LCOV - code coverage report
Current view: top level - drivers/tty - tty_io.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 108 1159 9.3 %
Date: 2023-04-06 08:38:28 Functions: 11 106 10.4 %

          Line data    Source code
       1             : // SPDX-License-Identifier: GPL-2.0
       2             : /*
       3             :  *  Copyright (C) 1991, 1992  Linus Torvalds
       4             :  */
       5             : 
       6             : /*
       7             :  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
       8             :  * or rs-channels. It also implements echoing, cooked mode etc.
       9             :  *
      10             :  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
      11             :  *
      12             :  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
      13             :  * tty_struct and tty_queue structures.  Previously there was an array
      14             :  * of 256 tty_struct's which was statically allocated, and the
      15             :  * tty_queue structures were allocated at boot time.  Both are now
      16             :  * dynamically allocated only when the tty is open.
      17             :  *
      18             :  * Also restructured routines so that there is more of a separation
      19             :  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
      20             :  * the low-level tty routines (serial.c, pty.c, console.c).  This
      21             :  * makes for cleaner and more compact code.  -TYT, 9/17/92
      22             :  *
      23             :  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
      24             :  * which can be dynamically activated and de-activated by the line
      25             :  * discipline handling modules (like SLIP).
      26             :  *
      27             :  * NOTE: pay no attention to the line discipline code (yet); its
      28             :  * interface is still subject to change in this version...
      29             :  * -- TYT, 1/31/92
      30             :  *
      31             :  * Added functionality to the OPOST tty handling.  No delays, but all
      32             :  * other bits should be there.
      33             :  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
      34             :  *
      35             :  * Rewrote canonical mode and added more termios flags.
      36             :  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
      37             :  *
      38             :  * Reorganized FASYNC support so mouse code can share it.
      39             :  *      -- ctm@ardi.com, 9Sep95
      40             :  *
      41             :  * New TIOCLINUX variants added.
      42             :  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
      43             :  *
      44             :  * Restrict vt switching via ioctl()
      45             :  *      -- grif@cs.ucr.edu, 5-Dec-95
      46             :  *
      47             :  * Move console and virtual terminal code to more appropriate files,
      48             :  * implement CONFIG_VT and generalize console device interface.
      49             :  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
      50             :  *
      51             :  * Rewrote tty_init_dev and tty_release_dev to eliminate races.
      52             :  *      -- Bill Hawes <whawes@star.net>, June 97
      53             :  *
      54             :  * Added devfs support.
      55             :  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
      56             :  *
      57             :  * Added support for a Unix98-style ptmx device.
      58             :  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
      59             :  *
      60             :  * Reduced memory usage for older ARM systems
      61             :  *      -- Russell King <rmk@arm.linux.org.uk>
      62             :  *
      63             :  * Move do_SAK() into process context.  Less stack use in devfs functions.
      64             :  * alloc_tty_struct() always uses kmalloc()
      65             :  *                       -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
      66             :  */
      67             : 
      68             : #include <linux/types.h>
      69             : #include <linux/major.h>
      70             : #include <linux/errno.h>
      71             : #include <linux/signal.h>
      72             : #include <linux/fcntl.h>
      73             : #include <linux/sched/signal.h>
      74             : #include <linux/sched/task.h>
      75             : #include <linux/interrupt.h>
      76             : #include <linux/tty.h>
      77             : #include <linux/tty_driver.h>
      78             : #include <linux/tty_flip.h>
      79             : #include <linux/devpts_fs.h>
      80             : #include <linux/file.h>
      81             : #include <linux/fdtable.h>
      82             : #include <linux/console.h>
      83             : #include <linux/timer.h>
      84             : #include <linux/ctype.h>
      85             : #include <linux/kd.h>
      86             : #include <linux/mm.h>
      87             : #include <linux/string.h>
      88             : #include <linux/slab.h>
      89             : #include <linux/poll.h>
      90             : #include <linux/ppp-ioctl.h>
      91             : #include <linux/proc_fs.h>
      92             : #include <linux/init.h>
      93             : #include <linux/module.h>
      94             : #include <linux/device.h>
      95             : #include <linux/wait.h>
      96             : #include <linux/bitops.h>
      97             : #include <linux/delay.h>
      98             : #include <linux/seq_file.h>
      99             : #include <linux/serial.h>
     100             : #include <linux/ratelimit.h>
     101             : #include <linux/compat.h>
     102             : #include <linux/uaccess.h>
     103             : #include <linux/termios_internal.h>
     104             : 
     105             : #include <linux/kbd_kern.h>
     106             : #include <linux/vt_kern.h>
     107             : #include <linux/selection.h>
     108             : 
     109             : #include <linux/kmod.h>
     110             : #include <linux/nsproxy.h>
     111             : #include "tty.h"
     112             : 
     113             : #undef TTY_DEBUG_HANGUP
     114             : #ifdef TTY_DEBUG_HANGUP
     115             : # define tty_debug_hangup(tty, f, args...)      tty_debug(tty, f, ##args)
     116             : #else
     117             : # define tty_debug_hangup(tty, f, args...)      do { } while (0)
     118             : #endif
     119             : 
     120             : #define TTY_PARANOIA_CHECK 1
     121             : #define CHECK_TTY_COUNT 1
     122             : 
     123             : struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
     124             :         .c_iflag = ICRNL | IXON,
     125             :         .c_oflag = OPOST | ONLCR,
     126             :         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
     127             :         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
     128             :                    ECHOCTL | ECHOKE | IEXTEN,
     129             :         .c_cc = INIT_C_CC,
     130             :         .c_ispeed = 38400,
     131             :         .c_ospeed = 38400,
     132             :         /* .c_line = N_TTY, */
     133             : };
     134             : EXPORT_SYMBOL(tty_std_termios);
     135             : 
     136             : /* This list gets poked at by procfs and various bits of boot up code. This
     137             :  * could do with some rationalisation such as pulling the tty proc function
     138             :  * into this file.
     139             :  */
     140             : 
     141             : LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
     142             : 
     143             : /* Mutex to protect creating and releasing a tty */
     144             : DEFINE_MUTEX(tty_mutex);
     145             : 
     146             : static ssize_t tty_read(struct kiocb *, struct iov_iter *);
     147             : static ssize_t tty_write(struct kiocb *, struct iov_iter *);
     148             : static __poll_t tty_poll(struct file *, poll_table *);
     149             : static int tty_open(struct inode *, struct file *);
     150             : #ifdef CONFIG_COMPAT
     151             : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
     152             :                                 unsigned long arg);
     153             : #else
     154             : #define tty_compat_ioctl NULL
     155             : #endif
     156             : static int __tty_fasync(int fd, struct file *filp, int on);
     157             : static int tty_fasync(int fd, struct file *filp, int on);
     158             : static void release_tty(struct tty_struct *tty, int idx);
     159             : 
     160             : /**
     161             :  * free_tty_struct      -       free a disused tty
     162             :  * @tty: tty struct to free
     163             :  *
     164             :  * Free the write buffers, tty queue and tty memory itself.
     165             :  *
     166             :  * Locking: none. Must be called after tty is definitely unused
     167             :  */
     168           0 : static void free_tty_struct(struct tty_struct *tty)
     169             : {
     170           0 :         tty_ldisc_deinit(tty);
     171           0 :         put_device(tty->dev);
     172           0 :         kvfree(tty->write_buf);
     173           0 :         kfree(tty);
     174           0 : }
     175             : 
     176             : static inline struct tty_struct *file_tty(struct file *file)
     177             : {
     178           0 :         return ((struct tty_file_private *)file->private_data)->tty;
     179             : }
     180             : 
     181           0 : int tty_alloc_file(struct file *file)
     182             : {
     183             :         struct tty_file_private *priv;
     184             : 
     185           0 :         priv = kmalloc(sizeof(*priv), GFP_KERNEL);
     186           0 :         if (!priv)
     187             :                 return -ENOMEM;
     188             : 
     189           0 :         file->private_data = priv;
     190             : 
     191           0 :         return 0;
     192             : }
     193             : 
     194             : /* Associate a new file with the tty structure */
     195           0 : void tty_add_file(struct tty_struct *tty, struct file *file)
     196             : {
     197           0 :         struct tty_file_private *priv = file->private_data;
     198             : 
     199           0 :         priv->tty = tty;
     200           0 :         priv->file = file;
     201             : 
     202           0 :         spin_lock(&tty->files_lock);
     203           0 :         list_add(&priv->list, &tty->tty_files);
     204           0 :         spin_unlock(&tty->files_lock);
     205           0 : }
     206             : 
     207             : /**
     208             :  * tty_free_file - free file->private_data
     209             :  * @file: to free private_data of
     210             :  *
     211             :  * This shall be used only for fail path handling when tty_add_file was not
     212             :  * called yet.
     213             :  */
     214           0 : void tty_free_file(struct file *file)
     215             : {
     216           0 :         struct tty_file_private *priv = file->private_data;
     217             : 
     218           0 :         file->private_data = NULL;
     219           0 :         kfree(priv);
     220           0 : }
     221             : 
     222             : /* Delete file from its tty */
     223           0 : static void tty_del_file(struct file *file)
     224             : {
     225           0 :         struct tty_file_private *priv = file->private_data;
     226           0 :         struct tty_struct *tty = priv->tty;
     227             : 
     228           0 :         spin_lock(&tty->files_lock);
     229           0 :         list_del(&priv->list);
     230           0 :         spin_unlock(&tty->files_lock);
     231           0 :         tty_free_file(file);
     232           0 : }
     233             : 
     234             : /**
     235             :  * tty_name     -       return tty naming
     236             :  * @tty: tty structure
     237             :  *
     238             :  * Convert a tty structure into a name. The name reflects the kernel naming
     239             :  * policy and if udev is in use may not reflect user space
     240             :  *
     241             :  * Locking: none
     242             :  */
     243           0 : const char *tty_name(const struct tty_struct *tty)
     244             : {
     245           0 :         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
     246             :                 return "NULL tty";
     247           0 :         return tty->name;
     248             : }
     249             : EXPORT_SYMBOL(tty_name);
     250             : 
     251           0 : const char *tty_driver_name(const struct tty_struct *tty)
     252             : {
     253           0 :         if (!tty || !tty->driver)
     254             :                 return "";
     255           0 :         return tty->driver->name;
     256             : }
     257             : 
     258             : static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
     259             :                               const char *routine)
     260             : {
     261             : #ifdef TTY_PARANOIA_CHECK
     262           0 :         if (!tty) {
     263           0 :                 pr_warn("(%d:%d): %s: NULL tty\n",
     264             :                         imajor(inode), iminor(inode), routine);
     265             :                 return 1;
     266             :         }
     267             : #endif
     268             :         return 0;
     269             : }
     270             : 
     271             : /* Caller must hold tty_lock */
     272           0 : static int check_tty_count(struct tty_struct *tty, const char *routine)
     273             : {
     274             : #ifdef CHECK_TTY_COUNT
     275             :         struct list_head *p;
     276           0 :         int count = 0, kopen_count = 0;
     277             : 
     278           0 :         spin_lock(&tty->files_lock);
     279           0 :         list_for_each(p, &tty->tty_files) {
     280           0 :                 count++;
     281             :         }
     282           0 :         spin_unlock(&tty->files_lock);
     283           0 :         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
     284           0 :             tty->driver->subtype == PTY_TYPE_SLAVE &&
     285           0 :             tty->link && tty->link->count)
     286           0 :                 count++;
     287           0 :         if (tty_port_kopened(tty->port))
     288           0 :                 kopen_count++;
     289           0 :         if (tty->count != (count + kopen_count)) {
     290           0 :                 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
     291             :                          routine, tty->count, count, kopen_count);
     292           0 :                 return (count + kopen_count);
     293             :         }
     294             : #endif
     295             :         return 0;
     296             : }
     297             : 
     298             : /**
     299             :  * get_tty_driver               -       find device of a tty
     300             :  * @device: device identifier
     301             :  * @index: returns the index of the tty
     302             :  *
     303             :  * This routine returns a tty driver structure, given a device number and also
     304             :  * passes back the index number.
     305             :  *
     306             :  * Locking: caller must hold tty_mutex
     307             :  */
     308           0 : static struct tty_driver *get_tty_driver(dev_t device, int *index)
     309             : {
     310             :         struct tty_driver *p;
     311             : 
     312           0 :         list_for_each_entry(p, &tty_drivers, tty_drivers) {
     313           0 :                 dev_t base = MKDEV(p->major, p->minor_start);
     314             : 
     315           0 :                 if (device < base || device >= base + p->num)
     316           0 :                         continue;
     317           0 :                 *index = device - base;
     318           0 :                 return tty_driver_kref_get(p);
     319             :         }
     320             :         return NULL;
     321             : }
     322             : 
     323             : /**
     324             :  * tty_dev_name_to_number       -       return dev_t for device name
     325             :  * @name: user space name of device under /dev
     326             :  * @number: pointer to dev_t that this function will populate
     327             :  *
     328             :  * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
     329             :  * (4, 64) or (188, 1). If no corresponding driver is registered then the
     330             :  * function returns -%ENODEV.
     331             :  *
     332             :  * Locking: this acquires tty_mutex to protect the tty_drivers list from
     333             :  *      being modified while we are traversing it, and makes sure to
     334             :  *      release it before exiting.
     335             :  */
     336           0 : int tty_dev_name_to_number(const char *name, dev_t *number)
     337             : {
     338             :         struct tty_driver *p;
     339             :         int ret;
     340           0 :         int index, prefix_length = 0;
     341             :         const char *str;
     342             : 
     343           0 :         for (str = name; *str && !isdigit(*str); str++)
     344             :                 ;
     345             : 
     346           0 :         if (!*str)
     347             :                 return -EINVAL;
     348             : 
     349           0 :         ret = kstrtoint(str, 10, &index);
     350           0 :         if (ret)
     351             :                 return ret;
     352             : 
     353           0 :         prefix_length = str - name;
     354           0 :         mutex_lock(&tty_mutex);
     355             : 
     356           0 :         list_for_each_entry(p, &tty_drivers, tty_drivers)
     357           0 :                 if (prefix_length == strlen(p->name) && strncmp(name,
     358             :                                         p->name, prefix_length) == 0) {
     359           0 :                         if (index < p->num) {
     360           0 :                                 *number = MKDEV(p->major, p->minor_start + index);
     361           0 :                                 goto out;
     362             :                         }
     363             :                 }
     364             : 
     365             :         /* if here then driver wasn't found */
     366             :         ret = -ENODEV;
     367             : out:
     368           0 :         mutex_unlock(&tty_mutex);
     369           0 :         return ret;
     370             : }
     371             : EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
     372             : 
     373             : #ifdef CONFIG_CONSOLE_POLL
     374             : 
     375             : /**
     376             :  * tty_find_polling_driver      -       find device of a polled tty
     377             :  * @name: name string to match
     378             :  * @line: pointer to resulting tty line nr
     379             :  *
     380             :  * This routine returns a tty driver structure, given a name and the condition
     381             :  * that the tty driver is capable of polled operation.
     382             :  */
     383             : struct tty_driver *tty_find_polling_driver(char *name, int *line)
     384             : {
     385             :         struct tty_driver *p, *res = NULL;
     386             :         int tty_line = 0;
     387             :         int len;
     388             :         char *str, *stp;
     389             : 
     390             :         for (str = name; *str; str++)
     391             :                 if ((*str >= '0' && *str <= '9') || *str == ',')
     392             :                         break;
     393             :         if (!*str)
     394             :                 return NULL;
     395             : 
     396             :         len = str - name;
     397             :         tty_line = simple_strtoul(str, &str, 10);
     398             : 
     399             :         mutex_lock(&tty_mutex);
     400             :         /* Search through the tty devices to look for a match */
     401             :         list_for_each_entry(p, &tty_drivers, tty_drivers) {
     402             :                 if (!len || strncmp(name, p->name, len) != 0)
     403             :                         continue;
     404             :                 stp = str;
     405             :                 if (*stp == ',')
     406             :                         stp++;
     407             :                 if (*stp == '\0')
     408             :                         stp = NULL;
     409             : 
     410             :                 if (tty_line >= 0 && tty_line < p->num && p->ops &&
     411             :                     p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
     412             :                         res = tty_driver_kref_get(p);
     413             :                         *line = tty_line;
     414             :                         break;
     415             :                 }
     416             :         }
     417             :         mutex_unlock(&tty_mutex);
     418             : 
     419             :         return res;
     420             : }
     421             : EXPORT_SYMBOL_GPL(tty_find_polling_driver);
     422             : #endif
     423             : 
     424           0 : static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
     425             : {
     426           0 :         return 0;
     427             : }
     428             : 
     429           0 : static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
     430             : {
     431           0 :         return -EIO;
     432             : }
     433             : 
     434             : /* No kernel lock held - none needed ;) */
     435           0 : static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
     436             : {
     437           0 :         return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
     438             : }
     439             : 
     440           0 : static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
     441             :                 unsigned long arg)
     442             : {
     443           0 :         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
     444             : }
     445             : 
     446           0 : static long hung_up_tty_compat_ioctl(struct file *file,
     447             :                                      unsigned int cmd, unsigned long arg)
     448             : {
     449           0 :         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
     450             : }
     451             : 
     452           0 : static int hung_up_tty_fasync(int fd, struct file *file, int on)
     453             : {
     454           0 :         return -ENOTTY;
     455             : }
     456             : 
     457           0 : static void tty_show_fdinfo(struct seq_file *m, struct file *file)
     458             : {
     459           0 :         struct tty_struct *tty = file_tty(file);
     460             : 
     461           0 :         if (tty && tty->ops && tty->ops->show_fdinfo)
     462           0 :                 tty->ops->show_fdinfo(tty, m);
     463           0 : }
     464             : 
     465             : static const struct file_operations tty_fops = {
     466             :         .llseek         = no_llseek,
     467             :         .read_iter      = tty_read,
     468             :         .write_iter     = tty_write,
     469             :         .splice_read    = generic_file_splice_read,
     470             :         .splice_write   = iter_file_splice_write,
     471             :         .poll           = tty_poll,
     472             :         .unlocked_ioctl = tty_ioctl,
     473             :         .compat_ioctl   = tty_compat_ioctl,
     474             :         .open           = tty_open,
     475             :         .release        = tty_release,
     476             :         .fasync         = tty_fasync,
     477             :         .show_fdinfo    = tty_show_fdinfo,
     478             : };
     479             : 
     480             : static const struct file_operations console_fops = {
     481             :         .llseek         = no_llseek,
     482             :         .read_iter      = tty_read,
     483             :         .write_iter     = redirected_tty_write,
     484             :         .splice_read    = generic_file_splice_read,
     485             :         .splice_write   = iter_file_splice_write,
     486             :         .poll           = tty_poll,
     487             :         .unlocked_ioctl = tty_ioctl,
     488             :         .compat_ioctl   = tty_compat_ioctl,
     489             :         .open           = tty_open,
     490             :         .release        = tty_release,
     491             :         .fasync         = tty_fasync,
     492             : };
     493             : 
     494             : static const struct file_operations hung_up_tty_fops = {
     495             :         .llseek         = no_llseek,
     496             :         .read_iter      = hung_up_tty_read,
     497             :         .write_iter     = hung_up_tty_write,
     498             :         .poll           = hung_up_tty_poll,
     499             :         .unlocked_ioctl = hung_up_tty_ioctl,
     500             :         .compat_ioctl   = hung_up_tty_compat_ioctl,
     501             :         .release        = tty_release,
     502             :         .fasync         = hung_up_tty_fasync,
     503             : };
     504             : 
     505             : static DEFINE_SPINLOCK(redirect_lock);
     506             : static struct file *redirect;
     507             : 
     508             : /**
     509             :  * tty_wakeup   -       request more data
     510             :  * @tty: terminal
     511             :  *
     512             :  * Internal and external helper for wakeups of tty. This function informs the
     513             :  * line discipline if present that the driver is ready to receive more output
     514             :  * data.
     515             :  */
     516           0 : void tty_wakeup(struct tty_struct *tty)
     517             : {
     518             :         struct tty_ldisc *ld;
     519             : 
     520           0 :         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
     521           0 :                 ld = tty_ldisc_ref(tty);
     522           0 :                 if (ld) {
     523           0 :                         if (ld->ops->write_wakeup)
     524           0 :                                 ld->ops->write_wakeup(tty);
     525           0 :                         tty_ldisc_deref(ld);
     526             :                 }
     527             :         }
     528           0 :         wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
     529           0 : }
     530             : EXPORT_SYMBOL_GPL(tty_wakeup);
     531             : 
     532             : /**
     533             :  * tty_release_redirect -       Release a redirect on a pty if present
     534             :  * @tty: tty device
     535             :  *
     536             :  * This is available to the pty code so if the master closes, if the slave is a
     537             :  * redirect it can release the redirect.
     538             :  */
     539             : static struct file *tty_release_redirect(struct tty_struct *tty)
     540             : {
     541           0 :         struct file *f = NULL;
     542             : 
     543           0 :         spin_lock(&redirect_lock);
     544           0 :         if (redirect && file_tty(redirect) == tty) {
     545           0 :                 f = redirect;
     546           0 :                 redirect = NULL;
     547             :         }
     548           0 :         spin_unlock(&redirect_lock);
     549             : 
     550             :         return f;
     551             : }
     552             : 
     553             : /**
     554             :  * __tty_hangup         -       actual handler for hangup events
     555             :  * @tty: tty device
     556             :  * @exit_session: if non-zero, signal all foreground group processes
     557             :  *
     558             :  * This can be called by a "kworker" kernel thread. That is process synchronous
     559             :  * but doesn't hold any locks, so we need to make sure we have the appropriate
     560             :  * locks for what we're doing.
     561             :  *
     562             :  * The hangup event clears any pending redirections onto the hung up device. It
     563             :  * ensures future writes will error and it does the needed line discipline
     564             :  * hangup and signal delivery. The tty object itself remains intact.
     565             :  *
     566             :  * Locking:
     567             :  *  * BTM
     568             :  *
     569             :  *   * redirect lock for undoing redirection
     570             :  *   * file list lock for manipulating list of ttys
     571             :  *   * tty_ldiscs_lock from called functions
     572             :  *   * termios_rwsem resetting termios data
     573             :  *   * tasklist_lock to walk task list for hangup event
     574             :  *
     575             :  *    * ->siglock to protect ->signal/->sighand
     576             :  *
     577             :  */
     578           0 : static void __tty_hangup(struct tty_struct *tty, int exit_session)
     579             : {
     580           0 :         struct file *cons_filp = NULL;
     581             :         struct file *filp, *f;
     582             :         struct tty_file_private *priv;
     583           0 :         int    closecount = 0, n;
     584             :         int refs;
     585             : 
     586           0 :         if (!tty)
     587             :                 return;
     588             : 
     589           0 :         f = tty_release_redirect(tty);
     590             : 
     591           0 :         tty_lock(tty);
     592             : 
     593           0 :         if (test_bit(TTY_HUPPED, &tty->flags)) {
     594           0 :                 tty_unlock(tty);
     595           0 :                 return;
     596             :         }
     597             : 
     598             :         /*
     599             :          * Some console devices aren't actually hung up for technical and
     600             :          * historical reasons, which can lead to indefinite interruptible
     601             :          * sleep in n_tty_read().  The following explicitly tells
     602             :          * n_tty_read() to abort readers.
     603             :          */
     604           0 :         set_bit(TTY_HUPPING, &tty->flags);
     605             : 
     606             :         /* inuse_filps is protected by the single tty lock,
     607             :          * this really needs to change if we want to flush the
     608             :          * workqueue with the lock held.
     609             :          */
     610           0 :         check_tty_count(tty, "tty_hangup");
     611             : 
     612           0 :         spin_lock(&tty->files_lock);
     613             :         /* This breaks for file handles being sent over AF_UNIX sockets ? */
     614           0 :         list_for_each_entry(priv, &tty->tty_files, list) {
     615           0 :                 filp = priv->file;
     616           0 :                 if (filp->f_op->write_iter == redirected_tty_write)
     617           0 :                         cons_filp = filp;
     618           0 :                 if (filp->f_op->write_iter != tty_write)
     619           0 :                         continue;
     620           0 :                 closecount++;
     621           0 :                 __tty_fasync(-1, filp, 0);      /* can't block */
     622           0 :                 filp->f_op = &hung_up_tty_fops;
     623             :         }
     624           0 :         spin_unlock(&tty->files_lock);
     625             : 
     626           0 :         refs = tty_signal_session_leader(tty, exit_session);
     627             :         /* Account for the p->signal references we killed */
     628           0 :         while (refs--)
     629             :                 tty_kref_put(tty);
     630             : 
     631           0 :         tty_ldisc_hangup(tty, cons_filp != NULL);
     632             : 
     633           0 :         spin_lock_irq(&tty->ctrl.lock);
     634           0 :         clear_bit(TTY_THROTTLED, &tty->flags);
     635           0 :         clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
     636           0 :         put_pid(tty->ctrl.session);
     637           0 :         put_pid(tty->ctrl.pgrp);
     638           0 :         tty->ctrl.session = NULL;
     639           0 :         tty->ctrl.pgrp = NULL;
     640           0 :         tty->ctrl.pktstatus = 0;
     641           0 :         spin_unlock_irq(&tty->ctrl.lock);
     642             : 
     643             :         /*
     644             :          * If one of the devices matches a console pointer, we
     645             :          * cannot just call hangup() because that will cause
     646             :          * tty->count and state->count to go out of sync.
     647             :          * So we just call close() the right number of times.
     648             :          */
     649           0 :         if (cons_filp) {
     650           0 :                 if (tty->ops->close)
     651           0 :                         for (n = 0; n < closecount; n++)
     652           0 :                                 tty->ops->close(tty, cons_filp);
     653           0 :         } else if (tty->ops->hangup)
     654           0 :                 tty->ops->hangup(tty);
     655             :         /*
     656             :          * We don't want to have driver/ldisc interactions beyond the ones
     657             :          * we did here. The driver layer expects no calls after ->hangup()
     658             :          * from the ldisc side, which is now guaranteed.
     659             :          */
     660           0 :         set_bit(TTY_HUPPED, &tty->flags);
     661           0 :         clear_bit(TTY_HUPPING, &tty->flags);
     662           0 :         tty_unlock(tty);
     663             : 
     664           0 :         if (f)
     665           0 :                 fput(f);
     666             : }
     667             : 
     668           0 : static void do_tty_hangup(struct work_struct *work)
     669             : {
     670           0 :         struct tty_struct *tty =
     671           0 :                 container_of(work, struct tty_struct, hangup_work);
     672             : 
     673           0 :         __tty_hangup(tty, 0);
     674           0 : }
     675             : 
     676             : /**
     677             :  * tty_hangup           -       trigger a hangup event
     678             :  * @tty: tty to hangup
     679             :  *
     680             :  * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
     681             :  * hangup sequence to run after this event.
     682             :  */
     683           0 : void tty_hangup(struct tty_struct *tty)
     684             : {
     685             :         tty_debug_hangup(tty, "hangup\n");
     686           0 :         schedule_work(&tty->hangup_work);
     687           0 : }
     688             : EXPORT_SYMBOL(tty_hangup);
     689             : 
     690             : /**
     691             :  * tty_vhangup          -       process vhangup
     692             :  * @tty: tty to hangup
     693             :  *
     694             :  * The user has asked via system call for the terminal to be hung up. We do
     695             :  * this synchronously so that when the syscall returns the process is complete.
     696             :  * That guarantee is necessary for security reasons.
     697             :  */
     698           0 : void tty_vhangup(struct tty_struct *tty)
     699             : {
     700             :         tty_debug_hangup(tty, "vhangup\n");
     701           0 :         __tty_hangup(tty, 0);
     702           0 : }
     703             : EXPORT_SYMBOL(tty_vhangup);
     704             : 
     705             : 
     706             : /**
     707             :  * tty_vhangup_self     -       process vhangup for own ctty
     708             :  *
     709             :  * Perform a vhangup on the current controlling tty
     710             :  */
     711           0 : void tty_vhangup_self(void)
     712             : {
     713             :         struct tty_struct *tty;
     714             : 
     715           0 :         tty = get_current_tty();
     716           0 :         if (tty) {
     717           0 :                 tty_vhangup(tty);
     718             :                 tty_kref_put(tty);
     719             :         }
     720           0 : }
     721             : 
     722             : /**
     723             :  * tty_vhangup_session  -       hangup session leader exit
     724             :  * @tty: tty to hangup
     725             :  *
     726             :  * The session leader is exiting and hanging up its controlling terminal.
     727             :  * Every process in the foreground process group is signalled %SIGHUP.
     728             :  *
     729             :  * We do this synchronously so that when the syscall returns the process is
     730             :  * complete. That guarantee is necessary for security reasons.
     731             :  */
     732           0 : void tty_vhangup_session(struct tty_struct *tty)
     733             : {
     734             :         tty_debug_hangup(tty, "session hangup\n");
     735           0 :         __tty_hangup(tty, 1);
     736           0 : }
     737             : 
     738             : /**
     739             :  * tty_hung_up_p        -       was tty hung up
     740             :  * @filp: file pointer of tty
     741             :  *
     742             :  * Return: true if the tty has been subject to a vhangup or a carrier loss
     743             :  */
     744           0 : int tty_hung_up_p(struct file *filp)
     745             : {
     746           0 :         return (filp && filp->f_op == &hung_up_tty_fops);
     747             : }
     748             : EXPORT_SYMBOL(tty_hung_up_p);
     749             : 
     750           0 : void __stop_tty(struct tty_struct *tty)
     751             : {
     752           0 :         if (tty->flow.stopped)
     753             :                 return;
     754           0 :         tty->flow.stopped = true;
     755           0 :         if (tty->ops->stop)
     756           0 :                 tty->ops->stop(tty);
     757             : }
     758             : 
     759             : /**
     760             :  * stop_tty     -       propagate flow control
     761             :  * @tty: tty to stop
     762             :  *
     763             :  * Perform flow control to the driver. May be called on an already stopped
     764             :  * device and will not re-call the &tty_driver->stop() method.
     765             :  *
     766             :  * This functionality is used by both the line disciplines for halting incoming
     767             :  * flow and by the driver. It may therefore be called from any context, may be
     768             :  * under the tty %atomic_write_lock but not always.
     769             :  *
     770             :  * Locking:
     771             :  *      flow.lock
     772             :  */
     773           0 : void stop_tty(struct tty_struct *tty)
     774             : {
     775             :         unsigned long flags;
     776             : 
     777           0 :         spin_lock_irqsave(&tty->flow.lock, flags);
     778           0 :         __stop_tty(tty);
     779           0 :         spin_unlock_irqrestore(&tty->flow.lock, flags);
     780           0 : }
     781             : EXPORT_SYMBOL(stop_tty);
     782             : 
     783           0 : void __start_tty(struct tty_struct *tty)
     784             : {
     785           0 :         if (!tty->flow.stopped || tty->flow.tco_stopped)
     786             :                 return;
     787           0 :         tty->flow.stopped = false;
     788           0 :         if (tty->ops->start)
     789           0 :                 tty->ops->start(tty);
     790           0 :         tty_wakeup(tty);
     791             : }
     792             : 
     793             : /**
     794             :  * start_tty    -       propagate flow control
     795             :  * @tty: tty to start
     796             :  *
     797             :  * Start a tty that has been stopped if at all possible. If @tty was previously
     798             :  * stopped and is now being started, the &tty_driver->start() method is invoked
     799             :  * and the line discipline woken.
     800             :  *
     801             :  * Locking:
     802             :  *      flow.lock
     803             :  */
     804           0 : void start_tty(struct tty_struct *tty)
     805             : {
     806             :         unsigned long flags;
     807             : 
     808           0 :         spin_lock_irqsave(&tty->flow.lock, flags);
     809           0 :         __start_tty(tty);
     810           0 :         spin_unlock_irqrestore(&tty->flow.lock, flags);
     811           0 : }
     812             : EXPORT_SYMBOL(start_tty);
     813             : 
     814             : static void tty_update_time(struct timespec64 *time)
     815             : {
     816           0 :         time64_t sec = ktime_get_real_seconds();
     817             : 
     818             :         /*
     819             :          * We only care if the two values differ in anything other than the
     820             :          * lower three bits (i.e every 8 seconds).  If so, then we can update
     821             :          * the time of the tty device, otherwise it could be construded as a
     822             :          * security leak to let userspace know the exact timing of the tty.
     823             :          */
     824           0 :         if ((sec ^ time->tv_sec) & ~7)
     825           0 :                 time->tv_sec = sec;
     826             : }
     827             : 
     828             : /*
     829             :  * Iterate on the ldisc ->read() function until we've gotten all
     830             :  * the data the ldisc has for us.
     831             :  *
     832             :  * The "cookie" is something that the ldisc read function can fill
     833             :  * in to let us know that there is more data to be had.
     834             :  *
     835             :  * We promise to continue to call the ldisc until it stops returning
     836             :  * data or clears the cookie. The cookie may be something that the
     837             :  * ldisc maintains state for and needs to free.
     838             :  */
     839           0 : static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
     840             :                 struct file *file, struct iov_iter *to)
     841             : {
     842           0 :         int retval = 0;
     843           0 :         void *cookie = NULL;
     844           0 :         unsigned long offset = 0;
     845             :         char kernel_buf[64];
     846           0 :         size_t count = iov_iter_count(to);
     847             : 
     848             :         do {
     849             :                 int size, copied;
     850             : 
     851           0 :                 size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
     852           0 :                 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
     853           0 :                 if (!size)
     854             :                         break;
     855             : 
     856           0 :                 if (size < 0) {
     857             :                         /* Did we have an earlier error (ie -EFAULT)? */
     858           0 :                         if (retval)
     859             :                                 break;
     860           0 :                         retval = size;
     861             : 
     862             :                         /*
     863             :                          * -EOVERFLOW means we didn't have enough space
     864             :                          * for a whole packet, and we shouldn't return
     865             :                          * a partial result.
     866             :                          */
     867           0 :                         if (retval == -EOVERFLOW)
     868           0 :                                 offset = 0;
     869             :                         break;
     870             :                 }
     871             : 
     872           0 :                 copied = copy_to_iter(kernel_buf, size, to);
     873           0 :                 offset += copied;
     874           0 :                 count -= copied;
     875             : 
     876             :                 /*
     877             :                  * If the user copy failed, we still need to do another ->read()
     878             :                  * call if we had a cookie to let the ldisc clear up.
     879             :                  *
     880             :                  * But make sure size is zeroed.
     881             :                  */
     882           0 :                 if (unlikely(copied != size)) {
     883           0 :                         count = 0;
     884           0 :                         retval = -EFAULT;
     885             :                 }
     886           0 :         } while (cookie);
     887             : 
     888             :         /* We always clear tty buffer in case they contained passwords */
     889           0 :         memzero_explicit(kernel_buf, sizeof(kernel_buf));
     890           0 :         return offset ? offset : retval;
     891             : }
     892             : 
     893             : 
     894             : /**
     895             :  * tty_read     -       read method for tty device files
     896             :  * @iocb: kernel I/O control block
     897             :  * @to: destination for the data read
     898             :  *
     899             :  * Perform the read system call function on this terminal device. Checks
     900             :  * for hung up devices before calling the line discipline method.
     901             :  *
     902             :  * Locking:
     903             :  *      Locks the line discipline internally while needed. Multiple read calls
     904             :  *      may be outstanding in parallel.
     905             :  */
     906           0 : static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
     907             : {
     908             :         int i;
     909           0 :         struct file *file = iocb->ki_filp;
     910           0 :         struct inode *inode = file_inode(file);
     911           0 :         struct tty_struct *tty = file_tty(file);
     912             :         struct tty_ldisc *ld;
     913             : 
     914           0 :         if (tty_paranoia_check(tty, inode, "tty_read"))
     915             :                 return -EIO;
     916           0 :         if (!tty || tty_io_error(tty))
     917             :                 return -EIO;
     918             : 
     919             :         /* We want to wait for the line discipline to sort out in this
     920             :          * situation.
     921             :          */
     922           0 :         ld = tty_ldisc_ref_wait(tty);
     923           0 :         if (!ld)
     924             :                 return hung_up_tty_read(iocb, to);
     925           0 :         i = -EIO;
     926           0 :         if (ld->ops->read)
     927           0 :                 i = iterate_tty_read(ld, tty, file, to);
     928           0 :         tty_ldisc_deref(ld);
     929             : 
     930           0 :         if (i > 0)
     931           0 :                 tty_update_time(&inode->i_atime);
     932             : 
     933           0 :         return i;
     934             : }
     935             : 
     936           0 : static void tty_write_unlock(struct tty_struct *tty)
     937             : {
     938           0 :         mutex_unlock(&tty->atomic_write_lock);
     939           0 :         wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
     940           0 : }
     941             : 
     942           0 : static int tty_write_lock(struct tty_struct *tty, int ndelay)
     943             : {
     944           0 :         if (!mutex_trylock(&tty->atomic_write_lock)) {
     945           0 :                 if (ndelay)
     946             :                         return -EAGAIN;
     947           0 :                 if (mutex_lock_interruptible(&tty->atomic_write_lock))
     948             :                         return -ERESTARTSYS;
     949             :         }
     950             :         return 0;
     951             : }
     952             : 
     953             : /*
     954             :  * Split writes up in sane blocksizes to avoid
     955             :  * denial-of-service type attacks
     956             :  */
     957           0 : static inline ssize_t do_tty_write(
     958             :         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
     959             :         struct tty_struct *tty,
     960             :         struct file *file,
     961             :         struct iov_iter *from)
     962             : {
     963           0 :         size_t count = iov_iter_count(from);
     964           0 :         ssize_t ret, written = 0;
     965             :         unsigned int chunk;
     966             : 
     967           0 :         ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
     968           0 :         if (ret < 0)
     969             :                 return ret;
     970             : 
     971             :         /*
     972             :          * We chunk up writes into a temporary buffer. This
     973             :          * simplifies low-level drivers immensely, since they
     974             :          * don't have locking issues and user mode accesses.
     975             :          *
     976             :          * But if TTY_NO_WRITE_SPLIT is set, we should use a
     977             :          * big chunk-size..
     978             :          *
     979             :          * The default chunk-size is 2kB, because the NTTY
     980             :          * layer has problems with bigger chunks. It will
     981             :          * claim to be able to handle more characters than
     982             :          * it actually does.
     983             :          */
     984           0 :         chunk = 2048;
     985           0 :         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
     986           0 :                 chunk = 65536;
     987           0 :         if (count < chunk)
     988           0 :                 chunk = count;
     989             : 
     990             :         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
     991           0 :         if (tty->write_cnt < chunk) {
     992             :                 unsigned char *buf_chunk;
     993             : 
     994           0 :                 if (chunk < 1024)
     995           0 :                         chunk = 1024;
     996             : 
     997           0 :                 buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
     998           0 :                 if (!buf_chunk) {
     999             :                         ret = -ENOMEM;
    1000             :                         goto out;
    1001             :                 }
    1002           0 :                 kvfree(tty->write_buf);
    1003           0 :                 tty->write_cnt = chunk;
    1004           0 :                 tty->write_buf = buf_chunk;
    1005             :         }
    1006             : 
    1007             :         /* Do the write .. */
    1008           0 :         for (;;) {
    1009           0 :                 size_t size = count;
    1010             : 
    1011           0 :                 if (size > chunk)
    1012           0 :                         size = chunk;
    1013             : 
    1014           0 :                 ret = -EFAULT;
    1015           0 :                 if (copy_from_iter(tty->write_buf, size, from) != size)
    1016             :                         break;
    1017             : 
    1018           0 :                 ret = write(tty, file, tty->write_buf, size);
    1019           0 :                 if (ret <= 0)
    1020             :                         break;
    1021             : 
    1022           0 :                 written += ret;
    1023           0 :                 if (ret > size)
    1024             :                         break;
    1025             : 
    1026             :                 /* FIXME! Have Al check this! */
    1027           0 :                 if (ret != size)
    1028           0 :                         iov_iter_revert(from, size-ret);
    1029             : 
    1030           0 :                 count -= ret;
    1031           0 :                 if (!count)
    1032             :                         break;
    1033           0 :                 ret = -ERESTARTSYS;
    1034           0 :                 if (signal_pending(current))
    1035             :                         break;
    1036           0 :                 cond_resched();
    1037             :         }
    1038           0 :         if (written) {
    1039           0 :                 tty_update_time(&file_inode(file)->i_mtime);
    1040             :                 ret = written;
    1041             :         }
    1042             : out:
    1043           0 :         tty_write_unlock(tty);
    1044           0 :         return ret;
    1045             : }
    1046             : 
    1047             : /**
    1048             :  * tty_write_message - write a message to a certain tty, not just the console.
    1049             :  * @tty: the destination tty_struct
    1050             :  * @msg: the message to write
    1051             :  *
    1052             :  * This is used for messages that need to be redirected to a specific tty. We
    1053             :  * don't put it into the syslog queue right now maybe in the future if really
    1054             :  * needed.
    1055             :  *
    1056             :  * We must still hold the BTM and test the CLOSING flag for the moment.
    1057             :  */
    1058           0 : void tty_write_message(struct tty_struct *tty, char *msg)
    1059             : {
    1060           0 :         if (tty) {
    1061           0 :                 mutex_lock(&tty->atomic_write_lock);
    1062           0 :                 tty_lock(tty);
    1063           0 :                 if (tty->ops->write && tty->count > 0)
    1064           0 :                         tty->ops->write(tty, msg, strlen(msg));
    1065           0 :                 tty_unlock(tty);
    1066           0 :                 tty_write_unlock(tty);
    1067             :         }
    1068           0 : }
    1069             : 
    1070           0 : static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
    1071             : {
    1072           0 :         struct tty_struct *tty = file_tty(file);
    1073             :         struct tty_ldisc *ld;
    1074             :         ssize_t ret;
    1075             : 
    1076           0 :         if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
    1077             :                 return -EIO;
    1078           0 :         if (!tty || !tty->ops->write ||   tty_io_error(tty))
    1079             :                 return -EIO;
    1080             :         /* Short term debug to catch buggy drivers */
    1081           0 :         if (tty->ops->write_room == NULL)
    1082           0 :                 tty_err(tty, "missing write_room method\n");
    1083           0 :         ld = tty_ldisc_ref_wait(tty);
    1084           0 :         if (!ld)
    1085             :                 return hung_up_tty_write(iocb, from);
    1086           0 :         if (!ld->ops->write)
    1087             :                 ret = -EIO;
    1088             :         else
    1089           0 :                 ret = do_tty_write(ld->ops->write, tty, file, from);
    1090           0 :         tty_ldisc_deref(ld);
    1091             :         return ret;
    1092             : }
    1093             : 
    1094             : /**
    1095             :  * tty_write            -       write method for tty device file
    1096             :  * @iocb: kernel I/O control block
    1097             :  * @from: iov_iter with data to write
    1098             :  *
    1099             :  * Write data to a tty device via the line discipline.
    1100             :  *
    1101             :  * Locking:
    1102             :  *      Locks the line discipline as required
    1103             :  *      Writes to the tty driver are serialized by the atomic_write_lock
    1104             :  *      and are then processed in chunks to the device. The line
    1105             :  *      discipline write method will not be invoked in parallel for
    1106             :  *      each device.
    1107             :  */
    1108           0 : static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
    1109             : {
    1110           0 :         return file_tty_write(iocb->ki_filp, iocb, from);
    1111             : }
    1112             : 
    1113           0 : ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
    1114             : {
    1115           0 :         struct file *p = NULL;
    1116             : 
    1117           0 :         spin_lock(&redirect_lock);
    1118           0 :         if (redirect)
    1119           0 :                 p = get_file(redirect);
    1120           0 :         spin_unlock(&redirect_lock);
    1121             : 
    1122             :         /*
    1123             :          * We know the redirected tty is just another tty, we can
    1124             :          * call file_tty_write() directly with that file pointer.
    1125             :          */
    1126           0 :         if (p) {
    1127             :                 ssize_t res;
    1128             : 
    1129           0 :                 res = file_tty_write(p, iocb, iter);
    1130           0 :                 fput(p);
    1131           0 :                 return res;
    1132             :         }
    1133           0 :         return tty_write(iocb, iter);
    1134             : }
    1135             : 
    1136             : /**
    1137             :  * tty_send_xchar       -       send priority character
    1138             :  * @tty: the tty to send to
    1139             :  * @ch: xchar to send
    1140             :  *
    1141             :  * Send a high priority character to the tty even if stopped.
    1142             :  *
    1143             :  * Locking: none for xchar method, write ordering for write method.
    1144             :  */
    1145           0 : int tty_send_xchar(struct tty_struct *tty, char ch)
    1146             : {
    1147           0 :         bool was_stopped = tty->flow.stopped;
    1148             : 
    1149           0 :         if (tty->ops->send_xchar) {
    1150           0 :                 down_read(&tty->termios_rwsem);
    1151           0 :                 tty->ops->send_xchar(tty, ch);
    1152           0 :                 up_read(&tty->termios_rwsem);
    1153           0 :                 return 0;
    1154             :         }
    1155             : 
    1156           0 :         if (tty_write_lock(tty, 0) < 0)
    1157             :                 return -ERESTARTSYS;
    1158             : 
    1159           0 :         down_read(&tty->termios_rwsem);
    1160           0 :         if (was_stopped)
    1161           0 :                 start_tty(tty);
    1162           0 :         tty->ops->write(tty, &ch, 1);
    1163           0 :         if (was_stopped)
    1164           0 :                 stop_tty(tty);
    1165           0 :         up_read(&tty->termios_rwsem);
    1166           0 :         tty_write_unlock(tty);
    1167           0 :         return 0;
    1168             : }
    1169             : 
    1170             : /**
    1171             :  * pty_line_name        -       generate name for a pty
    1172             :  * @driver: the tty driver in use
    1173             :  * @index: the minor number
    1174             :  * @p: output buffer of at least 6 bytes
    1175             :  *
    1176             :  * Generate a name from a @driver reference and write it to the output buffer
    1177             :  * @p.
    1178             :  *
    1179             :  * Locking: None
    1180             :  */
    1181             : static void pty_line_name(struct tty_driver *driver, int index, char *p)
    1182             : {
    1183             :         static const char ptychar[] = "pqrstuvwxyzabcde";
    1184         512 :         int i = index + driver->name_base;
    1185             :         /* ->name is initialized to "ttyp", but "tty" is expected */
    1186        1024 :         sprintf(p, "%s%c%x",
    1187             :                 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
    1188         512 :                 ptychar[i >> 4 & 0xf], i & 0xf);
    1189             : }
    1190             : 
    1191             : /**
    1192             :  * tty_line_name        -       generate name for a tty
    1193             :  * @driver: the tty driver in use
    1194             :  * @index: the minor number
    1195             :  * @p: output buffer of at least 7 bytes
    1196             :  *
    1197             :  * Generate a name from a @driver reference and write it to the output buffer
    1198             :  * @p.
    1199             :  *
    1200             :  * Locking: None
    1201             :  */
    1202           1 : static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
    1203             : {
    1204           1 :         if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
    1205           0 :                 return sprintf(p, "%s", driver->name);
    1206             :         else
    1207           1 :                 return sprintf(p, "%s%d", driver->name,
    1208           1 :                                index + driver->name_base);
    1209             : }
    1210             : 
    1211             : /**
    1212             :  * tty_driver_lookup_tty() - find an existing tty, if any
    1213             :  * @driver: the driver for the tty
    1214             :  * @file: file object
    1215             :  * @idx: the minor number
    1216             :  *
    1217             :  * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
    1218             :  * driver lookup() method returns an error.
    1219             :  *
    1220             :  * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
    1221             :  */
    1222           0 : static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
    1223             :                 struct file *file, int idx)
    1224             : {
    1225             :         struct tty_struct *tty;
    1226             : 
    1227           0 :         if (driver->ops->lookup) {
    1228           0 :                 if (!file)
    1229             :                         tty = ERR_PTR(-EIO);
    1230             :                 else
    1231           0 :                         tty = driver->ops->lookup(driver, file, idx);
    1232             :         } else {
    1233           0 :                 if (idx >= driver->num)
    1234             :                         return ERR_PTR(-EINVAL);
    1235           0 :                 tty = driver->ttys[idx];
    1236             :         }
    1237           0 :         if (!IS_ERR(tty))
    1238             :                 tty_kref_get(tty);
    1239             :         return tty;
    1240             : }
    1241             : 
    1242             : /**
    1243             :  * tty_init_termios     -  helper for termios setup
    1244             :  * @tty: the tty to set up
    1245             :  *
    1246             :  * Initialise the termios structure for this tty. This runs under the
    1247             :  * %tty_mutex currently so we can be relaxed about ordering.
    1248             :  */
    1249           0 : void tty_init_termios(struct tty_struct *tty)
    1250             : {
    1251             :         struct ktermios *tp;
    1252           0 :         int idx = tty->index;
    1253             : 
    1254           0 :         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
    1255           0 :                 tty->termios = tty->driver->init_termios;
    1256             :         else {
    1257             :                 /* Check for lazy saved data */
    1258           0 :                 tp = tty->driver->termios[idx];
    1259           0 :                 if (tp != NULL) {
    1260           0 :                         tty->termios = *tp;
    1261           0 :                         tty->termios.c_line  = tty->driver->init_termios.c_line;
    1262             :                 } else
    1263           0 :                         tty->termios = tty->driver->init_termios;
    1264             :         }
    1265             :         /* Compatibility until drivers always set this */
    1266           0 :         tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
    1267           0 :         tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
    1268           0 : }
    1269             : EXPORT_SYMBOL_GPL(tty_init_termios);
    1270             : 
    1271             : /**
    1272             :  * tty_standard_install - usual tty->ops->install
    1273             :  * @driver: the driver for the tty
    1274             :  * @tty: the tty
    1275             :  *
    1276             :  * If the @driver overrides @tty->ops->install, it still can call this function
    1277             :  * to perform the standard install operations.
    1278             :  */
    1279           0 : int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
    1280             : {
    1281           0 :         tty_init_termios(tty);
    1282           0 :         tty_driver_kref_get(driver);
    1283           0 :         tty->count++;
    1284           0 :         driver->ttys[tty->index] = tty;
    1285           0 :         return 0;
    1286             : }
    1287             : EXPORT_SYMBOL_GPL(tty_standard_install);
    1288             : 
    1289             : /**
    1290             :  * tty_driver_install_tty() - install a tty entry in the driver
    1291             :  * @driver: the driver for the tty
    1292             :  * @tty: the tty
    1293             :  *
    1294             :  * Install a tty object into the driver tables. The @tty->index field will be
    1295             :  * set by the time this is called. This method is responsible for ensuring any
    1296             :  * need additional structures are allocated and configured.
    1297             :  *
    1298             :  * Locking: tty_mutex for now
    1299             :  */
    1300           0 : static int tty_driver_install_tty(struct tty_driver *driver,
    1301             :                                                 struct tty_struct *tty)
    1302             : {
    1303           0 :         return driver->ops->install ? driver->ops->install(driver, tty) :
    1304             :                 tty_standard_install(driver, tty);
    1305             : }
    1306             : 
    1307             : /**
    1308             :  * tty_driver_remove_tty() - remove a tty from the driver tables
    1309             :  * @driver: the driver for the tty
    1310             :  * @tty: tty to remove
    1311             :  *
    1312             :  * Remove a tty object from the driver tables. The tty->index field will be set
    1313             :  * by the time this is called.
    1314             :  *
    1315             :  * Locking: tty_mutex for now
    1316             :  */
    1317             : static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
    1318             : {
    1319           0 :         if (driver->ops->remove)
    1320           0 :                 driver->ops->remove(driver, tty);
    1321             :         else
    1322           0 :                 driver->ttys[tty->index] = NULL;
    1323             : }
    1324             : 
    1325             : /**
    1326             :  * tty_reopen() - fast re-open of an open tty
    1327             :  * @tty: the tty to open
    1328             :  *
    1329             :  * Re-opens on master ptys are not allowed and return -%EIO.
    1330             :  *
    1331             :  * Locking: Caller must hold tty_lock
    1332             :  * Return: 0 on success, -errno on error.
    1333             :  */
    1334           0 : static int tty_reopen(struct tty_struct *tty)
    1335             : {
    1336           0 :         struct tty_driver *driver = tty->driver;
    1337             :         struct tty_ldisc *ld;
    1338           0 :         int retval = 0;
    1339             : 
    1340           0 :         if (driver->type == TTY_DRIVER_TYPE_PTY &&
    1341             :             driver->subtype == PTY_TYPE_MASTER)
    1342             :                 return -EIO;
    1343             : 
    1344           0 :         if (!tty->count)
    1345             :                 return -EAGAIN;
    1346             : 
    1347           0 :         if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
    1348             :                 return -EBUSY;
    1349             : 
    1350           0 :         ld = tty_ldisc_ref_wait(tty);
    1351           0 :         if (ld) {
    1352           0 :                 tty_ldisc_deref(ld);
    1353             :         } else {
    1354           0 :                 retval = tty_ldisc_lock(tty, 5 * HZ);
    1355           0 :                 if (retval)
    1356             :                         return retval;
    1357             : 
    1358           0 :                 if (!tty->ldisc)
    1359           0 :                         retval = tty_ldisc_reinit(tty, tty->termios.c_line);
    1360           0 :                 tty_ldisc_unlock(tty);
    1361             :         }
    1362             : 
    1363           0 :         if (retval == 0)
    1364           0 :                 tty->count++;
    1365             : 
    1366             :         return retval;
    1367             : }
    1368             : 
    1369             : /**
    1370             :  * tty_init_dev         -       initialise a tty device
    1371             :  * @driver: tty driver we are opening a device on
    1372             :  * @idx: device index
    1373             :  *
    1374             :  * Prepare a tty device. This may not be a "new" clean device but could also be
    1375             :  * an active device. The pty drivers require special handling because of this.
    1376             :  *
    1377             :  * Locking:
    1378             :  *      The function is called under the tty_mutex, which protects us from the
    1379             :  *      tty struct or driver itself going away.
    1380             :  *
    1381             :  * On exit the tty device has the line discipline attached and a reference
    1382             :  * count of 1. If a pair was created for pty/tty use and the other was a pty
    1383             :  * master then it too has a reference count of 1.
    1384             :  *
    1385             :  * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
    1386             :  * open. The new code protects the open with a mutex, so it's really quite
    1387             :  * straightforward. The mutex locking can probably be relaxed for the (most
    1388             :  * common) case of reopening a tty.
    1389             :  *
    1390             :  * Return: new tty structure
    1391             :  */
    1392           0 : struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
    1393             : {
    1394             :         struct tty_struct *tty;
    1395             :         int retval;
    1396             : 
    1397             :         /*
    1398             :          * First time open is complex, especially for PTY devices.
    1399             :          * This code guarantees that either everything succeeds and the
    1400             :          * TTY is ready for operation, or else the table slots are vacated
    1401             :          * and the allocated memory released.  (Except that the termios
    1402             :          * may be retained.)
    1403             :          */
    1404             : 
    1405           0 :         if (!try_module_get(driver->owner))
    1406             :                 return ERR_PTR(-ENODEV);
    1407             : 
    1408           0 :         tty = alloc_tty_struct(driver, idx);
    1409           0 :         if (!tty) {
    1410             :                 retval = -ENOMEM;
    1411             :                 goto err_module_put;
    1412             :         }
    1413             : 
    1414           0 :         tty_lock(tty);
    1415           0 :         retval = tty_driver_install_tty(driver, tty);
    1416           0 :         if (retval < 0)
    1417             :                 goto err_free_tty;
    1418             : 
    1419           0 :         if (!tty->port)
    1420           0 :                 tty->port = driver->ports[idx];
    1421             : 
    1422           0 :         if (WARN_RATELIMIT(!tty->port,
    1423             :                         "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
    1424             :                         __func__, tty->driver->name)) {
    1425             :                 retval = -EINVAL;
    1426             :                 goto err_release_lock;
    1427             :         }
    1428             : 
    1429           0 :         retval = tty_ldisc_lock(tty, 5 * HZ);
    1430           0 :         if (retval)
    1431             :                 goto err_release_lock;
    1432           0 :         tty->port->itty = tty;
    1433             : 
    1434             :         /*
    1435             :          * Structures all installed ... call the ldisc open routines.
    1436             :          * If we fail here just call release_tty to clean up.  No need
    1437             :          * to decrement the use counts, as release_tty doesn't care.
    1438             :          */
    1439           0 :         retval = tty_ldisc_setup(tty, tty->link);
    1440           0 :         if (retval)
    1441             :                 goto err_release_tty;
    1442           0 :         tty_ldisc_unlock(tty);
    1443             :         /* Return the tty locked so that it cannot vanish under the caller */
    1444           0 :         return tty;
    1445             : 
    1446             : err_free_tty:
    1447           0 :         tty_unlock(tty);
    1448           0 :         free_tty_struct(tty);
    1449             : err_module_put:
    1450           0 :         module_put(driver->owner);
    1451           0 :         return ERR_PTR(retval);
    1452             : 
    1453             :         /* call the tty release_tty routine to clean out this slot */
    1454             : err_release_tty:
    1455           0 :         tty_ldisc_unlock(tty);
    1456           0 :         tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
    1457             :                              retval, idx);
    1458             : err_release_lock:
    1459           0 :         tty_unlock(tty);
    1460           0 :         release_tty(tty, idx);
    1461           0 :         return ERR_PTR(retval);
    1462             : }
    1463             : 
    1464             : /**
    1465             :  * tty_save_termios() - save tty termios data in driver table
    1466             :  * @tty: tty whose termios data to save
    1467             :  *
    1468             :  * Locking: Caller guarantees serialisation with tty_init_termios().
    1469             :  */
    1470           0 : void tty_save_termios(struct tty_struct *tty)
    1471             : {
    1472             :         struct ktermios *tp;
    1473           0 :         int idx = tty->index;
    1474             : 
    1475             :         /* If the port is going to reset then it has no termios to save */
    1476           0 :         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
    1477             :                 return;
    1478             : 
    1479             :         /* Stash the termios data */
    1480           0 :         tp = tty->driver->termios[idx];
    1481           0 :         if (tp == NULL) {
    1482           0 :                 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
    1483           0 :                 if (tp == NULL)
    1484             :                         return;
    1485           0 :                 tty->driver->termios[idx] = tp;
    1486             :         }
    1487           0 :         *tp = tty->termios;
    1488             : }
    1489             : EXPORT_SYMBOL_GPL(tty_save_termios);
    1490             : 
    1491             : /**
    1492             :  * tty_flush_works      -       flush all works of a tty/pty pair
    1493             :  * @tty: tty device to flush works for (or either end of a pty pair)
    1494             :  *
    1495             :  * Sync flush all works belonging to @tty (and the 'other' tty).
    1496             :  */
    1497           0 : static void tty_flush_works(struct tty_struct *tty)
    1498             : {
    1499           0 :         flush_work(&tty->SAK_work);
    1500           0 :         flush_work(&tty->hangup_work);
    1501           0 :         if (tty->link) {
    1502           0 :                 flush_work(&tty->link->SAK_work);
    1503           0 :                 flush_work(&tty->link->hangup_work);
    1504             :         }
    1505           0 : }
    1506             : 
    1507             : /**
    1508             :  * release_one_tty      -       release tty structure memory
    1509             :  * @work: work of tty we are obliterating
    1510             :  *
    1511             :  * Releases memory associated with a tty structure, and clears out the
    1512             :  * driver table slots. This function is called when a device is no longer
    1513             :  * in use. It also gets called when setup of a device fails.
    1514             :  *
    1515             :  * Locking:
    1516             :  *      takes the file list lock internally when working on the list of ttys
    1517             :  *      that the driver keeps.
    1518             :  *
    1519             :  * This method gets called from a work queue so that the driver private
    1520             :  * cleanup ops can sleep (needed for USB at least)
    1521             :  */
    1522           0 : static void release_one_tty(struct work_struct *work)
    1523             : {
    1524           0 :         struct tty_struct *tty =
    1525           0 :                 container_of(work, struct tty_struct, hangup_work);
    1526           0 :         struct tty_driver *driver = tty->driver;
    1527           0 :         struct module *owner = driver->owner;
    1528             : 
    1529           0 :         if (tty->ops->cleanup)
    1530           0 :                 tty->ops->cleanup(tty);
    1531             : 
    1532           0 :         tty_driver_kref_put(driver);
    1533           0 :         module_put(owner);
    1534             : 
    1535           0 :         spin_lock(&tty->files_lock);
    1536           0 :         list_del_init(&tty->tty_files);
    1537           0 :         spin_unlock(&tty->files_lock);
    1538             : 
    1539           0 :         put_pid(tty->ctrl.pgrp);
    1540           0 :         put_pid(tty->ctrl.session);
    1541           0 :         free_tty_struct(tty);
    1542           0 : }
    1543             : 
    1544           0 : static void queue_release_one_tty(struct kref *kref)
    1545             : {
    1546           0 :         struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
    1547             : 
    1548             :         /* The hangup queue is now free so we can reuse it rather than
    1549             :          *  waste a chunk of memory for each port.
    1550             :          */
    1551           0 :         INIT_WORK(&tty->hangup_work, release_one_tty);
    1552           0 :         schedule_work(&tty->hangup_work);
    1553           0 : }
    1554             : 
    1555             : /**
    1556             :  * tty_kref_put         -       release a tty kref
    1557             :  * @tty: tty device
    1558             :  *
    1559             :  * Release a reference to the @tty device and if need be let the kref layer
    1560             :  * destruct the object for us.
    1561             :  */
    1562         333 : void tty_kref_put(struct tty_struct *tty)
    1563             : {
    1564         333 :         if (tty)
    1565           0 :                 kref_put(&tty->kref, queue_release_one_tty);
    1566         333 : }
    1567             : EXPORT_SYMBOL(tty_kref_put);
    1568             : 
    1569             : /**
    1570             :  * release_tty          -       release tty structure memory
    1571             :  * @tty: tty device release
    1572             :  * @idx: index of the tty device release
    1573             :  *
    1574             :  * Release both @tty and a possible linked partner (think pty pair),
    1575             :  * and decrement the refcount of the backing module.
    1576             :  *
    1577             :  * Locking:
    1578             :  *      tty_mutex
    1579             :  *      takes the file list lock internally when working on the list of ttys
    1580             :  *      that the driver keeps.
    1581             :  */
    1582           0 : static void release_tty(struct tty_struct *tty, int idx)
    1583             : {
    1584             :         /* This should always be true but check for the moment */
    1585           0 :         WARN_ON(tty->index != idx);
    1586           0 :         WARN_ON(!mutex_is_locked(&tty_mutex));
    1587           0 :         if (tty->ops->shutdown)
    1588           0 :                 tty->ops->shutdown(tty);
    1589           0 :         tty_save_termios(tty);
    1590           0 :         tty_driver_remove_tty(tty->driver, tty);
    1591           0 :         if (tty->port)
    1592           0 :                 tty->port->itty = NULL;
    1593           0 :         if (tty->link)
    1594           0 :                 tty->link->port->itty = NULL;
    1595           0 :         if (tty->port)
    1596           0 :                 tty_buffer_cancel_work(tty->port);
    1597           0 :         if (tty->link)
    1598           0 :                 tty_buffer_cancel_work(tty->link->port);
    1599             : 
    1600           0 :         tty_kref_put(tty->link);
    1601           0 :         tty_kref_put(tty);
    1602           0 : }
    1603             : 
    1604             : /**
    1605             :  * tty_release_checks - check a tty before real release
    1606             :  * @tty: tty to check
    1607             :  * @idx: index of the tty
    1608             :  *
    1609             :  * Performs some paranoid checking before true release of the @tty. This is a
    1610             :  * no-op unless %TTY_PARANOIA_CHECK is defined.
    1611             :  */
    1612           0 : static int tty_release_checks(struct tty_struct *tty, int idx)
    1613             : {
    1614             : #ifdef TTY_PARANOIA_CHECK
    1615           0 :         if (idx < 0 || idx >= tty->driver->num) {
    1616             :                 tty_debug(tty, "bad idx %d\n", idx);
    1617             :                 return -1;
    1618             :         }
    1619             : 
    1620             :         /* not much to check for devpts */
    1621           0 :         if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
    1622             :                 return 0;
    1623             : 
    1624           0 :         if (tty != tty->driver->ttys[idx]) {
    1625             :                 tty_debug(tty, "bad driver table[%d] = %p\n",
    1626             :                           idx, tty->driver->ttys[idx]);
    1627             :                 return -1;
    1628             :         }
    1629           0 :         if (tty->driver->other) {
    1630           0 :                 struct tty_struct *o_tty = tty->link;
    1631             : 
    1632           0 :                 if (o_tty != tty->driver->other->ttys[idx]) {
    1633             :                         tty_debug(tty, "bad other table[%d] = %p\n",
    1634             :                                   idx, tty->driver->other->ttys[idx]);
    1635             :                         return -1;
    1636             :                 }
    1637           0 :                 if (o_tty->link != tty) {
    1638             :                         tty_debug(tty, "bad link = %p\n", o_tty->link);
    1639             :                         return -1;
    1640             :                 }
    1641             :         }
    1642             : #endif
    1643           0 :         return 0;
    1644             : }
    1645             : 
    1646             : /**
    1647             :  * tty_kclose      -       closes tty opened by tty_kopen
    1648             :  * @tty: tty device
    1649             :  *
    1650             :  * Performs the final steps to release and free a tty device. It is the same as
    1651             :  * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
    1652             :  * @tty->port.
    1653             :  */
    1654           0 : void tty_kclose(struct tty_struct *tty)
    1655             : {
    1656             :         /*
    1657             :          * Ask the line discipline code to release its structures
    1658             :          */
    1659           0 :         tty_ldisc_release(tty);
    1660             : 
    1661             :         /* Wait for pending work before tty destruction commences */
    1662           0 :         tty_flush_works(tty);
    1663             : 
    1664             :         tty_debug_hangup(tty, "freeing structure\n");
    1665             :         /*
    1666             :          * The release_tty function takes care of the details of clearing
    1667             :          * the slots and preserving the termios structure.
    1668             :          */
    1669           0 :         mutex_lock(&tty_mutex);
    1670           0 :         tty_port_set_kopened(tty->port, 0);
    1671           0 :         release_tty(tty, tty->index);
    1672           0 :         mutex_unlock(&tty_mutex);
    1673           0 : }
    1674             : EXPORT_SYMBOL_GPL(tty_kclose);
    1675             : 
    1676             : /**
    1677             :  * tty_release_struct   -       release a tty struct
    1678             :  * @tty: tty device
    1679             :  * @idx: index of the tty
    1680             :  *
    1681             :  * Performs the final steps to release and free a tty device. It is roughly the
    1682             :  * reverse of tty_init_dev().
    1683             :  */
    1684           0 : void tty_release_struct(struct tty_struct *tty, int idx)
    1685             : {
    1686             :         /*
    1687             :          * Ask the line discipline code to release its structures
    1688             :          */
    1689           0 :         tty_ldisc_release(tty);
    1690             : 
    1691             :         /* Wait for pending work before tty destruction commmences */
    1692           0 :         tty_flush_works(tty);
    1693             : 
    1694             :         tty_debug_hangup(tty, "freeing structure\n");
    1695             :         /*
    1696             :          * The release_tty function takes care of the details of clearing
    1697             :          * the slots and preserving the termios structure.
    1698             :          */
    1699           0 :         mutex_lock(&tty_mutex);
    1700           0 :         release_tty(tty, idx);
    1701           0 :         mutex_unlock(&tty_mutex);
    1702           0 : }
    1703             : EXPORT_SYMBOL_GPL(tty_release_struct);
    1704             : 
    1705             : /**
    1706             :  * tty_release          -       vfs callback for close
    1707             :  * @inode: inode of tty
    1708             :  * @filp: file pointer for handle to tty
    1709             :  *
    1710             :  * Called the last time each file handle is closed that references this tty.
    1711             :  * There may however be several such references.
    1712             :  *
    1713             :  * Locking:
    1714             :  *      Takes BKL. See tty_release_dev().
    1715             :  *
    1716             :  * Even releasing the tty structures is a tricky business. We have to be very
    1717             :  * careful that the structures are all released at the same time, as interrupts
    1718             :  * might otherwise get the wrong pointers.
    1719             :  *
    1720             :  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
    1721             :  * lead to double frees or releasing memory still in use.
    1722             :  */
    1723           0 : int tty_release(struct inode *inode, struct file *filp)
    1724             : {
    1725           0 :         struct tty_struct *tty = file_tty(filp);
    1726           0 :         struct tty_struct *o_tty = NULL;
    1727             :         int     do_sleep, final;
    1728             :         int     idx;
    1729           0 :         long    timeout = 0;
    1730           0 :         int     once = 1;
    1731             : 
    1732           0 :         if (tty_paranoia_check(tty, inode, __func__))
    1733             :                 return 0;
    1734             : 
    1735           0 :         tty_lock(tty);
    1736           0 :         check_tty_count(tty, __func__);
    1737             : 
    1738           0 :         __tty_fasync(-1, filp, 0);
    1739             : 
    1740           0 :         idx = tty->index;
    1741           0 :         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
    1742             :             tty->driver->subtype == PTY_TYPE_MASTER)
    1743           0 :                 o_tty = tty->link;
    1744             : 
    1745           0 :         if (tty_release_checks(tty, idx)) {
    1746           0 :                 tty_unlock(tty);
    1747           0 :                 return 0;
    1748             :         }
    1749             : 
    1750             :         tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
    1751             : 
    1752           0 :         if (tty->ops->close)
    1753           0 :                 tty->ops->close(tty, filp);
    1754             : 
    1755             :         /* If tty is pty master, lock the slave pty (stable lock order) */
    1756           0 :         tty_lock_slave(o_tty);
    1757             : 
    1758             :         /*
    1759             :          * Sanity check: if tty->count is going to zero, there shouldn't be
    1760             :          * any waiters on tty->read_wait or tty->write_wait.  We test the
    1761             :          * wait queues and kick everyone out _before_ actually starting to
    1762             :          * close.  This ensures that we won't block while releasing the tty
    1763             :          * structure.
    1764             :          *
    1765             :          * The test for the o_tty closing is necessary, since the master and
    1766             :          * slave sides may close in any order.  If the slave side closes out
    1767             :          * first, its count will be one, since the master side holds an open.
    1768             :          * Thus this test wouldn't be triggered at the time the slave closed,
    1769             :          * so we do it now.
    1770             :          */
    1771             :         while (1) {
    1772           0 :                 do_sleep = 0;
    1773             : 
    1774           0 :                 if (tty->count <= 1) {
    1775           0 :                         if (waitqueue_active(&tty->read_wait)) {
    1776           0 :                                 wake_up_poll(&tty->read_wait, EPOLLIN);
    1777           0 :                                 do_sleep++;
    1778             :                         }
    1779           0 :                         if (waitqueue_active(&tty->write_wait)) {
    1780           0 :                                 wake_up_poll(&tty->write_wait, EPOLLOUT);
    1781           0 :                                 do_sleep++;
    1782             :                         }
    1783             :                 }
    1784           0 :                 if (o_tty && o_tty->count <= 1) {
    1785           0 :                         if (waitqueue_active(&o_tty->read_wait)) {
    1786           0 :                                 wake_up_poll(&o_tty->read_wait, EPOLLIN);
    1787           0 :                                 do_sleep++;
    1788             :                         }
    1789           0 :                         if (waitqueue_active(&o_tty->write_wait)) {
    1790           0 :                                 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
    1791           0 :                                 do_sleep++;
    1792             :                         }
    1793             :                 }
    1794           0 :                 if (!do_sleep)
    1795             :                         break;
    1796             : 
    1797           0 :                 if (once) {
    1798           0 :                         once = 0;
    1799           0 :                         tty_warn(tty, "read/write wait queue active!\n");
    1800             :                 }
    1801           0 :                 schedule_timeout_killable(timeout);
    1802           0 :                 if (timeout < 120 * HZ)
    1803           0 :                         timeout = 2 * timeout + 1;
    1804             :                 else
    1805             :                         timeout = MAX_SCHEDULE_TIMEOUT;
    1806             :         }
    1807             : 
    1808           0 :         if (o_tty) {
    1809           0 :                 if (--o_tty->count < 0) {
    1810           0 :                         tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
    1811           0 :                         o_tty->count = 0;
    1812             :                 }
    1813             :         }
    1814           0 :         if (--tty->count < 0) {
    1815           0 :                 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
    1816           0 :                 tty->count = 0;
    1817             :         }
    1818             : 
    1819             :         /*
    1820             :          * We've decremented tty->count, so we need to remove this file
    1821             :          * descriptor off the tty->tty_files list; this serves two
    1822             :          * purposes:
    1823             :          *  - check_tty_count sees the correct number of file descriptors
    1824             :          *    associated with this tty.
    1825             :          *  - do_tty_hangup no longer sees this file descriptor as
    1826             :          *    something that needs to be handled for hangups.
    1827             :          */
    1828           0 :         tty_del_file(filp);
    1829             : 
    1830             :         /*
    1831             :          * Perform some housekeeping before deciding whether to return.
    1832             :          *
    1833             :          * If _either_ side is closing, make sure there aren't any
    1834             :          * processes that still think tty or o_tty is their controlling
    1835             :          * tty.
    1836             :          */
    1837           0 :         if (!tty->count) {
    1838           0 :                 read_lock(&tasklist_lock);
    1839           0 :                 session_clear_tty(tty->ctrl.session);
    1840           0 :                 if (o_tty)
    1841           0 :                         session_clear_tty(o_tty->ctrl.session);
    1842           0 :                 read_unlock(&tasklist_lock);
    1843             :         }
    1844             : 
    1845             :         /* check whether both sides are closing ... */
    1846           0 :         final = !tty->count && !(o_tty && o_tty->count);
    1847             : 
    1848           0 :         tty_unlock_slave(o_tty);
    1849           0 :         tty_unlock(tty);
    1850             : 
    1851             :         /* At this point, the tty->count == 0 should ensure a dead tty
    1852             :          * cannot be re-opened by a racing opener.
    1853             :          */
    1854             : 
    1855           0 :         if (!final)
    1856             :                 return 0;
    1857             : 
    1858             :         tty_debug_hangup(tty, "final close\n");
    1859             : 
    1860           0 :         tty_release_struct(tty, idx);
    1861           0 :         return 0;
    1862             : }
    1863             : 
    1864             : /**
    1865             :  * tty_open_current_tty - get locked tty of current task
    1866             :  * @device: device number
    1867             :  * @filp: file pointer to tty
    1868             :  * @return: locked tty of the current task iff @device is /dev/tty
    1869             :  *
    1870             :  * Performs a re-open of the current task's controlling tty.
    1871             :  *
    1872             :  * We cannot return driver and index like for the other nodes because devpts
    1873             :  * will not work then. It expects inodes to be from devpts FS.
    1874             :  */
    1875           0 : static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
    1876             : {
    1877             :         struct tty_struct *tty;
    1878             :         int retval;
    1879             : 
    1880           0 :         if (device != MKDEV(TTYAUX_MAJOR, 0))
    1881             :                 return NULL;
    1882             : 
    1883           0 :         tty = get_current_tty();
    1884           0 :         if (!tty)
    1885             :                 return ERR_PTR(-ENXIO);
    1886             : 
    1887           0 :         filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
    1888             :         /* noctty = 1; */
    1889           0 :         tty_lock(tty);
    1890           0 :         tty_kref_put(tty);      /* safe to drop the kref now */
    1891             : 
    1892           0 :         retval = tty_reopen(tty);
    1893           0 :         if (retval < 0) {
    1894           0 :                 tty_unlock(tty);
    1895           0 :                 tty = ERR_PTR(retval);
    1896             :         }
    1897             :         return tty;
    1898             : }
    1899             : 
    1900             : /**
    1901             :  * tty_lookup_driver - lookup a tty driver for a given device file
    1902             :  * @device: device number
    1903             :  * @filp: file pointer to tty
    1904             :  * @index: index for the device in the @return driver
    1905             :  *
    1906             :  * If returned value is not erroneous, the caller is responsible to decrement
    1907             :  * the refcount by tty_driver_kref_put().
    1908             :  *
    1909             :  * Locking: %tty_mutex protects get_tty_driver()
    1910             :  *
    1911             :  * Return: driver for this inode (with increased refcount)
    1912             :  */
    1913           0 : static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
    1914             :                 int *index)
    1915             : {
    1916           0 :         struct tty_driver *driver = NULL;
    1917             : 
    1918           0 :         switch (device) {
    1919             : #ifdef CONFIG_VT
    1920             :         case MKDEV(TTY_MAJOR, 0): {
    1921             :                 extern struct tty_driver *console_driver;
    1922             : 
    1923             :                 driver = tty_driver_kref_get(console_driver);
    1924             :                 *index = fg_console;
    1925             :                 break;
    1926             :         }
    1927             : #endif
    1928             :         case MKDEV(TTYAUX_MAJOR, 1): {
    1929           0 :                 struct tty_driver *console_driver = console_device(index);
    1930             : 
    1931           0 :                 if (console_driver) {
    1932           0 :                         driver = tty_driver_kref_get(console_driver);
    1933           0 :                         if (driver && filp) {
    1934             :                                 /* Don't let /dev/console block */
    1935           0 :                                 filp->f_flags |= O_NONBLOCK;
    1936           0 :                                 break;
    1937             :                         }
    1938             :                 }
    1939           0 :                 if (driver)
    1940             :                         tty_driver_kref_put(driver);
    1941             :                 return ERR_PTR(-ENODEV);
    1942             :         }
    1943             :         default:
    1944           0 :                 driver = get_tty_driver(device, index);
    1945           0 :                 if (!driver)
    1946             :                         return ERR_PTR(-ENODEV);
    1947             :                 break;
    1948             :         }
    1949             :         return driver;
    1950             : }
    1951             : 
    1952           0 : static struct tty_struct *tty_kopen(dev_t device, int shared)
    1953             : {
    1954             :         struct tty_struct *tty;
    1955             :         struct tty_driver *driver;
    1956           0 :         int index = -1;
    1957             : 
    1958           0 :         mutex_lock(&tty_mutex);
    1959           0 :         driver = tty_lookup_driver(device, NULL, &index);
    1960           0 :         if (IS_ERR(driver)) {
    1961           0 :                 mutex_unlock(&tty_mutex);
    1962           0 :                 return ERR_CAST(driver);
    1963             :         }
    1964             : 
    1965             :         /* check whether we're reopening an existing tty */
    1966           0 :         tty = tty_driver_lookup_tty(driver, NULL, index);
    1967           0 :         if (IS_ERR(tty) || shared)
    1968             :                 goto out;
    1969             : 
    1970           0 :         if (tty) {
    1971             :                 /* drop kref from tty_driver_lookup_tty() */
    1972           0 :                 tty_kref_put(tty);
    1973           0 :                 tty = ERR_PTR(-EBUSY);
    1974             :         } else { /* tty_init_dev returns tty with the tty_lock held */
    1975           0 :                 tty = tty_init_dev(driver, index);
    1976           0 :                 if (IS_ERR(tty))
    1977             :                         goto out;
    1978           0 :                 tty_port_set_kopened(tty->port, 1);
    1979             :         }
    1980             : out:
    1981           0 :         mutex_unlock(&tty_mutex);
    1982           0 :         tty_driver_kref_put(driver);
    1983           0 :         return tty;
    1984             : }
    1985             : 
    1986             : /**
    1987             :  * tty_kopen_exclusive  -       open a tty device for kernel
    1988             :  * @device: dev_t of device to open
    1989             :  *
    1990             :  * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
    1991             :  * it's not already opened and performs the first-time tty initialization.
    1992             :  *
    1993             :  * Claims the global %tty_mutex to serialize:
    1994             :  *  * concurrent first-time tty initialization
    1995             :  *  * concurrent tty driver removal w/ lookup
    1996             :  *  * concurrent tty removal from driver table
    1997             :  *
    1998             :  * Return: the locked initialized &tty_struct
    1999             :  */
    2000           0 : struct tty_struct *tty_kopen_exclusive(dev_t device)
    2001             : {
    2002           0 :         return tty_kopen(device, 0);
    2003             : }
    2004             : EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
    2005             : 
    2006             : /**
    2007             :  * tty_kopen_shared     -       open a tty device for shared in-kernel use
    2008             :  * @device: dev_t of device to open
    2009             :  *
    2010             :  * Opens an already existing tty for in-kernel use. Compared to
    2011             :  * tty_kopen_exclusive() above it doesn't ensure to be the only user.
    2012             :  *
    2013             :  * Locking: identical to tty_kopen() above.
    2014             :  */
    2015           0 : struct tty_struct *tty_kopen_shared(dev_t device)
    2016             : {
    2017           0 :         return tty_kopen(device, 1);
    2018             : }
    2019             : EXPORT_SYMBOL_GPL(tty_kopen_shared);
    2020             : 
    2021             : /**
    2022             :  * tty_open_by_driver   -       open a tty device
    2023             :  * @device: dev_t of device to open
    2024             :  * @filp: file pointer to tty
    2025             :  *
    2026             :  * Performs the driver lookup, checks for a reopen, or otherwise performs the
    2027             :  * first-time tty initialization.
    2028             :  *
    2029             :  *
    2030             :  * Claims the global tty_mutex to serialize:
    2031             :  *  * concurrent first-time tty initialization
    2032             :  *  * concurrent tty driver removal w/ lookup
    2033             :  *  * concurrent tty removal from driver table
    2034             :  *
    2035             :  * Return: the locked initialized or re-opened &tty_struct
    2036             :  */
    2037           0 : static struct tty_struct *tty_open_by_driver(dev_t device,
    2038             :                                              struct file *filp)
    2039             : {
    2040             :         struct tty_struct *tty;
    2041           0 :         struct tty_driver *driver = NULL;
    2042           0 :         int index = -1;
    2043             :         int retval;
    2044             : 
    2045           0 :         mutex_lock(&tty_mutex);
    2046           0 :         driver = tty_lookup_driver(device, filp, &index);
    2047           0 :         if (IS_ERR(driver)) {
    2048           0 :                 mutex_unlock(&tty_mutex);
    2049           0 :                 return ERR_CAST(driver);
    2050             :         }
    2051             : 
    2052             :         /* check whether we're reopening an existing tty */
    2053           0 :         tty = tty_driver_lookup_tty(driver, filp, index);
    2054           0 :         if (IS_ERR(tty)) {
    2055           0 :                 mutex_unlock(&tty_mutex);
    2056           0 :                 goto out;
    2057             :         }
    2058             : 
    2059           0 :         if (tty) {
    2060           0 :                 if (tty_port_kopened(tty->port)) {
    2061           0 :                         tty_kref_put(tty);
    2062           0 :                         mutex_unlock(&tty_mutex);
    2063           0 :                         tty = ERR_PTR(-EBUSY);
    2064           0 :                         goto out;
    2065             :                 }
    2066           0 :                 mutex_unlock(&tty_mutex);
    2067           0 :                 retval = tty_lock_interruptible(tty);
    2068           0 :                 tty_kref_put(tty);  /* drop kref from tty_driver_lookup_tty() */
    2069           0 :                 if (retval) {
    2070           0 :                         if (retval == -EINTR)
    2071           0 :                                 retval = -ERESTARTSYS;
    2072           0 :                         tty = ERR_PTR(retval);
    2073           0 :                         goto out;
    2074             :                 }
    2075           0 :                 retval = tty_reopen(tty);
    2076           0 :                 if (retval < 0) {
    2077           0 :                         tty_unlock(tty);
    2078           0 :                         tty = ERR_PTR(retval);
    2079             :                 }
    2080             :         } else { /* Returns with the tty_lock held for now */
    2081           0 :                 tty = tty_init_dev(driver, index);
    2082           0 :                 mutex_unlock(&tty_mutex);
    2083             :         }
    2084             : out:
    2085           0 :         tty_driver_kref_put(driver);
    2086           0 :         return tty;
    2087             : }
    2088             : 
    2089             : /**
    2090             :  * tty_open     -       open a tty device
    2091             :  * @inode: inode of device file
    2092             :  * @filp: file pointer to tty
    2093             :  *
    2094             :  * tty_open() and tty_release() keep up the tty count that contains the number
    2095             :  * of opens done on a tty. We cannot use the inode-count, as different inodes
    2096             :  * might point to the same tty.
    2097             :  *
    2098             :  * Open-counting is needed for pty masters, as well as for keeping track of
    2099             :  * serial lines: DTR is dropped when the last close happens.
    2100             :  * (This is not done solely through tty->count, now.  - Ted 1/27/92)
    2101             :  *
    2102             :  * The termios state of a pty is reset on the first open so that settings don't
    2103             :  * persist across reuse.
    2104             :  *
    2105             :  * Locking:
    2106             :  *  * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
    2107             :  *  * @tty->count should protect the rest.
    2108             :  *  * ->siglock protects ->signal/->sighand
    2109             :  *
    2110             :  * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
    2111             :  */
    2112           0 : static int tty_open(struct inode *inode, struct file *filp)
    2113             : {
    2114             :         struct tty_struct *tty;
    2115             :         int noctty, retval;
    2116           0 :         dev_t device = inode->i_rdev;
    2117           0 :         unsigned saved_flags = filp->f_flags;
    2118             : 
    2119           0 :         nonseekable_open(inode, filp);
    2120             : 
    2121             : retry_open:
    2122           0 :         retval = tty_alloc_file(filp);
    2123           0 :         if (retval)
    2124             :                 return -ENOMEM;
    2125             : 
    2126           0 :         tty = tty_open_current_tty(device, filp);
    2127           0 :         if (!tty)
    2128           0 :                 tty = tty_open_by_driver(device, filp);
    2129             : 
    2130           0 :         if (IS_ERR(tty)) {
    2131           0 :                 tty_free_file(filp);
    2132           0 :                 retval = PTR_ERR(tty);
    2133           0 :                 if (retval != -EAGAIN || signal_pending(current))
    2134             :                         return retval;
    2135           0 :                 schedule();
    2136           0 :                 goto retry_open;
    2137             :         }
    2138             : 
    2139           0 :         tty_add_file(tty, filp);
    2140             : 
    2141           0 :         check_tty_count(tty, __func__);
    2142             :         tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
    2143             : 
    2144           0 :         if (tty->ops->open)
    2145           0 :                 retval = tty->ops->open(tty, filp);
    2146             :         else
    2147             :                 retval = -ENODEV;
    2148           0 :         filp->f_flags = saved_flags;
    2149             : 
    2150           0 :         if (retval) {
    2151             :                 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
    2152             : 
    2153           0 :                 tty_unlock(tty); /* need to call tty_release without BTM */
    2154           0 :                 tty_release(inode, filp);
    2155           0 :                 if (retval != -ERESTARTSYS)
    2156             :                         return retval;
    2157             : 
    2158           0 :                 if (signal_pending(current))
    2159             :                         return retval;
    2160             : 
    2161           0 :                 schedule();
    2162             :                 /*
    2163             :                  * Need to reset f_op in case a hangup happened.
    2164             :                  */
    2165           0 :                 if (tty_hung_up_p(filp))
    2166           0 :                         filp->f_op = &tty_fops;
    2167             :                 goto retry_open;
    2168             :         }
    2169           0 :         clear_bit(TTY_HUPPED, &tty->flags);
    2170             : 
    2171           0 :         noctty = (filp->f_flags & O_NOCTTY) ||
    2172           0 :                  (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
    2173           0 :                  device == MKDEV(TTYAUX_MAJOR, 1) ||
    2174           0 :                  (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
    2175             :                   tty->driver->subtype == PTY_TYPE_MASTER);
    2176           0 :         if (!noctty)
    2177           0 :                 tty_open_proc_set_tty(filp, tty);
    2178           0 :         tty_unlock(tty);
    2179           0 :         return 0;
    2180             : }
    2181             : 
    2182             : 
    2183             : /**
    2184             :  * tty_poll     -       check tty status
    2185             :  * @filp: file being polled
    2186             :  * @wait: poll wait structures to update
    2187             :  *
    2188             :  * Call the line discipline polling method to obtain the poll status of the
    2189             :  * device.
    2190             :  *
    2191             :  * Locking: locks called line discipline but ldisc poll method may be
    2192             :  * re-entered freely by other callers.
    2193             :  */
    2194           0 : static __poll_t tty_poll(struct file *filp, poll_table *wait)
    2195             : {
    2196           0 :         struct tty_struct *tty = file_tty(filp);
    2197             :         struct tty_ldisc *ld;
    2198           0 :         __poll_t ret = 0;
    2199             : 
    2200           0 :         if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
    2201             :                 return 0;
    2202             : 
    2203           0 :         ld = tty_ldisc_ref_wait(tty);
    2204           0 :         if (!ld)
    2205             :                 return hung_up_tty_poll(filp, wait);
    2206           0 :         if (ld->ops->poll)
    2207           0 :                 ret = ld->ops->poll(tty, filp, wait);
    2208           0 :         tty_ldisc_deref(ld);
    2209           0 :         return ret;
    2210             : }
    2211             : 
    2212           0 : static int __tty_fasync(int fd, struct file *filp, int on)
    2213             : {
    2214           0 :         struct tty_struct *tty = file_tty(filp);
    2215             :         unsigned long flags;
    2216           0 :         int retval = 0;
    2217             : 
    2218           0 :         if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
    2219             :                 goto out;
    2220             : 
    2221           0 :         retval = fasync_helper(fd, filp, on, &tty->fasync);
    2222           0 :         if (retval <= 0)
    2223             :                 goto out;
    2224             : 
    2225           0 :         if (on) {
    2226             :                 enum pid_type type;
    2227             :                 struct pid *pid;
    2228             : 
    2229           0 :                 spin_lock_irqsave(&tty->ctrl.lock, flags);
    2230           0 :                 if (tty->ctrl.pgrp) {
    2231             :                         pid = tty->ctrl.pgrp;
    2232             :                         type = PIDTYPE_PGID;
    2233             :                 } else {
    2234           0 :                         pid = task_pid(current);
    2235           0 :                         type = PIDTYPE_TGID;
    2236             :                 }
    2237           0 :                 get_pid(pid);
    2238           0 :                 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
    2239           0 :                 __f_setown(filp, pid, type, 0);
    2240           0 :                 put_pid(pid);
    2241           0 :                 retval = 0;
    2242             :         }
    2243             : out:
    2244           0 :         return retval;
    2245             : }
    2246             : 
    2247           0 : static int tty_fasync(int fd, struct file *filp, int on)
    2248             : {
    2249           0 :         struct tty_struct *tty = file_tty(filp);
    2250           0 :         int retval = -ENOTTY;
    2251             : 
    2252           0 :         tty_lock(tty);
    2253           0 :         if (!tty_hung_up_p(filp))
    2254           0 :                 retval = __tty_fasync(fd, filp, on);
    2255           0 :         tty_unlock(tty);
    2256             : 
    2257           0 :         return retval;
    2258             : }
    2259             : 
    2260             : static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
    2261             : /**
    2262             :  * tiocsti              -       fake input character
    2263             :  * @tty: tty to fake input into
    2264             :  * @p: pointer to character
    2265             :  *
    2266             :  * Fake input to a tty device. Does the necessary locking and input management.
    2267             :  *
    2268             :  * FIXME: does not honour flow control ??
    2269             :  *
    2270             :  * Locking:
    2271             :  *  * Called functions take tty_ldiscs_lock
    2272             :  *  * current->signal->tty check is safe without locks
    2273             :  */
    2274           0 : static int tiocsti(struct tty_struct *tty, char __user *p)
    2275             : {
    2276           0 :         char ch, mbz = 0;
    2277             :         struct tty_ldisc *ld;
    2278             : 
    2279           0 :         if (!tty_legacy_tiocsti)
    2280             :                 return -EIO;
    2281             : 
    2282           0 :         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
    2283             :                 return -EPERM;
    2284           0 :         if (get_user(ch, p))
    2285             :                 return -EFAULT;
    2286           0 :         tty_audit_tiocsti(tty, ch);
    2287           0 :         ld = tty_ldisc_ref_wait(tty);
    2288           0 :         if (!ld)
    2289             :                 return -EIO;
    2290           0 :         tty_buffer_lock_exclusive(tty->port);
    2291           0 :         if (ld->ops->receive_buf)
    2292           0 :                 ld->ops->receive_buf(tty, &ch, &mbz, 1);
    2293           0 :         tty_buffer_unlock_exclusive(tty->port);
    2294           0 :         tty_ldisc_deref(ld);
    2295           0 :         return 0;
    2296             : }
    2297             : 
    2298             : /**
    2299             :  * tiocgwinsz           -       implement window query ioctl
    2300             :  * @tty: tty
    2301             :  * @arg: user buffer for result
    2302             :  *
    2303             :  * Copies the kernel idea of the window size into the user buffer.
    2304             :  *
    2305             :  * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
    2306             :  * consistent.
    2307             :  */
    2308           0 : static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
    2309             : {
    2310             :         int err;
    2311             : 
    2312           0 :         mutex_lock(&tty->winsize_mutex);
    2313           0 :         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
    2314           0 :         mutex_unlock(&tty->winsize_mutex);
    2315             : 
    2316           0 :         return err ? -EFAULT : 0;
    2317             : }
    2318             : 
    2319             : /**
    2320             :  * tty_do_resize        -       resize event
    2321             :  * @tty: tty being resized
    2322             :  * @ws: new dimensions
    2323             :  *
    2324             :  * Update the termios variables and send the necessary signals to peform a
    2325             :  * terminal resize correctly.
    2326             :  */
    2327           0 : int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
    2328             : {
    2329             :         struct pid *pgrp;
    2330             : 
    2331             :         /* Lock the tty */
    2332           0 :         mutex_lock(&tty->winsize_mutex);
    2333           0 :         if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
    2334             :                 goto done;
    2335             : 
    2336             :         /* Signal the foreground process group */
    2337           0 :         pgrp = tty_get_pgrp(tty);
    2338           0 :         if (pgrp)
    2339           0 :                 kill_pgrp(pgrp, SIGWINCH, 1);
    2340           0 :         put_pid(pgrp);
    2341             : 
    2342           0 :         tty->winsize = *ws;
    2343             : done:
    2344           0 :         mutex_unlock(&tty->winsize_mutex);
    2345           0 :         return 0;
    2346             : }
    2347             : EXPORT_SYMBOL(tty_do_resize);
    2348             : 
    2349             : /**
    2350             :  * tiocswinsz           -       implement window size set ioctl
    2351             :  * @tty: tty side of tty
    2352             :  * @arg: user buffer for result
    2353             :  *
    2354             :  * Copies the user idea of the window size to the kernel. Traditionally this is
    2355             :  * just advisory information but for the Linux console it actually has driver
    2356             :  * level meaning and triggers a VC resize.
    2357             :  *
    2358             :  * Locking:
    2359             :  *      Driver dependent. The default do_resize method takes the tty termios
    2360             :  *      mutex and ctrl.lock. The console takes its own lock then calls into the
    2361             :  *      default method.
    2362             :  */
    2363           0 : static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
    2364             : {
    2365             :         struct winsize tmp_ws;
    2366             : 
    2367           0 :         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
    2368             :                 return -EFAULT;
    2369             : 
    2370           0 :         if (tty->ops->resize)
    2371           0 :                 return tty->ops->resize(tty, &tmp_ws);
    2372             :         else
    2373           0 :                 return tty_do_resize(tty, &tmp_ws);
    2374             : }
    2375             : 
    2376             : /**
    2377             :  * tioccons     -       allow admin to move logical console
    2378             :  * @file: the file to become console
    2379             :  *
    2380             :  * Allow the administrator to move the redirected console device.
    2381             :  *
    2382             :  * Locking: uses redirect_lock to guard the redirect information
    2383             :  */
    2384           0 : static int tioccons(struct file *file)
    2385             : {
    2386           0 :         if (!capable(CAP_SYS_ADMIN))
    2387             :                 return -EPERM;
    2388           0 :         if (file->f_op->write_iter == redirected_tty_write) {
    2389             :                 struct file *f;
    2390             : 
    2391           0 :                 spin_lock(&redirect_lock);
    2392           0 :                 f = redirect;
    2393           0 :                 redirect = NULL;
    2394           0 :                 spin_unlock(&redirect_lock);
    2395           0 :                 if (f)
    2396           0 :                         fput(f);
    2397             :                 return 0;
    2398             :         }
    2399           0 :         if (file->f_op->write_iter != tty_write)
    2400             :                 return -ENOTTY;
    2401           0 :         if (!(file->f_mode & FMODE_WRITE))
    2402             :                 return -EBADF;
    2403           0 :         if (!(file->f_mode & FMODE_CAN_WRITE))
    2404             :                 return -EINVAL;
    2405           0 :         spin_lock(&redirect_lock);
    2406           0 :         if (redirect) {
    2407           0 :                 spin_unlock(&redirect_lock);
    2408           0 :                 return -EBUSY;
    2409             :         }
    2410           0 :         redirect = get_file(file);
    2411           0 :         spin_unlock(&redirect_lock);
    2412           0 :         return 0;
    2413             : }
    2414             : 
    2415             : /**
    2416             :  * tiocsetd     -       set line discipline
    2417             :  * @tty: tty device
    2418             :  * @p: pointer to user data
    2419             :  *
    2420             :  * Set the line discipline according to user request.
    2421             :  *
    2422             :  * Locking: see tty_set_ldisc(), this function is just a helper
    2423             :  */
    2424           0 : static int tiocsetd(struct tty_struct *tty, int __user *p)
    2425             : {
    2426             :         int disc;
    2427             :         int ret;
    2428             : 
    2429           0 :         if (get_user(disc, p))
    2430             :                 return -EFAULT;
    2431             : 
    2432           0 :         ret = tty_set_ldisc(tty, disc);
    2433             : 
    2434           0 :         return ret;
    2435             : }
    2436             : 
    2437             : /**
    2438             :  * tiocgetd     -       get line discipline
    2439             :  * @tty: tty device
    2440             :  * @p: pointer to user data
    2441             :  *
    2442             :  * Retrieves the line discipline id directly from the ldisc.
    2443             :  *
    2444             :  * Locking: waits for ldisc reference (in case the line discipline is changing
    2445             :  * or the @tty is being hungup)
    2446             :  */
    2447           0 : static int tiocgetd(struct tty_struct *tty, int __user *p)
    2448             : {
    2449             :         struct tty_ldisc *ld;
    2450             :         int ret;
    2451             : 
    2452           0 :         ld = tty_ldisc_ref_wait(tty);
    2453           0 :         if (!ld)
    2454             :                 return -EIO;
    2455           0 :         ret = put_user(ld->ops->num, p);
    2456           0 :         tty_ldisc_deref(ld);
    2457           0 :         return ret;
    2458             : }
    2459             : 
    2460             : /**
    2461             :  * send_break   -       performed time break
    2462             :  * @tty: device to break on
    2463             :  * @duration: timeout in mS
    2464             :  *
    2465             :  * Perform a timed break on hardware that lacks its own driver level timed
    2466             :  * break functionality.
    2467             :  *
    2468             :  * Locking:
    2469             :  *      @tty->atomic_write_lock serializes
    2470             :  */
    2471           0 : static int send_break(struct tty_struct *tty, unsigned int duration)
    2472             : {
    2473             :         int retval;
    2474             : 
    2475           0 :         if (tty->ops->break_ctl == NULL)
    2476             :                 return 0;
    2477             : 
    2478           0 :         if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
    2479           0 :                 retval = tty->ops->break_ctl(tty, duration);
    2480             :         else {
    2481             :                 /* Do the work ourselves */
    2482           0 :                 if (tty_write_lock(tty, 0) < 0)
    2483             :                         return -EINTR;
    2484           0 :                 retval = tty->ops->break_ctl(tty, -1);
    2485           0 :                 if (retval)
    2486             :                         goto out;
    2487           0 :                 if (!signal_pending(current))
    2488           0 :                         msleep_interruptible(duration);
    2489           0 :                 retval = tty->ops->break_ctl(tty, 0);
    2490             : out:
    2491           0 :                 tty_write_unlock(tty);
    2492           0 :                 if (signal_pending(current))
    2493           0 :                         retval = -EINTR;
    2494             :         }
    2495             :         return retval;
    2496             : }
    2497             : 
    2498             : /**
    2499             :  * tty_tiocmget         -       get modem status
    2500             :  * @tty: tty device
    2501             :  * @p: pointer to result
    2502             :  *
    2503             :  * Obtain the modem status bits from the tty driver if the feature is
    2504             :  * supported. Return -%ENOTTY if it is not available.
    2505             :  *
    2506             :  * Locking: none (up to the driver)
    2507             :  */
    2508           0 : static int tty_tiocmget(struct tty_struct *tty, int __user *p)
    2509             : {
    2510           0 :         int retval = -ENOTTY;
    2511             : 
    2512           0 :         if (tty->ops->tiocmget) {
    2513           0 :                 retval = tty->ops->tiocmget(tty);
    2514             : 
    2515           0 :                 if (retval >= 0)
    2516           0 :                         retval = put_user(retval, p);
    2517             :         }
    2518           0 :         return retval;
    2519             : }
    2520             : 
    2521             : /**
    2522             :  * tty_tiocmset         -       set modem status
    2523             :  * @tty: tty device
    2524             :  * @cmd: command - clear bits, set bits or set all
    2525             :  * @p: pointer to desired bits
    2526             :  *
    2527             :  * Set the modem status bits from the tty driver if the feature
    2528             :  * is supported. Return -%ENOTTY if it is not available.
    2529             :  *
    2530             :  * Locking: none (up to the driver)
    2531             :  */
    2532           0 : static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
    2533             :              unsigned __user *p)
    2534             : {
    2535             :         int retval;
    2536             :         unsigned int set, clear, val;
    2537             : 
    2538           0 :         if (tty->ops->tiocmset == NULL)
    2539             :                 return -ENOTTY;
    2540             : 
    2541           0 :         retval = get_user(val, p);
    2542           0 :         if (retval)
    2543             :                 return retval;
    2544           0 :         set = clear = 0;
    2545           0 :         switch (cmd) {
    2546             :         case TIOCMBIS:
    2547           0 :                 set = val;
    2548           0 :                 break;
    2549             :         case TIOCMBIC:
    2550           0 :                 clear = val;
    2551           0 :                 break;
    2552             :         case TIOCMSET:
    2553           0 :                 set = val;
    2554           0 :                 clear = ~val;
    2555           0 :                 break;
    2556             :         }
    2557           0 :         set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
    2558           0 :         clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
    2559           0 :         return tty->ops->tiocmset(tty, set, clear);
    2560             : }
    2561             : 
    2562             : /**
    2563             :  * tty_get_icount       -       get tty statistics
    2564             :  * @tty: tty device
    2565             :  * @icount: output parameter
    2566             :  *
    2567             :  * Gets a copy of the @tty's icount statistics.
    2568             :  *
    2569             :  * Locking: none (up to the driver)
    2570             :  */
    2571           0 : int tty_get_icount(struct tty_struct *tty,
    2572             :                    struct serial_icounter_struct *icount)
    2573             : {
    2574           0 :         memset(icount, 0, sizeof(*icount));
    2575             : 
    2576           0 :         if (tty->ops->get_icount)
    2577           0 :                 return tty->ops->get_icount(tty, icount);
    2578             :         else
    2579             :                 return -ENOTTY;
    2580             : }
    2581             : EXPORT_SYMBOL_GPL(tty_get_icount);
    2582             : 
    2583           0 : static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
    2584             : {
    2585             :         struct serial_icounter_struct icount;
    2586             :         int retval;
    2587             : 
    2588           0 :         retval = tty_get_icount(tty, &icount);
    2589           0 :         if (retval != 0)
    2590             :                 return retval;
    2591             : 
    2592           0 :         if (copy_to_user(arg, &icount, sizeof(icount)))
    2593             :                 return -EFAULT;
    2594           0 :         return 0;
    2595             : }
    2596             : 
    2597           0 : static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
    2598             : {
    2599             :         char comm[TASK_COMM_LEN];
    2600             :         int flags;
    2601             : 
    2602           0 :         flags = ss->flags & ASYNC_DEPRECATED;
    2603             : 
    2604           0 :         if (flags)
    2605           0 :                 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
    2606             :                                 __func__, get_task_comm(comm, current), flags);
    2607             : 
    2608           0 :         if (!tty->ops->set_serial)
    2609             :                 return -ENOTTY;
    2610             : 
    2611           0 :         return tty->ops->set_serial(tty, ss);
    2612             : }
    2613             : 
    2614           0 : static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
    2615             : {
    2616             :         struct serial_struct v;
    2617             : 
    2618           0 :         if (copy_from_user(&v, ss, sizeof(*ss)))
    2619             :                 return -EFAULT;
    2620             : 
    2621           0 :         return tty_set_serial(tty, &v);
    2622             : }
    2623             : 
    2624           0 : static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
    2625             : {
    2626             :         struct serial_struct v;
    2627             :         int err;
    2628             : 
    2629           0 :         memset(&v, 0, sizeof(v));
    2630           0 :         if (!tty->ops->get_serial)
    2631             :                 return -ENOTTY;
    2632           0 :         err = tty->ops->get_serial(tty, &v);
    2633           0 :         if (!err && copy_to_user(ss, &v, sizeof(v)))
    2634           0 :                 err = -EFAULT;
    2635             :         return err;
    2636             : }
    2637             : 
    2638             : /*
    2639             :  * if pty, return the slave side (real_tty)
    2640             :  * otherwise, return self
    2641             :  */
    2642             : static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
    2643             : {
    2644           0 :         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
    2645             :             tty->driver->subtype == PTY_TYPE_MASTER)
    2646           0 :                 tty = tty->link;
    2647             :         return tty;
    2648             : }
    2649             : 
    2650             : /*
    2651             :  * Split this up, as gcc can choke on it otherwise..
    2652             :  */
    2653           0 : long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
    2654             : {
    2655           0 :         struct tty_struct *tty = file_tty(file);
    2656             :         struct tty_struct *real_tty;
    2657           0 :         void __user *p = (void __user *)arg;
    2658             :         int retval;
    2659             :         struct tty_ldisc *ld;
    2660             : 
    2661           0 :         if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
    2662             :                 return -EINVAL;
    2663             : 
    2664           0 :         real_tty = tty_pair_get_tty(tty);
    2665             : 
    2666             :         /*
    2667             :          * Factor out some common prep work
    2668             :          */
    2669             :         switch (cmd) {
    2670             :         case TIOCSETD:
    2671             :         case TIOCSBRK:
    2672             :         case TIOCCBRK:
    2673             :         case TCSBRK:
    2674             :         case TCSBRKP:
    2675           0 :                 retval = tty_check_change(tty);
    2676           0 :                 if (retval)
    2677           0 :                         return retval;
    2678           0 :                 if (cmd != TIOCCBRK) {
    2679           0 :                         tty_wait_until_sent(tty, 0);
    2680           0 :                         if (signal_pending(current))
    2681             :                                 return -EINTR;
    2682             :                 }
    2683             :                 break;
    2684             :         }
    2685             : 
    2686             :         /*
    2687             :          *      Now do the stuff.
    2688             :          */
    2689           0 :         switch (cmd) {
    2690             :         case TIOCSTI:
    2691           0 :                 return tiocsti(tty, p);
    2692             :         case TIOCGWINSZ:
    2693           0 :                 return tiocgwinsz(real_tty, p);
    2694             :         case TIOCSWINSZ:
    2695           0 :                 return tiocswinsz(real_tty, p);
    2696             :         case TIOCCONS:
    2697           0 :                 return real_tty != tty ? -EINVAL : tioccons(file);
    2698             :         case TIOCEXCL:
    2699           0 :                 set_bit(TTY_EXCLUSIVE, &tty->flags);
    2700           0 :                 return 0;
    2701             :         case TIOCNXCL:
    2702           0 :                 clear_bit(TTY_EXCLUSIVE, &tty->flags);
    2703           0 :                 return 0;
    2704             :         case TIOCGEXCL:
    2705             :         {
    2706           0 :                 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
    2707             : 
    2708           0 :                 return put_user(excl, (int __user *)p);
    2709             :         }
    2710             :         case TIOCGETD:
    2711           0 :                 return tiocgetd(tty, p);
    2712             :         case TIOCSETD:
    2713           0 :                 return tiocsetd(tty, p);
    2714             :         case TIOCVHANGUP:
    2715           0 :                 if (!capable(CAP_SYS_ADMIN))
    2716             :                         return -EPERM;
    2717           0 :                 tty_vhangup(tty);
    2718           0 :                 return 0;
    2719             :         case TIOCGDEV:
    2720             :         {
    2721           0 :                 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
    2722             : 
    2723           0 :                 return put_user(ret, (unsigned int __user *)p);
    2724             :         }
    2725             :         /*
    2726             :          * Break handling
    2727             :          */
    2728             :         case TIOCSBRK:  /* Turn break on, unconditionally */
    2729           0 :                 if (tty->ops->break_ctl)
    2730           0 :                         return tty->ops->break_ctl(tty, -1);
    2731             :                 return 0;
    2732             :         case TIOCCBRK:  /* Turn break off, unconditionally */
    2733           0 :                 if (tty->ops->break_ctl)
    2734           0 :                         return tty->ops->break_ctl(tty, 0);
    2735             :                 return 0;
    2736             :         case TCSBRK:   /* SVID version: non-zero arg --> no break */
    2737             :                 /* non-zero arg means wait for all output data
    2738             :                  * to be sent (performed above) but don't send break.
    2739             :                  * This is used by the tcdrain() termios function.
    2740             :                  */
    2741           0 :                 if (!arg)
    2742           0 :                         return send_break(tty, 250);
    2743             :                 return 0;
    2744             :         case TCSBRKP:   /* support for POSIX tcsendbreak() */
    2745           0 :                 return send_break(tty, arg ? arg*100 : 250);
    2746             : 
    2747             :         case TIOCMGET:
    2748           0 :                 return tty_tiocmget(tty, p);
    2749             :         case TIOCMSET:
    2750             :         case TIOCMBIC:
    2751             :         case TIOCMBIS:
    2752           0 :                 return tty_tiocmset(tty, cmd, p);
    2753             :         case TIOCGICOUNT:
    2754           0 :                 return tty_tiocgicount(tty, p);
    2755             :         case TCFLSH:
    2756           0 :                 switch (arg) {
    2757             :                 case TCIFLUSH:
    2758             :                 case TCIOFLUSH:
    2759             :                 /* flush tty buffer and allow ldisc to process ioctl */
    2760           0 :                         tty_buffer_flush(tty, NULL);
    2761           0 :                         break;
    2762             :                 }
    2763             :                 break;
    2764             :         case TIOCSSERIAL:
    2765           0 :                 return tty_tiocsserial(tty, p);
    2766             :         case TIOCGSERIAL:
    2767           0 :                 return tty_tiocgserial(tty, p);
    2768             :         case TIOCGPTPEER:
    2769             :                 /* Special because the struct file is needed */
    2770           0 :                 return ptm_open_peer(file, tty, (int)arg);
    2771             :         default:
    2772           0 :                 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
    2773           0 :                 if (retval != -ENOIOCTLCMD)
    2774           0 :                         return retval;
    2775             :         }
    2776           0 :         if (tty->ops->ioctl) {
    2777           0 :                 retval = tty->ops->ioctl(tty, cmd, arg);
    2778           0 :                 if (retval != -ENOIOCTLCMD)
    2779           0 :                         return retval;
    2780             :         }
    2781           0 :         ld = tty_ldisc_ref_wait(tty);
    2782           0 :         if (!ld)
    2783             :                 return hung_up_tty_ioctl(file, cmd, arg);
    2784           0 :         retval = -EINVAL;
    2785           0 :         if (ld->ops->ioctl) {
    2786           0 :                 retval = ld->ops->ioctl(tty, cmd, arg);
    2787           0 :                 if (retval == -ENOIOCTLCMD)
    2788           0 :                         retval = -ENOTTY;
    2789             :         }
    2790           0 :         tty_ldisc_deref(ld);
    2791           0 :         return retval;
    2792             : }
    2793             : 
    2794             : #ifdef CONFIG_COMPAT
    2795             : 
    2796             : struct serial_struct32 {
    2797             :         compat_int_t    type;
    2798             :         compat_int_t    line;
    2799             :         compat_uint_t   port;
    2800             :         compat_int_t    irq;
    2801             :         compat_int_t    flags;
    2802             :         compat_int_t    xmit_fifo_size;
    2803             :         compat_int_t    custom_divisor;
    2804             :         compat_int_t    baud_base;
    2805             :         unsigned short  close_delay;
    2806             :         char    io_type;
    2807             :         char    reserved_char;
    2808             :         compat_int_t    hub6;
    2809             :         unsigned short  closing_wait; /* time to wait before closing */
    2810             :         unsigned short  closing_wait2; /* no longer used... */
    2811             :         compat_uint_t   iomem_base;
    2812             :         unsigned short  iomem_reg_shift;
    2813             :         unsigned int    port_high;
    2814             :         /* compat_ulong_t  iomap_base FIXME */
    2815             :         compat_int_t    reserved;
    2816             : };
    2817             : 
    2818             : static int compat_tty_tiocsserial(struct tty_struct *tty,
    2819             :                 struct serial_struct32 __user *ss)
    2820             : {
    2821             :         struct serial_struct32 v32;
    2822             :         struct serial_struct v;
    2823             : 
    2824             :         if (copy_from_user(&v32, ss, sizeof(*ss)))
    2825             :                 return -EFAULT;
    2826             : 
    2827             :         memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
    2828             :         v.iomem_base = compat_ptr(v32.iomem_base);
    2829             :         v.iomem_reg_shift = v32.iomem_reg_shift;
    2830             :         v.port_high = v32.port_high;
    2831             :         v.iomap_base = 0;
    2832             : 
    2833             :         return tty_set_serial(tty, &v);
    2834             : }
    2835             : 
    2836             : static int compat_tty_tiocgserial(struct tty_struct *tty,
    2837             :                         struct serial_struct32 __user *ss)
    2838             : {
    2839             :         struct serial_struct32 v32;
    2840             :         struct serial_struct v;
    2841             :         int err;
    2842             : 
    2843             :         memset(&v, 0, sizeof(v));
    2844             :         memset(&v32, 0, sizeof(v32));
    2845             : 
    2846             :         if (!tty->ops->get_serial)
    2847             :                 return -ENOTTY;
    2848             :         err = tty->ops->get_serial(tty, &v);
    2849             :         if (!err) {
    2850             :                 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
    2851             :                 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
    2852             :                         0xfffffff : ptr_to_compat(v.iomem_base);
    2853             :                 v32.iomem_reg_shift = v.iomem_reg_shift;
    2854             :                 v32.port_high = v.port_high;
    2855             :                 if (copy_to_user(ss, &v32, sizeof(v32)))
    2856             :                         err = -EFAULT;
    2857             :         }
    2858             :         return err;
    2859             : }
    2860             : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
    2861             :                                 unsigned long arg)
    2862             : {
    2863             :         struct tty_struct *tty = file_tty(file);
    2864             :         struct tty_ldisc *ld;
    2865             :         int retval = -ENOIOCTLCMD;
    2866             : 
    2867             :         switch (cmd) {
    2868             :         case TIOCOUTQ:
    2869             :         case TIOCSTI:
    2870             :         case TIOCGWINSZ:
    2871             :         case TIOCSWINSZ:
    2872             :         case TIOCGEXCL:
    2873             :         case TIOCGETD:
    2874             :         case TIOCSETD:
    2875             :         case TIOCGDEV:
    2876             :         case TIOCMGET:
    2877             :         case TIOCMSET:
    2878             :         case TIOCMBIC:
    2879             :         case TIOCMBIS:
    2880             :         case TIOCGICOUNT:
    2881             :         case TIOCGPGRP:
    2882             :         case TIOCSPGRP:
    2883             :         case TIOCGSID:
    2884             :         case TIOCSERGETLSR:
    2885             :         case TIOCGRS485:
    2886             :         case TIOCSRS485:
    2887             : #ifdef TIOCGETP
    2888             :         case TIOCGETP:
    2889             :         case TIOCSETP:
    2890             :         case TIOCSETN:
    2891             : #endif
    2892             : #ifdef TIOCGETC
    2893             :         case TIOCGETC:
    2894             :         case TIOCSETC:
    2895             : #endif
    2896             : #ifdef TIOCGLTC
    2897             :         case TIOCGLTC:
    2898             :         case TIOCSLTC:
    2899             : #endif
    2900             :         case TCSETSF:
    2901             :         case TCSETSW:
    2902             :         case TCSETS:
    2903             :         case TCGETS:
    2904             : #ifdef TCGETS2
    2905             :         case TCGETS2:
    2906             :         case TCSETSF2:
    2907             :         case TCSETSW2:
    2908             :         case TCSETS2:
    2909             : #endif
    2910             :         case TCGETA:
    2911             :         case TCSETAF:
    2912             :         case TCSETAW:
    2913             :         case TCSETA:
    2914             :         case TIOCGLCKTRMIOS:
    2915             :         case TIOCSLCKTRMIOS:
    2916             : #ifdef TCGETX
    2917             :         case TCGETX:
    2918             :         case TCSETX:
    2919             :         case TCSETXW:
    2920             :         case TCSETXF:
    2921             : #endif
    2922             :         case TIOCGSOFTCAR:
    2923             :         case TIOCSSOFTCAR:
    2924             : 
    2925             :         case PPPIOCGCHAN:
    2926             :         case PPPIOCGUNIT:
    2927             :                 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
    2928             :         case TIOCCONS:
    2929             :         case TIOCEXCL:
    2930             :         case TIOCNXCL:
    2931             :         case TIOCVHANGUP:
    2932             :         case TIOCSBRK:
    2933             :         case TIOCCBRK:
    2934             :         case TCSBRK:
    2935             :         case TCSBRKP:
    2936             :         case TCFLSH:
    2937             :         case TIOCGPTPEER:
    2938             :         case TIOCNOTTY:
    2939             :         case TIOCSCTTY:
    2940             :         case TCXONC:
    2941             :         case TIOCMIWAIT:
    2942             :         case TIOCSERCONFIG:
    2943             :                 return tty_ioctl(file, cmd, arg);
    2944             :         }
    2945             : 
    2946             :         if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
    2947             :                 return -EINVAL;
    2948             : 
    2949             :         switch (cmd) {
    2950             :         case TIOCSSERIAL:
    2951             :                 return compat_tty_tiocsserial(tty, compat_ptr(arg));
    2952             :         case TIOCGSERIAL:
    2953             :                 return compat_tty_tiocgserial(tty, compat_ptr(arg));
    2954             :         }
    2955             :         if (tty->ops->compat_ioctl) {
    2956             :                 retval = tty->ops->compat_ioctl(tty, cmd, arg);
    2957             :                 if (retval != -ENOIOCTLCMD)
    2958             :                         return retval;
    2959             :         }
    2960             : 
    2961             :         ld = tty_ldisc_ref_wait(tty);
    2962             :         if (!ld)
    2963             :                 return hung_up_tty_compat_ioctl(file, cmd, arg);
    2964             :         if (ld->ops->compat_ioctl)
    2965             :                 retval = ld->ops->compat_ioctl(tty, cmd, arg);
    2966             :         if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
    2967             :                 retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
    2968             :                                 arg);
    2969             :         tty_ldisc_deref(ld);
    2970             : 
    2971             :         return retval;
    2972             : }
    2973             : #endif
    2974             : 
    2975           0 : static int this_tty(const void *t, struct file *file, unsigned fd)
    2976             : {
    2977           0 :         if (likely(file->f_op->read_iter != tty_read))
    2978             :                 return 0;
    2979           0 :         return file_tty(file) != t ? 0 : fd + 1;
    2980             : }
    2981             : 
    2982             : /*
    2983             :  * This implements the "Secure Attention Key" ---  the idea is to
    2984             :  * prevent trojan horses by killing all processes associated with this
    2985             :  * tty when the user hits the "Secure Attention Key".  Required for
    2986             :  * super-paranoid applications --- see the Orange Book for more details.
    2987             :  *
    2988             :  * This code could be nicer; ideally it should send a HUP, wait a few
    2989             :  * seconds, then send a INT, and then a KILL signal.  But you then
    2990             :  * have to coordinate with the init process, since all processes associated
    2991             :  * with the current tty must be dead before the new getty is allowed
    2992             :  * to spawn.
    2993             :  *
    2994             :  * Now, if it would be correct ;-/ The current code has a nasty hole -
    2995             :  * it doesn't catch files in flight. We may send the descriptor to ourselves
    2996             :  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
    2997             :  *
    2998             :  * Nasty bug: do_SAK is being called in interrupt context.  This can
    2999             :  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
    3000             :  */
    3001           0 : void __do_SAK(struct tty_struct *tty)
    3002             : {
    3003             :         struct task_struct *g, *p;
    3004             :         struct pid *session;
    3005             :         int i;
    3006             :         unsigned long flags;
    3007             : 
    3008           0 :         spin_lock_irqsave(&tty->ctrl.lock, flags);
    3009           0 :         session = get_pid(tty->ctrl.session);
    3010           0 :         spin_unlock_irqrestore(&tty->ctrl.lock, flags);
    3011             : 
    3012           0 :         tty_ldisc_flush(tty);
    3013             : 
    3014           0 :         tty_driver_flush_buffer(tty);
    3015             : 
    3016           0 :         read_lock(&tasklist_lock);
    3017             :         /* Kill the entire session */
    3018           0 :         do_each_pid_task(session, PIDTYPE_SID, p) {
    3019           0 :                 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
    3020             :                            task_pid_nr(p), p->comm);
    3021           0 :                 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
    3022             :         } while_each_pid_task(session, PIDTYPE_SID, p);
    3023             : 
    3024             :         /* Now kill any processes that happen to have the tty open */
    3025           0 :         do_each_thread(g, p) {
    3026           0 :                 if (p->signal->tty == tty) {
    3027           0 :                         tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
    3028             :                                    task_pid_nr(p), p->comm);
    3029           0 :                         group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
    3030             :                                         PIDTYPE_SID);
    3031           0 :                         continue;
    3032             :                 }
    3033           0 :                 task_lock(p);
    3034           0 :                 i = iterate_fd(p->files, 0, this_tty, tty);
    3035           0 :                 if (i != 0) {
    3036           0 :                         tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
    3037             :                                    task_pid_nr(p), p->comm, i - 1);
    3038           0 :                         group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
    3039             :                                         PIDTYPE_SID);
    3040             :                 }
    3041           0 :                 task_unlock(p);
    3042           0 :         } while_each_thread(g, p);
    3043           0 :         read_unlock(&tasklist_lock);
    3044           0 :         put_pid(session);
    3045           0 : }
    3046             : 
    3047           0 : static void do_SAK_work(struct work_struct *work)
    3048             : {
    3049           0 :         struct tty_struct *tty =
    3050           0 :                 container_of(work, struct tty_struct, SAK_work);
    3051           0 :         __do_SAK(tty);
    3052           0 : }
    3053             : 
    3054             : /*
    3055             :  * The tq handling here is a little racy - tty->SAK_work may already be queued.
    3056             :  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
    3057             :  * the values which we write to it will be identical to the values which it
    3058             :  * already has. --akpm
    3059             :  */
    3060           0 : void do_SAK(struct tty_struct *tty)
    3061             : {
    3062           0 :         if (!tty)
    3063             :                 return;
    3064           0 :         schedule_work(&tty->SAK_work);
    3065             : }
    3066             : EXPORT_SYMBOL(do_SAK);
    3067             : 
    3068             : /* Must put_device() after it's unused! */
    3069           0 : static struct device *tty_get_device(struct tty_struct *tty)
    3070             : {
    3071           0 :         dev_t devt = tty_devnum(tty);
    3072             : 
    3073           0 :         return class_find_device_by_devt(tty_class, devt);
    3074             : }
    3075             : 
    3076             : 
    3077             : /**
    3078             :  * alloc_tty_struct - allocate a new tty
    3079             :  * @driver: driver which will handle the returned tty
    3080             :  * @idx: minor of the tty
    3081             :  *
    3082             :  * This subroutine allocates and initializes a tty structure.
    3083             :  *
    3084             :  * Locking: none - @tty in question is not exposed at this point
    3085             :  */
    3086           0 : struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
    3087             : {
    3088             :         struct tty_struct *tty;
    3089             : 
    3090           0 :         tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
    3091           0 :         if (!tty)
    3092             :                 return NULL;
    3093             : 
    3094           0 :         kref_init(&tty->kref);
    3095           0 :         if (tty_ldisc_init(tty)) {
    3096           0 :                 kfree(tty);
    3097           0 :                 return NULL;
    3098             :         }
    3099           0 :         tty->ctrl.session = NULL;
    3100           0 :         tty->ctrl.pgrp = NULL;
    3101           0 :         mutex_init(&tty->legacy_mutex);
    3102           0 :         mutex_init(&tty->throttle_mutex);
    3103           0 :         init_rwsem(&tty->termios_rwsem);
    3104           0 :         mutex_init(&tty->winsize_mutex);
    3105           0 :         init_ldsem(&tty->ldisc_sem);
    3106           0 :         init_waitqueue_head(&tty->write_wait);
    3107           0 :         init_waitqueue_head(&tty->read_wait);
    3108           0 :         INIT_WORK(&tty->hangup_work, do_tty_hangup);
    3109           0 :         mutex_init(&tty->atomic_write_lock);
    3110           0 :         spin_lock_init(&tty->ctrl.lock);
    3111           0 :         spin_lock_init(&tty->flow.lock);
    3112           0 :         spin_lock_init(&tty->files_lock);
    3113           0 :         INIT_LIST_HEAD(&tty->tty_files);
    3114           0 :         INIT_WORK(&tty->SAK_work, do_SAK_work);
    3115             : 
    3116           0 :         tty->driver = driver;
    3117           0 :         tty->ops = driver->ops;
    3118           0 :         tty->index = idx;
    3119           0 :         tty_line_name(driver, idx, tty->name);
    3120           0 :         tty->dev = tty_get_device(tty);
    3121             : 
    3122           0 :         return tty;
    3123             : }
    3124             : 
    3125             : /**
    3126             :  * tty_put_char - write one character to a tty
    3127             :  * @tty: tty
    3128             :  * @ch: character to write
    3129             :  *
    3130             :  * Write one byte to the @tty using the provided @tty->ops->put_char() method
    3131             :  * if present.
    3132             :  *
    3133             :  * Note: the specific put_char operation in the driver layer may go
    3134             :  * away soon. Don't call it directly, use this method
    3135             :  *
    3136             :  * Return: the number of characters successfully output.
    3137             :  */
    3138           0 : int tty_put_char(struct tty_struct *tty, unsigned char ch)
    3139             : {
    3140           0 :         if (tty->ops->put_char)
    3141           0 :                 return tty->ops->put_char(tty, ch);
    3142           0 :         return tty->ops->write(tty, &ch, 1);
    3143             : }
    3144             : EXPORT_SYMBOL_GPL(tty_put_char);
    3145             : 
    3146             : struct class *tty_class;
    3147             : 
    3148           5 : static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
    3149             :                 unsigned int index, unsigned int count)
    3150             : {
    3151             :         int err;
    3152             : 
    3153             :         /* init here, since reused cdevs cause crashes */
    3154           5 :         driver->cdevs[index] = cdev_alloc();
    3155           5 :         if (!driver->cdevs[index])
    3156             :                 return -ENOMEM;
    3157           5 :         driver->cdevs[index]->ops = &tty_fops;
    3158           5 :         driver->cdevs[index]->owner = driver->owner;
    3159           5 :         err = cdev_add(driver->cdevs[index], dev, count);
    3160           5 :         if (err)
    3161           0 :                 kobject_put(&driver->cdevs[index]->kobj);
    3162             :         return err;
    3163             : }
    3164             : 
    3165             : /**
    3166             :  * tty_register_device - register a tty device
    3167             :  * @driver: the tty driver that describes the tty device
    3168             :  * @index: the index in the tty driver for this tty device
    3169             :  * @device: a struct device that is associated with this tty device.
    3170             :  *      This field is optional, if there is no known struct device
    3171             :  *      for this tty device it can be set to NULL safely.
    3172             :  *
    3173             :  * This call is required to be made to register an individual tty device
    3174             :  * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set.  If
    3175             :  * that bit is not set, this function should not be called by a tty
    3176             :  * driver.
    3177             :  *
    3178             :  * Locking: ??
    3179             :  *
    3180             :  * Return: A pointer to the struct device for this tty device (or
    3181             :  * ERR_PTR(-EFOO) on error).
    3182             :  */
    3183           0 : struct device *tty_register_device(struct tty_driver *driver, unsigned index,
    3184             :                                    struct device *device)
    3185             : {
    3186         512 :         return tty_register_device_attr(driver, index, device, NULL, NULL);
    3187             : }
    3188             : EXPORT_SYMBOL(tty_register_device);
    3189             : 
    3190           0 : static void tty_device_create_release(struct device *dev)
    3191             : {
    3192             :         dev_dbg(dev, "releasing...\n");
    3193           0 :         kfree(dev);
    3194           0 : }
    3195             : 
    3196             : /**
    3197             :  * tty_register_device_attr - register a tty device
    3198             :  * @driver: the tty driver that describes the tty device
    3199             :  * @index: the index in the tty driver for this tty device
    3200             :  * @device: a struct device that is associated with this tty device.
    3201             :  *      This field is optional, if there is no known struct device
    3202             :  *      for this tty device it can be set to %NULL safely.
    3203             :  * @drvdata: Driver data to be set to device.
    3204             :  * @attr_grp: Attribute group to be set on device.
    3205             :  *
    3206             :  * This call is required to be made to register an individual tty device if the
    3207             :  * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
    3208             :  * not set, this function should not be called by a tty driver.
    3209             :  *
    3210             :  * Locking: ??
    3211             :  *
    3212             :  * Return: A pointer to the struct device for this tty device (or
    3213             :  * ERR_PTR(-EFOO) on error).
    3214             :  */
    3215         513 : struct device *tty_register_device_attr(struct tty_driver *driver,
    3216             :                                    unsigned index, struct device *device,
    3217             :                                    void *drvdata,
    3218             :                                    const struct attribute_group **attr_grp)
    3219             : {
    3220             :         char name[64];
    3221         513 :         dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
    3222             :         struct ktermios *tp;
    3223             :         struct device *dev;
    3224             :         int retval;
    3225             : 
    3226         513 :         if (index >= driver->num) {
    3227           0 :                 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
    3228             :                        driver->name, index);
    3229           0 :                 return ERR_PTR(-EINVAL);
    3230             :         }
    3231             : 
    3232         513 :         if (driver->type == TTY_DRIVER_TYPE_PTY)
    3233         512 :                 pty_line_name(driver, index, name);
    3234             :         else
    3235           1 :                 tty_line_name(driver, index, name);
    3236             : 
    3237         513 :         dev = kzalloc(sizeof(*dev), GFP_KERNEL);
    3238         513 :         if (!dev)
    3239             :                 return ERR_PTR(-ENOMEM);
    3240             : 
    3241         513 :         dev->devt = devt;
    3242         513 :         dev->class = tty_class;
    3243         513 :         dev->parent = device;
    3244         513 :         dev->release = tty_device_create_release;
    3245         513 :         dev_set_name(dev, "%s", name);
    3246         513 :         dev->groups = attr_grp;
    3247        1026 :         dev_set_drvdata(dev, drvdata);
    3248             : 
    3249         513 :         dev_set_uevent_suppress(dev, 1);
    3250             : 
    3251         513 :         retval = device_register(dev);
    3252         513 :         if (retval)
    3253             :                 goto err_put;
    3254             : 
    3255         513 :         if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
    3256             :                 /*
    3257             :                  * Free any saved termios data so that the termios state is
    3258             :                  * reset when reusing a minor number.
    3259             :                  */
    3260           1 :                 tp = driver->termios[index];
    3261           1 :                 if (tp) {
    3262           0 :                         driver->termios[index] = NULL;
    3263           0 :                         kfree(tp);
    3264             :                 }
    3265             : 
    3266           1 :                 retval = tty_cdev_add(driver, devt, index, 1);
    3267           1 :                 if (retval)
    3268             :                         goto err_del;
    3269             :         }
    3270             : 
    3271         513 :         dev_set_uevent_suppress(dev, 0);
    3272         513 :         kobject_uevent(&dev->kobj, KOBJ_ADD);
    3273             : 
    3274         513 :         return dev;
    3275             : 
    3276             : err_del:
    3277           0 :         device_del(dev);
    3278             : err_put:
    3279           0 :         put_device(dev);
    3280             : 
    3281           0 :         return ERR_PTR(retval);
    3282             : }
    3283             : EXPORT_SYMBOL_GPL(tty_register_device_attr);
    3284             : 
    3285             : /**
    3286             :  * tty_unregister_device - unregister a tty device
    3287             :  * @driver: the tty driver that describes the tty device
    3288             :  * @index: the index in the tty driver for this tty device
    3289             :  *
    3290             :  * If a tty device is registered with a call to tty_register_device() then
    3291             :  * this function must be called when the tty device is gone.
    3292             :  *
    3293             :  * Locking: ??
    3294             :  */
    3295           0 : void tty_unregister_device(struct tty_driver *driver, unsigned index)
    3296             : {
    3297           0 :         device_destroy(tty_class,
    3298           0 :                 MKDEV(driver->major, driver->minor_start) + index);
    3299           0 :         if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
    3300           0 :                 cdev_del(driver->cdevs[index]);
    3301           0 :                 driver->cdevs[index] = NULL;
    3302             :         }
    3303           0 : }
    3304             : EXPORT_SYMBOL(tty_unregister_device);
    3305             : 
    3306             : /**
    3307             :  * __tty_alloc_driver -- allocate tty driver
    3308             :  * @lines: count of lines this driver can handle at most
    3309             :  * @owner: module which is responsible for this driver
    3310             :  * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
    3311             :  *
    3312             :  * This should not be called directly, some of the provided macros should be
    3313             :  * used instead. Use IS_ERR() and friends on @retval.
    3314             :  */
    3315           5 : struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
    3316             :                 unsigned long flags)
    3317             : {
    3318             :         struct tty_driver *driver;
    3319           5 :         unsigned int cdevs = 1;
    3320             :         int err;
    3321             : 
    3322           5 :         if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
    3323             :                 return ERR_PTR(-EINVAL);
    3324             : 
    3325           5 :         driver = kzalloc(sizeof(*driver), GFP_KERNEL);
    3326           5 :         if (!driver)
    3327             :                 return ERR_PTR(-ENOMEM);
    3328             : 
    3329          10 :         kref_init(&driver->kref);
    3330           5 :         driver->num = lines;
    3331           5 :         driver->owner = owner;
    3332           5 :         driver->flags = flags;
    3333             : 
    3334           5 :         if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
    3335           6 :                 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
    3336             :                                 GFP_KERNEL);
    3337           6 :                 driver->termios = kcalloc(lines, sizeof(*driver->termios),
    3338             :                                 GFP_KERNEL);
    3339           3 :                 if (!driver->ttys || !driver->termios) {
    3340             :                         err = -ENOMEM;
    3341             :                         goto err_free_all;
    3342             :                 }
    3343             :         }
    3344             : 
    3345           5 :         if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
    3346           2 :                 driver->ports = kcalloc(lines, sizeof(*driver->ports),
    3347             :                                 GFP_KERNEL);
    3348           1 :                 if (!driver->ports) {
    3349             :                         err = -ENOMEM;
    3350             :                         goto err_free_all;
    3351             :                 }
    3352             :                 cdevs = lines;
    3353             :         }
    3354             : 
    3355          10 :         driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
    3356           5 :         if (!driver->cdevs) {
    3357             :                 err = -ENOMEM;
    3358             :                 goto err_free_all;
    3359             :         }
    3360             : 
    3361             :         return driver;
    3362             : err_free_all:
    3363           0 :         kfree(driver->ports);
    3364           0 :         kfree(driver->ttys);
    3365           0 :         kfree(driver->termios);
    3366           0 :         kfree(driver->cdevs);
    3367           0 :         kfree(driver);
    3368           0 :         return ERR_PTR(err);
    3369             : }
    3370             : EXPORT_SYMBOL(__tty_alloc_driver);
    3371             : 
    3372           0 : static void destruct_tty_driver(struct kref *kref)
    3373             : {
    3374           0 :         struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
    3375             :         int i;
    3376             :         struct ktermios *tp;
    3377             : 
    3378           0 :         if (driver->flags & TTY_DRIVER_INSTALLED) {
    3379           0 :                 for (i = 0; i < driver->num; i++) {
    3380           0 :                         tp = driver->termios[i];
    3381           0 :                         if (tp) {
    3382           0 :                                 driver->termios[i] = NULL;
    3383           0 :                                 kfree(tp);
    3384             :                         }
    3385           0 :                         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
    3386           0 :                                 tty_unregister_device(driver, i);
    3387             :                 }
    3388           0 :                 proc_tty_unregister_driver(driver);
    3389           0 :                 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
    3390           0 :                         cdev_del(driver->cdevs[0]);
    3391             :         }
    3392           0 :         kfree(driver->cdevs);
    3393           0 :         kfree(driver->ports);
    3394           0 :         kfree(driver->termios);
    3395           0 :         kfree(driver->ttys);
    3396           0 :         kfree(driver);
    3397           0 : }
    3398             : 
    3399             : /**
    3400             :  * tty_driver_kref_put -- drop a reference to a tty driver
    3401             :  * @driver: driver of which to drop the reference
    3402             :  *
    3403             :  * The final put will destroy and free up the driver.
    3404             :  */
    3405           0 : void tty_driver_kref_put(struct tty_driver *driver)
    3406             : {
    3407           0 :         kref_put(&driver->kref, destruct_tty_driver);
    3408           0 : }
    3409             : EXPORT_SYMBOL(tty_driver_kref_put);
    3410             : 
    3411             : /**
    3412             :  * tty_register_driver -- register a tty driver
    3413             :  * @driver: driver to register
    3414             :  *
    3415             :  * Called by a tty driver to register itself.
    3416             :  */
    3417           5 : int tty_register_driver(struct tty_driver *driver)
    3418             : {
    3419             :         int error;
    3420             :         int i;
    3421             :         dev_t dev;
    3422             :         struct device *d;
    3423             : 
    3424           5 :         if (!driver->major) {
    3425           0 :                 error = alloc_chrdev_region(&dev, driver->minor_start,
    3426             :                                                 driver->num, driver->name);
    3427           0 :                 if (!error) {
    3428           0 :                         driver->major = MAJOR(dev);
    3429           0 :                         driver->minor_start = MINOR(dev);
    3430             :                 }
    3431             :         } else {
    3432           5 :                 dev = MKDEV(driver->major, driver->minor_start);
    3433           5 :                 error = register_chrdev_region(dev, driver->num, driver->name);
    3434             :         }
    3435           5 :         if (error < 0)
    3436             :                 goto err;
    3437             : 
    3438           5 :         if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
    3439           4 :                 error = tty_cdev_add(driver, dev, 0, driver->num);
    3440           4 :                 if (error)
    3441             :                         goto err_unreg_char;
    3442             :         }
    3443             : 
    3444           5 :         mutex_lock(&tty_mutex);
    3445          10 :         list_add(&driver->tty_drivers, &tty_drivers);
    3446           5 :         mutex_unlock(&tty_mutex);
    3447             : 
    3448           5 :         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
    3449         512 :                 for (i = 0; i < driver->num; i++) {
    3450        1024 :                         d = tty_register_device(driver, i, NULL);
    3451         512 :                         if (IS_ERR(d)) {
    3452           0 :                                 error = PTR_ERR(d);
    3453             :                                 goto err_unreg_devs;
    3454             :                         }
    3455             :                 }
    3456             :         }
    3457           5 :         proc_tty_register_driver(driver);
    3458           5 :         driver->flags |= TTY_DRIVER_INSTALLED;
    3459           5 :         return 0;
    3460             : 
    3461             : err_unreg_devs:
    3462           0 :         for (i--; i >= 0; i--)
    3463           0 :                 tty_unregister_device(driver, i);
    3464             : 
    3465           0 :         mutex_lock(&tty_mutex);
    3466           0 :         list_del(&driver->tty_drivers);
    3467           0 :         mutex_unlock(&tty_mutex);
    3468             : 
    3469             : err_unreg_char:
    3470           0 :         unregister_chrdev_region(dev, driver->num);
    3471             : err:
    3472             :         return error;
    3473             : }
    3474             : EXPORT_SYMBOL(tty_register_driver);
    3475             : 
    3476             : /**
    3477             :  * tty_unregister_driver -- unregister a tty driver
    3478             :  * @driver: driver to unregister
    3479             :  *
    3480             :  * Called by a tty driver to unregister itself.
    3481             :  */
    3482           0 : void tty_unregister_driver(struct tty_driver *driver)
    3483             : {
    3484           0 :         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
    3485             :                                 driver->num);
    3486           0 :         mutex_lock(&tty_mutex);
    3487           0 :         list_del(&driver->tty_drivers);
    3488           0 :         mutex_unlock(&tty_mutex);
    3489           0 : }
    3490             : EXPORT_SYMBOL(tty_unregister_driver);
    3491             : 
    3492           0 : dev_t tty_devnum(struct tty_struct *tty)
    3493             : {
    3494           0 :         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
    3495             : }
    3496             : EXPORT_SYMBOL(tty_devnum);
    3497             : 
    3498           1 : void tty_default_fops(struct file_operations *fops)
    3499             : {
    3500           1 :         *fops = tty_fops;
    3501           1 : }
    3502             : 
    3503         516 : static char *tty_devnode(const struct device *dev, umode_t *mode)
    3504             : {
    3505         516 :         if (!mode)
    3506             :                 return NULL;
    3507         516 :         if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
    3508             :             dev->devt == MKDEV(TTYAUX_MAJOR, 2))
    3509           2 :                 *mode = 0666;
    3510             :         return NULL;
    3511             : }
    3512             : 
    3513           1 : static int __init tty_class_init(void)
    3514             : {
    3515           1 :         tty_class = class_create(THIS_MODULE, "tty");
    3516           2 :         if (IS_ERR(tty_class))
    3517           0 :                 return PTR_ERR(tty_class);
    3518           1 :         tty_class->devnode = tty_devnode;
    3519           1 :         return 0;
    3520             : }
    3521             : 
    3522             : postcore_initcall(tty_class_init);
    3523             : 
    3524             : /* 3/2004 jmc: why do these devices exist? */
    3525             : static struct cdev tty_cdev, console_cdev;
    3526             : 
    3527           0 : static ssize_t show_cons_active(struct device *dev,
    3528             :                                 struct device_attribute *attr, char *buf)
    3529             : {
    3530             :         struct console *cs[16];
    3531           0 :         int i = 0;
    3532             :         struct console *c;
    3533           0 :         ssize_t count = 0;
    3534             : 
    3535             :         /*
    3536             :          * Hold the console_list_lock to guarantee that no consoles are
    3537             :          * unregistered until all console processing is complete.
    3538             :          * This also allows safe traversal of the console list and
    3539             :          * race-free reading of @flags.
    3540             :          */
    3541           0 :         console_list_lock();
    3542             : 
    3543           0 :         for_each_console(c) {
    3544           0 :                 if (!c->device)
    3545           0 :                         continue;
    3546           0 :                 if (!c->write)
    3547           0 :                         continue;
    3548           0 :                 if ((c->flags & CON_ENABLED) == 0)
    3549           0 :                         continue;
    3550           0 :                 cs[i++] = c;
    3551           0 :                 if (i >= ARRAY_SIZE(cs))
    3552             :                         break;
    3553             :         }
    3554             : 
    3555             :         /*
    3556             :          * Take console_lock to serialize device() callback with
    3557             :          * other console operations. For example, fg_console is
    3558             :          * modified under console_lock when switching vt.
    3559             :          */
    3560           0 :         console_lock();
    3561           0 :         while (i--) {
    3562           0 :                 int index = cs[i]->index;
    3563           0 :                 struct tty_driver *drv = cs[i]->device(cs[i], &index);
    3564             : 
    3565             :                 /* don't resolve tty0 as some programs depend on it */
    3566           0 :                 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
    3567           0 :                         count += tty_line_name(drv, index, buf + count);
    3568             :                 else
    3569           0 :                         count += sprintf(buf + count, "%s%d",
    3570           0 :                                          cs[i]->name, cs[i]->index);
    3571             : 
    3572           0 :                 count += sprintf(buf + count, "%c", i ? ' ':'\n');
    3573             :         }
    3574           0 :         console_unlock();
    3575             : 
    3576           0 :         console_list_unlock();
    3577             : 
    3578           0 :         return count;
    3579             : }
    3580             : static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
    3581             : 
    3582             : static struct attribute *cons_dev_attrs[] = {
    3583             :         &dev_attr_active.attr,
    3584             :         NULL
    3585             : };
    3586             : 
    3587             : ATTRIBUTE_GROUPS(cons_dev);
    3588             : 
    3589             : static struct device *consdev;
    3590             : 
    3591           2 : void console_sysfs_notify(void)
    3592             : {
    3593           2 :         if (consdev)
    3594           2 :                 sysfs_notify(&consdev->kobj, NULL, "active");
    3595           2 : }
    3596             : 
    3597             : static struct ctl_table tty_table[] = {
    3598             :         {
    3599             :                 .procname       = "legacy_tiocsti",
    3600             :                 .data           = &tty_legacy_tiocsti,
    3601             :                 .maxlen         = sizeof(tty_legacy_tiocsti),
    3602             :                 .mode           = 0644,
    3603             :                 .proc_handler   = proc_dobool,
    3604             :         },
    3605             :         {
    3606             :                 .procname       = "ldisc_autoload",
    3607             :                 .data           = &tty_ldisc_autoload,
    3608             :                 .maxlen         = sizeof(tty_ldisc_autoload),
    3609             :                 .mode           = 0644,
    3610             :                 .proc_handler   = proc_dointvec,
    3611             :                 .extra1         = SYSCTL_ZERO,
    3612             :                 .extra2         = SYSCTL_ONE,
    3613             :         },
    3614             :         { }
    3615             : };
    3616             : 
    3617             : static struct ctl_table tty_dir_table[] = {
    3618             :         {
    3619             :                 .procname       = "tty",
    3620             :                 .mode           = 0555,
    3621             :                 .child          = tty_table,
    3622             :         },
    3623             :         { }
    3624             : };
    3625             : 
    3626             : static struct ctl_table tty_root_table[] = {
    3627             :         {
    3628             :                 .procname       = "dev",
    3629             :                 .mode           = 0555,
    3630             :                 .child          = tty_dir_table,
    3631             :         },
    3632             :         { }
    3633             : };
    3634             : 
    3635             : /*
    3636             :  * Ok, now we can initialize the rest of the tty devices and can count
    3637             :  * on memory allocations, interrupts etc..
    3638             :  */
    3639           1 : int __init tty_init(void)
    3640             : {
    3641           1 :         register_sysctl_table(tty_root_table);
    3642           1 :         cdev_init(&tty_cdev, &tty_fops);
    3643           2 :         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
    3644           1 :             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
    3645           0 :                 panic("Couldn't register /dev/tty driver\n");
    3646           1 :         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
    3647             : 
    3648           1 :         cdev_init(&console_cdev, &console_fops);
    3649           2 :         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
    3650           1 :             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
    3651           0 :                 panic("Couldn't register /dev/console driver\n");
    3652           1 :         consdev = device_create_with_groups(tty_class, NULL,
    3653             :                                             MKDEV(TTYAUX_MAJOR, 1), NULL,
    3654             :                                             cons_dev_groups, "console");
    3655           2 :         if (IS_ERR(consdev))
    3656           0 :                 consdev = NULL;
    3657             : 
    3658             : #ifdef CONFIG_VT
    3659             :         vty_init(&console_fops);
    3660             : #endif
    3661           1 :         return 0;
    3662             : }

Generated by: LCOV version 1.14