_killable(timeout); 1718 if (timeout < 120 * HZ) 1719 timeout = 2 * timeout + 1; 1720 else 1721 timeout = MAX_SCHEDULE_TIMEOUT; 1722 } 1723 1724 if (o_tty) { 1725 if (--o_tty->count < 0) { 1726 tty_warn(tty, "bad slave count (%d)\n", o_tty->count); 1727 o_tty->count = 0; 1728 } 1729 } 1730 if (--tty->count < 0) { 1731 tty_warn(tty, "bad tty->count (%d)\n", tty->count); 1732 tty->count = 0; 1733 } 1734 1735 /* 1736 * We've decremented tty->count, so we need to remove this file 1737 * descriptor off the tty->tty_files list; this serves two 1738 * purposes: 1739 * - check_tty_count sees the correct number of file descriptors 1740 * associated with this tty. 1741 * - do_tty_hangup no longer sees this file descriptor as 1742 * something that needs to be handled for hangups. 1743 */ 1744 tty_del_file(filp); 1745 1746 /* 1747 * Perform some housekeeping before deciding whether to return. 1748 * 1749 * If _either_ side is closing, make sure there aren't any 1750 * processes that still think tty or o_tty is their controlling 1751 * tty. 1752 */ 1753 if (!tty->count) { 1754 read_lock(&tasklist_lock); 1755 session_clear_tty(tty->session); 1756 if (o_tty) 1757 session_clear_tty(o_tty->session); 1758 read_unlock(&tasklist_lock); 1759 } 1760 1761 /* check whether both sides are closing ... */ 1762 final = !tty->count && !(o_tty && o_tty->count); 1763 1764 tty_unlock_slave(o_tty); 1765 tty_unlock(tty); 1766 1767 /* At this point, the tty->count == 0 should ensure a dead tty 1768 cannot be re-opened by a racing opener */ 1769 1770 if (!final) 1771 return 0; 1772 1773 tty_debug_hangup(tty, "final close\n"); 1774 1775 tty_release_struct(tty, idx); 1776 return 0; 1777 } 1778 1779 /** 1780 * tty_open_current_tty - get locked tty of current task 1781 * @device: device number 1782 * @filp: file pointer to tty 1783 * @return: locked tty of the current task iff @device is /dev/tty 1784 * 1785 * Performs a re-open of the current task's controlling tty. 1786 * 1787 * We cannot return driver and index like for the other nodes because 1788 * devpts will not work then. It expects inodes to be from devpts FS. 1789 */ 1790 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp) 1791 { 1792 struct tty_struct *tty; 1793 int retval; 1794 1795 if (device != MKDEV(TTYAUX_MAJOR, 0)) 1796 return NULL; 1797 1798 tty = get_current_tty(); 1799 if (!tty) 1800 return ERR_PTR(-ENXIO); 1801 1802 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */ 1803 /* noctty = 1; */ 1804 tty_lock(tty); 1805 tty_kref_put(tty); /* safe to drop the kref now */ 1806 1807 retval = tty_reopen(tty); 1808 if (retval < 0) { 1809 tty_unlock(tty); 1810 tty = ERR_PTR(retval); 1811 } 1812 return tty; 1813 } 1814 1815 /** 1816 * tty_lookup_driver - lookup a tty driver for a given device file 1817 * @device: device number 1818 * @filp: file pointer to tty 1819 * @index: index for the device in the @return driver 1820 * @return: driver for this inode (with increased refcount) 1821 * 1822 * If @return is not erroneous, the caller is responsible to decrement the 1823 * refcount by tty_driver_kref_put. 1824 * 1825 * Locking: tty_mutex protects get_tty_driver 1826 */ 1827 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp, 1828 int *index) 1829 { 1830 struct tty_driver *driver; 1831 1832 switch (device) { 1833 #ifdef CONFIG_VT 1834 case MKDEV(TTY_MAJOR, 0): { 1835 extern struct tty_driver *console_driver; 1836 driver = tty_driver_kref_get(console_driver); 1837 *index = fg_console; 1838 break; 1839 } 1840 #endif 1841 case MKDEV(TTYAUX_MAJOR, 1): { 1842 struct tty_driver *console_driver = console_device(index); 1843 if (console_driver) { 1844 driver = tty_driver_kref_get(console_driver); 1845 if (driver && filp) { 1846 /* Don't let /dev/console block */ 1847 filp->f_flags |= O_NONBLOCK; 1848 break; 1849 } 1850 } 1851 return ERR_PTR(-ENODEV); 1852 } 1853 default: 1854 driver = get_tty_driver(device, index); 1855 if (!driver) 1856 return ERR_PTR(-ENODEV); 1857 break; 1858 } 1859 return driver; 1860 } 1861 1862 /** 1863 * tty_kopen - open a tty device for kernel 1864 * @device: dev_t of device to open 1865 * 1866 * Opens tty exclusively for kernel. Performs the driver lookup, 1867 * makes sure it's not already opened and performs the first-time 1868 * tty initialization. 1869 * 1870 * Returns the locked initialized &tty_struct 1871 * 1872 * Claims the global tty_mutex to serialize: 1873 * - concurrent first-time tty initialization 1874 * - concurrent tty driver removal w/ lookup 1875 * - concurrent tty removal from driver table 1876 */ 1877 struct tty_struct *tty_kopen(dev_t device) 1878 { 1879 struct tty_struct *tty; 1880 struct tty_driver *driver = NULL; 1881 int index = -1; 1882 1883 mutex_lock(&tty_mutex); 1884 driver = tty_lookup_driver(device, NULL, &index); 1885 if (IS_ERR(driver)) { 1886 mutex_unlock(&tty_mutex); 1887 return ERR_CAST(driver); 1888 } 1889 1890 /* check whether we're reopening an existing tty */ 1891 tty = tty_driver_lookup_tty(driver, NULL, index); 1892 if (IS_ERR(tty)) 1893 goto out; 1894 1895 if (tty) { 1896 /* drop kref from tty_driver_lookup_tty() */ 1897 tty_kref_put(tty); 1898 tty = ERR_PTR(-EBUSY); 1899 } else { /* tty_init_dev returns tty with the tty_lock held */ 1900 tty = tty_init_dev(driver, index); 1901 if (IS_ERR(tty)) 1902 goto out; 1903 tty_port_set_kopened(tty->port, 1); 1904 } 1905 out: 1906 mutex_unlock(&tty_mutex); 1907 tty_driver_kref_put(driver); 1908 return tty; 1909 } 1910 EXPORT_SYMBOL_GPL(tty_kopen); 1911 1912 /** 1913 * tty_open_by_driver - open a tty device 1914 * @device: dev_t of device to open 1915 * @inode: inode of device file 1916 * @filp: file pointer to tty 1917 * 1918 * Performs the driver lookup, checks for a reopen, or otherwise 1919 * performs the first-time tty initialization. 1920 * 1921 * Returns the locked initialized or re-opened &tty_struct 1922 * 1923 * Claims the global tty_mutex to serialize: 1924 * - concurrent first-time tty initialization 1925 * - concurrent tty driver removal w/ lookup 1926 * - concurrent tty removal from driver table 1927 */ 1928 static struct tty_struct *tty_open_by_driver(dev_t device, struct inode *inode, 1929 struct file *filp) 1930 { 1931 struct tty_struct *tty; 1932 struct tty_driver *driver = NULL; 1933 int index = -1; 1934 int retval; 1935 1936 mutex_lock(&tty_mutex); 1937 driver = tty_lookup_driver(device, filp, &index); 1938 if (IS_ERR(driver)) { 1939 mutex_unlock(&tty_mutex); 1940 return ERR_CAST(driver); 1941 } 1942 1943 /* check whether we're reopening an existing tty */ 1944 tty = tty_driver_lookup_tty(driver, filp, index); 1945 if (IS_ERR(tty)) { 1946 mutex_unlock(&tty_mutex); 1947 goto out; 1948 } 1949 1950 if (tty) { 1951 if (tty_port_kopened(tty->port)) { 1952 tty_kref_put(tty); 1953 mutex_unlock(&tty_mutex); 1954 tty = ERR_PTR(-EBUSY); 1955 goto out; 1956 } 1957 mutex_unlock(&tty_mutex); 1958 retval = tty_lock_interruptible(tty); 1959 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */ 1960 if (retval) { 1961 if (retval == -EINTR) 1962 retval = -ERESTARTSYS; 1963 tty = ERR_PTR(retval); 1964 goto out; 1965 } 1966 retval = tty_reopen(tty); 1967 if (retval < 0) { 1968 tty_unlock(tty); 1969 tty = ERR_PTR(retval); 1970 } 1971 } else { /* Returns with the tty_lock held for now */ 1972 tty = tty_init_dev(driver, index); 1973 mutex_unlock(&tty_mutex); 1974 } 1975 out: 1976 tty_driver_kref_put(driver); 1977 return tty; 1978 } 1979 1980 /** 1981 * tty_open - open a tty device 1982 * @inode: inode of device file 1983 * @filp: file pointer to tty 1984 * 1985 * tty_open and tty_release keep up the tty count that contains the 1986 * number of opens done on a tty. We cannot use the inode-count, as 1987 * different inodes might point to the same tty. 1988 * 1989 * Open-counting is needed for pty masters, as well as for keeping 1990 * track of serial lines: DTR is dropped when the last close happens. 1991 * (This is not done solely through tty->count, now. - Ted 1/27/92) 1992 * 1993 * The termios state of a pty is reset on first open so that 1994 * settings don't persist across reuse. 1995 * 1996 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev. 1997 * tty->count should protect the rest. 1998 * ->siglock protects ->signal/->sighand 1999 * 2000 * Note: the tty_unlock/lock cases without a ref are only safe due to 2001 * tty_mutex 2002 */ 2003 2004 static int tty_open(struct inode *inode, struct file *filp) 2005 { 2006 struct tty_struct *tty; 2007 int noctty, retval; 2008 dev_t device = inode->i_rdev; 2009 unsigned saved_flags = filp->f_flags; 2010 2011 nonseekable_open(inode, filp); 2012 2013 retry_open: 2014 retval = tty_alloc_file(filp); 2015 if (retval) 2016 return -ENOMEM; 2017 2018 tty = tty_open_current_tty(device, filp); 2019 if (!tty) 2020 tty = tty_open_by_driver(device, inode, filp); 2021 2022 if (IS_ERR(tty)) { 2023 tty_free_file(filp); 2024 retval = PTR_ERR(tty); 2025 if (retval != -EAGAIN || signal_pending(current)) 2026 return retval; 2027 schedule(); 2028 goto retry_open; 2029 } 2030 2031 tty_add_file(tty, filp); 2032 2033 check_tty_count(tty, __func__); 2034 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count); 2035 2036 if (tty->ops->open) 2037 retval = tty->ops->open(tty, filp); 2038 else 2039 retval = -ENODEV; 2040 filp->f_flags = saved_flags; 2041 2042 if (retval) { 2043 tty_debug_hangup(tty, "open error %d, releasing\n", retval); 2044 2045 tty_unlock(tty); /* need to call tty_release without BTM */ 2046 tty_release(inode, filp); 2047 if (retval != -ERESTARTSYS) 2048 return retval; 2049 2050 if (signal_pending(current)) 2051 return retval; 2052 2053 schedule(); 2054 /* 2055 * Need to reset f_op in case a hangup happened. 2056 */ 2057 if (tty_hung_up_p(filp)) 2058 filp->f_op = &tty_fops; 2059 goto retry_open; 2060 } 2061 clear_bit(TTY_HUPPED, &tty->flags); 2062 2063 noctty = (filp->f_flags & O_NOCTTY) || 2064 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) || 2065 device == MKDEV(TTYAUX_MAJOR, 1) || 2066 (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2067 tty->driver->subtype == PTY_TYPE_MASTER); 2068 if (!noctty) 2069 tty_open_proc_set_tty(filp, tty); 2070 tty_unlock(tty); 2071 return 0; 2072 } 2073 2074 2075 2076 /** 2077 * tty_poll - check tty status 2078 * @filp: file being polled 2079 * @wait: poll wait structures to update 2080 * 2081 * Call the line discipline polling method to obtain the poll 2082 * status of the device. 2083 * 2084 * Locking: locks called line discipline but ldisc poll method 2085 * may be re-entered freely by other callers. 2086 */ 2087 2088 static __poll_t tty_poll(struct file *filp, poll_table *wait) 2089 { 2090 struct tty_struct *tty = file_tty(filp); 2091 struct tty_ldisc *ld; 2092 __poll_t ret = 0; 2093 2094 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll")) 2095 return 0; 2096 2097 ld = tty_ldisc_ref_wait(tty); 2098 if (!ld) 2099 return hung_up_tty_poll(filp, wait); 2100 if (ld->ops->poll) 2101 ret = ld->ops->poll(tty, filp, wait); 2102 tty_ldisc_deref(ld); 2103 return ret; 2104 } 2105 2106 static int __tty_fasync(int fd, struct file *filp, int on) 2107 { 2108 struct tty_struct *tty = file_tty(filp); 2109 unsigned long flags; 2110 int retval = 0; 2111 2112 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync")) 2113 goto out; 2114 2115 retval = fasync_helper(fd, filp, on, &tty->fasync); 2116 if (retval <= 0) 2117 goto out; 2118 2119 if (on) { 2120 enum pid_type type; 2121 struct pid *pid; 2122 2123 spin_lock_irqsave(&tty->ctrl_lock, flags); 2124 if (tty->pgrp) { 2125 pid = tty->pgrp; 2126 type = PIDTYPE_PGID; 2127 } else { 2128 pid = task_pid(current); 2129 type = PIDTYPE_TGID; 2130 } 2131 get_pid(pid); 2132 spin_unlock_irqrestore(&tty->ctrl_lock, flags); 2133 __f_setown(filp, pid, type, 0); 2134 put_pid(pid); 2135 retval = 0; 2136 } 2137 out: 2138 return retval; 2139 } 2140 2141 static int tty_fasync(int fd, struct file *filp, int on) 2142 { 2143 struct tty_struct *tty = file_tty(filp); 2144 int retval = -ENOTTY; 2145 2146 tty_lock(tty); 2147 if (!tty_hung_up_p(filp)) 2148 retval = __tty_fasync(fd, filp, on); 2149 tty_unlock(tty); 2150 2151 return retval; 2152 } 2153 2154 /** 2155 * tiocsti - fake input character 2156 * @tty: tty to fake input into 2157 * @p: pointer to character 2158 * 2159 * Fake input to a tty device. Does the necessary locking and 2160 * input management. 2161 * 2162 * FIXME: does not honour flow control ?? 2163 * 2164 * Locking: 2165 * Called functions take tty_ldiscs_lock 2166 * current->signal->tty check is safe without locks 2167 * 2168 * FIXME: may race normal receive processing 2169 */ 2170 2171 static int tiocsti(struct tty_struct *tty, char __user *p) 2172 { 2173 char ch, mbz = 0; 2174 struct tty_ldisc *ld; 2175 2176 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) 2177 return -EPERM; 2178 if (get_user(ch, p)) 2179 return -EFAULT; 2180 tty_audit_tiocsti(tty, ch); 2181 ld = tty_ldisc_ref_wait(tty); 2182 if (!ld) 2183 return -EIO; 2184 ld->ops->receive_buf(tty, &ch, &mbz, 1); 2185 tty_ldisc_deref(ld); 2186 return 0; 2187 } 2188 2189 /** 2190 * tiocgwinsz - implement window query ioctl 2191 * @tty; tty 2192 * @arg: user buffer for result 2193 * 2194 * Copies the kernel idea of the window size into the user buffer. 2195 * 2196 * Locking: tty->winsize_mutex is taken to ensure the winsize data 2197 * is consistent. 2198 */ 2199 2200 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg) 2201 { 2202 int err; 2203 2204 mutex_lock(&tty->winsize_mutex); 2205 err = copy_to_user(arg, &tty->winsize, sizeof(*arg)); 2206 mutex_unlock(&tty->winsize_mutex); 2207 2208 return err ? -EFAULT: 0; 2209 } 2210 2211 /** 2212 * tty_do_resize - resize event 2213 * @tty: tty being resized 2214 * @rows: rows (character) 2215 * @cols: cols (character) 2216 * 2217 * Update the termios variables and send the necessary signals to 2218 * peform a terminal resize correctly 2219 */ 2220 2221 int tty_do_resize(struct tty_struct *tty, struct winsize *ws) 2222 { 2223 struct pid *pgrp; 2224 2225 /* Lock the tty */ 2226 mutex_lock(&tty->winsize_mutex); 2227 if (!memcmp(ws, &tty->winsize, sizeof(*ws))) 2228 goto done; 2229 2230 /* Signal the foreground process group */ 2231 pgrp = tty_get_pgrp(tty); 2232 if (pgrp) 2233 kill_pgrp(pgrp, SIGWINCH, 1); 2234 put_pid(pgrp); 2235 2236 tty->winsize = *ws; 2237 done: 2238 mutex_unlock(&tty->winsize_mutex); 2239 return 0; 2240 } 2241 EXPORT_SYMBOL(tty_do_resize); 2242 2243 /** 2244 * tiocswinsz - implement window size set ioctl 2245 * @tty; tty side of tty 2246 * @arg: user buffer for result 2247 * 2248 * Copies the user idea of the window size to the kernel. Traditionally 2249 * this is just advisory information but for the Linux console it 2250 * actually has driver level meaning and triggers a VC resize. 2251 * 2252 * Locking: 2253 * Driver dependent. The default do_resize method takes the 2254 * tty termios mutex and ctrl_lock. The console takes its own lock 2255 * then calls into the default method. 2256 */ 2257 2258 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg) 2259 { 2260 struct winsize tmp_ws; 2261 if (copy_from_user(&tmp_ws, arg, sizeof(*arg))) 2262 return -EFAULT; 2263 2264 if (tty->ops->resize) 2265 return tty->ops->resize(tty, &tmp_ws); 2266 else 2267 return tty_do_resize(tty, &tmp_ws); 2268 } 2269 2270 /** 2271 * tioccons - allow admin to move logical console 2272 * @file: the file to become console 2273 * 2274 * Allow the administrator to move the redirected console device 2275 * 2276 * Locking: uses redirect_lock to guard the redirect information 2277 */ 2278 2279 static int tioccons(struct file *file) 2280 { 2281 if (!capable(CAP_SYS_ADMIN)) 2282 return -EPERM; 2283 if (file->f_op->write == redirected_tty_write) { 2284 struct file *f; 2285 spin_lock(&redirect_lock); 2286 f = redirect; 2287 redirect = NULL; 2288 spin_unlock(&redirect_lock); 2289 if (f) 2290 fput(f); 2291 return 0; 2292 } 2293 spin_lock(&redirect_lock); 2294 if (redirect) { 2295 spin_unlock(&redirect_lock); 2296 return -EBUSY; 2297 } 2298 redirect = get_file(file); 2299 spin_unlock(&redirect_lock); 2300 return 0; 2301 } 2302 2303 /** 2304 * tiocsetd - set line discipline 2305 * @tty: tty device 2306 * @p: pointer to user data 2307 * 2308 * Set the line discipline according to user request. 2309 * 2310 * Locking: see tty_set_ldisc, this function is just a helper 2311 */ 2312 2313 static int tiocsetd(struct tty_struct *tty, int __user *p) 2314 { 2315 int disc; 2316 int ret; 2317 2318 if (get_user(disc, p)) 2319 return -EFAULT; 2320 2321 ret = tty_set_ldisc(tty, disc); 2322 2323 return ret; 2324 } 2325 2326 /** 2327 * tiocgetd - get line discipline 2328 * @tty: tty device 2329 * @p: pointer to user data 2330 * 2331 * Retrieves the line discipline id directly from the ldisc. 2332 * 2333 * Locking: waits for ldisc reference (in case the line discipline 2334 * is changing or the tty is being hungup) 2335 */ 2336 2337 static int tiocgetd(struct tty_struct *tty, int __user *p) 2338 { 2339 struct tty_ldisc *ld; 2340 int ret; 2341 2342 ld = tty_ldisc_ref_wait(tty); 2343 if (!ld) 2344 return -EIO; 2345 ret = put_user(ld->ops->num, p); 2346 tty_ldisc_deref(ld); 2347 return ret; 2348 } 2349 2350 /** 2351 * send_break - performed time break 2352 * @tty: device to break on 2353 * @duration: timeout in mS 2354 * 2355 * Perform a timed break on hardware that lacks its own driver level 2356 * timed break functionality. 2357 * 2358 * Locking: 2359 * atomic_write_lock serializes 2360 * 2361 */ 2362 2363 static int send_break(struct tty_struct *tty, unsigned int duration) 2364 { 2365 int retval; 2366 2367 if (tty->ops->break_ctl == NULL) 2368 return 0; 2369 2370 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK) 2371 retval = tty->ops->break_ctl(tty, duration); 2372 else { 2373 /* Do the work ourselves */ 2374 if (tty_write_lock(tty, 0) < 0) 2375 return -EINTR; 2376 retval = tty->ops->break_ctl(tty, -1); 2377 if (retval) 2378 goto out; 2379 if (!signal_pending(current)) 2380 msleep_interruptible(duration); 2381 retval = tty->ops->break_ctl(tty, 0); 2382 out: 2383 tty_write_unlock(tty); 2384 if (signal_pending(current)) 2385 retval = -EINTR; 2386 } 2387 return retval; 2388 } 2389 2390 /** 2391 * tty_tiocmget - get modem status 2392 * @tty: tty device 2393 * @file: user file pointer 2394 * @p: pointer to result 2395 * 2396 * Obtain the modem status bits from the tty driver if the feature 2397 * is supported. Return -EINVAL if it is not available. 2398 * 2399 * Locking: none (up to the driver) 2400 */ 2401 2402 static int tty_tiocmget(struct tty_struct *tty, int __user *p) 2403 { 2404 int retval = -EINVAL; 2405 2406 if (tty->ops->tiocmget) { 2407 retval = tty->ops->tiocmget(tty); 2408 2409 if (retval >= 0) 2410 retval = put_user(retval, p); 2411 } 2412 return retval; 2413 } 2414 2415 /** 2416 * tty_tiocmset - set modem status 2417 * @tty: tty device 2418 * @cmd: command - clear bits, set bits or set all 2419 * @p: pointer to desired bits 2420 * 2421 * Set the modem status bits from the tty driver if the feature 2422 * is supported. Return -EINVAL if it is not available. 2423 * 2424 * Locking: none (up to the driver) 2425 */ 2426 2427 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd, 2428 unsigned __user *p) 2429 { 2430 int retval; 2431 unsigned int set, clear, val; 2432 2433 if (tty->ops->tiocmset == NULL) 2434 return -EINVAL; 2435 2436 retval = get_user(val, p); 2437 if (retval) 2438 return retval; 2439 set = clear = 0; 2440 switch (cmd) { 2441 case TIOCMBIS: 2442 set = val; 2443 break; 2444 case TIOCMBIC: 2445 clear = val; 2446 break; 2447 case TIOCMSET: 2448 set = val; 2449 clear = ~val; 2450 break; 2451 } 2452 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2453 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP; 2454 return tty->ops->tiocmset(tty, set, clear); 2455 } 2456 2457 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg) 2458 { 2459 int retval = -EINVAL; 2460 struct serial_icounter_struct icount; 2461 memset(&icount, 0, sizeof(icount)); 2462 if (tty->ops->get_icount) 2463 retval = tty->ops->get_icount(tty, &icount); 2464 if (retval != 0) 2465 return retval; 2466 if (copy_to_user(arg, &icount, sizeof(icount))) 2467 return -EFAULT; 2468 return 0; 2469 } 2470 2471 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss) 2472 { 2473 static DEFINE_RATELIMIT_STATE(depr_flags, 2474 DEFAULT_RATELIMIT_INTERVAL, 2475 DEFAULT_RATELIMIT_BURST); 2476 char comm[TASK_COMM_LEN]; 2477 struct serial_struct v; 2478 int flags; 2479 2480 if (copy_from_user(&v, ss, sizeof(struct serial_struct))) 2481 return -EFAULT; 2482 2483 flags = v.flags & ASYNC_DEPRECATED; 2484 2485 if (flags && __ratelimit(&depr_flags)) 2486 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2487 __func__, get_task_comm(comm, current), flags); 2488 if (!tty->ops->set_serial) 2489 return -ENOTTY; 2490 return tty->ops->set_serial(tty, &v); 2491 } 2492 2493 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss) 2494 { 2495 struct serial_struct v; 2496 int err; 2497 2498 memset(&v, 0, sizeof(struct serial_struct)); 2499 if (!tty->ops->get_serial) 2500 return -ENOTTY; 2501 err = tty->ops->get_serial(tty, &v); 2502 if (!err && copy_to_user(ss, &v, sizeof(struct serial_struct))) 2503 err = -EFAULT; 2504 return err; 2505 } 2506 2507 /* 2508 * if pty, return the slave side (real_tty) 2509 * otherwise, return self 2510 */ 2511 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty) 2512 { 2513 if (tty->driver->type == TTY_DRIVER_TYPE_PTY && 2514 tty->driver->subtype == PTY_TYPE_MASTER) 2515 tty = tty->link; 2516 return tty; 2517 } 2518 2519 /* 2520 * Split this up, as gcc can choke on it otherwise.. 2521 */ 2522 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 2523 { 2524 struct tty_struct *tty = file_tty(file); 2525 struct tty_struct *real_tty; 2526 void __user *p = (void __user *)arg; 2527 int retval; 2528 struct tty_ldisc *ld; 2529 2530 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2531 return -EINVAL; 2532 2533 real_tty = tty_pair_get_tty(tty); 2534 2535 /* 2536 * Factor out some common prep work 2537 */ 2538 switch (cmd) { 2539 case TIOCSETD: 2540 case TIOCSBRK: 2541 case TIOCCBRK: 2542 case TCSBRK: 2543 case TCSBRKP: 2544 retval = tty_check_change(tty); 2545 if (retval) 2546 return retval; 2547 if (cmd != TIOCCBRK) { 2548 tty_wait_until_sent(tty, 0); 2549 if (signal_pending(current)) 2550 return -EINTR; 2551 } 2552 break; 2553 } 2554 2555 /* 2556 * Now do the stuff. 2557 */ 2558 switch (cmd) { 2559 case TIOCSTI: 2560 return tiocsti(tty, p); 2561 case TIOCGWINSZ: 2562 return tiocgwinsz(real_tty, p); 2563 case TIOCSWINSZ: 2564 return tiocswinsz(real_tty, p); 2565 case TIOCCONS: 2566 return real_tty != tty ? -EINVAL : tioccons(file); 2567 case TIOCEXCL: 2568 set_bit(TTY_EXCLUSIVE, &tty->flags); 2569 return 0; 2570 case TIOCNXCL: 2571 clear_bit(TTY_EXCLUSIVE, &tty->flags); 2572 return 0; 2573 case TIOCGEXCL: 2574 { 2575 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags); 2576 return put_user(excl, (int __user *)p); 2577 } 2578 case TIOCGETD: 2579 return tiocgetd(tty, p); 2580 case TIOCSETD: 2581 return tiocsetd(tty, p); 2582 case TIOCVHANGUP: 2583 if (!capable(CAP_SYS_ADMIN)) 2584 return -EPERM; 2585 tty_vhangup(tty); 2586 return 0; 2587 case TIOCGDEV: 2588 { 2589 unsigned int ret = new_encode_dev(tty_devnum(real_tty)); 2590 return put_user(ret, (unsigned int __user *)p); 2591 } 2592 /* 2593 * Break handling 2594 */ 2595 case TIOCSBRK: /* Turn break on, unconditionally */ 2596 if (tty->ops->break_ctl) 2597 return tty->ops->break_ctl(tty, -1); 2598 return 0; 2599 case TIOCCBRK: /* Turn break off, unconditionally */ 2600 if (tty->ops->break_ctl) 2601 return tty->ops->break_ctl(tty, 0); 2602 return 0; 2603 case TCSBRK: /* SVID version: non-zero arg --> no break */ 2604 /* non-zero arg means wait for all output data 2605 * to be sent (performed above) but don't send break. 2606 * This is used by the tcdrain() termios function. 2607 */ 2608 if (!arg) 2609 return send_break(tty, 250); 2610 return 0; 2611 case TCSBRKP: /* support for POSIX tcsendbreak() */ 2612 return send_break(tty, arg ? arg*100 : 250); 2613 2614 case TIOCMGET: 2615 return tty_tiocmget(tty, p); 2616 case TIOCMSET: 2617 case TIOCMBIC: 2618 case TIOCMBIS: 2619 return tty_tiocmset(tty, cmd, p); 2620 case TIOCGICOUNT: 2621 return tty_tiocgicount(tty, p); 2622 case TCFLSH: 2623 switch (arg) { 2624 case TCIFLUSH: 2625 case TCIOFLUSH: 2626 /* flush tty buffer and allow ldisc to process ioctl */ 2627 tty_buffer_flush(tty, NULL); 2628 break; 2629 } 2630 break; 2631 case TIOCSSERIAL: 2632 return tty_tiocsserial(tty, p); 2633 case TIOCGSERIAL: 2634 return tty_tiocgserial(tty, p); 2635 case TIOCGPTPEER: 2636 /* Special because the struct file is needed */ 2637 return ptm_open_peer(file, tty, (int)arg); 2638 default: 2639 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg); 2640 if (retval != -ENOIOCTLCMD) 2641 return retval; 2642 } 2643 if (tty->ops->ioctl) { 2644 retval = tty->ops->ioctl(tty, cmd, arg); 2645 if (retval != -ENOIOCTLCMD) 2646 return retval; 2647 } 2648 ld = tty_ldisc_ref_wait(tty); 2649 if (!ld) 2650 return hung_up_tty_ioctl(file, cmd, arg); 2651 retval = -EINVAL; 2652 if (ld->ops->ioctl) { 2653 retval = ld->ops->ioctl(tty, file, cmd, arg); 2654 if (retval == -ENOIOCTLCMD) 2655 retval = -ENOTTY; 2656 } 2657 tty_ldisc_deref(ld); 2658 return retval; 2659 } 2660 2661 #ifdef CONFIG_COMPAT 2662 2663 struct serial_struct32 { 2664 compat_int_t type; 2665 compat_int_t line; 2666 compat_uint_t port; 2667 compat_int_t irq; 2668 compat_int_t flags; 2669 compat_int_t xmit_fifo_size; 2670 compat_int_t custom_divisor; 2671 compat_int_t baud_base; 2672 unsigned short close_delay; 2673 char io_type; 2674 char reserved_char[1]; 2675 compat_int_t hub6; 2676 unsigned short closing_wait; /* time to wait before closing */ 2677 unsigned short closing_wait2; /* no longer used... */ 2678 compat_uint_t iomem_base; 2679 unsigned short iomem_reg_shift; 2680 unsigned int port_high; 2681 /* compat_ulong_t iomap_base FIXME */ 2682 compat_int_t reserved[1]; 2683 }; 2684 2685 static int compat_tty_tiocsserial(struct tty_struct *tty, 2686 struct serial_struct32 __user *ss) 2687 { 2688 static DEFINE_RATELIMIT_STATE(depr_flags, 2689 DEFAULT_RATELIMIT_INTERVAL, 2690 DEFAULT_RATELIMIT_BURST); 2691 char comm[TASK_COMM_LEN]; 2692 struct serial_struct32 v32; 2693 struct serial_struct v; 2694 int flags; 2695 2696 if (copy_from_user(&v32, ss, sizeof(struct serial_struct32))) 2697 return -EFAULT; 2698 2699 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base)); 2700 v.iomem_base = compat_ptr(v32.iomem_base); 2701 v.iomem_reg_shift = v32.iomem_reg_shift; 2702 v.port_high = v32.port_high; 2703 v.iomap_base = 0; 2704 2705 flags = v.flags & ASYNC_DEPRECATED; 2706 2707 if (flags && __ratelimit(&depr_flags)) 2708 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n", 2709 __func__, get_task_comm(comm, current), flags); 2710 if (!tty->ops->set_serial) 2711 return -ENOTTY; 2712 return tty->ops->set_serial(tty, &v); 2713 } 2714 2715 static int compat_tty_tiocgserial(struct tty_struct *tty, 2716 struct serial_struct32 __user *ss) 2717 { 2718 struct serial_struct32 v32; 2719 struct serial_struct v; 2720 int err; 2721 memset(&v, 0, sizeof(struct serial_struct)); 2722 2723 if (!tty->ops->set_serial) 2724 return -ENOTTY; 2725 err = tty->ops->get_serial(tty, &v); 2726 if (!err) { 2727 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base)); 2728 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ? 2729 0xfffffff : ptr_to_compat(v.iomem_base); 2730 v32.iomem_reg_shift = v.iomem_reg_shift; 2731 v32.port_high = v.port_high; 2732 if (copy_to_user(ss, &v32, sizeof(struct serial_struct32))) 2733 err = -EFAULT; 2734 } 2735 return err; 2736 } 2737 static long tty_compat_ioctl(struct file *file, unsigned int cmd, 2738 unsigned long arg) 2739 { 2740 struct tty_struct *tty = file_tty(file); 2741 struct tty_ldisc *ld; 2742 int retval = -ENOIOCTLCMD; 2743 2744 switch (cmd) { 2745 case TIOCSTI: 2746 case TIOCGWINSZ: 2747 case TIOCSWINSZ: 2748 case TIOCGEXCL: 2749 case TIOCGETD: 2750 case TIOCSETD: 2751 case TIOCGDEV: 2752 case TIOCMGET: 2753 case TIOCMSET: 2754 case TIOCMBIC: 2755 case TIOCMBIS: 2756 case TIOCGICOUNT: 2757 case TIOCGPGRP: 2758 case TIOCSPGRP: 2759 case TIOCGSID: 2760 case TIOCSERGETLSR: 2761 case TIOCGRS485: 2762 case TIOCSRS485: 2763 #ifdef TIOCGETP 2764 case TIOCGETP: 2765 case TIOCSETP: 2766 case TIOCSETN: 2767 #endif 2768 #ifdef TIOCGETC 2769 case TIOCGETC: 2770 case TIOCSETC: 2771 #endif 2772 #ifdef TIOCGLTC 2773 case TIOCGLTC: 2774 case TIOCSLTC: 2775 #endif 2776 case TCSETSF: 2777 case TCSETSW: 2778 case TCSETS: 2779 case TCGETS: 2780 #ifdef TCGETS2 2781 case TCGETS2: 2782 case TCSETSF2: 2783 case TCSETSW2: 2784 case TCSETS2: 2785 #endif 2786 case TCGETA: 2787 case TCSETAF: 2788 case TCSETAW: 2789 case TCSETA: 2790 case TIOCGLCKTRMIOS: 2791 case TIOCSLCKTRMIOS: 2792 #ifdef TCGETX 2793 case TCGETX: 2794 case TCSETX: 2795 case TCSETXW: 2796 case TCSETXF: 2797 #endif 2798 case TIOCGSOFTCAR: 2799 case TIOCSSOFTCAR: 2800 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 2801 case TIOCCONS: 2802 case TIOCEXCL: 2803 case TIOCNXCL: 2804 case TIOCVHANGUP: 2805 case TIOCSBRK: 2806 case TIOCCBRK: 2807 case TCSBRK: 2808 case TCSBRKP: 2809 case TCFLSH: 2810 case TIOCGPTPEER: 2811 case TIOCNOTTY: 2812 case TIOCSCTTY: 2813 case TCXONC: 2814 case TIOCMIWAIT: 2815 case TIOCSERCONFIG: 2816 return tty_ioctl(file, cmd, arg); 2817 } 2818 2819 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl")) 2820 return -EINVAL; 2821 2822 switch (cmd) { 2823 case TIOCSSERIAL: 2824 return compat_tty_tiocsserial(tty, compat_ptr(arg)); 2825 case TIOCGSERIAL: 2826 return compat_tty_tiocgserial(tty, compat_ptr(arg)); 2827 } 2828 if (tty->ops->compat_ioctl) { 2829 retval = tty->ops->compat_ioctl(tty, cmd, arg); 2830 if (retval != -ENOIOCTLCMD) 2831 return retval; 2832 } 2833 2834 ld = tty_ldisc_ref_wait(tty); 2835 if (!ld) 2836 return hung_up_tty_compat_ioctl(file, cmd, arg); 2837 if (ld->ops->compat_ioctl) 2838 retval = ld->ops->compat_ioctl(tty, file, cmd, arg); 2839 if (retval == -ENOIOCTLCMD && ld->ops->ioctl) 2840 retval = ld->ops->ioctl(tty, file, 2841 (unsigned long)compat_ptr(cmd), arg); 2842 tty_ldisc_deref(ld); 2843 2844 return retval; 2845 } 2846 #endif 2847 2848 static int this_tty(const void *t, struct file *file, unsigned fd) 2849 { 2850 if (likely(file->f_op->read != tty_read)) 2851 return 0; 2852 return file_tty(file) != t ? 0 : fd + 1; 2853 } 2854 2855 /* 2856 * This implements the "Secure Attention Key" --- the idea is to 2857 * prevent trojan horses by killing all processes associated with this 2858 * tty when the user hits the "Secure Attention Key". Required for 2859 * super-paranoid applications --- see the Orange Book for more details. 2860 * 2861 * This code could be nicer; ideally it should send a HUP, wait a few 2862 * seconds, then send a INT, and then a KILL signal. But you then 2863 * have to coordinate with the init process, since all processes associated 2864 * with the current tty must be dead before the new getty is allowed 2865 * to spawn. 2866 * 2867 * Now, if it would be correct ;-/ The current code has a nasty hole - 2868 * it doesn't catch files in flight. We may send the descriptor to ourselves 2869 * via AF_UNIX socket, close it and later fetch from socket. FIXME. 2870 * 2871 * Nasty bug: do_SAK is being called in interrupt context. This can 2872 * deadlock. We punt it up to process context. AKPM - 16Mar2001 2873 */ 2874 void __do_SAK(struct tty_struct *tty) 2875 { 2876 #ifdef TTY_SOFT_SAK 2877 tty_hangup(tty); 2878 #else 2879 struct task_struct *g, *p; 2880 struct pid *session; 2881 int i; 2882 2883 if (!tty) 2884 return; 2885 session = tty->session; 2886 2887 tty_ldisc_flush(tty); 2888 2889 tty_driver_flush_buffer(tty); 2890 2891 read_lock(&tasklist_lock); 2892 /* Kill the entire session */ 2893 do_each_pid_task(session, PIDTYPE_SID, p) { 2894 tty_notice(tty, "SAK: killed process %d (%s): by session\n", 2895 task_pid_nr(p), p->comm); 2896 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2897 } while_each_pid_task(session, PIDTYPE_SID, p); 2898 2899 /* Now kill any processes that happen to have the tty open */ 2900 do_each_thread(g, p) { 2901 if (p->signal->tty == tty) { 2902 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n", 2903 task_pid_nr(p), p->comm); 2904 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2905 continue; 2906 } 2907 task_lock(p); 2908 i = iterate_fd(p->files, 0, this_tty, tty); 2909 if (i != 0) { 2910 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n", 2911 task_pid_nr(p), p->comm, i - 1); 2912 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID); 2913 } 2914 task_unlock(p); 2915 } while_each_thread(g, p); 2916 read_unlock(&tasklist_lock); 2917 #endif 2918 } 2919 2920 static void do_SAK_work(struct work_struct *work) 2921 { 2922 struct tty_struct *tty = 2923 container_of(work, struct tty_struct, SAK_work); 2924 __do_SAK(tty); 2925 } 2926 2927 /* 2928 * The tq handling here is a little racy - tty->SAK_work may already be queued. 2929 * Fortunately we don't need to worry, because if ->SAK_work is already queued, 2930 * the values which we write to it will be identical to the values which it 2931 * already has. --akpm 2932 */ 2933 void do_SAK(struct tty_struct *tty) 2934 { 2935 if (!tty) 2936 return; 2937 schedule_work(&tty->SAK_work); 2938 } 2939 2940 EXPORT_SYMBOL(do_SAK); 2941 2942 static int dev_match_devt(struct device *dev, const void *data) 2943 { 2944 const dev_t *devt = data; 2945 return dev->devt == *devt; 2946 } 2947 2948 /* Must put_device() after it's unused! */ 2949 static struct device *tty_get_device(struct tty_struct *tty) 2950 { 2951 dev_t devt = tty_devnum(tty); 2952 return class_find_device(tty_class, NULL, &devt, dev_match_devt); 2953 } 2954 2955 2956 /** 2957 * alloc_tty_struct 2958 * 2959 * This subroutine allocates and initializes a tty structure. 2960 * 2961 * Locking: none - tty in question is not exposed at this point 2962 */ 2963 2964 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) 2965 { 2966 struct tty_struct *tty; 2967 2968 tty = kzalloc(sizeof(*tty), GFP_KERNEL); 2969 if (!tty) 2970 return NULL; 2971 2972 kref_init(&tty->kref); 2973 tty->magic = TTY_MAGIC; 2974 if (tty_ldisc_init(tty)) { 2975 kfree(tty); 2976 return NULL; 2977 } 2978 tty->session = NULL; 2979 tty->pgrp = NULL; 2980 mutex_init(&tty->legacy_mutex); 2981 mutex_init(&tty->throttle_mutex); 2982 init_rwsem(&tty->termios_rwsem); 2983 mutex_init(&tty->winsize_mutex); 2984 init_ldsem(&tty->ldisc_sem); 2985 init_waitqueue_head(&tty->write_wait); 2986 init_waitqueue_head(&tty->read_wait); 2987 INIT_WORK(&tty->hangup_work, do_tty_hangup); 2988 mutex_init(&tty->atomic_write_lock); 2989 spin_lock_init(&tty->ctrl_lock); 2990 spin_lock_init(&tty->flow_lock); 2991 spin_lock_init(&tty->files_lock); 2992 INIT_LIST_HEAD(&tty->tty_files); 2993 INIT_WORK(&tty->SAK_work, do_SAK_work); 2994 2995 tty->driver = driver; 2996 tty->ops = driver->ops; 2997 tty->index = idx; 2998 tty_line_name(driver, idx, tty->name); 2999 tty->dev = tty_get_device(tty); 3000 3001 return tty; 3002 } 3003 3004 /** 3005 * tty_put_char - write one character to a tty 3006 * @tty: tty 3007 * @ch: character 3008 * 3009 * Write one byte to the tty using the provided put_char method 3010 * if present. Returns the number of characters successfully output. 3011 * 3012 * Note: the specific put_char operation in the driver layer may go 3013 * away soon. Don't call it directly, use this method 3014 */ 3015 3016 int tty_put_char(struct tty_struct *tty, unsigned char ch) 3017 { 3018 if (tty->ops->put_char) 3019 return tty->ops->put_char(tty, ch); 3020 return tty->ops->write(tty, &ch, 1); 3021 } 3022 EXPORT_SYMBOL_GPL(tty_put_char); 3023 3024 struct class *tty_class; 3025 3026 static int tty_cdev_add(struct tty_driver *driver, dev_t dev, 3027 unsigned int index, unsigned int count) 3028 { 3029 int err; 3030 3031 /* init here, since reused cdevs cause crashes */ 3032 driver->cdevs[index] = cdev_alloc(); 3033 if (!driver->cdevs[index]) 3034 return -ENOMEM; 3035 driver->cdevs[index]->ops = &tty_fops; 3036 driver->cdevs[index]->owner = driver->owner; 3037 err = cdev_add(driver->cdevs[index], dev, count); 3038 if (err) 3039 kobject_put(&driver->cdevs[index]->kobj); 3040 return err; 3041 } 3042 3043 /** 3044 * tty_register_device - register a tty device 3045 * @driver: the tty driver that describes the tty device 3046 * @index: the index in the tty driver for this tty device 3047 * @device: a struct device that is associated with this tty device. 3048 * This field is optional, if there is no known struct device 3049 * for this tty device it can be set to NULL safely. 3050 * 3051 * Returns a pointer to the struct device for this tty device 3052 * (or ERR_PTR(-EFOO) on error). 3053 * 3054 * This call is required to be made to register an individual tty device 3055 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3056 * that bit is not set, this function should not be called by a tty 3057 * driver. 3058 * 3059 * Locking: ?? 3060 */ 3061 3062 struct device *tty_register_device(struct tty_driver *driver, unsigned index, 3063 struct device *device) 3064 { 3065 return tty_register_device_attr(driver, index, device, NULL, NULL); 3066 } 3067 EXPORT_SYMBOL(tty_register_device); 3068 3069 static void tty_device_create_release(struct device *dev) 3070 { 3071 dev_dbg(dev, "releasing...\n"); 3072 kfree(dev); 3073 } 3074 3075 /** 3076 * tty_register_device_attr - register a tty device 3077 * @driver: the tty driver that describes the tty device 3078 * @index: the index in the tty driver for this tty device 3079 * @device: a struct device that is associated with this tty device. 3080 * This field is optional, if there is no known struct device 3081 * for this tty device it can be set to NULL safely. 3082 * @drvdata: Driver data to be set to device. 3083 * @attr_grp: Attribute group to be set on device. 3084 * 3085 * Returns a pointer to the struct device for this tty device 3086 * (or ERR_PTR(-EFOO) on error). 3087 * 3088 * This call is required to be made to register an individual tty device 3089 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If 3090 * that bit is not set, this function should not be called by a tty 3091 * driver. 3092 * 3093 * Locking: ?? 3094 */ 3095 struct device *tty_register_device_attr(struct tty_driver *driver, 3096 unsigned index, struct device *device, 3097 void *drvdata, 3098 const struct attribute_group **attr_grp) 3099 { 3100 char name[64]; 3101 dev_t devt = MKDEV(driver->major, driver->minor_start) + index; 3102 struct ktermios *tp; 3103 struct device *dev; 3104 int retval; 3105 3106 if (index >= driver->num) { 3107 pr_err("%s: Attempt to register invalid tty line number (%d)\n", 3108 driver->name, index); 3109 return ERR_PTR(-EINVAL); 3110 } 3111 3112 if (driver->type == TTY_DRIVER_TYPE_PTY) 3113 pty_line_name(driver, index, name); 3114 else 3115 tty_line_name(driver, index, name); 3116 3117 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3118 if (!dev) 3119 return ERR_PTR(-ENOMEM); 3120 3121 dev->devt = devt; 3122 dev->class = tty_class; 3123 dev->parent = device; 3124 dev->release = tty_device_create_release; 3125 dev_set_name(dev, "%s", name); 3126 dev->groups = attr_grp; 3127 dev_set_drvdata(dev, drvdata); 3128 3129 dev_set_uevent_suppress(dev, 1); 3130 3131 retval = device_register(dev); 3132 if (retval) 3133 goto err_put; 3134 3135 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3136 /* 3137 * Free any saved termios data so that the termios state is 3138 * reset when reusing a minor number. 3139 */ 3140 tp = driver->termios[index]; 3141 if (tp) { 3142 driver->termios[index] = NULL; 3143 kfree(tp); 3144 } 3145 3146 retval = tty_cdev_add(driver, devt, index, 1); 3147 if (retval) 3148 goto err_del; 3149 } 3150 3151 dev_set_uevent_suppress(dev, 0); 3152 kobject_uevent(&dev->kobj, KOBJ_ADD); 3153 3154 return dev; 3155 3156 err_del: 3157 device_del(dev); 3158 err_put: 3159 put_device(dev); 3160 3161 return ERR_PTR(retval); 3162 } 3163 EXPORT_SYMBOL_GPL(tty_register_device_attr); 3164 3165 /** 3166 * tty_unregister_device - unregister a tty device 3167 * @driver: the tty driver that describes the tty device 3168 * @index: the index in the tty driver for this tty device 3169 * 3170 * If a tty device is registered with a call to tty_register_device() then 3171 * this function must be called when the tty device is gone. 3172 * 3173 * Locking: ?? 3174 */ 3175 3176 void tty_unregister_device(struct tty_driver *driver, unsigned index) 3177 { 3178 device_destroy(tty_class, 3179 MKDEV(driver->major, driver->minor_start) + index); 3180 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3181 cdev_del(driver->cdevs[index]); 3182 driver->cdevs[index] = NULL; 3183 } 3184 } 3185 EXPORT_SYMBOL(tty_unregister_device); 3186 3187 /** 3188 * __tty_alloc_driver -- allocate tty driver 3189 * @lines: count of lines this driver can handle at most 3190 * @owner: module which is responsible for this driver 3191 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags 3192 * 3193 * This should not be called directly, some of the provided macros should be 3194 * used instead. Use IS_ERR and friends on @retval. 3195 */ 3196 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner, 3197 unsigned long flags) 3198 { 3199 struct tty_driver *driver; 3200 unsigned int cdevs = 1; 3201 int err; 3202 3203 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1)) 3204 return ERR_PTR(-EINVAL); 3205 3206 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL); 3207 if (!driver) 3208 return ERR_PTR(-ENOMEM); 3209 3210 kref_init(&driver->kref); 3211 driver->magic = TTY_DRIVER_MAGIC; 3212 driver->num = lines; 3213 driver->owner = owner; 3214 driver->flags = flags; 3215 3216 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) { 3217 driver->ttys = kcalloc(lines, sizeof(*driver->ttys), 3218 GFP_KERNEL); 3219 driver->termios = kcalloc(lines, sizeof(*driver->termios), 3220 GFP_KERNEL); 3221 if (!driver->ttys || !driver->termios) { 3222 err = -ENOMEM; 3223 goto err_free_all; 3224 } 3225 } 3226 3227 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) { 3228 driver->ports = kcalloc(lines, sizeof(*driver->ports), 3229 GFP_KERNEL); 3230 if (!driver->ports) { 3231 err = -ENOMEM; 3232 goto err_free_all; 3233 } 3234 cdevs = lines; 3235 } 3236 3237 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL); 3238 if (!driver->cdevs) { 3239 err = -ENOMEM; 3240 goto err_free_all; 3241 } 3242 3243 return driver; 3244 err_free_all: 3245 kfree(driver->ports); 3246 kfree(driver->ttys); 3247 kfree(driver->termios); 3248 kfree(driver->cdevs); 3249 kfree(driver); 3250 return ERR_PTR(err); 3251 } 3252 EXPORT_SYMBOL(__tty_alloc_driver); 3253 3254 static void destruct_tty_driver(struct kref *kref) 3255 { 3256 struct tty_driver *driver = container_of(kref, struct tty_driver, kref); 3257 int i; 3258 struct ktermios *tp; 3259 3260 if (driver->flags & TTY_DRIVER_INSTALLED) { 3261 for (i = 0; i < driver->num; i++) { 3262 tp = driver->termios[i]; 3263 if (tp) { 3264 driver->termios[i] = NULL; 3265 kfree(tp); 3266 } 3267 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) 3268 tty_unregister_device(driver, i); 3269 } 3270 proc_tty_unregister_driver(driver); 3271 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) 3272 cdev_del(driver->cdevs[0]); 3273 } 3274 kfree(driver->cdevs); 3275 kfree(driver->ports); 3276 kfree(driver->termios); 3277 kfree(driver->ttys); 3278 kfree(driver); 3279 } 3280 3281 void tty_driver_kref_put(struct tty_driver *driver) 3282 { 3283 kref_put(&driver->kref, destruct_tty_driver); 3284 } 3285 EXPORT_SYMBOL(tty_driver_kref_put); 3286 3287 void tty_set_operations(struct tty_driver *driver, 3288 const struct tty_operations *op) 3289 { 3290 driver->ops = op; 3291 }; 3292 EXPORT_SYMBOL(tty_set_operations); 3293 3294 void put_tty_driver(struct tty_driver *d) 3295 { 3296 tty_driver_kref_put(d); 3297 } 3298 EXPORT_SYMBOL(put_tty_driver); 3299 3300 /* 3301 * Called by a tty driver to register itself. 3302 */ 3303 int tty_register_driver(struct tty_driver *driver) 3304 { 3305 int error; 3306 int i; 3307 dev_t dev; 3308 struct device *d; 3309 3310 if (!driver->major) { 3311 error = alloc_chrdev_region(&dev, driver->minor_start, 3312 driver->num, driver->name); 3313 if (!error) { 3314 driver->major = MAJOR(dev); 3315 driver->minor_start = MINOR(dev); 3316 } 3317 } else { 3318 dev = MKDEV(driver->major, driver->minor_start); 3319 error = register_chrdev_region(dev, driver->num, driver->name); 3320 } 3321 if (error < 0) 3322 goto err; 3323 3324 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) { 3325 error = tty_cdev_add(driver, dev, 0, driver->num); 3326 if (error) 3327 goto err_unreg_char; 3328 } 3329 3330 mutex_lock(&tty_mutex); 3331 list_add(&driver->tty_drivers, &tty_drivers); 3332 mutex_unlock(&tty_mutex); 3333 3334 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) { 3335 for (i = 0; i < driver->num; i++) { 3336 d = tty_register_device(driver, i, NULL); 3337 if (IS_ERR(d)) { 3338 error = PTR_ERR(d); 3339 goto err_unreg_devs; 3340 } 3341 } 3342 } 3343 proc_tty_register_driver(driver); 3344 driver->flags |= TTY_DRIVER_INSTALLED; 3345 return 0; 3346 3347 err_unreg_devs: 3348 for (i--; i >= 0; i--) 3349 tty_unregister_device(driver, i); 3350 3351 mutex_lock(&tty_mutex); 3352 list_del(&driver->tty_drivers); 3353 mutex_unlock(&tty_mutex); 3354 3355 err_unreg_char: 3356 unregister_chrdev_region(dev, driver->num); 3357 err: 3358 return error; 3359 } 3360 EXPORT_SYMBOL(tty_register_driver); 3361 3362 /* 3363 * Called by a tty driver to unregister itself. 3364 */ 3365 int tty_unregister_driver(struct tty_driver *driver) 3366 { 3367 #if 0 3368 /* FIXME */ 3369 if (driver->refcount) 3370 return -EBUSY; 3371 #endif 3372 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start), 3373 driver->num); 3374 mutex_lock(&tty_mutex); 3375 list_del(&driver->tty_drivers); 3376 mutex_unlock(&tty_mutex); 3377 return 0; 3378 } 3379 3380 EXPORT_SYMBOL(tty_unregister_driver); 3381 3382 dev_t tty_devnum(struct tty_struct *tty) 3383 { 3384 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 3385 } 3386 EXPORT_SYMBOL(tty_devnum); 3387 3388 void tty_default_fops(struct file_operations *fops) 3389 { 3390 *fops = tty_fops; 3391 } 3392 3393 static char *tty_devnode(struct device *dev, umode_t *mode) 3394 { 3395 if (!mode) 3396 return NULL; 3397 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) || 3398 dev->devt == MKDEV(TTYAUX_MAJOR, 2)) 3399 *mode = 0666; 3400 return NULL; 3401 } 3402 3403 static int __init tty_class_init(void) 3404 { 3405 tty_class = class_create(THIS_MODULE, "tty"); 3406 if (IS_ERR(tty_class)) 3407 return PTR_ERR(tty_class); 3408 tty_class->devnode = tty_devnode; 3409 return 0; 3410 } 3411 3412 postcore_initcall(tty_class_init); 3413 3414 /* 3/2004 jmc: why do these devices exist? */ 3415 static struct cdev tty_cdev, console_cdev; 3416 3417 static ssize_t show_cons_active(struct device *dev, 3418 struct device_attribute *attr, char *buf) 3419 { 3420 struct console *cs[16]; 3421 int i = 0; 3422 struct console *c; 3423 ssize_t count = 0; 3424 3425 console_lock(); 3426 for_each_console(c) { 3427 if (!c->device) 3428 continue; 3429 if (!c->write) 3430 continue; 3431 if ((c->flags & CON_ENABLED) == 0) 3432 continue; 3433 cs[i++] = c; 3434 if (i >= ARRAY_SIZE(cs)) 3435 break; 3436 } 3437 while (i--) { 3438 int index = cs[i]->index; 3439 struct tty_driver *drv = cs[i]->device(cs[i], &index); 3440 3441 /* don't resolve tty0 as some programs depend on it */ 3442 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR)) 3443 count += tty_line_name(drv, index, buf + count); 3444 else 3445 count += sprintf(buf + count, "%s%d", 3446 cs[i]->name, cs[i]->index); 3447 3448 count += sprintf(buf + count, "%c", i ? ' ':'\n'); 3449 } 3450 console_unlock(); 3451 3452 return count; 3453 } 3454 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL); 3455 3456 static struct attribute *cons_dev_attrs[] = { 3457 &dev_attr_active.attr, 3458 NULL 3459 }; 3460 3461 ATTRIBUTE_GROUPS(cons_dev); 3462 3463 static struct device *consdev; 3464 3465 void console_sysfs_notify(void) 3466 { 3467 if (consdev) 3468 sysfs_notify(&consdev->kobj, NULL, "active"); 3469 } 3470 3471 /* 3472 * Ok, now we can initialize the rest of the tty devices and can count 3473 * on memory allocations, interrupts etc.. 3474 */ 3475 int __init tty_init(void) 3476 { 3477 cdev_init(&tty_cdev, &tty_fops); 3478 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || 3479 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) 3480 panic("Couldn't register /dev/tty driver\n"); 3481 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty"); 3482 3483 cdev_init(&console_cdev, &console_fops); 3484 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) || 3485 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0) 3486 panic("Couldn't register /dev/console driver\n"); 3487 consdev = device_create_with_groups(tty_class, NULL, 3488 MKDEV(TTYAUX_MAJOR, 1), NULL, 3489 cons_dev_groups, "console"); 3490 if (IS_ERR(consdev)) 3491 consdev = NULL; 3492 3493 #ifdef CONFIG_VT 3494 vty_init(&console_fops); 3495 #endif 3496 return 0; 3497 } 3498 3499