Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0
2 : /*
3 : * Copyright (C) 1991, 1992 Linus Torvalds
4 : */
5 :
6 : /*
7 : * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 : * or rs-channels. It also implements echoing, cooked mode etc.
9 : *
10 : * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 : *
12 : * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 : * tty_struct and tty_queue structures. Previously there was an array
14 : * of 256 tty_struct's which was statically allocated, and the
15 : * tty_queue structures were allocated at boot time. Both are now
16 : * dynamically allocated only when the tty is open.
17 : *
18 : * Also restructured routines so that there is more of a separation
19 : * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 : * the low-level tty routines (serial.c, pty.c, console.c). This
21 : * makes for cleaner and more compact code. -TYT, 9/17/92
22 : *
23 : * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 : * which can be dynamically activated and de-activated by the line
25 : * discipline handling modules (like SLIP).
26 : *
27 : * NOTE: pay no attention to the line discipline code (yet); its
28 : * interface is still subject to change in this version...
29 : * -- TYT, 1/31/92
30 : *
31 : * Added functionality to the OPOST tty handling. No delays, but all
32 : * other bits should be there.
33 : * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 : *
35 : * Rewrote canonical mode and added more termios flags.
36 : * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 : *
38 : * Reorganized FASYNC support so mouse code can share it.
39 : * -- ctm@ardi.com, 9Sep95
40 : *
41 : * New TIOCLINUX variants added.
42 : * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 : *
44 : * Restrict vt switching via ioctl()
45 : * -- grif@cs.ucr.edu, 5-Dec-95
46 : *
47 : * Move console and virtual terminal code to more appropriate files,
48 : * implement CONFIG_VT and generalize console device interface.
49 : * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 : *
51 : * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 : * -- Bill Hawes <whawes@star.net>, June 97
53 : *
54 : * Added devfs support.
55 : * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 : *
57 : * Added support for a Unix98-style ptmx device.
58 : * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 : *
60 : * Reduced memory usage for older ARM systems
61 : * -- Russell King <rmk@arm.linux.org.uk>
62 : *
63 : * Move do_SAK() into process context. Less stack use in devfs functions.
64 : * alloc_tty_struct() always uses kmalloc()
65 : * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 : */
67 :
68 : #include <linux/types.h>
69 : #include <linux/major.h>
70 : #include <linux/errno.h>
71 : #include <linux/signal.h>
72 : #include <linux/fcntl.h>
73 : #include <linux/sched/signal.h>
74 : #include <linux/sched/task.h>
75 : #include <linux/interrupt.h>
76 : #include <linux/tty.h>
77 : #include <linux/tty_driver.h>
78 : #include <linux/tty_flip.h>
79 : #include <linux/devpts_fs.h>
80 : #include <linux/file.h>
81 : #include <linux/fdtable.h>
82 : #include <linux/console.h>
83 : #include <linux/timer.h>
84 : #include <linux/ctype.h>
85 : #include <linux/kd.h>
86 : #include <linux/mm.h>
87 : #include <linux/string.h>
88 : #include <linux/slab.h>
89 : #include <linux/poll.h>
90 : #include <linux/ppp-ioctl.h>
91 : #include <linux/proc_fs.h>
92 : #include <linux/init.h>
93 : #include <linux/module.h>
94 : #include <linux/device.h>
95 : #include <linux/wait.h>
96 : #include <linux/bitops.h>
97 : #include <linux/delay.h>
98 : #include <linux/seq_file.h>
99 : #include <linux/serial.h>
100 : #include <linux/ratelimit.h>
101 : #include <linux/compat.h>
102 : #include <linux/uaccess.h>
103 : #include <linux/termios_internal.h>
104 :
105 : #include <linux/kbd_kern.h>
106 : #include <linux/vt_kern.h>
107 : #include <linux/selection.h>
108 :
109 : #include <linux/kmod.h>
110 : #include <linux/nsproxy.h>
111 : #include "tty.h"
112 :
113 : #undef TTY_DEBUG_HANGUP
114 : #ifdef TTY_DEBUG_HANGUP
115 : # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
116 : #else
117 : # define tty_debug_hangup(tty, f, args...) do { } while (0)
118 : #endif
119 :
120 : #define TTY_PARANOIA_CHECK 1
121 : #define CHECK_TTY_COUNT 1
122 :
123 : struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
124 : .c_iflag = ICRNL | IXON,
125 : .c_oflag = OPOST | ONLCR,
126 : .c_cflag = B38400 | CS8 | CREAD | HUPCL,
127 : .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
128 : ECHOCTL | ECHOKE | IEXTEN,
129 : .c_cc = INIT_C_CC,
130 : .c_ispeed = 38400,
131 : .c_ospeed = 38400,
132 : /* .c_line = N_TTY, */
133 : };
134 : EXPORT_SYMBOL(tty_std_termios);
135 :
136 : /* This list gets poked at by procfs and various bits of boot up code. This
137 : * could do with some rationalisation such as pulling the tty proc function
138 : * into this file.
139 : */
140 :
141 : LIST_HEAD(tty_drivers); /* linked list of tty drivers */
142 :
143 : /* Mutex to protect creating and releasing a tty */
144 : DEFINE_MUTEX(tty_mutex);
145 :
146 : static ssize_t tty_read(struct kiocb *, struct iov_iter *);
147 : static ssize_t tty_write(struct kiocb *, struct iov_iter *);
148 : static __poll_t tty_poll(struct file *, poll_table *);
149 : static int tty_open(struct inode *, struct file *);
150 : #ifdef CONFIG_COMPAT
151 : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
152 : unsigned long arg);
153 : #else
154 : #define tty_compat_ioctl NULL
155 : #endif
156 : static int __tty_fasync(int fd, struct file *filp, int on);
157 : static int tty_fasync(int fd, struct file *filp, int on);
158 : static void release_tty(struct tty_struct *tty, int idx);
159 :
160 : /**
161 : * free_tty_struct - free a disused tty
162 : * @tty: tty struct to free
163 : *
164 : * Free the write buffers, tty queue and tty memory itself.
165 : *
166 : * Locking: none. Must be called after tty is definitely unused
167 : */
168 0 : static void free_tty_struct(struct tty_struct *tty)
169 : {
170 0 : tty_ldisc_deinit(tty);
171 0 : put_device(tty->dev);
172 0 : kvfree(tty->write_buf);
173 0 : kfree(tty);
174 0 : }
175 :
176 : static inline struct tty_struct *file_tty(struct file *file)
177 : {
178 0 : return ((struct tty_file_private *)file->private_data)->tty;
179 : }
180 :
181 0 : int tty_alloc_file(struct file *file)
182 : {
183 : struct tty_file_private *priv;
184 :
185 0 : priv = kmalloc(sizeof(*priv), GFP_KERNEL);
186 0 : if (!priv)
187 : return -ENOMEM;
188 :
189 0 : file->private_data = priv;
190 :
191 0 : return 0;
192 : }
193 :
194 : /* Associate a new file with the tty structure */
195 0 : void tty_add_file(struct tty_struct *tty, struct file *file)
196 : {
197 0 : struct tty_file_private *priv = file->private_data;
198 :
199 0 : priv->tty = tty;
200 0 : priv->file = file;
201 :
202 0 : spin_lock(&tty->files_lock);
203 0 : list_add(&priv->list, &tty->tty_files);
204 0 : spin_unlock(&tty->files_lock);
205 0 : }
206 :
207 : /**
208 : * tty_free_file - free file->private_data
209 : * @file: to free private_data of
210 : *
211 : * This shall be used only for fail path handling when tty_add_file was not
212 : * called yet.
213 : */
214 0 : void tty_free_file(struct file *file)
215 : {
216 0 : struct tty_file_private *priv = file->private_data;
217 :
218 0 : file->private_data = NULL;
219 0 : kfree(priv);
220 0 : }
221 :
222 : /* Delete file from its tty */
223 0 : static void tty_del_file(struct file *file)
224 : {
225 0 : struct tty_file_private *priv = file->private_data;
226 0 : struct tty_struct *tty = priv->tty;
227 :
228 0 : spin_lock(&tty->files_lock);
229 0 : list_del(&priv->list);
230 0 : spin_unlock(&tty->files_lock);
231 0 : tty_free_file(file);
232 0 : }
233 :
234 : /**
235 : * tty_name - return tty naming
236 : * @tty: tty structure
237 : *
238 : * Convert a tty structure into a name. The name reflects the kernel naming
239 : * policy and if udev is in use may not reflect user space
240 : *
241 : * Locking: none
242 : */
243 0 : const char *tty_name(const struct tty_struct *tty)
244 : {
245 0 : if (!tty) /* Hmm. NULL pointer. That's fun. */
246 : return "NULL tty";
247 0 : return tty->name;
248 : }
249 : EXPORT_SYMBOL(tty_name);
250 :
251 0 : const char *tty_driver_name(const struct tty_struct *tty)
252 : {
253 0 : if (!tty || !tty->driver)
254 : return "";
255 0 : return tty->driver->name;
256 : }
257 :
258 : static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
259 : const char *routine)
260 : {
261 : #ifdef TTY_PARANOIA_CHECK
262 0 : if (!tty) {
263 0 : pr_warn("(%d:%d): %s: NULL tty\n",
264 : imajor(inode), iminor(inode), routine);
265 : return 1;
266 : }
267 : #endif
268 : return 0;
269 : }
270 :
271 : /* Caller must hold tty_lock */
272 0 : static int check_tty_count(struct tty_struct *tty, const char *routine)
273 : {
274 : #ifdef CHECK_TTY_COUNT
275 : struct list_head *p;
276 0 : int count = 0, kopen_count = 0;
277 :
278 0 : spin_lock(&tty->files_lock);
279 0 : list_for_each(p, &tty->tty_files) {
280 0 : count++;
281 : }
282 0 : spin_unlock(&tty->files_lock);
283 0 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
284 0 : tty->driver->subtype == PTY_TYPE_SLAVE &&
285 0 : tty->link && tty->link->count)
286 0 : count++;
287 0 : if (tty_port_kopened(tty->port))
288 0 : kopen_count++;
289 0 : if (tty->count != (count + kopen_count)) {
290 0 : tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
291 : routine, tty->count, count, kopen_count);
292 0 : return (count + kopen_count);
293 : }
294 : #endif
295 : return 0;
296 : }
297 :
298 : /**
299 : * get_tty_driver - find device of a tty
300 : * @device: device identifier
301 : * @index: returns the index of the tty
302 : *
303 : * This routine returns a tty driver structure, given a device number and also
304 : * passes back the index number.
305 : *
306 : * Locking: caller must hold tty_mutex
307 : */
308 0 : static struct tty_driver *get_tty_driver(dev_t device, int *index)
309 : {
310 : struct tty_driver *p;
311 :
312 0 : list_for_each_entry(p, &tty_drivers, tty_drivers) {
313 0 : dev_t base = MKDEV(p->major, p->minor_start);
314 :
315 0 : if (device < base || device >= base + p->num)
316 0 : continue;
317 0 : *index = device - base;
318 0 : return tty_driver_kref_get(p);
319 : }
320 : return NULL;
321 : }
322 :
323 : /**
324 : * tty_dev_name_to_number - return dev_t for device name
325 : * @name: user space name of device under /dev
326 : * @number: pointer to dev_t that this function will populate
327 : *
328 : * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
329 : * (4, 64) or (188, 1). If no corresponding driver is registered then the
330 : * function returns -%ENODEV.
331 : *
332 : * Locking: this acquires tty_mutex to protect the tty_drivers list from
333 : * being modified while we are traversing it, and makes sure to
334 : * release it before exiting.
335 : */
336 0 : int tty_dev_name_to_number(const char *name, dev_t *number)
337 : {
338 : struct tty_driver *p;
339 : int ret;
340 0 : int index, prefix_length = 0;
341 : const char *str;
342 :
343 0 : for (str = name; *str && !isdigit(*str); str++)
344 : ;
345 :
346 0 : if (!*str)
347 : return -EINVAL;
348 :
349 0 : ret = kstrtoint(str, 10, &index);
350 0 : if (ret)
351 : return ret;
352 :
353 0 : prefix_length = str - name;
354 0 : mutex_lock(&tty_mutex);
355 :
356 0 : list_for_each_entry(p, &tty_drivers, tty_drivers)
357 0 : if (prefix_length == strlen(p->name) && strncmp(name,
358 : p->name, prefix_length) == 0) {
359 0 : if (index < p->num) {
360 0 : *number = MKDEV(p->major, p->minor_start + index);
361 0 : goto out;
362 : }
363 : }
364 :
365 : /* if here then driver wasn't found */
366 : ret = -ENODEV;
367 : out:
368 0 : mutex_unlock(&tty_mutex);
369 0 : return ret;
370 : }
371 : EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
372 :
373 : #ifdef CONFIG_CONSOLE_POLL
374 :
375 : /**
376 : * tty_find_polling_driver - find device of a polled tty
377 : * @name: name string to match
378 : * @line: pointer to resulting tty line nr
379 : *
380 : * This routine returns a tty driver structure, given a name and the condition
381 : * that the tty driver is capable of polled operation.
382 : */
383 : struct tty_driver *tty_find_polling_driver(char *name, int *line)
384 : {
385 : struct tty_driver *p, *res = NULL;
386 : int tty_line = 0;
387 : int len;
388 : char *str, *stp;
389 :
390 : for (str = name; *str; str++)
391 : if ((*str >= '0' && *str <= '9') || *str == ',')
392 : break;
393 : if (!*str)
394 : return NULL;
395 :
396 : len = str - name;
397 : tty_line = simple_strtoul(str, &str, 10);
398 :
399 : mutex_lock(&tty_mutex);
400 : /* Search through the tty devices to look for a match */
401 : list_for_each_entry(p, &tty_drivers, tty_drivers) {
402 : if (!len || strncmp(name, p->name, len) != 0)
403 : continue;
404 : stp = str;
405 : if (*stp == ',')
406 : stp++;
407 : if (*stp == '\0')
408 : stp = NULL;
409 :
410 : if (tty_line >= 0 && tty_line < p->num && p->ops &&
411 : p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
412 : res = tty_driver_kref_get(p);
413 : *line = tty_line;
414 : break;
415 : }
416 : }
417 : mutex_unlock(&tty_mutex);
418 :
419 : return res;
420 : }
421 : EXPORT_SYMBOL_GPL(tty_find_polling_driver);
422 : #endif
423 :
424 0 : static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
425 : {
426 0 : return 0;
427 : }
428 :
429 0 : static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
430 : {
431 0 : return -EIO;
432 : }
433 :
434 : /* No kernel lock held - none needed ;) */
435 0 : static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
436 : {
437 0 : return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
438 : }
439 :
440 0 : static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
441 : unsigned long arg)
442 : {
443 0 : return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
444 : }
445 :
446 0 : static long hung_up_tty_compat_ioctl(struct file *file,
447 : unsigned int cmd, unsigned long arg)
448 : {
449 0 : return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
450 : }
451 :
452 0 : static int hung_up_tty_fasync(int fd, struct file *file, int on)
453 : {
454 0 : return -ENOTTY;
455 : }
456 :
457 0 : static void tty_show_fdinfo(struct seq_file *m, struct file *file)
458 : {
459 0 : struct tty_struct *tty = file_tty(file);
460 :
461 0 : if (tty && tty->ops && tty->ops->show_fdinfo)
462 0 : tty->ops->show_fdinfo(tty, m);
463 0 : }
464 :
465 : static const struct file_operations tty_fops = {
466 : .llseek = no_llseek,
467 : .read_iter = tty_read,
468 : .write_iter = tty_write,
469 : .splice_read = generic_file_splice_read,
470 : .splice_write = iter_file_splice_write,
471 : .poll = tty_poll,
472 : .unlocked_ioctl = tty_ioctl,
473 : .compat_ioctl = tty_compat_ioctl,
474 : .open = tty_open,
475 : .release = tty_release,
476 : .fasync = tty_fasync,
477 : .show_fdinfo = tty_show_fdinfo,
478 : };
479 :
480 : static const struct file_operations console_fops = {
481 : .llseek = no_llseek,
482 : .read_iter = tty_read,
483 : .write_iter = redirected_tty_write,
484 : .splice_read = generic_file_splice_read,
485 : .splice_write = iter_file_splice_write,
486 : .poll = tty_poll,
487 : .unlocked_ioctl = tty_ioctl,
488 : .compat_ioctl = tty_compat_ioctl,
489 : .open = tty_open,
490 : .release = tty_release,
491 : .fasync = tty_fasync,
492 : };
493 :
494 : static const struct file_operations hung_up_tty_fops = {
495 : .llseek = no_llseek,
496 : .read_iter = hung_up_tty_read,
497 : .write_iter = hung_up_tty_write,
498 : .poll = hung_up_tty_poll,
499 : .unlocked_ioctl = hung_up_tty_ioctl,
500 : .compat_ioctl = hung_up_tty_compat_ioctl,
501 : .release = tty_release,
502 : .fasync = hung_up_tty_fasync,
503 : };
504 :
505 : static DEFINE_SPINLOCK(redirect_lock);
506 : static struct file *redirect;
507 :
508 : /**
509 : * tty_wakeup - request more data
510 : * @tty: terminal
511 : *
512 : * Internal and external helper for wakeups of tty. This function informs the
513 : * line discipline if present that the driver is ready to receive more output
514 : * data.
515 : */
516 0 : void tty_wakeup(struct tty_struct *tty)
517 : {
518 : struct tty_ldisc *ld;
519 :
520 0 : if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
521 0 : ld = tty_ldisc_ref(tty);
522 0 : if (ld) {
523 0 : if (ld->ops->write_wakeup)
524 0 : ld->ops->write_wakeup(tty);
525 0 : tty_ldisc_deref(ld);
526 : }
527 : }
528 0 : wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
529 0 : }
530 : EXPORT_SYMBOL_GPL(tty_wakeup);
531 :
532 : /**
533 : * tty_release_redirect - Release a redirect on a pty if present
534 : * @tty: tty device
535 : *
536 : * This is available to the pty code so if the master closes, if the slave is a
537 : * redirect it can release the redirect.
538 : */
539 : static struct file *tty_release_redirect(struct tty_struct *tty)
540 : {
541 0 : struct file *f = NULL;
542 :
543 0 : spin_lock(&redirect_lock);
544 0 : if (redirect && file_tty(redirect) == tty) {
545 0 : f = redirect;
546 0 : redirect = NULL;
547 : }
548 0 : spin_unlock(&redirect_lock);
549 :
550 : return f;
551 : }
552 :
553 : /**
554 : * __tty_hangup - actual handler for hangup events
555 : * @tty: tty device
556 : * @exit_session: if non-zero, signal all foreground group processes
557 : *
558 : * This can be called by a "kworker" kernel thread. That is process synchronous
559 : * but doesn't hold any locks, so we need to make sure we have the appropriate
560 : * locks for what we're doing.
561 : *
562 : * The hangup event clears any pending redirections onto the hung up device. It
563 : * ensures future writes will error and it does the needed line discipline
564 : * hangup and signal delivery. The tty object itself remains intact.
565 : *
566 : * Locking:
567 : * * BTM
568 : *
569 : * * redirect lock for undoing redirection
570 : * * file list lock for manipulating list of ttys
571 : * * tty_ldiscs_lock from called functions
572 : * * termios_rwsem resetting termios data
573 : * * tasklist_lock to walk task list for hangup event
574 : *
575 : * * ->siglock to protect ->signal/->sighand
576 : *
577 : */
578 0 : static void __tty_hangup(struct tty_struct *tty, int exit_session)
579 : {
580 0 : struct file *cons_filp = NULL;
581 : struct file *filp, *f;
582 : struct tty_file_private *priv;
583 0 : int closecount = 0, n;
584 : int refs;
585 :
586 0 : if (!tty)
587 : return;
588 :
589 0 : f = tty_release_redirect(tty);
590 :
591 0 : tty_lock(tty);
592 :
593 0 : if (test_bit(TTY_HUPPED, &tty->flags)) {
594 0 : tty_unlock(tty);
595 0 : return;
596 : }
597 :
598 : /*
599 : * Some console devices aren't actually hung up for technical and
600 : * historical reasons, which can lead to indefinite interruptible
601 : * sleep in n_tty_read(). The following explicitly tells
602 : * n_tty_read() to abort readers.
603 : */
604 0 : set_bit(TTY_HUPPING, &tty->flags);
605 :
606 : /* inuse_filps is protected by the single tty lock,
607 : * this really needs to change if we want to flush the
608 : * workqueue with the lock held.
609 : */
610 0 : check_tty_count(tty, "tty_hangup");
611 :
612 0 : spin_lock(&tty->files_lock);
613 : /* This breaks for file handles being sent over AF_UNIX sockets ? */
614 0 : list_for_each_entry(priv, &tty->tty_files, list) {
615 0 : filp = priv->file;
616 0 : if (filp->f_op->write_iter == redirected_tty_write)
617 0 : cons_filp = filp;
618 0 : if (filp->f_op->write_iter != tty_write)
619 0 : continue;
620 0 : closecount++;
621 0 : __tty_fasync(-1, filp, 0); /* can't block */
622 0 : filp->f_op = &hung_up_tty_fops;
623 : }
624 0 : spin_unlock(&tty->files_lock);
625 :
626 0 : refs = tty_signal_session_leader(tty, exit_session);
627 : /* Account for the p->signal references we killed */
628 0 : while (refs--)
629 : tty_kref_put(tty);
630 :
631 0 : tty_ldisc_hangup(tty, cons_filp != NULL);
632 :
633 0 : spin_lock_irq(&tty->ctrl.lock);
634 0 : clear_bit(TTY_THROTTLED, &tty->flags);
635 0 : clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
636 0 : put_pid(tty->ctrl.session);
637 0 : put_pid(tty->ctrl.pgrp);
638 0 : tty->ctrl.session = NULL;
639 0 : tty->ctrl.pgrp = NULL;
640 0 : tty->ctrl.pktstatus = 0;
641 0 : spin_unlock_irq(&tty->ctrl.lock);
642 :
643 : /*
644 : * If one of the devices matches a console pointer, we
645 : * cannot just call hangup() because that will cause
646 : * tty->count and state->count to go out of sync.
647 : * So we just call close() the right number of times.
648 : */
649 0 : if (cons_filp) {
650 0 : if (tty->ops->close)
651 0 : for (n = 0; n < closecount; n++)
652 0 : tty->ops->close(tty, cons_filp);
653 0 : } else if (tty->ops->hangup)
654 0 : tty->ops->hangup(tty);
655 : /*
656 : * We don't want to have driver/ldisc interactions beyond the ones
657 : * we did here. The driver layer expects no calls after ->hangup()
658 : * from the ldisc side, which is now guaranteed.
659 : */
660 0 : set_bit(TTY_HUPPED, &tty->flags);
661 0 : clear_bit(TTY_HUPPING, &tty->flags);
662 0 : tty_unlock(tty);
663 :
664 0 : if (f)
665 0 : fput(f);
666 : }
667 :
668 0 : static void do_tty_hangup(struct work_struct *work)
669 : {
670 0 : struct tty_struct *tty =
671 0 : container_of(work, struct tty_struct, hangup_work);
672 :
673 0 : __tty_hangup(tty, 0);
674 0 : }
675 :
676 : /**
677 : * tty_hangup - trigger a hangup event
678 : * @tty: tty to hangup
679 : *
680 : * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
681 : * hangup sequence to run after this event.
682 : */
683 0 : void tty_hangup(struct tty_struct *tty)
684 : {
685 : tty_debug_hangup(tty, "hangup\n");
686 0 : schedule_work(&tty->hangup_work);
687 0 : }
688 : EXPORT_SYMBOL(tty_hangup);
689 :
690 : /**
691 : * tty_vhangup - process vhangup
692 : * @tty: tty to hangup
693 : *
694 : * The user has asked via system call for the terminal to be hung up. We do
695 : * this synchronously so that when the syscall returns the process is complete.
696 : * That guarantee is necessary for security reasons.
697 : */
698 0 : void tty_vhangup(struct tty_struct *tty)
699 : {
700 : tty_debug_hangup(tty, "vhangup\n");
701 0 : __tty_hangup(tty, 0);
702 0 : }
703 : EXPORT_SYMBOL(tty_vhangup);
704 :
705 :
706 : /**
707 : * tty_vhangup_self - process vhangup for own ctty
708 : *
709 : * Perform a vhangup on the current controlling tty
710 : */
711 0 : void tty_vhangup_self(void)
712 : {
713 : struct tty_struct *tty;
714 :
715 0 : tty = get_current_tty();
716 0 : if (tty) {
717 0 : tty_vhangup(tty);
718 : tty_kref_put(tty);
719 : }
720 0 : }
721 :
722 : /**
723 : * tty_vhangup_session - hangup session leader exit
724 : * @tty: tty to hangup
725 : *
726 : * The session leader is exiting and hanging up its controlling terminal.
727 : * Every process in the foreground process group is signalled %SIGHUP.
728 : *
729 : * We do this synchronously so that when the syscall returns the process is
730 : * complete. That guarantee is necessary for security reasons.
731 : */
732 0 : void tty_vhangup_session(struct tty_struct *tty)
733 : {
734 : tty_debug_hangup(tty, "session hangup\n");
735 0 : __tty_hangup(tty, 1);
736 0 : }
737 :
738 : /**
739 : * tty_hung_up_p - was tty hung up
740 : * @filp: file pointer of tty
741 : *
742 : * Return: true if the tty has been subject to a vhangup or a carrier loss
743 : */
744 0 : int tty_hung_up_p(struct file *filp)
745 : {
746 0 : return (filp && filp->f_op == &hung_up_tty_fops);
747 : }
748 : EXPORT_SYMBOL(tty_hung_up_p);
749 :
750 0 : void __stop_tty(struct tty_struct *tty)
751 : {
752 0 : if (tty->flow.stopped)
753 : return;
754 0 : tty->flow.stopped = true;
755 0 : if (tty->ops->stop)
756 0 : tty->ops->stop(tty);
757 : }
758 :
759 : /**
760 : * stop_tty - propagate flow control
761 : * @tty: tty to stop
762 : *
763 : * Perform flow control to the driver. May be called on an already stopped
764 : * device and will not re-call the &tty_driver->stop() method.
765 : *
766 : * This functionality is used by both the line disciplines for halting incoming
767 : * flow and by the driver. It may therefore be called from any context, may be
768 : * under the tty %atomic_write_lock but not always.
769 : *
770 : * Locking:
771 : * flow.lock
772 : */
773 0 : void stop_tty(struct tty_struct *tty)
774 : {
775 : unsigned long flags;
776 :
777 0 : spin_lock_irqsave(&tty->flow.lock, flags);
778 0 : __stop_tty(tty);
779 0 : spin_unlock_irqrestore(&tty->flow.lock, flags);
780 0 : }
781 : EXPORT_SYMBOL(stop_tty);
782 :
783 0 : void __start_tty(struct tty_struct *tty)
784 : {
785 0 : if (!tty->flow.stopped || tty->flow.tco_stopped)
786 : return;
787 0 : tty->flow.stopped = false;
788 0 : if (tty->ops->start)
789 0 : tty->ops->start(tty);
790 0 : tty_wakeup(tty);
791 : }
792 :
793 : /**
794 : * start_tty - propagate flow control
795 : * @tty: tty to start
796 : *
797 : * Start a tty that has been stopped if at all possible. If @tty was previously
798 : * stopped and is now being started, the &tty_driver->start() method is invoked
799 : * and the line discipline woken.
800 : *
801 : * Locking:
802 : * flow.lock
803 : */
804 0 : void start_tty(struct tty_struct *tty)
805 : {
806 : unsigned long flags;
807 :
808 0 : spin_lock_irqsave(&tty->flow.lock, flags);
809 0 : __start_tty(tty);
810 0 : spin_unlock_irqrestore(&tty->flow.lock, flags);
811 0 : }
812 : EXPORT_SYMBOL(start_tty);
813 :
814 : static void tty_update_time(struct timespec64 *time)
815 : {
816 0 : time64_t sec = ktime_get_real_seconds();
817 :
818 : /*
819 : * We only care if the two values differ in anything other than the
820 : * lower three bits (i.e every 8 seconds). If so, then we can update
821 : * the time of the tty device, otherwise it could be construded as a
822 : * security leak to let userspace know the exact timing of the tty.
823 : */
824 0 : if ((sec ^ time->tv_sec) & ~7)
825 0 : time->tv_sec = sec;
826 : }
827 :
828 : /*
829 : * Iterate on the ldisc ->read() function until we've gotten all
830 : * the data the ldisc has for us.
831 : *
832 : * The "cookie" is something that the ldisc read function can fill
833 : * in to let us know that there is more data to be had.
834 : *
835 : * We promise to continue to call the ldisc until it stops returning
836 : * data or clears the cookie. The cookie may be something that the
837 : * ldisc maintains state for and needs to free.
838 : */
839 0 : static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
840 : struct file *file, struct iov_iter *to)
841 : {
842 0 : int retval = 0;
843 0 : void *cookie = NULL;
844 0 : unsigned long offset = 0;
845 : char kernel_buf[64];
846 0 : size_t count = iov_iter_count(to);
847 :
848 : do {
849 : int size, copied;
850 :
851 0 : size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
852 0 : size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
853 0 : if (!size)
854 : break;
855 :
856 0 : if (size < 0) {
857 : /* Did we have an earlier error (ie -EFAULT)? */
858 0 : if (retval)
859 : break;
860 0 : retval = size;
861 :
862 : /*
863 : * -EOVERFLOW means we didn't have enough space
864 : * for a whole packet, and we shouldn't return
865 : * a partial result.
866 : */
867 0 : if (retval == -EOVERFLOW)
868 0 : offset = 0;
869 : break;
870 : }
871 :
872 0 : copied = copy_to_iter(kernel_buf, size, to);
873 0 : offset += copied;
874 0 : count -= copied;
875 :
876 : /*
877 : * If the user copy failed, we still need to do another ->read()
878 : * call if we had a cookie to let the ldisc clear up.
879 : *
880 : * But make sure size is zeroed.
881 : */
882 0 : if (unlikely(copied != size)) {
883 0 : count = 0;
884 0 : retval = -EFAULT;
885 : }
886 0 : } while (cookie);
887 :
888 : /* We always clear tty buffer in case they contained passwords */
889 0 : memzero_explicit(kernel_buf, sizeof(kernel_buf));
890 0 : return offset ? offset : retval;
891 : }
892 :
893 :
894 : /**
895 : * tty_read - read method for tty device files
896 : * @iocb: kernel I/O control block
897 : * @to: destination for the data read
898 : *
899 : * Perform the read system call function on this terminal device. Checks
900 : * for hung up devices before calling the line discipline method.
901 : *
902 : * Locking:
903 : * Locks the line discipline internally while needed. Multiple read calls
904 : * may be outstanding in parallel.
905 : */
906 0 : static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
907 : {
908 : int i;
909 0 : struct file *file = iocb->ki_filp;
910 0 : struct inode *inode = file_inode(file);
911 0 : struct tty_struct *tty = file_tty(file);
912 : struct tty_ldisc *ld;
913 :
914 0 : if (tty_paranoia_check(tty, inode, "tty_read"))
915 : return -EIO;
916 0 : if (!tty || tty_io_error(tty))
917 : return -EIO;
918 :
919 : /* We want to wait for the line discipline to sort out in this
920 : * situation.
921 : */
922 0 : ld = tty_ldisc_ref_wait(tty);
923 0 : if (!ld)
924 : return hung_up_tty_read(iocb, to);
925 0 : i = -EIO;
926 0 : if (ld->ops->read)
927 0 : i = iterate_tty_read(ld, tty, file, to);
928 0 : tty_ldisc_deref(ld);
929 :
930 0 : if (i > 0)
931 0 : tty_update_time(&inode->i_atime);
932 :
933 0 : return i;
934 : }
935 :
936 0 : static void tty_write_unlock(struct tty_struct *tty)
937 : {
938 0 : mutex_unlock(&tty->atomic_write_lock);
939 0 : wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
940 0 : }
941 :
942 0 : static int tty_write_lock(struct tty_struct *tty, int ndelay)
943 : {
944 0 : if (!mutex_trylock(&tty->atomic_write_lock)) {
945 0 : if (ndelay)
946 : return -EAGAIN;
947 0 : if (mutex_lock_interruptible(&tty->atomic_write_lock))
948 : return -ERESTARTSYS;
949 : }
950 : return 0;
951 : }
952 :
953 : /*
954 : * Split writes up in sane blocksizes to avoid
955 : * denial-of-service type attacks
956 : */
957 0 : static inline ssize_t do_tty_write(
958 : ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
959 : struct tty_struct *tty,
960 : struct file *file,
961 : struct iov_iter *from)
962 : {
963 0 : size_t count = iov_iter_count(from);
964 0 : ssize_t ret, written = 0;
965 : unsigned int chunk;
966 :
967 0 : ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
968 0 : if (ret < 0)
969 : return ret;
970 :
971 : /*
972 : * We chunk up writes into a temporary buffer. This
973 : * simplifies low-level drivers immensely, since they
974 : * don't have locking issues and user mode accesses.
975 : *
976 : * But if TTY_NO_WRITE_SPLIT is set, we should use a
977 : * big chunk-size..
978 : *
979 : * The default chunk-size is 2kB, because the NTTY
980 : * layer has problems with bigger chunks. It will
981 : * claim to be able to handle more characters than
982 : * it actually does.
983 : */
984 0 : chunk = 2048;
985 0 : if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
986 0 : chunk = 65536;
987 0 : if (count < chunk)
988 0 : chunk = count;
989 :
990 : /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
991 0 : if (tty->write_cnt < chunk) {
992 : unsigned char *buf_chunk;
993 :
994 0 : if (chunk < 1024)
995 0 : chunk = 1024;
996 :
997 0 : buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
998 0 : if (!buf_chunk) {
999 : ret = -ENOMEM;
1000 : goto out;
1001 : }
1002 0 : kvfree(tty->write_buf);
1003 0 : tty->write_cnt = chunk;
1004 0 : tty->write_buf = buf_chunk;
1005 : }
1006 :
1007 : /* Do the write .. */
1008 0 : for (;;) {
1009 0 : size_t size = count;
1010 :
1011 0 : if (size > chunk)
1012 0 : size = chunk;
1013 :
1014 0 : ret = -EFAULT;
1015 0 : if (copy_from_iter(tty->write_buf, size, from) != size)
1016 : break;
1017 :
1018 0 : ret = write(tty, file, tty->write_buf, size);
1019 0 : if (ret <= 0)
1020 : break;
1021 :
1022 0 : written += ret;
1023 0 : if (ret > size)
1024 : break;
1025 :
1026 : /* FIXME! Have Al check this! */
1027 0 : if (ret != size)
1028 0 : iov_iter_revert(from, size-ret);
1029 :
1030 0 : count -= ret;
1031 0 : if (!count)
1032 : break;
1033 0 : ret = -ERESTARTSYS;
1034 0 : if (signal_pending(current))
1035 : break;
1036 0 : cond_resched();
1037 : }
1038 0 : if (written) {
1039 0 : tty_update_time(&file_inode(file)->i_mtime);
1040 : ret = written;
1041 : }
1042 : out:
1043 0 : tty_write_unlock(tty);
1044 0 : return ret;
1045 : }
1046 :
1047 : /**
1048 : * tty_write_message - write a message to a certain tty, not just the console.
1049 : * @tty: the destination tty_struct
1050 : * @msg: the message to write
1051 : *
1052 : * This is used for messages that need to be redirected to a specific tty. We
1053 : * don't put it into the syslog queue right now maybe in the future if really
1054 : * needed.
1055 : *
1056 : * We must still hold the BTM and test the CLOSING flag for the moment.
1057 : */
1058 0 : void tty_write_message(struct tty_struct *tty, char *msg)
1059 : {
1060 0 : if (tty) {
1061 0 : mutex_lock(&tty->atomic_write_lock);
1062 0 : tty_lock(tty);
1063 0 : if (tty->ops->write && tty->count > 0)
1064 0 : tty->ops->write(tty, msg, strlen(msg));
1065 0 : tty_unlock(tty);
1066 0 : tty_write_unlock(tty);
1067 : }
1068 0 : }
1069 :
1070 0 : static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1071 : {
1072 0 : struct tty_struct *tty = file_tty(file);
1073 : struct tty_ldisc *ld;
1074 : ssize_t ret;
1075 :
1076 0 : if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1077 : return -EIO;
1078 0 : if (!tty || !tty->ops->write || tty_io_error(tty))
1079 : return -EIO;
1080 : /* Short term debug to catch buggy drivers */
1081 0 : if (tty->ops->write_room == NULL)
1082 0 : tty_err(tty, "missing write_room method\n");
1083 0 : ld = tty_ldisc_ref_wait(tty);
1084 0 : if (!ld)
1085 : return hung_up_tty_write(iocb, from);
1086 0 : if (!ld->ops->write)
1087 : ret = -EIO;
1088 : else
1089 0 : ret = do_tty_write(ld->ops->write, tty, file, from);
1090 0 : tty_ldisc_deref(ld);
1091 : return ret;
1092 : }
1093 :
1094 : /**
1095 : * tty_write - write method for tty device file
1096 : * @iocb: kernel I/O control block
1097 : * @from: iov_iter with data to write
1098 : *
1099 : * Write data to a tty device via the line discipline.
1100 : *
1101 : * Locking:
1102 : * Locks the line discipline as required
1103 : * Writes to the tty driver are serialized by the atomic_write_lock
1104 : * and are then processed in chunks to the device. The line
1105 : * discipline write method will not be invoked in parallel for
1106 : * each device.
1107 : */
1108 0 : static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1109 : {
1110 0 : return file_tty_write(iocb->ki_filp, iocb, from);
1111 : }
1112 :
1113 0 : ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1114 : {
1115 0 : struct file *p = NULL;
1116 :
1117 0 : spin_lock(&redirect_lock);
1118 0 : if (redirect)
1119 0 : p = get_file(redirect);
1120 0 : spin_unlock(&redirect_lock);
1121 :
1122 : /*
1123 : * We know the redirected tty is just another tty, we can
1124 : * call file_tty_write() directly with that file pointer.
1125 : */
1126 0 : if (p) {
1127 : ssize_t res;
1128 :
1129 0 : res = file_tty_write(p, iocb, iter);
1130 0 : fput(p);
1131 0 : return res;
1132 : }
1133 0 : return tty_write(iocb, iter);
1134 : }
1135 :
1136 : /**
1137 : * tty_send_xchar - send priority character
1138 : * @tty: the tty to send to
1139 : * @ch: xchar to send
1140 : *
1141 : * Send a high priority character to the tty even if stopped.
1142 : *
1143 : * Locking: none for xchar method, write ordering for write method.
1144 : */
1145 0 : int tty_send_xchar(struct tty_struct *tty, char ch)
1146 : {
1147 0 : bool was_stopped = tty->flow.stopped;
1148 :
1149 0 : if (tty->ops->send_xchar) {
1150 0 : down_read(&tty->termios_rwsem);
1151 0 : tty->ops->send_xchar(tty, ch);
1152 0 : up_read(&tty->termios_rwsem);
1153 0 : return 0;
1154 : }
1155 :
1156 0 : if (tty_write_lock(tty, 0) < 0)
1157 : return -ERESTARTSYS;
1158 :
1159 0 : down_read(&tty->termios_rwsem);
1160 0 : if (was_stopped)
1161 0 : start_tty(tty);
1162 0 : tty->ops->write(tty, &ch, 1);
1163 0 : if (was_stopped)
1164 0 : stop_tty(tty);
1165 0 : up_read(&tty->termios_rwsem);
1166 0 : tty_write_unlock(tty);
1167 0 : return 0;
1168 : }
1169 :
1170 : /**
1171 : * pty_line_name - generate name for a pty
1172 : * @driver: the tty driver in use
1173 : * @index: the minor number
1174 : * @p: output buffer of at least 6 bytes
1175 : *
1176 : * Generate a name from a @driver reference and write it to the output buffer
1177 : * @p.
1178 : *
1179 : * Locking: None
1180 : */
1181 : static void pty_line_name(struct tty_driver *driver, int index, char *p)
1182 : {
1183 : static const char ptychar[] = "pqrstuvwxyzabcde";
1184 512 : int i = index + driver->name_base;
1185 : /* ->name is initialized to "ttyp", but "tty" is expected */
1186 1024 : sprintf(p, "%s%c%x",
1187 : driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1188 512 : ptychar[i >> 4 & 0xf], i & 0xf);
1189 : }
1190 :
1191 : /**
1192 : * tty_line_name - generate name for a tty
1193 : * @driver: the tty driver in use
1194 : * @index: the minor number
1195 : * @p: output buffer of at least 7 bytes
1196 : *
1197 : * Generate a name from a @driver reference and write it to the output buffer
1198 : * @p.
1199 : *
1200 : * Locking: None
1201 : */
1202 1 : static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1203 : {
1204 1 : if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1205 0 : return sprintf(p, "%s", driver->name);
1206 : else
1207 1 : return sprintf(p, "%s%d", driver->name,
1208 1 : index + driver->name_base);
1209 : }
1210 :
1211 : /**
1212 : * tty_driver_lookup_tty() - find an existing tty, if any
1213 : * @driver: the driver for the tty
1214 : * @file: file object
1215 : * @idx: the minor number
1216 : *
1217 : * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1218 : * driver lookup() method returns an error.
1219 : *
1220 : * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1221 : */
1222 0 : static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1223 : struct file *file, int idx)
1224 : {
1225 : struct tty_struct *tty;
1226 :
1227 0 : if (driver->ops->lookup) {
1228 0 : if (!file)
1229 : tty = ERR_PTR(-EIO);
1230 : else
1231 0 : tty = driver->ops->lookup(driver, file, idx);
1232 : } else {
1233 0 : if (idx >= driver->num)
1234 : return ERR_PTR(-EINVAL);
1235 0 : tty = driver->ttys[idx];
1236 : }
1237 0 : if (!IS_ERR(tty))
1238 : tty_kref_get(tty);
1239 : return tty;
1240 : }
1241 :
1242 : /**
1243 : * tty_init_termios - helper for termios setup
1244 : * @tty: the tty to set up
1245 : *
1246 : * Initialise the termios structure for this tty. This runs under the
1247 : * %tty_mutex currently so we can be relaxed about ordering.
1248 : */
1249 0 : void tty_init_termios(struct tty_struct *tty)
1250 : {
1251 : struct ktermios *tp;
1252 0 : int idx = tty->index;
1253 :
1254 0 : if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1255 0 : tty->termios = tty->driver->init_termios;
1256 : else {
1257 : /* Check for lazy saved data */
1258 0 : tp = tty->driver->termios[idx];
1259 0 : if (tp != NULL) {
1260 0 : tty->termios = *tp;
1261 0 : tty->termios.c_line = tty->driver->init_termios.c_line;
1262 : } else
1263 0 : tty->termios = tty->driver->init_termios;
1264 : }
1265 : /* Compatibility until drivers always set this */
1266 0 : tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1267 0 : tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1268 0 : }
1269 : EXPORT_SYMBOL_GPL(tty_init_termios);
1270 :
1271 : /**
1272 : * tty_standard_install - usual tty->ops->install
1273 : * @driver: the driver for the tty
1274 : * @tty: the tty
1275 : *
1276 : * If the @driver overrides @tty->ops->install, it still can call this function
1277 : * to perform the standard install operations.
1278 : */
1279 0 : int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1280 : {
1281 0 : tty_init_termios(tty);
1282 0 : tty_driver_kref_get(driver);
1283 0 : tty->count++;
1284 0 : driver->ttys[tty->index] = tty;
1285 0 : return 0;
1286 : }
1287 : EXPORT_SYMBOL_GPL(tty_standard_install);
1288 :
1289 : /**
1290 : * tty_driver_install_tty() - install a tty entry in the driver
1291 : * @driver: the driver for the tty
1292 : * @tty: the tty
1293 : *
1294 : * Install a tty object into the driver tables. The @tty->index field will be
1295 : * set by the time this is called. This method is responsible for ensuring any
1296 : * need additional structures are allocated and configured.
1297 : *
1298 : * Locking: tty_mutex for now
1299 : */
1300 0 : static int tty_driver_install_tty(struct tty_driver *driver,
1301 : struct tty_struct *tty)
1302 : {
1303 0 : return driver->ops->install ? driver->ops->install(driver, tty) :
1304 : tty_standard_install(driver, tty);
1305 : }
1306 :
1307 : /**
1308 : * tty_driver_remove_tty() - remove a tty from the driver tables
1309 : * @driver: the driver for the tty
1310 : * @tty: tty to remove
1311 : *
1312 : * Remove a tty object from the driver tables. The tty->index field will be set
1313 : * by the time this is called.
1314 : *
1315 : * Locking: tty_mutex for now
1316 : */
1317 : static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1318 : {
1319 0 : if (driver->ops->remove)
1320 0 : driver->ops->remove(driver, tty);
1321 : else
1322 0 : driver->ttys[tty->index] = NULL;
1323 : }
1324 :
1325 : /**
1326 : * tty_reopen() - fast re-open of an open tty
1327 : * @tty: the tty to open
1328 : *
1329 : * Re-opens on master ptys are not allowed and return -%EIO.
1330 : *
1331 : * Locking: Caller must hold tty_lock
1332 : * Return: 0 on success, -errno on error.
1333 : */
1334 0 : static int tty_reopen(struct tty_struct *tty)
1335 : {
1336 0 : struct tty_driver *driver = tty->driver;
1337 : struct tty_ldisc *ld;
1338 0 : int retval = 0;
1339 :
1340 0 : if (driver->type == TTY_DRIVER_TYPE_PTY &&
1341 : driver->subtype == PTY_TYPE_MASTER)
1342 : return -EIO;
1343 :
1344 0 : if (!tty->count)
1345 : return -EAGAIN;
1346 :
1347 0 : if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1348 : return -EBUSY;
1349 :
1350 0 : ld = tty_ldisc_ref_wait(tty);
1351 0 : if (ld) {
1352 0 : tty_ldisc_deref(ld);
1353 : } else {
1354 0 : retval = tty_ldisc_lock(tty, 5 * HZ);
1355 0 : if (retval)
1356 : return retval;
1357 :
1358 0 : if (!tty->ldisc)
1359 0 : retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1360 0 : tty_ldisc_unlock(tty);
1361 : }
1362 :
1363 0 : if (retval == 0)
1364 0 : tty->count++;
1365 :
1366 : return retval;
1367 : }
1368 :
1369 : /**
1370 : * tty_init_dev - initialise a tty device
1371 : * @driver: tty driver we are opening a device on
1372 : * @idx: device index
1373 : *
1374 : * Prepare a tty device. This may not be a "new" clean device but could also be
1375 : * an active device. The pty drivers require special handling because of this.
1376 : *
1377 : * Locking:
1378 : * The function is called under the tty_mutex, which protects us from the
1379 : * tty struct or driver itself going away.
1380 : *
1381 : * On exit the tty device has the line discipline attached and a reference
1382 : * count of 1. If a pair was created for pty/tty use and the other was a pty
1383 : * master then it too has a reference count of 1.
1384 : *
1385 : * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1386 : * open. The new code protects the open with a mutex, so it's really quite
1387 : * straightforward. The mutex locking can probably be relaxed for the (most
1388 : * common) case of reopening a tty.
1389 : *
1390 : * Return: new tty structure
1391 : */
1392 0 : struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1393 : {
1394 : struct tty_struct *tty;
1395 : int retval;
1396 :
1397 : /*
1398 : * First time open is complex, especially for PTY devices.
1399 : * This code guarantees that either everything succeeds and the
1400 : * TTY is ready for operation, or else the table slots are vacated
1401 : * and the allocated memory released. (Except that the termios
1402 : * may be retained.)
1403 : */
1404 :
1405 0 : if (!try_module_get(driver->owner))
1406 : return ERR_PTR(-ENODEV);
1407 :
1408 0 : tty = alloc_tty_struct(driver, idx);
1409 0 : if (!tty) {
1410 : retval = -ENOMEM;
1411 : goto err_module_put;
1412 : }
1413 :
1414 0 : tty_lock(tty);
1415 0 : retval = tty_driver_install_tty(driver, tty);
1416 0 : if (retval < 0)
1417 : goto err_free_tty;
1418 :
1419 0 : if (!tty->port)
1420 0 : tty->port = driver->ports[idx];
1421 :
1422 0 : if (WARN_RATELIMIT(!tty->port,
1423 : "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1424 : __func__, tty->driver->name)) {
1425 : retval = -EINVAL;
1426 : goto err_release_lock;
1427 : }
1428 :
1429 0 : retval = tty_ldisc_lock(tty, 5 * HZ);
1430 0 : if (retval)
1431 : goto err_release_lock;
1432 0 : tty->port->itty = tty;
1433 :
1434 : /*
1435 : * Structures all installed ... call the ldisc open routines.
1436 : * If we fail here just call release_tty to clean up. No need
1437 : * to decrement the use counts, as release_tty doesn't care.
1438 : */
1439 0 : retval = tty_ldisc_setup(tty, tty->link);
1440 0 : if (retval)
1441 : goto err_release_tty;
1442 0 : tty_ldisc_unlock(tty);
1443 : /* Return the tty locked so that it cannot vanish under the caller */
1444 0 : return tty;
1445 :
1446 : err_free_tty:
1447 0 : tty_unlock(tty);
1448 0 : free_tty_struct(tty);
1449 : err_module_put:
1450 0 : module_put(driver->owner);
1451 0 : return ERR_PTR(retval);
1452 :
1453 : /* call the tty release_tty routine to clean out this slot */
1454 : err_release_tty:
1455 0 : tty_ldisc_unlock(tty);
1456 0 : tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1457 : retval, idx);
1458 : err_release_lock:
1459 0 : tty_unlock(tty);
1460 0 : release_tty(tty, idx);
1461 0 : return ERR_PTR(retval);
1462 : }
1463 :
1464 : /**
1465 : * tty_save_termios() - save tty termios data in driver table
1466 : * @tty: tty whose termios data to save
1467 : *
1468 : * Locking: Caller guarantees serialisation with tty_init_termios().
1469 : */
1470 0 : void tty_save_termios(struct tty_struct *tty)
1471 : {
1472 : struct ktermios *tp;
1473 0 : int idx = tty->index;
1474 :
1475 : /* If the port is going to reset then it has no termios to save */
1476 0 : if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1477 : return;
1478 :
1479 : /* Stash the termios data */
1480 0 : tp = tty->driver->termios[idx];
1481 0 : if (tp == NULL) {
1482 0 : tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1483 0 : if (tp == NULL)
1484 : return;
1485 0 : tty->driver->termios[idx] = tp;
1486 : }
1487 0 : *tp = tty->termios;
1488 : }
1489 : EXPORT_SYMBOL_GPL(tty_save_termios);
1490 :
1491 : /**
1492 : * tty_flush_works - flush all works of a tty/pty pair
1493 : * @tty: tty device to flush works for (or either end of a pty pair)
1494 : *
1495 : * Sync flush all works belonging to @tty (and the 'other' tty).
1496 : */
1497 0 : static void tty_flush_works(struct tty_struct *tty)
1498 : {
1499 0 : flush_work(&tty->SAK_work);
1500 0 : flush_work(&tty->hangup_work);
1501 0 : if (tty->link) {
1502 0 : flush_work(&tty->link->SAK_work);
1503 0 : flush_work(&tty->link->hangup_work);
1504 : }
1505 0 : }
1506 :
1507 : /**
1508 : * release_one_tty - release tty structure memory
1509 : * @work: work of tty we are obliterating
1510 : *
1511 : * Releases memory associated with a tty structure, and clears out the
1512 : * driver table slots. This function is called when a device is no longer
1513 : * in use. It also gets called when setup of a device fails.
1514 : *
1515 : * Locking:
1516 : * takes the file list lock internally when working on the list of ttys
1517 : * that the driver keeps.
1518 : *
1519 : * This method gets called from a work queue so that the driver private
1520 : * cleanup ops can sleep (needed for USB at least)
1521 : */
1522 0 : static void release_one_tty(struct work_struct *work)
1523 : {
1524 0 : struct tty_struct *tty =
1525 0 : container_of(work, struct tty_struct, hangup_work);
1526 0 : struct tty_driver *driver = tty->driver;
1527 0 : struct module *owner = driver->owner;
1528 :
1529 0 : if (tty->ops->cleanup)
1530 0 : tty->ops->cleanup(tty);
1531 :
1532 0 : tty_driver_kref_put(driver);
1533 0 : module_put(owner);
1534 :
1535 0 : spin_lock(&tty->files_lock);
1536 0 : list_del_init(&tty->tty_files);
1537 0 : spin_unlock(&tty->files_lock);
1538 :
1539 0 : put_pid(tty->ctrl.pgrp);
1540 0 : put_pid(tty->ctrl.session);
1541 0 : free_tty_struct(tty);
1542 0 : }
1543 :
1544 0 : static void queue_release_one_tty(struct kref *kref)
1545 : {
1546 0 : struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1547 :
1548 : /* The hangup queue is now free so we can reuse it rather than
1549 : * waste a chunk of memory for each port.
1550 : */
1551 0 : INIT_WORK(&tty->hangup_work, release_one_tty);
1552 0 : schedule_work(&tty->hangup_work);
1553 0 : }
1554 :
1555 : /**
1556 : * tty_kref_put - release a tty kref
1557 : * @tty: tty device
1558 : *
1559 : * Release a reference to the @tty device and if need be let the kref layer
1560 : * destruct the object for us.
1561 : */
1562 333 : void tty_kref_put(struct tty_struct *tty)
1563 : {
1564 333 : if (tty)
1565 0 : kref_put(&tty->kref, queue_release_one_tty);
1566 333 : }
1567 : EXPORT_SYMBOL(tty_kref_put);
1568 :
1569 : /**
1570 : * release_tty - release tty structure memory
1571 : * @tty: tty device release
1572 : * @idx: index of the tty device release
1573 : *
1574 : * Release both @tty and a possible linked partner (think pty pair),
1575 : * and decrement the refcount of the backing module.
1576 : *
1577 : * Locking:
1578 : * tty_mutex
1579 : * takes the file list lock internally when working on the list of ttys
1580 : * that the driver keeps.
1581 : */
1582 0 : static void release_tty(struct tty_struct *tty, int idx)
1583 : {
1584 : /* This should always be true but check for the moment */
1585 0 : WARN_ON(tty->index != idx);
1586 0 : WARN_ON(!mutex_is_locked(&tty_mutex));
1587 0 : if (tty->ops->shutdown)
1588 0 : tty->ops->shutdown(tty);
1589 0 : tty_save_termios(tty);
1590 0 : tty_driver_remove_tty(tty->driver, tty);
1591 0 : if (tty->port)
1592 0 : tty->port->itty = NULL;
1593 0 : if (tty->link)
1594 0 : tty->link->port->itty = NULL;
1595 0 : if (tty->port)
1596 0 : tty_buffer_cancel_work(tty->port);
1597 0 : if (tty->link)
1598 0 : tty_buffer_cancel_work(tty->link->port);
1599 :
1600 0 : tty_kref_put(tty->link);
1601 0 : tty_kref_put(tty);
1602 0 : }
1603 :
1604 : /**
1605 : * tty_release_checks - check a tty before real release
1606 : * @tty: tty to check
1607 : * @idx: index of the tty
1608 : *
1609 : * Performs some paranoid checking before true release of the @tty. This is a
1610 : * no-op unless %TTY_PARANOIA_CHECK is defined.
1611 : */
1612 0 : static int tty_release_checks(struct tty_struct *tty, int idx)
1613 : {
1614 : #ifdef TTY_PARANOIA_CHECK
1615 0 : if (idx < 0 || idx >= tty->driver->num) {
1616 : tty_debug(tty, "bad idx %d\n", idx);
1617 : return -1;
1618 : }
1619 :
1620 : /* not much to check for devpts */
1621 0 : if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1622 : return 0;
1623 :
1624 0 : if (tty != tty->driver->ttys[idx]) {
1625 : tty_debug(tty, "bad driver table[%d] = %p\n",
1626 : idx, tty->driver->ttys[idx]);
1627 : return -1;
1628 : }
1629 0 : if (tty->driver->other) {
1630 0 : struct tty_struct *o_tty = tty->link;
1631 :
1632 0 : if (o_tty != tty->driver->other->ttys[idx]) {
1633 : tty_debug(tty, "bad other table[%d] = %p\n",
1634 : idx, tty->driver->other->ttys[idx]);
1635 : return -1;
1636 : }
1637 0 : if (o_tty->link != tty) {
1638 : tty_debug(tty, "bad link = %p\n", o_tty->link);
1639 : return -1;
1640 : }
1641 : }
1642 : #endif
1643 0 : return 0;
1644 : }
1645 :
1646 : /**
1647 : * tty_kclose - closes tty opened by tty_kopen
1648 : * @tty: tty device
1649 : *
1650 : * Performs the final steps to release and free a tty device. It is the same as
1651 : * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1652 : * @tty->port.
1653 : */
1654 0 : void tty_kclose(struct tty_struct *tty)
1655 : {
1656 : /*
1657 : * Ask the line discipline code to release its structures
1658 : */
1659 0 : tty_ldisc_release(tty);
1660 :
1661 : /* Wait for pending work before tty destruction commences */
1662 0 : tty_flush_works(tty);
1663 :
1664 : tty_debug_hangup(tty, "freeing structure\n");
1665 : /*
1666 : * The release_tty function takes care of the details of clearing
1667 : * the slots and preserving the termios structure.
1668 : */
1669 0 : mutex_lock(&tty_mutex);
1670 0 : tty_port_set_kopened(tty->port, 0);
1671 0 : release_tty(tty, tty->index);
1672 0 : mutex_unlock(&tty_mutex);
1673 0 : }
1674 : EXPORT_SYMBOL_GPL(tty_kclose);
1675 :
1676 : /**
1677 : * tty_release_struct - release a tty struct
1678 : * @tty: tty device
1679 : * @idx: index of the tty
1680 : *
1681 : * Performs the final steps to release and free a tty device. It is roughly the
1682 : * reverse of tty_init_dev().
1683 : */
1684 0 : void tty_release_struct(struct tty_struct *tty, int idx)
1685 : {
1686 : /*
1687 : * Ask the line discipline code to release its structures
1688 : */
1689 0 : tty_ldisc_release(tty);
1690 :
1691 : /* Wait for pending work before tty destruction commmences */
1692 0 : tty_flush_works(tty);
1693 :
1694 : tty_debug_hangup(tty, "freeing structure\n");
1695 : /*
1696 : * The release_tty function takes care of the details of clearing
1697 : * the slots and preserving the termios structure.
1698 : */
1699 0 : mutex_lock(&tty_mutex);
1700 0 : release_tty(tty, idx);
1701 0 : mutex_unlock(&tty_mutex);
1702 0 : }
1703 : EXPORT_SYMBOL_GPL(tty_release_struct);
1704 :
1705 : /**
1706 : * tty_release - vfs callback for close
1707 : * @inode: inode of tty
1708 : * @filp: file pointer for handle to tty
1709 : *
1710 : * Called the last time each file handle is closed that references this tty.
1711 : * There may however be several such references.
1712 : *
1713 : * Locking:
1714 : * Takes BKL. See tty_release_dev().
1715 : *
1716 : * Even releasing the tty structures is a tricky business. We have to be very
1717 : * careful that the structures are all released at the same time, as interrupts
1718 : * might otherwise get the wrong pointers.
1719 : *
1720 : * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1721 : * lead to double frees or releasing memory still in use.
1722 : */
1723 0 : int tty_release(struct inode *inode, struct file *filp)
1724 : {
1725 0 : struct tty_struct *tty = file_tty(filp);
1726 0 : struct tty_struct *o_tty = NULL;
1727 : int do_sleep, final;
1728 : int idx;
1729 0 : long timeout = 0;
1730 0 : int once = 1;
1731 :
1732 0 : if (tty_paranoia_check(tty, inode, __func__))
1733 : return 0;
1734 :
1735 0 : tty_lock(tty);
1736 0 : check_tty_count(tty, __func__);
1737 :
1738 0 : __tty_fasync(-1, filp, 0);
1739 :
1740 0 : idx = tty->index;
1741 0 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1742 : tty->driver->subtype == PTY_TYPE_MASTER)
1743 0 : o_tty = tty->link;
1744 :
1745 0 : if (tty_release_checks(tty, idx)) {
1746 0 : tty_unlock(tty);
1747 0 : return 0;
1748 : }
1749 :
1750 : tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1751 :
1752 0 : if (tty->ops->close)
1753 0 : tty->ops->close(tty, filp);
1754 :
1755 : /* If tty is pty master, lock the slave pty (stable lock order) */
1756 0 : tty_lock_slave(o_tty);
1757 :
1758 : /*
1759 : * Sanity check: if tty->count is going to zero, there shouldn't be
1760 : * any waiters on tty->read_wait or tty->write_wait. We test the
1761 : * wait queues and kick everyone out _before_ actually starting to
1762 : * close. This ensures that we won't block while releasing the tty
1763 : * structure.
1764 : *
1765 : * The test for the o_tty closing is necessary, since the master and
1766 : * slave sides may close in any order. If the slave side closes out
1767 : * first, its count will be one, since the master side holds an open.
1768 : * Thus this test wouldn't be triggered at the time the slave closed,
1769 : * so we do it now.
1770 : */
1771 : while (1) {
1772 0 : do_sleep = 0;
1773 :
1774 0 : if (tty->count <= 1) {
1775 0 : if (waitqueue_active(&tty->read_wait)) {
1776 0 : wake_up_poll(&tty->read_wait, EPOLLIN);
1777 0 : do_sleep++;
1778 : }
1779 0 : if (waitqueue_active(&tty->write_wait)) {
1780 0 : wake_up_poll(&tty->write_wait, EPOLLOUT);
1781 0 : do_sleep++;
1782 : }
1783 : }
1784 0 : if (o_tty && o_tty->count <= 1) {
1785 0 : if (waitqueue_active(&o_tty->read_wait)) {
1786 0 : wake_up_poll(&o_tty->read_wait, EPOLLIN);
1787 0 : do_sleep++;
1788 : }
1789 0 : if (waitqueue_active(&o_tty->write_wait)) {
1790 0 : wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1791 0 : do_sleep++;
1792 : }
1793 : }
1794 0 : if (!do_sleep)
1795 : break;
1796 :
1797 0 : if (once) {
1798 0 : once = 0;
1799 0 : tty_warn(tty, "read/write wait queue active!\n");
1800 : }
1801 0 : schedule_timeout_killable(timeout);
1802 0 : if (timeout < 120 * HZ)
1803 0 : timeout = 2 * timeout + 1;
1804 : else
1805 : timeout = MAX_SCHEDULE_TIMEOUT;
1806 : }
1807 :
1808 0 : if (o_tty) {
1809 0 : if (--o_tty->count < 0) {
1810 0 : tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1811 0 : o_tty->count = 0;
1812 : }
1813 : }
1814 0 : if (--tty->count < 0) {
1815 0 : tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1816 0 : tty->count = 0;
1817 : }
1818 :
1819 : /*
1820 : * We've decremented tty->count, so we need to remove this file
1821 : * descriptor off the tty->tty_files list; this serves two
1822 : * purposes:
1823 : * - check_tty_count sees the correct number of file descriptors
1824 : * associated with this tty.
1825 : * - do_tty_hangup no longer sees this file descriptor as
1826 : * something that needs to be handled for hangups.
1827 : */
1828 0 : tty_del_file(filp);
1829 :
1830 : /*
1831 : * Perform some housekeeping before deciding whether to return.
1832 : *
1833 : * If _either_ side is closing, make sure there aren't any
1834 : * processes that still think tty or o_tty is their controlling
1835 : * tty.
1836 : */
1837 0 : if (!tty->count) {
1838 0 : read_lock(&tasklist_lock);
1839 0 : session_clear_tty(tty->ctrl.session);
1840 0 : if (o_tty)
1841 0 : session_clear_tty(o_tty->ctrl.session);
1842 0 : read_unlock(&tasklist_lock);
1843 : }
1844 :
1845 : /* check whether both sides are closing ... */
1846 0 : final = !tty->count && !(o_tty && o_tty->count);
1847 :
1848 0 : tty_unlock_slave(o_tty);
1849 0 : tty_unlock(tty);
1850 :
1851 : /* At this point, the tty->count == 0 should ensure a dead tty
1852 : * cannot be re-opened by a racing opener.
1853 : */
1854 :
1855 0 : if (!final)
1856 : return 0;
1857 :
1858 : tty_debug_hangup(tty, "final close\n");
1859 :
1860 0 : tty_release_struct(tty, idx);
1861 0 : return 0;
1862 : }
1863 :
1864 : /**
1865 : * tty_open_current_tty - get locked tty of current task
1866 : * @device: device number
1867 : * @filp: file pointer to tty
1868 : * @return: locked tty of the current task iff @device is /dev/tty
1869 : *
1870 : * Performs a re-open of the current task's controlling tty.
1871 : *
1872 : * We cannot return driver and index like for the other nodes because devpts
1873 : * will not work then. It expects inodes to be from devpts FS.
1874 : */
1875 0 : static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1876 : {
1877 : struct tty_struct *tty;
1878 : int retval;
1879 :
1880 0 : if (device != MKDEV(TTYAUX_MAJOR, 0))
1881 : return NULL;
1882 :
1883 0 : tty = get_current_tty();
1884 0 : if (!tty)
1885 : return ERR_PTR(-ENXIO);
1886 :
1887 0 : filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1888 : /* noctty = 1; */
1889 0 : tty_lock(tty);
1890 0 : tty_kref_put(tty); /* safe to drop the kref now */
1891 :
1892 0 : retval = tty_reopen(tty);
1893 0 : if (retval < 0) {
1894 0 : tty_unlock(tty);
1895 0 : tty = ERR_PTR(retval);
1896 : }
1897 : return tty;
1898 : }
1899 :
1900 : /**
1901 : * tty_lookup_driver - lookup a tty driver for a given device file
1902 : * @device: device number
1903 : * @filp: file pointer to tty
1904 : * @index: index for the device in the @return driver
1905 : *
1906 : * If returned value is not erroneous, the caller is responsible to decrement
1907 : * the refcount by tty_driver_kref_put().
1908 : *
1909 : * Locking: %tty_mutex protects get_tty_driver()
1910 : *
1911 : * Return: driver for this inode (with increased refcount)
1912 : */
1913 0 : static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1914 : int *index)
1915 : {
1916 0 : struct tty_driver *driver = NULL;
1917 :
1918 0 : switch (device) {
1919 : #ifdef CONFIG_VT
1920 : case MKDEV(TTY_MAJOR, 0): {
1921 : extern struct tty_driver *console_driver;
1922 :
1923 : driver = tty_driver_kref_get(console_driver);
1924 : *index = fg_console;
1925 : break;
1926 : }
1927 : #endif
1928 : case MKDEV(TTYAUX_MAJOR, 1): {
1929 0 : struct tty_driver *console_driver = console_device(index);
1930 :
1931 0 : if (console_driver) {
1932 0 : driver = tty_driver_kref_get(console_driver);
1933 0 : if (driver && filp) {
1934 : /* Don't let /dev/console block */
1935 0 : filp->f_flags |= O_NONBLOCK;
1936 0 : break;
1937 : }
1938 : }
1939 0 : if (driver)
1940 : tty_driver_kref_put(driver);
1941 : return ERR_PTR(-ENODEV);
1942 : }
1943 : default:
1944 0 : driver = get_tty_driver(device, index);
1945 0 : if (!driver)
1946 : return ERR_PTR(-ENODEV);
1947 : break;
1948 : }
1949 : return driver;
1950 : }
1951 :
1952 0 : static struct tty_struct *tty_kopen(dev_t device, int shared)
1953 : {
1954 : struct tty_struct *tty;
1955 : struct tty_driver *driver;
1956 0 : int index = -1;
1957 :
1958 0 : mutex_lock(&tty_mutex);
1959 0 : driver = tty_lookup_driver(device, NULL, &index);
1960 0 : if (IS_ERR(driver)) {
1961 0 : mutex_unlock(&tty_mutex);
1962 0 : return ERR_CAST(driver);
1963 : }
1964 :
1965 : /* check whether we're reopening an existing tty */
1966 0 : tty = tty_driver_lookup_tty(driver, NULL, index);
1967 0 : if (IS_ERR(tty) || shared)
1968 : goto out;
1969 :
1970 0 : if (tty) {
1971 : /* drop kref from tty_driver_lookup_tty() */
1972 0 : tty_kref_put(tty);
1973 0 : tty = ERR_PTR(-EBUSY);
1974 : } else { /* tty_init_dev returns tty with the tty_lock held */
1975 0 : tty = tty_init_dev(driver, index);
1976 0 : if (IS_ERR(tty))
1977 : goto out;
1978 0 : tty_port_set_kopened(tty->port, 1);
1979 : }
1980 : out:
1981 0 : mutex_unlock(&tty_mutex);
1982 0 : tty_driver_kref_put(driver);
1983 0 : return tty;
1984 : }
1985 :
1986 : /**
1987 : * tty_kopen_exclusive - open a tty device for kernel
1988 : * @device: dev_t of device to open
1989 : *
1990 : * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
1991 : * it's not already opened and performs the first-time tty initialization.
1992 : *
1993 : * Claims the global %tty_mutex to serialize:
1994 : * * concurrent first-time tty initialization
1995 : * * concurrent tty driver removal w/ lookup
1996 : * * concurrent tty removal from driver table
1997 : *
1998 : * Return: the locked initialized &tty_struct
1999 : */
2000 0 : struct tty_struct *tty_kopen_exclusive(dev_t device)
2001 : {
2002 0 : return tty_kopen(device, 0);
2003 : }
2004 : EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2005 :
2006 : /**
2007 : * tty_kopen_shared - open a tty device for shared in-kernel use
2008 : * @device: dev_t of device to open
2009 : *
2010 : * Opens an already existing tty for in-kernel use. Compared to
2011 : * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2012 : *
2013 : * Locking: identical to tty_kopen() above.
2014 : */
2015 0 : struct tty_struct *tty_kopen_shared(dev_t device)
2016 : {
2017 0 : return tty_kopen(device, 1);
2018 : }
2019 : EXPORT_SYMBOL_GPL(tty_kopen_shared);
2020 :
2021 : /**
2022 : * tty_open_by_driver - open a tty device
2023 : * @device: dev_t of device to open
2024 : * @filp: file pointer to tty
2025 : *
2026 : * Performs the driver lookup, checks for a reopen, or otherwise performs the
2027 : * first-time tty initialization.
2028 : *
2029 : *
2030 : * Claims the global tty_mutex to serialize:
2031 : * * concurrent first-time tty initialization
2032 : * * concurrent tty driver removal w/ lookup
2033 : * * concurrent tty removal from driver table
2034 : *
2035 : * Return: the locked initialized or re-opened &tty_struct
2036 : */
2037 0 : static struct tty_struct *tty_open_by_driver(dev_t device,
2038 : struct file *filp)
2039 : {
2040 : struct tty_struct *tty;
2041 0 : struct tty_driver *driver = NULL;
2042 0 : int index = -1;
2043 : int retval;
2044 :
2045 0 : mutex_lock(&tty_mutex);
2046 0 : driver = tty_lookup_driver(device, filp, &index);
2047 0 : if (IS_ERR(driver)) {
2048 0 : mutex_unlock(&tty_mutex);
2049 0 : return ERR_CAST(driver);
2050 : }
2051 :
2052 : /* check whether we're reopening an existing tty */
2053 0 : tty = tty_driver_lookup_tty(driver, filp, index);
2054 0 : if (IS_ERR(tty)) {
2055 0 : mutex_unlock(&tty_mutex);
2056 0 : goto out;
2057 : }
2058 :
2059 0 : if (tty) {
2060 0 : if (tty_port_kopened(tty->port)) {
2061 0 : tty_kref_put(tty);
2062 0 : mutex_unlock(&tty_mutex);
2063 0 : tty = ERR_PTR(-EBUSY);
2064 0 : goto out;
2065 : }
2066 0 : mutex_unlock(&tty_mutex);
2067 0 : retval = tty_lock_interruptible(tty);
2068 0 : tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2069 0 : if (retval) {
2070 0 : if (retval == -EINTR)
2071 0 : retval = -ERESTARTSYS;
2072 0 : tty = ERR_PTR(retval);
2073 0 : goto out;
2074 : }
2075 0 : retval = tty_reopen(tty);
2076 0 : if (retval < 0) {
2077 0 : tty_unlock(tty);
2078 0 : tty = ERR_PTR(retval);
2079 : }
2080 : } else { /* Returns with the tty_lock held for now */
2081 0 : tty = tty_init_dev(driver, index);
2082 0 : mutex_unlock(&tty_mutex);
2083 : }
2084 : out:
2085 0 : tty_driver_kref_put(driver);
2086 0 : return tty;
2087 : }
2088 :
2089 : /**
2090 : * tty_open - open a tty device
2091 : * @inode: inode of device file
2092 : * @filp: file pointer to tty
2093 : *
2094 : * tty_open() and tty_release() keep up the tty count that contains the number
2095 : * of opens done on a tty. We cannot use the inode-count, as different inodes
2096 : * might point to the same tty.
2097 : *
2098 : * Open-counting is needed for pty masters, as well as for keeping track of
2099 : * serial lines: DTR is dropped when the last close happens.
2100 : * (This is not done solely through tty->count, now. - Ted 1/27/92)
2101 : *
2102 : * The termios state of a pty is reset on the first open so that settings don't
2103 : * persist across reuse.
2104 : *
2105 : * Locking:
2106 : * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2107 : * * @tty->count should protect the rest.
2108 : * * ->siglock protects ->signal/->sighand
2109 : *
2110 : * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2111 : */
2112 0 : static int tty_open(struct inode *inode, struct file *filp)
2113 : {
2114 : struct tty_struct *tty;
2115 : int noctty, retval;
2116 0 : dev_t device = inode->i_rdev;
2117 0 : unsigned saved_flags = filp->f_flags;
2118 :
2119 0 : nonseekable_open(inode, filp);
2120 :
2121 : retry_open:
2122 0 : retval = tty_alloc_file(filp);
2123 0 : if (retval)
2124 : return -ENOMEM;
2125 :
2126 0 : tty = tty_open_current_tty(device, filp);
2127 0 : if (!tty)
2128 0 : tty = tty_open_by_driver(device, filp);
2129 :
2130 0 : if (IS_ERR(tty)) {
2131 0 : tty_free_file(filp);
2132 0 : retval = PTR_ERR(tty);
2133 0 : if (retval != -EAGAIN || signal_pending(current))
2134 : return retval;
2135 0 : schedule();
2136 0 : goto retry_open;
2137 : }
2138 :
2139 0 : tty_add_file(tty, filp);
2140 :
2141 0 : check_tty_count(tty, __func__);
2142 : tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2143 :
2144 0 : if (tty->ops->open)
2145 0 : retval = tty->ops->open(tty, filp);
2146 : else
2147 : retval = -ENODEV;
2148 0 : filp->f_flags = saved_flags;
2149 :
2150 0 : if (retval) {
2151 : tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2152 :
2153 0 : tty_unlock(tty); /* need to call tty_release without BTM */
2154 0 : tty_release(inode, filp);
2155 0 : if (retval != -ERESTARTSYS)
2156 : return retval;
2157 :
2158 0 : if (signal_pending(current))
2159 : return retval;
2160 :
2161 0 : schedule();
2162 : /*
2163 : * Need to reset f_op in case a hangup happened.
2164 : */
2165 0 : if (tty_hung_up_p(filp))
2166 0 : filp->f_op = &tty_fops;
2167 : goto retry_open;
2168 : }
2169 0 : clear_bit(TTY_HUPPED, &tty->flags);
2170 :
2171 0 : noctty = (filp->f_flags & O_NOCTTY) ||
2172 0 : (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2173 0 : device == MKDEV(TTYAUX_MAJOR, 1) ||
2174 0 : (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2175 : tty->driver->subtype == PTY_TYPE_MASTER);
2176 0 : if (!noctty)
2177 0 : tty_open_proc_set_tty(filp, tty);
2178 0 : tty_unlock(tty);
2179 0 : return 0;
2180 : }
2181 :
2182 :
2183 : /**
2184 : * tty_poll - check tty status
2185 : * @filp: file being polled
2186 : * @wait: poll wait structures to update
2187 : *
2188 : * Call the line discipline polling method to obtain the poll status of the
2189 : * device.
2190 : *
2191 : * Locking: locks called line discipline but ldisc poll method may be
2192 : * re-entered freely by other callers.
2193 : */
2194 0 : static __poll_t tty_poll(struct file *filp, poll_table *wait)
2195 : {
2196 0 : struct tty_struct *tty = file_tty(filp);
2197 : struct tty_ldisc *ld;
2198 0 : __poll_t ret = 0;
2199 :
2200 0 : if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2201 : return 0;
2202 :
2203 0 : ld = tty_ldisc_ref_wait(tty);
2204 0 : if (!ld)
2205 : return hung_up_tty_poll(filp, wait);
2206 0 : if (ld->ops->poll)
2207 0 : ret = ld->ops->poll(tty, filp, wait);
2208 0 : tty_ldisc_deref(ld);
2209 0 : return ret;
2210 : }
2211 :
2212 0 : static int __tty_fasync(int fd, struct file *filp, int on)
2213 : {
2214 0 : struct tty_struct *tty = file_tty(filp);
2215 : unsigned long flags;
2216 0 : int retval = 0;
2217 :
2218 0 : if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2219 : goto out;
2220 :
2221 0 : retval = fasync_helper(fd, filp, on, &tty->fasync);
2222 0 : if (retval <= 0)
2223 : goto out;
2224 :
2225 0 : if (on) {
2226 : enum pid_type type;
2227 : struct pid *pid;
2228 :
2229 0 : spin_lock_irqsave(&tty->ctrl.lock, flags);
2230 0 : if (tty->ctrl.pgrp) {
2231 : pid = tty->ctrl.pgrp;
2232 : type = PIDTYPE_PGID;
2233 : } else {
2234 0 : pid = task_pid(current);
2235 0 : type = PIDTYPE_TGID;
2236 : }
2237 0 : get_pid(pid);
2238 0 : spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2239 0 : __f_setown(filp, pid, type, 0);
2240 0 : put_pid(pid);
2241 0 : retval = 0;
2242 : }
2243 : out:
2244 0 : return retval;
2245 : }
2246 :
2247 0 : static int tty_fasync(int fd, struct file *filp, int on)
2248 : {
2249 0 : struct tty_struct *tty = file_tty(filp);
2250 0 : int retval = -ENOTTY;
2251 :
2252 0 : tty_lock(tty);
2253 0 : if (!tty_hung_up_p(filp))
2254 0 : retval = __tty_fasync(fd, filp, on);
2255 0 : tty_unlock(tty);
2256 :
2257 0 : return retval;
2258 : }
2259 :
2260 : static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
2261 : /**
2262 : * tiocsti - fake input character
2263 : * @tty: tty to fake input into
2264 : * @p: pointer to character
2265 : *
2266 : * Fake input to a tty device. Does the necessary locking and input management.
2267 : *
2268 : * FIXME: does not honour flow control ??
2269 : *
2270 : * Locking:
2271 : * * Called functions take tty_ldiscs_lock
2272 : * * current->signal->tty check is safe without locks
2273 : */
2274 0 : static int tiocsti(struct tty_struct *tty, char __user *p)
2275 : {
2276 0 : char ch, mbz = 0;
2277 : struct tty_ldisc *ld;
2278 :
2279 0 : if (!tty_legacy_tiocsti)
2280 : return -EIO;
2281 :
2282 0 : if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2283 : return -EPERM;
2284 0 : if (get_user(ch, p))
2285 : return -EFAULT;
2286 0 : tty_audit_tiocsti(tty, ch);
2287 0 : ld = tty_ldisc_ref_wait(tty);
2288 0 : if (!ld)
2289 : return -EIO;
2290 0 : tty_buffer_lock_exclusive(tty->port);
2291 0 : if (ld->ops->receive_buf)
2292 0 : ld->ops->receive_buf(tty, &ch, &mbz, 1);
2293 0 : tty_buffer_unlock_exclusive(tty->port);
2294 0 : tty_ldisc_deref(ld);
2295 0 : return 0;
2296 : }
2297 :
2298 : /**
2299 : * tiocgwinsz - implement window query ioctl
2300 : * @tty: tty
2301 : * @arg: user buffer for result
2302 : *
2303 : * Copies the kernel idea of the window size into the user buffer.
2304 : *
2305 : * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2306 : * consistent.
2307 : */
2308 0 : static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2309 : {
2310 : int err;
2311 :
2312 0 : mutex_lock(&tty->winsize_mutex);
2313 0 : err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2314 0 : mutex_unlock(&tty->winsize_mutex);
2315 :
2316 0 : return err ? -EFAULT : 0;
2317 : }
2318 :
2319 : /**
2320 : * tty_do_resize - resize event
2321 : * @tty: tty being resized
2322 : * @ws: new dimensions
2323 : *
2324 : * Update the termios variables and send the necessary signals to peform a
2325 : * terminal resize correctly.
2326 : */
2327 0 : int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2328 : {
2329 : struct pid *pgrp;
2330 :
2331 : /* Lock the tty */
2332 0 : mutex_lock(&tty->winsize_mutex);
2333 0 : if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2334 : goto done;
2335 :
2336 : /* Signal the foreground process group */
2337 0 : pgrp = tty_get_pgrp(tty);
2338 0 : if (pgrp)
2339 0 : kill_pgrp(pgrp, SIGWINCH, 1);
2340 0 : put_pid(pgrp);
2341 :
2342 0 : tty->winsize = *ws;
2343 : done:
2344 0 : mutex_unlock(&tty->winsize_mutex);
2345 0 : return 0;
2346 : }
2347 : EXPORT_SYMBOL(tty_do_resize);
2348 :
2349 : /**
2350 : * tiocswinsz - implement window size set ioctl
2351 : * @tty: tty side of tty
2352 : * @arg: user buffer for result
2353 : *
2354 : * Copies the user idea of the window size to the kernel. Traditionally this is
2355 : * just advisory information but for the Linux console it actually has driver
2356 : * level meaning and triggers a VC resize.
2357 : *
2358 : * Locking:
2359 : * Driver dependent. The default do_resize method takes the tty termios
2360 : * mutex and ctrl.lock. The console takes its own lock then calls into the
2361 : * default method.
2362 : */
2363 0 : static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2364 : {
2365 : struct winsize tmp_ws;
2366 :
2367 0 : if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2368 : return -EFAULT;
2369 :
2370 0 : if (tty->ops->resize)
2371 0 : return tty->ops->resize(tty, &tmp_ws);
2372 : else
2373 0 : return tty_do_resize(tty, &tmp_ws);
2374 : }
2375 :
2376 : /**
2377 : * tioccons - allow admin to move logical console
2378 : * @file: the file to become console
2379 : *
2380 : * Allow the administrator to move the redirected console device.
2381 : *
2382 : * Locking: uses redirect_lock to guard the redirect information
2383 : */
2384 0 : static int tioccons(struct file *file)
2385 : {
2386 0 : if (!capable(CAP_SYS_ADMIN))
2387 : return -EPERM;
2388 0 : if (file->f_op->write_iter == redirected_tty_write) {
2389 : struct file *f;
2390 :
2391 0 : spin_lock(&redirect_lock);
2392 0 : f = redirect;
2393 0 : redirect = NULL;
2394 0 : spin_unlock(&redirect_lock);
2395 0 : if (f)
2396 0 : fput(f);
2397 : return 0;
2398 : }
2399 0 : if (file->f_op->write_iter != tty_write)
2400 : return -ENOTTY;
2401 0 : if (!(file->f_mode & FMODE_WRITE))
2402 : return -EBADF;
2403 0 : if (!(file->f_mode & FMODE_CAN_WRITE))
2404 : return -EINVAL;
2405 0 : spin_lock(&redirect_lock);
2406 0 : if (redirect) {
2407 0 : spin_unlock(&redirect_lock);
2408 0 : return -EBUSY;
2409 : }
2410 0 : redirect = get_file(file);
2411 0 : spin_unlock(&redirect_lock);
2412 0 : return 0;
2413 : }
2414 :
2415 : /**
2416 : * tiocsetd - set line discipline
2417 : * @tty: tty device
2418 : * @p: pointer to user data
2419 : *
2420 : * Set the line discipline according to user request.
2421 : *
2422 : * Locking: see tty_set_ldisc(), this function is just a helper
2423 : */
2424 0 : static int tiocsetd(struct tty_struct *tty, int __user *p)
2425 : {
2426 : int disc;
2427 : int ret;
2428 :
2429 0 : if (get_user(disc, p))
2430 : return -EFAULT;
2431 :
2432 0 : ret = tty_set_ldisc(tty, disc);
2433 :
2434 0 : return ret;
2435 : }
2436 :
2437 : /**
2438 : * tiocgetd - get line discipline
2439 : * @tty: tty device
2440 : * @p: pointer to user data
2441 : *
2442 : * Retrieves the line discipline id directly from the ldisc.
2443 : *
2444 : * Locking: waits for ldisc reference (in case the line discipline is changing
2445 : * or the @tty is being hungup)
2446 : */
2447 0 : static int tiocgetd(struct tty_struct *tty, int __user *p)
2448 : {
2449 : struct tty_ldisc *ld;
2450 : int ret;
2451 :
2452 0 : ld = tty_ldisc_ref_wait(tty);
2453 0 : if (!ld)
2454 : return -EIO;
2455 0 : ret = put_user(ld->ops->num, p);
2456 0 : tty_ldisc_deref(ld);
2457 0 : return ret;
2458 : }
2459 :
2460 : /**
2461 : * send_break - performed time break
2462 : * @tty: device to break on
2463 : * @duration: timeout in mS
2464 : *
2465 : * Perform a timed break on hardware that lacks its own driver level timed
2466 : * break functionality.
2467 : *
2468 : * Locking:
2469 : * @tty->atomic_write_lock serializes
2470 : */
2471 0 : static int send_break(struct tty_struct *tty, unsigned int duration)
2472 : {
2473 : int retval;
2474 :
2475 0 : if (tty->ops->break_ctl == NULL)
2476 : return 0;
2477 :
2478 0 : if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2479 0 : retval = tty->ops->break_ctl(tty, duration);
2480 : else {
2481 : /* Do the work ourselves */
2482 0 : if (tty_write_lock(tty, 0) < 0)
2483 : return -EINTR;
2484 0 : retval = tty->ops->break_ctl(tty, -1);
2485 0 : if (retval)
2486 : goto out;
2487 0 : if (!signal_pending(current))
2488 0 : msleep_interruptible(duration);
2489 0 : retval = tty->ops->break_ctl(tty, 0);
2490 : out:
2491 0 : tty_write_unlock(tty);
2492 0 : if (signal_pending(current))
2493 0 : retval = -EINTR;
2494 : }
2495 : return retval;
2496 : }
2497 :
2498 : /**
2499 : * tty_tiocmget - get modem status
2500 : * @tty: tty device
2501 : * @p: pointer to result
2502 : *
2503 : * Obtain the modem status bits from the tty driver if the feature is
2504 : * supported. Return -%ENOTTY if it is not available.
2505 : *
2506 : * Locking: none (up to the driver)
2507 : */
2508 0 : static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2509 : {
2510 0 : int retval = -ENOTTY;
2511 :
2512 0 : if (tty->ops->tiocmget) {
2513 0 : retval = tty->ops->tiocmget(tty);
2514 :
2515 0 : if (retval >= 0)
2516 0 : retval = put_user(retval, p);
2517 : }
2518 0 : return retval;
2519 : }
2520 :
2521 : /**
2522 : * tty_tiocmset - set modem status
2523 : * @tty: tty device
2524 : * @cmd: command - clear bits, set bits or set all
2525 : * @p: pointer to desired bits
2526 : *
2527 : * Set the modem status bits from the tty driver if the feature
2528 : * is supported. Return -%ENOTTY if it is not available.
2529 : *
2530 : * Locking: none (up to the driver)
2531 : */
2532 0 : static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2533 : unsigned __user *p)
2534 : {
2535 : int retval;
2536 : unsigned int set, clear, val;
2537 :
2538 0 : if (tty->ops->tiocmset == NULL)
2539 : return -ENOTTY;
2540 :
2541 0 : retval = get_user(val, p);
2542 0 : if (retval)
2543 : return retval;
2544 0 : set = clear = 0;
2545 0 : switch (cmd) {
2546 : case TIOCMBIS:
2547 0 : set = val;
2548 0 : break;
2549 : case TIOCMBIC:
2550 0 : clear = val;
2551 0 : break;
2552 : case TIOCMSET:
2553 0 : set = val;
2554 0 : clear = ~val;
2555 0 : break;
2556 : }
2557 0 : set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2558 0 : clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2559 0 : return tty->ops->tiocmset(tty, set, clear);
2560 : }
2561 :
2562 : /**
2563 : * tty_get_icount - get tty statistics
2564 : * @tty: tty device
2565 : * @icount: output parameter
2566 : *
2567 : * Gets a copy of the @tty's icount statistics.
2568 : *
2569 : * Locking: none (up to the driver)
2570 : */
2571 0 : int tty_get_icount(struct tty_struct *tty,
2572 : struct serial_icounter_struct *icount)
2573 : {
2574 0 : memset(icount, 0, sizeof(*icount));
2575 :
2576 0 : if (tty->ops->get_icount)
2577 0 : return tty->ops->get_icount(tty, icount);
2578 : else
2579 : return -ENOTTY;
2580 : }
2581 : EXPORT_SYMBOL_GPL(tty_get_icount);
2582 :
2583 0 : static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2584 : {
2585 : struct serial_icounter_struct icount;
2586 : int retval;
2587 :
2588 0 : retval = tty_get_icount(tty, &icount);
2589 0 : if (retval != 0)
2590 : return retval;
2591 :
2592 0 : if (copy_to_user(arg, &icount, sizeof(icount)))
2593 : return -EFAULT;
2594 0 : return 0;
2595 : }
2596 :
2597 0 : static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2598 : {
2599 : char comm[TASK_COMM_LEN];
2600 : int flags;
2601 :
2602 0 : flags = ss->flags & ASYNC_DEPRECATED;
2603 :
2604 0 : if (flags)
2605 0 : pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2606 : __func__, get_task_comm(comm, current), flags);
2607 :
2608 0 : if (!tty->ops->set_serial)
2609 : return -ENOTTY;
2610 :
2611 0 : return tty->ops->set_serial(tty, ss);
2612 : }
2613 :
2614 0 : static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2615 : {
2616 : struct serial_struct v;
2617 :
2618 0 : if (copy_from_user(&v, ss, sizeof(*ss)))
2619 : return -EFAULT;
2620 :
2621 0 : return tty_set_serial(tty, &v);
2622 : }
2623 :
2624 0 : static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2625 : {
2626 : struct serial_struct v;
2627 : int err;
2628 :
2629 0 : memset(&v, 0, sizeof(v));
2630 0 : if (!tty->ops->get_serial)
2631 : return -ENOTTY;
2632 0 : err = tty->ops->get_serial(tty, &v);
2633 0 : if (!err && copy_to_user(ss, &v, sizeof(v)))
2634 0 : err = -EFAULT;
2635 : return err;
2636 : }
2637 :
2638 : /*
2639 : * if pty, return the slave side (real_tty)
2640 : * otherwise, return self
2641 : */
2642 : static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2643 : {
2644 0 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2645 : tty->driver->subtype == PTY_TYPE_MASTER)
2646 0 : tty = tty->link;
2647 : return tty;
2648 : }
2649 :
2650 : /*
2651 : * Split this up, as gcc can choke on it otherwise..
2652 : */
2653 0 : long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2654 : {
2655 0 : struct tty_struct *tty = file_tty(file);
2656 : struct tty_struct *real_tty;
2657 0 : void __user *p = (void __user *)arg;
2658 : int retval;
2659 : struct tty_ldisc *ld;
2660 :
2661 0 : if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2662 : return -EINVAL;
2663 :
2664 0 : real_tty = tty_pair_get_tty(tty);
2665 :
2666 : /*
2667 : * Factor out some common prep work
2668 : */
2669 : switch (cmd) {
2670 : case TIOCSETD:
2671 : case TIOCSBRK:
2672 : case TIOCCBRK:
2673 : case TCSBRK:
2674 : case TCSBRKP:
2675 0 : retval = tty_check_change(tty);
2676 0 : if (retval)
2677 0 : return retval;
2678 0 : if (cmd != TIOCCBRK) {
2679 0 : tty_wait_until_sent(tty, 0);
2680 0 : if (signal_pending(current))
2681 : return -EINTR;
2682 : }
2683 : break;
2684 : }
2685 :
2686 : /*
2687 : * Now do the stuff.
2688 : */
2689 0 : switch (cmd) {
2690 : case TIOCSTI:
2691 0 : return tiocsti(tty, p);
2692 : case TIOCGWINSZ:
2693 0 : return tiocgwinsz(real_tty, p);
2694 : case TIOCSWINSZ:
2695 0 : return tiocswinsz(real_tty, p);
2696 : case TIOCCONS:
2697 0 : return real_tty != tty ? -EINVAL : tioccons(file);
2698 : case TIOCEXCL:
2699 0 : set_bit(TTY_EXCLUSIVE, &tty->flags);
2700 0 : return 0;
2701 : case TIOCNXCL:
2702 0 : clear_bit(TTY_EXCLUSIVE, &tty->flags);
2703 0 : return 0;
2704 : case TIOCGEXCL:
2705 : {
2706 0 : int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2707 :
2708 0 : return put_user(excl, (int __user *)p);
2709 : }
2710 : case TIOCGETD:
2711 0 : return tiocgetd(tty, p);
2712 : case TIOCSETD:
2713 0 : return tiocsetd(tty, p);
2714 : case TIOCVHANGUP:
2715 0 : if (!capable(CAP_SYS_ADMIN))
2716 : return -EPERM;
2717 0 : tty_vhangup(tty);
2718 0 : return 0;
2719 : case TIOCGDEV:
2720 : {
2721 0 : unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2722 :
2723 0 : return put_user(ret, (unsigned int __user *)p);
2724 : }
2725 : /*
2726 : * Break handling
2727 : */
2728 : case TIOCSBRK: /* Turn break on, unconditionally */
2729 0 : if (tty->ops->break_ctl)
2730 0 : return tty->ops->break_ctl(tty, -1);
2731 : return 0;
2732 : case TIOCCBRK: /* Turn break off, unconditionally */
2733 0 : if (tty->ops->break_ctl)
2734 0 : return tty->ops->break_ctl(tty, 0);
2735 : return 0;
2736 : case TCSBRK: /* SVID version: non-zero arg --> no break */
2737 : /* non-zero arg means wait for all output data
2738 : * to be sent (performed above) but don't send break.
2739 : * This is used by the tcdrain() termios function.
2740 : */
2741 0 : if (!arg)
2742 0 : return send_break(tty, 250);
2743 : return 0;
2744 : case TCSBRKP: /* support for POSIX tcsendbreak() */
2745 0 : return send_break(tty, arg ? arg*100 : 250);
2746 :
2747 : case TIOCMGET:
2748 0 : return tty_tiocmget(tty, p);
2749 : case TIOCMSET:
2750 : case TIOCMBIC:
2751 : case TIOCMBIS:
2752 0 : return tty_tiocmset(tty, cmd, p);
2753 : case TIOCGICOUNT:
2754 0 : return tty_tiocgicount(tty, p);
2755 : case TCFLSH:
2756 0 : switch (arg) {
2757 : case TCIFLUSH:
2758 : case TCIOFLUSH:
2759 : /* flush tty buffer and allow ldisc to process ioctl */
2760 0 : tty_buffer_flush(tty, NULL);
2761 0 : break;
2762 : }
2763 : break;
2764 : case TIOCSSERIAL:
2765 0 : return tty_tiocsserial(tty, p);
2766 : case TIOCGSERIAL:
2767 0 : return tty_tiocgserial(tty, p);
2768 : case TIOCGPTPEER:
2769 : /* Special because the struct file is needed */
2770 0 : return ptm_open_peer(file, tty, (int)arg);
2771 : default:
2772 0 : retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2773 0 : if (retval != -ENOIOCTLCMD)
2774 0 : return retval;
2775 : }
2776 0 : if (tty->ops->ioctl) {
2777 0 : retval = tty->ops->ioctl(tty, cmd, arg);
2778 0 : if (retval != -ENOIOCTLCMD)
2779 0 : return retval;
2780 : }
2781 0 : ld = tty_ldisc_ref_wait(tty);
2782 0 : if (!ld)
2783 : return hung_up_tty_ioctl(file, cmd, arg);
2784 0 : retval = -EINVAL;
2785 0 : if (ld->ops->ioctl) {
2786 0 : retval = ld->ops->ioctl(tty, cmd, arg);
2787 0 : if (retval == -ENOIOCTLCMD)
2788 0 : retval = -ENOTTY;
2789 : }
2790 0 : tty_ldisc_deref(ld);
2791 0 : return retval;
2792 : }
2793 :
2794 : #ifdef CONFIG_COMPAT
2795 :
2796 : struct serial_struct32 {
2797 : compat_int_t type;
2798 : compat_int_t line;
2799 : compat_uint_t port;
2800 : compat_int_t irq;
2801 : compat_int_t flags;
2802 : compat_int_t xmit_fifo_size;
2803 : compat_int_t custom_divisor;
2804 : compat_int_t baud_base;
2805 : unsigned short close_delay;
2806 : char io_type;
2807 : char reserved_char;
2808 : compat_int_t hub6;
2809 : unsigned short closing_wait; /* time to wait before closing */
2810 : unsigned short closing_wait2; /* no longer used... */
2811 : compat_uint_t iomem_base;
2812 : unsigned short iomem_reg_shift;
2813 : unsigned int port_high;
2814 : /* compat_ulong_t iomap_base FIXME */
2815 : compat_int_t reserved;
2816 : };
2817 :
2818 : static int compat_tty_tiocsserial(struct tty_struct *tty,
2819 : struct serial_struct32 __user *ss)
2820 : {
2821 : struct serial_struct32 v32;
2822 : struct serial_struct v;
2823 :
2824 : if (copy_from_user(&v32, ss, sizeof(*ss)))
2825 : return -EFAULT;
2826 :
2827 : memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2828 : v.iomem_base = compat_ptr(v32.iomem_base);
2829 : v.iomem_reg_shift = v32.iomem_reg_shift;
2830 : v.port_high = v32.port_high;
2831 : v.iomap_base = 0;
2832 :
2833 : return tty_set_serial(tty, &v);
2834 : }
2835 :
2836 : static int compat_tty_tiocgserial(struct tty_struct *tty,
2837 : struct serial_struct32 __user *ss)
2838 : {
2839 : struct serial_struct32 v32;
2840 : struct serial_struct v;
2841 : int err;
2842 :
2843 : memset(&v, 0, sizeof(v));
2844 : memset(&v32, 0, sizeof(v32));
2845 :
2846 : if (!tty->ops->get_serial)
2847 : return -ENOTTY;
2848 : err = tty->ops->get_serial(tty, &v);
2849 : if (!err) {
2850 : memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2851 : v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2852 : 0xfffffff : ptr_to_compat(v.iomem_base);
2853 : v32.iomem_reg_shift = v.iomem_reg_shift;
2854 : v32.port_high = v.port_high;
2855 : if (copy_to_user(ss, &v32, sizeof(v32)))
2856 : err = -EFAULT;
2857 : }
2858 : return err;
2859 : }
2860 : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2861 : unsigned long arg)
2862 : {
2863 : struct tty_struct *tty = file_tty(file);
2864 : struct tty_ldisc *ld;
2865 : int retval = -ENOIOCTLCMD;
2866 :
2867 : switch (cmd) {
2868 : case TIOCOUTQ:
2869 : case TIOCSTI:
2870 : case TIOCGWINSZ:
2871 : case TIOCSWINSZ:
2872 : case TIOCGEXCL:
2873 : case TIOCGETD:
2874 : case TIOCSETD:
2875 : case TIOCGDEV:
2876 : case TIOCMGET:
2877 : case TIOCMSET:
2878 : case TIOCMBIC:
2879 : case TIOCMBIS:
2880 : case TIOCGICOUNT:
2881 : case TIOCGPGRP:
2882 : case TIOCSPGRP:
2883 : case TIOCGSID:
2884 : case TIOCSERGETLSR:
2885 : case TIOCGRS485:
2886 : case TIOCSRS485:
2887 : #ifdef TIOCGETP
2888 : case TIOCGETP:
2889 : case TIOCSETP:
2890 : case TIOCSETN:
2891 : #endif
2892 : #ifdef TIOCGETC
2893 : case TIOCGETC:
2894 : case TIOCSETC:
2895 : #endif
2896 : #ifdef TIOCGLTC
2897 : case TIOCGLTC:
2898 : case TIOCSLTC:
2899 : #endif
2900 : case TCSETSF:
2901 : case TCSETSW:
2902 : case TCSETS:
2903 : case TCGETS:
2904 : #ifdef TCGETS2
2905 : case TCGETS2:
2906 : case TCSETSF2:
2907 : case TCSETSW2:
2908 : case TCSETS2:
2909 : #endif
2910 : case TCGETA:
2911 : case TCSETAF:
2912 : case TCSETAW:
2913 : case TCSETA:
2914 : case TIOCGLCKTRMIOS:
2915 : case TIOCSLCKTRMIOS:
2916 : #ifdef TCGETX
2917 : case TCGETX:
2918 : case TCSETX:
2919 : case TCSETXW:
2920 : case TCSETXF:
2921 : #endif
2922 : case TIOCGSOFTCAR:
2923 : case TIOCSSOFTCAR:
2924 :
2925 : case PPPIOCGCHAN:
2926 : case PPPIOCGUNIT:
2927 : return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2928 : case TIOCCONS:
2929 : case TIOCEXCL:
2930 : case TIOCNXCL:
2931 : case TIOCVHANGUP:
2932 : case TIOCSBRK:
2933 : case TIOCCBRK:
2934 : case TCSBRK:
2935 : case TCSBRKP:
2936 : case TCFLSH:
2937 : case TIOCGPTPEER:
2938 : case TIOCNOTTY:
2939 : case TIOCSCTTY:
2940 : case TCXONC:
2941 : case TIOCMIWAIT:
2942 : case TIOCSERCONFIG:
2943 : return tty_ioctl(file, cmd, arg);
2944 : }
2945 :
2946 : if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2947 : return -EINVAL;
2948 :
2949 : switch (cmd) {
2950 : case TIOCSSERIAL:
2951 : return compat_tty_tiocsserial(tty, compat_ptr(arg));
2952 : case TIOCGSERIAL:
2953 : return compat_tty_tiocgserial(tty, compat_ptr(arg));
2954 : }
2955 : if (tty->ops->compat_ioctl) {
2956 : retval = tty->ops->compat_ioctl(tty, cmd, arg);
2957 : if (retval != -ENOIOCTLCMD)
2958 : return retval;
2959 : }
2960 :
2961 : ld = tty_ldisc_ref_wait(tty);
2962 : if (!ld)
2963 : return hung_up_tty_compat_ioctl(file, cmd, arg);
2964 : if (ld->ops->compat_ioctl)
2965 : retval = ld->ops->compat_ioctl(tty, cmd, arg);
2966 : if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2967 : retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2968 : arg);
2969 : tty_ldisc_deref(ld);
2970 :
2971 : return retval;
2972 : }
2973 : #endif
2974 :
2975 0 : static int this_tty(const void *t, struct file *file, unsigned fd)
2976 : {
2977 0 : if (likely(file->f_op->read_iter != tty_read))
2978 : return 0;
2979 0 : return file_tty(file) != t ? 0 : fd + 1;
2980 : }
2981 :
2982 : /*
2983 : * This implements the "Secure Attention Key" --- the idea is to
2984 : * prevent trojan horses by killing all processes associated with this
2985 : * tty when the user hits the "Secure Attention Key". Required for
2986 : * super-paranoid applications --- see the Orange Book for more details.
2987 : *
2988 : * This code could be nicer; ideally it should send a HUP, wait a few
2989 : * seconds, then send a INT, and then a KILL signal. But you then
2990 : * have to coordinate with the init process, since all processes associated
2991 : * with the current tty must be dead before the new getty is allowed
2992 : * to spawn.
2993 : *
2994 : * Now, if it would be correct ;-/ The current code has a nasty hole -
2995 : * it doesn't catch files in flight. We may send the descriptor to ourselves
2996 : * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2997 : *
2998 : * Nasty bug: do_SAK is being called in interrupt context. This can
2999 : * deadlock. We punt it up to process context. AKPM - 16Mar2001
3000 : */
3001 0 : void __do_SAK(struct tty_struct *tty)
3002 : {
3003 : struct task_struct *g, *p;
3004 : struct pid *session;
3005 : int i;
3006 : unsigned long flags;
3007 :
3008 0 : spin_lock_irqsave(&tty->ctrl.lock, flags);
3009 0 : session = get_pid(tty->ctrl.session);
3010 0 : spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3011 :
3012 0 : tty_ldisc_flush(tty);
3013 :
3014 0 : tty_driver_flush_buffer(tty);
3015 :
3016 0 : read_lock(&tasklist_lock);
3017 : /* Kill the entire session */
3018 0 : do_each_pid_task(session, PIDTYPE_SID, p) {
3019 0 : tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3020 : task_pid_nr(p), p->comm);
3021 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3022 : } while_each_pid_task(session, PIDTYPE_SID, p);
3023 :
3024 : /* Now kill any processes that happen to have the tty open */
3025 0 : do_each_thread(g, p) {
3026 0 : if (p->signal->tty == tty) {
3027 0 : tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3028 : task_pid_nr(p), p->comm);
3029 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3030 : PIDTYPE_SID);
3031 0 : continue;
3032 : }
3033 0 : task_lock(p);
3034 0 : i = iterate_fd(p->files, 0, this_tty, tty);
3035 0 : if (i != 0) {
3036 0 : tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3037 : task_pid_nr(p), p->comm, i - 1);
3038 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3039 : PIDTYPE_SID);
3040 : }
3041 0 : task_unlock(p);
3042 0 : } while_each_thread(g, p);
3043 0 : read_unlock(&tasklist_lock);
3044 0 : put_pid(session);
3045 0 : }
3046 :
3047 0 : static void do_SAK_work(struct work_struct *work)
3048 : {
3049 0 : struct tty_struct *tty =
3050 0 : container_of(work, struct tty_struct, SAK_work);
3051 0 : __do_SAK(tty);
3052 0 : }
3053 :
3054 : /*
3055 : * The tq handling here is a little racy - tty->SAK_work may already be queued.
3056 : * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3057 : * the values which we write to it will be identical to the values which it
3058 : * already has. --akpm
3059 : */
3060 0 : void do_SAK(struct tty_struct *tty)
3061 : {
3062 0 : if (!tty)
3063 : return;
3064 0 : schedule_work(&tty->SAK_work);
3065 : }
3066 : EXPORT_SYMBOL(do_SAK);
3067 :
3068 : /* Must put_device() after it's unused! */
3069 0 : static struct device *tty_get_device(struct tty_struct *tty)
3070 : {
3071 0 : dev_t devt = tty_devnum(tty);
3072 :
3073 0 : return class_find_device_by_devt(tty_class, devt);
3074 : }
3075 :
3076 :
3077 : /**
3078 : * alloc_tty_struct - allocate a new tty
3079 : * @driver: driver which will handle the returned tty
3080 : * @idx: minor of the tty
3081 : *
3082 : * This subroutine allocates and initializes a tty structure.
3083 : *
3084 : * Locking: none - @tty in question is not exposed at this point
3085 : */
3086 0 : struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3087 : {
3088 : struct tty_struct *tty;
3089 :
3090 0 : tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3091 0 : if (!tty)
3092 : return NULL;
3093 :
3094 0 : kref_init(&tty->kref);
3095 0 : if (tty_ldisc_init(tty)) {
3096 0 : kfree(tty);
3097 0 : return NULL;
3098 : }
3099 0 : tty->ctrl.session = NULL;
3100 0 : tty->ctrl.pgrp = NULL;
3101 0 : mutex_init(&tty->legacy_mutex);
3102 0 : mutex_init(&tty->throttle_mutex);
3103 0 : init_rwsem(&tty->termios_rwsem);
3104 0 : mutex_init(&tty->winsize_mutex);
3105 0 : init_ldsem(&tty->ldisc_sem);
3106 0 : init_waitqueue_head(&tty->write_wait);
3107 0 : init_waitqueue_head(&tty->read_wait);
3108 0 : INIT_WORK(&tty->hangup_work, do_tty_hangup);
3109 0 : mutex_init(&tty->atomic_write_lock);
3110 0 : spin_lock_init(&tty->ctrl.lock);
3111 0 : spin_lock_init(&tty->flow.lock);
3112 0 : spin_lock_init(&tty->files_lock);
3113 0 : INIT_LIST_HEAD(&tty->tty_files);
3114 0 : INIT_WORK(&tty->SAK_work, do_SAK_work);
3115 :
3116 0 : tty->driver = driver;
3117 0 : tty->ops = driver->ops;
3118 0 : tty->index = idx;
3119 0 : tty_line_name(driver, idx, tty->name);
3120 0 : tty->dev = tty_get_device(tty);
3121 :
3122 0 : return tty;
3123 : }
3124 :
3125 : /**
3126 : * tty_put_char - write one character to a tty
3127 : * @tty: tty
3128 : * @ch: character to write
3129 : *
3130 : * Write one byte to the @tty using the provided @tty->ops->put_char() method
3131 : * if present.
3132 : *
3133 : * Note: the specific put_char operation in the driver layer may go
3134 : * away soon. Don't call it directly, use this method
3135 : *
3136 : * Return: the number of characters successfully output.
3137 : */
3138 0 : int tty_put_char(struct tty_struct *tty, unsigned char ch)
3139 : {
3140 0 : if (tty->ops->put_char)
3141 0 : return tty->ops->put_char(tty, ch);
3142 0 : return tty->ops->write(tty, &ch, 1);
3143 : }
3144 : EXPORT_SYMBOL_GPL(tty_put_char);
3145 :
3146 : struct class *tty_class;
3147 :
3148 5 : static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3149 : unsigned int index, unsigned int count)
3150 : {
3151 : int err;
3152 :
3153 : /* init here, since reused cdevs cause crashes */
3154 5 : driver->cdevs[index] = cdev_alloc();
3155 5 : if (!driver->cdevs[index])
3156 : return -ENOMEM;
3157 5 : driver->cdevs[index]->ops = &tty_fops;
3158 5 : driver->cdevs[index]->owner = driver->owner;
3159 5 : err = cdev_add(driver->cdevs[index], dev, count);
3160 5 : if (err)
3161 0 : kobject_put(&driver->cdevs[index]->kobj);
3162 : return err;
3163 : }
3164 :
3165 : /**
3166 : * tty_register_device - register a tty device
3167 : * @driver: the tty driver that describes the tty device
3168 : * @index: the index in the tty driver for this tty device
3169 : * @device: a struct device that is associated with this tty device.
3170 : * This field is optional, if there is no known struct device
3171 : * for this tty device it can be set to NULL safely.
3172 : *
3173 : * This call is required to be made to register an individual tty device
3174 : * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3175 : * that bit is not set, this function should not be called by a tty
3176 : * driver.
3177 : *
3178 : * Locking: ??
3179 : *
3180 : * Return: A pointer to the struct device for this tty device (or
3181 : * ERR_PTR(-EFOO) on error).
3182 : */
3183 0 : struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3184 : struct device *device)
3185 : {
3186 512 : return tty_register_device_attr(driver, index, device, NULL, NULL);
3187 : }
3188 : EXPORT_SYMBOL(tty_register_device);
3189 :
3190 0 : static void tty_device_create_release(struct device *dev)
3191 : {
3192 : dev_dbg(dev, "releasing...\n");
3193 0 : kfree(dev);
3194 0 : }
3195 :
3196 : /**
3197 : * tty_register_device_attr - register a tty device
3198 : * @driver: the tty driver that describes the tty device
3199 : * @index: the index in the tty driver for this tty device
3200 : * @device: a struct device that is associated with this tty device.
3201 : * This field is optional, if there is no known struct device
3202 : * for this tty device it can be set to %NULL safely.
3203 : * @drvdata: Driver data to be set to device.
3204 : * @attr_grp: Attribute group to be set on device.
3205 : *
3206 : * This call is required to be made to register an individual tty device if the
3207 : * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3208 : * not set, this function should not be called by a tty driver.
3209 : *
3210 : * Locking: ??
3211 : *
3212 : * Return: A pointer to the struct device for this tty device (or
3213 : * ERR_PTR(-EFOO) on error).
3214 : */
3215 513 : struct device *tty_register_device_attr(struct tty_driver *driver,
3216 : unsigned index, struct device *device,
3217 : void *drvdata,
3218 : const struct attribute_group **attr_grp)
3219 : {
3220 : char name[64];
3221 513 : dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3222 : struct ktermios *tp;
3223 : struct device *dev;
3224 : int retval;
3225 :
3226 513 : if (index >= driver->num) {
3227 0 : pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3228 : driver->name, index);
3229 0 : return ERR_PTR(-EINVAL);
3230 : }
3231 :
3232 513 : if (driver->type == TTY_DRIVER_TYPE_PTY)
3233 512 : pty_line_name(driver, index, name);
3234 : else
3235 1 : tty_line_name(driver, index, name);
3236 :
3237 513 : dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3238 513 : if (!dev)
3239 : return ERR_PTR(-ENOMEM);
3240 :
3241 513 : dev->devt = devt;
3242 513 : dev->class = tty_class;
3243 513 : dev->parent = device;
3244 513 : dev->release = tty_device_create_release;
3245 513 : dev_set_name(dev, "%s", name);
3246 513 : dev->groups = attr_grp;
3247 1026 : dev_set_drvdata(dev, drvdata);
3248 :
3249 513 : dev_set_uevent_suppress(dev, 1);
3250 :
3251 513 : retval = device_register(dev);
3252 513 : if (retval)
3253 : goto err_put;
3254 :
3255 513 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3256 : /*
3257 : * Free any saved termios data so that the termios state is
3258 : * reset when reusing a minor number.
3259 : */
3260 1 : tp = driver->termios[index];
3261 1 : if (tp) {
3262 0 : driver->termios[index] = NULL;
3263 0 : kfree(tp);
3264 : }
3265 :
3266 1 : retval = tty_cdev_add(driver, devt, index, 1);
3267 1 : if (retval)
3268 : goto err_del;
3269 : }
3270 :
3271 513 : dev_set_uevent_suppress(dev, 0);
3272 513 : kobject_uevent(&dev->kobj, KOBJ_ADD);
3273 :
3274 513 : return dev;
3275 :
3276 : err_del:
3277 0 : device_del(dev);
3278 : err_put:
3279 0 : put_device(dev);
3280 :
3281 0 : return ERR_PTR(retval);
3282 : }
3283 : EXPORT_SYMBOL_GPL(tty_register_device_attr);
3284 :
3285 : /**
3286 : * tty_unregister_device - unregister a tty device
3287 : * @driver: the tty driver that describes the tty device
3288 : * @index: the index in the tty driver for this tty device
3289 : *
3290 : * If a tty device is registered with a call to tty_register_device() then
3291 : * this function must be called when the tty device is gone.
3292 : *
3293 : * Locking: ??
3294 : */
3295 0 : void tty_unregister_device(struct tty_driver *driver, unsigned index)
3296 : {
3297 0 : device_destroy(tty_class,
3298 0 : MKDEV(driver->major, driver->minor_start) + index);
3299 0 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3300 0 : cdev_del(driver->cdevs[index]);
3301 0 : driver->cdevs[index] = NULL;
3302 : }
3303 0 : }
3304 : EXPORT_SYMBOL(tty_unregister_device);
3305 :
3306 : /**
3307 : * __tty_alloc_driver -- allocate tty driver
3308 : * @lines: count of lines this driver can handle at most
3309 : * @owner: module which is responsible for this driver
3310 : * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
3311 : *
3312 : * This should not be called directly, some of the provided macros should be
3313 : * used instead. Use IS_ERR() and friends on @retval.
3314 : */
3315 5 : struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3316 : unsigned long flags)
3317 : {
3318 : struct tty_driver *driver;
3319 5 : unsigned int cdevs = 1;
3320 : int err;
3321 :
3322 5 : if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3323 : return ERR_PTR(-EINVAL);
3324 :
3325 5 : driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3326 5 : if (!driver)
3327 : return ERR_PTR(-ENOMEM);
3328 :
3329 10 : kref_init(&driver->kref);
3330 5 : driver->num = lines;
3331 5 : driver->owner = owner;
3332 5 : driver->flags = flags;
3333 :
3334 5 : if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3335 6 : driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3336 : GFP_KERNEL);
3337 6 : driver->termios = kcalloc(lines, sizeof(*driver->termios),
3338 : GFP_KERNEL);
3339 3 : if (!driver->ttys || !driver->termios) {
3340 : err = -ENOMEM;
3341 : goto err_free_all;
3342 : }
3343 : }
3344 :
3345 5 : if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3346 2 : driver->ports = kcalloc(lines, sizeof(*driver->ports),
3347 : GFP_KERNEL);
3348 1 : if (!driver->ports) {
3349 : err = -ENOMEM;
3350 : goto err_free_all;
3351 : }
3352 : cdevs = lines;
3353 : }
3354 :
3355 10 : driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3356 5 : if (!driver->cdevs) {
3357 : err = -ENOMEM;
3358 : goto err_free_all;
3359 : }
3360 :
3361 : return driver;
3362 : err_free_all:
3363 0 : kfree(driver->ports);
3364 0 : kfree(driver->ttys);
3365 0 : kfree(driver->termios);
3366 0 : kfree(driver->cdevs);
3367 0 : kfree(driver);
3368 0 : return ERR_PTR(err);
3369 : }
3370 : EXPORT_SYMBOL(__tty_alloc_driver);
3371 :
3372 0 : static void destruct_tty_driver(struct kref *kref)
3373 : {
3374 0 : struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3375 : int i;
3376 : struct ktermios *tp;
3377 :
3378 0 : if (driver->flags & TTY_DRIVER_INSTALLED) {
3379 0 : for (i = 0; i < driver->num; i++) {
3380 0 : tp = driver->termios[i];
3381 0 : if (tp) {
3382 0 : driver->termios[i] = NULL;
3383 0 : kfree(tp);
3384 : }
3385 0 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3386 0 : tty_unregister_device(driver, i);
3387 : }
3388 0 : proc_tty_unregister_driver(driver);
3389 0 : if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3390 0 : cdev_del(driver->cdevs[0]);
3391 : }
3392 0 : kfree(driver->cdevs);
3393 0 : kfree(driver->ports);
3394 0 : kfree(driver->termios);
3395 0 : kfree(driver->ttys);
3396 0 : kfree(driver);
3397 0 : }
3398 :
3399 : /**
3400 : * tty_driver_kref_put -- drop a reference to a tty driver
3401 : * @driver: driver of which to drop the reference
3402 : *
3403 : * The final put will destroy and free up the driver.
3404 : */
3405 0 : void tty_driver_kref_put(struct tty_driver *driver)
3406 : {
3407 0 : kref_put(&driver->kref, destruct_tty_driver);
3408 0 : }
3409 : EXPORT_SYMBOL(tty_driver_kref_put);
3410 :
3411 : /**
3412 : * tty_register_driver -- register a tty driver
3413 : * @driver: driver to register
3414 : *
3415 : * Called by a tty driver to register itself.
3416 : */
3417 5 : int tty_register_driver(struct tty_driver *driver)
3418 : {
3419 : int error;
3420 : int i;
3421 : dev_t dev;
3422 : struct device *d;
3423 :
3424 5 : if (!driver->major) {
3425 0 : error = alloc_chrdev_region(&dev, driver->minor_start,
3426 : driver->num, driver->name);
3427 0 : if (!error) {
3428 0 : driver->major = MAJOR(dev);
3429 0 : driver->minor_start = MINOR(dev);
3430 : }
3431 : } else {
3432 5 : dev = MKDEV(driver->major, driver->minor_start);
3433 5 : error = register_chrdev_region(dev, driver->num, driver->name);
3434 : }
3435 5 : if (error < 0)
3436 : goto err;
3437 :
3438 5 : if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3439 4 : error = tty_cdev_add(driver, dev, 0, driver->num);
3440 4 : if (error)
3441 : goto err_unreg_char;
3442 : }
3443 :
3444 5 : mutex_lock(&tty_mutex);
3445 10 : list_add(&driver->tty_drivers, &tty_drivers);
3446 5 : mutex_unlock(&tty_mutex);
3447 :
3448 5 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3449 512 : for (i = 0; i < driver->num; i++) {
3450 1024 : d = tty_register_device(driver, i, NULL);
3451 512 : if (IS_ERR(d)) {
3452 0 : error = PTR_ERR(d);
3453 : goto err_unreg_devs;
3454 : }
3455 : }
3456 : }
3457 5 : proc_tty_register_driver(driver);
3458 5 : driver->flags |= TTY_DRIVER_INSTALLED;
3459 5 : return 0;
3460 :
3461 : err_unreg_devs:
3462 0 : for (i--; i >= 0; i--)
3463 0 : tty_unregister_device(driver, i);
3464 :
3465 0 : mutex_lock(&tty_mutex);
3466 0 : list_del(&driver->tty_drivers);
3467 0 : mutex_unlock(&tty_mutex);
3468 :
3469 : err_unreg_char:
3470 0 : unregister_chrdev_region(dev, driver->num);
3471 : err:
3472 : return error;
3473 : }
3474 : EXPORT_SYMBOL(tty_register_driver);
3475 :
3476 : /**
3477 : * tty_unregister_driver -- unregister a tty driver
3478 : * @driver: driver to unregister
3479 : *
3480 : * Called by a tty driver to unregister itself.
3481 : */
3482 0 : void tty_unregister_driver(struct tty_driver *driver)
3483 : {
3484 0 : unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3485 : driver->num);
3486 0 : mutex_lock(&tty_mutex);
3487 0 : list_del(&driver->tty_drivers);
3488 0 : mutex_unlock(&tty_mutex);
3489 0 : }
3490 : EXPORT_SYMBOL(tty_unregister_driver);
3491 :
3492 0 : dev_t tty_devnum(struct tty_struct *tty)
3493 : {
3494 0 : return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3495 : }
3496 : EXPORT_SYMBOL(tty_devnum);
3497 :
3498 1 : void tty_default_fops(struct file_operations *fops)
3499 : {
3500 1 : *fops = tty_fops;
3501 1 : }
3502 :
3503 516 : static char *tty_devnode(const struct device *dev, umode_t *mode)
3504 : {
3505 516 : if (!mode)
3506 : return NULL;
3507 516 : if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3508 : dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3509 2 : *mode = 0666;
3510 : return NULL;
3511 : }
3512 :
3513 1 : static int __init tty_class_init(void)
3514 : {
3515 1 : tty_class = class_create(THIS_MODULE, "tty");
3516 2 : if (IS_ERR(tty_class))
3517 0 : return PTR_ERR(tty_class);
3518 1 : tty_class->devnode = tty_devnode;
3519 1 : return 0;
3520 : }
3521 :
3522 : postcore_initcall(tty_class_init);
3523 :
3524 : /* 3/2004 jmc: why do these devices exist? */
3525 : static struct cdev tty_cdev, console_cdev;
3526 :
3527 0 : static ssize_t show_cons_active(struct device *dev,
3528 : struct device_attribute *attr, char *buf)
3529 : {
3530 : struct console *cs[16];
3531 0 : int i = 0;
3532 : struct console *c;
3533 0 : ssize_t count = 0;
3534 :
3535 : /*
3536 : * Hold the console_list_lock to guarantee that no consoles are
3537 : * unregistered until all console processing is complete.
3538 : * This also allows safe traversal of the console list and
3539 : * race-free reading of @flags.
3540 : */
3541 0 : console_list_lock();
3542 :
3543 0 : for_each_console(c) {
3544 0 : if (!c->device)
3545 0 : continue;
3546 0 : if (!c->write)
3547 0 : continue;
3548 0 : if ((c->flags & CON_ENABLED) == 0)
3549 0 : continue;
3550 0 : cs[i++] = c;
3551 0 : if (i >= ARRAY_SIZE(cs))
3552 : break;
3553 : }
3554 :
3555 : /*
3556 : * Take console_lock to serialize device() callback with
3557 : * other console operations. For example, fg_console is
3558 : * modified under console_lock when switching vt.
3559 : */
3560 0 : console_lock();
3561 0 : while (i--) {
3562 0 : int index = cs[i]->index;
3563 0 : struct tty_driver *drv = cs[i]->device(cs[i], &index);
3564 :
3565 : /* don't resolve tty0 as some programs depend on it */
3566 0 : if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3567 0 : count += tty_line_name(drv, index, buf + count);
3568 : else
3569 0 : count += sprintf(buf + count, "%s%d",
3570 0 : cs[i]->name, cs[i]->index);
3571 :
3572 0 : count += sprintf(buf + count, "%c", i ? ' ':'\n');
3573 : }
3574 0 : console_unlock();
3575 :
3576 0 : console_list_unlock();
3577 :
3578 0 : return count;
3579 : }
3580 : static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3581 :
3582 : static struct attribute *cons_dev_attrs[] = {
3583 : &dev_attr_active.attr,
3584 : NULL
3585 : };
3586 :
3587 : ATTRIBUTE_GROUPS(cons_dev);
3588 :
3589 : static struct device *consdev;
3590 :
3591 2 : void console_sysfs_notify(void)
3592 : {
3593 2 : if (consdev)
3594 2 : sysfs_notify(&consdev->kobj, NULL, "active");
3595 2 : }
3596 :
3597 : static struct ctl_table tty_table[] = {
3598 : {
3599 : .procname = "legacy_tiocsti",
3600 : .data = &tty_legacy_tiocsti,
3601 : .maxlen = sizeof(tty_legacy_tiocsti),
3602 : .mode = 0644,
3603 : .proc_handler = proc_dobool,
3604 : },
3605 : {
3606 : .procname = "ldisc_autoload",
3607 : .data = &tty_ldisc_autoload,
3608 : .maxlen = sizeof(tty_ldisc_autoload),
3609 : .mode = 0644,
3610 : .proc_handler = proc_dointvec,
3611 : .extra1 = SYSCTL_ZERO,
3612 : .extra2 = SYSCTL_ONE,
3613 : },
3614 : { }
3615 : };
3616 :
3617 : static struct ctl_table tty_dir_table[] = {
3618 : {
3619 : .procname = "tty",
3620 : .mode = 0555,
3621 : .child = tty_table,
3622 : },
3623 : { }
3624 : };
3625 :
3626 : static struct ctl_table tty_root_table[] = {
3627 : {
3628 : .procname = "dev",
3629 : .mode = 0555,
3630 : .child = tty_dir_table,
3631 : },
3632 : { }
3633 : };
3634 :
3635 : /*
3636 : * Ok, now we can initialize the rest of the tty devices and can count
3637 : * on memory allocations, interrupts etc..
3638 : */
3639 1 : int __init tty_init(void)
3640 : {
3641 1 : register_sysctl_table(tty_root_table);
3642 1 : cdev_init(&tty_cdev, &tty_fops);
3643 2 : if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3644 1 : register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3645 0 : panic("Couldn't register /dev/tty driver\n");
3646 1 : device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3647 :
3648 1 : cdev_init(&console_cdev, &console_fops);
3649 2 : if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3650 1 : register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3651 0 : panic("Couldn't register /dev/console driver\n");
3652 1 : consdev = device_create_with_groups(tty_class, NULL,
3653 : MKDEV(TTYAUX_MAJOR, 1), NULL,
3654 : cons_dev_groups, "console");
3655 2 : if (IS_ERR(consdev))
3656 0 : consdev = NULL;
3657 :
3658 : #ifdef CONFIG_VT
3659 : vty_init(&console_fops);
3660 : #endif
3661 1 : return 0;
3662 : }
|