Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6/*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched/signal.h>
74#include <linux/sched/task.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/fdtable.h>
82#include <linux/console.h>
83#include <linux/timer.h>
84#include <linux/ctype.h>
85#include <linux/kd.h>
86#include <linux/mm.h>
87#include <linux/string.h>
88#include <linux/slab.h>
89#include <linux/poll.h>
90#include <linux/ppp-ioctl.h>
91#include <linux/proc_fs.h>
92#include <linux/init.h>
93#include <linux/module.h>
94#include <linux/device.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
97#include <linux/delay.h>
98#include <linux/seq_file.h>
99#include <linux/serial.h>
100#include <linux/ratelimit.h>
101#include <linux/compat.h>
102#include <linux/uaccess.h>
103#include <linux/termios_internal.h>
104#include <linux/fs.h>
105
106#include <linux/kbd_kern.h>
107#include <linux/vt_kern.h>
108#include <linux/selection.h>
109
110#include <linux/kmod.h>
111#include <linux/nsproxy.h>
112#include "tty.h"
113
114#undef TTY_DEBUG_HANGUP
115#ifdef TTY_DEBUG_HANGUP
116# define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
117#else
118# define tty_debug_hangup(tty, f, args...) do { } while (0)
119#endif
120
121#define TTY_PARANOIA_CHECK 1
122#define CHECK_TTY_COUNT 1
123
124struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
125 .c_iflag = ICRNL | IXON,
126 .c_oflag = OPOST | ONLCR,
127 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
128 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
129 ECHOCTL | ECHOKE | IEXTEN,
130 .c_cc = INIT_C_CC,
131 .c_ispeed = 38400,
132 .c_ospeed = 38400,
133 /* .c_line = N_TTY, */
134};
135EXPORT_SYMBOL(tty_std_termios);
136
137/* This list gets poked at by procfs and various bits of boot up code. This
138 * could do with some rationalisation such as pulling the tty proc function
139 * into this file.
140 */
141
142LIST_HEAD(tty_drivers); /* linked list of tty drivers */
143
144/* Mutex to protect creating and releasing a tty */
145DEFINE_MUTEX(tty_mutex);
146
147static ssize_t tty_read(struct kiocb *, struct iov_iter *);
148static ssize_t tty_write(struct kiocb *, struct iov_iter *);
149static __poll_t tty_poll(struct file *, poll_table *);
150static int tty_open(struct inode *, struct file *);
151#ifdef CONFIG_COMPAT
152static long tty_compat_ioctl(struct file *file, unsigned int cmd,
153 unsigned long arg);
154#else
155#define tty_compat_ioctl NULL
156#endif
157static int __tty_fasync(int fd, struct file *filp, int on);
158static int tty_fasync(int fd, struct file *filp, int on);
159static void release_tty(struct tty_struct *tty, int idx);
160
161/**
162 * free_tty_struct - free a disused tty
163 * @tty: tty struct to free
164 *
165 * Free the write buffers, tty queue and tty memory itself.
166 *
167 * Locking: none. Must be called after tty is definitely unused
168 */
169static void free_tty_struct(struct tty_struct *tty)
170{
171 tty_ldisc_deinit(tty);
172 put_device(tty->dev);
173 kvfree(tty->write_buf);
174 kfree(tty);
175}
176
177static inline struct tty_struct *file_tty(struct file *file)
178{
179 return ((struct tty_file_private *)file->private_data)->tty;
180}
181
182int tty_alloc_file(struct file *file)
183{
184 struct tty_file_private *priv;
185
186 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 if (!priv)
188 return -ENOMEM;
189
190 file->private_data = priv;
191
192 return 0;
193}
194
195/* Associate a new file with the tty structure */
196void tty_add_file(struct tty_struct *tty, struct file *file)
197{
198 struct tty_file_private *priv = file->private_data;
199
200 priv->tty = tty;
201 priv->file = file;
202
203 spin_lock(&tty->files_lock);
204 list_add(&priv->list, &tty->tty_files);
205 spin_unlock(&tty->files_lock);
206}
207
208/**
209 * tty_free_file - free file->private_data
210 * @file: to free private_data of
211 *
212 * This shall be used only for fail path handling when tty_add_file was not
213 * called yet.
214 */
215void tty_free_file(struct file *file)
216{
217 struct tty_file_private *priv = file->private_data;
218
219 file->private_data = NULL;
220 kfree(priv);
221}
222
223/* Delete file from its tty */
224static void tty_del_file(struct file *file)
225{
226 struct tty_file_private *priv = file->private_data;
227 struct tty_struct *tty = priv->tty;
228
229 spin_lock(&tty->files_lock);
230 list_del(&priv->list);
231 spin_unlock(&tty->files_lock);
232 tty_free_file(file);
233}
234
235/**
236 * tty_name - return tty naming
237 * @tty: tty structure
238 *
239 * Convert a tty structure into a name. The name reflects the kernel naming
240 * policy and if udev is in use may not reflect user space
241 *
242 * Locking: none
243 */
244const char *tty_name(const struct tty_struct *tty)
245{
246 if (!tty) /* Hmm. NULL pointer. That's fun. */
247 return "NULL tty";
248 return tty->name;
249}
250EXPORT_SYMBOL(tty_name);
251
252const char *tty_driver_name(const struct tty_struct *tty)
253{
254 if (!tty || !tty->driver)
255 return "";
256 return tty->driver->name;
257}
258
259static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 const char *routine)
261{
262#ifdef TTY_PARANOIA_CHECK
263 if (!tty) {
264 pr_warn("(%d:%d): %s: NULL tty\n",
265 imajor(inode), iminor(inode), routine);
266 return 1;
267 }
268#endif
269 return 0;
270}
271
272/* Caller must hold tty_lock */
273static void check_tty_count(struct tty_struct *tty, const char *routine)
274{
275#ifdef CHECK_TTY_COUNT
276 struct list_head *p;
277 int count = 0, kopen_count = 0;
278
279 spin_lock(&tty->files_lock);
280 list_for_each(p, &tty->tty_files) {
281 count++;
282 }
283 spin_unlock(&tty->files_lock);
284 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
285 tty->driver->subtype == PTY_TYPE_SLAVE &&
286 tty->link && tty->link->count)
287 count++;
288 if (tty_port_kopened(tty->port))
289 kopen_count++;
290 if (tty->count != (count + kopen_count)) {
291 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
292 routine, tty->count, count, kopen_count);
293 }
294#endif
295}
296
297/**
298 * get_tty_driver - find device of a tty
299 * @device: device identifier
300 * @index: returns the index of the tty
301 *
302 * This routine returns a tty driver structure, given a device number and also
303 * passes back the index number.
304 *
305 * Locking: caller must hold tty_mutex
306 */
307static struct tty_driver *get_tty_driver(dev_t device, int *index)
308{
309 struct tty_driver *p;
310
311 list_for_each_entry(p, &tty_drivers, tty_drivers) {
312 dev_t base = MKDEV(p->major, p->minor_start);
313
314 if (device < base || device >= base + p->num)
315 continue;
316 *index = device - base;
317 return tty_driver_kref_get(p);
318 }
319 return NULL;
320}
321
322/**
323 * tty_dev_name_to_number - return dev_t for device name
324 * @name: user space name of device under /dev
325 * @number: pointer to dev_t that this function will populate
326 *
327 * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
328 * (4, 64) or (188, 1). If no corresponding driver is registered then the
329 * function returns -%ENODEV.
330 *
331 * Locking: this acquires tty_mutex to protect the tty_drivers list from
332 * being modified while we are traversing it, and makes sure to
333 * release it before exiting.
334 */
335int tty_dev_name_to_number(const char *name, dev_t *number)
336{
337 struct tty_driver *p;
338 int ret;
339 int index, prefix_length = 0;
340 const char *str;
341
342 for (str = name; *str && !isdigit(*str); str++)
343 ;
344
345 if (!*str)
346 return -EINVAL;
347
348 ret = kstrtoint(str, 10, &index);
349 if (ret)
350 return ret;
351
352 prefix_length = str - name;
353 mutex_lock(&tty_mutex);
354
355 list_for_each_entry(p, &tty_drivers, tty_drivers)
356 if (prefix_length == strlen(p->name) && strncmp(name,
357 p->name, prefix_length) == 0) {
358 if (index < p->num) {
359 *number = MKDEV(p->major, p->minor_start + index);
360 goto out;
361 }
362 }
363
364 /* if here then driver wasn't found */
365 ret = -ENODEV;
366out:
367 mutex_unlock(&tty_mutex);
368 return ret;
369}
370EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
371
372#ifdef CONFIG_CONSOLE_POLL
373
374/**
375 * tty_find_polling_driver - find device of a polled tty
376 * @name: name string to match
377 * @line: pointer to resulting tty line nr
378 *
379 * This routine returns a tty driver structure, given a name and the condition
380 * that the tty driver is capable of polled operation.
381 */
382struct tty_driver *tty_find_polling_driver(char *name, int *line)
383{
384 struct tty_driver *p, *res = NULL;
385 int tty_line = 0;
386 int len;
387 char *str, *stp;
388
389 for (str = name; *str; str++)
390 if ((*str >= '0' && *str <= '9') || *str == ',')
391 break;
392 if (!*str)
393 return NULL;
394
395 len = str - name;
396 tty_line = simple_strtoul(str, &str, 10);
397
398 mutex_lock(&tty_mutex);
399 /* Search through the tty devices to look for a match */
400 list_for_each_entry(p, &tty_drivers, tty_drivers) {
401 if (!len || strncmp(name, p->name, len) != 0)
402 continue;
403 stp = str;
404 if (*stp == ',')
405 stp++;
406 if (*stp == '\0')
407 stp = NULL;
408
409 if (tty_line >= 0 && tty_line < p->num && p->ops &&
410 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
411 res = tty_driver_kref_get(p);
412 *line = tty_line;
413 break;
414 }
415 }
416 mutex_unlock(&tty_mutex);
417
418 return res;
419}
420EXPORT_SYMBOL_GPL(tty_find_polling_driver);
421#endif
422
423static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
424{
425 return 0;
426}
427
428static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
429{
430 return -EIO;
431}
432
433/* No kernel lock held - none needed ;) */
434static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
435{
436 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
437}
438
439static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
440 unsigned long arg)
441{
442 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
443}
444
445static long hung_up_tty_compat_ioctl(struct file *file,
446 unsigned int cmd, unsigned long arg)
447{
448 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
449}
450
451static int hung_up_tty_fasync(int fd, struct file *file, int on)
452{
453 return -ENOTTY;
454}
455
456static void tty_show_fdinfo(struct seq_file *m, struct file *file)
457{
458 struct tty_struct *tty = file_tty(file);
459
460 if (tty && tty->ops && tty->ops->show_fdinfo)
461 tty->ops->show_fdinfo(tty, m);
462}
463
464static const struct file_operations tty_fops = {
465 .llseek = no_llseek,
466 .read_iter = tty_read,
467 .write_iter = tty_write,
468 .splice_read = copy_splice_read,
469 .splice_write = iter_file_splice_write,
470 .poll = tty_poll,
471 .unlocked_ioctl = tty_ioctl,
472 .compat_ioctl = tty_compat_ioctl,
473 .open = tty_open,
474 .release = tty_release,
475 .fasync = tty_fasync,
476 .show_fdinfo = tty_show_fdinfo,
477};
478
479static const struct file_operations console_fops = {
480 .llseek = no_llseek,
481 .read_iter = tty_read,
482 .write_iter = redirected_tty_write,
483 .splice_read = copy_splice_read,
484 .splice_write = iter_file_splice_write,
485 .poll = tty_poll,
486 .unlocked_ioctl = tty_ioctl,
487 .compat_ioctl = tty_compat_ioctl,
488 .open = tty_open,
489 .release = tty_release,
490 .fasync = tty_fasync,
491};
492
493static const struct file_operations hung_up_tty_fops = {
494 .llseek = no_llseek,
495 .read_iter = hung_up_tty_read,
496 .write_iter = hung_up_tty_write,
497 .poll = hung_up_tty_poll,
498 .unlocked_ioctl = hung_up_tty_ioctl,
499 .compat_ioctl = hung_up_tty_compat_ioctl,
500 .release = tty_release,
501 .fasync = hung_up_tty_fasync,
502};
503
504static DEFINE_SPINLOCK(redirect_lock);
505static struct file *redirect;
506
507/**
508 * tty_wakeup - request more data
509 * @tty: terminal
510 *
511 * Internal and external helper for wakeups of tty. This function informs the
512 * line discipline if present that the driver is ready to receive more output
513 * data.
514 */
515void tty_wakeup(struct tty_struct *tty)
516{
517 struct tty_ldisc *ld;
518
519 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
520 ld = tty_ldisc_ref(tty);
521 if (ld) {
522 if (ld->ops->write_wakeup)
523 ld->ops->write_wakeup(tty);
524 tty_ldisc_deref(ld);
525 }
526 }
527 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
528}
529EXPORT_SYMBOL_GPL(tty_wakeup);
530
531/**
532 * tty_release_redirect - Release a redirect on a pty if present
533 * @tty: tty device
534 *
535 * This is available to the pty code so if the master closes, if the slave is a
536 * redirect it can release the redirect.
537 */
538static struct file *tty_release_redirect(struct tty_struct *tty)
539{
540 struct file *f = NULL;
541
542 spin_lock(&redirect_lock);
543 if (redirect && file_tty(redirect) == tty) {
544 f = redirect;
545 redirect = NULL;
546 }
547 spin_unlock(&redirect_lock);
548
549 return f;
550}
551
552/**
553 * __tty_hangup - actual handler for hangup events
554 * @tty: tty device
555 * @exit_session: if non-zero, signal all foreground group processes
556 *
557 * This can be called by a "kworker" kernel thread. That is process synchronous
558 * but doesn't hold any locks, so we need to make sure we have the appropriate
559 * locks for what we're doing.
560 *
561 * The hangup event clears any pending redirections onto the hung up device. It
562 * ensures future writes will error and it does the needed line discipline
563 * hangup and signal delivery. The tty object itself remains intact.
564 *
565 * Locking:
566 * * BTM
567 *
568 * * redirect lock for undoing redirection
569 * * file list lock for manipulating list of ttys
570 * * tty_ldiscs_lock from called functions
571 * * termios_rwsem resetting termios data
572 * * tasklist_lock to walk task list for hangup event
573 *
574 * * ->siglock to protect ->signal/->sighand
575 *
576 */
577static void __tty_hangup(struct tty_struct *tty, int exit_session)
578{
579 struct file *cons_filp = NULL;
580 struct file *filp, *f;
581 struct tty_file_private *priv;
582 int closecount = 0, n;
583 int refs;
584
585 if (!tty)
586 return;
587
588 f = tty_release_redirect(tty);
589
590 tty_lock(tty);
591
592 if (test_bit(TTY_HUPPED, &tty->flags)) {
593 tty_unlock(tty);
594 return;
595 }
596
597 /*
598 * Some console devices aren't actually hung up for technical and
599 * historical reasons, which can lead to indefinite interruptible
600 * sleep in n_tty_read(). The following explicitly tells
601 * n_tty_read() to abort readers.
602 */
603 set_bit(TTY_HUPPING, &tty->flags);
604
605 /* inuse_filps is protected by the single tty lock,
606 * this really needs to change if we want to flush the
607 * workqueue with the lock held.
608 */
609 check_tty_count(tty, "tty_hangup");
610
611 spin_lock(&tty->files_lock);
612 /* This breaks for file handles being sent over AF_UNIX sockets ? */
613 list_for_each_entry(priv, &tty->tty_files, list) {
614 filp = priv->file;
615 if (filp->f_op->write_iter == redirected_tty_write)
616 cons_filp = filp;
617 if (filp->f_op->write_iter != tty_write)
618 continue;
619 closecount++;
620 __tty_fasync(-1, filp, 0); /* can't block */
621 filp->f_op = &hung_up_tty_fops;
622 }
623 spin_unlock(&tty->files_lock);
624
625 refs = tty_signal_session_leader(tty, exit_session);
626 /* Account for the p->signal references we killed */
627 while (refs--)
628 tty_kref_put(tty);
629
630 tty_ldisc_hangup(tty, cons_filp != NULL);
631
632 spin_lock_irq(&tty->ctrl.lock);
633 clear_bit(TTY_THROTTLED, &tty->flags);
634 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
635 put_pid(tty->ctrl.session);
636 put_pid(tty->ctrl.pgrp);
637 tty->ctrl.session = NULL;
638 tty->ctrl.pgrp = NULL;
639 tty->ctrl.pktstatus = 0;
640 spin_unlock_irq(&tty->ctrl.lock);
641
642 /*
643 * If one of the devices matches a console pointer, we
644 * cannot just call hangup() because that will cause
645 * tty->count and state->count to go out of sync.
646 * So we just call close() the right number of times.
647 */
648 if (cons_filp) {
649 if (tty->ops->close)
650 for (n = 0; n < closecount; n++)
651 tty->ops->close(tty, cons_filp);
652 } else if (tty->ops->hangup)
653 tty->ops->hangup(tty);
654 /*
655 * We don't want to have driver/ldisc interactions beyond the ones
656 * we did here. The driver layer expects no calls after ->hangup()
657 * from the ldisc side, which is now guaranteed.
658 */
659 set_bit(TTY_HUPPED, &tty->flags);
660 clear_bit(TTY_HUPPING, &tty->flags);
661 tty_unlock(tty);
662
663 if (f)
664 fput(f);
665}
666
667static void do_tty_hangup(struct work_struct *work)
668{
669 struct tty_struct *tty =
670 container_of(work, struct tty_struct, hangup_work);
671
672 __tty_hangup(tty, 0);
673}
674
675/**
676 * tty_hangup - trigger a hangup event
677 * @tty: tty to hangup
678 *
679 * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
680 * hangup sequence to run after this event.
681 */
682void tty_hangup(struct tty_struct *tty)
683{
684 tty_debug_hangup(tty, "hangup\n");
685 schedule_work(&tty->hangup_work);
686}
687EXPORT_SYMBOL(tty_hangup);
688
689/**
690 * tty_vhangup - process vhangup
691 * @tty: tty to hangup
692 *
693 * The user has asked via system call for the terminal to be hung up. We do
694 * this synchronously so that when the syscall returns the process is complete.
695 * That guarantee is necessary for security reasons.
696 */
697void tty_vhangup(struct tty_struct *tty)
698{
699 tty_debug_hangup(tty, "vhangup\n");
700 __tty_hangup(tty, 0);
701}
702EXPORT_SYMBOL(tty_vhangup);
703
704
705/**
706 * tty_vhangup_self - process vhangup for own ctty
707 *
708 * Perform a vhangup on the current controlling tty
709 */
710void tty_vhangup_self(void)
711{
712 struct tty_struct *tty;
713
714 tty = get_current_tty();
715 if (tty) {
716 tty_vhangup(tty);
717 tty_kref_put(tty);
718 }
719}
720
721/**
722 * tty_vhangup_session - hangup session leader exit
723 * @tty: tty to hangup
724 *
725 * The session leader is exiting and hanging up its controlling terminal.
726 * Every process in the foreground process group is signalled %SIGHUP.
727 *
728 * We do this synchronously so that when the syscall returns the process is
729 * complete. That guarantee is necessary for security reasons.
730 */
731void tty_vhangup_session(struct tty_struct *tty)
732{
733 tty_debug_hangup(tty, "session hangup\n");
734 __tty_hangup(tty, 1);
735}
736
737/**
738 * tty_hung_up_p - was tty hung up
739 * @filp: file pointer of tty
740 *
741 * Return: true if the tty has been subject to a vhangup or a carrier loss
742 */
743int tty_hung_up_p(struct file *filp)
744{
745 return (filp && filp->f_op == &hung_up_tty_fops);
746}
747EXPORT_SYMBOL(tty_hung_up_p);
748
749void __stop_tty(struct tty_struct *tty)
750{
751 if (tty->flow.stopped)
752 return;
753 tty->flow.stopped = true;
754 if (tty->ops->stop)
755 tty->ops->stop(tty);
756}
757
758/**
759 * stop_tty - propagate flow control
760 * @tty: tty to stop
761 *
762 * Perform flow control to the driver. May be called on an already stopped
763 * device and will not re-call the &tty_driver->stop() method.
764 *
765 * This functionality is used by both the line disciplines for halting incoming
766 * flow and by the driver. It may therefore be called from any context, may be
767 * under the tty %atomic_write_lock but not always.
768 *
769 * Locking:
770 * flow.lock
771 */
772void stop_tty(struct tty_struct *tty)
773{
774 unsigned long flags;
775
776 spin_lock_irqsave(&tty->flow.lock, flags);
777 __stop_tty(tty);
778 spin_unlock_irqrestore(&tty->flow.lock, flags);
779}
780EXPORT_SYMBOL(stop_tty);
781
782void __start_tty(struct tty_struct *tty)
783{
784 if (!tty->flow.stopped || tty->flow.tco_stopped)
785 return;
786 tty->flow.stopped = false;
787 if (tty->ops->start)
788 tty->ops->start(tty);
789 tty_wakeup(tty);
790}
791
792/**
793 * start_tty - propagate flow control
794 * @tty: tty to start
795 *
796 * Start a tty that has been stopped if at all possible. If @tty was previously
797 * stopped and is now being started, the &tty_driver->start() method is invoked
798 * and the line discipline woken.
799 *
800 * Locking:
801 * flow.lock
802 */
803void start_tty(struct tty_struct *tty)
804{
805 unsigned long flags;
806
807 spin_lock_irqsave(&tty->flow.lock, flags);
808 __start_tty(tty);
809 spin_unlock_irqrestore(&tty->flow.lock, flags);
810}
811EXPORT_SYMBOL(start_tty);
812
813static void tty_update_time(struct tty_struct *tty, bool mtime)
814{
815 time64_t sec = ktime_get_real_seconds();
816 struct tty_file_private *priv;
817
818 spin_lock(&tty->files_lock);
819 list_for_each_entry(priv, &tty->tty_files, list) {
820 struct inode *inode = file_inode(priv->file);
821 struct timespec64 time = mtime ? inode_get_mtime(inode) : inode_get_atime(inode);
822
823 /*
824 * We only care if the two values differ in anything other than the
825 * lower three bits (i.e every 8 seconds). If so, then we can update
826 * the time of the tty device, otherwise it could be construded as a
827 * security leak to let userspace know the exact timing of the tty.
828 */
829 if ((sec ^ time.tv_sec) & ~7) {
830 if (mtime)
831 inode_set_mtime(inode, sec, 0);
832 else
833 inode_set_atime(inode, sec, 0);
834 }
835 }
836 spin_unlock(&tty->files_lock);
837}
838
839/*
840 * Iterate on the ldisc ->read() function until we've gotten all
841 * the data the ldisc has for us.
842 *
843 * The "cookie" is something that the ldisc read function can fill
844 * in to let us know that there is more data to be had.
845 *
846 * We promise to continue to call the ldisc until it stops returning
847 * data or clears the cookie. The cookie may be something that the
848 * ldisc maintains state for and needs to free.
849 */
850static ssize_t iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
851 struct file *file, struct iov_iter *to)
852{
853 void *cookie = NULL;
854 unsigned long offset = 0;
855 ssize_t retval = 0;
856 size_t copied, count = iov_iter_count(to);
857 u8 kernel_buf[64];
858
859 do {
860 ssize_t size = min(count, sizeof(kernel_buf));
861
862 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
863 if (!size)
864 break;
865
866 if (size < 0) {
867 /* Did we have an earlier error (ie -EFAULT)? */
868 if (retval)
869 break;
870 retval = size;
871
872 /*
873 * -EOVERFLOW means we didn't have enough space
874 * for a whole packet, and we shouldn't return
875 * a partial result.
876 */
877 if (retval == -EOVERFLOW)
878 offset = 0;
879 break;
880 }
881
882 copied = copy_to_iter(kernel_buf, size, to);
883 offset += copied;
884 count -= copied;
885
886 /*
887 * If the user copy failed, we still need to do another ->read()
888 * call if we had a cookie to let the ldisc clear up.
889 *
890 * But make sure size is zeroed.
891 */
892 if (unlikely(copied != size)) {
893 count = 0;
894 retval = -EFAULT;
895 }
896 } while (cookie);
897
898 /* We always clear tty buffer in case they contained passwords */
899 memzero_explicit(kernel_buf, sizeof(kernel_buf));
900 return offset ? offset : retval;
901}
902
903
904/**
905 * tty_read - read method for tty device files
906 * @iocb: kernel I/O control block
907 * @to: destination for the data read
908 *
909 * Perform the read system call function on this terminal device. Checks
910 * for hung up devices before calling the line discipline method.
911 *
912 * Locking:
913 * Locks the line discipline internally while needed. Multiple read calls
914 * may be outstanding in parallel.
915 */
916static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
917{
918 struct file *file = iocb->ki_filp;
919 struct inode *inode = file_inode(file);
920 struct tty_struct *tty = file_tty(file);
921 struct tty_ldisc *ld;
922 ssize_t ret;
923
924 if (tty_paranoia_check(tty, inode, "tty_read"))
925 return -EIO;
926 if (!tty || tty_io_error(tty))
927 return -EIO;
928
929 /* We want to wait for the line discipline to sort out in this
930 * situation.
931 */
932 ld = tty_ldisc_ref_wait(tty);
933 if (!ld)
934 return hung_up_tty_read(iocb, to);
935 ret = -EIO;
936 if (ld->ops->read)
937 ret = iterate_tty_read(ld, tty, file, to);
938 tty_ldisc_deref(ld);
939
940 if (ret > 0)
941 tty_update_time(tty, false);
942
943 return ret;
944}
945
946void tty_write_unlock(struct tty_struct *tty)
947{
948 mutex_unlock(&tty->atomic_write_lock);
949 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
950}
951
952int tty_write_lock(struct tty_struct *tty, bool ndelay)
953{
954 if (!mutex_trylock(&tty->atomic_write_lock)) {
955 if (ndelay)
956 return -EAGAIN;
957 if (mutex_lock_interruptible(&tty->atomic_write_lock))
958 return -ERESTARTSYS;
959 }
960 return 0;
961}
962
963/*
964 * Split writes up in sane blocksizes to avoid
965 * denial-of-service type attacks
966 */
967static ssize_t iterate_tty_write(struct tty_ldisc *ld, struct tty_struct *tty,
968 struct file *file, struct iov_iter *from)
969{
970 size_t chunk, count = iov_iter_count(from);
971 ssize_t ret, written = 0;
972
973 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
974 if (ret < 0)
975 return ret;
976
977 /*
978 * We chunk up writes into a temporary buffer. This
979 * simplifies low-level drivers immensely, since they
980 * don't have locking issues and user mode accesses.
981 *
982 * But if TTY_NO_WRITE_SPLIT is set, we should use a
983 * big chunk-size..
984 *
985 * The default chunk-size is 2kB, because the NTTY
986 * layer has problems with bigger chunks. It will
987 * claim to be able to handle more characters than
988 * it actually does.
989 */
990 chunk = 2048;
991 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
992 chunk = 65536;
993 if (count < chunk)
994 chunk = count;
995
996 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
997 if (tty->write_cnt < chunk) {
998 u8 *buf_chunk;
999
1000 if (chunk < 1024)
1001 chunk = 1024;
1002
1003 buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1004 if (!buf_chunk) {
1005 ret = -ENOMEM;
1006 goto out;
1007 }
1008 kvfree(tty->write_buf);
1009 tty->write_cnt = chunk;
1010 tty->write_buf = buf_chunk;
1011 }
1012
1013 /* Do the write .. */
1014 for (;;) {
1015 size_t size = min(chunk, count);
1016
1017 ret = -EFAULT;
1018 if (copy_from_iter(tty->write_buf, size, from) != size)
1019 break;
1020
1021 ret = ld->ops->write(tty, file, tty->write_buf, size);
1022 if (ret <= 0)
1023 break;
1024
1025 written += ret;
1026 if (ret > size)
1027 break;
1028
1029 /* FIXME! Have Al check this! */
1030 if (ret != size)
1031 iov_iter_revert(from, size-ret);
1032
1033 count -= ret;
1034 if (!count)
1035 break;
1036 ret = -ERESTARTSYS;
1037 if (signal_pending(current))
1038 break;
1039 cond_resched();
1040 }
1041 if (written) {
1042 tty_update_time(tty, true);
1043 ret = written;
1044 }
1045out:
1046 tty_write_unlock(tty);
1047 return ret;
1048}
1049
1050#ifdef CONFIG_PRINT_QUOTA_WARNING
1051/**
1052 * tty_write_message - write a message to a certain tty, not just the console.
1053 * @tty: the destination tty_struct
1054 * @msg: the message to write
1055 *
1056 * This is used for messages that need to be redirected to a specific tty. We
1057 * don't put it into the syslog queue right now maybe in the future if really
1058 * needed.
1059 *
1060 * We must still hold the BTM and test the CLOSING flag for the moment.
1061 *
1062 * This function is DEPRECATED, do not use in new code.
1063 */
1064void tty_write_message(struct tty_struct *tty, char *msg)
1065{
1066 if (tty) {
1067 mutex_lock(&tty->atomic_write_lock);
1068 tty_lock(tty);
1069 if (tty->ops->write && tty->count > 0)
1070 tty->ops->write(tty, msg, strlen(msg));
1071 tty_unlock(tty);
1072 tty_write_unlock(tty);
1073 }
1074}
1075#endif
1076
1077static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1078{
1079 struct tty_struct *tty = file_tty(file);
1080 struct tty_ldisc *ld;
1081 ssize_t ret;
1082
1083 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1084 return -EIO;
1085 if (!tty || !tty->ops->write || tty_io_error(tty))
1086 return -EIO;
1087 /* Short term debug to catch buggy drivers */
1088 if (tty->ops->write_room == NULL)
1089 tty_err(tty, "missing write_room method\n");
1090 ld = tty_ldisc_ref_wait(tty);
1091 if (!ld)
1092 return hung_up_tty_write(iocb, from);
1093 if (!ld->ops->write)
1094 ret = -EIO;
1095 else
1096 ret = iterate_tty_write(ld, tty, file, from);
1097 tty_ldisc_deref(ld);
1098 return ret;
1099}
1100
1101/**
1102 * tty_write - write method for tty device file
1103 * @iocb: kernel I/O control block
1104 * @from: iov_iter with data to write
1105 *
1106 * Write data to a tty device via the line discipline.
1107 *
1108 * Locking:
1109 * Locks the line discipline as required
1110 * Writes to the tty driver are serialized by the atomic_write_lock
1111 * and are then processed in chunks to the device. The line
1112 * discipline write method will not be invoked in parallel for
1113 * each device.
1114 */
1115static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1116{
1117 return file_tty_write(iocb->ki_filp, iocb, from);
1118}
1119
1120ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1121{
1122 struct file *p = NULL;
1123
1124 spin_lock(&redirect_lock);
1125 if (redirect)
1126 p = get_file(redirect);
1127 spin_unlock(&redirect_lock);
1128
1129 /*
1130 * We know the redirected tty is just another tty, we can
1131 * call file_tty_write() directly with that file pointer.
1132 */
1133 if (p) {
1134 ssize_t res;
1135
1136 res = file_tty_write(p, iocb, iter);
1137 fput(p);
1138 return res;
1139 }
1140 return tty_write(iocb, iter);
1141}
1142
1143/**
1144 * tty_send_xchar - send priority character
1145 * @tty: the tty to send to
1146 * @ch: xchar to send
1147 *
1148 * Send a high priority character to the tty even if stopped.
1149 *
1150 * Locking: none for xchar method, write ordering for write method.
1151 */
1152int tty_send_xchar(struct tty_struct *tty, u8 ch)
1153{
1154 bool was_stopped = tty->flow.stopped;
1155
1156 if (tty->ops->send_xchar) {
1157 down_read(&tty->termios_rwsem);
1158 tty->ops->send_xchar(tty, ch);
1159 up_read(&tty->termios_rwsem);
1160 return 0;
1161 }
1162
1163 if (tty_write_lock(tty, false) < 0)
1164 return -ERESTARTSYS;
1165
1166 down_read(&tty->termios_rwsem);
1167 if (was_stopped)
1168 start_tty(tty);
1169 tty->ops->write(tty, &ch, 1);
1170 if (was_stopped)
1171 stop_tty(tty);
1172 up_read(&tty->termios_rwsem);
1173 tty_write_unlock(tty);
1174 return 0;
1175}
1176
1177/**
1178 * pty_line_name - generate name for a pty
1179 * @driver: the tty driver in use
1180 * @index: the minor number
1181 * @p: output buffer of at least 6 bytes
1182 *
1183 * Generate a name from a @driver reference and write it to the output buffer
1184 * @p.
1185 *
1186 * Locking: None
1187 */
1188static void pty_line_name(struct tty_driver *driver, int index, char *p)
1189{
1190 static const char ptychar[] = "pqrstuvwxyzabcde";
1191 int i = index + driver->name_base;
1192 /* ->name is initialized to "ttyp", but "tty" is expected */
1193 sprintf(p, "%s%c%x",
1194 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1195 ptychar[i >> 4 & 0xf], i & 0xf);
1196}
1197
1198/**
1199 * tty_line_name - generate name for a tty
1200 * @driver: the tty driver in use
1201 * @index: the minor number
1202 * @p: output buffer of at least 7 bytes
1203 *
1204 * Generate a name from a @driver reference and write it to the output buffer
1205 * @p.
1206 *
1207 * Locking: None
1208 */
1209static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1210{
1211 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1212 return sprintf(p, "%s", driver->name);
1213 else
1214 return sprintf(p, "%s%d", driver->name,
1215 index + driver->name_base);
1216}
1217
1218/**
1219 * tty_driver_lookup_tty() - find an existing tty, if any
1220 * @driver: the driver for the tty
1221 * @file: file object
1222 * @idx: the minor number
1223 *
1224 * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1225 * driver lookup() method returns an error.
1226 *
1227 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1228 */
1229static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1230 struct file *file, int idx)
1231{
1232 struct tty_struct *tty;
1233
1234 if (driver->ops->lookup) {
1235 if (!file)
1236 tty = ERR_PTR(-EIO);
1237 else
1238 tty = driver->ops->lookup(driver, file, idx);
1239 } else {
1240 if (idx >= driver->num)
1241 return ERR_PTR(-EINVAL);
1242 tty = driver->ttys[idx];
1243 }
1244 if (!IS_ERR(tty))
1245 tty_kref_get(tty);
1246 return tty;
1247}
1248
1249/**
1250 * tty_init_termios - helper for termios setup
1251 * @tty: the tty to set up
1252 *
1253 * Initialise the termios structure for this tty. This runs under the
1254 * %tty_mutex currently so we can be relaxed about ordering.
1255 */
1256void tty_init_termios(struct tty_struct *tty)
1257{
1258 struct ktermios *tp;
1259 int idx = tty->index;
1260
1261 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1262 tty->termios = tty->driver->init_termios;
1263 else {
1264 /* Check for lazy saved data */
1265 tp = tty->driver->termios[idx];
1266 if (tp != NULL) {
1267 tty->termios = *tp;
1268 tty->termios.c_line = tty->driver->init_termios.c_line;
1269 } else
1270 tty->termios = tty->driver->init_termios;
1271 }
1272 /* Compatibility until drivers always set this */
1273 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1274 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1275}
1276EXPORT_SYMBOL_GPL(tty_init_termios);
1277
1278/**
1279 * tty_standard_install - usual tty->ops->install
1280 * @driver: the driver for the tty
1281 * @tty: the tty
1282 *
1283 * If the @driver overrides @tty->ops->install, it still can call this function
1284 * to perform the standard install operations.
1285 */
1286int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1287{
1288 tty_init_termios(tty);
1289 tty_driver_kref_get(driver);
1290 tty->count++;
1291 driver->ttys[tty->index] = tty;
1292 return 0;
1293}
1294EXPORT_SYMBOL_GPL(tty_standard_install);
1295
1296/**
1297 * tty_driver_install_tty() - install a tty entry in the driver
1298 * @driver: the driver for the tty
1299 * @tty: the tty
1300 *
1301 * Install a tty object into the driver tables. The @tty->index field will be
1302 * set by the time this is called. This method is responsible for ensuring any
1303 * need additional structures are allocated and configured.
1304 *
1305 * Locking: tty_mutex for now
1306 */
1307static int tty_driver_install_tty(struct tty_driver *driver,
1308 struct tty_struct *tty)
1309{
1310 return driver->ops->install ? driver->ops->install(driver, tty) :
1311 tty_standard_install(driver, tty);
1312}
1313
1314/**
1315 * tty_driver_remove_tty() - remove a tty from the driver tables
1316 * @driver: the driver for the tty
1317 * @tty: tty to remove
1318 *
1319 * Remove a tty object from the driver tables. The tty->index field will be set
1320 * by the time this is called.
1321 *
1322 * Locking: tty_mutex for now
1323 */
1324static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1325{
1326 if (driver->ops->remove)
1327 driver->ops->remove(driver, tty);
1328 else
1329 driver->ttys[tty->index] = NULL;
1330}
1331
1332/**
1333 * tty_reopen() - fast re-open of an open tty
1334 * @tty: the tty to open
1335 *
1336 * Re-opens on master ptys are not allowed and return -%EIO.
1337 *
1338 * Locking: Caller must hold tty_lock
1339 * Return: 0 on success, -errno on error.
1340 */
1341static int tty_reopen(struct tty_struct *tty)
1342{
1343 struct tty_driver *driver = tty->driver;
1344 struct tty_ldisc *ld;
1345 int retval = 0;
1346
1347 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1348 driver->subtype == PTY_TYPE_MASTER)
1349 return -EIO;
1350
1351 if (!tty->count)
1352 return -EAGAIN;
1353
1354 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1355 return -EBUSY;
1356
1357 ld = tty_ldisc_ref_wait(tty);
1358 if (ld) {
1359 tty_ldisc_deref(ld);
1360 } else {
1361 retval = tty_ldisc_lock(tty, 5 * HZ);
1362 if (retval)
1363 return retval;
1364
1365 if (!tty->ldisc)
1366 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1367 tty_ldisc_unlock(tty);
1368 }
1369
1370 if (retval == 0)
1371 tty->count++;
1372
1373 return retval;
1374}
1375
1376/**
1377 * tty_init_dev - initialise a tty device
1378 * @driver: tty driver we are opening a device on
1379 * @idx: device index
1380 *
1381 * Prepare a tty device. This may not be a "new" clean device but could also be
1382 * an active device. The pty drivers require special handling because of this.
1383 *
1384 * Locking:
1385 * The function is called under the tty_mutex, which protects us from the
1386 * tty struct or driver itself going away.
1387 *
1388 * On exit the tty device has the line discipline attached and a reference
1389 * count of 1. If a pair was created for pty/tty use and the other was a pty
1390 * master then it too has a reference count of 1.
1391 *
1392 * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1393 * open. The new code protects the open with a mutex, so it's really quite
1394 * straightforward. The mutex locking can probably be relaxed for the (most
1395 * common) case of reopening a tty.
1396 *
1397 * Return: new tty structure
1398 */
1399struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1400{
1401 struct tty_struct *tty;
1402 int retval;
1403
1404 /*
1405 * First time open is complex, especially for PTY devices.
1406 * This code guarantees that either everything succeeds and the
1407 * TTY is ready for operation, or else the table slots are vacated
1408 * and the allocated memory released. (Except that the termios
1409 * may be retained.)
1410 */
1411
1412 if (!try_module_get(driver->owner))
1413 return ERR_PTR(-ENODEV);
1414
1415 tty = alloc_tty_struct(driver, idx);
1416 if (!tty) {
1417 retval = -ENOMEM;
1418 goto err_module_put;
1419 }
1420
1421 tty_lock(tty);
1422 retval = tty_driver_install_tty(driver, tty);
1423 if (retval < 0)
1424 goto err_free_tty;
1425
1426 if (!tty->port)
1427 tty->port = driver->ports[idx];
1428
1429 if (WARN_RATELIMIT(!tty->port,
1430 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1431 __func__, tty->driver->name)) {
1432 retval = -EINVAL;
1433 goto err_release_lock;
1434 }
1435
1436 retval = tty_ldisc_lock(tty, 5 * HZ);
1437 if (retval)
1438 goto err_release_lock;
1439 tty->port->itty = tty;
1440
1441 /*
1442 * Structures all installed ... call the ldisc open routines.
1443 * If we fail here just call release_tty to clean up. No need
1444 * to decrement the use counts, as release_tty doesn't care.
1445 */
1446 retval = tty_ldisc_setup(tty, tty->link);
1447 if (retval)
1448 goto err_release_tty;
1449 tty_ldisc_unlock(tty);
1450 /* Return the tty locked so that it cannot vanish under the caller */
1451 return tty;
1452
1453err_free_tty:
1454 tty_unlock(tty);
1455 free_tty_struct(tty);
1456err_module_put:
1457 module_put(driver->owner);
1458 return ERR_PTR(retval);
1459
1460 /* call the tty release_tty routine to clean out this slot */
1461err_release_tty:
1462 tty_ldisc_unlock(tty);
1463 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1464 retval, idx);
1465err_release_lock:
1466 tty_unlock(tty);
1467 release_tty(tty, idx);
1468 return ERR_PTR(retval);
1469}
1470
1471/**
1472 * tty_save_termios() - save tty termios data in driver table
1473 * @tty: tty whose termios data to save
1474 *
1475 * Locking: Caller guarantees serialisation with tty_init_termios().
1476 */
1477void tty_save_termios(struct tty_struct *tty)
1478{
1479 struct ktermios *tp;
1480 int idx = tty->index;
1481
1482 /* If the port is going to reset then it has no termios to save */
1483 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1484 return;
1485
1486 /* Stash the termios data */
1487 tp = tty->driver->termios[idx];
1488 if (tp == NULL) {
1489 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1490 if (tp == NULL)
1491 return;
1492 tty->driver->termios[idx] = tp;
1493 }
1494 *tp = tty->termios;
1495}
1496EXPORT_SYMBOL_GPL(tty_save_termios);
1497
1498/**
1499 * tty_flush_works - flush all works of a tty/pty pair
1500 * @tty: tty device to flush works for (or either end of a pty pair)
1501 *
1502 * Sync flush all works belonging to @tty (and the 'other' tty).
1503 */
1504static void tty_flush_works(struct tty_struct *tty)
1505{
1506 flush_work(&tty->SAK_work);
1507 flush_work(&tty->hangup_work);
1508 if (tty->link) {
1509 flush_work(&tty->link->SAK_work);
1510 flush_work(&tty->link->hangup_work);
1511 }
1512}
1513
1514/**
1515 * release_one_tty - release tty structure memory
1516 * @work: work of tty we are obliterating
1517 *
1518 * Releases memory associated with a tty structure, and clears out the
1519 * driver table slots. This function is called when a device is no longer
1520 * in use. It also gets called when setup of a device fails.
1521 *
1522 * Locking:
1523 * takes the file list lock internally when working on the list of ttys
1524 * that the driver keeps.
1525 *
1526 * This method gets called from a work queue so that the driver private
1527 * cleanup ops can sleep (needed for USB at least)
1528 */
1529static void release_one_tty(struct work_struct *work)
1530{
1531 struct tty_struct *tty =
1532 container_of(work, struct tty_struct, hangup_work);
1533 struct tty_driver *driver = tty->driver;
1534 struct module *owner = driver->owner;
1535
1536 if (tty->ops->cleanup)
1537 tty->ops->cleanup(tty);
1538
1539 tty_driver_kref_put(driver);
1540 module_put(owner);
1541
1542 spin_lock(&tty->files_lock);
1543 list_del_init(&tty->tty_files);
1544 spin_unlock(&tty->files_lock);
1545
1546 put_pid(tty->ctrl.pgrp);
1547 put_pid(tty->ctrl.session);
1548 free_tty_struct(tty);
1549}
1550
1551static void queue_release_one_tty(struct kref *kref)
1552{
1553 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1554
1555 /* The hangup queue is now free so we can reuse it rather than
1556 * waste a chunk of memory for each port.
1557 */
1558 INIT_WORK(&tty->hangup_work, release_one_tty);
1559 schedule_work(&tty->hangup_work);
1560}
1561
1562/**
1563 * tty_kref_put - release a tty kref
1564 * @tty: tty device
1565 *
1566 * Release a reference to the @tty device and if need be let the kref layer
1567 * destruct the object for us.
1568 */
1569void tty_kref_put(struct tty_struct *tty)
1570{
1571 if (tty)
1572 kref_put(&tty->kref, queue_release_one_tty);
1573}
1574EXPORT_SYMBOL(tty_kref_put);
1575
1576/**
1577 * release_tty - release tty structure memory
1578 * @tty: tty device release
1579 * @idx: index of the tty device release
1580 *
1581 * Release both @tty and a possible linked partner (think pty pair),
1582 * and decrement the refcount of the backing module.
1583 *
1584 * Locking:
1585 * tty_mutex
1586 * takes the file list lock internally when working on the list of ttys
1587 * that the driver keeps.
1588 */
1589static void release_tty(struct tty_struct *tty, int idx)
1590{
1591 /* This should always be true but check for the moment */
1592 WARN_ON(tty->index != idx);
1593 WARN_ON(!mutex_is_locked(&tty_mutex));
1594 if (tty->ops->shutdown)
1595 tty->ops->shutdown(tty);
1596 tty_save_termios(tty);
1597 tty_driver_remove_tty(tty->driver, tty);
1598 if (tty->port)
1599 tty->port->itty = NULL;
1600 if (tty->link)
1601 tty->link->port->itty = NULL;
1602 if (tty->port)
1603 tty_buffer_cancel_work(tty->port);
1604 if (tty->link)
1605 tty_buffer_cancel_work(tty->link->port);
1606
1607 tty_kref_put(tty->link);
1608 tty_kref_put(tty);
1609}
1610
1611/**
1612 * tty_release_checks - check a tty before real release
1613 * @tty: tty to check
1614 * @idx: index of the tty
1615 *
1616 * Performs some paranoid checking before true release of the @tty. This is a
1617 * no-op unless %TTY_PARANOIA_CHECK is defined.
1618 */
1619static int tty_release_checks(struct tty_struct *tty, int idx)
1620{
1621#ifdef TTY_PARANOIA_CHECK
1622 if (idx < 0 || idx >= tty->driver->num) {
1623 tty_debug(tty, "bad idx %d\n", idx);
1624 return -1;
1625 }
1626
1627 /* not much to check for devpts */
1628 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1629 return 0;
1630
1631 if (tty != tty->driver->ttys[idx]) {
1632 tty_debug(tty, "bad driver table[%d] = %p\n",
1633 idx, tty->driver->ttys[idx]);
1634 return -1;
1635 }
1636 if (tty->driver->other) {
1637 struct tty_struct *o_tty = tty->link;
1638
1639 if (o_tty != tty->driver->other->ttys[idx]) {
1640 tty_debug(tty, "bad other table[%d] = %p\n",
1641 idx, tty->driver->other->ttys[idx]);
1642 return -1;
1643 }
1644 if (o_tty->link != tty) {
1645 tty_debug(tty, "bad link = %p\n", o_tty->link);
1646 return -1;
1647 }
1648 }
1649#endif
1650 return 0;
1651}
1652
1653/**
1654 * tty_kclose - closes tty opened by tty_kopen
1655 * @tty: tty device
1656 *
1657 * Performs the final steps to release and free a tty device. It is the same as
1658 * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1659 * @tty->port.
1660 */
1661void tty_kclose(struct tty_struct *tty)
1662{
1663 /*
1664 * Ask the line discipline code to release its structures
1665 */
1666 tty_ldisc_release(tty);
1667
1668 /* Wait for pending work before tty destruction commences */
1669 tty_flush_works(tty);
1670
1671 tty_debug_hangup(tty, "freeing structure\n");
1672 /*
1673 * The release_tty function takes care of the details of clearing
1674 * the slots and preserving the termios structure.
1675 */
1676 mutex_lock(&tty_mutex);
1677 tty_port_set_kopened(tty->port, 0);
1678 release_tty(tty, tty->index);
1679 mutex_unlock(&tty_mutex);
1680}
1681EXPORT_SYMBOL_GPL(tty_kclose);
1682
1683/**
1684 * tty_release_struct - release a tty struct
1685 * @tty: tty device
1686 * @idx: index of the tty
1687 *
1688 * Performs the final steps to release and free a tty device. It is roughly the
1689 * reverse of tty_init_dev().
1690 */
1691void tty_release_struct(struct tty_struct *tty, int idx)
1692{
1693 /*
1694 * Ask the line discipline code to release its structures
1695 */
1696 tty_ldisc_release(tty);
1697
1698 /* Wait for pending work before tty destruction commmences */
1699 tty_flush_works(tty);
1700
1701 tty_debug_hangup(tty, "freeing structure\n");
1702 /*
1703 * The release_tty function takes care of the details of clearing
1704 * the slots and preserving the termios structure.
1705 */
1706 mutex_lock(&tty_mutex);
1707 release_tty(tty, idx);
1708 mutex_unlock(&tty_mutex);
1709}
1710EXPORT_SYMBOL_GPL(tty_release_struct);
1711
1712/**
1713 * tty_release - vfs callback for close
1714 * @inode: inode of tty
1715 * @filp: file pointer for handle to tty
1716 *
1717 * Called the last time each file handle is closed that references this tty.
1718 * There may however be several such references.
1719 *
1720 * Locking:
1721 * Takes BKL. See tty_release_dev().
1722 *
1723 * Even releasing the tty structures is a tricky business. We have to be very
1724 * careful that the structures are all released at the same time, as interrupts
1725 * might otherwise get the wrong pointers.
1726 *
1727 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1728 * lead to double frees or releasing memory still in use.
1729 */
1730int tty_release(struct inode *inode, struct file *filp)
1731{
1732 struct tty_struct *tty = file_tty(filp);
1733 struct tty_struct *o_tty = NULL;
1734 int do_sleep, final;
1735 int idx;
1736 long timeout = 0;
1737 int once = 1;
1738
1739 if (tty_paranoia_check(tty, inode, __func__))
1740 return 0;
1741
1742 tty_lock(tty);
1743 check_tty_count(tty, __func__);
1744
1745 __tty_fasync(-1, filp, 0);
1746
1747 idx = tty->index;
1748 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1749 tty->driver->subtype == PTY_TYPE_MASTER)
1750 o_tty = tty->link;
1751
1752 if (tty_release_checks(tty, idx)) {
1753 tty_unlock(tty);
1754 return 0;
1755 }
1756
1757 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1758
1759 if (tty->ops->close)
1760 tty->ops->close(tty, filp);
1761
1762 /* If tty is pty master, lock the slave pty (stable lock order) */
1763 tty_lock_slave(o_tty);
1764
1765 /*
1766 * Sanity check: if tty->count is going to zero, there shouldn't be
1767 * any waiters on tty->read_wait or tty->write_wait. We test the
1768 * wait queues and kick everyone out _before_ actually starting to
1769 * close. This ensures that we won't block while releasing the tty
1770 * structure.
1771 *
1772 * The test for the o_tty closing is necessary, since the master and
1773 * slave sides may close in any order. If the slave side closes out
1774 * first, its count will be one, since the master side holds an open.
1775 * Thus this test wouldn't be triggered at the time the slave closed,
1776 * so we do it now.
1777 */
1778 while (1) {
1779 do_sleep = 0;
1780
1781 if (tty->count <= 1) {
1782 if (waitqueue_active(&tty->read_wait)) {
1783 wake_up_poll(&tty->read_wait, EPOLLIN);
1784 do_sleep++;
1785 }
1786 if (waitqueue_active(&tty->write_wait)) {
1787 wake_up_poll(&tty->write_wait, EPOLLOUT);
1788 do_sleep++;
1789 }
1790 }
1791 if (o_tty && o_tty->count <= 1) {
1792 if (waitqueue_active(&o_tty->read_wait)) {
1793 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1794 do_sleep++;
1795 }
1796 if (waitqueue_active(&o_tty->write_wait)) {
1797 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1798 do_sleep++;
1799 }
1800 }
1801 if (!do_sleep)
1802 break;
1803
1804 if (once) {
1805 once = 0;
1806 tty_warn(tty, "read/write wait queue active!\n");
1807 }
1808 schedule_timeout_killable(timeout);
1809 if (timeout < 120 * HZ)
1810 timeout = 2 * timeout + 1;
1811 else
1812 timeout = MAX_SCHEDULE_TIMEOUT;
1813 }
1814
1815 if (o_tty) {
1816 if (--o_tty->count < 0) {
1817 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1818 o_tty->count = 0;
1819 }
1820 }
1821 if (--tty->count < 0) {
1822 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1823 tty->count = 0;
1824 }
1825
1826 /*
1827 * We've decremented tty->count, so we need to remove this file
1828 * descriptor off the tty->tty_files list; this serves two
1829 * purposes:
1830 * - check_tty_count sees the correct number of file descriptors
1831 * associated with this tty.
1832 * - do_tty_hangup no longer sees this file descriptor as
1833 * something that needs to be handled for hangups.
1834 */
1835 tty_del_file(filp);
1836
1837 /*
1838 * Perform some housekeeping before deciding whether to return.
1839 *
1840 * If _either_ side is closing, make sure there aren't any
1841 * processes that still think tty or o_tty is their controlling
1842 * tty.
1843 */
1844 if (!tty->count) {
1845 read_lock(&tasklist_lock);
1846 session_clear_tty(tty->ctrl.session);
1847 if (o_tty)
1848 session_clear_tty(o_tty->ctrl.session);
1849 read_unlock(&tasklist_lock);
1850 }
1851
1852 /* check whether both sides are closing ... */
1853 final = !tty->count && !(o_tty && o_tty->count);
1854
1855 tty_unlock_slave(o_tty);
1856 tty_unlock(tty);
1857
1858 /* At this point, the tty->count == 0 should ensure a dead tty
1859 * cannot be re-opened by a racing opener.
1860 */
1861
1862 if (!final)
1863 return 0;
1864
1865 tty_debug_hangup(tty, "final close\n");
1866
1867 tty_release_struct(tty, idx);
1868 return 0;
1869}
1870
1871/**
1872 * tty_open_current_tty - get locked tty of current task
1873 * @device: device number
1874 * @filp: file pointer to tty
1875 * @return: locked tty of the current task iff @device is /dev/tty
1876 *
1877 * Performs a re-open of the current task's controlling tty.
1878 *
1879 * We cannot return driver and index like for the other nodes because devpts
1880 * will not work then. It expects inodes to be from devpts FS.
1881 */
1882static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1883{
1884 struct tty_struct *tty;
1885 int retval;
1886
1887 if (device != MKDEV(TTYAUX_MAJOR, 0))
1888 return NULL;
1889
1890 tty = get_current_tty();
1891 if (!tty)
1892 return ERR_PTR(-ENXIO);
1893
1894 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1895 /* noctty = 1; */
1896 tty_lock(tty);
1897 tty_kref_put(tty); /* safe to drop the kref now */
1898
1899 retval = tty_reopen(tty);
1900 if (retval < 0) {
1901 tty_unlock(tty);
1902 tty = ERR_PTR(retval);
1903 }
1904 return tty;
1905}
1906
1907/**
1908 * tty_lookup_driver - lookup a tty driver for a given device file
1909 * @device: device number
1910 * @filp: file pointer to tty
1911 * @index: index for the device in the @return driver
1912 *
1913 * If returned value is not erroneous, the caller is responsible to decrement
1914 * the refcount by tty_driver_kref_put().
1915 *
1916 * Locking: %tty_mutex protects get_tty_driver()
1917 *
1918 * Return: driver for this inode (with increased refcount)
1919 */
1920static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1921 int *index)
1922{
1923 struct tty_driver *driver = NULL;
1924
1925 switch (device) {
1926#ifdef CONFIG_VT
1927 case MKDEV(TTY_MAJOR, 0): {
1928 extern struct tty_driver *console_driver;
1929
1930 driver = tty_driver_kref_get(console_driver);
1931 *index = fg_console;
1932 break;
1933 }
1934#endif
1935 case MKDEV(TTYAUX_MAJOR, 1): {
1936 struct tty_driver *console_driver = console_device(index);
1937
1938 if (console_driver) {
1939 driver = tty_driver_kref_get(console_driver);
1940 if (driver && filp) {
1941 /* Don't let /dev/console block */
1942 filp->f_flags |= O_NONBLOCK;
1943 break;
1944 }
1945 }
1946 if (driver)
1947 tty_driver_kref_put(driver);
1948 return ERR_PTR(-ENODEV);
1949 }
1950 default:
1951 driver = get_tty_driver(device, index);
1952 if (!driver)
1953 return ERR_PTR(-ENODEV);
1954 break;
1955 }
1956 return driver;
1957}
1958
1959static struct tty_struct *tty_kopen(dev_t device, int shared)
1960{
1961 struct tty_struct *tty;
1962 struct tty_driver *driver;
1963 int index = -1;
1964
1965 mutex_lock(&tty_mutex);
1966 driver = tty_lookup_driver(device, NULL, &index);
1967 if (IS_ERR(driver)) {
1968 mutex_unlock(&tty_mutex);
1969 return ERR_CAST(driver);
1970 }
1971
1972 /* check whether we're reopening an existing tty */
1973 tty = tty_driver_lookup_tty(driver, NULL, index);
1974 if (IS_ERR(tty) || shared)
1975 goto out;
1976
1977 if (tty) {
1978 /* drop kref from tty_driver_lookup_tty() */
1979 tty_kref_put(tty);
1980 tty = ERR_PTR(-EBUSY);
1981 } else { /* tty_init_dev returns tty with the tty_lock held */
1982 tty = tty_init_dev(driver, index);
1983 if (IS_ERR(tty))
1984 goto out;
1985 tty_port_set_kopened(tty->port, 1);
1986 }
1987out:
1988 mutex_unlock(&tty_mutex);
1989 tty_driver_kref_put(driver);
1990 return tty;
1991}
1992
1993/**
1994 * tty_kopen_exclusive - open a tty device for kernel
1995 * @device: dev_t of device to open
1996 *
1997 * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
1998 * it's not already opened and performs the first-time tty initialization.
1999 *
2000 * Claims the global %tty_mutex to serialize:
2001 * * concurrent first-time tty initialization
2002 * * concurrent tty driver removal w/ lookup
2003 * * concurrent tty removal from driver table
2004 *
2005 * Return: the locked initialized &tty_struct
2006 */
2007struct tty_struct *tty_kopen_exclusive(dev_t device)
2008{
2009 return tty_kopen(device, 0);
2010}
2011EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2012
2013/**
2014 * tty_kopen_shared - open a tty device for shared in-kernel use
2015 * @device: dev_t of device to open
2016 *
2017 * Opens an already existing tty for in-kernel use. Compared to
2018 * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2019 *
2020 * Locking: identical to tty_kopen() above.
2021 */
2022struct tty_struct *tty_kopen_shared(dev_t device)
2023{
2024 return tty_kopen(device, 1);
2025}
2026EXPORT_SYMBOL_GPL(tty_kopen_shared);
2027
2028/**
2029 * tty_open_by_driver - open a tty device
2030 * @device: dev_t of device to open
2031 * @filp: file pointer to tty
2032 *
2033 * Performs the driver lookup, checks for a reopen, or otherwise performs the
2034 * first-time tty initialization.
2035 *
2036 *
2037 * Claims the global tty_mutex to serialize:
2038 * * concurrent first-time tty initialization
2039 * * concurrent tty driver removal w/ lookup
2040 * * concurrent tty removal from driver table
2041 *
2042 * Return: the locked initialized or re-opened &tty_struct
2043 */
2044static struct tty_struct *tty_open_by_driver(dev_t device,
2045 struct file *filp)
2046{
2047 struct tty_struct *tty;
2048 struct tty_driver *driver = NULL;
2049 int index = -1;
2050 int retval;
2051
2052 mutex_lock(&tty_mutex);
2053 driver = tty_lookup_driver(device, filp, &index);
2054 if (IS_ERR(driver)) {
2055 mutex_unlock(&tty_mutex);
2056 return ERR_CAST(driver);
2057 }
2058
2059 /* check whether we're reopening an existing tty */
2060 tty = tty_driver_lookup_tty(driver, filp, index);
2061 if (IS_ERR(tty)) {
2062 mutex_unlock(&tty_mutex);
2063 goto out;
2064 }
2065
2066 if (tty) {
2067 if (tty_port_kopened(tty->port)) {
2068 tty_kref_put(tty);
2069 mutex_unlock(&tty_mutex);
2070 tty = ERR_PTR(-EBUSY);
2071 goto out;
2072 }
2073 mutex_unlock(&tty_mutex);
2074 retval = tty_lock_interruptible(tty);
2075 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2076 if (retval) {
2077 if (retval == -EINTR)
2078 retval = -ERESTARTSYS;
2079 tty = ERR_PTR(retval);
2080 goto out;
2081 }
2082 retval = tty_reopen(tty);
2083 if (retval < 0) {
2084 tty_unlock(tty);
2085 tty = ERR_PTR(retval);
2086 }
2087 } else { /* Returns with the tty_lock held for now */
2088 tty = tty_init_dev(driver, index);
2089 mutex_unlock(&tty_mutex);
2090 }
2091out:
2092 tty_driver_kref_put(driver);
2093 return tty;
2094}
2095
2096/**
2097 * tty_open - open a tty device
2098 * @inode: inode of device file
2099 * @filp: file pointer to tty
2100 *
2101 * tty_open() and tty_release() keep up the tty count that contains the number
2102 * of opens done on a tty. We cannot use the inode-count, as different inodes
2103 * might point to the same tty.
2104 *
2105 * Open-counting is needed for pty masters, as well as for keeping track of
2106 * serial lines: DTR is dropped when the last close happens.
2107 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2108 *
2109 * The termios state of a pty is reset on the first open so that settings don't
2110 * persist across reuse.
2111 *
2112 * Locking:
2113 * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2114 * * @tty->count should protect the rest.
2115 * * ->siglock protects ->signal/->sighand
2116 *
2117 * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2118 */
2119static int tty_open(struct inode *inode, struct file *filp)
2120{
2121 struct tty_struct *tty;
2122 int noctty, retval;
2123 dev_t device = inode->i_rdev;
2124 unsigned saved_flags = filp->f_flags;
2125
2126 nonseekable_open(inode, filp);
2127
2128retry_open:
2129 retval = tty_alloc_file(filp);
2130 if (retval)
2131 return -ENOMEM;
2132
2133 tty = tty_open_current_tty(device, filp);
2134 if (!tty)
2135 tty = tty_open_by_driver(device, filp);
2136
2137 if (IS_ERR(tty)) {
2138 tty_free_file(filp);
2139 retval = PTR_ERR(tty);
2140 if (retval != -EAGAIN || signal_pending(current))
2141 return retval;
2142 schedule();
2143 goto retry_open;
2144 }
2145
2146 tty_add_file(tty, filp);
2147
2148 check_tty_count(tty, __func__);
2149 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2150
2151 if (tty->ops->open)
2152 retval = tty->ops->open(tty, filp);
2153 else
2154 retval = -ENODEV;
2155 filp->f_flags = saved_flags;
2156
2157 if (retval) {
2158 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2159
2160 tty_unlock(tty); /* need to call tty_release without BTM */
2161 tty_release(inode, filp);
2162 if (retval != -ERESTARTSYS)
2163 return retval;
2164
2165 if (signal_pending(current))
2166 return retval;
2167
2168 schedule();
2169 /*
2170 * Need to reset f_op in case a hangup happened.
2171 */
2172 if (tty_hung_up_p(filp))
2173 filp->f_op = &tty_fops;
2174 goto retry_open;
2175 }
2176 clear_bit(TTY_HUPPED, &tty->flags);
2177
2178 noctty = (filp->f_flags & O_NOCTTY) ||
2179 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2180 device == MKDEV(TTYAUX_MAJOR, 1) ||
2181 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2182 tty->driver->subtype == PTY_TYPE_MASTER);
2183 if (!noctty)
2184 tty_open_proc_set_tty(filp, tty);
2185 tty_unlock(tty);
2186 return 0;
2187}
2188
2189
2190/**
2191 * tty_poll - check tty status
2192 * @filp: file being polled
2193 * @wait: poll wait structures to update
2194 *
2195 * Call the line discipline polling method to obtain the poll status of the
2196 * device.
2197 *
2198 * Locking: locks called line discipline but ldisc poll method may be
2199 * re-entered freely by other callers.
2200 */
2201static __poll_t tty_poll(struct file *filp, poll_table *wait)
2202{
2203 struct tty_struct *tty = file_tty(filp);
2204 struct tty_ldisc *ld;
2205 __poll_t ret = 0;
2206
2207 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2208 return 0;
2209
2210 ld = tty_ldisc_ref_wait(tty);
2211 if (!ld)
2212 return hung_up_tty_poll(filp, wait);
2213 if (ld->ops->poll)
2214 ret = ld->ops->poll(tty, filp, wait);
2215 tty_ldisc_deref(ld);
2216 return ret;
2217}
2218
2219static int __tty_fasync(int fd, struct file *filp, int on)
2220{
2221 struct tty_struct *tty = file_tty(filp);
2222 unsigned long flags;
2223 int retval = 0;
2224
2225 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2226 goto out;
2227
2228 retval = fasync_helper(fd, filp, on, &tty->fasync);
2229 if (retval <= 0)
2230 goto out;
2231
2232 if (on) {
2233 enum pid_type type;
2234 struct pid *pid;
2235
2236 spin_lock_irqsave(&tty->ctrl.lock, flags);
2237 if (tty->ctrl.pgrp) {
2238 pid = tty->ctrl.pgrp;
2239 type = PIDTYPE_PGID;
2240 } else {
2241 pid = task_pid(current);
2242 type = PIDTYPE_TGID;
2243 }
2244 get_pid(pid);
2245 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2246 __f_setown(filp, pid, type, 0);
2247 put_pid(pid);
2248 retval = 0;
2249 }
2250out:
2251 return retval;
2252}
2253
2254static int tty_fasync(int fd, struct file *filp, int on)
2255{
2256 struct tty_struct *tty = file_tty(filp);
2257 int retval = -ENOTTY;
2258
2259 tty_lock(tty);
2260 if (!tty_hung_up_p(filp))
2261 retval = __tty_fasync(fd, filp, on);
2262 tty_unlock(tty);
2263
2264 return retval;
2265}
2266
2267static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
2268/**
2269 * tiocsti - fake input character
2270 * @tty: tty to fake input into
2271 * @p: pointer to character
2272 *
2273 * Fake input to a tty device. Does the necessary locking and input management.
2274 *
2275 * FIXME: does not honour flow control ??
2276 *
2277 * Locking:
2278 * * Called functions take tty_ldiscs_lock
2279 * * current->signal->tty check is safe without locks
2280 */
2281static int tiocsti(struct tty_struct *tty, u8 __user *p)
2282{
2283 struct tty_ldisc *ld;
2284 u8 ch;
2285
2286 if (!tty_legacy_tiocsti && !capable(CAP_SYS_ADMIN))
2287 return -EIO;
2288
2289 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2290 return -EPERM;
2291 if (get_user(ch, p))
2292 return -EFAULT;
2293 tty_audit_tiocsti(tty, ch);
2294 ld = tty_ldisc_ref_wait(tty);
2295 if (!ld)
2296 return -EIO;
2297 tty_buffer_lock_exclusive(tty->port);
2298 if (ld->ops->receive_buf)
2299 ld->ops->receive_buf(tty, &ch, NULL, 1);
2300 tty_buffer_unlock_exclusive(tty->port);
2301 tty_ldisc_deref(ld);
2302 return 0;
2303}
2304
2305/**
2306 * tiocgwinsz - implement window query ioctl
2307 * @tty: tty
2308 * @arg: user buffer for result
2309 *
2310 * Copies the kernel idea of the window size into the user buffer.
2311 *
2312 * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2313 * consistent.
2314 */
2315static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2316{
2317 int err;
2318
2319 mutex_lock(&tty->winsize_mutex);
2320 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2321 mutex_unlock(&tty->winsize_mutex);
2322
2323 return err ? -EFAULT : 0;
2324}
2325
2326/**
2327 * tty_do_resize - resize event
2328 * @tty: tty being resized
2329 * @ws: new dimensions
2330 *
2331 * Update the termios variables and send the necessary signals to peform a
2332 * terminal resize correctly.
2333 */
2334int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2335{
2336 struct pid *pgrp;
2337
2338 /* Lock the tty */
2339 mutex_lock(&tty->winsize_mutex);
2340 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2341 goto done;
2342
2343 /* Signal the foreground process group */
2344 pgrp = tty_get_pgrp(tty);
2345 if (pgrp)
2346 kill_pgrp(pgrp, SIGWINCH, 1);
2347 put_pid(pgrp);
2348
2349 tty->winsize = *ws;
2350done:
2351 mutex_unlock(&tty->winsize_mutex);
2352 return 0;
2353}
2354EXPORT_SYMBOL(tty_do_resize);
2355
2356/**
2357 * tiocswinsz - implement window size set ioctl
2358 * @tty: tty side of tty
2359 * @arg: user buffer for result
2360 *
2361 * Copies the user idea of the window size to the kernel. Traditionally this is
2362 * just advisory information but for the Linux console it actually has driver
2363 * level meaning and triggers a VC resize.
2364 *
2365 * Locking:
2366 * Driver dependent. The default do_resize method takes the tty termios
2367 * mutex and ctrl.lock. The console takes its own lock then calls into the
2368 * default method.
2369 */
2370static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2371{
2372 struct winsize tmp_ws;
2373
2374 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2375 return -EFAULT;
2376
2377 if (tty->ops->resize)
2378 return tty->ops->resize(tty, &tmp_ws);
2379 else
2380 return tty_do_resize(tty, &tmp_ws);
2381}
2382
2383/**
2384 * tioccons - allow admin to move logical console
2385 * @file: the file to become console
2386 *
2387 * Allow the administrator to move the redirected console device.
2388 *
2389 * Locking: uses redirect_lock to guard the redirect information
2390 */
2391static int tioccons(struct file *file)
2392{
2393 if (!capable(CAP_SYS_ADMIN))
2394 return -EPERM;
2395 if (file->f_op->write_iter == redirected_tty_write) {
2396 struct file *f;
2397
2398 spin_lock(&redirect_lock);
2399 f = redirect;
2400 redirect = NULL;
2401 spin_unlock(&redirect_lock);
2402 if (f)
2403 fput(f);
2404 return 0;
2405 }
2406 if (file->f_op->write_iter != tty_write)
2407 return -ENOTTY;
2408 if (!(file->f_mode & FMODE_WRITE))
2409 return -EBADF;
2410 if (!(file->f_mode & FMODE_CAN_WRITE))
2411 return -EINVAL;
2412 spin_lock(&redirect_lock);
2413 if (redirect) {
2414 spin_unlock(&redirect_lock);
2415 return -EBUSY;
2416 }
2417 redirect = get_file(file);
2418 spin_unlock(&redirect_lock);
2419 return 0;
2420}
2421
2422/**
2423 * tiocsetd - set line discipline
2424 * @tty: tty device
2425 * @p: pointer to user data
2426 *
2427 * Set the line discipline according to user request.
2428 *
2429 * Locking: see tty_set_ldisc(), this function is just a helper
2430 */
2431static int tiocsetd(struct tty_struct *tty, int __user *p)
2432{
2433 int disc;
2434 int ret;
2435
2436 if (get_user(disc, p))
2437 return -EFAULT;
2438
2439 ret = tty_set_ldisc(tty, disc);
2440
2441 return ret;
2442}
2443
2444/**
2445 * tiocgetd - get line discipline
2446 * @tty: tty device
2447 * @p: pointer to user data
2448 *
2449 * Retrieves the line discipline id directly from the ldisc.
2450 *
2451 * Locking: waits for ldisc reference (in case the line discipline is changing
2452 * or the @tty is being hungup)
2453 */
2454static int tiocgetd(struct tty_struct *tty, int __user *p)
2455{
2456 struct tty_ldisc *ld;
2457 int ret;
2458
2459 ld = tty_ldisc_ref_wait(tty);
2460 if (!ld)
2461 return -EIO;
2462 ret = put_user(ld->ops->num, p);
2463 tty_ldisc_deref(ld);
2464 return ret;
2465}
2466
2467/**
2468 * send_break - performed time break
2469 * @tty: device to break on
2470 * @duration: timeout in mS
2471 *
2472 * Perform a timed break on hardware that lacks its own driver level timed
2473 * break functionality.
2474 *
2475 * Locking:
2476 * @tty->atomic_write_lock serializes
2477 */
2478static int send_break(struct tty_struct *tty, unsigned int duration)
2479{
2480 int retval;
2481
2482 if (tty->ops->break_ctl == NULL)
2483 return 0;
2484
2485 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2486 return tty->ops->break_ctl(tty, duration);
2487
2488 /* Do the work ourselves */
2489 if (tty_write_lock(tty, false) < 0)
2490 return -EINTR;
2491
2492 retval = tty->ops->break_ctl(tty, -1);
2493 if (!retval) {
2494 msleep_interruptible(duration);
2495 retval = tty->ops->break_ctl(tty, 0);
2496 } else if (retval == -EOPNOTSUPP) {
2497 /* some drivers can tell only dynamically */
2498 retval = 0;
2499 }
2500 tty_write_unlock(tty);
2501
2502 if (signal_pending(current))
2503 retval = -EINTR;
2504
2505 return retval;
2506}
2507
2508/**
2509 * tty_get_tiocm - get tiocm status register
2510 * @tty: tty device
2511 *
2512 * Obtain the modem status bits from the tty driver if the feature
2513 * is supported.
2514 */
2515int tty_get_tiocm(struct tty_struct *tty)
2516{
2517 int retval = -ENOTTY;
2518
2519 if (tty->ops->tiocmget)
2520 retval = tty->ops->tiocmget(tty);
2521
2522 return retval;
2523}
2524EXPORT_SYMBOL_GPL(tty_get_tiocm);
2525
2526/**
2527 * tty_tiocmget - get modem status
2528 * @tty: tty device
2529 * @p: pointer to result
2530 *
2531 * Obtain the modem status bits from the tty driver if the feature is
2532 * supported. Return -%ENOTTY if it is not available.
2533 *
2534 * Locking: none (up to the driver)
2535 */
2536static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2537{
2538 int retval;
2539
2540 retval = tty_get_tiocm(tty);
2541 if (retval >= 0)
2542 retval = put_user(retval, p);
2543
2544 return retval;
2545}
2546
2547/**
2548 * tty_tiocmset - set modem status
2549 * @tty: tty device
2550 * @cmd: command - clear bits, set bits or set all
2551 * @p: pointer to desired bits
2552 *
2553 * Set the modem status bits from the tty driver if the feature
2554 * is supported. Return -%ENOTTY if it is not available.
2555 *
2556 * Locking: none (up to the driver)
2557 */
2558static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2559 unsigned __user *p)
2560{
2561 int retval;
2562 unsigned int set, clear, val;
2563
2564 if (tty->ops->tiocmset == NULL)
2565 return -ENOTTY;
2566
2567 retval = get_user(val, p);
2568 if (retval)
2569 return retval;
2570 set = clear = 0;
2571 switch (cmd) {
2572 case TIOCMBIS:
2573 set = val;
2574 break;
2575 case TIOCMBIC:
2576 clear = val;
2577 break;
2578 case TIOCMSET:
2579 set = val;
2580 clear = ~val;
2581 break;
2582 }
2583 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2584 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2585 return tty->ops->tiocmset(tty, set, clear);
2586}
2587
2588/**
2589 * tty_get_icount - get tty statistics
2590 * @tty: tty device
2591 * @icount: output parameter
2592 *
2593 * Gets a copy of the @tty's icount statistics.
2594 *
2595 * Locking: none (up to the driver)
2596 */
2597int tty_get_icount(struct tty_struct *tty,
2598 struct serial_icounter_struct *icount)
2599{
2600 memset(icount, 0, sizeof(*icount));
2601
2602 if (tty->ops->get_icount)
2603 return tty->ops->get_icount(tty, icount);
2604 else
2605 return -ENOTTY;
2606}
2607EXPORT_SYMBOL_GPL(tty_get_icount);
2608
2609static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2610{
2611 struct serial_icounter_struct icount;
2612 int retval;
2613
2614 retval = tty_get_icount(tty, &icount);
2615 if (retval != 0)
2616 return retval;
2617
2618 if (copy_to_user(arg, &icount, sizeof(icount)))
2619 return -EFAULT;
2620 return 0;
2621}
2622
2623static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2624{
2625 char comm[TASK_COMM_LEN];
2626 int flags;
2627
2628 flags = ss->flags & ASYNC_DEPRECATED;
2629
2630 if (flags)
2631 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2632 __func__, get_task_comm(comm, current), flags);
2633
2634 if (!tty->ops->set_serial)
2635 return -ENOTTY;
2636
2637 return tty->ops->set_serial(tty, ss);
2638}
2639
2640static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2641{
2642 struct serial_struct v;
2643
2644 if (copy_from_user(&v, ss, sizeof(*ss)))
2645 return -EFAULT;
2646
2647 return tty_set_serial(tty, &v);
2648}
2649
2650static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2651{
2652 struct serial_struct v;
2653 int err;
2654
2655 memset(&v, 0, sizeof(v));
2656 if (!tty->ops->get_serial)
2657 return -ENOTTY;
2658 err = tty->ops->get_serial(tty, &v);
2659 if (!err && copy_to_user(ss, &v, sizeof(v)))
2660 err = -EFAULT;
2661 return err;
2662}
2663
2664/*
2665 * if pty, return the slave side (real_tty)
2666 * otherwise, return self
2667 */
2668static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2669{
2670 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2671 tty->driver->subtype == PTY_TYPE_MASTER)
2672 tty = tty->link;
2673 return tty;
2674}
2675
2676/*
2677 * Split this up, as gcc can choke on it otherwise..
2678 */
2679long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2680{
2681 struct tty_struct *tty = file_tty(file);
2682 struct tty_struct *real_tty;
2683 void __user *p = (void __user *)arg;
2684 int retval;
2685 struct tty_ldisc *ld;
2686
2687 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2688 return -EINVAL;
2689
2690 real_tty = tty_pair_get_tty(tty);
2691
2692 /*
2693 * Factor out some common prep work
2694 */
2695 switch (cmd) {
2696 case TIOCSETD:
2697 case TIOCSBRK:
2698 case TIOCCBRK:
2699 case TCSBRK:
2700 case TCSBRKP:
2701 retval = tty_check_change(tty);
2702 if (retval)
2703 return retval;
2704 if (cmd != TIOCCBRK) {
2705 tty_wait_until_sent(tty, 0);
2706 if (signal_pending(current))
2707 return -EINTR;
2708 }
2709 break;
2710 }
2711
2712 /*
2713 * Now do the stuff.
2714 */
2715 switch (cmd) {
2716 case TIOCSTI:
2717 return tiocsti(tty, p);
2718 case TIOCGWINSZ:
2719 return tiocgwinsz(real_tty, p);
2720 case TIOCSWINSZ:
2721 return tiocswinsz(real_tty, p);
2722 case TIOCCONS:
2723 return real_tty != tty ? -EINVAL : tioccons(file);
2724 case TIOCEXCL:
2725 set_bit(TTY_EXCLUSIVE, &tty->flags);
2726 return 0;
2727 case TIOCNXCL:
2728 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2729 return 0;
2730 case TIOCGEXCL:
2731 {
2732 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2733
2734 return put_user(excl, (int __user *)p);
2735 }
2736 case TIOCGETD:
2737 return tiocgetd(tty, p);
2738 case TIOCSETD:
2739 return tiocsetd(tty, p);
2740 case TIOCVHANGUP:
2741 if (!capable(CAP_SYS_ADMIN))
2742 return -EPERM;
2743 tty_vhangup(tty);
2744 return 0;
2745 case TIOCGDEV:
2746 {
2747 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2748
2749 return put_user(ret, (unsigned int __user *)p);
2750 }
2751 /*
2752 * Break handling
2753 */
2754 case TIOCSBRK: /* Turn break on, unconditionally */
2755 if (tty->ops->break_ctl)
2756 return tty->ops->break_ctl(tty, -1);
2757 return 0;
2758 case TIOCCBRK: /* Turn break off, unconditionally */
2759 if (tty->ops->break_ctl)
2760 return tty->ops->break_ctl(tty, 0);
2761 return 0;
2762 case TCSBRK: /* SVID version: non-zero arg --> no break */
2763 /* non-zero arg means wait for all output data
2764 * to be sent (performed above) but don't send break.
2765 * This is used by the tcdrain() termios function.
2766 */
2767 if (!arg)
2768 return send_break(tty, 250);
2769 return 0;
2770 case TCSBRKP: /* support for POSIX tcsendbreak() */
2771 return send_break(tty, arg ? arg*100 : 250);
2772
2773 case TIOCMGET:
2774 return tty_tiocmget(tty, p);
2775 case TIOCMSET:
2776 case TIOCMBIC:
2777 case TIOCMBIS:
2778 return tty_tiocmset(tty, cmd, p);
2779 case TIOCGICOUNT:
2780 return tty_tiocgicount(tty, p);
2781 case TCFLSH:
2782 switch (arg) {
2783 case TCIFLUSH:
2784 case TCIOFLUSH:
2785 /* flush tty buffer and allow ldisc to process ioctl */
2786 tty_buffer_flush(tty, NULL);
2787 break;
2788 }
2789 break;
2790 case TIOCSSERIAL:
2791 return tty_tiocsserial(tty, p);
2792 case TIOCGSERIAL:
2793 return tty_tiocgserial(tty, p);
2794 case TIOCGPTPEER:
2795 /* Special because the struct file is needed */
2796 return ptm_open_peer(file, tty, (int)arg);
2797 default:
2798 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2799 if (retval != -ENOIOCTLCMD)
2800 return retval;
2801 }
2802 if (tty->ops->ioctl) {
2803 retval = tty->ops->ioctl(tty, cmd, arg);
2804 if (retval != -ENOIOCTLCMD)
2805 return retval;
2806 }
2807 ld = tty_ldisc_ref_wait(tty);
2808 if (!ld)
2809 return hung_up_tty_ioctl(file, cmd, arg);
2810 retval = -EINVAL;
2811 if (ld->ops->ioctl) {
2812 retval = ld->ops->ioctl(tty, cmd, arg);
2813 if (retval == -ENOIOCTLCMD)
2814 retval = -ENOTTY;
2815 }
2816 tty_ldisc_deref(ld);
2817 return retval;
2818}
2819
2820#ifdef CONFIG_COMPAT
2821
2822struct serial_struct32 {
2823 compat_int_t type;
2824 compat_int_t line;
2825 compat_uint_t port;
2826 compat_int_t irq;
2827 compat_int_t flags;
2828 compat_int_t xmit_fifo_size;
2829 compat_int_t custom_divisor;
2830 compat_int_t baud_base;
2831 unsigned short close_delay;
2832 char io_type;
2833 char reserved_char;
2834 compat_int_t hub6;
2835 unsigned short closing_wait; /* time to wait before closing */
2836 unsigned short closing_wait2; /* no longer used... */
2837 compat_uint_t iomem_base;
2838 unsigned short iomem_reg_shift;
2839 unsigned int port_high;
2840 /* compat_ulong_t iomap_base FIXME */
2841 compat_int_t reserved;
2842};
2843
2844static int compat_tty_tiocsserial(struct tty_struct *tty,
2845 struct serial_struct32 __user *ss)
2846{
2847 struct serial_struct32 v32;
2848 struct serial_struct v;
2849
2850 if (copy_from_user(&v32, ss, sizeof(*ss)))
2851 return -EFAULT;
2852
2853 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2854 v.iomem_base = compat_ptr(v32.iomem_base);
2855 v.iomem_reg_shift = v32.iomem_reg_shift;
2856 v.port_high = v32.port_high;
2857 v.iomap_base = 0;
2858
2859 return tty_set_serial(tty, &v);
2860}
2861
2862static int compat_tty_tiocgserial(struct tty_struct *tty,
2863 struct serial_struct32 __user *ss)
2864{
2865 struct serial_struct32 v32;
2866 struct serial_struct v;
2867 int err;
2868
2869 memset(&v, 0, sizeof(v));
2870 memset(&v32, 0, sizeof(v32));
2871
2872 if (!tty->ops->get_serial)
2873 return -ENOTTY;
2874 err = tty->ops->get_serial(tty, &v);
2875 if (!err) {
2876 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2877 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2878 0xfffffff : ptr_to_compat(v.iomem_base);
2879 v32.iomem_reg_shift = v.iomem_reg_shift;
2880 v32.port_high = v.port_high;
2881 if (copy_to_user(ss, &v32, sizeof(v32)))
2882 err = -EFAULT;
2883 }
2884 return err;
2885}
2886static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2887 unsigned long arg)
2888{
2889 struct tty_struct *tty = file_tty(file);
2890 struct tty_ldisc *ld;
2891 int retval = -ENOIOCTLCMD;
2892
2893 switch (cmd) {
2894 case TIOCOUTQ:
2895 case TIOCSTI:
2896 case TIOCGWINSZ:
2897 case TIOCSWINSZ:
2898 case TIOCGEXCL:
2899 case TIOCGETD:
2900 case TIOCSETD:
2901 case TIOCGDEV:
2902 case TIOCMGET:
2903 case TIOCMSET:
2904 case TIOCMBIC:
2905 case TIOCMBIS:
2906 case TIOCGICOUNT:
2907 case TIOCGPGRP:
2908 case TIOCSPGRP:
2909 case TIOCGSID:
2910 case TIOCSERGETLSR:
2911 case TIOCGRS485:
2912 case TIOCSRS485:
2913#ifdef TIOCGETP
2914 case TIOCGETP:
2915 case TIOCSETP:
2916 case TIOCSETN:
2917#endif
2918#ifdef TIOCGETC
2919 case TIOCGETC:
2920 case TIOCSETC:
2921#endif
2922#ifdef TIOCGLTC
2923 case TIOCGLTC:
2924 case TIOCSLTC:
2925#endif
2926 case TCSETSF:
2927 case TCSETSW:
2928 case TCSETS:
2929 case TCGETS:
2930#ifdef TCGETS2
2931 case TCGETS2:
2932 case TCSETSF2:
2933 case TCSETSW2:
2934 case TCSETS2:
2935#endif
2936 case TCGETA:
2937 case TCSETAF:
2938 case TCSETAW:
2939 case TCSETA:
2940 case TIOCGLCKTRMIOS:
2941 case TIOCSLCKTRMIOS:
2942#ifdef TCGETX
2943 case TCGETX:
2944 case TCSETX:
2945 case TCSETXW:
2946 case TCSETXF:
2947#endif
2948 case TIOCGSOFTCAR:
2949 case TIOCSSOFTCAR:
2950
2951 case PPPIOCGCHAN:
2952 case PPPIOCGUNIT:
2953 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2954 case TIOCCONS:
2955 case TIOCEXCL:
2956 case TIOCNXCL:
2957 case TIOCVHANGUP:
2958 case TIOCSBRK:
2959 case TIOCCBRK:
2960 case TCSBRK:
2961 case TCSBRKP:
2962 case TCFLSH:
2963 case TIOCGPTPEER:
2964 case TIOCNOTTY:
2965 case TIOCSCTTY:
2966 case TCXONC:
2967 case TIOCMIWAIT:
2968 case TIOCSERCONFIG:
2969 return tty_ioctl(file, cmd, arg);
2970 }
2971
2972 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2973 return -EINVAL;
2974
2975 switch (cmd) {
2976 case TIOCSSERIAL:
2977 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2978 case TIOCGSERIAL:
2979 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2980 }
2981 if (tty->ops->compat_ioctl) {
2982 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2983 if (retval != -ENOIOCTLCMD)
2984 return retval;
2985 }
2986
2987 ld = tty_ldisc_ref_wait(tty);
2988 if (!ld)
2989 return hung_up_tty_compat_ioctl(file, cmd, arg);
2990 if (ld->ops->compat_ioctl)
2991 retval = ld->ops->compat_ioctl(tty, cmd, arg);
2992 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2993 retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2994 arg);
2995 tty_ldisc_deref(ld);
2996
2997 return retval;
2998}
2999#endif
3000
3001static int this_tty(const void *t, struct file *file, unsigned fd)
3002{
3003 if (likely(file->f_op->read_iter != tty_read))
3004 return 0;
3005 return file_tty(file) != t ? 0 : fd + 1;
3006}
3007
3008/*
3009 * This implements the "Secure Attention Key" --- the idea is to
3010 * prevent trojan horses by killing all processes associated with this
3011 * tty when the user hits the "Secure Attention Key". Required for
3012 * super-paranoid applications --- see the Orange Book for more details.
3013 *
3014 * This code could be nicer; ideally it should send a HUP, wait a few
3015 * seconds, then send a INT, and then a KILL signal. But you then
3016 * have to coordinate with the init process, since all processes associated
3017 * with the current tty must be dead before the new getty is allowed
3018 * to spawn.
3019 *
3020 * Now, if it would be correct ;-/ The current code has a nasty hole -
3021 * it doesn't catch files in flight. We may send the descriptor to ourselves
3022 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3023 *
3024 * Nasty bug: do_SAK is being called in interrupt context. This can
3025 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3026 */
3027void __do_SAK(struct tty_struct *tty)
3028{
3029 struct task_struct *g, *p;
3030 struct pid *session;
3031 int i;
3032 unsigned long flags;
3033
3034 spin_lock_irqsave(&tty->ctrl.lock, flags);
3035 session = get_pid(tty->ctrl.session);
3036 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3037
3038 tty_ldisc_flush(tty);
3039
3040 tty_driver_flush_buffer(tty);
3041
3042 read_lock(&tasklist_lock);
3043 /* Kill the entire session */
3044 do_each_pid_task(session, PIDTYPE_SID, p) {
3045 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3046 task_pid_nr(p), p->comm);
3047 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3048 } while_each_pid_task(session, PIDTYPE_SID, p);
3049
3050 /* Now kill any processes that happen to have the tty open */
3051 for_each_process_thread(g, p) {
3052 if (p->signal->tty == tty) {
3053 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3054 task_pid_nr(p), p->comm);
3055 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3056 PIDTYPE_SID);
3057 continue;
3058 }
3059 task_lock(p);
3060 i = iterate_fd(p->files, 0, this_tty, tty);
3061 if (i != 0) {
3062 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3063 task_pid_nr(p), p->comm, i - 1);
3064 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3065 PIDTYPE_SID);
3066 }
3067 task_unlock(p);
3068 }
3069 read_unlock(&tasklist_lock);
3070 put_pid(session);
3071}
3072
3073static void do_SAK_work(struct work_struct *work)
3074{
3075 struct tty_struct *tty =
3076 container_of(work, struct tty_struct, SAK_work);
3077 __do_SAK(tty);
3078}
3079
3080/*
3081 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3082 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3083 * the values which we write to it will be identical to the values which it
3084 * already has. --akpm
3085 */
3086void do_SAK(struct tty_struct *tty)
3087{
3088 if (!tty)
3089 return;
3090 schedule_work(&tty->SAK_work);
3091}
3092EXPORT_SYMBOL(do_SAK);
3093
3094/* Must put_device() after it's unused! */
3095static struct device *tty_get_device(struct tty_struct *tty)
3096{
3097 dev_t devt = tty_devnum(tty);
3098
3099 return class_find_device_by_devt(&tty_class, devt);
3100}
3101
3102
3103/**
3104 * alloc_tty_struct - allocate a new tty
3105 * @driver: driver which will handle the returned tty
3106 * @idx: minor of the tty
3107 *
3108 * This subroutine allocates and initializes a tty structure.
3109 *
3110 * Locking: none - @tty in question is not exposed at this point
3111 */
3112struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3113{
3114 struct tty_struct *tty;
3115
3116 tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3117 if (!tty)
3118 return NULL;
3119
3120 kref_init(&tty->kref);
3121 if (tty_ldisc_init(tty)) {
3122 kfree(tty);
3123 return NULL;
3124 }
3125 tty->ctrl.session = NULL;
3126 tty->ctrl.pgrp = NULL;
3127 mutex_init(&tty->legacy_mutex);
3128 mutex_init(&tty->throttle_mutex);
3129 init_rwsem(&tty->termios_rwsem);
3130 mutex_init(&tty->winsize_mutex);
3131 init_ldsem(&tty->ldisc_sem);
3132 init_waitqueue_head(&tty->write_wait);
3133 init_waitqueue_head(&tty->read_wait);
3134 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3135 mutex_init(&tty->atomic_write_lock);
3136 spin_lock_init(&tty->ctrl.lock);
3137 spin_lock_init(&tty->flow.lock);
3138 spin_lock_init(&tty->files_lock);
3139 INIT_LIST_HEAD(&tty->tty_files);
3140 INIT_WORK(&tty->SAK_work, do_SAK_work);
3141
3142 tty->driver = driver;
3143 tty->ops = driver->ops;
3144 tty->index = idx;
3145 tty_line_name(driver, idx, tty->name);
3146 tty->dev = tty_get_device(tty);
3147
3148 return tty;
3149}
3150
3151/**
3152 * tty_put_char - write one character to a tty
3153 * @tty: tty
3154 * @ch: character to write
3155 *
3156 * Write one byte to the @tty using the provided @tty->ops->put_char() method
3157 * if present.
3158 *
3159 * Note: the specific put_char operation in the driver layer may go
3160 * away soon. Don't call it directly, use this method
3161 *
3162 * Return: the number of characters successfully output.
3163 */
3164int tty_put_char(struct tty_struct *tty, u8 ch)
3165{
3166 if (tty->ops->put_char)
3167 return tty->ops->put_char(tty, ch);
3168 return tty->ops->write(tty, &ch, 1);
3169}
3170EXPORT_SYMBOL_GPL(tty_put_char);
3171
3172static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3173 unsigned int index, unsigned int count)
3174{
3175 int err;
3176
3177 /* init here, since reused cdevs cause crashes */
3178 driver->cdevs[index] = cdev_alloc();
3179 if (!driver->cdevs[index])
3180 return -ENOMEM;
3181 driver->cdevs[index]->ops = &tty_fops;
3182 driver->cdevs[index]->owner = driver->owner;
3183 err = cdev_add(driver->cdevs[index], dev, count);
3184 if (err)
3185 kobject_put(&driver->cdevs[index]->kobj);
3186 return err;
3187}
3188
3189/**
3190 * tty_register_device - register a tty device
3191 * @driver: the tty driver that describes the tty device
3192 * @index: the index in the tty driver for this tty device
3193 * @device: a struct device that is associated with this tty device.
3194 * This field is optional, if there is no known struct device
3195 * for this tty device it can be set to NULL safely.
3196 *
3197 * This call is required to be made to register an individual tty device
3198 * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3199 * that bit is not set, this function should not be called by a tty
3200 * driver.
3201 *
3202 * Locking: ??
3203 *
3204 * Return: A pointer to the struct device for this tty device (or
3205 * ERR_PTR(-EFOO) on error).
3206 */
3207struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3208 struct device *device)
3209{
3210 return tty_register_device_attr(driver, index, device, NULL, NULL);
3211}
3212EXPORT_SYMBOL(tty_register_device);
3213
3214static void tty_device_create_release(struct device *dev)
3215{
3216 dev_dbg(dev, "releasing...\n");
3217 kfree(dev);
3218}
3219
3220/**
3221 * tty_register_device_attr - register a tty device
3222 * @driver: the tty driver that describes the tty device
3223 * @index: the index in the tty driver for this tty device
3224 * @device: a struct device that is associated with this tty device.
3225 * This field is optional, if there is no known struct device
3226 * for this tty device it can be set to %NULL safely.
3227 * @drvdata: Driver data to be set to device.
3228 * @attr_grp: Attribute group to be set on device.
3229 *
3230 * This call is required to be made to register an individual tty device if the
3231 * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3232 * not set, this function should not be called by a tty driver.
3233 *
3234 * Locking: ??
3235 *
3236 * Return: A pointer to the struct device for this tty device (or
3237 * ERR_PTR(-EFOO) on error).
3238 */
3239struct device *tty_register_device_attr(struct tty_driver *driver,
3240 unsigned index, struct device *device,
3241 void *drvdata,
3242 const struct attribute_group **attr_grp)
3243{
3244 char name[64];
3245 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3246 struct ktermios *tp;
3247 struct device *dev;
3248 int retval;
3249
3250 if (index >= driver->num) {
3251 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3252 driver->name, index);
3253 return ERR_PTR(-EINVAL);
3254 }
3255
3256 if (driver->type == TTY_DRIVER_TYPE_PTY)
3257 pty_line_name(driver, index, name);
3258 else
3259 tty_line_name(driver, index, name);
3260
3261 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3262 if (!dev)
3263 return ERR_PTR(-ENOMEM);
3264
3265 dev->devt = devt;
3266 dev->class = &tty_class;
3267 dev->parent = device;
3268 dev->release = tty_device_create_release;
3269 dev_set_name(dev, "%s", name);
3270 dev->groups = attr_grp;
3271 dev_set_drvdata(dev, drvdata);
3272
3273 dev_set_uevent_suppress(dev, 1);
3274
3275 retval = device_register(dev);
3276 if (retval)
3277 goto err_put;
3278
3279 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3280 /*
3281 * Free any saved termios data so that the termios state is
3282 * reset when reusing a minor number.
3283 */
3284 tp = driver->termios[index];
3285 if (tp) {
3286 driver->termios[index] = NULL;
3287 kfree(tp);
3288 }
3289
3290 retval = tty_cdev_add(driver, devt, index, 1);
3291 if (retval)
3292 goto err_del;
3293 }
3294
3295 dev_set_uevent_suppress(dev, 0);
3296 kobject_uevent(&dev->kobj, KOBJ_ADD);
3297
3298 return dev;
3299
3300err_del:
3301 device_del(dev);
3302err_put:
3303 put_device(dev);
3304
3305 return ERR_PTR(retval);
3306}
3307EXPORT_SYMBOL_GPL(tty_register_device_attr);
3308
3309/**
3310 * tty_unregister_device - unregister a tty device
3311 * @driver: the tty driver that describes the tty device
3312 * @index: the index in the tty driver for this tty device
3313 *
3314 * If a tty device is registered with a call to tty_register_device() then
3315 * this function must be called when the tty device is gone.
3316 *
3317 * Locking: ??
3318 */
3319void tty_unregister_device(struct tty_driver *driver, unsigned index)
3320{
3321 device_destroy(&tty_class, MKDEV(driver->major, driver->minor_start) + index);
3322 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3323 cdev_del(driver->cdevs[index]);
3324 driver->cdevs[index] = NULL;
3325 }
3326}
3327EXPORT_SYMBOL(tty_unregister_device);
3328
3329/**
3330 * __tty_alloc_driver - allocate tty driver
3331 * @lines: count of lines this driver can handle at most
3332 * @owner: module which is responsible for this driver
3333 * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
3334 *
3335 * This should not be called directly, some of the provided macros should be
3336 * used instead. Use IS_ERR() and friends on @retval.
3337 */
3338struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3339 unsigned long flags)
3340{
3341 struct tty_driver *driver;
3342 unsigned int cdevs = 1;
3343 int err;
3344
3345 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3346 return ERR_PTR(-EINVAL);
3347
3348 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3349 if (!driver)
3350 return ERR_PTR(-ENOMEM);
3351
3352 kref_init(&driver->kref);
3353 driver->num = lines;
3354 driver->owner = owner;
3355 driver->flags = flags;
3356
3357 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3358 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3359 GFP_KERNEL);
3360 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3361 GFP_KERNEL);
3362 if (!driver->ttys || !driver->termios) {
3363 err = -ENOMEM;
3364 goto err_free_all;
3365 }
3366 }
3367
3368 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3369 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3370 GFP_KERNEL);
3371 if (!driver->ports) {
3372 err = -ENOMEM;
3373 goto err_free_all;
3374 }
3375 cdevs = lines;
3376 }
3377
3378 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3379 if (!driver->cdevs) {
3380 err = -ENOMEM;
3381 goto err_free_all;
3382 }
3383
3384 return driver;
3385err_free_all:
3386 kfree(driver->ports);
3387 kfree(driver->ttys);
3388 kfree(driver->termios);
3389 kfree(driver->cdevs);
3390 kfree(driver);
3391 return ERR_PTR(err);
3392}
3393EXPORT_SYMBOL(__tty_alloc_driver);
3394
3395static void destruct_tty_driver(struct kref *kref)
3396{
3397 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3398 int i;
3399 struct ktermios *tp;
3400
3401 if (driver->flags & TTY_DRIVER_INSTALLED) {
3402 for (i = 0; i < driver->num; i++) {
3403 tp = driver->termios[i];
3404 if (tp) {
3405 driver->termios[i] = NULL;
3406 kfree(tp);
3407 }
3408 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3409 tty_unregister_device(driver, i);
3410 }
3411 proc_tty_unregister_driver(driver);
3412 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3413 cdev_del(driver->cdevs[0]);
3414 }
3415 kfree(driver->cdevs);
3416 kfree(driver->ports);
3417 kfree(driver->termios);
3418 kfree(driver->ttys);
3419 kfree(driver);
3420}
3421
3422/**
3423 * tty_driver_kref_put - drop a reference to a tty driver
3424 * @driver: driver of which to drop the reference
3425 *
3426 * The final put will destroy and free up the driver.
3427 */
3428void tty_driver_kref_put(struct tty_driver *driver)
3429{
3430 kref_put(&driver->kref, destruct_tty_driver);
3431}
3432EXPORT_SYMBOL(tty_driver_kref_put);
3433
3434/**
3435 * tty_register_driver - register a tty driver
3436 * @driver: driver to register
3437 *
3438 * Called by a tty driver to register itself.
3439 */
3440int tty_register_driver(struct tty_driver *driver)
3441{
3442 int error;
3443 int i;
3444 dev_t dev;
3445 struct device *d;
3446
3447 if (!driver->major) {
3448 error = alloc_chrdev_region(&dev, driver->minor_start,
3449 driver->num, driver->name);
3450 if (!error) {
3451 driver->major = MAJOR(dev);
3452 driver->minor_start = MINOR(dev);
3453 }
3454 } else {
3455 dev = MKDEV(driver->major, driver->minor_start);
3456 error = register_chrdev_region(dev, driver->num, driver->name);
3457 }
3458 if (error < 0)
3459 goto err;
3460
3461 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3462 error = tty_cdev_add(driver, dev, 0, driver->num);
3463 if (error)
3464 goto err_unreg_char;
3465 }
3466
3467 mutex_lock(&tty_mutex);
3468 list_add(&driver->tty_drivers, &tty_drivers);
3469 mutex_unlock(&tty_mutex);
3470
3471 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3472 for (i = 0; i < driver->num; i++) {
3473 d = tty_register_device(driver, i, NULL);
3474 if (IS_ERR(d)) {
3475 error = PTR_ERR(d);
3476 goto err_unreg_devs;
3477 }
3478 }
3479 }
3480 proc_tty_register_driver(driver);
3481 driver->flags |= TTY_DRIVER_INSTALLED;
3482 return 0;
3483
3484err_unreg_devs:
3485 for (i--; i >= 0; i--)
3486 tty_unregister_device(driver, i);
3487
3488 mutex_lock(&tty_mutex);
3489 list_del(&driver->tty_drivers);
3490 mutex_unlock(&tty_mutex);
3491
3492err_unreg_char:
3493 unregister_chrdev_region(dev, driver->num);
3494err:
3495 return error;
3496}
3497EXPORT_SYMBOL(tty_register_driver);
3498
3499/**
3500 * tty_unregister_driver - unregister a tty driver
3501 * @driver: driver to unregister
3502 *
3503 * Called by a tty driver to unregister itself.
3504 */
3505void tty_unregister_driver(struct tty_driver *driver)
3506{
3507 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3508 driver->num);
3509 mutex_lock(&tty_mutex);
3510 list_del(&driver->tty_drivers);
3511 mutex_unlock(&tty_mutex);
3512}
3513EXPORT_SYMBOL(tty_unregister_driver);
3514
3515dev_t tty_devnum(struct tty_struct *tty)
3516{
3517 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3518}
3519EXPORT_SYMBOL(tty_devnum);
3520
3521void tty_default_fops(struct file_operations *fops)
3522{
3523 *fops = tty_fops;
3524}
3525
3526static char *tty_devnode(const struct device *dev, umode_t *mode)
3527{
3528 if (!mode)
3529 return NULL;
3530 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3531 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3532 *mode = 0666;
3533 return NULL;
3534}
3535
3536const struct class tty_class = {
3537 .name = "tty",
3538 .devnode = tty_devnode,
3539};
3540
3541static int __init tty_class_init(void)
3542{
3543 return class_register(&tty_class);
3544}
3545
3546postcore_initcall(tty_class_init);
3547
3548/* 3/2004 jmc: why do these devices exist? */
3549static struct cdev tty_cdev, console_cdev;
3550
3551static ssize_t show_cons_active(struct device *dev,
3552 struct device_attribute *attr, char *buf)
3553{
3554 struct console *cs[16];
3555 int i = 0;
3556 struct console *c;
3557 ssize_t count = 0;
3558
3559 /*
3560 * Hold the console_list_lock to guarantee that no consoles are
3561 * unregistered until all console processing is complete.
3562 * This also allows safe traversal of the console list and
3563 * race-free reading of @flags.
3564 */
3565 console_list_lock();
3566
3567 for_each_console(c) {
3568 if (!c->device)
3569 continue;
3570 if (!c->write)
3571 continue;
3572 if ((c->flags & CON_ENABLED) == 0)
3573 continue;
3574 cs[i++] = c;
3575 if (i >= ARRAY_SIZE(cs))
3576 break;
3577 }
3578
3579 /*
3580 * Take console_lock to serialize device() callback with
3581 * other console operations. For example, fg_console is
3582 * modified under console_lock when switching vt.
3583 */
3584 console_lock();
3585 while (i--) {
3586 int index = cs[i]->index;
3587 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3588
3589 /* don't resolve tty0 as some programs depend on it */
3590 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3591 count += tty_line_name(drv, index, buf + count);
3592 else
3593 count += sprintf(buf + count, "%s%d",
3594 cs[i]->name, cs[i]->index);
3595
3596 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3597 }
3598 console_unlock();
3599
3600 console_list_unlock();
3601
3602 return count;
3603}
3604static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3605
3606static struct attribute *cons_dev_attrs[] = {
3607 &dev_attr_active.attr,
3608 NULL
3609};
3610
3611ATTRIBUTE_GROUPS(cons_dev);
3612
3613static struct device *consdev;
3614
3615void console_sysfs_notify(void)
3616{
3617 if (consdev)
3618 sysfs_notify(&consdev->kobj, NULL, "active");
3619}
3620
3621static struct ctl_table tty_table[] = {
3622 {
3623 .procname = "legacy_tiocsti",
3624 .data = &tty_legacy_tiocsti,
3625 .maxlen = sizeof(tty_legacy_tiocsti),
3626 .mode = 0644,
3627 .proc_handler = proc_dobool,
3628 },
3629 {
3630 .procname = "ldisc_autoload",
3631 .data = &tty_ldisc_autoload,
3632 .maxlen = sizeof(tty_ldisc_autoload),
3633 .mode = 0644,
3634 .proc_handler = proc_dointvec,
3635 .extra1 = SYSCTL_ZERO,
3636 .extra2 = SYSCTL_ONE,
3637 },
3638};
3639
3640/*
3641 * Ok, now we can initialize the rest of the tty devices and can count
3642 * on memory allocations, interrupts etc..
3643 */
3644int __init tty_init(void)
3645{
3646 register_sysctl_init("dev/tty", tty_table);
3647 cdev_init(&tty_cdev, &tty_fops);
3648 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3649 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3650 panic("Couldn't register /dev/tty driver\n");
3651 device_create(&tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3652
3653 cdev_init(&console_cdev, &console_fops);
3654 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3655 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3656 panic("Couldn't register /dev/console driver\n");
3657 consdev = device_create_with_groups(&tty_class, NULL,
3658 MKDEV(TTYAUX_MAJOR, 1), NULL,
3659 cons_dev_groups, "console");
3660 if (IS_ERR(consdev))
3661 consdev = NULL;
3662
3663#ifdef CONFIG_VT
3664 vty_init(&console_fops);
3665#endif
3666 return 0;
3667}
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 */
5
6/*
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
9 *
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 *
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
17 *
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
22 *
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
26 *
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
29 * -- TYT, 1/31/92
30 *
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
34 *
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
37 *
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
40 *
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
43 *
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
46 *
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
50 *
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
53 *
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
56 *
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
59 *
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
62 *
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched/signal.h>
74#include <linux/sched/task.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/fdtable.h>
82#include <linux/console.h>
83#include <linux/timer.h>
84#include <linux/ctype.h>
85#include <linux/kd.h>
86#include <linux/mm.h>
87#include <linux/string.h>
88#include <linux/slab.h>
89#include <linux/poll.h>
90#include <linux/ppp-ioctl.h>
91#include <linux/proc_fs.h>
92#include <linux/init.h>
93#include <linux/module.h>
94#include <linux/device.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
97#include <linux/delay.h>
98#include <linux/seq_file.h>
99#include <linux/serial.h>
100#include <linux/ratelimit.h>
101#include <linux/compat.h>
102
103#include <linux/uaccess.h>
104
105#include <linux/kbd_kern.h>
106#include <linux/vt_kern.h>
107#include <linux/selection.h>
108
109#include <linux/kmod.h>
110#include <linux/nsproxy.h>
111#include "tty.h"
112
113#undef TTY_DEBUG_HANGUP
114#ifdef TTY_DEBUG_HANGUP
115# define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
116#else
117# define tty_debug_hangup(tty, f, args...) do { } while (0)
118#endif
119
120#define TTY_PARANOIA_CHECK 1
121#define CHECK_TTY_COUNT 1
122
123struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
124 .c_iflag = ICRNL | IXON,
125 .c_oflag = OPOST | ONLCR,
126 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
127 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
128 ECHOCTL | ECHOKE | IEXTEN,
129 .c_cc = INIT_C_CC,
130 .c_ispeed = 38400,
131 .c_ospeed = 38400,
132 /* .c_line = N_TTY, */
133};
134EXPORT_SYMBOL(tty_std_termios);
135
136/* This list gets poked at by procfs and various bits of boot up code. This
137 * could do with some rationalisation such as pulling the tty proc function
138 * into this file.
139 */
140
141LIST_HEAD(tty_drivers); /* linked list of tty drivers */
142
143/* Mutex to protect creating and releasing a tty */
144DEFINE_MUTEX(tty_mutex);
145
146static ssize_t tty_read(struct kiocb *, struct iov_iter *);
147static ssize_t tty_write(struct kiocb *, struct iov_iter *);
148static __poll_t tty_poll(struct file *, poll_table *);
149static int tty_open(struct inode *, struct file *);
150#ifdef CONFIG_COMPAT
151static long tty_compat_ioctl(struct file *file, unsigned int cmd,
152 unsigned long arg);
153#else
154#define tty_compat_ioctl NULL
155#endif
156static int __tty_fasync(int fd, struct file *filp, int on);
157static int tty_fasync(int fd, struct file *filp, int on);
158static void release_tty(struct tty_struct *tty, int idx);
159
160/**
161 * free_tty_struct - free a disused tty
162 * @tty: tty struct to free
163 *
164 * Free the write buffers, tty queue and tty memory itself.
165 *
166 * Locking: none. Must be called after tty is definitely unused
167 */
168
169static void free_tty_struct(struct tty_struct *tty)
170{
171 tty_ldisc_deinit(tty);
172 put_device(tty->dev);
173 kfree(tty->write_buf);
174 tty->magic = 0xDEADDEAD;
175 kfree(tty);
176}
177
178static inline struct tty_struct *file_tty(struct file *file)
179{
180 return ((struct tty_file_private *)file->private_data)->tty;
181}
182
183int tty_alloc_file(struct file *file)
184{
185 struct tty_file_private *priv;
186
187 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
188 if (!priv)
189 return -ENOMEM;
190
191 file->private_data = priv;
192
193 return 0;
194}
195
196/* Associate a new file with the tty structure */
197void tty_add_file(struct tty_struct *tty, struct file *file)
198{
199 struct tty_file_private *priv = file->private_data;
200
201 priv->tty = tty;
202 priv->file = file;
203
204 spin_lock(&tty->files_lock);
205 list_add(&priv->list, &tty->tty_files);
206 spin_unlock(&tty->files_lock);
207}
208
209/*
210 * tty_free_file - free file->private_data
211 *
212 * This shall be used only for fail path handling when tty_add_file was not
213 * called yet.
214 */
215void tty_free_file(struct file *file)
216{
217 struct tty_file_private *priv = file->private_data;
218
219 file->private_data = NULL;
220 kfree(priv);
221}
222
223/* Delete file from its tty */
224static void tty_del_file(struct file *file)
225{
226 struct tty_file_private *priv = file->private_data;
227 struct tty_struct *tty = priv->tty;
228
229 spin_lock(&tty->files_lock);
230 list_del(&priv->list);
231 spin_unlock(&tty->files_lock);
232 tty_free_file(file);
233}
234
235/**
236 * tty_name - return tty naming
237 * @tty: tty structure
238 *
239 * Convert a tty structure into a name. The name reflects the kernel
240 * naming policy and if udev is in use may not reflect user space
241 *
242 * Locking: none
243 */
244
245const char *tty_name(const struct tty_struct *tty)
246{
247 if (!tty) /* Hmm. NULL pointer. That's fun. */
248 return "NULL tty";
249 return tty->name;
250}
251EXPORT_SYMBOL(tty_name);
252
253const char *tty_driver_name(const struct tty_struct *tty)
254{
255 if (!tty || !tty->driver)
256 return "";
257 return tty->driver->name;
258}
259
260static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
261 const char *routine)
262{
263#ifdef TTY_PARANOIA_CHECK
264 if (!tty) {
265 pr_warn("(%d:%d): %s: NULL tty\n",
266 imajor(inode), iminor(inode), routine);
267 return 1;
268 }
269 if (tty->magic != TTY_MAGIC) {
270 pr_warn("(%d:%d): %s: bad magic number\n",
271 imajor(inode), iminor(inode), routine);
272 return 1;
273 }
274#endif
275 return 0;
276}
277
278/* Caller must hold tty_lock */
279static int check_tty_count(struct tty_struct *tty, const char *routine)
280{
281#ifdef CHECK_TTY_COUNT
282 struct list_head *p;
283 int count = 0, kopen_count = 0;
284
285 spin_lock(&tty->files_lock);
286 list_for_each(p, &tty->tty_files) {
287 count++;
288 }
289 spin_unlock(&tty->files_lock);
290 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
291 tty->driver->subtype == PTY_TYPE_SLAVE &&
292 tty->link && tty->link->count)
293 count++;
294 if (tty_port_kopened(tty->port))
295 kopen_count++;
296 if (tty->count != (count + kopen_count)) {
297 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
298 routine, tty->count, count, kopen_count);
299 return (count + kopen_count);
300 }
301#endif
302 return 0;
303}
304
305/**
306 * get_tty_driver - find device of a tty
307 * @device: device identifier
308 * @index: returns the index of the tty
309 *
310 * This routine returns a tty driver structure, given a device number
311 * and also passes back the index number.
312 *
313 * Locking: caller must hold tty_mutex
314 */
315
316static struct tty_driver *get_tty_driver(dev_t device, int *index)
317{
318 struct tty_driver *p;
319
320 list_for_each_entry(p, &tty_drivers, tty_drivers) {
321 dev_t base = MKDEV(p->major, p->minor_start);
322
323 if (device < base || device >= base + p->num)
324 continue;
325 *index = device - base;
326 return tty_driver_kref_get(p);
327 }
328 return NULL;
329}
330
331/**
332 * tty_dev_name_to_number - return dev_t for device name
333 * @name: user space name of device under /dev
334 * @number: pointer to dev_t that this function will populate
335 *
336 * This function converts device names like ttyS0 or ttyUSB1 into dev_t
337 * like (4, 64) or (188, 1). If no corresponding driver is registered then
338 * the function returns -ENODEV.
339 *
340 * Locking: this acquires tty_mutex to protect the tty_drivers list from
341 * being modified while we are traversing it, and makes sure to
342 * release it before exiting.
343 */
344int tty_dev_name_to_number(const char *name, dev_t *number)
345{
346 struct tty_driver *p;
347 int ret;
348 int index, prefix_length = 0;
349 const char *str;
350
351 for (str = name; *str && !isdigit(*str); str++)
352 ;
353
354 if (!*str)
355 return -EINVAL;
356
357 ret = kstrtoint(str, 10, &index);
358 if (ret)
359 return ret;
360
361 prefix_length = str - name;
362 mutex_lock(&tty_mutex);
363
364 list_for_each_entry(p, &tty_drivers, tty_drivers)
365 if (prefix_length == strlen(p->name) && strncmp(name,
366 p->name, prefix_length) == 0) {
367 if (index < p->num) {
368 *number = MKDEV(p->major, p->minor_start + index);
369 goto out;
370 }
371 }
372
373 /* if here then driver wasn't found */
374 ret = -ENODEV;
375out:
376 mutex_unlock(&tty_mutex);
377 return ret;
378}
379EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
380
381#ifdef CONFIG_CONSOLE_POLL
382
383/**
384 * tty_find_polling_driver - find device of a polled tty
385 * @name: name string to match
386 * @line: pointer to resulting tty line nr
387 *
388 * This routine returns a tty driver structure, given a name
389 * and the condition that the tty driver is capable of polled
390 * operation.
391 */
392struct tty_driver *tty_find_polling_driver(char *name, int *line)
393{
394 struct tty_driver *p, *res = NULL;
395 int tty_line = 0;
396 int len;
397 char *str, *stp;
398
399 for (str = name; *str; str++)
400 if ((*str >= '0' && *str <= '9') || *str == ',')
401 break;
402 if (!*str)
403 return NULL;
404
405 len = str - name;
406 tty_line = simple_strtoul(str, &str, 10);
407
408 mutex_lock(&tty_mutex);
409 /* Search through the tty devices to look for a match */
410 list_for_each_entry(p, &tty_drivers, tty_drivers) {
411 if (!len || strncmp(name, p->name, len) != 0)
412 continue;
413 stp = str;
414 if (*stp == ',')
415 stp++;
416 if (*stp == '\0')
417 stp = NULL;
418
419 if (tty_line >= 0 && tty_line < p->num && p->ops &&
420 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
421 res = tty_driver_kref_get(p);
422 *line = tty_line;
423 break;
424 }
425 }
426 mutex_unlock(&tty_mutex);
427
428 return res;
429}
430EXPORT_SYMBOL_GPL(tty_find_polling_driver);
431#endif
432
433static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
434{
435 return 0;
436}
437
438static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
439{
440 return -EIO;
441}
442
443/* No kernel lock held - none needed ;) */
444static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
445{
446 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
447}
448
449static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
450 unsigned long arg)
451{
452 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
453}
454
455static long hung_up_tty_compat_ioctl(struct file *file,
456 unsigned int cmd, unsigned long arg)
457{
458 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
459}
460
461static int hung_up_tty_fasync(int fd, struct file *file, int on)
462{
463 return -ENOTTY;
464}
465
466static void tty_show_fdinfo(struct seq_file *m, struct file *file)
467{
468 struct tty_struct *tty = file_tty(file);
469
470 if (tty && tty->ops && tty->ops->show_fdinfo)
471 tty->ops->show_fdinfo(tty, m);
472}
473
474static const struct file_operations tty_fops = {
475 .llseek = no_llseek,
476 .read_iter = tty_read,
477 .write_iter = tty_write,
478 .splice_read = generic_file_splice_read,
479 .splice_write = iter_file_splice_write,
480 .poll = tty_poll,
481 .unlocked_ioctl = tty_ioctl,
482 .compat_ioctl = tty_compat_ioctl,
483 .open = tty_open,
484 .release = tty_release,
485 .fasync = tty_fasync,
486 .show_fdinfo = tty_show_fdinfo,
487};
488
489static const struct file_operations console_fops = {
490 .llseek = no_llseek,
491 .read_iter = tty_read,
492 .write_iter = redirected_tty_write,
493 .splice_read = generic_file_splice_read,
494 .splice_write = iter_file_splice_write,
495 .poll = tty_poll,
496 .unlocked_ioctl = tty_ioctl,
497 .compat_ioctl = tty_compat_ioctl,
498 .open = tty_open,
499 .release = tty_release,
500 .fasync = tty_fasync,
501};
502
503static const struct file_operations hung_up_tty_fops = {
504 .llseek = no_llseek,
505 .read_iter = hung_up_tty_read,
506 .write_iter = hung_up_tty_write,
507 .poll = hung_up_tty_poll,
508 .unlocked_ioctl = hung_up_tty_ioctl,
509 .compat_ioctl = hung_up_tty_compat_ioctl,
510 .release = tty_release,
511 .fasync = hung_up_tty_fasync,
512};
513
514static DEFINE_SPINLOCK(redirect_lock);
515static struct file *redirect;
516
517/**
518 * tty_wakeup - request more data
519 * @tty: terminal
520 *
521 * Internal and external helper for wakeups of tty. This function
522 * informs the line discipline if present that the driver is ready
523 * to receive more output data.
524 */
525
526void tty_wakeup(struct tty_struct *tty)
527{
528 struct tty_ldisc *ld;
529
530 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
531 ld = tty_ldisc_ref(tty);
532 if (ld) {
533 if (ld->ops->write_wakeup)
534 ld->ops->write_wakeup(tty);
535 tty_ldisc_deref(ld);
536 }
537 }
538 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
539}
540EXPORT_SYMBOL_GPL(tty_wakeup);
541
542/**
543 * tty_release_redirect - Release a redirect on a pty if present
544 * @tty: tty device
545 *
546 * This is available to the pty code so if the master closes, if the
547 * slave is a redirect it can release the redirect.
548 */
549static struct file *tty_release_redirect(struct tty_struct *tty)
550{
551 struct file *f = NULL;
552
553 spin_lock(&redirect_lock);
554 if (redirect && file_tty(redirect) == tty) {
555 f = redirect;
556 redirect = NULL;
557 }
558 spin_unlock(&redirect_lock);
559
560 return f;
561}
562
563/**
564 * __tty_hangup - actual handler for hangup events
565 * @tty: tty device
566 * @exit_session: if non-zero, signal all foreground group processes
567 *
568 * This can be called by a "kworker" kernel thread. That is process
569 * synchronous but doesn't hold any locks, so we need to make sure we
570 * have the appropriate locks for what we're doing.
571 *
572 * The hangup event clears any pending redirections onto the hung up
573 * device. It ensures future writes will error and it does the needed
574 * line discipline hangup and signal delivery. The tty object itself
575 * remains intact.
576 *
577 * Locking:
578 * BTM
579 * redirect lock for undoing redirection
580 * file list lock for manipulating list of ttys
581 * tty_ldiscs_lock from called functions
582 * termios_rwsem resetting termios data
583 * tasklist_lock to walk task list for hangup event
584 * ->siglock to protect ->signal/->sighand
585 */
586static void __tty_hangup(struct tty_struct *tty, int exit_session)
587{
588 struct file *cons_filp = NULL;
589 struct file *filp, *f;
590 struct tty_file_private *priv;
591 int closecount = 0, n;
592 int refs;
593
594 if (!tty)
595 return;
596
597 f = tty_release_redirect(tty);
598
599 tty_lock(tty);
600
601 if (test_bit(TTY_HUPPED, &tty->flags)) {
602 tty_unlock(tty);
603 return;
604 }
605
606 /*
607 * Some console devices aren't actually hung up for technical and
608 * historical reasons, which can lead to indefinite interruptible
609 * sleep in n_tty_read(). The following explicitly tells
610 * n_tty_read() to abort readers.
611 */
612 set_bit(TTY_HUPPING, &tty->flags);
613
614 /* inuse_filps is protected by the single tty lock,
615 * this really needs to change if we want to flush the
616 * workqueue with the lock held.
617 */
618 check_tty_count(tty, "tty_hangup");
619
620 spin_lock(&tty->files_lock);
621 /* This breaks for file handles being sent over AF_UNIX sockets ? */
622 list_for_each_entry(priv, &tty->tty_files, list) {
623 filp = priv->file;
624 if (filp->f_op->write_iter == redirected_tty_write)
625 cons_filp = filp;
626 if (filp->f_op->write_iter != tty_write)
627 continue;
628 closecount++;
629 __tty_fasync(-1, filp, 0); /* can't block */
630 filp->f_op = &hung_up_tty_fops;
631 }
632 spin_unlock(&tty->files_lock);
633
634 refs = tty_signal_session_leader(tty, exit_session);
635 /* Account for the p->signal references we killed */
636 while (refs--)
637 tty_kref_put(tty);
638
639 tty_ldisc_hangup(tty, cons_filp != NULL);
640
641 spin_lock_irq(&tty->ctrl.lock);
642 clear_bit(TTY_THROTTLED, &tty->flags);
643 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
644 put_pid(tty->ctrl.session);
645 put_pid(tty->ctrl.pgrp);
646 tty->ctrl.session = NULL;
647 tty->ctrl.pgrp = NULL;
648 tty->ctrl.pktstatus = 0;
649 spin_unlock_irq(&tty->ctrl.lock);
650
651 /*
652 * If one of the devices matches a console pointer, we
653 * cannot just call hangup() because that will cause
654 * tty->count and state->count to go out of sync.
655 * So we just call close() the right number of times.
656 */
657 if (cons_filp) {
658 if (tty->ops->close)
659 for (n = 0; n < closecount; n++)
660 tty->ops->close(tty, cons_filp);
661 } else if (tty->ops->hangup)
662 tty->ops->hangup(tty);
663 /*
664 * We don't want to have driver/ldisc interactions beyond the ones
665 * we did here. The driver layer expects no calls after ->hangup()
666 * from the ldisc side, which is now guaranteed.
667 */
668 set_bit(TTY_HUPPED, &tty->flags);
669 clear_bit(TTY_HUPPING, &tty->flags);
670 tty_unlock(tty);
671
672 if (f)
673 fput(f);
674}
675
676static void do_tty_hangup(struct work_struct *work)
677{
678 struct tty_struct *tty =
679 container_of(work, struct tty_struct, hangup_work);
680
681 __tty_hangup(tty, 0);
682}
683
684/**
685 * tty_hangup - trigger a hangup event
686 * @tty: tty to hangup
687 *
688 * A carrier loss (virtual or otherwise) has occurred on this like
689 * schedule a hangup sequence to run after this event.
690 */
691
692void tty_hangup(struct tty_struct *tty)
693{
694 tty_debug_hangup(tty, "hangup\n");
695 schedule_work(&tty->hangup_work);
696}
697EXPORT_SYMBOL(tty_hangup);
698
699/**
700 * tty_vhangup - process vhangup
701 * @tty: tty to hangup
702 *
703 * The user has asked via system call for the terminal to be hung up.
704 * We do this synchronously so that when the syscall returns the process
705 * is complete. That guarantee is necessary for security reasons.
706 */
707
708void tty_vhangup(struct tty_struct *tty)
709{
710 tty_debug_hangup(tty, "vhangup\n");
711 __tty_hangup(tty, 0);
712}
713EXPORT_SYMBOL(tty_vhangup);
714
715
716/**
717 * tty_vhangup_self - process vhangup for own ctty
718 *
719 * Perform a vhangup on the current controlling tty
720 */
721
722void tty_vhangup_self(void)
723{
724 struct tty_struct *tty;
725
726 tty = get_current_tty();
727 if (tty) {
728 tty_vhangup(tty);
729 tty_kref_put(tty);
730 }
731}
732
733/**
734 * tty_vhangup_session - hangup session leader exit
735 * @tty: tty to hangup
736 *
737 * The session leader is exiting and hanging up its controlling terminal.
738 * Every process in the foreground process group is signalled SIGHUP.
739 *
740 * We do this synchronously so that when the syscall returns the process
741 * is complete. That guarantee is necessary for security reasons.
742 */
743
744void tty_vhangup_session(struct tty_struct *tty)
745{
746 tty_debug_hangup(tty, "session hangup\n");
747 __tty_hangup(tty, 1);
748}
749
750/**
751 * tty_hung_up_p - was tty hung up
752 * @filp: file pointer of tty
753 *
754 * Return true if the tty has been subject to a vhangup or a carrier
755 * loss
756 */
757
758int tty_hung_up_p(struct file *filp)
759{
760 return (filp && filp->f_op == &hung_up_tty_fops);
761}
762EXPORT_SYMBOL(tty_hung_up_p);
763
764void __stop_tty(struct tty_struct *tty)
765{
766 if (tty->flow.stopped)
767 return;
768 tty->flow.stopped = true;
769 if (tty->ops->stop)
770 tty->ops->stop(tty);
771}
772
773/**
774 * stop_tty - propagate flow control
775 * @tty: tty to stop
776 *
777 * Perform flow control to the driver. May be called
778 * on an already stopped device and will not re-call the driver
779 * method.
780 *
781 * This functionality is used by both the line disciplines for
782 * halting incoming flow and by the driver. It may therefore be
783 * called from any context, may be under the tty atomic_write_lock
784 * but not always.
785 *
786 * Locking:
787 * flow.lock
788 */
789void stop_tty(struct tty_struct *tty)
790{
791 unsigned long flags;
792
793 spin_lock_irqsave(&tty->flow.lock, flags);
794 __stop_tty(tty);
795 spin_unlock_irqrestore(&tty->flow.lock, flags);
796}
797EXPORT_SYMBOL(stop_tty);
798
799void __start_tty(struct tty_struct *tty)
800{
801 if (!tty->flow.stopped || tty->flow.tco_stopped)
802 return;
803 tty->flow.stopped = false;
804 if (tty->ops->start)
805 tty->ops->start(tty);
806 tty_wakeup(tty);
807}
808
809/**
810 * start_tty - propagate flow control
811 * @tty: tty to start
812 *
813 * Start a tty that has been stopped if at all possible. If this
814 * tty was previous stopped and is now being started, the driver
815 * start method is invoked and the line discipline woken.
816 *
817 * Locking:
818 * flow.lock
819 */
820void start_tty(struct tty_struct *tty)
821{
822 unsigned long flags;
823
824 spin_lock_irqsave(&tty->flow.lock, flags);
825 __start_tty(tty);
826 spin_unlock_irqrestore(&tty->flow.lock, flags);
827}
828EXPORT_SYMBOL(start_tty);
829
830static void tty_update_time(struct timespec64 *time)
831{
832 time64_t sec = ktime_get_real_seconds();
833
834 /*
835 * We only care if the two values differ in anything other than the
836 * lower three bits (i.e every 8 seconds). If so, then we can update
837 * the time of the tty device, otherwise it could be construded as a
838 * security leak to let userspace know the exact timing of the tty.
839 */
840 if ((sec ^ time->tv_sec) & ~7)
841 time->tv_sec = sec;
842}
843
844/*
845 * Iterate on the ldisc ->read() function until we've gotten all
846 * the data the ldisc has for us.
847 *
848 * The "cookie" is something that the ldisc read function can fill
849 * in to let us know that there is more data to be had.
850 *
851 * We promise to continue to call the ldisc until it stops returning
852 * data or clears the cookie. The cookie may be something that the
853 * ldisc maintains state for and needs to free.
854 */
855static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
856 struct file *file, struct iov_iter *to)
857{
858 int retval = 0;
859 void *cookie = NULL;
860 unsigned long offset = 0;
861 char kernel_buf[64];
862 size_t count = iov_iter_count(to);
863
864 do {
865 int size, copied;
866
867 size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
868 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
869 if (!size)
870 break;
871
872 if (size < 0) {
873 /* Did we have an earlier error (ie -EFAULT)? */
874 if (retval)
875 break;
876 retval = size;
877
878 /*
879 * -EOVERFLOW means we didn't have enough space
880 * for a whole packet, and we shouldn't return
881 * a partial result.
882 */
883 if (retval == -EOVERFLOW)
884 offset = 0;
885 break;
886 }
887
888 copied = copy_to_iter(kernel_buf, size, to);
889 offset += copied;
890 count -= copied;
891
892 /*
893 * If the user copy failed, we still need to do another ->read()
894 * call if we had a cookie to let the ldisc clear up.
895 *
896 * But make sure size is zeroed.
897 */
898 if (unlikely(copied != size)) {
899 count = 0;
900 retval = -EFAULT;
901 }
902 } while (cookie);
903
904 /* We always clear tty buffer in case they contained passwords */
905 memzero_explicit(kernel_buf, sizeof(kernel_buf));
906 return offset ? offset : retval;
907}
908
909
910/**
911 * tty_read - read method for tty device files
912 * @iocb: kernel I/O control block
913 * @to: destination for the data read
914 *
915 * Perform the read system call function on this terminal device. Checks
916 * for hung up devices before calling the line discipline method.
917 *
918 * Locking:
919 * Locks the line discipline internally while needed. Multiple
920 * read calls may be outstanding in parallel.
921 */
922
923static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
924{
925 int i;
926 struct file *file = iocb->ki_filp;
927 struct inode *inode = file_inode(file);
928 struct tty_struct *tty = file_tty(file);
929 struct tty_ldisc *ld;
930
931 if (tty_paranoia_check(tty, inode, "tty_read"))
932 return -EIO;
933 if (!tty || tty_io_error(tty))
934 return -EIO;
935
936 /* We want to wait for the line discipline to sort out in this
937 * situation.
938 */
939 ld = tty_ldisc_ref_wait(tty);
940 if (!ld)
941 return hung_up_tty_read(iocb, to);
942 i = -EIO;
943 if (ld->ops->read)
944 i = iterate_tty_read(ld, tty, file, to);
945 tty_ldisc_deref(ld);
946
947 if (i > 0)
948 tty_update_time(&inode->i_atime);
949
950 return i;
951}
952
953static void tty_write_unlock(struct tty_struct *tty)
954{
955 mutex_unlock(&tty->atomic_write_lock);
956 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
957}
958
959static int tty_write_lock(struct tty_struct *tty, int ndelay)
960{
961 if (!mutex_trylock(&tty->atomic_write_lock)) {
962 if (ndelay)
963 return -EAGAIN;
964 if (mutex_lock_interruptible(&tty->atomic_write_lock))
965 return -ERESTARTSYS;
966 }
967 return 0;
968}
969
970/*
971 * Split writes up in sane blocksizes to avoid
972 * denial-of-service type attacks
973 */
974static inline ssize_t do_tty_write(
975 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
976 struct tty_struct *tty,
977 struct file *file,
978 struct iov_iter *from)
979{
980 size_t count = iov_iter_count(from);
981 ssize_t ret, written = 0;
982 unsigned int chunk;
983
984 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
985 if (ret < 0)
986 return ret;
987
988 /*
989 * We chunk up writes into a temporary buffer. This
990 * simplifies low-level drivers immensely, since they
991 * don't have locking issues and user mode accesses.
992 *
993 * But if TTY_NO_WRITE_SPLIT is set, we should use a
994 * big chunk-size..
995 *
996 * The default chunk-size is 2kB, because the NTTY
997 * layer has problems with bigger chunks. It will
998 * claim to be able to handle more characters than
999 * it actually does.
1000 *
1001 * FIXME: This can probably go away now except that 64K chunks
1002 * are too likely to fail unless switched to vmalloc...
1003 */
1004 chunk = 2048;
1005 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1006 chunk = 65536;
1007 if (count < chunk)
1008 chunk = count;
1009
1010 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1011 if (tty->write_cnt < chunk) {
1012 unsigned char *buf_chunk;
1013
1014 if (chunk < 1024)
1015 chunk = 1024;
1016
1017 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1018 if (!buf_chunk) {
1019 ret = -ENOMEM;
1020 goto out;
1021 }
1022 kfree(tty->write_buf);
1023 tty->write_cnt = chunk;
1024 tty->write_buf = buf_chunk;
1025 }
1026
1027 /* Do the write .. */
1028 for (;;) {
1029 size_t size = count;
1030
1031 if (size > chunk)
1032 size = chunk;
1033
1034 ret = -EFAULT;
1035 if (copy_from_iter(tty->write_buf, size, from) != size)
1036 break;
1037
1038 ret = write(tty, file, tty->write_buf, size);
1039 if (ret <= 0)
1040 break;
1041
1042 written += ret;
1043 if (ret > size)
1044 break;
1045
1046 /* FIXME! Have Al check this! */
1047 if (ret != size)
1048 iov_iter_revert(from, size-ret);
1049
1050 count -= ret;
1051 if (!count)
1052 break;
1053 ret = -ERESTARTSYS;
1054 if (signal_pending(current))
1055 break;
1056 cond_resched();
1057 }
1058 if (written) {
1059 tty_update_time(&file_inode(file)->i_mtime);
1060 ret = written;
1061 }
1062out:
1063 tty_write_unlock(tty);
1064 return ret;
1065}
1066
1067/**
1068 * tty_write_message - write a message to a certain tty, not just the console.
1069 * @tty: the destination tty_struct
1070 * @msg: the message to write
1071 *
1072 * This is used for messages that need to be redirected to a specific tty.
1073 * We don't put it into the syslog queue right now maybe in the future if
1074 * really needed.
1075 *
1076 * We must still hold the BTM and test the CLOSING flag for the moment.
1077 */
1078
1079void tty_write_message(struct tty_struct *tty, char *msg)
1080{
1081 if (tty) {
1082 mutex_lock(&tty->atomic_write_lock);
1083 tty_lock(tty);
1084 if (tty->ops->write && tty->count > 0)
1085 tty->ops->write(tty, msg, strlen(msg));
1086 tty_unlock(tty);
1087 tty_write_unlock(tty);
1088 }
1089}
1090
1091static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1092{
1093 struct tty_struct *tty = file_tty(file);
1094 struct tty_ldisc *ld;
1095 ssize_t ret;
1096
1097 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1098 return -EIO;
1099 if (!tty || !tty->ops->write || tty_io_error(tty))
1100 return -EIO;
1101 /* Short term debug to catch buggy drivers */
1102 if (tty->ops->write_room == NULL)
1103 tty_err(tty, "missing write_room method\n");
1104 ld = tty_ldisc_ref_wait(tty);
1105 if (!ld)
1106 return hung_up_tty_write(iocb, from);
1107 if (!ld->ops->write)
1108 ret = -EIO;
1109 else
1110 ret = do_tty_write(ld->ops->write, tty, file, from);
1111 tty_ldisc_deref(ld);
1112 return ret;
1113}
1114
1115/**
1116 * tty_write - write method for tty device file
1117 * @iocb: kernel I/O control block
1118 * @from: iov_iter with data to write
1119 *
1120 * Write data to a tty device via the line discipline.
1121 *
1122 * Locking:
1123 * Locks the line discipline as required
1124 * Writes to the tty driver are serialized by the atomic_write_lock
1125 * and are then processed in chunks to the device. The line
1126 * discipline write method will not be invoked in parallel for
1127 * each device.
1128 */
1129static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1130{
1131 return file_tty_write(iocb->ki_filp, iocb, from);
1132}
1133
1134ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1135{
1136 struct file *p = NULL;
1137
1138 spin_lock(&redirect_lock);
1139 if (redirect)
1140 p = get_file(redirect);
1141 spin_unlock(&redirect_lock);
1142
1143 /*
1144 * We know the redirected tty is just another tty, we can
1145 * call file_tty_write() directly with that file pointer.
1146 */
1147 if (p) {
1148 ssize_t res;
1149
1150 res = file_tty_write(p, iocb, iter);
1151 fput(p);
1152 return res;
1153 }
1154 return tty_write(iocb, iter);
1155}
1156
1157/*
1158 * tty_send_xchar - send priority character
1159 *
1160 * Send a high priority character to the tty even if stopped
1161 *
1162 * Locking: none for xchar method, write ordering for write method.
1163 */
1164
1165int tty_send_xchar(struct tty_struct *tty, char ch)
1166{
1167 bool was_stopped = tty->flow.stopped;
1168
1169 if (tty->ops->send_xchar) {
1170 down_read(&tty->termios_rwsem);
1171 tty->ops->send_xchar(tty, ch);
1172 up_read(&tty->termios_rwsem);
1173 return 0;
1174 }
1175
1176 if (tty_write_lock(tty, 0) < 0)
1177 return -ERESTARTSYS;
1178
1179 down_read(&tty->termios_rwsem);
1180 if (was_stopped)
1181 start_tty(tty);
1182 tty->ops->write(tty, &ch, 1);
1183 if (was_stopped)
1184 stop_tty(tty);
1185 up_read(&tty->termios_rwsem);
1186 tty_write_unlock(tty);
1187 return 0;
1188}
1189
1190/**
1191 * pty_line_name - generate name for a pty
1192 * @driver: the tty driver in use
1193 * @index: the minor number
1194 * @p: output buffer of at least 6 bytes
1195 *
1196 * Generate a name from a driver reference and write it to the output
1197 * buffer.
1198 *
1199 * Locking: None
1200 */
1201static void pty_line_name(struct tty_driver *driver, int index, char *p)
1202{
1203 static const char ptychar[] = "pqrstuvwxyzabcde";
1204 int i = index + driver->name_base;
1205 /* ->name is initialized to "ttyp", but "tty" is expected */
1206 sprintf(p, "%s%c%x",
1207 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1208 ptychar[i >> 4 & 0xf], i & 0xf);
1209}
1210
1211/**
1212 * tty_line_name - generate name for a tty
1213 * @driver: the tty driver in use
1214 * @index: the minor number
1215 * @p: output buffer of at least 7 bytes
1216 *
1217 * Generate a name from a driver reference and write it to the output
1218 * buffer.
1219 *
1220 * Locking: None
1221 */
1222static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1223{
1224 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1225 return sprintf(p, "%s", driver->name);
1226 else
1227 return sprintf(p, "%s%d", driver->name,
1228 index + driver->name_base);
1229}
1230
1231/**
1232 * tty_driver_lookup_tty() - find an existing tty, if any
1233 * @driver: the driver for the tty
1234 * @file: file object
1235 * @idx: the minor number
1236 *
1237 * Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1238 * driver lookup() method returns an error.
1239 *
1240 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1241 */
1242static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1243 struct file *file, int idx)
1244{
1245 struct tty_struct *tty;
1246
1247 if (driver->ops->lookup)
1248 if (!file)
1249 tty = ERR_PTR(-EIO);
1250 else
1251 tty = driver->ops->lookup(driver, file, idx);
1252 else
1253 tty = driver->ttys[idx];
1254
1255 if (!IS_ERR(tty))
1256 tty_kref_get(tty);
1257 return tty;
1258}
1259
1260/**
1261 * tty_init_termios - helper for termios setup
1262 * @tty: the tty to set up
1263 *
1264 * Initialise the termios structure for this tty. This runs under
1265 * the tty_mutex currently so we can be relaxed about ordering.
1266 */
1267
1268void tty_init_termios(struct tty_struct *tty)
1269{
1270 struct ktermios *tp;
1271 int idx = tty->index;
1272
1273 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1274 tty->termios = tty->driver->init_termios;
1275 else {
1276 /* Check for lazy saved data */
1277 tp = tty->driver->termios[idx];
1278 if (tp != NULL) {
1279 tty->termios = *tp;
1280 tty->termios.c_line = tty->driver->init_termios.c_line;
1281 } else
1282 tty->termios = tty->driver->init_termios;
1283 }
1284 /* Compatibility until drivers always set this */
1285 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1286 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1287}
1288EXPORT_SYMBOL_GPL(tty_init_termios);
1289
1290int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1291{
1292 tty_init_termios(tty);
1293 tty_driver_kref_get(driver);
1294 tty->count++;
1295 driver->ttys[tty->index] = tty;
1296 return 0;
1297}
1298EXPORT_SYMBOL_GPL(tty_standard_install);
1299
1300/**
1301 * tty_driver_install_tty() - install a tty entry in the driver
1302 * @driver: the driver for the tty
1303 * @tty: the tty
1304 *
1305 * Install a tty object into the driver tables. The tty->index field
1306 * will be set by the time this is called. This method is responsible
1307 * for ensuring any need additional structures are allocated and
1308 * configured.
1309 *
1310 * Locking: tty_mutex for now
1311 */
1312static int tty_driver_install_tty(struct tty_driver *driver,
1313 struct tty_struct *tty)
1314{
1315 return driver->ops->install ? driver->ops->install(driver, tty) :
1316 tty_standard_install(driver, tty);
1317}
1318
1319/**
1320 * tty_driver_remove_tty() - remove a tty from the driver tables
1321 * @driver: the driver for the tty
1322 * @tty: tty to remove
1323 *
1324 * Remvoe a tty object from the driver tables. The tty->index field
1325 * will be set by the time this is called.
1326 *
1327 * Locking: tty_mutex for now
1328 */
1329static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1330{
1331 if (driver->ops->remove)
1332 driver->ops->remove(driver, tty);
1333 else
1334 driver->ttys[tty->index] = NULL;
1335}
1336
1337/**
1338 * tty_reopen() - fast re-open of an open tty
1339 * @tty: the tty to open
1340 *
1341 * Return 0 on success, -errno on error.
1342 * Re-opens on master ptys are not allowed and return -EIO.
1343 *
1344 * Locking: Caller must hold tty_lock
1345 */
1346static int tty_reopen(struct tty_struct *tty)
1347{
1348 struct tty_driver *driver = tty->driver;
1349 struct tty_ldisc *ld;
1350 int retval = 0;
1351
1352 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1353 driver->subtype == PTY_TYPE_MASTER)
1354 return -EIO;
1355
1356 if (!tty->count)
1357 return -EAGAIN;
1358
1359 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1360 return -EBUSY;
1361
1362 ld = tty_ldisc_ref_wait(tty);
1363 if (ld) {
1364 tty_ldisc_deref(ld);
1365 } else {
1366 retval = tty_ldisc_lock(tty, 5 * HZ);
1367 if (retval)
1368 return retval;
1369
1370 if (!tty->ldisc)
1371 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1372 tty_ldisc_unlock(tty);
1373 }
1374
1375 if (retval == 0)
1376 tty->count++;
1377
1378 return retval;
1379}
1380
1381/**
1382 * tty_init_dev - initialise a tty device
1383 * @driver: tty driver we are opening a device on
1384 * @idx: device index
1385 *
1386 * Prepare a tty device. This may not be a "new" clean device but
1387 * could also be an active device. The pty drivers require special
1388 * handling because of this.
1389 *
1390 * Locking:
1391 * The function is called under the tty_mutex, which
1392 * protects us from the tty struct or driver itself going away.
1393 *
1394 * On exit the tty device has the line discipline attached and
1395 * a reference count of 1. If a pair was created for pty/tty use
1396 * and the other was a pty master then it too has a reference count of 1.
1397 *
1398 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1399 * failed open. The new code protects the open with a mutex, so it's
1400 * really quite straightforward. The mutex locking can probably be
1401 * relaxed for the (most common) case of reopening a tty.
1402 *
1403 * Return: returned tty structure
1404 */
1405
1406struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1407{
1408 struct tty_struct *tty;
1409 int retval;
1410
1411 /*
1412 * First time open is complex, especially for PTY devices.
1413 * This code guarantees that either everything succeeds and the
1414 * TTY is ready for operation, or else the table slots are vacated
1415 * and the allocated memory released. (Except that the termios
1416 * may be retained.)
1417 */
1418
1419 if (!try_module_get(driver->owner))
1420 return ERR_PTR(-ENODEV);
1421
1422 tty = alloc_tty_struct(driver, idx);
1423 if (!tty) {
1424 retval = -ENOMEM;
1425 goto err_module_put;
1426 }
1427
1428 tty_lock(tty);
1429 retval = tty_driver_install_tty(driver, tty);
1430 if (retval < 0)
1431 goto err_free_tty;
1432
1433 if (!tty->port)
1434 tty->port = driver->ports[idx];
1435
1436 if (WARN_RATELIMIT(!tty->port,
1437 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1438 __func__, tty->driver->name)) {
1439 retval = -EINVAL;
1440 goto err_release_lock;
1441 }
1442
1443 retval = tty_ldisc_lock(tty, 5 * HZ);
1444 if (retval)
1445 goto err_release_lock;
1446 tty->port->itty = tty;
1447
1448 /*
1449 * Structures all installed ... call the ldisc open routines.
1450 * If we fail here just call release_tty to clean up. No need
1451 * to decrement the use counts, as release_tty doesn't care.
1452 */
1453 retval = tty_ldisc_setup(tty, tty->link);
1454 if (retval)
1455 goto err_release_tty;
1456 tty_ldisc_unlock(tty);
1457 /* Return the tty locked so that it cannot vanish under the caller */
1458 return tty;
1459
1460err_free_tty:
1461 tty_unlock(tty);
1462 free_tty_struct(tty);
1463err_module_put:
1464 module_put(driver->owner);
1465 return ERR_PTR(retval);
1466
1467 /* call the tty release_tty routine to clean out this slot */
1468err_release_tty:
1469 tty_ldisc_unlock(tty);
1470 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1471 retval, idx);
1472err_release_lock:
1473 tty_unlock(tty);
1474 release_tty(tty, idx);
1475 return ERR_PTR(retval);
1476}
1477
1478/**
1479 * tty_save_termios() - save tty termios data in driver table
1480 * @tty: tty whose termios data to save
1481 *
1482 * Locking: Caller guarantees serialisation with tty_init_termios().
1483 */
1484void tty_save_termios(struct tty_struct *tty)
1485{
1486 struct ktermios *tp;
1487 int idx = tty->index;
1488
1489 /* If the port is going to reset then it has no termios to save */
1490 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1491 return;
1492
1493 /* Stash the termios data */
1494 tp = tty->driver->termios[idx];
1495 if (tp == NULL) {
1496 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1497 if (tp == NULL)
1498 return;
1499 tty->driver->termios[idx] = tp;
1500 }
1501 *tp = tty->termios;
1502}
1503EXPORT_SYMBOL_GPL(tty_save_termios);
1504
1505/**
1506 * tty_flush_works - flush all works of a tty/pty pair
1507 * @tty: tty device to flush works for (or either end of a pty pair)
1508 *
1509 * Sync flush all works belonging to @tty (and the 'other' tty).
1510 */
1511static void tty_flush_works(struct tty_struct *tty)
1512{
1513 flush_work(&tty->SAK_work);
1514 flush_work(&tty->hangup_work);
1515 if (tty->link) {
1516 flush_work(&tty->link->SAK_work);
1517 flush_work(&tty->link->hangup_work);
1518 }
1519}
1520
1521/**
1522 * release_one_tty - release tty structure memory
1523 * @work: work of tty we are obliterating
1524 *
1525 * Releases memory associated with a tty structure, and clears out the
1526 * driver table slots. This function is called when a device is no longer
1527 * in use. It also gets called when setup of a device fails.
1528 *
1529 * Locking:
1530 * takes the file list lock internally when working on the list
1531 * of ttys that the driver keeps.
1532 *
1533 * This method gets called from a work queue so that the driver private
1534 * cleanup ops can sleep (needed for USB at least)
1535 */
1536static void release_one_tty(struct work_struct *work)
1537{
1538 struct tty_struct *tty =
1539 container_of(work, struct tty_struct, hangup_work);
1540 struct tty_driver *driver = tty->driver;
1541 struct module *owner = driver->owner;
1542
1543 if (tty->ops->cleanup)
1544 tty->ops->cleanup(tty);
1545
1546 tty->magic = 0;
1547 tty_driver_kref_put(driver);
1548 module_put(owner);
1549
1550 spin_lock(&tty->files_lock);
1551 list_del_init(&tty->tty_files);
1552 spin_unlock(&tty->files_lock);
1553
1554 put_pid(tty->ctrl.pgrp);
1555 put_pid(tty->ctrl.session);
1556 free_tty_struct(tty);
1557}
1558
1559static void queue_release_one_tty(struct kref *kref)
1560{
1561 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1562
1563 /* The hangup queue is now free so we can reuse it rather than
1564 * waste a chunk of memory for each port.
1565 */
1566 INIT_WORK(&tty->hangup_work, release_one_tty);
1567 schedule_work(&tty->hangup_work);
1568}
1569
1570/**
1571 * tty_kref_put - release a tty kref
1572 * @tty: tty device
1573 *
1574 * Release a reference to a tty device and if need be let the kref
1575 * layer destruct the object for us
1576 */
1577
1578void tty_kref_put(struct tty_struct *tty)
1579{
1580 if (tty)
1581 kref_put(&tty->kref, queue_release_one_tty);
1582}
1583EXPORT_SYMBOL(tty_kref_put);
1584
1585/**
1586 * release_tty - release tty structure memory
1587 * @tty: tty device release
1588 * @idx: index of the tty device release
1589 *
1590 * Release both @tty and a possible linked partner (think pty pair),
1591 * and decrement the refcount of the backing module.
1592 *
1593 * Locking:
1594 * tty_mutex
1595 * takes the file list lock internally when working on the list
1596 * of ttys that the driver keeps.
1597 *
1598 */
1599static void release_tty(struct tty_struct *tty, int idx)
1600{
1601 /* This should always be true but check for the moment */
1602 WARN_ON(tty->index != idx);
1603 WARN_ON(!mutex_is_locked(&tty_mutex));
1604 if (tty->ops->shutdown)
1605 tty->ops->shutdown(tty);
1606 tty_save_termios(tty);
1607 tty_driver_remove_tty(tty->driver, tty);
1608 if (tty->port)
1609 tty->port->itty = NULL;
1610 if (tty->link)
1611 tty->link->port->itty = NULL;
1612 if (tty->port)
1613 tty_buffer_cancel_work(tty->port);
1614 if (tty->link)
1615 tty_buffer_cancel_work(tty->link->port);
1616
1617 tty_kref_put(tty->link);
1618 tty_kref_put(tty);
1619}
1620
1621/**
1622 * tty_release_checks - check a tty before real release
1623 * @tty: tty to check
1624 * @idx: index of the tty
1625 *
1626 * Performs some paranoid checking before true release of the @tty.
1627 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1628 */
1629static int tty_release_checks(struct tty_struct *tty, int idx)
1630{
1631#ifdef TTY_PARANOIA_CHECK
1632 if (idx < 0 || idx >= tty->driver->num) {
1633 tty_debug(tty, "bad idx %d\n", idx);
1634 return -1;
1635 }
1636
1637 /* not much to check for devpts */
1638 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1639 return 0;
1640
1641 if (tty != tty->driver->ttys[idx]) {
1642 tty_debug(tty, "bad driver table[%d] = %p\n",
1643 idx, tty->driver->ttys[idx]);
1644 return -1;
1645 }
1646 if (tty->driver->other) {
1647 struct tty_struct *o_tty = tty->link;
1648
1649 if (o_tty != tty->driver->other->ttys[idx]) {
1650 tty_debug(tty, "bad other table[%d] = %p\n",
1651 idx, tty->driver->other->ttys[idx]);
1652 return -1;
1653 }
1654 if (o_tty->link != tty) {
1655 tty_debug(tty, "bad link = %p\n", o_tty->link);
1656 return -1;
1657 }
1658 }
1659#endif
1660 return 0;
1661}
1662
1663/**
1664 * tty_kclose - closes tty opened by tty_kopen
1665 * @tty: tty device
1666 *
1667 * Performs the final steps to release and free a tty device. It is the
1668 * same as tty_release_struct except that it also resets TTY_PORT_KOPENED
1669 * flag on tty->port.
1670 */
1671void tty_kclose(struct tty_struct *tty)
1672{
1673 /*
1674 * Ask the line discipline code to release its structures
1675 */
1676 tty_ldisc_release(tty);
1677
1678 /* Wait for pending work before tty destruction commmences */
1679 tty_flush_works(tty);
1680
1681 tty_debug_hangup(tty, "freeing structure\n");
1682 /*
1683 * The release_tty function takes care of the details of clearing
1684 * the slots and preserving the termios structure.
1685 */
1686 mutex_lock(&tty_mutex);
1687 tty_port_set_kopened(tty->port, 0);
1688 release_tty(tty, tty->index);
1689 mutex_unlock(&tty_mutex);
1690}
1691EXPORT_SYMBOL_GPL(tty_kclose);
1692
1693/**
1694 * tty_release_struct - release a tty struct
1695 * @tty: tty device
1696 * @idx: index of the tty
1697 *
1698 * Performs the final steps to release and free a tty device. It is
1699 * roughly the reverse of tty_init_dev.
1700 */
1701void tty_release_struct(struct tty_struct *tty, int idx)
1702{
1703 /*
1704 * Ask the line discipline code to release its structures
1705 */
1706 tty_ldisc_release(tty);
1707
1708 /* Wait for pending work before tty destruction commmences */
1709 tty_flush_works(tty);
1710
1711 tty_debug_hangup(tty, "freeing structure\n");
1712 /*
1713 * The release_tty function takes care of the details of clearing
1714 * the slots and preserving the termios structure.
1715 */
1716 mutex_lock(&tty_mutex);
1717 release_tty(tty, idx);
1718 mutex_unlock(&tty_mutex);
1719}
1720EXPORT_SYMBOL_GPL(tty_release_struct);
1721
1722/**
1723 * tty_release - vfs callback for close
1724 * @inode: inode of tty
1725 * @filp: file pointer for handle to tty
1726 *
1727 * Called the last time each file handle is closed that references
1728 * this tty. There may however be several such references.
1729 *
1730 * Locking:
1731 * Takes bkl. See tty_release_dev
1732 *
1733 * Even releasing the tty structures is a tricky business.. We have
1734 * to be very careful that the structures are all released at the
1735 * same time, as interrupts might otherwise get the wrong pointers.
1736 *
1737 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1738 * lead to double frees or releasing memory still in use.
1739 */
1740
1741int tty_release(struct inode *inode, struct file *filp)
1742{
1743 struct tty_struct *tty = file_tty(filp);
1744 struct tty_struct *o_tty = NULL;
1745 int do_sleep, final;
1746 int idx;
1747 long timeout = 0;
1748 int once = 1;
1749
1750 if (tty_paranoia_check(tty, inode, __func__))
1751 return 0;
1752
1753 tty_lock(tty);
1754 check_tty_count(tty, __func__);
1755
1756 __tty_fasync(-1, filp, 0);
1757
1758 idx = tty->index;
1759 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1760 tty->driver->subtype == PTY_TYPE_MASTER)
1761 o_tty = tty->link;
1762
1763 if (tty_release_checks(tty, idx)) {
1764 tty_unlock(tty);
1765 return 0;
1766 }
1767
1768 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1769
1770 if (tty->ops->close)
1771 tty->ops->close(tty, filp);
1772
1773 /* If tty is pty master, lock the slave pty (stable lock order) */
1774 tty_lock_slave(o_tty);
1775
1776 /*
1777 * Sanity check: if tty->count is going to zero, there shouldn't be
1778 * any waiters on tty->read_wait or tty->write_wait. We test the
1779 * wait queues and kick everyone out _before_ actually starting to
1780 * close. This ensures that we won't block while releasing the tty
1781 * structure.
1782 *
1783 * The test for the o_tty closing is necessary, since the master and
1784 * slave sides may close in any order. If the slave side closes out
1785 * first, its count will be one, since the master side holds an open.
1786 * Thus this test wouldn't be triggered at the time the slave closed,
1787 * so we do it now.
1788 */
1789 while (1) {
1790 do_sleep = 0;
1791
1792 if (tty->count <= 1) {
1793 if (waitqueue_active(&tty->read_wait)) {
1794 wake_up_poll(&tty->read_wait, EPOLLIN);
1795 do_sleep++;
1796 }
1797 if (waitqueue_active(&tty->write_wait)) {
1798 wake_up_poll(&tty->write_wait, EPOLLOUT);
1799 do_sleep++;
1800 }
1801 }
1802 if (o_tty && o_tty->count <= 1) {
1803 if (waitqueue_active(&o_tty->read_wait)) {
1804 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1805 do_sleep++;
1806 }
1807 if (waitqueue_active(&o_tty->write_wait)) {
1808 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1809 do_sleep++;
1810 }
1811 }
1812 if (!do_sleep)
1813 break;
1814
1815 if (once) {
1816 once = 0;
1817 tty_warn(tty, "read/write wait queue active!\n");
1818 }
1819 schedule_timeout_killable(timeout);
1820 if (timeout < 120 * HZ)
1821 timeout = 2 * timeout + 1;
1822 else
1823 timeout = MAX_SCHEDULE_TIMEOUT;
1824 }
1825
1826 if (o_tty) {
1827 if (--o_tty->count < 0) {
1828 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1829 o_tty->count = 0;
1830 }
1831 }
1832 if (--tty->count < 0) {
1833 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1834 tty->count = 0;
1835 }
1836
1837 /*
1838 * We've decremented tty->count, so we need to remove this file
1839 * descriptor off the tty->tty_files list; this serves two
1840 * purposes:
1841 * - check_tty_count sees the correct number of file descriptors
1842 * associated with this tty.
1843 * - do_tty_hangup no longer sees this file descriptor as
1844 * something that needs to be handled for hangups.
1845 */
1846 tty_del_file(filp);
1847
1848 /*
1849 * Perform some housekeeping before deciding whether to return.
1850 *
1851 * If _either_ side is closing, make sure there aren't any
1852 * processes that still think tty or o_tty is their controlling
1853 * tty.
1854 */
1855 if (!tty->count) {
1856 read_lock(&tasklist_lock);
1857 session_clear_tty(tty->ctrl.session);
1858 if (o_tty)
1859 session_clear_tty(o_tty->ctrl.session);
1860 read_unlock(&tasklist_lock);
1861 }
1862
1863 /* check whether both sides are closing ... */
1864 final = !tty->count && !(o_tty && o_tty->count);
1865
1866 tty_unlock_slave(o_tty);
1867 tty_unlock(tty);
1868
1869 /* At this point, the tty->count == 0 should ensure a dead tty
1870 * cannot be re-opened by a racing opener.
1871 */
1872
1873 if (!final)
1874 return 0;
1875
1876 tty_debug_hangup(tty, "final close\n");
1877
1878 tty_release_struct(tty, idx);
1879 return 0;
1880}
1881
1882/**
1883 * tty_open_current_tty - get locked tty of current task
1884 * @device: device number
1885 * @filp: file pointer to tty
1886 * @return: locked tty of the current task iff @device is /dev/tty
1887 *
1888 * Performs a re-open of the current task's controlling tty.
1889 *
1890 * We cannot return driver and index like for the other nodes because
1891 * devpts will not work then. It expects inodes to be from devpts FS.
1892 */
1893static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1894{
1895 struct tty_struct *tty;
1896 int retval;
1897
1898 if (device != MKDEV(TTYAUX_MAJOR, 0))
1899 return NULL;
1900
1901 tty = get_current_tty();
1902 if (!tty)
1903 return ERR_PTR(-ENXIO);
1904
1905 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1906 /* noctty = 1; */
1907 tty_lock(tty);
1908 tty_kref_put(tty); /* safe to drop the kref now */
1909
1910 retval = tty_reopen(tty);
1911 if (retval < 0) {
1912 tty_unlock(tty);
1913 tty = ERR_PTR(retval);
1914 }
1915 return tty;
1916}
1917
1918/**
1919 * tty_lookup_driver - lookup a tty driver for a given device file
1920 * @device: device number
1921 * @filp: file pointer to tty
1922 * @index: index for the device in the @return driver
1923 * @return: driver for this inode (with increased refcount)
1924 *
1925 * If @return is not erroneous, the caller is responsible to decrement the
1926 * refcount by tty_driver_kref_put.
1927 *
1928 * Locking: tty_mutex protects get_tty_driver
1929 */
1930static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1931 int *index)
1932{
1933 struct tty_driver *driver = NULL;
1934
1935 switch (device) {
1936#ifdef CONFIG_VT
1937 case MKDEV(TTY_MAJOR, 0): {
1938 extern struct tty_driver *console_driver;
1939
1940 driver = tty_driver_kref_get(console_driver);
1941 *index = fg_console;
1942 break;
1943 }
1944#endif
1945 case MKDEV(TTYAUX_MAJOR, 1): {
1946 struct tty_driver *console_driver = console_device(index);
1947
1948 if (console_driver) {
1949 driver = tty_driver_kref_get(console_driver);
1950 if (driver && filp) {
1951 /* Don't let /dev/console block */
1952 filp->f_flags |= O_NONBLOCK;
1953 break;
1954 }
1955 }
1956 if (driver)
1957 tty_driver_kref_put(driver);
1958 return ERR_PTR(-ENODEV);
1959 }
1960 default:
1961 driver = get_tty_driver(device, index);
1962 if (!driver)
1963 return ERR_PTR(-ENODEV);
1964 break;
1965 }
1966 return driver;
1967}
1968
1969static struct tty_struct *tty_kopen(dev_t device, int shared)
1970{
1971 struct tty_struct *tty;
1972 struct tty_driver *driver;
1973 int index = -1;
1974
1975 mutex_lock(&tty_mutex);
1976 driver = tty_lookup_driver(device, NULL, &index);
1977 if (IS_ERR(driver)) {
1978 mutex_unlock(&tty_mutex);
1979 return ERR_CAST(driver);
1980 }
1981
1982 /* check whether we're reopening an existing tty */
1983 tty = tty_driver_lookup_tty(driver, NULL, index);
1984 if (IS_ERR(tty) || shared)
1985 goto out;
1986
1987 if (tty) {
1988 /* drop kref from tty_driver_lookup_tty() */
1989 tty_kref_put(tty);
1990 tty = ERR_PTR(-EBUSY);
1991 } else { /* tty_init_dev returns tty with the tty_lock held */
1992 tty = tty_init_dev(driver, index);
1993 if (IS_ERR(tty))
1994 goto out;
1995 tty_port_set_kopened(tty->port, 1);
1996 }
1997out:
1998 mutex_unlock(&tty_mutex);
1999 tty_driver_kref_put(driver);
2000 return tty;
2001}
2002
2003/**
2004 * tty_kopen_exclusive - open a tty device for kernel
2005 * @device: dev_t of device to open
2006 *
2007 * Opens tty exclusively for kernel. Performs the driver lookup,
2008 * makes sure it's not already opened and performs the first-time
2009 * tty initialization.
2010 *
2011 * Returns the locked initialized &tty_struct
2012 *
2013 * Claims the global tty_mutex to serialize:
2014 * - concurrent first-time tty initialization
2015 * - concurrent tty driver removal w/ lookup
2016 * - concurrent tty removal from driver table
2017 */
2018struct tty_struct *tty_kopen_exclusive(dev_t device)
2019{
2020 return tty_kopen(device, 0);
2021}
2022EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2023
2024/**
2025 * tty_kopen_shared - open a tty device for shared in-kernel use
2026 * @device: dev_t of device to open
2027 *
2028 * Opens an already existing tty for in-kernel use. Compared to
2029 * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2030 *
2031 * Locking is identical to tty_kopen() above.
2032 */
2033struct tty_struct *tty_kopen_shared(dev_t device)
2034{
2035 return tty_kopen(device, 1);
2036}
2037EXPORT_SYMBOL_GPL(tty_kopen_shared);
2038
2039/**
2040 * tty_open_by_driver - open a tty device
2041 * @device: dev_t of device to open
2042 * @filp: file pointer to tty
2043 *
2044 * Performs the driver lookup, checks for a reopen, or otherwise
2045 * performs the first-time tty initialization.
2046 *
2047 * Returns the locked initialized or re-opened &tty_struct
2048 *
2049 * Claims the global tty_mutex to serialize:
2050 * - concurrent first-time tty initialization
2051 * - concurrent tty driver removal w/ lookup
2052 * - concurrent tty removal from driver table
2053 */
2054static struct tty_struct *tty_open_by_driver(dev_t device,
2055 struct file *filp)
2056{
2057 struct tty_struct *tty;
2058 struct tty_driver *driver = NULL;
2059 int index = -1;
2060 int retval;
2061
2062 mutex_lock(&tty_mutex);
2063 driver = tty_lookup_driver(device, filp, &index);
2064 if (IS_ERR(driver)) {
2065 mutex_unlock(&tty_mutex);
2066 return ERR_CAST(driver);
2067 }
2068
2069 /* check whether we're reopening an existing tty */
2070 tty = tty_driver_lookup_tty(driver, filp, index);
2071 if (IS_ERR(tty)) {
2072 mutex_unlock(&tty_mutex);
2073 goto out;
2074 }
2075
2076 if (tty) {
2077 if (tty_port_kopened(tty->port)) {
2078 tty_kref_put(tty);
2079 mutex_unlock(&tty_mutex);
2080 tty = ERR_PTR(-EBUSY);
2081 goto out;
2082 }
2083 mutex_unlock(&tty_mutex);
2084 retval = tty_lock_interruptible(tty);
2085 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2086 if (retval) {
2087 if (retval == -EINTR)
2088 retval = -ERESTARTSYS;
2089 tty = ERR_PTR(retval);
2090 goto out;
2091 }
2092 retval = tty_reopen(tty);
2093 if (retval < 0) {
2094 tty_unlock(tty);
2095 tty = ERR_PTR(retval);
2096 }
2097 } else { /* Returns with the tty_lock held for now */
2098 tty = tty_init_dev(driver, index);
2099 mutex_unlock(&tty_mutex);
2100 }
2101out:
2102 tty_driver_kref_put(driver);
2103 return tty;
2104}
2105
2106/**
2107 * tty_open - open a tty device
2108 * @inode: inode of device file
2109 * @filp: file pointer to tty
2110 *
2111 * tty_open and tty_release keep up the tty count that contains the
2112 * number of opens done on a tty. We cannot use the inode-count, as
2113 * different inodes might point to the same tty.
2114 *
2115 * Open-counting is needed for pty masters, as well as for keeping
2116 * track of serial lines: DTR is dropped when the last close happens.
2117 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2118 *
2119 * The termios state of a pty is reset on first open so that
2120 * settings don't persist across reuse.
2121 *
2122 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2123 * tty->count should protect the rest.
2124 * ->siglock protects ->signal/->sighand
2125 *
2126 * Note: the tty_unlock/lock cases without a ref are only safe due to
2127 * tty_mutex
2128 */
2129
2130static int tty_open(struct inode *inode, struct file *filp)
2131{
2132 struct tty_struct *tty;
2133 int noctty, retval;
2134 dev_t device = inode->i_rdev;
2135 unsigned saved_flags = filp->f_flags;
2136
2137 nonseekable_open(inode, filp);
2138
2139retry_open:
2140 retval = tty_alloc_file(filp);
2141 if (retval)
2142 return -ENOMEM;
2143
2144 tty = tty_open_current_tty(device, filp);
2145 if (!tty)
2146 tty = tty_open_by_driver(device, filp);
2147
2148 if (IS_ERR(tty)) {
2149 tty_free_file(filp);
2150 retval = PTR_ERR(tty);
2151 if (retval != -EAGAIN || signal_pending(current))
2152 return retval;
2153 schedule();
2154 goto retry_open;
2155 }
2156
2157 tty_add_file(tty, filp);
2158
2159 check_tty_count(tty, __func__);
2160 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2161
2162 if (tty->ops->open)
2163 retval = tty->ops->open(tty, filp);
2164 else
2165 retval = -ENODEV;
2166 filp->f_flags = saved_flags;
2167
2168 if (retval) {
2169 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2170
2171 tty_unlock(tty); /* need to call tty_release without BTM */
2172 tty_release(inode, filp);
2173 if (retval != -ERESTARTSYS)
2174 return retval;
2175
2176 if (signal_pending(current))
2177 return retval;
2178
2179 schedule();
2180 /*
2181 * Need to reset f_op in case a hangup happened.
2182 */
2183 if (tty_hung_up_p(filp))
2184 filp->f_op = &tty_fops;
2185 goto retry_open;
2186 }
2187 clear_bit(TTY_HUPPED, &tty->flags);
2188
2189 noctty = (filp->f_flags & O_NOCTTY) ||
2190 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2191 device == MKDEV(TTYAUX_MAJOR, 1) ||
2192 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2193 tty->driver->subtype == PTY_TYPE_MASTER);
2194 if (!noctty)
2195 tty_open_proc_set_tty(filp, tty);
2196 tty_unlock(tty);
2197 return 0;
2198}
2199
2200
2201
2202/**
2203 * tty_poll - check tty status
2204 * @filp: file being polled
2205 * @wait: poll wait structures to update
2206 *
2207 * Call the line discipline polling method to obtain the poll
2208 * status of the device.
2209 *
2210 * Locking: locks called line discipline but ldisc poll method
2211 * may be re-entered freely by other callers.
2212 */
2213
2214static __poll_t tty_poll(struct file *filp, poll_table *wait)
2215{
2216 struct tty_struct *tty = file_tty(filp);
2217 struct tty_ldisc *ld;
2218 __poll_t ret = 0;
2219
2220 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2221 return 0;
2222
2223 ld = tty_ldisc_ref_wait(tty);
2224 if (!ld)
2225 return hung_up_tty_poll(filp, wait);
2226 if (ld->ops->poll)
2227 ret = ld->ops->poll(tty, filp, wait);
2228 tty_ldisc_deref(ld);
2229 return ret;
2230}
2231
2232static int __tty_fasync(int fd, struct file *filp, int on)
2233{
2234 struct tty_struct *tty = file_tty(filp);
2235 unsigned long flags;
2236 int retval = 0;
2237
2238 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2239 goto out;
2240
2241 retval = fasync_helper(fd, filp, on, &tty->fasync);
2242 if (retval <= 0)
2243 goto out;
2244
2245 if (on) {
2246 enum pid_type type;
2247 struct pid *pid;
2248
2249 spin_lock_irqsave(&tty->ctrl.lock, flags);
2250 if (tty->ctrl.pgrp) {
2251 pid = tty->ctrl.pgrp;
2252 type = PIDTYPE_PGID;
2253 } else {
2254 pid = task_pid(current);
2255 type = PIDTYPE_TGID;
2256 }
2257 get_pid(pid);
2258 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2259 __f_setown(filp, pid, type, 0);
2260 put_pid(pid);
2261 retval = 0;
2262 }
2263out:
2264 return retval;
2265}
2266
2267static int tty_fasync(int fd, struct file *filp, int on)
2268{
2269 struct tty_struct *tty = file_tty(filp);
2270 int retval = -ENOTTY;
2271
2272 tty_lock(tty);
2273 if (!tty_hung_up_p(filp))
2274 retval = __tty_fasync(fd, filp, on);
2275 tty_unlock(tty);
2276
2277 return retval;
2278}
2279
2280/**
2281 * tiocsti - fake input character
2282 * @tty: tty to fake input into
2283 * @p: pointer to character
2284 *
2285 * Fake input to a tty device. Does the necessary locking and
2286 * input management.
2287 *
2288 * FIXME: does not honour flow control ??
2289 *
2290 * Locking:
2291 * Called functions take tty_ldiscs_lock
2292 * current->signal->tty check is safe without locks
2293 */
2294
2295static int tiocsti(struct tty_struct *tty, char __user *p)
2296{
2297 char ch, mbz = 0;
2298 struct tty_ldisc *ld;
2299
2300 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2301 return -EPERM;
2302 if (get_user(ch, p))
2303 return -EFAULT;
2304 tty_audit_tiocsti(tty, ch);
2305 ld = tty_ldisc_ref_wait(tty);
2306 if (!ld)
2307 return -EIO;
2308 tty_buffer_lock_exclusive(tty->port);
2309 if (ld->ops->receive_buf)
2310 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2311 tty_buffer_unlock_exclusive(tty->port);
2312 tty_ldisc_deref(ld);
2313 return 0;
2314}
2315
2316/**
2317 * tiocgwinsz - implement window query ioctl
2318 * @tty: tty
2319 * @arg: user buffer for result
2320 *
2321 * Copies the kernel idea of the window size into the user buffer.
2322 *
2323 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2324 * is consistent.
2325 */
2326
2327static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2328{
2329 int err;
2330
2331 mutex_lock(&tty->winsize_mutex);
2332 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2333 mutex_unlock(&tty->winsize_mutex);
2334
2335 return err ? -EFAULT : 0;
2336}
2337
2338/**
2339 * tty_do_resize - resize event
2340 * @tty: tty being resized
2341 * @ws: new dimensions
2342 *
2343 * Update the termios variables and send the necessary signals to
2344 * peform a terminal resize correctly
2345 */
2346
2347int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2348{
2349 struct pid *pgrp;
2350
2351 /* Lock the tty */
2352 mutex_lock(&tty->winsize_mutex);
2353 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2354 goto done;
2355
2356 /* Signal the foreground process group */
2357 pgrp = tty_get_pgrp(tty);
2358 if (pgrp)
2359 kill_pgrp(pgrp, SIGWINCH, 1);
2360 put_pid(pgrp);
2361
2362 tty->winsize = *ws;
2363done:
2364 mutex_unlock(&tty->winsize_mutex);
2365 return 0;
2366}
2367EXPORT_SYMBOL(tty_do_resize);
2368
2369/**
2370 * tiocswinsz - implement window size set ioctl
2371 * @tty: tty side of tty
2372 * @arg: user buffer for result
2373 *
2374 * Copies the user idea of the window size to the kernel. Traditionally
2375 * this is just advisory information but for the Linux console it
2376 * actually has driver level meaning and triggers a VC resize.
2377 *
2378 * Locking:
2379 * Driver dependent. The default do_resize method takes the
2380 * tty termios mutex and ctrl.lock. The console takes its own lock
2381 * then calls into the default method.
2382 */
2383
2384static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2385{
2386 struct winsize tmp_ws;
2387
2388 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2389 return -EFAULT;
2390
2391 if (tty->ops->resize)
2392 return tty->ops->resize(tty, &tmp_ws);
2393 else
2394 return tty_do_resize(tty, &tmp_ws);
2395}
2396
2397/**
2398 * tioccons - allow admin to move logical console
2399 * @file: the file to become console
2400 *
2401 * Allow the administrator to move the redirected console device
2402 *
2403 * Locking: uses redirect_lock to guard the redirect information
2404 */
2405
2406static int tioccons(struct file *file)
2407{
2408 if (!capable(CAP_SYS_ADMIN))
2409 return -EPERM;
2410 if (file->f_op->write_iter == redirected_tty_write) {
2411 struct file *f;
2412
2413 spin_lock(&redirect_lock);
2414 f = redirect;
2415 redirect = NULL;
2416 spin_unlock(&redirect_lock);
2417 if (f)
2418 fput(f);
2419 return 0;
2420 }
2421 if (file->f_op->write_iter != tty_write)
2422 return -ENOTTY;
2423 if (!(file->f_mode & FMODE_WRITE))
2424 return -EBADF;
2425 if (!(file->f_mode & FMODE_CAN_WRITE))
2426 return -EINVAL;
2427 spin_lock(&redirect_lock);
2428 if (redirect) {
2429 spin_unlock(&redirect_lock);
2430 return -EBUSY;
2431 }
2432 redirect = get_file(file);
2433 spin_unlock(&redirect_lock);
2434 return 0;
2435}
2436
2437/**
2438 * tiocsetd - set line discipline
2439 * @tty: tty device
2440 * @p: pointer to user data
2441 *
2442 * Set the line discipline according to user request.
2443 *
2444 * Locking: see tty_set_ldisc, this function is just a helper
2445 */
2446
2447static int tiocsetd(struct tty_struct *tty, int __user *p)
2448{
2449 int disc;
2450 int ret;
2451
2452 if (get_user(disc, p))
2453 return -EFAULT;
2454
2455 ret = tty_set_ldisc(tty, disc);
2456
2457 return ret;
2458}
2459
2460/**
2461 * tiocgetd - get line discipline
2462 * @tty: tty device
2463 * @p: pointer to user data
2464 *
2465 * Retrieves the line discipline id directly from the ldisc.
2466 *
2467 * Locking: waits for ldisc reference (in case the line discipline
2468 * is changing or the tty is being hungup)
2469 */
2470
2471static int tiocgetd(struct tty_struct *tty, int __user *p)
2472{
2473 struct tty_ldisc *ld;
2474 int ret;
2475
2476 ld = tty_ldisc_ref_wait(tty);
2477 if (!ld)
2478 return -EIO;
2479 ret = put_user(ld->ops->num, p);
2480 tty_ldisc_deref(ld);
2481 return ret;
2482}
2483
2484/**
2485 * send_break - performed time break
2486 * @tty: device to break on
2487 * @duration: timeout in mS
2488 *
2489 * Perform a timed break on hardware that lacks its own driver level
2490 * timed break functionality.
2491 *
2492 * Locking:
2493 * atomic_write_lock serializes
2494 *
2495 */
2496
2497static int send_break(struct tty_struct *tty, unsigned int duration)
2498{
2499 int retval;
2500
2501 if (tty->ops->break_ctl == NULL)
2502 return 0;
2503
2504 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2505 retval = tty->ops->break_ctl(tty, duration);
2506 else {
2507 /* Do the work ourselves */
2508 if (tty_write_lock(tty, 0) < 0)
2509 return -EINTR;
2510 retval = tty->ops->break_ctl(tty, -1);
2511 if (retval)
2512 goto out;
2513 if (!signal_pending(current))
2514 msleep_interruptible(duration);
2515 retval = tty->ops->break_ctl(tty, 0);
2516out:
2517 tty_write_unlock(tty);
2518 if (signal_pending(current))
2519 retval = -EINTR;
2520 }
2521 return retval;
2522}
2523
2524/**
2525 * tty_tiocmget - get modem status
2526 * @tty: tty device
2527 * @p: pointer to result
2528 *
2529 * Obtain the modem status bits from the tty driver if the feature
2530 * is supported. Return -ENOTTY if it is not available.
2531 *
2532 * Locking: none (up to the driver)
2533 */
2534
2535static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2536{
2537 int retval = -ENOTTY;
2538
2539 if (tty->ops->tiocmget) {
2540 retval = tty->ops->tiocmget(tty);
2541
2542 if (retval >= 0)
2543 retval = put_user(retval, p);
2544 }
2545 return retval;
2546}
2547
2548/**
2549 * tty_tiocmset - set modem status
2550 * @tty: tty device
2551 * @cmd: command - clear bits, set bits or set all
2552 * @p: pointer to desired bits
2553 *
2554 * Set the modem status bits from the tty driver if the feature
2555 * is supported. Return -ENOTTY if it is not available.
2556 *
2557 * Locking: none (up to the driver)
2558 */
2559
2560static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2561 unsigned __user *p)
2562{
2563 int retval;
2564 unsigned int set, clear, val;
2565
2566 if (tty->ops->tiocmset == NULL)
2567 return -ENOTTY;
2568
2569 retval = get_user(val, p);
2570 if (retval)
2571 return retval;
2572 set = clear = 0;
2573 switch (cmd) {
2574 case TIOCMBIS:
2575 set = val;
2576 break;
2577 case TIOCMBIC:
2578 clear = val;
2579 break;
2580 case TIOCMSET:
2581 set = val;
2582 clear = ~val;
2583 break;
2584 }
2585 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2586 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2587 return tty->ops->tiocmset(tty, set, clear);
2588}
2589
2590/**
2591 * tty_get_icount - get tty statistics
2592 * @tty: tty device
2593 * @icount: output parameter
2594 *
2595 * Gets a copy of the tty's icount statistics.
2596 *
2597 * Locking: none (up to the driver)
2598 */
2599int tty_get_icount(struct tty_struct *tty,
2600 struct serial_icounter_struct *icount)
2601{
2602 memset(icount, 0, sizeof(*icount));
2603
2604 if (tty->ops->get_icount)
2605 return tty->ops->get_icount(tty, icount);
2606 else
2607 return -ENOTTY;
2608}
2609EXPORT_SYMBOL_GPL(tty_get_icount);
2610
2611static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2612{
2613 struct serial_icounter_struct icount;
2614 int retval;
2615
2616 retval = tty_get_icount(tty, &icount);
2617 if (retval != 0)
2618 return retval;
2619
2620 if (copy_to_user(arg, &icount, sizeof(icount)))
2621 return -EFAULT;
2622 return 0;
2623}
2624
2625static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2626{
2627 char comm[TASK_COMM_LEN];
2628 int flags;
2629
2630 flags = ss->flags & ASYNC_DEPRECATED;
2631
2632 if (flags)
2633 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2634 __func__, get_task_comm(comm, current), flags);
2635
2636 if (!tty->ops->set_serial)
2637 return -ENOTTY;
2638
2639 return tty->ops->set_serial(tty, ss);
2640}
2641
2642static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2643{
2644 struct serial_struct v;
2645
2646 if (copy_from_user(&v, ss, sizeof(*ss)))
2647 return -EFAULT;
2648
2649 return tty_set_serial(tty, &v);
2650}
2651
2652static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2653{
2654 struct serial_struct v;
2655 int err;
2656
2657 memset(&v, 0, sizeof(v));
2658 if (!tty->ops->get_serial)
2659 return -ENOTTY;
2660 err = tty->ops->get_serial(tty, &v);
2661 if (!err && copy_to_user(ss, &v, sizeof(v)))
2662 err = -EFAULT;
2663 return err;
2664}
2665
2666/*
2667 * if pty, return the slave side (real_tty)
2668 * otherwise, return self
2669 */
2670static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2671{
2672 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2673 tty->driver->subtype == PTY_TYPE_MASTER)
2674 tty = tty->link;
2675 return tty;
2676}
2677
2678/*
2679 * Split this up, as gcc can choke on it otherwise..
2680 */
2681long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2682{
2683 struct tty_struct *tty = file_tty(file);
2684 struct tty_struct *real_tty;
2685 void __user *p = (void __user *)arg;
2686 int retval;
2687 struct tty_ldisc *ld;
2688
2689 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2690 return -EINVAL;
2691
2692 real_tty = tty_pair_get_tty(tty);
2693
2694 /*
2695 * Factor out some common prep work
2696 */
2697 switch (cmd) {
2698 case TIOCSETD:
2699 case TIOCSBRK:
2700 case TIOCCBRK:
2701 case TCSBRK:
2702 case TCSBRKP:
2703 retval = tty_check_change(tty);
2704 if (retval)
2705 return retval;
2706 if (cmd != TIOCCBRK) {
2707 tty_wait_until_sent(tty, 0);
2708 if (signal_pending(current))
2709 return -EINTR;
2710 }
2711 break;
2712 }
2713
2714 /*
2715 * Now do the stuff.
2716 */
2717 switch (cmd) {
2718 case TIOCSTI:
2719 return tiocsti(tty, p);
2720 case TIOCGWINSZ:
2721 return tiocgwinsz(real_tty, p);
2722 case TIOCSWINSZ:
2723 return tiocswinsz(real_tty, p);
2724 case TIOCCONS:
2725 return real_tty != tty ? -EINVAL : tioccons(file);
2726 case TIOCEXCL:
2727 set_bit(TTY_EXCLUSIVE, &tty->flags);
2728 return 0;
2729 case TIOCNXCL:
2730 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2731 return 0;
2732 case TIOCGEXCL:
2733 {
2734 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2735
2736 return put_user(excl, (int __user *)p);
2737 }
2738 case TIOCGETD:
2739 return tiocgetd(tty, p);
2740 case TIOCSETD:
2741 return tiocsetd(tty, p);
2742 case TIOCVHANGUP:
2743 if (!capable(CAP_SYS_ADMIN))
2744 return -EPERM;
2745 tty_vhangup(tty);
2746 return 0;
2747 case TIOCGDEV:
2748 {
2749 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2750
2751 return put_user(ret, (unsigned int __user *)p);
2752 }
2753 /*
2754 * Break handling
2755 */
2756 case TIOCSBRK: /* Turn break on, unconditionally */
2757 if (tty->ops->break_ctl)
2758 return tty->ops->break_ctl(tty, -1);
2759 return 0;
2760 case TIOCCBRK: /* Turn break off, unconditionally */
2761 if (tty->ops->break_ctl)
2762 return tty->ops->break_ctl(tty, 0);
2763 return 0;
2764 case TCSBRK: /* SVID version: non-zero arg --> no break */
2765 /* non-zero arg means wait for all output data
2766 * to be sent (performed above) but don't send break.
2767 * This is used by the tcdrain() termios function.
2768 */
2769 if (!arg)
2770 return send_break(tty, 250);
2771 return 0;
2772 case TCSBRKP: /* support for POSIX tcsendbreak() */
2773 return send_break(tty, arg ? arg*100 : 250);
2774
2775 case TIOCMGET:
2776 return tty_tiocmget(tty, p);
2777 case TIOCMSET:
2778 case TIOCMBIC:
2779 case TIOCMBIS:
2780 return tty_tiocmset(tty, cmd, p);
2781 case TIOCGICOUNT:
2782 return tty_tiocgicount(tty, p);
2783 case TCFLSH:
2784 switch (arg) {
2785 case TCIFLUSH:
2786 case TCIOFLUSH:
2787 /* flush tty buffer and allow ldisc to process ioctl */
2788 tty_buffer_flush(tty, NULL);
2789 break;
2790 }
2791 break;
2792 case TIOCSSERIAL:
2793 return tty_tiocsserial(tty, p);
2794 case TIOCGSERIAL:
2795 return tty_tiocgserial(tty, p);
2796 case TIOCGPTPEER:
2797 /* Special because the struct file is needed */
2798 return ptm_open_peer(file, tty, (int)arg);
2799 default:
2800 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2801 if (retval != -ENOIOCTLCMD)
2802 return retval;
2803 }
2804 if (tty->ops->ioctl) {
2805 retval = tty->ops->ioctl(tty, cmd, arg);
2806 if (retval != -ENOIOCTLCMD)
2807 return retval;
2808 }
2809 ld = tty_ldisc_ref_wait(tty);
2810 if (!ld)
2811 return hung_up_tty_ioctl(file, cmd, arg);
2812 retval = -EINVAL;
2813 if (ld->ops->ioctl) {
2814 retval = ld->ops->ioctl(tty, file, cmd, arg);
2815 if (retval == -ENOIOCTLCMD)
2816 retval = -ENOTTY;
2817 }
2818 tty_ldisc_deref(ld);
2819 return retval;
2820}
2821
2822#ifdef CONFIG_COMPAT
2823
2824struct serial_struct32 {
2825 compat_int_t type;
2826 compat_int_t line;
2827 compat_uint_t port;
2828 compat_int_t irq;
2829 compat_int_t flags;
2830 compat_int_t xmit_fifo_size;
2831 compat_int_t custom_divisor;
2832 compat_int_t baud_base;
2833 unsigned short close_delay;
2834 char io_type;
2835 char reserved_char;
2836 compat_int_t hub6;
2837 unsigned short closing_wait; /* time to wait before closing */
2838 unsigned short closing_wait2; /* no longer used... */
2839 compat_uint_t iomem_base;
2840 unsigned short iomem_reg_shift;
2841 unsigned int port_high;
2842 /* compat_ulong_t iomap_base FIXME */
2843 compat_int_t reserved;
2844};
2845
2846static int compat_tty_tiocsserial(struct tty_struct *tty,
2847 struct serial_struct32 __user *ss)
2848{
2849 struct serial_struct32 v32;
2850 struct serial_struct v;
2851
2852 if (copy_from_user(&v32, ss, sizeof(*ss)))
2853 return -EFAULT;
2854
2855 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2856 v.iomem_base = compat_ptr(v32.iomem_base);
2857 v.iomem_reg_shift = v32.iomem_reg_shift;
2858 v.port_high = v32.port_high;
2859 v.iomap_base = 0;
2860
2861 return tty_set_serial(tty, &v);
2862}
2863
2864static int compat_tty_tiocgserial(struct tty_struct *tty,
2865 struct serial_struct32 __user *ss)
2866{
2867 struct serial_struct32 v32;
2868 struct serial_struct v;
2869 int err;
2870
2871 memset(&v, 0, sizeof(v));
2872 memset(&v32, 0, sizeof(v32));
2873
2874 if (!tty->ops->get_serial)
2875 return -ENOTTY;
2876 err = tty->ops->get_serial(tty, &v);
2877 if (!err) {
2878 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2879 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2880 0xfffffff : ptr_to_compat(v.iomem_base);
2881 v32.iomem_reg_shift = v.iomem_reg_shift;
2882 v32.port_high = v.port_high;
2883 if (copy_to_user(ss, &v32, sizeof(v32)))
2884 err = -EFAULT;
2885 }
2886 return err;
2887}
2888static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2889 unsigned long arg)
2890{
2891 struct tty_struct *tty = file_tty(file);
2892 struct tty_ldisc *ld;
2893 int retval = -ENOIOCTLCMD;
2894
2895 switch (cmd) {
2896 case TIOCOUTQ:
2897 case TIOCSTI:
2898 case TIOCGWINSZ:
2899 case TIOCSWINSZ:
2900 case TIOCGEXCL:
2901 case TIOCGETD:
2902 case TIOCSETD:
2903 case TIOCGDEV:
2904 case TIOCMGET:
2905 case TIOCMSET:
2906 case TIOCMBIC:
2907 case TIOCMBIS:
2908 case TIOCGICOUNT:
2909 case TIOCGPGRP:
2910 case TIOCSPGRP:
2911 case TIOCGSID:
2912 case TIOCSERGETLSR:
2913 case TIOCGRS485:
2914 case TIOCSRS485:
2915#ifdef TIOCGETP
2916 case TIOCGETP:
2917 case TIOCSETP:
2918 case TIOCSETN:
2919#endif
2920#ifdef TIOCGETC
2921 case TIOCGETC:
2922 case TIOCSETC:
2923#endif
2924#ifdef TIOCGLTC
2925 case TIOCGLTC:
2926 case TIOCSLTC:
2927#endif
2928 case TCSETSF:
2929 case TCSETSW:
2930 case TCSETS:
2931 case TCGETS:
2932#ifdef TCGETS2
2933 case TCGETS2:
2934 case TCSETSF2:
2935 case TCSETSW2:
2936 case TCSETS2:
2937#endif
2938 case TCGETA:
2939 case TCSETAF:
2940 case TCSETAW:
2941 case TCSETA:
2942 case TIOCGLCKTRMIOS:
2943 case TIOCSLCKTRMIOS:
2944#ifdef TCGETX
2945 case TCGETX:
2946 case TCSETX:
2947 case TCSETXW:
2948 case TCSETXF:
2949#endif
2950 case TIOCGSOFTCAR:
2951 case TIOCSSOFTCAR:
2952
2953 case PPPIOCGCHAN:
2954 case PPPIOCGUNIT:
2955 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2956 case TIOCCONS:
2957 case TIOCEXCL:
2958 case TIOCNXCL:
2959 case TIOCVHANGUP:
2960 case TIOCSBRK:
2961 case TIOCCBRK:
2962 case TCSBRK:
2963 case TCSBRKP:
2964 case TCFLSH:
2965 case TIOCGPTPEER:
2966 case TIOCNOTTY:
2967 case TIOCSCTTY:
2968 case TCXONC:
2969 case TIOCMIWAIT:
2970 case TIOCSERCONFIG:
2971 return tty_ioctl(file, cmd, arg);
2972 }
2973
2974 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2975 return -EINVAL;
2976
2977 switch (cmd) {
2978 case TIOCSSERIAL:
2979 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2980 case TIOCGSERIAL:
2981 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2982 }
2983 if (tty->ops->compat_ioctl) {
2984 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2985 if (retval != -ENOIOCTLCMD)
2986 return retval;
2987 }
2988
2989 ld = tty_ldisc_ref_wait(tty);
2990 if (!ld)
2991 return hung_up_tty_compat_ioctl(file, cmd, arg);
2992 if (ld->ops->compat_ioctl)
2993 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2994 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2995 retval = ld->ops->ioctl(tty, file,
2996 (unsigned long)compat_ptr(cmd), arg);
2997 tty_ldisc_deref(ld);
2998
2999 return retval;
3000}
3001#endif
3002
3003static int this_tty(const void *t, struct file *file, unsigned fd)
3004{
3005 if (likely(file->f_op->read_iter != tty_read))
3006 return 0;
3007 return file_tty(file) != t ? 0 : fd + 1;
3008}
3009
3010/*
3011 * This implements the "Secure Attention Key" --- the idea is to
3012 * prevent trojan horses by killing all processes associated with this
3013 * tty when the user hits the "Secure Attention Key". Required for
3014 * super-paranoid applications --- see the Orange Book for more details.
3015 *
3016 * This code could be nicer; ideally it should send a HUP, wait a few
3017 * seconds, then send a INT, and then a KILL signal. But you then
3018 * have to coordinate with the init process, since all processes associated
3019 * with the current tty must be dead before the new getty is allowed
3020 * to spawn.
3021 *
3022 * Now, if it would be correct ;-/ The current code has a nasty hole -
3023 * it doesn't catch files in flight. We may send the descriptor to ourselves
3024 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3025 *
3026 * Nasty bug: do_SAK is being called in interrupt context. This can
3027 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3028 */
3029void __do_SAK(struct tty_struct *tty)
3030{
3031#ifdef TTY_SOFT_SAK
3032 tty_hangup(tty);
3033#else
3034 struct task_struct *g, *p;
3035 struct pid *session;
3036 int i;
3037 unsigned long flags;
3038
3039 if (!tty)
3040 return;
3041
3042 spin_lock_irqsave(&tty->ctrl.lock, flags);
3043 session = get_pid(tty->ctrl.session);
3044 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3045
3046 tty_ldisc_flush(tty);
3047
3048 tty_driver_flush_buffer(tty);
3049
3050 read_lock(&tasklist_lock);
3051 /* Kill the entire session */
3052 do_each_pid_task(session, PIDTYPE_SID, p) {
3053 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3054 task_pid_nr(p), p->comm);
3055 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3056 } while_each_pid_task(session, PIDTYPE_SID, p);
3057
3058 /* Now kill any processes that happen to have the tty open */
3059 do_each_thread(g, p) {
3060 if (p->signal->tty == tty) {
3061 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3062 task_pid_nr(p), p->comm);
3063 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3064 continue;
3065 }
3066 task_lock(p);
3067 i = iterate_fd(p->files, 0, this_tty, tty);
3068 if (i != 0) {
3069 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3070 task_pid_nr(p), p->comm, i - 1);
3071 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3072 }
3073 task_unlock(p);
3074 } while_each_thread(g, p);
3075 read_unlock(&tasklist_lock);
3076 put_pid(session);
3077#endif
3078}
3079
3080static void do_SAK_work(struct work_struct *work)
3081{
3082 struct tty_struct *tty =
3083 container_of(work, struct tty_struct, SAK_work);
3084 __do_SAK(tty);
3085}
3086
3087/*
3088 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3089 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3090 * the values which we write to it will be identical to the values which it
3091 * already has. --akpm
3092 */
3093void do_SAK(struct tty_struct *tty)
3094{
3095 if (!tty)
3096 return;
3097 schedule_work(&tty->SAK_work);
3098}
3099EXPORT_SYMBOL(do_SAK);
3100
3101/* Must put_device() after it's unused! */
3102static struct device *tty_get_device(struct tty_struct *tty)
3103{
3104 dev_t devt = tty_devnum(tty);
3105
3106 return class_find_device_by_devt(tty_class, devt);
3107}
3108
3109
3110/*
3111 * alloc_tty_struct
3112 *
3113 * This subroutine allocates and initializes a tty structure.
3114 *
3115 * Locking: none - tty in question is not exposed at this point
3116 */
3117
3118struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3119{
3120 struct tty_struct *tty;
3121
3122 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3123 if (!tty)
3124 return NULL;
3125
3126 kref_init(&tty->kref);
3127 tty->magic = TTY_MAGIC;
3128 if (tty_ldisc_init(tty)) {
3129 kfree(tty);
3130 return NULL;
3131 }
3132 tty->ctrl.session = NULL;
3133 tty->ctrl.pgrp = NULL;
3134 mutex_init(&tty->legacy_mutex);
3135 mutex_init(&tty->throttle_mutex);
3136 init_rwsem(&tty->termios_rwsem);
3137 mutex_init(&tty->winsize_mutex);
3138 init_ldsem(&tty->ldisc_sem);
3139 init_waitqueue_head(&tty->write_wait);
3140 init_waitqueue_head(&tty->read_wait);
3141 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3142 mutex_init(&tty->atomic_write_lock);
3143 spin_lock_init(&tty->ctrl.lock);
3144 spin_lock_init(&tty->flow.lock);
3145 spin_lock_init(&tty->files_lock);
3146 INIT_LIST_HEAD(&tty->tty_files);
3147 INIT_WORK(&tty->SAK_work, do_SAK_work);
3148
3149 tty->driver = driver;
3150 tty->ops = driver->ops;
3151 tty->index = idx;
3152 tty_line_name(driver, idx, tty->name);
3153 tty->dev = tty_get_device(tty);
3154
3155 return tty;
3156}
3157
3158/**
3159 * tty_put_char - write one character to a tty
3160 * @tty: tty
3161 * @ch: character
3162 *
3163 * Write one byte to the tty using the provided put_char method
3164 * if present. Returns the number of characters successfully output.
3165 *
3166 * Note: the specific put_char operation in the driver layer may go
3167 * away soon. Don't call it directly, use this method
3168 */
3169
3170int tty_put_char(struct tty_struct *tty, unsigned char ch)
3171{
3172 if (tty->ops->put_char)
3173 return tty->ops->put_char(tty, ch);
3174 return tty->ops->write(tty, &ch, 1);
3175}
3176EXPORT_SYMBOL_GPL(tty_put_char);
3177
3178struct class *tty_class;
3179
3180static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3181 unsigned int index, unsigned int count)
3182{
3183 int err;
3184
3185 /* init here, since reused cdevs cause crashes */
3186 driver->cdevs[index] = cdev_alloc();
3187 if (!driver->cdevs[index])
3188 return -ENOMEM;
3189 driver->cdevs[index]->ops = &tty_fops;
3190 driver->cdevs[index]->owner = driver->owner;
3191 err = cdev_add(driver->cdevs[index], dev, count);
3192 if (err)
3193 kobject_put(&driver->cdevs[index]->kobj);
3194 return err;
3195}
3196
3197/**
3198 * tty_register_device - register a tty device
3199 * @driver: the tty driver that describes the tty device
3200 * @index: the index in the tty driver for this tty device
3201 * @device: a struct device that is associated with this tty device.
3202 * This field is optional, if there is no known struct device
3203 * for this tty device it can be set to NULL safely.
3204 *
3205 * Returns a pointer to the struct device for this tty device
3206 * (or ERR_PTR(-EFOO) on error).
3207 *
3208 * This call is required to be made to register an individual tty device
3209 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3210 * that bit is not set, this function should not be called by a tty
3211 * driver.
3212 *
3213 * Locking: ??
3214 */
3215
3216struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3217 struct device *device)
3218{
3219 return tty_register_device_attr(driver, index, device, NULL, NULL);
3220}
3221EXPORT_SYMBOL(tty_register_device);
3222
3223static void tty_device_create_release(struct device *dev)
3224{
3225 dev_dbg(dev, "releasing...\n");
3226 kfree(dev);
3227}
3228
3229/**
3230 * tty_register_device_attr - register a tty device
3231 * @driver: the tty driver that describes the tty device
3232 * @index: the index in the tty driver for this tty device
3233 * @device: a struct device that is associated with this tty device.
3234 * This field is optional, if there is no known struct device
3235 * for this tty device it can be set to NULL safely.
3236 * @drvdata: Driver data to be set to device.
3237 * @attr_grp: Attribute group to be set on device.
3238 *
3239 * Returns a pointer to the struct device for this tty device
3240 * (or ERR_PTR(-EFOO) on error).
3241 *
3242 * This call is required to be made to register an individual tty device
3243 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3244 * that bit is not set, this function should not be called by a tty
3245 * driver.
3246 *
3247 * Locking: ??
3248 */
3249struct device *tty_register_device_attr(struct tty_driver *driver,
3250 unsigned index, struct device *device,
3251 void *drvdata,
3252 const struct attribute_group **attr_grp)
3253{
3254 char name[64];
3255 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3256 struct ktermios *tp;
3257 struct device *dev;
3258 int retval;
3259
3260 if (index >= driver->num) {
3261 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3262 driver->name, index);
3263 return ERR_PTR(-EINVAL);
3264 }
3265
3266 if (driver->type == TTY_DRIVER_TYPE_PTY)
3267 pty_line_name(driver, index, name);
3268 else
3269 tty_line_name(driver, index, name);
3270
3271 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3272 if (!dev)
3273 return ERR_PTR(-ENOMEM);
3274
3275 dev->devt = devt;
3276 dev->class = tty_class;
3277 dev->parent = device;
3278 dev->release = tty_device_create_release;
3279 dev_set_name(dev, "%s", name);
3280 dev->groups = attr_grp;
3281 dev_set_drvdata(dev, drvdata);
3282
3283 dev_set_uevent_suppress(dev, 1);
3284
3285 retval = device_register(dev);
3286 if (retval)
3287 goto err_put;
3288
3289 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3290 /*
3291 * Free any saved termios data so that the termios state is
3292 * reset when reusing a minor number.
3293 */
3294 tp = driver->termios[index];
3295 if (tp) {
3296 driver->termios[index] = NULL;
3297 kfree(tp);
3298 }
3299
3300 retval = tty_cdev_add(driver, devt, index, 1);
3301 if (retval)
3302 goto err_del;
3303 }
3304
3305 dev_set_uevent_suppress(dev, 0);
3306 kobject_uevent(&dev->kobj, KOBJ_ADD);
3307
3308 return dev;
3309
3310err_del:
3311 device_del(dev);
3312err_put:
3313 put_device(dev);
3314
3315 return ERR_PTR(retval);
3316}
3317EXPORT_SYMBOL_GPL(tty_register_device_attr);
3318
3319/**
3320 * tty_unregister_device - unregister a tty device
3321 * @driver: the tty driver that describes the tty device
3322 * @index: the index in the tty driver for this tty device
3323 *
3324 * If a tty device is registered with a call to tty_register_device() then
3325 * this function must be called when the tty device is gone.
3326 *
3327 * Locking: ??
3328 */
3329
3330void tty_unregister_device(struct tty_driver *driver, unsigned index)
3331{
3332 device_destroy(tty_class,
3333 MKDEV(driver->major, driver->minor_start) + index);
3334 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3335 cdev_del(driver->cdevs[index]);
3336 driver->cdevs[index] = NULL;
3337 }
3338}
3339EXPORT_SYMBOL(tty_unregister_device);
3340
3341/**
3342 * __tty_alloc_driver -- allocate tty driver
3343 * @lines: count of lines this driver can handle at most
3344 * @owner: module which is responsible for this driver
3345 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3346 *
3347 * This should not be called directly, some of the provided macros should be
3348 * used instead. Use IS_ERR and friends on @retval.
3349 */
3350struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3351 unsigned long flags)
3352{
3353 struct tty_driver *driver;
3354 unsigned int cdevs = 1;
3355 int err;
3356
3357 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3358 return ERR_PTR(-EINVAL);
3359
3360 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3361 if (!driver)
3362 return ERR_PTR(-ENOMEM);
3363
3364 kref_init(&driver->kref);
3365 driver->magic = TTY_DRIVER_MAGIC;
3366 driver->num = lines;
3367 driver->owner = owner;
3368 driver->flags = flags;
3369
3370 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3371 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3372 GFP_KERNEL);
3373 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3374 GFP_KERNEL);
3375 if (!driver->ttys || !driver->termios) {
3376 err = -ENOMEM;
3377 goto err_free_all;
3378 }
3379 }
3380
3381 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3382 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3383 GFP_KERNEL);
3384 if (!driver->ports) {
3385 err = -ENOMEM;
3386 goto err_free_all;
3387 }
3388 cdevs = lines;
3389 }
3390
3391 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3392 if (!driver->cdevs) {
3393 err = -ENOMEM;
3394 goto err_free_all;
3395 }
3396
3397 return driver;
3398err_free_all:
3399 kfree(driver->ports);
3400 kfree(driver->ttys);
3401 kfree(driver->termios);
3402 kfree(driver->cdevs);
3403 kfree(driver);
3404 return ERR_PTR(err);
3405}
3406EXPORT_SYMBOL(__tty_alloc_driver);
3407
3408static void destruct_tty_driver(struct kref *kref)
3409{
3410 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3411 int i;
3412 struct ktermios *tp;
3413
3414 if (driver->flags & TTY_DRIVER_INSTALLED) {
3415 for (i = 0; i < driver->num; i++) {
3416 tp = driver->termios[i];
3417 if (tp) {
3418 driver->termios[i] = NULL;
3419 kfree(tp);
3420 }
3421 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3422 tty_unregister_device(driver, i);
3423 }
3424 proc_tty_unregister_driver(driver);
3425 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3426 cdev_del(driver->cdevs[0]);
3427 }
3428 kfree(driver->cdevs);
3429 kfree(driver->ports);
3430 kfree(driver->termios);
3431 kfree(driver->ttys);
3432 kfree(driver);
3433}
3434
3435void tty_driver_kref_put(struct tty_driver *driver)
3436{
3437 kref_put(&driver->kref, destruct_tty_driver);
3438}
3439EXPORT_SYMBOL(tty_driver_kref_put);
3440
3441void tty_set_operations(struct tty_driver *driver,
3442 const struct tty_operations *op)
3443{
3444 driver->ops = op;
3445};
3446EXPORT_SYMBOL(tty_set_operations);
3447
3448void put_tty_driver(struct tty_driver *d)
3449{
3450 tty_driver_kref_put(d);
3451}
3452EXPORT_SYMBOL(put_tty_driver);
3453
3454/*
3455 * Called by a tty driver to register itself.
3456 */
3457int tty_register_driver(struct tty_driver *driver)
3458{
3459 int error;
3460 int i;
3461 dev_t dev;
3462 struct device *d;
3463
3464 if (!driver->major) {
3465 error = alloc_chrdev_region(&dev, driver->minor_start,
3466 driver->num, driver->name);
3467 if (!error) {
3468 driver->major = MAJOR(dev);
3469 driver->minor_start = MINOR(dev);
3470 }
3471 } else {
3472 dev = MKDEV(driver->major, driver->minor_start);
3473 error = register_chrdev_region(dev, driver->num, driver->name);
3474 }
3475 if (error < 0)
3476 goto err;
3477
3478 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3479 error = tty_cdev_add(driver, dev, 0, driver->num);
3480 if (error)
3481 goto err_unreg_char;
3482 }
3483
3484 mutex_lock(&tty_mutex);
3485 list_add(&driver->tty_drivers, &tty_drivers);
3486 mutex_unlock(&tty_mutex);
3487
3488 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3489 for (i = 0; i < driver->num; i++) {
3490 d = tty_register_device(driver, i, NULL);
3491 if (IS_ERR(d)) {
3492 error = PTR_ERR(d);
3493 goto err_unreg_devs;
3494 }
3495 }
3496 }
3497 proc_tty_register_driver(driver);
3498 driver->flags |= TTY_DRIVER_INSTALLED;
3499 return 0;
3500
3501err_unreg_devs:
3502 for (i--; i >= 0; i--)
3503 tty_unregister_device(driver, i);
3504
3505 mutex_lock(&tty_mutex);
3506 list_del(&driver->tty_drivers);
3507 mutex_unlock(&tty_mutex);
3508
3509err_unreg_char:
3510 unregister_chrdev_region(dev, driver->num);
3511err:
3512 return error;
3513}
3514EXPORT_SYMBOL(tty_register_driver);
3515
3516/*
3517 * Called by a tty driver to unregister itself.
3518 */
3519void tty_unregister_driver(struct tty_driver *driver)
3520{
3521 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3522 driver->num);
3523 mutex_lock(&tty_mutex);
3524 list_del(&driver->tty_drivers);
3525 mutex_unlock(&tty_mutex);
3526}
3527EXPORT_SYMBOL(tty_unregister_driver);
3528
3529dev_t tty_devnum(struct tty_struct *tty)
3530{
3531 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3532}
3533EXPORT_SYMBOL(tty_devnum);
3534
3535void tty_default_fops(struct file_operations *fops)
3536{
3537 *fops = tty_fops;
3538}
3539
3540static char *tty_devnode(struct device *dev, umode_t *mode)
3541{
3542 if (!mode)
3543 return NULL;
3544 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3545 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3546 *mode = 0666;
3547 return NULL;
3548}
3549
3550static int __init tty_class_init(void)
3551{
3552 tty_class = class_create(THIS_MODULE, "tty");
3553 if (IS_ERR(tty_class))
3554 return PTR_ERR(tty_class);
3555 tty_class->devnode = tty_devnode;
3556 return 0;
3557}
3558
3559postcore_initcall(tty_class_init);
3560
3561/* 3/2004 jmc: why do these devices exist? */
3562static struct cdev tty_cdev, console_cdev;
3563
3564static ssize_t show_cons_active(struct device *dev,
3565 struct device_attribute *attr, char *buf)
3566{
3567 struct console *cs[16];
3568 int i = 0;
3569 struct console *c;
3570 ssize_t count = 0;
3571
3572 console_lock();
3573 for_each_console(c) {
3574 if (!c->device)
3575 continue;
3576 if (!c->write)
3577 continue;
3578 if ((c->flags & CON_ENABLED) == 0)
3579 continue;
3580 cs[i++] = c;
3581 if (i >= ARRAY_SIZE(cs))
3582 break;
3583 }
3584 while (i--) {
3585 int index = cs[i]->index;
3586 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3587
3588 /* don't resolve tty0 as some programs depend on it */
3589 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3590 count += tty_line_name(drv, index, buf + count);
3591 else
3592 count += sprintf(buf + count, "%s%d",
3593 cs[i]->name, cs[i]->index);
3594
3595 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3596 }
3597 console_unlock();
3598
3599 return count;
3600}
3601static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3602
3603static struct attribute *cons_dev_attrs[] = {
3604 &dev_attr_active.attr,
3605 NULL
3606};
3607
3608ATTRIBUTE_GROUPS(cons_dev);
3609
3610static struct device *consdev;
3611
3612void console_sysfs_notify(void)
3613{
3614 if (consdev)
3615 sysfs_notify(&consdev->kobj, NULL, "active");
3616}
3617
3618/*
3619 * Ok, now we can initialize the rest of the tty devices and can count
3620 * on memory allocations, interrupts etc..
3621 */
3622int __init tty_init(void)
3623{
3624 tty_sysctl_init();
3625 cdev_init(&tty_cdev, &tty_fops);
3626 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3627 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3628 panic("Couldn't register /dev/tty driver\n");
3629 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3630
3631 cdev_init(&console_cdev, &console_fops);
3632 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3633 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3634 panic("Couldn't register /dev/console driver\n");
3635 consdev = device_create_with_groups(tty_class, NULL,
3636 MKDEV(TTYAUX_MAJOR, 1), NULL,
3637 cons_dev_groups, "console");
3638 if (IS_ERR(consdev))
3639 consdev = NULL;
3640
3641#ifdef CONFIG_VT
3642 vty_init(&console_fops);
3643#endif
3644 return 0;
3645}
3646