Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0
2 : /*
3 : * Copyright (C) 1991, 1992 Linus Torvalds
4 : */
5 :
6 : /*
7 : * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 : * or rs-channels. It also implements echoing, cooked mode etc.
9 : *
10 : * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 : *
12 : * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 : * tty_struct and tty_queue structures. Previously there was an array
14 : * of 256 tty_struct's which was statically allocated, and the
15 : * tty_queue structures were allocated at boot time. Both are now
16 : * dynamically allocated only when the tty is open.
17 : *
18 : * Also restructured routines so that there is more of a separation
19 : * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 : * the low-level tty routines (serial.c, pty.c, console.c). This
21 : * makes for cleaner and more compact code. -TYT, 9/17/92
22 : *
23 : * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 : * which can be dynamically activated and de-activated by the line
25 : * discipline handling modules (like SLIP).
26 : *
27 : * NOTE: pay no attention to the line discipline code (yet); its
28 : * interface is still subject to change in this version...
29 : * -- TYT, 1/31/92
30 : *
31 : * Added functionality to the OPOST tty handling. No delays, but all
32 : * other bits should be there.
33 : * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 : *
35 : * Rewrote canonical mode and added more termios flags.
36 : * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 : *
38 : * Reorganized FASYNC support so mouse code can share it.
39 : * -- ctm@ardi.com, 9Sep95
40 : *
41 : * New TIOCLINUX variants added.
42 : * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 : *
44 : * Restrict vt switching via ioctl()
45 : * -- grif@cs.ucr.edu, 5-Dec-95
46 : *
47 : * Move console and virtual terminal code to more appropriate files,
48 : * implement CONFIG_VT and generalize console device interface.
49 : * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 : *
51 : * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 : * -- Bill Hawes <whawes@star.net>, June 97
53 : *
54 : * Added devfs support.
55 : * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 : *
57 : * Added support for a Unix98-style ptmx device.
58 : * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 : *
60 : * Reduced memory usage for older ARM systems
61 : * -- Russell King <rmk@arm.linux.org.uk>
62 : *
63 : * Move do_SAK() into process context. Less stack use in devfs functions.
64 : * alloc_tty_struct() always uses kmalloc()
65 : * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 : */
67 :
68 : #include <linux/types.h>
69 : #include <linux/major.h>
70 : #include <linux/errno.h>
71 : #include <linux/signal.h>
72 : #include <linux/fcntl.h>
73 : #include <linux/sched/signal.h>
74 : #include <linux/sched/task.h>
75 : #include <linux/interrupt.h>
76 : #include <linux/tty.h>
77 : #include <linux/tty_driver.h>
78 : #include <linux/tty_flip.h>
79 : #include <linux/devpts_fs.h>
80 : #include <linux/file.h>
81 : #include <linux/fdtable.h>
82 : #include <linux/console.h>
83 : #include <linux/timer.h>
84 : #include <linux/ctype.h>
85 : #include <linux/kd.h>
86 : #include <linux/mm.h>
87 : #include <linux/string.h>
88 : #include <linux/slab.h>
89 : #include <linux/poll.h>
90 : #include <linux/ppp-ioctl.h>
91 : #include <linux/proc_fs.h>
92 : #include <linux/init.h>
93 : #include <linux/module.h>
94 : #include <linux/device.h>
95 : #include <linux/wait.h>
96 : #include <linux/bitops.h>
97 : #include <linux/delay.h>
98 : #include <linux/seq_file.h>
99 : #include <linux/serial.h>
100 : #include <linux/ratelimit.h>
101 : #include <linux/compat.h>
102 :
103 : #include <linux/uaccess.h>
104 :
105 : #include <linux/kbd_kern.h>
106 : #include <linux/vt_kern.h>
107 : #include <linux/selection.h>
108 :
109 : #include <linux/kmod.h>
110 : #include <linux/nsproxy.h>
111 :
112 : #undef TTY_DEBUG_HANGUP
113 : #ifdef TTY_DEBUG_HANGUP
114 : # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
115 : #else
116 : # define tty_debug_hangup(tty, f, args...) do { } while (0)
117 : #endif
118 :
119 : #define TTY_PARANOIA_CHECK 1
120 : #define CHECK_TTY_COUNT 1
121 :
122 : struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
123 : .c_iflag = ICRNL | IXON,
124 : .c_oflag = OPOST | ONLCR,
125 : .c_cflag = B38400 | CS8 | CREAD | HUPCL,
126 : .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
127 : ECHOCTL | ECHOKE | IEXTEN,
128 : .c_cc = INIT_C_CC,
129 : .c_ispeed = 38400,
130 : .c_ospeed = 38400,
131 : /* .c_line = N_TTY, */
132 : };
133 :
134 : EXPORT_SYMBOL(tty_std_termios);
135 :
136 : /* This list gets poked at by procfs and various bits of boot up code. This
137 : could do with some rationalisation such as pulling the tty proc function
138 : into this file */
139 :
140 : LIST_HEAD(tty_drivers); /* linked list of tty drivers */
141 :
142 : /* Mutex to protect creating and releasing a tty */
143 : DEFINE_MUTEX(tty_mutex);
144 :
145 : static ssize_t tty_read(struct kiocb *, struct iov_iter *);
146 : static ssize_t tty_write(struct kiocb *, struct iov_iter *);
147 : static __poll_t tty_poll(struct file *, poll_table *);
148 : static int tty_open(struct inode *, struct file *);
149 : #ifdef CONFIG_COMPAT
150 : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
151 : unsigned long arg);
152 : #else
153 : #define tty_compat_ioctl NULL
154 : #endif
155 : static int __tty_fasync(int fd, struct file *filp, int on);
156 : static int tty_fasync(int fd, struct file *filp, int on);
157 : static void release_tty(struct tty_struct *tty, int idx);
158 :
159 : /**
160 : * free_tty_struct - free a disused tty
161 : * @tty: tty struct to free
162 : *
163 : * Free the write buffers, tty queue and tty memory itself.
164 : *
165 : * Locking: none. Must be called after tty is definitely unused
166 : */
167 :
168 161 : static void free_tty_struct(struct tty_struct *tty)
169 : {
170 161 : tty_ldisc_deinit(tty);
171 161 : put_device(tty->dev);
172 161 : kfree(tty->write_buf);
173 161 : tty->magic = 0xDEADDEAD;
174 161 : kfree(tty);
175 161 : }
176 :
177 14809 : static inline struct tty_struct *file_tty(struct file *file)
178 : {
179 14809 : return ((struct tty_file_private *)file->private_data)->tty;
180 : }
181 :
182 194 : int tty_alloc_file(struct file *file)
183 : {
184 194 : struct tty_file_private *priv;
185 :
186 194 : priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 194 : if (!priv)
188 : return -ENOMEM;
189 :
190 194 : file->private_data = priv;
191 :
192 194 : return 0;
193 : }
194 :
195 : /* Associate a new file with the tty structure */
196 176 : void tty_add_file(struct tty_struct *tty, struct file *file)
197 : {
198 176 : struct tty_file_private *priv = file->private_data;
199 :
200 176 : priv->tty = tty;
201 176 : priv->file = file;
202 :
203 176 : spin_lock(&tty->files_lock);
204 176 : list_add(&priv->list, &tty->tty_files);
205 176 : spin_unlock(&tty->files_lock);
206 176 : }
207 :
208 : /*
209 : * tty_free_file - free file->private_data
210 : *
211 : * This shall be used only for fail path handling when tty_add_file was not
212 : * called yet.
213 : */
214 192 : void tty_free_file(struct file *file)
215 : {
216 192 : struct tty_file_private *priv = file->private_data;
217 :
218 192 : file->private_data = NULL;
219 0 : kfree(priv);
220 0 : }
221 :
222 : /* Delete file from its tty */
223 174 : static void tty_del_file(struct file *file)
224 : {
225 174 : struct tty_file_private *priv = file->private_data;
226 174 : struct tty_struct *tty = priv->tty;
227 :
228 174 : spin_lock(&tty->files_lock);
229 174 : list_del(&priv->list);
230 174 : spin_unlock(&tty->files_lock);
231 174 : tty_free_file(file);
232 174 : }
233 :
234 : /**
235 : * tty_name - return tty naming
236 : * @tty: tty structure
237 : *
238 : * Convert a tty structure into a name. The name reflects the kernel
239 : * naming policy and if udev is in use may not reflect user space
240 : *
241 : * Locking: none
242 : */
243 :
244 0 : const char *tty_name(const struct tty_struct *tty)
245 : {
246 0 : if (!tty) /* Hmm. NULL pointer. That's fun. */
247 : return "NULL tty";
248 0 : return tty->name;
249 : }
250 :
251 : EXPORT_SYMBOL(tty_name);
252 :
253 0 : const char *tty_driver_name(const struct tty_struct *tty)
254 : {
255 0 : if (!tty || !tty->driver)
256 : return "";
257 0 : return tty->driver->name;
258 : }
259 :
260 14809 : static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
261 : const char *routine)
262 : {
263 : #ifdef TTY_PARANOIA_CHECK
264 14809 : if (!tty) {
265 0 : pr_warn("(%d:%d): %s: NULL tty\n",
266 : imajor(inode), iminor(inode), routine);
267 0 : return 1;
268 : }
269 14809 : if (tty->magic != TTY_MAGIC) {
270 0 : pr_warn("(%d:%d): %s: bad magic number\n",
271 : imajor(inode), iminor(inode), routine);
272 0 : return 1;
273 : }
274 : #endif
275 : return 0;
276 : }
277 :
278 : /* Caller must hold tty_lock */
279 351 : static int check_tty_count(struct tty_struct *tty, const char *routine)
280 : {
281 : #ifdef CHECK_TTY_COUNT
282 351 : struct list_head *p;
283 351 : int count = 0, kopen_count = 0;
284 :
285 351 : spin_lock(&tty->files_lock);
286 728 : list_for_each(p, &tty->tty_files) {
287 377 : count++;
288 : }
289 351 : spin_unlock(&tty->files_lock);
290 351 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
291 0 : tty->driver->subtype == PTY_TYPE_SLAVE &&
292 0 : tty->link && tty->link->count)
293 0 : count++;
294 351 : if (tty_port_kopened(tty->port))
295 0 : kopen_count++;
296 351 : if (tty->count != (count + kopen_count)) {
297 0 : tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
298 : routine, tty->count, count, kopen_count);
299 0 : return (count + kopen_count);
300 : }
301 : #endif
302 : return 0;
303 : }
304 :
305 : /**
306 : * get_tty_driver - find device of a tty
307 : * @device: device identifier
308 : * @index: returns the index of the tty
309 : *
310 : * This routine returns a tty driver structure, given a device number
311 : * and also passes back the index number.
312 : *
313 : * Locking: caller must hold tty_mutex
314 : */
315 :
316 38 : static struct tty_driver *get_tty_driver(dev_t device, int *index)
317 : {
318 38 : struct tty_driver *p;
319 :
320 149 : list_for_each_entry(p, &tty_drivers, tty_drivers) {
321 149 : dev_t base = MKDEV(p->major, p->minor_start);
322 149 : if (device < base || device >= base + p->num)
323 111 : continue;
324 38 : *index = device - base;
325 38 : return tty_driver_kref_get(p);
326 : }
327 : return NULL;
328 : }
329 :
330 : /**
331 : * tty_dev_name_to_number - return dev_t for device name
332 : * @name: user space name of device under /dev
333 : * @number: pointer to dev_t that this function will populate
334 : *
335 : * This function converts device names like ttyS0 or ttyUSB1 into dev_t
336 : * like (4, 64) or (188, 1). If no corresponding driver is registered then
337 : * the function returns -ENODEV.
338 : *
339 : * Locking: this acquires tty_mutex to protect the tty_drivers list from
340 : * being modified while we are traversing it, and makes sure to
341 : * release it before exiting.
342 : */
343 0 : int tty_dev_name_to_number(const char *name, dev_t *number)
344 : {
345 0 : struct tty_driver *p;
346 0 : int ret;
347 0 : int index, prefix_length = 0;
348 0 : const char *str;
349 :
350 0 : for (str = name; *str && !isdigit(*str); str++)
351 0 : ;
352 :
353 0 : if (!*str)
354 : return -EINVAL;
355 :
356 0 : ret = kstrtoint(str, 10, &index);
357 0 : if (ret)
358 : return ret;
359 :
360 0 : prefix_length = str - name;
361 0 : mutex_lock(&tty_mutex);
362 :
363 0 : list_for_each_entry(p, &tty_drivers, tty_drivers)
364 0 : if (prefix_length == strlen(p->name) && strncmp(name,
365 : p->name, prefix_length) == 0) {
366 0 : if (index < p->num) {
367 0 : *number = MKDEV(p->major, p->minor_start + index);
368 0 : goto out;
369 : }
370 : }
371 :
372 : /* if here then driver wasn't found */
373 : ret = -ENODEV;
374 0 : out:
375 0 : mutex_unlock(&tty_mutex);
376 0 : return ret;
377 : }
378 : EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
379 :
380 : #ifdef CONFIG_CONSOLE_POLL
381 :
382 : /**
383 : * tty_find_polling_driver - find device of a polled tty
384 : * @name: name string to match
385 : * @line: pointer to resulting tty line nr
386 : *
387 : * This routine returns a tty driver structure, given a name
388 : * and the condition that the tty driver is capable of polled
389 : * operation.
390 : */
391 : struct tty_driver *tty_find_polling_driver(char *name, int *line)
392 : {
393 : struct tty_driver *p, *res = NULL;
394 : int tty_line = 0;
395 : int len;
396 : char *str, *stp;
397 :
398 : for (str = name; *str; str++)
399 : if ((*str >= '0' && *str <= '9') || *str == ',')
400 : break;
401 : if (!*str)
402 : return NULL;
403 :
404 : len = str - name;
405 : tty_line = simple_strtoul(str, &str, 10);
406 :
407 : mutex_lock(&tty_mutex);
408 : /* Search through the tty devices to look for a match */
409 : list_for_each_entry(p, &tty_drivers, tty_drivers) {
410 : if (!len || strncmp(name, p->name, len) != 0)
411 : continue;
412 : stp = str;
413 : if (*stp == ',')
414 : stp++;
415 : if (*stp == '\0')
416 : stp = NULL;
417 :
418 : if (tty_line >= 0 && tty_line < p->num && p->ops &&
419 : p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
420 : res = tty_driver_kref_get(p);
421 : *line = tty_line;
422 : break;
423 : }
424 : }
425 : mutex_unlock(&tty_mutex);
426 :
427 : return res;
428 : }
429 : EXPORT_SYMBOL_GPL(tty_find_polling_driver);
430 : #endif
431 :
432 0 : static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
433 : {
434 0 : return 0;
435 : }
436 :
437 0 : static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
438 : {
439 0 : return -EIO;
440 : }
441 :
442 : /* No kernel lock held - none needed ;) */
443 0 : static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
444 : {
445 0 : return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
446 : }
447 :
448 0 : static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
449 : unsigned long arg)
450 : {
451 0 : return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
452 : }
453 :
454 0 : static long hung_up_tty_compat_ioctl(struct file *file,
455 : unsigned int cmd, unsigned long arg)
456 : {
457 0 : return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
458 : }
459 :
460 0 : static int hung_up_tty_fasync(int fd, struct file *file, int on)
461 : {
462 0 : return -ENOTTY;
463 : }
464 :
465 0 : static void tty_show_fdinfo(struct seq_file *m, struct file *file)
466 : {
467 0 : struct tty_struct *tty = file_tty(file);
468 :
469 0 : if (tty && tty->ops && tty->ops->show_fdinfo)
470 0 : tty->ops->show_fdinfo(tty, m);
471 0 : }
472 :
473 : static const struct file_operations tty_fops = {
474 : .llseek = no_llseek,
475 : .read_iter = tty_read,
476 : .write_iter = tty_write,
477 : .splice_read = generic_file_splice_read,
478 : .splice_write = iter_file_splice_write,
479 : .poll = tty_poll,
480 : .unlocked_ioctl = tty_ioctl,
481 : .compat_ioctl = tty_compat_ioctl,
482 : .open = tty_open,
483 : .release = tty_release,
484 : .fasync = tty_fasync,
485 : .show_fdinfo = tty_show_fdinfo,
486 : };
487 :
488 : static const struct file_operations console_fops = {
489 : .llseek = no_llseek,
490 : .read_iter = tty_read,
491 : .write_iter = redirected_tty_write,
492 : .splice_read = generic_file_splice_read,
493 : .splice_write = iter_file_splice_write,
494 : .poll = tty_poll,
495 : .unlocked_ioctl = tty_ioctl,
496 : .compat_ioctl = tty_compat_ioctl,
497 : .open = tty_open,
498 : .release = tty_release,
499 : .fasync = tty_fasync,
500 : };
501 :
502 : static const struct file_operations hung_up_tty_fops = {
503 : .llseek = no_llseek,
504 : .read_iter = hung_up_tty_read,
505 : .write_iter = hung_up_tty_write,
506 : .poll = hung_up_tty_poll,
507 : .unlocked_ioctl = hung_up_tty_ioctl,
508 : .compat_ioctl = hung_up_tty_compat_ioctl,
509 : .release = tty_release,
510 : .fasync = hung_up_tty_fasync,
511 : };
512 :
513 : static DEFINE_SPINLOCK(redirect_lock);
514 : static struct file *redirect;
515 :
516 : /**
517 : * tty_wakeup - request more data
518 : * @tty: terminal
519 : *
520 : * Internal and external helper for wakeups of tty. This function
521 : * informs the line discipline if present that the driver is ready
522 : * to receive more output data.
523 : */
524 :
525 713 : void tty_wakeup(struct tty_struct *tty)
526 : {
527 713 : struct tty_ldisc *ld;
528 :
529 713 : if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
530 0 : ld = tty_ldisc_ref(tty);
531 0 : if (ld) {
532 0 : if (ld->ops->write_wakeup)
533 0 : ld->ops->write_wakeup(tty);
534 0 : tty_ldisc_deref(ld);
535 : }
536 : }
537 713 : wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
538 713 : }
539 :
540 : EXPORT_SYMBOL_GPL(tty_wakeup);
541 :
542 : /**
543 : * tty_release_redirect - Release a redirect on a pty if present
544 : * @tty: tty device
545 : *
546 : * This is available to the pty code so if the master closes, if the
547 : * slave is a redirect it can release the redirect.
548 : */
549 1 : struct file *tty_release_redirect(struct tty_struct *tty)
550 : {
551 1 : struct file *f = NULL;
552 :
553 1 : spin_lock(&redirect_lock);
554 1 : if (redirect && file_tty(redirect) == tty) {
555 0 : f = redirect;
556 0 : redirect = NULL;
557 : }
558 1 : spin_unlock(&redirect_lock);
559 :
560 1 : return f;
561 : }
562 : EXPORT_SYMBOL_GPL(tty_release_redirect);
563 :
564 : /**
565 : * __tty_hangup - actual handler for hangup events
566 : * @tty: tty device
567 : * @exit_session: if non-zero, signal all foreground group processes
568 : *
569 : * This can be called by a "kworker" kernel thread. That is process
570 : * synchronous but doesn't hold any locks, so we need to make sure we
571 : * have the appropriate locks for what we're doing.
572 : *
573 : * The hangup event clears any pending redirections onto the hung up
574 : * device. It ensures future writes will error and it does the needed
575 : * line discipline hangup and signal delivery. The tty object itself
576 : * remains intact.
577 : *
578 : * Locking:
579 : * BTM
580 : * redirect lock for undoing redirection
581 : * file list lock for manipulating list of ttys
582 : * tty_ldiscs_lock from called functions
583 : * termios_rwsem resetting termios data
584 : * tasklist_lock to walk task list for hangup event
585 : * ->siglock to protect ->signal/->sighand
586 : */
587 1 : static void __tty_hangup(struct tty_struct *tty, int exit_session)
588 : {
589 1 : struct file *cons_filp = NULL;
590 1 : struct file *filp, *f;
591 1 : struct tty_file_private *priv;
592 1 : int closecount = 0, n;
593 1 : int refs;
594 :
595 1 : if (!tty)
596 : return;
597 :
598 1 : f = tty_release_redirect(tty);
599 :
600 1 : tty_lock(tty);
601 :
602 1 : if (test_bit(TTY_HUPPED, &tty->flags)) {
603 0 : tty_unlock(tty);
604 0 : return;
605 : }
606 :
607 : /*
608 : * Some console devices aren't actually hung up for technical and
609 : * historical reasons, which can lead to indefinite interruptible
610 : * sleep in n_tty_read(). The following explicitly tells
611 : * n_tty_read() to abort readers.
612 : */
613 1 : set_bit(TTY_HUPPING, &tty->flags);
614 :
615 : /* inuse_filps is protected by the single tty lock,
616 : this really needs to change if we want to flush the
617 : workqueue with the lock held */
618 1 : check_tty_count(tty, "tty_hangup");
619 :
620 1 : spin_lock(&tty->files_lock);
621 : /* This breaks for file handles being sent over AF_UNIX sockets ? */
622 2 : list_for_each_entry(priv, &tty->tty_files, list) {
623 1 : filp = priv->file;
624 1 : if (filp->f_op->write_iter == redirected_tty_write)
625 0 : cons_filp = filp;
626 1 : if (filp->f_op->write_iter != tty_write)
627 0 : continue;
628 1 : closecount++;
629 1 : __tty_fasync(-1, filp, 0); /* can't block */
630 1 : filp->f_op = &hung_up_tty_fops;
631 : }
632 1 : spin_unlock(&tty->files_lock);
633 :
634 1 : refs = tty_signal_session_leader(tty, exit_session);
635 : /* Account for the p->signal references we killed */
636 1 : while (refs--)
637 1 : tty_kref_put(tty);
638 :
639 1 : tty_ldisc_hangup(tty, cons_filp != NULL);
640 :
641 1 : spin_lock_irq(&tty->ctrl_lock);
642 1 : clear_bit(TTY_THROTTLED, &tty->flags);
643 1 : clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
644 1 : put_pid(tty->session);
645 1 : put_pid(tty->pgrp);
646 1 : tty->session = NULL;
647 1 : tty->pgrp = NULL;
648 1 : tty->ctrl_status = 0;
649 1 : spin_unlock_irq(&tty->ctrl_lock);
650 :
651 : /*
652 : * If one of the devices matches a console pointer, we
653 : * cannot just call hangup() because that will cause
654 : * tty->count and state->count to go out of sync.
655 : * So we just call close() the right number of times.
656 : */
657 1 : if (cons_filp) {
658 0 : if (tty->ops->close)
659 0 : for (n = 0; n < closecount; n++)
660 0 : tty->ops->close(tty, cons_filp);
661 1 : } else if (tty->ops->hangup)
662 0 : tty->ops->hangup(tty);
663 : /*
664 : * We don't want to have driver/ldisc interactions beyond the ones
665 : * we did here. The driver layer expects no calls after ->hangup()
666 : * from the ldisc side, which is now guaranteed.
667 : */
668 1 : set_bit(TTY_HUPPED, &tty->flags);
669 1 : clear_bit(TTY_HUPPING, &tty->flags);
670 1 : tty_unlock(tty);
671 :
672 1 : if (f)
673 0 : fput(f);
674 : }
675 :
676 0 : static void do_tty_hangup(struct work_struct *work)
677 : {
678 0 : struct tty_struct *tty =
679 0 : container_of(work, struct tty_struct, hangup_work);
680 :
681 0 : __tty_hangup(tty, 0);
682 0 : }
683 :
684 : /**
685 : * tty_hangup - trigger a hangup event
686 : * @tty: tty to hangup
687 : *
688 : * A carrier loss (virtual or otherwise) has occurred on this like
689 : * schedule a hangup sequence to run after this event.
690 : */
691 :
692 0 : void tty_hangup(struct tty_struct *tty)
693 : {
694 0 : tty_debug_hangup(tty, "hangup\n");
695 0 : schedule_work(&tty->hangup_work);
696 0 : }
697 :
698 : EXPORT_SYMBOL(tty_hangup);
699 :
700 : /**
701 : * tty_vhangup - process vhangup
702 : * @tty: tty to hangup
703 : *
704 : * The user has asked via system call for the terminal to be hung up.
705 : * We do this synchronously so that when the syscall returns the process
706 : * is complete. That guarantee is necessary for security reasons.
707 : */
708 :
709 1 : void tty_vhangup(struct tty_struct *tty)
710 : {
711 1 : tty_debug_hangup(tty, "vhangup\n");
712 0 : __tty_hangup(tty, 0);
713 0 : }
714 :
715 : EXPORT_SYMBOL(tty_vhangup);
716 :
717 :
718 : /**
719 : * tty_vhangup_self - process vhangup for own ctty
720 : *
721 : * Perform a vhangup on the current controlling tty
722 : */
723 :
724 0 : void tty_vhangup_self(void)
725 : {
726 0 : struct tty_struct *tty;
727 :
728 0 : tty = get_current_tty();
729 0 : if (tty) {
730 0 : tty_vhangup(tty);
731 0 : tty_kref_put(tty);
732 : }
733 0 : }
734 :
735 : /**
736 : * tty_vhangup_session - hangup session leader exit
737 : * @tty: tty to hangup
738 : *
739 : * The session leader is exiting and hanging up its controlling terminal.
740 : * Every process in the foreground process group is signalled SIGHUP.
741 : *
742 : * We do this synchronously so that when the syscall returns the process
743 : * is complete. That guarantee is necessary for security reasons.
744 : */
745 :
746 0 : void tty_vhangup_session(struct tty_struct *tty)
747 : {
748 0 : tty_debug_hangup(tty, "session hangup\n");
749 0 : __tty_hangup(tty, 1);
750 0 : }
751 :
752 : /**
753 : * tty_hung_up_p - was tty hung up
754 : * @filp: file pointer of tty
755 : *
756 : * Return true if the tty has been subject to a vhangup or a carrier
757 : * loss
758 : */
759 :
760 279 : int tty_hung_up_p(struct file *filp)
761 : {
762 279 : return (filp && filp->f_op == &hung_up_tty_fops);
763 : }
764 :
765 : EXPORT_SYMBOL(tty_hung_up_p);
766 :
767 : /**
768 : * stop_tty - propagate flow control
769 : * @tty: tty to stop
770 : *
771 : * Perform flow control to the driver. May be called
772 : * on an already stopped device and will not re-call the driver
773 : * method.
774 : *
775 : * This functionality is used by both the line disciplines for
776 : * halting incoming flow and by the driver. It may therefore be
777 : * called from any context, may be under the tty atomic_write_lock
778 : * but not always.
779 : *
780 : * Locking:
781 : * flow_lock
782 : */
783 :
784 0 : void __stop_tty(struct tty_struct *tty)
785 : {
786 0 : if (tty->stopped)
787 : return;
788 0 : tty->stopped = 1;
789 0 : if (tty->ops->stop)
790 0 : tty->ops->stop(tty);
791 : }
792 :
793 0 : void stop_tty(struct tty_struct *tty)
794 : {
795 0 : unsigned long flags;
796 :
797 0 : spin_lock_irqsave(&tty->flow_lock, flags);
798 0 : __stop_tty(tty);
799 0 : spin_unlock_irqrestore(&tty->flow_lock, flags);
800 0 : }
801 : EXPORT_SYMBOL(stop_tty);
802 :
803 : /**
804 : * start_tty - propagate flow control
805 : * @tty: tty to start
806 : *
807 : * Start a tty that has been stopped if at all possible. If this
808 : * tty was previous stopped and is now being started, the driver
809 : * start method is invoked and the line discipline woken.
810 : *
811 : * Locking:
812 : * flow_lock
813 : */
814 :
815 0 : void __start_tty(struct tty_struct *tty)
816 : {
817 0 : if (!tty->stopped || tty->flow_stopped)
818 : return;
819 0 : tty->stopped = 0;
820 0 : if (tty->ops->start)
821 0 : tty->ops->start(tty);
822 0 : tty_wakeup(tty);
823 : }
824 :
825 0 : void start_tty(struct tty_struct *tty)
826 : {
827 0 : unsigned long flags;
828 :
829 0 : spin_lock_irqsave(&tty->flow_lock, flags);
830 0 : __start_tty(tty);
831 0 : spin_unlock_irqrestore(&tty->flow_lock, flags);
832 0 : }
833 : EXPORT_SYMBOL(start_tty);
834 :
835 143 : static void tty_update_time(struct timespec64 *time)
836 : {
837 143 : time64_t sec = ktime_get_real_seconds();
838 :
839 : /*
840 : * We only care if the two values differ in anything other than the
841 : * lower three bits (i.e every 8 seconds). If so, then we can update
842 : * the time of the tty device, otherwise it could be construded as a
843 : * security leak to let userspace know the exact timing of the tty.
844 : */
845 143 : if ((sec ^ time->tv_sec) & ~7)
846 4 : time->tv_sec = sec;
847 143 : }
848 :
849 : /*
850 : * Iterate on the ldisc ->read() function until we've gotten all
851 : * the data the ldisc has for us.
852 : *
853 : * The "cookie" is something that the ldisc read function can fill
854 : * in to let us know that there is more data to be had.
855 : *
856 : * We promise to continue to call the ldisc until it stops returning
857 : * data or clears the cookie. The cookie may be something that the
858 : * ldisc maintains state for and needs to free.
859 : */
860 0 : static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
861 : struct file *file, struct iov_iter *to)
862 : {
863 0 : int retval = 0;
864 0 : void *cookie = NULL;
865 0 : unsigned long offset = 0;
866 0 : char kernel_buf[64];
867 0 : size_t count = iov_iter_count(to);
868 :
869 0 : do {
870 0 : int size, copied;
871 :
872 0 : size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
873 0 : size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
874 0 : if (!size)
875 : break;
876 :
877 0 : if (size < 0) {
878 : /* Did we have an earlier error (ie -EFAULT)? */
879 0 : if (retval)
880 : break;
881 0 : retval = size;
882 :
883 : /*
884 : * -EOVERFLOW means we didn't have enough space
885 : * for a whole packet, and we shouldn't return
886 : * a partial result.
887 : */
888 0 : if (retval == -EOVERFLOW)
889 0 : offset = 0;
890 : break;
891 : }
892 :
893 0 : copied = copy_to_iter(kernel_buf, size, to);
894 0 : offset += copied;
895 0 : count -= copied;
896 :
897 : /*
898 : * If the user copy failed, we still need to do another ->read()
899 : * call if we had a cookie to let the ldisc clear up.
900 : *
901 : * But make sure size is zeroed.
902 : */
903 0 : if (unlikely(copied != size)) {
904 0 : count = 0;
905 0 : retval = -EFAULT;
906 : }
907 0 : } while (cookie);
908 :
909 : /* We always clear tty buffer in case they contained passwords */
910 0 : memzero_explicit(kernel_buf, sizeof(kernel_buf));
911 0 : return offset ? offset : retval;
912 : }
913 :
914 :
915 : /**
916 : * tty_read - read method for tty device files
917 : * @file: pointer to tty file
918 : * @buf: user buffer
919 : * @count: size of user buffer
920 : * @ppos: unused
921 : *
922 : * Perform the read system call function on this terminal device. Checks
923 : * for hung up devices before calling the line discipline method.
924 : *
925 : * Locking:
926 : * Locks the line discipline internally while needed. Multiple
927 : * read calls may be outstanding in parallel.
928 : */
929 :
930 0 : static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
931 : {
932 0 : int i;
933 0 : struct file *file = iocb->ki_filp;
934 0 : struct inode *inode = file_inode(file);
935 0 : struct tty_struct *tty = file_tty(file);
936 0 : struct tty_ldisc *ld;
937 :
938 0 : if (tty_paranoia_check(tty, inode, "tty_read"))
939 : return -EIO;
940 0 : if (!tty || tty_io_error(tty))
941 0 : return -EIO;
942 :
943 : /* We want to wait for the line discipline to sort out in this
944 : situation */
945 0 : ld = tty_ldisc_ref_wait(tty);
946 0 : if (!ld)
947 0 : return hung_up_tty_read(iocb, to);
948 0 : i = -EIO;
949 0 : if (ld->ops->read)
950 0 : i = iterate_tty_read(ld, tty, file, to);
951 0 : tty_ldisc_deref(ld);
952 :
953 0 : if (i > 0)
954 0 : tty_update_time(&inode->i_atime);
955 :
956 0 : return i;
957 : }
958 :
959 143 : static void tty_write_unlock(struct tty_struct *tty)
960 : {
961 143 : mutex_unlock(&tty->atomic_write_lock);
962 143 : wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
963 143 : }
964 :
965 143 : static int tty_write_lock(struct tty_struct *tty, int ndelay)
966 : {
967 143 : if (!mutex_trylock(&tty->atomic_write_lock)) {
968 0 : if (ndelay)
969 : return -EAGAIN;
970 0 : if (mutex_lock_interruptible(&tty->atomic_write_lock))
971 0 : return -ERESTARTSYS;
972 : }
973 : return 0;
974 : }
975 :
976 : /*
977 : * Split writes up in sane blocksizes to avoid
978 : * denial-of-service type attacks
979 : */
980 143 : static inline ssize_t do_tty_write(
981 : ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
982 : struct tty_struct *tty,
983 : struct file *file,
984 : struct iov_iter *from)
985 : {
986 143 : size_t count = iov_iter_count(from);
987 143 : ssize_t ret, written = 0;
988 143 : unsigned int chunk;
989 :
990 143 : ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
991 143 : if (ret < 0)
992 : return ret;
993 :
994 : /*
995 : * We chunk up writes into a temporary buffer. This
996 : * simplifies low-level drivers immensely, since they
997 : * don't have locking issues and user mode accesses.
998 : *
999 : * But if TTY_NO_WRITE_SPLIT is set, we should use a
1000 : * big chunk-size..
1001 : *
1002 : * The default chunk-size is 2kB, because the NTTY
1003 : * layer has problems with bigger chunks. It will
1004 : * claim to be able to handle more characters than
1005 : * it actually does.
1006 : *
1007 : * FIXME: This can probably go away now except that 64K chunks
1008 : * are too likely to fail unless switched to vmalloc...
1009 : */
1010 143 : chunk = 2048;
1011 143 : if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1012 0 : chunk = 65536;
1013 143 : if (count < chunk)
1014 143 : chunk = count;
1015 :
1016 : /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1017 143 : if (tty->write_cnt < chunk) {
1018 139 : unsigned char *buf_chunk;
1019 :
1020 139 : if (chunk < 1024)
1021 : chunk = 1024;
1022 :
1023 139 : buf_chunk = kmalloc(chunk, GFP_KERNEL);
1024 139 : if (!buf_chunk) {
1025 0 : ret = -ENOMEM;
1026 0 : goto out;
1027 : }
1028 139 : kfree(tty->write_buf);
1029 139 : tty->write_cnt = chunk;
1030 139 : tty->write_buf = buf_chunk;
1031 : }
1032 :
1033 : /* Do the write .. */
1034 0 : for (;;) {
1035 143 : size_t size = count;
1036 143 : if (size > chunk)
1037 : size = chunk;
1038 :
1039 143 : ret = -EFAULT;
1040 286 : if (copy_from_iter(tty->write_buf, size, from) != size)
1041 : break;
1042 :
1043 143 : ret = write(tty, file, tty->write_buf, size);
1044 143 : if (ret <= 0)
1045 : break;
1046 :
1047 143 : written += ret;
1048 143 : if (ret > size)
1049 : break;
1050 :
1051 : /* FIXME! Have Al check this! */
1052 143 : if (ret != size)
1053 0 : iov_iter_revert(from, size-ret);
1054 :
1055 143 : count -= ret;
1056 143 : if (!count)
1057 : break;
1058 0 : ret = -ERESTARTSYS;
1059 0 : if (signal_pending(current))
1060 : break;
1061 0 : cond_resched();
1062 : }
1063 143 : if (written) {
1064 143 : tty_update_time(&file_inode(file)->i_mtime);
1065 143 : ret = written;
1066 : }
1067 0 : out:
1068 143 : tty_write_unlock(tty);
1069 143 : return ret;
1070 : }
1071 :
1072 : /**
1073 : * tty_write_message - write a message to a certain tty, not just the console.
1074 : * @tty: the destination tty_struct
1075 : * @msg: the message to write
1076 : *
1077 : * This is used for messages that need to be redirected to a specific tty.
1078 : * We don't put it into the syslog queue right now maybe in the future if
1079 : * really needed.
1080 : *
1081 : * We must still hold the BTM and test the CLOSING flag for the moment.
1082 : */
1083 :
1084 0 : void tty_write_message(struct tty_struct *tty, char *msg)
1085 : {
1086 0 : if (tty) {
1087 0 : mutex_lock(&tty->atomic_write_lock);
1088 0 : tty_lock(tty);
1089 0 : if (tty->ops->write && tty->count > 0)
1090 0 : tty->ops->write(tty, msg, strlen(msg));
1091 0 : tty_unlock(tty);
1092 0 : tty_write_unlock(tty);
1093 : }
1094 0 : return;
1095 : }
1096 :
1097 :
1098 : /**
1099 : * tty_write - write method for tty device file
1100 : * @file: tty file pointer
1101 : * @buf: user data to write
1102 : * @count: bytes to write
1103 : * @ppos: unused
1104 : *
1105 : * Write data to a tty device via the line discipline.
1106 : *
1107 : * Locking:
1108 : * Locks the line discipline as required
1109 : * Writes to the tty driver are serialized by the atomic_write_lock
1110 : * and are then processed in chunks to the device. The line discipline
1111 : * write method will not be invoked in parallel for each device.
1112 : */
1113 :
1114 143 : static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1115 : {
1116 143 : struct tty_struct *tty = file_tty(file);
1117 143 : struct tty_ldisc *ld;
1118 143 : ssize_t ret;
1119 :
1120 143 : if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1121 : return -EIO;
1122 286 : if (!tty || !tty->ops->write || tty_io_error(tty))
1123 0 : return -EIO;
1124 : /* Short term debug to catch buggy drivers */
1125 143 : if (tty->ops->write_room == NULL)
1126 0 : tty_err(tty, "missing write_room method\n");
1127 143 : ld = tty_ldisc_ref_wait(tty);
1128 143 : if (!ld)
1129 143 : return hung_up_tty_write(iocb, from);
1130 143 : if (!ld->ops->write)
1131 : ret = -EIO;
1132 : else
1133 143 : ret = do_tty_write(ld->ops->write, tty, file, from);
1134 143 : tty_ldisc_deref(ld);
1135 143 : return ret;
1136 : }
1137 :
1138 143 : static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1139 : {
1140 12 : return file_tty_write(iocb->ki_filp, iocb, from);
1141 : }
1142 :
1143 131 : ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1144 : {
1145 131 : struct file *p = NULL;
1146 :
1147 131 : spin_lock(&redirect_lock);
1148 131 : if (redirect)
1149 0 : p = get_file(redirect);
1150 131 : spin_unlock(&redirect_lock);
1151 :
1152 : /*
1153 : * We know the redirected tty is just another tty, we can can
1154 : * call file_tty_write() directly with that file pointer.
1155 : */
1156 131 : if (p) {
1157 0 : ssize_t res;
1158 0 : res = file_tty_write(p, iocb, iter);
1159 0 : fput(p);
1160 0 : return res;
1161 : }
1162 131 : return tty_write(iocb, iter);
1163 : }
1164 :
1165 : /*
1166 : * tty_send_xchar - send priority character
1167 : *
1168 : * Send a high priority character to the tty even if stopped
1169 : *
1170 : * Locking: none for xchar method, write ordering for write method.
1171 : */
1172 :
1173 0 : int tty_send_xchar(struct tty_struct *tty, char ch)
1174 : {
1175 0 : int was_stopped = tty->stopped;
1176 :
1177 0 : if (tty->ops->send_xchar) {
1178 0 : down_read(&tty->termios_rwsem);
1179 0 : tty->ops->send_xchar(tty, ch);
1180 0 : up_read(&tty->termios_rwsem);
1181 0 : return 0;
1182 : }
1183 :
1184 0 : if (tty_write_lock(tty, 0) < 0)
1185 : return -ERESTARTSYS;
1186 :
1187 0 : down_read(&tty->termios_rwsem);
1188 0 : if (was_stopped)
1189 0 : start_tty(tty);
1190 0 : tty->ops->write(tty, &ch, 1);
1191 0 : if (was_stopped)
1192 0 : stop_tty(tty);
1193 0 : up_read(&tty->termios_rwsem);
1194 0 : tty_write_unlock(tty);
1195 0 : return 0;
1196 : }
1197 :
1198 : static char ptychar[] = "pqrstuvwxyzabcde";
1199 :
1200 : /**
1201 : * pty_line_name - generate name for a pty
1202 : * @driver: the tty driver in use
1203 : * @index: the minor number
1204 : * @p: output buffer of at least 6 bytes
1205 : *
1206 : * Generate a name from a driver reference and write it to the output
1207 : * buffer.
1208 : *
1209 : * Locking: None
1210 : */
1211 0 : static void pty_line_name(struct tty_driver *driver, int index, char *p)
1212 : {
1213 0 : int i = index + driver->name_base;
1214 : /* ->name is initialized to "ttyp", but "tty" is expected */
1215 0 : sprintf(p, "%s%c%x",
1216 0 : driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1217 0 : ptychar[i >> 4 & 0xf], i & 0xf);
1218 0 : }
1219 :
1220 : /**
1221 : * tty_line_name - generate name for a tty
1222 : * @driver: the tty driver in use
1223 : * @index: the minor number
1224 : * @p: output buffer of at least 7 bytes
1225 : *
1226 : * Generate a name from a driver reference and write it to the output
1227 : * buffer.
1228 : *
1229 : * Locking: None
1230 : */
1231 230 : static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1232 : {
1233 230 : if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1234 0 : return sprintf(p, "%s", driver->name);
1235 : else
1236 230 : return sprintf(p, "%s%d", driver->name,
1237 230 : index + driver->name_base);
1238 : }
1239 :
1240 : /**
1241 : * tty_driver_lookup_tty() - find an existing tty, if any
1242 : * @driver: the driver for the tty
1243 : * @file: file object
1244 : * @idx: the minor number
1245 : *
1246 : * Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1247 : * driver lookup() method returns an error.
1248 : *
1249 : * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1250 : */
1251 176 : static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1252 : struct file *file, int idx)
1253 : {
1254 176 : struct tty_struct *tty;
1255 :
1256 176 : if (driver->ops->lookup)
1257 0 : if (!file)
1258 176 : tty = ERR_PTR(-EIO);
1259 : else
1260 0 : tty = driver->ops->lookup(driver, file, idx);
1261 : else
1262 176 : tty = driver->ttys[idx];
1263 :
1264 176 : if (!IS_ERR(tty))
1265 176 : tty_kref_get(tty);
1266 176 : return tty;
1267 : }
1268 :
1269 : /**
1270 : * tty_init_termios - helper for termios setup
1271 : * @tty: the tty to set up
1272 : *
1273 : * Initialise the termios structure for this tty. This runs under
1274 : * the tty_mutex currently so we can be relaxed about ordering.
1275 : */
1276 :
1277 163 : void tty_init_termios(struct tty_struct *tty)
1278 : {
1279 163 : struct ktermios *tp;
1280 163 : int idx = tty->index;
1281 :
1282 163 : if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1283 28 : tty->termios = tty->driver->init_termios;
1284 : else {
1285 : /* Check for lazy saved data */
1286 135 : tp = tty->driver->termios[idx];
1287 135 : if (tp != NULL) {
1288 134 : tty->termios = *tp;
1289 134 : tty->termios.c_line = tty->driver->init_termios.c_line;
1290 : } else
1291 1 : tty->termios = tty->driver->init_termios;
1292 : }
1293 : /* Compatibility until drivers always set this */
1294 163 : tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1295 163 : tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1296 163 : }
1297 : EXPORT_SYMBOL_GPL(tty_init_termios);
1298 :
1299 163 : int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1300 : {
1301 163 : tty_init_termios(tty);
1302 163 : tty_driver_kref_get(driver);
1303 163 : tty->count++;
1304 163 : driver->ttys[tty->index] = tty;
1305 163 : return 0;
1306 : }
1307 : EXPORT_SYMBOL_GPL(tty_standard_install);
1308 :
1309 : /**
1310 : * tty_driver_install_tty() - install a tty entry in the driver
1311 : * @driver: the driver for the tty
1312 : * @tty: the tty
1313 : *
1314 : * Install a tty object into the driver tables. The tty->index field
1315 : * will be set by the time this is called. This method is responsible
1316 : * for ensuring any need additional structures are allocated and
1317 : * configured.
1318 : *
1319 : * Locking: tty_mutex for now
1320 : */
1321 163 : static int tty_driver_install_tty(struct tty_driver *driver,
1322 : struct tty_struct *tty)
1323 : {
1324 163 : return driver->ops->install ? driver->ops->install(driver, tty) :
1325 0 : tty_standard_install(driver, tty);
1326 : }
1327 :
1328 : /**
1329 : * tty_driver_remove_tty() - remove a tty from the driver tables
1330 : * @driver: the driver for the tty
1331 : * @tty: tty to remove
1332 : *
1333 : * Remvoe a tty object from the driver tables. The tty->index field
1334 : * will be set by the time this is called.
1335 : *
1336 : * Locking: tty_mutex for now
1337 : */
1338 161 : static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1339 : {
1340 161 : if (driver->ops->remove)
1341 0 : driver->ops->remove(driver, tty);
1342 : else
1343 161 : driver->ttys[tty->index] = NULL;
1344 161 : }
1345 :
1346 : /**
1347 : * tty_reopen() - fast re-open of an open tty
1348 : * @tty: the tty to open
1349 : *
1350 : * Return 0 on success, -errno on error.
1351 : * Re-opens on master ptys are not allowed and return -EIO.
1352 : *
1353 : * Locking: Caller must hold tty_lock
1354 : */
1355 13 : static int tty_reopen(struct tty_struct *tty)
1356 : {
1357 13 : struct tty_driver *driver = tty->driver;
1358 13 : struct tty_ldisc *ld;
1359 13 : int retval = 0;
1360 :
1361 13 : if (driver->type == TTY_DRIVER_TYPE_PTY &&
1362 : driver->subtype == PTY_TYPE_MASTER)
1363 : return -EIO;
1364 :
1365 13 : if (!tty->count)
1366 : return -EAGAIN;
1367 :
1368 13 : if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1369 : return -EBUSY;
1370 :
1371 13 : ld = tty_ldisc_ref_wait(tty);
1372 13 : if (ld) {
1373 13 : tty_ldisc_deref(ld);
1374 : } else {
1375 0 : retval = tty_ldisc_lock(tty, 5 * HZ);
1376 0 : if (retval)
1377 : return retval;
1378 :
1379 0 : if (!tty->ldisc)
1380 0 : retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1381 0 : tty_ldisc_unlock(tty);
1382 : }
1383 :
1384 13 : if (retval == 0)
1385 13 : tty->count++;
1386 :
1387 : return retval;
1388 : }
1389 :
1390 : /**
1391 : * tty_init_dev - initialise a tty device
1392 : * @driver: tty driver we are opening a device on
1393 : * @idx: device index
1394 : *
1395 : * Prepare a tty device. This may not be a "new" clean device but
1396 : * could also be an active device. The pty drivers require special
1397 : * handling because of this.
1398 : *
1399 : * Locking:
1400 : * The function is called under the tty_mutex, which
1401 : * protects us from the tty struct or driver itself going away.
1402 : *
1403 : * On exit the tty device has the line discipline attached and
1404 : * a reference count of 1. If a pair was created for pty/tty use
1405 : * and the other was a pty master then it too has a reference count of 1.
1406 : *
1407 : * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1408 : * failed open. The new code protects the open with a mutex, so it's
1409 : * really quite straightforward. The mutex locking can probably be
1410 : * relaxed for the (most common) case of reopening a tty.
1411 : *
1412 : * Return: returned tty structure
1413 : */
1414 :
1415 163 : struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1416 : {
1417 163 : struct tty_struct *tty;
1418 163 : int retval;
1419 :
1420 : /*
1421 : * First time open is complex, especially for PTY devices.
1422 : * This code guarantees that either everything succeeds and the
1423 : * TTY is ready for operation, or else the table slots are vacated
1424 : * and the allocated memory released. (Except that the termios
1425 : * may be retained.)
1426 : */
1427 :
1428 163 : if (!try_module_get(driver->owner))
1429 : return ERR_PTR(-ENODEV);
1430 :
1431 163 : tty = alloc_tty_struct(driver, idx);
1432 163 : if (!tty) {
1433 0 : retval = -ENOMEM;
1434 0 : goto err_module_put;
1435 : }
1436 :
1437 163 : tty_lock(tty);
1438 163 : retval = tty_driver_install_tty(driver, tty);
1439 163 : if (retval < 0)
1440 0 : goto err_free_tty;
1441 :
1442 163 : if (!tty->port)
1443 135 : tty->port = driver->ports[idx];
1444 :
1445 163 : if (WARN_RATELIMIT(!tty->port,
1446 : "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1447 : __func__, tty->driver->name)) {
1448 0 : retval = -EINVAL;
1449 0 : goto err_release_lock;
1450 : }
1451 :
1452 163 : retval = tty_ldisc_lock(tty, 5 * HZ);
1453 163 : if (retval)
1454 0 : goto err_release_lock;
1455 163 : tty->port->itty = tty;
1456 :
1457 : /*
1458 : * Structures all installed ... call the ldisc open routines.
1459 : * If we fail here just call release_tty to clean up. No need
1460 : * to decrement the use counts, as release_tty doesn't care.
1461 : */
1462 163 : retval = tty_ldisc_setup(tty, tty->link);
1463 163 : if (retval)
1464 0 : goto err_release_tty;
1465 163 : tty_ldisc_unlock(tty);
1466 : /* Return the tty locked so that it cannot vanish under the caller */
1467 163 : return tty;
1468 :
1469 0 : err_free_tty:
1470 0 : tty_unlock(tty);
1471 0 : free_tty_struct(tty);
1472 0 : err_module_put:
1473 0 : module_put(driver->owner);
1474 0 : return ERR_PTR(retval);
1475 :
1476 : /* call the tty release_tty routine to clean out this slot */
1477 0 : err_release_tty:
1478 0 : tty_ldisc_unlock(tty);
1479 0 : tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1480 : retval, idx);
1481 0 : err_release_lock:
1482 0 : tty_unlock(tty);
1483 0 : release_tty(tty, idx);
1484 0 : return ERR_PTR(retval);
1485 : }
1486 :
1487 : /**
1488 : * tty_save_termios() - save tty termios data in driver table
1489 : * @tty: tty whose termios data to save
1490 : *
1491 : * Locking: Caller guarantees serialisation with tty_init_termios().
1492 : */
1493 161 : void tty_save_termios(struct tty_struct *tty)
1494 : {
1495 161 : struct ktermios *tp;
1496 161 : int idx = tty->index;
1497 :
1498 : /* If the port is going to reset then it has no termios to save */
1499 161 : if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1500 : return;
1501 :
1502 : /* Stash the termios data */
1503 135 : tp = tty->driver->termios[idx];
1504 135 : if (tp == NULL) {
1505 1 : tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1506 1 : if (tp == NULL)
1507 : return;
1508 1 : tty->driver->termios[idx] = tp;
1509 : }
1510 135 : *tp = tty->termios;
1511 : }
1512 : EXPORT_SYMBOL_GPL(tty_save_termios);
1513 :
1514 : /**
1515 : * tty_flush_works - flush all works of a tty/pty pair
1516 : * @tty: tty device to flush works for (or either end of a pty pair)
1517 : *
1518 : * Sync flush all works belonging to @tty (and the 'other' tty).
1519 : */
1520 161 : static void tty_flush_works(struct tty_struct *tty)
1521 : {
1522 161 : flush_work(&tty->SAK_work);
1523 161 : flush_work(&tty->hangup_work);
1524 161 : if (tty->link) {
1525 0 : flush_work(&tty->link->SAK_work);
1526 0 : flush_work(&tty->link->hangup_work);
1527 : }
1528 161 : }
1529 :
1530 : /**
1531 : * release_one_tty - release tty structure memory
1532 : * @work: work of tty we are obliterating
1533 : *
1534 : * Releases memory associated with a tty structure, and clears out the
1535 : * driver table slots. This function is called when a device is no longer
1536 : * in use. It also gets called when setup of a device fails.
1537 : *
1538 : * Locking:
1539 : * takes the file list lock internally when working on the list
1540 : * of ttys that the driver keeps.
1541 : *
1542 : * This method gets called from a work queue so that the driver private
1543 : * cleanup ops can sleep (needed for USB at least)
1544 : */
1545 161 : static void release_one_tty(struct work_struct *work)
1546 : {
1547 161 : struct tty_struct *tty =
1548 161 : container_of(work, struct tty_struct, hangup_work);
1549 161 : struct tty_driver *driver = tty->driver;
1550 161 : struct module *owner = driver->owner;
1551 :
1552 161 : if (tty->ops->cleanup)
1553 26 : tty->ops->cleanup(tty);
1554 :
1555 161 : tty->magic = 0;
1556 322 : tty_driver_kref_put(driver);
1557 161 : module_put(owner);
1558 :
1559 161 : spin_lock(&tty->files_lock);
1560 161 : list_del_init(&tty->tty_files);
1561 161 : spin_unlock(&tty->files_lock);
1562 :
1563 161 : put_pid(tty->pgrp);
1564 161 : put_pid(tty->session);
1565 161 : free_tty_struct(tty);
1566 161 : }
1567 :
1568 161 : static void queue_release_one_tty(struct kref *kref)
1569 : {
1570 161 : struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1571 :
1572 : /* The hangup queue is now free so we can reuse it rather than
1573 : waste a chunk of memory for each port */
1574 161 : INIT_WORK(&tty->hangup_work, release_one_tty);
1575 161 : schedule_work(&tty->hangup_work);
1576 161 : }
1577 :
1578 : /**
1579 : * tty_kref_put - release a tty kref
1580 : * @tty: tty device
1581 : *
1582 : * Release a reference to a tty device and if need be let the kref
1583 : * layer destruct the object for us
1584 : */
1585 :
1586 3509 : void tty_kref_put(struct tty_struct *tty)
1587 : {
1588 3174 : if (tty)
1589 1363 : kref_put(&tty->kref, queue_release_one_tty);
1590 0 : }
1591 : EXPORT_SYMBOL(tty_kref_put);
1592 :
1593 : /**
1594 : * release_tty - release tty structure memory
1595 : * @tty: tty device release
1596 : * @idx: index of the tty device release
1597 : *
1598 : * Release both @tty and a possible linked partner (think pty pair),
1599 : * and decrement the refcount of the backing module.
1600 : *
1601 : * Locking:
1602 : * tty_mutex
1603 : * takes the file list lock internally when working on the list
1604 : * of ttys that the driver keeps.
1605 : *
1606 : */
1607 161 : static void release_tty(struct tty_struct *tty, int idx)
1608 : {
1609 : /* This should always be true but check for the moment */
1610 161 : WARN_ON(tty->index != idx);
1611 161 : WARN_ON(!mutex_is_locked(&tty_mutex));
1612 161 : if (tty->ops->shutdown)
1613 26 : tty->ops->shutdown(tty);
1614 161 : tty_save_termios(tty);
1615 161 : tty_driver_remove_tty(tty->driver, tty);
1616 161 : if (tty->port)
1617 161 : tty->port->itty = NULL;
1618 161 : if (tty->link)
1619 0 : tty->link->port->itty = NULL;
1620 161 : if (tty->port)
1621 161 : tty_buffer_cancel_work(tty->port);
1622 161 : if (tty->link)
1623 0 : tty_buffer_cancel_work(tty->link->port);
1624 :
1625 161 : tty_kref_put(tty->link);
1626 161 : tty_kref_put(tty);
1627 161 : }
1628 :
1629 : /**
1630 : * tty_release_checks - check a tty before real release
1631 : * @tty: tty to check
1632 : * @idx: index of the tty
1633 : *
1634 : * Performs some paranoid checking before true release of the @tty.
1635 : * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1636 : */
1637 174 : static int tty_release_checks(struct tty_struct *tty, int idx)
1638 : {
1639 : #ifdef TTY_PARANOIA_CHECK
1640 174 : if (idx < 0 || idx >= tty->driver->num) {
1641 : tty_debug(tty, "bad idx %d\n", idx);
1642 : return -1;
1643 : }
1644 :
1645 : /* not much to check for devpts */
1646 174 : if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1647 : return 0;
1648 :
1649 174 : if (tty != tty->driver->ttys[idx]) {
1650 : tty_debug(tty, "bad driver table[%d] = %p\n",
1651 : idx, tty->driver->ttys[idx]);
1652 : return -1;
1653 : }
1654 174 : if (tty->driver->other) {
1655 0 : struct tty_struct *o_tty = tty->link;
1656 :
1657 0 : if (o_tty != tty->driver->other->ttys[idx]) {
1658 : tty_debug(tty, "bad other table[%d] = %p\n",
1659 : idx, tty->driver->other->ttys[idx]);
1660 : return -1;
1661 : }
1662 0 : if (o_tty->link != tty) {
1663 0 : tty_debug(tty, "bad link = %p\n", o_tty->link);
1664 0 : return -1;
1665 : }
1666 : }
1667 : #endif
1668 : return 0;
1669 : }
1670 :
1671 : /**
1672 : * tty_kclose - closes tty opened by tty_kopen
1673 : * @tty: tty device
1674 : *
1675 : * Performs the final steps to release and free a tty device. It is the
1676 : * same as tty_release_struct except that it also resets TTY_PORT_KOPENED
1677 : * flag on tty->port.
1678 : */
1679 0 : void tty_kclose(struct tty_struct *tty)
1680 : {
1681 : /*
1682 : * Ask the line discipline code to release its structures
1683 : */
1684 0 : tty_ldisc_release(tty);
1685 :
1686 : /* Wait for pending work before tty destruction commmences */
1687 0 : tty_flush_works(tty);
1688 :
1689 0 : tty_debug_hangup(tty, "freeing structure\n");
1690 : /*
1691 : * The release_tty function takes care of the details of clearing
1692 : * the slots and preserving the termios structure.
1693 : */
1694 0 : mutex_lock(&tty_mutex);
1695 0 : tty_port_set_kopened(tty->port, 0);
1696 0 : release_tty(tty, tty->index);
1697 0 : mutex_unlock(&tty_mutex);
1698 0 : }
1699 : EXPORT_SYMBOL_GPL(tty_kclose);
1700 :
1701 : /**
1702 : * tty_release_struct - release a tty struct
1703 : * @tty: tty device
1704 : * @idx: index of the tty
1705 : *
1706 : * Performs the final steps to release and free a tty device. It is
1707 : * roughly the reverse of tty_init_dev.
1708 : */
1709 161 : void tty_release_struct(struct tty_struct *tty, int idx)
1710 : {
1711 : /*
1712 : * Ask the line discipline code to release its structures
1713 : */
1714 161 : tty_ldisc_release(tty);
1715 :
1716 : /* Wait for pending work before tty destruction commmences */
1717 161 : tty_flush_works(tty);
1718 :
1719 161 : tty_debug_hangup(tty, "freeing structure\n");
1720 : /*
1721 : * The release_tty function takes care of the details of clearing
1722 : * the slots and preserving the termios structure.
1723 : */
1724 161 : mutex_lock(&tty_mutex);
1725 161 : release_tty(tty, idx);
1726 161 : mutex_unlock(&tty_mutex);
1727 161 : }
1728 : EXPORT_SYMBOL_GPL(tty_release_struct);
1729 :
1730 : /**
1731 : * tty_release - vfs callback for close
1732 : * @inode: inode of tty
1733 : * @filp: file pointer for handle to tty
1734 : *
1735 : * Called the last time each file handle is closed that references
1736 : * this tty. There may however be several such references.
1737 : *
1738 : * Locking:
1739 : * Takes bkl. See tty_release_dev
1740 : *
1741 : * Even releasing the tty structures is a tricky business.. We have
1742 : * to be very careful that the structures are all released at the
1743 : * same time, as interrupts might otherwise get the wrong pointers.
1744 : *
1745 : * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1746 : * lead to double frees or releasing memory still in use.
1747 : */
1748 :
1749 174 : int tty_release(struct inode *inode, struct file *filp)
1750 : {
1751 174 : struct tty_struct *tty = file_tty(filp);
1752 174 : struct tty_struct *o_tty = NULL;
1753 174 : int do_sleep, final;
1754 174 : int idx;
1755 174 : long timeout = 0;
1756 174 : int once = 1;
1757 :
1758 174 : if (tty_paranoia_check(tty, inode, __func__))
1759 : return 0;
1760 :
1761 174 : tty_lock(tty);
1762 174 : check_tty_count(tty, __func__);
1763 :
1764 174 : __tty_fasync(-1, filp, 0);
1765 :
1766 174 : idx = tty->index;
1767 174 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1768 : tty->driver->subtype == PTY_TYPE_MASTER)
1769 0 : o_tty = tty->link;
1770 :
1771 174 : if (tty_release_checks(tty, idx)) {
1772 0 : tty_unlock(tty);
1773 0 : return 0;
1774 : }
1775 :
1776 174 : tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1777 :
1778 174 : if (tty->ops->close)
1779 174 : tty->ops->close(tty, filp);
1780 :
1781 : /* If tty is pty master, lock the slave pty (stable lock order) */
1782 174 : tty_lock_slave(o_tty);
1783 :
1784 : /*
1785 : * Sanity check: if tty->count is going to zero, there shouldn't be
1786 : * any waiters on tty->read_wait or tty->write_wait. We test the
1787 : * wait queues and kick everyone out _before_ actually starting to
1788 : * close. This ensures that we won't block while releasing the tty
1789 : * structure.
1790 : *
1791 : * The test for the o_tty closing is necessary, since the master and
1792 : * slave sides may close in any order. If the slave side closes out
1793 : * first, its count will be one, since the master side holds an open.
1794 : * Thus this test wouldn't be triggered at the time the slave closed,
1795 : * so we do it now.
1796 : */
1797 174 : while (1) {
1798 174 : do_sleep = 0;
1799 :
1800 174 : if (tty->count <= 1) {
1801 161 : if (waitqueue_active(&tty->read_wait)) {
1802 0 : wake_up_poll(&tty->read_wait, EPOLLIN);
1803 0 : do_sleep++;
1804 : }
1805 161 : if (waitqueue_active(&tty->write_wait)) {
1806 0 : wake_up_poll(&tty->write_wait, EPOLLOUT);
1807 0 : do_sleep++;
1808 : }
1809 : }
1810 174 : if (o_tty && o_tty->count <= 1) {
1811 0 : if (waitqueue_active(&o_tty->read_wait)) {
1812 0 : wake_up_poll(&o_tty->read_wait, EPOLLIN);
1813 0 : do_sleep++;
1814 : }
1815 0 : if (waitqueue_active(&o_tty->write_wait)) {
1816 0 : wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1817 0 : do_sleep++;
1818 : }
1819 : }
1820 174 : if (!do_sleep)
1821 : break;
1822 :
1823 0 : if (once) {
1824 0 : once = 0;
1825 0 : tty_warn(tty, "read/write wait queue active!\n");
1826 : }
1827 0 : schedule_timeout_killable(timeout);
1828 0 : if (timeout < 120 * HZ)
1829 0 : timeout = 2 * timeout + 1;
1830 : else
1831 : timeout = MAX_SCHEDULE_TIMEOUT;
1832 : }
1833 :
1834 174 : if (o_tty) {
1835 0 : if (--o_tty->count < 0) {
1836 0 : tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1837 0 : o_tty->count = 0;
1838 : }
1839 : }
1840 174 : if (--tty->count < 0) {
1841 0 : tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1842 0 : tty->count = 0;
1843 : }
1844 :
1845 : /*
1846 : * We've decremented tty->count, so we need to remove this file
1847 : * descriptor off the tty->tty_files list; this serves two
1848 : * purposes:
1849 : * - check_tty_count sees the correct number of file descriptors
1850 : * associated with this tty.
1851 : * - do_tty_hangup no longer sees this file descriptor as
1852 : * something that needs to be handled for hangups.
1853 : */
1854 174 : tty_del_file(filp);
1855 :
1856 : /*
1857 : * Perform some housekeeping before deciding whether to return.
1858 : *
1859 : * If _either_ side is closing, make sure there aren't any
1860 : * processes that still think tty or o_tty is their controlling
1861 : * tty.
1862 : */
1863 174 : if (!tty->count) {
1864 161 : read_lock(&tasklist_lock);
1865 161 : session_clear_tty(tty->session);
1866 161 : if (o_tty)
1867 0 : session_clear_tty(o_tty->session);
1868 161 : read_unlock(&tasklist_lock);
1869 : }
1870 :
1871 : /* check whether both sides are closing ... */
1872 174 : final = !tty->count && !(o_tty && o_tty->count);
1873 :
1874 174 : tty_unlock_slave(o_tty);
1875 174 : tty_unlock(tty);
1876 :
1877 : /* At this point, the tty->count == 0 should ensure a dead tty
1878 : cannot be re-opened by a racing opener */
1879 :
1880 174 : if (!final)
1881 : return 0;
1882 :
1883 161 : tty_debug_hangup(tty, "final close\n");
1884 :
1885 161 : tty_release_struct(tty, idx);
1886 161 : return 0;
1887 : }
1888 :
1889 : /**
1890 : * tty_open_current_tty - get locked tty of current task
1891 : * @device: device number
1892 : * @filp: file pointer to tty
1893 : * @return: locked tty of the current task iff @device is /dev/tty
1894 : *
1895 : * Performs a re-open of the current task's controlling tty.
1896 : *
1897 : * We cannot return driver and index like for the other nodes because
1898 : * devpts will not work then. It expects inodes to be from devpts FS.
1899 : */
1900 194 : static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1901 : {
1902 194 : struct tty_struct *tty;
1903 194 : int retval;
1904 :
1905 194 : if (device != MKDEV(TTYAUX_MAJOR, 0))
1906 : return NULL;
1907 :
1908 18 : tty = get_current_tty();
1909 18 : if (!tty)
1910 194 : return ERR_PTR(-ENXIO);
1911 :
1912 0 : filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1913 : /* noctty = 1; */
1914 0 : tty_lock(tty);
1915 0 : tty_kref_put(tty); /* safe to drop the kref now */
1916 :
1917 0 : retval = tty_reopen(tty);
1918 0 : if (retval < 0) {
1919 0 : tty_unlock(tty);
1920 0 : tty = ERR_PTR(retval);
1921 : }
1922 : return tty;
1923 : }
1924 :
1925 : /**
1926 : * tty_lookup_driver - lookup a tty driver for a given device file
1927 : * @device: device number
1928 : * @filp: file pointer to tty
1929 : * @index: index for the device in the @return driver
1930 : * @return: driver for this inode (with increased refcount)
1931 : *
1932 : * If @return is not erroneous, the caller is responsible to decrement the
1933 : * refcount by tty_driver_kref_put.
1934 : *
1935 : * Locking: tty_mutex protects get_tty_driver
1936 : */
1937 176 : static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1938 : int *index)
1939 : {
1940 176 : struct tty_driver *driver = NULL;
1941 :
1942 176 : switch (device) {
1943 : #ifdef CONFIG_VT
1944 4 : case MKDEV(TTY_MAJOR, 0): {
1945 4 : extern struct tty_driver *console_driver;
1946 4 : driver = tty_driver_kref_get(console_driver);
1947 4 : *index = fg_console;
1948 4 : break;
1949 : }
1950 : #endif
1951 134 : case MKDEV(TTYAUX_MAJOR, 1): {
1952 134 : struct tty_driver *console_driver = console_device(index);
1953 134 : if (console_driver) {
1954 134 : driver = tty_driver_kref_get(console_driver);
1955 134 : if (driver && filp) {
1956 : /* Don't let /dev/console block */
1957 134 : filp->f_flags |= O_NONBLOCK;
1958 134 : break;
1959 : }
1960 : }
1961 0 : if (driver)
1962 176 : tty_driver_kref_put(driver);
1963 176 : return ERR_PTR(-ENODEV);
1964 : }
1965 38 : default:
1966 38 : driver = get_tty_driver(device, index);
1967 38 : if (!driver)
1968 0 : return ERR_PTR(-ENODEV);
1969 : break;
1970 : }
1971 : return driver;
1972 : }
1973 :
1974 0 : static struct tty_struct *tty_kopen(dev_t device, int shared)
1975 : {
1976 0 : struct tty_struct *tty;
1977 0 : struct tty_driver *driver;
1978 0 : int index = -1;
1979 :
1980 0 : mutex_lock(&tty_mutex);
1981 0 : driver = tty_lookup_driver(device, NULL, &index);
1982 0 : if (IS_ERR(driver)) {
1983 0 : mutex_unlock(&tty_mutex);
1984 0 : return ERR_CAST(driver);
1985 : }
1986 :
1987 : /* check whether we're reopening an existing tty */
1988 0 : tty = tty_driver_lookup_tty(driver, NULL, index);
1989 0 : if (IS_ERR(tty) || shared)
1990 0 : goto out;
1991 :
1992 0 : if (tty) {
1993 : /* drop kref from tty_driver_lookup_tty() */
1994 0 : tty_kref_put(tty);
1995 0 : tty = ERR_PTR(-EBUSY);
1996 : } else { /* tty_init_dev returns tty with the tty_lock held */
1997 0 : tty = tty_init_dev(driver, index);
1998 0 : if (IS_ERR(tty))
1999 0 : goto out;
2000 0 : tty_port_set_kopened(tty->port, 1);
2001 : }
2002 0 : out:
2003 0 : mutex_unlock(&tty_mutex);
2004 0 : tty_driver_kref_put(driver);
2005 0 : return tty;
2006 : }
2007 :
2008 : /**
2009 : * tty_kopen_exclusive - open a tty device for kernel
2010 : * @device: dev_t of device to open
2011 : *
2012 : * Opens tty exclusively for kernel. Performs the driver lookup,
2013 : * makes sure it's not already opened and performs the first-time
2014 : * tty initialization.
2015 : *
2016 : * Returns the locked initialized &tty_struct
2017 : *
2018 : * Claims the global tty_mutex to serialize:
2019 : * - concurrent first-time tty initialization
2020 : * - concurrent tty driver removal w/ lookup
2021 : * - concurrent tty removal from driver table
2022 : */
2023 0 : struct tty_struct *tty_kopen_exclusive(dev_t device)
2024 : {
2025 0 : return tty_kopen(device, 0);
2026 : }
2027 : EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2028 :
2029 : /**
2030 : * tty_kopen_shared - open a tty device for shared in-kernel use
2031 : * @device: dev_t of device to open
2032 : *
2033 : * Opens an already existing tty for in-kernel use. Compared to
2034 : * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2035 : *
2036 : * Locking is identical to tty_kopen() above.
2037 : */
2038 0 : struct tty_struct *tty_kopen_shared(dev_t device)
2039 : {
2040 0 : return tty_kopen(device, 1);
2041 : }
2042 : EXPORT_SYMBOL_GPL(tty_kopen_shared);
2043 :
2044 : /**
2045 : * tty_open_by_driver - open a tty device
2046 : * @device: dev_t of device to open
2047 : * @filp: file pointer to tty
2048 : *
2049 : * Performs the driver lookup, checks for a reopen, or otherwise
2050 : * performs the first-time tty initialization.
2051 : *
2052 : * Returns the locked initialized or re-opened &tty_struct
2053 : *
2054 : * Claims the global tty_mutex to serialize:
2055 : * - concurrent first-time tty initialization
2056 : * - concurrent tty driver removal w/ lookup
2057 : * - concurrent tty removal from driver table
2058 : */
2059 176 : static struct tty_struct *tty_open_by_driver(dev_t device,
2060 : struct file *filp)
2061 : {
2062 176 : struct tty_struct *tty;
2063 176 : struct tty_driver *driver = NULL;
2064 176 : int index = -1;
2065 176 : int retval;
2066 :
2067 176 : mutex_lock(&tty_mutex);
2068 176 : driver = tty_lookup_driver(device, filp, &index);
2069 176 : if (IS_ERR(driver)) {
2070 0 : mutex_unlock(&tty_mutex);
2071 0 : return ERR_CAST(driver);
2072 : }
2073 :
2074 : /* check whether we're reopening an existing tty */
2075 176 : tty = tty_driver_lookup_tty(driver, filp, index);
2076 176 : if (IS_ERR(tty)) {
2077 0 : mutex_unlock(&tty_mutex);
2078 0 : goto out;
2079 : }
2080 :
2081 176 : if (tty) {
2082 13 : if (tty_port_kopened(tty->port)) {
2083 0 : tty_kref_put(tty);
2084 0 : mutex_unlock(&tty_mutex);
2085 0 : tty = ERR_PTR(-EBUSY);
2086 0 : goto out;
2087 : }
2088 13 : mutex_unlock(&tty_mutex);
2089 13 : retval = tty_lock_interruptible(tty);
2090 13 : tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2091 13 : if (retval) {
2092 0 : if (retval == -EINTR)
2093 0 : retval = -ERESTARTSYS;
2094 0 : tty = ERR_PTR(retval);
2095 0 : goto out;
2096 : }
2097 13 : retval = tty_reopen(tty);
2098 13 : if (retval < 0) {
2099 0 : tty_unlock(tty);
2100 0 : tty = ERR_PTR(retval);
2101 : }
2102 : } else { /* Returns with the tty_lock held for now */
2103 163 : tty = tty_init_dev(driver, index);
2104 163 : mutex_unlock(&tty_mutex);
2105 : }
2106 176 : out:
2107 176 : tty_driver_kref_put(driver);
2108 176 : return tty;
2109 : }
2110 :
2111 : /**
2112 : * tty_open - open a tty device
2113 : * @inode: inode of device file
2114 : * @filp: file pointer to tty
2115 : *
2116 : * tty_open and tty_release keep up the tty count that contains the
2117 : * number of opens done on a tty. We cannot use the inode-count, as
2118 : * different inodes might point to the same tty.
2119 : *
2120 : * Open-counting is needed for pty masters, as well as for keeping
2121 : * track of serial lines: DTR is dropped when the last close happens.
2122 : * (This is not done solely through tty->count, now. - Ted 1/27/92)
2123 : *
2124 : * The termios state of a pty is reset on first open so that
2125 : * settings don't persist across reuse.
2126 : *
2127 : * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2128 : * tty->count should protect the rest.
2129 : * ->siglock protects ->signal/->sighand
2130 : *
2131 : * Note: the tty_unlock/lock cases without a ref are only safe due to
2132 : * tty_mutex
2133 : */
2134 :
2135 194 : static int tty_open(struct inode *inode, struct file *filp)
2136 : {
2137 194 : struct tty_struct *tty;
2138 194 : int noctty, retval;
2139 194 : dev_t device = inode->i_rdev;
2140 194 : unsigned saved_flags = filp->f_flags;
2141 :
2142 194 : nonseekable_open(inode, filp);
2143 :
2144 : retry_open:
2145 194 : retval = tty_alloc_file(filp);
2146 194 : if (retval)
2147 : return -ENOMEM;
2148 :
2149 194 : tty = tty_open_current_tty(device, filp);
2150 194 : if (!tty)
2151 176 : tty = tty_open_by_driver(device, filp);
2152 :
2153 194 : if (IS_ERR(tty)) {
2154 18 : tty_free_file(filp);
2155 18 : retval = PTR_ERR(tty);
2156 18 : if (retval != -EAGAIN || signal_pending(current))
2157 18 : return retval;
2158 0 : schedule();
2159 0 : goto retry_open;
2160 : }
2161 :
2162 176 : tty_add_file(tty, filp);
2163 :
2164 176 : check_tty_count(tty, __func__);
2165 176 : tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2166 :
2167 176 : if (tty->ops->open)
2168 176 : retval = tty->ops->open(tty, filp);
2169 : else
2170 : retval = -ENODEV;
2171 176 : filp->f_flags = saved_flags;
2172 :
2173 176 : if (retval) {
2174 0 : tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2175 :
2176 0 : tty_unlock(tty); /* need to call tty_release without BTM */
2177 0 : tty_release(inode, filp);
2178 0 : if (retval != -ERESTARTSYS)
2179 0 : return retval;
2180 :
2181 0 : if (signal_pending(current))
2182 : return retval;
2183 :
2184 0 : schedule();
2185 : /*
2186 : * Need to reset f_op in case a hangup happened.
2187 : */
2188 0 : if (tty_hung_up_p(filp))
2189 0 : filp->f_op = &tty_fops;
2190 0 : goto retry_open;
2191 : }
2192 176 : clear_bit(TTY_HUPPED, &tty->flags);
2193 :
2194 376 : noctty = (filp->f_flags & O_NOCTTY) ||
2195 29 : (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2196 176 : device == MKDEV(TTYAUX_MAJOR, 1) ||
2197 24 : (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2198 : tty->driver->subtype == PTY_TYPE_MASTER);
2199 24 : if (!noctty)
2200 24 : tty_open_proc_set_tty(filp, tty);
2201 176 : tty_unlock(tty);
2202 176 : return 0;
2203 : }
2204 :
2205 :
2206 :
2207 : /**
2208 : * tty_poll - check tty status
2209 : * @filp: file being polled
2210 : * @wait: poll wait structures to update
2211 : *
2212 : * Call the line discipline polling method to obtain the poll
2213 : * status of the device.
2214 : *
2215 : * Locking: locks called line discipline but ldisc poll method
2216 : * may be re-entered freely by other callers.
2217 : */
2218 :
2219 1 : static __poll_t tty_poll(struct file *filp, poll_table *wait)
2220 : {
2221 1 : struct tty_struct *tty = file_tty(filp);
2222 1 : struct tty_ldisc *ld;
2223 1 : __poll_t ret = 0;
2224 :
2225 1 : if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2226 : return 0;
2227 :
2228 1 : ld = tty_ldisc_ref_wait(tty);
2229 1 : if (!ld)
2230 1 : return hung_up_tty_poll(filp, wait);
2231 1 : if (ld->ops->poll)
2232 1 : ret = ld->ops->poll(tty, filp, wait);
2233 1 : tty_ldisc_deref(ld);
2234 1 : return ret;
2235 : }
2236 :
2237 175 : static int __tty_fasync(int fd, struct file *filp, int on)
2238 : {
2239 175 : struct tty_struct *tty = file_tty(filp);
2240 175 : unsigned long flags;
2241 175 : int retval = 0;
2242 :
2243 175 : if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2244 0 : goto out;
2245 :
2246 175 : retval = fasync_helper(fd, filp, on, &tty->fasync);
2247 175 : if (retval <= 0)
2248 175 : goto out;
2249 :
2250 0 : if (on) {
2251 0 : enum pid_type type;
2252 0 : struct pid *pid;
2253 :
2254 0 : spin_lock_irqsave(&tty->ctrl_lock, flags);
2255 0 : if (tty->pgrp) {
2256 : pid = tty->pgrp;
2257 : type = PIDTYPE_PGID;
2258 : } else {
2259 0 : pid = task_pid(current);
2260 0 : type = PIDTYPE_TGID;
2261 : }
2262 0 : get_pid(pid);
2263 0 : spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2264 0 : __f_setown(filp, pid, type, 0);
2265 0 : put_pid(pid);
2266 0 : retval = 0;
2267 : }
2268 0 : out:
2269 175 : return retval;
2270 : }
2271 :
2272 0 : static int tty_fasync(int fd, struct file *filp, int on)
2273 : {
2274 0 : struct tty_struct *tty = file_tty(filp);
2275 0 : int retval = -ENOTTY;
2276 :
2277 0 : tty_lock(tty);
2278 0 : if (!tty_hung_up_p(filp))
2279 0 : retval = __tty_fasync(fd, filp, on);
2280 0 : tty_unlock(tty);
2281 :
2282 0 : return retval;
2283 : }
2284 :
2285 : /**
2286 : * tiocsti - fake input character
2287 : * @tty: tty to fake input into
2288 : * @p: pointer to character
2289 : *
2290 : * Fake input to a tty device. Does the necessary locking and
2291 : * input management.
2292 : *
2293 : * FIXME: does not honour flow control ??
2294 : *
2295 : * Locking:
2296 : * Called functions take tty_ldiscs_lock
2297 : * current->signal->tty check is safe without locks
2298 : *
2299 : * FIXME: may race normal receive processing
2300 : */
2301 :
2302 0 : static int tiocsti(struct tty_struct *tty, char __user *p)
2303 : {
2304 0 : char ch, mbz = 0;
2305 0 : struct tty_ldisc *ld;
2306 :
2307 0 : if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2308 : return -EPERM;
2309 0 : if (get_user(ch, p))
2310 : return -EFAULT;
2311 0 : tty_audit_tiocsti(tty, ch);
2312 0 : ld = tty_ldisc_ref_wait(tty);
2313 0 : if (!ld)
2314 : return -EIO;
2315 0 : if (ld->ops->receive_buf)
2316 0 : ld->ops->receive_buf(tty, &ch, &mbz, 1);
2317 0 : tty_ldisc_deref(ld);
2318 0 : return 0;
2319 : }
2320 :
2321 : /**
2322 : * tiocgwinsz - implement window query ioctl
2323 : * @tty: tty
2324 : * @arg: user buffer for result
2325 : *
2326 : * Copies the kernel idea of the window size into the user buffer.
2327 : *
2328 : * Locking: tty->winsize_mutex is taken to ensure the winsize data
2329 : * is consistent.
2330 : */
2331 :
2332 129 : static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2333 : {
2334 129 : int err;
2335 :
2336 129 : mutex_lock(&tty->winsize_mutex);
2337 129 : err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2338 129 : mutex_unlock(&tty->winsize_mutex);
2339 :
2340 129 : return err ? -EFAULT: 0;
2341 : }
2342 :
2343 : /**
2344 : * tty_do_resize - resize event
2345 : * @tty: tty being resized
2346 : * @ws: new dimensions
2347 : *
2348 : * Update the termios variables and send the necessary signals to
2349 : * peform a terminal resize correctly
2350 : */
2351 :
2352 0 : int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2353 : {
2354 0 : struct pid *pgrp;
2355 :
2356 : /* Lock the tty */
2357 0 : mutex_lock(&tty->winsize_mutex);
2358 0 : if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2359 0 : goto done;
2360 :
2361 : /* Signal the foreground process group */
2362 0 : pgrp = tty_get_pgrp(tty);
2363 0 : if (pgrp)
2364 0 : kill_pgrp(pgrp, SIGWINCH, 1);
2365 0 : put_pid(pgrp);
2366 :
2367 0 : tty->winsize = *ws;
2368 0 : done:
2369 0 : mutex_unlock(&tty->winsize_mutex);
2370 0 : return 0;
2371 : }
2372 : EXPORT_SYMBOL(tty_do_resize);
2373 :
2374 : /**
2375 : * tiocswinsz - implement window size set ioctl
2376 : * @tty: tty side of tty
2377 : * @arg: user buffer for result
2378 : *
2379 : * Copies the user idea of the window size to the kernel. Traditionally
2380 : * this is just advisory information but for the Linux console it
2381 : * actually has driver level meaning and triggers a VC resize.
2382 : *
2383 : * Locking:
2384 : * Driver dependent. The default do_resize method takes the
2385 : * tty termios mutex and ctrl_lock. The console takes its own lock
2386 : * then calls into the default method.
2387 : */
2388 :
2389 0 : static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2390 : {
2391 0 : struct winsize tmp_ws;
2392 0 : if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2393 : return -EFAULT;
2394 :
2395 0 : if (tty->ops->resize)
2396 0 : return tty->ops->resize(tty, &tmp_ws);
2397 : else
2398 0 : return tty_do_resize(tty, &tmp_ws);
2399 : }
2400 :
2401 : /**
2402 : * tioccons - allow admin to move logical console
2403 : * @file: the file to become console
2404 : *
2405 : * Allow the administrator to move the redirected console device
2406 : *
2407 : * Locking: uses redirect_lock to guard the redirect information
2408 : */
2409 :
2410 0 : static int tioccons(struct file *file)
2411 : {
2412 0 : if (!capable(CAP_SYS_ADMIN))
2413 : return -EPERM;
2414 0 : if (file->f_op->write_iter == redirected_tty_write) {
2415 0 : struct file *f;
2416 0 : spin_lock(&redirect_lock);
2417 0 : f = redirect;
2418 0 : redirect = NULL;
2419 0 : spin_unlock(&redirect_lock);
2420 0 : if (f)
2421 0 : fput(f);
2422 0 : return 0;
2423 : }
2424 0 : if (file->f_op->write_iter != tty_write)
2425 : return -ENOTTY;
2426 0 : if (!(file->f_mode & FMODE_WRITE))
2427 : return -EBADF;
2428 0 : if (!(file->f_mode & FMODE_CAN_WRITE))
2429 : return -EINVAL;
2430 0 : spin_lock(&redirect_lock);
2431 0 : if (redirect) {
2432 0 : spin_unlock(&redirect_lock);
2433 0 : return -EBUSY;
2434 : }
2435 0 : redirect = get_file(file);
2436 0 : spin_unlock(&redirect_lock);
2437 0 : return 0;
2438 : }
2439 :
2440 : /**
2441 : * tiocsetd - set line discipline
2442 : * @tty: tty device
2443 : * @p: pointer to user data
2444 : *
2445 : * Set the line discipline according to user request.
2446 : *
2447 : * Locking: see tty_set_ldisc, this function is just a helper
2448 : */
2449 :
2450 0 : static int tiocsetd(struct tty_struct *tty, int __user *p)
2451 : {
2452 0 : int disc;
2453 0 : int ret;
2454 :
2455 0 : if (get_user(disc, p))
2456 : return -EFAULT;
2457 :
2458 0 : ret = tty_set_ldisc(tty, disc);
2459 :
2460 0 : return ret;
2461 : }
2462 :
2463 : /**
2464 : * tiocgetd - get line discipline
2465 : * @tty: tty device
2466 : * @p: pointer to user data
2467 : *
2468 : * Retrieves the line discipline id directly from the ldisc.
2469 : *
2470 : * Locking: waits for ldisc reference (in case the line discipline
2471 : * is changing or the tty is being hungup)
2472 : */
2473 :
2474 0 : static int tiocgetd(struct tty_struct *tty, int __user *p)
2475 : {
2476 0 : struct tty_ldisc *ld;
2477 0 : int ret;
2478 :
2479 0 : ld = tty_ldisc_ref_wait(tty);
2480 0 : if (!ld)
2481 : return -EIO;
2482 0 : ret = put_user(ld->ops->num, p);
2483 0 : tty_ldisc_deref(ld);
2484 0 : return ret;
2485 : }
2486 :
2487 : /**
2488 : * send_break - performed time break
2489 : * @tty: device to break on
2490 : * @duration: timeout in mS
2491 : *
2492 : * Perform a timed break on hardware that lacks its own driver level
2493 : * timed break functionality.
2494 : *
2495 : * Locking:
2496 : * atomic_write_lock serializes
2497 : *
2498 : */
2499 :
2500 0 : static int send_break(struct tty_struct *tty, unsigned int duration)
2501 : {
2502 0 : int retval;
2503 :
2504 0 : if (tty->ops->break_ctl == NULL)
2505 : return 0;
2506 :
2507 0 : if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2508 0 : retval = tty->ops->break_ctl(tty, duration);
2509 : else {
2510 : /* Do the work ourselves */
2511 0 : if (tty_write_lock(tty, 0) < 0)
2512 : return -EINTR;
2513 0 : retval = tty->ops->break_ctl(tty, -1);
2514 0 : if (retval)
2515 0 : goto out;
2516 0 : if (!signal_pending(current))
2517 0 : msleep_interruptible(duration);
2518 0 : retval = tty->ops->break_ctl(tty, 0);
2519 0 : out:
2520 0 : tty_write_unlock(tty);
2521 0 : if (signal_pending(current))
2522 0 : retval = -EINTR;
2523 : }
2524 : return retval;
2525 : }
2526 :
2527 : /**
2528 : * tty_tiocmget - get modem status
2529 : * @tty: tty device
2530 : * @p: pointer to result
2531 : *
2532 : * Obtain the modem status bits from the tty driver if the feature
2533 : * is supported. Return -EINVAL if it is not available.
2534 : *
2535 : * Locking: none (up to the driver)
2536 : */
2537 :
2538 0 : static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2539 : {
2540 0 : int retval = -EINVAL;
2541 :
2542 0 : if (tty->ops->tiocmget) {
2543 0 : retval = tty->ops->tiocmget(tty);
2544 :
2545 0 : if (retval >= 0)
2546 0 : retval = put_user(retval, p);
2547 : }
2548 0 : return retval;
2549 : }
2550 :
2551 : /**
2552 : * tty_tiocmset - set modem status
2553 : * @tty: tty device
2554 : * @cmd: command - clear bits, set bits or set all
2555 : * @p: pointer to desired bits
2556 : *
2557 : * Set the modem status bits from the tty driver if the feature
2558 : * is supported. Return -EINVAL if it is not available.
2559 : *
2560 : * Locking: none (up to the driver)
2561 : */
2562 :
2563 0 : static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2564 : unsigned __user *p)
2565 : {
2566 0 : int retval;
2567 0 : unsigned int set, clear, val;
2568 :
2569 0 : if (tty->ops->tiocmset == NULL)
2570 : return -EINVAL;
2571 :
2572 0 : retval = get_user(val, p);
2573 0 : if (retval)
2574 : return retval;
2575 0 : set = clear = 0;
2576 0 : switch (cmd) {
2577 0 : case TIOCMBIS:
2578 0 : set = val;
2579 0 : break;
2580 0 : case TIOCMBIC:
2581 0 : clear = val;
2582 0 : break;
2583 0 : case TIOCMSET:
2584 0 : set = val;
2585 0 : clear = ~val;
2586 0 : break;
2587 : }
2588 0 : set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2589 0 : clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2590 0 : return tty->ops->tiocmset(tty, set, clear);
2591 : }
2592 :
2593 : /**
2594 : * tty_get_icount - get tty statistics
2595 : * @tty: tty device
2596 : * @icount: output parameter
2597 : *
2598 : * Gets a copy of the tty's icount statistics.
2599 : *
2600 : * Locking: none (up to the driver)
2601 : */
2602 0 : int tty_get_icount(struct tty_struct *tty,
2603 : struct serial_icounter_struct *icount)
2604 : {
2605 0 : memset(icount, 0, sizeof(*icount));
2606 :
2607 0 : if (tty->ops->get_icount)
2608 0 : return tty->ops->get_icount(tty, icount);
2609 : else
2610 : return -EINVAL;
2611 : }
2612 : EXPORT_SYMBOL_GPL(tty_get_icount);
2613 :
2614 0 : static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2615 : {
2616 0 : struct serial_icounter_struct icount;
2617 0 : int retval;
2618 :
2619 0 : retval = tty_get_icount(tty, &icount);
2620 0 : if (retval != 0)
2621 : return retval;
2622 :
2623 0 : if (copy_to_user(arg, &icount, sizeof(icount)))
2624 0 : return -EFAULT;
2625 : return 0;
2626 : }
2627 :
2628 0 : static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2629 : {
2630 0 : static DEFINE_RATELIMIT_STATE(depr_flags,
2631 : DEFAULT_RATELIMIT_INTERVAL,
2632 : DEFAULT_RATELIMIT_BURST);
2633 0 : char comm[TASK_COMM_LEN];
2634 0 : struct serial_struct v;
2635 0 : int flags;
2636 :
2637 0 : if (copy_from_user(&v, ss, sizeof(*ss)))
2638 : return -EFAULT;
2639 :
2640 0 : flags = v.flags & ASYNC_DEPRECATED;
2641 :
2642 0 : if (flags && __ratelimit(&depr_flags))
2643 0 : pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2644 : __func__, get_task_comm(comm, current), flags);
2645 0 : if (!tty->ops->set_serial)
2646 : return -ENOTTY;
2647 0 : return tty->ops->set_serial(tty, &v);
2648 : }
2649 :
2650 0 : static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2651 : {
2652 0 : struct serial_struct v;
2653 0 : int err;
2654 :
2655 0 : memset(&v, 0, sizeof(v));
2656 0 : if (!tty->ops->get_serial)
2657 : return -ENOTTY;
2658 0 : err = tty->ops->get_serial(tty, &v);
2659 0 : if (!err && copy_to_user(ss, &v, sizeof(v)))
2660 0 : err = -EFAULT;
2661 : return err;
2662 : }
2663 :
2664 : /*
2665 : * if pty, return the slave side (real_tty)
2666 : * otherwise, return self
2667 : */
2668 14316 : static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2669 : {
2670 14316 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2671 : tty->driver->subtype == PTY_TYPE_MASTER)
2672 0 : tty = tty->link;
2673 14316 : return tty;
2674 : }
2675 :
2676 : /*
2677 : * Split this up, as gcc can choke on it otherwise..
2678 : */
2679 14316 : long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2680 : {
2681 14316 : struct tty_struct *tty = file_tty(file);
2682 14316 : struct tty_struct *real_tty;
2683 14316 : void __user *p = (void __user *)arg;
2684 14316 : int retval;
2685 14316 : struct tty_ldisc *ld;
2686 :
2687 14316 : if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2688 : return -EINVAL;
2689 :
2690 14316 : real_tty = tty_pair_get_tty(tty);
2691 :
2692 : /*
2693 : * Factor out some common prep work
2694 : */
2695 14316 : switch (cmd) {
2696 0 : case TIOCSETD:
2697 : case TIOCSBRK:
2698 : case TIOCCBRK:
2699 : case TCSBRK:
2700 : case TCSBRKP:
2701 0 : retval = tty_check_change(tty);
2702 0 : if (retval)
2703 0 : return retval;
2704 0 : if (cmd != TIOCCBRK) {
2705 0 : tty_wait_until_sent(tty, 0);
2706 0 : if (signal_pending(current))
2707 : return -EINTR;
2708 : }
2709 : break;
2710 : }
2711 :
2712 : /*
2713 : * Now do the stuff.
2714 : */
2715 14316 : switch (cmd) {
2716 0 : case TIOCSTI:
2717 0 : return tiocsti(tty, p);
2718 129 : case TIOCGWINSZ:
2719 129 : return tiocgwinsz(real_tty, p);
2720 0 : case TIOCSWINSZ:
2721 0 : return tiocswinsz(real_tty, p);
2722 0 : case TIOCCONS:
2723 0 : return real_tty != tty ? -EINVAL : tioccons(file);
2724 0 : case TIOCEXCL:
2725 0 : set_bit(TTY_EXCLUSIVE, &tty->flags);
2726 0 : return 0;
2727 2 : case TIOCNXCL:
2728 2 : clear_bit(TTY_EXCLUSIVE, &tty->flags);
2729 2 : return 0;
2730 0 : case TIOCGEXCL:
2731 : {
2732 0 : int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2733 0 : return put_user(excl, (int __user *)p);
2734 : }
2735 0 : case TIOCGETD:
2736 0 : return tiocgetd(tty, p);
2737 0 : case TIOCSETD:
2738 0 : return tiocsetd(tty, p);
2739 1 : case TIOCVHANGUP:
2740 1 : if (!capable(CAP_SYS_ADMIN))
2741 : return -EPERM;
2742 1 : tty_vhangup(tty);
2743 1 : return 0;
2744 : case TIOCGDEV:
2745 : {
2746 0 : unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2747 0 : return put_user(ret, (unsigned int __user *)p);
2748 : }
2749 : /*
2750 : * Break handling
2751 : */
2752 0 : case TIOCSBRK: /* Turn break on, unconditionally */
2753 0 : if (tty->ops->break_ctl)
2754 0 : return tty->ops->break_ctl(tty, -1);
2755 : return 0;
2756 0 : case TIOCCBRK: /* Turn break off, unconditionally */
2757 0 : if (tty->ops->break_ctl)
2758 0 : return tty->ops->break_ctl(tty, 0);
2759 : return 0;
2760 0 : case TCSBRK: /* SVID version: non-zero arg --> no break */
2761 : /* non-zero arg means wait for all output data
2762 : * to be sent (performed above) but don't send break.
2763 : * This is used by the tcdrain() termios function.
2764 : */
2765 0 : if (!arg)
2766 0 : return send_break(tty, 250);
2767 : return 0;
2768 0 : case TCSBRKP: /* support for POSIX tcsendbreak() */
2769 0 : return send_break(tty, arg ? arg*100 : 250);
2770 :
2771 0 : case TIOCMGET:
2772 0 : return tty_tiocmget(tty, p);
2773 0 : case TIOCMSET:
2774 : case TIOCMBIC:
2775 : case TIOCMBIS:
2776 0 : return tty_tiocmset(tty, cmd, p);
2777 0 : case TIOCGICOUNT:
2778 0 : return tty_tiocgicount(tty, p);
2779 3 : case TCFLSH:
2780 3 : switch (arg) {
2781 3 : case TCIFLUSH:
2782 : case TCIOFLUSH:
2783 : /* flush tty buffer and allow ldisc to process ioctl */
2784 3 : tty_buffer_flush(tty, NULL);
2785 3 : break;
2786 : }
2787 : break;
2788 0 : case TIOCSSERIAL:
2789 0 : return tty_tiocsserial(tty, p);
2790 0 : case TIOCGSERIAL:
2791 0 : return tty_tiocgserial(tty, p);
2792 0 : case TIOCGPTPEER:
2793 : /* Special because the struct file is needed */
2794 0 : return ptm_open_peer(file, tty, (int)arg);
2795 14181 : default:
2796 14181 : retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2797 14181 : if (retval != -ENOIOCTLCMD)
2798 6 : return retval;
2799 : }
2800 14178 : if (tty->ops->ioctl) {
2801 14178 : retval = tty->ops->ioctl(tty, cmd, arg);
2802 14178 : if (retval != -ENOIOCTLCMD)
2803 14005 : return retval;
2804 : }
2805 173 : ld = tty_ldisc_ref_wait(tty);
2806 173 : if (!ld)
2807 0 : return hung_up_tty_ioctl(file, cmd, arg);
2808 173 : retval = -EINVAL;
2809 173 : if (ld->ops->ioctl) {
2810 173 : retval = ld->ops->ioctl(tty, file, cmd, arg);
2811 173 : if (retval == -ENOIOCTLCMD)
2812 2 : retval = -ENOTTY;
2813 : }
2814 173 : tty_ldisc_deref(ld);
2815 173 : return retval;
2816 : }
2817 :
2818 : #ifdef CONFIG_COMPAT
2819 :
2820 : struct serial_struct32 {
2821 : compat_int_t type;
2822 : compat_int_t line;
2823 : compat_uint_t port;
2824 : compat_int_t irq;
2825 : compat_int_t flags;
2826 : compat_int_t xmit_fifo_size;
2827 : compat_int_t custom_divisor;
2828 : compat_int_t baud_base;
2829 : unsigned short close_delay;
2830 : char io_type;
2831 : char reserved_char;
2832 : compat_int_t hub6;
2833 : unsigned short closing_wait; /* time to wait before closing */
2834 : unsigned short closing_wait2; /* no longer used... */
2835 : compat_uint_t iomem_base;
2836 : unsigned short iomem_reg_shift;
2837 : unsigned int port_high;
2838 : /* compat_ulong_t iomap_base FIXME */
2839 : compat_int_t reserved;
2840 : };
2841 :
2842 0 : static int compat_tty_tiocsserial(struct tty_struct *tty,
2843 : struct serial_struct32 __user *ss)
2844 : {
2845 0 : static DEFINE_RATELIMIT_STATE(depr_flags,
2846 : DEFAULT_RATELIMIT_INTERVAL,
2847 : DEFAULT_RATELIMIT_BURST);
2848 0 : char comm[TASK_COMM_LEN];
2849 0 : struct serial_struct32 v32;
2850 0 : struct serial_struct v;
2851 0 : int flags;
2852 :
2853 0 : if (copy_from_user(&v32, ss, sizeof(*ss)))
2854 : return -EFAULT;
2855 :
2856 0 : memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2857 0 : v.iomem_base = compat_ptr(v32.iomem_base);
2858 0 : v.iomem_reg_shift = v32.iomem_reg_shift;
2859 0 : v.port_high = v32.port_high;
2860 0 : v.iomap_base = 0;
2861 :
2862 0 : flags = v.flags & ASYNC_DEPRECATED;
2863 :
2864 0 : if (flags && __ratelimit(&depr_flags))
2865 0 : pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2866 : __func__, get_task_comm(comm, current), flags);
2867 0 : if (!tty->ops->set_serial)
2868 : return -ENOTTY;
2869 0 : return tty->ops->set_serial(tty, &v);
2870 : }
2871 :
2872 0 : static int compat_tty_tiocgserial(struct tty_struct *tty,
2873 : struct serial_struct32 __user *ss)
2874 : {
2875 0 : struct serial_struct32 v32;
2876 0 : struct serial_struct v;
2877 0 : int err;
2878 :
2879 0 : memset(&v, 0, sizeof(v));
2880 0 : memset(&v32, 0, sizeof(v32));
2881 :
2882 0 : if (!tty->ops->get_serial)
2883 : return -ENOTTY;
2884 0 : err = tty->ops->get_serial(tty, &v);
2885 0 : if (!err) {
2886 0 : memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2887 0 : v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2888 0 : 0xfffffff : ptr_to_compat(v.iomem_base);
2889 0 : v32.iomem_reg_shift = v.iomem_reg_shift;
2890 0 : v32.port_high = v.port_high;
2891 0 : if (copy_to_user(ss, &v32, sizeof(v32)))
2892 0 : err = -EFAULT;
2893 : }
2894 : return err;
2895 : }
2896 0 : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2897 : unsigned long arg)
2898 : {
2899 0 : struct tty_struct *tty = file_tty(file);
2900 0 : struct tty_ldisc *ld;
2901 0 : int retval = -ENOIOCTLCMD;
2902 :
2903 0 : switch (cmd) {
2904 0 : case TIOCOUTQ:
2905 : case TIOCSTI:
2906 : case TIOCGWINSZ:
2907 : case TIOCSWINSZ:
2908 : case TIOCGEXCL:
2909 : case TIOCGETD:
2910 : case TIOCSETD:
2911 : case TIOCGDEV:
2912 : case TIOCMGET:
2913 : case TIOCMSET:
2914 : case TIOCMBIC:
2915 : case TIOCMBIS:
2916 : case TIOCGICOUNT:
2917 : case TIOCGPGRP:
2918 : case TIOCSPGRP:
2919 : case TIOCGSID:
2920 : case TIOCSERGETLSR:
2921 : case TIOCGRS485:
2922 : case TIOCSRS485:
2923 : #ifdef TIOCGETP
2924 : case TIOCGETP:
2925 : case TIOCSETP:
2926 : case TIOCSETN:
2927 : #endif
2928 : #ifdef TIOCGETC
2929 : case TIOCGETC:
2930 : case TIOCSETC:
2931 : #endif
2932 : #ifdef TIOCGLTC
2933 : case TIOCGLTC:
2934 : case TIOCSLTC:
2935 : #endif
2936 : case TCSETSF:
2937 : case TCSETSW:
2938 : case TCSETS:
2939 : case TCGETS:
2940 : #ifdef TCGETS2
2941 : case TCGETS2:
2942 : case TCSETSF2:
2943 : case TCSETSW2:
2944 : case TCSETS2:
2945 : #endif
2946 : case TCGETA:
2947 : case TCSETAF:
2948 : case TCSETAW:
2949 : case TCSETA:
2950 : case TIOCGLCKTRMIOS:
2951 : case TIOCSLCKTRMIOS:
2952 : #ifdef TCGETX
2953 : case TCGETX:
2954 : case TCSETX:
2955 : case TCSETXW:
2956 : case TCSETXF:
2957 : #endif
2958 : case TIOCGSOFTCAR:
2959 : case TIOCSSOFTCAR:
2960 :
2961 : case PPPIOCGCHAN:
2962 : case PPPIOCGUNIT:
2963 0 : return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2964 0 : case TIOCCONS:
2965 : case TIOCEXCL:
2966 : case TIOCNXCL:
2967 : case TIOCVHANGUP:
2968 : case TIOCSBRK:
2969 : case TIOCCBRK:
2970 : case TCSBRK:
2971 : case TCSBRKP:
2972 : case TCFLSH:
2973 : case TIOCGPTPEER:
2974 : case TIOCNOTTY:
2975 : case TIOCSCTTY:
2976 : case TCXONC:
2977 : case TIOCMIWAIT:
2978 : case TIOCSERCONFIG:
2979 0 : return tty_ioctl(file, cmd, arg);
2980 : }
2981 :
2982 0 : if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2983 : return -EINVAL;
2984 :
2985 0 : switch (cmd) {
2986 0 : case TIOCSSERIAL:
2987 0 : return compat_tty_tiocsserial(tty, compat_ptr(arg));
2988 0 : case TIOCGSERIAL:
2989 0 : return compat_tty_tiocgserial(tty, compat_ptr(arg));
2990 : }
2991 0 : if (tty->ops->compat_ioctl) {
2992 0 : retval = tty->ops->compat_ioctl(tty, cmd, arg);
2993 0 : if (retval != -ENOIOCTLCMD)
2994 0 : return retval;
2995 : }
2996 :
2997 0 : ld = tty_ldisc_ref_wait(tty);
2998 0 : if (!ld)
2999 0 : return hung_up_tty_compat_ioctl(file, cmd, arg);
3000 0 : if (ld->ops->compat_ioctl)
3001 0 : retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
3002 0 : if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
3003 0 : retval = ld->ops->ioctl(tty, file,
3004 0 : (unsigned long)compat_ptr(cmd), arg);
3005 0 : tty_ldisc_deref(ld);
3006 :
3007 0 : return retval;
3008 : }
3009 : #endif
3010 :
3011 0 : static int this_tty(const void *t, struct file *file, unsigned fd)
3012 : {
3013 0 : if (likely(file->f_op->read_iter != tty_read))
3014 : return 0;
3015 0 : return file_tty(file) != t ? 0 : fd + 1;
3016 : }
3017 :
3018 : /*
3019 : * This implements the "Secure Attention Key" --- the idea is to
3020 : * prevent trojan horses by killing all processes associated with this
3021 : * tty when the user hits the "Secure Attention Key". Required for
3022 : * super-paranoid applications --- see the Orange Book for more details.
3023 : *
3024 : * This code could be nicer; ideally it should send a HUP, wait a few
3025 : * seconds, then send a INT, and then a KILL signal. But you then
3026 : * have to coordinate with the init process, since all processes associated
3027 : * with the current tty must be dead before the new getty is allowed
3028 : * to spawn.
3029 : *
3030 : * Now, if it would be correct ;-/ The current code has a nasty hole -
3031 : * it doesn't catch files in flight. We may send the descriptor to ourselves
3032 : * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3033 : *
3034 : * Nasty bug: do_SAK is being called in interrupt context. This can
3035 : * deadlock. We punt it up to process context. AKPM - 16Mar2001
3036 : */
3037 0 : void __do_SAK(struct tty_struct *tty)
3038 : {
3039 : #ifdef TTY_SOFT_SAK
3040 : tty_hangup(tty);
3041 : #else
3042 0 : struct task_struct *g, *p;
3043 0 : struct pid *session;
3044 0 : int i;
3045 0 : unsigned long flags;
3046 :
3047 0 : if (!tty)
3048 : return;
3049 :
3050 0 : spin_lock_irqsave(&tty->ctrl_lock, flags);
3051 0 : session = get_pid(tty->session);
3052 0 : spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3053 :
3054 0 : tty_ldisc_flush(tty);
3055 :
3056 0 : tty_driver_flush_buffer(tty);
3057 :
3058 0 : read_lock(&tasklist_lock);
3059 : /* Kill the entire session */
3060 0 : do_each_pid_task(session, PIDTYPE_SID, p) {
3061 0 : tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3062 : task_pid_nr(p), p->comm);
3063 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3064 0 : } while_each_pid_task(session, PIDTYPE_SID, p);
3065 :
3066 : /* Now kill any processes that happen to have the tty open */
3067 0 : do_each_thread(g, p) {
3068 0 : if (p->signal->tty == tty) {
3069 0 : tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3070 : task_pid_nr(p), p->comm);
3071 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3072 0 : continue;
3073 : }
3074 0 : task_lock(p);
3075 0 : i = iterate_fd(p->files, 0, this_tty, tty);
3076 0 : if (i != 0) {
3077 0 : tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3078 : task_pid_nr(p), p->comm, i - 1);
3079 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3080 : }
3081 0 : task_unlock(p);
3082 0 : } while_each_thread(g, p);
3083 0 : read_unlock(&tasklist_lock);
3084 0 : put_pid(session);
3085 : #endif
3086 : }
3087 :
3088 0 : static void do_SAK_work(struct work_struct *work)
3089 : {
3090 0 : struct tty_struct *tty =
3091 0 : container_of(work, struct tty_struct, SAK_work);
3092 0 : __do_SAK(tty);
3093 0 : }
3094 :
3095 : /*
3096 : * The tq handling here is a little racy - tty->SAK_work may already be queued.
3097 : * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3098 : * the values which we write to it will be identical to the values which it
3099 : * already has. --akpm
3100 : */
3101 0 : void do_SAK(struct tty_struct *tty)
3102 : {
3103 0 : if (!tty)
3104 : return;
3105 0 : schedule_work(&tty->SAK_work);
3106 : }
3107 :
3108 : EXPORT_SYMBOL(do_SAK);
3109 :
3110 : /* Must put_device() after it's unused! */
3111 163 : static struct device *tty_get_device(struct tty_struct *tty)
3112 : {
3113 163 : dev_t devt = tty_devnum(tty);
3114 326 : return class_find_device_by_devt(tty_class, devt);
3115 : }
3116 :
3117 :
3118 : /*
3119 : * alloc_tty_struct
3120 : *
3121 : * This subroutine allocates and initializes a tty structure.
3122 : *
3123 : * Locking: none - tty in question is not exposed at this point
3124 : */
3125 :
3126 163 : struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3127 : {
3128 163 : struct tty_struct *tty;
3129 :
3130 163 : tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3131 163 : if (!tty)
3132 : return NULL;
3133 :
3134 163 : kref_init(&tty->kref);
3135 163 : tty->magic = TTY_MAGIC;
3136 163 : if (tty_ldisc_init(tty)) {
3137 0 : kfree(tty);
3138 0 : return NULL;
3139 : }
3140 163 : tty->session = NULL;
3141 163 : tty->pgrp = NULL;
3142 163 : mutex_init(&tty->legacy_mutex);
3143 163 : mutex_init(&tty->throttle_mutex);
3144 163 : init_rwsem(&tty->termios_rwsem);
3145 163 : mutex_init(&tty->winsize_mutex);
3146 163 : init_ldsem(&tty->ldisc_sem);
3147 163 : init_waitqueue_head(&tty->write_wait);
3148 163 : init_waitqueue_head(&tty->read_wait);
3149 163 : INIT_WORK(&tty->hangup_work, do_tty_hangup);
3150 163 : mutex_init(&tty->atomic_write_lock);
3151 163 : spin_lock_init(&tty->ctrl_lock);
3152 163 : spin_lock_init(&tty->flow_lock);
3153 163 : spin_lock_init(&tty->files_lock);
3154 163 : INIT_LIST_HEAD(&tty->tty_files);
3155 163 : INIT_WORK(&tty->SAK_work, do_SAK_work);
3156 :
3157 163 : tty->driver = driver;
3158 163 : tty->ops = driver->ops;
3159 163 : tty->index = idx;
3160 163 : tty_line_name(driver, idx, tty->name);
3161 163 : tty->dev = tty_get_device(tty);
3162 :
3163 163 : return tty;
3164 : }
3165 :
3166 : /**
3167 : * tty_put_char - write one character to a tty
3168 : * @tty: tty
3169 : * @ch: character
3170 : *
3171 : * Write one byte to the tty using the provided put_char method
3172 : * if present. Returns the number of characters successfully output.
3173 : *
3174 : * Note: the specific put_char operation in the driver layer may go
3175 : * away soon. Don't call it directly, use this method
3176 : */
3177 :
3178 0 : int tty_put_char(struct tty_struct *tty, unsigned char ch)
3179 : {
3180 0 : if (tty->ops->put_char)
3181 0 : return tty->ops->put_char(tty, ch);
3182 0 : return tty->ops->write(tty, &ch, 1);
3183 : }
3184 : EXPORT_SYMBOL_GPL(tty_put_char);
3185 :
3186 : struct class *tty_class;
3187 :
3188 69 : static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3189 : unsigned int index, unsigned int count)
3190 : {
3191 69 : int err;
3192 :
3193 : /* init here, since reused cdevs cause crashes */
3194 69 : driver->cdevs[index] = cdev_alloc();
3195 69 : if (!driver->cdevs[index])
3196 : return -ENOMEM;
3197 69 : driver->cdevs[index]->ops = &tty_fops;
3198 69 : driver->cdevs[index]->owner = driver->owner;
3199 69 : err = cdev_add(driver->cdevs[index], dev, count);
3200 69 : if (err)
3201 0 : kobject_put(&driver->cdevs[index]->kobj);
3202 : return err;
3203 : }
3204 :
3205 : /**
3206 : * tty_register_device - register a tty device
3207 : * @driver: the tty driver that describes the tty device
3208 : * @index: the index in the tty driver for this tty device
3209 : * @device: a struct device that is associated with this tty device.
3210 : * This field is optional, if there is no known struct device
3211 : * for this tty device it can be set to NULL safely.
3212 : *
3213 : * Returns a pointer to the struct device for this tty device
3214 : * (or ERR_PTR(-EFOO) on error).
3215 : *
3216 : * This call is required to be made to register an individual tty device
3217 : * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3218 : * that bit is not set, this function should not be called by a tty
3219 : * driver.
3220 : *
3221 : * Locking: ??
3222 : */
3223 :
3224 63 : struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3225 : struct device *device)
3226 : {
3227 0 : return tty_register_device_attr(driver, index, device, NULL, NULL);
3228 : }
3229 : EXPORT_SYMBOL(tty_register_device);
3230 :
3231 0 : static void tty_device_create_release(struct device *dev)
3232 : {
3233 0 : dev_dbg(dev, "releasing...\n");
3234 0 : kfree(dev);
3235 0 : }
3236 :
3237 : /**
3238 : * tty_register_device_attr - register a tty device
3239 : * @driver: the tty driver that describes the tty device
3240 : * @index: the index in the tty driver for this tty device
3241 : * @device: a struct device that is associated with this tty device.
3242 : * This field is optional, if there is no known struct device
3243 : * for this tty device it can be set to NULL safely.
3244 : * @drvdata: Driver data to be set to device.
3245 : * @attr_grp: Attribute group to be set on device.
3246 : *
3247 : * Returns a pointer to the struct device for this tty device
3248 : * (or ERR_PTR(-EFOO) on error).
3249 : *
3250 : * This call is required to be made to register an individual tty device
3251 : * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3252 : * that bit is not set, this function should not be called by a tty
3253 : * driver.
3254 : *
3255 : * Locking: ??
3256 : */
3257 67 : struct device *tty_register_device_attr(struct tty_driver *driver,
3258 : unsigned index, struct device *device,
3259 : void *drvdata,
3260 : const struct attribute_group **attr_grp)
3261 : {
3262 67 : char name[64];
3263 67 : dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3264 67 : struct ktermios *tp;
3265 67 : struct device *dev;
3266 67 : int retval;
3267 :
3268 67 : if (index >= driver->num) {
3269 0 : pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3270 : driver->name, index);
3271 0 : return ERR_PTR(-EINVAL);
3272 : }
3273 :
3274 67 : if (driver->type == TTY_DRIVER_TYPE_PTY)
3275 0 : pty_line_name(driver, index, name);
3276 : else
3277 67 : tty_line_name(driver, index, name);
3278 :
3279 67 : dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3280 67 : if (!dev)
3281 67 : return ERR_PTR(-ENOMEM);
3282 :
3283 67 : dev->devt = devt;
3284 67 : dev->class = tty_class;
3285 67 : dev->parent = device;
3286 67 : dev->release = tty_device_create_release;
3287 67 : dev_set_name(dev, "%s", name);
3288 67 : dev->groups = attr_grp;
3289 67 : dev_set_drvdata(dev, drvdata);
3290 :
3291 67 : dev_set_uevent_suppress(dev, 1);
3292 :
3293 67 : retval = device_register(dev);
3294 67 : if (retval)
3295 0 : goto err_put;
3296 :
3297 67 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3298 : /*
3299 : * Free any saved termios data so that the termios state is
3300 : * reset when reusing a minor number.
3301 : */
3302 67 : tp = driver->termios[index];
3303 67 : if (tp) {
3304 0 : driver->termios[index] = NULL;
3305 0 : kfree(tp);
3306 : }
3307 :
3308 67 : retval = tty_cdev_add(driver, devt, index, 1);
3309 67 : if (retval)
3310 0 : goto err_del;
3311 : }
3312 :
3313 67 : dev_set_uevent_suppress(dev, 0);
3314 67 : kobject_uevent(&dev->kobj, KOBJ_ADD);
3315 :
3316 67 : return dev;
3317 :
3318 0 : err_del:
3319 0 : device_del(dev);
3320 0 : err_put:
3321 0 : put_device(dev);
3322 :
3323 0 : return ERR_PTR(retval);
3324 : }
3325 : EXPORT_SYMBOL_GPL(tty_register_device_attr);
3326 :
3327 : /**
3328 : * tty_unregister_device - unregister a tty device
3329 : * @driver: the tty driver that describes the tty device
3330 : * @index: the index in the tty driver for this tty device
3331 : *
3332 : * If a tty device is registered with a call to tty_register_device() then
3333 : * this function must be called when the tty device is gone.
3334 : *
3335 : * Locking: ??
3336 : */
3337 :
3338 0 : void tty_unregister_device(struct tty_driver *driver, unsigned index)
3339 : {
3340 0 : device_destroy(tty_class,
3341 0 : MKDEV(driver->major, driver->minor_start) + index);
3342 0 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3343 0 : cdev_del(driver->cdevs[index]);
3344 0 : driver->cdevs[index] = NULL;
3345 : }
3346 0 : }
3347 : EXPORT_SYMBOL(tty_unregister_device);
3348 :
3349 : /**
3350 : * __tty_alloc_driver -- allocate tty driver
3351 : * @lines: count of lines this driver can handle at most
3352 : * @owner: module which is responsible for this driver
3353 : * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3354 : *
3355 : * This should not be called directly, some of the provided macros should be
3356 : * used instead. Use IS_ERR and friends on @retval.
3357 : */
3358 4 : struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3359 : unsigned long flags)
3360 : {
3361 4 : struct tty_driver *driver;
3362 4 : unsigned int cdevs = 1;
3363 4 : int err;
3364 :
3365 4 : if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3366 4 : return ERR_PTR(-EINVAL);
3367 :
3368 4 : driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3369 4 : if (!driver)
3370 4 : return ERR_PTR(-ENOMEM);
3371 :
3372 4 : kref_init(&driver->kref);
3373 4 : driver->magic = TTY_DRIVER_MAGIC;
3374 4 : driver->num = lines;
3375 4 : driver->owner = owner;
3376 4 : driver->flags = flags;
3377 :
3378 4 : if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3379 2 : driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3380 : GFP_KERNEL);
3381 2 : driver->termios = kcalloc(lines, sizeof(*driver->termios),
3382 : GFP_KERNEL);
3383 2 : if (!driver->ttys || !driver->termios) {
3384 0 : err = -ENOMEM;
3385 0 : goto err_free_all;
3386 : }
3387 : }
3388 :
3389 4 : if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3390 2 : driver->ports = kcalloc(lines, sizeof(*driver->ports),
3391 : GFP_KERNEL);
3392 2 : if (!driver->ports) {
3393 0 : err = -ENOMEM;
3394 0 : goto err_free_all;
3395 : }
3396 : cdevs = lines;
3397 : }
3398 :
3399 4 : driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3400 4 : if (!driver->cdevs) {
3401 0 : err = -ENOMEM;
3402 0 : goto err_free_all;
3403 : }
3404 :
3405 : return driver;
3406 0 : err_free_all:
3407 0 : kfree(driver->ports);
3408 0 : kfree(driver->ttys);
3409 0 : kfree(driver->termios);
3410 0 : kfree(driver->cdevs);
3411 0 : kfree(driver);
3412 0 : return ERR_PTR(err);
3413 : }
3414 : EXPORT_SYMBOL(__tty_alloc_driver);
3415 :
3416 0 : static void destruct_tty_driver(struct kref *kref)
3417 : {
3418 0 : struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3419 0 : int i;
3420 0 : struct ktermios *tp;
3421 :
3422 0 : if (driver->flags & TTY_DRIVER_INSTALLED) {
3423 0 : for (i = 0; i < driver->num; i++) {
3424 0 : tp = driver->termios[i];
3425 0 : if (tp) {
3426 0 : driver->termios[i] = NULL;
3427 0 : kfree(tp);
3428 : }
3429 0 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3430 0 : tty_unregister_device(driver, i);
3431 : }
3432 0 : proc_tty_unregister_driver(driver);
3433 0 : if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3434 0 : cdev_del(driver->cdevs[0]);
3435 : }
3436 0 : kfree(driver->cdevs);
3437 0 : kfree(driver->ports);
3438 0 : kfree(driver->termios);
3439 0 : kfree(driver->ttys);
3440 0 : kfree(driver);
3441 0 : }
3442 :
3443 337 : void tty_driver_kref_put(struct tty_driver *driver)
3444 : {
3445 337 : kref_put(&driver->kref, destruct_tty_driver);
3446 0 : }
3447 : EXPORT_SYMBOL(tty_driver_kref_put);
3448 :
3449 4 : void tty_set_operations(struct tty_driver *driver,
3450 : const struct tty_operations *op)
3451 : {
3452 4 : driver->ops = op;
3453 4 : };
3454 : EXPORT_SYMBOL(tty_set_operations);
3455 :
3456 0 : void put_tty_driver(struct tty_driver *d)
3457 : {
3458 0 : tty_driver_kref_put(d);
3459 0 : }
3460 : EXPORT_SYMBOL(put_tty_driver);
3461 :
3462 : /*
3463 : * Called by a tty driver to register itself.
3464 : */
3465 4 : int tty_register_driver(struct tty_driver *driver)
3466 : {
3467 4 : int error;
3468 4 : int i;
3469 4 : dev_t dev;
3470 4 : struct device *d;
3471 :
3472 4 : if (!driver->major) {
3473 0 : error = alloc_chrdev_region(&dev, driver->minor_start,
3474 : driver->num, driver->name);
3475 0 : if (!error) {
3476 0 : driver->major = MAJOR(dev);
3477 0 : driver->minor_start = MINOR(dev);
3478 : }
3479 : } else {
3480 4 : dev = MKDEV(driver->major, driver->minor_start);
3481 4 : error = register_chrdev_region(dev, driver->num, driver->name);
3482 : }
3483 4 : if (error < 0)
3484 0 : goto err;
3485 :
3486 4 : if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3487 2 : error = tty_cdev_add(driver, dev, 0, driver->num);
3488 2 : if (error)
3489 0 : goto err_unreg_char;
3490 : }
3491 :
3492 4 : mutex_lock(&tty_mutex);
3493 4 : list_add(&driver->tty_drivers, &tty_drivers);
3494 4 : mutex_unlock(&tty_mutex);
3495 :
3496 4 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3497 64 : for (i = 0; i < driver->num; i++) {
3498 63 : d = tty_register_device(driver, i, NULL);
3499 63 : if (IS_ERR(d)) {
3500 0 : error = PTR_ERR(d);
3501 0 : goto err_unreg_devs;
3502 : }
3503 : }
3504 : }
3505 4 : proc_tty_register_driver(driver);
3506 4 : driver->flags |= TTY_DRIVER_INSTALLED;
3507 4 : return 0;
3508 :
3509 0 : err_unreg_devs:
3510 0 : for (i--; i >= 0; i--)
3511 0 : tty_unregister_device(driver, i);
3512 :
3513 0 : mutex_lock(&tty_mutex);
3514 0 : list_del(&driver->tty_drivers);
3515 0 : mutex_unlock(&tty_mutex);
3516 :
3517 0 : err_unreg_char:
3518 0 : unregister_chrdev_region(dev, driver->num);
3519 : err:
3520 : return error;
3521 : }
3522 : EXPORT_SYMBOL(tty_register_driver);
3523 :
3524 : /*
3525 : * Called by a tty driver to unregister itself.
3526 : */
3527 0 : int tty_unregister_driver(struct tty_driver *driver)
3528 : {
3529 : #if 0
3530 : /* FIXME */
3531 : if (driver->refcount)
3532 : return -EBUSY;
3533 : #endif
3534 0 : unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3535 : driver->num);
3536 0 : mutex_lock(&tty_mutex);
3537 0 : list_del(&driver->tty_drivers);
3538 0 : mutex_unlock(&tty_mutex);
3539 0 : return 0;
3540 : }
3541 :
3542 : EXPORT_SYMBOL(tty_unregister_driver);
3543 :
3544 163 : dev_t tty_devnum(struct tty_struct *tty)
3545 : {
3546 163 : return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3547 : }
3548 : EXPORT_SYMBOL(tty_devnum);
3549 :
3550 1 : void tty_default_fops(struct file_operations *fops)
3551 : {
3552 1 : *fops = tty_fops;
3553 1 : }
3554 :
3555 359 : static char *tty_devnode(struct device *dev, umode_t *mode)
3556 : {
3557 359 : if (!mode)
3558 : return NULL;
3559 359 : if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3560 : dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3561 10 : *mode = 0666;
3562 : return NULL;
3563 : }
3564 :
3565 1 : static int __init tty_class_init(void)
3566 : {
3567 1 : tty_class = class_create(THIS_MODULE, "tty");
3568 1 : if (IS_ERR(tty_class))
3569 0 : return PTR_ERR(tty_class);
3570 1 : tty_class->devnode = tty_devnode;
3571 1 : return 0;
3572 : }
3573 :
3574 : postcore_initcall(tty_class_init);
3575 :
3576 : /* 3/2004 jmc: why do these devices exist? */
3577 : static struct cdev tty_cdev, console_cdev;
3578 :
3579 3 : static ssize_t show_cons_active(struct device *dev,
3580 : struct device_attribute *attr, char *buf)
3581 : {
3582 3 : struct console *cs[16];
3583 3 : int i = 0;
3584 3 : struct console *c;
3585 3 : ssize_t count = 0;
3586 :
3587 3 : console_lock();
3588 6 : for_each_console(c) {
3589 3 : if (!c->device)
3590 0 : continue;
3591 3 : if (!c->write)
3592 0 : continue;
3593 3 : if ((c->flags & CON_ENABLED) == 0)
3594 0 : continue;
3595 3 : cs[i++] = c;
3596 3 : if (i >= ARRAY_SIZE(cs))
3597 : break;
3598 : }
3599 6 : while (i--) {
3600 3 : int index = cs[i]->index;
3601 3 : struct tty_driver *drv = cs[i]->device(cs[i], &index);
3602 :
3603 : /* don't resolve tty0 as some programs depend on it */
3604 3 : if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3605 0 : count += tty_line_name(drv, index, buf + count);
3606 : else
3607 3 : count += sprintf(buf + count, "%s%d",
3608 3 : cs[i]->name, cs[i]->index);
3609 :
3610 6 : count += sprintf(buf + count, "%c", i ? ' ':'\n');
3611 : }
3612 3 : console_unlock();
3613 :
3614 3 : return count;
3615 : }
3616 : static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3617 :
3618 : static struct attribute *cons_dev_attrs[] = {
3619 : &dev_attr_active.attr,
3620 : NULL
3621 : };
3622 :
3623 : ATTRIBUTE_GROUPS(cons_dev);
3624 :
3625 : static struct device *consdev;
3626 :
3627 1 : void console_sysfs_notify(void)
3628 : {
3629 1 : if (consdev)
3630 0 : sysfs_notify(&consdev->kobj, NULL, "active");
3631 1 : }
3632 :
3633 : /*
3634 : * Ok, now we can initialize the rest of the tty devices and can count
3635 : * on memory allocations, interrupts etc..
3636 : */
3637 1 : int __init tty_init(void)
3638 : {
3639 1 : tty_sysctl_init();
3640 1 : cdev_init(&tty_cdev, &tty_fops);
3641 2 : if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3642 1 : register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3643 0 : panic("Couldn't register /dev/tty driver\n");
3644 1 : device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3645 :
3646 1 : cdev_init(&console_cdev, &console_fops);
3647 2 : if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3648 1 : register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3649 0 : panic("Couldn't register /dev/console driver\n");
3650 1 : consdev = device_create_with_groups(tty_class, NULL,
3651 : MKDEV(TTYAUX_MAJOR, 1), NULL,
3652 : cons_dev_groups, "console");
3653 1 : if (IS_ERR(consdev))
3654 0 : consdev = NULL;
3655 :
3656 : #ifdef CONFIG_VT
3657 1 : vty_init(&console_fops);
3658 : #endif
3659 1 : return 0;
3660 : }
3661 :
|
