projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tty: Re-open /dev/tty without tty_mutex
[deliverable/linux.git] / drivers / tty / tty_io.c
1 /*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5 /*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67 #include <linux/types.h>
68 #include <linux/major.h>
69 #include <linux/errno.h>
70 #include <linux/signal.h>
71 #include <linux/fcntl.h>
72 #include <linux/sched.h>
73 #include <linux/interrupt.h>
74 #include <linux/tty.h>
75 #include <linux/tty_driver.h>
76 #include <linux/tty_flip.h>
77 #include <linux/devpts_fs.h>
78 #include <linux/file.h>
79 #include <linux/fdtable.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/device.h>
92 #include <linux/wait.h>
93 #include <linux/bitops.h>
94 #include <linux/delay.h>
95 #include <linux/seq_file.h>
96 #include <linux/serial.h>
97 #include <linux/ratelimit.h>
98
99 #include <linux/uaccess.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106 #include <linux/nsproxy.h>
107
108 #undef TTY_DEBUG_HANGUP
109
110 #define TTY_PARANOIA_CHECK 1
111 #define CHECK_TTY_COUNT 1
112
113 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
122 };
123
124 EXPORT_SYMBOL(tty_std_termios);
125
126 /* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
129
130 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132 /* Mutex to protect creating and releasing a tty. This is shared with
133 vt.c for deeply disgusting hack reasons */
134 DEFINE_MUTEX(tty_mutex);
135 EXPORT_SYMBOL(tty_mutex);
136
137 /* Spinlock to protect the tty->tty_files list */
138 DEFINE_SPINLOCK(tty_files_lock);
139
140 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142 ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
144 static unsigned int tty_poll(struct file *, poll_table *);
145 static int tty_open(struct inode *, struct file *);
146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147 #ifdef CONFIG_COMPAT
148 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 unsigned long arg);
150 #else
151 #define tty_compat_ioctl NULL
152 #endif
153 static int __tty_fasync(int fd, struct file *filp, int on);
154 static int tty_fasync(int fd, struct file *filp, int on);
155 static void release_tty(struct tty_struct *tty, int idx);
156
157 /**
158 * free_tty_struct - free a disused tty
159 * @tty: tty struct to free
160 *
161 * Free the write buffers, tty queue and tty memory itself.
162 *
163 * Locking: none. Must be called after tty is definitely unused
164 */
165
166 void free_tty_struct(struct tty_struct *tty)
167 {
168 if (!tty)
169 return;
170 if (tty->dev)
171 put_device(tty->dev);
172 kfree(tty->write_buf);
173 tty->magic = 0xDEADDEAD;
174 kfree(tty);
175 }
176
177 static inline struct tty_struct *file_tty(struct file *file)
178 {
179 return ((struct tty_file_private *)file->private_data)->tty;
180 }
181
182 int tty_alloc_file(struct file *file)
183 {
184 struct tty_file_private *priv;
185
186 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 if (!priv)
188 return -ENOMEM;
189
190 file->private_data = priv;
191
192 return 0;
193 }
194
195 /* Associate a new file with the tty structure */
196 void tty_add_file(struct tty_struct *tty, struct file *file)
197 {
198 struct tty_file_private *priv = file->private_data;
199
200 priv->tty = tty;
201 priv->file = file;
202
203 spin_lock(&tty_files_lock);
204 list_add(&priv->list, &tty->tty_files);
205 spin_unlock(&tty_files_lock);
206 }
207
208 /**
209 * tty_free_file - free file->private_data
210 *
211 * This shall be used only for fail path handling when tty_add_file was not
212 * called yet.
213 */
214 void tty_free_file(struct file *file)
215 {
216 struct tty_file_private *priv = file->private_data;
217
218 file->private_data = NULL;
219 kfree(priv);
220 }
221
222 /* Delete file from its tty */
223 static void tty_del_file(struct file *file)
224 {
225 struct tty_file_private *priv = file->private_data;
226
227 spin_lock(&tty_files_lock);
228 list_del(&priv->list);
229 spin_unlock(&tty_files_lock);
230 tty_free_file(file);
231 }
232
233
234 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
235
236 /**
237 * tty_name - return tty naming
238 * @tty: tty structure
239 * @buf: buffer for output
240 *
241 * Convert a tty structure into a name. The name reflects the kernel
242 * naming policy and if udev is in use may not reflect user space
243 *
244 * Locking: none
245 */
246
247 char *tty_name(struct tty_struct *tty, char *buf)
248 {
249 if (!tty) /* Hmm. NULL pointer. That's fun. */
250 strcpy(buf, "NULL tty");
251 else
252 strcpy(buf, tty->name);
253 return buf;
254 }
255
256 EXPORT_SYMBOL(tty_name);
257
258 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
259 const char *routine)
260 {
261 #ifdef TTY_PARANOIA_CHECK
262 if (!tty) {
263 printk(KERN_WARNING
264 "null TTY for (%d:%d) in %s\n",
265 imajor(inode), iminor(inode), routine);
266 return 1;
267 }
268 if (tty->magic != TTY_MAGIC) {
269 printk(KERN_WARNING
270 "bad magic number for tty struct (%d:%d) in %s\n",
271 imajor(inode), iminor(inode), routine);
272 return 1;
273 }
274 #endif
275 return 0;
276 }
277
278 static int check_tty_count(struct tty_struct *tty, const char *routine)
279 {
280 #ifdef CHECK_TTY_COUNT
281 struct list_head *p;
282 int count = 0;
283
284 spin_lock(&tty_files_lock);
285 list_for_each(p, &tty->tty_files) {
286 count++;
287 }
288 spin_unlock(&tty_files_lock);
289 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
290 tty->driver->subtype == PTY_TYPE_SLAVE &&
291 tty->link && tty->link->count)
292 count++;
293 if (tty->count != count) {
294 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
295 "!= #fd's(%d) in %s\n",
296 tty->name, tty->count, count, routine);
297 return count;
298 }
299 #endif
300 return 0;
301 }
302
303 /**
304 * get_tty_driver - find device of a tty
305 * @dev_t: device identifier
306 * @index: returns the index of the tty
307 *
308 * This routine returns a tty driver structure, given a device number
309 * and also passes back the index number.
310 *
311 * Locking: caller must hold tty_mutex
312 */
313
314 static struct tty_driver *get_tty_driver(dev_t device, int *index)
315 {
316 struct tty_driver *p;
317
318 list_for_each_entry(p, &tty_drivers, tty_drivers) {
319 dev_t base = MKDEV(p->major, p->minor_start);
320 if (device < base || device >= base + p->num)
321 continue;
322 *index = device - base;
323 return tty_driver_kref_get(p);
324 }
325 return NULL;
326 }
327
328 #ifdef CONFIG_CONSOLE_POLL
329
330 /**
331 * tty_find_polling_driver - find device of a polled tty
332 * @name: name string to match
333 * @line: pointer to resulting tty line nr
334 *
335 * This routine returns a tty driver structure, given a name
336 * and the condition that the tty driver is capable of polled
337 * operation.
338 */
339 struct tty_driver *tty_find_polling_driver(char *name, int *line)
340 {
341 struct tty_driver *p, *res = NULL;
342 int tty_line = 0;
343 int len;
344 char *str, *stp;
345
346 for (str = name; *str; str++)
347 if ((*str >= '0' && *str <= '9') || *str == ',')
348 break;
349 if (!*str)
350 return NULL;
351
352 len = str - name;
353 tty_line = simple_strtoul(str, &str, 10);
354
355 mutex_lock(&tty_mutex);
356 /* Search through the tty devices to look for a match */
357 list_for_each_entry(p, &tty_drivers, tty_drivers) {
358 if (strncmp(name, p->name, len) != 0)
359 continue;
360 stp = str;
361 if (*stp == ',')
362 stp++;
363 if (*stp == '\0')
364 stp = NULL;
365
366 if (tty_line >= 0 && tty_line < p->num && p->ops &&
367 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
368 res = tty_driver_kref_get(p);
369 *line = tty_line;
370 break;
371 }
372 }
373 mutex_unlock(&tty_mutex);
374
375 return res;
376 }
377 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
378 #endif
379
380 /**
381 * tty_check_change - check for POSIX terminal changes
382 * @tty: tty to check
383 *
384 * If we try to write to, or set the state of, a terminal and we're
385 * not in the foreground, send a SIGTTOU. If the signal is blocked or
386 * ignored, go ahead and perform the operation. (POSIX 7.2)
387 *
388 * Locking: ctrl_lock
389 */
390
391 int tty_check_change(struct tty_struct *tty)
392 {
393 unsigned long flags;
394 int ret = 0;
395
396 if (current->signal->tty != tty)
397 return 0;
398
399 spin_lock_irqsave(&tty->ctrl_lock, flags);
400
401 if (!tty->pgrp) {
402 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
403 goto out_unlock;
404 }
405 if (task_pgrp(current) == tty->pgrp)
406 goto out_unlock;
407 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
408 if (is_ignored(SIGTTOU))
409 goto out;
410 if (is_current_pgrp_orphaned()) {
411 ret = -EIO;
412 goto out;
413 }
414 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
415 set_thread_flag(TIF_SIGPENDING);
416 ret = -ERESTARTSYS;
417 out:
418 return ret;
419 out_unlock:
420 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
421 return ret;
422 }
423
424 EXPORT_SYMBOL(tty_check_change);
425
426 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
427 size_t count, loff_t *ppos)
428 {
429 return 0;
430 }
431
432 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
433 size_t count, loff_t *ppos)
434 {
435 return -EIO;
436 }
437
438 /* No kernel lock held - none needed ;) */
439 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
440 {
441 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
442 }
443
444 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
445 unsigned long arg)
446 {
447 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
448 }
449
450 static long hung_up_tty_compat_ioctl(struct file *file,
451 unsigned int cmd, unsigned long arg)
452 {
453 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
454 }
455
456 static const struct file_operations tty_fops = {
457 .llseek = no_llseek,
458 .read = tty_read,
459 .write = tty_write,
460 .poll = tty_poll,
461 .unlocked_ioctl = tty_ioctl,
462 .compat_ioctl = tty_compat_ioctl,
463 .open = tty_open,
464 .release = tty_release,
465 .fasync = tty_fasync,
466 };
467
468 static const struct file_operations console_fops = {
469 .llseek = no_llseek,
470 .read = tty_read,
471 .write = redirected_tty_write,
472 .poll = tty_poll,
473 .unlocked_ioctl = tty_ioctl,
474 .compat_ioctl = tty_compat_ioctl,
475 .open = tty_open,
476 .release = tty_release,
477 .fasync = tty_fasync,
478 };
479
480 static const struct file_operations hung_up_tty_fops = {
481 .llseek = no_llseek,
482 .read = hung_up_tty_read,
483 .write = hung_up_tty_write,
484 .poll = hung_up_tty_poll,
485 .unlocked_ioctl = hung_up_tty_ioctl,
486 .compat_ioctl = hung_up_tty_compat_ioctl,
487 .release = tty_release,
488 };
489
490 static DEFINE_SPINLOCK(redirect_lock);
491 static struct file *redirect;
492
493
494 void proc_clear_tty(struct task_struct *p)
495 {
496 unsigned long flags;
497 struct tty_struct *tty;
498 spin_lock_irqsave(&p->sighand->siglock, flags);
499 tty = p->signal->tty;
500 p->signal->tty = NULL;
501 spin_unlock_irqrestore(&p->sighand->siglock, flags);
502 tty_kref_put(tty);
503 }
504
505 /**
506 * proc_set_tty - set the controlling terminal
507 *
508 * Only callable by the session leader and only if it does not already have
509 * a controlling terminal.
510 *
511 * Caller must hold: tty_lock()
512 * a readlock on tasklist_lock
513 * sighand lock
514 */
515 static void __proc_set_tty(struct tty_struct *tty)
516 {
517 unsigned long flags;
518
519 spin_lock_irqsave(&tty->ctrl_lock, flags);
520 /*
521 * The session and fg pgrp references will be non-NULL if
522 * tiocsctty() is stealing the controlling tty
523 */
524 put_pid(tty->session);
525 put_pid(tty->pgrp);
526 tty->pgrp = get_pid(task_pgrp(current));
527 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
528 tty->session = get_pid(task_session(current));
529 if (current->signal->tty) {
530 printk(KERN_DEBUG "tty not NULL!!\n");
531 tty_kref_put(current->signal->tty);
532 }
533 put_pid(current->signal->tty_old_pgrp);
534 current->signal->tty = tty_kref_get(tty);
535 current->signal->tty_old_pgrp = NULL;
536 }
537
538 static void proc_set_tty(struct tty_struct *tty)
539 {
540 spin_lock_irq(&current->sighand->siglock);
541 __proc_set_tty(tty);
542 spin_unlock_irq(&current->sighand->siglock);
543 }
544
545 struct tty_struct *get_current_tty(void)
546 {
547 struct tty_struct *tty;
548 unsigned long flags;
549
550 spin_lock_irqsave(&current->sighand->siglock, flags);
551 tty = tty_kref_get(current->signal->tty);
552 spin_unlock_irqrestore(&current->sighand->siglock, flags);
553 return tty;
554 }
555 EXPORT_SYMBOL_GPL(get_current_tty);
556
557 static void session_clear_tty(struct pid *session)
558 {
559 struct task_struct *p;
560 do_each_pid_task(session, PIDTYPE_SID, p) {
561 proc_clear_tty(p);
562 } while_each_pid_task(session, PIDTYPE_SID, p);
563 }
564
565 /**
566 * tty_wakeup - request more data
567 * @tty: terminal
568 *
569 * Internal and external helper for wakeups of tty. This function
570 * informs the line discipline if present that the driver is ready
571 * to receive more output data.
572 */
573
574 void tty_wakeup(struct tty_struct *tty)
575 {
576 struct tty_ldisc *ld;
577
578 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
579 ld = tty_ldisc_ref(tty);
580 if (ld) {
581 if (ld->ops->write_wakeup)
582 ld->ops->write_wakeup(tty);
583 tty_ldisc_deref(ld);
584 }
585 }
586 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
587 }
588
589 EXPORT_SYMBOL_GPL(tty_wakeup);
590
591 /**
592 * tty_signal_session_leader - sends SIGHUP to session leader
593 * @tty controlling tty
594 * @exit_session if non-zero, signal all foreground group processes
595 *
596 * Send SIGHUP and SIGCONT to the session leader and its process group.
597 * Optionally, signal all processes in the foreground process group.
598 *
599 * Returns the number of processes in the session with this tty
600 * as their controlling terminal. This value is used to drop
601 * tty references for those processes.
602 */
603 static int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
604 {
605 struct task_struct *p;
606 int refs = 0;
607 struct pid *tty_pgrp = NULL;
608
609 read_lock(&tasklist_lock);
610 if (tty->session) {
611 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
612 spin_lock_irq(&p->sighand->siglock);
613 if (p->signal->tty == tty) {
614 p->signal->tty = NULL;
615 /* We defer the dereferences outside fo
616 the tasklist lock */
617 refs++;
618 }
619 if (!p->signal->leader) {
620 spin_unlock_irq(&p->sighand->siglock);
621 continue;
622 }
623 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
624 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
625 put_pid(p->signal->tty_old_pgrp); /* A noop */
626 spin_lock(&tty->ctrl_lock);
627 tty_pgrp = get_pid(tty->pgrp);
628 if (tty->pgrp)
629 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
630 spin_unlock(&tty->ctrl_lock);
631 spin_unlock_irq(&p->sighand->siglock);
632 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
633 }
634 read_unlock(&tasklist_lock);
635
636 if (tty_pgrp) {
637 if (exit_session)
638 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
639 put_pid(tty_pgrp);
640 }
641
642 return refs;
643 }
644
645 /**
646 * __tty_hangup - actual handler for hangup events
647 * @work: tty device
648 *
649 * This can be called by a "kworker" kernel thread. That is process
650 * synchronous but doesn't hold any locks, so we need to make sure we
651 * have the appropriate locks for what we're doing.
652 *
653 * The hangup event clears any pending redirections onto the hung up
654 * device. It ensures future writes will error and it does the needed
655 * line discipline hangup and signal delivery. The tty object itself
656 * remains intact.
657 *
658 * Locking:
659 * BTM
660 * redirect lock for undoing redirection
661 * file list lock for manipulating list of ttys
662 * tty_ldiscs_lock from called functions
663 * termios_rwsem resetting termios data
664 * tasklist_lock to walk task list for hangup event
665 * ->siglock to protect ->signal/->sighand
666 */
667 static void __tty_hangup(struct tty_struct *tty, int exit_session)
668 {
669 struct file *cons_filp = NULL;
670 struct file *filp, *f = NULL;
671 struct tty_file_private *priv;
672 int closecount = 0, n;
673 int refs;
674
675 if (!tty)
676 return;
677
678
679 spin_lock(&redirect_lock);
680 if (redirect && file_tty(redirect) == tty) {
681 f = redirect;
682 redirect = NULL;
683 }
684 spin_unlock(&redirect_lock);
685
686 tty_lock(tty);
687
688 if (test_bit(TTY_HUPPED, &tty->flags)) {
689 tty_unlock(tty);
690 return;
691 }
692
693 /* inuse_filps is protected by the single tty lock,
694 this really needs to change if we want to flush the
695 workqueue with the lock held */
696 check_tty_count(tty, "tty_hangup");
697
698 spin_lock(&tty_files_lock);
699 /* This breaks for file handles being sent over AF_UNIX sockets ? */
700 list_for_each_entry(priv, &tty->tty_files, list) {
701 filp = priv->file;
702 if (filp->f_op->write == redirected_tty_write)
703 cons_filp = filp;
704 if (filp->f_op->write != tty_write)
705 continue;
706 closecount++;
707 __tty_fasync(-1, filp, 0); /* can't block */
708 filp->f_op = &hung_up_tty_fops;
709 }
710 spin_unlock(&tty_files_lock);
711
712 refs = tty_signal_session_leader(tty, exit_session);
713 /* Account for the p->signal references we killed */
714 while (refs--)
715 tty_kref_put(tty);
716
717 tty_ldisc_hangup(tty);
718
719 spin_lock_irq(&tty->ctrl_lock);
720 clear_bit(TTY_THROTTLED, &tty->flags);
721 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
722 put_pid(tty->session);
723 put_pid(tty->pgrp);
724 tty->session = NULL;
725 tty->pgrp = NULL;
726 tty->ctrl_status = 0;
727 spin_unlock_irq(&tty->ctrl_lock);
728
729 /*
730 * If one of the devices matches a console pointer, we
731 * cannot just call hangup() because that will cause
732 * tty->count and state->count to go out of sync.
733 * So we just call close() the right number of times.
734 */
735 if (cons_filp) {
736 if (tty->ops->close)
737 for (n = 0; n < closecount; n++)
738 tty->ops->close(tty, cons_filp);
739 } else if (tty->ops->hangup)
740 tty->ops->hangup(tty);
741 /*
742 * We don't want to have driver/ldisc interactions beyond
743 * the ones we did here. The driver layer expects no
744 * calls after ->hangup() from the ldisc side. However we
745 * can't yet guarantee all that.
746 */
747 set_bit(TTY_HUPPED, &tty->flags);
748 tty_unlock(tty);
749
750 if (f)
751 fput(f);
752 }
753
754 static void do_tty_hangup(struct work_struct *work)
755 {
756 struct tty_struct *tty =
757 container_of(work, struct tty_struct, hangup_work);
758
759 __tty_hangup(tty, 0);
760 }
761
762 /**
763 * tty_hangup - trigger a hangup event
764 * @tty: tty to hangup
765 *
766 * A carrier loss (virtual or otherwise) has occurred on this like
767 * schedule a hangup sequence to run after this event.
768 */
769
770 void tty_hangup(struct tty_struct *tty)
771 {
772 #ifdef TTY_DEBUG_HANGUP
773 char buf[64];
774 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
775 #endif
776 schedule_work(&tty->hangup_work);
777 }
778
779 EXPORT_SYMBOL(tty_hangup);
780
781 /**
782 * tty_vhangup - process vhangup
783 * @tty: tty to hangup
784 *
785 * The user has asked via system call for the terminal to be hung up.
786 * We do this synchronously so that when the syscall returns the process
787 * is complete. That guarantee is necessary for security reasons.
788 */
789
790 void tty_vhangup(struct tty_struct *tty)
791 {
792 #ifdef TTY_DEBUG_HANGUP
793 char buf[64];
794
795 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
796 #endif
797 __tty_hangup(tty, 0);
798 }
799
800 EXPORT_SYMBOL(tty_vhangup);
801
802
803 /**
804 * tty_vhangup_self - process vhangup for own ctty
805 *
806 * Perform a vhangup on the current controlling tty
807 */
808
809 void tty_vhangup_self(void)
810 {
811 struct tty_struct *tty;
812
813 tty = get_current_tty();
814 if (tty) {
815 tty_vhangup(tty);
816 tty_kref_put(tty);
817 }
818 }
819
820 /**
821 * tty_vhangup_session - hangup session leader exit
822 * @tty: tty to hangup
823 *
824 * The session leader is exiting and hanging up its controlling terminal.
825 * Every process in the foreground process group is signalled SIGHUP.
826 *
827 * We do this synchronously so that when the syscall returns the process
828 * is complete. That guarantee is necessary for security reasons.
829 */
830
831 static void tty_vhangup_session(struct tty_struct *tty)
832 {
833 #ifdef TTY_DEBUG_HANGUP
834 char buf[64];
835
836 printk(KERN_DEBUG "%s vhangup session...\n", tty_name(tty, buf));
837 #endif
838 __tty_hangup(tty, 1);
839 }
840
841 /**
842 * tty_hung_up_p - was tty hung up
843 * @filp: file pointer of tty
844 *
845 * Return true if the tty has been subject to a vhangup or a carrier
846 * loss
847 */
848
849 int tty_hung_up_p(struct file *filp)
850 {
851 return (filp->f_op == &hung_up_tty_fops);
852 }
853
854 EXPORT_SYMBOL(tty_hung_up_p);
855
856 /**
857 * disassociate_ctty - disconnect controlling tty
858 * @on_exit: true if exiting so need to "hang up" the session
859 *
860 * This function is typically called only by the session leader, when
861 * it wants to disassociate itself from its controlling tty.
862 *
863 * It performs the following functions:
864 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
865 * (2) Clears the tty from being controlling the session
866 * (3) Clears the controlling tty for all processes in the
867 * session group.
868 *
869 * The argument on_exit is set to 1 if called when a process is
870 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
871 *
872 * Locking:
873 * BTM is taken for hysterical raisins, and held when
874 * called from no_tty().
875 * tty_mutex is taken to protect tty
876 * ->siglock is taken to protect ->signal/->sighand
877 * tasklist_lock is taken to walk process list for sessions
878 * ->siglock is taken to protect ->signal/->sighand
879 */
880
881 void disassociate_ctty(int on_exit)
882 {
883 struct tty_struct *tty;
884
885 if (!current->signal->leader)
886 return;
887
888 tty = get_current_tty();
889 if (tty) {
890 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
891 tty_vhangup_session(tty);
892 } else {
893 struct pid *tty_pgrp = tty_get_pgrp(tty);
894 if (tty_pgrp) {
895 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
896 if (!on_exit)
897 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
898 put_pid(tty_pgrp);
899 }
900 }
901 tty_kref_put(tty);
902
903 } else if (on_exit) {
904 struct pid *old_pgrp;
905 spin_lock_irq(&current->sighand->siglock);
906 old_pgrp = current->signal->tty_old_pgrp;
907 current->signal->tty_old_pgrp = NULL;
908 spin_unlock_irq(&current->sighand->siglock);
909 if (old_pgrp) {
910 kill_pgrp(old_pgrp, SIGHUP, on_exit);
911 kill_pgrp(old_pgrp, SIGCONT, on_exit);
912 put_pid(old_pgrp);
913 }
914 return;
915 }
916
917 spin_lock_irq(&current->sighand->siglock);
918 put_pid(current->signal->tty_old_pgrp);
919 current->signal->tty_old_pgrp = NULL;
920
921 tty = tty_kref_get(current->signal->tty);
922 if (tty) {
923 unsigned long flags;
924 spin_lock_irqsave(&tty->ctrl_lock, flags);
925 put_pid(tty->session);
926 put_pid(tty->pgrp);
927 tty->session = NULL;
928 tty->pgrp = NULL;
929 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
930 tty_kref_put(tty);
931 } else {
932 #ifdef TTY_DEBUG_HANGUP
933 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
934 " = NULL", tty);
935 #endif
936 }
937
938 spin_unlock_irq(&current->sighand->siglock);
939 /* Now clear signal->tty under the lock */
940 read_lock(&tasklist_lock);
941 session_clear_tty(task_session(current));
942 read_unlock(&tasklist_lock);
943 }
944
945 /**
946 *
947 * no_tty - Ensure the current process does not have a controlling tty
948 */
949 void no_tty(void)
950 {
951 /* FIXME: Review locking here. The tty_lock never covered any race
952 between a new association and proc_clear_tty but possible we need
953 to protect against this anyway */
954 struct task_struct *tsk = current;
955 disassociate_ctty(0);
956 proc_clear_tty(tsk);
957 }
958
959
960 /**
961 * stop_tty - propagate flow control
962 * @tty: tty to stop
963 *
964 * Perform flow control to the driver. May be called
965 * on an already stopped device and will not re-call the driver
966 * method.
967 *
968 * This functionality is used by both the line disciplines for
969 * halting incoming flow and by the driver. It may therefore be
970 * called from any context, may be under the tty atomic_write_lock
971 * but not always.
972 *
973 * Locking:
974 * flow_lock
975 */
976
977 void __stop_tty(struct tty_struct *tty)
978 {
979 if (tty->stopped)
980 return;
981 tty->stopped = 1;
982 if (tty->ops->stop)
983 (tty->ops->stop)(tty);
984 }
985
986 void stop_tty(struct tty_struct *tty)
987 {
988 unsigned long flags;
989
990 spin_lock_irqsave(&tty->flow_lock, flags);
991 __stop_tty(tty);
992 spin_unlock_irqrestore(&tty->flow_lock, flags);
993 }
994 EXPORT_SYMBOL(stop_tty);
995
996 /**
997 * start_tty - propagate flow control
998 * @tty: tty to start
999 *
1000 * Start a tty that has been stopped if at all possible. If this
1001 * tty was previous stopped and is now being started, the driver
1002 * start method is invoked and the line discipline woken.
1003 *
1004 * Locking:
1005 * flow_lock
1006 */
1007
1008 void __start_tty(struct tty_struct *tty)
1009 {
1010 if (!tty->stopped || tty->flow_stopped)
1011 return;
1012 tty->stopped = 0;
1013 if (tty->ops->start)
1014 (tty->ops->start)(tty);
1015 tty_wakeup(tty);
1016 }
1017
1018 void start_tty(struct tty_struct *tty)
1019 {
1020 unsigned long flags;
1021
1022 spin_lock_irqsave(&tty->flow_lock, flags);
1023 __start_tty(tty);
1024 spin_unlock_irqrestore(&tty->flow_lock, flags);
1025 }
1026 EXPORT_SYMBOL(start_tty);
1027
1028 /* We limit tty time update visibility to every 8 seconds or so. */
1029 static void tty_update_time(struct timespec *time)
1030 {
1031 unsigned long sec = get_seconds() & ~7;
1032 if ((long)(sec - time->tv_sec) > 0)
1033 time->tv_sec = sec;
1034 }
1035
1036 /**
1037 * tty_read - read method for tty device files
1038 * @file: pointer to tty file
1039 * @buf: user buffer
1040 * @count: size of user buffer
1041 * @ppos: unused
1042 *
1043 * Perform the read system call function on this terminal device. Checks
1044 * for hung up devices before calling the line discipline method.
1045 *
1046 * Locking:
1047 * Locks the line discipline internally while needed. Multiple
1048 * read calls may be outstanding in parallel.
1049 */
1050
1051 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1052 loff_t *ppos)
1053 {
1054 int i;
1055 struct inode *inode = file_inode(file);
1056 struct tty_struct *tty = file_tty(file);
1057 struct tty_ldisc *ld;
1058
1059 if (tty_paranoia_check(tty, inode, "tty_read"))
1060 return -EIO;
1061 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1062 return -EIO;
1063
1064 /* We want to wait for the line discipline to sort out in this
1065 situation */
1066 ld = tty_ldisc_ref_wait(tty);
1067 if (ld->ops->read)
1068 i = (ld->ops->read)(tty, file, buf, count);
1069 else
1070 i = -EIO;
1071 tty_ldisc_deref(ld);
1072
1073 if (i > 0)
1074 tty_update_time(&inode->i_atime);
1075
1076 return i;
1077 }
1078
1079 static void tty_write_unlock(struct tty_struct *tty)
1080 {
1081 mutex_unlock(&tty->atomic_write_lock);
1082 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1083 }
1084
1085 static int tty_write_lock(struct tty_struct *tty, int ndelay)
1086 {
1087 if (!mutex_trylock(&tty->atomic_write_lock)) {
1088 if (ndelay)
1089 return -EAGAIN;
1090 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1091 return -ERESTARTSYS;
1092 }
1093 return 0;
1094 }
1095
1096 /*
1097 * Split writes up in sane blocksizes to avoid
1098 * denial-of-service type attacks
1099 */
1100 static inline ssize_t do_tty_write(
1101 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1102 struct tty_struct *tty,
1103 struct file *file,
1104 const char __user *buf,
1105 size_t count)
1106 {
1107 ssize_t ret, written = 0;
1108 unsigned int chunk;
1109
1110 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1111 if (ret < 0)
1112 return ret;
1113
1114 /*
1115 * We chunk up writes into a temporary buffer. This
1116 * simplifies low-level drivers immensely, since they
1117 * don't have locking issues and user mode accesses.
1118 *
1119 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1120 * big chunk-size..
1121 *
1122 * The default chunk-size is 2kB, because the NTTY
1123 * layer has problems with bigger chunks. It will
1124 * claim to be able to handle more characters than
1125 * it actually does.
1126 *
1127 * FIXME: This can probably go away now except that 64K chunks
1128 * are too likely to fail unless switched to vmalloc...
1129 */
1130 chunk = 2048;
1131 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1132 chunk = 65536;
1133 if (count < chunk)
1134 chunk = count;
1135
1136 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1137 if (tty->write_cnt < chunk) {
1138 unsigned char *buf_chunk;
1139
1140 if (chunk < 1024)
1141 chunk = 1024;
1142
1143 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1144 if (!buf_chunk) {
1145 ret = -ENOMEM;
1146 goto out;
1147 }
1148 kfree(tty->write_buf);
1149 tty->write_cnt = chunk;
1150 tty->write_buf = buf_chunk;
1151 }
1152
1153 /* Do the write .. */
1154 for (;;) {
1155 size_t size = count;
1156 if (size > chunk)
1157 size = chunk;
1158 ret = -EFAULT;
1159 if (copy_from_user(tty->write_buf, buf, size))
1160 break;
1161 ret = write(tty, file, tty->write_buf, size);
1162 if (ret <= 0)
1163 break;
1164 written += ret;
1165 buf += ret;
1166 count -= ret;
1167 if (!count)
1168 break;
1169 ret = -ERESTARTSYS;
1170 if (signal_pending(current))
1171 break;
1172 cond_resched();
1173 }
1174 if (written) {
1175 tty_update_time(&file_inode(file)->i_mtime);
1176 ret = written;
1177 }
1178 out:
1179 tty_write_unlock(tty);
1180 return ret;
1181 }
1182
1183 /**
1184 * tty_write_message - write a message to a certain tty, not just the console.
1185 * @tty: the destination tty_struct
1186 * @msg: the message to write
1187 *
1188 * This is used for messages that need to be redirected to a specific tty.
1189 * We don't put it into the syslog queue right now maybe in the future if
1190 * really needed.
1191 *
1192 * We must still hold the BTM and test the CLOSING flag for the moment.
1193 */
1194
1195 void tty_write_message(struct tty_struct *tty, char *msg)
1196 {
1197 if (tty) {
1198 mutex_lock(&tty->atomic_write_lock);
1199 tty_lock(tty);
1200 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1201 tty_unlock(tty);
1202 tty->ops->write(tty, msg, strlen(msg));
1203 } else
1204 tty_unlock(tty);
1205 tty_write_unlock(tty);
1206 }
1207 return;
1208 }
1209
1210
1211 /**
1212 * tty_write - write method for tty device file
1213 * @file: tty file pointer
1214 * @buf: user data to write
1215 * @count: bytes to write
1216 * @ppos: unused
1217 *
1218 * Write data to a tty device via the line discipline.
1219 *
1220 * Locking:
1221 * Locks the line discipline as required
1222 * Writes to the tty driver are serialized by the atomic_write_lock
1223 * and are then processed in chunks to the device. The line discipline
1224 * write method will not be invoked in parallel for each device.
1225 */
1226
1227 static ssize_t tty_write(struct file *file, const char __user *buf,
1228 size_t count, loff_t *ppos)
1229 {
1230 struct tty_struct *tty = file_tty(file);
1231 struct tty_ldisc *ld;
1232 ssize_t ret;
1233
1234 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1235 return -EIO;
1236 if (!tty || !tty->ops->write ||
1237 (test_bit(TTY_IO_ERROR, &tty->flags)))
1238 return -EIO;
1239 /* Short term debug to catch buggy drivers */
1240 if (tty->ops->write_room == NULL)
1241 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1242 tty->driver->name);
1243 ld = tty_ldisc_ref_wait(tty);
1244 if (!ld->ops->write)
1245 ret = -EIO;
1246 else
1247 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1248 tty_ldisc_deref(ld);
1249 return ret;
1250 }
1251
1252 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1253 size_t count, loff_t *ppos)
1254 {
1255 struct file *p = NULL;
1256
1257 spin_lock(&redirect_lock);
1258 if (redirect)
1259 p = get_file(redirect);
1260 spin_unlock(&redirect_lock);
1261
1262 if (p) {
1263 ssize_t res;
1264 res = vfs_write(p, buf, count, &p->f_pos);
1265 fput(p);
1266 return res;
1267 }
1268 return tty_write(file, buf, count, ppos);
1269 }
1270
1271 /**
1272 * tty_send_xchar - send priority character
1273 *
1274 * Send a high priority character to the tty even if stopped
1275 *
1276 * Locking: none for xchar method, write ordering for write method.
1277 */
1278
1279 int tty_send_xchar(struct tty_struct *tty, char ch)
1280 {
1281 int was_stopped = tty->stopped;
1282
1283 if (tty->ops->send_xchar) {
1284 tty->ops->send_xchar(tty, ch);
1285 return 0;
1286 }
1287
1288 if (tty_write_lock(tty, 0) < 0)
1289 return -ERESTARTSYS;
1290
1291 if (was_stopped)
1292 start_tty(tty);
1293 tty->ops->write(tty, &ch, 1);
1294 if (was_stopped)
1295 stop_tty(tty);
1296 tty_write_unlock(tty);
1297 return 0;
1298 }
1299
1300 static char ptychar[] = "pqrstuvwxyzabcde";
1301
1302 /**
1303 * pty_line_name - generate name for a pty
1304 * @driver: the tty driver in use
1305 * @index: the minor number
1306 * @p: output buffer of at least 6 bytes
1307 *
1308 * Generate a name from a driver reference and write it to the output
1309 * buffer.
1310 *
1311 * Locking: None
1312 */
1313 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1314 {
1315 int i = index + driver->name_base;
1316 /* ->name is initialized to "ttyp", but "tty" is expected */
1317 sprintf(p, "%s%c%x",
1318 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1319 ptychar[i >> 4 & 0xf], i & 0xf);
1320 }
1321
1322 /**
1323 * tty_line_name - generate name for a tty
1324 * @driver: the tty driver in use
1325 * @index: the minor number
1326 * @p: output buffer of at least 7 bytes
1327 *
1328 * Generate a name from a driver reference and write it to the output
1329 * buffer.
1330 *
1331 * Locking: None
1332 */
1333 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1334 {
1335 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1336 return sprintf(p, "%s", driver->name);
1337 else
1338 return sprintf(p, "%s%d", driver->name,
1339 index + driver->name_base);
1340 }
1341
1342 /**
1343 * tty_driver_lookup_tty() - find an existing tty, if any
1344 * @driver: the driver for the tty
1345 * @idx: the minor number
1346 *
1347 * Return the tty, if found or ERR_PTR() otherwise.
1348 *
1349 * Locking: tty_mutex must be held. If tty is found, the mutex must
1350 * be held until the 'fast-open' is also done. Will change once we
1351 * have refcounting in the driver and per driver locking
1352 */
1353 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1354 struct inode *inode, int idx)
1355 {
1356 if (driver->ops->lookup)
1357 return driver->ops->lookup(driver, inode, idx);
1358
1359 return driver->ttys[idx];
1360 }
1361
1362 /**
1363 * tty_init_termios - helper for termios setup
1364 * @tty: the tty to set up
1365 *
1366 * Initialise the termios structures for this tty. Thus runs under
1367 * the tty_mutex currently so we can be relaxed about ordering.
1368 */
1369
1370 int tty_init_termios(struct tty_struct *tty)
1371 {
1372 struct ktermios *tp;
1373 int idx = tty->index;
1374
1375 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1376 tty->termios = tty->driver->init_termios;
1377 else {
1378 /* Check for lazy saved data */
1379 tp = tty->driver->termios[idx];
1380 if (tp != NULL)
1381 tty->termios = *tp;
1382 else
1383 tty->termios = tty->driver->init_termios;
1384 }
1385 /* Compatibility until drivers always set this */
1386 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1387 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1388 return 0;
1389 }
1390 EXPORT_SYMBOL_GPL(tty_init_termios);
1391
1392 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1393 {
1394 int ret = tty_init_termios(tty);
1395 if (ret)
1396 return ret;
1397
1398 tty_driver_kref_get(driver);
1399 tty->count++;
1400 driver->ttys[tty->index] = tty;
1401 return 0;
1402 }
1403 EXPORT_SYMBOL_GPL(tty_standard_install);
1404
1405 /**
1406 * tty_driver_install_tty() - install a tty entry in the driver
1407 * @driver: the driver for the tty
1408 * @tty: the tty
1409 *
1410 * Install a tty object into the driver tables. The tty->index field
1411 * will be set by the time this is called. This method is responsible
1412 * for ensuring any need additional structures are allocated and
1413 * configured.
1414 *
1415 * Locking: tty_mutex for now
1416 */
1417 static int tty_driver_install_tty(struct tty_driver *driver,
1418 struct tty_struct *tty)
1419 {
1420 return driver->ops->install ? driver->ops->install(driver, tty) :
1421 tty_standard_install(driver, tty);
1422 }
1423
1424 /**
1425 * tty_driver_remove_tty() - remove a tty from the driver tables
1426 * @driver: the driver for the tty
1427 * @idx: the minor number
1428 *
1429 * Remvoe a tty object from the driver tables. The tty->index field
1430 * will be set by the time this is called.
1431 *
1432 * Locking: tty_mutex for now
1433 */
1434 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1435 {
1436 if (driver->ops->remove)
1437 driver->ops->remove(driver, tty);
1438 else
1439 driver->ttys[tty->index] = NULL;
1440 }
1441
1442 /*
1443 * tty_reopen() - fast re-open of an open tty
1444 * @tty - the tty to open
1445 *
1446 * Return 0 on success, -errno on error.
1447 * Re-opens on master ptys are not allowed and return -EIO.
1448 *
1449 * Locking: Caller must hold tty_lock
1450 */
1451 static int tty_reopen(struct tty_struct *tty)
1452 {
1453 struct tty_driver *driver = tty->driver;
1454
1455 if (!tty->count)
1456 return -EIO;
1457
1458 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1459 driver->subtype == PTY_TYPE_MASTER)
1460 return -EIO;
1461
1462 tty->count++;
1463
1464 WARN_ON(!tty->ldisc);
1465
1466 return 0;
1467 }
1468
1469 /**
1470 * tty_init_dev - initialise a tty device
1471 * @driver: tty driver we are opening a device on
1472 * @idx: device index
1473 * @ret_tty: returned tty structure
1474 *
1475 * Prepare a tty device. This may not be a "new" clean device but
1476 * could also be an active device. The pty drivers require special
1477 * handling because of this.
1478 *
1479 * Locking:
1480 * The function is called under the tty_mutex, which
1481 * protects us from the tty struct or driver itself going away.
1482 *
1483 * On exit the tty device has the line discipline attached and
1484 * a reference count of 1. If a pair was created for pty/tty use
1485 * and the other was a pty master then it too has a reference count of 1.
1486 *
1487 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1488 * failed open. The new code protects the open with a mutex, so it's
1489 * really quite straightforward. The mutex locking can probably be
1490 * relaxed for the (most common) case of reopening a tty.
1491 */
1492
1493 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1494 {
1495 struct tty_struct *tty;
1496 int retval;
1497
1498 /*
1499 * First time open is complex, especially for PTY devices.
1500 * This code guarantees that either everything succeeds and the
1501 * TTY is ready for operation, or else the table slots are vacated
1502 * and the allocated memory released. (Except that the termios
1503 * and locked termios may be retained.)
1504 */
1505
1506 if (!try_module_get(driver->owner))
1507 return ERR_PTR(-ENODEV);
1508
1509 tty = alloc_tty_struct(driver, idx);
1510 if (!tty) {
1511 retval = -ENOMEM;
1512 goto err_module_put;
1513 }
1514
1515 tty_lock(tty);
1516 retval = tty_driver_install_tty(driver, tty);
1517 if (retval < 0)
1518 goto err_deinit_tty;
1519
1520 if (!tty->port)
1521 tty->port = driver->ports[idx];
1522
1523 WARN_RATELIMIT(!tty->port,
1524 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1525 __func__, tty->driver->name);
1526
1527 tty->port->itty = tty;
1528
1529 /*
1530 * Structures all installed ... call the ldisc open routines.
1531 * If we fail here just call release_tty to clean up. No need
1532 * to decrement the use counts, as release_tty doesn't care.
1533 */
1534 retval = tty_ldisc_setup(tty, tty->link);
1535 if (retval)
1536 goto err_release_tty;
1537 /* Return the tty locked so that it cannot vanish under the caller */
1538 return tty;
1539
1540 err_deinit_tty:
1541 tty_unlock(tty);
1542 deinitialize_tty_struct(tty);
1543 free_tty_struct(tty);
1544 err_module_put:
1545 module_put(driver->owner);
1546 return ERR_PTR(retval);
1547
1548 /* call the tty release_tty routine to clean out this slot */
1549 err_release_tty:
1550 tty_unlock(tty);
1551 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1552 "clearing slot %d\n", idx);
1553 release_tty(tty, idx);
1554 return ERR_PTR(retval);
1555 }
1556
1557 void tty_free_termios(struct tty_struct *tty)
1558 {
1559 struct ktermios *tp;
1560 int idx = tty->index;
1561
1562 /* If the port is going to reset then it has no termios to save */
1563 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1564 return;
1565
1566 /* Stash the termios data */
1567 tp = tty->driver->termios[idx];
1568 if (tp == NULL) {
1569 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1570 if (tp == NULL) {
1571 pr_warn("tty: no memory to save termios state.\n");
1572 return;
1573 }
1574 tty->driver->termios[idx] = tp;
1575 }
1576 *tp = tty->termios;
1577 }
1578 EXPORT_SYMBOL(tty_free_termios);
1579
1580 /**
1581 * tty_flush_works - flush all works of a tty
1582 * @tty: tty device to flush works for
1583 *
1584 * Sync flush all works belonging to @tty.
1585 */
1586 static void tty_flush_works(struct tty_struct *tty)
1587 {
1588 flush_work(&tty->SAK_work);
1589 flush_work(&tty->hangup_work);
1590 }
1591
1592 /**
1593 * release_one_tty - release tty structure memory
1594 * @kref: kref of tty we are obliterating
1595 *
1596 * Releases memory associated with a tty structure, and clears out the
1597 * driver table slots. This function is called when a device is no longer
1598 * in use. It also gets called when setup of a device fails.
1599 *
1600 * Locking:
1601 * takes the file list lock internally when working on the list
1602 * of ttys that the driver keeps.
1603 *
1604 * This method gets called from a work queue so that the driver private
1605 * cleanup ops can sleep (needed for USB at least)
1606 */
1607 static void release_one_tty(struct work_struct *work)
1608 {
1609 struct tty_struct *tty =
1610 container_of(work, struct tty_struct, hangup_work);
1611 struct tty_driver *driver = tty->driver;
1612 struct module *owner = driver->owner;
1613
1614 if (tty->ops->cleanup)
1615 tty->ops->cleanup(tty);
1616
1617 tty->magic = 0;
1618 tty_driver_kref_put(driver);
1619 module_put(owner);
1620
1621 spin_lock(&tty_files_lock);
1622 list_del_init(&tty->tty_files);
1623 spin_unlock(&tty_files_lock);
1624
1625 put_pid(tty->pgrp);
1626 put_pid(tty->session);
1627 free_tty_struct(tty);
1628 }
1629
1630 static void queue_release_one_tty(struct kref *kref)
1631 {
1632 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1633
1634 /* The hangup queue is now free so we can reuse it rather than
1635 waste a chunk of memory for each port */
1636 INIT_WORK(&tty->hangup_work, release_one_tty);
1637 schedule_work(&tty->hangup_work);
1638 }
1639
1640 /**
1641 * tty_kref_put - release a tty kref
1642 * @tty: tty device
1643 *
1644 * Release a reference to a tty device and if need be let the kref
1645 * layer destruct the object for us
1646 */
1647
1648 void tty_kref_put(struct tty_struct *tty)
1649 {
1650 if (tty)
1651 kref_put(&tty->kref, queue_release_one_tty);
1652 }
1653 EXPORT_SYMBOL(tty_kref_put);
1654
1655 /**
1656 * release_tty - release tty structure memory
1657 *
1658 * Release both @tty and a possible linked partner (think pty pair),
1659 * and decrement the refcount of the backing module.
1660 *
1661 * Locking:
1662 * tty_mutex
1663 * takes the file list lock internally when working on the list
1664 * of ttys that the driver keeps.
1665 *
1666 */
1667 static void release_tty(struct tty_struct *tty, int idx)
1668 {
1669 /* This should always be true but check for the moment */
1670 WARN_ON(tty->index != idx);
1671 WARN_ON(!mutex_is_locked(&tty_mutex));
1672 if (tty->ops->shutdown)
1673 tty->ops->shutdown(tty);
1674 tty_free_termios(tty);
1675 tty_driver_remove_tty(tty->driver, tty);
1676 tty->port->itty = NULL;
1677 if (tty->link)
1678 tty->link->port->itty = NULL;
1679 cancel_work_sync(&tty->port->buf.work);
1680
1681 if (tty->link)
1682 tty_kref_put(tty->link);
1683 tty_kref_put(tty);
1684 }
1685
1686 /**
1687 * tty_release_checks - check a tty before real release
1688 * @tty: tty to check
1689 * @o_tty: link of @tty (if any)
1690 * @idx: index of the tty
1691 *
1692 * Performs some paranoid checking before true release of the @tty.
1693 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1694 */
1695 static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1696 int idx)
1697 {
1698 #ifdef TTY_PARANOIA_CHECK
1699 if (idx < 0 || idx >= tty->driver->num) {
1700 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1701 __func__, tty->name);
1702 return -1;
1703 }
1704
1705 /* not much to check for devpts */
1706 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1707 return 0;
1708
1709 if (tty != tty->driver->ttys[idx]) {
1710 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1711 __func__, idx, tty->name);
1712 return -1;
1713 }
1714 if (tty->driver->other) {
1715 if (o_tty != tty->driver->other->ttys[idx]) {
1716 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1717 __func__, idx, tty->name);
1718 return -1;
1719 }
1720 if (o_tty->link != tty) {
1721 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1722 return -1;
1723 }
1724 }
1725 #endif
1726 return 0;
1727 }
1728
1729 /**
1730 * tty_release - vfs callback for close
1731 * @inode: inode of tty
1732 * @filp: file pointer for handle to tty
1733 *
1734 * Called the last time each file handle is closed that references
1735 * this tty. There may however be several such references.
1736 *
1737 * Locking:
1738 * Takes bkl. See tty_release_dev
1739 *
1740 * Even releasing the tty structures is a tricky business.. We have
1741 * to be very careful that the structures are all released at the
1742 * same time, as interrupts might otherwise get the wrong pointers.
1743 *
1744 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1745 * lead to double frees or releasing memory still in use.
1746 */
1747
1748 int tty_release(struct inode *inode, struct file *filp)
1749 {
1750 struct tty_struct *tty = file_tty(filp);
1751 struct tty_struct *o_tty;
1752 int pty_master, tty_closing, o_tty_closing, do_sleep;
1753 int idx;
1754 char buf[64];
1755
1756 if (tty_paranoia_check(tty, inode, __func__))
1757 return 0;
1758
1759 tty_lock(tty);
1760 check_tty_count(tty, __func__);
1761
1762 __tty_fasync(-1, filp, 0);
1763
1764 idx = tty->index;
1765 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1766 tty->driver->subtype == PTY_TYPE_MASTER);
1767 /* Review: parallel close */
1768 o_tty = tty->link;
1769
1770 if (tty_release_checks(tty, o_tty, idx)) {
1771 tty_unlock(tty);
1772 return 0;
1773 }
1774
1775 #ifdef TTY_DEBUG_HANGUP
1776 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1777 tty_name(tty, buf), tty->count);
1778 #endif
1779
1780 if (tty->ops->close)
1781 tty->ops->close(tty, filp);
1782
1783 tty_unlock(tty);
1784 /*
1785 * Sanity check: if tty->count is going to zero, there shouldn't be
1786 * any waiters on tty->read_wait or tty->write_wait. We test the
1787 * wait queues and kick everyone out _before_ actually starting to
1788 * close. This ensures that we won't block while releasing the tty
1789 * structure.
1790 *
1791 * The test for the o_tty closing is necessary, since the master and
1792 * slave sides may close in any order. If the slave side closes out
1793 * first, its count will be one, since the master side holds an open.
1794 * Thus this test wouldn't be triggered at the time the slave closes,
1795 * so we do it now.
1796 *
1797 * Note that it's possible for the tty to be opened again while we're
1798 * flushing out waiters. By recalculating the closing flags before
1799 * each iteration we avoid any problems.
1800 */
1801 while (1) {
1802 /* Guard against races with tty->count changes elsewhere and
1803 opens on /dev/tty */
1804
1805 mutex_lock(&tty_mutex);
1806 tty_lock_pair(tty, o_tty);
1807 tty_closing = tty->count <= 1;
1808 o_tty_closing = o_tty &&
1809 (o_tty->count <= (pty_master ? 1 : 0));
1810 do_sleep = 0;
1811
1812 if (tty_closing) {
1813 if (waitqueue_active(&tty->read_wait)) {
1814 wake_up_poll(&tty->read_wait, POLLIN);
1815 do_sleep++;
1816 }
1817 if (waitqueue_active(&tty->write_wait)) {
1818 wake_up_poll(&tty->write_wait, POLLOUT);
1819 do_sleep++;
1820 }
1821 }
1822 if (o_tty_closing) {
1823 if (waitqueue_active(&o_tty->read_wait)) {
1824 wake_up_poll(&o_tty->read_wait, POLLIN);
1825 do_sleep++;
1826 }
1827 if (waitqueue_active(&o_tty->write_wait)) {
1828 wake_up_poll(&o_tty->write_wait, POLLOUT);
1829 do_sleep++;
1830 }
1831 }
1832 if (!do_sleep)
1833 break;
1834
1835 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1836 __func__, tty_name(tty, buf));
1837 tty_unlock_pair(tty, o_tty);
1838 mutex_unlock(&tty_mutex);
1839 schedule();
1840 }
1841
1842 /*
1843 * The closing flags are now consistent with the open counts on
1844 * both sides, and we've completed the last operation that could
1845 * block, so it's safe to proceed with closing.
1846 *
1847 * We must *not* drop the tty_mutex until we ensure that a further
1848 * entry into tty_open can not pick up this tty.
1849 */
1850 if (pty_master) {
1851 if (--o_tty->count < 0) {
1852 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1853 __func__, o_tty->count, tty_name(o_tty, buf));
1854 o_tty->count = 0;
1855 }
1856 }
1857 if (--tty->count < 0) {
1858 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1859 __func__, tty->count, tty_name(tty, buf));
1860 tty->count = 0;
1861 }
1862
1863 /*
1864 * We've decremented tty->count, so we need to remove this file
1865 * descriptor off the tty->tty_files list; this serves two
1866 * purposes:
1867 * - check_tty_count sees the correct number of file descriptors
1868 * associated with this tty.
1869 * - do_tty_hangup no longer sees this file descriptor as
1870 * something that needs to be handled for hangups.
1871 */
1872 tty_del_file(filp);
1873
1874 /*
1875 * Perform some housekeeping before deciding whether to return.
1876 *
1877 * Set the TTY_CLOSING flag if this was the last open. In the
1878 * case of a pty we may have to wait around for the other side
1879 * to close, and TTY_CLOSING makes sure we can't be reopened.
1880 */
1881 if (tty_closing)
1882 set_bit(TTY_CLOSING, &tty->flags);
1883 if (o_tty_closing)
1884 set_bit(TTY_CLOSING, &o_tty->flags);
1885
1886 /*
1887 * If _either_ side is closing, make sure there aren't any
1888 * processes that still think tty or o_tty is their controlling
1889 * tty.
1890 */
1891 if (tty_closing || o_tty_closing) {
1892 read_lock(&tasklist_lock);
1893 session_clear_tty(tty->session);
1894 if (o_tty)
1895 session_clear_tty(o_tty->session);
1896 read_unlock(&tasklist_lock);
1897 }
1898
1899 mutex_unlock(&tty_mutex);
1900 tty_unlock_pair(tty, o_tty);
1901 /* At this point the TTY_CLOSING flag should ensure a dead tty
1902 cannot be re-opened by a racing opener */
1903
1904 /* check whether both sides are closing ... */
1905 if (!tty_closing || (o_tty && !o_tty_closing))
1906 return 0;
1907
1908 #ifdef TTY_DEBUG_HANGUP
1909 printk(KERN_DEBUG "%s: %s: final close\n", __func__, tty_name(tty, buf));
1910 #endif
1911 /*
1912 * Ask the line discipline code to release its structures
1913 */
1914 tty_ldisc_release(tty, o_tty);
1915
1916 /* Wait for pending work before tty destruction commmences */
1917 tty_flush_works(tty);
1918 if (o_tty)
1919 tty_flush_works(o_tty);
1920
1921 #ifdef TTY_DEBUG_HANGUP
1922 printk(KERN_DEBUG "%s: %s: freeing structure...\n", __func__, tty_name(tty, buf));
1923 #endif
1924 /*
1925 * The release_tty function takes care of the details of clearing
1926 * the slots and preserving the termios structure. The tty_unlock_pair
1927 * should be safe as we keep a kref while the tty is locked (so the
1928 * unlock never unlocks a freed tty).
1929 */
1930 mutex_lock(&tty_mutex);
1931 release_tty(tty, idx);
1932 mutex_unlock(&tty_mutex);
1933
1934 return 0;
1935 }
1936
1937 /**
1938 * tty_open_current_tty - get locked tty of current task
1939 * @device: device number
1940 * @filp: file pointer to tty
1941 * @return: locked tty of the current task iff @device is /dev/tty
1942 *
1943 * Performs a re-open of the current task's controlling tty.
1944 *
1945 * We cannot return driver and index like for the other nodes because
1946 * devpts will not work then. It expects inodes to be from devpts FS.
1947 */
1948 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1949 {
1950 struct tty_struct *tty;
1951 int retval;
1952
1953 if (device != MKDEV(TTYAUX_MAJOR, 0))
1954 return NULL;
1955
1956 tty = get_current_tty();
1957 if (!tty)
1958 return ERR_PTR(-ENXIO);
1959
1960 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1961 /* noctty = 1; */
1962 tty_lock(tty);
1963 tty_kref_put(tty); /* safe to drop the kref now */
1964
1965 retval = tty_reopen(tty);
1966 if (retval < 0) {
1967 tty_unlock(tty);
1968 tty = ERR_PTR(retval);
1969 }
1970 return tty;
1971 }
1972
1973 /**
1974 * tty_lookup_driver - lookup a tty driver for a given device file
1975 * @device: device number
1976 * @filp: file pointer to tty
1977 * @noctty: set if the device should not become a controlling tty
1978 * @index: index for the device in the @return driver
1979 * @return: driver for this inode (with increased refcount)
1980 *
1981 * If @return is not erroneous, the caller is responsible to decrement the
1982 * refcount by tty_driver_kref_put.
1983 *
1984 * Locking: tty_mutex protects get_tty_driver
1985 */
1986 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1987 int *noctty, int *index)
1988 {
1989 struct tty_driver *driver;
1990
1991 switch (device) {
1992 #ifdef CONFIG_VT
1993 case MKDEV(TTY_MAJOR, 0): {
1994 extern struct tty_driver *console_driver;
1995 driver = tty_driver_kref_get(console_driver);
1996 *index = fg_console;
1997 *noctty = 1;
1998 break;
1999 }
2000 #endif
2001 case MKDEV(TTYAUX_MAJOR, 1): {
2002 struct tty_driver *console_driver = console_device(index);
2003 if (console_driver) {
2004 driver = tty_driver_kref_get(console_driver);
2005 if (driver) {
2006 /* Don't let /dev/console block */
2007 filp->f_flags |= O_NONBLOCK;
2008 *noctty = 1;
2009 break;
2010 }
2011 }
2012 return ERR_PTR(-ENODEV);
2013 }
2014 default:
2015 driver = get_tty_driver(device, index);
2016 if (!driver)
2017 return ERR_PTR(-ENODEV);
2018 break;
2019 }
2020 return driver;
2021 }
2022
2023 /**
2024 * tty_open - open a tty device
2025 * @inode: inode of device file
2026 * @filp: file pointer to tty
2027 *
2028 * tty_open and tty_release keep up the tty count that contains the
2029 * number of opens done on a tty. We cannot use the inode-count, as
2030 * different inodes might point to the same tty.
2031 *
2032 * Open-counting is needed for pty masters, as well as for keeping
2033 * track of serial lines: DTR is dropped when the last close happens.
2034 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2035 *
2036 * The termios state of a pty is reset on first open so that
2037 * settings don't persist across reuse.
2038 *
2039 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
2040 * tty->count should protect the rest.
2041 * ->siglock protects ->signal/->sighand
2042 *
2043 * Note: the tty_unlock/lock cases without a ref are only safe due to
2044 * tty_mutex
2045 */
2046
2047 static int tty_open(struct inode *inode, struct file *filp)
2048 {
2049 struct tty_struct *tty;
2050 int noctty, retval;
2051 struct tty_driver *driver = NULL;
2052 int index;
2053 dev_t device = inode->i_rdev;
2054 unsigned saved_flags = filp->f_flags;
2055
2056 nonseekable_open(inode, filp);
2057
2058 retry_open:
2059 retval = tty_alloc_file(filp);
2060 if (retval)
2061 return -ENOMEM;
2062
2063 noctty = filp->f_flags & O_NOCTTY;
2064 index = -1;
2065 retval = 0;
2066
2067 tty = tty_open_current_tty(device, filp);
2068 if (!tty) {
2069 mutex_lock(&tty_mutex);
2070 driver = tty_lookup_driver(device, filp, &noctty, &index);
2071 if (IS_ERR(driver)) {
2072 retval = PTR_ERR(driver);
2073 goto err_unlock;
2074 }
2075
2076 /* check whether we're reopening an existing tty */
2077 tty = tty_driver_lookup_tty(driver, inode, index);
2078 if (IS_ERR(tty)) {
2079 retval = PTR_ERR(tty);
2080 goto err_unlock;
2081 }
2082
2083 if (tty) {
2084 tty_lock(tty);
2085 retval = tty_reopen(tty);
2086 if (retval < 0) {
2087 tty_unlock(tty);
2088 tty = ERR_PTR(retval);
2089 }
2090 } else /* Returns with the tty_lock held for now */
2091 tty = tty_init_dev(driver, index);
2092
2093 mutex_unlock(&tty_mutex);
2094 tty_driver_kref_put(driver);
2095 }
2096
2097 if (IS_ERR(tty)) {
2098 retval = PTR_ERR(tty);
2099 goto err_file;
2100 }
2101
2102 tty_add_file(tty, filp);
2103
2104 check_tty_count(tty, __func__);
2105 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2106 tty->driver->subtype == PTY_TYPE_MASTER)
2107 noctty = 1;
2108 #ifdef TTY_DEBUG_HANGUP
2109 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
2110 #endif
2111 if (tty->ops->open)
2112 retval = tty->ops->open(tty, filp);
2113 else
2114 retval = -ENODEV;
2115 filp->f_flags = saved_flags;
2116
2117 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2118 !capable(CAP_SYS_ADMIN))
2119 retval = -EBUSY;
2120
2121 if (retval) {
2122 #ifdef TTY_DEBUG_HANGUP
2123 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
2124 retval, tty->name);
2125 #endif
2126 tty_unlock(tty); /* need to call tty_release without BTM */
2127 tty_release(inode, filp);
2128 if (retval != -ERESTARTSYS)
2129 return retval;
2130
2131 if (signal_pending(current))
2132 return retval;
2133
2134 schedule();
2135 /*
2136 * Need to reset f_op in case a hangup happened.
2137 */
2138 if (filp->f_op == &hung_up_tty_fops)
2139 filp->f_op = &tty_fops;
2140 goto retry_open;
2141 }
2142 clear_bit(TTY_HUPPED, &tty->flags);
2143
2144
2145 read_lock(&tasklist_lock);
2146 spin_lock_irq(&current->sighand->siglock);
2147 if (!noctty &&
2148 current->signal->leader &&
2149 !current->signal->tty &&
2150 tty->session == NULL)
2151 __proc_set_tty(tty);
2152 spin_unlock_irq(&current->sighand->siglock);
2153 read_unlock(&tasklist_lock);
2154 tty_unlock(tty);
2155 return 0;
2156 err_unlock:
2157 mutex_unlock(&tty_mutex);
2158 /* after locks to avoid deadlock */
2159 if (!IS_ERR_OR_NULL(driver))
2160 tty_driver_kref_put(driver);
2161 err_file:
2162 tty_free_file(filp);
2163 return retval;
2164 }
2165
2166
2167
2168 /**
2169 * tty_poll - check tty status
2170 * @filp: file being polled
2171 * @wait: poll wait structures to update
2172 *
2173 * Call the line discipline polling method to obtain the poll
2174 * status of the device.
2175 *
2176 * Locking: locks called line discipline but ldisc poll method
2177 * may be re-entered freely by other callers.
2178 */
2179
2180 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2181 {
2182 struct tty_struct *tty = file_tty(filp);
2183 struct tty_ldisc *ld;
2184 int ret = 0;
2185
2186 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2187 return 0;
2188
2189 ld = tty_ldisc_ref_wait(tty);
2190 if (ld->ops->poll)
2191 ret = (ld->ops->poll)(tty, filp, wait);
2192 tty_ldisc_deref(ld);
2193 return ret;
2194 }
2195
2196 static int __tty_fasync(int fd, struct file *filp, int on)
2197 {
2198 struct tty_struct *tty = file_tty(filp);
2199 struct tty_ldisc *ldisc;
2200 unsigned long flags;
2201 int retval = 0;
2202
2203 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2204 goto out;
2205
2206 retval = fasync_helper(fd, filp, on, &tty->fasync);
2207 if (retval <= 0)
2208 goto out;
2209
2210 ldisc = tty_ldisc_ref(tty);
2211 if (ldisc) {
2212 if (ldisc->ops->fasync)
2213 ldisc->ops->fasync(tty, on);
2214 tty_ldisc_deref(ldisc);
2215 }
2216
2217 if (on) {
2218 enum pid_type type;
2219 struct pid *pid;
2220
2221 spin_lock_irqsave(&tty->ctrl_lock, flags);
2222 if (tty->pgrp) {
2223 pid = tty->pgrp;
2224 type = PIDTYPE_PGID;
2225 } else {
2226 pid = task_pid(current);
2227 type = PIDTYPE_PID;
2228 }
2229 get_pid(pid);
2230 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2231 __f_setown(filp, pid, type, 0);
2232 put_pid(pid);
2233 retval = 0;
2234 }
2235 out:
2236 return retval;
2237 }
2238
2239 static int tty_fasync(int fd, struct file *filp, int on)
2240 {
2241 struct tty_struct *tty = file_tty(filp);
2242 int retval;
2243
2244 tty_lock(tty);
2245 retval = __tty_fasync(fd, filp, on);
2246 tty_unlock(tty);
2247
2248 return retval;
2249 }
2250
2251 /**
2252 * tiocsti - fake input character
2253 * @tty: tty to fake input into
2254 * @p: pointer to character
2255 *
2256 * Fake input to a tty device. Does the necessary locking and
2257 * input management.
2258 *
2259 * FIXME: does not honour flow control ??
2260 *
2261 * Locking:
2262 * Called functions take tty_ldiscs_lock
2263 * current->signal->tty check is safe without locks
2264 *
2265 * FIXME: may race normal receive processing
2266 */
2267
2268 static int tiocsti(struct tty_struct *tty, char __user *p)
2269 {
2270 char ch, mbz = 0;
2271 struct tty_ldisc *ld;
2272
2273 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2274 return -EPERM;
2275 if (get_user(ch, p))
2276 return -EFAULT;
2277 tty_audit_tiocsti(tty, ch);
2278 ld = tty_ldisc_ref_wait(tty);
2279 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2280 tty_ldisc_deref(ld);
2281 return 0;
2282 }
2283
2284 /**
2285 * tiocgwinsz - implement window query ioctl
2286 * @tty; tty
2287 * @arg: user buffer for result
2288 *
2289 * Copies the kernel idea of the window size into the user buffer.
2290 *
2291 * Locking: tty->winsize_mutex is taken to ensure the winsize data
2292 * is consistent.
2293 */
2294
2295 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2296 {
2297 int err;
2298
2299 mutex_lock(&tty->winsize_mutex);
2300 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2301 mutex_unlock(&tty->winsize_mutex);
2302
2303 return err ? -EFAULT: 0;
2304 }
2305
2306 /**
2307 * tty_do_resize - resize event
2308 * @tty: tty being resized
2309 * @rows: rows (character)
2310 * @cols: cols (character)
2311 *
2312 * Update the termios variables and send the necessary signals to
2313 * peform a terminal resize correctly
2314 */
2315
2316 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2317 {
2318 struct pid *pgrp;
2319
2320 /* Lock the tty */
2321 mutex_lock(&tty->winsize_mutex);
2322 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2323 goto done;
2324
2325 /* Signal the foreground process group */
2326 pgrp = tty_get_pgrp(tty);
2327 if (pgrp)
2328 kill_pgrp(pgrp, SIGWINCH, 1);
2329 put_pid(pgrp);
2330
2331 tty->winsize = *ws;
2332 done:
2333 mutex_unlock(&tty->winsize_mutex);
2334 return 0;
2335 }
2336 EXPORT_SYMBOL(tty_do_resize);
2337
2338 /**
2339 * tiocswinsz - implement window size set ioctl
2340 * @tty; tty side of tty
2341 * @arg: user buffer for result
2342 *
2343 * Copies the user idea of the window size to the kernel. Traditionally
2344 * this is just advisory information but for the Linux console it
2345 * actually has driver level meaning and triggers a VC resize.
2346 *
2347 * Locking:
2348 * Driver dependent. The default do_resize method takes the
2349 * tty termios mutex and ctrl_lock. The console takes its own lock
2350 * then calls into the default method.
2351 */
2352
2353 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2354 {
2355 struct winsize tmp_ws;
2356 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2357 return -EFAULT;
2358
2359 if (tty->ops->resize)
2360 return tty->ops->resize(tty, &tmp_ws);
2361 else
2362 return tty_do_resize(tty, &tmp_ws);
2363 }
2364
2365 /**
2366 * tioccons - allow admin to move logical console
2367 * @file: the file to become console
2368 *
2369 * Allow the administrator to move the redirected console device
2370 *
2371 * Locking: uses redirect_lock to guard the redirect information
2372 */
2373
2374 static int tioccons(struct file *file)
2375 {
2376 if (!capable(CAP_SYS_ADMIN))
2377 return -EPERM;
2378 if (file->f_op->write == redirected_tty_write) {
2379 struct file *f;
2380 spin_lock(&redirect_lock);
2381 f = redirect;
2382 redirect = NULL;
2383 spin_unlock(&redirect_lock);
2384 if (f)
2385 fput(f);
2386 return 0;
2387 }
2388 spin_lock(&redirect_lock);
2389 if (redirect) {
2390 spin_unlock(&redirect_lock);
2391 return -EBUSY;
2392 }
2393 redirect = get_file(file);
2394 spin_unlock(&redirect_lock);
2395 return 0;
2396 }
2397
2398 /**
2399 * fionbio - non blocking ioctl
2400 * @file: file to set blocking value
2401 * @p: user parameter
2402 *
2403 * Historical tty interfaces had a blocking control ioctl before
2404 * the generic functionality existed. This piece of history is preserved
2405 * in the expected tty API of posix OS's.
2406 *
2407 * Locking: none, the open file handle ensures it won't go away.
2408 */
2409
2410 static int fionbio(struct file *file, int __user *p)
2411 {
2412 int nonblock;
2413
2414 if (get_user(nonblock, p))
2415 return -EFAULT;
2416
2417 spin_lock(&file->f_lock);
2418 if (nonblock)
2419 file->f_flags |= O_NONBLOCK;
2420 else
2421 file->f_flags &= ~O_NONBLOCK;
2422 spin_unlock(&file->f_lock);
2423 return 0;
2424 }
2425
2426 /**
2427 * tiocsctty - set controlling tty
2428 * @tty: tty structure
2429 * @arg: user argument
2430 *
2431 * This ioctl is used to manage job control. It permits a session
2432 * leader to set this tty as the controlling tty for the session.
2433 *
2434 * Locking:
2435 * Takes tty_lock() to serialize proc_set_tty() for this tty
2436 * Takes tasklist_lock internally to walk sessions
2437 * Takes ->siglock() when updating signal->tty
2438 */
2439
2440 static int tiocsctty(struct tty_struct *tty, int arg)
2441 {
2442 int ret = 0;
2443
2444 tty_lock(tty);
2445 read_lock(&tasklist_lock);
2446
2447 if (current->signal->leader && (task_session(current) == tty->session))
2448 goto unlock;
2449
2450 /*
2451 * The process must be a session leader and
2452 * not have a controlling tty already.
2453 */
2454 if (!current->signal->leader || current->signal->tty) {
2455 ret = -EPERM;
2456 goto unlock;
2457 }
2458
2459 if (tty->session) {
2460 /*
2461 * This tty is already the controlling
2462 * tty for another session group!
2463 */
2464 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2465 /*
2466 * Steal it away
2467 */
2468 session_clear_tty(tty->session);
2469 } else {
2470 ret = -EPERM;
2471 goto unlock;
2472 }
2473 }
2474 proc_set_tty(tty);
2475 unlock:
2476 read_unlock(&tasklist_lock);
2477 tty_unlock(tty);
2478 return ret;
2479 }
2480
2481 /**
2482 * tty_get_pgrp - return a ref counted pgrp pid
2483 * @tty: tty to read
2484 *
2485 * Returns a refcounted instance of the pid struct for the process
2486 * group controlling the tty.
2487 */
2488
2489 struct pid *tty_get_pgrp(struct tty_struct *tty)
2490 {
2491 unsigned long flags;
2492 struct pid *pgrp;
2493
2494 spin_lock_irqsave(&tty->ctrl_lock, flags);
2495 pgrp = get_pid(tty->pgrp);
2496 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2497
2498 return pgrp;
2499 }
2500 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2501
2502 /*
2503 * This checks not only the pgrp, but falls back on the pid if no
2504 * satisfactory pgrp is found. I dunno - gdb doesn't work correctly
2505 * without this...
2506 *
2507 * The caller must hold rcu lock or the tasklist lock.
2508 */
2509 static struct pid *session_of_pgrp(struct pid *pgrp)
2510 {
2511 struct task_struct *p;
2512 struct pid *sid = NULL;
2513
2514 p = pid_task(pgrp, PIDTYPE_PGID);
2515 if (p == NULL)
2516 p = pid_task(pgrp, PIDTYPE_PID);
2517 if (p != NULL)
2518 sid = task_session(p);
2519
2520 return sid;
2521 }
2522
2523 /**
2524 * tiocgpgrp - get process group
2525 * @tty: tty passed by user
2526 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2527 * @p: returned pid
2528 *
2529 * Obtain the process group of the tty. If there is no process group
2530 * return an error.
2531 *
2532 * Locking: none. Reference to current->signal->tty is safe.
2533 */
2534
2535 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2536 {
2537 struct pid *pid;
2538 int ret;
2539 /*
2540 * (tty == real_tty) is a cheap way of
2541 * testing if the tty is NOT a master pty.
2542 */
2543 if (tty == real_tty && current->signal->tty != real_tty)
2544 return -ENOTTY;
2545 pid = tty_get_pgrp(real_tty);
2546 ret = put_user(pid_vnr(pid), p);
2547 put_pid(pid);
2548 return ret;
2549 }
2550
2551 /**
2552 * tiocspgrp - attempt to set process group
2553 * @tty: tty passed by user
2554 * @real_tty: tty side device matching tty passed by user
2555 * @p: pid pointer
2556 *
2557 * Set the process group of the tty to the session passed. Only
2558 * permitted where the tty session is our session.
2559 *
2560 * Locking: RCU, ctrl lock
2561 */
2562
2563 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2564 {
2565 struct pid *pgrp;
2566 pid_t pgrp_nr;
2567 int retval = tty_check_change(real_tty);
2568 unsigned long flags;
2569
2570 if (retval == -EIO)
2571 return -ENOTTY;
2572 if (retval)
2573 return retval;
2574 if (!current->signal->tty ||
2575 (current->signal->tty != real_tty) ||
2576 (real_tty->session != task_session(current)))
2577 return -ENOTTY;
2578 if (get_user(pgrp_nr, p))
2579 return -EFAULT;
2580 if (pgrp_nr < 0)
2581 return -EINVAL;
2582 rcu_read_lock();
2583 pgrp = find_vpid(pgrp_nr);
2584 retval = -ESRCH;
2585 if (!pgrp)
2586 goto out_unlock;
2587 retval = -EPERM;
2588 if (session_of_pgrp(pgrp) != task_session(current))
2589 goto out_unlock;
2590 retval = 0;
2591 spin_lock_irqsave(&tty->ctrl_lock, flags);
2592 put_pid(real_tty->pgrp);
2593 real_tty->pgrp = get_pid(pgrp);
2594 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2595 out_unlock:
2596 rcu_read_unlock();
2597 return retval;
2598 }
2599
2600 /**
2601 * tiocgsid - get session id
2602 * @tty: tty passed by user
2603 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2604 * @p: pointer to returned session id
2605 *
2606 * Obtain the session id of the tty. If there is no session
2607 * return an error.
2608 *
2609 * Locking: none. Reference to current->signal->tty is safe.
2610 */
2611
2612 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2613 {
2614 /*
2615 * (tty == real_tty) is a cheap way of
2616 * testing if the tty is NOT a master pty.
2617 */
2618 if (tty == real_tty && current->signal->tty != real_tty)
2619 return -ENOTTY;
2620 if (!real_tty->session)
2621 return -ENOTTY;
2622 return put_user(pid_vnr(real_tty->session), p);
2623 }
2624
2625 /**
2626 * tiocsetd - set line discipline
2627 * @tty: tty device
2628 * @p: pointer to user data
2629 *
2630 * Set the line discipline according to user request.
2631 *
2632 * Locking: see tty_set_ldisc, this function is just a helper
2633 */
2634
2635 static int tiocsetd(struct tty_struct *tty, int __user *p)
2636 {
2637 int ldisc;
2638 int ret;
2639
2640 if (get_user(ldisc, p))
2641 return -EFAULT;
2642
2643 ret = tty_set_ldisc(tty, ldisc);
2644
2645 return ret;
2646 }
2647
2648 /**
2649 * send_break - performed time break
2650 * @tty: device to break on
2651 * @duration: timeout in mS
2652 *
2653 * Perform a timed break on hardware that lacks its own driver level
2654 * timed break functionality.
2655 *
2656 * Locking:
2657 * atomic_write_lock serializes
2658 *
2659 */
2660
2661 static int send_break(struct tty_struct *tty, unsigned int duration)
2662 {
2663 int retval;
2664
2665 if (tty->ops->break_ctl == NULL)
2666 return 0;
2667
2668 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2669 retval = tty->ops->break_ctl(tty, duration);
2670 else {
2671 /* Do the work ourselves */
2672 if (tty_write_lock(tty, 0) < 0)
2673 return -EINTR;
2674 retval = tty->ops->break_ctl(tty, -1);
2675 if (retval)
2676 goto out;
2677 if (!signal_pending(current))
2678 msleep_interruptible(duration);
2679 retval = tty->ops->break_ctl(tty, 0);
2680 out:
2681 tty_write_unlock(tty);
2682 if (signal_pending(current))
2683 retval = -EINTR;
2684 }
2685 return retval;
2686 }
2687
2688 /**
2689 * tty_tiocmget - get modem status
2690 * @tty: tty device
2691 * @file: user file pointer
2692 * @p: pointer to result
2693 *
2694 * Obtain the modem status bits from the tty driver if the feature
2695 * is supported. Return -EINVAL if it is not available.
2696 *
2697 * Locking: none (up to the driver)
2698 */
2699
2700 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2701 {
2702 int retval = -EINVAL;
2703
2704 if (tty->ops->tiocmget) {
2705 retval = tty->ops->tiocmget(tty);
2706
2707 if (retval >= 0)
2708 retval = put_user(retval, p);
2709 }
2710 return retval;
2711 }
2712
2713 /**
2714 * tty_tiocmset - set modem status
2715 * @tty: tty device
2716 * @cmd: command - clear bits, set bits or set all
2717 * @p: pointer to desired bits
2718 *
2719 * Set the modem status bits from the tty driver if the feature
2720 * is supported. Return -EINVAL if it is not available.
2721 *
2722 * Locking: none (up to the driver)
2723 */
2724
2725 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2726 unsigned __user *p)
2727 {
2728 int retval;
2729 unsigned int set, clear, val;
2730
2731 if (tty->ops->tiocmset == NULL)
2732 return -EINVAL;
2733
2734 retval = get_user(val, p);
2735 if (retval)
2736 return retval;
2737 set = clear = 0;
2738 switch (cmd) {
2739 case TIOCMBIS:
2740 set = val;
2741 break;
2742 case TIOCMBIC:
2743 clear = val;
2744 break;
2745 case TIOCMSET:
2746 set = val;
2747 clear = ~val;
2748 break;
2749 }
2750 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2751 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2752 return tty->ops->tiocmset(tty, set, clear);
2753 }
2754
2755 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2756 {
2757 int retval = -EINVAL;
2758 struct serial_icounter_struct icount;
2759 memset(&icount, 0, sizeof(icount));
2760 if (tty->ops->get_icount)
2761 retval = tty->ops->get_icount(tty, &icount);
2762 if (retval != 0)
2763 return retval;
2764 if (copy_to_user(arg, &icount, sizeof(icount)))
2765 return -EFAULT;
2766 return 0;
2767 }
2768
2769 /*
2770 * if pty, return the slave side (real_tty)
2771 * otherwise, return self
2772 */
2773 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2774 {
2775 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2776 tty->driver->subtype == PTY_TYPE_MASTER)
2777 tty = tty->link;
2778 return tty;
2779 }
2780
2781 /*
2782 * Split this up, as gcc can choke on it otherwise..
2783 */
2784 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2785 {
2786 struct tty_struct *tty = file_tty(file);
2787 struct tty_struct *real_tty;
2788 void __user *p = (void __user *)arg;
2789 int retval;
2790 struct tty_ldisc *ld;
2791
2792 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2793 return -EINVAL;
2794
2795 real_tty = tty_pair_get_tty(tty);
2796
2797 /*
2798 * Factor out some common prep work
2799 */
2800 switch (cmd) {
2801 case TIOCSETD:
2802 case TIOCSBRK:
2803 case TIOCCBRK:
2804 case TCSBRK:
2805 case TCSBRKP:
2806 retval = tty_check_change(tty);
2807 if (retval)
2808 return retval;
2809 if (cmd != TIOCCBRK) {
2810 tty_wait_until_sent(tty, 0);
2811 if (signal_pending(current))
2812 return -EINTR;
2813 }
2814 break;
2815 }
2816
2817 /*
2818 * Now do the stuff.
2819 */
2820 switch (cmd) {
2821 case TIOCSTI:
2822 return tiocsti(tty, p);
2823 case TIOCGWINSZ:
2824 return tiocgwinsz(real_tty, p);
2825 case TIOCSWINSZ:
2826 return tiocswinsz(real_tty, p);
2827 case TIOCCONS:
2828 return real_tty != tty ? -EINVAL : tioccons(file);
2829 case FIONBIO:
2830 return fionbio(file, p);
2831 case TIOCEXCL:
2832 set_bit(TTY_EXCLUSIVE, &tty->flags);
2833 return 0;
2834 case TIOCNXCL:
2835 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2836 return 0;
2837 case TIOCGEXCL:
2838 {
2839 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2840 return put_user(excl, (int __user *)p);
2841 }
2842 case TIOCNOTTY:
2843 if (current->signal->tty != tty)
2844 return -ENOTTY;
2845 no_tty();
2846 return 0;
2847 case TIOCSCTTY:
2848 return tiocsctty(tty, arg);
2849 case TIOCGPGRP:
2850 return tiocgpgrp(tty, real_tty, p);
2851 case TIOCSPGRP:
2852 return tiocspgrp(tty, real_tty, p);
2853 case TIOCGSID:
2854 return tiocgsid(tty, real_tty, p);
2855 case TIOCGETD:
2856 return put_user(tty->ldisc->ops->num, (int __user *)p);
2857 case TIOCSETD:
2858 return tiocsetd(tty, p);
2859 case TIOCVHANGUP:
2860 if (!capable(CAP_SYS_ADMIN))
2861 return -EPERM;
2862 tty_vhangup(tty);
2863 return 0;
2864 case TIOCGDEV:
2865 {
2866 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2867 return put_user(ret, (unsigned int __user *)p);
2868 }
2869 /*
2870 * Break handling
2871 */
2872 case TIOCSBRK: /* Turn break on, unconditionally */
2873 if (tty->ops->break_ctl)
2874 return tty->ops->break_ctl(tty, -1);
2875 return 0;
2876 case TIOCCBRK: /* Turn break off, unconditionally */
2877 if (tty->ops->break_ctl)
2878 return tty->ops->break_ctl(tty, 0);
2879 return 0;
2880 case TCSBRK: /* SVID version: non-zero arg --> no break */
2881 /* non-zero arg means wait for all output data
2882 * to be sent (performed above) but don't send break.
2883 * This is used by the tcdrain() termios function.
2884 */
2885 if (!arg)
2886 return send_break(tty, 250);
2887 return 0;
2888 case TCSBRKP: /* support for POSIX tcsendbreak() */
2889 return send_break(tty, arg ? arg*100 : 250);
2890
2891 case TIOCMGET:
2892 return tty_tiocmget(tty, p);
2893 case TIOCMSET:
2894 case TIOCMBIC:
2895 case TIOCMBIS:
2896 return tty_tiocmset(tty, cmd, p);
2897 case TIOCGICOUNT:
2898 retval = tty_tiocgicount(tty, p);
2899 /* For the moment allow fall through to the old method */
2900 if (retval != -EINVAL)
2901 return retval;
2902 break;
2903 case TCFLSH:
2904 switch (arg) {
2905 case TCIFLUSH:
2906 case TCIOFLUSH:
2907 /* flush tty buffer and allow ldisc to process ioctl */
2908 tty_buffer_flush(tty);
2909 break;
2910 }
2911 break;
2912 }
2913 if (tty->ops->ioctl) {
2914 retval = (tty->ops->ioctl)(tty, cmd, arg);
2915 if (retval != -ENOIOCTLCMD)
2916 return retval;
2917 }
2918 ld = tty_ldisc_ref_wait(tty);
2919 retval = -EINVAL;
2920 if (ld->ops->ioctl) {
2921 retval = ld->ops->ioctl(tty, file, cmd, arg);
2922 if (retval == -ENOIOCTLCMD)
2923 retval = -ENOTTY;
2924 }
2925 tty_ldisc_deref(ld);
2926 return retval;
2927 }
2928
2929 #ifdef CONFIG_COMPAT
2930 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2931 unsigned long arg)
2932 {
2933 struct tty_struct *tty = file_tty(file);
2934 struct tty_ldisc *ld;
2935 int retval = -ENOIOCTLCMD;
2936
2937 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2938 return -EINVAL;
2939
2940 if (tty->ops->compat_ioctl) {
2941 retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2942 if (retval != -ENOIOCTLCMD)
2943 return retval;
2944 }
2945
2946 ld = tty_ldisc_ref_wait(tty);
2947 if (ld->ops->compat_ioctl)
2948 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2949 else
2950 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2951 tty_ldisc_deref(ld);
2952
2953 return retval;
2954 }
2955 #endif
2956
2957 static int this_tty(const void *t, struct file *file, unsigned fd)
2958 {
2959 if (likely(file->f_op->read != tty_read))
2960 return 0;
2961 return file_tty(file) != t ? 0 : fd + 1;
2962 }
2963
2964 /*
2965 * This implements the "Secure Attention Key" --- the idea is to
2966 * prevent trojan horses by killing all processes associated with this
2967 * tty when the user hits the "Secure Attention Key". Required for
2968 * super-paranoid applications --- see the Orange Book for more details.
2969 *
2970 * This code could be nicer; ideally it should send a HUP, wait a few
2971 * seconds, then send a INT, and then a KILL signal. But you then
2972 * have to coordinate with the init process, since all processes associated
2973 * with the current tty must be dead before the new getty is allowed
2974 * to spawn.
2975 *
2976 * Now, if it would be correct ;-/ The current code has a nasty hole -
2977 * it doesn't catch files in flight. We may send the descriptor to ourselves
2978 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2979 *
2980 * Nasty bug: do_SAK is being called in interrupt context. This can
2981 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2982 */
2983 void __do_SAK(struct tty_struct *tty)
2984 {
2985 #ifdef TTY_SOFT_SAK
2986 tty_hangup(tty);
2987 #else
2988 struct task_struct *g, *p;
2989 struct pid *session;
2990 int i;
2991
2992 if (!tty)
2993 return;
2994 session = tty->session;
2995
2996 tty_ldisc_flush(tty);
2997
2998 tty_driver_flush_buffer(tty);
2999
3000 read_lock(&tasklist_lock);
3001 /* Kill the entire session */
3002 do_each_pid_task(session, PIDTYPE_SID, p) {
3003 printk(KERN_NOTICE "SAK: killed process %d"
3004 " (%s): task_session(p)==tty->session\n",
3005 task_pid_nr(p), p->comm);
3006 send_sig(SIGKILL, p, 1);
3007 } while_each_pid_task(session, PIDTYPE_SID, p);
3008 /* Now kill any processes that happen to have the
3009 * tty open.
3010 */
3011 do_each_thread(g, p) {
3012 if (p->signal->tty == tty) {
3013 printk(KERN_NOTICE "SAK: killed process %d"
3014 " (%s): task_session(p)==tty->session\n",
3015 task_pid_nr(p), p->comm);
3016 send_sig(SIGKILL, p, 1);
3017 continue;
3018 }
3019 task_lock(p);
3020 i = iterate_fd(p->files, 0, this_tty, tty);
3021 if (i != 0) {
3022 printk(KERN_NOTICE "SAK: killed process %d"
3023 " (%s): fd#%d opened to the tty\n",
3024 task_pid_nr(p), p->comm, i - 1);
3025 force_sig(SIGKILL, p);
3026 }
3027 task_unlock(p);
3028 } while_each_thread(g, p);
3029 read_unlock(&tasklist_lock);
3030 #endif
3031 }
3032
3033 static void do_SAK_work(struct work_struct *work)
3034 {
3035 struct tty_struct *tty =
3036 container_of(work, struct tty_struct, SAK_work);
3037 __do_SAK(tty);
3038 }
3039
3040 /*
3041 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3042 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3043 * the values which we write to it will be identical to the values which it
3044 * already has. --akpm
3045 */
3046 void do_SAK(struct tty_struct *tty)
3047 {
3048 if (!tty)
3049 return;
3050 schedule_work(&tty->SAK_work);
3051 }
3052
3053 EXPORT_SYMBOL(do_SAK);
3054
3055 static int dev_match_devt(struct device *dev, const void *data)
3056 {
3057 const dev_t *devt = data;
3058 return dev->devt == *devt;
3059 }
3060
3061 /* Must put_device() after it's unused! */
3062 static struct device *tty_get_device(struct tty_struct *tty)
3063 {
3064 dev_t devt = tty_devnum(tty);
3065 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
3066 }
3067
3068
3069 /**
3070 * alloc_tty_struct
3071 *
3072 * This subroutine allocates and initializes a tty structure.
3073 *
3074 * Locking: none - tty in question is not exposed at this point
3075 */
3076
3077 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3078 {
3079 struct tty_struct *tty;
3080
3081 tty = kzalloc(sizeof(*tty), GFP_KERNEL);
3082 if (!tty)
3083 return NULL;
3084
3085 kref_init(&tty->kref);
3086 tty->magic = TTY_MAGIC;
3087 tty_ldisc_init(tty);
3088 tty->session = NULL;
3089 tty->pgrp = NULL;
3090 mutex_init(&tty->legacy_mutex);
3091 mutex_init(&tty->throttle_mutex);
3092 init_rwsem(&tty->termios_rwsem);
3093 mutex_init(&tty->winsize_mutex);
3094 init_ldsem(&tty->ldisc_sem);
3095 init_waitqueue_head(&tty->write_wait);
3096 init_waitqueue_head(&tty->read_wait);
3097 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3098 mutex_init(&tty->atomic_write_lock);
3099 spin_lock_init(&tty->ctrl_lock);
3100 spin_lock_init(&tty->flow_lock);
3101 INIT_LIST_HEAD(&tty->tty_files);
3102 INIT_WORK(&tty->SAK_work, do_SAK_work);
3103
3104 tty->driver = driver;
3105 tty->ops = driver->ops;
3106 tty->index = idx;
3107 tty_line_name(driver, idx, tty->name);
3108 tty->dev = tty_get_device(tty);
3109
3110 return tty;
3111 }
3112
3113 /**
3114 * deinitialize_tty_struct
3115 * @tty: tty to deinitialize
3116 *
3117 * This subroutine deinitializes a tty structure that has been newly
3118 * allocated but tty_release cannot be called on that yet.
3119 *
3120 * Locking: none - tty in question must not be exposed at this point
3121 */
3122 void deinitialize_tty_struct(struct tty_struct *tty)
3123 {
3124 tty_ldisc_deinit(tty);
3125 }
3126
3127 /**
3128 * tty_put_char - write one character to a tty
3129 * @tty: tty
3130 * @ch: character
3131 *
3132 * Write one byte to the tty using the provided put_char method
3133 * if present. Returns the number of characters successfully output.
3134 *
3135 * Note: the specific put_char operation in the driver layer may go
3136 * away soon. Don't call it directly, use this method
3137 */
3138
3139 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3140 {
3141 if (tty->ops->put_char)
3142 return tty->ops->put_char(tty, ch);
3143 return tty->ops->write(tty, &ch, 1);
3144 }
3145 EXPORT_SYMBOL_GPL(tty_put_char);
3146
3147 struct class *tty_class;
3148
3149 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3150 unsigned int index, unsigned int count)
3151 {
3152 /* init here, since reused cdevs cause crashes */
3153 cdev_init(&driver->cdevs[index], &tty_fops);
3154 driver->cdevs[index].owner = driver->owner;
3155 return cdev_add(&driver->cdevs[index], dev, count);
3156 }
3157
3158 /**
3159 * tty_register_device - register a tty device
3160 * @driver: the tty driver that describes the tty device
3161 * @index: the index in the tty driver for this tty device
3162 * @device: a struct device that is associated with this tty device.
3163 * This field is optional, if there is no known struct device
3164 * for this tty device it can be set to NULL safely.
3165 *
3166 * Returns a pointer to the struct device for this tty device
3167 * (or ERR_PTR(-EFOO) on error).
3168 *
3169 * This call is required to be made to register an individual tty device
3170 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3171 * that bit is not set, this function should not be called by a tty
3172 * driver.
3173 *
3174 * Locking: ??
3175 */
3176
3177 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3178 struct device *device)
3179 {
3180 return tty_register_device_attr(driver, index, device, NULL, NULL);
3181 }
3182 EXPORT_SYMBOL(tty_register_device);
3183
3184 static void tty_device_create_release(struct device *dev)
3185 {
3186 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3187 kfree(dev);
3188 }
3189
3190 /**
3191 * tty_register_device_attr - register a tty device
3192 * @driver: the tty driver that describes the tty device
3193 * @index: the index in the tty driver for this tty device
3194 * @device: a struct device that is associated with this tty device.
3195 * This field is optional, if there is no known struct device
3196 * for this tty device it can be set to NULL safely.
3197 * @drvdata: Driver data to be set to device.
3198 * @attr_grp: Attribute group to be set on device.
3199 *
3200 * Returns a pointer to the struct device for this tty device
3201 * (or ERR_PTR(-EFOO) on error).
3202 *
3203 * This call is required to be made to register an individual tty device
3204 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3205 * that bit is not set, this function should not be called by a tty
3206 * driver.
3207 *
3208 * Locking: ??
3209 */
3210 struct device *tty_register_device_attr(struct tty_driver *driver,
3211 unsigned index, struct device *device,
3212 void *drvdata,
3213 const struct attribute_group **attr_grp)
3214 {
3215 char name[64];
3216 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3217 struct device *dev = NULL;
3218 int retval = -ENODEV;
3219 bool cdev = false;
3220
3221 if (index >= driver->num) {
3222 printk(KERN_ERR "Attempt to register invalid tty line number "
3223 " (%d).\n", index);
3224 return ERR_PTR(-EINVAL);
3225 }
3226
3227 if (driver->type == TTY_DRIVER_TYPE_PTY)
3228 pty_line_name(driver, index, name);
3229 else
3230 tty_line_name(driver, index, name);
3231
3232 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3233 retval = tty_cdev_add(driver, devt, index, 1);
3234 if (retval)
3235 goto error;
3236 cdev = true;
3237 }
3238
3239 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3240 if (!dev) {
3241 retval = -ENOMEM;
3242 goto error;
3243 }
3244
3245 dev->devt = devt;
3246 dev->class = tty_class;
3247 dev->parent = device;
3248 dev->release = tty_device_create_release;
3249 dev_set_name(dev, "%s", name);
3250 dev->groups = attr_grp;
3251 dev_set_drvdata(dev, drvdata);
3252
3253 retval = device_register(dev);
3254 if (retval)
3255 goto error;
3256
3257 return dev;
3258
3259 error:
3260 put_device(dev);
3261 if (cdev)
3262 cdev_del(&driver->cdevs[index]);
3263 return ERR_PTR(retval);
3264 }
3265 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3266
3267 /**
3268 * tty_unregister_device - unregister a tty device
3269 * @driver: the tty driver that describes the tty device
3270 * @index: the index in the tty driver for this tty device
3271 *
3272 * If a tty device is registered with a call to tty_register_device() then
3273 * this function must be called when the tty device is gone.
3274 *
3275 * Locking: ??
3276 */
3277
3278 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3279 {
3280 device_destroy(tty_class,
3281 MKDEV(driver->major, driver->minor_start) + index);
3282 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3283 cdev_del(&driver->cdevs[index]);
3284 }
3285 EXPORT_SYMBOL(tty_unregister_device);
3286
3287 /**
3288 * __tty_alloc_driver -- allocate tty driver
3289 * @lines: count of lines this driver can handle at most
3290 * @owner: module which is repsonsible for this driver
3291 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3292 *
3293 * This should not be called directly, some of the provided macros should be
3294 * used instead. Use IS_ERR and friends on @retval.
3295 */
3296 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3297 unsigned long flags)
3298 {
3299 struct tty_driver *driver;
3300 unsigned int cdevs = 1;
3301 int err;
3302
3303 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3304 return ERR_PTR(-EINVAL);
3305
3306 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3307 if (!driver)
3308 return ERR_PTR(-ENOMEM);
3309
3310 kref_init(&driver->kref);
3311 driver->magic = TTY_DRIVER_MAGIC;
3312 driver->num = lines;
3313 driver->owner = owner;
3314 driver->flags = flags;
3315
3316 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3317 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3318 GFP_KERNEL);
3319 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3320 GFP_KERNEL);
3321 if (!driver->ttys || !driver->termios) {
3322 err = -ENOMEM;
3323 goto err_free_all;
3324 }
3325 }
3326
3327 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3328 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3329 GFP_KERNEL);
3330 if (!driver->ports) {
3331 err = -ENOMEM;
3332 goto err_free_all;
3333 }
3334 cdevs = lines;
3335 }
3336
3337 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3338 if (!driver->cdevs) {
3339 err = -ENOMEM;
3340 goto err_free_all;
3341 }
3342
3343 return driver;
3344 err_free_all:
3345 kfree(driver->ports);
3346 kfree(driver->ttys);
3347 kfree(driver->termios);
3348 kfree(driver);
3349 return ERR_PTR(err);
3350 }
3351 EXPORT_SYMBOL(__tty_alloc_driver);
3352
3353 static void destruct_tty_driver(struct kref *kref)
3354 {
3355 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3356 int i;
3357 struct ktermios *tp;
3358
3359 if (driver->flags & TTY_DRIVER_INSTALLED) {
3360 /*
3361 * Free the termios and termios_locked structures because
3362 * we don't want to get memory leaks when modular tty
3363 * drivers are removed from the kernel.
3364 */
3365 for (i = 0; i < driver->num; i++) {
3366 tp = driver->termios[i];
3367 if (tp) {
3368 driver->termios[i] = NULL;
3369 kfree(tp);
3370 }
3371 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3372 tty_unregister_device(driver, i);
3373 }
3374 proc_tty_unregister_driver(driver);
3375 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3376 cdev_del(&driver->cdevs[0]);
3377 }
3378 kfree(driver->cdevs);
3379 kfree(driver->ports);
3380 kfree(driver->termios);
3381 kfree(driver->ttys);
3382 kfree(driver);
3383 }
3384
3385 void tty_driver_kref_put(struct tty_driver *driver)
3386 {
3387 kref_put(&driver->kref, destruct_tty_driver);
3388 }
3389 EXPORT_SYMBOL(tty_driver_kref_put);
3390
3391 void tty_set_operations(struct tty_driver *driver,
3392 const struct tty_operations *op)
3393 {
3394 driver->ops = op;
3395 };
3396 EXPORT_SYMBOL(tty_set_operations);
3397
3398 void put_tty_driver(struct tty_driver *d)
3399 {
3400 tty_driver_kref_put(d);
3401 }
3402 EXPORT_SYMBOL(put_tty_driver);
3403
3404 /*
3405 * Called by a tty driver to register itself.
3406 */
3407 int tty_register_driver(struct tty_driver *driver)
3408 {
3409 int error;
3410 int i;
3411 dev_t dev;
3412 struct device *d;
3413
3414 if (!driver->major) {
3415 error = alloc_chrdev_region(&dev, driver->minor_start,
3416 driver->num, driver->name);
3417 if (!error) {
3418 driver->major = MAJOR(dev);
3419 driver->minor_start = MINOR(dev);
3420 }
3421 } else {
3422 dev = MKDEV(driver->major, driver->minor_start);
3423 error = register_chrdev_region(dev, driver->num, driver->name);
3424 }
3425 if (error < 0)
3426 goto err;
3427
3428 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3429 error = tty_cdev_add(driver, dev, 0, driver->num);
3430 if (error)
3431 goto err_unreg_char;
3432 }
3433
3434 mutex_lock(&tty_mutex);
3435 list_add(&driver->tty_drivers, &tty_drivers);
3436 mutex_unlock(&tty_mutex);
3437
3438 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3439 for (i = 0; i < driver->num; i++) {
3440 d = tty_register_device(driver, i, NULL);
3441 if (IS_ERR(d)) {
3442 error = PTR_ERR(d);
3443 goto err_unreg_devs;
3444 }
3445 }
3446 }
3447 proc_tty_register_driver(driver);
3448 driver->flags |= TTY_DRIVER_INSTALLED;
3449 return 0;
3450
3451 err_unreg_devs:
3452 for (i--; i >= 0; i--)
3453 tty_unregister_device(driver, i);
3454
3455 mutex_lock(&tty_mutex);
3456 list_del(&driver->tty_drivers);
3457 mutex_unlock(&tty_mutex);
3458
3459 err_unreg_char:
3460 unregister_chrdev_region(dev, driver->num);
3461 err:
3462 return error;
3463 }
3464 EXPORT_SYMBOL(tty_register_driver);
3465
3466 /*
3467 * Called by a tty driver to unregister itself.
3468 */
3469 int tty_unregister_driver(struct tty_driver *driver)
3470 {
3471 #if 0
3472 /* FIXME */
3473 if (driver->refcount)
3474 return -EBUSY;
3475 #endif
3476 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3477 driver->num);
3478 mutex_lock(&tty_mutex);
3479 list_del(&driver->tty_drivers);
3480 mutex_unlock(&tty_mutex);
3481 return 0;
3482 }
3483
3484 EXPORT_SYMBOL(tty_unregister_driver);
3485
3486 dev_t tty_devnum(struct tty_struct *tty)
3487 {
3488 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3489 }
3490 EXPORT_SYMBOL(tty_devnum);
3491
3492 void tty_default_fops(struct file_operations *fops)
3493 {
3494 *fops = tty_fops;
3495 }
3496
3497 /*
3498 * Initialize the console device. This is called *early*, so
3499 * we can't necessarily depend on lots of kernel help here.
3500 * Just do some early initializations, and do the complex setup
3501 * later.
3502 */
3503 void __init console_init(void)
3504 {
3505 initcall_t *call;
3506
3507 /* Setup the default TTY line discipline. */
3508 tty_ldisc_begin();
3509
3510 /*
3511 * set up the console device so that later boot sequences can
3512 * inform about problems etc..
3513 */
3514 call = __con_initcall_start;
3515 while (call < __con_initcall_end) {
3516 (*call)();
3517 call++;
3518 }
3519 }
3520
3521 static char *tty_devnode(struct device *dev, umode_t *mode)
3522 {
3523 if (!mode)
3524 return NULL;
3525 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3526 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3527 *mode = 0666;
3528 return NULL;
3529 }
3530
3531 static int __init tty_class_init(void)
3532 {
3533 tty_class = class_create(THIS_MODULE, "tty");
3534 if (IS_ERR(tty_class))
3535 return PTR_ERR(tty_class);
3536 tty_class->devnode = tty_devnode;
3537 return 0;
3538 }
3539
3540 postcore_initcall(tty_class_init);
3541
3542 /* 3/2004 jmc: why do these devices exist? */
3543 static struct cdev tty_cdev, console_cdev;
3544
3545 static ssize_t show_cons_active(struct device *dev,
3546 struct device_attribute *attr, char *buf)
3547 {
3548 struct console *cs[16];
3549 int i = 0;
3550 struct console *c;
3551 ssize_t count = 0;
3552
3553 console_lock();
3554 for_each_console(c) {
3555 if (!c->device)
3556 continue;
3557 if (!c->write)
3558 continue;
3559 if ((c->flags & CON_ENABLED) == 0)
3560 continue;
3561 cs[i++] = c;
3562 if (i >= ARRAY_SIZE(cs))
3563 break;
3564 }
3565 while (i--) {
3566 int index = cs[i]->index;
3567 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3568
3569 /* don't resolve tty0 as some programs depend on it */
3570 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3571 count += tty_line_name(drv, index, buf + count);
3572 else
3573 count += sprintf(buf + count, "%s%d",
3574 cs[i]->name, cs[i]->index);
3575
3576 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3577 }
3578 console_unlock();
3579
3580 return count;
3581 }
3582 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3583
3584 static struct device *consdev;
3585
3586 void console_sysfs_notify(void)
3587 {
3588 if (consdev)
3589 sysfs_notify(&consdev->kobj, NULL, "active");
3590 }
3591
3592 /*
3593 * Ok, now we can initialize the rest of the tty devices and can count
3594 * on memory allocations, interrupts etc..
3595 */
3596 int __init tty_init(void)
3597 {
3598 cdev_init(&tty_cdev, &tty_fops);
3599 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3600 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3601 panic("Couldn't register /dev/tty driver\n");
3602 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3603
3604 cdev_init(&console_cdev, &console_fops);
3605 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3606 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3607 panic("Couldn't register /dev/console driver\n");
3608 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3609 "console");
3610 if (IS_ERR(consdev))
3611 consdev = NULL;
3612 else
3613 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3614
3615 #ifdef CONFIG_VT
3616 vty_init(&console_fops);
3617 #endif
3618 return 0;
3619 }
3620
Linux kernel - Deliverables
This page took 0.672453 seconds and 5 git commands to generate.