projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
tty: Remove tty_pair_get_tty()/tty_pair_get_pty() api
[linux-2.6-block.git] / drivers / tty / tty_io.c
... / ...
CommitLineData
1/*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5/*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67#include <linux/types.h>
68#include <linux/major.h>
69#include <linux/errno.h>
70#include <linux/signal.h>
71#include <linux/fcntl.h>
72#include <linux/sched.h>
73#include <linux/interrupt.h>
74#include <linux/tty.h>
75#include <linux/tty_driver.h>
76#include <linux/tty_flip.h>
77#include <linux/devpts_fs.h>
78#include <linux/file.h>
79#include <linux/fdtable.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/device.h>
92#include <linux/wait.h>
93#include <linux/bitops.h>
94#include <linux/delay.h>
95#include <linux/seq_file.h>
96#include <linux/serial.h>
97#include <linux/ratelimit.h>
98
99#include <linux/uaccess.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
104
105#include <linux/kmod.h>
106#include <linux/nsproxy.h>
107
108#undef TTY_DEBUG_HANGUP
109
110#define TTY_PARANOIA_CHECK 1
111#define CHECK_TTY_COUNT 1
112
113struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
122};
123
124EXPORT_SYMBOL(tty_std_termios);
125
126/* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
129
130LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132/* Mutex to protect creating and releasing a tty. This is shared with
133 vt.c for deeply disgusting hack reasons */
134DEFINE_MUTEX(tty_mutex);
135EXPORT_SYMBOL(tty_mutex);
136
137/* Spinlock to protect the tty->tty_files list */
138DEFINE_SPINLOCK(tty_files_lock);
139
140static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
144static unsigned int tty_poll(struct file *, poll_table *);
145static int tty_open(struct inode *, struct file *);
146long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147#ifdef CONFIG_COMPAT
148static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 unsigned long arg);
150#else
151#define tty_compat_ioctl NULL
152#endif
153static int __tty_fasync(int fd, struct file *filp, int on);
154static int tty_fasync(int fd, struct file *filp, int on);
155static void release_tty(struct tty_struct *tty, int idx);
156static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
157static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
158
159/**
160 * free_tty_struct - free a disused tty
161 * @tty: tty struct to free
162 *
163 * Free the write buffers, tty queue and tty memory itself.
164 *
165 * Locking: none. Must be called after tty is definitely unused
166 */
167
168void free_tty_struct(struct tty_struct *tty)
169{
170 if (!tty)
171 return;
172 if (tty->dev)
173 put_device(tty->dev);
174 kfree(tty->write_buf);
175 tty->magic = 0xDEADDEAD;
176 kfree(tty);
177}
178
179static inline struct tty_struct *file_tty(struct file *file)
180{
181 return ((struct tty_file_private *)file->private_data)->tty;
182}
183
184int tty_alloc_file(struct file *file)
185{
186 struct tty_file_private *priv;
187
188 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
189 if (!priv)
190 return -ENOMEM;
191
192 file->private_data = priv;
193
194 return 0;
195}
196
197/* Associate a new file with the tty structure */
198void tty_add_file(struct tty_struct *tty, struct file *file)
199{
200 struct tty_file_private *priv = file->private_data;
201
202 priv->tty = tty;
203 priv->file = file;
204
205 spin_lock(&tty_files_lock);
206 list_add(&priv->list, &tty->tty_files);
207 spin_unlock(&tty_files_lock);
208}
209
210/**
211 * tty_free_file - free file->private_data
212 *
213 * This shall be used only for fail path handling when tty_add_file was not
214 * called yet.
215 */
216void tty_free_file(struct file *file)
217{
218 struct tty_file_private *priv = file->private_data;
219
220 file->private_data = NULL;
221 kfree(priv);
222}
223
224/* Delete file from its tty */
225static void tty_del_file(struct file *file)
226{
227 struct tty_file_private *priv = file->private_data;
228
229 spin_lock(&tty_files_lock);
230 list_del(&priv->list);
231 spin_unlock(&tty_files_lock);
232 tty_free_file(file);
233}
234
235
236#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
237
238/**
239 * tty_name - return tty naming
240 * @tty: tty structure
241 * @buf: buffer for output
242 *
243 * Convert a tty structure into a name. The name reflects the kernel
244 * naming policy and if udev is in use may not reflect user space
245 *
246 * Locking: none
247 */
248
249char *tty_name(struct tty_struct *tty, char *buf)
250{
251 if (!tty) /* Hmm. NULL pointer. That's fun. */
252 strcpy(buf, "NULL tty");
253 else
254 strcpy(buf, tty->name);
255 return buf;
256}
257
258EXPORT_SYMBOL(tty_name);
259
260int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
261 const char *routine)
262{
263#ifdef TTY_PARANOIA_CHECK
264 if (!tty) {
265 printk(KERN_WARNING
266 "null TTY for (%d:%d) in %s\n",
267 imajor(inode), iminor(inode), routine);
268 return 1;
269 }
270 if (tty->magic != TTY_MAGIC) {
271 printk(KERN_WARNING
272 "bad magic number for tty struct (%d:%d) in %s\n",
273 imajor(inode), iminor(inode), routine);
274 return 1;
275 }
276#endif
277 return 0;
278}
279
280static int check_tty_count(struct tty_struct *tty, const char *routine)
281{
282#ifdef CHECK_TTY_COUNT
283 struct list_head *p;
284 int count = 0;
285
286 spin_lock(&tty_files_lock);
287 list_for_each(p, &tty->tty_files) {
288 count++;
289 }
290 spin_unlock(&tty_files_lock);
291 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
292 tty->driver->subtype == PTY_TYPE_SLAVE &&
293 tty->link && tty->link->count)
294 count++;
295 if (tty->count != count) {
296 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
297 "!= #fd's(%d) in %s\n",
298 tty->name, tty->count, count, routine);
299 return count;
300 }
301#endif
302 return 0;
303}
304
305/**
306 * get_tty_driver - find device of a tty
307 * @dev_t: device identifier
308 * @index: returns the index of the tty
309 *
310 * This routine returns a tty driver structure, given a device number
311 * and also passes back the index number.
312 *
313 * Locking: caller must hold tty_mutex
314 */
315
316static struct tty_driver *get_tty_driver(dev_t device, int *index)
317{
318 struct tty_driver *p;
319
320 list_for_each_entry(p, &tty_drivers, tty_drivers) {
321 dev_t base = MKDEV(p->major, p->minor_start);
322 if (device < base || device >= base + p->num)
323 continue;
324 *index = device - base;
325 return tty_driver_kref_get(p);
326 }
327 return NULL;
328}
329
330#ifdef CONFIG_CONSOLE_POLL
331
332/**
333 * tty_find_polling_driver - find device of a polled tty
334 * @name: name string to match
335 * @line: pointer to resulting tty line nr
336 *
337 * This routine returns a tty driver structure, given a name
338 * and the condition that the tty driver is capable of polled
339 * operation.
340 */
341struct tty_driver *tty_find_polling_driver(char *name, int *line)
342{
343 struct tty_driver *p, *res = NULL;
344 int tty_line = 0;
345 int len;
346 char *str, *stp;
347
348 for (str = name; *str; str++)
349 if ((*str >= '0' && *str <= '9') || *str == ',')
350 break;
351 if (!*str)
352 return NULL;
353
354 len = str - name;
355 tty_line = simple_strtoul(str, &str, 10);
356
357 mutex_lock(&tty_mutex);
358 /* Search through the tty devices to look for a match */
359 list_for_each_entry(p, &tty_drivers, tty_drivers) {
360 if (strncmp(name, p->name, len) != 0)
361 continue;
362 stp = str;
363 if (*stp == ',')
364 stp++;
365 if (*stp == '\0')
366 stp = NULL;
367
368 if (tty_line >= 0 && tty_line < p->num && p->ops &&
369 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
370 res = tty_driver_kref_get(p);
371 *line = tty_line;
372 break;
373 }
374 }
375 mutex_unlock(&tty_mutex);
376
377 return res;
378}
379EXPORT_SYMBOL_GPL(tty_find_polling_driver);
380#endif
381
382/**
383 * tty_check_change - check for POSIX terminal changes
384 * @tty: tty to check
385 *
386 * If we try to write to, or set the state of, a terminal and we're
387 * not in the foreground, send a SIGTTOU. If the signal is blocked or
388 * ignored, go ahead and perform the operation. (POSIX 7.2)
389 *
390 * Locking: ctrl_lock
391 */
392
393int tty_check_change(struct tty_struct *tty)
394{
395 unsigned long flags;
396 int ret = 0;
397
398 if (current->signal->tty != tty)
399 return 0;
400
401 spin_lock_irqsave(&tty->ctrl_lock, flags);
402
403 if (!tty->pgrp) {
404 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
405 goto out_unlock;
406 }
407 if (task_pgrp(current) == tty->pgrp)
408 goto out_unlock;
409 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
410 if (is_ignored(SIGTTOU))
411 goto out;
412 if (is_current_pgrp_orphaned()) {
413 ret = -EIO;
414 goto out;
415 }
416 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
417 set_thread_flag(TIF_SIGPENDING);
418 ret = -ERESTARTSYS;
419out:
420 return ret;
421out_unlock:
422 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
423 return ret;
424}
425
426EXPORT_SYMBOL(tty_check_change);
427
428static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
429 size_t count, loff_t *ppos)
430{
431 return 0;
432}
433
434static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
435 size_t count, loff_t *ppos)
436{
437 return -EIO;
438}
439
440/* No kernel lock held - none needed ;) */
441static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
442{
443 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
444}
445
446static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
447 unsigned long arg)
448{
449 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
450}
451
452static long hung_up_tty_compat_ioctl(struct file *file,
453 unsigned int cmd, unsigned long arg)
454{
455 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
456}
457
458static const struct file_operations tty_fops = {
459 .llseek = no_llseek,
460 .read = tty_read,
461 .write = tty_write,
462 .poll = tty_poll,
463 .unlocked_ioctl = tty_ioctl,
464 .compat_ioctl = tty_compat_ioctl,
465 .open = tty_open,
466 .release = tty_release,
467 .fasync = tty_fasync,
468};
469
470static const struct file_operations console_fops = {
471 .llseek = no_llseek,
472 .read = tty_read,
473 .write = redirected_tty_write,
474 .poll = tty_poll,
475 .unlocked_ioctl = tty_ioctl,
476 .compat_ioctl = tty_compat_ioctl,
477 .open = tty_open,
478 .release = tty_release,
479 .fasync = tty_fasync,
480};
481
482static const struct file_operations hung_up_tty_fops = {
483 .llseek = no_llseek,
484 .read = hung_up_tty_read,
485 .write = hung_up_tty_write,
486 .poll = hung_up_tty_poll,
487 .unlocked_ioctl = hung_up_tty_ioctl,
488 .compat_ioctl = hung_up_tty_compat_ioctl,
489 .release = tty_release,
490};
491
492static DEFINE_SPINLOCK(redirect_lock);
493static struct file *redirect;
494
495/**
496 * tty_wakeup - request more data
497 * @tty: terminal
498 *
499 * Internal and external helper for wakeups of tty. This function
500 * informs the line discipline if present that the driver is ready
501 * to receive more output data.
502 */
503
504void tty_wakeup(struct tty_struct *tty)
505{
506 struct tty_ldisc *ld;
507
508 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
509 ld = tty_ldisc_ref(tty);
510 if (ld) {
511 if (ld->ops->write_wakeup)
512 ld->ops->write_wakeup(tty);
513 tty_ldisc_deref(ld);
514 }
515 }
516 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
517}
518
519EXPORT_SYMBOL_GPL(tty_wakeup);
520
521/**
522 * tty_signal_session_leader - sends SIGHUP to session leader
523 * @tty controlling tty
524 * @exit_session if non-zero, signal all foreground group processes
525 *
526 * Send SIGHUP and SIGCONT to the session leader and its process group.
527 * Optionally, signal all processes in the foreground process group.
528 *
529 * Returns the number of processes in the session with this tty
530 * as their controlling terminal. This value is used to drop
531 * tty references for those processes.
532 */
533static int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
534{
535 struct task_struct *p;
536 int refs = 0;
537 struct pid *tty_pgrp = NULL;
538
539 read_lock(&tasklist_lock);
540 if (tty->session) {
541 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
542 spin_lock_irq(&p->sighand->siglock);
543 if (p->signal->tty == tty) {
544 p->signal->tty = NULL;
545 /* We defer the dereferences outside fo
546 the tasklist lock */
547 refs++;
548 }
549 if (!p->signal->leader) {
550 spin_unlock_irq(&p->sighand->siglock);
551 continue;
552 }
553 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
554 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
555 put_pid(p->signal->tty_old_pgrp); /* A noop */
556 spin_lock(&tty->ctrl_lock);
557 tty_pgrp = get_pid(tty->pgrp);
558 if (tty->pgrp)
559 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
560 spin_unlock(&tty->ctrl_lock);
561 spin_unlock_irq(&p->sighand->siglock);
562 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
563 }
564 read_unlock(&tasklist_lock);
565
566 if (tty_pgrp) {
567 if (exit_session)
568 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
569 put_pid(tty_pgrp);
570 }
571
572 return refs;
573}
574
575/**
576 * __tty_hangup - actual handler for hangup events
577 * @work: tty device
578 *
579 * This can be called by a "kworker" kernel thread. That is process
580 * synchronous but doesn't hold any locks, so we need to make sure we
581 * have the appropriate locks for what we're doing.
582 *
583 * The hangup event clears any pending redirections onto the hung up
584 * device. It ensures future writes will error and it does the needed
585 * line discipline hangup and signal delivery. The tty object itself
586 * remains intact.
587 *
588 * Locking:
589 * BTM
590 * redirect lock for undoing redirection
591 * file list lock for manipulating list of ttys
592 * tty_ldiscs_lock from called functions
593 * termios_rwsem resetting termios data
594 * tasklist_lock to walk task list for hangup event
595 * ->siglock to protect ->signal/->sighand
596 */
597static void __tty_hangup(struct tty_struct *tty, int exit_session)
598{
599 struct file *cons_filp = NULL;
600 struct file *filp, *f = NULL;
601 struct tty_file_private *priv;
602 int closecount = 0, n;
603 int refs;
604
605 if (!tty)
606 return;
607
608
609 spin_lock(&redirect_lock);
610 if (redirect && file_tty(redirect) == tty) {
611 f = redirect;
612 redirect = NULL;
613 }
614 spin_unlock(&redirect_lock);
615
616 tty_lock(tty);
617
618 if (test_bit(TTY_HUPPED, &tty->flags)) {
619 tty_unlock(tty);
620 return;
621 }
622
623 /* some functions below drop BTM, so we need this bit */
624 set_bit(TTY_HUPPING, &tty->flags);
625
626 /* inuse_filps is protected by the single tty lock,
627 this really needs to change if we want to flush the
628 workqueue with the lock held */
629 check_tty_count(tty, "tty_hangup");
630
631 spin_lock(&tty_files_lock);
632 /* This breaks for file handles being sent over AF_UNIX sockets ? */
633 list_for_each_entry(priv, &tty->tty_files, list) {
634 filp = priv->file;
635 if (filp->f_op->write == redirected_tty_write)
636 cons_filp = filp;
637 if (filp->f_op->write != tty_write)
638 continue;
639 closecount++;
640 __tty_fasync(-1, filp, 0); /* can't block */
641 filp->f_op = &hung_up_tty_fops;
642 }
643 spin_unlock(&tty_files_lock);
644
645 refs = tty_signal_session_leader(tty, exit_session);
646 /* Account for the p->signal references we killed */
647 while (refs--)
648 tty_kref_put(tty);
649
650 /*
651 * it drops BTM and thus races with reopen
652 * we protect the race by TTY_HUPPING
653 */
654 tty_ldisc_hangup(tty);
655
656 spin_lock_irq(&tty->ctrl_lock);
657 clear_bit(TTY_THROTTLED, &tty->flags);
658 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
659 put_pid(tty->session);
660 put_pid(tty->pgrp);
661 tty->session = NULL;
662 tty->pgrp = NULL;
663 tty->ctrl_status = 0;
664 spin_unlock_irq(&tty->ctrl_lock);
665
666 /*
667 * If one of the devices matches a console pointer, we
668 * cannot just call hangup() because that will cause
669 * tty->count and state->count to go out of sync.
670 * So we just call close() the right number of times.
671 */
672 if (cons_filp) {
673 if (tty->ops->close)
674 for (n = 0; n < closecount; n++)
675 tty->ops->close(tty, cons_filp);
676 } else if (tty->ops->hangup)
677 tty->ops->hangup(tty);
678 /*
679 * We don't want to have driver/ldisc interactions beyond
680 * the ones we did here. The driver layer expects no
681 * calls after ->hangup() from the ldisc side. However we
682 * can't yet guarantee all that.
683 */
684 set_bit(TTY_HUPPED, &tty->flags);
685 clear_bit(TTY_HUPPING, &tty->flags);
686
687 tty_unlock(tty);
688
689 if (f)
690 fput(f);
691}
692
693static void do_tty_hangup(struct work_struct *work)
694{
695 struct tty_struct *tty =
696 container_of(work, struct tty_struct, hangup_work);
697
698 __tty_hangup(tty, 0);
699}
700
701/**
702 * tty_hangup - trigger a hangup event
703 * @tty: tty to hangup
704 *
705 * A carrier loss (virtual or otherwise) has occurred on this like
706 * schedule a hangup sequence to run after this event.
707 */
708
709void tty_hangup(struct tty_struct *tty)
710{
711#ifdef TTY_DEBUG_HANGUP
712 char buf[64];
713 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
714#endif
715 schedule_work(&tty->hangup_work);
716}
717
718EXPORT_SYMBOL(tty_hangup);
719
720/**
721 * tty_vhangup - process vhangup
722 * @tty: tty to hangup
723 *
724 * The user has asked via system call for the terminal to be hung up.
725 * We do this synchronously so that when the syscall returns the process
726 * is complete. That guarantee is necessary for security reasons.
727 */
728
729void tty_vhangup(struct tty_struct *tty)
730{
731#ifdef TTY_DEBUG_HANGUP
732 char buf[64];
733
734 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
735#endif
736 __tty_hangup(tty, 0);
737}
738
739EXPORT_SYMBOL(tty_vhangup);
740
741
742/**
743 * tty_vhangup_self - process vhangup for own ctty
744 *
745 * Perform a vhangup on the current controlling tty
746 */
747
748void tty_vhangup_self(void)
749{
750 struct tty_struct *tty;
751
752 tty = get_current_tty();
753 if (tty) {
754 tty_vhangup(tty);
755 tty_kref_put(tty);
756 }
757}
758
759/**
760 * tty_vhangup_session - hangup session leader exit
761 * @tty: tty to hangup
762 *
763 * The session leader is exiting and hanging up its controlling terminal.
764 * Every process in the foreground process group is signalled SIGHUP.
765 *
766 * We do this synchronously so that when the syscall returns the process
767 * is complete. That guarantee is necessary for security reasons.
768 */
769
770static void tty_vhangup_session(struct tty_struct *tty)
771{
772#ifdef TTY_DEBUG_HANGUP
773 char buf[64];
774
775 printk(KERN_DEBUG "%s vhangup session...\n", tty_name(tty, buf));
776#endif
777 __tty_hangup(tty, 1);
778}
779
780/**
781 * tty_hung_up_p - was tty hung up
782 * @filp: file pointer of tty
783 *
784 * Return true if the tty has been subject to a vhangup or a carrier
785 * loss
786 */
787
788int tty_hung_up_p(struct file *filp)
789{
790 return (filp->f_op == &hung_up_tty_fops);
791}
792
793EXPORT_SYMBOL(tty_hung_up_p);
794
795static void session_clear_tty(struct pid *session)
796{
797 struct task_struct *p;
798 do_each_pid_task(session, PIDTYPE_SID, p) {
799 proc_clear_tty(p);
800 } while_each_pid_task(session, PIDTYPE_SID, p);
801}
802
803/**
804 * disassociate_ctty - disconnect controlling tty
805 * @on_exit: true if exiting so need to "hang up" the session
806 *
807 * This function is typically called only by the session leader, when
808 * it wants to disassociate itself from its controlling tty.
809 *
810 * It performs the following functions:
811 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
812 * (2) Clears the tty from being controlling the session
813 * (3) Clears the controlling tty for all processes in the
814 * session group.
815 *
816 * The argument on_exit is set to 1 if called when a process is
817 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
818 *
819 * Locking:
820 * BTM is taken for hysterical raisins, and held when
821 * called from no_tty().
822 * tty_mutex is taken to protect tty
823 * ->siglock is taken to protect ->signal/->sighand
824 * tasklist_lock is taken to walk process list for sessions
825 * ->siglock is taken to protect ->signal/->sighand
826 */
827
828void disassociate_ctty(int on_exit)
829{
830 struct tty_struct *tty;
831
832 if (!current->signal->leader)
833 return;
834
835 tty = get_current_tty();
836 if (tty) {
837 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
838 tty_vhangup_session(tty);
839 } else {
840 struct pid *tty_pgrp = tty_get_pgrp(tty);
841 if (tty_pgrp) {
842 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
843 if (!on_exit)
844 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
845 put_pid(tty_pgrp);
846 }
847 }
848 tty_kref_put(tty);
849
850 } else if (on_exit) {
851 struct pid *old_pgrp;
852 spin_lock_irq(&current->sighand->siglock);
853 old_pgrp = current->signal->tty_old_pgrp;
854 current->signal->tty_old_pgrp = NULL;
855 spin_unlock_irq(&current->sighand->siglock);
856 if (old_pgrp) {
857 kill_pgrp(old_pgrp, SIGHUP, on_exit);
858 kill_pgrp(old_pgrp, SIGCONT, on_exit);
859 put_pid(old_pgrp);
860 }
861 return;
862 }
863
864 spin_lock_irq(&current->sighand->siglock);
865 put_pid(current->signal->tty_old_pgrp);
866 current->signal->tty_old_pgrp = NULL;
867
868 tty = tty_kref_get(current->signal->tty);
869 if (tty) {
870 unsigned long flags;
871 spin_lock_irqsave(&tty->ctrl_lock, flags);
872 put_pid(tty->session);
873 put_pid(tty->pgrp);
874 tty->session = NULL;
875 tty->pgrp = NULL;
876 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
877 tty_kref_put(tty);
878 } else {
879#ifdef TTY_DEBUG_HANGUP
880 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
881 " = NULL", tty);
882#endif
883 }
884
885 spin_unlock_irq(&current->sighand->siglock);
886 /* Now clear signal->tty under the lock */
887 read_lock(&tasklist_lock);
888 session_clear_tty(task_session(current));
889 read_unlock(&tasklist_lock);
890}
891
892/**
893 *
894 * no_tty - Ensure the current process does not have a controlling tty
895 */
896void no_tty(void)
897{
898 /* FIXME: Review locking here. The tty_lock never covered any race
899 between a new association and proc_clear_tty but possible we need
900 to protect against this anyway */
901 struct task_struct *tsk = current;
902 disassociate_ctty(0);
903 proc_clear_tty(tsk);
904}
905
906
907/**
908 * stop_tty - propagate flow control
909 * @tty: tty to stop
910 *
911 * Perform flow control to the driver. May be called
912 * on an already stopped device and will not re-call the driver
913 * method.
914 *
915 * This functionality is used by both the line disciplines for
916 * halting incoming flow and by the driver. It may therefore be
917 * called from any context, may be under the tty atomic_write_lock
918 * but not always.
919 *
920 * Locking:
921 * flow_lock
922 */
923
924void __stop_tty(struct tty_struct *tty)
925{
926 if (tty->stopped)
927 return;
928 tty->stopped = 1;
929 if (tty->ops->stop)
930 (tty->ops->stop)(tty);
931}
932
933void stop_tty(struct tty_struct *tty)
934{
935 unsigned long flags;
936
937 spin_lock_irqsave(&tty->flow_lock, flags);
938 __stop_tty(tty);
939 spin_unlock_irqrestore(&tty->flow_lock, flags);
940}
941EXPORT_SYMBOL(stop_tty);
942
943/**
944 * start_tty - propagate flow control
945 * @tty: tty to start
946 *
947 * Start a tty that has been stopped if at all possible. If this
948 * tty was previous stopped and is now being started, the driver
949 * start method is invoked and the line discipline woken.
950 *
951 * Locking:
952 * flow_lock
953 */
954
955void __start_tty(struct tty_struct *tty)
956{
957 if (!tty->stopped || tty->flow_stopped)
958 return;
959 tty->stopped = 0;
960 if (tty->ops->start)
961 (tty->ops->start)(tty);
962 tty_wakeup(tty);
963}
964
965void start_tty(struct tty_struct *tty)
966{
967 unsigned long flags;
968
969 spin_lock_irqsave(&tty->flow_lock, flags);
970 __start_tty(tty);
971 spin_unlock_irqrestore(&tty->flow_lock, flags);
972}
973EXPORT_SYMBOL(start_tty);
974
975/* We limit tty time update visibility to every 8 seconds or so. */
976static void tty_update_time(struct timespec *time)
977{
978 unsigned long sec = get_seconds() & ~7;
979 if ((long)(sec - time->tv_sec) > 0)
980 time->tv_sec = sec;
981}
982
983/**
984 * tty_read - read method for tty device files
985 * @file: pointer to tty file
986 * @buf: user buffer
987 * @count: size of user buffer
988 * @ppos: unused
989 *
990 * Perform the read system call function on this terminal device. Checks
991 * for hung up devices before calling the line discipline method.
992 *
993 * Locking:
994 * Locks the line discipline internally while needed. Multiple
995 * read calls may be outstanding in parallel.
996 */
997
998static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
999 loff_t *ppos)
1000{
1001 int i;
1002 struct inode *inode = file_inode(file);
1003 struct tty_struct *tty = file_tty(file);
1004 struct tty_ldisc *ld;
1005
1006 if (tty_paranoia_check(tty, inode, "tty_read"))
1007 return -EIO;
1008 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1009 return -EIO;
1010
1011 /* We want to wait for the line discipline to sort out in this
1012 situation */
1013 ld = tty_ldisc_ref_wait(tty);
1014 if (ld->ops->read)
1015 i = (ld->ops->read)(tty, file, buf, count);
1016 else
1017 i = -EIO;
1018 tty_ldisc_deref(ld);
1019
1020 if (i > 0)
1021 tty_update_time(&inode->i_atime);
1022
1023 return i;
1024}
1025
1026static void tty_write_unlock(struct tty_struct *tty)
1027{
1028 mutex_unlock(&tty->atomic_write_lock);
1029 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1030}
1031
1032static int tty_write_lock(struct tty_struct *tty, int ndelay)
1033{
1034 if (!mutex_trylock(&tty->atomic_write_lock)) {
1035 if (ndelay)
1036 return -EAGAIN;
1037 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1038 return -ERESTARTSYS;
1039 }
1040 return 0;
1041}
1042
1043/*
1044 * Split writes up in sane blocksizes to avoid
1045 * denial-of-service type attacks
1046 */
1047static inline ssize_t do_tty_write(
1048 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1049 struct tty_struct *tty,
1050 struct file *file,
1051 const char __user *buf,
1052 size_t count)
1053{
1054 ssize_t ret, written = 0;
1055 unsigned int chunk;
1056
1057 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1058 if (ret < 0)
1059 return ret;
1060
1061 /*
1062 * We chunk up writes into a temporary buffer. This
1063 * simplifies low-level drivers immensely, since they
1064 * don't have locking issues and user mode accesses.
1065 *
1066 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1067 * big chunk-size..
1068 *
1069 * The default chunk-size is 2kB, because the NTTY
1070 * layer has problems with bigger chunks. It will
1071 * claim to be able to handle more characters than
1072 * it actually does.
1073 *
1074 * FIXME: This can probably go away now except that 64K chunks
1075 * are too likely to fail unless switched to vmalloc...
1076 */
1077 chunk = 2048;
1078 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1079 chunk = 65536;
1080 if (count < chunk)
1081 chunk = count;
1082
1083 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1084 if (tty->write_cnt < chunk) {
1085 unsigned char *buf_chunk;
1086
1087 if (chunk < 1024)
1088 chunk = 1024;
1089
1090 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1091 if (!buf_chunk) {
1092 ret = -ENOMEM;
1093 goto out;
1094 }
1095 kfree(tty->write_buf);
1096 tty->write_cnt = chunk;
1097 tty->write_buf = buf_chunk;
1098 }
1099
1100 /* Do the write .. */
1101 for (;;) {
1102 size_t size = count;
1103 if (size > chunk)
1104 size = chunk;
1105 ret = -EFAULT;
1106 if (copy_from_user(tty->write_buf, buf, size))
1107 break;
1108 ret = write(tty, file, tty->write_buf, size);
1109 if (ret <= 0)
1110 break;
1111 written += ret;
1112 buf += ret;
1113 count -= ret;
1114 if (!count)
1115 break;
1116 ret = -ERESTARTSYS;
1117 if (signal_pending(current))
1118 break;
1119 cond_resched();
1120 }
1121 if (written) {
1122 tty_update_time(&file_inode(file)->i_mtime);
1123 ret = written;
1124 }
1125out:
1126 tty_write_unlock(tty);
1127 return ret;
1128}
1129
1130/**
1131 * tty_write_message - write a message to a certain tty, not just the console.
1132 * @tty: the destination tty_struct
1133 * @msg: the message to write
1134 *
1135 * This is used for messages that need to be redirected to a specific tty.
1136 * We don't put it into the syslog queue right now maybe in the future if
1137 * really needed.
1138 *
1139 * We must still hold the BTM and test the CLOSING flag for the moment.
1140 */
1141
1142void tty_write_message(struct tty_struct *tty, char *msg)
1143{
1144 if (tty) {
1145 mutex_lock(&tty->atomic_write_lock);
1146 tty_lock(tty);
1147 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1148 tty_unlock(tty);
1149 tty->ops->write(tty, msg, strlen(msg));
1150 } else
1151 tty_unlock(tty);
1152 tty_write_unlock(tty);
1153 }
1154 return;
1155}
1156
1157
1158/**
1159 * tty_write - write method for tty device file
1160 * @file: tty file pointer
1161 * @buf: user data to write
1162 * @count: bytes to write
1163 * @ppos: unused
1164 *
1165 * Write data to a tty device via the line discipline.
1166 *
1167 * Locking:
1168 * Locks the line discipline as required
1169 * Writes to the tty driver are serialized by the atomic_write_lock
1170 * and are then processed in chunks to the device. The line discipline
1171 * write method will not be invoked in parallel for each device.
1172 */
1173
1174static ssize_t tty_write(struct file *file, const char __user *buf,
1175 size_t count, loff_t *ppos)
1176{
1177 struct tty_struct *tty = file_tty(file);
1178 struct tty_ldisc *ld;
1179 ssize_t ret;
1180
1181 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1182 return -EIO;
1183 if (!tty || !tty->ops->write ||
1184 (test_bit(TTY_IO_ERROR, &tty->flags)))
1185 return -EIO;
1186 /* Short term debug to catch buggy drivers */
1187 if (tty->ops->write_room == NULL)
1188 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1189 tty->driver->name);
1190 ld = tty_ldisc_ref_wait(tty);
1191 if (!ld->ops->write)
1192 ret = -EIO;
1193 else
1194 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1195 tty_ldisc_deref(ld);
1196 return ret;
1197}
1198
1199ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1200 size_t count, loff_t *ppos)
1201{
1202 struct file *p = NULL;
1203
1204 spin_lock(&redirect_lock);
1205 if (redirect)
1206 p = get_file(redirect);
1207 spin_unlock(&redirect_lock);
1208
1209 if (p) {
1210 ssize_t res;
1211 res = vfs_write(p, buf, count, &p->f_pos);
1212 fput(p);
1213 return res;
1214 }
1215 return tty_write(file, buf, count, ppos);
1216}
1217
1218/**
1219 * tty_send_xchar - send priority character
1220 *
1221 * Send a high priority character to the tty even if stopped
1222 *
1223 * Locking: none for xchar method, write ordering for write method.
1224 */
1225
1226int tty_send_xchar(struct tty_struct *tty, char ch)
1227{
1228 int was_stopped = tty->stopped;
1229
1230 if (tty->ops->send_xchar) {
1231 tty->ops->send_xchar(tty, ch);
1232 return 0;
1233 }
1234
1235 if (tty_write_lock(tty, 0) < 0)
1236 return -ERESTARTSYS;
1237
1238 if (was_stopped)
1239 start_tty(tty);
1240 tty->ops->write(tty, &ch, 1);
1241 if (was_stopped)
1242 stop_tty(tty);
1243 tty_write_unlock(tty);
1244 return 0;
1245}
1246
1247static char ptychar[] = "pqrstuvwxyzabcde";
1248
1249/**
1250 * pty_line_name - generate name for a pty
1251 * @driver: the tty driver in use
1252 * @index: the minor number
1253 * @p: output buffer of at least 6 bytes
1254 *
1255 * Generate a name from a driver reference and write it to the output
1256 * buffer.
1257 *
1258 * Locking: None
1259 */
1260static void pty_line_name(struct tty_driver *driver, int index, char *p)
1261{
1262 int i = index + driver->name_base;
1263 /* ->name is initialized to "ttyp", but "tty" is expected */
1264 sprintf(p, "%s%c%x",
1265 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1266 ptychar[i >> 4 & 0xf], i & 0xf);
1267}
1268
1269/**
1270 * tty_line_name - generate name for a tty
1271 * @driver: the tty driver in use
1272 * @index: the minor number
1273 * @p: output buffer of at least 7 bytes
1274 *
1275 * Generate a name from a driver reference and write it to the output
1276 * buffer.
1277 *
1278 * Locking: None
1279 */
1280static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1281{
1282 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1283 return sprintf(p, "%s", driver->name);
1284 else
1285 return sprintf(p, "%s%d", driver->name,
1286 index + driver->name_base);
1287}
1288
1289/**
1290 * tty_driver_lookup_tty() - find an existing tty, if any
1291 * @driver: the driver for the tty
1292 * @idx: the minor number
1293 *
1294 * Return the tty, if found or ERR_PTR() otherwise.
1295 *
1296 * Locking: tty_mutex must be held. If tty is found, the mutex must
1297 * be held until the 'fast-open' is also done. Will change once we
1298 * have refcounting in the driver and per driver locking
1299 */
1300static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1301 struct inode *inode, int idx)
1302{
1303 if (driver->ops->lookup)
1304 return driver->ops->lookup(driver, inode, idx);
1305
1306 return driver->ttys[idx];
1307}
1308
1309/**
1310 * tty_init_termios - helper for termios setup
1311 * @tty: the tty to set up
1312 *
1313 * Initialise the termios structures for this tty. Thus runs under
1314 * the tty_mutex currently so we can be relaxed about ordering.
1315 */
1316
1317int tty_init_termios(struct tty_struct *tty)
1318{
1319 struct ktermios *tp;
1320 int idx = tty->index;
1321
1322 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1323 tty->termios = tty->driver->init_termios;
1324 else {
1325 /* Check for lazy saved data */
1326 tp = tty->driver->termios[idx];
1327 if (tp != NULL)
1328 tty->termios = *tp;
1329 else
1330 tty->termios = tty->driver->init_termios;
1331 }
1332 /* Compatibility until drivers always set this */
1333 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1334 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1335 return 0;
1336}
1337EXPORT_SYMBOL_GPL(tty_init_termios);
1338
1339int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1340{
1341 int ret = tty_init_termios(tty);
1342 if (ret)
1343 return ret;
1344
1345 tty_driver_kref_get(driver);
1346 tty->count++;
1347 driver->ttys[tty->index] = tty;
1348 return 0;
1349}
1350EXPORT_SYMBOL_GPL(tty_standard_install);
1351
1352/**
1353 * tty_driver_install_tty() - install a tty entry in the driver
1354 * @driver: the driver for the tty
1355 * @tty: the tty
1356 *
1357 * Install a tty object into the driver tables. The tty->index field
1358 * will be set by the time this is called. This method is responsible
1359 * for ensuring any need additional structures are allocated and
1360 * configured.
1361 *
1362 * Locking: tty_mutex for now
1363 */
1364static int tty_driver_install_tty(struct tty_driver *driver,
1365 struct tty_struct *tty)
1366{
1367 return driver->ops->install ? driver->ops->install(driver, tty) :
1368 tty_standard_install(driver, tty);
1369}
1370
1371/**
1372 * tty_driver_remove_tty() - remove a tty from the driver tables
1373 * @driver: the driver for the tty
1374 * @idx: the minor number
1375 *
1376 * Remvoe a tty object from the driver tables. The tty->index field
1377 * will be set by the time this is called.
1378 *
1379 * Locking: tty_mutex for now
1380 */
1381void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1382{
1383 if (driver->ops->remove)
1384 driver->ops->remove(driver, tty);
1385 else
1386 driver->ttys[tty->index] = NULL;
1387}
1388
1389/*
1390 * tty_reopen() - fast re-open of an open tty
1391 * @tty - the tty to open
1392 *
1393 * Return 0 on success, -errno on error.
1394 *
1395 * Locking: tty_mutex must be held from the time the tty was found
1396 * till this open completes.
1397 */
1398static int tty_reopen(struct tty_struct *tty)
1399{
1400 struct tty_driver *driver = tty->driver;
1401
1402 if (test_bit(TTY_CLOSING, &tty->flags) ||
1403 test_bit(TTY_HUPPING, &tty->flags))
1404 return -EIO;
1405
1406 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1407 driver->subtype == PTY_TYPE_MASTER) {
1408 /*
1409 * special case for PTY masters: only one open permitted,
1410 * and the slave side open count is incremented as well.
1411 */
1412 if (tty->count)
1413 return -EIO;
1414
1415 tty->link->count++;
1416 }
1417 tty->count++;
1418
1419 WARN_ON(!tty->ldisc);
1420
1421 return 0;
1422}
1423
1424/**
1425 * tty_init_dev - initialise a tty device
1426 * @driver: tty driver we are opening a device on
1427 * @idx: device index
1428 * @ret_tty: returned tty structure
1429 *
1430 * Prepare a tty device. This may not be a "new" clean device but
1431 * could also be an active device. The pty drivers require special
1432 * handling because of this.
1433 *
1434 * Locking:
1435 * The function is called under the tty_mutex, which
1436 * protects us from the tty struct or driver itself going away.
1437 *
1438 * On exit the tty device has the line discipline attached and
1439 * a reference count of 1. If a pair was created for pty/tty use
1440 * and the other was a pty master then it too has a reference count of 1.
1441 *
1442 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1443 * failed open. The new code protects the open with a mutex, so it's
1444 * really quite straightforward. The mutex locking can probably be
1445 * relaxed for the (most common) case of reopening a tty.
1446 */
1447
1448struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1449{
1450 struct tty_struct *tty;
1451 int retval;
1452
1453 /*
1454 * First time open is complex, especially for PTY devices.
1455 * This code guarantees that either everything succeeds and the
1456 * TTY is ready for operation, or else the table slots are vacated
1457 * and the allocated memory released. (Except that the termios
1458 * and locked termios may be retained.)
1459 */
1460
1461 if (!try_module_get(driver->owner))
1462 return ERR_PTR(-ENODEV);
1463
1464 tty = alloc_tty_struct(driver, idx);
1465 if (!tty) {
1466 retval = -ENOMEM;
1467 goto err_module_put;
1468 }
1469
1470 tty_lock(tty);
1471 retval = tty_driver_install_tty(driver, tty);
1472 if (retval < 0)
1473 goto err_deinit_tty;
1474
1475 if (!tty->port)
1476 tty->port = driver->ports[idx];
1477
1478 WARN_RATELIMIT(!tty->port,
1479 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1480 __func__, tty->driver->name);
1481
1482 tty->port->itty = tty;
1483
1484 /*
1485 * Structures all installed ... call the ldisc open routines.
1486 * If we fail here just call release_tty to clean up. No need
1487 * to decrement the use counts, as release_tty doesn't care.
1488 */
1489 retval = tty_ldisc_setup(tty, tty->link);
1490 if (retval)
1491 goto err_release_tty;
1492 /* Return the tty locked so that it cannot vanish under the caller */
1493 return tty;
1494
1495err_deinit_tty:
1496 tty_unlock(tty);
1497 deinitialize_tty_struct(tty);
1498 free_tty_struct(tty);
1499err_module_put:
1500 module_put(driver->owner);
1501 return ERR_PTR(retval);
1502
1503 /* call the tty release_tty routine to clean out this slot */
1504err_release_tty:
1505 tty_unlock(tty);
1506 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1507 "clearing slot %d\n", idx);
1508 release_tty(tty, idx);
1509 return ERR_PTR(retval);
1510}
1511
1512void tty_free_termios(struct tty_struct *tty)
1513{
1514 struct ktermios *tp;
1515 int idx = tty->index;
1516
1517 /* If the port is going to reset then it has no termios to save */
1518 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1519 return;
1520
1521 /* Stash the termios data */
1522 tp = tty->driver->termios[idx];
1523 if (tp == NULL) {
1524 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1525 if (tp == NULL) {
1526 pr_warn("tty: no memory to save termios state.\n");
1527 return;
1528 }
1529 tty->driver->termios[idx] = tp;
1530 }
1531 *tp = tty->termios;
1532}
1533EXPORT_SYMBOL(tty_free_termios);
1534
1535/**
1536 * tty_flush_works - flush all works of a tty
1537 * @tty: tty device to flush works for
1538 *
1539 * Sync flush all works belonging to @tty.
1540 */
1541static void tty_flush_works(struct tty_struct *tty)
1542{
1543 flush_work(&tty->SAK_work);
1544 flush_work(&tty->hangup_work);
1545}
1546
1547/**
1548 * release_one_tty - release tty structure memory
1549 * @kref: kref of tty we are obliterating
1550 *
1551 * Releases memory associated with a tty structure, and clears out the
1552 * driver table slots. This function is called when a device is no longer
1553 * in use. It also gets called when setup of a device fails.
1554 *
1555 * Locking:
1556 * takes the file list lock internally when working on the list
1557 * of ttys that the driver keeps.
1558 *
1559 * This method gets called from a work queue so that the driver private
1560 * cleanup ops can sleep (needed for USB at least)
1561 */
1562static void release_one_tty(struct work_struct *work)
1563{
1564 struct tty_struct *tty =
1565 container_of(work, struct tty_struct, hangup_work);
1566 struct tty_driver *driver = tty->driver;
1567 struct module *owner = driver->owner;
1568
1569 if (tty->ops->cleanup)
1570 tty->ops->cleanup(tty);
1571
1572 tty->magic = 0;
1573 tty_driver_kref_put(driver);
1574 module_put(owner);
1575
1576 spin_lock(&tty_files_lock);
1577 list_del_init(&tty->tty_files);
1578 spin_unlock(&tty_files_lock);
1579
1580 put_pid(tty->pgrp);
1581 put_pid(tty->session);
1582 free_tty_struct(tty);
1583}
1584
1585static void queue_release_one_tty(struct kref *kref)
1586{
1587 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1588
1589 /* The hangup queue is now free so we can reuse it rather than
1590 waste a chunk of memory for each port */
1591 INIT_WORK(&tty->hangup_work, release_one_tty);
1592 schedule_work(&tty->hangup_work);
1593}
1594
1595/**
1596 * tty_kref_put - release a tty kref
1597 * @tty: tty device
1598 *
1599 * Release a reference to a tty device and if need be let the kref
1600 * layer destruct the object for us
1601 */
1602
1603void tty_kref_put(struct tty_struct *tty)
1604{
1605 if (tty)
1606 kref_put(&tty->kref, queue_release_one_tty);
1607}
1608EXPORT_SYMBOL(tty_kref_put);
1609
1610/**
1611 * release_tty - release tty structure memory
1612 *
1613 * Release both @tty and a possible linked partner (think pty pair),
1614 * and decrement the refcount of the backing module.
1615 *
1616 * Locking:
1617 * tty_mutex
1618 * takes the file list lock internally when working on the list
1619 * of ttys that the driver keeps.
1620 *
1621 */
1622static void release_tty(struct tty_struct *tty, int idx)
1623{
1624 /* This should always be true but check for the moment */
1625 WARN_ON(tty->index != idx);
1626 WARN_ON(!mutex_is_locked(&tty_mutex));
1627 if (tty->ops->shutdown)
1628 tty->ops->shutdown(tty);
1629 tty_free_termios(tty);
1630 tty_driver_remove_tty(tty->driver, tty);
1631 tty->port->itty = NULL;
1632 if (tty->link)
1633 tty->link->port->itty = NULL;
1634 cancel_work_sync(&tty->port->buf.work);
1635
1636 if (tty->link)
1637 tty_kref_put(tty->link);
1638 tty_kref_put(tty);
1639}
1640
1641/**
1642 * tty_release_checks - check a tty before real release
1643 * @tty: tty to check
1644 * @o_tty: link of @tty (if any)
1645 * @idx: index of the tty
1646 *
1647 * Performs some paranoid checking before true release of the @tty.
1648 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1649 */
1650static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1651 int idx)
1652{
1653#ifdef TTY_PARANOIA_CHECK
1654 if (idx < 0 || idx >= tty->driver->num) {
1655 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1656 __func__, tty->name);
1657 return -1;
1658 }
1659
1660 /* not much to check for devpts */
1661 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1662 return 0;
1663
1664 if (tty != tty->driver->ttys[idx]) {
1665 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1666 __func__, idx, tty->name);
1667 return -1;
1668 }
1669 if (tty->driver->other) {
1670 if (o_tty != tty->driver->other->ttys[idx]) {
1671 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1672 __func__, idx, tty->name);
1673 return -1;
1674 }
1675 if (o_tty->link != tty) {
1676 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1677 return -1;
1678 }
1679 }
1680#endif
1681 return 0;
1682}
1683
1684/**
1685 * tty_release - vfs callback for close
1686 * @inode: inode of tty
1687 * @filp: file pointer for handle to tty
1688 *
1689 * Called the last time each file handle is closed that references
1690 * this tty. There may however be several such references.
1691 *
1692 * Locking:
1693 * Takes bkl. See tty_release_dev
1694 *
1695 * Even releasing the tty structures is a tricky business.. We have
1696 * to be very careful that the structures are all released at the
1697 * same time, as interrupts might otherwise get the wrong pointers.
1698 *
1699 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1700 * lead to double frees or releasing memory still in use.
1701 */
1702
1703int tty_release(struct inode *inode, struct file *filp)
1704{
1705 struct tty_struct *tty = file_tty(filp);
1706 struct tty_struct *o_tty;
1707 int pty_master, tty_closing, o_tty_closing, do_sleep;
1708 int idx;
1709 char buf[64];
1710
1711 if (tty_paranoia_check(tty, inode, __func__))
1712 return 0;
1713
1714 tty_lock(tty);
1715 check_tty_count(tty, __func__);
1716
1717 __tty_fasync(-1, filp, 0);
1718
1719 idx = tty->index;
1720 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1721 tty->driver->subtype == PTY_TYPE_MASTER);
1722 /* Review: parallel close */
1723 o_tty = tty->link;
1724
1725 if (tty_release_checks(tty, o_tty, idx)) {
1726 tty_unlock(tty);
1727 return 0;
1728 }
1729
1730#ifdef TTY_DEBUG_HANGUP
1731 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1732 tty_name(tty, buf), tty->count);
1733#endif
1734
1735 if (tty->ops->close)
1736 tty->ops->close(tty, filp);
1737
1738 tty_unlock(tty);
1739 /*
1740 * Sanity check: if tty->count is going to zero, there shouldn't be
1741 * any waiters on tty->read_wait or tty->write_wait. We test the
1742 * wait queues and kick everyone out _before_ actually starting to
1743 * close. This ensures that we won't block while releasing the tty
1744 * structure.
1745 *
1746 * The test for the o_tty closing is necessary, since the master and
1747 * slave sides may close in any order. If the slave side closes out
1748 * first, its count will be one, since the master side holds an open.
1749 * Thus this test wouldn't be triggered at the time the slave closes,
1750 * so we do it now.
1751 *
1752 * Note that it's possible for the tty to be opened again while we're
1753 * flushing out waiters. By recalculating the closing flags before
1754 * each iteration we avoid any problems.
1755 */
1756 while (1) {
1757 /* Guard against races with tty->count changes elsewhere and
1758 opens on /dev/tty */
1759
1760 mutex_lock(&tty_mutex);
1761 tty_lock_pair(tty, o_tty);
1762 tty_closing = tty->count <= 1;
1763 o_tty_closing = o_tty &&
1764 (o_tty->count <= (pty_master ? 1 : 0));
1765 do_sleep = 0;
1766
1767 if (tty_closing) {
1768 if (waitqueue_active(&tty->read_wait)) {
1769 wake_up_poll(&tty->read_wait, POLLIN);
1770 do_sleep++;
1771 }
1772 if (waitqueue_active(&tty->write_wait)) {
1773 wake_up_poll(&tty->write_wait, POLLOUT);
1774 do_sleep++;
1775 }
1776 }
1777 if (o_tty_closing) {
1778 if (waitqueue_active(&o_tty->read_wait)) {
1779 wake_up_poll(&o_tty->read_wait, POLLIN);
1780 do_sleep++;
1781 }
1782 if (waitqueue_active(&o_tty->write_wait)) {
1783 wake_up_poll(&o_tty->write_wait, POLLOUT);
1784 do_sleep++;
1785 }
1786 }
1787 if (!do_sleep)
1788 break;
1789
1790 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1791 __func__, tty_name(tty, buf));
1792 tty_unlock_pair(tty, o_tty);
1793 mutex_unlock(&tty_mutex);
1794 schedule();
1795 }
1796
1797 /*
1798 * The closing flags are now consistent with the open counts on
1799 * both sides, and we've completed the last operation that could
1800 * block, so it's safe to proceed with closing.
1801 *
1802 * We must *not* drop the tty_mutex until we ensure that a further
1803 * entry into tty_open can not pick up this tty.
1804 */
1805 if (pty_master) {
1806 if (--o_tty->count < 0) {
1807 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1808 __func__, o_tty->count, tty_name(o_tty, buf));
1809 o_tty->count = 0;
1810 }
1811 }
1812 if (--tty->count < 0) {
1813 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1814 __func__, tty->count, tty_name(tty, buf));
1815 tty->count = 0;
1816 }
1817
1818 /*
1819 * We've decremented tty->count, so we need to remove this file
1820 * descriptor off the tty->tty_files list; this serves two
1821 * purposes:
1822 * - check_tty_count sees the correct number of file descriptors
1823 * associated with this tty.
1824 * - do_tty_hangup no longer sees this file descriptor as
1825 * something that needs to be handled for hangups.
1826 */
1827 tty_del_file(filp);
1828
1829 /*
1830 * Perform some housekeeping before deciding whether to return.
1831 *
1832 * Set the TTY_CLOSING flag if this was the last open. In the
1833 * case of a pty we may have to wait around for the other side
1834 * to close, and TTY_CLOSING makes sure we can't be reopened.
1835 */
1836 if (tty_closing)
1837 set_bit(TTY_CLOSING, &tty->flags);
1838 if (o_tty_closing)
1839 set_bit(TTY_CLOSING, &o_tty->flags);
1840
1841 /*
1842 * If _either_ side is closing, make sure there aren't any
1843 * processes that still think tty or o_tty is their controlling
1844 * tty.
1845 */
1846 if (tty_closing || o_tty_closing) {
1847 read_lock(&tasklist_lock);
1848 session_clear_tty(tty->session);
1849 if (o_tty)
1850 session_clear_tty(o_tty->session);
1851 read_unlock(&tasklist_lock);
1852 }
1853
1854 mutex_unlock(&tty_mutex);
1855 tty_unlock_pair(tty, o_tty);
1856 /* At this point the TTY_CLOSING flag should ensure a dead tty
1857 cannot be re-opened by a racing opener */
1858
1859 /* check whether both sides are closing ... */
1860 if (!tty_closing || (o_tty && !o_tty_closing))
1861 return 0;
1862
1863#ifdef TTY_DEBUG_HANGUP
1864 printk(KERN_DEBUG "%s: %s: final close\n", __func__, tty_name(tty, buf));
1865#endif
1866 /*
1867 * Ask the line discipline code to release its structures
1868 */
1869 tty_ldisc_release(tty, o_tty);
1870
1871 /* Wait for pending work before tty destruction commmences */
1872 tty_flush_works(tty);
1873 if (o_tty)
1874 tty_flush_works(o_tty);
1875
1876#ifdef TTY_DEBUG_HANGUP
1877 printk(KERN_DEBUG "%s: %s: freeing structure...\n", __func__, tty_name(tty, buf));
1878#endif
1879 /*
1880 * The release_tty function takes care of the details of clearing
1881 * the slots and preserving the termios structure. The tty_unlock_pair
1882 * should be safe as we keep a kref while the tty is locked (so the
1883 * unlock never unlocks a freed tty).
1884 */
1885 mutex_lock(&tty_mutex);
1886 release_tty(tty, idx);
1887 mutex_unlock(&tty_mutex);
1888
1889 return 0;
1890}
1891
1892/**
1893 * tty_open_current_tty - get tty of current task for open
1894 * @device: device number
1895 * @filp: file pointer to tty
1896 * @return: tty of the current task iff @device is /dev/tty
1897 *
1898 * We cannot return driver and index like for the other nodes because
1899 * devpts will not work then. It expects inodes to be from devpts FS.
1900 *
1901 * We need to move to returning a refcounted object from all the lookup
1902 * paths including this one.
1903 */
1904static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1905{
1906 struct tty_struct *tty;
1907
1908 if (device != MKDEV(TTYAUX_MAJOR, 0))
1909 return NULL;
1910
1911 tty = get_current_tty();
1912 if (!tty)
1913 return ERR_PTR(-ENXIO);
1914
1915 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1916 /* noctty = 1; */
1917 tty_kref_put(tty);
1918 /* FIXME: we put a reference and return a TTY! */
1919 /* This is only safe because the caller holds tty_mutex */
1920 return tty;
1921}
1922
1923/**
1924 * tty_lookup_driver - lookup a tty driver for a given device file
1925 * @device: device number
1926 * @filp: file pointer to tty
1927 * @noctty: set if the device should not become a controlling tty
1928 * @index: index for the device in the @return driver
1929 * @return: driver for this inode (with increased refcount)
1930 *
1931 * If @return is not erroneous, the caller is responsible to decrement the
1932 * refcount by tty_driver_kref_put.
1933 *
1934 * Locking: tty_mutex protects get_tty_driver
1935 */
1936static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1937 int *noctty, int *index)
1938{
1939 struct tty_driver *driver;
1940
1941 switch (device) {
1942#ifdef CONFIG_VT
1943 case MKDEV(TTY_MAJOR, 0): {
1944 extern struct tty_driver *console_driver;
1945 driver = tty_driver_kref_get(console_driver);
1946 *index = fg_console;
1947 *noctty = 1;
1948 break;
1949 }
1950#endif
1951 case MKDEV(TTYAUX_MAJOR, 1): {
1952 struct tty_driver *console_driver = console_device(index);
1953 if (console_driver) {
1954 driver = tty_driver_kref_get(console_driver);
1955 if (driver) {
1956 /* Don't let /dev/console block */
1957 filp->f_flags |= O_NONBLOCK;
1958 *noctty = 1;
1959 break;
1960 }
1961 }
1962 return ERR_PTR(-ENODEV);
1963 }
1964 default:
1965 driver = get_tty_driver(device, index);
1966 if (!driver)
1967 return ERR_PTR(-ENODEV);
1968 break;
1969 }
1970 return driver;
1971}
1972
1973/**
1974 * tty_open - open a tty device
1975 * @inode: inode of device file
1976 * @filp: file pointer to tty
1977 *
1978 * tty_open and tty_release keep up the tty count that contains the
1979 * number of opens done on a tty. We cannot use the inode-count, as
1980 * different inodes might point to the same tty.
1981 *
1982 * Open-counting is needed for pty masters, as well as for keeping
1983 * track of serial lines: DTR is dropped when the last close happens.
1984 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1985 *
1986 * The termios state of a pty is reset on first open so that
1987 * settings don't persist across reuse.
1988 *
1989 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
1990 * tty->count should protect the rest.
1991 * ->siglock protects ->signal/->sighand
1992 *
1993 * Note: the tty_unlock/lock cases without a ref are only safe due to
1994 * tty_mutex
1995 */
1996
1997static int tty_open(struct inode *inode, struct file *filp)
1998{
1999 struct tty_struct *tty;
2000 int noctty, retval;
2001 struct tty_driver *driver = NULL;
2002 int index;
2003 dev_t device = inode->i_rdev;
2004 unsigned saved_flags = filp->f_flags;
2005
2006 nonseekable_open(inode, filp);
2007
2008retry_open:
2009 retval = tty_alloc_file(filp);
2010 if (retval)
2011 return -ENOMEM;
2012
2013 noctty = filp->f_flags & O_NOCTTY;
2014 index = -1;
2015 retval = 0;
2016
2017 mutex_lock(&tty_mutex);
2018 /* This is protected by the tty_mutex */
2019 tty = tty_open_current_tty(device, filp);
2020 if (IS_ERR(tty)) {
2021 retval = PTR_ERR(tty);
2022 goto err_unlock;
2023 } else if (!tty) {
2024 driver = tty_lookup_driver(device, filp, &noctty, &index);
2025 if (IS_ERR(driver)) {
2026 retval = PTR_ERR(driver);
2027 goto err_unlock;
2028 }
2029
2030 /* check whether we're reopening an existing tty */
2031 tty = tty_driver_lookup_tty(driver, inode, index);
2032 if (IS_ERR(tty)) {
2033 retval = PTR_ERR(tty);
2034 goto err_unlock;
2035 }
2036 }
2037
2038 if (tty) {
2039 tty_lock(tty);
2040 retval = tty_reopen(tty);
2041 if (retval < 0) {
2042 tty_unlock(tty);
2043 tty = ERR_PTR(retval);
2044 }
2045 } else /* Returns with the tty_lock held for now */
2046 tty = tty_init_dev(driver, index);
2047
2048 mutex_unlock(&tty_mutex);
2049 if (driver)
2050 tty_driver_kref_put(driver);
2051 if (IS_ERR(tty)) {
2052 retval = PTR_ERR(tty);
2053 goto err_file;
2054 }
2055
2056 tty_add_file(tty, filp);
2057
2058 check_tty_count(tty, __func__);
2059 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2060 tty->driver->subtype == PTY_TYPE_MASTER)
2061 noctty = 1;
2062#ifdef TTY_DEBUG_HANGUP
2063 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
2064#endif
2065 if (tty->ops->open)
2066 retval = tty->ops->open(tty, filp);
2067 else
2068 retval = -ENODEV;
2069 filp->f_flags = saved_flags;
2070
2071 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2072 !capable(CAP_SYS_ADMIN))
2073 retval = -EBUSY;
2074
2075 if (retval) {
2076#ifdef TTY_DEBUG_HANGUP
2077 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
2078 retval, tty->name);
2079#endif
2080 tty_unlock(tty); /* need to call tty_release without BTM */
2081 tty_release(inode, filp);
2082 if (retval != -ERESTARTSYS)
2083 return retval;
2084
2085 if (signal_pending(current))
2086 return retval;
2087
2088 schedule();
2089 /*
2090 * Need to reset f_op in case a hangup happened.
2091 */
2092 if (filp->f_op == &hung_up_tty_fops)
2093 filp->f_op = &tty_fops;
2094 goto retry_open;
2095 }
2096 clear_bit(TTY_HUPPED, &tty->flags);
2097 tty_unlock(tty);
2098
2099
2100 mutex_lock(&tty_mutex);
2101 tty_lock(tty);
2102 spin_lock_irq(&current->sighand->siglock);
2103 if (!noctty &&
2104 current->signal->leader &&
2105 !current->signal->tty &&
2106 tty->session == NULL)
2107 __proc_set_tty(current, tty);
2108 spin_unlock_irq(&current->sighand->siglock);
2109 tty_unlock(tty);
2110 mutex_unlock(&tty_mutex);
2111 return 0;
2112err_unlock:
2113 mutex_unlock(&tty_mutex);
2114 /* after locks to avoid deadlock */
2115 if (!IS_ERR_OR_NULL(driver))
2116 tty_driver_kref_put(driver);
2117err_file:
2118 tty_free_file(filp);
2119 return retval;
2120}
2121
2122
2123
2124/**
2125 * tty_poll - check tty status
2126 * @filp: file being polled
2127 * @wait: poll wait structures to update
2128 *
2129 * Call the line discipline polling method to obtain the poll
2130 * status of the device.
2131 *
2132 * Locking: locks called line discipline but ldisc poll method
2133 * may be re-entered freely by other callers.
2134 */
2135
2136static unsigned int tty_poll(struct file *filp, poll_table *wait)
2137{
2138 struct tty_struct *tty = file_tty(filp);
2139 struct tty_ldisc *ld;
2140 int ret = 0;
2141
2142 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2143 return 0;
2144
2145 ld = tty_ldisc_ref_wait(tty);
2146 if (ld->ops->poll)
2147 ret = (ld->ops->poll)(tty, filp, wait);
2148 tty_ldisc_deref(ld);
2149 return ret;
2150}
2151
2152static int __tty_fasync(int fd, struct file *filp, int on)
2153{
2154 struct tty_struct *tty = file_tty(filp);
2155 struct tty_ldisc *ldisc;
2156 unsigned long flags;
2157 int retval = 0;
2158
2159 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2160 goto out;
2161
2162 retval = fasync_helper(fd, filp, on, &tty->fasync);
2163 if (retval <= 0)
2164 goto out;
2165
2166 ldisc = tty_ldisc_ref(tty);
2167 if (ldisc) {
2168 if (ldisc->ops->fasync)
2169 ldisc->ops->fasync(tty, on);
2170 tty_ldisc_deref(ldisc);
2171 }
2172
2173 if (on) {
2174 enum pid_type type;
2175 struct pid *pid;
2176
2177 spin_lock_irqsave(&tty->ctrl_lock, flags);
2178 if (tty->pgrp) {
2179 pid = tty->pgrp;
2180 type = PIDTYPE_PGID;
2181 } else {
2182 pid = task_pid(current);
2183 type = PIDTYPE_PID;
2184 }
2185 get_pid(pid);
2186 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2187 __f_setown(filp, pid, type, 0);
2188 put_pid(pid);
2189 retval = 0;
2190 }
2191out:
2192 return retval;
2193}
2194
2195static int tty_fasync(int fd, struct file *filp, int on)
2196{
2197 struct tty_struct *tty = file_tty(filp);
2198 int retval;
2199
2200 tty_lock(tty);
2201 retval = __tty_fasync(fd, filp, on);
2202 tty_unlock(tty);
2203
2204 return retval;
2205}
2206
2207/**
2208 * tiocsti - fake input character
2209 * @tty: tty to fake input into
2210 * @p: pointer to character
2211 *
2212 * Fake input to a tty device. Does the necessary locking and
2213 * input management.
2214 *
2215 * FIXME: does not honour flow control ??
2216 *
2217 * Locking:
2218 * Called functions take tty_ldiscs_lock
2219 * current->signal->tty check is safe without locks
2220 *
2221 * FIXME: may race normal receive processing
2222 */
2223
2224static int tiocsti(struct tty_struct *tty, char __user *p)
2225{
2226 char ch, mbz = 0;
2227 struct tty_ldisc *ld;
2228
2229 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2230 return -EPERM;
2231 if (get_user(ch, p))
2232 return -EFAULT;
2233 tty_audit_tiocsti(tty, ch);
2234 ld = tty_ldisc_ref_wait(tty);
2235 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2236 tty_ldisc_deref(ld);
2237 return 0;
2238}
2239
2240/**
2241 * tiocgwinsz - implement window query ioctl
2242 * @tty; tty
2243 * @arg: user buffer for result
2244 *
2245 * Copies the kernel idea of the window size into the user buffer.
2246 *
2247 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2248 * is consistent.
2249 */
2250
2251static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2252{
2253 int err;
2254
2255 mutex_lock(&tty->winsize_mutex);
2256 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2257 mutex_unlock(&tty->winsize_mutex);
2258
2259 return err ? -EFAULT: 0;
2260}
2261
2262/**
2263 * tty_do_resize - resize event
2264 * @tty: tty being resized
2265 * @rows: rows (character)
2266 * @cols: cols (character)
2267 *
2268 * Update the termios variables and send the necessary signals to
2269 * peform a terminal resize correctly
2270 */
2271
2272int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2273{
2274 struct pid *pgrp;
2275 unsigned long flags;
2276
2277 /* Lock the tty */
2278 mutex_lock(&tty->winsize_mutex);
2279 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2280 goto done;
2281 /* Get the PID values and reference them so we can
2282 avoid holding the tty ctrl lock while sending signals */
2283 spin_lock_irqsave(&tty->ctrl_lock, flags);
2284 pgrp = get_pid(tty->pgrp);
2285 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2286
2287 if (pgrp)
2288 kill_pgrp(pgrp, SIGWINCH, 1);
2289 put_pid(pgrp);
2290
2291 tty->winsize = *ws;
2292done:
2293 mutex_unlock(&tty->winsize_mutex);
2294 return 0;
2295}
2296EXPORT_SYMBOL(tty_do_resize);
2297
2298/**
2299 * tiocswinsz - implement window size set ioctl
2300 * @tty; tty side of tty
2301 * @arg: user buffer for result
2302 *
2303 * Copies the user idea of the window size to the kernel. Traditionally
2304 * this is just advisory information but for the Linux console it
2305 * actually has driver level meaning and triggers a VC resize.
2306 *
2307 * Locking:
2308 * Driver dependent. The default do_resize method takes the
2309 * tty termios mutex and ctrl_lock. The console takes its own lock
2310 * then calls into the default method.
2311 */
2312
2313static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2314{
2315 struct winsize tmp_ws;
2316 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2317 return -EFAULT;
2318
2319 if (tty->ops->resize)
2320 return tty->ops->resize(tty, &tmp_ws);
2321 else
2322 return tty_do_resize(tty, &tmp_ws);
2323}
2324
2325/**
2326 * tioccons - allow admin to move logical console
2327 * @file: the file to become console
2328 *
2329 * Allow the administrator to move the redirected console device
2330 *
2331 * Locking: uses redirect_lock to guard the redirect information
2332 */
2333
2334static int tioccons(struct file *file)
2335{
2336 if (!capable(CAP_SYS_ADMIN))
2337 return -EPERM;
2338 if (file->f_op->write == redirected_tty_write) {
2339 struct file *f;
2340 spin_lock(&redirect_lock);
2341 f = redirect;
2342 redirect = NULL;
2343 spin_unlock(&redirect_lock);
2344 if (f)
2345 fput(f);
2346 return 0;
2347 }
2348 spin_lock(&redirect_lock);
2349 if (redirect) {
2350 spin_unlock(&redirect_lock);
2351 return -EBUSY;
2352 }
2353 redirect = get_file(file);
2354 spin_unlock(&redirect_lock);
2355 return 0;
2356}
2357
2358/**
2359 * fionbio - non blocking ioctl
2360 * @file: file to set blocking value
2361 * @p: user parameter
2362 *
2363 * Historical tty interfaces had a blocking control ioctl before
2364 * the generic functionality existed. This piece of history is preserved
2365 * in the expected tty API of posix OS's.
2366 *
2367 * Locking: none, the open file handle ensures it won't go away.
2368 */
2369
2370static int fionbio(struct file *file, int __user *p)
2371{
2372 int nonblock;
2373
2374 if (get_user(nonblock, p))
2375 return -EFAULT;
2376
2377 spin_lock(&file->f_lock);
2378 if (nonblock)
2379 file->f_flags |= O_NONBLOCK;
2380 else
2381 file->f_flags &= ~O_NONBLOCK;
2382 spin_unlock(&file->f_lock);
2383 return 0;
2384}
2385
2386/**
2387 * tiocsctty - set controlling tty
2388 * @tty: tty structure
2389 * @arg: user argument
2390 *
2391 * This ioctl is used to manage job control. It permits a session
2392 * leader to set this tty as the controlling tty for the session.
2393 *
2394 * Locking:
2395 * Takes tty_mutex() to protect tty instance
2396 * Takes tasklist_lock internally to walk sessions
2397 * Takes ->siglock() when updating signal->tty
2398 */
2399
2400static int tiocsctty(struct tty_struct *tty, int arg)
2401{
2402 int ret = 0;
2403 if (current->signal->leader && (task_session(current) == tty->session))
2404 return ret;
2405
2406 mutex_lock(&tty_mutex);
2407 /*
2408 * The process must be a session leader and
2409 * not have a controlling tty already.
2410 */
2411 if (!current->signal->leader || current->signal->tty) {
2412 ret = -EPERM;
2413 goto unlock;
2414 }
2415
2416 if (tty->session) {
2417 /*
2418 * This tty is already the controlling
2419 * tty for another session group!
2420 */
2421 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2422 /*
2423 * Steal it away
2424 */
2425 read_lock(&tasklist_lock);
2426 session_clear_tty(tty->session);
2427 read_unlock(&tasklist_lock);
2428 } else {
2429 ret = -EPERM;
2430 goto unlock;
2431 }
2432 }
2433 proc_set_tty(current, tty);
2434unlock:
2435 mutex_unlock(&tty_mutex);
2436 return ret;
2437}
2438
2439/**
2440 * tty_get_pgrp - return a ref counted pgrp pid
2441 * @tty: tty to read
2442 *
2443 * Returns a refcounted instance of the pid struct for the process
2444 * group controlling the tty.
2445 */
2446
2447struct pid *tty_get_pgrp(struct tty_struct *tty)
2448{
2449 unsigned long flags;
2450 struct pid *pgrp;
2451
2452 spin_lock_irqsave(&tty->ctrl_lock, flags);
2453 pgrp = get_pid(tty->pgrp);
2454 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2455
2456 return pgrp;
2457}
2458EXPORT_SYMBOL_GPL(tty_get_pgrp);
2459
2460/**
2461 * tiocgpgrp - get process group
2462 * @tty: tty passed by user
2463 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2464 * @p: returned pid
2465 *
2466 * Obtain the process group of the tty. If there is no process group
2467 * return an error.
2468 *
2469 * Locking: none. Reference to current->signal->tty is safe.
2470 */
2471
2472static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2473{
2474 struct pid *pid;
2475 int ret;
2476 /*
2477 * (tty == real_tty) is a cheap way of
2478 * testing if the tty is NOT a master pty.
2479 */
2480 if (tty == real_tty && current->signal->tty != real_tty)
2481 return -ENOTTY;
2482 pid = tty_get_pgrp(real_tty);
2483 ret = put_user(pid_vnr(pid), p);
2484 put_pid(pid);
2485 return ret;
2486}
2487
2488/**
2489 * tiocspgrp - attempt to set process group
2490 * @tty: tty passed by user
2491 * @real_tty: tty side device matching tty passed by user
2492 * @p: pid pointer
2493 *
2494 * Set the process group of the tty to the session passed. Only
2495 * permitted where the tty session is our session.
2496 *
2497 * Locking: RCU, ctrl lock
2498 */
2499
2500static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2501{
2502 struct pid *pgrp;
2503 pid_t pgrp_nr;
2504 int retval = tty_check_change(real_tty);
2505 unsigned long flags;
2506
2507 if (retval == -EIO)
2508 return -ENOTTY;
2509 if (retval)
2510 return retval;
2511 if (!current->signal->tty ||
2512 (current->signal->tty != real_tty) ||
2513 (real_tty->session != task_session(current)))
2514 return -ENOTTY;
2515 if (get_user(pgrp_nr, p))
2516 return -EFAULT;
2517 if (pgrp_nr < 0)
2518 return -EINVAL;
2519 rcu_read_lock();
2520 pgrp = find_vpid(pgrp_nr);
2521 retval = -ESRCH;
2522 if (!pgrp)
2523 goto out_unlock;
2524 retval = -EPERM;
2525 if (session_of_pgrp(pgrp) != task_session(current))
2526 goto out_unlock;
2527 retval = 0;
2528 spin_lock_irqsave(&tty->ctrl_lock, flags);
2529 put_pid(real_tty->pgrp);
2530 real_tty->pgrp = get_pid(pgrp);
2531 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2532out_unlock:
2533 rcu_read_unlock();
2534 return retval;
2535}
2536
2537/**
2538 * tiocgsid - get session id
2539 * @tty: tty passed by user
2540 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2541 * @p: pointer to returned session id
2542 *
2543 * Obtain the session id of the tty. If there is no session
2544 * return an error.
2545 *
2546 * Locking: none. Reference to current->signal->tty is safe.
2547 */
2548
2549static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2550{
2551 /*
2552 * (tty == real_tty) is a cheap way of
2553 * testing if the tty is NOT a master pty.
2554 */
2555 if (tty == real_tty && current->signal->tty != real_tty)
2556 return -ENOTTY;
2557 if (!real_tty->session)
2558 return -ENOTTY;
2559 return put_user(pid_vnr(real_tty->session), p);
2560}
2561
2562/**
2563 * tiocsetd - set line discipline
2564 * @tty: tty device
2565 * @p: pointer to user data
2566 *
2567 * Set the line discipline according to user request.
2568 *
2569 * Locking: see tty_set_ldisc, this function is just a helper
2570 */
2571
2572static int tiocsetd(struct tty_struct *tty, int __user *p)
2573{
2574 int ldisc;
2575 int ret;
2576
2577 if (get_user(ldisc, p))
2578 return -EFAULT;
2579
2580 ret = tty_set_ldisc(tty, ldisc);
2581
2582 return ret;
2583}
2584
2585/**
2586 * send_break - performed time break
2587 * @tty: device to break on
2588 * @duration: timeout in mS
2589 *
2590 * Perform a timed break on hardware that lacks its own driver level
2591 * timed break functionality.
2592 *
2593 * Locking:
2594 * atomic_write_lock serializes
2595 *
2596 */
2597
2598static int send_break(struct tty_struct *tty, unsigned int duration)
2599{
2600 int retval;
2601
2602 if (tty->ops->break_ctl == NULL)
2603 return 0;
2604
2605 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2606 retval = tty->ops->break_ctl(tty, duration);
2607 else {
2608 /* Do the work ourselves */
2609 if (tty_write_lock(tty, 0) < 0)
2610 return -EINTR;
2611 retval = tty->ops->break_ctl(tty, -1);
2612 if (retval)
2613 goto out;
2614 if (!signal_pending(current))
2615 msleep_interruptible(duration);
2616 retval = tty->ops->break_ctl(tty, 0);
2617out:
2618 tty_write_unlock(tty);
2619 if (signal_pending(current))
2620 retval = -EINTR;
2621 }
2622 return retval;
2623}
2624
2625/**
2626 * tty_tiocmget - get modem status
2627 * @tty: tty device
2628 * @file: user file pointer
2629 * @p: pointer to result
2630 *
2631 * Obtain the modem status bits from the tty driver if the feature
2632 * is supported. Return -EINVAL if it is not available.
2633 *
2634 * Locking: none (up to the driver)
2635 */
2636
2637static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2638{
2639 int retval = -EINVAL;
2640
2641 if (tty->ops->tiocmget) {
2642 retval = tty->ops->tiocmget(tty);
2643
2644 if (retval >= 0)
2645 retval = put_user(retval, p);
2646 }
2647 return retval;
2648}
2649
2650/**
2651 * tty_tiocmset - set modem status
2652 * @tty: tty device
2653 * @cmd: command - clear bits, set bits or set all
2654 * @p: pointer to desired bits
2655 *
2656 * Set the modem status bits from the tty driver if the feature
2657 * is supported. Return -EINVAL if it is not available.
2658 *
2659 * Locking: none (up to the driver)
2660 */
2661
2662static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2663 unsigned __user *p)
2664{
2665 int retval;
2666 unsigned int set, clear, val;
2667
2668 if (tty->ops->tiocmset == NULL)
2669 return -EINVAL;
2670
2671 retval = get_user(val, p);
2672 if (retval)
2673 return retval;
2674 set = clear = 0;
2675 switch (cmd) {
2676 case TIOCMBIS:
2677 set = val;
2678 break;
2679 case TIOCMBIC:
2680 clear = val;
2681 break;
2682 case TIOCMSET:
2683 set = val;
2684 clear = ~val;
2685 break;
2686 }
2687 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2688 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2689 return tty->ops->tiocmset(tty, set, clear);
2690}
2691
2692static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2693{
2694 int retval = -EINVAL;
2695 struct serial_icounter_struct icount;
2696 memset(&icount, 0, sizeof(icount));
2697 if (tty->ops->get_icount)
2698 retval = tty->ops->get_icount(tty, &icount);
2699 if (retval != 0)
2700 return retval;
2701 if (copy_to_user(arg, &icount, sizeof(icount)))
2702 return -EFAULT;
2703 return 0;
2704}
2705
2706/*
2707 * if pty, return the slave side (real_tty)
2708 * otherwise, return self
2709 */
2710static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2711{
2712 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2713 tty->driver->subtype == PTY_TYPE_MASTER)
2714 tty = tty->link;
2715 return tty;
2716}
2717
2718/*
2719 * Split this up, as gcc can choke on it otherwise..
2720 */
2721long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2722{
2723 struct tty_struct *tty = file_tty(file);
2724 struct tty_struct *real_tty;
2725 void __user *p = (void __user *)arg;
2726 int retval;
2727 struct tty_ldisc *ld;
2728
2729 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2730 return -EINVAL;
2731
2732 real_tty = tty_pair_get_tty(tty);
2733
2734 /*
2735 * Factor out some common prep work
2736 */
2737 switch (cmd) {
2738 case TIOCSETD:
2739 case TIOCSBRK:
2740 case TIOCCBRK:
2741 case TCSBRK:
2742 case TCSBRKP:
2743 retval = tty_check_change(tty);
2744 if (retval)
2745 return retval;
2746 if (cmd != TIOCCBRK) {
2747 tty_wait_until_sent(tty, 0);
2748 if (signal_pending(current))
2749 return -EINTR;
2750 }
2751 break;
2752 }
2753
2754 /*
2755 * Now do the stuff.
2756 */
2757 switch (cmd) {
2758 case TIOCSTI:
2759 return tiocsti(tty, p);
2760 case TIOCGWINSZ:
2761 return tiocgwinsz(real_tty, p);
2762 case TIOCSWINSZ:
2763 return tiocswinsz(real_tty, p);
2764 case TIOCCONS:
2765 return real_tty != tty ? -EINVAL : tioccons(file);
2766 case FIONBIO:
2767 return fionbio(file, p);
2768 case TIOCEXCL:
2769 set_bit(TTY_EXCLUSIVE, &tty->flags);
2770 return 0;
2771 case TIOCNXCL:
2772 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2773 return 0;
2774 case TIOCGEXCL:
2775 {
2776 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2777 return put_user(excl, (int __user *)p);
2778 }
2779 case TIOCNOTTY:
2780 if (current->signal->tty != tty)
2781 return -ENOTTY;
2782 no_tty();
2783 return 0;
2784 case TIOCSCTTY:
2785 return tiocsctty(tty, arg);
2786 case TIOCGPGRP:
2787 return tiocgpgrp(tty, real_tty, p);
2788 case TIOCSPGRP:
2789 return tiocspgrp(tty, real_tty, p);
2790 case TIOCGSID:
2791 return tiocgsid(tty, real_tty, p);
2792 case TIOCGETD:
2793 return put_user(tty->ldisc->ops->num, (int __user *)p);
2794 case TIOCSETD:
2795 return tiocsetd(tty, p);
2796 case TIOCVHANGUP:
2797 if (!capable(CAP_SYS_ADMIN))
2798 return -EPERM;
2799 tty_vhangup(tty);
2800 return 0;
2801 case TIOCGDEV:
2802 {
2803 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2804 return put_user(ret, (unsigned int __user *)p);
2805 }
2806 /*
2807 * Break handling
2808 */
2809 case TIOCSBRK: /* Turn break on, unconditionally */
2810 if (tty->ops->break_ctl)
2811 return tty->ops->break_ctl(tty, -1);
2812 return 0;
2813 case TIOCCBRK: /* Turn break off, unconditionally */
2814 if (tty->ops->break_ctl)
2815 return tty->ops->break_ctl(tty, 0);
2816 return 0;
2817 case TCSBRK: /* SVID version: non-zero arg --> no break */
2818 /* non-zero arg means wait for all output data
2819 * to be sent (performed above) but don't send break.
2820 * This is used by the tcdrain() termios function.
2821 */
2822 if (!arg)
2823 return send_break(tty, 250);
2824 return 0;
2825 case TCSBRKP: /* support for POSIX tcsendbreak() */
2826 return send_break(tty, arg ? arg*100 : 250);
2827
2828 case TIOCMGET:
2829 return tty_tiocmget(tty, p);
2830 case TIOCMSET:
2831 case TIOCMBIC:
2832 case TIOCMBIS:
2833 return tty_tiocmset(tty, cmd, p);
2834 case TIOCGICOUNT:
2835 retval = tty_tiocgicount(tty, p);
2836 /* For the moment allow fall through to the old method */
2837 if (retval != -EINVAL)
2838 return retval;
2839 break;
2840 case TCFLSH:
2841 switch (arg) {
2842 case TCIFLUSH:
2843 case TCIOFLUSH:
2844 /* flush tty buffer and allow ldisc to process ioctl */
2845 tty_buffer_flush(tty);
2846 break;
2847 }
2848 break;
2849 }
2850 if (tty->ops->ioctl) {
2851 retval = (tty->ops->ioctl)(tty, cmd, arg);
2852 if (retval != -ENOIOCTLCMD)
2853 return retval;
2854 }
2855 ld = tty_ldisc_ref_wait(tty);
2856 retval = -EINVAL;
2857 if (ld->ops->ioctl) {
2858 retval = ld->ops->ioctl(tty, file, cmd, arg);
2859 if (retval == -ENOIOCTLCMD)
2860 retval = -ENOTTY;
2861 }
2862 tty_ldisc_deref(ld);
2863 return retval;
2864}
2865
2866#ifdef CONFIG_COMPAT
2867static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2868 unsigned long arg)
2869{
2870 struct tty_struct *tty = file_tty(file);
2871 struct tty_ldisc *ld;
2872 int retval = -ENOIOCTLCMD;
2873
2874 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2875 return -EINVAL;
2876
2877 if (tty->ops->compat_ioctl) {
2878 retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2879 if (retval != -ENOIOCTLCMD)
2880 return retval;
2881 }
2882
2883 ld = tty_ldisc_ref_wait(tty);
2884 if (ld->ops->compat_ioctl)
2885 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2886 else
2887 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2888 tty_ldisc_deref(ld);
2889
2890 return retval;
2891}
2892#endif
2893
2894static int this_tty(const void *t, struct file *file, unsigned fd)
2895{
2896 if (likely(file->f_op->read != tty_read))
2897 return 0;
2898 return file_tty(file) != t ? 0 : fd + 1;
2899}
2900
2901/*
2902 * This implements the "Secure Attention Key" --- the idea is to
2903 * prevent trojan horses by killing all processes associated with this
2904 * tty when the user hits the "Secure Attention Key". Required for
2905 * super-paranoid applications --- see the Orange Book for more details.
2906 *
2907 * This code could be nicer; ideally it should send a HUP, wait a few
2908 * seconds, then send a INT, and then a KILL signal. But you then
2909 * have to coordinate with the init process, since all processes associated
2910 * with the current tty must be dead before the new getty is allowed
2911 * to spawn.
2912 *
2913 * Now, if it would be correct ;-/ The current code has a nasty hole -
2914 * it doesn't catch files in flight. We may send the descriptor to ourselves
2915 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2916 *
2917 * Nasty bug: do_SAK is being called in interrupt context. This can
2918 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2919 */
2920void __do_SAK(struct tty_struct *tty)
2921{
2922#ifdef TTY_SOFT_SAK
2923 tty_hangup(tty);
2924#else
2925 struct task_struct *g, *p;
2926 struct pid *session;
2927 int i;
2928
2929 if (!tty)
2930 return;
2931 session = tty->session;
2932
2933 tty_ldisc_flush(tty);
2934
2935 tty_driver_flush_buffer(tty);
2936
2937 read_lock(&tasklist_lock);
2938 /* Kill the entire session */
2939 do_each_pid_task(session, PIDTYPE_SID, p) {
2940 printk(KERN_NOTICE "SAK: killed process %d"
2941 " (%s): task_session(p)==tty->session\n",
2942 task_pid_nr(p), p->comm);
2943 send_sig(SIGKILL, p, 1);
2944 } while_each_pid_task(session, PIDTYPE_SID, p);
2945 /* Now kill any processes that happen to have the
2946 * tty open.
2947 */
2948 do_each_thread(g, p) {
2949 if (p->signal->tty == tty) {
2950 printk(KERN_NOTICE "SAK: killed process %d"
2951 " (%s): task_session(p)==tty->session\n",
2952 task_pid_nr(p), p->comm);
2953 send_sig(SIGKILL, p, 1);
2954 continue;
2955 }
2956 task_lock(p);
2957 i = iterate_fd(p->files, 0, this_tty, tty);
2958 if (i != 0) {
2959 printk(KERN_NOTICE "SAK: killed process %d"
2960 " (%s): fd#%d opened to the tty\n",
2961 task_pid_nr(p), p->comm, i - 1);
2962 force_sig(SIGKILL, p);
2963 }
2964 task_unlock(p);
2965 } while_each_thread(g, p);
2966 read_unlock(&tasklist_lock);
2967#endif
2968}
2969
2970static void do_SAK_work(struct work_struct *work)
2971{
2972 struct tty_struct *tty =
2973 container_of(work, struct tty_struct, SAK_work);
2974 __do_SAK(tty);
2975}
2976
2977/*
2978 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2979 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2980 * the values which we write to it will be identical to the values which it
2981 * already has. --akpm
2982 */
2983void do_SAK(struct tty_struct *tty)
2984{
2985 if (!tty)
2986 return;
2987 schedule_work(&tty->SAK_work);
2988}
2989
2990EXPORT_SYMBOL(do_SAK);
2991
2992static int dev_match_devt(struct device *dev, const void *data)
2993{
2994 const dev_t *devt = data;
2995 return dev->devt == *devt;
2996}
2997
2998/* Must put_device() after it's unused! */
2999static struct device *tty_get_device(struct tty_struct *tty)
3000{
3001 dev_t devt = tty_devnum(tty);
3002 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
3003}
3004
3005
3006/**
3007 * alloc_tty_struct
3008 *
3009 * This subroutine allocates and initializes a tty structure.
3010 *
3011 * Locking: none - tty in question is not exposed at this point
3012 */
3013
3014struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3015{
3016 struct tty_struct *tty;
3017
3018 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3019 if (!tty)
3020 return NULL;
3021
3022 kref_init(&tty->kref);
3023 tty->magic = TTY_MAGIC;
3024 tty_ldisc_init(tty);
3025 tty->session = NULL;
3026 tty->pgrp = NULL;
3027 mutex_init(&tty->legacy_mutex);
3028 mutex_init(&tty->throttle_mutex);
3029 init_rwsem(&tty->termios_rwsem);
3030 mutex_init(&tty->winsize_mutex);
3031 init_ldsem(&tty->ldisc_sem);
3032 init_waitqueue_head(&tty->write_wait);
3033 init_waitqueue_head(&tty->read_wait);
3034 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3035 mutex_init(&tty->atomic_write_lock);
3036 spin_lock_init(&tty->ctrl_lock);
3037 spin_lock_init(&tty->flow_lock);
3038 INIT_LIST_HEAD(&tty->tty_files);
3039 INIT_WORK(&tty->SAK_work, do_SAK_work);
3040
3041 tty->driver = driver;
3042 tty->ops = driver->ops;
3043 tty->index = idx;
3044 tty_line_name(driver, idx, tty->name);
3045 tty->dev = tty_get_device(tty);
3046
3047 return tty;
3048}
3049
3050/**
3051 * deinitialize_tty_struct
3052 * @tty: tty to deinitialize
3053 *
3054 * This subroutine deinitializes a tty structure that has been newly
3055 * allocated but tty_release cannot be called on that yet.
3056 *
3057 * Locking: none - tty in question must not be exposed at this point
3058 */
3059void deinitialize_tty_struct(struct tty_struct *tty)
3060{
3061 tty_ldisc_deinit(tty);
3062}
3063
3064/**
3065 * tty_put_char - write one character to a tty
3066 * @tty: tty
3067 * @ch: character
3068 *
3069 * Write one byte to the tty using the provided put_char method
3070 * if present. Returns the number of characters successfully output.
3071 *
3072 * Note: the specific put_char operation in the driver layer may go
3073 * away soon. Don't call it directly, use this method
3074 */
3075
3076int tty_put_char(struct tty_struct *tty, unsigned char ch)
3077{
3078 if (tty->ops->put_char)
3079 return tty->ops->put_char(tty, ch);
3080 return tty->ops->write(tty, &ch, 1);
3081}
3082EXPORT_SYMBOL_GPL(tty_put_char);
3083
3084struct class *tty_class;
3085
3086static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3087 unsigned int index, unsigned int count)
3088{
3089 /* init here, since reused cdevs cause crashes */
3090 cdev_init(&driver->cdevs[index], &tty_fops);
3091 driver->cdevs[index].owner = driver->owner;
3092 return cdev_add(&driver->cdevs[index], dev, count);
3093}
3094
3095/**
3096 * tty_register_device - register a tty device
3097 * @driver: the tty driver that describes the tty device
3098 * @index: the index in the tty driver for this tty device
3099 * @device: a struct device that is associated with this tty device.
3100 * This field is optional, if there is no known struct device
3101 * for this tty device it can be set to NULL safely.
3102 *
3103 * Returns a pointer to the struct device for this tty device
3104 * (or ERR_PTR(-EFOO) on error).
3105 *
3106 * This call is required to be made to register an individual tty device
3107 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3108 * that bit is not set, this function should not be called by a tty
3109 * driver.
3110 *
3111 * Locking: ??
3112 */
3113
3114struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3115 struct device *device)
3116{
3117 return tty_register_device_attr(driver, index, device, NULL, NULL);
3118}
3119EXPORT_SYMBOL(tty_register_device);
3120
3121static void tty_device_create_release(struct device *dev)
3122{
3123 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3124 kfree(dev);
3125}
3126
3127/**
3128 * tty_register_device_attr - register a tty device
3129 * @driver: the tty driver that describes the tty device
3130 * @index: the index in the tty driver for this tty device
3131 * @device: a struct device that is associated with this tty device.
3132 * This field is optional, if there is no known struct device
3133 * for this tty device it can be set to NULL safely.
3134 * @drvdata: Driver data to be set to device.
3135 * @attr_grp: Attribute group to be set on device.
3136 *
3137 * Returns a pointer to the struct device for this tty device
3138 * (or ERR_PTR(-EFOO) on error).
3139 *
3140 * This call is required to be made to register an individual tty device
3141 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3142 * that bit is not set, this function should not be called by a tty
3143 * driver.
3144 *
3145 * Locking: ??
3146 */
3147struct device *tty_register_device_attr(struct tty_driver *driver,
3148 unsigned index, struct device *device,
3149 void *drvdata,
3150 const struct attribute_group **attr_grp)
3151{
3152 char name[64];
3153 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3154 struct device *dev = NULL;
3155 int retval = -ENODEV;
3156 bool cdev = false;
3157
3158 if (index >= driver->num) {
3159 printk(KERN_ERR "Attempt to register invalid tty line number "
3160 " (%d).\n", index);
3161 return ERR_PTR(-EINVAL);
3162 }
3163
3164 if (driver->type == TTY_DRIVER_TYPE_PTY)
3165 pty_line_name(driver, index, name);
3166 else
3167 tty_line_name(driver, index, name);
3168
3169 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3170 retval = tty_cdev_add(driver, devt, index, 1);
3171 if (retval)
3172 goto error;
3173 cdev = true;
3174 }
3175
3176 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3177 if (!dev) {
3178 retval = -ENOMEM;
3179 goto error;
3180 }
3181
3182 dev->devt = devt;
3183 dev->class = tty_class;
3184 dev->parent = device;
3185 dev->release = tty_device_create_release;
3186 dev_set_name(dev, "%s", name);
3187 dev->groups = attr_grp;
3188 dev_set_drvdata(dev, drvdata);
3189
3190 retval = device_register(dev);
3191 if (retval)
3192 goto error;
3193
3194 return dev;
3195
3196error:
3197 put_device(dev);
3198 if (cdev)
3199 cdev_del(&driver->cdevs[index]);
3200 return ERR_PTR(retval);
3201}
3202EXPORT_SYMBOL_GPL(tty_register_device_attr);
3203
3204/**
3205 * tty_unregister_device - unregister a tty device
3206 * @driver: the tty driver that describes the tty device
3207 * @index: the index in the tty driver for this tty device
3208 *
3209 * If a tty device is registered with a call to tty_register_device() then
3210 * this function must be called when the tty device is gone.
3211 *
3212 * Locking: ??
3213 */
3214
3215void tty_unregister_device(struct tty_driver *driver, unsigned index)
3216{
3217 device_destroy(tty_class,
3218 MKDEV(driver->major, driver->minor_start) + index);
3219 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3220 cdev_del(&driver->cdevs[index]);
3221}
3222EXPORT_SYMBOL(tty_unregister_device);
3223
3224/**
3225 * __tty_alloc_driver -- allocate tty driver
3226 * @lines: count of lines this driver can handle at most
3227 * @owner: module which is repsonsible for this driver
3228 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3229 *
3230 * This should not be called directly, some of the provided macros should be
3231 * used instead. Use IS_ERR and friends on @retval.
3232 */
3233struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3234 unsigned long flags)
3235{
3236 struct tty_driver *driver;
3237 unsigned int cdevs = 1;
3238 int err;
3239
3240 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3241 return ERR_PTR(-EINVAL);
3242
3243 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3244 if (!driver)
3245 return ERR_PTR(-ENOMEM);
3246
3247 kref_init(&driver->kref);
3248 driver->magic = TTY_DRIVER_MAGIC;
3249 driver->num = lines;
3250 driver->owner = owner;
3251 driver->flags = flags;
3252
3253 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3254 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3255 GFP_KERNEL);
3256 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3257 GFP_KERNEL);
3258 if (!driver->ttys || !driver->termios) {
3259 err = -ENOMEM;
3260 goto err_free_all;
3261 }
3262 }
3263
3264 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3265 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3266 GFP_KERNEL);
3267 if (!driver->ports) {
3268 err = -ENOMEM;
3269 goto err_free_all;
3270 }
3271 cdevs = lines;
3272 }
3273
3274 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3275 if (!driver->cdevs) {
3276 err = -ENOMEM;
3277 goto err_free_all;
3278 }
3279
3280 return driver;
3281err_free_all:
3282 kfree(driver->ports);
3283 kfree(driver->ttys);
3284 kfree(driver->termios);
3285 kfree(driver);
3286 return ERR_PTR(err);
3287}
3288EXPORT_SYMBOL(__tty_alloc_driver);
3289
3290static void destruct_tty_driver(struct kref *kref)
3291{
3292 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3293 int i;
3294 struct ktermios *tp;
3295
3296 if (driver->flags & TTY_DRIVER_INSTALLED) {
3297 /*
3298 * Free the termios and termios_locked structures because
3299 * we don't want to get memory leaks when modular tty
3300 * drivers are removed from the kernel.
3301 */
3302 for (i = 0; i < driver->num; i++) {
3303 tp = driver->termios[i];
3304 if (tp) {
3305 driver->termios[i] = NULL;
3306 kfree(tp);
3307 }
3308 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3309 tty_unregister_device(driver, i);
3310 }
3311 proc_tty_unregister_driver(driver);
3312 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3313 cdev_del(&driver->cdevs[0]);
3314 }
3315 kfree(driver->cdevs);
3316 kfree(driver->ports);
3317 kfree(driver->termios);
3318 kfree(driver->ttys);
3319 kfree(driver);
3320}
3321
3322void tty_driver_kref_put(struct tty_driver *driver)
3323{
3324 kref_put(&driver->kref, destruct_tty_driver);
3325}
3326EXPORT_SYMBOL(tty_driver_kref_put);
3327
3328void tty_set_operations(struct tty_driver *driver,
3329 const struct tty_operations *op)
3330{
3331 driver->ops = op;
3332};
3333EXPORT_SYMBOL(tty_set_operations);
3334
3335void put_tty_driver(struct tty_driver *d)
3336{
3337 tty_driver_kref_put(d);
3338}
3339EXPORT_SYMBOL(put_tty_driver);
3340
3341/*
3342 * Called by a tty driver to register itself.
3343 */
3344int tty_register_driver(struct tty_driver *driver)
3345{
3346 int error;
3347 int i;
3348 dev_t dev;
3349 struct device *d;
3350
3351 if (!driver->major) {
3352 error = alloc_chrdev_region(&dev, driver->minor_start,
3353 driver->num, driver->name);
3354 if (!error) {
3355 driver->major = MAJOR(dev);
3356 driver->minor_start = MINOR(dev);
3357 }
3358 } else {
3359 dev = MKDEV(driver->major, driver->minor_start);
3360 error = register_chrdev_region(dev, driver->num, driver->name);
3361 }
3362 if (error < 0)
3363 goto err;
3364
3365 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3366 error = tty_cdev_add(driver, dev, 0, driver->num);
3367 if (error)
3368 goto err_unreg_char;
3369 }
3370
3371 mutex_lock(&tty_mutex);
3372 list_add(&driver->tty_drivers, &tty_drivers);
3373 mutex_unlock(&tty_mutex);
3374
3375 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3376 for (i = 0; i < driver->num; i++) {
3377 d = tty_register_device(driver, i, NULL);
3378 if (IS_ERR(d)) {
3379 error = PTR_ERR(d);
3380 goto err_unreg_devs;
3381 }
3382 }
3383 }
3384 proc_tty_register_driver(driver);
3385 driver->flags |= TTY_DRIVER_INSTALLED;
3386 return 0;
3387
3388err_unreg_devs:
3389 for (i--; i >= 0; i--)
3390 tty_unregister_device(driver, i);
3391
3392 mutex_lock(&tty_mutex);
3393 list_del(&driver->tty_drivers);
3394 mutex_unlock(&tty_mutex);
3395
3396err_unreg_char:
3397 unregister_chrdev_region(dev, driver->num);
3398err:
3399 return error;
3400}
3401EXPORT_SYMBOL(tty_register_driver);
3402
3403/*
3404 * Called by a tty driver to unregister itself.
3405 */
3406int tty_unregister_driver(struct tty_driver *driver)
3407{
3408#if 0
3409 /* FIXME */
3410 if (driver->refcount)
3411 return -EBUSY;
3412#endif
3413 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3414 driver->num);
3415 mutex_lock(&tty_mutex);
3416 list_del(&driver->tty_drivers);
3417 mutex_unlock(&tty_mutex);
3418 return 0;
3419}
3420
3421EXPORT_SYMBOL(tty_unregister_driver);
3422
3423dev_t tty_devnum(struct tty_struct *tty)
3424{
3425 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3426}
3427EXPORT_SYMBOL(tty_devnum);
3428
3429void proc_clear_tty(struct task_struct *p)
3430{
3431 unsigned long flags;
3432 struct tty_struct *tty;
3433 spin_lock_irqsave(&p->sighand->siglock, flags);
3434 tty = p->signal->tty;
3435 p->signal->tty = NULL;
3436 spin_unlock_irqrestore(&p->sighand->siglock, flags);
3437 tty_kref_put(tty);
3438}
3439
3440/* Called under the sighand lock */
3441
3442static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3443{
3444 if (tty) {
3445 unsigned long flags;
3446 /* We should not have a session or pgrp to put here but.... */
3447 spin_lock_irqsave(&tty->ctrl_lock, flags);
3448 put_pid(tty->session);
3449 put_pid(tty->pgrp);
3450 tty->pgrp = get_pid(task_pgrp(tsk));
3451 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3452 tty->session = get_pid(task_session(tsk));
3453 if (tsk->signal->tty) {
3454 printk(KERN_DEBUG "tty not NULL!!\n");
3455 tty_kref_put(tsk->signal->tty);
3456 }
3457 }
3458 put_pid(tsk->signal->tty_old_pgrp);
3459 tsk->signal->tty = tty_kref_get(tty);
3460 tsk->signal->tty_old_pgrp = NULL;
3461}
3462
3463static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3464{
3465 spin_lock_irq(&tsk->sighand->siglock);
3466 __proc_set_tty(tsk, tty);
3467 spin_unlock_irq(&tsk->sighand->siglock);
3468}
3469
3470struct tty_struct *get_current_tty(void)
3471{
3472 struct tty_struct *tty;
3473 unsigned long flags;
3474
3475 spin_lock_irqsave(&current->sighand->siglock, flags);
3476 tty = tty_kref_get(current->signal->tty);
3477 spin_unlock_irqrestore(&current->sighand->siglock, flags);
3478 return tty;
3479}
3480EXPORT_SYMBOL_GPL(get_current_tty);
3481
3482void tty_default_fops(struct file_operations *fops)
3483{
3484 *fops = tty_fops;
3485}
3486
3487/*
3488 * Initialize the console device. This is called *early*, so
3489 * we can't necessarily depend on lots of kernel help here.
3490 * Just do some early initializations, and do the complex setup
3491 * later.
3492 */
3493void __init console_init(void)
3494{
3495 initcall_t *call;
3496
3497 /* Setup the default TTY line discipline. */
3498 tty_ldisc_begin();
3499
3500 /*
3501 * set up the console device so that later boot sequences can
3502 * inform about problems etc..
3503 */
3504 call = __con_initcall_start;
3505 while (call < __con_initcall_end) {
3506 (*call)();
3507 call++;
3508 }
3509}
3510
3511static char *tty_devnode(struct device *dev, umode_t *mode)
3512{
3513 if (!mode)
3514 return NULL;
3515 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3516 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3517 *mode = 0666;
3518 return NULL;
3519}
3520
3521static int __init tty_class_init(void)
3522{
3523 tty_class = class_create(THIS_MODULE, "tty");
3524 if (IS_ERR(tty_class))
3525 return PTR_ERR(tty_class);
3526 tty_class->devnode = tty_devnode;
3527 return 0;
3528}
3529
3530postcore_initcall(tty_class_init);
3531
3532/* 3/2004 jmc: why do these devices exist? */
3533static struct cdev tty_cdev, console_cdev;
3534
3535static ssize_t show_cons_active(struct device *dev,
3536 struct device_attribute *attr, char *buf)
3537{
3538 struct console *cs[16];
3539 int i = 0;
3540 struct console *c;
3541 ssize_t count = 0;
3542
3543 console_lock();
3544 for_each_console(c) {
3545 if (!c->device)
3546 continue;
3547 if (!c->write)
3548 continue;
3549 if ((c->flags & CON_ENABLED) == 0)
3550 continue;
3551 cs[i++] = c;
3552 if (i >= ARRAY_SIZE(cs))
3553 break;
3554 }
3555 while (i--) {
3556 int index = cs[i]->index;
3557 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3558
3559 /* don't resolve tty0 as some programs depend on it */
3560 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3561 count += tty_line_name(drv, index, buf + count);
3562 else
3563 count += sprintf(buf + count, "%s%d",
3564 cs[i]->name, cs[i]->index);
3565
3566 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3567 }
3568 console_unlock();
3569
3570 return count;
3571}
3572static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3573
3574static struct device *consdev;
3575
3576void console_sysfs_notify(void)
3577{
3578 if (consdev)
3579 sysfs_notify(&consdev->kobj, NULL, "active");
3580}
3581
3582/*
3583 * Ok, now we can initialize the rest of the tty devices and can count
3584 * on memory allocations, interrupts etc..
3585 */
3586int __init tty_init(void)
3587{
3588 cdev_init(&tty_cdev, &tty_fops);
3589 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3590 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3591 panic("Couldn't register /dev/tty driver\n");
3592 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3593
3594 cdev_init(&console_cdev, &console_fops);
3595 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3596 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3597 panic("Couldn't register /dev/console driver\n");
3598 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3599 "console");
3600 if (IS_ERR(consdev))
3601 consdev = NULL;
3602 else
3603 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3604
3605#ifdef CONFIG_VT
3606 vty_init(&console_fops);
3607#endif
3608 return 0;
3609}
3610
Linux 6.x block layer and io_uring tree(s)