Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0
2 : /*
3 : * Copyright (C) 1991, 1992 Linus Torvalds
4 : */
5 :
6 : /*
7 : * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 : * or rs-channels. It also implements echoing, cooked mode etc.
9 : *
10 : * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 : *
12 : * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 : * tty_struct and tty_queue structures. Previously there was an array
14 : * of 256 tty_struct's which was statically allocated, and the
15 : * tty_queue structures were allocated at boot time. Both are now
16 : * dynamically allocated only when the tty is open.
17 : *
18 : * Also restructured routines so that there is more of a separation
19 : * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 : * the low-level tty routines (serial.c, pty.c, console.c). This
21 : * makes for cleaner and more compact code. -TYT, 9/17/92
22 : *
23 : * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 : * which can be dynamically activated and de-activated by the line
25 : * discipline handling modules (like SLIP).
26 : *
27 : * NOTE: pay no attention to the line discipline code (yet); its
28 : * interface is still subject to change in this version...
29 : * -- TYT, 1/31/92
30 : *
31 : * Added functionality to the OPOST tty handling. No delays, but all
32 : * other bits should be there.
33 : * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 : *
35 : * Rewrote canonical mode and added more termios flags.
36 : * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 : *
38 : * Reorganized FASYNC support so mouse code can share it.
39 : * -- ctm@ardi.com, 9Sep95
40 : *
41 : * New TIOCLINUX variants added.
42 : * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 : *
44 : * Restrict vt switching via ioctl()
45 : * -- grif@cs.ucr.edu, 5-Dec-95
46 : *
47 : * Move console and virtual terminal code to more appropriate files,
48 : * implement CONFIG_VT and generalize console device interface.
49 : * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 : *
51 : * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 : * -- Bill Hawes <whawes@star.net>, June 97
53 : *
54 : * Added devfs support.
55 : * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 : *
57 : * Added support for a Unix98-style ptmx device.
58 : * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 : *
60 : * Reduced memory usage for older ARM systems
61 : * -- Russell King <rmk@arm.linux.org.uk>
62 : *
63 : * Move do_SAK() into process context. Less stack use in devfs functions.
64 : * alloc_tty_struct() always uses kmalloc()
65 : * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 : */
67 :
68 : #include <linux/types.h>
69 : #include <linux/major.h>
70 : #include <linux/errno.h>
71 : #include <linux/signal.h>
72 : #include <linux/fcntl.h>
73 : #include <linux/sched/signal.h>
74 : #include <linux/sched/task.h>
75 : #include <linux/interrupt.h>
76 : #include <linux/tty.h>
77 : #include <linux/tty_driver.h>
78 : #include <linux/tty_flip.h>
79 : #include <linux/devpts_fs.h>
80 : #include <linux/file.h>
81 : #include <linux/fdtable.h>
82 : #include <linux/console.h>
83 : #include <linux/timer.h>
84 : #include <linux/ctype.h>
85 : #include <linux/kd.h>
86 : #include <linux/mm.h>
87 : #include <linux/string.h>
88 : #include <linux/slab.h>
89 : #include <linux/poll.h>
90 : #include <linux/ppp-ioctl.h>
91 : #include <linux/proc_fs.h>
92 : #include <linux/init.h>
93 : #include <linux/module.h>
94 : #include <linux/device.h>
95 : #include <linux/wait.h>
96 : #include <linux/bitops.h>
97 : #include <linux/delay.h>
98 : #include <linux/seq_file.h>
99 : #include <linux/serial.h>
100 : #include <linux/ratelimit.h>
101 : #include <linux/compat.h>
102 :
103 : #include <linux/uaccess.h>
104 :
105 : #include <linux/kbd_kern.h>
106 : #include <linux/vt_kern.h>
107 : #include <linux/selection.h>
108 :
109 : #include <linux/kmod.h>
110 : #include <linux/nsproxy.h>
111 : #include "tty.h"
112 :
113 : #undef TTY_DEBUG_HANGUP
114 : #ifdef TTY_DEBUG_HANGUP
115 : # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
116 : #else
117 : # define tty_debug_hangup(tty, f, args...) do { } while (0)
118 : #endif
119 :
120 : #define TTY_PARANOIA_CHECK 1
121 : #define CHECK_TTY_COUNT 1
122 :
123 : struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
124 : .c_iflag = ICRNL | IXON,
125 : .c_oflag = OPOST | ONLCR,
126 : .c_cflag = B38400 | CS8 | CREAD | HUPCL,
127 : .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
128 : ECHOCTL | ECHOKE | IEXTEN,
129 : .c_cc = INIT_C_CC,
130 : .c_ispeed = 38400,
131 : .c_ospeed = 38400,
132 : /* .c_line = N_TTY, */
133 : };
134 : EXPORT_SYMBOL(tty_std_termios);
135 :
136 : /* This list gets poked at by procfs and various bits of boot up code. This
137 : * could do with some rationalisation such as pulling the tty proc function
138 : * into this file.
139 : */
140 :
141 : LIST_HEAD(tty_drivers); /* linked list of tty drivers */
142 :
143 : /* Mutex to protect creating and releasing a tty */
144 : DEFINE_MUTEX(tty_mutex);
145 :
146 : static ssize_t tty_read(struct kiocb *, struct iov_iter *);
147 : static ssize_t tty_write(struct kiocb *, struct iov_iter *);
148 : static __poll_t tty_poll(struct file *, poll_table *);
149 : static int tty_open(struct inode *, struct file *);
150 : #ifdef CONFIG_COMPAT
151 : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
152 : unsigned long arg);
153 : #else
154 : #define tty_compat_ioctl NULL
155 : #endif
156 : static int __tty_fasync(int fd, struct file *filp, int on);
157 : static int tty_fasync(int fd, struct file *filp, int on);
158 : static void release_tty(struct tty_struct *tty, int idx);
159 :
160 : /**
161 : * free_tty_struct - free a disused tty
162 : * @tty: tty struct to free
163 : *
164 : * Free the write buffers, tty queue and tty memory itself.
165 : *
166 : * Locking: none. Must be called after tty is definitely unused
167 : */
168 0 : static void free_tty_struct(struct tty_struct *tty)
169 : {
170 0 : tty_ldisc_deinit(tty);
171 0 : put_device(tty->dev);
172 0 : kvfree(tty->write_buf);
173 0 : tty->magic = 0xDEADDEAD;
174 0 : kfree(tty);
175 0 : }
176 :
177 : static inline struct tty_struct *file_tty(struct file *file)
178 : {
179 0 : return ((struct tty_file_private *)file->private_data)->tty;
180 : }
181 :
182 0 : int tty_alloc_file(struct file *file)
183 : {
184 : struct tty_file_private *priv;
185 :
186 0 : priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 0 : if (!priv)
188 : return -ENOMEM;
189 :
190 0 : file->private_data = priv;
191 :
192 0 : return 0;
193 : }
194 :
195 : /* Associate a new file with the tty structure */
196 0 : void tty_add_file(struct tty_struct *tty, struct file *file)
197 : {
198 0 : struct tty_file_private *priv = file->private_data;
199 :
200 0 : priv->tty = tty;
201 0 : priv->file = file;
202 :
203 0 : spin_lock(&tty->files_lock);
204 0 : list_add(&priv->list, &tty->tty_files);
205 0 : spin_unlock(&tty->files_lock);
206 0 : }
207 :
208 : /**
209 : * tty_free_file - free file->private_data
210 : * @file: to free private_data of
211 : *
212 : * This shall be used only for fail path handling when tty_add_file was not
213 : * called yet.
214 : */
215 0 : void tty_free_file(struct file *file)
216 : {
217 0 : struct tty_file_private *priv = file->private_data;
218 :
219 0 : file->private_data = NULL;
220 0 : kfree(priv);
221 0 : }
222 :
223 : /* Delete file from its tty */
224 0 : static void tty_del_file(struct file *file)
225 : {
226 0 : struct tty_file_private *priv = file->private_data;
227 0 : struct tty_struct *tty = priv->tty;
228 :
229 0 : spin_lock(&tty->files_lock);
230 0 : list_del(&priv->list);
231 0 : spin_unlock(&tty->files_lock);
232 0 : tty_free_file(file);
233 0 : }
234 :
235 : /**
236 : * tty_name - return tty naming
237 : * @tty: tty structure
238 : *
239 : * Convert a tty structure into a name. The name reflects the kernel naming
240 : * policy and if udev is in use may not reflect user space
241 : *
242 : * Locking: none
243 : */
244 0 : const char *tty_name(const struct tty_struct *tty)
245 : {
246 0 : if (!tty) /* Hmm. NULL pointer. That's fun. */
247 : return "NULL tty";
248 0 : return tty->name;
249 : }
250 : EXPORT_SYMBOL(tty_name);
251 :
252 0 : const char *tty_driver_name(const struct tty_struct *tty)
253 : {
254 0 : if (!tty || !tty->driver)
255 : return "";
256 0 : return tty->driver->name;
257 : }
258 :
259 0 : static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 : const char *routine)
261 : {
262 : #ifdef TTY_PARANOIA_CHECK
263 0 : if (!tty) {
264 0 : pr_warn("(%d:%d): %s: NULL tty\n",
265 : imajor(inode), iminor(inode), routine);
266 0 : return 1;
267 : }
268 0 : if (tty->magic != TTY_MAGIC) {
269 0 : pr_warn("(%d:%d): %s: bad magic number\n",
270 : imajor(inode), iminor(inode), routine);
271 0 : return 1;
272 : }
273 : #endif
274 : return 0;
275 : }
276 :
277 : /* Caller must hold tty_lock */
278 0 : static int check_tty_count(struct tty_struct *tty, const char *routine)
279 : {
280 : #ifdef CHECK_TTY_COUNT
281 : struct list_head *p;
282 0 : int count = 0, kopen_count = 0;
283 :
284 0 : spin_lock(&tty->files_lock);
285 0 : list_for_each(p, &tty->tty_files) {
286 0 : count++;
287 : }
288 0 : spin_unlock(&tty->files_lock);
289 0 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
290 0 : tty->driver->subtype == PTY_TYPE_SLAVE &&
291 0 : tty->link && tty->link->count)
292 0 : count++;
293 0 : if (tty_port_kopened(tty->port))
294 0 : kopen_count++;
295 0 : if (tty->count != (count + kopen_count)) {
296 0 : tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
297 : routine, tty->count, count, kopen_count);
298 0 : return (count + kopen_count);
299 : }
300 : #endif
301 : return 0;
302 : }
303 :
304 : /**
305 : * get_tty_driver - find device of a tty
306 : * @device: device identifier
307 : * @index: returns the index of the tty
308 : *
309 : * This routine returns a tty driver structure, given a device number and also
310 : * passes back the index number.
311 : *
312 : * Locking: caller must hold tty_mutex
313 : */
314 0 : static struct tty_driver *get_tty_driver(dev_t device, int *index)
315 : {
316 : struct tty_driver *p;
317 :
318 0 : list_for_each_entry(p, &tty_drivers, tty_drivers) {
319 0 : dev_t base = MKDEV(p->major, p->minor_start);
320 :
321 0 : if (device < base || device >= base + p->num)
322 0 : continue;
323 0 : *index = device - base;
324 0 : return tty_driver_kref_get(p);
325 : }
326 : return NULL;
327 : }
328 :
329 : /**
330 : * tty_dev_name_to_number - return dev_t for device name
331 : * @name: user space name of device under /dev
332 : * @number: pointer to dev_t that this function will populate
333 : *
334 : * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
335 : * (4, 64) or (188, 1). If no corresponding driver is registered then the
336 : * function returns -%ENODEV.
337 : *
338 : * Locking: this acquires tty_mutex to protect the tty_drivers list from
339 : * being modified while we are traversing it, and makes sure to
340 : * release it before exiting.
341 : */
342 0 : int tty_dev_name_to_number(const char *name, dev_t *number)
343 : {
344 : struct tty_driver *p;
345 : int ret;
346 0 : int index, prefix_length = 0;
347 : const char *str;
348 :
349 0 : for (str = name; *str && !isdigit(*str); str++)
350 : ;
351 :
352 0 : if (!*str)
353 : return -EINVAL;
354 :
355 0 : ret = kstrtoint(str, 10, &index);
356 0 : if (ret)
357 : return ret;
358 :
359 0 : prefix_length = str - name;
360 0 : mutex_lock(&tty_mutex);
361 :
362 0 : list_for_each_entry(p, &tty_drivers, tty_drivers)
363 0 : if (prefix_length == strlen(p->name) && strncmp(name,
364 : p->name, prefix_length) == 0) {
365 0 : if (index < p->num) {
366 0 : *number = MKDEV(p->major, p->minor_start + index);
367 0 : goto out;
368 : }
369 : }
370 :
371 : /* if here then driver wasn't found */
372 : ret = -ENODEV;
373 : out:
374 0 : mutex_unlock(&tty_mutex);
375 0 : return ret;
376 : }
377 : EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
378 :
379 : #ifdef CONFIG_CONSOLE_POLL
380 :
381 : /**
382 : * tty_find_polling_driver - find device of a polled tty
383 : * @name: name string to match
384 : * @line: pointer to resulting tty line nr
385 : *
386 : * This routine returns a tty driver structure, given a name and the condition
387 : * that the tty driver is capable of polled operation.
388 : */
389 : struct tty_driver *tty_find_polling_driver(char *name, int *line)
390 : {
391 : struct tty_driver *p, *res = NULL;
392 : int tty_line = 0;
393 : int len;
394 : char *str, *stp;
395 :
396 : for (str = name; *str; str++)
397 : if ((*str >= '0' && *str <= '9') || *str == ',')
398 : break;
399 : if (!*str)
400 : return NULL;
401 :
402 : len = str - name;
403 : tty_line = simple_strtoul(str, &str, 10);
404 :
405 : mutex_lock(&tty_mutex);
406 : /* Search through the tty devices to look for a match */
407 : list_for_each_entry(p, &tty_drivers, tty_drivers) {
408 : if (!len || strncmp(name, p->name, len) != 0)
409 : continue;
410 : stp = str;
411 : if (*stp == ',')
412 : stp++;
413 : if (*stp == '\0')
414 : stp = NULL;
415 :
416 : if (tty_line >= 0 && tty_line < p->num && p->ops &&
417 : p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
418 : res = tty_driver_kref_get(p);
419 : *line = tty_line;
420 : break;
421 : }
422 : }
423 : mutex_unlock(&tty_mutex);
424 :
425 : return res;
426 : }
427 : EXPORT_SYMBOL_GPL(tty_find_polling_driver);
428 : #endif
429 :
430 0 : static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
431 : {
432 0 : return 0;
433 : }
434 :
435 0 : static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
436 : {
437 0 : return -EIO;
438 : }
439 :
440 : /* No kernel lock held - none needed ;) */
441 0 : static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
442 : {
443 0 : return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
444 : }
445 :
446 0 : static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
447 : unsigned long arg)
448 : {
449 0 : return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
450 : }
451 :
452 0 : static long hung_up_tty_compat_ioctl(struct file *file,
453 : unsigned int cmd, unsigned long arg)
454 : {
455 0 : return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
456 : }
457 :
458 0 : static int hung_up_tty_fasync(int fd, struct file *file, int on)
459 : {
460 0 : return -ENOTTY;
461 : }
462 :
463 0 : static void tty_show_fdinfo(struct seq_file *m, struct file *file)
464 : {
465 0 : struct tty_struct *tty = file_tty(file);
466 :
467 0 : if (tty && tty->ops && tty->ops->show_fdinfo)
468 0 : tty->ops->show_fdinfo(tty, m);
469 0 : }
470 :
471 : static const struct file_operations tty_fops = {
472 : .llseek = no_llseek,
473 : .read_iter = tty_read,
474 : .write_iter = tty_write,
475 : .splice_read = generic_file_splice_read,
476 : .splice_write = iter_file_splice_write,
477 : .poll = tty_poll,
478 : .unlocked_ioctl = tty_ioctl,
479 : .compat_ioctl = tty_compat_ioctl,
480 : .open = tty_open,
481 : .release = tty_release,
482 : .fasync = tty_fasync,
483 : .show_fdinfo = tty_show_fdinfo,
484 : };
485 :
486 : static const struct file_operations console_fops = {
487 : .llseek = no_llseek,
488 : .read_iter = tty_read,
489 : .write_iter = redirected_tty_write,
490 : .splice_read = generic_file_splice_read,
491 : .splice_write = iter_file_splice_write,
492 : .poll = tty_poll,
493 : .unlocked_ioctl = tty_ioctl,
494 : .compat_ioctl = tty_compat_ioctl,
495 : .open = tty_open,
496 : .release = tty_release,
497 : .fasync = tty_fasync,
498 : };
499 :
500 : static const struct file_operations hung_up_tty_fops = {
501 : .llseek = no_llseek,
502 : .read_iter = hung_up_tty_read,
503 : .write_iter = hung_up_tty_write,
504 : .poll = hung_up_tty_poll,
505 : .unlocked_ioctl = hung_up_tty_ioctl,
506 : .compat_ioctl = hung_up_tty_compat_ioctl,
507 : .release = tty_release,
508 : .fasync = hung_up_tty_fasync,
509 : };
510 :
511 : static DEFINE_SPINLOCK(redirect_lock);
512 : static struct file *redirect;
513 :
514 : /**
515 : * tty_wakeup - request more data
516 : * @tty: terminal
517 : *
518 : * Internal and external helper for wakeups of tty. This function informs the
519 : * line discipline if present that the driver is ready to receive more output
520 : * data.
521 : */
522 0 : void tty_wakeup(struct tty_struct *tty)
523 : {
524 : struct tty_ldisc *ld;
525 :
526 0 : if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
527 0 : ld = tty_ldisc_ref(tty);
528 0 : if (ld) {
529 0 : if (ld->ops->write_wakeup)
530 0 : ld->ops->write_wakeup(tty);
531 0 : tty_ldisc_deref(ld);
532 : }
533 : }
534 0 : wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
535 0 : }
536 : EXPORT_SYMBOL_GPL(tty_wakeup);
537 :
538 : /**
539 : * tty_release_redirect - Release a redirect on a pty if present
540 : * @tty: tty device
541 : *
542 : * This is available to the pty code so if the master closes, if the slave is a
543 : * redirect it can release the redirect.
544 : */
545 : static struct file *tty_release_redirect(struct tty_struct *tty)
546 : {
547 0 : struct file *f = NULL;
548 :
549 0 : spin_lock(&redirect_lock);
550 0 : if (redirect && file_tty(redirect) == tty) {
551 0 : f = redirect;
552 0 : redirect = NULL;
553 : }
554 0 : spin_unlock(&redirect_lock);
555 :
556 : return f;
557 : }
558 :
559 : /**
560 : * __tty_hangup - actual handler for hangup events
561 : * @tty: tty device
562 : * @exit_session: if non-zero, signal all foreground group processes
563 : *
564 : * This can be called by a "kworker" kernel thread. That is process synchronous
565 : * but doesn't hold any locks, so we need to make sure we have the appropriate
566 : * locks for what we're doing.
567 : *
568 : * The hangup event clears any pending redirections onto the hung up device. It
569 : * ensures future writes will error and it does the needed line discipline
570 : * hangup and signal delivery. The tty object itself remains intact.
571 : *
572 : * Locking:
573 : * * BTM
574 : *
575 : * * redirect lock for undoing redirection
576 : * * file list lock for manipulating list of ttys
577 : * * tty_ldiscs_lock from called functions
578 : * * termios_rwsem resetting termios data
579 : * * tasklist_lock to walk task list for hangup event
580 : *
581 : * * ->siglock to protect ->signal/->sighand
582 : *
583 : */
584 0 : static void __tty_hangup(struct tty_struct *tty, int exit_session)
585 : {
586 0 : struct file *cons_filp = NULL;
587 : struct file *filp, *f;
588 : struct tty_file_private *priv;
589 0 : int closecount = 0, n;
590 : int refs;
591 :
592 0 : if (!tty)
593 : return;
594 :
595 0 : f = tty_release_redirect(tty);
596 :
597 0 : tty_lock(tty);
598 :
599 0 : if (test_bit(TTY_HUPPED, &tty->flags)) {
600 0 : tty_unlock(tty);
601 0 : return;
602 : }
603 :
604 : /*
605 : * Some console devices aren't actually hung up for technical and
606 : * historical reasons, which can lead to indefinite interruptible
607 : * sleep in n_tty_read(). The following explicitly tells
608 : * n_tty_read() to abort readers.
609 : */
610 0 : set_bit(TTY_HUPPING, &tty->flags);
611 :
612 : /* inuse_filps is protected by the single tty lock,
613 : * this really needs to change if we want to flush the
614 : * workqueue with the lock held.
615 : */
616 0 : check_tty_count(tty, "tty_hangup");
617 :
618 0 : spin_lock(&tty->files_lock);
619 : /* This breaks for file handles being sent over AF_UNIX sockets ? */
620 0 : list_for_each_entry(priv, &tty->tty_files, list) {
621 0 : filp = priv->file;
622 0 : if (filp->f_op->write_iter == redirected_tty_write)
623 0 : cons_filp = filp;
624 0 : if (filp->f_op->write_iter != tty_write)
625 0 : continue;
626 0 : closecount++;
627 0 : __tty_fasync(-1, filp, 0); /* can't block */
628 0 : filp->f_op = &hung_up_tty_fops;
629 : }
630 0 : spin_unlock(&tty->files_lock);
631 :
632 0 : refs = tty_signal_session_leader(tty, exit_session);
633 : /* Account for the p->signal references we killed */
634 0 : while (refs--)
635 : tty_kref_put(tty);
636 :
637 0 : tty_ldisc_hangup(tty, cons_filp != NULL);
638 :
639 0 : spin_lock_irq(&tty->ctrl.lock);
640 0 : clear_bit(TTY_THROTTLED, &tty->flags);
641 0 : clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
642 0 : put_pid(tty->ctrl.session);
643 0 : put_pid(tty->ctrl.pgrp);
644 0 : tty->ctrl.session = NULL;
645 0 : tty->ctrl.pgrp = NULL;
646 0 : tty->ctrl.pktstatus = 0;
647 0 : spin_unlock_irq(&tty->ctrl.lock);
648 :
649 : /*
650 : * If one of the devices matches a console pointer, we
651 : * cannot just call hangup() because that will cause
652 : * tty->count and state->count to go out of sync.
653 : * So we just call close() the right number of times.
654 : */
655 0 : if (cons_filp) {
656 0 : if (tty->ops->close)
657 0 : for (n = 0; n < closecount; n++)
658 0 : tty->ops->close(tty, cons_filp);
659 0 : } else if (tty->ops->hangup)
660 0 : tty->ops->hangup(tty);
661 : /*
662 : * We don't want to have driver/ldisc interactions beyond the ones
663 : * we did here. The driver layer expects no calls after ->hangup()
664 : * from the ldisc side, which is now guaranteed.
665 : */
666 0 : set_bit(TTY_HUPPED, &tty->flags);
667 0 : clear_bit(TTY_HUPPING, &tty->flags);
668 0 : tty_unlock(tty);
669 :
670 0 : if (f)
671 0 : fput(f);
672 : }
673 :
674 0 : static void do_tty_hangup(struct work_struct *work)
675 : {
676 0 : struct tty_struct *tty =
677 0 : container_of(work, struct tty_struct, hangup_work);
678 :
679 0 : __tty_hangup(tty, 0);
680 0 : }
681 :
682 : /**
683 : * tty_hangup - trigger a hangup event
684 : * @tty: tty to hangup
685 : *
686 : * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
687 : * hangup sequence to run after this event.
688 : */
689 0 : void tty_hangup(struct tty_struct *tty)
690 : {
691 : tty_debug_hangup(tty, "hangup\n");
692 0 : schedule_work(&tty->hangup_work);
693 0 : }
694 : EXPORT_SYMBOL(tty_hangup);
695 :
696 : /**
697 : * tty_vhangup - process vhangup
698 : * @tty: tty to hangup
699 : *
700 : * The user has asked via system call for the terminal to be hung up. We do
701 : * this synchronously so that when the syscall returns the process is complete.
702 : * That guarantee is necessary for security reasons.
703 : */
704 0 : void tty_vhangup(struct tty_struct *tty)
705 : {
706 : tty_debug_hangup(tty, "vhangup\n");
707 0 : __tty_hangup(tty, 0);
708 0 : }
709 : EXPORT_SYMBOL(tty_vhangup);
710 :
711 :
712 : /**
713 : * tty_vhangup_self - process vhangup for own ctty
714 : *
715 : * Perform a vhangup on the current controlling tty
716 : */
717 0 : void tty_vhangup_self(void)
718 : {
719 : struct tty_struct *tty;
720 :
721 0 : tty = get_current_tty();
722 0 : if (tty) {
723 0 : tty_vhangup(tty);
724 : tty_kref_put(tty);
725 : }
726 0 : }
727 :
728 : /**
729 : * tty_vhangup_session - hangup session leader exit
730 : * @tty: tty to hangup
731 : *
732 : * The session leader is exiting and hanging up its controlling terminal.
733 : * Every process in the foreground process group is signalled %SIGHUP.
734 : *
735 : * We do this synchronously so that when the syscall returns the process is
736 : * complete. That guarantee is necessary for security reasons.
737 : */
738 0 : void tty_vhangup_session(struct tty_struct *tty)
739 : {
740 : tty_debug_hangup(tty, "session hangup\n");
741 0 : __tty_hangup(tty, 1);
742 0 : }
743 :
744 : /**
745 : * tty_hung_up_p - was tty hung up
746 : * @filp: file pointer of tty
747 : *
748 : * Return: true if the tty has been subject to a vhangup or a carrier loss
749 : */
750 0 : int tty_hung_up_p(struct file *filp)
751 : {
752 0 : return (filp && filp->f_op == &hung_up_tty_fops);
753 : }
754 : EXPORT_SYMBOL(tty_hung_up_p);
755 :
756 0 : void __stop_tty(struct tty_struct *tty)
757 : {
758 0 : if (tty->flow.stopped)
759 : return;
760 0 : tty->flow.stopped = true;
761 0 : if (tty->ops->stop)
762 0 : tty->ops->stop(tty);
763 : }
764 :
765 : /**
766 : * stop_tty - propagate flow control
767 : * @tty: tty to stop
768 : *
769 : * Perform flow control to the driver. May be called on an already stopped
770 : * device and will not re-call the &tty_driver->stop() method.
771 : *
772 : * This functionality is used by both the line disciplines for halting incoming
773 : * flow and by the driver. It may therefore be called from any context, may be
774 : * under the tty %atomic_write_lock but not always.
775 : *
776 : * Locking:
777 : * flow.lock
778 : */
779 0 : void stop_tty(struct tty_struct *tty)
780 : {
781 : unsigned long flags;
782 :
783 0 : spin_lock_irqsave(&tty->flow.lock, flags);
784 0 : __stop_tty(tty);
785 0 : spin_unlock_irqrestore(&tty->flow.lock, flags);
786 0 : }
787 : EXPORT_SYMBOL(stop_tty);
788 :
789 0 : void __start_tty(struct tty_struct *tty)
790 : {
791 0 : if (!tty->flow.stopped || tty->flow.tco_stopped)
792 : return;
793 0 : tty->flow.stopped = false;
794 0 : if (tty->ops->start)
795 0 : tty->ops->start(tty);
796 0 : tty_wakeup(tty);
797 : }
798 :
799 : /**
800 : * start_tty - propagate flow control
801 : * @tty: tty to start
802 : *
803 : * Start a tty that has been stopped if at all possible. If @tty was previously
804 : * stopped and is now being started, the &tty_driver->start() method is invoked
805 : * and the line discipline woken.
806 : *
807 : * Locking:
808 : * flow.lock
809 : */
810 0 : void start_tty(struct tty_struct *tty)
811 : {
812 : unsigned long flags;
813 :
814 0 : spin_lock_irqsave(&tty->flow.lock, flags);
815 0 : __start_tty(tty);
816 0 : spin_unlock_irqrestore(&tty->flow.lock, flags);
817 0 : }
818 : EXPORT_SYMBOL(start_tty);
819 :
820 : static void tty_update_time(struct timespec64 *time)
821 : {
822 0 : time64_t sec = ktime_get_real_seconds();
823 :
824 : /*
825 : * We only care if the two values differ in anything other than the
826 : * lower three bits (i.e every 8 seconds). If so, then we can update
827 : * the time of the tty device, otherwise it could be construded as a
828 : * security leak to let userspace know the exact timing of the tty.
829 : */
830 0 : if ((sec ^ time->tv_sec) & ~7)
831 0 : time->tv_sec = sec;
832 : }
833 :
834 : /*
835 : * Iterate on the ldisc ->read() function until we've gotten all
836 : * the data the ldisc has for us.
837 : *
838 : * The "cookie" is something that the ldisc read function can fill
839 : * in to let us know that there is more data to be had.
840 : *
841 : * We promise to continue to call the ldisc until it stops returning
842 : * data or clears the cookie. The cookie may be something that the
843 : * ldisc maintains state for and needs to free.
844 : */
845 0 : static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
846 : struct file *file, struct iov_iter *to)
847 : {
848 0 : int retval = 0;
849 0 : void *cookie = NULL;
850 0 : unsigned long offset = 0;
851 : char kernel_buf[64];
852 0 : size_t count = iov_iter_count(to);
853 :
854 : do {
855 : int size, copied;
856 :
857 0 : size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
858 0 : size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
859 0 : if (!size)
860 : break;
861 :
862 0 : if (size < 0) {
863 : /* Did we have an earlier error (ie -EFAULT)? */
864 0 : if (retval)
865 : break;
866 0 : retval = size;
867 :
868 : /*
869 : * -EOVERFLOW means we didn't have enough space
870 : * for a whole packet, and we shouldn't return
871 : * a partial result.
872 : */
873 0 : if (retval == -EOVERFLOW)
874 0 : offset = 0;
875 : break;
876 : }
877 :
878 0 : copied = copy_to_iter(kernel_buf, size, to);
879 0 : offset += copied;
880 0 : count -= copied;
881 :
882 : /*
883 : * If the user copy failed, we still need to do another ->read()
884 : * call if we had a cookie to let the ldisc clear up.
885 : *
886 : * But make sure size is zeroed.
887 : */
888 0 : if (unlikely(copied != size)) {
889 0 : count = 0;
890 0 : retval = -EFAULT;
891 : }
892 0 : } while (cookie);
893 :
894 : /* We always clear tty buffer in case they contained passwords */
895 0 : memzero_explicit(kernel_buf, sizeof(kernel_buf));
896 0 : return offset ? offset : retval;
897 : }
898 :
899 :
900 : /**
901 : * tty_read - read method for tty device files
902 : * @iocb: kernel I/O control block
903 : * @to: destination for the data read
904 : *
905 : * Perform the read system call function on this terminal device. Checks
906 : * for hung up devices before calling the line discipline method.
907 : *
908 : * Locking:
909 : * Locks the line discipline internally while needed. Multiple read calls
910 : * may be outstanding in parallel.
911 : */
912 0 : static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
913 : {
914 : int i;
915 0 : struct file *file = iocb->ki_filp;
916 0 : struct inode *inode = file_inode(file);
917 0 : struct tty_struct *tty = file_tty(file);
918 : struct tty_ldisc *ld;
919 :
920 0 : if (tty_paranoia_check(tty, inode, "tty_read"))
921 : return -EIO;
922 0 : if (!tty || tty_io_error(tty))
923 : return -EIO;
924 :
925 : /* We want to wait for the line discipline to sort out in this
926 : * situation.
927 : */
928 0 : ld = tty_ldisc_ref_wait(tty);
929 0 : if (!ld)
930 : return hung_up_tty_read(iocb, to);
931 0 : i = -EIO;
932 0 : if (ld->ops->read)
933 0 : i = iterate_tty_read(ld, tty, file, to);
934 0 : tty_ldisc_deref(ld);
935 :
936 0 : if (i > 0)
937 0 : tty_update_time(&inode->i_atime);
938 :
939 0 : return i;
940 : }
941 :
942 0 : static void tty_write_unlock(struct tty_struct *tty)
943 : {
944 0 : mutex_unlock(&tty->atomic_write_lock);
945 0 : wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
946 0 : }
947 :
948 0 : static int tty_write_lock(struct tty_struct *tty, int ndelay)
949 : {
950 0 : if (!mutex_trylock(&tty->atomic_write_lock)) {
951 0 : if (ndelay)
952 : return -EAGAIN;
953 0 : if (mutex_lock_interruptible(&tty->atomic_write_lock))
954 : return -ERESTARTSYS;
955 : }
956 : return 0;
957 : }
958 :
959 : /*
960 : * Split writes up in sane blocksizes to avoid
961 : * denial-of-service type attacks
962 : */
963 0 : static inline ssize_t do_tty_write(
964 : ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
965 : struct tty_struct *tty,
966 : struct file *file,
967 : struct iov_iter *from)
968 : {
969 0 : size_t count = iov_iter_count(from);
970 0 : ssize_t ret, written = 0;
971 : unsigned int chunk;
972 :
973 0 : ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
974 0 : if (ret < 0)
975 : return ret;
976 :
977 : /*
978 : * We chunk up writes into a temporary buffer. This
979 : * simplifies low-level drivers immensely, since they
980 : * don't have locking issues and user mode accesses.
981 : *
982 : * But if TTY_NO_WRITE_SPLIT is set, we should use a
983 : * big chunk-size..
984 : *
985 : * The default chunk-size is 2kB, because the NTTY
986 : * layer has problems with bigger chunks. It will
987 : * claim to be able to handle more characters than
988 : * it actually does.
989 : */
990 0 : chunk = 2048;
991 0 : if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
992 0 : chunk = 65536;
993 0 : if (count < chunk)
994 0 : chunk = count;
995 :
996 : /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
997 0 : if (tty->write_cnt < chunk) {
998 : unsigned char *buf_chunk;
999 :
1000 0 : if (chunk < 1024)
1001 0 : chunk = 1024;
1002 :
1003 0 : buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1004 0 : if (!buf_chunk) {
1005 : ret = -ENOMEM;
1006 : goto out;
1007 : }
1008 0 : kvfree(tty->write_buf);
1009 0 : tty->write_cnt = chunk;
1010 0 : tty->write_buf = buf_chunk;
1011 : }
1012 :
1013 : /* Do the write .. */
1014 0 : for (;;) {
1015 0 : size_t size = count;
1016 :
1017 0 : if (size > chunk)
1018 0 : size = chunk;
1019 :
1020 0 : ret = -EFAULT;
1021 0 : if (copy_from_iter(tty->write_buf, size, from) != size)
1022 : break;
1023 :
1024 0 : ret = write(tty, file, tty->write_buf, size);
1025 0 : if (ret <= 0)
1026 : break;
1027 :
1028 0 : written += ret;
1029 0 : if (ret > size)
1030 : break;
1031 :
1032 : /* FIXME! Have Al check this! */
1033 0 : if (ret != size)
1034 0 : iov_iter_revert(from, size-ret);
1035 :
1036 0 : count -= ret;
1037 0 : if (!count)
1038 : break;
1039 0 : ret = -ERESTARTSYS;
1040 0 : if (signal_pending(current))
1041 : break;
1042 0 : cond_resched();
1043 : }
1044 0 : if (written) {
1045 0 : tty_update_time(&file_inode(file)->i_mtime);
1046 : ret = written;
1047 : }
1048 : out:
1049 0 : tty_write_unlock(tty);
1050 0 : return ret;
1051 : }
1052 :
1053 : /**
1054 : * tty_write_message - write a message to a certain tty, not just the console.
1055 : * @tty: the destination tty_struct
1056 : * @msg: the message to write
1057 : *
1058 : * This is used for messages that need to be redirected to a specific tty. We
1059 : * don't put it into the syslog queue right now maybe in the future if really
1060 : * needed.
1061 : *
1062 : * We must still hold the BTM and test the CLOSING flag for the moment.
1063 : */
1064 0 : void tty_write_message(struct tty_struct *tty, char *msg)
1065 : {
1066 0 : if (tty) {
1067 0 : mutex_lock(&tty->atomic_write_lock);
1068 0 : tty_lock(tty);
1069 0 : if (tty->ops->write && tty->count > 0)
1070 0 : tty->ops->write(tty, msg, strlen(msg));
1071 0 : tty_unlock(tty);
1072 0 : tty_write_unlock(tty);
1073 : }
1074 0 : }
1075 :
1076 0 : static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1077 : {
1078 0 : struct tty_struct *tty = file_tty(file);
1079 : struct tty_ldisc *ld;
1080 : ssize_t ret;
1081 :
1082 0 : if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1083 : return -EIO;
1084 0 : if (!tty || !tty->ops->write || tty_io_error(tty))
1085 : return -EIO;
1086 : /* Short term debug to catch buggy drivers */
1087 0 : if (tty->ops->write_room == NULL)
1088 0 : tty_err(tty, "missing write_room method\n");
1089 0 : ld = tty_ldisc_ref_wait(tty);
1090 0 : if (!ld)
1091 : return hung_up_tty_write(iocb, from);
1092 0 : if (!ld->ops->write)
1093 : ret = -EIO;
1094 : else
1095 0 : ret = do_tty_write(ld->ops->write, tty, file, from);
1096 0 : tty_ldisc_deref(ld);
1097 : return ret;
1098 : }
1099 :
1100 : /**
1101 : * tty_write - write method for tty device file
1102 : * @iocb: kernel I/O control block
1103 : * @from: iov_iter with data to write
1104 : *
1105 : * Write data to a tty device via the line discipline.
1106 : *
1107 : * Locking:
1108 : * Locks the line discipline as required
1109 : * Writes to the tty driver are serialized by the atomic_write_lock
1110 : * and are then processed in chunks to the device. The line
1111 : * discipline write method will not be invoked in parallel for
1112 : * each device.
1113 : */
1114 0 : static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1115 : {
1116 0 : return file_tty_write(iocb->ki_filp, iocb, from);
1117 : }
1118 :
1119 0 : ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1120 : {
1121 0 : struct file *p = NULL;
1122 :
1123 0 : spin_lock(&redirect_lock);
1124 0 : if (redirect)
1125 0 : p = get_file(redirect);
1126 0 : spin_unlock(&redirect_lock);
1127 :
1128 : /*
1129 : * We know the redirected tty is just another tty, we can
1130 : * call file_tty_write() directly with that file pointer.
1131 : */
1132 0 : if (p) {
1133 : ssize_t res;
1134 :
1135 0 : res = file_tty_write(p, iocb, iter);
1136 0 : fput(p);
1137 0 : return res;
1138 : }
1139 0 : return tty_write(iocb, iter);
1140 : }
1141 :
1142 : /**
1143 : * tty_send_xchar - send priority character
1144 : * @tty: the tty to send to
1145 : * @ch: xchar to send
1146 : *
1147 : * Send a high priority character to the tty even if stopped.
1148 : *
1149 : * Locking: none for xchar method, write ordering for write method.
1150 : */
1151 0 : int tty_send_xchar(struct tty_struct *tty, char ch)
1152 : {
1153 0 : bool was_stopped = tty->flow.stopped;
1154 :
1155 0 : if (tty->ops->send_xchar) {
1156 0 : down_read(&tty->termios_rwsem);
1157 0 : tty->ops->send_xchar(tty, ch);
1158 0 : up_read(&tty->termios_rwsem);
1159 0 : return 0;
1160 : }
1161 :
1162 0 : if (tty_write_lock(tty, 0) < 0)
1163 : return -ERESTARTSYS;
1164 :
1165 0 : down_read(&tty->termios_rwsem);
1166 0 : if (was_stopped)
1167 0 : start_tty(tty);
1168 0 : tty->ops->write(tty, &ch, 1);
1169 0 : if (was_stopped)
1170 0 : stop_tty(tty);
1171 0 : up_read(&tty->termios_rwsem);
1172 0 : tty_write_unlock(tty);
1173 0 : return 0;
1174 : }
1175 :
1176 : /**
1177 : * pty_line_name - generate name for a pty
1178 : * @driver: the tty driver in use
1179 : * @index: the minor number
1180 : * @p: output buffer of at least 6 bytes
1181 : *
1182 : * Generate a name from a @driver reference and write it to the output buffer
1183 : * @p.
1184 : *
1185 : * Locking: None
1186 : */
1187 : static void pty_line_name(struct tty_driver *driver, int index, char *p)
1188 : {
1189 : static const char ptychar[] = "pqrstuvwxyzabcde";
1190 512 : int i = index + driver->name_base;
1191 : /* ->name is initialized to "ttyp", but "tty" is expected */
1192 1024 : sprintf(p, "%s%c%x",
1193 : driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1194 512 : ptychar[i >> 4 & 0xf], i & 0xf);
1195 : }
1196 :
1197 : /**
1198 : * tty_line_name - generate name for a tty
1199 : * @driver: the tty driver in use
1200 : * @index: the minor number
1201 : * @p: output buffer of at least 7 bytes
1202 : *
1203 : * Generate a name from a @driver reference and write it to the output buffer
1204 : * @p.
1205 : *
1206 : * Locking: None
1207 : */
1208 1 : static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1209 : {
1210 1 : if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1211 0 : return sprintf(p, "%s", driver->name);
1212 : else
1213 1 : return sprintf(p, "%s%d", driver->name,
1214 1 : index + driver->name_base);
1215 : }
1216 :
1217 : /**
1218 : * tty_driver_lookup_tty() - find an existing tty, if any
1219 : * @driver: the driver for the tty
1220 : * @file: file object
1221 : * @idx: the minor number
1222 : *
1223 : * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1224 : * driver lookup() method returns an error.
1225 : *
1226 : * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1227 : */
1228 0 : static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1229 : struct file *file, int idx)
1230 : {
1231 : struct tty_struct *tty;
1232 :
1233 0 : if (driver->ops->lookup)
1234 0 : if (!file)
1235 : tty = ERR_PTR(-EIO);
1236 : else
1237 0 : tty = driver->ops->lookup(driver, file, idx);
1238 : else
1239 0 : tty = driver->ttys[idx];
1240 :
1241 0 : if (!IS_ERR(tty))
1242 : tty_kref_get(tty);
1243 0 : return tty;
1244 : }
1245 :
1246 : /**
1247 : * tty_init_termios - helper for termios setup
1248 : * @tty: the tty to set up
1249 : *
1250 : * Initialise the termios structure for this tty. This runs under the
1251 : * %tty_mutex currently so we can be relaxed about ordering.
1252 : */
1253 0 : void tty_init_termios(struct tty_struct *tty)
1254 : {
1255 : struct ktermios *tp;
1256 0 : int idx = tty->index;
1257 :
1258 0 : if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1259 0 : tty->termios = tty->driver->init_termios;
1260 : else {
1261 : /* Check for lazy saved data */
1262 0 : tp = tty->driver->termios[idx];
1263 0 : if (tp != NULL) {
1264 0 : tty->termios = *tp;
1265 0 : tty->termios.c_line = tty->driver->init_termios.c_line;
1266 : } else
1267 0 : tty->termios = tty->driver->init_termios;
1268 : }
1269 : /* Compatibility until drivers always set this */
1270 0 : tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1271 0 : tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1272 0 : }
1273 : EXPORT_SYMBOL_GPL(tty_init_termios);
1274 :
1275 : /**
1276 : * tty_standard_install - usual tty->ops->install
1277 : * @driver: the driver for the tty
1278 : * @tty: the tty
1279 : *
1280 : * If the @driver overrides @tty->ops->install, it still can call this function
1281 : * to perform the standard install operations.
1282 : */
1283 0 : int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1284 : {
1285 0 : tty_init_termios(tty);
1286 0 : tty_driver_kref_get(driver);
1287 0 : tty->count++;
1288 0 : driver->ttys[tty->index] = tty;
1289 0 : return 0;
1290 : }
1291 : EXPORT_SYMBOL_GPL(tty_standard_install);
1292 :
1293 : /**
1294 : * tty_driver_install_tty() - install a tty entry in the driver
1295 : * @driver: the driver for the tty
1296 : * @tty: the tty
1297 : *
1298 : * Install a tty object into the driver tables. The @tty->index field will be
1299 : * set by the time this is called. This method is responsible for ensuring any
1300 : * need additional structures are allocated and configured.
1301 : *
1302 : * Locking: tty_mutex for now
1303 : */
1304 0 : static int tty_driver_install_tty(struct tty_driver *driver,
1305 : struct tty_struct *tty)
1306 : {
1307 0 : return driver->ops->install ? driver->ops->install(driver, tty) :
1308 : tty_standard_install(driver, tty);
1309 : }
1310 :
1311 : /**
1312 : * tty_driver_remove_tty() - remove a tty from the driver tables
1313 : * @driver: the driver for the tty
1314 : * @tty: tty to remove
1315 : *
1316 : * Remove a tty object from the driver tables. The tty->index field will be set
1317 : * by the time this is called.
1318 : *
1319 : * Locking: tty_mutex for now
1320 : */
1321 : static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1322 : {
1323 0 : if (driver->ops->remove)
1324 0 : driver->ops->remove(driver, tty);
1325 : else
1326 0 : driver->ttys[tty->index] = NULL;
1327 : }
1328 :
1329 : /**
1330 : * tty_reopen() - fast re-open of an open tty
1331 : * @tty: the tty to open
1332 : *
1333 : * Re-opens on master ptys are not allowed and return -%EIO.
1334 : *
1335 : * Locking: Caller must hold tty_lock
1336 : * Return: 0 on success, -errno on error.
1337 : */
1338 0 : static int tty_reopen(struct tty_struct *tty)
1339 : {
1340 0 : struct tty_driver *driver = tty->driver;
1341 : struct tty_ldisc *ld;
1342 0 : int retval = 0;
1343 :
1344 0 : if (driver->type == TTY_DRIVER_TYPE_PTY &&
1345 : driver->subtype == PTY_TYPE_MASTER)
1346 : return -EIO;
1347 :
1348 0 : if (!tty->count)
1349 : return -EAGAIN;
1350 :
1351 0 : if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1352 : return -EBUSY;
1353 :
1354 0 : ld = tty_ldisc_ref_wait(tty);
1355 0 : if (ld) {
1356 0 : tty_ldisc_deref(ld);
1357 : } else {
1358 0 : retval = tty_ldisc_lock(tty, 5 * HZ);
1359 0 : if (retval)
1360 : return retval;
1361 :
1362 0 : if (!tty->ldisc)
1363 0 : retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1364 0 : tty_ldisc_unlock(tty);
1365 : }
1366 :
1367 0 : if (retval == 0)
1368 0 : tty->count++;
1369 :
1370 : return retval;
1371 : }
1372 :
1373 : /**
1374 : * tty_init_dev - initialise a tty device
1375 : * @driver: tty driver we are opening a device on
1376 : * @idx: device index
1377 : *
1378 : * Prepare a tty device. This may not be a "new" clean device but could also be
1379 : * an active device. The pty drivers require special handling because of this.
1380 : *
1381 : * Locking:
1382 : * The function is called under the tty_mutex, which protects us from the
1383 : * tty struct or driver itself going away.
1384 : *
1385 : * On exit the tty device has the line discipline attached and a reference
1386 : * count of 1. If a pair was created for pty/tty use and the other was a pty
1387 : * master then it too has a reference count of 1.
1388 : *
1389 : * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1390 : * open. The new code protects the open with a mutex, so it's really quite
1391 : * straightforward. The mutex locking can probably be relaxed for the (most
1392 : * common) case of reopening a tty.
1393 : *
1394 : * Return: new tty structure
1395 : */
1396 0 : struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1397 : {
1398 : struct tty_struct *tty;
1399 : int retval;
1400 :
1401 : /*
1402 : * First time open is complex, especially for PTY devices.
1403 : * This code guarantees that either everything succeeds and the
1404 : * TTY is ready for operation, or else the table slots are vacated
1405 : * and the allocated memory released. (Except that the termios
1406 : * may be retained.)
1407 : */
1408 :
1409 0 : if (!try_module_get(driver->owner))
1410 : return ERR_PTR(-ENODEV);
1411 :
1412 0 : tty = alloc_tty_struct(driver, idx);
1413 0 : if (!tty) {
1414 : retval = -ENOMEM;
1415 : goto err_module_put;
1416 : }
1417 :
1418 0 : tty_lock(tty);
1419 0 : retval = tty_driver_install_tty(driver, tty);
1420 0 : if (retval < 0)
1421 : goto err_free_tty;
1422 :
1423 0 : if (!tty->port)
1424 0 : tty->port = driver->ports[idx];
1425 :
1426 0 : if (WARN_RATELIMIT(!tty->port,
1427 : "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1428 : __func__, tty->driver->name)) {
1429 : retval = -EINVAL;
1430 : goto err_release_lock;
1431 : }
1432 :
1433 0 : retval = tty_ldisc_lock(tty, 5 * HZ);
1434 0 : if (retval)
1435 : goto err_release_lock;
1436 0 : tty->port->itty = tty;
1437 :
1438 : /*
1439 : * Structures all installed ... call the ldisc open routines.
1440 : * If we fail here just call release_tty to clean up. No need
1441 : * to decrement the use counts, as release_tty doesn't care.
1442 : */
1443 0 : retval = tty_ldisc_setup(tty, tty->link);
1444 0 : if (retval)
1445 : goto err_release_tty;
1446 0 : tty_ldisc_unlock(tty);
1447 : /* Return the tty locked so that it cannot vanish under the caller */
1448 0 : return tty;
1449 :
1450 : err_free_tty:
1451 0 : tty_unlock(tty);
1452 0 : free_tty_struct(tty);
1453 : err_module_put:
1454 0 : module_put(driver->owner);
1455 0 : return ERR_PTR(retval);
1456 :
1457 : /* call the tty release_tty routine to clean out this slot */
1458 : err_release_tty:
1459 0 : tty_ldisc_unlock(tty);
1460 0 : tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1461 : retval, idx);
1462 : err_release_lock:
1463 0 : tty_unlock(tty);
1464 0 : release_tty(tty, idx);
1465 0 : return ERR_PTR(retval);
1466 : }
1467 :
1468 : /**
1469 : * tty_save_termios() - save tty termios data in driver table
1470 : * @tty: tty whose termios data to save
1471 : *
1472 : * Locking: Caller guarantees serialisation with tty_init_termios().
1473 : */
1474 0 : void tty_save_termios(struct tty_struct *tty)
1475 : {
1476 : struct ktermios *tp;
1477 0 : int idx = tty->index;
1478 :
1479 : /* If the port is going to reset then it has no termios to save */
1480 0 : if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1481 : return;
1482 :
1483 : /* Stash the termios data */
1484 0 : tp = tty->driver->termios[idx];
1485 0 : if (tp == NULL) {
1486 0 : tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1487 0 : if (tp == NULL)
1488 : return;
1489 0 : tty->driver->termios[idx] = tp;
1490 : }
1491 0 : *tp = tty->termios;
1492 : }
1493 : EXPORT_SYMBOL_GPL(tty_save_termios);
1494 :
1495 : /**
1496 : * tty_flush_works - flush all works of a tty/pty pair
1497 : * @tty: tty device to flush works for (or either end of a pty pair)
1498 : *
1499 : * Sync flush all works belonging to @tty (and the 'other' tty).
1500 : */
1501 0 : static void tty_flush_works(struct tty_struct *tty)
1502 : {
1503 0 : flush_work(&tty->SAK_work);
1504 0 : flush_work(&tty->hangup_work);
1505 0 : if (tty->link) {
1506 0 : flush_work(&tty->link->SAK_work);
1507 0 : flush_work(&tty->link->hangup_work);
1508 : }
1509 0 : }
1510 :
1511 : /**
1512 : * release_one_tty - release tty structure memory
1513 : * @work: work of tty we are obliterating
1514 : *
1515 : * Releases memory associated with a tty structure, and clears out the
1516 : * driver table slots. This function is called when a device is no longer
1517 : * in use. It also gets called when setup of a device fails.
1518 : *
1519 : * Locking:
1520 : * takes the file list lock internally when working on the list of ttys
1521 : * that the driver keeps.
1522 : *
1523 : * This method gets called from a work queue so that the driver private
1524 : * cleanup ops can sleep (needed for USB at least)
1525 : */
1526 0 : static void release_one_tty(struct work_struct *work)
1527 : {
1528 0 : struct tty_struct *tty =
1529 0 : container_of(work, struct tty_struct, hangup_work);
1530 0 : struct tty_driver *driver = tty->driver;
1531 0 : struct module *owner = driver->owner;
1532 :
1533 0 : if (tty->ops->cleanup)
1534 0 : tty->ops->cleanup(tty);
1535 :
1536 0 : tty->magic = 0;
1537 0 : tty_driver_kref_put(driver);
1538 0 : module_put(owner);
1539 :
1540 0 : spin_lock(&tty->files_lock);
1541 0 : list_del_init(&tty->tty_files);
1542 0 : spin_unlock(&tty->files_lock);
1543 :
1544 0 : put_pid(tty->ctrl.pgrp);
1545 0 : put_pid(tty->ctrl.session);
1546 0 : free_tty_struct(tty);
1547 0 : }
1548 :
1549 0 : static void queue_release_one_tty(struct kref *kref)
1550 : {
1551 0 : struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1552 :
1553 : /* The hangup queue is now free so we can reuse it rather than
1554 : * waste a chunk of memory for each port.
1555 : */
1556 0 : INIT_WORK(&tty->hangup_work, release_one_tty);
1557 0 : schedule_work(&tty->hangup_work);
1558 0 : }
1559 :
1560 : /**
1561 : * tty_kref_put - release a tty kref
1562 : * @tty: tty device
1563 : *
1564 : * Release a reference to the @tty device and if need be let the kref layer
1565 : * destruct the object for us.
1566 : */
1567 93 : void tty_kref_put(struct tty_struct *tty)
1568 : {
1569 93 : if (tty)
1570 0 : kref_put(&tty->kref, queue_release_one_tty);
1571 93 : }
1572 : EXPORT_SYMBOL(tty_kref_put);
1573 :
1574 : /**
1575 : * release_tty - release tty structure memory
1576 : * @tty: tty device release
1577 : * @idx: index of the tty device release
1578 : *
1579 : * Release both @tty and a possible linked partner (think pty pair),
1580 : * and decrement the refcount of the backing module.
1581 : *
1582 : * Locking:
1583 : * tty_mutex
1584 : * takes the file list lock internally when working on the list of ttys
1585 : * that the driver keeps.
1586 : */
1587 0 : static void release_tty(struct tty_struct *tty, int idx)
1588 : {
1589 : /* This should always be true but check for the moment */
1590 0 : WARN_ON(tty->index != idx);
1591 0 : WARN_ON(!mutex_is_locked(&tty_mutex));
1592 0 : if (tty->ops->shutdown)
1593 0 : tty->ops->shutdown(tty);
1594 0 : tty_save_termios(tty);
1595 0 : tty_driver_remove_tty(tty->driver, tty);
1596 0 : if (tty->port)
1597 0 : tty->port->itty = NULL;
1598 0 : if (tty->link)
1599 0 : tty->link->port->itty = NULL;
1600 0 : if (tty->port)
1601 0 : tty_buffer_cancel_work(tty->port);
1602 0 : if (tty->link)
1603 0 : tty_buffer_cancel_work(tty->link->port);
1604 :
1605 0 : tty_kref_put(tty->link);
1606 0 : tty_kref_put(tty);
1607 0 : }
1608 :
1609 : /**
1610 : * tty_release_checks - check a tty before real release
1611 : * @tty: tty to check
1612 : * @idx: index of the tty
1613 : *
1614 : * Performs some paranoid checking before true release of the @tty. This is a
1615 : * no-op unless %TTY_PARANOIA_CHECK is defined.
1616 : */
1617 0 : static int tty_release_checks(struct tty_struct *tty, int idx)
1618 : {
1619 : #ifdef TTY_PARANOIA_CHECK
1620 0 : if (idx < 0 || idx >= tty->driver->num) {
1621 : tty_debug(tty, "bad idx %d\n", idx);
1622 : return -1;
1623 : }
1624 :
1625 : /* not much to check for devpts */
1626 0 : if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1627 : return 0;
1628 :
1629 0 : if (tty != tty->driver->ttys[idx]) {
1630 : tty_debug(tty, "bad driver table[%d] = %p\n",
1631 : idx, tty->driver->ttys[idx]);
1632 : return -1;
1633 : }
1634 0 : if (tty->driver->other) {
1635 0 : struct tty_struct *o_tty = tty->link;
1636 :
1637 0 : if (o_tty != tty->driver->other->ttys[idx]) {
1638 : tty_debug(tty, "bad other table[%d] = %p\n",
1639 : idx, tty->driver->other->ttys[idx]);
1640 : return -1;
1641 : }
1642 0 : if (o_tty->link != tty) {
1643 : tty_debug(tty, "bad link = %p\n", o_tty->link);
1644 : return -1;
1645 : }
1646 : }
1647 : #endif
1648 0 : return 0;
1649 : }
1650 :
1651 : /**
1652 : * tty_kclose - closes tty opened by tty_kopen
1653 : * @tty: tty device
1654 : *
1655 : * Performs the final steps to release and free a tty device. It is the same as
1656 : * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1657 : * @tty->port.
1658 : */
1659 0 : void tty_kclose(struct tty_struct *tty)
1660 : {
1661 : /*
1662 : * Ask the line discipline code to release its structures
1663 : */
1664 0 : tty_ldisc_release(tty);
1665 :
1666 : /* Wait for pending work before tty destruction commmences */
1667 0 : tty_flush_works(tty);
1668 :
1669 : tty_debug_hangup(tty, "freeing structure\n");
1670 : /*
1671 : * The release_tty function takes care of the details of clearing
1672 : * the slots and preserving the termios structure.
1673 : */
1674 0 : mutex_lock(&tty_mutex);
1675 0 : tty_port_set_kopened(tty->port, 0);
1676 0 : release_tty(tty, tty->index);
1677 0 : mutex_unlock(&tty_mutex);
1678 0 : }
1679 : EXPORT_SYMBOL_GPL(tty_kclose);
1680 :
1681 : /**
1682 : * tty_release_struct - release a tty struct
1683 : * @tty: tty device
1684 : * @idx: index of the tty
1685 : *
1686 : * Performs the final steps to release and free a tty device. It is roughly the
1687 : * reverse of tty_init_dev().
1688 : */
1689 0 : void tty_release_struct(struct tty_struct *tty, int idx)
1690 : {
1691 : /*
1692 : * Ask the line discipline code to release its structures
1693 : */
1694 0 : tty_ldisc_release(tty);
1695 :
1696 : /* Wait for pending work before tty destruction commmences */
1697 0 : tty_flush_works(tty);
1698 :
1699 : tty_debug_hangup(tty, "freeing structure\n");
1700 : /*
1701 : * The release_tty function takes care of the details of clearing
1702 : * the slots and preserving the termios structure.
1703 : */
1704 0 : mutex_lock(&tty_mutex);
1705 0 : release_tty(tty, idx);
1706 0 : mutex_unlock(&tty_mutex);
1707 0 : }
1708 : EXPORT_SYMBOL_GPL(tty_release_struct);
1709 :
1710 : /**
1711 : * tty_release - vfs callback for close
1712 : * @inode: inode of tty
1713 : * @filp: file pointer for handle to tty
1714 : *
1715 : * Called the last time each file handle is closed that references this tty.
1716 : * There may however be several such references.
1717 : *
1718 : * Locking:
1719 : * Takes BKL. See tty_release_dev().
1720 : *
1721 : * Even releasing the tty structures is a tricky business. We have to be very
1722 : * careful that the structures are all released at the same time, as interrupts
1723 : * might otherwise get the wrong pointers.
1724 : *
1725 : * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1726 : * lead to double frees or releasing memory still in use.
1727 : */
1728 0 : int tty_release(struct inode *inode, struct file *filp)
1729 : {
1730 0 : struct tty_struct *tty = file_tty(filp);
1731 0 : struct tty_struct *o_tty = NULL;
1732 : int do_sleep, final;
1733 : int idx;
1734 0 : long timeout = 0;
1735 0 : int once = 1;
1736 :
1737 0 : if (tty_paranoia_check(tty, inode, __func__))
1738 : return 0;
1739 :
1740 0 : tty_lock(tty);
1741 0 : check_tty_count(tty, __func__);
1742 :
1743 0 : __tty_fasync(-1, filp, 0);
1744 :
1745 0 : idx = tty->index;
1746 0 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1747 : tty->driver->subtype == PTY_TYPE_MASTER)
1748 0 : o_tty = tty->link;
1749 :
1750 0 : if (tty_release_checks(tty, idx)) {
1751 0 : tty_unlock(tty);
1752 0 : return 0;
1753 : }
1754 :
1755 : tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1756 :
1757 0 : if (tty->ops->close)
1758 0 : tty->ops->close(tty, filp);
1759 :
1760 : /* If tty is pty master, lock the slave pty (stable lock order) */
1761 0 : tty_lock_slave(o_tty);
1762 :
1763 : /*
1764 : * Sanity check: if tty->count is going to zero, there shouldn't be
1765 : * any waiters on tty->read_wait or tty->write_wait. We test the
1766 : * wait queues and kick everyone out _before_ actually starting to
1767 : * close. This ensures that we won't block while releasing the tty
1768 : * structure.
1769 : *
1770 : * The test for the o_tty closing is necessary, since the master and
1771 : * slave sides may close in any order. If the slave side closes out
1772 : * first, its count will be one, since the master side holds an open.
1773 : * Thus this test wouldn't be triggered at the time the slave closed,
1774 : * so we do it now.
1775 : */
1776 : while (1) {
1777 0 : do_sleep = 0;
1778 :
1779 0 : if (tty->count <= 1) {
1780 0 : if (waitqueue_active(&tty->read_wait)) {
1781 0 : wake_up_poll(&tty->read_wait, EPOLLIN);
1782 0 : do_sleep++;
1783 : }
1784 0 : if (waitqueue_active(&tty->write_wait)) {
1785 0 : wake_up_poll(&tty->write_wait, EPOLLOUT);
1786 0 : do_sleep++;
1787 : }
1788 : }
1789 0 : if (o_tty && o_tty->count <= 1) {
1790 0 : if (waitqueue_active(&o_tty->read_wait)) {
1791 0 : wake_up_poll(&o_tty->read_wait, EPOLLIN);
1792 0 : do_sleep++;
1793 : }
1794 0 : if (waitqueue_active(&o_tty->write_wait)) {
1795 0 : wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1796 0 : do_sleep++;
1797 : }
1798 : }
1799 0 : if (!do_sleep)
1800 : break;
1801 :
1802 0 : if (once) {
1803 0 : once = 0;
1804 0 : tty_warn(tty, "read/write wait queue active!\n");
1805 : }
1806 0 : schedule_timeout_killable(timeout);
1807 0 : if (timeout < 120 * HZ)
1808 0 : timeout = 2 * timeout + 1;
1809 : else
1810 : timeout = MAX_SCHEDULE_TIMEOUT;
1811 : }
1812 :
1813 0 : if (o_tty) {
1814 0 : if (--o_tty->count < 0) {
1815 0 : tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1816 0 : o_tty->count = 0;
1817 : }
1818 : }
1819 0 : if (--tty->count < 0) {
1820 0 : tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1821 0 : tty->count = 0;
1822 : }
1823 :
1824 : /*
1825 : * We've decremented tty->count, so we need to remove this file
1826 : * descriptor off the tty->tty_files list; this serves two
1827 : * purposes:
1828 : * - check_tty_count sees the correct number of file descriptors
1829 : * associated with this tty.
1830 : * - do_tty_hangup no longer sees this file descriptor as
1831 : * something that needs to be handled for hangups.
1832 : */
1833 0 : tty_del_file(filp);
1834 :
1835 : /*
1836 : * Perform some housekeeping before deciding whether to return.
1837 : *
1838 : * If _either_ side is closing, make sure there aren't any
1839 : * processes that still think tty or o_tty is their controlling
1840 : * tty.
1841 : */
1842 0 : if (!tty->count) {
1843 0 : read_lock(&tasklist_lock);
1844 0 : session_clear_tty(tty->ctrl.session);
1845 0 : if (o_tty)
1846 0 : session_clear_tty(o_tty->ctrl.session);
1847 0 : read_unlock(&tasklist_lock);
1848 : }
1849 :
1850 : /* check whether both sides are closing ... */
1851 0 : final = !tty->count && !(o_tty && o_tty->count);
1852 :
1853 0 : tty_unlock_slave(o_tty);
1854 0 : tty_unlock(tty);
1855 :
1856 : /* At this point, the tty->count == 0 should ensure a dead tty
1857 : * cannot be re-opened by a racing opener.
1858 : */
1859 :
1860 0 : if (!final)
1861 : return 0;
1862 :
1863 : tty_debug_hangup(tty, "final close\n");
1864 :
1865 0 : tty_release_struct(tty, idx);
1866 0 : return 0;
1867 : }
1868 :
1869 : /**
1870 : * tty_open_current_tty - get locked tty of current task
1871 : * @device: device number
1872 : * @filp: file pointer to tty
1873 : * @return: locked tty of the current task iff @device is /dev/tty
1874 : *
1875 : * Performs a re-open of the current task's controlling tty.
1876 : *
1877 : * We cannot return driver and index like for the other nodes because devpts
1878 : * will not work then. It expects inodes to be from devpts FS.
1879 : */
1880 0 : static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1881 : {
1882 : struct tty_struct *tty;
1883 : int retval;
1884 :
1885 0 : if (device != MKDEV(TTYAUX_MAJOR, 0))
1886 : return NULL;
1887 :
1888 0 : tty = get_current_tty();
1889 0 : if (!tty)
1890 : return ERR_PTR(-ENXIO);
1891 :
1892 0 : filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1893 : /* noctty = 1; */
1894 0 : tty_lock(tty);
1895 0 : tty_kref_put(tty); /* safe to drop the kref now */
1896 :
1897 0 : retval = tty_reopen(tty);
1898 0 : if (retval < 0) {
1899 0 : tty_unlock(tty);
1900 0 : tty = ERR_PTR(retval);
1901 : }
1902 : return tty;
1903 : }
1904 :
1905 : /**
1906 : * tty_lookup_driver - lookup a tty driver for a given device file
1907 : * @device: device number
1908 : * @filp: file pointer to tty
1909 : * @index: index for the device in the @return driver
1910 : *
1911 : * If returned value is not erroneous, the caller is responsible to decrement
1912 : * the refcount by tty_driver_kref_put().
1913 : *
1914 : * Locking: %tty_mutex protects get_tty_driver()
1915 : *
1916 : * Return: driver for this inode (with increased refcount)
1917 : */
1918 0 : static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1919 : int *index)
1920 : {
1921 0 : struct tty_driver *driver = NULL;
1922 :
1923 0 : switch (device) {
1924 : #ifdef CONFIG_VT
1925 : case MKDEV(TTY_MAJOR, 0): {
1926 : extern struct tty_driver *console_driver;
1927 :
1928 : driver = tty_driver_kref_get(console_driver);
1929 : *index = fg_console;
1930 : break;
1931 : }
1932 : #endif
1933 : case MKDEV(TTYAUX_MAJOR, 1): {
1934 0 : struct tty_driver *console_driver = console_device(index);
1935 :
1936 0 : if (console_driver) {
1937 0 : driver = tty_driver_kref_get(console_driver);
1938 0 : if (driver && filp) {
1939 : /* Don't let /dev/console block */
1940 0 : filp->f_flags |= O_NONBLOCK;
1941 0 : break;
1942 : }
1943 : }
1944 0 : if (driver)
1945 : tty_driver_kref_put(driver);
1946 : return ERR_PTR(-ENODEV);
1947 : }
1948 : default:
1949 0 : driver = get_tty_driver(device, index);
1950 0 : if (!driver)
1951 : return ERR_PTR(-ENODEV);
1952 : break;
1953 : }
1954 : return driver;
1955 : }
1956 :
1957 0 : static struct tty_struct *tty_kopen(dev_t device, int shared)
1958 : {
1959 : struct tty_struct *tty;
1960 : struct tty_driver *driver;
1961 0 : int index = -1;
1962 :
1963 0 : mutex_lock(&tty_mutex);
1964 0 : driver = tty_lookup_driver(device, NULL, &index);
1965 0 : if (IS_ERR(driver)) {
1966 0 : mutex_unlock(&tty_mutex);
1967 0 : return ERR_CAST(driver);
1968 : }
1969 :
1970 : /* check whether we're reopening an existing tty */
1971 0 : tty = tty_driver_lookup_tty(driver, NULL, index);
1972 0 : if (IS_ERR(tty) || shared)
1973 : goto out;
1974 :
1975 0 : if (tty) {
1976 : /* drop kref from tty_driver_lookup_tty() */
1977 0 : tty_kref_put(tty);
1978 0 : tty = ERR_PTR(-EBUSY);
1979 : } else { /* tty_init_dev returns tty with the tty_lock held */
1980 0 : tty = tty_init_dev(driver, index);
1981 0 : if (IS_ERR(tty))
1982 : goto out;
1983 0 : tty_port_set_kopened(tty->port, 1);
1984 : }
1985 : out:
1986 0 : mutex_unlock(&tty_mutex);
1987 0 : tty_driver_kref_put(driver);
1988 0 : return tty;
1989 : }
1990 :
1991 : /**
1992 : * tty_kopen_exclusive - open a tty device for kernel
1993 : * @device: dev_t of device to open
1994 : *
1995 : * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
1996 : * it's not already opened and performs the first-time tty initialization.
1997 : *
1998 : * Claims the global %tty_mutex to serialize:
1999 : * * concurrent first-time tty initialization
2000 : * * concurrent tty driver removal w/ lookup
2001 : * * concurrent tty removal from driver table
2002 : *
2003 : * Return: the locked initialized &tty_struct
2004 : */
2005 0 : struct tty_struct *tty_kopen_exclusive(dev_t device)
2006 : {
2007 0 : return tty_kopen(device, 0);
2008 : }
2009 : EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2010 :
2011 : /**
2012 : * tty_kopen_shared - open a tty device for shared in-kernel use
2013 : * @device: dev_t of device to open
2014 : *
2015 : * Opens an already existing tty for in-kernel use. Compared to
2016 : * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2017 : *
2018 : * Locking: identical to tty_kopen() above.
2019 : */
2020 0 : struct tty_struct *tty_kopen_shared(dev_t device)
2021 : {
2022 0 : return tty_kopen(device, 1);
2023 : }
2024 : EXPORT_SYMBOL_GPL(tty_kopen_shared);
2025 :
2026 : /**
2027 : * tty_open_by_driver - open a tty device
2028 : * @device: dev_t of device to open
2029 : * @filp: file pointer to tty
2030 : *
2031 : * Performs the driver lookup, checks for a reopen, or otherwise performs the
2032 : * first-time tty initialization.
2033 : *
2034 : *
2035 : * Claims the global tty_mutex to serialize:
2036 : * * concurrent first-time tty initialization
2037 : * * concurrent tty driver removal w/ lookup
2038 : * * concurrent tty removal from driver table
2039 : *
2040 : * Return: the locked initialized or re-opened &tty_struct
2041 : */
2042 0 : static struct tty_struct *tty_open_by_driver(dev_t device,
2043 : struct file *filp)
2044 : {
2045 : struct tty_struct *tty;
2046 0 : struct tty_driver *driver = NULL;
2047 0 : int index = -1;
2048 : int retval;
2049 :
2050 0 : mutex_lock(&tty_mutex);
2051 0 : driver = tty_lookup_driver(device, filp, &index);
2052 0 : if (IS_ERR(driver)) {
2053 0 : mutex_unlock(&tty_mutex);
2054 0 : return ERR_CAST(driver);
2055 : }
2056 :
2057 : /* check whether we're reopening an existing tty */
2058 0 : tty = tty_driver_lookup_tty(driver, filp, index);
2059 0 : if (IS_ERR(tty)) {
2060 0 : mutex_unlock(&tty_mutex);
2061 0 : goto out;
2062 : }
2063 :
2064 0 : if (tty) {
2065 0 : if (tty_port_kopened(tty->port)) {
2066 0 : tty_kref_put(tty);
2067 0 : mutex_unlock(&tty_mutex);
2068 0 : tty = ERR_PTR(-EBUSY);
2069 0 : goto out;
2070 : }
2071 0 : mutex_unlock(&tty_mutex);
2072 0 : retval = tty_lock_interruptible(tty);
2073 0 : tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2074 0 : if (retval) {
2075 0 : if (retval == -EINTR)
2076 0 : retval = -ERESTARTSYS;
2077 0 : tty = ERR_PTR(retval);
2078 0 : goto out;
2079 : }
2080 0 : retval = tty_reopen(tty);
2081 0 : if (retval < 0) {
2082 0 : tty_unlock(tty);
2083 0 : tty = ERR_PTR(retval);
2084 : }
2085 : } else { /* Returns with the tty_lock held for now */
2086 0 : tty = tty_init_dev(driver, index);
2087 0 : mutex_unlock(&tty_mutex);
2088 : }
2089 : out:
2090 0 : tty_driver_kref_put(driver);
2091 0 : return tty;
2092 : }
2093 :
2094 : /**
2095 : * tty_open - open a tty device
2096 : * @inode: inode of device file
2097 : * @filp: file pointer to tty
2098 : *
2099 : * tty_open() and tty_release() keep up the tty count that contains the number
2100 : * of opens done on a tty. We cannot use the inode-count, as different inodes
2101 : * might point to the same tty.
2102 : *
2103 : * Open-counting is needed for pty masters, as well as for keeping track of
2104 : * serial lines: DTR is dropped when the last close happens.
2105 : * (This is not done solely through tty->count, now. - Ted 1/27/92)
2106 : *
2107 : * The termios state of a pty is reset on the first open so that settings don't
2108 : * persist across reuse.
2109 : *
2110 : * Locking:
2111 : * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2112 : * * @tty->count should protect the rest.
2113 : * * ->siglock protects ->signal/->sighand
2114 : *
2115 : * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2116 : */
2117 0 : static int tty_open(struct inode *inode, struct file *filp)
2118 : {
2119 : struct tty_struct *tty;
2120 : int noctty, retval;
2121 0 : dev_t device = inode->i_rdev;
2122 0 : unsigned saved_flags = filp->f_flags;
2123 :
2124 0 : nonseekable_open(inode, filp);
2125 :
2126 : retry_open:
2127 0 : retval = tty_alloc_file(filp);
2128 0 : if (retval)
2129 : return -ENOMEM;
2130 :
2131 0 : tty = tty_open_current_tty(device, filp);
2132 0 : if (!tty)
2133 0 : tty = tty_open_by_driver(device, filp);
2134 :
2135 0 : if (IS_ERR(tty)) {
2136 0 : tty_free_file(filp);
2137 0 : retval = PTR_ERR(tty);
2138 0 : if (retval != -EAGAIN || signal_pending(current))
2139 : return retval;
2140 0 : schedule();
2141 0 : goto retry_open;
2142 : }
2143 :
2144 0 : tty_add_file(tty, filp);
2145 :
2146 0 : check_tty_count(tty, __func__);
2147 : tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2148 :
2149 0 : if (tty->ops->open)
2150 0 : retval = tty->ops->open(tty, filp);
2151 : else
2152 : retval = -ENODEV;
2153 0 : filp->f_flags = saved_flags;
2154 :
2155 0 : if (retval) {
2156 : tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2157 :
2158 0 : tty_unlock(tty); /* need to call tty_release without BTM */
2159 0 : tty_release(inode, filp);
2160 0 : if (retval != -ERESTARTSYS)
2161 : return retval;
2162 :
2163 0 : if (signal_pending(current))
2164 : return retval;
2165 :
2166 0 : schedule();
2167 : /*
2168 : * Need to reset f_op in case a hangup happened.
2169 : */
2170 0 : if (tty_hung_up_p(filp))
2171 0 : filp->f_op = &tty_fops;
2172 : goto retry_open;
2173 : }
2174 0 : clear_bit(TTY_HUPPED, &tty->flags);
2175 :
2176 0 : noctty = (filp->f_flags & O_NOCTTY) ||
2177 0 : (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2178 0 : device == MKDEV(TTYAUX_MAJOR, 1) ||
2179 0 : (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2180 : tty->driver->subtype == PTY_TYPE_MASTER);
2181 0 : if (!noctty)
2182 0 : tty_open_proc_set_tty(filp, tty);
2183 0 : tty_unlock(tty);
2184 0 : return 0;
2185 : }
2186 :
2187 :
2188 : /**
2189 : * tty_poll - check tty status
2190 : * @filp: file being polled
2191 : * @wait: poll wait structures to update
2192 : *
2193 : * Call the line discipline polling method to obtain the poll status of the
2194 : * device.
2195 : *
2196 : * Locking: locks called line discipline but ldisc poll method may be
2197 : * re-entered freely by other callers.
2198 : */
2199 0 : static __poll_t tty_poll(struct file *filp, poll_table *wait)
2200 : {
2201 0 : struct tty_struct *tty = file_tty(filp);
2202 : struct tty_ldisc *ld;
2203 0 : __poll_t ret = 0;
2204 :
2205 0 : if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2206 : return 0;
2207 :
2208 0 : ld = tty_ldisc_ref_wait(tty);
2209 0 : if (!ld)
2210 : return hung_up_tty_poll(filp, wait);
2211 0 : if (ld->ops->poll)
2212 0 : ret = ld->ops->poll(tty, filp, wait);
2213 0 : tty_ldisc_deref(ld);
2214 0 : return ret;
2215 : }
2216 :
2217 0 : static int __tty_fasync(int fd, struct file *filp, int on)
2218 : {
2219 0 : struct tty_struct *tty = file_tty(filp);
2220 : unsigned long flags;
2221 0 : int retval = 0;
2222 :
2223 0 : if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2224 : goto out;
2225 :
2226 0 : retval = fasync_helper(fd, filp, on, &tty->fasync);
2227 0 : if (retval <= 0)
2228 : goto out;
2229 :
2230 0 : if (on) {
2231 : enum pid_type type;
2232 : struct pid *pid;
2233 :
2234 0 : spin_lock_irqsave(&tty->ctrl.lock, flags);
2235 0 : if (tty->ctrl.pgrp) {
2236 : pid = tty->ctrl.pgrp;
2237 : type = PIDTYPE_PGID;
2238 : } else {
2239 0 : pid = task_pid(current);
2240 0 : type = PIDTYPE_TGID;
2241 : }
2242 0 : get_pid(pid);
2243 0 : spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2244 0 : __f_setown(filp, pid, type, 0);
2245 0 : put_pid(pid);
2246 0 : retval = 0;
2247 : }
2248 : out:
2249 0 : return retval;
2250 : }
2251 :
2252 0 : static int tty_fasync(int fd, struct file *filp, int on)
2253 : {
2254 0 : struct tty_struct *tty = file_tty(filp);
2255 0 : int retval = -ENOTTY;
2256 :
2257 0 : tty_lock(tty);
2258 0 : if (!tty_hung_up_p(filp))
2259 0 : retval = __tty_fasync(fd, filp, on);
2260 0 : tty_unlock(tty);
2261 :
2262 0 : return retval;
2263 : }
2264 :
2265 : /**
2266 : * tiocsti - fake input character
2267 : * @tty: tty to fake input into
2268 : * @p: pointer to character
2269 : *
2270 : * Fake input to a tty device. Does the necessary locking and input management.
2271 : *
2272 : * FIXME: does not honour flow control ??
2273 : *
2274 : * Locking:
2275 : * * Called functions take tty_ldiscs_lock
2276 : * * current->signal->tty check is safe without locks
2277 : */
2278 0 : static int tiocsti(struct tty_struct *tty, char __user *p)
2279 : {
2280 0 : char ch, mbz = 0;
2281 : struct tty_ldisc *ld;
2282 :
2283 0 : if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2284 : return -EPERM;
2285 0 : if (get_user(ch, p))
2286 : return -EFAULT;
2287 0 : tty_audit_tiocsti(tty, ch);
2288 0 : ld = tty_ldisc_ref_wait(tty);
2289 0 : if (!ld)
2290 : return -EIO;
2291 0 : tty_buffer_lock_exclusive(tty->port);
2292 0 : if (ld->ops->receive_buf)
2293 0 : ld->ops->receive_buf(tty, &ch, &mbz, 1);
2294 0 : tty_buffer_unlock_exclusive(tty->port);
2295 0 : tty_ldisc_deref(ld);
2296 0 : return 0;
2297 : }
2298 :
2299 : /**
2300 : * tiocgwinsz - implement window query ioctl
2301 : * @tty: tty
2302 : * @arg: user buffer for result
2303 : *
2304 : * Copies the kernel idea of the window size into the user buffer.
2305 : *
2306 : * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2307 : * consistent.
2308 : */
2309 0 : static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2310 : {
2311 : int err;
2312 :
2313 0 : mutex_lock(&tty->winsize_mutex);
2314 0 : err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2315 0 : mutex_unlock(&tty->winsize_mutex);
2316 :
2317 0 : return err ? -EFAULT : 0;
2318 : }
2319 :
2320 : /**
2321 : * tty_do_resize - resize event
2322 : * @tty: tty being resized
2323 : * @ws: new dimensions
2324 : *
2325 : * Update the termios variables and send the necessary signals to peform a
2326 : * terminal resize correctly.
2327 : */
2328 0 : int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2329 : {
2330 : struct pid *pgrp;
2331 :
2332 : /* Lock the tty */
2333 0 : mutex_lock(&tty->winsize_mutex);
2334 0 : if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2335 : goto done;
2336 :
2337 : /* Signal the foreground process group */
2338 0 : pgrp = tty_get_pgrp(tty);
2339 0 : if (pgrp)
2340 0 : kill_pgrp(pgrp, SIGWINCH, 1);
2341 0 : put_pid(pgrp);
2342 :
2343 0 : tty->winsize = *ws;
2344 : done:
2345 0 : mutex_unlock(&tty->winsize_mutex);
2346 0 : return 0;
2347 : }
2348 : EXPORT_SYMBOL(tty_do_resize);
2349 :
2350 : /**
2351 : * tiocswinsz - implement window size set ioctl
2352 : * @tty: tty side of tty
2353 : * @arg: user buffer for result
2354 : *
2355 : * Copies the user idea of the window size to the kernel. Traditionally this is
2356 : * just advisory information but for the Linux console it actually has driver
2357 : * level meaning and triggers a VC resize.
2358 : *
2359 : * Locking:
2360 : * Driver dependent. The default do_resize method takes the tty termios
2361 : * mutex and ctrl.lock. The console takes its own lock then calls into the
2362 : * default method.
2363 : */
2364 0 : static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2365 : {
2366 : struct winsize tmp_ws;
2367 :
2368 0 : if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2369 : return -EFAULT;
2370 :
2371 0 : if (tty->ops->resize)
2372 0 : return tty->ops->resize(tty, &tmp_ws);
2373 : else
2374 0 : return tty_do_resize(tty, &tmp_ws);
2375 : }
2376 :
2377 : /**
2378 : * tioccons - allow admin to move logical console
2379 : * @file: the file to become console
2380 : *
2381 : * Allow the administrator to move the redirected console device.
2382 : *
2383 : * Locking: uses redirect_lock to guard the redirect information
2384 : */
2385 0 : static int tioccons(struct file *file)
2386 : {
2387 0 : if (!capable(CAP_SYS_ADMIN))
2388 : return -EPERM;
2389 0 : if (file->f_op->write_iter == redirected_tty_write) {
2390 : struct file *f;
2391 :
2392 0 : spin_lock(&redirect_lock);
2393 0 : f = redirect;
2394 0 : redirect = NULL;
2395 0 : spin_unlock(&redirect_lock);
2396 0 : if (f)
2397 0 : fput(f);
2398 : return 0;
2399 : }
2400 0 : if (file->f_op->write_iter != tty_write)
2401 : return -ENOTTY;
2402 0 : if (!(file->f_mode & FMODE_WRITE))
2403 : return -EBADF;
2404 0 : if (!(file->f_mode & FMODE_CAN_WRITE))
2405 : return -EINVAL;
2406 0 : spin_lock(&redirect_lock);
2407 0 : if (redirect) {
2408 0 : spin_unlock(&redirect_lock);
2409 0 : return -EBUSY;
2410 : }
2411 0 : redirect = get_file(file);
2412 0 : spin_unlock(&redirect_lock);
2413 0 : return 0;
2414 : }
2415 :
2416 : /**
2417 : * tiocsetd - set line discipline
2418 : * @tty: tty device
2419 : * @p: pointer to user data
2420 : *
2421 : * Set the line discipline according to user request.
2422 : *
2423 : * Locking: see tty_set_ldisc(), this function is just a helper
2424 : */
2425 0 : static int tiocsetd(struct tty_struct *tty, int __user *p)
2426 : {
2427 : int disc;
2428 : int ret;
2429 :
2430 0 : if (get_user(disc, p))
2431 : return -EFAULT;
2432 :
2433 0 : ret = tty_set_ldisc(tty, disc);
2434 :
2435 0 : return ret;
2436 : }
2437 :
2438 : /**
2439 : * tiocgetd - get line discipline
2440 : * @tty: tty device
2441 : * @p: pointer to user data
2442 : *
2443 : * Retrieves the line discipline id directly from the ldisc.
2444 : *
2445 : * Locking: waits for ldisc reference (in case the line discipline is changing
2446 : * or the @tty is being hungup)
2447 : */
2448 0 : static int tiocgetd(struct tty_struct *tty, int __user *p)
2449 : {
2450 : struct tty_ldisc *ld;
2451 : int ret;
2452 :
2453 0 : ld = tty_ldisc_ref_wait(tty);
2454 0 : if (!ld)
2455 : return -EIO;
2456 0 : ret = put_user(ld->ops->num, p);
2457 0 : tty_ldisc_deref(ld);
2458 0 : return ret;
2459 : }
2460 :
2461 : /**
2462 : * send_break - performed time break
2463 : * @tty: device to break on
2464 : * @duration: timeout in mS
2465 : *
2466 : * Perform a timed break on hardware that lacks its own driver level timed
2467 : * break functionality.
2468 : *
2469 : * Locking:
2470 : * @tty->atomic_write_lock serializes
2471 : */
2472 0 : static int send_break(struct tty_struct *tty, unsigned int duration)
2473 : {
2474 : int retval;
2475 :
2476 0 : if (tty->ops->break_ctl == NULL)
2477 : return 0;
2478 :
2479 0 : if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2480 0 : retval = tty->ops->break_ctl(tty, duration);
2481 : else {
2482 : /* Do the work ourselves */
2483 0 : if (tty_write_lock(tty, 0) < 0)
2484 : return -EINTR;
2485 0 : retval = tty->ops->break_ctl(tty, -1);
2486 0 : if (retval)
2487 : goto out;
2488 0 : if (!signal_pending(current))
2489 0 : msleep_interruptible(duration);
2490 0 : retval = tty->ops->break_ctl(tty, 0);
2491 : out:
2492 0 : tty_write_unlock(tty);
2493 0 : if (signal_pending(current))
2494 0 : retval = -EINTR;
2495 : }
2496 : return retval;
2497 : }
2498 :
2499 : /**
2500 : * tty_tiocmget - get modem status
2501 : * @tty: tty device
2502 : * @p: pointer to result
2503 : *
2504 : * Obtain the modem status bits from the tty driver if the feature is
2505 : * supported. Return -%ENOTTY if it is not available.
2506 : *
2507 : * Locking: none (up to the driver)
2508 : */
2509 0 : static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2510 : {
2511 0 : int retval = -ENOTTY;
2512 :
2513 0 : if (tty->ops->tiocmget) {
2514 0 : retval = tty->ops->tiocmget(tty);
2515 :
2516 0 : if (retval >= 0)
2517 0 : retval = put_user(retval, p);
2518 : }
2519 0 : return retval;
2520 : }
2521 :
2522 : /**
2523 : * tty_tiocmset - set modem status
2524 : * @tty: tty device
2525 : * @cmd: command - clear bits, set bits or set all
2526 : * @p: pointer to desired bits
2527 : *
2528 : * Set the modem status bits from the tty driver if the feature
2529 : * is supported. Return -%ENOTTY if it is not available.
2530 : *
2531 : * Locking: none (up to the driver)
2532 : */
2533 0 : static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2534 : unsigned __user *p)
2535 : {
2536 : int retval;
2537 : unsigned int set, clear, val;
2538 :
2539 0 : if (tty->ops->tiocmset == NULL)
2540 : return -ENOTTY;
2541 :
2542 0 : retval = get_user(val, p);
2543 0 : if (retval)
2544 : return retval;
2545 0 : set = clear = 0;
2546 0 : switch (cmd) {
2547 : case TIOCMBIS:
2548 0 : set = val;
2549 0 : break;
2550 : case TIOCMBIC:
2551 0 : clear = val;
2552 0 : break;
2553 : case TIOCMSET:
2554 0 : set = val;
2555 0 : clear = ~val;
2556 0 : break;
2557 : }
2558 0 : set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2559 0 : clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2560 0 : return tty->ops->tiocmset(tty, set, clear);
2561 : }
2562 :
2563 : /**
2564 : * tty_get_icount - get tty statistics
2565 : * @tty: tty device
2566 : * @icount: output parameter
2567 : *
2568 : * Gets a copy of the @tty's icount statistics.
2569 : *
2570 : * Locking: none (up to the driver)
2571 : */
2572 0 : int tty_get_icount(struct tty_struct *tty,
2573 : struct serial_icounter_struct *icount)
2574 : {
2575 0 : memset(icount, 0, sizeof(*icount));
2576 :
2577 0 : if (tty->ops->get_icount)
2578 0 : return tty->ops->get_icount(tty, icount);
2579 : else
2580 : return -ENOTTY;
2581 : }
2582 : EXPORT_SYMBOL_GPL(tty_get_icount);
2583 :
2584 0 : static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2585 : {
2586 : struct serial_icounter_struct icount;
2587 : int retval;
2588 :
2589 0 : retval = tty_get_icount(tty, &icount);
2590 0 : if (retval != 0)
2591 : return retval;
2592 :
2593 0 : if (copy_to_user(arg, &icount, sizeof(icount)))
2594 : return -EFAULT;
2595 0 : return 0;
2596 : }
2597 :
2598 0 : static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2599 : {
2600 : char comm[TASK_COMM_LEN];
2601 : int flags;
2602 :
2603 0 : flags = ss->flags & ASYNC_DEPRECATED;
2604 :
2605 0 : if (flags)
2606 0 : pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2607 : __func__, get_task_comm(comm, current), flags);
2608 :
2609 0 : if (!tty->ops->set_serial)
2610 : return -ENOTTY;
2611 :
2612 0 : return tty->ops->set_serial(tty, ss);
2613 : }
2614 :
2615 0 : static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2616 : {
2617 : struct serial_struct v;
2618 :
2619 0 : if (copy_from_user(&v, ss, sizeof(*ss)))
2620 : return -EFAULT;
2621 :
2622 0 : return tty_set_serial(tty, &v);
2623 : }
2624 :
2625 0 : static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2626 : {
2627 : struct serial_struct v;
2628 : int err;
2629 :
2630 0 : memset(&v, 0, sizeof(v));
2631 0 : if (!tty->ops->get_serial)
2632 : return -ENOTTY;
2633 0 : err = tty->ops->get_serial(tty, &v);
2634 0 : if (!err && copy_to_user(ss, &v, sizeof(v)))
2635 0 : err = -EFAULT;
2636 : return err;
2637 : }
2638 :
2639 : /*
2640 : * if pty, return the slave side (real_tty)
2641 : * otherwise, return self
2642 : */
2643 : static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2644 : {
2645 0 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2646 : tty->driver->subtype == PTY_TYPE_MASTER)
2647 0 : tty = tty->link;
2648 : return tty;
2649 : }
2650 :
2651 : /*
2652 : * Split this up, as gcc can choke on it otherwise..
2653 : */
2654 0 : long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2655 : {
2656 0 : struct tty_struct *tty = file_tty(file);
2657 : struct tty_struct *real_tty;
2658 0 : void __user *p = (void __user *)arg;
2659 : int retval;
2660 : struct tty_ldisc *ld;
2661 :
2662 0 : if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2663 : return -EINVAL;
2664 :
2665 0 : real_tty = tty_pair_get_tty(tty);
2666 :
2667 : /*
2668 : * Factor out some common prep work
2669 : */
2670 : switch (cmd) {
2671 : case TIOCSETD:
2672 : case TIOCSBRK:
2673 : case TIOCCBRK:
2674 : case TCSBRK:
2675 : case TCSBRKP:
2676 0 : retval = tty_check_change(tty);
2677 0 : if (retval)
2678 0 : return retval;
2679 0 : if (cmd != TIOCCBRK) {
2680 0 : tty_wait_until_sent(tty, 0);
2681 0 : if (signal_pending(current))
2682 : return -EINTR;
2683 : }
2684 : break;
2685 : }
2686 :
2687 : /*
2688 : * Now do the stuff.
2689 : */
2690 0 : switch (cmd) {
2691 : case TIOCSTI:
2692 0 : return tiocsti(tty, p);
2693 : case TIOCGWINSZ:
2694 0 : return tiocgwinsz(real_tty, p);
2695 : case TIOCSWINSZ:
2696 0 : return tiocswinsz(real_tty, p);
2697 : case TIOCCONS:
2698 0 : return real_tty != tty ? -EINVAL : tioccons(file);
2699 : case TIOCEXCL:
2700 0 : set_bit(TTY_EXCLUSIVE, &tty->flags);
2701 0 : return 0;
2702 : case TIOCNXCL:
2703 0 : clear_bit(TTY_EXCLUSIVE, &tty->flags);
2704 0 : return 0;
2705 : case TIOCGEXCL:
2706 : {
2707 0 : int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2708 :
2709 0 : return put_user(excl, (int __user *)p);
2710 : }
2711 : case TIOCGETD:
2712 0 : return tiocgetd(tty, p);
2713 : case TIOCSETD:
2714 0 : return tiocsetd(tty, p);
2715 : case TIOCVHANGUP:
2716 0 : if (!capable(CAP_SYS_ADMIN))
2717 : return -EPERM;
2718 0 : tty_vhangup(tty);
2719 0 : return 0;
2720 : case TIOCGDEV:
2721 : {
2722 0 : unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2723 :
2724 0 : return put_user(ret, (unsigned int __user *)p);
2725 : }
2726 : /*
2727 : * Break handling
2728 : */
2729 : case TIOCSBRK: /* Turn break on, unconditionally */
2730 0 : if (tty->ops->break_ctl)
2731 0 : return tty->ops->break_ctl(tty, -1);
2732 : return 0;
2733 : case TIOCCBRK: /* Turn break off, unconditionally */
2734 0 : if (tty->ops->break_ctl)
2735 0 : return tty->ops->break_ctl(tty, 0);
2736 : return 0;
2737 : case TCSBRK: /* SVID version: non-zero arg --> no break */
2738 : /* non-zero arg means wait for all output data
2739 : * to be sent (performed above) but don't send break.
2740 : * This is used by the tcdrain() termios function.
2741 : */
2742 0 : if (!arg)
2743 0 : return send_break(tty, 250);
2744 : return 0;
2745 : case TCSBRKP: /* support for POSIX tcsendbreak() */
2746 0 : return send_break(tty, arg ? arg*100 : 250);
2747 :
2748 : case TIOCMGET:
2749 0 : return tty_tiocmget(tty, p);
2750 : case TIOCMSET:
2751 : case TIOCMBIC:
2752 : case TIOCMBIS:
2753 0 : return tty_tiocmset(tty, cmd, p);
2754 : case TIOCGICOUNT:
2755 0 : return tty_tiocgicount(tty, p);
2756 : case TCFLSH:
2757 0 : switch (arg) {
2758 : case TCIFLUSH:
2759 : case TCIOFLUSH:
2760 : /* flush tty buffer and allow ldisc to process ioctl */
2761 0 : tty_buffer_flush(tty, NULL);
2762 0 : break;
2763 : }
2764 : break;
2765 : case TIOCSSERIAL:
2766 0 : return tty_tiocsserial(tty, p);
2767 : case TIOCGSERIAL:
2768 0 : return tty_tiocgserial(tty, p);
2769 : case TIOCGPTPEER:
2770 : /* Special because the struct file is needed */
2771 0 : return ptm_open_peer(file, tty, (int)arg);
2772 : default:
2773 0 : retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2774 0 : if (retval != -ENOIOCTLCMD)
2775 0 : return retval;
2776 : }
2777 0 : if (tty->ops->ioctl) {
2778 0 : retval = tty->ops->ioctl(tty, cmd, arg);
2779 0 : if (retval != -ENOIOCTLCMD)
2780 0 : return retval;
2781 : }
2782 0 : ld = tty_ldisc_ref_wait(tty);
2783 0 : if (!ld)
2784 : return hung_up_tty_ioctl(file, cmd, arg);
2785 0 : retval = -EINVAL;
2786 0 : if (ld->ops->ioctl) {
2787 0 : retval = ld->ops->ioctl(tty, cmd, arg);
2788 0 : if (retval == -ENOIOCTLCMD)
2789 0 : retval = -ENOTTY;
2790 : }
2791 0 : tty_ldisc_deref(ld);
2792 0 : return retval;
2793 : }
2794 :
2795 : #ifdef CONFIG_COMPAT
2796 :
2797 : struct serial_struct32 {
2798 : compat_int_t type;
2799 : compat_int_t line;
2800 : compat_uint_t port;
2801 : compat_int_t irq;
2802 : compat_int_t flags;
2803 : compat_int_t xmit_fifo_size;
2804 : compat_int_t custom_divisor;
2805 : compat_int_t baud_base;
2806 : unsigned short close_delay;
2807 : char io_type;
2808 : char reserved_char;
2809 : compat_int_t hub6;
2810 : unsigned short closing_wait; /* time to wait before closing */
2811 : unsigned short closing_wait2; /* no longer used... */
2812 : compat_uint_t iomem_base;
2813 : unsigned short iomem_reg_shift;
2814 : unsigned int port_high;
2815 : /* compat_ulong_t iomap_base FIXME */
2816 : compat_int_t reserved;
2817 : };
2818 :
2819 : static int compat_tty_tiocsserial(struct tty_struct *tty,
2820 : struct serial_struct32 __user *ss)
2821 : {
2822 : struct serial_struct32 v32;
2823 : struct serial_struct v;
2824 :
2825 : if (copy_from_user(&v32, ss, sizeof(*ss)))
2826 : return -EFAULT;
2827 :
2828 : memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2829 : v.iomem_base = compat_ptr(v32.iomem_base);
2830 : v.iomem_reg_shift = v32.iomem_reg_shift;
2831 : v.port_high = v32.port_high;
2832 : v.iomap_base = 0;
2833 :
2834 : return tty_set_serial(tty, &v);
2835 : }
2836 :
2837 : static int compat_tty_tiocgserial(struct tty_struct *tty,
2838 : struct serial_struct32 __user *ss)
2839 : {
2840 : struct serial_struct32 v32;
2841 : struct serial_struct v;
2842 : int err;
2843 :
2844 : memset(&v, 0, sizeof(v));
2845 : memset(&v32, 0, sizeof(v32));
2846 :
2847 : if (!tty->ops->get_serial)
2848 : return -ENOTTY;
2849 : err = tty->ops->get_serial(tty, &v);
2850 : if (!err) {
2851 : memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2852 : v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2853 : 0xfffffff : ptr_to_compat(v.iomem_base);
2854 : v32.iomem_reg_shift = v.iomem_reg_shift;
2855 : v32.port_high = v.port_high;
2856 : if (copy_to_user(ss, &v32, sizeof(v32)))
2857 : err = -EFAULT;
2858 : }
2859 : return err;
2860 : }
2861 : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2862 : unsigned long arg)
2863 : {
2864 : struct tty_struct *tty = file_tty(file);
2865 : struct tty_ldisc *ld;
2866 : int retval = -ENOIOCTLCMD;
2867 :
2868 : switch (cmd) {
2869 : case TIOCOUTQ:
2870 : case TIOCSTI:
2871 : case TIOCGWINSZ:
2872 : case TIOCSWINSZ:
2873 : case TIOCGEXCL:
2874 : case TIOCGETD:
2875 : case TIOCSETD:
2876 : case TIOCGDEV:
2877 : case TIOCMGET:
2878 : case TIOCMSET:
2879 : case TIOCMBIC:
2880 : case TIOCMBIS:
2881 : case TIOCGICOUNT:
2882 : case TIOCGPGRP:
2883 : case TIOCSPGRP:
2884 : case TIOCGSID:
2885 : case TIOCSERGETLSR:
2886 : case TIOCGRS485:
2887 : case TIOCSRS485:
2888 : #ifdef TIOCGETP
2889 : case TIOCGETP:
2890 : case TIOCSETP:
2891 : case TIOCSETN:
2892 : #endif
2893 : #ifdef TIOCGETC
2894 : case TIOCGETC:
2895 : case TIOCSETC:
2896 : #endif
2897 : #ifdef TIOCGLTC
2898 : case TIOCGLTC:
2899 : case TIOCSLTC:
2900 : #endif
2901 : case TCSETSF:
2902 : case TCSETSW:
2903 : case TCSETS:
2904 : case TCGETS:
2905 : #ifdef TCGETS2
2906 : case TCGETS2:
2907 : case TCSETSF2:
2908 : case TCSETSW2:
2909 : case TCSETS2:
2910 : #endif
2911 : case TCGETA:
2912 : case TCSETAF:
2913 : case TCSETAW:
2914 : case TCSETA:
2915 : case TIOCGLCKTRMIOS:
2916 : case TIOCSLCKTRMIOS:
2917 : #ifdef TCGETX
2918 : case TCGETX:
2919 : case TCSETX:
2920 : case TCSETXW:
2921 : case TCSETXF:
2922 : #endif
2923 : case TIOCGSOFTCAR:
2924 : case TIOCSSOFTCAR:
2925 :
2926 : case PPPIOCGCHAN:
2927 : case PPPIOCGUNIT:
2928 : return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2929 : case TIOCCONS:
2930 : case TIOCEXCL:
2931 : case TIOCNXCL:
2932 : case TIOCVHANGUP:
2933 : case TIOCSBRK:
2934 : case TIOCCBRK:
2935 : case TCSBRK:
2936 : case TCSBRKP:
2937 : case TCFLSH:
2938 : case TIOCGPTPEER:
2939 : case TIOCNOTTY:
2940 : case TIOCSCTTY:
2941 : case TCXONC:
2942 : case TIOCMIWAIT:
2943 : case TIOCSERCONFIG:
2944 : return tty_ioctl(file, cmd, arg);
2945 : }
2946 :
2947 : if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2948 : return -EINVAL;
2949 :
2950 : switch (cmd) {
2951 : case TIOCSSERIAL:
2952 : return compat_tty_tiocsserial(tty, compat_ptr(arg));
2953 : case TIOCGSERIAL:
2954 : return compat_tty_tiocgserial(tty, compat_ptr(arg));
2955 : }
2956 : if (tty->ops->compat_ioctl) {
2957 : retval = tty->ops->compat_ioctl(tty, cmd, arg);
2958 : if (retval != -ENOIOCTLCMD)
2959 : return retval;
2960 : }
2961 :
2962 : ld = tty_ldisc_ref_wait(tty);
2963 : if (!ld)
2964 : return hung_up_tty_compat_ioctl(file, cmd, arg);
2965 : if (ld->ops->compat_ioctl)
2966 : retval = ld->ops->compat_ioctl(tty, cmd, arg);
2967 : if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2968 : retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2969 : arg);
2970 : tty_ldisc_deref(ld);
2971 :
2972 : return retval;
2973 : }
2974 : #endif
2975 :
2976 0 : static int this_tty(const void *t, struct file *file, unsigned fd)
2977 : {
2978 0 : if (likely(file->f_op->read_iter != tty_read))
2979 : return 0;
2980 0 : return file_tty(file) != t ? 0 : fd + 1;
2981 : }
2982 :
2983 : /*
2984 : * This implements the "Secure Attention Key" --- the idea is to
2985 : * prevent trojan horses by killing all processes associated with this
2986 : * tty when the user hits the "Secure Attention Key". Required for
2987 : * super-paranoid applications --- see the Orange Book for more details.
2988 : *
2989 : * This code could be nicer; ideally it should send a HUP, wait a few
2990 : * seconds, then send a INT, and then a KILL signal. But you then
2991 : * have to coordinate with the init process, since all processes associated
2992 : * with the current tty must be dead before the new getty is allowed
2993 : * to spawn.
2994 : *
2995 : * Now, if it would be correct ;-/ The current code has a nasty hole -
2996 : * it doesn't catch files in flight. We may send the descriptor to ourselves
2997 : * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2998 : *
2999 : * Nasty bug: do_SAK is being called in interrupt context. This can
3000 : * deadlock. We punt it up to process context. AKPM - 16Mar2001
3001 : */
3002 0 : void __do_SAK(struct tty_struct *tty)
3003 : {
3004 : struct task_struct *g, *p;
3005 : struct pid *session;
3006 : int i;
3007 : unsigned long flags;
3008 :
3009 0 : spin_lock_irqsave(&tty->ctrl.lock, flags);
3010 0 : session = get_pid(tty->ctrl.session);
3011 0 : spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3012 :
3013 0 : tty_ldisc_flush(tty);
3014 :
3015 0 : tty_driver_flush_buffer(tty);
3016 :
3017 0 : read_lock(&tasklist_lock);
3018 : /* Kill the entire session */
3019 0 : do_each_pid_task(session, PIDTYPE_SID, p) {
3020 0 : tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3021 : task_pid_nr(p), p->comm);
3022 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3023 : } while_each_pid_task(session, PIDTYPE_SID, p);
3024 :
3025 : /* Now kill any processes that happen to have the tty open */
3026 0 : do_each_thread(g, p) {
3027 0 : if (p->signal->tty == tty) {
3028 0 : tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3029 : task_pid_nr(p), p->comm);
3030 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3031 : PIDTYPE_SID);
3032 0 : continue;
3033 : }
3034 0 : task_lock(p);
3035 0 : i = iterate_fd(p->files, 0, this_tty, tty);
3036 0 : if (i != 0) {
3037 0 : tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3038 : task_pid_nr(p), p->comm, i - 1);
3039 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3040 : PIDTYPE_SID);
3041 : }
3042 0 : task_unlock(p);
3043 0 : } while_each_thread(g, p);
3044 0 : read_unlock(&tasklist_lock);
3045 0 : put_pid(session);
3046 0 : }
3047 :
3048 0 : static void do_SAK_work(struct work_struct *work)
3049 : {
3050 0 : struct tty_struct *tty =
3051 0 : container_of(work, struct tty_struct, SAK_work);
3052 0 : __do_SAK(tty);
3053 0 : }
3054 :
3055 : /*
3056 : * The tq handling here is a little racy - tty->SAK_work may already be queued.
3057 : * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3058 : * the values which we write to it will be identical to the values which it
3059 : * already has. --akpm
3060 : */
3061 0 : void do_SAK(struct tty_struct *tty)
3062 : {
3063 0 : if (!tty)
3064 : return;
3065 0 : schedule_work(&tty->SAK_work);
3066 : }
3067 : EXPORT_SYMBOL(do_SAK);
3068 :
3069 : /* Must put_device() after it's unused! */
3070 0 : static struct device *tty_get_device(struct tty_struct *tty)
3071 : {
3072 0 : dev_t devt = tty_devnum(tty);
3073 :
3074 0 : return class_find_device_by_devt(tty_class, devt);
3075 : }
3076 :
3077 :
3078 : /**
3079 : * alloc_tty_struct - allocate a new tty
3080 : * @driver: driver which will handle the returned tty
3081 : * @idx: minor of the tty
3082 : *
3083 : * This subroutine allocates and initializes a tty structure.
3084 : *
3085 : * Locking: none - @tty in question is not exposed at this point
3086 : */
3087 0 : struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3088 : {
3089 : struct tty_struct *tty;
3090 :
3091 0 : tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3092 0 : if (!tty)
3093 : return NULL;
3094 :
3095 0 : kref_init(&tty->kref);
3096 0 : tty->magic = TTY_MAGIC;
3097 0 : if (tty_ldisc_init(tty)) {
3098 0 : kfree(tty);
3099 0 : return NULL;
3100 : }
3101 0 : tty->ctrl.session = NULL;
3102 0 : tty->ctrl.pgrp = NULL;
3103 0 : mutex_init(&tty->legacy_mutex);
3104 0 : mutex_init(&tty->throttle_mutex);
3105 0 : init_rwsem(&tty->termios_rwsem);
3106 0 : mutex_init(&tty->winsize_mutex);
3107 0 : init_ldsem(&tty->ldisc_sem);
3108 0 : init_waitqueue_head(&tty->write_wait);
3109 0 : init_waitqueue_head(&tty->read_wait);
3110 0 : INIT_WORK(&tty->hangup_work, do_tty_hangup);
3111 0 : mutex_init(&tty->atomic_write_lock);
3112 0 : spin_lock_init(&tty->ctrl.lock);
3113 0 : spin_lock_init(&tty->flow.lock);
3114 0 : spin_lock_init(&tty->files_lock);
3115 0 : INIT_LIST_HEAD(&tty->tty_files);
3116 0 : INIT_WORK(&tty->SAK_work, do_SAK_work);
3117 :
3118 0 : tty->driver = driver;
3119 0 : tty->ops = driver->ops;
3120 0 : tty->index = idx;
3121 0 : tty_line_name(driver, idx, tty->name);
3122 0 : tty->dev = tty_get_device(tty);
3123 :
3124 0 : return tty;
3125 : }
3126 :
3127 : /**
3128 : * tty_put_char - write one character to a tty
3129 : * @tty: tty
3130 : * @ch: character to write
3131 : *
3132 : * Write one byte to the @tty using the provided @tty->ops->put_char() method
3133 : * if present.
3134 : *
3135 : * Note: the specific put_char operation in the driver layer may go
3136 : * away soon. Don't call it directly, use this method
3137 : *
3138 : * Return: the number of characters successfully output.
3139 : */
3140 0 : int tty_put_char(struct tty_struct *tty, unsigned char ch)
3141 : {
3142 0 : if (tty->ops->put_char)
3143 0 : return tty->ops->put_char(tty, ch);
3144 0 : return tty->ops->write(tty, &ch, 1);
3145 : }
3146 : EXPORT_SYMBOL_GPL(tty_put_char);
3147 :
3148 : struct class *tty_class;
3149 :
3150 5 : static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3151 : unsigned int index, unsigned int count)
3152 : {
3153 : int err;
3154 :
3155 : /* init here, since reused cdevs cause crashes */
3156 5 : driver->cdevs[index] = cdev_alloc();
3157 5 : if (!driver->cdevs[index])
3158 : return -ENOMEM;
3159 5 : driver->cdevs[index]->ops = &tty_fops;
3160 5 : driver->cdevs[index]->owner = driver->owner;
3161 5 : err = cdev_add(driver->cdevs[index], dev, count);
3162 5 : if (err)
3163 0 : kobject_put(&driver->cdevs[index]->kobj);
3164 : return err;
3165 : }
3166 :
3167 : /**
3168 : * tty_register_device - register a tty device
3169 : * @driver: the tty driver that describes the tty device
3170 : * @index: the index in the tty driver for this tty device
3171 : * @device: a struct device that is associated with this tty device.
3172 : * This field is optional, if there is no known struct device
3173 : * for this tty device it can be set to NULL safely.
3174 : *
3175 : * This call is required to be made to register an individual tty device
3176 : * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3177 : * that bit is not set, this function should not be called by a tty
3178 : * driver.
3179 : *
3180 : * Locking: ??
3181 : *
3182 : * Return: A pointer to the struct device for this tty device (or
3183 : * ERR_PTR(-EFOO) on error).
3184 : */
3185 0 : struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3186 : struct device *device)
3187 : {
3188 512 : return tty_register_device_attr(driver, index, device, NULL, NULL);
3189 : }
3190 : EXPORT_SYMBOL(tty_register_device);
3191 :
3192 0 : static void tty_device_create_release(struct device *dev)
3193 : {
3194 : dev_dbg(dev, "releasing...\n");
3195 0 : kfree(dev);
3196 0 : }
3197 :
3198 : /**
3199 : * tty_register_device_attr - register a tty device
3200 : * @driver: the tty driver that describes the tty device
3201 : * @index: the index in the tty driver for this tty device
3202 : * @device: a struct device that is associated with this tty device.
3203 : * This field is optional, if there is no known struct device
3204 : * for this tty device it can be set to %NULL safely.
3205 : * @drvdata: Driver data to be set to device.
3206 : * @attr_grp: Attribute group to be set on device.
3207 : *
3208 : * This call is required to be made to register an individual tty device if the
3209 : * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3210 : * not set, this function should not be called by a tty driver.
3211 : *
3212 : * Locking: ??
3213 : *
3214 : * Return: A pointer to the struct device for this tty device (or
3215 : * ERR_PTR(-EFOO) on error).
3216 : */
3217 513 : struct device *tty_register_device_attr(struct tty_driver *driver,
3218 : unsigned index, struct device *device,
3219 : void *drvdata,
3220 : const struct attribute_group **attr_grp)
3221 : {
3222 : char name[64];
3223 513 : dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3224 : struct ktermios *tp;
3225 : struct device *dev;
3226 : int retval;
3227 :
3228 513 : if (index >= driver->num) {
3229 0 : pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3230 : driver->name, index);
3231 0 : return ERR_PTR(-EINVAL);
3232 : }
3233 :
3234 513 : if (driver->type == TTY_DRIVER_TYPE_PTY)
3235 512 : pty_line_name(driver, index, name);
3236 : else
3237 1 : tty_line_name(driver, index, name);
3238 :
3239 513 : dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3240 513 : if (!dev)
3241 : return ERR_PTR(-ENOMEM);
3242 :
3243 513 : dev->devt = devt;
3244 513 : dev->class = tty_class;
3245 513 : dev->parent = device;
3246 513 : dev->release = tty_device_create_release;
3247 513 : dev_set_name(dev, "%s", name);
3248 513 : dev->groups = attr_grp;
3249 1026 : dev_set_drvdata(dev, drvdata);
3250 :
3251 513 : dev_set_uevent_suppress(dev, 1);
3252 :
3253 513 : retval = device_register(dev);
3254 513 : if (retval)
3255 : goto err_put;
3256 :
3257 513 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3258 : /*
3259 : * Free any saved termios data so that the termios state is
3260 : * reset when reusing a minor number.
3261 : */
3262 1 : tp = driver->termios[index];
3263 1 : if (tp) {
3264 0 : driver->termios[index] = NULL;
3265 0 : kfree(tp);
3266 : }
3267 :
3268 1 : retval = tty_cdev_add(driver, devt, index, 1);
3269 1 : if (retval)
3270 : goto err_del;
3271 : }
3272 :
3273 513 : dev_set_uevent_suppress(dev, 0);
3274 513 : kobject_uevent(&dev->kobj, KOBJ_ADD);
3275 :
3276 513 : return dev;
3277 :
3278 : err_del:
3279 0 : device_del(dev);
3280 : err_put:
3281 0 : put_device(dev);
3282 :
3283 0 : return ERR_PTR(retval);
3284 : }
3285 : EXPORT_SYMBOL_GPL(tty_register_device_attr);
3286 :
3287 : /**
3288 : * tty_unregister_device - unregister a tty device
3289 : * @driver: the tty driver that describes the tty device
3290 : * @index: the index in the tty driver for this tty device
3291 : *
3292 : * If a tty device is registered with a call to tty_register_device() then
3293 : * this function must be called when the tty device is gone.
3294 : *
3295 : * Locking: ??
3296 : */
3297 0 : void tty_unregister_device(struct tty_driver *driver, unsigned index)
3298 : {
3299 0 : device_destroy(tty_class,
3300 0 : MKDEV(driver->major, driver->minor_start) + index);
3301 0 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3302 0 : cdev_del(driver->cdevs[index]);
3303 0 : driver->cdevs[index] = NULL;
3304 : }
3305 0 : }
3306 : EXPORT_SYMBOL(tty_unregister_device);
3307 :
3308 : /**
3309 : * __tty_alloc_driver -- allocate tty driver
3310 : * @lines: count of lines this driver can handle at most
3311 : * @owner: module which is responsible for this driver
3312 : * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
3313 : *
3314 : * This should not be called directly, some of the provided macros should be
3315 : * used instead. Use IS_ERR() and friends on @retval.
3316 : */
3317 5 : struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3318 : unsigned long flags)
3319 : {
3320 : struct tty_driver *driver;
3321 5 : unsigned int cdevs = 1;
3322 : int err;
3323 :
3324 5 : if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3325 : return ERR_PTR(-EINVAL);
3326 :
3327 5 : driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3328 5 : if (!driver)
3329 : return ERR_PTR(-ENOMEM);
3330 :
3331 10 : kref_init(&driver->kref);
3332 5 : driver->magic = TTY_DRIVER_MAGIC;
3333 5 : driver->num = lines;
3334 5 : driver->owner = owner;
3335 5 : driver->flags = flags;
3336 :
3337 5 : if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3338 6 : driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3339 : GFP_KERNEL);
3340 6 : driver->termios = kcalloc(lines, sizeof(*driver->termios),
3341 : GFP_KERNEL);
3342 3 : if (!driver->ttys || !driver->termios) {
3343 : err = -ENOMEM;
3344 : goto err_free_all;
3345 : }
3346 : }
3347 :
3348 5 : if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3349 2 : driver->ports = kcalloc(lines, sizeof(*driver->ports),
3350 : GFP_KERNEL);
3351 1 : if (!driver->ports) {
3352 : err = -ENOMEM;
3353 : goto err_free_all;
3354 : }
3355 : cdevs = lines;
3356 : }
3357 :
3358 10 : driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3359 5 : if (!driver->cdevs) {
3360 : err = -ENOMEM;
3361 : goto err_free_all;
3362 : }
3363 :
3364 : return driver;
3365 : err_free_all:
3366 0 : kfree(driver->ports);
3367 0 : kfree(driver->ttys);
3368 0 : kfree(driver->termios);
3369 0 : kfree(driver->cdevs);
3370 0 : kfree(driver);
3371 0 : return ERR_PTR(err);
3372 : }
3373 : EXPORT_SYMBOL(__tty_alloc_driver);
3374 :
3375 0 : static void destruct_tty_driver(struct kref *kref)
3376 : {
3377 0 : struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3378 : int i;
3379 : struct ktermios *tp;
3380 :
3381 0 : if (driver->flags & TTY_DRIVER_INSTALLED) {
3382 0 : for (i = 0; i < driver->num; i++) {
3383 0 : tp = driver->termios[i];
3384 0 : if (tp) {
3385 0 : driver->termios[i] = NULL;
3386 0 : kfree(tp);
3387 : }
3388 0 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3389 0 : tty_unregister_device(driver, i);
3390 : }
3391 0 : proc_tty_unregister_driver(driver);
3392 0 : if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3393 0 : cdev_del(driver->cdevs[0]);
3394 : }
3395 0 : kfree(driver->cdevs);
3396 0 : kfree(driver->ports);
3397 0 : kfree(driver->termios);
3398 0 : kfree(driver->ttys);
3399 0 : kfree(driver);
3400 0 : }
3401 :
3402 : /**
3403 : * tty_driver_kref_put -- drop a reference to a tty driver
3404 : * @driver: driver of which to drop the reference
3405 : *
3406 : * The final put will destroy and free up the driver.
3407 : */
3408 0 : void tty_driver_kref_put(struct tty_driver *driver)
3409 : {
3410 0 : kref_put(&driver->kref, destruct_tty_driver);
3411 0 : }
3412 : EXPORT_SYMBOL(tty_driver_kref_put);
3413 :
3414 : /**
3415 : * tty_register_driver -- register a tty driver
3416 : * @driver: driver to register
3417 : *
3418 : * Called by a tty driver to register itself.
3419 : */
3420 5 : int tty_register_driver(struct tty_driver *driver)
3421 : {
3422 : int error;
3423 : int i;
3424 : dev_t dev;
3425 : struct device *d;
3426 :
3427 5 : if (!driver->major) {
3428 0 : error = alloc_chrdev_region(&dev, driver->minor_start,
3429 : driver->num, driver->name);
3430 0 : if (!error) {
3431 0 : driver->major = MAJOR(dev);
3432 0 : driver->minor_start = MINOR(dev);
3433 : }
3434 : } else {
3435 5 : dev = MKDEV(driver->major, driver->minor_start);
3436 5 : error = register_chrdev_region(dev, driver->num, driver->name);
3437 : }
3438 5 : if (error < 0)
3439 : goto err;
3440 :
3441 5 : if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3442 4 : error = tty_cdev_add(driver, dev, 0, driver->num);
3443 4 : if (error)
3444 : goto err_unreg_char;
3445 : }
3446 :
3447 5 : mutex_lock(&tty_mutex);
3448 10 : list_add(&driver->tty_drivers, &tty_drivers);
3449 5 : mutex_unlock(&tty_mutex);
3450 :
3451 5 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3452 512 : for (i = 0; i < driver->num; i++) {
3453 1024 : d = tty_register_device(driver, i, NULL);
3454 512 : if (IS_ERR(d)) {
3455 0 : error = PTR_ERR(d);
3456 : goto err_unreg_devs;
3457 : }
3458 : }
3459 : }
3460 5 : proc_tty_register_driver(driver);
3461 5 : driver->flags |= TTY_DRIVER_INSTALLED;
3462 5 : return 0;
3463 :
3464 : err_unreg_devs:
3465 0 : for (i--; i >= 0; i--)
3466 0 : tty_unregister_device(driver, i);
3467 :
3468 0 : mutex_lock(&tty_mutex);
3469 0 : list_del(&driver->tty_drivers);
3470 0 : mutex_unlock(&tty_mutex);
3471 :
3472 : err_unreg_char:
3473 0 : unregister_chrdev_region(dev, driver->num);
3474 : err:
3475 : return error;
3476 : }
3477 : EXPORT_SYMBOL(tty_register_driver);
3478 :
3479 : /**
3480 : * tty_unregister_driver -- unregister a tty driver
3481 : * @driver: driver to unregister
3482 : *
3483 : * Called by a tty driver to unregister itself.
3484 : */
3485 0 : void tty_unregister_driver(struct tty_driver *driver)
3486 : {
3487 0 : unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3488 : driver->num);
3489 0 : mutex_lock(&tty_mutex);
3490 0 : list_del(&driver->tty_drivers);
3491 0 : mutex_unlock(&tty_mutex);
3492 0 : }
3493 : EXPORT_SYMBOL(tty_unregister_driver);
3494 :
3495 0 : dev_t tty_devnum(struct tty_struct *tty)
3496 : {
3497 0 : return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3498 : }
3499 : EXPORT_SYMBOL(tty_devnum);
3500 :
3501 1 : void tty_default_fops(struct file_operations *fops)
3502 : {
3503 1 : *fops = tty_fops;
3504 1 : }
3505 :
3506 516 : static char *tty_devnode(struct device *dev, umode_t *mode)
3507 : {
3508 516 : if (!mode)
3509 : return NULL;
3510 516 : if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3511 : dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3512 2 : *mode = 0666;
3513 : return NULL;
3514 : }
3515 :
3516 1 : static int __init tty_class_init(void)
3517 : {
3518 1 : tty_class = class_create(THIS_MODULE, "tty");
3519 2 : if (IS_ERR(tty_class))
3520 0 : return PTR_ERR(tty_class);
3521 1 : tty_class->devnode = tty_devnode;
3522 1 : return 0;
3523 : }
3524 :
3525 : postcore_initcall(tty_class_init);
3526 :
3527 : /* 3/2004 jmc: why do these devices exist? */
3528 : static struct cdev tty_cdev, console_cdev;
3529 :
3530 0 : static ssize_t show_cons_active(struct device *dev,
3531 : struct device_attribute *attr, char *buf)
3532 : {
3533 : struct console *cs[16];
3534 0 : int i = 0;
3535 : struct console *c;
3536 0 : ssize_t count = 0;
3537 :
3538 0 : console_lock();
3539 0 : for_each_console(c) {
3540 0 : if (!c->device)
3541 0 : continue;
3542 0 : if (!c->write)
3543 0 : continue;
3544 0 : if ((c->flags & CON_ENABLED) == 0)
3545 0 : continue;
3546 0 : cs[i++] = c;
3547 0 : if (i >= ARRAY_SIZE(cs))
3548 : break;
3549 : }
3550 0 : while (i--) {
3551 0 : int index = cs[i]->index;
3552 0 : struct tty_driver *drv = cs[i]->device(cs[i], &index);
3553 :
3554 : /* don't resolve tty0 as some programs depend on it */
3555 0 : if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3556 0 : count += tty_line_name(drv, index, buf + count);
3557 : else
3558 0 : count += sprintf(buf + count, "%s%d",
3559 0 : cs[i]->name, cs[i]->index);
3560 :
3561 0 : count += sprintf(buf + count, "%c", i ? ' ':'\n');
3562 : }
3563 0 : console_unlock();
3564 :
3565 0 : return count;
3566 : }
3567 : static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3568 :
3569 : static struct attribute *cons_dev_attrs[] = {
3570 : &dev_attr_active.attr,
3571 : NULL
3572 : };
3573 :
3574 : ATTRIBUTE_GROUPS(cons_dev);
3575 :
3576 : static struct device *consdev;
3577 :
3578 2 : void console_sysfs_notify(void)
3579 : {
3580 2 : if (consdev)
3581 2 : sysfs_notify(&consdev->kobj, NULL, "active");
3582 2 : }
3583 :
3584 : /*
3585 : * Ok, now we can initialize the rest of the tty devices and can count
3586 : * on memory allocations, interrupts etc..
3587 : */
3588 1 : int __init tty_init(void)
3589 : {
3590 1 : tty_sysctl_init();
3591 1 : cdev_init(&tty_cdev, &tty_fops);
3592 2 : if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3593 1 : register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3594 0 : panic("Couldn't register /dev/tty driver\n");
3595 1 : device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3596 :
3597 1 : cdev_init(&console_cdev, &console_fops);
3598 2 : if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3599 1 : register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3600 0 : panic("Couldn't register /dev/console driver\n");
3601 1 : consdev = device_create_with_groups(tty_class, NULL,
3602 : MKDEV(TTYAUX_MAJOR, 1), NULL,
3603 : cons_dev_groups, "console");
3604 2 : if (IS_ERR(consdev))
3605 0 : consdev = NULL;
3606 :
3607 : #ifdef CONFIG_VT
3608 : vty_init(&console_fops);
3609 : #endif
3610 1 : return 0;
3611 : }
3612 :
|
