projects / deliverable / linux.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
tty: Replace open-coded tty_get_pgrp()
[deliverable/linux.git] / drivers / tty / tty_io.c
... / ...
CommitLineData
1/*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5/*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67#include <linux/types.h>
68#include <linux/major.h>
69#include <linux/errno.h>
70#include <linux/signal.h>
71#include <linux/fcntl.h>
72#include <linux/sched.h>
73#include <linux/interrupt.h>
74#include <linux/tty.h>
75#include <linux/tty_driver.h>
76#include <linux/tty_flip.h>
77#include <linux/devpts_fs.h>
78#include <linux/file.h>
79#include <linux/fdtable.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/device.h>
92#include <linux/wait.h>
93#include <linux/bitops.h>
94#include <linux/delay.h>
95#include <linux/seq_file.h>
96#include <linux/serial.h>
97#include <linux/ratelimit.h>
98
99#include <linux/uaccess.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
104
105#include <linux/kmod.h>
106#include <linux/nsproxy.h>
107
108#undef TTY_DEBUG_HANGUP
109
110#define TTY_PARANOIA_CHECK 1
111#define CHECK_TTY_COUNT 1
112
113struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
122};
123
124EXPORT_SYMBOL(tty_std_termios);
125
126/* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
129
130LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132/* Mutex to protect creating and releasing a tty. This is shared with
133 vt.c for deeply disgusting hack reasons */
134DEFINE_MUTEX(tty_mutex);
135EXPORT_SYMBOL(tty_mutex);
136
137/* Spinlock to protect the tty->tty_files list */
138DEFINE_SPINLOCK(tty_files_lock);
139
140static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
144static unsigned int tty_poll(struct file *, poll_table *);
145static int tty_open(struct inode *, struct file *);
146long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147#ifdef CONFIG_COMPAT
148static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 unsigned long arg);
150#else
151#define tty_compat_ioctl NULL
152#endif
153static int __tty_fasync(int fd, struct file *filp, int on);
154static int tty_fasync(int fd, struct file *filp, int on);
155static void release_tty(struct tty_struct *tty, int idx);
156
157/**
158 * free_tty_struct - free a disused tty
159 * @tty: tty struct to free
160 *
161 * Free the write buffers, tty queue and tty memory itself.
162 *
163 * Locking: none. Must be called after tty is definitely unused
164 */
165
166void free_tty_struct(struct tty_struct *tty)
167{
168 if (!tty)
169 return;
170 if (tty->dev)
171 put_device(tty->dev);
172 kfree(tty->write_buf);
173 tty->magic = 0xDEADDEAD;
174 kfree(tty);
175}
176
177static inline struct tty_struct *file_tty(struct file *file)
178{
179 return ((struct tty_file_private *)file->private_data)->tty;
180}
181
182int tty_alloc_file(struct file *file)
183{
184 struct tty_file_private *priv;
185
186 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 if (!priv)
188 return -ENOMEM;
189
190 file->private_data = priv;
191
192 return 0;
193}
194
195/* Associate a new file with the tty structure */
196void tty_add_file(struct tty_struct *tty, struct file *file)
197{
198 struct tty_file_private *priv = file->private_data;
199
200 priv->tty = tty;
201 priv->file = file;
202
203 spin_lock(&tty_files_lock);
204 list_add(&priv->list, &tty->tty_files);
205 spin_unlock(&tty_files_lock);
206}
207
208/**
209 * tty_free_file - free file->private_data
210 *
211 * This shall be used only for fail path handling when tty_add_file was not
212 * called yet.
213 */
214void tty_free_file(struct file *file)
215{
216 struct tty_file_private *priv = file->private_data;
217
218 file->private_data = NULL;
219 kfree(priv);
220}
221
222/* Delete file from its tty */
223static void tty_del_file(struct file *file)
224{
225 struct tty_file_private *priv = file->private_data;
226
227 spin_lock(&tty_files_lock);
228 list_del(&priv->list);
229 spin_unlock(&tty_files_lock);
230 tty_free_file(file);
231}
232
233
234#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
235
236/**
237 * tty_name - return tty naming
238 * @tty: tty structure
239 * @buf: buffer for output
240 *
241 * Convert a tty structure into a name. The name reflects the kernel
242 * naming policy and if udev is in use may not reflect user space
243 *
244 * Locking: none
245 */
246
247char *tty_name(struct tty_struct *tty, char *buf)
248{
249 if (!tty) /* Hmm. NULL pointer. That's fun. */
250 strcpy(buf, "NULL tty");
251 else
252 strcpy(buf, tty->name);
253 return buf;
254}
255
256EXPORT_SYMBOL(tty_name);
257
258int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
259 const char *routine)
260{
261#ifdef TTY_PARANOIA_CHECK
262 if (!tty) {
263 printk(KERN_WARNING
264 "null TTY for (%d:%d) in %s\n",
265 imajor(inode), iminor(inode), routine);
266 return 1;
267 }
268 if (tty->magic != TTY_MAGIC) {
269 printk(KERN_WARNING
270 "bad magic number for tty struct (%d:%d) in %s\n",
271 imajor(inode), iminor(inode), routine);
272 return 1;
273 }
274#endif
275 return 0;
276}
277
278static int check_tty_count(struct tty_struct *tty, const char *routine)
279{
280#ifdef CHECK_TTY_COUNT
281 struct list_head *p;
282 int count = 0;
283
284 spin_lock(&tty_files_lock);
285 list_for_each(p, &tty->tty_files) {
286 count++;
287 }
288 spin_unlock(&tty_files_lock);
289 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
290 tty->driver->subtype == PTY_TYPE_SLAVE &&
291 tty->link && tty->link->count)
292 count++;
293 if (tty->count != count) {
294 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
295 "!= #fd's(%d) in %s\n",
296 tty->name, tty->count, count, routine);
297 return count;
298 }
299#endif
300 return 0;
301}
302
303/**
304 * get_tty_driver - find device of a tty
305 * @dev_t: device identifier
306 * @index: returns the index of the tty
307 *
308 * This routine returns a tty driver structure, given a device number
309 * and also passes back the index number.
310 *
311 * Locking: caller must hold tty_mutex
312 */
313
314static struct tty_driver *get_tty_driver(dev_t device, int *index)
315{
316 struct tty_driver *p;
317
318 list_for_each_entry(p, &tty_drivers, tty_drivers) {
319 dev_t base = MKDEV(p->major, p->minor_start);
320 if (device < base || device >= base + p->num)
321 continue;
322 *index = device - base;
323 return tty_driver_kref_get(p);
324 }
325 return NULL;
326}
327
328#ifdef CONFIG_CONSOLE_POLL
329
330/**
331 * tty_find_polling_driver - find device of a polled tty
332 * @name: name string to match
333 * @line: pointer to resulting tty line nr
334 *
335 * This routine returns a tty driver structure, given a name
336 * and the condition that the tty driver is capable of polled
337 * operation.
338 */
339struct tty_driver *tty_find_polling_driver(char *name, int *line)
340{
341 struct tty_driver *p, *res = NULL;
342 int tty_line = 0;
343 int len;
344 char *str, *stp;
345
346 for (str = name; *str; str++)
347 if ((*str >= '0' && *str <= '9') || *str == ',')
348 break;
349 if (!*str)
350 return NULL;
351
352 len = str - name;
353 tty_line = simple_strtoul(str, &str, 10);
354
355 mutex_lock(&tty_mutex);
356 /* Search through the tty devices to look for a match */
357 list_for_each_entry(p, &tty_drivers, tty_drivers) {
358 if (strncmp(name, p->name, len) != 0)
359 continue;
360 stp = str;
361 if (*stp == ',')
362 stp++;
363 if (*stp == '\0')
364 stp = NULL;
365
366 if (tty_line >= 0 && tty_line < p->num && p->ops &&
367 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
368 res = tty_driver_kref_get(p);
369 *line = tty_line;
370 break;
371 }
372 }
373 mutex_unlock(&tty_mutex);
374
375 return res;
376}
377EXPORT_SYMBOL_GPL(tty_find_polling_driver);
378#endif
379
380/**
381 * tty_check_change - check for POSIX terminal changes
382 * @tty: tty to check
383 *
384 * If we try to write to, or set the state of, a terminal and we're
385 * not in the foreground, send a SIGTTOU. If the signal is blocked or
386 * ignored, go ahead and perform the operation. (POSIX 7.2)
387 *
388 * Locking: ctrl_lock
389 */
390
391int tty_check_change(struct tty_struct *tty)
392{
393 unsigned long flags;
394 int ret = 0;
395
396 if (current->signal->tty != tty)
397 return 0;
398
399 spin_lock_irqsave(&tty->ctrl_lock, flags);
400
401 if (!tty->pgrp) {
402 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
403 goto out_unlock;
404 }
405 if (task_pgrp(current) == tty->pgrp)
406 goto out_unlock;
407 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
408 if (is_ignored(SIGTTOU))
409 goto out;
410 if (is_current_pgrp_orphaned()) {
411 ret = -EIO;
412 goto out;
413 }
414 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
415 set_thread_flag(TIF_SIGPENDING);
416 ret = -ERESTARTSYS;
417out:
418 return ret;
419out_unlock:
420 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
421 return ret;
422}
423
424EXPORT_SYMBOL(tty_check_change);
425
426static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
427 size_t count, loff_t *ppos)
428{
429 return 0;
430}
431
432static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
433 size_t count, loff_t *ppos)
434{
435 return -EIO;
436}
437
438/* No kernel lock held - none needed ;) */
439static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
440{
441 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
442}
443
444static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
445 unsigned long arg)
446{
447 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
448}
449
450static long hung_up_tty_compat_ioctl(struct file *file,
451 unsigned int cmd, unsigned long arg)
452{
453 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
454}
455
456static const struct file_operations tty_fops = {
457 .llseek = no_llseek,
458 .read = tty_read,
459 .write = tty_write,
460 .poll = tty_poll,
461 .unlocked_ioctl = tty_ioctl,
462 .compat_ioctl = tty_compat_ioctl,
463 .open = tty_open,
464 .release = tty_release,
465 .fasync = tty_fasync,
466};
467
468static const struct file_operations console_fops = {
469 .llseek = no_llseek,
470 .read = tty_read,
471 .write = redirected_tty_write,
472 .poll = tty_poll,
473 .unlocked_ioctl = tty_ioctl,
474 .compat_ioctl = tty_compat_ioctl,
475 .open = tty_open,
476 .release = tty_release,
477 .fasync = tty_fasync,
478};
479
480static const struct file_operations hung_up_tty_fops = {
481 .llseek = no_llseek,
482 .read = hung_up_tty_read,
483 .write = hung_up_tty_write,
484 .poll = hung_up_tty_poll,
485 .unlocked_ioctl = hung_up_tty_ioctl,
486 .compat_ioctl = hung_up_tty_compat_ioctl,
487 .release = tty_release,
488};
489
490static DEFINE_SPINLOCK(redirect_lock);
491static struct file *redirect;
492
493
494void proc_clear_tty(struct task_struct *p)
495{
496 unsigned long flags;
497 struct tty_struct *tty;
498 spin_lock_irqsave(&p->sighand->siglock, flags);
499 tty = p->signal->tty;
500 p->signal->tty = NULL;
501 spin_unlock_irqrestore(&p->sighand->siglock, flags);
502 tty_kref_put(tty);
503}
504
505/* Called under the sighand lock */
506
507static void __proc_set_tty(struct tty_struct *tty)
508{
509 if (tty) {
510 unsigned long flags;
511 /* We should not have a session or pgrp to put here but.... */
512 spin_lock_irqsave(&tty->ctrl_lock, flags);
513 put_pid(tty->session);
514 put_pid(tty->pgrp);
515 tty->pgrp = get_pid(task_pgrp(current));
516 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
517 tty->session = get_pid(task_session(current));
518 if (current->signal->tty) {
519 printk(KERN_DEBUG "tty not NULL!!\n");
520 tty_kref_put(current->signal->tty);
521 }
522 }
523 put_pid(current->signal->tty_old_pgrp);
524 current->signal->tty = tty_kref_get(tty);
525 current->signal->tty_old_pgrp = NULL;
526}
527
528static void proc_set_tty(struct tty_struct *tty)
529{
530 spin_lock_irq(&current->sighand->siglock);
531 __proc_set_tty(tty);
532 spin_unlock_irq(&current->sighand->siglock);
533}
534
535struct tty_struct *get_current_tty(void)
536{
537 struct tty_struct *tty;
538 unsigned long flags;
539
540 spin_lock_irqsave(&current->sighand->siglock, flags);
541 tty = tty_kref_get(current->signal->tty);
542 spin_unlock_irqrestore(&current->sighand->siglock, flags);
543 return tty;
544}
545EXPORT_SYMBOL_GPL(get_current_tty);
546
547static void session_clear_tty(struct pid *session)
548{
549 struct task_struct *p;
550 do_each_pid_task(session, PIDTYPE_SID, p) {
551 proc_clear_tty(p);
552 } while_each_pid_task(session, PIDTYPE_SID, p);
553}
554
555/**
556 * tty_wakeup - request more data
557 * @tty: terminal
558 *
559 * Internal and external helper for wakeups of tty. This function
560 * informs the line discipline if present that the driver is ready
561 * to receive more output data.
562 */
563
564void tty_wakeup(struct tty_struct *tty)
565{
566 struct tty_ldisc *ld;
567
568 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
569 ld = tty_ldisc_ref(tty);
570 if (ld) {
571 if (ld->ops->write_wakeup)
572 ld->ops->write_wakeup(tty);
573 tty_ldisc_deref(ld);
574 }
575 }
576 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
577}
578
579EXPORT_SYMBOL_GPL(tty_wakeup);
580
581/**
582 * tty_signal_session_leader - sends SIGHUP to session leader
583 * @tty controlling tty
584 * @exit_session if non-zero, signal all foreground group processes
585 *
586 * Send SIGHUP and SIGCONT to the session leader and its process group.
587 * Optionally, signal all processes in the foreground process group.
588 *
589 * Returns the number of processes in the session with this tty
590 * as their controlling terminal. This value is used to drop
591 * tty references for those processes.
592 */
593static int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
594{
595 struct task_struct *p;
596 int refs = 0;
597 struct pid *tty_pgrp = NULL;
598
599 read_lock(&tasklist_lock);
600 if (tty->session) {
601 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
602 spin_lock_irq(&p->sighand->siglock);
603 if (p->signal->tty == tty) {
604 p->signal->tty = NULL;
605 /* We defer the dereferences outside fo
606 the tasklist lock */
607 refs++;
608 }
609 if (!p->signal->leader) {
610 spin_unlock_irq(&p->sighand->siglock);
611 continue;
612 }
613 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
614 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
615 put_pid(p->signal->tty_old_pgrp); /* A noop */
616 spin_lock(&tty->ctrl_lock);
617 tty_pgrp = get_pid(tty->pgrp);
618 if (tty->pgrp)
619 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
620 spin_unlock(&tty->ctrl_lock);
621 spin_unlock_irq(&p->sighand->siglock);
622 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
623 }
624 read_unlock(&tasklist_lock);
625
626 if (tty_pgrp) {
627 if (exit_session)
628 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
629 put_pid(tty_pgrp);
630 }
631
632 return refs;
633}
634
635/**
636 * __tty_hangup - actual handler for hangup events
637 * @work: tty device
638 *
639 * This can be called by a "kworker" kernel thread. That is process
640 * synchronous but doesn't hold any locks, so we need to make sure we
641 * have the appropriate locks for what we're doing.
642 *
643 * The hangup event clears any pending redirections onto the hung up
644 * device. It ensures future writes will error and it does the needed
645 * line discipline hangup and signal delivery. The tty object itself
646 * remains intact.
647 *
648 * Locking:
649 * BTM
650 * redirect lock for undoing redirection
651 * file list lock for manipulating list of ttys
652 * tty_ldiscs_lock from called functions
653 * termios_rwsem resetting termios data
654 * tasklist_lock to walk task list for hangup event
655 * ->siglock to protect ->signal/->sighand
656 */
657static void __tty_hangup(struct tty_struct *tty, int exit_session)
658{
659 struct file *cons_filp = NULL;
660 struct file *filp, *f = NULL;
661 struct tty_file_private *priv;
662 int closecount = 0, n;
663 int refs;
664
665 if (!tty)
666 return;
667
668
669 spin_lock(&redirect_lock);
670 if (redirect && file_tty(redirect) == tty) {
671 f = redirect;
672 redirect = NULL;
673 }
674 spin_unlock(&redirect_lock);
675
676 tty_lock(tty);
677
678 if (test_bit(TTY_HUPPED, &tty->flags)) {
679 tty_unlock(tty);
680 return;
681 }
682
683 /* some functions below drop BTM, so we need this bit */
684 set_bit(TTY_HUPPING, &tty->flags);
685
686 /* inuse_filps is protected by the single tty lock,
687 this really needs to change if we want to flush the
688 workqueue with the lock held */
689 check_tty_count(tty, "tty_hangup");
690
691 spin_lock(&tty_files_lock);
692 /* This breaks for file handles being sent over AF_UNIX sockets ? */
693 list_for_each_entry(priv, &tty->tty_files, list) {
694 filp = priv->file;
695 if (filp->f_op->write == redirected_tty_write)
696 cons_filp = filp;
697 if (filp->f_op->write != tty_write)
698 continue;
699 closecount++;
700 __tty_fasync(-1, filp, 0); /* can't block */
701 filp->f_op = &hung_up_tty_fops;
702 }
703 spin_unlock(&tty_files_lock);
704
705 refs = tty_signal_session_leader(tty, exit_session);
706 /* Account for the p->signal references we killed */
707 while (refs--)
708 tty_kref_put(tty);
709
710 /*
711 * it drops BTM and thus races with reopen
712 * we protect the race by TTY_HUPPING
713 */
714 tty_ldisc_hangup(tty);
715
716 spin_lock_irq(&tty->ctrl_lock);
717 clear_bit(TTY_THROTTLED, &tty->flags);
718 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
719 put_pid(tty->session);
720 put_pid(tty->pgrp);
721 tty->session = NULL;
722 tty->pgrp = NULL;
723 tty->ctrl_status = 0;
724 spin_unlock_irq(&tty->ctrl_lock);
725
726 /*
727 * If one of the devices matches a console pointer, we
728 * cannot just call hangup() because that will cause
729 * tty->count and state->count to go out of sync.
730 * So we just call close() the right number of times.
731 */
732 if (cons_filp) {
733 if (tty->ops->close)
734 for (n = 0; n < closecount; n++)
735 tty->ops->close(tty, cons_filp);
736 } else if (tty->ops->hangup)
737 tty->ops->hangup(tty);
738 /*
739 * We don't want to have driver/ldisc interactions beyond
740 * the ones we did here. The driver layer expects no
741 * calls after ->hangup() from the ldisc side. However we
742 * can't yet guarantee all that.
743 */
744 set_bit(TTY_HUPPED, &tty->flags);
745 clear_bit(TTY_HUPPING, &tty->flags);
746
747 tty_unlock(tty);
748
749 if (f)
750 fput(f);
751}
752
753static void do_tty_hangup(struct work_struct *work)
754{
755 struct tty_struct *tty =
756 container_of(work, struct tty_struct, hangup_work);
757
758 __tty_hangup(tty, 0);
759}
760
761/**
762 * tty_hangup - trigger a hangup event
763 * @tty: tty to hangup
764 *
765 * A carrier loss (virtual or otherwise) has occurred on this like
766 * schedule a hangup sequence to run after this event.
767 */
768
769void tty_hangup(struct tty_struct *tty)
770{
771#ifdef TTY_DEBUG_HANGUP
772 char buf[64];
773 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
774#endif
775 schedule_work(&tty->hangup_work);
776}
777
778EXPORT_SYMBOL(tty_hangup);
779
780/**
781 * tty_vhangup - process vhangup
782 * @tty: tty to hangup
783 *
784 * The user has asked via system call for the terminal to be hung up.
785 * We do this synchronously so that when the syscall returns the process
786 * is complete. That guarantee is necessary for security reasons.
787 */
788
789void tty_vhangup(struct tty_struct *tty)
790{
791#ifdef TTY_DEBUG_HANGUP
792 char buf[64];
793
794 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
795#endif
796 __tty_hangup(tty, 0);
797}
798
799EXPORT_SYMBOL(tty_vhangup);
800
801
802/**
803 * tty_vhangup_self - process vhangup for own ctty
804 *
805 * Perform a vhangup on the current controlling tty
806 */
807
808void tty_vhangup_self(void)
809{
810 struct tty_struct *tty;
811
812 tty = get_current_tty();
813 if (tty) {
814 tty_vhangup(tty);
815 tty_kref_put(tty);
816 }
817}
818
819/**
820 * tty_vhangup_session - hangup session leader exit
821 * @tty: tty to hangup
822 *
823 * The session leader is exiting and hanging up its controlling terminal.
824 * Every process in the foreground process group is signalled SIGHUP.
825 *
826 * We do this synchronously so that when the syscall returns the process
827 * is complete. That guarantee is necessary for security reasons.
828 */
829
830static void tty_vhangup_session(struct tty_struct *tty)
831{
832#ifdef TTY_DEBUG_HANGUP
833 char buf[64];
834
835 printk(KERN_DEBUG "%s vhangup session...\n", tty_name(tty, buf));
836#endif
837 __tty_hangup(tty, 1);
838}
839
840/**
841 * tty_hung_up_p - was tty hung up
842 * @filp: file pointer of tty
843 *
844 * Return true if the tty has been subject to a vhangup or a carrier
845 * loss
846 */
847
848int tty_hung_up_p(struct file *filp)
849{
850 return (filp->f_op == &hung_up_tty_fops);
851}
852
853EXPORT_SYMBOL(tty_hung_up_p);
854
855/**
856 * disassociate_ctty - disconnect controlling tty
857 * @on_exit: true if exiting so need to "hang up" the session
858 *
859 * This function is typically called only by the session leader, when
860 * it wants to disassociate itself from its controlling tty.
861 *
862 * It performs the following functions:
863 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
864 * (2) Clears the tty from being controlling the session
865 * (3) Clears the controlling tty for all processes in the
866 * session group.
867 *
868 * The argument on_exit is set to 1 if called when a process is
869 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
870 *
871 * Locking:
872 * BTM is taken for hysterical raisins, and held when
873 * called from no_tty().
874 * tty_mutex is taken to protect tty
875 * ->siglock is taken to protect ->signal/->sighand
876 * tasklist_lock is taken to walk process list for sessions
877 * ->siglock is taken to protect ->signal/->sighand
878 */
879
880void disassociate_ctty(int on_exit)
881{
882 struct tty_struct *tty;
883
884 if (!current->signal->leader)
885 return;
886
887 tty = get_current_tty();
888 if (tty) {
889 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
890 tty_vhangup_session(tty);
891 } else {
892 struct pid *tty_pgrp = tty_get_pgrp(tty);
893 if (tty_pgrp) {
894 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
895 if (!on_exit)
896 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
897 put_pid(tty_pgrp);
898 }
899 }
900 tty_kref_put(tty);
901
902 } else if (on_exit) {
903 struct pid *old_pgrp;
904 spin_lock_irq(&current->sighand->siglock);
905 old_pgrp = current->signal->tty_old_pgrp;
906 current->signal->tty_old_pgrp = NULL;
907 spin_unlock_irq(&current->sighand->siglock);
908 if (old_pgrp) {
909 kill_pgrp(old_pgrp, SIGHUP, on_exit);
910 kill_pgrp(old_pgrp, SIGCONT, on_exit);
911 put_pid(old_pgrp);
912 }
913 return;
914 }
915
916 spin_lock_irq(&current->sighand->siglock);
917 put_pid(current->signal->tty_old_pgrp);
918 current->signal->tty_old_pgrp = NULL;
919
920 tty = tty_kref_get(current->signal->tty);
921 if (tty) {
922 unsigned long flags;
923 spin_lock_irqsave(&tty->ctrl_lock, flags);
924 put_pid(tty->session);
925 put_pid(tty->pgrp);
926 tty->session = NULL;
927 tty->pgrp = NULL;
928 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
929 tty_kref_put(tty);
930 } else {
931#ifdef TTY_DEBUG_HANGUP
932 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
933 " = NULL", tty);
934#endif
935 }
936
937 spin_unlock_irq(&current->sighand->siglock);
938 /* Now clear signal->tty under the lock */
939 read_lock(&tasklist_lock);
940 session_clear_tty(task_session(current));
941 read_unlock(&tasklist_lock);
942}
943
944/**
945 *
946 * no_tty - Ensure the current process does not have a controlling tty
947 */
948void no_tty(void)
949{
950 /* FIXME: Review locking here. The tty_lock never covered any race
951 between a new association and proc_clear_tty but possible we need
952 to protect against this anyway */
953 struct task_struct *tsk = current;
954 disassociate_ctty(0);
955 proc_clear_tty(tsk);
956}
957
958
959/**
960 * stop_tty - propagate flow control
961 * @tty: tty to stop
962 *
963 * Perform flow control to the driver. May be called
964 * on an already stopped device and will not re-call the driver
965 * method.
966 *
967 * This functionality is used by both the line disciplines for
968 * halting incoming flow and by the driver. It may therefore be
969 * called from any context, may be under the tty atomic_write_lock
970 * but not always.
971 *
972 * Locking:
973 * flow_lock
974 */
975
976void __stop_tty(struct tty_struct *tty)
977{
978 if (tty->stopped)
979 return;
980 tty->stopped = 1;
981 if (tty->ops->stop)
982 (tty->ops->stop)(tty);
983}
984
985void stop_tty(struct tty_struct *tty)
986{
987 unsigned long flags;
988
989 spin_lock_irqsave(&tty->flow_lock, flags);
990 __stop_tty(tty);
991 spin_unlock_irqrestore(&tty->flow_lock, flags);
992}
993EXPORT_SYMBOL(stop_tty);
994
995/**
996 * start_tty - propagate flow control
997 * @tty: tty to start
998 *
999 * Start a tty that has been stopped if at all possible. If this
1000 * tty was previous stopped and is now being started, the driver
1001 * start method is invoked and the line discipline woken.
1002 *
1003 * Locking:
1004 * flow_lock
1005 */
1006
1007void __start_tty(struct tty_struct *tty)
1008{
1009 if (!tty->stopped || tty->flow_stopped)
1010 return;
1011 tty->stopped = 0;
1012 if (tty->ops->start)
1013 (tty->ops->start)(tty);
1014 tty_wakeup(tty);
1015}
1016
1017void start_tty(struct tty_struct *tty)
1018{
1019 unsigned long flags;
1020
1021 spin_lock_irqsave(&tty->flow_lock, flags);
1022 __start_tty(tty);
1023 spin_unlock_irqrestore(&tty->flow_lock, flags);
1024}
1025EXPORT_SYMBOL(start_tty);
1026
1027/* We limit tty time update visibility to every 8 seconds or so. */
1028static void tty_update_time(struct timespec *time)
1029{
1030 unsigned long sec = get_seconds() & ~7;
1031 if ((long)(sec - time->tv_sec) > 0)
1032 time->tv_sec = sec;
1033}
1034
1035/**
1036 * tty_read - read method for tty device files
1037 * @file: pointer to tty file
1038 * @buf: user buffer
1039 * @count: size of user buffer
1040 * @ppos: unused
1041 *
1042 * Perform the read system call function on this terminal device. Checks
1043 * for hung up devices before calling the line discipline method.
1044 *
1045 * Locking:
1046 * Locks the line discipline internally while needed. Multiple
1047 * read calls may be outstanding in parallel.
1048 */
1049
1050static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1051 loff_t *ppos)
1052{
1053 int i;
1054 struct inode *inode = file_inode(file);
1055 struct tty_struct *tty = file_tty(file);
1056 struct tty_ldisc *ld;
1057
1058 if (tty_paranoia_check(tty, inode, "tty_read"))
1059 return -EIO;
1060 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1061 return -EIO;
1062
1063 /* We want to wait for the line discipline to sort out in this
1064 situation */
1065 ld = tty_ldisc_ref_wait(tty);
1066 if (ld->ops->read)
1067 i = (ld->ops->read)(tty, file, buf, count);
1068 else
1069 i = -EIO;
1070 tty_ldisc_deref(ld);
1071
1072 if (i > 0)
1073 tty_update_time(&inode->i_atime);
1074
1075 return i;
1076}
1077
1078static void tty_write_unlock(struct tty_struct *tty)
1079{
1080 mutex_unlock(&tty->atomic_write_lock);
1081 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1082}
1083
1084static int tty_write_lock(struct tty_struct *tty, int ndelay)
1085{
1086 if (!mutex_trylock(&tty->atomic_write_lock)) {
1087 if (ndelay)
1088 return -EAGAIN;
1089 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1090 return -ERESTARTSYS;
1091 }
1092 return 0;
1093}
1094
1095/*
1096 * Split writes up in sane blocksizes to avoid
1097 * denial-of-service type attacks
1098 */
1099static inline ssize_t do_tty_write(
1100 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1101 struct tty_struct *tty,
1102 struct file *file,
1103 const char __user *buf,
1104 size_t count)
1105{
1106 ssize_t ret, written = 0;
1107 unsigned int chunk;
1108
1109 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1110 if (ret < 0)
1111 return ret;
1112
1113 /*
1114 * We chunk up writes into a temporary buffer. This
1115 * simplifies low-level drivers immensely, since they
1116 * don't have locking issues and user mode accesses.
1117 *
1118 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1119 * big chunk-size..
1120 *
1121 * The default chunk-size is 2kB, because the NTTY
1122 * layer has problems with bigger chunks. It will
1123 * claim to be able to handle more characters than
1124 * it actually does.
1125 *
1126 * FIXME: This can probably go away now except that 64K chunks
1127 * are too likely to fail unless switched to vmalloc...
1128 */
1129 chunk = 2048;
1130 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1131 chunk = 65536;
1132 if (count < chunk)
1133 chunk = count;
1134
1135 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1136 if (tty->write_cnt < chunk) {
1137 unsigned char *buf_chunk;
1138
1139 if (chunk < 1024)
1140 chunk = 1024;
1141
1142 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1143 if (!buf_chunk) {
1144 ret = -ENOMEM;
1145 goto out;
1146 }
1147 kfree(tty->write_buf);
1148 tty->write_cnt = chunk;
1149 tty->write_buf = buf_chunk;
1150 }
1151
1152 /* Do the write .. */
1153 for (;;) {
1154 size_t size = count;
1155 if (size > chunk)
1156 size = chunk;
1157 ret = -EFAULT;
1158 if (copy_from_user(tty->write_buf, buf, size))
1159 break;
1160 ret = write(tty, file, tty->write_buf, size);
1161 if (ret <= 0)
1162 break;
1163 written += ret;
1164 buf += ret;
1165 count -= ret;
1166 if (!count)
1167 break;
1168 ret = -ERESTARTSYS;
1169 if (signal_pending(current))
1170 break;
1171 cond_resched();
1172 }
1173 if (written) {
1174 tty_update_time(&file_inode(file)->i_mtime);
1175 ret = written;
1176 }
1177out:
1178 tty_write_unlock(tty);
1179 return ret;
1180}
1181
1182/**
1183 * tty_write_message - write a message to a certain tty, not just the console.
1184 * @tty: the destination tty_struct
1185 * @msg: the message to write
1186 *
1187 * This is used for messages that need to be redirected to a specific tty.
1188 * We don't put it into the syslog queue right now maybe in the future if
1189 * really needed.
1190 *
1191 * We must still hold the BTM and test the CLOSING flag for the moment.
1192 */
1193
1194void tty_write_message(struct tty_struct *tty, char *msg)
1195{
1196 if (tty) {
1197 mutex_lock(&tty->atomic_write_lock);
1198 tty_lock(tty);
1199 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1200 tty_unlock(tty);
1201 tty->ops->write(tty, msg, strlen(msg));
1202 } else
1203 tty_unlock(tty);
1204 tty_write_unlock(tty);
1205 }
1206 return;
1207}
1208
1209
1210/**
1211 * tty_write - write method for tty device file
1212 * @file: tty file pointer
1213 * @buf: user data to write
1214 * @count: bytes to write
1215 * @ppos: unused
1216 *
1217 * Write data to a tty device via the line discipline.
1218 *
1219 * Locking:
1220 * Locks the line discipline as required
1221 * Writes to the tty driver are serialized by the atomic_write_lock
1222 * and are then processed in chunks to the device. The line discipline
1223 * write method will not be invoked in parallel for each device.
1224 */
1225
1226static ssize_t tty_write(struct file *file, const char __user *buf,
1227 size_t count, loff_t *ppos)
1228{
1229 struct tty_struct *tty = file_tty(file);
1230 struct tty_ldisc *ld;
1231 ssize_t ret;
1232
1233 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1234 return -EIO;
1235 if (!tty || !tty->ops->write ||
1236 (test_bit(TTY_IO_ERROR, &tty->flags)))
1237 return -EIO;
1238 /* Short term debug to catch buggy drivers */
1239 if (tty->ops->write_room == NULL)
1240 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1241 tty->driver->name);
1242 ld = tty_ldisc_ref_wait(tty);
1243 if (!ld->ops->write)
1244 ret = -EIO;
1245 else
1246 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1247 tty_ldisc_deref(ld);
1248 return ret;
1249}
1250
1251ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1252 size_t count, loff_t *ppos)
1253{
1254 struct file *p = NULL;
1255
1256 spin_lock(&redirect_lock);
1257 if (redirect)
1258 p = get_file(redirect);
1259 spin_unlock(&redirect_lock);
1260
1261 if (p) {
1262 ssize_t res;
1263 res = vfs_write(p, buf, count, &p->f_pos);
1264 fput(p);
1265 return res;
1266 }
1267 return tty_write(file, buf, count, ppos);
1268}
1269
1270/**
1271 * tty_send_xchar - send priority character
1272 *
1273 * Send a high priority character to the tty even if stopped
1274 *
1275 * Locking: none for xchar method, write ordering for write method.
1276 */
1277
1278int tty_send_xchar(struct tty_struct *tty, char ch)
1279{
1280 int was_stopped = tty->stopped;
1281
1282 if (tty->ops->send_xchar) {
1283 tty->ops->send_xchar(tty, ch);
1284 return 0;
1285 }
1286
1287 if (tty_write_lock(tty, 0) < 0)
1288 return -ERESTARTSYS;
1289
1290 if (was_stopped)
1291 start_tty(tty);
1292 tty->ops->write(tty, &ch, 1);
1293 if (was_stopped)
1294 stop_tty(tty);
1295 tty_write_unlock(tty);
1296 return 0;
1297}
1298
1299static char ptychar[] = "pqrstuvwxyzabcde";
1300
1301/**
1302 * pty_line_name - generate name for a pty
1303 * @driver: the tty driver in use
1304 * @index: the minor number
1305 * @p: output buffer of at least 6 bytes
1306 *
1307 * Generate a name from a driver reference and write it to the output
1308 * buffer.
1309 *
1310 * Locking: None
1311 */
1312static void pty_line_name(struct tty_driver *driver, int index, char *p)
1313{
1314 int i = index + driver->name_base;
1315 /* ->name is initialized to "ttyp", but "tty" is expected */
1316 sprintf(p, "%s%c%x",
1317 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1318 ptychar[i >> 4 & 0xf], i & 0xf);
1319}
1320
1321/**
1322 * tty_line_name - generate name for a tty
1323 * @driver: the tty driver in use
1324 * @index: the minor number
1325 * @p: output buffer of at least 7 bytes
1326 *
1327 * Generate a name from a driver reference and write it to the output
1328 * buffer.
1329 *
1330 * Locking: None
1331 */
1332static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1333{
1334 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1335 return sprintf(p, "%s", driver->name);
1336 else
1337 return sprintf(p, "%s%d", driver->name,
1338 index + driver->name_base);
1339}
1340
1341/**
1342 * tty_driver_lookup_tty() - find an existing tty, if any
1343 * @driver: the driver for the tty
1344 * @idx: the minor number
1345 *
1346 * Return the tty, if found or ERR_PTR() otherwise.
1347 *
1348 * Locking: tty_mutex must be held. If tty is found, the mutex must
1349 * be held until the 'fast-open' is also done. Will change once we
1350 * have refcounting in the driver and per driver locking
1351 */
1352static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1353 struct inode *inode, int idx)
1354{
1355 if (driver->ops->lookup)
1356 return driver->ops->lookup(driver, inode, idx);
1357
1358 return driver->ttys[idx];
1359}
1360
1361/**
1362 * tty_init_termios - helper for termios setup
1363 * @tty: the tty to set up
1364 *
1365 * Initialise the termios structures for this tty. Thus runs under
1366 * the tty_mutex currently so we can be relaxed about ordering.
1367 */
1368
1369int tty_init_termios(struct tty_struct *tty)
1370{
1371 struct ktermios *tp;
1372 int idx = tty->index;
1373
1374 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1375 tty->termios = tty->driver->init_termios;
1376 else {
1377 /* Check for lazy saved data */
1378 tp = tty->driver->termios[idx];
1379 if (tp != NULL)
1380 tty->termios = *tp;
1381 else
1382 tty->termios = tty->driver->init_termios;
1383 }
1384 /* Compatibility until drivers always set this */
1385 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1386 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1387 return 0;
1388}
1389EXPORT_SYMBOL_GPL(tty_init_termios);
1390
1391int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1392{
1393 int ret = tty_init_termios(tty);
1394 if (ret)
1395 return ret;
1396
1397 tty_driver_kref_get(driver);
1398 tty->count++;
1399 driver->ttys[tty->index] = tty;
1400 return 0;
1401}
1402EXPORT_SYMBOL_GPL(tty_standard_install);
1403
1404/**
1405 * tty_driver_install_tty() - install a tty entry in the driver
1406 * @driver: the driver for the tty
1407 * @tty: the tty
1408 *
1409 * Install a tty object into the driver tables. The tty->index field
1410 * will be set by the time this is called. This method is responsible
1411 * for ensuring any need additional structures are allocated and
1412 * configured.
1413 *
1414 * Locking: tty_mutex for now
1415 */
1416static int tty_driver_install_tty(struct tty_driver *driver,
1417 struct tty_struct *tty)
1418{
1419 return driver->ops->install ? driver->ops->install(driver, tty) :
1420 tty_standard_install(driver, tty);
1421}
1422
1423/**
1424 * tty_driver_remove_tty() - remove a tty from the driver tables
1425 * @driver: the driver for the tty
1426 * @idx: the minor number
1427 *
1428 * Remvoe a tty object from the driver tables. The tty->index field
1429 * will be set by the time this is called.
1430 *
1431 * Locking: tty_mutex for now
1432 */
1433void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1434{
1435 if (driver->ops->remove)
1436 driver->ops->remove(driver, tty);
1437 else
1438 driver->ttys[tty->index] = NULL;
1439}
1440
1441/*
1442 * tty_reopen() - fast re-open of an open tty
1443 * @tty - the tty to open
1444 *
1445 * Return 0 on success, -errno on error.
1446 *
1447 * Locking: tty_mutex must be held from the time the tty was found
1448 * till this open completes.
1449 */
1450static int tty_reopen(struct tty_struct *tty)
1451{
1452 struct tty_driver *driver = tty->driver;
1453
1454 if (test_bit(TTY_CLOSING, &tty->flags) ||
1455 test_bit(TTY_HUPPING, &tty->flags))
1456 return -EIO;
1457
1458 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1459 driver->subtype == PTY_TYPE_MASTER) {
1460 /*
1461 * special case for PTY masters: only one open permitted,
1462 * and the slave side open count is incremented as well.
1463 */
1464 if (tty->count)
1465 return -EIO;
1466
1467 tty->link->count++;
1468 }
1469 tty->count++;
1470
1471 WARN_ON(!tty->ldisc);
1472
1473 return 0;
1474}
1475
1476/**
1477 * tty_init_dev - initialise a tty device
1478 * @driver: tty driver we are opening a device on
1479 * @idx: device index
1480 * @ret_tty: returned tty structure
1481 *
1482 * Prepare a tty device. This may not be a "new" clean device but
1483 * could also be an active device. The pty drivers require special
1484 * handling because of this.
1485 *
1486 * Locking:
1487 * The function is called under the tty_mutex, which
1488 * protects us from the tty struct or driver itself going away.
1489 *
1490 * On exit the tty device has the line discipline attached and
1491 * a reference count of 1. If a pair was created for pty/tty use
1492 * and the other was a pty master then it too has a reference count of 1.
1493 *
1494 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1495 * failed open. The new code protects the open with a mutex, so it's
1496 * really quite straightforward. The mutex locking can probably be
1497 * relaxed for the (most common) case of reopening a tty.
1498 */
1499
1500struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1501{
1502 struct tty_struct *tty;
1503 int retval;
1504
1505 /*
1506 * First time open is complex, especially for PTY devices.
1507 * This code guarantees that either everything succeeds and the
1508 * TTY is ready for operation, or else the table slots are vacated
1509 * and the allocated memory released. (Except that the termios
1510 * and locked termios may be retained.)
1511 */
1512
1513 if (!try_module_get(driver->owner))
1514 return ERR_PTR(-ENODEV);
1515
1516 tty = alloc_tty_struct(driver, idx);
1517 if (!tty) {
1518 retval = -ENOMEM;
1519 goto err_module_put;
1520 }
1521
1522 tty_lock(tty);
1523 retval = tty_driver_install_tty(driver, tty);
1524 if (retval < 0)
1525 goto err_deinit_tty;
1526
1527 if (!tty->port)
1528 tty->port = driver->ports[idx];
1529
1530 WARN_RATELIMIT(!tty->port,
1531 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1532 __func__, tty->driver->name);
1533
1534 tty->port->itty = tty;
1535
1536 /*
1537 * Structures all installed ... call the ldisc open routines.
1538 * If we fail here just call release_tty to clean up. No need
1539 * to decrement the use counts, as release_tty doesn't care.
1540 */
1541 retval = tty_ldisc_setup(tty, tty->link);
1542 if (retval)
1543 goto err_release_tty;
1544 /* Return the tty locked so that it cannot vanish under the caller */
1545 return tty;
1546
1547err_deinit_tty:
1548 tty_unlock(tty);
1549 deinitialize_tty_struct(tty);
1550 free_tty_struct(tty);
1551err_module_put:
1552 module_put(driver->owner);
1553 return ERR_PTR(retval);
1554
1555 /* call the tty release_tty routine to clean out this slot */
1556err_release_tty:
1557 tty_unlock(tty);
1558 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1559 "clearing slot %d\n", idx);
1560 release_tty(tty, idx);
1561 return ERR_PTR(retval);
1562}
1563
1564void tty_free_termios(struct tty_struct *tty)
1565{
1566 struct ktermios *tp;
1567 int idx = tty->index;
1568
1569 /* If the port is going to reset then it has no termios to save */
1570 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1571 return;
1572
1573 /* Stash the termios data */
1574 tp = tty->driver->termios[idx];
1575 if (tp == NULL) {
1576 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1577 if (tp == NULL) {
1578 pr_warn("tty: no memory to save termios state.\n");
1579 return;
1580 }
1581 tty->driver->termios[idx] = tp;
1582 }
1583 *tp = tty->termios;
1584}
1585EXPORT_SYMBOL(tty_free_termios);
1586
1587/**
1588 * tty_flush_works - flush all works of a tty
1589 * @tty: tty device to flush works for
1590 *
1591 * Sync flush all works belonging to @tty.
1592 */
1593static void tty_flush_works(struct tty_struct *tty)
1594{
1595 flush_work(&tty->SAK_work);
1596 flush_work(&tty->hangup_work);
1597}
1598
1599/**
1600 * release_one_tty - release tty structure memory
1601 * @kref: kref of tty we are obliterating
1602 *
1603 * Releases memory associated with a tty structure, and clears out the
1604 * driver table slots. This function is called when a device is no longer
1605 * in use. It also gets called when setup of a device fails.
1606 *
1607 * Locking:
1608 * takes the file list lock internally when working on the list
1609 * of ttys that the driver keeps.
1610 *
1611 * This method gets called from a work queue so that the driver private
1612 * cleanup ops can sleep (needed for USB at least)
1613 */
1614static void release_one_tty(struct work_struct *work)
1615{
1616 struct tty_struct *tty =
1617 container_of(work, struct tty_struct, hangup_work);
1618 struct tty_driver *driver = tty->driver;
1619 struct module *owner = driver->owner;
1620
1621 if (tty->ops->cleanup)
1622 tty->ops->cleanup(tty);
1623
1624 tty->magic = 0;
1625 tty_driver_kref_put(driver);
1626 module_put(owner);
1627
1628 spin_lock(&tty_files_lock);
1629 list_del_init(&tty->tty_files);
1630 spin_unlock(&tty_files_lock);
1631
1632 put_pid(tty->pgrp);
1633 put_pid(tty->session);
1634 free_tty_struct(tty);
1635}
1636
1637static void queue_release_one_tty(struct kref *kref)
1638{
1639 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1640
1641 /* The hangup queue is now free so we can reuse it rather than
1642 waste a chunk of memory for each port */
1643 INIT_WORK(&tty->hangup_work, release_one_tty);
1644 schedule_work(&tty->hangup_work);
1645}
1646
1647/**
1648 * tty_kref_put - release a tty kref
1649 * @tty: tty device
1650 *
1651 * Release a reference to a tty device and if need be let the kref
1652 * layer destruct the object for us
1653 */
1654
1655void tty_kref_put(struct tty_struct *tty)
1656{
1657 if (tty)
1658 kref_put(&tty->kref, queue_release_one_tty);
1659}
1660EXPORT_SYMBOL(tty_kref_put);
1661
1662/**
1663 * release_tty - release tty structure memory
1664 *
1665 * Release both @tty and a possible linked partner (think pty pair),
1666 * and decrement the refcount of the backing module.
1667 *
1668 * Locking:
1669 * tty_mutex
1670 * takes the file list lock internally when working on the list
1671 * of ttys that the driver keeps.
1672 *
1673 */
1674static void release_tty(struct tty_struct *tty, int idx)
1675{
1676 /* This should always be true but check for the moment */
1677 WARN_ON(tty->index != idx);
1678 WARN_ON(!mutex_is_locked(&tty_mutex));
1679 if (tty->ops->shutdown)
1680 tty->ops->shutdown(tty);
1681 tty_free_termios(tty);
1682 tty_driver_remove_tty(tty->driver, tty);
1683 tty->port->itty = NULL;
1684 if (tty->link)
1685 tty->link->port->itty = NULL;
1686 cancel_work_sync(&tty->port->buf.work);
1687
1688 if (tty->link)
1689 tty_kref_put(tty->link);
1690 tty_kref_put(tty);
1691}
1692
1693/**
1694 * tty_release_checks - check a tty before real release
1695 * @tty: tty to check
1696 * @o_tty: link of @tty (if any)
1697 * @idx: index of the tty
1698 *
1699 * Performs some paranoid checking before true release of the @tty.
1700 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1701 */
1702static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1703 int idx)
1704{
1705#ifdef TTY_PARANOIA_CHECK
1706 if (idx < 0 || idx >= tty->driver->num) {
1707 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1708 __func__, tty->name);
1709 return -1;
1710 }
1711
1712 /* not much to check for devpts */
1713 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1714 return 0;
1715
1716 if (tty != tty->driver->ttys[idx]) {
1717 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1718 __func__, idx, tty->name);
1719 return -1;
1720 }
1721 if (tty->driver->other) {
1722 if (o_tty != tty->driver->other->ttys[idx]) {
1723 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1724 __func__, idx, tty->name);
1725 return -1;
1726 }
1727 if (o_tty->link != tty) {
1728 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1729 return -1;
1730 }
1731 }
1732#endif
1733 return 0;
1734}
1735
1736/**
1737 * tty_release - vfs callback for close
1738 * @inode: inode of tty
1739 * @filp: file pointer for handle to tty
1740 *
1741 * Called the last time each file handle is closed that references
1742 * this tty. There may however be several such references.
1743 *
1744 * Locking:
1745 * Takes bkl. See tty_release_dev
1746 *
1747 * Even releasing the tty structures is a tricky business.. We have
1748 * to be very careful that the structures are all released at the
1749 * same time, as interrupts might otherwise get the wrong pointers.
1750 *
1751 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1752 * lead to double frees or releasing memory still in use.
1753 */
1754
1755int tty_release(struct inode *inode, struct file *filp)
1756{
1757 struct tty_struct *tty = file_tty(filp);
1758 struct tty_struct *o_tty;
1759 int pty_master, tty_closing, o_tty_closing, do_sleep;
1760 int idx;
1761 char buf[64];
1762
1763 if (tty_paranoia_check(tty, inode, __func__))
1764 return 0;
1765
1766 tty_lock(tty);
1767 check_tty_count(tty, __func__);
1768
1769 __tty_fasync(-1, filp, 0);
1770
1771 idx = tty->index;
1772 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1773 tty->driver->subtype == PTY_TYPE_MASTER);
1774 /* Review: parallel close */
1775 o_tty = tty->link;
1776
1777 if (tty_release_checks(tty, o_tty, idx)) {
1778 tty_unlock(tty);
1779 return 0;
1780 }
1781
1782#ifdef TTY_DEBUG_HANGUP
1783 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1784 tty_name(tty, buf), tty->count);
1785#endif
1786
1787 if (tty->ops->close)
1788 tty->ops->close(tty, filp);
1789
1790 tty_unlock(tty);
1791 /*
1792 * Sanity check: if tty->count is going to zero, there shouldn't be
1793 * any waiters on tty->read_wait or tty->write_wait. We test the
1794 * wait queues and kick everyone out _before_ actually starting to
1795 * close. This ensures that we won't block while releasing the tty
1796 * structure.
1797 *
1798 * The test for the o_tty closing is necessary, since the master and
1799 * slave sides may close in any order. If the slave side closes out
1800 * first, its count will be one, since the master side holds an open.
1801 * Thus this test wouldn't be triggered at the time the slave closes,
1802 * so we do it now.
1803 *
1804 * Note that it's possible for the tty to be opened again while we're
1805 * flushing out waiters. By recalculating the closing flags before
1806 * each iteration we avoid any problems.
1807 */
1808 while (1) {
1809 /* Guard against races with tty->count changes elsewhere and
1810 opens on /dev/tty */
1811
1812 mutex_lock(&tty_mutex);
1813 tty_lock_pair(tty, o_tty);
1814 tty_closing = tty->count <= 1;
1815 o_tty_closing = o_tty &&
1816 (o_tty->count <= (pty_master ? 1 : 0));
1817 do_sleep = 0;
1818
1819 if (tty_closing) {
1820 if (waitqueue_active(&tty->read_wait)) {
1821 wake_up_poll(&tty->read_wait, POLLIN);
1822 do_sleep++;
1823 }
1824 if (waitqueue_active(&tty->write_wait)) {
1825 wake_up_poll(&tty->write_wait, POLLOUT);
1826 do_sleep++;
1827 }
1828 }
1829 if (o_tty_closing) {
1830 if (waitqueue_active(&o_tty->read_wait)) {
1831 wake_up_poll(&o_tty->read_wait, POLLIN);
1832 do_sleep++;
1833 }
1834 if (waitqueue_active(&o_tty->write_wait)) {
1835 wake_up_poll(&o_tty->write_wait, POLLOUT);
1836 do_sleep++;
1837 }
1838 }
1839 if (!do_sleep)
1840 break;
1841
1842 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1843 __func__, tty_name(tty, buf));
1844 tty_unlock_pair(tty, o_tty);
1845 mutex_unlock(&tty_mutex);
1846 schedule();
1847 }
1848
1849 /*
1850 * The closing flags are now consistent with the open counts on
1851 * both sides, and we've completed the last operation that could
1852 * block, so it's safe to proceed with closing.
1853 *
1854 * We must *not* drop the tty_mutex until we ensure that a further
1855 * entry into tty_open can not pick up this tty.
1856 */
1857 if (pty_master) {
1858 if (--o_tty->count < 0) {
1859 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1860 __func__, o_tty->count, tty_name(o_tty, buf));
1861 o_tty->count = 0;
1862 }
1863 }
1864 if (--tty->count < 0) {
1865 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1866 __func__, tty->count, tty_name(tty, buf));
1867 tty->count = 0;
1868 }
1869
1870 /*
1871 * We've decremented tty->count, so we need to remove this file
1872 * descriptor off the tty->tty_files list; this serves two
1873 * purposes:
1874 * - check_tty_count sees the correct number of file descriptors
1875 * associated with this tty.
1876 * - do_tty_hangup no longer sees this file descriptor as
1877 * something that needs to be handled for hangups.
1878 */
1879 tty_del_file(filp);
1880
1881 /*
1882 * Perform some housekeeping before deciding whether to return.
1883 *
1884 * Set the TTY_CLOSING flag if this was the last open. In the
1885 * case of a pty we may have to wait around for the other side
1886 * to close, and TTY_CLOSING makes sure we can't be reopened.
1887 */
1888 if (tty_closing)
1889 set_bit(TTY_CLOSING, &tty->flags);
1890 if (o_tty_closing)
1891 set_bit(TTY_CLOSING, &o_tty->flags);
1892
1893 /*
1894 * If _either_ side is closing, make sure there aren't any
1895 * processes that still think tty or o_tty is their controlling
1896 * tty.
1897 */
1898 if (tty_closing || o_tty_closing) {
1899 read_lock(&tasklist_lock);
1900 session_clear_tty(tty->session);
1901 if (o_tty)
1902 session_clear_tty(o_tty->session);
1903 read_unlock(&tasklist_lock);
1904 }
1905
1906 mutex_unlock(&tty_mutex);
1907 tty_unlock_pair(tty, o_tty);
1908 /* At this point the TTY_CLOSING flag should ensure a dead tty
1909 cannot be re-opened by a racing opener */
1910
1911 /* check whether both sides are closing ... */
1912 if (!tty_closing || (o_tty && !o_tty_closing))
1913 return 0;
1914
1915#ifdef TTY_DEBUG_HANGUP
1916 printk(KERN_DEBUG "%s: %s: final close\n", __func__, tty_name(tty, buf));
1917#endif
1918 /*
1919 * Ask the line discipline code to release its structures
1920 */
1921 tty_ldisc_release(tty, o_tty);
1922
1923 /* Wait for pending work before tty destruction commmences */
1924 tty_flush_works(tty);
1925 if (o_tty)
1926 tty_flush_works(o_tty);
1927
1928#ifdef TTY_DEBUG_HANGUP
1929 printk(KERN_DEBUG "%s: %s: freeing structure...\n", __func__, tty_name(tty, buf));
1930#endif
1931 /*
1932 * The release_tty function takes care of the details of clearing
1933 * the slots and preserving the termios structure. The tty_unlock_pair
1934 * should be safe as we keep a kref while the tty is locked (so the
1935 * unlock never unlocks a freed tty).
1936 */
1937 mutex_lock(&tty_mutex);
1938 release_tty(tty, idx);
1939 mutex_unlock(&tty_mutex);
1940
1941 return 0;
1942}
1943
1944/**
1945 * tty_open_current_tty - get tty of current task for open
1946 * @device: device number
1947 * @filp: file pointer to tty
1948 * @return: tty of the current task iff @device is /dev/tty
1949 *
1950 * We cannot return driver and index like for the other nodes because
1951 * devpts will not work then. It expects inodes to be from devpts FS.
1952 *
1953 * We need to move to returning a refcounted object from all the lookup
1954 * paths including this one.
1955 */
1956static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1957{
1958 struct tty_struct *tty;
1959
1960 if (device != MKDEV(TTYAUX_MAJOR, 0))
1961 return NULL;
1962
1963 tty = get_current_tty();
1964 if (!tty)
1965 return ERR_PTR(-ENXIO);
1966
1967 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1968 /* noctty = 1; */
1969 tty_kref_put(tty);
1970 /* FIXME: we put a reference and return a TTY! */
1971 /* This is only safe because the caller holds tty_mutex */
1972 return tty;
1973}
1974
1975/**
1976 * tty_lookup_driver - lookup a tty driver for a given device file
1977 * @device: device number
1978 * @filp: file pointer to tty
1979 * @noctty: set if the device should not become a controlling tty
1980 * @index: index for the device in the @return driver
1981 * @return: driver for this inode (with increased refcount)
1982 *
1983 * If @return is not erroneous, the caller is responsible to decrement the
1984 * refcount by tty_driver_kref_put.
1985 *
1986 * Locking: tty_mutex protects get_tty_driver
1987 */
1988static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1989 int *noctty, int *index)
1990{
1991 struct tty_driver *driver;
1992
1993 switch (device) {
1994#ifdef CONFIG_VT
1995 case MKDEV(TTY_MAJOR, 0): {
1996 extern struct tty_driver *console_driver;
1997 driver = tty_driver_kref_get(console_driver);
1998 *index = fg_console;
1999 *noctty = 1;
2000 break;
2001 }
2002#endif
2003 case MKDEV(TTYAUX_MAJOR, 1): {
2004 struct tty_driver *console_driver = console_device(index);
2005 if (console_driver) {
2006 driver = tty_driver_kref_get(console_driver);
2007 if (driver) {
2008 /* Don't let /dev/console block */
2009 filp->f_flags |= O_NONBLOCK;
2010 *noctty = 1;
2011 break;
2012 }
2013 }
2014 return ERR_PTR(-ENODEV);
2015 }
2016 default:
2017 driver = get_tty_driver(device, index);
2018 if (!driver)
2019 return ERR_PTR(-ENODEV);
2020 break;
2021 }
2022 return driver;
2023}
2024
2025/**
2026 * tty_open - open a tty device
2027 * @inode: inode of device file
2028 * @filp: file pointer to tty
2029 *
2030 * tty_open and tty_release keep up the tty count that contains the
2031 * number of opens done on a tty. We cannot use the inode-count, as
2032 * different inodes might point to the same tty.
2033 *
2034 * Open-counting is needed for pty masters, as well as for keeping
2035 * track of serial lines: DTR is dropped when the last close happens.
2036 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2037 *
2038 * The termios state of a pty is reset on first open so that
2039 * settings don't persist across reuse.
2040 *
2041 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2042 * tty->count should protect the rest.
2043 * ->siglock protects ->signal/->sighand
2044 *
2045 * Note: the tty_unlock/lock cases without a ref are only safe due to
2046 * tty_mutex
2047 */
2048
2049static int tty_open(struct inode *inode, struct file *filp)
2050{
2051 struct tty_struct *tty;
2052 int noctty, retval;
2053 struct tty_driver *driver = NULL;
2054 int index;
2055 dev_t device = inode->i_rdev;
2056 unsigned saved_flags = filp->f_flags;
2057
2058 nonseekable_open(inode, filp);
2059
2060retry_open:
2061 retval = tty_alloc_file(filp);
2062 if (retval)
2063 return -ENOMEM;
2064
2065 noctty = filp->f_flags & O_NOCTTY;
2066 index = -1;
2067 retval = 0;
2068
2069 mutex_lock(&tty_mutex);
2070 /* This is protected by the tty_mutex */
2071 tty = tty_open_current_tty(device, filp);
2072 if (IS_ERR(tty)) {
2073 retval = PTR_ERR(tty);
2074 goto err_unlock;
2075 } else if (!tty) {
2076 driver = tty_lookup_driver(device, filp, &noctty, &index);
2077 if (IS_ERR(driver)) {
2078 retval = PTR_ERR(driver);
2079 goto err_unlock;
2080 }
2081
2082 /* check whether we're reopening an existing tty */
2083 tty = tty_driver_lookup_tty(driver, inode, index);
2084 if (IS_ERR(tty)) {
2085 retval = PTR_ERR(tty);
2086 goto err_unlock;
2087 }
2088 }
2089
2090 if (tty) {
2091 tty_lock(tty);
2092 retval = tty_reopen(tty);
2093 if (retval < 0) {
2094 tty_unlock(tty);
2095 tty = ERR_PTR(retval);
2096 }
2097 } else /* Returns with the tty_lock held for now */
2098 tty = tty_init_dev(driver, index);
2099
2100 mutex_unlock(&tty_mutex);
2101 if (driver)
2102 tty_driver_kref_put(driver);
2103 if (IS_ERR(tty)) {
2104 retval = PTR_ERR(tty);
2105 goto err_file;
2106 }
2107
2108 tty_add_file(tty, filp);
2109
2110 check_tty_count(tty, __func__);
2111 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2112 tty->driver->subtype == PTY_TYPE_MASTER)
2113 noctty = 1;
2114#ifdef TTY_DEBUG_HANGUP
2115 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
2116#endif
2117 if (tty->ops->open)
2118 retval = tty->ops->open(tty, filp);
2119 else
2120 retval = -ENODEV;
2121 filp->f_flags = saved_flags;
2122
2123 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2124 !capable(CAP_SYS_ADMIN))
2125 retval = -EBUSY;
2126
2127 if (retval) {
2128#ifdef TTY_DEBUG_HANGUP
2129 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
2130 retval, tty->name);
2131#endif
2132 tty_unlock(tty); /* need to call tty_release without BTM */
2133 tty_release(inode, filp);
2134 if (retval != -ERESTARTSYS)
2135 return retval;
2136
2137 if (signal_pending(current))
2138 return retval;
2139
2140 schedule();
2141 /*
2142 * Need to reset f_op in case a hangup happened.
2143 */
2144 if (filp->f_op == &hung_up_tty_fops)
2145 filp->f_op = &tty_fops;
2146 goto retry_open;
2147 }
2148 clear_bit(TTY_HUPPED, &tty->flags);
2149 tty_unlock(tty);
2150
2151
2152 mutex_lock(&tty_mutex);
2153 tty_lock(tty);
2154 spin_lock_irq(&current->sighand->siglock);
2155 if (!noctty &&
2156 current->signal->leader &&
2157 !current->signal->tty &&
2158 tty->session == NULL)
2159 __proc_set_tty(tty);
2160 spin_unlock_irq(&current->sighand->siglock);
2161 tty_unlock(tty);
2162 mutex_unlock(&tty_mutex);
2163 return 0;
2164err_unlock:
2165 mutex_unlock(&tty_mutex);
2166 /* after locks to avoid deadlock */
2167 if (!IS_ERR_OR_NULL(driver))
2168 tty_driver_kref_put(driver);
2169err_file:
2170 tty_free_file(filp);
2171 return retval;
2172}
2173
2174
2175
2176/**
2177 * tty_poll - check tty status
2178 * @filp: file being polled
2179 * @wait: poll wait structures to update
2180 *
2181 * Call the line discipline polling method to obtain the poll
2182 * status of the device.
2183 *
2184 * Locking: locks called line discipline but ldisc poll method
2185 * may be re-entered freely by other callers.
2186 */
2187
2188static unsigned int tty_poll(struct file *filp, poll_table *wait)
2189{
2190 struct tty_struct *tty = file_tty(filp);
2191 struct tty_ldisc *ld;
2192 int ret = 0;
2193
2194 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2195 return 0;
2196
2197 ld = tty_ldisc_ref_wait(tty);
2198 if (ld->ops->poll)
2199 ret = (ld->ops->poll)(tty, filp, wait);
2200 tty_ldisc_deref(ld);
2201 return ret;
2202}
2203
2204static int __tty_fasync(int fd, struct file *filp, int on)
2205{
2206 struct tty_struct *tty = file_tty(filp);
2207 struct tty_ldisc *ldisc;
2208 unsigned long flags;
2209 int retval = 0;
2210
2211 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2212 goto out;
2213
2214 retval = fasync_helper(fd, filp, on, &tty->fasync);
2215 if (retval <= 0)
2216 goto out;
2217
2218 ldisc = tty_ldisc_ref(tty);
2219 if (ldisc) {
2220 if (ldisc->ops->fasync)
2221 ldisc->ops->fasync(tty, on);
2222 tty_ldisc_deref(ldisc);
2223 }
2224
2225 if (on) {
2226 enum pid_type type;
2227 struct pid *pid;
2228
2229 spin_lock_irqsave(&tty->ctrl_lock, flags);
2230 if (tty->pgrp) {
2231 pid = tty->pgrp;
2232 type = PIDTYPE_PGID;
2233 } else {
2234 pid = task_pid(current);
2235 type = PIDTYPE_PID;
2236 }
2237 get_pid(pid);
2238 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2239 __f_setown(filp, pid, type, 0);
2240 put_pid(pid);
2241 retval = 0;
2242 }
2243out:
2244 return retval;
2245}
2246
2247static int tty_fasync(int fd, struct file *filp, int on)
2248{
2249 struct tty_struct *tty = file_tty(filp);
2250 int retval;
2251
2252 tty_lock(tty);
2253 retval = __tty_fasync(fd, filp, on);
2254 tty_unlock(tty);
2255
2256 return retval;
2257}
2258
2259/**
2260 * tiocsti - fake input character
2261 * @tty: tty to fake input into
2262 * @p: pointer to character
2263 *
2264 * Fake input to a tty device. Does the necessary locking and
2265 * input management.
2266 *
2267 * FIXME: does not honour flow control ??
2268 *
2269 * Locking:
2270 * Called functions take tty_ldiscs_lock
2271 * current->signal->tty check is safe without locks
2272 *
2273 * FIXME: may race normal receive processing
2274 */
2275
2276static int tiocsti(struct tty_struct *tty, char __user *p)
2277{
2278 char ch, mbz = 0;
2279 struct tty_ldisc *ld;
2280
2281 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2282 return -EPERM;
2283 if (get_user(ch, p))
2284 return -EFAULT;
2285 tty_audit_tiocsti(tty, ch);
2286 ld = tty_ldisc_ref_wait(tty);
2287 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2288 tty_ldisc_deref(ld);
2289 return 0;
2290}
2291
2292/**
2293 * tiocgwinsz - implement window query ioctl
2294 * @tty; tty
2295 * @arg: user buffer for result
2296 *
2297 * Copies the kernel idea of the window size into the user buffer.
2298 *
2299 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2300 * is consistent.
2301 */
2302
2303static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2304{
2305 int err;
2306
2307 mutex_lock(&tty->winsize_mutex);
2308 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2309 mutex_unlock(&tty->winsize_mutex);
2310
2311 return err ? -EFAULT: 0;
2312}
2313
2314/**
2315 * tty_do_resize - resize event
2316 * @tty: tty being resized
2317 * @rows: rows (character)
2318 * @cols: cols (character)
2319 *
2320 * Update the termios variables and send the necessary signals to
2321 * peform a terminal resize correctly
2322 */
2323
2324int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2325{
2326 struct pid *pgrp;
2327
2328 /* Lock the tty */
2329 mutex_lock(&tty->winsize_mutex);
2330 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2331 goto done;
2332
2333 /* Signal the foreground process group */
2334 pgrp = tty_get_pgrp(tty);
2335 if (pgrp)
2336 kill_pgrp(pgrp, SIGWINCH, 1);
2337 put_pid(pgrp);
2338
2339 tty->winsize = *ws;
2340done:
2341 mutex_unlock(&tty->winsize_mutex);
2342 return 0;
2343}
2344EXPORT_SYMBOL(tty_do_resize);
2345
2346/**
2347 * tiocswinsz - implement window size set ioctl
2348 * @tty; tty side of tty
2349 * @arg: user buffer for result
2350 *
2351 * Copies the user idea of the window size to the kernel. Traditionally
2352 * this is just advisory information but for the Linux console it
2353 * actually has driver level meaning and triggers a VC resize.
2354 *
2355 * Locking:
2356 * Driver dependent. The default do_resize method takes the
2357 * tty termios mutex and ctrl_lock. The console takes its own lock
2358 * then calls into the default method.
2359 */
2360
2361static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2362{
2363 struct winsize tmp_ws;
2364 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2365 return -EFAULT;
2366
2367 if (tty->ops->resize)
2368 return tty->ops->resize(tty, &tmp_ws);
2369 else
2370 return tty_do_resize(tty, &tmp_ws);
2371}
2372
2373/**
2374 * tioccons - allow admin to move logical console
2375 * @file: the file to become console
2376 *
2377 * Allow the administrator to move the redirected console device
2378 *
2379 * Locking: uses redirect_lock to guard the redirect information
2380 */
2381
2382static int tioccons(struct file *file)
2383{
2384 if (!capable(CAP_SYS_ADMIN))
2385 return -EPERM;
2386 if (file->f_op->write == redirected_tty_write) {
2387 struct file *f;
2388 spin_lock(&redirect_lock);
2389 f = redirect;
2390 redirect = NULL;
2391 spin_unlock(&redirect_lock);
2392 if (f)
2393 fput(f);
2394 return 0;
2395 }
2396 spin_lock(&redirect_lock);
2397 if (redirect) {
2398 spin_unlock(&redirect_lock);
2399 return -EBUSY;
2400 }
2401 redirect = get_file(file);
2402 spin_unlock(&redirect_lock);
2403 return 0;
2404}
2405
2406/**
2407 * fionbio - non blocking ioctl
2408 * @file: file to set blocking value
2409 * @p: user parameter
2410 *
2411 * Historical tty interfaces had a blocking control ioctl before
2412 * the generic functionality existed. This piece of history is preserved
2413 * in the expected tty API of posix OS's.
2414 *
2415 * Locking: none, the open file handle ensures it won't go away.
2416 */
2417
2418static int fionbio(struct file *file, int __user *p)
2419{
2420 int nonblock;
2421
2422 if (get_user(nonblock, p))
2423 return -EFAULT;
2424
2425 spin_lock(&file->f_lock);
2426 if (nonblock)
2427 file->f_flags |= O_NONBLOCK;
2428 else
2429 file->f_flags &= ~O_NONBLOCK;
2430 spin_unlock(&file->f_lock);
2431 return 0;
2432}
2433
2434/**
2435 * tiocsctty - set controlling tty
2436 * @tty: tty structure
2437 * @arg: user argument
2438 *
2439 * This ioctl is used to manage job control. It permits a session
2440 * leader to set this tty as the controlling tty for the session.
2441 *
2442 * Locking:
2443 * Takes tty_mutex() to protect tty instance
2444 * Takes tasklist_lock internally to walk sessions
2445 * Takes ->siglock() when updating signal->tty
2446 */
2447
2448static int tiocsctty(struct tty_struct *tty, int arg)
2449{
2450 int ret = 0;
2451 if (current->signal->leader && (task_session(current) == tty->session))
2452 return ret;
2453
2454 mutex_lock(&tty_mutex);
2455 /*
2456 * The process must be a session leader and
2457 * not have a controlling tty already.
2458 */
2459 if (!current->signal->leader || current->signal->tty) {
2460 ret = -EPERM;
2461 goto unlock;
2462 }
2463
2464 if (tty->session) {
2465 /*
2466 * This tty is already the controlling
2467 * tty for another session group!
2468 */
2469 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2470 /*
2471 * Steal it away
2472 */
2473 read_lock(&tasklist_lock);
2474 session_clear_tty(tty->session);
2475 read_unlock(&tasklist_lock);
2476 } else {
2477 ret = -EPERM;
2478 goto unlock;
2479 }
2480 }
2481 proc_set_tty(tty);
2482unlock:
2483 mutex_unlock(&tty_mutex);
2484 return ret;
2485}
2486
2487/**
2488 * tty_get_pgrp - return a ref counted pgrp pid
2489 * @tty: tty to read
2490 *
2491 * Returns a refcounted instance of the pid struct for the process
2492 * group controlling the tty.
2493 */
2494
2495struct pid *tty_get_pgrp(struct tty_struct *tty)
2496{
2497 unsigned long flags;
2498 struct pid *pgrp;
2499
2500 spin_lock_irqsave(&tty->ctrl_lock, flags);
2501 pgrp = get_pid(tty->pgrp);
2502 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2503
2504 return pgrp;
2505}
2506EXPORT_SYMBOL_GPL(tty_get_pgrp);
2507
2508/**
2509 * tiocgpgrp - get process group
2510 * @tty: tty passed by user
2511 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2512 * @p: returned pid
2513 *
2514 * Obtain the process group of the tty. If there is no process group
2515 * return an error.
2516 *
2517 * Locking: none. Reference to current->signal->tty is safe.
2518 */
2519
2520static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2521{
2522 struct pid *pid;
2523 int ret;
2524 /*
2525 * (tty == real_tty) is a cheap way of
2526 * testing if the tty is NOT a master pty.
2527 */
2528 if (tty == real_tty && current->signal->tty != real_tty)
2529 return -ENOTTY;
2530 pid = tty_get_pgrp(real_tty);
2531 ret = put_user(pid_vnr(pid), p);
2532 put_pid(pid);
2533 return ret;
2534}
2535
2536/**
2537 * tiocspgrp - attempt to set process group
2538 * @tty: tty passed by user
2539 * @real_tty: tty side device matching tty passed by user
2540 * @p: pid pointer
2541 *
2542 * Set the process group of the tty to the session passed. Only
2543 * permitted where the tty session is our session.
2544 *
2545 * Locking: RCU, ctrl lock
2546 */
2547
2548static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2549{
2550 struct pid *pgrp;
2551 pid_t pgrp_nr;
2552 int retval = tty_check_change(real_tty);
2553 unsigned long flags;
2554
2555 if (retval == -EIO)
2556 return -ENOTTY;
2557 if (retval)
2558 return retval;
2559 if (!current->signal->tty ||
2560 (current->signal->tty != real_tty) ||
2561 (real_tty->session != task_session(current)))
2562 return -ENOTTY;
2563 if (get_user(pgrp_nr, p))
2564 return -EFAULT;
2565 if (pgrp_nr < 0)
2566 return -EINVAL;
2567 rcu_read_lock();
2568 pgrp = find_vpid(pgrp_nr);
2569 retval = -ESRCH;
2570 if (!pgrp)
2571 goto out_unlock;
2572 retval = -EPERM;
2573 if (session_of_pgrp(pgrp) != task_session(current))
2574 goto out_unlock;
2575 retval = 0;
2576 spin_lock_irqsave(&tty->ctrl_lock, flags);
2577 put_pid(real_tty->pgrp);
2578 real_tty->pgrp = get_pid(pgrp);
2579 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2580out_unlock:
2581 rcu_read_unlock();
2582 return retval;
2583}
2584
2585/**
2586 * tiocgsid - get session id
2587 * @tty: tty passed by user
2588 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2589 * @p: pointer to returned session id
2590 *
2591 * Obtain the session id of the tty. If there is no session
2592 * return an error.
2593 *
2594 * Locking: none. Reference to current->signal->tty is safe.
2595 */
2596
2597static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2598{
2599 /*
2600 * (tty == real_tty) is a cheap way of
2601 * testing if the tty is NOT a master pty.
2602 */
2603 if (tty == real_tty && current->signal->tty != real_tty)
2604 return -ENOTTY;
2605 if (!real_tty->session)
2606 return -ENOTTY;
2607 return put_user(pid_vnr(real_tty->session), p);
2608}
2609
2610/**
2611 * tiocsetd - set line discipline
2612 * @tty: tty device
2613 * @p: pointer to user data
2614 *
2615 * Set the line discipline according to user request.
2616 *
2617 * Locking: see tty_set_ldisc, this function is just a helper
2618 */
2619
2620static int tiocsetd(struct tty_struct *tty, int __user *p)
2621{
2622 int ldisc;
2623 int ret;
2624
2625 if (get_user(ldisc, p))
2626 return -EFAULT;
2627
2628 ret = tty_set_ldisc(tty, ldisc);
2629
2630 return ret;
2631}
2632
2633/**
2634 * send_break - performed time break
2635 * @tty: device to break on
2636 * @duration: timeout in mS
2637 *
2638 * Perform a timed break on hardware that lacks its own driver level
2639 * timed break functionality.
2640 *
2641 * Locking:
2642 * atomic_write_lock serializes
2643 *
2644 */
2645
2646static int send_break(struct tty_struct *tty, unsigned int duration)
2647{
2648 int retval;
2649
2650 if (tty->ops->break_ctl == NULL)
2651 return 0;
2652
2653 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2654 retval = tty->ops->break_ctl(tty, duration);
2655 else {
2656 /* Do the work ourselves */
2657 if (tty_write_lock(tty, 0) < 0)
2658 return -EINTR;
2659 retval = tty->ops->break_ctl(tty, -1);
2660 if (retval)
2661 goto out;
2662 if (!signal_pending(current))
2663 msleep_interruptible(duration);
2664 retval = tty->ops->break_ctl(tty, 0);
2665out:
2666 tty_write_unlock(tty);
2667 if (signal_pending(current))
2668 retval = -EINTR;
2669 }
2670 return retval;
2671}
2672
2673/**
2674 * tty_tiocmget - get modem status
2675 * @tty: tty device
2676 * @file: user file pointer
2677 * @p: pointer to result
2678 *
2679 * Obtain the modem status bits from the tty driver if the feature
2680 * is supported. Return -EINVAL if it is not available.
2681 *
2682 * Locking: none (up to the driver)
2683 */
2684
2685static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2686{
2687 int retval = -EINVAL;
2688
2689 if (tty->ops->tiocmget) {
2690 retval = tty->ops->tiocmget(tty);
2691
2692 if (retval >= 0)
2693 retval = put_user(retval, p);
2694 }
2695 return retval;
2696}
2697
2698/**
2699 * tty_tiocmset - set modem status
2700 * @tty: tty device
2701 * @cmd: command - clear bits, set bits or set all
2702 * @p: pointer to desired bits
2703 *
2704 * Set the modem status bits from the tty driver if the feature
2705 * is supported. Return -EINVAL if it is not available.
2706 *
2707 * Locking: none (up to the driver)
2708 */
2709
2710static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2711 unsigned __user *p)
2712{
2713 int retval;
2714 unsigned int set, clear, val;
2715
2716 if (tty->ops->tiocmset == NULL)
2717 return -EINVAL;
2718
2719 retval = get_user(val, p);
2720 if (retval)
2721 return retval;
2722 set = clear = 0;
2723 switch (cmd) {
2724 case TIOCMBIS:
2725 set = val;
2726 break;
2727 case TIOCMBIC:
2728 clear = val;
2729 break;
2730 case TIOCMSET:
2731 set = val;
2732 clear = ~val;
2733 break;
2734 }
2735 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2736 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2737 return tty->ops->tiocmset(tty, set, clear);
2738}
2739
2740static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2741{
2742 int retval = -EINVAL;
2743 struct serial_icounter_struct icount;
2744 memset(&icount, 0, sizeof(icount));
2745 if (tty->ops->get_icount)
2746 retval = tty->ops->get_icount(tty, &icount);
2747 if (retval != 0)
2748 return retval;
2749 if (copy_to_user(arg, &icount, sizeof(icount)))
2750 return -EFAULT;
2751 return 0;
2752}
2753
2754/*
2755 * if pty, return the slave side (real_tty)
2756 * otherwise, return self
2757 */
2758static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2759{
2760 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2761 tty->driver->subtype == PTY_TYPE_MASTER)
2762 tty = tty->link;
2763 return tty;
2764}
2765
2766/*
2767 * Split this up, as gcc can choke on it otherwise..
2768 */
2769long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2770{
2771 struct tty_struct *tty = file_tty(file);
2772 struct tty_struct *real_tty;
2773 void __user *p = (void __user *)arg;
2774 int retval;
2775 struct tty_ldisc *ld;
2776
2777 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2778 return -EINVAL;
2779
2780 real_tty = tty_pair_get_tty(tty);
2781
2782 /*
2783 * Factor out some common prep work
2784 */
2785 switch (cmd) {
2786 case TIOCSETD:
2787 case TIOCSBRK:
2788 case TIOCCBRK:
2789 case TCSBRK:
2790 case TCSBRKP:
2791 retval = tty_check_change(tty);
2792 if (retval)
2793 return retval;
2794 if (cmd != TIOCCBRK) {
2795 tty_wait_until_sent(tty, 0);
2796 if (signal_pending(current))
2797 return -EINTR;
2798 }
2799 break;
2800 }
2801
2802 /*
2803 * Now do the stuff.
2804 */
2805 switch (cmd) {
2806 case TIOCSTI:
2807 return tiocsti(tty, p);
2808 case TIOCGWINSZ:
2809 return tiocgwinsz(real_tty, p);
2810 case TIOCSWINSZ:
2811 return tiocswinsz(real_tty, p);
2812 case TIOCCONS:
2813 return real_tty != tty ? -EINVAL : tioccons(file);
2814 case FIONBIO:
2815 return fionbio(file, p);
2816 case TIOCEXCL:
2817 set_bit(TTY_EXCLUSIVE, &tty->flags);
2818 return 0;
2819 case TIOCNXCL:
2820 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2821 return 0;
2822 case TIOCGEXCL:
2823 {
2824 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2825 return put_user(excl, (int __user *)p);
2826 }
2827 case TIOCNOTTY:
2828 if (current->signal->tty != tty)
2829 return -ENOTTY;
2830 no_tty();
2831 return 0;
2832 case TIOCSCTTY:
2833 return tiocsctty(tty, arg);
2834 case TIOCGPGRP:
2835 return tiocgpgrp(tty, real_tty, p);
2836 case TIOCSPGRP:
2837 return tiocspgrp(tty, real_tty, p);
2838 case TIOCGSID:
2839 return tiocgsid(tty, real_tty, p);
2840 case TIOCGETD:
2841 return put_user(tty->ldisc->ops->num, (int __user *)p);
2842 case TIOCSETD:
2843 return tiocsetd(tty, p);
2844 case TIOCVHANGUP:
2845 if (!capable(CAP_SYS_ADMIN))
2846 return -EPERM;
2847 tty_vhangup(tty);
2848 return 0;
2849 case TIOCGDEV:
2850 {
2851 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2852 return put_user(ret, (unsigned int __user *)p);
2853 }
2854 /*
2855 * Break handling
2856 */
2857 case TIOCSBRK: /* Turn break on, unconditionally */
2858 if (tty->ops->break_ctl)
2859 return tty->ops->break_ctl(tty, -1);
2860 return 0;
2861 case TIOCCBRK: /* Turn break off, unconditionally */
2862 if (tty->ops->break_ctl)
2863 return tty->ops->break_ctl(tty, 0);
2864 return 0;
2865 case TCSBRK: /* SVID version: non-zero arg --> no break */
2866 /* non-zero arg means wait for all output data
2867 * to be sent (performed above) but don't send break.
2868 * This is used by the tcdrain() termios function.
2869 */
2870 if (!arg)
2871 return send_break(tty, 250);
2872 return 0;
2873 case TCSBRKP: /* support for POSIX tcsendbreak() */
2874 return send_break(tty, arg ? arg*100 : 250);
2875
2876 case TIOCMGET:
2877 return tty_tiocmget(tty, p);
2878 case TIOCMSET:
2879 case TIOCMBIC:
2880 case TIOCMBIS:
2881 return tty_tiocmset(tty, cmd, p);
2882 case TIOCGICOUNT:
2883 retval = tty_tiocgicount(tty, p);
2884 /* For the moment allow fall through to the old method */
2885 if (retval != -EINVAL)
2886 return retval;
2887 break;
2888 case TCFLSH:
2889 switch (arg) {
2890 case TCIFLUSH:
2891 case TCIOFLUSH:
2892 /* flush tty buffer and allow ldisc to process ioctl */
2893 tty_buffer_flush(tty);
2894 break;
2895 }
2896 break;
2897 }
2898 if (tty->ops->ioctl) {
2899 retval = (tty->ops->ioctl)(tty, cmd, arg);
2900 if (retval != -ENOIOCTLCMD)
2901 return retval;
2902 }
2903 ld = tty_ldisc_ref_wait(tty);
2904 retval = -EINVAL;
2905 if (ld->ops->ioctl) {
2906 retval = ld->ops->ioctl(tty, file, cmd, arg);
2907 if (retval == -ENOIOCTLCMD)
2908 retval = -ENOTTY;
2909 }
2910 tty_ldisc_deref(ld);
2911 return retval;
2912}
2913
2914#ifdef CONFIG_COMPAT
2915static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2916 unsigned long arg)
2917{
2918 struct tty_struct *tty = file_tty(file);
2919 struct tty_ldisc *ld;
2920 int retval = -ENOIOCTLCMD;
2921
2922 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2923 return -EINVAL;
2924
2925 if (tty->ops->compat_ioctl) {
2926 retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2927 if (retval != -ENOIOCTLCMD)
2928 return retval;
2929 }
2930
2931 ld = tty_ldisc_ref_wait(tty);
2932 if (ld->ops->compat_ioctl)
2933 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2934 else
2935 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2936 tty_ldisc_deref(ld);
2937
2938 return retval;
2939}
2940#endif
2941
2942static int this_tty(const void *t, struct file *file, unsigned fd)
2943{
2944 if (likely(file->f_op->read != tty_read))
2945 return 0;
2946 return file_tty(file) != t ? 0 : fd + 1;
2947}
2948
2949/*
2950 * This implements the "Secure Attention Key" --- the idea is to
2951 * prevent trojan horses by killing all processes associated with this
2952 * tty when the user hits the "Secure Attention Key". Required for
2953 * super-paranoid applications --- see the Orange Book for more details.
2954 *
2955 * This code could be nicer; ideally it should send a HUP, wait a few
2956 * seconds, then send a INT, and then a KILL signal. But you then
2957 * have to coordinate with the init process, since all processes associated
2958 * with the current tty must be dead before the new getty is allowed
2959 * to spawn.
2960 *
2961 * Now, if it would be correct ;-/ The current code has a nasty hole -
2962 * it doesn't catch files in flight. We may send the descriptor to ourselves
2963 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2964 *
2965 * Nasty bug: do_SAK is being called in interrupt context. This can
2966 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2967 */
2968void __do_SAK(struct tty_struct *tty)
2969{
2970#ifdef TTY_SOFT_SAK
2971 tty_hangup(tty);
2972#else
2973 struct task_struct *g, *p;
2974 struct pid *session;
2975 int i;
2976
2977 if (!tty)
2978 return;
2979 session = tty->session;
2980
2981 tty_ldisc_flush(tty);
2982
2983 tty_driver_flush_buffer(tty);
2984
2985 read_lock(&tasklist_lock);
2986 /* Kill the entire session */
2987 do_each_pid_task(session, PIDTYPE_SID, p) {
2988 printk(KERN_NOTICE "SAK: killed process %d"
2989 " (%s): task_session(p)==tty->session\n",
2990 task_pid_nr(p), p->comm);
2991 send_sig(SIGKILL, p, 1);
2992 } while_each_pid_task(session, PIDTYPE_SID, p);
2993 /* Now kill any processes that happen to have the
2994 * tty open.
2995 */
2996 do_each_thread(g, p) {
2997 if (p->signal->tty == tty) {
2998 printk(KERN_NOTICE "SAK: killed process %d"
2999 " (%s): task_session(p)==tty->session\n",
3000 task_pid_nr(p), p->comm);
3001 send_sig(SIGKILL, p, 1);
3002 continue;
3003 }
3004 task_lock(p);
3005 i = iterate_fd(p->files, 0, this_tty, tty);
3006 if (i != 0) {
3007 printk(KERN_NOTICE "SAK: killed process %d"
3008 " (%s): fd#%d opened to the tty\n",
3009 task_pid_nr(p), p->comm, i - 1);
3010 force_sig(SIGKILL, p);
3011 }
3012 task_unlock(p);
3013 } while_each_thread(g, p);
3014 read_unlock(&tasklist_lock);
3015#endif
3016}
3017
3018static void do_SAK_work(struct work_struct *work)
3019{
3020 struct tty_struct *tty =
3021 container_of(work, struct tty_struct, SAK_work);
3022 __do_SAK(tty);
3023}
3024
3025/*
3026 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3027 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3028 * the values which we write to it will be identical to the values which it
3029 * already has. --akpm
3030 */
3031void do_SAK(struct tty_struct *tty)
3032{
3033 if (!tty)
3034 return;
3035 schedule_work(&tty->SAK_work);
3036}
3037
3038EXPORT_SYMBOL(do_SAK);
3039
3040static int dev_match_devt(struct device *dev, const void *data)
3041{
3042 const dev_t *devt = data;
3043 return dev->devt == *devt;
3044}
3045
3046/* Must put_device() after it's unused! */
3047static struct device *tty_get_device(struct tty_struct *tty)
3048{
3049 dev_t devt = tty_devnum(tty);
3050 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
3051}
3052
3053
3054/**
3055 * alloc_tty_struct
3056 *
3057 * This subroutine allocates and initializes a tty structure.
3058 *
3059 * Locking: none - tty in question is not exposed at this point
3060 */
3061
3062struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3063{
3064 struct tty_struct *tty;
3065
3066 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3067 if (!tty)
3068 return NULL;
3069
3070 kref_init(&tty->kref);
3071 tty->magic = TTY_MAGIC;
3072 tty_ldisc_init(tty);
3073 tty->session = NULL;
3074 tty->pgrp = NULL;
3075 mutex_init(&tty->legacy_mutex);
3076 mutex_init(&tty->throttle_mutex);
3077 init_rwsem(&tty->termios_rwsem);
3078 mutex_init(&tty->winsize_mutex);
3079 init_ldsem(&tty->ldisc_sem);
3080 init_waitqueue_head(&tty->write_wait);
3081 init_waitqueue_head(&tty->read_wait);
3082 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3083 mutex_init(&tty->atomic_write_lock);
3084 spin_lock_init(&tty->ctrl_lock);
3085 spin_lock_init(&tty->flow_lock);
3086 INIT_LIST_HEAD(&tty->tty_files);
3087 INIT_WORK(&tty->SAK_work, do_SAK_work);
3088
3089 tty->driver = driver;
3090 tty->ops = driver->ops;
3091 tty->index = idx;
3092 tty_line_name(driver, idx, tty->name);
3093 tty->dev = tty_get_device(tty);
3094
3095 return tty;
3096}
3097
3098/**
3099 * deinitialize_tty_struct
3100 * @tty: tty to deinitialize
3101 *
3102 * This subroutine deinitializes a tty structure that has been newly
3103 * allocated but tty_release cannot be called on that yet.
3104 *
3105 * Locking: none - tty in question must not be exposed at this point
3106 */
3107void deinitialize_tty_struct(struct tty_struct *tty)
3108{
3109 tty_ldisc_deinit(tty);
3110}
3111
3112/**
3113 * tty_put_char - write one character to a tty
3114 * @tty: tty
3115 * @ch: character
3116 *
3117 * Write one byte to the tty using the provided put_char method
3118 * if present. Returns the number of characters successfully output.
3119 *
3120 * Note: the specific put_char operation in the driver layer may go
3121 * away soon. Don't call it directly, use this method
3122 */
3123
3124int tty_put_char(struct tty_struct *tty, unsigned char ch)
3125{
3126 if (tty->ops->put_char)
3127 return tty->ops->put_char(tty, ch);
3128 return tty->ops->write(tty, &ch, 1);
3129}
3130EXPORT_SYMBOL_GPL(tty_put_char);
3131
3132struct class *tty_class;
3133
3134static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3135 unsigned int index, unsigned int count)
3136{
3137 /* init here, since reused cdevs cause crashes */
3138 cdev_init(&driver->cdevs[index], &tty_fops);
3139 driver->cdevs[index].owner = driver->owner;
3140 return cdev_add(&driver->cdevs[index], dev, count);
3141}
3142
3143/**
3144 * tty_register_device - register a tty device
3145 * @driver: the tty driver that describes the tty device
3146 * @index: the index in the tty driver for this tty device
3147 * @device: a struct device that is associated with this tty device.
3148 * This field is optional, if there is no known struct device
3149 * for this tty device it can be set to NULL safely.
3150 *
3151 * Returns a pointer to the struct device for this tty device
3152 * (or ERR_PTR(-EFOO) on error).
3153 *
3154 * This call is required to be made to register an individual tty device
3155 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3156 * that bit is not set, this function should not be called by a tty
3157 * driver.
3158 *
3159 * Locking: ??
3160 */
3161
3162struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3163 struct device *device)
3164{
3165 return tty_register_device_attr(driver, index, device, NULL, NULL);
3166}
3167EXPORT_SYMBOL(tty_register_device);
3168
3169static void tty_device_create_release(struct device *dev)
3170{
3171 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3172 kfree(dev);
3173}
3174
3175/**
3176 * tty_register_device_attr - register a tty device
3177 * @driver: the tty driver that describes the tty device
3178 * @index: the index in the tty driver for this tty device
3179 * @device: a struct device that is associated with this tty device.
3180 * This field is optional, if there is no known struct device
3181 * for this tty device it can be set to NULL safely.
3182 * @drvdata: Driver data to be set to device.
3183 * @attr_grp: Attribute group to be set on device.
3184 *
3185 * Returns a pointer to the struct device for this tty device
3186 * (or ERR_PTR(-EFOO) on error).
3187 *
3188 * This call is required to be made to register an individual tty device
3189 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3190 * that bit is not set, this function should not be called by a tty
3191 * driver.
3192 *
3193 * Locking: ??
3194 */
3195struct device *tty_register_device_attr(struct tty_driver *driver,
3196 unsigned index, struct device *device,
3197 void *drvdata,
3198 const struct attribute_group **attr_grp)
3199{
3200 char name[64];
3201 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3202 struct device *dev = NULL;
3203 int retval = -ENODEV;
3204 bool cdev = false;
3205
3206 if (index >= driver->num) {
3207 printk(KERN_ERR "Attempt to register invalid tty line number "
3208 " (%d).\n", index);
3209 return ERR_PTR(-EINVAL);
3210 }
3211
3212 if (driver->type == TTY_DRIVER_TYPE_PTY)
3213 pty_line_name(driver, index, name);
3214 else
3215 tty_line_name(driver, index, name);
3216
3217 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3218 retval = tty_cdev_add(driver, devt, index, 1);
3219 if (retval)
3220 goto error;
3221 cdev = true;
3222 }
3223
3224 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3225 if (!dev) {
3226 retval = -ENOMEM;
3227 goto error;
3228 }
3229
3230 dev->devt = devt;
3231 dev->class = tty_class;
3232 dev->parent = device;
3233 dev->release = tty_device_create_release;
3234 dev_set_name(dev, "%s", name);
3235 dev->groups = attr_grp;
3236 dev_set_drvdata(dev, drvdata);
3237
3238 retval = device_register(dev);
3239 if (retval)
3240 goto error;
3241
3242 return dev;
3243
3244error:
3245 put_device(dev);
3246 if (cdev)
3247 cdev_del(&driver->cdevs[index]);
3248 return ERR_PTR(retval);
3249}
3250EXPORT_SYMBOL_GPL(tty_register_device_attr);
3251
3252/**
3253 * tty_unregister_device - unregister a tty device
3254 * @driver: the tty driver that describes the tty device
3255 * @index: the index in the tty driver for this tty device
3256 *
3257 * If a tty device is registered with a call to tty_register_device() then
3258 * this function must be called when the tty device is gone.
3259 *
3260 * Locking: ??
3261 */
3262
3263void tty_unregister_device(struct tty_driver *driver, unsigned index)
3264{
3265 device_destroy(tty_class,
3266 MKDEV(driver->major, driver->minor_start) + index);
3267 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3268 cdev_del(&driver->cdevs[index]);
3269}
3270EXPORT_SYMBOL(tty_unregister_device);
3271
3272/**
3273 * __tty_alloc_driver -- allocate tty driver
3274 * @lines: count of lines this driver can handle at most
3275 * @owner: module which is repsonsible for this driver
3276 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3277 *
3278 * This should not be called directly, some of the provided macros should be
3279 * used instead. Use IS_ERR and friends on @retval.
3280 */
3281struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3282 unsigned long flags)
3283{
3284 struct tty_driver *driver;
3285 unsigned int cdevs = 1;
3286 int err;
3287
3288 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3289 return ERR_PTR(-EINVAL);
3290
3291 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3292 if (!driver)
3293 return ERR_PTR(-ENOMEM);
3294
3295 kref_init(&driver->kref);
3296 driver->magic = TTY_DRIVER_MAGIC;
3297 driver->num = lines;
3298 driver->owner = owner;
3299 driver->flags = flags;
3300
3301 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3302 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3303 GFP_KERNEL);
3304 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3305 GFP_KERNEL);
3306 if (!driver->ttys || !driver->termios) {
3307 err = -ENOMEM;
3308 goto err_free_all;
3309 }
3310 }
3311
3312 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3313 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3314 GFP_KERNEL);
3315 if (!driver->ports) {
3316 err = -ENOMEM;
3317 goto err_free_all;
3318 }
3319 cdevs = lines;
3320 }
3321
3322 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3323 if (!driver->cdevs) {
3324 err = -ENOMEM;
3325 goto err_free_all;
3326 }
3327
3328 return driver;
3329err_free_all:
3330 kfree(driver->ports);
3331 kfree(driver->ttys);
3332 kfree(driver->termios);
3333 kfree(driver);
3334 return ERR_PTR(err);
3335}
3336EXPORT_SYMBOL(__tty_alloc_driver);
3337
3338static void destruct_tty_driver(struct kref *kref)
3339{
3340 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3341 int i;
3342 struct ktermios *tp;
3343
3344 if (driver->flags & TTY_DRIVER_INSTALLED) {
3345 /*
3346 * Free the termios and termios_locked structures because
3347 * we don't want to get memory leaks when modular tty
3348 * drivers are removed from the kernel.
3349 */
3350 for (i = 0; i < driver->num; i++) {
3351 tp = driver->termios[i];
3352 if (tp) {
3353 driver->termios[i] = NULL;
3354 kfree(tp);
3355 }
3356 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3357 tty_unregister_device(driver, i);
3358 }
3359 proc_tty_unregister_driver(driver);
3360 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3361 cdev_del(&driver->cdevs[0]);
3362 }
3363 kfree(driver->cdevs);
3364 kfree(driver->ports);
3365 kfree(driver->termios);
3366 kfree(driver->ttys);
3367 kfree(driver);
3368}
3369
3370void tty_driver_kref_put(struct tty_driver *driver)
3371{
3372 kref_put(&driver->kref, destruct_tty_driver);
3373}
3374EXPORT_SYMBOL(tty_driver_kref_put);
3375
3376void tty_set_operations(struct tty_driver *driver,
3377 const struct tty_operations *op)
3378{
3379 driver->ops = op;
3380};
3381EXPORT_SYMBOL(tty_set_operations);
3382
3383void put_tty_driver(struct tty_driver *d)
3384{
3385 tty_driver_kref_put(d);
3386}
3387EXPORT_SYMBOL(put_tty_driver);
3388
3389/*
3390 * Called by a tty driver to register itself.
3391 */
3392int tty_register_driver(struct tty_driver *driver)
3393{
3394 int error;
3395 int i;
3396 dev_t dev;
3397 struct device *d;
3398
3399 if (!driver->major) {
3400 error = alloc_chrdev_region(&dev, driver->minor_start,
3401 driver->num, driver->name);
3402 if (!error) {
3403 driver->major = MAJOR(dev);
3404 driver->minor_start = MINOR(dev);
3405 }
3406 } else {
3407 dev = MKDEV(driver->major, driver->minor_start);
3408 error = register_chrdev_region(dev, driver->num, driver->name);
3409 }
3410 if (error < 0)
3411 goto err;
3412
3413 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3414 error = tty_cdev_add(driver, dev, 0, driver->num);
3415 if (error)
3416 goto err_unreg_char;
3417 }
3418
3419 mutex_lock(&tty_mutex);
3420 list_add(&driver->tty_drivers, &tty_drivers);
3421 mutex_unlock(&tty_mutex);
3422
3423 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3424 for (i = 0; i < driver->num; i++) {
3425 d = tty_register_device(driver, i, NULL);
3426 if (IS_ERR(d)) {
3427 error = PTR_ERR(d);
3428 goto err_unreg_devs;
3429 }
3430 }
3431 }
3432 proc_tty_register_driver(driver);
3433 driver->flags |= TTY_DRIVER_INSTALLED;
3434 return 0;
3435
3436err_unreg_devs:
3437 for (i--; i >= 0; i--)
3438 tty_unregister_device(driver, i);
3439
3440 mutex_lock(&tty_mutex);
3441 list_del(&driver->tty_drivers);
3442 mutex_unlock(&tty_mutex);
3443
3444err_unreg_char:
3445 unregister_chrdev_region(dev, driver->num);
3446err:
3447 return error;
3448}
3449EXPORT_SYMBOL(tty_register_driver);
3450
3451/*
3452 * Called by a tty driver to unregister itself.
3453 */
3454int tty_unregister_driver(struct tty_driver *driver)
3455{
3456#if 0
3457 /* FIXME */
3458 if (driver->refcount)
3459 return -EBUSY;
3460#endif
3461 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3462 driver->num);
3463 mutex_lock(&tty_mutex);
3464 list_del(&driver->tty_drivers);
3465 mutex_unlock(&tty_mutex);
3466 return 0;
3467}
3468
3469EXPORT_SYMBOL(tty_unregister_driver);
3470
3471dev_t tty_devnum(struct tty_struct *tty)
3472{
3473 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3474}
3475EXPORT_SYMBOL(tty_devnum);
3476
3477void tty_default_fops(struct file_operations *fops)
3478{
3479 *fops = tty_fops;
3480}
3481
3482/*
3483 * Initialize the console device. This is called *early*, so
3484 * we can't necessarily depend on lots of kernel help here.
3485 * Just do some early initializations, and do the complex setup
3486 * later.
3487 */
3488void __init console_init(void)
3489{
3490 initcall_t *call;
3491
3492 /* Setup the default TTY line discipline. */
3493 tty_ldisc_begin();
3494
3495 /*
3496 * set up the console device so that later boot sequences can
3497 * inform about problems etc..
3498 */
3499 call = __con_initcall_start;
3500 while (call < __con_initcall_end) {
3501 (*call)();
3502 call++;
3503 }
3504}
3505
3506static char *tty_devnode(struct device *dev, umode_t *mode)
3507{
3508 if (!mode)
3509 return NULL;
3510 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3511 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3512 *mode = 0666;
3513 return NULL;
3514}
3515
3516static int __init tty_class_init(void)
3517{
3518 tty_class = class_create(THIS_MODULE, "tty");
3519 if (IS_ERR(tty_class))
3520 return PTR_ERR(tty_class);
3521 tty_class->devnode = tty_devnode;
3522 return 0;
3523}
3524
3525postcore_initcall(tty_class_init);
3526
3527/* 3/2004 jmc: why do these devices exist? */
3528static struct cdev tty_cdev, console_cdev;
3529
3530static ssize_t show_cons_active(struct device *dev,
3531 struct device_attribute *attr, char *buf)
3532{
3533 struct console *cs[16];
3534 int i = 0;
3535 struct console *c;
3536 ssize_t count = 0;
3537
3538 console_lock();
3539 for_each_console(c) {
3540 if (!c->device)
3541 continue;
3542 if (!c->write)
3543 continue;
3544 if ((c->flags & CON_ENABLED) == 0)
3545 continue;
3546 cs[i++] = c;
3547 if (i >= ARRAY_SIZE(cs))
3548 break;
3549 }
3550 while (i--) {
3551 int index = cs[i]->index;
3552 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3553
3554 /* don't resolve tty0 as some programs depend on it */
3555 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3556 count += tty_line_name(drv, index, buf + count);
3557 else
3558 count += sprintf(buf + count, "%s%d",
3559 cs[i]->name, cs[i]->index);
3560
3561 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3562 }
3563 console_unlock();
3564
3565 return count;
3566}
3567static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3568
3569static struct device *consdev;
3570
3571void console_sysfs_notify(void)
3572{
3573 if (consdev)
3574 sysfs_notify(&consdev->kobj, NULL, "active");
3575}
3576
3577/*
3578 * Ok, now we can initialize the rest of the tty devices and can count
3579 * on memory allocations, interrupts etc..
3580 */
3581int __init tty_init(void)
3582{
3583 cdev_init(&tty_cdev, &tty_fops);
3584 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3585 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3586 panic("Couldn't register /dev/tty driver\n");
3587 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3588
3589 cdev_init(&console_cdev, &console_fops);
3590 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3591 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3592 panic("Couldn't register /dev/console driver\n");
3593 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3594 "console");
3595 if (IS_ERR(consdev))
3596 consdev = NULL;
3597 else
3598 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3599
3600#ifdef CONFIG_VT
3601 vty_init(&console_fops);
3602#endif
3603 return 0;
3604}
3605
Linux kernel - Deliverables
This page took 0.037399 seconds and 5 git commands to generate.