projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
tty: BKL pushdown
[linux-2.6-block.git] / drivers / char / tty_io.c
... / ...
CommitLineData
1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67 */
68
69#include <linux/types.h>
70#include <linux/major.h>
71#include <linux/errno.h>
72#include <linux/signal.h>
73#include <linux/fcntl.h>
74#include <linux/sched.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/console.h>
82#include <linux/timer.h>
83#include <linux/ctype.h>
84#include <linux/kd.h>
85#include <linux/mm.h>
86#include <linux/string.h>
87#include <linux/slab.h>
88#include <linux/poll.h>
89#include <linux/proc_fs.h>
90#include <linux/init.h>
91#include <linux/module.h>
92#include <linux/smp_lock.h>
93#include <linux/device.h>
94#include <linux/idr.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
97#include <linux/delay.h>
98
99#include <asm/uaccess.h>
100#include <asm/system.h>
101
102#include <linux/kbd_kern.h>
103#include <linux/vt_kern.h>
104#include <linux/selection.h>
105
106#include <linux/kmod.h>
107#include <linux/nsproxy.h>
108
109#undef TTY_DEBUG_HANGUP
110
111#define TTY_PARANOIA_CHECK 1
112#define CHECK_TTY_COUNT 1
113
114struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
115 .c_iflag = ICRNL | IXON,
116 .c_oflag = OPOST | ONLCR,
117 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119 ECHOCTL | ECHOKE | IEXTEN,
120 .c_cc = INIT_C_CC,
121 .c_ispeed = 38400,
122 .c_ospeed = 38400
123};
124
125EXPORT_SYMBOL(tty_std_termios);
126
127/* This list gets poked at by procfs and various bits of boot up code. This
128 could do with some rationalisation such as pulling the tty proc function
129 into this file */
130
131LIST_HEAD(tty_drivers); /* linked list of tty drivers */
132
133/* Mutex to protect creating and releasing a tty. This is shared with
134 vt.c for deeply disgusting hack reasons */
135DEFINE_MUTEX(tty_mutex);
136EXPORT_SYMBOL(tty_mutex);
137
138#ifdef CONFIG_UNIX98_PTYS
139extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
140extern int pty_limit; /* Config limit on Unix98 ptys */
141static DEFINE_IDR(allocated_ptys);
142static DEFINE_MUTEX(allocated_ptys_lock);
143static int ptmx_open(struct inode *, struct file *);
144#endif
145
146static void initialize_tty_struct(struct tty_struct *tty);
147
148static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
149static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
150ssize_t redirected_tty_write(struct file *, const char __user *,
151 size_t, loff_t *);
152static unsigned int tty_poll(struct file *, poll_table *);
153static int tty_open(struct inode *, struct file *);
154static int tty_release(struct inode *, struct file *);
155long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
156#ifdef CONFIG_COMPAT
157static long tty_compat_ioctl(struct file *file, unsigned int cmd,
158 unsigned long arg);
159#else
160#define tty_compat_ioctl NULL
161#endif
162static int tty_fasync(int fd, struct file *filp, int on);
163static void release_tty(struct tty_struct *tty, int idx);
164static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
165static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
166
167/**
168 * alloc_tty_struct - allocate a tty object
169 *
170 * Return a new empty tty structure. The data fields have not
171 * been initialized in any way but has been zeroed
172 *
173 * Locking: none
174 */
175
176static struct tty_struct *alloc_tty_struct(void)
177{
178 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
179}
180
181static void tty_buffer_free_all(struct tty_struct *);
182
183/**
184 * free_tty_struct - free a disused tty
185 * @tty: tty struct to free
186 *
187 * Free the write buffers, tty queue and tty memory itself.
188 *
189 * Locking: none. Must be called after tty is definitely unused
190 */
191
192static inline void free_tty_struct(struct tty_struct *tty)
193{
194 kfree(tty->write_buf);
195 tty_buffer_free_all(tty);
196 kfree(tty);
197}
198
199#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
200
201/**
202 * tty_name - return tty naming
203 * @tty: tty structure
204 * @buf: buffer for output
205 *
206 * Convert a tty structure into a name. The name reflects the kernel
207 * naming policy and if udev is in use may not reflect user space
208 *
209 * Locking: none
210 */
211
212char *tty_name(struct tty_struct *tty, char *buf)
213{
214 if (!tty) /* Hmm. NULL pointer. That's fun. */
215 strcpy(buf, "NULL tty");
216 else
217 strcpy(buf, tty->name);
218 return buf;
219}
220
221EXPORT_SYMBOL(tty_name);
222
223int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
224 const char *routine)
225{
226#ifdef TTY_PARANOIA_CHECK
227 if (!tty) {
228 printk(KERN_WARNING
229 "null TTY for (%d:%d) in %s\n",
230 imajor(inode), iminor(inode), routine);
231 return 1;
232 }
233 if (tty->magic != TTY_MAGIC) {
234 printk(KERN_WARNING
235 "bad magic number for tty struct (%d:%d) in %s\n",
236 imajor(inode), iminor(inode), routine);
237 return 1;
238 }
239#endif
240 return 0;
241}
242
243static int check_tty_count(struct tty_struct *tty, const char *routine)
244{
245#ifdef CHECK_TTY_COUNT
246 struct list_head *p;
247 int count = 0;
248
249 file_list_lock();
250 list_for_each(p, &tty->tty_files) {
251 count++;
252 }
253 file_list_unlock();
254 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
255 tty->driver->subtype == PTY_TYPE_SLAVE &&
256 tty->link && tty->link->count)
257 count++;
258 if (tty->count != count) {
259 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
260 "!= #fd's(%d) in %s\n",
261 tty->name, tty->count, count, routine);
262 return count;
263 }
264#endif
265 return 0;
266}
267
268/*
269 * Tty buffer allocation management
270 */
271
272/**
273 * tty_buffer_free_all - free buffers used by a tty
274 * @tty: tty to free from
275 *
276 * Remove all the buffers pending on a tty whether queued with data
277 * or in the free ring. Must be called when the tty is no longer in use
278 *
279 * Locking: none
280 */
281
282static void tty_buffer_free_all(struct tty_struct *tty)
283{
284 struct tty_buffer *thead;
285 while ((thead = tty->buf.head) != NULL) {
286 tty->buf.head = thead->next;
287 kfree(thead);
288 }
289 while ((thead = tty->buf.free) != NULL) {
290 tty->buf.free = thead->next;
291 kfree(thead);
292 }
293 tty->buf.tail = NULL;
294 tty->buf.memory_used = 0;
295}
296
297/**
298 * tty_buffer_init - prepare a tty buffer structure
299 * @tty: tty to initialise
300 *
301 * Set up the initial state of the buffer management for a tty device.
302 * Must be called before the other tty buffer functions are used.
303 *
304 * Locking: none
305 */
306
307static void tty_buffer_init(struct tty_struct *tty)
308{
309 spin_lock_init(&tty->buf.lock);
310 tty->buf.head = NULL;
311 tty->buf.tail = NULL;
312 tty->buf.free = NULL;
313 tty->buf.memory_used = 0;
314}
315
316/**
317 * tty_buffer_alloc - allocate a tty buffer
318 * @tty: tty device
319 * @size: desired size (characters)
320 *
321 * Allocate a new tty buffer to hold the desired number of characters.
322 * Return NULL if out of memory or the allocation would exceed the
323 * per device queue
324 *
325 * Locking: Caller must hold tty->buf.lock
326 */
327
328static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
329{
330 struct tty_buffer *p;
331
332 if (tty->buf.memory_used + size > 65536)
333 return NULL;
334 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
335 if (p == NULL)
336 return NULL;
337 p->used = 0;
338 p->size = size;
339 p->next = NULL;
340 p->commit = 0;
341 p->read = 0;
342 p->char_buf_ptr = (char *)(p->data);
343 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
344 tty->buf.memory_used += size;
345 return p;
346}
347
348/**
349 * tty_buffer_free - free a tty buffer
350 * @tty: tty owning the buffer
351 * @b: the buffer to free
352 *
353 * Free a tty buffer, or add it to the free list according to our
354 * internal strategy
355 *
356 * Locking: Caller must hold tty->buf.lock
357 */
358
359static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
360{
361 /* Dumb strategy for now - should keep some stats */
362 tty->buf.memory_used -= b->size;
363 WARN_ON(tty->buf.memory_used < 0);
364
365 if (b->size >= 512)
366 kfree(b);
367 else {
368 b->next = tty->buf.free;
369 tty->buf.free = b;
370 }
371}
372
373/**
374 * __tty_buffer_flush - flush full tty buffers
375 * @tty: tty to flush
376 *
377 * flush all the buffers containing receive data. Caller must
378 * hold the buffer lock and must have ensured no parallel flush to
379 * ldisc is running.
380 *
381 * Locking: Caller must hold tty->buf.lock
382 */
383
384static void __tty_buffer_flush(struct tty_struct *tty)
385{
386 struct tty_buffer *thead;
387
388 while ((thead = tty->buf.head) != NULL) {
389 tty->buf.head = thead->next;
390 tty_buffer_free(tty, thead);
391 }
392 tty->buf.tail = NULL;
393}
394
395/**
396 * tty_buffer_flush - flush full tty buffers
397 * @tty: tty to flush
398 *
399 * flush all the buffers containing receive data. If the buffer is
400 * being processed by flush_to_ldisc then we defer the processing
401 * to that function
402 *
403 * Locking: none
404 */
405
406static void tty_buffer_flush(struct tty_struct *tty)
407{
408 unsigned long flags;
409 spin_lock_irqsave(&tty->buf.lock, flags);
410
411 /* If the data is being pushed to the tty layer then we can't
412 process it here. Instead set a flag and the flush_to_ldisc
413 path will process the flush request before it exits */
414 if (test_bit(TTY_FLUSHING, &tty->flags)) {
415 set_bit(TTY_FLUSHPENDING, &tty->flags);
416 spin_unlock_irqrestore(&tty->buf.lock, flags);
417 wait_event(tty->read_wait,
418 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
419 return;
420 } else
421 __tty_buffer_flush(tty);
422 spin_unlock_irqrestore(&tty->buf.lock, flags);
423}
424
425/**
426 * tty_buffer_find - find a free tty buffer
427 * @tty: tty owning the buffer
428 * @size: characters wanted
429 *
430 * Locate an existing suitable tty buffer or if we are lacking one then
431 * allocate a new one. We round our buffers off in 256 character chunks
432 * to get better allocation behaviour.
433 *
434 * Locking: Caller must hold tty->buf.lock
435 */
436
437static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
438{
439 struct tty_buffer **tbh = &tty->buf.free;
440 while ((*tbh) != NULL) {
441 struct tty_buffer *t = *tbh;
442 if (t->size >= size) {
443 *tbh = t->next;
444 t->next = NULL;
445 t->used = 0;
446 t->commit = 0;
447 t->read = 0;
448 tty->buf.memory_used += t->size;
449 return t;
450 }
451 tbh = &((*tbh)->next);
452 }
453 /* Round the buffer size out */
454 size = (size + 0xFF) & ~0xFF;
455 return tty_buffer_alloc(tty, size);
456 /* Should possibly check if this fails for the largest buffer we
457 have queued and recycle that ? */
458}
459
460/**
461 * tty_buffer_request_room - grow tty buffer if needed
462 * @tty: tty structure
463 * @size: size desired
464 *
465 * Make at least size bytes of linear space available for the tty
466 * buffer. If we fail return the size we managed to find.
467 *
468 * Locking: Takes tty->buf.lock
469 */
470int tty_buffer_request_room(struct tty_struct *tty, size_t size)
471{
472 struct tty_buffer *b, *n;
473 int left;
474 unsigned long flags;
475
476 spin_lock_irqsave(&tty->buf.lock, flags);
477
478 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
479 remove this conditional if its worth it. This would be invisible
480 to the callers */
481 if ((b = tty->buf.tail) != NULL)
482 left = b->size - b->used;
483 else
484 left = 0;
485
486 if (left < size) {
487 /* This is the slow path - looking for new buffers to use */
488 if ((n = tty_buffer_find(tty, size)) != NULL) {
489 if (b != NULL) {
490 b->next = n;
491 b->commit = b->used;
492 } else
493 tty->buf.head = n;
494 tty->buf.tail = n;
495 } else
496 size = left;
497 }
498
499 spin_unlock_irqrestore(&tty->buf.lock, flags);
500 return size;
501}
502EXPORT_SYMBOL_GPL(tty_buffer_request_room);
503
504/**
505 * tty_insert_flip_string - Add characters to the tty buffer
506 * @tty: tty structure
507 * @chars: characters
508 * @size: size
509 *
510 * Queue a series of bytes to the tty buffering. All the characters
511 * passed are marked as without error. Returns the number added.
512 *
513 * Locking: Called functions may take tty->buf.lock
514 */
515
516int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
517 size_t size)
518{
519 int copied = 0;
520 do {
521 int space = tty_buffer_request_room(tty, size - copied);
522 struct tty_buffer *tb = tty->buf.tail;
523 /* If there is no space then tb may be NULL */
524 if (unlikely(space == 0))
525 break;
526 memcpy(tb->char_buf_ptr + tb->used, chars, space);
527 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
528 tb->used += space;
529 copied += space;
530 chars += space;
531 /* There is a small chance that we need to split the data over
532 several buffers. If this is the case we must loop */
533 } while (unlikely(size > copied));
534 return copied;
535}
536EXPORT_SYMBOL(tty_insert_flip_string);
537
538/**
539 * tty_insert_flip_string_flags - Add characters to the tty buffer
540 * @tty: tty structure
541 * @chars: characters
542 * @flags: flag bytes
543 * @size: size
544 *
545 * Queue a series of bytes to the tty buffering. For each character
546 * the flags array indicates the status of the character. Returns the
547 * number added.
548 *
549 * Locking: Called functions may take tty->buf.lock
550 */
551
552int tty_insert_flip_string_flags(struct tty_struct *tty,
553 const unsigned char *chars, const char *flags, size_t size)
554{
555 int copied = 0;
556 do {
557 int space = tty_buffer_request_room(tty, size - copied);
558 struct tty_buffer *tb = tty->buf.tail;
559 /* If there is no space then tb may be NULL */
560 if (unlikely(space == 0))
561 break;
562 memcpy(tb->char_buf_ptr + tb->used, chars, space);
563 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
564 tb->used += space;
565 copied += space;
566 chars += space;
567 flags += space;
568 /* There is a small chance that we need to split the data over
569 several buffers. If this is the case we must loop */
570 } while (unlikely(size > copied));
571 return copied;
572}
573EXPORT_SYMBOL(tty_insert_flip_string_flags);
574
575/**
576 * tty_schedule_flip - push characters to ldisc
577 * @tty: tty to push from
578 *
579 * Takes any pending buffers and transfers their ownership to the
580 * ldisc side of the queue. It then schedules those characters for
581 * processing by the line discipline.
582 *
583 * Locking: Takes tty->buf.lock
584 */
585
586void tty_schedule_flip(struct tty_struct *tty)
587{
588 unsigned long flags;
589 spin_lock_irqsave(&tty->buf.lock, flags);
590 if (tty->buf.tail != NULL)
591 tty->buf.tail->commit = tty->buf.tail->used;
592 spin_unlock_irqrestore(&tty->buf.lock, flags);
593 schedule_delayed_work(&tty->buf.work, 1);
594}
595EXPORT_SYMBOL(tty_schedule_flip);
596
597/**
598 * tty_prepare_flip_string - make room for characters
599 * @tty: tty
600 * @chars: return pointer for character write area
601 * @size: desired size
602 *
603 * Prepare a block of space in the buffer for data. Returns the length
604 * available and buffer pointer to the space which is now allocated and
605 * accounted for as ready for normal characters. This is used for drivers
606 * that need their own block copy routines into the buffer. There is no
607 * guarantee the buffer is a DMA target!
608 *
609 * Locking: May call functions taking tty->buf.lock
610 */
611
612int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
613 size_t size)
614{
615 int space = tty_buffer_request_room(tty, size);
616 if (likely(space)) {
617 struct tty_buffer *tb = tty->buf.tail;
618 *chars = tb->char_buf_ptr + tb->used;
619 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
620 tb->used += space;
621 }
622 return space;
623}
624
625EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
626
627/**
628 * tty_prepare_flip_string_flags - make room for characters
629 * @tty: tty
630 * @chars: return pointer for character write area
631 * @flags: return pointer for status flag write area
632 * @size: desired size
633 *
634 * Prepare a block of space in the buffer for data. Returns the length
635 * available and buffer pointer to the space which is now allocated and
636 * accounted for as ready for characters. This is used for drivers
637 * that need their own block copy routines into the buffer. There is no
638 * guarantee the buffer is a DMA target!
639 *
640 * Locking: May call functions taking tty->buf.lock
641 */
642
643int tty_prepare_flip_string_flags(struct tty_struct *tty,
644 unsigned char **chars, char **flags, size_t size)
645{
646 int space = tty_buffer_request_room(tty, size);
647 if (likely(space)) {
648 struct tty_buffer *tb = tty->buf.tail;
649 *chars = tb->char_buf_ptr + tb->used;
650 *flags = tb->flag_buf_ptr + tb->used;
651 tb->used += space;
652 }
653 return space;
654}
655
656EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
657
658
659
660/**
661 * tty_set_termios_ldisc - set ldisc field
662 * @tty: tty structure
663 * @num: line discipline number
664 *
665 * This is probably overkill for real world processors but
666 * they are not on hot paths so a little discipline won't do
667 * any harm.
668 *
669 * Locking: takes termios_mutex
670 */
671
672static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
673{
674 mutex_lock(&tty->termios_mutex);
675 tty->termios->c_line = num;
676 mutex_unlock(&tty->termios_mutex);
677}
678
679/*
680 * This guards the refcounted line discipline lists. The lock
681 * must be taken with irqs off because there are hangup path
682 * callers who will do ldisc lookups and cannot sleep.
683 */
684
685static DEFINE_SPINLOCK(tty_ldisc_lock);
686static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
687/* Line disc dispatch table */
688static struct tty_ldisc tty_ldiscs[NR_LDISCS];
689
690/**
691 * tty_register_ldisc - install a line discipline
692 * @disc: ldisc number
693 * @new_ldisc: pointer to the ldisc object
694 *
695 * Installs a new line discipline into the kernel. The discipline
696 * is set up as unreferenced and then made available to the kernel
697 * from this point onwards.
698 *
699 * Locking:
700 * takes tty_ldisc_lock to guard against ldisc races
701 */
702
703int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
704{
705 unsigned long flags;
706 int ret = 0;
707
708 if (disc < N_TTY || disc >= NR_LDISCS)
709 return -EINVAL;
710
711 spin_lock_irqsave(&tty_ldisc_lock, flags);
712 tty_ldiscs[disc] = *new_ldisc;
713 tty_ldiscs[disc].num = disc;
714 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
715 tty_ldiscs[disc].refcount = 0;
716 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
717
718 return ret;
719}
720EXPORT_SYMBOL(tty_register_ldisc);
721
722/**
723 * tty_unregister_ldisc - unload a line discipline
724 * @disc: ldisc number
725 * @new_ldisc: pointer to the ldisc object
726 *
727 * Remove a line discipline from the kernel providing it is not
728 * currently in use.
729 *
730 * Locking:
731 * takes tty_ldisc_lock to guard against ldisc races
732 */
733
734int tty_unregister_ldisc(int disc)
735{
736 unsigned long flags;
737 int ret = 0;
738
739 if (disc < N_TTY || disc >= NR_LDISCS)
740 return -EINVAL;
741
742 spin_lock_irqsave(&tty_ldisc_lock, flags);
743 if (tty_ldiscs[disc].refcount)
744 ret = -EBUSY;
745 else
746 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
747 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
748
749 return ret;
750}
751EXPORT_SYMBOL(tty_unregister_ldisc);
752
753/**
754 * tty_ldisc_get - take a reference to an ldisc
755 * @disc: ldisc number
756 *
757 * Takes a reference to a line discipline. Deals with refcounts and
758 * module locking counts. Returns NULL if the discipline is not available.
759 * Returns a pointer to the discipline and bumps the ref count if it is
760 * available
761 *
762 * Locking:
763 * takes tty_ldisc_lock to guard against ldisc races
764 */
765
766struct tty_ldisc *tty_ldisc_get(int disc)
767{
768 unsigned long flags;
769 struct tty_ldisc *ld;
770
771 if (disc < N_TTY || disc >= NR_LDISCS)
772 return NULL;
773
774 spin_lock_irqsave(&tty_ldisc_lock, flags);
775
776 ld = &tty_ldiscs[disc];
777 /* Check the entry is defined */
778 if (ld->flags & LDISC_FLAG_DEFINED) {
779 /* If the module is being unloaded we can't use it */
780 if (!try_module_get(ld->owner))
781 ld = NULL;
782 else /* lock it */
783 ld->refcount++;
784 } else
785 ld = NULL;
786 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
787 return ld;
788}
789
790EXPORT_SYMBOL_GPL(tty_ldisc_get);
791
792/**
793 * tty_ldisc_put - drop ldisc reference
794 * @disc: ldisc number
795 *
796 * Drop a reference to a line discipline. Manage refcounts and
797 * module usage counts
798 *
799 * Locking:
800 * takes tty_ldisc_lock to guard against ldisc races
801 */
802
803void tty_ldisc_put(int disc)
804{
805 struct tty_ldisc *ld;
806 unsigned long flags;
807
808 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
809
810 spin_lock_irqsave(&tty_ldisc_lock, flags);
811 ld = &tty_ldiscs[disc];
812 BUG_ON(ld->refcount == 0);
813 ld->refcount--;
814 module_put(ld->owner);
815 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
816}
817
818EXPORT_SYMBOL_GPL(tty_ldisc_put);
819
820/**
821 * tty_ldisc_assign - set ldisc on a tty
822 * @tty: tty to assign
823 * @ld: line discipline
824 *
825 * Install an instance of a line discipline into a tty structure. The
826 * ldisc must have a reference count above zero to ensure it remains/
827 * The tty instance refcount starts at zero.
828 *
829 * Locking:
830 * Caller must hold references
831 */
832
833static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
834{
835 tty->ldisc = *ld;
836 tty->ldisc.refcount = 0;
837}
838
839/**
840 * tty_ldisc_try - internal helper
841 * @tty: the tty
842 *
843 * Make a single attempt to grab and bump the refcount on
844 * the tty ldisc. Return 0 on failure or 1 on success. This is
845 * used to implement both the waiting and non waiting versions
846 * of tty_ldisc_ref
847 *
848 * Locking: takes tty_ldisc_lock
849 */
850
851static int tty_ldisc_try(struct tty_struct *tty)
852{
853 unsigned long flags;
854 struct tty_ldisc *ld;
855 int ret = 0;
856
857 spin_lock_irqsave(&tty_ldisc_lock, flags);
858 ld = &tty->ldisc;
859 if (test_bit(TTY_LDISC, &tty->flags)) {
860 ld->refcount++;
861 ret = 1;
862 }
863 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
864 return ret;
865}
866
867/**
868 * tty_ldisc_ref_wait - wait for the tty ldisc
869 * @tty: tty device
870 *
871 * Dereference the line discipline for the terminal and take a
872 * reference to it. If the line discipline is in flux then
873 * wait patiently until it changes.
874 *
875 * Note: Must not be called from an IRQ/timer context. The caller
876 * must also be careful not to hold other locks that will deadlock
877 * against a discipline change, such as an existing ldisc reference
878 * (which we check for)
879 *
880 * Locking: call functions take tty_ldisc_lock
881 */
882
883struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
884{
885 /* wait_event is a macro */
886 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
887 if (tty->ldisc.refcount == 0)
888 printk(KERN_ERR "tty_ldisc_ref_wait\n");
889 return &tty->ldisc;
890}
891
892EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
893
894/**
895 * tty_ldisc_ref - get the tty ldisc
896 * @tty: tty device
897 *
898 * Dereference the line discipline for the terminal and take a
899 * reference to it. If the line discipline is in flux then
900 * return NULL. Can be called from IRQ and timer functions.
901 *
902 * Locking: called functions take tty_ldisc_lock
903 */
904
905struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
906{
907 if (tty_ldisc_try(tty))
908 return &tty->ldisc;
909 return NULL;
910}
911
912EXPORT_SYMBOL_GPL(tty_ldisc_ref);
913
914/**
915 * tty_ldisc_deref - free a tty ldisc reference
916 * @ld: reference to free up
917 *
918 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
919 * be called in IRQ context.
920 *
921 * Locking: takes tty_ldisc_lock
922 */
923
924void tty_ldisc_deref(struct tty_ldisc *ld)
925{
926 unsigned long flags;
927
928 BUG_ON(ld == NULL);
929
930 spin_lock_irqsave(&tty_ldisc_lock, flags);
931 if (ld->refcount == 0)
932 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
933 else
934 ld->refcount--;
935 if (ld->refcount == 0)
936 wake_up(&tty_ldisc_wait);
937 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
938}
939
940EXPORT_SYMBOL_GPL(tty_ldisc_deref);
941
942/**
943 * tty_ldisc_enable - allow ldisc use
944 * @tty: terminal to activate ldisc on
945 *
946 * Set the TTY_LDISC flag when the line discipline can be called
947 * again. Do necessary wakeups for existing sleepers.
948 *
949 * Note: nobody should set this bit except via this function. Clearing
950 * directly is allowed.
951 */
952
953static void tty_ldisc_enable(struct tty_struct *tty)
954{
955 set_bit(TTY_LDISC, &tty->flags);
956 wake_up(&tty_ldisc_wait);
957}
958
959/**
960 * tty_set_ldisc - set line discipline
961 * @tty: the terminal to set
962 * @ldisc: the line discipline
963 *
964 * Set the discipline of a tty line. Must be called from a process
965 * context.
966 *
967 * Locking: takes tty_ldisc_lock.
968 * called functions take termios_mutex
969 */
970
971static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
972{
973 int retval = 0;
974 struct tty_ldisc o_ldisc;
975 char buf[64];
976 int work;
977 unsigned long flags;
978 struct tty_ldisc *ld;
979 struct tty_struct *o_tty;
980
981 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
982 return -EINVAL;
983
984restart:
985
986 ld = tty_ldisc_get(ldisc);
987 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
988 /* Cyrus Durgin <cider@speakeasy.org> */
989 if (ld == NULL) {
990 request_module("tty-ldisc-%d", ldisc);
991 ld = tty_ldisc_get(ldisc);
992 }
993 if (ld == NULL)
994 return -EINVAL;
995
996 /*
997 * Problem: What do we do if this blocks ?
998 */
999
1000 tty_wait_until_sent(tty, 0);
1001
1002 if (tty->ldisc.num == ldisc) {
1003 tty_ldisc_put(ldisc);
1004 return 0;
1005 }
1006
1007 /*
1008 * No more input please, we are switching. The new ldisc
1009 * will update this value in the ldisc open function
1010 */
1011
1012 tty->receive_room = 0;
1013
1014 o_ldisc = tty->ldisc;
1015 o_tty = tty->link;
1016
1017 /*
1018 * Make sure we don't change while someone holds a
1019 * reference to the line discipline. The TTY_LDISC bit
1020 * prevents anyone taking a reference once it is clear.
1021 * We need the lock to avoid racing reference takers.
1022 */
1023
1024 spin_lock_irqsave(&tty_ldisc_lock, flags);
1025 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
1026 if (tty->ldisc.refcount) {
1027 /* Free the new ldisc we grabbed. Must drop the lock
1028 first. */
1029 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1030 tty_ldisc_put(ldisc);
1031 /*
1032 * There are several reasons we may be busy, including
1033 * random momentary I/O traffic. We must therefore
1034 * retry. We could distinguish between blocking ops
1035 * and retries if we made tty_ldisc_wait() smarter.
1036 * That is up for discussion.
1037 */
1038 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1039 return -ERESTARTSYS;
1040 goto restart;
1041 }
1042 if (o_tty && o_tty->ldisc.refcount) {
1043 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1044 tty_ldisc_put(ldisc);
1045 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1046 return -ERESTARTSYS;
1047 goto restart;
1048 }
1049 }
1050 /*
1051 * If the TTY_LDISC bit is set, then we are racing against
1052 * another ldisc change
1053 */
1054 if (!test_bit(TTY_LDISC, &tty->flags)) {
1055 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1056 tty_ldisc_put(ldisc);
1057 ld = tty_ldisc_ref_wait(tty);
1058 tty_ldisc_deref(ld);
1059 goto restart;
1060 }
1061
1062 clear_bit(TTY_LDISC, &tty->flags);
1063 if (o_tty)
1064 clear_bit(TTY_LDISC, &o_tty->flags);
1065 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1066
1067 /*
1068 * From this point on we know nobody has an ldisc
1069 * usage reference, nor can they obtain one until
1070 * we say so later on.
1071 */
1072
1073 work = cancel_delayed_work(&tty->buf.work);
1074 /*
1075 * Wait for ->hangup_work and ->buf.work handlers to terminate
1076 */
1077 flush_scheduled_work();
1078 /* Shutdown the current discipline. */
1079 if (tty->ldisc.close)
1080 (tty->ldisc.close)(tty);
1081
1082 /* Now set up the new line discipline. */
1083 tty_ldisc_assign(tty, ld);
1084 tty_set_termios_ldisc(tty, ldisc);
1085 if (tty->ldisc.open)
1086 retval = (tty->ldisc.open)(tty);
1087 if (retval < 0) {
1088 tty_ldisc_put(ldisc);
1089 /* There is an outstanding reference here so this is safe */
1090 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1091 tty_set_termios_ldisc(tty, tty->ldisc.num);
1092 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1093 tty_ldisc_put(o_ldisc.num);
1094 /* This driver is always present */
1095 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1096 tty_set_termios_ldisc(tty, N_TTY);
1097 if (tty->ldisc.open) {
1098 int r = tty->ldisc.open(tty);
1099
1100 if (r < 0)
1101 panic("Couldn't open N_TTY ldisc for "
1102 "%s --- error %d.",
1103 tty_name(tty, buf), r);
1104 }
1105 }
1106 }
1107 /* At this point we hold a reference to the new ldisc and a
1108 a reference to the old ldisc. If we ended up flipping back
1109 to the existing ldisc we have two references to it */
1110
1111 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1112 tty->driver->set_ldisc(tty);
1113
1114 tty_ldisc_put(o_ldisc.num);
1115
1116 /*
1117 * Allow ldisc referencing to occur as soon as the driver
1118 * ldisc callback completes.
1119 */
1120
1121 tty_ldisc_enable(tty);
1122 if (o_tty)
1123 tty_ldisc_enable(o_tty);
1124
1125 /* Restart it in case no characters kick it off. Safe if
1126 already running */
1127 if (work)
1128 schedule_delayed_work(&tty->buf.work, 1);
1129 return retval;
1130}
1131
1132/**
1133 * get_tty_driver - find device of a tty
1134 * @dev_t: device identifier
1135 * @index: returns the index of the tty
1136 *
1137 * This routine returns a tty driver structure, given a device number
1138 * and also passes back the index number.
1139 *
1140 * Locking: caller must hold tty_mutex
1141 */
1142
1143static struct tty_driver *get_tty_driver(dev_t device, int *index)
1144{
1145 struct tty_driver *p;
1146
1147 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1148 dev_t base = MKDEV(p->major, p->minor_start);
1149 if (device < base || device >= base + p->num)
1150 continue;
1151 *index = device - base;
1152 return p;
1153 }
1154 return NULL;
1155}
1156
1157#ifdef CONFIG_CONSOLE_POLL
1158
1159/**
1160 * tty_find_polling_driver - find device of a polled tty
1161 * @name: name string to match
1162 * @line: pointer to resulting tty line nr
1163 *
1164 * This routine returns a tty driver structure, given a name
1165 * and the condition that the tty driver is capable of polled
1166 * operation.
1167 */
1168struct tty_driver *tty_find_polling_driver(char *name, int *line)
1169{
1170 struct tty_driver *p, *res = NULL;
1171 int tty_line = 0;
1172 char *str;
1173
1174 mutex_lock(&tty_mutex);
1175 /* Search through the tty devices to look for a match */
1176 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1177 str = name + strlen(p->name);
1178 tty_line = simple_strtoul(str, &str, 10);
1179 if (*str == ',')
1180 str++;
1181 if (*str == '\0')
1182 str = NULL;
1183
1184 if (tty_line >= 0 && tty_line <= p->num && p->poll_init &&
1185 !p->poll_init(p, tty_line, str)) {
1186
1187 res = p;
1188 *line = tty_line;
1189 break;
1190 }
1191 }
1192 mutex_unlock(&tty_mutex);
1193
1194 return res;
1195}
1196EXPORT_SYMBOL_GPL(tty_find_polling_driver);
1197#endif
1198
1199/**
1200 * tty_check_change - check for POSIX terminal changes
1201 * @tty: tty to check
1202 *
1203 * If we try to write to, or set the state of, a terminal and we're
1204 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1205 * ignored, go ahead and perform the operation. (POSIX 7.2)
1206 *
1207 * Locking: none - FIXME: review this
1208 */
1209
1210int tty_check_change(struct tty_struct *tty)
1211{
1212 if (current->signal->tty != tty)
1213 return 0;
1214 if (!tty->pgrp) {
1215 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1216 return 0;
1217 }
1218 if (task_pgrp(current) == tty->pgrp)
1219 return 0;
1220 if (is_ignored(SIGTTOU))
1221 return 0;
1222 if (is_current_pgrp_orphaned())
1223 return -EIO;
1224 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1225 set_thread_flag(TIF_SIGPENDING);
1226 return -ERESTARTSYS;
1227}
1228
1229EXPORT_SYMBOL(tty_check_change);
1230
1231static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1232 size_t count, loff_t *ppos)
1233{
1234 return 0;
1235}
1236
1237static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1238 size_t count, loff_t *ppos)
1239{
1240 return -EIO;
1241}
1242
1243/* No kernel lock held - none needed ;) */
1244static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1245{
1246 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1247}
1248
1249static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
1250 unsigned long arg)
1251{
1252 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1253}
1254
1255static long hung_up_tty_compat_ioctl(struct file *file,
1256 unsigned int cmd, unsigned long arg)
1257{
1258 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1259}
1260
1261static const struct file_operations tty_fops = {
1262 .llseek = no_llseek,
1263 .read = tty_read,
1264 .write = tty_write,
1265 .poll = tty_poll,
1266 .unlocked_ioctl = tty_ioctl,
1267 .compat_ioctl = tty_compat_ioctl,
1268 .open = tty_open,
1269 .release = tty_release,
1270 .fasync = tty_fasync,
1271};
1272
1273#ifdef CONFIG_UNIX98_PTYS
1274static const struct file_operations ptmx_fops = {
1275 .llseek = no_llseek,
1276 .read = tty_read,
1277 .write = tty_write,
1278 .poll = tty_poll,
1279 .unlocked_ioctl = tty_ioctl,
1280 .compat_ioctl = tty_compat_ioctl,
1281 .open = ptmx_open,
1282 .release = tty_release,
1283 .fasync = tty_fasync,
1284};
1285#endif
1286
1287static const struct file_operations console_fops = {
1288 .llseek = no_llseek,
1289 .read = tty_read,
1290 .write = redirected_tty_write,
1291 .poll = tty_poll,
1292 .unlocked_ioctl = tty_ioctl,
1293 .compat_ioctl = tty_compat_ioctl,
1294 .open = tty_open,
1295 .release = tty_release,
1296 .fasync = tty_fasync,
1297};
1298
1299static const struct file_operations hung_up_tty_fops = {
1300 .llseek = no_llseek,
1301 .read = hung_up_tty_read,
1302 .write = hung_up_tty_write,
1303 .poll = hung_up_tty_poll,
1304 .unlocked_ioctl = hung_up_tty_ioctl,
1305 .compat_ioctl = hung_up_tty_compat_ioctl,
1306 .release = tty_release,
1307};
1308
1309static DEFINE_SPINLOCK(redirect_lock);
1310static struct file *redirect;
1311
1312/**
1313 * tty_wakeup - request more data
1314 * @tty: terminal
1315 *
1316 * Internal and external helper for wakeups of tty. This function
1317 * informs the line discipline if present that the driver is ready
1318 * to receive more output data.
1319 */
1320
1321void tty_wakeup(struct tty_struct *tty)
1322{
1323 struct tty_ldisc *ld;
1324
1325 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1326 ld = tty_ldisc_ref(tty);
1327 if (ld) {
1328 if (ld->write_wakeup)
1329 ld->write_wakeup(tty);
1330 tty_ldisc_deref(ld);
1331 }
1332 }
1333 wake_up_interruptible(&tty->write_wait);
1334}
1335
1336EXPORT_SYMBOL_GPL(tty_wakeup);
1337
1338/**
1339 * tty_ldisc_flush - flush line discipline queue
1340 * @tty: tty
1341 *
1342 * Flush the line discipline queue (if any) for this tty. If there
1343 * is no line discipline active this is a no-op.
1344 */
1345
1346void tty_ldisc_flush(struct tty_struct *tty)
1347{
1348 struct tty_ldisc *ld = tty_ldisc_ref(tty);
1349 if (ld) {
1350 if (ld->flush_buffer)
1351 ld->flush_buffer(tty);
1352 tty_ldisc_deref(ld);
1353 }
1354 tty_buffer_flush(tty);
1355}
1356
1357EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1358
1359/**
1360 * tty_reset_termios - reset terminal state
1361 * @tty: tty to reset
1362 *
1363 * Restore a terminal to the driver default state
1364 */
1365
1366static void tty_reset_termios(struct tty_struct *tty)
1367{
1368 mutex_lock(&tty->termios_mutex);
1369 *tty->termios = tty->driver->init_termios;
1370 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1371 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1372 mutex_unlock(&tty->termios_mutex);
1373}
1374
1375/**
1376 * do_tty_hangup - actual handler for hangup events
1377 * @work: tty device
1378 *
1379 * This can be called by the "eventd" kernel thread. That is process
1380 * synchronous but doesn't hold any locks, so we need to make sure we
1381 * have the appropriate locks for what we're doing.
1382 *
1383 * The hangup event clears any pending redirections onto the hung up
1384 * device. It ensures future writes will error and it does the needed
1385 * line discipline hangup and signal delivery. The tty object itself
1386 * remains intact.
1387 *
1388 * Locking:
1389 * BKL
1390 * redirect lock for undoing redirection
1391 * file list lock for manipulating list of ttys
1392 * tty_ldisc_lock from called functions
1393 * termios_mutex resetting termios data
1394 * tasklist_lock to walk task list for hangup event
1395 * ->siglock to protect ->signal/->sighand
1396 */
1397static void do_tty_hangup(struct work_struct *work)
1398{
1399 struct tty_struct *tty =
1400 container_of(work, struct tty_struct, hangup_work);
1401 struct file *cons_filp = NULL;
1402 struct file *filp, *f = NULL;
1403 struct task_struct *p;
1404 struct tty_ldisc *ld;
1405 int closecount = 0, n;
1406
1407 if (!tty)
1408 return;
1409
1410 /* inuse_filps is protected by the single kernel lock */
1411 lock_kernel();
1412
1413 spin_lock(&redirect_lock);
1414 if (redirect && redirect->private_data == tty) {
1415 f = redirect;
1416 redirect = NULL;
1417 }
1418 spin_unlock(&redirect_lock);
1419
1420 check_tty_count(tty, "do_tty_hangup");
1421 file_list_lock();
1422 /* This breaks for file handles being sent over AF_UNIX sockets ? */
1423 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1424 if (filp->f_op->write == redirected_tty_write)
1425 cons_filp = filp;
1426 if (filp->f_op->write != tty_write)
1427 continue;
1428 closecount++;
1429 tty_fasync(-1, filp, 0); /* can't block */
1430 filp->f_op = &hung_up_tty_fops;
1431 }
1432 file_list_unlock();
1433 /*
1434 * FIXME! What are the locking issues here? This may me overdoing
1435 * things... This question is especially important now that we've
1436 * removed the irqlock.
1437 */
1438 ld = tty_ldisc_ref(tty);
1439 if (ld != NULL) {
1440 /* We may have no line discipline at this point */
1441 if (ld->flush_buffer)
1442 ld->flush_buffer(tty);
1443 if (tty->driver->flush_buffer)
1444 tty->driver->flush_buffer(tty);
1445 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1446 ld->write_wakeup)
1447 ld->write_wakeup(tty);
1448 if (ld->hangup)
1449 ld->hangup(tty);
1450 }
1451 /*
1452 * FIXME: Once we trust the LDISC code better we can wait here for
1453 * ldisc completion and fix the driver call race
1454 */
1455 wake_up_interruptible(&tty->write_wait);
1456 wake_up_interruptible(&tty->read_wait);
1457 /*
1458 * Shutdown the current line discipline, and reset it to
1459 * N_TTY.
1460 */
1461 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1462 tty_reset_termios(tty);
1463 /* Defer ldisc switch */
1464 /* tty_deferred_ldisc_switch(N_TTY);
1465
1466 This should get done automatically when the port closes and
1467 tty_release is called */
1468
1469 read_lock(&tasklist_lock);
1470 if (tty->session) {
1471 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1472 spin_lock_irq(&p->sighand->siglock);
1473 if (p->signal->tty == tty)
1474 p->signal->tty = NULL;
1475 if (!p->signal->leader) {
1476 spin_unlock_irq(&p->sighand->siglock);
1477 continue;
1478 }
1479 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1480 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1481 put_pid(p->signal->tty_old_pgrp); /* A noop */
1482 if (tty->pgrp)
1483 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1484 spin_unlock_irq(&p->sighand->siglock);
1485 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1486 }
1487 read_unlock(&tasklist_lock);
1488
1489 tty->flags = 0;
1490 put_pid(tty->session);
1491 put_pid(tty->pgrp);
1492 tty->session = NULL;
1493 tty->pgrp = NULL;
1494 tty->ctrl_status = 0;
1495 /*
1496 * If one of the devices matches a console pointer, we
1497 * cannot just call hangup() because that will cause
1498 * tty->count and state->count to go out of sync.
1499 * So we just call close() the right number of times.
1500 */
1501 if (cons_filp) {
1502 if (tty->driver->close)
1503 for (n = 0; n < closecount; n++)
1504 tty->driver->close(tty, cons_filp);
1505 } else if (tty->driver->hangup)
1506 (tty->driver->hangup)(tty);
1507 /*
1508 * We don't want to have driver/ldisc interactions beyond
1509 * the ones we did here. The driver layer expects no
1510 * calls after ->hangup() from the ldisc side. However we
1511 * can't yet guarantee all that.
1512 */
1513 set_bit(TTY_HUPPED, &tty->flags);
1514 if (ld) {
1515 tty_ldisc_enable(tty);
1516 tty_ldisc_deref(ld);
1517 }
1518 unlock_kernel();
1519 if (f)
1520 fput(f);
1521}
1522
1523/**
1524 * tty_hangup - trigger a hangup event
1525 * @tty: tty to hangup
1526 *
1527 * A carrier loss (virtual or otherwise) has occurred on this like
1528 * schedule a hangup sequence to run after this event.
1529 */
1530
1531void tty_hangup(struct tty_struct *tty)
1532{
1533#ifdef TTY_DEBUG_HANGUP
1534 char buf[64];
1535 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1536#endif
1537 schedule_work(&tty->hangup_work);
1538}
1539
1540EXPORT_SYMBOL(tty_hangup);
1541
1542/**
1543 * tty_vhangup - process vhangup
1544 * @tty: tty to hangup
1545 *
1546 * The user has asked via system call for the terminal to be hung up.
1547 * We do this synchronously so that when the syscall returns the process
1548 * is complete. That guarantee is necessary for security reasons.
1549 */
1550
1551void tty_vhangup(struct tty_struct *tty)
1552{
1553#ifdef TTY_DEBUG_HANGUP
1554 char buf[64];
1555
1556 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1557#endif
1558 do_tty_hangup(&tty->hangup_work);
1559}
1560
1561EXPORT_SYMBOL(tty_vhangup);
1562
1563/**
1564 * tty_hung_up_p - was tty hung up
1565 * @filp: file pointer of tty
1566 *
1567 * Return true if the tty has been subject to a vhangup or a carrier
1568 * loss
1569 */
1570
1571int tty_hung_up_p(struct file *filp)
1572{
1573 return (filp->f_op == &hung_up_tty_fops);
1574}
1575
1576EXPORT_SYMBOL(tty_hung_up_p);
1577
1578/**
1579 * is_tty - checker whether file is a TTY
1580 * @filp: file handle that may be a tty
1581 *
1582 * Check if the file handle is a tty handle.
1583 */
1584
1585int is_tty(struct file *filp)
1586{
1587 return filp->f_op->read == tty_read
1588 || filp->f_op->read == hung_up_tty_read;
1589}
1590
1591static void session_clear_tty(struct pid *session)
1592{
1593 struct task_struct *p;
1594 do_each_pid_task(session, PIDTYPE_SID, p) {
1595 proc_clear_tty(p);
1596 } while_each_pid_task(session, PIDTYPE_SID, p);
1597}
1598
1599/**
1600 * disassociate_ctty - disconnect controlling tty
1601 * @on_exit: true if exiting so need to "hang up" the session
1602 *
1603 * This function is typically called only by the session leader, when
1604 * it wants to disassociate itself from its controlling tty.
1605 *
1606 * It performs the following functions:
1607 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1608 * (2) Clears the tty from being controlling the session
1609 * (3) Clears the controlling tty for all processes in the
1610 * session group.
1611 *
1612 * The argument on_exit is set to 1 if called when a process is
1613 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1614 *
1615 * Locking:
1616 * BKL is taken for hysterical raisins
1617 * tty_mutex is taken to protect tty
1618 * ->siglock is taken to protect ->signal/->sighand
1619 * tasklist_lock is taken to walk process list for sessions
1620 * ->siglock is taken to protect ->signal/->sighand
1621 */
1622
1623void disassociate_ctty(int on_exit)
1624{
1625 struct tty_struct *tty;
1626 struct pid *tty_pgrp = NULL;
1627
1628
1629 mutex_lock(&tty_mutex);
1630 tty = get_current_tty();
1631 if (tty) {
1632 tty_pgrp = get_pid(tty->pgrp);
1633 mutex_unlock(&tty_mutex);
1634 lock_kernel();
1635 /* XXX: here we race, there is nothing protecting tty */
1636 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1637 tty_vhangup(tty);
1638 unlock_kernel();
1639 } else if (on_exit) {
1640 struct pid *old_pgrp;
1641 spin_lock_irq(&current->sighand->siglock);
1642 old_pgrp = current->signal->tty_old_pgrp;
1643 current->signal->tty_old_pgrp = NULL;
1644 spin_unlock_irq(&current->sighand->siglock);
1645 if (old_pgrp) {
1646 kill_pgrp(old_pgrp, SIGHUP, on_exit);
1647 kill_pgrp(old_pgrp, SIGCONT, on_exit);
1648 put_pid(old_pgrp);
1649 }
1650 mutex_unlock(&tty_mutex);
1651 return;
1652 }
1653 if (tty_pgrp) {
1654 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1655 if (!on_exit)
1656 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1657 put_pid(tty_pgrp);
1658 }
1659
1660 spin_lock_irq(&current->sighand->siglock);
1661 put_pid(current->signal->tty_old_pgrp);
1662 current->signal->tty_old_pgrp = NULL;
1663 spin_unlock_irq(&current->sighand->siglock);
1664
1665 mutex_lock(&tty_mutex);
1666 /* It is possible that do_tty_hangup has free'd this tty */
1667 tty = get_current_tty();
1668 if (tty) {
1669 put_pid(tty->session);
1670 put_pid(tty->pgrp);
1671 tty->session = NULL;
1672 tty->pgrp = NULL;
1673 } else {
1674#ifdef TTY_DEBUG_HANGUP
1675 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1676 " = NULL", tty);
1677#endif
1678 }
1679 mutex_unlock(&tty_mutex);
1680
1681 /* Now clear signal->tty under the lock */
1682 read_lock(&tasklist_lock);
1683 session_clear_tty(task_session(current));
1684 read_unlock(&tasklist_lock);
1685}
1686
1687/**
1688 *
1689 * no_tty - Ensure the current process does not have a controlling tty
1690 */
1691void no_tty(void)
1692{
1693 struct task_struct *tsk = current;
1694 lock_kernel();
1695 if (tsk->signal->leader)
1696 disassociate_ctty(0);
1697 unlock_kernel();
1698 proc_clear_tty(tsk);
1699}
1700
1701
1702/**
1703 * stop_tty - propagate flow control
1704 * @tty: tty to stop
1705 *
1706 * Perform flow control to the driver. For PTY/TTY pairs we
1707 * must also propagate the TIOCKPKT status. May be called
1708 * on an already stopped device and will not re-call the driver
1709 * method.
1710 *
1711 * This functionality is used by both the line disciplines for
1712 * halting incoming flow and by the driver. It may therefore be
1713 * called from any context, may be under the tty atomic_write_lock
1714 * but not always.
1715 *
1716 * Locking:
1717 * Uses the tty control lock internally
1718 */
1719
1720void stop_tty(struct tty_struct *tty)
1721{
1722 unsigned long flags;
1723 spin_lock_irqsave(&tty->ctrl_lock, flags);
1724 if (tty->stopped) {
1725 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1726 return;
1727 }
1728 tty->stopped = 1;
1729 if (tty->link && tty->link->packet) {
1730 tty->ctrl_status &= ~TIOCPKT_START;
1731 tty->ctrl_status |= TIOCPKT_STOP;
1732 wake_up_interruptible(&tty->link->read_wait);
1733 }
1734 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1735 if (tty->driver->stop)
1736 (tty->driver->stop)(tty);
1737}
1738
1739EXPORT_SYMBOL(stop_tty);
1740
1741/**
1742 * start_tty - propagate flow control
1743 * @tty: tty to start
1744 *
1745 * Start a tty that has been stopped if at all possible. Perform
1746 * any necessary wakeups and propagate the TIOCPKT status. If this
1747 * is the tty was previous stopped and is being started then the
1748 * driver start method is invoked and the line discipline woken.
1749 *
1750 * Locking:
1751 * ctrl_lock
1752 */
1753
1754void start_tty(struct tty_struct *tty)
1755{
1756 unsigned long flags;
1757 spin_lock_irqsave(&tty->ctrl_lock, flags);
1758 if (!tty->stopped || tty->flow_stopped) {
1759 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1760 return;
1761 }
1762 tty->stopped = 0;
1763 if (tty->link && tty->link->packet) {
1764 tty->ctrl_status &= ~TIOCPKT_STOP;
1765 tty->ctrl_status |= TIOCPKT_START;
1766 wake_up_interruptible(&tty->link->read_wait);
1767 }
1768 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1769 if (tty->driver->start)
1770 (tty->driver->start)(tty);
1771 /* If we have a running line discipline it may need kicking */
1772 tty_wakeup(tty);
1773}
1774
1775EXPORT_SYMBOL(start_tty);
1776
1777/**
1778 * tty_read - read method for tty device files
1779 * @file: pointer to tty file
1780 * @buf: user buffer
1781 * @count: size of user buffer
1782 * @ppos: unused
1783 *
1784 * Perform the read system call function on this terminal device. Checks
1785 * for hung up devices before calling the line discipline method.
1786 *
1787 * Locking:
1788 * Locks the line discipline internally while needed
1789 * For historical reasons the line discipline read method is
1790 * invoked under the BKL. This will go away in time so do not rely on it
1791 * in new code. Multiple read calls may be outstanding in parallel.
1792 */
1793
1794static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1795 loff_t *ppos)
1796{
1797 int i;
1798 struct tty_struct *tty;
1799 struct inode *inode;
1800 struct tty_ldisc *ld;
1801
1802 tty = (struct tty_struct *)file->private_data;
1803 inode = file->f_path.dentry->d_inode;
1804 if (tty_paranoia_check(tty, inode, "tty_read"))
1805 return -EIO;
1806 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1807 return -EIO;
1808
1809 /* We want to wait for the line discipline to sort out in this
1810 situation */
1811 ld = tty_ldisc_ref_wait(tty);
1812 if (ld->read)
1813 i = (ld->read)(tty, file, buf, count);
1814 else
1815 i = -EIO;
1816 tty_ldisc_deref(ld);
1817 if (i > 0)
1818 inode->i_atime = current_fs_time(inode->i_sb);
1819 return i;
1820}
1821
1822void tty_write_unlock(struct tty_struct *tty)
1823{
1824 mutex_unlock(&tty->atomic_write_lock);
1825 wake_up_interruptible(&tty->write_wait);
1826}
1827
1828int tty_write_lock(struct tty_struct *tty, int ndelay)
1829{
1830 if (!mutex_trylock(&tty->atomic_write_lock)) {
1831 if (ndelay)
1832 return -EAGAIN;
1833 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1834 return -ERESTARTSYS;
1835 }
1836 return 0;
1837}
1838
1839/*
1840 * Split writes up in sane blocksizes to avoid
1841 * denial-of-service type attacks
1842 */
1843static inline ssize_t do_tty_write(
1844 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1845 struct tty_struct *tty,
1846 struct file *file,
1847 const char __user *buf,
1848 size_t count)
1849{
1850 ssize_t ret, written = 0;
1851 unsigned int chunk;
1852
1853 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1854 if (ret < 0)
1855 return ret;
1856
1857 /*
1858 * We chunk up writes into a temporary buffer. This
1859 * simplifies low-level drivers immensely, since they
1860 * don't have locking issues and user mode accesses.
1861 *
1862 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1863 * big chunk-size..
1864 *
1865 * The default chunk-size is 2kB, because the NTTY
1866 * layer has problems with bigger chunks. It will
1867 * claim to be able to handle more characters than
1868 * it actually does.
1869 *
1870 * FIXME: This can probably go away now except that 64K chunks
1871 * are too likely to fail unless switched to vmalloc...
1872 */
1873 chunk = 2048;
1874 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1875 chunk = 65536;
1876 if (count < chunk)
1877 chunk = count;
1878
1879 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1880 if (tty->write_cnt < chunk) {
1881 unsigned char *buf;
1882
1883 if (chunk < 1024)
1884 chunk = 1024;
1885
1886 buf = kmalloc(chunk, GFP_KERNEL);
1887 if (!buf) {
1888 ret = -ENOMEM;
1889 goto out;
1890 }
1891 kfree(tty->write_buf);
1892 tty->write_cnt = chunk;
1893 tty->write_buf = buf;
1894 }
1895
1896 /* Do the write .. */
1897 for (;;) {
1898 size_t size = count;
1899 if (size > chunk)
1900 size = chunk;
1901 ret = -EFAULT;
1902 if (copy_from_user(tty->write_buf, buf, size))
1903 break;
1904 ret = write(tty, file, tty->write_buf, size);
1905 if (ret <= 0)
1906 break;
1907 written += ret;
1908 buf += ret;
1909 count -= ret;
1910 if (!count)
1911 break;
1912 ret = -ERESTARTSYS;
1913 if (signal_pending(current))
1914 break;
1915 cond_resched();
1916 }
1917 if (written) {
1918 struct inode *inode = file->f_path.dentry->d_inode;
1919 inode->i_mtime = current_fs_time(inode->i_sb);
1920 ret = written;
1921 }
1922out:
1923 tty_write_unlock(tty);
1924 return ret;
1925}
1926
1927
1928/**
1929 * tty_write - write method for tty device file
1930 * @file: tty file pointer
1931 * @buf: user data to write
1932 * @count: bytes to write
1933 * @ppos: unused
1934 *
1935 * Write data to a tty device via the line discipline.
1936 *
1937 * Locking:
1938 * Locks the line discipline as required
1939 * Writes to the tty driver are serialized by the atomic_write_lock
1940 * and are then processed in chunks to the device. The line discipline
1941 * write method will not be involked in parallel for each device
1942 * The line discipline write method is called under the big
1943 * kernel lock for historical reasons. New code should not rely on this.
1944 */
1945
1946static ssize_t tty_write(struct file *file, const char __user *buf,
1947 size_t count, loff_t *ppos)
1948{
1949 struct tty_struct *tty;
1950 struct inode *inode = file->f_path.dentry->d_inode;
1951 ssize_t ret;
1952 struct tty_ldisc *ld;
1953
1954 tty = (struct tty_struct *)file->private_data;
1955 if (tty_paranoia_check(tty, inode, "tty_write"))
1956 return -EIO;
1957 if (!tty || !tty->driver->write ||
1958 (test_bit(TTY_IO_ERROR, &tty->flags)))
1959 return -EIO;
1960
1961 ld = tty_ldisc_ref_wait(tty);
1962 if (!ld->write)
1963 ret = -EIO;
1964 else
1965 ret = do_tty_write(ld->write, tty, file, buf, count);
1966 tty_ldisc_deref(ld);
1967 return ret;
1968}
1969
1970ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1971 size_t count, loff_t *ppos)
1972{
1973 struct file *p = NULL;
1974
1975 spin_lock(&redirect_lock);
1976 if (redirect) {
1977 get_file(redirect);
1978 p = redirect;
1979 }
1980 spin_unlock(&redirect_lock);
1981
1982 if (p) {
1983 ssize_t res;
1984 res = vfs_write(p, buf, count, &p->f_pos);
1985 fput(p);
1986 return res;
1987 }
1988 return tty_write(file, buf, count, ppos);
1989}
1990
1991static char ptychar[] = "pqrstuvwxyzabcde";
1992
1993/**
1994 * pty_line_name - generate name for a pty
1995 * @driver: the tty driver in use
1996 * @index: the minor number
1997 * @p: output buffer of at least 6 bytes
1998 *
1999 * Generate a name from a driver reference and write it to the output
2000 * buffer.
2001 *
2002 * Locking: None
2003 */
2004static void pty_line_name(struct tty_driver *driver, int index, char *p)
2005{
2006 int i = index + driver->name_base;
2007 /* ->name is initialized to "ttyp", but "tty" is expected */
2008 sprintf(p, "%s%c%x",
2009 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
2010 ptychar[i >> 4 & 0xf], i & 0xf);
2011}
2012
2013/**
2014 * pty_line_name - generate name for a tty
2015 * @driver: the tty driver in use
2016 * @index: the minor number
2017 * @p: output buffer of at least 7 bytes
2018 *
2019 * Generate a name from a driver reference and write it to the output
2020 * buffer.
2021 *
2022 * Locking: None
2023 */
2024static void tty_line_name(struct tty_driver *driver, int index, char *p)
2025{
2026 sprintf(p, "%s%d", driver->name, index + driver->name_base);
2027}
2028
2029/**
2030 * init_dev - initialise a tty device
2031 * @driver: tty driver we are opening a device on
2032 * @idx: device index
2033 * @tty: returned tty structure
2034 *
2035 * Prepare a tty device. This may not be a "new" clean device but
2036 * could also be an active device. The pty drivers require special
2037 * handling because of this.
2038 *
2039 * Locking:
2040 * The function is called under the tty_mutex, which
2041 * protects us from the tty struct or driver itself going away.
2042 *
2043 * On exit the tty device has the line discipline attached and
2044 * a reference count of 1. If a pair was created for pty/tty use
2045 * and the other was a pty master then it too has a reference count of 1.
2046 *
2047 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
2048 * failed open. The new code protects the open with a mutex, so it's
2049 * really quite straightforward. The mutex locking can probably be
2050 * relaxed for the (most common) case of reopening a tty.
2051 */
2052
2053static int init_dev(struct tty_driver *driver, int idx,
2054 struct tty_struct **ret_tty)
2055{
2056 struct tty_struct *tty, *o_tty;
2057 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2058 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
2059 int retval = 0;
2060
2061 /* check whether we're reopening an existing tty */
2062 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2063 tty = devpts_get_tty(idx);
2064 /*
2065 * If we don't have a tty here on a slave open, it's because
2066 * the master already started the close process and there's
2067 * no relation between devpts file and tty anymore.
2068 */
2069 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2070 retval = -EIO;
2071 goto end_init;
2072 }
2073 /*
2074 * It's safe from now on because init_dev() is called with
2075 * tty_mutex held and release_dev() won't change tty->count
2076 * or tty->flags without having to grab tty_mutex
2077 */
2078 if (tty && driver->subtype == PTY_TYPE_MASTER)
2079 tty = tty->link;
2080 } else {
2081 tty = driver->ttys[idx];
2082 }
2083 if (tty) goto fast_track;
2084
2085 /*
2086 * First time open is complex, especially for PTY devices.
2087 * This code guarantees that either everything succeeds and the
2088 * TTY is ready for operation, or else the table slots are vacated
2089 * and the allocated memory released. (Except that the termios
2090 * and locked termios may be retained.)
2091 */
2092
2093 if (!try_module_get(driver->owner)) {
2094 retval = -ENODEV;
2095 goto end_init;
2096 }
2097
2098 o_tty = NULL;
2099 tp = o_tp = NULL;
2100 ltp = o_ltp = NULL;
2101
2102 tty = alloc_tty_struct();
2103 if (!tty)
2104 goto fail_no_mem;
2105 initialize_tty_struct(tty);
2106 tty->driver = driver;
2107 tty->index = idx;
2108 tty_line_name(driver, idx, tty->name);
2109
2110 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2111 tp_loc = &tty->termios;
2112 ltp_loc = &tty->termios_locked;
2113 } else {
2114 tp_loc = &driver->termios[idx];
2115 ltp_loc = &driver->termios_locked[idx];
2116 }
2117
2118 if (!*tp_loc) {
2119 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2120 if (!tp)
2121 goto free_mem_out;
2122 *tp = driver->init_termios;
2123 }
2124
2125 if (!*ltp_loc) {
2126 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2127 if (!ltp)
2128 goto free_mem_out;
2129 }
2130
2131 if (driver->type == TTY_DRIVER_TYPE_PTY) {
2132 o_tty = alloc_tty_struct();
2133 if (!o_tty)
2134 goto free_mem_out;
2135 initialize_tty_struct(o_tty);
2136 o_tty->driver = driver->other;
2137 o_tty->index = idx;
2138 tty_line_name(driver->other, idx, o_tty->name);
2139
2140 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2141 o_tp_loc = &o_tty->termios;
2142 o_ltp_loc = &o_tty->termios_locked;
2143 } else {
2144 o_tp_loc = &driver->other->termios[idx];
2145 o_ltp_loc = &driver->other->termios_locked[idx];
2146 }
2147
2148 if (!*o_tp_loc) {
2149 o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2150 if (!o_tp)
2151 goto free_mem_out;
2152 *o_tp = driver->other->init_termios;
2153 }
2154
2155 if (!*o_ltp_loc) {
2156 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2157 if (!o_ltp)
2158 goto free_mem_out;
2159 }
2160
2161 /*
2162 * Everything allocated ... set up the o_tty structure.
2163 */
2164 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
2165 driver->other->ttys[idx] = o_tty;
2166 if (!*o_tp_loc)
2167 *o_tp_loc = o_tp;
2168 if (!*o_ltp_loc)
2169 *o_ltp_loc = o_ltp;
2170 o_tty->termios = *o_tp_loc;
2171 o_tty->termios_locked = *o_ltp_loc;
2172 driver->other->refcount++;
2173 if (driver->subtype == PTY_TYPE_MASTER)
2174 o_tty->count++;
2175
2176 /* Establish the links in both directions */
2177 tty->link = o_tty;
2178 o_tty->link = tty;
2179 }
2180
2181 /*
2182 * All structures have been allocated, so now we install them.
2183 * Failures after this point use release_tty to clean up, so
2184 * there's no need to null out the local pointers.
2185 */
2186 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
2187 driver->ttys[idx] = tty;
2188
2189 if (!*tp_loc)
2190 *tp_loc = tp;
2191 if (!*ltp_loc)
2192 *ltp_loc = ltp;
2193 tty->termios = *tp_loc;
2194 tty->termios_locked = *ltp_loc;
2195 /* Compatibility until drivers always set this */
2196 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2197 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2198 driver->refcount++;
2199 tty->count++;
2200
2201 /*
2202 * Structures all installed ... call the ldisc open routines.
2203 * If we fail here just call release_tty to clean up. No need
2204 * to decrement the use counts, as release_tty doesn't care.
2205 */
2206
2207 if (tty->ldisc.open) {
2208 retval = (tty->ldisc.open)(tty);
2209 if (retval)
2210 goto release_mem_out;
2211 }
2212 if (o_tty && o_tty->ldisc.open) {
2213 retval = (o_tty->ldisc.open)(o_tty);
2214 if (retval) {
2215 if (tty->ldisc.close)
2216 (tty->ldisc.close)(tty);
2217 goto release_mem_out;
2218 }
2219 tty_ldisc_enable(o_tty);
2220 }
2221 tty_ldisc_enable(tty);
2222 goto success;
2223
2224 /*
2225 * This fast open can be used if the tty is already open.
2226 * No memory is allocated, and the only failures are from
2227 * attempting to open a closing tty or attempting multiple
2228 * opens on a pty master.
2229 */
2230fast_track:
2231 if (test_bit(TTY_CLOSING, &tty->flags)) {
2232 retval = -EIO;
2233 goto end_init;
2234 }
2235 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2236 driver->subtype == PTY_TYPE_MASTER) {
2237 /*
2238 * special case for PTY masters: only one open permitted,
2239 * and the slave side open count is incremented as well.
2240 */
2241 if (tty->count) {
2242 retval = -EIO;
2243 goto end_init;
2244 }
2245 tty->link->count++;
2246 }
2247 tty->count++;
2248 tty->driver = driver; /* N.B. why do this every time?? */
2249
2250 /* FIXME */
2251 if (!test_bit(TTY_LDISC, &tty->flags))
2252 printk(KERN_ERR "init_dev but no ldisc\n");
2253success:
2254 *ret_tty = tty;
2255
2256 /* All paths come through here to release the mutex */
2257end_init:
2258 return retval;
2259
2260 /* Release locally allocated memory ... nothing placed in slots */
2261free_mem_out:
2262 kfree(o_tp);
2263 if (o_tty)
2264 free_tty_struct(o_tty);
2265 kfree(ltp);
2266 kfree(tp);
2267 free_tty_struct(tty);
2268
2269fail_no_mem:
2270 module_put(driver->owner);
2271 retval = -ENOMEM;
2272 goto end_init;
2273
2274 /* call the tty release_tty routine to clean out this slot */
2275release_mem_out:
2276 if (printk_ratelimit())
2277 printk(KERN_INFO "init_dev: ldisc open failed, "
2278 "clearing slot %d\n", idx);
2279 release_tty(tty, idx);
2280 goto end_init;
2281}
2282
2283/**
2284 * release_one_tty - release tty structure memory
2285 *
2286 * Releases memory associated with a tty structure, and clears out the
2287 * driver table slots. This function is called when a device is no longer
2288 * in use. It also gets called when setup of a device fails.
2289 *
2290 * Locking:
2291 * tty_mutex - sometimes only
2292 * takes the file list lock internally when working on the list
2293 * of ttys that the driver keeps.
2294 * FIXME: should we require tty_mutex is held here ??
2295 */
2296static void release_one_tty(struct tty_struct *tty, int idx)
2297{
2298 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2299 struct ktermios *tp;
2300
2301 if (!devpts)
2302 tty->driver->ttys[idx] = NULL;
2303
2304 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2305 tp = tty->termios;
2306 if (!devpts)
2307 tty->driver->termios[idx] = NULL;
2308 kfree(tp);
2309
2310 tp = tty->termios_locked;
2311 if (!devpts)
2312 tty->driver->termios_locked[idx] = NULL;
2313 kfree(tp);
2314 }
2315
2316
2317 tty->magic = 0;
2318 tty->driver->refcount--;
2319
2320 file_list_lock();
2321 list_del_init(&tty->tty_files);
2322 file_list_unlock();
2323
2324 free_tty_struct(tty);
2325}
2326
2327/**
2328 * release_tty - release tty structure memory
2329 *
2330 * Release both @tty and a possible linked partner (think pty pair),
2331 * and decrement the refcount of the backing module.
2332 *
2333 * Locking:
2334 * tty_mutex - sometimes only
2335 * takes the file list lock internally when working on the list
2336 * of ttys that the driver keeps.
2337 * FIXME: should we require tty_mutex is held here ??
2338 */
2339static void release_tty(struct tty_struct *tty, int idx)
2340{
2341 struct tty_driver *driver = tty->driver;
2342
2343 if (tty->link)
2344 release_one_tty(tty->link, idx);
2345 release_one_tty(tty, idx);
2346 module_put(driver->owner);
2347}
2348
2349/*
2350 * Even releasing the tty structures is a tricky business.. We have
2351 * to be very careful that the structures are all released at the
2352 * same time, as interrupts might otherwise get the wrong pointers.
2353 *
2354 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2355 * lead to double frees or releasing memory still in use.
2356 */
2357static void release_dev(struct file *filp)
2358{
2359 struct tty_struct *tty, *o_tty;
2360 int pty_master, tty_closing, o_tty_closing, do_sleep;
2361 int devpts;
2362 int idx;
2363 char buf[64];
2364 unsigned long flags;
2365
2366 tty = (struct tty_struct *)filp->private_data;
2367 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2368 "release_dev"))
2369 return;
2370
2371 check_tty_count(tty, "release_dev");
2372
2373 tty_fasync(-1, filp, 0);
2374
2375 idx = tty->index;
2376 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2377 tty->driver->subtype == PTY_TYPE_MASTER);
2378 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2379 o_tty = tty->link;
2380
2381#ifdef TTY_PARANOIA_CHECK
2382 if (idx < 0 || idx >= tty->driver->num) {
2383 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2384 "free (%s)\n", tty->name);
2385 return;
2386 }
2387 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2388 if (tty != tty->driver->ttys[idx]) {
2389 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2390 "for (%s)\n", idx, tty->name);
2391 return;
2392 }
2393 if (tty->termios != tty->driver->termios[idx]) {
2394 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2395 "for (%s)\n",
2396 idx, tty->name);
2397 return;
2398 }
2399 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2400 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2401 "termios_locked for (%s)\n",
2402 idx, tty->name);
2403 return;
2404 }
2405 }
2406#endif
2407
2408#ifdef TTY_DEBUG_HANGUP
2409 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2410 tty_name(tty, buf), tty->count);
2411#endif
2412
2413#ifdef TTY_PARANOIA_CHECK
2414 if (tty->driver->other &&
2415 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2416 if (o_tty != tty->driver->other->ttys[idx]) {
2417 printk(KERN_DEBUG "release_dev: other->table[%d] "
2418 "not o_tty for (%s)\n",
2419 idx, tty->name);
2420 return;
2421 }
2422 if (o_tty->termios != tty->driver->other->termios[idx]) {
2423 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2424 "not o_termios for (%s)\n",
2425 idx, tty->name);
2426 return;
2427 }
2428 if (o_tty->termios_locked !=
2429 tty->driver->other->termios_locked[idx]) {
2430 printk(KERN_DEBUG "release_dev: other->termios_locked["
2431 "%d] not o_termios_locked for (%s)\n",
2432 idx, tty->name);
2433 return;
2434 }
2435 if (o_tty->link != tty) {
2436 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2437 return;
2438 }
2439 }
2440#endif
2441 if (tty->driver->close)
2442 tty->driver->close(tty, filp);
2443
2444 /*
2445 * Sanity check: if tty->count is going to zero, there shouldn't be
2446 * any waiters on tty->read_wait or tty->write_wait. We test the
2447 * wait queues and kick everyone out _before_ actually starting to
2448 * close. This ensures that we won't block while releasing the tty
2449 * structure.
2450 *
2451 * The test for the o_tty closing is necessary, since the master and
2452 * slave sides may close in any order. If the slave side closes out
2453 * first, its count will be one, since the master side holds an open.
2454 * Thus this test wouldn't be triggered at the time the slave closes,
2455 * so we do it now.
2456 *
2457 * Note that it's possible for the tty to be opened again while we're
2458 * flushing out waiters. By recalculating the closing flags before
2459 * each iteration we avoid any problems.
2460 */
2461 while (1) {
2462 /* Guard against races with tty->count changes elsewhere and
2463 opens on /dev/tty */
2464
2465 mutex_lock(&tty_mutex);
2466 tty_closing = tty->count <= 1;
2467 o_tty_closing = o_tty &&
2468 (o_tty->count <= (pty_master ? 1 : 0));
2469 do_sleep = 0;
2470
2471 if (tty_closing) {
2472 if (waitqueue_active(&tty->read_wait)) {
2473 wake_up(&tty->read_wait);
2474 do_sleep++;
2475 }
2476 if (waitqueue_active(&tty->write_wait)) {
2477 wake_up(&tty->write_wait);
2478 do_sleep++;
2479 }
2480 }
2481 if (o_tty_closing) {
2482 if (waitqueue_active(&o_tty->read_wait)) {
2483 wake_up(&o_tty->read_wait);
2484 do_sleep++;
2485 }
2486 if (waitqueue_active(&o_tty->write_wait)) {
2487 wake_up(&o_tty->write_wait);
2488 do_sleep++;
2489 }
2490 }
2491 if (!do_sleep)
2492 break;
2493
2494 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2495 "active!\n", tty_name(tty, buf));
2496 mutex_unlock(&tty_mutex);
2497 schedule();
2498 }
2499
2500 /*
2501 * The closing flags are now consistent with the open counts on
2502 * both sides, and we've completed the last operation that could
2503 * block, so it's safe to proceed with closing.
2504 */
2505 if (pty_master) {
2506 if (--o_tty->count < 0) {
2507 printk(KERN_WARNING "release_dev: bad pty slave count "
2508 "(%d) for %s\n",
2509 o_tty->count, tty_name(o_tty, buf));
2510 o_tty->count = 0;
2511 }
2512 }
2513 if (--tty->count < 0) {
2514 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2515 tty->count, tty_name(tty, buf));
2516 tty->count = 0;
2517 }
2518
2519 /*
2520 * We've decremented tty->count, so we need to remove this file
2521 * descriptor off the tty->tty_files list; this serves two
2522 * purposes:
2523 * - check_tty_count sees the correct number of file descriptors
2524 * associated with this tty.
2525 * - do_tty_hangup no longer sees this file descriptor as
2526 * something that needs to be handled for hangups.
2527 */
2528 file_kill(filp);
2529 filp->private_data = NULL;
2530
2531 /*
2532 * Perform some housekeeping before deciding whether to return.
2533 *
2534 * Set the TTY_CLOSING flag if this was the last open. In the
2535 * case of a pty we may have to wait around for the other side
2536 * to close, and TTY_CLOSING makes sure we can't be reopened.
2537 */
2538 if (tty_closing)
2539 set_bit(TTY_CLOSING, &tty->flags);
2540 if (o_tty_closing)
2541 set_bit(TTY_CLOSING, &o_tty->flags);
2542
2543 /*
2544 * If _either_ side is closing, make sure there aren't any
2545 * processes that still think tty or o_tty is their controlling
2546 * tty.
2547 */
2548 if (tty_closing || o_tty_closing) {
2549 read_lock(&tasklist_lock);
2550 session_clear_tty(tty->session);
2551 if (o_tty)
2552 session_clear_tty(o_tty->session);
2553 read_unlock(&tasklist_lock);
2554 }
2555
2556 mutex_unlock(&tty_mutex);
2557
2558 /* check whether both sides are closing ... */
2559 if (!tty_closing || (o_tty && !o_tty_closing))
2560 return;
2561
2562#ifdef TTY_DEBUG_HANGUP
2563 printk(KERN_DEBUG "freeing tty structure...");
2564#endif
2565 /*
2566 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2567 * kill any delayed work. As this is the final close it does not
2568 * race with the set_ldisc code path.
2569 */
2570 clear_bit(TTY_LDISC, &tty->flags);
2571 cancel_delayed_work(&tty->buf.work);
2572
2573 /*
2574 * Wait for ->hangup_work and ->buf.work handlers to terminate
2575 */
2576
2577 flush_scheduled_work();
2578
2579 /*
2580 * Wait for any short term users (we know they are just driver
2581 * side waiters as the file is closing so user count on the file
2582 * side is zero.
2583 */
2584 spin_lock_irqsave(&tty_ldisc_lock, flags);
2585 while (tty->ldisc.refcount) {
2586 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2587 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2588 spin_lock_irqsave(&tty_ldisc_lock, flags);
2589 }
2590 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2591 /*
2592 * Shutdown the current line discipline, and reset it to N_TTY.
2593 * N.B. why reset ldisc when we're releasing the memory??
2594 *
2595 * FIXME: this MUST get fixed for the new reflocking
2596 */
2597 if (tty->ldisc.close)
2598 (tty->ldisc.close)(tty);
2599 tty_ldisc_put(tty->ldisc.num);
2600
2601 /*
2602 * Switch the line discipline back
2603 */
2604 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2605 tty_set_termios_ldisc(tty, N_TTY);
2606 if (o_tty) {
2607 /* FIXME: could o_tty be in setldisc here ? */
2608 clear_bit(TTY_LDISC, &o_tty->flags);
2609 if (o_tty->ldisc.close)
2610 (o_tty->ldisc.close)(o_tty);
2611 tty_ldisc_put(o_tty->ldisc.num);
2612 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2613 tty_set_termios_ldisc(o_tty, N_TTY);
2614 }
2615 /*
2616 * The release_tty function takes care of the details of clearing
2617 * the slots and preserving the termios structure.
2618 */
2619 release_tty(tty, idx);
2620
2621#ifdef CONFIG_UNIX98_PTYS
2622 /* Make this pty number available for reallocation */
2623 if (devpts) {
2624 mutex_lock(&allocated_ptys_lock);
2625 idr_remove(&allocated_ptys, idx);
2626 mutex_unlock(&allocated_ptys_lock);
2627 }
2628#endif
2629
2630}
2631
2632/**
2633 * tty_open - open a tty device
2634 * @inode: inode of device file
2635 * @filp: file pointer to tty
2636 *
2637 * tty_open and tty_release keep up the tty count that contains the
2638 * number of opens done on a tty. We cannot use the inode-count, as
2639 * different inodes might point to the same tty.
2640 *
2641 * Open-counting is needed for pty masters, as well as for keeping
2642 * track of serial lines: DTR is dropped when the last close happens.
2643 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2644 *
2645 * The termios state of a pty is reset on first open so that
2646 * settings don't persist across reuse.
2647 *
2648 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2649 * tty->count should protect the rest.
2650 * ->siglock protects ->signal/->sighand
2651 */
2652
2653static int tty_open(struct inode *inode, struct file *filp)
2654{
2655 struct tty_struct *tty;
2656 int noctty, retval;
2657 struct tty_driver *driver;
2658 int index;
2659 dev_t device = inode->i_rdev;
2660 unsigned short saved_flags = filp->f_flags;
2661
2662 nonseekable_open(inode, filp);
2663
2664retry_open:
2665 noctty = filp->f_flags & O_NOCTTY;
2666 index = -1;
2667 retval = 0;
2668
2669 mutex_lock(&tty_mutex);
2670
2671 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
2672 tty = get_current_tty();
2673 if (!tty) {
2674 mutex_unlock(&tty_mutex);
2675 return -ENXIO;
2676 }
2677 driver = tty->driver;
2678 index = tty->index;
2679 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2680 /* noctty = 1; */
2681 goto got_driver;
2682 }
2683#ifdef CONFIG_VT
2684 if (device == MKDEV(TTY_MAJOR, 0)) {
2685 extern struct tty_driver *console_driver;
2686 driver = console_driver;
2687 index = fg_console;
2688 noctty = 1;
2689 goto got_driver;
2690 }
2691#endif
2692 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
2693 driver = console_device(&index);
2694 if (driver) {
2695 /* Don't let /dev/console block */
2696 filp->f_flags |= O_NONBLOCK;
2697 noctty = 1;
2698 goto got_driver;
2699 }
2700 mutex_unlock(&tty_mutex);
2701 return -ENODEV;
2702 }
2703
2704 driver = get_tty_driver(device, &index);
2705 if (!driver) {
2706 mutex_unlock(&tty_mutex);
2707 return -ENODEV;
2708 }
2709got_driver:
2710 retval = init_dev(driver, index, &tty);
2711 mutex_unlock(&tty_mutex);
2712 if (retval)
2713 return retval;
2714
2715 filp->private_data = tty;
2716 file_move(filp, &tty->tty_files);
2717 check_tty_count(tty, "tty_open");
2718 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2719 tty->driver->subtype == PTY_TYPE_MASTER)
2720 noctty = 1;
2721#ifdef TTY_DEBUG_HANGUP
2722 printk(KERN_DEBUG "opening %s...", tty->name);
2723#endif
2724 if (!retval) {
2725 if (tty->driver->open)
2726 retval = tty->driver->open(tty, filp);
2727 else
2728 retval = -ENODEV;
2729 }
2730 filp->f_flags = saved_flags;
2731
2732 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2733 !capable(CAP_SYS_ADMIN))
2734 retval = -EBUSY;
2735
2736 if (retval) {
2737#ifdef TTY_DEBUG_HANGUP
2738 printk(KERN_DEBUG "error %d in opening %s...", retval,
2739 tty->name);
2740#endif
2741 release_dev(filp);
2742 if (retval != -ERESTARTSYS)
2743 return retval;
2744 if (signal_pending(current))
2745 return retval;
2746 schedule();
2747 /*
2748 * Need to reset f_op in case a hangup happened.
2749 */
2750 if (filp->f_op == &hung_up_tty_fops)
2751 filp->f_op = &tty_fops;
2752 goto retry_open;
2753 }
2754
2755 mutex_lock(&tty_mutex);
2756 spin_lock_irq(&current->sighand->siglock);
2757 if (!noctty &&
2758 current->signal->leader &&
2759 !current->signal->tty &&
2760 tty->session == NULL)
2761 __proc_set_tty(current, tty);
2762 spin_unlock_irq(&current->sighand->siglock);
2763 mutex_unlock(&tty_mutex);
2764 return 0;
2765}
2766
2767#ifdef CONFIG_UNIX98_PTYS
2768/**
2769 * ptmx_open - open a unix 98 pty master
2770 * @inode: inode of device file
2771 * @filp: file pointer to tty
2772 *
2773 * Allocate a unix98 pty master device from the ptmx driver.
2774 *
2775 * Locking: tty_mutex protects theinit_dev work. tty->count should
2776 * protect the rest.
2777 * allocated_ptys_lock handles the list of free pty numbers
2778 */
2779
2780static int ptmx_open(struct inode *inode, struct file *filp)
2781{
2782 struct tty_struct *tty;
2783 int retval;
2784 int index;
2785 int idr_ret;
2786
2787 nonseekable_open(inode, filp);
2788
2789 /* find a device that is not in use. */
2790 mutex_lock(&allocated_ptys_lock);
2791 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2792 mutex_unlock(&allocated_ptys_lock);
2793 return -ENOMEM;
2794 }
2795 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2796 if (idr_ret < 0) {
2797 mutex_unlock(&allocated_ptys_lock);
2798 if (idr_ret == -EAGAIN)
2799 return -ENOMEM;
2800 return -EIO;
2801 }
2802 if (index >= pty_limit) {
2803 idr_remove(&allocated_ptys, index);
2804 mutex_unlock(&allocated_ptys_lock);
2805 return -EIO;
2806 }
2807 mutex_unlock(&allocated_ptys_lock);
2808
2809 mutex_lock(&tty_mutex);
2810 retval = init_dev(ptm_driver, index, &tty);
2811 mutex_unlock(&tty_mutex);
2812
2813 if (retval)
2814 goto out;
2815
2816 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2817 filp->private_data = tty;
2818 file_move(filp, &tty->tty_files);
2819
2820 retval = -ENOMEM;
2821 if (devpts_pty_new(tty->link))
2822 goto out1;
2823
2824 check_tty_count(tty, "tty_open");
2825 retval = ptm_driver->open(tty, filp);
2826 if (!retval)
2827 return 0;
2828out1:
2829 release_dev(filp);
2830 return retval;
2831out:
2832 mutex_lock(&allocated_ptys_lock);
2833 idr_remove(&allocated_ptys, index);
2834 mutex_unlock(&allocated_ptys_lock);
2835 return retval;
2836}
2837#endif
2838
2839/**
2840 * tty_release - vfs callback for close
2841 * @inode: inode of tty
2842 * @filp: file pointer for handle to tty
2843 *
2844 * Called the last time each file handle is closed that references
2845 * this tty. There may however be several such references.
2846 *
2847 * Locking:
2848 * Takes bkl. See release_dev
2849 */
2850
2851static int tty_release(struct inode *inode, struct file *filp)
2852{
2853 lock_kernel();
2854 release_dev(filp);
2855 unlock_kernel();
2856 return 0;
2857}
2858
2859/**
2860 * tty_poll - check tty status
2861 * @filp: file being polled
2862 * @wait: poll wait structures to update
2863 *
2864 * Call the line discipline polling method to obtain the poll
2865 * status of the device.
2866 *
2867 * Locking: locks called line discipline but ldisc poll method
2868 * may be re-entered freely by other callers.
2869 */
2870
2871static unsigned int tty_poll(struct file *filp, poll_table *wait)
2872{
2873 struct tty_struct *tty;
2874 struct tty_ldisc *ld;
2875 int ret = 0;
2876
2877 tty = (struct tty_struct *)filp->private_data;
2878 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2879 return 0;
2880
2881 ld = tty_ldisc_ref_wait(tty);
2882 if (ld->poll)
2883 ret = (ld->poll)(tty, filp, wait);
2884 tty_ldisc_deref(ld);
2885 return ret;
2886}
2887
2888static int tty_fasync(int fd, struct file *filp, int on)
2889{
2890 struct tty_struct *tty;
2891 int retval;
2892
2893 tty = (struct tty_struct *)filp->private_data;
2894 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2895 return 0;
2896
2897 retval = fasync_helper(fd, filp, on, &tty->fasync);
2898 if (retval <= 0)
2899 return retval;
2900
2901 if (on) {
2902 enum pid_type type;
2903 struct pid *pid;
2904 if (!waitqueue_active(&tty->read_wait))
2905 tty->minimum_to_wake = 1;
2906 if (tty->pgrp) {
2907 pid = tty->pgrp;
2908 type = PIDTYPE_PGID;
2909 } else {
2910 pid = task_pid(current);
2911 type = PIDTYPE_PID;
2912 }
2913 retval = __f_setown(filp, pid, type, 0);
2914 if (retval)
2915 return retval;
2916 } else {
2917 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2918 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2919 }
2920 return 0;
2921}
2922
2923/**
2924 * tiocsti - fake input character
2925 * @tty: tty to fake input into
2926 * @p: pointer to character
2927 *
2928 * Fake input to a tty device. Does the necessary locking and
2929 * input management.
2930 *
2931 * FIXME: does not honour flow control ??
2932 *
2933 * Locking:
2934 * Called functions take tty_ldisc_lock
2935 * current->signal->tty check is safe without locks
2936 *
2937 * FIXME: may race normal receive processing
2938 */
2939
2940static int tiocsti(struct tty_struct *tty, char __user *p)
2941{
2942 char ch, mbz = 0;
2943 struct tty_ldisc *ld;
2944
2945 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2946 return -EPERM;
2947 if (get_user(ch, p))
2948 return -EFAULT;
2949 ld = tty_ldisc_ref_wait(tty);
2950 ld->receive_buf(tty, &ch, &mbz, 1);
2951 tty_ldisc_deref(ld);
2952 return 0;
2953}
2954
2955/**
2956 * tiocgwinsz - implement window query ioctl
2957 * @tty; tty
2958 * @arg: user buffer for result
2959 *
2960 * Copies the kernel idea of the window size into the user buffer.
2961 *
2962 * Locking: tty->termios_mutex is taken to ensure the winsize data
2963 * is consistent.
2964 */
2965
2966static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2967{
2968 int err;
2969
2970 mutex_lock(&tty->termios_mutex);
2971 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2972 mutex_unlock(&tty->termios_mutex);
2973
2974 return err ? -EFAULT: 0;
2975}
2976
2977/**
2978 * tiocswinsz - implement window size set ioctl
2979 * @tty; tty
2980 * @arg: user buffer for result
2981 *
2982 * Copies the user idea of the window size to the kernel. Traditionally
2983 * this is just advisory information but for the Linux console it
2984 * actually has driver level meaning and triggers a VC resize.
2985 *
2986 * Locking:
2987 * Called function use the console_sem is used to ensure we do
2988 * not try and resize the console twice at once.
2989 * The tty->termios_mutex is used to ensure we don't double
2990 * resize and get confused. Lock order - tty->termios_mutex before
2991 * console sem
2992 */
2993
2994static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2995 struct winsize __user *arg)
2996{
2997 struct winsize tmp_ws;
2998
2999 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
3000 return -EFAULT;
3001
3002 mutex_lock(&tty->termios_mutex);
3003 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
3004 goto done;
3005
3006#ifdef CONFIG_VT
3007 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
3008 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
3009 tmp_ws.ws_row)) {
3010 mutex_unlock(&tty->termios_mutex);
3011 return -ENXIO;
3012 }
3013 }
3014#endif
3015 if (tty->pgrp)
3016 kill_pgrp(tty->pgrp, SIGWINCH, 1);
3017 if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
3018 kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
3019 tty->winsize = tmp_ws;
3020 real_tty->winsize = tmp_ws;
3021done:
3022 mutex_unlock(&tty->termios_mutex);
3023 return 0;
3024}
3025
3026/**
3027 * tioccons - allow admin to move logical console
3028 * @file: the file to become console
3029 *
3030 * Allow the adminstrator to move the redirected console device
3031 *
3032 * Locking: uses redirect_lock to guard the redirect information
3033 */
3034
3035static int tioccons(struct file *file)
3036{
3037 if (!capable(CAP_SYS_ADMIN))
3038 return -EPERM;
3039 if (file->f_op->write == redirected_tty_write) {
3040 struct file *f;
3041 spin_lock(&redirect_lock);
3042 f = redirect;
3043 redirect = NULL;
3044 spin_unlock(&redirect_lock);
3045 if (f)
3046 fput(f);
3047 return 0;
3048 }
3049 spin_lock(&redirect_lock);
3050 if (redirect) {
3051 spin_unlock(&redirect_lock);
3052 return -EBUSY;
3053 }
3054 get_file(file);
3055 redirect = file;
3056 spin_unlock(&redirect_lock);
3057 return 0;
3058}
3059
3060/**
3061 * fionbio - non blocking ioctl
3062 * @file: file to set blocking value
3063 * @p: user parameter
3064 *
3065 * Historical tty interfaces had a blocking control ioctl before
3066 * the generic functionality existed. This piece of history is preserved
3067 * in the expected tty API of posix OS's.
3068 *
3069 * Locking: none, the open fle handle ensures it won't go away.
3070 */
3071
3072static int fionbio(struct file *file, int __user *p)
3073{
3074 int nonblock;
3075
3076 if (get_user(nonblock, p))
3077 return -EFAULT;
3078
3079 /* file->f_flags is still BKL protected in the fs layer - vomit */
3080 lock_kernel();
3081 if (nonblock)
3082 file->f_flags |= O_NONBLOCK;
3083 else
3084 file->f_flags &= ~O_NONBLOCK;
3085 unlock_kernel();
3086 return 0;
3087}
3088
3089/**
3090 * tiocsctty - set controlling tty
3091 * @tty: tty structure
3092 * @arg: user argument
3093 *
3094 * This ioctl is used to manage job control. It permits a session
3095 * leader to set this tty as the controlling tty for the session.
3096 *
3097 * Locking:
3098 * Takes tty_mutex() to protect tty instance
3099 * Takes tasklist_lock internally to walk sessions
3100 * Takes ->siglock() when updating signal->tty
3101 */
3102
3103static int tiocsctty(struct tty_struct *tty, int arg)
3104{
3105 int ret = 0;
3106 if (current->signal->leader && (task_session(current) == tty->session))
3107 return ret;
3108
3109 mutex_lock(&tty_mutex);
3110 /*
3111 * The process must be a session leader and
3112 * not have a controlling tty already.
3113 */
3114 if (!current->signal->leader || current->signal->tty) {
3115 ret = -EPERM;
3116 goto unlock;
3117 }
3118
3119 if (tty->session) {
3120 /*
3121 * This tty is already the controlling
3122 * tty for another session group!
3123 */
3124 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
3125 /*
3126 * Steal it away
3127 */
3128 read_lock(&tasklist_lock);
3129 session_clear_tty(tty->session);
3130 read_unlock(&tasklist_lock);
3131 } else {
3132 ret = -EPERM;
3133 goto unlock;
3134 }
3135 }
3136 proc_set_tty(current, tty);
3137unlock:
3138 mutex_unlock(&tty_mutex);
3139 return ret;
3140}
3141
3142/**
3143 * tiocgpgrp - get process group
3144 * @tty: tty passed by user
3145 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3146 * @p: returned pid
3147 *
3148 * Obtain the process group of the tty. If there is no process group
3149 * return an error.
3150 *
3151 * Locking: none. Reference to current->signal->tty is safe.
3152 */
3153
3154static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3155{
3156 /*
3157 * (tty == real_tty) is a cheap way of
3158 * testing if the tty is NOT a master pty.
3159 */
3160 if (tty == real_tty && current->signal->tty != real_tty)
3161 return -ENOTTY;
3162 return put_user(pid_vnr(real_tty->pgrp), p);
3163}
3164
3165/**
3166 * tiocspgrp - attempt to set process group
3167 * @tty: tty passed by user
3168 * @real_tty: tty side device matching tty passed by user
3169 * @p: pid pointer
3170 *
3171 * Set the process group of the tty to the session passed. Only
3172 * permitted where the tty session is our session.
3173 *
3174 * Locking: RCU
3175 */
3176
3177static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3178{
3179 struct pid *pgrp;
3180 pid_t pgrp_nr;
3181 int retval = tty_check_change(real_tty);
3182
3183 if (retval == -EIO)
3184 return -ENOTTY;
3185 if (retval)
3186 return retval;
3187 if (!current->signal->tty ||
3188 (current->signal->tty != real_tty) ||
3189 (real_tty->session != task_session(current)))
3190 return -ENOTTY;
3191 if (get_user(pgrp_nr, p))
3192 return -EFAULT;
3193 if (pgrp_nr < 0)
3194 return -EINVAL;
3195 rcu_read_lock();
3196 pgrp = find_vpid(pgrp_nr);
3197 retval = -ESRCH;
3198 if (!pgrp)
3199 goto out_unlock;
3200 retval = -EPERM;
3201 if (session_of_pgrp(pgrp) != task_session(current))
3202 goto out_unlock;
3203 retval = 0;
3204 put_pid(real_tty->pgrp);
3205 real_tty->pgrp = get_pid(pgrp);
3206out_unlock:
3207 rcu_read_unlock();
3208 return retval;
3209}
3210
3211/**
3212 * tiocgsid - get session id
3213 * @tty: tty passed by user
3214 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3215 * @p: pointer to returned session id
3216 *
3217 * Obtain the session id of the tty. If there is no session
3218 * return an error.
3219 *
3220 * Locking: none. Reference to current->signal->tty is safe.
3221 */
3222
3223static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3224{
3225 /*
3226 * (tty == real_tty) is a cheap way of
3227 * testing if the tty is NOT a master pty.
3228 */
3229 if (tty == real_tty && current->signal->tty != real_tty)
3230 return -ENOTTY;
3231 if (!real_tty->session)
3232 return -ENOTTY;
3233 return put_user(pid_vnr(real_tty->session), p);
3234}
3235
3236/**
3237 * tiocsetd - set line discipline
3238 * @tty: tty device
3239 * @p: pointer to user data
3240 *
3241 * Set the line discipline according to user request.
3242 *
3243 * Locking: see tty_set_ldisc, this function is just a helper
3244 */
3245
3246static int tiocsetd(struct tty_struct *tty, int __user *p)
3247{
3248 int ldisc;
3249 int ret;
3250
3251 if (get_user(ldisc, p))
3252 return -EFAULT;
3253
3254 lock_kernel();
3255 ret = tty_set_ldisc(tty, ldisc);
3256 unlock_kernel();
3257
3258 return ret;
3259}
3260
3261/**
3262 * send_break - performed time break
3263 * @tty: device to break on
3264 * @duration: timeout in mS
3265 *
3266 * Perform a timed break on hardware that lacks its own driver level
3267 * timed break functionality.
3268 *
3269 * Locking:
3270 * atomic_write_lock serializes
3271 *
3272 */
3273
3274static int send_break(struct tty_struct *tty, unsigned int duration)
3275{
3276 int retval = -EINTR;
3277
3278 lock_kernel();
3279 if (tty_write_lock(tty, 0) < 0)
3280 goto out;
3281 tty->driver->break_ctl(tty, -1);
3282 if (!signal_pending(current))
3283 msleep_interruptible(duration);
3284 tty->driver->break_ctl(tty, 0);
3285 tty_write_unlock(tty);
3286 if (!signal_pending(current))
3287 retval = 0;
3288out:
3289 unlock_kernel();
3290 return retval;
3291}
3292
3293/**
3294 * tiocmget - get modem status
3295 * @tty: tty device
3296 * @file: user file pointer
3297 * @p: pointer to result
3298 *
3299 * Obtain the modem status bits from the tty driver if the feature
3300 * is supported. Return -EINVAL if it is not available.
3301 *
3302 * Locking: none (up to the driver)
3303 */
3304
3305static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3306{
3307 int retval = -EINVAL;
3308
3309 if (tty->driver->tiocmget) {
3310 lock_kernel();
3311 retval = tty->driver->tiocmget(tty, file);
3312 unlock_kernel();
3313
3314 if (retval >= 0)
3315 retval = put_user(retval, p);
3316 }
3317 return retval;
3318}
3319
3320/**
3321 * tiocmset - set modem status
3322 * @tty: tty device
3323 * @file: user file pointer
3324 * @cmd: command - clear bits, set bits or set all
3325 * @p: pointer to desired bits
3326 *
3327 * Set the modem status bits from the tty driver if the feature
3328 * is supported. Return -EINVAL if it is not available.
3329 *
3330 * Locking: none (up to the driver)
3331 */
3332
3333static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3334 unsigned __user *p)
3335{
3336 int retval = -EINVAL;
3337
3338 if (tty->driver->tiocmset) {
3339 unsigned int set, clear, val;
3340
3341 retval = get_user(val, p);
3342 if (retval)
3343 return retval;
3344
3345 set = clear = 0;
3346 switch (cmd) {
3347 case TIOCMBIS:
3348 set = val;
3349 break;
3350 case TIOCMBIC:
3351 clear = val;
3352 break;
3353 case TIOCMSET:
3354 set = val;
3355 clear = ~val;
3356 break;
3357 }
3358
3359 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3360 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3361
3362 lock_kernel();
3363 retval = tty->driver->tiocmset(tty, file, set, clear);
3364 unlock_kernel();
3365 }
3366 return retval;
3367}
3368
3369/*
3370 * Split this up, as gcc can choke on it otherwise..
3371 */
3372long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
3373{
3374 struct tty_struct *tty, *real_tty;
3375 void __user *p = (void __user *)arg;
3376 int retval;
3377 struct tty_ldisc *ld;
3378 struct inode *inode = file->f_dentry->d_inode;
3379
3380 tty = (struct tty_struct *)file->private_data;
3381 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3382 return -EINVAL;
3383
3384 real_tty = tty;
3385 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3386 tty->driver->subtype == PTY_TYPE_MASTER)
3387 real_tty = tty->link;
3388
3389 /*
3390 * Break handling by driver
3391 */
3392
3393 retval = -EINVAL;
3394
3395 if (!tty->driver->break_ctl) {
3396 switch (cmd) {
3397 case TIOCSBRK:
3398 case TIOCCBRK:
3399 if (tty->driver->ioctl) {
3400 lock_kernel();
3401 retval = tty->driver->ioctl(tty, file, cmd, arg);
3402 unlock_kernel();
3403 }
3404 return retval;
3405
3406 /* These two ioctl's always return success; even if */
3407 /* the driver doesn't support them. */
3408 case TCSBRK:
3409 case TCSBRKP:
3410 if (!tty->driver->ioctl)
3411 return 0;
3412 lock_kernel();
3413 retval = tty->driver->ioctl(tty, file, cmd, arg);
3414 unlock_kernel();
3415 if (retval == -ENOIOCTLCMD)
3416 retval = 0;
3417 return retval;
3418 }
3419 }
3420
3421 /*
3422 * Factor out some common prep work
3423 */
3424 switch (cmd) {
3425 case TIOCSETD:
3426 case TIOCSBRK:
3427 case TIOCCBRK:
3428 case TCSBRK:
3429 case TCSBRKP:
3430 retval = tty_check_change(tty);
3431 if (retval)
3432 return retval;
3433 if (cmd != TIOCCBRK) {
3434 lock_kernel();
3435 tty_wait_until_sent(tty, 0);
3436 unlock_kernel();
3437 if (signal_pending(current))
3438 return -EINTR;
3439 }
3440 break;
3441 }
3442
3443 switch (cmd) {
3444 case TIOCSTI:
3445 return tiocsti(tty, p);
3446 case TIOCGWINSZ:
3447 return tiocgwinsz(tty, p);
3448 case TIOCSWINSZ:
3449 return tiocswinsz(tty, real_tty, p);
3450 case TIOCCONS:
3451 return real_tty != tty ? -EINVAL : tioccons(file);
3452 case FIONBIO:
3453 return fionbio(file, p);
3454 case TIOCEXCL:
3455 set_bit(TTY_EXCLUSIVE, &tty->flags);
3456 return 0;
3457 case TIOCNXCL:
3458 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3459 return 0;
3460 case TIOCNOTTY:
3461 if (current->signal->tty != tty)
3462 return -ENOTTY;
3463 no_tty();
3464 return 0;
3465 case TIOCSCTTY:
3466 return tiocsctty(tty, arg);
3467 case TIOCGPGRP:
3468 return tiocgpgrp(tty, real_tty, p);
3469 case TIOCSPGRP:
3470 return tiocspgrp(tty, real_tty, p);
3471 case TIOCGSID:
3472 return tiocgsid(tty, real_tty, p);
3473 case TIOCGETD:
3474 /* FIXME: check this is ok */
3475 return put_user(tty->ldisc.num, (int __user *)p);
3476 case TIOCSETD:
3477 return tiocsetd(tty, p);
3478#ifdef CONFIG_VT
3479 case TIOCLINUX:
3480 return tioclinux(tty, arg);
3481#endif
3482 /*
3483 * Break handling
3484 */
3485 case TIOCSBRK: /* Turn break on, unconditionally */
3486 lock_kernel();
3487 tty->driver->break_ctl(tty, -1);
3488 unlock_kernel();
3489 return 0;
3490
3491 case TIOCCBRK: /* Turn break off, unconditionally */
3492 lock_kernel();
3493 tty->driver->break_ctl(tty, 0);
3494 unlock_kernel();
3495 return 0;
3496 case TCSBRK: /* SVID version: non-zero arg --> no break */
3497 /* non-zero arg means wait for all output data
3498 * to be sent (performed above) but don't send break.
3499 * This is used by the tcdrain() termios function.
3500 */
3501 if (!arg)
3502 return send_break(tty, 250);
3503 return 0;
3504 case TCSBRKP: /* support for POSIX tcsendbreak() */
3505 return send_break(tty, arg ? arg*100 : 250);
3506
3507 case TIOCMGET:
3508 return tty_tiocmget(tty, file, p);
3509 case TIOCMSET:
3510 case TIOCMBIC:
3511 case TIOCMBIS:
3512 return tty_tiocmset(tty, file, cmd, p);
3513 case TCFLSH:
3514 switch (arg) {
3515 case TCIFLUSH:
3516 case TCIOFLUSH:
3517 /* flush tty buffer and allow ldisc to process ioctl */
3518 tty_buffer_flush(tty);
3519 break;
3520 }
3521 break;
3522 }
3523 if (tty->driver->ioctl) {
3524 lock_kernel();
3525 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3526 unlock_kernel();
3527 if (retval != -ENOIOCTLCMD)
3528 return retval;
3529 }
3530 ld = tty_ldisc_ref_wait(tty);
3531 retval = -EINVAL;
3532 if (ld->ioctl) {
3533 lock_kernel();
3534 retval = ld->ioctl(tty, file, cmd, arg);
3535 unlock_kernel();
3536 if (retval == -ENOIOCTLCMD)
3537 retval = -EINVAL;
3538 }
3539 tty_ldisc_deref(ld);
3540 return retval;
3541}
3542
3543#ifdef CONFIG_COMPAT
3544static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3545 unsigned long arg)
3546{
3547 struct inode *inode = file->f_dentry->d_inode;
3548 struct tty_struct *tty = file->private_data;
3549 struct tty_ldisc *ld;
3550 int retval = -ENOIOCTLCMD;
3551
3552 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3553 return -EINVAL;
3554
3555 if (tty->driver->compat_ioctl) {
3556 retval = (tty->driver->compat_ioctl)(tty, file, cmd, arg);
3557 if (retval != -ENOIOCTLCMD)
3558 return retval;
3559 }
3560
3561 ld = tty_ldisc_ref_wait(tty);
3562 if (ld->compat_ioctl)
3563 retval = ld->compat_ioctl(tty, file, cmd, arg);
3564 tty_ldisc_deref(ld);
3565
3566 return retval;
3567}
3568#endif
3569
3570/*
3571 * This implements the "Secure Attention Key" --- the idea is to
3572 * prevent trojan horses by killing all processes associated with this
3573 * tty when the user hits the "Secure Attention Key". Required for
3574 * super-paranoid applications --- see the Orange Book for more details.
3575 *
3576 * This code could be nicer; ideally it should send a HUP, wait a few
3577 * seconds, then send a INT, and then a KILL signal. But you then
3578 * have to coordinate with the init process, since all processes associated
3579 * with the current tty must be dead before the new getty is allowed
3580 * to spawn.
3581 *
3582 * Now, if it would be correct ;-/ The current code has a nasty hole -
3583 * it doesn't catch files in flight. We may send the descriptor to ourselves
3584 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3585 *
3586 * Nasty bug: do_SAK is being called in interrupt context. This can
3587 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3588 */
3589void __do_SAK(struct tty_struct *tty)
3590{
3591#ifdef TTY_SOFT_SAK
3592 tty_hangup(tty);
3593#else
3594 struct task_struct *g, *p;
3595 struct pid *session;
3596 int i;
3597 struct file *filp;
3598 struct fdtable *fdt;
3599
3600 if (!tty)
3601 return;
3602 session = tty->session;
3603
3604 tty_ldisc_flush(tty);
3605
3606 if (tty->driver->flush_buffer)
3607 tty->driver->flush_buffer(tty);
3608
3609 read_lock(&tasklist_lock);
3610 /* Kill the entire session */
3611 do_each_pid_task(session, PIDTYPE_SID, p) {
3612 printk(KERN_NOTICE "SAK: killed process %d"
3613 " (%s): task_session_nr(p)==tty->session\n",
3614 task_pid_nr(p), p->comm);
3615 send_sig(SIGKILL, p, 1);
3616 } while_each_pid_task(session, PIDTYPE_SID, p);
3617 /* Now kill any processes that happen to have the
3618 * tty open.
3619 */
3620 do_each_thread(g, p) {
3621 if (p->signal->tty == tty) {
3622 printk(KERN_NOTICE "SAK: killed process %d"
3623 " (%s): task_session_nr(p)==tty->session\n",
3624 task_pid_nr(p), p->comm);
3625 send_sig(SIGKILL, p, 1);
3626 continue;
3627 }
3628 task_lock(p);
3629 if (p->files) {
3630 /*
3631 * We don't take a ref to the file, so we must
3632 * hold ->file_lock instead.
3633 */
3634 spin_lock(&p->files->file_lock);
3635 fdt = files_fdtable(p->files);
3636 for (i = 0; i < fdt->max_fds; i++) {
3637 filp = fcheck_files(p->files, i);
3638 if (!filp)
3639 continue;
3640 if (filp->f_op->read == tty_read &&
3641 filp->private_data == tty) {
3642 printk(KERN_NOTICE "SAK: killed process %d"
3643 " (%s): fd#%d opened to the tty\n",
3644 task_pid_nr(p), p->comm, i);
3645 force_sig(SIGKILL, p);
3646 break;
3647 }
3648 }
3649 spin_unlock(&p->files->file_lock);
3650 }
3651 task_unlock(p);
3652 } while_each_thread(g, p);
3653 read_unlock(&tasklist_lock);
3654#endif
3655}
3656
3657static void do_SAK_work(struct work_struct *work)
3658{
3659 struct tty_struct *tty =
3660 container_of(work, struct tty_struct, SAK_work);
3661 __do_SAK(tty);
3662}
3663
3664/*
3665 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3666 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3667 * the values which we write to it will be identical to the values which it
3668 * already has. --akpm
3669 */
3670void do_SAK(struct tty_struct *tty)
3671{
3672 if (!tty)
3673 return;
3674 schedule_work(&tty->SAK_work);
3675}
3676
3677EXPORT_SYMBOL(do_SAK);
3678
3679/**
3680 * flush_to_ldisc
3681 * @work: tty structure passed from work queue.
3682 *
3683 * This routine is called out of the software interrupt to flush data
3684 * from the buffer chain to the line discipline.
3685 *
3686 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3687 * while invoking the line discipline receive_buf method. The
3688 * receive_buf method is single threaded for each tty instance.
3689 */
3690
3691static void flush_to_ldisc(struct work_struct *work)
3692{
3693 struct tty_struct *tty =
3694 container_of(work, struct tty_struct, buf.work.work);
3695 unsigned long flags;
3696 struct tty_ldisc *disc;
3697 struct tty_buffer *tbuf, *head;
3698 char *char_buf;
3699 unsigned char *flag_buf;
3700
3701 disc = tty_ldisc_ref(tty);
3702 if (disc == NULL) /* !TTY_LDISC */
3703 return;
3704
3705 spin_lock_irqsave(&tty->buf.lock, flags);
3706 /* So we know a flush is running */
3707 set_bit(TTY_FLUSHING, &tty->flags);
3708 head = tty->buf.head;
3709 if (head != NULL) {
3710 tty->buf.head = NULL;
3711 for (;;) {
3712 int count = head->commit - head->read;
3713 if (!count) {
3714 if (head->next == NULL)
3715 break;
3716 tbuf = head;
3717 head = head->next;
3718 tty_buffer_free(tty, tbuf);
3719 continue;
3720 }
3721 /* Ldisc or user is trying to flush the buffers
3722 we are feeding to the ldisc, stop feeding the
3723 line discipline as we want to empty the queue */
3724 if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3725 break;
3726 if (!tty->receive_room) {
3727 schedule_delayed_work(&tty->buf.work, 1);
3728 break;
3729 }
3730 if (count > tty->receive_room)
3731 count = tty->receive_room;
3732 char_buf = head->char_buf_ptr + head->read;
3733 flag_buf = head->flag_buf_ptr + head->read;
3734 head->read += count;
3735 spin_unlock_irqrestore(&tty->buf.lock, flags);
3736 disc->receive_buf(tty, char_buf, flag_buf, count);
3737 spin_lock_irqsave(&tty->buf.lock, flags);
3738 }
3739 /* Restore the queue head */
3740 tty->buf.head = head;
3741 }
3742 /* We may have a deferred request to flush the input buffer,
3743 if so pull the chain under the lock and empty the queue */
3744 if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3745 __tty_buffer_flush(tty);
3746 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3747 wake_up(&tty->read_wait);
3748 }
3749 clear_bit(TTY_FLUSHING, &tty->flags);
3750 spin_unlock_irqrestore(&tty->buf.lock, flags);
3751
3752 tty_ldisc_deref(disc);
3753}
3754
3755/**
3756 * tty_flip_buffer_push - terminal
3757 * @tty: tty to push
3758 *
3759 * Queue a push of the terminal flip buffers to the line discipline. This
3760 * function must not be called from IRQ context if tty->low_latency is set.
3761 *
3762 * In the event of the queue being busy for flipping the work will be
3763 * held off and retried later.
3764 *
3765 * Locking: tty buffer lock. Driver locks in low latency mode.
3766 */
3767
3768void tty_flip_buffer_push(struct tty_struct *tty)
3769{
3770 unsigned long flags;
3771 spin_lock_irqsave(&tty->buf.lock, flags);
3772 if (tty->buf.tail != NULL)
3773 tty->buf.tail->commit = tty->buf.tail->used;
3774 spin_unlock_irqrestore(&tty->buf.lock, flags);
3775
3776 if (tty->low_latency)
3777 flush_to_ldisc(&tty->buf.work.work);
3778 else
3779 schedule_delayed_work(&tty->buf.work, 1);
3780}
3781
3782EXPORT_SYMBOL(tty_flip_buffer_push);
3783
3784
3785/**
3786 * initialize_tty_struct
3787 * @tty: tty to initialize
3788 *
3789 * This subroutine initializes a tty structure that has been newly
3790 * allocated.
3791 *
3792 * Locking: none - tty in question must not be exposed at this point
3793 */
3794
3795static void initialize_tty_struct(struct tty_struct *tty)
3796{
3797 memset(tty, 0, sizeof(struct tty_struct));
3798 tty->magic = TTY_MAGIC;
3799 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3800 tty->session = NULL;
3801 tty->pgrp = NULL;
3802 tty->overrun_time = jiffies;
3803 tty->buf.head = tty->buf.tail = NULL;
3804 tty_buffer_init(tty);
3805 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3806 mutex_init(&tty->termios_mutex);
3807 init_waitqueue_head(&tty->write_wait);
3808 init_waitqueue_head(&tty->read_wait);
3809 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3810 mutex_init(&tty->atomic_read_lock);
3811 mutex_init(&tty->atomic_write_lock);
3812 spin_lock_init(&tty->read_lock);
3813 spin_lock_init(&tty->ctrl_lock);
3814 INIT_LIST_HEAD(&tty->tty_files);
3815 INIT_WORK(&tty->SAK_work, do_SAK_work);
3816}
3817
3818/*
3819 * The default put_char routine if the driver did not define one.
3820 */
3821
3822static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3823{
3824 tty->driver->write(tty, &ch, 1);
3825}
3826
3827static struct class *tty_class;
3828
3829/**
3830 * tty_register_device - register a tty device
3831 * @driver: the tty driver that describes the tty device
3832 * @index: the index in the tty driver for this tty device
3833 * @device: a struct device that is associated with this tty device.
3834 * This field is optional, if there is no known struct device
3835 * for this tty device it can be set to NULL safely.
3836 *
3837 * Returns a pointer to the struct device for this tty device
3838 * (or ERR_PTR(-EFOO) on error).
3839 *
3840 * This call is required to be made to register an individual tty device
3841 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3842 * that bit is not set, this function should not be called by a tty
3843 * driver.
3844 *
3845 * Locking: ??
3846 */
3847
3848struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3849 struct device *device)
3850{
3851 char name[64];
3852 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3853
3854 if (index >= driver->num) {
3855 printk(KERN_ERR "Attempt to register invalid tty line number "
3856 " (%d).\n", index);
3857 return ERR_PTR(-EINVAL);
3858 }
3859
3860 if (driver->type == TTY_DRIVER_TYPE_PTY)
3861 pty_line_name(driver, index, name);
3862 else
3863 tty_line_name(driver, index, name);
3864
3865 return device_create(tty_class, device, dev, name);
3866}
3867
3868/**
3869 * tty_unregister_device - unregister a tty device
3870 * @driver: the tty driver that describes the tty device
3871 * @index: the index in the tty driver for this tty device
3872 *
3873 * If a tty device is registered with a call to tty_register_device() then
3874 * this function must be called when the tty device is gone.
3875 *
3876 * Locking: ??
3877 */
3878
3879void tty_unregister_device(struct tty_driver *driver, unsigned index)
3880{
3881 device_destroy(tty_class,
3882 MKDEV(driver->major, driver->minor_start) + index);
3883}
3884
3885EXPORT_SYMBOL(tty_register_device);
3886EXPORT_SYMBOL(tty_unregister_device);
3887
3888struct tty_driver *alloc_tty_driver(int lines)
3889{
3890 struct tty_driver *driver;
3891
3892 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3893 if (driver) {
3894 driver->magic = TTY_DRIVER_MAGIC;
3895 driver->num = lines;
3896 /* later we'll move allocation of tables here */
3897 }
3898 return driver;
3899}
3900
3901void put_tty_driver(struct tty_driver *driver)
3902{
3903 kfree(driver);
3904}
3905
3906void tty_set_operations(struct tty_driver *driver,
3907 const struct tty_operations *op)
3908{
3909 driver->open = op->open;
3910 driver->close = op->close;
3911 driver->write = op->write;
3912 driver->put_char = op->put_char;
3913 driver->flush_chars = op->flush_chars;
3914 driver->write_room = op->write_room;
3915 driver->chars_in_buffer = op->chars_in_buffer;
3916 driver->ioctl = op->ioctl;
3917 driver->compat_ioctl = op->compat_ioctl;
3918 driver->set_termios = op->set_termios;
3919 driver->throttle = op->throttle;
3920 driver->unthrottle = op->unthrottle;
3921 driver->stop = op->stop;
3922 driver->start = op->start;
3923 driver->hangup = op->hangup;
3924 driver->break_ctl = op->break_ctl;
3925 driver->flush_buffer = op->flush_buffer;
3926 driver->set_ldisc = op->set_ldisc;
3927 driver->wait_until_sent = op->wait_until_sent;
3928 driver->send_xchar = op->send_xchar;
3929 driver->read_proc = op->read_proc;
3930 driver->write_proc = op->write_proc;
3931 driver->tiocmget = op->tiocmget;
3932 driver->tiocmset = op->tiocmset;
3933#ifdef CONFIG_CONSOLE_POLL
3934 driver->poll_init = op->poll_init;
3935 driver->poll_get_char = op->poll_get_char;
3936 driver->poll_put_char = op->poll_put_char;
3937#endif
3938}
3939
3940
3941EXPORT_SYMBOL(alloc_tty_driver);
3942EXPORT_SYMBOL(put_tty_driver);
3943EXPORT_SYMBOL(tty_set_operations);
3944
3945/*
3946 * Called by a tty driver to register itself.
3947 */
3948int tty_register_driver(struct tty_driver *driver)
3949{
3950 int error;
3951 int i;
3952 dev_t dev;
3953 void **p = NULL;
3954
3955 if (driver->flags & TTY_DRIVER_INSTALLED)
3956 return 0;
3957
3958 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3959 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3960 if (!p)
3961 return -ENOMEM;
3962 }
3963
3964 if (!driver->major) {
3965 error = alloc_chrdev_region(&dev, driver->minor_start,
3966 driver->num, driver->name);
3967 if (!error) {
3968 driver->major = MAJOR(dev);
3969 driver->minor_start = MINOR(dev);
3970 }
3971 } else {
3972 dev = MKDEV(driver->major, driver->minor_start);
3973 error = register_chrdev_region(dev, driver->num, driver->name);
3974 }
3975 if (error < 0) {
3976 kfree(p);
3977 return error;
3978 }
3979
3980 if (p) {
3981 driver->ttys = (struct tty_struct **)p;
3982 driver->termios = (struct ktermios **)(p + driver->num);
3983 driver->termios_locked = (struct ktermios **)
3984 (p + driver->num * 2);
3985 } else {
3986 driver->ttys = NULL;
3987 driver->termios = NULL;
3988 driver->termios_locked = NULL;
3989 }
3990
3991 cdev_init(&driver->cdev, &tty_fops);
3992 driver->cdev.owner = driver->owner;
3993 error = cdev_add(&driver->cdev, dev, driver->num);
3994 if (error) {
3995 unregister_chrdev_region(dev, driver->num);
3996 driver->ttys = NULL;
3997 driver->termios = driver->termios_locked = NULL;
3998 kfree(p);
3999 return error;
4000 }
4001
4002 if (!driver->put_char)
4003 driver->put_char = tty_default_put_char;
4004
4005 mutex_lock(&tty_mutex);
4006 list_add(&driver->tty_drivers, &tty_drivers);
4007 mutex_unlock(&tty_mutex);
4008
4009 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
4010 for (i = 0; i < driver->num; i++)
4011 tty_register_device(driver, i, NULL);
4012 }
4013 proc_tty_register_driver(driver);
4014 return 0;
4015}
4016
4017EXPORT_SYMBOL(tty_register_driver);
4018
4019/*
4020 * Called by a tty driver to unregister itself.
4021 */
4022int tty_unregister_driver(struct tty_driver *driver)
4023{
4024 int i;
4025 struct ktermios *tp;
4026 void *p;
4027
4028 if (driver->refcount)
4029 return -EBUSY;
4030
4031 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
4032 driver->num);
4033 mutex_lock(&tty_mutex);
4034 list_del(&driver->tty_drivers);
4035 mutex_unlock(&tty_mutex);
4036
4037 /*
4038 * Free the termios and termios_locked structures because
4039 * we don't want to get memory leaks when modular tty
4040 * drivers are removed from the kernel.
4041 */
4042 for (i = 0; i < driver->num; i++) {
4043 tp = driver->termios[i];
4044 if (tp) {
4045 driver->termios[i] = NULL;
4046 kfree(tp);
4047 }
4048 tp = driver->termios_locked[i];
4049 if (tp) {
4050 driver->termios_locked[i] = NULL;
4051 kfree(tp);
4052 }
4053 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
4054 tty_unregister_device(driver, i);
4055 }
4056 p = driver->ttys;
4057 proc_tty_unregister_driver(driver);
4058 driver->ttys = NULL;
4059 driver->termios = driver->termios_locked = NULL;
4060 kfree(p);
4061 cdev_del(&driver->cdev);
4062 return 0;
4063}
4064EXPORT_SYMBOL(tty_unregister_driver);
4065
4066dev_t tty_devnum(struct tty_struct *tty)
4067{
4068 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
4069}
4070EXPORT_SYMBOL(tty_devnum);
4071
4072void proc_clear_tty(struct task_struct *p)
4073{
4074 spin_lock_irq(&p->sighand->siglock);
4075 p->signal->tty = NULL;
4076 spin_unlock_irq(&p->sighand->siglock);
4077}
4078EXPORT_SYMBOL(proc_clear_tty);
4079
4080static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4081{
4082 if (tty) {
4083 /* We should not have a session or pgrp to here but.... */
4084 put_pid(tty->session);
4085 put_pid(tty->pgrp);
4086 tty->session = get_pid(task_session(tsk));
4087 tty->pgrp = get_pid(task_pgrp(tsk));
4088 }
4089 put_pid(tsk->signal->tty_old_pgrp);
4090 tsk->signal->tty = tty;
4091 tsk->signal->tty_old_pgrp = NULL;
4092}
4093
4094static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4095{
4096 spin_lock_irq(&tsk->sighand->siglock);
4097 __proc_set_tty(tsk, tty);
4098 spin_unlock_irq(&tsk->sighand->siglock);
4099}
4100
4101struct tty_struct *get_current_tty(void)
4102{
4103 struct tty_struct *tty;
4104 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4105 tty = current->signal->tty;
4106 /*
4107 * session->tty can be changed/cleared from under us, make sure we
4108 * issue the load. The obtained pointer, when not NULL, is valid as
4109 * long as we hold tty_mutex.
4110 */
4111 barrier();
4112 return tty;
4113}
4114EXPORT_SYMBOL_GPL(get_current_tty);
4115
4116/*
4117 * Initialize the console device. This is called *early*, so
4118 * we can't necessarily depend on lots of kernel help here.
4119 * Just do some early initializations, and do the complex setup
4120 * later.
4121 */
4122void __init console_init(void)
4123{
4124 initcall_t *call;
4125
4126 /* Setup the default TTY line discipline. */
4127 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4128
4129 /*
4130 * set up the console device so that later boot sequences can
4131 * inform about problems etc..
4132 */
4133 call = __con_initcall_start;
4134 while (call < __con_initcall_end) {
4135 (*call)();
4136 call++;
4137 }
4138}
4139
4140static int __init tty_class_init(void)
4141{
4142 tty_class = class_create(THIS_MODULE, "tty");
4143 if (IS_ERR(tty_class))
4144 return PTR_ERR(tty_class);
4145 return 0;
4146}
4147
4148postcore_initcall(tty_class_init);
4149
4150/* 3/2004 jmc: why do these devices exist? */
4151
4152static struct cdev tty_cdev, console_cdev;
4153#ifdef CONFIG_UNIX98_PTYS
4154static struct cdev ptmx_cdev;
4155#endif
4156#ifdef CONFIG_VT
4157static struct cdev vc0_cdev;
4158#endif
4159
4160/*
4161 * Ok, now we can initialize the rest of the tty devices and can count
4162 * on memory allocations, interrupts etc..
4163 */
4164static int __init tty_init(void)
4165{
4166 cdev_init(&tty_cdev, &tty_fops);
4167 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4168 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4169 panic("Couldn't register /dev/tty driver\n");
4170 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
4171
4172 cdev_init(&console_cdev, &console_fops);
4173 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4174 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4175 panic("Couldn't register /dev/console driver\n");
4176 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
4177
4178#ifdef CONFIG_UNIX98_PTYS
4179 cdev_init(&ptmx_cdev, &ptmx_fops);
4180 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4181 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4182 panic("Couldn't register /dev/ptmx driver\n");
4183 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
4184#endif
4185
4186#ifdef CONFIG_VT
4187 cdev_init(&vc0_cdev, &console_fops);
4188 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4189 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4190 panic("Couldn't register /dev/tty0 driver\n");
4191 device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
4192
4193 vty_init();
4194#endif
4195 return 0;
4196}
4197module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)