]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - drivers/tty/tty_ldisc.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tty: Document unsafe ldisc reference acquire
[mirror_ubuntu-jammy-kernel.git] / drivers / tty / tty_ldisc.c
CommitLineData
01e1abb2 1#include <linux/types.h>
01e1abb2 2#include <linux/errno.h>
8b3ffa17 3#include <linux/kmod.h>
01e1abb2
AC		 4#include <linux/sched.h>
5#include <linux/interrupt.h>
6#include <linux/tty.h>
7#include <linux/tty_driver.h>
01e1abb2 8#include <linux/file.h>
01e1abb2
AC		 9#include <linux/mm.h>
10#include <linux/string.h>
11#include <linux/slab.h>
12#include <linux/poll.h>
13#include <linux/proc_fs.h>
14#include <linux/init.h>
15#include <linux/module.h>
01e1abb2
AC		 16#include <linux/device.h>
17#include <linux/wait.h>
18#include <linux/bitops.h>
01e1abb2 19#include <linux/seq_file.h>
01e1abb2 20#include <linux/uaccess.h>
0c73c08e 21#include <linux/ratelimit.h>
01e1abb2 22
fc575ee6
PH		 23#undef LDISC_DEBUG_HANGUP
24
25#ifdef LDISC_DEBUG_HANGUP
26#define tty_ldisc_debug(tty, f, args...) ({ \
27 char __b[64]; \
28 printk(KERN_DEBUG "%s: %s: " f, __func__, tty_name(tty, __b), ##args); \
29})
30#else
31#define tty_ldisc_debug(tty, f, args...)
32#endif
33
01e1abb2
AC		 34/*
35 * This guards the refcounted line discipline lists. The lock
36 * must be taken with irqs off because there are hangup path
37 * callers who will do ldisc lookups and cannot sleep.
38 */
39
c9739941 40static DEFINE_RAW_SPINLOCK(tty_ldisc_lock);
01e1abb2
AC		 41static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
42/* Line disc dispatch table */
43static struct tty_ldisc_ops *tty_ldiscs[NR_LDISCS];
44
45/**
46 * tty_register_ldisc - install a line discipline
47 * @disc: ldisc number
48 * @new_ldisc: pointer to the ldisc object
49 *
50 * Installs a new line discipline into the kernel. The discipline
51 * is set up as unreferenced and then made available to the kernel
52 * from this point onwards.
53 *
54 * Locking:
55 * takes tty_ldisc_lock to guard against ldisc races
56 */
57
58int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
59{
60 unsigned long flags;
61 int ret = 0;
62
63 if (disc < N_TTY || disc >= NR_LDISCS)
64 return -EINVAL;
65
c9739941 66 raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
01e1abb2
AC		 67 tty_ldiscs[disc] = new_ldisc;
68 new_ldisc->num = disc;
69 new_ldisc->refcount = 0;
c9739941 70 raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
01e1abb2
AC		 71
72 return ret;
73}
74EXPORT_SYMBOL(tty_register_ldisc);
75
76/**
77 * tty_unregister_ldisc - unload a line discipline
78 * @disc: ldisc number
79 * @new_ldisc: pointer to the ldisc object
80 *
81 * Remove a line discipline from the kernel providing it is not
82 * currently in use.
83 *
84 * Locking:
85 * takes tty_ldisc_lock to guard against ldisc races
86 */
87
88int tty_unregister_ldisc(int disc)
89{
90 unsigned long flags;
91 int ret = 0;
92
93 if (disc < N_TTY || disc >= NR_LDISCS)
94 return -EINVAL;
95
c9739941 96 raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
01e1abb2
AC		 97 if (tty_ldiscs[disc]->refcount)
98 ret = -EBUSY;
99 else
100 tty_ldiscs[disc] = NULL;
c9739941 101 raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
01e1abb2
AC		 102
103 return ret;
104}
105EXPORT_SYMBOL(tty_unregister_ldisc);
106
f0de0e8d
LT		 107static struct tty_ldisc_ops *get_ldops(int disc)
108{
109 unsigned long flags;
110 struct tty_ldisc_ops *ldops, *ret;
111
c9739941 112 raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
f0de0e8d
LT		 113 ret = ERR_PTR(-EINVAL);
114 ldops = tty_ldiscs[disc];
115 if (ldops) {
116 ret = ERR_PTR(-EAGAIN);
117 if (try_module_get(ldops->owner)) {
118 ldops->refcount++;
119 ret = ldops;
120 }
121 }
c9739941 122 raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
f0de0e8d
LT		 123 return ret;
124}
125
126static void put_ldops(struct tty_ldisc_ops *ldops)
127{
128 unsigned long flags;
129
c9739941 130 raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
f0de0e8d
LT		 131 ldops->refcount--;
132 module_put(ldops->owner);
c9739941 133 raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
f0de0e8d 134}
01e1abb2 135
01e1abb2
AC		 136/**
137 * tty_ldisc_get - take a reference to an ldisc
138 * @disc: ldisc number
01e1abb2
AC		 139 *
140 * Takes a reference to a line discipline. Deals with refcounts and
141 * module locking counts. Returns NULL if the discipline is not available.
142 * Returns a pointer to the discipline and bumps the ref count if it is
143 * available
144 *
145 * Locking:
146 * takes tty_ldisc_lock to guard against ldisc races
147 */
148
c65c9bc3 149static struct tty_ldisc *tty_ldisc_get(int disc)
01e1abb2 150{
c65c9bc3 151 struct tty_ldisc *ld;
182274f8 152 struct tty_ldisc_ops *ldops;
01e1abb2
AC		 153
154 if (disc < N_TTY || disc >= NR_LDISCS)
c65c9bc3 155 return ERR_PTR(-EINVAL);
182274f8
LT		 156
157 /*
158 * Get the ldisc ops - we may need to request them to be loaded
159 * dynamically and try again.
160 */
161 ldops = get_ldops(disc);
162 if (IS_ERR(ldops)) {
01e1abb2 163 request_module("tty-ldisc-%d", disc);
182274f8
LT		 164 ldops = get_ldops(disc);
165 if (IS_ERR(ldops))
166 return ERR_CAST(ldops);
167 }
168
169 ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL);
170 if (ld == NULL) {
171 put_ldops(ldops);
172 return ERR_PTR(-ENOMEM);
01e1abb2 173 }
182274f8
LT		 174
175 ld->ops = ldops;
176 atomic_set(&ld->users, 1);
1541f845
IS		 177 init_waitqueue_head(&ld->wq_idle);
178
c65c9bc3 179 return ld;
01e1abb2
AC		 180}
181
852e99d2 182static void *tty_ldiscs_seq_start(struct seq_file *m, loff_t *pos)
01e1abb2
AC		 183{
184 return (*pos < NR_LDISCS) ? pos : NULL;
185}
186
852e99d2 187static void *tty_ldiscs_seq_next(struct seq_file *m, void *v, loff_t *pos)
01e1abb2
AC		 188{
189 (*pos)++;
190 return (*pos < NR_LDISCS) ? pos : NULL;
191}
192
193static void tty_ldiscs_seq_stop(struct seq_file *m, void *v)
194{
195}
196
197static int tty_ldiscs_seq_show(struct seq_file *m, void *v)
198{
199 int i = *(loff_t *)v;
f0de0e8d 200 struct tty_ldisc_ops *ldops;
852e99d2 201
f0de0e8d
LT		 202 ldops = get_ldops(i);
203 if (IS_ERR(ldops))
01e1abb2 204 return 0;
f0de0e8d
LT		 205 seq_printf(m, "%-10s %2d\n", ldops->name ? ldops->name : "???", i);
206 put_ldops(ldops);
01e1abb2
AC		 207 return 0;
208}
209
210static const struct seq_operations tty_ldiscs_seq_ops = {
211 .start = tty_ldiscs_seq_start,
212 .next = tty_ldiscs_seq_next,
213 .stop = tty_ldiscs_seq_stop,
214 .show = tty_ldiscs_seq_show,
215};
216
217static int proc_tty_ldiscs_open(struct inode *inode, struct file *file)
218{
219 return seq_open(file, &tty_ldiscs_seq_ops);
220}
221
222const struct file_operations tty_ldiscs_proc_fops = {
223 .owner = THIS_MODULE,
224 .open = proc_tty_ldiscs_open,
225 .read = seq_read,
226 .llseek = seq_lseek,
227 .release = seq_release,
228};
229
230/**
231 * tty_ldisc_assign - set ldisc on a tty
232 * @tty: tty to assign
233 * @ld: line discipline
234 *
235 * Install an instance of a line discipline into a tty structure. The
8d2ead74 236 * ldisc must have a reference count above zero to ensure it remains.
01e1abb2
AC		 237 * The tty instance refcount starts at zero.
238 *
239 * Locking:
240 * Caller must hold references
241 */
242
243static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
244{
c65c9bc3 245 tty->ldisc = ld;
01e1abb2
AC		 246}
247
248/**
249 * tty_ldisc_try - internal helper
250 * @tty: the tty
251 *
252 * Make a single attempt to grab and bump the refcount on
253 * the tty ldisc. Return 0 on failure or 1 on success. This is
254 * used to implement both the waiting and non waiting versions
255 * of tty_ldisc_ref
256 *
257 * Locking: takes tty_ldisc_lock
258 */
259
65b77046 260static struct tty_ldisc *tty_ldisc_try(struct tty_struct *tty)
01e1abb2
AC		 261{
262 unsigned long flags;
263 struct tty_ldisc *ld;
01e1abb2 264
16759f6c 265 /* FIXME: this allows reference acquire after TTY_LDISC is cleared */
c9739941 266 raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
65b77046 267 ld = NULL;
16759f6c
PH		 268 if (test_bit(TTY_LDISC, &tty->flags) && tty->ldisc) {
269 ld = tty->ldisc;
270 atomic_inc(&ld->users);
271 }
c9739941 272 raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
65b77046 273 return ld;
01e1abb2
AC		 274}
275
276/**
277 * tty_ldisc_ref_wait - wait for the tty ldisc
278 * @tty: tty device
279 *
280 * Dereference the line discipline for the terminal and take a
281 * reference to it. If the line discipline is in flux then
282 * wait patiently until it changes.
283 *
284 * Note: Must not be called from an IRQ/timer context. The caller
285 * must also be careful not to hold other locks that will deadlock
286 * against a discipline change, such as an existing ldisc reference
287 * (which we check for)
288 *
289 * Locking: call functions take tty_ldisc_lock
290 */
291
292struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
293{
65b77046
LT		 294 struct tty_ldisc *ld;
295
01e1abb2 296 /* wait_event is a macro */
65b77046
LT		 297 wait_event(tty_ldisc_wait, (ld = tty_ldisc_try(tty)) != NULL);
298 return ld;
01e1abb2 299}
01e1abb2
AC		 300EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
301
302/**
303 * tty_ldisc_ref - get the tty ldisc
304 * @tty: tty device
305 *
306 * Dereference the line discipline for the terminal and take a
307 * reference to it. If the line discipline is in flux then
308 * return NULL. Can be called from IRQ and timer functions.
309 *
310 * Locking: called functions take tty_ldisc_lock
311 */
312
313struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
314{
65b77046 315 return tty_ldisc_try(tty);
01e1abb2 316}
01e1abb2
AC		 317EXPORT_SYMBOL_GPL(tty_ldisc_ref);
318
319/**
320 * tty_ldisc_deref - free a tty ldisc reference
321 * @ld: reference to free up
322 *
323 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
324 * be called in IRQ context.
325 *
326 * Locking: takes tty_ldisc_lock
327 */
328
329void tty_ldisc_deref(struct tty_ldisc *ld)
330{
ebc9baed
PH		 331 unsigned long flags;
332
333 if (WARN_ON_ONCE(!ld))
334 return;
335
336 raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
337 /*
338 * WARNs if one-too-many reader references were released
339 * - the last reference must be released with tty_ldisc_put
340 */
341 WARN_ON(atomic_dec_and_test(&ld->users));
342 raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
343
344 if (waitqueue_active(&ld->wq_idle))
345 wake_up(&ld->wq_idle);
01e1abb2 346}
01e1abb2
AC		 347EXPORT_SYMBOL_GPL(tty_ldisc_deref);
348
ebc9baed
PH		 349/**
350 * tty_ldisc_put - release the ldisc
351 *
352 * Complement of tty_ldisc_get().
353 */
65b77046
LT		 354static inline void tty_ldisc_put(struct tty_ldisc *ld)
355{
ebc9baed
PH		 356 unsigned long flags;
357
358 if (WARN_ON_ONCE(!ld))
359 return;
360
361 raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
362
363 /* unreleased reader reference(s) will cause this WARN */
364 WARN_ON(!atomic_dec_and_test(&ld->users));
365
366 ld->ops->refcount--;
367 module_put(ld->ops->owner);
368 kfree(ld);
369 raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
65b77046
LT		 370}
371
01e1abb2
AC		 372/**
373 * tty_ldisc_enable - allow ldisc use
374 * @tty: terminal to activate ldisc on
375 *
376 * Set the TTY_LDISC flag when the line discipline can be called
c9b3976e
AC		 377 * again. Do necessary wakeups for existing sleepers. Clear the LDISC
378 * changing flag to indicate any ldisc change is now over.
01e1abb2 379 *
c9b3976e
AC		 380 * Note: nobody should set the TTY_LDISC bit except via this function.
381 * Clearing directly is allowed.
01e1abb2
AC		 382 */
383
d9121566 384static void tty_ldisc_enable(struct tty_struct *tty)
01e1abb2 385{
21622939 386 clear_bit(TTY_LDISC_HALTED, &tty->flags);
01e1abb2 387 set_bit(TTY_LDISC, &tty->flags);
c9b3976e 388 clear_bit(TTY_LDISC_CHANGING, &tty->flags);
01e1abb2
AC		 389 wake_up(&tty_ldisc_wait);
390}
391
f2c4c65c
AC		 392/**
393 * tty_ldisc_flush - flush line discipline queue
394 * @tty: tty
395 *
396 * Flush the line discipline queue (if any) for this tty. If there
397 * is no line discipline active this is a no-op.
398 */
399
400void tty_ldisc_flush(struct tty_struct *tty)
401{
402 struct tty_ldisc *ld = tty_ldisc_ref(tty);
403 if (ld) {
404 if (ld->ops->flush_buffer)
405 ld->ops->flush_buffer(tty);
406 tty_ldisc_deref(ld);
407 }
408 tty_buffer_flush(tty);
409}
f2c4c65c
AC		 410EXPORT_SYMBOL_GPL(tty_ldisc_flush);
411
01e1abb2
AC		 412/**
413 * tty_set_termios_ldisc - set ldisc field
414 * @tty: tty structure
415 * @num: line discipline number
416 *
417 * This is probably overkill for real world processors but
418 * they are not on hot paths so a little discipline won't do
419 * any harm.
420 *
421 * Locking: takes termios_mutex
422 */
423
424static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
425{
426 mutex_lock(&tty->termios_mutex);
adc8d746 427 tty->termios.c_line = num;
01e1abb2
AC		 428 mutex_unlock(&tty->termios_mutex);
429}
430
c65c9bc3
AC		 431/**
432 * tty_ldisc_open - open a line discipline
433 * @tty: tty we are opening the ldisc on
434 * @ld: discipline to open
435 *
436 * A helper opening method. Also a convenient debugging and check
437 * point.
ec79d605
AB		 438 *
439 * Locking: always called with BTM already held.
c65c9bc3
AC		 440 */
441
442static int tty_ldisc_open(struct tty_struct *tty, struct tty_ldisc *ld)
443{
444 WARN_ON(test_and_set_bit(TTY_LDISC_OPEN, &tty->flags));
f18f9498
AC		 445 if (ld->ops->open) {
446 int ret;
ec79d605 447 /* BTM here locks versus a hangup event */
f18f9498 448 ret = ld->ops->open(tty);
7f90cfc5
JS		 449 if (ret)
450 clear_bit(TTY_LDISC_OPEN, &tty->flags);
f18f9498
AC		 451 return ret;
452 }
c65c9bc3
AC		 453 return 0;
454}
455
456/**
457 * tty_ldisc_close - close a line discipline
458 * @tty: tty we are opening the ldisc on
459 * @ld: discipline to close
460 *
461 * A helper close method. Also a convenient debugging and check
462 * point.
463 */
464
465static void tty_ldisc_close(struct tty_struct *tty, struct tty_ldisc *ld)
466{
467 WARN_ON(!test_bit(TTY_LDISC_OPEN, &tty->flags));
468 clear_bit(TTY_LDISC_OPEN, &tty->flags);
469 if (ld->ops->close)
470 ld->ops->close(tty);
471}
01e1abb2
AC		 472
473/**
474 * tty_ldisc_restore - helper for tty ldisc change
475 * @tty: tty to recover
476 * @old: previous ldisc
477 *
478 * Restore the previous line discipline or N_TTY when a line discipline
479 * change fails due to an open error
480 */
481
482static void tty_ldisc_restore(struct tty_struct *tty, struct tty_ldisc *old)
483{
484 char buf[64];
c65c9bc3
AC		 485 struct tty_ldisc *new_ldisc;
486 int r;
01e1abb2
AC		 487
488 /* There is an outstanding reference here so this is safe */
c65c9bc3
AC		 489 old = tty_ldisc_get(old->ops->num);
490 WARN_ON(IS_ERR(old));
01e1abb2
AC		 491 tty_ldisc_assign(tty, old);
492 tty_set_termios_ldisc(tty, old->ops->num);
c65c9bc3
AC		 493 if (tty_ldisc_open(tty, old) < 0) {
494 tty_ldisc_put(old);
01e1abb2 495 /* This driver is always present */
852e99d2 496 new_ldisc = tty_ldisc_get(N_TTY);
c65c9bc3 497 if (IS_ERR(new_ldisc))
01e1abb2 498 panic("n_tty: get");
c65c9bc3 499 tty_ldisc_assign(tty, new_ldisc);
01e1abb2 500 tty_set_termios_ldisc(tty, N_TTY);
c65c9bc3
AC		 501 r = tty_ldisc_open(tty, new_ldisc);
502 if (r < 0)
503 panic("Couldn't open N_TTY ldisc for "
504 "%s --- error %d.",
505 tty_name(tty, buf), r);
01e1abb2
AC		 506 }
507}
508
100eeae2
JS		 509/**
510 * tty_ldisc_wait_idle - wait for the ldisc to become idle
511 * @tty: tty to wait for
df92d056 512 * @timeout: for how long to wait at most
100eeae2
JS		 513 *
514 * Wait for the line discipline to become idle. The discipline must
515 * have been halted for this to guarantee it remains idle.
516 */
df92d056 517static int tty_ldisc_wait_idle(struct tty_struct *tty, long timeout)
100eeae2 518{
df92d056 519 long ret;
1541f845 520 ret = wait_event_timeout(tty->ldisc->wq_idle,
df92d056 521 atomic_read(&tty->ldisc->users) == 1, timeout);
100eeae2
JS		 522 return ret > 0 ? 0 : -EBUSY;
523}
524
11cf48ea
PH		 525/**
526 * tty_ldisc_halt - shut down the line discipline
527 * @tty: tty device
f4cf7a38 528 * @o_tty: paired pty device (can be NULL)
cf528476 529 * @timeout: # of jiffies to wait for ldisc refs to be released
11cf48ea 530 *
f4cf7a38
PH		 531 * Shut down the line discipline and work queue for this tty device and
532 * its paired pty (if exists). Clearing the TTY_LDISC flag ensures
4f98d467
PH		 533 * no further references can be obtained, while waiting for existing
534 * references to be released ensures no more data is fed to the ldisc.
cf528476 535 *
11cf48ea
PH		 536 * You need to do a 'flush_scheduled_work()' (outside the ldisc_mutex)
537 * in order to make sure any currently executing ldisc work is also
538 * flushed.
539 */
540
f4cf7a38 541static int tty_ldisc_halt(struct tty_struct *tty, struct tty_struct *o_tty,
4f98d467 542 long timeout)
11cf48ea 543{
4f98d467 544 int retval;
cf528476 545
11cf48ea 546 clear_bit(TTY_LDISC, &tty->flags);
f4cf7a38
PH		 547 if (o_tty)
548 clear_bit(TTY_LDISC, &o_tty->flags);
549
cf528476 550 retval = tty_ldisc_wait_idle(tty, timeout);
f4cf7a38
PH		 551 if (!retval && o_tty)
552 retval = tty_ldisc_wait_idle(o_tty, timeout);
cf528476
PH		 553 if (retval)
554 return retval;
555
11cf48ea 556 set_bit(TTY_LDISC_HALTED, &tty->flags);
4f98d467 557 if (o_tty)
f4cf7a38 558 set_bit(TTY_LDISC_HALTED, &o_tty->flags);
f4cf7a38 559
cf528476 560 return 0;
11cf48ea
PH		 561}
562
168942c9 563/**
76bc35e7
PH		 564 * tty_ldisc_hangup_halt - halt the line discipline for hangup
565 * @tty: tty being hung up
168942c9 566 *
76bc35e7
PH		 567 * Shut down the line discipline and work queue for the tty device
568 * being hungup. Clear the TTY_LDISC flag to ensure no further
4f98d467
PH		 569 * references can be obtained and wait for remaining references to be
570 * released to ensure no more data is fed to this ldisc.
168942c9 571 * Caller must hold legacy and ->ldisc_mutex.
2276ad97
PH		 572 *
573 * NB: tty_set_ldisc() is prevented from changing the ldisc concurrently
574 * with this function by checking the TTY_HUPPING flag.
168942c9 575 */
76bc35e7 576static bool tty_ldisc_hangup_halt(struct tty_struct *tty)
168942c9 577{
2276ad97
PH		 578 char cur_n[TASK_COMM_LEN], tty_n[64];
579 long timeout = 3 * HZ;
580
76bc35e7
PH		 581 clear_bit(TTY_LDISC, &tty->flags);
582
2276ad97
PH		 583 if (tty->ldisc) { /* Not yet closed */
584 tty_unlock(tty);
585
586 while (tty_ldisc_wait_idle(tty, timeout) == -EBUSY) {
587 timeout = MAX_SCHEDULE_TIMEOUT;
588 printk_ratelimited(KERN_WARNING
589 "%s: waiting (%s) for %s took too long, but we keep waiting...\n",
590 __func__, get_task_comm(cur_n, current),
591 tty_name(tty, tty_n));
168942c9 592 }
76bc35e7 593
76bc35e7
PH		 594 set_bit(TTY_LDISC_HALTED, &tty->flags);
595
2276ad97
PH		 596 /* must reacquire both locks and preserve lock order */
597 mutex_unlock(&tty->ldisc_mutex);
598 tty_lock(tty);
599 mutex_lock(&tty->ldisc_mutex);
168942c9
PH		 600 }
601 return !!tty->ldisc;
602}
603
01e1abb2
AC		 604/**
605 * tty_set_ldisc - set line discipline
606 * @tty: the terminal to set
607 * @ldisc: the line discipline
608 *
609 * Set the discipline of a tty line. Must be called from a process
c65c9bc3
AC		 610 * context. The ldisc change logic has to protect itself against any
611 * overlapping ldisc change (including on the other end of pty pairs),
612 * the close of one side of a tty/pty pair, and eventually hangup.
01e1abb2 613 *
c65c9bc3 614 * Locking: takes tty_ldisc_lock, termios_mutex
01e1abb2
AC		 615 */
616
617int tty_set_ldisc(struct tty_struct *tty, int ldisc)
618{
619 int retval;
c65c9bc3 620 struct tty_ldisc *o_ldisc, *new_ldisc;
01e1abb2
AC		 621 struct tty_struct *o_tty;
622
c65c9bc3
AC		 623 new_ldisc = tty_ldisc_get(ldisc);
624 if (IS_ERR(new_ldisc))
625 return PTR_ERR(new_ldisc);
01e1abb2 626
89c8d91e 627 tty_lock(tty);
01e1abb2 628 /*
c65c9bc3
AC		 629 * We need to look at the tty locking here for pty/tty pairs
630 * when both sides try to change in parallel.
01e1abb2
AC		 631 */
632
c65c9bc3
AC		 633 o_tty = tty->link; /* o_tty is the pty side or NULL */
634
01e1abb2 635
c65c9bc3
AC		 636 /*
637 * Check the no-op case
638 */
639
640 if (tty->ldisc->ops->num == ldisc) {
89c8d91e 641 tty_unlock(tty);
c65c9bc3 642 tty_ldisc_put(new_ldisc);
01e1abb2
AC		 643 return 0;
644 }
645
89c8d91e 646 tty_unlock(tty);
c65c9bc3
AC		 647 /*
648 * Problem: What do we do if this blocks ?
649 * We could deadlock here
650 */
651
652 tty_wait_until_sent(tty, 0);
653
89c8d91e 654 tty_lock(tty);
c65c9bc3
AC		 655 mutex_lock(&tty->ldisc_mutex);
656
657 /*
658 * We could be midstream of another ldisc change which has
659 * dropped the lock during processing. If so we need to wait.
660 */
661
662 while (test_bit(TTY_LDISC_CHANGING, &tty->flags)) {
663 mutex_unlock(&tty->ldisc_mutex);
89c8d91e 664 tty_unlock(tty);
c65c9bc3
AC		 665 wait_event(tty_ldisc_wait,
666 test_bit(TTY_LDISC_CHANGING, &tty->flags) == 0);
89c8d91e 667 tty_lock(tty);
c65c9bc3
AC		 668 mutex_lock(&tty->ldisc_mutex);
669 }
eeb89d91 670
c65c9bc3 671 set_bit(TTY_LDISC_CHANGING, &tty->flags);
852e99d2 672
01e1abb2
AC		 673 /*
674 * No more input please, we are switching. The new ldisc
675 * will update this value in the ldisc open function
676 */
677
678 tty->receive_room = 0;
679
680 o_ldisc = tty->ldisc;
eeb89d91 681
89c8d91e 682 tty_unlock(tty);
01e1abb2
AC		 683 /*
684 * Make sure we don't change while someone holds a
685 * reference to the line discipline. The TTY_LDISC bit
686 * prevents anyone taking a reference once it is clear.
687 * We need the lock to avoid racing reference takers.
c9b3976e
AC		 688 *
689 * We must clear the TTY_LDISC bit here to avoid a livelock
690 * with a userspace app continually trying to use the tty in
691 * parallel to the change and re-referencing the tty.
01e1abb2
AC		 692 */
693
4f98d467 694 retval = tty_ldisc_halt(tty, o_tty, 5 * HZ);
01e1abb2 695
01e1abb2 696 /*
a2965b7b 697 * Wait for hangup to complete, if pending.
c65c9bc3 698 * We must drop the mutex here in case a hangup is also in process.
01e1abb2 699 */
c65c9bc3
AC		 700
701 mutex_unlock(&tty->ldisc_mutex);
702
a2965b7b 703 flush_work(&tty->hangup_work);
c65c9bc3 704
89c8d91e 705 tty_lock(tty);
60af22d2 706 mutex_lock(&tty->ldisc_mutex);
100eeae2
JS		 707
708 /* handle wait idle failure locked */
709 if (retval) {
710 tty_ldisc_put(new_ldisc);
711 goto enable;
712 }
713
40c9f61e 714 if (test_bit(TTY_HUPPING, &tty->flags)) {
c65c9bc3
AC		 715 /* We were raced by the hangup method. It will have stomped
716 the ldisc data and closed the ldisc down */
717 clear_bit(TTY_LDISC_CHANGING, &tty->flags);
718 mutex_unlock(&tty->ldisc_mutex);
719 tty_ldisc_put(new_ldisc);
89c8d91e 720 tty_unlock(tty);
c65c9bc3
AC		 721 return -EIO;
722 }
723
01e1abb2 724 /* Shutdown the current discipline. */
c65c9bc3 725 tty_ldisc_close(tty, o_ldisc);
01e1abb2
AC		 726
727 /* Now set up the new line discipline. */
c65c9bc3 728 tty_ldisc_assign(tty, new_ldisc);
01e1abb2 729 tty_set_termios_ldisc(tty, ldisc);
c65c9bc3
AC		 730
731 retval = tty_ldisc_open(tty, new_ldisc);
01e1abb2 732 if (retval < 0) {
c65c9bc3
AC		 733 /* Back to the old one or N_TTY if we can't */
734 tty_ldisc_put(new_ldisc);
735 tty_ldisc_restore(tty, o_ldisc);
01e1abb2 736 }
c65c9bc3 737
01e1abb2
AC		 738 /* At this point we hold a reference to the new ldisc and a
739 a reference to the old ldisc. If we ended up flipping back
740 to the existing ldisc we have two references to it */
741
c65c9bc3 742 if (tty->ldisc->ops->num != o_ldisc->ops->num && tty->ops->set_ldisc)
01e1abb2
AC		 743 tty->ops->set_ldisc(tty);
744
c65c9bc3 745 tty_ldisc_put(o_ldisc);
01e1abb2 746
100eeae2 747enable:
01e1abb2 748 /*
c65c9bc3 749 * Allow ldisc referencing to occur again
01e1abb2
AC		 750 */
751
752 tty_ldisc_enable(tty);
753 if (o_tty)
754 tty_ldisc_enable(o_tty);
755
c65c9bc3 756 /* Restart the work queue in case no characters kick it off. Safe if
01e1abb2 757 already running */
4f98d467
PH		 758 schedule_work(&tty->port->buf.work);
759 if (o_tty)
ecbbfd44 760 schedule_work(&o_tty->port->buf.work);
4f98d467 761
c65c9bc3 762 mutex_unlock(&tty->ldisc_mutex);
89c8d91e 763 tty_unlock(tty);
01e1abb2
AC		 764 return retval;
765}
766
c65c9bc3
AC		 767/**
768 * tty_reset_termios - reset terminal state
769 * @tty: tty to reset
770 *
771 * Restore a terminal to the driver default state.
772 */
773
774static void tty_reset_termios(struct tty_struct *tty)
775{
776 mutex_lock(&tty->termios_mutex);
adc8d746
AC		 777 tty->termios = tty->driver->init_termios;
778 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
779 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
c65c9bc3
AC		 780 mutex_unlock(&tty->termios_mutex);
781}
782
783
784/**
785 * tty_ldisc_reinit - reinitialise the tty ldisc
786 * @tty: tty to reinit
638b9648 787 * @ldisc: line discipline to reinitialize
c65c9bc3 788 *
638b9648
AC		 789 * Switch the tty to a line discipline and leave the ldisc
790 * state closed
c65c9bc3
AC		 791 */
792
1c95ba1e 793static int tty_ldisc_reinit(struct tty_struct *tty, int ldisc)
c65c9bc3 794{
1c95ba1e
PR		 795 struct tty_ldisc *ld = tty_ldisc_get(ldisc);
796
797 if (IS_ERR(ld))
798 return -1;
c65c9bc3
AC		 799
800 tty_ldisc_close(tty, tty->ldisc);
801 tty_ldisc_put(tty->ldisc);
802 tty->ldisc = NULL;
803 /*
804 * Switch the line discipline back
805 */
c65c9bc3 806 tty_ldisc_assign(tty, ld);
638b9648 807 tty_set_termios_ldisc(tty, ldisc);
1c95ba1e
PR		 808
809 return 0;
c65c9bc3
AC		 810}
811
812/**
813 * tty_ldisc_hangup - hangup ldisc reset
814 * @tty: tty being hung up
815 *
816 * Some tty devices reset their termios when they receive a hangup
817 * event. In that situation we must also switch back to N_TTY properly
818 * before we reset the termios data.
819 *
820 * Locking: We can take the ldisc mutex as the rest of the code is
821 * careful to allow for this.
822 *
823 * In the pty pair case this occurs in the close() path of the
824 * tty itself so we must be careful about locking rules.
825 */
826
827void tty_ldisc_hangup(struct tty_struct *tty)
828{
829 struct tty_ldisc *ld;
638b9648
AC		 830 int reset = tty->driver->flags & TTY_DRIVER_RESET_TERMIOS;
831 int err = 0;
c65c9bc3 832
fc575ee6
PH		 833 tty_ldisc_debug(tty, "closing ldisc: %p\n", tty->ldisc);
834
c65c9bc3
AC		 835 /*
836 * FIXME! What are the locking issues here? This may me overdoing
837 * things... This question is especially important now that we've
838 * removed the irqlock.
839 */
840 ld = tty_ldisc_ref(tty);
841 if (ld != NULL) {
842 /* We may have no line discipline at this point */
843 if (ld->ops->flush_buffer)
844 ld->ops->flush_buffer(tty);
845 tty_driver_flush_buffer(tty);
846 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
847 ld->ops->write_wakeup)
848 ld->ops->write_wakeup(tty);
849 if (ld->ops->hangup)
850 ld->ops->hangup(tty);
851 tty_ldisc_deref(ld);
852 }
853 /*
854 * FIXME: Once we trust the LDISC code better we can wait here for
855 * ldisc completion and fix the driver call race
856 */
857 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
858 wake_up_interruptible_poll(&tty->read_wait, POLLIN);
859 /*
860 * Shutdown the current line discipline, and reset it to
638b9648
AC		 861 * N_TTY if need be.
862 *
863 * Avoid racing set_ldisc or tty_ldisc_release
c65c9bc3 864 */
638b9648 865 mutex_lock(&tty->ldisc_mutex);
60af22d2 866
76bc35e7 867 if (tty_ldisc_hangup_halt(tty)) {
c8785241
PH		 868
869 /* At this point we have a halted ldisc; we want to close it and
870 reopen a new ldisc. We could defer the reopen to the next
871 open but it means auditing a lot of other paths so this is
872 a FIXME */
638b9648 873 if (reset == 0) {
1c95ba1e 874
adc8d746 875 if (!tty_ldisc_reinit(tty, tty->termios.c_line))
1c95ba1e
PR		 876 err = tty_ldisc_open(tty, tty->ldisc);
877 else
878 err = 1;
638b9648
AC		 879 }
880 /* If the re-open fails or we reset then go to N_TTY. The
881 N_TTY open cannot fail */
882 if (reset || err) {
1c95ba1e 883 BUG_ON(tty_ldisc_reinit(tty, N_TTY));
c8d50041 884 WARN_ON(tty_ldisc_open(tty, tty->ldisc));
c8d50041 885 }
638b9648 886 tty_ldisc_enable(tty);
c65c9bc3 887 }
638b9648
AC		 888 mutex_unlock(&tty->ldisc_mutex);
889 if (reset)
890 tty_reset_termios(tty);
fc575ee6
PH		 891
892 tty_ldisc_debug(tty, "re-opened ldisc: %p\n", tty->ldisc);
c65c9bc3 893}
01e1abb2
AC		 894
895/**
896 * tty_ldisc_setup - open line discipline
897 * @tty: tty being shut down
898 * @o_tty: pair tty for pty/tty pairs
899 *
900 * Called during the initial open of a tty/pty pair in order to set up the
c65c9bc3
AC		 901 * line disciplines and bind them to the tty. This has no locking issues
902 * as the device isn't yet active.
01e1abb2
AC		 903 */
904
905int tty_ldisc_setup(struct tty_struct *tty, struct tty_struct *o_tty)
906{
c65c9bc3 907 struct tty_ldisc *ld = tty->ldisc;
01e1abb2
AC		 908 int retval;
909
c65c9bc3
AC		 910 retval = tty_ldisc_open(tty, ld);
911 if (retval)
912 return retval;
913
914 if (o_tty) {
915 retval = tty_ldisc_open(o_tty, o_tty->ldisc);
01e1abb2 916 if (retval) {
c65c9bc3 917 tty_ldisc_close(tty, ld);
01e1abb2
AC		 918 return retval;
919 }
920 tty_ldisc_enable(o_tty);
921 }
922 tty_ldisc_enable(tty);
923 return 0;
924}
89c8d91e
AC		 925
926static void tty_ldisc_kill(struct tty_struct *tty)
927{
928 mutex_lock(&tty->ldisc_mutex);
929 /*
930 * Now kill off the ldisc
931 */
932 tty_ldisc_close(tty, tty->ldisc);
933 tty_ldisc_put(tty->ldisc);
934 /* Force an oops if we mess this up */
935 tty->ldisc = NULL;
936
937 /* Ensure the next open requests the N_TTY ldisc */
938 tty_set_termios_ldisc(tty, N_TTY);
939 mutex_unlock(&tty->ldisc_mutex);
940}
941
01e1abb2
AC		 942/**
943 * tty_ldisc_release - release line discipline
944 * @tty: tty being shut down
945 * @o_tty: pair tty for pty/tty pairs
946 *
852e99d2
AC		 947 * Called during the final close of a tty/pty pair in order to shut down
948 * the line discpline layer. On exit the ldisc assigned is N_TTY and the
c65c9bc3 949 * ldisc has not been opened.
01e1abb2
AC		 950 */
951
952void tty_ldisc_release(struct tty_struct *tty, struct tty_struct *o_tty)
953{
01e1abb2 954 /*
a2965b7b
PH		 955 * Shutdown this line discipline. As this is the final close,
956 * it does not race with the set_ldisc code path.
01e1abb2 957 */
01e1abb2 958
fc575ee6
PH		 959 tty_ldisc_debug(tty, "closing ldisc: %p\n", tty->ldisc);
960
4f98d467 961 tty_ldisc_halt(tty, o_tty, MAX_SCHEDULE_TIMEOUT);
d155255a 962
852e4a81 963 tty_lock_pair(tty, o_tty);
6d31a88c 964 /* This will need doing differently if we need to lock */
89c8d91e 965 tty_ldisc_kill(tty);
c65c9bc3 966 if (o_tty)
89c8d91e 967 tty_ldisc_kill(o_tty);
aef29bc2 968
89c8d91e 969 tty_unlock_pair(tty, o_tty);
aef29bc2
AC		 970 /* And the memory resources remaining (buffers, termios) will be
971 disposed of when the kref hits zero */
fc575ee6
PH		 972
973 tty_ldisc_debug(tty, "ldisc closed\n");
01e1abb2
AC		 974}
975
976/**
977 * tty_ldisc_init - ldisc setup for new tty
978 * @tty: tty being allocated
979 *
980 * Set up the line discipline objects for a newly allocated tty. Note that
981 * the tty structure is not completely set up when this call is made.
982 */
983
984void tty_ldisc_init(struct tty_struct *tty)
985{
c65c9bc3
AC		 986 struct tty_ldisc *ld = tty_ldisc_get(N_TTY);
987 if (IS_ERR(ld))
01e1abb2 988 panic("n_tty: init_tty");
c65c9bc3 989 tty_ldisc_assign(tty, ld);
01e1abb2
AC		 990}
991
6716671d
JS		 992/**
993 * tty_ldisc_init - ldisc cleanup for new tty
994 * @tty: tty that was allocated recently
995 *
996 * The tty structure must not becompletely set up (tty_ldisc_setup) when
997 * this call is made.
998 */
999void tty_ldisc_deinit(struct tty_struct *tty)
1000{
ebc9baed 1001 tty_ldisc_put(tty->ldisc);
6716671d
JS		 1002 tty_ldisc_assign(tty, NULL);
1003}
1004
01e1abb2
AC		 1005void tty_ldisc_begin(void)
1006{
1007 /* Setup the default TTY line discipline. */
1008 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
1009}
Ubuntu Jammy Linux kernel mirror