Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0
2 : /*
3 : * Copyright (C) 1991, 1992 Linus Torvalds
4 : */
5 :
6 : /*
7 : * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 : * or rs-channels. It also implements echoing, cooked mode etc.
9 : *
10 : * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 : *
12 : * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 : * tty_struct and tty_queue structures. Previously there was an array
14 : * of 256 tty_struct's which was statically allocated, and the
15 : * tty_queue structures were allocated at boot time. Both are now
16 : * dynamically allocated only when the tty is open.
17 : *
18 : * Also restructured routines so that there is more of a separation
19 : * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 : * the low-level tty routines (serial.c, pty.c, console.c). This
21 : * makes for cleaner and more compact code. -TYT, 9/17/92
22 : *
23 : * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 : * which can be dynamically activated and de-activated by the line
25 : * discipline handling modules (like SLIP).
26 : *
27 : * NOTE: pay no attention to the line discipline code (yet); its
28 : * interface is still subject to change in this version...
29 : * -- TYT, 1/31/92
30 : *
31 : * Added functionality to the OPOST tty handling. No delays, but all
32 : * other bits should be there.
33 : * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 : *
35 : * Rewrote canonical mode and added more termios flags.
36 : * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 : *
38 : * Reorganized FASYNC support so mouse code can share it.
39 : * -- ctm@ardi.com, 9Sep95
40 : *
41 : * New TIOCLINUX variants added.
42 : * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 : *
44 : * Restrict vt switching via ioctl()
45 : * -- grif@cs.ucr.edu, 5-Dec-95
46 : *
47 : * Move console and virtual terminal code to more appropriate files,
48 : * implement CONFIG_VT and generalize console device interface.
49 : * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 : *
51 : * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 : * -- Bill Hawes <whawes@star.net>, June 97
53 : *
54 : * Added devfs support.
55 : * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 : *
57 : * Added support for a Unix98-style ptmx device.
58 : * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 : *
60 : * Reduced memory usage for older ARM systems
61 : * -- Russell King <rmk@arm.linux.org.uk>
62 : *
63 : * Move do_SAK() into process context. Less stack use in devfs functions.
64 : * alloc_tty_struct() always uses kmalloc()
65 : * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 : */
67 :
68 : #include <linux/types.h>
69 : #include <linux/major.h>
70 : #include <linux/errno.h>
71 : #include <linux/signal.h>
72 : #include <linux/fcntl.h>
73 : #include <linux/sched/signal.h>
74 : #include <linux/sched/task.h>
75 : #include <linux/interrupt.h>
76 : #include <linux/tty.h>
77 : #include <linux/tty_driver.h>
78 : #include <linux/tty_flip.h>
79 : #include <linux/devpts_fs.h>
80 : #include <linux/file.h>
81 : #include <linux/fdtable.h>
82 : #include <linux/console.h>
83 : #include <linux/timer.h>
84 : #include <linux/ctype.h>
85 : #include <linux/kd.h>
86 : #include <linux/mm.h>
87 : #include <linux/string.h>
88 : #include <linux/slab.h>
89 : #include <linux/poll.h>
90 : #include <linux/ppp-ioctl.h>
91 : #include <linux/proc_fs.h>
92 : #include <linux/init.h>
93 : #include <linux/module.h>
94 : #include <linux/device.h>
95 : #include <linux/wait.h>
96 : #include <linux/bitops.h>
97 : #include <linux/delay.h>
98 : #include <linux/seq_file.h>
99 : #include <linux/serial.h>
100 : #include <linux/ratelimit.h>
101 : #include <linux/compat.h>
102 : #include <linux/uaccess.h>
103 : #include <linux/termios_internal.h>
104 : #include <linux/fs.h>
105 :
106 : #include <linux/kbd_kern.h>
107 : #include <linux/vt_kern.h>
108 : #include <linux/selection.h>
109 :
110 : #include <linux/kmod.h>
111 : #include <linux/nsproxy.h>
112 : #include "tty.h"
113 :
114 : #undef TTY_DEBUG_HANGUP
115 : #ifdef TTY_DEBUG_HANGUP
116 : # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
117 : #else
118 : # define tty_debug_hangup(tty, f, args...) do { } while (0)
119 : #endif
120 :
121 : #define TTY_PARANOIA_CHECK 1
122 : #define CHECK_TTY_COUNT 1
123 :
124 : struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
125 : .c_iflag = ICRNL | IXON,
126 : .c_oflag = OPOST | ONLCR,
127 : .c_cflag = B38400 | CS8 | CREAD | HUPCL,
128 : .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
129 : ECHOCTL | ECHOKE | IEXTEN,
130 : .c_cc = INIT_C_CC,
131 : .c_ispeed = 38400,
132 : .c_ospeed = 38400,
133 : /* .c_line = N_TTY, */
134 : };
135 : EXPORT_SYMBOL(tty_std_termios);
136 :
137 : /* This list gets poked at by procfs and various bits of boot up code. This
138 : * could do with some rationalisation such as pulling the tty proc function
139 : * into this file.
140 : */
141 :
142 : LIST_HEAD(tty_drivers); /* linked list of tty drivers */
143 :
144 : /* Mutex to protect creating and releasing a tty */
145 : DEFINE_MUTEX(tty_mutex);
146 :
147 : static ssize_t tty_read(struct kiocb *, struct iov_iter *);
148 : static ssize_t tty_write(struct kiocb *, struct iov_iter *);
149 : static __poll_t tty_poll(struct file *, poll_table *);
150 : static int tty_open(struct inode *, struct file *);
151 : #ifdef CONFIG_COMPAT
152 : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
153 : unsigned long arg);
154 : #else
155 : #define tty_compat_ioctl NULL
156 : #endif
157 : static int __tty_fasync(int fd, struct file *filp, int on);
158 : static int tty_fasync(int fd, struct file *filp, int on);
159 : static void release_tty(struct tty_struct *tty, int idx);
160 :
161 : /**
162 : * free_tty_struct - free a disused tty
163 : * @tty: tty struct to free
164 : *
165 : * Free the write buffers, tty queue and tty memory itself.
166 : *
167 : * Locking: none. Must be called after tty is definitely unused
168 : */
169 0 : static void free_tty_struct(struct tty_struct *tty)
170 : {
171 0 : tty_ldisc_deinit(tty);
172 0 : put_device(tty->dev);
173 0 : kvfree(tty->write_buf);
174 0 : kfree(tty);
175 0 : }
176 :
177 : static inline struct tty_struct *file_tty(struct file *file)
178 : {
179 0 : return ((struct tty_file_private *)file->private_data)->tty;
180 : }
181 :
182 0 : int tty_alloc_file(struct file *file)
183 : {
184 : struct tty_file_private *priv;
185 :
186 0 : priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 0 : if (!priv)
188 : return -ENOMEM;
189 :
190 0 : file->private_data = priv;
191 :
192 0 : return 0;
193 : }
194 :
195 : /* Associate a new file with the tty structure */
196 0 : void tty_add_file(struct tty_struct *tty, struct file *file)
197 : {
198 0 : struct tty_file_private *priv = file->private_data;
199 :
200 0 : priv->tty = tty;
201 0 : priv->file = file;
202 :
203 0 : spin_lock(&tty->files_lock);
204 0 : list_add(&priv->list, &tty->tty_files);
205 0 : spin_unlock(&tty->files_lock);
206 0 : }
207 :
208 : /**
209 : * tty_free_file - free file->private_data
210 : * @file: to free private_data of
211 : *
212 : * This shall be used only for fail path handling when tty_add_file was not
213 : * called yet.
214 : */
215 0 : void tty_free_file(struct file *file)
216 : {
217 0 : struct tty_file_private *priv = file->private_data;
218 :
219 0 : file->private_data = NULL;
220 0 : kfree(priv);
221 0 : }
222 :
223 : /* Delete file from its tty */
224 0 : static void tty_del_file(struct file *file)
225 : {
226 0 : struct tty_file_private *priv = file->private_data;
227 0 : struct tty_struct *tty = priv->tty;
228 :
229 0 : spin_lock(&tty->files_lock);
230 0 : list_del(&priv->list);
231 0 : spin_unlock(&tty->files_lock);
232 0 : tty_free_file(file);
233 0 : }
234 :
235 : /**
236 : * tty_name - return tty naming
237 : * @tty: tty structure
238 : *
239 : * Convert a tty structure into a name. The name reflects the kernel naming
240 : * policy and if udev is in use may not reflect user space
241 : *
242 : * Locking: none
243 : */
244 0 : const char *tty_name(const struct tty_struct *tty)
245 : {
246 0 : if (!tty) /* Hmm. NULL pointer. That's fun. */
247 : return "NULL tty";
248 0 : return tty->name;
249 : }
250 : EXPORT_SYMBOL(tty_name);
251 :
252 0 : const char *tty_driver_name(const struct tty_struct *tty)
253 : {
254 0 : if (!tty || !tty->driver)
255 : return "";
256 0 : return tty->driver->name;
257 : }
258 :
259 : static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 : const char *routine)
261 : {
262 : #ifdef TTY_PARANOIA_CHECK
263 0 : if (!tty) {
264 0 : pr_warn("(%d:%d): %s: NULL tty\n",
265 : imajor(inode), iminor(inode), routine);
266 : return 1;
267 : }
268 : #endif
269 : return 0;
270 : }
271 :
272 : /* Caller must hold tty_lock */
273 0 : static int check_tty_count(struct tty_struct *tty, const char *routine)
274 : {
275 : #ifdef CHECK_TTY_COUNT
276 : struct list_head *p;
277 0 : int count = 0, kopen_count = 0;
278 :
279 0 : spin_lock(&tty->files_lock);
280 0 : list_for_each(p, &tty->tty_files) {
281 0 : count++;
282 : }
283 0 : spin_unlock(&tty->files_lock);
284 0 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
285 0 : tty->driver->subtype == PTY_TYPE_SLAVE &&
286 0 : tty->link && tty->link->count)
287 0 : count++;
288 0 : if (tty_port_kopened(tty->port))
289 0 : kopen_count++;
290 0 : if (tty->count != (count + kopen_count)) {
291 0 : tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
292 : routine, tty->count, count, kopen_count);
293 0 : return (count + kopen_count);
294 : }
295 : #endif
296 : return 0;
297 : }
298 :
299 : /**
300 : * get_tty_driver - find device of a tty
301 : * @device: device identifier
302 : * @index: returns the index of the tty
303 : *
304 : * This routine returns a tty driver structure, given a device number and also
305 : * passes back the index number.
306 : *
307 : * Locking: caller must hold tty_mutex
308 : */
309 0 : static struct tty_driver *get_tty_driver(dev_t device, int *index)
310 : {
311 : struct tty_driver *p;
312 :
313 0 : list_for_each_entry(p, &tty_drivers, tty_drivers) {
314 0 : dev_t base = MKDEV(p->major, p->minor_start);
315 :
316 0 : if (device < base || device >= base + p->num)
317 0 : continue;
318 0 : *index = device - base;
319 0 : return tty_driver_kref_get(p);
320 : }
321 : return NULL;
322 : }
323 :
324 : /**
325 : * tty_dev_name_to_number - return dev_t for device name
326 : * @name: user space name of device under /dev
327 : * @number: pointer to dev_t that this function will populate
328 : *
329 : * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
330 : * (4, 64) or (188, 1). If no corresponding driver is registered then the
331 : * function returns -%ENODEV.
332 : *
333 : * Locking: this acquires tty_mutex to protect the tty_drivers list from
334 : * being modified while we are traversing it, and makes sure to
335 : * release it before exiting.
336 : */
337 0 : int tty_dev_name_to_number(const char *name, dev_t *number)
338 : {
339 : struct tty_driver *p;
340 : int ret;
341 0 : int index, prefix_length = 0;
342 : const char *str;
343 :
344 0 : for (str = name; *str && !isdigit(*str); str++)
345 : ;
346 :
347 0 : if (!*str)
348 : return -EINVAL;
349 :
350 0 : ret = kstrtoint(str, 10, &index);
351 0 : if (ret)
352 : return ret;
353 :
354 0 : prefix_length = str - name;
355 0 : mutex_lock(&tty_mutex);
356 :
357 0 : list_for_each_entry(p, &tty_drivers, tty_drivers)
358 0 : if (prefix_length == strlen(p->name) && strncmp(name,
359 : p->name, prefix_length) == 0) {
360 0 : if (index < p->num) {
361 0 : *number = MKDEV(p->major, p->minor_start + index);
362 0 : goto out;
363 : }
364 : }
365 :
366 : /* if here then driver wasn't found */
367 : ret = -ENODEV;
368 : out:
369 0 : mutex_unlock(&tty_mutex);
370 0 : return ret;
371 : }
372 : EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
373 :
374 : #ifdef CONFIG_CONSOLE_POLL
375 :
376 : /**
377 : * tty_find_polling_driver - find device of a polled tty
378 : * @name: name string to match
379 : * @line: pointer to resulting tty line nr
380 : *
381 : * This routine returns a tty driver structure, given a name and the condition
382 : * that the tty driver is capable of polled operation.
383 : */
384 : struct tty_driver *tty_find_polling_driver(char *name, int *line)
385 : {
386 : struct tty_driver *p, *res = NULL;
387 : int tty_line = 0;
388 : int len;
389 : char *str, *stp;
390 :
391 : for (str = name; *str; str++)
392 : if ((*str >= '0' && *str <= '9') || *str == ',')
393 : break;
394 : if (!*str)
395 : return NULL;
396 :
397 : len = str - name;
398 : tty_line = simple_strtoul(str, &str, 10);
399 :
400 : mutex_lock(&tty_mutex);
401 : /* Search through the tty devices to look for a match */
402 : list_for_each_entry(p, &tty_drivers, tty_drivers) {
403 : if (!len || strncmp(name, p->name, len) != 0)
404 : continue;
405 : stp = str;
406 : if (*stp == ',')
407 : stp++;
408 : if (*stp == '\0')
409 : stp = NULL;
410 :
411 : if (tty_line >= 0 && tty_line < p->num && p->ops &&
412 : p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
413 : res = tty_driver_kref_get(p);
414 : *line = tty_line;
415 : break;
416 : }
417 : }
418 : mutex_unlock(&tty_mutex);
419 :
420 : return res;
421 : }
422 : EXPORT_SYMBOL_GPL(tty_find_polling_driver);
423 : #endif
424 :
425 0 : static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
426 : {
427 0 : return 0;
428 : }
429 :
430 0 : static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
431 : {
432 0 : return -EIO;
433 : }
434 :
435 : /* No kernel lock held - none needed ;) */
436 0 : static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
437 : {
438 0 : return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
439 : }
440 :
441 0 : static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
442 : unsigned long arg)
443 : {
444 0 : return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
445 : }
446 :
447 0 : static long hung_up_tty_compat_ioctl(struct file *file,
448 : unsigned int cmd, unsigned long arg)
449 : {
450 0 : return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
451 : }
452 :
453 0 : static int hung_up_tty_fasync(int fd, struct file *file, int on)
454 : {
455 0 : return -ENOTTY;
456 : }
457 :
458 0 : static void tty_show_fdinfo(struct seq_file *m, struct file *file)
459 : {
460 0 : struct tty_struct *tty = file_tty(file);
461 :
462 0 : if (tty && tty->ops && tty->ops->show_fdinfo)
463 0 : tty->ops->show_fdinfo(tty, m);
464 0 : }
465 :
466 : static const struct file_operations tty_fops = {
467 : .llseek = no_llseek,
468 : .read_iter = tty_read,
469 : .write_iter = tty_write,
470 : .splice_read = copy_splice_read,
471 : .splice_write = iter_file_splice_write,
472 : .poll = tty_poll,
473 : .unlocked_ioctl = tty_ioctl,
474 : .compat_ioctl = tty_compat_ioctl,
475 : .open = tty_open,
476 : .release = tty_release,
477 : .fasync = tty_fasync,
478 : .show_fdinfo = tty_show_fdinfo,
479 : };
480 :
481 : static const struct file_operations console_fops = {
482 : .llseek = no_llseek,
483 : .read_iter = tty_read,
484 : .write_iter = redirected_tty_write,
485 : .splice_read = copy_splice_read,
486 : .splice_write = iter_file_splice_write,
487 : .poll = tty_poll,
488 : .unlocked_ioctl = tty_ioctl,
489 : .compat_ioctl = tty_compat_ioctl,
490 : .open = tty_open,
491 : .release = tty_release,
492 : .fasync = tty_fasync,
493 : };
494 :
495 : static const struct file_operations hung_up_tty_fops = {
496 : .llseek = no_llseek,
497 : .read_iter = hung_up_tty_read,
498 : .write_iter = hung_up_tty_write,
499 : .poll = hung_up_tty_poll,
500 : .unlocked_ioctl = hung_up_tty_ioctl,
501 : .compat_ioctl = hung_up_tty_compat_ioctl,
502 : .release = tty_release,
503 : .fasync = hung_up_tty_fasync,
504 : };
505 :
506 : static DEFINE_SPINLOCK(redirect_lock);
507 : static struct file *redirect;
508 :
509 : /**
510 : * tty_wakeup - request more data
511 : * @tty: terminal
512 : *
513 : * Internal and external helper for wakeups of tty. This function informs the
514 : * line discipline if present that the driver is ready to receive more output
515 : * data.
516 : */
517 0 : void tty_wakeup(struct tty_struct *tty)
518 : {
519 : struct tty_ldisc *ld;
520 :
521 0 : if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
522 0 : ld = tty_ldisc_ref(tty);
523 0 : if (ld) {
524 0 : if (ld->ops->write_wakeup)
525 0 : ld->ops->write_wakeup(tty);
526 0 : tty_ldisc_deref(ld);
527 : }
528 : }
529 0 : wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
530 0 : }
531 : EXPORT_SYMBOL_GPL(tty_wakeup);
532 :
533 : /**
534 : * tty_release_redirect - Release a redirect on a pty if present
535 : * @tty: tty device
536 : *
537 : * This is available to the pty code so if the master closes, if the slave is a
538 : * redirect it can release the redirect.
539 : */
540 : static struct file *tty_release_redirect(struct tty_struct *tty)
541 : {
542 0 : struct file *f = NULL;
543 :
544 0 : spin_lock(&redirect_lock);
545 0 : if (redirect && file_tty(redirect) == tty) {
546 0 : f = redirect;
547 0 : redirect = NULL;
548 : }
549 0 : spin_unlock(&redirect_lock);
550 :
551 : return f;
552 : }
553 :
554 : /**
555 : * __tty_hangup - actual handler for hangup events
556 : * @tty: tty device
557 : * @exit_session: if non-zero, signal all foreground group processes
558 : *
559 : * This can be called by a "kworker" kernel thread. That is process synchronous
560 : * but doesn't hold any locks, so we need to make sure we have the appropriate
561 : * locks for what we're doing.
562 : *
563 : * The hangup event clears any pending redirections onto the hung up device. It
564 : * ensures future writes will error and it does the needed line discipline
565 : * hangup and signal delivery. The tty object itself remains intact.
566 : *
567 : * Locking:
568 : * * BTM
569 : *
570 : * * redirect lock for undoing redirection
571 : * * file list lock for manipulating list of ttys
572 : * * tty_ldiscs_lock from called functions
573 : * * termios_rwsem resetting termios data
574 : * * tasklist_lock to walk task list for hangup event
575 : *
576 : * * ->siglock to protect ->signal/->sighand
577 : *
578 : */
579 0 : static void __tty_hangup(struct tty_struct *tty, int exit_session)
580 : {
581 0 : struct file *cons_filp = NULL;
582 : struct file *filp, *f;
583 : struct tty_file_private *priv;
584 0 : int closecount = 0, n;
585 : int refs;
586 :
587 0 : if (!tty)
588 : return;
589 :
590 0 : f = tty_release_redirect(tty);
591 :
592 0 : tty_lock(tty);
593 :
594 0 : if (test_bit(TTY_HUPPED, &tty->flags)) {
595 0 : tty_unlock(tty);
596 0 : return;
597 : }
598 :
599 : /*
600 : * Some console devices aren't actually hung up for technical and
601 : * historical reasons, which can lead to indefinite interruptible
602 : * sleep in n_tty_read(). The following explicitly tells
603 : * n_tty_read() to abort readers.
604 : */
605 0 : set_bit(TTY_HUPPING, &tty->flags);
606 :
607 : /* inuse_filps is protected by the single tty lock,
608 : * this really needs to change if we want to flush the
609 : * workqueue with the lock held.
610 : */
611 0 : check_tty_count(tty, "tty_hangup");
612 :
613 0 : spin_lock(&tty->files_lock);
614 : /* This breaks for file handles being sent over AF_UNIX sockets ? */
615 0 : list_for_each_entry(priv, &tty->tty_files, list) {
616 0 : filp = priv->file;
617 0 : if (filp->f_op->write_iter == redirected_tty_write)
618 0 : cons_filp = filp;
619 0 : if (filp->f_op->write_iter != tty_write)
620 0 : continue;
621 0 : closecount++;
622 0 : __tty_fasync(-1, filp, 0); /* can't block */
623 0 : filp->f_op = &hung_up_tty_fops;
624 : }
625 0 : spin_unlock(&tty->files_lock);
626 :
627 0 : refs = tty_signal_session_leader(tty, exit_session);
628 : /* Account for the p->signal references we killed */
629 0 : while (refs--)
630 : tty_kref_put(tty);
631 :
632 0 : tty_ldisc_hangup(tty, cons_filp != NULL);
633 :
634 0 : spin_lock_irq(&tty->ctrl.lock);
635 0 : clear_bit(TTY_THROTTLED, &tty->flags);
636 0 : clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
637 0 : put_pid(tty->ctrl.session);
638 0 : put_pid(tty->ctrl.pgrp);
639 0 : tty->ctrl.session = NULL;
640 0 : tty->ctrl.pgrp = NULL;
641 0 : tty->ctrl.pktstatus = 0;
642 0 : spin_unlock_irq(&tty->ctrl.lock);
643 :
644 : /*
645 : * If one of the devices matches a console pointer, we
646 : * cannot just call hangup() because that will cause
647 : * tty->count and state->count to go out of sync.
648 : * So we just call close() the right number of times.
649 : */
650 0 : if (cons_filp) {
651 0 : if (tty->ops->close)
652 0 : for (n = 0; n < closecount; n++)
653 0 : tty->ops->close(tty, cons_filp);
654 0 : } else if (tty->ops->hangup)
655 0 : tty->ops->hangup(tty);
656 : /*
657 : * We don't want to have driver/ldisc interactions beyond the ones
658 : * we did here. The driver layer expects no calls after ->hangup()
659 : * from the ldisc side, which is now guaranteed.
660 : */
661 0 : set_bit(TTY_HUPPED, &tty->flags);
662 0 : clear_bit(TTY_HUPPING, &tty->flags);
663 0 : tty_unlock(tty);
664 :
665 0 : if (f)
666 0 : fput(f);
667 : }
668 :
669 0 : static void do_tty_hangup(struct work_struct *work)
670 : {
671 0 : struct tty_struct *tty =
672 0 : container_of(work, struct tty_struct, hangup_work);
673 :
674 0 : __tty_hangup(tty, 0);
675 0 : }
676 :
677 : /**
678 : * tty_hangup - trigger a hangup event
679 : * @tty: tty to hangup
680 : *
681 : * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
682 : * hangup sequence to run after this event.
683 : */
684 0 : void tty_hangup(struct tty_struct *tty)
685 : {
686 : tty_debug_hangup(tty, "hangup\n");
687 0 : schedule_work(&tty->hangup_work);
688 0 : }
689 : EXPORT_SYMBOL(tty_hangup);
690 :
691 : /**
692 : * tty_vhangup - process vhangup
693 : * @tty: tty to hangup
694 : *
695 : * The user has asked via system call for the terminal to be hung up. We do
696 : * this synchronously so that when the syscall returns the process is complete.
697 : * That guarantee is necessary for security reasons.
698 : */
699 0 : void tty_vhangup(struct tty_struct *tty)
700 : {
701 : tty_debug_hangup(tty, "vhangup\n");
702 0 : __tty_hangup(tty, 0);
703 0 : }
704 : EXPORT_SYMBOL(tty_vhangup);
705 :
706 :
707 : /**
708 : * tty_vhangup_self - process vhangup for own ctty
709 : *
710 : * Perform a vhangup on the current controlling tty
711 : */
712 0 : void tty_vhangup_self(void)
713 : {
714 : struct tty_struct *tty;
715 :
716 0 : tty = get_current_tty();
717 0 : if (tty) {
718 0 : tty_vhangup(tty);
719 : tty_kref_put(tty);
720 : }
721 0 : }
722 :
723 : /**
724 : * tty_vhangup_session - hangup session leader exit
725 : * @tty: tty to hangup
726 : *
727 : * The session leader is exiting and hanging up its controlling terminal.
728 : * Every process in the foreground process group is signalled %SIGHUP.
729 : *
730 : * We do this synchronously so that when the syscall returns the process is
731 : * complete. That guarantee is necessary for security reasons.
732 : */
733 0 : void tty_vhangup_session(struct tty_struct *tty)
734 : {
735 : tty_debug_hangup(tty, "session hangup\n");
736 0 : __tty_hangup(tty, 1);
737 0 : }
738 :
739 : /**
740 : * tty_hung_up_p - was tty hung up
741 : * @filp: file pointer of tty
742 : *
743 : * Return: true if the tty has been subject to a vhangup or a carrier loss
744 : */
745 0 : int tty_hung_up_p(struct file *filp)
746 : {
747 0 : return (filp && filp->f_op == &hung_up_tty_fops);
748 : }
749 : EXPORT_SYMBOL(tty_hung_up_p);
750 :
751 0 : void __stop_tty(struct tty_struct *tty)
752 : {
753 0 : if (tty->flow.stopped)
754 : return;
755 0 : tty->flow.stopped = true;
756 0 : if (tty->ops->stop)
757 0 : tty->ops->stop(tty);
758 : }
759 :
760 : /**
761 : * stop_tty - propagate flow control
762 : * @tty: tty to stop
763 : *
764 : * Perform flow control to the driver. May be called on an already stopped
765 : * device and will not re-call the &tty_driver->stop() method.
766 : *
767 : * This functionality is used by both the line disciplines for halting incoming
768 : * flow and by the driver. It may therefore be called from any context, may be
769 : * under the tty %atomic_write_lock but not always.
770 : *
771 : * Locking:
772 : * flow.lock
773 : */
774 0 : void stop_tty(struct tty_struct *tty)
775 : {
776 : unsigned long flags;
777 :
778 0 : spin_lock_irqsave(&tty->flow.lock, flags);
779 0 : __stop_tty(tty);
780 0 : spin_unlock_irqrestore(&tty->flow.lock, flags);
781 0 : }
782 : EXPORT_SYMBOL(stop_tty);
783 :
784 0 : void __start_tty(struct tty_struct *tty)
785 : {
786 0 : if (!tty->flow.stopped || tty->flow.tco_stopped)
787 : return;
788 0 : tty->flow.stopped = false;
789 0 : if (tty->ops->start)
790 0 : tty->ops->start(tty);
791 0 : tty_wakeup(tty);
792 : }
793 :
794 : /**
795 : * start_tty - propagate flow control
796 : * @tty: tty to start
797 : *
798 : * Start a tty that has been stopped if at all possible. If @tty was previously
799 : * stopped and is now being started, the &tty_driver->start() method is invoked
800 : * and the line discipline woken.
801 : *
802 : * Locking:
803 : * flow.lock
804 : */
805 0 : void start_tty(struct tty_struct *tty)
806 : {
807 : unsigned long flags;
808 :
809 0 : spin_lock_irqsave(&tty->flow.lock, flags);
810 0 : __start_tty(tty);
811 0 : spin_unlock_irqrestore(&tty->flow.lock, flags);
812 0 : }
813 : EXPORT_SYMBOL(start_tty);
814 :
815 0 : static void tty_update_time(struct tty_struct *tty, bool mtime)
816 : {
817 0 : time64_t sec = ktime_get_real_seconds();
818 : struct tty_file_private *priv;
819 :
820 0 : spin_lock(&tty->files_lock);
821 0 : list_for_each_entry(priv, &tty->tty_files, list) {
822 0 : struct inode *inode = file_inode(priv->file);
823 0 : struct timespec64 *time = mtime ? &inode->i_mtime : &inode->i_atime;
824 :
825 : /*
826 : * We only care if the two values differ in anything other than the
827 : * lower three bits (i.e every 8 seconds). If so, then we can update
828 : * the time of the tty device, otherwise it could be construded as a
829 : * security leak to let userspace know the exact timing of the tty.
830 : */
831 0 : if ((sec ^ time->tv_sec) & ~7)
832 0 : time->tv_sec = sec;
833 : }
834 0 : spin_unlock(&tty->files_lock);
835 0 : }
836 :
837 : /*
838 : * Iterate on the ldisc ->read() function until we've gotten all
839 : * the data the ldisc has for us.
840 : *
841 : * The "cookie" is something that the ldisc read function can fill
842 : * in to let us know that there is more data to be had.
843 : *
844 : * We promise to continue to call the ldisc until it stops returning
845 : * data or clears the cookie. The cookie may be something that the
846 : * ldisc maintains state for and needs to free.
847 : */
848 0 : static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
849 : struct file *file, struct iov_iter *to)
850 : {
851 0 : int retval = 0;
852 0 : void *cookie = NULL;
853 0 : unsigned long offset = 0;
854 : char kernel_buf[64];
855 0 : size_t count = iov_iter_count(to);
856 :
857 : do {
858 : int size, copied;
859 :
860 0 : size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
861 0 : size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
862 0 : if (!size)
863 : break;
864 :
865 0 : if (size < 0) {
866 : /* Did we have an earlier error (ie -EFAULT)? */
867 0 : if (retval)
868 : break;
869 0 : retval = size;
870 :
871 : /*
872 : * -EOVERFLOW means we didn't have enough space
873 : * for a whole packet, and we shouldn't return
874 : * a partial result.
875 : */
876 0 : if (retval == -EOVERFLOW)
877 0 : offset = 0;
878 : break;
879 : }
880 :
881 0 : copied = copy_to_iter(kernel_buf, size, to);
882 0 : offset += copied;
883 0 : count -= copied;
884 :
885 : /*
886 : * If the user copy failed, we still need to do another ->read()
887 : * call if we had a cookie to let the ldisc clear up.
888 : *
889 : * But make sure size is zeroed.
890 : */
891 0 : if (unlikely(copied != size)) {
892 0 : count = 0;
893 0 : retval = -EFAULT;
894 : }
895 0 : } while (cookie);
896 :
897 : /* We always clear tty buffer in case they contained passwords */
898 0 : memzero_explicit(kernel_buf, sizeof(kernel_buf));
899 0 : return offset ? offset : retval;
900 : }
901 :
902 :
903 : /**
904 : * tty_read - read method for tty device files
905 : * @iocb: kernel I/O control block
906 : * @to: destination for the data read
907 : *
908 : * Perform the read system call function on this terminal device. Checks
909 : * for hung up devices before calling the line discipline method.
910 : *
911 : * Locking:
912 : * Locks the line discipline internally while needed. Multiple read calls
913 : * may be outstanding in parallel.
914 : */
915 0 : static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
916 : {
917 : int i;
918 0 : struct file *file = iocb->ki_filp;
919 0 : struct inode *inode = file_inode(file);
920 0 : struct tty_struct *tty = file_tty(file);
921 : struct tty_ldisc *ld;
922 :
923 0 : if (tty_paranoia_check(tty, inode, "tty_read"))
924 : return -EIO;
925 0 : if (!tty || tty_io_error(tty))
926 : return -EIO;
927 :
928 : /* We want to wait for the line discipline to sort out in this
929 : * situation.
930 : */
931 0 : ld = tty_ldisc_ref_wait(tty);
932 0 : if (!ld)
933 : return hung_up_tty_read(iocb, to);
934 0 : i = -EIO;
935 0 : if (ld->ops->read)
936 0 : i = iterate_tty_read(ld, tty, file, to);
937 0 : tty_ldisc_deref(ld);
938 :
939 0 : if (i > 0)
940 0 : tty_update_time(tty, false);
941 :
942 0 : return i;
943 : }
944 :
945 0 : void tty_write_unlock(struct tty_struct *tty)
946 : {
947 0 : mutex_unlock(&tty->atomic_write_lock);
948 0 : wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
949 0 : }
950 :
951 0 : int tty_write_lock(struct tty_struct *tty, int ndelay)
952 : {
953 0 : if (!mutex_trylock(&tty->atomic_write_lock)) {
954 0 : if (ndelay)
955 : return -EAGAIN;
956 0 : if (mutex_lock_interruptible(&tty->atomic_write_lock))
957 : return -ERESTARTSYS;
958 : }
959 : return 0;
960 : }
961 :
962 : /*
963 : * Split writes up in sane blocksizes to avoid
964 : * denial-of-service type attacks
965 : */
966 0 : static inline ssize_t do_tty_write(
967 : ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
968 : struct tty_struct *tty,
969 : struct file *file,
970 : struct iov_iter *from)
971 : {
972 0 : size_t count = iov_iter_count(from);
973 0 : ssize_t ret, written = 0;
974 : unsigned int chunk;
975 :
976 0 : ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
977 0 : if (ret < 0)
978 : return ret;
979 :
980 : /*
981 : * We chunk up writes into a temporary buffer. This
982 : * simplifies low-level drivers immensely, since they
983 : * don't have locking issues and user mode accesses.
984 : *
985 : * But if TTY_NO_WRITE_SPLIT is set, we should use a
986 : * big chunk-size..
987 : *
988 : * The default chunk-size is 2kB, because the NTTY
989 : * layer has problems with bigger chunks. It will
990 : * claim to be able to handle more characters than
991 : * it actually does.
992 : */
993 0 : chunk = 2048;
994 0 : if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
995 0 : chunk = 65536;
996 0 : if (count < chunk)
997 0 : chunk = count;
998 :
999 : /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1000 0 : if (tty->write_cnt < chunk) {
1001 : unsigned char *buf_chunk;
1002 :
1003 0 : if (chunk < 1024)
1004 0 : chunk = 1024;
1005 :
1006 0 : buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1007 0 : if (!buf_chunk) {
1008 : ret = -ENOMEM;
1009 : goto out;
1010 : }
1011 0 : kvfree(tty->write_buf);
1012 0 : tty->write_cnt = chunk;
1013 0 : tty->write_buf = buf_chunk;
1014 : }
1015 :
1016 : /* Do the write .. */
1017 0 : for (;;) {
1018 0 : size_t size = count;
1019 :
1020 0 : if (size > chunk)
1021 0 : size = chunk;
1022 :
1023 0 : ret = -EFAULT;
1024 0 : if (copy_from_iter(tty->write_buf, size, from) != size)
1025 : break;
1026 :
1027 0 : ret = write(tty, file, tty->write_buf, size);
1028 0 : if (ret <= 0)
1029 : break;
1030 :
1031 0 : written += ret;
1032 0 : if (ret > size)
1033 : break;
1034 :
1035 : /* FIXME! Have Al check this! */
1036 0 : if (ret != size)
1037 0 : iov_iter_revert(from, size-ret);
1038 :
1039 0 : count -= ret;
1040 0 : if (!count)
1041 : break;
1042 0 : ret = -ERESTARTSYS;
1043 0 : if (signal_pending(current))
1044 : break;
1045 0 : cond_resched();
1046 : }
1047 0 : if (written) {
1048 0 : tty_update_time(tty, true);
1049 0 : ret = written;
1050 : }
1051 : out:
1052 0 : tty_write_unlock(tty);
1053 0 : return ret;
1054 : }
1055 :
1056 : /**
1057 : * tty_write_message - write a message to a certain tty, not just the console.
1058 : * @tty: the destination tty_struct
1059 : * @msg: the message to write
1060 : *
1061 : * This is used for messages that need to be redirected to a specific tty. We
1062 : * don't put it into the syslog queue right now maybe in the future if really
1063 : * needed.
1064 : *
1065 : * We must still hold the BTM and test the CLOSING flag for the moment.
1066 : */
1067 0 : void tty_write_message(struct tty_struct *tty, char *msg)
1068 : {
1069 0 : if (tty) {
1070 0 : mutex_lock(&tty->atomic_write_lock);
1071 0 : tty_lock(tty);
1072 0 : if (tty->ops->write && tty->count > 0)
1073 0 : tty->ops->write(tty, msg, strlen(msg));
1074 0 : tty_unlock(tty);
1075 0 : tty_write_unlock(tty);
1076 : }
1077 0 : }
1078 :
1079 0 : static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1080 : {
1081 0 : struct tty_struct *tty = file_tty(file);
1082 : struct tty_ldisc *ld;
1083 : ssize_t ret;
1084 :
1085 0 : if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1086 : return -EIO;
1087 0 : if (!tty || !tty->ops->write || tty_io_error(tty))
1088 : return -EIO;
1089 : /* Short term debug to catch buggy drivers */
1090 0 : if (tty->ops->write_room == NULL)
1091 0 : tty_err(tty, "missing write_room method\n");
1092 0 : ld = tty_ldisc_ref_wait(tty);
1093 0 : if (!ld)
1094 : return hung_up_tty_write(iocb, from);
1095 0 : if (!ld->ops->write)
1096 : ret = -EIO;
1097 : else
1098 0 : ret = do_tty_write(ld->ops->write, tty, file, from);
1099 0 : tty_ldisc_deref(ld);
1100 : return ret;
1101 : }
1102 :
1103 : /**
1104 : * tty_write - write method for tty device file
1105 : * @iocb: kernel I/O control block
1106 : * @from: iov_iter with data to write
1107 : *
1108 : * Write data to a tty device via the line discipline.
1109 : *
1110 : * Locking:
1111 : * Locks the line discipline as required
1112 : * Writes to the tty driver are serialized by the atomic_write_lock
1113 : * and are then processed in chunks to the device. The line
1114 : * discipline write method will not be invoked in parallel for
1115 : * each device.
1116 : */
1117 0 : static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1118 : {
1119 0 : return file_tty_write(iocb->ki_filp, iocb, from);
1120 : }
1121 :
1122 0 : ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1123 : {
1124 0 : struct file *p = NULL;
1125 :
1126 0 : spin_lock(&redirect_lock);
1127 0 : if (redirect)
1128 0 : p = get_file(redirect);
1129 0 : spin_unlock(&redirect_lock);
1130 :
1131 : /*
1132 : * We know the redirected tty is just another tty, we can
1133 : * call file_tty_write() directly with that file pointer.
1134 : */
1135 0 : if (p) {
1136 : ssize_t res;
1137 :
1138 0 : res = file_tty_write(p, iocb, iter);
1139 0 : fput(p);
1140 0 : return res;
1141 : }
1142 0 : return tty_write(iocb, iter);
1143 : }
1144 :
1145 : /**
1146 : * tty_send_xchar - send priority character
1147 : * @tty: the tty to send to
1148 : * @ch: xchar to send
1149 : *
1150 : * Send a high priority character to the tty even if stopped.
1151 : *
1152 : * Locking: none for xchar method, write ordering for write method.
1153 : */
1154 0 : int tty_send_xchar(struct tty_struct *tty, char ch)
1155 : {
1156 0 : bool was_stopped = tty->flow.stopped;
1157 :
1158 0 : if (tty->ops->send_xchar) {
1159 0 : down_read(&tty->termios_rwsem);
1160 0 : tty->ops->send_xchar(tty, ch);
1161 0 : up_read(&tty->termios_rwsem);
1162 0 : return 0;
1163 : }
1164 :
1165 0 : if (tty_write_lock(tty, 0) < 0)
1166 : return -ERESTARTSYS;
1167 :
1168 0 : down_read(&tty->termios_rwsem);
1169 0 : if (was_stopped)
1170 0 : start_tty(tty);
1171 0 : tty->ops->write(tty, &ch, 1);
1172 0 : if (was_stopped)
1173 0 : stop_tty(tty);
1174 0 : up_read(&tty->termios_rwsem);
1175 0 : tty_write_unlock(tty);
1176 0 : return 0;
1177 : }
1178 :
1179 : /**
1180 : * pty_line_name - generate name for a pty
1181 : * @driver: the tty driver in use
1182 : * @index: the minor number
1183 : * @p: output buffer of at least 6 bytes
1184 : *
1185 : * Generate a name from a @driver reference and write it to the output buffer
1186 : * @p.
1187 : *
1188 : * Locking: None
1189 : */
1190 : static void pty_line_name(struct tty_driver *driver, int index, char *p)
1191 : {
1192 : static const char ptychar[] = "pqrstuvwxyzabcde";
1193 512 : int i = index + driver->name_base;
1194 : /* ->name is initialized to "ttyp", but "tty" is expected */
1195 1024 : sprintf(p, "%s%c%x",
1196 : driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1197 512 : ptychar[i >> 4 & 0xf], i & 0xf);
1198 : }
1199 :
1200 : /**
1201 : * tty_line_name - generate name for a tty
1202 : * @driver: the tty driver in use
1203 : * @index: the minor number
1204 : * @p: output buffer of at least 7 bytes
1205 : *
1206 : * Generate a name from a @driver reference and write it to the output buffer
1207 : * @p.
1208 : *
1209 : * Locking: None
1210 : */
1211 1 : static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1212 : {
1213 1 : if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1214 0 : return sprintf(p, "%s", driver->name);
1215 : else
1216 1 : return sprintf(p, "%s%d", driver->name,
1217 1 : index + driver->name_base);
1218 : }
1219 :
1220 : /**
1221 : * tty_driver_lookup_tty() - find an existing tty, if any
1222 : * @driver: the driver for the tty
1223 : * @file: file object
1224 : * @idx: the minor number
1225 : *
1226 : * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1227 : * driver lookup() method returns an error.
1228 : *
1229 : * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1230 : */
1231 0 : static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1232 : struct file *file, int idx)
1233 : {
1234 : struct tty_struct *tty;
1235 :
1236 0 : if (driver->ops->lookup) {
1237 0 : if (!file)
1238 : tty = ERR_PTR(-EIO);
1239 : else
1240 0 : tty = driver->ops->lookup(driver, file, idx);
1241 : } else {
1242 0 : if (idx >= driver->num)
1243 : return ERR_PTR(-EINVAL);
1244 0 : tty = driver->ttys[idx];
1245 : }
1246 0 : if (!IS_ERR(tty))
1247 : tty_kref_get(tty);
1248 : return tty;
1249 : }
1250 :
1251 : /**
1252 : * tty_init_termios - helper for termios setup
1253 : * @tty: the tty to set up
1254 : *
1255 : * Initialise the termios structure for this tty. This runs under the
1256 : * %tty_mutex currently so we can be relaxed about ordering.
1257 : */
1258 0 : void tty_init_termios(struct tty_struct *tty)
1259 : {
1260 : struct ktermios *tp;
1261 0 : int idx = tty->index;
1262 :
1263 0 : if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1264 0 : tty->termios = tty->driver->init_termios;
1265 : else {
1266 : /* Check for lazy saved data */
1267 0 : tp = tty->driver->termios[idx];
1268 0 : if (tp != NULL) {
1269 0 : tty->termios = *tp;
1270 0 : tty->termios.c_line = tty->driver->init_termios.c_line;
1271 : } else
1272 0 : tty->termios = tty->driver->init_termios;
1273 : }
1274 : /* Compatibility until drivers always set this */
1275 0 : tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1276 0 : tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1277 0 : }
1278 : EXPORT_SYMBOL_GPL(tty_init_termios);
1279 :
1280 : /**
1281 : * tty_standard_install - usual tty->ops->install
1282 : * @driver: the driver for the tty
1283 : * @tty: the tty
1284 : *
1285 : * If the @driver overrides @tty->ops->install, it still can call this function
1286 : * to perform the standard install operations.
1287 : */
1288 0 : int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1289 : {
1290 0 : tty_init_termios(tty);
1291 0 : tty_driver_kref_get(driver);
1292 0 : tty->count++;
1293 0 : driver->ttys[tty->index] = tty;
1294 0 : return 0;
1295 : }
1296 : EXPORT_SYMBOL_GPL(tty_standard_install);
1297 :
1298 : /**
1299 : * tty_driver_install_tty() - install a tty entry in the driver
1300 : * @driver: the driver for the tty
1301 : * @tty: the tty
1302 : *
1303 : * Install a tty object into the driver tables. The @tty->index field will be
1304 : * set by the time this is called. This method is responsible for ensuring any
1305 : * need additional structures are allocated and configured.
1306 : *
1307 : * Locking: tty_mutex for now
1308 : */
1309 0 : static int tty_driver_install_tty(struct tty_driver *driver,
1310 : struct tty_struct *tty)
1311 : {
1312 0 : return driver->ops->install ? driver->ops->install(driver, tty) :
1313 : tty_standard_install(driver, tty);
1314 : }
1315 :
1316 : /**
1317 : * tty_driver_remove_tty() - remove a tty from the driver tables
1318 : * @driver: the driver for the tty
1319 : * @tty: tty to remove
1320 : *
1321 : * Remove a tty object from the driver tables. The tty->index field will be set
1322 : * by the time this is called.
1323 : *
1324 : * Locking: tty_mutex for now
1325 : */
1326 : static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1327 : {
1328 0 : if (driver->ops->remove)
1329 0 : driver->ops->remove(driver, tty);
1330 : else
1331 0 : driver->ttys[tty->index] = NULL;
1332 : }
1333 :
1334 : /**
1335 : * tty_reopen() - fast re-open of an open tty
1336 : * @tty: the tty to open
1337 : *
1338 : * Re-opens on master ptys are not allowed and return -%EIO.
1339 : *
1340 : * Locking: Caller must hold tty_lock
1341 : * Return: 0 on success, -errno on error.
1342 : */
1343 0 : static int tty_reopen(struct tty_struct *tty)
1344 : {
1345 0 : struct tty_driver *driver = tty->driver;
1346 : struct tty_ldisc *ld;
1347 0 : int retval = 0;
1348 :
1349 0 : if (driver->type == TTY_DRIVER_TYPE_PTY &&
1350 : driver->subtype == PTY_TYPE_MASTER)
1351 : return -EIO;
1352 :
1353 0 : if (!tty->count)
1354 : return -EAGAIN;
1355 :
1356 0 : if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1357 : return -EBUSY;
1358 :
1359 0 : ld = tty_ldisc_ref_wait(tty);
1360 0 : if (ld) {
1361 0 : tty_ldisc_deref(ld);
1362 : } else {
1363 0 : retval = tty_ldisc_lock(tty, 5 * HZ);
1364 0 : if (retval)
1365 : return retval;
1366 :
1367 0 : if (!tty->ldisc)
1368 0 : retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1369 0 : tty_ldisc_unlock(tty);
1370 : }
1371 :
1372 0 : if (retval == 0)
1373 0 : tty->count++;
1374 :
1375 : return retval;
1376 : }
1377 :
1378 : /**
1379 : * tty_init_dev - initialise a tty device
1380 : * @driver: tty driver we are opening a device on
1381 : * @idx: device index
1382 : *
1383 : * Prepare a tty device. This may not be a "new" clean device but could also be
1384 : * an active device. The pty drivers require special handling because of this.
1385 : *
1386 : * Locking:
1387 : * The function is called under the tty_mutex, which protects us from the
1388 : * tty struct or driver itself going away.
1389 : *
1390 : * On exit the tty device has the line discipline attached and a reference
1391 : * count of 1. If a pair was created for pty/tty use and the other was a pty
1392 : * master then it too has a reference count of 1.
1393 : *
1394 : * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1395 : * open. The new code protects the open with a mutex, so it's really quite
1396 : * straightforward. The mutex locking can probably be relaxed for the (most
1397 : * common) case of reopening a tty.
1398 : *
1399 : * Return: new tty structure
1400 : */
1401 0 : struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1402 : {
1403 : struct tty_struct *tty;
1404 : int retval;
1405 :
1406 : /*
1407 : * First time open is complex, especially for PTY devices.
1408 : * This code guarantees that either everything succeeds and the
1409 : * TTY is ready for operation, or else the table slots are vacated
1410 : * and the allocated memory released. (Except that the termios
1411 : * may be retained.)
1412 : */
1413 :
1414 0 : if (!try_module_get(driver->owner))
1415 : return ERR_PTR(-ENODEV);
1416 :
1417 0 : tty = alloc_tty_struct(driver, idx);
1418 0 : if (!tty) {
1419 : retval = -ENOMEM;
1420 : goto err_module_put;
1421 : }
1422 :
1423 0 : tty_lock(tty);
1424 0 : retval = tty_driver_install_tty(driver, tty);
1425 0 : if (retval < 0)
1426 : goto err_free_tty;
1427 :
1428 0 : if (!tty->port)
1429 0 : tty->port = driver->ports[idx];
1430 :
1431 0 : if (WARN_RATELIMIT(!tty->port,
1432 : "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1433 : __func__, tty->driver->name)) {
1434 : retval = -EINVAL;
1435 : goto err_release_lock;
1436 : }
1437 :
1438 0 : retval = tty_ldisc_lock(tty, 5 * HZ);
1439 0 : if (retval)
1440 : goto err_release_lock;
1441 0 : tty->port->itty = tty;
1442 :
1443 : /*
1444 : * Structures all installed ... call the ldisc open routines.
1445 : * If we fail here just call release_tty to clean up. No need
1446 : * to decrement the use counts, as release_tty doesn't care.
1447 : */
1448 0 : retval = tty_ldisc_setup(tty, tty->link);
1449 0 : if (retval)
1450 : goto err_release_tty;
1451 0 : tty_ldisc_unlock(tty);
1452 : /* Return the tty locked so that it cannot vanish under the caller */
1453 0 : return tty;
1454 :
1455 : err_free_tty:
1456 0 : tty_unlock(tty);
1457 0 : free_tty_struct(tty);
1458 : err_module_put:
1459 0 : module_put(driver->owner);
1460 0 : return ERR_PTR(retval);
1461 :
1462 : /* call the tty release_tty routine to clean out this slot */
1463 : err_release_tty:
1464 0 : tty_ldisc_unlock(tty);
1465 0 : tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1466 : retval, idx);
1467 : err_release_lock:
1468 0 : tty_unlock(tty);
1469 0 : release_tty(tty, idx);
1470 0 : return ERR_PTR(retval);
1471 : }
1472 :
1473 : /**
1474 : * tty_save_termios() - save tty termios data in driver table
1475 : * @tty: tty whose termios data to save
1476 : *
1477 : * Locking: Caller guarantees serialisation with tty_init_termios().
1478 : */
1479 0 : void tty_save_termios(struct tty_struct *tty)
1480 : {
1481 : struct ktermios *tp;
1482 0 : int idx = tty->index;
1483 :
1484 : /* If the port is going to reset then it has no termios to save */
1485 0 : if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1486 : return;
1487 :
1488 : /* Stash the termios data */
1489 0 : tp = tty->driver->termios[idx];
1490 0 : if (tp == NULL) {
1491 0 : tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1492 0 : if (tp == NULL)
1493 : return;
1494 0 : tty->driver->termios[idx] = tp;
1495 : }
1496 0 : *tp = tty->termios;
1497 : }
1498 : EXPORT_SYMBOL_GPL(tty_save_termios);
1499 :
1500 : /**
1501 : * tty_flush_works - flush all works of a tty/pty pair
1502 : * @tty: tty device to flush works for (or either end of a pty pair)
1503 : *
1504 : * Sync flush all works belonging to @tty (and the 'other' tty).
1505 : */
1506 0 : static void tty_flush_works(struct tty_struct *tty)
1507 : {
1508 0 : flush_work(&tty->SAK_work);
1509 0 : flush_work(&tty->hangup_work);
1510 0 : if (tty->link) {
1511 0 : flush_work(&tty->link->SAK_work);
1512 0 : flush_work(&tty->link->hangup_work);
1513 : }
1514 0 : }
1515 :
1516 : /**
1517 : * release_one_tty - release tty structure memory
1518 : * @work: work of tty we are obliterating
1519 : *
1520 : * Releases memory associated with a tty structure, and clears out the
1521 : * driver table slots. This function is called when a device is no longer
1522 : * in use. It also gets called when setup of a device fails.
1523 : *
1524 : * Locking:
1525 : * takes the file list lock internally when working on the list of ttys
1526 : * that the driver keeps.
1527 : *
1528 : * This method gets called from a work queue so that the driver private
1529 : * cleanup ops can sleep (needed for USB at least)
1530 : */
1531 0 : static void release_one_tty(struct work_struct *work)
1532 : {
1533 0 : struct tty_struct *tty =
1534 0 : container_of(work, struct tty_struct, hangup_work);
1535 0 : struct tty_driver *driver = tty->driver;
1536 0 : struct module *owner = driver->owner;
1537 :
1538 0 : if (tty->ops->cleanup)
1539 0 : tty->ops->cleanup(tty);
1540 :
1541 0 : tty_driver_kref_put(driver);
1542 0 : module_put(owner);
1543 :
1544 0 : spin_lock(&tty->files_lock);
1545 0 : list_del_init(&tty->tty_files);
1546 0 : spin_unlock(&tty->files_lock);
1547 :
1548 0 : put_pid(tty->ctrl.pgrp);
1549 0 : put_pid(tty->ctrl.session);
1550 0 : free_tty_struct(tty);
1551 0 : }
1552 :
1553 0 : static void queue_release_one_tty(struct kref *kref)
1554 : {
1555 0 : struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1556 :
1557 : /* The hangup queue is now free so we can reuse it rather than
1558 : * waste a chunk of memory for each port.
1559 : */
1560 0 : INIT_WORK(&tty->hangup_work, release_one_tty);
1561 0 : schedule_work(&tty->hangup_work);
1562 0 : }
1563 :
1564 : /**
1565 : * tty_kref_put - release a tty kref
1566 : * @tty: tty device
1567 : *
1568 : * Release a reference to the @tty device and if need be let the kref layer
1569 : * destruct the object for us.
1570 : */
1571 160 : void tty_kref_put(struct tty_struct *tty)
1572 : {
1573 160 : if (tty)
1574 0 : kref_put(&tty->kref, queue_release_one_tty);
1575 160 : }
1576 : EXPORT_SYMBOL(tty_kref_put);
1577 :
1578 : /**
1579 : * release_tty - release tty structure memory
1580 : * @tty: tty device release
1581 : * @idx: index of the tty device release
1582 : *
1583 : * Release both @tty and a possible linked partner (think pty pair),
1584 : * and decrement the refcount of the backing module.
1585 : *
1586 : * Locking:
1587 : * tty_mutex
1588 : * takes the file list lock internally when working on the list of ttys
1589 : * that the driver keeps.
1590 : */
1591 0 : static void release_tty(struct tty_struct *tty, int idx)
1592 : {
1593 : /* This should always be true but check for the moment */
1594 0 : WARN_ON(tty->index != idx);
1595 0 : WARN_ON(!mutex_is_locked(&tty_mutex));
1596 0 : if (tty->ops->shutdown)
1597 0 : tty->ops->shutdown(tty);
1598 0 : tty_save_termios(tty);
1599 0 : tty_driver_remove_tty(tty->driver, tty);
1600 0 : if (tty->port)
1601 0 : tty->port->itty = NULL;
1602 0 : if (tty->link)
1603 0 : tty->link->port->itty = NULL;
1604 0 : if (tty->port)
1605 0 : tty_buffer_cancel_work(tty->port);
1606 0 : if (tty->link)
1607 0 : tty_buffer_cancel_work(tty->link->port);
1608 :
1609 0 : tty_kref_put(tty->link);
1610 0 : tty_kref_put(tty);
1611 0 : }
1612 :
1613 : /**
1614 : * tty_release_checks - check a tty before real release
1615 : * @tty: tty to check
1616 : * @idx: index of the tty
1617 : *
1618 : * Performs some paranoid checking before true release of the @tty. This is a
1619 : * no-op unless %TTY_PARANOIA_CHECK is defined.
1620 : */
1621 0 : static int tty_release_checks(struct tty_struct *tty, int idx)
1622 : {
1623 : #ifdef TTY_PARANOIA_CHECK
1624 0 : if (idx < 0 || idx >= tty->driver->num) {
1625 : tty_debug(tty, "bad idx %d\n", idx);
1626 : return -1;
1627 : }
1628 :
1629 : /* not much to check for devpts */
1630 0 : if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1631 : return 0;
1632 :
1633 0 : if (tty != tty->driver->ttys[idx]) {
1634 : tty_debug(tty, "bad driver table[%d] = %p\n",
1635 : idx, tty->driver->ttys[idx]);
1636 : return -1;
1637 : }
1638 0 : if (tty->driver->other) {
1639 0 : struct tty_struct *o_tty = tty->link;
1640 :
1641 0 : if (o_tty != tty->driver->other->ttys[idx]) {
1642 : tty_debug(tty, "bad other table[%d] = %p\n",
1643 : idx, tty->driver->other->ttys[idx]);
1644 : return -1;
1645 : }
1646 0 : if (o_tty->link != tty) {
1647 : tty_debug(tty, "bad link = %p\n", o_tty->link);
1648 : return -1;
1649 : }
1650 : }
1651 : #endif
1652 0 : return 0;
1653 : }
1654 :
1655 : /**
1656 : * tty_kclose - closes tty opened by tty_kopen
1657 : * @tty: tty device
1658 : *
1659 : * Performs the final steps to release and free a tty device. It is the same as
1660 : * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1661 : * @tty->port.
1662 : */
1663 0 : void tty_kclose(struct tty_struct *tty)
1664 : {
1665 : /*
1666 : * Ask the line discipline code to release its structures
1667 : */
1668 0 : tty_ldisc_release(tty);
1669 :
1670 : /* Wait for pending work before tty destruction commences */
1671 0 : tty_flush_works(tty);
1672 :
1673 : tty_debug_hangup(tty, "freeing structure\n");
1674 : /*
1675 : * The release_tty function takes care of the details of clearing
1676 : * the slots and preserving the termios structure.
1677 : */
1678 0 : mutex_lock(&tty_mutex);
1679 0 : tty_port_set_kopened(tty->port, 0);
1680 0 : release_tty(tty, tty->index);
1681 0 : mutex_unlock(&tty_mutex);
1682 0 : }
1683 : EXPORT_SYMBOL_GPL(tty_kclose);
1684 :
1685 : /**
1686 : * tty_release_struct - release a tty struct
1687 : * @tty: tty device
1688 : * @idx: index of the tty
1689 : *
1690 : * Performs the final steps to release and free a tty device. It is roughly the
1691 : * reverse of tty_init_dev().
1692 : */
1693 0 : void tty_release_struct(struct tty_struct *tty, int idx)
1694 : {
1695 : /*
1696 : * Ask the line discipline code to release its structures
1697 : */
1698 0 : tty_ldisc_release(tty);
1699 :
1700 : /* Wait for pending work before tty destruction commmences */
1701 0 : tty_flush_works(tty);
1702 :
1703 : tty_debug_hangup(tty, "freeing structure\n");
1704 : /*
1705 : * The release_tty function takes care of the details of clearing
1706 : * the slots and preserving the termios structure.
1707 : */
1708 0 : mutex_lock(&tty_mutex);
1709 0 : release_tty(tty, idx);
1710 0 : mutex_unlock(&tty_mutex);
1711 0 : }
1712 : EXPORT_SYMBOL_GPL(tty_release_struct);
1713 :
1714 : /**
1715 : * tty_release - vfs callback for close
1716 : * @inode: inode of tty
1717 : * @filp: file pointer for handle to tty
1718 : *
1719 : * Called the last time each file handle is closed that references this tty.
1720 : * There may however be several such references.
1721 : *
1722 : * Locking:
1723 : * Takes BKL. See tty_release_dev().
1724 : *
1725 : * Even releasing the tty structures is a tricky business. We have to be very
1726 : * careful that the structures are all released at the same time, as interrupts
1727 : * might otherwise get the wrong pointers.
1728 : *
1729 : * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1730 : * lead to double frees or releasing memory still in use.
1731 : */
1732 0 : int tty_release(struct inode *inode, struct file *filp)
1733 : {
1734 0 : struct tty_struct *tty = file_tty(filp);
1735 0 : struct tty_struct *o_tty = NULL;
1736 : int do_sleep, final;
1737 : int idx;
1738 0 : long timeout = 0;
1739 0 : int once = 1;
1740 :
1741 0 : if (tty_paranoia_check(tty, inode, __func__))
1742 : return 0;
1743 :
1744 0 : tty_lock(tty);
1745 0 : check_tty_count(tty, __func__);
1746 :
1747 0 : __tty_fasync(-1, filp, 0);
1748 :
1749 0 : idx = tty->index;
1750 0 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1751 : tty->driver->subtype == PTY_TYPE_MASTER)
1752 0 : o_tty = tty->link;
1753 :
1754 0 : if (tty_release_checks(tty, idx)) {
1755 0 : tty_unlock(tty);
1756 0 : return 0;
1757 : }
1758 :
1759 : tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1760 :
1761 0 : if (tty->ops->close)
1762 0 : tty->ops->close(tty, filp);
1763 :
1764 : /* If tty is pty master, lock the slave pty (stable lock order) */
1765 0 : tty_lock_slave(o_tty);
1766 :
1767 : /*
1768 : * Sanity check: if tty->count is going to zero, there shouldn't be
1769 : * any waiters on tty->read_wait or tty->write_wait. We test the
1770 : * wait queues and kick everyone out _before_ actually starting to
1771 : * close. This ensures that we won't block while releasing the tty
1772 : * structure.
1773 : *
1774 : * The test for the o_tty closing is necessary, since the master and
1775 : * slave sides may close in any order. If the slave side closes out
1776 : * first, its count will be one, since the master side holds an open.
1777 : * Thus this test wouldn't be triggered at the time the slave closed,
1778 : * so we do it now.
1779 : */
1780 : while (1) {
1781 0 : do_sleep = 0;
1782 :
1783 0 : if (tty->count <= 1) {
1784 0 : if (waitqueue_active(&tty->read_wait)) {
1785 0 : wake_up_poll(&tty->read_wait, EPOLLIN);
1786 0 : do_sleep++;
1787 : }
1788 0 : if (waitqueue_active(&tty->write_wait)) {
1789 0 : wake_up_poll(&tty->write_wait, EPOLLOUT);
1790 0 : do_sleep++;
1791 : }
1792 : }
1793 0 : if (o_tty && o_tty->count <= 1) {
1794 0 : if (waitqueue_active(&o_tty->read_wait)) {
1795 0 : wake_up_poll(&o_tty->read_wait, EPOLLIN);
1796 0 : do_sleep++;
1797 : }
1798 0 : if (waitqueue_active(&o_tty->write_wait)) {
1799 0 : wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1800 0 : do_sleep++;
1801 : }
1802 : }
1803 0 : if (!do_sleep)
1804 : break;
1805 :
1806 0 : if (once) {
1807 0 : once = 0;
1808 0 : tty_warn(tty, "read/write wait queue active!\n");
1809 : }
1810 0 : schedule_timeout_killable(timeout);
1811 0 : if (timeout < 120 * HZ)
1812 0 : timeout = 2 * timeout + 1;
1813 : else
1814 : timeout = MAX_SCHEDULE_TIMEOUT;
1815 : }
1816 :
1817 0 : if (o_tty) {
1818 0 : if (--o_tty->count < 0) {
1819 0 : tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1820 0 : o_tty->count = 0;
1821 : }
1822 : }
1823 0 : if (--tty->count < 0) {
1824 0 : tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1825 0 : tty->count = 0;
1826 : }
1827 :
1828 : /*
1829 : * We've decremented tty->count, so we need to remove this file
1830 : * descriptor off the tty->tty_files list; this serves two
1831 : * purposes:
1832 : * - check_tty_count sees the correct number of file descriptors
1833 : * associated with this tty.
1834 : * - do_tty_hangup no longer sees this file descriptor as
1835 : * something that needs to be handled for hangups.
1836 : */
1837 0 : tty_del_file(filp);
1838 :
1839 : /*
1840 : * Perform some housekeeping before deciding whether to return.
1841 : *
1842 : * If _either_ side is closing, make sure there aren't any
1843 : * processes that still think tty or o_tty is their controlling
1844 : * tty.
1845 : */
1846 0 : if (!tty->count) {
1847 0 : read_lock(&tasklist_lock);
1848 0 : session_clear_tty(tty->ctrl.session);
1849 0 : if (o_tty)
1850 0 : session_clear_tty(o_tty->ctrl.session);
1851 0 : read_unlock(&tasklist_lock);
1852 : }
1853 :
1854 : /* check whether both sides are closing ... */
1855 0 : final = !tty->count && !(o_tty && o_tty->count);
1856 :
1857 0 : tty_unlock_slave(o_tty);
1858 0 : tty_unlock(tty);
1859 :
1860 : /* At this point, the tty->count == 0 should ensure a dead tty
1861 : * cannot be re-opened by a racing opener.
1862 : */
1863 :
1864 0 : if (!final)
1865 : return 0;
1866 :
1867 : tty_debug_hangup(tty, "final close\n");
1868 :
1869 0 : tty_release_struct(tty, idx);
1870 0 : return 0;
1871 : }
1872 :
1873 : /**
1874 : * tty_open_current_tty - get locked tty of current task
1875 : * @device: device number
1876 : * @filp: file pointer to tty
1877 : * @return: locked tty of the current task iff @device is /dev/tty
1878 : *
1879 : * Performs a re-open of the current task's controlling tty.
1880 : *
1881 : * We cannot return driver and index like for the other nodes because devpts
1882 : * will not work then. It expects inodes to be from devpts FS.
1883 : */
1884 0 : static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1885 : {
1886 : struct tty_struct *tty;
1887 : int retval;
1888 :
1889 0 : if (device != MKDEV(TTYAUX_MAJOR, 0))
1890 : return NULL;
1891 :
1892 0 : tty = get_current_tty();
1893 0 : if (!tty)
1894 : return ERR_PTR(-ENXIO);
1895 :
1896 0 : filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1897 : /* noctty = 1; */
1898 0 : tty_lock(tty);
1899 0 : tty_kref_put(tty); /* safe to drop the kref now */
1900 :
1901 0 : retval = tty_reopen(tty);
1902 0 : if (retval < 0) {
1903 0 : tty_unlock(tty);
1904 0 : tty = ERR_PTR(retval);
1905 : }
1906 : return tty;
1907 : }
1908 :
1909 : /**
1910 : * tty_lookup_driver - lookup a tty driver for a given device file
1911 : * @device: device number
1912 : * @filp: file pointer to tty
1913 : * @index: index for the device in the @return driver
1914 : *
1915 : * If returned value is not erroneous, the caller is responsible to decrement
1916 : * the refcount by tty_driver_kref_put().
1917 : *
1918 : * Locking: %tty_mutex protects get_tty_driver()
1919 : *
1920 : * Return: driver for this inode (with increased refcount)
1921 : */
1922 0 : static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1923 : int *index)
1924 : {
1925 0 : struct tty_driver *driver = NULL;
1926 :
1927 0 : switch (device) {
1928 : #ifdef CONFIG_VT
1929 : case MKDEV(TTY_MAJOR, 0): {
1930 : extern struct tty_driver *console_driver;
1931 :
1932 : driver = tty_driver_kref_get(console_driver);
1933 : *index = fg_console;
1934 : break;
1935 : }
1936 : #endif
1937 : case MKDEV(TTYAUX_MAJOR, 1): {
1938 0 : struct tty_driver *console_driver = console_device(index);
1939 :
1940 0 : if (console_driver) {
1941 0 : driver = tty_driver_kref_get(console_driver);
1942 0 : if (driver && filp) {
1943 : /* Don't let /dev/console block */
1944 0 : filp->f_flags |= O_NONBLOCK;
1945 0 : break;
1946 : }
1947 : }
1948 0 : if (driver)
1949 : tty_driver_kref_put(driver);
1950 : return ERR_PTR(-ENODEV);
1951 : }
1952 : default:
1953 0 : driver = get_tty_driver(device, index);
1954 0 : if (!driver)
1955 : return ERR_PTR(-ENODEV);
1956 : break;
1957 : }
1958 : return driver;
1959 : }
1960 :
1961 0 : static struct tty_struct *tty_kopen(dev_t device, int shared)
1962 : {
1963 : struct tty_struct *tty;
1964 : struct tty_driver *driver;
1965 0 : int index = -1;
1966 :
1967 0 : mutex_lock(&tty_mutex);
1968 0 : driver = tty_lookup_driver(device, NULL, &index);
1969 0 : if (IS_ERR(driver)) {
1970 0 : mutex_unlock(&tty_mutex);
1971 0 : return ERR_CAST(driver);
1972 : }
1973 :
1974 : /* check whether we're reopening an existing tty */
1975 0 : tty = tty_driver_lookup_tty(driver, NULL, index);
1976 0 : if (IS_ERR(tty) || shared)
1977 : goto out;
1978 :
1979 0 : if (tty) {
1980 : /* drop kref from tty_driver_lookup_tty() */
1981 0 : tty_kref_put(tty);
1982 0 : tty = ERR_PTR(-EBUSY);
1983 : } else { /* tty_init_dev returns tty with the tty_lock held */
1984 0 : tty = tty_init_dev(driver, index);
1985 0 : if (IS_ERR(tty))
1986 : goto out;
1987 0 : tty_port_set_kopened(tty->port, 1);
1988 : }
1989 : out:
1990 0 : mutex_unlock(&tty_mutex);
1991 0 : tty_driver_kref_put(driver);
1992 0 : return tty;
1993 : }
1994 :
1995 : /**
1996 : * tty_kopen_exclusive - open a tty device for kernel
1997 : * @device: dev_t of device to open
1998 : *
1999 : * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
2000 : * it's not already opened and performs the first-time tty initialization.
2001 : *
2002 : * Claims the global %tty_mutex to serialize:
2003 : * * concurrent first-time tty initialization
2004 : * * concurrent tty driver removal w/ lookup
2005 : * * concurrent tty removal from driver table
2006 : *
2007 : * Return: the locked initialized &tty_struct
2008 : */
2009 0 : struct tty_struct *tty_kopen_exclusive(dev_t device)
2010 : {
2011 0 : return tty_kopen(device, 0);
2012 : }
2013 : EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2014 :
2015 : /**
2016 : * tty_kopen_shared - open a tty device for shared in-kernel use
2017 : * @device: dev_t of device to open
2018 : *
2019 : * Opens an already existing tty for in-kernel use. Compared to
2020 : * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2021 : *
2022 : * Locking: identical to tty_kopen() above.
2023 : */
2024 0 : struct tty_struct *tty_kopen_shared(dev_t device)
2025 : {
2026 0 : return tty_kopen(device, 1);
2027 : }
2028 : EXPORT_SYMBOL_GPL(tty_kopen_shared);
2029 :
2030 : /**
2031 : * tty_open_by_driver - open a tty device
2032 : * @device: dev_t of device to open
2033 : * @filp: file pointer to tty
2034 : *
2035 : * Performs the driver lookup, checks for a reopen, or otherwise performs the
2036 : * first-time tty initialization.
2037 : *
2038 : *
2039 : * Claims the global tty_mutex to serialize:
2040 : * * concurrent first-time tty initialization
2041 : * * concurrent tty driver removal w/ lookup
2042 : * * concurrent tty removal from driver table
2043 : *
2044 : * Return: the locked initialized or re-opened &tty_struct
2045 : */
2046 0 : static struct tty_struct *tty_open_by_driver(dev_t device,
2047 : struct file *filp)
2048 : {
2049 : struct tty_struct *tty;
2050 0 : struct tty_driver *driver = NULL;
2051 0 : int index = -1;
2052 : int retval;
2053 :
2054 0 : mutex_lock(&tty_mutex);
2055 0 : driver = tty_lookup_driver(device, filp, &index);
2056 0 : if (IS_ERR(driver)) {
2057 0 : mutex_unlock(&tty_mutex);
2058 0 : return ERR_CAST(driver);
2059 : }
2060 :
2061 : /* check whether we're reopening an existing tty */
2062 0 : tty = tty_driver_lookup_tty(driver, filp, index);
2063 0 : if (IS_ERR(tty)) {
2064 0 : mutex_unlock(&tty_mutex);
2065 0 : goto out;
2066 : }
2067 :
2068 0 : if (tty) {
2069 0 : if (tty_port_kopened(tty->port)) {
2070 0 : tty_kref_put(tty);
2071 0 : mutex_unlock(&tty_mutex);
2072 0 : tty = ERR_PTR(-EBUSY);
2073 0 : goto out;
2074 : }
2075 0 : mutex_unlock(&tty_mutex);
2076 0 : retval = tty_lock_interruptible(tty);
2077 0 : tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2078 0 : if (retval) {
2079 0 : if (retval == -EINTR)
2080 0 : retval = -ERESTARTSYS;
2081 0 : tty = ERR_PTR(retval);
2082 0 : goto out;
2083 : }
2084 0 : retval = tty_reopen(tty);
2085 0 : if (retval < 0) {
2086 0 : tty_unlock(tty);
2087 0 : tty = ERR_PTR(retval);
2088 : }
2089 : } else { /* Returns with the tty_lock held for now */
2090 0 : tty = tty_init_dev(driver, index);
2091 0 : mutex_unlock(&tty_mutex);
2092 : }
2093 : out:
2094 0 : tty_driver_kref_put(driver);
2095 0 : return tty;
2096 : }
2097 :
2098 : /**
2099 : * tty_open - open a tty device
2100 : * @inode: inode of device file
2101 : * @filp: file pointer to tty
2102 : *
2103 : * tty_open() and tty_release() keep up the tty count that contains the number
2104 : * of opens done on a tty. We cannot use the inode-count, as different inodes
2105 : * might point to the same tty.
2106 : *
2107 : * Open-counting is needed for pty masters, as well as for keeping track of
2108 : * serial lines: DTR is dropped when the last close happens.
2109 : * (This is not done solely through tty->count, now. - Ted 1/27/92)
2110 : *
2111 : * The termios state of a pty is reset on the first open so that settings don't
2112 : * persist across reuse.
2113 : *
2114 : * Locking:
2115 : * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2116 : * * @tty->count should protect the rest.
2117 : * * ->siglock protects ->signal/->sighand
2118 : *
2119 : * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2120 : */
2121 0 : static int tty_open(struct inode *inode, struct file *filp)
2122 : {
2123 : struct tty_struct *tty;
2124 : int noctty, retval;
2125 0 : dev_t device = inode->i_rdev;
2126 0 : unsigned saved_flags = filp->f_flags;
2127 :
2128 0 : nonseekable_open(inode, filp);
2129 :
2130 : retry_open:
2131 0 : retval = tty_alloc_file(filp);
2132 0 : if (retval)
2133 : return -ENOMEM;
2134 :
2135 0 : tty = tty_open_current_tty(device, filp);
2136 0 : if (!tty)
2137 0 : tty = tty_open_by_driver(device, filp);
2138 :
2139 0 : if (IS_ERR(tty)) {
2140 0 : tty_free_file(filp);
2141 0 : retval = PTR_ERR(tty);
2142 0 : if (retval != -EAGAIN || signal_pending(current))
2143 : return retval;
2144 0 : schedule();
2145 0 : goto retry_open;
2146 : }
2147 :
2148 0 : tty_add_file(tty, filp);
2149 :
2150 0 : check_tty_count(tty, __func__);
2151 : tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2152 :
2153 0 : if (tty->ops->open)
2154 0 : retval = tty->ops->open(tty, filp);
2155 : else
2156 : retval = -ENODEV;
2157 0 : filp->f_flags = saved_flags;
2158 :
2159 0 : if (retval) {
2160 : tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2161 :
2162 0 : tty_unlock(tty); /* need to call tty_release without BTM */
2163 0 : tty_release(inode, filp);
2164 0 : if (retval != -ERESTARTSYS)
2165 : return retval;
2166 :
2167 0 : if (signal_pending(current))
2168 : return retval;
2169 :
2170 0 : schedule();
2171 : /*
2172 : * Need to reset f_op in case a hangup happened.
2173 : */
2174 0 : if (tty_hung_up_p(filp))
2175 0 : filp->f_op = &tty_fops;
2176 : goto retry_open;
2177 : }
2178 0 : clear_bit(TTY_HUPPED, &tty->flags);
2179 :
2180 0 : noctty = (filp->f_flags & O_NOCTTY) ||
2181 0 : (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2182 0 : device == MKDEV(TTYAUX_MAJOR, 1) ||
2183 0 : (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2184 : tty->driver->subtype == PTY_TYPE_MASTER);
2185 0 : if (!noctty)
2186 0 : tty_open_proc_set_tty(filp, tty);
2187 0 : tty_unlock(tty);
2188 0 : return 0;
2189 : }
2190 :
2191 :
2192 : /**
2193 : * tty_poll - check tty status
2194 : * @filp: file being polled
2195 : * @wait: poll wait structures to update
2196 : *
2197 : * Call the line discipline polling method to obtain the poll status of the
2198 : * device.
2199 : *
2200 : * Locking: locks called line discipline but ldisc poll method may be
2201 : * re-entered freely by other callers.
2202 : */
2203 0 : static __poll_t tty_poll(struct file *filp, poll_table *wait)
2204 : {
2205 0 : struct tty_struct *tty = file_tty(filp);
2206 : struct tty_ldisc *ld;
2207 0 : __poll_t ret = 0;
2208 :
2209 0 : if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2210 : return 0;
2211 :
2212 0 : ld = tty_ldisc_ref_wait(tty);
2213 0 : if (!ld)
2214 : return hung_up_tty_poll(filp, wait);
2215 0 : if (ld->ops->poll)
2216 0 : ret = ld->ops->poll(tty, filp, wait);
2217 0 : tty_ldisc_deref(ld);
2218 0 : return ret;
2219 : }
2220 :
2221 0 : static int __tty_fasync(int fd, struct file *filp, int on)
2222 : {
2223 0 : struct tty_struct *tty = file_tty(filp);
2224 : unsigned long flags;
2225 0 : int retval = 0;
2226 :
2227 0 : if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2228 : goto out;
2229 :
2230 0 : retval = fasync_helper(fd, filp, on, &tty->fasync);
2231 0 : if (retval <= 0)
2232 : goto out;
2233 :
2234 0 : if (on) {
2235 : enum pid_type type;
2236 : struct pid *pid;
2237 :
2238 0 : spin_lock_irqsave(&tty->ctrl.lock, flags);
2239 0 : if (tty->ctrl.pgrp) {
2240 : pid = tty->ctrl.pgrp;
2241 : type = PIDTYPE_PGID;
2242 : } else {
2243 0 : pid = task_pid(current);
2244 0 : type = PIDTYPE_TGID;
2245 : }
2246 0 : get_pid(pid);
2247 0 : spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2248 0 : __f_setown(filp, pid, type, 0);
2249 0 : put_pid(pid);
2250 0 : retval = 0;
2251 : }
2252 : out:
2253 0 : return retval;
2254 : }
2255 :
2256 0 : static int tty_fasync(int fd, struct file *filp, int on)
2257 : {
2258 0 : struct tty_struct *tty = file_tty(filp);
2259 0 : int retval = -ENOTTY;
2260 :
2261 0 : tty_lock(tty);
2262 0 : if (!tty_hung_up_p(filp))
2263 0 : retval = __tty_fasync(fd, filp, on);
2264 0 : tty_unlock(tty);
2265 :
2266 0 : return retval;
2267 : }
2268 :
2269 : static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
2270 : /**
2271 : * tiocsti - fake input character
2272 : * @tty: tty to fake input into
2273 : * @p: pointer to character
2274 : *
2275 : * Fake input to a tty device. Does the necessary locking and input management.
2276 : *
2277 : * FIXME: does not honour flow control ??
2278 : *
2279 : * Locking:
2280 : * * Called functions take tty_ldiscs_lock
2281 : * * current->signal->tty check is safe without locks
2282 : */
2283 0 : static int tiocsti(struct tty_struct *tty, char __user *p)
2284 : {
2285 0 : char ch, mbz = 0;
2286 : struct tty_ldisc *ld;
2287 :
2288 0 : if (!tty_legacy_tiocsti)
2289 : return -EIO;
2290 :
2291 0 : if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2292 : return -EPERM;
2293 0 : if (get_user(ch, p))
2294 : return -EFAULT;
2295 0 : tty_audit_tiocsti(tty, ch);
2296 0 : ld = tty_ldisc_ref_wait(tty);
2297 0 : if (!ld)
2298 : return -EIO;
2299 0 : tty_buffer_lock_exclusive(tty->port);
2300 0 : if (ld->ops->receive_buf)
2301 0 : ld->ops->receive_buf(tty, &ch, &mbz, 1);
2302 0 : tty_buffer_unlock_exclusive(tty->port);
2303 0 : tty_ldisc_deref(ld);
2304 0 : return 0;
2305 : }
2306 :
2307 : /**
2308 : * tiocgwinsz - implement window query ioctl
2309 : * @tty: tty
2310 : * @arg: user buffer for result
2311 : *
2312 : * Copies the kernel idea of the window size into the user buffer.
2313 : *
2314 : * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2315 : * consistent.
2316 : */
2317 0 : static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2318 : {
2319 : int err;
2320 :
2321 0 : mutex_lock(&tty->winsize_mutex);
2322 0 : err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2323 0 : mutex_unlock(&tty->winsize_mutex);
2324 :
2325 0 : return err ? -EFAULT : 0;
2326 : }
2327 :
2328 : /**
2329 : * tty_do_resize - resize event
2330 : * @tty: tty being resized
2331 : * @ws: new dimensions
2332 : *
2333 : * Update the termios variables and send the necessary signals to peform a
2334 : * terminal resize correctly.
2335 : */
2336 0 : int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2337 : {
2338 : struct pid *pgrp;
2339 :
2340 : /* Lock the tty */
2341 0 : mutex_lock(&tty->winsize_mutex);
2342 0 : if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2343 : goto done;
2344 :
2345 : /* Signal the foreground process group */
2346 0 : pgrp = tty_get_pgrp(tty);
2347 0 : if (pgrp)
2348 0 : kill_pgrp(pgrp, SIGWINCH, 1);
2349 0 : put_pid(pgrp);
2350 :
2351 0 : tty->winsize = *ws;
2352 : done:
2353 0 : mutex_unlock(&tty->winsize_mutex);
2354 0 : return 0;
2355 : }
2356 : EXPORT_SYMBOL(tty_do_resize);
2357 :
2358 : /**
2359 : * tiocswinsz - implement window size set ioctl
2360 : * @tty: tty side of tty
2361 : * @arg: user buffer for result
2362 : *
2363 : * Copies the user idea of the window size to the kernel. Traditionally this is
2364 : * just advisory information but for the Linux console it actually has driver
2365 : * level meaning and triggers a VC resize.
2366 : *
2367 : * Locking:
2368 : * Driver dependent. The default do_resize method takes the tty termios
2369 : * mutex and ctrl.lock. The console takes its own lock then calls into the
2370 : * default method.
2371 : */
2372 0 : static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2373 : {
2374 : struct winsize tmp_ws;
2375 :
2376 0 : if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2377 : return -EFAULT;
2378 :
2379 0 : if (tty->ops->resize)
2380 0 : return tty->ops->resize(tty, &tmp_ws);
2381 : else
2382 0 : return tty_do_resize(tty, &tmp_ws);
2383 : }
2384 :
2385 : /**
2386 : * tioccons - allow admin to move logical console
2387 : * @file: the file to become console
2388 : *
2389 : * Allow the administrator to move the redirected console device.
2390 : *
2391 : * Locking: uses redirect_lock to guard the redirect information
2392 : */
2393 0 : static int tioccons(struct file *file)
2394 : {
2395 0 : if (!capable(CAP_SYS_ADMIN))
2396 : return -EPERM;
2397 0 : if (file->f_op->write_iter == redirected_tty_write) {
2398 : struct file *f;
2399 :
2400 0 : spin_lock(&redirect_lock);
2401 0 : f = redirect;
2402 0 : redirect = NULL;
2403 0 : spin_unlock(&redirect_lock);
2404 0 : if (f)
2405 0 : fput(f);
2406 : return 0;
2407 : }
2408 0 : if (file->f_op->write_iter != tty_write)
2409 : return -ENOTTY;
2410 0 : if (!(file->f_mode & FMODE_WRITE))
2411 : return -EBADF;
2412 0 : if (!(file->f_mode & FMODE_CAN_WRITE))
2413 : return -EINVAL;
2414 0 : spin_lock(&redirect_lock);
2415 0 : if (redirect) {
2416 0 : spin_unlock(&redirect_lock);
2417 0 : return -EBUSY;
2418 : }
2419 0 : redirect = get_file(file);
2420 0 : spin_unlock(&redirect_lock);
2421 0 : return 0;
2422 : }
2423 :
2424 : /**
2425 : * tiocsetd - set line discipline
2426 : * @tty: tty device
2427 : * @p: pointer to user data
2428 : *
2429 : * Set the line discipline according to user request.
2430 : *
2431 : * Locking: see tty_set_ldisc(), this function is just a helper
2432 : */
2433 0 : static int tiocsetd(struct tty_struct *tty, int __user *p)
2434 : {
2435 : int disc;
2436 : int ret;
2437 :
2438 0 : if (get_user(disc, p))
2439 : return -EFAULT;
2440 :
2441 0 : ret = tty_set_ldisc(tty, disc);
2442 :
2443 0 : return ret;
2444 : }
2445 :
2446 : /**
2447 : * tiocgetd - get line discipline
2448 : * @tty: tty device
2449 : * @p: pointer to user data
2450 : *
2451 : * Retrieves the line discipline id directly from the ldisc.
2452 : *
2453 : * Locking: waits for ldisc reference (in case the line discipline is changing
2454 : * or the @tty is being hungup)
2455 : */
2456 0 : static int tiocgetd(struct tty_struct *tty, int __user *p)
2457 : {
2458 : struct tty_ldisc *ld;
2459 : int ret;
2460 :
2461 0 : ld = tty_ldisc_ref_wait(tty);
2462 0 : if (!ld)
2463 : return -EIO;
2464 0 : ret = put_user(ld->ops->num, p);
2465 0 : tty_ldisc_deref(ld);
2466 0 : return ret;
2467 : }
2468 :
2469 : /**
2470 : * send_break - performed time break
2471 : * @tty: device to break on
2472 : * @duration: timeout in mS
2473 : *
2474 : * Perform a timed break on hardware that lacks its own driver level timed
2475 : * break functionality.
2476 : *
2477 : * Locking:
2478 : * @tty->atomic_write_lock serializes
2479 : */
2480 0 : static int send_break(struct tty_struct *tty, unsigned int duration)
2481 : {
2482 : int retval;
2483 :
2484 0 : if (tty->ops->break_ctl == NULL)
2485 : return 0;
2486 :
2487 0 : if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2488 0 : retval = tty->ops->break_ctl(tty, duration);
2489 : else {
2490 : /* Do the work ourselves */
2491 0 : if (tty_write_lock(tty, 0) < 0)
2492 : return -EINTR;
2493 0 : retval = tty->ops->break_ctl(tty, -1);
2494 0 : if (retval)
2495 : goto out;
2496 0 : if (!signal_pending(current))
2497 0 : msleep_interruptible(duration);
2498 0 : retval = tty->ops->break_ctl(tty, 0);
2499 : out:
2500 0 : tty_write_unlock(tty);
2501 0 : if (signal_pending(current))
2502 0 : retval = -EINTR;
2503 : }
2504 : return retval;
2505 : }
2506 :
2507 : /**
2508 : * tty_tiocmget - get modem status
2509 : * @tty: tty device
2510 : * @p: pointer to result
2511 : *
2512 : * Obtain the modem status bits from the tty driver if the feature is
2513 : * supported. Return -%ENOTTY if it is not available.
2514 : *
2515 : * Locking: none (up to the driver)
2516 : */
2517 0 : static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2518 : {
2519 0 : int retval = -ENOTTY;
2520 :
2521 0 : if (tty->ops->tiocmget) {
2522 0 : retval = tty->ops->tiocmget(tty);
2523 :
2524 0 : if (retval >= 0)
2525 0 : retval = put_user(retval, p);
2526 : }
2527 0 : return retval;
2528 : }
2529 :
2530 : /**
2531 : * tty_tiocmset - set modem status
2532 : * @tty: tty device
2533 : * @cmd: command - clear bits, set bits or set all
2534 : * @p: pointer to desired bits
2535 : *
2536 : * Set the modem status bits from the tty driver if the feature
2537 : * is supported. Return -%ENOTTY if it is not available.
2538 : *
2539 : * Locking: none (up to the driver)
2540 : */
2541 0 : static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2542 : unsigned __user *p)
2543 : {
2544 : int retval;
2545 : unsigned int set, clear, val;
2546 :
2547 0 : if (tty->ops->tiocmset == NULL)
2548 : return -ENOTTY;
2549 :
2550 0 : retval = get_user(val, p);
2551 0 : if (retval)
2552 : return retval;
2553 0 : set = clear = 0;
2554 0 : switch (cmd) {
2555 : case TIOCMBIS:
2556 0 : set = val;
2557 0 : break;
2558 : case TIOCMBIC:
2559 0 : clear = val;
2560 0 : break;
2561 : case TIOCMSET:
2562 0 : set = val;
2563 0 : clear = ~val;
2564 0 : break;
2565 : }
2566 0 : set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2567 0 : clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2568 0 : return tty->ops->tiocmset(tty, set, clear);
2569 : }
2570 :
2571 : /**
2572 : * tty_get_icount - get tty statistics
2573 : * @tty: tty device
2574 : * @icount: output parameter
2575 : *
2576 : * Gets a copy of the @tty's icount statistics.
2577 : *
2578 : * Locking: none (up to the driver)
2579 : */
2580 0 : int tty_get_icount(struct tty_struct *tty,
2581 : struct serial_icounter_struct *icount)
2582 : {
2583 0 : memset(icount, 0, sizeof(*icount));
2584 :
2585 0 : if (tty->ops->get_icount)
2586 0 : return tty->ops->get_icount(tty, icount);
2587 : else
2588 : return -ENOTTY;
2589 : }
2590 : EXPORT_SYMBOL_GPL(tty_get_icount);
2591 :
2592 0 : static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2593 : {
2594 : struct serial_icounter_struct icount;
2595 : int retval;
2596 :
2597 0 : retval = tty_get_icount(tty, &icount);
2598 0 : if (retval != 0)
2599 : return retval;
2600 :
2601 0 : if (copy_to_user(arg, &icount, sizeof(icount)))
2602 : return -EFAULT;
2603 0 : return 0;
2604 : }
2605 :
2606 0 : static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2607 : {
2608 : char comm[TASK_COMM_LEN];
2609 : int flags;
2610 :
2611 0 : flags = ss->flags & ASYNC_DEPRECATED;
2612 :
2613 0 : if (flags)
2614 0 : pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2615 : __func__, get_task_comm(comm, current), flags);
2616 :
2617 0 : if (!tty->ops->set_serial)
2618 : return -ENOTTY;
2619 :
2620 0 : return tty->ops->set_serial(tty, ss);
2621 : }
2622 :
2623 0 : static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2624 : {
2625 : struct serial_struct v;
2626 :
2627 0 : if (copy_from_user(&v, ss, sizeof(*ss)))
2628 : return -EFAULT;
2629 :
2630 0 : return tty_set_serial(tty, &v);
2631 : }
2632 :
2633 0 : static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2634 : {
2635 : struct serial_struct v;
2636 : int err;
2637 :
2638 0 : memset(&v, 0, sizeof(v));
2639 0 : if (!tty->ops->get_serial)
2640 : return -ENOTTY;
2641 0 : err = tty->ops->get_serial(tty, &v);
2642 0 : if (!err && copy_to_user(ss, &v, sizeof(v)))
2643 0 : err = -EFAULT;
2644 : return err;
2645 : }
2646 :
2647 : /*
2648 : * if pty, return the slave side (real_tty)
2649 : * otherwise, return self
2650 : */
2651 : static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2652 : {
2653 0 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2654 : tty->driver->subtype == PTY_TYPE_MASTER)
2655 0 : tty = tty->link;
2656 : return tty;
2657 : }
2658 :
2659 : /*
2660 : * Split this up, as gcc can choke on it otherwise..
2661 : */
2662 0 : long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2663 : {
2664 0 : struct tty_struct *tty = file_tty(file);
2665 : struct tty_struct *real_tty;
2666 0 : void __user *p = (void __user *)arg;
2667 : int retval;
2668 : struct tty_ldisc *ld;
2669 :
2670 0 : if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2671 : return -EINVAL;
2672 :
2673 0 : real_tty = tty_pair_get_tty(tty);
2674 :
2675 : /*
2676 : * Factor out some common prep work
2677 : */
2678 : switch (cmd) {
2679 : case TIOCSETD:
2680 : case TIOCSBRK:
2681 : case TIOCCBRK:
2682 : case TCSBRK:
2683 : case TCSBRKP:
2684 0 : retval = tty_check_change(tty);
2685 0 : if (retval)
2686 0 : return retval;
2687 0 : if (cmd != TIOCCBRK) {
2688 0 : tty_wait_until_sent(tty, 0);
2689 0 : if (signal_pending(current))
2690 : return -EINTR;
2691 : }
2692 : break;
2693 : }
2694 :
2695 : /*
2696 : * Now do the stuff.
2697 : */
2698 0 : switch (cmd) {
2699 : case TIOCSTI:
2700 0 : return tiocsti(tty, p);
2701 : case TIOCGWINSZ:
2702 0 : return tiocgwinsz(real_tty, p);
2703 : case TIOCSWINSZ:
2704 0 : return tiocswinsz(real_tty, p);
2705 : case TIOCCONS:
2706 0 : return real_tty != tty ? -EINVAL : tioccons(file);
2707 : case TIOCEXCL:
2708 0 : set_bit(TTY_EXCLUSIVE, &tty->flags);
2709 0 : return 0;
2710 : case TIOCNXCL:
2711 0 : clear_bit(TTY_EXCLUSIVE, &tty->flags);
2712 0 : return 0;
2713 : case TIOCGEXCL:
2714 : {
2715 0 : int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2716 :
2717 0 : return put_user(excl, (int __user *)p);
2718 : }
2719 : case TIOCGETD:
2720 0 : return tiocgetd(tty, p);
2721 : case TIOCSETD:
2722 0 : return tiocsetd(tty, p);
2723 : case TIOCVHANGUP:
2724 0 : if (!capable(CAP_SYS_ADMIN))
2725 : return -EPERM;
2726 0 : tty_vhangup(tty);
2727 0 : return 0;
2728 : case TIOCGDEV:
2729 : {
2730 0 : unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2731 :
2732 0 : return put_user(ret, (unsigned int __user *)p);
2733 : }
2734 : /*
2735 : * Break handling
2736 : */
2737 : case TIOCSBRK: /* Turn break on, unconditionally */
2738 0 : if (tty->ops->break_ctl)
2739 0 : return tty->ops->break_ctl(tty, -1);
2740 : return 0;
2741 : case TIOCCBRK: /* Turn break off, unconditionally */
2742 0 : if (tty->ops->break_ctl)
2743 0 : return tty->ops->break_ctl(tty, 0);
2744 : return 0;
2745 : case TCSBRK: /* SVID version: non-zero arg --> no break */
2746 : /* non-zero arg means wait for all output data
2747 : * to be sent (performed above) but don't send break.
2748 : * This is used by the tcdrain() termios function.
2749 : */
2750 0 : if (!arg)
2751 0 : return send_break(tty, 250);
2752 : return 0;
2753 : case TCSBRKP: /* support for POSIX tcsendbreak() */
2754 0 : return send_break(tty, arg ? arg*100 : 250);
2755 :
2756 : case TIOCMGET:
2757 0 : return tty_tiocmget(tty, p);
2758 : case TIOCMSET:
2759 : case TIOCMBIC:
2760 : case TIOCMBIS:
2761 0 : return tty_tiocmset(tty, cmd, p);
2762 : case TIOCGICOUNT:
2763 0 : return tty_tiocgicount(tty, p);
2764 : case TCFLSH:
2765 0 : switch (arg) {
2766 : case TCIFLUSH:
2767 : case TCIOFLUSH:
2768 : /* flush tty buffer and allow ldisc to process ioctl */
2769 0 : tty_buffer_flush(tty, NULL);
2770 0 : break;
2771 : }
2772 : break;
2773 : case TIOCSSERIAL:
2774 0 : return tty_tiocsserial(tty, p);
2775 : case TIOCGSERIAL:
2776 0 : return tty_tiocgserial(tty, p);
2777 : case TIOCGPTPEER:
2778 : /* Special because the struct file is needed */
2779 0 : return ptm_open_peer(file, tty, (int)arg);
2780 : default:
2781 0 : retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2782 0 : if (retval != -ENOIOCTLCMD)
2783 0 : return retval;
2784 : }
2785 0 : if (tty->ops->ioctl) {
2786 0 : retval = tty->ops->ioctl(tty, cmd, arg);
2787 0 : if (retval != -ENOIOCTLCMD)
2788 0 : return retval;
2789 : }
2790 0 : ld = tty_ldisc_ref_wait(tty);
2791 0 : if (!ld)
2792 : return hung_up_tty_ioctl(file, cmd, arg);
2793 0 : retval = -EINVAL;
2794 0 : if (ld->ops->ioctl) {
2795 0 : retval = ld->ops->ioctl(tty, cmd, arg);
2796 0 : if (retval == -ENOIOCTLCMD)
2797 0 : retval = -ENOTTY;
2798 : }
2799 0 : tty_ldisc_deref(ld);
2800 0 : return retval;
2801 : }
2802 :
2803 : #ifdef CONFIG_COMPAT
2804 :
2805 : struct serial_struct32 {
2806 : compat_int_t type;
2807 : compat_int_t line;
2808 : compat_uint_t port;
2809 : compat_int_t irq;
2810 : compat_int_t flags;
2811 : compat_int_t xmit_fifo_size;
2812 : compat_int_t custom_divisor;
2813 : compat_int_t baud_base;
2814 : unsigned short close_delay;
2815 : char io_type;
2816 : char reserved_char;
2817 : compat_int_t hub6;
2818 : unsigned short closing_wait; /* time to wait before closing */
2819 : unsigned short closing_wait2; /* no longer used... */
2820 : compat_uint_t iomem_base;
2821 : unsigned short iomem_reg_shift;
2822 : unsigned int port_high;
2823 : /* compat_ulong_t iomap_base FIXME */
2824 : compat_int_t reserved;
2825 : };
2826 :
2827 : static int compat_tty_tiocsserial(struct tty_struct *tty,
2828 : struct serial_struct32 __user *ss)
2829 : {
2830 : struct serial_struct32 v32;
2831 : struct serial_struct v;
2832 :
2833 : if (copy_from_user(&v32, ss, sizeof(*ss)))
2834 : return -EFAULT;
2835 :
2836 : memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2837 : v.iomem_base = compat_ptr(v32.iomem_base);
2838 : v.iomem_reg_shift = v32.iomem_reg_shift;
2839 : v.port_high = v32.port_high;
2840 : v.iomap_base = 0;
2841 :
2842 : return tty_set_serial(tty, &v);
2843 : }
2844 :
2845 : static int compat_tty_tiocgserial(struct tty_struct *tty,
2846 : struct serial_struct32 __user *ss)
2847 : {
2848 : struct serial_struct32 v32;
2849 : struct serial_struct v;
2850 : int err;
2851 :
2852 : memset(&v, 0, sizeof(v));
2853 : memset(&v32, 0, sizeof(v32));
2854 :
2855 : if (!tty->ops->get_serial)
2856 : return -ENOTTY;
2857 : err = tty->ops->get_serial(tty, &v);
2858 : if (!err) {
2859 : memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2860 : v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2861 : 0xfffffff : ptr_to_compat(v.iomem_base);
2862 : v32.iomem_reg_shift = v.iomem_reg_shift;
2863 : v32.port_high = v.port_high;
2864 : if (copy_to_user(ss, &v32, sizeof(v32)))
2865 : err = -EFAULT;
2866 : }
2867 : return err;
2868 : }
2869 : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2870 : unsigned long arg)
2871 : {
2872 : struct tty_struct *tty = file_tty(file);
2873 : struct tty_ldisc *ld;
2874 : int retval = -ENOIOCTLCMD;
2875 :
2876 : switch (cmd) {
2877 : case TIOCOUTQ:
2878 : case TIOCSTI:
2879 : case TIOCGWINSZ:
2880 : case TIOCSWINSZ:
2881 : case TIOCGEXCL:
2882 : case TIOCGETD:
2883 : case TIOCSETD:
2884 : case TIOCGDEV:
2885 : case TIOCMGET:
2886 : case TIOCMSET:
2887 : case TIOCMBIC:
2888 : case TIOCMBIS:
2889 : case TIOCGICOUNT:
2890 : case TIOCGPGRP:
2891 : case TIOCSPGRP:
2892 : case TIOCGSID:
2893 : case TIOCSERGETLSR:
2894 : case TIOCGRS485:
2895 : case TIOCSRS485:
2896 : #ifdef TIOCGETP
2897 : case TIOCGETP:
2898 : case TIOCSETP:
2899 : case TIOCSETN:
2900 : #endif
2901 : #ifdef TIOCGETC
2902 : case TIOCGETC:
2903 : case TIOCSETC:
2904 : #endif
2905 : #ifdef TIOCGLTC
2906 : case TIOCGLTC:
2907 : case TIOCSLTC:
2908 : #endif
2909 : case TCSETSF:
2910 : case TCSETSW:
2911 : case TCSETS:
2912 : case TCGETS:
2913 : #ifdef TCGETS2
2914 : case TCGETS2:
2915 : case TCSETSF2:
2916 : case TCSETSW2:
2917 : case TCSETS2:
2918 : #endif
2919 : case TCGETA:
2920 : case TCSETAF:
2921 : case TCSETAW:
2922 : case TCSETA:
2923 : case TIOCGLCKTRMIOS:
2924 : case TIOCSLCKTRMIOS:
2925 : #ifdef TCGETX
2926 : case TCGETX:
2927 : case TCSETX:
2928 : case TCSETXW:
2929 : case TCSETXF:
2930 : #endif
2931 : case TIOCGSOFTCAR:
2932 : case TIOCSSOFTCAR:
2933 :
2934 : case PPPIOCGCHAN:
2935 : case PPPIOCGUNIT:
2936 : return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2937 : case TIOCCONS:
2938 : case TIOCEXCL:
2939 : case TIOCNXCL:
2940 : case TIOCVHANGUP:
2941 : case TIOCSBRK:
2942 : case TIOCCBRK:
2943 : case TCSBRK:
2944 : case TCSBRKP:
2945 : case TCFLSH:
2946 : case TIOCGPTPEER:
2947 : case TIOCNOTTY:
2948 : case TIOCSCTTY:
2949 : case TCXONC:
2950 : case TIOCMIWAIT:
2951 : case TIOCSERCONFIG:
2952 : return tty_ioctl(file, cmd, arg);
2953 : }
2954 :
2955 : if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2956 : return -EINVAL;
2957 :
2958 : switch (cmd) {
2959 : case TIOCSSERIAL:
2960 : return compat_tty_tiocsserial(tty, compat_ptr(arg));
2961 : case TIOCGSERIAL:
2962 : return compat_tty_tiocgserial(tty, compat_ptr(arg));
2963 : }
2964 : if (tty->ops->compat_ioctl) {
2965 : retval = tty->ops->compat_ioctl(tty, cmd, arg);
2966 : if (retval != -ENOIOCTLCMD)
2967 : return retval;
2968 : }
2969 :
2970 : ld = tty_ldisc_ref_wait(tty);
2971 : if (!ld)
2972 : return hung_up_tty_compat_ioctl(file, cmd, arg);
2973 : if (ld->ops->compat_ioctl)
2974 : retval = ld->ops->compat_ioctl(tty, cmd, arg);
2975 : if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2976 : retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2977 : arg);
2978 : tty_ldisc_deref(ld);
2979 :
2980 : return retval;
2981 : }
2982 : #endif
2983 :
2984 0 : static int this_tty(const void *t, struct file *file, unsigned fd)
2985 : {
2986 0 : if (likely(file->f_op->read_iter != tty_read))
2987 : return 0;
2988 0 : return file_tty(file) != t ? 0 : fd + 1;
2989 : }
2990 :
2991 : /*
2992 : * This implements the "Secure Attention Key" --- the idea is to
2993 : * prevent trojan horses by killing all processes associated with this
2994 : * tty when the user hits the "Secure Attention Key". Required for
2995 : * super-paranoid applications --- see the Orange Book for more details.
2996 : *
2997 : * This code could be nicer; ideally it should send a HUP, wait a few
2998 : * seconds, then send a INT, and then a KILL signal. But you then
2999 : * have to coordinate with the init process, since all processes associated
3000 : * with the current tty must be dead before the new getty is allowed
3001 : * to spawn.
3002 : *
3003 : * Now, if it would be correct ;-/ The current code has a nasty hole -
3004 : * it doesn't catch files in flight. We may send the descriptor to ourselves
3005 : * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3006 : *
3007 : * Nasty bug: do_SAK is being called in interrupt context. This can
3008 : * deadlock. We punt it up to process context. AKPM - 16Mar2001
3009 : */
3010 0 : void __do_SAK(struct tty_struct *tty)
3011 : {
3012 : struct task_struct *g, *p;
3013 : struct pid *session;
3014 : int i;
3015 : unsigned long flags;
3016 :
3017 0 : spin_lock_irqsave(&tty->ctrl.lock, flags);
3018 0 : session = get_pid(tty->ctrl.session);
3019 0 : spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3020 :
3021 0 : tty_ldisc_flush(tty);
3022 :
3023 0 : tty_driver_flush_buffer(tty);
3024 :
3025 0 : read_lock(&tasklist_lock);
3026 : /* Kill the entire session */
3027 0 : do_each_pid_task(session, PIDTYPE_SID, p) {
3028 0 : tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3029 : task_pid_nr(p), p->comm);
3030 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3031 : } while_each_pid_task(session, PIDTYPE_SID, p);
3032 :
3033 : /* Now kill any processes that happen to have the tty open */
3034 0 : do_each_thread(g, p) {
3035 0 : if (p->signal->tty == tty) {
3036 0 : tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3037 : task_pid_nr(p), p->comm);
3038 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3039 : PIDTYPE_SID);
3040 0 : continue;
3041 : }
3042 0 : task_lock(p);
3043 0 : i = iterate_fd(p->files, 0, this_tty, tty);
3044 0 : if (i != 0) {
3045 0 : tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3046 : task_pid_nr(p), p->comm, i - 1);
3047 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3048 : PIDTYPE_SID);
3049 : }
3050 0 : task_unlock(p);
3051 0 : } while_each_thread(g, p);
3052 0 : read_unlock(&tasklist_lock);
3053 0 : put_pid(session);
3054 0 : }
3055 :
3056 0 : static void do_SAK_work(struct work_struct *work)
3057 : {
3058 0 : struct tty_struct *tty =
3059 0 : container_of(work, struct tty_struct, SAK_work);
3060 0 : __do_SAK(tty);
3061 0 : }
3062 :
3063 : /*
3064 : * The tq handling here is a little racy - tty->SAK_work may already be queued.
3065 : * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3066 : * the values which we write to it will be identical to the values which it
3067 : * already has. --akpm
3068 : */
3069 0 : void do_SAK(struct tty_struct *tty)
3070 : {
3071 0 : if (!tty)
3072 : return;
3073 0 : schedule_work(&tty->SAK_work);
3074 : }
3075 : EXPORT_SYMBOL(do_SAK);
3076 :
3077 : /* Must put_device() after it's unused! */
3078 : static struct device *tty_get_device(struct tty_struct *tty)
3079 : {
3080 0 : dev_t devt = tty_devnum(tty);
3081 :
3082 0 : return class_find_device_by_devt(&tty_class, devt);
3083 : }
3084 :
3085 :
3086 : /**
3087 : * alloc_tty_struct - allocate a new tty
3088 : * @driver: driver which will handle the returned tty
3089 : * @idx: minor of the tty
3090 : *
3091 : * This subroutine allocates and initializes a tty structure.
3092 : *
3093 : * Locking: none - @tty in question is not exposed at this point
3094 : */
3095 0 : struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3096 : {
3097 : struct tty_struct *tty;
3098 :
3099 0 : tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3100 0 : if (!tty)
3101 : return NULL;
3102 :
3103 0 : kref_init(&tty->kref);
3104 0 : if (tty_ldisc_init(tty)) {
3105 0 : kfree(tty);
3106 0 : return NULL;
3107 : }
3108 0 : tty->ctrl.session = NULL;
3109 0 : tty->ctrl.pgrp = NULL;
3110 0 : mutex_init(&tty->legacy_mutex);
3111 0 : mutex_init(&tty->throttle_mutex);
3112 0 : init_rwsem(&tty->termios_rwsem);
3113 0 : mutex_init(&tty->winsize_mutex);
3114 0 : init_ldsem(&tty->ldisc_sem);
3115 0 : init_waitqueue_head(&tty->write_wait);
3116 0 : init_waitqueue_head(&tty->read_wait);
3117 0 : INIT_WORK(&tty->hangup_work, do_tty_hangup);
3118 0 : mutex_init(&tty->atomic_write_lock);
3119 0 : spin_lock_init(&tty->ctrl.lock);
3120 0 : spin_lock_init(&tty->flow.lock);
3121 0 : spin_lock_init(&tty->files_lock);
3122 0 : INIT_LIST_HEAD(&tty->tty_files);
3123 0 : INIT_WORK(&tty->SAK_work, do_SAK_work);
3124 :
3125 0 : tty->driver = driver;
3126 0 : tty->ops = driver->ops;
3127 0 : tty->index = idx;
3128 0 : tty_line_name(driver, idx, tty->name);
3129 0 : tty->dev = tty_get_device(tty);
3130 :
3131 0 : return tty;
3132 : }
3133 :
3134 : /**
3135 : * tty_put_char - write one character to a tty
3136 : * @tty: tty
3137 : * @ch: character to write
3138 : *
3139 : * Write one byte to the @tty using the provided @tty->ops->put_char() method
3140 : * if present.
3141 : *
3142 : * Note: the specific put_char operation in the driver layer may go
3143 : * away soon. Don't call it directly, use this method
3144 : *
3145 : * Return: the number of characters successfully output.
3146 : */
3147 0 : int tty_put_char(struct tty_struct *tty, unsigned char ch)
3148 : {
3149 0 : if (tty->ops->put_char)
3150 0 : return tty->ops->put_char(tty, ch);
3151 0 : return tty->ops->write(tty, &ch, 1);
3152 : }
3153 : EXPORT_SYMBOL_GPL(tty_put_char);
3154 :
3155 5 : static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3156 : unsigned int index, unsigned int count)
3157 : {
3158 : int err;
3159 :
3160 : /* init here, since reused cdevs cause crashes */
3161 5 : driver->cdevs[index] = cdev_alloc();
3162 5 : if (!driver->cdevs[index])
3163 : return -ENOMEM;
3164 5 : driver->cdevs[index]->ops = &tty_fops;
3165 5 : driver->cdevs[index]->owner = driver->owner;
3166 5 : err = cdev_add(driver->cdevs[index], dev, count);
3167 5 : if (err)
3168 0 : kobject_put(&driver->cdevs[index]->kobj);
3169 : return err;
3170 : }
3171 :
3172 : /**
3173 : * tty_register_device - register a tty device
3174 : * @driver: the tty driver that describes the tty device
3175 : * @index: the index in the tty driver for this tty device
3176 : * @device: a struct device that is associated with this tty device.
3177 : * This field is optional, if there is no known struct device
3178 : * for this tty device it can be set to NULL safely.
3179 : *
3180 : * This call is required to be made to register an individual tty device
3181 : * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3182 : * that bit is not set, this function should not be called by a tty
3183 : * driver.
3184 : *
3185 : * Locking: ??
3186 : *
3187 : * Return: A pointer to the struct device for this tty device (or
3188 : * ERR_PTR(-EFOO) on error).
3189 : */
3190 0 : struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3191 : struct device *device)
3192 : {
3193 512 : return tty_register_device_attr(driver, index, device, NULL, NULL);
3194 : }
3195 : EXPORT_SYMBOL(tty_register_device);
3196 :
3197 0 : static void tty_device_create_release(struct device *dev)
3198 : {
3199 : dev_dbg(dev, "releasing...\n");
3200 0 : kfree(dev);
3201 0 : }
3202 :
3203 : /**
3204 : * tty_register_device_attr - register a tty device
3205 : * @driver: the tty driver that describes the tty device
3206 : * @index: the index in the tty driver for this tty device
3207 : * @device: a struct device that is associated with this tty device.
3208 : * This field is optional, if there is no known struct device
3209 : * for this tty device it can be set to %NULL safely.
3210 : * @drvdata: Driver data to be set to device.
3211 : * @attr_grp: Attribute group to be set on device.
3212 : *
3213 : * This call is required to be made to register an individual tty device if the
3214 : * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3215 : * not set, this function should not be called by a tty driver.
3216 : *
3217 : * Locking: ??
3218 : *
3219 : * Return: A pointer to the struct device for this tty device (or
3220 : * ERR_PTR(-EFOO) on error).
3221 : */
3222 513 : struct device *tty_register_device_attr(struct tty_driver *driver,
3223 : unsigned index, struct device *device,
3224 : void *drvdata,
3225 : const struct attribute_group **attr_grp)
3226 : {
3227 : char name[64];
3228 513 : dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3229 : struct ktermios *tp;
3230 : struct device *dev;
3231 : int retval;
3232 :
3233 513 : if (index >= driver->num) {
3234 0 : pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3235 : driver->name, index);
3236 0 : return ERR_PTR(-EINVAL);
3237 : }
3238 :
3239 513 : if (driver->type == TTY_DRIVER_TYPE_PTY)
3240 512 : pty_line_name(driver, index, name);
3241 : else
3242 1 : tty_line_name(driver, index, name);
3243 :
3244 513 : dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3245 513 : if (!dev)
3246 : return ERR_PTR(-ENOMEM);
3247 :
3248 513 : dev->devt = devt;
3249 513 : dev->class = &tty_class;
3250 513 : dev->parent = device;
3251 513 : dev->release = tty_device_create_release;
3252 513 : dev_set_name(dev, "%s", name);
3253 513 : dev->groups = attr_grp;
3254 1026 : dev_set_drvdata(dev, drvdata);
3255 :
3256 513 : dev_set_uevent_suppress(dev, 1);
3257 :
3258 513 : retval = device_register(dev);
3259 513 : if (retval)
3260 : goto err_put;
3261 :
3262 513 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3263 : /*
3264 : * Free any saved termios data so that the termios state is
3265 : * reset when reusing a minor number.
3266 : */
3267 1 : tp = driver->termios[index];
3268 1 : if (tp) {
3269 0 : driver->termios[index] = NULL;
3270 0 : kfree(tp);
3271 : }
3272 :
3273 1 : retval = tty_cdev_add(driver, devt, index, 1);
3274 1 : if (retval)
3275 : goto err_del;
3276 : }
3277 :
3278 513 : dev_set_uevent_suppress(dev, 0);
3279 513 : kobject_uevent(&dev->kobj, KOBJ_ADD);
3280 :
3281 513 : return dev;
3282 :
3283 : err_del:
3284 0 : device_del(dev);
3285 : err_put:
3286 0 : put_device(dev);
3287 :
3288 0 : return ERR_PTR(retval);
3289 : }
3290 : EXPORT_SYMBOL_GPL(tty_register_device_attr);
3291 :
3292 : /**
3293 : * tty_unregister_device - unregister a tty device
3294 : * @driver: the tty driver that describes the tty device
3295 : * @index: the index in the tty driver for this tty device
3296 : *
3297 : * If a tty device is registered with a call to tty_register_device() then
3298 : * this function must be called when the tty device is gone.
3299 : *
3300 : * Locking: ??
3301 : */
3302 0 : void tty_unregister_device(struct tty_driver *driver, unsigned index)
3303 : {
3304 0 : device_destroy(&tty_class, MKDEV(driver->major, driver->minor_start) + index);
3305 0 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3306 0 : cdev_del(driver->cdevs[index]);
3307 0 : driver->cdevs[index] = NULL;
3308 : }
3309 0 : }
3310 : EXPORT_SYMBOL(tty_unregister_device);
3311 :
3312 : /**
3313 : * __tty_alloc_driver -- allocate tty driver
3314 : * @lines: count of lines this driver can handle at most
3315 : * @owner: module which is responsible for this driver
3316 : * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
3317 : *
3318 : * This should not be called directly, some of the provided macros should be
3319 : * used instead. Use IS_ERR() and friends on @retval.
3320 : */
3321 5 : struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3322 : unsigned long flags)
3323 : {
3324 : struct tty_driver *driver;
3325 5 : unsigned int cdevs = 1;
3326 : int err;
3327 :
3328 5 : if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3329 : return ERR_PTR(-EINVAL);
3330 :
3331 5 : driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3332 5 : if (!driver)
3333 : return ERR_PTR(-ENOMEM);
3334 :
3335 10 : kref_init(&driver->kref);
3336 5 : driver->num = lines;
3337 5 : driver->owner = owner;
3338 5 : driver->flags = flags;
3339 :
3340 5 : if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3341 6 : driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3342 : GFP_KERNEL);
3343 6 : driver->termios = kcalloc(lines, sizeof(*driver->termios),
3344 : GFP_KERNEL);
3345 3 : if (!driver->ttys || !driver->termios) {
3346 : err = -ENOMEM;
3347 : goto err_free_all;
3348 : }
3349 : }
3350 :
3351 5 : if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3352 2 : driver->ports = kcalloc(lines, sizeof(*driver->ports),
3353 : GFP_KERNEL);
3354 1 : if (!driver->ports) {
3355 : err = -ENOMEM;
3356 : goto err_free_all;
3357 : }
3358 : cdevs = lines;
3359 : }
3360 :
3361 10 : driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3362 5 : if (!driver->cdevs) {
3363 : err = -ENOMEM;
3364 : goto err_free_all;
3365 : }
3366 :
3367 : return driver;
3368 : err_free_all:
3369 0 : kfree(driver->ports);
3370 0 : kfree(driver->ttys);
3371 0 : kfree(driver->termios);
3372 0 : kfree(driver->cdevs);
3373 0 : kfree(driver);
3374 0 : return ERR_PTR(err);
3375 : }
3376 : EXPORT_SYMBOL(__tty_alloc_driver);
3377 :
3378 0 : static void destruct_tty_driver(struct kref *kref)
3379 : {
3380 0 : struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3381 : int i;
3382 : struct ktermios *tp;
3383 :
3384 0 : if (driver->flags & TTY_DRIVER_INSTALLED) {
3385 0 : for (i = 0; i < driver->num; i++) {
3386 0 : tp = driver->termios[i];
3387 0 : if (tp) {
3388 0 : driver->termios[i] = NULL;
3389 0 : kfree(tp);
3390 : }
3391 0 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3392 0 : tty_unregister_device(driver, i);
3393 : }
3394 0 : proc_tty_unregister_driver(driver);
3395 0 : if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3396 0 : cdev_del(driver->cdevs[0]);
3397 : }
3398 0 : kfree(driver->cdevs);
3399 0 : kfree(driver->ports);
3400 0 : kfree(driver->termios);
3401 0 : kfree(driver->ttys);
3402 0 : kfree(driver);
3403 0 : }
3404 :
3405 : /**
3406 : * tty_driver_kref_put -- drop a reference to a tty driver
3407 : * @driver: driver of which to drop the reference
3408 : *
3409 : * The final put will destroy and free up the driver.
3410 : */
3411 0 : void tty_driver_kref_put(struct tty_driver *driver)
3412 : {
3413 0 : kref_put(&driver->kref, destruct_tty_driver);
3414 0 : }
3415 : EXPORT_SYMBOL(tty_driver_kref_put);
3416 :
3417 : /**
3418 : * tty_register_driver -- register a tty driver
3419 : * @driver: driver to register
3420 : *
3421 : * Called by a tty driver to register itself.
3422 : */
3423 5 : int tty_register_driver(struct tty_driver *driver)
3424 : {
3425 : int error;
3426 : int i;
3427 : dev_t dev;
3428 : struct device *d;
3429 :
3430 5 : if (!driver->major) {
3431 0 : error = alloc_chrdev_region(&dev, driver->minor_start,
3432 : driver->num, driver->name);
3433 0 : if (!error) {
3434 0 : driver->major = MAJOR(dev);
3435 0 : driver->minor_start = MINOR(dev);
3436 : }
3437 : } else {
3438 5 : dev = MKDEV(driver->major, driver->minor_start);
3439 5 : error = register_chrdev_region(dev, driver->num, driver->name);
3440 : }
3441 5 : if (error < 0)
3442 : goto err;
3443 :
3444 5 : if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3445 4 : error = tty_cdev_add(driver, dev, 0, driver->num);
3446 4 : if (error)
3447 : goto err_unreg_char;
3448 : }
3449 :
3450 5 : mutex_lock(&tty_mutex);
3451 10 : list_add(&driver->tty_drivers, &tty_drivers);
3452 5 : mutex_unlock(&tty_mutex);
3453 :
3454 5 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3455 512 : for (i = 0; i < driver->num; i++) {
3456 1024 : d = tty_register_device(driver, i, NULL);
3457 512 : if (IS_ERR(d)) {
3458 0 : error = PTR_ERR(d);
3459 : goto err_unreg_devs;
3460 : }
3461 : }
3462 : }
3463 5 : proc_tty_register_driver(driver);
3464 5 : driver->flags |= TTY_DRIVER_INSTALLED;
3465 5 : return 0;
3466 :
3467 : err_unreg_devs:
3468 0 : for (i--; i >= 0; i--)
3469 0 : tty_unregister_device(driver, i);
3470 :
3471 0 : mutex_lock(&tty_mutex);
3472 0 : list_del(&driver->tty_drivers);
3473 0 : mutex_unlock(&tty_mutex);
3474 :
3475 : err_unreg_char:
3476 0 : unregister_chrdev_region(dev, driver->num);
3477 : err:
3478 : return error;
3479 : }
3480 : EXPORT_SYMBOL(tty_register_driver);
3481 :
3482 : /**
3483 : * tty_unregister_driver -- unregister a tty driver
3484 : * @driver: driver to unregister
3485 : *
3486 : * Called by a tty driver to unregister itself.
3487 : */
3488 0 : void tty_unregister_driver(struct tty_driver *driver)
3489 : {
3490 0 : unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3491 : driver->num);
3492 0 : mutex_lock(&tty_mutex);
3493 0 : list_del(&driver->tty_drivers);
3494 0 : mutex_unlock(&tty_mutex);
3495 0 : }
3496 : EXPORT_SYMBOL(tty_unregister_driver);
3497 :
3498 0 : dev_t tty_devnum(struct tty_struct *tty)
3499 : {
3500 0 : return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3501 : }
3502 : EXPORT_SYMBOL(tty_devnum);
3503 :
3504 1 : void tty_default_fops(struct file_operations *fops)
3505 : {
3506 1 : *fops = tty_fops;
3507 1 : }
3508 :
3509 516 : static char *tty_devnode(const struct device *dev, umode_t *mode)
3510 : {
3511 516 : if (!mode)
3512 : return NULL;
3513 516 : if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3514 : dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3515 2 : *mode = 0666;
3516 : return NULL;
3517 : }
3518 :
3519 : const struct class tty_class = {
3520 : .name = "tty",
3521 : .devnode = tty_devnode,
3522 : };
3523 :
3524 1 : static int __init tty_class_init(void)
3525 : {
3526 1 : return class_register(&tty_class);
3527 : }
3528 :
3529 : postcore_initcall(tty_class_init);
3530 :
3531 : /* 3/2004 jmc: why do these devices exist? */
3532 : static struct cdev tty_cdev, console_cdev;
3533 :
3534 0 : static ssize_t show_cons_active(struct device *dev,
3535 : struct device_attribute *attr, char *buf)
3536 : {
3537 : struct console *cs[16];
3538 0 : int i = 0;
3539 : struct console *c;
3540 0 : ssize_t count = 0;
3541 :
3542 : /*
3543 : * Hold the console_list_lock to guarantee that no consoles are
3544 : * unregistered until all console processing is complete.
3545 : * This also allows safe traversal of the console list and
3546 : * race-free reading of @flags.
3547 : */
3548 0 : console_list_lock();
3549 :
3550 0 : for_each_console(c) {
3551 0 : if (!c->device)
3552 0 : continue;
3553 0 : if (!c->write)
3554 0 : continue;
3555 0 : if ((c->flags & CON_ENABLED) == 0)
3556 0 : continue;
3557 0 : cs[i++] = c;
3558 0 : if (i >= ARRAY_SIZE(cs))
3559 : break;
3560 : }
3561 :
3562 : /*
3563 : * Take console_lock to serialize device() callback with
3564 : * other console operations. For example, fg_console is
3565 : * modified under console_lock when switching vt.
3566 : */
3567 0 : console_lock();
3568 0 : while (i--) {
3569 0 : int index = cs[i]->index;
3570 0 : struct tty_driver *drv = cs[i]->device(cs[i], &index);
3571 :
3572 : /* don't resolve tty0 as some programs depend on it */
3573 0 : if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3574 0 : count += tty_line_name(drv, index, buf + count);
3575 : else
3576 0 : count += sprintf(buf + count, "%s%d",
3577 0 : cs[i]->name, cs[i]->index);
3578 :
3579 0 : count += sprintf(buf + count, "%c", i ? ' ':'\n');
3580 : }
3581 0 : console_unlock();
3582 :
3583 0 : console_list_unlock();
3584 :
3585 0 : return count;
3586 : }
3587 : static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3588 :
3589 : static struct attribute *cons_dev_attrs[] = {
3590 : &dev_attr_active.attr,
3591 : NULL
3592 : };
3593 :
3594 : ATTRIBUTE_GROUPS(cons_dev);
3595 :
3596 : static struct device *consdev;
3597 :
3598 2 : void console_sysfs_notify(void)
3599 : {
3600 2 : if (consdev)
3601 2 : sysfs_notify(&consdev->kobj, NULL, "active");
3602 2 : }
3603 :
3604 : static struct ctl_table tty_table[] = {
3605 : {
3606 : .procname = "legacy_tiocsti",
3607 : .data = &tty_legacy_tiocsti,
3608 : .maxlen = sizeof(tty_legacy_tiocsti),
3609 : .mode = 0644,
3610 : .proc_handler = proc_dobool,
3611 : },
3612 : {
3613 : .procname = "ldisc_autoload",
3614 : .data = &tty_ldisc_autoload,
3615 : .maxlen = sizeof(tty_ldisc_autoload),
3616 : .mode = 0644,
3617 : .proc_handler = proc_dointvec,
3618 : .extra1 = SYSCTL_ZERO,
3619 : .extra2 = SYSCTL_ONE,
3620 : },
3621 : { }
3622 : };
3623 :
3624 : /*
3625 : * Ok, now we can initialize the rest of the tty devices and can count
3626 : * on memory allocations, interrupts etc..
3627 : */
3628 1 : int __init tty_init(void)
3629 : {
3630 1 : register_sysctl_init("dev/tty", tty_table);
3631 1 : cdev_init(&tty_cdev, &tty_fops);
3632 2 : if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3633 1 : register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3634 0 : panic("Couldn't register /dev/tty driver\n");
3635 1 : device_create(&tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3636 :
3637 1 : cdev_init(&console_cdev, &console_fops);
3638 2 : if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3639 1 : register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3640 0 : panic("Couldn't register /dev/console driver\n");
3641 1 : consdev = device_create_with_groups(&tty_class, NULL,
3642 : MKDEV(TTYAUX_MAJOR, 1), NULL,
3643 : cons_dev_groups, "console");
3644 2 : if (IS_ERR(consdev))
3645 0 : consdev = NULL;
3646 :
3647 : #ifdef CONFIG_VT
3648 : vty_init(&console_fops);
3649 : #endif
3650 1 : return 0;
3651 : }
|