1 /*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5 /*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67 #include <linux/types.h>
68 #include <linux/major.h>
69 #include <linux/errno.h>
70 #include <linux/signal.h>
71 #include <linux/fcntl.h>
72 #include <linux/sched.h>
73 #include <linux/interrupt.h>
74 #include <linux/tty.h>
75 #include <linux/tty_driver.h>
76 #include <linux/tty_flip.h>
77 #include <linux/devpts_fs.h>
78 #include <linux/file.h>
79 #include <linux/fdtable.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/device.h>
92 #include <linux/wait.h>
93 #include <linux/bitops.h>
94 #include <linux/delay.h>
95 #include <linux/seq_file.h>
96 #include <linux/serial.h>
97 #include <linux/ratelimit.h>
98
99 #include <linux/uaccess.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106 #include <linux/nsproxy.h>
107
108 #undef TTY_DEBUG_HANGUP
109
110 #define TTY_PARANOIA_CHECK 1
111 #define CHECK_TTY_COUNT 1
112
113 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
122 };
123
124 EXPORT_SYMBOL(tty_std_termios);
125
126 /* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
129
130 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132 /* Mutex to protect creating and releasing a tty. This is shared with
133 vt.c for deeply disgusting hack reasons */
134 DEFINE_MUTEX(tty_mutex);
135 EXPORT_SYMBOL(tty_mutex);
136
137 /* Spinlock to protect the tty->tty_files list */
138 DEFINE_SPINLOCK(tty_files_lock);
139
140 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142 ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
144 static unsigned int tty_poll(struct file *, poll_table *);
145 static int tty_open(struct inode *, struct file *);
146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147 #ifdef CONFIG_COMPAT
148 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 unsigned long arg);
150 #else
151 #define tty_compat_ioctl NULL
152 #endif
153 static int __tty_fasync(int fd, struct file *filp, int on);
154 static int tty_fasync(int fd, struct file *filp, int on);
155 static void release_tty(struct tty_struct *tty, int idx);
156 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
157 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
158
159 /**
160 * alloc_tty_struct - allocate a tty object
161 *
162 * Return a new empty tty structure. The data fields have not
163 * been initialized in any way but has been zeroed
164 *
165 * Locking: none
166 */
167
alloc_tty_struct(void)168 struct tty_struct *alloc_tty_struct(void)
169 {
170 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
171 }
172
173 /**
174 * free_tty_struct - free a disused tty
175 * @tty: tty struct to free
176 *
177 * Free the write buffers, tty queue and tty memory itself.
178 *
179 * Locking: none. Must be called after tty is definitely unused
180 */
181
free_tty_struct(struct tty_struct * tty)182 void free_tty_struct(struct tty_struct *tty)
183 {
184 if (tty->dev)
185 put_device(tty->dev);
186 kfree(tty->write_buf);
187 tty_buffer_free_all(tty);
188 kfree(tty);
189 }
190
file_tty(struct file * file)191 static inline struct tty_struct *file_tty(struct file *file)
192 {
193 return ((struct tty_file_private *)file->private_data)->tty;
194 }
195
tty_alloc_file(struct file * file)196 int tty_alloc_file(struct file *file)
197 {
198 struct tty_file_private *priv;
199
200 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
201 if (!priv)
202 return -ENOMEM;
203
204 file->private_data = priv;
205
206 return 0;
207 }
208
209 /* Associate a new file with the tty structure */
tty_add_file(struct tty_struct * tty,struct file * file)210 void tty_add_file(struct tty_struct *tty, struct file *file)
211 {
212 struct tty_file_private *priv = file->private_data;
213
214 priv->tty = tty;
215 priv->file = file;
216
217 spin_lock(&tty_files_lock);
218 list_add(&priv->list, &tty->tty_files);
219 spin_unlock(&tty_files_lock);
220 }
221
222 /**
223 * tty_free_file - free file->private_data
224 *
225 * This shall be used only for fail path handling when tty_add_file was not
226 * called yet.
227 */
tty_free_file(struct file * file)228 void tty_free_file(struct file *file)
229 {
230 struct tty_file_private *priv = file->private_data;
231
232 file->private_data = NULL;
233 kfree(priv);
234 }
235
236 /* Delete file from its tty */
tty_del_file(struct file * file)237 void tty_del_file(struct file *file)
238 {
239 struct tty_file_private *priv = file->private_data;
240
241 spin_lock(&tty_files_lock);
242 list_del(&priv->list);
243 spin_unlock(&tty_files_lock);
244 tty_free_file(file);
245 }
246
247
248 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
249
250 /**
251 * tty_name - return tty naming
252 * @tty: tty structure
253 * @buf: buffer for output
254 *
255 * Convert a tty structure into a name. The name reflects the kernel
256 * naming policy and if udev is in use may not reflect user space
257 *
258 * Locking: none
259 */
260
tty_name(struct tty_struct * tty,char * buf)261 char *tty_name(struct tty_struct *tty, char *buf)
262 {
263 if (!tty) /* Hmm. NULL pointer. That's fun. */
264 strcpy(buf, "NULL tty");
265 else
266 strcpy(buf, tty->name);
267 return buf;
268 }
269
270 EXPORT_SYMBOL(tty_name);
271
tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)272 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
273 const char *routine)
274 {
275 #ifdef TTY_PARANOIA_CHECK
276 if (!tty) {
277 printk(KERN_WARNING
278 "null TTY for (%d:%d) in %s\n",
279 imajor(inode), iminor(inode), routine);
280 return 1;
281 }
282 if (tty->magic != TTY_MAGIC) {
283 printk(KERN_WARNING
284 "bad magic number for tty struct (%d:%d) in %s\n",
285 imajor(inode), iminor(inode), routine);
286 return 1;
287 }
288 #endif
289 return 0;
290 }
291
check_tty_count(struct tty_struct * tty,const char * routine)292 static int check_tty_count(struct tty_struct *tty, const char *routine)
293 {
294 #ifdef CHECK_TTY_COUNT
295 struct list_head *p;
296 int count = 0;
297
298 spin_lock(&tty_files_lock);
299 list_for_each(p, &tty->tty_files) {
300 count++;
301 }
302 spin_unlock(&tty_files_lock);
303 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
304 tty->driver->subtype == PTY_TYPE_SLAVE &&
305 tty->link && tty->link->count)
306 count++;
307 if (tty->count != count) {
308 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
309 "!= #fd's(%d) in %s\n",
310 tty->name, tty->count, count, routine);
311 return count;
312 }
313 #endif
314 return 0;
315 }
316
317 /**
318 * get_tty_driver - find device of a tty
319 * @dev_t: device identifier
320 * @index: returns the index of the tty
321 *
322 * This routine returns a tty driver structure, given a device number
323 * and also passes back the index number.
324 *
325 * Locking: caller must hold tty_mutex
326 */
327
get_tty_driver(dev_t device,int * index)328 static struct tty_driver *get_tty_driver(dev_t device, int *index)
329 {
330 struct tty_driver *p;
331
332 list_for_each_entry(p, &tty_drivers, tty_drivers) {
333 dev_t base = MKDEV(p->major, p->minor_start);
334 if (device < base || device >= base + p->num)
335 continue;
336 *index = device - base;
337 return tty_driver_kref_get(p);
338 }
339 return NULL;
340 }
341
342 #ifdef CONFIG_CONSOLE_POLL
343
344 /**
345 * tty_find_polling_driver - find device of a polled tty
346 * @name: name string to match
347 * @line: pointer to resulting tty line nr
348 *
349 * This routine returns a tty driver structure, given a name
350 * and the condition that the tty driver is capable of polled
351 * operation.
352 */
tty_find_polling_driver(char * name,int * line)353 struct tty_driver *tty_find_polling_driver(char *name, int *line)
354 {
355 struct tty_driver *p, *res = NULL;
356 int tty_line = 0;
357 int len;
358 char *str, *stp;
359
360 for (str = name; *str; str++)
361 if ((*str >= '0' && *str <= '9') || *str == ',')
362 break;
363 if (!*str)
364 return NULL;
365
366 len = str - name;
367 tty_line = simple_strtoul(str, &str, 10);
368
369 mutex_lock(&tty_mutex);
370 /* Search through the tty devices to look for a match */
371 list_for_each_entry(p, &tty_drivers, tty_drivers) {
372 if (strncmp(name, p->name, len) != 0)
373 continue;
374 stp = str;
375 if (*stp == ',')
376 stp++;
377 if (*stp == '\0')
378 stp = NULL;
379
380 if (tty_line >= 0 && tty_line < p->num && p->ops &&
381 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
382 res = tty_driver_kref_get(p);
383 *line = tty_line;
384 break;
385 }
386 }
387 mutex_unlock(&tty_mutex);
388
389 return res;
390 }
391 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
392 #endif
393
394 /**
395 * tty_check_change - check for POSIX terminal changes
396 * @tty: tty to check
397 *
398 * If we try to write to, or set the state of, a terminal and we're
399 * not in the foreground, send a SIGTTOU. If the signal is blocked or
400 * ignored, go ahead and perform the operation. (POSIX 7.2)
401 *
402 * Locking: ctrl_lock
403 */
404
tty_check_change(struct tty_struct * tty)405 int tty_check_change(struct tty_struct *tty)
406 {
407 unsigned long flags;
408 int ret = 0;
409
410 if (current->signal->tty != tty)
411 return 0;
412
413 spin_lock_irqsave(&tty->ctrl_lock, flags);
414
415 if (!tty->pgrp) {
416 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
417 goto out_unlock;
418 }
419 if (task_pgrp(current) == tty->pgrp)
420 goto out_unlock;
421 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
422 if (is_ignored(SIGTTOU))
423 goto out;
424 if (is_current_pgrp_orphaned()) {
425 ret = -EIO;
426 goto out;
427 }
428 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
429 set_thread_flag(TIF_SIGPENDING);
430 ret = -ERESTARTSYS;
431 out:
432 return ret;
433 out_unlock:
434 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
435 return ret;
436 }
437
438 EXPORT_SYMBOL(tty_check_change);
439
hung_up_tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)440 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
441 size_t count, loff_t *ppos)
442 {
443 return 0;
444 }
445
hung_up_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)446 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
447 size_t count, loff_t *ppos)
448 {
449 return -EIO;
450 }
451
452 /* No kernel lock held - none needed ;) */
hung_up_tty_poll(struct file * filp,poll_table * wait)453 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
454 {
455 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
456 }
457
hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)458 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
459 unsigned long arg)
460 {
461 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
462 }
463
hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)464 static long hung_up_tty_compat_ioctl(struct file *file,
465 unsigned int cmd, unsigned long arg)
466 {
467 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
468 }
469
470 static const struct file_operations tty_fops = {
471 .llseek = no_llseek,
472 .read = tty_read,
473 .write = tty_write,
474 .poll = tty_poll,
475 .unlocked_ioctl = tty_ioctl,
476 .compat_ioctl = tty_compat_ioctl,
477 .open = tty_open,
478 .release = tty_release,
479 .fasync = tty_fasync,
480 };
481
482 static const struct file_operations console_fops = {
483 .llseek = no_llseek,
484 .read = tty_read,
485 .write = redirected_tty_write,
486 .poll = tty_poll,
487 .unlocked_ioctl = tty_ioctl,
488 .compat_ioctl = tty_compat_ioctl,
489 .open = tty_open,
490 .release = tty_release,
491 .fasync = tty_fasync,
492 };
493
494 static const struct file_operations hung_up_tty_fops = {
495 .llseek = no_llseek,
496 .read = hung_up_tty_read,
497 .write = hung_up_tty_write,
498 .poll = hung_up_tty_poll,
499 .unlocked_ioctl = hung_up_tty_ioctl,
500 .compat_ioctl = hung_up_tty_compat_ioctl,
501 .release = tty_release,
502 };
503
504 static DEFINE_SPINLOCK(redirect_lock);
505 static struct file *redirect;
506
507 /**
508 * tty_wakeup - request more data
509 * @tty: terminal
510 *
511 * Internal and external helper for wakeups of tty. This function
512 * informs the line discipline if present that the driver is ready
513 * to receive more output data.
514 */
515
tty_wakeup(struct tty_struct * tty)516 void tty_wakeup(struct tty_struct *tty)
517 {
518 struct tty_ldisc *ld;
519
520 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
521 ld = tty_ldisc_ref(tty);
522 if (ld) {
523 if (ld->ops->write_wakeup)
524 ld->ops->write_wakeup(tty);
525 tty_ldisc_deref(ld);
526 }
527 }
528 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
529 }
530
531 EXPORT_SYMBOL_GPL(tty_wakeup);
532
533 /**
534 * __tty_hangup - actual handler for hangup events
535 * @work: tty device
536 *
537 * This can be called by the "eventd" kernel thread. That is process
538 * synchronous but doesn't hold any locks, so we need to make sure we
539 * have the appropriate locks for what we're doing.
540 *
541 * The hangup event clears any pending redirections onto the hung up
542 * device. It ensures future writes will error and it does the needed
543 * line discipline hangup and signal delivery. The tty object itself
544 * remains intact.
545 *
546 * Locking:
547 * BTM
548 * redirect lock for undoing redirection
549 * file list lock for manipulating list of ttys
550 * tty_ldisc_lock from called functions
551 * termios_mutex resetting termios data
552 * tasklist_lock to walk task list for hangup event
553 * ->siglock to protect ->signal/->sighand
554 */
__tty_hangup(struct tty_struct * tty)555 void __tty_hangup(struct tty_struct *tty)
556 {
557 struct file *cons_filp = NULL;
558 struct file *filp, *f = NULL;
559 struct task_struct *p;
560 struct tty_file_private *priv;
561 int closecount = 0, n;
562 unsigned long flags;
563 int refs = 0;
564
565 if (!tty)
566 return;
567
568
569 spin_lock(&redirect_lock);
570 if (redirect && file_tty(redirect) == tty) {
571 f = redirect;
572 redirect = NULL;
573 }
574 spin_unlock(&redirect_lock);
575
576 tty_lock();
577
578 /* some functions below drop BTM, so we need this bit */
579 set_bit(TTY_HUPPING, &tty->flags);
580
581 /* inuse_filps is protected by the single tty lock,
582 this really needs to change if we want to flush the
583 workqueue with the lock held */
584 check_tty_count(tty, "tty_hangup");
585
586 spin_lock(&tty_files_lock);
587 /* This breaks for file handles being sent over AF_UNIX sockets ? */
588 list_for_each_entry(priv, &tty->tty_files, list) {
589 filp = priv->file;
590 if (filp->f_op->write == redirected_tty_write)
591 cons_filp = filp;
592 if (filp->f_op->write != tty_write)
593 continue;
594 closecount++;
595 __tty_fasync(-1, filp, 0); /* can't block */
596 filp->f_op = &hung_up_tty_fops;
597 }
598 spin_unlock(&tty_files_lock);
599
600 /*
601 * it drops BTM and thus races with reopen
602 * we protect the race by TTY_HUPPING
603 */
604 tty_ldisc_hangup(tty);
605
606 read_lock(&tasklist_lock);
607 if (tty->session) {
608 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
609 spin_lock_irq(&p->sighand->siglock);
610 if (p->signal->tty == tty) {
611 p->signal->tty = NULL;
612 /* We defer the dereferences outside fo
613 the tasklist lock */
614 refs++;
615 }
616 if (!p->signal->leader) {
617 spin_unlock_irq(&p->sighand->siglock);
618 continue;
619 }
620 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
621 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
622 put_pid(p->signal->tty_old_pgrp); /* A noop */
623 spin_lock_irqsave(&tty->ctrl_lock, flags);
624 if (tty->pgrp)
625 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
626 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
627 spin_unlock_irq(&p->sighand->siglock);
628 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
629 }
630 read_unlock(&tasklist_lock);
631
632 spin_lock_irqsave(&tty->ctrl_lock, flags);
633 clear_bit(TTY_THROTTLED, &tty->flags);
634 clear_bit(TTY_PUSH, &tty->flags);
635 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
636 put_pid(tty->session);
637 put_pid(tty->pgrp);
638 tty->session = NULL;
639 tty->pgrp = NULL;
640 tty->ctrl_status = 0;
641 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
642
643 /* Account for the p->signal references we killed */
644 while (refs--)
645 tty_kref_put(tty);
646
647 /*
648 * If one of the devices matches a console pointer, we
649 * cannot just call hangup() because that will cause
650 * tty->count and state->count to go out of sync.
651 * So we just call close() the right number of times.
652 */
653 if (cons_filp) {
654 if (tty->ops->close)
655 for (n = 0; n < closecount; n++)
656 tty->ops->close(tty, cons_filp);
657 } else if (tty->ops->hangup)
658 (tty->ops->hangup)(tty);
659 /*
660 * We don't want to have driver/ldisc interactions beyond
661 * the ones we did here. The driver layer expects no
662 * calls after ->hangup() from the ldisc side. However we
663 * can't yet guarantee all that.
664 */
665 set_bit(TTY_HUPPED, &tty->flags);
666 clear_bit(TTY_HUPPING, &tty->flags);
667 tty_ldisc_enable(tty);
668
669 tty_unlock();
670
671 if (f)
672 fput(f);
673 }
674
do_tty_hangup(struct work_struct * work)675 static void do_tty_hangup(struct work_struct *work)
676 {
677 struct tty_struct *tty =
678 container_of(work, struct tty_struct, hangup_work);
679
680 __tty_hangup(tty);
681 }
682
683 /**
684 * tty_hangup - trigger a hangup event
685 * @tty: tty to hangup
686 *
687 * A carrier loss (virtual or otherwise) has occurred on this like
688 * schedule a hangup sequence to run after this event.
689 */
690
tty_hangup(struct tty_struct * tty)691 void tty_hangup(struct tty_struct *tty)
692 {
693 #ifdef TTY_DEBUG_HANGUP
694 char buf[64];
695 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
696 #endif
697 schedule_work(&tty->hangup_work);
698 }
699
700 EXPORT_SYMBOL(tty_hangup);
701
702 /**
703 * tty_vhangup - process vhangup
704 * @tty: tty to hangup
705 *
706 * The user has asked via system call for the terminal to be hung up.
707 * We do this synchronously so that when the syscall returns the process
708 * is complete. That guarantee is necessary for security reasons.
709 */
710
tty_vhangup(struct tty_struct * tty)711 void tty_vhangup(struct tty_struct *tty)
712 {
713 #ifdef TTY_DEBUG_HANGUP
714 char buf[64];
715
716 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
717 #endif
718 __tty_hangup(tty);
719 }
720
721 EXPORT_SYMBOL(tty_vhangup);
722
723
724 /**
725 * tty_vhangup_self - process vhangup for own ctty
726 *
727 * Perform a vhangup on the current controlling tty
728 */
729
tty_vhangup_self(void)730 void tty_vhangup_self(void)
731 {
732 struct tty_struct *tty;
733
734 tty = get_current_tty();
735 if (tty) {
736 tty_vhangup(tty);
737 tty_kref_put(tty);
738 }
739 }
740
741 /**
742 * tty_hung_up_p - was tty hung up
743 * @filp: file pointer of tty
744 *
745 * Return true if the tty has been subject to a vhangup or a carrier
746 * loss
747 */
748
tty_hung_up_p(struct file * filp)749 int tty_hung_up_p(struct file *filp)
750 {
751 return (filp->f_op == &hung_up_tty_fops);
752 }
753
754 EXPORT_SYMBOL(tty_hung_up_p);
755
session_clear_tty(struct pid * session)756 static void session_clear_tty(struct pid *session)
757 {
758 struct task_struct *p;
759 do_each_pid_task(session, PIDTYPE_SID, p) {
760 proc_clear_tty(p);
761 } while_each_pid_task(session, PIDTYPE_SID, p);
762 }
763
764 /**
765 * disassociate_ctty - disconnect controlling tty
766 * @on_exit: true if exiting so need to "hang up" the session
767 *
768 * This function is typically called only by the session leader, when
769 * it wants to disassociate itself from its controlling tty.
770 *
771 * It performs the following functions:
772 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
773 * (2) Clears the tty from being controlling the session
774 * (3) Clears the controlling tty for all processes in the
775 * session group.
776 *
777 * The argument on_exit is set to 1 if called when a process is
778 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
779 *
780 * Locking:
781 * BTM is taken for hysterical raisins, and held when
782 * called from no_tty().
783 * tty_mutex is taken to protect tty
784 * ->siglock is taken to protect ->signal/->sighand
785 * tasklist_lock is taken to walk process list for sessions
786 * ->siglock is taken to protect ->signal/->sighand
787 */
788
disassociate_ctty(int on_exit)789 void disassociate_ctty(int on_exit)
790 {
791 struct tty_struct *tty;
792
793 if (!current->signal->leader)
794 return;
795
796 tty = get_current_tty();
797 if (tty) {
798 struct pid *tty_pgrp = get_pid(tty->pgrp);
799 if (on_exit) {
800 if (tty->driver->type != TTY_DRIVER_TYPE_PTY)
801 tty_vhangup(tty);
802 }
803 tty_kref_put(tty);
804 if (tty_pgrp) {
805 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
806 if (!on_exit)
807 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
808 put_pid(tty_pgrp);
809 }
810 } else if (on_exit) {
811 struct pid *old_pgrp;
812 spin_lock_irq(¤t->sighand->siglock);
813 old_pgrp = current->signal->tty_old_pgrp;
814 current->signal->tty_old_pgrp = NULL;
815 spin_unlock_irq(¤t->sighand->siglock);
816 if (old_pgrp) {
817 kill_pgrp(old_pgrp, SIGHUP, on_exit);
818 kill_pgrp(old_pgrp, SIGCONT, on_exit);
819 put_pid(old_pgrp);
820 }
821 return;
822 }
823
824 spin_lock_irq(¤t->sighand->siglock);
825 put_pid(current->signal->tty_old_pgrp);
826 current->signal->tty_old_pgrp = NULL;
827 spin_unlock_irq(¤t->sighand->siglock);
828
829 tty = get_current_tty();
830 if (tty) {
831 unsigned long flags;
832 spin_lock_irqsave(&tty->ctrl_lock, flags);
833 put_pid(tty->session);
834 put_pid(tty->pgrp);
835 tty->session = NULL;
836 tty->pgrp = NULL;
837 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
838 tty_kref_put(tty);
839 } else {
840 #ifdef TTY_DEBUG_HANGUP
841 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
842 " = NULL", tty);
843 #endif
844 }
845
846 /* Now clear signal->tty under the lock */
847 read_lock(&tasklist_lock);
848 session_clear_tty(task_session(current));
849 read_unlock(&tasklist_lock);
850 }
851
852 /**
853 *
854 * no_tty - Ensure the current process does not have a controlling tty
855 */
no_tty(void)856 void no_tty(void)
857 {
858 struct task_struct *tsk = current;
859 tty_lock();
860 disassociate_ctty(0);
861 tty_unlock();
862 proc_clear_tty(tsk);
863 }
864
865
866 /**
867 * stop_tty - propagate flow control
868 * @tty: tty to stop
869 *
870 * Perform flow control to the driver. For PTY/TTY pairs we
871 * must also propagate the TIOCKPKT status. May be called
872 * on an already stopped device and will not re-call the driver
873 * method.
874 *
875 * This functionality is used by both the line disciplines for
876 * halting incoming flow and by the driver. It may therefore be
877 * called from any context, may be under the tty atomic_write_lock
878 * but not always.
879 *
880 * Locking:
881 * Uses the tty control lock internally
882 */
883
stop_tty(struct tty_struct * tty)884 void stop_tty(struct tty_struct *tty)
885 {
886 unsigned long flags;
887 spin_lock_irqsave(&tty->ctrl_lock, flags);
888 if (tty->stopped) {
889 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
890 return;
891 }
892 tty->stopped = 1;
893 if (tty->link && tty->link->packet) {
894 tty->ctrl_status &= ~TIOCPKT_START;
895 tty->ctrl_status |= TIOCPKT_STOP;
896 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
897 }
898 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
899 if (tty->ops->stop)
900 (tty->ops->stop)(tty);
901 }
902
903 EXPORT_SYMBOL(stop_tty);
904
905 /**
906 * start_tty - propagate flow control
907 * @tty: tty to start
908 *
909 * Start a tty that has been stopped if at all possible. Perform
910 * any necessary wakeups and propagate the TIOCPKT status. If this
911 * is the tty was previous stopped and is being started then the
912 * driver start method is invoked and the line discipline woken.
913 *
914 * Locking:
915 * ctrl_lock
916 */
917
start_tty(struct tty_struct * tty)918 void start_tty(struct tty_struct *tty)
919 {
920 unsigned long flags;
921 spin_lock_irqsave(&tty->ctrl_lock, flags);
922 if (!tty->stopped || tty->flow_stopped) {
923 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
924 return;
925 }
926 tty->stopped = 0;
927 if (tty->link && tty->link->packet) {
928 tty->ctrl_status &= ~TIOCPKT_STOP;
929 tty->ctrl_status |= TIOCPKT_START;
930 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
931 }
932 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
933 if (tty->ops->start)
934 (tty->ops->start)(tty);
935 /* If we have a running line discipline it may need kicking */
936 tty_wakeup(tty);
937 }
938
939 EXPORT_SYMBOL(start_tty);
940
941 /* We limit tty time update visibility to every 8 seconds or so. */
tty_update_time(struct timespec * time)942 static void tty_update_time(struct timespec *time)
943 {
944 unsigned long sec = get_seconds() & ~7;
945 if ((long)(sec - time->tv_sec) > 0)
946 time->tv_sec = sec;
947 }
948
949 /**
950 * tty_read - read method for tty device files
951 * @file: pointer to tty file
952 * @buf: user buffer
953 * @count: size of user buffer
954 * @ppos: unused
955 *
956 * Perform the read system call function on this terminal device. Checks
957 * for hung up devices before calling the line discipline method.
958 *
959 * Locking:
960 * Locks the line discipline internally while needed. Multiple
961 * read calls may be outstanding in parallel.
962 */
963
tty_read(struct file * file,char __user * buf,size_t count,loff_t * ppos)964 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
965 loff_t *ppos)
966 {
967 int i;
968 struct inode *inode = file->f_path.dentry->d_inode;
969 struct tty_struct *tty = file_tty(file);
970 struct tty_ldisc *ld;
971
972 if (tty_paranoia_check(tty, inode, "tty_read"))
973 return -EIO;
974 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
975 return -EIO;
976
977 /* We want to wait for the line discipline to sort out in this
978 situation */
979 ld = tty_ldisc_ref_wait(tty);
980 if (ld->ops->read)
981 i = (ld->ops->read)(tty, file, buf, count);
982 else
983 i = -EIO;
984 tty_ldisc_deref(ld);
985
986 if (i > 0)
987 tty_update_time(&inode->i_atime);
988
989 return i;
990 }
991
tty_write_unlock(struct tty_struct * tty)992 void tty_write_unlock(struct tty_struct *tty)
993 __releases(&tty->atomic_write_lock)
994 {
995 mutex_unlock(&tty->atomic_write_lock);
996 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
997 }
998
tty_write_lock(struct tty_struct * tty,int ndelay)999 int tty_write_lock(struct tty_struct *tty, int ndelay)
1000 __acquires(&tty->atomic_write_lock)
1001 {
1002 if (!mutex_trylock(&tty->atomic_write_lock)) {
1003 if (ndelay)
1004 return -EAGAIN;
1005 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1006 return -ERESTARTSYS;
1007 }
1008 return 0;
1009 }
1010
1011 /*
1012 * Split writes up in sane blocksizes to avoid
1013 * denial-of-service type attacks
1014 */
do_tty_write(ssize_t (* write)(struct tty_struct *,struct file *,const unsigned char *,size_t),struct tty_struct * tty,struct file * file,const char __user * buf,size_t count)1015 static inline ssize_t do_tty_write(
1016 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1017 struct tty_struct *tty,
1018 struct file *file,
1019 const char __user *buf,
1020 size_t count)
1021 {
1022 ssize_t ret, written = 0;
1023 unsigned int chunk;
1024
1025 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1026 if (ret < 0)
1027 return ret;
1028
1029 /*
1030 * We chunk up writes into a temporary buffer. This
1031 * simplifies low-level drivers immensely, since they
1032 * don't have locking issues and user mode accesses.
1033 *
1034 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1035 * big chunk-size..
1036 *
1037 * The default chunk-size is 2kB, because the NTTY
1038 * layer has problems with bigger chunks. It will
1039 * claim to be able to handle more characters than
1040 * it actually does.
1041 *
1042 * FIXME: This can probably go away now except that 64K chunks
1043 * are too likely to fail unless switched to vmalloc...
1044 */
1045 chunk = 2048;
1046 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1047 chunk = 65536;
1048 if (count < chunk)
1049 chunk = count;
1050
1051 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1052 if (tty->write_cnt < chunk) {
1053 unsigned char *buf_chunk;
1054
1055 if (chunk < 1024)
1056 chunk = 1024;
1057
1058 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1059 if (!buf_chunk) {
1060 ret = -ENOMEM;
1061 goto out;
1062 }
1063 kfree(tty->write_buf);
1064 tty->write_cnt = chunk;
1065 tty->write_buf = buf_chunk;
1066 }
1067
1068 /* Do the write .. */
1069 for (;;) {
1070 size_t size = count;
1071 if (size > chunk)
1072 size = chunk;
1073 ret = -EFAULT;
1074 if (copy_from_user(tty->write_buf, buf, size))
1075 break;
1076 ret = write(tty, file, tty->write_buf, size);
1077 if (ret <= 0)
1078 break;
1079 written += ret;
1080 buf += ret;
1081 count -= ret;
1082 if (!count)
1083 break;
1084 ret = -ERESTARTSYS;
1085 if (signal_pending(current))
1086 break;
1087 cond_resched();
1088 }
1089 if (written) {
1090 struct inode *inode = file->f_path.dentry->d_inode;
1091 tty_update_time(&inode->i_mtime);
1092 ret = written;
1093 }
1094 out:
1095 tty_write_unlock(tty);
1096 return ret;
1097 }
1098
1099 /**
1100 * tty_write_message - write a message to a certain tty, not just the console.
1101 * @tty: the destination tty_struct
1102 * @msg: the message to write
1103 *
1104 * This is used for messages that need to be redirected to a specific tty.
1105 * We don't put it into the syslog queue right now maybe in the future if
1106 * really needed.
1107 *
1108 * We must still hold the BTM and test the CLOSING flag for the moment.
1109 */
1110
tty_write_message(struct tty_struct * tty,char * msg)1111 void tty_write_message(struct tty_struct *tty, char *msg)
1112 {
1113 if (tty) {
1114 mutex_lock(&tty->atomic_write_lock);
1115 tty_lock();
1116 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1117 tty_unlock();
1118 tty->ops->write(tty, msg, strlen(msg));
1119 } else
1120 tty_unlock();
1121 tty_write_unlock(tty);
1122 }
1123 return;
1124 }
1125
1126
1127 /**
1128 * tty_write - write method for tty device file
1129 * @file: tty file pointer
1130 * @buf: user data to write
1131 * @count: bytes to write
1132 * @ppos: unused
1133 *
1134 * Write data to a tty device via the line discipline.
1135 *
1136 * Locking:
1137 * Locks the line discipline as required
1138 * Writes to the tty driver are serialized by the atomic_write_lock
1139 * and are then processed in chunks to the device. The line discipline
1140 * write method will not be invoked in parallel for each device.
1141 */
1142
tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1143 static ssize_t tty_write(struct file *file, const char __user *buf,
1144 size_t count, loff_t *ppos)
1145 {
1146 struct inode *inode = file->f_path.dentry->d_inode;
1147 struct tty_struct *tty = file_tty(file);
1148 struct tty_ldisc *ld;
1149 ssize_t ret;
1150
1151 if (tty_paranoia_check(tty, inode, "tty_write"))
1152 return -EIO;
1153 if (!tty || !tty->ops->write ||
1154 (test_bit(TTY_IO_ERROR, &tty->flags)))
1155 return -EIO;
1156 /* Short term debug to catch buggy drivers */
1157 if (tty->ops->write_room == NULL)
1158 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1159 tty->driver->name);
1160 ld = tty_ldisc_ref_wait(tty);
1161 if (!ld->ops->write)
1162 ret = -EIO;
1163 else
1164 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1165 tty_ldisc_deref(ld);
1166 return ret;
1167 }
1168
redirected_tty_write(struct file * file,const char __user * buf,size_t count,loff_t * ppos)1169 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1170 size_t count, loff_t *ppos)
1171 {
1172 struct file *p = NULL;
1173
1174 spin_lock(&redirect_lock);
1175 if (redirect) {
1176 get_file(redirect);
1177 p = redirect;
1178 }
1179 spin_unlock(&redirect_lock);
1180
1181 if (p) {
1182 ssize_t res;
1183 res = vfs_write(p, buf, count, &p->f_pos);
1184 fput(p);
1185 return res;
1186 }
1187 return tty_write(file, buf, count, ppos);
1188 }
1189
1190 static char ptychar[] = "pqrstuvwxyzabcde";
1191
1192 /**
1193 * pty_line_name - generate name for a pty
1194 * @driver: the tty driver in use
1195 * @index: the minor number
1196 * @p: output buffer of at least 6 bytes
1197 *
1198 * Generate a name from a driver reference and write it to the output
1199 * buffer.
1200 *
1201 * Locking: None
1202 */
pty_line_name(struct tty_driver * driver,int index,char * p)1203 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1204 {
1205 int i = index + driver->name_base;
1206 /* ->name is initialized to "ttyp", but "tty" is expected */
1207 sprintf(p, "%s%c%x",
1208 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1209 ptychar[i >> 4 & 0xf], i & 0xf);
1210 }
1211
1212 /**
1213 * tty_line_name - generate name for a tty
1214 * @driver: the tty driver in use
1215 * @index: the minor number
1216 * @p: output buffer of at least 7 bytes
1217 *
1218 * Generate a name from a driver reference and write it to the output
1219 * buffer.
1220 *
1221 * Locking: None
1222 */
tty_line_name(struct tty_driver * driver,int index,char * p)1223 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1224 {
1225 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1226 }
1227
1228 /**
1229 * tty_driver_lookup_tty() - find an existing tty, if any
1230 * @driver: the driver for the tty
1231 * @idx: the minor number
1232 *
1233 * Return the tty, if found or ERR_PTR() otherwise.
1234 *
1235 * Locking: tty_mutex must be held. If tty is found, the mutex must
1236 * be held until the 'fast-open' is also done. Will change once we
1237 * have refcounting in the driver and per driver locking
1238 */
tty_driver_lookup_tty(struct tty_driver * driver,struct inode * inode,int idx)1239 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1240 struct inode *inode, int idx)
1241 {
1242 if (driver->ops->lookup)
1243 return driver->ops->lookup(driver, inode, idx);
1244
1245 return driver->ttys[idx];
1246 }
1247
1248 /**
1249 * tty_init_termios - helper for termios setup
1250 * @tty: the tty to set up
1251 *
1252 * Initialise the termios structures for this tty. Thus runs under
1253 * the tty_mutex currently so we can be relaxed about ordering.
1254 */
1255
tty_init_termios(struct tty_struct * tty)1256 int tty_init_termios(struct tty_struct *tty)
1257 {
1258 struct ktermios *tp;
1259 int idx = tty->index;
1260
1261 tp = tty->driver->termios[idx];
1262 if (tp == NULL) {
1263 tp = kzalloc(sizeof(struct ktermios[2]), GFP_KERNEL);
1264 if (tp == NULL)
1265 return -ENOMEM;
1266 memcpy(tp, &tty->driver->init_termios,
1267 sizeof(struct ktermios));
1268 tty->driver->termios[idx] = tp;
1269 }
1270 tty->termios = tp;
1271 tty->termios_locked = tp + 1;
1272
1273 /* Compatibility until drivers always set this */
1274 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1275 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1276 return 0;
1277 }
1278 EXPORT_SYMBOL_GPL(tty_init_termios);
1279
tty_standard_install(struct tty_driver * driver,struct tty_struct * tty)1280 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1281 {
1282 int ret = tty_init_termios(tty);
1283 if (ret)
1284 return ret;
1285
1286 tty_driver_kref_get(driver);
1287 tty->count++;
1288 driver->ttys[tty->index] = tty;
1289 return 0;
1290 }
1291 EXPORT_SYMBOL_GPL(tty_standard_install);
1292
1293 /**
1294 * tty_driver_install_tty() - install a tty entry in the driver
1295 * @driver: the driver for the tty
1296 * @tty: the tty
1297 *
1298 * Install a tty object into the driver tables. The tty->index field
1299 * will be set by the time this is called. This method is responsible
1300 * for ensuring any need additional structures are allocated and
1301 * configured.
1302 *
1303 * Locking: tty_mutex for now
1304 */
tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1305 static int tty_driver_install_tty(struct tty_driver *driver,
1306 struct tty_struct *tty)
1307 {
1308 return driver->ops->install ? driver->ops->install(driver, tty) :
1309 tty_standard_install(driver, tty);
1310 }
1311
1312 /**
1313 * tty_driver_remove_tty() - remove a tty from the driver tables
1314 * @driver: the driver for the tty
1315 * @idx: the minor number
1316 *
1317 * Remvoe a tty object from the driver tables. The tty->index field
1318 * will be set by the time this is called.
1319 *
1320 * Locking: tty_mutex for now
1321 */
tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1322 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1323 {
1324 if (driver->ops->remove)
1325 driver->ops->remove(driver, tty);
1326 else
1327 driver->ttys[tty->index] = NULL;
1328 }
1329
1330 /*
1331 * tty_reopen() - fast re-open of an open tty
1332 * @tty - the tty to open
1333 *
1334 * Return 0 on success, -errno on error.
1335 *
1336 * Locking: tty_mutex must be held from the time the tty was found
1337 * till this open completes.
1338 */
tty_reopen(struct tty_struct * tty)1339 static int tty_reopen(struct tty_struct *tty)
1340 {
1341 struct tty_driver *driver = tty->driver;
1342
1343 if (test_bit(TTY_CLOSING, &tty->flags) ||
1344 test_bit(TTY_HUPPING, &tty->flags) ||
1345 test_bit(TTY_LDISC_CHANGING, &tty->flags))
1346 return -EIO;
1347
1348 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1349 driver->subtype == PTY_TYPE_MASTER) {
1350 /*
1351 * special case for PTY masters: only one open permitted,
1352 * and the slave side open count is incremented as well.
1353 */
1354 if (tty->count)
1355 return -EIO;
1356
1357 tty->link->count++;
1358 }
1359 tty->count++;
1360
1361 mutex_lock(&tty->ldisc_mutex);
1362 WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1363 mutex_unlock(&tty->ldisc_mutex);
1364
1365 return 0;
1366 }
1367
1368 /**
1369 * tty_init_dev - initialise a tty device
1370 * @driver: tty driver we are opening a device on
1371 * @idx: device index
1372 * @ret_tty: returned tty structure
1373 *
1374 * Prepare a tty device. This may not be a "new" clean device but
1375 * could also be an active device. The pty drivers require special
1376 * handling because of this.
1377 *
1378 * Locking:
1379 * The function is called under the tty_mutex, which
1380 * protects us from the tty struct or driver itself going away.
1381 *
1382 * On exit the tty device has the line discipline attached and
1383 * a reference count of 1. If a pair was created for pty/tty use
1384 * and the other was a pty master then it too has a reference count of 1.
1385 *
1386 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1387 * failed open. The new code protects the open with a mutex, so it's
1388 * really quite straightforward. The mutex locking can probably be
1389 * relaxed for the (most common) case of reopening a tty.
1390 */
1391
tty_init_dev(struct tty_driver * driver,int idx)1392 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1393 {
1394 struct tty_struct *tty;
1395 int retval;
1396
1397 /*
1398 * First time open is complex, especially for PTY devices.
1399 * This code guarantees that either everything succeeds and the
1400 * TTY is ready for operation, or else the table slots are vacated
1401 * and the allocated memory released. (Except that the termios
1402 * and locked termios may be retained.)
1403 */
1404
1405 if (!try_module_get(driver->owner))
1406 return ERR_PTR(-ENODEV);
1407
1408 tty = alloc_tty_struct();
1409 if (!tty) {
1410 retval = -ENOMEM;
1411 goto err_module_put;
1412 }
1413 initialize_tty_struct(tty, driver, idx);
1414
1415 retval = tty_driver_install_tty(driver, tty);
1416 if (retval < 0)
1417 goto err_deinit_tty;
1418
1419 /*
1420 * Structures all installed ... call the ldisc open routines.
1421 * If we fail here just call release_tty to clean up. No need
1422 * to decrement the use counts, as release_tty doesn't care.
1423 */
1424 retval = tty_ldisc_setup(tty, tty->link);
1425 if (retval)
1426 goto err_release_tty;
1427 return tty;
1428
1429 err_deinit_tty:
1430 deinitialize_tty_struct(tty);
1431 free_tty_struct(tty);
1432 err_module_put:
1433 module_put(driver->owner);
1434 return ERR_PTR(retval);
1435
1436 /* call the tty release_tty routine to clean out this slot */
1437 err_release_tty:
1438 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1439 "clearing slot %d\n", idx);
1440 release_tty(tty, idx);
1441 return ERR_PTR(retval);
1442 }
1443
tty_free_termios(struct tty_struct * tty)1444 void tty_free_termios(struct tty_struct *tty)
1445 {
1446 struct ktermios *tp;
1447 int idx = tty->index;
1448 /* Kill this flag and push into drivers for locking etc */
1449 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1450 /* FIXME: Locking on ->termios array */
1451 tp = tty->termios;
1452 tty->driver->termios[idx] = NULL;
1453 kfree(tp);
1454 }
1455 }
1456 EXPORT_SYMBOL(tty_free_termios);
1457
tty_shutdown(struct tty_struct * tty)1458 void tty_shutdown(struct tty_struct *tty)
1459 {
1460 tty_driver_remove_tty(tty->driver, tty);
1461 tty_free_termios(tty);
1462 }
1463 EXPORT_SYMBOL(tty_shutdown);
1464
1465 /**
1466 * release_one_tty - release tty structure memory
1467 * @kref: kref of tty we are obliterating
1468 *
1469 * Releases memory associated with a tty structure, and clears out the
1470 * driver table slots. This function is called when a device is no longer
1471 * in use. It also gets called when setup of a device fails.
1472 *
1473 * Locking:
1474 * tty_mutex - sometimes only
1475 * takes the file list lock internally when working on the list
1476 * of ttys that the driver keeps.
1477 *
1478 * This method gets called from a work queue so that the driver private
1479 * cleanup ops can sleep (needed for USB at least)
1480 */
release_one_tty(struct work_struct * work)1481 static void release_one_tty(struct work_struct *work)
1482 {
1483 struct tty_struct *tty =
1484 container_of(work, struct tty_struct, hangup_work);
1485 struct tty_driver *driver = tty->driver;
1486
1487 if (tty->ops->cleanup)
1488 tty->ops->cleanup(tty);
1489
1490 tty->magic = 0;
1491 tty_driver_kref_put(driver);
1492 module_put(driver->owner);
1493
1494 spin_lock(&tty_files_lock);
1495 list_del_init(&tty->tty_files);
1496 spin_unlock(&tty_files_lock);
1497
1498 put_pid(tty->pgrp);
1499 put_pid(tty->session);
1500 free_tty_struct(tty);
1501 }
1502
queue_release_one_tty(struct kref * kref)1503 static void queue_release_one_tty(struct kref *kref)
1504 {
1505 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1506
1507 if (tty->ops->shutdown)
1508 tty->ops->shutdown(tty);
1509 else
1510 tty_shutdown(tty);
1511
1512 /* The hangup queue is now free so we can reuse it rather than
1513 waste a chunk of memory for each port */
1514 INIT_WORK(&tty->hangup_work, release_one_tty);
1515 schedule_work(&tty->hangup_work);
1516 }
1517
1518 /**
1519 * tty_kref_put - release a tty kref
1520 * @tty: tty device
1521 *
1522 * Release a reference to a tty device and if need be let the kref
1523 * layer destruct the object for us
1524 */
1525
tty_kref_put(struct tty_struct * tty)1526 void tty_kref_put(struct tty_struct *tty)
1527 {
1528 if (tty)
1529 kref_put(&tty->kref, queue_release_one_tty);
1530 }
1531 EXPORT_SYMBOL(tty_kref_put);
1532
1533 /**
1534 * release_tty - release tty structure memory
1535 *
1536 * Release both @tty and a possible linked partner (think pty pair),
1537 * and decrement the refcount of the backing module.
1538 *
1539 * Locking:
1540 * tty_mutex - sometimes only
1541 * takes the file list lock internally when working on the list
1542 * of ttys that the driver keeps.
1543 * FIXME: should we require tty_mutex is held here ??
1544 *
1545 */
release_tty(struct tty_struct * tty,int idx)1546 static void release_tty(struct tty_struct *tty, int idx)
1547 {
1548 /* This should always be true but check for the moment */
1549 WARN_ON(tty->index != idx);
1550
1551 if (tty->link)
1552 tty_kref_put(tty->link);
1553 tty_kref_put(tty);
1554 }
1555
1556 /**
1557 * tty_release_checks - check a tty before real release
1558 * @tty: tty to check
1559 * @o_tty: link of @tty (if any)
1560 * @idx: index of the tty
1561 *
1562 * Performs some paranoid checking before true release of the @tty.
1563 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1564 */
tty_release_checks(struct tty_struct * tty,struct tty_struct * o_tty,int idx)1565 static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1566 int idx)
1567 {
1568 #ifdef TTY_PARANOIA_CHECK
1569 if (idx < 0 || idx >= tty->driver->num) {
1570 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1571 __func__, tty->name);
1572 return -1;
1573 }
1574
1575 /* not much to check for devpts */
1576 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1577 return 0;
1578
1579 if (tty != tty->driver->ttys[idx]) {
1580 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1581 __func__, idx, tty->name);
1582 return -1;
1583 }
1584 if (tty->termios != tty->driver->termios[idx]) {
1585 printk(KERN_DEBUG "%s: driver.termios[%d] not termios for (%s)\n",
1586 __func__, idx, tty->name);
1587 return -1;
1588 }
1589 if (tty->driver->other) {
1590 if (o_tty != tty->driver->other->ttys[idx]) {
1591 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1592 __func__, idx, tty->name);
1593 return -1;
1594 }
1595 if (o_tty->termios != tty->driver->other->termios[idx]) {
1596 printk(KERN_DEBUG "%s: other->termios[%d] not o_termios for (%s)\n",
1597 __func__, idx, tty->name);
1598 return -1;
1599 }
1600 if (o_tty->link != tty) {
1601 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1602 return -1;
1603 }
1604 }
1605 #endif
1606 return 0;
1607 }
1608
1609 /**
1610 * tty_release - vfs callback for close
1611 * @inode: inode of tty
1612 * @filp: file pointer for handle to tty
1613 *
1614 * Called the last time each file handle is closed that references
1615 * this tty. There may however be several such references.
1616 *
1617 * Locking:
1618 * Takes bkl. See tty_release_dev
1619 *
1620 * Even releasing the tty structures is a tricky business.. We have
1621 * to be very careful that the structures are all released at the
1622 * same time, as interrupts might otherwise get the wrong pointers.
1623 *
1624 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1625 * lead to double frees or releasing memory still in use.
1626 */
1627
tty_release(struct inode * inode,struct file * filp)1628 int tty_release(struct inode *inode, struct file *filp)
1629 {
1630 struct tty_struct *tty = file_tty(filp);
1631 struct tty_struct *o_tty;
1632 int pty_master, tty_closing, o_tty_closing, do_sleep;
1633 int devpts;
1634 int idx;
1635 char buf[64];
1636
1637 if (tty_paranoia_check(tty, inode, __func__))
1638 return 0;
1639
1640 tty_lock();
1641 check_tty_count(tty, __func__);
1642
1643 __tty_fasync(-1, filp, 0);
1644
1645 idx = tty->index;
1646 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1647 tty->driver->subtype == PTY_TYPE_MASTER);
1648 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1649 o_tty = tty->link;
1650
1651 if (tty_release_checks(tty, o_tty, idx)) {
1652 tty_unlock();
1653 return 0;
1654 }
1655
1656 #ifdef TTY_DEBUG_HANGUP
1657 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1658 tty_name(tty, buf), tty->count);
1659 #endif
1660
1661 if (tty->ops->close)
1662 tty->ops->close(tty, filp);
1663
1664 tty_unlock();
1665 /*
1666 * Sanity check: if tty->count is going to zero, there shouldn't be
1667 * any waiters on tty->read_wait or tty->write_wait. We test the
1668 * wait queues and kick everyone out _before_ actually starting to
1669 * close. This ensures that we won't block while releasing the tty
1670 * structure.
1671 *
1672 * The test for the o_tty closing is necessary, since the master and
1673 * slave sides may close in any order. If the slave side closes out
1674 * first, its count will be one, since the master side holds an open.
1675 * Thus this test wouldn't be triggered at the time the slave closes,
1676 * so we do it now.
1677 *
1678 * Note that it's possible for the tty to be opened again while we're
1679 * flushing out waiters. By recalculating the closing flags before
1680 * each iteration we avoid any problems.
1681 */
1682 while (1) {
1683 /* Guard against races with tty->count changes elsewhere and
1684 opens on /dev/tty */
1685
1686 mutex_lock(&tty_mutex);
1687 tty_lock();
1688 tty_closing = tty->count <= 1;
1689 o_tty_closing = o_tty &&
1690 (o_tty->count <= (pty_master ? 1 : 0));
1691 do_sleep = 0;
1692
1693 if (tty_closing) {
1694 if (waitqueue_active(&tty->read_wait)) {
1695 wake_up_poll(&tty->read_wait, POLLIN);
1696 do_sleep++;
1697 }
1698 if (waitqueue_active(&tty->write_wait)) {
1699 wake_up_poll(&tty->write_wait, POLLOUT);
1700 do_sleep++;
1701 }
1702 }
1703 if (o_tty_closing) {
1704 if (waitqueue_active(&o_tty->read_wait)) {
1705 wake_up_poll(&o_tty->read_wait, POLLIN);
1706 do_sleep++;
1707 }
1708 if (waitqueue_active(&o_tty->write_wait)) {
1709 wake_up_poll(&o_tty->write_wait, POLLOUT);
1710 do_sleep++;
1711 }
1712 }
1713 if (!do_sleep)
1714 break;
1715
1716 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1717 __func__, tty_name(tty, buf));
1718 tty_unlock();
1719 mutex_unlock(&tty_mutex);
1720 schedule();
1721 }
1722
1723 /*
1724 * The closing flags are now consistent with the open counts on
1725 * both sides, and we've completed the last operation that could
1726 * block, so it's safe to proceed with closing.
1727 */
1728 if (pty_master) {
1729 if (--o_tty->count < 0) {
1730 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1731 __func__, o_tty->count, tty_name(o_tty, buf));
1732 o_tty->count = 0;
1733 }
1734 }
1735 if (--tty->count < 0) {
1736 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1737 __func__, tty->count, tty_name(tty, buf));
1738 tty->count = 0;
1739 }
1740
1741 /*
1742 * We've decremented tty->count, so we need to remove this file
1743 * descriptor off the tty->tty_files list; this serves two
1744 * purposes:
1745 * - check_tty_count sees the correct number of file descriptors
1746 * associated with this tty.
1747 * - do_tty_hangup no longer sees this file descriptor as
1748 * something that needs to be handled for hangups.
1749 */
1750 tty_del_file(filp);
1751
1752 /*
1753 * Perform some housekeeping before deciding whether to return.
1754 *
1755 * Set the TTY_CLOSING flag if this was the last open. In the
1756 * case of a pty we may have to wait around for the other side
1757 * to close, and TTY_CLOSING makes sure we can't be reopened.
1758 */
1759 if (tty_closing)
1760 set_bit(TTY_CLOSING, &tty->flags);
1761 if (o_tty_closing)
1762 set_bit(TTY_CLOSING, &o_tty->flags);
1763
1764 /*
1765 * If _either_ side is closing, make sure there aren't any
1766 * processes that still think tty or o_tty is their controlling
1767 * tty.
1768 */
1769 if (tty_closing || o_tty_closing) {
1770 read_lock(&tasklist_lock);
1771 session_clear_tty(tty->session);
1772 if (o_tty)
1773 session_clear_tty(o_tty->session);
1774 read_unlock(&tasklist_lock);
1775 }
1776
1777 mutex_unlock(&tty_mutex);
1778
1779 /* check whether both sides are closing ... */
1780 if (!tty_closing || (o_tty && !o_tty_closing)) {
1781 tty_unlock();
1782 return 0;
1783 }
1784
1785 #ifdef TTY_DEBUG_HANGUP
1786 printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__);
1787 #endif
1788 /*
1789 * Ask the line discipline code to release its structures
1790 */
1791 tty_ldisc_release(tty, o_tty);
1792 /*
1793 * The release_tty function takes care of the details of clearing
1794 * the slots and preserving the termios structure.
1795 */
1796 release_tty(tty, idx);
1797
1798 /* Make this pty number available for reallocation */
1799 if (devpts)
1800 devpts_kill_index(inode, idx);
1801 tty_unlock();
1802 return 0;
1803 }
1804
1805 /**
1806 * tty_open_current_tty - get tty of current task for open
1807 * @device: device number
1808 * @filp: file pointer to tty
1809 * @return: tty of the current task iff @device is /dev/tty
1810 *
1811 * We cannot return driver and index like for the other nodes because
1812 * devpts will not work then. It expects inodes to be from devpts FS.
1813 */
tty_open_current_tty(dev_t device,struct file * filp)1814 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1815 {
1816 struct tty_struct *tty;
1817
1818 if (device != MKDEV(TTYAUX_MAJOR, 0))
1819 return NULL;
1820
1821 tty = get_current_tty();
1822 if (!tty)
1823 return ERR_PTR(-ENXIO);
1824
1825 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1826 /* noctty = 1; */
1827 tty_kref_put(tty);
1828 /* FIXME: we put a reference and return a TTY! */
1829 return tty;
1830 }
1831
1832 /**
1833 * tty_lookup_driver - lookup a tty driver for a given device file
1834 * @device: device number
1835 * @filp: file pointer to tty
1836 * @noctty: set if the device should not become a controlling tty
1837 * @index: index for the device in the @return driver
1838 * @return: driver for this inode (with increased refcount)
1839 *
1840 * If @return is not erroneous, the caller is responsible to decrement the
1841 * refcount by tty_driver_kref_put.
1842 *
1843 * Locking: tty_mutex protects get_tty_driver
1844 */
tty_lookup_driver(dev_t device,struct file * filp,int * noctty,int * index)1845 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1846 int *noctty, int *index)
1847 {
1848 struct tty_driver *driver;
1849
1850 switch (device) {
1851 #ifdef CONFIG_VT
1852 case MKDEV(TTY_MAJOR, 0): {
1853 extern struct tty_driver *console_driver;
1854 driver = tty_driver_kref_get(console_driver);
1855 *index = fg_console;
1856 *noctty = 1;
1857 break;
1858 }
1859 #endif
1860 case MKDEV(TTYAUX_MAJOR, 1): {
1861 struct tty_driver *console_driver = console_device(index);
1862 if (console_driver) {
1863 driver = tty_driver_kref_get(console_driver);
1864 if (driver) {
1865 /* Don't let /dev/console block */
1866 filp->f_flags |= O_NONBLOCK;
1867 *noctty = 1;
1868 break;
1869 }
1870 }
1871 return ERR_PTR(-ENODEV);
1872 }
1873 default:
1874 driver = get_tty_driver(device, index);
1875 if (!driver)
1876 return ERR_PTR(-ENODEV);
1877 break;
1878 }
1879 return driver;
1880 }
1881
1882 /**
1883 * tty_open - open a tty device
1884 * @inode: inode of device file
1885 * @filp: file pointer to tty
1886 *
1887 * tty_open and tty_release keep up the tty count that contains the
1888 * number of opens done on a tty. We cannot use the inode-count, as
1889 * different inodes might point to the same tty.
1890 *
1891 * Open-counting is needed for pty masters, as well as for keeping
1892 * track of serial lines: DTR is dropped when the last close happens.
1893 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1894 *
1895 * The termios state of a pty is reset on first open so that
1896 * settings don't persist across reuse.
1897 *
1898 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
1899 * tty->count should protect the rest.
1900 * ->siglock protects ->signal/->sighand
1901 */
1902
tty_open(struct inode * inode,struct file * filp)1903 static int tty_open(struct inode *inode, struct file *filp)
1904 {
1905 struct tty_struct *tty;
1906 int noctty, retval;
1907 struct tty_driver *driver = NULL;
1908 int index;
1909 dev_t device = inode->i_rdev;
1910 unsigned saved_flags = filp->f_flags;
1911
1912 nonseekable_open(inode, filp);
1913
1914 retry_open:
1915 retval = tty_alloc_file(filp);
1916 if (retval)
1917 return -ENOMEM;
1918
1919 noctty = filp->f_flags & O_NOCTTY;
1920 index = -1;
1921 retval = 0;
1922
1923 mutex_lock(&tty_mutex);
1924 tty_lock();
1925
1926 tty = tty_open_current_tty(device, filp);
1927 if (IS_ERR(tty)) {
1928 retval = PTR_ERR(tty);
1929 goto err_unlock;
1930 } else if (!tty) {
1931 driver = tty_lookup_driver(device, filp, &noctty, &index);
1932 if (IS_ERR(driver)) {
1933 retval = PTR_ERR(driver);
1934 goto err_unlock;
1935 }
1936
1937 /* check whether we're reopening an existing tty */
1938 tty = tty_driver_lookup_tty(driver, inode, index);
1939 if (IS_ERR(tty)) {
1940 retval = PTR_ERR(tty);
1941 goto err_unlock;
1942 }
1943 }
1944
1945 if (tty) {
1946 retval = tty_reopen(tty);
1947 if (retval)
1948 tty = ERR_PTR(retval);
1949 } else
1950 tty = tty_init_dev(driver, index);
1951
1952 mutex_unlock(&tty_mutex);
1953 if (driver)
1954 tty_driver_kref_put(driver);
1955 if (IS_ERR(tty)) {
1956 tty_unlock();
1957 retval = PTR_ERR(tty);
1958 goto err_file;
1959 }
1960
1961 tty_add_file(tty, filp);
1962
1963 check_tty_count(tty, __func__);
1964 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1965 tty->driver->subtype == PTY_TYPE_MASTER)
1966 noctty = 1;
1967 #ifdef TTY_DEBUG_HANGUP
1968 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
1969 #endif
1970 if (tty->ops->open)
1971 retval = tty->ops->open(tty, filp);
1972 else
1973 retval = -ENODEV;
1974 filp->f_flags = saved_flags;
1975
1976 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1977 !capable(CAP_SYS_ADMIN))
1978 retval = -EBUSY;
1979
1980 if (retval) {
1981 #ifdef TTY_DEBUG_HANGUP
1982 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
1983 retval, tty->name);
1984 #endif
1985 tty_unlock(); /* need to call tty_release without BTM */
1986 tty_release(inode, filp);
1987 if (retval != -ERESTARTSYS)
1988 return retval;
1989
1990 if (signal_pending(current))
1991 return retval;
1992
1993 schedule();
1994 /*
1995 * Need to reset f_op in case a hangup happened.
1996 */
1997 tty_lock();
1998 if (filp->f_op == &hung_up_tty_fops)
1999 filp->f_op = &tty_fops;
2000 tty_unlock();
2001 goto retry_open;
2002 }
2003 tty_unlock();
2004
2005
2006 mutex_lock(&tty_mutex);
2007 tty_lock();
2008 spin_lock_irq(¤t->sighand->siglock);
2009 if (!noctty &&
2010 current->signal->leader &&
2011 !current->signal->tty &&
2012 tty->session == NULL)
2013 __proc_set_tty(current, tty);
2014 spin_unlock_irq(¤t->sighand->siglock);
2015 tty_unlock();
2016 mutex_unlock(&tty_mutex);
2017 return 0;
2018 err_unlock:
2019 tty_unlock();
2020 mutex_unlock(&tty_mutex);
2021 /* after locks to avoid deadlock */
2022 if (!IS_ERR_OR_NULL(driver))
2023 tty_driver_kref_put(driver);
2024 err_file:
2025 tty_free_file(filp);
2026 return retval;
2027 }
2028
2029
2030
2031 /**
2032 * tty_poll - check tty status
2033 * @filp: file being polled
2034 * @wait: poll wait structures to update
2035 *
2036 * Call the line discipline polling method to obtain the poll
2037 * status of the device.
2038 *
2039 * Locking: locks called line discipline but ldisc poll method
2040 * may be re-entered freely by other callers.
2041 */
2042
tty_poll(struct file * filp,poll_table * wait)2043 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2044 {
2045 struct tty_struct *tty = file_tty(filp);
2046 struct tty_ldisc *ld;
2047 int ret = 0;
2048
2049 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2050 return 0;
2051
2052 ld = tty_ldisc_ref_wait(tty);
2053 if (ld->ops->poll)
2054 ret = (ld->ops->poll)(tty, filp, wait);
2055 tty_ldisc_deref(ld);
2056 return ret;
2057 }
2058
__tty_fasync(int fd,struct file * filp,int on)2059 static int __tty_fasync(int fd, struct file *filp, int on)
2060 {
2061 struct tty_struct *tty = file_tty(filp);
2062 unsigned long flags;
2063 int retval = 0;
2064
2065 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2066 goto out;
2067
2068 retval = fasync_helper(fd, filp, on, &tty->fasync);
2069 if (retval <= 0)
2070 goto out;
2071
2072 if (on) {
2073 enum pid_type type;
2074 struct pid *pid;
2075 if (!waitqueue_active(&tty->read_wait))
2076 tty->minimum_to_wake = 1;
2077 spin_lock_irqsave(&tty->ctrl_lock, flags);
2078 if (tty->pgrp) {
2079 pid = tty->pgrp;
2080 type = PIDTYPE_PGID;
2081 } else {
2082 pid = task_pid(current);
2083 type = PIDTYPE_PID;
2084 }
2085 get_pid(pid);
2086 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2087 retval = __f_setown(filp, pid, type, 0);
2088 put_pid(pid);
2089 if (retval)
2090 goto out;
2091 } else {
2092 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2093 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2094 }
2095 retval = 0;
2096 out:
2097 return retval;
2098 }
2099
tty_fasync(int fd,struct file * filp,int on)2100 static int tty_fasync(int fd, struct file *filp, int on)
2101 {
2102 int retval;
2103 tty_lock();
2104 retval = __tty_fasync(fd, filp, on);
2105 tty_unlock();
2106 return retval;
2107 }
2108
2109 /**
2110 * tiocsti - fake input character
2111 * @tty: tty to fake input into
2112 * @p: pointer to character
2113 *
2114 * Fake input to a tty device. Does the necessary locking and
2115 * input management.
2116 *
2117 * FIXME: does not honour flow control ??
2118 *
2119 * Locking:
2120 * Called functions take tty_ldisc_lock
2121 * current->signal->tty check is safe without locks
2122 *
2123 * FIXME: may race normal receive processing
2124 */
2125
tiocsti(struct tty_struct * tty,char __user * p)2126 static int tiocsti(struct tty_struct *tty, char __user *p)
2127 {
2128 char ch, mbz = 0;
2129 struct tty_ldisc *ld;
2130
2131 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2132 return -EPERM;
2133 if (get_user(ch, p))
2134 return -EFAULT;
2135 tty_audit_tiocsti(tty, ch);
2136 ld = tty_ldisc_ref_wait(tty);
2137 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2138 tty_ldisc_deref(ld);
2139 return 0;
2140 }
2141
2142 /**
2143 * tiocgwinsz - implement window query ioctl
2144 * @tty; tty
2145 * @arg: user buffer for result
2146 *
2147 * Copies the kernel idea of the window size into the user buffer.
2148 *
2149 * Locking: tty->termios_mutex is taken to ensure the winsize data
2150 * is consistent.
2151 */
2152
tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2153 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2154 {
2155 int err;
2156
2157 mutex_lock(&tty->termios_mutex);
2158 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2159 mutex_unlock(&tty->termios_mutex);
2160
2161 return err ? -EFAULT: 0;
2162 }
2163
2164 /**
2165 * tty_do_resize - resize event
2166 * @tty: tty being resized
2167 * @rows: rows (character)
2168 * @cols: cols (character)
2169 *
2170 * Update the termios variables and send the necessary signals to
2171 * peform a terminal resize correctly
2172 */
2173
tty_do_resize(struct tty_struct * tty,struct winsize * ws)2174 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2175 {
2176 struct pid *pgrp;
2177 unsigned long flags;
2178
2179 /* Lock the tty */
2180 mutex_lock(&tty->termios_mutex);
2181 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2182 goto done;
2183 /* Get the PID values and reference them so we can
2184 avoid holding the tty ctrl lock while sending signals */
2185 spin_lock_irqsave(&tty->ctrl_lock, flags);
2186 pgrp = get_pid(tty->pgrp);
2187 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2188
2189 if (pgrp)
2190 kill_pgrp(pgrp, SIGWINCH, 1);
2191 put_pid(pgrp);
2192
2193 tty->winsize = *ws;
2194 done:
2195 mutex_unlock(&tty->termios_mutex);
2196 return 0;
2197 }
2198
2199 /**
2200 * tiocswinsz - implement window size set ioctl
2201 * @tty; tty side of tty
2202 * @arg: user buffer for result
2203 *
2204 * Copies the user idea of the window size to the kernel. Traditionally
2205 * this is just advisory information but for the Linux console it
2206 * actually has driver level meaning and triggers a VC resize.
2207 *
2208 * Locking:
2209 * Driver dependent. The default do_resize method takes the
2210 * tty termios mutex and ctrl_lock. The console takes its own lock
2211 * then calls into the default method.
2212 */
2213
tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2214 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2215 {
2216 struct winsize tmp_ws;
2217 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2218 return -EFAULT;
2219
2220 if (tty->ops->resize)
2221 return tty->ops->resize(tty, &tmp_ws);
2222 else
2223 return tty_do_resize(tty, &tmp_ws);
2224 }
2225
2226 /**
2227 * tioccons - allow admin to move logical console
2228 * @file: the file to become console
2229 *
2230 * Allow the administrator to move the redirected console device
2231 *
2232 * Locking: uses redirect_lock to guard the redirect information
2233 */
2234
tioccons(struct file * file)2235 static int tioccons(struct file *file)
2236 {
2237 if (!capable(CAP_SYS_ADMIN))
2238 return -EPERM;
2239 if (file->f_op->write == redirected_tty_write) {
2240 struct file *f;
2241 spin_lock(&redirect_lock);
2242 f = redirect;
2243 redirect = NULL;
2244 spin_unlock(&redirect_lock);
2245 if (f)
2246 fput(f);
2247 return 0;
2248 }
2249 spin_lock(&redirect_lock);
2250 if (redirect) {
2251 spin_unlock(&redirect_lock);
2252 return -EBUSY;
2253 }
2254 get_file(file);
2255 redirect = file;
2256 spin_unlock(&redirect_lock);
2257 return 0;
2258 }
2259
2260 /**
2261 * fionbio - non blocking ioctl
2262 * @file: file to set blocking value
2263 * @p: user parameter
2264 *
2265 * Historical tty interfaces had a blocking control ioctl before
2266 * the generic functionality existed. This piece of history is preserved
2267 * in the expected tty API of posix OS's.
2268 *
2269 * Locking: none, the open file handle ensures it won't go away.
2270 */
2271
fionbio(struct file * file,int __user * p)2272 static int fionbio(struct file *file, int __user *p)
2273 {
2274 int nonblock;
2275
2276 if (get_user(nonblock, p))
2277 return -EFAULT;
2278
2279 spin_lock(&file->f_lock);
2280 if (nonblock)
2281 file->f_flags |= O_NONBLOCK;
2282 else
2283 file->f_flags &= ~O_NONBLOCK;
2284 spin_unlock(&file->f_lock);
2285 return 0;
2286 }
2287
2288 /**
2289 * tiocsctty - set controlling tty
2290 * @tty: tty structure
2291 * @arg: user argument
2292 *
2293 * This ioctl is used to manage job control. It permits a session
2294 * leader to set this tty as the controlling tty for the session.
2295 *
2296 * Locking:
2297 * Takes tty_mutex() to protect tty instance
2298 * Takes tasklist_lock internally to walk sessions
2299 * Takes ->siglock() when updating signal->tty
2300 */
2301
tiocsctty(struct tty_struct * tty,int arg)2302 static int tiocsctty(struct tty_struct *tty, int arg)
2303 {
2304 int ret = 0;
2305 if (current->signal->leader && (task_session(current) == tty->session))
2306 return ret;
2307
2308 mutex_lock(&tty_mutex);
2309 /*
2310 * The process must be a session leader and
2311 * not have a controlling tty already.
2312 */
2313 if (!current->signal->leader || current->signal->tty) {
2314 ret = -EPERM;
2315 goto unlock;
2316 }
2317
2318 if (tty->session) {
2319 /*
2320 * This tty is already the controlling
2321 * tty for another session group!
2322 */
2323 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2324 /*
2325 * Steal it away
2326 */
2327 read_lock(&tasklist_lock);
2328 session_clear_tty(tty->session);
2329 read_unlock(&tasklist_lock);
2330 } else {
2331 ret = -EPERM;
2332 goto unlock;
2333 }
2334 }
2335 proc_set_tty(current, tty);
2336 unlock:
2337 mutex_unlock(&tty_mutex);
2338 return ret;
2339 }
2340
2341 /**
2342 * tty_get_pgrp - return a ref counted pgrp pid
2343 * @tty: tty to read
2344 *
2345 * Returns a refcounted instance of the pid struct for the process
2346 * group controlling the tty.
2347 */
2348
tty_get_pgrp(struct tty_struct * tty)2349 struct pid *tty_get_pgrp(struct tty_struct *tty)
2350 {
2351 unsigned long flags;
2352 struct pid *pgrp;
2353
2354 spin_lock_irqsave(&tty->ctrl_lock, flags);
2355 pgrp = get_pid(tty->pgrp);
2356 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2357
2358 return pgrp;
2359 }
2360 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2361
2362 /**
2363 * tiocgpgrp - get process group
2364 * @tty: tty passed by user
2365 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2366 * @p: returned pid
2367 *
2368 * Obtain the process group of the tty. If there is no process group
2369 * return an error.
2370 *
2371 * Locking: none. Reference to current->signal->tty is safe.
2372 */
2373
tiocgpgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2374 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2375 {
2376 struct pid *pid;
2377 int ret;
2378 /*
2379 * (tty == real_tty) is a cheap way of
2380 * testing if the tty is NOT a master pty.
2381 */
2382 if (tty == real_tty && current->signal->tty != real_tty)
2383 return -ENOTTY;
2384 pid = tty_get_pgrp(real_tty);
2385 ret = put_user(pid_vnr(pid), p);
2386 put_pid(pid);
2387 return ret;
2388 }
2389
2390 /**
2391 * tiocspgrp - attempt to set process group
2392 * @tty: tty passed by user
2393 * @real_tty: tty side device matching tty passed by user
2394 * @p: pid pointer
2395 *
2396 * Set the process group of the tty to the session passed. Only
2397 * permitted where the tty session is our session.
2398 *
2399 * Locking: RCU, ctrl lock
2400 */
2401
tiocspgrp(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2402 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2403 {
2404 struct pid *pgrp;
2405 pid_t pgrp_nr;
2406 int retval = tty_check_change(real_tty);
2407 unsigned long flags;
2408
2409 if (retval == -EIO)
2410 return -ENOTTY;
2411 if (retval)
2412 return retval;
2413 if (!current->signal->tty ||
2414 (current->signal->tty != real_tty) ||
2415 (real_tty->session != task_session(current)))
2416 return -ENOTTY;
2417 if (get_user(pgrp_nr, p))
2418 return -EFAULT;
2419 if (pgrp_nr < 0)
2420 return -EINVAL;
2421 rcu_read_lock();
2422 pgrp = find_vpid(pgrp_nr);
2423 retval = -ESRCH;
2424 if (!pgrp)
2425 goto out_unlock;
2426 retval = -EPERM;
2427 if (session_of_pgrp(pgrp) != task_session(current))
2428 goto out_unlock;
2429 retval = 0;
2430 spin_lock_irqsave(&tty->ctrl_lock, flags);
2431 put_pid(real_tty->pgrp);
2432 real_tty->pgrp = get_pid(pgrp);
2433 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2434 out_unlock:
2435 rcu_read_unlock();
2436 return retval;
2437 }
2438
2439 /**
2440 * tiocgsid - get session id
2441 * @tty: tty passed by user
2442 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2443 * @p: pointer to returned session id
2444 *
2445 * Obtain the session id of the tty. If there is no session
2446 * return an error.
2447 *
2448 * Locking: none. Reference to current->signal->tty is safe.
2449 */
2450
tiocgsid(struct tty_struct * tty,struct tty_struct * real_tty,pid_t __user * p)2451 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2452 {
2453 /*
2454 * (tty == real_tty) is a cheap way of
2455 * testing if the tty is NOT a master pty.
2456 */
2457 if (tty == real_tty && current->signal->tty != real_tty)
2458 return -ENOTTY;
2459 if (!real_tty->session)
2460 return -ENOTTY;
2461 return put_user(pid_vnr(real_tty->session), p);
2462 }
2463
2464 /**
2465 * tiocsetd - set line discipline
2466 * @tty: tty device
2467 * @p: pointer to user data
2468 *
2469 * Set the line discipline according to user request.
2470 *
2471 * Locking: see tty_set_ldisc, this function is just a helper
2472 */
2473
tiocsetd(struct tty_struct * tty,int __user * p)2474 static int tiocsetd(struct tty_struct *tty, int __user *p)
2475 {
2476 int ldisc;
2477 int ret;
2478
2479 if (get_user(ldisc, p))
2480 return -EFAULT;
2481
2482 ret = tty_set_ldisc(tty, ldisc);
2483
2484 return ret;
2485 }
2486
2487 /**
2488 * send_break - performed time break
2489 * @tty: device to break on
2490 * @duration: timeout in mS
2491 *
2492 * Perform a timed break on hardware that lacks its own driver level
2493 * timed break functionality.
2494 *
2495 * Locking:
2496 * atomic_write_lock serializes
2497 *
2498 */
2499
send_break(struct tty_struct * tty,unsigned int duration)2500 static int send_break(struct tty_struct *tty, unsigned int duration)
2501 {
2502 int retval;
2503
2504 if (tty->ops->break_ctl == NULL)
2505 return 0;
2506
2507 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2508 retval = tty->ops->break_ctl(tty, duration);
2509 else {
2510 /* Do the work ourselves */
2511 if (tty_write_lock(tty, 0) < 0)
2512 return -EINTR;
2513 retval = tty->ops->break_ctl(tty, -1);
2514 if (retval)
2515 goto out;
2516 if (!signal_pending(current))
2517 msleep_interruptible(duration);
2518 retval = tty->ops->break_ctl(tty, 0);
2519 out:
2520 tty_write_unlock(tty);
2521 if (signal_pending(current))
2522 retval = -EINTR;
2523 }
2524 return retval;
2525 }
2526
2527 /**
2528 * tty_tiocmget - get modem status
2529 * @tty: tty device
2530 * @file: user file pointer
2531 * @p: pointer to result
2532 *
2533 * Obtain the modem status bits from the tty driver if the feature
2534 * is supported. Return -EINVAL if it is not available.
2535 *
2536 * Locking: none (up to the driver)
2537 */
2538
tty_tiocmget(struct tty_struct * tty,int __user * p)2539 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2540 {
2541 int retval = -EINVAL;
2542
2543 if (tty->ops->tiocmget) {
2544 retval = tty->ops->tiocmget(tty);
2545
2546 if (retval >= 0)
2547 retval = put_user(retval, p);
2548 }
2549 return retval;
2550 }
2551
2552 /**
2553 * tty_tiocmset - set modem status
2554 * @tty: tty device
2555 * @cmd: command - clear bits, set bits or set all
2556 * @p: pointer to desired bits
2557 *
2558 * Set the modem status bits from the tty driver if the feature
2559 * is supported. Return -EINVAL if it is not available.
2560 *
2561 * Locking: none (up to the driver)
2562 */
2563
tty_tiocmset(struct tty_struct * tty,unsigned int cmd,unsigned __user * p)2564 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2565 unsigned __user *p)
2566 {
2567 int retval;
2568 unsigned int set, clear, val;
2569
2570 if (tty->ops->tiocmset == NULL)
2571 return -EINVAL;
2572
2573 retval = get_user(val, p);
2574 if (retval)
2575 return retval;
2576 set = clear = 0;
2577 switch (cmd) {
2578 case TIOCMBIS:
2579 set = val;
2580 break;
2581 case TIOCMBIC:
2582 clear = val;
2583 break;
2584 case TIOCMSET:
2585 set = val;
2586 clear = ~val;
2587 break;
2588 }
2589 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2590 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2591 return tty->ops->tiocmset(tty, set, clear);
2592 }
2593
tty_tiocgicount(struct tty_struct * tty,void __user * arg)2594 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2595 {
2596 int retval = -EINVAL;
2597 struct serial_icounter_struct icount;
2598 memset(&icount, 0, sizeof(icount));
2599 if (tty->ops->get_icount)
2600 retval = tty->ops->get_icount(tty, &icount);
2601 if (retval != 0)
2602 return retval;
2603 if (copy_to_user(arg, &icount, sizeof(icount)))
2604 return -EFAULT;
2605 return 0;
2606 }
2607
tty_pair_get_tty(struct tty_struct * tty)2608 struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2609 {
2610 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2611 tty->driver->subtype == PTY_TYPE_MASTER)
2612 tty = tty->link;
2613 return tty;
2614 }
2615 EXPORT_SYMBOL(tty_pair_get_tty);
2616
tty_pair_get_pty(struct tty_struct * tty)2617 struct tty_struct *tty_pair_get_pty(struct tty_struct *tty)
2618 {
2619 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2620 tty->driver->subtype == PTY_TYPE_MASTER)
2621 return tty;
2622 return tty->link;
2623 }
2624 EXPORT_SYMBOL(tty_pair_get_pty);
2625
2626 /*
2627 * Split this up, as gcc can choke on it otherwise..
2628 */
tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2629 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2630 {
2631 struct tty_struct *tty = file_tty(file);
2632 struct tty_struct *real_tty;
2633 void __user *p = (void __user *)arg;
2634 int retval;
2635 struct tty_ldisc *ld;
2636 struct inode *inode = file->f_dentry->d_inode;
2637
2638 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2639 return -EINVAL;
2640
2641 real_tty = tty_pair_get_tty(tty);
2642
2643 /*
2644 * Factor out some common prep work
2645 */
2646 switch (cmd) {
2647 case TIOCSETD:
2648 case TIOCSBRK:
2649 case TIOCCBRK:
2650 case TCSBRK:
2651 case TCSBRKP:
2652 retval = tty_check_change(tty);
2653 if (retval)
2654 return retval;
2655 if (cmd != TIOCCBRK) {
2656 tty_wait_until_sent(tty, 0);
2657 if (signal_pending(current))
2658 return -EINTR;
2659 }
2660 break;
2661 }
2662
2663 /*
2664 * Now do the stuff.
2665 */
2666 switch (cmd) {
2667 case TIOCSTI:
2668 return tiocsti(tty, p);
2669 case TIOCGWINSZ:
2670 return tiocgwinsz(real_tty, p);
2671 case TIOCSWINSZ:
2672 return tiocswinsz(real_tty, p);
2673 case TIOCCONS:
2674 return real_tty != tty ? -EINVAL : tioccons(file);
2675 case FIONBIO:
2676 return fionbio(file, p);
2677 case TIOCEXCL:
2678 set_bit(TTY_EXCLUSIVE, &tty->flags);
2679 return 0;
2680 case TIOCNXCL:
2681 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2682 return 0;
2683 case TIOCNOTTY:
2684 if (current->signal->tty != tty)
2685 return -ENOTTY;
2686 no_tty();
2687 return 0;
2688 case TIOCSCTTY:
2689 return tiocsctty(tty, arg);
2690 case TIOCGPGRP:
2691 return tiocgpgrp(tty, real_tty, p);
2692 case TIOCSPGRP:
2693 return tiocspgrp(tty, real_tty, p);
2694 case TIOCGSID:
2695 return tiocgsid(tty, real_tty, p);
2696 case TIOCGETD:
2697 return put_user(tty->ldisc->ops->num, (int __user *)p);
2698 case TIOCSETD:
2699 return tiocsetd(tty, p);
2700 case TIOCVHANGUP:
2701 if (!capable(CAP_SYS_ADMIN))
2702 return -EPERM;
2703 tty_vhangup(tty);
2704 return 0;
2705 case TIOCGDEV:
2706 {
2707 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2708 return put_user(ret, (unsigned int __user *)p);
2709 }
2710 /*
2711 * Break handling
2712 */
2713 case TIOCSBRK: /* Turn break on, unconditionally */
2714 if (tty->ops->break_ctl)
2715 return tty->ops->break_ctl(tty, -1);
2716 return 0;
2717 case TIOCCBRK: /* Turn break off, unconditionally */
2718 if (tty->ops->break_ctl)
2719 return tty->ops->break_ctl(tty, 0);
2720 return 0;
2721 case TCSBRK: /* SVID version: non-zero arg --> no break */
2722 /* non-zero arg means wait for all output data
2723 * to be sent (performed above) but don't send break.
2724 * This is used by the tcdrain() termios function.
2725 */
2726 if (!arg)
2727 return send_break(tty, 250);
2728 return 0;
2729 case TCSBRKP: /* support for POSIX tcsendbreak() */
2730 return send_break(tty, arg ? arg*100 : 250);
2731
2732 case TIOCMGET:
2733 return tty_tiocmget(tty, p);
2734 case TIOCMSET:
2735 case TIOCMBIC:
2736 case TIOCMBIS:
2737 return tty_tiocmset(tty, cmd, p);
2738 case TIOCGICOUNT:
2739 retval = tty_tiocgicount(tty, p);
2740 /* For the moment allow fall through to the old method */
2741 if (retval != -EINVAL)
2742 return retval;
2743 break;
2744 case TCFLSH:
2745 switch (arg) {
2746 case TCIFLUSH:
2747 case TCIOFLUSH:
2748 /* flush tty buffer and allow ldisc to process ioctl */
2749 tty_buffer_flush(tty);
2750 break;
2751 }
2752 break;
2753 }
2754 if (tty->ops->ioctl) {
2755 retval = (tty->ops->ioctl)(tty, cmd, arg);
2756 if (retval != -ENOIOCTLCMD)
2757 return retval;
2758 }
2759 ld = tty_ldisc_ref_wait(tty);
2760 retval = -EINVAL;
2761 if (ld->ops->ioctl) {
2762 retval = ld->ops->ioctl(tty, file, cmd, arg);
2763 if (retval == -ENOIOCTLCMD)
2764 retval = -EINVAL;
2765 }
2766 tty_ldisc_deref(ld);
2767 return retval;
2768 }
2769
2770 #ifdef CONFIG_COMPAT
tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2771 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2772 unsigned long arg)
2773 {
2774 struct inode *inode = file->f_dentry->d_inode;
2775 struct tty_struct *tty = file_tty(file);
2776 struct tty_ldisc *ld;
2777 int retval = -ENOIOCTLCMD;
2778
2779 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2780 return -EINVAL;
2781
2782 if (tty->ops->compat_ioctl) {
2783 retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2784 if (retval != -ENOIOCTLCMD)
2785 return retval;
2786 }
2787
2788 ld = tty_ldisc_ref_wait(tty);
2789 if (ld->ops->compat_ioctl)
2790 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2791 else
2792 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2793 tty_ldisc_deref(ld);
2794
2795 return retval;
2796 }
2797 #endif
2798
2799 /*
2800 * This implements the "Secure Attention Key" --- the idea is to
2801 * prevent trojan horses by killing all processes associated with this
2802 * tty when the user hits the "Secure Attention Key". Required for
2803 * super-paranoid applications --- see the Orange Book for more details.
2804 *
2805 * This code could be nicer; ideally it should send a HUP, wait a few
2806 * seconds, then send a INT, and then a KILL signal. But you then
2807 * have to coordinate with the init process, since all processes associated
2808 * with the current tty must be dead before the new getty is allowed
2809 * to spawn.
2810 *
2811 * Now, if it would be correct ;-/ The current code has a nasty hole -
2812 * it doesn't catch files in flight. We may send the descriptor to ourselves
2813 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2814 *
2815 * Nasty bug: do_SAK is being called in interrupt context. This can
2816 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2817 */
__do_SAK(struct tty_struct * tty)2818 void __do_SAK(struct tty_struct *tty)
2819 {
2820 #ifdef TTY_SOFT_SAK
2821 tty_hangup(tty);
2822 #else
2823 struct task_struct *g, *p;
2824 struct pid *session;
2825 int i;
2826 struct file *filp;
2827 struct fdtable *fdt;
2828
2829 if (!tty)
2830 return;
2831 session = tty->session;
2832
2833 tty_ldisc_flush(tty);
2834
2835 tty_driver_flush_buffer(tty);
2836
2837 read_lock(&tasklist_lock);
2838 /* Kill the entire session */
2839 do_each_pid_task(session, PIDTYPE_SID, p) {
2840 printk(KERN_NOTICE "SAK: killed process %d"
2841 " (%s): task_session(p)==tty->session\n",
2842 task_pid_nr(p), p->comm);
2843 send_sig(SIGKILL, p, 1);
2844 } while_each_pid_task(session, PIDTYPE_SID, p);
2845 /* Now kill any processes that happen to have the
2846 * tty open.
2847 */
2848 do_each_thread(g, p) {
2849 if (p->signal->tty == tty) {
2850 printk(KERN_NOTICE "SAK: killed process %d"
2851 " (%s): task_session(p)==tty->session\n",
2852 task_pid_nr(p), p->comm);
2853 send_sig(SIGKILL, p, 1);
2854 continue;
2855 }
2856 task_lock(p);
2857 if (p->files) {
2858 /*
2859 * We don't take a ref to the file, so we must
2860 * hold ->file_lock instead.
2861 */
2862 spin_lock(&p->files->file_lock);
2863 fdt = files_fdtable(p->files);
2864 for (i = 0; i < fdt->max_fds; i++) {
2865 filp = fcheck_files(p->files, i);
2866 if (!filp)
2867 continue;
2868 if (filp->f_op->read == tty_read &&
2869 file_tty(filp) == tty) {
2870 printk(KERN_NOTICE "SAK: killed process %d"
2871 " (%s): fd#%d opened to the tty\n",
2872 task_pid_nr(p), p->comm, i);
2873 force_sig(SIGKILL, p);
2874 break;
2875 }
2876 }
2877 spin_unlock(&p->files->file_lock);
2878 }
2879 task_unlock(p);
2880 } while_each_thread(g, p);
2881 read_unlock(&tasklist_lock);
2882 #endif
2883 }
2884
do_SAK_work(struct work_struct * work)2885 static void do_SAK_work(struct work_struct *work)
2886 {
2887 struct tty_struct *tty =
2888 container_of(work, struct tty_struct, SAK_work);
2889 __do_SAK(tty);
2890 }
2891
2892 /*
2893 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2894 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2895 * the values which we write to it will be identical to the values which it
2896 * already has. --akpm
2897 */
do_SAK(struct tty_struct * tty)2898 void do_SAK(struct tty_struct *tty)
2899 {
2900 if (!tty)
2901 return;
2902 schedule_work(&tty->SAK_work);
2903 }
2904
2905 EXPORT_SYMBOL(do_SAK);
2906
dev_match_devt(struct device * dev,void * data)2907 static int dev_match_devt(struct device *dev, void *data)
2908 {
2909 dev_t *devt = data;
2910 return dev->devt == *devt;
2911 }
2912
2913 /* Must put_device() after it's unused! */
tty_get_device(struct tty_struct * tty)2914 static struct device *tty_get_device(struct tty_struct *tty)
2915 {
2916 dev_t devt = tty_devnum(tty);
2917 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2918 }
2919
2920
2921 /**
2922 * initialize_tty_struct
2923 * @tty: tty to initialize
2924 *
2925 * This subroutine initializes a tty structure that has been newly
2926 * allocated.
2927 *
2928 * Locking: none - tty in question must not be exposed at this point
2929 */
2930
initialize_tty_struct(struct tty_struct * tty,struct tty_driver * driver,int idx)2931 void initialize_tty_struct(struct tty_struct *tty,
2932 struct tty_driver *driver, int idx)
2933 {
2934 memset(tty, 0, sizeof(struct tty_struct));
2935 kref_init(&tty->kref);
2936 tty->magic = TTY_MAGIC;
2937 tty_ldisc_init(tty);
2938 tty->session = NULL;
2939 tty->pgrp = NULL;
2940 tty->overrun_time = jiffies;
2941 tty_buffer_init(tty);
2942 mutex_init(&tty->termios_mutex);
2943 mutex_init(&tty->ldisc_mutex);
2944 init_waitqueue_head(&tty->write_wait);
2945 init_waitqueue_head(&tty->read_wait);
2946 INIT_WORK(&tty->hangup_work, do_tty_hangup);
2947 mutex_init(&tty->atomic_read_lock);
2948 mutex_init(&tty->atomic_write_lock);
2949 mutex_init(&tty->output_lock);
2950 mutex_init(&tty->echo_lock);
2951 spin_lock_init(&tty->read_lock);
2952 spin_lock_init(&tty->ctrl_lock);
2953 INIT_LIST_HEAD(&tty->tty_files);
2954 INIT_WORK(&tty->SAK_work, do_SAK_work);
2955
2956 tty->driver = driver;
2957 tty->ops = driver->ops;
2958 tty->index = idx;
2959 tty_line_name(driver, idx, tty->name);
2960 tty->dev = tty_get_device(tty);
2961 }
2962
2963 /**
2964 * deinitialize_tty_struct
2965 * @tty: tty to deinitialize
2966 *
2967 * This subroutine deinitializes a tty structure that has been newly
2968 * allocated but tty_release cannot be called on that yet.
2969 *
2970 * Locking: none - tty in question must not be exposed at this point
2971 */
deinitialize_tty_struct(struct tty_struct * tty)2972 void deinitialize_tty_struct(struct tty_struct *tty)
2973 {
2974 tty_ldisc_deinit(tty);
2975 }
2976
2977 /**
2978 * tty_put_char - write one character to a tty
2979 * @tty: tty
2980 * @ch: character
2981 *
2982 * Write one byte to the tty using the provided put_char method
2983 * if present. Returns the number of characters successfully output.
2984 *
2985 * Note: the specific put_char operation in the driver layer may go
2986 * away soon. Don't call it directly, use this method
2987 */
2988
tty_put_char(struct tty_struct * tty,unsigned char ch)2989 int tty_put_char(struct tty_struct *tty, unsigned char ch)
2990 {
2991 if (tty->ops->put_char)
2992 return tty->ops->put_char(tty, ch);
2993 return tty->ops->write(tty, &ch, 1);
2994 }
2995 EXPORT_SYMBOL_GPL(tty_put_char);
2996
2997 struct class *tty_class;
2998
2999 /**
3000 * tty_register_device - register a tty device
3001 * @driver: the tty driver that describes the tty device
3002 * @index: the index in the tty driver for this tty device
3003 * @device: a struct device that is associated with this tty device.
3004 * This field is optional, if there is no known struct device
3005 * for this tty device it can be set to NULL safely.
3006 *
3007 * Returns a pointer to the struct device for this tty device
3008 * (or ERR_PTR(-EFOO) on error).
3009 *
3010 * This call is required to be made to register an individual tty device
3011 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3012 * that bit is not set, this function should not be called by a tty
3013 * driver.
3014 *
3015 * Locking: ??
3016 */
3017
tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)3018 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3019 struct device *device)
3020 {
3021 char name[64];
3022 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3023
3024 if (index >= driver->num) {
3025 printk(KERN_ERR "Attempt to register invalid tty line number "
3026 " (%d).\n", index);
3027 return ERR_PTR(-EINVAL);
3028 }
3029
3030 if (driver->type == TTY_DRIVER_TYPE_PTY)
3031 pty_line_name(driver, index, name);
3032 else
3033 tty_line_name(driver, index, name);
3034
3035 return device_create(tty_class, device, dev, NULL, name);
3036 }
3037 EXPORT_SYMBOL(tty_register_device);
3038
3039 /**
3040 * tty_unregister_device - unregister a tty device
3041 * @driver: the tty driver that describes the tty device
3042 * @index: the index in the tty driver for this tty device
3043 *
3044 * If a tty device is registered with a call to tty_register_device() then
3045 * this function must be called when the tty device is gone.
3046 *
3047 * Locking: ??
3048 */
3049
tty_unregister_device(struct tty_driver * driver,unsigned index)3050 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3051 {
3052 device_destroy(tty_class,
3053 MKDEV(driver->major, driver->minor_start) + index);
3054 }
3055 EXPORT_SYMBOL(tty_unregister_device);
3056
__alloc_tty_driver(int lines,struct module * owner)3057 struct tty_driver *__alloc_tty_driver(int lines, struct module *owner)
3058 {
3059 struct tty_driver *driver;
3060
3061 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3062 if (driver) {
3063 kref_init(&driver->kref);
3064 driver->magic = TTY_DRIVER_MAGIC;
3065 driver->num = lines;
3066 driver->owner = owner;
3067 /* later we'll move allocation of tables here */
3068 }
3069 return driver;
3070 }
3071 EXPORT_SYMBOL(__alloc_tty_driver);
3072
destruct_tty_driver(struct kref * kref)3073 static void destruct_tty_driver(struct kref *kref)
3074 {
3075 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3076 int i;
3077 struct ktermios *tp;
3078 void *p;
3079
3080 if (driver->flags & TTY_DRIVER_INSTALLED) {
3081 /*
3082 * Free the termios and termios_locked structures because
3083 * we don't want to get memory leaks when modular tty
3084 * drivers are removed from the kernel.
3085 */
3086 for (i = 0; i < driver->num; i++) {
3087 tp = driver->termios[i];
3088 if (tp) {
3089 driver->termios[i] = NULL;
3090 kfree(tp);
3091 }
3092 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3093 tty_unregister_device(driver, i);
3094 }
3095 p = driver->ttys;
3096 proc_tty_unregister_driver(driver);
3097 driver->ttys = NULL;
3098 driver->termios = NULL;
3099 kfree(p);
3100 cdev_del(&driver->cdev);
3101 }
3102 kfree(driver);
3103 }
3104
tty_driver_kref_put(struct tty_driver * driver)3105 void tty_driver_kref_put(struct tty_driver *driver)
3106 {
3107 kref_put(&driver->kref, destruct_tty_driver);
3108 }
3109 EXPORT_SYMBOL(tty_driver_kref_put);
3110
tty_set_operations(struct tty_driver * driver,const struct tty_operations * op)3111 void tty_set_operations(struct tty_driver *driver,
3112 const struct tty_operations *op)
3113 {
3114 driver->ops = op;
3115 };
3116 EXPORT_SYMBOL(tty_set_operations);
3117
put_tty_driver(struct tty_driver * d)3118 void put_tty_driver(struct tty_driver *d)
3119 {
3120 tty_driver_kref_put(d);
3121 }
3122 EXPORT_SYMBOL(put_tty_driver);
3123
3124 /*
3125 * Called by a tty driver to register itself.
3126 */
tty_register_driver(struct tty_driver * driver)3127 int tty_register_driver(struct tty_driver *driver)
3128 {
3129 int error;
3130 int i;
3131 dev_t dev;
3132 void **p = NULL;
3133 struct device *d;
3134
3135 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3136 p = kzalloc(driver->num * 2 * sizeof(void *), GFP_KERNEL);
3137 if (!p)
3138 return -ENOMEM;
3139 }
3140
3141 if (!driver->major) {
3142 error = alloc_chrdev_region(&dev, driver->minor_start,
3143 driver->num, driver->name);
3144 if (!error) {
3145 driver->major = MAJOR(dev);
3146 driver->minor_start = MINOR(dev);
3147 }
3148 } else {
3149 dev = MKDEV(driver->major, driver->minor_start);
3150 error = register_chrdev_region(dev, driver->num, driver->name);
3151 }
3152 if (error < 0) {
3153 kfree(p);
3154 return error;
3155 }
3156
3157 if (p) {
3158 driver->ttys = (struct tty_struct **)p;
3159 driver->termios = (struct ktermios **)(p + driver->num);
3160 } else {
3161 driver->ttys = NULL;
3162 driver->termios = NULL;
3163 }
3164
3165 cdev_init(&driver->cdev, &tty_fops);
3166 driver->cdev.owner = driver->owner;
3167 error = cdev_add(&driver->cdev, dev, driver->num);
3168 if (error) {
3169 unregister_chrdev_region(dev, driver->num);
3170 driver->ttys = NULL;
3171 driver->termios = NULL;
3172 kfree(p);
3173 return error;
3174 }
3175
3176 mutex_lock(&tty_mutex);
3177 list_add(&driver->tty_drivers, &tty_drivers);
3178 mutex_unlock(&tty_mutex);
3179
3180 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3181 for (i = 0; i < driver->num; i++) {
3182 d = tty_register_device(driver, i, NULL);
3183 if (IS_ERR(d)) {
3184 error = PTR_ERR(d);
3185 goto err;
3186 }
3187 }
3188 }
3189 proc_tty_register_driver(driver);
3190 driver->flags |= TTY_DRIVER_INSTALLED;
3191 return 0;
3192
3193 err:
3194 for (i--; i >= 0; i--)
3195 tty_unregister_device(driver, i);
3196
3197 mutex_lock(&tty_mutex);
3198 list_del(&driver->tty_drivers);
3199 mutex_unlock(&tty_mutex);
3200
3201 unregister_chrdev_region(dev, driver->num);
3202 driver->ttys = NULL;
3203 driver->termios = NULL;
3204 kfree(p);
3205 return error;
3206 }
3207
3208 EXPORT_SYMBOL(tty_register_driver);
3209
3210 /*
3211 * Called by a tty driver to unregister itself.
3212 */
tty_unregister_driver(struct tty_driver * driver)3213 int tty_unregister_driver(struct tty_driver *driver)
3214 {
3215 #if 0
3216 /* FIXME */
3217 if (driver->refcount)
3218 return -EBUSY;
3219 #endif
3220 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3221 driver->num);
3222 mutex_lock(&tty_mutex);
3223 list_del(&driver->tty_drivers);
3224 mutex_unlock(&tty_mutex);
3225 return 0;
3226 }
3227
3228 EXPORT_SYMBOL(tty_unregister_driver);
3229
tty_devnum(struct tty_struct * tty)3230 dev_t tty_devnum(struct tty_struct *tty)
3231 {
3232 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3233 }
3234 EXPORT_SYMBOL(tty_devnum);
3235
proc_clear_tty(struct task_struct * p)3236 void proc_clear_tty(struct task_struct *p)
3237 {
3238 unsigned long flags;
3239 struct tty_struct *tty;
3240 spin_lock_irqsave(&p->sighand->siglock, flags);
3241 tty = p->signal->tty;
3242 p->signal->tty = NULL;
3243 spin_unlock_irqrestore(&p->sighand->siglock, flags);
3244 tty_kref_put(tty);
3245 }
3246
3247 /* Called under the sighand lock */
3248
__proc_set_tty(struct task_struct * tsk,struct tty_struct * tty)3249 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3250 {
3251 if (tty) {
3252 unsigned long flags;
3253 /* We should not have a session or pgrp to put here but.... */
3254 spin_lock_irqsave(&tty->ctrl_lock, flags);
3255 put_pid(tty->session);
3256 put_pid(tty->pgrp);
3257 tty->pgrp = get_pid(task_pgrp(tsk));
3258 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3259 tty->session = get_pid(task_session(tsk));
3260 if (tsk->signal->tty) {
3261 printk(KERN_DEBUG "tty not NULL!!\n");
3262 tty_kref_put(tsk->signal->tty);
3263 }
3264 }
3265 put_pid(tsk->signal->tty_old_pgrp);
3266 tsk->signal->tty = tty_kref_get(tty);
3267 tsk->signal->tty_old_pgrp = NULL;
3268 }
3269
proc_set_tty(struct task_struct * tsk,struct tty_struct * tty)3270 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3271 {
3272 spin_lock_irq(&tsk->sighand->siglock);
3273 __proc_set_tty(tsk, tty);
3274 spin_unlock_irq(&tsk->sighand->siglock);
3275 }
3276
get_current_tty(void)3277 struct tty_struct *get_current_tty(void)
3278 {
3279 struct tty_struct *tty;
3280 unsigned long flags;
3281
3282 spin_lock_irqsave(¤t->sighand->siglock, flags);
3283 tty = tty_kref_get(current->signal->tty);
3284 spin_unlock_irqrestore(¤t->sighand->siglock, flags);
3285 return tty;
3286 }
3287 EXPORT_SYMBOL_GPL(get_current_tty);
3288
tty_default_fops(struct file_operations * fops)3289 void tty_default_fops(struct file_operations *fops)
3290 {
3291 *fops = tty_fops;
3292 }
3293
3294 /*
3295 * Initialize the console device. This is called *early*, so
3296 * we can't necessarily depend on lots of kernel help here.
3297 * Just do some early initializations, and do the complex setup
3298 * later.
3299 */
console_init(void)3300 void __init console_init(void)
3301 {
3302 initcall_t *call;
3303
3304 /* Setup the default TTY line discipline. */
3305 tty_ldisc_begin();
3306
3307 /*
3308 * set up the console device so that later boot sequences can
3309 * inform about problems etc..
3310 */
3311 call = __con_initcall_start;
3312 while (call < __con_initcall_end) {
3313 (*call)();
3314 call++;
3315 }
3316 }
3317
tty_devnode(struct device * dev,umode_t * mode)3318 static char *tty_devnode(struct device *dev, umode_t *mode)
3319 {
3320 if (!mode)
3321 return NULL;
3322 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3323 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3324 *mode = 0666;
3325 return NULL;
3326 }
3327
tty_class_init(void)3328 static int __init tty_class_init(void)
3329 {
3330 tty_class = class_create(THIS_MODULE, "tty");
3331 if (IS_ERR(tty_class))
3332 return PTR_ERR(tty_class);
3333 tty_class->devnode = tty_devnode;
3334 return 0;
3335 }
3336
3337 postcore_initcall(tty_class_init);
3338
3339 /* 3/2004 jmc: why do these devices exist? */
3340 static struct cdev tty_cdev, console_cdev;
3341
show_cons_active(struct device * dev,struct device_attribute * attr,char * buf)3342 static ssize_t show_cons_active(struct device *dev,
3343 struct device_attribute *attr, char *buf)
3344 {
3345 struct console *cs[16];
3346 int i = 0;
3347 struct console *c;
3348 ssize_t count = 0;
3349
3350 console_lock();
3351 for_each_console(c) {
3352 if (!c->device)
3353 continue;
3354 if (!c->write)
3355 continue;
3356 if ((c->flags & CON_ENABLED) == 0)
3357 continue;
3358 cs[i++] = c;
3359 if (i >= ARRAY_SIZE(cs))
3360 break;
3361 }
3362 while (i--)
3363 count += sprintf(buf + count, "%s%d%c",
3364 cs[i]->name, cs[i]->index, i ? ' ':'\n');
3365 console_unlock();
3366
3367 return count;
3368 }
3369 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3370
3371 static struct device *consdev;
3372
console_sysfs_notify(void)3373 void console_sysfs_notify(void)
3374 {
3375 if (consdev)
3376 sysfs_notify(&consdev->kobj, NULL, "active");
3377 }
3378
3379 /*
3380 * Ok, now we can initialize the rest of the tty devices and can count
3381 * on memory allocations, interrupts etc..
3382 */
tty_init(void)3383 int __init tty_init(void)
3384 {
3385 cdev_init(&tty_cdev, &tty_fops);
3386 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3387 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3388 panic("Couldn't register /dev/tty driver\n");
3389 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3390
3391 cdev_init(&console_cdev, &console_fops);
3392 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3393 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3394 panic("Couldn't register /dev/console driver\n");
3395 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3396 "console");
3397 if (IS_ERR(consdev))
3398 consdev = NULL;
3399 else
3400 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3401
3402 #ifdef CONFIG_VT
3403 vty_init(&console_fops);
3404 #endif
3405 return 0;
3406 }
3407
3408