projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
tty: Complete ownership transfer of flip buffers
[linux-2.6-block.git] / drivers / tty / tty_io.c
... / ...
CommitLineData
1/*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5/*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67#include <linux/types.h>
68#include <linux/major.h>
69#include <linux/errno.h>
70#include <linux/signal.h>
71#include <linux/fcntl.h>
72#include <linux/sched.h>
73#include <linux/interrupt.h>
74#include <linux/tty.h>
75#include <linux/tty_driver.h>
76#include <linux/tty_flip.h>
77#include <linux/devpts_fs.h>
78#include <linux/file.h>
79#include <linux/fdtable.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/device.h>
92#include <linux/wait.h>
93#include <linux/bitops.h>
94#include <linux/delay.h>
95#include <linux/seq_file.h>
96#include <linux/serial.h>
97#include <linux/ratelimit.h>
98
99#include <linux/uaccess.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
104
105#include <linux/kmod.h>
106#include <linux/nsproxy.h>
107
108#undef TTY_DEBUG_HANGUP
109
110#define TTY_PARANOIA_CHECK 1
111#define CHECK_TTY_COUNT 1
112
113struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
122};
123
124EXPORT_SYMBOL(tty_std_termios);
125
126/* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
129
130LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132/* Mutex to protect creating and releasing a tty. This is shared with
133 vt.c for deeply disgusting hack reasons */
134DEFINE_MUTEX(tty_mutex);
135EXPORT_SYMBOL(tty_mutex);
136
137/* Spinlock to protect the tty->tty_files list */
138DEFINE_SPINLOCK(tty_files_lock);
139
140static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
144static unsigned int tty_poll(struct file *, poll_table *);
145static int tty_open(struct inode *, struct file *);
146long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147#ifdef CONFIG_COMPAT
148static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 unsigned long arg);
150#else
151#define tty_compat_ioctl NULL
152#endif
153static int __tty_fasync(int fd, struct file *filp, int on);
154static int tty_fasync(int fd, struct file *filp, int on);
155static void release_tty(struct tty_struct *tty, int idx);
156static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
157static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
158
159/**
160 * alloc_tty_struct - allocate a tty object
161 *
162 * Return a new empty tty structure. The data fields have not
163 * been initialized in any way but has been zeroed
164 *
165 * Locking: none
166 */
167
168struct tty_struct *alloc_tty_struct(void)
169{
170 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
171}
172
173/**
174 * free_tty_struct - free a disused tty
175 * @tty: tty struct to free
176 *
177 * Free the write buffers, tty queue and tty memory itself.
178 *
179 * Locking: none. Must be called after tty is definitely unused
180 */
181
182void free_tty_struct(struct tty_struct *tty)
183{
184 if (!tty)
185 return;
186 if (tty->dev)
187 put_device(tty->dev);
188 kfree(tty->write_buf);
189 tty->magic = 0xDEADDEAD;
190 kfree(tty);
191}
192
193static inline struct tty_struct *file_tty(struct file *file)
194{
195 return ((struct tty_file_private *)file->private_data)->tty;
196}
197
198int tty_alloc_file(struct file *file)
199{
200 struct tty_file_private *priv;
201
202 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
203 if (!priv)
204 return -ENOMEM;
205
206 file->private_data = priv;
207
208 return 0;
209}
210
211/* Associate a new file with the tty structure */
212void tty_add_file(struct tty_struct *tty, struct file *file)
213{
214 struct tty_file_private *priv = file->private_data;
215
216 priv->tty = tty;
217 priv->file = file;
218
219 spin_lock(&tty_files_lock);
220 list_add(&priv->list, &tty->tty_files);
221 spin_unlock(&tty_files_lock);
222}
223
224/**
225 * tty_free_file - free file->private_data
226 *
227 * This shall be used only for fail path handling when tty_add_file was not
228 * called yet.
229 */
230void tty_free_file(struct file *file)
231{
232 struct tty_file_private *priv = file->private_data;
233
234 file->private_data = NULL;
235 kfree(priv);
236}
237
238/* Delete file from its tty */
239static void tty_del_file(struct file *file)
240{
241 struct tty_file_private *priv = file->private_data;
242
243 spin_lock(&tty_files_lock);
244 list_del(&priv->list);
245 spin_unlock(&tty_files_lock);
246 tty_free_file(file);
247}
248
249
250#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
251
252/**
253 * tty_name - return tty naming
254 * @tty: tty structure
255 * @buf: buffer for output
256 *
257 * Convert a tty structure into a name. The name reflects the kernel
258 * naming policy and if udev is in use may not reflect user space
259 *
260 * Locking: none
261 */
262
263char *tty_name(struct tty_struct *tty, char *buf)
264{
265 if (!tty) /* Hmm. NULL pointer. That's fun. */
266 strcpy(buf, "NULL tty");
267 else
268 strcpy(buf, tty->name);
269 return buf;
270}
271
272EXPORT_SYMBOL(tty_name);
273
274int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
275 const char *routine)
276{
277#ifdef TTY_PARANOIA_CHECK
278 if (!tty) {
279 printk(KERN_WARNING
280 "null TTY for (%d:%d) in %s\n",
281 imajor(inode), iminor(inode), routine);
282 return 1;
283 }
284 if (tty->magic != TTY_MAGIC) {
285 printk(KERN_WARNING
286 "bad magic number for tty struct (%d:%d) in %s\n",
287 imajor(inode), iminor(inode), routine);
288 return 1;
289 }
290#endif
291 return 0;
292}
293
294static int check_tty_count(struct tty_struct *tty, const char *routine)
295{
296#ifdef CHECK_TTY_COUNT
297 struct list_head *p;
298 int count = 0;
299
300 spin_lock(&tty_files_lock);
301 list_for_each(p, &tty->tty_files) {
302 count++;
303 }
304 spin_unlock(&tty_files_lock);
305 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
306 tty->driver->subtype == PTY_TYPE_SLAVE &&
307 tty->link && tty->link->count)
308 count++;
309 if (tty->count != count) {
310 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
311 "!= #fd's(%d) in %s\n",
312 tty->name, tty->count, count, routine);
313 return count;
314 }
315#endif
316 return 0;
317}
318
319/**
320 * get_tty_driver - find device of a tty
321 * @dev_t: device identifier
322 * @index: returns the index of the tty
323 *
324 * This routine returns a tty driver structure, given a device number
325 * and also passes back the index number.
326 *
327 * Locking: caller must hold tty_mutex
328 */
329
330static struct tty_driver *get_tty_driver(dev_t device, int *index)
331{
332 struct tty_driver *p;
333
334 list_for_each_entry(p, &tty_drivers, tty_drivers) {
335 dev_t base = MKDEV(p->major, p->minor_start);
336 if (device < base || device >= base + p->num)
337 continue;
338 *index = device - base;
339 return tty_driver_kref_get(p);
340 }
341 return NULL;
342}
343
344#ifdef CONFIG_CONSOLE_POLL
345
346/**
347 * tty_find_polling_driver - find device of a polled tty
348 * @name: name string to match
349 * @line: pointer to resulting tty line nr
350 *
351 * This routine returns a tty driver structure, given a name
352 * and the condition that the tty driver is capable of polled
353 * operation.
354 */
355struct tty_driver *tty_find_polling_driver(char *name, int *line)
356{
357 struct tty_driver *p, *res = NULL;
358 int tty_line = 0;
359 int len;
360 char *str, *stp;
361
362 for (str = name; *str; str++)
363 if ((*str >= '0' && *str <= '9') || *str == ',')
364 break;
365 if (!*str)
366 return NULL;
367
368 len = str - name;
369 tty_line = simple_strtoul(str, &str, 10);
370
371 mutex_lock(&tty_mutex);
372 /* Search through the tty devices to look for a match */
373 list_for_each_entry(p, &tty_drivers, tty_drivers) {
374 if (strncmp(name, p->name, len) != 0)
375 continue;
376 stp = str;
377 if (*stp == ',')
378 stp++;
379 if (*stp == '\0')
380 stp = NULL;
381
382 if (tty_line >= 0 && tty_line < p->num && p->ops &&
383 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
384 res = tty_driver_kref_get(p);
385 *line = tty_line;
386 break;
387 }
388 }
389 mutex_unlock(&tty_mutex);
390
391 return res;
392}
393EXPORT_SYMBOL_GPL(tty_find_polling_driver);
394#endif
395
396/**
397 * tty_check_change - check for POSIX terminal changes
398 * @tty: tty to check
399 *
400 * If we try to write to, or set the state of, a terminal and we're
401 * not in the foreground, send a SIGTTOU. If the signal is blocked or
402 * ignored, go ahead and perform the operation. (POSIX 7.2)
403 *
404 * Locking: ctrl_lock
405 */
406
407int tty_check_change(struct tty_struct *tty)
408{
409 unsigned long flags;
410 int ret = 0;
411
412 if (current->signal->tty != tty)
413 return 0;
414
415 spin_lock_irqsave(&tty->ctrl_lock, flags);
416
417 if (!tty->pgrp) {
418 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
419 goto out_unlock;
420 }
421 if (task_pgrp(current) == tty->pgrp)
422 goto out_unlock;
423 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
424 if (is_ignored(SIGTTOU))
425 goto out;
426 if (is_current_pgrp_orphaned()) {
427 ret = -EIO;
428 goto out;
429 }
430 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
431 set_thread_flag(TIF_SIGPENDING);
432 ret = -ERESTARTSYS;
433out:
434 return ret;
435out_unlock:
436 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
437 return ret;
438}
439
440EXPORT_SYMBOL(tty_check_change);
441
442static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
443 size_t count, loff_t *ppos)
444{
445 return 0;
446}
447
448static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
449 size_t count, loff_t *ppos)
450{
451 return -EIO;
452}
453
454/* No kernel lock held - none needed ;) */
455static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
456{
457 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
458}
459
460static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
461 unsigned long arg)
462{
463 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
464}
465
466static long hung_up_tty_compat_ioctl(struct file *file,
467 unsigned int cmd, unsigned long arg)
468{
469 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
470}
471
472static const struct file_operations tty_fops = {
473 .llseek = no_llseek,
474 .read = tty_read,
475 .write = tty_write,
476 .poll = tty_poll,
477 .unlocked_ioctl = tty_ioctl,
478 .compat_ioctl = tty_compat_ioctl,
479 .open = tty_open,
480 .release = tty_release,
481 .fasync = tty_fasync,
482};
483
484static const struct file_operations console_fops = {
485 .llseek = no_llseek,
486 .read = tty_read,
487 .write = redirected_tty_write,
488 .poll = tty_poll,
489 .unlocked_ioctl = tty_ioctl,
490 .compat_ioctl = tty_compat_ioctl,
491 .open = tty_open,
492 .release = tty_release,
493 .fasync = tty_fasync,
494};
495
496static const struct file_operations hung_up_tty_fops = {
497 .llseek = no_llseek,
498 .read = hung_up_tty_read,
499 .write = hung_up_tty_write,
500 .poll = hung_up_tty_poll,
501 .unlocked_ioctl = hung_up_tty_ioctl,
502 .compat_ioctl = hung_up_tty_compat_ioctl,
503 .release = tty_release,
504};
505
506static DEFINE_SPINLOCK(redirect_lock);
507static struct file *redirect;
508
509/**
510 * tty_wakeup - request more data
511 * @tty: terminal
512 *
513 * Internal and external helper for wakeups of tty. This function
514 * informs the line discipline if present that the driver is ready
515 * to receive more output data.
516 */
517
518void tty_wakeup(struct tty_struct *tty)
519{
520 struct tty_ldisc *ld;
521
522 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
523 ld = tty_ldisc_ref(tty);
524 if (ld) {
525 if (ld->ops->write_wakeup)
526 ld->ops->write_wakeup(tty);
527 tty_ldisc_deref(ld);
528 }
529 }
530 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
531}
532
533EXPORT_SYMBOL_GPL(tty_wakeup);
534
535/**
536 * tty_signal_session_leader - sends SIGHUP to session leader
537 * @tty controlling tty
538 * @exit_session if non-zero, signal all foreground group processes
539 *
540 * Send SIGHUP and SIGCONT to the session leader and its process group.
541 * Optionally, signal all processes in the foreground process group.
542 *
543 * Returns the number of processes in the session with this tty
544 * as their controlling terminal. This value is used to drop
545 * tty references for those processes.
546 */
547static int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
548{
549 struct task_struct *p;
550 int refs = 0;
551 struct pid *tty_pgrp = NULL;
552
553 read_lock(&tasklist_lock);
554 if (tty->session) {
555 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
556 spin_lock_irq(&p->sighand->siglock);
557 if (p->signal->tty == tty) {
558 p->signal->tty = NULL;
559 /* We defer the dereferences outside fo
560 the tasklist lock */
561 refs++;
562 }
563 if (!p->signal->leader) {
564 spin_unlock_irq(&p->sighand->siglock);
565 continue;
566 }
567 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
568 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
569 put_pid(p->signal->tty_old_pgrp); /* A noop */
570 spin_lock(&tty->ctrl_lock);
571 tty_pgrp = get_pid(tty->pgrp);
572 if (tty->pgrp)
573 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
574 spin_unlock(&tty->ctrl_lock);
575 spin_unlock_irq(&p->sighand->siglock);
576 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
577 }
578 read_unlock(&tasklist_lock);
579
580 if (tty_pgrp) {
581 if (exit_session)
582 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
583 put_pid(tty_pgrp);
584 }
585
586 return refs;
587}
588
589/**
590 * __tty_hangup - actual handler for hangup events
591 * @work: tty device
592 *
593 * This can be called by a "kworker" kernel thread. That is process
594 * synchronous but doesn't hold any locks, so we need to make sure we
595 * have the appropriate locks for what we're doing.
596 *
597 * The hangup event clears any pending redirections onto the hung up
598 * device. It ensures future writes will error and it does the needed
599 * line discipline hangup and signal delivery. The tty object itself
600 * remains intact.
601 *
602 * Locking:
603 * BTM
604 * redirect lock for undoing redirection
605 * file list lock for manipulating list of ttys
606 * tty_ldisc_lock from called functions
607 * termios_mutex resetting termios data
608 * tasklist_lock to walk task list for hangup event
609 * ->siglock to protect ->signal/->sighand
610 */
611static void __tty_hangup(struct tty_struct *tty, int exit_session)
612{
613 struct file *cons_filp = NULL;
614 struct file *filp, *f = NULL;
615 struct tty_file_private *priv;
616 int closecount = 0, n;
617 int refs;
618
619 if (!tty)
620 return;
621
622
623 spin_lock(&redirect_lock);
624 if (redirect && file_tty(redirect) == tty) {
625 f = redirect;
626 redirect = NULL;
627 }
628 spin_unlock(&redirect_lock);
629
630 tty_lock(tty);
631
632 /* some functions below drop BTM, so we need this bit */
633 set_bit(TTY_HUPPING, &tty->flags);
634
635 /* inuse_filps is protected by the single tty lock,
636 this really needs to change if we want to flush the
637 workqueue with the lock held */
638 check_tty_count(tty, "tty_hangup");
639
640 spin_lock(&tty_files_lock);
641 /* This breaks for file handles being sent over AF_UNIX sockets ? */
642 list_for_each_entry(priv, &tty->tty_files, list) {
643 filp = priv->file;
644 if (filp->f_op->write == redirected_tty_write)
645 cons_filp = filp;
646 if (filp->f_op->write != tty_write)
647 continue;
648 closecount++;
649 __tty_fasync(-1, filp, 0); /* can't block */
650 filp->f_op = &hung_up_tty_fops;
651 }
652 spin_unlock(&tty_files_lock);
653
654 refs = tty_signal_session_leader(tty, exit_session);
655 /* Account for the p->signal references we killed */
656 while (refs--)
657 tty_kref_put(tty);
658
659 /*
660 * it drops BTM and thus races with reopen
661 * we protect the race by TTY_HUPPING
662 */
663 tty_ldisc_hangup(tty);
664
665 spin_lock_irq(&tty->ctrl_lock);
666 clear_bit(TTY_THROTTLED, &tty->flags);
667 clear_bit(TTY_PUSH, &tty->flags);
668 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
669 put_pid(tty->session);
670 put_pid(tty->pgrp);
671 tty->session = NULL;
672 tty->pgrp = NULL;
673 tty->ctrl_status = 0;
674 spin_unlock_irq(&tty->ctrl_lock);
675
676 /*
677 * If one of the devices matches a console pointer, we
678 * cannot just call hangup() because that will cause
679 * tty->count and state->count to go out of sync.
680 * So we just call close() the right number of times.
681 */
682 if (cons_filp) {
683 if (tty->ops->close)
684 for (n = 0; n < closecount; n++)
685 tty->ops->close(tty, cons_filp);
686 } else if (tty->ops->hangup)
687 (tty->ops->hangup)(tty);
688 /*
689 * We don't want to have driver/ldisc interactions beyond
690 * the ones we did here. The driver layer expects no
691 * calls after ->hangup() from the ldisc side. However we
692 * can't yet guarantee all that.
693 */
694 set_bit(TTY_HUPPED, &tty->flags);
695 clear_bit(TTY_HUPPING, &tty->flags);
696
697 tty_unlock(tty);
698
699 if (f)
700 fput(f);
701}
702
703static void do_tty_hangup(struct work_struct *work)
704{
705 struct tty_struct *tty =
706 container_of(work, struct tty_struct, hangup_work);
707
708 __tty_hangup(tty, 0);
709}
710
711/**
712 * tty_hangup - trigger a hangup event
713 * @tty: tty to hangup
714 *
715 * A carrier loss (virtual or otherwise) has occurred on this like
716 * schedule a hangup sequence to run after this event.
717 */
718
719void tty_hangup(struct tty_struct *tty)
720{
721#ifdef TTY_DEBUG_HANGUP
722 char buf[64];
723 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
724#endif
725 schedule_work(&tty->hangup_work);
726}
727
728EXPORT_SYMBOL(tty_hangup);
729
730/**
731 * tty_vhangup - process vhangup
732 * @tty: tty to hangup
733 *
734 * The user has asked via system call for the terminal to be hung up.
735 * We do this synchronously so that when the syscall returns the process
736 * is complete. That guarantee is necessary for security reasons.
737 */
738
739void tty_vhangup(struct tty_struct *tty)
740{
741#ifdef TTY_DEBUG_HANGUP
742 char buf[64];
743
744 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
745#endif
746 __tty_hangup(tty, 0);
747}
748
749EXPORT_SYMBOL(tty_vhangup);
750
751
752/**
753 * tty_vhangup_self - process vhangup for own ctty
754 *
755 * Perform a vhangup on the current controlling tty
756 */
757
758void tty_vhangup_self(void)
759{
760 struct tty_struct *tty;
761
762 tty = get_current_tty();
763 if (tty) {
764 tty_vhangup(tty);
765 tty_kref_put(tty);
766 }
767}
768
769/**
770 * tty_vhangup_session - hangup session leader exit
771 * @tty: tty to hangup
772 *
773 * The session leader is exiting and hanging up its controlling terminal.
774 * Every process in the foreground process group is signalled SIGHUP.
775 *
776 * We do this synchronously so that when the syscall returns the process
777 * is complete. That guarantee is necessary for security reasons.
778 */
779
780void tty_vhangup_session(struct tty_struct *tty)
781{
782#ifdef TTY_DEBUG_HANGUP
783 char buf[64];
784
785 printk(KERN_DEBUG "%s vhangup session...\n", tty_name(tty, buf));
786#endif
787 __tty_hangup(tty, 1);
788}
789
790/**
791 * tty_hung_up_p - was tty hung up
792 * @filp: file pointer of tty
793 *
794 * Return true if the tty has been subject to a vhangup or a carrier
795 * loss
796 */
797
798int tty_hung_up_p(struct file *filp)
799{
800 return (filp->f_op == &hung_up_tty_fops);
801}
802
803EXPORT_SYMBOL(tty_hung_up_p);
804
805static void session_clear_tty(struct pid *session)
806{
807 struct task_struct *p;
808 do_each_pid_task(session, PIDTYPE_SID, p) {
809 proc_clear_tty(p);
810 } while_each_pid_task(session, PIDTYPE_SID, p);
811}
812
813/**
814 * disassociate_ctty - disconnect controlling tty
815 * @on_exit: true if exiting so need to "hang up" the session
816 *
817 * This function is typically called only by the session leader, when
818 * it wants to disassociate itself from its controlling tty.
819 *
820 * It performs the following functions:
821 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
822 * (2) Clears the tty from being controlling the session
823 * (3) Clears the controlling tty for all processes in the
824 * session group.
825 *
826 * The argument on_exit is set to 1 if called when a process is
827 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
828 *
829 * Locking:
830 * BTM is taken for hysterical raisins, and held when
831 * called from no_tty().
832 * tty_mutex is taken to protect tty
833 * ->siglock is taken to protect ->signal/->sighand
834 * tasklist_lock is taken to walk process list for sessions
835 * ->siglock is taken to protect ->signal/->sighand
836 */
837
838void disassociate_ctty(int on_exit)
839{
840 struct tty_struct *tty;
841
842 if (!current->signal->leader)
843 return;
844
845 tty = get_current_tty();
846 if (tty) {
847 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
848 tty_vhangup_session(tty);
849 } else {
850 struct pid *tty_pgrp = tty_get_pgrp(tty);
851 if (tty_pgrp) {
852 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
853 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
854 put_pid(tty_pgrp);
855 }
856 }
857 tty_kref_put(tty);
858
859 } else if (on_exit) {
860 struct pid *old_pgrp;
861 spin_lock_irq(&current->sighand->siglock);
862 old_pgrp = current->signal->tty_old_pgrp;
863 current->signal->tty_old_pgrp = NULL;
864 spin_unlock_irq(&current->sighand->siglock);
865 if (old_pgrp) {
866 kill_pgrp(old_pgrp, SIGHUP, on_exit);
867 kill_pgrp(old_pgrp, SIGCONT, on_exit);
868 put_pid(old_pgrp);
869 }
870 return;
871 }
872
873 spin_lock_irq(&current->sighand->siglock);
874 put_pid(current->signal->tty_old_pgrp);
875 current->signal->tty_old_pgrp = NULL;
876 spin_unlock_irq(&current->sighand->siglock);
877
878 tty = get_current_tty();
879 if (tty) {
880 unsigned long flags;
881 spin_lock_irqsave(&tty->ctrl_lock, flags);
882 put_pid(tty->session);
883 put_pid(tty->pgrp);
884 tty->session = NULL;
885 tty->pgrp = NULL;
886 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
887 tty_kref_put(tty);
888 } else {
889#ifdef TTY_DEBUG_HANGUP
890 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
891 " = NULL", tty);
892#endif
893 }
894
895 /* Now clear signal->tty under the lock */
896 read_lock(&tasklist_lock);
897 session_clear_tty(task_session(current));
898 read_unlock(&tasklist_lock);
899}
900
901/**
902 *
903 * no_tty - Ensure the current process does not have a controlling tty
904 */
905void no_tty(void)
906{
907 /* FIXME: Review locking here. The tty_lock never covered any race
908 between a new association and proc_clear_tty but possible we need
909 to protect against this anyway */
910 struct task_struct *tsk = current;
911 disassociate_ctty(0);
912 proc_clear_tty(tsk);
913}
914
915
916/**
917 * stop_tty - propagate flow control
918 * @tty: tty to stop
919 *
920 * Perform flow control to the driver. For PTY/TTY pairs we
921 * must also propagate the TIOCKPKT status. May be called
922 * on an already stopped device and will not re-call the driver
923 * method.
924 *
925 * This functionality is used by both the line disciplines for
926 * halting incoming flow and by the driver. It may therefore be
927 * called from any context, may be under the tty atomic_write_lock
928 * but not always.
929 *
930 * Locking:
931 * Uses the tty control lock internally
932 */
933
934void stop_tty(struct tty_struct *tty)
935{
936 unsigned long flags;
937 spin_lock_irqsave(&tty->ctrl_lock, flags);
938 if (tty->stopped) {
939 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
940 return;
941 }
942 tty->stopped = 1;
943 if (tty->link && tty->link->packet) {
944 tty->ctrl_status &= ~TIOCPKT_START;
945 tty->ctrl_status |= TIOCPKT_STOP;
946 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
947 }
948 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
949 if (tty->ops->stop)
950 (tty->ops->stop)(tty);
951}
952
953EXPORT_SYMBOL(stop_tty);
954
955/**
956 * start_tty - propagate flow control
957 * @tty: tty to start
958 *
959 * Start a tty that has been stopped if at all possible. Perform
960 * any necessary wakeups and propagate the TIOCPKT status. If this
961 * is the tty was previous stopped and is being started then the
962 * driver start method is invoked and the line discipline woken.
963 *
964 * Locking:
965 * ctrl_lock
966 */
967
968void start_tty(struct tty_struct *tty)
969{
970 unsigned long flags;
971 spin_lock_irqsave(&tty->ctrl_lock, flags);
972 if (!tty->stopped || tty->flow_stopped) {
973 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
974 return;
975 }
976 tty->stopped = 0;
977 if (tty->link && tty->link->packet) {
978 tty->ctrl_status &= ~TIOCPKT_STOP;
979 tty->ctrl_status |= TIOCPKT_START;
980 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
981 }
982 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
983 if (tty->ops->start)
984 (tty->ops->start)(tty);
985 /* If we have a running line discipline it may need kicking */
986 tty_wakeup(tty);
987}
988
989EXPORT_SYMBOL(start_tty);
990
991/**
992 * tty_read - read method for tty device files
993 * @file: pointer to tty file
994 * @buf: user buffer
995 * @count: size of user buffer
996 * @ppos: unused
997 *
998 * Perform the read system call function on this terminal device. Checks
999 * for hung up devices before calling the line discipline method.
1000 *
1001 * Locking:
1002 * Locks the line discipline internally while needed. Multiple
1003 * read calls may be outstanding in parallel.
1004 */
1005
1006static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1007 loff_t *ppos)
1008{
1009 int i;
1010 struct tty_struct *tty = file_tty(file);
1011 struct tty_ldisc *ld;
1012
1013 if (tty_paranoia_check(tty, file_inode(file), "tty_read"))
1014 return -EIO;
1015 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1016 return -EIO;
1017
1018 /* We want to wait for the line discipline to sort out in this
1019 situation */
1020 ld = tty_ldisc_ref_wait(tty);
1021 if (ld->ops->read)
1022 i = (ld->ops->read)(tty, file, buf, count);
1023 else
1024 i = -EIO;
1025 tty_ldisc_deref(ld);
1026
1027 return i;
1028}
1029
1030void tty_write_unlock(struct tty_struct *tty)
1031 __releases(&tty->atomic_write_lock)
1032{
1033 mutex_unlock(&tty->atomic_write_lock);
1034 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1035}
1036
1037int tty_write_lock(struct tty_struct *tty, int ndelay)
1038 __acquires(&tty->atomic_write_lock)
1039{
1040 if (!mutex_trylock(&tty->atomic_write_lock)) {
1041 if (ndelay)
1042 return -EAGAIN;
1043 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1044 return -ERESTARTSYS;
1045 }
1046 return 0;
1047}
1048
1049/*
1050 * Split writes up in sane blocksizes to avoid
1051 * denial-of-service type attacks
1052 */
1053static inline ssize_t do_tty_write(
1054 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1055 struct tty_struct *tty,
1056 struct file *file,
1057 const char __user *buf,
1058 size_t count)
1059{
1060 ssize_t ret, written = 0;
1061 unsigned int chunk;
1062
1063 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1064 if (ret < 0)
1065 return ret;
1066
1067 /*
1068 * We chunk up writes into a temporary buffer. This
1069 * simplifies low-level drivers immensely, since they
1070 * don't have locking issues and user mode accesses.
1071 *
1072 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1073 * big chunk-size..
1074 *
1075 * The default chunk-size is 2kB, because the NTTY
1076 * layer has problems with bigger chunks. It will
1077 * claim to be able to handle more characters than
1078 * it actually does.
1079 *
1080 * FIXME: This can probably go away now except that 64K chunks
1081 * are too likely to fail unless switched to vmalloc...
1082 */
1083 chunk = 2048;
1084 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1085 chunk = 65536;
1086 if (count < chunk)
1087 chunk = count;
1088
1089 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1090 if (tty->write_cnt < chunk) {
1091 unsigned char *buf_chunk;
1092
1093 if (chunk < 1024)
1094 chunk = 1024;
1095
1096 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1097 if (!buf_chunk) {
1098 ret = -ENOMEM;
1099 goto out;
1100 }
1101 kfree(tty->write_buf);
1102 tty->write_cnt = chunk;
1103 tty->write_buf = buf_chunk;
1104 }
1105
1106 /* Do the write .. */
1107 for (;;) {
1108 size_t size = count;
1109 if (size > chunk)
1110 size = chunk;
1111 ret = -EFAULT;
1112 if (copy_from_user(tty->write_buf, buf, size))
1113 break;
1114 ret = write(tty, file, tty->write_buf, size);
1115 if (ret <= 0)
1116 break;
1117 written += ret;
1118 buf += ret;
1119 count -= ret;
1120 if (!count)
1121 break;
1122 ret = -ERESTARTSYS;
1123 if (signal_pending(current))
1124 break;
1125 cond_resched();
1126 }
1127 if (written)
1128 ret = written;
1129out:
1130 tty_write_unlock(tty);
1131 return ret;
1132}
1133
1134/**
1135 * tty_write_message - write a message to a certain tty, not just the console.
1136 * @tty: the destination tty_struct
1137 * @msg: the message to write
1138 *
1139 * This is used for messages that need to be redirected to a specific tty.
1140 * We don't put it into the syslog queue right now maybe in the future if
1141 * really needed.
1142 *
1143 * We must still hold the BTM and test the CLOSING flag for the moment.
1144 */
1145
1146void tty_write_message(struct tty_struct *tty, char *msg)
1147{
1148 if (tty) {
1149 mutex_lock(&tty->atomic_write_lock);
1150 tty_lock(tty);
1151 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1152 tty_unlock(tty);
1153 tty->ops->write(tty, msg, strlen(msg));
1154 } else
1155 tty_unlock(tty);
1156 tty_write_unlock(tty);
1157 }
1158 return;
1159}
1160
1161
1162/**
1163 * tty_write - write method for tty device file
1164 * @file: tty file pointer
1165 * @buf: user data to write
1166 * @count: bytes to write
1167 * @ppos: unused
1168 *
1169 * Write data to a tty device via the line discipline.
1170 *
1171 * Locking:
1172 * Locks the line discipline as required
1173 * Writes to the tty driver are serialized by the atomic_write_lock
1174 * and are then processed in chunks to the device. The line discipline
1175 * write method will not be invoked in parallel for each device.
1176 */
1177
1178static ssize_t tty_write(struct file *file, const char __user *buf,
1179 size_t count, loff_t *ppos)
1180{
1181 struct tty_struct *tty = file_tty(file);
1182 struct tty_ldisc *ld;
1183 ssize_t ret;
1184
1185 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1186 return -EIO;
1187 if (!tty || !tty->ops->write ||
1188 (test_bit(TTY_IO_ERROR, &tty->flags)))
1189 return -EIO;
1190 /* Short term debug to catch buggy drivers */
1191 if (tty->ops->write_room == NULL)
1192 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1193 tty->driver->name);
1194 ld = tty_ldisc_ref_wait(tty);
1195 if (!ld->ops->write)
1196 ret = -EIO;
1197 else
1198 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1199 tty_ldisc_deref(ld);
1200 return ret;
1201}
1202
1203ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1204 size_t count, loff_t *ppos)
1205{
1206 struct file *p = NULL;
1207
1208 spin_lock(&redirect_lock);
1209 if (redirect)
1210 p = get_file(redirect);
1211 spin_unlock(&redirect_lock);
1212
1213 if (p) {
1214 ssize_t res;
1215 res = vfs_write(p, buf, count, &p->f_pos);
1216 fput(p);
1217 return res;
1218 }
1219 return tty_write(file, buf, count, ppos);
1220}
1221
1222static char ptychar[] = "pqrstuvwxyzabcde";
1223
1224/**
1225 * pty_line_name - generate name for a pty
1226 * @driver: the tty driver in use
1227 * @index: the minor number
1228 * @p: output buffer of at least 6 bytes
1229 *
1230 * Generate a name from a driver reference and write it to the output
1231 * buffer.
1232 *
1233 * Locking: None
1234 */
1235static void pty_line_name(struct tty_driver *driver, int index, char *p)
1236{
1237 int i = index + driver->name_base;
1238 /* ->name is initialized to "ttyp", but "tty" is expected */
1239 sprintf(p, "%s%c%x",
1240 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1241 ptychar[i >> 4 & 0xf], i & 0xf);
1242}
1243
1244/**
1245 * tty_line_name - generate name for a tty
1246 * @driver: the tty driver in use
1247 * @index: the minor number
1248 * @p: output buffer of at least 7 bytes
1249 *
1250 * Generate a name from a driver reference and write it to the output
1251 * buffer.
1252 *
1253 * Locking: None
1254 */
1255static void tty_line_name(struct tty_driver *driver, int index, char *p)
1256{
1257 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1258 strcpy(p, driver->name);
1259 else
1260 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1261}
1262
1263/**
1264 * tty_driver_lookup_tty() - find an existing tty, if any
1265 * @driver: the driver for the tty
1266 * @idx: the minor number
1267 *
1268 * Return the tty, if found or ERR_PTR() otherwise.
1269 *
1270 * Locking: tty_mutex must be held. If tty is found, the mutex must
1271 * be held until the 'fast-open' is also done. Will change once we
1272 * have refcounting in the driver and per driver locking
1273 */
1274static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1275 struct inode *inode, int idx)
1276{
1277 if (driver->ops->lookup)
1278 return driver->ops->lookup(driver, inode, idx);
1279
1280 return driver->ttys[idx];
1281}
1282
1283/**
1284 * tty_init_termios - helper for termios setup
1285 * @tty: the tty to set up
1286 *
1287 * Initialise the termios structures for this tty. Thus runs under
1288 * the tty_mutex currently so we can be relaxed about ordering.
1289 */
1290
1291int tty_init_termios(struct tty_struct *tty)
1292{
1293 struct ktermios *tp;
1294 int idx = tty->index;
1295
1296 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1297 tty->termios = tty->driver->init_termios;
1298 else {
1299 /* Check for lazy saved data */
1300 tp = tty->driver->termios[idx];
1301 if (tp != NULL)
1302 tty->termios = *tp;
1303 else
1304 tty->termios = tty->driver->init_termios;
1305 }
1306 /* Compatibility until drivers always set this */
1307 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1308 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1309 return 0;
1310}
1311EXPORT_SYMBOL_GPL(tty_init_termios);
1312
1313int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1314{
1315 int ret = tty_init_termios(tty);
1316 if (ret)
1317 return ret;
1318
1319 tty_driver_kref_get(driver);
1320 tty->count++;
1321 driver->ttys[tty->index] = tty;
1322 return 0;
1323}
1324EXPORT_SYMBOL_GPL(tty_standard_install);
1325
1326/**
1327 * tty_driver_install_tty() - install a tty entry in the driver
1328 * @driver: the driver for the tty
1329 * @tty: the tty
1330 *
1331 * Install a tty object into the driver tables. The tty->index field
1332 * will be set by the time this is called. This method is responsible
1333 * for ensuring any need additional structures are allocated and
1334 * configured.
1335 *
1336 * Locking: tty_mutex for now
1337 */
1338static int tty_driver_install_tty(struct tty_driver *driver,
1339 struct tty_struct *tty)
1340{
1341 return driver->ops->install ? driver->ops->install(driver, tty) :
1342 tty_standard_install(driver, tty);
1343}
1344
1345/**
1346 * tty_driver_remove_tty() - remove a tty from the driver tables
1347 * @driver: the driver for the tty
1348 * @idx: the minor number
1349 *
1350 * Remvoe a tty object from the driver tables. The tty->index field
1351 * will be set by the time this is called.
1352 *
1353 * Locking: tty_mutex for now
1354 */
1355void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1356{
1357 if (driver->ops->remove)
1358 driver->ops->remove(driver, tty);
1359 else
1360 driver->ttys[tty->index] = NULL;
1361}
1362
1363/*
1364 * tty_reopen() - fast re-open of an open tty
1365 * @tty - the tty to open
1366 *
1367 * Return 0 on success, -errno on error.
1368 *
1369 * Locking: tty_mutex must be held from the time the tty was found
1370 * till this open completes.
1371 */
1372static int tty_reopen(struct tty_struct *tty)
1373{
1374 struct tty_driver *driver = tty->driver;
1375
1376 if (test_bit(TTY_CLOSING, &tty->flags) ||
1377 test_bit(TTY_HUPPING, &tty->flags) ||
1378 test_bit(TTY_LDISC_CHANGING, &tty->flags))
1379 return -EIO;
1380
1381 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1382 driver->subtype == PTY_TYPE_MASTER) {
1383 /*
1384 * special case for PTY masters: only one open permitted,
1385 * and the slave side open count is incremented as well.
1386 */
1387 if (tty->count)
1388 return -EIO;
1389
1390 tty->link->count++;
1391 }
1392 tty->count++;
1393
1394 mutex_lock(&tty->ldisc_mutex);
1395 WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1396 mutex_unlock(&tty->ldisc_mutex);
1397
1398 return 0;
1399}
1400
1401/**
1402 * tty_init_dev - initialise a tty device
1403 * @driver: tty driver we are opening a device on
1404 * @idx: device index
1405 * @ret_tty: returned tty structure
1406 *
1407 * Prepare a tty device. This may not be a "new" clean device but
1408 * could also be an active device. The pty drivers require special
1409 * handling because of this.
1410 *
1411 * Locking:
1412 * The function is called under the tty_mutex, which
1413 * protects us from the tty struct or driver itself going away.
1414 *
1415 * On exit the tty device has the line discipline attached and
1416 * a reference count of 1. If a pair was created for pty/tty use
1417 * and the other was a pty master then it too has a reference count of 1.
1418 *
1419 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1420 * failed open. The new code protects the open with a mutex, so it's
1421 * really quite straightforward. The mutex locking can probably be
1422 * relaxed for the (most common) case of reopening a tty.
1423 */
1424
1425struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1426{
1427 struct tty_struct *tty;
1428 int retval;
1429
1430 /*
1431 * First time open is complex, especially for PTY devices.
1432 * This code guarantees that either everything succeeds and the
1433 * TTY is ready for operation, or else the table slots are vacated
1434 * and the allocated memory released. (Except that the termios
1435 * and locked termios may be retained.)
1436 */
1437
1438 if (!try_module_get(driver->owner))
1439 return ERR_PTR(-ENODEV);
1440
1441 tty = alloc_tty_struct();
1442 if (!tty) {
1443 retval = -ENOMEM;
1444 goto err_module_put;
1445 }
1446 initialize_tty_struct(tty, driver, idx);
1447
1448 tty_lock(tty);
1449 retval = tty_driver_install_tty(driver, tty);
1450 if (retval < 0)
1451 goto err_deinit_tty;
1452
1453 if (!tty->port)
1454 tty->port = driver->ports[idx];
1455
1456 WARN_RATELIMIT(!tty->port,
1457 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1458 __func__, tty->driver->name);
1459
1460 tty->port->itty = tty;
1461
1462 /*
1463 * Structures all installed ... call the ldisc open routines.
1464 * If we fail here just call release_tty to clean up. No need
1465 * to decrement the use counts, as release_tty doesn't care.
1466 */
1467 retval = tty_ldisc_setup(tty, tty->link);
1468 if (retval)
1469 goto err_release_tty;
1470 /* Return the tty locked so that it cannot vanish under the caller */
1471 return tty;
1472
1473err_deinit_tty:
1474 tty_unlock(tty);
1475 deinitialize_tty_struct(tty);
1476 free_tty_struct(tty);
1477err_module_put:
1478 module_put(driver->owner);
1479 return ERR_PTR(retval);
1480
1481 /* call the tty release_tty routine to clean out this slot */
1482err_release_tty:
1483 tty_unlock(tty);
1484 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1485 "clearing slot %d\n", idx);
1486 release_tty(tty, idx);
1487 return ERR_PTR(retval);
1488}
1489
1490void tty_free_termios(struct tty_struct *tty)
1491{
1492 struct ktermios *tp;
1493 int idx = tty->index;
1494
1495 /* If the port is going to reset then it has no termios to save */
1496 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1497 return;
1498
1499 /* Stash the termios data */
1500 tp = tty->driver->termios[idx];
1501 if (tp == NULL) {
1502 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1503 if (tp == NULL) {
1504 pr_warn("tty: no memory to save termios state.\n");
1505 return;
1506 }
1507 tty->driver->termios[idx] = tp;
1508 }
1509 *tp = tty->termios;
1510}
1511EXPORT_SYMBOL(tty_free_termios);
1512
1513
1514/**
1515 * release_one_tty - release tty structure memory
1516 * @kref: kref of tty we are obliterating
1517 *
1518 * Releases memory associated with a tty structure, and clears out the
1519 * driver table slots. This function is called when a device is no longer
1520 * in use. It also gets called when setup of a device fails.
1521 *
1522 * Locking:
1523 * takes the file list lock internally when working on the list
1524 * of ttys that the driver keeps.
1525 *
1526 * This method gets called from a work queue so that the driver private
1527 * cleanup ops can sleep (needed for USB at least)
1528 */
1529static void release_one_tty(struct work_struct *work)
1530{
1531 struct tty_struct *tty =
1532 container_of(work, struct tty_struct, hangup_work);
1533 struct tty_driver *driver = tty->driver;
1534
1535 if (tty->ops->cleanup)
1536 tty->ops->cleanup(tty);
1537
1538 tty->magic = 0;
1539 tty_driver_kref_put(driver);
1540 module_put(driver->owner);
1541
1542 spin_lock(&tty_files_lock);
1543 list_del_init(&tty->tty_files);
1544 spin_unlock(&tty_files_lock);
1545
1546 put_pid(tty->pgrp);
1547 put_pid(tty->session);
1548 free_tty_struct(tty);
1549}
1550
1551static void queue_release_one_tty(struct kref *kref)
1552{
1553 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1554
1555 /* The hangup queue is now free so we can reuse it rather than
1556 waste a chunk of memory for each port */
1557 INIT_WORK(&tty->hangup_work, release_one_tty);
1558 schedule_work(&tty->hangup_work);
1559}
1560
1561/**
1562 * tty_kref_put - release a tty kref
1563 * @tty: tty device
1564 *
1565 * Release a reference to a tty device and if need be let the kref
1566 * layer destruct the object for us
1567 */
1568
1569void tty_kref_put(struct tty_struct *tty)
1570{
1571 if (tty)
1572 kref_put(&tty->kref, queue_release_one_tty);
1573}
1574EXPORT_SYMBOL(tty_kref_put);
1575
1576/**
1577 * release_tty - release tty structure memory
1578 *
1579 * Release both @tty and a possible linked partner (think pty pair),
1580 * and decrement the refcount of the backing module.
1581 *
1582 * Locking:
1583 * tty_mutex
1584 * takes the file list lock internally when working on the list
1585 * of ttys that the driver keeps.
1586 *
1587 */
1588static void release_tty(struct tty_struct *tty, int idx)
1589{
1590 /* This should always be true but check for the moment */
1591 WARN_ON(tty->index != idx);
1592 WARN_ON(!mutex_is_locked(&tty_mutex));
1593 if (tty->ops->shutdown)
1594 tty->ops->shutdown(tty);
1595 tty_free_termios(tty);
1596 tty_driver_remove_tty(tty->driver, tty);
1597 tty->port->itty = NULL;
1598 cancel_work_sync(&tty->port->buf.work);
1599
1600 if (tty->link)
1601 tty_kref_put(tty->link);
1602 tty_kref_put(tty);
1603}
1604
1605/**
1606 * tty_release_checks - check a tty before real release
1607 * @tty: tty to check
1608 * @o_tty: link of @tty (if any)
1609 * @idx: index of the tty
1610 *
1611 * Performs some paranoid checking before true release of the @tty.
1612 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1613 */
1614static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1615 int idx)
1616{
1617#ifdef TTY_PARANOIA_CHECK
1618 if (idx < 0 || idx >= tty->driver->num) {
1619 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1620 __func__, tty->name);
1621 return -1;
1622 }
1623
1624 /* not much to check for devpts */
1625 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1626 return 0;
1627
1628 if (tty != tty->driver->ttys[idx]) {
1629 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1630 __func__, idx, tty->name);
1631 return -1;
1632 }
1633 if (tty->driver->other) {
1634 if (o_tty != tty->driver->other->ttys[idx]) {
1635 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1636 __func__, idx, tty->name);
1637 return -1;
1638 }
1639 if (o_tty->link != tty) {
1640 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1641 return -1;
1642 }
1643 }
1644#endif
1645 return 0;
1646}
1647
1648/**
1649 * tty_release - vfs callback for close
1650 * @inode: inode of tty
1651 * @filp: file pointer for handle to tty
1652 *
1653 * Called the last time each file handle is closed that references
1654 * this tty. There may however be several such references.
1655 *
1656 * Locking:
1657 * Takes bkl. See tty_release_dev
1658 *
1659 * Even releasing the tty structures is a tricky business.. We have
1660 * to be very careful that the structures are all released at the
1661 * same time, as interrupts might otherwise get the wrong pointers.
1662 *
1663 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1664 * lead to double frees or releasing memory still in use.
1665 */
1666
1667int tty_release(struct inode *inode, struct file *filp)
1668{
1669 struct tty_struct *tty = file_tty(filp);
1670 struct tty_struct *o_tty;
1671 int pty_master, tty_closing, o_tty_closing, do_sleep;
1672 int idx;
1673 char buf[64];
1674
1675 if (tty_paranoia_check(tty, inode, __func__))
1676 return 0;
1677
1678 tty_lock(tty);
1679 check_tty_count(tty, __func__);
1680
1681 __tty_fasync(-1, filp, 0);
1682
1683 idx = tty->index;
1684 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1685 tty->driver->subtype == PTY_TYPE_MASTER);
1686 /* Review: parallel close */
1687 o_tty = tty->link;
1688
1689 if (tty_release_checks(tty, o_tty, idx)) {
1690 tty_unlock(tty);
1691 return 0;
1692 }
1693
1694#ifdef TTY_DEBUG_HANGUP
1695 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1696 tty_name(tty, buf), tty->count);
1697#endif
1698
1699 if (tty->ops->close)
1700 tty->ops->close(tty, filp);
1701
1702 tty_unlock(tty);
1703 /*
1704 * Sanity check: if tty->count is going to zero, there shouldn't be
1705 * any waiters on tty->read_wait or tty->write_wait. We test the
1706 * wait queues and kick everyone out _before_ actually starting to
1707 * close. This ensures that we won't block while releasing the tty
1708 * structure.
1709 *
1710 * The test for the o_tty closing is necessary, since the master and
1711 * slave sides may close in any order. If the slave side closes out
1712 * first, its count will be one, since the master side holds an open.
1713 * Thus this test wouldn't be triggered at the time the slave closes,
1714 * so we do it now.
1715 *
1716 * Note that it's possible for the tty to be opened again while we're
1717 * flushing out waiters. By recalculating the closing flags before
1718 * each iteration we avoid any problems.
1719 */
1720 while (1) {
1721 /* Guard against races with tty->count changes elsewhere and
1722 opens on /dev/tty */
1723
1724 mutex_lock(&tty_mutex);
1725 tty_lock_pair(tty, o_tty);
1726 tty_closing = tty->count <= 1;
1727 o_tty_closing = o_tty &&
1728 (o_tty->count <= (pty_master ? 1 : 0));
1729 do_sleep = 0;
1730
1731 if (tty_closing) {
1732 if (waitqueue_active(&tty->read_wait)) {
1733 wake_up_poll(&tty->read_wait, POLLIN);
1734 do_sleep++;
1735 }
1736 if (waitqueue_active(&tty->write_wait)) {
1737 wake_up_poll(&tty->write_wait, POLLOUT);
1738 do_sleep++;
1739 }
1740 }
1741 if (o_tty_closing) {
1742 if (waitqueue_active(&o_tty->read_wait)) {
1743 wake_up_poll(&o_tty->read_wait, POLLIN);
1744 do_sleep++;
1745 }
1746 if (waitqueue_active(&o_tty->write_wait)) {
1747 wake_up_poll(&o_tty->write_wait, POLLOUT);
1748 do_sleep++;
1749 }
1750 }
1751 if (!do_sleep)
1752 break;
1753
1754 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1755 __func__, tty_name(tty, buf));
1756 tty_unlock_pair(tty, o_tty);
1757 mutex_unlock(&tty_mutex);
1758 schedule();
1759 }
1760
1761 /*
1762 * The closing flags are now consistent with the open counts on
1763 * both sides, and we've completed the last operation that could
1764 * block, so it's safe to proceed with closing.
1765 *
1766 * We must *not* drop the tty_mutex until we ensure that a further
1767 * entry into tty_open can not pick up this tty.
1768 */
1769 if (pty_master) {
1770 if (--o_tty->count < 0) {
1771 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1772 __func__, o_tty->count, tty_name(o_tty, buf));
1773 o_tty->count = 0;
1774 }
1775 }
1776 if (--tty->count < 0) {
1777 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1778 __func__, tty->count, tty_name(tty, buf));
1779 tty->count = 0;
1780 }
1781
1782 /*
1783 * We've decremented tty->count, so we need to remove this file
1784 * descriptor off the tty->tty_files list; this serves two
1785 * purposes:
1786 * - check_tty_count sees the correct number of file descriptors
1787 * associated with this tty.
1788 * - do_tty_hangup no longer sees this file descriptor as
1789 * something that needs to be handled for hangups.
1790 */
1791 tty_del_file(filp);
1792
1793 /*
1794 * Perform some housekeeping before deciding whether to return.
1795 *
1796 * Set the TTY_CLOSING flag if this was the last open. In the
1797 * case of a pty we may have to wait around for the other side
1798 * to close, and TTY_CLOSING makes sure we can't be reopened.
1799 */
1800 if (tty_closing)
1801 set_bit(TTY_CLOSING, &tty->flags);
1802 if (o_tty_closing)
1803 set_bit(TTY_CLOSING, &o_tty->flags);
1804
1805 /*
1806 * If _either_ side is closing, make sure there aren't any
1807 * processes that still think tty or o_tty is their controlling
1808 * tty.
1809 */
1810 if (tty_closing || o_tty_closing) {
1811 read_lock(&tasklist_lock);
1812 session_clear_tty(tty->session);
1813 if (o_tty)
1814 session_clear_tty(o_tty->session);
1815 read_unlock(&tasklist_lock);
1816 }
1817
1818 mutex_unlock(&tty_mutex);
1819 tty_unlock_pair(tty, o_tty);
1820 /* At this point the TTY_CLOSING flag should ensure a dead tty
1821 cannot be re-opened by a racing opener */
1822
1823 /* check whether both sides are closing ... */
1824 if (!tty_closing || (o_tty && !o_tty_closing))
1825 return 0;
1826
1827#ifdef TTY_DEBUG_HANGUP
1828 printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__);
1829#endif
1830 /*
1831 * Ask the line discipline code to release its structures
1832 */
1833 tty_ldisc_release(tty, o_tty);
1834 /*
1835 * The release_tty function takes care of the details of clearing
1836 * the slots and preserving the termios structure. The tty_unlock_pair
1837 * should be safe as we keep a kref while the tty is locked (so the
1838 * unlock never unlocks a freed tty).
1839 */
1840 mutex_lock(&tty_mutex);
1841 release_tty(tty, idx);
1842 mutex_unlock(&tty_mutex);
1843
1844 return 0;
1845}
1846
1847/**
1848 * tty_open_current_tty - get tty of current task for open
1849 * @device: device number
1850 * @filp: file pointer to tty
1851 * @return: tty of the current task iff @device is /dev/tty
1852 *
1853 * We cannot return driver and index like for the other nodes because
1854 * devpts will not work then. It expects inodes to be from devpts FS.
1855 *
1856 * We need to move to returning a refcounted object from all the lookup
1857 * paths including this one.
1858 */
1859static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1860{
1861 struct tty_struct *tty;
1862
1863 if (device != MKDEV(TTYAUX_MAJOR, 0))
1864 return NULL;
1865
1866 tty = get_current_tty();
1867 if (!tty)
1868 return ERR_PTR(-ENXIO);
1869
1870 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1871 /* noctty = 1; */
1872 tty_kref_put(tty);
1873 /* FIXME: we put a reference and return a TTY! */
1874 /* This is only safe because the caller holds tty_mutex */
1875 return tty;
1876}
1877
1878/**
1879 * tty_lookup_driver - lookup a tty driver for a given device file
1880 * @device: device number
1881 * @filp: file pointer to tty
1882 * @noctty: set if the device should not become a controlling tty
1883 * @index: index for the device in the @return driver
1884 * @return: driver for this inode (with increased refcount)
1885 *
1886 * If @return is not erroneous, the caller is responsible to decrement the
1887 * refcount by tty_driver_kref_put.
1888 *
1889 * Locking: tty_mutex protects get_tty_driver
1890 */
1891static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1892 int *noctty, int *index)
1893{
1894 struct tty_driver *driver;
1895
1896 switch (device) {
1897#ifdef CONFIG_VT
1898 case MKDEV(TTY_MAJOR, 0): {
1899 extern struct tty_driver *console_driver;
1900 driver = tty_driver_kref_get(console_driver);
1901 *index = fg_console;
1902 *noctty = 1;
1903 break;
1904 }
1905#endif
1906 case MKDEV(TTYAUX_MAJOR, 1): {
1907 struct tty_driver *console_driver = console_device(index);
1908 if (console_driver) {
1909 driver = tty_driver_kref_get(console_driver);
1910 if (driver) {
1911 /* Don't let /dev/console block */
1912 filp->f_flags |= O_NONBLOCK;
1913 *noctty = 1;
1914 break;
1915 }
1916 }
1917 return ERR_PTR(-ENODEV);
1918 }
1919 default:
1920 driver = get_tty_driver(device, index);
1921 if (!driver)
1922 return ERR_PTR(-ENODEV);
1923 break;
1924 }
1925 return driver;
1926}
1927
1928/**
1929 * tty_open - open a tty device
1930 * @inode: inode of device file
1931 * @filp: file pointer to tty
1932 *
1933 * tty_open and tty_release keep up the tty count that contains the
1934 * number of opens done on a tty. We cannot use the inode-count, as
1935 * different inodes might point to the same tty.
1936 *
1937 * Open-counting is needed for pty masters, as well as for keeping
1938 * track of serial lines: DTR is dropped when the last close happens.
1939 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1940 *
1941 * The termios state of a pty is reset on first open so that
1942 * settings don't persist across reuse.
1943 *
1944 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
1945 * tty->count should protect the rest.
1946 * ->siglock protects ->signal/->sighand
1947 *
1948 * Note: the tty_unlock/lock cases without a ref are only safe due to
1949 * tty_mutex
1950 */
1951
1952static int tty_open(struct inode *inode, struct file *filp)
1953{
1954 struct tty_struct *tty;
1955 int noctty, retval;
1956 struct tty_driver *driver = NULL;
1957 int index;
1958 dev_t device = inode->i_rdev;
1959 unsigned saved_flags = filp->f_flags;
1960
1961 nonseekable_open(inode, filp);
1962
1963retry_open:
1964 retval = tty_alloc_file(filp);
1965 if (retval)
1966 return -ENOMEM;
1967
1968 noctty = filp->f_flags & O_NOCTTY;
1969 index = -1;
1970 retval = 0;
1971
1972 mutex_lock(&tty_mutex);
1973 /* This is protected by the tty_mutex */
1974 tty = tty_open_current_tty(device, filp);
1975 if (IS_ERR(tty)) {
1976 retval = PTR_ERR(tty);
1977 goto err_unlock;
1978 } else if (!tty) {
1979 driver = tty_lookup_driver(device, filp, &noctty, &index);
1980 if (IS_ERR(driver)) {
1981 retval = PTR_ERR(driver);
1982 goto err_unlock;
1983 }
1984
1985 /* check whether we're reopening an existing tty */
1986 tty = tty_driver_lookup_tty(driver, inode, index);
1987 if (IS_ERR(tty)) {
1988 retval = PTR_ERR(tty);
1989 goto err_unlock;
1990 }
1991 }
1992
1993 if (tty) {
1994 tty_lock(tty);
1995 retval = tty_reopen(tty);
1996 if (retval < 0) {
1997 tty_unlock(tty);
1998 tty = ERR_PTR(retval);
1999 }
2000 } else /* Returns with the tty_lock held for now */
2001 tty = tty_init_dev(driver, index);
2002
2003 mutex_unlock(&tty_mutex);
2004 if (driver)
2005 tty_driver_kref_put(driver);
2006 if (IS_ERR(tty)) {
2007 retval = PTR_ERR(tty);
2008 goto err_file;
2009 }
2010
2011 tty_add_file(tty, filp);
2012
2013 check_tty_count(tty, __func__);
2014 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2015 tty->driver->subtype == PTY_TYPE_MASTER)
2016 noctty = 1;
2017#ifdef TTY_DEBUG_HANGUP
2018 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
2019#endif
2020 if (tty->ops->open)
2021 retval = tty->ops->open(tty, filp);
2022 else
2023 retval = -ENODEV;
2024 filp->f_flags = saved_flags;
2025
2026 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2027 !capable(CAP_SYS_ADMIN))
2028 retval = -EBUSY;
2029
2030 if (retval) {
2031#ifdef TTY_DEBUG_HANGUP
2032 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
2033 retval, tty->name);
2034#endif
2035 tty_unlock(tty); /* need to call tty_release without BTM */
2036 tty_release(inode, filp);
2037 if (retval != -ERESTARTSYS)
2038 return retval;
2039
2040 if (signal_pending(current))
2041 return retval;
2042
2043 schedule();
2044 /*
2045 * Need to reset f_op in case a hangup happened.
2046 */
2047 if (filp->f_op == &hung_up_tty_fops)
2048 filp->f_op = &tty_fops;
2049 goto retry_open;
2050 }
2051 tty_unlock(tty);
2052
2053
2054 mutex_lock(&tty_mutex);
2055 tty_lock(tty);
2056 spin_lock_irq(&current->sighand->siglock);
2057 if (!noctty &&
2058 current->signal->leader &&
2059 !current->signal->tty &&
2060 tty->session == NULL)
2061 __proc_set_tty(current, tty);
2062 spin_unlock_irq(&current->sighand->siglock);
2063 tty_unlock(tty);
2064 mutex_unlock(&tty_mutex);
2065 return 0;
2066err_unlock:
2067 mutex_unlock(&tty_mutex);
2068 /* after locks to avoid deadlock */
2069 if (!IS_ERR_OR_NULL(driver))
2070 tty_driver_kref_put(driver);
2071err_file:
2072 tty_free_file(filp);
2073 return retval;
2074}
2075
2076
2077
2078/**
2079 * tty_poll - check tty status
2080 * @filp: file being polled
2081 * @wait: poll wait structures to update
2082 *
2083 * Call the line discipline polling method to obtain the poll
2084 * status of the device.
2085 *
2086 * Locking: locks called line discipline but ldisc poll method
2087 * may be re-entered freely by other callers.
2088 */
2089
2090static unsigned int tty_poll(struct file *filp, poll_table *wait)
2091{
2092 struct tty_struct *tty = file_tty(filp);
2093 struct tty_ldisc *ld;
2094 int ret = 0;
2095
2096 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2097 return 0;
2098
2099 ld = tty_ldisc_ref_wait(tty);
2100 if (ld->ops->poll)
2101 ret = (ld->ops->poll)(tty, filp, wait);
2102 tty_ldisc_deref(ld);
2103 return ret;
2104}
2105
2106static int __tty_fasync(int fd, struct file *filp, int on)
2107{
2108 struct tty_struct *tty = file_tty(filp);
2109 unsigned long flags;
2110 int retval = 0;
2111
2112 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2113 goto out;
2114
2115 retval = fasync_helper(fd, filp, on, &tty->fasync);
2116 if (retval <= 0)
2117 goto out;
2118
2119 if (on) {
2120 enum pid_type type;
2121 struct pid *pid;
2122 if (!waitqueue_active(&tty->read_wait))
2123 tty->minimum_to_wake = 1;
2124 spin_lock_irqsave(&tty->ctrl_lock, flags);
2125 if (tty->pgrp) {
2126 pid = tty->pgrp;
2127 type = PIDTYPE_PGID;
2128 } else {
2129 pid = task_pid(current);
2130 type = PIDTYPE_PID;
2131 }
2132 get_pid(pid);
2133 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2134 retval = __f_setown(filp, pid, type, 0);
2135 put_pid(pid);
2136 if (retval)
2137 goto out;
2138 } else {
2139 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2140 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2141 }
2142 retval = 0;
2143out:
2144 return retval;
2145}
2146
2147static int tty_fasync(int fd, struct file *filp, int on)
2148{
2149 struct tty_struct *tty = file_tty(filp);
2150 int retval;
2151
2152 tty_lock(tty);
2153 retval = __tty_fasync(fd, filp, on);
2154 tty_unlock(tty);
2155
2156 return retval;
2157}
2158
2159/**
2160 * tiocsti - fake input character
2161 * @tty: tty to fake input into
2162 * @p: pointer to character
2163 *
2164 * Fake input to a tty device. Does the necessary locking and
2165 * input management.
2166 *
2167 * FIXME: does not honour flow control ??
2168 *
2169 * Locking:
2170 * Called functions take tty_ldisc_lock
2171 * current->signal->tty check is safe without locks
2172 *
2173 * FIXME: may race normal receive processing
2174 */
2175
2176static int tiocsti(struct tty_struct *tty, char __user *p)
2177{
2178 char ch, mbz = 0;
2179 struct tty_ldisc *ld;
2180
2181 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2182 return -EPERM;
2183 if (get_user(ch, p))
2184 return -EFAULT;
2185 tty_audit_tiocsti(tty, ch);
2186 ld = tty_ldisc_ref_wait(tty);
2187 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2188 tty_ldisc_deref(ld);
2189 return 0;
2190}
2191
2192/**
2193 * tiocgwinsz - implement window query ioctl
2194 * @tty; tty
2195 * @arg: user buffer for result
2196 *
2197 * Copies the kernel idea of the window size into the user buffer.
2198 *
2199 * Locking: tty->termios_mutex is taken to ensure the winsize data
2200 * is consistent.
2201 */
2202
2203static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2204{
2205 int err;
2206
2207 mutex_lock(&tty->termios_mutex);
2208 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2209 mutex_unlock(&tty->termios_mutex);
2210
2211 return err ? -EFAULT: 0;
2212}
2213
2214/**
2215 * tty_do_resize - resize event
2216 * @tty: tty being resized
2217 * @rows: rows (character)
2218 * @cols: cols (character)
2219 *
2220 * Update the termios variables and send the necessary signals to
2221 * peform a terminal resize correctly
2222 */
2223
2224int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2225{
2226 struct pid *pgrp;
2227 unsigned long flags;
2228
2229 /* Lock the tty */
2230 mutex_lock(&tty->termios_mutex);
2231 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2232 goto done;
2233 /* Get the PID values and reference them so we can
2234 avoid holding the tty ctrl lock while sending signals */
2235 spin_lock_irqsave(&tty->ctrl_lock, flags);
2236 pgrp = get_pid(tty->pgrp);
2237 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2238
2239 if (pgrp)
2240 kill_pgrp(pgrp, SIGWINCH, 1);
2241 put_pid(pgrp);
2242
2243 tty->winsize = *ws;
2244done:
2245 mutex_unlock(&tty->termios_mutex);
2246 return 0;
2247}
2248EXPORT_SYMBOL(tty_do_resize);
2249
2250/**
2251 * tiocswinsz - implement window size set ioctl
2252 * @tty; tty side of tty
2253 * @arg: user buffer for result
2254 *
2255 * Copies the user idea of the window size to the kernel. Traditionally
2256 * this is just advisory information but for the Linux console it
2257 * actually has driver level meaning and triggers a VC resize.
2258 *
2259 * Locking:
2260 * Driver dependent. The default do_resize method takes the
2261 * tty termios mutex and ctrl_lock. The console takes its own lock
2262 * then calls into the default method.
2263 */
2264
2265static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2266{
2267 struct winsize tmp_ws;
2268 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2269 return -EFAULT;
2270
2271 if (tty->ops->resize)
2272 return tty->ops->resize(tty, &tmp_ws);
2273 else
2274 return tty_do_resize(tty, &tmp_ws);
2275}
2276
2277/**
2278 * tioccons - allow admin to move logical console
2279 * @file: the file to become console
2280 *
2281 * Allow the administrator to move the redirected console device
2282 *
2283 * Locking: uses redirect_lock to guard the redirect information
2284 */
2285
2286static int tioccons(struct file *file)
2287{
2288 if (!capable(CAP_SYS_ADMIN))
2289 return -EPERM;
2290 if (file->f_op->write == redirected_tty_write) {
2291 struct file *f;
2292 spin_lock(&redirect_lock);
2293 f = redirect;
2294 redirect = NULL;
2295 spin_unlock(&redirect_lock);
2296 if (f)
2297 fput(f);
2298 return 0;
2299 }
2300 spin_lock(&redirect_lock);
2301 if (redirect) {
2302 spin_unlock(&redirect_lock);
2303 return -EBUSY;
2304 }
2305 redirect = get_file(file);
2306 spin_unlock(&redirect_lock);
2307 return 0;
2308}
2309
2310/**
2311 * fionbio - non blocking ioctl
2312 * @file: file to set blocking value
2313 * @p: user parameter
2314 *
2315 * Historical tty interfaces had a blocking control ioctl before
2316 * the generic functionality existed. This piece of history is preserved
2317 * in the expected tty API of posix OS's.
2318 *
2319 * Locking: none, the open file handle ensures it won't go away.
2320 */
2321
2322static int fionbio(struct file *file, int __user *p)
2323{
2324 int nonblock;
2325
2326 if (get_user(nonblock, p))
2327 return -EFAULT;
2328
2329 spin_lock(&file->f_lock);
2330 if (nonblock)
2331 file->f_flags |= O_NONBLOCK;
2332 else
2333 file->f_flags &= ~O_NONBLOCK;
2334 spin_unlock(&file->f_lock);
2335 return 0;
2336}
2337
2338/**
2339 * tiocsctty - set controlling tty
2340 * @tty: tty structure
2341 * @arg: user argument
2342 *
2343 * This ioctl is used to manage job control. It permits a session
2344 * leader to set this tty as the controlling tty for the session.
2345 *
2346 * Locking:
2347 * Takes tty_mutex() to protect tty instance
2348 * Takes tasklist_lock internally to walk sessions
2349 * Takes ->siglock() when updating signal->tty
2350 */
2351
2352static int tiocsctty(struct tty_struct *tty, int arg)
2353{
2354 int ret = 0;
2355 if (current->signal->leader && (task_session(current) == tty->session))
2356 return ret;
2357
2358 mutex_lock(&tty_mutex);
2359 /*
2360 * The process must be a session leader and
2361 * not have a controlling tty already.
2362 */
2363 if (!current->signal->leader || current->signal->tty) {
2364 ret = -EPERM;
2365 goto unlock;
2366 }
2367
2368 if (tty->session) {
2369 /*
2370 * This tty is already the controlling
2371 * tty for another session group!
2372 */
2373 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2374 /*
2375 * Steal it away
2376 */
2377 read_lock(&tasklist_lock);
2378 session_clear_tty(tty->session);
2379 read_unlock(&tasklist_lock);
2380 } else {
2381 ret = -EPERM;
2382 goto unlock;
2383 }
2384 }
2385 proc_set_tty(current, tty);
2386unlock:
2387 mutex_unlock(&tty_mutex);
2388 return ret;
2389}
2390
2391/**
2392 * tty_get_pgrp - return a ref counted pgrp pid
2393 * @tty: tty to read
2394 *
2395 * Returns a refcounted instance of the pid struct for the process
2396 * group controlling the tty.
2397 */
2398
2399struct pid *tty_get_pgrp(struct tty_struct *tty)
2400{
2401 unsigned long flags;
2402 struct pid *pgrp;
2403
2404 spin_lock_irqsave(&tty->ctrl_lock, flags);
2405 pgrp = get_pid(tty->pgrp);
2406 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2407
2408 return pgrp;
2409}
2410EXPORT_SYMBOL_GPL(tty_get_pgrp);
2411
2412/**
2413 * tiocgpgrp - get process group
2414 * @tty: tty passed by user
2415 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2416 * @p: returned pid
2417 *
2418 * Obtain the process group of the tty. If there is no process group
2419 * return an error.
2420 *
2421 * Locking: none. Reference to current->signal->tty is safe.
2422 */
2423
2424static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2425{
2426 struct pid *pid;
2427 int ret;
2428 /*
2429 * (tty == real_tty) is a cheap way of
2430 * testing if the tty is NOT a master pty.
2431 */
2432 if (tty == real_tty && current->signal->tty != real_tty)
2433 return -ENOTTY;
2434 pid = tty_get_pgrp(real_tty);
2435 ret = put_user(pid_vnr(pid), p);
2436 put_pid(pid);
2437 return ret;
2438}
2439
2440/**
2441 * tiocspgrp - attempt to set process group
2442 * @tty: tty passed by user
2443 * @real_tty: tty side device matching tty passed by user
2444 * @p: pid pointer
2445 *
2446 * Set the process group of the tty to the session passed. Only
2447 * permitted where the tty session is our session.
2448 *
2449 * Locking: RCU, ctrl lock
2450 */
2451
2452static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2453{
2454 struct pid *pgrp;
2455 pid_t pgrp_nr;
2456 int retval = tty_check_change(real_tty);
2457 unsigned long flags;
2458
2459 if (retval == -EIO)
2460 return -ENOTTY;
2461 if (retval)
2462 return retval;
2463 if (!current->signal->tty ||
2464 (current->signal->tty != real_tty) ||
2465 (real_tty->session != task_session(current)))
2466 return -ENOTTY;
2467 if (get_user(pgrp_nr, p))
2468 return -EFAULT;
2469 if (pgrp_nr < 0)
2470 return -EINVAL;
2471 rcu_read_lock();
2472 pgrp = find_vpid(pgrp_nr);
2473 retval = -ESRCH;
2474 if (!pgrp)
2475 goto out_unlock;
2476 retval = -EPERM;
2477 if (session_of_pgrp(pgrp) != task_session(current))
2478 goto out_unlock;
2479 retval = 0;
2480 spin_lock_irqsave(&tty->ctrl_lock, flags);
2481 put_pid(real_tty->pgrp);
2482 real_tty->pgrp = get_pid(pgrp);
2483 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2484out_unlock:
2485 rcu_read_unlock();
2486 return retval;
2487}
2488
2489/**
2490 * tiocgsid - get session id
2491 * @tty: tty passed by user
2492 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2493 * @p: pointer to returned session id
2494 *
2495 * Obtain the session id of the tty. If there is no session
2496 * return an error.
2497 *
2498 * Locking: none. Reference to current->signal->tty is safe.
2499 */
2500
2501static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2502{
2503 /*
2504 * (tty == real_tty) is a cheap way of
2505 * testing if the tty is NOT a master pty.
2506 */
2507 if (tty == real_tty && current->signal->tty != real_tty)
2508 return -ENOTTY;
2509 if (!real_tty->session)
2510 return -ENOTTY;
2511 return put_user(pid_vnr(real_tty->session), p);
2512}
2513
2514/**
2515 * tiocsetd - set line discipline
2516 * @tty: tty device
2517 * @p: pointer to user data
2518 *
2519 * Set the line discipline according to user request.
2520 *
2521 * Locking: see tty_set_ldisc, this function is just a helper
2522 */
2523
2524static int tiocsetd(struct tty_struct *tty, int __user *p)
2525{
2526 int ldisc;
2527 int ret;
2528
2529 if (get_user(ldisc, p))
2530 return -EFAULT;
2531
2532 ret = tty_set_ldisc(tty, ldisc);
2533
2534 return ret;
2535}
2536
2537/**
2538 * send_break - performed time break
2539 * @tty: device to break on
2540 * @duration: timeout in mS
2541 *
2542 * Perform a timed break on hardware that lacks its own driver level
2543 * timed break functionality.
2544 *
2545 * Locking:
2546 * atomic_write_lock serializes
2547 *
2548 */
2549
2550static int send_break(struct tty_struct *tty, unsigned int duration)
2551{
2552 int retval;
2553
2554 if (tty->ops->break_ctl == NULL)
2555 return 0;
2556
2557 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2558 retval = tty->ops->break_ctl(tty, duration);
2559 else {
2560 /* Do the work ourselves */
2561 if (tty_write_lock(tty, 0) < 0)
2562 return -EINTR;
2563 retval = tty->ops->break_ctl(tty, -1);
2564 if (retval)
2565 goto out;
2566 if (!signal_pending(current))
2567 msleep_interruptible(duration);
2568 retval = tty->ops->break_ctl(tty, 0);
2569out:
2570 tty_write_unlock(tty);
2571 if (signal_pending(current))
2572 retval = -EINTR;
2573 }
2574 return retval;
2575}
2576
2577/**
2578 * tty_tiocmget - get modem status
2579 * @tty: tty device
2580 * @file: user file pointer
2581 * @p: pointer to result
2582 *
2583 * Obtain the modem status bits from the tty driver if the feature
2584 * is supported. Return -EINVAL if it is not available.
2585 *
2586 * Locking: none (up to the driver)
2587 */
2588
2589static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2590{
2591 int retval = -EINVAL;
2592
2593 if (tty->ops->tiocmget) {
2594 retval = tty->ops->tiocmget(tty);
2595
2596 if (retval >= 0)
2597 retval = put_user(retval, p);
2598 }
2599 return retval;
2600}
2601
2602/**
2603 * tty_tiocmset - set modem status
2604 * @tty: tty device
2605 * @cmd: command - clear bits, set bits or set all
2606 * @p: pointer to desired bits
2607 *
2608 * Set the modem status bits from the tty driver if the feature
2609 * is supported. Return -EINVAL if it is not available.
2610 *
2611 * Locking: none (up to the driver)
2612 */
2613
2614static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2615 unsigned __user *p)
2616{
2617 int retval;
2618 unsigned int set, clear, val;
2619
2620 if (tty->ops->tiocmset == NULL)
2621 return -EINVAL;
2622
2623 retval = get_user(val, p);
2624 if (retval)
2625 return retval;
2626 set = clear = 0;
2627 switch (cmd) {
2628 case TIOCMBIS:
2629 set = val;
2630 break;
2631 case TIOCMBIC:
2632 clear = val;
2633 break;
2634 case TIOCMSET:
2635 set = val;
2636 clear = ~val;
2637 break;
2638 }
2639 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2640 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2641 return tty->ops->tiocmset(tty, set, clear);
2642}
2643
2644static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2645{
2646 int retval = -EINVAL;
2647 struct serial_icounter_struct icount;
2648 memset(&icount, 0, sizeof(icount));
2649 if (tty->ops->get_icount)
2650 retval = tty->ops->get_icount(tty, &icount);
2651 if (retval != 0)
2652 return retval;
2653 if (copy_to_user(arg, &icount, sizeof(icount)))
2654 return -EFAULT;
2655 return 0;
2656}
2657
2658struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2659{
2660 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2661 tty->driver->subtype == PTY_TYPE_MASTER)
2662 tty = tty->link;
2663 return tty;
2664}
2665EXPORT_SYMBOL(tty_pair_get_tty);
2666
2667struct tty_struct *tty_pair_get_pty(struct tty_struct *tty)
2668{
2669 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2670 tty->driver->subtype == PTY_TYPE_MASTER)
2671 return tty;
2672 return tty->link;
2673}
2674EXPORT_SYMBOL(tty_pair_get_pty);
2675
2676/*
2677 * Split this up, as gcc can choke on it otherwise..
2678 */
2679long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2680{
2681 struct tty_struct *tty = file_tty(file);
2682 struct tty_struct *real_tty;
2683 void __user *p = (void __user *)arg;
2684 int retval;
2685 struct tty_ldisc *ld;
2686
2687 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2688 return -EINVAL;
2689
2690 real_tty = tty_pair_get_tty(tty);
2691
2692 /*
2693 * Factor out some common prep work
2694 */
2695 switch (cmd) {
2696 case TIOCSETD:
2697 case TIOCSBRK:
2698 case TIOCCBRK:
2699 case TCSBRK:
2700 case TCSBRKP:
2701 retval = tty_check_change(tty);
2702 if (retval)
2703 return retval;
2704 if (cmd != TIOCCBRK) {
2705 tty_wait_until_sent(tty, 0);
2706 if (signal_pending(current))
2707 return -EINTR;
2708 }
2709 break;
2710 }
2711
2712 /*
2713 * Now do the stuff.
2714 */
2715 switch (cmd) {
2716 case TIOCSTI:
2717 return tiocsti(tty, p);
2718 case TIOCGWINSZ:
2719 return tiocgwinsz(real_tty, p);
2720 case TIOCSWINSZ:
2721 return tiocswinsz(real_tty, p);
2722 case TIOCCONS:
2723 return real_tty != tty ? -EINVAL : tioccons(file);
2724 case FIONBIO:
2725 return fionbio(file, p);
2726 case TIOCEXCL:
2727 set_bit(TTY_EXCLUSIVE, &tty->flags);
2728 return 0;
2729 case TIOCNXCL:
2730 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2731 return 0;
2732 case TIOCGEXCL:
2733 {
2734 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2735 return put_user(excl, (int __user *)p);
2736 }
2737 case TIOCNOTTY:
2738 if (current->signal->tty != tty)
2739 return -ENOTTY;
2740 no_tty();
2741 return 0;
2742 case TIOCSCTTY:
2743 return tiocsctty(tty, arg);
2744 case TIOCGPGRP:
2745 return tiocgpgrp(tty, real_tty, p);
2746 case TIOCSPGRP:
2747 return tiocspgrp(tty, real_tty, p);
2748 case TIOCGSID:
2749 return tiocgsid(tty, real_tty, p);
2750 case TIOCGETD:
2751 return put_user(tty->ldisc->ops->num, (int __user *)p);
2752 case TIOCSETD:
2753 return tiocsetd(tty, p);
2754 case TIOCVHANGUP:
2755 if (!capable(CAP_SYS_ADMIN))
2756 return -EPERM;
2757 tty_vhangup(tty);
2758 return 0;
2759 case TIOCGDEV:
2760 {
2761 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2762 return put_user(ret, (unsigned int __user *)p);
2763 }
2764 /*
2765 * Break handling
2766 */
2767 case TIOCSBRK: /* Turn break on, unconditionally */
2768 if (tty->ops->break_ctl)
2769 return tty->ops->break_ctl(tty, -1);
2770 return 0;
2771 case TIOCCBRK: /* Turn break off, unconditionally */
2772 if (tty->ops->break_ctl)
2773 return tty->ops->break_ctl(tty, 0);
2774 return 0;
2775 case TCSBRK: /* SVID version: non-zero arg --> no break */
2776 /* non-zero arg means wait for all output data
2777 * to be sent (performed above) but don't send break.
2778 * This is used by the tcdrain() termios function.
2779 */
2780 if (!arg)
2781 return send_break(tty, 250);
2782 return 0;
2783 case TCSBRKP: /* support for POSIX tcsendbreak() */
2784 return send_break(tty, arg ? arg*100 : 250);
2785
2786 case TIOCMGET:
2787 return tty_tiocmget(tty, p);
2788 case TIOCMSET:
2789 case TIOCMBIC:
2790 case TIOCMBIS:
2791 return tty_tiocmset(tty, cmd, p);
2792 case TIOCGICOUNT:
2793 retval = tty_tiocgicount(tty, p);
2794 /* For the moment allow fall through to the old method */
2795 if (retval != -EINVAL)
2796 return retval;
2797 break;
2798 case TCFLSH:
2799 switch (arg) {
2800 case TCIFLUSH:
2801 case TCIOFLUSH:
2802 /* flush tty buffer and allow ldisc to process ioctl */
2803 tty_buffer_flush(tty);
2804 break;
2805 }
2806 break;
2807 }
2808 if (tty->ops->ioctl) {
2809 retval = (tty->ops->ioctl)(tty, cmd, arg);
2810 if (retval != -ENOIOCTLCMD)
2811 return retval;
2812 }
2813 ld = tty_ldisc_ref_wait(tty);
2814 retval = -EINVAL;
2815 if (ld->ops->ioctl) {
2816 retval = ld->ops->ioctl(tty, file, cmd, arg);
2817 if (retval == -ENOIOCTLCMD)
2818 retval = -ENOTTY;
2819 }
2820 tty_ldisc_deref(ld);
2821 return retval;
2822}
2823
2824#ifdef CONFIG_COMPAT
2825static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2826 unsigned long arg)
2827{
2828 struct tty_struct *tty = file_tty(file);
2829 struct tty_ldisc *ld;
2830 int retval = -ENOIOCTLCMD;
2831
2832 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2833 return -EINVAL;
2834
2835 if (tty->ops->compat_ioctl) {
2836 retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2837 if (retval != -ENOIOCTLCMD)
2838 return retval;
2839 }
2840
2841 ld = tty_ldisc_ref_wait(tty);
2842 if (ld->ops->compat_ioctl)
2843 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2844 else
2845 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2846 tty_ldisc_deref(ld);
2847
2848 return retval;
2849}
2850#endif
2851
2852static int this_tty(const void *t, struct file *file, unsigned fd)
2853{
2854 if (likely(file->f_op->read != tty_read))
2855 return 0;
2856 return file_tty(file) != t ? 0 : fd + 1;
2857}
2858
2859/*
2860 * This implements the "Secure Attention Key" --- the idea is to
2861 * prevent trojan horses by killing all processes associated with this
2862 * tty when the user hits the "Secure Attention Key". Required for
2863 * super-paranoid applications --- see the Orange Book for more details.
2864 *
2865 * This code could be nicer; ideally it should send a HUP, wait a few
2866 * seconds, then send a INT, and then a KILL signal. But you then
2867 * have to coordinate with the init process, since all processes associated
2868 * with the current tty must be dead before the new getty is allowed
2869 * to spawn.
2870 *
2871 * Now, if it would be correct ;-/ The current code has a nasty hole -
2872 * it doesn't catch files in flight. We may send the descriptor to ourselves
2873 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2874 *
2875 * Nasty bug: do_SAK is being called in interrupt context. This can
2876 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2877 */
2878void __do_SAK(struct tty_struct *tty)
2879{
2880#ifdef TTY_SOFT_SAK
2881 tty_hangup(tty);
2882#else
2883 struct task_struct *g, *p;
2884 struct pid *session;
2885 int i;
2886
2887 if (!tty)
2888 return;
2889 session = tty->session;
2890
2891 tty_ldisc_flush(tty);
2892
2893 tty_driver_flush_buffer(tty);
2894
2895 read_lock(&tasklist_lock);
2896 /* Kill the entire session */
2897 do_each_pid_task(session, PIDTYPE_SID, p) {
2898 printk(KERN_NOTICE "SAK: killed process %d"
2899 " (%s): task_session(p)==tty->session\n",
2900 task_pid_nr(p), p->comm);
2901 send_sig(SIGKILL, p, 1);
2902 } while_each_pid_task(session, PIDTYPE_SID, p);
2903 /* Now kill any processes that happen to have the
2904 * tty open.
2905 */
2906 do_each_thread(g, p) {
2907 if (p->signal->tty == tty) {
2908 printk(KERN_NOTICE "SAK: killed process %d"
2909 " (%s): task_session(p)==tty->session\n",
2910 task_pid_nr(p), p->comm);
2911 send_sig(SIGKILL, p, 1);
2912 continue;
2913 }
2914 task_lock(p);
2915 i = iterate_fd(p->files, 0, this_tty, tty);
2916 if (i != 0) {
2917 printk(KERN_NOTICE "SAK: killed process %d"
2918 " (%s): fd#%d opened to the tty\n",
2919 task_pid_nr(p), p->comm, i - 1);
2920 force_sig(SIGKILL, p);
2921 }
2922 task_unlock(p);
2923 } while_each_thread(g, p);
2924 read_unlock(&tasklist_lock);
2925#endif
2926}
2927
2928static void do_SAK_work(struct work_struct *work)
2929{
2930 struct tty_struct *tty =
2931 container_of(work, struct tty_struct, SAK_work);
2932 __do_SAK(tty);
2933}
2934
2935/*
2936 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2937 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2938 * the values which we write to it will be identical to the values which it
2939 * already has. --akpm
2940 */
2941void do_SAK(struct tty_struct *tty)
2942{
2943 if (!tty)
2944 return;
2945 schedule_work(&tty->SAK_work);
2946}
2947
2948EXPORT_SYMBOL(do_SAK);
2949
2950static int dev_match_devt(struct device *dev, const void *data)
2951{
2952 const dev_t *devt = data;
2953 return dev->devt == *devt;
2954}
2955
2956/* Must put_device() after it's unused! */
2957static struct device *tty_get_device(struct tty_struct *tty)
2958{
2959 dev_t devt = tty_devnum(tty);
2960 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2961}
2962
2963
2964/**
2965 * initialize_tty_struct
2966 * @tty: tty to initialize
2967 *
2968 * This subroutine initializes a tty structure that has been newly
2969 * allocated.
2970 *
2971 * Locking: none - tty in question must not be exposed at this point
2972 */
2973
2974void initialize_tty_struct(struct tty_struct *tty,
2975 struct tty_driver *driver, int idx)
2976{
2977 memset(tty, 0, sizeof(struct tty_struct));
2978 kref_init(&tty->kref);
2979 tty->magic = TTY_MAGIC;
2980 tty_ldisc_init(tty);
2981 tty->session = NULL;
2982 tty->pgrp = NULL;
2983 mutex_init(&tty->legacy_mutex);
2984 mutex_init(&tty->termios_mutex);
2985 mutex_init(&tty->ldisc_mutex);
2986 init_waitqueue_head(&tty->write_wait);
2987 init_waitqueue_head(&tty->read_wait);
2988 INIT_WORK(&tty->hangup_work, do_tty_hangup);
2989 mutex_init(&tty->atomic_write_lock);
2990 spin_lock_init(&tty->ctrl_lock);
2991 INIT_LIST_HEAD(&tty->tty_files);
2992 INIT_WORK(&tty->SAK_work, do_SAK_work);
2993
2994 tty->driver = driver;
2995 tty->ops = driver->ops;
2996 tty->index = idx;
2997 tty_line_name(driver, idx, tty->name);
2998 tty->dev = tty_get_device(tty);
2999}
3000
3001/**
3002 * deinitialize_tty_struct
3003 * @tty: tty to deinitialize
3004 *
3005 * This subroutine deinitializes a tty structure that has been newly
3006 * allocated but tty_release cannot be called on that yet.
3007 *
3008 * Locking: none - tty in question must not be exposed at this point
3009 */
3010void deinitialize_tty_struct(struct tty_struct *tty)
3011{
3012 tty_ldisc_deinit(tty);
3013}
3014
3015/**
3016 * tty_put_char - write one character to a tty
3017 * @tty: tty
3018 * @ch: character
3019 *
3020 * Write one byte to the tty using the provided put_char method
3021 * if present. Returns the number of characters successfully output.
3022 *
3023 * Note: the specific put_char operation in the driver layer may go
3024 * away soon. Don't call it directly, use this method
3025 */
3026
3027int tty_put_char(struct tty_struct *tty, unsigned char ch)
3028{
3029 if (tty->ops->put_char)
3030 return tty->ops->put_char(tty, ch);
3031 return tty->ops->write(tty, &ch, 1);
3032}
3033EXPORT_SYMBOL_GPL(tty_put_char);
3034
3035struct class *tty_class;
3036
3037static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3038 unsigned int index, unsigned int count)
3039{
3040 /* init here, since reused cdevs cause crashes */
3041 cdev_init(&driver->cdevs[index], &tty_fops);
3042 driver->cdevs[index].owner = driver->owner;
3043 return cdev_add(&driver->cdevs[index], dev, count);
3044}
3045
3046/**
3047 * tty_register_device - register a tty device
3048 * @driver: the tty driver that describes the tty device
3049 * @index: the index in the tty driver for this tty device
3050 * @device: a struct device that is associated with this tty device.
3051 * This field is optional, if there is no known struct device
3052 * for this tty device it can be set to NULL safely.
3053 *
3054 * Returns a pointer to the struct device for this tty device
3055 * (or ERR_PTR(-EFOO) on error).
3056 *
3057 * This call is required to be made to register an individual tty device
3058 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3059 * that bit is not set, this function should not be called by a tty
3060 * driver.
3061 *
3062 * Locking: ??
3063 */
3064
3065struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3066 struct device *device)
3067{
3068 return tty_register_device_attr(driver, index, device, NULL, NULL);
3069}
3070EXPORT_SYMBOL(tty_register_device);
3071
3072static void tty_device_create_release(struct device *dev)
3073{
3074 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3075 kfree(dev);
3076}
3077
3078/**
3079 * tty_register_device_attr - register a tty device
3080 * @driver: the tty driver that describes the tty device
3081 * @index: the index in the tty driver for this tty device
3082 * @device: a struct device that is associated with this tty device.
3083 * This field is optional, if there is no known struct device
3084 * for this tty device it can be set to NULL safely.
3085 * @drvdata: Driver data to be set to device.
3086 * @attr_grp: Attribute group to be set on device.
3087 *
3088 * Returns a pointer to the struct device for this tty device
3089 * (or ERR_PTR(-EFOO) on error).
3090 *
3091 * This call is required to be made to register an individual tty device
3092 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3093 * that bit is not set, this function should not be called by a tty
3094 * driver.
3095 *
3096 * Locking: ??
3097 */
3098struct device *tty_register_device_attr(struct tty_driver *driver,
3099 unsigned index, struct device *device,
3100 void *drvdata,
3101 const struct attribute_group **attr_grp)
3102{
3103 char name[64];
3104 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3105 struct device *dev = NULL;
3106 int retval = -ENODEV;
3107 bool cdev = false;
3108
3109 if (index >= driver->num) {
3110 printk(KERN_ERR "Attempt to register invalid tty line number "
3111 " (%d).\n", index);
3112 return ERR_PTR(-EINVAL);
3113 }
3114
3115 if (driver->type == TTY_DRIVER_TYPE_PTY)
3116 pty_line_name(driver, index, name);
3117 else
3118 tty_line_name(driver, index, name);
3119
3120 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3121 retval = tty_cdev_add(driver, devt, index, 1);
3122 if (retval)
3123 goto error;
3124 cdev = true;
3125 }
3126
3127 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3128 if (!dev) {
3129 retval = -ENOMEM;
3130 goto error;
3131 }
3132
3133 dev->devt = devt;
3134 dev->class = tty_class;
3135 dev->parent = device;
3136 dev->release = tty_device_create_release;
3137 dev_set_name(dev, "%s", name);
3138 dev->groups = attr_grp;
3139 dev_set_drvdata(dev, drvdata);
3140
3141 retval = device_register(dev);
3142 if (retval)
3143 goto error;
3144
3145 return dev;
3146
3147error:
3148 put_device(dev);
3149 if (cdev)
3150 cdev_del(&driver->cdevs[index]);
3151 return ERR_PTR(retval);
3152}
3153EXPORT_SYMBOL_GPL(tty_register_device_attr);
3154
3155/**
3156 * tty_unregister_device - unregister a tty device
3157 * @driver: the tty driver that describes the tty device
3158 * @index: the index in the tty driver for this tty device
3159 *
3160 * If a tty device is registered with a call to tty_register_device() then
3161 * this function must be called when the tty device is gone.
3162 *
3163 * Locking: ??
3164 */
3165
3166void tty_unregister_device(struct tty_driver *driver, unsigned index)
3167{
3168 device_destroy(tty_class,
3169 MKDEV(driver->major, driver->minor_start) + index);
3170 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3171 cdev_del(&driver->cdevs[index]);
3172}
3173EXPORT_SYMBOL(tty_unregister_device);
3174
3175/**
3176 * __tty_alloc_driver -- allocate tty driver
3177 * @lines: count of lines this driver can handle at most
3178 * @owner: module which is repsonsible for this driver
3179 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3180 *
3181 * This should not be called directly, some of the provided macros should be
3182 * used instead. Use IS_ERR and friends on @retval.
3183 */
3184struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3185 unsigned long flags)
3186{
3187 struct tty_driver *driver;
3188 unsigned int cdevs = 1;
3189 int err;
3190
3191 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3192 return ERR_PTR(-EINVAL);
3193
3194 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3195 if (!driver)
3196 return ERR_PTR(-ENOMEM);
3197
3198 kref_init(&driver->kref);
3199 driver->magic = TTY_DRIVER_MAGIC;
3200 driver->num = lines;
3201 driver->owner = owner;
3202 driver->flags = flags;
3203
3204 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3205 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3206 GFP_KERNEL);
3207 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3208 GFP_KERNEL);
3209 if (!driver->ttys || !driver->termios) {
3210 err = -ENOMEM;
3211 goto err_free_all;
3212 }
3213 }
3214
3215 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3216 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3217 GFP_KERNEL);
3218 if (!driver->ports) {
3219 err = -ENOMEM;
3220 goto err_free_all;
3221 }
3222 cdevs = lines;
3223 }
3224
3225 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3226 if (!driver->cdevs) {
3227 err = -ENOMEM;
3228 goto err_free_all;
3229 }
3230
3231 return driver;
3232err_free_all:
3233 kfree(driver->ports);
3234 kfree(driver->ttys);
3235 kfree(driver->termios);
3236 kfree(driver);
3237 return ERR_PTR(err);
3238}
3239EXPORT_SYMBOL(__tty_alloc_driver);
3240
3241static void destruct_tty_driver(struct kref *kref)
3242{
3243 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3244 int i;
3245 struct ktermios *tp;
3246
3247 if (driver->flags & TTY_DRIVER_INSTALLED) {
3248 /*
3249 * Free the termios and termios_locked structures because
3250 * we don't want to get memory leaks when modular tty
3251 * drivers are removed from the kernel.
3252 */
3253 for (i = 0; i < driver->num; i++) {
3254 tp = driver->termios[i];
3255 if (tp) {
3256 driver->termios[i] = NULL;
3257 kfree(tp);
3258 }
3259 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3260 tty_unregister_device(driver, i);
3261 }
3262 proc_tty_unregister_driver(driver);
3263 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3264 cdev_del(&driver->cdevs[0]);
3265 }
3266 kfree(driver->cdevs);
3267 kfree(driver->ports);
3268 kfree(driver->termios);
3269 kfree(driver->ttys);
3270 kfree(driver);
3271}
3272
3273void tty_driver_kref_put(struct tty_driver *driver)
3274{
3275 kref_put(&driver->kref, destruct_tty_driver);
3276}
3277EXPORT_SYMBOL(tty_driver_kref_put);
3278
3279void tty_set_operations(struct tty_driver *driver,
3280 const struct tty_operations *op)
3281{
3282 driver->ops = op;
3283};
3284EXPORT_SYMBOL(tty_set_operations);
3285
3286void put_tty_driver(struct tty_driver *d)
3287{
3288 tty_driver_kref_put(d);
3289}
3290EXPORT_SYMBOL(put_tty_driver);
3291
3292/*
3293 * Called by a tty driver to register itself.
3294 */
3295int tty_register_driver(struct tty_driver *driver)
3296{
3297 int error;
3298 int i;
3299 dev_t dev;
3300 struct device *d;
3301
3302 if (!driver->major) {
3303 error = alloc_chrdev_region(&dev, driver->minor_start,
3304 driver->num, driver->name);
3305 if (!error) {
3306 driver->major = MAJOR(dev);
3307 driver->minor_start = MINOR(dev);
3308 }
3309 } else {
3310 dev = MKDEV(driver->major, driver->minor_start);
3311 error = register_chrdev_region(dev, driver->num, driver->name);
3312 }
3313 if (error < 0)
3314 goto err;
3315
3316 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3317 error = tty_cdev_add(driver, dev, 0, driver->num);
3318 if (error)
3319 goto err_unreg_char;
3320 }
3321
3322 mutex_lock(&tty_mutex);
3323 list_add(&driver->tty_drivers, &tty_drivers);
3324 mutex_unlock(&tty_mutex);
3325
3326 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3327 for (i = 0; i < driver->num; i++) {
3328 d = tty_register_device(driver, i, NULL);
3329 if (IS_ERR(d)) {
3330 error = PTR_ERR(d);
3331 goto err_unreg_devs;
3332 }
3333 }
3334 }
3335 proc_tty_register_driver(driver);
3336 driver->flags |= TTY_DRIVER_INSTALLED;
3337 return 0;
3338
3339err_unreg_devs:
3340 for (i--; i >= 0; i--)
3341 tty_unregister_device(driver, i);
3342
3343 mutex_lock(&tty_mutex);
3344 list_del(&driver->tty_drivers);
3345 mutex_unlock(&tty_mutex);
3346
3347err_unreg_char:
3348 unregister_chrdev_region(dev, driver->num);
3349err:
3350 return error;
3351}
3352EXPORT_SYMBOL(tty_register_driver);
3353
3354/*
3355 * Called by a tty driver to unregister itself.
3356 */
3357int tty_unregister_driver(struct tty_driver *driver)
3358{
3359#if 0
3360 /* FIXME */
3361 if (driver->refcount)
3362 return -EBUSY;
3363#endif
3364 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3365 driver->num);
3366 mutex_lock(&tty_mutex);
3367 list_del(&driver->tty_drivers);
3368 mutex_unlock(&tty_mutex);
3369 return 0;
3370}
3371
3372EXPORT_SYMBOL(tty_unregister_driver);
3373
3374dev_t tty_devnum(struct tty_struct *tty)
3375{
3376 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3377}
3378EXPORT_SYMBOL(tty_devnum);
3379
3380void proc_clear_tty(struct task_struct *p)
3381{
3382 unsigned long flags;
3383 struct tty_struct *tty;
3384 spin_lock_irqsave(&p->sighand->siglock, flags);
3385 tty = p->signal->tty;
3386 p->signal->tty = NULL;
3387 spin_unlock_irqrestore(&p->sighand->siglock, flags);
3388 tty_kref_put(tty);
3389}
3390
3391/* Called under the sighand lock */
3392
3393static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3394{
3395 if (tty) {
3396 unsigned long flags;
3397 /* We should not have a session or pgrp to put here but.... */
3398 spin_lock_irqsave(&tty->ctrl_lock, flags);
3399 put_pid(tty->session);
3400 put_pid(tty->pgrp);
3401 tty->pgrp = get_pid(task_pgrp(tsk));
3402 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3403 tty->session = get_pid(task_session(tsk));
3404 if (tsk->signal->tty) {
3405 printk(KERN_DEBUG "tty not NULL!!\n");
3406 tty_kref_put(tsk->signal->tty);
3407 }
3408 }
3409 put_pid(tsk->signal->tty_old_pgrp);
3410 tsk->signal->tty = tty_kref_get(tty);
3411 tsk->signal->tty_old_pgrp = NULL;
3412}
3413
3414static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3415{
3416 spin_lock_irq(&tsk->sighand->siglock);
3417 __proc_set_tty(tsk, tty);
3418 spin_unlock_irq(&tsk->sighand->siglock);
3419}
3420
3421struct tty_struct *get_current_tty(void)
3422{
3423 struct tty_struct *tty;
3424 unsigned long flags;
3425
3426 spin_lock_irqsave(&current->sighand->siglock, flags);
3427 tty = tty_kref_get(current->signal->tty);
3428 spin_unlock_irqrestore(&current->sighand->siglock, flags);
3429 return tty;
3430}
3431EXPORT_SYMBOL_GPL(get_current_tty);
3432
3433void tty_default_fops(struct file_operations *fops)
3434{
3435 *fops = tty_fops;
3436}
3437
3438/*
3439 * Initialize the console device. This is called *early*, so
3440 * we can't necessarily depend on lots of kernel help here.
3441 * Just do some early initializations, and do the complex setup
3442 * later.
3443 */
3444void __init console_init(void)
3445{
3446 initcall_t *call;
3447
3448 /* Setup the default TTY line discipline. */
3449 tty_ldisc_begin();
3450
3451 /*
3452 * set up the console device so that later boot sequences can
3453 * inform about problems etc..
3454 */
3455 call = __con_initcall_start;
3456 while (call < __con_initcall_end) {
3457 (*call)();
3458 call++;
3459 }
3460}
3461
3462static char *tty_devnode(struct device *dev, umode_t *mode)
3463{
3464 if (!mode)
3465 return NULL;
3466 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3467 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3468 *mode = 0666;
3469 return NULL;
3470}
3471
3472static int __init tty_class_init(void)
3473{
3474 tty_class = class_create(THIS_MODULE, "tty");
3475 if (IS_ERR(tty_class))
3476 return PTR_ERR(tty_class);
3477 tty_class->devnode = tty_devnode;
3478 return 0;
3479}
3480
3481postcore_initcall(tty_class_init);
3482
3483/* 3/2004 jmc: why do these devices exist? */
3484static struct cdev tty_cdev, console_cdev;
3485
3486static ssize_t show_cons_active(struct device *dev,
3487 struct device_attribute *attr, char *buf)
3488{
3489 struct console *cs[16];
3490 int i = 0;
3491 struct console *c;
3492 ssize_t count = 0;
3493
3494 console_lock();
3495 for_each_console(c) {
3496 if (!c->device)
3497 continue;
3498 if (!c->write)
3499 continue;
3500 if ((c->flags & CON_ENABLED) == 0)
3501 continue;
3502 cs[i++] = c;
3503 if (i >= ARRAY_SIZE(cs))
3504 break;
3505 }
3506 while (i--)
3507 count += sprintf(buf + count, "%s%d%c",
3508 cs[i]->name, cs[i]->index, i ? ' ':'\n');
3509 console_unlock();
3510
3511 return count;
3512}
3513static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3514
3515static struct device *consdev;
3516
3517void console_sysfs_notify(void)
3518{
3519 if (consdev)
3520 sysfs_notify(&consdev->kobj, NULL, "active");
3521}
3522
3523/*
3524 * Ok, now we can initialize the rest of the tty devices and can count
3525 * on memory allocations, interrupts etc..
3526 */
3527int __init tty_init(void)
3528{
3529 cdev_init(&tty_cdev, &tty_fops);
3530 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3531 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3532 panic("Couldn't register /dev/tty driver\n");
3533 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3534
3535 cdev_init(&console_cdev, &console_fops);
3536 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3537 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3538 panic("Couldn't register /dev/console driver\n");
3539 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3540 "console");
3541 if (IS_ERR(consdev))
3542 consdev = NULL;
3543 else
3544 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3545
3546#ifdef CONFIG_VT
3547 vty_init(&console_fops);
3548#endif
3549 return 0;
3550}
3551
Linux 6.x block layer and io_uring tree(s)