LCOV - code coverage report
Current view: top level - drivers/tty - tty_io.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 105 1161 9.0 %
Date: 2023-08-24 13:40:31 Functions: 11 106 10.4 %

          Line data    Source code
       1             : // SPDX-License-Identifier: GPL-2.0
       2             : /*
       3             :  *  Copyright (C) 1991, 1992  Linus Torvalds
       4             :  */
       5             : 
       6             : /*
       7             :  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
       8             :  * or rs-channels. It also implements echoing, cooked mode etc.
       9             :  *
      10             :  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
      11             :  *
      12             :  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
      13             :  * tty_struct and tty_queue structures.  Previously there was an array
      14             :  * of 256 tty_struct's which was statically allocated, and the
      15             :  * tty_queue structures were allocated at boot time.  Both are now
      16             :  * dynamically allocated only when the tty is open.
      17             :  *
      18             :  * Also restructured routines so that there is more of a separation
      19             :  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
      20             :  * the low-level tty routines (serial.c, pty.c, console.c).  This
      21             :  * makes for cleaner and more compact code.  -TYT, 9/17/92
      22             :  *
      23             :  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
      24             :  * which can be dynamically activated and de-activated by the line
      25             :  * discipline handling modules (like SLIP).
      26             :  *
      27             :  * NOTE: pay no attention to the line discipline code (yet); its
      28             :  * interface is still subject to change in this version...
      29             :  * -- TYT, 1/31/92
      30             :  *
      31             :  * Added functionality to the OPOST tty handling.  No delays, but all
      32             :  * other bits should be there.
      33             :  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
      34             :  *
      35             :  * Rewrote canonical mode and added more termios flags.
      36             :  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
      37             :  *
      38             :  * Reorganized FASYNC support so mouse code can share it.
      39             :  *      -- ctm@ardi.com, 9Sep95
      40             :  *
      41             :  * New TIOCLINUX variants added.
      42             :  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
      43             :  *
      44             :  * Restrict vt switching via ioctl()
      45             :  *      -- grif@cs.ucr.edu, 5-Dec-95
      46             :  *
      47             :  * Move console and virtual terminal code to more appropriate files,
      48             :  * implement CONFIG_VT and generalize console device interface.
      49             :  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
      50             :  *
      51             :  * Rewrote tty_init_dev and tty_release_dev to eliminate races.
      52             :  *      -- Bill Hawes <whawes@star.net>, June 97
      53             :  *
      54             :  * Added devfs support.
      55             :  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
      56             :  *
      57             :  * Added support for a Unix98-style ptmx device.
      58             :  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
      59             :  *
      60             :  * Reduced memory usage for older ARM systems
      61             :  *      -- Russell King <rmk@arm.linux.org.uk>
      62             :  *
      63             :  * Move do_SAK() into process context.  Less stack use in devfs functions.
      64             :  * alloc_tty_struct() always uses kmalloc()
      65             :  *                       -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
      66             :  */
      67             : 
      68             : #include <linux/types.h>
      69             : #include <linux/major.h>
      70             : #include <linux/errno.h>
      71             : #include <linux/signal.h>
      72             : #include <linux/fcntl.h>
      73             : #include <linux/sched/signal.h>
      74             : #include <linux/sched/task.h>
      75             : #include <linux/interrupt.h>
      76             : #include <linux/tty.h>
      77             : #include <linux/tty_driver.h>
      78             : #include <linux/tty_flip.h>
      79             : #include <linux/devpts_fs.h>
      80             : #include <linux/file.h>
      81             : #include <linux/fdtable.h>
      82             : #include <linux/console.h>
      83             : #include <linux/timer.h>
      84             : #include <linux/ctype.h>
      85             : #include <linux/kd.h>
      86             : #include <linux/mm.h>
      87             : #include <linux/string.h>
      88             : #include <linux/slab.h>
      89             : #include <linux/poll.h>
      90             : #include <linux/ppp-ioctl.h>
      91             : #include <linux/proc_fs.h>
      92             : #include <linux/init.h>
      93             : #include <linux/module.h>
      94             : #include <linux/device.h>
      95             : #include <linux/wait.h>
      96             : #include <linux/bitops.h>
      97             : #include <linux/delay.h>
      98             : #include <linux/seq_file.h>
      99             : #include <linux/serial.h>
     100             : #include <linux/ratelimit.h>
     101             : #include <linux/compat.h>
     102             : #include <linux/uaccess.h>
     103             : #include <linux/termios_internal.h>
     104             : #include <linux/fs.h>
     105             : 
     106             : #include <linux/kbd_kern.h>
     107             : #include <linux/vt_kern.h>
     108             : #include <linux/selection.h>
     109             : 
     110             : #include <linux/kmod.h>
     111             : #include <linux/nsproxy.h>
     112             : #include "tty.h"
     113             : 
     114             : #undef TTY_DEBUG_HANGUP
     115             : #ifdef TTY_DEBUG_HANGUP
     116             : # define tty_debug_hangup(tty, f, args...)      tty_debug(tty, f, ##args)
     117             : #else
     118             : # define tty_debug_hangup(tty, f, args...)      do { } while (0)
     119             : #endif
     120             : 
     121             : #define TTY_PARANOIA_CHECK 1
     122             : #define CHECK_TTY_COUNT 1
     123             : 
     124             : struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
     125             :         .c_iflag = ICRNL | IXON,
     126             :         .c_oflag = OPOST | ONLCR,
     127             :         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
     128             :         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
     129             :                    ECHOCTL | ECHOKE | IEXTEN,
     130             :         .c_cc = INIT_C_CC,
     131             :         .c_ispeed = 38400,
     132             :         .c_ospeed = 38400,
     133             :         /* .c_line = N_TTY, */
     134             : };
     135             : EXPORT_SYMBOL(tty_std_termios);
     136             : 
     137             : /* This list gets poked at by procfs and various bits of boot up code. This
     138             :  * could do with some rationalisation such as pulling the tty proc function
     139             :  * into this file.
     140             :  */
     141             : 
     142             : LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
     143             : 
     144             : /* Mutex to protect creating and releasing a tty */
     145             : DEFINE_MUTEX(tty_mutex);
     146             : 
     147             : static ssize_t tty_read(struct kiocb *, struct iov_iter *);
     148             : static ssize_t tty_write(struct kiocb *, struct iov_iter *);
     149             : static __poll_t tty_poll(struct file *, poll_table *);
     150             : static int tty_open(struct inode *, struct file *);
     151             : #ifdef CONFIG_COMPAT
     152             : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
     153             :                                 unsigned long arg);
     154             : #else
     155             : #define tty_compat_ioctl NULL
     156             : #endif
     157             : static int __tty_fasync(int fd, struct file *filp, int on);
     158             : static int tty_fasync(int fd, struct file *filp, int on);
     159             : static void release_tty(struct tty_struct *tty, int idx);
     160             : 
     161             : /**
     162             :  * free_tty_struct      -       free a disused tty
     163             :  * @tty: tty struct to free
     164             :  *
     165             :  * Free the write buffers, tty queue and tty memory itself.
     166             :  *
     167             :  * Locking: none. Must be called after tty is definitely unused
     168             :  */
     169           0 : static void free_tty_struct(struct tty_struct *tty)
     170             : {
     171           0 :         tty_ldisc_deinit(tty);
     172           0 :         put_device(tty->dev);
     173           0 :         kvfree(tty->write_buf);
     174           0 :         kfree(tty);
     175           0 : }
     176             : 
     177             : static inline struct tty_struct *file_tty(struct file *file)
     178             : {
     179           0 :         return ((struct tty_file_private *)file->private_data)->tty;
     180             : }
     181             : 
     182           0 : int tty_alloc_file(struct file *file)
     183             : {
     184             :         struct tty_file_private *priv;
     185             : 
     186           0 :         priv = kmalloc(sizeof(*priv), GFP_KERNEL);
     187           0 :         if (!priv)
     188             :                 return -ENOMEM;
     189             : 
     190           0 :         file->private_data = priv;
     191             : 
     192           0 :         return 0;
     193             : }
     194             : 
     195             : /* Associate a new file with the tty structure */
     196           0 : void tty_add_file(struct tty_struct *tty, struct file *file)
     197             : {
     198           0 :         struct tty_file_private *priv = file->private_data;
     199             : 
     200           0 :         priv->tty = tty;
     201           0 :         priv->file = file;
     202             : 
     203           0 :         spin_lock(&tty->files_lock);
     204           0 :         list_add(&priv->list, &tty->tty_files);
     205           0 :         spin_unlock(&tty->files_lock);
     206           0 : }
     207             : 
     208             : /**
     209             :  * tty_free_file - free file->private_data
     210             :  * @file: to free private_data of
     211             :  *
     212             :  * This shall be used only for fail path handling when tty_add_file was not
     213             :  * called yet.
     214             :  */
     215           0 : void tty_free_file(struct file *file)
     216             : {
     217           0 :         struct tty_file_private *priv = file->private_data;
     218             : 
     219           0 :         file->private_data = NULL;
     220           0 :         kfree(priv);
     221           0 : }
     222             : 
     223             : /* Delete file from its tty */
     224           0 : static void tty_del_file(struct file *file)
     225             : {
     226           0 :         struct tty_file_private *priv = file->private_data;
     227           0 :         struct tty_struct *tty = priv->tty;
     228             : 
     229           0 :         spin_lock(&tty->files_lock);
     230           0 :         list_del(&priv->list);
     231           0 :         spin_unlock(&tty->files_lock);
     232           0 :         tty_free_file(file);
     233           0 : }
     234             : 
     235             : /**
     236             :  * tty_name     -       return tty naming
     237             :  * @tty: tty structure
     238             :  *
     239             :  * Convert a tty structure into a name. The name reflects the kernel naming
     240             :  * policy and if udev is in use may not reflect user space
     241             :  *
     242             :  * Locking: none
     243             :  */
     244           0 : const char *tty_name(const struct tty_struct *tty)
     245             : {
     246           0 :         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
     247             :                 return "NULL tty";
     248           0 :         return tty->name;
     249             : }
     250             : EXPORT_SYMBOL(tty_name);
     251             : 
     252           0 : const char *tty_driver_name(const struct tty_struct *tty)
     253             : {
     254           0 :         if (!tty || !tty->driver)
     255             :                 return "";
     256           0 :         return tty->driver->name;
     257             : }
     258             : 
     259             : static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
     260             :                               const char *routine)
     261             : {
     262             : #ifdef TTY_PARANOIA_CHECK
     263           0 :         if (!tty) {
     264           0 :                 pr_warn("(%d:%d): %s: NULL tty\n",
     265             :                         imajor(inode), iminor(inode), routine);
     266             :                 return 1;
     267             :         }
     268             : #endif
     269             :         return 0;
     270             : }
     271             : 
     272             : /* Caller must hold tty_lock */
     273           0 : static int check_tty_count(struct tty_struct *tty, const char *routine)
     274             : {
     275             : #ifdef CHECK_TTY_COUNT
     276             :         struct list_head *p;
     277           0 :         int count = 0, kopen_count = 0;
     278             : 
     279           0 :         spin_lock(&tty->files_lock);
     280           0 :         list_for_each(p, &tty->tty_files) {
     281           0 :                 count++;
     282             :         }
     283           0 :         spin_unlock(&tty->files_lock);
     284           0 :         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
     285           0 :             tty->driver->subtype == PTY_TYPE_SLAVE &&
     286           0 :             tty->link && tty->link->count)
     287           0 :                 count++;
     288           0 :         if (tty_port_kopened(tty->port))
     289           0 :                 kopen_count++;
     290           0 :         if (tty->count != (count + kopen_count)) {
     291           0 :                 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
     292             :                          routine, tty->count, count, kopen_count);
     293           0 :                 return (count + kopen_count);
     294             :         }
     295             : #endif
     296             :         return 0;
     297             : }
     298             : 
     299             : /**
     300             :  * get_tty_driver               -       find device of a tty
     301             :  * @device: device identifier
     302             :  * @index: returns the index of the tty
     303             :  *
     304             :  * This routine returns a tty driver structure, given a device number and also
     305             :  * passes back the index number.
     306             :  *
     307             :  * Locking: caller must hold tty_mutex
     308             :  */
     309           0 : static struct tty_driver *get_tty_driver(dev_t device, int *index)
     310             : {
     311             :         struct tty_driver *p;
     312             : 
     313           0 :         list_for_each_entry(p, &tty_drivers, tty_drivers) {
     314           0 :                 dev_t base = MKDEV(p->major, p->minor_start);
     315             : 
     316           0 :                 if (device < base || device >= base + p->num)
     317           0 :                         continue;
     318           0 :                 *index = device - base;
     319           0 :                 return tty_driver_kref_get(p);
     320             :         }
     321             :         return NULL;
     322             : }
     323             : 
     324             : /**
     325             :  * tty_dev_name_to_number       -       return dev_t for device name
     326             :  * @name: user space name of device under /dev
     327             :  * @number: pointer to dev_t that this function will populate
     328             :  *
     329             :  * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
     330             :  * (4, 64) or (188, 1). If no corresponding driver is registered then the
     331             :  * function returns -%ENODEV.
     332             :  *
     333             :  * Locking: this acquires tty_mutex to protect the tty_drivers list from
     334             :  *      being modified while we are traversing it, and makes sure to
     335             :  *      release it before exiting.
     336             :  */
     337           0 : int tty_dev_name_to_number(const char *name, dev_t *number)
     338             : {
     339             :         struct tty_driver *p;
     340             :         int ret;
     341           0 :         int index, prefix_length = 0;
     342             :         const char *str;
     343             : 
     344           0 :         for (str = name; *str && !isdigit(*str); str++)
     345             :                 ;
     346             : 
     347           0 :         if (!*str)
     348             :                 return -EINVAL;
     349             : 
     350           0 :         ret = kstrtoint(str, 10, &index);
     351           0 :         if (ret)
     352             :                 return ret;
     353             : 
     354           0 :         prefix_length = str - name;
     355           0 :         mutex_lock(&tty_mutex);
     356             : 
     357           0 :         list_for_each_entry(p, &tty_drivers, tty_drivers)
     358           0 :                 if (prefix_length == strlen(p->name) && strncmp(name,
     359             :                                         p->name, prefix_length) == 0) {
     360           0 :                         if (index < p->num) {
     361           0 :                                 *number = MKDEV(p->major, p->minor_start + index);
     362           0 :                                 goto out;
     363             :                         }
     364             :                 }
     365             : 
     366             :         /* if here then driver wasn't found */
     367             :         ret = -ENODEV;
     368             : out:
     369           0 :         mutex_unlock(&tty_mutex);
     370           0 :         return ret;
     371             : }
     372             : EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
     373             : 
     374             : #ifdef CONFIG_CONSOLE_POLL
     375             : 
     376             : /**
     377             :  * tty_find_polling_driver      -       find device of a polled tty
     378             :  * @name: name string to match
     379             :  * @line: pointer to resulting tty line nr
     380             :  *
     381             :  * This routine returns a tty driver structure, given a name and the condition
     382             :  * that the tty driver is capable of polled operation.
     383             :  */
     384             : struct tty_driver *tty_find_polling_driver(char *name, int *line)
     385             : {
     386             :         struct tty_driver *p, *res = NULL;
     387             :         int tty_line = 0;
     388             :         int len;
     389             :         char *str, *stp;
     390             : 
     391             :         for (str = name; *str; str++)
     392             :                 if ((*str >= '0' && *str <= '9') || *str == ',')
     393             :                         break;
     394             :         if (!*str)
     395             :                 return NULL;
     396             : 
     397             :         len = str - name;
     398             :         tty_line = simple_strtoul(str, &str, 10);
     399             : 
     400             :         mutex_lock(&tty_mutex);
     401             :         /* Search through the tty devices to look for a match */
     402             :         list_for_each_entry(p, &tty_drivers, tty_drivers) {
     403             :                 if (!len || strncmp(name, p->name, len) != 0)
     404             :                         continue;
     405             :                 stp = str;
     406             :                 if (*stp == ',')
     407             :                         stp++;
     408             :                 if (*stp == '\0')
     409             :                         stp = NULL;
     410             : 
     411             :                 if (tty_line >= 0 && tty_line < p->num && p->ops &&
     412             :                     p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
     413             :                         res = tty_driver_kref_get(p);
     414             :                         *line = tty_line;
     415             :                         break;
     416             :                 }
     417             :         }
     418             :         mutex_unlock(&tty_mutex);
     419             : 
     420             :         return res;
     421             : }
     422             : EXPORT_SYMBOL_GPL(tty_find_polling_driver);
     423             : #endif
     424             : 
     425           0 : static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
     426             : {
     427           0 :         return 0;
     428             : }
     429             : 
     430           0 : static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
     431             : {
     432           0 :         return -EIO;
     433             : }
     434             : 
     435             : /* No kernel lock held - none needed ;) */
     436           0 : static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
     437             : {
     438           0 :         return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
     439             : }
     440             : 
     441           0 : static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
     442             :                 unsigned long arg)
     443             : {
     444           0 :         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
     445             : }
     446             : 
     447           0 : static long hung_up_tty_compat_ioctl(struct file *file,
     448             :                                      unsigned int cmd, unsigned long arg)
     449             : {
     450           0 :         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
     451             : }
     452             : 
     453           0 : static int hung_up_tty_fasync(int fd, struct file *file, int on)
     454             : {
     455           0 :         return -ENOTTY;
     456             : }
     457             : 
     458           0 : static void tty_show_fdinfo(struct seq_file *m, struct file *file)
     459             : {
     460           0 :         struct tty_struct *tty = file_tty(file);
     461             : 
     462           0 :         if (tty && tty->ops && tty->ops->show_fdinfo)
     463           0 :                 tty->ops->show_fdinfo(tty, m);
     464           0 : }
     465             : 
     466             : static const struct file_operations tty_fops = {
     467             :         .llseek         = no_llseek,
     468             :         .read_iter      = tty_read,
     469             :         .write_iter     = tty_write,
     470             :         .splice_read    = copy_splice_read,
     471             :         .splice_write   = iter_file_splice_write,
     472             :         .poll           = tty_poll,
     473             :         .unlocked_ioctl = tty_ioctl,
     474             :         .compat_ioctl   = tty_compat_ioctl,
     475             :         .open           = tty_open,
     476             :         .release        = tty_release,
     477             :         .fasync         = tty_fasync,
     478             :         .show_fdinfo    = tty_show_fdinfo,
     479             : };
     480             : 
     481             : static const struct file_operations console_fops = {
     482             :         .llseek         = no_llseek,
     483             :         .read_iter      = tty_read,
     484             :         .write_iter     = redirected_tty_write,
     485             :         .splice_read    = copy_splice_read,
     486             :         .splice_write   = iter_file_splice_write,
     487             :         .poll           = tty_poll,
     488             :         .unlocked_ioctl = tty_ioctl,
     489             :         .compat_ioctl   = tty_compat_ioctl,
     490             :         .open           = tty_open,
     491             :         .release        = tty_release,
     492             :         .fasync         = tty_fasync,
     493             : };
     494             : 
     495             : static const struct file_operations hung_up_tty_fops = {
     496             :         .llseek         = no_llseek,
     497             :         .read_iter      = hung_up_tty_read,
     498             :         .write_iter     = hung_up_tty_write,
     499             :         .poll           = hung_up_tty_poll,
     500             :         .unlocked_ioctl = hung_up_tty_ioctl,
     501             :         .compat_ioctl   = hung_up_tty_compat_ioctl,
     502             :         .release        = tty_release,
     503             :         .fasync         = hung_up_tty_fasync,
     504             : };
     505             : 
     506             : static DEFINE_SPINLOCK(redirect_lock);
     507             : static struct file *redirect;
     508             : 
     509             : /**
     510             :  * tty_wakeup   -       request more data
     511             :  * @tty: terminal
     512             :  *
     513             :  * Internal and external helper for wakeups of tty. This function informs the
     514             :  * line discipline if present that the driver is ready to receive more output
     515             :  * data.
     516             :  */
     517           0 : void tty_wakeup(struct tty_struct *tty)
     518             : {
     519             :         struct tty_ldisc *ld;
     520             : 
     521           0 :         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
     522           0 :                 ld = tty_ldisc_ref(tty);
     523           0 :                 if (ld) {
     524           0 :                         if (ld->ops->write_wakeup)
     525           0 :                                 ld->ops->write_wakeup(tty);
     526           0 :                         tty_ldisc_deref(ld);
     527             :                 }
     528             :         }
     529           0 :         wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
     530           0 : }
     531             : EXPORT_SYMBOL_GPL(tty_wakeup);
     532             : 
     533             : /**
     534             :  * tty_release_redirect -       Release a redirect on a pty if present
     535             :  * @tty: tty device
     536             :  *
     537             :  * This is available to the pty code so if the master closes, if the slave is a
     538             :  * redirect it can release the redirect.
     539             :  */
     540             : static struct file *tty_release_redirect(struct tty_struct *tty)
     541             : {
     542           0 :         struct file *f = NULL;
     543             : 
     544           0 :         spin_lock(&redirect_lock);
     545           0 :         if (redirect && file_tty(redirect) == tty) {
     546           0 :                 f = redirect;
     547           0 :                 redirect = NULL;
     548             :         }
     549           0 :         spin_unlock(&redirect_lock);
     550             : 
     551             :         return f;
     552             : }
     553             : 
     554             : /**
     555             :  * __tty_hangup         -       actual handler for hangup events
     556             :  * @tty: tty device
     557             :  * @exit_session: if non-zero, signal all foreground group processes
     558             :  *
     559             :  * This can be called by a "kworker" kernel thread. That is process synchronous
     560             :  * but doesn't hold any locks, so we need to make sure we have the appropriate
     561             :  * locks for what we're doing.
     562             :  *
     563             :  * The hangup event clears any pending redirections onto the hung up device. It
     564             :  * ensures future writes will error and it does the needed line discipline
     565             :  * hangup and signal delivery. The tty object itself remains intact.
     566             :  *
     567             :  * Locking:
     568             :  *  * BTM
     569             :  *
     570             :  *   * redirect lock for undoing redirection
     571             :  *   * file list lock for manipulating list of ttys
     572             :  *   * tty_ldiscs_lock from called functions
     573             :  *   * termios_rwsem resetting termios data
     574             :  *   * tasklist_lock to walk task list for hangup event
     575             :  *
     576             :  *    * ->siglock to protect ->signal/->sighand
     577             :  *
     578             :  */
     579           0 : static void __tty_hangup(struct tty_struct *tty, int exit_session)
     580             : {
     581           0 :         struct file *cons_filp = NULL;
     582             :         struct file *filp, *f;
     583             :         struct tty_file_private *priv;
     584           0 :         int    closecount = 0, n;
     585             :         int refs;
     586             : 
     587           0 :         if (!tty)
     588             :                 return;
     589             : 
     590           0 :         f = tty_release_redirect(tty);
     591             : 
     592           0 :         tty_lock(tty);
     593             : 
     594           0 :         if (test_bit(TTY_HUPPED, &tty->flags)) {
     595           0 :                 tty_unlock(tty);
     596           0 :                 return;
     597             :         }
     598             : 
     599             :         /*
     600             :          * Some console devices aren't actually hung up for technical and
     601             :          * historical reasons, which can lead to indefinite interruptible
     602             :          * sleep in n_tty_read().  The following explicitly tells
     603             :          * n_tty_read() to abort readers.
     604             :          */
     605           0 :         set_bit(TTY_HUPPING, &tty->flags);
     606             : 
     607             :         /* inuse_filps is protected by the single tty lock,
     608             :          * this really needs to change if we want to flush the
     609             :          * workqueue with the lock held.
     610             :          */
     611           0 :         check_tty_count(tty, "tty_hangup");
     612             : 
     613           0 :         spin_lock(&tty->files_lock);
     614             :         /* This breaks for file handles being sent over AF_UNIX sockets ? */
     615           0 :         list_for_each_entry(priv, &tty->tty_files, list) {
     616           0 :                 filp = priv->file;
     617           0 :                 if (filp->f_op->write_iter == redirected_tty_write)
     618           0 :                         cons_filp = filp;
     619           0 :                 if (filp->f_op->write_iter != tty_write)
     620           0 :                         continue;
     621           0 :                 closecount++;
     622           0 :                 __tty_fasync(-1, filp, 0);      /* can't block */
     623           0 :                 filp->f_op = &hung_up_tty_fops;
     624             :         }
     625           0 :         spin_unlock(&tty->files_lock);
     626             : 
     627           0 :         refs = tty_signal_session_leader(tty, exit_session);
     628             :         /* Account for the p->signal references we killed */
     629           0 :         while (refs--)
     630             :                 tty_kref_put(tty);
     631             : 
     632           0 :         tty_ldisc_hangup(tty, cons_filp != NULL);
     633             : 
     634           0 :         spin_lock_irq(&tty->ctrl.lock);
     635           0 :         clear_bit(TTY_THROTTLED, &tty->flags);
     636           0 :         clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
     637           0 :         put_pid(tty->ctrl.session);
     638           0 :         put_pid(tty->ctrl.pgrp);
     639           0 :         tty->ctrl.session = NULL;
     640           0 :         tty->ctrl.pgrp = NULL;
     641           0 :         tty->ctrl.pktstatus = 0;
     642           0 :         spin_unlock_irq(&tty->ctrl.lock);
     643             : 
     644             :         /*
     645             :          * If one of the devices matches a console pointer, we
     646             :          * cannot just call hangup() because that will cause
     647             :          * tty->count and state->count to go out of sync.
     648             :          * So we just call close() the right number of times.
     649             :          */
     650           0 :         if (cons_filp) {
     651           0 :                 if (tty->ops->close)
     652           0 :                         for (n = 0; n < closecount; n++)
     653           0 :                                 tty->ops->close(tty, cons_filp);
     654           0 :         } else if (tty->ops->hangup)
     655           0 :                 tty->ops->hangup(tty);
     656             :         /*
     657             :          * We don't want to have driver/ldisc interactions beyond the ones
     658             :          * we did here. The driver layer expects no calls after ->hangup()
     659             :          * from the ldisc side, which is now guaranteed.
     660             :          */
     661           0 :         set_bit(TTY_HUPPED, &tty->flags);
     662           0 :         clear_bit(TTY_HUPPING, &tty->flags);
     663           0 :         tty_unlock(tty);
     664             : 
     665           0 :         if (f)
     666           0 :                 fput(f);
     667             : }
     668             : 
     669           0 : static void do_tty_hangup(struct work_struct *work)
     670             : {
     671           0 :         struct tty_struct *tty =
     672           0 :                 container_of(work, struct tty_struct, hangup_work);
     673             : 
     674           0 :         __tty_hangup(tty, 0);
     675           0 : }
     676             : 
     677             : /**
     678             :  * tty_hangup           -       trigger a hangup event
     679             :  * @tty: tty to hangup
     680             :  *
     681             :  * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
     682             :  * hangup sequence to run after this event.
     683             :  */
     684           0 : void tty_hangup(struct tty_struct *tty)
     685             : {
     686             :         tty_debug_hangup(tty, "hangup\n");
     687           0 :         schedule_work(&tty->hangup_work);
     688           0 : }
     689             : EXPORT_SYMBOL(tty_hangup);
     690             : 
     691             : /**
     692             :  * tty_vhangup          -       process vhangup
     693             :  * @tty: tty to hangup
     694             :  *
     695             :  * The user has asked via system call for the terminal to be hung up. We do
     696             :  * this synchronously so that when the syscall returns the process is complete.
     697             :  * That guarantee is necessary for security reasons.
     698             :  */
     699           0 : void tty_vhangup(struct tty_struct *tty)
     700             : {
     701             :         tty_debug_hangup(tty, "vhangup\n");
     702           0 :         __tty_hangup(tty, 0);
     703           0 : }
     704             : EXPORT_SYMBOL(tty_vhangup);
     705             : 
     706             : 
     707             : /**
     708             :  * tty_vhangup_self     -       process vhangup for own ctty
     709             :  *
     710             :  * Perform a vhangup on the current controlling tty
     711             :  */
     712           0 : void tty_vhangup_self(void)
     713             : {
     714             :         struct tty_struct *tty;
     715             : 
     716           0 :         tty = get_current_tty();
     717           0 :         if (tty) {
     718           0 :                 tty_vhangup(tty);
     719             :                 tty_kref_put(tty);
     720             :         }
     721           0 : }
     722             : 
     723             : /**
     724             :  * tty_vhangup_session  -       hangup session leader exit
     725             :  * @tty: tty to hangup
     726             :  *
     727             :  * The session leader is exiting and hanging up its controlling terminal.
     728             :  * Every process in the foreground process group is signalled %SIGHUP.
     729             :  *
     730             :  * We do this synchronously so that when the syscall returns the process is
     731             :  * complete. That guarantee is necessary for security reasons.
     732             :  */
     733           0 : void tty_vhangup_session(struct tty_struct *tty)
     734             : {
     735             :         tty_debug_hangup(tty, "session hangup\n");
     736           0 :         __tty_hangup(tty, 1);
     737           0 : }
     738             : 
     739             : /**
     740             :  * tty_hung_up_p        -       was tty hung up
     741             :  * @filp: file pointer of tty
     742             :  *
     743             :  * Return: true if the tty has been subject to a vhangup or a carrier loss
     744             :  */
     745           0 : int tty_hung_up_p(struct file *filp)
     746             : {
     747           0 :         return (filp && filp->f_op == &hung_up_tty_fops);
     748             : }
     749             : EXPORT_SYMBOL(tty_hung_up_p);
     750             : 
     751           0 : void __stop_tty(struct tty_struct *tty)
     752             : {
     753           0 :         if (tty->flow.stopped)
     754             :                 return;
     755           0 :         tty->flow.stopped = true;
     756           0 :         if (tty->ops->stop)
     757           0 :                 tty->ops->stop(tty);
     758             : }
     759             : 
     760             : /**
     761             :  * stop_tty     -       propagate flow control
     762             :  * @tty: tty to stop
     763             :  *
     764             :  * Perform flow control to the driver. May be called on an already stopped
     765             :  * device and will not re-call the &tty_driver->stop() method.
     766             :  *
     767             :  * This functionality is used by both the line disciplines for halting incoming
     768             :  * flow and by the driver. It may therefore be called from any context, may be
     769             :  * under the tty %atomic_write_lock but not always.
     770             :  *
     771             :  * Locking:
     772             :  *      flow.lock
     773             :  */
     774           0 : void stop_tty(struct tty_struct *tty)
     775             : {
     776             :         unsigned long flags;
     777             : 
     778           0 :         spin_lock_irqsave(&tty->flow.lock, flags);
     779           0 :         __stop_tty(tty);
     780           0 :         spin_unlock_irqrestore(&tty->flow.lock, flags);
     781           0 : }
     782             : EXPORT_SYMBOL(stop_tty);
     783             : 
     784           0 : void __start_tty(struct tty_struct *tty)
     785             : {
     786           0 :         if (!tty->flow.stopped || tty->flow.tco_stopped)
     787             :                 return;
     788           0 :         tty->flow.stopped = false;
     789           0 :         if (tty->ops->start)
     790           0 :                 tty->ops->start(tty);
     791           0 :         tty_wakeup(tty);
     792             : }
     793             : 
     794             : /**
     795             :  * start_tty    -       propagate flow control
     796             :  * @tty: tty to start
     797             :  *
     798             :  * Start a tty that has been stopped if at all possible. If @tty was previously
     799             :  * stopped and is now being started, the &tty_driver->start() method is invoked
     800             :  * and the line discipline woken.
     801             :  *
     802             :  * Locking:
     803             :  *      flow.lock
     804             :  */
     805           0 : void start_tty(struct tty_struct *tty)
     806             : {
     807             :         unsigned long flags;
     808             : 
     809           0 :         spin_lock_irqsave(&tty->flow.lock, flags);
     810           0 :         __start_tty(tty);
     811           0 :         spin_unlock_irqrestore(&tty->flow.lock, flags);
     812           0 : }
     813             : EXPORT_SYMBOL(start_tty);
     814             : 
     815           0 : static void tty_update_time(struct tty_struct *tty, bool mtime)
     816             : {
     817           0 :         time64_t sec = ktime_get_real_seconds();
     818             :         struct tty_file_private *priv;
     819             : 
     820           0 :         spin_lock(&tty->files_lock);
     821           0 :         list_for_each_entry(priv, &tty->tty_files, list) {
     822           0 :                 struct inode *inode = file_inode(priv->file);
     823           0 :                 struct timespec64 *time = mtime ? &inode->i_mtime : &inode->i_atime;
     824             : 
     825             :                 /*
     826             :                  * We only care if the two values differ in anything other than the
     827             :                  * lower three bits (i.e every 8 seconds).  If so, then we can update
     828             :                  * the time of the tty device, otherwise it could be construded as a
     829             :                  * security leak to let userspace know the exact timing of the tty.
     830             :                  */
     831           0 :                 if ((sec ^ time->tv_sec) & ~7)
     832           0 :                         time->tv_sec = sec;
     833             :         }
     834           0 :         spin_unlock(&tty->files_lock);
     835           0 : }
     836             : 
     837             : /*
     838             :  * Iterate on the ldisc ->read() function until we've gotten all
     839             :  * the data the ldisc has for us.
     840             :  *
     841             :  * The "cookie" is something that the ldisc read function can fill
     842             :  * in to let us know that there is more data to be had.
     843             :  *
     844             :  * We promise to continue to call the ldisc until it stops returning
     845             :  * data or clears the cookie. The cookie may be something that the
     846             :  * ldisc maintains state for and needs to free.
     847             :  */
     848           0 : static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
     849             :                 struct file *file, struct iov_iter *to)
     850             : {
     851           0 :         int retval = 0;
     852           0 :         void *cookie = NULL;
     853           0 :         unsigned long offset = 0;
     854             :         char kernel_buf[64];
     855           0 :         size_t count = iov_iter_count(to);
     856             : 
     857             :         do {
     858             :                 int size, copied;
     859             : 
     860           0 :                 size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
     861           0 :                 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
     862           0 :                 if (!size)
     863             :                         break;
     864             : 
     865           0 :                 if (size < 0) {
     866             :                         /* Did we have an earlier error (ie -EFAULT)? */
     867           0 :                         if (retval)
     868             :                                 break;
     869           0 :                         retval = size;
     870             : 
     871             :                         /*
     872             :                          * -EOVERFLOW means we didn't have enough space
     873             :                          * for a whole packet, and we shouldn't return
     874             :                          * a partial result.
     875             :                          */
     876           0 :                         if (retval == -EOVERFLOW)
     877           0 :                                 offset = 0;
     878             :                         break;
     879             :                 }
     880             : 
     881           0 :                 copied = copy_to_iter(kernel_buf, size, to);
     882           0 :                 offset += copied;
     883           0 :                 count -= copied;
     884             : 
     885             :                 /*
     886             :                  * If the user copy failed, we still need to do another ->read()
     887             :                  * call if we had a cookie to let the ldisc clear up.
     888             :                  *
     889             :                  * But make sure size is zeroed.
     890             :                  */
     891           0 :                 if (unlikely(copied != size)) {
     892           0 :                         count = 0;
     893           0 :                         retval = -EFAULT;
     894             :                 }
     895           0 :         } while (cookie);
     896             : 
     897             :         /* We always clear tty buffer in case they contained passwords */
     898           0 :         memzero_explicit(kernel_buf, sizeof(kernel_buf));
     899           0 :         return offset ? offset : retval;
     900             : }
     901             : 
     902             : 
     903             : /**
     904             :  * tty_read     -       read method for tty device files
     905             :  * @iocb: kernel I/O control block
     906             :  * @to: destination for the data read
     907             :  *
     908             :  * Perform the read system call function on this terminal device. Checks
     909             :  * for hung up devices before calling the line discipline method.
     910             :  *
     911             :  * Locking:
     912             :  *      Locks the line discipline internally while needed. Multiple read calls
     913             :  *      may be outstanding in parallel.
     914             :  */
     915           0 : static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
     916             : {
     917             :         int i;
     918           0 :         struct file *file = iocb->ki_filp;
     919           0 :         struct inode *inode = file_inode(file);
     920           0 :         struct tty_struct *tty = file_tty(file);
     921             :         struct tty_ldisc *ld;
     922             : 
     923           0 :         if (tty_paranoia_check(tty, inode, "tty_read"))
     924             :                 return -EIO;
     925           0 :         if (!tty || tty_io_error(tty))
     926             :                 return -EIO;
     927             : 
     928             :         /* We want to wait for the line discipline to sort out in this
     929             :          * situation.
     930             :          */
     931           0 :         ld = tty_ldisc_ref_wait(tty);
     932           0 :         if (!ld)
     933             :                 return hung_up_tty_read(iocb, to);
     934           0 :         i = -EIO;
     935           0 :         if (ld->ops->read)
     936           0 :                 i = iterate_tty_read(ld, tty, file, to);
     937           0 :         tty_ldisc_deref(ld);
     938             : 
     939           0 :         if (i > 0)
     940           0 :                 tty_update_time(tty, false);
     941             : 
     942           0 :         return i;
     943             : }
     944             : 
     945           0 : void tty_write_unlock(struct tty_struct *tty)
     946             : {
     947           0 :         mutex_unlock(&tty->atomic_write_lock);
     948           0 :         wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
     949           0 : }
     950             : 
     951           0 : int tty_write_lock(struct tty_struct *tty, int ndelay)
     952             : {
     953           0 :         if (!mutex_trylock(&tty->atomic_write_lock)) {
     954           0 :                 if (ndelay)
     955             :                         return -EAGAIN;
     956           0 :                 if (mutex_lock_interruptible(&tty->atomic_write_lock))
     957             :                         return -ERESTARTSYS;
     958             :         }
     959             :         return 0;
     960             : }
     961             : 
     962             : /*
     963             :  * Split writes up in sane blocksizes to avoid
     964             :  * denial-of-service type attacks
     965             :  */
     966           0 : static inline ssize_t do_tty_write(
     967             :         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
     968             :         struct tty_struct *tty,
     969             :         struct file *file,
     970             :         struct iov_iter *from)
     971             : {
     972           0 :         size_t count = iov_iter_count(from);
     973           0 :         ssize_t ret, written = 0;
     974             :         unsigned int chunk;
     975             : 
     976           0 :         ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
     977           0 :         if (ret < 0)
     978             :                 return ret;
     979             : 
     980             :         /*
     981             :          * We chunk up writes into a temporary buffer. This
     982             :          * simplifies low-level drivers immensely, since they
     983             :          * don't have locking issues and user mode accesses.
     984             :          *
     985             :          * But if TTY_NO_WRITE_SPLIT is set, we should use a
     986             :          * big chunk-size..
     987             :          *
     988             :          * The default chunk-size is 2kB, because the NTTY
     989             :          * layer has problems with bigger chunks. It will
     990             :          * claim to be able to handle more characters than
     991             :          * it actually does.
     992             :          */
     993           0 :         chunk = 2048;
     994           0 :         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
     995           0 :                 chunk = 65536;
     996           0 :         if (count < chunk)
     997           0 :                 chunk = count;
     998             : 
     999             :         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
    1000           0 :         if (tty->write_cnt < chunk) {
    1001             :                 unsigned char *buf_chunk;
    1002             : 
    1003           0 :                 if (chunk < 1024)
    1004           0 :                         chunk = 1024;
    1005             : 
    1006           0 :                 buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
    1007           0 :                 if (!buf_chunk) {
    1008             :                         ret = -ENOMEM;
    1009             :                         goto out;
    1010             :                 }
    1011           0 :                 kvfree(tty->write_buf);
    1012           0 :                 tty->write_cnt = chunk;
    1013           0 :                 tty->write_buf = buf_chunk;
    1014             :         }
    1015             : 
    1016             :         /* Do the write .. */
    1017           0 :         for (;;) {
    1018           0 :                 size_t size = count;
    1019             : 
    1020           0 :                 if (size > chunk)
    1021           0 :                         size = chunk;
    1022             : 
    1023           0 :                 ret = -EFAULT;
    1024           0 :                 if (copy_from_iter(tty->write_buf, size, from) != size)
    1025             :                         break;
    1026             : 
    1027           0 :                 ret = write(tty, file, tty->write_buf, size);
    1028           0 :                 if (ret <= 0)
    1029             :                         break;
    1030             : 
    1031           0 :                 written += ret;
    1032           0 :                 if (ret > size)
    1033             :                         break;
    1034             : 
    1035             :                 /* FIXME! Have Al check this! */
    1036           0 :                 if (ret != size)
    1037           0 :                         iov_iter_revert(from, size-ret);
    1038             : 
    1039           0 :                 count -= ret;
    1040           0 :                 if (!count)
    1041             :                         break;
    1042           0 :                 ret = -ERESTARTSYS;
    1043           0 :                 if (signal_pending(current))
    1044             :                         break;
    1045           0 :                 cond_resched();
    1046             :         }
    1047           0 :         if (written) {
    1048           0 :                 tty_update_time(tty, true);
    1049           0 :                 ret = written;
    1050             :         }
    1051             : out:
    1052           0 :         tty_write_unlock(tty);
    1053           0 :         return ret;
    1054             : }
    1055             : 
    1056             : /**
    1057             :  * tty_write_message - write a message to a certain tty, not just the console.
    1058             :  * @tty: the destination tty_struct
    1059             :  * @msg: the message to write
    1060             :  *
    1061             :  * This is used for messages that need to be redirected to a specific tty. We
    1062             :  * don't put it into the syslog queue right now maybe in the future if really
    1063             :  * needed.
    1064             :  *
    1065             :  * We must still hold the BTM and test the CLOSING flag for the moment.
    1066             :  */
    1067           0 : void tty_write_message(struct tty_struct *tty, char *msg)
    1068             : {
    1069           0 :         if (tty) {
    1070           0 :                 mutex_lock(&tty->atomic_write_lock);
    1071           0 :                 tty_lock(tty);
    1072           0 :                 if (tty->ops->write && tty->count > 0)
    1073           0 :                         tty->ops->write(tty, msg, strlen(msg));
    1074           0 :                 tty_unlock(tty);
    1075           0 :                 tty_write_unlock(tty);
    1076             :         }
    1077           0 : }
    1078             : 
    1079           0 : static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
    1080             : {
    1081           0 :         struct tty_struct *tty = file_tty(file);
    1082             :         struct tty_ldisc *ld;
    1083             :         ssize_t ret;
    1084             : 
    1085           0 :         if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
    1086             :                 return -EIO;
    1087           0 :         if (!tty || !tty->ops->write ||   tty_io_error(tty))
    1088             :                 return -EIO;
    1089             :         /* Short term debug to catch buggy drivers */
    1090           0 :         if (tty->ops->write_room == NULL)
    1091           0 :                 tty_err(tty, "missing write_room method\n");
    1092           0 :         ld = tty_ldisc_ref_wait(tty);
    1093           0 :         if (!ld)
    1094             :                 return hung_up_tty_write(iocb, from);
    1095           0 :         if (!ld->ops->write)
    1096             :                 ret = -EIO;
    1097             :         else
    1098           0 :                 ret = do_tty_write(ld->ops->write, tty, file, from);
    1099           0 :         tty_ldisc_deref(ld);
    1100             :         return ret;
    1101             : }
    1102             : 
    1103             : /**
    1104             :  * tty_write            -       write method for tty device file
    1105             :  * @iocb: kernel I/O control block
    1106             :  * @from: iov_iter with data to write
    1107             :  *
    1108             :  * Write data to a tty device via the line discipline.
    1109             :  *
    1110             :  * Locking:
    1111             :  *      Locks the line discipline as required
    1112             :  *      Writes to the tty driver are serialized by the atomic_write_lock
    1113             :  *      and are then processed in chunks to the device. The line
    1114             :  *      discipline write method will not be invoked in parallel for
    1115             :  *      each device.
    1116             :  */
    1117           0 : static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
    1118             : {
    1119           0 :         return file_tty_write(iocb->ki_filp, iocb, from);
    1120             : }
    1121             : 
    1122           0 : ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
    1123             : {
    1124           0 :         struct file *p = NULL;
    1125             : 
    1126           0 :         spin_lock(&redirect_lock);
    1127           0 :         if (redirect)
    1128           0 :                 p = get_file(redirect);
    1129           0 :         spin_unlock(&redirect_lock);
    1130             : 
    1131             :         /*
    1132             :          * We know the redirected tty is just another tty, we can
    1133             :          * call file_tty_write() directly with that file pointer.
    1134             :          */
    1135           0 :         if (p) {
    1136             :                 ssize_t res;
    1137             : 
    1138           0 :                 res = file_tty_write(p, iocb, iter);
    1139           0 :                 fput(p);
    1140           0 :                 return res;
    1141             :         }
    1142           0 :         return tty_write(iocb, iter);
    1143             : }
    1144             : 
    1145             : /**
    1146             :  * tty_send_xchar       -       send priority character
    1147             :  * @tty: the tty to send to
    1148             :  * @ch: xchar to send
    1149             :  *
    1150             :  * Send a high priority character to the tty even if stopped.
    1151             :  *
    1152             :  * Locking: none for xchar method, write ordering for write method.
    1153             :  */
    1154           0 : int tty_send_xchar(struct tty_struct *tty, char ch)
    1155             : {
    1156           0 :         bool was_stopped = tty->flow.stopped;
    1157             : 
    1158           0 :         if (tty->ops->send_xchar) {
    1159           0 :                 down_read(&tty->termios_rwsem);
    1160           0 :                 tty->ops->send_xchar(tty, ch);
    1161           0 :                 up_read(&tty->termios_rwsem);
    1162           0 :                 return 0;
    1163             :         }
    1164             : 
    1165           0 :         if (tty_write_lock(tty, 0) < 0)
    1166             :                 return -ERESTARTSYS;
    1167             : 
    1168           0 :         down_read(&tty->termios_rwsem);
    1169           0 :         if (was_stopped)
    1170           0 :                 start_tty(tty);
    1171           0 :         tty->ops->write(tty, &ch, 1);
    1172           0 :         if (was_stopped)
    1173           0 :                 stop_tty(tty);
    1174           0 :         up_read(&tty->termios_rwsem);
    1175           0 :         tty_write_unlock(tty);
    1176           0 :         return 0;
    1177             : }
    1178             : 
    1179             : /**
    1180             :  * pty_line_name        -       generate name for a pty
    1181             :  * @driver: the tty driver in use
    1182             :  * @index: the minor number
    1183             :  * @p: output buffer of at least 6 bytes
    1184             :  *
    1185             :  * Generate a name from a @driver reference and write it to the output buffer
    1186             :  * @p.
    1187             :  *
    1188             :  * Locking: None
    1189             :  */
    1190             : static void pty_line_name(struct tty_driver *driver, int index, char *p)
    1191             : {
    1192             :         static const char ptychar[] = "pqrstuvwxyzabcde";
    1193         512 :         int i = index + driver->name_base;
    1194             :         /* ->name is initialized to "ttyp", but "tty" is expected */
    1195        1024 :         sprintf(p, "%s%c%x",
    1196             :                 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
    1197         512 :                 ptychar[i >> 4 & 0xf], i & 0xf);
    1198             : }
    1199             : 
    1200             : /**
    1201             :  * tty_line_name        -       generate name for a tty
    1202             :  * @driver: the tty driver in use
    1203             :  * @index: the minor number
    1204             :  * @p: output buffer of at least 7 bytes
    1205             :  *
    1206             :  * Generate a name from a @driver reference and write it to the output buffer
    1207             :  * @p.
    1208             :  *
    1209             :  * Locking: None
    1210             :  */
    1211           1 : static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
    1212             : {
    1213           1 :         if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
    1214           0 :                 return sprintf(p, "%s", driver->name);
    1215             :         else
    1216           1 :                 return sprintf(p, "%s%d", driver->name,
    1217           1 :                                index + driver->name_base);
    1218             : }
    1219             : 
    1220             : /**
    1221             :  * tty_driver_lookup_tty() - find an existing tty, if any
    1222             :  * @driver: the driver for the tty
    1223             :  * @file: file object
    1224             :  * @idx: the minor number
    1225             :  *
    1226             :  * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
    1227             :  * driver lookup() method returns an error.
    1228             :  *
    1229             :  * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
    1230             :  */
    1231           0 : static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
    1232             :                 struct file *file, int idx)
    1233             : {
    1234             :         struct tty_struct *tty;
    1235             : 
    1236           0 :         if (driver->ops->lookup) {
    1237           0 :                 if (!file)
    1238             :                         tty = ERR_PTR(-EIO);
    1239             :                 else
    1240           0 :                         tty = driver->ops->lookup(driver, file, idx);
    1241             :         } else {
    1242           0 :                 if (idx >= driver->num)
    1243             :                         return ERR_PTR(-EINVAL);
    1244           0 :                 tty = driver->ttys[idx];
    1245             :         }
    1246           0 :         if (!IS_ERR(tty))
    1247             :                 tty_kref_get(tty);
    1248             :         return tty;
    1249             : }
    1250             : 
    1251             : /**
    1252             :  * tty_init_termios     -  helper for termios setup
    1253             :  * @tty: the tty to set up
    1254             :  *
    1255             :  * Initialise the termios structure for this tty. This runs under the
    1256             :  * %tty_mutex currently so we can be relaxed about ordering.
    1257             :  */
    1258           0 : void tty_init_termios(struct tty_struct *tty)
    1259             : {
    1260             :         struct ktermios *tp;
    1261           0 :         int idx = tty->index;
    1262             : 
    1263           0 :         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
    1264           0 :                 tty->termios = tty->driver->init_termios;
    1265             :         else {
    1266             :                 /* Check for lazy saved data */
    1267           0 :                 tp = tty->driver->termios[idx];
    1268           0 :                 if (tp != NULL) {
    1269           0 :                         tty->termios = *tp;
    1270           0 :                         tty->termios.c_line  = tty->driver->init_termios.c_line;
    1271             :                 } else
    1272           0 :                         tty->termios = tty->driver->init_termios;
    1273             :         }
    1274             :         /* Compatibility until drivers always set this */
    1275           0 :         tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
    1276           0 :         tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
    1277           0 : }
    1278             : EXPORT_SYMBOL_GPL(tty_init_termios);
    1279             : 
    1280             : /**
    1281             :  * tty_standard_install - usual tty->ops->install
    1282             :  * @driver: the driver for the tty
    1283             :  * @tty: the tty
    1284             :  *
    1285             :  * If the @driver overrides @tty->ops->install, it still can call this function
    1286             :  * to perform the standard install operations.
    1287             :  */
    1288           0 : int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
    1289             : {
    1290           0 :         tty_init_termios(tty);
    1291           0 :         tty_driver_kref_get(driver);
    1292           0 :         tty->count++;
    1293           0 :         driver->ttys[tty->index] = tty;
    1294           0 :         return 0;
    1295             : }
    1296             : EXPORT_SYMBOL_GPL(tty_standard_install);
    1297             : 
    1298             : /**
    1299             :  * tty_driver_install_tty() - install a tty entry in the driver
    1300             :  * @driver: the driver for the tty
    1301             :  * @tty: the tty
    1302             :  *
    1303             :  * Install a tty object into the driver tables. The @tty->index field will be
    1304             :  * set by the time this is called. This method is responsible for ensuring any
    1305             :  * need additional structures are allocated and configured.
    1306             :  *
    1307             :  * Locking: tty_mutex for now
    1308             :  */
    1309           0 : static int tty_driver_install_tty(struct tty_driver *driver,
    1310             :                                                 struct tty_struct *tty)
    1311             : {
    1312           0 :         return driver->ops->install ? driver->ops->install(driver, tty) :
    1313             :                 tty_standard_install(driver, tty);
    1314             : }
    1315             : 
    1316             : /**
    1317             :  * tty_driver_remove_tty() - remove a tty from the driver tables
    1318             :  * @driver: the driver for the tty
    1319             :  * @tty: tty to remove
    1320             :  *
    1321             :  * Remove a tty object from the driver tables. The tty->index field will be set
    1322             :  * by the time this is called.
    1323             :  *
    1324             :  * Locking: tty_mutex for now
    1325             :  */
    1326             : static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
    1327             : {
    1328           0 :         if (driver->ops->remove)
    1329           0 :                 driver->ops->remove(driver, tty);
    1330             :         else
    1331           0 :                 driver->ttys[tty->index] = NULL;
    1332             : }
    1333             : 
    1334             : /**
    1335             :  * tty_reopen() - fast re-open of an open tty
    1336             :  * @tty: the tty to open
    1337             :  *
    1338             :  * Re-opens on master ptys are not allowed and return -%EIO.
    1339             :  *
    1340             :  * Locking: Caller must hold tty_lock
    1341             :  * Return: 0 on success, -errno on error.
    1342             :  */
    1343           0 : static int tty_reopen(struct tty_struct *tty)
    1344             : {
    1345           0 :         struct tty_driver *driver = tty->driver;
    1346             :         struct tty_ldisc *ld;
    1347           0 :         int retval = 0;
    1348             : 
    1349           0 :         if (driver->type == TTY_DRIVER_TYPE_PTY &&
    1350             :             driver->subtype == PTY_TYPE_MASTER)
    1351             :                 return -EIO;
    1352             : 
    1353           0 :         if (!tty->count)
    1354             :                 return -EAGAIN;
    1355             : 
    1356           0 :         if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
    1357             :                 return -EBUSY;
    1358             : 
    1359           0 :         ld = tty_ldisc_ref_wait(tty);
    1360           0 :         if (ld) {
    1361           0 :                 tty_ldisc_deref(ld);
    1362             :         } else {
    1363           0 :                 retval = tty_ldisc_lock(tty, 5 * HZ);
    1364           0 :                 if (retval)
    1365             :                         return retval;
    1366             : 
    1367           0 :                 if (!tty->ldisc)
    1368           0 :                         retval = tty_ldisc_reinit(tty, tty->termios.c_line);
    1369           0 :                 tty_ldisc_unlock(tty);
    1370             :         }
    1371             : 
    1372           0 :         if (retval == 0)
    1373           0 :                 tty->count++;
    1374             : 
    1375             :         return retval;
    1376             : }
    1377             : 
    1378             : /**
    1379             :  * tty_init_dev         -       initialise a tty device
    1380             :  * @driver: tty driver we are opening a device on
    1381             :  * @idx: device index
    1382             :  *
    1383             :  * Prepare a tty device. This may not be a "new" clean device but could also be
    1384             :  * an active device. The pty drivers require special handling because of this.
    1385             :  *
    1386             :  * Locking:
    1387             :  *      The function is called under the tty_mutex, which protects us from the
    1388             :  *      tty struct or driver itself going away.
    1389             :  *
    1390             :  * On exit the tty device has the line discipline attached and a reference
    1391             :  * count of 1. If a pair was created for pty/tty use and the other was a pty
    1392             :  * master then it too has a reference count of 1.
    1393             :  *
    1394             :  * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
    1395             :  * open. The new code protects the open with a mutex, so it's really quite
    1396             :  * straightforward. The mutex locking can probably be relaxed for the (most
    1397             :  * common) case of reopening a tty.
    1398             :  *
    1399             :  * Return: new tty structure
    1400             :  */
    1401           0 : struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
    1402             : {
    1403             :         struct tty_struct *tty;
    1404             :         int retval;
    1405             : 
    1406             :         /*
    1407             :          * First time open is complex, especially for PTY devices.
    1408             :          * This code guarantees that either everything succeeds and the
    1409             :          * TTY is ready for operation, or else the table slots are vacated
    1410             :          * and the allocated memory released.  (Except that the termios
    1411             :          * may be retained.)
    1412             :          */
    1413             : 
    1414           0 :         if (!try_module_get(driver->owner))
    1415             :                 return ERR_PTR(-ENODEV);
    1416             : 
    1417           0 :         tty = alloc_tty_struct(driver, idx);
    1418           0 :         if (!tty) {
    1419             :                 retval = -ENOMEM;
    1420             :                 goto err_module_put;
    1421             :         }
    1422             : 
    1423           0 :         tty_lock(tty);
    1424           0 :         retval = tty_driver_install_tty(driver, tty);
    1425           0 :         if (retval < 0)
    1426             :                 goto err_free_tty;
    1427             : 
    1428           0 :         if (!tty->port)
    1429           0 :                 tty->port = driver->ports[idx];
    1430             : 
    1431           0 :         if (WARN_RATELIMIT(!tty->port,
    1432             :                         "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
    1433             :                         __func__, tty->driver->name)) {
    1434             :                 retval = -EINVAL;
    1435             :                 goto err_release_lock;
    1436             :         }
    1437             : 
    1438           0 :         retval = tty_ldisc_lock(tty, 5 * HZ);
    1439           0 :         if (retval)
    1440             :                 goto err_release_lock;
    1441           0 :         tty->port->itty = tty;
    1442             : 
    1443             :         /*
    1444             :          * Structures all installed ... call the ldisc open routines.
    1445             :          * If we fail here just call release_tty to clean up.  No need
    1446             :          * to decrement the use counts, as release_tty doesn't care.
    1447             :          */
    1448           0 :         retval = tty_ldisc_setup(tty, tty->link);
    1449           0 :         if (retval)
    1450             :                 goto err_release_tty;
    1451           0 :         tty_ldisc_unlock(tty);
    1452             :         /* Return the tty locked so that it cannot vanish under the caller */
    1453           0 :         return tty;
    1454             : 
    1455             : err_free_tty:
    1456           0 :         tty_unlock(tty);
    1457           0 :         free_tty_struct(tty);
    1458             : err_module_put:
    1459           0 :         module_put(driver->owner);
    1460           0 :         return ERR_PTR(retval);
    1461             : 
    1462             :         /* call the tty release_tty routine to clean out this slot */
    1463             : err_release_tty:
    1464           0 :         tty_ldisc_unlock(tty);
    1465           0 :         tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
    1466             :                              retval, idx);
    1467             : err_release_lock:
    1468           0 :         tty_unlock(tty);
    1469           0 :         release_tty(tty, idx);
    1470           0 :         return ERR_PTR(retval);
    1471             : }
    1472             : 
    1473             : /**
    1474             :  * tty_save_termios() - save tty termios data in driver table
    1475             :  * @tty: tty whose termios data to save
    1476             :  *
    1477             :  * Locking: Caller guarantees serialisation with tty_init_termios().
    1478             :  */
    1479           0 : void tty_save_termios(struct tty_struct *tty)
    1480             : {
    1481             :         struct ktermios *tp;
    1482           0 :         int idx = tty->index;
    1483             : 
    1484             :         /* If the port is going to reset then it has no termios to save */
    1485           0 :         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
    1486             :                 return;
    1487             : 
    1488             :         /* Stash the termios data */
    1489           0 :         tp = tty->driver->termios[idx];
    1490           0 :         if (tp == NULL) {
    1491           0 :                 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
    1492           0 :                 if (tp == NULL)
    1493             :                         return;
    1494           0 :                 tty->driver->termios[idx] = tp;
    1495             :         }
    1496           0 :         *tp = tty->termios;
    1497             : }
    1498             : EXPORT_SYMBOL_GPL(tty_save_termios);
    1499             : 
    1500             : /**
    1501             :  * tty_flush_works      -       flush all works of a tty/pty pair
    1502             :  * @tty: tty device to flush works for (or either end of a pty pair)
    1503             :  *
    1504             :  * Sync flush all works belonging to @tty (and the 'other' tty).
    1505             :  */
    1506           0 : static void tty_flush_works(struct tty_struct *tty)
    1507             : {
    1508           0 :         flush_work(&tty->SAK_work);
    1509           0 :         flush_work(&tty->hangup_work);
    1510           0 :         if (tty->link) {
    1511           0 :                 flush_work(&tty->link->SAK_work);
    1512           0 :                 flush_work(&tty->link->hangup_work);
    1513             :         }
    1514           0 : }
    1515             : 
    1516             : /**
    1517             :  * release_one_tty      -       release tty structure memory
    1518             :  * @work: work of tty we are obliterating
    1519             :  *
    1520             :  * Releases memory associated with a tty structure, and clears out the
    1521             :  * driver table slots. This function is called when a device is no longer
    1522             :  * in use. It also gets called when setup of a device fails.
    1523             :  *
    1524             :  * Locking:
    1525             :  *      takes the file list lock internally when working on the list of ttys
    1526             :  *      that the driver keeps.
    1527             :  *
    1528             :  * This method gets called from a work queue so that the driver private
    1529             :  * cleanup ops can sleep (needed for USB at least)
    1530             :  */
    1531           0 : static void release_one_tty(struct work_struct *work)
    1532             : {
    1533           0 :         struct tty_struct *tty =
    1534           0 :                 container_of(work, struct tty_struct, hangup_work);
    1535           0 :         struct tty_driver *driver = tty->driver;
    1536           0 :         struct module *owner = driver->owner;
    1537             : 
    1538           0 :         if (tty->ops->cleanup)
    1539           0 :                 tty->ops->cleanup(tty);
    1540             : 
    1541           0 :         tty_driver_kref_put(driver);
    1542           0 :         module_put(owner);
    1543             : 
    1544           0 :         spin_lock(&tty->files_lock);
    1545           0 :         list_del_init(&tty->tty_files);
    1546           0 :         spin_unlock(&tty->files_lock);
    1547             : 
    1548           0 :         put_pid(tty->ctrl.pgrp);
    1549           0 :         put_pid(tty->ctrl.session);
    1550           0 :         free_tty_struct(tty);
    1551           0 : }
    1552             : 
    1553           0 : static void queue_release_one_tty(struct kref *kref)
    1554             : {
    1555           0 :         struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
    1556             : 
    1557             :         /* The hangup queue is now free so we can reuse it rather than
    1558             :          *  waste a chunk of memory for each port.
    1559             :          */
    1560           0 :         INIT_WORK(&tty->hangup_work, release_one_tty);
    1561           0 :         schedule_work(&tty->hangup_work);
    1562           0 : }
    1563             : 
    1564             : /**
    1565             :  * tty_kref_put         -       release a tty kref
    1566             :  * @tty: tty device
    1567             :  *
    1568             :  * Release a reference to the @tty device and if need be let the kref layer
    1569             :  * destruct the object for us.
    1570             :  */
    1571         160 : void tty_kref_put(struct tty_struct *tty)
    1572             : {
    1573         160 :         if (tty)
    1574           0 :                 kref_put(&tty->kref, queue_release_one_tty);
    1575         160 : }
    1576             : EXPORT_SYMBOL(tty_kref_put);
    1577             : 
    1578             : /**
    1579             :  * release_tty          -       release tty structure memory
    1580             :  * @tty: tty device release
    1581             :  * @idx: index of the tty device release
    1582             :  *
    1583             :  * Release both @tty and a possible linked partner (think pty pair),
    1584             :  * and decrement the refcount of the backing module.
    1585             :  *
    1586             :  * Locking:
    1587             :  *      tty_mutex
    1588             :  *      takes the file list lock internally when working on the list of ttys
    1589             :  *      that the driver keeps.
    1590             :  */
    1591           0 : static void release_tty(struct tty_struct *tty, int idx)
    1592             : {
    1593             :         /* This should always be true but check for the moment */
    1594           0 :         WARN_ON(tty->index != idx);
    1595           0 :         WARN_ON(!mutex_is_locked(&tty_mutex));
    1596           0 :         if (tty->ops->shutdown)
    1597           0 :                 tty->ops->shutdown(tty);
    1598           0 :         tty_save_termios(tty);
    1599           0 :         tty_driver_remove_tty(tty->driver, tty);
    1600           0 :         if (tty->port)
    1601           0 :                 tty->port->itty = NULL;
    1602           0 :         if (tty->link)
    1603           0 :                 tty->link->port->itty = NULL;
    1604           0 :         if (tty->port)
    1605           0 :                 tty_buffer_cancel_work(tty->port);
    1606           0 :         if (tty->link)
    1607           0 :                 tty_buffer_cancel_work(tty->link->port);
    1608             : 
    1609           0 :         tty_kref_put(tty->link);
    1610           0 :         tty_kref_put(tty);
    1611           0 : }
    1612             : 
    1613             : /**
    1614             :  * tty_release_checks - check a tty before real release
    1615             :  * @tty: tty to check
    1616             :  * @idx: index of the tty
    1617             :  *
    1618             :  * Performs some paranoid checking before true release of the @tty. This is a
    1619             :  * no-op unless %TTY_PARANOIA_CHECK is defined.
    1620             :  */
    1621           0 : static int tty_release_checks(struct tty_struct *tty, int idx)
    1622             : {
    1623             : #ifdef TTY_PARANOIA_CHECK
    1624           0 :         if (idx < 0 || idx >= tty->driver->num) {
    1625             :                 tty_debug(tty, "bad idx %d\n", idx);
    1626             :                 return -1;
    1627             :         }
    1628             : 
    1629             :         /* not much to check for devpts */
    1630           0 :         if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
    1631             :                 return 0;
    1632             : 
    1633           0 :         if (tty != tty->driver->ttys[idx]) {
    1634             :                 tty_debug(tty, "bad driver table[%d] = %p\n",
    1635             :                           idx, tty->driver->ttys[idx]);
    1636             :                 return -1;
    1637             :         }
    1638           0 :         if (tty->driver->other) {
    1639           0 :                 struct tty_struct *o_tty = tty->link;
    1640             : 
    1641           0 :                 if (o_tty != tty->driver->other->ttys[idx]) {
    1642             :                         tty_debug(tty, "bad other table[%d] = %p\n",
    1643             :                                   idx, tty->driver->other->ttys[idx]);
    1644             :                         return -1;
    1645             :                 }
    1646           0 :                 if (o_tty->link != tty) {
    1647             :                         tty_debug(tty, "bad link = %p\n", o_tty->link);
    1648             :                         return -1;
    1649             :                 }
    1650             :         }
    1651             : #endif
    1652           0 :         return 0;
    1653             : }
    1654             : 
    1655             : /**
    1656             :  * tty_kclose      -       closes tty opened by tty_kopen
    1657             :  * @tty: tty device
    1658             :  *
    1659             :  * Performs the final steps to release and free a tty device. It is the same as
    1660             :  * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
    1661             :  * @tty->port.
    1662             :  */
    1663           0 : void tty_kclose(struct tty_struct *tty)
    1664             : {
    1665             :         /*
    1666             :          * Ask the line discipline code to release its structures
    1667             :          */
    1668           0 :         tty_ldisc_release(tty);
    1669             : 
    1670             :         /* Wait for pending work before tty destruction commences */
    1671           0 :         tty_flush_works(tty);
    1672             : 
    1673             :         tty_debug_hangup(tty, "freeing structure\n");
    1674             :         /*
    1675             :          * The release_tty function takes care of the details of clearing
    1676             :          * the slots and preserving the termios structure.
    1677             :          */
    1678           0 :         mutex_lock(&tty_mutex);
    1679           0 :         tty_port_set_kopened(tty->port, 0);
    1680           0 :         release_tty(tty, tty->index);
    1681           0 :         mutex_unlock(&tty_mutex);
    1682           0 : }
    1683             : EXPORT_SYMBOL_GPL(tty_kclose);
    1684             : 
    1685             : /**
    1686             :  * tty_release_struct   -       release a tty struct
    1687             :  * @tty: tty device
    1688             :  * @idx: index of the tty
    1689             :  *
    1690             :  * Performs the final steps to release and free a tty device. It is roughly the
    1691             :  * reverse of tty_init_dev().
    1692             :  */
    1693           0 : void tty_release_struct(struct tty_struct *tty, int idx)
    1694             : {
    1695             :         /*
    1696             :          * Ask the line discipline code to release its structures
    1697             :          */
    1698           0 :         tty_ldisc_release(tty);
    1699             : 
    1700             :         /* Wait for pending work before tty destruction commmences */
    1701           0 :         tty_flush_works(tty);
    1702             : 
    1703             :         tty_debug_hangup(tty, "freeing structure\n");
    1704             :         /*
    1705             :          * The release_tty function takes care of the details of clearing
    1706             :          * the slots and preserving the termios structure.
    1707             :          */
    1708           0 :         mutex_lock(&tty_mutex);
    1709           0 :         release_tty(tty, idx);
    1710           0 :         mutex_unlock(&tty_mutex);
    1711           0 : }
    1712             : EXPORT_SYMBOL_GPL(tty_release_struct);
    1713             : 
    1714             : /**
    1715             :  * tty_release          -       vfs callback for close
    1716             :  * @inode: inode of tty
    1717             :  * @filp: file pointer for handle to tty
    1718             :  *
    1719             :  * Called the last time each file handle is closed that references this tty.
    1720             :  * There may however be several such references.
    1721             :  *
    1722             :  * Locking:
    1723             :  *      Takes BKL. See tty_release_dev().
    1724             :  *
    1725             :  * Even releasing the tty structures is a tricky business. We have to be very
    1726             :  * careful that the structures are all released at the same time, as interrupts
    1727             :  * might otherwise get the wrong pointers.
    1728             :  *
    1729             :  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
    1730             :  * lead to double frees or releasing memory still in use.
    1731             :  */
    1732           0 : int tty_release(struct inode *inode, struct file *filp)
    1733             : {
    1734           0 :         struct tty_struct *tty = file_tty(filp);
    1735           0 :         struct tty_struct *o_tty = NULL;
    1736             :         int     do_sleep, final;
    1737             :         int     idx;
    1738           0 :         long    timeout = 0;
    1739           0 :         int     once = 1;
    1740             : 
    1741           0 :         if (tty_paranoia_check(tty, inode, __func__))
    1742             :                 return 0;
    1743             : 
    1744           0 :         tty_lock(tty);
    1745           0 :         check_tty_count(tty, __func__);
    1746             : 
    1747           0 :         __tty_fasync(-1, filp, 0);
    1748             : 
    1749           0 :         idx = tty->index;
    1750           0 :         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
    1751             :             tty->driver->subtype == PTY_TYPE_MASTER)
    1752           0 :                 o_tty = tty->link;
    1753             : 
    1754           0 :         if (tty_release_checks(tty, idx)) {
    1755           0 :                 tty_unlock(tty);
    1756           0 :                 return 0;
    1757             :         }
    1758             : 
    1759             :         tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
    1760             : 
    1761           0 :         if (tty->ops->close)
    1762           0 :                 tty->ops->close(tty, filp);
    1763             : 
    1764             :         /* If tty is pty master, lock the slave pty (stable lock order) */
    1765           0 :         tty_lock_slave(o_tty);
    1766             : 
    1767             :         /*
    1768             :          * Sanity check: if tty->count is going to zero, there shouldn't be
    1769             :          * any waiters on tty->read_wait or tty->write_wait.  We test the
    1770             :          * wait queues and kick everyone out _before_ actually starting to
    1771             :          * close.  This ensures that we won't block while releasing the tty
    1772             :          * structure.
    1773             :          *
    1774             :          * The test for the o_tty closing is necessary, since the master and
    1775             :          * slave sides may close in any order.  If the slave side closes out
    1776             :          * first, its count will be one, since the master side holds an open.
    1777             :          * Thus this test wouldn't be triggered at the time the slave closed,
    1778             :          * so we do it now.
    1779             :          */
    1780             :         while (1) {
    1781           0 :                 do_sleep = 0;
    1782             : 
    1783           0 :                 if (tty->count <= 1) {
    1784           0 :                         if (waitqueue_active(&tty->read_wait)) {
    1785           0 :                                 wake_up_poll(&tty->read_wait, EPOLLIN);
    1786           0 :                                 do_sleep++;
    1787             :                         }
    1788           0 :                         if (waitqueue_active(&tty->write_wait)) {
    1789           0 :                                 wake_up_poll(&tty->write_wait, EPOLLOUT);
    1790           0 :                                 do_sleep++;
    1791             :                         }
    1792             :                 }
    1793           0 :                 if (o_tty && o_tty->count <= 1) {
    1794           0 :                         if (waitqueue_active(&o_tty->read_wait)) {
    1795           0 :                                 wake_up_poll(&o_tty->read_wait, EPOLLIN);
    1796           0 :                                 do_sleep++;
    1797             :                         }
    1798           0 :                         if (waitqueue_active(&o_tty->write_wait)) {
    1799           0 :                                 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
    1800           0 :                                 do_sleep++;
    1801             :                         }
    1802             :                 }
    1803           0 :                 if (!do_sleep)
    1804             :                         break;
    1805             : 
    1806           0 :                 if (once) {
    1807           0 :                         once = 0;
    1808           0 :                         tty_warn(tty, "read/write wait queue active!\n");
    1809             :                 }
    1810           0 :                 schedule_timeout_killable(timeout);
    1811           0 :                 if (timeout < 120 * HZ)
    1812           0 :                         timeout = 2 * timeout + 1;
    1813             :                 else
    1814             :                         timeout = MAX_SCHEDULE_TIMEOUT;
    1815             :         }
    1816             : 
    1817           0 :         if (o_tty) {
    1818           0 :                 if (--o_tty->count < 0) {
    1819           0 :                         tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
    1820           0 :                         o_tty->count = 0;
    1821             :                 }
    1822             :         }
    1823           0 :         if (--tty->count < 0) {
    1824           0 :                 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
    1825           0 :                 tty->count = 0;
    1826             :         }
    1827             : 
    1828             :         /*
    1829             :          * We've decremented tty->count, so we need to remove this file
    1830             :          * descriptor off the tty->tty_files list; this serves two
    1831             :          * purposes:
    1832             :          *  - check_tty_count sees the correct number of file descriptors
    1833             :          *    associated with this tty.
    1834             :          *  - do_tty_hangup no longer sees this file descriptor as
    1835             :          *    something that needs to be handled for hangups.
    1836             :          */
    1837           0 :         tty_del_file(filp);
    1838             : 
    1839             :         /*
    1840             :          * Perform some housekeeping before deciding whether to return.
    1841             :          *
    1842             :          * If _either_ side is closing, make sure there aren't any
    1843             :          * processes that still think tty or o_tty is their controlling
    1844             :          * tty.
    1845             :          */
    1846           0 :         if (!tty->count) {
    1847           0 :                 read_lock(&tasklist_lock);
    1848           0 :                 session_clear_tty(tty->ctrl.session);
    1849           0 :                 if (o_tty)
    1850           0 :                         session_clear_tty(o_tty->ctrl.session);
    1851           0 :                 read_unlock(&tasklist_lock);
    1852             :         }
    1853             : 
    1854             :         /* check whether both sides are closing ... */
    1855           0 :         final = !tty->count && !(o_tty && o_tty->count);
    1856             : 
    1857           0 :         tty_unlock_slave(o_tty);
    1858           0 :         tty_unlock(tty);
    1859             : 
    1860             :         /* At this point, the tty->count == 0 should ensure a dead tty
    1861             :          * cannot be re-opened by a racing opener.
    1862             :          */
    1863             : 
    1864           0 :         if (!final)
    1865             :                 return 0;
    1866             : 
    1867             :         tty_debug_hangup(tty, "final close\n");
    1868             : 
    1869           0 :         tty_release_struct(tty, idx);
    1870           0 :         return 0;
    1871             : }
    1872             : 
    1873             : /**
    1874             :  * tty_open_current_tty - get locked tty of current task
    1875             :  * @device: device number
    1876             :  * @filp: file pointer to tty
    1877             :  * @return: locked tty of the current task iff @device is /dev/tty
    1878             :  *
    1879             :  * Performs a re-open of the current task's controlling tty.
    1880             :  *
    1881             :  * We cannot return driver and index like for the other nodes because devpts
    1882             :  * will not work then. It expects inodes to be from devpts FS.
    1883             :  */
    1884           0 : static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
    1885             : {
    1886             :         struct tty_struct *tty;
    1887             :         int retval;
    1888             : 
    1889           0 :         if (device != MKDEV(TTYAUX_MAJOR, 0))
    1890             :                 return NULL;
    1891             : 
    1892           0 :         tty = get_current_tty();
    1893           0 :         if (!tty)
    1894             :                 return ERR_PTR(-ENXIO);
    1895             : 
    1896           0 :         filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
    1897             :         /* noctty = 1; */
    1898           0 :         tty_lock(tty);
    1899           0 :         tty_kref_put(tty);      /* safe to drop the kref now */
    1900             : 
    1901           0 :         retval = tty_reopen(tty);
    1902           0 :         if (retval < 0) {
    1903           0 :                 tty_unlock(tty);
    1904           0 :                 tty = ERR_PTR(retval);
    1905             :         }
    1906             :         return tty;
    1907             : }
    1908             : 
    1909             : /**
    1910             :  * tty_lookup_driver - lookup a tty driver for a given device file
    1911             :  * @device: device number
    1912             :  * @filp: file pointer to tty
    1913             :  * @index: index for the device in the @return driver
    1914             :  *
    1915             :  * If returned value is not erroneous, the caller is responsible to decrement
    1916             :  * the refcount by tty_driver_kref_put().
    1917             :  *
    1918             :  * Locking: %tty_mutex protects get_tty_driver()
    1919             :  *
    1920             :  * Return: driver for this inode (with increased refcount)
    1921             :  */
    1922           0 : static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
    1923             :                 int *index)
    1924             : {
    1925           0 :         struct tty_driver *driver = NULL;
    1926             : 
    1927           0 :         switch (device) {
    1928             : #ifdef CONFIG_VT
    1929             :         case MKDEV(TTY_MAJOR, 0): {
    1930             :                 extern struct tty_driver *console_driver;
    1931             : 
    1932             :                 driver = tty_driver_kref_get(console_driver);
    1933             :                 *index = fg_console;
    1934             :                 break;
    1935             :         }
    1936             : #endif
    1937             :         case MKDEV(TTYAUX_MAJOR, 1): {
    1938           0 :                 struct tty_driver *console_driver = console_device(index);
    1939             : 
    1940           0 :                 if (console_driver) {
    1941           0 :                         driver = tty_driver_kref_get(console_driver);
    1942           0 :                         if (driver && filp) {
    1943             :                                 /* Don't let /dev/console block */
    1944           0 :                                 filp->f_flags |= O_NONBLOCK;
    1945           0 :                                 break;
    1946             :                         }
    1947             :                 }
    1948           0 :                 if (driver)
    1949             :                         tty_driver_kref_put(driver);
    1950             :                 return ERR_PTR(-ENODEV);
    1951             :         }
    1952             :         default:
    1953           0 :                 driver = get_tty_driver(device, index);
    1954           0 :                 if (!driver)
    1955             :                         return ERR_PTR(-ENODEV);
    1956             :                 break;
    1957             :         }
    1958             :         return driver;
    1959             : }
    1960             : 
    1961           0 : static struct tty_struct *tty_kopen(dev_t device, int shared)
    1962             : {
    1963             :         struct tty_struct *tty;
    1964             :         struct tty_driver *driver;
    1965           0 :         int index = -1;
    1966             : 
    1967           0 :         mutex_lock(&tty_mutex);
    1968           0 :         driver = tty_lookup_driver(device, NULL, &index);
    1969           0 :         if (IS_ERR(driver)) {
    1970           0 :                 mutex_unlock(&tty_mutex);
    1971           0 :                 return ERR_CAST(driver);
    1972             :         }
    1973             : 
    1974             :         /* check whether we're reopening an existing tty */
    1975           0 :         tty = tty_driver_lookup_tty(driver, NULL, index);
    1976           0 :         if (IS_ERR(tty) || shared)
    1977             :                 goto out;
    1978             : 
    1979           0 :         if (tty) {
    1980             :                 /* drop kref from tty_driver_lookup_tty() */
    1981           0 :                 tty_kref_put(tty);
    1982           0 :                 tty = ERR_PTR(-EBUSY);
    1983             :         } else { /* tty_init_dev returns tty with the tty_lock held */
    1984           0 :                 tty = tty_init_dev(driver, index);
    1985           0 :                 if (IS_ERR(tty))
    1986             :                         goto out;
    1987           0 :                 tty_port_set_kopened(tty->port, 1);
    1988             :         }
    1989             : out:
    1990           0 :         mutex_unlock(&tty_mutex);
    1991           0 :         tty_driver_kref_put(driver);
    1992           0 :         return tty;
    1993             : }
    1994             : 
    1995             : /**
    1996             :  * tty_kopen_exclusive  -       open a tty device for kernel
    1997             :  * @device: dev_t of device to open
    1998             :  *
    1999             :  * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
    2000             :  * it's not already opened and performs the first-time tty initialization.
    2001             :  *
    2002             :  * Claims the global %tty_mutex to serialize:
    2003             :  *  * concurrent first-time tty initialization
    2004             :  *  * concurrent tty driver removal w/ lookup
    2005             :  *  * concurrent tty removal from driver table
    2006             :  *
    2007             :  * Return: the locked initialized &tty_struct
    2008             :  */
    2009           0 : struct tty_struct *tty_kopen_exclusive(dev_t device)
    2010             : {
    2011           0 :         return tty_kopen(device, 0);
    2012             : }
    2013             : EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
    2014             : 
    2015             : /**
    2016             :  * tty_kopen_shared     -       open a tty device for shared in-kernel use
    2017             :  * @device: dev_t of device to open
    2018             :  *
    2019             :  * Opens an already existing tty for in-kernel use. Compared to
    2020             :  * tty_kopen_exclusive() above it doesn't ensure to be the only user.
    2021             :  *
    2022             :  * Locking: identical to tty_kopen() above.
    2023             :  */
    2024           0 : struct tty_struct *tty_kopen_shared(dev_t device)
    2025             : {
    2026           0 :         return tty_kopen(device, 1);
    2027             : }
    2028             : EXPORT_SYMBOL_GPL(tty_kopen_shared);
    2029             : 
    2030             : /**
    2031             :  * tty_open_by_driver   -       open a tty device
    2032             :  * @device: dev_t of device to open
    2033             :  * @filp: file pointer to tty
    2034             :  *
    2035             :  * Performs the driver lookup, checks for a reopen, or otherwise performs the
    2036             :  * first-time tty initialization.
    2037             :  *
    2038             :  *
    2039             :  * Claims the global tty_mutex to serialize:
    2040             :  *  * concurrent first-time tty initialization
    2041             :  *  * concurrent tty driver removal w/ lookup
    2042             :  *  * concurrent tty removal from driver table
    2043             :  *
    2044             :  * Return: the locked initialized or re-opened &tty_struct
    2045             :  */
    2046           0 : static struct tty_struct *tty_open_by_driver(dev_t device,
    2047             :                                              struct file *filp)
    2048             : {
    2049             :         struct tty_struct *tty;
    2050           0 :         struct tty_driver *driver = NULL;
    2051           0 :         int index = -1;
    2052             :         int retval;
    2053             : 
    2054           0 :         mutex_lock(&tty_mutex);
    2055           0 :         driver = tty_lookup_driver(device, filp, &index);
    2056           0 :         if (IS_ERR(driver)) {
    2057           0 :                 mutex_unlock(&tty_mutex);
    2058           0 :                 return ERR_CAST(driver);
    2059             :         }
    2060             : 
    2061             :         /* check whether we're reopening an existing tty */
    2062           0 :         tty = tty_driver_lookup_tty(driver, filp, index);
    2063           0 :         if (IS_ERR(tty)) {
    2064           0 :                 mutex_unlock(&tty_mutex);
    2065           0 :                 goto out;
    2066             :         }
    2067             : 
    2068           0 :         if (tty) {
    2069           0 :                 if (tty_port_kopened(tty->port)) {
    2070           0 :                         tty_kref_put(tty);
    2071           0 :                         mutex_unlock(&tty_mutex);
    2072           0 :                         tty = ERR_PTR(-EBUSY);
    2073           0 :                         goto out;
    2074             :                 }
    2075           0 :                 mutex_unlock(&tty_mutex);
    2076           0 :                 retval = tty_lock_interruptible(tty);
    2077           0 :                 tty_kref_put(tty);  /* drop kref from tty_driver_lookup_tty() */
    2078           0 :                 if (retval) {
    2079           0 :                         if (retval == -EINTR)
    2080           0 :                                 retval = -ERESTARTSYS;
    2081           0 :                         tty = ERR_PTR(retval);
    2082           0 :                         goto out;
    2083             :                 }
    2084           0 :                 retval = tty_reopen(tty);
    2085           0 :                 if (retval < 0) {
    2086           0 :                         tty_unlock(tty);
    2087           0 :                         tty = ERR_PTR(retval);
    2088             :                 }
    2089             :         } else { /* Returns with the tty_lock held for now */
    2090           0 :                 tty = tty_init_dev(driver, index);
    2091           0 :                 mutex_unlock(&tty_mutex);
    2092             :         }
    2093             : out:
    2094           0 :         tty_driver_kref_put(driver);
    2095           0 :         return tty;
    2096             : }
    2097             : 
    2098             : /**
    2099             :  * tty_open     -       open a tty device
    2100             :  * @inode: inode of device file
    2101             :  * @filp: file pointer to tty
    2102             :  *
    2103             :  * tty_open() and tty_release() keep up the tty count that contains the number
    2104             :  * of opens done on a tty. We cannot use the inode-count, as different inodes
    2105             :  * might point to the same tty.
    2106             :  *
    2107             :  * Open-counting is needed for pty masters, as well as for keeping track of
    2108             :  * serial lines: DTR is dropped when the last close happens.
    2109             :  * (This is not done solely through tty->count, now.  - Ted 1/27/92)
    2110             :  *
    2111             :  * The termios state of a pty is reset on the first open so that settings don't
    2112             :  * persist across reuse.
    2113             :  *
    2114             :  * Locking:
    2115             :  *  * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
    2116             :  *  * @tty->count should protect the rest.
    2117             :  *  * ->siglock protects ->signal/->sighand
    2118             :  *
    2119             :  * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
    2120             :  */
    2121           0 : static int tty_open(struct inode *inode, struct file *filp)
    2122             : {
    2123             :         struct tty_struct *tty;
    2124             :         int noctty, retval;
    2125           0 :         dev_t device = inode->i_rdev;
    2126           0 :         unsigned saved_flags = filp->f_flags;
    2127             : 
    2128           0 :         nonseekable_open(inode, filp);
    2129             : 
    2130             : retry_open:
    2131           0 :         retval = tty_alloc_file(filp);
    2132           0 :         if (retval)
    2133             :                 return -ENOMEM;
    2134             : 
    2135           0 :         tty = tty_open_current_tty(device, filp);
    2136           0 :         if (!tty)
    2137           0 :                 tty = tty_open_by_driver(device, filp);
    2138             : 
    2139           0 :         if (IS_ERR(tty)) {
    2140           0 :                 tty_free_file(filp);
    2141           0 :                 retval = PTR_ERR(tty);
    2142           0 :                 if (retval != -EAGAIN || signal_pending(current))
    2143             :                         return retval;
    2144           0 :                 schedule();
    2145           0 :                 goto retry_open;
    2146             :         }
    2147             : 
    2148           0 :         tty_add_file(tty, filp);
    2149             : 
    2150           0 :         check_tty_count(tty, __func__);
    2151             :         tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
    2152             : 
    2153           0 :         if (tty->ops->open)
    2154           0 :                 retval = tty->ops->open(tty, filp);
    2155             :         else
    2156             :                 retval = -ENODEV;
    2157           0 :         filp->f_flags = saved_flags;
    2158             : 
    2159           0 :         if (retval) {
    2160             :                 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
    2161             : 
    2162           0 :                 tty_unlock(tty); /* need to call tty_release without BTM */
    2163           0 :                 tty_release(inode, filp);
    2164           0 :                 if (retval != -ERESTARTSYS)
    2165             :                         return retval;
    2166             : 
    2167           0 :                 if (signal_pending(current))
    2168             :                         return retval;
    2169             : 
    2170           0 :                 schedule();
    2171             :                 /*
    2172             :                  * Need to reset f_op in case a hangup happened.
    2173             :                  */
    2174           0 :                 if (tty_hung_up_p(filp))
    2175           0 :                         filp->f_op = &tty_fops;
    2176             :                 goto retry_open;
    2177             :         }
    2178           0 :         clear_bit(TTY_HUPPED, &tty->flags);
    2179             : 
    2180           0 :         noctty = (filp->f_flags & O_NOCTTY) ||
    2181           0 :                  (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
    2182           0 :                  device == MKDEV(TTYAUX_MAJOR, 1) ||
    2183           0 :                  (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
    2184             :                   tty->driver->subtype == PTY_TYPE_MASTER);
    2185           0 :         if (!noctty)
    2186           0 :                 tty_open_proc_set_tty(filp, tty);
    2187           0 :         tty_unlock(tty);
    2188           0 :         return 0;
    2189             : }
    2190             : 
    2191             : 
    2192             : /**
    2193             :  * tty_poll     -       check tty status
    2194             :  * @filp: file being polled
    2195             :  * @wait: poll wait structures to update
    2196             :  *
    2197             :  * Call the line discipline polling method to obtain the poll status of the
    2198             :  * device.
    2199             :  *
    2200             :  * Locking: locks called line discipline but ldisc poll method may be
    2201             :  * re-entered freely by other callers.
    2202             :  */
    2203           0 : static __poll_t tty_poll(struct file *filp, poll_table *wait)
    2204             : {
    2205           0 :         struct tty_struct *tty = file_tty(filp);
    2206             :         struct tty_ldisc *ld;
    2207           0 :         __poll_t ret = 0;
    2208             : 
    2209           0 :         if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
    2210             :                 return 0;
    2211             : 
    2212           0 :         ld = tty_ldisc_ref_wait(tty);
    2213           0 :         if (!ld)
    2214             :                 return hung_up_tty_poll(filp, wait);
    2215           0 :         if (ld->ops->poll)
    2216           0 :                 ret = ld->ops->poll(tty, filp, wait);
    2217           0 :         tty_ldisc_deref(ld);
    2218           0 :         return ret;
    2219             : }
    2220             : 
    2221           0 : static int __tty_fasync(int fd, struct file *filp, int on)
    2222             : {
    2223           0 :         struct tty_struct *tty = file_tty(filp);
    2224             :         unsigned long flags;
    2225           0 :         int retval = 0;
    2226             : 
    2227           0 :         if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
    2228             :                 goto out;
    2229             : 
    2230           0 :         retval = fasync_helper(fd, filp, on, &tty->fasync);
    2231           0 :         if (retval <= 0)
    2232             :                 goto out;
    2233             : 
    2234           0 :         if (on) {
    2235             :                 enum pid_type type;
    2236             :                 struct pid *pid;
    2237             : 
    2238           0 :                 spin_lock_irqsave(&tty->ctrl.lock, flags);
    2239           0 :                 if (tty->ctrl.pgrp) {
    2240             :                         pid = tty->ctrl.pgrp;
    2241             :                         type = PIDTYPE_PGID;
    2242             :                 } else {
    2243           0 :                         pid = task_pid(current);
    2244           0 :                         type = PIDTYPE_TGID;
    2245             :                 }
    2246           0 :                 get_pid(pid);
    2247           0 :                 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
    2248           0 :                 __f_setown(filp, pid, type, 0);
    2249           0 :                 put_pid(pid);
    2250           0 :                 retval = 0;
    2251             :         }
    2252             : out:
    2253           0 :         return retval;
    2254             : }
    2255             : 
    2256           0 : static int tty_fasync(int fd, struct file *filp, int on)
    2257             : {
    2258           0 :         struct tty_struct *tty = file_tty(filp);
    2259           0 :         int retval = -ENOTTY;
    2260             : 
    2261           0 :         tty_lock(tty);
    2262           0 :         if (!tty_hung_up_p(filp))
    2263           0 :                 retval = __tty_fasync(fd, filp, on);
    2264           0 :         tty_unlock(tty);
    2265             : 
    2266           0 :         return retval;
    2267             : }
    2268             : 
    2269             : static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
    2270             : /**
    2271             :  * tiocsti              -       fake input character
    2272             :  * @tty: tty to fake input into
    2273             :  * @p: pointer to character
    2274             :  *
    2275             :  * Fake input to a tty device. Does the necessary locking and input management.
    2276             :  *
    2277             :  * FIXME: does not honour flow control ??
    2278             :  *
    2279             :  * Locking:
    2280             :  *  * Called functions take tty_ldiscs_lock
    2281             :  *  * current->signal->tty check is safe without locks
    2282             :  */
    2283           0 : static int tiocsti(struct tty_struct *tty, char __user *p)
    2284             : {
    2285           0 :         char ch, mbz = 0;
    2286             :         struct tty_ldisc *ld;
    2287             : 
    2288           0 :         if (!tty_legacy_tiocsti)
    2289             :                 return -EIO;
    2290             : 
    2291           0 :         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
    2292             :                 return -EPERM;
    2293           0 :         if (get_user(ch, p))
    2294             :                 return -EFAULT;
    2295           0 :         tty_audit_tiocsti(tty, ch);
    2296           0 :         ld = tty_ldisc_ref_wait(tty);
    2297           0 :         if (!ld)
    2298             :                 return -EIO;
    2299           0 :         tty_buffer_lock_exclusive(tty->port);
    2300           0 :         if (ld->ops->receive_buf)
    2301           0 :                 ld->ops->receive_buf(tty, &ch, &mbz, 1);
    2302           0 :         tty_buffer_unlock_exclusive(tty->port);
    2303           0 :         tty_ldisc_deref(ld);
    2304           0 :         return 0;
    2305             : }
    2306             : 
    2307             : /**
    2308             :  * tiocgwinsz           -       implement window query ioctl
    2309             :  * @tty: tty
    2310             :  * @arg: user buffer for result
    2311             :  *
    2312             :  * Copies the kernel idea of the window size into the user buffer.
    2313             :  *
    2314             :  * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
    2315             :  * consistent.
    2316             :  */
    2317           0 : static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
    2318             : {
    2319             :         int err;
    2320             : 
    2321           0 :         mutex_lock(&tty->winsize_mutex);
    2322           0 :         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
    2323           0 :         mutex_unlock(&tty->winsize_mutex);
    2324             : 
    2325           0 :         return err ? -EFAULT : 0;
    2326             : }
    2327             : 
    2328             : /**
    2329             :  * tty_do_resize        -       resize event
    2330             :  * @tty: tty being resized
    2331             :  * @ws: new dimensions
    2332             :  *
    2333             :  * Update the termios variables and send the necessary signals to peform a
    2334             :  * terminal resize correctly.
    2335             :  */
    2336           0 : int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
    2337             : {
    2338             :         struct pid *pgrp;
    2339             : 
    2340             :         /* Lock the tty */
    2341           0 :         mutex_lock(&tty->winsize_mutex);
    2342           0 :         if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
    2343             :                 goto done;
    2344             : 
    2345             :         /* Signal the foreground process group */
    2346           0 :         pgrp = tty_get_pgrp(tty);
    2347           0 :         if (pgrp)
    2348           0 :                 kill_pgrp(pgrp, SIGWINCH, 1);
    2349           0 :         put_pid(pgrp);
    2350             : 
    2351           0 :         tty->winsize = *ws;
    2352             : done:
    2353           0 :         mutex_unlock(&tty->winsize_mutex);
    2354           0 :         return 0;
    2355             : }
    2356             : EXPORT_SYMBOL(tty_do_resize);
    2357             : 
    2358             : /**
    2359             :  * tiocswinsz           -       implement window size set ioctl
    2360             :  * @tty: tty side of tty
    2361             :  * @arg: user buffer for result
    2362             :  *
    2363             :  * Copies the user idea of the window size to the kernel. Traditionally this is
    2364             :  * just advisory information but for the Linux console it actually has driver
    2365             :  * level meaning and triggers a VC resize.
    2366             :  *
    2367             :  * Locking:
    2368             :  *      Driver dependent. The default do_resize method takes the tty termios
    2369             :  *      mutex and ctrl.lock. The console takes its own lock then calls into the
    2370             :  *      default method.
    2371             :  */
    2372           0 : static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
    2373             : {
    2374             :         struct winsize tmp_ws;
    2375             : 
    2376           0 :         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
    2377             :                 return -EFAULT;
    2378             : 
    2379           0 :         if (tty->ops->resize)
    2380           0 :                 return tty->ops->resize(tty, &tmp_ws);
    2381             :         else
    2382           0 :                 return tty_do_resize(tty, &tmp_ws);
    2383             : }
    2384             : 
    2385             : /**
    2386             :  * tioccons     -       allow admin to move logical console
    2387             :  * @file: the file to become console
    2388             :  *
    2389             :  * Allow the administrator to move the redirected console device.
    2390             :  *
    2391             :  * Locking: uses redirect_lock to guard the redirect information
    2392             :  */
    2393           0 : static int tioccons(struct file *file)
    2394             : {
    2395           0 :         if (!capable(CAP_SYS_ADMIN))
    2396             :                 return -EPERM;
    2397           0 :         if (file->f_op->write_iter == redirected_tty_write) {
    2398             :                 struct file *f;
    2399             : 
    2400           0 :                 spin_lock(&redirect_lock);
    2401           0 :                 f = redirect;
    2402           0 :                 redirect = NULL;
    2403           0 :                 spin_unlock(&redirect_lock);
    2404           0 :                 if (f)
    2405           0 :                         fput(f);
    2406             :                 return 0;
    2407             :         }
    2408           0 :         if (file->f_op->write_iter != tty_write)
    2409             :                 return -ENOTTY;
    2410           0 :         if (!(file->f_mode & FMODE_WRITE))
    2411             :                 return -EBADF;
    2412           0 :         if (!(file->f_mode & FMODE_CAN_WRITE))
    2413             :                 return -EINVAL;
    2414           0 :         spin_lock(&redirect_lock);
    2415           0 :         if (redirect) {
    2416           0 :                 spin_unlock(&redirect_lock);
    2417           0 :                 return -EBUSY;
    2418             :         }
    2419           0 :         redirect = get_file(file);
    2420           0 :         spin_unlock(&redirect_lock);
    2421           0 :         return 0;
    2422             : }
    2423             : 
    2424             : /**
    2425             :  * tiocsetd     -       set line discipline
    2426             :  * @tty: tty device
    2427             :  * @p: pointer to user data
    2428             :  *
    2429             :  * Set the line discipline according to user request.
    2430             :  *
    2431             :  * Locking: see tty_set_ldisc(), this function is just a helper
    2432             :  */
    2433           0 : static int tiocsetd(struct tty_struct *tty, int __user *p)
    2434             : {
    2435             :         int disc;
    2436             :         int ret;
    2437             : 
    2438           0 :         if (get_user(disc, p))
    2439             :                 return -EFAULT;
    2440             : 
    2441           0 :         ret = tty_set_ldisc(tty, disc);
    2442             : 
    2443           0 :         return ret;
    2444             : }
    2445             : 
    2446             : /**
    2447             :  * tiocgetd     -       get line discipline
    2448             :  * @tty: tty device
    2449             :  * @p: pointer to user data
    2450             :  *
    2451             :  * Retrieves the line discipline id directly from the ldisc.
    2452             :  *
    2453             :  * Locking: waits for ldisc reference (in case the line discipline is changing
    2454             :  * or the @tty is being hungup)
    2455             :  */
    2456           0 : static int tiocgetd(struct tty_struct *tty, int __user *p)
    2457             : {
    2458             :         struct tty_ldisc *ld;
    2459             :         int ret;
    2460             : 
    2461           0 :         ld = tty_ldisc_ref_wait(tty);
    2462           0 :         if (!ld)
    2463             :                 return -EIO;
    2464           0 :         ret = put_user(ld->ops->num, p);
    2465           0 :         tty_ldisc_deref(ld);
    2466           0 :         return ret;
    2467             : }
    2468             : 
    2469             : /**
    2470             :  * send_break   -       performed time break
    2471             :  * @tty: device to break on
    2472             :  * @duration: timeout in mS
    2473             :  *
    2474             :  * Perform a timed break on hardware that lacks its own driver level timed
    2475             :  * break functionality.
    2476             :  *
    2477             :  * Locking:
    2478             :  *      @tty->atomic_write_lock serializes
    2479             :  */
    2480           0 : static int send_break(struct tty_struct *tty, unsigned int duration)
    2481             : {
    2482             :         int retval;
    2483             : 
    2484           0 :         if (tty->ops->break_ctl == NULL)
    2485             :                 return 0;
    2486             : 
    2487           0 :         if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
    2488           0 :                 retval = tty->ops->break_ctl(tty, duration);
    2489             :         else {
    2490             :                 /* Do the work ourselves */
    2491           0 :                 if (tty_write_lock(tty, 0) < 0)
    2492             :                         return -EINTR;
    2493           0 :                 retval = tty->ops->break_ctl(tty, -1);
    2494           0 :                 if (retval)
    2495             :                         goto out;
    2496           0 :                 if (!signal_pending(current))
    2497           0 :                         msleep_interruptible(duration);
    2498           0 :                 retval = tty->ops->break_ctl(tty, 0);
    2499             : out:
    2500           0 :                 tty_write_unlock(tty);
    2501           0 :                 if (signal_pending(current))
    2502           0 :                         retval = -EINTR;
    2503             :         }
    2504             :         return retval;
    2505             : }
    2506             : 
    2507             : /**
    2508             :  * tty_tiocmget         -       get modem status
    2509             :  * @tty: tty device
    2510             :  * @p: pointer to result
    2511             :  *
    2512             :  * Obtain the modem status bits from the tty driver if the feature is
    2513             :  * supported. Return -%ENOTTY if it is not available.
    2514             :  *
    2515             :  * Locking: none (up to the driver)
    2516             :  */
    2517           0 : static int tty_tiocmget(struct tty_struct *tty, int __user *p)
    2518             : {
    2519           0 :         int retval = -ENOTTY;
    2520             : 
    2521           0 :         if (tty->ops->tiocmget) {
    2522           0 :                 retval = tty->ops->tiocmget(tty);
    2523             : 
    2524           0 :                 if (retval >= 0)
    2525           0 :                         retval = put_user(retval, p);
    2526             :         }
    2527           0 :         return retval;
    2528             : }
    2529             : 
    2530             : /**
    2531             :  * tty_tiocmset         -       set modem status
    2532             :  * @tty: tty device
    2533             :  * @cmd: command - clear bits, set bits or set all
    2534             :  * @p: pointer to desired bits
    2535             :  *
    2536             :  * Set the modem status bits from the tty driver if the feature
    2537             :  * is supported. Return -%ENOTTY if it is not available.
    2538             :  *
    2539             :  * Locking: none (up to the driver)
    2540             :  */
    2541           0 : static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
    2542             :              unsigned __user *p)
    2543             : {
    2544             :         int retval;
    2545             :         unsigned int set, clear, val;
    2546             : 
    2547           0 :         if (tty->ops->tiocmset == NULL)
    2548             :                 return -ENOTTY;
    2549             : 
    2550           0 :         retval = get_user(val, p);
    2551           0 :         if (retval)
    2552             :                 return retval;
    2553           0 :         set = clear = 0;
    2554           0 :         switch (cmd) {
    2555             :         case TIOCMBIS:
    2556           0 :                 set = val;
    2557           0 :                 break;
    2558             :         case TIOCMBIC:
    2559           0 :                 clear = val;
    2560           0 :                 break;
    2561             :         case TIOCMSET:
    2562           0 :                 set = val;
    2563           0 :                 clear = ~val;
    2564           0 :                 break;
    2565             :         }
    2566           0 :         set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
    2567           0 :         clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
    2568           0 :         return tty->ops->tiocmset(tty, set, clear);
    2569             : }
    2570             : 
    2571             : /**
    2572             :  * tty_get_icount       -       get tty statistics
    2573             :  * @tty: tty device
    2574             :  * @icount: output parameter
    2575             :  *
    2576             :  * Gets a copy of the @tty's icount statistics.
    2577             :  *
    2578             :  * Locking: none (up to the driver)
    2579             :  */
    2580           0 : int tty_get_icount(struct tty_struct *tty,
    2581             :                    struct serial_icounter_struct *icount)
    2582             : {
    2583           0 :         memset(icount, 0, sizeof(*icount));
    2584             : 
    2585           0 :         if (tty->ops->get_icount)
    2586           0 :                 return tty->ops->get_icount(tty, icount);
    2587             :         else
    2588             :                 return -ENOTTY;
    2589             : }
    2590             : EXPORT_SYMBOL_GPL(tty_get_icount);
    2591             : 
    2592           0 : static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
    2593             : {
    2594             :         struct serial_icounter_struct icount;
    2595             :         int retval;
    2596             : 
    2597           0 :         retval = tty_get_icount(tty, &icount);
    2598           0 :         if (retval != 0)
    2599             :                 return retval;
    2600             : 
    2601           0 :         if (copy_to_user(arg, &icount, sizeof(icount)))
    2602             :                 return -EFAULT;
    2603           0 :         return 0;
    2604             : }
    2605             : 
    2606           0 : static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
    2607             : {
    2608             :         char comm[TASK_COMM_LEN];
    2609             :         int flags;
    2610             : 
    2611           0 :         flags = ss->flags & ASYNC_DEPRECATED;
    2612             : 
    2613           0 :         if (flags)
    2614           0 :                 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
    2615             :                                 __func__, get_task_comm(comm, current), flags);
    2616             : 
    2617           0 :         if (!tty->ops->set_serial)
    2618             :                 return -ENOTTY;
    2619             : 
    2620           0 :         return tty->ops->set_serial(tty, ss);
    2621             : }
    2622             : 
    2623           0 : static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
    2624             : {
    2625             :         struct serial_struct v;
    2626             : 
    2627           0 :         if (copy_from_user(&v, ss, sizeof(*ss)))
    2628             :                 return -EFAULT;
    2629             : 
    2630           0 :         return tty_set_serial(tty, &v);
    2631             : }
    2632             : 
    2633           0 : static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
    2634             : {
    2635             :         struct serial_struct v;
    2636             :         int err;
    2637             : 
    2638           0 :         memset(&v, 0, sizeof(v));
    2639           0 :         if (!tty->ops->get_serial)
    2640             :                 return -ENOTTY;
    2641           0 :         err = tty->ops->get_serial(tty, &v);
    2642           0 :         if (!err && copy_to_user(ss, &v, sizeof(v)))
    2643           0 :                 err = -EFAULT;
    2644             :         return err;
    2645             : }
    2646             : 
    2647             : /*
    2648             :  * if pty, return the slave side (real_tty)
    2649             :  * otherwise, return self
    2650             :  */
    2651             : static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
    2652             : {
    2653           0 :         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
    2654             :             tty->driver->subtype == PTY_TYPE_MASTER)
    2655           0 :                 tty = tty->link;
    2656             :         return tty;
    2657             : }
    2658             : 
    2659             : /*
    2660             :  * Split this up, as gcc can choke on it otherwise..
    2661             :  */
    2662           0 : long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
    2663             : {
    2664           0 :         struct tty_struct *tty = file_tty(file);
    2665             :         struct tty_struct *real_tty;
    2666           0 :         void __user *p = (void __user *)arg;
    2667             :         int retval;
    2668             :         struct tty_ldisc *ld;
    2669             : 
    2670           0 :         if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
    2671             :                 return -EINVAL;
    2672             : 
    2673           0 :         real_tty = tty_pair_get_tty(tty);
    2674             : 
    2675             :         /*
    2676             :          * Factor out some common prep work
    2677             :          */
    2678             :         switch (cmd) {
    2679             :         case TIOCSETD:
    2680             :         case TIOCSBRK:
    2681             :         case TIOCCBRK:
    2682             :         case TCSBRK:
    2683             :         case TCSBRKP:
    2684           0 :                 retval = tty_check_change(tty);
    2685           0 :                 if (retval)
    2686           0 :                         return retval;
    2687           0 :                 if (cmd != TIOCCBRK) {
    2688           0 :                         tty_wait_until_sent(tty, 0);
    2689           0 :                         if (signal_pending(current))
    2690             :                                 return -EINTR;
    2691             :                 }
    2692             :                 break;
    2693             :         }
    2694             : 
    2695             :         /*
    2696             :          *      Now do the stuff.
    2697             :          */
    2698           0 :         switch (cmd) {
    2699             :         case TIOCSTI:
    2700           0 :                 return tiocsti(tty, p);
    2701             :         case TIOCGWINSZ:
    2702           0 :                 return tiocgwinsz(real_tty, p);
    2703             :         case TIOCSWINSZ:
    2704           0 :                 return tiocswinsz(real_tty, p);
    2705             :         case TIOCCONS:
    2706           0 :                 return real_tty != tty ? -EINVAL : tioccons(file);
    2707             :         case TIOCEXCL:
    2708           0 :                 set_bit(TTY_EXCLUSIVE, &tty->flags);
    2709           0 :                 return 0;
    2710             :         case TIOCNXCL:
    2711           0 :                 clear_bit(TTY_EXCLUSIVE, &tty->flags);
    2712           0 :                 return 0;
    2713             :         case TIOCGEXCL:
    2714             :         {
    2715           0 :                 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
    2716             : 
    2717           0 :                 return put_user(excl, (int __user *)p);
    2718             :         }
    2719             :         case TIOCGETD:
    2720           0 :                 return tiocgetd(tty, p);
    2721             :         case TIOCSETD:
    2722           0 :                 return tiocsetd(tty, p);
    2723             :         case TIOCVHANGUP:
    2724           0 :                 if (!capable(CAP_SYS_ADMIN))
    2725             :                         return -EPERM;
    2726           0 :                 tty_vhangup(tty);
    2727           0 :                 return 0;
    2728             :         case TIOCGDEV:
    2729             :         {
    2730           0 :                 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
    2731             : 
    2732           0 :                 return put_user(ret, (unsigned int __user *)p);
    2733             :         }
    2734             :         /*
    2735             :          * Break handling
    2736             :          */
    2737             :         case TIOCSBRK:  /* Turn break on, unconditionally */
    2738           0 :                 if (tty->ops->break_ctl)
    2739           0 :                         return tty->ops->break_ctl(tty, -1);
    2740             :                 return 0;
    2741             :         case TIOCCBRK:  /* Turn break off, unconditionally */
    2742           0 :                 if (tty->ops->break_ctl)
    2743           0 :                         return tty->ops->break_ctl(tty, 0);
    2744             :                 return 0;
    2745             :         case TCSBRK:   /* SVID version: non-zero arg --> no break */
    2746             :                 /* non-zero arg means wait for all output data
    2747             :                  * to be sent (performed above) but don't send break.
    2748             :                  * This is used by the tcdrain() termios function.
    2749             :                  */
    2750           0 :                 if (!arg)
    2751           0 :                         return send_break(tty, 250);
    2752             :                 return 0;
    2753             :         case TCSBRKP:   /* support for POSIX tcsendbreak() */
    2754           0 :                 return send_break(tty, arg ? arg*100 : 250);
    2755             : 
    2756             :         case TIOCMGET:
    2757           0 :                 return tty_tiocmget(tty, p);
    2758             :         case TIOCMSET:
    2759             :         case TIOCMBIC:
    2760             :         case TIOCMBIS:
    2761           0 :                 return tty_tiocmset(tty, cmd, p);
    2762             :         case TIOCGICOUNT:
    2763           0 :                 return tty_tiocgicount(tty, p);
    2764             :         case TCFLSH:
    2765           0 :                 switch (arg) {
    2766             :                 case TCIFLUSH:
    2767             :                 case TCIOFLUSH:
    2768             :                 /* flush tty buffer and allow ldisc to process ioctl */
    2769           0 :                         tty_buffer_flush(tty, NULL);
    2770           0 :                         break;
    2771             :                 }
    2772             :                 break;
    2773             :         case TIOCSSERIAL:
    2774           0 :                 return tty_tiocsserial(tty, p);
    2775             :         case TIOCGSERIAL:
    2776           0 :                 return tty_tiocgserial(tty, p);
    2777             :         case TIOCGPTPEER:
    2778             :                 /* Special because the struct file is needed */
    2779           0 :                 return ptm_open_peer(file, tty, (int)arg);
    2780             :         default:
    2781           0 :                 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
    2782           0 :                 if (retval != -ENOIOCTLCMD)
    2783           0 :                         return retval;
    2784             :         }
    2785           0 :         if (tty->ops->ioctl) {
    2786           0 :                 retval = tty->ops->ioctl(tty, cmd, arg);
    2787           0 :                 if (retval != -ENOIOCTLCMD)
    2788           0 :                         return retval;
    2789             :         }
    2790           0 :         ld = tty_ldisc_ref_wait(tty);
    2791           0 :         if (!ld)
    2792             :                 return hung_up_tty_ioctl(file, cmd, arg);
    2793           0 :         retval = -EINVAL;
    2794           0 :         if (ld->ops->ioctl) {
    2795           0 :                 retval = ld->ops->ioctl(tty, cmd, arg);
    2796           0 :                 if (retval == -ENOIOCTLCMD)
    2797           0 :                         retval = -ENOTTY;
    2798             :         }
    2799           0 :         tty_ldisc_deref(ld);
    2800           0 :         return retval;
    2801             : }
    2802             : 
    2803             : #ifdef CONFIG_COMPAT
    2804             : 
    2805             : struct serial_struct32 {
    2806             :         compat_int_t    type;
    2807             :         compat_int_t    line;
    2808             :         compat_uint_t   port;
    2809             :         compat_int_t    irq;
    2810             :         compat_int_t    flags;
    2811             :         compat_int_t    xmit_fifo_size;
    2812             :         compat_int_t    custom_divisor;
    2813             :         compat_int_t    baud_base;
    2814             :         unsigned short  close_delay;
    2815             :         char    io_type;
    2816             :         char    reserved_char;
    2817             :         compat_int_t    hub6;
    2818             :         unsigned short  closing_wait; /* time to wait before closing */
    2819             :         unsigned short  closing_wait2; /* no longer used... */
    2820             :         compat_uint_t   iomem_base;
    2821             :         unsigned short  iomem_reg_shift;
    2822             :         unsigned int    port_high;
    2823             :         /* compat_ulong_t  iomap_base FIXME */
    2824             :         compat_int_t    reserved;
    2825             : };
    2826             : 
    2827             : static int compat_tty_tiocsserial(struct tty_struct *tty,
    2828             :                 struct serial_struct32 __user *ss)
    2829             : {
    2830             :         struct serial_struct32 v32;
    2831             :         struct serial_struct v;
    2832             : 
    2833             :         if (copy_from_user(&v32, ss, sizeof(*ss)))
    2834             :                 return -EFAULT;
    2835             : 
    2836             :         memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
    2837             :         v.iomem_base = compat_ptr(v32.iomem_base);
    2838             :         v.iomem_reg_shift = v32.iomem_reg_shift;
    2839             :         v.port_high = v32.port_high;
    2840             :         v.iomap_base = 0;
    2841             : 
    2842             :         return tty_set_serial(tty, &v);
    2843             : }
    2844             : 
    2845             : static int compat_tty_tiocgserial(struct tty_struct *tty,
    2846             :                         struct serial_struct32 __user *ss)
    2847             : {
    2848             :         struct serial_struct32 v32;
    2849             :         struct serial_struct v;
    2850             :         int err;
    2851             : 
    2852             :         memset(&v, 0, sizeof(v));
    2853             :         memset(&v32, 0, sizeof(v32));
    2854             : 
    2855             :         if (!tty->ops->get_serial)
    2856             :                 return -ENOTTY;
    2857             :         err = tty->ops->get_serial(tty, &v);
    2858             :         if (!err) {
    2859             :                 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
    2860             :                 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
    2861             :                         0xfffffff : ptr_to_compat(v.iomem_base);
    2862             :                 v32.iomem_reg_shift = v.iomem_reg_shift;
    2863             :                 v32.port_high = v.port_high;
    2864             :                 if (copy_to_user(ss, &v32, sizeof(v32)))
    2865             :                         err = -EFAULT;
    2866             :         }
    2867             :         return err;
    2868             : }
    2869             : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
    2870             :                                 unsigned long arg)
    2871             : {
    2872             :         struct tty_struct *tty = file_tty(file);
    2873             :         struct tty_ldisc *ld;
    2874             :         int retval = -ENOIOCTLCMD;
    2875             : 
    2876             :         switch (cmd) {
    2877             :         case TIOCOUTQ:
    2878             :         case TIOCSTI:
    2879             :         case TIOCGWINSZ:
    2880             :         case TIOCSWINSZ:
    2881             :         case TIOCGEXCL:
    2882             :         case TIOCGETD:
    2883             :         case TIOCSETD:
    2884             :         case TIOCGDEV:
    2885             :         case TIOCMGET:
    2886             :         case TIOCMSET:
    2887             :         case TIOCMBIC:
    2888             :         case TIOCMBIS:
    2889             :         case TIOCGICOUNT:
    2890             :         case TIOCGPGRP:
    2891             :         case TIOCSPGRP:
    2892             :         case TIOCGSID:
    2893             :         case TIOCSERGETLSR:
    2894             :         case TIOCGRS485:
    2895             :         case TIOCSRS485:
    2896             : #ifdef TIOCGETP
    2897             :         case TIOCGETP:
    2898             :         case TIOCSETP:
    2899             :         case TIOCSETN:
    2900             : #endif
    2901             : #ifdef TIOCGETC
    2902             :         case TIOCGETC:
    2903             :         case TIOCSETC:
    2904             : #endif
    2905             : #ifdef TIOCGLTC
    2906             :         case TIOCGLTC:
    2907             :         case TIOCSLTC:
    2908             : #endif
    2909             :         case TCSETSF:
    2910             :         case TCSETSW:
    2911             :         case TCSETS:
    2912             :         case TCGETS:
    2913             : #ifdef TCGETS2
    2914             :         case TCGETS2:
    2915             :         case TCSETSF2:
    2916             :         case TCSETSW2:
    2917             :         case TCSETS2:
    2918             : #endif
    2919             :         case TCGETA:
    2920             :         case TCSETAF:
    2921             :         case TCSETAW:
    2922             :         case TCSETA:
    2923             :         case TIOCGLCKTRMIOS:
    2924             :         case TIOCSLCKTRMIOS:
    2925             : #ifdef TCGETX
    2926             :         case TCGETX:
    2927             :         case TCSETX:
    2928             :         case TCSETXW:
    2929             :         case TCSETXF:
    2930             : #endif
    2931             :         case TIOCGSOFTCAR:
    2932             :         case TIOCSSOFTCAR:
    2933             : 
    2934             :         case PPPIOCGCHAN:
    2935             :         case PPPIOCGUNIT:
    2936             :                 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
    2937             :         case TIOCCONS:
    2938             :         case TIOCEXCL:
    2939             :         case TIOCNXCL:
    2940             :         case TIOCVHANGUP:
    2941             :         case TIOCSBRK:
    2942             :         case TIOCCBRK:
    2943             :         case TCSBRK:
    2944             :         case TCSBRKP:
    2945             :         case TCFLSH:
    2946             :         case TIOCGPTPEER:
    2947             :         case TIOCNOTTY:
    2948             :         case TIOCSCTTY:
    2949             :         case TCXONC:
    2950             :         case TIOCMIWAIT:
    2951             :         case TIOCSERCONFIG:
    2952             :                 return tty_ioctl(file, cmd, arg);
    2953             :         }
    2954             : 
    2955             :         if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
    2956             :                 return -EINVAL;
    2957             : 
    2958             :         switch (cmd) {
    2959             :         case TIOCSSERIAL:
    2960             :                 return compat_tty_tiocsserial(tty, compat_ptr(arg));
    2961             :         case TIOCGSERIAL:
    2962             :                 return compat_tty_tiocgserial(tty, compat_ptr(arg));
    2963             :         }
    2964             :         if (tty->ops->compat_ioctl) {
    2965             :                 retval = tty->ops->compat_ioctl(tty, cmd, arg);
    2966             :                 if (retval != -ENOIOCTLCMD)
    2967             :                         return retval;
    2968             :         }
    2969             : 
    2970             :         ld = tty_ldisc_ref_wait(tty);
    2971             :         if (!ld)
    2972             :                 return hung_up_tty_compat_ioctl(file, cmd, arg);
    2973             :         if (ld->ops->compat_ioctl)
    2974             :                 retval = ld->ops->compat_ioctl(tty, cmd, arg);
    2975             :         if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
    2976             :                 retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
    2977             :                                 arg);
    2978             :         tty_ldisc_deref(ld);
    2979             : 
    2980             :         return retval;
    2981             : }
    2982             : #endif
    2983             : 
    2984           0 : static int this_tty(const void *t, struct file *file, unsigned fd)
    2985             : {
    2986           0 :         if (likely(file->f_op->read_iter != tty_read))
    2987             :                 return 0;
    2988           0 :         return file_tty(file) != t ? 0 : fd + 1;
    2989             : }
    2990             : 
    2991             : /*
    2992             :  * This implements the "Secure Attention Key" ---  the idea is to
    2993             :  * prevent trojan horses by killing all processes associated with this
    2994             :  * tty when the user hits the "Secure Attention Key".  Required for
    2995             :  * super-paranoid applications --- see the Orange Book for more details.
    2996             :  *
    2997             :  * This code could be nicer; ideally it should send a HUP, wait a few
    2998             :  * seconds, then send a INT, and then a KILL signal.  But you then
    2999             :  * have to coordinate with the init process, since all processes associated
    3000             :  * with the current tty must be dead before the new getty is allowed
    3001             :  * to spawn.
    3002             :  *
    3003             :  * Now, if it would be correct ;-/ The current code has a nasty hole -
    3004             :  * it doesn't catch files in flight. We may send the descriptor to ourselves
    3005             :  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
    3006             :  *
    3007             :  * Nasty bug: do_SAK is being called in interrupt context.  This can
    3008             :  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
    3009             :  */
    3010           0 : void __do_SAK(struct tty_struct *tty)
    3011             : {
    3012             :         struct task_struct *g, *p;
    3013             :         struct pid *session;
    3014             :         int i;
    3015             :         unsigned long flags;
    3016             : 
    3017           0 :         spin_lock_irqsave(&tty->ctrl.lock, flags);
    3018           0 :         session = get_pid(tty->ctrl.session);
    3019           0 :         spin_unlock_irqrestore(&tty->ctrl.lock, flags);
    3020             : 
    3021           0 :         tty_ldisc_flush(tty);
    3022             : 
    3023           0 :         tty_driver_flush_buffer(tty);
    3024             : 
    3025           0 :         read_lock(&tasklist_lock);
    3026             :         /* Kill the entire session */
    3027           0 :         do_each_pid_task(session, PIDTYPE_SID, p) {
    3028           0 :                 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
    3029             :                            task_pid_nr(p), p->comm);
    3030           0 :                 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
    3031             :         } while_each_pid_task(session, PIDTYPE_SID, p);
    3032             : 
    3033             :         /* Now kill any processes that happen to have the tty open */
    3034           0 :         do_each_thread(g, p) {
    3035           0 :                 if (p->signal->tty == tty) {
    3036           0 :                         tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
    3037             :                                    task_pid_nr(p), p->comm);
    3038           0 :                         group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
    3039             :                                         PIDTYPE_SID);
    3040           0 :                         continue;
    3041             :                 }
    3042           0 :                 task_lock(p);
    3043           0 :                 i = iterate_fd(p->files, 0, this_tty, tty);
    3044           0 :                 if (i != 0) {
    3045           0 :                         tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
    3046             :                                    task_pid_nr(p), p->comm, i - 1);
    3047           0 :                         group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
    3048             :                                         PIDTYPE_SID);
    3049             :                 }
    3050           0 :                 task_unlock(p);
    3051           0 :         } while_each_thread(g, p);
    3052           0 :         read_unlock(&tasklist_lock);
    3053           0 :         put_pid(session);
    3054           0 : }
    3055             : 
    3056           0 : static void do_SAK_work(struct work_struct *work)
    3057             : {
    3058           0 :         struct tty_struct *tty =
    3059           0 :                 container_of(work, struct tty_struct, SAK_work);
    3060           0 :         __do_SAK(tty);
    3061           0 : }
    3062             : 
    3063             : /*
    3064             :  * The tq handling here is a little racy - tty->SAK_work may already be queued.
    3065             :  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
    3066             :  * the values which we write to it will be identical to the values which it
    3067             :  * already has. --akpm
    3068             :  */
    3069           0 : void do_SAK(struct tty_struct *tty)
    3070             : {
    3071           0 :         if (!tty)
    3072             :                 return;
    3073           0 :         schedule_work(&tty->SAK_work);
    3074             : }
    3075             : EXPORT_SYMBOL(do_SAK);
    3076             : 
    3077             : /* Must put_device() after it's unused! */
    3078             : static struct device *tty_get_device(struct tty_struct *tty)
    3079             : {
    3080           0 :         dev_t devt = tty_devnum(tty);
    3081             : 
    3082           0 :         return class_find_device_by_devt(&tty_class, devt);
    3083             : }
    3084             : 
    3085             : 
    3086             : /**
    3087             :  * alloc_tty_struct - allocate a new tty
    3088             :  * @driver: driver which will handle the returned tty
    3089             :  * @idx: minor of the tty
    3090             :  *
    3091             :  * This subroutine allocates and initializes a tty structure.
    3092             :  *
    3093             :  * Locking: none - @tty in question is not exposed at this point
    3094             :  */
    3095           0 : struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
    3096             : {
    3097             :         struct tty_struct *tty;
    3098             : 
    3099           0 :         tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
    3100           0 :         if (!tty)
    3101             :                 return NULL;
    3102             : 
    3103           0 :         kref_init(&tty->kref);
    3104           0 :         if (tty_ldisc_init(tty)) {
    3105           0 :                 kfree(tty);
    3106           0 :                 return NULL;
    3107             :         }
    3108           0 :         tty->ctrl.session = NULL;
    3109           0 :         tty->ctrl.pgrp = NULL;
    3110           0 :         mutex_init(&tty->legacy_mutex);
    3111           0 :         mutex_init(&tty->throttle_mutex);
    3112           0 :         init_rwsem(&tty->termios_rwsem);
    3113           0 :         mutex_init(&tty->winsize_mutex);
    3114           0 :         init_ldsem(&tty->ldisc_sem);
    3115           0 :         init_waitqueue_head(&tty->write_wait);
    3116           0 :         init_waitqueue_head(&tty->read_wait);
    3117           0 :         INIT_WORK(&tty->hangup_work, do_tty_hangup);
    3118           0 :         mutex_init(&tty->atomic_write_lock);
    3119           0 :         spin_lock_init(&tty->ctrl.lock);
    3120           0 :         spin_lock_init(&tty->flow.lock);
    3121           0 :         spin_lock_init(&tty->files_lock);
    3122           0 :         INIT_LIST_HEAD(&tty->tty_files);
    3123           0 :         INIT_WORK(&tty->SAK_work, do_SAK_work);
    3124             : 
    3125           0 :         tty->driver = driver;
    3126           0 :         tty->ops = driver->ops;
    3127           0 :         tty->index = idx;
    3128           0 :         tty_line_name(driver, idx, tty->name);
    3129           0 :         tty->dev = tty_get_device(tty);
    3130             : 
    3131           0 :         return tty;
    3132             : }
    3133             : 
    3134             : /**
    3135             :  * tty_put_char - write one character to a tty
    3136             :  * @tty: tty
    3137             :  * @ch: character to write
    3138             :  *
    3139             :  * Write one byte to the @tty using the provided @tty->ops->put_char() method
    3140             :  * if present.
    3141             :  *
    3142             :  * Note: the specific put_char operation in the driver layer may go
    3143             :  * away soon. Don't call it directly, use this method
    3144             :  *
    3145             :  * Return: the number of characters successfully output.
    3146             :  */
    3147           0 : int tty_put_char(struct tty_struct *tty, unsigned char ch)
    3148             : {
    3149           0 :         if (tty->ops->put_char)
    3150           0 :                 return tty->ops->put_char(tty, ch);
    3151           0 :         return tty->ops->write(tty, &ch, 1);
    3152             : }
    3153             : EXPORT_SYMBOL_GPL(tty_put_char);
    3154             : 
    3155           5 : static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
    3156             :                 unsigned int index, unsigned int count)
    3157             : {
    3158             :         int err;
    3159             : 
    3160             :         /* init here, since reused cdevs cause crashes */
    3161           5 :         driver->cdevs[index] = cdev_alloc();
    3162           5 :         if (!driver->cdevs[index])
    3163             :                 return -ENOMEM;
    3164           5 :         driver->cdevs[index]->ops = &tty_fops;
    3165           5 :         driver->cdevs[index]->owner = driver->owner;
    3166           5 :         err = cdev_add(driver->cdevs[index], dev, count);
    3167           5 :         if (err)
    3168           0 :                 kobject_put(&driver->cdevs[index]->kobj);
    3169             :         return err;
    3170             : }
    3171             : 
    3172             : /**
    3173             :  * tty_register_device - register a tty device
    3174             :  * @driver: the tty driver that describes the tty device
    3175             :  * @index: the index in the tty driver for this tty device
    3176             :  * @device: a struct device that is associated with this tty device.
    3177             :  *      This field is optional, if there is no known struct device
    3178             :  *      for this tty device it can be set to NULL safely.
    3179             :  *
    3180             :  * This call is required to be made to register an individual tty device
    3181             :  * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set.  If
    3182             :  * that bit is not set, this function should not be called by a tty
    3183             :  * driver.
    3184             :  *
    3185             :  * Locking: ??
    3186             :  *
    3187             :  * Return: A pointer to the struct device for this tty device (or
    3188             :  * ERR_PTR(-EFOO) on error).
    3189             :  */
    3190           0 : struct device *tty_register_device(struct tty_driver *driver, unsigned index,
    3191             :                                    struct device *device)
    3192             : {
    3193         512 :         return tty_register_device_attr(driver, index, device, NULL, NULL);
    3194             : }
    3195             : EXPORT_SYMBOL(tty_register_device);
    3196             : 
    3197           0 : static void tty_device_create_release(struct device *dev)
    3198             : {
    3199             :         dev_dbg(dev, "releasing...\n");
    3200           0 :         kfree(dev);
    3201           0 : }
    3202             : 
    3203             : /**
    3204             :  * tty_register_device_attr - register a tty device
    3205             :  * @driver: the tty driver that describes the tty device
    3206             :  * @index: the index in the tty driver for this tty device
    3207             :  * @device: a struct device that is associated with this tty device.
    3208             :  *      This field is optional, if there is no known struct device
    3209             :  *      for this tty device it can be set to %NULL safely.
    3210             :  * @drvdata: Driver data to be set to device.
    3211             :  * @attr_grp: Attribute group to be set on device.
    3212             :  *
    3213             :  * This call is required to be made to register an individual tty device if the
    3214             :  * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
    3215             :  * not set, this function should not be called by a tty driver.
    3216             :  *
    3217             :  * Locking: ??
    3218             :  *
    3219             :  * Return: A pointer to the struct device for this tty device (or
    3220             :  * ERR_PTR(-EFOO) on error).
    3221             :  */
    3222         513 : struct device *tty_register_device_attr(struct tty_driver *driver,
    3223             :                                    unsigned index, struct device *device,
    3224             :                                    void *drvdata,
    3225             :                                    const struct attribute_group **attr_grp)
    3226             : {
    3227             :         char name[64];
    3228         513 :         dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
    3229             :         struct ktermios *tp;
    3230             :         struct device *dev;
    3231             :         int retval;
    3232             : 
    3233         513 :         if (index >= driver->num) {
    3234           0 :                 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
    3235             :                        driver->name, index);
    3236           0 :                 return ERR_PTR(-EINVAL);
    3237             :         }
    3238             : 
    3239         513 :         if (driver->type == TTY_DRIVER_TYPE_PTY)
    3240         512 :                 pty_line_name(driver, index, name);
    3241             :         else
    3242           1 :                 tty_line_name(driver, index, name);
    3243             : 
    3244         513 :         dev = kzalloc(sizeof(*dev), GFP_KERNEL);
    3245         513 :         if (!dev)
    3246             :                 return ERR_PTR(-ENOMEM);
    3247             : 
    3248         513 :         dev->devt = devt;
    3249         513 :         dev->class = &tty_class;
    3250         513 :         dev->parent = device;
    3251         513 :         dev->release = tty_device_create_release;
    3252         513 :         dev_set_name(dev, "%s", name);
    3253         513 :         dev->groups = attr_grp;
    3254        1026 :         dev_set_drvdata(dev, drvdata);
    3255             : 
    3256         513 :         dev_set_uevent_suppress(dev, 1);
    3257             : 
    3258         513 :         retval = device_register(dev);
    3259         513 :         if (retval)
    3260             :                 goto err_put;
    3261             : 
    3262         513 :         if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
    3263             :                 /*
    3264             :                  * Free any saved termios data so that the termios state is
    3265             :                  * reset when reusing a minor number.
    3266             :                  */
    3267           1 :                 tp = driver->termios[index];
    3268           1 :                 if (tp) {
    3269           0 :                         driver->termios[index] = NULL;
    3270           0 :                         kfree(tp);
    3271             :                 }
    3272             : 
    3273           1 :                 retval = tty_cdev_add(driver, devt, index, 1);
    3274           1 :                 if (retval)
    3275             :                         goto err_del;
    3276             :         }
    3277             : 
    3278         513 :         dev_set_uevent_suppress(dev, 0);
    3279         513 :         kobject_uevent(&dev->kobj, KOBJ_ADD);
    3280             : 
    3281         513 :         return dev;
    3282             : 
    3283             : err_del:
    3284           0 :         device_del(dev);
    3285             : err_put:
    3286           0 :         put_device(dev);
    3287             : 
    3288           0 :         return ERR_PTR(retval);
    3289             : }
    3290             : EXPORT_SYMBOL_GPL(tty_register_device_attr);
    3291             : 
    3292             : /**
    3293             :  * tty_unregister_device - unregister a tty device
    3294             :  * @driver: the tty driver that describes the tty device
    3295             :  * @index: the index in the tty driver for this tty device
    3296             :  *
    3297             :  * If a tty device is registered with a call to tty_register_device() then
    3298             :  * this function must be called when the tty device is gone.
    3299             :  *
    3300             :  * Locking: ??
    3301             :  */
    3302           0 : void tty_unregister_device(struct tty_driver *driver, unsigned index)
    3303             : {
    3304           0 :         device_destroy(&tty_class, MKDEV(driver->major, driver->minor_start) + index);
    3305           0 :         if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
    3306           0 :                 cdev_del(driver->cdevs[index]);
    3307           0 :                 driver->cdevs[index] = NULL;
    3308             :         }
    3309           0 : }
    3310             : EXPORT_SYMBOL(tty_unregister_device);
    3311             : 
    3312             : /**
    3313             :  * __tty_alloc_driver -- allocate tty driver
    3314             :  * @lines: count of lines this driver can handle at most
    3315             :  * @owner: module which is responsible for this driver
    3316             :  * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
    3317             :  *
    3318             :  * This should not be called directly, some of the provided macros should be
    3319             :  * used instead. Use IS_ERR() and friends on @retval.
    3320             :  */
    3321           5 : struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
    3322             :                 unsigned long flags)
    3323             : {
    3324             :         struct tty_driver *driver;
    3325           5 :         unsigned int cdevs = 1;
    3326             :         int err;
    3327             : 
    3328           5 :         if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
    3329             :                 return ERR_PTR(-EINVAL);
    3330             : 
    3331           5 :         driver = kzalloc(sizeof(*driver), GFP_KERNEL);
    3332           5 :         if (!driver)
    3333             :                 return ERR_PTR(-ENOMEM);
    3334             : 
    3335          10 :         kref_init(&driver->kref);
    3336           5 :         driver->num = lines;
    3337           5 :         driver->owner = owner;
    3338           5 :         driver->flags = flags;
    3339             : 
    3340           5 :         if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
    3341           6 :                 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
    3342             :                                 GFP_KERNEL);
    3343           6 :                 driver->termios = kcalloc(lines, sizeof(*driver->termios),
    3344             :                                 GFP_KERNEL);
    3345           3 :                 if (!driver->ttys || !driver->termios) {
    3346             :                         err = -ENOMEM;
    3347             :                         goto err_free_all;
    3348             :                 }
    3349             :         }
    3350             : 
    3351           5 :         if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
    3352           2 :                 driver->ports = kcalloc(lines, sizeof(*driver->ports),
    3353             :                                 GFP_KERNEL);
    3354           1 :                 if (!driver->ports) {
    3355             :                         err = -ENOMEM;
    3356             :                         goto err_free_all;
    3357             :                 }
    3358             :                 cdevs = lines;
    3359             :         }
    3360             : 
    3361          10 :         driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
    3362           5 :         if (!driver->cdevs) {
    3363             :                 err = -ENOMEM;
    3364             :                 goto err_free_all;
    3365             :         }
    3366             : 
    3367             :         return driver;
    3368             : err_free_all:
    3369           0 :         kfree(driver->ports);
    3370           0 :         kfree(driver->ttys);
    3371           0 :         kfree(driver->termios);
    3372           0 :         kfree(driver->cdevs);
    3373           0 :         kfree(driver);
    3374           0 :         return ERR_PTR(err);
    3375             : }
    3376             : EXPORT_SYMBOL(__tty_alloc_driver);
    3377             : 
    3378           0 : static void destruct_tty_driver(struct kref *kref)
    3379             : {
    3380           0 :         struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
    3381             :         int i;
    3382             :         struct ktermios *tp;
    3383             : 
    3384           0 :         if (driver->flags & TTY_DRIVER_INSTALLED) {
    3385           0 :                 for (i = 0; i < driver->num; i++) {
    3386           0 :                         tp = driver->termios[i];
    3387           0 :                         if (tp) {
    3388           0 :                                 driver->termios[i] = NULL;
    3389           0 :                                 kfree(tp);
    3390             :                         }
    3391           0 :                         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
    3392           0 :                                 tty_unregister_device(driver, i);
    3393             :                 }
    3394           0 :                 proc_tty_unregister_driver(driver);
    3395           0 :                 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
    3396           0 :                         cdev_del(driver->cdevs[0]);
    3397             :         }
    3398           0 :         kfree(driver->cdevs);
    3399           0 :         kfree(driver->ports);
    3400           0 :         kfree(driver->termios);
    3401           0 :         kfree(driver->ttys);
    3402           0 :         kfree(driver);
    3403           0 : }
    3404             : 
    3405             : /**
    3406             :  * tty_driver_kref_put -- drop a reference to a tty driver
    3407             :  * @driver: driver of which to drop the reference
    3408             :  *
    3409             :  * The final put will destroy and free up the driver.
    3410             :  */
    3411           0 : void tty_driver_kref_put(struct tty_driver *driver)
    3412             : {
    3413           0 :         kref_put(&driver->kref, destruct_tty_driver);
    3414           0 : }
    3415             : EXPORT_SYMBOL(tty_driver_kref_put);
    3416             : 
    3417             : /**
    3418             :  * tty_register_driver -- register a tty driver
    3419             :  * @driver: driver to register
    3420             :  *
    3421             :  * Called by a tty driver to register itself.
    3422             :  */
    3423           5 : int tty_register_driver(struct tty_driver *driver)
    3424             : {
    3425             :         int error;
    3426             :         int i;
    3427             :         dev_t dev;
    3428             :         struct device *d;
    3429             : 
    3430           5 :         if (!driver->major) {
    3431           0 :                 error = alloc_chrdev_region(&dev, driver->minor_start,
    3432             :                                                 driver->num, driver->name);
    3433           0 :                 if (!error) {
    3434           0 :                         driver->major = MAJOR(dev);
    3435           0 :                         driver->minor_start = MINOR(dev);
    3436             :                 }
    3437             :         } else {
    3438           5 :                 dev = MKDEV(driver->major, driver->minor_start);
    3439           5 :                 error = register_chrdev_region(dev, driver->num, driver->name);
    3440             :         }
    3441           5 :         if (error < 0)
    3442             :                 goto err;
    3443             : 
    3444           5 :         if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
    3445           4 :                 error = tty_cdev_add(driver, dev, 0, driver->num);
    3446           4 :                 if (error)
    3447             :                         goto err_unreg_char;
    3448             :         }
    3449             : 
    3450           5 :         mutex_lock(&tty_mutex);
    3451          10 :         list_add(&driver->tty_drivers, &tty_drivers);
    3452           5 :         mutex_unlock(&tty_mutex);
    3453             : 
    3454           5 :         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
    3455         512 :                 for (i = 0; i < driver->num; i++) {
    3456        1024 :                         d = tty_register_device(driver, i, NULL);
    3457         512 :                         if (IS_ERR(d)) {
    3458           0 :                                 error = PTR_ERR(d);
    3459             :                                 goto err_unreg_devs;
    3460             :                         }
    3461             :                 }
    3462             :         }
    3463           5 :         proc_tty_register_driver(driver);
    3464           5 :         driver->flags |= TTY_DRIVER_INSTALLED;
    3465           5 :         return 0;
    3466             : 
    3467             : err_unreg_devs:
    3468           0 :         for (i--; i >= 0; i--)
    3469           0 :                 tty_unregister_device(driver, i);
    3470             : 
    3471           0 :         mutex_lock(&tty_mutex);
    3472           0 :         list_del(&driver->tty_drivers);
    3473           0 :         mutex_unlock(&tty_mutex);
    3474             : 
    3475             : err_unreg_char:
    3476           0 :         unregister_chrdev_region(dev, driver->num);
    3477             : err:
    3478             :         return error;
    3479             : }
    3480             : EXPORT_SYMBOL(tty_register_driver);
    3481             : 
    3482             : /**
    3483             :  * tty_unregister_driver -- unregister a tty driver
    3484             :  * @driver: driver to unregister
    3485             :  *
    3486             :  * Called by a tty driver to unregister itself.
    3487             :  */
    3488           0 : void tty_unregister_driver(struct tty_driver *driver)
    3489             : {
    3490           0 :         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
    3491             :                                 driver->num);
    3492           0 :         mutex_lock(&tty_mutex);
    3493           0 :         list_del(&driver->tty_drivers);
    3494           0 :         mutex_unlock(&tty_mutex);
    3495           0 : }
    3496             : EXPORT_SYMBOL(tty_unregister_driver);
    3497             : 
    3498           0 : dev_t tty_devnum(struct tty_struct *tty)
    3499             : {
    3500           0 :         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
    3501             : }
    3502             : EXPORT_SYMBOL(tty_devnum);
    3503             : 
    3504           1 : void tty_default_fops(struct file_operations *fops)
    3505             : {
    3506           1 :         *fops = tty_fops;
    3507           1 : }
    3508             : 
    3509         516 : static char *tty_devnode(const struct device *dev, umode_t *mode)
    3510             : {
    3511         516 :         if (!mode)
    3512             :                 return NULL;
    3513         516 :         if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
    3514             :             dev->devt == MKDEV(TTYAUX_MAJOR, 2))
    3515           2 :                 *mode = 0666;
    3516             :         return NULL;
    3517             : }
    3518             : 
    3519             : const struct class tty_class = {
    3520             :         .name           = "tty",
    3521             :         .devnode        = tty_devnode,
    3522             : };
    3523             : 
    3524           1 : static int __init tty_class_init(void)
    3525             : {
    3526           1 :         return class_register(&tty_class);
    3527             : }
    3528             : 
    3529             : postcore_initcall(tty_class_init);
    3530             : 
    3531             : /* 3/2004 jmc: why do these devices exist? */
    3532             : static struct cdev tty_cdev, console_cdev;
    3533             : 
    3534           0 : static ssize_t show_cons_active(struct device *dev,
    3535             :                                 struct device_attribute *attr, char *buf)
    3536             : {
    3537             :         struct console *cs[16];
    3538           0 :         int i = 0;
    3539             :         struct console *c;
    3540           0 :         ssize_t count = 0;
    3541             : 
    3542             :         /*
    3543             :          * Hold the console_list_lock to guarantee that no consoles are
    3544             :          * unregistered until all console processing is complete.
    3545             :          * This also allows safe traversal of the console list and
    3546             :          * race-free reading of @flags.
    3547             :          */
    3548           0 :         console_list_lock();
    3549             : 
    3550           0 :         for_each_console(c) {
    3551           0 :                 if (!c->device)
    3552           0 :                         continue;
    3553           0 :                 if (!c->write)
    3554           0 :                         continue;
    3555           0 :                 if ((c->flags & CON_ENABLED) == 0)
    3556           0 :                         continue;
    3557           0 :                 cs[i++] = c;
    3558           0 :                 if (i >= ARRAY_SIZE(cs))
    3559             :                         break;
    3560             :         }
    3561             : 
    3562             :         /*
    3563             :          * Take console_lock to serialize device() callback with
    3564             :          * other console operations. For example, fg_console is
    3565             :          * modified under console_lock when switching vt.
    3566             :          */
    3567           0 :         console_lock();
    3568           0 :         while (i--) {
    3569           0 :                 int index = cs[i]->index;
    3570           0 :                 struct tty_driver *drv = cs[i]->device(cs[i], &index);
    3571             : 
    3572             :                 /* don't resolve tty0 as some programs depend on it */
    3573           0 :                 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
    3574           0 :                         count += tty_line_name(drv, index, buf + count);
    3575             :                 else
    3576           0 :                         count += sprintf(buf + count, "%s%d",
    3577           0 :                                          cs[i]->name, cs[i]->index);
    3578             : 
    3579           0 :                 count += sprintf(buf + count, "%c", i ? ' ':'\n');
    3580             :         }
    3581           0 :         console_unlock();
    3582             : 
    3583           0 :         console_list_unlock();
    3584             : 
    3585           0 :         return count;
    3586             : }
    3587             : static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
    3588             : 
    3589             : static struct attribute *cons_dev_attrs[] = {
    3590             :         &dev_attr_active.attr,
    3591             :         NULL
    3592             : };
    3593             : 
    3594             : ATTRIBUTE_GROUPS(cons_dev);
    3595             : 
    3596             : static struct device *consdev;
    3597             : 
    3598           2 : void console_sysfs_notify(void)
    3599             : {
    3600           2 :         if (consdev)
    3601           2 :                 sysfs_notify(&consdev->kobj, NULL, "active");
    3602           2 : }
    3603             : 
    3604             : static struct ctl_table tty_table[] = {
    3605             :         {
    3606             :                 .procname       = "legacy_tiocsti",
    3607             :                 .data           = &tty_legacy_tiocsti,
    3608             :                 .maxlen         = sizeof(tty_legacy_tiocsti),
    3609             :                 .mode           = 0644,
    3610             :                 .proc_handler   = proc_dobool,
    3611             :         },
    3612             :         {
    3613             :                 .procname       = "ldisc_autoload",
    3614             :                 .data           = &tty_ldisc_autoload,
    3615             :                 .maxlen         = sizeof(tty_ldisc_autoload),
    3616             :                 .mode           = 0644,
    3617             :                 .proc_handler   = proc_dointvec,
    3618             :                 .extra1         = SYSCTL_ZERO,
    3619             :                 .extra2         = SYSCTL_ONE,
    3620             :         },
    3621             :         { }
    3622             : };
    3623             : 
    3624             : /*
    3625             :  * Ok, now we can initialize the rest of the tty devices and can count
    3626             :  * on memory allocations, interrupts etc..
    3627             :  */
    3628           1 : int __init tty_init(void)
    3629             : {
    3630           1 :         register_sysctl_init("dev/tty", tty_table);
    3631           1 :         cdev_init(&tty_cdev, &tty_fops);
    3632           2 :         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
    3633           1 :             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
    3634           0 :                 panic("Couldn't register /dev/tty driver\n");
    3635           1 :         device_create(&tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
    3636             : 
    3637           1 :         cdev_init(&console_cdev, &console_fops);
    3638           2 :         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
    3639           1 :             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
    3640           0 :                 panic("Couldn't register /dev/console driver\n");
    3641           1 :         consdev = device_create_with_groups(&tty_class, NULL,
    3642             :                                             MKDEV(TTYAUX_MAJOR, 1), NULL,
    3643             :                                             cons_dev_groups, "console");
    3644           2 :         if (IS_ERR(consdev))
    3645           0 :                 consdev = NULL;
    3646             : 
    3647             : #ifdef CONFIG_VT
    3648             :         vty_init(&console_fops);
    3649             : #endif
    3650           1 :         return 0;
    3651             : }

Generated by: LCOV version 1.14