projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
tty: implement write_iter
[linux-2.6-block.git] / drivers / tty / tty_io.c
... / ...
CommitLineData
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6/*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched/signal.h>
74#include <linux/sched/task.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/fdtable.h>
82#include <linux/console.h>
83#include <linux/timer.h>
84#include <linux/ctype.h>
85#include <linux/kd.h>
86#include <linux/mm.h>
87#include <linux/string.h>
88#include <linux/slab.h>
89#include <linux/poll.h>
90#include <linux/ppp-ioctl.h>
91#include <linux/proc_fs.h>
92#include <linux/init.h>
93#include <linux/module.h>
94#include <linux/device.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
97#include <linux/delay.h>
98#include <linux/seq_file.h>
99#include <linux/serial.h>
100#include <linux/ratelimit.h>
101#include <linux/compat.h>
102
103#include <linux/uaccess.h>
104
105#include <linux/kbd_kern.h>
106#include <linux/vt_kern.h>
107#include <linux/selection.h>
108
109#include <linux/kmod.h>
110#include <linux/nsproxy.h>
111
112#undef TTY_DEBUG_HANGUP
113#ifdef TTY_DEBUG_HANGUP
114# define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
115#else
116# define tty_debug_hangup(tty, f, args...) do { } while (0)
117#endif
118
119#define TTY_PARANOIA_CHECK 1
120#define CHECK_TTY_COUNT 1
121
122struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
123 .c_iflag = ICRNL | IXON,
124 .c_oflag = OPOST | ONLCR,
125 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
126 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
127 ECHOCTL | ECHOKE | IEXTEN,
128 .c_cc = INIT_C_CC,
129 .c_ispeed = 38400,
130 .c_ospeed = 38400,
131 /* .c_line = N_TTY, */
132};
133
134EXPORT_SYMBOL(tty_std_termios);
135
136/* This list gets poked at by procfs and various bits of boot up code. This
137 could do with some rationalisation such as pulling the tty proc function
138 into this file */
139
140LIST_HEAD(tty_drivers); /* linked list of tty drivers */
141
142/* Mutex to protect creating and releasing a tty */
143DEFINE_MUTEX(tty_mutex);
144
145static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
146static ssize_t tty_write(struct kiocb *, struct iov_iter *);
147ssize_t redirected_tty_write(struct kiocb *, struct iov_iter *);
148static __poll_t tty_poll(struct file *, poll_table *);
149static int tty_open(struct inode *, struct file *);
150long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
151#ifdef CONFIG_COMPAT
152static long tty_compat_ioctl(struct file *file, unsigned int cmd,
153 unsigned long arg);
154#else
155#define tty_compat_ioctl NULL
156#endif
157static int __tty_fasync(int fd, struct file *filp, int on);
158static int tty_fasync(int fd, struct file *filp, int on);
159static void release_tty(struct tty_struct *tty, int idx);
160
161/**
162 * free_tty_struct - free a disused tty
163 * @tty: tty struct to free
164 *
165 * Free the write buffers, tty queue and tty memory itself.
166 *
167 * Locking: none. Must be called after tty is definitely unused
168 */
169
170static void free_tty_struct(struct tty_struct *tty)
171{
172 tty_ldisc_deinit(tty);
173 put_device(tty->dev);
174 kfree(tty->write_buf);
175 tty->magic = 0xDEADDEAD;
176 kfree(tty);
177}
178
179static inline struct tty_struct *file_tty(struct file *file)
180{
181 return ((struct tty_file_private *)file->private_data)->tty;
182}
183
184int tty_alloc_file(struct file *file)
185{
186 struct tty_file_private *priv;
187
188 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
189 if (!priv)
190 return -ENOMEM;
191
192 file->private_data = priv;
193
194 return 0;
195}
196
197/* Associate a new file with the tty structure */
198void tty_add_file(struct tty_struct *tty, struct file *file)
199{
200 struct tty_file_private *priv = file->private_data;
201
202 priv->tty = tty;
203 priv->file = file;
204
205 spin_lock(&tty->files_lock);
206 list_add(&priv->list, &tty->tty_files);
207 spin_unlock(&tty->files_lock);
208}
209
210/**
211 * tty_free_file - free file->private_data
212 *
213 * This shall be used only for fail path handling when tty_add_file was not
214 * called yet.
215 */
216void tty_free_file(struct file *file)
217{
218 struct tty_file_private *priv = file->private_data;
219
220 file->private_data = NULL;
221 kfree(priv);
222}
223
224/* Delete file from its tty */
225static void tty_del_file(struct file *file)
226{
227 struct tty_file_private *priv = file->private_data;
228 struct tty_struct *tty = priv->tty;
229
230 spin_lock(&tty->files_lock);
231 list_del(&priv->list);
232 spin_unlock(&tty->files_lock);
233 tty_free_file(file);
234}
235
236/**
237 * tty_name - return tty naming
238 * @tty: tty structure
239 *
240 * Convert a tty structure into a name. The name reflects the kernel
241 * naming policy and if udev is in use may not reflect user space
242 *
243 * Locking: none
244 */
245
246const char *tty_name(const struct tty_struct *tty)
247{
248 if (!tty) /* Hmm. NULL pointer. That's fun. */
249 return "NULL tty";
250 return tty->name;
251}
252
253EXPORT_SYMBOL(tty_name);
254
255const char *tty_driver_name(const struct tty_struct *tty)
256{
257 if (!tty || !tty->driver)
258 return "";
259 return tty->driver->name;
260}
261
262static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
263 const char *routine)
264{
265#ifdef TTY_PARANOIA_CHECK
266 if (!tty) {
267 pr_warn("(%d:%d): %s: NULL tty\n",
268 imajor(inode), iminor(inode), routine);
269 return 1;
270 }
271 if (tty->magic != TTY_MAGIC) {
272 pr_warn("(%d:%d): %s: bad magic number\n",
273 imajor(inode), iminor(inode), routine);
274 return 1;
275 }
276#endif
277 return 0;
278}
279
280/* Caller must hold tty_lock */
281static int check_tty_count(struct tty_struct *tty, const char *routine)
282{
283#ifdef CHECK_TTY_COUNT
284 struct list_head *p;
285 int count = 0, kopen_count = 0;
286
287 spin_lock(&tty->files_lock);
288 list_for_each(p, &tty->tty_files) {
289 count++;
290 }
291 spin_unlock(&tty->files_lock);
292 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
293 tty->driver->subtype == PTY_TYPE_SLAVE &&
294 tty->link && tty->link->count)
295 count++;
296 if (tty_port_kopened(tty->port))
297 kopen_count++;
298 if (tty->count != (count + kopen_count)) {
299 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
300 routine, tty->count, count, kopen_count);
301 return (count + kopen_count);
302 }
303#endif
304 return 0;
305}
306
307/**
308 * get_tty_driver - find device of a tty
309 * @device: device identifier
310 * @index: returns the index of the tty
311 *
312 * This routine returns a tty driver structure, given a device number
313 * and also passes back the index number.
314 *
315 * Locking: caller must hold tty_mutex
316 */
317
318static struct tty_driver *get_tty_driver(dev_t device, int *index)
319{
320 struct tty_driver *p;
321
322 list_for_each_entry(p, &tty_drivers, tty_drivers) {
323 dev_t base = MKDEV(p->major, p->minor_start);
324 if (device < base || device >= base + p->num)
325 continue;
326 *index = device - base;
327 return tty_driver_kref_get(p);
328 }
329 return NULL;
330}
331
332/**
333 * tty_dev_name_to_number - return dev_t for device name
334 * @name: user space name of device under /dev
335 * @number: pointer to dev_t that this function will populate
336 *
337 * This function converts device names like ttyS0 or ttyUSB1 into dev_t
338 * like (4, 64) or (188, 1). If no corresponding driver is registered then
339 * the function returns -ENODEV.
340 *
341 * Locking: this acquires tty_mutex to protect the tty_drivers list from
342 * being modified while we are traversing it, and makes sure to
343 * release it before exiting.
344 */
345int tty_dev_name_to_number(const char *name, dev_t *number)
346{
347 struct tty_driver *p;
348 int ret;
349 int index, prefix_length = 0;
350 const char *str;
351
352 for (str = name; *str && !isdigit(*str); str++)
353 ;
354
355 if (!*str)
356 return -EINVAL;
357
358 ret = kstrtoint(str, 10, &index);
359 if (ret)
360 return ret;
361
362 prefix_length = str - name;
363 mutex_lock(&tty_mutex);
364
365 list_for_each_entry(p, &tty_drivers, tty_drivers)
366 if (prefix_length == strlen(p->name) && strncmp(name,
367 p->name, prefix_length) == 0) {
368 if (index < p->num) {
369 *number = MKDEV(p->major, p->minor_start + index);
370 goto out;
371 }
372 }
373
374 /* if here then driver wasn't found */
375 ret = -ENODEV;
376out:
377 mutex_unlock(&tty_mutex);
378 return ret;
379}
380EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
381
382#ifdef CONFIG_CONSOLE_POLL
383
384/**
385 * tty_find_polling_driver - find device of a polled tty
386 * @name: name string to match
387 * @line: pointer to resulting tty line nr
388 *
389 * This routine returns a tty driver structure, given a name
390 * and the condition that the tty driver is capable of polled
391 * operation.
392 */
393struct tty_driver *tty_find_polling_driver(char *name, int *line)
394{
395 struct tty_driver *p, *res = NULL;
396 int tty_line = 0;
397 int len;
398 char *str, *stp;
399
400 for (str = name; *str; str++)
401 if ((*str >= '0' && *str <= '9') || *str == ',')
402 break;
403 if (!*str)
404 return NULL;
405
406 len = str - name;
407 tty_line = simple_strtoul(str, &str, 10);
408
409 mutex_lock(&tty_mutex);
410 /* Search through the tty devices to look for a match */
411 list_for_each_entry(p, &tty_drivers, tty_drivers) {
412 if (!len || strncmp(name, p->name, len) != 0)
413 continue;
414 stp = str;
415 if (*stp == ',')
416 stp++;
417 if (*stp == '\0')
418 stp = NULL;
419
420 if (tty_line >= 0 && tty_line < p->num && p->ops &&
421 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
422 res = tty_driver_kref_get(p);
423 *line = tty_line;
424 break;
425 }
426 }
427 mutex_unlock(&tty_mutex);
428
429 return res;
430}
431EXPORT_SYMBOL_GPL(tty_find_polling_driver);
432#endif
433
434static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
435 size_t count, loff_t *ppos)
436{
437 return 0;
438}
439
440static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
441 size_t count, loff_t *ppos)
442{
443 return -EIO;
444}
445
446/* No kernel lock held - none needed ;) */
447static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
448{
449 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
450}
451
452static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
453 unsigned long arg)
454{
455 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
456}
457
458static long hung_up_tty_compat_ioctl(struct file *file,
459 unsigned int cmd, unsigned long arg)
460{
461 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
462}
463
464static int hung_up_tty_fasync(int fd, struct file *file, int on)
465{
466 return -ENOTTY;
467}
468
469static void tty_show_fdinfo(struct seq_file *m, struct file *file)
470{
471 struct tty_struct *tty = file_tty(file);
472
473 if (tty && tty->ops && tty->ops->show_fdinfo)
474 tty->ops->show_fdinfo(tty, m);
475}
476
477static const struct file_operations tty_fops = {
478 .llseek = no_llseek,
479 .read = tty_read,
480 .write_iter = tty_write,
481 .splice_write = iter_file_splice_write,
482 .poll = tty_poll,
483 .unlocked_ioctl = tty_ioctl,
484 .compat_ioctl = tty_compat_ioctl,
485 .open = tty_open,
486 .release = tty_release,
487 .fasync = tty_fasync,
488 .show_fdinfo = tty_show_fdinfo,
489};
490
491static const struct file_operations console_fops = {
492 .llseek = no_llseek,
493 .read = tty_read,
494 .write_iter = redirected_tty_write,
495 .splice_write = iter_file_splice_write,
496 .poll = tty_poll,
497 .unlocked_ioctl = tty_ioctl,
498 .compat_ioctl = tty_compat_ioctl,
499 .open = tty_open,
500 .release = tty_release,
501 .fasync = tty_fasync,
502};
503
504static const struct file_operations hung_up_tty_fops = {
505 .llseek = no_llseek,
506 .read = hung_up_tty_read,
507 .write = hung_up_tty_write,
508 .poll = hung_up_tty_poll,
509 .unlocked_ioctl = hung_up_tty_ioctl,
510 .compat_ioctl = hung_up_tty_compat_ioctl,
511 .release = tty_release,
512 .fasync = hung_up_tty_fasync,
513};
514
515static DEFINE_SPINLOCK(redirect_lock);
516static struct file *redirect;
517
518extern void tty_sysctl_init(void);
519
520/**
521 * tty_wakeup - request more data
522 * @tty: terminal
523 *
524 * Internal and external helper for wakeups of tty. This function
525 * informs the line discipline if present that the driver is ready
526 * to receive more output data.
527 */
528
529void tty_wakeup(struct tty_struct *tty)
530{
531 struct tty_ldisc *ld;
532
533 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
534 ld = tty_ldisc_ref(tty);
535 if (ld) {
536 if (ld->ops->write_wakeup)
537 ld->ops->write_wakeup(tty);
538 tty_ldisc_deref(ld);
539 }
540 }
541 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
542}
543
544EXPORT_SYMBOL_GPL(tty_wakeup);
545
546/**
547 * __tty_hangup - actual handler for hangup events
548 * @tty: tty device
549 *
550 * This can be called by a "kworker" kernel thread. That is process
551 * synchronous but doesn't hold any locks, so we need to make sure we
552 * have the appropriate locks for what we're doing.
553 *
554 * The hangup event clears any pending redirections onto the hung up
555 * device. It ensures future writes will error and it does the needed
556 * line discipline hangup and signal delivery. The tty object itself
557 * remains intact.
558 *
559 * Locking:
560 * BTM
561 * redirect lock for undoing redirection
562 * file list lock for manipulating list of ttys
563 * tty_ldiscs_lock from called functions
564 * termios_rwsem resetting termios data
565 * tasklist_lock to walk task list for hangup event
566 * ->siglock to protect ->signal/->sighand
567 */
568static void __tty_hangup(struct tty_struct *tty, int exit_session)
569{
570 struct file *cons_filp = NULL;
571 struct file *filp, *f = NULL;
572 struct tty_file_private *priv;
573 int closecount = 0, n;
574 int refs;
575
576 if (!tty)
577 return;
578
579
580 spin_lock(&redirect_lock);
581 if (redirect && file_tty(redirect) == tty) {
582 f = redirect;
583 redirect = NULL;
584 }
585 spin_unlock(&redirect_lock);
586
587 tty_lock(tty);
588
589 if (test_bit(TTY_HUPPED, &tty->flags)) {
590 tty_unlock(tty);
591 return;
592 }
593
594 /*
595 * Some console devices aren't actually hung up for technical and
596 * historical reasons, which can lead to indefinite interruptible
597 * sleep in n_tty_read(). The following explicitly tells
598 * n_tty_read() to abort readers.
599 */
600 set_bit(TTY_HUPPING, &tty->flags);
601
602 /* inuse_filps is protected by the single tty lock,
603 this really needs to change if we want to flush the
604 workqueue with the lock held */
605 check_tty_count(tty, "tty_hangup");
606
607 spin_lock(&tty->files_lock);
608 /* This breaks for file handles being sent over AF_UNIX sockets ? */
609 list_for_each_entry(priv, &tty->tty_files, list) {
610 filp = priv->file;
611 if (filp->f_op->write_iter == redirected_tty_write)
612 cons_filp = filp;
613 if (filp->f_op->write_iter != tty_write)
614 continue;
615 closecount++;
616 __tty_fasync(-1, filp, 0); /* can't block */
617 filp->f_op = &hung_up_tty_fops;
618 }
619 spin_unlock(&tty->files_lock);
620
621 refs = tty_signal_session_leader(tty, exit_session);
622 /* Account for the p->signal references we killed */
623 while (refs--)
624 tty_kref_put(tty);
625
626 tty_ldisc_hangup(tty, cons_filp != NULL);
627
628 spin_lock_irq(&tty->ctrl_lock);
629 clear_bit(TTY_THROTTLED, &tty->flags);
630 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
631 put_pid(tty->session);
632 put_pid(tty->pgrp);
633 tty->session = NULL;
634 tty->pgrp = NULL;
635 tty->ctrl_status = 0;
636 spin_unlock_irq(&tty->ctrl_lock);
637
638 /*
639 * If one of the devices matches a console pointer, we
640 * cannot just call hangup() because that will cause
641 * tty->count and state->count to go out of sync.
642 * So we just call close() the right number of times.
643 */
644 if (cons_filp) {
645 if (tty->ops->close)
646 for (n = 0; n < closecount; n++)
647 tty->ops->close(tty, cons_filp);
648 } else if (tty->ops->hangup)
649 tty->ops->hangup(tty);
650 /*
651 * We don't want to have driver/ldisc interactions beyond the ones
652 * we did here. The driver layer expects no calls after ->hangup()
653 * from the ldisc side, which is now guaranteed.
654 */
655 set_bit(TTY_HUPPED, &tty->flags);
656 clear_bit(TTY_HUPPING, &tty->flags);
657 tty_unlock(tty);
658
659 if (f)
660 fput(f);
661}
662
663static void do_tty_hangup(struct work_struct *work)
664{
665 struct tty_struct *tty =
666 container_of(work, struct tty_struct, hangup_work);
667
668 __tty_hangup(tty, 0);
669}
670
671/**
672 * tty_hangup - trigger a hangup event
673 * @tty: tty to hangup
674 *
675 * A carrier loss (virtual or otherwise) has occurred on this like
676 * schedule a hangup sequence to run after this event.
677 */
678
679void tty_hangup(struct tty_struct *tty)
680{
681 tty_debug_hangup(tty, "hangup\n");
682 schedule_work(&tty->hangup_work);
683}
684
685EXPORT_SYMBOL(tty_hangup);
686
687/**
688 * tty_vhangup - process vhangup
689 * @tty: tty to hangup
690 *
691 * The user has asked via system call for the terminal to be hung up.
692 * We do this synchronously so that when the syscall returns the process
693 * is complete. That guarantee is necessary for security reasons.
694 */
695
696void tty_vhangup(struct tty_struct *tty)
697{
698 tty_debug_hangup(tty, "vhangup\n");
699 __tty_hangup(tty, 0);
700}
701
702EXPORT_SYMBOL(tty_vhangup);
703
704
705/**
706 * tty_vhangup_self - process vhangup for own ctty
707 *
708 * Perform a vhangup on the current controlling tty
709 */
710
711void tty_vhangup_self(void)
712{
713 struct tty_struct *tty;
714
715 tty = get_current_tty();
716 if (tty) {
717 tty_vhangup(tty);
718 tty_kref_put(tty);
719 }
720}
721
722/**
723 * tty_vhangup_session - hangup session leader exit
724 * @tty: tty to hangup
725 *
726 * The session leader is exiting and hanging up its controlling terminal.
727 * Every process in the foreground process group is signalled SIGHUP.
728 *
729 * We do this synchronously so that when the syscall returns the process
730 * is complete. That guarantee is necessary for security reasons.
731 */
732
733void tty_vhangup_session(struct tty_struct *tty)
734{
735 tty_debug_hangup(tty, "session hangup\n");
736 __tty_hangup(tty, 1);
737}
738
739/**
740 * tty_hung_up_p - was tty hung up
741 * @filp: file pointer of tty
742 *
743 * Return true if the tty has been subject to a vhangup or a carrier
744 * loss
745 */
746
747int tty_hung_up_p(struct file *filp)
748{
749 return (filp && filp->f_op == &hung_up_tty_fops);
750}
751
752EXPORT_SYMBOL(tty_hung_up_p);
753
754/**
755 * stop_tty - propagate flow control
756 * @tty: tty to stop
757 *
758 * Perform flow control to the driver. May be called
759 * on an already stopped device and will not re-call the driver
760 * method.
761 *
762 * This functionality is used by both the line disciplines for
763 * halting incoming flow and by the driver. It may therefore be
764 * called from any context, may be under the tty atomic_write_lock
765 * but not always.
766 *
767 * Locking:
768 * flow_lock
769 */
770
771void __stop_tty(struct tty_struct *tty)
772{
773 if (tty->stopped)
774 return;
775 tty->stopped = 1;
776 if (tty->ops->stop)
777 tty->ops->stop(tty);
778}
779
780void stop_tty(struct tty_struct *tty)
781{
782 unsigned long flags;
783
784 spin_lock_irqsave(&tty->flow_lock, flags);
785 __stop_tty(tty);
786 spin_unlock_irqrestore(&tty->flow_lock, flags);
787}
788EXPORT_SYMBOL(stop_tty);
789
790/**
791 * start_tty - propagate flow control
792 * @tty: tty to start
793 *
794 * Start a tty that has been stopped if at all possible. If this
795 * tty was previous stopped and is now being started, the driver
796 * start method is invoked and the line discipline woken.
797 *
798 * Locking:
799 * flow_lock
800 */
801
802void __start_tty(struct tty_struct *tty)
803{
804 if (!tty->stopped || tty->flow_stopped)
805 return;
806 tty->stopped = 0;
807 if (tty->ops->start)
808 tty->ops->start(tty);
809 tty_wakeup(tty);
810}
811
812void start_tty(struct tty_struct *tty)
813{
814 unsigned long flags;
815
816 spin_lock_irqsave(&tty->flow_lock, flags);
817 __start_tty(tty);
818 spin_unlock_irqrestore(&tty->flow_lock, flags);
819}
820EXPORT_SYMBOL(start_tty);
821
822static void tty_update_time(struct timespec64 *time)
823{
824 time64_t sec = ktime_get_real_seconds();
825
826 /*
827 * We only care if the two values differ in anything other than the
828 * lower three bits (i.e every 8 seconds). If so, then we can update
829 * the time of the tty device, otherwise it could be construded as a
830 * security leak to let userspace know the exact timing of the tty.
831 */
832 if ((sec ^ time->tv_sec) & ~7)
833 time->tv_sec = sec;
834}
835
836/**
837 * tty_read - read method for tty device files
838 * @file: pointer to tty file
839 * @buf: user buffer
840 * @count: size of user buffer
841 * @ppos: unused
842 *
843 * Perform the read system call function on this terminal device. Checks
844 * for hung up devices before calling the line discipline method.
845 *
846 * Locking:
847 * Locks the line discipline internally while needed. Multiple
848 * read calls may be outstanding in parallel.
849 */
850
851static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
852 loff_t *ppos)
853{
854 int i;
855 struct inode *inode = file_inode(file);
856 struct tty_struct *tty = file_tty(file);
857 struct tty_ldisc *ld;
858
859 if (tty_paranoia_check(tty, inode, "tty_read"))
860 return -EIO;
861 if (!tty || tty_io_error(tty))
862 return -EIO;
863
864 /* We want to wait for the line discipline to sort out in this
865 situation */
866 ld = tty_ldisc_ref_wait(tty);
867 if (!ld)
868 return hung_up_tty_read(file, buf, count, ppos);
869 if (ld->ops->read)
870 i = ld->ops->read(tty, file, buf, count);
871 else
872 i = -EIO;
873 tty_ldisc_deref(ld);
874
875 if (i > 0)
876 tty_update_time(&inode->i_atime);
877
878 return i;
879}
880
881static void tty_write_unlock(struct tty_struct *tty)
882{
883 mutex_unlock(&tty->atomic_write_lock);
884 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
885}
886
887static int tty_write_lock(struct tty_struct *tty, int ndelay)
888{
889 if (!mutex_trylock(&tty->atomic_write_lock)) {
890 if (ndelay)
891 return -EAGAIN;
892 if (mutex_lock_interruptible(&tty->atomic_write_lock))
893 return -ERESTARTSYS;
894 }
895 return 0;
896}
897
898/*
899 * Split writes up in sane blocksizes to avoid
900 * denial-of-service type attacks
901 */
902static inline ssize_t do_tty_write(
903 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
904 struct tty_struct *tty,
905 struct file *file,
906 struct iov_iter *from)
907{
908 size_t count = iov_iter_count(from);
909 ssize_t ret, written = 0;
910 unsigned int chunk;
911
912 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
913 if (ret < 0)
914 return ret;
915
916 /*
917 * We chunk up writes into a temporary buffer. This
918 * simplifies low-level drivers immensely, since they
919 * don't have locking issues and user mode accesses.
920 *
921 * But if TTY_NO_WRITE_SPLIT is set, we should use a
922 * big chunk-size..
923 *
924 * The default chunk-size is 2kB, because the NTTY
925 * layer has problems with bigger chunks. It will
926 * claim to be able to handle more characters than
927 * it actually does.
928 *
929 * FIXME: This can probably go away now except that 64K chunks
930 * are too likely to fail unless switched to vmalloc...
931 */
932 chunk = 2048;
933 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
934 chunk = 65536;
935 if (count < chunk)
936 chunk = count;
937
938 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
939 if (tty->write_cnt < chunk) {
940 unsigned char *buf_chunk;
941
942 if (chunk < 1024)
943 chunk = 1024;
944
945 buf_chunk = kmalloc(chunk, GFP_KERNEL);
946 if (!buf_chunk) {
947 ret = -ENOMEM;
948 goto out;
949 }
950 kfree(tty->write_buf);
951 tty->write_cnt = chunk;
952 tty->write_buf = buf_chunk;
953 }
954
955 /* Do the write .. */
956 for (;;) {
957 size_t size = count;
958 if (size > chunk)
959 size = chunk;
960
961 ret = -EFAULT;
962 if (copy_from_iter(tty->write_buf, size, from) != size)
963 break;
964
965 ret = write(tty, file, tty->write_buf, size);
966 if (ret <= 0)
967 break;
968
969 /* FIXME! Have Al check this! */
970 if (ret != size)
971 iov_iter_revert(from, size-ret);
972
973 written += ret;
974 count -= ret;
975 if (!count)
976 break;
977 ret = -ERESTARTSYS;
978 if (signal_pending(current))
979 break;
980 cond_resched();
981 }
982 if (written) {
983 tty_update_time(&file_inode(file)->i_mtime);
984 ret = written;
985 }
986out:
987 tty_write_unlock(tty);
988 return ret;
989}
990
991/**
992 * tty_write_message - write a message to a certain tty, not just the console.
993 * @tty: the destination tty_struct
994 * @msg: the message to write
995 *
996 * This is used for messages that need to be redirected to a specific tty.
997 * We don't put it into the syslog queue right now maybe in the future if
998 * really needed.
999 *
1000 * We must still hold the BTM and test the CLOSING flag for the moment.
1001 */
1002
1003void tty_write_message(struct tty_struct *tty, char *msg)
1004{
1005 if (tty) {
1006 mutex_lock(&tty->atomic_write_lock);
1007 tty_lock(tty);
1008 if (tty->ops->write && tty->count > 0)
1009 tty->ops->write(tty, msg, strlen(msg));
1010 tty_unlock(tty);
1011 tty_write_unlock(tty);
1012 }
1013 return;
1014}
1015
1016
1017/**
1018 * tty_write - write method for tty device file
1019 * @file: tty file pointer
1020 * @buf: user data to write
1021 * @count: bytes to write
1022 * @ppos: unused
1023 *
1024 * Write data to a tty device via the line discipline.
1025 *
1026 * Locking:
1027 * Locks the line discipline as required
1028 * Writes to the tty driver are serialized by the atomic_write_lock
1029 * and are then processed in chunks to the device. The line discipline
1030 * write method will not be invoked in parallel for each device.
1031 */
1032
1033static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1034{
1035 struct file *file = iocb->ki_filp;
1036 struct tty_struct *tty = file_tty(file);
1037 struct tty_ldisc *ld;
1038 ssize_t ret;
1039
1040 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1041 return -EIO;
1042 if (!tty || !tty->ops->write || tty_io_error(tty))
1043 return -EIO;
1044 /* Short term debug to catch buggy drivers */
1045 if (tty->ops->write_room == NULL)
1046 tty_err(tty, "missing write_room method\n");
1047 ld = tty_ldisc_ref_wait(tty);
1048 if (!ld || !ld->ops->write)
1049 ret = -EIO;
1050 else
1051 ret = do_tty_write(ld->ops->write, tty, file, from);
1052 tty_ldisc_deref(ld);
1053 return ret;
1054}
1055
1056ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1057{
1058 struct file *p = NULL;
1059
1060 spin_lock(&redirect_lock);
1061 if (redirect)
1062 p = get_file(redirect);
1063 spin_unlock(&redirect_lock);
1064
1065 if (p) {
1066 ssize_t res;
1067 res = vfs_iocb_iter_write(p, iocb, iter);
1068 fput(p);
1069 return res;
1070 }
1071 return tty_write(iocb, iter);
1072}
1073
1074/**
1075 * tty_send_xchar - send priority character
1076 *
1077 * Send a high priority character to the tty even if stopped
1078 *
1079 * Locking: none for xchar method, write ordering for write method.
1080 */
1081
1082int tty_send_xchar(struct tty_struct *tty, char ch)
1083{
1084 int was_stopped = tty->stopped;
1085
1086 if (tty->ops->send_xchar) {
1087 down_read(&tty->termios_rwsem);
1088 tty->ops->send_xchar(tty, ch);
1089 up_read(&tty->termios_rwsem);
1090 return 0;
1091 }
1092
1093 if (tty_write_lock(tty, 0) < 0)
1094 return -ERESTARTSYS;
1095
1096 down_read(&tty->termios_rwsem);
1097 if (was_stopped)
1098 start_tty(tty);
1099 tty->ops->write(tty, &ch, 1);
1100 if (was_stopped)
1101 stop_tty(tty);
1102 up_read(&tty->termios_rwsem);
1103 tty_write_unlock(tty);
1104 return 0;
1105}
1106
1107static char ptychar[] = "pqrstuvwxyzabcde";
1108
1109/**
1110 * pty_line_name - generate name for a pty
1111 * @driver: the tty driver in use
1112 * @index: the minor number
1113 * @p: output buffer of at least 6 bytes
1114 *
1115 * Generate a name from a driver reference and write it to the output
1116 * buffer.
1117 *
1118 * Locking: None
1119 */
1120static void pty_line_name(struct tty_driver *driver, int index, char *p)
1121{
1122 int i = index + driver->name_base;
1123 /* ->name is initialized to "ttyp", but "tty" is expected */
1124 sprintf(p, "%s%c%x",
1125 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1126 ptychar[i >> 4 & 0xf], i & 0xf);
1127}
1128
1129/**
1130 * tty_line_name - generate name for a tty
1131 * @driver: the tty driver in use
1132 * @index: the minor number
1133 * @p: output buffer of at least 7 bytes
1134 *
1135 * Generate a name from a driver reference and write it to the output
1136 * buffer.
1137 *
1138 * Locking: None
1139 */
1140static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1141{
1142 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1143 return sprintf(p, "%s", driver->name);
1144 else
1145 return sprintf(p, "%s%d", driver->name,
1146 index + driver->name_base);
1147}
1148
1149/**
1150 * tty_driver_lookup_tty() - find an existing tty, if any
1151 * @driver: the driver for the tty
1152 * @idx: the minor number
1153 *
1154 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1155 * driver lookup() method returns an error.
1156 *
1157 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1158 */
1159static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1160 struct file *file, int idx)
1161{
1162 struct tty_struct *tty;
1163
1164 if (driver->ops->lookup)
1165 if (!file)
1166 tty = ERR_PTR(-EIO);
1167 else
1168 tty = driver->ops->lookup(driver, file, idx);
1169 else
1170 tty = driver->ttys[idx];
1171
1172 if (!IS_ERR(tty))
1173 tty_kref_get(tty);
1174 return tty;
1175}
1176
1177/**
1178 * tty_init_termios - helper for termios setup
1179 * @tty: the tty to set up
1180 *
1181 * Initialise the termios structure for this tty. This runs under
1182 * the tty_mutex currently so we can be relaxed about ordering.
1183 */
1184
1185void tty_init_termios(struct tty_struct *tty)
1186{
1187 struct ktermios *tp;
1188 int idx = tty->index;
1189
1190 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1191 tty->termios = tty->driver->init_termios;
1192 else {
1193 /* Check for lazy saved data */
1194 tp = tty->driver->termios[idx];
1195 if (tp != NULL) {
1196 tty->termios = *tp;
1197 tty->termios.c_line = tty->driver->init_termios.c_line;
1198 } else
1199 tty->termios = tty->driver->init_termios;
1200 }
1201 /* Compatibility until drivers always set this */
1202 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1203 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1204}
1205EXPORT_SYMBOL_GPL(tty_init_termios);
1206
1207int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1208{
1209 tty_init_termios(tty);
1210 tty_driver_kref_get(driver);
1211 tty->count++;
1212 driver->ttys[tty->index] = tty;
1213 return 0;
1214}
1215EXPORT_SYMBOL_GPL(tty_standard_install);
1216
1217/**
1218 * tty_driver_install_tty() - install a tty entry in the driver
1219 * @driver: the driver for the tty
1220 * @tty: the tty
1221 *
1222 * Install a tty object into the driver tables. The tty->index field
1223 * will be set by the time this is called. This method is responsible
1224 * for ensuring any need additional structures are allocated and
1225 * configured.
1226 *
1227 * Locking: tty_mutex for now
1228 */
1229static int tty_driver_install_tty(struct tty_driver *driver,
1230 struct tty_struct *tty)
1231{
1232 return driver->ops->install ? driver->ops->install(driver, tty) :
1233 tty_standard_install(driver, tty);
1234}
1235
1236/**
1237 * tty_driver_remove_tty() - remove a tty from the driver tables
1238 * @driver: the driver for the tty
1239 * @tty: tty to remove
1240 *
1241 * Remvoe a tty object from the driver tables. The tty->index field
1242 * will be set by the time this is called.
1243 *
1244 * Locking: tty_mutex for now
1245 */
1246static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1247{
1248 if (driver->ops->remove)
1249 driver->ops->remove(driver, tty);
1250 else
1251 driver->ttys[tty->index] = NULL;
1252}
1253
1254/**
1255 * tty_reopen() - fast re-open of an open tty
1256 * @tty: the tty to open
1257 *
1258 * Return 0 on success, -errno on error.
1259 * Re-opens on master ptys are not allowed and return -EIO.
1260 *
1261 * Locking: Caller must hold tty_lock
1262 */
1263static int tty_reopen(struct tty_struct *tty)
1264{
1265 struct tty_driver *driver = tty->driver;
1266 struct tty_ldisc *ld;
1267 int retval = 0;
1268
1269 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1270 driver->subtype == PTY_TYPE_MASTER)
1271 return -EIO;
1272
1273 if (!tty->count)
1274 return -EAGAIN;
1275
1276 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1277 return -EBUSY;
1278
1279 ld = tty_ldisc_ref_wait(tty);
1280 if (ld) {
1281 tty_ldisc_deref(ld);
1282 } else {
1283 retval = tty_ldisc_lock(tty, 5 * HZ);
1284 if (retval)
1285 return retval;
1286
1287 if (!tty->ldisc)
1288 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1289 tty_ldisc_unlock(tty);
1290 }
1291
1292 if (retval == 0)
1293 tty->count++;
1294
1295 return retval;
1296}
1297
1298/**
1299 * tty_init_dev - initialise a tty device
1300 * @driver: tty driver we are opening a device on
1301 * @idx: device index
1302 *
1303 * Prepare a tty device. This may not be a "new" clean device but
1304 * could also be an active device. The pty drivers require special
1305 * handling because of this.
1306 *
1307 * Locking:
1308 * The function is called under the tty_mutex, which
1309 * protects us from the tty struct or driver itself going away.
1310 *
1311 * On exit the tty device has the line discipline attached and
1312 * a reference count of 1. If a pair was created for pty/tty use
1313 * and the other was a pty master then it too has a reference count of 1.
1314 *
1315 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1316 * failed open. The new code protects the open with a mutex, so it's
1317 * really quite straightforward. The mutex locking can probably be
1318 * relaxed for the (most common) case of reopening a tty.
1319 *
1320 * Return: returned tty structure
1321 */
1322
1323struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1324{
1325 struct tty_struct *tty;
1326 int retval;
1327
1328 /*
1329 * First time open is complex, especially for PTY devices.
1330 * This code guarantees that either everything succeeds and the
1331 * TTY is ready for operation, or else the table slots are vacated
1332 * and the allocated memory released. (Except that the termios
1333 * may be retained.)
1334 */
1335
1336 if (!try_module_get(driver->owner))
1337 return ERR_PTR(-ENODEV);
1338
1339 tty = alloc_tty_struct(driver, idx);
1340 if (!tty) {
1341 retval = -ENOMEM;
1342 goto err_module_put;
1343 }
1344
1345 tty_lock(tty);
1346 retval = tty_driver_install_tty(driver, tty);
1347 if (retval < 0)
1348 goto err_free_tty;
1349
1350 if (!tty->port)
1351 tty->port = driver->ports[idx];
1352
1353 if (WARN_RATELIMIT(!tty->port,
1354 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1355 __func__, tty->driver->name)) {
1356 retval = -EINVAL;
1357 goto err_release_lock;
1358 }
1359
1360 retval = tty_ldisc_lock(tty, 5 * HZ);
1361 if (retval)
1362 goto err_release_lock;
1363 tty->port->itty = tty;
1364
1365 /*
1366 * Structures all installed ... call the ldisc open routines.
1367 * If we fail here just call release_tty to clean up. No need
1368 * to decrement the use counts, as release_tty doesn't care.
1369 */
1370 retval = tty_ldisc_setup(tty, tty->link);
1371 if (retval)
1372 goto err_release_tty;
1373 tty_ldisc_unlock(tty);
1374 /* Return the tty locked so that it cannot vanish under the caller */
1375 return tty;
1376
1377err_free_tty:
1378 tty_unlock(tty);
1379 free_tty_struct(tty);
1380err_module_put:
1381 module_put(driver->owner);
1382 return ERR_PTR(retval);
1383
1384 /* call the tty release_tty routine to clean out this slot */
1385err_release_tty:
1386 tty_ldisc_unlock(tty);
1387 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1388 retval, idx);
1389err_release_lock:
1390 tty_unlock(tty);
1391 release_tty(tty, idx);
1392 return ERR_PTR(retval);
1393}
1394
1395/**
1396 * tty_save_termios() - save tty termios data in driver table
1397 * @tty: tty whose termios data to save
1398 *
1399 * Locking: Caller guarantees serialisation with tty_init_termios().
1400 */
1401void tty_save_termios(struct tty_struct *tty)
1402{
1403 struct ktermios *tp;
1404 int idx = tty->index;
1405
1406 /* If the port is going to reset then it has no termios to save */
1407 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1408 return;
1409
1410 /* Stash the termios data */
1411 tp = tty->driver->termios[idx];
1412 if (tp == NULL) {
1413 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1414 if (tp == NULL)
1415 return;
1416 tty->driver->termios[idx] = tp;
1417 }
1418 *tp = tty->termios;
1419}
1420EXPORT_SYMBOL_GPL(tty_save_termios);
1421
1422/**
1423 * tty_flush_works - flush all works of a tty/pty pair
1424 * @tty: tty device to flush works for (or either end of a pty pair)
1425 *
1426 * Sync flush all works belonging to @tty (and the 'other' tty).
1427 */
1428static void tty_flush_works(struct tty_struct *tty)
1429{
1430 flush_work(&tty->SAK_work);
1431 flush_work(&tty->hangup_work);
1432 if (tty->link) {
1433 flush_work(&tty->link->SAK_work);
1434 flush_work(&tty->link->hangup_work);
1435 }
1436}
1437
1438/**
1439 * release_one_tty - release tty structure memory
1440 * @work: work of tty we are obliterating
1441 *
1442 * Releases memory associated with a tty structure, and clears out the
1443 * driver table slots. This function is called when a device is no longer
1444 * in use. It also gets called when setup of a device fails.
1445 *
1446 * Locking:
1447 * takes the file list lock internally when working on the list
1448 * of ttys that the driver keeps.
1449 *
1450 * This method gets called from a work queue so that the driver private
1451 * cleanup ops can sleep (needed for USB at least)
1452 */
1453static void release_one_tty(struct work_struct *work)
1454{
1455 struct tty_struct *tty =
1456 container_of(work, struct tty_struct, hangup_work);
1457 struct tty_driver *driver = tty->driver;
1458 struct module *owner = driver->owner;
1459
1460 if (tty->ops->cleanup)
1461 tty->ops->cleanup(tty);
1462
1463 tty->magic = 0;
1464 tty_driver_kref_put(driver);
1465 module_put(owner);
1466
1467 spin_lock(&tty->files_lock);
1468 list_del_init(&tty->tty_files);
1469 spin_unlock(&tty->files_lock);
1470
1471 put_pid(tty->pgrp);
1472 put_pid(tty->session);
1473 free_tty_struct(tty);
1474}
1475
1476static void queue_release_one_tty(struct kref *kref)
1477{
1478 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1479
1480 /* The hangup queue is now free so we can reuse it rather than
1481 waste a chunk of memory for each port */
1482 INIT_WORK(&tty->hangup_work, release_one_tty);
1483 schedule_work(&tty->hangup_work);
1484}
1485
1486/**
1487 * tty_kref_put - release a tty kref
1488 * @tty: tty device
1489 *
1490 * Release a reference to a tty device and if need be let the kref
1491 * layer destruct the object for us
1492 */
1493
1494void tty_kref_put(struct tty_struct *tty)
1495{
1496 if (tty)
1497 kref_put(&tty->kref, queue_release_one_tty);
1498}
1499EXPORT_SYMBOL(tty_kref_put);
1500
1501/**
1502 * release_tty - release tty structure memory
1503 *
1504 * Release both @tty and a possible linked partner (think pty pair),
1505 * and decrement the refcount of the backing module.
1506 *
1507 * Locking:
1508 * tty_mutex
1509 * takes the file list lock internally when working on the list
1510 * of ttys that the driver keeps.
1511 *
1512 */
1513static void release_tty(struct tty_struct *tty, int idx)
1514{
1515 /* This should always be true but check for the moment */
1516 WARN_ON(tty->index != idx);
1517 WARN_ON(!mutex_is_locked(&tty_mutex));
1518 if (tty->ops->shutdown)
1519 tty->ops->shutdown(tty);
1520 tty_save_termios(tty);
1521 tty_driver_remove_tty(tty->driver, tty);
1522 if (tty->port)
1523 tty->port->itty = NULL;
1524 if (tty->link)
1525 tty->link->port->itty = NULL;
1526 if (tty->port)
1527 tty_buffer_cancel_work(tty->port);
1528 if (tty->link)
1529 tty_buffer_cancel_work(tty->link->port);
1530
1531 tty_kref_put(tty->link);
1532 tty_kref_put(tty);
1533}
1534
1535/**
1536 * tty_release_checks - check a tty before real release
1537 * @tty: tty to check
1538 * @idx: index of the tty
1539 *
1540 * Performs some paranoid checking before true release of the @tty.
1541 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1542 */
1543static int tty_release_checks(struct tty_struct *tty, int idx)
1544{
1545#ifdef TTY_PARANOIA_CHECK
1546 if (idx < 0 || idx >= tty->driver->num) {
1547 tty_debug(tty, "bad idx %d\n", idx);
1548 return -1;
1549 }
1550
1551 /* not much to check for devpts */
1552 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1553 return 0;
1554
1555 if (tty != tty->driver->ttys[idx]) {
1556 tty_debug(tty, "bad driver table[%d] = %p\n",
1557 idx, tty->driver->ttys[idx]);
1558 return -1;
1559 }
1560 if (tty->driver->other) {
1561 struct tty_struct *o_tty = tty->link;
1562
1563 if (o_tty != tty->driver->other->ttys[idx]) {
1564 tty_debug(tty, "bad other table[%d] = %p\n",
1565 idx, tty->driver->other->ttys[idx]);
1566 return -1;
1567 }
1568 if (o_tty->link != tty) {
1569 tty_debug(tty, "bad link = %p\n", o_tty->link);
1570 return -1;
1571 }
1572 }
1573#endif
1574 return 0;
1575}
1576
1577/**
1578 * tty_kclose - closes tty opened by tty_kopen
1579 * @tty: tty device
1580 *
1581 * Performs the final steps to release and free a tty device. It is the
1582 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED
1583 * flag on tty->port.
1584 */
1585void tty_kclose(struct tty_struct *tty)
1586{
1587 /*
1588 * Ask the line discipline code to release its structures
1589 */
1590 tty_ldisc_release(tty);
1591
1592 /* Wait for pending work before tty destruction commmences */
1593 tty_flush_works(tty);
1594
1595 tty_debug_hangup(tty, "freeing structure\n");
1596 /*
1597 * The release_tty function takes care of the details of clearing
1598 * the slots and preserving the termios structure.
1599 */
1600 mutex_lock(&tty_mutex);
1601 tty_port_set_kopened(tty->port, 0);
1602 release_tty(tty, tty->index);
1603 mutex_unlock(&tty_mutex);
1604}
1605EXPORT_SYMBOL_GPL(tty_kclose);
1606
1607/**
1608 * tty_release_struct - release a tty struct
1609 * @tty: tty device
1610 * @idx: index of the tty
1611 *
1612 * Performs the final steps to release and free a tty device. It is
1613 * roughly the reverse of tty_init_dev.
1614 */
1615void tty_release_struct(struct tty_struct *tty, int idx)
1616{
1617 /*
1618 * Ask the line discipline code to release its structures
1619 */
1620 tty_ldisc_release(tty);
1621
1622 /* Wait for pending work before tty destruction commmences */
1623 tty_flush_works(tty);
1624
1625 tty_debug_hangup(tty, "freeing structure\n");
1626 /*
1627 * The release_tty function takes care of the details of clearing
1628 * the slots and preserving the termios structure.
1629 */
1630 mutex_lock(&tty_mutex);
1631 release_tty(tty, idx);
1632 mutex_unlock(&tty_mutex);
1633}
1634EXPORT_SYMBOL_GPL(tty_release_struct);
1635
1636/**
1637 * tty_release - vfs callback for close
1638 * @inode: inode of tty
1639 * @filp: file pointer for handle to tty
1640 *
1641 * Called the last time each file handle is closed that references
1642 * this tty. There may however be several such references.
1643 *
1644 * Locking:
1645 * Takes bkl. See tty_release_dev
1646 *
1647 * Even releasing the tty structures is a tricky business.. We have
1648 * to be very careful that the structures are all released at the
1649 * same time, as interrupts might otherwise get the wrong pointers.
1650 *
1651 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1652 * lead to double frees or releasing memory still in use.
1653 */
1654
1655int tty_release(struct inode *inode, struct file *filp)
1656{
1657 struct tty_struct *tty = file_tty(filp);
1658 struct tty_struct *o_tty = NULL;
1659 int do_sleep, final;
1660 int idx;
1661 long timeout = 0;
1662 int once = 1;
1663
1664 if (tty_paranoia_check(tty, inode, __func__))
1665 return 0;
1666
1667 tty_lock(tty);
1668 check_tty_count(tty, __func__);
1669
1670 __tty_fasync(-1, filp, 0);
1671
1672 idx = tty->index;
1673 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1674 tty->driver->subtype == PTY_TYPE_MASTER)
1675 o_tty = tty->link;
1676
1677 if (tty_release_checks(tty, idx)) {
1678 tty_unlock(tty);
1679 return 0;
1680 }
1681
1682 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1683
1684 if (tty->ops->close)
1685 tty->ops->close(tty, filp);
1686
1687 /* If tty is pty master, lock the slave pty (stable lock order) */
1688 tty_lock_slave(o_tty);
1689
1690 /*
1691 * Sanity check: if tty->count is going to zero, there shouldn't be
1692 * any waiters on tty->read_wait or tty->write_wait. We test the
1693 * wait queues and kick everyone out _before_ actually starting to
1694 * close. This ensures that we won't block while releasing the tty
1695 * structure.
1696 *
1697 * The test for the o_tty closing is necessary, since the master and
1698 * slave sides may close in any order. If the slave side closes out
1699 * first, its count will be one, since the master side holds an open.
1700 * Thus this test wouldn't be triggered at the time the slave closed,
1701 * so we do it now.
1702 */
1703 while (1) {
1704 do_sleep = 0;
1705
1706 if (tty->count <= 1) {
1707 if (waitqueue_active(&tty->read_wait)) {
1708 wake_up_poll(&tty->read_wait, EPOLLIN);
1709 do_sleep++;
1710 }
1711 if (waitqueue_active(&tty->write_wait)) {
1712 wake_up_poll(&tty->write_wait, EPOLLOUT);
1713 do_sleep++;
1714 }
1715 }
1716 if (o_tty && o_tty->count <= 1) {
1717 if (waitqueue_active(&o_tty->read_wait)) {
1718 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1719 do_sleep++;
1720 }
1721 if (waitqueue_active(&o_tty->write_wait)) {
1722 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1723 do_sleep++;
1724 }
1725 }
1726 if (!do_sleep)
1727 break;
1728
1729 if (once) {
1730 once = 0;
1731 tty_warn(tty, "read/write wait queue active!\n");
1732 }
1733 schedule_timeout_killable(timeout);
1734 if (timeout < 120 * HZ)
1735 timeout = 2 * timeout + 1;
1736 else
1737 timeout = MAX_SCHEDULE_TIMEOUT;
1738 }
1739
1740 if (o_tty) {
1741 if (--o_tty->count < 0) {
1742 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1743 o_tty->count = 0;
1744 }
1745 }
1746 if (--tty->count < 0) {
1747 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1748 tty->count = 0;
1749 }
1750
1751 /*
1752 * We've decremented tty->count, so we need to remove this file
1753 * descriptor off the tty->tty_files list; this serves two
1754 * purposes:
1755 * - check_tty_count sees the correct number of file descriptors
1756 * associated with this tty.
1757 * - do_tty_hangup no longer sees this file descriptor as
1758 * something that needs to be handled for hangups.
1759 */
1760 tty_del_file(filp);
1761
1762 /*
1763 * Perform some housekeeping before deciding whether to return.
1764 *
1765 * If _either_ side is closing, make sure there aren't any
1766 * processes that still think tty or o_tty is their controlling
1767 * tty.
1768 */
1769 if (!tty->count) {
1770 read_lock(&tasklist_lock);
1771 session_clear_tty(tty->session);
1772 if (o_tty)
1773 session_clear_tty(o_tty->session);
1774 read_unlock(&tasklist_lock);
1775 }
1776
1777 /* check whether both sides are closing ... */
1778 final = !tty->count && !(o_tty && o_tty->count);
1779
1780 tty_unlock_slave(o_tty);
1781 tty_unlock(tty);
1782
1783 /* At this point, the tty->count == 0 should ensure a dead tty
1784 cannot be re-opened by a racing opener */
1785
1786 if (!final)
1787 return 0;
1788
1789 tty_debug_hangup(tty, "final close\n");
1790
1791 tty_release_struct(tty, idx);
1792 return 0;
1793}
1794
1795/**
1796 * tty_open_current_tty - get locked tty of current task
1797 * @device: device number
1798 * @filp: file pointer to tty
1799 * @return: locked tty of the current task iff @device is /dev/tty
1800 *
1801 * Performs a re-open of the current task's controlling tty.
1802 *
1803 * We cannot return driver and index like for the other nodes because
1804 * devpts will not work then. It expects inodes to be from devpts FS.
1805 */
1806static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1807{
1808 struct tty_struct *tty;
1809 int retval;
1810
1811 if (device != MKDEV(TTYAUX_MAJOR, 0))
1812 return NULL;
1813
1814 tty = get_current_tty();
1815 if (!tty)
1816 return ERR_PTR(-ENXIO);
1817
1818 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1819 /* noctty = 1; */
1820 tty_lock(tty);
1821 tty_kref_put(tty); /* safe to drop the kref now */
1822
1823 retval = tty_reopen(tty);
1824 if (retval < 0) {
1825 tty_unlock(tty);
1826 tty = ERR_PTR(retval);
1827 }
1828 return tty;
1829}
1830
1831/**
1832 * tty_lookup_driver - lookup a tty driver for a given device file
1833 * @device: device number
1834 * @filp: file pointer to tty
1835 * @index: index for the device in the @return driver
1836 * @return: driver for this inode (with increased refcount)
1837 *
1838 * If @return is not erroneous, the caller is responsible to decrement the
1839 * refcount by tty_driver_kref_put.
1840 *
1841 * Locking: tty_mutex protects get_tty_driver
1842 */
1843static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1844 int *index)
1845{
1846 struct tty_driver *driver = NULL;
1847
1848 switch (device) {
1849#ifdef CONFIG_VT
1850 case MKDEV(TTY_MAJOR, 0): {
1851 extern struct tty_driver *console_driver;
1852 driver = tty_driver_kref_get(console_driver);
1853 *index = fg_console;
1854 break;
1855 }
1856#endif
1857 case MKDEV(TTYAUX_MAJOR, 1): {
1858 struct tty_driver *console_driver = console_device(index);
1859 if (console_driver) {
1860 driver = tty_driver_kref_get(console_driver);
1861 if (driver && filp) {
1862 /* Don't let /dev/console block */
1863 filp->f_flags |= O_NONBLOCK;
1864 break;
1865 }
1866 }
1867 if (driver)
1868 tty_driver_kref_put(driver);
1869 return ERR_PTR(-ENODEV);
1870 }
1871 default:
1872 driver = get_tty_driver(device, index);
1873 if (!driver)
1874 return ERR_PTR(-ENODEV);
1875 break;
1876 }
1877 return driver;
1878}
1879
1880/**
1881 * tty_kopen - open a tty device for kernel
1882 * @device: dev_t of device to open
1883 *
1884 * Opens tty exclusively for kernel. Performs the driver lookup,
1885 * makes sure it's not already opened and performs the first-time
1886 * tty initialization.
1887 *
1888 * Returns the locked initialized &tty_struct
1889 *
1890 * Claims the global tty_mutex to serialize:
1891 * - concurrent first-time tty initialization
1892 * - concurrent tty driver removal w/ lookup
1893 * - concurrent tty removal from driver table
1894 */
1895struct tty_struct *tty_kopen(dev_t device)
1896{
1897 struct tty_struct *tty;
1898 struct tty_driver *driver;
1899 int index = -1;
1900
1901 mutex_lock(&tty_mutex);
1902 driver = tty_lookup_driver(device, NULL, &index);
1903 if (IS_ERR(driver)) {
1904 mutex_unlock(&tty_mutex);
1905 return ERR_CAST(driver);
1906 }
1907
1908 /* check whether we're reopening an existing tty */
1909 tty = tty_driver_lookup_tty(driver, NULL, index);
1910 if (IS_ERR(tty))
1911 goto out;
1912
1913 if (tty) {
1914 /* drop kref from tty_driver_lookup_tty() */
1915 tty_kref_put(tty);
1916 tty = ERR_PTR(-EBUSY);
1917 } else { /* tty_init_dev returns tty with the tty_lock held */
1918 tty = tty_init_dev(driver, index);
1919 if (IS_ERR(tty))
1920 goto out;
1921 tty_port_set_kopened(tty->port, 1);
1922 }
1923out:
1924 mutex_unlock(&tty_mutex);
1925 tty_driver_kref_put(driver);
1926 return tty;
1927}
1928EXPORT_SYMBOL_GPL(tty_kopen);
1929
1930/**
1931 * tty_open_by_driver - open a tty device
1932 * @device: dev_t of device to open
1933 * @filp: file pointer to tty
1934 *
1935 * Performs the driver lookup, checks for a reopen, or otherwise
1936 * performs the first-time tty initialization.
1937 *
1938 * Returns the locked initialized or re-opened &tty_struct
1939 *
1940 * Claims the global tty_mutex to serialize:
1941 * - concurrent first-time tty initialization
1942 * - concurrent tty driver removal w/ lookup
1943 * - concurrent tty removal from driver table
1944 */
1945static struct tty_struct *tty_open_by_driver(dev_t device,
1946 struct file *filp)
1947{
1948 struct tty_struct *tty;
1949 struct tty_driver *driver = NULL;
1950 int index = -1;
1951 int retval;
1952
1953 mutex_lock(&tty_mutex);
1954 driver = tty_lookup_driver(device, filp, &index);
1955 if (IS_ERR(driver)) {
1956 mutex_unlock(&tty_mutex);
1957 return ERR_CAST(driver);
1958 }
1959
1960 /* check whether we're reopening an existing tty */
1961 tty = tty_driver_lookup_tty(driver, filp, index);
1962 if (IS_ERR(tty)) {
1963 mutex_unlock(&tty_mutex);
1964 goto out;
1965 }
1966
1967 if (tty) {
1968 if (tty_port_kopened(tty->port)) {
1969 tty_kref_put(tty);
1970 mutex_unlock(&tty_mutex);
1971 tty = ERR_PTR(-EBUSY);
1972 goto out;
1973 }
1974 mutex_unlock(&tty_mutex);
1975 retval = tty_lock_interruptible(tty);
1976 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
1977 if (retval) {
1978 if (retval == -EINTR)
1979 retval = -ERESTARTSYS;
1980 tty = ERR_PTR(retval);
1981 goto out;
1982 }
1983 retval = tty_reopen(tty);
1984 if (retval < 0) {
1985 tty_unlock(tty);
1986 tty = ERR_PTR(retval);
1987 }
1988 } else { /* Returns with the tty_lock held for now */
1989 tty = tty_init_dev(driver, index);
1990 mutex_unlock(&tty_mutex);
1991 }
1992out:
1993 tty_driver_kref_put(driver);
1994 return tty;
1995}
1996
1997/**
1998 * tty_open - open a tty device
1999 * @inode: inode of device file
2000 * @filp: file pointer to tty
2001 *
2002 * tty_open and tty_release keep up the tty count that contains the
2003 * number of opens done on a tty. We cannot use the inode-count, as
2004 * different inodes might point to the same tty.
2005 *
2006 * Open-counting is needed for pty masters, as well as for keeping
2007 * track of serial lines: DTR is dropped when the last close happens.
2008 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2009 *
2010 * The termios state of a pty is reset on first open so that
2011 * settings don't persist across reuse.
2012 *
2013 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2014 * tty->count should protect the rest.
2015 * ->siglock protects ->signal/->sighand
2016 *
2017 * Note: the tty_unlock/lock cases without a ref are only safe due to
2018 * tty_mutex
2019 */
2020
2021static int tty_open(struct inode *inode, struct file *filp)
2022{
2023 struct tty_struct *tty;
2024 int noctty, retval;
2025 dev_t device = inode->i_rdev;
2026 unsigned saved_flags = filp->f_flags;
2027
2028 nonseekable_open(inode, filp);
2029
2030retry_open:
2031 retval = tty_alloc_file(filp);
2032 if (retval)
2033 return -ENOMEM;
2034
2035 tty = tty_open_current_tty(device, filp);
2036 if (!tty)
2037 tty = tty_open_by_driver(device, filp);
2038
2039 if (IS_ERR(tty)) {
2040 tty_free_file(filp);
2041 retval = PTR_ERR(tty);
2042 if (retval != -EAGAIN || signal_pending(current))
2043 return retval;
2044 schedule();
2045 goto retry_open;
2046 }
2047
2048 tty_add_file(tty, filp);
2049
2050 check_tty_count(tty, __func__);
2051 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2052
2053 if (tty->ops->open)
2054 retval = tty->ops->open(tty, filp);
2055 else
2056 retval = -ENODEV;
2057 filp->f_flags = saved_flags;
2058
2059 if (retval) {
2060 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2061
2062 tty_unlock(tty); /* need to call tty_release without BTM */
2063 tty_release(inode, filp);
2064 if (retval != -ERESTARTSYS)
2065 return retval;
2066
2067 if (signal_pending(current))
2068 return retval;
2069
2070 schedule();
2071 /*
2072 * Need to reset f_op in case a hangup happened.
2073 */
2074 if (tty_hung_up_p(filp))
2075 filp->f_op = &tty_fops;
2076 goto retry_open;
2077 }
2078 clear_bit(TTY_HUPPED, &tty->flags);
2079
2080 noctty = (filp->f_flags & O_NOCTTY) ||
2081 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2082 device == MKDEV(TTYAUX_MAJOR, 1) ||
2083 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2084 tty->driver->subtype == PTY_TYPE_MASTER);
2085 if (!noctty)
2086 tty_open_proc_set_tty(filp, tty);
2087 tty_unlock(tty);
2088 return 0;
2089}
2090
2091
2092
2093/**
2094 * tty_poll - check tty status
2095 * @filp: file being polled
2096 * @wait: poll wait structures to update
2097 *
2098 * Call the line discipline polling method to obtain the poll
2099 * status of the device.
2100 *
2101 * Locking: locks called line discipline but ldisc poll method
2102 * may be re-entered freely by other callers.
2103 */
2104
2105static __poll_t tty_poll(struct file *filp, poll_table *wait)
2106{
2107 struct tty_struct *tty = file_tty(filp);
2108 struct tty_ldisc *ld;
2109 __poll_t ret = 0;
2110
2111 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2112 return 0;
2113
2114 ld = tty_ldisc_ref_wait(tty);
2115 if (!ld)
2116 return hung_up_tty_poll(filp, wait);
2117 if (ld->ops->poll)
2118 ret = ld->ops->poll(tty, filp, wait);
2119 tty_ldisc_deref(ld);
2120 return ret;
2121}
2122
2123static int __tty_fasync(int fd, struct file *filp, int on)
2124{
2125 struct tty_struct *tty = file_tty(filp);
2126 unsigned long flags;
2127 int retval = 0;
2128
2129 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2130 goto out;
2131
2132 retval = fasync_helper(fd, filp, on, &tty->fasync);
2133 if (retval <= 0)
2134 goto out;
2135
2136 if (on) {
2137 enum pid_type type;
2138 struct pid *pid;
2139
2140 spin_lock_irqsave(&tty->ctrl_lock, flags);
2141 if (tty->pgrp) {
2142 pid = tty->pgrp;
2143 type = PIDTYPE_PGID;
2144 } else {
2145 pid = task_pid(current);
2146 type = PIDTYPE_TGID;
2147 }
2148 get_pid(pid);
2149 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2150 __f_setown(filp, pid, type, 0);
2151 put_pid(pid);
2152 retval = 0;
2153 }
2154out:
2155 return retval;
2156}
2157
2158static int tty_fasync(int fd, struct file *filp, int on)
2159{
2160 struct tty_struct *tty = file_tty(filp);
2161 int retval = -ENOTTY;
2162
2163 tty_lock(tty);
2164 if (!tty_hung_up_p(filp))
2165 retval = __tty_fasync(fd, filp, on);
2166 tty_unlock(tty);
2167
2168 return retval;
2169}
2170
2171/**
2172 * tiocsti - fake input character
2173 * @tty: tty to fake input into
2174 * @p: pointer to character
2175 *
2176 * Fake input to a tty device. Does the necessary locking and
2177 * input management.
2178 *
2179 * FIXME: does not honour flow control ??
2180 *
2181 * Locking:
2182 * Called functions take tty_ldiscs_lock
2183 * current->signal->tty check is safe without locks
2184 *
2185 * FIXME: may race normal receive processing
2186 */
2187
2188static int tiocsti(struct tty_struct *tty, char __user *p)
2189{
2190 char ch, mbz = 0;
2191 struct tty_ldisc *ld;
2192
2193 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2194 return -EPERM;
2195 if (get_user(ch, p))
2196 return -EFAULT;
2197 tty_audit_tiocsti(tty, ch);
2198 ld = tty_ldisc_ref_wait(tty);
2199 if (!ld)
2200 return -EIO;
2201 if (ld->ops->receive_buf)
2202 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2203 tty_ldisc_deref(ld);
2204 return 0;
2205}
2206
2207/**
2208 * tiocgwinsz - implement window query ioctl
2209 * @tty: tty
2210 * @arg: user buffer for result
2211 *
2212 * Copies the kernel idea of the window size into the user buffer.
2213 *
2214 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2215 * is consistent.
2216 */
2217
2218static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2219{
2220 int err;
2221
2222 mutex_lock(&tty->winsize_mutex);
2223 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2224 mutex_unlock(&tty->winsize_mutex);
2225
2226 return err ? -EFAULT: 0;
2227}
2228
2229/**
2230 * tty_do_resize - resize event
2231 * @tty: tty being resized
2232 * @ws: new dimensions
2233 *
2234 * Update the termios variables and send the necessary signals to
2235 * peform a terminal resize correctly
2236 */
2237
2238int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2239{
2240 struct pid *pgrp;
2241
2242 /* Lock the tty */
2243 mutex_lock(&tty->winsize_mutex);
2244 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2245 goto done;
2246
2247 /* Signal the foreground process group */
2248 pgrp = tty_get_pgrp(tty);
2249 if (pgrp)
2250 kill_pgrp(pgrp, SIGWINCH, 1);
2251 put_pid(pgrp);
2252
2253 tty->winsize = *ws;
2254done:
2255 mutex_unlock(&tty->winsize_mutex);
2256 return 0;
2257}
2258EXPORT_SYMBOL(tty_do_resize);
2259
2260/**
2261 * tiocswinsz - implement window size set ioctl
2262 * @tty: tty side of tty
2263 * @arg: user buffer for result
2264 *
2265 * Copies the user idea of the window size to the kernel. Traditionally
2266 * this is just advisory information but for the Linux console it
2267 * actually has driver level meaning and triggers a VC resize.
2268 *
2269 * Locking:
2270 * Driver dependent. The default do_resize method takes the
2271 * tty termios mutex and ctrl_lock. The console takes its own lock
2272 * then calls into the default method.
2273 */
2274
2275static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2276{
2277 struct winsize tmp_ws;
2278 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2279 return -EFAULT;
2280
2281 if (tty->ops->resize)
2282 return tty->ops->resize(tty, &tmp_ws);
2283 else
2284 return tty_do_resize(tty, &tmp_ws);
2285}
2286
2287/**
2288 * tioccons - allow admin to move logical console
2289 * @file: the file to become console
2290 *
2291 * Allow the administrator to move the redirected console device
2292 *
2293 * Locking: uses redirect_lock to guard the redirect information
2294 */
2295
2296static int tioccons(struct file *file)
2297{
2298 if (!capable(CAP_SYS_ADMIN))
2299 return -EPERM;
2300 if (file->f_op->write_iter == redirected_tty_write) {
2301 struct file *f;
2302 spin_lock(&redirect_lock);
2303 f = redirect;
2304 redirect = NULL;
2305 spin_unlock(&redirect_lock);
2306 if (f)
2307 fput(f);
2308 return 0;
2309 }
2310 spin_lock(&redirect_lock);
2311 if (redirect) {
2312 spin_unlock(&redirect_lock);
2313 return -EBUSY;
2314 }
2315 redirect = get_file(file);
2316 spin_unlock(&redirect_lock);
2317 return 0;
2318}
2319
2320/**
2321 * tiocsetd - set line discipline
2322 * @tty: tty device
2323 * @p: pointer to user data
2324 *
2325 * Set the line discipline according to user request.
2326 *
2327 * Locking: see tty_set_ldisc, this function is just a helper
2328 */
2329
2330static int tiocsetd(struct tty_struct *tty, int __user *p)
2331{
2332 int disc;
2333 int ret;
2334
2335 if (get_user(disc, p))
2336 return -EFAULT;
2337
2338 ret = tty_set_ldisc(tty, disc);
2339
2340 return ret;
2341}
2342
2343/**
2344 * tiocgetd - get line discipline
2345 * @tty: tty device
2346 * @p: pointer to user data
2347 *
2348 * Retrieves the line discipline id directly from the ldisc.
2349 *
2350 * Locking: waits for ldisc reference (in case the line discipline
2351 * is changing or the tty is being hungup)
2352 */
2353
2354static int tiocgetd(struct tty_struct *tty, int __user *p)
2355{
2356 struct tty_ldisc *ld;
2357 int ret;
2358
2359 ld = tty_ldisc_ref_wait(tty);
2360 if (!ld)
2361 return -EIO;
2362 ret = put_user(ld->ops->num, p);
2363 tty_ldisc_deref(ld);
2364 return ret;
2365}
2366
2367/**
2368 * send_break - performed time break
2369 * @tty: device to break on
2370 * @duration: timeout in mS
2371 *
2372 * Perform a timed break on hardware that lacks its own driver level
2373 * timed break functionality.
2374 *
2375 * Locking:
2376 * atomic_write_lock serializes
2377 *
2378 */
2379
2380static int send_break(struct tty_struct *tty, unsigned int duration)
2381{
2382 int retval;
2383
2384 if (tty->ops->break_ctl == NULL)
2385 return 0;
2386
2387 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2388 retval = tty->ops->break_ctl(tty, duration);
2389 else {
2390 /* Do the work ourselves */
2391 if (tty_write_lock(tty, 0) < 0)
2392 return -EINTR;
2393 retval = tty->ops->break_ctl(tty, -1);
2394 if (retval)
2395 goto out;
2396 if (!signal_pending(current))
2397 msleep_interruptible(duration);
2398 retval = tty->ops->break_ctl(tty, 0);
2399out:
2400 tty_write_unlock(tty);
2401 if (signal_pending(current))
2402 retval = -EINTR;
2403 }
2404 return retval;
2405}
2406
2407/**
2408 * tty_tiocmget - get modem status
2409 * @tty: tty device
2410 * @p: pointer to result
2411 *
2412 * Obtain the modem status bits from the tty driver if the feature
2413 * is supported. Return -EINVAL if it is not available.
2414 *
2415 * Locking: none (up to the driver)
2416 */
2417
2418static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2419{
2420 int retval = -EINVAL;
2421
2422 if (tty->ops->tiocmget) {
2423 retval = tty->ops->tiocmget(tty);
2424
2425 if (retval >= 0)
2426 retval = put_user(retval, p);
2427 }
2428 return retval;
2429}
2430
2431/**
2432 * tty_tiocmset - set modem status
2433 * @tty: tty device
2434 * @cmd: command - clear bits, set bits or set all
2435 * @p: pointer to desired bits
2436 *
2437 * Set the modem status bits from the tty driver if the feature
2438 * is supported. Return -EINVAL if it is not available.
2439 *
2440 * Locking: none (up to the driver)
2441 */
2442
2443static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2444 unsigned __user *p)
2445{
2446 int retval;
2447 unsigned int set, clear, val;
2448
2449 if (tty->ops->tiocmset == NULL)
2450 return -EINVAL;
2451
2452 retval = get_user(val, p);
2453 if (retval)
2454 return retval;
2455 set = clear = 0;
2456 switch (cmd) {
2457 case TIOCMBIS:
2458 set = val;
2459 break;
2460 case TIOCMBIC:
2461 clear = val;
2462 break;
2463 case TIOCMSET:
2464 set = val;
2465 clear = ~val;
2466 break;
2467 }
2468 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2469 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2470 return tty->ops->tiocmset(tty, set, clear);
2471}
2472
2473static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2474{
2475 int retval = -EINVAL;
2476 struct serial_icounter_struct icount;
2477 memset(&icount, 0, sizeof(icount));
2478 if (tty->ops->get_icount)
2479 retval = tty->ops->get_icount(tty, &icount);
2480 if (retval != 0)
2481 return retval;
2482 if (copy_to_user(arg, &icount, sizeof(icount)))
2483 return -EFAULT;
2484 return 0;
2485}
2486
2487static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2488{
2489 static DEFINE_RATELIMIT_STATE(depr_flags,
2490 DEFAULT_RATELIMIT_INTERVAL,
2491 DEFAULT_RATELIMIT_BURST);
2492 char comm[TASK_COMM_LEN];
2493 struct serial_struct v;
2494 int flags;
2495
2496 if (copy_from_user(&v, ss, sizeof(*ss)))
2497 return -EFAULT;
2498
2499 flags = v.flags & ASYNC_DEPRECATED;
2500
2501 if (flags && __ratelimit(&depr_flags))
2502 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2503 __func__, get_task_comm(comm, current), flags);
2504 if (!tty->ops->set_serial)
2505 return -ENOTTY;
2506 return tty->ops->set_serial(tty, &v);
2507}
2508
2509static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2510{
2511 struct serial_struct v;
2512 int err;
2513
2514 memset(&v, 0, sizeof(v));
2515 if (!tty->ops->get_serial)
2516 return -ENOTTY;
2517 err = tty->ops->get_serial(tty, &v);
2518 if (!err && copy_to_user(ss, &v, sizeof(v)))
2519 err = -EFAULT;
2520 return err;
2521}
2522
2523/*
2524 * if pty, return the slave side (real_tty)
2525 * otherwise, return self
2526 */
2527static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2528{
2529 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2530 tty->driver->subtype == PTY_TYPE_MASTER)
2531 tty = tty->link;
2532 return tty;
2533}
2534
2535/*
2536 * Split this up, as gcc can choke on it otherwise..
2537 */
2538long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2539{
2540 struct tty_struct *tty = file_tty(file);
2541 struct tty_struct *real_tty;
2542 void __user *p = (void __user *)arg;
2543 int retval;
2544 struct tty_ldisc *ld;
2545
2546 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2547 return -EINVAL;
2548
2549 real_tty = tty_pair_get_tty(tty);
2550
2551 /*
2552 * Factor out some common prep work
2553 */
2554 switch (cmd) {
2555 case TIOCSETD:
2556 case TIOCSBRK:
2557 case TIOCCBRK:
2558 case TCSBRK:
2559 case TCSBRKP:
2560 retval = tty_check_change(tty);
2561 if (retval)
2562 return retval;
2563 if (cmd != TIOCCBRK) {
2564 tty_wait_until_sent(tty, 0);
2565 if (signal_pending(current))
2566 return -EINTR;
2567 }
2568 break;
2569 }
2570
2571 /*
2572 * Now do the stuff.
2573 */
2574 switch (cmd) {
2575 case TIOCSTI:
2576 return tiocsti(tty, p);
2577 case TIOCGWINSZ:
2578 return tiocgwinsz(real_tty, p);
2579 case TIOCSWINSZ:
2580 return tiocswinsz(real_tty, p);
2581 case TIOCCONS:
2582 return real_tty != tty ? -EINVAL : tioccons(file);
2583 case TIOCEXCL:
2584 set_bit(TTY_EXCLUSIVE, &tty->flags);
2585 return 0;
2586 case TIOCNXCL:
2587 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2588 return 0;
2589 case TIOCGEXCL:
2590 {
2591 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2592 return put_user(excl, (int __user *)p);
2593 }
2594 case TIOCGETD:
2595 return tiocgetd(tty, p);
2596 case TIOCSETD:
2597 return tiocsetd(tty, p);
2598 case TIOCVHANGUP:
2599 if (!capable(CAP_SYS_ADMIN))
2600 return -EPERM;
2601 tty_vhangup(tty);
2602 return 0;
2603 case TIOCGDEV:
2604 {
2605 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2606 return put_user(ret, (unsigned int __user *)p);
2607 }
2608 /*
2609 * Break handling
2610 */
2611 case TIOCSBRK: /* Turn break on, unconditionally */
2612 if (tty->ops->break_ctl)
2613 return tty->ops->break_ctl(tty, -1);
2614 return 0;
2615 case TIOCCBRK: /* Turn break off, unconditionally */
2616 if (tty->ops->break_ctl)
2617 return tty->ops->break_ctl(tty, 0);
2618 return 0;
2619 case TCSBRK: /* SVID version: non-zero arg --> no break */
2620 /* non-zero arg means wait for all output data
2621 * to be sent (performed above) but don't send break.
2622 * This is used by the tcdrain() termios function.
2623 */
2624 if (!arg)
2625 return send_break(tty, 250);
2626 return 0;
2627 case TCSBRKP: /* support for POSIX tcsendbreak() */
2628 return send_break(tty, arg ? arg*100 : 250);
2629
2630 case TIOCMGET:
2631 return tty_tiocmget(tty, p);
2632 case TIOCMSET:
2633 case TIOCMBIC:
2634 case TIOCMBIS:
2635 return tty_tiocmset(tty, cmd, p);
2636 case TIOCGICOUNT:
2637 return tty_tiocgicount(tty, p);
2638 case TCFLSH:
2639 switch (arg) {
2640 case TCIFLUSH:
2641 case TCIOFLUSH:
2642 /* flush tty buffer and allow ldisc to process ioctl */
2643 tty_buffer_flush(tty, NULL);
2644 break;
2645 }
2646 break;
2647 case TIOCSSERIAL:
2648 return tty_tiocsserial(tty, p);
2649 case TIOCGSERIAL:
2650 return tty_tiocgserial(tty, p);
2651 case TIOCGPTPEER:
2652 /* Special because the struct file is needed */
2653 return ptm_open_peer(file, tty, (int)arg);
2654 default:
2655 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2656 if (retval != -ENOIOCTLCMD)
2657 return retval;
2658 }
2659 if (tty->ops->ioctl) {
2660 retval = tty->ops->ioctl(tty, cmd, arg);
2661 if (retval != -ENOIOCTLCMD)
2662 return retval;
2663 }
2664 ld = tty_ldisc_ref_wait(tty);
2665 if (!ld)
2666 return hung_up_tty_ioctl(file, cmd, arg);
2667 retval = -EINVAL;
2668 if (ld->ops->ioctl) {
2669 retval = ld->ops->ioctl(tty, file, cmd, arg);
2670 if (retval == -ENOIOCTLCMD)
2671 retval = -ENOTTY;
2672 }
2673 tty_ldisc_deref(ld);
2674 return retval;
2675}
2676
2677#ifdef CONFIG_COMPAT
2678
2679struct serial_struct32 {
2680 compat_int_t type;
2681 compat_int_t line;
2682 compat_uint_t port;
2683 compat_int_t irq;
2684 compat_int_t flags;
2685 compat_int_t xmit_fifo_size;
2686 compat_int_t custom_divisor;
2687 compat_int_t baud_base;
2688 unsigned short close_delay;
2689 char io_type;
2690 char reserved_char;
2691 compat_int_t hub6;
2692 unsigned short closing_wait; /* time to wait before closing */
2693 unsigned short closing_wait2; /* no longer used... */
2694 compat_uint_t iomem_base;
2695 unsigned short iomem_reg_shift;
2696 unsigned int port_high;
2697 /* compat_ulong_t iomap_base FIXME */
2698 compat_int_t reserved;
2699};
2700
2701static int compat_tty_tiocsserial(struct tty_struct *tty,
2702 struct serial_struct32 __user *ss)
2703{
2704 static DEFINE_RATELIMIT_STATE(depr_flags,
2705 DEFAULT_RATELIMIT_INTERVAL,
2706 DEFAULT_RATELIMIT_BURST);
2707 char comm[TASK_COMM_LEN];
2708 struct serial_struct32 v32;
2709 struct serial_struct v;
2710 int flags;
2711
2712 if (copy_from_user(&v32, ss, sizeof(*ss)))
2713 return -EFAULT;
2714
2715 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2716 v.iomem_base = compat_ptr(v32.iomem_base);
2717 v.iomem_reg_shift = v32.iomem_reg_shift;
2718 v.port_high = v32.port_high;
2719 v.iomap_base = 0;
2720
2721 flags = v.flags & ASYNC_DEPRECATED;
2722
2723 if (flags && __ratelimit(&depr_flags))
2724 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2725 __func__, get_task_comm(comm, current), flags);
2726 if (!tty->ops->set_serial)
2727 return -ENOTTY;
2728 return tty->ops->set_serial(tty, &v);
2729}
2730
2731static int compat_tty_tiocgserial(struct tty_struct *tty,
2732 struct serial_struct32 __user *ss)
2733{
2734 struct serial_struct32 v32;
2735 struct serial_struct v;
2736 int err;
2737
2738 memset(&v, 0, sizeof(v));
2739 memset(&v32, 0, sizeof(v32));
2740
2741 if (!tty->ops->get_serial)
2742 return -ENOTTY;
2743 err = tty->ops->get_serial(tty, &v);
2744 if (!err) {
2745 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2746 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2747 0xfffffff : ptr_to_compat(v.iomem_base);
2748 v32.iomem_reg_shift = v.iomem_reg_shift;
2749 v32.port_high = v.port_high;
2750 if (copy_to_user(ss, &v32, sizeof(v32)))
2751 err = -EFAULT;
2752 }
2753 return err;
2754}
2755static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2756 unsigned long arg)
2757{
2758 struct tty_struct *tty = file_tty(file);
2759 struct tty_ldisc *ld;
2760 int retval = -ENOIOCTLCMD;
2761
2762 switch (cmd) {
2763 case TIOCOUTQ:
2764 case TIOCSTI:
2765 case TIOCGWINSZ:
2766 case TIOCSWINSZ:
2767 case TIOCGEXCL:
2768 case TIOCGETD:
2769 case TIOCSETD:
2770 case TIOCGDEV:
2771 case TIOCMGET:
2772 case TIOCMSET:
2773 case TIOCMBIC:
2774 case TIOCMBIS:
2775 case TIOCGICOUNT:
2776 case TIOCGPGRP:
2777 case TIOCSPGRP:
2778 case TIOCGSID:
2779 case TIOCSERGETLSR:
2780 case TIOCGRS485:
2781 case TIOCSRS485:
2782#ifdef TIOCGETP
2783 case TIOCGETP:
2784 case TIOCSETP:
2785 case TIOCSETN:
2786#endif
2787#ifdef TIOCGETC
2788 case TIOCGETC:
2789 case TIOCSETC:
2790#endif
2791#ifdef TIOCGLTC
2792 case TIOCGLTC:
2793 case TIOCSLTC:
2794#endif
2795 case TCSETSF:
2796 case TCSETSW:
2797 case TCSETS:
2798 case TCGETS:
2799#ifdef TCGETS2
2800 case TCGETS2:
2801 case TCSETSF2:
2802 case TCSETSW2:
2803 case TCSETS2:
2804#endif
2805 case TCGETA:
2806 case TCSETAF:
2807 case TCSETAW:
2808 case TCSETA:
2809 case TIOCGLCKTRMIOS:
2810 case TIOCSLCKTRMIOS:
2811#ifdef TCGETX
2812 case TCGETX:
2813 case TCSETX:
2814 case TCSETXW:
2815 case TCSETXF:
2816#endif
2817 case TIOCGSOFTCAR:
2818 case TIOCSSOFTCAR:
2819
2820 case PPPIOCGCHAN:
2821 case PPPIOCGUNIT:
2822 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2823 case TIOCCONS:
2824 case TIOCEXCL:
2825 case TIOCNXCL:
2826 case TIOCVHANGUP:
2827 case TIOCSBRK:
2828 case TIOCCBRK:
2829 case TCSBRK:
2830 case TCSBRKP:
2831 case TCFLSH:
2832 case TIOCGPTPEER:
2833 case TIOCNOTTY:
2834 case TIOCSCTTY:
2835 case TCXONC:
2836 case TIOCMIWAIT:
2837 case TIOCSERCONFIG:
2838 return tty_ioctl(file, cmd, arg);
2839 }
2840
2841 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2842 return -EINVAL;
2843
2844 switch (cmd) {
2845 case TIOCSSERIAL:
2846 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2847 case TIOCGSERIAL:
2848 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2849 }
2850 if (tty->ops->compat_ioctl) {
2851 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2852 if (retval != -ENOIOCTLCMD)
2853 return retval;
2854 }
2855
2856 ld = tty_ldisc_ref_wait(tty);
2857 if (!ld)
2858 return hung_up_tty_compat_ioctl(file, cmd, arg);
2859 if (ld->ops->compat_ioctl)
2860 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2861 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2862 retval = ld->ops->ioctl(tty, file,
2863 (unsigned long)compat_ptr(cmd), arg);
2864 tty_ldisc_deref(ld);
2865
2866 return retval;
2867}
2868#endif
2869
2870static int this_tty(const void *t, struct file *file, unsigned fd)
2871{
2872 if (likely(file->f_op->read != tty_read))
2873 return 0;
2874 return file_tty(file) != t ? 0 : fd + 1;
2875}
2876
2877/*
2878 * This implements the "Secure Attention Key" --- the idea is to
2879 * prevent trojan horses by killing all processes associated with this
2880 * tty when the user hits the "Secure Attention Key". Required for
2881 * super-paranoid applications --- see the Orange Book for more details.
2882 *
2883 * This code could be nicer; ideally it should send a HUP, wait a few
2884 * seconds, then send a INT, and then a KILL signal. But you then
2885 * have to coordinate with the init process, since all processes associated
2886 * with the current tty must be dead before the new getty is allowed
2887 * to spawn.
2888 *
2889 * Now, if it would be correct ;-/ The current code has a nasty hole -
2890 * it doesn't catch files in flight. We may send the descriptor to ourselves
2891 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2892 *
2893 * Nasty bug: do_SAK is being called in interrupt context. This can
2894 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2895 */
2896void __do_SAK(struct tty_struct *tty)
2897{
2898#ifdef TTY_SOFT_SAK
2899 tty_hangup(tty);
2900#else
2901 struct task_struct *g, *p;
2902 struct pid *session;
2903 int i;
2904 unsigned long flags;
2905
2906 if (!tty)
2907 return;
2908
2909 spin_lock_irqsave(&tty->ctrl_lock, flags);
2910 session = get_pid(tty->session);
2911 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2912
2913 tty_ldisc_flush(tty);
2914
2915 tty_driver_flush_buffer(tty);
2916
2917 read_lock(&tasklist_lock);
2918 /* Kill the entire session */
2919 do_each_pid_task(session, PIDTYPE_SID, p) {
2920 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
2921 task_pid_nr(p), p->comm);
2922 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
2923 } while_each_pid_task(session, PIDTYPE_SID, p);
2924
2925 /* Now kill any processes that happen to have the tty open */
2926 do_each_thread(g, p) {
2927 if (p->signal->tty == tty) {
2928 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
2929 task_pid_nr(p), p->comm);
2930 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
2931 continue;
2932 }
2933 task_lock(p);
2934 i = iterate_fd(p->files, 0, this_tty, tty);
2935 if (i != 0) {
2936 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
2937 task_pid_nr(p), p->comm, i - 1);
2938 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
2939 }
2940 task_unlock(p);
2941 } while_each_thread(g, p);
2942 read_unlock(&tasklist_lock);
2943 put_pid(session);
2944#endif
2945}
2946
2947static void do_SAK_work(struct work_struct *work)
2948{
2949 struct tty_struct *tty =
2950 container_of(work, struct tty_struct, SAK_work);
2951 __do_SAK(tty);
2952}
2953
2954/*
2955 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2956 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2957 * the values which we write to it will be identical to the values which it
2958 * already has. --akpm
2959 */
2960void do_SAK(struct tty_struct *tty)
2961{
2962 if (!tty)
2963 return;
2964 schedule_work(&tty->SAK_work);
2965}
2966
2967EXPORT_SYMBOL(do_SAK);
2968
2969/* Must put_device() after it's unused! */
2970static struct device *tty_get_device(struct tty_struct *tty)
2971{
2972 dev_t devt = tty_devnum(tty);
2973 return class_find_device_by_devt(tty_class, devt);
2974}
2975
2976
2977/**
2978 * alloc_tty_struct
2979 *
2980 * This subroutine allocates and initializes a tty structure.
2981 *
2982 * Locking: none - tty in question is not exposed at this point
2983 */
2984
2985struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
2986{
2987 struct tty_struct *tty;
2988
2989 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
2990 if (!tty)
2991 return NULL;
2992
2993 kref_init(&tty->kref);
2994 tty->magic = TTY_MAGIC;
2995 if (tty_ldisc_init(tty)) {
2996 kfree(tty);
2997 return NULL;
2998 }
2999 tty->session = NULL;
3000 tty->pgrp = NULL;
3001 mutex_init(&tty->legacy_mutex);
3002 mutex_init(&tty->throttle_mutex);
3003 init_rwsem(&tty->termios_rwsem);
3004 mutex_init(&tty->winsize_mutex);
3005 init_ldsem(&tty->ldisc_sem);
3006 init_waitqueue_head(&tty->write_wait);
3007 init_waitqueue_head(&tty->read_wait);
3008 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3009 mutex_init(&tty->atomic_write_lock);
3010 spin_lock_init(&tty->ctrl_lock);
3011 spin_lock_init(&tty->flow_lock);
3012 spin_lock_init(&tty->files_lock);
3013 INIT_LIST_HEAD(&tty->tty_files);
3014 INIT_WORK(&tty->SAK_work, do_SAK_work);
3015
3016 tty->driver = driver;
3017 tty->ops = driver->ops;
3018 tty->index = idx;
3019 tty_line_name(driver, idx, tty->name);
3020 tty->dev = tty_get_device(tty);
3021
3022 return tty;
3023}
3024
3025/**
3026 * tty_put_char - write one character to a tty
3027 * @tty: tty
3028 * @ch: character
3029 *
3030 * Write one byte to the tty using the provided put_char method
3031 * if present. Returns the number of characters successfully output.
3032 *
3033 * Note: the specific put_char operation in the driver layer may go
3034 * away soon. Don't call it directly, use this method
3035 */
3036
3037int tty_put_char(struct tty_struct *tty, unsigned char ch)
3038{
3039 if (tty->ops->put_char)
3040 return tty->ops->put_char(tty, ch);
3041 return tty->ops->write(tty, &ch, 1);
3042}
3043EXPORT_SYMBOL_GPL(tty_put_char);
3044
3045struct class *tty_class;
3046
3047static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3048 unsigned int index, unsigned int count)
3049{
3050 int err;
3051
3052 /* init here, since reused cdevs cause crashes */
3053 driver->cdevs[index] = cdev_alloc();
3054 if (!driver->cdevs[index])
3055 return -ENOMEM;
3056 driver->cdevs[index]->ops = &tty_fops;
3057 driver->cdevs[index]->owner = driver->owner;
3058 err = cdev_add(driver->cdevs[index], dev, count);
3059 if (err)
3060 kobject_put(&driver->cdevs[index]->kobj);
3061 return err;
3062}
3063
3064/**
3065 * tty_register_device - register a tty device
3066 * @driver: the tty driver that describes the tty device
3067 * @index: the index in the tty driver for this tty device
3068 * @device: a struct device that is associated with this tty device.
3069 * This field is optional, if there is no known struct device
3070 * for this tty device it can be set to NULL safely.
3071 *
3072 * Returns a pointer to the struct device for this tty device
3073 * (or ERR_PTR(-EFOO) on error).
3074 *
3075 * This call is required to be made to register an individual tty device
3076 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3077 * that bit is not set, this function should not be called by a tty
3078 * driver.
3079 *
3080 * Locking: ??
3081 */
3082
3083struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3084 struct device *device)
3085{
3086 return tty_register_device_attr(driver, index, device, NULL, NULL);
3087}
3088EXPORT_SYMBOL(tty_register_device);
3089
3090static void tty_device_create_release(struct device *dev)
3091{
3092 dev_dbg(dev, "releasing...\n");
3093 kfree(dev);
3094}
3095
3096/**
3097 * tty_register_device_attr - register a tty device
3098 * @driver: the tty driver that describes the tty device
3099 * @index: the index in the tty driver for this tty device
3100 * @device: a struct device that is associated with this tty device.
3101 * This field is optional, if there is no known struct device
3102 * for this tty device it can be set to NULL safely.
3103 * @drvdata: Driver data to be set to device.
3104 * @attr_grp: Attribute group to be set on device.
3105 *
3106 * Returns a pointer to the struct device for this tty device
3107 * (or ERR_PTR(-EFOO) on error).
3108 *
3109 * This call is required to be made to register an individual tty device
3110 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3111 * that bit is not set, this function should not be called by a tty
3112 * driver.
3113 *
3114 * Locking: ??
3115 */
3116struct device *tty_register_device_attr(struct tty_driver *driver,
3117 unsigned index, struct device *device,
3118 void *drvdata,
3119 const struct attribute_group **attr_grp)
3120{
3121 char name[64];
3122 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3123 struct ktermios *tp;
3124 struct device *dev;
3125 int retval;
3126
3127 if (index >= driver->num) {
3128 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3129 driver->name, index);
3130 return ERR_PTR(-EINVAL);
3131 }
3132
3133 if (driver->type == TTY_DRIVER_TYPE_PTY)
3134 pty_line_name(driver, index, name);
3135 else
3136 tty_line_name(driver, index, name);
3137
3138 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3139 if (!dev)
3140 return ERR_PTR(-ENOMEM);
3141
3142 dev->devt = devt;
3143 dev->class = tty_class;
3144 dev->parent = device;
3145 dev->release = tty_device_create_release;
3146 dev_set_name(dev, "%s", name);
3147 dev->groups = attr_grp;
3148 dev_set_drvdata(dev, drvdata);
3149
3150 dev_set_uevent_suppress(dev, 1);
3151
3152 retval = device_register(dev);
3153 if (retval)
3154 goto err_put;
3155
3156 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3157 /*
3158 * Free any saved termios data so that the termios state is
3159 * reset when reusing a minor number.
3160 */
3161 tp = driver->termios[index];
3162 if (tp) {
3163 driver->termios[index] = NULL;
3164 kfree(tp);
3165 }
3166
3167 retval = tty_cdev_add(driver, devt, index, 1);
3168 if (retval)
3169 goto err_del;
3170 }
3171
3172 dev_set_uevent_suppress(dev, 0);
3173 kobject_uevent(&dev->kobj, KOBJ_ADD);
3174
3175 return dev;
3176
3177err_del:
3178 device_del(dev);
3179err_put:
3180 put_device(dev);
3181
3182 return ERR_PTR(retval);
3183}
3184EXPORT_SYMBOL_GPL(tty_register_device_attr);
3185
3186/**
3187 * tty_unregister_device - unregister a tty device
3188 * @driver: the tty driver that describes the tty device
3189 * @index: the index in the tty driver for this tty device
3190 *
3191 * If a tty device is registered with a call to tty_register_device() then
3192 * this function must be called when the tty device is gone.
3193 *
3194 * Locking: ??
3195 */
3196
3197void tty_unregister_device(struct tty_driver *driver, unsigned index)
3198{
3199 device_destroy(tty_class,
3200 MKDEV(driver->major, driver->minor_start) + index);
3201 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3202 cdev_del(driver->cdevs[index]);
3203 driver->cdevs[index] = NULL;
3204 }
3205}
3206EXPORT_SYMBOL(tty_unregister_device);
3207
3208/**
3209 * __tty_alloc_driver -- allocate tty driver
3210 * @lines: count of lines this driver can handle at most
3211 * @owner: module which is responsible for this driver
3212 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3213 *
3214 * This should not be called directly, some of the provided macros should be
3215 * used instead. Use IS_ERR and friends on @retval.
3216 */
3217struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3218 unsigned long flags)
3219{
3220 struct tty_driver *driver;
3221 unsigned int cdevs = 1;
3222 int err;
3223
3224 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3225 return ERR_PTR(-EINVAL);
3226
3227 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3228 if (!driver)
3229 return ERR_PTR(-ENOMEM);
3230
3231 kref_init(&driver->kref);
3232 driver->magic = TTY_DRIVER_MAGIC;
3233 driver->num = lines;
3234 driver->owner = owner;
3235 driver->flags = flags;
3236
3237 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3238 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3239 GFP_KERNEL);
3240 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3241 GFP_KERNEL);
3242 if (!driver->ttys || !driver->termios) {
3243 err = -ENOMEM;
3244 goto err_free_all;
3245 }
3246 }
3247
3248 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3249 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3250 GFP_KERNEL);
3251 if (!driver->ports) {
3252 err = -ENOMEM;
3253 goto err_free_all;
3254 }
3255 cdevs = lines;
3256 }
3257
3258 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3259 if (!driver->cdevs) {
3260 err = -ENOMEM;
3261 goto err_free_all;
3262 }
3263
3264 return driver;
3265err_free_all:
3266 kfree(driver->ports);
3267 kfree(driver->ttys);
3268 kfree(driver->termios);
3269 kfree(driver->cdevs);
3270 kfree(driver);
3271 return ERR_PTR(err);
3272}
3273EXPORT_SYMBOL(__tty_alloc_driver);
3274
3275static void destruct_tty_driver(struct kref *kref)
3276{
3277 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3278 int i;
3279 struct ktermios *tp;
3280
3281 if (driver->flags & TTY_DRIVER_INSTALLED) {
3282 for (i = 0; i < driver->num; i++) {
3283 tp = driver->termios[i];
3284 if (tp) {
3285 driver->termios[i] = NULL;
3286 kfree(tp);
3287 }
3288 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3289 tty_unregister_device(driver, i);
3290 }
3291 proc_tty_unregister_driver(driver);
3292 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3293 cdev_del(driver->cdevs[0]);
3294 }
3295 kfree(driver->cdevs);
3296 kfree(driver->ports);
3297 kfree(driver->termios);
3298 kfree(driver->ttys);
3299 kfree(driver);
3300}
3301
3302void tty_driver_kref_put(struct tty_driver *driver)
3303{
3304 kref_put(&driver->kref, destruct_tty_driver);
3305}
3306EXPORT_SYMBOL(tty_driver_kref_put);
3307
3308void tty_set_operations(struct tty_driver *driver,
3309 const struct tty_operations *op)
3310{
3311 driver->ops = op;
3312};
3313EXPORT_SYMBOL(tty_set_operations);
3314
3315void put_tty_driver(struct tty_driver *d)
3316{
3317 tty_driver_kref_put(d);
3318}
3319EXPORT_SYMBOL(put_tty_driver);
3320
3321/*
3322 * Called by a tty driver to register itself.
3323 */
3324int tty_register_driver(struct tty_driver *driver)
3325{
3326 int error;
3327 int i;
3328 dev_t dev;
3329 struct device *d;
3330
3331 if (!driver->major) {
3332 error = alloc_chrdev_region(&dev, driver->minor_start,
3333 driver->num, driver->name);
3334 if (!error) {
3335 driver->major = MAJOR(dev);
3336 driver->minor_start = MINOR(dev);
3337 }
3338 } else {
3339 dev = MKDEV(driver->major, driver->minor_start);
3340 error = register_chrdev_region(dev, driver->num, driver->name);
3341 }
3342 if (error < 0)
3343 goto err;
3344
3345 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3346 error = tty_cdev_add(driver, dev, 0, driver->num);
3347 if (error)
3348 goto err_unreg_char;
3349 }
3350
3351 mutex_lock(&tty_mutex);
3352 list_add(&driver->tty_drivers, &tty_drivers);
3353 mutex_unlock(&tty_mutex);
3354
3355 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3356 for (i = 0; i < driver->num; i++) {
3357 d = tty_register_device(driver, i, NULL);
3358 if (IS_ERR(d)) {
3359 error = PTR_ERR(d);
3360 goto err_unreg_devs;
3361 }
3362 }
3363 }
3364 proc_tty_register_driver(driver);
3365 driver->flags |= TTY_DRIVER_INSTALLED;
3366 return 0;
3367
3368err_unreg_devs:
3369 for (i--; i >= 0; i--)
3370 tty_unregister_device(driver, i);
3371
3372 mutex_lock(&tty_mutex);
3373 list_del(&driver->tty_drivers);
3374 mutex_unlock(&tty_mutex);
3375
3376err_unreg_char:
3377 unregister_chrdev_region(dev, driver->num);
3378err:
3379 return error;
3380}
3381EXPORT_SYMBOL(tty_register_driver);
3382
3383/*
3384 * Called by a tty driver to unregister itself.
3385 */
3386int tty_unregister_driver(struct tty_driver *driver)
3387{
3388#if 0
3389 /* FIXME */
3390 if (driver->refcount)
3391 return -EBUSY;
3392#endif
3393 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3394 driver->num);
3395 mutex_lock(&tty_mutex);
3396 list_del(&driver->tty_drivers);
3397 mutex_unlock(&tty_mutex);
3398 return 0;
3399}
3400
3401EXPORT_SYMBOL(tty_unregister_driver);
3402
3403dev_t tty_devnum(struct tty_struct *tty)
3404{
3405 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3406}
3407EXPORT_SYMBOL(tty_devnum);
3408
3409void tty_default_fops(struct file_operations *fops)
3410{
3411 *fops = tty_fops;
3412}
3413
3414static char *tty_devnode(struct device *dev, umode_t *mode)
3415{
3416 if (!mode)
3417 return NULL;
3418 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3419 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3420 *mode = 0666;
3421 return NULL;
3422}
3423
3424static int __init tty_class_init(void)
3425{
3426 tty_class = class_create(THIS_MODULE, "tty");
3427 if (IS_ERR(tty_class))
3428 return PTR_ERR(tty_class);
3429 tty_class->devnode = tty_devnode;
3430 return 0;
3431}
3432
3433postcore_initcall(tty_class_init);
3434
3435/* 3/2004 jmc: why do these devices exist? */
3436static struct cdev tty_cdev, console_cdev;
3437
3438static ssize_t show_cons_active(struct device *dev,
3439 struct device_attribute *attr, char *buf)
3440{
3441 struct console *cs[16];
3442 int i = 0;
3443 struct console *c;
3444 ssize_t count = 0;
3445
3446 console_lock();
3447 for_each_console(c) {
3448 if (!c->device)
3449 continue;
3450 if (!c->write)
3451 continue;
3452 if ((c->flags & CON_ENABLED) == 0)
3453 continue;
3454 cs[i++] = c;
3455 if (i >= ARRAY_SIZE(cs))
3456 break;
3457 }
3458 while (i--) {
3459 int index = cs[i]->index;
3460 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3461
3462 /* don't resolve tty0 as some programs depend on it */
3463 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3464 count += tty_line_name(drv, index, buf + count);
3465 else
3466 count += sprintf(buf + count, "%s%d",
3467 cs[i]->name, cs[i]->index);
3468
3469 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3470 }
3471 console_unlock();
3472
3473 return count;
3474}
3475static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3476
3477static struct attribute *cons_dev_attrs[] = {
3478 &dev_attr_active.attr,
3479 NULL
3480};
3481
3482ATTRIBUTE_GROUPS(cons_dev);
3483
3484static struct device *consdev;
3485
3486void console_sysfs_notify(void)
3487{
3488 if (consdev)
3489 sysfs_notify(&consdev->kobj, NULL, "active");
3490}
3491
3492/*
3493 * Ok, now we can initialize the rest of the tty devices and can count
3494 * on memory allocations, interrupts etc..
3495 */
3496int __init tty_init(void)
3497{
3498 tty_sysctl_init();
3499 cdev_init(&tty_cdev, &tty_fops);
3500 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3501 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3502 panic("Couldn't register /dev/tty driver\n");
3503 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3504
3505 cdev_init(&console_cdev, &console_fops);
3506 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3507 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3508 panic("Couldn't register /dev/console driver\n");
3509 consdev = device_create_with_groups(tty_class, NULL,
3510 MKDEV(TTYAUX_MAJOR, 1), NULL,
3511 cons_dev_groups, "console");
3512 if (IS_ERR(consdev))
3513 consdev = NULL;
3514
3515#ifdef CONFIG_VT
3516 vty_init(&console_fops);
3517#endif
3518 return 0;
3519}
3520
Linux 6.x block layer and io_uring tree(s)