1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6 /*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68 #include <linux/types.h>
69 #include <linux/major.h>
70 #include <linux/errno.h>
71 #include <linux/signal.h>
72 #include <linux/fcntl.h>
73 #include <linux/sched/signal.h>
74 #include <linux/sched/task.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/ppp-ioctl.h>
91 #include <linux/proc_fs.h>
92 #include <linux/init.h>
93 #include <linux/module.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99 #include <linux/serial.h>
100 #include <linux/ratelimit.h>
101 #include <linux/compat.h>
102
103 #include <linux/uaccess.h>
104
105 #include <linux/kbd_kern.h>
106 #include <linux/vt_kern.h>
107 #include <linux/selection.h>
108
109 #include <linux/kmod.h>
110 #include <linux/nsproxy.h>
111 #include "tty.h"
112
113 #undef TTY_DEBUG_HANGUP
114 #ifdef TTY_DEBUG_HANGUP
115 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
116 #else
117 # define tty_debug_hangup(tty, f, args...) do { } while (0)
118 #endif
119
120 #define TTY_PARANOIA_CHECK 1
121 #define CHECK_TTY_COUNT 1
122
123 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
124 .c_iflag = ICRNL | IXON,
125 .c_oflag = OPOST | ONLCR,
126 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
127 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
128 ECHOCTL | ECHOKE | IEXTEN,
129 .c_cc = INIT_C_CC,
130 .c_ispeed = 38400,
131 .c_ospeed = 38400,
132 /* .c_line = N_TTY, */
133 };
134 EXPORT_SYMBOL(tty_std_termios);
135
136 /* This list gets poked at by procfs and various bits of boot up code. This
137 * could do with some rationalisation such as pulling the tty proc function
138 * into this file.
139 */
140
141 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
142
143 /* Mutex to protect creating and releasing a tty */
144 DEFINE_MUTEX(tty_mutex);
145
146 static ssize_t tty_read(struct kiocb *, struct iov_iter *);
147 static ssize_t tty_write(struct kiocb *, struct iov_iter *);
148 static __poll_t tty_poll(struct file *, poll_table *);
149 static int tty_open(struct inode *, struct file *);
150 #ifdef CONFIG_COMPAT
151 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
152 unsigned long arg);
153 #else
154 #define tty_compat_ioctl NULL
155 #endif
156 static int __tty_fasync(int fd, struct file *filp, int on);
157 static int tty_fasync(int fd, struct file *filp, int on);
158 static void release_tty(struct tty_struct *tty, int idx);
159
160 /**
161 * free_tty_struct - free a disused tty
162 * @tty: tty struct to free
163 *
164 * Free the write buffers, tty queue and tty memory itself.
165 *
166 * Locking: none. Must be called after tty is definitely unused
167 */
free_tty_struct(struct tty_struct * tty)168 static void free_tty_struct(struct tty_struct *tty)
169 {
170 tty_ldisc_deinit(tty);
171 put_device(tty->dev);
172 kvfree(tty->write_buf);
173 tty->magic = 0xDEADDEAD;
174 kfree(tty);
175 }
176
file_tty(struct file * file)177 static inline struct tty_struct *file_tty(struct file *file)
178 {
179 return ((struct tty_file_private *)file->private_data)->tty;
180 }
181
tty_alloc_file(struct file * file)182 int tty_alloc_file(struct file *file)
183 {
184 struct tty_file_private *priv;
185
186 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 if (!priv)
188 return -ENOMEM;
189
190 file->private_data = priv;
191
192 return 0;
193 }
194
195 /* Associate a new file with the tty structure */
tty_add_file(struct tty_struct * tty,struct file * file)196 void tty_add_file(struct tty_struct *tty, struct file *file)
197 {
198 struct tty_file_private *priv = file->private_data;
199
200 priv->tty = tty;
201 priv->file = file;
202
203 spin_lock(&tty->files_lock);
204 list_add(&priv->list, &tty->tty_files);
205 spin_unlock(&tty->files_lock);
206 }
207
208 /**
209 * tty_free_file - free file->private_data
210 * @file: to free private_data of
211 *
212 * This shall be used only for fail path handling when tty_add_file was not
213 * called yet.
214 */
tty_free_file(struct file * file)215 void tty_free_file(struct file *file)
216 {
217 struct tty_file_private *priv = file->private_data;
218
219 file->private_data = NULL;
220 kfree(priv);
221 }
222
223 /* Delete file from its tty */
tty_del_file(struct file * file)224 static void tty_del_file(struct file *file)
225 {
226 struct tty_file_private *priv = file->private_data;
227 struct tty_struct *tty = priv->tty;
228
229 spin_lock(&tty->files_lock);
230 list_del(&priv->list);
231 spin_unlock(&tty->files_lock);
232 tty_free_file(file);
233 }
234
235 /**
236 * tty_name - return tty naming
237 * @tty: tty structure
238 *
239 * Convert a tty structure into a name. The name reflects the kernel naming
240 * policy and if udev is in use may not reflect user space
241 *
242 * Locking: none
243 */
tty_name(const struct tty_struct * tty)244 const char *tty_name(const struct tty_struct *tty)
245 {
246 if (!tty) /* Hmm. NULL pointer. That's fun. */
247 return "NULL tty";
248 return tty->name;
249 }
250 EXPORT_SYMBOL(tty_name);
251
tty_driver_name(const struct tty_struct * tty)252 const char *tty_driver_name(const struct tty_struct *tty)
253 {
254 if (!tty || !tty->driver)
255 return "";
256 return tty->driver->name;
257 }
258
tty_paranoia_check(struct tty_struct * tty,struct inode * inode,const char * routine)259 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 const char *routine)
261 {
262 #ifdef TTY_PARANOIA_CHECK
263 if (!tty) {
264 pr_warn("(%d:%d): %s: NULL tty\n",
265 imajor(inode), iminor(inode), routine);
266 return 1;
267 }
268 if (tty->magic != TTY_MAGIC) {
269 pr_warn("(%d:%d): %s: bad magic number\n",
270 imajor(inode), iminor(inode), routine);
271 return 1;
272 }
273 #endif
274 return 0;
275 }
276
277 /* Caller must hold tty_lock */
check_tty_count(struct tty_struct * tty,const char * routine)278 static int check_tty_count(struct tty_struct *tty, const char *routine)
279 {
280 #ifdef CHECK_TTY_COUNT
281 struct list_head *p;
282 int count = 0, kopen_count = 0;
283
284 spin_lock(&tty->files_lock);
285 list_for_each(p, &tty->tty_files) {
286 count++;
287 }
288 spin_unlock(&tty->files_lock);
289 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
290 tty->driver->subtype == PTY_TYPE_SLAVE &&
291 tty->link && tty->link->count)
292 count++;
293 if (tty_port_kopened(tty->port))
294 kopen_count++;
295 if (tty->count != (count + kopen_count)) {
296 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
297 routine, tty->count, count, kopen_count);
298 return (count + kopen_count);
299 }
300 #endif
301 return 0;
302 }
303
304 /**
305 * get_tty_driver - find device of a tty
306 * @device: device identifier
307 * @index: returns the index of the tty
308 *
309 * This routine returns a tty driver structure, given a device number and also
310 * passes back the index number.
311 *
312 * Locking: caller must hold tty_mutex
313 */
get_tty_driver(dev_t device,int * index)314 static struct tty_driver *get_tty_driver(dev_t device, int *index)
315 {
316 struct tty_driver *p;
317
318 list_for_each_entry(p, &tty_drivers, tty_drivers) {
319 dev_t base = MKDEV(p->major, p->minor_start);
320
321 if (device < base || device >= base + p->num)
322 continue;
323 *index = device - base;
324 return tty_driver_kref_get(p);
325 }
326 return NULL;
327 }
328
329 /**
330 * tty_dev_name_to_number - return dev_t for device name
331 * @name: user space name of device under /dev
332 * @number: pointer to dev_t that this function will populate
333 *
334 * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
335 * (4, 64) or (188, 1). If no corresponding driver is registered then the
336 * function returns -%ENODEV.
337 *
338 * Locking: this acquires tty_mutex to protect the tty_drivers list from
339 * being modified while we are traversing it, and makes sure to
340 * release it before exiting.
341 */
tty_dev_name_to_number(const char * name,dev_t * number)342 int tty_dev_name_to_number(const char *name, dev_t *number)
343 {
344 struct tty_driver *p;
345 int ret;
346 int index, prefix_length = 0;
347 const char *str;
348
349 for (str = name; *str && !isdigit(*str); str++)
350 ;
351
352 if (!*str)
353 return -EINVAL;
354
355 ret = kstrtoint(str, 10, &index);
356 if (ret)
357 return ret;
358
359 prefix_length = str - name;
360 mutex_lock(&tty_mutex);
361
362 list_for_each_entry(p, &tty_drivers, tty_drivers)
363 if (prefix_length == strlen(p->name) && strncmp(name,
364 p->name, prefix_length) == 0) {
365 if (index < p->num) {
366 *number = MKDEV(p->major, p->minor_start + index);
367 goto out;
368 }
369 }
370
371 /* if here then driver wasn't found */
372 ret = -ENODEV;
373 out:
374 mutex_unlock(&tty_mutex);
375 return ret;
376 }
377 EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
378
379 #ifdef CONFIG_CONSOLE_POLL
380
381 /**
382 * tty_find_polling_driver - find device of a polled tty
383 * @name: name string to match
384 * @line: pointer to resulting tty line nr
385 *
386 * This routine returns a tty driver structure, given a name and the condition
387 * that the tty driver is capable of polled operation.
388 */
tty_find_polling_driver(char * name,int * line)389 struct tty_driver *tty_find_polling_driver(char *name, int *line)
390 {
391 struct tty_driver *p, *res = NULL;
392 int tty_line = 0;
393 int len;
394 char *str, *stp;
395
396 for (str = name; *str; str++)
397 if ((*str >= '0' && *str <= '9') || *str == ',')
398 break;
399 if (!*str)
400 return NULL;
401
402 len = str - name;
403 tty_line = simple_strtoul(str, &str, 10);
404
405 mutex_lock(&tty_mutex);
406 /* Search through the tty devices to look for a match */
407 list_for_each_entry(p, &tty_drivers, tty_drivers) {
408 if (!len || strncmp(name, p->name, len) != 0)
409 continue;
410 stp = str;
411 if (*stp == ',')
412 stp++;
413 if (*stp == '\0')
414 stp = NULL;
415
416 if (tty_line >= 0 && tty_line < p->num && p->ops &&
417 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
418 res = tty_driver_kref_get(p);
419 *line = tty_line;
420 break;
421 }
422 }
423 mutex_unlock(&tty_mutex);
424
425 return res;
426 }
427 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
428 #endif
429
hung_up_tty_read(struct kiocb * iocb,struct iov_iter * to)430 static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
431 {
432 return 0;
433 }
434
hung_up_tty_write(struct kiocb * iocb,struct iov_iter * from)435 static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
436 {
437 return -EIO;
438 }
439
440 /* No kernel lock held - none needed ;) */
hung_up_tty_poll(struct file * filp,poll_table * wait)441 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
442 {
443 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
444 }
445
hung_up_tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)446 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
447 unsigned long arg)
448 {
449 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
450 }
451
hung_up_tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)452 static long hung_up_tty_compat_ioctl(struct file *file,
453 unsigned int cmd, unsigned long arg)
454 {
455 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
456 }
457
hung_up_tty_fasync(int fd,struct file * file,int on)458 static int hung_up_tty_fasync(int fd, struct file *file, int on)
459 {
460 return -ENOTTY;
461 }
462
tty_show_fdinfo(struct seq_file * m,struct file * file)463 static void tty_show_fdinfo(struct seq_file *m, struct file *file)
464 {
465 struct tty_struct *tty = file_tty(file);
466
467 if (tty && tty->ops && tty->ops->show_fdinfo)
468 tty->ops->show_fdinfo(tty, m);
469 }
470
471 static const struct file_operations tty_fops = {
472 .llseek = no_llseek,
473 .read_iter = tty_read,
474 .write_iter = tty_write,
475 .splice_read = generic_file_splice_read,
476 .splice_write = iter_file_splice_write,
477 .poll = tty_poll,
478 .unlocked_ioctl = tty_ioctl,
479 .compat_ioctl = tty_compat_ioctl,
480 .open = tty_open,
481 .release = tty_release,
482 .fasync = tty_fasync,
483 .show_fdinfo = tty_show_fdinfo,
484 };
485
486 static const struct file_operations console_fops = {
487 .llseek = no_llseek,
488 .read_iter = tty_read,
489 .write_iter = redirected_tty_write,
490 .splice_read = generic_file_splice_read,
491 .splice_write = iter_file_splice_write,
492 .poll = tty_poll,
493 .unlocked_ioctl = tty_ioctl,
494 .compat_ioctl = tty_compat_ioctl,
495 .open = tty_open,
496 .release = tty_release,
497 .fasync = tty_fasync,
498 };
499
500 static const struct file_operations hung_up_tty_fops = {
501 .llseek = no_llseek,
502 .read_iter = hung_up_tty_read,
503 .write_iter = hung_up_tty_write,
504 .poll = hung_up_tty_poll,
505 .unlocked_ioctl = hung_up_tty_ioctl,
506 .compat_ioctl = hung_up_tty_compat_ioctl,
507 .release = tty_release,
508 .fasync = hung_up_tty_fasync,
509 };
510
511 static DEFINE_SPINLOCK(redirect_lock);
512 static struct file *redirect;
513
514 /**
515 * tty_wakeup - request more data
516 * @tty: terminal
517 *
518 * Internal and external helper for wakeups of tty. This function informs the
519 * line discipline if present that the driver is ready to receive more output
520 * data.
521 */
tty_wakeup(struct tty_struct * tty)522 void tty_wakeup(struct tty_struct *tty)
523 {
524 struct tty_ldisc *ld;
525
526 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
527 ld = tty_ldisc_ref(tty);
528 if (ld) {
529 if (ld->ops->write_wakeup)
530 ld->ops->write_wakeup(tty);
531 tty_ldisc_deref(ld);
532 }
533 }
534 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
535 }
536 EXPORT_SYMBOL_GPL(tty_wakeup);
537
538 /**
539 * tty_release_redirect - Release a redirect on a pty if present
540 * @tty: tty device
541 *
542 * This is available to the pty code so if the master closes, if the slave is a
543 * redirect it can release the redirect.
544 */
tty_release_redirect(struct tty_struct * tty)545 static struct file *tty_release_redirect(struct tty_struct *tty)
546 {
547 struct file *f = NULL;
548
549 spin_lock(&redirect_lock);
550 if (redirect && file_tty(redirect) == tty) {
551 f = redirect;
552 redirect = NULL;
553 }
554 spin_unlock(&redirect_lock);
555
556 return f;
557 }
558
559 /**
560 * __tty_hangup - actual handler for hangup events
561 * @tty: tty device
562 * @exit_session: if non-zero, signal all foreground group processes
563 *
564 * This can be called by a "kworker" kernel thread. That is process synchronous
565 * but doesn't hold any locks, so we need to make sure we have the appropriate
566 * locks for what we're doing.
567 *
568 * The hangup event clears any pending redirections onto the hung up device. It
569 * ensures future writes will error and it does the needed line discipline
570 * hangup and signal delivery. The tty object itself remains intact.
571 *
572 * Locking:
573 * * BTM
574 *
575 * * redirect lock for undoing redirection
576 * * file list lock for manipulating list of ttys
577 * * tty_ldiscs_lock from called functions
578 * * termios_rwsem resetting termios data
579 * * tasklist_lock to walk task list for hangup event
580 *
581 * * ->siglock to protect ->signal/->sighand
582 *
583 */
__tty_hangup(struct tty_struct * tty,int exit_session)584 static void __tty_hangup(struct tty_struct *tty, int exit_session)
585 {
586 struct file *cons_filp = NULL;
587 struct file *filp, *f;
588 struct tty_file_private *priv;
589 int closecount = 0, n;
590 int refs;
591
592 if (!tty)
593 return;
594
595 f = tty_release_redirect(tty);
596
597 tty_lock(tty);
598
599 if (test_bit(TTY_HUPPED, &tty->flags)) {
600 tty_unlock(tty);
601 return;
602 }
603
604 /*
605 * Some console devices aren't actually hung up for technical and
606 * historical reasons, which can lead to indefinite interruptible
607 * sleep in n_tty_read(). The following explicitly tells
608 * n_tty_read() to abort readers.
609 */
610 set_bit(TTY_HUPPING, &tty->flags);
611
612 /* inuse_filps is protected by the single tty lock,
613 * this really needs to change if we want to flush the
614 * workqueue with the lock held.
615 */
616 check_tty_count(tty, "tty_hangup");
617
618 spin_lock(&tty->files_lock);
619 /* This breaks for file handles being sent over AF_UNIX sockets ? */
620 list_for_each_entry(priv, &tty->tty_files, list) {
621 filp = priv->file;
622 if (filp->f_op->write_iter == redirected_tty_write)
623 cons_filp = filp;
624 if (filp->f_op->write_iter != tty_write)
625 continue;
626 closecount++;
627 __tty_fasync(-1, filp, 0); /* can't block */
628 filp->f_op = &hung_up_tty_fops;
629 }
630 spin_unlock(&tty->files_lock);
631
632 refs = tty_signal_session_leader(tty, exit_session);
633 /* Account for the p->signal references we killed */
634 while (refs--)
635 tty_kref_put(tty);
636
637 tty_ldisc_hangup(tty, cons_filp != NULL);
638
639 spin_lock_irq(&tty->ctrl.lock);
640 clear_bit(TTY_THROTTLED, &tty->flags);
641 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
642 put_pid(tty->ctrl.session);
643 put_pid(tty->ctrl.pgrp);
644 tty->ctrl.session = NULL;
645 tty->ctrl.pgrp = NULL;
646 tty->ctrl.pktstatus = 0;
647 spin_unlock_irq(&tty->ctrl.lock);
648
649 /*
650 * If one of the devices matches a console pointer, we
651 * cannot just call hangup() because that will cause
652 * tty->count and state->count to go out of sync.
653 * So we just call close() the right number of times.
654 */
655 if (cons_filp) {
656 if (tty->ops->close)
657 for (n = 0; n < closecount; n++)
658 tty->ops->close(tty, cons_filp);
659 } else if (tty->ops->hangup)
660 tty->ops->hangup(tty);
661 /*
662 * We don't want to have driver/ldisc interactions beyond the ones
663 * we did here. The driver layer expects no calls after ->hangup()
664 * from the ldisc side, which is now guaranteed.
665 */
666 set_bit(TTY_HUPPED, &tty->flags);
667 clear_bit(TTY_HUPPING, &tty->flags);
668 tty_unlock(tty);
669
670 if (f)
671 fput(f);
672 }
673
do_tty_hangup(struct work_struct * work)674 static void do_tty_hangup(struct work_struct *work)
675 {
676 struct tty_struct *tty =
677 container_of(work, struct tty_struct, hangup_work);
678
679 __tty_hangup(tty, 0);
680 }
681
682 /**
683 * tty_hangup - trigger a hangup event
684 * @tty: tty to hangup
685 *
686 * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
687 * hangup sequence to run after this event.
688 */
tty_hangup(struct tty_struct * tty)689 void tty_hangup(struct tty_struct *tty)
690 {
691 tty_debug_hangup(tty, "hangup\n");
692 schedule_work(&tty->hangup_work);
693 }
694 EXPORT_SYMBOL(tty_hangup);
695
696 /**
697 * tty_vhangup - process vhangup
698 * @tty: tty to hangup
699 *
700 * The user has asked via system call for the terminal to be hung up. We do
701 * this synchronously so that when the syscall returns the process is complete.
702 * That guarantee is necessary for security reasons.
703 */
tty_vhangup(struct tty_struct * tty)704 void tty_vhangup(struct tty_struct *tty)
705 {
706 tty_debug_hangup(tty, "vhangup\n");
707 __tty_hangup(tty, 0);
708 }
709 EXPORT_SYMBOL(tty_vhangup);
710
711
712 /**
713 * tty_vhangup_self - process vhangup for own ctty
714 *
715 * Perform a vhangup on the current controlling tty
716 */
tty_vhangup_self(void)717 void tty_vhangup_self(void)
718 {
719 struct tty_struct *tty;
720
721 tty = get_current_tty();
722 if (tty) {
723 tty_vhangup(tty);
724 tty_kref_put(tty);
725 }
726 }
727
728 /**
729 * tty_vhangup_session - hangup session leader exit
730 * @tty: tty to hangup
731 *
732 * The session leader is exiting and hanging up its controlling terminal.
733 * Every process in the foreground process group is signalled %SIGHUP.
734 *
735 * We do this synchronously so that when the syscall returns the process is
736 * complete. That guarantee is necessary for security reasons.
737 */
tty_vhangup_session(struct tty_struct * tty)738 void tty_vhangup_session(struct tty_struct *tty)
739 {
740 tty_debug_hangup(tty, "session hangup\n");
741 __tty_hangup(tty, 1);
742 }
743
744 /**
745 * tty_hung_up_p - was tty hung up
746 * @filp: file pointer of tty
747 *
748 * Return: true if the tty has been subject to a vhangup or a carrier loss
749 */
tty_hung_up_p(struct file * filp)750 int tty_hung_up_p(struct file *filp)
751 {
752 return (filp && filp->f_op == &hung_up_tty_fops);
753 }
754 EXPORT_SYMBOL(tty_hung_up_p);
755
__stop_tty(struct tty_struct * tty)756 void __stop_tty(struct tty_struct *tty)
757 {
758 if (tty->flow.stopped)
759 return;
760 tty->flow.stopped = true;
761 if (tty->ops->stop)
762 tty->ops->stop(tty);
763 }
764
765 /**
766 * stop_tty - propagate flow control
767 * @tty: tty to stop
768 *
769 * Perform flow control to the driver. May be called on an already stopped
770 * device and will not re-call the &tty_driver->stop() method.
771 *
772 * This functionality is used by both the line disciplines for halting incoming
773 * flow and by the driver. It may therefore be called from any context, may be
774 * under the tty %atomic_write_lock but not always.
775 *
776 * Locking:
777 * flow.lock
778 */
stop_tty(struct tty_struct * tty)779 void stop_tty(struct tty_struct *tty)
780 {
781 unsigned long flags;
782
783 spin_lock_irqsave(&tty->flow.lock, flags);
784 __stop_tty(tty);
785 spin_unlock_irqrestore(&tty->flow.lock, flags);
786 }
787 EXPORT_SYMBOL(stop_tty);
788
__start_tty(struct tty_struct * tty)789 void __start_tty(struct tty_struct *tty)
790 {
791 if (!tty->flow.stopped || tty->flow.tco_stopped)
792 return;
793 tty->flow.stopped = false;
794 if (tty->ops->start)
795 tty->ops->start(tty);
796 tty_wakeup(tty);
797 }
798
799 /**
800 * start_tty - propagate flow control
801 * @tty: tty to start
802 *
803 * Start a tty that has been stopped if at all possible. If @tty was previously
804 * stopped and is now being started, the &tty_driver->start() method is invoked
805 * and the line discipline woken.
806 *
807 * Locking:
808 * flow.lock
809 */
start_tty(struct tty_struct * tty)810 void start_tty(struct tty_struct *tty)
811 {
812 unsigned long flags;
813
814 spin_lock_irqsave(&tty->flow.lock, flags);
815 __start_tty(tty);
816 spin_unlock_irqrestore(&tty->flow.lock, flags);
817 }
818 EXPORT_SYMBOL(start_tty);
819
tty_update_time(struct timespec64 * time)820 static void tty_update_time(struct timespec64 *time)
821 {
822 time64_t sec = ktime_get_real_seconds();
823
824 /*
825 * We only care if the two values differ in anything other than the
826 * lower three bits (i.e every 8 seconds). If so, then we can update
827 * the time of the tty device, otherwise it could be construded as a
828 * security leak to let userspace know the exact timing of the tty.
829 */
830 if ((sec ^ time->tv_sec) & ~7)
831 time->tv_sec = sec;
832 }
833
834 /*
835 * Iterate on the ldisc ->read() function until we've gotten all
836 * the data the ldisc has for us.
837 *
838 * The "cookie" is something that the ldisc read function can fill
839 * in to let us know that there is more data to be had.
840 *
841 * We promise to continue to call the ldisc until it stops returning
842 * data or clears the cookie. The cookie may be something that the
843 * ldisc maintains state for and needs to free.
844 */
iterate_tty_read(struct tty_ldisc * ld,struct tty_struct * tty,struct file * file,struct iov_iter * to)845 static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
846 struct file *file, struct iov_iter *to)
847 {
848 int retval = 0;
849 void *cookie = NULL;
850 unsigned long offset = 0;
851 char kernel_buf[64];
852 size_t count = iov_iter_count(to);
853
854 do {
855 int size, copied;
856
857 size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
858 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
859 if (!size)
860 break;
861
862 if (size < 0) {
863 /* Did we have an earlier error (ie -EFAULT)? */
864 if (retval)
865 break;
866 retval = size;
867
868 /*
869 * -EOVERFLOW means we didn't have enough space
870 * for a whole packet, and we shouldn't return
871 * a partial result.
872 */
873 if (retval == -EOVERFLOW)
874 offset = 0;
875 break;
876 }
877
878 copied = copy_to_iter(kernel_buf, size, to);
879 offset += copied;
880 count -= copied;
881
882 /*
883 * If the user copy failed, we still need to do another ->read()
884 * call if we had a cookie to let the ldisc clear up.
885 *
886 * But make sure size is zeroed.
887 */
888 if (unlikely(copied != size)) {
889 count = 0;
890 retval = -EFAULT;
891 }
892 } while (cookie);
893
894 /* We always clear tty buffer in case they contained passwords */
895 memzero_explicit(kernel_buf, sizeof(kernel_buf));
896 return offset ? offset : retval;
897 }
898
899
900 /**
901 * tty_read - read method for tty device files
902 * @iocb: kernel I/O control block
903 * @to: destination for the data read
904 *
905 * Perform the read system call function on this terminal device. Checks
906 * for hung up devices before calling the line discipline method.
907 *
908 * Locking:
909 * Locks the line discipline internally while needed. Multiple read calls
910 * may be outstanding in parallel.
911 */
tty_read(struct kiocb * iocb,struct iov_iter * to)912 static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
913 {
914 int i;
915 struct file *file = iocb->ki_filp;
916 struct inode *inode = file_inode(file);
917 struct tty_struct *tty = file_tty(file);
918 struct tty_ldisc *ld;
919
920 if (tty_paranoia_check(tty, inode, "tty_read"))
921 return -EIO;
922 if (!tty || tty_io_error(tty))
923 return -EIO;
924
925 /* We want to wait for the line discipline to sort out in this
926 * situation.
927 */
928 ld = tty_ldisc_ref_wait(tty);
929 if (!ld)
930 return hung_up_tty_read(iocb, to);
931 i = -EIO;
932 if (ld->ops->read)
933 i = iterate_tty_read(ld, tty, file, to);
934 tty_ldisc_deref(ld);
935
936 if (i > 0)
937 tty_update_time(&inode->i_atime);
938
939 return i;
940 }
941
tty_write_unlock(struct tty_struct * tty)942 static void tty_write_unlock(struct tty_struct *tty)
943 {
944 mutex_unlock(&tty->atomic_write_lock);
945 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
946 }
947
tty_write_lock(struct tty_struct * tty,int ndelay)948 static int tty_write_lock(struct tty_struct *tty, int ndelay)
949 {
950 if (!mutex_trylock(&tty->atomic_write_lock)) {
951 if (ndelay)
952 return -EAGAIN;
953 if (mutex_lock_interruptible(&tty->atomic_write_lock))
954 return -ERESTARTSYS;
955 }
956 return 0;
957 }
958
959 /*
960 * Split writes up in sane blocksizes to avoid
961 * denial-of-service type attacks
962 */
do_tty_write(ssize_t (* write)(struct tty_struct *,struct file *,const unsigned char *,size_t),struct tty_struct * tty,struct file * file,struct iov_iter * from)963 static inline ssize_t do_tty_write(
964 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
965 struct tty_struct *tty,
966 struct file *file,
967 struct iov_iter *from)
968 {
969 size_t count = iov_iter_count(from);
970 ssize_t ret, written = 0;
971 unsigned int chunk;
972
973 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
974 if (ret < 0)
975 return ret;
976
977 /*
978 * We chunk up writes into a temporary buffer. This
979 * simplifies low-level drivers immensely, since they
980 * don't have locking issues and user mode accesses.
981 *
982 * But if TTY_NO_WRITE_SPLIT is set, we should use a
983 * big chunk-size..
984 *
985 * The default chunk-size is 2kB, because the NTTY
986 * layer has problems with bigger chunks. It will
987 * claim to be able to handle more characters than
988 * it actually does.
989 */
990 chunk = 2048;
991 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
992 chunk = 65536;
993 if (count < chunk)
994 chunk = count;
995
996 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
997 if (tty->write_cnt < chunk) {
998 unsigned char *buf_chunk;
999
1000 if (chunk < 1024)
1001 chunk = 1024;
1002
1003 buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1004 if (!buf_chunk) {
1005 ret = -ENOMEM;
1006 goto out;
1007 }
1008 kvfree(tty->write_buf);
1009 tty->write_cnt = chunk;
1010 tty->write_buf = buf_chunk;
1011 }
1012
1013 /* Do the write .. */
1014 for (;;) {
1015 size_t size = count;
1016
1017 if (size > chunk)
1018 size = chunk;
1019
1020 ret = -EFAULT;
1021 if (copy_from_iter(tty->write_buf, size, from) != size)
1022 break;
1023
1024 ret = write(tty, file, tty->write_buf, size);
1025 if (ret <= 0)
1026 break;
1027
1028 written += ret;
1029 if (ret > size)
1030 break;
1031
1032 /* FIXME! Have Al check this! */
1033 if (ret != size)
1034 iov_iter_revert(from, size-ret);
1035
1036 count -= ret;
1037 if (!count)
1038 break;
1039 ret = -ERESTARTSYS;
1040 if (signal_pending(current))
1041 break;
1042 cond_resched();
1043 }
1044 if (written) {
1045 tty_update_time(&file_inode(file)->i_mtime);
1046 ret = written;
1047 }
1048 out:
1049 tty_write_unlock(tty);
1050 return ret;
1051 }
1052
1053 /**
1054 * tty_write_message - write a message to a certain tty, not just the console.
1055 * @tty: the destination tty_struct
1056 * @msg: the message to write
1057 *
1058 * This is used for messages that need to be redirected to a specific tty. We
1059 * don't put it into the syslog queue right now maybe in the future if really
1060 * needed.
1061 *
1062 * We must still hold the BTM and test the CLOSING flag for the moment.
1063 */
tty_write_message(struct tty_struct * tty,char * msg)1064 void tty_write_message(struct tty_struct *tty, char *msg)
1065 {
1066 if (tty) {
1067 mutex_lock(&tty->atomic_write_lock);
1068 tty_lock(tty);
1069 if (tty->ops->write && tty->count > 0)
1070 tty->ops->write(tty, msg, strlen(msg));
1071 tty_unlock(tty);
1072 tty_write_unlock(tty);
1073 }
1074 }
1075
file_tty_write(struct file * file,struct kiocb * iocb,struct iov_iter * from)1076 static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1077 {
1078 struct tty_struct *tty = file_tty(file);
1079 struct tty_ldisc *ld;
1080 ssize_t ret;
1081
1082 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1083 return -EIO;
1084 if (!tty || !tty->ops->write || tty_io_error(tty))
1085 return -EIO;
1086 /* Short term debug to catch buggy drivers */
1087 if (tty->ops->write_room == NULL)
1088 tty_err(tty, "missing write_room method\n");
1089 ld = tty_ldisc_ref_wait(tty);
1090 if (!ld)
1091 return hung_up_tty_write(iocb, from);
1092 if (!ld->ops->write)
1093 ret = -EIO;
1094 else
1095 ret = do_tty_write(ld->ops->write, tty, file, from);
1096 tty_ldisc_deref(ld);
1097 return ret;
1098 }
1099
1100 /**
1101 * tty_write - write method for tty device file
1102 * @iocb: kernel I/O control block
1103 * @from: iov_iter with data to write
1104 *
1105 * Write data to a tty device via the line discipline.
1106 *
1107 * Locking:
1108 * Locks the line discipline as required
1109 * Writes to the tty driver are serialized by the atomic_write_lock
1110 * and are then processed in chunks to the device. The line
1111 * discipline write method will not be invoked in parallel for
1112 * each device.
1113 */
tty_write(struct kiocb * iocb,struct iov_iter * from)1114 static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1115 {
1116 return file_tty_write(iocb->ki_filp, iocb, from);
1117 }
1118
redirected_tty_write(struct kiocb * iocb,struct iov_iter * iter)1119 ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1120 {
1121 struct file *p = NULL;
1122
1123 spin_lock(&redirect_lock);
1124 if (redirect)
1125 p = get_file(redirect);
1126 spin_unlock(&redirect_lock);
1127
1128 /*
1129 * We know the redirected tty is just another tty, we can
1130 * call file_tty_write() directly with that file pointer.
1131 */
1132 if (p) {
1133 ssize_t res;
1134
1135 res = file_tty_write(p, iocb, iter);
1136 fput(p);
1137 return res;
1138 }
1139 return tty_write(iocb, iter);
1140 }
1141
1142 /**
1143 * tty_send_xchar - send priority character
1144 * @tty: the tty to send to
1145 * @ch: xchar to send
1146 *
1147 * Send a high priority character to the tty even if stopped.
1148 *
1149 * Locking: none for xchar method, write ordering for write method.
1150 */
tty_send_xchar(struct tty_struct * tty,char ch)1151 int tty_send_xchar(struct tty_struct *tty, char ch)
1152 {
1153 bool was_stopped = tty->flow.stopped;
1154
1155 if (tty->ops->send_xchar) {
1156 down_read(&tty->termios_rwsem);
1157 tty->ops->send_xchar(tty, ch);
1158 up_read(&tty->termios_rwsem);
1159 return 0;
1160 }
1161
1162 if (tty_write_lock(tty, 0) < 0)
1163 return -ERESTARTSYS;
1164
1165 down_read(&tty->termios_rwsem);
1166 if (was_stopped)
1167 start_tty(tty);
1168 tty->ops->write(tty, &ch, 1);
1169 if (was_stopped)
1170 stop_tty(tty);
1171 up_read(&tty->termios_rwsem);
1172 tty_write_unlock(tty);
1173 return 0;
1174 }
1175
1176 /**
1177 * pty_line_name - generate name for a pty
1178 * @driver: the tty driver in use
1179 * @index: the minor number
1180 * @p: output buffer of at least 6 bytes
1181 *
1182 * Generate a name from a @driver reference and write it to the output buffer
1183 * @p.
1184 *
1185 * Locking: None
1186 */
pty_line_name(struct tty_driver * driver,int index,char * p)1187 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1188 {
1189 static const char ptychar[] = "pqrstuvwxyzabcde";
1190 int i = index + driver->name_base;
1191 /* ->name is initialized to "ttyp", but "tty" is expected */
1192 sprintf(p, "%s%c%x",
1193 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1194 ptychar[i >> 4 & 0xf], i & 0xf);
1195 }
1196
1197 /**
1198 * tty_line_name - generate name for a tty
1199 * @driver: the tty driver in use
1200 * @index: the minor number
1201 * @p: output buffer of at least 7 bytes
1202 *
1203 * Generate a name from a @driver reference and write it to the output buffer
1204 * @p.
1205 *
1206 * Locking: None
1207 */
tty_line_name(struct tty_driver * driver,int index,char * p)1208 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1209 {
1210 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1211 return sprintf(p, "%s", driver->name);
1212 else
1213 return sprintf(p, "%s%d", driver->name,
1214 index + driver->name_base);
1215 }
1216
1217 /**
1218 * tty_driver_lookup_tty() - find an existing tty, if any
1219 * @driver: the driver for the tty
1220 * @file: file object
1221 * @idx: the minor number
1222 *
1223 * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1224 * driver lookup() method returns an error.
1225 *
1226 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1227 */
tty_driver_lookup_tty(struct tty_driver * driver,struct file * file,int idx)1228 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1229 struct file *file, int idx)
1230 {
1231 struct tty_struct *tty;
1232
1233 if (driver->ops->lookup)
1234 if (!file)
1235 tty = ERR_PTR(-EIO);
1236 else
1237 tty = driver->ops->lookup(driver, file, idx);
1238 else
1239 tty = driver->ttys[idx];
1240
1241 if (!IS_ERR(tty))
1242 tty_kref_get(tty);
1243 return tty;
1244 }
1245
1246 /**
1247 * tty_init_termios - helper for termios setup
1248 * @tty: the tty to set up
1249 *
1250 * Initialise the termios structure for this tty. This runs under the
1251 * %tty_mutex currently so we can be relaxed about ordering.
1252 */
tty_init_termios(struct tty_struct * tty)1253 void tty_init_termios(struct tty_struct *tty)
1254 {
1255 struct ktermios *tp;
1256 int idx = tty->index;
1257
1258 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1259 tty->termios = tty->driver->init_termios;
1260 else {
1261 /* Check for lazy saved data */
1262 tp = tty->driver->termios[idx];
1263 if (tp != NULL) {
1264 tty->termios = *tp;
1265 tty->termios.c_line = tty->driver->init_termios.c_line;
1266 } else
1267 tty->termios = tty->driver->init_termios;
1268 }
1269 /* Compatibility until drivers always set this */
1270 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1271 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1272 }
1273 EXPORT_SYMBOL_GPL(tty_init_termios);
1274
1275 /**
1276 * tty_standard_install - usual tty->ops->install
1277 * @driver: the driver for the tty
1278 * @tty: the tty
1279 *
1280 * If the @driver overrides @tty->ops->install, it still can call this function
1281 * to perform the standard install operations.
1282 */
tty_standard_install(struct tty_driver * driver,struct tty_struct * tty)1283 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1284 {
1285 tty_init_termios(tty);
1286 tty_driver_kref_get(driver);
1287 tty->count++;
1288 driver->ttys[tty->index] = tty;
1289 return 0;
1290 }
1291 EXPORT_SYMBOL_GPL(tty_standard_install);
1292
1293 /**
1294 * tty_driver_install_tty() - install a tty entry in the driver
1295 * @driver: the driver for the tty
1296 * @tty: the tty
1297 *
1298 * Install a tty object into the driver tables. The @tty->index field will be
1299 * set by the time this is called. This method is responsible for ensuring any
1300 * need additional structures are allocated and configured.
1301 *
1302 * Locking: tty_mutex for now
1303 */
tty_driver_install_tty(struct tty_driver * driver,struct tty_struct * tty)1304 static int tty_driver_install_tty(struct tty_driver *driver,
1305 struct tty_struct *tty)
1306 {
1307 return driver->ops->install ? driver->ops->install(driver, tty) :
1308 tty_standard_install(driver, tty);
1309 }
1310
1311 /**
1312 * tty_driver_remove_tty() - remove a tty from the driver tables
1313 * @driver: the driver for the tty
1314 * @tty: tty to remove
1315 *
1316 * Remove a tty object from the driver tables. The tty->index field will be set
1317 * by the time this is called.
1318 *
1319 * Locking: tty_mutex for now
1320 */
tty_driver_remove_tty(struct tty_driver * driver,struct tty_struct * tty)1321 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1322 {
1323 if (driver->ops->remove)
1324 driver->ops->remove(driver, tty);
1325 else
1326 driver->ttys[tty->index] = NULL;
1327 }
1328
1329 /**
1330 * tty_reopen() - fast re-open of an open tty
1331 * @tty: the tty to open
1332 *
1333 * Re-opens on master ptys are not allowed and return -%EIO.
1334 *
1335 * Locking: Caller must hold tty_lock
1336 * Return: 0 on success, -errno on error.
1337 */
tty_reopen(struct tty_struct * tty)1338 static int tty_reopen(struct tty_struct *tty)
1339 {
1340 struct tty_driver *driver = tty->driver;
1341 struct tty_ldisc *ld;
1342 int retval = 0;
1343
1344 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1345 driver->subtype == PTY_TYPE_MASTER)
1346 return -EIO;
1347
1348 if (!tty->count)
1349 return -EAGAIN;
1350
1351 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1352 return -EBUSY;
1353
1354 ld = tty_ldisc_ref_wait(tty);
1355 if (ld) {
1356 tty_ldisc_deref(ld);
1357 } else {
1358 retval = tty_ldisc_lock(tty, 5 * HZ);
1359 if (retval)
1360 return retval;
1361
1362 if (!tty->ldisc)
1363 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1364 tty_ldisc_unlock(tty);
1365 }
1366
1367 if (retval == 0)
1368 tty->count++;
1369
1370 return retval;
1371 }
1372
1373 /**
1374 * tty_init_dev - initialise a tty device
1375 * @driver: tty driver we are opening a device on
1376 * @idx: device index
1377 *
1378 * Prepare a tty device. This may not be a "new" clean device but could also be
1379 * an active device. The pty drivers require special handling because of this.
1380 *
1381 * Locking:
1382 * The function is called under the tty_mutex, which protects us from the
1383 * tty struct or driver itself going away.
1384 *
1385 * On exit the tty device has the line discipline attached and a reference
1386 * count of 1. If a pair was created for pty/tty use and the other was a pty
1387 * master then it too has a reference count of 1.
1388 *
1389 * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1390 * open. The new code protects the open with a mutex, so it's really quite
1391 * straightforward. The mutex locking can probably be relaxed for the (most
1392 * common) case of reopening a tty.
1393 *
1394 * Return: new tty structure
1395 */
tty_init_dev(struct tty_driver * driver,int idx)1396 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1397 {
1398 struct tty_struct *tty;
1399 int retval;
1400
1401 /*
1402 * First time open is complex, especially for PTY devices.
1403 * This code guarantees that either everything succeeds and the
1404 * TTY is ready for operation, or else the table slots are vacated
1405 * and the allocated memory released. (Except that the termios
1406 * may be retained.)
1407 */
1408
1409 if (!try_module_get(driver->owner))
1410 return ERR_PTR(-ENODEV);
1411
1412 tty = alloc_tty_struct(driver, idx);
1413 if (!tty) {
1414 retval = -ENOMEM;
1415 goto err_module_put;
1416 }
1417
1418 tty_lock(tty);
1419 retval = tty_driver_install_tty(driver, tty);
1420 if (retval < 0)
1421 goto err_free_tty;
1422
1423 if (!tty->port)
1424 tty->port = driver->ports[idx];
1425
1426 if (WARN_RATELIMIT(!tty->port,
1427 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1428 __func__, tty->driver->name)) {
1429 retval = -EINVAL;
1430 goto err_release_lock;
1431 }
1432
1433 retval = tty_ldisc_lock(tty, 5 * HZ);
1434 if (retval)
1435 goto err_release_lock;
1436 tty->port->itty = tty;
1437
1438 /*
1439 * Structures all installed ... call the ldisc open routines.
1440 * If we fail here just call release_tty to clean up. No need
1441 * to decrement the use counts, as release_tty doesn't care.
1442 */
1443 retval = tty_ldisc_setup(tty, tty->link);
1444 if (retval)
1445 goto err_release_tty;
1446 tty_ldisc_unlock(tty);
1447 /* Return the tty locked so that it cannot vanish under the caller */
1448 return tty;
1449
1450 err_free_tty:
1451 tty_unlock(tty);
1452 free_tty_struct(tty);
1453 err_module_put:
1454 module_put(driver->owner);
1455 return ERR_PTR(retval);
1456
1457 /* call the tty release_tty routine to clean out this slot */
1458 err_release_tty:
1459 tty_ldisc_unlock(tty);
1460 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1461 retval, idx);
1462 err_release_lock:
1463 tty_unlock(tty);
1464 release_tty(tty, idx);
1465 return ERR_PTR(retval);
1466 }
1467
1468 /**
1469 * tty_save_termios() - save tty termios data in driver table
1470 * @tty: tty whose termios data to save
1471 *
1472 * Locking: Caller guarantees serialisation with tty_init_termios().
1473 */
tty_save_termios(struct tty_struct * tty)1474 void tty_save_termios(struct tty_struct *tty)
1475 {
1476 struct ktermios *tp;
1477 int idx = tty->index;
1478
1479 /* If the port is going to reset then it has no termios to save */
1480 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1481 return;
1482
1483 /* Stash the termios data */
1484 tp = tty->driver->termios[idx];
1485 if (tp == NULL) {
1486 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1487 if (tp == NULL)
1488 return;
1489 tty->driver->termios[idx] = tp;
1490 }
1491 *tp = tty->termios;
1492 }
1493 EXPORT_SYMBOL_GPL(tty_save_termios);
1494
1495 /**
1496 * tty_flush_works - flush all works of a tty/pty pair
1497 * @tty: tty device to flush works for (or either end of a pty pair)
1498 *
1499 * Sync flush all works belonging to @tty (and the 'other' tty).
1500 */
tty_flush_works(struct tty_struct * tty)1501 static void tty_flush_works(struct tty_struct *tty)
1502 {
1503 flush_work(&tty->SAK_work);
1504 flush_work(&tty->hangup_work);
1505 if (tty->link) {
1506 flush_work(&tty->link->SAK_work);
1507 flush_work(&tty->link->hangup_work);
1508 }
1509 }
1510
1511 /**
1512 * release_one_tty - release tty structure memory
1513 * @work: work of tty we are obliterating
1514 *
1515 * Releases memory associated with a tty structure, and clears out the
1516 * driver table slots. This function is called when a device is no longer
1517 * in use. It also gets called when setup of a device fails.
1518 *
1519 * Locking:
1520 * takes the file list lock internally when working on the list of ttys
1521 * that the driver keeps.
1522 *
1523 * This method gets called from a work queue so that the driver private
1524 * cleanup ops can sleep (needed for USB at least)
1525 */
release_one_tty(struct work_struct * work)1526 static void release_one_tty(struct work_struct *work)
1527 {
1528 struct tty_struct *tty =
1529 container_of(work, struct tty_struct, hangup_work);
1530 struct tty_driver *driver = tty->driver;
1531 struct module *owner = driver->owner;
1532
1533 if (tty->ops->cleanup)
1534 tty->ops->cleanup(tty);
1535
1536 tty->magic = 0;
1537 tty_driver_kref_put(driver);
1538 module_put(owner);
1539
1540 spin_lock(&tty->files_lock);
1541 list_del_init(&tty->tty_files);
1542 spin_unlock(&tty->files_lock);
1543
1544 put_pid(tty->ctrl.pgrp);
1545 put_pid(tty->ctrl.session);
1546 free_tty_struct(tty);
1547 }
1548
queue_release_one_tty(struct kref * kref)1549 static void queue_release_one_tty(struct kref *kref)
1550 {
1551 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1552
1553 /* The hangup queue is now free so we can reuse it rather than
1554 * waste a chunk of memory for each port.
1555 */
1556 INIT_WORK(&tty->hangup_work, release_one_tty);
1557 schedule_work(&tty->hangup_work);
1558 }
1559
1560 /**
1561 * tty_kref_put - release a tty kref
1562 * @tty: tty device
1563 *
1564 * Release a reference to the @tty device and if need be let the kref layer
1565 * destruct the object for us.
1566 */
tty_kref_put(struct tty_struct * tty)1567 void tty_kref_put(struct tty_struct *tty)
1568 {
1569 if (tty)
1570 kref_put(&tty->kref, queue_release_one_tty);
1571 }
1572 EXPORT_SYMBOL(tty_kref_put);
1573
1574 /**
1575 * release_tty - release tty structure memory
1576 * @tty: tty device release
1577 * @idx: index of the tty device release
1578 *
1579 * Release both @tty and a possible linked partner (think pty pair),
1580 * and decrement the refcount of the backing module.
1581 *
1582 * Locking:
1583 * tty_mutex
1584 * takes the file list lock internally when working on the list of ttys
1585 * that the driver keeps.
1586 */
release_tty(struct tty_struct * tty,int idx)1587 static void release_tty(struct tty_struct *tty, int idx)
1588 {
1589 /* This should always be true but check for the moment */
1590 WARN_ON(tty->index != idx);
1591 WARN_ON(!mutex_is_locked(&tty_mutex));
1592 if (tty->ops->shutdown)
1593 tty->ops->shutdown(tty);
1594 tty_save_termios(tty);
1595 tty_driver_remove_tty(tty->driver, tty);
1596 if (tty->port)
1597 tty->port->itty = NULL;
1598 if (tty->link)
1599 tty->link->port->itty = NULL;
1600 if (tty->port)
1601 tty_buffer_cancel_work(tty->port);
1602 if (tty->link)
1603 tty_buffer_cancel_work(tty->link->port);
1604
1605 tty_kref_put(tty->link);
1606 tty_kref_put(tty);
1607 }
1608
1609 /**
1610 * tty_release_checks - check a tty before real release
1611 * @tty: tty to check
1612 * @idx: index of the tty
1613 *
1614 * Performs some paranoid checking before true release of the @tty. This is a
1615 * no-op unless %TTY_PARANOIA_CHECK is defined.
1616 */
tty_release_checks(struct tty_struct * tty,int idx)1617 static int tty_release_checks(struct tty_struct *tty, int idx)
1618 {
1619 #ifdef TTY_PARANOIA_CHECK
1620 if (idx < 0 || idx >= tty->driver->num) {
1621 tty_debug(tty, "bad idx %d\n", idx);
1622 return -1;
1623 }
1624
1625 /* not much to check for devpts */
1626 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1627 return 0;
1628
1629 if (tty != tty->driver->ttys[idx]) {
1630 tty_debug(tty, "bad driver table[%d] = %p\n",
1631 idx, tty->driver->ttys[idx]);
1632 return -1;
1633 }
1634 if (tty->driver->other) {
1635 struct tty_struct *o_tty = tty->link;
1636
1637 if (o_tty != tty->driver->other->ttys[idx]) {
1638 tty_debug(tty, "bad other table[%d] = %p\n",
1639 idx, tty->driver->other->ttys[idx]);
1640 return -1;
1641 }
1642 if (o_tty->link != tty) {
1643 tty_debug(tty, "bad link = %p\n", o_tty->link);
1644 return -1;
1645 }
1646 }
1647 #endif
1648 return 0;
1649 }
1650
1651 /**
1652 * tty_kclose - closes tty opened by tty_kopen
1653 * @tty: tty device
1654 *
1655 * Performs the final steps to release and free a tty device. It is the same as
1656 * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1657 * @tty->port.
1658 */
tty_kclose(struct tty_struct * tty)1659 void tty_kclose(struct tty_struct *tty)
1660 {
1661 /*
1662 * Ask the line discipline code to release its structures
1663 */
1664 tty_ldisc_release(tty);
1665
1666 /* Wait for pending work before tty destruction commmences */
1667 tty_flush_works(tty);
1668
1669 tty_debug_hangup(tty, "freeing structure\n");
1670 /*
1671 * The release_tty function takes care of the details of clearing
1672 * the slots and preserving the termios structure.
1673 */
1674 mutex_lock(&tty_mutex);
1675 tty_port_set_kopened(tty->port, 0);
1676 release_tty(tty, tty->index);
1677 mutex_unlock(&tty_mutex);
1678 }
1679 EXPORT_SYMBOL_GPL(tty_kclose);
1680
1681 /**
1682 * tty_release_struct - release a tty struct
1683 * @tty: tty device
1684 * @idx: index of the tty
1685 *
1686 * Performs the final steps to release and free a tty device. It is roughly the
1687 * reverse of tty_init_dev().
1688 */
tty_release_struct(struct tty_struct * tty,int idx)1689 void tty_release_struct(struct tty_struct *tty, int idx)
1690 {
1691 /*
1692 * Ask the line discipline code to release its structures
1693 */
1694 tty_ldisc_release(tty);
1695
1696 /* Wait for pending work before tty destruction commmences */
1697 tty_flush_works(tty);
1698
1699 tty_debug_hangup(tty, "freeing structure\n");
1700 /*
1701 * The release_tty function takes care of the details of clearing
1702 * the slots and preserving the termios structure.
1703 */
1704 mutex_lock(&tty_mutex);
1705 release_tty(tty, idx);
1706 mutex_unlock(&tty_mutex);
1707 }
1708 EXPORT_SYMBOL_GPL(tty_release_struct);
1709
1710 /**
1711 * tty_release - vfs callback for close
1712 * @inode: inode of tty
1713 * @filp: file pointer for handle to tty
1714 *
1715 * Called the last time each file handle is closed that references this tty.
1716 * There may however be several such references.
1717 *
1718 * Locking:
1719 * Takes BKL. See tty_release_dev().
1720 *
1721 * Even releasing the tty structures is a tricky business. We have to be very
1722 * careful that the structures are all released at the same time, as interrupts
1723 * might otherwise get the wrong pointers.
1724 *
1725 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1726 * lead to double frees or releasing memory still in use.
1727 */
tty_release(struct inode * inode,struct file * filp)1728 int tty_release(struct inode *inode, struct file *filp)
1729 {
1730 struct tty_struct *tty = file_tty(filp);
1731 struct tty_struct *o_tty = NULL;
1732 int do_sleep, final;
1733 int idx;
1734 long timeout = 0;
1735 int once = 1;
1736
1737 if (tty_paranoia_check(tty, inode, __func__))
1738 return 0;
1739
1740 tty_lock(tty);
1741 check_tty_count(tty, __func__);
1742
1743 __tty_fasync(-1, filp, 0);
1744
1745 idx = tty->index;
1746 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1747 tty->driver->subtype == PTY_TYPE_MASTER)
1748 o_tty = tty->link;
1749
1750 if (tty_release_checks(tty, idx)) {
1751 tty_unlock(tty);
1752 return 0;
1753 }
1754
1755 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1756
1757 if (tty->ops->close)
1758 tty->ops->close(tty, filp);
1759
1760 /* If tty is pty master, lock the slave pty (stable lock order) */
1761 tty_lock_slave(o_tty);
1762
1763 /*
1764 * Sanity check: if tty->count is going to zero, there shouldn't be
1765 * any waiters on tty->read_wait or tty->write_wait. We test the
1766 * wait queues and kick everyone out _before_ actually starting to
1767 * close. This ensures that we won't block while releasing the tty
1768 * structure.
1769 *
1770 * The test for the o_tty closing is necessary, since the master and
1771 * slave sides may close in any order. If the slave side closes out
1772 * first, its count will be one, since the master side holds an open.
1773 * Thus this test wouldn't be triggered at the time the slave closed,
1774 * so we do it now.
1775 */
1776 while (1) {
1777 do_sleep = 0;
1778
1779 if (tty->count <= 1) {
1780 if (waitqueue_active(&tty->read_wait)) {
1781 wake_up_poll(&tty->read_wait, EPOLLIN);
1782 do_sleep++;
1783 }
1784 if (waitqueue_active(&tty->write_wait)) {
1785 wake_up_poll(&tty->write_wait, EPOLLOUT);
1786 do_sleep++;
1787 }
1788 }
1789 if (o_tty && o_tty->count <= 1) {
1790 if (waitqueue_active(&o_tty->read_wait)) {
1791 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1792 do_sleep++;
1793 }
1794 if (waitqueue_active(&o_tty->write_wait)) {
1795 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1796 do_sleep++;
1797 }
1798 }
1799 if (!do_sleep)
1800 break;
1801
1802 if (once) {
1803 once = 0;
1804 tty_warn(tty, "read/write wait queue active!\n");
1805 }
1806 schedule_timeout_killable(timeout);
1807 if (timeout < 120 * HZ)
1808 timeout = 2 * timeout + 1;
1809 else
1810 timeout = MAX_SCHEDULE_TIMEOUT;
1811 }
1812
1813 if (o_tty) {
1814 if (--o_tty->count < 0) {
1815 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1816 o_tty->count = 0;
1817 }
1818 }
1819 if (--tty->count < 0) {
1820 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1821 tty->count = 0;
1822 }
1823
1824 /*
1825 * We've decremented tty->count, so we need to remove this file
1826 * descriptor off the tty->tty_files list; this serves two
1827 * purposes:
1828 * - check_tty_count sees the correct number of file descriptors
1829 * associated with this tty.
1830 * - do_tty_hangup no longer sees this file descriptor as
1831 * something that needs to be handled for hangups.
1832 */
1833 tty_del_file(filp);
1834
1835 /*
1836 * Perform some housekeeping before deciding whether to return.
1837 *
1838 * If _either_ side is closing, make sure there aren't any
1839 * processes that still think tty or o_tty is their controlling
1840 * tty.
1841 */
1842 if (!tty->count) {
1843 read_lock(&tasklist_lock);
1844 session_clear_tty(tty->ctrl.session);
1845 if (o_tty)
1846 session_clear_tty(o_tty->ctrl.session);
1847 read_unlock(&tasklist_lock);
1848 }
1849
1850 /* check whether both sides are closing ... */
1851 final = !tty->count && !(o_tty && o_tty->count);
1852
1853 tty_unlock_slave(o_tty);
1854 tty_unlock(tty);
1855
1856 /* At this point, the tty->count == 0 should ensure a dead tty
1857 * cannot be re-opened by a racing opener.
1858 */
1859
1860 if (!final)
1861 return 0;
1862
1863 tty_debug_hangup(tty, "final close\n");
1864
1865 tty_release_struct(tty, idx);
1866 return 0;
1867 }
1868
1869 /**
1870 * tty_open_current_tty - get locked tty of current task
1871 * @device: device number
1872 * @filp: file pointer to tty
1873 * @return: locked tty of the current task iff @device is /dev/tty
1874 *
1875 * Performs a re-open of the current task's controlling tty.
1876 *
1877 * We cannot return driver and index like for the other nodes because devpts
1878 * will not work then. It expects inodes to be from devpts FS.
1879 */
tty_open_current_tty(dev_t device,struct file * filp)1880 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1881 {
1882 struct tty_struct *tty;
1883 int retval;
1884
1885 if (device != MKDEV(TTYAUX_MAJOR, 0))
1886 return NULL;
1887
1888 tty = get_current_tty();
1889 if (!tty)
1890 return ERR_PTR(-ENXIO);
1891
1892 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1893 /* noctty = 1; */
1894 tty_lock(tty);
1895 tty_kref_put(tty); /* safe to drop the kref now */
1896
1897 retval = tty_reopen(tty);
1898 if (retval < 0) {
1899 tty_unlock(tty);
1900 tty = ERR_PTR(retval);
1901 }
1902 return tty;
1903 }
1904
1905 /**
1906 * tty_lookup_driver - lookup a tty driver for a given device file
1907 * @device: device number
1908 * @filp: file pointer to tty
1909 * @index: index for the device in the @return driver
1910 *
1911 * If returned value is not erroneous, the caller is responsible to decrement
1912 * the refcount by tty_driver_kref_put().
1913 *
1914 * Locking: %tty_mutex protects get_tty_driver()
1915 *
1916 * Return: driver for this inode (with increased refcount)
1917 */
tty_lookup_driver(dev_t device,struct file * filp,int * index)1918 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1919 int *index)
1920 {
1921 struct tty_driver *driver = NULL;
1922
1923 switch (device) {
1924 #ifdef CONFIG_VT
1925 case MKDEV(TTY_MAJOR, 0): {
1926 extern struct tty_driver *console_driver;
1927
1928 driver = tty_driver_kref_get(console_driver);
1929 *index = fg_console;
1930 break;
1931 }
1932 #endif
1933 case MKDEV(TTYAUX_MAJOR, 1): {
1934 struct tty_driver *console_driver = console_device(index);
1935
1936 if (console_driver) {
1937 driver = tty_driver_kref_get(console_driver);
1938 if (driver && filp) {
1939 /* Don't let /dev/console block */
1940 filp->f_flags |= O_NONBLOCK;
1941 break;
1942 }
1943 }
1944 if (driver)
1945 tty_driver_kref_put(driver);
1946 return ERR_PTR(-ENODEV);
1947 }
1948 default:
1949 driver = get_tty_driver(device, index);
1950 if (!driver)
1951 return ERR_PTR(-ENODEV);
1952 break;
1953 }
1954 return driver;
1955 }
1956
tty_kopen(dev_t device,int shared)1957 static struct tty_struct *tty_kopen(dev_t device, int shared)
1958 {
1959 struct tty_struct *tty;
1960 struct tty_driver *driver;
1961 int index = -1;
1962
1963 mutex_lock(&tty_mutex);
1964 driver = tty_lookup_driver(device, NULL, &index);
1965 if (IS_ERR(driver)) {
1966 mutex_unlock(&tty_mutex);
1967 return ERR_CAST(driver);
1968 }
1969
1970 /* check whether we're reopening an existing tty */
1971 tty = tty_driver_lookup_tty(driver, NULL, index);
1972 if (IS_ERR(tty) || shared)
1973 goto out;
1974
1975 if (tty) {
1976 /* drop kref from tty_driver_lookup_tty() */
1977 tty_kref_put(tty);
1978 tty = ERR_PTR(-EBUSY);
1979 } else { /* tty_init_dev returns tty with the tty_lock held */
1980 tty = tty_init_dev(driver, index);
1981 if (IS_ERR(tty))
1982 goto out;
1983 tty_port_set_kopened(tty->port, 1);
1984 }
1985 out:
1986 mutex_unlock(&tty_mutex);
1987 tty_driver_kref_put(driver);
1988 return tty;
1989 }
1990
1991 /**
1992 * tty_kopen_exclusive - open a tty device for kernel
1993 * @device: dev_t of device to open
1994 *
1995 * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
1996 * it's not already opened and performs the first-time tty initialization.
1997 *
1998 * Claims the global %tty_mutex to serialize:
1999 * * concurrent first-time tty initialization
2000 * * concurrent tty driver removal w/ lookup
2001 * * concurrent tty removal from driver table
2002 *
2003 * Return: the locked initialized &tty_struct
2004 */
tty_kopen_exclusive(dev_t device)2005 struct tty_struct *tty_kopen_exclusive(dev_t device)
2006 {
2007 return tty_kopen(device, 0);
2008 }
2009 EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2010
2011 /**
2012 * tty_kopen_shared - open a tty device for shared in-kernel use
2013 * @device: dev_t of device to open
2014 *
2015 * Opens an already existing tty for in-kernel use. Compared to
2016 * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2017 *
2018 * Locking: identical to tty_kopen() above.
2019 */
tty_kopen_shared(dev_t device)2020 struct tty_struct *tty_kopen_shared(dev_t device)
2021 {
2022 return tty_kopen(device, 1);
2023 }
2024 EXPORT_SYMBOL_GPL(tty_kopen_shared);
2025
2026 /**
2027 * tty_open_by_driver - open a tty device
2028 * @device: dev_t of device to open
2029 * @filp: file pointer to tty
2030 *
2031 * Performs the driver lookup, checks for a reopen, or otherwise performs the
2032 * first-time tty initialization.
2033 *
2034 *
2035 * Claims the global tty_mutex to serialize:
2036 * * concurrent first-time tty initialization
2037 * * concurrent tty driver removal w/ lookup
2038 * * concurrent tty removal from driver table
2039 *
2040 * Return: the locked initialized or re-opened &tty_struct
2041 */
tty_open_by_driver(dev_t device,struct file * filp)2042 static struct tty_struct *tty_open_by_driver(dev_t device,
2043 struct file *filp)
2044 {
2045 struct tty_struct *tty;
2046 struct tty_driver *driver = NULL;
2047 int index = -1;
2048 int retval;
2049
2050 mutex_lock(&tty_mutex);
2051 driver = tty_lookup_driver(device, filp, &index);
2052 if (IS_ERR(driver)) {
2053 mutex_unlock(&tty_mutex);
2054 return ERR_CAST(driver);
2055 }
2056
2057 /* check whether we're reopening an existing tty */
2058 tty = tty_driver_lookup_tty(driver, filp, index);
2059 if (IS_ERR(tty)) {
2060 mutex_unlock(&tty_mutex);
2061 goto out;
2062 }
2063
2064 if (tty) {
2065 if (tty_port_kopened(tty->port)) {
2066 tty_kref_put(tty);
2067 mutex_unlock(&tty_mutex);
2068 tty = ERR_PTR(-EBUSY);
2069 goto out;
2070 }
2071 mutex_unlock(&tty_mutex);
2072 retval = tty_lock_interruptible(tty);
2073 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2074 if (retval) {
2075 if (retval == -EINTR)
2076 retval = -ERESTARTSYS;
2077 tty = ERR_PTR(retval);
2078 goto out;
2079 }
2080 retval = tty_reopen(tty);
2081 if (retval < 0) {
2082 tty_unlock(tty);
2083 tty = ERR_PTR(retval);
2084 }
2085 } else { /* Returns with the tty_lock held for now */
2086 tty = tty_init_dev(driver, index);
2087 mutex_unlock(&tty_mutex);
2088 }
2089 out:
2090 tty_driver_kref_put(driver);
2091 return tty;
2092 }
2093
2094 /**
2095 * tty_open - open a tty device
2096 * @inode: inode of device file
2097 * @filp: file pointer to tty
2098 *
2099 * tty_open() and tty_release() keep up the tty count that contains the number
2100 * of opens done on a tty. We cannot use the inode-count, as different inodes
2101 * might point to the same tty.
2102 *
2103 * Open-counting is needed for pty masters, as well as for keeping track of
2104 * serial lines: DTR is dropped when the last close happens.
2105 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2106 *
2107 * The termios state of a pty is reset on the first open so that settings don't
2108 * persist across reuse.
2109 *
2110 * Locking:
2111 * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2112 * * @tty->count should protect the rest.
2113 * * ->siglock protects ->signal/->sighand
2114 *
2115 * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2116 */
tty_open(struct inode * inode,struct file * filp)2117 static int tty_open(struct inode *inode, struct file *filp)
2118 {
2119 struct tty_struct *tty;
2120 int noctty, retval;
2121 dev_t device = inode->i_rdev;
2122 unsigned saved_flags = filp->f_flags;
2123
2124 nonseekable_open(inode, filp);
2125
2126 retry_open:
2127 retval = tty_alloc_file(filp);
2128 if (retval)
2129 return -ENOMEM;
2130
2131 tty = tty_open_current_tty(device, filp);
2132 if (!tty)
2133 tty = tty_open_by_driver(device, filp);
2134
2135 if (IS_ERR(tty)) {
2136 tty_free_file(filp);
2137 retval = PTR_ERR(tty);
2138 if (retval != -EAGAIN || signal_pending(current))
2139 return retval;
2140 schedule();
2141 goto retry_open;
2142 }
2143
2144 tty_add_file(tty, filp);
2145
2146 check_tty_count(tty, __func__);
2147 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2148
2149 if (tty->ops->open)
2150 retval = tty->ops->open(tty, filp);
2151 else
2152 retval = -ENODEV;
2153 filp->f_flags = saved_flags;
2154
2155 if (retval) {
2156 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2157
2158 tty_unlock(tty); /* need to call tty_release without BTM */
2159 tty_release(inode, filp);
2160 if (retval != -ERESTARTSYS)
2161 return retval;
2162
2163 if (signal_pending(current))
2164 return retval;
2165
2166 schedule();
2167 /*
2168 * Need to reset f_op in case a hangup happened.
2169 */
2170 if (tty_hung_up_p(filp))
2171 filp->f_op = &tty_fops;
2172 goto retry_open;
2173 }
2174 clear_bit(TTY_HUPPED, &tty->flags);
2175
2176 noctty = (filp->f_flags & O_NOCTTY) ||
2177 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2178 device == MKDEV(TTYAUX_MAJOR, 1) ||
2179 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2180 tty->driver->subtype == PTY_TYPE_MASTER);
2181 if (!noctty)
2182 tty_open_proc_set_tty(filp, tty);
2183 tty_unlock(tty);
2184 return 0;
2185 }
2186
2187
2188 /**
2189 * tty_poll - check tty status
2190 * @filp: file being polled
2191 * @wait: poll wait structures to update
2192 *
2193 * Call the line discipline polling method to obtain the poll status of the
2194 * device.
2195 *
2196 * Locking: locks called line discipline but ldisc poll method may be
2197 * re-entered freely by other callers.
2198 */
tty_poll(struct file * filp,poll_table * wait)2199 static __poll_t tty_poll(struct file *filp, poll_table *wait)
2200 {
2201 struct tty_struct *tty = file_tty(filp);
2202 struct tty_ldisc *ld;
2203 __poll_t ret = 0;
2204
2205 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2206 return 0;
2207
2208 ld = tty_ldisc_ref_wait(tty);
2209 if (!ld)
2210 return hung_up_tty_poll(filp, wait);
2211 if (ld->ops->poll)
2212 ret = ld->ops->poll(tty, filp, wait);
2213 tty_ldisc_deref(ld);
2214 return ret;
2215 }
2216
__tty_fasync(int fd,struct file * filp,int on)2217 static int __tty_fasync(int fd, struct file *filp, int on)
2218 {
2219 struct tty_struct *tty = file_tty(filp);
2220 unsigned long flags;
2221 int retval = 0;
2222
2223 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2224 goto out;
2225
2226 retval = fasync_helper(fd, filp, on, &tty->fasync);
2227 if (retval <= 0)
2228 goto out;
2229
2230 if (on) {
2231 enum pid_type type;
2232 struct pid *pid;
2233
2234 spin_lock_irqsave(&tty->ctrl.lock, flags);
2235 if (tty->ctrl.pgrp) {
2236 pid = tty->ctrl.pgrp;
2237 type = PIDTYPE_PGID;
2238 } else {
2239 pid = task_pid(current);
2240 type = PIDTYPE_TGID;
2241 }
2242 get_pid(pid);
2243 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2244 __f_setown(filp, pid, type, 0);
2245 put_pid(pid);
2246 retval = 0;
2247 }
2248 out:
2249 return retval;
2250 }
2251
tty_fasync(int fd,struct file * filp,int on)2252 static int tty_fasync(int fd, struct file *filp, int on)
2253 {
2254 struct tty_struct *tty = file_tty(filp);
2255 int retval = -ENOTTY;
2256
2257 tty_lock(tty);
2258 if (!tty_hung_up_p(filp))
2259 retval = __tty_fasync(fd, filp, on);
2260 tty_unlock(tty);
2261
2262 return retval;
2263 }
2264
2265 /**
2266 * tiocsti - fake input character
2267 * @tty: tty to fake input into
2268 * @p: pointer to character
2269 *
2270 * Fake input to a tty device. Does the necessary locking and input management.
2271 *
2272 * FIXME: does not honour flow control ??
2273 *
2274 * Locking:
2275 * * Called functions take tty_ldiscs_lock
2276 * * current->signal->tty check is safe without locks
2277 */
tiocsti(struct tty_struct * tty,char __user * p)2278 static int tiocsti(struct tty_struct *tty, char __user *p)
2279 {
2280 char ch, mbz = 0;
2281 struct tty_ldisc *ld;
2282
2283 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2284 return -EPERM;
2285 if (get_user(ch, p))
2286 return -EFAULT;
2287 tty_audit_tiocsti(tty, ch);
2288 ld = tty_ldisc_ref_wait(tty);
2289 if (!ld)
2290 return -EIO;
2291 tty_buffer_lock_exclusive(tty->port);
2292 if (ld->ops->receive_buf)
2293 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2294 tty_buffer_unlock_exclusive(tty->port);
2295 tty_ldisc_deref(ld);
2296 return 0;
2297 }
2298
2299 /**
2300 * tiocgwinsz - implement window query ioctl
2301 * @tty: tty
2302 * @arg: user buffer for result
2303 *
2304 * Copies the kernel idea of the window size into the user buffer.
2305 *
2306 * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2307 * consistent.
2308 */
tiocgwinsz(struct tty_struct * tty,struct winsize __user * arg)2309 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2310 {
2311 int err;
2312
2313 mutex_lock(&tty->winsize_mutex);
2314 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2315 mutex_unlock(&tty->winsize_mutex);
2316
2317 return err ? -EFAULT : 0;
2318 }
2319
2320 /**
2321 * tty_do_resize - resize event
2322 * @tty: tty being resized
2323 * @ws: new dimensions
2324 *
2325 * Update the termios variables and send the necessary signals to peform a
2326 * terminal resize correctly.
2327 */
tty_do_resize(struct tty_struct * tty,struct winsize * ws)2328 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2329 {
2330 struct pid *pgrp;
2331
2332 /* Lock the tty */
2333 mutex_lock(&tty->winsize_mutex);
2334 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2335 goto done;
2336
2337 /* Signal the foreground process group */
2338 pgrp = tty_get_pgrp(tty);
2339 if (pgrp)
2340 kill_pgrp(pgrp, SIGWINCH, 1);
2341 put_pid(pgrp);
2342
2343 tty->winsize = *ws;
2344 done:
2345 mutex_unlock(&tty->winsize_mutex);
2346 return 0;
2347 }
2348 EXPORT_SYMBOL(tty_do_resize);
2349
2350 /**
2351 * tiocswinsz - implement window size set ioctl
2352 * @tty: tty side of tty
2353 * @arg: user buffer for result
2354 *
2355 * Copies the user idea of the window size to the kernel. Traditionally this is
2356 * just advisory information but for the Linux console it actually has driver
2357 * level meaning and triggers a VC resize.
2358 *
2359 * Locking:
2360 * Driver dependent. The default do_resize method takes the tty termios
2361 * mutex and ctrl.lock. The console takes its own lock then calls into the
2362 * default method.
2363 */
tiocswinsz(struct tty_struct * tty,struct winsize __user * arg)2364 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2365 {
2366 struct winsize tmp_ws;
2367
2368 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2369 return -EFAULT;
2370
2371 if (tty->ops->resize)
2372 return tty->ops->resize(tty, &tmp_ws);
2373 else
2374 return tty_do_resize(tty, &tmp_ws);
2375 }
2376
2377 /**
2378 * tioccons - allow admin to move logical console
2379 * @file: the file to become console
2380 *
2381 * Allow the administrator to move the redirected console device.
2382 *
2383 * Locking: uses redirect_lock to guard the redirect information
2384 */
tioccons(struct file * file)2385 static int tioccons(struct file *file)
2386 {
2387 if (!capable(CAP_SYS_ADMIN))
2388 return -EPERM;
2389 if (file->f_op->write_iter == redirected_tty_write) {
2390 struct file *f;
2391
2392 spin_lock(&redirect_lock);
2393 f = redirect;
2394 redirect = NULL;
2395 spin_unlock(&redirect_lock);
2396 if (f)
2397 fput(f);
2398 return 0;
2399 }
2400 if (file->f_op->write_iter != tty_write)
2401 return -ENOTTY;
2402 if (!(file->f_mode & FMODE_WRITE))
2403 return -EBADF;
2404 if (!(file->f_mode & FMODE_CAN_WRITE))
2405 return -EINVAL;
2406 spin_lock(&redirect_lock);
2407 if (redirect) {
2408 spin_unlock(&redirect_lock);
2409 return -EBUSY;
2410 }
2411 redirect = get_file(file);
2412 spin_unlock(&redirect_lock);
2413 return 0;
2414 }
2415
2416 /**
2417 * tiocsetd - set line discipline
2418 * @tty: tty device
2419 * @p: pointer to user data
2420 *
2421 * Set the line discipline according to user request.
2422 *
2423 * Locking: see tty_set_ldisc(), this function is just a helper
2424 */
tiocsetd(struct tty_struct * tty,int __user * p)2425 static int tiocsetd(struct tty_struct *tty, int __user *p)
2426 {
2427 int disc;
2428 int ret;
2429
2430 if (get_user(disc, p))
2431 return -EFAULT;
2432
2433 ret = tty_set_ldisc(tty, disc);
2434
2435 return ret;
2436 }
2437
2438 /**
2439 * tiocgetd - get line discipline
2440 * @tty: tty device
2441 * @p: pointer to user data
2442 *
2443 * Retrieves the line discipline id directly from the ldisc.
2444 *
2445 * Locking: waits for ldisc reference (in case the line discipline is changing
2446 * or the @tty is being hungup)
2447 */
tiocgetd(struct tty_struct * tty,int __user * p)2448 static int tiocgetd(struct tty_struct *tty, int __user *p)
2449 {
2450 struct tty_ldisc *ld;
2451 int ret;
2452
2453 ld = tty_ldisc_ref_wait(tty);
2454 if (!ld)
2455 return -EIO;
2456 ret = put_user(ld->ops->num, p);
2457 tty_ldisc_deref(ld);
2458 return ret;
2459 }
2460
2461 /**
2462 * send_break - performed time break
2463 * @tty: device to break on
2464 * @duration: timeout in mS
2465 *
2466 * Perform a timed break on hardware that lacks its own driver level timed
2467 * break functionality.
2468 *
2469 * Locking:
2470 * @tty->atomic_write_lock serializes
2471 */
send_break(struct tty_struct * tty,unsigned int duration)2472 static int send_break(struct tty_struct *tty, unsigned int duration)
2473 {
2474 int retval;
2475
2476 if (tty->ops->break_ctl == NULL)
2477 return 0;
2478
2479 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2480 retval = tty->ops->break_ctl(tty, duration);
2481 else {
2482 /* Do the work ourselves */
2483 if (tty_write_lock(tty, 0) < 0)
2484 return -EINTR;
2485 retval = tty->ops->break_ctl(tty, -1);
2486 if (retval)
2487 goto out;
2488 if (!signal_pending(current))
2489 msleep_interruptible(duration);
2490 retval = tty->ops->break_ctl(tty, 0);
2491 out:
2492 tty_write_unlock(tty);
2493 if (signal_pending(current))
2494 retval = -EINTR;
2495 }
2496 return retval;
2497 }
2498
2499 /**
2500 * tty_tiocmget - get modem status
2501 * @tty: tty device
2502 * @p: pointer to result
2503 *
2504 * Obtain the modem status bits from the tty driver if the feature is
2505 * supported. Return -%ENOTTY if it is not available.
2506 *
2507 * Locking: none (up to the driver)
2508 */
tty_tiocmget(struct tty_struct * tty,int __user * p)2509 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2510 {
2511 int retval = -ENOTTY;
2512
2513 if (tty->ops->tiocmget) {
2514 retval = tty->ops->tiocmget(tty);
2515
2516 if (retval >= 0)
2517 retval = put_user(retval, p);
2518 }
2519 return retval;
2520 }
2521
2522 /**
2523 * tty_tiocmset - set modem status
2524 * @tty: tty device
2525 * @cmd: command - clear bits, set bits or set all
2526 * @p: pointer to desired bits
2527 *
2528 * Set the modem status bits from the tty driver if the feature
2529 * is supported. Return -%ENOTTY if it is not available.
2530 *
2531 * Locking: none (up to the driver)
2532 */
tty_tiocmset(struct tty_struct * tty,unsigned int cmd,unsigned __user * p)2533 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2534 unsigned __user *p)
2535 {
2536 int retval;
2537 unsigned int set, clear, val;
2538
2539 if (tty->ops->tiocmset == NULL)
2540 return -ENOTTY;
2541
2542 retval = get_user(val, p);
2543 if (retval)
2544 return retval;
2545 set = clear = 0;
2546 switch (cmd) {
2547 case TIOCMBIS:
2548 set = val;
2549 break;
2550 case TIOCMBIC:
2551 clear = val;
2552 break;
2553 case TIOCMSET:
2554 set = val;
2555 clear = ~val;
2556 break;
2557 }
2558 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2559 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2560 return tty->ops->tiocmset(tty, set, clear);
2561 }
2562
2563 /**
2564 * tty_get_icount - get tty statistics
2565 * @tty: tty device
2566 * @icount: output parameter
2567 *
2568 * Gets a copy of the @tty's icount statistics.
2569 *
2570 * Locking: none (up to the driver)
2571 */
tty_get_icount(struct tty_struct * tty,struct serial_icounter_struct * icount)2572 int tty_get_icount(struct tty_struct *tty,
2573 struct serial_icounter_struct *icount)
2574 {
2575 memset(icount, 0, sizeof(*icount));
2576
2577 if (tty->ops->get_icount)
2578 return tty->ops->get_icount(tty, icount);
2579 else
2580 return -ENOTTY;
2581 }
2582 EXPORT_SYMBOL_GPL(tty_get_icount);
2583
tty_tiocgicount(struct tty_struct * tty,void __user * arg)2584 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2585 {
2586 struct serial_icounter_struct icount;
2587 int retval;
2588
2589 retval = tty_get_icount(tty, &icount);
2590 if (retval != 0)
2591 return retval;
2592
2593 if (copy_to_user(arg, &icount, sizeof(icount)))
2594 return -EFAULT;
2595 return 0;
2596 }
2597
tty_set_serial(struct tty_struct * tty,struct serial_struct * ss)2598 static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2599 {
2600 char comm[TASK_COMM_LEN];
2601 int flags;
2602
2603 flags = ss->flags & ASYNC_DEPRECATED;
2604
2605 if (flags)
2606 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2607 __func__, get_task_comm(comm, current), flags);
2608
2609 if (!tty->ops->set_serial)
2610 return -ENOTTY;
2611
2612 return tty->ops->set_serial(tty, ss);
2613 }
2614
tty_tiocsserial(struct tty_struct * tty,struct serial_struct __user * ss)2615 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2616 {
2617 struct serial_struct v;
2618
2619 if (copy_from_user(&v, ss, sizeof(*ss)))
2620 return -EFAULT;
2621
2622 return tty_set_serial(tty, &v);
2623 }
2624
tty_tiocgserial(struct tty_struct * tty,struct serial_struct __user * ss)2625 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2626 {
2627 struct serial_struct v;
2628 int err;
2629
2630 memset(&v, 0, sizeof(v));
2631 if (!tty->ops->get_serial)
2632 return -ENOTTY;
2633 err = tty->ops->get_serial(tty, &v);
2634 if (!err && copy_to_user(ss, &v, sizeof(v)))
2635 err = -EFAULT;
2636 return err;
2637 }
2638
2639 /*
2640 * if pty, return the slave side (real_tty)
2641 * otherwise, return self
2642 */
tty_pair_get_tty(struct tty_struct * tty)2643 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2644 {
2645 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2646 tty->driver->subtype == PTY_TYPE_MASTER)
2647 tty = tty->link;
2648 return tty;
2649 }
2650
2651 /*
2652 * Split this up, as gcc can choke on it otherwise..
2653 */
tty_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2654 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2655 {
2656 struct tty_struct *tty = file_tty(file);
2657 struct tty_struct *real_tty;
2658 void __user *p = (void __user *)arg;
2659 int retval;
2660 struct tty_ldisc *ld;
2661
2662 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2663 return -EINVAL;
2664
2665 real_tty = tty_pair_get_tty(tty);
2666
2667 /*
2668 * Factor out some common prep work
2669 */
2670 switch (cmd) {
2671 case TIOCSETD:
2672 case TIOCSBRK:
2673 case TIOCCBRK:
2674 case TCSBRK:
2675 case TCSBRKP:
2676 retval = tty_check_change(tty);
2677 if (retval)
2678 return retval;
2679 if (cmd != TIOCCBRK) {
2680 tty_wait_until_sent(tty, 0);
2681 if (signal_pending(current))
2682 return -EINTR;
2683 }
2684 break;
2685 }
2686
2687 /*
2688 * Now do the stuff.
2689 */
2690 switch (cmd) {
2691 case TIOCSTI:
2692 return tiocsti(tty, p);
2693 case TIOCGWINSZ:
2694 return tiocgwinsz(real_tty, p);
2695 case TIOCSWINSZ:
2696 return tiocswinsz(real_tty, p);
2697 case TIOCCONS:
2698 return real_tty != tty ? -EINVAL : tioccons(file);
2699 case TIOCEXCL:
2700 set_bit(TTY_EXCLUSIVE, &tty->flags);
2701 return 0;
2702 case TIOCNXCL:
2703 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2704 return 0;
2705 case TIOCGEXCL:
2706 {
2707 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2708
2709 return put_user(excl, (int __user *)p);
2710 }
2711 case TIOCGETD:
2712 return tiocgetd(tty, p);
2713 case TIOCSETD:
2714 return tiocsetd(tty, p);
2715 case TIOCVHANGUP:
2716 if (!capable(CAP_SYS_ADMIN))
2717 return -EPERM;
2718 tty_vhangup(tty);
2719 return 0;
2720 case TIOCGDEV:
2721 {
2722 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2723
2724 return put_user(ret, (unsigned int __user *)p);
2725 }
2726 /*
2727 * Break handling
2728 */
2729 case TIOCSBRK: /* Turn break on, unconditionally */
2730 if (tty->ops->break_ctl)
2731 return tty->ops->break_ctl(tty, -1);
2732 return 0;
2733 case TIOCCBRK: /* Turn break off, unconditionally */
2734 if (tty->ops->break_ctl)
2735 return tty->ops->break_ctl(tty, 0);
2736 return 0;
2737 case TCSBRK: /* SVID version: non-zero arg --> no break */
2738 /* non-zero arg means wait for all output data
2739 * to be sent (performed above) but don't send break.
2740 * This is used by the tcdrain() termios function.
2741 */
2742 if (!arg)
2743 return send_break(tty, 250);
2744 return 0;
2745 case TCSBRKP: /* support for POSIX tcsendbreak() */
2746 return send_break(tty, arg ? arg*100 : 250);
2747
2748 case TIOCMGET:
2749 return tty_tiocmget(tty, p);
2750 case TIOCMSET:
2751 case TIOCMBIC:
2752 case TIOCMBIS:
2753 return tty_tiocmset(tty, cmd, p);
2754 case TIOCGICOUNT:
2755 return tty_tiocgicount(tty, p);
2756 case TCFLSH:
2757 switch (arg) {
2758 case TCIFLUSH:
2759 case TCIOFLUSH:
2760 /* flush tty buffer and allow ldisc to process ioctl */
2761 tty_buffer_flush(tty, NULL);
2762 break;
2763 }
2764 break;
2765 case TIOCSSERIAL:
2766 return tty_tiocsserial(tty, p);
2767 case TIOCGSERIAL:
2768 return tty_tiocgserial(tty, p);
2769 case TIOCGPTPEER:
2770 /* Special because the struct file is needed */
2771 return ptm_open_peer(file, tty, (int)arg);
2772 default:
2773 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2774 if (retval != -ENOIOCTLCMD)
2775 return retval;
2776 }
2777 if (tty->ops->ioctl) {
2778 retval = tty->ops->ioctl(tty, cmd, arg);
2779 if (retval != -ENOIOCTLCMD)
2780 return retval;
2781 }
2782 ld = tty_ldisc_ref_wait(tty);
2783 if (!ld)
2784 return hung_up_tty_ioctl(file, cmd, arg);
2785 retval = -EINVAL;
2786 if (ld->ops->ioctl) {
2787 retval = ld->ops->ioctl(tty, cmd, arg);
2788 if (retval == -ENOIOCTLCMD)
2789 retval = -ENOTTY;
2790 }
2791 tty_ldisc_deref(ld);
2792 return retval;
2793 }
2794
2795 #ifdef CONFIG_COMPAT
2796
2797 struct serial_struct32 {
2798 compat_int_t type;
2799 compat_int_t line;
2800 compat_uint_t port;
2801 compat_int_t irq;
2802 compat_int_t flags;
2803 compat_int_t xmit_fifo_size;
2804 compat_int_t custom_divisor;
2805 compat_int_t baud_base;
2806 unsigned short close_delay;
2807 char io_type;
2808 char reserved_char;
2809 compat_int_t hub6;
2810 unsigned short closing_wait; /* time to wait before closing */
2811 unsigned short closing_wait2; /* no longer used... */
2812 compat_uint_t iomem_base;
2813 unsigned short iomem_reg_shift;
2814 unsigned int port_high;
2815 /* compat_ulong_t iomap_base FIXME */
2816 compat_int_t reserved;
2817 };
2818
compat_tty_tiocsserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2819 static int compat_tty_tiocsserial(struct tty_struct *tty,
2820 struct serial_struct32 __user *ss)
2821 {
2822 struct serial_struct32 v32;
2823 struct serial_struct v;
2824
2825 if (copy_from_user(&v32, ss, sizeof(*ss)))
2826 return -EFAULT;
2827
2828 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2829 v.iomem_base = compat_ptr(v32.iomem_base);
2830 v.iomem_reg_shift = v32.iomem_reg_shift;
2831 v.port_high = v32.port_high;
2832 v.iomap_base = 0;
2833
2834 return tty_set_serial(tty, &v);
2835 }
2836
compat_tty_tiocgserial(struct tty_struct * tty,struct serial_struct32 __user * ss)2837 static int compat_tty_tiocgserial(struct tty_struct *tty,
2838 struct serial_struct32 __user *ss)
2839 {
2840 struct serial_struct32 v32;
2841 struct serial_struct v;
2842 int err;
2843
2844 memset(&v, 0, sizeof(v));
2845 memset(&v32, 0, sizeof(v32));
2846
2847 if (!tty->ops->get_serial)
2848 return -ENOTTY;
2849 err = tty->ops->get_serial(tty, &v);
2850 if (!err) {
2851 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2852 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2853 0xfffffff : ptr_to_compat(v.iomem_base);
2854 v32.iomem_reg_shift = v.iomem_reg_shift;
2855 v32.port_high = v.port_high;
2856 if (copy_to_user(ss, &v32, sizeof(v32)))
2857 err = -EFAULT;
2858 }
2859 return err;
2860 }
tty_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2861 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2862 unsigned long arg)
2863 {
2864 struct tty_struct *tty = file_tty(file);
2865 struct tty_ldisc *ld;
2866 int retval = -ENOIOCTLCMD;
2867
2868 switch (cmd) {
2869 case TIOCOUTQ:
2870 case TIOCSTI:
2871 case TIOCGWINSZ:
2872 case TIOCSWINSZ:
2873 case TIOCGEXCL:
2874 case TIOCGETD:
2875 case TIOCSETD:
2876 case TIOCGDEV:
2877 case TIOCMGET:
2878 case TIOCMSET:
2879 case TIOCMBIC:
2880 case TIOCMBIS:
2881 case TIOCGICOUNT:
2882 case TIOCGPGRP:
2883 case TIOCSPGRP:
2884 case TIOCGSID:
2885 case TIOCSERGETLSR:
2886 case TIOCGRS485:
2887 case TIOCSRS485:
2888 #ifdef TIOCGETP
2889 case TIOCGETP:
2890 case TIOCSETP:
2891 case TIOCSETN:
2892 #endif
2893 #ifdef TIOCGETC
2894 case TIOCGETC:
2895 case TIOCSETC:
2896 #endif
2897 #ifdef TIOCGLTC
2898 case TIOCGLTC:
2899 case TIOCSLTC:
2900 #endif
2901 case TCSETSF:
2902 case TCSETSW:
2903 case TCSETS:
2904 case TCGETS:
2905 #ifdef TCGETS2
2906 case TCGETS2:
2907 case TCSETSF2:
2908 case TCSETSW2:
2909 case TCSETS2:
2910 #endif
2911 case TCGETA:
2912 case TCSETAF:
2913 case TCSETAW:
2914 case TCSETA:
2915 case TIOCGLCKTRMIOS:
2916 case TIOCSLCKTRMIOS:
2917 #ifdef TCGETX
2918 case TCGETX:
2919 case TCSETX:
2920 case TCSETXW:
2921 case TCSETXF:
2922 #endif
2923 case TIOCGSOFTCAR:
2924 case TIOCSSOFTCAR:
2925
2926 case PPPIOCGCHAN:
2927 case PPPIOCGUNIT:
2928 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2929 case TIOCCONS:
2930 case TIOCEXCL:
2931 case TIOCNXCL:
2932 case TIOCVHANGUP:
2933 case TIOCSBRK:
2934 case TIOCCBRK:
2935 case TCSBRK:
2936 case TCSBRKP:
2937 case TCFLSH:
2938 case TIOCGPTPEER:
2939 case TIOCNOTTY:
2940 case TIOCSCTTY:
2941 case TCXONC:
2942 case TIOCMIWAIT:
2943 case TIOCSERCONFIG:
2944 return tty_ioctl(file, cmd, arg);
2945 }
2946
2947 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2948 return -EINVAL;
2949
2950 switch (cmd) {
2951 case TIOCSSERIAL:
2952 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2953 case TIOCGSERIAL:
2954 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2955 }
2956 if (tty->ops->compat_ioctl) {
2957 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2958 if (retval != -ENOIOCTLCMD)
2959 return retval;
2960 }
2961
2962 ld = tty_ldisc_ref_wait(tty);
2963 if (!ld)
2964 return hung_up_tty_compat_ioctl(file, cmd, arg);
2965 if (ld->ops->compat_ioctl)
2966 retval = ld->ops->compat_ioctl(tty, cmd, arg);
2967 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2968 retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2969 arg);
2970 tty_ldisc_deref(ld);
2971
2972 return retval;
2973 }
2974 #endif
2975
this_tty(const void * t,struct file * file,unsigned fd)2976 static int this_tty(const void *t, struct file *file, unsigned fd)
2977 {
2978 if (likely(file->f_op->read_iter != tty_read))
2979 return 0;
2980 return file_tty(file) != t ? 0 : fd + 1;
2981 }
2982
2983 /*
2984 * This implements the "Secure Attention Key" --- the idea is to
2985 * prevent trojan horses by killing all processes associated with this
2986 * tty when the user hits the "Secure Attention Key". Required for
2987 * super-paranoid applications --- see the Orange Book for more details.
2988 *
2989 * This code could be nicer; ideally it should send a HUP, wait a few
2990 * seconds, then send a INT, and then a KILL signal. But you then
2991 * have to coordinate with the init process, since all processes associated
2992 * with the current tty must be dead before the new getty is allowed
2993 * to spawn.
2994 *
2995 * Now, if it would be correct ;-/ The current code has a nasty hole -
2996 * it doesn't catch files in flight. We may send the descriptor to ourselves
2997 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2998 *
2999 * Nasty bug: do_SAK is being called in interrupt context. This can
3000 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3001 */
__do_SAK(struct tty_struct * tty)3002 void __do_SAK(struct tty_struct *tty)
3003 {
3004 struct task_struct *g, *p;
3005 struct pid *session;
3006 int i;
3007 unsigned long flags;
3008
3009 spin_lock_irqsave(&tty->ctrl.lock, flags);
3010 session = get_pid(tty->ctrl.session);
3011 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3012
3013 tty_ldisc_flush(tty);
3014
3015 tty_driver_flush_buffer(tty);
3016
3017 read_lock(&tasklist_lock);
3018 /* Kill the entire session */
3019 do_each_pid_task(session, PIDTYPE_SID, p) {
3020 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3021 task_pid_nr(p), p->comm);
3022 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3023 } while_each_pid_task(session, PIDTYPE_SID, p);
3024
3025 /* Now kill any processes that happen to have the tty open */
3026 do_each_thread(g, p) {
3027 if (p->signal->tty == tty) {
3028 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3029 task_pid_nr(p), p->comm);
3030 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3031 PIDTYPE_SID);
3032 continue;
3033 }
3034 task_lock(p);
3035 i = iterate_fd(p->files, 0, this_tty, tty);
3036 if (i != 0) {
3037 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3038 task_pid_nr(p), p->comm, i - 1);
3039 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3040 PIDTYPE_SID);
3041 }
3042 task_unlock(p);
3043 } while_each_thread(g, p);
3044 read_unlock(&tasklist_lock);
3045 put_pid(session);
3046 }
3047
do_SAK_work(struct work_struct * work)3048 static void do_SAK_work(struct work_struct *work)
3049 {
3050 struct tty_struct *tty =
3051 container_of(work, struct tty_struct, SAK_work);
3052 __do_SAK(tty);
3053 }
3054
3055 /*
3056 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3057 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3058 * the values which we write to it will be identical to the values which it
3059 * already has. --akpm
3060 */
do_SAK(struct tty_struct * tty)3061 void do_SAK(struct tty_struct *tty)
3062 {
3063 if (!tty)
3064 return;
3065 schedule_work(&tty->SAK_work);
3066 }
3067 EXPORT_SYMBOL(do_SAK);
3068
3069 /* Must put_device() after it's unused! */
tty_get_device(struct tty_struct * tty)3070 static struct device *tty_get_device(struct tty_struct *tty)
3071 {
3072 dev_t devt = tty_devnum(tty);
3073
3074 return class_find_device_by_devt(tty_class, devt);
3075 }
3076
3077
3078 /**
3079 * alloc_tty_struct - allocate a new tty
3080 * @driver: driver which will handle the returned tty
3081 * @idx: minor of the tty
3082 *
3083 * This subroutine allocates and initializes a tty structure.
3084 *
3085 * Locking: none - @tty in question is not exposed at this point
3086 */
alloc_tty_struct(struct tty_driver * driver,int idx)3087 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3088 {
3089 struct tty_struct *tty;
3090
3091 tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3092 if (!tty)
3093 return NULL;
3094
3095 kref_init(&tty->kref);
3096 tty->magic = TTY_MAGIC;
3097 if (tty_ldisc_init(tty)) {
3098 kfree(tty);
3099 return NULL;
3100 }
3101 tty->ctrl.session = NULL;
3102 tty->ctrl.pgrp = NULL;
3103 mutex_init(&tty->legacy_mutex);
3104 mutex_init(&tty->throttle_mutex);
3105 init_rwsem(&tty->termios_rwsem);
3106 mutex_init(&tty->winsize_mutex);
3107 init_ldsem(&tty->ldisc_sem);
3108 init_waitqueue_head(&tty->write_wait);
3109 init_waitqueue_head(&tty->read_wait);
3110 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3111 mutex_init(&tty->atomic_write_lock);
3112 spin_lock_init(&tty->ctrl.lock);
3113 spin_lock_init(&tty->flow.lock);
3114 spin_lock_init(&tty->files_lock);
3115 INIT_LIST_HEAD(&tty->tty_files);
3116 INIT_WORK(&tty->SAK_work, do_SAK_work);
3117
3118 tty->driver = driver;
3119 tty->ops = driver->ops;
3120 tty->index = idx;
3121 tty_line_name(driver, idx, tty->name);
3122 tty->dev = tty_get_device(tty);
3123
3124 return tty;
3125 }
3126
3127 /**
3128 * tty_put_char - write one character to a tty
3129 * @tty: tty
3130 * @ch: character to write
3131 *
3132 * Write one byte to the @tty using the provided @tty->ops->put_char() method
3133 * if present.
3134 *
3135 * Note: the specific put_char operation in the driver layer may go
3136 * away soon. Don't call it directly, use this method
3137 *
3138 * Return: the number of characters successfully output.
3139 */
tty_put_char(struct tty_struct * tty,unsigned char ch)3140 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3141 {
3142 if (tty->ops->put_char)
3143 return tty->ops->put_char(tty, ch);
3144 return tty->ops->write(tty, &ch, 1);
3145 }
3146 EXPORT_SYMBOL_GPL(tty_put_char);
3147
3148 struct class *tty_class;
3149
tty_cdev_add(struct tty_driver * driver,dev_t dev,unsigned int index,unsigned int count)3150 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3151 unsigned int index, unsigned int count)
3152 {
3153 int err;
3154
3155 /* init here, since reused cdevs cause crashes */
3156 driver->cdevs[index] = cdev_alloc();
3157 if (!driver->cdevs[index])
3158 return -ENOMEM;
3159 driver->cdevs[index]->ops = &tty_fops;
3160 driver->cdevs[index]->owner = driver->owner;
3161 err = cdev_add(driver->cdevs[index], dev, count);
3162 if (err)
3163 kobject_put(&driver->cdevs[index]->kobj);
3164 return err;
3165 }
3166
3167 /**
3168 * tty_register_device - register a tty device
3169 * @driver: the tty driver that describes the tty device
3170 * @index: the index in the tty driver for this tty device
3171 * @device: a struct device that is associated with this tty device.
3172 * This field is optional, if there is no known struct device
3173 * for this tty device it can be set to NULL safely.
3174 *
3175 * This call is required to be made to register an individual tty device
3176 * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3177 * that bit is not set, this function should not be called by a tty
3178 * driver.
3179 *
3180 * Locking: ??
3181 *
3182 * Return: A pointer to the struct device for this tty device (or
3183 * ERR_PTR(-EFOO) on error).
3184 */
tty_register_device(struct tty_driver * driver,unsigned index,struct device * device)3185 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3186 struct device *device)
3187 {
3188 return tty_register_device_attr(driver, index, device, NULL, NULL);
3189 }
3190 EXPORT_SYMBOL(tty_register_device);
3191
tty_device_create_release(struct device * dev)3192 static void tty_device_create_release(struct device *dev)
3193 {
3194 dev_dbg(dev, "releasing...\n");
3195 kfree(dev);
3196 }
3197
3198 /**
3199 * tty_register_device_attr - register a tty device
3200 * @driver: the tty driver that describes the tty device
3201 * @index: the index in the tty driver for this tty device
3202 * @device: a struct device that is associated with this tty device.
3203 * This field is optional, if there is no known struct device
3204 * for this tty device it can be set to %NULL safely.
3205 * @drvdata: Driver data to be set to device.
3206 * @attr_grp: Attribute group to be set on device.
3207 *
3208 * This call is required to be made to register an individual tty device if the
3209 * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3210 * not set, this function should not be called by a tty driver.
3211 *
3212 * Locking: ??
3213 *
3214 * Return: A pointer to the struct device for this tty device (or
3215 * ERR_PTR(-EFOO) on error).
3216 */
tty_register_device_attr(struct tty_driver * driver,unsigned index,struct device * device,void * drvdata,const struct attribute_group ** attr_grp)3217 struct device *tty_register_device_attr(struct tty_driver *driver,
3218 unsigned index, struct device *device,
3219 void *drvdata,
3220 const struct attribute_group **attr_grp)
3221 {
3222 char name[64];
3223 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3224 struct ktermios *tp;
3225 struct device *dev;
3226 int retval;
3227
3228 if (index >= driver->num) {
3229 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3230 driver->name, index);
3231 return ERR_PTR(-EINVAL);
3232 }
3233
3234 if (driver->type == TTY_DRIVER_TYPE_PTY)
3235 pty_line_name(driver, index, name);
3236 else
3237 tty_line_name(driver, index, name);
3238
3239 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3240 if (!dev)
3241 return ERR_PTR(-ENOMEM);
3242
3243 dev->devt = devt;
3244 dev->class = tty_class;
3245 dev->parent = device;
3246 dev->release = tty_device_create_release;
3247 dev_set_name(dev, "%s", name);
3248 dev->groups = attr_grp;
3249 dev_set_drvdata(dev, drvdata);
3250
3251 dev_set_uevent_suppress(dev, 1);
3252
3253 retval = device_register(dev);
3254 if (retval)
3255 goto err_put;
3256
3257 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3258 /*
3259 * Free any saved termios data so that the termios state is
3260 * reset when reusing a minor number.
3261 */
3262 tp = driver->termios[index];
3263 if (tp) {
3264 driver->termios[index] = NULL;
3265 kfree(tp);
3266 }
3267
3268 retval = tty_cdev_add(driver, devt, index, 1);
3269 if (retval)
3270 goto err_del;
3271 }
3272
3273 dev_set_uevent_suppress(dev, 0);
3274 kobject_uevent(&dev->kobj, KOBJ_ADD);
3275
3276 return dev;
3277
3278 err_del:
3279 device_del(dev);
3280 err_put:
3281 put_device(dev);
3282
3283 return ERR_PTR(retval);
3284 }
3285 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3286
3287 /**
3288 * tty_unregister_device - unregister a tty device
3289 * @driver: the tty driver that describes the tty device
3290 * @index: the index in the tty driver for this tty device
3291 *
3292 * If a tty device is registered with a call to tty_register_device() then
3293 * this function must be called when the tty device is gone.
3294 *
3295 * Locking: ??
3296 */
tty_unregister_device(struct tty_driver * driver,unsigned index)3297 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3298 {
3299 device_destroy(tty_class,
3300 MKDEV(driver->major, driver->minor_start) + index);
3301 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3302 cdev_del(driver->cdevs[index]);
3303 driver->cdevs[index] = NULL;
3304 }
3305 }
3306 EXPORT_SYMBOL(tty_unregister_device);
3307
3308 /**
3309 * __tty_alloc_driver -- allocate tty driver
3310 * @lines: count of lines this driver can handle at most
3311 * @owner: module which is responsible for this driver
3312 * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
3313 *
3314 * This should not be called directly, some of the provided macros should be
3315 * used instead. Use IS_ERR() and friends on @retval.
3316 */
__tty_alloc_driver(unsigned int lines,struct module * owner,unsigned long flags)3317 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3318 unsigned long flags)
3319 {
3320 struct tty_driver *driver;
3321 unsigned int cdevs = 1;
3322 int err;
3323
3324 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3325 return ERR_PTR(-EINVAL);
3326
3327 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3328 if (!driver)
3329 return ERR_PTR(-ENOMEM);
3330
3331 kref_init(&driver->kref);
3332 driver->magic = TTY_DRIVER_MAGIC;
3333 driver->num = lines;
3334 driver->owner = owner;
3335 driver->flags = flags;
3336
3337 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3338 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3339 GFP_KERNEL);
3340 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3341 GFP_KERNEL);
3342 if (!driver->ttys || !driver->termios) {
3343 err = -ENOMEM;
3344 goto err_free_all;
3345 }
3346 }
3347
3348 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3349 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3350 GFP_KERNEL);
3351 if (!driver->ports) {
3352 err = -ENOMEM;
3353 goto err_free_all;
3354 }
3355 cdevs = lines;
3356 }
3357
3358 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3359 if (!driver->cdevs) {
3360 err = -ENOMEM;
3361 goto err_free_all;
3362 }
3363
3364 return driver;
3365 err_free_all:
3366 kfree(driver->ports);
3367 kfree(driver->ttys);
3368 kfree(driver->termios);
3369 kfree(driver->cdevs);
3370 kfree(driver);
3371 return ERR_PTR(err);
3372 }
3373 EXPORT_SYMBOL(__tty_alloc_driver);
3374
destruct_tty_driver(struct kref * kref)3375 static void destruct_tty_driver(struct kref *kref)
3376 {
3377 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3378 int i;
3379 struct ktermios *tp;
3380
3381 if (driver->flags & TTY_DRIVER_INSTALLED) {
3382 for (i = 0; i < driver->num; i++) {
3383 tp = driver->termios[i];
3384 if (tp) {
3385 driver->termios[i] = NULL;
3386 kfree(tp);
3387 }
3388 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3389 tty_unregister_device(driver, i);
3390 }
3391 proc_tty_unregister_driver(driver);
3392 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3393 cdev_del(driver->cdevs[0]);
3394 }
3395 kfree(driver->cdevs);
3396 kfree(driver->ports);
3397 kfree(driver->termios);
3398 kfree(driver->ttys);
3399 kfree(driver);
3400 }
3401
3402 /**
3403 * tty_driver_kref_put -- drop a reference to a tty driver
3404 * @driver: driver of which to drop the reference
3405 *
3406 * The final put will destroy and free up the driver.
3407 */
tty_driver_kref_put(struct tty_driver * driver)3408 void tty_driver_kref_put(struct tty_driver *driver)
3409 {
3410 kref_put(&driver->kref, destruct_tty_driver);
3411 }
3412 EXPORT_SYMBOL(tty_driver_kref_put);
3413
3414 /**
3415 * tty_register_driver -- register a tty driver
3416 * @driver: driver to register
3417 *
3418 * Called by a tty driver to register itself.
3419 */
tty_register_driver(struct tty_driver * driver)3420 int tty_register_driver(struct tty_driver *driver)
3421 {
3422 int error;
3423 int i;
3424 dev_t dev;
3425 struct device *d;
3426
3427 if (!driver->major) {
3428 error = alloc_chrdev_region(&dev, driver->minor_start,
3429 driver->num, driver->name);
3430 if (!error) {
3431 driver->major = MAJOR(dev);
3432 driver->minor_start = MINOR(dev);
3433 }
3434 } else {
3435 dev = MKDEV(driver->major, driver->minor_start);
3436 error = register_chrdev_region(dev, driver->num, driver->name);
3437 }
3438 if (error < 0)
3439 goto err;
3440
3441 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3442 error = tty_cdev_add(driver, dev, 0, driver->num);
3443 if (error)
3444 goto err_unreg_char;
3445 }
3446
3447 mutex_lock(&tty_mutex);
3448 list_add(&driver->tty_drivers, &tty_drivers);
3449 mutex_unlock(&tty_mutex);
3450
3451 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3452 for (i = 0; i < driver->num; i++) {
3453 d = tty_register_device(driver, i, NULL);
3454 if (IS_ERR(d)) {
3455 error = PTR_ERR(d);
3456 goto err_unreg_devs;
3457 }
3458 }
3459 }
3460 proc_tty_register_driver(driver);
3461 driver->flags |= TTY_DRIVER_INSTALLED;
3462 return 0;
3463
3464 err_unreg_devs:
3465 for (i--; i >= 0; i--)
3466 tty_unregister_device(driver, i);
3467
3468 mutex_lock(&tty_mutex);
3469 list_del(&driver->tty_drivers);
3470 mutex_unlock(&tty_mutex);
3471
3472 err_unreg_char:
3473 unregister_chrdev_region(dev, driver->num);
3474 err:
3475 return error;
3476 }
3477 EXPORT_SYMBOL(tty_register_driver);
3478
3479 /**
3480 * tty_unregister_driver -- unregister a tty driver
3481 * @driver: driver to unregister
3482 *
3483 * Called by a tty driver to unregister itself.
3484 */
tty_unregister_driver(struct tty_driver * driver)3485 void tty_unregister_driver(struct tty_driver *driver)
3486 {
3487 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3488 driver->num);
3489 mutex_lock(&tty_mutex);
3490 list_del(&driver->tty_drivers);
3491 mutex_unlock(&tty_mutex);
3492 }
3493 EXPORT_SYMBOL(tty_unregister_driver);
3494
tty_devnum(struct tty_struct * tty)3495 dev_t tty_devnum(struct tty_struct *tty)
3496 {
3497 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3498 }
3499 EXPORT_SYMBOL(tty_devnum);
3500
tty_default_fops(struct file_operations * fops)3501 void tty_default_fops(struct file_operations *fops)
3502 {
3503 *fops = tty_fops;
3504 }
3505
tty_devnode(struct device * dev,umode_t * mode)3506 static char *tty_devnode(struct device *dev, umode_t *mode)
3507 {
3508 if (!mode)
3509 return NULL;
3510 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3511 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3512 *mode = 0666;
3513 return NULL;
3514 }
3515
tty_class_init(void)3516 static int __init tty_class_init(void)
3517 {
3518 tty_class = class_create(THIS_MODULE, "tty");
3519 if (IS_ERR(tty_class))
3520 return PTR_ERR(tty_class);
3521 tty_class->devnode = tty_devnode;
3522 return 0;
3523 }
3524
3525 postcore_initcall(tty_class_init);
3526
3527 /* 3/2004 jmc: why do these devices exist? */
3528 static struct cdev tty_cdev, console_cdev;
3529
show_cons_active(struct device * dev,struct device_attribute * attr,char * buf)3530 static ssize_t show_cons_active(struct device *dev,
3531 struct device_attribute *attr, char *buf)
3532 {
3533 struct console *cs[16];
3534 int i = 0;
3535 struct console *c;
3536 ssize_t count = 0;
3537
3538 console_lock();
3539 for_each_console(c) {
3540 if (!c->device)
3541 continue;
3542 if (!c->write)
3543 continue;
3544 if ((c->flags & CON_ENABLED) == 0)
3545 continue;
3546 cs[i++] = c;
3547 if (i >= ARRAY_SIZE(cs))
3548 break;
3549 }
3550 while (i--) {
3551 int index = cs[i]->index;
3552 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3553
3554 /* don't resolve tty0 as some programs depend on it */
3555 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3556 count += tty_line_name(drv, index, buf + count);
3557 else
3558 count += sprintf(buf + count, "%s%d",
3559 cs[i]->name, cs[i]->index);
3560
3561 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3562 }
3563 console_unlock();
3564
3565 return count;
3566 }
3567 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3568
3569 static struct attribute *cons_dev_attrs[] = {
3570 &dev_attr_active.attr,
3571 NULL
3572 };
3573
3574 ATTRIBUTE_GROUPS(cons_dev);
3575
3576 static struct device *consdev;
3577
console_sysfs_notify(void)3578 void console_sysfs_notify(void)
3579 {
3580 if (consdev)
3581 sysfs_notify(&consdev->kobj, NULL, "active");
3582 }
3583
3584 /*
3585 * Ok, now we can initialize the rest of the tty devices and can count
3586 * on memory allocations, interrupts etc..
3587 */
tty_init(void)3588 int __init tty_init(void)
3589 {
3590 tty_sysctl_init();
3591 cdev_init(&tty_cdev, &tty_fops);
3592 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3593 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3594 panic("Couldn't register /dev/tty driver\n");
3595 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3596
3597 cdev_init(&console_cdev, &console_fops);
3598 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3599 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3600 panic("Couldn't register /dev/console driver\n");
3601 consdev = device_create_with_groups(tty_class, NULL,
3602 MKDEV(TTYAUX_MAJOR, 1), NULL,
3603 cons_dev_groups, "console");
3604 if (IS_ERR(consdev))
3605 consdev = NULL;
3606
3607 #ifdef CONFIG_VT
3608 vty_init(&console_fops);
3609 #endif
3610 return 0;
3611 }
3612
3613