Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6/*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched/signal.h>
74#include <linux/sched/task.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/fdtable.h>
82#include <linux/console.h>
83#include <linux/timer.h>
84#include <linux/ctype.h>
85#include <linux/kd.h>
86#include <linux/mm.h>
87#include <linux/string.h>
88#include <linux/slab.h>
89#include <linux/poll.h>
90#include <linux/ppp-ioctl.h>
91#include <linux/proc_fs.h>
92#include <linux/init.h>
93#include <linux/module.h>
94#include <linux/device.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
97#include <linux/delay.h>
98#include <linux/seq_file.h>
99#include <linux/serial.h>
100#include <linux/ratelimit.h>
101#include <linux/compat.h>
102#include <linux/uaccess.h>
103#include <linux/termios_internal.h>
104#include <linux/fs.h>
105
106#include <linux/kbd_kern.h>
107#include <linux/vt_kern.h>
108#include <linux/selection.h>
109
110#include <linux/kmod.h>
111#include <linux/nsproxy.h>
112#include "tty.h"
113
114#undef TTY_DEBUG_HANGUP
115#ifdef TTY_DEBUG_HANGUP
116# define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
117#else
118# define tty_debug_hangup(tty, f, args...) do { } while (0)
119#endif
120
121#define TTY_PARANOIA_CHECK 1
122#define CHECK_TTY_COUNT 1
123
124struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
125 .c_iflag = ICRNL | IXON,
126 .c_oflag = OPOST | ONLCR,
127 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
128 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
129 ECHOCTL | ECHOKE | IEXTEN,
130 .c_cc = INIT_C_CC,
131 .c_ispeed = 38400,
132 .c_ospeed = 38400,
133 /* .c_line = N_TTY, */
134};
135EXPORT_SYMBOL(tty_std_termios);
136
137/* This list gets poked at by procfs and various bits of boot up code. This
138 * could do with some rationalisation such as pulling the tty proc function
139 * into this file.
140 */
141
142LIST_HEAD(tty_drivers); /* linked list of tty drivers */
143
144/* Mutex to protect creating and releasing a tty */
145DEFINE_MUTEX(tty_mutex);
146
147static ssize_t tty_read(struct kiocb *, struct iov_iter *);
148static ssize_t tty_write(struct kiocb *, struct iov_iter *);
149static __poll_t tty_poll(struct file *, poll_table *);
150static int tty_open(struct inode *, struct file *);
151#ifdef CONFIG_COMPAT
152static long tty_compat_ioctl(struct file *file, unsigned int cmd,
153 unsigned long arg);
154#else
155#define tty_compat_ioctl NULL
156#endif
157static int __tty_fasync(int fd, struct file *filp, int on);
158static int tty_fasync(int fd, struct file *filp, int on);
159static void release_tty(struct tty_struct *tty, int idx);
160
161/**
162 * free_tty_struct - free a disused tty
163 * @tty: tty struct to free
164 *
165 * Free the write buffers, tty queue and tty memory itself.
166 *
167 * Locking: none. Must be called after tty is definitely unused
168 */
169static void free_tty_struct(struct tty_struct *tty)
170{
171 tty_ldisc_deinit(tty);
172 put_device(tty->dev);
173 kvfree(tty->write_buf);
174 kfree(tty);
175}
176
177static inline struct tty_struct *file_tty(struct file *file)
178{
179 return ((struct tty_file_private *)file->private_data)->tty;
180}
181
182int tty_alloc_file(struct file *file)
183{
184 struct tty_file_private *priv;
185
186 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 if (!priv)
188 return -ENOMEM;
189
190 file->private_data = priv;
191
192 return 0;
193}
194
195/* Associate a new file with the tty structure */
196void tty_add_file(struct tty_struct *tty, struct file *file)
197{
198 struct tty_file_private *priv = file->private_data;
199
200 priv->tty = tty;
201 priv->file = file;
202
203 spin_lock(&tty->files_lock);
204 list_add(&priv->list, &tty->tty_files);
205 spin_unlock(&tty->files_lock);
206}
207
208/**
209 * tty_free_file - free file->private_data
210 * @file: to free private_data of
211 *
212 * This shall be used only for fail path handling when tty_add_file was not
213 * called yet.
214 */
215void tty_free_file(struct file *file)
216{
217 struct tty_file_private *priv = file->private_data;
218
219 file->private_data = NULL;
220 kfree(priv);
221}
222
223/* Delete file from its tty */
224static void tty_del_file(struct file *file)
225{
226 struct tty_file_private *priv = file->private_data;
227 struct tty_struct *tty = priv->tty;
228
229 spin_lock(&tty->files_lock);
230 list_del(&priv->list);
231 spin_unlock(&tty->files_lock);
232 tty_free_file(file);
233}
234
235/**
236 * tty_name - return tty naming
237 * @tty: tty structure
238 *
239 * Convert a tty structure into a name. The name reflects the kernel naming
240 * policy and if udev is in use may not reflect user space
241 *
242 * Locking: none
243 */
244const char *tty_name(const struct tty_struct *tty)
245{
246 if (!tty) /* Hmm. NULL pointer. That's fun. */
247 return "NULL tty";
248 return tty->name;
249}
250EXPORT_SYMBOL(tty_name);
251
252const char *tty_driver_name(const struct tty_struct *tty)
253{
254 if (!tty || !tty->driver)
255 return "";
256 return tty->driver->name;
257}
258
259static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 const char *routine)
261{
262#ifdef TTY_PARANOIA_CHECK
263 if (!tty) {
264 pr_warn("(%d:%d): %s: NULL tty\n",
265 imajor(inode), iminor(inode), routine);
266 return 1;
267 }
268#endif
269 return 0;
270}
271
272/* Caller must hold tty_lock */
273static void check_tty_count(struct tty_struct *tty, const char *routine)
274{
275#ifdef CHECK_TTY_COUNT
276 struct list_head *p;
277 int count = 0, kopen_count = 0;
278
279 spin_lock(&tty->files_lock);
280 list_for_each(p, &tty->tty_files) {
281 count++;
282 }
283 spin_unlock(&tty->files_lock);
284 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
285 tty->driver->subtype == PTY_TYPE_SLAVE &&
286 tty->link && tty->link->count)
287 count++;
288 if (tty_port_kopened(tty->port))
289 kopen_count++;
290 if (tty->count != (count + kopen_count)) {
291 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
292 routine, tty->count, count, kopen_count);
293 }
294#endif
295}
296
297/**
298 * get_tty_driver - find device of a tty
299 * @device: device identifier
300 * @index: returns the index of the tty
301 *
302 * This routine returns a tty driver structure, given a device number and also
303 * passes back the index number.
304 *
305 * Locking: caller must hold tty_mutex
306 */
307static struct tty_driver *get_tty_driver(dev_t device, int *index)
308{
309 struct tty_driver *p;
310
311 list_for_each_entry(p, &tty_drivers, tty_drivers) {
312 dev_t base = MKDEV(p->major, p->minor_start);
313
314 if (device < base || device >= base + p->num)
315 continue;
316 *index = device - base;
317 return tty_driver_kref_get(p);
318 }
319 return NULL;
320}
321
322/**
323 * tty_dev_name_to_number - return dev_t for device name
324 * @name: user space name of device under /dev
325 * @number: pointer to dev_t that this function will populate
326 *
327 * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
328 * (4, 64) or (188, 1). If no corresponding driver is registered then the
329 * function returns -%ENODEV.
330 *
331 * Locking: this acquires tty_mutex to protect the tty_drivers list from
332 * being modified while we are traversing it, and makes sure to
333 * release it before exiting.
334 */
335int tty_dev_name_to_number(const char *name, dev_t *number)
336{
337 struct tty_driver *p;
338 int ret;
339 int index, prefix_length = 0;
340 const char *str;
341
342 for (str = name; *str && !isdigit(*str); str++)
343 ;
344
345 if (!*str)
346 return -EINVAL;
347
348 ret = kstrtoint(str, 10, &index);
349 if (ret)
350 return ret;
351
352 prefix_length = str - name;
353
354 guard(mutex)(&tty_mutex);
355
356 list_for_each_entry(p, &tty_drivers, tty_drivers)
357 if (prefix_length == strlen(p->name) && strncmp(name,
358 p->name, prefix_length) == 0) {
359 if (index < p->num) {
360 *number = MKDEV(p->major, p->minor_start + index);
361 return 0;
362 }
363 }
364
365 return -ENODEV;
366}
367EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
368
369#ifdef CONFIG_CONSOLE_POLL
370
371/**
372 * tty_find_polling_driver - find device of a polled tty
373 * @name: name string to match
374 * @line: pointer to resulting tty line nr
375 *
376 * This routine returns a tty driver structure, given a name and the condition
377 * that the tty driver is capable of polled operation.
378 */
379struct tty_driver *tty_find_polling_driver(char *name, int *line)
380{
381 struct tty_driver *p, *res = NULL;
382 int tty_line = 0;
383 int len;
384 char *str, *stp;
385
386 for (str = name; *str; str++)
387 if ((*str >= '0' && *str <= '9') || *str == ',')
388 break;
389 if (!*str)
390 return NULL;
391
392 len = str - name;
393 tty_line = simple_strtoul(str, &str, 10);
394
395 mutex_lock(&tty_mutex);
396 /* Search through the tty devices to look for a match */
397 list_for_each_entry(p, &tty_drivers, tty_drivers) {
398 if (!len || strncmp(name, p->name, len) != 0)
399 continue;
400 stp = str;
401 if (*stp == ',')
402 stp++;
403 if (*stp == '\0')
404 stp = NULL;
405
406 if (tty_line >= 0 && tty_line < p->num && p->ops &&
407 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
408 res = tty_driver_kref_get(p);
409 *line = tty_line;
410 break;
411 }
412 }
413 mutex_unlock(&tty_mutex);
414
415 return res;
416}
417EXPORT_SYMBOL_GPL(tty_find_polling_driver);
418#endif
419
420static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
421{
422 return 0;
423}
424
425static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
426{
427 return -EIO;
428}
429
430/* No kernel lock held - none needed ;) */
431static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
432{
433 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
434}
435
436static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
437 unsigned long arg)
438{
439 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
440}
441
442static long hung_up_tty_compat_ioctl(struct file *file,
443 unsigned int cmd, unsigned long arg)
444{
445 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
446}
447
448static int hung_up_tty_fasync(int fd, struct file *file, int on)
449{
450 return -ENOTTY;
451}
452
453static void tty_show_fdinfo(struct seq_file *m, struct file *file)
454{
455 struct tty_struct *tty = file_tty(file);
456
457 if (tty && tty->ops && tty->ops->show_fdinfo)
458 tty->ops->show_fdinfo(tty, m);
459}
460
461static const struct file_operations tty_fops = {
462 .read_iter = tty_read,
463 .write_iter = tty_write,
464 .splice_read = copy_splice_read,
465 .splice_write = iter_file_splice_write,
466 .poll = tty_poll,
467 .unlocked_ioctl = tty_ioctl,
468 .compat_ioctl = tty_compat_ioctl,
469 .open = tty_open,
470 .release = tty_release,
471 .fasync = tty_fasync,
472 .show_fdinfo = tty_show_fdinfo,
473};
474
475static const struct file_operations console_fops = {
476 .read_iter = tty_read,
477 .write_iter = redirected_tty_write,
478 .splice_read = copy_splice_read,
479 .splice_write = iter_file_splice_write,
480 .poll = tty_poll,
481 .unlocked_ioctl = tty_ioctl,
482 .compat_ioctl = tty_compat_ioctl,
483 .open = tty_open,
484 .release = tty_release,
485 .fasync = tty_fasync,
486};
487
488static const struct file_operations hung_up_tty_fops = {
489 .read_iter = hung_up_tty_read,
490 .write_iter = hung_up_tty_write,
491 .poll = hung_up_tty_poll,
492 .unlocked_ioctl = hung_up_tty_ioctl,
493 .compat_ioctl = hung_up_tty_compat_ioctl,
494 .release = tty_release,
495 .fasync = hung_up_tty_fasync,
496};
497
498static DEFINE_SPINLOCK(redirect_lock);
499static struct file *redirect;
500
501/**
502 * tty_wakeup - request more data
503 * @tty: terminal
504 *
505 * Internal and external helper for wakeups of tty. This function informs the
506 * line discipline if present that the driver is ready to receive more output
507 * data.
508 */
509void tty_wakeup(struct tty_struct *tty)
510{
511 struct tty_ldisc *ld;
512
513 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
514 ld = tty_ldisc_ref(tty);
515 if (ld) {
516 if (ld->ops->write_wakeup)
517 ld->ops->write_wakeup(tty);
518 tty_ldisc_deref(ld);
519 }
520 }
521 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
522}
523EXPORT_SYMBOL_GPL(tty_wakeup);
524
525/**
526 * tty_release_redirect - Release a redirect on a pty if present
527 * @tty: tty device
528 *
529 * This is available to the pty code so if the master closes, if the slave is a
530 * redirect it can release the redirect.
531 */
532static struct file *tty_release_redirect(struct tty_struct *tty)
533{
534 struct file *f = NULL;
535
536 spin_lock(&redirect_lock);
537 if (redirect && file_tty(redirect) == tty) {
538 f = redirect;
539 redirect = NULL;
540 }
541 spin_unlock(&redirect_lock);
542
543 return f;
544}
545
546/**
547 * __tty_hangup - actual handler for hangup events
548 * @tty: tty device
549 * @exit_session: if non-zero, signal all foreground group processes
550 *
551 * This can be called by a "kworker" kernel thread. That is process synchronous
552 * but doesn't hold any locks, so we need to make sure we have the appropriate
553 * locks for what we're doing.
554 *
555 * The hangup event clears any pending redirections onto the hung up device. It
556 * ensures future writes will error and it does the needed line discipline
557 * hangup and signal delivery. The tty object itself remains intact.
558 *
559 * Locking:
560 * * BTM
561 *
562 * * redirect lock for undoing redirection
563 * * file list lock for manipulating list of ttys
564 * * tty_ldiscs_lock from called functions
565 * * termios_rwsem resetting termios data
566 * * tasklist_lock to walk task list for hangup event
567 *
568 * * ->siglock to protect ->signal/->sighand
569 *
570 */
571static void __tty_hangup(struct tty_struct *tty, int exit_session)
572{
573 struct file *cons_filp = NULL;
574 struct file *filp, *f;
575 struct tty_file_private *priv;
576 int closecount = 0, n;
577 int refs;
578
579 if (!tty)
580 return;
581
582 f = tty_release_redirect(tty);
583
584 tty_lock(tty);
585
586 if (test_bit(TTY_HUPPED, &tty->flags)) {
587 tty_unlock(tty);
588 return;
589 }
590
591 /*
592 * Some console devices aren't actually hung up for technical and
593 * historical reasons, which can lead to indefinite interruptible
594 * sleep in n_tty_read(). The following explicitly tells
595 * n_tty_read() to abort readers.
596 */
597 set_bit(TTY_HUPPING, &tty->flags);
598
599 /* inuse_filps is protected by the single tty lock,
600 * this really needs to change if we want to flush the
601 * workqueue with the lock held.
602 */
603 check_tty_count(tty, "tty_hangup");
604
605 spin_lock(&tty->files_lock);
606 /* This breaks for file handles being sent over AF_UNIX sockets ? */
607 list_for_each_entry(priv, &tty->tty_files, list) {
608 filp = priv->file;
609 if (filp->f_op->write_iter == redirected_tty_write)
610 cons_filp = filp;
611 if (filp->f_op->write_iter != tty_write)
612 continue;
613 closecount++;
614 __tty_fasync(-1, filp, 0); /* can't block */
615 filp->f_op = &hung_up_tty_fops;
616 }
617 spin_unlock(&tty->files_lock);
618
619 refs = tty_signal_session_leader(tty, exit_session);
620 /* Account for the p->signal references we killed */
621 while (refs--)
622 tty_kref_put(tty);
623
624 tty_ldisc_hangup(tty, cons_filp != NULL);
625
626 spin_lock_irq(&tty->ctrl.lock);
627 clear_bit(TTY_THROTTLED, &tty->flags);
628 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
629 put_pid(tty->ctrl.session);
630 put_pid(tty->ctrl.pgrp);
631 tty->ctrl.session = NULL;
632 tty->ctrl.pgrp = NULL;
633 tty->ctrl.pktstatus = 0;
634 spin_unlock_irq(&tty->ctrl.lock);
635
636 /*
637 * If one of the devices matches a console pointer, we
638 * cannot just call hangup() because that will cause
639 * tty->count and state->count to go out of sync.
640 * So we just call close() the right number of times.
641 */
642 if (cons_filp) {
643 if (tty->ops->close)
644 for (n = 0; n < closecount; n++)
645 tty->ops->close(tty, cons_filp);
646 } else if (tty->ops->hangup)
647 tty->ops->hangup(tty);
648 /*
649 * We don't want to have driver/ldisc interactions beyond the ones
650 * we did here. The driver layer expects no calls after ->hangup()
651 * from the ldisc side, which is now guaranteed.
652 */
653 set_bit(TTY_HUPPED, &tty->flags);
654 clear_bit(TTY_HUPPING, &tty->flags);
655 tty_unlock(tty);
656
657 if (f)
658 fput(f);
659}
660
661static void do_tty_hangup(struct work_struct *work)
662{
663 struct tty_struct *tty =
664 container_of(work, struct tty_struct, hangup_work);
665
666 __tty_hangup(tty, 0);
667}
668
669/**
670 * tty_hangup - trigger a hangup event
671 * @tty: tty to hangup
672 *
673 * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
674 * hangup sequence to run after this event.
675 */
676void tty_hangup(struct tty_struct *tty)
677{
678 tty_debug_hangup(tty, "hangup\n");
679 schedule_work(&tty->hangup_work);
680}
681EXPORT_SYMBOL(tty_hangup);
682
683/**
684 * tty_vhangup - process vhangup
685 * @tty: tty to hangup
686 *
687 * The user has asked via system call for the terminal to be hung up. We do
688 * this synchronously so that when the syscall returns the process is complete.
689 * That guarantee is necessary for security reasons.
690 */
691void tty_vhangup(struct tty_struct *tty)
692{
693 tty_debug_hangup(tty, "vhangup\n");
694 __tty_hangup(tty, 0);
695}
696EXPORT_SYMBOL(tty_vhangup);
697
698
699/**
700 * tty_vhangup_self - process vhangup for own ctty
701 *
702 * Perform a vhangup on the current controlling tty
703 */
704void tty_vhangup_self(void)
705{
706 struct tty_struct *tty;
707
708 tty = get_current_tty();
709 if (tty) {
710 tty_vhangup(tty);
711 tty_kref_put(tty);
712 }
713}
714
715/**
716 * tty_vhangup_session - hangup session leader exit
717 * @tty: tty to hangup
718 *
719 * The session leader is exiting and hanging up its controlling terminal.
720 * Every process in the foreground process group is signalled %SIGHUP.
721 *
722 * We do this synchronously so that when the syscall returns the process is
723 * complete. That guarantee is necessary for security reasons.
724 */
725void tty_vhangup_session(struct tty_struct *tty)
726{
727 tty_debug_hangup(tty, "session hangup\n");
728 __tty_hangup(tty, 1);
729}
730
731/**
732 * tty_hung_up_p - was tty hung up
733 * @filp: file pointer of tty
734 *
735 * Return: true if the tty has been subject to a vhangup or a carrier loss
736 */
737int tty_hung_up_p(struct file *filp)
738{
739 return (filp && filp->f_op == &hung_up_tty_fops);
740}
741EXPORT_SYMBOL(tty_hung_up_p);
742
743void __stop_tty(struct tty_struct *tty)
744{
745 if (tty->flow.stopped)
746 return;
747 tty->flow.stopped = true;
748 if (tty->ops->stop)
749 tty->ops->stop(tty);
750}
751
752/**
753 * stop_tty - propagate flow control
754 * @tty: tty to stop
755 *
756 * Perform flow control to the driver. May be called on an already stopped
757 * device and will not re-call the &tty_driver->stop() method.
758 *
759 * This functionality is used by both the line disciplines for halting incoming
760 * flow and by the driver. It may therefore be called from any context, may be
761 * under the tty %atomic_write_lock but not always.
762 *
763 * Locking:
764 * flow.lock
765 */
766void stop_tty(struct tty_struct *tty)
767{
768 unsigned long flags;
769
770 spin_lock_irqsave(&tty->flow.lock, flags);
771 __stop_tty(tty);
772 spin_unlock_irqrestore(&tty->flow.lock, flags);
773}
774EXPORT_SYMBOL(stop_tty);
775
776void __start_tty(struct tty_struct *tty)
777{
778 if (!tty->flow.stopped || tty->flow.tco_stopped)
779 return;
780 tty->flow.stopped = false;
781 if (tty->ops->start)
782 tty->ops->start(tty);
783 tty_wakeup(tty);
784}
785
786/**
787 * start_tty - propagate flow control
788 * @tty: tty to start
789 *
790 * Start a tty that has been stopped if at all possible. If @tty was previously
791 * stopped and is now being started, the &tty_driver->start() method is invoked
792 * and the line discipline woken.
793 *
794 * Locking:
795 * flow.lock
796 */
797void start_tty(struct tty_struct *tty)
798{
799 unsigned long flags;
800
801 spin_lock_irqsave(&tty->flow.lock, flags);
802 __start_tty(tty);
803 spin_unlock_irqrestore(&tty->flow.lock, flags);
804}
805EXPORT_SYMBOL(start_tty);
806
807static void tty_update_time(struct tty_struct *tty, bool mtime)
808{
809 time64_t sec = ktime_get_real_seconds();
810 struct tty_file_private *priv;
811
812 spin_lock(&tty->files_lock);
813 list_for_each_entry(priv, &tty->tty_files, list) {
814 struct inode *inode = file_inode(priv->file);
815 struct timespec64 time = mtime ? inode_get_mtime(inode) : inode_get_atime(inode);
816
817 /*
818 * We only care if the two values differ in anything other than the
819 * lower three bits (i.e every 8 seconds). If so, then we can update
820 * the time of the tty device, otherwise it could be construded as a
821 * security leak to let userspace know the exact timing of the tty.
822 */
823 if ((sec ^ time.tv_sec) & ~7) {
824 if (mtime)
825 inode_set_mtime(inode, sec, 0);
826 else
827 inode_set_atime(inode, sec, 0);
828 }
829 }
830 spin_unlock(&tty->files_lock);
831}
832
833/*
834 * Iterate on the ldisc ->read() function until we've gotten all
835 * the data the ldisc has for us.
836 *
837 * The "cookie" is something that the ldisc read function can fill
838 * in to let us know that there is more data to be had.
839 *
840 * We promise to continue to call the ldisc until it stops returning
841 * data or clears the cookie. The cookie may be something that the
842 * ldisc maintains state for and needs to free.
843 */
844static ssize_t iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
845 struct file *file, struct iov_iter *to)
846{
847 void *cookie = NULL;
848 unsigned long offset = 0;
849 ssize_t retval = 0;
850 size_t copied, count = iov_iter_count(to);
851 u8 kernel_buf[64];
852
853 do {
854 ssize_t size = min(count, sizeof(kernel_buf));
855
856 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
857 if (!size)
858 break;
859
860 if (size < 0) {
861 /* Did we have an earlier error (ie -EFAULT)? */
862 if (retval)
863 break;
864 retval = size;
865
866 /*
867 * -EOVERFLOW means we didn't have enough space
868 * for a whole packet, and we shouldn't return
869 * a partial result.
870 */
871 if (retval == -EOVERFLOW)
872 offset = 0;
873 break;
874 }
875
876 copied = copy_to_iter(kernel_buf, size, to);
877 offset += copied;
878 count -= copied;
879
880 /*
881 * If the user copy failed, we still need to do another ->read()
882 * call if we had a cookie to let the ldisc clear up.
883 *
884 * But make sure size is zeroed.
885 */
886 if (unlikely(copied != size)) {
887 count = 0;
888 retval = -EFAULT;
889 }
890 } while (cookie);
891
892 /* We always clear tty buffer in case they contained passwords */
893 memzero_explicit(kernel_buf, sizeof(kernel_buf));
894 return offset ? offset : retval;
895}
896
897
898/**
899 * tty_read - read method for tty device files
900 * @iocb: kernel I/O control block
901 * @to: destination for the data read
902 *
903 * Perform the read system call function on this terminal device. Checks
904 * for hung up devices before calling the line discipline method.
905 *
906 * Locking:
907 * Locks the line discipline internally while needed. Multiple read calls
908 * may be outstanding in parallel.
909 */
910static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
911{
912 struct file *file = iocb->ki_filp;
913 struct inode *inode = file_inode(file);
914 struct tty_struct *tty = file_tty(file);
915 struct tty_ldisc *ld;
916 ssize_t ret;
917
918 if (tty_paranoia_check(tty, inode, "tty_read"))
919 return -EIO;
920 if (!tty || tty_io_error(tty))
921 return -EIO;
922
923 /* We want to wait for the line discipline to sort out in this
924 * situation.
925 */
926 ld = tty_ldisc_ref_wait(tty);
927 if (!ld)
928 return hung_up_tty_read(iocb, to);
929 ret = -EIO;
930 if (ld->ops->read)
931 ret = iterate_tty_read(ld, tty, file, to);
932 tty_ldisc_deref(ld);
933
934 if (ret > 0)
935 tty_update_time(tty, false);
936
937 return ret;
938}
939
940void tty_write_unlock(struct tty_struct *tty)
941{
942 mutex_unlock(&tty->atomic_write_lock);
943 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
944}
945
946int tty_write_lock(struct tty_struct *tty, bool ndelay)
947{
948 if (!mutex_trylock(&tty->atomic_write_lock)) {
949 if (ndelay)
950 return -EAGAIN;
951 if (mutex_lock_interruptible(&tty->atomic_write_lock))
952 return -ERESTARTSYS;
953 }
954 return 0;
955}
956
957/*
958 * Split writes up in sane blocksizes to avoid
959 * denial-of-service type attacks
960 */
961static ssize_t iterate_tty_write(struct tty_ldisc *ld, struct tty_struct *tty,
962 struct file *file, struct iov_iter *from)
963{
964 size_t chunk, count = iov_iter_count(from);
965 ssize_t ret, written = 0;
966
967 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
968 if (ret < 0)
969 return ret;
970
971 /*
972 * We chunk up writes into a temporary buffer. This
973 * simplifies low-level drivers immensely, since they
974 * don't have locking issues and user mode accesses.
975 *
976 * But if TTY_NO_WRITE_SPLIT is set, we should use a
977 * big chunk-size..
978 *
979 * The default chunk-size is 2kB, because the NTTY
980 * layer has problems with bigger chunks. It will
981 * claim to be able to handle more characters than
982 * it actually does.
983 */
984 chunk = 2048;
985 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
986 chunk = 65536;
987 if (count < chunk)
988 chunk = count;
989
990 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
991 if (tty->write_cnt < chunk) {
992 u8 *buf_chunk;
993
994 if (chunk < 1024)
995 chunk = 1024;
996
997 buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
998 if (!buf_chunk) {
999 ret = -ENOMEM;
1000 goto out;
1001 }
1002 kvfree(tty->write_buf);
1003 tty->write_cnt = chunk;
1004 tty->write_buf = buf_chunk;
1005 }
1006
1007 /* Do the write .. */
1008 for (;;) {
1009 size_t size = min(chunk, count);
1010
1011 ret = -EFAULT;
1012 if (copy_from_iter(tty->write_buf, size, from) != size)
1013 break;
1014
1015 ret = ld->ops->write(tty, file, tty->write_buf, size);
1016 if (ret <= 0)
1017 break;
1018
1019 written += ret;
1020 if (ret > size)
1021 break;
1022
1023 /* FIXME! Have Al check this! */
1024 if (ret != size)
1025 iov_iter_revert(from, size-ret);
1026
1027 count -= ret;
1028 if (!count)
1029 break;
1030 ret = -ERESTARTSYS;
1031 if (signal_pending(current))
1032 break;
1033 cond_resched();
1034 }
1035 if (written) {
1036 tty_update_time(tty, true);
1037 ret = written;
1038 }
1039out:
1040 tty_write_unlock(tty);
1041 return ret;
1042}
1043
1044#ifdef CONFIG_PRINT_QUOTA_WARNING
1045/**
1046 * tty_write_message - write a message to a certain tty, not just the console.
1047 * @tty: the destination tty_struct
1048 * @msg: the message to write
1049 *
1050 * This is used for messages that need to be redirected to a specific tty. We
1051 * don't put it into the syslog queue right now maybe in the future if really
1052 * needed.
1053 *
1054 * We must still hold the BTM and test the CLOSING flag for the moment.
1055 *
1056 * This function is DEPRECATED, do not use in new code.
1057 */
1058void tty_write_message(struct tty_struct *tty, char *msg)
1059{
1060 if (tty) {
1061 mutex_lock(&tty->atomic_write_lock);
1062 tty_lock(tty);
1063 if (tty->ops->write && tty->count > 0)
1064 tty->ops->write(tty, msg, strlen(msg));
1065 tty_unlock(tty);
1066 tty_write_unlock(tty);
1067 }
1068}
1069#endif
1070
1071static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1072{
1073 struct tty_struct *tty = file_tty(file);
1074 struct tty_ldisc *ld;
1075 ssize_t ret;
1076
1077 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1078 return -EIO;
1079 if (!tty || !tty->ops->write || tty_io_error(tty))
1080 return -EIO;
1081 /* Short term debug to catch buggy drivers */
1082 if (tty->ops->write_room == NULL)
1083 tty_err(tty, "missing write_room method\n");
1084 ld = tty_ldisc_ref_wait(tty);
1085 if (!ld)
1086 return hung_up_tty_write(iocb, from);
1087 if (!ld->ops->write)
1088 ret = -EIO;
1089 else
1090 ret = iterate_tty_write(ld, tty, file, from);
1091 tty_ldisc_deref(ld);
1092 return ret;
1093}
1094
1095/**
1096 * tty_write - write method for tty device file
1097 * @iocb: kernel I/O control block
1098 * @from: iov_iter with data to write
1099 *
1100 * Write data to a tty device via the line discipline.
1101 *
1102 * Locking:
1103 * Locks the line discipline as required
1104 * Writes to the tty driver are serialized by the atomic_write_lock
1105 * and are then processed in chunks to the device. The line
1106 * discipline write method will not be invoked in parallel for
1107 * each device.
1108 */
1109static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1110{
1111 return file_tty_write(iocb->ki_filp, iocb, from);
1112}
1113
1114ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1115{
1116 struct file *p = NULL;
1117
1118 spin_lock(&redirect_lock);
1119 if (redirect)
1120 p = get_file(redirect);
1121 spin_unlock(&redirect_lock);
1122
1123 /*
1124 * We know the redirected tty is just another tty, we can
1125 * call file_tty_write() directly with that file pointer.
1126 */
1127 if (p) {
1128 ssize_t res;
1129
1130 res = file_tty_write(p, iocb, iter);
1131 fput(p);
1132 return res;
1133 }
1134 return tty_write(iocb, iter);
1135}
1136
1137/**
1138 * tty_send_xchar - send priority character
1139 * @tty: the tty to send to
1140 * @ch: xchar to send
1141 *
1142 * Send a high priority character to the tty even if stopped.
1143 *
1144 * Locking: none for xchar method, write ordering for write method.
1145 */
1146int tty_send_xchar(struct tty_struct *tty, u8 ch)
1147{
1148 bool was_stopped = tty->flow.stopped;
1149
1150 if (tty->ops->send_xchar) {
1151 down_read(&tty->termios_rwsem);
1152 tty->ops->send_xchar(tty, ch);
1153 up_read(&tty->termios_rwsem);
1154 return 0;
1155 }
1156
1157 if (tty_write_lock(tty, false) < 0)
1158 return -ERESTARTSYS;
1159
1160 down_read(&tty->termios_rwsem);
1161 if (was_stopped)
1162 start_tty(tty);
1163 tty->ops->write(tty, &ch, 1);
1164 if (was_stopped)
1165 stop_tty(tty);
1166 up_read(&tty->termios_rwsem);
1167 tty_write_unlock(tty);
1168 return 0;
1169}
1170
1171/**
1172 * pty_line_name - generate name for a pty
1173 * @driver: the tty driver in use
1174 * @index: the minor number
1175 * @p: output buffer of at least 6 bytes
1176 *
1177 * Generate a name from a @driver reference and write it to the output buffer
1178 * @p.
1179 *
1180 * Locking: None
1181 */
1182static void pty_line_name(struct tty_driver *driver, int index, char *p)
1183{
1184 static const char ptychar[] = "pqrstuvwxyzabcde";
1185 int i = index + driver->name_base;
1186 /* ->name is initialized to "ttyp", but "tty" is expected */
1187 sprintf(p, "%s%c%x",
1188 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1189 ptychar[i >> 4 & 0xf], i & 0xf);
1190}
1191
1192/**
1193 * tty_line_name - generate name for a tty
1194 * @driver: the tty driver in use
1195 * @index: the minor number
1196 * @p: output buffer of at least 7 bytes
1197 *
1198 * Generate a name from a @driver reference and write it to the output buffer
1199 * @p.
1200 *
1201 * Locking: None
1202 */
1203static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1204{
1205 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1206 return sprintf(p, "%s", driver->name);
1207 else
1208 return sprintf(p, "%s%d", driver->name,
1209 index + driver->name_base);
1210}
1211
1212/**
1213 * tty_driver_lookup_tty() - find an existing tty, if any
1214 * @driver: the driver for the tty
1215 * @file: file object
1216 * @idx: the minor number
1217 *
1218 * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1219 * driver lookup() method returns an error.
1220 *
1221 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1222 */
1223static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1224 struct file *file, int idx)
1225{
1226 struct tty_struct *tty;
1227
1228 if (driver->ops->lookup) {
1229 if (!file)
1230 tty = ERR_PTR(-EIO);
1231 else
1232 tty = driver->ops->lookup(driver, file, idx);
1233 } else {
1234 if (idx >= driver->num)
1235 return ERR_PTR(-EINVAL);
1236 tty = driver->ttys[idx];
1237 }
1238 if (!IS_ERR(tty))
1239 tty_kref_get(tty);
1240 return tty;
1241}
1242
1243/**
1244 * tty_init_termios - helper for termios setup
1245 * @tty: the tty to set up
1246 *
1247 * Initialise the termios structure for this tty. This runs under the
1248 * %tty_mutex currently so we can be relaxed about ordering.
1249 */
1250void tty_init_termios(struct tty_struct *tty)
1251{
1252 struct ktermios *tp;
1253 int idx = tty->index;
1254
1255 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1256 tty->termios = tty->driver->init_termios;
1257 else {
1258 /* Check for lazy saved data */
1259 tp = tty->driver->termios[idx];
1260 if (tp != NULL) {
1261 tty->termios = *tp;
1262 tty->termios.c_line = tty->driver->init_termios.c_line;
1263 } else
1264 tty->termios = tty->driver->init_termios;
1265 }
1266 /* Compatibility until drivers always set this */
1267 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1268 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1269}
1270EXPORT_SYMBOL_GPL(tty_init_termios);
1271
1272/**
1273 * tty_standard_install - usual tty->ops->install
1274 * @driver: the driver for the tty
1275 * @tty: the tty
1276 *
1277 * If the @driver overrides @tty->ops->install, it still can call this function
1278 * to perform the standard install operations.
1279 */
1280int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1281{
1282 tty_init_termios(tty);
1283 tty_driver_kref_get(driver);
1284 tty->count++;
1285 driver->ttys[tty->index] = tty;
1286 return 0;
1287}
1288EXPORT_SYMBOL_GPL(tty_standard_install);
1289
1290/**
1291 * tty_driver_install_tty() - install a tty entry in the driver
1292 * @driver: the driver for the tty
1293 * @tty: the tty
1294 *
1295 * Install a tty object into the driver tables. The @tty->index field will be
1296 * set by the time this is called. This method is responsible for ensuring any
1297 * need additional structures are allocated and configured.
1298 *
1299 * Locking: tty_mutex for now
1300 */
1301static int tty_driver_install_tty(struct tty_driver *driver,
1302 struct tty_struct *tty)
1303{
1304 return driver->ops->install ? driver->ops->install(driver, tty) :
1305 tty_standard_install(driver, tty);
1306}
1307
1308/**
1309 * tty_driver_remove_tty() - remove a tty from the driver tables
1310 * @driver: the driver for the tty
1311 * @tty: tty to remove
1312 *
1313 * Remove a tty object from the driver tables. The tty->index field will be set
1314 * by the time this is called.
1315 *
1316 * Locking: tty_mutex for now
1317 */
1318static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1319{
1320 if (driver->ops->remove)
1321 driver->ops->remove(driver, tty);
1322 else
1323 driver->ttys[tty->index] = NULL;
1324}
1325
1326/**
1327 * tty_reopen() - fast re-open of an open tty
1328 * @tty: the tty to open
1329 *
1330 * Re-opens on master ptys are not allowed and return -%EIO.
1331 *
1332 * Locking: Caller must hold tty_lock
1333 * Return: 0 on success, -errno on error.
1334 */
1335static int tty_reopen(struct tty_struct *tty)
1336{
1337 struct tty_driver *driver = tty->driver;
1338 struct tty_ldisc *ld;
1339 int retval = 0;
1340
1341 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1342 driver->subtype == PTY_TYPE_MASTER)
1343 return -EIO;
1344
1345 if (!tty->count)
1346 return -EAGAIN;
1347
1348 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1349 return -EBUSY;
1350
1351 ld = tty_ldisc_ref_wait(tty);
1352 if (ld) {
1353 tty_ldisc_deref(ld);
1354 } else {
1355 retval = tty_ldisc_lock(tty, 5 * HZ);
1356 if (retval)
1357 return retval;
1358
1359 if (!tty->ldisc)
1360 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1361 tty_ldisc_unlock(tty);
1362 }
1363
1364 if (retval == 0)
1365 tty->count++;
1366
1367 return retval;
1368}
1369
1370/**
1371 * tty_init_dev - initialise a tty device
1372 * @driver: tty driver we are opening a device on
1373 * @idx: device index
1374 *
1375 * Prepare a tty device. This may not be a "new" clean device but could also be
1376 * an active device. The pty drivers require special handling because of this.
1377 *
1378 * Locking:
1379 * The function is called under the tty_mutex, which protects us from the
1380 * tty struct or driver itself going away.
1381 *
1382 * On exit the tty device has the line discipline attached and a reference
1383 * count of 1. If a pair was created for pty/tty use and the other was a pty
1384 * master then it too has a reference count of 1.
1385 *
1386 * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1387 * open. The new code protects the open with a mutex, so it's really quite
1388 * straightforward. The mutex locking can probably be relaxed for the (most
1389 * common) case of reopening a tty.
1390 *
1391 * Return: new tty structure
1392 */
1393struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1394{
1395 struct tty_struct *tty;
1396 int retval;
1397
1398 /*
1399 * First time open is complex, especially for PTY devices.
1400 * This code guarantees that either everything succeeds and the
1401 * TTY is ready for operation, or else the table slots are vacated
1402 * and the allocated memory released. (Except that the termios
1403 * may be retained.)
1404 */
1405
1406 if (!try_module_get(driver->owner))
1407 return ERR_PTR(-ENODEV);
1408
1409 tty = alloc_tty_struct(driver, idx);
1410 if (!tty) {
1411 retval = -ENOMEM;
1412 goto err_module_put;
1413 }
1414
1415 tty_lock(tty);
1416 retval = tty_driver_install_tty(driver, tty);
1417 if (retval < 0)
1418 goto err_free_tty;
1419
1420 if (!tty->port)
1421 tty->port = driver->ports[idx];
1422
1423 if (WARN_RATELIMIT(!tty->port,
1424 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1425 __func__, tty->driver->name)) {
1426 retval = -EINVAL;
1427 goto err_release_lock;
1428 }
1429
1430 retval = tty_ldisc_lock(tty, 5 * HZ);
1431 if (retval)
1432 goto err_release_lock;
1433 tty->port->itty = tty;
1434
1435 /*
1436 * Structures all installed ... call the ldisc open routines.
1437 * If we fail here just call release_tty to clean up. No need
1438 * to decrement the use counts, as release_tty doesn't care.
1439 */
1440 retval = tty_ldisc_setup(tty, tty->link);
1441 if (retval)
1442 goto err_release_tty;
1443 tty_ldisc_unlock(tty);
1444 /* Return the tty locked so that it cannot vanish under the caller */
1445 return tty;
1446
1447err_free_tty:
1448 tty_unlock(tty);
1449 free_tty_struct(tty);
1450err_module_put:
1451 module_put(driver->owner);
1452 return ERR_PTR(retval);
1453
1454 /* call the tty release_tty routine to clean out this slot */
1455err_release_tty:
1456 tty_ldisc_unlock(tty);
1457 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1458 retval, idx);
1459err_release_lock:
1460 tty_unlock(tty);
1461 release_tty(tty, idx);
1462 return ERR_PTR(retval);
1463}
1464
1465/**
1466 * tty_save_termios() - save tty termios data in driver table
1467 * @tty: tty whose termios data to save
1468 *
1469 * Locking: Caller guarantees serialisation with tty_init_termios().
1470 */
1471void tty_save_termios(struct tty_struct *tty)
1472{
1473 struct ktermios *tp;
1474 int idx = tty->index;
1475
1476 /* If the port is going to reset then it has no termios to save */
1477 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1478 return;
1479
1480 /* Stash the termios data */
1481 tp = tty->driver->termios[idx];
1482 if (tp == NULL) {
1483 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1484 if (tp == NULL)
1485 return;
1486 tty->driver->termios[idx] = tp;
1487 }
1488 *tp = tty->termios;
1489}
1490EXPORT_SYMBOL_GPL(tty_save_termios);
1491
1492/**
1493 * tty_flush_works - flush all works of a tty/pty pair
1494 * @tty: tty device to flush works for (or either end of a pty pair)
1495 *
1496 * Sync flush all works belonging to @tty (and the 'other' tty).
1497 */
1498static void tty_flush_works(struct tty_struct *tty)
1499{
1500 flush_work(&tty->SAK_work);
1501 flush_work(&tty->hangup_work);
1502 if (tty->link) {
1503 flush_work(&tty->link->SAK_work);
1504 flush_work(&tty->link->hangup_work);
1505 }
1506}
1507
1508/**
1509 * release_one_tty - release tty structure memory
1510 * @work: work of tty we are obliterating
1511 *
1512 * Releases memory associated with a tty structure, and clears out the
1513 * driver table slots. This function is called when a device is no longer
1514 * in use. It also gets called when setup of a device fails.
1515 *
1516 * Locking:
1517 * takes the file list lock internally when working on the list of ttys
1518 * that the driver keeps.
1519 *
1520 * This method gets called from a work queue so that the driver private
1521 * cleanup ops can sleep (needed for USB at least)
1522 */
1523static void release_one_tty(struct work_struct *work)
1524{
1525 struct tty_struct *tty =
1526 container_of(work, struct tty_struct, hangup_work);
1527 struct tty_driver *driver = tty->driver;
1528 struct module *owner = driver->owner;
1529
1530 if (tty->ops->cleanup)
1531 tty->ops->cleanup(tty);
1532
1533 tty_driver_kref_put(driver);
1534 module_put(owner);
1535
1536 spin_lock(&tty->files_lock);
1537 list_del_init(&tty->tty_files);
1538 spin_unlock(&tty->files_lock);
1539
1540 put_pid(tty->ctrl.pgrp);
1541 put_pid(tty->ctrl.session);
1542 free_tty_struct(tty);
1543}
1544
1545static void queue_release_one_tty(struct kref *kref)
1546{
1547 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1548
1549 /* The hangup queue is now free so we can reuse it rather than
1550 * waste a chunk of memory for each port.
1551 */
1552 INIT_WORK(&tty->hangup_work, release_one_tty);
1553 schedule_work(&tty->hangup_work);
1554}
1555
1556/**
1557 * tty_kref_put - release a tty kref
1558 * @tty: tty device
1559 *
1560 * Release a reference to the @tty device and if need be let the kref layer
1561 * destruct the object for us.
1562 */
1563void tty_kref_put(struct tty_struct *tty)
1564{
1565 if (tty)
1566 kref_put(&tty->kref, queue_release_one_tty);
1567}
1568EXPORT_SYMBOL(tty_kref_put);
1569
1570/**
1571 * release_tty - release tty structure memory
1572 * @tty: tty device release
1573 * @idx: index of the tty device release
1574 *
1575 * Release both @tty and a possible linked partner (think pty pair),
1576 * and decrement the refcount of the backing module.
1577 *
1578 * Locking:
1579 * tty_mutex
1580 * takes the file list lock internally when working on the list of ttys
1581 * that the driver keeps.
1582 */
1583static void release_tty(struct tty_struct *tty, int idx)
1584{
1585 /* This should always be true but check for the moment */
1586 WARN_ON(tty->index != idx);
1587 WARN_ON(!mutex_is_locked(&tty_mutex));
1588 if (tty->ops->shutdown)
1589 tty->ops->shutdown(tty);
1590 tty_save_termios(tty);
1591 tty_driver_remove_tty(tty->driver, tty);
1592 if (tty->port)
1593 tty->port->itty = NULL;
1594 if (tty->link)
1595 tty->link->port->itty = NULL;
1596 if (tty->port)
1597 tty_buffer_cancel_work(tty->port);
1598 if (tty->link)
1599 tty_buffer_cancel_work(tty->link->port);
1600
1601 tty_kref_put(tty->link);
1602 tty_kref_put(tty);
1603}
1604
1605/**
1606 * tty_release_checks - check a tty before real release
1607 * @tty: tty to check
1608 * @idx: index of the tty
1609 *
1610 * Performs some paranoid checking before true release of the @tty. This is a
1611 * no-op unless %TTY_PARANOIA_CHECK is defined.
1612 */
1613static int tty_release_checks(struct tty_struct *tty, int idx)
1614{
1615#ifdef TTY_PARANOIA_CHECK
1616 if (idx < 0 || idx >= tty->driver->num) {
1617 tty_debug(tty, "bad idx %d\n", idx);
1618 return -1;
1619 }
1620
1621 /* not much to check for devpts */
1622 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1623 return 0;
1624
1625 if (tty != tty->driver->ttys[idx]) {
1626 tty_debug(tty, "bad driver table[%d] = %p\n",
1627 idx, tty->driver->ttys[idx]);
1628 return -1;
1629 }
1630 if (tty->driver->other) {
1631 struct tty_struct *o_tty = tty->link;
1632
1633 if (o_tty != tty->driver->other->ttys[idx]) {
1634 tty_debug(tty, "bad other table[%d] = %p\n",
1635 idx, tty->driver->other->ttys[idx]);
1636 return -1;
1637 }
1638 if (o_tty->link != tty) {
1639 tty_debug(tty, "bad link = %p\n", o_tty->link);
1640 return -1;
1641 }
1642 }
1643#endif
1644 return 0;
1645}
1646
1647/**
1648 * tty_kclose - closes tty opened by tty_kopen
1649 * @tty: tty device
1650 *
1651 * Performs the final steps to release and free a tty device. It is the same as
1652 * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1653 * @tty->port.
1654 */
1655void tty_kclose(struct tty_struct *tty)
1656{
1657 /*
1658 * Ask the line discipline code to release its structures
1659 */
1660 tty_ldisc_release(tty);
1661
1662 /* Wait for pending work before tty destruction commences */
1663 tty_flush_works(tty);
1664
1665 tty_debug_hangup(tty, "freeing structure\n");
1666 /*
1667 * The release_tty function takes care of the details of clearing
1668 * the slots and preserving the termios structure.
1669 */
1670 mutex_lock(&tty_mutex);
1671 tty_port_set_kopened(tty->port, 0);
1672 release_tty(tty, tty->index);
1673 mutex_unlock(&tty_mutex);
1674}
1675EXPORT_SYMBOL_GPL(tty_kclose);
1676
1677/**
1678 * tty_release_struct - release a tty struct
1679 * @tty: tty device
1680 * @idx: index of the tty
1681 *
1682 * Performs the final steps to release and free a tty device. It is roughly the
1683 * reverse of tty_init_dev().
1684 */
1685void tty_release_struct(struct tty_struct *tty, int idx)
1686{
1687 /*
1688 * Ask the line discipline code to release its structures
1689 */
1690 tty_ldisc_release(tty);
1691
1692 /* Wait for pending work before tty destruction commmences */
1693 tty_flush_works(tty);
1694
1695 tty_debug_hangup(tty, "freeing structure\n");
1696 /*
1697 * The release_tty function takes care of the details of clearing
1698 * the slots and preserving the termios structure.
1699 */
1700 mutex_lock(&tty_mutex);
1701 release_tty(tty, idx);
1702 mutex_unlock(&tty_mutex);
1703}
1704EXPORT_SYMBOL_GPL(tty_release_struct);
1705
1706/**
1707 * tty_release - vfs callback for close
1708 * @inode: inode of tty
1709 * @filp: file pointer for handle to tty
1710 *
1711 * Called the last time each file handle is closed that references this tty.
1712 * There may however be several such references.
1713 *
1714 * Locking:
1715 * Takes BKL. See tty_release_dev().
1716 *
1717 * Even releasing the tty structures is a tricky business. We have to be very
1718 * careful that the structures are all released at the same time, as interrupts
1719 * might otherwise get the wrong pointers.
1720 *
1721 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1722 * lead to double frees or releasing memory still in use.
1723 */
1724int tty_release(struct inode *inode, struct file *filp)
1725{
1726 struct tty_struct *tty = file_tty(filp);
1727 struct tty_struct *o_tty = NULL;
1728 int do_sleep, final;
1729 int idx;
1730 long timeout = 0;
1731 int once = 1;
1732
1733 if (tty_paranoia_check(tty, inode, __func__))
1734 return 0;
1735
1736 tty_lock(tty);
1737 check_tty_count(tty, __func__);
1738
1739 __tty_fasync(-1, filp, 0);
1740
1741 idx = tty->index;
1742 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1743 tty->driver->subtype == PTY_TYPE_MASTER)
1744 o_tty = tty->link;
1745
1746 if (tty_release_checks(tty, idx)) {
1747 tty_unlock(tty);
1748 return 0;
1749 }
1750
1751 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1752
1753 if (tty->ops->close)
1754 tty->ops->close(tty, filp);
1755
1756 /* If tty is pty master, lock the slave pty (stable lock order) */
1757 tty_lock_slave(o_tty);
1758
1759 /*
1760 * Sanity check: if tty->count is going to zero, there shouldn't be
1761 * any waiters on tty->read_wait or tty->write_wait. We test the
1762 * wait queues and kick everyone out _before_ actually starting to
1763 * close. This ensures that we won't block while releasing the tty
1764 * structure.
1765 *
1766 * The test for the o_tty closing is necessary, since the master and
1767 * slave sides may close in any order. If the slave side closes out
1768 * first, its count will be one, since the master side holds an open.
1769 * Thus this test wouldn't be triggered at the time the slave closed,
1770 * so we do it now.
1771 */
1772 while (1) {
1773 do_sleep = 0;
1774
1775 if (tty->count <= 1) {
1776 if (waitqueue_active(&tty->read_wait)) {
1777 wake_up_poll(&tty->read_wait, EPOLLIN);
1778 do_sleep++;
1779 }
1780 if (waitqueue_active(&tty->write_wait)) {
1781 wake_up_poll(&tty->write_wait, EPOLLOUT);
1782 do_sleep++;
1783 }
1784 }
1785 if (o_tty && o_tty->count <= 1) {
1786 if (waitqueue_active(&o_tty->read_wait)) {
1787 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1788 do_sleep++;
1789 }
1790 if (waitqueue_active(&o_tty->write_wait)) {
1791 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1792 do_sleep++;
1793 }
1794 }
1795 if (!do_sleep)
1796 break;
1797
1798 if (once) {
1799 once = 0;
1800 tty_warn(tty, "read/write wait queue active!\n");
1801 }
1802 schedule_timeout_killable(timeout);
1803 if (timeout < 120 * HZ)
1804 timeout = 2 * timeout + 1;
1805 else
1806 timeout = MAX_SCHEDULE_TIMEOUT;
1807 }
1808
1809 if (o_tty) {
1810 if (--o_tty->count < 0) {
1811 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1812 o_tty->count = 0;
1813 }
1814 }
1815 if (--tty->count < 0) {
1816 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1817 tty->count = 0;
1818 }
1819
1820 /*
1821 * We've decremented tty->count, so we need to remove this file
1822 * descriptor off the tty->tty_files list; this serves two
1823 * purposes:
1824 * - check_tty_count sees the correct number of file descriptors
1825 * associated with this tty.
1826 * - do_tty_hangup no longer sees this file descriptor as
1827 * something that needs to be handled for hangups.
1828 */
1829 tty_del_file(filp);
1830
1831 /*
1832 * Perform some housekeeping before deciding whether to return.
1833 *
1834 * If _either_ side is closing, make sure there aren't any
1835 * processes that still think tty or o_tty is their controlling
1836 * tty.
1837 */
1838 if (!tty->count) {
1839 read_lock(&tasklist_lock);
1840 session_clear_tty(tty->ctrl.session);
1841 if (o_tty)
1842 session_clear_tty(o_tty->ctrl.session);
1843 read_unlock(&tasklist_lock);
1844 }
1845
1846 /* check whether both sides are closing ... */
1847 final = !tty->count && !(o_tty && o_tty->count);
1848
1849 tty_unlock_slave(o_tty);
1850 tty_unlock(tty);
1851
1852 /* At this point, the tty->count == 0 should ensure a dead tty
1853 * cannot be re-opened by a racing opener.
1854 */
1855
1856 if (!final)
1857 return 0;
1858
1859 tty_debug_hangup(tty, "final close\n");
1860
1861 tty_release_struct(tty, idx);
1862 return 0;
1863}
1864
1865/**
1866 * tty_open_current_tty - get locked tty of current task
1867 * @device: device number
1868 * @filp: file pointer to tty
1869 * @return: locked tty of the current task iff @device is /dev/tty
1870 *
1871 * Performs a re-open of the current task's controlling tty.
1872 *
1873 * We cannot return driver and index like for the other nodes because devpts
1874 * will not work then. It expects inodes to be from devpts FS.
1875 */
1876static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1877{
1878 struct tty_struct *tty;
1879 int retval;
1880
1881 if (device != MKDEV(TTYAUX_MAJOR, 0))
1882 return NULL;
1883
1884 tty = get_current_tty();
1885 if (!tty)
1886 return ERR_PTR(-ENXIO);
1887
1888 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1889 /* noctty = 1; */
1890 tty_lock(tty);
1891 tty_kref_put(tty); /* safe to drop the kref now */
1892
1893 retval = tty_reopen(tty);
1894 if (retval < 0) {
1895 tty_unlock(tty);
1896 tty = ERR_PTR(retval);
1897 }
1898 return tty;
1899}
1900
1901/**
1902 * tty_lookup_driver - lookup a tty driver for a given device file
1903 * @device: device number
1904 * @filp: file pointer to tty
1905 * @index: index for the device in the @return driver
1906 *
1907 * If returned value is not erroneous, the caller is responsible to decrement
1908 * the refcount by tty_driver_kref_put().
1909 *
1910 * Locking: %tty_mutex protects get_tty_driver()
1911 *
1912 * Return: driver for this inode (with increased refcount)
1913 */
1914static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1915 int *index)
1916{
1917 struct tty_driver *driver = NULL;
1918
1919 switch (device) {
1920#ifdef CONFIG_VT
1921 case MKDEV(TTY_MAJOR, 0): {
1922 extern struct tty_driver *console_driver;
1923
1924 driver = tty_driver_kref_get(console_driver);
1925 *index = fg_console;
1926 break;
1927 }
1928#endif
1929 case MKDEV(TTYAUX_MAJOR, 1): {
1930 struct tty_driver *console_driver = console_device(index);
1931
1932 if (console_driver) {
1933 driver = tty_driver_kref_get(console_driver);
1934 if (driver && filp) {
1935 /* Don't let /dev/console block */
1936 filp->f_flags |= O_NONBLOCK;
1937 break;
1938 }
1939 }
1940 if (driver)
1941 tty_driver_kref_put(driver);
1942 return ERR_PTR(-ENODEV);
1943 }
1944 default:
1945 driver = get_tty_driver(device, index);
1946 if (!driver)
1947 return ERR_PTR(-ENODEV);
1948 break;
1949 }
1950 return driver;
1951}
1952
1953static struct tty_struct *tty_kopen(dev_t device, int shared)
1954{
1955 struct tty_struct *tty;
1956 struct tty_driver *driver;
1957 int index = -1;
1958
1959 mutex_lock(&tty_mutex);
1960 driver = tty_lookup_driver(device, NULL, &index);
1961 if (IS_ERR(driver)) {
1962 mutex_unlock(&tty_mutex);
1963 return ERR_CAST(driver);
1964 }
1965
1966 /* check whether we're reopening an existing tty */
1967 tty = tty_driver_lookup_tty(driver, NULL, index);
1968 if (IS_ERR(tty) || shared)
1969 goto out;
1970
1971 if (tty) {
1972 /* drop kref from tty_driver_lookup_tty() */
1973 tty_kref_put(tty);
1974 tty = ERR_PTR(-EBUSY);
1975 } else { /* tty_init_dev returns tty with the tty_lock held */
1976 tty = tty_init_dev(driver, index);
1977 if (IS_ERR(tty))
1978 goto out;
1979 tty_port_set_kopened(tty->port, 1);
1980 }
1981out:
1982 mutex_unlock(&tty_mutex);
1983 tty_driver_kref_put(driver);
1984 return tty;
1985}
1986
1987/**
1988 * tty_kopen_exclusive - open a tty device for kernel
1989 * @device: dev_t of device to open
1990 *
1991 * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
1992 * it's not already opened and performs the first-time tty initialization.
1993 *
1994 * Claims the global %tty_mutex to serialize:
1995 * * concurrent first-time tty initialization
1996 * * concurrent tty driver removal w/ lookup
1997 * * concurrent tty removal from driver table
1998 *
1999 * Return: the locked initialized &tty_struct
2000 */
2001struct tty_struct *tty_kopen_exclusive(dev_t device)
2002{
2003 return tty_kopen(device, 0);
2004}
2005EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2006
2007/**
2008 * tty_kopen_shared - open a tty device for shared in-kernel use
2009 * @device: dev_t of device to open
2010 *
2011 * Opens an already existing tty for in-kernel use. Compared to
2012 * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2013 *
2014 * Locking: identical to tty_kopen() above.
2015 */
2016struct tty_struct *tty_kopen_shared(dev_t device)
2017{
2018 return tty_kopen(device, 1);
2019}
2020EXPORT_SYMBOL_GPL(tty_kopen_shared);
2021
2022/**
2023 * tty_open_by_driver - open a tty device
2024 * @device: dev_t of device to open
2025 * @filp: file pointer to tty
2026 *
2027 * Performs the driver lookup, checks for a reopen, or otherwise performs the
2028 * first-time tty initialization.
2029 *
2030 *
2031 * Claims the global tty_mutex to serialize:
2032 * * concurrent first-time tty initialization
2033 * * concurrent tty driver removal w/ lookup
2034 * * concurrent tty removal from driver table
2035 *
2036 * Return: the locked initialized or re-opened &tty_struct
2037 */
2038static struct tty_struct *tty_open_by_driver(dev_t device,
2039 struct file *filp)
2040{
2041 struct tty_struct *tty;
2042 struct tty_driver *driver = NULL;
2043 int index = -1;
2044 int retval;
2045
2046 mutex_lock(&tty_mutex);
2047 driver = tty_lookup_driver(device, filp, &index);
2048 if (IS_ERR(driver)) {
2049 mutex_unlock(&tty_mutex);
2050 return ERR_CAST(driver);
2051 }
2052
2053 /* check whether we're reopening an existing tty */
2054 tty = tty_driver_lookup_tty(driver, filp, index);
2055 if (IS_ERR(tty)) {
2056 mutex_unlock(&tty_mutex);
2057 goto out;
2058 }
2059
2060 if (tty) {
2061 if (tty_port_kopened(tty->port)) {
2062 tty_kref_put(tty);
2063 mutex_unlock(&tty_mutex);
2064 tty = ERR_PTR(-EBUSY);
2065 goto out;
2066 }
2067 mutex_unlock(&tty_mutex);
2068 retval = tty_lock_interruptible(tty);
2069 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2070 if (retval) {
2071 if (retval == -EINTR)
2072 retval = -ERESTARTSYS;
2073 tty = ERR_PTR(retval);
2074 goto out;
2075 }
2076 retval = tty_reopen(tty);
2077 if (retval < 0) {
2078 tty_unlock(tty);
2079 tty = ERR_PTR(retval);
2080 }
2081 } else { /* Returns with the tty_lock held for now */
2082 tty = tty_init_dev(driver, index);
2083 mutex_unlock(&tty_mutex);
2084 }
2085out:
2086 tty_driver_kref_put(driver);
2087 return tty;
2088}
2089
2090/**
2091 * tty_open - open a tty device
2092 * @inode: inode of device file
2093 * @filp: file pointer to tty
2094 *
2095 * tty_open() and tty_release() keep up the tty count that contains the number
2096 * of opens done on a tty. We cannot use the inode-count, as different inodes
2097 * might point to the same tty.
2098 *
2099 * Open-counting is needed for pty masters, as well as for keeping track of
2100 * serial lines: DTR is dropped when the last close happens.
2101 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2102 *
2103 * The termios state of a pty is reset on the first open so that settings don't
2104 * persist across reuse.
2105 *
2106 * Locking:
2107 * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2108 * * @tty->count should protect the rest.
2109 * * ->siglock protects ->signal/->sighand
2110 *
2111 * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2112 */
2113static int tty_open(struct inode *inode, struct file *filp)
2114{
2115 struct tty_struct *tty;
2116 int noctty, retval;
2117 dev_t device = inode->i_rdev;
2118 unsigned saved_flags = filp->f_flags;
2119
2120 nonseekable_open(inode, filp);
2121
2122retry_open:
2123 retval = tty_alloc_file(filp);
2124 if (retval)
2125 return -ENOMEM;
2126
2127 tty = tty_open_current_tty(device, filp);
2128 if (!tty)
2129 tty = tty_open_by_driver(device, filp);
2130
2131 if (IS_ERR(tty)) {
2132 tty_free_file(filp);
2133 retval = PTR_ERR(tty);
2134 if (retval != -EAGAIN || signal_pending(current))
2135 return retval;
2136 schedule();
2137 goto retry_open;
2138 }
2139
2140 tty_add_file(tty, filp);
2141
2142 check_tty_count(tty, __func__);
2143 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2144
2145 if (tty->ops->open)
2146 retval = tty->ops->open(tty, filp);
2147 else
2148 retval = -ENODEV;
2149 filp->f_flags = saved_flags;
2150
2151 if (retval) {
2152 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2153
2154 tty_unlock(tty); /* need to call tty_release without BTM */
2155 tty_release(inode, filp);
2156 if (retval != -ERESTARTSYS)
2157 return retval;
2158
2159 if (signal_pending(current))
2160 return retval;
2161
2162 schedule();
2163 /*
2164 * Need to reset f_op in case a hangup happened.
2165 */
2166 if (tty_hung_up_p(filp))
2167 filp->f_op = &tty_fops;
2168 goto retry_open;
2169 }
2170 clear_bit(TTY_HUPPED, &tty->flags);
2171
2172 noctty = (filp->f_flags & O_NOCTTY) ||
2173 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2174 device == MKDEV(TTYAUX_MAJOR, 1) ||
2175 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2176 tty->driver->subtype == PTY_TYPE_MASTER);
2177 if (!noctty)
2178 tty_open_proc_set_tty(filp, tty);
2179 tty_unlock(tty);
2180 return 0;
2181}
2182
2183
2184/**
2185 * tty_poll - check tty status
2186 * @filp: file being polled
2187 * @wait: poll wait structures to update
2188 *
2189 * Call the line discipline polling method to obtain the poll status of the
2190 * device.
2191 *
2192 * Locking: locks called line discipline but ldisc poll method may be
2193 * re-entered freely by other callers.
2194 */
2195static __poll_t tty_poll(struct file *filp, poll_table *wait)
2196{
2197 struct tty_struct *tty = file_tty(filp);
2198 struct tty_ldisc *ld;
2199 __poll_t ret = 0;
2200
2201 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2202 return 0;
2203
2204 ld = tty_ldisc_ref_wait(tty);
2205 if (!ld)
2206 return hung_up_tty_poll(filp, wait);
2207 if (ld->ops->poll)
2208 ret = ld->ops->poll(tty, filp, wait);
2209 tty_ldisc_deref(ld);
2210 return ret;
2211}
2212
2213static int __tty_fasync(int fd, struct file *filp, int on)
2214{
2215 struct tty_struct *tty = file_tty(filp);
2216 unsigned long flags;
2217 int retval = 0;
2218
2219 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2220 goto out;
2221
2222 if (on) {
2223 retval = file_f_owner_allocate(filp);
2224 if (retval)
2225 goto out;
2226 }
2227
2228 retval = fasync_helper(fd, filp, on, &tty->fasync);
2229 if (retval <= 0)
2230 goto out;
2231
2232 if (on) {
2233 enum pid_type type;
2234 struct pid *pid;
2235
2236 spin_lock_irqsave(&tty->ctrl.lock, flags);
2237 if (tty->ctrl.pgrp) {
2238 pid = tty->ctrl.pgrp;
2239 type = PIDTYPE_PGID;
2240 } else {
2241 pid = task_pid(current);
2242 type = PIDTYPE_TGID;
2243 }
2244 get_pid(pid);
2245 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2246 __f_setown(filp, pid, type, 0);
2247 put_pid(pid);
2248 retval = 0;
2249 }
2250out:
2251 return retval;
2252}
2253
2254static int tty_fasync(int fd, struct file *filp, int on)
2255{
2256 struct tty_struct *tty = file_tty(filp);
2257 int retval = -ENOTTY;
2258
2259 tty_lock(tty);
2260 if (!tty_hung_up_p(filp))
2261 retval = __tty_fasync(fd, filp, on);
2262 tty_unlock(tty);
2263
2264 return retval;
2265}
2266
2267static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
2268/**
2269 * tiocsti - fake input character
2270 * @tty: tty to fake input into
2271 * @p: pointer to character
2272 *
2273 * Fake input to a tty device. Does the necessary locking and input management.
2274 *
2275 * FIXME: does not honour flow control ??
2276 *
2277 * Locking:
2278 * * Called functions take tty_ldiscs_lock
2279 * * current->signal->tty check is safe without locks
2280 */
2281static int tiocsti(struct tty_struct *tty, u8 __user *p)
2282{
2283 struct tty_ldisc *ld;
2284 u8 ch;
2285
2286 if (!tty_legacy_tiocsti && !capable(CAP_SYS_ADMIN))
2287 return -EIO;
2288
2289 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2290 return -EPERM;
2291 if (get_user(ch, p))
2292 return -EFAULT;
2293 tty_audit_tiocsti(tty, ch);
2294 ld = tty_ldisc_ref_wait(tty);
2295 if (!ld)
2296 return -EIO;
2297 tty_buffer_lock_exclusive(tty->port);
2298 if (ld->ops->receive_buf)
2299 ld->ops->receive_buf(tty, &ch, NULL, 1);
2300 tty_buffer_unlock_exclusive(tty->port);
2301 tty_ldisc_deref(ld);
2302 return 0;
2303}
2304
2305/**
2306 * tiocgwinsz - implement window query ioctl
2307 * @tty: tty
2308 * @arg: user buffer for result
2309 *
2310 * Copies the kernel idea of the window size into the user buffer.
2311 *
2312 * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2313 * consistent.
2314 */
2315static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2316{
2317 int err;
2318
2319 mutex_lock(&tty->winsize_mutex);
2320 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2321 mutex_unlock(&tty->winsize_mutex);
2322
2323 return err ? -EFAULT : 0;
2324}
2325
2326/**
2327 * tty_do_resize - resize event
2328 * @tty: tty being resized
2329 * @ws: new dimensions
2330 *
2331 * Update the termios variables and send the necessary signals to peform a
2332 * terminal resize correctly.
2333 */
2334int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2335{
2336 struct pid *pgrp;
2337
2338 /* Lock the tty */
2339 mutex_lock(&tty->winsize_mutex);
2340 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2341 goto done;
2342
2343 /* Signal the foreground process group */
2344 pgrp = tty_get_pgrp(tty);
2345 if (pgrp)
2346 kill_pgrp(pgrp, SIGWINCH, 1);
2347 put_pid(pgrp);
2348
2349 tty->winsize = *ws;
2350done:
2351 mutex_unlock(&tty->winsize_mutex);
2352 return 0;
2353}
2354EXPORT_SYMBOL(tty_do_resize);
2355
2356/**
2357 * tiocswinsz - implement window size set ioctl
2358 * @tty: tty side of tty
2359 * @arg: user buffer for result
2360 *
2361 * Copies the user idea of the window size to the kernel. Traditionally this is
2362 * just advisory information but for the Linux console it actually has driver
2363 * level meaning and triggers a VC resize.
2364 *
2365 * Locking:
2366 * Driver dependent. The default do_resize method takes the tty termios
2367 * mutex and ctrl.lock. The console takes its own lock then calls into the
2368 * default method.
2369 */
2370static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2371{
2372 struct winsize tmp_ws;
2373
2374 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2375 return -EFAULT;
2376
2377 if (tty->ops->resize)
2378 return tty->ops->resize(tty, &tmp_ws);
2379 else
2380 return tty_do_resize(tty, &tmp_ws);
2381}
2382
2383/**
2384 * tioccons - allow admin to move logical console
2385 * @file: the file to become console
2386 *
2387 * Allow the administrator to move the redirected console device.
2388 *
2389 * Locking: uses redirect_lock to guard the redirect information
2390 */
2391static int tioccons(struct file *file)
2392{
2393 if (!capable(CAP_SYS_ADMIN))
2394 return -EPERM;
2395 if (file->f_op->write_iter == redirected_tty_write) {
2396 struct file *f;
2397
2398 spin_lock(&redirect_lock);
2399 f = redirect;
2400 redirect = NULL;
2401 spin_unlock(&redirect_lock);
2402 if (f)
2403 fput(f);
2404 return 0;
2405 }
2406 if (file->f_op->write_iter != tty_write)
2407 return -ENOTTY;
2408 if (!(file->f_mode & FMODE_WRITE))
2409 return -EBADF;
2410 if (!(file->f_mode & FMODE_CAN_WRITE))
2411 return -EINVAL;
2412 spin_lock(&redirect_lock);
2413 if (redirect) {
2414 spin_unlock(&redirect_lock);
2415 return -EBUSY;
2416 }
2417 redirect = get_file(file);
2418 spin_unlock(&redirect_lock);
2419 return 0;
2420}
2421
2422/**
2423 * tiocsetd - set line discipline
2424 * @tty: tty device
2425 * @p: pointer to user data
2426 *
2427 * Set the line discipline according to user request.
2428 *
2429 * Locking: see tty_set_ldisc(), this function is just a helper
2430 */
2431static int tiocsetd(struct tty_struct *tty, int __user *p)
2432{
2433 int disc;
2434 int ret;
2435
2436 if (get_user(disc, p))
2437 return -EFAULT;
2438
2439 ret = tty_set_ldisc(tty, disc);
2440
2441 return ret;
2442}
2443
2444/**
2445 * tiocgetd - get line discipline
2446 * @tty: tty device
2447 * @p: pointer to user data
2448 *
2449 * Retrieves the line discipline id directly from the ldisc.
2450 *
2451 * Locking: waits for ldisc reference (in case the line discipline is changing
2452 * or the @tty is being hungup)
2453 */
2454static int tiocgetd(struct tty_struct *tty, int __user *p)
2455{
2456 struct tty_ldisc *ld;
2457 int ret;
2458
2459 ld = tty_ldisc_ref_wait(tty);
2460 if (!ld)
2461 return -EIO;
2462 ret = put_user(ld->ops->num, p);
2463 tty_ldisc_deref(ld);
2464 return ret;
2465}
2466
2467/**
2468 * send_break - performed time break
2469 * @tty: device to break on
2470 * @duration: timeout in mS
2471 *
2472 * Perform a timed break on hardware that lacks its own driver level timed
2473 * break functionality.
2474 *
2475 * Locking:
2476 * @tty->atomic_write_lock serializes
2477 */
2478static int send_break(struct tty_struct *tty, unsigned int duration)
2479{
2480 int retval;
2481
2482 if (tty->ops->break_ctl == NULL)
2483 return 0;
2484
2485 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2486 return tty->ops->break_ctl(tty, duration);
2487
2488 /* Do the work ourselves */
2489 if (tty_write_lock(tty, false) < 0)
2490 return -EINTR;
2491
2492 retval = tty->ops->break_ctl(tty, -1);
2493 if (!retval) {
2494 msleep_interruptible(duration);
2495 retval = tty->ops->break_ctl(tty, 0);
2496 } else if (retval == -EOPNOTSUPP) {
2497 /* some drivers can tell only dynamically */
2498 retval = 0;
2499 }
2500 tty_write_unlock(tty);
2501
2502 if (signal_pending(current))
2503 retval = -EINTR;
2504
2505 return retval;
2506}
2507
2508/**
2509 * tty_get_tiocm - get tiocm status register
2510 * @tty: tty device
2511 *
2512 * Obtain the modem status bits from the tty driver if the feature
2513 * is supported.
2514 */
2515int tty_get_tiocm(struct tty_struct *tty)
2516{
2517 int retval = -ENOTTY;
2518
2519 if (tty->ops->tiocmget)
2520 retval = tty->ops->tiocmget(tty);
2521
2522 return retval;
2523}
2524EXPORT_SYMBOL_GPL(tty_get_tiocm);
2525
2526/**
2527 * tty_tiocmget - get modem status
2528 * @tty: tty device
2529 * @p: pointer to result
2530 *
2531 * Obtain the modem status bits from the tty driver if the feature is
2532 * supported. Return -%ENOTTY if it is not available.
2533 *
2534 * Locking: none (up to the driver)
2535 */
2536static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2537{
2538 int retval;
2539
2540 retval = tty_get_tiocm(tty);
2541 if (retval >= 0)
2542 retval = put_user(retval, p);
2543
2544 return retval;
2545}
2546
2547/**
2548 * tty_tiocmset - set modem status
2549 * @tty: tty device
2550 * @cmd: command - clear bits, set bits or set all
2551 * @p: pointer to desired bits
2552 *
2553 * Set the modem status bits from the tty driver if the feature
2554 * is supported. Return -%ENOTTY if it is not available.
2555 *
2556 * Locking: none (up to the driver)
2557 */
2558static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2559 unsigned __user *p)
2560{
2561 int retval;
2562 unsigned int set, clear, val;
2563
2564 if (tty->ops->tiocmset == NULL)
2565 return -ENOTTY;
2566
2567 retval = get_user(val, p);
2568 if (retval)
2569 return retval;
2570 set = clear = 0;
2571 switch (cmd) {
2572 case TIOCMBIS:
2573 set = val;
2574 break;
2575 case TIOCMBIC:
2576 clear = val;
2577 break;
2578 case TIOCMSET:
2579 set = val;
2580 clear = ~val;
2581 break;
2582 }
2583 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2584 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2585 return tty->ops->tiocmset(tty, set, clear);
2586}
2587
2588/**
2589 * tty_get_icount - get tty statistics
2590 * @tty: tty device
2591 * @icount: output parameter
2592 *
2593 * Gets a copy of the @tty's icount statistics.
2594 *
2595 * Locking: none (up to the driver)
2596 */
2597int tty_get_icount(struct tty_struct *tty,
2598 struct serial_icounter_struct *icount)
2599{
2600 memset(icount, 0, sizeof(*icount));
2601
2602 if (tty->ops->get_icount)
2603 return tty->ops->get_icount(tty, icount);
2604 else
2605 return -ENOTTY;
2606}
2607EXPORT_SYMBOL_GPL(tty_get_icount);
2608
2609static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2610{
2611 struct serial_icounter_struct icount;
2612 int retval;
2613
2614 retval = tty_get_icount(tty, &icount);
2615 if (retval != 0)
2616 return retval;
2617
2618 if (copy_to_user(arg, &icount, sizeof(icount)))
2619 return -EFAULT;
2620 return 0;
2621}
2622
2623static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2624{
2625 char comm[TASK_COMM_LEN];
2626 int flags;
2627
2628 flags = ss->flags & ASYNC_DEPRECATED;
2629
2630 if (flags)
2631 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2632 __func__, get_task_comm(comm, current), flags);
2633
2634 if (!tty->ops->set_serial)
2635 return -ENOTTY;
2636
2637 return tty->ops->set_serial(tty, ss);
2638}
2639
2640static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2641{
2642 struct serial_struct v;
2643
2644 if (copy_from_user(&v, ss, sizeof(*ss)))
2645 return -EFAULT;
2646
2647 return tty_set_serial(tty, &v);
2648}
2649
2650static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2651{
2652 struct serial_struct v;
2653 int err;
2654
2655 memset(&v, 0, sizeof(v));
2656 if (!tty->ops->get_serial)
2657 return -ENOTTY;
2658 err = tty->ops->get_serial(tty, &v);
2659 if (!err && copy_to_user(ss, &v, sizeof(v)))
2660 err = -EFAULT;
2661 return err;
2662}
2663
2664/*
2665 * if pty, return the slave side (real_tty)
2666 * otherwise, return self
2667 */
2668static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2669{
2670 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2671 tty->driver->subtype == PTY_TYPE_MASTER)
2672 tty = tty->link;
2673 return tty;
2674}
2675
2676/*
2677 * Split this up, as gcc can choke on it otherwise..
2678 */
2679long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2680{
2681 struct tty_struct *tty = file_tty(file);
2682 struct tty_struct *real_tty;
2683 void __user *p = (void __user *)arg;
2684 int retval;
2685 struct tty_ldisc *ld;
2686
2687 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2688 return -EINVAL;
2689
2690 real_tty = tty_pair_get_tty(tty);
2691
2692 /*
2693 * Factor out some common prep work
2694 */
2695 switch (cmd) {
2696 case TIOCSETD:
2697 case TIOCSBRK:
2698 case TIOCCBRK:
2699 case TCSBRK:
2700 case TCSBRKP:
2701 retval = tty_check_change(tty);
2702 if (retval)
2703 return retval;
2704 if (cmd != TIOCCBRK) {
2705 tty_wait_until_sent(tty, 0);
2706 if (signal_pending(current))
2707 return -EINTR;
2708 }
2709 break;
2710 }
2711
2712 /*
2713 * Now do the stuff.
2714 */
2715 switch (cmd) {
2716 case TIOCSTI:
2717 return tiocsti(tty, p);
2718 case TIOCGWINSZ:
2719 return tiocgwinsz(real_tty, p);
2720 case TIOCSWINSZ:
2721 return tiocswinsz(real_tty, p);
2722 case TIOCCONS:
2723 return real_tty != tty ? -EINVAL : tioccons(file);
2724 case TIOCEXCL:
2725 set_bit(TTY_EXCLUSIVE, &tty->flags);
2726 return 0;
2727 case TIOCNXCL:
2728 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2729 return 0;
2730 case TIOCGEXCL:
2731 {
2732 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2733
2734 return put_user(excl, (int __user *)p);
2735 }
2736 case TIOCGETD:
2737 return tiocgetd(tty, p);
2738 case TIOCSETD:
2739 return tiocsetd(tty, p);
2740 case TIOCVHANGUP:
2741 if (!capable(CAP_SYS_ADMIN))
2742 return -EPERM;
2743 tty_vhangup(tty);
2744 return 0;
2745 case TIOCGDEV:
2746 {
2747 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2748
2749 return put_user(ret, (unsigned int __user *)p);
2750 }
2751 /*
2752 * Break handling
2753 */
2754 case TIOCSBRK: /* Turn break on, unconditionally */
2755 if (tty->ops->break_ctl)
2756 return tty->ops->break_ctl(tty, -1);
2757 return 0;
2758 case TIOCCBRK: /* Turn break off, unconditionally */
2759 if (tty->ops->break_ctl)
2760 return tty->ops->break_ctl(tty, 0);
2761 return 0;
2762 case TCSBRK: /* SVID version: non-zero arg --> no break */
2763 /* non-zero arg means wait for all output data
2764 * to be sent (performed above) but don't send break.
2765 * This is used by the tcdrain() termios function.
2766 */
2767 if (!arg)
2768 return send_break(tty, 250);
2769 return 0;
2770 case TCSBRKP: /* support for POSIX tcsendbreak() */
2771 return send_break(tty, arg ? arg*100 : 250);
2772
2773 case TIOCMGET:
2774 return tty_tiocmget(tty, p);
2775 case TIOCMSET:
2776 case TIOCMBIC:
2777 case TIOCMBIS:
2778 return tty_tiocmset(tty, cmd, p);
2779 case TIOCGICOUNT:
2780 return tty_tiocgicount(tty, p);
2781 case TCFLSH:
2782 switch (arg) {
2783 case TCIFLUSH:
2784 case TCIOFLUSH:
2785 /* flush tty buffer and allow ldisc to process ioctl */
2786 tty_buffer_flush(tty, NULL);
2787 break;
2788 }
2789 break;
2790 case TIOCSSERIAL:
2791 return tty_tiocsserial(tty, p);
2792 case TIOCGSERIAL:
2793 return tty_tiocgserial(tty, p);
2794 case TIOCGPTPEER:
2795 /* Special because the struct file is needed */
2796 return ptm_open_peer(file, tty, (int)arg);
2797 default:
2798 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2799 if (retval != -ENOIOCTLCMD)
2800 return retval;
2801 }
2802 if (tty->ops->ioctl) {
2803 retval = tty->ops->ioctl(tty, cmd, arg);
2804 if (retval != -ENOIOCTLCMD)
2805 return retval;
2806 }
2807 ld = tty_ldisc_ref_wait(tty);
2808 if (!ld)
2809 return hung_up_tty_ioctl(file, cmd, arg);
2810 retval = -EINVAL;
2811 if (ld->ops->ioctl) {
2812 retval = ld->ops->ioctl(tty, cmd, arg);
2813 if (retval == -ENOIOCTLCMD)
2814 retval = -ENOTTY;
2815 }
2816 tty_ldisc_deref(ld);
2817 return retval;
2818}
2819
2820#ifdef CONFIG_COMPAT
2821
2822struct serial_struct32 {
2823 compat_int_t type;
2824 compat_int_t line;
2825 compat_uint_t port;
2826 compat_int_t irq;
2827 compat_int_t flags;
2828 compat_int_t xmit_fifo_size;
2829 compat_int_t custom_divisor;
2830 compat_int_t baud_base;
2831 unsigned short close_delay;
2832 char io_type;
2833 char reserved_char;
2834 compat_int_t hub6;
2835 unsigned short closing_wait; /* time to wait before closing */
2836 unsigned short closing_wait2; /* no longer used... */
2837 compat_uint_t iomem_base;
2838 unsigned short iomem_reg_shift;
2839 unsigned int port_high;
2840 /* compat_ulong_t iomap_base FIXME */
2841 compat_int_t reserved;
2842};
2843
2844static int compat_tty_tiocsserial(struct tty_struct *tty,
2845 struct serial_struct32 __user *ss)
2846{
2847 struct serial_struct32 v32;
2848 struct serial_struct v;
2849
2850 if (copy_from_user(&v32, ss, sizeof(*ss)))
2851 return -EFAULT;
2852
2853 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2854 v.iomem_base = compat_ptr(v32.iomem_base);
2855 v.iomem_reg_shift = v32.iomem_reg_shift;
2856 v.port_high = v32.port_high;
2857 v.iomap_base = 0;
2858
2859 return tty_set_serial(tty, &v);
2860}
2861
2862static int compat_tty_tiocgserial(struct tty_struct *tty,
2863 struct serial_struct32 __user *ss)
2864{
2865 struct serial_struct32 v32;
2866 struct serial_struct v;
2867 int err;
2868
2869 memset(&v, 0, sizeof(v));
2870 memset(&v32, 0, sizeof(v32));
2871
2872 if (!tty->ops->get_serial)
2873 return -ENOTTY;
2874 err = tty->ops->get_serial(tty, &v);
2875 if (!err) {
2876 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2877 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2878 0xfffffff : ptr_to_compat(v.iomem_base);
2879 v32.iomem_reg_shift = v.iomem_reg_shift;
2880 v32.port_high = v.port_high;
2881 if (copy_to_user(ss, &v32, sizeof(v32)))
2882 err = -EFAULT;
2883 }
2884 return err;
2885}
2886static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2887 unsigned long arg)
2888{
2889 struct tty_struct *tty = file_tty(file);
2890 struct tty_ldisc *ld;
2891 int retval = -ENOIOCTLCMD;
2892
2893 switch (cmd) {
2894 case TIOCOUTQ:
2895 case TIOCSTI:
2896 case TIOCGWINSZ:
2897 case TIOCSWINSZ:
2898 case TIOCGEXCL:
2899 case TIOCGETD:
2900 case TIOCSETD:
2901 case TIOCGDEV:
2902 case TIOCMGET:
2903 case TIOCMSET:
2904 case TIOCMBIC:
2905 case TIOCMBIS:
2906 case TIOCGICOUNT:
2907 case TIOCGPGRP:
2908 case TIOCSPGRP:
2909 case TIOCGSID:
2910 case TIOCSERGETLSR:
2911 case TIOCGRS485:
2912 case TIOCSRS485:
2913#ifdef TIOCGETP
2914 case TIOCGETP:
2915 case TIOCSETP:
2916 case TIOCSETN:
2917#endif
2918#ifdef TIOCGETC
2919 case TIOCGETC:
2920 case TIOCSETC:
2921#endif
2922#ifdef TIOCGLTC
2923 case TIOCGLTC:
2924 case TIOCSLTC:
2925#endif
2926 case TCSETSF:
2927 case TCSETSW:
2928 case TCSETS:
2929 case TCGETS:
2930#ifdef TCGETS2
2931 case TCGETS2:
2932 case TCSETSF2:
2933 case TCSETSW2:
2934 case TCSETS2:
2935#endif
2936 case TCGETA:
2937 case TCSETAF:
2938 case TCSETAW:
2939 case TCSETA:
2940 case TIOCGLCKTRMIOS:
2941 case TIOCSLCKTRMIOS:
2942#ifdef TCGETX
2943 case TCGETX:
2944 case TCSETX:
2945 case TCSETXW:
2946 case TCSETXF:
2947#endif
2948 case TIOCGSOFTCAR:
2949 case TIOCSSOFTCAR:
2950
2951 case PPPIOCGCHAN:
2952 case PPPIOCGUNIT:
2953 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2954 case TIOCCONS:
2955 case TIOCEXCL:
2956 case TIOCNXCL:
2957 case TIOCVHANGUP:
2958 case TIOCSBRK:
2959 case TIOCCBRK:
2960 case TCSBRK:
2961 case TCSBRKP:
2962 case TCFLSH:
2963 case TIOCGPTPEER:
2964 case TIOCNOTTY:
2965 case TIOCSCTTY:
2966 case TCXONC:
2967 case TIOCMIWAIT:
2968 case TIOCSERCONFIG:
2969 return tty_ioctl(file, cmd, arg);
2970 }
2971
2972 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2973 return -EINVAL;
2974
2975 switch (cmd) {
2976 case TIOCSSERIAL:
2977 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2978 case TIOCGSERIAL:
2979 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2980 }
2981 if (tty->ops->compat_ioctl) {
2982 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2983 if (retval != -ENOIOCTLCMD)
2984 return retval;
2985 }
2986
2987 ld = tty_ldisc_ref_wait(tty);
2988 if (!ld)
2989 return hung_up_tty_compat_ioctl(file, cmd, arg);
2990 if (ld->ops->compat_ioctl)
2991 retval = ld->ops->compat_ioctl(tty, cmd, arg);
2992 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2993 retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2994 arg);
2995 tty_ldisc_deref(ld);
2996
2997 return retval;
2998}
2999#endif
3000
3001static int this_tty(const void *t, struct file *file, unsigned fd)
3002{
3003 if (likely(file->f_op->read_iter != tty_read))
3004 return 0;
3005 return file_tty(file) != t ? 0 : fd + 1;
3006}
3007
3008/*
3009 * This implements the "Secure Attention Key" --- the idea is to
3010 * prevent trojan horses by killing all processes associated with this
3011 * tty when the user hits the "Secure Attention Key". Required for
3012 * super-paranoid applications --- see the Orange Book for more details.
3013 *
3014 * This code could be nicer; ideally it should send a HUP, wait a few
3015 * seconds, then send a INT, and then a KILL signal. But you then
3016 * have to coordinate with the init process, since all processes associated
3017 * with the current tty must be dead before the new getty is allowed
3018 * to spawn.
3019 *
3020 * Now, if it would be correct ;-/ The current code has a nasty hole -
3021 * it doesn't catch files in flight. We may send the descriptor to ourselves
3022 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3023 *
3024 * Nasty bug: do_SAK is being called in interrupt context. This can
3025 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3026 */
3027void __do_SAK(struct tty_struct *tty)
3028{
3029 struct task_struct *g, *p;
3030 struct pid *session;
3031 int i;
3032 unsigned long flags;
3033
3034 spin_lock_irqsave(&tty->ctrl.lock, flags);
3035 session = get_pid(tty->ctrl.session);
3036 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3037
3038 tty_ldisc_flush(tty);
3039
3040 tty_driver_flush_buffer(tty);
3041
3042 read_lock(&tasklist_lock);
3043 /* Kill the entire session */
3044 do_each_pid_task(session, PIDTYPE_SID, p) {
3045 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3046 task_pid_nr(p), p->comm);
3047 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3048 } while_each_pid_task(session, PIDTYPE_SID, p);
3049
3050 /* Now kill any processes that happen to have the tty open */
3051 for_each_process_thread(g, p) {
3052 if (p->signal->tty == tty) {
3053 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3054 task_pid_nr(p), p->comm);
3055 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3056 PIDTYPE_SID);
3057 continue;
3058 }
3059 task_lock(p);
3060 i = iterate_fd(p->files, 0, this_tty, tty);
3061 if (i != 0) {
3062 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3063 task_pid_nr(p), p->comm, i - 1);
3064 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3065 PIDTYPE_SID);
3066 }
3067 task_unlock(p);
3068 }
3069 read_unlock(&tasklist_lock);
3070 put_pid(session);
3071}
3072
3073static void do_SAK_work(struct work_struct *work)
3074{
3075 struct tty_struct *tty =
3076 container_of(work, struct tty_struct, SAK_work);
3077 __do_SAK(tty);
3078}
3079
3080/*
3081 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3082 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3083 * the values which we write to it will be identical to the values which it
3084 * already has. --akpm
3085 */
3086void do_SAK(struct tty_struct *tty)
3087{
3088 if (!tty)
3089 return;
3090 schedule_work(&tty->SAK_work);
3091}
3092EXPORT_SYMBOL(do_SAK);
3093
3094/* Must put_device() after it's unused! */
3095static struct device *tty_get_device(struct tty_struct *tty)
3096{
3097 dev_t devt = tty_devnum(tty);
3098
3099 return class_find_device_by_devt(&tty_class, devt);
3100}
3101
3102
3103/**
3104 * alloc_tty_struct - allocate a new tty
3105 * @driver: driver which will handle the returned tty
3106 * @idx: minor of the tty
3107 *
3108 * This subroutine allocates and initializes a tty structure.
3109 *
3110 * Locking: none - @tty in question is not exposed at this point
3111 */
3112struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3113{
3114 struct tty_struct *tty;
3115
3116 tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3117 if (!tty)
3118 return NULL;
3119
3120 kref_init(&tty->kref);
3121 if (tty_ldisc_init(tty)) {
3122 kfree(tty);
3123 return NULL;
3124 }
3125 tty->ctrl.session = NULL;
3126 tty->ctrl.pgrp = NULL;
3127 mutex_init(&tty->legacy_mutex);
3128 mutex_init(&tty->throttle_mutex);
3129 init_rwsem(&tty->termios_rwsem);
3130 mutex_init(&tty->winsize_mutex);
3131 init_ldsem(&tty->ldisc_sem);
3132 init_waitqueue_head(&tty->write_wait);
3133 init_waitqueue_head(&tty->read_wait);
3134 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3135 mutex_init(&tty->atomic_write_lock);
3136 spin_lock_init(&tty->ctrl.lock);
3137 spin_lock_init(&tty->flow.lock);
3138 spin_lock_init(&tty->files_lock);
3139 INIT_LIST_HEAD(&tty->tty_files);
3140 INIT_WORK(&tty->SAK_work, do_SAK_work);
3141
3142 tty->driver = driver;
3143 tty->ops = driver->ops;
3144 tty->index = idx;
3145 tty_line_name(driver, idx, tty->name);
3146 tty->dev = tty_get_device(tty);
3147
3148 return tty;
3149}
3150
3151/**
3152 * tty_put_char - write one character to a tty
3153 * @tty: tty
3154 * @ch: character to write
3155 *
3156 * Write one byte to the @tty using the provided @tty->ops->put_char() method
3157 * if present.
3158 *
3159 * Note: the specific put_char operation in the driver layer may go
3160 * away soon. Don't call it directly, use this method
3161 *
3162 * Return: the number of characters successfully output.
3163 */
3164int tty_put_char(struct tty_struct *tty, u8 ch)
3165{
3166 if (tty->ops->put_char)
3167 return tty->ops->put_char(tty, ch);
3168 return tty->ops->write(tty, &ch, 1);
3169}
3170EXPORT_SYMBOL_GPL(tty_put_char);
3171
3172static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3173 unsigned int index, unsigned int count)
3174{
3175 int err;
3176
3177 /* init here, since reused cdevs cause crashes */
3178 driver->cdevs[index] = cdev_alloc();
3179 if (!driver->cdevs[index])
3180 return -ENOMEM;
3181 driver->cdevs[index]->ops = &tty_fops;
3182 driver->cdevs[index]->owner = driver->owner;
3183 err = cdev_add(driver->cdevs[index], dev, count);
3184 if (err)
3185 kobject_put(&driver->cdevs[index]->kobj);
3186 return err;
3187}
3188
3189/**
3190 * tty_register_device - register a tty device
3191 * @driver: the tty driver that describes the tty device
3192 * @index: the index in the tty driver for this tty device
3193 * @device: a struct device that is associated with this tty device.
3194 * This field is optional, if there is no known struct device
3195 * for this tty device it can be set to NULL safely.
3196 *
3197 * This call is required to be made to register an individual tty device
3198 * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3199 * that bit is not set, this function should not be called by a tty
3200 * driver.
3201 *
3202 * Locking: ??
3203 *
3204 * Return: A pointer to the struct device for this tty device (or
3205 * ERR_PTR(-EFOO) on error).
3206 */
3207struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3208 struct device *device)
3209{
3210 return tty_register_device_attr(driver, index, device, NULL, NULL);
3211}
3212EXPORT_SYMBOL(tty_register_device);
3213
3214static void tty_device_create_release(struct device *dev)
3215{
3216 dev_dbg(dev, "releasing...\n");
3217 kfree(dev);
3218}
3219
3220/**
3221 * tty_register_device_attr - register a tty device
3222 * @driver: the tty driver that describes the tty device
3223 * @index: the index in the tty driver for this tty device
3224 * @device: a struct device that is associated with this tty device.
3225 * This field is optional, if there is no known struct device
3226 * for this tty device it can be set to %NULL safely.
3227 * @drvdata: Driver data to be set to device.
3228 * @attr_grp: Attribute group to be set on device.
3229 *
3230 * This call is required to be made to register an individual tty device if the
3231 * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3232 * not set, this function should not be called by a tty driver.
3233 *
3234 * Locking: ??
3235 *
3236 * Return: A pointer to the struct device for this tty device (or
3237 * ERR_PTR(-EFOO) on error).
3238 */
3239struct device *tty_register_device_attr(struct tty_driver *driver,
3240 unsigned index, struct device *device,
3241 void *drvdata,
3242 const struct attribute_group **attr_grp)
3243{
3244 char name[64];
3245 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3246 struct ktermios *tp;
3247 struct device *dev;
3248 int retval;
3249
3250 if (index >= driver->num) {
3251 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3252 driver->name, index);
3253 return ERR_PTR(-EINVAL);
3254 }
3255
3256 if (driver->type == TTY_DRIVER_TYPE_PTY)
3257 pty_line_name(driver, index, name);
3258 else
3259 tty_line_name(driver, index, name);
3260
3261 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3262 if (!dev)
3263 return ERR_PTR(-ENOMEM);
3264
3265 dev->devt = devt;
3266 dev->class = &tty_class;
3267 dev->parent = device;
3268 dev->release = tty_device_create_release;
3269 dev_set_name(dev, "%s", name);
3270 dev->groups = attr_grp;
3271 dev_set_drvdata(dev, drvdata);
3272
3273 dev_set_uevent_suppress(dev, 1);
3274
3275 retval = device_register(dev);
3276 if (retval)
3277 goto err_put;
3278
3279 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3280 /*
3281 * Free any saved termios data so that the termios state is
3282 * reset when reusing a minor number.
3283 */
3284 tp = driver->termios[index];
3285 if (tp) {
3286 driver->termios[index] = NULL;
3287 kfree(tp);
3288 }
3289
3290 retval = tty_cdev_add(driver, devt, index, 1);
3291 if (retval)
3292 goto err_del;
3293 }
3294
3295 dev_set_uevent_suppress(dev, 0);
3296 kobject_uevent(&dev->kobj, KOBJ_ADD);
3297
3298 return dev;
3299
3300err_del:
3301 device_del(dev);
3302err_put:
3303 put_device(dev);
3304
3305 return ERR_PTR(retval);
3306}
3307EXPORT_SYMBOL_GPL(tty_register_device_attr);
3308
3309/**
3310 * tty_unregister_device - unregister a tty device
3311 * @driver: the tty driver that describes the tty device
3312 * @index: the index in the tty driver for this tty device
3313 *
3314 * If a tty device is registered with a call to tty_register_device() then
3315 * this function must be called when the tty device is gone.
3316 *
3317 * Locking: ??
3318 */
3319void tty_unregister_device(struct tty_driver *driver, unsigned index)
3320{
3321 device_destroy(&tty_class, MKDEV(driver->major, driver->minor_start) + index);
3322 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3323 cdev_del(driver->cdevs[index]);
3324 driver->cdevs[index] = NULL;
3325 }
3326}
3327EXPORT_SYMBOL(tty_unregister_device);
3328
3329/**
3330 * __tty_alloc_driver - allocate tty driver
3331 * @lines: count of lines this driver can handle at most
3332 * @owner: module which is responsible for this driver
3333 * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
3334 *
3335 * This should not be called directly, some of the provided macros should be
3336 * used instead. Use IS_ERR() and friends on @retval.
3337 */
3338struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3339 unsigned long flags)
3340{
3341 struct tty_driver *driver;
3342 unsigned int cdevs = 1;
3343 int err;
3344
3345 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3346 return ERR_PTR(-EINVAL);
3347
3348 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3349 if (!driver)
3350 return ERR_PTR(-ENOMEM);
3351
3352 kref_init(&driver->kref);
3353 driver->num = lines;
3354 driver->owner = owner;
3355 driver->flags = flags;
3356
3357 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3358 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3359 GFP_KERNEL);
3360 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3361 GFP_KERNEL);
3362 if (!driver->ttys || !driver->termios) {
3363 err = -ENOMEM;
3364 goto err_free_all;
3365 }
3366 }
3367
3368 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3369 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3370 GFP_KERNEL);
3371 if (!driver->ports) {
3372 err = -ENOMEM;
3373 goto err_free_all;
3374 }
3375 cdevs = lines;
3376 }
3377
3378 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3379 if (!driver->cdevs) {
3380 err = -ENOMEM;
3381 goto err_free_all;
3382 }
3383
3384 return driver;
3385err_free_all:
3386 kfree(driver->ports);
3387 kfree(driver->ttys);
3388 kfree(driver->termios);
3389 kfree(driver->cdevs);
3390 kfree(driver);
3391 return ERR_PTR(err);
3392}
3393EXPORT_SYMBOL(__tty_alloc_driver);
3394
3395static void destruct_tty_driver(struct kref *kref)
3396{
3397 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3398 int i;
3399 struct ktermios *tp;
3400
3401 if (driver->flags & TTY_DRIVER_INSTALLED) {
3402 for (i = 0; i < driver->num; i++) {
3403 tp = driver->termios[i];
3404 if (tp) {
3405 driver->termios[i] = NULL;
3406 kfree(tp);
3407 }
3408 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3409 tty_unregister_device(driver, i);
3410 }
3411 proc_tty_unregister_driver(driver);
3412 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3413 cdev_del(driver->cdevs[0]);
3414 }
3415 kfree(driver->cdevs);
3416 kfree(driver->ports);
3417 kfree(driver->termios);
3418 kfree(driver->ttys);
3419 kfree(driver);
3420}
3421
3422/**
3423 * tty_driver_kref_put - drop a reference to a tty driver
3424 * @driver: driver of which to drop the reference
3425 *
3426 * The final put will destroy and free up the driver.
3427 */
3428void tty_driver_kref_put(struct tty_driver *driver)
3429{
3430 kref_put(&driver->kref, destruct_tty_driver);
3431}
3432EXPORT_SYMBOL(tty_driver_kref_put);
3433
3434/**
3435 * tty_register_driver - register a tty driver
3436 * @driver: driver to register
3437 *
3438 * Called by a tty driver to register itself.
3439 */
3440int tty_register_driver(struct tty_driver *driver)
3441{
3442 int error;
3443 int i;
3444 dev_t dev;
3445 struct device *d;
3446
3447 if (!driver->major) {
3448 error = alloc_chrdev_region(&dev, driver->minor_start,
3449 driver->num, driver->name);
3450 if (!error) {
3451 driver->major = MAJOR(dev);
3452 driver->minor_start = MINOR(dev);
3453 }
3454 } else {
3455 dev = MKDEV(driver->major, driver->minor_start);
3456 error = register_chrdev_region(dev, driver->num, driver->name);
3457 }
3458 if (error < 0)
3459 goto err;
3460
3461 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3462 error = tty_cdev_add(driver, dev, 0, driver->num);
3463 if (error)
3464 goto err_unreg_char;
3465 }
3466
3467 mutex_lock(&tty_mutex);
3468 list_add(&driver->tty_drivers, &tty_drivers);
3469 mutex_unlock(&tty_mutex);
3470
3471 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3472 for (i = 0; i < driver->num; i++) {
3473 d = tty_register_device(driver, i, NULL);
3474 if (IS_ERR(d)) {
3475 error = PTR_ERR(d);
3476 goto err_unreg_devs;
3477 }
3478 }
3479 }
3480 proc_tty_register_driver(driver);
3481 driver->flags |= TTY_DRIVER_INSTALLED;
3482 return 0;
3483
3484err_unreg_devs:
3485 for (i--; i >= 0; i--)
3486 tty_unregister_device(driver, i);
3487
3488 mutex_lock(&tty_mutex);
3489 list_del(&driver->tty_drivers);
3490 mutex_unlock(&tty_mutex);
3491
3492err_unreg_char:
3493 unregister_chrdev_region(dev, driver->num);
3494err:
3495 return error;
3496}
3497EXPORT_SYMBOL(tty_register_driver);
3498
3499/**
3500 * tty_unregister_driver - unregister a tty driver
3501 * @driver: driver to unregister
3502 *
3503 * Called by a tty driver to unregister itself.
3504 */
3505void tty_unregister_driver(struct tty_driver *driver)
3506{
3507 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3508 driver->num);
3509 mutex_lock(&tty_mutex);
3510 list_del(&driver->tty_drivers);
3511 mutex_unlock(&tty_mutex);
3512}
3513EXPORT_SYMBOL(tty_unregister_driver);
3514
3515dev_t tty_devnum(struct tty_struct *tty)
3516{
3517 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3518}
3519EXPORT_SYMBOL(tty_devnum);
3520
3521void tty_default_fops(struct file_operations *fops)
3522{
3523 *fops = tty_fops;
3524}
3525
3526static char *tty_devnode(const struct device *dev, umode_t *mode)
3527{
3528 if (!mode)
3529 return NULL;
3530 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3531 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3532 *mode = 0666;
3533 return NULL;
3534}
3535
3536const struct class tty_class = {
3537 .name = "tty",
3538 .devnode = tty_devnode,
3539};
3540
3541static int __init tty_class_init(void)
3542{
3543 return class_register(&tty_class);
3544}
3545
3546postcore_initcall(tty_class_init);
3547
3548/* 3/2004 jmc: why do these devices exist? */
3549static struct cdev tty_cdev, console_cdev;
3550
3551static ssize_t show_cons_active(struct device *dev,
3552 struct device_attribute *attr, char *buf)
3553{
3554 struct console *cs[16];
3555 int i = 0;
3556 struct console *c;
3557 ssize_t count = 0;
3558
3559 /*
3560 * Hold the console_list_lock to guarantee that no consoles are
3561 * unregistered until all console processing is complete.
3562 * This also allows safe traversal of the console list and
3563 * race-free reading of @flags.
3564 */
3565 console_list_lock();
3566
3567 for_each_console(c) {
3568 if (!c->device)
3569 continue;
3570 if (!(c->flags & CON_NBCON) && !c->write)
3571 continue;
3572 if ((c->flags & CON_ENABLED) == 0)
3573 continue;
3574 cs[i++] = c;
3575 if (i >= ARRAY_SIZE(cs))
3576 break;
3577 }
3578
3579 /*
3580 * Take console_lock to serialize device() callback with
3581 * other console operations. For example, fg_console is
3582 * modified under console_lock when switching vt.
3583 */
3584 console_lock();
3585 while (i--) {
3586 int index = cs[i]->index;
3587 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3588
3589 /* don't resolve tty0 as some programs depend on it */
3590 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3591 count += tty_line_name(drv, index, buf + count);
3592 else
3593 count += sprintf(buf + count, "%s%d",
3594 cs[i]->name, cs[i]->index);
3595
3596 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3597 }
3598 console_unlock();
3599
3600 console_list_unlock();
3601
3602 return count;
3603}
3604static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3605
3606static struct attribute *cons_dev_attrs[] = {
3607 &dev_attr_active.attr,
3608 NULL
3609};
3610
3611ATTRIBUTE_GROUPS(cons_dev);
3612
3613static struct device *consdev;
3614
3615void console_sysfs_notify(void)
3616{
3617 if (consdev)
3618 sysfs_notify(&consdev->kobj, NULL, "active");
3619}
3620
3621static struct ctl_table tty_table[] = {
3622 {
3623 .procname = "legacy_tiocsti",
3624 .data = &tty_legacy_tiocsti,
3625 .maxlen = sizeof(tty_legacy_tiocsti),
3626 .mode = 0644,
3627 .proc_handler = proc_dobool,
3628 },
3629 {
3630 .procname = "ldisc_autoload",
3631 .data = &tty_ldisc_autoload,
3632 .maxlen = sizeof(tty_ldisc_autoload),
3633 .mode = 0644,
3634 .proc_handler = proc_dointvec_minmax,
3635 .extra1 = SYSCTL_ZERO,
3636 .extra2 = SYSCTL_ONE,
3637 },
3638};
3639
3640/*
3641 * Ok, now we can initialize the rest of the tty devices and can count
3642 * on memory allocations, interrupts etc..
3643 */
3644int __init tty_init(void)
3645{
3646 register_sysctl_init("dev/tty", tty_table);
3647 cdev_init(&tty_cdev, &tty_fops);
3648 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3649 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3650 panic("Couldn't register /dev/tty driver\n");
3651 device_create(&tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3652
3653 cdev_init(&console_cdev, &console_fops);
3654 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3655 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3656 panic("Couldn't register /dev/console driver\n");
3657 consdev = device_create_with_groups(&tty_class, NULL,
3658 MKDEV(TTYAUX_MAJOR, 1), NULL,
3659 cons_dev_groups, "console");
3660 if (IS_ERR(consdev))
3661 consdev = NULL;
3662
3663#ifdef CONFIG_VT
3664 vty_init(&console_fops);
3665#endif
3666 return 0;
3667}
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6/*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched/signal.h>
74#include <linux/sched/task.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/fdtable.h>
82#include <linux/console.h>
83#include <linux/timer.h>
84#include <linux/ctype.h>
85#include <linux/kd.h>
86#include <linux/mm.h>
87#include <linux/string.h>
88#include <linux/slab.h>
89#include <linux/poll.h>
90#include <linux/ppp-ioctl.h>
91#include <linux/proc_fs.h>
92#include <linux/init.h>
93#include <linux/module.h>
94#include <linux/device.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
97#include <linux/delay.h>
98#include <linux/seq_file.h>
99#include <linux/serial.h>
100#include <linux/ratelimit.h>
101#include <linux/compat.h>
102#include <linux/uaccess.h>
103#include <linux/termios_internal.h>
104
105#include <linux/kbd_kern.h>
106#include <linux/vt_kern.h>
107#include <linux/selection.h>
108
109#include <linux/kmod.h>
110#include <linux/nsproxy.h>
111#include "tty.h"
112
113#undef TTY_DEBUG_HANGUP
114#ifdef TTY_DEBUG_HANGUP
115# define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
116#else
117# define tty_debug_hangup(tty, f, args...) do { } while (0)
118#endif
119
120#define TTY_PARANOIA_CHECK 1
121#define CHECK_TTY_COUNT 1
122
123struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
124 .c_iflag = ICRNL | IXON,
125 .c_oflag = OPOST | ONLCR,
126 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
127 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
128 ECHOCTL | ECHOKE | IEXTEN,
129 .c_cc = INIT_C_CC,
130 .c_ispeed = 38400,
131 .c_ospeed = 38400,
132 /* .c_line = N_TTY, */
133};
134EXPORT_SYMBOL(tty_std_termios);
135
136/* This list gets poked at by procfs and various bits of boot up code. This
137 * could do with some rationalisation such as pulling the tty proc function
138 * into this file.
139 */
140
141LIST_HEAD(tty_drivers); /* linked list of tty drivers */
142
143/* Mutex to protect creating and releasing a tty */
144DEFINE_MUTEX(tty_mutex);
145
146static ssize_t tty_read(struct kiocb *, struct iov_iter *);
147static ssize_t tty_write(struct kiocb *, struct iov_iter *);
148static __poll_t tty_poll(struct file *, poll_table *);
149static int tty_open(struct inode *, struct file *);
150#ifdef CONFIG_COMPAT
151static long tty_compat_ioctl(struct file *file, unsigned int cmd,
152 unsigned long arg);
153#else
154#define tty_compat_ioctl NULL
155#endif
156static int __tty_fasync(int fd, struct file *filp, int on);
157static int tty_fasync(int fd, struct file *filp, int on);
158static void release_tty(struct tty_struct *tty, int idx);
159
160/**
161 * free_tty_struct - free a disused tty
162 * @tty: tty struct to free
163 *
164 * Free the write buffers, tty queue and tty memory itself.
165 *
166 * Locking: none. Must be called after tty is definitely unused
167 */
168static void free_tty_struct(struct tty_struct *tty)
169{
170 tty_ldisc_deinit(tty);
171 put_device(tty->dev);
172 kvfree(tty->write_buf);
173 kfree(tty);
174}
175
176static inline struct tty_struct *file_tty(struct file *file)
177{
178 return ((struct tty_file_private *)file->private_data)->tty;
179}
180
181int tty_alloc_file(struct file *file)
182{
183 struct tty_file_private *priv;
184
185 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
186 if (!priv)
187 return -ENOMEM;
188
189 file->private_data = priv;
190
191 return 0;
192}
193
194/* Associate a new file with the tty structure */
195void tty_add_file(struct tty_struct *tty, struct file *file)
196{
197 struct tty_file_private *priv = file->private_data;
198
199 priv->tty = tty;
200 priv->file = file;
201
202 spin_lock(&tty->files_lock);
203 list_add(&priv->list, &tty->tty_files);
204 spin_unlock(&tty->files_lock);
205}
206
207/**
208 * tty_free_file - free file->private_data
209 * @file: to free private_data of
210 *
211 * This shall be used only for fail path handling when tty_add_file was not
212 * called yet.
213 */
214void tty_free_file(struct file *file)
215{
216 struct tty_file_private *priv = file->private_data;
217
218 file->private_data = NULL;
219 kfree(priv);
220}
221
222/* Delete file from its tty */
223static void tty_del_file(struct file *file)
224{
225 struct tty_file_private *priv = file->private_data;
226 struct tty_struct *tty = priv->tty;
227
228 spin_lock(&tty->files_lock);
229 list_del(&priv->list);
230 spin_unlock(&tty->files_lock);
231 tty_free_file(file);
232}
233
234/**
235 * tty_name - return tty naming
236 * @tty: tty structure
237 *
238 * Convert a tty structure into a name. The name reflects the kernel naming
239 * policy and if udev is in use may not reflect user space
240 *
241 * Locking: none
242 */
243const char *tty_name(const struct tty_struct *tty)
244{
245 if (!tty) /* Hmm. NULL pointer. That's fun. */
246 return "NULL tty";
247 return tty->name;
248}
249EXPORT_SYMBOL(tty_name);
250
251const char *tty_driver_name(const struct tty_struct *tty)
252{
253 if (!tty || !tty->driver)
254 return "";
255 return tty->driver->name;
256}
257
258static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
259 const char *routine)
260{
261#ifdef TTY_PARANOIA_CHECK
262 if (!tty) {
263 pr_warn("(%d:%d): %s: NULL tty\n",
264 imajor(inode), iminor(inode), routine);
265 return 1;
266 }
267#endif
268 return 0;
269}
270
271/* Caller must hold tty_lock */
272static int check_tty_count(struct tty_struct *tty, const char *routine)
273{
274#ifdef CHECK_TTY_COUNT
275 struct list_head *p;
276 int count = 0, kopen_count = 0;
277
278 spin_lock(&tty->files_lock);
279 list_for_each(p, &tty->tty_files) {
280 count++;
281 }
282 spin_unlock(&tty->files_lock);
283 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
284 tty->driver->subtype == PTY_TYPE_SLAVE &&
285 tty->link && tty->link->count)
286 count++;
287 if (tty_port_kopened(tty->port))
288 kopen_count++;
289 if (tty->count != (count + kopen_count)) {
290 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
291 routine, tty->count, count, kopen_count);
292 return (count + kopen_count);
293 }
294#endif
295 return 0;
296}
297
298/**
299 * get_tty_driver - find device of a tty
300 * @device: device identifier
301 * @index: returns the index of the tty
302 *
303 * This routine returns a tty driver structure, given a device number and also
304 * passes back the index number.
305 *
306 * Locking: caller must hold tty_mutex
307 */
308static struct tty_driver *get_tty_driver(dev_t device, int *index)
309{
310 struct tty_driver *p;
311
312 list_for_each_entry(p, &tty_drivers, tty_drivers) {
313 dev_t base = MKDEV(p->major, p->minor_start);
314
315 if (device < base || device >= base + p->num)
316 continue;
317 *index = device - base;
318 return tty_driver_kref_get(p);
319 }
320 return NULL;
321}
322
323/**
324 * tty_dev_name_to_number - return dev_t for device name
325 * @name: user space name of device under /dev
326 * @number: pointer to dev_t that this function will populate
327 *
328 * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
329 * (4, 64) or (188, 1). If no corresponding driver is registered then the
330 * function returns -%ENODEV.
331 *
332 * Locking: this acquires tty_mutex to protect the tty_drivers list from
333 * being modified while we are traversing it, and makes sure to
334 * release it before exiting.
335 */
336int tty_dev_name_to_number(const char *name, dev_t *number)
337{
338 struct tty_driver *p;
339 int ret;
340 int index, prefix_length = 0;
341 const char *str;
342
343 for (str = name; *str && !isdigit(*str); str++)
344 ;
345
346 if (!*str)
347 return -EINVAL;
348
349 ret = kstrtoint(str, 10, &index);
350 if (ret)
351 return ret;
352
353 prefix_length = str - name;
354 mutex_lock(&tty_mutex);
355
356 list_for_each_entry(p, &tty_drivers, tty_drivers)
357 if (prefix_length == strlen(p->name) && strncmp(name,
358 p->name, prefix_length) == 0) {
359 if (index < p->num) {
360 *number = MKDEV(p->major, p->minor_start + index);
361 goto out;
362 }
363 }
364
365 /* if here then driver wasn't found */
366 ret = -ENODEV;
367out:
368 mutex_unlock(&tty_mutex);
369 return ret;
370}
371EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
372
373#ifdef CONFIG_CONSOLE_POLL
374
375/**
376 * tty_find_polling_driver - find device of a polled tty
377 * @name: name string to match
378 * @line: pointer to resulting tty line nr
379 *
380 * This routine returns a tty driver structure, given a name and the condition
381 * that the tty driver is capable of polled operation.
382 */
383struct tty_driver *tty_find_polling_driver(char *name, int *line)
384{
385 struct tty_driver *p, *res = NULL;
386 int tty_line = 0;
387 int len;
388 char *str, *stp;
389
390 for (str = name; *str; str++)
391 if ((*str >= '0' && *str <= '9') || *str == ',')
392 break;
393 if (!*str)
394 return NULL;
395
396 len = str - name;
397 tty_line = simple_strtoul(str, &str, 10);
398
399 mutex_lock(&tty_mutex);
400 /* Search through the tty devices to look for a match */
401 list_for_each_entry(p, &tty_drivers, tty_drivers) {
402 if (!len || strncmp(name, p->name, len) != 0)
403 continue;
404 stp = str;
405 if (*stp == ',')
406 stp++;
407 if (*stp == '\0')
408 stp = NULL;
409
410 if (tty_line >= 0 && tty_line < p->num && p->ops &&
411 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
412 res = tty_driver_kref_get(p);
413 *line = tty_line;
414 break;
415 }
416 }
417 mutex_unlock(&tty_mutex);
418
419 return res;
420}
421EXPORT_SYMBOL_GPL(tty_find_polling_driver);
422#endif
423
424static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
425{
426 return 0;
427}
428
429static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
430{
431 return -EIO;
432}
433
434/* No kernel lock held - none needed ;) */
435static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
436{
437 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
438}
439
440static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
441 unsigned long arg)
442{
443 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
444}
445
446static long hung_up_tty_compat_ioctl(struct file *file,
447 unsigned int cmd, unsigned long arg)
448{
449 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
450}
451
452static int hung_up_tty_fasync(int fd, struct file *file, int on)
453{
454 return -ENOTTY;
455}
456
457static void tty_show_fdinfo(struct seq_file *m, struct file *file)
458{
459 struct tty_struct *tty = file_tty(file);
460
461 if (tty && tty->ops && tty->ops->show_fdinfo)
462 tty->ops->show_fdinfo(tty, m);
463}
464
465static const struct file_operations tty_fops = {
466 .llseek = no_llseek,
467 .read_iter = tty_read,
468 .write_iter = tty_write,
469 .splice_read = generic_file_splice_read,
470 .splice_write = iter_file_splice_write,
471 .poll = tty_poll,
472 .unlocked_ioctl = tty_ioctl,
473 .compat_ioctl = tty_compat_ioctl,
474 .open = tty_open,
475 .release = tty_release,
476 .fasync = tty_fasync,
477 .show_fdinfo = tty_show_fdinfo,
478};
479
480static const struct file_operations console_fops = {
481 .llseek = no_llseek,
482 .read_iter = tty_read,
483 .write_iter = redirected_tty_write,
484 .splice_read = generic_file_splice_read,
485 .splice_write = iter_file_splice_write,
486 .poll = tty_poll,
487 .unlocked_ioctl = tty_ioctl,
488 .compat_ioctl = tty_compat_ioctl,
489 .open = tty_open,
490 .release = tty_release,
491 .fasync = tty_fasync,
492};
493
494static const struct file_operations hung_up_tty_fops = {
495 .llseek = no_llseek,
496 .read_iter = hung_up_tty_read,
497 .write_iter = hung_up_tty_write,
498 .poll = hung_up_tty_poll,
499 .unlocked_ioctl = hung_up_tty_ioctl,
500 .compat_ioctl = hung_up_tty_compat_ioctl,
501 .release = tty_release,
502 .fasync = hung_up_tty_fasync,
503};
504
505static DEFINE_SPINLOCK(redirect_lock);
506static struct file *redirect;
507
508/**
509 * tty_wakeup - request more data
510 * @tty: terminal
511 *
512 * Internal and external helper for wakeups of tty. This function informs the
513 * line discipline if present that the driver is ready to receive more output
514 * data.
515 */
516void tty_wakeup(struct tty_struct *tty)
517{
518 struct tty_ldisc *ld;
519
520 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
521 ld = tty_ldisc_ref(tty);
522 if (ld) {
523 if (ld->ops->write_wakeup)
524 ld->ops->write_wakeup(tty);
525 tty_ldisc_deref(ld);
526 }
527 }
528 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
529}
530EXPORT_SYMBOL_GPL(tty_wakeup);
531
532/**
533 * tty_release_redirect - Release a redirect on a pty if present
534 * @tty: tty device
535 *
536 * This is available to the pty code so if the master closes, if the slave is a
537 * redirect it can release the redirect.
538 */
539static struct file *tty_release_redirect(struct tty_struct *tty)
540{
541 struct file *f = NULL;
542
543 spin_lock(&redirect_lock);
544 if (redirect && file_tty(redirect) == tty) {
545 f = redirect;
546 redirect = NULL;
547 }
548 spin_unlock(&redirect_lock);
549
550 return f;
551}
552
553/**
554 * __tty_hangup - actual handler for hangup events
555 * @tty: tty device
556 * @exit_session: if non-zero, signal all foreground group processes
557 *
558 * This can be called by a "kworker" kernel thread. That is process synchronous
559 * but doesn't hold any locks, so we need to make sure we have the appropriate
560 * locks for what we're doing.
561 *
562 * The hangup event clears any pending redirections onto the hung up device. It
563 * ensures future writes will error and it does the needed line discipline
564 * hangup and signal delivery. The tty object itself remains intact.
565 *
566 * Locking:
567 * * BTM
568 *
569 * * redirect lock for undoing redirection
570 * * file list lock for manipulating list of ttys
571 * * tty_ldiscs_lock from called functions
572 * * termios_rwsem resetting termios data
573 * * tasklist_lock to walk task list for hangup event
574 *
575 * * ->siglock to protect ->signal/->sighand
576 *
577 */
578static void __tty_hangup(struct tty_struct *tty, int exit_session)
579{
580 struct file *cons_filp = NULL;
581 struct file *filp, *f;
582 struct tty_file_private *priv;
583 int closecount = 0, n;
584 int refs;
585
586 if (!tty)
587 return;
588
589 f = tty_release_redirect(tty);
590
591 tty_lock(tty);
592
593 if (test_bit(TTY_HUPPED, &tty->flags)) {
594 tty_unlock(tty);
595 return;
596 }
597
598 /*
599 * Some console devices aren't actually hung up for technical and
600 * historical reasons, which can lead to indefinite interruptible
601 * sleep in n_tty_read(). The following explicitly tells
602 * n_tty_read() to abort readers.
603 */
604 set_bit(TTY_HUPPING, &tty->flags);
605
606 /* inuse_filps is protected by the single tty lock,
607 * this really needs to change if we want to flush the
608 * workqueue with the lock held.
609 */
610 check_tty_count(tty, "tty_hangup");
611
612 spin_lock(&tty->files_lock);
613 /* This breaks for file handles being sent over AF_UNIX sockets ? */
614 list_for_each_entry(priv, &tty->tty_files, list) {
615 filp = priv->file;
616 if (filp->f_op->write_iter == redirected_tty_write)
617 cons_filp = filp;
618 if (filp->f_op->write_iter != tty_write)
619 continue;
620 closecount++;
621 __tty_fasync(-1, filp, 0); /* can't block */
622 filp->f_op = &hung_up_tty_fops;
623 }
624 spin_unlock(&tty->files_lock);
625
626 refs = tty_signal_session_leader(tty, exit_session);
627 /* Account for the p->signal references we killed */
628 while (refs--)
629 tty_kref_put(tty);
630
631 tty_ldisc_hangup(tty, cons_filp != NULL);
632
633 spin_lock_irq(&tty->ctrl.lock);
634 clear_bit(TTY_THROTTLED, &tty->flags);
635 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
636 put_pid(tty->ctrl.session);
637 put_pid(tty->ctrl.pgrp);
638 tty->ctrl.session = NULL;
639 tty->ctrl.pgrp = NULL;
640 tty->ctrl.pktstatus = 0;
641 spin_unlock_irq(&tty->ctrl.lock);
642
643 /*
644 * If one of the devices matches a console pointer, we
645 * cannot just call hangup() because that will cause
646 * tty->count and state->count to go out of sync.
647 * So we just call close() the right number of times.
648 */
649 if (cons_filp) {
650 if (tty->ops->close)
651 for (n = 0; n < closecount; n++)
652 tty->ops->close(tty, cons_filp);
653 } else if (tty->ops->hangup)
654 tty->ops->hangup(tty);
655 /*
656 * We don't want to have driver/ldisc interactions beyond the ones
657 * we did here. The driver layer expects no calls after ->hangup()
658 * from the ldisc side, which is now guaranteed.
659 */
660 set_bit(TTY_HUPPED, &tty->flags);
661 clear_bit(TTY_HUPPING, &tty->flags);
662 tty_unlock(tty);
663
664 if (f)
665 fput(f);
666}
667
668static void do_tty_hangup(struct work_struct *work)
669{
670 struct tty_struct *tty =
671 container_of(work, struct tty_struct, hangup_work);
672
673 __tty_hangup(tty, 0);
674}
675
676/**
677 * tty_hangup - trigger a hangup event
678 * @tty: tty to hangup
679 *
680 * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
681 * hangup sequence to run after this event.
682 */
683void tty_hangup(struct tty_struct *tty)
684{
685 tty_debug_hangup(tty, "hangup\n");
686 schedule_work(&tty->hangup_work);
687}
688EXPORT_SYMBOL(tty_hangup);
689
690/**
691 * tty_vhangup - process vhangup
692 * @tty: tty to hangup
693 *
694 * The user has asked via system call for the terminal to be hung up. We do
695 * this synchronously so that when the syscall returns the process is complete.
696 * That guarantee is necessary for security reasons.
697 */
698void tty_vhangup(struct tty_struct *tty)
699{
700 tty_debug_hangup(tty, "vhangup\n");
701 __tty_hangup(tty, 0);
702}
703EXPORT_SYMBOL(tty_vhangup);
704
705
706/**
707 * tty_vhangup_self - process vhangup for own ctty
708 *
709 * Perform a vhangup on the current controlling tty
710 */
711void tty_vhangup_self(void)
712{
713 struct tty_struct *tty;
714
715 tty = get_current_tty();
716 if (tty) {
717 tty_vhangup(tty);
718 tty_kref_put(tty);
719 }
720}
721
722/**
723 * tty_vhangup_session - hangup session leader exit
724 * @tty: tty to hangup
725 *
726 * The session leader is exiting and hanging up its controlling terminal.
727 * Every process in the foreground process group is signalled %SIGHUP.
728 *
729 * We do this synchronously so that when the syscall returns the process is
730 * complete. That guarantee is necessary for security reasons.
731 */
732void tty_vhangup_session(struct tty_struct *tty)
733{
734 tty_debug_hangup(tty, "session hangup\n");
735 __tty_hangup(tty, 1);
736}
737
738/**
739 * tty_hung_up_p - was tty hung up
740 * @filp: file pointer of tty
741 *
742 * Return: true if the tty has been subject to a vhangup or a carrier loss
743 */
744int tty_hung_up_p(struct file *filp)
745{
746 return (filp && filp->f_op == &hung_up_tty_fops);
747}
748EXPORT_SYMBOL(tty_hung_up_p);
749
750void __stop_tty(struct tty_struct *tty)
751{
752 if (tty->flow.stopped)
753 return;
754 tty->flow.stopped = true;
755 if (tty->ops->stop)
756 tty->ops->stop(tty);
757}
758
759/**
760 * stop_tty - propagate flow control
761 * @tty: tty to stop
762 *
763 * Perform flow control to the driver. May be called on an already stopped
764 * device and will not re-call the &tty_driver->stop() method.
765 *
766 * This functionality is used by both the line disciplines for halting incoming
767 * flow and by the driver. It may therefore be called from any context, may be
768 * under the tty %atomic_write_lock but not always.
769 *
770 * Locking:
771 * flow.lock
772 */
773void stop_tty(struct tty_struct *tty)
774{
775 unsigned long flags;
776
777 spin_lock_irqsave(&tty->flow.lock, flags);
778 __stop_tty(tty);
779 spin_unlock_irqrestore(&tty->flow.lock, flags);
780}
781EXPORT_SYMBOL(stop_tty);
782
783void __start_tty(struct tty_struct *tty)
784{
785 if (!tty->flow.stopped || tty->flow.tco_stopped)
786 return;
787 tty->flow.stopped = false;
788 if (tty->ops->start)
789 tty->ops->start(tty);
790 tty_wakeup(tty);
791}
792
793/**
794 * start_tty - propagate flow control
795 * @tty: tty to start
796 *
797 * Start a tty that has been stopped if at all possible. If @tty was previously
798 * stopped and is now being started, the &tty_driver->start() method is invoked
799 * and the line discipline woken.
800 *
801 * Locking:
802 * flow.lock
803 */
804void start_tty(struct tty_struct *tty)
805{
806 unsigned long flags;
807
808 spin_lock_irqsave(&tty->flow.lock, flags);
809 __start_tty(tty);
810 spin_unlock_irqrestore(&tty->flow.lock, flags);
811}
812EXPORT_SYMBOL(start_tty);
813
814static void tty_update_time(struct timespec64 *time)
815{
816 time64_t sec = ktime_get_real_seconds();
817
818 /*
819 * We only care if the two values differ in anything other than the
820 * lower three bits (i.e every 8 seconds). If so, then we can update
821 * the time of the tty device, otherwise it could be construded as a
822 * security leak to let userspace know the exact timing of the tty.
823 */
824 if ((sec ^ time->tv_sec) & ~7)
825 time->tv_sec = sec;
826}
827
828/*
829 * Iterate on the ldisc ->read() function until we've gotten all
830 * the data the ldisc has for us.
831 *
832 * The "cookie" is something that the ldisc read function can fill
833 * in to let us know that there is more data to be had.
834 *
835 * We promise to continue to call the ldisc until it stops returning
836 * data or clears the cookie. The cookie may be something that the
837 * ldisc maintains state for and needs to free.
838 */
839static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
840 struct file *file, struct iov_iter *to)
841{
842 int retval = 0;
843 void *cookie = NULL;
844 unsigned long offset = 0;
845 char kernel_buf[64];
846 size_t count = iov_iter_count(to);
847
848 do {
849 int size, copied;
850
851 size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
852 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
853 if (!size)
854 break;
855
856 if (size < 0) {
857 /* Did we have an earlier error (ie -EFAULT)? */
858 if (retval)
859 break;
860 retval = size;
861
862 /*
863 * -EOVERFLOW means we didn't have enough space
864 * for a whole packet, and we shouldn't return
865 * a partial result.
866 */
867 if (retval == -EOVERFLOW)
868 offset = 0;
869 break;
870 }
871
872 copied = copy_to_iter(kernel_buf, size, to);
873 offset += copied;
874 count -= copied;
875
876 /*
877 * If the user copy failed, we still need to do another ->read()
878 * call if we had a cookie to let the ldisc clear up.
879 *
880 * But make sure size is zeroed.
881 */
882 if (unlikely(copied != size)) {
883 count = 0;
884 retval = -EFAULT;
885 }
886 } while (cookie);
887
888 /* We always clear tty buffer in case they contained passwords */
889 memzero_explicit(kernel_buf, sizeof(kernel_buf));
890 return offset ? offset : retval;
891}
892
893
894/**
895 * tty_read - read method for tty device files
896 * @iocb: kernel I/O control block
897 * @to: destination for the data read
898 *
899 * Perform the read system call function on this terminal device. Checks
900 * for hung up devices before calling the line discipline method.
901 *
902 * Locking:
903 * Locks the line discipline internally while needed. Multiple read calls
904 * may be outstanding in parallel.
905 */
906static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
907{
908 int i;
909 struct file *file = iocb->ki_filp;
910 struct inode *inode = file_inode(file);
911 struct tty_struct *tty = file_tty(file);
912 struct tty_ldisc *ld;
913
914 if (tty_paranoia_check(tty, inode, "tty_read"))
915 return -EIO;
916 if (!tty || tty_io_error(tty))
917 return -EIO;
918
919 /* We want to wait for the line discipline to sort out in this
920 * situation.
921 */
922 ld = tty_ldisc_ref_wait(tty);
923 if (!ld)
924 return hung_up_tty_read(iocb, to);
925 i = -EIO;
926 if (ld->ops->read)
927 i = iterate_tty_read(ld, tty, file, to);
928 tty_ldisc_deref(ld);
929
930 if (i > 0)
931 tty_update_time(&inode->i_atime);
932
933 return i;
934}
935
936static void tty_write_unlock(struct tty_struct *tty)
937{
938 mutex_unlock(&tty->atomic_write_lock);
939 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
940}
941
942static int tty_write_lock(struct tty_struct *tty, int ndelay)
943{
944 if (!mutex_trylock(&tty->atomic_write_lock)) {
945 if (ndelay)
946 return -EAGAIN;
947 if (mutex_lock_interruptible(&tty->atomic_write_lock))
948 return -ERESTARTSYS;
949 }
950 return 0;
951}
952
953/*
954 * Split writes up in sane blocksizes to avoid
955 * denial-of-service type attacks
956 */
957static inline ssize_t do_tty_write(
958 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
959 struct tty_struct *tty,
960 struct file *file,
961 struct iov_iter *from)
962{
963 size_t count = iov_iter_count(from);
964 ssize_t ret, written = 0;
965 unsigned int chunk;
966
967 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
968 if (ret < 0)
969 return ret;
970
971 /*
972 * We chunk up writes into a temporary buffer. This
973 * simplifies low-level drivers immensely, since they
974 * don't have locking issues and user mode accesses.
975 *
976 * But if TTY_NO_WRITE_SPLIT is set, we should use a
977 * big chunk-size..
978 *
979 * The default chunk-size is 2kB, because the NTTY
980 * layer has problems with bigger chunks. It will
981 * claim to be able to handle more characters than
982 * it actually does.
983 */
984 chunk = 2048;
985 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
986 chunk = 65536;
987 if (count < chunk)
988 chunk = count;
989
990 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
991 if (tty->write_cnt < chunk) {
992 unsigned char *buf_chunk;
993
994 if (chunk < 1024)
995 chunk = 1024;
996
997 buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
998 if (!buf_chunk) {
999 ret = -ENOMEM;
1000 goto out;
1001 }
1002 kvfree(tty->write_buf);
1003 tty->write_cnt = chunk;
1004 tty->write_buf = buf_chunk;
1005 }
1006
1007 /* Do the write .. */
1008 for (;;) {
1009 size_t size = count;
1010
1011 if (size > chunk)
1012 size = chunk;
1013
1014 ret = -EFAULT;
1015 if (copy_from_iter(tty->write_buf, size, from) != size)
1016 break;
1017
1018 ret = write(tty, file, tty->write_buf, size);
1019 if (ret <= 0)
1020 break;
1021
1022 written += ret;
1023 if (ret > size)
1024 break;
1025
1026 /* FIXME! Have Al check this! */
1027 if (ret != size)
1028 iov_iter_revert(from, size-ret);
1029
1030 count -= ret;
1031 if (!count)
1032 break;
1033 ret = -ERESTARTSYS;
1034 if (signal_pending(current))
1035 break;
1036 cond_resched();
1037 }
1038 if (written) {
1039 tty_update_time(&file_inode(file)->i_mtime);
1040 ret = written;
1041 }
1042out:
1043 tty_write_unlock(tty);
1044 return ret;
1045}
1046
1047/**
1048 * tty_write_message - write a message to a certain tty, not just the console.
1049 * @tty: the destination tty_struct
1050 * @msg: the message to write
1051 *
1052 * This is used for messages that need to be redirected to a specific tty. We
1053 * don't put it into the syslog queue right now maybe in the future if really
1054 * needed.
1055 *
1056 * We must still hold the BTM and test the CLOSING flag for the moment.
1057 */
1058void tty_write_message(struct tty_struct *tty, char *msg)
1059{
1060 if (tty) {
1061 mutex_lock(&tty->atomic_write_lock);
1062 tty_lock(tty);
1063 if (tty->ops->write && tty->count > 0)
1064 tty->ops->write(tty, msg, strlen(msg));
1065 tty_unlock(tty);
1066 tty_write_unlock(tty);
1067 }
1068}
1069
1070static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1071{
1072 struct tty_struct *tty = file_tty(file);
1073 struct tty_ldisc *ld;
1074 ssize_t ret;
1075
1076 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1077 return -EIO;
1078 if (!tty || !tty->ops->write || tty_io_error(tty))
1079 return -EIO;
1080 /* Short term debug to catch buggy drivers */
1081 if (tty->ops->write_room == NULL)
1082 tty_err(tty, "missing write_room method\n");
1083 ld = tty_ldisc_ref_wait(tty);
1084 if (!ld)
1085 return hung_up_tty_write(iocb, from);
1086 if (!ld->ops->write)
1087 ret = -EIO;
1088 else
1089 ret = do_tty_write(ld->ops->write, tty, file, from);
1090 tty_ldisc_deref(ld);
1091 return ret;
1092}
1093
1094/**
1095 * tty_write - write method for tty device file
1096 * @iocb: kernel I/O control block
1097 * @from: iov_iter with data to write
1098 *
1099 * Write data to a tty device via the line discipline.
1100 *
1101 * Locking:
1102 * Locks the line discipline as required
1103 * Writes to the tty driver are serialized by the atomic_write_lock
1104 * and are then processed in chunks to the device. The line
1105 * discipline write method will not be invoked in parallel for
1106 * each device.
1107 */
1108static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1109{
1110 return file_tty_write(iocb->ki_filp, iocb, from);
1111}
1112
1113ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1114{
1115 struct file *p = NULL;
1116
1117 spin_lock(&redirect_lock);
1118 if (redirect)
1119 p = get_file(redirect);
1120 spin_unlock(&redirect_lock);
1121
1122 /*
1123 * We know the redirected tty is just another tty, we can
1124 * call file_tty_write() directly with that file pointer.
1125 */
1126 if (p) {
1127 ssize_t res;
1128
1129 res = file_tty_write(p, iocb, iter);
1130 fput(p);
1131 return res;
1132 }
1133 return tty_write(iocb, iter);
1134}
1135
1136/**
1137 * tty_send_xchar - send priority character
1138 * @tty: the tty to send to
1139 * @ch: xchar to send
1140 *
1141 * Send a high priority character to the tty even if stopped.
1142 *
1143 * Locking: none for xchar method, write ordering for write method.
1144 */
1145int tty_send_xchar(struct tty_struct *tty, char ch)
1146{
1147 bool was_stopped = tty->flow.stopped;
1148
1149 if (tty->ops->send_xchar) {
1150 down_read(&tty->termios_rwsem);
1151 tty->ops->send_xchar(tty, ch);
1152 up_read(&tty->termios_rwsem);
1153 return 0;
1154 }
1155
1156 if (tty_write_lock(tty, 0) < 0)
1157 return -ERESTARTSYS;
1158
1159 down_read(&tty->termios_rwsem);
1160 if (was_stopped)
1161 start_tty(tty);
1162 tty->ops->write(tty, &ch, 1);
1163 if (was_stopped)
1164 stop_tty(tty);
1165 up_read(&tty->termios_rwsem);
1166 tty_write_unlock(tty);
1167 return 0;
1168}
1169
1170/**
1171 * pty_line_name - generate name for a pty
1172 * @driver: the tty driver in use
1173 * @index: the minor number
1174 * @p: output buffer of at least 6 bytes
1175 *
1176 * Generate a name from a @driver reference and write it to the output buffer
1177 * @p.
1178 *
1179 * Locking: None
1180 */
1181static void pty_line_name(struct tty_driver *driver, int index, char *p)
1182{
1183 static const char ptychar[] = "pqrstuvwxyzabcde";
1184 int i = index + driver->name_base;
1185 /* ->name is initialized to "ttyp", but "tty" is expected */
1186 sprintf(p, "%s%c%x",
1187 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1188 ptychar[i >> 4 & 0xf], i & 0xf);
1189}
1190
1191/**
1192 * tty_line_name - generate name for a tty
1193 * @driver: the tty driver in use
1194 * @index: the minor number
1195 * @p: output buffer of at least 7 bytes
1196 *
1197 * Generate a name from a @driver reference and write it to the output buffer
1198 * @p.
1199 *
1200 * Locking: None
1201 */
1202static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1203{
1204 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1205 return sprintf(p, "%s", driver->name);
1206 else
1207 return sprintf(p, "%s%d", driver->name,
1208 index + driver->name_base);
1209}
1210
1211/**
1212 * tty_driver_lookup_tty() - find an existing tty, if any
1213 * @driver: the driver for the tty
1214 * @file: file object
1215 * @idx: the minor number
1216 *
1217 * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1218 * driver lookup() method returns an error.
1219 *
1220 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1221 */
1222static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1223 struct file *file, int idx)
1224{
1225 struct tty_struct *tty;
1226
1227 if (driver->ops->lookup)
1228 if (!file)
1229 tty = ERR_PTR(-EIO);
1230 else
1231 tty = driver->ops->lookup(driver, file, idx);
1232 else
1233 tty = driver->ttys[idx];
1234
1235 if (!IS_ERR(tty))
1236 tty_kref_get(tty);
1237 return tty;
1238}
1239
1240/**
1241 * tty_init_termios - helper for termios setup
1242 * @tty: the tty to set up
1243 *
1244 * Initialise the termios structure for this tty. This runs under the
1245 * %tty_mutex currently so we can be relaxed about ordering.
1246 */
1247void tty_init_termios(struct tty_struct *tty)
1248{
1249 struct ktermios *tp;
1250 int idx = tty->index;
1251
1252 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1253 tty->termios = tty->driver->init_termios;
1254 else {
1255 /* Check for lazy saved data */
1256 tp = tty->driver->termios[idx];
1257 if (tp != NULL) {
1258 tty->termios = *tp;
1259 tty->termios.c_line = tty->driver->init_termios.c_line;
1260 } else
1261 tty->termios = tty->driver->init_termios;
1262 }
1263 /* Compatibility until drivers always set this */
1264 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1265 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1266}
1267EXPORT_SYMBOL_GPL(tty_init_termios);
1268
1269/**
1270 * tty_standard_install - usual tty->ops->install
1271 * @driver: the driver for the tty
1272 * @tty: the tty
1273 *
1274 * If the @driver overrides @tty->ops->install, it still can call this function
1275 * to perform the standard install operations.
1276 */
1277int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1278{
1279 tty_init_termios(tty);
1280 tty_driver_kref_get(driver);
1281 tty->count++;
1282 driver->ttys[tty->index] = tty;
1283 return 0;
1284}
1285EXPORT_SYMBOL_GPL(tty_standard_install);
1286
1287/**
1288 * tty_driver_install_tty() - install a tty entry in the driver
1289 * @driver: the driver for the tty
1290 * @tty: the tty
1291 *
1292 * Install a tty object into the driver tables. The @tty->index field will be
1293 * set by the time this is called. This method is responsible for ensuring any
1294 * need additional structures are allocated and configured.
1295 *
1296 * Locking: tty_mutex for now
1297 */
1298static int tty_driver_install_tty(struct tty_driver *driver,
1299 struct tty_struct *tty)
1300{
1301 return driver->ops->install ? driver->ops->install(driver, tty) :
1302 tty_standard_install(driver, tty);
1303}
1304
1305/**
1306 * tty_driver_remove_tty() - remove a tty from the driver tables
1307 * @driver: the driver for the tty
1308 * @tty: tty to remove
1309 *
1310 * Remove a tty object from the driver tables. The tty->index field will be set
1311 * by the time this is called.
1312 *
1313 * Locking: tty_mutex for now
1314 */
1315static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1316{
1317 if (driver->ops->remove)
1318 driver->ops->remove(driver, tty);
1319 else
1320 driver->ttys[tty->index] = NULL;
1321}
1322
1323/**
1324 * tty_reopen() - fast re-open of an open tty
1325 * @tty: the tty to open
1326 *
1327 * Re-opens on master ptys are not allowed and return -%EIO.
1328 *
1329 * Locking: Caller must hold tty_lock
1330 * Return: 0 on success, -errno on error.
1331 */
1332static int tty_reopen(struct tty_struct *tty)
1333{
1334 struct tty_driver *driver = tty->driver;
1335 struct tty_ldisc *ld;
1336 int retval = 0;
1337
1338 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1339 driver->subtype == PTY_TYPE_MASTER)
1340 return -EIO;
1341
1342 if (!tty->count)
1343 return -EAGAIN;
1344
1345 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1346 return -EBUSY;
1347
1348 ld = tty_ldisc_ref_wait(tty);
1349 if (ld) {
1350 tty_ldisc_deref(ld);
1351 } else {
1352 retval = tty_ldisc_lock(tty, 5 * HZ);
1353 if (retval)
1354 return retval;
1355
1356 if (!tty->ldisc)
1357 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1358 tty_ldisc_unlock(tty);
1359 }
1360
1361 if (retval == 0)
1362 tty->count++;
1363
1364 return retval;
1365}
1366
1367/**
1368 * tty_init_dev - initialise a tty device
1369 * @driver: tty driver we are opening a device on
1370 * @idx: device index
1371 *
1372 * Prepare a tty device. This may not be a "new" clean device but could also be
1373 * an active device. The pty drivers require special handling because of this.
1374 *
1375 * Locking:
1376 * The function is called under the tty_mutex, which protects us from the
1377 * tty struct or driver itself going away.
1378 *
1379 * On exit the tty device has the line discipline attached and a reference
1380 * count of 1. If a pair was created for pty/tty use and the other was a pty
1381 * master then it too has a reference count of 1.
1382 *
1383 * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1384 * open. The new code protects the open with a mutex, so it's really quite
1385 * straightforward. The mutex locking can probably be relaxed for the (most
1386 * common) case of reopening a tty.
1387 *
1388 * Return: new tty structure
1389 */
1390struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1391{
1392 struct tty_struct *tty;
1393 int retval;
1394
1395 /*
1396 * First time open is complex, especially for PTY devices.
1397 * This code guarantees that either everything succeeds and the
1398 * TTY is ready for operation, or else the table slots are vacated
1399 * and the allocated memory released. (Except that the termios
1400 * may be retained.)
1401 */
1402
1403 if (!try_module_get(driver->owner))
1404 return ERR_PTR(-ENODEV);
1405
1406 tty = alloc_tty_struct(driver, idx);
1407 if (!tty) {
1408 retval = -ENOMEM;
1409 goto err_module_put;
1410 }
1411
1412 tty_lock(tty);
1413 retval = tty_driver_install_tty(driver, tty);
1414 if (retval < 0)
1415 goto err_free_tty;
1416
1417 if (!tty->port)
1418 tty->port = driver->ports[idx];
1419
1420 if (WARN_RATELIMIT(!tty->port,
1421 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1422 __func__, tty->driver->name)) {
1423 retval = -EINVAL;
1424 goto err_release_lock;
1425 }
1426
1427 retval = tty_ldisc_lock(tty, 5 * HZ);
1428 if (retval)
1429 goto err_release_lock;
1430 tty->port->itty = tty;
1431
1432 /*
1433 * Structures all installed ... call the ldisc open routines.
1434 * If we fail here just call release_tty to clean up. No need
1435 * to decrement the use counts, as release_tty doesn't care.
1436 */
1437 retval = tty_ldisc_setup(tty, tty->link);
1438 if (retval)
1439 goto err_release_tty;
1440 tty_ldisc_unlock(tty);
1441 /* Return the tty locked so that it cannot vanish under the caller */
1442 return tty;
1443
1444err_free_tty:
1445 tty_unlock(tty);
1446 free_tty_struct(tty);
1447err_module_put:
1448 module_put(driver->owner);
1449 return ERR_PTR(retval);
1450
1451 /* call the tty release_tty routine to clean out this slot */
1452err_release_tty:
1453 tty_ldisc_unlock(tty);
1454 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1455 retval, idx);
1456err_release_lock:
1457 tty_unlock(tty);
1458 release_tty(tty, idx);
1459 return ERR_PTR(retval);
1460}
1461
1462/**
1463 * tty_save_termios() - save tty termios data in driver table
1464 * @tty: tty whose termios data to save
1465 *
1466 * Locking: Caller guarantees serialisation with tty_init_termios().
1467 */
1468void tty_save_termios(struct tty_struct *tty)
1469{
1470 struct ktermios *tp;
1471 int idx = tty->index;
1472
1473 /* If the port is going to reset then it has no termios to save */
1474 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1475 return;
1476
1477 /* Stash the termios data */
1478 tp = tty->driver->termios[idx];
1479 if (tp == NULL) {
1480 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1481 if (tp == NULL)
1482 return;
1483 tty->driver->termios[idx] = tp;
1484 }
1485 *tp = tty->termios;
1486}
1487EXPORT_SYMBOL_GPL(tty_save_termios);
1488
1489/**
1490 * tty_flush_works - flush all works of a tty/pty pair
1491 * @tty: tty device to flush works for (or either end of a pty pair)
1492 *
1493 * Sync flush all works belonging to @tty (and the 'other' tty).
1494 */
1495static void tty_flush_works(struct tty_struct *tty)
1496{
1497 flush_work(&tty->SAK_work);
1498 flush_work(&tty->hangup_work);
1499 if (tty->link) {
1500 flush_work(&tty->link->SAK_work);
1501 flush_work(&tty->link->hangup_work);
1502 }
1503}
1504
1505/**
1506 * release_one_tty - release tty structure memory
1507 * @work: work of tty we are obliterating
1508 *
1509 * Releases memory associated with a tty structure, and clears out the
1510 * driver table slots. This function is called when a device is no longer
1511 * in use. It also gets called when setup of a device fails.
1512 *
1513 * Locking:
1514 * takes the file list lock internally when working on the list of ttys
1515 * that the driver keeps.
1516 *
1517 * This method gets called from a work queue so that the driver private
1518 * cleanup ops can sleep (needed for USB at least)
1519 */
1520static void release_one_tty(struct work_struct *work)
1521{
1522 struct tty_struct *tty =
1523 container_of(work, struct tty_struct, hangup_work);
1524 struct tty_driver *driver = tty->driver;
1525 struct module *owner = driver->owner;
1526
1527 if (tty->ops->cleanup)
1528 tty->ops->cleanup(tty);
1529
1530 tty_driver_kref_put(driver);
1531 module_put(owner);
1532
1533 spin_lock(&tty->files_lock);
1534 list_del_init(&tty->tty_files);
1535 spin_unlock(&tty->files_lock);
1536
1537 put_pid(tty->ctrl.pgrp);
1538 put_pid(tty->ctrl.session);
1539 free_tty_struct(tty);
1540}
1541
1542static void queue_release_one_tty(struct kref *kref)
1543{
1544 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1545
1546 /* The hangup queue is now free so we can reuse it rather than
1547 * waste a chunk of memory for each port.
1548 */
1549 INIT_WORK(&tty->hangup_work, release_one_tty);
1550 schedule_work(&tty->hangup_work);
1551}
1552
1553/**
1554 * tty_kref_put - release a tty kref
1555 * @tty: tty device
1556 *
1557 * Release a reference to the @tty device and if need be let the kref layer
1558 * destruct the object for us.
1559 */
1560void tty_kref_put(struct tty_struct *tty)
1561{
1562 if (tty)
1563 kref_put(&tty->kref, queue_release_one_tty);
1564}
1565EXPORT_SYMBOL(tty_kref_put);
1566
1567/**
1568 * release_tty - release tty structure memory
1569 * @tty: tty device release
1570 * @idx: index of the tty device release
1571 *
1572 * Release both @tty and a possible linked partner (think pty pair),
1573 * and decrement the refcount of the backing module.
1574 *
1575 * Locking:
1576 * tty_mutex
1577 * takes the file list lock internally when working on the list of ttys
1578 * that the driver keeps.
1579 */
1580static void release_tty(struct tty_struct *tty, int idx)
1581{
1582 /* This should always be true but check for the moment */
1583 WARN_ON(tty->index != idx);
1584 WARN_ON(!mutex_is_locked(&tty_mutex));
1585 if (tty->ops->shutdown)
1586 tty->ops->shutdown(tty);
1587 tty_save_termios(tty);
1588 tty_driver_remove_tty(tty->driver, tty);
1589 if (tty->port)
1590 tty->port->itty = NULL;
1591 if (tty->link)
1592 tty->link->port->itty = NULL;
1593 if (tty->port)
1594 tty_buffer_cancel_work(tty->port);
1595 if (tty->link)
1596 tty_buffer_cancel_work(tty->link->port);
1597
1598 tty_kref_put(tty->link);
1599 tty_kref_put(tty);
1600}
1601
1602/**
1603 * tty_release_checks - check a tty before real release
1604 * @tty: tty to check
1605 * @idx: index of the tty
1606 *
1607 * Performs some paranoid checking before true release of the @tty. This is a
1608 * no-op unless %TTY_PARANOIA_CHECK is defined.
1609 */
1610static int tty_release_checks(struct tty_struct *tty, int idx)
1611{
1612#ifdef TTY_PARANOIA_CHECK
1613 if (idx < 0 || idx >= tty->driver->num) {
1614 tty_debug(tty, "bad idx %d\n", idx);
1615 return -1;
1616 }
1617
1618 /* not much to check for devpts */
1619 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1620 return 0;
1621
1622 if (tty != tty->driver->ttys[idx]) {
1623 tty_debug(tty, "bad driver table[%d] = %p\n",
1624 idx, tty->driver->ttys[idx]);
1625 return -1;
1626 }
1627 if (tty->driver->other) {
1628 struct tty_struct *o_tty = tty->link;
1629
1630 if (o_tty != tty->driver->other->ttys[idx]) {
1631 tty_debug(tty, "bad other table[%d] = %p\n",
1632 idx, tty->driver->other->ttys[idx]);
1633 return -1;
1634 }
1635 if (o_tty->link != tty) {
1636 tty_debug(tty, "bad link = %p\n", o_tty->link);
1637 return -1;
1638 }
1639 }
1640#endif
1641 return 0;
1642}
1643
1644/**
1645 * tty_kclose - closes tty opened by tty_kopen
1646 * @tty: tty device
1647 *
1648 * Performs the final steps to release and free a tty device. It is the same as
1649 * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1650 * @tty->port.
1651 */
1652void tty_kclose(struct tty_struct *tty)
1653{
1654 /*
1655 * Ask the line discipline code to release its structures
1656 */
1657 tty_ldisc_release(tty);
1658
1659 /* Wait for pending work before tty destruction commences */
1660 tty_flush_works(tty);
1661
1662 tty_debug_hangup(tty, "freeing structure\n");
1663 /*
1664 * The release_tty function takes care of the details of clearing
1665 * the slots and preserving the termios structure.
1666 */
1667 mutex_lock(&tty_mutex);
1668 tty_port_set_kopened(tty->port, 0);
1669 release_tty(tty, tty->index);
1670 mutex_unlock(&tty_mutex);
1671}
1672EXPORT_SYMBOL_GPL(tty_kclose);
1673
1674/**
1675 * tty_release_struct - release a tty struct
1676 * @tty: tty device
1677 * @idx: index of the tty
1678 *
1679 * Performs the final steps to release and free a tty device. It is roughly the
1680 * reverse of tty_init_dev().
1681 */
1682void tty_release_struct(struct tty_struct *tty, int idx)
1683{
1684 /*
1685 * Ask the line discipline code to release its structures
1686 */
1687 tty_ldisc_release(tty);
1688
1689 /* Wait for pending work before tty destruction commmences */
1690 tty_flush_works(tty);
1691
1692 tty_debug_hangup(tty, "freeing structure\n");
1693 /*
1694 * The release_tty function takes care of the details of clearing
1695 * the slots and preserving the termios structure.
1696 */
1697 mutex_lock(&tty_mutex);
1698 release_tty(tty, idx);
1699 mutex_unlock(&tty_mutex);
1700}
1701EXPORT_SYMBOL_GPL(tty_release_struct);
1702
1703/**
1704 * tty_release - vfs callback for close
1705 * @inode: inode of tty
1706 * @filp: file pointer for handle to tty
1707 *
1708 * Called the last time each file handle is closed that references this tty.
1709 * There may however be several such references.
1710 *
1711 * Locking:
1712 * Takes BKL. See tty_release_dev().
1713 *
1714 * Even releasing the tty structures is a tricky business. We have to be very
1715 * careful that the structures are all released at the same time, as interrupts
1716 * might otherwise get the wrong pointers.
1717 *
1718 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1719 * lead to double frees or releasing memory still in use.
1720 */
1721int tty_release(struct inode *inode, struct file *filp)
1722{
1723 struct tty_struct *tty = file_tty(filp);
1724 struct tty_struct *o_tty = NULL;
1725 int do_sleep, final;
1726 int idx;
1727 long timeout = 0;
1728 int once = 1;
1729
1730 if (tty_paranoia_check(tty, inode, __func__))
1731 return 0;
1732
1733 tty_lock(tty);
1734 check_tty_count(tty, __func__);
1735
1736 __tty_fasync(-1, filp, 0);
1737
1738 idx = tty->index;
1739 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1740 tty->driver->subtype == PTY_TYPE_MASTER)
1741 o_tty = tty->link;
1742
1743 if (tty_release_checks(tty, idx)) {
1744 tty_unlock(tty);
1745 return 0;
1746 }
1747
1748 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1749
1750 if (tty->ops->close)
1751 tty->ops->close(tty, filp);
1752
1753 /* If tty is pty master, lock the slave pty (stable lock order) */
1754 tty_lock_slave(o_tty);
1755
1756 /*
1757 * Sanity check: if tty->count is going to zero, there shouldn't be
1758 * any waiters on tty->read_wait or tty->write_wait. We test the
1759 * wait queues and kick everyone out _before_ actually starting to
1760 * close. This ensures that we won't block while releasing the tty
1761 * structure.
1762 *
1763 * The test for the o_tty closing is necessary, since the master and
1764 * slave sides may close in any order. If the slave side closes out
1765 * first, its count will be one, since the master side holds an open.
1766 * Thus this test wouldn't be triggered at the time the slave closed,
1767 * so we do it now.
1768 */
1769 while (1) {
1770 do_sleep = 0;
1771
1772 if (tty->count <= 1) {
1773 if (waitqueue_active(&tty->read_wait)) {
1774 wake_up_poll(&tty->read_wait, EPOLLIN);
1775 do_sleep++;
1776 }
1777 if (waitqueue_active(&tty->write_wait)) {
1778 wake_up_poll(&tty->write_wait, EPOLLOUT);
1779 do_sleep++;
1780 }
1781 }
1782 if (o_tty && o_tty->count <= 1) {
1783 if (waitqueue_active(&o_tty->read_wait)) {
1784 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1785 do_sleep++;
1786 }
1787 if (waitqueue_active(&o_tty->write_wait)) {
1788 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1789 do_sleep++;
1790 }
1791 }
1792 if (!do_sleep)
1793 break;
1794
1795 if (once) {
1796 once = 0;
1797 tty_warn(tty, "read/write wait queue active!\n");
1798 }
1799 schedule_timeout_killable(timeout);
1800 if (timeout < 120 * HZ)
1801 timeout = 2 * timeout + 1;
1802 else
1803 timeout = MAX_SCHEDULE_TIMEOUT;
1804 }
1805
1806 if (o_tty) {
1807 if (--o_tty->count < 0) {
1808 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1809 o_tty->count = 0;
1810 }
1811 }
1812 if (--tty->count < 0) {
1813 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1814 tty->count = 0;
1815 }
1816
1817 /*
1818 * We've decremented tty->count, so we need to remove this file
1819 * descriptor off the tty->tty_files list; this serves two
1820 * purposes:
1821 * - check_tty_count sees the correct number of file descriptors
1822 * associated with this tty.
1823 * - do_tty_hangup no longer sees this file descriptor as
1824 * something that needs to be handled for hangups.
1825 */
1826 tty_del_file(filp);
1827
1828 /*
1829 * Perform some housekeeping before deciding whether to return.
1830 *
1831 * If _either_ side is closing, make sure there aren't any
1832 * processes that still think tty or o_tty is their controlling
1833 * tty.
1834 */
1835 if (!tty->count) {
1836 read_lock(&tasklist_lock);
1837 session_clear_tty(tty->ctrl.session);
1838 if (o_tty)
1839 session_clear_tty(o_tty->ctrl.session);
1840 read_unlock(&tasklist_lock);
1841 }
1842
1843 /* check whether both sides are closing ... */
1844 final = !tty->count && !(o_tty && o_tty->count);
1845
1846 tty_unlock_slave(o_tty);
1847 tty_unlock(tty);
1848
1849 /* At this point, the tty->count == 0 should ensure a dead tty
1850 * cannot be re-opened by a racing opener.
1851 */
1852
1853 if (!final)
1854 return 0;
1855
1856 tty_debug_hangup(tty, "final close\n");
1857
1858 tty_release_struct(tty, idx);
1859 return 0;
1860}
1861
1862/**
1863 * tty_open_current_tty - get locked tty of current task
1864 * @device: device number
1865 * @filp: file pointer to tty
1866 * @return: locked tty of the current task iff @device is /dev/tty
1867 *
1868 * Performs a re-open of the current task's controlling tty.
1869 *
1870 * We cannot return driver and index like for the other nodes because devpts
1871 * will not work then. It expects inodes to be from devpts FS.
1872 */
1873static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1874{
1875 struct tty_struct *tty;
1876 int retval;
1877
1878 if (device != MKDEV(TTYAUX_MAJOR, 0))
1879 return NULL;
1880
1881 tty = get_current_tty();
1882 if (!tty)
1883 return ERR_PTR(-ENXIO);
1884
1885 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1886 /* noctty = 1; */
1887 tty_lock(tty);
1888 tty_kref_put(tty); /* safe to drop the kref now */
1889
1890 retval = tty_reopen(tty);
1891 if (retval < 0) {
1892 tty_unlock(tty);
1893 tty = ERR_PTR(retval);
1894 }
1895 return tty;
1896}
1897
1898/**
1899 * tty_lookup_driver - lookup a tty driver for a given device file
1900 * @device: device number
1901 * @filp: file pointer to tty
1902 * @index: index for the device in the @return driver
1903 *
1904 * If returned value is not erroneous, the caller is responsible to decrement
1905 * the refcount by tty_driver_kref_put().
1906 *
1907 * Locking: %tty_mutex protects get_tty_driver()
1908 *
1909 * Return: driver for this inode (with increased refcount)
1910 */
1911static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1912 int *index)
1913{
1914 struct tty_driver *driver = NULL;
1915
1916 switch (device) {
1917#ifdef CONFIG_VT
1918 case MKDEV(TTY_MAJOR, 0): {
1919 extern struct tty_driver *console_driver;
1920
1921 driver = tty_driver_kref_get(console_driver);
1922 *index = fg_console;
1923 break;
1924 }
1925#endif
1926 case MKDEV(TTYAUX_MAJOR, 1): {
1927 struct tty_driver *console_driver = console_device(index);
1928
1929 if (console_driver) {
1930 driver = tty_driver_kref_get(console_driver);
1931 if (driver && filp) {
1932 /* Don't let /dev/console block */
1933 filp->f_flags |= O_NONBLOCK;
1934 break;
1935 }
1936 }
1937 if (driver)
1938 tty_driver_kref_put(driver);
1939 return ERR_PTR(-ENODEV);
1940 }
1941 default:
1942 driver = get_tty_driver(device, index);
1943 if (!driver)
1944 return ERR_PTR(-ENODEV);
1945 break;
1946 }
1947 return driver;
1948}
1949
1950static struct tty_struct *tty_kopen(dev_t device, int shared)
1951{
1952 struct tty_struct *tty;
1953 struct tty_driver *driver;
1954 int index = -1;
1955
1956 mutex_lock(&tty_mutex);
1957 driver = tty_lookup_driver(device, NULL, &index);
1958 if (IS_ERR(driver)) {
1959 mutex_unlock(&tty_mutex);
1960 return ERR_CAST(driver);
1961 }
1962
1963 /* check whether we're reopening an existing tty */
1964 tty = tty_driver_lookup_tty(driver, NULL, index);
1965 if (IS_ERR(tty) || shared)
1966 goto out;
1967
1968 if (tty) {
1969 /* drop kref from tty_driver_lookup_tty() */
1970 tty_kref_put(tty);
1971 tty = ERR_PTR(-EBUSY);
1972 } else { /* tty_init_dev returns tty with the tty_lock held */
1973 tty = tty_init_dev(driver, index);
1974 if (IS_ERR(tty))
1975 goto out;
1976 tty_port_set_kopened(tty->port, 1);
1977 }
1978out:
1979 mutex_unlock(&tty_mutex);
1980 tty_driver_kref_put(driver);
1981 return tty;
1982}
1983
1984/**
1985 * tty_kopen_exclusive - open a tty device for kernel
1986 * @device: dev_t of device to open
1987 *
1988 * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
1989 * it's not already opened and performs the first-time tty initialization.
1990 *
1991 * Claims the global %tty_mutex to serialize:
1992 * * concurrent first-time tty initialization
1993 * * concurrent tty driver removal w/ lookup
1994 * * concurrent tty removal from driver table
1995 *
1996 * Return: the locked initialized &tty_struct
1997 */
1998struct tty_struct *tty_kopen_exclusive(dev_t device)
1999{
2000 return tty_kopen(device, 0);
2001}
2002EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2003
2004/**
2005 * tty_kopen_shared - open a tty device for shared in-kernel use
2006 * @device: dev_t of device to open
2007 *
2008 * Opens an already existing tty for in-kernel use. Compared to
2009 * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2010 *
2011 * Locking: identical to tty_kopen() above.
2012 */
2013struct tty_struct *tty_kopen_shared(dev_t device)
2014{
2015 return tty_kopen(device, 1);
2016}
2017EXPORT_SYMBOL_GPL(tty_kopen_shared);
2018
2019/**
2020 * tty_open_by_driver - open a tty device
2021 * @device: dev_t of device to open
2022 * @filp: file pointer to tty
2023 *
2024 * Performs the driver lookup, checks for a reopen, or otherwise performs the
2025 * first-time tty initialization.
2026 *
2027 *
2028 * Claims the global tty_mutex to serialize:
2029 * * concurrent first-time tty initialization
2030 * * concurrent tty driver removal w/ lookup
2031 * * concurrent tty removal from driver table
2032 *
2033 * Return: the locked initialized or re-opened &tty_struct
2034 */
2035static struct tty_struct *tty_open_by_driver(dev_t device,
2036 struct file *filp)
2037{
2038 struct tty_struct *tty;
2039 struct tty_driver *driver = NULL;
2040 int index = -1;
2041 int retval;
2042
2043 mutex_lock(&tty_mutex);
2044 driver = tty_lookup_driver(device, filp, &index);
2045 if (IS_ERR(driver)) {
2046 mutex_unlock(&tty_mutex);
2047 return ERR_CAST(driver);
2048 }
2049
2050 /* check whether we're reopening an existing tty */
2051 tty = tty_driver_lookup_tty(driver, filp, index);
2052 if (IS_ERR(tty)) {
2053 mutex_unlock(&tty_mutex);
2054 goto out;
2055 }
2056
2057 if (tty) {
2058 if (tty_port_kopened(tty->port)) {
2059 tty_kref_put(tty);
2060 mutex_unlock(&tty_mutex);
2061 tty = ERR_PTR(-EBUSY);
2062 goto out;
2063 }
2064 mutex_unlock(&tty_mutex);
2065 retval = tty_lock_interruptible(tty);
2066 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2067 if (retval) {
2068 if (retval == -EINTR)
2069 retval = -ERESTARTSYS;
2070 tty = ERR_PTR(retval);
2071 goto out;
2072 }
2073 retval = tty_reopen(tty);
2074 if (retval < 0) {
2075 tty_unlock(tty);
2076 tty = ERR_PTR(retval);
2077 }
2078 } else { /* Returns with the tty_lock held for now */
2079 tty = tty_init_dev(driver, index);
2080 mutex_unlock(&tty_mutex);
2081 }
2082out:
2083 tty_driver_kref_put(driver);
2084 return tty;
2085}
2086
2087/**
2088 * tty_open - open a tty device
2089 * @inode: inode of device file
2090 * @filp: file pointer to tty
2091 *
2092 * tty_open() and tty_release() keep up the tty count that contains the number
2093 * of opens done on a tty. We cannot use the inode-count, as different inodes
2094 * might point to the same tty.
2095 *
2096 * Open-counting is needed for pty masters, as well as for keeping track of
2097 * serial lines: DTR is dropped when the last close happens.
2098 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2099 *
2100 * The termios state of a pty is reset on the first open so that settings don't
2101 * persist across reuse.
2102 *
2103 * Locking:
2104 * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2105 * * @tty->count should protect the rest.
2106 * * ->siglock protects ->signal/->sighand
2107 *
2108 * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2109 */
2110static int tty_open(struct inode *inode, struct file *filp)
2111{
2112 struct tty_struct *tty;
2113 int noctty, retval;
2114 dev_t device = inode->i_rdev;
2115 unsigned saved_flags = filp->f_flags;
2116
2117 nonseekable_open(inode, filp);
2118
2119retry_open:
2120 retval = tty_alloc_file(filp);
2121 if (retval)
2122 return -ENOMEM;
2123
2124 tty = tty_open_current_tty(device, filp);
2125 if (!tty)
2126 tty = tty_open_by_driver(device, filp);
2127
2128 if (IS_ERR(tty)) {
2129 tty_free_file(filp);
2130 retval = PTR_ERR(tty);
2131 if (retval != -EAGAIN || signal_pending(current))
2132 return retval;
2133 schedule();
2134 goto retry_open;
2135 }
2136
2137 tty_add_file(tty, filp);
2138
2139 check_tty_count(tty, __func__);
2140 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2141
2142 if (tty->ops->open)
2143 retval = tty->ops->open(tty, filp);
2144 else
2145 retval = -ENODEV;
2146 filp->f_flags = saved_flags;
2147
2148 if (retval) {
2149 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2150
2151 tty_unlock(tty); /* need to call tty_release without BTM */
2152 tty_release(inode, filp);
2153 if (retval != -ERESTARTSYS)
2154 return retval;
2155
2156 if (signal_pending(current))
2157 return retval;
2158
2159 schedule();
2160 /*
2161 * Need to reset f_op in case a hangup happened.
2162 */
2163 if (tty_hung_up_p(filp))
2164 filp->f_op = &tty_fops;
2165 goto retry_open;
2166 }
2167 clear_bit(TTY_HUPPED, &tty->flags);
2168
2169 noctty = (filp->f_flags & O_NOCTTY) ||
2170 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2171 device == MKDEV(TTYAUX_MAJOR, 1) ||
2172 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2173 tty->driver->subtype == PTY_TYPE_MASTER);
2174 if (!noctty)
2175 tty_open_proc_set_tty(filp, tty);
2176 tty_unlock(tty);
2177 return 0;
2178}
2179
2180
2181/**
2182 * tty_poll - check tty status
2183 * @filp: file being polled
2184 * @wait: poll wait structures to update
2185 *
2186 * Call the line discipline polling method to obtain the poll status of the
2187 * device.
2188 *
2189 * Locking: locks called line discipline but ldisc poll method may be
2190 * re-entered freely by other callers.
2191 */
2192static __poll_t tty_poll(struct file *filp, poll_table *wait)
2193{
2194 struct tty_struct *tty = file_tty(filp);
2195 struct tty_ldisc *ld;
2196 __poll_t ret = 0;
2197
2198 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2199 return 0;
2200
2201 ld = tty_ldisc_ref_wait(tty);
2202 if (!ld)
2203 return hung_up_tty_poll(filp, wait);
2204 if (ld->ops->poll)
2205 ret = ld->ops->poll(tty, filp, wait);
2206 tty_ldisc_deref(ld);
2207 return ret;
2208}
2209
2210static int __tty_fasync(int fd, struct file *filp, int on)
2211{
2212 struct tty_struct *tty = file_tty(filp);
2213 unsigned long flags;
2214 int retval = 0;
2215
2216 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2217 goto out;
2218
2219 retval = fasync_helper(fd, filp, on, &tty->fasync);
2220 if (retval <= 0)
2221 goto out;
2222
2223 if (on) {
2224 enum pid_type type;
2225 struct pid *pid;
2226
2227 spin_lock_irqsave(&tty->ctrl.lock, flags);
2228 if (tty->ctrl.pgrp) {
2229 pid = tty->ctrl.pgrp;
2230 type = PIDTYPE_PGID;
2231 } else {
2232 pid = task_pid(current);
2233 type = PIDTYPE_TGID;
2234 }
2235 get_pid(pid);
2236 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2237 __f_setown(filp, pid, type, 0);
2238 put_pid(pid);
2239 retval = 0;
2240 }
2241out:
2242 return retval;
2243}
2244
2245static int tty_fasync(int fd, struct file *filp, int on)
2246{
2247 struct tty_struct *tty = file_tty(filp);
2248 int retval = -ENOTTY;
2249
2250 tty_lock(tty);
2251 if (!tty_hung_up_p(filp))
2252 retval = __tty_fasync(fd, filp, on);
2253 tty_unlock(tty);
2254
2255 return retval;
2256}
2257
2258static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
2259/**
2260 * tiocsti - fake input character
2261 * @tty: tty to fake input into
2262 * @p: pointer to character
2263 *
2264 * Fake input to a tty device. Does the necessary locking and input management.
2265 *
2266 * FIXME: does not honour flow control ??
2267 *
2268 * Locking:
2269 * * Called functions take tty_ldiscs_lock
2270 * * current->signal->tty check is safe without locks
2271 */
2272static int tiocsti(struct tty_struct *tty, char __user *p)
2273{
2274 char ch, mbz = 0;
2275 struct tty_ldisc *ld;
2276
2277 if (!tty_legacy_tiocsti)
2278 return -EIO;
2279
2280 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2281 return -EPERM;
2282 if (get_user(ch, p))
2283 return -EFAULT;
2284 tty_audit_tiocsti(tty, ch);
2285 ld = tty_ldisc_ref_wait(tty);
2286 if (!ld)
2287 return -EIO;
2288 tty_buffer_lock_exclusive(tty->port);
2289 if (ld->ops->receive_buf)
2290 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2291 tty_buffer_unlock_exclusive(tty->port);
2292 tty_ldisc_deref(ld);
2293 return 0;
2294}
2295
2296/**
2297 * tiocgwinsz - implement window query ioctl
2298 * @tty: tty
2299 * @arg: user buffer for result
2300 *
2301 * Copies the kernel idea of the window size into the user buffer.
2302 *
2303 * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2304 * consistent.
2305 */
2306static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2307{
2308 int err;
2309
2310 mutex_lock(&tty->winsize_mutex);
2311 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2312 mutex_unlock(&tty->winsize_mutex);
2313
2314 return err ? -EFAULT : 0;
2315}
2316
2317/**
2318 * tty_do_resize - resize event
2319 * @tty: tty being resized
2320 * @ws: new dimensions
2321 *
2322 * Update the termios variables and send the necessary signals to peform a
2323 * terminal resize correctly.
2324 */
2325int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2326{
2327 struct pid *pgrp;
2328
2329 /* Lock the tty */
2330 mutex_lock(&tty->winsize_mutex);
2331 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2332 goto done;
2333
2334 /* Signal the foreground process group */
2335 pgrp = tty_get_pgrp(tty);
2336 if (pgrp)
2337 kill_pgrp(pgrp, SIGWINCH, 1);
2338 put_pid(pgrp);
2339
2340 tty->winsize = *ws;
2341done:
2342 mutex_unlock(&tty->winsize_mutex);
2343 return 0;
2344}
2345EXPORT_SYMBOL(tty_do_resize);
2346
2347/**
2348 * tiocswinsz - implement window size set ioctl
2349 * @tty: tty side of tty
2350 * @arg: user buffer for result
2351 *
2352 * Copies the user idea of the window size to the kernel. Traditionally this is
2353 * just advisory information but for the Linux console it actually has driver
2354 * level meaning and triggers a VC resize.
2355 *
2356 * Locking:
2357 * Driver dependent. The default do_resize method takes the tty termios
2358 * mutex and ctrl.lock. The console takes its own lock then calls into the
2359 * default method.
2360 */
2361static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2362{
2363 struct winsize tmp_ws;
2364
2365 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2366 return -EFAULT;
2367
2368 if (tty->ops->resize)
2369 return tty->ops->resize(tty, &tmp_ws);
2370 else
2371 return tty_do_resize(tty, &tmp_ws);
2372}
2373
2374/**
2375 * tioccons - allow admin to move logical console
2376 * @file: the file to become console
2377 *
2378 * Allow the administrator to move the redirected console device.
2379 *
2380 * Locking: uses redirect_lock to guard the redirect information
2381 */
2382static int tioccons(struct file *file)
2383{
2384 if (!capable(CAP_SYS_ADMIN))
2385 return -EPERM;
2386 if (file->f_op->write_iter == redirected_tty_write) {
2387 struct file *f;
2388
2389 spin_lock(&redirect_lock);
2390 f = redirect;
2391 redirect = NULL;
2392 spin_unlock(&redirect_lock);
2393 if (f)
2394 fput(f);
2395 return 0;
2396 }
2397 if (file->f_op->write_iter != tty_write)
2398 return -ENOTTY;
2399 if (!(file->f_mode & FMODE_WRITE))
2400 return -EBADF;
2401 if (!(file->f_mode & FMODE_CAN_WRITE))
2402 return -EINVAL;
2403 spin_lock(&redirect_lock);
2404 if (redirect) {
2405 spin_unlock(&redirect_lock);
2406 return -EBUSY;
2407 }
2408 redirect = get_file(file);
2409 spin_unlock(&redirect_lock);
2410 return 0;
2411}
2412
2413/**
2414 * tiocsetd - set line discipline
2415 * @tty: tty device
2416 * @p: pointer to user data
2417 *
2418 * Set the line discipline according to user request.
2419 *
2420 * Locking: see tty_set_ldisc(), this function is just a helper
2421 */
2422static int tiocsetd(struct tty_struct *tty, int __user *p)
2423{
2424 int disc;
2425 int ret;
2426
2427 if (get_user(disc, p))
2428 return -EFAULT;
2429
2430 ret = tty_set_ldisc(tty, disc);
2431
2432 return ret;
2433}
2434
2435/**
2436 * tiocgetd - get line discipline
2437 * @tty: tty device
2438 * @p: pointer to user data
2439 *
2440 * Retrieves the line discipline id directly from the ldisc.
2441 *
2442 * Locking: waits for ldisc reference (in case the line discipline is changing
2443 * or the @tty is being hungup)
2444 */
2445static int tiocgetd(struct tty_struct *tty, int __user *p)
2446{
2447 struct tty_ldisc *ld;
2448 int ret;
2449
2450 ld = tty_ldisc_ref_wait(tty);
2451 if (!ld)
2452 return -EIO;
2453 ret = put_user(ld->ops->num, p);
2454 tty_ldisc_deref(ld);
2455 return ret;
2456}
2457
2458/**
2459 * send_break - performed time break
2460 * @tty: device to break on
2461 * @duration: timeout in mS
2462 *
2463 * Perform a timed break on hardware that lacks its own driver level timed
2464 * break functionality.
2465 *
2466 * Locking:
2467 * @tty->atomic_write_lock serializes
2468 */
2469static int send_break(struct tty_struct *tty, unsigned int duration)
2470{
2471 int retval;
2472
2473 if (tty->ops->break_ctl == NULL)
2474 return 0;
2475
2476 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2477 retval = tty->ops->break_ctl(tty, duration);
2478 else {
2479 /* Do the work ourselves */
2480 if (tty_write_lock(tty, 0) < 0)
2481 return -EINTR;
2482 retval = tty->ops->break_ctl(tty, -1);
2483 if (retval)
2484 goto out;
2485 if (!signal_pending(current))
2486 msleep_interruptible(duration);
2487 retval = tty->ops->break_ctl(tty, 0);
2488out:
2489 tty_write_unlock(tty);
2490 if (signal_pending(current))
2491 retval = -EINTR;
2492 }
2493 return retval;
2494}
2495
2496/**
2497 * tty_tiocmget - get modem status
2498 * @tty: tty device
2499 * @p: pointer to result
2500 *
2501 * Obtain the modem status bits from the tty driver if the feature is
2502 * supported. Return -%ENOTTY if it is not available.
2503 *
2504 * Locking: none (up to the driver)
2505 */
2506static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2507{
2508 int retval = -ENOTTY;
2509
2510 if (tty->ops->tiocmget) {
2511 retval = tty->ops->tiocmget(tty);
2512
2513 if (retval >= 0)
2514 retval = put_user(retval, p);
2515 }
2516 return retval;
2517}
2518
2519/**
2520 * tty_tiocmset - set modem status
2521 * @tty: tty device
2522 * @cmd: command - clear bits, set bits or set all
2523 * @p: pointer to desired bits
2524 *
2525 * Set the modem status bits from the tty driver if the feature
2526 * is supported. Return -%ENOTTY if it is not available.
2527 *
2528 * Locking: none (up to the driver)
2529 */
2530static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2531 unsigned __user *p)
2532{
2533 int retval;
2534 unsigned int set, clear, val;
2535
2536 if (tty->ops->tiocmset == NULL)
2537 return -ENOTTY;
2538
2539 retval = get_user(val, p);
2540 if (retval)
2541 return retval;
2542 set = clear = 0;
2543 switch (cmd) {
2544 case TIOCMBIS:
2545 set = val;
2546 break;
2547 case TIOCMBIC:
2548 clear = val;
2549 break;
2550 case TIOCMSET:
2551 set = val;
2552 clear = ~val;
2553 break;
2554 }
2555 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2556 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2557 return tty->ops->tiocmset(tty, set, clear);
2558}
2559
2560/**
2561 * tty_get_icount - get tty statistics
2562 * @tty: tty device
2563 * @icount: output parameter
2564 *
2565 * Gets a copy of the @tty's icount statistics.
2566 *
2567 * Locking: none (up to the driver)
2568 */
2569int tty_get_icount(struct tty_struct *tty,
2570 struct serial_icounter_struct *icount)
2571{
2572 memset(icount, 0, sizeof(*icount));
2573
2574 if (tty->ops->get_icount)
2575 return tty->ops->get_icount(tty, icount);
2576 else
2577 return -ENOTTY;
2578}
2579EXPORT_SYMBOL_GPL(tty_get_icount);
2580
2581static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2582{
2583 struct serial_icounter_struct icount;
2584 int retval;
2585
2586 retval = tty_get_icount(tty, &icount);
2587 if (retval != 0)
2588 return retval;
2589
2590 if (copy_to_user(arg, &icount, sizeof(icount)))
2591 return -EFAULT;
2592 return 0;
2593}
2594
2595static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2596{
2597 char comm[TASK_COMM_LEN];
2598 int flags;
2599
2600 flags = ss->flags & ASYNC_DEPRECATED;
2601
2602 if (flags)
2603 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2604 __func__, get_task_comm(comm, current), flags);
2605
2606 if (!tty->ops->set_serial)
2607 return -ENOTTY;
2608
2609 return tty->ops->set_serial(tty, ss);
2610}
2611
2612static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2613{
2614 struct serial_struct v;
2615
2616 if (copy_from_user(&v, ss, sizeof(*ss)))
2617 return -EFAULT;
2618
2619 return tty_set_serial(tty, &v);
2620}
2621
2622static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2623{
2624 struct serial_struct v;
2625 int err;
2626
2627 memset(&v, 0, sizeof(v));
2628 if (!tty->ops->get_serial)
2629 return -ENOTTY;
2630 err = tty->ops->get_serial(tty, &v);
2631 if (!err && copy_to_user(ss, &v, sizeof(v)))
2632 err = -EFAULT;
2633 return err;
2634}
2635
2636/*
2637 * if pty, return the slave side (real_tty)
2638 * otherwise, return self
2639 */
2640static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2641{
2642 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2643 tty->driver->subtype == PTY_TYPE_MASTER)
2644 tty = tty->link;
2645 return tty;
2646}
2647
2648/*
2649 * Split this up, as gcc can choke on it otherwise..
2650 */
2651long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2652{
2653 struct tty_struct *tty = file_tty(file);
2654 struct tty_struct *real_tty;
2655 void __user *p = (void __user *)arg;
2656 int retval;
2657 struct tty_ldisc *ld;
2658
2659 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2660 return -EINVAL;
2661
2662 real_tty = tty_pair_get_tty(tty);
2663
2664 /*
2665 * Factor out some common prep work
2666 */
2667 switch (cmd) {
2668 case TIOCSETD:
2669 case TIOCSBRK:
2670 case TIOCCBRK:
2671 case TCSBRK:
2672 case TCSBRKP:
2673 retval = tty_check_change(tty);
2674 if (retval)
2675 return retval;
2676 if (cmd != TIOCCBRK) {
2677 tty_wait_until_sent(tty, 0);
2678 if (signal_pending(current))
2679 return -EINTR;
2680 }
2681 break;
2682 }
2683
2684 /*
2685 * Now do the stuff.
2686 */
2687 switch (cmd) {
2688 case TIOCSTI:
2689 return tiocsti(tty, p);
2690 case TIOCGWINSZ:
2691 return tiocgwinsz(real_tty, p);
2692 case TIOCSWINSZ:
2693 return tiocswinsz(real_tty, p);
2694 case TIOCCONS:
2695 return real_tty != tty ? -EINVAL : tioccons(file);
2696 case TIOCEXCL:
2697 set_bit(TTY_EXCLUSIVE, &tty->flags);
2698 return 0;
2699 case TIOCNXCL:
2700 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2701 return 0;
2702 case TIOCGEXCL:
2703 {
2704 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2705
2706 return put_user(excl, (int __user *)p);
2707 }
2708 case TIOCGETD:
2709 return tiocgetd(tty, p);
2710 case TIOCSETD:
2711 return tiocsetd(tty, p);
2712 case TIOCVHANGUP:
2713 if (!capable(CAP_SYS_ADMIN))
2714 return -EPERM;
2715 tty_vhangup(tty);
2716 return 0;
2717 case TIOCGDEV:
2718 {
2719 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2720
2721 return put_user(ret, (unsigned int __user *)p);
2722 }
2723 /*
2724 * Break handling
2725 */
2726 case TIOCSBRK: /* Turn break on, unconditionally */
2727 if (tty->ops->break_ctl)
2728 return tty->ops->break_ctl(tty, -1);
2729 return 0;
2730 case TIOCCBRK: /* Turn break off, unconditionally */
2731 if (tty->ops->break_ctl)
2732 return tty->ops->break_ctl(tty, 0);
2733 return 0;
2734 case TCSBRK: /* SVID version: non-zero arg --> no break */
2735 /* non-zero arg means wait for all output data
2736 * to be sent (performed above) but don't send break.
2737 * This is used by the tcdrain() termios function.
2738 */
2739 if (!arg)
2740 return send_break(tty, 250);
2741 return 0;
2742 case TCSBRKP: /* support for POSIX tcsendbreak() */
2743 return send_break(tty, arg ? arg*100 : 250);
2744
2745 case TIOCMGET:
2746 return tty_tiocmget(tty, p);
2747 case TIOCMSET:
2748 case TIOCMBIC:
2749 case TIOCMBIS:
2750 return tty_tiocmset(tty, cmd, p);
2751 case TIOCGICOUNT:
2752 return tty_tiocgicount(tty, p);
2753 case TCFLSH:
2754 switch (arg) {
2755 case TCIFLUSH:
2756 case TCIOFLUSH:
2757 /* flush tty buffer and allow ldisc to process ioctl */
2758 tty_buffer_flush(tty, NULL);
2759 break;
2760 }
2761 break;
2762 case TIOCSSERIAL:
2763 return tty_tiocsserial(tty, p);
2764 case TIOCGSERIAL:
2765 return tty_tiocgserial(tty, p);
2766 case TIOCGPTPEER:
2767 /* Special because the struct file is needed */
2768 return ptm_open_peer(file, tty, (int)arg);
2769 default:
2770 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2771 if (retval != -ENOIOCTLCMD)
2772 return retval;
2773 }
2774 if (tty->ops->ioctl) {
2775 retval = tty->ops->ioctl(tty, cmd, arg);
2776 if (retval != -ENOIOCTLCMD)
2777 return retval;
2778 }
2779 ld = tty_ldisc_ref_wait(tty);
2780 if (!ld)
2781 return hung_up_tty_ioctl(file, cmd, arg);
2782 retval = -EINVAL;
2783 if (ld->ops->ioctl) {
2784 retval = ld->ops->ioctl(tty, cmd, arg);
2785 if (retval == -ENOIOCTLCMD)
2786 retval = -ENOTTY;
2787 }
2788 tty_ldisc_deref(ld);
2789 return retval;
2790}
2791
2792#ifdef CONFIG_COMPAT
2793
2794struct serial_struct32 {
2795 compat_int_t type;
2796 compat_int_t line;
2797 compat_uint_t port;
2798 compat_int_t irq;
2799 compat_int_t flags;
2800 compat_int_t xmit_fifo_size;
2801 compat_int_t custom_divisor;
2802 compat_int_t baud_base;
2803 unsigned short close_delay;
2804 char io_type;
2805 char reserved_char;
2806 compat_int_t hub6;
2807 unsigned short closing_wait; /* time to wait before closing */
2808 unsigned short closing_wait2; /* no longer used... */
2809 compat_uint_t iomem_base;
2810 unsigned short iomem_reg_shift;
2811 unsigned int port_high;
2812 /* compat_ulong_t iomap_base FIXME */
2813 compat_int_t reserved;
2814};
2815
2816static int compat_tty_tiocsserial(struct tty_struct *tty,
2817 struct serial_struct32 __user *ss)
2818{
2819 struct serial_struct32 v32;
2820 struct serial_struct v;
2821
2822 if (copy_from_user(&v32, ss, sizeof(*ss)))
2823 return -EFAULT;
2824
2825 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2826 v.iomem_base = compat_ptr(v32.iomem_base);
2827 v.iomem_reg_shift = v32.iomem_reg_shift;
2828 v.port_high = v32.port_high;
2829 v.iomap_base = 0;
2830
2831 return tty_set_serial(tty, &v);
2832}
2833
2834static int compat_tty_tiocgserial(struct tty_struct *tty,
2835 struct serial_struct32 __user *ss)
2836{
2837 struct serial_struct32 v32;
2838 struct serial_struct v;
2839 int err;
2840
2841 memset(&v, 0, sizeof(v));
2842 memset(&v32, 0, sizeof(v32));
2843
2844 if (!tty->ops->get_serial)
2845 return -ENOTTY;
2846 err = tty->ops->get_serial(tty, &v);
2847 if (!err) {
2848 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2849 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2850 0xfffffff : ptr_to_compat(v.iomem_base);
2851 v32.iomem_reg_shift = v.iomem_reg_shift;
2852 v32.port_high = v.port_high;
2853 if (copy_to_user(ss, &v32, sizeof(v32)))
2854 err = -EFAULT;
2855 }
2856 return err;
2857}
2858static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2859 unsigned long arg)
2860{
2861 struct tty_struct *tty = file_tty(file);
2862 struct tty_ldisc *ld;
2863 int retval = -ENOIOCTLCMD;
2864
2865 switch (cmd) {
2866 case TIOCOUTQ:
2867 case TIOCSTI:
2868 case TIOCGWINSZ:
2869 case TIOCSWINSZ:
2870 case TIOCGEXCL:
2871 case TIOCGETD:
2872 case TIOCSETD:
2873 case TIOCGDEV:
2874 case TIOCMGET:
2875 case TIOCMSET:
2876 case TIOCMBIC:
2877 case TIOCMBIS:
2878 case TIOCGICOUNT:
2879 case TIOCGPGRP:
2880 case TIOCSPGRP:
2881 case TIOCGSID:
2882 case TIOCSERGETLSR:
2883 case TIOCGRS485:
2884 case TIOCSRS485:
2885#ifdef TIOCGETP
2886 case TIOCGETP:
2887 case TIOCSETP:
2888 case TIOCSETN:
2889#endif
2890#ifdef TIOCGETC
2891 case TIOCGETC:
2892 case TIOCSETC:
2893#endif
2894#ifdef TIOCGLTC
2895 case TIOCGLTC:
2896 case TIOCSLTC:
2897#endif
2898 case TCSETSF:
2899 case TCSETSW:
2900 case TCSETS:
2901 case TCGETS:
2902#ifdef TCGETS2
2903 case TCGETS2:
2904 case TCSETSF2:
2905 case TCSETSW2:
2906 case TCSETS2:
2907#endif
2908 case TCGETA:
2909 case TCSETAF:
2910 case TCSETAW:
2911 case TCSETA:
2912 case TIOCGLCKTRMIOS:
2913 case TIOCSLCKTRMIOS:
2914#ifdef TCGETX
2915 case TCGETX:
2916 case TCSETX:
2917 case TCSETXW:
2918 case TCSETXF:
2919#endif
2920 case TIOCGSOFTCAR:
2921 case TIOCSSOFTCAR:
2922
2923 case PPPIOCGCHAN:
2924 case PPPIOCGUNIT:
2925 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2926 case TIOCCONS:
2927 case TIOCEXCL:
2928 case TIOCNXCL:
2929 case TIOCVHANGUP:
2930 case TIOCSBRK:
2931 case TIOCCBRK:
2932 case TCSBRK:
2933 case TCSBRKP:
2934 case TCFLSH:
2935 case TIOCGPTPEER:
2936 case TIOCNOTTY:
2937 case TIOCSCTTY:
2938 case TCXONC:
2939 case TIOCMIWAIT:
2940 case TIOCSERCONFIG:
2941 return tty_ioctl(file, cmd, arg);
2942 }
2943
2944 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2945 return -EINVAL;
2946
2947 switch (cmd) {
2948 case TIOCSSERIAL:
2949 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2950 case TIOCGSERIAL:
2951 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2952 }
2953 if (tty->ops->compat_ioctl) {
2954 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2955 if (retval != -ENOIOCTLCMD)
2956 return retval;
2957 }
2958
2959 ld = tty_ldisc_ref_wait(tty);
2960 if (!ld)
2961 return hung_up_tty_compat_ioctl(file, cmd, arg);
2962 if (ld->ops->compat_ioctl)
2963 retval = ld->ops->compat_ioctl(tty, cmd, arg);
2964 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2965 retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2966 arg);
2967 tty_ldisc_deref(ld);
2968
2969 return retval;
2970}
2971#endif
2972
2973static int this_tty(const void *t, struct file *file, unsigned fd)
2974{
2975 if (likely(file->f_op->read_iter != tty_read))
2976 return 0;
2977 return file_tty(file) != t ? 0 : fd + 1;
2978}
2979
2980/*
2981 * This implements the "Secure Attention Key" --- the idea is to
2982 * prevent trojan horses by killing all processes associated with this
2983 * tty when the user hits the "Secure Attention Key". Required for
2984 * super-paranoid applications --- see the Orange Book for more details.
2985 *
2986 * This code could be nicer; ideally it should send a HUP, wait a few
2987 * seconds, then send a INT, and then a KILL signal. But you then
2988 * have to coordinate with the init process, since all processes associated
2989 * with the current tty must be dead before the new getty is allowed
2990 * to spawn.
2991 *
2992 * Now, if it would be correct ;-/ The current code has a nasty hole -
2993 * it doesn't catch files in flight. We may send the descriptor to ourselves
2994 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2995 *
2996 * Nasty bug: do_SAK is being called in interrupt context. This can
2997 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2998 */
2999void __do_SAK(struct tty_struct *tty)
3000{
3001 struct task_struct *g, *p;
3002 struct pid *session;
3003 int i;
3004 unsigned long flags;
3005
3006 spin_lock_irqsave(&tty->ctrl.lock, flags);
3007 session = get_pid(tty->ctrl.session);
3008 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3009
3010 tty_ldisc_flush(tty);
3011
3012 tty_driver_flush_buffer(tty);
3013
3014 read_lock(&tasklist_lock);
3015 /* Kill the entire session */
3016 do_each_pid_task(session, PIDTYPE_SID, p) {
3017 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3018 task_pid_nr(p), p->comm);
3019 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3020 } while_each_pid_task(session, PIDTYPE_SID, p);
3021
3022 /* Now kill any processes that happen to have the tty open */
3023 do_each_thread(g, p) {
3024 if (p->signal->tty == tty) {
3025 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3026 task_pid_nr(p), p->comm);
3027 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3028 PIDTYPE_SID);
3029 continue;
3030 }
3031 task_lock(p);
3032 i = iterate_fd(p->files, 0, this_tty, tty);
3033 if (i != 0) {
3034 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3035 task_pid_nr(p), p->comm, i - 1);
3036 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3037 PIDTYPE_SID);
3038 }
3039 task_unlock(p);
3040 } while_each_thread(g, p);
3041 read_unlock(&tasklist_lock);
3042 put_pid(session);
3043}
3044
3045static void do_SAK_work(struct work_struct *work)
3046{
3047 struct tty_struct *tty =
3048 container_of(work, struct tty_struct, SAK_work);
3049 __do_SAK(tty);
3050}
3051
3052/*
3053 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3054 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3055 * the values which we write to it will be identical to the values which it
3056 * already has. --akpm
3057 */
3058void do_SAK(struct tty_struct *tty)
3059{
3060 if (!tty)
3061 return;
3062 schedule_work(&tty->SAK_work);
3063}
3064EXPORT_SYMBOL(do_SAK);
3065
3066/* Must put_device() after it's unused! */
3067static struct device *tty_get_device(struct tty_struct *tty)
3068{
3069 dev_t devt = tty_devnum(tty);
3070
3071 return class_find_device_by_devt(tty_class, devt);
3072}
3073
3074
3075/**
3076 * alloc_tty_struct - allocate a new tty
3077 * @driver: driver which will handle the returned tty
3078 * @idx: minor of the tty
3079 *
3080 * This subroutine allocates and initializes a tty structure.
3081 *
3082 * Locking: none - @tty in question is not exposed at this point
3083 */
3084struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3085{
3086 struct tty_struct *tty;
3087
3088 tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3089 if (!tty)
3090 return NULL;
3091
3092 kref_init(&tty->kref);
3093 if (tty_ldisc_init(tty)) {
3094 kfree(tty);
3095 return NULL;
3096 }
3097 tty->ctrl.session = NULL;
3098 tty->ctrl.pgrp = NULL;
3099 mutex_init(&tty->legacy_mutex);
3100 mutex_init(&tty->throttle_mutex);
3101 init_rwsem(&tty->termios_rwsem);
3102 mutex_init(&tty->winsize_mutex);
3103 init_ldsem(&tty->ldisc_sem);
3104 init_waitqueue_head(&tty->write_wait);
3105 init_waitqueue_head(&tty->read_wait);
3106 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3107 mutex_init(&tty->atomic_write_lock);
3108 spin_lock_init(&tty->ctrl.lock);
3109 spin_lock_init(&tty->flow.lock);
3110 spin_lock_init(&tty->files_lock);
3111 INIT_LIST_HEAD(&tty->tty_files);
3112 INIT_WORK(&tty->SAK_work, do_SAK_work);
3113
3114 tty->driver = driver;
3115 tty->ops = driver->ops;
3116 tty->index = idx;
3117 tty_line_name(driver, idx, tty->name);
3118 tty->dev = tty_get_device(tty);
3119
3120 return tty;
3121}
3122
3123/**
3124 * tty_put_char - write one character to a tty
3125 * @tty: tty
3126 * @ch: character to write
3127 *
3128 * Write one byte to the @tty using the provided @tty->ops->put_char() method
3129 * if present.
3130 *
3131 * Note: the specific put_char operation in the driver layer may go
3132 * away soon. Don't call it directly, use this method
3133 *
3134 * Return: the number of characters successfully output.
3135 */
3136int tty_put_char(struct tty_struct *tty, unsigned char ch)
3137{
3138 if (tty->ops->put_char)
3139 return tty->ops->put_char(tty, ch);
3140 return tty->ops->write(tty, &ch, 1);
3141}
3142EXPORT_SYMBOL_GPL(tty_put_char);
3143
3144struct class *tty_class;
3145
3146static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3147 unsigned int index, unsigned int count)
3148{
3149 int err;
3150
3151 /* init here, since reused cdevs cause crashes */
3152 driver->cdevs[index] = cdev_alloc();
3153 if (!driver->cdevs[index])
3154 return -ENOMEM;
3155 driver->cdevs[index]->ops = &tty_fops;
3156 driver->cdevs[index]->owner = driver->owner;
3157 err = cdev_add(driver->cdevs[index], dev, count);
3158 if (err)
3159 kobject_put(&driver->cdevs[index]->kobj);
3160 return err;
3161}
3162
3163/**
3164 * tty_register_device - register a tty device
3165 * @driver: the tty driver that describes the tty device
3166 * @index: the index in the tty driver for this tty device
3167 * @device: a struct device that is associated with this tty device.
3168 * This field is optional, if there is no known struct device
3169 * for this tty device it can be set to NULL safely.
3170 *
3171 * This call is required to be made to register an individual tty device
3172 * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3173 * that bit is not set, this function should not be called by a tty
3174 * driver.
3175 *
3176 * Locking: ??
3177 *
3178 * Return: A pointer to the struct device for this tty device (or
3179 * ERR_PTR(-EFOO) on error).
3180 */
3181struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3182 struct device *device)
3183{
3184 return tty_register_device_attr(driver, index, device, NULL, NULL);
3185}
3186EXPORT_SYMBOL(tty_register_device);
3187
3188static void tty_device_create_release(struct device *dev)
3189{
3190 dev_dbg(dev, "releasing...\n");
3191 kfree(dev);
3192}
3193
3194/**
3195 * tty_register_device_attr - register a tty device
3196 * @driver: the tty driver that describes the tty device
3197 * @index: the index in the tty driver for this tty device
3198 * @device: a struct device that is associated with this tty device.
3199 * This field is optional, if there is no known struct device
3200 * for this tty device it can be set to %NULL safely.
3201 * @drvdata: Driver data to be set to device.
3202 * @attr_grp: Attribute group to be set on device.
3203 *
3204 * This call is required to be made to register an individual tty device if the
3205 * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3206 * not set, this function should not be called by a tty driver.
3207 *
3208 * Locking: ??
3209 *
3210 * Return: A pointer to the struct device for this tty device (or
3211 * ERR_PTR(-EFOO) on error).
3212 */
3213struct device *tty_register_device_attr(struct tty_driver *driver,
3214 unsigned index, struct device *device,
3215 void *drvdata,
3216 const struct attribute_group **attr_grp)
3217{
3218 char name[64];
3219 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3220 struct ktermios *tp;
3221 struct device *dev;
3222 int retval;
3223
3224 if (index >= driver->num) {
3225 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3226 driver->name, index);
3227 return ERR_PTR(-EINVAL);
3228 }
3229
3230 if (driver->type == TTY_DRIVER_TYPE_PTY)
3231 pty_line_name(driver, index, name);
3232 else
3233 tty_line_name(driver, index, name);
3234
3235 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3236 if (!dev)
3237 return ERR_PTR(-ENOMEM);
3238
3239 dev->devt = devt;
3240 dev->class = tty_class;
3241 dev->parent = device;
3242 dev->release = tty_device_create_release;
3243 dev_set_name(dev, "%s", name);
3244 dev->groups = attr_grp;
3245 dev_set_drvdata(dev, drvdata);
3246
3247 dev_set_uevent_suppress(dev, 1);
3248
3249 retval = device_register(dev);
3250 if (retval)
3251 goto err_put;
3252
3253 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3254 /*
3255 * Free any saved termios data so that the termios state is
3256 * reset when reusing a minor number.
3257 */
3258 tp = driver->termios[index];
3259 if (tp) {
3260 driver->termios[index] = NULL;
3261 kfree(tp);
3262 }
3263
3264 retval = tty_cdev_add(driver, devt, index, 1);
3265 if (retval)
3266 goto err_del;
3267 }
3268
3269 dev_set_uevent_suppress(dev, 0);
3270 kobject_uevent(&dev->kobj, KOBJ_ADD);
3271
3272 return dev;
3273
3274err_del:
3275 device_del(dev);
3276err_put:
3277 put_device(dev);
3278
3279 return ERR_PTR(retval);
3280}
3281EXPORT_SYMBOL_GPL(tty_register_device_attr);
3282
3283/**
3284 * tty_unregister_device - unregister a tty device
3285 * @driver: the tty driver that describes the tty device
3286 * @index: the index in the tty driver for this tty device
3287 *
3288 * If a tty device is registered with a call to tty_register_device() then
3289 * this function must be called when the tty device is gone.
3290 *
3291 * Locking: ??
3292 */
3293void tty_unregister_device(struct tty_driver *driver, unsigned index)
3294{
3295 device_destroy(tty_class,
3296 MKDEV(driver->major, driver->minor_start) + index);
3297 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3298 cdev_del(driver->cdevs[index]);
3299 driver->cdevs[index] = NULL;
3300 }
3301}
3302EXPORT_SYMBOL(tty_unregister_device);
3303
3304/**
3305 * __tty_alloc_driver -- allocate tty driver
3306 * @lines: count of lines this driver can handle at most
3307 * @owner: module which is responsible for this driver
3308 * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
3309 *
3310 * This should not be called directly, some of the provided macros should be
3311 * used instead. Use IS_ERR() and friends on @retval.
3312 */
3313struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3314 unsigned long flags)
3315{
3316 struct tty_driver *driver;
3317 unsigned int cdevs = 1;
3318 int err;
3319
3320 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3321 return ERR_PTR(-EINVAL);
3322
3323 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3324 if (!driver)
3325 return ERR_PTR(-ENOMEM);
3326
3327 kref_init(&driver->kref);
3328 driver->num = lines;
3329 driver->owner = owner;
3330 driver->flags = flags;
3331
3332 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3333 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3334 GFP_KERNEL);
3335 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3336 GFP_KERNEL);
3337 if (!driver->ttys || !driver->termios) {
3338 err = -ENOMEM;
3339 goto err_free_all;
3340 }
3341 }
3342
3343 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3344 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3345 GFP_KERNEL);
3346 if (!driver->ports) {
3347 err = -ENOMEM;
3348 goto err_free_all;
3349 }
3350 cdevs = lines;
3351 }
3352
3353 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3354 if (!driver->cdevs) {
3355 err = -ENOMEM;
3356 goto err_free_all;
3357 }
3358
3359 return driver;
3360err_free_all:
3361 kfree(driver->ports);
3362 kfree(driver->ttys);
3363 kfree(driver->termios);
3364 kfree(driver->cdevs);
3365 kfree(driver);
3366 return ERR_PTR(err);
3367}
3368EXPORT_SYMBOL(__tty_alloc_driver);
3369
3370static void destruct_tty_driver(struct kref *kref)
3371{
3372 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3373 int i;
3374 struct ktermios *tp;
3375
3376 if (driver->flags & TTY_DRIVER_INSTALLED) {
3377 for (i = 0; i < driver->num; i++) {
3378 tp = driver->termios[i];
3379 if (tp) {
3380 driver->termios[i] = NULL;
3381 kfree(tp);
3382 }
3383 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3384 tty_unregister_device(driver, i);
3385 }
3386 proc_tty_unregister_driver(driver);
3387 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3388 cdev_del(driver->cdevs[0]);
3389 }
3390 kfree(driver->cdevs);
3391 kfree(driver->ports);
3392 kfree(driver->termios);
3393 kfree(driver->ttys);
3394 kfree(driver);
3395}
3396
3397/**
3398 * tty_driver_kref_put -- drop a reference to a tty driver
3399 * @driver: driver of which to drop the reference
3400 *
3401 * The final put will destroy and free up the driver.
3402 */
3403void tty_driver_kref_put(struct tty_driver *driver)
3404{
3405 kref_put(&driver->kref, destruct_tty_driver);
3406}
3407EXPORT_SYMBOL(tty_driver_kref_put);
3408
3409/**
3410 * tty_register_driver -- register a tty driver
3411 * @driver: driver to register
3412 *
3413 * Called by a tty driver to register itself.
3414 */
3415int tty_register_driver(struct tty_driver *driver)
3416{
3417 int error;
3418 int i;
3419 dev_t dev;
3420 struct device *d;
3421
3422 if (!driver->major) {
3423 error = alloc_chrdev_region(&dev, driver->minor_start,
3424 driver->num, driver->name);
3425 if (!error) {
3426 driver->major = MAJOR(dev);
3427 driver->minor_start = MINOR(dev);
3428 }
3429 } else {
3430 dev = MKDEV(driver->major, driver->minor_start);
3431 error = register_chrdev_region(dev, driver->num, driver->name);
3432 }
3433 if (error < 0)
3434 goto err;
3435
3436 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3437 error = tty_cdev_add(driver, dev, 0, driver->num);
3438 if (error)
3439 goto err_unreg_char;
3440 }
3441
3442 mutex_lock(&tty_mutex);
3443 list_add(&driver->tty_drivers, &tty_drivers);
3444 mutex_unlock(&tty_mutex);
3445
3446 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3447 for (i = 0; i < driver->num; i++) {
3448 d = tty_register_device(driver, i, NULL);
3449 if (IS_ERR(d)) {
3450 error = PTR_ERR(d);
3451 goto err_unreg_devs;
3452 }
3453 }
3454 }
3455 proc_tty_register_driver(driver);
3456 driver->flags |= TTY_DRIVER_INSTALLED;
3457 return 0;
3458
3459err_unreg_devs:
3460 for (i--; i >= 0; i--)
3461 tty_unregister_device(driver, i);
3462
3463 mutex_lock(&tty_mutex);
3464 list_del(&driver->tty_drivers);
3465 mutex_unlock(&tty_mutex);
3466
3467err_unreg_char:
3468 unregister_chrdev_region(dev, driver->num);
3469err:
3470 return error;
3471}
3472EXPORT_SYMBOL(tty_register_driver);
3473
3474/**
3475 * tty_unregister_driver -- unregister a tty driver
3476 * @driver: driver to unregister
3477 *
3478 * Called by a tty driver to unregister itself.
3479 */
3480void tty_unregister_driver(struct tty_driver *driver)
3481{
3482 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3483 driver->num);
3484 mutex_lock(&tty_mutex);
3485 list_del(&driver->tty_drivers);
3486 mutex_unlock(&tty_mutex);
3487}
3488EXPORT_SYMBOL(tty_unregister_driver);
3489
3490dev_t tty_devnum(struct tty_struct *tty)
3491{
3492 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3493}
3494EXPORT_SYMBOL(tty_devnum);
3495
3496void tty_default_fops(struct file_operations *fops)
3497{
3498 *fops = tty_fops;
3499}
3500
3501static char *tty_devnode(const struct device *dev, umode_t *mode)
3502{
3503 if (!mode)
3504 return NULL;
3505 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3506 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3507 *mode = 0666;
3508 return NULL;
3509}
3510
3511static int __init tty_class_init(void)
3512{
3513 tty_class = class_create(THIS_MODULE, "tty");
3514 if (IS_ERR(tty_class))
3515 return PTR_ERR(tty_class);
3516 tty_class->devnode = tty_devnode;
3517 return 0;
3518}
3519
3520postcore_initcall(tty_class_init);
3521
3522/* 3/2004 jmc: why do these devices exist? */
3523static struct cdev tty_cdev, console_cdev;
3524
3525static ssize_t show_cons_active(struct device *dev,
3526 struct device_attribute *attr, char *buf)
3527{
3528 struct console *cs[16];
3529 int i = 0;
3530 struct console *c;
3531 ssize_t count = 0;
3532
3533 /*
3534 * Hold the console_list_lock to guarantee that no consoles are
3535 * unregistered until all console processing is complete.
3536 * This also allows safe traversal of the console list and
3537 * race-free reading of @flags.
3538 */
3539 console_list_lock();
3540
3541 for_each_console(c) {
3542 if (!c->device)
3543 continue;
3544 if (!c->write)
3545 continue;
3546 if ((c->flags & CON_ENABLED) == 0)
3547 continue;
3548 cs[i++] = c;
3549 if (i >= ARRAY_SIZE(cs))
3550 break;
3551 }
3552
3553 /*
3554 * Take console_lock to serialize device() callback with
3555 * other console operations. For example, fg_console is
3556 * modified under console_lock when switching vt.
3557 */
3558 console_lock();
3559 while (i--) {
3560 int index = cs[i]->index;
3561 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3562
3563 /* don't resolve tty0 as some programs depend on it */
3564 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3565 count += tty_line_name(drv, index, buf + count);
3566 else
3567 count += sprintf(buf + count, "%s%d",
3568 cs[i]->name, cs[i]->index);
3569
3570 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3571 }
3572 console_unlock();
3573
3574 console_list_unlock();
3575
3576 return count;
3577}
3578static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3579
3580static struct attribute *cons_dev_attrs[] = {
3581 &dev_attr_active.attr,
3582 NULL
3583};
3584
3585ATTRIBUTE_GROUPS(cons_dev);
3586
3587static struct device *consdev;
3588
3589void console_sysfs_notify(void)
3590{
3591 if (consdev)
3592 sysfs_notify(&consdev->kobj, NULL, "active");
3593}
3594
3595static struct ctl_table tty_table[] = {
3596 {
3597 .procname = "legacy_tiocsti",
3598 .data = &tty_legacy_tiocsti,
3599 .maxlen = sizeof(tty_legacy_tiocsti),
3600 .mode = 0644,
3601 .proc_handler = proc_dobool,
3602 },
3603 {
3604 .procname = "ldisc_autoload",
3605 .data = &tty_ldisc_autoload,
3606 .maxlen = sizeof(tty_ldisc_autoload),
3607 .mode = 0644,
3608 .proc_handler = proc_dointvec,
3609 .extra1 = SYSCTL_ZERO,
3610 .extra2 = SYSCTL_ONE,
3611 },
3612 { }
3613};
3614
3615static struct ctl_table tty_dir_table[] = {
3616 {
3617 .procname = "tty",
3618 .mode = 0555,
3619 .child = tty_table,
3620 },
3621 { }
3622};
3623
3624static struct ctl_table tty_root_table[] = {
3625 {
3626 .procname = "dev",
3627 .mode = 0555,
3628 .child = tty_dir_table,
3629 },
3630 { }
3631};
3632
3633/*
3634 * Ok, now we can initialize the rest of the tty devices and can count
3635 * on memory allocations, interrupts etc..
3636 */
3637int __init tty_init(void)
3638{
3639 register_sysctl_table(tty_root_table);
3640 cdev_init(&tty_cdev, &tty_fops);
3641 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3642 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3643 panic("Couldn't register /dev/tty driver\n");
3644 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3645
3646 cdev_init(&console_cdev, &console_fops);
3647 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3648 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3649 panic("Couldn't register /dev/console driver\n");
3650 consdev = device_create_with_groups(tty_class, NULL,
3651 MKDEV(TTYAUX_MAJOR, 1), NULL,
3652 cons_dev_groups, "console");
3653 if (IS_ERR(consdev))
3654 consdev = NULL;
3655
3656#ifdef CONFIG_VT
3657 vty_init(&console_fops);
3658#endif
3659 return 0;
3660}