]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/blob - drivers/tty/tty_io.c
projects / mirror_ubuntu-eoan-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tty: Simplify tty_ldisc_release() interface
[mirror_ubuntu-eoan-kernel.git] / drivers / tty / tty_io.c
1 /*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5 /*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67 #include <linux/types.h>
68 #include <linux/major.h>
69 #include <linux/errno.h>
70 #include <linux/signal.h>
71 #include <linux/fcntl.h>
72 #include <linux/sched.h>
73 #include <linux/interrupt.h>
74 #include <linux/tty.h>
75 #include <linux/tty_driver.h>
76 #include <linux/tty_flip.h>
77 #include <linux/devpts_fs.h>
78 #include <linux/file.h>
79 #include <linux/fdtable.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/device.h>
92 #include <linux/wait.h>
93 #include <linux/bitops.h>
94 #include <linux/delay.h>
95 #include <linux/seq_file.h>
96 #include <linux/serial.h>
97 #include <linux/ratelimit.h>
98
99 #include <linux/uaccess.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106 #include <linux/nsproxy.h>
107
108 #undef TTY_DEBUG_HANGUP
109
110 #define TTY_PARANOIA_CHECK 1
111 #define CHECK_TTY_COUNT 1
112
113 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
122 };
123
124 EXPORT_SYMBOL(tty_std_termios);
125
126 /* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
129
130 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132 /* Mutex to protect creating and releasing a tty. This is shared with
133 vt.c for deeply disgusting hack reasons */
134 DEFINE_MUTEX(tty_mutex);
135 EXPORT_SYMBOL(tty_mutex);
136
137 /* Spinlock to protect the tty->tty_files list */
138 DEFINE_SPINLOCK(tty_files_lock);
139
140 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142 ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
144 static unsigned int tty_poll(struct file *, poll_table *);
145 static int tty_open(struct inode *, struct file *);
146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147 #ifdef CONFIG_COMPAT
148 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 unsigned long arg);
150 #else
151 #define tty_compat_ioctl NULL
152 #endif
153 static int __tty_fasync(int fd, struct file *filp, int on);
154 static int tty_fasync(int fd, struct file *filp, int on);
155 static void release_tty(struct tty_struct *tty, int idx);
156
157 /**
158 * free_tty_struct - free a disused tty
159 * @tty: tty struct to free
160 *
161 * Free the write buffers, tty queue and tty memory itself.
162 *
163 * Locking: none. Must be called after tty is definitely unused
164 */
165
166 void free_tty_struct(struct tty_struct *tty)
167 {
168 if (!tty)
169 return;
170 if (tty->dev)
171 put_device(tty->dev);
172 kfree(tty->write_buf);
173 tty->magic = 0xDEADDEAD;
174 kfree(tty);
175 }
176
177 static inline struct tty_struct *file_tty(struct file *file)
178 {
179 return ((struct tty_file_private *)file->private_data)->tty;
180 }
181
182 int tty_alloc_file(struct file *file)
183 {
184 struct tty_file_private *priv;
185
186 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 if (!priv)
188 return -ENOMEM;
189
190 file->private_data = priv;
191
192 return 0;
193 }
194
195 /* Associate a new file with the tty structure */
196 void tty_add_file(struct tty_struct *tty, struct file *file)
197 {
198 struct tty_file_private *priv = file->private_data;
199
200 priv->tty = tty;
201 priv->file = file;
202
203 spin_lock(&tty_files_lock);
204 list_add(&priv->list, &tty->tty_files);
205 spin_unlock(&tty_files_lock);
206 }
207
208 /**
209 * tty_free_file - free file->private_data
210 *
211 * This shall be used only for fail path handling when tty_add_file was not
212 * called yet.
213 */
214 void tty_free_file(struct file *file)
215 {
216 struct tty_file_private *priv = file->private_data;
217
218 file->private_data = NULL;
219 kfree(priv);
220 }
221
222 /* Delete file from its tty */
223 static void tty_del_file(struct file *file)
224 {
225 struct tty_file_private *priv = file->private_data;
226
227 spin_lock(&tty_files_lock);
228 list_del(&priv->list);
229 spin_unlock(&tty_files_lock);
230 tty_free_file(file);
231 }
232
233
234 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
235
236 /**
237 * tty_name - return tty naming
238 * @tty: tty structure
239 * @buf: buffer for output
240 *
241 * Convert a tty structure into a name. The name reflects the kernel
242 * naming policy and if udev is in use may not reflect user space
243 *
244 * Locking: none
245 */
246
247 char *tty_name(struct tty_struct *tty, char *buf)
248 {
249 if (!tty) /* Hmm. NULL pointer. That's fun. */
250 strcpy(buf, "NULL tty");
251 else
252 strcpy(buf, tty->name);
253 return buf;
254 }
255
256 EXPORT_SYMBOL(tty_name);
257
258 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
259 const char *routine)
260 {
261 #ifdef TTY_PARANOIA_CHECK
262 if (!tty) {
263 printk(KERN_WARNING
264 "null TTY for (%d:%d) in %s\n",
265 imajor(inode), iminor(inode), routine);
266 return 1;
267 }
268 if (tty->magic != TTY_MAGIC) {
269 printk(KERN_WARNING
270 "bad magic number for tty struct (%d:%d) in %s\n",
271 imajor(inode), iminor(inode), routine);
272 return 1;
273 }
274 #endif
275 return 0;
276 }
277
278 /* Caller must hold tty_lock */
279 static int check_tty_count(struct tty_struct *tty, const char *routine)
280 {
281 #ifdef CHECK_TTY_COUNT
282 struct list_head *p;
283 int count = 0;
284
285 spin_lock(&tty_files_lock);
286 list_for_each(p, &tty->tty_files) {
287 count++;
288 }
289 spin_unlock(&tty_files_lock);
290 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
291 tty->driver->subtype == PTY_TYPE_SLAVE &&
292 tty->link && tty->link->count)
293 count++;
294 if (tty->count != count) {
295 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
296 "!= #fd's(%d) in %s\n",
297 tty->name, tty->count, count, routine);
298 return count;
299 }
300 #endif
301 return 0;
302 }
303
304 /**
305 * get_tty_driver - find device of a tty
306 * @dev_t: device identifier
307 * @index: returns the index of the tty
308 *
309 * This routine returns a tty driver structure, given a device number
310 * and also passes back the index number.
311 *
312 * Locking: caller must hold tty_mutex
313 */
314
315 static struct tty_driver *get_tty_driver(dev_t device, int *index)
316 {
317 struct tty_driver *p;
318
319 list_for_each_entry(p, &tty_drivers, tty_drivers) {
320 dev_t base = MKDEV(p->major, p->minor_start);
321 if (device < base || device >= base + p->num)
322 continue;
323 *index = device - base;
324 return tty_driver_kref_get(p);
325 }
326 return NULL;
327 }
328
329 #ifdef CONFIG_CONSOLE_POLL
330
331 /**
332 * tty_find_polling_driver - find device of a polled tty
333 * @name: name string to match
334 * @line: pointer to resulting tty line nr
335 *
336 * This routine returns a tty driver structure, given a name
337 * and the condition that the tty driver is capable of polled
338 * operation.
339 */
340 struct tty_driver *tty_find_polling_driver(char *name, int *line)
341 {
342 struct tty_driver *p, *res = NULL;
343 int tty_line = 0;
344 int len;
345 char *str, *stp;
346
347 for (str = name; *str; str++)
348 if ((*str >= '0' && *str <= '9') || *str == ',')
349 break;
350 if (!*str)
351 return NULL;
352
353 len = str - name;
354 tty_line = simple_strtoul(str, &str, 10);
355
356 mutex_lock(&tty_mutex);
357 /* Search through the tty devices to look for a match */
358 list_for_each_entry(p, &tty_drivers, tty_drivers) {
359 if (strncmp(name, p->name, len) != 0)
360 continue;
361 stp = str;
362 if (*stp == ',')
363 stp++;
364 if (*stp == '\0')
365 stp = NULL;
366
367 if (tty_line >= 0 && tty_line < p->num && p->ops &&
368 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
369 res = tty_driver_kref_get(p);
370 *line = tty_line;
371 break;
372 }
373 }
374 mutex_unlock(&tty_mutex);
375
376 return res;
377 }
378 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
379 #endif
380
381 /**
382 * tty_check_change - check for POSIX terminal changes
383 * @tty: tty to check
384 *
385 * If we try to write to, or set the state of, a terminal and we're
386 * not in the foreground, send a SIGTTOU. If the signal is blocked or
387 * ignored, go ahead and perform the operation. (POSIX 7.2)
388 *
389 * Locking: ctrl_lock
390 */
391
392 int tty_check_change(struct tty_struct *tty)
393 {
394 unsigned long flags;
395 int ret = 0;
396
397 if (current->signal->tty != tty)
398 return 0;
399
400 spin_lock_irqsave(&tty->ctrl_lock, flags);
401
402 if (!tty->pgrp) {
403 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
404 goto out_unlock;
405 }
406 if (task_pgrp(current) == tty->pgrp)
407 goto out_unlock;
408 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
409 if (is_ignored(SIGTTOU))
410 goto out;
411 if (is_current_pgrp_orphaned()) {
412 ret = -EIO;
413 goto out;
414 }
415 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
416 set_thread_flag(TIF_SIGPENDING);
417 ret = -ERESTARTSYS;
418 out:
419 return ret;
420 out_unlock:
421 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
422 return ret;
423 }
424
425 EXPORT_SYMBOL(tty_check_change);
426
427 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
428 size_t count, loff_t *ppos)
429 {
430 return 0;
431 }
432
433 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
434 size_t count, loff_t *ppos)
435 {
436 return -EIO;
437 }
438
439 /* No kernel lock held - none needed ;) */
440 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
441 {
442 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
443 }
444
445 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
446 unsigned long arg)
447 {
448 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
449 }
450
451 static long hung_up_tty_compat_ioctl(struct file *file,
452 unsigned int cmd, unsigned long arg)
453 {
454 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
455 }
456
457 static const struct file_operations tty_fops = {
458 .llseek = no_llseek,
459 .read = tty_read,
460 .write = tty_write,
461 .poll = tty_poll,
462 .unlocked_ioctl = tty_ioctl,
463 .compat_ioctl = tty_compat_ioctl,
464 .open = tty_open,
465 .release = tty_release,
466 .fasync = tty_fasync,
467 };
468
469 static const struct file_operations console_fops = {
470 .llseek = no_llseek,
471 .read = tty_read,
472 .write = redirected_tty_write,
473 .poll = tty_poll,
474 .unlocked_ioctl = tty_ioctl,
475 .compat_ioctl = tty_compat_ioctl,
476 .open = tty_open,
477 .release = tty_release,
478 .fasync = tty_fasync,
479 };
480
481 static const struct file_operations hung_up_tty_fops = {
482 .llseek = no_llseek,
483 .read = hung_up_tty_read,
484 .write = hung_up_tty_write,
485 .poll = hung_up_tty_poll,
486 .unlocked_ioctl = hung_up_tty_ioctl,
487 .compat_ioctl = hung_up_tty_compat_ioctl,
488 .release = tty_release,
489 };
490
491 static DEFINE_SPINLOCK(redirect_lock);
492 static struct file *redirect;
493
494
495 void proc_clear_tty(struct task_struct *p)
496 {
497 unsigned long flags;
498 struct tty_struct *tty;
499 spin_lock_irqsave(&p->sighand->siglock, flags);
500 tty = p->signal->tty;
501 p->signal->tty = NULL;
502 spin_unlock_irqrestore(&p->sighand->siglock, flags);
503 tty_kref_put(tty);
504 }
505
506 /**
507 * proc_set_tty - set the controlling terminal
508 *
509 * Only callable by the session leader and only if it does not already have
510 * a controlling terminal.
511 *
512 * Caller must hold: tty_lock()
513 * a readlock on tasklist_lock
514 * sighand lock
515 */
516 static void __proc_set_tty(struct tty_struct *tty)
517 {
518 unsigned long flags;
519
520 spin_lock_irqsave(&tty->ctrl_lock, flags);
521 /*
522 * The session and fg pgrp references will be non-NULL if
523 * tiocsctty() is stealing the controlling tty
524 */
525 put_pid(tty->session);
526 put_pid(tty->pgrp);
527 tty->pgrp = get_pid(task_pgrp(current));
528 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
529 tty->session = get_pid(task_session(current));
530 if (current->signal->tty) {
531 printk(KERN_DEBUG "tty not NULL!!\n");
532 tty_kref_put(current->signal->tty);
533 }
534 put_pid(current->signal->tty_old_pgrp);
535 current->signal->tty = tty_kref_get(tty);
536 current->signal->tty_old_pgrp = NULL;
537 }
538
539 static void proc_set_tty(struct tty_struct *tty)
540 {
541 spin_lock_irq(&current->sighand->siglock);
542 __proc_set_tty(tty);
543 spin_unlock_irq(&current->sighand->siglock);
544 }
545
546 struct tty_struct *get_current_tty(void)
547 {
548 struct tty_struct *tty;
549 unsigned long flags;
550
551 spin_lock_irqsave(&current->sighand->siglock, flags);
552 tty = tty_kref_get(current->signal->tty);
553 spin_unlock_irqrestore(&current->sighand->siglock, flags);
554 return tty;
555 }
556 EXPORT_SYMBOL_GPL(get_current_tty);
557
558 static void session_clear_tty(struct pid *session)
559 {
560 struct task_struct *p;
561 do_each_pid_task(session, PIDTYPE_SID, p) {
562 proc_clear_tty(p);
563 } while_each_pid_task(session, PIDTYPE_SID, p);
564 }
565
566 /**
567 * tty_wakeup - request more data
568 * @tty: terminal
569 *
570 * Internal and external helper for wakeups of tty. This function
571 * informs the line discipline if present that the driver is ready
572 * to receive more output data.
573 */
574
575 void tty_wakeup(struct tty_struct *tty)
576 {
577 struct tty_ldisc *ld;
578
579 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
580 ld = tty_ldisc_ref(tty);
581 if (ld) {
582 if (ld->ops->write_wakeup)
583 ld->ops->write_wakeup(tty);
584 tty_ldisc_deref(ld);
585 }
586 }
587 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
588 }
589
590 EXPORT_SYMBOL_GPL(tty_wakeup);
591
592 /**
593 * tty_signal_session_leader - sends SIGHUP to session leader
594 * @tty controlling tty
595 * @exit_session if non-zero, signal all foreground group processes
596 *
597 * Send SIGHUP and SIGCONT to the session leader and its process group.
598 * Optionally, signal all processes in the foreground process group.
599 *
600 * Returns the number of processes in the session with this tty
601 * as their controlling terminal. This value is used to drop
602 * tty references for those processes.
603 */
604 static int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
605 {
606 struct task_struct *p;
607 int refs = 0;
608 struct pid *tty_pgrp = NULL;
609
610 read_lock(&tasklist_lock);
611 if (tty->session) {
612 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
613 spin_lock_irq(&p->sighand->siglock);
614 if (p->signal->tty == tty) {
615 p->signal->tty = NULL;
616 /* We defer the dereferences outside fo
617 the tasklist lock */
618 refs++;
619 }
620 if (!p->signal->leader) {
621 spin_unlock_irq(&p->sighand->siglock);
622 continue;
623 }
624 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
625 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
626 put_pid(p->signal->tty_old_pgrp); /* A noop */
627 spin_lock(&tty->ctrl_lock);
628 tty_pgrp = get_pid(tty->pgrp);
629 if (tty->pgrp)
630 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
631 spin_unlock(&tty->ctrl_lock);
632 spin_unlock_irq(&p->sighand->siglock);
633 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
634 }
635 read_unlock(&tasklist_lock);
636
637 if (tty_pgrp) {
638 if (exit_session)
639 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
640 put_pid(tty_pgrp);
641 }
642
643 return refs;
644 }
645
646 /**
647 * __tty_hangup - actual handler for hangup events
648 * @work: tty device
649 *
650 * This can be called by a "kworker" kernel thread. That is process
651 * synchronous but doesn't hold any locks, so we need to make sure we
652 * have the appropriate locks for what we're doing.
653 *
654 * The hangup event clears any pending redirections onto the hung up
655 * device. It ensures future writes will error and it does the needed
656 * line discipline hangup and signal delivery. The tty object itself
657 * remains intact.
658 *
659 * Locking:
660 * BTM
661 * redirect lock for undoing redirection
662 * file list lock for manipulating list of ttys
663 * tty_ldiscs_lock from called functions
664 * termios_rwsem resetting termios data
665 * tasklist_lock to walk task list for hangup event
666 * ->siglock to protect ->signal/->sighand
667 */
668 static void __tty_hangup(struct tty_struct *tty, int exit_session)
669 {
670 struct file *cons_filp = NULL;
671 struct file *filp, *f = NULL;
672 struct tty_file_private *priv;
673 int closecount = 0, n;
674 int refs;
675
676 if (!tty)
677 return;
678
679
680 spin_lock(&redirect_lock);
681 if (redirect && file_tty(redirect) == tty) {
682 f = redirect;
683 redirect = NULL;
684 }
685 spin_unlock(&redirect_lock);
686
687 tty_lock(tty);
688
689 if (test_bit(TTY_HUPPED, &tty->flags)) {
690 tty_unlock(tty);
691 return;
692 }
693
694 /* inuse_filps is protected by the single tty lock,
695 this really needs to change if we want to flush the
696 workqueue with the lock held */
697 check_tty_count(tty, "tty_hangup");
698
699 spin_lock(&tty_files_lock);
700 /* This breaks for file handles being sent over AF_UNIX sockets ? */
701 list_for_each_entry(priv, &tty->tty_files, list) {
702 filp = priv->file;
703 if (filp->f_op->write == redirected_tty_write)
704 cons_filp = filp;
705 if (filp->f_op->write != tty_write)
706 continue;
707 closecount++;
708 __tty_fasync(-1, filp, 0); /* can't block */
709 filp->f_op = &hung_up_tty_fops;
710 }
711 spin_unlock(&tty_files_lock);
712
713 refs = tty_signal_session_leader(tty, exit_session);
714 /* Account for the p->signal references we killed */
715 while (refs--)
716 tty_kref_put(tty);
717
718 tty_ldisc_hangup(tty);
719
720 spin_lock_irq(&tty->ctrl_lock);
721 clear_bit(TTY_THROTTLED, &tty->flags);
722 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
723 put_pid(tty->session);
724 put_pid(tty->pgrp);
725 tty->session = NULL;
726 tty->pgrp = NULL;
727 tty->ctrl_status = 0;
728 spin_unlock_irq(&tty->ctrl_lock);
729
730 /*
731 * If one of the devices matches a console pointer, we
732 * cannot just call hangup() because that will cause
733 * tty->count and state->count to go out of sync.
734 * So we just call close() the right number of times.
735 */
736 if (cons_filp) {
737 if (tty->ops->close)
738 for (n = 0; n < closecount; n++)
739 tty->ops->close(tty, cons_filp);
740 } else if (tty->ops->hangup)
741 tty->ops->hangup(tty);
742 /*
743 * We don't want to have driver/ldisc interactions beyond
744 * the ones we did here. The driver layer expects no
745 * calls after ->hangup() from the ldisc side. However we
746 * can't yet guarantee all that.
747 */
748 set_bit(TTY_HUPPED, &tty->flags);
749 tty_unlock(tty);
750
751 if (f)
752 fput(f);
753 }
754
755 static void do_tty_hangup(struct work_struct *work)
756 {
757 struct tty_struct *tty =
758 container_of(work, struct tty_struct, hangup_work);
759
760 __tty_hangup(tty, 0);
761 }
762
763 /**
764 * tty_hangup - trigger a hangup event
765 * @tty: tty to hangup
766 *
767 * A carrier loss (virtual or otherwise) has occurred on this like
768 * schedule a hangup sequence to run after this event.
769 */
770
771 void tty_hangup(struct tty_struct *tty)
772 {
773 #ifdef TTY_DEBUG_HANGUP
774 char buf[64];
775 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
776 #endif
777 schedule_work(&tty->hangup_work);
778 }
779
780 EXPORT_SYMBOL(tty_hangup);
781
782 /**
783 * tty_vhangup - process vhangup
784 * @tty: tty to hangup
785 *
786 * The user has asked via system call for the terminal to be hung up.
787 * We do this synchronously so that when the syscall returns the process
788 * is complete. That guarantee is necessary for security reasons.
789 */
790
791 void tty_vhangup(struct tty_struct *tty)
792 {
793 #ifdef TTY_DEBUG_HANGUP
794 char buf[64];
795
796 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
797 #endif
798 __tty_hangup(tty, 0);
799 }
800
801 EXPORT_SYMBOL(tty_vhangup);
802
803
804 /**
805 * tty_vhangup_self - process vhangup for own ctty
806 *
807 * Perform a vhangup on the current controlling tty
808 */
809
810 void tty_vhangup_self(void)
811 {
812 struct tty_struct *tty;
813
814 tty = get_current_tty();
815 if (tty) {
816 tty_vhangup(tty);
817 tty_kref_put(tty);
818 }
819 }
820
821 /**
822 * tty_vhangup_session - hangup session leader exit
823 * @tty: tty to hangup
824 *
825 * The session leader is exiting and hanging up its controlling terminal.
826 * Every process in the foreground process group is signalled SIGHUP.
827 *
828 * We do this synchronously so that when the syscall returns the process
829 * is complete. That guarantee is necessary for security reasons.
830 */
831
832 static void tty_vhangup_session(struct tty_struct *tty)
833 {
834 #ifdef TTY_DEBUG_HANGUP
835 char buf[64];
836
837 printk(KERN_DEBUG "%s vhangup session...\n", tty_name(tty, buf));
838 #endif
839 __tty_hangup(tty, 1);
840 }
841
842 /**
843 * tty_hung_up_p - was tty hung up
844 * @filp: file pointer of tty
845 *
846 * Return true if the tty has been subject to a vhangup or a carrier
847 * loss
848 */
849
850 int tty_hung_up_p(struct file *filp)
851 {
852 return (filp->f_op == &hung_up_tty_fops);
853 }
854
855 EXPORT_SYMBOL(tty_hung_up_p);
856
857 /**
858 * disassociate_ctty - disconnect controlling tty
859 * @on_exit: true if exiting so need to "hang up" the session
860 *
861 * This function is typically called only by the session leader, when
862 * it wants to disassociate itself from its controlling tty.
863 *
864 * It performs the following functions:
865 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
866 * (2) Clears the tty from being controlling the session
867 * (3) Clears the controlling tty for all processes in the
868 * session group.
869 *
870 * The argument on_exit is set to 1 if called when a process is
871 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
872 *
873 * Locking:
874 * BTM is taken for hysterical raisins, and held when
875 * called from no_tty().
876 * tty_mutex is taken to protect tty
877 * ->siglock is taken to protect ->signal/->sighand
878 * tasklist_lock is taken to walk process list for sessions
879 * ->siglock is taken to protect ->signal/->sighand
880 */
881
882 void disassociate_ctty(int on_exit)
883 {
884 struct tty_struct *tty;
885
886 if (!current->signal->leader)
887 return;
888
889 tty = get_current_tty();
890 if (tty) {
891 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
892 tty_vhangup_session(tty);
893 } else {
894 struct pid *tty_pgrp = tty_get_pgrp(tty);
895 if (tty_pgrp) {
896 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
897 if (!on_exit)
898 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
899 put_pid(tty_pgrp);
900 }
901 }
902 tty_kref_put(tty);
903
904 } else if (on_exit) {
905 struct pid *old_pgrp;
906 spin_lock_irq(&current->sighand->siglock);
907 old_pgrp = current->signal->tty_old_pgrp;
908 current->signal->tty_old_pgrp = NULL;
909 spin_unlock_irq(&current->sighand->siglock);
910 if (old_pgrp) {
911 kill_pgrp(old_pgrp, SIGHUP, on_exit);
912 kill_pgrp(old_pgrp, SIGCONT, on_exit);
913 put_pid(old_pgrp);
914 }
915 return;
916 }
917
918 spin_lock_irq(&current->sighand->siglock);
919 put_pid(current->signal->tty_old_pgrp);
920 current->signal->tty_old_pgrp = NULL;
921
922 tty = tty_kref_get(current->signal->tty);
923 if (tty) {
924 unsigned long flags;
925 spin_lock_irqsave(&tty->ctrl_lock, flags);
926 put_pid(tty->session);
927 put_pid(tty->pgrp);
928 tty->session = NULL;
929 tty->pgrp = NULL;
930 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
931 tty_kref_put(tty);
932 } else {
933 #ifdef TTY_DEBUG_HANGUP
934 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
935 " = NULL", tty);
936 #endif
937 }
938
939 spin_unlock_irq(&current->sighand->siglock);
940 /* Now clear signal->tty under the lock */
941 read_lock(&tasklist_lock);
942 session_clear_tty(task_session(current));
943 read_unlock(&tasklist_lock);
944 }
945
946 /**
947 *
948 * no_tty - Ensure the current process does not have a controlling tty
949 */
950 void no_tty(void)
951 {
952 /* FIXME: Review locking here. The tty_lock never covered any race
953 between a new association and proc_clear_tty but possible we need
954 to protect against this anyway */
955 struct task_struct *tsk = current;
956 disassociate_ctty(0);
957 proc_clear_tty(tsk);
958 }
959
960
961 /**
962 * stop_tty - propagate flow control
963 * @tty: tty to stop
964 *
965 * Perform flow control to the driver. May be called
966 * on an already stopped device and will not re-call the driver
967 * method.
968 *
969 * This functionality is used by both the line disciplines for
970 * halting incoming flow and by the driver. It may therefore be
971 * called from any context, may be under the tty atomic_write_lock
972 * but not always.
973 *
974 * Locking:
975 * flow_lock
976 */
977
978 void __stop_tty(struct tty_struct *tty)
979 {
980 if (tty->stopped)
981 return;
982 tty->stopped = 1;
983 if (tty->ops->stop)
984 (tty->ops->stop)(tty);
985 }
986
987 void stop_tty(struct tty_struct *tty)
988 {
989 unsigned long flags;
990
991 spin_lock_irqsave(&tty->flow_lock, flags);
992 __stop_tty(tty);
993 spin_unlock_irqrestore(&tty->flow_lock, flags);
994 }
995 EXPORT_SYMBOL(stop_tty);
996
997 /**
998 * start_tty - propagate flow control
999 * @tty: tty to start
1000 *
1001 * Start a tty that has been stopped if at all possible. If this
1002 * tty was previous stopped and is now being started, the driver
1003 * start method is invoked and the line discipline woken.
1004 *
1005 * Locking:
1006 * flow_lock
1007 */
1008
1009 void __start_tty(struct tty_struct *tty)
1010 {
1011 if (!tty->stopped || tty->flow_stopped)
1012 return;
1013 tty->stopped = 0;
1014 if (tty->ops->start)
1015 (tty->ops->start)(tty);
1016 tty_wakeup(tty);
1017 }
1018
1019 void start_tty(struct tty_struct *tty)
1020 {
1021 unsigned long flags;
1022
1023 spin_lock_irqsave(&tty->flow_lock, flags);
1024 __start_tty(tty);
1025 spin_unlock_irqrestore(&tty->flow_lock, flags);
1026 }
1027 EXPORT_SYMBOL(start_tty);
1028
1029 /* We limit tty time update visibility to every 8 seconds or so. */
1030 static void tty_update_time(struct timespec *time)
1031 {
1032 unsigned long sec = get_seconds() & ~7;
1033 if ((long)(sec - time->tv_sec) > 0)
1034 time->tv_sec = sec;
1035 }
1036
1037 /**
1038 * tty_read - read method for tty device files
1039 * @file: pointer to tty file
1040 * @buf: user buffer
1041 * @count: size of user buffer
1042 * @ppos: unused
1043 *
1044 * Perform the read system call function on this terminal device. Checks
1045 * for hung up devices before calling the line discipline method.
1046 *
1047 * Locking:
1048 * Locks the line discipline internally while needed. Multiple
1049 * read calls may be outstanding in parallel.
1050 */
1051
1052 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1053 loff_t *ppos)
1054 {
1055 int i;
1056 struct inode *inode = file_inode(file);
1057 struct tty_struct *tty = file_tty(file);
1058 struct tty_ldisc *ld;
1059
1060 if (tty_paranoia_check(tty, inode, "tty_read"))
1061 return -EIO;
1062 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1063 return -EIO;
1064
1065 /* We want to wait for the line discipline to sort out in this
1066 situation */
1067 ld = tty_ldisc_ref_wait(tty);
1068 if (ld->ops->read)
1069 i = (ld->ops->read)(tty, file, buf, count);
1070 else
1071 i = -EIO;
1072 tty_ldisc_deref(ld);
1073
1074 if (i > 0)
1075 tty_update_time(&inode->i_atime);
1076
1077 return i;
1078 }
1079
1080 static void tty_write_unlock(struct tty_struct *tty)
1081 {
1082 mutex_unlock(&tty->atomic_write_lock);
1083 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1084 }
1085
1086 static int tty_write_lock(struct tty_struct *tty, int ndelay)
1087 {
1088 if (!mutex_trylock(&tty->atomic_write_lock)) {
1089 if (ndelay)
1090 return -EAGAIN;
1091 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1092 return -ERESTARTSYS;
1093 }
1094 return 0;
1095 }
1096
1097 /*
1098 * Split writes up in sane blocksizes to avoid
1099 * denial-of-service type attacks
1100 */
1101 static inline ssize_t do_tty_write(
1102 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1103 struct tty_struct *tty,
1104 struct file *file,
1105 const char __user *buf,
1106 size_t count)
1107 {
1108 ssize_t ret, written = 0;
1109 unsigned int chunk;
1110
1111 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1112 if (ret < 0)
1113 return ret;
1114
1115 /*
1116 * We chunk up writes into a temporary buffer. This
1117 * simplifies low-level drivers immensely, since they
1118 * don't have locking issues and user mode accesses.
1119 *
1120 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1121 * big chunk-size..
1122 *
1123 * The default chunk-size is 2kB, because the NTTY
1124 * layer has problems with bigger chunks. It will
1125 * claim to be able to handle more characters than
1126 * it actually does.
1127 *
1128 * FIXME: This can probably go away now except that 64K chunks
1129 * are too likely to fail unless switched to vmalloc...
1130 */
1131 chunk = 2048;
1132 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1133 chunk = 65536;
1134 if (count < chunk)
1135 chunk = count;
1136
1137 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1138 if (tty->write_cnt < chunk) {
1139 unsigned char *buf_chunk;
1140
1141 if (chunk < 1024)
1142 chunk = 1024;
1143
1144 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1145 if (!buf_chunk) {
1146 ret = -ENOMEM;
1147 goto out;
1148 }
1149 kfree(tty->write_buf);
1150 tty->write_cnt = chunk;
1151 tty->write_buf = buf_chunk;
1152 }
1153
1154 /* Do the write .. */
1155 for (;;) {
1156 size_t size = count;
1157 if (size > chunk)
1158 size = chunk;
1159 ret = -EFAULT;
1160 if (copy_from_user(tty->write_buf, buf, size))
1161 break;
1162 ret = write(tty, file, tty->write_buf, size);
1163 if (ret <= 0)
1164 break;
1165 written += ret;
1166 buf += ret;
1167 count -= ret;
1168 if (!count)
1169 break;
1170 ret = -ERESTARTSYS;
1171 if (signal_pending(current))
1172 break;
1173 cond_resched();
1174 }
1175 if (written) {
1176 tty_update_time(&file_inode(file)->i_mtime);
1177 ret = written;
1178 }
1179 out:
1180 tty_write_unlock(tty);
1181 return ret;
1182 }
1183
1184 /**
1185 * tty_write_message - write a message to a certain tty, not just the console.
1186 * @tty: the destination tty_struct
1187 * @msg: the message to write
1188 *
1189 * This is used for messages that need to be redirected to a specific tty.
1190 * We don't put it into the syslog queue right now maybe in the future if
1191 * really needed.
1192 *
1193 * We must still hold the BTM and test the CLOSING flag for the moment.
1194 */
1195
1196 void tty_write_message(struct tty_struct *tty, char *msg)
1197 {
1198 if (tty) {
1199 mutex_lock(&tty->atomic_write_lock);
1200 tty_lock(tty);
1201 if (tty->ops->write && tty->count > 0) {
1202 tty_unlock(tty);
1203 tty->ops->write(tty, msg, strlen(msg));
1204 } else
1205 tty_unlock(tty);
1206 tty_write_unlock(tty);
1207 }
1208 return;
1209 }
1210
1211
1212 /**
1213 * tty_write - write method for tty device file
1214 * @file: tty file pointer
1215 * @buf: user data to write
1216 * @count: bytes to write
1217 * @ppos: unused
1218 *
1219 * Write data to a tty device via the line discipline.
1220 *
1221 * Locking:
1222 * Locks the line discipline as required
1223 * Writes to the tty driver are serialized by the atomic_write_lock
1224 * and are then processed in chunks to the device. The line discipline
1225 * write method will not be invoked in parallel for each device.
1226 */
1227
1228 static ssize_t tty_write(struct file *file, const char __user *buf,
1229 size_t count, loff_t *ppos)
1230 {
1231 struct tty_struct *tty = file_tty(file);
1232 struct tty_ldisc *ld;
1233 ssize_t ret;
1234
1235 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1236 return -EIO;
1237 if (!tty || !tty->ops->write ||
1238 (test_bit(TTY_IO_ERROR, &tty->flags)))
1239 return -EIO;
1240 /* Short term debug to catch buggy drivers */
1241 if (tty->ops->write_room == NULL)
1242 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1243 tty->driver->name);
1244 ld = tty_ldisc_ref_wait(tty);
1245 if (!ld->ops->write)
1246 ret = -EIO;
1247 else
1248 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1249 tty_ldisc_deref(ld);
1250 return ret;
1251 }
1252
1253 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1254 size_t count, loff_t *ppos)
1255 {
1256 struct file *p = NULL;
1257
1258 spin_lock(&redirect_lock);
1259 if (redirect)
1260 p = get_file(redirect);
1261 spin_unlock(&redirect_lock);
1262
1263 if (p) {
1264 ssize_t res;
1265 res = vfs_write(p, buf, count, &p->f_pos);
1266 fput(p);
1267 return res;
1268 }
1269 return tty_write(file, buf, count, ppos);
1270 }
1271
1272 /**
1273 * tty_send_xchar - send priority character
1274 *
1275 * Send a high priority character to the tty even if stopped
1276 *
1277 * Locking: none for xchar method, write ordering for write method.
1278 */
1279
1280 int tty_send_xchar(struct tty_struct *tty, char ch)
1281 {
1282 int was_stopped = tty->stopped;
1283
1284 if (tty->ops->send_xchar) {
1285 tty->ops->send_xchar(tty, ch);
1286 return 0;
1287 }
1288
1289 if (tty_write_lock(tty, 0) < 0)
1290 return -ERESTARTSYS;
1291
1292 if (was_stopped)
1293 start_tty(tty);
1294 tty->ops->write(tty, &ch, 1);
1295 if (was_stopped)
1296 stop_tty(tty);
1297 tty_write_unlock(tty);
1298 return 0;
1299 }
1300
1301 static char ptychar[] = "pqrstuvwxyzabcde";
1302
1303 /**
1304 * pty_line_name - generate name for a pty
1305 * @driver: the tty driver in use
1306 * @index: the minor number
1307 * @p: output buffer of at least 6 bytes
1308 *
1309 * Generate a name from a driver reference and write it to the output
1310 * buffer.
1311 *
1312 * Locking: None
1313 */
1314 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1315 {
1316 int i = index + driver->name_base;
1317 /* ->name is initialized to "ttyp", but "tty" is expected */
1318 sprintf(p, "%s%c%x",
1319 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1320 ptychar[i >> 4 & 0xf], i & 0xf);
1321 }
1322
1323 /**
1324 * tty_line_name - generate name for a tty
1325 * @driver: the tty driver in use
1326 * @index: the minor number
1327 * @p: output buffer of at least 7 bytes
1328 *
1329 * Generate a name from a driver reference and write it to the output
1330 * buffer.
1331 *
1332 * Locking: None
1333 */
1334 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1335 {
1336 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1337 return sprintf(p, "%s", driver->name);
1338 else
1339 return sprintf(p, "%s%d", driver->name,
1340 index + driver->name_base);
1341 }
1342
1343 /**
1344 * tty_driver_lookup_tty() - find an existing tty, if any
1345 * @driver: the driver for the tty
1346 * @idx: the minor number
1347 *
1348 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1349 * driver lookup() method returns an error.
1350 *
1351 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1352 */
1353 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1354 struct inode *inode, int idx)
1355 {
1356 struct tty_struct *tty;
1357
1358 if (driver->ops->lookup)
1359 tty = driver->ops->lookup(driver, inode, idx);
1360 else
1361 tty = driver->ttys[idx];
1362
1363 if (!IS_ERR(tty))
1364 tty_kref_get(tty);
1365 return tty;
1366 }
1367
1368 /**
1369 * tty_init_termios - helper for termios setup
1370 * @tty: the tty to set up
1371 *
1372 * Initialise the termios structures for this tty. Thus runs under
1373 * the tty_mutex currently so we can be relaxed about ordering.
1374 */
1375
1376 int tty_init_termios(struct tty_struct *tty)
1377 {
1378 struct ktermios *tp;
1379 int idx = tty->index;
1380
1381 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1382 tty->termios = tty->driver->init_termios;
1383 else {
1384 /* Check for lazy saved data */
1385 tp = tty->driver->termios[idx];
1386 if (tp != NULL)
1387 tty->termios = *tp;
1388 else
1389 tty->termios = tty->driver->init_termios;
1390 }
1391 /* Compatibility until drivers always set this */
1392 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1393 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1394 return 0;
1395 }
1396 EXPORT_SYMBOL_GPL(tty_init_termios);
1397
1398 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1399 {
1400 int ret = tty_init_termios(tty);
1401 if (ret)
1402 return ret;
1403
1404 tty_driver_kref_get(driver);
1405 tty->count++;
1406 driver->ttys[tty->index] = tty;
1407 return 0;
1408 }
1409 EXPORT_SYMBOL_GPL(tty_standard_install);
1410
1411 /**
1412 * tty_driver_install_tty() - install a tty entry in the driver
1413 * @driver: the driver for the tty
1414 * @tty: the tty
1415 *
1416 * Install a tty object into the driver tables. The tty->index field
1417 * will be set by the time this is called. This method is responsible
1418 * for ensuring any need additional structures are allocated and
1419 * configured.
1420 *
1421 * Locking: tty_mutex for now
1422 */
1423 static int tty_driver_install_tty(struct tty_driver *driver,
1424 struct tty_struct *tty)
1425 {
1426 return driver->ops->install ? driver->ops->install(driver, tty) :
1427 tty_standard_install(driver, tty);
1428 }
1429
1430 /**
1431 * tty_driver_remove_tty() - remove a tty from the driver tables
1432 * @driver: the driver for the tty
1433 * @idx: the minor number
1434 *
1435 * Remvoe a tty object from the driver tables. The tty->index field
1436 * will be set by the time this is called.
1437 *
1438 * Locking: tty_mutex for now
1439 */
1440 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1441 {
1442 if (driver->ops->remove)
1443 driver->ops->remove(driver, tty);
1444 else
1445 driver->ttys[tty->index] = NULL;
1446 }
1447
1448 /*
1449 * tty_reopen() - fast re-open of an open tty
1450 * @tty - the tty to open
1451 *
1452 * Return 0 on success, -errno on error.
1453 * Re-opens on master ptys are not allowed and return -EIO.
1454 *
1455 * Locking: Caller must hold tty_lock
1456 */
1457 static int tty_reopen(struct tty_struct *tty)
1458 {
1459 struct tty_driver *driver = tty->driver;
1460
1461 if (!tty->count)
1462 return -EIO;
1463
1464 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1465 driver->subtype == PTY_TYPE_MASTER)
1466 return -EIO;
1467
1468 tty->count++;
1469
1470 WARN_ON(!tty->ldisc);
1471
1472 return 0;
1473 }
1474
1475 /**
1476 * tty_init_dev - initialise a tty device
1477 * @driver: tty driver we are opening a device on
1478 * @idx: device index
1479 * @ret_tty: returned tty structure
1480 *
1481 * Prepare a tty device. This may not be a "new" clean device but
1482 * could also be an active device. The pty drivers require special
1483 * handling because of this.
1484 *
1485 * Locking:
1486 * The function is called under the tty_mutex, which
1487 * protects us from the tty struct or driver itself going away.
1488 *
1489 * On exit the tty device has the line discipline attached and
1490 * a reference count of 1. If a pair was created for pty/tty use
1491 * and the other was a pty master then it too has a reference count of 1.
1492 *
1493 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1494 * failed open. The new code protects the open with a mutex, so it's
1495 * really quite straightforward. The mutex locking can probably be
1496 * relaxed for the (most common) case of reopening a tty.
1497 */
1498
1499 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1500 {
1501 struct tty_struct *tty;
1502 int retval;
1503
1504 /*
1505 * First time open is complex, especially for PTY devices.
1506 * This code guarantees that either everything succeeds and the
1507 * TTY is ready for operation, or else the table slots are vacated
1508 * and the allocated memory released. (Except that the termios
1509 * and locked termios may be retained.)
1510 */
1511
1512 if (!try_module_get(driver->owner))
1513 return ERR_PTR(-ENODEV);
1514
1515 tty = alloc_tty_struct(driver, idx);
1516 if (!tty) {
1517 retval = -ENOMEM;
1518 goto err_module_put;
1519 }
1520
1521 tty_lock(tty);
1522 retval = tty_driver_install_tty(driver, tty);
1523 if (retval < 0)
1524 goto err_deinit_tty;
1525
1526 if (!tty->port)
1527 tty->port = driver->ports[idx];
1528
1529 WARN_RATELIMIT(!tty->port,
1530 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1531 __func__, tty->driver->name);
1532
1533 tty->port->itty = tty;
1534
1535 /*
1536 * Structures all installed ... call the ldisc open routines.
1537 * If we fail here just call release_tty to clean up. No need
1538 * to decrement the use counts, as release_tty doesn't care.
1539 */
1540 retval = tty_ldisc_setup(tty, tty->link);
1541 if (retval)
1542 goto err_release_tty;
1543 /* Return the tty locked so that it cannot vanish under the caller */
1544 return tty;
1545
1546 err_deinit_tty:
1547 tty_unlock(tty);
1548 deinitialize_tty_struct(tty);
1549 free_tty_struct(tty);
1550 err_module_put:
1551 module_put(driver->owner);
1552 return ERR_PTR(retval);
1553
1554 /* call the tty release_tty routine to clean out this slot */
1555 err_release_tty:
1556 tty_unlock(tty);
1557 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1558 "clearing slot %d\n", idx);
1559 release_tty(tty, idx);
1560 return ERR_PTR(retval);
1561 }
1562
1563 void tty_free_termios(struct tty_struct *tty)
1564 {
1565 struct ktermios *tp;
1566 int idx = tty->index;
1567
1568 /* If the port is going to reset then it has no termios to save */
1569 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1570 return;
1571
1572 /* Stash the termios data */
1573 tp = tty->driver->termios[idx];
1574 if (tp == NULL) {
1575 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1576 if (tp == NULL) {
1577 pr_warn("tty: no memory to save termios state.\n");
1578 return;
1579 }
1580 tty->driver->termios[idx] = tp;
1581 }
1582 *tp = tty->termios;
1583 }
1584 EXPORT_SYMBOL(tty_free_termios);
1585
1586 /**
1587 * tty_flush_works - flush all works of a tty/pty pair
1588 * @tty: tty device to flush works for (or either end of a pty pair)
1589 *
1590 * Sync flush all works belonging to @tty (and the 'other' tty).
1591 */
1592 static void tty_flush_works(struct tty_struct *tty)
1593 {
1594 flush_work(&tty->SAK_work);
1595 flush_work(&tty->hangup_work);
1596 if (tty->link) {
1597 flush_work(&tty->link->SAK_work);
1598 flush_work(&tty->link->hangup_work);
1599 }
1600 }
1601
1602 /**
1603 * release_one_tty - release tty structure memory
1604 * @kref: kref of tty we are obliterating
1605 *
1606 * Releases memory associated with a tty structure, and clears out the
1607 * driver table slots. This function is called when a device is no longer
1608 * in use. It also gets called when setup of a device fails.
1609 *
1610 * Locking:
1611 * takes the file list lock internally when working on the list
1612 * of ttys that the driver keeps.
1613 *
1614 * This method gets called from a work queue so that the driver private
1615 * cleanup ops can sleep (needed for USB at least)
1616 */
1617 static void release_one_tty(struct work_struct *work)
1618 {
1619 struct tty_struct *tty =
1620 container_of(work, struct tty_struct, hangup_work);
1621 struct tty_driver *driver = tty->driver;
1622 struct module *owner = driver->owner;
1623
1624 if (tty->ops->cleanup)
1625 tty->ops->cleanup(tty);
1626
1627 tty->magic = 0;
1628 tty_driver_kref_put(driver);
1629 module_put(owner);
1630
1631 spin_lock(&tty_files_lock);
1632 list_del_init(&tty->tty_files);
1633 spin_unlock(&tty_files_lock);
1634
1635 put_pid(tty->pgrp);
1636 put_pid(tty->session);
1637 free_tty_struct(tty);
1638 }
1639
1640 static void queue_release_one_tty(struct kref *kref)
1641 {
1642 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1643
1644 /* The hangup queue is now free so we can reuse it rather than
1645 waste a chunk of memory for each port */
1646 INIT_WORK(&tty->hangup_work, release_one_tty);
1647 schedule_work(&tty->hangup_work);
1648 }
1649
1650 /**
1651 * tty_kref_put - release a tty kref
1652 * @tty: tty device
1653 *
1654 * Release a reference to a tty device and if need be let the kref
1655 * layer destruct the object for us
1656 */
1657
1658 void tty_kref_put(struct tty_struct *tty)
1659 {
1660 if (tty)
1661 kref_put(&tty->kref, queue_release_one_tty);
1662 }
1663 EXPORT_SYMBOL(tty_kref_put);
1664
1665 /**
1666 * release_tty - release tty structure memory
1667 *
1668 * Release both @tty and a possible linked partner (think pty pair),
1669 * and decrement the refcount of the backing module.
1670 *
1671 * Locking:
1672 * tty_mutex
1673 * takes the file list lock internally when working on the list
1674 * of ttys that the driver keeps.
1675 *
1676 */
1677 static void release_tty(struct tty_struct *tty, int idx)
1678 {
1679 /* This should always be true but check for the moment */
1680 WARN_ON(tty->index != idx);
1681 WARN_ON(!mutex_is_locked(&tty_mutex));
1682 if (tty->ops->shutdown)
1683 tty->ops->shutdown(tty);
1684 tty_free_termios(tty);
1685 tty_driver_remove_tty(tty->driver, tty);
1686 tty->port->itty = NULL;
1687 if (tty->link)
1688 tty->link->port->itty = NULL;
1689 cancel_work_sync(&tty->port->buf.work);
1690
1691 if (tty->link)
1692 tty_kref_put(tty->link);
1693 tty_kref_put(tty);
1694 }
1695
1696 /**
1697 * tty_release_checks - check a tty before real release
1698 * @tty: tty to check
1699 * @o_tty: link of @tty (if any)
1700 * @idx: index of the tty
1701 *
1702 * Performs some paranoid checking before true release of the @tty.
1703 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1704 */
1705 static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1706 int idx)
1707 {
1708 #ifdef TTY_PARANOIA_CHECK
1709 if (idx < 0 || idx >= tty->driver->num) {
1710 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1711 __func__, tty->name);
1712 return -1;
1713 }
1714
1715 /* not much to check for devpts */
1716 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1717 return 0;
1718
1719 if (tty != tty->driver->ttys[idx]) {
1720 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1721 __func__, idx, tty->name);
1722 return -1;
1723 }
1724 if (tty->driver->other) {
1725 if (o_tty != tty->driver->other->ttys[idx]) {
1726 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1727 __func__, idx, tty->name);
1728 return -1;
1729 }
1730 if (o_tty->link != tty) {
1731 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1732 return -1;
1733 }
1734 }
1735 #endif
1736 return 0;
1737 }
1738
1739 /**
1740 * tty_release - vfs callback for close
1741 * @inode: inode of tty
1742 * @filp: file pointer for handle to tty
1743 *
1744 * Called the last time each file handle is closed that references
1745 * this tty. There may however be several such references.
1746 *
1747 * Locking:
1748 * Takes bkl. See tty_release_dev
1749 *
1750 * Even releasing the tty structures is a tricky business.. We have
1751 * to be very careful that the structures are all released at the
1752 * same time, as interrupts might otherwise get the wrong pointers.
1753 *
1754 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1755 * lead to double frees or releasing memory still in use.
1756 */
1757
1758 int tty_release(struct inode *inode, struct file *filp)
1759 {
1760 struct tty_struct *tty = file_tty(filp);
1761 struct tty_struct *o_tty;
1762 int pty_master, do_sleep, final;
1763 int idx;
1764 char buf[64];
1765
1766 if (tty_paranoia_check(tty, inode, __func__))
1767 return 0;
1768
1769 tty_lock(tty);
1770 check_tty_count(tty, __func__);
1771
1772 __tty_fasync(-1, filp, 0);
1773
1774 idx = tty->index;
1775 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1776 tty->driver->subtype == PTY_TYPE_MASTER);
1777 /* Review: parallel close */
1778 o_tty = tty->link;
1779
1780 if (tty_release_checks(tty, o_tty, idx)) {
1781 tty_unlock(tty);
1782 return 0;
1783 }
1784
1785 #ifdef TTY_DEBUG_HANGUP
1786 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1787 tty_name(tty, buf), tty->count);
1788 #endif
1789
1790 if (tty->ops->close)
1791 tty->ops->close(tty, filp);
1792
1793 tty_unlock(tty);
1794 /*
1795 * Sanity check: if tty->count is going to zero, there shouldn't be
1796 * any waiters on tty->read_wait or tty->write_wait. We test the
1797 * wait queues and kick everyone out _before_ actually starting to
1798 * close. This ensures that we won't block while releasing the tty
1799 * structure.
1800 *
1801 * The test for the o_tty closing is necessary, since the master and
1802 * slave sides may close in any order. If the slave side closes out
1803 * first, its count will be one, since the master side holds an open.
1804 * Thus this test wouldn't be triggered at the time the slave closed,
1805 * so we do it now.
1806 */
1807 tty_lock_pair(tty, o_tty);
1808
1809 while (1) {
1810 do_sleep = 0;
1811
1812 if (tty->count <= 1) {
1813 if (waitqueue_active(&tty->read_wait)) {
1814 wake_up_poll(&tty->read_wait, POLLIN);
1815 do_sleep++;
1816 }
1817 if (waitqueue_active(&tty->write_wait)) {
1818 wake_up_poll(&tty->write_wait, POLLOUT);
1819 do_sleep++;
1820 }
1821 }
1822 if (pty_master && o_tty->count <= 1) {
1823 if (waitqueue_active(&o_tty->read_wait)) {
1824 wake_up_poll(&o_tty->read_wait, POLLIN);
1825 do_sleep++;
1826 }
1827 if (waitqueue_active(&o_tty->write_wait)) {
1828 wake_up_poll(&o_tty->write_wait, POLLOUT);
1829 do_sleep++;
1830 }
1831 }
1832 if (!do_sleep)
1833 break;
1834
1835 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1836 __func__, tty_name(tty, buf));
1837 schedule();
1838 }
1839
1840 if (pty_master) {
1841 if (--o_tty->count < 0) {
1842 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1843 __func__, o_tty->count, tty_name(o_tty, buf));
1844 o_tty->count = 0;
1845 }
1846 }
1847 if (--tty->count < 0) {
1848 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1849 __func__, tty->count, tty_name(tty, buf));
1850 tty->count = 0;
1851 }
1852
1853 /*
1854 * We've decremented tty->count, so we need to remove this file
1855 * descriptor off the tty->tty_files list; this serves two
1856 * purposes:
1857 * - check_tty_count sees the correct number of file descriptors
1858 * associated with this tty.
1859 * - do_tty_hangup no longer sees this file descriptor as
1860 * something that needs to be handled for hangups.
1861 */
1862 tty_del_file(filp);
1863
1864 /*
1865 * Perform some housekeeping before deciding whether to return.
1866 *
1867 * If _either_ side is closing, make sure there aren't any
1868 * processes that still think tty or o_tty is their controlling
1869 * tty.
1870 */
1871 if (!tty->count) {
1872 read_lock(&tasklist_lock);
1873 session_clear_tty(tty->session);
1874 if (pty_master)
1875 session_clear_tty(o_tty->session);
1876 read_unlock(&tasklist_lock);
1877 }
1878
1879 /* check whether both sides are closing ... */
1880 final = !tty->count && !(pty_master && o_tty->count);
1881
1882 tty_unlock_pair(tty, o_tty);
1883 /* At this point, the tty->count == 0 should ensure a dead tty
1884 cannot be re-opened by a racing opener */
1885
1886 if (!final)
1887 return 0;
1888
1889 #ifdef TTY_DEBUG_HANGUP
1890 printk(KERN_DEBUG "%s: %s: final close\n", __func__, tty_name(tty, buf));
1891 #endif
1892 /*
1893 * Ask the line discipline code to release its structures
1894 */
1895 tty_ldisc_release(tty);
1896
1897 /* Wait for pending work before tty destruction commmences */
1898 tty_flush_works(tty);
1899
1900 #ifdef TTY_DEBUG_HANGUP
1901 printk(KERN_DEBUG "%s: %s: freeing structure...\n", __func__, tty_name(tty, buf));
1902 #endif
1903 /*
1904 * The release_tty function takes care of the details of clearing
1905 * the slots and preserving the termios structure. The tty_unlock_pair
1906 * should be safe as we keep a kref while the tty is locked (so the
1907 * unlock never unlocks a freed tty).
1908 */
1909 mutex_lock(&tty_mutex);
1910 release_tty(tty, idx);
1911 mutex_unlock(&tty_mutex);
1912
1913 return 0;
1914 }
1915
1916 /**
1917 * tty_open_current_tty - get locked tty of current task
1918 * @device: device number
1919 * @filp: file pointer to tty
1920 * @return: locked tty of the current task iff @device is /dev/tty
1921 *
1922 * Performs a re-open of the current task's controlling tty.
1923 *
1924 * We cannot return driver and index like for the other nodes because
1925 * devpts will not work then. It expects inodes to be from devpts FS.
1926 */
1927 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1928 {
1929 struct tty_struct *tty;
1930 int retval;
1931
1932 if (device != MKDEV(TTYAUX_MAJOR, 0))
1933 return NULL;
1934
1935 tty = get_current_tty();
1936 if (!tty)
1937 return ERR_PTR(-ENXIO);
1938
1939 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1940 /* noctty = 1; */
1941 tty_lock(tty);
1942 tty_kref_put(tty); /* safe to drop the kref now */
1943
1944 retval = tty_reopen(tty);
1945 if (retval < 0) {
1946 tty_unlock(tty);
1947 tty = ERR_PTR(retval);
1948 }
1949 return tty;
1950 }
1951
1952 /**
1953 * tty_lookup_driver - lookup a tty driver for a given device file
1954 * @device: device number
1955 * @filp: file pointer to tty
1956 * @noctty: set if the device should not become a controlling tty
1957 * @index: index for the device in the @return driver
1958 * @return: driver for this inode (with increased refcount)
1959 *
1960 * If @return is not erroneous, the caller is responsible to decrement the
1961 * refcount by tty_driver_kref_put.
1962 *
1963 * Locking: tty_mutex protects get_tty_driver
1964 */
1965 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1966 int *noctty, int *index)
1967 {
1968 struct tty_driver *driver;
1969
1970 switch (device) {
1971 #ifdef CONFIG_VT
1972 case MKDEV(TTY_MAJOR, 0): {
1973 extern struct tty_driver *console_driver;
1974 driver = tty_driver_kref_get(console_driver);
1975 *index = fg_console;
1976 *noctty = 1;
1977 break;
1978 }
1979 #endif
1980 case MKDEV(TTYAUX_MAJOR, 1): {
1981 struct tty_driver *console_driver = console_device(index);
1982 if (console_driver) {
1983 driver = tty_driver_kref_get(console_driver);
1984 if (driver) {
1985 /* Don't let /dev/console block */
1986 filp->f_flags |= O_NONBLOCK;
1987 *noctty = 1;
1988 break;
1989 }
1990 }
1991 return ERR_PTR(-ENODEV);
1992 }
1993 default:
1994 driver = get_tty_driver(device, index);
1995 if (!driver)
1996 return ERR_PTR(-ENODEV);
1997 break;
1998 }
1999 return driver;
2000 }
2001
2002 /**
2003 * tty_open - open a tty device
2004 * @inode: inode of device file
2005 * @filp: file pointer to tty
2006 *
2007 * tty_open and tty_release keep up the tty count that contains the
2008 * number of opens done on a tty. We cannot use the inode-count, as
2009 * different inodes might point to the same tty.
2010 *
2011 * Open-counting is needed for pty masters, as well as for keeping
2012 * track of serial lines: DTR is dropped when the last close happens.
2013 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2014 *
2015 * The termios state of a pty is reset on first open so that
2016 * settings don't persist across reuse.
2017 *
2018 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2019 * tty->count should protect the rest.
2020 * ->siglock protects ->signal/->sighand
2021 *
2022 * Note: the tty_unlock/lock cases without a ref are only safe due to
2023 * tty_mutex
2024 */
2025
2026 static int tty_open(struct inode *inode, struct file *filp)
2027 {
2028 struct tty_struct *tty;
2029 int noctty, retval;
2030 struct tty_driver *driver = NULL;
2031 int index;
2032 dev_t device = inode->i_rdev;
2033 unsigned saved_flags = filp->f_flags;
2034
2035 nonseekable_open(inode, filp);
2036
2037 retry_open:
2038 retval = tty_alloc_file(filp);
2039 if (retval)
2040 return -ENOMEM;
2041
2042 noctty = filp->f_flags & O_NOCTTY;
2043 index = -1;
2044 retval = 0;
2045
2046 tty = tty_open_current_tty(device, filp);
2047 if (!tty) {
2048 mutex_lock(&tty_mutex);
2049 driver = tty_lookup_driver(device, filp, &noctty, &index);
2050 if (IS_ERR(driver)) {
2051 retval = PTR_ERR(driver);
2052 goto err_unlock;
2053 }
2054
2055 /* check whether we're reopening an existing tty */
2056 tty = tty_driver_lookup_tty(driver, inode, index);
2057 if (IS_ERR(tty)) {
2058 retval = PTR_ERR(tty);
2059 goto err_unlock;
2060 }
2061
2062 if (tty) {
2063 mutex_unlock(&tty_mutex);
2064 tty_lock(tty);
2065 /* safe to drop the kref from tty_driver_lookup_tty() */
2066 tty_kref_put(tty);
2067 retval = tty_reopen(tty);
2068 if (retval < 0) {
2069 tty_unlock(tty);
2070 tty = ERR_PTR(retval);
2071 }
2072 } else { /* Returns with the tty_lock held for now */
2073 tty = tty_init_dev(driver, index);
2074 mutex_unlock(&tty_mutex);
2075 }
2076
2077 tty_driver_kref_put(driver);
2078 }
2079
2080 if (IS_ERR(tty)) {
2081 retval = PTR_ERR(tty);
2082 goto err_file;
2083 }
2084
2085 tty_add_file(tty, filp);
2086
2087 check_tty_count(tty, __func__);
2088 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2089 tty->driver->subtype == PTY_TYPE_MASTER)
2090 noctty = 1;
2091 #ifdef TTY_DEBUG_HANGUP
2092 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
2093 #endif
2094 if (tty->ops->open)
2095 retval = tty->ops->open(tty, filp);
2096 else
2097 retval = -ENODEV;
2098 filp->f_flags = saved_flags;
2099
2100 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2101 !capable(CAP_SYS_ADMIN))
2102 retval = -EBUSY;
2103
2104 if (retval) {
2105 #ifdef TTY_DEBUG_HANGUP
2106 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
2107 retval, tty->name);
2108 #endif
2109 tty_unlock(tty); /* need to call tty_release without BTM */
2110 tty_release(inode, filp);
2111 if (retval != -ERESTARTSYS)
2112 return retval;
2113
2114 if (signal_pending(current))
2115 return retval;
2116
2117 schedule();
2118 /*
2119 * Need to reset f_op in case a hangup happened.
2120 */
2121 if (filp->f_op == &hung_up_tty_fops)
2122 filp->f_op = &tty_fops;
2123 goto retry_open;
2124 }
2125 clear_bit(TTY_HUPPED, &tty->flags);
2126
2127
2128 read_lock(&tasklist_lock);
2129 spin_lock_irq(&current->sighand->siglock);
2130 if (!noctty &&
2131 current->signal->leader &&
2132 !current->signal->tty &&
2133 tty->session == NULL)
2134 __proc_set_tty(tty);
2135 spin_unlock_irq(&current->sighand->siglock);
2136 read_unlock(&tasklist_lock);
2137 tty_unlock(tty);
2138 return 0;
2139 err_unlock:
2140 mutex_unlock(&tty_mutex);
2141 /* after locks to avoid deadlock */
2142 if (!IS_ERR_OR_NULL(driver))
2143 tty_driver_kref_put(driver);
2144 err_file:
2145 tty_free_file(filp);
2146 return retval;
2147 }
2148
2149
2150
2151 /**
2152 * tty_poll - check tty status
2153 * @filp: file being polled
2154 * @wait: poll wait structures to update
2155 *
2156 * Call the line discipline polling method to obtain the poll
2157 * status of the device.
2158 *
2159 * Locking: locks called line discipline but ldisc poll method
2160 * may be re-entered freely by other callers.
2161 */
2162
2163 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2164 {
2165 struct tty_struct *tty = file_tty(filp);
2166 struct tty_ldisc *ld;
2167 int ret = 0;
2168
2169 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2170 return 0;
2171
2172 ld = tty_ldisc_ref_wait(tty);
2173 if (ld->ops->poll)
2174 ret = (ld->ops->poll)(tty, filp, wait);
2175 tty_ldisc_deref(ld);
2176 return ret;
2177 }
2178
2179 static int __tty_fasync(int fd, struct file *filp, int on)
2180 {
2181 struct tty_struct *tty = file_tty(filp);
2182 struct tty_ldisc *ldisc;
2183 unsigned long flags;
2184 int retval = 0;
2185
2186 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2187 goto out;
2188
2189 retval = fasync_helper(fd, filp, on, &tty->fasync);
2190 if (retval <= 0)
2191 goto out;
2192
2193 ldisc = tty_ldisc_ref(tty);
2194 if (ldisc) {
2195 if (ldisc->ops->fasync)
2196 ldisc->ops->fasync(tty, on);
2197 tty_ldisc_deref(ldisc);
2198 }
2199
2200 if (on) {
2201 enum pid_type type;
2202 struct pid *pid;
2203
2204 spin_lock_irqsave(&tty->ctrl_lock, flags);
2205 if (tty->pgrp) {
2206 pid = tty->pgrp;
2207 type = PIDTYPE_PGID;
2208 } else {
2209 pid = task_pid(current);
2210 type = PIDTYPE_PID;
2211 }
2212 get_pid(pid);
2213 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2214 __f_setown(filp, pid, type, 0);
2215 put_pid(pid);
2216 retval = 0;
2217 }
2218 out:
2219 return retval;
2220 }
2221
2222 static int tty_fasync(int fd, struct file *filp, int on)
2223 {
2224 struct tty_struct *tty = file_tty(filp);
2225 int retval;
2226
2227 tty_lock(tty);
2228 retval = __tty_fasync(fd, filp, on);
2229 tty_unlock(tty);
2230
2231 return retval;
2232 }
2233
2234 /**
2235 * tiocsti - fake input character
2236 * @tty: tty to fake input into
2237 * @p: pointer to character
2238 *
2239 * Fake input to a tty device. Does the necessary locking and
2240 * input management.
2241 *
2242 * FIXME: does not honour flow control ??
2243 *
2244 * Locking:
2245 * Called functions take tty_ldiscs_lock
2246 * current->signal->tty check is safe without locks
2247 *
2248 * FIXME: may race normal receive processing
2249 */
2250
2251 static int tiocsti(struct tty_struct *tty, char __user *p)
2252 {
2253 char ch, mbz = 0;
2254 struct tty_ldisc *ld;
2255
2256 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2257 return -EPERM;
2258 if (get_user(ch, p))
2259 return -EFAULT;
2260 tty_audit_tiocsti(tty, ch);
2261 ld = tty_ldisc_ref_wait(tty);
2262 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2263 tty_ldisc_deref(ld);
2264 return 0;
2265 }
2266
2267 /**
2268 * tiocgwinsz - implement window query ioctl
2269 * @tty; tty
2270 * @arg: user buffer for result
2271 *
2272 * Copies the kernel idea of the window size into the user buffer.
2273 *
2274 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2275 * is consistent.
2276 */
2277
2278 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2279 {
2280 int err;
2281
2282 mutex_lock(&tty->winsize_mutex);
2283 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2284 mutex_unlock(&tty->winsize_mutex);
2285
2286 return err ? -EFAULT: 0;
2287 }
2288
2289 /**
2290 * tty_do_resize - resize event
2291 * @tty: tty being resized
2292 * @rows: rows (character)
2293 * @cols: cols (character)
2294 *
2295 * Update the termios variables and send the necessary signals to
2296 * peform a terminal resize correctly
2297 */
2298
2299 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2300 {
2301 struct pid *pgrp;
2302
2303 /* Lock the tty */
2304 mutex_lock(&tty->winsize_mutex);
2305 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2306 goto done;
2307
2308 /* Signal the foreground process group */
2309 pgrp = tty_get_pgrp(tty);
2310 if (pgrp)
2311 kill_pgrp(pgrp, SIGWINCH, 1);
2312 put_pid(pgrp);
2313
2314 tty->winsize = *ws;
2315 done:
2316 mutex_unlock(&tty->winsize_mutex);
2317 return 0;
2318 }
2319 EXPORT_SYMBOL(tty_do_resize);
2320
2321 /**
2322 * tiocswinsz - implement window size set ioctl
2323 * @tty; tty side of tty
2324 * @arg: user buffer for result
2325 *
2326 * Copies the user idea of the window size to the kernel. Traditionally
2327 * this is just advisory information but for the Linux console it
2328 * actually has driver level meaning and triggers a VC resize.
2329 *
2330 * Locking:
2331 * Driver dependent. The default do_resize method takes the
2332 * tty termios mutex and ctrl_lock. The console takes its own lock
2333 * then calls into the default method.
2334 */
2335
2336 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2337 {
2338 struct winsize tmp_ws;
2339 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2340 return -EFAULT;
2341
2342 if (tty->ops->resize)
2343 return tty->ops->resize(tty, &tmp_ws);
2344 else
2345 return tty_do_resize(tty, &tmp_ws);
2346 }
2347
2348 /**
2349 * tioccons - allow admin to move logical console
2350 * @file: the file to become console
2351 *
2352 * Allow the administrator to move the redirected console device
2353 *
2354 * Locking: uses redirect_lock to guard the redirect information
2355 */
2356
2357 static int tioccons(struct file *file)
2358 {
2359 if (!capable(CAP_SYS_ADMIN))
2360 return -EPERM;
2361 if (file->f_op->write == redirected_tty_write) {
2362 struct file *f;
2363 spin_lock(&redirect_lock);
2364 f = redirect;
2365 redirect = NULL;
2366 spin_unlock(&redirect_lock);
2367 if (f)
2368 fput(f);
2369 return 0;
2370 }
2371 spin_lock(&redirect_lock);
2372 if (redirect) {
2373 spin_unlock(&redirect_lock);
2374 return -EBUSY;
2375 }
2376 redirect = get_file(file);
2377 spin_unlock(&redirect_lock);
2378 return 0;
2379 }
2380
2381 /**
2382 * fionbio - non blocking ioctl
2383 * @file: file to set blocking value
2384 * @p: user parameter
2385 *
2386 * Historical tty interfaces had a blocking control ioctl before
2387 * the generic functionality existed. This piece of history is preserved
2388 * in the expected tty API of posix OS's.
2389 *
2390 * Locking: none, the open file handle ensures it won't go away.
2391 */
2392
2393 static int fionbio(struct file *file, int __user *p)
2394 {
2395 int nonblock;
2396
2397 if (get_user(nonblock, p))
2398 return -EFAULT;
2399
2400 spin_lock(&file->f_lock);
2401 if (nonblock)
2402 file->f_flags |= O_NONBLOCK;
2403 else
2404 file->f_flags &= ~O_NONBLOCK;
2405 spin_unlock(&file->f_lock);
2406 return 0;
2407 }
2408
2409 /**
2410 * tiocsctty - set controlling tty
2411 * @tty: tty structure
2412 * @arg: user argument
2413 *
2414 * This ioctl is used to manage job control. It permits a session
2415 * leader to set this tty as the controlling tty for the session.
2416 *
2417 * Locking:
2418 * Takes tty_lock() to serialize proc_set_tty() for this tty
2419 * Takes tasklist_lock internally to walk sessions
2420 * Takes ->siglock() when updating signal->tty
2421 */
2422
2423 static int tiocsctty(struct tty_struct *tty, int arg)
2424 {
2425 int ret = 0;
2426
2427 tty_lock(tty);
2428 read_lock(&tasklist_lock);
2429
2430 if (current->signal->leader && (task_session(current) == tty->session))
2431 goto unlock;
2432
2433 /*
2434 * The process must be a session leader and
2435 * not have a controlling tty already.
2436 */
2437 if (!current->signal->leader || current->signal->tty) {
2438 ret = -EPERM;
2439 goto unlock;
2440 }
2441
2442 if (tty->session) {
2443 /*
2444 * This tty is already the controlling
2445 * tty for another session group!
2446 */
2447 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2448 /*
2449 * Steal it away
2450 */
2451 session_clear_tty(tty->session);
2452 } else {
2453 ret = -EPERM;
2454 goto unlock;
2455 }
2456 }
2457 proc_set_tty(tty);
2458 unlock:
2459 read_unlock(&tasklist_lock);
2460 tty_unlock(tty);
2461 return ret;
2462 }
2463
2464 /**
2465 * tty_get_pgrp - return a ref counted pgrp pid
2466 * @tty: tty to read
2467 *
2468 * Returns a refcounted instance of the pid struct for the process
2469 * group controlling the tty.
2470 */
2471
2472 struct pid *tty_get_pgrp(struct tty_struct *tty)
2473 {
2474 unsigned long flags;
2475 struct pid *pgrp;
2476
2477 spin_lock_irqsave(&tty->ctrl_lock, flags);
2478 pgrp = get_pid(tty->pgrp);
2479 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2480
2481 return pgrp;
2482 }
2483 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2484
2485 /*
2486 * This checks not only the pgrp, but falls back on the pid if no
2487 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
2488 * without this...
2489 *
2490 * The caller must hold rcu lock or the tasklist lock.
2491 */
2492 static struct pid *session_of_pgrp(struct pid *pgrp)
2493 {
2494 struct task_struct *p;
2495 struct pid *sid = NULL;
2496
2497 p = pid_task(pgrp, PIDTYPE_PGID);
2498 if (p == NULL)
2499 p = pid_task(pgrp, PIDTYPE_PID);
2500 if (p != NULL)
2501 sid = task_session(p);
2502
2503 return sid;
2504 }
2505
2506 /**
2507 * tiocgpgrp - get process group
2508 * @tty: tty passed by user
2509 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2510 * @p: returned pid
2511 *
2512 * Obtain the process group of the tty. If there is no process group
2513 * return an error.
2514 *
2515 * Locking: none. Reference to current->signal->tty is safe.
2516 */
2517
2518 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2519 {
2520 struct pid *pid;
2521 int ret;
2522 /*
2523 * (tty == real_tty) is a cheap way of
2524 * testing if the tty is NOT a master pty.
2525 */
2526 if (tty == real_tty && current->signal->tty != real_tty)
2527 return -ENOTTY;
2528 pid = tty_get_pgrp(real_tty);
2529 ret = put_user(pid_vnr(pid), p);
2530 put_pid(pid);
2531 return ret;
2532 }
2533
2534 /**
2535 * tiocspgrp - attempt to set process group
2536 * @tty: tty passed by user
2537 * @real_tty: tty side device matching tty passed by user
2538 * @p: pid pointer
2539 *
2540 * Set the process group of the tty to the session passed. Only
2541 * permitted where the tty session is our session.
2542 *
2543 * Locking: RCU, ctrl lock
2544 */
2545
2546 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2547 {
2548 struct pid *pgrp;
2549 pid_t pgrp_nr;
2550 int retval = tty_check_change(real_tty);
2551 unsigned long flags;
2552
2553 if (retval == -EIO)
2554 return -ENOTTY;
2555 if (retval)
2556 return retval;
2557 if (!current->signal->tty ||
2558 (current->signal->tty != real_tty) ||
2559 (real_tty->session != task_session(current)))
2560 return -ENOTTY;
2561 if (get_user(pgrp_nr, p))
2562 return -EFAULT;
2563 if (pgrp_nr < 0)
2564 return -EINVAL;
2565 rcu_read_lock();
2566 pgrp = find_vpid(pgrp_nr);
2567 retval = -ESRCH;
2568 if (!pgrp)
2569 goto out_unlock;
2570 retval = -EPERM;
2571 if (session_of_pgrp(pgrp) != task_session(current))
2572 goto out_unlock;
2573 retval = 0;
2574 spin_lock_irqsave(&tty->ctrl_lock, flags);
2575 put_pid(real_tty->pgrp);
2576 real_tty->pgrp = get_pid(pgrp);
2577 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2578 out_unlock:
2579 rcu_read_unlock();
2580 return retval;
2581 }
2582
2583 /**
2584 * tiocgsid - get session id
2585 * @tty: tty passed by user
2586 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2587 * @p: pointer to returned session id
2588 *
2589 * Obtain the session id of the tty. If there is no session
2590 * return an error.
2591 *
2592 * Locking: none. Reference to current->signal->tty is safe.
2593 */
2594
2595 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2596 {
2597 /*
2598 * (tty == real_tty) is a cheap way of
2599 * testing if the tty is NOT a master pty.
2600 */
2601 if (tty == real_tty && current->signal->tty != real_tty)
2602 return -ENOTTY;
2603 if (!real_tty->session)
2604 return -ENOTTY;
2605 return put_user(pid_vnr(real_tty->session), p);
2606 }
2607
2608 /**
2609 * tiocsetd - set line discipline
2610 * @tty: tty device
2611 * @p: pointer to user data
2612 *
2613 * Set the line discipline according to user request.
2614 *
2615 * Locking: see tty_set_ldisc, this function is just a helper
2616 */
2617
2618 static int tiocsetd(struct tty_struct *tty, int __user *p)
2619 {
2620 int ldisc;
2621 int ret;
2622
2623 if (get_user(ldisc, p))
2624 return -EFAULT;
2625
2626 ret = tty_set_ldisc(tty, ldisc);
2627
2628 return ret;
2629 }
2630
2631 /**
2632 * send_break - performed time break
2633 * @tty: device to break on
2634 * @duration: timeout in mS
2635 *
2636 * Perform a timed break on hardware that lacks its own driver level
2637 * timed break functionality.
2638 *
2639 * Locking:
2640 * atomic_write_lock serializes
2641 *
2642 */
2643
2644 static int send_break(struct tty_struct *tty, unsigned int duration)
2645 {
2646 int retval;
2647
2648 if (tty->ops->break_ctl == NULL)
2649 return 0;
2650
2651 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2652 retval = tty->ops->break_ctl(tty, duration);
2653 else {
2654 /* Do the work ourselves */
2655 if (tty_write_lock(tty, 0) < 0)
2656 return -EINTR;
2657 retval = tty->ops->break_ctl(tty, -1);
2658 if (retval)
2659 goto out;
2660 if (!signal_pending(current))
2661 msleep_interruptible(duration);
2662 retval = tty->ops->break_ctl(tty, 0);
2663 out:
2664 tty_write_unlock(tty);
2665 if (signal_pending(current))
2666 retval = -EINTR;
2667 }
2668 return retval;
2669 }
2670
2671 /**
2672 * tty_tiocmget - get modem status
2673 * @tty: tty device
2674 * @file: user file pointer
2675 * @p: pointer to result
2676 *
2677 * Obtain the modem status bits from the tty driver if the feature
2678 * is supported. Return -EINVAL if it is not available.
2679 *
2680 * Locking: none (up to the driver)
2681 */
2682
2683 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2684 {
2685 int retval = -EINVAL;
2686
2687 if (tty->ops->tiocmget) {
2688 retval = tty->ops->tiocmget(tty);
2689
2690 if (retval >= 0)
2691 retval = put_user(retval, p);
2692 }
2693 return retval;
2694 }
2695
2696 /**
2697 * tty_tiocmset - set modem status
2698 * @tty: tty device
2699 * @cmd: command - clear bits, set bits or set all
2700 * @p: pointer to desired bits
2701 *
2702 * Set the modem status bits from the tty driver if the feature
2703 * is supported. Return -EINVAL if it is not available.
2704 *
2705 * Locking: none (up to the driver)
2706 */
2707
2708 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2709 unsigned __user *p)
2710 {
2711 int retval;
2712 unsigned int set, clear, val;
2713
2714 if (tty->ops->tiocmset == NULL)
2715 return -EINVAL;
2716
2717 retval = get_user(val, p);
2718 if (retval)
2719 return retval;
2720 set = clear = 0;
2721 switch (cmd) {
2722 case TIOCMBIS:
2723 set = val;
2724 break;
2725 case TIOCMBIC:
2726 clear = val;
2727 break;
2728 case TIOCMSET:
2729 set = val;
2730 clear = ~val;
2731 break;
2732 }
2733 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2734 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2735 return tty->ops->tiocmset(tty, set, clear);
2736 }
2737
2738 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2739 {
2740 int retval = -EINVAL;
2741 struct serial_icounter_struct icount;
2742 memset(&icount, 0, sizeof(icount));
2743 if (tty->ops->get_icount)
2744 retval = tty->ops->get_icount(tty, &icount);
2745 if (retval != 0)
2746 return retval;
2747 if (copy_to_user(arg, &icount, sizeof(icount)))
2748 return -EFAULT;
2749 return 0;
2750 }
2751
2752 /*
2753 * if pty, return the slave side (real_tty)
2754 * otherwise, return self
2755 */
2756 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2757 {
2758 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2759 tty->driver->subtype == PTY_TYPE_MASTER)
2760 tty = tty->link;
2761 return tty;
2762 }
2763
2764 /*
2765 * Split this up, as gcc can choke on it otherwise..
2766 */
2767 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2768 {
2769 struct tty_struct *tty = file_tty(file);
2770 struct tty_struct *real_tty;
2771 void __user *p = (void __user *)arg;
2772 int retval;
2773 struct tty_ldisc *ld;
2774
2775 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2776 return -EINVAL;
2777
2778 real_tty = tty_pair_get_tty(tty);
2779
2780 /*
2781 * Factor out some common prep work
2782 */
2783 switch (cmd) {
2784 case TIOCSETD:
2785 case TIOCSBRK:
2786 case TIOCCBRK:
2787 case TCSBRK:
2788 case TCSBRKP:
2789 retval = tty_check_change(tty);
2790 if (retval)
2791 return retval;
2792 if (cmd != TIOCCBRK) {
2793 tty_wait_until_sent(tty, 0);
2794 if (signal_pending(current))
2795 return -EINTR;
2796 }
2797 break;
2798 }
2799
2800 /*
2801 * Now do the stuff.
2802 */
2803 switch (cmd) {
2804 case TIOCSTI:
2805 return tiocsti(tty, p);
2806 case TIOCGWINSZ:
2807 return tiocgwinsz(real_tty, p);
2808 case TIOCSWINSZ:
2809 return tiocswinsz(real_tty, p);
2810 case TIOCCONS:
2811 return real_tty != tty ? -EINVAL : tioccons(file);
2812 case FIONBIO:
2813 return fionbio(file, p);
2814 case TIOCEXCL:
2815 set_bit(TTY_EXCLUSIVE, &tty->flags);
2816 return 0;
2817 case TIOCNXCL:
2818 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2819 return 0;
2820 case TIOCGEXCL:
2821 {
2822 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2823 return put_user(excl, (int __user *)p);
2824 }
2825 case TIOCNOTTY:
2826 if (current->signal->tty != tty)
2827 return -ENOTTY;
2828 no_tty();
2829 return 0;
2830 case TIOCSCTTY:
2831 return tiocsctty(tty, arg);
2832 case TIOCGPGRP:
2833 return tiocgpgrp(tty, real_tty, p);
2834 case TIOCSPGRP:
2835 return tiocspgrp(tty, real_tty, p);
2836 case TIOCGSID:
2837 return tiocgsid(tty, real_tty, p);
2838 case TIOCGETD:
2839 return put_user(tty->ldisc->ops->num, (int __user *)p);
2840 case TIOCSETD:
2841 return tiocsetd(tty, p);
2842 case TIOCVHANGUP:
2843 if (!capable(CAP_SYS_ADMIN))
2844 return -EPERM;
2845 tty_vhangup(tty);
2846 return 0;
2847 case TIOCGDEV:
2848 {
2849 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2850 return put_user(ret, (unsigned int __user *)p);
2851 }
2852 /*
2853 * Break handling
2854 */
2855 case TIOCSBRK: /* Turn break on, unconditionally */
2856 if (tty->ops->break_ctl)
2857 return tty->ops->break_ctl(tty, -1);
2858 return 0;
2859 case TIOCCBRK: /* Turn break off, unconditionally */
2860 if (tty->ops->break_ctl)
2861 return tty->ops->break_ctl(tty, 0);
2862 return 0;
2863 case TCSBRK: /* SVID version: non-zero arg --> no break */
2864 /* non-zero arg means wait for all output data
2865 * to be sent (performed above) but don't send break.
2866 * This is used by the tcdrain() termios function.
2867 */
2868 if (!arg)
2869 return send_break(tty, 250);
2870 return 0;
2871 case TCSBRKP: /* support for POSIX tcsendbreak() */
2872 return send_break(tty, arg ? arg*100 : 250);
2873
2874 case TIOCMGET:
2875 return tty_tiocmget(tty, p);
2876 case TIOCMSET:
2877 case TIOCMBIC:
2878 case TIOCMBIS:
2879 return tty_tiocmset(tty, cmd, p);
2880 case TIOCGICOUNT:
2881 retval = tty_tiocgicount(tty, p);
2882 /* For the moment allow fall through to the old method */
2883 if (retval != -EINVAL)
2884 return retval;
2885 break;
2886 case TCFLSH:
2887 switch (arg) {
2888 case TCIFLUSH:
2889 case TCIOFLUSH:
2890 /* flush tty buffer and allow ldisc to process ioctl */
2891 tty_buffer_flush(tty);
2892 break;
2893 }
2894 break;
2895 }
2896 if (tty->ops->ioctl) {
2897 retval = (tty->ops->ioctl)(tty, cmd, arg);
2898 if (retval != -ENOIOCTLCMD)
2899 return retval;
2900 }
2901 ld = tty_ldisc_ref_wait(tty);
2902 retval = -EINVAL;
2903 if (ld->ops->ioctl) {
2904 retval = ld->ops->ioctl(tty, file, cmd, arg);
2905 if (retval == -ENOIOCTLCMD)
2906 retval = -ENOTTY;
2907 }
2908 tty_ldisc_deref(ld);
2909 return retval;
2910 }
2911
2912 #ifdef CONFIG_COMPAT
2913 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2914 unsigned long arg)
2915 {
2916 struct tty_struct *tty = file_tty(file);
2917 struct tty_ldisc *ld;
2918 int retval = -ENOIOCTLCMD;
2919
2920 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2921 return -EINVAL;
2922
2923 if (tty->ops->compat_ioctl) {
2924 retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2925 if (retval != -ENOIOCTLCMD)
2926 return retval;
2927 }
2928
2929 ld = tty_ldisc_ref_wait(tty);
2930 if (ld->ops->compat_ioctl)
2931 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2932 else
2933 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2934 tty_ldisc_deref(ld);
2935
2936 return retval;
2937 }
2938 #endif
2939
2940 static int this_tty(const void *t, struct file *file, unsigned fd)
2941 {
2942 if (likely(file->f_op->read != tty_read))
2943 return 0;
2944 return file_tty(file) != t ? 0 : fd + 1;
2945 }
2946
2947 /*
2948 * This implements the "Secure Attention Key" --- the idea is to
2949 * prevent trojan horses by killing all processes associated with this
2950 * tty when the user hits the "Secure Attention Key". Required for
2951 * super-paranoid applications --- see the Orange Book for more details.
2952 *
2953 * This code could be nicer; ideally it should send a HUP, wait a few
2954 * seconds, then send a INT, and then a KILL signal. But you then
2955 * have to coordinate with the init process, since all processes associated
2956 * with the current tty must be dead before the new getty is allowed
2957 * to spawn.
2958 *
2959 * Now, if it would be correct ;-/ The current code has a nasty hole -
2960 * it doesn't catch files in flight. We may send the descriptor to ourselves
2961 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2962 *
2963 * Nasty bug: do_SAK is being called in interrupt context. This can
2964 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2965 */
2966 void __do_SAK(struct tty_struct *tty)
2967 {
2968 #ifdef TTY_SOFT_SAK
2969 tty_hangup(tty);
2970 #else
2971 struct task_struct *g, *p;
2972 struct pid *session;
2973 int i;
2974
2975 if (!tty)
2976 return;
2977 session = tty->session;
2978
2979 tty_ldisc_flush(tty);
2980
2981 tty_driver_flush_buffer(tty);
2982
2983 read_lock(&tasklist_lock);
2984 /* Kill the entire session */
2985 do_each_pid_task(session, PIDTYPE_SID, p) {
2986 printk(KERN_NOTICE "SAK: killed process %d"
2987 " (%s): task_session(p)==tty->session\n",
2988 task_pid_nr(p), p->comm);
2989 send_sig(SIGKILL, p, 1);
2990 } while_each_pid_task(session, PIDTYPE_SID, p);
2991 /* Now kill any processes that happen to have the
2992 * tty open.
2993 */
2994 do_each_thread(g, p) {
2995 if (p->signal->tty == tty) {
2996 printk(KERN_NOTICE "SAK: killed process %d"
2997 " (%s): task_session(p)==tty->session\n",
2998 task_pid_nr(p), p->comm);
2999 send_sig(SIGKILL, p, 1);
3000 continue;
3001 }
3002 task_lock(p);
3003 i = iterate_fd(p->files, 0, this_tty, tty);
3004 if (i != 0) {
3005 printk(KERN_NOTICE "SAK: killed process %d"
3006 " (%s): fd#%d opened to the tty\n",
3007 task_pid_nr(p), p->comm, i - 1);
3008 force_sig(SIGKILL, p);
3009 }
3010 task_unlock(p);
3011 } while_each_thread(g, p);
3012 read_unlock(&tasklist_lock);
3013 #endif
3014 }
3015
3016 static void do_SAK_work(struct work_struct *work)
3017 {
3018 struct tty_struct *tty =
3019 container_of(work, struct tty_struct, SAK_work);
3020 __do_SAK(tty);
3021 }
3022
3023 /*
3024 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3025 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3026 * the values which we write to it will be identical to the values which it
3027 * already has. --akpm
3028 */
3029 void do_SAK(struct tty_struct *tty)
3030 {
3031 if (!tty)
3032 return;
3033 schedule_work(&tty->SAK_work);
3034 }
3035
3036 EXPORT_SYMBOL(do_SAK);
3037
3038 static int dev_match_devt(struct device *dev, const void *data)
3039 {
3040 const dev_t *devt = data;
3041 return dev->devt == *devt;
3042 }
3043
3044 /* Must put_device() after it's unused! */
3045 static struct device *tty_get_device(struct tty_struct *tty)
3046 {
3047 dev_t devt = tty_devnum(tty);
3048 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
3049 }
3050
3051
3052 /**
3053 * alloc_tty_struct
3054 *
3055 * This subroutine allocates and initializes a tty structure.
3056 *
3057 * Locking: none - tty in question is not exposed at this point
3058 */
3059
3060 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3061 {
3062 struct tty_struct *tty;
3063
3064 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3065 if (!tty)
3066 return NULL;
3067
3068 kref_init(&tty->kref);
3069 tty->magic = TTY_MAGIC;
3070 tty_ldisc_init(tty);
3071 tty->session = NULL;
3072 tty->pgrp = NULL;
3073 mutex_init(&tty->legacy_mutex);
3074 mutex_init(&tty->throttle_mutex);
3075 init_rwsem(&tty->termios_rwsem);
3076 mutex_init(&tty->winsize_mutex);
3077 init_ldsem(&tty->ldisc_sem);
3078 init_waitqueue_head(&tty->write_wait);
3079 init_waitqueue_head(&tty->read_wait);
3080 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3081 mutex_init(&tty->atomic_write_lock);
3082 spin_lock_init(&tty->ctrl_lock);
3083 spin_lock_init(&tty->flow_lock);
3084 INIT_LIST_HEAD(&tty->tty_files);
3085 INIT_WORK(&tty->SAK_work, do_SAK_work);
3086
3087 tty->driver = driver;
3088 tty->ops = driver->ops;
3089 tty->index = idx;
3090 tty_line_name(driver, idx, tty->name);
3091 tty->dev = tty_get_device(tty);
3092
3093 return tty;
3094 }
3095
3096 /**
3097 * deinitialize_tty_struct
3098 * @tty: tty to deinitialize
3099 *
3100 * This subroutine deinitializes a tty structure that has been newly
3101 * allocated but tty_release cannot be called on that yet.
3102 *
3103 * Locking: none - tty in question must not be exposed at this point
3104 */
3105 void deinitialize_tty_struct(struct tty_struct *tty)
3106 {
3107 tty_ldisc_deinit(tty);
3108 }
3109
3110 /**
3111 * tty_put_char - write one character to a tty
3112 * @tty: tty
3113 * @ch: character
3114 *
3115 * Write one byte to the tty using the provided put_char method
3116 * if present. Returns the number of characters successfully output.
3117 *
3118 * Note: the specific put_char operation in the driver layer may go
3119 * away soon. Don't call it directly, use this method
3120 */
3121
3122 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3123 {
3124 if (tty->ops->put_char)
3125 return tty->ops->put_char(tty, ch);
3126 return tty->ops->write(tty, &ch, 1);
3127 }
3128 EXPORT_SYMBOL_GPL(tty_put_char);
3129
3130 struct class *tty_class;
3131
3132 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3133 unsigned int index, unsigned int count)
3134 {
3135 /* init here, since reused cdevs cause crashes */
3136 cdev_init(&driver->cdevs[index], &tty_fops);
3137 driver->cdevs[index].owner = driver->owner;
3138 return cdev_add(&driver->cdevs[index], dev, count);
3139 }
3140
3141 /**
3142 * tty_register_device - register a tty device
3143 * @driver: the tty driver that describes the tty device
3144 * @index: the index in the tty driver for this tty device
3145 * @device: a struct device that is associated with this tty device.
3146 * This field is optional, if there is no known struct device
3147 * for this tty device it can be set to NULL safely.
3148 *
3149 * Returns a pointer to the struct device for this tty device
3150 * (or ERR_PTR(-EFOO) on error).
3151 *
3152 * This call is required to be made to register an individual tty device
3153 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3154 * that bit is not set, this function should not be called by a tty
3155 * driver.
3156 *
3157 * Locking: ??
3158 */
3159
3160 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3161 struct device *device)
3162 {
3163 return tty_register_device_attr(driver, index, device, NULL, NULL);
3164 }
3165 EXPORT_SYMBOL(tty_register_device);
3166
3167 static void tty_device_create_release(struct device *dev)
3168 {
3169 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3170 kfree(dev);
3171 }
3172
3173 /**
3174 * tty_register_device_attr - register a tty device
3175 * @driver: the tty driver that describes the tty device
3176 * @index: the index in the tty driver for this tty device
3177 * @device: a struct device that is associated with this tty device.
3178 * This field is optional, if there is no known struct device
3179 * for this tty device it can be set to NULL safely.
3180 * @drvdata: Driver data to be set to device.
3181 * @attr_grp: Attribute group to be set on device.
3182 *
3183 * Returns a pointer to the struct device for this tty device
3184 * (or ERR_PTR(-EFOO) on error).
3185 *
3186 * This call is required to be made to register an individual tty device
3187 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3188 * that bit is not set, this function should not be called by a tty
3189 * driver.
3190 *
3191 * Locking: ??
3192 */
3193 struct device *tty_register_device_attr(struct tty_driver *driver,
3194 unsigned index, struct device *device,
3195 void *drvdata,
3196 const struct attribute_group **attr_grp)
3197 {
3198 char name[64];
3199 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3200 struct device *dev = NULL;
3201 int retval = -ENODEV;
3202 bool cdev = false;
3203
3204 if (index >= driver->num) {
3205 printk(KERN_ERR "Attempt to register invalid tty line number "
3206 " (%d).\n", index);
3207 return ERR_PTR(-EINVAL);
3208 }
3209
3210 if (driver->type == TTY_DRIVER_TYPE_PTY)
3211 pty_line_name(driver, index, name);
3212 else
3213 tty_line_name(driver, index, name);
3214
3215 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3216 retval = tty_cdev_add(driver, devt, index, 1);
3217 if (retval)
3218 goto error;
3219 cdev = true;
3220 }
3221
3222 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3223 if (!dev) {
3224 retval = -ENOMEM;
3225 goto error;
3226 }
3227
3228 dev->devt = devt;
3229 dev->class = tty_class;
3230 dev->parent = device;
3231 dev->release = tty_device_create_release;
3232 dev_set_name(dev, "%s", name);
3233 dev->groups = attr_grp;
3234 dev_set_drvdata(dev, drvdata);
3235
3236 retval = device_register(dev);
3237 if (retval)
3238 goto error;
3239
3240 return dev;
3241
3242 error:
3243 put_device(dev);
3244 if (cdev)
3245 cdev_del(&driver->cdevs[index]);
3246 return ERR_PTR(retval);
3247 }
3248 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3249
3250 /**
3251 * tty_unregister_device - unregister a tty device
3252 * @driver: the tty driver that describes the tty device
3253 * @index: the index in the tty driver for this tty device
3254 *
3255 * If a tty device is registered with a call to tty_register_device() then
3256 * this function must be called when the tty device is gone.
3257 *
3258 * Locking: ??
3259 */
3260
3261 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3262 {
3263 device_destroy(tty_class,
3264 MKDEV(driver->major, driver->minor_start) + index);
3265 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3266 cdev_del(&driver->cdevs[index]);
3267 }
3268 EXPORT_SYMBOL(tty_unregister_device);
3269
3270 /**
3271 * __tty_alloc_driver -- allocate tty driver
3272 * @lines: count of lines this driver can handle at most
3273 * @owner: module which is repsonsible for this driver
3274 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3275 *
3276 * This should not be called directly, some of the provided macros should be
3277 * used instead. Use IS_ERR and friends on @retval.
3278 */
3279 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3280 unsigned long flags)
3281 {
3282 struct tty_driver *driver;
3283 unsigned int cdevs = 1;
3284 int err;
3285
3286 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3287 return ERR_PTR(-EINVAL);
3288
3289 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3290 if (!driver)
3291 return ERR_PTR(-ENOMEM);
3292
3293 kref_init(&driver->kref);
3294 driver->magic = TTY_DRIVER_MAGIC;
3295 driver->num = lines;
3296 driver->owner = owner;
3297 driver->flags = flags;
3298
3299 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3300 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3301 GFP_KERNEL);
3302 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3303 GFP_KERNEL);
3304 if (!driver->ttys || !driver->termios) {
3305 err = -ENOMEM;
3306 goto err_free_all;
3307 }
3308 }
3309
3310 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3311 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3312 GFP_KERNEL);
3313 if (!driver->ports) {
3314 err = -ENOMEM;
3315 goto err_free_all;
3316 }
3317 cdevs = lines;
3318 }
3319
3320 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3321 if (!driver->cdevs) {
3322 err = -ENOMEM;
3323 goto err_free_all;
3324 }
3325
3326 return driver;
3327 err_free_all:
3328 kfree(driver->ports);
3329 kfree(driver->ttys);
3330 kfree(driver->termios);
3331 kfree(driver);
3332 return ERR_PTR(err);
3333 }
3334 EXPORT_SYMBOL(__tty_alloc_driver);
3335
3336 static void destruct_tty_driver(struct kref *kref)
3337 {
3338 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3339 int i;
3340 struct ktermios *tp;
3341
3342 if (driver->flags & TTY_DRIVER_INSTALLED) {
3343 /*
3344 * Free the termios and termios_locked structures because
3345 * we don't want to get memory leaks when modular tty
3346 * drivers are removed from the kernel.
3347 */
3348 for (i = 0; i < driver->num; i++) {
3349 tp = driver->termios[i];
3350 if (tp) {
3351 driver->termios[i] = NULL;
3352 kfree(tp);
3353 }
3354 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3355 tty_unregister_device(driver, i);
3356 }
3357 proc_tty_unregister_driver(driver);
3358 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3359 cdev_del(&driver->cdevs[0]);
3360 }
3361 kfree(driver->cdevs);
3362 kfree(driver->ports);
3363 kfree(driver->termios);
3364 kfree(driver->ttys);
3365 kfree(driver);
3366 }
3367
3368 void tty_driver_kref_put(struct tty_driver *driver)
3369 {
3370 kref_put(&driver->kref, destruct_tty_driver);
3371 }
3372 EXPORT_SYMBOL(tty_driver_kref_put);
3373
3374 void tty_set_operations(struct tty_driver *driver,
3375 const struct tty_operations *op)
3376 {
3377 driver->ops = op;
3378 };
3379 EXPORT_SYMBOL(tty_set_operations);
3380
3381 void put_tty_driver(struct tty_driver *d)
3382 {
3383 tty_driver_kref_put(d);
3384 }
3385 EXPORT_SYMBOL(put_tty_driver);
3386
3387 /*
3388 * Called by a tty driver to register itself.
3389 */
3390 int tty_register_driver(struct tty_driver *driver)
3391 {
3392 int error;
3393 int i;
3394 dev_t dev;
3395 struct device *d;
3396
3397 if (!driver->major) {
3398 error = alloc_chrdev_region(&dev, driver->minor_start,
3399 driver->num, driver->name);
3400 if (!error) {
3401 driver->major = MAJOR(dev);
3402 driver->minor_start = MINOR(dev);
3403 }
3404 } else {
3405 dev = MKDEV(driver->major, driver->minor_start);
3406 error = register_chrdev_region(dev, driver->num, driver->name);
3407 }
3408 if (error < 0)
3409 goto err;
3410
3411 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3412 error = tty_cdev_add(driver, dev, 0, driver->num);
3413 if (error)
3414 goto err_unreg_char;
3415 }
3416
3417 mutex_lock(&tty_mutex);
3418 list_add(&driver->tty_drivers, &tty_drivers);
3419 mutex_unlock(&tty_mutex);
3420
3421 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3422 for (i = 0; i < driver->num; i++) {
3423 d = tty_register_device(driver, i, NULL);
3424 if (IS_ERR(d)) {
3425 error = PTR_ERR(d);
3426 goto err_unreg_devs;
3427 }
3428 }
3429 }
3430 proc_tty_register_driver(driver);
3431 driver->flags |= TTY_DRIVER_INSTALLED;
3432 return 0;
3433
3434 err_unreg_devs:
3435 for (i--; i >= 0; i--)
3436 tty_unregister_device(driver, i);
3437
3438 mutex_lock(&tty_mutex);
3439 list_del(&driver->tty_drivers);
3440 mutex_unlock(&tty_mutex);
3441
3442 err_unreg_char:
3443 unregister_chrdev_region(dev, driver->num);
3444 err:
3445 return error;
3446 }
3447 EXPORT_SYMBOL(tty_register_driver);
3448
3449 /*
3450 * Called by a tty driver to unregister itself.
3451 */
3452 int tty_unregister_driver(struct tty_driver *driver)
3453 {
3454 #if 0
3455 /* FIXME */
3456 if (driver->refcount)
3457 return -EBUSY;
3458 #endif
3459 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3460 driver->num);
3461 mutex_lock(&tty_mutex);
3462 list_del(&driver->tty_drivers);
3463 mutex_unlock(&tty_mutex);
3464 return 0;
3465 }
3466
3467 EXPORT_SYMBOL(tty_unregister_driver);
3468
3469 dev_t tty_devnum(struct tty_struct *tty)
3470 {
3471 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3472 }
3473 EXPORT_SYMBOL(tty_devnum);
3474
3475 void tty_default_fops(struct file_operations *fops)
3476 {
3477 *fops = tty_fops;
3478 }
3479
3480 /*
3481 * Initialize the console device. This is called *early*, so
3482 * we can't necessarily depend on lots of kernel help here.
3483 * Just do some early initializations, and do the complex setup
3484 * later.
3485 */
3486 void __init console_init(void)
3487 {
3488 initcall_t *call;
3489
3490 /* Setup the default TTY line discipline. */
3491 tty_ldisc_begin();
3492
3493 /*
3494 * set up the console device so that later boot sequences can
3495 * inform about problems etc..
3496 */
3497 call = __con_initcall_start;
3498 while (call < __con_initcall_end) {
3499 (*call)();
3500 call++;
3501 }
3502 }
3503
3504 static char *tty_devnode(struct device *dev, umode_t *mode)
3505 {
3506 if (!mode)
3507 return NULL;
3508 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3509 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3510 *mode = 0666;
3511 return NULL;
3512 }
3513
3514 static int __init tty_class_init(void)
3515 {
3516 tty_class = class_create(THIS_MODULE, "tty");
3517 if (IS_ERR(tty_class))
3518 return PTR_ERR(tty_class);
3519 tty_class->devnode = tty_devnode;
3520 return 0;
3521 }
3522
3523 postcore_initcall(tty_class_init);
3524
3525 /* 3/2004 jmc: why do these devices exist? */
3526 static struct cdev tty_cdev, console_cdev;
3527
3528 static ssize_t show_cons_active(struct device *dev,
3529 struct device_attribute *attr, char *buf)
3530 {
3531 struct console *cs[16];
3532 int i = 0;
3533 struct console *c;
3534 ssize_t count = 0;
3535
3536 console_lock();
3537 for_each_console(c) {
3538 if (!c->device)
3539 continue;
3540 if (!c->write)
3541 continue;
3542 if ((c->flags & CON_ENABLED) == 0)
3543 continue;
3544 cs[i++] = c;
3545 if (i >= ARRAY_SIZE(cs))
3546 break;
3547 }
3548 while (i--) {
3549 int index = cs[i]->index;
3550 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3551
3552 /* don't resolve tty0 as some programs depend on it */
3553 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3554 count += tty_line_name(drv, index, buf + count);
3555 else
3556 count += sprintf(buf + count, "%s%d",
3557 cs[i]->name, cs[i]->index);
3558
3559 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3560 }
3561 console_unlock();
3562
3563 return count;
3564 }
3565 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3566
3567 static struct device *consdev;
3568
3569 void console_sysfs_notify(void)
3570 {
3571 if (consdev)
3572 sysfs_notify(&consdev->kobj, NULL, "active");
3573 }
3574
3575 /*
3576 * Ok, now we can initialize the rest of the tty devices and can count
3577 * on memory allocations, interrupts etc..
3578 */
3579 int __init tty_init(void)
3580 {
3581 cdev_init(&tty_cdev, &tty_fops);
3582 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3583 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3584 panic("Couldn't register /dev/tty driver\n");
3585 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3586
3587 cdev_init(&console_cdev, &console_fops);
3588 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3589 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3590 panic("Couldn't register /dev/console driver\n");
3591 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3592 "console");
3593 if (IS_ERR(consdev))
3594 consdev = NULL;
3595 else
3596 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3597
3598 #ifdef CONFIG_VT
3599 vty_init(&console_fops);
3600 #endif
3601 return 0;
3602 }
3603
Ubuntu Eoan Linux kernel mirror