projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
tty: fix up hung_up_tty_read() conversion
[linux-2.6-block.git] / drivers / tty / tty_io.c
... / ...
CommitLineData
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6/*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched/signal.h>
74#include <linux/sched/task.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/fdtable.h>
82#include <linux/console.h>
83#include <linux/timer.h>
84#include <linux/ctype.h>
85#include <linux/kd.h>
86#include <linux/mm.h>
87#include <linux/string.h>
88#include <linux/slab.h>
89#include <linux/poll.h>
90#include <linux/ppp-ioctl.h>
91#include <linux/proc_fs.h>
92#include <linux/init.h>
93#include <linux/module.h>
94#include <linux/device.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
97#include <linux/delay.h>
98#include <linux/seq_file.h>
99#include <linux/serial.h>
100#include <linux/ratelimit.h>
101#include <linux/compat.h>
102
103#include <linux/uaccess.h>
104
105#include <linux/kbd_kern.h>
106#include <linux/vt_kern.h>
107#include <linux/selection.h>
108
109#include <linux/kmod.h>
110#include <linux/nsproxy.h>
111
112#undef TTY_DEBUG_HANGUP
113#ifdef TTY_DEBUG_HANGUP
114# define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
115#else
116# define tty_debug_hangup(tty, f, args...) do { } while (0)
117#endif
118
119#define TTY_PARANOIA_CHECK 1
120#define CHECK_TTY_COUNT 1
121
122struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
123 .c_iflag = ICRNL | IXON,
124 .c_oflag = OPOST | ONLCR,
125 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
126 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
127 ECHOCTL | ECHOKE | IEXTEN,
128 .c_cc = INIT_C_CC,
129 .c_ispeed = 38400,
130 .c_ospeed = 38400,
131 /* .c_line = N_TTY, */
132};
133
134EXPORT_SYMBOL(tty_std_termios);
135
136/* This list gets poked at by procfs and various bits of boot up code. This
137 could do with some rationalisation such as pulling the tty proc function
138 into this file */
139
140LIST_HEAD(tty_drivers); /* linked list of tty drivers */
141
142/* Mutex to protect creating and releasing a tty */
143DEFINE_MUTEX(tty_mutex);
144
145static ssize_t tty_read(struct kiocb *, struct iov_iter *);
146static ssize_t tty_write(struct kiocb *, struct iov_iter *);
147ssize_t redirected_tty_write(struct kiocb *, struct iov_iter *);
148static __poll_t tty_poll(struct file *, poll_table *);
149static int tty_open(struct inode *, struct file *);
150long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
151#ifdef CONFIG_COMPAT
152static long tty_compat_ioctl(struct file *file, unsigned int cmd,
153 unsigned long arg);
154#else
155#define tty_compat_ioctl NULL
156#endif
157static int __tty_fasync(int fd, struct file *filp, int on);
158static int tty_fasync(int fd, struct file *filp, int on);
159static void release_tty(struct tty_struct *tty, int idx);
160
161/**
162 * free_tty_struct - free a disused tty
163 * @tty: tty struct to free
164 *
165 * Free the write buffers, tty queue and tty memory itself.
166 *
167 * Locking: none. Must be called after tty is definitely unused
168 */
169
170static void free_tty_struct(struct tty_struct *tty)
171{
172 tty_ldisc_deinit(tty);
173 put_device(tty->dev);
174 kfree(tty->write_buf);
175 tty->magic = 0xDEADDEAD;
176 kfree(tty);
177}
178
179static inline struct tty_struct *file_tty(struct file *file)
180{
181 return ((struct tty_file_private *)file->private_data)->tty;
182}
183
184int tty_alloc_file(struct file *file)
185{
186 struct tty_file_private *priv;
187
188 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
189 if (!priv)
190 return -ENOMEM;
191
192 file->private_data = priv;
193
194 return 0;
195}
196
197/* Associate a new file with the tty structure */
198void tty_add_file(struct tty_struct *tty, struct file *file)
199{
200 struct tty_file_private *priv = file->private_data;
201
202 priv->tty = tty;
203 priv->file = file;
204
205 spin_lock(&tty->files_lock);
206 list_add(&priv->list, &tty->tty_files);
207 spin_unlock(&tty->files_lock);
208}
209
210/*
211 * tty_free_file - free file->private_data
212 *
213 * This shall be used only for fail path handling when tty_add_file was not
214 * called yet.
215 */
216void tty_free_file(struct file *file)
217{
218 struct tty_file_private *priv = file->private_data;
219
220 file->private_data = NULL;
221 kfree(priv);
222}
223
224/* Delete file from its tty */
225static void tty_del_file(struct file *file)
226{
227 struct tty_file_private *priv = file->private_data;
228 struct tty_struct *tty = priv->tty;
229
230 spin_lock(&tty->files_lock);
231 list_del(&priv->list);
232 spin_unlock(&tty->files_lock);
233 tty_free_file(file);
234}
235
236/**
237 * tty_name - return tty naming
238 * @tty: tty structure
239 *
240 * Convert a tty structure into a name. The name reflects the kernel
241 * naming policy and if udev is in use may not reflect user space
242 *
243 * Locking: none
244 */
245
246const char *tty_name(const struct tty_struct *tty)
247{
248 if (!tty) /* Hmm. NULL pointer. That's fun. */
249 return "NULL tty";
250 return tty->name;
251}
252
253EXPORT_SYMBOL(tty_name);
254
255const char *tty_driver_name(const struct tty_struct *tty)
256{
257 if (!tty || !tty->driver)
258 return "";
259 return tty->driver->name;
260}
261
262static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
263 const char *routine)
264{
265#ifdef TTY_PARANOIA_CHECK
266 if (!tty) {
267 pr_warn("(%d:%d): %s: NULL tty\n",
268 imajor(inode), iminor(inode), routine);
269 return 1;
270 }
271 if (tty->magic != TTY_MAGIC) {
272 pr_warn("(%d:%d): %s: bad magic number\n",
273 imajor(inode), iminor(inode), routine);
274 return 1;
275 }
276#endif
277 return 0;
278}
279
280/* Caller must hold tty_lock */
281static int check_tty_count(struct tty_struct *tty, const char *routine)
282{
283#ifdef CHECK_TTY_COUNT
284 struct list_head *p;
285 int count = 0, kopen_count = 0;
286
287 spin_lock(&tty->files_lock);
288 list_for_each(p, &tty->tty_files) {
289 count++;
290 }
291 spin_unlock(&tty->files_lock);
292 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
293 tty->driver->subtype == PTY_TYPE_SLAVE &&
294 tty->link && tty->link->count)
295 count++;
296 if (tty_port_kopened(tty->port))
297 kopen_count++;
298 if (tty->count != (count + kopen_count)) {
299 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
300 routine, tty->count, count, kopen_count);
301 return (count + kopen_count);
302 }
303#endif
304 return 0;
305}
306
307/**
308 * get_tty_driver - find device of a tty
309 * @device: device identifier
310 * @index: returns the index of the tty
311 *
312 * This routine returns a tty driver structure, given a device number
313 * and also passes back the index number.
314 *
315 * Locking: caller must hold tty_mutex
316 */
317
318static struct tty_driver *get_tty_driver(dev_t device, int *index)
319{
320 struct tty_driver *p;
321
322 list_for_each_entry(p, &tty_drivers, tty_drivers) {
323 dev_t base = MKDEV(p->major, p->minor_start);
324 if (device < base || device >= base + p->num)
325 continue;
326 *index = device - base;
327 return tty_driver_kref_get(p);
328 }
329 return NULL;
330}
331
332/**
333 * tty_dev_name_to_number - return dev_t for device name
334 * @name: user space name of device under /dev
335 * @number: pointer to dev_t that this function will populate
336 *
337 * This function converts device names like ttyS0 or ttyUSB1 into dev_t
338 * like (4, 64) or (188, 1). If no corresponding driver is registered then
339 * the function returns -ENODEV.
340 *
341 * Locking: this acquires tty_mutex to protect the tty_drivers list from
342 * being modified while we are traversing it, and makes sure to
343 * release it before exiting.
344 */
345int tty_dev_name_to_number(const char *name, dev_t *number)
346{
347 struct tty_driver *p;
348 int ret;
349 int index, prefix_length = 0;
350 const char *str;
351
352 for (str = name; *str && !isdigit(*str); str++)
353 ;
354
355 if (!*str)
356 return -EINVAL;
357
358 ret = kstrtoint(str, 10, &index);
359 if (ret)
360 return ret;
361
362 prefix_length = str - name;
363 mutex_lock(&tty_mutex);
364
365 list_for_each_entry(p, &tty_drivers, tty_drivers)
366 if (prefix_length == strlen(p->name) && strncmp(name,
367 p->name, prefix_length) == 0) {
368 if (index < p->num) {
369 *number = MKDEV(p->major, p->minor_start + index);
370 goto out;
371 }
372 }
373
374 /* if here then driver wasn't found */
375 ret = -ENODEV;
376out:
377 mutex_unlock(&tty_mutex);
378 return ret;
379}
380EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
381
382#ifdef CONFIG_CONSOLE_POLL
383
384/**
385 * tty_find_polling_driver - find device of a polled tty
386 * @name: name string to match
387 * @line: pointer to resulting tty line nr
388 *
389 * This routine returns a tty driver structure, given a name
390 * and the condition that the tty driver is capable of polled
391 * operation.
392 */
393struct tty_driver *tty_find_polling_driver(char *name, int *line)
394{
395 struct tty_driver *p, *res = NULL;
396 int tty_line = 0;
397 int len;
398 char *str, *stp;
399
400 for (str = name; *str; str++)
401 if ((*str >= '0' && *str <= '9') || *str == ',')
402 break;
403 if (!*str)
404 return NULL;
405
406 len = str - name;
407 tty_line = simple_strtoul(str, &str, 10);
408
409 mutex_lock(&tty_mutex);
410 /* Search through the tty devices to look for a match */
411 list_for_each_entry(p, &tty_drivers, tty_drivers) {
412 if (!len || strncmp(name, p->name, len) != 0)
413 continue;
414 stp = str;
415 if (*stp == ',')
416 stp++;
417 if (*stp == '\0')
418 stp = NULL;
419
420 if (tty_line >= 0 && tty_line < p->num && p->ops &&
421 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
422 res = tty_driver_kref_get(p);
423 *line = tty_line;
424 break;
425 }
426 }
427 mutex_unlock(&tty_mutex);
428
429 return res;
430}
431EXPORT_SYMBOL_GPL(tty_find_polling_driver);
432#endif
433
434static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
435{
436 return 0;
437}
438
439static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
440{
441 return -EIO;
442}
443
444/* No kernel lock held - none needed ;) */
445static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
446{
447 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
448}
449
450static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
451 unsigned long arg)
452{
453 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
454}
455
456static long hung_up_tty_compat_ioctl(struct file *file,
457 unsigned int cmd, unsigned long arg)
458{
459 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
460}
461
462static int hung_up_tty_fasync(int fd, struct file *file, int on)
463{
464 return -ENOTTY;
465}
466
467static void tty_show_fdinfo(struct seq_file *m, struct file *file)
468{
469 struct tty_struct *tty = file_tty(file);
470
471 if (tty && tty->ops && tty->ops->show_fdinfo)
472 tty->ops->show_fdinfo(tty, m);
473}
474
475static const struct file_operations tty_fops = {
476 .llseek = no_llseek,
477 .read_iter = tty_read,
478 .write_iter = tty_write,
479 .splice_read = generic_file_splice_read,
480 .splice_write = iter_file_splice_write,
481 .poll = tty_poll,
482 .unlocked_ioctl = tty_ioctl,
483 .compat_ioctl = tty_compat_ioctl,
484 .open = tty_open,
485 .release = tty_release,
486 .fasync = tty_fasync,
487 .show_fdinfo = tty_show_fdinfo,
488};
489
490static const struct file_operations console_fops = {
491 .llseek = no_llseek,
492 .read_iter = tty_read,
493 .write_iter = redirected_tty_write,
494 .splice_read = generic_file_splice_read,
495 .splice_write = iter_file_splice_write,
496 .poll = tty_poll,
497 .unlocked_ioctl = tty_ioctl,
498 .compat_ioctl = tty_compat_ioctl,
499 .open = tty_open,
500 .release = tty_release,
501 .fasync = tty_fasync,
502};
503
504static const struct file_operations hung_up_tty_fops = {
505 .llseek = no_llseek,
506 .read_iter = hung_up_tty_read,
507 .write_iter = hung_up_tty_write,
508 .poll = hung_up_tty_poll,
509 .unlocked_ioctl = hung_up_tty_ioctl,
510 .compat_ioctl = hung_up_tty_compat_ioctl,
511 .release = tty_release,
512 .fasync = hung_up_tty_fasync,
513};
514
515static DEFINE_SPINLOCK(redirect_lock);
516static struct file *redirect;
517
518/**
519 * tty_wakeup - request more data
520 * @tty: terminal
521 *
522 * Internal and external helper for wakeups of tty. This function
523 * informs the line discipline if present that the driver is ready
524 * to receive more output data.
525 */
526
527void tty_wakeup(struct tty_struct *tty)
528{
529 struct tty_ldisc *ld;
530
531 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
532 ld = tty_ldisc_ref(tty);
533 if (ld) {
534 if (ld->ops->write_wakeup)
535 ld->ops->write_wakeup(tty);
536 tty_ldisc_deref(ld);
537 }
538 }
539 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
540}
541
542EXPORT_SYMBOL_GPL(tty_wakeup);
543
544/**
545 * tty_release_redirect - Release a redirect on a pty if present
546 * @tty: tty device
547 *
548 * This is available to the pty code so if the master closes, if the
549 * slave is a redirect it can release the redirect. It returns the
550 * filp for the redirect, which must be fput when the operations on
551 * the tty are completed.
552 */
553struct file *tty_release_redirect(struct tty_struct *tty)
554{
555 struct file *f = NULL;
556
557 spin_lock(&redirect_lock);
558 if (redirect && file_tty(redirect) == tty) {
559 f = redirect;
560 redirect = NULL;
561 }
562 spin_unlock(&redirect_lock);
563
564 return f;
565}
566
567/**
568 * __tty_hangup - actual handler for hangup events
569 * @tty: tty device
570 * @exit_session: if non-zero, signal all foreground group processes
571 *
572 * This can be called by a "kworker" kernel thread. That is process
573 * synchronous but doesn't hold any locks, so we need to make sure we
574 * have the appropriate locks for what we're doing.
575 *
576 * The hangup event clears any pending redirections onto the hung up
577 * device. It ensures future writes will error and it does the needed
578 * line discipline hangup and signal delivery. The tty object itself
579 * remains intact.
580 *
581 * Locking:
582 * BTM
583 * redirect lock for undoing redirection
584 * file list lock for manipulating list of ttys
585 * tty_ldiscs_lock from called functions
586 * termios_rwsem resetting termios data
587 * tasklist_lock to walk task list for hangup event
588 * ->siglock to protect ->signal/->sighand
589 */
590static void __tty_hangup(struct tty_struct *tty, int exit_session)
591{
592 struct file *cons_filp = NULL;
593 struct file *filp, *f;
594 struct tty_file_private *priv;
595 int closecount = 0, n;
596 int refs;
597
598 if (!tty)
599 return;
600
601 f = tty_release_redirect(tty);
602
603 tty_lock(tty);
604
605 if (test_bit(TTY_HUPPED, &tty->flags)) {
606 tty_unlock(tty);
607 return;
608 }
609
610 /*
611 * Some console devices aren't actually hung up for technical and
612 * historical reasons, which can lead to indefinite interruptible
613 * sleep in n_tty_read(). The following explicitly tells
614 * n_tty_read() to abort readers.
615 */
616 set_bit(TTY_HUPPING, &tty->flags);
617
618 /* inuse_filps is protected by the single tty lock,
619 this really needs to change if we want to flush the
620 workqueue with the lock held */
621 check_tty_count(tty, "tty_hangup");
622
623 spin_lock(&tty->files_lock);
624 /* This breaks for file handles being sent over AF_UNIX sockets ? */
625 list_for_each_entry(priv, &tty->tty_files, list) {
626 filp = priv->file;
627 if (filp->f_op->write_iter == redirected_tty_write)
628 cons_filp = filp;
629 if (filp->f_op->write_iter != tty_write)
630 continue;
631 closecount++;
632 __tty_fasync(-1, filp, 0); /* can't block */
633 filp->f_op = &hung_up_tty_fops;
634 }
635 spin_unlock(&tty->files_lock);
636
637 refs = tty_signal_session_leader(tty, exit_session);
638 /* Account for the p->signal references we killed */
639 while (refs--)
640 tty_kref_put(tty);
641
642 tty_ldisc_hangup(tty, cons_filp != NULL);
643
644 spin_lock_irq(&tty->ctrl_lock);
645 clear_bit(TTY_THROTTLED, &tty->flags);
646 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
647 put_pid(tty->session);
648 put_pid(tty->pgrp);
649 tty->session = NULL;
650 tty->pgrp = NULL;
651 tty->ctrl_status = 0;
652 spin_unlock_irq(&tty->ctrl_lock);
653
654 /*
655 * If one of the devices matches a console pointer, we
656 * cannot just call hangup() because that will cause
657 * tty->count and state->count to go out of sync.
658 * So we just call close() the right number of times.
659 */
660 if (cons_filp) {
661 if (tty->ops->close)
662 for (n = 0; n < closecount; n++)
663 tty->ops->close(tty, cons_filp);
664 } else if (tty->ops->hangup)
665 tty->ops->hangup(tty);
666 /*
667 * We don't want to have driver/ldisc interactions beyond the ones
668 * we did here. The driver layer expects no calls after ->hangup()
669 * from the ldisc side, which is now guaranteed.
670 */
671 set_bit(TTY_HUPPED, &tty->flags);
672 clear_bit(TTY_HUPPING, &tty->flags);
673 tty_unlock(tty);
674
675 if (f)
676 fput(f);
677}
678
679static void do_tty_hangup(struct work_struct *work)
680{
681 struct tty_struct *tty =
682 container_of(work, struct tty_struct, hangup_work);
683
684 __tty_hangup(tty, 0);
685}
686
687/**
688 * tty_hangup - trigger a hangup event
689 * @tty: tty to hangup
690 *
691 * A carrier loss (virtual or otherwise) has occurred on this like
692 * schedule a hangup sequence to run after this event.
693 */
694
695void tty_hangup(struct tty_struct *tty)
696{
697 tty_debug_hangup(tty, "hangup\n");
698 schedule_work(&tty->hangup_work);
699}
700
701EXPORT_SYMBOL(tty_hangup);
702
703/**
704 * tty_vhangup - process vhangup
705 * @tty: tty to hangup
706 *
707 * The user has asked via system call for the terminal to be hung up.
708 * We do this synchronously so that when the syscall returns the process
709 * is complete. That guarantee is necessary for security reasons.
710 */
711
712void tty_vhangup(struct tty_struct *tty)
713{
714 tty_debug_hangup(tty, "vhangup\n");
715 __tty_hangup(tty, 0);
716}
717
718EXPORT_SYMBOL(tty_vhangup);
719
720
721/**
722 * tty_vhangup_self - process vhangup for own ctty
723 *
724 * Perform a vhangup on the current controlling tty
725 */
726
727void tty_vhangup_self(void)
728{
729 struct tty_struct *tty;
730
731 tty = get_current_tty();
732 if (tty) {
733 tty_vhangup(tty);
734 tty_kref_put(tty);
735 }
736}
737
738/**
739 * tty_vhangup_session - hangup session leader exit
740 * @tty: tty to hangup
741 *
742 * The session leader is exiting and hanging up its controlling terminal.
743 * Every process in the foreground process group is signalled SIGHUP.
744 *
745 * We do this synchronously so that when the syscall returns the process
746 * is complete. That guarantee is necessary for security reasons.
747 */
748
749void tty_vhangup_session(struct tty_struct *tty)
750{
751 tty_debug_hangup(tty, "session hangup\n");
752 __tty_hangup(tty, 1);
753}
754
755/**
756 * tty_hung_up_p - was tty hung up
757 * @filp: file pointer of tty
758 *
759 * Return true if the tty has been subject to a vhangup or a carrier
760 * loss
761 */
762
763int tty_hung_up_p(struct file *filp)
764{
765 return (filp && filp->f_op == &hung_up_tty_fops);
766}
767
768EXPORT_SYMBOL(tty_hung_up_p);
769
770/**
771 * stop_tty - propagate flow control
772 * @tty: tty to stop
773 *
774 * Perform flow control to the driver. May be called
775 * on an already stopped device and will not re-call the driver
776 * method.
777 *
778 * This functionality is used by both the line disciplines for
779 * halting incoming flow and by the driver. It may therefore be
780 * called from any context, may be under the tty atomic_write_lock
781 * but not always.
782 *
783 * Locking:
784 * flow_lock
785 */
786
787void __stop_tty(struct tty_struct *tty)
788{
789 if (tty->stopped)
790 return;
791 tty->stopped = 1;
792 if (tty->ops->stop)
793 tty->ops->stop(tty);
794}
795
796void stop_tty(struct tty_struct *tty)
797{
798 unsigned long flags;
799
800 spin_lock_irqsave(&tty->flow_lock, flags);
801 __stop_tty(tty);
802 spin_unlock_irqrestore(&tty->flow_lock, flags);
803}
804EXPORT_SYMBOL(stop_tty);
805
806/**
807 * start_tty - propagate flow control
808 * @tty: tty to start
809 *
810 * Start a tty that has been stopped if at all possible. If this
811 * tty was previous stopped and is now being started, the driver
812 * start method is invoked and the line discipline woken.
813 *
814 * Locking:
815 * flow_lock
816 */
817
818void __start_tty(struct tty_struct *tty)
819{
820 if (!tty->stopped || tty->flow_stopped)
821 return;
822 tty->stopped = 0;
823 if (tty->ops->start)
824 tty->ops->start(tty);
825 tty_wakeup(tty);
826}
827
828void start_tty(struct tty_struct *tty)
829{
830 unsigned long flags;
831
832 spin_lock_irqsave(&tty->flow_lock, flags);
833 __start_tty(tty);
834 spin_unlock_irqrestore(&tty->flow_lock, flags);
835}
836EXPORT_SYMBOL(start_tty);
837
838static void tty_update_time(struct timespec64 *time)
839{
840 time64_t sec = ktime_get_real_seconds();
841
842 /*
843 * We only care if the two values differ in anything other than the
844 * lower three bits (i.e every 8 seconds). If so, then we can update
845 * the time of the tty device, otherwise it could be construded as a
846 * security leak to let userspace know the exact timing of the tty.
847 */
848 if ((sec ^ time->tv_sec) & ~7)
849 time->tv_sec = sec;
850}
851
852/*
853 * Iterate on the ldisc ->read() function until we've gotten all
854 * the data the ldisc has for us.
855 *
856 * The "cookie" is something that the ldisc read function can fill
857 * in to let us know that there is more data to be had.
858 *
859 * We promise to continue to call the ldisc until it stops returning
860 * data or clears the cookie. The cookie may be something that the
861 * ldisc maintains state for and needs to free.
862 */
863static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
864 struct file *file, struct iov_iter *to)
865{
866 int retval = 0;
867 void *cookie = NULL;
868 unsigned long offset = 0;
869 char kernel_buf[64];
870 size_t count = iov_iter_count(to);
871
872 do {
873 int size, copied;
874
875 size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
876 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
877 if (!size)
878 break;
879
880 /*
881 * A ldisc read error return will override any previously copied
882 * data (eg -EOVERFLOW from HDLC)
883 */
884 if (size < 0) {
885 memzero_explicit(kernel_buf, sizeof(kernel_buf));
886 return size;
887 }
888
889 copied = copy_to_iter(kernel_buf, size, to);
890 offset += copied;
891 count -= copied;
892
893 /*
894 * If the user copy failed, we still need to do another ->read()
895 * call if we had a cookie to let the ldisc clear up.
896 *
897 * But make sure size is zeroed.
898 */
899 if (unlikely(copied != size)) {
900 count = 0;
901 retval = -EFAULT;
902 }
903 } while (cookie);
904
905 /* We always clear tty buffer in case they contained passwords */
906 memzero_explicit(kernel_buf, sizeof(kernel_buf));
907 return offset ? offset : retval;
908}
909
910
911/**
912 * tty_read - read method for tty device files
913 * @file: pointer to tty file
914 * @buf: user buffer
915 * @count: size of user buffer
916 * @ppos: unused
917 *
918 * Perform the read system call function on this terminal device. Checks
919 * for hung up devices before calling the line discipline method.
920 *
921 * Locking:
922 * Locks the line discipline internally while needed. Multiple
923 * read calls may be outstanding in parallel.
924 */
925
926static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
927{
928 int i;
929 struct file *file = iocb->ki_filp;
930 struct inode *inode = file_inode(file);
931 struct tty_struct *tty = file_tty(file);
932 struct tty_ldisc *ld;
933
934 if (tty_paranoia_check(tty, inode, "tty_read"))
935 return -EIO;
936 if (!tty || tty_io_error(tty))
937 return -EIO;
938
939 /* We want to wait for the line discipline to sort out in this
940 situation */
941 ld = tty_ldisc_ref_wait(tty);
942 if (!ld)
943 return hung_up_tty_read(iocb, to);
944 i = -EIO;
945 if (ld->ops->read)
946 i = iterate_tty_read(ld, tty, file, to);
947 tty_ldisc_deref(ld);
948
949 if (i > 0)
950 tty_update_time(&inode->i_atime);
951
952 return i;
953}
954
955static void tty_write_unlock(struct tty_struct *tty)
956{
957 mutex_unlock(&tty->atomic_write_lock);
958 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
959}
960
961static int tty_write_lock(struct tty_struct *tty, int ndelay)
962{
963 if (!mutex_trylock(&tty->atomic_write_lock)) {
964 if (ndelay)
965 return -EAGAIN;
966 if (mutex_lock_interruptible(&tty->atomic_write_lock))
967 return -ERESTARTSYS;
968 }
969 return 0;
970}
971
972/*
973 * Split writes up in sane blocksizes to avoid
974 * denial-of-service type attacks
975 */
976static inline ssize_t do_tty_write(
977 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
978 struct tty_struct *tty,
979 struct file *file,
980 struct iov_iter *from)
981{
982 size_t count = iov_iter_count(from);
983 ssize_t ret, written = 0;
984 unsigned int chunk;
985
986 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
987 if (ret < 0)
988 return ret;
989
990 /*
991 * We chunk up writes into a temporary buffer. This
992 * simplifies low-level drivers immensely, since they
993 * don't have locking issues and user mode accesses.
994 *
995 * But if TTY_NO_WRITE_SPLIT is set, we should use a
996 * big chunk-size..
997 *
998 * The default chunk-size is 2kB, because the NTTY
999 * layer has problems with bigger chunks. It will
1000 * claim to be able to handle more characters than
1001 * it actually does.
1002 *
1003 * FIXME: This can probably go away now except that 64K chunks
1004 * are too likely to fail unless switched to vmalloc...
1005 */
1006 chunk = 2048;
1007 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1008 chunk = 65536;
1009 if (count < chunk)
1010 chunk = count;
1011
1012 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1013 if (tty->write_cnt < chunk) {
1014 unsigned char *buf_chunk;
1015
1016 if (chunk < 1024)
1017 chunk = 1024;
1018
1019 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1020 if (!buf_chunk) {
1021 ret = -ENOMEM;
1022 goto out;
1023 }
1024 kfree(tty->write_buf);
1025 tty->write_cnt = chunk;
1026 tty->write_buf = buf_chunk;
1027 }
1028
1029 /* Do the write .. */
1030 for (;;) {
1031 size_t size = count;
1032 if (size > chunk)
1033 size = chunk;
1034
1035 ret = -EFAULT;
1036 if (copy_from_iter(tty->write_buf, size, from) != size)
1037 break;
1038
1039 ret = write(tty, file, tty->write_buf, size);
1040 if (ret <= 0)
1041 break;
1042
1043 /* FIXME! Have Al check this! */
1044 if (ret != size)
1045 iov_iter_revert(from, size-ret);
1046
1047 written += ret;
1048 count -= ret;
1049 if (!count)
1050 break;
1051 ret = -ERESTARTSYS;
1052 if (signal_pending(current))
1053 break;
1054 cond_resched();
1055 }
1056 if (written) {
1057 tty_update_time(&file_inode(file)->i_mtime);
1058 ret = written;
1059 }
1060out:
1061 tty_write_unlock(tty);
1062 return ret;
1063}
1064
1065/**
1066 * tty_write_message - write a message to a certain tty, not just the console.
1067 * @tty: the destination tty_struct
1068 * @msg: the message to write
1069 *
1070 * This is used for messages that need to be redirected to a specific tty.
1071 * We don't put it into the syslog queue right now maybe in the future if
1072 * really needed.
1073 *
1074 * We must still hold the BTM and test the CLOSING flag for the moment.
1075 */
1076
1077void tty_write_message(struct tty_struct *tty, char *msg)
1078{
1079 if (tty) {
1080 mutex_lock(&tty->atomic_write_lock);
1081 tty_lock(tty);
1082 if (tty->ops->write && tty->count > 0)
1083 tty->ops->write(tty, msg, strlen(msg));
1084 tty_unlock(tty);
1085 tty_write_unlock(tty);
1086 }
1087 return;
1088}
1089
1090
1091/**
1092 * tty_write - write method for tty device file
1093 * @file: tty file pointer
1094 * @buf: user data to write
1095 * @count: bytes to write
1096 * @ppos: unused
1097 *
1098 * Write data to a tty device via the line discipline.
1099 *
1100 * Locking:
1101 * Locks the line discipline as required
1102 * Writes to the tty driver are serialized by the atomic_write_lock
1103 * and are then processed in chunks to the device. The line discipline
1104 * write method will not be invoked in parallel for each device.
1105 */
1106
1107static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1108{
1109 struct file *file = iocb->ki_filp;
1110 struct tty_struct *tty = file_tty(file);
1111 struct tty_ldisc *ld;
1112 ssize_t ret;
1113
1114 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1115 return -EIO;
1116 if (!tty || !tty->ops->write || tty_io_error(tty))
1117 return -EIO;
1118 /* Short term debug to catch buggy drivers */
1119 if (tty->ops->write_room == NULL)
1120 tty_err(tty, "missing write_room method\n");
1121 ld = tty_ldisc_ref_wait(tty);
1122 if (!ld)
1123 return hung_up_tty_write(iocb, from);
1124 if (!ld->ops->write)
1125 ret = -EIO;
1126 else
1127 ret = do_tty_write(ld->ops->write, tty, file, from);
1128 tty_ldisc_deref(ld);
1129 return ret;
1130}
1131
1132ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1133{
1134 struct file *p = NULL;
1135
1136 spin_lock(&redirect_lock);
1137 if (redirect)
1138 p = get_file(redirect);
1139 spin_unlock(&redirect_lock);
1140
1141 if (p) {
1142 ssize_t res;
1143 res = vfs_iocb_iter_write(p, iocb, iter);
1144 fput(p);
1145 return res;
1146 }
1147 return tty_write(iocb, iter);
1148}
1149
1150/*
1151 * tty_send_xchar - send priority character
1152 *
1153 * Send a high priority character to the tty even if stopped
1154 *
1155 * Locking: none for xchar method, write ordering for write method.
1156 */
1157
1158int tty_send_xchar(struct tty_struct *tty, char ch)
1159{
1160 int was_stopped = tty->stopped;
1161
1162 if (tty->ops->send_xchar) {
1163 down_read(&tty->termios_rwsem);
1164 tty->ops->send_xchar(tty, ch);
1165 up_read(&tty->termios_rwsem);
1166 return 0;
1167 }
1168
1169 if (tty_write_lock(tty, 0) < 0)
1170 return -ERESTARTSYS;
1171
1172 down_read(&tty->termios_rwsem);
1173 if (was_stopped)
1174 start_tty(tty);
1175 tty->ops->write(tty, &ch, 1);
1176 if (was_stopped)
1177 stop_tty(tty);
1178 up_read(&tty->termios_rwsem);
1179 tty_write_unlock(tty);
1180 return 0;
1181}
1182
1183static char ptychar[] = "pqrstuvwxyzabcde";
1184
1185/**
1186 * pty_line_name - generate name for a pty
1187 * @driver: the tty driver in use
1188 * @index: the minor number
1189 * @p: output buffer of at least 6 bytes
1190 *
1191 * Generate a name from a driver reference and write it to the output
1192 * buffer.
1193 *
1194 * Locking: None
1195 */
1196static void pty_line_name(struct tty_driver *driver, int index, char *p)
1197{
1198 int i = index + driver->name_base;
1199 /* ->name is initialized to "ttyp", but "tty" is expected */
1200 sprintf(p, "%s%c%x",
1201 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1202 ptychar[i >> 4 & 0xf], i & 0xf);
1203}
1204
1205/**
1206 * tty_line_name - generate name for a tty
1207 * @driver: the tty driver in use
1208 * @index: the minor number
1209 * @p: output buffer of at least 7 bytes
1210 *
1211 * Generate a name from a driver reference and write it to the output
1212 * buffer.
1213 *
1214 * Locking: None
1215 */
1216static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1217{
1218 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1219 return sprintf(p, "%s", driver->name);
1220 else
1221 return sprintf(p, "%s%d", driver->name,
1222 index + driver->name_base);
1223}
1224
1225/**
1226 * tty_driver_lookup_tty() - find an existing tty, if any
1227 * @driver: the driver for the tty
1228 * @file: file object
1229 * @idx: the minor number
1230 *
1231 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1232 * driver lookup() method returns an error.
1233 *
1234 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1235 */
1236static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1237 struct file *file, int idx)
1238{
1239 struct tty_struct *tty;
1240
1241 if (driver->ops->lookup)
1242 if (!file)
1243 tty = ERR_PTR(-EIO);
1244 else
1245 tty = driver->ops->lookup(driver, file, idx);
1246 else
1247 tty = driver->ttys[idx];
1248
1249 if (!IS_ERR(tty))
1250 tty_kref_get(tty);
1251 return tty;
1252}
1253
1254/**
1255 * tty_init_termios - helper for termios setup
1256 * @tty: the tty to set up
1257 *
1258 * Initialise the termios structure for this tty. This runs under
1259 * the tty_mutex currently so we can be relaxed about ordering.
1260 */
1261
1262void tty_init_termios(struct tty_struct *tty)
1263{
1264 struct ktermios *tp;
1265 int idx = tty->index;
1266
1267 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1268 tty->termios = tty->driver->init_termios;
1269 else {
1270 /* Check for lazy saved data */
1271 tp = tty->driver->termios[idx];
1272 if (tp != NULL) {
1273 tty->termios = *tp;
1274 tty->termios.c_line = tty->driver->init_termios.c_line;
1275 } else
1276 tty->termios = tty->driver->init_termios;
1277 }
1278 /* Compatibility until drivers always set this */
1279 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1280 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1281}
1282EXPORT_SYMBOL_GPL(tty_init_termios);
1283
1284int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1285{
1286 tty_init_termios(tty);
1287 tty_driver_kref_get(driver);
1288 tty->count++;
1289 driver->ttys[tty->index] = tty;
1290 return 0;
1291}
1292EXPORT_SYMBOL_GPL(tty_standard_install);
1293
1294/**
1295 * tty_driver_install_tty() - install a tty entry in the driver
1296 * @driver: the driver for the tty
1297 * @tty: the tty
1298 *
1299 * Install a tty object into the driver tables. The tty->index field
1300 * will be set by the time this is called. This method is responsible
1301 * for ensuring any need additional structures are allocated and
1302 * configured.
1303 *
1304 * Locking: tty_mutex for now
1305 */
1306static int tty_driver_install_tty(struct tty_driver *driver,
1307 struct tty_struct *tty)
1308{
1309 return driver->ops->install ? driver->ops->install(driver, tty) :
1310 tty_standard_install(driver, tty);
1311}
1312
1313/**
1314 * tty_driver_remove_tty() - remove a tty from the driver tables
1315 * @driver: the driver for the tty
1316 * @tty: tty to remove
1317 *
1318 * Remvoe a tty object from the driver tables. The tty->index field
1319 * will be set by the time this is called.
1320 *
1321 * Locking: tty_mutex for now
1322 */
1323static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1324{
1325 if (driver->ops->remove)
1326 driver->ops->remove(driver, tty);
1327 else
1328 driver->ttys[tty->index] = NULL;
1329}
1330
1331/**
1332 * tty_reopen() - fast re-open of an open tty
1333 * @tty: the tty to open
1334 *
1335 * Return 0 on success, -errno on error.
1336 * Re-opens on master ptys are not allowed and return -EIO.
1337 *
1338 * Locking: Caller must hold tty_lock
1339 */
1340static int tty_reopen(struct tty_struct *tty)
1341{
1342 struct tty_driver *driver = tty->driver;
1343 struct tty_ldisc *ld;
1344 int retval = 0;
1345
1346 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1347 driver->subtype == PTY_TYPE_MASTER)
1348 return -EIO;
1349
1350 if (!tty->count)
1351 return -EAGAIN;
1352
1353 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1354 return -EBUSY;
1355
1356 ld = tty_ldisc_ref_wait(tty);
1357 if (ld) {
1358 tty_ldisc_deref(ld);
1359 } else {
1360 retval = tty_ldisc_lock(tty, 5 * HZ);
1361 if (retval)
1362 return retval;
1363
1364 if (!tty->ldisc)
1365 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1366 tty_ldisc_unlock(tty);
1367 }
1368
1369 if (retval == 0)
1370 tty->count++;
1371
1372 return retval;
1373}
1374
1375/**
1376 * tty_init_dev - initialise a tty device
1377 * @driver: tty driver we are opening a device on
1378 * @idx: device index
1379 *
1380 * Prepare a tty device. This may not be a "new" clean device but
1381 * could also be an active device. The pty drivers require special
1382 * handling because of this.
1383 *
1384 * Locking:
1385 * The function is called under the tty_mutex, which
1386 * protects us from the tty struct or driver itself going away.
1387 *
1388 * On exit the tty device has the line discipline attached and
1389 * a reference count of 1. If a pair was created for pty/tty use
1390 * and the other was a pty master then it too has a reference count of 1.
1391 *
1392 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1393 * failed open. The new code protects the open with a mutex, so it's
1394 * really quite straightforward. The mutex locking can probably be
1395 * relaxed for the (most common) case of reopening a tty.
1396 *
1397 * Return: returned tty structure
1398 */
1399
1400struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1401{
1402 struct tty_struct *tty;
1403 int retval;
1404
1405 /*
1406 * First time open is complex, especially for PTY devices.
1407 * This code guarantees that either everything succeeds and the
1408 * TTY is ready for operation, or else the table slots are vacated
1409 * and the allocated memory released. (Except that the termios
1410 * may be retained.)
1411 */
1412
1413 if (!try_module_get(driver->owner))
1414 return ERR_PTR(-ENODEV);
1415
1416 tty = alloc_tty_struct(driver, idx);
1417 if (!tty) {
1418 retval = -ENOMEM;
1419 goto err_module_put;
1420 }
1421
1422 tty_lock(tty);
1423 retval = tty_driver_install_tty(driver, tty);
1424 if (retval < 0)
1425 goto err_free_tty;
1426
1427 if (!tty->port)
1428 tty->port = driver->ports[idx];
1429
1430 if (WARN_RATELIMIT(!tty->port,
1431 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1432 __func__, tty->driver->name)) {
1433 retval = -EINVAL;
1434 goto err_release_lock;
1435 }
1436
1437 retval = tty_ldisc_lock(tty, 5 * HZ);
1438 if (retval)
1439 goto err_release_lock;
1440 tty->port->itty = tty;
1441
1442 /*
1443 * Structures all installed ... call the ldisc open routines.
1444 * If we fail here just call release_tty to clean up. No need
1445 * to decrement the use counts, as release_tty doesn't care.
1446 */
1447 retval = tty_ldisc_setup(tty, tty->link);
1448 if (retval)
1449 goto err_release_tty;
1450 tty_ldisc_unlock(tty);
1451 /* Return the tty locked so that it cannot vanish under the caller */
1452 return tty;
1453
1454err_free_tty:
1455 tty_unlock(tty);
1456 free_tty_struct(tty);
1457err_module_put:
1458 module_put(driver->owner);
1459 return ERR_PTR(retval);
1460
1461 /* call the tty release_tty routine to clean out this slot */
1462err_release_tty:
1463 tty_ldisc_unlock(tty);
1464 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1465 retval, idx);
1466err_release_lock:
1467 tty_unlock(tty);
1468 release_tty(tty, idx);
1469 return ERR_PTR(retval);
1470}
1471
1472/**
1473 * tty_save_termios() - save tty termios data in driver table
1474 * @tty: tty whose termios data to save
1475 *
1476 * Locking: Caller guarantees serialisation with tty_init_termios().
1477 */
1478void tty_save_termios(struct tty_struct *tty)
1479{
1480 struct ktermios *tp;
1481 int idx = tty->index;
1482
1483 /* If the port is going to reset then it has no termios to save */
1484 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1485 return;
1486
1487 /* Stash the termios data */
1488 tp = tty->driver->termios[idx];
1489 if (tp == NULL) {
1490 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1491 if (tp == NULL)
1492 return;
1493 tty->driver->termios[idx] = tp;
1494 }
1495 *tp = tty->termios;
1496}
1497EXPORT_SYMBOL_GPL(tty_save_termios);
1498
1499/**
1500 * tty_flush_works - flush all works of a tty/pty pair
1501 * @tty: tty device to flush works for (or either end of a pty pair)
1502 *
1503 * Sync flush all works belonging to @tty (and the 'other' tty).
1504 */
1505static void tty_flush_works(struct tty_struct *tty)
1506{
1507 flush_work(&tty->SAK_work);
1508 flush_work(&tty->hangup_work);
1509 if (tty->link) {
1510 flush_work(&tty->link->SAK_work);
1511 flush_work(&tty->link->hangup_work);
1512 }
1513}
1514
1515/**
1516 * release_one_tty - release tty structure memory
1517 * @work: work of tty we are obliterating
1518 *
1519 * Releases memory associated with a tty structure, and clears out the
1520 * driver table slots. This function is called when a device is no longer
1521 * in use. It also gets called when setup of a device fails.
1522 *
1523 * Locking:
1524 * takes the file list lock internally when working on the list
1525 * of ttys that the driver keeps.
1526 *
1527 * This method gets called from a work queue so that the driver private
1528 * cleanup ops can sleep (needed for USB at least)
1529 */
1530static void release_one_tty(struct work_struct *work)
1531{
1532 struct tty_struct *tty =
1533 container_of(work, struct tty_struct, hangup_work);
1534 struct tty_driver *driver = tty->driver;
1535 struct module *owner = driver->owner;
1536
1537 if (tty->ops->cleanup)
1538 tty->ops->cleanup(tty);
1539
1540 tty->magic = 0;
1541 tty_driver_kref_put(driver);
1542 module_put(owner);
1543
1544 spin_lock(&tty->files_lock);
1545 list_del_init(&tty->tty_files);
1546 spin_unlock(&tty->files_lock);
1547
1548 put_pid(tty->pgrp);
1549 put_pid(tty->session);
1550 free_tty_struct(tty);
1551}
1552
1553static void queue_release_one_tty(struct kref *kref)
1554{
1555 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1556
1557 /* The hangup queue is now free so we can reuse it rather than
1558 waste a chunk of memory for each port */
1559 INIT_WORK(&tty->hangup_work, release_one_tty);
1560 schedule_work(&tty->hangup_work);
1561}
1562
1563/**
1564 * tty_kref_put - release a tty kref
1565 * @tty: tty device
1566 *
1567 * Release a reference to a tty device and if need be let the kref
1568 * layer destruct the object for us
1569 */
1570
1571void tty_kref_put(struct tty_struct *tty)
1572{
1573 if (tty)
1574 kref_put(&tty->kref, queue_release_one_tty);
1575}
1576EXPORT_SYMBOL(tty_kref_put);
1577
1578/**
1579 * release_tty - release tty structure memory
1580 * @tty: tty device release
1581 * @idx: index of the tty device release
1582 *
1583 * Release both @tty and a possible linked partner (think pty pair),
1584 * and decrement the refcount of the backing module.
1585 *
1586 * Locking:
1587 * tty_mutex
1588 * takes the file list lock internally when working on the list
1589 * of ttys that the driver keeps.
1590 *
1591 */
1592static void release_tty(struct tty_struct *tty, int idx)
1593{
1594 /* This should always be true but check for the moment */
1595 WARN_ON(tty->index != idx);
1596 WARN_ON(!mutex_is_locked(&tty_mutex));
1597 if (tty->ops->shutdown)
1598 tty->ops->shutdown(tty);
1599 tty_save_termios(tty);
1600 tty_driver_remove_tty(tty->driver, tty);
1601 if (tty->port)
1602 tty->port->itty = NULL;
1603 if (tty->link)
1604 tty->link->port->itty = NULL;
1605 if (tty->port)
1606 tty_buffer_cancel_work(tty->port);
1607 if (tty->link)
1608 tty_buffer_cancel_work(tty->link->port);
1609
1610 tty_kref_put(tty->link);
1611 tty_kref_put(tty);
1612}
1613
1614/**
1615 * tty_release_checks - check a tty before real release
1616 * @tty: tty to check
1617 * @idx: index of the tty
1618 *
1619 * Performs some paranoid checking before true release of the @tty.
1620 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1621 */
1622static int tty_release_checks(struct tty_struct *tty, int idx)
1623{
1624#ifdef TTY_PARANOIA_CHECK
1625 if (idx < 0 || idx >= tty->driver->num) {
1626 tty_debug(tty, "bad idx %d\n", idx);
1627 return -1;
1628 }
1629
1630 /* not much to check for devpts */
1631 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1632 return 0;
1633
1634 if (tty != tty->driver->ttys[idx]) {
1635 tty_debug(tty, "bad driver table[%d] = %p\n",
1636 idx, tty->driver->ttys[idx]);
1637 return -1;
1638 }
1639 if (tty->driver->other) {
1640 struct tty_struct *o_tty = tty->link;
1641
1642 if (o_tty != tty->driver->other->ttys[idx]) {
1643 tty_debug(tty, "bad other table[%d] = %p\n",
1644 idx, tty->driver->other->ttys[idx]);
1645 return -1;
1646 }
1647 if (o_tty->link != tty) {
1648 tty_debug(tty, "bad link = %p\n", o_tty->link);
1649 return -1;
1650 }
1651 }
1652#endif
1653 return 0;
1654}
1655
1656/**
1657 * tty_kclose - closes tty opened by tty_kopen
1658 * @tty: tty device
1659 *
1660 * Performs the final steps to release and free a tty device. It is the
1661 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED
1662 * flag on tty->port.
1663 */
1664void tty_kclose(struct tty_struct *tty)
1665{
1666 /*
1667 * Ask the line discipline code to release its structures
1668 */
1669 tty_ldisc_release(tty);
1670
1671 /* Wait for pending work before tty destruction commmences */
1672 tty_flush_works(tty);
1673
1674 tty_debug_hangup(tty, "freeing structure\n");
1675 /*
1676 * The release_tty function takes care of the details of clearing
1677 * the slots and preserving the termios structure.
1678 */
1679 mutex_lock(&tty_mutex);
1680 tty_port_set_kopened(tty->port, 0);
1681 release_tty(tty, tty->index);
1682 mutex_unlock(&tty_mutex);
1683}
1684EXPORT_SYMBOL_GPL(tty_kclose);
1685
1686/**
1687 * tty_release_struct - release a tty struct
1688 * @tty: tty device
1689 * @idx: index of the tty
1690 *
1691 * Performs the final steps to release and free a tty device. It is
1692 * roughly the reverse of tty_init_dev.
1693 */
1694void tty_release_struct(struct tty_struct *tty, int idx)
1695{
1696 /*
1697 * Ask the line discipline code to release its structures
1698 */
1699 tty_ldisc_release(tty);
1700
1701 /* Wait for pending work before tty destruction commmences */
1702 tty_flush_works(tty);
1703
1704 tty_debug_hangup(tty, "freeing structure\n");
1705 /*
1706 * The release_tty function takes care of the details of clearing
1707 * the slots and preserving the termios structure.
1708 */
1709 mutex_lock(&tty_mutex);
1710 release_tty(tty, idx);
1711 mutex_unlock(&tty_mutex);
1712}
1713EXPORT_SYMBOL_GPL(tty_release_struct);
1714
1715/**
1716 * tty_release - vfs callback for close
1717 * @inode: inode of tty
1718 * @filp: file pointer for handle to tty
1719 *
1720 * Called the last time each file handle is closed that references
1721 * this tty. There may however be several such references.
1722 *
1723 * Locking:
1724 * Takes bkl. See tty_release_dev
1725 *
1726 * Even releasing the tty structures is a tricky business.. We have
1727 * to be very careful that the structures are all released at the
1728 * same time, as interrupts might otherwise get the wrong pointers.
1729 *
1730 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1731 * lead to double frees or releasing memory still in use.
1732 */
1733
1734int tty_release(struct inode *inode, struct file *filp)
1735{
1736 struct tty_struct *tty = file_tty(filp);
1737 struct tty_struct *o_tty = NULL;
1738 int do_sleep, final;
1739 int idx;
1740 long timeout = 0;
1741 int once = 1;
1742
1743 if (tty_paranoia_check(tty, inode, __func__))
1744 return 0;
1745
1746 tty_lock(tty);
1747 check_tty_count(tty, __func__);
1748
1749 __tty_fasync(-1, filp, 0);
1750
1751 idx = tty->index;
1752 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1753 tty->driver->subtype == PTY_TYPE_MASTER)
1754 o_tty = tty->link;
1755
1756 if (tty_release_checks(tty, idx)) {
1757 tty_unlock(tty);
1758 return 0;
1759 }
1760
1761 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1762
1763 if (tty->ops->close)
1764 tty->ops->close(tty, filp);
1765
1766 /* If tty is pty master, lock the slave pty (stable lock order) */
1767 tty_lock_slave(o_tty);
1768
1769 /*
1770 * Sanity check: if tty->count is going to zero, there shouldn't be
1771 * any waiters on tty->read_wait or tty->write_wait. We test the
1772 * wait queues and kick everyone out _before_ actually starting to
1773 * close. This ensures that we won't block while releasing the tty
1774 * structure.
1775 *
1776 * The test for the o_tty closing is necessary, since the master and
1777 * slave sides may close in any order. If the slave side closes out
1778 * first, its count will be one, since the master side holds an open.
1779 * Thus this test wouldn't be triggered at the time the slave closed,
1780 * so we do it now.
1781 */
1782 while (1) {
1783 do_sleep = 0;
1784
1785 if (tty->count <= 1) {
1786 if (waitqueue_active(&tty->read_wait)) {
1787 wake_up_poll(&tty->read_wait, EPOLLIN);
1788 do_sleep++;
1789 }
1790 if (waitqueue_active(&tty->write_wait)) {
1791 wake_up_poll(&tty->write_wait, EPOLLOUT);
1792 do_sleep++;
1793 }
1794 }
1795 if (o_tty && o_tty->count <= 1) {
1796 if (waitqueue_active(&o_tty->read_wait)) {
1797 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1798 do_sleep++;
1799 }
1800 if (waitqueue_active(&o_tty->write_wait)) {
1801 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1802 do_sleep++;
1803 }
1804 }
1805 if (!do_sleep)
1806 break;
1807
1808 if (once) {
1809 once = 0;
1810 tty_warn(tty, "read/write wait queue active!\n");
1811 }
1812 schedule_timeout_killable(timeout);
1813 if (timeout < 120 * HZ)
1814 timeout = 2 * timeout + 1;
1815 else
1816 timeout = MAX_SCHEDULE_TIMEOUT;
1817 }
1818
1819 if (o_tty) {
1820 if (--o_tty->count < 0) {
1821 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1822 o_tty->count = 0;
1823 }
1824 }
1825 if (--tty->count < 0) {
1826 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1827 tty->count = 0;
1828 }
1829
1830 /*
1831 * We've decremented tty->count, so we need to remove this file
1832 * descriptor off the tty->tty_files list; this serves two
1833 * purposes:
1834 * - check_tty_count sees the correct number of file descriptors
1835 * associated with this tty.
1836 * - do_tty_hangup no longer sees this file descriptor as
1837 * something that needs to be handled for hangups.
1838 */
1839 tty_del_file(filp);
1840
1841 /*
1842 * Perform some housekeeping before deciding whether to return.
1843 *
1844 * If _either_ side is closing, make sure there aren't any
1845 * processes that still think tty or o_tty is their controlling
1846 * tty.
1847 */
1848 if (!tty->count) {
1849 read_lock(&tasklist_lock);
1850 session_clear_tty(tty->session);
1851 if (o_tty)
1852 session_clear_tty(o_tty->session);
1853 read_unlock(&tasklist_lock);
1854 }
1855
1856 /* check whether both sides are closing ... */
1857 final = !tty->count && !(o_tty && o_tty->count);
1858
1859 tty_unlock_slave(o_tty);
1860 tty_unlock(tty);
1861
1862 /* At this point, the tty->count == 0 should ensure a dead tty
1863 cannot be re-opened by a racing opener */
1864
1865 if (!final)
1866 return 0;
1867
1868 tty_debug_hangup(tty, "final close\n");
1869
1870 tty_release_struct(tty, idx);
1871 return 0;
1872}
1873
1874/**
1875 * tty_open_current_tty - get locked tty of current task
1876 * @device: device number
1877 * @filp: file pointer to tty
1878 * @return: locked tty of the current task iff @device is /dev/tty
1879 *
1880 * Performs a re-open of the current task's controlling tty.
1881 *
1882 * We cannot return driver and index like for the other nodes because
1883 * devpts will not work then. It expects inodes to be from devpts FS.
1884 */
1885static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1886{
1887 struct tty_struct *tty;
1888 int retval;
1889
1890 if (device != MKDEV(TTYAUX_MAJOR, 0))
1891 return NULL;
1892
1893 tty = get_current_tty();
1894 if (!tty)
1895 return ERR_PTR(-ENXIO);
1896
1897 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1898 /* noctty = 1; */
1899 tty_lock(tty);
1900 tty_kref_put(tty); /* safe to drop the kref now */
1901
1902 retval = tty_reopen(tty);
1903 if (retval < 0) {
1904 tty_unlock(tty);
1905 tty = ERR_PTR(retval);
1906 }
1907 return tty;
1908}
1909
1910/**
1911 * tty_lookup_driver - lookup a tty driver for a given device file
1912 * @device: device number
1913 * @filp: file pointer to tty
1914 * @index: index for the device in the @return driver
1915 * @return: driver for this inode (with increased refcount)
1916 *
1917 * If @return is not erroneous, the caller is responsible to decrement the
1918 * refcount by tty_driver_kref_put.
1919 *
1920 * Locking: tty_mutex protects get_tty_driver
1921 */
1922static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1923 int *index)
1924{
1925 struct tty_driver *driver = NULL;
1926
1927 switch (device) {
1928#ifdef CONFIG_VT
1929 case MKDEV(TTY_MAJOR, 0): {
1930 extern struct tty_driver *console_driver;
1931 driver = tty_driver_kref_get(console_driver);
1932 *index = fg_console;
1933 break;
1934 }
1935#endif
1936 case MKDEV(TTYAUX_MAJOR, 1): {
1937 struct tty_driver *console_driver = console_device(index);
1938 if (console_driver) {
1939 driver = tty_driver_kref_get(console_driver);
1940 if (driver && filp) {
1941 /* Don't let /dev/console block */
1942 filp->f_flags |= O_NONBLOCK;
1943 break;
1944 }
1945 }
1946 if (driver)
1947 tty_driver_kref_put(driver);
1948 return ERR_PTR(-ENODEV);
1949 }
1950 default:
1951 driver = get_tty_driver(device, index);
1952 if (!driver)
1953 return ERR_PTR(-ENODEV);
1954 break;
1955 }
1956 return driver;
1957}
1958
1959static struct tty_struct *tty_kopen(dev_t device, int shared)
1960{
1961 struct tty_struct *tty;
1962 struct tty_driver *driver;
1963 int index = -1;
1964
1965 mutex_lock(&tty_mutex);
1966 driver = tty_lookup_driver(device, NULL, &index);
1967 if (IS_ERR(driver)) {
1968 mutex_unlock(&tty_mutex);
1969 return ERR_CAST(driver);
1970 }
1971
1972 /* check whether we're reopening an existing tty */
1973 tty = tty_driver_lookup_tty(driver, NULL, index);
1974 if (IS_ERR(tty) || shared)
1975 goto out;
1976
1977 if (tty) {
1978 /* drop kref from tty_driver_lookup_tty() */
1979 tty_kref_put(tty);
1980 tty = ERR_PTR(-EBUSY);
1981 } else { /* tty_init_dev returns tty with the tty_lock held */
1982 tty = tty_init_dev(driver, index);
1983 if (IS_ERR(tty))
1984 goto out;
1985 tty_port_set_kopened(tty->port, 1);
1986 }
1987out:
1988 mutex_unlock(&tty_mutex);
1989 tty_driver_kref_put(driver);
1990 return tty;
1991}
1992
1993/**
1994 * tty_kopen_exclusive - open a tty device for kernel
1995 * @device: dev_t of device to open
1996 *
1997 * Opens tty exclusively for kernel. Performs the driver lookup,
1998 * makes sure it's not already opened and performs the first-time
1999 * tty initialization.
2000 *
2001 * Returns the locked initialized &tty_struct
2002 *
2003 * Claims the global tty_mutex to serialize:
2004 * - concurrent first-time tty initialization
2005 * - concurrent tty driver removal w/ lookup
2006 * - concurrent tty removal from driver table
2007 */
2008struct tty_struct *tty_kopen_exclusive(dev_t device)
2009{
2010 return tty_kopen(device, 0);
2011}
2012EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2013
2014/**
2015 * tty_kopen_shared - open a tty device for shared in-kernel use
2016 * @device: dev_t of device to open
2017 *
2018 * Opens an already existing tty for in-kernel use. Compared to
2019 * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2020 *
2021 * Locking is identical to tty_kopen() above.
2022 */
2023struct tty_struct *tty_kopen_shared(dev_t device)
2024{
2025 return tty_kopen(device, 1);
2026}
2027EXPORT_SYMBOL_GPL(tty_kopen_shared);
2028
2029/**
2030 * tty_open_by_driver - open a tty device
2031 * @device: dev_t of device to open
2032 * @filp: file pointer to tty
2033 *
2034 * Performs the driver lookup, checks for a reopen, or otherwise
2035 * performs the first-time tty initialization.
2036 *
2037 * Returns the locked initialized or re-opened &tty_struct
2038 *
2039 * Claims the global tty_mutex to serialize:
2040 * - concurrent first-time tty initialization
2041 * - concurrent tty driver removal w/ lookup
2042 * - concurrent tty removal from driver table
2043 */
2044static struct tty_struct *tty_open_by_driver(dev_t device,
2045 struct file *filp)
2046{
2047 struct tty_struct *tty;
2048 struct tty_driver *driver = NULL;
2049 int index = -1;
2050 int retval;
2051
2052 mutex_lock(&tty_mutex);
2053 driver = tty_lookup_driver(device, filp, &index);
2054 if (IS_ERR(driver)) {
2055 mutex_unlock(&tty_mutex);
2056 return ERR_CAST(driver);
2057 }
2058
2059 /* check whether we're reopening an existing tty */
2060 tty = tty_driver_lookup_tty(driver, filp, index);
2061 if (IS_ERR(tty)) {
2062 mutex_unlock(&tty_mutex);
2063 goto out;
2064 }
2065
2066 if (tty) {
2067 if (tty_port_kopened(tty->port)) {
2068 tty_kref_put(tty);
2069 mutex_unlock(&tty_mutex);
2070 tty = ERR_PTR(-EBUSY);
2071 goto out;
2072 }
2073 mutex_unlock(&tty_mutex);
2074 retval = tty_lock_interruptible(tty);
2075 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2076 if (retval) {
2077 if (retval == -EINTR)
2078 retval = -ERESTARTSYS;
2079 tty = ERR_PTR(retval);
2080 goto out;
2081 }
2082 retval = tty_reopen(tty);
2083 if (retval < 0) {
2084 tty_unlock(tty);
2085 tty = ERR_PTR(retval);
2086 }
2087 } else { /* Returns with the tty_lock held for now */
2088 tty = tty_init_dev(driver, index);
2089 mutex_unlock(&tty_mutex);
2090 }
2091out:
2092 tty_driver_kref_put(driver);
2093 return tty;
2094}
2095
2096/**
2097 * tty_open - open a tty device
2098 * @inode: inode of device file
2099 * @filp: file pointer to tty
2100 *
2101 * tty_open and tty_release keep up the tty count that contains the
2102 * number of opens done on a tty. We cannot use the inode-count, as
2103 * different inodes might point to the same tty.
2104 *
2105 * Open-counting is needed for pty masters, as well as for keeping
2106 * track of serial lines: DTR is dropped when the last close happens.
2107 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2108 *
2109 * The termios state of a pty is reset on first open so that
2110 * settings don't persist across reuse.
2111 *
2112 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2113 * tty->count should protect the rest.
2114 * ->siglock protects ->signal/->sighand
2115 *
2116 * Note: the tty_unlock/lock cases without a ref are only safe due to
2117 * tty_mutex
2118 */
2119
2120static int tty_open(struct inode *inode, struct file *filp)
2121{
2122 struct tty_struct *tty;
2123 int noctty, retval;
2124 dev_t device = inode->i_rdev;
2125 unsigned saved_flags = filp->f_flags;
2126
2127 nonseekable_open(inode, filp);
2128
2129retry_open:
2130 retval = tty_alloc_file(filp);
2131 if (retval)
2132 return -ENOMEM;
2133
2134 tty = tty_open_current_tty(device, filp);
2135 if (!tty)
2136 tty = tty_open_by_driver(device, filp);
2137
2138 if (IS_ERR(tty)) {
2139 tty_free_file(filp);
2140 retval = PTR_ERR(tty);
2141 if (retval != -EAGAIN || signal_pending(current))
2142 return retval;
2143 schedule();
2144 goto retry_open;
2145 }
2146
2147 tty_add_file(tty, filp);
2148
2149 check_tty_count(tty, __func__);
2150 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2151
2152 if (tty->ops->open)
2153 retval = tty->ops->open(tty, filp);
2154 else
2155 retval = -ENODEV;
2156 filp->f_flags = saved_flags;
2157
2158 if (retval) {
2159 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2160
2161 tty_unlock(tty); /* need to call tty_release without BTM */
2162 tty_release(inode, filp);
2163 if (retval != -ERESTARTSYS)
2164 return retval;
2165
2166 if (signal_pending(current))
2167 return retval;
2168
2169 schedule();
2170 /*
2171 * Need to reset f_op in case a hangup happened.
2172 */
2173 if (tty_hung_up_p(filp))
2174 filp->f_op = &tty_fops;
2175 goto retry_open;
2176 }
2177 clear_bit(TTY_HUPPED, &tty->flags);
2178
2179 noctty = (filp->f_flags & O_NOCTTY) ||
2180 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2181 device == MKDEV(TTYAUX_MAJOR, 1) ||
2182 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2183 tty->driver->subtype == PTY_TYPE_MASTER);
2184 if (!noctty)
2185 tty_open_proc_set_tty(filp, tty);
2186 tty_unlock(tty);
2187 return 0;
2188}
2189
2190
2191
2192/**
2193 * tty_poll - check tty status
2194 * @filp: file being polled
2195 * @wait: poll wait structures to update
2196 *
2197 * Call the line discipline polling method to obtain the poll
2198 * status of the device.
2199 *
2200 * Locking: locks called line discipline but ldisc poll method
2201 * may be re-entered freely by other callers.
2202 */
2203
2204static __poll_t tty_poll(struct file *filp, poll_table *wait)
2205{
2206 struct tty_struct *tty = file_tty(filp);
2207 struct tty_ldisc *ld;
2208 __poll_t ret = 0;
2209
2210 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2211 return 0;
2212
2213 ld = tty_ldisc_ref_wait(tty);
2214 if (!ld)
2215 return hung_up_tty_poll(filp, wait);
2216 if (ld->ops->poll)
2217 ret = ld->ops->poll(tty, filp, wait);
2218 tty_ldisc_deref(ld);
2219 return ret;
2220}
2221
2222static int __tty_fasync(int fd, struct file *filp, int on)
2223{
2224 struct tty_struct *tty = file_tty(filp);
2225 unsigned long flags;
2226 int retval = 0;
2227
2228 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2229 goto out;
2230
2231 retval = fasync_helper(fd, filp, on, &tty->fasync);
2232 if (retval <= 0)
2233 goto out;
2234
2235 if (on) {
2236 enum pid_type type;
2237 struct pid *pid;
2238
2239 spin_lock_irqsave(&tty->ctrl_lock, flags);
2240 if (tty->pgrp) {
2241 pid = tty->pgrp;
2242 type = PIDTYPE_PGID;
2243 } else {
2244 pid = task_pid(current);
2245 type = PIDTYPE_TGID;
2246 }
2247 get_pid(pid);
2248 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2249 __f_setown(filp, pid, type, 0);
2250 put_pid(pid);
2251 retval = 0;
2252 }
2253out:
2254 return retval;
2255}
2256
2257static int tty_fasync(int fd, struct file *filp, int on)
2258{
2259 struct tty_struct *tty = file_tty(filp);
2260 int retval = -ENOTTY;
2261
2262 tty_lock(tty);
2263 if (!tty_hung_up_p(filp))
2264 retval = __tty_fasync(fd, filp, on);
2265 tty_unlock(tty);
2266
2267 return retval;
2268}
2269
2270/**
2271 * tiocsti - fake input character
2272 * @tty: tty to fake input into
2273 * @p: pointer to character
2274 *
2275 * Fake input to a tty device. Does the necessary locking and
2276 * input management.
2277 *
2278 * FIXME: does not honour flow control ??
2279 *
2280 * Locking:
2281 * Called functions take tty_ldiscs_lock
2282 * current->signal->tty check is safe without locks
2283 *
2284 * FIXME: may race normal receive processing
2285 */
2286
2287static int tiocsti(struct tty_struct *tty, char __user *p)
2288{
2289 char ch, mbz = 0;
2290 struct tty_ldisc *ld;
2291
2292 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2293 return -EPERM;
2294 if (get_user(ch, p))
2295 return -EFAULT;
2296 tty_audit_tiocsti(tty, ch);
2297 ld = tty_ldisc_ref_wait(tty);
2298 if (!ld)
2299 return -EIO;
2300 if (ld->ops->receive_buf)
2301 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2302 tty_ldisc_deref(ld);
2303 return 0;
2304}
2305
2306/**
2307 * tiocgwinsz - implement window query ioctl
2308 * @tty: tty
2309 * @arg: user buffer for result
2310 *
2311 * Copies the kernel idea of the window size into the user buffer.
2312 *
2313 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2314 * is consistent.
2315 */
2316
2317static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2318{
2319 int err;
2320
2321 mutex_lock(&tty->winsize_mutex);
2322 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2323 mutex_unlock(&tty->winsize_mutex);
2324
2325 return err ? -EFAULT: 0;
2326}
2327
2328/**
2329 * tty_do_resize - resize event
2330 * @tty: tty being resized
2331 * @ws: new dimensions
2332 *
2333 * Update the termios variables and send the necessary signals to
2334 * peform a terminal resize correctly
2335 */
2336
2337int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2338{
2339 struct pid *pgrp;
2340
2341 /* Lock the tty */
2342 mutex_lock(&tty->winsize_mutex);
2343 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2344 goto done;
2345
2346 /* Signal the foreground process group */
2347 pgrp = tty_get_pgrp(tty);
2348 if (pgrp)
2349 kill_pgrp(pgrp, SIGWINCH, 1);
2350 put_pid(pgrp);
2351
2352 tty->winsize = *ws;
2353done:
2354 mutex_unlock(&tty->winsize_mutex);
2355 return 0;
2356}
2357EXPORT_SYMBOL(tty_do_resize);
2358
2359/**
2360 * tiocswinsz - implement window size set ioctl
2361 * @tty: tty side of tty
2362 * @arg: user buffer for result
2363 *
2364 * Copies the user idea of the window size to the kernel. Traditionally
2365 * this is just advisory information but for the Linux console it
2366 * actually has driver level meaning and triggers a VC resize.
2367 *
2368 * Locking:
2369 * Driver dependent. The default do_resize method takes the
2370 * tty termios mutex and ctrl_lock. The console takes its own lock
2371 * then calls into the default method.
2372 */
2373
2374static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2375{
2376 struct winsize tmp_ws;
2377 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2378 return -EFAULT;
2379
2380 if (tty->ops->resize)
2381 return tty->ops->resize(tty, &tmp_ws);
2382 else
2383 return tty_do_resize(tty, &tmp_ws);
2384}
2385
2386/**
2387 * tioccons - allow admin to move logical console
2388 * @file: the file to become console
2389 *
2390 * Allow the administrator to move the redirected console device
2391 *
2392 * Locking: uses redirect_lock to guard the redirect information
2393 */
2394
2395static int tioccons(struct file *file)
2396{
2397 if (!capable(CAP_SYS_ADMIN))
2398 return -EPERM;
2399 if (file->f_op->write_iter == redirected_tty_write) {
2400 struct file *f;
2401 spin_lock(&redirect_lock);
2402 f = redirect;
2403 redirect = NULL;
2404 spin_unlock(&redirect_lock);
2405 if (f)
2406 fput(f);
2407 return 0;
2408 }
2409 spin_lock(&redirect_lock);
2410 if (redirect) {
2411 spin_unlock(&redirect_lock);
2412 return -EBUSY;
2413 }
2414 redirect = get_file(file);
2415 spin_unlock(&redirect_lock);
2416 return 0;
2417}
2418
2419/**
2420 * tiocsetd - set line discipline
2421 * @tty: tty device
2422 * @p: pointer to user data
2423 *
2424 * Set the line discipline according to user request.
2425 *
2426 * Locking: see tty_set_ldisc, this function is just a helper
2427 */
2428
2429static int tiocsetd(struct tty_struct *tty, int __user *p)
2430{
2431 int disc;
2432 int ret;
2433
2434 if (get_user(disc, p))
2435 return -EFAULT;
2436
2437 ret = tty_set_ldisc(tty, disc);
2438
2439 return ret;
2440}
2441
2442/**
2443 * tiocgetd - get line discipline
2444 * @tty: tty device
2445 * @p: pointer to user data
2446 *
2447 * Retrieves the line discipline id directly from the ldisc.
2448 *
2449 * Locking: waits for ldisc reference (in case the line discipline
2450 * is changing or the tty is being hungup)
2451 */
2452
2453static int tiocgetd(struct tty_struct *tty, int __user *p)
2454{
2455 struct tty_ldisc *ld;
2456 int ret;
2457
2458 ld = tty_ldisc_ref_wait(tty);
2459 if (!ld)
2460 return -EIO;
2461 ret = put_user(ld->ops->num, p);
2462 tty_ldisc_deref(ld);
2463 return ret;
2464}
2465
2466/**
2467 * send_break - performed time break
2468 * @tty: device to break on
2469 * @duration: timeout in mS
2470 *
2471 * Perform a timed break on hardware that lacks its own driver level
2472 * timed break functionality.
2473 *
2474 * Locking:
2475 * atomic_write_lock serializes
2476 *
2477 */
2478
2479static int send_break(struct tty_struct *tty, unsigned int duration)
2480{
2481 int retval;
2482
2483 if (tty->ops->break_ctl == NULL)
2484 return 0;
2485
2486 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2487 retval = tty->ops->break_ctl(tty, duration);
2488 else {
2489 /* Do the work ourselves */
2490 if (tty_write_lock(tty, 0) < 0)
2491 return -EINTR;
2492 retval = tty->ops->break_ctl(tty, -1);
2493 if (retval)
2494 goto out;
2495 if (!signal_pending(current))
2496 msleep_interruptible(duration);
2497 retval = tty->ops->break_ctl(tty, 0);
2498out:
2499 tty_write_unlock(tty);
2500 if (signal_pending(current))
2501 retval = -EINTR;
2502 }
2503 return retval;
2504}
2505
2506/**
2507 * tty_tiocmget - get modem status
2508 * @tty: tty device
2509 * @p: pointer to result
2510 *
2511 * Obtain the modem status bits from the tty driver if the feature
2512 * is supported. Return -EINVAL if it is not available.
2513 *
2514 * Locking: none (up to the driver)
2515 */
2516
2517static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2518{
2519 int retval = -EINVAL;
2520
2521 if (tty->ops->tiocmget) {
2522 retval = tty->ops->tiocmget(tty);
2523
2524 if (retval >= 0)
2525 retval = put_user(retval, p);
2526 }
2527 return retval;
2528}
2529
2530/**
2531 * tty_tiocmset - set modem status
2532 * @tty: tty device
2533 * @cmd: command - clear bits, set bits or set all
2534 * @p: pointer to desired bits
2535 *
2536 * Set the modem status bits from the tty driver if the feature
2537 * is supported. Return -EINVAL if it is not available.
2538 *
2539 * Locking: none (up to the driver)
2540 */
2541
2542static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2543 unsigned __user *p)
2544{
2545 int retval;
2546 unsigned int set, clear, val;
2547
2548 if (tty->ops->tiocmset == NULL)
2549 return -EINVAL;
2550
2551 retval = get_user(val, p);
2552 if (retval)
2553 return retval;
2554 set = clear = 0;
2555 switch (cmd) {
2556 case TIOCMBIS:
2557 set = val;
2558 break;
2559 case TIOCMBIC:
2560 clear = val;
2561 break;
2562 case TIOCMSET:
2563 set = val;
2564 clear = ~val;
2565 break;
2566 }
2567 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2568 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2569 return tty->ops->tiocmset(tty, set, clear);
2570}
2571
2572/**
2573 * tty_get_icount - get tty statistics
2574 * @tty: tty device
2575 * @icount: output parameter
2576 *
2577 * Gets a copy of the tty's icount statistics.
2578 *
2579 * Locking: none (up to the driver)
2580 */
2581int tty_get_icount(struct tty_struct *tty,
2582 struct serial_icounter_struct *icount)
2583{
2584 memset(icount, 0, sizeof(*icount));
2585
2586 if (tty->ops->get_icount)
2587 return tty->ops->get_icount(tty, icount);
2588 else
2589 return -EINVAL;
2590}
2591EXPORT_SYMBOL_GPL(tty_get_icount);
2592
2593static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2594{
2595 struct serial_icounter_struct icount;
2596 int retval;
2597
2598 retval = tty_get_icount(tty, &icount);
2599 if (retval != 0)
2600 return retval;
2601
2602 if (copy_to_user(arg, &icount, sizeof(icount)))
2603 return -EFAULT;
2604 return 0;
2605}
2606
2607static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2608{
2609 static DEFINE_RATELIMIT_STATE(depr_flags,
2610 DEFAULT_RATELIMIT_INTERVAL,
2611 DEFAULT_RATELIMIT_BURST);
2612 char comm[TASK_COMM_LEN];
2613 struct serial_struct v;
2614 int flags;
2615
2616 if (copy_from_user(&v, ss, sizeof(*ss)))
2617 return -EFAULT;
2618
2619 flags = v.flags & ASYNC_DEPRECATED;
2620
2621 if (flags && __ratelimit(&depr_flags))
2622 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2623 __func__, get_task_comm(comm, current), flags);
2624 if (!tty->ops->set_serial)
2625 return -ENOTTY;
2626 return tty->ops->set_serial(tty, &v);
2627}
2628
2629static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2630{
2631 struct serial_struct v;
2632 int err;
2633
2634 memset(&v, 0, sizeof(v));
2635 if (!tty->ops->get_serial)
2636 return -ENOTTY;
2637 err = tty->ops->get_serial(tty, &v);
2638 if (!err && copy_to_user(ss, &v, sizeof(v)))
2639 err = -EFAULT;
2640 return err;
2641}
2642
2643/*
2644 * if pty, return the slave side (real_tty)
2645 * otherwise, return self
2646 */
2647static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2648{
2649 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2650 tty->driver->subtype == PTY_TYPE_MASTER)
2651 tty = tty->link;
2652 return tty;
2653}
2654
2655/*
2656 * Split this up, as gcc can choke on it otherwise..
2657 */
2658long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2659{
2660 struct tty_struct *tty = file_tty(file);
2661 struct tty_struct *real_tty;
2662 void __user *p = (void __user *)arg;
2663 int retval;
2664 struct tty_ldisc *ld;
2665
2666 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2667 return -EINVAL;
2668
2669 real_tty = tty_pair_get_tty(tty);
2670
2671 /*
2672 * Factor out some common prep work
2673 */
2674 switch (cmd) {
2675 case TIOCSETD:
2676 case TIOCSBRK:
2677 case TIOCCBRK:
2678 case TCSBRK:
2679 case TCSBRKP:
2680 retval = tty_check_change(tty);
2681 if (retval)
2682 return retval;
2683 if (cmd != TIOCCBRK) {
2684 tty_wait_until_sent(tty, 0);
2685 if (signal_pending(current))
2686 return -EINTR;
2687 }
2688 break;
2689 }
2690
2691 /*
2692 * Now do the stuff.
2693 */
2694 switch (cmd) {
2695 case TIOCSTI:
2696 return tiocsti(tty, p);
2697 case TIOCGWINSZ:
2698 return tiocgwinsz(real_tty, p);
2699 case TIOCSWINSZ:
2700 return tiocswinsz(real_tty, p);
2701 case TIOCCONS:
2702 return real_tty != tty ? -EINVAL : tioccons(file);
2703 case TIOCEXCL:
2704 set_bit(TTY_EXCLUSIVE, &tty->flags);
2705 return 0;
2706 case TIOCNXCL:
2707 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2708 return 0;
2709 case TIOCGEXCL:
2710 {
2711 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2712 return put_user(excl, (int __user *)p);
2713 }
2714 case TIOCGETD:
2715 return tiocgetd(tty, p);
2716 case TIOCSETD:
2717 return tiocsetd(tty, p);
2718 case TIOCVHANGUP:
2719 if (!capable(CAP_SYS_ADMIN))
2720 return -EPERM;
2721 tty_vhangup(tty);
2722 return 0;
2723 case TIOCGDEV:
2724 {
2725 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2726 return put_user(ret, (unsigned int __user *)p);
2727 }
2728 /*
2729 * Break handling
2730 */
2731 case TIOCSBRK: /* Turn break on, unconditionally */
2732 if (tty->ops->break_ctl)
2733 return tty->ops->break_ctl(tty, -1);
2734 return 0;
2735 case TIOCCBRK: /* Turn break off, unconditionally */
2736 if (tty->ops->break_ctl)
2737 return tty->ops->break_ctl(tty, 0);
2738 return 0;
2739 case TCSBRK: /* SVID version: non-zero arg --> no break */
2740 /* non-zero arg means wait for all output data
2741 * to be sent (performed above) but don't send break.
2742 * This is used by the tcdrain() termios function.
2743 */
2744 if (!arg)
2745 return send_break(tty, 250);
2746 return 0;
2747 case TCSBRKP: /* support for POSIX tcsendbreak() */
2748 return send_break(tty, arg ? arg*100 : 250);
2749
2750 case TIOCMGET:
2751 return tty_tiocmget(tty, p);
2752 case TIOCMSET:
2753 case TIOCMBIC:
2754 case TIOCMBIS:
2755 return tty_tiocmset(tty, cmd, p);
2756 case TIOCGICOUNT:
2757 return tty_tiocgicount(tty, p);
2758 case TCFLSH:
2759 switch (arg) {
2760 case TCIFLUSH:
2761 case TCIOFLUSH:
2762 /* flush tty buffer and allow ldisc to process ioctl */
2763 tty_buffer_flush(tty, NULL);
2764 break;
2765 }
2766 break;
2767 case TIOCSSERIAL:
2768 return tty_tiocsserial(tty, p);
2769 case TIOCGSERIAL:
2770 return tty_tiocgserial(tty, p);
2771 case TIOCGPTPEER:
2772 /* Special because the struct file is needed */
2773 return ptm_open_peer(file, tty, (int)arg);
2774 default:
2775 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2776 if (retval != -ENOIOCTLCMD)
2777 return retval;
2778 }
2779 if (tty->ops->ioctl) {
2780 retval = tty->ops->ioctl(tty, cmd, arg);
2781 if (retval != -ENOIOCTLCMD)
2782 return retval;
2783 }
2784 ld = tty_ldisc_ref_wait(tty);
2785 if (!ld)
2786 return hung_up_tty_ioctl(file, cmd, arg);
2787 retval = -EINVAL;
2788 if (ld->ops->ioctl) {
2789 retval = ld->ops->ioctl(tty, file, cmd, arg);
2790 if (retval == -ENOIOCTLCMD)
2791 retval = -ENOTTY;
2792 }
2793 tty_ldisc_deref(ld);
2794 return retval;
2795}
2796
2797#ifdef CONFIG_COMPAT
2798
2799struct serial_struct32 {
2800 compat_int_t type;
2801 compat_int_t line;
2802 compat_uint_t port;
2803 compat_int_t irq;
2804 compat_int_t flags;
2805 compat_int_t xmit_fifo_size;
2806 compat_int_t custom_divisor;
2807 compat_int_t baud_base;
2808 unsigned short close_delay;
2809 char io_type;
2810 char reserved_char;
2811 compat_int_t hub6;
2812 unsigned short closing_wait; /* time to wait before closing */
2813 unsigned short closing_wait2; /* no longer used... */
2814 compat_uint_t iomem_base;
2815 unsigned short iomem_reg_shift;
2816 unsigned int port_high;
2817 /* compat_ulong_t iomap_base FIXME */
2818 compat_int_t reserved;
2819};
2820
2821static int compat_tty_tiocsserial(struct tty_struct *tty,
2822 struct serial_struct32 __user *ss)
2823{
2824 static DEFINE_RATELIMIT_STATE(depr_flags,
2825 DEFAULT_RATELIMIT_INTERVAL,
2826 DEFAULT_RATELIMIT_BURST);
2827 char comm[TASK_COMM_LEN];
2828 struct serial_struct32 v32;
2829 struct serial_struct v;
2830 int flags;
2831
2832 if (copy_from_user(&v32, ss, sizeof(*ss)))
2833 return -EFAULT;
2834
2835 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2836 v.iomem_base = compat_ptr(v32.iomem_base);
2837 v.iomem_reg_shift = v32.iomem_reg_shift;
2838 v.port_high = v32.port_high;
2839 v.iomap_base = 0;
2840
2841 flags = v.flags & ASYNC_DEPRECATED;
2842
2843 if (flags && __ratelimit(&depr_flags))
2844 pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2845 __func__, get_task_comm(comm, current), flags);
2846 if (!tty->ops->set_serial)
2847 return -ENOTTY;
2848 return tty->ops->set_serial(tty, &v);
2849}
2850
2851static int compat_tty_tiocgserial(struct tty_struct *tty,
2852 struct serial_struct32 __user *ss)
2853{
2854 struct serial_struct32 v32;
2855 struct serial_struct v;
2856 int err;
2857
2858 memset(&v, 0, sizeof(v));
2859 memset(&v32, 0, sizeof(v32));
2860
2861 if (!tty->ops->get_serial)
2862 return -ENOTTY;
2863 err = tty->ops->get_serial(tty, &v);
2864 if (!err) {
2865 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2866 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2867 0xfffffff : ptr_to_compat(v.iomem_base);
2868 v32.iomem_reg_shift = v.iomem_reg_shift;
2869 v32.port_high = v.port_high;
2870 if (copy_to_user(ss, &v32, sizeof(v32)))
2871 err = -EFAULT;
2872 }
2873 return err;
2874}
2875static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2876 unsigned long arg)
2877{
2878 struct tty_struct *tty = file_tty(file);
2879 struct tty_ldisc *ld;
2880 int retval = -ENOIOCTLCMD;
2881
2882 switch (cmd) {
2883 case TIOCOUTQ:
2884 case TIOCSTI:
2885 case TIOCGWINSZ:
2886 case TIOCSWINSZ:
2887 case TIOCGEXCL:
2888 case TIOCGETD:
2889 case TIOCSETD:
2890 case TIOCGDEV:
2891 case TIOCMGET:
2892 case TIOCMSET:
2893 case TIOCMBIC:
2894 case TIOCMBIS:
2895 case TIOCGICOUNT:
2896 case TIOCGPGRP:
2897 case TIOCSPGRP:
2898 case TIOCGSID:
2899 case TIOCSERGETLSR:
2900 case TIOCGRS485:
2901 case TIOCSRS485:
2902#ifdef TIOCGETP
2903 case TIOCGETP:
2904 case TIOCSETP:
2905 case TIOCSETN:
2906#endif
2907#ifdef TIOCGETC
2908 case TIOCGETC:
2909 case TIOCSETC:
2910#endif
2911#ifdef TIOCGLTC
2912 case TIOCGLTC:
2913 case TIOCSLTC:
2914#endif
2915 case TCSETSF:
2916 case TCSETSW:
2917 case TCSETS:
2918 case TCGETS:
2919#ifdef TCGETS2
2920 case TCGETS2:
2921 case TCSETSF2:
2922 case TCSETSW2:
2923 case TCSETS2:
2924#endif
2925 case TCGETA:
2926 case TCSETAF:
2927 case TCSETAW:
2928 case TCSETA:
2929 case TIOCGLCKTRMIOS:
2930 case TIOCSLCKTRMIOS:
2931#ifdef TCGETX
2932 case TCGETX:
2933 case TCSETX:
2934 case TCSETXW:
2935 case TCSETXF:
2936#endif
2937 case TIOCGSOFTCAR:
2938 case TIOCSSOFTCAR:
2939
2940 case PPPIOCGCHAN:
2941 case PPPIOCGUNIT:
2942 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2943 case TIOCCONS:
2944 case TIOCEXCL:
2945 case TIOCNXCL:
2946 case TIOCVHANGUP:
2947 case TIOCSBRK:
2948 case TIOCCBRK:
2949 case TCSBRK:
2950 case TCSBRKP:
2951 case TCFLSH:
2952 case TIOCGPTPEER:
2953 case TIOCNOTTY:
2954 case TIOCSCTTY:
2955 case TCXONC:
2956 case TIOCMIWAIT:
2957 case TIOCSERCONFIG:
2958 return tty_ioctl(file, cmd, arg);
2959 }
2960
2961 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2962 return -EINVAL;
2963
2964 switch (cmd) {
2965 case TIOCSSERIAL:
2966 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2967 case TIOCGSERIAL:
2968 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2969 }
2970 if (tty->ops->compat_ioctl) {
2971 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2972 if (retval != -ENOIOCTLCMD)
2973 return retval;
2974 }
2975
2976 ld = tty_ldisc_ref_wait(tty);
2977 if (!ld)
2978 return hung_up_tty_compat_ioctl(file, cmd, arg);
2979 if (ld->ops->compat_ioctl)
2980 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2981 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2982 retval = ld->ops->ioctl(tty, file,
2983 (unsigned long)compat_ptr(cmd), arg);
2984 tty_ldisc_deref(ld);
2985
2986 return retval;
2987}
2988#endif
2989
2990static int this_tty(const void *t, struct file *file, unsigned fd)
2991{
2992 if (likely(file->f_op->read_iter != tty_read))
2993 return 0;
2994 return file_tty(file) != t ? 0 : fd + 1;
2995}
2996
2997/*
2998 * This implements the "Secure Attention Key" --- the idea is to
2999 * prevent trojan horses by killing all processes associated with this
3000 * tty when the user hits the "Secure Attention Key". Required for
3001 * super-paranoid applications --- see the Orange Book for more details.
3002 *
3003 * This code could be nicer; ideally it should send a HUP, wait a few
3004 * seconds, then send a INT, and then a KILL signal. But you then
3005 * have to coordinate with the init process, since all processes associated
3006 * with the current tty must be dead before the new getty is allowed
3007 * to spawn.
3008 *
3009 * Now, if it would be correct ;-/ The current code has a nasty hole -
3010 * it doesn't catch files in flight. We may send the descriptor to ourselves
3011 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3012 *
3013 * Nasty bug: do_SAK is being called in interrupt context. This can
3014 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3015 */
3016void __do_SAK(struct tty_struct *tty)
3017{
3018#ifdef TTY_SOFT_SAK
3019 tty_hangup(tty);
3020#else
3021 struct task_struct *g, *p;
3022 struct pid *session;
3023 int i;
3024 unsigned long flags;
3025
3026 if (!tty)
3027 return;
3028
3029 spin_lock_irqsave(&tty->ctrl_lock, flags);
3030 session = get_pid(tty->session);
3031 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3032
3033 tty_ldisc_flush(tty);
3034
3035 tty_driver_flush_buffer(tty);
3036
3037 read_lock(&tasklist_lock);
3038 /* Kill the entire session */
3039 do_each_pid_task(session, PIDTYPE_SID, p) {
3040 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3041 task_pid_nr(p), p->comm);
3042 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3043 } while_each_pid_task(session, PIDTYPE_SID, p);
3044
3045 /* Now kill any processes that happen to have the tty open */
3046 do_each_thread(g, p) {
3047 if (p->signal->tty == tty) {
3048 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3049 task_pid_nr(p), p->comm);
3050 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3051 continue;
3052 }
3053 task_lock(p);
3054 i = iterate_fd(p->files, 0, this_tty, tty);
3055 if (i != 0) {
3056 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3057 task_pid_nr(p), p->comm, i - 1);
3058 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3059 }
3060 task_unlock(p);
3061 } while_each_thread(g, p);
3062 read_unlock(&tasklist_lock);
3063 put_pid(session);
3064#endif
3065}
3066
3067static void do_SAK_work(struct work_struct *work)
3068{
3069 struct tty_struct *tty =
3070 container_of(work, struct tty_struct, SAK_work);
3071 __do_SAK(tty);
3072}
3073
3074/*
3075 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3076 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3077 * the values which we write to it will be identical to the values which it
3078 * already has. --akpm
3079 */
3080void do_SAK(struct tty_struct *tty)
3081{
3082 if (!tty)
3083 return;
3084 schedule_work(&tty->SAK_work);
3085}
3086
3087EXPORT_SYMBOL(do_SAK);
3088
3089/* Must put_device() after it's unused! */
3090static struct device *tty_get_device(struct tty_struct *tty)
3091{
3092 dev_t devt = tty_devnum(tty);
3093 return class_find_device_by_devt(tty_class, devt);
3094}
3095
3096
3097/*
3098 * alloc_tty_struct
3099 *
3100 * This subroutine allocates and initializes a tty structure.
3101 *
3102 * Locking: none - tty in question is not exposed at this point
3103 */
3104
3105struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3106{
3107 struct tty_struct *tty;
3108
3109 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3110 if (!tty)
3111 return NULL;
3112
3113 kref_init(&tty->kref);
3114 tty->magic = TTY_MAGIC;
3115 if (tty_ldisc_init(tty)) {
3116 kfree(tty);
3117 return NULL;
3118 }
3119 tty->session = NULL;
3120 tty->pgrp = NULL;
3121 mutex_init(&tty->legacy_mutex);
3122 mutex_init(&tty->throttle_mutex);
3123 init_rwsem(&tty->termios_rwsem);
3124 mutex_init(&tty->winsize_mutex);
3125 init_ldsem(&tty->ldisc_sem);
3126 init_waitqueue_head(&tty->write_wait);
3127 init_waitqueue_head(&tty->read_wait);
3128 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3129 mutex_init(&tty->atomic_write_lock);
3130 spin_lock_init(&tty->ctrl_lock);
3131 spin_lock_init(&tty->flow_lock);
3132 spin_lock_init(&tty->files_lock);
3133 INIT_LIST_HEAD(&tty->tty_files);
3134 INIT_WORK(&tty->SAK_work, do_SAK_work);
3135
3136 tty->driver = driver;
3137 tty->ops = driver->ops;
3138 tty->index = idx;
3139 tty_line_name(driver, idx, tty->name);
3140 tty->dev = tty_get_device(tty);
3141
3142 return tty;
3143}
3144
3145/**
3146 * tty_put_char - write one character to a tty
3147 * @tty: tty
3148 * @ch: character
3149 *
3150 * Write one byte to the tty using the provided put_char method
3151 * if present. Returns the number of characters successfully output.
3152 *
3153 * Note: the specific put_char operation in the driver layer may go
3154 * away soon. Don't call it directly, use this method
3155 */
3156
3157int tty_put_char(struct tty_struct *tty, unsigned char ch)
3158{
3159 if (tty->ops->put_char)
3160 return tty->ops->put_char(tty, ch);
3161 return tty->ops->write(tty, &ch, 1);
3162}
3163EXPORT_SYMBOL_GPL(tty_put_char);
3164
3165struct class *tty_class;
3166
3167static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3168 unsigned int index, unsigned int count)
3169{
3170 int err;
3171
3172 /* init here, since reused cdevs cause crashes */
3173 driver->cdevs[index] = cdev_alloc();
3174 if (!driver->cdevs[index])
3175 return -ENOMEM;
3176 driver->cdevs[index]->ops = &tty_fops;
3177 driver->cdevs[index]->owner = driver->owner;
3178 err = cdev_add(driver->cdevs[index], dev, count);
3179 if (err)
3180 kobject_put(&driver->cdevs[index]->kobj);
3181 return err;
3182}
3183
3184/**
3185 * tty_register_device - register a tty device
3186 * @driver: the tty driver that describes the tty device
3187 * @index: the index in the tty driver for this tty device
3188 * @device: a struct device that is associated with this tty device.
3189 * This field is optional, if there is no known struct device
3190 * for this tty device it can be set to NULL safely.
3191 *
3192 * Returns a pointer to the struct device for this tty device
3193 * (or ERR_PTR(-EFOO) on error).
3194 *
3195 * This call is required to be made to register an individual tty device
3196 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3197 * that bit is not set, this function should not be called by a tty
3198 * driver.
3199 *
3200 * Locking: ??
3201 */
3202
3203struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3204 struct device *device)
3205{
3206 return tty_register_device_attr(driver, index, device, NULL, NULL);
3207}
3208EXPORT_SYMBOL(tty_register_device);
3209
3210static void tty_device_create_release(struct device *dev)
3211{
3212 dev_dbg(dev, "releasing...\n");
3213 kfree(dev);
3214}
3215
3216/**
3217 * tty_register_device_attr - register a tty device
3218 * @driver: the tty driver that describes the tty device
3219 * @index: the index in the tty driver for this tty device
3220 * @device: a struct device that is associated with this tty device.
3221 * This field is optional, if there is no known struct device
3222 * for this tty device it can be set to NULL safely.
3223 * @drvdata: Driver data to be set to device.
3224 * @attr_grp: Attribute group to be set on device.
3225 *
3226 * Returns a pointer to the struct device for this tty device
3227 * (or ERR_PTR(-EFOO) on error).
3228 *
3229 * This call is required to be made to register an individual tty device
3230 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3231 * that bit is not set, this function should not be called by a tty
3232 * driver.
3233 *
3234 * Locking: ??
3235 */
3236struct device *tty_register_device_attr(struct tty_driver *driver,
3237 unsigned index, struct device *device,
3238 void *drvdata,
3239 const struct attribute_group **attr_grp)
3240{
3241 char name[64];
3242 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3243 struct ktermios *tp;
3244 struct device *dev;
3245 int retval;
3246
3247 if (index >= driver->num) {
3248 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3249 driver->name, index);
3250 return ERR_PTR(-EINVAL);
3251 }
3252
3253 if (driver->type == TTY_DRIVER_TYPE_PTY)
3254 pty_line_name(driver, index, name);
3255 else
3256 tty_line_name(driver, index, name);
3257
3258 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3259 if (!dev)
3260 return ERR_PTR(-ENOMEM);
3261
3262 dev->devt = devt;
3263 dev->class = tty_class;
3264 dev->parent = device;
3265 dev->release = tty_device_create_release;
3266 dev_set_name(dev, "%s", name);
3267 dev->groups = attr_grp;
3268 dev_set_drvdata(dev, drvdata);
3269
3270 dev_set_uevent_suppress(dev, 1);
3271
3272 retval = device_register(dev);
3273 if (retval)
3274 goto err_put;
3275
3276 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3277 /*
3278 * Free any saved termios data so that the termios state is
3279 * reset when reusing a minor number.
3280 */
3281 tp = driver->termios[index];
3282 if (tp) {
3283 driver->termios[index] = NULL;
3284 kfree(tp);
3285 }
3286
3287 retval = tty_cdev_add(driver, devt, index, 1);
3288 if (retval)
3289 goto err_del;
3290 }
3291
3292 dev_set_uevent_suppress(dev, 0);
3293 kobject_uevent(&dev->kobj, KOBJ_ADD);
3294
3295 return dev;
3296
3297err_del:
3298 device_del(dev);
3299err_put:
3300 put_device(dev);
3301
3302 return ERR_PTR(retval);
3303}
3304EXPORT_SYMBOL_GPL(tty_register_device_attr);
3305
3306/**
3307 * tty_unregister_device - unregister a tty device
3308 * @driver: the tty driver that describes the tty device
3309 * @index: the index in the tty driver for this tty device
3310 *
3311 * If a tty device is registered with a call to tty_register_device() then
3312 * this function must be called when the tty device is gone.
3313 *
3314 * Locking: ??
3315 */
3316
3317void tty_unregister_device(struct tty_driver *driver, unsigned index)
3318{
3319 device_destroy(tty_class,
3320 MKDEV(driver->major, driver->minor_start) + index);
3321 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3322 cdev_del(driver->cdevs[index]);
3323 driver->cdevs[index] = NULL;
3324 }
3325}
3326EXPORT_SYMBOL(tty_unregister_device);
3327
3328/**
3329 * __tty_alloc_driver -- allocate tty driver
3330 * @lines: count of lines this driver can handle at most
3331 * @owner: module which is responsible for this driver
3332 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3333 *
3334 * This should not be called directly, some of the provided macros should be
3335 * used instead. Use IS_ERR and friends on @retval.
3336 */
3337struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3338 unsigned long flags)
3339{
3340 struct tty_driver *driver;
3341 unsigned int cdevs = 1;
3342 int err;
3343
3344 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3345 return ERR_PTR(-EINVAL);
3346
3347 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3348 if (!driver)
3349 return ERR_PTR(-ENOMEM);
3350
3351 kref_init(&driver->kref);
3352 driver->magic = TTY_DRIVER_MAGIC;
3353 driver->num = lines;
3354 driver->owner = owner;
3355 driver->flags = flags;
3356
3357 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3358 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3359 GFP_KERNEL);
3360 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3361 GFP_KERNEL);
3362 if (!driver->ttys || !driver->termios) {
3363 err = -ENOMEM;
3364 goto err_free_all;
3365 }
3366 }
3367
3368 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3369 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3370 GFP_KERNEL);
3371 if (!driver->ports) {
3372 err = -ENOMEM;
3373 goto err_free_all;
3374 }
3375 cdevs = lines;
3376 }
3377
3378 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3379 if (!driver->cdevs) {
3380 err = -ENOMEM;
3381 goto err_free_all;
3382 }
3383
3384 return driver;
3385err_free_all:
3386 kfree(driver->ports);
3387 kfree(driver->ttys);
3388 kfree(driver->termios);
3389 kfree(driver->cdevs);
3390 kfree(driver);
3391 return ERR_PTR(err);
3392}
3393EXPORT_SYMBOL(__tty_alloc_driver);
3394
3395static void destruct_tty_driver(struct kref *kref)
3396{
3397 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3398 int i;
3399 struct ktermios *tp;
3400
3401 if (driver->flags & TTY_DRIVER_INSTALLED) {
3402 for (i = 0; i < driver->num; i++) {
3403 tp = driver->termios[i];
3404 if (tp) {
3405 driver->termios[i] = NULL;
3406 kfree(tp);
3407 }
3408 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3409 tty_unregister_device(driver, i);
3410 }
3411 proc_tty_unregister_driver(driver);
3412 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3413 cdev_del(driver->cdevs[0]);
3414 }
3415 kfree(driver->cdevs);
3416 kfree(driver->ports);
3417 kfree(driver->termios);
3418 kfree(driver->ttys);
3419 kfree(driver);
3420}
3421
3422void tty_driver_kref_put(struct tty_driver *driver)
3423{
3424 kref_put(&driver->kref, destruct_tty_driver);
3425}
3426EXPORT_SYMBOL(tty_driver_kref_put);
3427
3428void tty_set_operations(struct tty_driver *driver,
3429 const struct tty_operations *op)
3430{
3431 driver->ops = op;
3432};
3433EXPORT_SYMBOL(tty_set_operations);
3434
3435void put_tty_driver(struct tty_driver *d)
3436{
3437 tty_driver_kref_put(d);
3438}
3439EXPORT_SYMBOL(put_tty_driver);
3440
3441/*
3442 * Called by a tty driver to register itself.
3443 */
3444int tty_register_driver(struct tty_driver *driver)
3445{
3446 int error;
3447 int i;
3448 dev_t dev;
3449 struct device *d;
3450
3451 if (!driver->major) {
3452 error = alloc_chrdev_region(&dev, driver->minor_start,
3453 driver->num, driver->name);
3454 if (!error) {
3455 driver->major = MAJOR(dev);
3456 driver->minor_start = MINOR(dev);
3457 }
3458 } else {
3459 dev = MKDEV(driver->major, driver->minor_start);
3460 error = register_chrdev_region(dev, driver->num, driver->name);
3461 }
3462 if (error < 0)
3463 goto err;
3464
3465 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3466 error = tty_cdev_add(driver, dev, 0, driver->num);
3467 if (error)
3468 goto err_unreg_char;
3469 }
3470
3471 mutex_lock(&tty_mutex);
3472 list_add(&driver->tty_drivers, &tty_drivers);
3473 mutex_unlock(&tty_mutex);
3474
3475 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3476 for (i = 0; i < driver->num; i++) {
3477 d = tty_register_device(driver, i, NULL);
3478 if (IS_ERR(d)) {
3479 error = PTR_ERR(d);
3480 goto err_unreg_devs;
3481 }
3482 }
3483 }
3484 proc_tty_register_driver(driver);
3485 driver->flags |= TTY_DRIVER_INSTALLED;
3486 return 0;
3487
3488err_unreg_devs:
3489 for (i--; i >= 0; i--)
3490 tty_unregister_device(driver, i);
3491
3492 mutex_lock(&tty_mutex);
3493 list_del(&driver->tty_drivers);
3494 mutex_unlock(&tty_mutex);
3495
3496err_unreg_char:
3497 unregister_chrdev_region(dev, driver->num);
3498err:
3499 return error;
3500}
3501EXPORT_SYMBOL(tty_register_driver);
3502
3503/*
3504 * Called by a tty driver to unregister itself.
3505 */
3506int tty_unregister_driver(struct tty_driver *driver)
3507{
3508#if 0
3509 /* FIXME */
3510 if (driver->refcount)
3511 return -EBUSY;
3512#endif
3513 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3514 driver->num);
3515 mutex_lock(&tty_mutex);
3516 list_del(&driver->tty_drivers);
3517 mutex_unlock(&tty_mutex);
3518 return 0;
3519}
3520
3521EXPORT_SYMBOL(tty_unregister_driver);
3522
3523dev_t tty_devnum(struct tty_struct *tty)
3524{
3525 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3526}
3527EXPORT_SYMBOL(tty_devnum);
3528
3529void tty_default_fops(struct file_operations *fops)
3530{
3531 *fops = tty_fops;
3532}
3533
3534static char *tty_devnode(struct device *dev, umode_t *mode)
3535{
3536 if (!mode)
3537 return NULL;
3538 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3539 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3540 *mode = 0666;
3541 return NULL;
3542}
3543
3544static int __init tty_class_init(void)
3545{
3546 tty_class = class_create(THIS_MODULE, "tty");
3547 if (IS_ERR(tty_class))
3548 return PTR_ERR(tty_class);
3549 tty_class->devnode = tty_devnode;
3550 return 0;
3551}
3552
3553postcore_initcall(tty_class_init);
3554
3555/* 3/2004 jmc: why do these devices exist? */
3556static struct cdev tty_cdev, console_cdev;
3557
3558static ssize_t show_cons_active(struct device *dev,
3559 struct device_attribute *attr, char *buf)
3560{
3561 struct console *cs[16];
3562 int i = 0;
3563 struct console *c;
3564 ssize_t count = 0;
3565
3566 console_lock();
3567 for_each_console(c) {
3568 if (!c->device)
3569 continue;
3570 if (!c->write)
3571 continue;
3572 if ((c->flags & CON_ENABLED) == 0)
3573 continue;
3574 cs[i++] = c;
3575 if (i >= ARRAY_SIZE(cs))
3576 break;
3577 }
3578 while (i--) {
3579 int index = cs[i]->index;
3580 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3581
3582 /* don't resolve tty0 as some programs depend on it */
3583 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3584 count += tty_line_name(drv, index, buf + count);
3585 else
3586 count += sprintf(buf + count, "%s%d",
3587 cs[i]->name, cs[i]->index);
3588
3589 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3590 }
3591 console_unlock();
3592
3593 return count;
3594}
3595static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3596
3597static struct attribute *cons_dev_attrs[] = {
3598 &dev_attr_active.attr,
3599 NULL
3600};
3601
3602ATTRIBUTE_GROUPS(cons_dev);
3603
3604static struct device *consdev;
3605
3606void console_sysfs_notify(void)
3607{
3608 if (consdev)
3609 sysfs_notify(&consdev->kobj, NULL, "active");
3610}
3611
3612/*
3613 * Ok, now we can initialize the rest of the tty devices and can count
3614 * on memory allocations, interrupts etc..
3615 */
3616int __init tty_init(void)
3617{
3618 tty_sysctl_init();
3619 cdev_init(&tty_cdev, &tty_fops);
3620 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3621 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3622 panic("Couldn't register /dev/tty driver\n");
3623 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3624
3625 cdev_init(&console_cdev, &console_fops);
3626 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3627 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3628 panic("Couldn't register /dev/console driver\n");
3629 consdev = device_create_with_groups(tty_class, NULL,
3630 MKDEV(TTYAUX_MAJOR, 1), NULL,
3631 cons_dev_groups, "console");
3632 if (IS_ERR(consdev))
3633 consdev = NULL;
3634
3635#ifdef CONFIG_VT
3636 vty_init(&console_fops);
3637#endif
3638 return 0;
3639}
3640
Linux 6.x block layer and io_uring tree(s)