projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
tty: Serialize tcflow() with other tty flow control changes
[linux-2.6-block.git] / drivers / tty / tty_io.c
... / ...
CommitLineData
1/*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5/*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67#include <linux/types.h>
68#include <linux/major.h>
69#include <linux/errno.h>
70#include <linux/signal.h>
71#include <linux/fcntl.h>
72#include <linux/sched.h>
73#include <linux/interrupt.h>
74#include <linux/tty.h>
75#include <linux/tty_driver.h>
76#include <linux/tty_flip.h>
77#include <linux/devpts_fs.h>
78#include <linux/file.h>
79#include <linux/fdtable.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/device.h>
92#include <linux/wait.h>
93#include <linux/bitops.h>
94#include <linux/delay.h>
95#include <linux/seq_file.h>
96#include <linux/serial.h>
97#include <linux/ratelimit.h>
98
99#include <linux/uaccess.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
104
105#include <linux/kmod.h>
106#include <linux/nsproxy.h>
107
108#undef TTY_DEBUG_HANGUP
109
110#define TTY_PARANOIA_CHECK 1
111#define CHECK_TTY_COUNT 1
112
113struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
122};
123
124EXPORT_SYMBOL(tty_std_termios);
125
126/* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
129
130LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132/* Mutex to protect creating and releasing a tty. This is shared with
133 vt.c for deeply disgusting hack reasons */
134DEFINE_MUTEX(tty_mutex);
135EXPORT_SYMBOL(tty_mutex);
136
137/* Spinlock to protect the tty->tty_files list */
138DEFINE_SPINLOCK(tty_files_lock);
139
140static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
144static unsigned int tty_poll(struct file *, poll_table *);
145static int tty_open(struct inode *, struct file *);
146long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147#ifdef CONFIG_COMPAT
148static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 unsigned long arg);
150#else
151#define tty_compat_ioctl NULL
152#endif
153static int __tty_fasync(int fd, struct file *filp, int on);
154static int tty_fasync(int fd, struct file *filp, int on);
155static void release_tty(struct tty_struct *tty, int idx);
156static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
157static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
158
159/**
160 * free_tty_struct - free a disused tty
161 * @tty: tty struct to free
162 *
163 * Free the write buffers, tty queue and tty memory itself.
164 *
165 * Locking: none. Must be called after tty is definitely unused
166 */
167
168void free_tty_struct(struct tty_struct *tty)
169{
170 if (!tty)
171 return;
172 if (tty->dev)
173 put_device(tty->dev);
174 kfree(tty->write_buf);
175 tty->magic = 0xDEADDEAD;
176 kfree(tty);
177}
178
179static inline struct tty_struct *file_tty(struct file *file)
180{
181 return ((struct tty_file_private *)file->private_data)->tty;
182}
183
184int tty_alloc_file(struct file *file)
185{
186 struct tty_file_private *priv;
187
188 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
189 if (!priv)
190 return -ENOMEM;
191
192 file->private_data = priv;
193
194 return 0;
195}
196
197/* Associate a new file with the tty structure */
198void tty_add_file(struct tty_struct *tty, struct file *file)
199{
200 struct tty_file_private *priv = file->private_data;
201
202 priv->tty = tty;
203 priv->file = file;
204
205 spin_lock(&tty_files_lock);
206 list_add(&priv->list, &tty->tty_files);
207 spin_unlock(&tty_files_lock);
208}
209
210/**
211 * tty_free_file - free file->private_data
212 *
213 * This shall be used only for fail path handling when tty_add_file was not
214 * called yet.
215 */
216void tty_free_file(struct file *file)
217{
218 struct tty_file_private *priv = file->private_data;
219
220 file->private_data = NULL;
221 kfree(priv);
222}
223
224/* Delete file from its tty */
225static void tty_del_file(struct file *file)
226{
227 struct tty_file_private *priv = file->private_data;
228
229 spin_lock(&tty_files_lock);
230 list_del(&priv->list);
231 spin_unlock(&tty_files_lock);
232 tty_free_file(file);
233}
234
235
236#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
237
238/**
239 * tty_name - return tty naming
240 * @tty: tty structure
241 * @buf: buffer for output
242 *
243 * Convert a tty structure into a name. The name reflects the kernel
244 * naming policy and if udev is in use may not reflect user space
245 *
246 * Locking: none
247 */
248
249char *tty_name(struct tty_struct *tty, char *buf)
250{
251 if (!tty) /* Hmm. NULL pointer. That's fun. */
252 strcpy(buf, "NULL tty");
253 else
254 strcpy(buf, tty->name);
255 return buf;
256}
257
258EXPORT_SYMBOL(tty_name);
259
260int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
261 const char *routine)
262{
263#ifdef TTY_PARANOIA_CHECK
264 if (!tty) {
265 printk(KERN_WARNING
266 "null TTY for (%d:%d) in %s\n",
267 imajor(inode), iminor(inode), routine);
268 return 1;
269 }
270 if (tty->magic != TTY_MAGIC) {
271 printk(KERN_WARNING
272 "bad magic number for tty struct (%d:%d) in %s\n",
273 imajor(inode), iminor(inode), routine);
274 return 1;
275 }
276#endif
277 return 0;
278}
279
280static int check_tty_count(struct tty_struct *tty, const char *routine)
281{
282#ifdef CHECK_TTY_COUNT
283 struct list_head *p;
284 int count = 0;
285
286 spin_lock(&tty_files_lock);
287 list_for_each(p, &tty->tty_files) {
288 count++;
289 }
290 spin_unlock(&tty_files_lock);
291 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
292 tty->driver->subtype == PTY_TYPE_SLAVE &&
293 tty->link && tty->link->count)
294 count++;
295 if (tty->count != count) {
296 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
297 "!= #fd's(%d) in %s\n",
298 tty->name, tty->count, count, routine);
299 return count;
300 }
301#endif
302 return 0;
303}
304
305/**
306 * get_tty_driver - find device of a tty
307 * @dev_t: device identifier
308 * @index: returns the index of the tty
309 *
310 * This routine returns a tty driver structure, given a device number
311 * and also passes back the index number.
312 *
313 * Locking: caller must hold tty_mutex
314 */
315
316static struct tty_driver *get_tty_driver(dev_t device, int *index)
317{
318 struct tty_driver *p;
319
320 list_for_each_entry(p, &tty_drivers, tty_drivers) {
321 dev_t base = MKDEV(p->major, p->minor_start);
322 if (device < base || device >= base + p->num)
323 continue;
324 *index = device - base;
325 return tty_driver_kref_get(p);
326 }
327 return NULL;
328}
329
330#ifdef CONFIG_CONSOLE_POLL
331
332/**
333 * tty_find_polling_driver - find device of a polled tty
334 * @name: name string to match
335 * @line: pointer to resulting tty line nr
336 *
337 * This routine returns a tty driver structure, given a name
338 * and the condition that the tty driver is capable of polled
339 * operation.
340 */
341struct tty_driver *tty_find_polling_driver(char *name, int *line)
342{
343 struct tty_driver *p, *res = NULL;
344 int tty_line = 0;
345 int len;
346 char *str, *stp;
347
348 for (str = name; *str; str++)
349 if ((*str >= '0' && *str <= '9') || *str == ',')
350 break;
351 if (!*str)
352 return NULL;
353
354 len = str - name;
355 tty_line = simple_strtoul(str, &str, 10);
356
357 mutex_lock(&tty_mutex);
358 /* Search through the tty devices to look for a match */
359 list_for_each_entry(p, &tty_drivers, tty_drivers) {
360 if (strncmp(name, p->name, len) != 0)
361 continue;
362 stp = str;
363 if (*stp == ',')
364 stp++;
365 if (*stp == '\0')
366 stp = NULL;
367
368 if (tty_line >= 0 && tty_line < p->num && p->ops &&
369 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
370 res = tty_driver_kref_get(p);
371 *line = tty_line;
372 break;
373 }
374 }
375 mutex_unlock(&tty_mutex);
376
377 return res;
378}
379EXPORT_SYMBOL_GPL(tty_find_polling_driver);
380#endif
381
382/**
383 * tty_check_change - check for POSIX terminal changes
384 * @tty: tty to check
385 *
386 * If we try to write to, or set the state of, a terminal and we're
387 * not in the foreground, send a SIGTTOU. If the signal is blocked or
388 * ignored, go ahead and perform the operation. (POSIX 7.2)
389 *
390 * Locking: ctrl_lock
391 */
392
393int tty_check_change(struct tty_struct *tty)
394{
395 unsigned long flags;
396 int ret = 0;
397
398 if (current->signal->tty != tty)
399 return 0;
400
401 spin_lock_irqsave(&tty->ctrl_lock, flags);
402
403 if (!tty->pgrp) {
404 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
405 goto out_unlock;
406 }
407 if (task_pgrp(current) == tty->pgrp)
408 goto out_unlock;
409 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
410 if (is_ignored(SIGTTOU))
411 goto out;
412 if (is_current_pgrp_orphaned()) {
413 ret = -EIO;
414 goto out;
415 }
416 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
417 set_thread_flag(TIF_SIGPENDING);
418 ret = -ERESTARTSYS;
419out:
420 return ret;
421out_unlock:
422 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
423 return ret;
424}
425
426EXPORT_SYMBOL(tty_check_change);
427
428static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
429 size_t count, loff_t *ppos)
430{
431 return 0;
432}
433
434static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
435 size_t count, loff_t *ppos)
436{
437 return -EIO;
438}
439
440/* No kernel lock held - none needed ;) */
441static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
442{
443 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
444}
445
446static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
447 unsigned long arg)
448{
449 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
450}
451
452static long hung_up_tty_compat_ioctl(struct file *file,
453 unsigned int cmd, unsigned long arg)
454{
455 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
456}
457
458static const struct file_operations tty_fops = {
459 .llseek = no_llseek,
460 .read = tty_read,
461 .write = tty_write,
462 .poll = tty_poll,
463 .unlocked_ioctl = tty_ioctl,
464 .compat_ioctl = tty_compat_ioctl,
465 .open = tty_open,
466 .release = tty_release,
467 .fasync = tty_fasync,
468};
469
470static const struct file_operations console_fops = {
471 .llseek = no_llseek,
472 .read = tty_read,
473 .write = redirected_tty_write,
474 .poll = tty_poll,
475 .unlocked_ioctl = tty_ioctl,
476 .compat_ioctl = tty_compat_ioctl,
477 .open = tty_open,
478 .release = tty_release,
479 .fasync = tty_fasync,
480};
481
482static const struct file_operations hung_up_tty_fops = {
483 .llseek = no_llseek,
484 .read = hung_up_tty_read,
485 .write = hung_up_tty_write,
486 .poll = hung_up_tty_poll,
487 .unlocked_ioctl = hung_up_tty_ioctl,
488 .compat_ioctl = hung_up_tty_compat_ioctl,
489 .release = tty_release,
490};
491
492static DEFINE_SPINLOCK(redirect_lock);
493static struct file *redirect;
494
495/**
496 * tty_wakeup - request more data
497 * @tty: terminal
498 *
499 * Internal and external helper for wakeups of tty. This function
500 * informs the line discipline if present that the driver is ready
501 * to receive more output data.
502 */
503
504void tty_wakeup(struct tty_struct *tty)
505{
506 struct tty_ldisc *ld;
507
508 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
509 ld = tty_ldisc_ref(tty);
510 if (ld) {
511 if (ld->ops->write_wakeup)
512 ld->ops->write_wakeup(tty);
513 tty_ldisc_deref(ld);
514 }
515 }
516 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
517}
518
519EXPORT_SYMBOL_GPL(tty_wakeup);
520
521/**
522 * tty_signal_session_leader - sends SIGHUP to session leader
523 * @tty controlling tty
524 * @exit_session if non-zero, signal all foreground group processes
525 *
526 * Send SIGHUP and SIGCONT to the session leader and its process group.
527 * Optionally, signal all processes in the foreground process group.
528 *
529 * Returns the number of processes in the session with this tty
530 * as their controlling terminal. This value is used to drop
531 * tty references for those processes.
532 */
533static int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
534{
535 struct task_struct *p;
536 int refs = 0;
537 struct pid *tty_pgrp = NULL;
538
539 read_lock(&tasklist_lock);
540 if (tty->session) {
541 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
542 spin_lock_irq(&p->sighand->siglock);
543 if (p->signal->tty == tty) {
544 p->signal->tty = NULL;
545 /* We defer the dereferences outside fo
546 the tasklist lock */
547 refs++;
548 }
549 if (!p->signal->leader) {
550 spin_unlock_irq(&p->sighand->siglock);
551 continue;
552 }
553 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
554 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
555 put_pid(p->signal->tty_old_pgrp); /* A noop */
556 spin_lock(&tty->ctrl_lock);
557 tty_pgrp = get_pid(tty->pgrp);
558 if (tty->pgrp)
559 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
560 spin_unlock(&tty->ctrl_lock);
561 spin_unlock_irq(&p->sighand->siglock);
562 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
563 }
564 read_unlock(&tasklist_lock);
565
566 if (tty_pgrp) {
567 if (exit_session)
568 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
569 put_pid(tty_pgrp);
570 }
571
572 return refs;
573}
574
575/**
576 * __tty_hangup - actual handler for hangup events
577 * @work: tty device
578 *
579 * This can be called by a "kworker" kernel thread. That is process
580 * synchronous but doesn't hold any locks, so we need to make sure we
581 * have the appropriate locks for what we're doing.
582 *
583 * The hangup event clears any pending redirections onto the hung up
584 * device. It ensures future writes will error and it does the needed
585 * line discipline hangup and signal delivery. The tty object itself
586 * remains intact.
587 *
588 * Locking:
589 * BTM
590 * redirect lock for undoing redirection
591 * file list lock for manipulating list of ttys
592 * tty_ldiscs_lock from called functions
593 * termios_rwsem resetting termios data
594 * tasklist_lock to walk task list for hangup event
595 * ->siglock to protect ->signal/->sighand
596 */
597static void __tty_hangup(struct tty_struct *tty, int exit_session)
598{
599 struct file *cons_filp = NULL;
600 struct file *filp, *f = NULL;
601 struct tty_file_private *priv;
602 int closecount = 0, n;
603 int refs;
604
605 if (!tty)
606 return;
607
608
609 spin_lock(&redirect_lock);
610 if (redirect && file_tty(redirect) == tty) {
611 f = redirect;
612 redirect = NULL;
613 }
614 spin_unlock(&redirect_lock);
615
616 tty_lock(tty);
617
618 if (test_bit(TTY_HUPPED, &tty->flags)) {
619 tty_unlock(tty);
620 return;
621 }
622
623 /* some functions below drop BTM, so we need this bit */
624 set_bit(TTY_HUPPING, &tty->flags);
625
626 /* inuse_filps is protected by the single tty lock,
627 this really needs to change if we want to flush the
628 workqueue with the lock held */
629 check_tty_count(tty, "tty_hangup");
630
631 spin_lock(&tty_files_lock);
632 /* This breaks for file handles being sent over AF_UNIX sockets ? */
633 list_for_each_entry(priv, &tty->tty_files, list) {
634 filp = priv->file;
635 if (filp->f_op->write == redirected_tty_write)
636 cons_filp = filp;
637 if (filp->f_op->write != tty_write)
638 continue;
639 closecount++;
640 __tty_fasync(-1, filp, 0); /* can't block */
641 filp->f_op = &hung_up_tty_fops;
642 }
643 spin_unlock(&tty_files_lock);
644
645 refs = tty_signal_session_leader(tty, exit_session);
646 /* Account for the p->signal references we killed */
647 while (refs--)
648 tty_kref_put(tty);
649
650 /*
651 * it drops BTM and thus races with reopen
652 * we protect the race by TTY_HUPPING
653 */
654 tty_ldisc_hangup(tty);
655
656 spin_lock_irq(&tty->ctrl_lock);
657 clear_bit(TTY_THROTTLED, &tty->flags);
658 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
659 put_pid(tty->session);
660 put_pid(tty->pgrp);
661 tty->session = NULL;
662 tty->pgrp = NULL;
663 tty->ctrl_status = 0;
664 spin_unlock_irq(&tty->ctrl_lock);
665
666 /*
667 * If one of the devices matches a console pointer, we
668 * cannot just call hangup() because that will cause
669 * tty->count and state->count to go out of sync.
670 * So we just call close() the right number of times.
671 */
672 if (cons_filp) {
673 if (tty->ops->close)
674 for (n = 0; n < closecount; n++)
675 tty->ops->close(tty, cons_filp);
676 } else if (tty->ops->hangup)
677 tty->ops->hangup(tty);
678 /*
679 * We don't want to have driver/ldisc interactions beyond
680 * the ones we did here. The driver layer expects no
681 * calls after ->hangup() from the ldisc side. However we
682 * can't yet guarantee all that.
683 */
684 set_bit(TTY_HUPPED, &tty->flags);
685 clear_bit(TTY_HUPPING, &tty->flags);
686
687 tty_unlock(tty);
688
689 if (f)
690 fput(f);
691}
692
693static void do_tty_hangup(struct work_struct *work)
694{
695 struct tty_struct *tty =
696 container_of(work, struct tty_struct, hangup_work);
697
698 __tty_hangup(tty, 0);
699}
700
701/**
702 * tty_hangup - trigger a hangup event
703 * @tty: tty to hangup
704 *
705 * A carrier loss (virtual or otherwise) has occurred on this like
706 * schedule a hangup sequence to run after this event.
707 */
708
709void tty_hangup(struct tty_struct *tty)
710{
711#ifdef TTY_DEBUG_HANGUP
712 char buf[64];
713 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
714#endif
715 schedule_work(&tty->hangup_work);
716}
717
718EXPORT_SYMBOL(tty_hangup);
719
720/**
721 * tty_vhangup - process vhangup
722 * @tty: tty to hangup
723 *
724 * The user has asked via system call for the terminal to be hung up.
725 * We do this synchronously so that when the syscall returns the process
726 * is complete. That guarantee is necessary for security reasons.
727 */
728
729void tty_vhangup(struct tty_struct *tty)
730{
731#ifdef TTY_DEBUG_HANGUP
732 char buf[64];
733
734 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
735#endif
736 __tty_hangup(tty, 0);
737}
738
739EXPORT_SYMBOL(tty_vhangup);
740
741
742/**
743 * tty_vhangup_self - process vhangup for own ctty
744 *
745 * Perform a vhangup on the current controlling tty
746 */
747
748void tty_vhangup_self(void)
749{
750 struct tty_struct *tty;
751
752 tty = get_current_tty();
753 if (tty) {
754 tty_vhangup(tty);
755 tty_kref_put(tty);
756 }
757}
758
759/**
760 * tty_vhangup_session - hangup session leader exit
761 * @tty: tty to hangup
762 *
763 * The session leader is exiting and hanging up its controlling terminal.
764 * Every process in the foreground process group is signalled SIGHUP.
765 *
766 * We do this synchronously so that when the syscall returns the process
767 * is complete. That guarantee is necessary for security reasons.
768 */
769
770static void tty_vhangup_session(struct tty_struct *tty)
771{
772#ifdef TTY_DEBUG_HANGUP
773 char buf[64];
774
775 printk(KERN_DEBUG "%s vhangup session...\n", tty_name(tty, buf));
776#endif
777 __tty_hangup(tty, 1);
778}
779
780/**
781 * tty_hung_up_p - was tty hung up
782 * @filp: file pointer of tty
783 *
784 * Return true if the tty has been subject to a vhangup or a carrier
785 * loss
786 */
787
788int tty_hung_up_p(struct file *filp)
789{
790 return (filp->f_op == &hung_up_tty_fops);
791}
792
793EXPORT_SYMBOL(tty_hung_up_p);
794
795static void session_clear_tty(struct pid *session)
796{
797 struct task_struct *p;
798 do_each_pid_task(session, PIDTYPE_SID, p) {
799 proc_clear_tty(p);
800 } while_each_pid_task(session, PIDTYPE_SID, p);
801}
802
803/**
804 * disassociate_ctty - disconnect controlling tty
805 * @on_exit: true if exiting so need to "hang up" the session
806 *
807 * This function is typically called only by the session leader, when
808 * it wants to disassociate itself from its controlling tty.
809 *
810 * It performs the following functions:
811 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
812 * (2) Clears the tty from being controlling the session
813 * (3) Clears the controlling tty for all processes in the
814 * session group.
815 *
816 * The argument on_exit is set to 1 if called when a process is
817 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
818 *
819 * Locking:
820 * BTM is taken for hysterical raisins, and held when
821 * called from no_tty().
822 * tty_mutex is taken to protect tty
823 * ->siglock is taken to protect ->signal/->sighand
824 * tasklist_lock is taken to walk process list for sessions
825 * ->siglock is taken to protect ->signal/->sighand
826 */
827
828void disassociate_ctty(int on_exit)
829{
830 struct tty_struct *tty;
831
832 if (!current->signal->leader)
833 return;
834
835 tty = get_current_tty();
836 if (tty) {
837 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
838 tty_vhangup_session(tty);
839 } else {
840 struct pid *tty_pgrp = tty_get_pgrp(tty);
841 if (tty_pgrp) {
842 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
843 if (!on_exit)
844 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
845 put_pid(tty_pgrp);
846 }
847 }
848 tty_kref_put(tty);
849
850 } else if (on_exit) {
851 struct pid *old_pgrp;
852 spin_lock_irq(&current->sighand->siglock);
853 old_pgrp = current->signal->tty_old_pgrp;
854 current->signal->tty_old_pgrp = NULL;
855 spin_unlock_irq(&current->sighand->siglock);
856 if (old_pgrp) {
857 kill_pgrp(old_pgrp, SIGHUP, on_exit);
858 kill_pgrp(old_pgrp, SIGCONT, on_exit);
859 put_pid(old_pgrp);
860 }
861 return;
862 }
863
864 spin_lock_irq(&current->sighand->siglock);
865 put_pid(current->signal->tty_old_pgrp);
866 current->signal->tty_old_pgrp = NULL;
867
868 tty = tty_kref_get(current->signal->tty);
869 if (tty) {
870 unsigned long flags;
871 spin_lock_irqsave(&tty->ctrl_lock, flags);
872 put_pid(tty->session);
873 put_pid(tty->pgrp);
874 tty->session = NULL;
875 tty->pgrp = NULL;
876 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
877 tty_kref_put(tty);
878 } else {
879#ifdef TTY_DEBUG_HANGUP
880 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
881 " = NULL", tty);
882#endif
883 }
884
885 spin_unlock_irq(&current->sighand->siglock);
886 /* Now clear signal->tty under the lock */
887 read_lock(&tasklist_lock);
888 session_clear_tty(task_session(current));
889 read_unlock(&tasklist_lock);
890}
891
892/**
893 *
894 * no_tty - Ensure the current process does not have a controlling tty
895 */
896void no_tty(void)
897{
898 /* FIXME: Review locking here. The tty_lock never covered any race
899 between a new association and proc_clear_tty but possible we need
900 to protect against this anyway */
901 struct task_struct *tsk = current;
902 disassociate_ctty(0);
903 proc_clear_tty(tsk);
904}
905
906
907/**
908 * stop_tty - propagate flow control
909 * @tty: tty to stop
910 *
911 * Perform flow control to the driver. May be called
912 * on an already stopped device and will not re-call the driver
913 * method.
914 *
915 * This functionality is used by both the line disciplines for
916 * halting incoming flow and by the driver. It may therefore be
917 * called from any context, may be under the tty atomic_write_lock
918 * but not always.
919 *
920 * Locking:
921 * flow_lock
922 */
923
924void __stop_tty(struct tty_struct *tty)
925{
926 if (tty->stopped)
927 return;
928 tty->stopped = 1;
929 if (tty->ops->stop)
930 (tty->ops->stop)(tty);
931}
932
933void stop_tty(struct tty_struct *tty)
934{
935 unsigned long flags;
936
937 spin_lock_irqsave(&tty->flow_lock, flags);
938 __stop_tty(tty);
939 spin_unlock_irqrestore(&tty->flow_lock, flags);
940}
941EXPORT_SYMBOL(stop_tty);
942
943/**
944 * start_tty - propagate flow control
945 * @tty: tty to start
946 *
947 * Start a tty that has been stopped if at all possible. If this
948 * tty was previous stopped and is now being started, the driver
949 * start method is invoked and the line discipline woken.
950 *
951 * Locking:
952 * flow_lock
953 */
954
955void __start_tty(struct tty_struct *tty)
956{
957 if (!tty->stopped || tty->flow_stopped)
958 return;
959 tty->stopped = 0;
960 if (tty->ops->start)
961 (tty->ops->start)(tty);
962 tty_wakeup(tty);
963}
964
965void start_tty(struct tty_struct *tty)
966{
967 unsigned long flags;
968
969 spin_lock_irqsave(&tty->flow_lock, flags);
970 __start_tty(tty);
971 spin_unlock_irqrestore(&tty->flow_lock, flags);
972}
973EXPORT_SYMBOL(start_tty);
974
975/* We limit tty time update visibility to every 8 seconds or so. */
976static void tty_update_time(struct timespec *time)
977{
978 unsigned long sec = get_seconds() & ~7;
979 if ((long)(sec - time->tv_sec) > 0)
980 time->tv_sec = sec;
981}
982
983/**
984 * tty_read - read method for tty device files
985 * @file: pointer to tty file
986 * @buf: user buffer
987 * @count: size of user buffer
988 * @ppos: unused
989 *
990 * Perform the read system call function on this terminal device. Checks
991 * for hung up devices before calling the line discipline method.
992 *
993 * Locking:
994 * Locks the line discipline internally while needed. Multiple
995 * read calls may be outstanding in parallel.
996 */
997
998static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
999 loff_t *ppos)
1000{
1001 int i;
1002 struct inode *inode = file_inode(file);
1003 struct tty_struct *tty = file_tty(file);
1004 struct tty_ldisc *ld;
1005
1006 if (tty_paranoia_check(tty, inode, "tty_read"))
1007 return -EIO;
1008 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1009 return -EIO;
1010
1011 /* We want to wait for the line discipline to sort out in this
1012 situation */
1013 ld = tty_ldisc_ref_wait(tty);
1014 if (ld->ops->read)
1015 i = (ld->ops->read)(tty, file, buf, count);
1016 else
1017 i = -EIO;
1018 tty_ldisc_deref(ld);
1019
1020 if (i > 0)
1021 tty_update_time(&inode->i_atime);
1022
1023 return i;
1024}
1025
1026void tty_write_unlock(struct tty_struct *tty)
1027 __releases(&tty->atomic_write_lock)
1028{
1029 mutex_unlock(&tty->atomic_write_lock);
1030 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1031}
1032
1033int tty_write_lock(struct tty_struct *tty, int ndelay)
1034 __acquires(&tty->atomic_write_lock)
1035{
1036 if (!mutex_trylock(&tty->atomic_write_lock)) {
1037 if (ndelay)
1038 return -EAGAIN;
1039 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1040 return -ERESTARTSYS;
1041 }
1042 return 0;
1043}
1044
1045/*
1046 * Split writes up in sane blocksizes to avoid
1047 * denial-of-service type attacks
1048 */
1049static inline ssize_t do_tty_write(
1050 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1051 struct tty_struct *tty,
1052 struct file *file,
1053 const char __user *buf,
1054 size_t count)
1055{
1056 ssize_t ret, written = 0;
1057 unsigned int chunk;
1058
1059 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1060 if (ret < 0)
1061 return ret;
1062
1063 /*
1064 * We chunk up writes into a temporary buffer. This
1065 * simplifies low-level drivers immensely, since they
1066 * don't have locking issues and user mode accesses.
1067 *
1068 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1069 * big chunk-size..
1070 *
1071 * The default chunk-size is 2kB, because the NTTY
1072 * layer has problems with bigger chunks. It will
1073 * claim to be able to handle more characters than
1074 * it actually does.
1075 *
1076 * FIXME: This can probably go away now except that 64K chunks
1077 * are too likely to fail unless switched to vmalloc...
1078 */
1079 chunk = 2048;
1080 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1081 chunk = 65536;
1082 if (count < chunk)
1083 chunk = count;
1084
1085 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1086 if (tty->write_cnt < chunk) {
1087 unsigned char *buf_chunk;
1088
1089 if (chunk < 1024)
1090 chunk = 1024;
1091
1092 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1093 if (!buf_chunk) {
1094 ret = -ENOMEM;
1095 goto out;
1096 }
1097 kfree(tty->write_buf);
1098 tty->write_cnt = chunk;
1099 tty->write_buf = buf_chunk;
1100 }
1101
1102 /* Do the write .. */
1103 for (;;) {
1104 size_t size = count;
1105 if (size > chunk)
1106 size = chunk;
1107 ret = -EFAULT;
1108 if (copy_from_user(tty->write_buf, buf, size))
1109 break;
1110 ret = write(tty, file, tty->write_buf, size);
1111 if (ret <= 0)
1112 break;
1113 written += ret;
1114 buf += ret;
1115 count -= ret;
1116 if (!count)
1117 break;
1118 ret = -ERESTARTSYS;
1119 if (signal_pending(current))
1120 break;
1121 cond_resched();
1122 }
1123 if (written) {
1124 tty_update_time(&file_inode(file)->i_mtime);
1125 ret = written;
1126 }
1127out:
1128 tty_write_unlock(tty);
1129 return ret;
1130}
1131
1132/**
1133 * tty_write_message - write a message to a certain tty, not just the console.
1134 * @tty: the destination tty_struct
1135 * @msg: the message to write
1136 *
1137 * This is used for messages that need to be redirected to a specific tty.
1138 * We don't put it into the syslog queue right now maybe in the future if
1139 * really needed.
1140 *
1141 * We must still hold the BTM and test the CLOSING flag for the moment.
1142 */
1143
1144void tty_write_message(struct tty_struct *tty, char *msg)
1145{
1146 if (tty) {
1147 mutex_lock(&tty->atomic_write_lock);
1148 tty_lock(tty);
1149 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1150 tty_unlock(tty);
1151 tty->ops->write(tty, msg, strlen(msg));
1152 } else
1153 tty_unlock(tty);
1154 tty_write_unlock(tty);
1155 }
1156 return;
1157}
1158
1159
1160/**
1161 * tty_write - write method for tty device file
1162 * @file: tty file pointer
1163 * @buf: user data to write
1164 * @count: bytes to write
1165 * @ppos: unused
1166 *
1167 * Write data to a tty device via the line discipline.
1168 *
1169 * Locking:
1170 * Locks the line discipline as required
1171 * Writes to the tty driver are serialized by the atomic_write_lock
1172 * and are then processed in chunks to the device. The line discipline
1173 * write method will not be invoked in parallel for each device.
1174 */
1175
1176static ssize_t tty_write(struct file *file, const char __user *buf,
1177 size_t count, loff_t *ppos)
1178{
1179 struct tty_struct *tty = file_tty(file);
1180 struct tty_ldisc *ld;
1181 ssize_t ret;
1182
1183 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1184 return -EIO;
1185 if (!tty || !tty->ops->write ||
1186 (test_bit(TTY_IO_ERROR, &tty->flags)))
1187 return -EIO;
1188 /* Short term debug to catch buggy drivers */
1189 if (tty->ops->write_room == NULL)
1190 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1191 tty->driver->name);
1192 ld = tty_ldisc_ref_wait(tty);
1193 if (!ld->ops->write)
1194 ret = -EIO;
1195 else
1196 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1197 tty_ldisc_deref(ld);
1198 return ret;
1199}
1200
1201ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1202 size_t count, loff_t *ppos)
1203{
1204 struct file *p = NULL;
1205
1206 spin_lock(&redirect_lock);
1207 if (redirect)
1208 p = get_file(redirect);
1209 spin_unlock(&redirect_lock);
1210
1211 if (p) {
1212 ssize_t res;
1213 res = vfs_write(p, buf, count, &p->f_pos);
1214 fput(p);
1215 return res;
1216 }
1217 return tty_write(file, buf, count, ppos);
1218}
1219
1220static char ptychar[] = "pqrstuvwxyzabcde";
1221
1222/**
1223 * pty_line_name - generate name for a pty
1224 * @driver: the tty driver in use
1225 * @index: the minor number
1226 * @p: output buffer of at least 6 bytes
1227 *
1228 * Generate a name from a driver reference and write it to the output
1229 * buffer.
1230 *
1231 * Locking: None
1232 */
1233static void pty_line_name(struct tty_driver *driver, int index, char *p)
1234{
1235 int i = index + driver->name_base;
1236 /* ->name is initialized to "ttyp", but "tty" is expected */
1237 sprintf(p, "%s%c%x",
1238 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1239 ptychar[i >> 4 & 0xf], i & 0xf);
1240}
1241
1242/**
1243 * tty_line_name - generate name for a tty
1244 * @driver: the tty driver in use
1245 * @index: the minor number
1246 * @p: output buffer of at least 7 bytes
1247 *
1248 * Generate a name from a driver reference and write it to the output
1249 * buffer.
1250 *
1251 * Locking: None
1252 */
1253static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1254{
1255 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1256 return sprintf(p, "%s", driver->name);
1257 else
1258 return sprintf(p, "%s%d", driver->name,
1259 index + driver->name_base);
1260}
1261
1262/**
1263 * tty_driver_lookup_tty() - find an existing tty, if any
1264 * @driver: the driver for the tty
1265 * @idx: the minor number
1266 *
1267 * Return the tty, if found or ERR_PTR() otherwise.
1268 *
1269 * Locking: tty_mutex must be held. If tty is found, the mutex must
1270 * be held until the 'fast-open' is also done. Will change once we
1271 * have refcounting in the driver and per driver locking
1272 */
1273static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1274 struct inode *inode, int idx)
1275{
1276 if (driver->ops->lookup)
1277 return driver->ops->lookup(driver, inode, idx);
1278
1279 return driver->ttys[idx];
1280}
1281
1282/**
1283 * tty_init_termios - helper for termios setup
1284 * @tty: the tty to set up
1285 *
1286 * Initialise the termios structures for this tty. Thus runs under
1287 * the tty_mutex currently so we can be relaxed about ordering.
1288 */
1289
1290int tty_init_termios(struct tty_struct *tty)
1291{
1292 struct ktermios *tp;
1293 int idx = tty->index;
1294
1295 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1296 tty->termios = tty->driver->init_termios;
1297 else {
1298 /* Check for lazy saved data */
1299 tp = tty->driver->termios[idx];
1300 if (tp != NULL)
1301 tty->termios = *tp;
1302 else
1303 tty->termios = tty->driver->init_termios;
1304 }
1305 /* Compatibility until drivers always set this */
1306 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1307 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1308 return 0;
1309}
1310EXPORT_SYMBOL_GPL(tty_init_termios);
1311
1312int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1313{
1314 int ret = tty_init_termios(tty);
1315 if (ret)
1316 return ret;
1317
1318 tty_driver_kref_get(driver);
1319 tty->count++;
1320 driver->ttys[tty->index] = tty;
1321 return 0;
1322}
1323EXPORT_SYMBOL_GPL(tty_standard_install);
1324
1325/**
1326 * tty_driver_install_tty() - install a tty entry in the driver
1327 * @driver: the driver for the tty
1328 * @tty: the tty
1329 *
1330 * Install a tty object into the driver tables. The tty->index field
1331 * will be set by the time this is called. This method is responsible
1332 * for ensuring any need additional structures are allocated and
1333 * configured.
1334 *
1335 * Locking: tty_mutex for now
1336 */
1337static int tty_driver_install_tty(struct tty_driver *driver,
1338 struct tty_struct *tty)
1339{
1340 return driver->ops->install ? driver->ops->install(driver, tty) :
1341 tty_standard_install(driver, tty);
1342}
1343
1344/**
1345 * tty_driver_remove_tty() - remove a tty from the driver tables
1346 * @driver: the driver for the tty
1347 * @idx: the minor number
1348 *
1349 * Remvoe a tty object from the driver tables. The tty->index field
1350 * will be set by the time this is called.
1351 *
1352 * Locking: tty_mutex for now
1353 */
1354void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1355{
1356 if (driver->ops->remove)
1357 driver->ops->remove(driver, tty);
1358 else
1359 driver->ttys[tty->index] = NULL;
1360}
1361
1362/*
1363 * tty_reopen() - fast re-open of an open tty
1364 * @tty - the tty to open
1365 *
1366 * Return 0 on success, -errno on error.
1367 *
1368 * Locking: tty_mutex must be held from the time the tty was found
1369 * till this open completes.
1370 */
1371static int tty_reopen(struct tty_struct *tty)
1372{
1373 struct tty_driver *driver = tty->driver;
1374
1375 if (test_bit(TTY_CLOSING, &tty->flags) ||
1376 test_bit(TTY_HUPPING, &tty->flags))
1377 return -EIO;
1378
1379 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1380 driver->subtype == PTY_TYPE_MASTER) {
1381 /*
1382 * special case for PTY masters: only one open permitted,
1383 * and the slave side open count is incremented as well.
1384 */
1385 if (tty->count)
1386 return -EIO;
1387
1388 tty->link->count++;
1389 }
1390 tty->count++;
1391
1392 WARN_ON(!tty->ldisc);
1393
1394 return 0;
1395}
1396
1397/**
1398 * tty_init_dev - initialise a tty device
1399 * @driver: tty driver we are opening a device on
1400 * @idx: device index
1401 * @ret_tty: returned tty structure
1402 *
1403 * Prepare a tty device. This may not be a "new" clean device but
1404 * could also be an active device. The pty drivers require special
1405 * handling because of this.
1406 *
1407 * Locking:
1408 * The function is called under the tty_mutex, which
1409 * protects us from the tty struct or driver itself going away.
1410 *
1411 * On exit the tty device has the line discipline attached and
1412 * a reference count of 1. If a pair was created for pty/tty use
1413 * and the other was a pty master then it too has a reference count of 1.
1414 *
1415 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1416 * failed open. The new code protects the open with a mutex, so it's
1417 * really quite straightforward. The mutex locking can probably be
1418 * relaxed for the (most common) case of reopening a tty.
1419 */
1420
1421struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1422{
1423 struct tty_struct *tty;
1424 int retval;
1425
1426 /*
1427 * First time open is complex, especially for PTY devices.
1428 * This code guarantees that either everything succeeds and the
1429 * TTY is ready for operation, or else the table slots are vacated
1430 * and the allocated memory released. (Except that the termios
1431 * and locked termios may be retained.)
1432 */
1433
1434 if (!try_module_get(driver->owner))
1435 return ERR_PTR(-ENODEV);
1436
1437 tty = alloc_tty_struct(driver, idx);
1438 if (!tty) {
1439 retval = -ENOMEM;
1440 goto err_module_put;
1441 }
1442
1443 tty_lock(tty);
1444 retval = tty_driver_install_tty(driver, tty);
1445 if (retval < 0)
1446 goto err_deinit_tty;
1447
1448 if (!tty->port)
1449 tty->port = driver->ports[idx];
1450
1451 WARN_RATELIMIT(!tty->port,
1452 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1453 __func__, tty->driver->name);
1454
1455 tty->port->itty = tty;
1456
1457 /*
1458 * Structures all installed ... call the ldisc open routines.
1459 * If we fail here just call release_tty to clean up. No need
1460 * to decrement the use counts, as release_tty doesn't care.
1461 */
1462 retval = tty_ldisc_setup(tty, tty->link);
1463 if (retval)
1464 goto err_release_tty;
1465 /* Return the tty locked so that it cannot vanish under the caller */
1466 return tty;
1467
1468err_deinit_tty:
1469 tty_unlock(tty);
1470 deinitialize_tty_struct(tty);
1471 free_tty_struct(tty);
1472err_module_put:
1473 module_put(driver->owner);
1474 return ERR_PTR(retval);
1475
1476 /* call the tty release_tty routine to clean out this slot */
1477err_release_tty:
1478 tty_unlock(tty);
1479 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1480 "clearing slot %d\n", idx);
1481 release_tty(tty, idx);
1482 return ERR_PTR(retval);
1483}
1484
1485void tty_free_termios(struct tty_struct *tty)
1486{
1487 struct ktermios *tp;
1488 int idx = tty->index;
1489
1490 /* If the port is going to reset then it has no termios to save */
1491 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1492 return;
1493
1494 /* Stash the termios data */
1495 tp = tty->driver->termios[idx];
1496 if (tp == NULL) {
1497 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1498 if (tp == NULL) {
1499 pr_warn("tty: no memory to save termios state.\n");
1500 return;
1501 }
1502 tty->driver->termios[idx] = tp;
1503 }
1504 *tp = tty->termios;
1505}
1506EXPORT_SYMBOL(tty_free_termios);
1507
1508/**
1509 * tty_flush_works - flush all works of a tty
1510 * @tty: tty device to flush works for
1511 *
1512 * Sync flush all works belonging to @tty.
1513 */
1514static void tty_flush_works(struct tty_struct *tty)
1515{
1516 flush_work(&tty->SAK_work);
1517 flush_work(&tty->hangup_work);
1518}
1519
1520/**
1521 * release_one_tty - release tty structure memory
1522 * @kref: kref of tty we are obliterating
1523 *
1524 * Releases memory associated with a tty structure, and clears out the
1525 * driver table slots. This function is called when a device is no longer
1526 * in use. It also gets called when setup of a device fails.
1527 *
1528 * Locking:
1529 * takes the file list lock internally when working on the list
1530 * of ttys that the driver keeps.
1531 *
1532 * This method gets called from a work queue so that the driver private
1533 * cleanup ops can sleep (needed for USB at least)
1534 */
1535static void release_one_tty(struct work_struct *work)
1536{
1537 struct tty_struct *tty =
1538 container_of(work, struct tty_struct, hangup_work);
1539 struct tty_driver *driver = tty->driver;
1540 struct module *owner = driver->owner;
1541
1542 if (tty->ops->cleanup)
1543 tty->ops->cleanup(tty);
1544
1545 tty->magic = 0;
1546 tty_driver_kref_put(driver);
1547 module_put(owner);
1548
1549 spin_lock(&tty_files_lock);
1550 list_del_init(&tty->tty_files);
1551 spin_unlock(&tty_files_lock);
1552
1553 put_pid(tty->pgrp);
1554 put_pid(tty->session);
1555 free_tty_struct(tty);
1556}
1557
1558static void queue_release_one_tty(struct kref *kref)
1559{
1560 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1561
1562 /* The hangup queue is now free so we can reuse it rather than
1563 waste a chunk of memory for each port */
1564 INIT_WORK(&tty->hangup_work, release_one_tty);
1565 schedule_work(&tty->hangup_work);
1566}
1567
1568/**
1569 * tty_kref_put - release a tty kref
1570 * @tty: tty device
1571 *
1572 * Release a reference to a tty device and if need be let the kref
1573 * layer destruct the object for us
1574 */
1575
1576void tty_kref_put(struct tty_struct *tty)
1577{
1578 if (tty)
1579 kref_put(&tty->kref, queue_release_one_tty);
1580}
1581EXPORT_SYMBOL(tty_kref_put);
1582
1583/**
1584 * release_tty - release tty structure memory
1585 *
1586 * Release both @tty and a possible linked partner (think pty pair),
1587 * and decrement the refcount of the backing module.
1588 *
1589 * Locking:
1590 * tty_mutex
1591 * takes the file list lock internally when working on the list
1592 * of ttys that the driver keeps.
1593 *
1594 */
1595static void release_tty(struct tty_struct *tty, int idx)
1596{
1597 /* This should always be true but check for the moment */
1598 WARN_ON(tty->index != idx);
1599 WARN_ON(!mutex_is_locked(&tty_mutex));
1600 if (tty->ops->shutdown)
1601 tty->ops->shutdown(tty);
1602 tty_free_termios(tty);
1603 tty_driver_remove_tty(tty->driver, tty);
1604 tty->port->itty = NULL;
1605 if (tty->link)
1606 tty->link->port->itty = NULL;
1607 cancel_work_sync(&tty->port->buf.work);
1608
1609 if (tty->link)
1610 tty_kref_put(tty->link);
1611 tty_kref_put(tty);
1612}
1613
1614/**
1615 * tty_release_checks - check a tty before real release
1616 * @tty: tty to check
1617 * @o_tty: link of @tty (if any)
1618 * @idx: index of the tty
1619 *
1620 * Performs some paranoid checking before true release of the @tty.
1621 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1622 */
1623static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1624 int idx)
1625{
1626#ifdef TTY_PARANOIA_CHECK
1627 if (idx < 0 || idx >= tty->driver->num) {
1628 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1629 __func__, tty->name);
1630 return -1;
1631 }
1632
1633 /* not much to check for devpts */
1634 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1635 return 0;
1636
1637 if (tty != tty->driver->ttys[idx]) {
1638 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1639 __func__, idx, tty->name);
1640 return -1;
1641 }
1642 if (tty->driver->other) {
1643 if (o_tty != tty->driver->other->ttys[idx]) {
1644 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1645 __func__, idx, tty->name);
1646 return -1;
1647 }
1648 if (o_tty->link != tty) {
1649 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1650 return -1;
1651 }
1652 }
1653#endif
1654 return 0;
1655}
1656
1657/**
1658 * tty_release - vfs callback for close
1659 * @inode: inode of tty
1660 * @filp: file pointer for handle to tty
1661 *
1662 * Called the last time each file handle is closed that references
1663 * this tty. There may however be several such references.
1664 *
1665 * Locking:
1666 * Takes bkl. See tty_release_dev
1667 *
1668 * Even releasing the tty structures is a tricky business.. We have
1669 * to be very careful that the structures are all released at the
1670 * same time, as interrupts might otherwise get the wrong pointers.
1671 *
1672 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1673 * lead to double frees or releasing memory still in use.
1674 */
1675
1676int tty_release(struct inode *inode, struct file *filp)
1677{
1678 struct tty_struct *tty = file_tty(filp);
1679 struct tty_struct *o_tty;
1680 int pty_master, tty_closing, o_tty_closing, do_sleep;
1681 int idx;
1682 char buf[64];
1683
1684 if (tty_paranoia_check(tty, inode, __func__))
1685 return 0;
1686
1687 tty_lock(tty);
1688 check_tty_count(tty, __func__);
1689
1690 __tty_fasync(-1, filp, 0);
1691
1692 idx = tty->index;
1693 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1694 tty->driver->subtype == PTY_TYPE_MASTER);
1695 /* Review: parallel close */
1696 o_tty = tty->link;
1697
1698 if (tty_release_checks(tty, o_tty, idx)) {
1699 tty_unlock(tty);
1700 return 0;
1701 }
1702
1703#ifdef TTY_DEBUG_HANGUP
1704 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1705 tty_name(tty, buf), tty->count);
1706#endif
1707
1708 if (tty->ops->close)
1709 tty->ops->close(tty, filp);
1710
1711 tty_unlock(tty);
1712 /*
1713 * Sanity check: if tty->count is going to zero, there shouldn't be
1714 * any waiters on tty->read_wait or tty->write_wait. We test the
1715 * wait queues and kick everyone out _before_ actually starting to
1716 * close. This ensures that we won't block while releasing the tty
1717 * structure.
1718 *
1719 * The test for the o_tty closing is necessary, since the master and
1720 * slave sides may close in any order. If the slave side closes out
1721 * first, its count will be one, since the master side holds an open.
1722 * Thus this test wouldn't be triggered at the time the slave closes,
1723 * so we do it now.
1724 *
1725 * Note that it's possible for the tty to be opened again while we're
1726 * flushing out waiters. By recalculating the closing flags before
1727 * each iteration we avoid any problems.
1728 */
1729 while (1) {
1730 /* Guard against races with tty->count changes elsewhere and
1731 opens on /dev/tty */
1732
1733 mutex_lock(&tty_mutex);
1734 tty_lock_pair(tty, o_tty);
1735 tty_closing = tty->count <= 1;
1736 o_tty_closing = o_tty &&
1737 (o_tty->count <= (pty_master ? 1 : 0));
1738 do_sleep = 0;
1739
1740 if (tty_closing) {
1741 if (waitqueue_active(&tty->read_wait)) {
1742 wake_up_poll(&tty->read_wait, POLLIN);
1743 do_sleep++;
1744 }
1745 if (waitqueue_active(&tty->write_wait)) {
1746 wake_up_poll(&tty->write_wait, POLLOUT);
1747 do_sleep++;
1748 }
1749 }
1750 if (o_tty_closing) {
1751 if (waitqueue_active(&o_tty->read_wait)) {
1752 wake_up_poll(&o_tty->read_wait, POLLIN);
1753 do_sleep++;
1754 }
1755 if (waitqueue_active(&o_tty->write_wait)) {
1756 wake_up_poll(&o_tty->write_wait, POLLOUT);
1757 do_sleep++;
1758 }
1759 }
1760 if (!do_sleep)
1761 break;
1762
1763 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1764 __func__, tty_name(tty, buf));
1765 tty_unlock_pair(tty, o_tty);
1766 mutex_unlock(&tty_mutex);
1767 schedule();
1768 }
1769
1770 /*
1771 * The closing flags are now consistent with the open counts on
1772 * both sides, and we've completed the last operation that could
1773 * block, so it's safe to proceed with closing.
1774 *
1775 * We must *not* drop the tty_mutex until we ensure that a further
1776 * entry into tty_open can not pick up this tty.
1777 */
1778 if (pty_master) {
1779 if (--o_tty->count < 0) {
1780 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1781 __func__, o_tty->count, tty_name(o_tty, buf));
1782 o_tty->count = 0;
1783 }
1784 }
1785 if (--tty->count < 0) {
1786 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1787 __func__, tty->count, tty_name(tty, buf));
1788 tty->count = 0;
1789 }
1790
1791 /*
1792 * We've decremented tty->count, so we need to remove this file
1793 * descriptor off the tty->tty_files list; this serves two
1794 * purposes:
1795 * - check_tty_count sees the correct number of file descriptors
1796 * associated with this tty.
1797 * - do_tty_hangup no longer sees this file descriptor as
1798 * something that needs to be handled for hangups.
1799 */
1800 tty_del_file(filp);
1801
1802 /*
1803 * Perform some housekeeping before deciding whether to return.
1804 *
1805 * Set the TTY_CLOSING flag if this was the last open. In the
1806 * case of a pty we may have to wait around for the other side
1807 * to close, and TTY_CLOSING makes sure we can't be reopened.
1808 */
1809 if (tty_closing)
1810 set_bit(TTY_CLOSING, &tty->flags);
1811 if (o_tty_closing)
1812 set_bit(TTY_CLOSING, &o_tty->flags);
1813
1814 /*
1815 * If _either_ side is closing, make sure there aren't any
1816 * processes that still think tty or o_tty is their controlling
1817 * tty.
1818 */
1819 if (tty_closing || o_tty_closing) {
1820 read_lock(&tasklist_lock);
1821 session_clear_tty(tty->session);
1822 if (o_tty)
1823 session_clear_tty(o_tty->session);
1824 read_unlock(&tasklist_lock);
1825 }
1826
1827 mutex_unlock(&tty_mutex);
1828 tty_unlock_pair(tty, o_tty);
1829 /* At this point the TTY_CLOSING flag should ensure a dead tty
1830 cannot be re-opened by a racing opener */
1831
1832 /* check whether both sides are closing ... */
1833 if (!tty_closing || (o_tty && !o_tty_closing))
1834 return 0;
1835
1836#ifdef TTY_DEBUG_HANGUP
1837 printk(KERN_DEBUG "%s: %s: final close\n", __func__, tty_name(tty, buf));
1838#endif
1839 /*
1840 * Ask the line discipline code to release its structures
1841 */
1842 tty_ldisc_release(tty, o_tty);
1843
1844 /* Wait for pending work before tty destruction commmences */
1845 tty_flush_works(tty);
1846 if (o_tty)
1847 tty_flush_works(o_tty);
1848
1849#ifdef TTY_DEBUG_HANGUP
1850 printk(KERN_DEBUG "%s: %s: freeing structure...\n", __func__, tty_name(tty, buf));
1851#endif
1852 /*
1853 * The release_tty function takes care of the details of clearing
1854 * the slots and preserving the termios structure. The tty_unlock_pair
1855 * should be safe as we keep a kref while the tty is locked (so the
1856 * unlock never unlocks a freed tty).
1857 */
1858 mutex_lock(&tty_mutex);
1859 release_tty(tty, idx);
1860 mutex_unlock(&tty_mutex);
1861
1862 return 0;
1863}
1864
1865/**
1866 * tty_open_current_tty - get tty of current task for open
1867 * @device: device number
1868 * @filp: file pointer to tty
1869 * @return: tty of the current task iff @device is /dev/tty
1870 *
1871 * We cannot return driver and index like for the other nodes because
1872 * devpts will not work then. It expects inodes to be from devpts FS.
1873 *
1874 * We need to move to returning a refcounted object from all the lookup
1875 * paths including this one.
1876 */
1877static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1878{
1879 struct tty_struct *tty;
1880
1881 if (device != MKDEV(TTYAUX_MAJOR, 0))
1882 return NULL;
1883
1884 tty = get_current_tty();
1885 if (!tty)
1886 return ERR_PTR(-ENXIO);
1887
1888 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1889 /* noctty = 1; */
1890 tty_kref_put(tty);
1891 /* FIXME: we put a reference and return a TTY! */
1892 /* This is only safe because the caller holds tty_mutex */
1893 return tty;
1894}
1895
1896/**
1897 * tty_lookup_driver - lookup a tty driver for a given device file
1898 * @device: device number
1899 * @filp: file pointer to tty
1900 * @noctty: set if the device should not become a controlling tty
1901 * @index: index for the device in the @return driver
1902 * @return: driver for this inode (with increased refcount)
1903 *
1904 * If @return is not erroneous, the caller is responsible to decrement the
1905 * refcount by tty_driver_kref_put.
1906 *
1907 * Locking: tty_mutex protects get_tty_driver
1908 */
1909static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1910 int *noctty, int *index)
1911{
1912 struct tty_driver *driver;
1913
1914 switch (device) {
1915#ifdef CONFIG_VT
1916 case MKDEV(TTY_MAJOR, 0): {
1917 extern struct tty_driver *console_driver;
1918 driver = tty_driver_kref_get(console_driver);
1919 *index = fg_console;
1920 *noctty = 1;
1921 break;
1922 }
1923#endif
1924 case MKDEV(TTYAUX_MAJOR, 1): {
1925 struct tty_driver *console_driver = console_device(index);
1926 if (console_driver) {
1927 driver = tty_driver_kref_get(console_driver);
1928 if (driver) {
1929 /* Don't let /dev/console block */
1930 filp->f_flags |= O_NONBLOCK;
1931 *noctty = 1;
1932 break;
1933 }
1934 }
1935 return ERR_PTR(-ENODEV);
1936 }
1937 default:
1938 driver = get_tty_driver(device, index);
1939 if (!driver)
1940 return ERR_PTR(-ENODEV);
1941 break;
1942 }
1943 return driver;
1944}
1945
1946/**
1947 * tty_open - open a tty device
1948 * @inode: inode of device file
1949 * @filp: file pointer to tty
1950 *
1951 * tty_open and tty_release keep up the tty count that contains the
1952 * number of opens done on a tty. We cannot use the inode-count, as
1953 * different inodes might point to the same tty.
1954 *
1955 * Open-counting is needed for pty masters, as well as for keeping
1956 * track of serial lines: DTR is dropped when the last close happens.
1957 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1958 *
1959 * The termios state of a pty is reset on first open so that
1960 * settings don't persist across reuse.
1961 *
1962 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
1963 * tty->count should protect the rest.
1964 * ->siglock protects ->signal/->sighand
1965 *
1966 * Note: the tty_unlock/lock cases without a ref are only safe due to
1967 * tty_mutex
1968 */
1969
1970static int tty_open(struct inode *inode, struct file *filp)
1971{
1972 struct tty_struct *tty;
1973 int noctty, retval;
1974 struct tty_driver *driver = NULL;
1975 int index;
1976 dev_t device = inode->i_rdev;
1977 unsigned saved_flags = filp->f_flags;
1978
1979 nonseekable_open(inode, filp);
1980
1981retry_open:
1982 retval = tty_alloc_file(filp);
1983 if (retval)
1984 return -ENOMEM;
1985
1986 noctty = filp->f_flags & O_NOCTTY;
1987 index = -1;
1988 retval = 0;
1989
1990 mutex_lock(&tty_mutex);
1991 /* This is protected by the tty_mutex */
1992 tty = tty_open_current_tty(device, filp);
1993 if (IS_ERR(tty)) {
1994 retval = PTR_ERR(tty);
1995 goto err_unlock;
1996 } else if (!tty) {
1997 driver = tty_lookup_driver(device, filp, &noctty, &index);
1998 if (IS_ERR(driver)) {
1999 retval = PTR_ERR(driver);
2000 goto err_unlock;
2001 }
2002
2003 /* check whether we're reopening an existing tty */
2004 tty = tty_driver_lookup_tty(driver, inode, index);
2005 if (IS_ERR(tty)) {
2006 retval = PTR_ERR(tty);
2007 goto err_unlock;
2008 }
2009 }
2010
2011 if (tty) {
2012 tty_lock(tty);
2013 retval = tty_reopen(tty);
2014 if (retval < 0) {
2015 tty_unlock(tty);
2016 tty = ERR_PTR(retval);
2017 }
2018 } else /* Returns with the tty_lock held for now */
2019 tty = tty_init_dev(driver, index);
2020
2021 mutex_unlock(&tty_mutex);
2022 if (driver)
2023 tty_driver_kref_put(driver);
2024 if (IS_ERR(tty)) {
2025 retval = PTR_ERR(tty);
2026 goto err_file;
2027 }
2028
2029 tty_add_file(tty, filp);
2030
2031 check_tty_count(tty, __func__);
2032 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2033 tty->driver->subtype == PTY_TYPE_MASTER)
2034 noctty = 1;
2035#ifdef TTY_DEBUG_HANGUP
2036 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
2037#endif
2038 if (tty->ops->open)
2039 retval = tty->ops->open(tty, filp);
2040 else
2041 retval = -ENODEV;
2042 filp->f_flags = saved_flags;
2043
2044 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2045 !capable(CAP_SYS_ADMIN))
2046 retval = -EBUSY;
2047
2048 if (retval) {
2049#ifdef TTY_DEBUG_HANGUP
2050 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
2051 retval, tty->name);
2052#endif
2053 tty_unlock(tty); /* need to call tty_release without BTM */
2054 tty_release(inode, filp);
2055 if (retval != -ERESTARTSYS)
2056 return retval;
2057
2058 if (signal_pending(current))
2059 return retval;
2060
2061 schedule();
2062 /*
2063 * Need to reset f_op in case a hangup happened.
2064 */
2065 if (filp->f_op == &hung_up_tty_fops)
2066 filp->f_op = &tty_fops;
2067 goto retry_open;
2068 }
2069 clear_bit(TTY_HUPPED, &tty->flags);
2070 tty_unlock(tty);
2071
2072
2073 mutex_lock(&tty_mutex);
2074 tty_lock(tty);
2075 spin_lock_irq(&current->sighand->siglock);
2076 if (!noctty &&
2077 current->signal->leader &&
2078 !current->signal->tty &&
2079 tty->session == NULL)
2080 __proc_set_tty(current, tty);
2081 spin_unlock_irq(&current->sighand->siglock);
2082 tty_unlock(tty);
2083 mutex_unlock(&tty_mutex);
2084 return 0;
2085err_unlock:
2086 mutex_unlock(&tty_mutex);
2087 /* after locks to avoid deadlock */
2088 if (!IS_ERR_OR_NULL(driver))
2089 tty_driver_kref_put(driver);
2090err_file:
2091 tty_free_file(filp);
2092 return retval;
2093}
2094
2095
2096
2097/**
2098 * tty_poll - check tty status
2099 * @filp: file being polled
2100 * @wait: poll wait structures to update
2101 *
2102 * Call the line discipline polling method to obtain the poll
2103 * status of the device.
2104 *
2105 * Locking: locks called line discipline but ldisc poll method
2106 * may be re-entered freely by other callers.
2107 */
2108
2109static unsigned int tty_poll(struct file *filp, poll_table *wait)
2110{
2111 struct tty_struct *tty = file_tty(filp);
2112 struct tty_ldisc *ld;
2113 int ret = 0;
2114
2115 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2116 return 0;
2117
2118 ld = tty_ldisc_ref_wait(tty);
2119 if (ld->ops->poll)
2120 ret = (ld->ops->poll)(tty, filp, wait);
2121 tty_ldisc_deref(ld);
2122 return ret;
2123}
2124
2125static int __tty_fasync(int fd, struct file *filp, int on)
2126{
2127 struct tty_struct *tty = file_tty(filp);
2128 struct tty_ldisc *ldisc;
2129 unsigned long flags;
2130 int retval = 0;
2131
2132 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2133 goto out;
2134
2135 retval = fasync_helper(fd, filp, on, &tty->fasync);
2136 if (retval <= 0)
2137 goto out;
2138
2139 ldisc = tty_ldisc_ref(tty);
2140 if (ldisc) {
2141 if (ldisc->ops->fasync)
2142 ldisc->ops->fasync(tty, on);
2143 tty_ldisc_deref(ldisc);
2144 }
2145
2146 if (on) {
2147 enum pid_type type;
2148 struct pid *pid;
2149
2150 spin_lock_irqsave(&tty->ctrl_lock, flags);
2151 if (tty->pgrp) {
2152 pid = tty->pgrp;
2153 type = PIDTYPE_PGID;
2154 } else {
2155 pid = task_pid(current);
2156 type = PIDTYPE_PID;
2157 }
2158 get_pid(pid);
2159 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2160 retval = __f_setown(filp, pid, type, 0);
2161 put_pid(pid);
2162 }
2163out:
2164 return retval;
2165}
2166
2167static int tty_fasync(int fd, struct file *filp, int on)
2168{
2169 struct tty_struct *tty = file_tty(filp);
2170 int retval;
2171
2172 tty_lock(tty);
2173 retval = __tty_fasync(fd, filp, on);
2174 tty_unlock(tty);
2175
2176 return retval;
2177}
2178
2179/**
2180 * tiocsti - fake input character
2181 * @tty: tty to fake input into
2182 * @p: pointer to character
2183 *
2184 * Fake input to a tty device. Does the necessary locking and
2185 * input management.
2186 *
2187 * FIXME: does not honour flow control ??
2188 *
2189 * Locking:
2190 * Called functions take tty_ldiscs_lock
2191 * current->signal->tty check is safe without locks
2192 *
2193 * FIXME: may race normal receive processing
2194 */
2195
2196static int tiocsti(struct tty_struct *tty, char __user *p)
2197{
2198 char ch, mbz = 0;
2199 struct tty_ldisc *ld;
2200
2201 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2202 return -EPERM;
2203 if (get_user(ch, p))
2204 return -EFAULT;
2205 tty_audit_tiocsti(tty, ch);
2206 ld = tty_ldisc_ref_wait(tty);
2207 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2208 tty_ldisc_deref(ld);
2209 return 0;
2210}
2211
2212/**
2213 * tiocgwinsz - implement window query ioctl
2214 * @tty; tty
2215 * @arg: user buffer for result
2216 *
2217 * Copies the kernel idea of the window size into the user buffer.
2218 *
2219 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2220 * is consistent.
2221 */
2222
2223static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2224{
2225 int err;
2226
2227 mutex_lock(&tty->winsize_mutex);
2228 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2229 mutex_unlock(&tty->winsize_mutex);
2230
2231 return err ? -EFAULT: 0;
2232}
2233
2234/**
2235 * tty_do_resize - resize event
2236 * @tty: tty being resized
2237 * @rows: rows (character)
2238 * @cols: cols (character)
2239 *
2240 * Update the termios variables and send the necessary signals to
2241 * peform a terminal resize correctly
2242 */
2243
2244int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2245{
2246 struct pid *pgrp;
2247 unsigned long flags;
2248
2249 /* Lock the tty */
2250 mutex_lock(&tty->winsize_mutex);
2251 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2252 goto done;
2253 /* Get the PID values and reference them so we can
2254 avoid holding the tty ctrl lock while sending signals */
2255 spin_lock_irqsave(&tty->ctrl_lock, flags);
2256 pgrp = get_pid(tty->pgrp);
2257 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2258
2259 if (pgrp)
2260 kill_pgrp(pgrp, SIGWINCH, 1);
2261 put_pid(pgrp);
2262
2263 tty->winsize = *ws;
2264done:
2265 mutex_unlock(&tty->winsize_mutex);
2266 return 0;
2267}
2268EXPORT_SYMBOL(tty_do_resize);
2269
2270/**
2271 * tiocswinsz - implement window size set ioctl
2272 * @tty; tty side of tty
2273 * @arg: user buffer for result
2274 *
2275 * Copies the user idea of the window size to the kernel. Traditionally
2276 * this is just advisory information but for the Linux console it
2277 * actually has driver level meaning and triggers a VC resize.
2278 *
2279 * Locking:
2280 * Driver dependent. The default do_resize method takes the
2281 * tty termios mutex and ctrl_lock. The console takes its own lock
2282 * then calls into the default method.
2283 */
2284
2285static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2286{
2287 struct winsize tmp_ws;
2288 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2289 return -EFAULT;
2290
2291 if (tty->ops->resize)
2292 return tty->ops->resize(tty, &tmp_ws);
2293 else
2294 return tty_do_resize(tty, &tmp_ws);
2295}
2296
2297/**
2298 * tioccons - allow admin to move logical console
2299 * @file: the file to become console
2300 *
2301 * Allow the administrator to move the redirected console device
2302 *
2303 * Locking: uses redirect_lock to guard the redirect information
2304 */
2305
2306static int tioccons(struct file *file)
2307{
2308 if (!capable(CAP_SYS_ADMIN))
2309 return -EPERM;
2310 if (file->f_op->write == redirected_tty_write) {
2311 struct file *f;
2312 spin_lock(&redirect_lock);
2313 f = redirect;
2314 redirect = NULL;
2315 spin_unlock(&redirect_lock);
2316 if (f)
2317 fput(f);
2318 return 0;
2319 }
2320 spin_lock(&redirect_lock);
2321 if (redirect) {
2322 spin_unlock(&redirect_lock);
2323 return -EBUSY;
2324 }
2325 redirect = get_file(file);
2326 spin_unlock(&redirect_lock);
2327 return 0;
2328}
2329
2330/**
2331 * fionbio - non blocking ioctl
2332 * @file: file to set blocking value
2333 * @p: user parameter
2334 *
2335 * Historical tty interfaces had a blocking control ioctl before
2336 * the generic functionality existed. This piece of history is preserved
2337 * in the expected tty API of posix OS's.
2338 *
2339 * Locking: none, the open file handle ensures it won't go away.
2340 */
2341
2342static int fionbio(struct file *file, int __user *p)
2343{
2344 int nonblock;
2345
2346 if (get_user(nonblock, p))
2347 return -EFAULT;
2348
2349 spin_lock(&file->f_lock);
2350 if (nonblock)
2351 file->f_flags |= O_NONBLOCK;
2352 else
2353 file->f_flags &= ~O_NONBLOCK;
2354 spin_unlock(&file->f_lock);
2355 return 0;
2356}
2357
2358/**
2359 * tiocsctty - set controlling tty
2360 * @tty: tty structure
2361 * @arg: user argument
2362 *
2363 * This ioctl is used to manage job control. It permits a session
2364 * leader to set this tty as the controlling tty for the session.
2365 *
2366 * Locking:
2367 * Takes tty_mutex() to protect tty instance
2368 * Takes tasklist_lock internally to walk sessions
2369 * Takes ->siglock() when updating signal->tty
2370 */
2371
2372static int tiocsctty(struct tty_struct *tty, int arg)
2373{
2374 int ret = 0;
2375 if (current->signal->leader && (task_session(current) == tty->session))
2376 return ret;
2377
2378 mutex_lock(&tty_mutex);
2379 /*
2380 * The process must be a session leader and
2381 * not have a controlling tty already.
2382 */
2383 if (!current->signal->leader || current->signal->tty) {
2384 ret = -EPERM;
2385 goto unlock;
2386 }
2387
2388 if (tty->session) {
2389 /*
2390 * This tty is already the controlling
2391 * tty for another session group!
2392 */
2393 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2394 /*
2395 * Steal it away
2396 */
2397 read_lock(&tasklist_lock);
2398 session_clear_tty(tty->session);
2399 read_unlock(&tasklist_lock);
2400 } else {
2401 ret = -EPERM;
2402 goto unlock;
2403 }
2404 }
2405 proc_set_tty(current, tty);
2406unlock:
2407 mutex_unlock(&tty_mutex);
2408 return ret;
2409}
2410
2411/**
2412 * tty_get_pgrp - return a ref counted pgrp pid
2413 * @tty: tty to read
2414 *
2415 * Returns a refcounted instance of the pid struct for the process
2416 * group controlling the tty.
2417 */
2418
2419struct pid *tty_get_pgrp(struct tty_struct *tty)
2420{
2421 unsigned long flags;
2422 struct pid *pgrp;
2423
2424 spin_lock_irqsave(&tty->ctrl_lock, flags);
2425 pgrp = get_pid(tty->pgrp);
2426 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2427
2428 return pgrp;
2429}
2430EXPORT_SYMBOL_GPL(tty_get_pgrp);
2431
2432/**
2433 * tiocgpgrp - get process group
2434 * @tty: tty passed by user
2435 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2436 * @p: returned pid
2437 *
2438 * Obtain the process group of the tty. If there is no process group
2439 * return an error.
2440 *
2441 * Locking: none. Reference to current->signal->tty is safe.
2442 */
2443
2444static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2445{
2446 struct pid *pid;
2447 int ret;
2448 /*
2449 * (tty == real_tty) is a cheap way of
2450 * testing if the tty is NOT a master pty.
2451 */
2452 if (tty == real_tty && current->signal->tty != real_tty)
2453 return -ENOTTY;
2454 pid = tty_get_pgrp(real_tty);
2455 ret = put_user(pid_vnr(pid), p);
2456 put_pid(pid);
2457 return ret;
2458}
2459
2460/**
2461 * tiocspgrp - attempt to set process group
2462 * @tty: tty passed by user
2463 * @real_tty: tty side device matching tty passed by user
2464 * @p: pid pointer
2465 *
2466 * Set the process group of the tty to the session passed. Only
2467 * permitted where the tty session is our session.
2468 *
2469 * Locking: RCU, ctrl lock
2470 */
2471
2472static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2473{
2474 struct pid *pgrp;
2475 pid_t pgrp_nr;
2476 int retval = tty_check_change(real_tty);
2477 unsigned long flags;
2478
2479 if (retval == -EIO)
2480 return -ENOTTY;
2481 if (retval)
2482 return retval;
2483 if (!current->signal->tty ||
2484 (current->signal->tty != real_tty) ||
2485 (real_tty->session != task_session(current)))
2486 return -ENOTTY;
2487 if (get_user(pgrp_nr, p))
2488 return -EFAULT;
2489 if (pgrp_nr < 0)
2490 return -EINVAL;
2491 rcu_read_lock();
2492 pgrp = find_vpid(pgrp_nr);
2493 retval = -ESRCH;
2494 if (!pgrp)
2495 goto out_unlock;
2496 retval = -EPERM;
2497 if (session_of_pgrp(pgrp) != task_session(current))
2498 goto out_unlock;
2499 retval = 0;
2500 spin_lock_irqsave(&tty->ctrl_lock, flags);
2501 put_pid(real_tty->pgrp);
2502 real_tty->pgrp = get_pid(pgrp);
2503 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2504out_unlock:
2505 rcu_read_unlock();
2506 return retval;
2507}
2508
2509/**
2510 * tiocgsid - get session id
2511 * @tty: tty passed by user
2512 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2513 * @p: pointer to returned session id
2514 *
2515 * Obtain the session id of the tty. If there is no session
2516 * return an error.
2517 *
2518 * Locking: none. Reference to current->signal->tty is safe.
2519 */
2520
2521static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2522{
2523 /*
2524 * (tty == real_tty) is a cheap way of
2525 * testing if the tty is NOT a master pty.
2526 */
2527 if (tty == real_tty && current->signal->tty != real_tty)
2528 return -ENOTTY;
2529 if (!real_tty->session)
2530 return -ENOTTY;
2531 return put_user(pid_vnr(real_tty->session), p);
2532}
2533
2534/**
2535 * tiocsetd - set line discipline
2536 * @tty: tty device
2537 * @p: pointer to user data
2538 *
2539 * Set the line discipline according to user request.
2540 *
2541 * Locking: see tty_set_ldisc, this function is just a helper
2542 */
2543
2544static int tiocsetd(struct tty_struct *tty, int __user *p)
2545{
2546 int ldisc;
2547 int ret;
2548
2549 if (get_user(ldisc, p))
2550 return -EFAULT;
2551
2552 ret = tty_set_ldisc(tty, ldisc);
2553
2554 return ret;
2555}
2556
2557/**
2558 * send_break - performed time break
2559 * @tty: device to break on
2560 * @duration: timeout in mS
2561 *
2562 * Perform a timed break on hardware that lacks its own driver level
2563 * timed break functionality.
2564 *
2565 * Locking:
2566 * atomic_write_lock serializes
2567 *
2568 */
2569
2570static int send_break(struct tty_struct *tty, unsigned int duration)
2571{
2572 int retval;
2573
2574 if (tty->ops->break_ctl == NULL)
2575 return 0;
2576
2577 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2578 retval = tty->ops->break_ctl(tty, duration);
2579 else {
2580 /* Do the work ourselves */
2581 if (tty_write_lock(tty, 0) < 0)
2582 return -EINTR;
2583 retval = tty->ops->break_ctl(tty, -1);
2584 if (retval)
2585 goto out;
2586 if (!signal_pending(current))
2587 msleep_interruptible(duration);
2588 retval = tty->ops->break_ctl(tty, 0);
2589out:
2590 tty_write_unlock(tty);
2591 if (signal_pending(current))
2592 retval = -EINTR;
2593 }
2594 return retval;
2595}
2596
2597/**
2598 * tty_tiocmget - get modem status
2599 * @tty: tty device
2600 * @file: user file pointer
2601 * @p: pointer to result
2602 *
2603 * Obtain the modem status bits from the tty driver if the feature
2604 * is supported. Return -EINVAL if it is not available.
2605 *
2606 * Locking: none (up to the driver)
2607 */
2608
2609static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2610{
2611 int retval = -EINVAL;
2612
2613 if (tty->ops->tiocmget) {
2614 retval = tty->ops->tiocmget(tty);
2615
2616 if (retval >= 0)
2617 retval = put_user(retval, p);
2618 }
2619 return retval;
2620}
2621
2622/**
2623 * tty_tiocmset - set modem status
2624 * @tty: tty device
2625 * @cmd: command - clear bits, set bits or set all
2626 * @p: pointer to desired bits
2627 *
2628 * Set the modem status bits from the tty driver if the feature
2629 * is supported. Return -EINVAL if it is not available.
2630 *
2631 * Locking: none (up to the driver)
2632 */
2633
2634static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2635 unsigned __user *p)
2636{
2637 int retval;
2638 unsigned int set, clear, val;
2639
2640 if (tty->ops->tiocmset == NULL)
2641 return -EINVAL;
2642
2643 retval = get_user(val, p);
2644 if (retval)
2645 return retval;
2646 set = clear = 0;
2647 switch (cmd) {
2648 case TIOCMBIS:
2649 set = val;
2650 break;
2651 case TIOCMBIC:
2652 clear = val;
2653 break;
2654 case TIOCMSET:
2655 set = val;
2656 clear = ~val;
2657 break;
2658 }
2659 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2660 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2661 return tty->ops->tiocmset(tty, set, clear);
2662}
2663
2664static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2665{
2666 int retval = -EINVAL;
2667 struct serial_icounter_struct icount;
2668 memset(&icount, 0, sizeof(icount));
2669 if (tty->ops->get_icount)
2670 retval = tty->ops->get_icount(tty, &icount);
2671 if (retval != 0)
2672 return retval;
2673 if (copy_to_user(arg, &icount, sizeof(icount)))
2674 return -EFAULT;
2675 return 0;
2676}
2677
2678struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2679{
2680 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2681 tty->driver->subtype == PTY_TYPE_MASTER)
2682 tty = tty->link;
2683 return tty;
2684}
2685EXPORT_SYMBOL(tty_pair_get_tty);
2686
2687struct tty_struct *tty_pair_get_pty(struct tty_struct *tty)
2688{
2689 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2690 tty->driver->subtype == PTY_TYPE_MASTER)
2691 return tty;
2692 return tty->link;
2693}
2694EXPORT_SYMBOL(tty_pair_get_pty);
2695
2696/*
2697 * Split this up, as gcc can choke on it otherwise..
2698 */
2699long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2700{
2701 struct tty_struct *tty = file_tty(file);
2702 struct tty_struct *real_tty;
2703 void __user *p = (void __user *)arg;
2704 int retval;
2705 struct tty_ldisc *ld;
2706
2707 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2708 return -EINVAL;
2709
2710 real_tty = tty_pair_get_tty(tty);
2711
2712 /*
2713 * Factor out some common prep work
2714 */
2715 switch (cmd) {
2716 case TIOCSETD:
2717 case TIOCSBRK:
2718 case TIOCCBRK:
2719 case TCSBRK:
2720 case TCSBRKP:
2721 retval = tty_check_change(tty);
2722 if (retval)
2723 return retval;
2724 if (cmd != TIOCCBRK) {
2725 tty_wait_until_sent(tty, 0);
2726 if (signal_pending(current))
2727 return -EINTR;
2728 }
2729 break;
2730 }
2731
2732 /*
2733 * Now do the stuff.
2734 */
2735 switch (cmd) {
2736 case TIOCSTI:
2737 return tiocsti(tty, p);
2738 case TIOCGWINSZ:
2739 return tiocgwinsz(real_tty, p);
2740 case TIOCSWINSZ:
2741 return tiocswinsz(real_tty, p);
2742 case TIOCCONS:
2743 return real_tty != tty ? -EINVAL : tioccons(file);
2744 case FIONBIO:
2745 return fionbio(file, p);
2746 case TIOCEXCL:
2747 set_bit(TTY_EXCLUSIVE, &tty->flags);
2748 return 0;
2749 case TIOCNXCL:
2750 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2751 return 0;
2752 case TIOCGEXCL:
2753 {
2754 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2755 return put_user(excl, (int __user *)p);
2756 }
2757 case TIOCNOTTY:
2758 if (current->signal->tty != tty)
2759 return -ENOTTY;
2760 no_tty();
2761 return 0;
2762 case TIOCSCTTY:
2763 return tiocsctty(tty, arg);
2764 case TIOCGPGRP:
2765 return tiocgpgrp(tty, real_tty, p);
2766 case TIOCSPGRP:
2767 return tiocspgrp(tty, real_tty, p);
2768 case TIOCGSID:
2769 return tiocgsid(tty, real_tty, p);
2770 case TIOCGETD:
2771 return put_user(tty->ldisc->ops->num, (int __user *)p);
2772 case TIOCSETD:
2773 return tiocsetd(tty, p);
2774 case TIOCVHANGUP:
2775 if (!capable(CAP_SYS_ADMIN))
2776 return -EPERM;
2777 tty_vhangup(tty);
2778 return 0;
2779 case TIOCGDEV:
2780 {
2781 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2782 return put_user(ret, (unsigned int __user *)p);
2783 }
2784 /*
2785 * Break handling
2786 */
2787 case TIOCSBRK: /* Turn break on, unconditionally */
2788 if (tty->ops->break_ctl)
2789 return tty->ops->break_ctl(tty, -1);
2790 return 0;
2791 case TIOCCBRK: /* Turn break off, unconditionally */
2792 if (tty->ops->break_ctl)
2793 return tty->ops->break_ctl(tty, 0);
2794 return 0;
2795 case TCSBRK: /* SVID version: non-zero arg --> no break */
2796 /* non-zero arg means wait for all output data
2797 * to be sent (performed above) but don't send break.
2798 * This is used by the tcdrain() termios function.
2799 */
2800 if (!arg)
2801 return send_break(tty, 250);
2802 return 0;
2803 case TCSBRKP: /* support for POSIX tcsendbreak() */
2804 return send_break(tty, arg ? arg*100 : 250);
2805
2806 case TIOCMGET:
2807 return tty_tiocmget(tty, p);
2808 case TIOCMSET:
2809 case TIOCMBIC:
2810 case TIOCMBIS:
2811 return tty_tiocmset(tty, cmd, p);
2812 case TIOCGICOUNT:
2813 retval = tty_tiocgicount(tty, p);
2814 /* For the moment allow fall through to the old method */
2815 if (retval != -EINVAL)
2816 return retval;
2817 break;
2818 case TCFLSH:
2819 switch (arg) {
2820 case TCIFLUSH:
2821 case TCIOFLUSH:
2822 /* flush tty buffer and allow ldisc to process ioctl */
2823 tty_buffer_flush(tty);
2824 break;
2825 }
2826 break;
2827 }
2828 if (tty->ops->ioctl) {
2829 retval = (tty->ops->ioctl)(tty, cmd, arg);
2830 if (retval != -ENOIOCTLCMD)
2831 return retval;
2832 }
2833 ld = tty_ldisc_ref_wait(tty);
2834 retval = -EINVAL;
2835 if (ld->ops->ioctl) {
2836 retval = ld->ops->ioctl(tty, file, cmd, arg);
2837 if (retval == -ENOIOCTLCMD)
2838 retval = -ENOTTY;
2839 }
2840 tty_ldisc_deref(ld);
2841 return retval;
2842}
2843
2844#ifdef CONFIG_COMPAT
2845static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2846 unsigned long arg)
2847{
2848 struct tty_struct *tty = file_tty(file);
2849 struct tty_ldisc *ld;
2850 int retval = -ENOIOCTLCMD;
2851
2852 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2853 return -EINVAL;
2854
2855 if (tty->ops->compat_ioctl) {
2856 retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2857 if (retval != -ENOIOCTLCMD)
2858 return retval;
2859 }
2860
2861 ld = tty_ldisc_ref_wait(tty);
2862 if (ld->ops->compat_ioctl)
2863 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2864 else
2865 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2866 tty_ldisc_deref(ld);
2867
2868 return retval;
2869}
2870#endif
2871
2872static int this_tty(const void *t, struct file *file, unsigned fd)
2873{
2874 if (likely(file->f_op->read != tty_read))
2875 return 0;
2876 return file_tty(file) != t ? 0 : fd + 1;
2877}
2878
2879/*
2880 * This implements the "Secure Attention Key" --- the idea is to
2881 * prevent trojan horses by killing all processes associated with this
2882 * tty when the user hits the "Secure Attention Key". Required for
2883 * super-paranoid applications --- see the Orange Book for more details.
2884 *
2885 * This code could be nicer; ideally it should send a HUP, wait a few
2886 * seconds, then send a INT, and then a KILL signal. But you then
2887 * have to coordinate with the init process, since all processes associated
2888 * with the current tty must be dead before the new getty is allowed
2889 * to spawn.
2890 *
2891 * Now, if it would be correct ;-/ The current code has a nasty hole -
2892 * it doesn't catch files in flight. We may send the descriptor to ourselves
2893 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2894 *
2895 * Nasty bug: do_SAK is being called in interrupt context. This can
2896 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2897 */
2898void __do_SAK(struct tty_struct *tty)
2899{
2900#ifdef TTY_SOFT_SAK
2901 tty_hangup(tty);
2902#else
2903 struct task_struct *g, *p;
2904 struct pid *session;
2905 int i;
2906
2907 if (!tty)
2908 return;
2909 session = tty->session;
2910
2911 tty_ldisc_flush(tty);
2912
2913 tty_driver_flush_buffer(tty);
2914
2915 read_lock(&tasklist_lock);
2916 /* Kill the entire session */
2917 do_each_pid_task(session, PIDTYPE_SID, p) {
2918 printk(KERN_NOTICE "SAK: killed process %d"
2919 " (%s): task_session(p)==tty->session\n",
2920 task_pid_nr(p), p->comm);
2921 send_sig(SIGKILL, p, 1);
2922 } while_each_pid_task(session, PIDTYPE_SID, p);
2923 /* Now kill any processes that happen to have the
2924 * tty open.
2925 */
2926 do_each_thread(g, p) {
2927 if (p->signal->tty == tty) {
2928 printk(KERN_NOTICE "SAK: killed process %d"
2929 " (%s): task_session(p)==tty->session\n",
2930 task_pid_nr(p), p->comm);
2931 send_sig(SIGKILL, p, 1);
2932 continue;
2933 }
2934 task_lock(p);
2935 i = iterate_fd(p->files, 0, this_tty, tty);
2936 if (i != 0) {
2937 printk(KERN_NOTICE "SAK: killed process %d"
2938 " (%s): fd#%d opened to the tty\n",
2939 task_pid_nr(p), p->comm, i - 1);
2940 force_sig(SIGKILL, p);
2941 }
2942 task_unlock(p);
2943 } while_each_thread(g, p);
2944 read_unlock(&tasklist_lock);
2945#endif
2946}
2947
2948static void do_SAK_work(struct work_struct *work)
2949{
2950 struct tty_struct *tty =
2951 container_of(work, struct tty_struct, SAK_work);
2952 __do_SAK(tty);
2953}
2954
2955/*
2956 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2957 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2958 * the values which we write to it will be identical to the values which it
2959 * already has. --akpm
2960 */
2961void do_SAK(struct tty_struct *tty)
2962{
2963 if (!tty)
2964 return;
2965 schedule_work(&tty->SAK_work);
2966}
2967
2968EXPORT_SYMBOL(do_SAK);
2969
2970static int dev_match_devt(struct device *dev, const void *data)
2971{
2972 const dev_t *devt = data;
2973 return dev->devt == *devt;
2974}
2975
2976/* Must put_device() after it's unused! */
2977static struct device *tty_get_device(struct tty_struct *tty)
2978{
2979 dev_t devt = tty_devnum(tty);
2980 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2981}
2982
2983
2984/**
2985 * alloc_tty_struct
2986 *
2987 * This subroutine allocates and initializes a tty structure.
2988 *
2989 * Locking: none - tty in question is not exposed at this point
2990 */
2991
2992struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
2993{
2994 struct tty_struct *tty;
2995
2996 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
2997 if (!tty)
2998 return NULL;
2999
3000 kref_init(&tty->kref);
3001 tty->magic = TTY_MAGIC;
3002 tty_ldisc_init(tty);
3003 tty->session = NULL;
3004 tty->pgrp = NULL;
3005 mutex_init(&tty->legacy_mutex);
3006 mutex_init(&tty->throttle_mutex);
3007 init_rwsem(&tty->termios_rwsem);
3008 mutex_init(&tty->winsize_mutex);
3009 init_ldsem(&tty->ldisc_sem);
3010 init_waitqueue_head(&tty->write_wait);
3011 init_waitqueue_head(&tty->read_wait);
3012 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3013 mutex_init(&tty->atomic_write_lock);
3014 spin_lock_init(&tty->ctrl_lock);
3015 spin_lock_init(&tty->flow_lock);
3016 INIT_LIST_HEAD(&tty->tty_files);
3017 INIT_WORK(&tty->SAK_work, do_SAK_work);
3018
3019 tty->driver = driver;
3020 tty->ops = driver->ops;
3021 tty->index = idx;
3022 tty_line_name(driver, idx, tty->name);
3023 tty->dev = tty_get_device(tty);
3024
3025 return tty;
3026}
3027
3028/**
3029 * deinitialize_tty_struct
3030 * @tty: tty to deinitialize
3031 *
3032 * This subroutine deinitializes a tty structure that has been newly
3033 * allocated but tty_release cannot be called on that yet.
3034 *
3035 * Locking: none - tty in question must not be exposed at this point
3036 */
3037void deinitialize_tty_struct(struct tty_struct *tty)
3038{
3039 tty_ldisc_deinit(tty);
3040}
3041
3042/**
3043 * tty_put_char - write one character to a tty
3044 * @tty: tty
3045 * @ch: character
3046 *
3047 * Write one byte to the tty using the provided put_char method
3048 * if present. Returns the number of characters successfully output.
3049 *
3050 * Note: the specific put_char operation in the driver layer may go
3051 * away soon. Don't call it directly, use this method
3052 */
3053
3054int tty_put_char(struct tty_struct *tty, unsigned char ch)
3055{
3056 if (tty->ops->put_char)
3057 return tty->ops->put_char(tty, ch);
3058 return tty->ops->write(tty, &ch, 1);
3059}
3060EXPORT_SYMBOL_GPL(tty_put_char);
3061
3062struct class *tty_class;
3063
3064static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3065 unsigned int index, unsigned int count)
3066{
3067 /* init here, since reused cdevs cause crashes */
3068 cdev_init(&driver->cdevs[index], &tty_fops);
3069 driver->cdevs[index].owner = driver->owner;
3070 return cdev_add(&driver->cdevs[index], dev, count);
3071}
3072
3073/**
3074 * tty_register_device - register a tty device
3075 * @driver: the tty driver that describes the tty device
3076 * @index: the index in the tty driver for this tty device
3077 * @device: a struct device that is associated with this tty device.
3078 * This field is optional, if there is no known struct device
3079 * for this tty device it can be set to NULL safely.
3080 *
3081 * Returns a pointer to the struct device for this tty device
3082 * (or ERR_PTR(-EFOO) on error).
3083 *
3084 * This call is required to be made to register an individual tty device
3085 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3086 * that bit is not set, this function should not be called by a tty
3087 * driver.
3088 *
3089 * Locking: ??
3090 */
3091
3092struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3093 struct device *device)
3094{
3095 return tty_register_device_attr(driver, index, device, NULL, NULL);
3096}
3097EXPORT_SYMBOL(tty_register_device);
3098
3099static void tty_device_create_release(struct device *dev)
3100{
3101 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3102 kfree(dev);
3103}
3104
3105/**
3106 * tty_register_device_attr - register a tty device
3107 * @driver: the tty driver that describes the tty device
3108 * @index: the index in the tty driver for this tty device
3109 * @device: a struct device that is associated with this tty device.
3110 * This field is optional, if there is no known struct device
3111 * for this tty device it can be set to NULL safely.
3112 * @drvdata: Driver data to be set to device.
3113 * @attr_grp: Attribute group to be set on device.
3114 *
3115 * Returns a pointer to the struct device for this tty device
3116 * (or ERR_PTR(-EFOO) on error).
3117 *
3118 * This call is required to be made to register an individual tty device
3119 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3120 * that bit is not set, this function should not be called by a tty
3121 * driver.
3122 *
3123 * Locking: ??
3124 */
3125struct device *tty_register_device_attr(struct tty_driver *driver,
3126 unsigned index, struct device *device,
3127 void *drvdata,
3128 const struct attribute_group **attr_grp)
3129{
3130 char name[64];
3131 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3132 struct device *dev = NULL;
3133 int retval = -ENODEV;
3134 bool cdev = false;
3135
3136 if (index >= driver->num) {
3137 printk(KERN_ERR "Attempt to register invalid tty line number "
3138 " (%d).\n", index);
3139 return ERR_PTR(-EINVAL);
3140 }
3141
3142 if (driver->type == TTY_DRIVER_TYPE_PTY)
3143 pty_line_name(driver, index, name);
3144 else
3145 tty_line_name(driver, index, name);
3146
3147 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3148 retval = tty_cdev_add(driver, devt, index, 1);
3149 if (retval)
3150 goto error;
3151 cdev = true;
3152 }
3153
3154 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3155 if (!dev) {
3156 retval = -ENOMEM;
3157 goto error;
3158 }
3159
3160 dev->devt = devt;
3161 dev->class = tty_class;
3162 dev->parent = device;
3163 dev->release = tty_device_create_release;
3164 dev_set_name(dev, "%s", name);
3165 dev->groups = attr_grp;
3166 dev_set_drvdata(dev, drvdata);
3167
3168 retval = device_register(dev);
3169 if (retval)
3170 goto error;
3171
3172 return dev;
3173
3174error:
3175 put_device(dev);
3176 if (cdev)
3177 cdev_del(&driver->cdevs[index]);
3178 return ERR_PTR(retval);
3179}
3180EXPORT_SYMBOL_GPL(tty_register_device_attr);
3181
3182/**
3183 * tty_unregister_device - unregister a tty device
3184 * @driver: the tty driver that describes the tty device
3185 * @index: the index in the tty driver for this tty device
3186 *
3187 * If a tty device is registered with a call to tty_register_device() then
3188 * this function must be called when the tty device is gone.
3189 *
3190 * Locking: ??
3191 */
3192
3193void tty_unregister_device(struct tty_driver *driver, unsigned index)
3194{
3195 device_destroy(tty_class,
3196 MKDEV(driver->major, driver->minor_start) + index);
3197 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3198 cdev_del(&driver->cdevs[index]);
3199}
3200EXPORT_SYMBOL(tty_unregister_device);
3201
3202/**
3203 * __tty_alloc_driver -- allocate tty driver
3204 * @lines: count of lines this driver can handle at most
3205 * @owner: module which is repsonsible for this driver
3206 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3207 *
3208 * This should not be called directly, some of the provided macros should be
3209 * used instead. Use IS_ERR and friends on @retval.
3210 */
3211struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3212 unsigned long flags)
3213{
3214 struct tty_driver *driver;
3215 unsigned int cdevs = 1;
3216 int err;
3217
3218 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3219 return ERR_PTR(-EINVAL);
3220
3221 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3222 if (!driver)
3223 return ERR_PTR(-ENOMEM);
3224
3225 kref_init(&driver->kref);
3226 driver->magic = TTY_DRIVER_MAGIC;
3227 driver->num = lines;
3228 driver->owner = owner;
3229 driver->flags = flags;
3230
3231 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3232 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3233 GFP_KERNEL);
3234 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3235 GFP_KERNEL);
3236 if (!driver->ttys || !driver->termios) {
3237 err = -ENOMEM;
3238 goto err_free_all;
3239 }
3240 }
3241
3242 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3243 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3244 GFP_KERNEL);
3245 if (!driver->ports) {
3246 err = -ENOMEM;
3247 goto err_free_all;
3248 }
3249 cdevs = lines;
3250 }
3251
3252 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3253 if (!driver->cdevs) {
3254 err = -ENOMEM;
3255 goto err_free_all;
3256 }
3257
3258 return driver;
3259err_free_all:
3260 kfree(driver->ports);
3261 kfree(driver->ttys);
3262 kfree(driver->termios);
3263 kfree(driver);
3264 return ERR_PTR(err);
3265}
3266EXPORT_SYMBOL(__tty_alloc_driver);
3267
3268static void destruct_tty_driver(struct kref *kref)
3269{
3270 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3271 int i;
3272 struct ktermios *tp;
3273
3274 if (driver->flags & TTY_DRIVER_INSTALLED) {
3275 /*
3276 * Free the termios and termios_locked structures because
3277 * we don't want to get memory leaks when modular tty
3278 * drivers are removed from the kernel.
3279 */
3280 for (i = 0; i < driver->num; i++) {
3281 tp = driver->termios[i];
3282 if (tp) {
3283 driver->termios[i] = NULL;
3284 kfree(tp);
3285 }
3286 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3287 tty_unregister_device(driver, i);
3288 }
3289 proc_tty_unregister_driver(driver);
3290 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3291 cdev_del(&driver->cdevs[0]);
3292 }
3293 kfree(driver->cdevs);
3294 kfree(driver->ports);
3295 kfree(driver->termios);
3296 kfree(driver->ttys);
3297 kfree(driver);
3298}
3299
3300void tty_driver_kref_put(struct tty_driver *driver)
3301{
3302 kref_put(&driver->kref, destruct_tty_driver);
3303}
3304EXPORT_SYMBOL(tty_driver_kref_put);
3305
3306void tty_set_operations(struct tty_driver *driver,
3307 const struct tty_operations *op)
3308{
3309 driver->ops = op;
3310};
3311EXPORT_SYMBOL(tty_set_operations);
3312
3313void put_tty_driver(struct tty_driver *d)
3314{
3315 tty_driver_kref_put(d);
3316}
3317EXPORT_SYMBOL(put_tty_driver);
3318
3319/*
3320 * Called by a tty driver to register itself.
3321 */
3322int tty_register_driver(struct tty_driver *driver)
3323{
3324 int error;
3325 int i;
3326 dev_t dev;
3327 struct device *d;
3328
3329 if (!driver->major) {
3330 error = alloc_chrdev_region(&dev, driver->minor_start,
3331 driver->num, driver->name);
3332 if (!error) {
3333 driver->major = MAJOR(dev);
3334 driver->minor_start = MINOR(dev);
3335 }
3336 } else {
3337 dev = MKDEV(driver->major, driver->minor_start);
3338 error = register_chrdev_region(dev, driver->num, driver->name);
3339 }
3340 if (error < 0)
3341 goto err;
3342
3343 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3344 error = tty_cdev_add(driver, dev, 0, driver->num);
3345 if (error)
3346 goto err_unreg_char;
3347 }
3348
3349 mutex_lock(&tty_mutex);
3350 list_add(&driver->tty_drivers, &tty_drivers);
3351 mutex_unlock(&tty_mutex);
3352
3353 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3354 for (i = 0; i < driver->num; i++) {
3355 d = tty_register_device(driver, i, NULL);
3356 if (IS_ERR(d)) {
3357 error = PTR_ERR(d);
3358 goto err_unreg_devs;
3359 }
3360 }
3361 }
3362 proc_tty_register_driver(driver);
3363 driver->flags |= TTY_DRIVER_INSTALLED;
3364 return 0;
3365
3366err_unreg_devs:
3367 for (i--; i >= 0; i--)
3368 tty_unregister_device(driver, i);
3369
3370 mutex_lock(&tty_mutex);
3371 list_del(&driver->tty_drivers);
3372 mutex_unlock(&tty_mutex);
3373
3374err_unreg_char:
3375 unregister_chrdev_region(dev, driver->num);
3376err:
3377 return error;
3378}
3379EXPORT_SYMBOL(tty_register_driver);
3380
3381/*
3382 * Called by a tty driver to unregister itself.
3383 */
3384int tty_unregister_driver(struct tty_driver *driver)
3385{
3386#if 0
3387 /* FIXME */
3388 if (driver->refcount)
3389 return -EBUSY;
3390#endif
3391 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3392 driver->num);
3393 mutex_lock(&tty_mutex);
3394 list_del(&driver->tty_drivers);
3395 mutex_unlock(&tty_mutex);
3396 return 0;
3397}
3398
3399EXPORT_SYMBOL(tty_unregister_driver);
3400
3401dev_t tty_devnum(struct tty_struct *tty)
3402{
3403 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3404}
3405EXPORT_SYMBOL(tty_devnum);
3406
3407void proc_clear_tty(struct task_struct *p)
3408{
3409 unsigned long flags;
3410 struct tty_struct *tty;
3411 spin_lock_irqsave(&p->sighand->siglock, flags);
3412 tty = p->signal->tty;
3413 p->signal->tty = NULL;
3414 spin_unlock_irqrestore(&p->sighand->siglock, flags);
3415 tty_kref_put(tty);
3416}
3417
3418/* Called under the sighand lock */
3419
3420static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3421{
3422 if (tty) {
3423 unsigned long flags;
3424 /* We should not have a session or pgrp to put here but.... */
3425 spin_lock_irqsave(&tty->ctrl_lock, flags);
3426 put_pid(tty->session);
3427 put_pid(tty->pgrp);
3428 tty->pgrp = get_pid(task_pgrp(tsk));
3429 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3430 tty->session = get_pid(task_session(tsk));
3431 if (tsk->signal->tty) {
3432 printk(KERN_DEBUG "tty not NULL!!\n");
3433 tty_kref_put(tsk->signal->tty);
3434 }
3435 }
3436 put_pid(tsk->signal->tty_old_pgrp);
3437 tsk->signal->tty = tty_kref_get(tty);
3438 tsk->signal->tty_old_pgrp = NULL;
3439}
3440
3441static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3442{
3443 spin_lock_irq(&tsk->sighand->siglock);
3444 __proc_set_tty(tsk, tty);
3445 spin_unlock_irq(&tsk->sighand->siglock);
3446}
3447
3448struct tty_struct *get_current_tty(void)
3449{
3450 struct tty_struct *tty;
3451 unsigned long flags;
3452
3453 spin_lock_irqsave(&current->sighand->siglock, flags);
3454 tty = tty_kref_get(current->signal->tty);
3455 spin_unlock_irqrestore(&current->sighand->siglock, flags);
3456 return tty;
3457}
3458EXPORT_SYMBOL_GPL(get_current_tty);
3459
3460void tty_default_fops(struct file_operations *fops)
3461{
3462 *fops = tty_fops;
3463}
3464
3465/*
3466 * Initialize the console device. This is called *early*, so
3467 * we can't necessarily depend on lots of kernel help here.
3468 * Just do some early initializations, and do the complex setup
3469 * later.
3470 */
3471void __init console_init(void)
3472{
3473 initcall_t *call;
3474
3475 /* Setup the default TTY line discipline. */
3476 tty_ldisc_begin();
3477
3478 /*
3479 * set up the console device so that later boot sequences can
3480 * inform about problems etc..
3481 */
3482 call = __con_initcall_start;
3483 while (call < __con_initcall_end) {
3484 (*call)();
3485 call++;
3486 }
3487}
3488
3489static char *tty_devnode(struct device *dev, umode_t *mode)
3490{
3491 if (!mode)
3492 return NULL;
3493 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3494 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3495 *mode = 0666;
3496 return NULL;
3497}
3498
3499static int __init tty_class_init(void)
3500{
3501 tty_class = class_create(THIS_MODULE, "tty");
3502 if (IS_ERR(tty_class))
3503 return PTR_ERR(tty_class);
3504 tty_class->devnode = tty_devnode;
3505 return 0;
3506}
3507
3508postcore_initcall(tty_class_init);
3509
3510/* 3/2004 jmc: why do these devices exist? */
3511static struct cdev tty_cdev, console_cdev;
3512
3513static ssize_t show_cons_active(struct device *dev,
3514 struct device_attribute *attr, char *buf)
3515{
3516 struct console *cs[16];
3517 int i = 0;
3518 struct console *c;
3519 ssize_t count = 0;
3520
3521 console_lock();
3522 for_each_console(c) {
3523 if (!c->device)
3524 continue;
3525 if (!c->write)
3526 continue;
3527 if ((c->flags & CON_ENABLED) == 0)
3528 continue;
3529 cs[i++] = c;
3530 if (i >= ARRAY_SIZE(cs))
3531 break;
3532 }
3533 while (i--) {
3534 int index = cs[i]->index;
3535 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3536
3537 /* don't resolve tty0 as some programs depend on it */
3538 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3539 count += tty_line_name(drv, index, buf + count);
3540 else
3541 count += sprintf(buf + count, "%s%d",
3542 cs[i]->name, cs[i]->index);
3543
3544 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3545 }
3546 console_unlock();
3547
3548 return count;
3549}
3550static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3551
3552static struct device *consdev;
3553
3554void console_sysfs_notify(void)
3555{
3556 if (consdev)
3557 sysfs_notify(&consdev->kobj, NULL, "active");
3558}
3559
3560/*
3561 * Ok, now we can initialize the rest of the tty devices and can count
3562 * on memory allocations, interrupts etc..
3563 */
3564int __init tty_init(void)
3565{
3566 cdev_init(&tty_cdev, &tty_fops);
3567 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3568 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3569 panic("Couldn't register /dev/tty driver\n");
3570 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3571
3572 cdev_init(&console_cdev, &console_fops);
3573 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3574 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3575 panic("Couldn't register /dev/console driver\n");
3576 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3577 "console");
3578 if (IS_ERR(consdev))
3579 consdev = NULL;
3580 else
3581 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3582
3583#ifdef CONFIG_VT
3584 vty_init(&console_fops);
3585#endif
3586 return 0;
3587}
3588
Linux 6.x block layer and io_uring tree(s)