1 #include <linux/types.h>
2 #include <linux/major.h>
3 #include <linux/errno.h>
4 #include <linux/signal.h>
5 #include <linux/fcntl.h>
6 #include <linux/sched.h>
7 #include <linux/interrupt.h>
8 #include <linux/tty.h>
9 #include <linux/tty_driver.h>
10 #include <linux/tty_flip.h>
11 #include <linux/devpts_fs.h>
12 #include <linux/file.h>
13 #include <linux/console.h>
14 #include <linux/timer.h>
15 #include <linux/ctype.h>
16 #include <linux/kd.h>
17 #include <linux/mm.h>
18 #include <linux/string.h>
19 #include <linux/slab.h>
20 #include <linux/poll.h>
21 #include <linux/proc_fs.h>
22 #include <linux/init.h>
23 #include <linux/module.h>
24 #include <linux/device.h>
25 #include <linux/wait.h>
26 #include <linux/bitops.h>
27 #include <linux/delay.h>
28 #include <linux/seq_file.h>
29 
30 #include <linux/uaccess.h>
31 #include <asm/system.h>
32 
33 #include <linux/kbd_kern.h>
34 #include <linux/vt_kern.h>
35 #include <linux/selection.h>
36 
37 #include <linux/kmod.h>
38 #include <linux/nsproxy.h>
39 
40 /*
41  *	This guards the refcounted line discipline lists. The lock
42  *	must be taken with irqs off because there are hangup path
43  *	callers who will do ldisc lookups and cannot sleep.
44  */
45 
46 static DEFINE_SPINLOCK(tty_ldisc_lock);
47 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
48 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_idle);
49 /* Line disc dispatch table */
50 static struct tty_ldisc_ops *tty_ldiscs[NR_LDISCS];
51 
get_ldisc(struct tty_ldisc * ld)52 static inline struct tty_ldisc *get_ldisc(struct tty_ldisc *ld)
53 {
54 	if (ld)
55 		atomic_inc(&ld->users);
56 	return ld;
57 }
58 
put_ldisc(struct tty_ldisc * ld)59 static void put_ldisc(struct tty_ldisc *ld)
60 {
61 	unsigned long flags;
62 
63 	if (WARN_ON_ONCE(!ld))
64 		return;
65 
66 	/*
67 	 * If this is the last user, free the ldisc, and
68 	 * release the ldisc ops.
69 	 *
70 	 * We really want an "atomic_dec_and_lock_irqsave()",
71 	 * but we don't have it, so this does it by hand.
72 	 */
73 	local_irq_save(flags);
74 	if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) {
75 		struct tty_ldisc_ops *ldo = ld->ops;
76 
77 		ldo->refcount--;
78 		module_put(ldo->owner);
79 		spin_unlock_irqrestore(&tty_ldisc_lock, flags);
80 
81 		kfree(ld);
82 		return;
83 	}
84 	local_irq_restore(flags);
85 	wake_up(&tty_ldisc_idle);
86 }
87 
88 /**
89  *	tty_register_ldisc	-	install a line discipline
90  *	@disc: ldisc number
91  *	@new_ldisc: pointer to the ldisc object
92  *
93  *	Installs a new line discipline into the kernel. The discipline
94  *	is set up as unreferenced and then made available to the kernel
95  *	from this point onwards.
96  *
97  *	Locking:
98  *		takes tty_ldisc_lock to guard against ldisc races
99  */
100 
tty_register_ldisc(int disc,struct tty_ldisc_ops * new_ldisc)101 int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
102 {
103 	unsigned long flags;
104 	int ret = 0;
105 
106 	if (disc < N_TTY || disc >= NR_LDISCS)
107 		return -EINVAL;
108 
109 	spin_lock_irqsave(&tty_ldisc_lock, flags);
110 	tty_ldiscs[disc] = new_ldisc;
111 	new_ldisc->num = disc;
112 	new_ldisc->refcount = 0;
113 	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
114 
115 	return ret;
116 }
117 EXPORT_SYMBOL(tty_register_ldisc);
118 
119 /**
120  *	tty_unregister_ldisc	-	unload a line discipline
121  *	@disc: ldisc number
122  *	@new_ldisc: pointer to the ldisc object
123  *
124  *	Remove a line discipline from the kernel providing it is not
125  *	currently in use.
126  *
127  *	Locking:
128  *		takes tty_ldisc_lock to guard against ldisc races
129  */
130 
tty_unregister_ldisc(int disc)131 int tty_unregister_ldisc(int disc)
132 {
133 	unsigned long flags;
134 	int ret = 0;
135 
136 	if (disc < N_TTY || disc >= NR_LDISCS)
137 		return -EINVAL;
138 
139 	spin_lock_irqsave(&tty_ldisc_lock, flags);
140 	if (tty_ldiscs[disc]->refcount)
141 		ret = -EBUSY;
142 	else
143 		tty_ldiscs[disc] = NULL;
144 	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
145 
146 	return ret;
147 }
148 EXPORT_SYMBOL(tty_unregister_ldisc);
149 
get_ldops(int disc)150 static struct tty_ldisc_ops *get_ldops(int disc)
151 {
152 	unsigned long flags;
153 	struct tty_ldisc_ops *ldops, *ret;
154 
155 	spin_lock_irqsave(&tty_ldisc_lock, flags);
156 	ret = ERR_PTR(-EINVAL);
157 	ldops = tty_ldiscs[disc];
158 	if (ldops) {
159 		ret = ERR_PTR(-EAGAIN);
160 		if (try_module_get(ldops->owner)) {
161 			ldops->refcount++;
162 			ret = ldops;
163 		}
164 	}
165 	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
166 	return ret;
167 }
168 
put_ldops(struct tty_ldisc_ops * ldops)169 static void put_ldops(struct tty_ldisc_ops *ldops)
170 {
171 	unsigned long flags;
172 
173 	spin_lock_irqsave(&tty_ldisc_lock, flags);
174 	ldops->refcount--;
175 	module_put(ldops->owner);
176 	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
177 }
178 
179 /**
180  *	tty_ldisc_get		-	take a reference to an ldisc
181  *	@disc: ldisc number
182  *
183  *	Takes a reference to a line discipline. Deals with refcounts and
184  *	module locking counts. Returns NULL if the discipline is not available.
185  *	Returns a pointer to the discipline and bumps the ref count if it is
186  *	available
187  *
188  *	Locking:
189  *		takes tty_ldisc_lock to guard against ldisc races
190  */
191 
tty_ldisc_get(int disc)192 static struct tty_ldisc *tty_ldisc_get(int disc)
193 {
194 	struct tty_ldisc *ld;
195 	struct tty_ldisc_ops *ldops;
196 
197 	if (disc < N_TTY || disc >= NR_LDISCS)
198 		return ERR_PTR(-EINVAL);
199 
200 	/*
201 	 * Get the ldisc ops - we may need to request them to be loaded
202 	 * dynamically and try again.
203 	 */
204 	ldops = get_ldops(disc);
205 	if (IS_ERR(ldops)) {
206 		request_module("tty-ldisc-%d", disc);
207 		ldops = get_ldops(disc);
208 		if (IS_ERR(ldops))
209 			return ERR_CAST(ldops);
210 	}
211 
212 	ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL);
213 	if (ld == NULL) {
214 		put_ldops(ldops);
215 		return ERR_PTR(-ENOMEM);
216 	}
217 
218 	ld->ops = ldops;
219 	atomic_set(&ld->users, 1);
220 	return ld;
221 }
222 
tty_ldiscs_seq_start(struct seq_file * m,loff_t * pos)223 static void *tty_ldiscs_seq_start(struct seq_file *m, loff_t *pos)
224 {
225 	return (*pos < NR_LDISCS) ? pos : NULL;
226 }
227 
tty_ldiscs_seq_next(struct seq_file * m,void * v,loff_t * pos)228 static void *tty_ldiscs_seq_next(struct seq_file *m, void *v, loff_t *pos)
229 {
230 	(*pos)++;
231 	return (*pos < NR_LDISCS) ? pos : NULL;
232 }
233 
tty_ldiscs_seq_stop(struct seq_file * m,void * v)234 static void tty_ldiscs_seq_stop(struct seq_file *m, void *v)
235 {
236 }
237 
tty_ldiscs_seq_show(struct seq_file * m,void * v)238 static int tty_ldiscs_seq_show(struct seq_file *m, void *v)
239 {
240 	int i = *(loff_t *)v;
241 	struct tty_ldisc_ops *ldops;
242 
243 	ldops = get_ldops(i);
244 	if (IS_ERR(ldops))
245 		return 0;
246 	seq_printf(m, "%-10s %2d\n", ldops->name ? ldops->name : "???", i);
247 	put_ldops(ldops);
248 	return 0;
249 }
250 
251 static const struct seq_operations tty_ldiscs_seq_ops = {
252 	.start	= tty_ldiscs_seq_start,
253 	.next	= tty_ldiscs_seq_next,
254 	.stop	= tty_ldiscs_seq_stop,
255 	.show	= tty_ldiscs_seq_show,
256 };
257 
proc_tty_ldiscs_open(struct inode * inode,struct file * file)258 static int proc_tty_ldiscs_open(struct inode *inode, struct file *file)
259 {
260 	return seq_open(file, &tty_ldiscs_seq_ops);
261 }
262 
263 const struct file_operations tty_ldiscs_proc_fops = {
264 	.owner		= THIS_MODULE,
265 	.open		= proc_tty_ldiscs_open,
266 	.read		= seq_read,
267 	.llseek		= seq_lseek,
268 	.release	= seq_release,
269 };
270 
271 /**
272  *	tty_ldisc_assign	-	set ldisc on a tty
273  *	@tty: tty to assign
274  *	@ld: line discipline
275  *
276  *	Install an instance of a line discipline into a tty structure. The
277  *	ldisc must have a reference count above zero to ensure it remains.
278  *	The tty instance refcount starts at zero.
279  *
280  *	Locking:
281  *		Caller must hold references
282  */
283 
tty_ldisc_assign(struct tty_struct * tty,struct tty_ldisc * ld)284 static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
285 {
286 	tty->ldisc = ld;
287 }
288 
289 /**
290  *	tty_ldisc_try		-	internal helper
291  *	@tty: the tty
292  *
293  *	Make a single attempt to grab and bump the refcount on
294  *	the tty ldisc. Return 0 on failure or 1 on success. This is
295  *	used to implement both the waiting and non waiting versions
296  *	of tty_ldisc_ref
297  *
298  *	Locking: takes tty_ldisc_lock
299  */
300 
tty_ldisc_try(struct tty_struct * tty)301 static struct tty_ldisc *tty_ldisc_try(struct tty_struct *tty)
302 {
303 	unsigned long flags;
304 	struct tty_ldisc *ld;
305 
306 	spin_lock_irqsave(&tty_ldisc_lock, flags);
307 	ld = NULL;
308 	if (test_bit(TTY_LDISC, &tty->flags))
309 		ld = get_ldisc(tty->ldisc);
310 	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
311 	return ld;
312 }
313 
314 /**
315  *	tty_ldisc_ref_wait	-	wait for the tty ldisc
316  *	@tty: tty device
317  *
318  *	Dereference the line discipline for the terminal and take a
319  *	reference to it. If the line discipline is in flux then
320  *	wait patiently until it changes.
321  *
322  *	Note: Must not be called from an IRQ/timer context. The caller
323  *	must also be careful not to hold other locks that will deadlock
324  *	against a discipline change, such as an existing ldisc reference
325  *	(which we check for)
326  *
327  *	Locking: call functions take tty_ldisc_lock
328  */
329 
tty_ldisc_ref_wait(struct tty_struct * tty)330 struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
331 {
332 	struct tty_ldisc *ld;
333 
334 	/* wait_event is a macro */
335 	wait_event(tty_ldisc_wait, (ld = tty_ldisc_try(tty)) != NULL);
336 	return ld;
337 }
338 EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
339 
340 /**
341  *	tty_ldisc_ref		-	get the tty ldisc
342  *	@tty: tty device
343  *
344  *	Dereference the line discipline for the terminal and take a
345  *	reference to it. If the line discipline is in flux then
346  *	return NULL. Can be called from IRQ and timer functions.
347  *
348  *	Locking: called functions take tty_ldisc_lock
349  */
350 
tty_ldisc_ref(struct tty_struct * tty)351 struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
352 {
353 	return tty_ldisc_try(tty);
354 }
355 EXPORT_SYMBOL_GPL(tty_ldisc_ref);
356 
357 /**
358  *	tty_ldisc_deref		-	free a tty ldisc reference
359  *	@ld: reference to free up
360  *
361  *	Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
362  *	be called in IRQ context.
363  *
364  *	Locking: takes tty_ldisc_lock
365  */
366 
tty_ldisc_deref(struct tty_ldisc * ld)367 void tty_ldisc_deref(struct tty_ldisc *ld)
368 {
369 	put_ldisc(ld);
370 }
371 EXPORT_SYMBOL_GPL(tty_ldisc_deref);
372 
tty_ldisc_put(struct tty_ldisc * ld)373 static inline void tty_ldisc_put(struct tty_ldisc *ld)
374 {
375 	put_ldisc(ld);
376 }
377 
378 /**
379  *	tty_ldisc_enable	-	allow ldisc use
380  *	@tty: terminal to activate ldisc on
381  *
382  *	Set the TTY_LDISC flag when the line discipline can be called
383  *	again. Do necessary wakeups for existing sleepers. Clear the LDISC
384  *	changing flag to indicate any ldisc change is now over.
385  *
386  *	Note: nobody should set the TTY_LDISC bit except via this function.
387  *	Clearing directly is allowed.
388  */
389 
tty_ldisc_enable(struct tty_struct * tty)390 void tty_ldisc_enable(struct tty_struct *tty)
391 {
392 	set_bit(TTY_LDISC, &tty->flags);
393 	clear_bit(TTY_LDISC_CHANGING, &tty->flags);
394 	wake_up(&tty_ldisc_wait);
395 }
396 
397 /**
398  *	tty_ldisc_flush	-	flush line discipline queue
399  *	@tty: tty
400  *
401  *	Flush the line discipline queue (if any) for this tty. If there
402  *	is no line discipline active this is a no-op.
403  */
404 
tty_ldisc_flush(struct tty_struct * tty)405 void tty_ldisc_flush(struct tty_struct *tty)
406 {
407 	struct tty_ldisc *ld = tty_ldisc_ref(tty);
408 	if (ld) {
409 		if (ld->ops->flush_buffer)
410 			ld->ops->flush_buffer(tty);
411 		tty_ldisc_deref(ld);
412 	}
413 	tty_buffer_flush(tty);
414 }
415 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
416 
417 /**
418  *	tty_set_termios_ldisc		-	set ldisc field
419  *	@tty: tty structure
420  *	@num: line discipline number
421  *
422  *	This is probably overkill for real world processors but
423  *	they are not on hot paths so a little discipline won't do
424  *	any harm.
425  *
426  *	Locking: takes termios_mutex
427  */
428 
tty_set_termios_ldisc(struct tty_struct * tty,int num)429 static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
430 {
431 	mutex_lock(&tty->termios_mutex);
432 	tty->termios->c_line = num;
433 	mutex_unlock(&tty->termios_mutex);
434 }
435 
436 /**
437  *	tty_ldisc_open		-	open a line discipline
438  *	@tty: tty we are opening the ldisc on
439  *	@ld: discipline to open
440  *
441  *	A helper opening method. Also a convenient debugging and check
442  *	point.
443  *
444  *	Locking: always called with BTM already held.
445  */
446 
tty_ldisc_open(struct tty_struct * tty,struct tty_ldisc * ld)447 static int tty_ldisc_open(struct tty_struct *tty, struct tty_ldisc *ld)
448 {
449 	WARN_ON(test_and_set_bit(TTY_LDISC_OPEN, &tty->flags));
450 	if (ld->ops->open) {
451 		int ret;
452                 /* BTM here locks versus a hangup event */
453 		WARN_ON(!tty_locked());
454 		ret = ld->ops->open(tty);
455 		if (ret)
456 			clear_bit(TTY_LDISC_OPEN, &tty->flags);
457 		return ret;
458 	}
459 	return 0;
460 }
461 
462 /**
463  *	tty_ldisc_close		-	close a line discipline
464  *	@tty: tty we are opening the ldisc on
465  *	@ld: discipline to close
466  *
467  *	A helper close method. Also a convenient debugging and check
468  *	point.
469  */
470 
tty_ldisc_close(struct tty_struct * tty,struct tty_ldisc * ld)471 static void tty_ldisc_close(struct tty_struct *tty, struct tty_ldisc *ld)
472 {
473 	WARN_ON(!test_bit(TTY_LDISC_OPEN, &tty->flags));
474 	clear_bit(TTY_LDISC_OPEN, &tty->flags);
475 	if (ld->ops->close)
476 		ld->ops->close(tty);
477 }
478 
479 /**
480  *	tty_ldisc_restore	-	helper for tty ldisc change
481  *	@tty: tty to recover
482  *	@old: previous ldisc
483  *
484  *	Restore the previous line discipline or N_TTY when a line discipline
485  *	change fails due to an open error
486  */
487 
tty_ldisc_restore(struct tty_struct * tty,struct tty_ldisc * old)488 static void tty_ldisc_restore(struct tty_struct *tty, struct tty_ldisc *old)
489 {
490 	char buf[64];
491 	struct tty_ldisc *new_ldisc;
492 	int r;
493 
494 	/* There is an outstanding reference here so this is safe */
495 	old = tty_ldisc_get(old->ops->num);
496 	WARN_ON(IS_ERR(old));
497 	tty_ldisc_assign(tty, old);
498 	tty_set_termios_ldisc(tty, old->ops->num);
499 	if (tty_ldisc_open(tty, old) < 0) {
500 		tty_ldisc_put(old);
501 		/* This driver is always present */
502 		new_ldisc = tty_ldisc_get(N_TTY);
503 		if (IS_ERR(new_ldisc))
504 			panic("n_tty: get");
505 		tty_ldisc_assign(tty, new_ldisc);
506 		tty_set_termios_ldisc(tty, N_TTY);
507 		r = tty_ldisc_open(tty, new_ldisc);
508 		if (r < 0)
509 			panic("Couldn't open N_TTY ldisc for "
510 			      "%s --- error %d.",
511 			      tty_name(tty, buf), r);
512 	}
513 }
514 
515 /**
516  *	tty_ldisc_halt		-	shut down the line discipline
517  *	@tty: tty device
518  *
519  *	Shut down the line discipline and work queue for this tty device.
520  *	The TTY_LDISC flag being cleared ensures no further references can
521  *	be obtained while the delayed work queue halt ensures that no more
522  *	data is fed to the ldisc.
523  *
524  *	You need to do a 'flush_scheduled_work()' (outside the ldisc_mutex)
525  *	in order to make sure any currently executing ldisc work is also
526  *	flushed.
527  */
528 
tty_ldisc_halt(struct tty_struct * tty)529 static int tty_ldisc_halt(struct tty_struct *tty)
530 {
531 	clear_bit(TTY_LDISC, &tty->flags);
532 	return cancel_work_sync(&tty->buf.work);
533 }
534 
535 /**
536  *	tty_ldisc_flush_works	-	flush all works of a tty
537  *	@tty: tty device to flush works for
538  *
539  *	Sync flush all works belonging to @tty.
540  */
tty_ldisc_flush_works(struct tty_struct * tty)541 static void tty_ldisc_flush_works(struct tty_struct *tty)
542 {
543 	flush_work_sync(&tty->hangup_work);
544 	flush_work_sync(&tty->SAK_work);
545 	flush_work_sync(&tty->buf.work);
546 }
547 
548 /**
549  *	tty_ldisc_wait_idle	-	wait for the ldisc to become idle
550  *	@tty: tty to wait for
551  *
552  *	Wait for the line discipline to become idle. The discipline must
553  *	have been halted for this to guarantee it remains idle.
554  */
tty_ldisc_wait_idle(struct tty_struct * tty)555 static int tty_ldisc_wait_idle(struct tty_struct *tty)
556 {
557 	int ret;
558 	ret = wait_event_interruptible_timeout(tty_ldisc_idle,
559 			atomic_read(&tty->ldisc->users) == 1, 5 * HZ);
560 	if (ret < 0)
561 		return ret;
562 	return ret > 0 ? 0 : -EBUSY;
563 }
564 
565 /**
566  *	tty_set_ldisc		-	set line discipline
567  *	@tty: the terminal to set
568  *	@ldisc: the line discipline
569  *
570  *	Set the discipline of a tty line. Must be called from a process
571  *	context. The ldisc change logic has to protect itself against any
572  *	overlapping ldisc change (including on the other end of pty pairs),
573  *	the close of one side of a tty/pty pair, and eventually hangup.
574  *
575  *	Locking: takes tty_ldisc_lock, termios_mutex
576  */
577 
tty_set_ldisc(struct tty_struct * tty,int ldisc)578 int tty_set_ldisc(struct tty_struct *tty, int ldisc)
579 {
580 	int retval;
581 	struct tty_ldisc *o_ldisc, *new_ldisc;
582 	int work, o_work = 0;
583 	struct tty_struct *o_tty;
584 
585 	new_ldisc = tty_ldisc_get(ldisc);
586 	if (IS_ERR(new_ldisc))
587 		return PTR_ERR(new_ldisc);
588 
589 	tty_lock();
590 	/*
591 	 *	We need to look at the tty locking here for pty/tty pairs
592 	 *	when both sides try to change in parallel.
593 	 */
594 
595 	o_tty = tty->link;	/* o_tty is the pty side or NULL */
596 
597 
598 	/*
599 	 *	Check the no-op case
600 	 */
601 
602 	if (tty->ldisc->ops->num == ldisc) {
603 		tty_unlock();
604 		tty_ldisc_put(new_ldisc);
605 		return 0;
606 	}
607 
608 	tty_unlock();
609 	/*
610 	 *	Problem: What do we do if this blocks ?
611 	 *	We could deadlock here
612 	 */
613 
614 	tty_wait_until_sent(tty, 0);
615 
616 	tty_lock();
617 	mutex_lock(&tty->ldisc_mutex);
618 
619 	/*
620 	 *	We could be midstream of another ldisc change which has
621 	 *	dropped the lock during processing. If so we need to wait.
622 	 */
623 
624 	while (test_bit(TTY_LDISC_CHANGING, &tty->flags)) {
625 		mutex_unlock(&tty->ldisc_mutex);
626 		tty_unlock();
627 		wait_event(tty_ldisc_wait,
628 			test_bit(TTY_LDISC_CHANGING, &tty->flags) == 0);
629 		tty_lock();
630 		mutex_lock(&tty->ldisc_mutex);
631 	}
632 
633 	set_bit(TTY_LDISC_CHANGING, &tty->flags);
634 
635 	/*
636 	 *	No more input please, we are switching. The new ldisc
637 	 *	will update this value in the ldisc open function
638 	 */
639 
640 	tty->receive_room = 0;
641 
642 	o_ldisc = tty->ldisc;
643 
644 	tty_unlock();
645 	/*
646 	 *	Make sure we don't change while someone holds a
647 	 *	reference to the line discipline. The TTY_LDISC bit
648 	 *	prevents anyone taking a reference once it is clear.
649 	 *	We need the lock to avoid racing reference takers.
650 	 *
651 	 *	We must clear the TTY_LDISC bit here to avoid a livelock
652 	 *	with a userspace app continually trying to use the tty in
653 	 *	parallel to the change and re-referencing the tty.
654 	 */
655 
656 	work = tty_ldisc_halt(tty);
657 	if (o_tty)
658 		o_work = tty_ldisc_halt(o_tty);
659 
660 	/*
661 	 * Wait for ->hangup_work and ->buf.work handlers to terminate.
662 	 * We must drop the mutex here in case a hangup is also in process.
663 	 */
664 
665 	mutex_unlock(&tty->ldisc_mutex);
666 
667 	tty_ldisc_flush_works(tty);
668 
669 	retval = tty_ldisc_wait_idle(tty);
670 
671 	tty_lock();
672 	mutex_lock(&tty->ldisc_mutex);
673 
674 	/* handle wait idle failure locked */
675 	if (retval) {
676 		tty_ldisc_put(new_ldisc);
677 		goto enable;
678 	}
679 
680 	if (test_bit(TTY_HUPPED, &tty->flags)) {
681 		/* We were raced by the hangup method. It will have stomped
682 		   the ldisc data and closed the ldisc down */
683 		clear_bit(TTY_LDISC_CHANGING, &tty->flags);
684 		mutex_unlock(&tty->ldisc_mutex);
685 		tty_ldisc_put(new_ldisc);
686 		tty_unlock();
687 		return -EIO;
688 	}
689 
690 	/* Shutdown the current discipline. */
691 	tty_ldisc_close(tty, o_ldisc);
692 
693 	/* Now set up the new line discipline. */
694 	tty_ldisc_assign(tty, new_ldisc);
695 	tty_set_termios_ldisc(tty, ldisc);
696 
697 	retval = tty_ldisc_open(tty, new_ldisc);
698 	if (retval < 0) {
699 		/* Back to the old one or N_TTY if we can't */
700 		tty_ldisc_put(new_ldisc);
701 		tty_ldisc_restore(tty, o_ldisc);
702 	}
703 
704 	/* At this point we hold a reference to the new ldisc and a
705 	   a reference to the old ldisc. If we ended up flipping back
706 	   to the existing ldisc we have two references to it */
707 
708 	if (tty->ldisc->ops->num != o_ldisc->ops->num && tty->ops->set_ldisc)
709 		tty->ops->set_ldisc(tty);
710 
711 	tty_ldisc_put(o_ldisc);
712 
713 enable:
714 	/*
715 	 *	Allow ldisc referencing to occur again
716 	 */
717 
718 	tty_ldisc_enable(tty);
719 	if (o_tty)
720 		tty_ldisc_enable(o_tty);
721 
722 	/* Restart the work queue in case no characters kick it off. Safe if
723 	   already running */
724 	if (work)
725 		schedule_work(&tty->buf.work);
726 	if (o_work)
727 		schedule_work(&o_tty->buf.work);
728 	mutex_unlock(&tty->ldisc_mutex);
729 	tty_unlock();
730 	return retval;
731 }
732 
733 /**
734  *	tty_reset_termios	-	reset terminal state
735  *	@tty: tty to reset
736  *
737  *	Restore a terminal to the driver default state.
738  */
739 
tty_reset_termios(struct tty_struct * tty)740 static void tty_reset_termios(struct tty_struct *tty)
741 {
742 	mutex_lock(&tty->termios_mutex);
743 	*tty->termios = tty->driver->init_termios;
744 	tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
745 	tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
746 	mutex_unlock(&tty->termios_mutex);
747 }
748 
749 
750 /**
751  *	tty_ldisc_reinit	-	reinitialise the tty ldisc
752  *	@tty: tty to reinit
753  *	@ldisc: line discipline to reinitialize
754  *
755  *	Switch the tty to a line discipline and leave the ldisc
756  *	state closed
757  */
758 
tty_ldisc_reinit(struct tty_struct * tty,int ldisc)759 static int tty_ldisc_reinit(struct tty_struct *tty, int ldisc)
760 {
761 	struct tty_ldisc *ld = tty_ldisc_get(ldisc);
762 
763 	if (IS_ERR(ld))
764 		return -1;
765 
766 	tty_ldisc_close(tty, tty->ldisc);
767 	tty_ldisc_put(tty->ldisc);
768 	tty->ldisc = NULL;
769 	/*
770 	 *	Switch the line discipline back
771 	 */
772 	tty_ldisc_assign(tty, ld);
773 	tty_set_termios_ldisc(tty, ldisc);
774 
775 	return 0;
776 }
777 
778 /**
779  *	tty_ldisc_hangup		-	hangup ldisc reset
780  *	@tty: tty being hung up
781  *
782  *	Some tty devices reset their termios when they receive a hangup
783  *	event. In that situation we must also switch back to N_TTY properly
784  *	before we reset the termios data.
785  *
786  *	Locking: We can take the ldisc mutex as the rest of the code is
787  *	careful to allow for this.
788  *
789  *	In the pty pair case this occurs in the close() path of the
790  *	tty itself so we must be careful about locking rules.
791  */
792 
tty_ldisc_hangup(struct tty_struct * tty)793 void tty_ldisc_hangup(struct tty_struct *tty)
794 {
795 	struct tty_ldisc *ld;
796 	int reset = tty->driver->flags & TTY_DRIVER_RESET_TERMIOS;
797 	int err = 0;
798 
799 	/*
800 	 * FIXME! What are the locking issues here? This may me overdoing
801 	 * things... This question is especially important now that we've
802 	 * removed the irqlock.
803 	 */
804 	ld = tty_ldisc_ref(tty);
805 	if (ld != NULL) {
806 		/* We may have no line discipline at this point */
807 		if (ld->ops->flush_buffer)
808 			ld->ops->flush_buffer(tty);
809 		tty_driver_flush_buffer(tty);
810 		if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
811 		    ld->ops->write_wakeup)
812 			ld->ops->write_wakeup(tty);
813 		if (ld->ops->hangup)
814 			ld->ops->hangup(tty);
815 		tty_ldisc_deref(ld);
816 	}
817 	/*
818 	 * FIXME: Once we trust the LDISC code better we can wait here for
819 	 * ldisc completion and fix the driver call race
820 	 */
821 	wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
822 	wake_up_interruptible_poll(&tty->read_wait, POLLIN);
823 	/*
824 	 * Shutdown the current line discipline, and reset it to
825 	 * N_TTY if need be.
826 	 *
827 	 * Avoid racing set_ldisc or tty_ldisc_release
828 	 */
829 	mutex_lock(&tty->ldisc_mutex);
830 
831 	/*
832 	 * this is like tty_ldisc_halt, but we need to give up
833 	 * the BTM before calling cancel_work_sync, which may
834 	 * need to wait for another function taking the BTM
835 	 */
836 	clear_bit(TTY_LDISC, &tty->flags);
837 	tty_unlock();
838 	cancel_work_sync(&tty->buf.work);
839 	mutex_unlock(&tty->ldisc_mutex);
840 
841 	tty_lock();
842 	mutex_lock(&tty->ldisc_mutex);
843 
844 	/* At this point we have a closed ldisc and we want to
845 	   reopen it. We could defer this to the next open but
846 	   it means auditing a lot of other paths so this is
847 	   a FIXME */
848 	if (tty->ldisc) {	/* Not yet closed */
849 		if (reset == 0) {
850 
851 			if (!tty_ldisc_reinit(tty, tty->termios->c_line))
852 				err = tty_ldisc_open(tty, tty->ldisc);
853 			else
854 				err = 1;
855 		}
856 		/* If the re-open fails or we reset then go to N_TTY. The
857 		   N_TTY open cannot fail */
858 		if (reset || err) {
859 			BUG_ON(tty_ldisc_reinit(tty, N_TTY));
860 			WARN_ON(tty_ldisc_open(tty, tty->ldisc));
861 		}
862 		tty_ldisc_enable(tty);
863 	}
864 	mutex_unlock(&tty->ldisc_mutex);
865 	if (reset)
866 		tty_reset_termios(tty);
867 }
868 
869 /**
870  *	tty_ldisc_setup			-	open line discipline
871  *	@tty: tty being shut down
872  *	@o_tty: pair tty for pty/tty pairs
873  *
874  *	Called during the initial open of a tty/pty pair in order to set up the
875  *	line disciplines and bind them to the tty. This has no locking issues
876  *	as the device isn't yet active.
877  */
878 
tty_ldisc_setup(struct tty_struct * tty,struct tty_struct * o_tty)879 int tty_ldisc_setup(struct tty_struct *tty, struct tty_struct *o_tty)
880 {
881 	struct tty_ldisc *ld = tty->ldisc;
882 	int retval;
883 
884 	retval = tty_ldisc_open(tty, ld);
885 	if (retval)
886 		return retval;
887 
888 	if (o_tty) {
889 		retval = tty_ldisc_open(o_tty, o_tty->ldisc);
890 		if (retval) {
891 			tty_ldisc_close(tty, ld);
892 			return retval;
893 		}
894 		tty_ldisc_enable(o_tty);
895 	}
896 	tty_ldisc_enable(tty);
897 	return 0;
898 }
899 /**
900  *	tty_ldisc_release		-	release line discipline
901  *	@tty: tty being shut down
902  *	@o_tty: pair tty for pty/tty pairs
903  *
904  *	Called during the final close of a tty/pty pair in order to shut down
905  *	the line discpline layer. On exit the ldisc assigned is N_TTY and the
906  *	ldisc has not been opened.
907  */
908 
tty_ldisc_release(struct tty_struct * tty,struct tty_struct * o_tty)909 void tty_ldisc_release(struct tty_struct *tty, struct tty_struct *o_tty)
910 {
911 	/*
912 	 * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
913 	 * kill any delayed work. As this is the final close it does not
914 	 * race with the set_ldisc code path.
915 	 */
916 
917 	tty_unlock();
918 	tty_ldisc_halt(tty);
919 	tty_ldisc_flush_works(tty);
920 	tty_lock();
921 
922 	mutex_lock(&tty->ldisc_mutex);
923 	/*
924 	 * Now kill off the ldisc
925 	 */
926 	tty_ldisc_close(tty, tty->ldisc);
927 	tty_ldisc_put(tty->ldisc);
928 	/* Force an oops if we mess this up */
929 	tty->ldisc = NULL;
930 
931 	/* Ensure the next open requests the N_TTY ldisc */
932 	tty_set_termios_ldisc(tty, N_TTY);
933 	mutex_unlock(&tty->ldisc_mutex);
934 
935 	/* This will need doing differently if we need to lock */
936 	if (o_tty)
937 		tty_ldisc_release(o_tty, NULL);
938 
939 	/* And the memory resources remaining (buffers, termios) will be
940 	   disposed of when the kref hits zero */
941 }
942 
943 /**
944  *	tty_ldisc_init		-	ldisc setup for new tty
945  *	@tty: tty being allocated
946  *
947  *	Set up the line discipline objects for a newly allocated tty. Note that
948  *	the tty structure is not completely set up when this call is made.
949  */
950 
tty_ldisc_init(struct tty_struct * tty)951 void tty_ldisc_init(struct tty_struct *tty)
952 {
953 	struct tty_ldisc *ld = tty_ldisc_get(N_TTY);
954 	if (IS_ERR(ld))
955 		panic("n_tty: init_tty");
956 	tty_ldisc_assign(tty, ld);
957 }
958 
tty_ldisc_begin(void)959 void tty_ldisc_begin(void)
960 {
961 	/* Setup the default TTY line discipline. */
962 	(void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
963 }
964