]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blame_incremental - drivers/tty/tty_io.c
projects / mirror_ubuntu-hirsute-kernel.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
UBUNTU: Ubuntu-5.11.0-22.23
[mirror_ubuntu-hirsute-kernel.git] / drivers / tty / tty_io.c
... / ...
CommitLineData
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6/*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched/signal.h>
74#include <linux/sched/task.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/fdtable.h>
82#include <linux/console.h>
83#include <linux/timer.h>
84#include <linux/ctype.h>
85#include <linux/kd.h>
86#include <linux/mm.h>
87#include <linux/string.h>
88#include <linux/slab.h>
89#include <linux/poll.h>
90#include <linux/ppp-ioctl.h>
91#include <linux/proc_fs.h>
92#include <linux/init.h>
93#include <linux/module.h>
94#include <linux/device.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
97#include <linux/delay.h>
98#include <linux/seq_file.h>
99#include <linux/serial.h>
100#include <linux/ratelimit.h>
101#include <linux/compat.h>
102
103#include <linux/uaccess.h>
104
105#include <linux/kbd_kern.h>
106#include <linux/vt_kern.h>
107#include <linux/selection.h>
108
109#include <linux/kmod.h>
110#include <linux/nsproxy.h>
111
112#undef TTY_DEBUG_HANGUP
113#ifdef TTY_DEBUG_HANGUP
114# define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
115#else
116# define tty_debug_hangup(tty, f, args...) do { } while (0)
117#endif
118
119#define TTY_PARANOIA_CHECK 1
120#define CHECK_TTY_COUNT 1
121
122struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
123 .c_iflag = ICRNL | IXON,
124 .c_oflag = OPOST | ONLCR,
125 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
126 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
127 ECHOCTL | ECHOKE | IEXTEN,
128 .c_cc = INIT_C_CC,
129 .c_ispeed = 38400,
130 .c_ospeed = 38400,
131 /* .c_line = N_TTY, */
132};
133
134EXPORT_SYMBOL(tty_std_termios);
135
136/* This list gets poked at by procfs and various bits of boot up code. This
137 could do with some rationalisation such as pulling the tty proc function
138 into this file */
139
140LIST_HEAD(tty_drivers); /* linked list of tty drivers */
141
142/* Mutex to protect creating and releasing a tty */
143DEFINE_MUTEX(tty_mutex);
144
145static ssize_t tty_read(struct kiocb *, struct iov_iter *);
146static ssize_t tty_write(struct kiocb *, struct iov_iter *);
147static __poll_t tty_poll(struct file *, poll_table *);
148static int tty_open(struct inode *, struct file *);
149#ifdef CONFIG_COMPAT
150static long tty_compat_ioctl(struct file *file, unsigned int cmd,
151 unsigned long arg);
152#else
153#define tty_compat_ioctl NULL
154#endif
155static int __tty_fasync(int fd, struct file *filp, int on);
156static int tty_fasync(int fd, struct file *filp, int on);
157static void release_tty(struct tty_struct *tty, int idx);
158
159/**
160 * free_tty_struct - free a disused tty
161 * @tty: tty struct to free
162 *
163 * Free the write buffers, tty queue and tty memory itself.
164 *
165 * Locking: none. Must be called after tty is definitely unused
166 */
167
168static void free_tty_struct(struct tty_struct *tty)
169{
170 tty_ldisc_deinit(tty);
171 put_device(tty->dev);
172 kfree(tty->write_buf);
173 tty->magic = 0xDEADDEAD;
174 kfree(tty);
175}
176
177static inline struct tty_struct *file_tty(struct file *file)
178{
179 return ((struct tty_file_private *)file->private_data)->tty;
180}
181
182int tty_alloc_file(struct file *file)
183{
184 struct tty_file_private *priv;
185
186 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 if (!priv)
188 return -ENOMEM;
189
190 file->private_data = priv;
191
192 return 0;
193}
194
195/* Associate a new file with the tty structure */
196void tty_add_file(struct tty_struct *tty, struct file *file)
197{
198 struct tty_file_private *priv = file->private_data;
199
200 priv->tty = tty;
201 priv->file = file;
202
203 spin_lock(&tty->files_lock);
204 list_add(&priv->list, &tty->tty_files);
205 spin_unlock(&tty->files_lock);
206}
207
208/*
209 * tty_free_file - free file->private_data
210 *
211 * This shall be used only for fail path handling when tty_add_file was not
212 * called yet.
213 */
214void tty_free_file(struct file *file)
215{
216 struct tty_file_private *priv = file->private_data;
217
218 file->private_data = NULL;
219 kfree(priv);
220}
221
222/* Delete file from its tty */
223static void tty_del_file(struct file *file)
224{
225 struct tty_file_private *priv = file->private_data;
226 struct tty_struct *tty = priv->tty;
227
228 spin_lock(&tty->files_lock);
229 list_del(&priv->list);
230 spin_unlock(&tty->files_lock);
231 tty_free_file(file);
232}
233
234/**
235 * tty_name - return tty naming
236 * @tty: tty structure
237 *
238 * Convert a tty structure into a name. The name reflects the kernel
239 * naming policy and if udev is in use may not reflect user space
240 *
241 * Locking: none
242 */
243
244const char *tty_name(const struct tty_struct *tty)
245{
246 if (!tty) /* Hmm. NULL pointer. That's fun. */
247 return "NULL tty";
248 return tty->name;
249}
250
251EXPORT_SYMBOL(tty_name);
252
253const char *tty_driver_name(const struct tty_struct *tty)
254{
255 if (!tty || !tty->driver)
256 return "";
257 return tty->driver->name;
258}
259
260static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
261 const char *routine)
262{
263#ifdef TTY_PARANOIA_CHECK
264 if (!tty) {
265 pr_warn("(%d:%d): %s: NULL tty\n",
266 imajor(inode), iminor(inode), routine);
267 return 1;
268 }
269 if (tty->magic != TTY_MAGIC) {
270 pr_warn("(%d:%d): %s: bad magic number\n",
271 imajor(inode), iminor(inode), routine);
272 return 1;
273 }
274#endif
275 return 0;
276}
277
278/* Caller must hold tty_lock */
279static int check_tty_count(struct tty_struct *tty, const char *routine)
280{
281#ifdef CHECK_TTY_COUNT
282 struct list_head *p;
283 int count = 0, kopen_count = 0;
284
285 spin_lock(&tty->files_lock);
286 list_for_each(p, &tty->tty_files) {
287 count++;
288 }
289 spin_unlock(&tty->files_lock);
290 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
291 tty->driver->subtype == PTY_TYPE_SLAVE &&
292 tty->link && tty->link->count)
293 count++;
294 if (tty_port_kopened(tty->port))
295 kopen_count++;
296 if (tty->count != (count + kopen_count)) {
297 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
298 routine, tty->count, count, kopen_count);
299 return (count + kopen_count);
300 }
301#endif
302 return 0;
303}
304
305/**
306 * get_tty_driver - find device of a tty
307 * @device: device identifier
308 * @index: returns the index of the tty
309 *
310 * This routine returns a tty driver structure, given a device number
311 * and also passes back the index number.
312 *
313 * Locking: caller must hold tty_mutex
314 */
315
316static struct tty_driver *get_tty_driver(dev_t device, int *index)
317{
318 struct tty_driver *p;
319
320 list_for_each_entry(p, &tty_drivers, tty_drivers) {
321 dev_t base = MKDEV(p->major, p->minor_start);
322 if (device < base || device >= base + p->num)
323 continue;
324 *index = device - base;
325 return tty_driver_kref_get(p);
326 }
327 return NULL;
328}
329
330/**
331 * tty_dev_name_to_number - return dev_t for device name
332 * @name: user space name of device under /dev
333 * @number: pointer to dev_t that this function will populate
334 *
335 * This function converts device names like ttyS0 or ttyUSB1 into dev_t
336 * like (4, 64) or (188, 1). If no corresponding driver is registered then
337 * the function returns -ENODEV.
338 *
339 * Locking: this acquires tty_mutex to protect the tty_drivers list from
340 * being modified while we are traversing it, and makes sure to
341 * release it before exiting.
342 */
343int tty_dev_name_to_number(const char *name, dev_t *number)
344{
345 struct tty_driver *p;
346 int ret;
347 int index, prefix_length = 0;
348 const char *str;
349
350 for (str = name; *str && !isdigit(*str); str++)
351 ;
352
353 if (!*str)
354 return -EINVAL;
355
356 ret = kstrtoint(str, 10, &index);
357 if (ret)
358 return ret;
359
360 prefix_length = str - name;
361 mutex_lock(&tty_mutex);
362
363 list_for_each_entry(p, &tty_drivers, tty_drivers)
364 if (prefix_length == strlen(p->name) && strncmp(name,
365 p->name, prefix_length) == 0) {
366 if (index < p->num) {
367 *number = MKDEV(p->major, p->minor_start + index);
368 goto out;
369 }
370 }
371
372 /* if here then driver wasn't found */
373 ret = -ENODEV;
374out:
375 mutex_unlock(&tty_mutex);
376 return ret;
377}
378EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
379
380#ifdef CONFIG_CONSOLE_POLL
381
382/**
383 * tty_find_polling_driver - find device of a polled tty
384 * @name: name string to match
385 * @line: pointer to resulting tty line nr
386 *
387 * This routine returns a tty driver structure, given a name
388 * and the condition that the tty driver is capable of polled
389 * operation.
390 */
391struct tty_driver *tty_find_polling_driver(char *name, int *line)
392{
393 struct tty_driver *p, *res = NULL;
394 int tty_line = 0;
395 int len;
396 char *str, *stp;
397
398 for (str = name; *str; str++)
399 if ((*str >= '0' && *str <= '9') || *str == ',')
400 break;
401 if (!*str)
402 return NULL;
403
404 len = str - name;
405 tty_line = simple_strtoul(str, &str, 10);
406
407 mutex_lock(&tty_mutex);
408 /* Search through the tty devices to look for a match */
409 list_for_each_entry(p, &tty_drivers, tty_drivers) {
410 if (!len || strncmp(name, p->name, len) != 0)
411 continue;
412 stp = str;
413 if (*stp == ',')
414 stp++;
415 if (*stp == '\0')
416 stp = NULL;
417
418 if (tty_line >= 0 && tty_line < p->num && p->ops &&
419 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
420 res = tty_driver_kref_get(p);
421 *line = tty_line;
422 break;
423 }
424 }
425 mutex_unlock(&tty_mutex);
426
427 return res;
428}
429EXPORT_SYMBOL_GPL(tty_find_polling_driver);
430#endif
431
432static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
433{
434 return 0;
435}
436
437static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
438{
439 return -EIO;
440}
441
442/* No kernel lock held - none needed ;) */
443static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
444{
445 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
446}
447
448static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
449 unsigned long arg)
450{
451 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
452}
453
454static long hung_up_tty_compat_ioctl(struct file *file,
455 unsigned int cmd, unsigned long arg)
456{
457 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
458}
459
460static int hung_up_tty_fasync(int fd, struct file *file, int on)
461{
462 return -ENOTTY;
463}
464
465static void tty_show_fdinfo(struct seq_file *m, struct file *file)
466{
467 struct tty_struct *tty = file_tty(file);
468
469 if (tty && tty->ops && tty->ops->show_fdinfo)
470 tty->ops->show_fdinfo(tty, m);
471}
472
473static const struct file_operations tty_fops = {
474 .llseek = no_llseek,
475 .read_iter = tty_read,
476 .write_iter = tty_write,
477 .splice_read = generic_file_splice_read,
478 .splice_write = iter_file_splice_write,
479 .poll = tty_poll,
480 .unlocked_ioctl = tty_ioctl,
481 .compat_ioctl = tty_compat_ioctl,
482 .open = tty_open,
483 .release = tty_release,
484 .fasync = tty_fasync,
485 .show_fdinfo = tty_show_fdinfo,
486};
487
488static const struct file_operations console_fops = {
489 .llseek = no_llseek,
490 .read_iter = tty_read,
491 .write_iter = redirected_tty_write,
492 .splice_read = generic_file_splice_read,
493 .splice_write = iter_file_splice_write,
494 .poll = tty_poll,
495 .unlocked_ioctl = tty_ioctl,
496 .compat_ioctl = tty_compat_ioctl,
497 .open = tty_open,
498 .release = tty_release,
499 .fasync = tty_fasync,
500};
501
502static const struct file_operations hung_up_tty_fops = {
503 .llseek = no_llseek,
504 .read_iter = hung_up_tty_read,
505 .write_iter = hung_up_tty_write,
506 .poll = hung_up_tty_poll,
507 .unlocked_ioctl = hung_up_tty_ioctl,
508 .compat_ioctl = hung_up_tty_compat_ioctl,
509 .release = tty_release,
510 .fasync = hung_up_tty_fasync,
511};
512
513static DEFINE_SPINLOCK(redirect_lock);
514static struct file *redirect;
515
516/**
517 * tty_wakeup - request more data
518 * @tty: terminal
519 *
520 * Internal and external helper for wakeups of tty. This function
521 * informs the line discipline if present that the driver is ready
522 * to receive more output data.
523 */
524
525void tty_wakeup(struct tty_struct *tty)
526{
527 struct tty_ldisc *ld;
528
529 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
530 ld = tty_ldisc_ref(tty);
531 if (ld) {
532 if (ld->ops->write_wakeup)
533 ld->ops->write_wakeup(tty);
534 tty_ldisc_deref(ld);
535 }
536 }
537 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
538}
539
540EXPORT_SYMBOL_GPL(tty_wakeup);
541
542/**
543 * __tty_hangup - actual handler for hangup events
544 * @tty: tty device
545 * @exit_session: if non-zero, signal all foreground group processes
546 *
547 * This can be called by a "kworker" kernel thread. That is process
548 * synchronous but doesn't hold any locks, so we need to make sure we
549 * have the appropriate locks for what we're doing.
550 *
551 * The hangup event clears any pending redirections onto the hung up
552 * device. It ensures future writes will error and it does the needed
553 * line discipline hangup and signal delivery. The tty object itself
554 * remains intact.
555 *
556 * Locking:
557 * BTM
558 * redirect lock for undoing redirection
559 * file list lock for manipulating list of ttys
560 * tty_ldiscs_lock from called functions
561 * termios_rwsem resetting termios data
562 * tasklist_lock to walk task list for hangup event
563 * ->siglock to protect ->signal/->sighand
564 */
565static void __tty_hangup(struct tty_struct *tty, int exit_session)
566{
567 struct file *cons_filp = NULL;
568 struct file *filp, *f = NULL;
569 struct tty_file_private *priv;
570 int closecount = 0, n;
571 int refs;
572
573 if (!tty)
574 return;
575
576
577 spin_lock(&redirect_lock);
578 if (redirect && file_tty(redirect) == tty) {
579 f = redirect;
580 redirect = NULL;
581 }
582 spin_unlock(&redirect_lock);
583
584 tty_lock(tty);
585
586 if (test_bit(TTY_HUPPED, &tty->flags)) {
587 tty_unlock(tty);
588 return;
589 }
590
591 /*
592 * Some console devices aren't actually hung up for technical and
593 * historical reasons, which can lead to indefinite interruptible
594 * sleep in n_tty_read(). The following explicitly tells
595 * n_tty_read() to abort readers.
596 */
597 set_bit(TTY_HUPPING, &tty->flags);
598
599 /* inuse_filps is protected by the single tty lock,
600 this really needs to change if we want to flush the
601 workqueue with the lock held */
602 check_tty_count(tty, "tty_hangup");
603
604 spin_lock(&tty->files_lock);
605 /* This breaks for file handles being sent over AF_UNIX sockets ? */
606 list_for_each_entry(priv, &tty->tty_files, list) {
607 filp = priv->file;
608 if (filp->f_op->write_iter == redirected_tty_write)
609 cons_filp = filp;
610 if (filp->f_op->write_iter != tty_write)
611 continue;
612 closecount++;
613 __tty_fasync(-1, filp, 0); /* can't block */
614 filp->f_op = &hung_up_tty_fops;
615 }
616 spin_unlock(&tty->files_lock);
617
618 refs = tty_signal_session_leader(tty, exit_session);
619 /* Account for the p->signal references we killed */
620 while (refs--)
621 tty_kref_put(tty);
622
623 tty_ldisc_hangup(tty, cons_filp != NULL);
624
625 spin_lock_irq(&tty->ctrl_lock);
626 clear_bit(TTY_THROTTLED, &tty->flags);
627 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
628 put_pid(tty->session);
629 put_pid(tty->pgrp);
630 tty->session = NULL;
631 tty->pgrp = NULL;
632 tty->ctrl_status = 0;
633 spin_unlock_irq(&tty->ctrl_lock);
634
635 /*
636 * If one of the devices matches a console pointer, we
637 * cannot just call hangup() because that will cause
638 * tty->count and state->count to go out of sync.
639 * So we just call close() the right number of times.
640 */
641 if (cons_filp) {
642 if (tty->ops->close)
643 for (n = 0; n < closecount; n++)
644 tty->ops->close(tty, cons_filp);
645 } else if (tty->ops->hangup)
646 tty->ops->hangup(tty);
647 /*
648 * We don't want to have driver/ldisc interactions beyond the ones
649 * we did here. The driver layer expects no calls after ->hangup()
650 * from the ldisc side, which is now guaranteed.
651 */
652 set_bit(TTY_HUPPED, &tty->flags);
653 clear_bit(TTY_HUPPING, &tty->flags);
654 tty_unlock(tty);
655
656 if (f)
657 fput(f);
658}
659
660static void do_tty_hangup(struct work_struct *work)
661{
662 struct tty_struct *tty =
663 container_of(work, struct tty_struct, hangup_work);
664
665 __tty_hangup(tty, 0);
666}
667
668/**
669 * tty_hangup - trigger a hangup event
670 * @tty: tty to hangup
671 *
672 * A carrier loss (virtual or otherwise) has occurred on this like
673 * schedule a hangup sequence to run after this event.
674 */
675
676void tty_hangup(struct tty_struct *tty)
677{
678 tty_debug_hangup(tty, "hangup\n");
679 schedule_work(&tty->hangup_work);
680}
681
682EXPORT_SYMBOL(tty_hangup);
683
684/**
685 * tty_vhangup - process vhangup
686 * @tty: tty to hangup
687 *
688 * The user has asked via system call for the terminal to be hung up.
689 * We do this synchronously so that when the syscall returns the process
690 * is complete. That guarantee is necessary for security reasons.
691 */
692
693void tty_vhangup(struct tty_struct *tty)
694{
695 tty_debug_hangup(tty, "vhangup\n");
696 __tty_hangup(tty, 0);
697}
698
699EXPORT_SYMBOL(tty_vhangup);
700
701
702/**
703 * tty_vhangup_self - process vhangup for own ctty
704 *
705 * Perform a vhangup on the current controlling tty
706 */
707
708void tty_vhangup_self(void)
709{
710 struct tty_struct *tty;
711
712 tty = get_current_tty();
713 if (tty) {
714 tty_vhangup(tty);
715 tty_kref_put(tty);
716 }
717}
718
719/**
720 * tty_vhangup_session - hangup session leader exit
721 * @tty: tty to hangup
722 *
723 * The session leader is exiting and hanging up its controlling terminal.
724 * Every process in the foreground process group is signalled SIGHUP.
725 *
726 * We do this synchronously so that when the syscall returns the process
727 * is complete. That guarantee is necessary for security reasons.
728 */
729
730void tty_vhangup_session(struct tty_struct *tty)
731{
732 tty_debug_hangup(tty, "session hangup\n");
733 __tty_hangup(tty, 1);
734}
735
736/**
737 * tty_hung_up_p - was tty hung up
738 * @filp: file pointer of tty
739 *
740 * Return true if the tty has been subject to a vhangup or a carrier
741 * loss
742 */
743
744int tty_hung_up_p(struct file *filp)
745{
746 return (filp && filp->f_op == &hung_up_tty_fops);
747}
748
749EXPORT_SYMBOL(tty_hung_up_p);
750
751/**
752 * stop_tty - propagate flow control
753 * @tty: tty to stop
754 *
755 * Perform flow control to the driver. May be called
756 * on an already stopped device and will not re-call the driver
757 * method.
758 *
759 * This functionality is used by both the line disciplines for
760 * halting incoming flow and by the driver. It may therefore be
761 * called from any context, may be under the tty atomic_write_lock
762 * but not always.
763 *
764 * Locking:
765 * flow_lock
766 */
767
768void __stop_tty(struct tty_struct *tty)
769{
770 if (tty->stopped)
771 return;
772 tty->stopped = 1;
773 if (tty->ops->stop)
774 tty->ops->stop(tty);
775}
776
777void stop_tty(struct tty_struct *tty)
778{
779 unsigned long flags;
780
781 spin_lock_irqsave(&tty->flow_lock, flags);
782 __stop_tty(tty);
783 spin_unlock_irqrestore(&tty->flow_lock, flags);
784}
785EXPORT_SYMBOL(stop_tty);
786
787/**
788 * start_tty - propagate flow control
789 * @tty: tty to start
790 *
791 * Start a tty that has been stopped if at all possible. If this
792 * tty was previous stopped and is now being started, the driver
793 * start method is invoked and the line discipline woken.
794 *
795 * Locking:
796 * flow_lock
797 */
798
799void __start_tty(struct tty_struct *tty)
800{
801 if (!tty->stopped || tty->flow_stopped)
802 return;
803 tty->stopped = 0;
804 if (tty->ops->start)
805 tty->ops->start(tty);
806 tty_wakeup(tty);
807}
808
809void start_tty(struct tty_struct *tty)
810{
811 unsigned long flags;
812
813 spin_lock_irqsave(&tty->flow_lock, flags);
814 __start_tty(tty);
815 spin_unlock_irqrestore(&tty->flow_lock, flags);
816}
817EXPORT_SYMBOL(start_tty);
818
819static void tty_update_time(struct timespec64 *time)
820{
821 time64_t sec = ktime_get_real_seconds();
822
823 /*
824 * We only care if the two values differ in anything other than the
825 * lower three bits (i.e every 8 seconds). If so, then we can update
826 * the time of the tty device, otherwise it could be construded as a
827 * security leak to let userspace know the exact timing of the tty.
828 */
829 if ((sec ^ time->tv_sec) & ~7)
830 time->tv_sec = sec;
831}
832
833/*
834 * Iterate on the ldisc ->read() function until we've gotten all
835 * the data the ldisc has for us.
836 *
837 * The "cookie" is something that the ldisc read function can fill
838 * in to let us know that there is more data to be had.
839 *
840 * We promise to continue to call the ldisc until it stops returning
841 * data or clears the cookie. The cookie may be something that the
842 * ldisc maintains state for and needs to free.
843 */
844static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
845 struct file *file, struct iov_iter *to)
846{
847 int retval = 0;
848 void *cookie = NULL;
849 unsigned long offset = 0;
850 char kernel_buf[64];
851 size_t count = iov_iter_count(to);
852
853 do {
854 int size, copied;
855
856 size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
857 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
858 if (!size)
859 break;
860
861 if (size < 0) {
862 /* Did we have an earlier error (ie -EFAULT)? */
863 if (retval)
864 break;
865 retval = size;
866
867 /*
868 * -EOVERFLOW means we didn't have enough space
869 * for a whole packet, and we shouldn't return
870 * a partial result.
871 */
872 if (retval == -EOVERFLOW)
873 offset = 0;
874 break;
875 }
876
877 copied = copy_to_iter(kernel_buf, size, to);
878 offset += copied;
879 count -= copied;
880
881 /*
882 * If the user copy failed, we still need to do another ->read()
883 * call if we had a cookie to let the ldisc clear up.
884 *
885 * But make sure size is zeroed.
886 */
887 if (unlikely(copied != size)) {
888 count = 0;
889 retval = -EFAULT;
890 }
891 } while (cookie);
892
893 /* We always clear tty buffer in case they contained passwords */
894 memzero_explicit(kernel_buf, sizeof(kernel_buf));
895 return offset ? offset : retval;
896}
897
898
899/**
900 * tty_read - read method for tty device files
901 * @file: pointer to tty file
902 * @buf: user buffer
903 * @count: size of user buffer
904 * @ppos: unused
905 *
906 * Perform the read system call function on this terminal device. Checks
907 * for hung up devices before calling the line discipline method.
908 *
909 * Locking:
910 * Locks the line discipline internally while needed. Multiple
911 * read calls may be outstanding in parallel.
912 */
913
914static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
915{
916 int i;
917 struct file *file = iocb->ki_filp;
918 struct inode *inode = file_inode(file);
919 struct tty_struct *tty = file_tty(file);
920 struct tty_ldisc *ld;
921
922 if (tty_paranoia_check(tty, inode, "tty_read"))
923 return -EIO;
924 if (!tty || tty_io_error(tty))
925 return -EIO;
926
927 /* We want to wait for the line discipline to sort out in this
928 situation */
929 ld = tty_ldisc_ref_wait(tty);
930 if (!ld)
931 return hung_up_tty_read(iocb, to);
932 i = -EIO;
933 if (ld->ops->read)
934 i = iterate_tty_read(ld, tty, file, to);
935 tty_ldisc_deref(ld);
936
937 if (i > 0)
938 tty_update_time(&inode->i_atime);
939
940 return i;
941}
942
943static void tty_write_unlock(struct tty_struct *tty)
944{
945 mutex_unlock(&tty->atomic_write_lock);
946 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
947}
948
949static int tty_write_lock(struct tty_struct *tty, int ndelay)
950{
951 if (!mutex_trylock(&tty->atomic_write_lock)) {
952 if (ndelay)
953 return -EAGAIN;
954 if (mutex_lock_interruptible(&tty->atomic_write_lock))
955 return -ERESTARTSYS;
956 }
957 return 0;
958}
959
960/*
961 * Split writes up in sane blocksizes to avoid
962 * denial-of-service type attacks
963 */
964static inline ssize_t do_tty_write(
965 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
966 struct tty_struct *tty,
967 struct file *file,
968 struct iov_iter *from)
969{
970 size_t count = iov_iter_count(from);
971 ssize_t ret, written = 0;
972 unsigned int chunk;
973
974 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
975 if (ret < 0)
976 return ret;
977
978 /*
979 * We chunk up writes into a temporary buffer. This
980 * simplifies low-level drivers immensely, since they
981 * don't have locking issues and user mode accesses.
982 *
983 * But if TTY_NO_WRITE_SPLIT is set, we should use a
984 * big chunk-size..
985 *
986 * The default chunk-size is 2kB, because the NTTY
987 * layer has problems with bigger chunks. It will
988 * claim to be able to handle more characters than
989 * it actually does.
990 *
991 * FIXME: This can probably go away now except that 64K chunks
992 * are too likely to fail unless switched to vmalloc...
993 */
994 chunk = 2048;
995 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
996 chunk = 65536;
997 if (count < chunk)
998 chunk = count;
999
1000 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1001 if (tty->write_cnt < chunk) {
1002 unsigned char *buf_chunk;
1003
1004 if (chunk < 1024)
1005 chunk = 1024;
1006
1007 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1008 if (!buf_chunk) {
1009 ret = -ENOMEM;
1010 goto out;
1011 }
1012 kfree(tty->write_buf);
1013 tty->write_cnt = chunk;
1014 tty->write_buf = buf_chunk;
1015 }
1016
1017 /* Do the write .. */
1018 for (;;) {
1019 size_t size = count;
1020 if (size > chunk)
1021 size = chunk;
1022
1023 ret = -EFAULT;
1024 if (copy_from_iter(tty->write_buf, size, from) != size)
1025 break;
1026
1027 ret = write(tty, file, tty->write_buf, size);
1028 if (ret <= 0)
1029 break;
1030
1031 written += ret;
1032 if (ret > size)
1033 break;
1034
1035 /* FIXME! Have Al check this! */
1036 if (ret != size)
1037 iov_iter_revert(from, size-ret);
1038
1039 count -= ret;
1040 if (!count)
1041 break;
1042 ret = -ERESTARTSYS;
1043 if (signal_pending(current))
1044 break;
1045 cond_resched();
1046 }
1047 if (written) {
1048 tty_update_time(&file_inode(file)->i_mtime);
1049 ret = written;
1050 }
1051out:
1052 tty_write_unlock(tty);
1053 return ret;
1054}
1055
1056/**
1057 * tty_write_message - write a message to a certain tty, not just the console.
1058 * @tty: the destination tty_struct
1059 * @msg: the message to write
1060 *
1061 * This is used for messages that need to be redirected to a specific tty.
1062 * We don't put it into the syslog queue right now maybe in the future if
1063 * really needed.
1064 *
1065 * We must still hold the BTM and test the CLOSING flag for the moment.
1066 */
1067
1068void tty_write_message(struct tty_struct *tty, char *msg)
1069{
1070 if (tty) {
1071 mutex_lock(&tty->atomic_write_lock);
1072 tty_lock(tty);
1073 if (tty->ops->write && tty->count > 0)
1074 tty->ops->write(tty, msg, strlen(msg));
1075 tty_unlock(tty);
1076 tty_write_unlock(tty);
1077 }
1078 return;
1079}
1080
1081
1082/**
1083 * tty_write - write method for tty device file
1084 * @file: tty file pointer
1085 * @buf: user data to write
1086 * @count: bytes to write
1087 * @ppos: unused
1088 *
1089 * Write data to a tty device via the line discipline.
1090 *
1091 * Locking:
1092 * Locks the line discipline as required
1093 * Writes to the tty driver are serialized by the atomic_write_lock
1094 * and are then processed in chunks to the device. The line discipline
1095 * write method will not be invoked in parallel for each device.
1096 */
1097
1098static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1099{
1100 struct tty_struct *tty = file_tty(file);
1101 struct tty_ldisc *ld;
1102 ssize_t ret;
1103
1104 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1105 return -EIO;
1106 if (!tty || !tty->ops->write || tty_io_error(tty))
1107 return -EIO;
1108 /* Short term debug to catch buggy drivers */
1109 if (tty->ops->write_room == NULL)
1110 tty_err(tty, "missing write_room method\n");
1111 ld = tty_ldisc_ref_wait(tty);
1112 if (!ld)
1113 return hung_up_tty_write(iocb, from);
1114 if (!ld->ops->write)
1115 ret = -EIO;
1116 else
1117 ret = do_tty_write(ld->ops->write, tty, file, from);
1118 tty_ldisc_deref(ld);
1119 return ret;
1120}
1121
1122static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1123{
1124 return file_tty_write(iocb->ki_filp, iocb, from);
1125}
1126
1127ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1128{
1129 struct file *p = NULL;
1130
1131 spin_lock(&redirect_lock);
1132 if (redirect)
1133 p = get_file(redirect);
1134 spin_unlock(&redirect_lock);
1135
1136 /*
1137 * We know the redirected tty is just another tty, we can can
1138 * call file_tty_write() directly with that file pointer.
1139 */
1140 if (p) {
1141 ssize_t res;
1142 res = file_tty_write(p, iocb, iter);
1143 fput(p);
1144 return res;
1145 }
1146 return tty_write(iocb, iter);
1147}
1148
1149/*
1150 * tty_send_xchar - send priority character
1151 *
1152 * Send a high priority character to the tty even if stopped
1153 *
1154 * Locking: none for xchar method, write ordering for write method.
1155 */
1156
1157int tty_send_xchar(struct tty_struct *tty, char ch)
1158{
1159 int was_stopped = tty->stopped;
1160
1161 if (tty->ops->send_xchar) {
1162 down_read(&tty->termios_rwsem);
1163 tty->ops->send_xchar(tty, ch);
1164 up_read(&tty->termios_rwsem);
1165 return 0;
1166 }
1167
1168 if (tty_write_lock(tty, 0) < 0)
1169 return -ERESTARTSYS;
1170
1171 down_read(&tty->termios_rwsem);
1172 if (was_stopped)
1173 start_tty(tty);
1174 tty->ops->write(tty, &ch, 1);
1175 if (was_stopped)
1176 stop_tty(tty);
1177 up_read(&tty->termios_rwsem);
1178 tty_write_unlock(tty);
1179 return 0;
1180}
1181
1182static char ptychar[] = "pqrstuvwxyzabcde";
1183
1184/**
1185 * pty_line_name - generate name for a pty
1186 * @driver: the tty driver in use
1187 * @index: the minor number
1188 * @p: output buffer of at least 6 bytes
1189 *
1190 * Generate a name from a driver reference and write it to the output
1191 * buffer.
1192 *
1193 * Locking: None
1194 */
1195static void pty_line_name(struct tty_driver *driver, int index, char *p)
1196{
1197 int i = index + driver->name_base;
1198 /* ->name is initialized to "ttyp", but "tty" is expected */
1199 sprintf(p, "%s%c%x",
1200 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1201 ptychar[i >> 4 & 0xf], i & 0xf);
1202}
1203
1204/**
1205 * tty_line_name - generate name for a tty
1206 * @driver: the tty driver in use
1207 * @index: the minor number
1208 * @p: output buffer of at least 7 bytes
1209 *
1210 * Generate a name from a driver reference and write it to the output
1211 * buffer.
1212 *
1213 * Locking: None
1214 */
1215static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1216{
1217 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1218 return sprintf(p, "%s", driver->name);
1219 else
1220 return sprintf(p, "%s%d", driver->name,
1221 index + driver->name_base);
1222}
1223
1224/**
1225 * tty_driver_lookup_tty() - find an existing tty, if any
1226 * @driver: the driver for the tty
1227 * @file: file object
1228 * @idx: the minor number
1229 *
1230 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1231 * driver lookup() method returns an error.
1232 *
1233 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1234 */
1235static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1236 struct file *file, int idx)
1237{
1238 struct tty_struct *tty;
1239
1240 if (driver->ops->lookup)
1241 if (!file)
1242 tty = ERR_PTR(-EIO);
1243 else
1244 tty = driver->ops->lookup(driver, file, idx);
1245 else
1246 tty = driver->ttys[idx];
1247
1248 if (!IS_ERR(tty))
1249 tty_kref_get(tty);
1250 return tty;
1251}
1252
1253/**
1254 * tty_init_termios - helper for termios setup
1255 * @tty: the tty to set up
1256 *
1257 * Initialise the termios structure for this tty. This runs under
1258 * the tty_mutex currently so we can be relaxed about ordering.
1259 */
1260
1261void tty_init_termios(struct tty_struct *tty)
1262{
1263 struct ktermios *tp;
1264 int idx = tty->index;
1265
1266 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1267 tty->termios = tty->driver->init_termios;
1268 else {
1269 /* Check for lazy saved data */
1270 tp = tty->driver->termios[idx];
1271 if (tp != NULL) {
1272 tty->termios = *tp;
1273 tty->termios.c_line = tty->driver->init_termios.c_line;
1274 } else
1275 tty->termios = tty->driver->init_termios;
1276 }
1277 /* Compatibility until drivers always set this */
1278 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1279 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1280}
1281EXPORT_SYMBOL_GPL(tty_init_termios);
1282
1283int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1284{
1285 tty_init_termios(tty);
1286 tty_driver_kref_get(driver);
1287 tty->count++;
1288 driver->ttys[tty->index] = tty;
1289 return 0;
1290}
1291EXPORT_SYMBOL_GPL(tty_standard_install);
1292
1293/**
1294 * tty_driver_install_tty() - install a tty entry in the driver
1295 * @driver: the driver for the tty
1296 * @tty: the tty
1297 *
1298 * Install a tty object into the driver tables. The tty->index field
1299 * will be set by the time this is called. This method is responsible
1300 * for ensuring any need additional structures are allocated and
1301 * configured.
1302 *
1303 * Locking: tty_mutex for now
1304 */
1305static int tty_driver_install_tty(struct tty_driver *driver,
1306 struct tty_struct *tty)
1307{
1308 return driver->ops->install ? driver->ops->install(driver, tty) :
1309 tty_standard_install(driver, tty);
1310}
1311
1312/**
1313 * tty_driver_remove_tty() - remove a tty from the driver tables
1314 * @driver: the driver for the tty
1315 * @tty: tty to remove
1316 *
1317 * Remvoe a tty object from the driver tables. The tty->index field
1318 * will be set by the time this is called.
1319 *
1320 * Locking: tty_mutex for now
1321 */
1322static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1323{
1324 if (driver->ops->remove)
1325 driver->ops->remove(driver, tty);
1326 else
1327 driver->ttys[tty->index] = NULL;
1328}
1329
1330/**
1331 * tty_reopen() - fast re-open of an open tty
1332 * @tty: the tty to open
1333 *
1334 * Return 0 on success, -errno on error.
1335 * Re-opens on master ptys are not allowed and return -EIO.
1336 *
1337 * Locking: Caller must hold tty_lock
1338 */
1339static int tty_reopen(struct tty_struct *tty)
1340{
1341 struct tty_driver *driver = tty->driver;
1342 struct tty_ldisc *ld;
1343 int retval = 0;
1344
1345 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1346 driver->subtype == PTY_TYPE_MASTER)
1347 return -EIO;
1348
1349 if (!tty->count)
1350 return -EAGAIN;
1351
1352 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1353 return -EBUSY;
1354
1355 ld = tty_ldisc_ref_wait(tty);
1356 if (ld) {
1357 tty_ldisc_deref(ld);
1358 } else {
1359 retval = tty_ldisc_lock(tty, 5 * HZ);
1360 if (retval)
1361 return retval;
1362
1363 if (!tty->ldisc)
1364 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1365 tty_ldisc_unlock(tty);
1366 }
1367
1368 if (retval == 0)
1369 tty->count++;
1370
1371 return retval;
1372}
1373
1374/**
1375 * tty_init_dev - initialise a tty device
1376 * @driver: tty driver we are opening a device on
1377 * @idx: device index
1378 *
1379 * Prepare a tty device. This may not be a "new" clean device but
1380 * could also be an active device. The pty drivers require special
1381 * handling because of this.
1382 *
1383 * Locking:
1384 * The function is called under the tty_mutex, which
1385 * protects us from the tty struct or driver itself going away.
1386 *
1387 * On exit the tty device has the line discipline attached and
1388 * a reference count of 1. If a pair was created for pty/tty use
1389 * and the other was a pty master then it too has a reference count of 1.
1390 *
1391 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1392 * failed open. The new code protects the open with a mutex, so it's
1393 * really quite straightforward. The mutex locking can probably be
1394 * relaxed for the (most common) case of reopening a tty.
1395 *
1396 * Return: returned tty structure
1397 */
1398
1399struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1400{
1401 struct tty_struct *tty;
1402 int retval;
1403
1404 /*
1405 * First time open is complex, especially for PTY devices.
1406 * This code guarantees that either everything succeeds and the
1407 * TTY is ready for operation, or else the table slots are vacated
1408 * and the allocated memory released. (Except that the termios
1409 * may be retained.)
1410 */
1411
1412 if (!try_module_get(driver->owner))
1413 return ERR_PTR(-ENODEV);
1414
1415 tty = alloc_tty_struct(driver, idx);
1416 if (!tty) {
1417 retval = -ENOMEM;
1418 goto err_module_put;
1419 }
1420
1421 tty_lock(tty);
1422 retval = tty_driver_install_tty(driver, tty);
1423 if (retval < 0)
1424 goto err_free_tty;
1425
1426 if (!tty->port)
1427 tty->port = driver->ports[idx];
1428
1429 if (WARN_RATELIMIT(!tty->port,
1430 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1431 __func__, tty->driver->name)) {
1432 retval = -EINVAL;
1433 goto err_release_lock;
1434 }
1435
1436 retval = tty_ldisc_lock(tty, 5 * HZ);
1437 if (retval)
1438 goto err_release_lock;
1439 tty->port->itty = tty;
1440
1441 /*
1442 * Structures all installed ... call the ldisc open routines.
1443 * If we fail here just call release_tty to clean up. No need
1444 * to decrement the use counts, as release_tty doesn't care.
1445 */
1446 retval = tty_ldisc_setup(tty, tty->link);
1447 if (retval)
1448 goto err_release_tty;
1449 tty_ldisc_unlock(tty);
1450 /* Return the tty locked so that it cannot vanish under the caller */
1451 return tty;
1452
1453err_free_tty:
1454 tty_unlock(tty);
1455 free_tty_struct(tty);
1456err_module_put:
1457 module_put(driver->owner);
1458 return ERR_PTR(retval);
1459
1460 /* call the tty release_tty routine to clean out this slot */
1461err_release_tty:
1462 tty_ldisc_unlock(tty);
1463 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1464 retval, idx);
1465err_release_lock:
1466 tty_unlock(tty);
1467 release_tty(tty, idx);
1468 return ERR_PTR(retval);
1469}
1470
1471/**
1472 * tty_save_termios() - save tty termios data in driver table
1473 * @tty: tty whose termios data to save
1474 *
1475 * Locking: Caller guarantees serialisation with tty_init_termios().
1476 */
1477void tty_save_termios(struct tty_struct *tty)
1478{
1479 struct ktermios *tp;
1480 int idx = tty->index;
1481
1482 /* If the port is going to reset then it has no termios to save */
1483 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1484 return;
1485
1486 /* Stash the termios data */
1487 tp = tty->driver->termios[idx];
1488 if (tp == NULL) {
1489 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1490 if (tp == NULL)
1491 return;
1492 tty->driver->termios[idx] = tp;
1493 }
1494 *tp = tty->termios;
1495}
1496EXPORT_SYMBOL_GPL(tty_save_termios);
1497
1498/**
1499 * tty_flush_works - flush all works of a tty/pty pair
1500 * @tty: tty device to flush works for (or either end of a pty pair)
1501 *
1502 * Sync flush all works belonging to @tty (and the 'other' tty).
1503 */
1504static void tty_flush_works(struct tty_struct *tty)
1505{
1506 flush_work(&tty->SAK_work);
1507 flush_work(&tty->hangup_work);
1508 if (tty->link) {
1509 flush_work(&tty->link->SAK_work);
1510 flush_work(&tty->link->hangup_work);
1511 }
1512}
1513
1514/**
1515 * release_one_tty - release tty structure memory
1516 * @work: work of tty we are obliterating
1517 *
1518 * Releases memory associated with a tty structure, and clears out the
1519 * driver table slots. This function is called when a device is no longer
1520 * in use. It also gets called when setup of a device fails.
1521 *
1522 * Locking:
1523 * takes the file list lock internally when working on the list
1524 * of ttys that the driver keeps.
1525 *
1526 * This method gets called from a work queue so that the driver private
1527 * cleanup ops can sleep (needed for USB at least)
1528 */
1529static void release_one_tty(struct work_struct *work)
1530{
1531 struct tty_struct *tty =
1532 container_of(work, struct tty_struct, hangup_work);
1533 struct tty_driver *driver = tty->driver;
1534 struct module *owner = driver->owner;
1535
1536 if (tty->ops->cleanup)
1537 tty->ops->cleanup(tty);
1538
1539 tty->magic = 0;
1540 tty_driver_kref_put(driver);
1541 module_put(owner);
1542
1543 spin_lock(&tty->files_lock);
1544 list_del_init(&tty->tty_files);
1545 spin_unlock(&tty->files_lock);
1546
1547 put_pid(tty->pgrp);
1548 put_pid(tty->session);
1549 free_tty_struct(tty);
1550}
1551
1552static void queue_release_one_tty(struct kref *kref)
1553{
1554 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1555
1556 /* The hangup queue is now free so we can reuse it rather than
1557 waste a chunk of memory for each port */
1558 INIT_WORK(&tty->hangup_work, release_one_tty);
1559 schedule_work(&tty->hangup_work);
1560}
1561
1562/**
1563 * tty_kref_put - release a tty kref
1564 * @tty: tty device
1565 *
1566 * Release a reference to a tty device and if need be let the kref
1567 * layer destruct the object for us
1568 */
1569
1570void tty_kref_put(struct tty_struct *tty)
1571{
1572 if (tty)
1573 kref_put(&tty->kref, queue_release_one_tty);
1574}
1575EXPORT_SYMBOL(tty_kref_put);
1576
1577/**
1578 * release_tty - release tty structure memory
1579 * @tty: tty device release
1580 * @idx: index of the tty device release
1581 *
1582 * Release both @tty and a possible linked partner (think pty pair),
1583 * and decrement the refcount of the backing module.
1584 *
1585 * Locking:
1586 * tty_mutex
1587 * takes the file list lock internally when working on the list
1588 * of ttys that the driver keeps.
1589 *
1590 */
1591static void release_tty(struct tty_struct *tty, int idx)
1592{
1593 /* This should always be true but check for the moment */
1594 WARN_ON(tty->index != idx);
1595 WARN_ON(!mutex_is_locked(&tty_mutex));
1596 if (tty->ops->shutdown)
1597 tty->ops->shutdown(tty);
1598 tty_save_termios(tty);
1599 tty_driver_remove_tty(tty->driver, tty);
1600 if (tty->port)
1601 tty->port->itty = NULL;
1602 if (tty->link)
1603 tty->link->port->itty = NULL;
1604 if (tty->port)
1605 tty_buffer_cancel_work(tty->port);
1606 if (tty->link)
1607 tty_buffer_cancel_work(tty->link->port);
1608
1609 tty_kref_put(tty->link);
1610 tty_kref_put(tty);
1611}
1612
1613/**
1614 * tty_release_checks - check a tty before real release
1615 * @tty: tty to check
1616 * @idx: index of the tty
1617 *
1618 * Performs some paranoid checking before true release of the @tty.
1619 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1620 */
1621static int tty_release_checks(struct tty_struct *tty, int idx)
1622{
1623#ifdef TTY_PARANOIA_CHECK
1624 if (idx < 0 || idx >= tty->driver->num) {
1625 tty_debug(tty, "bad idx %d\n", idx);
1626 return -1;
1627 }
1628
1629 /* not much to check for devpts */
1630 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1631 return 0;
1632
1633 if (tty != tty->driver->ttys[idx]) {
1634 tty_debug(tty, "bad driver table[%d] = %p\n",
1635 idx, tty->driver->ttys[idx]);
1636 return -1;
1637 }
1638 if (tty->driver->other) {
1639 struct tty_struct *o_tty = tty->link;
1640
1641 if (o_tty != tty->driver->other->ttys[idx]) {
1642 tty_debug(tty, "bad other table[%d] = %p\n",
1643 idx, tty->driver->other->ttys[idx]);
1644 return -1;
1645 }
1646 if (o_tty->link != tty) {
1647 tty_debug(tty, "bad link = %p\n", o_tty->link);
1648 return -1;
1649 }
1650 }
1651#endif
1652 return 0;
1653}
1654
1655/**
1656 * tty_kclose - closes tty opened by tty_kopen
1657 * @tty: tty device
1658 *
1659 * Performs the final steps to release and free a tty device. It is the
1660 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED
1661 * flag on tty->port.
1662 */
1663void tty_kclose(struct tty_struct *tty)
1664{
1665 /*
1666 * Ask the line discipline code to release its structures
1667 */
1668 tty_ldisc_release(tty);
1669
1670 /* Wait for pending work before tty destruction commmences */
1671 tty_flush_works(tty);
1672
1673 tty_debug_hangup(tty, "freeing structure\n");
1674 /*
1675 * The release_tty function takes care of the details of clearing
1676 * the slots and preserving the termios structure.
1677 */
1678 mutex_lock(&tty_mutex);
1679 tty_port_set_kopened(tty->port, 0);
1680 release_tty(tty, tty->index);
1681 mutex_unlock(&tty_mutex);
1682}
1683EXPORT_SYMBOL_GPL(tty_kclose);
1684
1685/**
1686 * tty_release_struct - release a tty struct
1687 * @tty: tty device
1688 * @idx: index of the tty
1689 *
1690 * Performs the final steps to release and free a tty device. It is
1691 * roughly the reverse of tty_init_dev.
1692 */
1693void tty_release_struct(struct tty_struct *tty, int idx)
1694{
1695 /*
1696 * Ask the line discipline code to release its structures
1697 */
1698 tty_ldisc_release(tty);
1699
1700 /* Wait for pending work before tty destruction commmences */
1701 tty_flush_works(tty);
1702
1703 tty_debug_hangup(tty, "freeing structure\n");
1704 /*
1705 * The release_tty function takes care of the details of clearing
1706 * the slots and preserving the termios structure.
1707 */
1708 mutex_lock(&tty_mutex);
1709 release_tty(tty, idx);
1710 mutex_unlock(&tty_mutex);
1711}
1712EXPORT_SYMBOL_GPL(tty_release_struct);
1713
1714/**
1715 * tty_release - vfs callback for close
1716 * @inode: inode of tty
1717 * @filp: file pointer for handle to tty
1718 *
1719 * Called the last time each file handle is closed that references
1720 * this tty. There may however be several such references.
1721 *
1722 * Locking:
1723 * Takes bkl. See tty_release_dev
1724 *
1725 * Even releasing the tty structures is a tricky business.. We have
1726 * to be very careful that the structures are all released at the
1727 * same time, as interrupts might otherwise get the wrong pointers.
1728 *
1729 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1730 * lead to double frees or releasing memory still in use.
1731 */
1732
1733int tty_release(struct inode *inode, struct file *filp)
1734{
1735 struct tty_struct *tty = file_tty(filp);
1736 struct tty_struct *o_tty = NULL;
1737 int do_sleep, final;
1738 int idx;
1739 long timeout = 0;
1740 int once = 1;
1741
1742 if (tty_paranoia_check(tty, inode, __func__))
1743 return 0;
1744
1745 tty_lock(tty);
1746 check_tty_count(tty, __func__);
1747
1748 __tty_fasync(-1, filp, 0);
1749
1750 idx = tty->index;
1751 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1752 tty->driver->subtype == PTY_TYPE_MASTER)
1753 o_tty = tty->link;
1754
1755 if (tty_release_checks(tty, idx)) {
1756 tty_unlock(tty);
1757 return 0;
1758 }
1759
1760 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1761
1762 if (tty->ops->close)
1763 tty->ops->close(tty, filp);
1764
1765 /* If tty is pty master, lock the slave pty (stable lock order) */
1766 tty_lock_slave(o_tty);
1767
1768 /*
1769 * Sanity check: if tty->count is going to zero, there shouldn't be
1770 * any waiters on tty->read_wait or tty->write_wait. We test the
1771 * wait queues and kick everyone out _before_ actually starting to
1772 * close. This ensures that we won't block while releasing the tty
1773 * structure.
1774 *
1775 * The test for the o_tty closing is necessary, since the master and
1776 * slave sides may close in any order. If the slave side closes out
1777 * first, its count will be one, since the master side holds an open.
1778 * Thus this test wouldn't be triggered at the time the slave closed,
1779 * so we do it now.
1780 */
1781 while (1) {
1782 do_sleep = 0;
1783
1784 if (tty->count <= 1) {
1785 if (waitqueue_active(&tty->read_wait)) {
1786 wake_up_poll(&tty->read_wait, EPOLLIN);
1787 do_sleep++;
1788 }
1789 if (waitqueue_active(&tty->write_wait)) {
1790 wake_up_poll(&tty->write_wait, EPOLLOUT);
1791 do_sleep++;
1792 }
1793 }
1794 if (o_tty && o_tty->count <= 1) {
1795 if (waitqueue_active(&o_tty->read_wait)) {
1796 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1797 do_sleep++;
1798 }
1799 if (waitqueue_active(&o_tty->write_wait)) {
1800 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1801 do_sleep++;
1802 }
1803 }
1804 if (!do_sleep)
1805 break;
1806
1807 if (once) {
1808 once = 0;
1809 tty_warn(tty, "read/write wait queue active!\n");
1810 }
1811 schedule_timeout_killable(timeout);
1812 if (timeout < 120 * HZ)
1813 timeout = 2 * timeout + 1;
1814 else
1815 timeout = MAX_SCHEDULE_TIMEOUT;
1816 }
1817
1818 if (o_tty) {
1819 if (--o_tty->count < 0) {
1820 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1821 o_tty->count = 0;
1822 }
1823 }
1824 if (--tty->count < 0) {
1825 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1826 tty->count = 0;
1827 }
1828
1829 /*
1830 * We've decremented tty->count, so we need to remove this file
1831 * descriptor off the tty->tty_files list; this serves two
1832 * purposes:
1833 * - check_tty_count sees the correct number of file descriptors
1834 * associated with this tty.
1835 * - do_tty_hangup no longer sees this file descriptor as
1836 * something that needs to be handled for hangups.
1837 */
1838 tty_del_file(filp);
1839
1840 /*
1841 * Perform some housekeeping before deciding whether to return.
1842 *
1843 * If _either_ side is closing, make sure there aren't any
1844 * processes that still think tty or o_tty is their controlling
1845 * tty.
1846 */
1847 if (!tty->count) {
1848 read_lock(&tasklist_lock);
1849 session_clear_tty(tty->session);
1850 if (o_tty)
1851 session_clear_tty(o_tty->session);
1852 read_unlock(&tasklist_lock);
1853 }
1854
1855 /* check whether both sides are closing ... */
1856 final = !tty->count && !(o_tty && o_tty->count);
1857
1858 tty_unlock_slave(o_tty);
1859 tty_unlock(tty);
1860
1861 /* At this point, the tty->count == 0 should ensure a dead tty
1862 cannot be re-opened by a racing opener */
1863
1864 if (!final)
1865 return 0;
1866
1867 tty_debug_hangup(tty, "final close\n");
1868
1869 tty_release_struct(tty, idx);
1870 return 0;
1871}
1872
1873/**
1874 * tty_open_current_tty - get locked tty of current task
1875 * @device: device number
1876 * @filp: file pointer to tty
1877 * @return: locked tty of the current task iff @device is /dev/tty
1878 *
1879 * Performs a re-open of the current task's controlling tty.
1880 *
1881 * We cannot return driver and index like for the other nodes because
1882 * devpts will not work then. It expects inodes to be from devpts FS.
1883 */
1884static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1885{
1886 struct tty_struct *tty;
1887 int retval;
1888
1889 if (device != MKDEV(TTYAUX_MAJOR, 0))
1890 return NULL;
1891
1892 tty = get_current_tty();
1893 if (!tty)
1894 return ERR_PTR(-ENXIO);
1895
1896 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1897 /* noctty = 1; */
1898 tty_lock(tty);
1899 tty_kref_put(tty); /* safe to drop the kref now */
1900
1901 retval = tty_reopen(tty);
1902 if (retval < 0) {
1903 tty_unlock(tty);
1904 tty = ERR_PTR(retval);
1905 }
1906 return tty;
1907}
1908
1909/**
1910 * tty_lookup_driver - lookup a tty driver for a given device file
1911 * @device: device number
1912 * @filp: file pointer to tty
1913 * @index: index for the device in the @return driver
1914 * @return: driver for this inode (with increased refcount)
1915 *
1916 * If @return is not erroneous, the caller is responsible to decrement the
1917 * refcount by tty_driver_kref_put.
1918 *
1919 * Locking: tty_mutex protects get_tty_driver
1920 */
1921static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1922 int *index)
1923{
1924 struct tty_driver *driver = NULL;
1925
1926 switch (device) {
1927#ifdef CONFIG_VT
1928 case MKDEV(TTY_MAJOR, 0): {
1929 extern struct tty_driver *console_driver;
1930 driver = tty_driver_kref_get(console_driver);
1931 *index = fg_console;
1932 break;
1933 }
1934#endif
1935 case MKDEV(TTYAUX_MAJOR, 1): {
1936 struct tty_driver *console_driver = console_device(index);
1937 if (console_driver) {
1938 driver = tty_driver_kref_get(console_driver);
1939 if (driver && filp) {
1940 /* Don't let /dev/console block */
1941 filp->f_flags |= O_NONBLOCK;
1942 break;
1943 }
1944 }
1945 if (driver)
1946 tty_driver_kref_put(driver);
1947 return ERR_PTR(-ENODEV);
1948 }
1949 default:
1950 driver = get_tty_driver(device, index);
1951 if (!driver)
1952 return ERR_PTR(-ENODEV);
1953 break;
1954 }
1955 return driver;
1956}
1957
1958/**
1959 * tty_kopen - open a tty device for kernel
1960 * @device: dev_t of device to open
1961 *
1962 * Opens tty exclusively for kernel. Performs the driver lookup,
1963 * makes sure it's not already opened and performs the first-time
1964 * tty initialization.
1965 *
1966 * Returns the locked initialized &tty_struct
1967 *
1968 * Claims the global tty_mutex to serialize:
1969 * - concurrent first-time tty initialization
1970 * - concurrent tty driver removal w/ lookup
1971 * - concurrent tty removal from driver table
1972 */
1973struct tty_struct *tty_kopen(dev_t device)
1974{
1975 struct tty_struct *tty;
1976 struct tty_driver *driver;
1977 int index = -1;
1978
1979 mutex_lock(&tty_mutex);
1980 driver = tty_lookup_driver(device, NULL, &index);
1981 if (IS_ERR(driver)) {
1982 mutex_unlock(&tty_mutex);
1983 return ERR_CAST(driver);
1984 }
1985
1986 /* check whether we're reopening an existing tty */
1987 tty = tty_driver_lookup_tty(driver, NULL, index);
1988 if (IS_ERR(tty))
1989 goto out;
1990
1991 if (tty) {
1992 /* drop kref from tty_driver_lookup_tty() */
1993 tty_kref_put(tty);
1994 tty = ERR_PTR(-EBUSY);
1995 } else { /* tty_init_dev returns tty with the tty_lock held */
1996 tty = tty_init_dev(driver, index);
1997 if (IS_ERR(tty))
1998 goto out;
1999 tty_port_set_kopened(tty->port, 1);
2000 }
2001out:
2002 mutex_unlock(&tty_mutex);
2003 tty_driver_kref_put(driver);
2004 return tty;
2005}
2006EXPORT_SYMBOL_GPL(tty_kopen);
2007
2008/**
2009 * tty_open_by_driver - open a tty device
2010 * @device: dev_t of device to open
2011 * @filp: file pointer to tty
2012 *
2013 * Performs the driver lookup, checks for a reopen, or otherwise
2014 * performs the first-time tty initialization.
2015 *
2016 * Returns the locked initialized or re-opened &tty_struct
2017 *
2018 * Claims the global tty_mutex to serialize:
2019 * - concurrent first-time tty initialization
2020 * - concurrent tty driver removal w/ lookup
2021 * - concurrent tty removal from driver table
2022 */
2023static struct tty_struct *tty_open_by_driver(dev_t device,
2024 struct file *filp)
2025{
2026 struct tty_struct *tty;
2027 struct tty_driver *driver = NULL;
2028 int index = -1;
2029 int retval;
2030
2031 mutex_lock(&tty_mutex);
2032 driver = tty_lookup_driver(device, filp, &index);
2033 if (IS_ERR(driver)) {
2034 mutex_unlock(&tty_mutex);
2035 return ERR_CAST(driver);
2036 }
2037
2038 /* check whether we're reopening an existing tty */
2039 tty = tty_driver_lookup_tty(driver, filp, index);
2040 if (IS_ERR(tty)) {
2041 mutex_unlock(&tty_mutex);
2042 goto out;
2043 }
2044
2045 if (tty) {
2046 if (tty_port_kopened(tty->port)) {
2047 tty_kref_put(tty);
2048 mutex_unlock(&tty_mutex);
2049 tty = ERR_PTR(-EBUSY);
2050 goto out;
2051 }
2052 mutex_unlock(&tty_mutex);
2053 retval = tty_lock_interruptible(tty);
2054 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2055 if (retval) {
2056 if (retval == -EINTR)
2057 retval = -ERESTARTSYS;
2058 tty = ERR_PTR(retval);
2059 goto out;
2060 }
2061 retval = tty_reopen(tty);
2062 if (retval < 0) {
2063 tty_unlock(tty);
2064 tty = ERR_PTR(retval);
2065 }
2066 } else { /* Returns with the tty_lock held for now */
2067 tty = tty_init_dev(driver, index);
2068 mutex_unlock(&tty_mutex);
2069 }
2070out:
2071 tty_driver_kref_put(driver);
2072 return tty;
2073}
2074
2075/**
2076 * tty_open - open a tty device
2077 * @inode: inode of device file
2078 * @filp: file pointer to tty
2079 *
2080 * tty_open and tty_release keep up the tty count that contains the
2081 * number of opens done on a tty. We cannot use the inode-count, as
2082 * different inodes might point to the same tty.
2083 *
2084 * Open-counting is needed for pty masters, as well as for keeping
2085 * track of serial lines: DTR is dropped when the last close happens.
2086 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2087 *
2088 * The termios state of a pty is reset on first open so that
2089 * settings don't persist across reuse.
2090 *
2091 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2092 * tty->count should protect the rest.
2093 * ->siglock protects ->signal/->sighand
2094 *
2095 * Note: the tty_unlock/lock cases without a ref are only safe due to
2096 * tty_mutex
2097 */
2098
2099static int tty_open(struct inode *inode, struct file *filp)
2100{
2101 struct tty_struct *tty;
2102 int noctty, retval;
2103 dev_t device = inode->i_rdev;
2104 unsigned saved_flags = filp->f_flags;
2105
2106 nonseekable_open(inode, filp);
2107
2108retry_open:
2109 retval = tty_alloc_file(filp);
2110 if (retval)
2111 return -ENOMEM;
2112
2113 tty = tty_open_current_tty(device, filp);
2114 if (!tty)
2115 tty = tty_open_by_driver(device, filp);
2116
2117 if (IS_ERR(tty)) {
2118 tty_free_file(filp);
2119 retval = PTR_ERR(tty);
2120 if (retval != -EAGAIN || signal_pending(current))
2121 return retval;
2122 schedule();
2123 goto retry_open;
2124 }
2125
2126 tty_add_file(tty, filp);
2127
2128 check_tty_count(tty, __func__);
2129 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2130
2131 if (tty->ops->open)
2132 retval = tty->ops->open(tty, filp);
2133 else
2134 retval = -ENODEV;
2135 filp->f_flags = saved_flags;
2136
2137 if (retval) {
2138 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2139
2140 tty_unlock(tty); /* need to call tty_release without BTM */
2141 tty_release(inode, filp);
2142 if (retval != -ERESTARTSYS)
2143 return retval;
2144
2145 if (signal_pending(current))
2146 return retval;
2147
2148 schedule();
2149 /*
2150 * Need to reset f_op in case a hangup happened.
2151 */
2152 if (tty_hung_up_p(filp))
2153 filp->f_op = &tty_fops;
2154 goto retry_open;
2155 }
2156 clear_bit(TTY_HUPPED, &tty->flags);
2157
2158 noctty = (filp->f_flags & O_NOCTTY) ||
2159 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2160 device == MKDEV(TTYAUX_MAJOR, 1) ||
2161 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2162 tty->driver->subtype == PTY_TYPE_MASTER);
2163 if (!noctty)
2164 tty_open_proc_set_tty(filp, tty);
2165 tty_unlock(tty);
2166 return 0;
2167}
2168
2169
2170
2171/**
2172 * tty_poll - check tty status
2173 * @filp: file being polled
2174 * @wait: poll wait structures to update
2175 *
2176 * Call the line discipline polling method to obtain the poll
2177 * status of the device.
2178 *
2179 * Locking: locks called line discipline but ldisc poll method
2180 * may be re-entered freely by other callers.
2181 */
2182
2183static __poll_t tty_poll(struct file *filp, poll_table *wait)
2184{
2185 struct tty_struct *tty = file_tty(filp);
2186 struct tty_ldisc *ld;
2187 __poll_t ret = 0;
2188
2189 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2190 return 0;
2191
2192 ld = tty_ldisc_ref_wait(tty);
2193 if (!ld)
2194 return hung_up_tty_poll(filp, wait);
2195 if (ld->ops->poll)
2196 ret = ld->ops->poll(tty, filp, wait);
2197 tty_ldisc_deref(ld);
2198 return ret;
2199}
2200
2201static int __tty_fasync(int fd, struct file *filp, int on)
2202{
2203 struct tty_struct *tty = file_tty(filp);
2204 unsigned long flags;
2205 int retval = 0;
2206
2207 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2208 goto out;
2209
2210 retval = fasync_helper(fd, filp, on, &tty->fasync);
2211 if (retval <= 0)
2212 goto out;
2213
2214 if (on) {
2215 enum pid_type type;
2216 struct pid *pid;
2217
2218 spin_lock_irqsave(&tty->ctrl_lock, flags);
2219 if (tty->pgrp) {
2220 pid = tty->pgrp;
2221 type = PIDTYPE_PGID;
2222 } else {
2223 pid = task_pid(current);
2224 type = PIDTYPE_TGID;
2225 }
2226 get_pid(pid);
2227 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2228 __f_setown(filp, pid, type, 0);
2229 put_pid(pid);
2230 retval = 0;
2231 }
2232out:
2233 return retval;
2234}
2235
2236static int tty_fasync(int fd, struct file *filp, int on)
2237{
2238 struct tty_struct *tty = file_tty(filp);
2239 int retval = -ENOTTY;
2240
2241 tty_lock(tty);
2242 if (!tty_hung_up_p(filp))
2243 retval = __tty_fasync(fd, filp, on);
2244 tty_unlock(tty);
2245
2246 return retval;
2247}
2248
2249/**
2250 * tiocsti - fake input character
2251 * @tty: tty to fake input into
2252 * @p: pointer to character
2253 *
2254 * Fake input to a tty device. Does the necessary locking and
2255 * input management.
2256 *
2257 * FIXME: does not honour flow control ??
2258 *
2259 * Locking:
2260 * Called functions take tty_ldiscs_lock
2261 * current->signal->tty check is safe without locks
2262 *
2263 * FIXME: may race normal receive processing
2264 */
2265
2266static int tiocsti(struct tty_struct *tty, char __user *p)
2267{
2268 char ch, mbz = 0;
2269 struct tty_ldisc *ld;
2270
2271 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2272 return -EPERM;
2273 if (get_user(ch, p))
2274 return -EFAULT;
2275 tty_audit_tiocsti(tty, ch);
2276 ld = tty_ldisc_ref_wait(tty);
2277 if (!ld)
2278 return -EIO;
2279 if (ld->ops->receive_buf)
2280 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2281 tty_ldisc_deref(ld);
2282 return 0;
2283}
2284
2285/**
2286 * tiocgwinsz - implement window query ioctl
2287 * @tty: tty
2288 * @arg: user buffer for result
2289 *
2290 * Copies the kernel idea of the window size into the user buffer.
2291 *
2292 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2293 * is consistent.
2294 */
2295
2296static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2297{
2298 int err;
2299
2300 mutex_lock(&tty->winsize_mutex);
2301 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2302 mutex_unlock(&tty->winsize_mutex);
2303
2304 return err ? -EFAULT: 0;
2305}
2306
2307/**
2308 * tty_do_resize - resize event
2309 * @tty: tty being resized
2310 * @ws: new dimensions
2311 *
2312 * Update the termios variables and send the necessary signals to
2313 * peform a terminal resize correctly
2314 */
2315
2316int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2317{
2318 struct pid *pgrp;
2319
2320 /* Lock the tty */
2321 mutex_lock(&tty->winsize_mutex);
2322 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2323 goto done;
2324
2325 /* Signal the foreground process group */
2326 pgrp = tty_get_pgrp(tty);
2327 if (pgrp)
2328 kill_pgrp(pgrp, SIGWINCH, 1);
2329 put_pid(pgrp);
2330
2331 tty->winsize = *ws;
2332done:
2333 mutex_unlock(&tty->winsize_mutex);
2334 return 0;
2335}
2336EXPORT_SYMBOL(tty_do_resize);
2337
2338/**
2339 * tiocswinsz - implement window size set ioctl
2340 * @tty: tty side of tty
2341 * @arg: user buffer for result
2342 *
2343 * Copies the user idea of the window size to the kernel. Traditionally
2344 * this is just advisory information but for the Linux console it
2345 * actually has driver level meaning and triggers a VC resize.
2346 *
2347 * Locking:
2348 * Driver dependent. The default do_resize method takes the
2349 * tty termios mutex and ctrl_lock. The console takes its own lock
2350 * then calls into the default method.
2351 */
2352
2353static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2354{
2355 struct winsize tmp_ws;
2356 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2357 return -EFAULT;
2358
2359 if (tty->ops->resize)
2360 return tty->ops->resize(tty, &tmp_ws);
2361 else
2362 return tty_do_resize(tty, &tmp_ws);
2363}
2364
2365/**
2366 * tioccons - allow admin to move logical console
2367 * @file: the file to become console
2368 *
2369 * Allow the administrator to move the redirected console device
2370 *
2371 * Locking: uses redirect_lock to guard the redirect information
2372 */
2373
2374static int tioccons(struct file *file)
2375{
2376 if (!capable(CAP_SYS_ADMIN))
2377 return -EPERM;
2378 if (file->f_op->write_iter == redirected_tty_write) {
2379 struct file *f;
2380 spin_lock(&redirect_lock);
2381 f = redirect;
2382 redirect = NULL;
2383 spin_unlock(&redirect_lock);
2384 if (f)
2385 fput(f);
2386 return 0;
2387 }
2388 if (file->f_op->write_iter != tty_write)
2389 return -ENOTTY;
2390 if (!(file->f_mode & FMODE_WRITE))
2391 return -EBADF;
2392 if (!(file->f_mode & FMODE_CAN_WRITE))
2393 return -EINVAL;
2394 spin_lock(&redirect_lock);
2395 if (redirect) {
2396 spin_unlock(&redirect_lock);
2397 return -EBUSY;
2398 }
2399 redirect = get_file(file);
2400 spin_unlock(&redirect_lock);
2401 return 0;
2402}
2403
2404/**
2405 * tiocsetd - set line discipline
2406 * @tty: tty device
2407 * @p: pointer to user data
2408 *
2409 * Set the line discipline according to user request.
2410 *
2411 * Locking: see tty_set_ldisc, this function is just a helper
2412 */
2413
2414static int tiocsetd(struct tty_struct *tty, int __user *p)
2415{
2416 int disc;
2417 int ret;
2418
2419 if (get_user(disc, p))
2420 return -EFAULT;
2421
2422 ret = tty_set_ldisc(tty, disc);
2423
2424 return ret;
2425}
2426
2427/**
2428 * tiocgetd - get line discipline
2429 * @tty: tty device
2430 * @p: pointer to user data
2431 *
2432 * Retrieves the line discipline id directly from the ldisc.
2433 *
2434 * Locking: waits for ldisc reference (in case the line discipline
2435 * is changing or the tty is being hungup)
2436 */
2437
2438static int tiocgetd(struct tty_struct *tty, int __user *p)
2439{
2440 struct tty_ldisc *ld;
2441 int ret;
2442
2443 ld = tty_ldisc_ref_wait(tty);
2444 if (!ld)
2445 return -EIO;
2446 ret = put_user(ld->ops->num, p);
2447 tty_ldisc_deref(ld);
2448 return ret;
2449}
2450
2451/**
2452 * send_break - performed time break
2453 * @tty: device to break on
2454 * @duration: timeout in mS
2455 *
2456 * Perform a timed break on hardware that lacks its own driver level
2457 * timed break functionality.
2458 *
2459 * Locking:
2460 * atomic_write_lock serializes
2461 *
2462 */
2463
2464static int send_break(struct tty_struct *tty, unsigned int duration)
2465{
2466 int retval;
2467
2468 if (tty->ops->break_ctl == NULL)
2469 return 0;
2470
2471 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2472 retval = tty->ops->break_ctl(tty, duration);
2473 else {
2474 /* Do the work ourselves */
2475 if (tty_write_lock(tty, 0) < 0)
2476 return -EINTR;
2477 retval = tty->ops->break_ctl(tty, -1);
2478 if (retval)
2479 goto out;
2480 if (!signal_pending(current))
2481 msleep_interruptible(duration);
2482 retval = tty->ops->break_ctl(tty, 0);
2483out:
2484 tty_write_unlock(tty);
2485 if (signal_pending(current))
2486 retval = -EINTR;
2487 }
2488 return retval;
2489}
2490
2491/**
2492 * tty_tiocmget - get modem status
2493 * @tty: tty device
2494 * @p: pointer to result
2495 *
2496 * Obtain the modem status bits from the tty driver if the feature
2497 * is supported. Return -ENOTTY if it is not available.
2498 *
2499 * Locking: none (up to the driver)
2500 */
2501
2502static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2503{
2504 int retval = -ENOTTY;
2505
2506 if (tty->ops->tiocmget) {
2507 retval = tty->ops->tiocmget(tty);
2508
2509 if (retval >= 0)
2510 retval = put_user(retval, p);
2511 }
2512 return retval;
2513}
2514
2515/**
2516 * tty_tiocmset - set modem status
2517 * @tty: tty device
2518 * @cmd: command - clear bits, set bits or set all
2519 * @p: pointer to desired bits
2520 *
2521 * Set the modem status bits from the tty driver if the feature
2522 * is supported. Return -ENOTTY if it is not available.
2523 *
2524 * Locking: none (up to the driver)
2525 */
2526
2527static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2528 unsigned __user *p)
2529{
2530 int retval;
2531 unsigned int set, clear, val;
2532
2533 if (tty->ops->tiocmset == NULL)
2534 return -ENOTTY;
2535
2536 retval = get_user(val, p);
2537 if (retval)
2538 return retval;
2539 set = clear = 0;
2540 switch (cmd) {
2541 case TIOCMBIS:
2542 set = val;
2543 break;
2544 case TIOCMBIC:
2545 clear = val;
2546 break;
2547 case TIOCMSET:
2548 set = val;
2549 clear = ~val;
2550 break;
2551 }
2552 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2553 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2554 return tty->ops->tiocmset(tty, set, clear);
2555}
2556
2557static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2558{
2559 int retval = -EINVAL;
2560 struct serial_icounter_struct icount;
2561 memset(&icount, 0, sizeof(icount));
2562 if (tty->ops->get_icount)
2563 retval = tty->ops->get_icount(tty, &icount);
2564 if (retval != 0)
2565 return retval;
2566 if (copy_to_user(arg, &icount, sizeof(icount)))
2567 return -EFAULT;
2568 return 0;
2569}
2570
2571static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2572{
2573 static DEFINE_RATELIMIT_STATE(depr_flags,
2574 DEFAULT_RATELIMIT_INTERVAL,
2575 DEFAULT_RATELIMIT_BURST);
2576 char comm[TASK_COMM_LEN];
2577 struct serial_struct v;
2578 int flags;
2579
2580 if (copy_from_user(&v, ss, sizeof(*ss)))
2581 return -EFAULT;
2582
2583 flags = v.flags & ASYNC_DEPRECATED;
2584
2585 if (flags && __ratelimit(&depr_flags))
2586 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2587 __func__, get_task_comm(comm, current), flags);
2588 if (!tty->ops->set_serial)
2589 return -ENOTTY;
2590 return tty->ops->set_serial(tty, &v);
2591}
2592
2593static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2594{
2595 struct serial_struct v;
2596 int err;
2597
2598 memset(&v, 0, sizeof(v));
2599 if (!tty->ops->get_serial)
2600 return -ENOTTY;
2601 err = tty->ops->get_serial(tty, &v);
2602 if (!err && copy_to_user(ss, &v, sizeof(v)))
2603 err = -EFAULT;
2604 return err;
2605}
2606
2607/*
2608 * if pty, return the slave side (real_tty)
2609 * otherwise, return self
2610 */
2611static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2612{
2613 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2614 tty->driver->subtype == PTY_TYPE_MASTER)
2615 tty = tty->link;
2616 return tty;
2617}
2618
2619/*
2620 * Split this up, as gcc can choke on it otherwise..
2621 */
2622long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2623{
2624 struct tty_struct *tty = file_tty(file);
2625 struct tty_struct *real_tty;
2626 void __user *p = (void __user *)arg;
2627 int retval;
2628 struct tty_ldisc *ld;
2629
2630 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2631 return -EINVAL;
2632
2633 real_tty = tty_pair_get_tty(tty);
2634
2635 /*
2636 * Factor out some common prep work
2637 */
2638 switch (cmd) {
2639 case TIOCSETD:
2640 case TIOCSBRK:
2641 case TIOCCBRK:
2642 case TCSBRK:
2643 case TCSBRKP:
2644 retval = tty_check_change(tty);
2645 if (retval)
2646 return retval;
2647 if (cmd != TIOCCBRK) {
2648 tty_wait_until_sent(tty, 0);
2649 if (signal_pending(current))
2650 return -EINTR;
2651 }
2652 break;
2653 }
2654
2655 /*
2656 * Now do the stuff.
2657 */
2658 switch (cmd) {
2659 case TIOCSTI:
2660 return tiocsti(tty, p);
2661 case TIOCGWINSZ:
2662 return tiocgwinsz(real_tty, p);
2663 case TIOCSWINSZ:
2664 return tiocswinsz(real_tty, p);
2665 case TIOCCONS:
2666 return real_tty != tty ? -EINVAL : tioccons(file);
2667 case TIOCEXCL:
2668 set_bit(TTY_EXCLUSIVE, &tty->flags);
2669 return 0;
2670 case TIOCNXCL:
2671 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2672 return 0;
2673 case TIOCGEXCL:
2674 {
2675 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2676 return put_user(excl, (int __user *)p);
2677 }
2678 case TIOCGETD:
2679 return tiocgetd(tty, p);
2680 case TIOCSETD:
2681 return tiocsetd(tty, p);
2682 case TIOCVHANGUP:
2683 if (!capable(CAP_SYS_ADMIN))
2684 return -EPERM;
2685 tty_vhangup(tty);
2686 return 0;
2687 case TIOCGDEV:
2688 {
2689 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2690 return put_user(ret, (unsigned int __user *)p);
2691 }
2692 /*
2693 * Break handling
2694 */
2695 case TIOCSBRK: /* Turn break on, unconditionally */
2696 if (tty->ops->break_ctl)
2697 return tty->ops->break_ctl(tty, -1);
2698 return 0;
2699 case TIOCCBRK: /* Turn break off, unconditionally */
2700 if (tty->ops->break_ctl)
2701 return tty->ops->break_ctl(tty, 0);
2702 return 0;
2703 case TCSBRK: /* SVID version: non-zero arg --> no break */
2704 /* non-zero arg means wait for all output data
2705 * to be sent (performed above) but don't send break.
2706 * This is used by the tcdrain() termios function.
2707 */
2708 if (!arg)
2709 return send_break(tty, 250);
2710 return 0;
2711 case TCSBRKP: /* support for POSIX tcsendbreak() */
2712 return send_break(tty, arg ? arg*100 : 250);
2713
2714 case TIOCMGET:
2715 return tty_tiocmget(tty, p);
2716 case TIOCMSET:
2717 case TIOCMBIC:
2718 case TIOCMBIS:
2719 return tty_tiocmset(tty, cmd, p);
2720 case TIOCGICOUNT:
2721 return tty_tiocgicount(tty, p);
2722 case TCFLSH:
2723 switch (arg) {
2724 case TCIFLUSH:
2725 case TCIOFLUSH:
2726 /* flush tty buffer and allow ldisc to process ioctl */
2727 tty_buffer_flush(tty, NULL);
2728 break;
2729 }
2730 break;
2731 case TIOCSSERIAL:
2732 return tty_tiocsserial(tty, p);
2733 case TIOCGSERIAL:
2734 return tty_tiocgserial(tty, p);
2735 case TIOCGPTPEER:
2736 /* Special because the struct file is needed */
2737 return ptm_open_peer(file, tty, (int)arg);
2738 default:
2739 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2740 if (retval != -ENOIOCTLCMD)
2741 return retval;
2742 }
2743 if (tty->ops->ioctl) {
2744 retval = tty->ops->ioctl(tty, cmd, arg);
2745 if (retval != -ENOIOCTLCMD)
2746 return retval;
2747 }
2748 ld = tty_ldisc_ref_wait(tty);
2749 if (!ld)
2750 return hung_up_tty_ioctl(file, cmd, arg);
2751 retval = -EINVAL;
2752 if (ld->ops->ioctl) {
2753 retval = ld->ops->ioctl(tty, file, cmd, arg);
2754 if (retval == -ENOIOCTLCMD)
2755 retval = -ENOTTY;
2756 }
2757 tty_ldisc_deref(ld);
2758 return retval;
2759}
2760
2761#ifdef CONFIG_COMPAT
2762
2763struct serial_struct32 {
2764 compat_int_t type;
2765 compat_int_t line;
2766 compat_uint_t port;
2767 compat_int_t irq;
2768 compat_int_t flags;
2769 compat_int_t xmit_fifo_size;
2770 compat_int_t custom_divisor;
2771 compat_int_t baud_base;
2772 unsigned short close_delay;
2773 char io_type;
2774 char reserved_char;
2775 compat_int_t hub6;
2776 unsigned short closing_wait; /* time to wait before closing */
2777 unsigned short closing_wait2; /* no longer used... */
2778 compat_uint_t iomem_base;
2779 unsigned short iomem_reg_shift;
2780 unsigned int port_high;
2781 /* compat_ulong_t iomap_base FIXME */
2782 compat_int_t reserved;
2783};
2784
2785static int compat_tty_tiocsserial(struct tty_struct *tty,
2786 struct serial_struct32 __user *ss)
2787{
2788 static DEFINE_RATELIMIT_STATE(depr_flags,
2789 DEFAULT_RATELIMIT_INTERVAL,
2790 DEFAULT_RATELIMIT_BURST);
2791 char comm[TASK_COMM_LEN];
2792 struct serial_struct32 v32;
2793 struct serial_struct v;
2794 int flags;
2795
2796 if (copy_from_user(&v32, ss, sizeof(*ss)))
2797 return -EFAULT;
2798
2799 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2800 v.iomem_base = compat_ptr(v32.iomem_base);
2801 v.iomem_reg_shift = v32.iomem_reg_shift;
2802 v.port_high = v32.port_high;
2803 v.iomap_base = 0;
2804
2805 flags = v.flags & ASYNC_DEPRECATED;
2806
2807 if (flags && __ratelimit(&depr_flags))
2808 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2809 __func__, get_task_comm(comm, current), flags);
2810 if (!tty->ops->set_serial)
2811 return -ENOTTY;
2812 return tty->ops->set_serial(tty, &v);
2813}
2814
2815static int compat_tty_tiocgserial(struct tty_struct *tty,
2816 struct serial_struct32 __user *ss)
2817{
2818 struct serial_struct32 v32;
2819 struct serial_struct v;
2820 int err;
2821
2822 memset(&v, 0, sizeof(v));
2823 memset(&v32, 0, sizeof(v32));
2824
2825 if (!tty->ops->get_serial)
2826 return -ENOTTY;
2827 err = tty->ops->get_serial(tty, &v);
2828 if (!err) {
2829 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2830 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2831 0xfffffff : ptr_to_compat(v.iomem_base);
2832 v32.iomem_reg_shift = v.iomem_reg_shift;
2833 v32.port_high = v.port_high;
2834 if (copy_to_user(ss, &v32, sizeof(v32)))
2835 err = -EFAULT;
2836 }
2837 return err;
2838}
2839static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2840 unsigned long arg)
2841{
2842 struct tty_struct *tty = file_tty(file);
2843 struct tty_ldisc *ld;
2844 int retval = -ENOIOCTLCMD;
2845
2846 switch (cmd) {
2847 case TIOCOUTQ:
2848 case TIOCSTI:
2849 case TIOCGWINSZ:
2850 case TIOCSWINSZ:
2851 case TIOCGEXCL:
2852 case TIOCGETD:
2853 case TIOCSETD:
2854 case TIOCGDEV:
2855 case TIOCMGET:
2856 case TIOCMSET:
2857 case TIOCMBIC:
2858 case TIOCMBIS:
2859 case TIOCGICOUNT:
2860 case TIOCGPGRP:
2861 case TIOCSPGRP:
2862 case TIOCGSID:
2863 case TIOCSERGETLSR:
2864 case TIOCGRS485:
2865 case TIOCSRS485:
2866#ifdef TIOCGETP
2867 case TIOCGETP:
2868 case TIOCSETP:
2869 case TIOCSETN:
2870#endif
2871#ifdef TIOCGETC
2872 case TIOCGETC:
2873 case TIOCSETC:
2874#endif
2875#ifdef TIOCGLTC
2876 case TIOCGLTC:
2877 case TIOCSLTC:
2878#endif
2879 case TCSETSF:
2880 case TCSETSW:
2881 case TCSETS:
2882 case TCGETS:
2883#ifdef TCGETS2
2884 case TCGETS2:
2885 case TCSETSF2:
2886 case TCSETSW2:
2887 case TCSETS2:
2888#endif
2889 case TCGETA:
2890 case TCSETAF:
2891 case TCSETAW:
2892 case TCSETA:
2893 case TIOCGLCKTRMIOS:
2894 case TIOCSLCKTRMIOS:
2895#ifdef TCGETX
2896 case TCGETX:
2897 case TCSETX:
2898 case TCSETXW:
2899 case TCSETXF:
2900#endif
2901 case TIOCGSOFTCAR:
2902 case TIOCSSOFTCAR:
2903
2904 case PPPIOCGCHAN:
2905 case PPPIOCGUNIT:
2906 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2907 case TIOCCONS:
2908 case TIOCEXCL:
2909 case TIOCNXCL:
2910 case TIOCVHANGUP:
2911 case TIOCSBRK:
2912 case TIOCCBRK:
2913 case TCSBRK:
2914 case TCSBRKP:
2915 case TCFLSH:
2916 case TIOCGPTPEER:
2917 case TIOCNOTTY:
2918 case TIOCSCTTY:
2919 case TCXONC:
2920 case TIOCMIWAIT:
2921 case TIOCSERCONFIG:
2922 return tty_ioctl(file, cmd, arg);
2923 }
2924
2925 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2926 return -EINVAL;
2927
2928 switch (cmd) {
2929 case TIOCSSERIAL:
2930 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2931 case TIOCGSERIAL:
2932 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2933 }
2934 if (tty->ops->compat_ioctl) {
2935 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2936 if (retval != -ENOIOCTLCMD)
2937 return retval;
2938 }
2939
2940 ld = tty_ldisc_ref_wait(tty);
2941 if (!ld)
2942 return hung_up_tty_compat_ioctl(file, cmd, arg);
2943 if (ld->ops->compat_ioctl)
2944 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2945 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2946 retval = ld->ops->ioctl(tty, file,
2947 (unsigned long)compat_ptr(cmd), arg);
2948 tty_ldisc_deref(ld);
2949
2950 return retval;
2951}
2952#endif
2953
2954static int this_tty(const void *t, struct file *file, unsigned fd)
2955{
2956 if (likely(file->f_op->read_iter != tty_read))
2957 return 0;
2958 return file_tty(file) != t ? 0 : fd + 1;
2959}
2960
2961/*
2962 * This implements the "Secure Attention Key" --- the idea is to
2963 * prevent trojan horses by killing all processes associated with this
2964 * tty when the user hits the "Secure Attention Key". Required for
2965 * super-paranoid applications --- see the Orange Book for more details.
2966 *
2967 * This code could be nicer; ideally it should send a HUP, wait a few
2968 * seconds, then send a INT, and then a KILL signal. But you then
2969 * have to coordinate with the init process, since all processes associated
2970 * with the current tty must be dead before the new getty is allowed
2971 * to spawn.
2972 *
2973 * Now, if it would be correct ;-/ The current code has a nasty hole -
2974 * it doesn't catch files in flight. We may send the descriptor to ourselves
2975 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2976 *
2977 * Nasty bug: do_SAK is being called in interrupt context. This can
2978 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2979 */
2980void __do_SAK(struct tty_struct *tty)
2981{
2982#ifdef TTY_SOFT_SAK
2983 tty_hangup(tty);
2984#else
2985 struct task_struct *g, *p;
2986 struct pid *session;
2987 int i;
2988 unsigned long flags;
2989
2990 if (!tty)
2991 return;
2992
2993 spin_lock_irqsave(&tty->ctrl_lock, flags);
2994 session = get_pid(tty->session);
2995 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2996
2997 tty_ldisc_flush(tty);
2998
2999 tty_driver_flush_buffer(tty);
3000
3001 read_lock(&tasklist_lock);
3002 /* Kill the entire session */
3003 do_each_pid_task(session, PIDTYPE_SID, p) {
3004 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3005 task_pid_nr(p), p->comm);
3006 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3007 } while_each_pid_task(session, PIDTYPE_SID, p);
3008
3009 /* Now kill any processes that happen to have the tty open */
3010 do_each_thread(g, p) {
3011 if (p->signal->tty == tty) {
3012 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3013 task_pid_nr(p), p->comm);
3014 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3015 continue;
3016 }
3017 task_lock(p);
3018 i = iterate_fd(p->files, 0, this_tty, tty);
3019 if (i != 0) {
3020 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3021 task_pid_nr(p), p->comm, i - 1);
3022 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3023 }
3024 task_unlock(p);
3025 } while_each_thread(g, p);
3026 read_unlock(&tasklist_lock);
3027 put_pid(session);
3028#endif
3029}
3030
3031static void do_SAK_work(struct work_struct *work)
3032{
3033 struct tty_struct *tty =
3034 container_of(work, struct tty_struct, SAK_work);
3035 __do_SAK(tty);
3036}
3037
3038/*
3039 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3040 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3041 * the values which we write to it will be identical to the values which it
3042 * already has. --akpm
3043 */
3044void do_SAK(struct tty_struct *tty)
3045{
3046 if (!tty)
3047 return;
3048 schedule_work(&tty->SAK_work);
3049}
3050
3051EXPORT_SYMBOL(do_SAK);
3052
3053/* Must put_device() after it's unused! */
3054static struct device *tty_get_device(struct tty_struct *tty)
3055{
3056 dev_t devt = tty_devnum(tty);
3057 return class_find_device_by_devt(tty_class, devt);
3058}
3059
3060
3061/*
3062 * alloc_tty_struct
3063 *
3064 * This subroutine allocates and initializes a tty structure.
3065 *
3066 * Locking: none - tty in question is not exposed at this point
3067 */
3068
3069struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3070{
3071 struct tty_struct *tty;
3072
3073 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3074 if (!tty)
3075 return NULL;
3076
3077 kref_init(&tty->kref);
3078 tty->magic = TTY_MAGIC;
3079 if (tty_ldisc_init(tty)) {
3080 kfree(tty);
3081 return NULL;
3082 }
3083 tty->session = NULL;
3084 tty->pgrp = NULL;
3085 mutex_init(&tty->legacy_mutex);
3086 mutex_init(&tty->throttle_mutex);
3087 init_rwsem(&tty->termios_rwsem);
3088 mutex_init(&tty->winsize_mutex);
3089 init_ldsem(&tty->ldisc_sem);
3090 init_waitqueue_head(&tty->write_wait);
3091 init_waitqueue_head(&tty->read_wait);
3092 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3093 mutex_init(&tty->atomic_write_lock);
3094 spin_lock_init(&tty->ctrl_lock);
3095 spin_lock_init(&tty->flow_lock);
3096 spin_lock_init(&tty->files_lock);
3097 INIT_LIST_HEAD(&tty->tty_files);
3098 INIT_WORK(&tty->SAK_work, do_SAK_work);
3099
3100 tty->driver = driver;
3101 tty->ops = driver->ops;
3102 tty->index = idx;
3103 tty_line_name(driver, idx, tty->name);
3104 tty->dev = tty_get_device(tty);
3105
3106 return tty;
3107}
3108
3109/**
3110 * tty_put_char - write one character to a tty
3111 * @tty: tty
3112 * @ch: character
3113 *
3114 * Write one byte to the tty using the provided put_char method
3115 * if present. Returns the number of characters successfully output.
3116 *
3117 * Note: the specific put_char operation in the driver layer may go
3118 * away soon. Don't call it directly, use this method
3119 */
3120
3121int tty_put_char(struct tty_struct *tty, unsigned char ch)
3122{
3123 if (tty->ops->put_char)
3124 return tty->ops->put_char(tty, ch);
3125 return tty->ops->write(tty, &ch, 1);
3126}
3127EXPORT_SYMBOL_GPL(tty_put_char);
3128
3129struct class *tty_class;
3130
3131static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3132 unsigned int index, unsigned int count)
3133{
3134 int err;
3135
3136 /* init here, since reused cdevs cause crashes */
3137 driver->cdevs[index] = cdev_alloc();
3138 if (!driver->cdevs[index])
3139 return -ENOMEM;
3140 driver->cdevs[index]->ops = &tty_fops;
3141 driver->cdevs[index]->owner = driver->owner;
3142 err = cdev_add(driver->cdevs[index], dev, count);
3143 if (err)
3144 kobject_put(&driver->cdevs[index]->kobj);
3145 return err;
3146}
3147
3148/**
3149 * tty_register_device - register a tty device
3150 * @driver: the tty driver that describes the tty device
3151 * @index: the index in the tty driver for this tty device
3152 * @device: a struct device that is associated with this tty device.
3153 * This field is optional, if there is no known struct device
3154 * for this tty device it can be set to NULL safely.
3155 *
3156 * Returns a pointer to the struct device for this tty device
3157 * (or ERR_PTR(-EFOO) on error).
3158 *
3159 * This call is required to be made to register an individual tty device
3160 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3161 * that bit is not set, this function should not be called by a tty
3162 * driver.
3163 *
3164 * Locking: ??
3165 */
3166
3167struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3168 struct device *device)
3169{
3170 return tty_register_device_attr(driver, index, device, NULL, NULL);
3171}
3172EXPORT_SYMBOL(tty_register_device);
3173
3174static void tty_device_create_release(struct device *dev)
3175{
3176 dev_dbg(dev, "releasing...\n");
3177 kfree(dev);
3178}
3179
3180/**
3181 * tty_register_device_attr - register a tty device
3182 * @driver: the tty driver that describes the tty device
3183 * @index: the index in the tty driver for this tty device
3184 * @device: a struct device that is associated with this tty device.
3185 * This field is optional, if there is no known struct device
3186 * for this tty device it can be set to NULL safely.
3187 * @drvdata: Driver data to be set to device.
3188 * @attr_grp: Attribute group to be set on device.
3189 *
3190 * Returns a pointer to the struct device for this tty device
3191 * (or ERR_PTR(-EFOO) on error).
3192 *
3193 * This call is required to be made to register an individual tty device
3194 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3195 * that bit is not set, this function should not be called by a tty
3196 * driver.
3197 *
3198 * Locking: ??
3199 */
3200struct device *tty_register_device_attr(struct tty_driver *driver,
3201 unsigned index, struct device *device,
3202 void *drvdata,
3203 const struct attribute_group **attr_grp)
3204{
3205 char name[64];
3206 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3207 struct ktermios *tp;
3208 struct device *dev;
3209 int retval;
3210
3211 if (index >= driver->num) {
3212 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3213 driver->name, index);
3214 return ERR_PTR(-EINVAL);
3215 }
3216
3217 if (driver->type == TTY_DRIVER_TYPE_PTY)
3218 pty_line_name(driver, index, name);
3219 else
3220 tty_line_name(driver, index, name);
3221
3222 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3223 if (!dev)
3224 return ERR_PTR(-ENOMEM);
3225
3226 dev->devt = devt;
3227 dev->class = tty_class;
3228 dev->parent = device;
3229 dev->release = tty_device_create_release;
3230 dev_set_name(dev, "%s", name);
3231 dev->groups = attr_grp;
3232 dev_set_drvdata(dev, drvdata);
3233
3234 dev_set_uevent_suppress(dev, 1);
3235
3236 retval = device_register(dev);
3237 if (retval)
3238 goto err_put;
3239
3240 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3241 /*
3242 * Free any saved termios data so that the termios state is
3243 * reset when reusing a minor number.
3244 */
3245 tp = driver->termios[index];
3246 if (tp) {
3247 driver->termios[index] = NULL;
3248 kfree(tp);
3249 }
3250
3251 retval = tty_cdev_add(driver, devt, index, 1);
3252 if (retval)
3253 goto err_del;
3254 }
3255
3256 dev_set_uevent_suppress(dev, 0);
3257 kobject_uevent(&dev->kobj, KOBJ_ADD);
3258
3259 return dev;
3260
3261err_del:
3262 device_del(dev);
3263err_put:
3264 put_device(dev);
3265
3266 return ERR_PTR(retval);
3267}
3268EXPORT_SYMBOL_GPL(tty_register_device_attr);
3269
3270/**
3271 * tty_unregister_device - unregister a tty device
3272 * @driver: the tty driver that describes the tty device
3273 * @index: the index in the tty driver for this tty device
3274 *
3275 * If a tty device is registered with a call to tty_register_device() then
3276 * this function must be called when the tty device is gone.
3277 *
3278 * Locking: ??
3279 */
3280
3281void tty_unregister_device(struct tty_driver *driver, unsigned index)
3282{
3283 device_destroy(tty_class,
3284 MKDEV(driver->major, driver->minor_start) + index);
3285 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3286 cdev_del(driver->cdevs[index]);
3287 driver->cdevs[index] = NULL;
3288 }
3289}
3290EXPORT_SYMBOL(tty_unregister_device);
3291
3292/**
3293 * __tty_alloc_driver -- allocate tty driver
3294 * @lines: count of lines this driver can handle at most
3295 * @owner: module which is responsible for this driver
3296 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3297 *
3298 * This should not be called directly, some of the provided macros should be
3299 * used instead. Use IS_ERR and friends on @retval.
3300 */
3301struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3302 unsigned long flags)
3303{
3304 struct tty_driver *driver;
3305 unsigned int cdevs = 1;
3306 int err;
3307
3308 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3309 return ERR_PTR(-EINVAL);
3310
3311 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3312 if (!driver)
3313 return ERR_PTR(-ENOMEM);
3314
3315 kref_init(&driver->kref);
3316 driver->magic = TTY_DRIVER_MAGIC;
3317 driver->num = lines;
3318 driver->owner = owner;
3319 driver->flags = flags;
3320
3321 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3322 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3323 GFP_KERNEL);
3324 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3325 GFP_KERNEL);
3326 if (!driver->ttys || !driver->termios) {
3327 err = -ENOMEM;
3328 goto err_free_all;
3329 }
3330 }
3331
3332 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3333 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3334 GFP_KERNEL);
3335 if (!driver->ports) {
3336 err = -ENOMEM;
3337 goto err_free_all;
3338 }
3339 cdevs = lines;
3340 }
3341
3342 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3343 if (!driver->cdevs) {
3344 err = -ENOMEM;
3345 goto err_free_all;
3346 }
3347
3348 return driver;
3349err_free_all:
3350 kfree(driver->ports);
3351 kfree(driver->ttys);
3352 kfree(driver->termios);
3353 kfree(driver->cdevs);
3354 kfree(driver);
3355 return ERR_PTR(err);
3356}
3357EXPORT_SYMBOL(__tty_alloc_driver);
3358
3359static void destruct_tty_driver(struct kref *kref)
3360{
3361 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3362 int i;
3363 struct ktermios *tp;
3364
3365 if (driver->flags & TTY_DRIVER_INSTALLED) {
3366 for (i = 0; i < driver->num; i++) {
3367 tp = driver->termios[i];
3368 if (tp) {
3369 driver->termios[i] = NULL;
3370 kfree(tp);
3371 }
3372 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3373 tty_unregister_device(driver, i);
3374 }
3375 proc_tty_unregister_driver(driver);
3376 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3377 cdev_del(driver->cdevs[0]);
3378 }
3379 kfree(driver->cdevs);
3380 kfree(driver->ports);
3381 kfree(driver->termios);
3382 kfree(driver->ttys);
3383 kfree(driver);
3384}
3385
3386void tty_driver_kref_put(struct tty_driver *driver)
3387{
3388 kref_put(&driver->kref, destruct_tty_driver);
3389}
3390EXPORT_SYMBOL(tty_driver_kref_put);
3391
3392void tty_set_operations(struct tty_driver *driver,
3393 const struct tty_operations *op)
3394{
3395 driver->ops = op;
3396};
3397EXPORT_SYMBOL(tty_set_operations);
3398
3399void put_tty_driver(struct tty_driver *d)
3400{
3401 tty_driver_kref_put(d);
3402}
3403EXPORT_SYMBOL(put_tty_driver);
3404
3405/*
3406 * Called by a tty driver to register itself.
3407 */
3408int tty_register_driver(struct tty_driver *driver)
3409{
3410 int error;
3411 int i;
3412 dev_t dev;
3413 struct device *d;
3414
3415 if (!driver->major) {
3416 error = alloc_chrdev_region(&dev, driver->minor_start,
3417 driver->num, driver->name);
3418 if (!error) {
3419 driver->major = MAJOR(dev);
3420 driver->minor_start = MINOR(dev);
3421 }
3422 } else {
3423 dev = MKDEV(driver->major, driver->minor_start);
3424 error = register_chrdev_region(dev, driver->num, driver->name);
3425 }
3426 if (error < 0)
3427 goto err;
3428
3429 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3430 error = tty_cdev_add(driver, dev, 0, driver->num);
3431 if (error)
3432 goto err_unreg_char;
3433 }
3434
3435 mutex_lock(&tty_mutex);
3436 list_add(&driver->tty_drivers, &tty_drivers);
3437 mutex_unlock(&tty_mutex);
3438
3439 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3440 for (i = 0; i < driver->num; i++) {
3441 d = tty_register_device(driver, i, NULL);
3442 if (IS_ERR(d)) {
3443 error = PTR_ERR(d);
3444 goto err_unreg_devs;
3445 }
3446 }
3447 }
3448 proc_tty_register_driver(driver);
3449 driver->flags |= TTY_DRIVER_INSTALLED;
3450 return 0;
3451
3452err_unreg_devs:
3453 for (i--; i >= 0; i--)
3454 tty_unregister_device(driver, i);
3455
3456 mutex_lock(&tty_mutex);
3457 list_del(&driver->tty_drivers);
3458 mutex_unlock(&tty_mutex);
3459
3460err_unreg_char:
3461 unregister_chrdev_region(dev, driver->num);
3462err:
3463 return error;
3464}
3465EXPORT_SYMBOL(tty_register_driver);
3466
3467/*
3468 * Called by a tty driver to unregister itself.
3469 */
3470int tty_unregister_driver(struct tty_driver *driver)
3471{
3472#if 0
3473 /* FIXME */
3474 if (driver->refcount)
3475 return -EBUSY;
3476#endif
3477 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3478 driver->num);
3479 mutex_lock(&tty_mutex);
3480 list_del(&driver->tty_drivers);
3481 mutex_unlock(&tty_mutex);
3482 return 0;
3483}
3484
3485EXPORT_SYMBOL(tty_unregister_driver);
3486
3487dev_t tty_devnum(struct tty_struct *tty)
3488{
3489 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3490}
3491EXPORT_SYMBOL(tty_devnum);
3492
3493void tty_default_fops(struct file_operations *fops)
3494{
3495 *fops = tty_fops;
3496}
3497
3498static char *tty_devnode(struct device *dev, umode_t *mode)
3499{
3500 if (!mode)
3501 return NULL;
3502 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3503 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3504 *mode = 0666;
3505 return NULL;
3506}
3507
3508static int __init tty_class_init(void)
3509{
3510 tty_class = class_create(THIS_MODULE, "tty");
3511 if (IS_ERR(tty_class))
3512 return PTR_ERR(tty_class);
3513 tty_class->devnode = tty_devnode;
3514 return 0;
3515}
3516
3517postcore_initcall(tty_class_init);
3518
3519/* 3/2004 jmc: why do these devices exist? */
3520static struct cdev tty_cdev, console_cdev;
3521
3522static ssize_t show_cons_active(struct device *dev,
3523 struct device_attribute *attr, char *buf)
3524{
3525 struct console *cs[16];
3526 int i = 0;
3527 struct console *c;
3528 ssize_t count = 0;
3529
3530 console_lock();
3531 for_each_console(c) {
3532 if (!c->device)
3533 continue;
3534 if (!c->write)
3535 continue;
3536 if ((c->flags & CON_ENABLED) == 0)
3537 continue;
3538 cs[i++] = c;
3539 if (i >= ARRAY_SIZE(cs))
3540 break;
3541 }
3542 while (i--) {
3543 int index = cs[i]->index;
3544 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3545
3546 /* don't resolve tty0 as some programs depend on it */
3547 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3548 count += tty_line_name(drv, index, buf + count);
3549 else
3550 count += sprintf(buf + count, "%s%d",
3551 cs[i]->name, cs[i]->index);
3552
3553 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3554 }
3555 console_unlock();
3556
3557 return count;
3558}
3559static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3560
3561static struct attribute *cons_dev_attrs[] = {
3562 &dev_attr_active.attr,
3563 NULL
3564};
3565
3566ATTRIBUTE_GROUPS(cons_dev);
3567
3568static struct device *consdev;
3569
3570void console_sysfs_notify(void)
3571{
3572 if (consdev)
3573 sysfs_notify(&consdev->kobj, NULL, "active");
3574}
3575
3576/*
3577 * Ok, now we can initialize the rest of the tty devices and can count
3578 * on memory allocations, interrupts etc..
3579 */
3580int __init tty_init(void)
3581{
3582 tty_sysctl_init();
3583 cdev_init(&tty_cdev, &tty_fops);
3584 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3585 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3586 panic("Couldn't register /dev/tty driver\n");
3587 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3588
3589 cdev_init(&console_cdev, &console_fops);
3590 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3591 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3592 panic("Couldn't register /dev/console driver\n");
3593 consdev = device_create_with_groups(tty_class, NULL,
3594 MKDEV(TTYAUX_MAJOR, 1), NULL,
3595 cons_dev_groups, "console");
3596 if (IS_ERR(consdev))
3597 consdev = NULL;
3598
3599#ifdef CONFIG_VT
3600 vty_init(&console_fops);
3601#endif
3602 return 0;
3603}
3604
Ubuntu Hirsute Linux kernel mirror