projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tty: Make core responsible for synchronizing its work
[deliverable/linux.git] / drivers / tty / tty_io.c
1 /*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5 /*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67 #include <linux/types.h>
68 #include <linux/major.h>
69 #include <linux/errno.h>
70 #include <linux/signal.h>
71 #include <linux/fcntl.h>
72 #include <linux/sched.h>
73 #include <linux/interrupt.h>
74 #include <linux/tty.h>
75 #include <linux/tty_driver.h>
76 #include <linux/tty_flip.h>
77 #include <linux/devpts_fs.h>
78 #include <linux/file.h>
79 #include <linux/fdtable.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/device.h>
92 #include <linux/wait.h>
93 #include <linux/bitops.h>
94 #include <linux/delay.h>
95 #include <linux/seq_file.h>
96 #include <linux/serial.h>
97 #include <linux/ratelimit.h>
98
99 #include <linux/uaccess.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106 #include <linux/nsproxy.h>
107
108 #undef TTY_DEBUG_HANGUP
109
110 #define TTY_PARANOIA_CHECK 1
111 #define CHECK_TTY_COUNT 1
112
113 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
122 };
123
124 EXPORT_SYMBOL(tty_std_termios);
125
126 /* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
129
130 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132 /* Mutex to protect creating and releasing a tty. This is shared with
133 vt.c for deeply disgusting hack reasons */
134 DEFINE_MUTEX(tty_mutex);
135 EXPORT_SYMBOL(tty_mutex);
136
137 /* Spinlock to protect the tty->tty_files list */
138 DEFINE_SPINLOCK(tty_files_lock);
139
140 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142 ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
144 static unsigned int tty_poll(struct file *, poll_table *);
145 static int tty_open(struct inode *, struct file *);
146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147 #ifdef CONFIG_COMPAT
148 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 unsigned long arg);
150 #else
151 #define tty_compat_ioctl NULL
152 #endif
153 static int __tty_fasync(int fd, struct file *filp, int on);
154 static int tty_fasync(int fd, struct file *filp, int on);
155 static void release_tty(struct tty_struct *tty, int idx);
156 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
157 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
158
159 /**
160 * alloc_tty_struct - allocate a tty object
161 *
162 * Return a new empty tty structure. The data fields have not
163 * been initialized in any way but has been zeroed
164 *
165 * Locking: none
166 */
167
168 struct tty_struct *alloc_tty_struct(void)
169 {
170 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
171 }
172
173 /**
174 * free_tty_struct - free a disused tty
175 * @tty: tty struct to free
176 *
177 * Free the write buffers, tty queue and tty memory itself.
178 *
179 * Locking: none. Must be called after tty is definitely unused
180 */
181
182 void free_tty_struct(struct tty_struct *tty)
183 {
184 if (!tty)
185 return;
186 if (tty->dev)
187 put_device(tty->dev);
188 kfree(tty->write_buf);
189 tty->magic = 0xDEADDEAD;
190 kfree(tty);
191 }
192
193 static inline struct tty_struct *file_tty(struct file *file)
194 {
195 return ((struct tty_file_private *)file->private_data)->tty;
196 }
197
198 int tty_alloc_file(struct file *file)
199 {
200 struct tty_file_private *priv;
201
202 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
203 if (!priv)
204 return -ENOMEM;
205
206 file->private_data = priv;
207
208 return 0;
209 }
210
211 /* Associate a new file with the tty structure */
212 void tty_add_file(struct tty_struct *tty, struct file *file)
213 {
214 struct tty_file_private *priv = file->private_data;
215
216 priv->tty = tty;
217 priv->file = file;
218
219 spin_lock(&tty_files_lock);
220 list_add(&priv->list, &tty->tty_files);
221 spin_unlock(&tty_files_lock);
222 }
223
224 /**
225 * tty_free_file - free file->private_data
226 *
227 * This shall be used only for fail path handling when tty_add_file was not
228 * called yet.
229 */
230 void tty_free_file(struct file *file)
231 {
232 struct tty_file_private *priv = file->private_data;
233
234 file->private_data = NULL;
235 kfree(priv);
236 }
237
238 /* Delete file from its tty */
239 static void tty_del_file(struct file *file)
240 {
241 struct tty_file_private *priv = file->private_data;
242
243 spin_lock(&tty_files_lock);
244 list_del(&priv->list);
245 spin_unlock(&tty_files_lock);
246 tty_free_file(file);
247 }
248
249
250 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
251
252 /**
253 * tty_name - return tty naming
254 * @tty: tty structure
255 * @buf: buffer for output
256 *
257 * Convert a tty structure into a name. The name reflects the kernel
258 * naming policy and if udev is in use may not reflect user space
259 *
260 * Locking: none
261 */
262
263 char *tty_name(struct tty_struct *tty, char *buf)
264 {
265 if (!tty) /* Hmm. NULL pointer. That's fun. */
266 strcpy(buf, "NULL tty");
267 else
268 strcpy(buf, tty->name);
269 return buf;
270 }
271
272 EXPORT_SYMBOL(tty_name);
273
274 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
275 const char *routine)
276 {
277 #ifdef TTY_PARANOIA_CHECK
278 if (!tty) {
279 printk(KERN_WARNING
280 "null TTY for (%d:%d) in %s\n",
281 imajor(inode), iminor(inode), routine);
282 return 1;
283 }
284 if (tty->magic != TTY_MAGIC) {
285 printk(KERN_WARNING
286 "bad magic number for tty struct (%d:%d) in %s\n",
287 imajor(inode), iminor(inode), routine);
288 return 1;
289 }
290 #endif
291 return 0;
292 }
293
294 static int check_tty_count(struct tty_struct *tty, const char *routine)
295 {
296 #ifdef CHECK_TTY_COUNT
297 struct list_head *p;
298 int count = 0;
299
300 spin_lock(&tty_files_lock);
301 list_for_each(p, &tty->tty_files) {
302 count++;
303 }
304 spin_unlock(&tty_files_lock);
305 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
306 tty->driver->subtype == PTY_TYPE_SLAVE &&
307 tty->link && tty->link->count)
308 count++;
309 if (tty->count != count) {
310 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
311 "!= #fd's(%d) in %s\n",
312 tty->name, tty->count, count, routine);
313 return count;
314 }
315 #endif
316 return 0;
317 }
318
319 /**
320 * get_tty_driver - find device of a tty
321 * @dev_t: device identifier
322 * @index: returns the index of the tty
323 *
324 * This routine returns a tty driver structure, given a device number
325 * and also passes back the index number.
326 *
327 * Locking: caller must hold tty_mutex
328 */
329
330 static struct tty_driver *get_tty_driver(dev_t device, int *index)
331 {
332 struct tty_driver *p;
333
334 list_for_each_entry(p, &tty_drivers, tty_drivers) {
335 dev_t base = MKDEV(p->major, p->minor_start);
336 if (device < base || device >= base + p->num)
337 continue;
338 *index = device - base;
339 return tty_driver_kref_get(p);
340 }
341 return NULL;
342 }
343
344 #ifdef CONFIG_CONSOLE_POLL
345
346 /**
347 * tty_find_polling_driver - find device of a polled tty
348 * @name: name string to match
349 * @line: pointer to resulting tty line nr
350 *
351 * This routine returns a tty driver structure, given a name
352 * and the condition that the tty driver is capable of polled
353 * operation.
354 */
355 struct tty_driver *tty_find_polling_driver(char *name, int *line)
356 {
357 struct tty_driver *p, *res = NULL;
358 int tty_line = 0;
359 int len;
360 char *str, *stp;
361
362 for (str = name; *str; str++)
363 if ((*str >= '0' && *str <= '9') || *str == ',')
364 break;
365 if (!*str)
366 return NULL;
367
368 len = str - name;
369 tty_line = simple_strtoul(str, &str, 10);
370
371 mutex_lock(&tty_mutex);
372 /* Search through the tty devices to look for a match */
373 list_for_each_entry(p, &tty_drivers, tty_drivers) {
374 if (strncmp(name, p->name, len) != 0)
375 continue;
376 stp = str;
377 if (*stp == ',')
378 stp++;
379 if (*stp == '\0')
380 stp = NULL;
381
382 if (tty_line >= 0 && tty_line < p->num && p->ops &&
383 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
384 res = tty_driver_kref_get(p);
385 *line = tty_line;
386 break;
387 }
388 }
389 mutex_unlock(&tty_mutex);
390
391 return res;
392 }
393 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
394 #endif
395
396 /**
397 * tty_check_change - check for POSIX terminal changes
398 * @tty: tty to check
399 *
400 * If we try to write to, or set the state of, a terminal and we're
401 * not in the foreground, send a SIGTTOU. If the signal is blocked or
402 * ignored, go ahead and perform the operation. (POSIX 7.2)
403 *
404 * Locking: ctrl_lock
405 */
406
407 int tty_check_change(struct tty_struct *tty)
408 {
409 unsigned long flags;
410 int ret = 0;
411
412 if (current->signal->tty != tty)
413 return 0;
414
415 spin_lock_irqsave(&tty->ctrl_lock, flags);
416
417 if (!tty->pgrp) {
418 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
419 goto out_unlock;
420 }
421 if (task_pgrp(current) == tty->pgrp)
422 goto out_unlock;
423 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
424 if (is_ignored(SIGTTOU))
425 goto out;
426 if (is_current_pgrp_orphaned()) {
427 ret = -EIO;
428 goto out;
429 }
430 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
431 set_thread_flag(TIF_SIGPENDING);
432 ret = -ERESTARTSYS;
433 out:
434 return ret;
435 out_unlock:
436 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
437 return ret;
438 }
439
440 EXPORT_SYMBOL(tty_check_change);
441
442 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
443 size_t count, loff_t *ppos)
444 {
445 return 0;
446 }
447
448 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
449 size_t count, loff_t *ppos)
450 {
451 return -EIO;
452 }
453
454 /* No kernel lock held - none needed ;) */
455 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
456 {
457 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
458 }
459
460 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
461 unsigned long arg)
462 {
463 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
464 }
465
466 static long hung_up_tty_compat_ioctl(struct file *file,
467 unsigned int cmd, unsigned long arg)
468 {
469 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
470 }
471
472 static const struct file_operations tty_fops = {
473 .llseek = no_llseek,
474 .read = tty_read,
475 .write = tty_write,
476 .poll = tty_poll,
477 .unlocked_ioctl = tty_ioctl,
478 .compat_ioctl = tty_compat_ioctl,
479 .open = tty_open,
480 .release = tty_release,
481 .fasync = tty_fasync,
482 };
483
484 static const struct file_operations console_fops = {
485 .llseek = no_llseek,
486 .read = tty_read,
487 .write = redirected_tty_write,
488 .poll = tty_poll,
489 .unlocked_ioctl = tty_ioctl,
490 .compat_ioctl = tty_compat_ioctl,
491 .open = tty_open,
492 .release = tty_release,
493 .fasync = tty_fasync,
494 };
495
496 static const struct file_operations hung_up_tty_fops = {
497 .llseek = no_llseek,
498 .read = hung_up_tty_read,
499 .write = hung_up_tty_write,
500 .poll = hung_up_tty_poll,
501 .unlocked_ioctl = hung_up_tty_ioctl,
502 .compat_ioctl = hung_up_tty_compat_ioctl,
503 .release = tty_release,
504 };
505
506 static DEFINE_SPINLOCK(redirect_lock);
507 static struct file *redirect;
508
509 /**
510 * tty_wakeup - request more data
511 * @tty: terminal
512 *
513 * Internal and external helper for wakeups of tty. This function
514 * informs the line discipline if present that the driver is ready
515 * to receive more output data.
516 */
517
518 void tty_wakeup(struct tty_struct *tty)
519 {
520 struct tty_ldisc *ld;
521
522 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
523 ld = tty_ldisc_ref(tty);
524 if (ld) {
525 if (ld->ops->write_wakeup)
526 ld->ops->write_wakeup(tty);
527 tty_ldisc_deref(ld);
528 }
529 }
530 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
531 }
532
533 EXPORT_SYMBOL_GPL(tty_wakeup);
534
535 /**
536 * tty_signal_session_leader - sends SIGHUP to session leader
537 * @tty controlling tty
538 * @exit_session if non-zero, signal all foreground group processes
539 *
540 * Send SIGHUP and SIGCONT to the session leader and its process group.
541 * Optionally, signal all processes in the foreground process group.
542 *
543 * Returns the number of processes in the session with this tty
544 * as their controlling terminal. This value is used to drop
545 * tty references for those processes.
546 */
547 static int tty_signal_session_leader(struct tty_struct *tty, int exit_session)
548 {
549 struct task_struct *p;
550 int refs = 0;
551 struct pid *tty_pgrp = NULL;
552
553 read_lock(&tasklist_lock);
554 if (tty->session) {
555 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
556 spin_lock_irq(&p->sighand->siglock);
557 if (p->signal->tty == tty) {
558 p->signal->tty = NULL;
559 /* We defer the dereferences outside fo
560 the tasklist lock */
561 refs++;
562 }
563 if (!p->signal->leader) {
564 spin_unlock_irq(&p->sighand->siglock);
565 continue;
566 }
567 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
568 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
569 put_pid(p->signal->tty_old_pgrp); /* A noop */
570 spin_lock(&tty->ctrl_lock);
571 tty_pgrp = get_pid(tty->pgrp);
572 if (tty->pgrp)
573 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
574 spin_unlock(&tty->ctrl_lock);
575 spin_unlock_irq(&p->sighand->siglock);
576 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
577 }
578 read_unlock(&tasklist_lock);
579
580 if (tty_pgrp) {
581 if (exit_session)
582 kill_pgrp(tty_pgrp, SIGHUP, exit_session);
583 put_pid(tty_pgrp);
584 }
585
586 return refs;
587 }
588
589 /**
590 * __tty_hangup - actual handler for hangup events
591 * @work: tty device
592 *
593 * This can be called by a "kworker" kernel thread. That is process
594 * synchronous but doesn't hold any locks, so we need to make sure we
595 * have the appropriate locks for what we're doing.
596 *
597 * The hangup event clears any pending redirections onto the hung up
598 * device. It ensures future writes will error and it does the needed
599 * line discipline hangup and signal delivery. The tty object itself
600 * remains intact.
601 *
602 * Locking:
603 * BTM
604 * redirect lock for undoing redirection
605 * file list lock for manipulating list of ttys
606 * tty_ldisc_lock from called functions
607 * termios_mutex resetting termios data
608 * tasklist_lock to walk task list for hangup event
609 * ->siglock to protect ->signal/->sighand
610 */
611 static void __tty_hangup(struct tty_struct *tty, int exit_session)
612 {
613 struct file *cons_filp = NULL;
614 struct file *filp, *f = NULL;
615 struct tty_file_private *priv;
616 int closecount = 0, n;
617 int refs;
618
619 if (!tty)
620 return;
621
622
623 spin_lock(&redirect_lock);
624 if (redirect && file_tty(redirect) == tty) {
625 f = redirect;
626 redirect = NULL;
627 }
628 spin_unlock(&redirect_lock);
629
630 tty_lock(tty);
631
632 /* some functions below drop BTM, so we need this bit */
633 set_bit(TTY_HUPPING, &tty->flags);
634
635 /* inuse_filps is protected by the single tty lock,
636 this really needs to change if we want to flush the
637 workqueue with the lock held */
638 check_tty_count(tty, "tty_hangup");
639
640 spin_lock(&tty_files_lock);
641 /* This breaks for file handles being sent over AF_UNIX sockets ? */
642 list_for_each_entry(priv, &tty->tty_files, list) {
643 filp = priv->file;
644 if (filp->f_op->write == redirected_tty_write)
645 cons_filp = filp;
646 if (filp->f_op->write != tty_write)
647 continue;
648 closecount++;
649 __tty_fasync(-1, filp, 0); /* can't block */
650 filp->f_op = &hung_up_tty_fops;
651 }
652 spin_unlock(&tty_files_lock);
653
654 refs = tty_signal_session_leader(tty, exit_session);
655 /* Account for the p->signal references we killed */
656 while (refs--)
657 tty_kref_put(tty);
658
659 /*
660 * it drops BTM and thus races with reopen
661 * we protect the race by TTY_HUPPING
662 */
663 tty_ldisc_hangup(tty);
664
665 spin_lock_irq(&tty->ctrl_lock);
666 clear_bit(TTY_THROTTLED, &tty->flags);
667 clear_bit(TTY_PUSH, &tty->flags);
668 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
669 put_pid(tty->session);
670 put_pid(tty->pgrp);
671 tty->session = NULL;
672 tty->pgrp = NULL;
673 tty->ctrl_status = 0;
674 spin_unlock_irq(&tty->ctrl_lock);
675
676 /*
677 * If one of the devices matches a console pointer, we
678 * cannot just call hangup() because that will cause
679 * tty->count and state->count to go out of sync.
680 * So we just call close() the right number of times.
681 */
682 if (cons_filp) {
683 if (tty->ops->close)
684 for (n = 0; n < closecount; n++)
685 tty->ops->close(tty, cons_filp);
686 } else if (tty->ops->hangup)
687 (tty->ops->hangup)(tty);
688 /*
689 * We don't want to have driver/ldisc interactions beyond
690 * the ones we did here. The driver layer expects no
691 * calls after ->hangup() from the ldisc side. However we
692 * can't yet guarantee all that.
693 */
694 set_bit(TTY_HUPPED, &tty->flags);
695 clear_bit(TTY_HUPPING, &tty->flags);
696
697 tty_unlock(tty);
698
699 if (f)
700 fput(f);
701 }
702
703 static void do_tty_hangup(struct work_struct *work)
704 {
705 struct tty_struct *tty =
706 container_of(work, struct tty_struct, hangup_work);
707
708 __tty_hangup(tty, 0);
709 }
710
711 /**
712 * tty_hangup - trigger a hangup event
713 * @tty: tty to hangup
714 *
715 * A carrier loss (virtual or otherwise) has occurred on this like
716 * schedule a hangup sequence to run after this event.
717 */
718
719 void tty_hangup(struct tty_struct *tty)
720 {
721 #ifdef TTY_DEBUG_HANGUP
722 char buf[64];
723 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
724 #endif
725 schedule_work(&tty->hangup_work);
726 }
727
728 EXPORT_SYMBOL(tty_hangup);
729
730 /**
731 * tty_vhangup - process vhangup
732 * @tty: tty to hangup
733 *
734 * The user has asked via system call for the terminal to be hung up.
735 * We do this synchronously so that when the syscall returns the process
736 * is complete. That guarantee is necessary for security reasons.
737 */
738
739 void tty_vhangup(struct tty_struct *tty)
740 {
741 #ifdef TTY_DEBUG_HANGUP
742 char buf[64];
743
744 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
745 #endif
746 __tty_hangup(tty, 0);
747 }
748
749 EXPORT_SYMBOL(tty_vhangup);
750
751
752 /**
753 * tty_vhangup_self - process vhangup for own ctty
754 *
755 * Perform a vhangup on the current controlling tty
756 */
757
758 void tty_vhangup_self(void)
759 {
760 struct tty_struct *tty;
761
762 tty = get_current_tty();
763 if (tty) {
764 tty_vhangup(tty);
765 tty_kref_put(tty);
766 }
767 }
768
769 /**
770 * tty_vhangup_session - hangup session leader exit
771 * @tty: tty to hangup
772 *
773 * The session leader is exiting and hanging up its controlling terminal.
774 * Every process in the foreground process group is signalled SIGHUP.
775 *
776 * We do this synchronously so that when the syscall returns the process
777 * is complete. That guarantee is necessary for security reasons.
778 */
779
780 void tty_vhangup_session(struct tty_struct *tty)
781 {
782 #ifdef TTY_DEBUG_HANGUP
783 char buf[64];
784
785 printk(KERN_DEBUG "%s vhangup session...\n", tty_name(tty, buf));
786 #endif
787 __tty_hangup(tty, 1);
788 }
789
790 /**
791 * tty_hung_up_p - was tty hung up
792 * @filp: file pointer of tty
793 *
794 * Return true if the tty has been subject to a vhangup or a carrier
795 * loss
796 */
797
798 int tty_hung_up_p(struct file *filp)
799 {
800 return (filp->f_op == &hung_up_tty_fops);
801 }
802
803 EXPORT_SYMBOL(tty_hung_up_p);
804
805 static void session_clear_tty(struct pid *session)
806 {
807 struct task_struct *p;
808 do_each_pid_task(session, PIDTYPE_SID, p) {
809 proc_clear_tty(p);
810 } while_each_pid_task(session, PIDTYPE_SID, p);
811 }
812
813 /**
814 * disassociate_ctty - disconnect controlling tty
815 * @on_exit: true if exiting so need to "hang up" the session
816 *
817 * This function is typically called only by the session leader, when
818 * it wants to disassociate itself from its controlling tty.
819 *
820 * It performs the following functions:
821 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
822 * (2) Clears the tty from being controlling the session
823 * (3) Clears the controlling tty for all processes in the
824 * session group.
825 *
826 * The argument on_exit is set to 1 if called when a process is
827 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
828 *
829 * Locking:
830 * BTM is taken for hysterical raisins, and held when
831 * called from no_tty().
832 * tty_mutex is taken to protect tty
833 * ->siglock is taken to protect ->signal/->sighand
834 * tasklist_lock is taken to walk process list for sessions
835 * ->siglock is taken to protect ->signal/->sighand
836 */
837
838 void disassociate_ctty(int on_exit)
839 {
840 struct tty_struct *tty;
841
842 if (!current->signal->leader)
843 return;
844
845 tty = get_current_tty();
846 if (tty) {
847 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY) {
848 tty_vhangup_session(tty);
849 } else {
850 struct pid *tty_pgrp = tty_get_pgrp(tty);
851 if (tty_pgrp) {
852 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
853 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
854 put_pid(tty_pgrp);
855 }
856 }
857 tty_kref_put(tty);
858
859 } else if (on_exit) {
860 struct pid *old_pgrp;
861 spin_lock_irq(&current->sighand->siglock);
862 old_pgrp = current->signal->tty_old_pgrp;
863 current->signal->tty_old_pgrp = NULL;
864 spin_unlock_irq(&current->sighand->siglock);
865 if (old_pgrp) {
866 kill_pgrp(old_pgrp, SIGHUP, on_exit);
867 kill_pgrp(old_pgrp, SIGCONT, on_exit);
868 put_pid(old_pgrp);
869 }
870 return;
871 }
872
873 spin_lock_irq(&current->sighand->siglock);
874 put_pid(current->signal->tty_old_pgrp);
875 current->signal->tty_old_pgrp = NULL;
876 spin_unlock_irq(&current->sighand->siglock);
877
878 tty = get_current_tty();
879 if (tty) {
880 unsigned long flags;
881 spin_lock_irqsave(&tty->ctrl_lock, flags);
882 put_pid(tty->session);
883 put_pid(tty->pgrp);
884 tty->session = NULL;
885 tty->pgrp = NULL;
886 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
887 tty_kref_put(tty);
888 } else {
889 #ifdef TTY_DEBUG_HANGUP
890 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
891 " = NULL", tty);
892 #endif
893 }
894
895 /* Now clear signal->tty under the lock */
896 read_lock(&tasklist_lock);
897 session_clear_tty(task_session(current));
898 read_unlock(&tasklist_lock);
899 }
900
901 /**
902 *
903 * no_tty - Ensure the current process does not have a controlling tty
904 */
905 void no_tty(void)
906 {
907 /* FIXME: Review locking here. The tty_lock never covered any race
908 between a new association and proc_clear_tty but possible we need
909 to protect against this anyway */
910 struct task_struct *tsk = current;
911 disassociate_ctty(0);
912 proc_clear_tty(tsk);
913 }
914
915
916 /**
917 * stop_tty - propagate flow control
918 * @tty: tty to stop
919 *
920 * Perform flow control to the driver. For PTY/TTY pairs we
921 * must also propagate the TIOCKPKT status. May be called
922 * on an already stopped device and will not re-call the driver
923 * method.
924 *
925 * This functionality is used by both the line disciplines for
926 * halting incoming flow and by the driver. It may therefore be
927 * called from any context, may be under the tty atomic_write_lock
928 * but not always.
929 *
930 * Locking:
931 * Uses the tty control lock internally
932 */
933
934 void stop_tty(struct tty_struct *tty)
935 {
936 unsigned long flags;
937 spin_lock_irqsave(&tty->ctrl_lock, flags);
938 if (tty->stopped) {
939 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
940 return;
941 }
942 tty->stopped = 1;
943 if (tty->link && tty->link->packet) {
944 tty->ctrl_status &= ~TIOCPKT_START;
945 tty->ctrl_status |= TIOCPKT_STOP;
946 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
947 }
948 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
949 if (tty->ops->stop)
950 (tty->ops->stop)(tty);
951 }
952
953 EXPORT_SYMBOL(stop_tty);
954
955 /**
956 * start_tty - propagate flow control
957 * @tty: tty to start
958 *
959 * Start a tty that has been stopped if at all possible. Perform
960 * any necessary wakeups and propagate the TIOCPKT status. If this
961 * is the tty was previous stopped and is being started then the
962 * driver start method is invoked and the line discipline woken.
963 *
964 * Locking:
965 * ctrl_lock
966 */
967
968 void start_tty(struct tty_struct *tty)
969 {
970 unsigned long flags;
971 spin_lock_irqsave(&tty->ctrl_lock, flags);
972 if (!tty->stopped || tty->flow_stopped) {
973 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
974 return;
975 }
976 tty->stopped = 0;
977 if (tty->link && tty->link->packet) {
978 tty->ctrl_status &= ~TIOCPKT_STOP;
979 tty->ctrl_status |= TIOCPKT_START;
980 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
981 }
982 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
983 if (tty->ops->start)
984 (tty->ops->start)(tty);
985 /* If we have a running line discipline it may need kicking */
986 tty_wakeup(tty);
987 }
988
989 EXPORT_SYMBOL(start_tty);
990
991 /**
992 * tty_read - read method for tty device files
993 * @file: pointer to tty file
994 * @buf: user buffer
995 * @count: size of user buffer
996 * @ppos: unused
997 *
998 * Perform the read system call function on this terminal device. Checks
999 * for hung up devices before calling the line discipline method.
1000 *
1001 * Locking:
1002 * Locks the line discipline internally while needed. Multiple
1003 * read calls may be outstanding in parallel.
1004 */
1005
1006 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1007 loff_t *ppos)
1008 {
1009 int i;
1010 struct tty_struct *tty = file_tty(file);
1011 struct tty_ldisc *ld;
1012
1013 if (tty_paranoia_check(tty, file_inode(file), "tty_read"))
1014 return -EIO;
1015 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1016 return -EIO;
1017
1018 /* We want to wait for the line discipline to sort out in this
1019 situation */
1020 ld = tty_ldisc_ref_wait(tty);
1021 if (ld->ops->read)
1022 i = (ld->ops->read)(tty, file, buf, count);
1023 else
1024 i = -EIO;
1025 tty_ldisc_deref(ld);
1026
1027 return i;
1028 }
1029
1030 void tty_write_unlock(struct tty_struct *tty)
1031 __releases(&tty->atomic_write_lock)
1032 {
1033 mutex_unlock(&tty->atomic_write_lock);
1034 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1035 }
1036
1037 int tty_write_lock(struct tty_struct *tty, int ndelay)
1038 __acquires(&tty->atomic_write_lock)
1039 {
1040 if (!mutex_trylock(&tty->atomic_write_lock)) {
1041 if (ndelay)
1042 return -EAGAIN;
1043 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1044 return -ERESTARTSYS;
1045 }
1046 return 0;
1047 }
1048
1049 /*
1050 * Split writes up in sane blocksizes to avoid
1051 * denial-of-service type attacks
1052 */
1053 static inline ssize_t do_tty_write(
1054 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1055 struct tty_struct *tty,
1056 struct file *file,
1057 const char __user *buf,
1058 size_t count)
1059 {
1060 ssize_t ret, written = 0;
1061 unsigned int chunk;
1062
1063 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1064 if (ret < 0)
1065 return ret;
1066
1067 /*
1068 * We chunk up writes into a temporary buffer. This
1069 * simplifies low-level drivers immensely, since they
1070 * don't have locking issues and user mode accesses.
1071 *
1072 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1073 * big chunk-size..
1074 *
1075 * The default chunk-size is 2kB, because the NTTY
1076 * layer has problems with bigger chunks. It will
1077 * claim to be able to handle more characters than
1078 * it actually does.
1079 *
1080 * FIXME: This can probably go away now except that 64K chunks
1081 * are too likely to fail unless switched to vmalloc...
1082 */
1083 chunk = 2048;
1084 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1085 chunk = 65536;
1086 if (count < chunk)
1087 chunk = count;
1088
1089 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1090 if (tty->write_cnt < chunk) {
1091 unsigned char *buf_chunk;
1092
1093 if (chunk < 1024)
1094 chunk = 1024;
1095
1096 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1097 if (!buf_chunk) {
1098 ret = -ENOMEM;
1099 goto out;
1100 }
1101 kfree(tty->write_buf);
1102 tty->write_cnt = chunk;
1103 tty->write_buf = buf_chunk;
1104 }
1105
1106 /* Do the write .. */
1107 for (;;) {
1108 size_t size = count;
1109 if (size > chunk)
1110 size = chunk;
1111 ret = -EFAULT;
1112 if (copy_from_user(tty->write_buf, buf, size))
1113 break;
1114 ret = write(tty, file, tty->write_buf, size);
1115 if (ret <= 0)
1116 break;
1117 written += ret;
1118 buf += ret;
1119 count -= ret;
1120 if (!count)
1121 break;
1122 ret = -ERESTARTSYS;
1123 if (signal_pending(current))
1124 break;
1125 cond_resched();
1126 }
1127 if (written)
1128 ret = written;
1129 out:
1130 tty_write_unlock(tty);
1131 return ret;
1132 }
1133
1134 /**
1135 * tty_write_message - write a message to a certain tty, not just the console.
1136 * @tty: the destination tty_struct
1137 * @msg: the message to write
1138 *
1139 * This is used for messages that need to be redirected to a specific tty.
1140 * We don't put it into the syslog queue right now maybe in the future if
1141 * really needed.
1142 *
1143 * We must still hold the BTM and test the CLOSING flag for the moment.
1144 */
1145
1146 void tty_write_message(struct tty_struct *tty, char *msg)
1147 {
1148 if (tty) {
1149 mutex_lock(&tty->atomic_write_lock);
1150 tty_lock(tty);
1151 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1152 tty_unlock(tty);
1153 tty->ops->write(tty, msg, strlen(msg));
1154 } else
1155 tty_unlock(tty);
1156 tty_write_unlock(tty);
1157 }
1158 return;
1159 }
1160
1161
1162 /**
1163 * tty_write - write method for tty device file
1164 * @file: tty file pointer
1165 * @buf: user data to write
1166 * @count: bytes to write
1167 * @ppos: unused
1168 *
1169 * Write data to a tty device via the line discipline.
1170 *
1171 * Locking:
1172 * Locks the line discipline as required
1173 * Writes to the tty driver are serialized by the atomic_write_lock
1174 * and are then processed in chunks to the device. The line discipline
1175 * write method will not be invoked in parallel for each device.
1176 */
1177
1178 static ssize_t tty_write(struct file *file, const char __user *buf,
1179 size_t count, loff_t *ppos)
1180 {
1181 struct tty_struct *tty = file_tty(file);
1182 struct tty_ldisc *ld;
1183 ssize_t ret;
1184
1185 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1186 return -EIO;
1187 if (!tty || !tty->ops->write ||
1188 (test_bit(TTY_IO_ERROR, &tty->flags)))
1189 return -EIO;
1190 /* Short term debug to catch buggy drivers */
1191 if (tty->ops->write_room == NULL)
1192 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1193 tty->driver->name);
1194 ld = tty_ldisc_ref_wait(tty);
1195 if (!ld->ops->write)
1196 ret = -EIO;
1197 else
1198 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1199 tty_ldisc_deref(ld);
1200 return ret;
1201 }
1202
1203 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1204 size_t count, loff_t *ppos)
1205 {
1206 struct file *p = NULL;
1207
1208 spin_lock(&redirect_lock);
1209 if (redirect)
1210 p = get_file(redirect);
1211 spin_unlock(&redirect_lock);
1212
1213 if (p) {
1214 ssize_t res;
1215 res = vfs_write(p, buf, count, &p->f_pos);
1216 fput(p);
1217 return res;
1218 }
1219 return tty_write(file, buf, count, ppos);
1220 }
1221
1222 static char ptychar[] = "pqrstuvwxyzabcde";
1223
1224 /**
1225 * pty_line_name - generate name for a pty
1226 * @driver: the tty driver in use
1227 * @index: the minor number
1228 * @p: output buffer of at least 6 bytes
1229 *
1230 * Generate a name from a driver reference and write it to the output
1231 * buffer.
1232 *
1233 * Locking: None
1234 */
1235 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1236 {
1237 int i = index + driver->name_base;
1238 /* ->name is initialized to "ttyp", but "tty" is expected */
1239 sprintf(p, "%s%c%x",
1240 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1241 ptychar[i >> 4 & 0xf], i & 0xf);
1242 }
1243
1244 /**
1245 * tty_line_name - generate name for a tty
1246 * @driver: the tty driver in use
1247 * @index: the minor number
1248 * @p: output buffer of at least 7 bytes
1249 *
1250 * Generate a name from a driver reference and write it to the output
1251 * buffer.
1252 *
1253 * Locking: None
1254 */
1255 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1256 {
1257 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1258 strcpy(p, driver->name);
1259 else
1260 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1261 }
1262
1263 /**
1264 * tty_driver_lookup_tty() - find an existing tty, if any
1265 * @driver: the driver for the tty
1266 * @idx: the minor number
1267 *
1268 * Return the tty, if found or ERR_PTR() otherwise.
1269 *
1270 * Locking: tty_mutex must be held. If tty is found, the mutex must
1271 * be held until the 'fast-open' is also done. Will change once we
1272 * have refcounting in the driver and per driver locking
1273 */
1274 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1275 struct inode *inode, int idx)
1276 {
1277 if (driver->ops->lookup)
1278 return driver->ops->lookup(driver, inode, idx);
1279
1280 return driver->ttys[idx];
1281 }
1282
1283 /**
1284 * tty_init_termios - helper for termios setup
1285 * @tty: the tty to set up
1286 *
1287 * Initialise the termios structures for this tty. Thus runs under
1288 * the tty_mutex currently so we can be relaxed about ordering.
1289 */
1290
1291 int tty_init_termios(struct tty_struct *tty)
1292 {
1293 struct ktermios *tp;
1294 int idx = tty->index;
1295
1296 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1297 tty->termios = tty->driver->init_termios;
1298 else {
1299 /* Check for lazy saved data */
1300 tp = tty->driver->termios[idx];
1301 if (tp != NULL)
1302 tty->termios = *tp;
1303 else
1304 tty->termios = tty->driver->init_termios;
1305 }
1306 /* Compatibility until drivers always set this */
1307 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1308 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1309 return 0;
1310 }
1311 EXPORT_SYMBOL_GPL(tty_init_termios);
1312
1313 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1314 {
1315 int ret = tty_init_termios(tty);
1316 if (ret)
1317 return ret;
1318
1319 tty_driver_kref_get(driver);
1320 tty->count++;
1321 driver->ttys[tty->index] = tty;
1322 return 0;
1323 }
1324 EXPORT_SYMBOL_GPL(tty_standard_install);
1325
1326 /**
1327 * tty_driver_install_tty() - install a tty entry in the driver
1328 * @driver: the driver for the tty
1329 * @tty: the tty
1330 *
1331 * Install a tty object into the driver tables. The tty->index field
1332 * will be set by the time this is called. This method is responsible
1333 * for ensuring any need additional structures are allocated and
1334 * configured.
1335 *
1336 * Locking: tty_mutex for now
1337 */
1338 static int tty_driver_install_tty(struct tty_driver *driver,
1339 struct tty_struct *tty)
1340 {
1341 return driver->ops->install ? driver->ops->install(driver, tty) :
1342 tty_standard_install(driver, tty);
1343 }
1344
1345 /**
1346 * tty_driver_remove_tty() - remove a tty from the driver tables
1347 * @driver: the driver for the tty
1348 * @idx: the minor number
1349 *
1350 * Remvoe a tty object from the driver tables. The tty->index field
1351 * will be set by the time this is called.
1352 *
1353 * Locking: tty_mutex for now
1354 */
1355 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1356 {
1357 if (driver->ops->remove)
1358 driver->ops->remove(driver, tty);
1359 else
1360 driver->ttys[tty->index] = NULL;
1361 }
1362
1363 /*
1364 * tty_reopen() - fast re-open of an open tty
1365 * @tty - the tty to open
1366 *
1367 * Return 0 on success, -errno on error.
1368 *
1369 * Locking: tty_mutex must be held from the time the tty was found
1370 * till this open completes.
1371 */
1372 static int tty_reopen(struct tty_struct *tty)
1373 {
1374 struct tty_driver *driver = tty->driver;
1375
1376 if (test_bit(TTY_CLOSING, &tty->flags) ||
1377 test_bit(TTY_HUPPING, &tty->flags) ||
1378 test_bit(TTY_LDISC_CHANGING, &tty->flags))
1379 return -EIO;
1380
1381 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1382 driver->subtype == PTY_TYPE_MASTER) {
1383 /*
1384 * special case for PTY masters: only one open permitted,
1385 * and the slave side open count is incremented as well.
1386 */
1387 if (tty->count)
1388 return -EIO;
1389
1390 tty->link->count++;
1391 }
1392 tty->count++;
1393
1394 mutex_lock(&tty->ldisc_mutex);
1395 WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1396 mutex_unlock(&tty->ldisc_mutex);
1397
1398 return 0;
1399 }
1400
1401 /**
1402 * tty_init_dev - initialise a tty device
1403 * @driver: tty driver we are opening a device on
1404 * @idx: device index
1405 * @ret_tty: returned tty structure
1406 *
1407 * Prepare a tty device. This may not be a "new" clean device but
1408 * could also be an active device. The pty drivers require special
1409 * handling because of this.
1410 *
1411 * Locking:
1412 * The function is called under the tty_mutex, which
1413 * protects us from the tty struct or driver itself going away.
1414 *
1415 * On exit the tty device has the line discipline attached and
1416 * a reference count of 1. If a pair was created for pty/tty use
1417 * and the other was a pty master then it too has a reference count of 1.
1418 *
1419 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1420 * failed open. The new code protects the open with a mutex, so it's
1421 * really quite straightforward. The mutex locking can probably be
1422 * relaxed for the (most common) case of reopening a tty.
1423 */
1424
1425 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1426 {
1427 struct tty_struct *tty;
1428 int retval;
1429
1430 /*
1431 * First time open is complex, especially for PTY devices.
1432 * This code guarantees that either everything succeeds and the
1433 * TTY is ready for operation, or else the table slots are vacated
1434 * and the allocated memory released. (Except that the termios
1435 * and locked termios may be retained.)
1436 */
1437
1438 if (!try_module_get(driver->owner))
1439 return ERR_PTR(-ENODEV);
1440
1441 tty = alloc_tty_struct();
1442 if (!tty) {
1443 retval = -ENOMEM;
1444 goto err_module_put;
1445 }
1446 initialize_tty_struct(tty, driver, idx);
1447
1448 tty_lock(tty);
1449 retval = tty_driver_install_tty(driver, tty);
1450 if (retval < 0)
1451 goto err_deinit_tty;
1452
1453 if (!tty->port)
1454 tty->port = driver->ports[idx];
1455
1456 WARN_RATELIMIT(!tty->port,
1457 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1458 __func__, tty->driver->name);
1459
1460 tty->port->itty = tty;
1461
1462 /*
1463 * Structures all installed ... call the ldisc open routines.
1464 * If we fail here just call release_tty to clean up. No need
1465 * to decrement the use counts, as release_tty doesn't care.
1466 */
1467 retval = tty_ldisc_setup(tty, tty->link);
1468 if (retval)
1469 goto err_release_tty;
1470 /* Return the tty locked so that it cannot vanish under the caller */
1471 return tty;
1472
1473 err_deinit_tty:
1474 tty_unlock(tty);
1475 deinitialize_tty_struct(tty);
1476 free_tty_struct(tty);
1477 err_module_put:
1478 module_put(driver->owner);
1479 return ERR_PTR(retval);
1480
1481 /* call the tty release_tty routine to clean out this slot */
1482 err_release_tty:
1483 tty_unlock(tty);
1484 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1485 "clearing slot %d\n", idx);
1486 release_tty(tty, idx);
1487 return ERR_PTR(retval);
1488 }
1489
1490 void tty_free_termios(struct tty_struct *tty)
1491 {
1492 struct ktermios *tp;
1493 int idx = tty->index;
1494
1495 /* If the port is going to reset then it has no termios to save */
1496 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1497 return;
1498
1499 /* Stash the termios data */
1500 tp = tty->driver->termios[idx];
1501 if (tp == NULL) {
1502 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1503 if (tp == NULL) {
1504 pr_warn("tty: no memory to save termios state.\n");
1505 return;
1506 }
1507 tty->driver->termios[idx] = tp;
1508 }
1509 *tp = tty->termios;
1510 }
1511 EXPORT_SYMBOL(tty_free_termios);
1512
1513 /**
1514 * tty_flush_works - flush all works of a tty
1515 * @tty: tty device to flush works for
1516 *
1517 * Sync flush all works belonging to @tty.
1518 */
1519 static void tty_flush_works(struct tty_struct *tty)
1520 {
1521 flush_work(&tty->SAK_work);
1522 flush_work(&tty->hangup_work);
1523 }
1524
1525 /**
1526 * release_one_tty - release tty structure memory
1527 * @kref: kref of tty we are obliterating
1528 *
1529 * Releases memory associated with a tty structure, and clears out the
1530 * driver table slots. This function is called when a device is no longer
1531 * in use. It also gets called when setup of a device fails.
1532 *
1533 * Locking:
1534 * takes the file list lock internally when working on the list
1535 * of ttys that the driver keeps.
1536 *
1537 * This method gets called from a work queue so that the driver private
1538 * cleanup ops can sleep (needed for USB at least)
1539 */
1540 static void release_one_tty(struct work_struct *work)
1541 {
1542 struct tty_struct *tty =
1543 container_of(work, struct tty_struct, hangup_work);
1544 struct tty_driver *driver = tty->driver;
1545
1546 if (tty->ops->cleanup)
1547 tty->ops->cleanup(tty);
1548
1549 tty->magic = 0;
1550 tty_driver_kref_put(driver);
1551 module_put(driver->owner);
1552
1553 spin_lock(&tty_files_lock);
1554 list_del_init(&tty->tty_files);
1555 spin_unlock(&tty_files_lock);
1556
1557 put_pid(tty->pgrp);
1558 put_pid(tty->session);
1559 free_tty_struct(tty);
1560 }
1561
1562 static void queue_release_one_tty(struct kref *kref)
1563 {
1564 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1565
1566 /* The hangup queue is now free so we can reuse it rather than
1567 waste a chunk of memory for each port */
1568 INIT_WORK(&tty->hangup_work, release_one_tty);
1569 schedule_work(&tty->hangup_work);
1570 }
1571
1572 /**
1573 * tty_kref_put - release a tty kref
1574 * @tty: tty device
1575 *
1576 * Release a reference to a tty device and if need be let the kref
1577 * layer destruct the object for us
1578 */
1579
1580 void tty_kref_put(struct tty_struct *tty)
1581 {
1582 if (tty)
1583 kref_put(&tty->kref, queue_release_one_tty);
1584 }
1585 EXPORT_SYMBOL(tty_kref_put);
1586
1587 /**
1588 * release_tty - release tty structure memory
1589 *
1590 * Release both @tty and a possible linked partner (think pty pair),
1591 * and decrement the refcount of the backing module.
1592 *
1593 * Locking:
1594 * tty_mutex
1595 * takes the file list lock internally when working on the list
1596 * of ttys that the driver keeps.
1597 *
1598 */
1599 static void release_tty(struct tty_struct *tty, int idx)
1600 {
1601 /* This should always be true but check for the moment */
1602 WARN_ON(tty->index != idx);
1603 WARN_ON(!mutex_is_locked(&tty_mutex));
1604 if (tty->ops->shutdown)
1605 tty->ops->shutdown(tty);
1606 tty_free_termios(tty);
1607 tty_driver_remove_tty(tty->driver, tty);
1608 tty->port->itty = NULL;
1609 cancel_work_sync(&tty->port->buf.work);
1610
1611 if (tty->link)
1612 tty_kref_put(tty->link);
1613 tty_kref_put(tty);
1614 }
1615
1616 /**
1617 * tty_release_checks - check a tty before real release
1618 * @tty: tty to check
1619 * @o_tty: link of @tty (if any)
1620 * @idx: index of the tty
1621 *
1622 * Performs some paranoid checking before true release of the @tty.
1623 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1624 */
1625 static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1626 int idx)
1627 {
1628 #ifdef TTY_PARANOIA_CHECK
1629 if (idx < 0 || idx >= tty->driver->num) {
1630 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1631 __func__, tty->name);
1632 return -1;
1633 }
1634
1635 /* not much to check for devpts */
1636 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1637 return 0;
1638
1639 if (tty != tty->driver->ttys[idx]) {
1640 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1641 __func__, idx, tty->name);
1642 return -1;
1643 }
1644 if (tty->driver->other) {
1645 if (o_tty != tty->driver->other->ttys[idx]) {
1646 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1647 __func__, idx, tty->name);
1648 return -1;
1649 }
1650 if (o_tty->link != tty) {
1651 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1652 return -1;
1653 }
1654 }
1655 #endif
1656 return 0;
1657 }
1658
1659 /**
1660 * tty_release - vfs callback for close
1661 * @inode: inode of tty
1662 * @filp: file pointer for handle to tty
1663 *
1664 * Called the last time each file handle is closed that references
1665 * this tty. There may however be several such references.
1666 *
1667 * Locking:
1668 * Takes bkl. See tty_release_dev
1669 *
1670 * Even releasing the tty structures is a tricky business.. We have
1671 * to be very careful that the structures are all released at the
1672 * same time, as interrupts might otherwise get the wrong pointers.
1673 *
1674 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1675 * lead to double frees or releasing memory still in use.
1676 */
1677
1678 int tty_release(struct inode *inode, struct file *filp)
1679 {
1680 struct tty_struct *tty = file_tty(filp);
1681 struct tty_struct *o_tty;
1682 int pty_master, tty_closing, o_tty_closing, do_sleep;
1683 int idx;
1684 char buf[64];
1685
1686 if (tty_paranoia_check(tty, inode, __func__))
1687 return 0;
1688
1689 tty_lock(tty);
1690 check_tty_count(tty, __func__);
1691
1692 __tty_fasync(-1, filp, 0);
1693
1694 idx = tty->index;
1695 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1696 tty->driver->subtype == PTY_TYPE_MASTER);
1697 /* Review: parallel close */
1698 o_tty = tty->link;
1699
1700 if (tty_release_checks(tty, o_tty, idx)) {
1701 tty_unlock(tty);
1702 return 0;
1703 }
1704
1705 #ifdef TTY_DEBUG_HANGUP
1706 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1707 tty_name(tty, buf), tty->count);
1708 #endif
1709
1710 if (tty->ops->close)
1711 tty->ops->close(tty, filp);
1712
1713 tty_unlock(tty);
1714 /*
1715 * Sanity check: if tty->count is going to zero, there shouldn't be
1716 * any waiters on tty->read_wait or tty->write_wait. We test the
1717 * wait queues and kick everyone out _before_ actually starting to
1718 * close. This ensures that we won't block while releasing the tty
1719 * structure.
1720 *
1721 * The test for the o_tty closing is necessary, since the master and
1722 * slave sides may close in any order. If the slave side closes out
1723 * first, its count will be one, since the master side holds an open.
1724 * Thus this test wouldn't be triggered at the time the slave closes,
1725 * so we do it now.
1726 *
1727 * Note that it's possible for the tty to be opened again while we're
1728 * flushing out waiters. By recalculating the closing flags before
1729 * each iteration we avoid any problems.
1730 */
1731 while (1) {
1732 /* Guard against races with tty->count changes elsewhere and
1733 opens on /dev/tty */
1734
1735 mutex_lock(&tty_mutex);
1736 tty_lock_pair(tty, o_tty);
1737 tty_closing = tty->count <= 1;
1738 o_tty_closing = o_tty &&
1739 (o_tty->count <= (pty_master ? 1 : 0));
1740 do_sleep = 0;
1741
1742 if (tty_closing) {
1743 if (waitqueue_active(&tty->read_wait)) {
1744 wake_up_poll(&tty->read_wait, POLLIN);
1745 do_sleep++;
1746 }
1747 if (waitqueue_active(&tty->write_wait)) {
1748 wake_up_poll(&tty->write_wait, POLLOUT);
1749 do_sleep++;
1750 }
1751 }
1752 if (o_tty_closing) {
1753 if (waitqueue_active(&o_tty->read_wait)) {
1754 wake_up_poll(&o_tty->read_wait, POLLIN);
1755 do_sleep++;
1756 }
1757 if (waitqueue_active(&o_tty->write_wait)) {
1758 wake_up_poll(&o_tty->write_wait, POLLOUT);
1759 do_sleep++;
1760 }
1761 }
1762 if (!do_sleep)
1763 break;
1764
1765 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1766 __func__, tty_name(tty, buf));
1767 tty_unlock_pair(tty, o_tty);
1768 mutex_unlock(&tty_mutex);
1769 schedule();
1770 }
1771
1772 /*
1773 * The closing flags are now consistent with the open counts on
1774 * both sides, and we've completed the last operation that could
1775 * block, so it's safe to proceed with closing.
1776 *
1777 * We must *not* drop the tty_mutex until we ensure that a further
1778 * entry into tty_open can not pick up this tty.
1779 */
1780 if (pty_master) {
1781 if (--o_tty->count < 0) {
1782 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1783 __func__, o_tty->count, tty_name(o_tty, buf));
1784 o_tty->count = 0;
1785 }
1786 }
1787 if (--tty->count < 0) {
1788 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1789 __func__, tty->count, tty_name(tty, buf));
1790 tty->count = 0;
1791 }
1792
1793 /*
1794 * We've decremented tty->count, so we need to remove this file
1795 * descriptor off the tty->tty_files list; this serves two
1796 * purposes:
1797 * - check_tty_count sees the correct number of file descriptors
1798 * associated with this tty.
1799 * - do_tty_hangup no longer sees this file descriptor as
1800 * something that needs to be handled for hangups.
1801 */
1802 tty_del_file(filp);
1803
1804 /*
1805 * Perform some housekeeping before deciding whether to return.
1806 *
1807 * Set the TTY_CLOSING flag if this was the last open. In the
1808 * case of a pty we may have to wait around for the other side
1809 * to close, and TTY_CLOSING makes sure we can't be reopened.
1810 */
1811 if (tty_closing)
1812 set_bit(TTY_CLOSING, &tty->flags);
1813 if (o_tty_closing)
1814 set_bit(TTY_CLOSING, &o_tty->flags);
1815
1816 /*
1817 * If _either_ side is closing, make sure there aren't any
1818 * processes that still think tty or o_tty is their controlling
1819 * tty.
1820 */
1821 if (tty_closing || o_tty_closing) {
1822 read_lock(&tasklist_lock);
1823 session_clear_tty(tty->session);
1824 if (o_tty)
1825 session_clear_tty(o_tty->session);
1826 read_unlock(&tasklist_lock);
1827 }
1828
1829 mutex_unlock(&tty_mutex);
1830 tty_unlock_pair(tty, o_tty);
1831 /* At this point the TTY_CLOSING flag should ensure a dead tty
1832 cannot be re-opened by a racing opener */
1833
1834 /* check whether both sides are closing ... */
1835 if (!tty_closing || (o_tty && !o_tty_closing))
1836 return 0;
1837
1838 #ifdef TTY_DEBUG_HANGUP
1839 printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__);
1840 #endif
1841 /*
1842 * Ask the line discipline code to release its structures
1843 */
1844 tty_ldisc_release(tty, o_tty);
1845
1846 /* Wait for pending work before tty destruction commmences */
1847 tty_flush_works(tty);
1848 if (o_tty)
1849 tty_flush_works(o_tty);
1850
1851 /*
1852 * The release_tty function takes care of the details of clearing
1853 * the slots and preserving the termios structure. The tty_unlock_pair
1854 * should be safe as we keep a kref while the tty is locked (so the
1855 * unlock never unlocks a freed tty).
1856 */
1857 mutex_lock(&tty_mutex);
1858 release_tty(tty, idx);
1859 mutex_unlock(&tty_mutex);
1860
1861 return 0;
1862 }
1863
1864 /**
1865 * tty_open_current_tty - get tty of current task for open
1866 * @device: device number
1867 * @filp: file pointer to tty
1868 * @return: tty of the current task iff @device is /dev/tty
1869 *
1870 * We cannot return driver and index like for the other nodes because
1871 * devpts will not work then. It expects inodes to be from devpts FS.
1872 *
1873 * We need to move to returning a refcounted object from all the lookup
1874 * paths including this one.
1875 */
1876 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1877 {
1878 struct tty_struct *tty;
1879
1880 if (device != MKDEV(TTYAUX_MAJOR, 0))
1881 return NULL;
1882
1883 tty = get_current_tty();
1884 if (!tty)
1885 return ERR_PTR(-ENXIO);
1886
1887 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1888 /* noctty = 1; */
1889 tty_kref_put(tty);
1890 /* FIXME: we put a reference and return a TTY! */
1891 /* This is only safe because the caller holds tty_mutex */
1892 return tty;
1893 }
1894
1895 /**
1896 * tty_lookup_driver - lookup a tty driver for a given device file
1897 * @device: device number
1898 * @filp: file pointer to tty
1899 * @noctty: set if the device should not become a controlling tty
1900 * @index: index for the device in the @return driver
1901 * @return: driver for this inode (with increased refcount)
1902 *
1903 * If @return is not erroneous, the caller is responsible to decrement the
1904 * refcount by tty_driver_kref_put.
1905 *
1906 * Locking: tty_mutex protects get_tty_driver
1907 */
1908 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1909 int *noctty, int *index)
1910 {
1911 struct tty_driver *driver;
1912
1913 switch (device) {
1914 #ifdef CONFIG_VT
1915 case MKDEV(TTY_MAJOR, 0): {
1916 extern struct tty_driver *console_driver;
1917 driver = tty_driver_kref_get(console_driver);
1918 *index = fg_console;
1919 *noctty = 1;
1920 break;
1921 }
1922 #endif
1923 case MKDEV(TTYAUX_MAJOR, 1): {
1924 struct tty_driver *console_driver = console_device(index);
1925 if (console_driver) {
1926 driver = tty_driver_kref_get(console_driver);
1927 if (driver) {
1928 /* Don't let /dev/console block */
1929 filp->f_flags |= O_NONBLOCK;
1930 *noctty = 1;
1931 break;
1932 }
1933 }
1934 return ERR_PTR(-ENODEV);
1935 }
1936 default:
1937 driver = get_tty_driver(device, index);
1938 if (!driver)
1939 return ERR_PTR(-ENODEV);
1940 break;
1941 }
1942 return driver;
1943 }
1944
1945 /**
1946 * tty_open - open a tty device
1947 * @inode: inode of device file
1948 * @filp: file pointer to tty
1949 *
1950 * tty_open and tty_release keep up the tty count that contains the
1951 * number of opens done on a tty. We cannot use the inode-count, as
1952 * different inodes might point to the same tty.
1953 *
1954 * Open-counting is needed for pty masters, as well as for keeping
1955 * track of serial lines: DTR is dropped when the last close happens.
1956 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1957 *
1958 * The termios state of a pty is reset on first open so that
1959 * settings don't persist across reuse.
1960 *
1961 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
1962 * tty->count should protect the rest.
1963 * ->siglock protects ->signal/->sighand
1964 *
1965 * Note: the tty_unlock/lock cases without a ref are only safe due to
1966 * tty_mutex
1967 */
1968
1969 static int tty_open(struct inode *inode, struct file *filp)
1970 {
1971 struct tty_struct *tty;
1972 int noctty, retval;
1973 struct tty_driver *driver = NULL;
1974 int index;
1975 dev_t device = inode->i_rdev;
1976 unsigned saved_flags = filp->f_flags;
1977
1978 nonseekable_open(inode, filp);
1979
1980 retry_open:
1981 retval = tty_alloc_file(filp);
1982 if (retval)
1983 return -ENOMEM;
1984
1985 noctty = filp->f_flags & O_NOCTTY;
1986 index = -1;
1987 retval = 0;
1988
1989 mutex_lock(&tty_mutex);
1990 /* This is protected by the tty_mutex */
1991 tty = tty_open_current_tty(device, filp);
1992 if (IS_ERR(tty)) {
1993 retval = PTR_ERR(tty);
1994 goto err_unlock;
1995 } else if (!tty) {
1996 driver = tty_lookup_driver(device, filp, &noctty, &index);
1997 if (IS_ERR(driver)) {
1998 retval = PTR_ERR(driver);
1999 goto err_unlock;
2000 }
2001
2002 /* check whether we're reopening an existing tty */
2003 tty = tty_driver_lookup_tty(driver, inode, index);
2004 if (IS_ERR(tty)) {
2005 retval = PTR_ERR(tty);
2006 goto err_unlock;
2007 }
2008 }
2009
2010 if (tty) {
2011 tty_lock(tty);
2012 retval = tty_reopen(tty);
2013 if (retval < 0) {
2014 tty_unlock(tty);
2015 tty = ERR_PTR(retval);
2016 }
2017 } else /* Returns with the tty_lock held for now */
2018 tty = tty_init_dev(driver, index);
2019
2020 mutex_unlock(&tty_mutex);
2021 if (driver)
2022 tty_driver_kref_put(driver);
2023 if (IS_ERR(tty)) {
2024 retval = PTR_ERR(tty);
2025 goto err_file;
2026 }
2027
2028 tty_add_file(tty, filp);
2029
2030 check_tty_count(tty, __func__);
2031 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2032 tty->driver->subtype == PTY_TYPE_MASTER)
2033 noctty = 1;
2034 #ifdef TTY_DEBUG_HANGUP
2035 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
2036 #endif
2037 if (tty->ops->open)
2038 retval = tty->ops->open(tty, filp);
2039 else
2040 retval = -ENODEV;
2041 filp->f_flags = saved_flags;
2042
2043 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2044 !capable(CAP_SYS_ADMIN))
2045 retval = -EBUSY;
2046
2047 if (retval) {
2048 #ifdef TTY_DEBUG_HANGUP
2049 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
2050 retval, tty->name);
2051 #endif
2052 tty_unlock(tty); /* need to call tty_release without BTM */
2053 tty_release(inode, filp);
2054 if (retval != -ERESTARTSYS)
2055 return retval;
2056
2057 if (signal_pending(current))
2058 return retval;
2059
2060 schedule();
2061 /*
2062 * Need to reset f_op in case a hangup happened.
2063 */
2064 if (filp->f_op == &hung_up_tty_fops)
2065 filp->f_op = &tty_fops;
2066 goto retry_open;
2067 }
2068 tty_unlock(tty);
2069
2070
2071 mutex_lock(&tty_mutex);
2072 tty_lock(tty);
2073 spin_lock_irq(&current->sighand->siglock);
2074 if (!noctty &&
2075 current->signal->leader &&
2076 !current->signal->tty &&
2077 tty->session == NULL)
2078 __proc_set_tty(current, tty);
2079 spin_unlock_irq(&current->sighand->siglock);
2080 tty_unlock(tty);
2081 mutex_unlock(&tty_mutex);
2082 return 0;
2083 err_unlock:
2084 mutex_unlock(&tty_mutex);
2085 /* after locks to avoid deadlock */
2086 if (!IS_ERR_OR_NULL(driver))
2087 tty_driver_kref_put(driver);
2088 err_file:
2089 tty_free_file(filp);
2090 return retval;
2091 }
2092
2093
2094
2095 /**
2096 * tty_poll - check tty status
2097 * @filp: file being polled
2098 * @wait: poll wait structures to update
2099 *
2100 * Call the line discipline polling method to obtain the poll
2101 * status of the device.
2102 *
2103 * Locking: locks called line discipline but ldisc poll method
2104 * may be re-entered freely by other callers.
2105 */
2106
2107 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2108 {
2109 struct tty_struct *tty = file_tty(filp);
2110 struct tty_ldisc *ld;
2111 int ret = 0;
2112
2113 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2114 return 0;
2115
2116 ld = tty_ldisc_ref_wait(tty);
2117 if (ld->ops->poll)
2118 ret = (ld->ops->poll)(tty, filp, wait);
2119 tty_ldisc_deref(ld);
2120 return ret;
2121 }
2122
2123 static int __tty_fasync(int fd, struct file *filp, int on)
2124 {
2125 struct tty_struct *tty = file_tty(filp);
2126 unsigned long flags;
2127 int retval = 0;
2128
2129 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2130 goto out;
2131
2132 retval = fasync_helper(fd, filp, on, &tty->fasync);
2133 if (retval <= 0)
2134 goto out;
2135
2136 if (on) {
2137 enum pid_type type;
2138 struct pid *pid;
2139 if (!waitqueue_active(&tty->read_wait))
2140 tty->minimum_to_wake = 1;
2141 spin_lock_irqsave(&tty->ctrl_lock, flags);
2142 if (tty->pgrp) {
2143 pid = tty->pgrp;
2144 type = PIDTYPE_PGID;
2145 } else {
2146 pid = task_pid(current);
2147 type = PIDTYPE_PID;
2148 }
2149 get_pid(pid);
2150 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2151 retval = __f_setown(filp, pid, type, 0);
2152 put_pid(pid);
2153 if (retval)
2154 goto out;
2155 } else {
2156 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2157 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2158 }
2159 retval = 0;
2160 out:
2161 return retval;
2162 }
2163
2164 static int tty_fasync(int fd, struct file *filp, int on)
2165 {
2166 struct tty_struct *tty = file_tty(filp);
2167 int retval;
2168
2169 tty_lock(tty);
2170 retval = __tty_fasync(fd, filp, on);
2171 tty_unlock(tty);
2172
2173 return retval;
2174 }
2175
2176 /**
2177 * tiocsti - fake input character
2178 * @tty: tty to fake input into
2179 * @p: pointer to character
2180 *
2181 * Fake input to a tty device. Does the necessary locking and
2182 * input management.
2183 *
2184 * FIXME: does not honour flow control ??
2185 *
2186 * Locking:
2187 * Called functions take tty_ldisc_lock
2188 * current->signal->tty check is safe without locks
2189 *
2190 * FIXME: may race normal receive processing
2191 */
2192
2193 static int tiocsti(struct tty_struct *tty, char __user *p)
2194 {
2195 char ch, mbz = 0;
2196 struct tty_ldisc *ld;
2197
2198 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2199 return -EPERM;
2200 if (get_user(ch, p))
2201 return -EFAULT;
2202 tty_audit_tiocsti(tty, ch);
2203 ld = tty_ldisc_ref_wait(tty);
2204 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2205 tty_ldisc_deref(ld);
2206 return 0;
2207 }
2208
2209 /**
2210 * tiocgwinsz - implement window query ioctl
2211 * @tty; tty
2212 * @arg: user buffer for result
2213 *
2214 * Copies the kernel idea of the window size into the user buffer.
2215 *
2216 * Locking: tty->termios_mutex is taken to ensure the winsize data
2217 * is consistent.
2218 */
2219
2220 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2221 {
2222 int err;
2223
2224 mutex_lock(&tty->termios_mutex);
2225 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2226 mutex_unlock(&tty->termios_mutex);
2227
2228 return err ? -EFAULT: 0;
2229 }
2230
2231 /**
2232 * tty_do_resize - resize event
2233 * @tty: tty being resized
2234 * @rows: rows (character)
2235 * @cols: cols (character)
2236 *
2237 * Update the termios variables and send the necessary signals to
2238 * peform a terminal resize correctly
2239 */
2240
2241 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2242 {
2243 struct pid *pgrp;
2244 unsigned long flags;
2245
2246 /* Lock the tty */
2247 mutex_lock(&tty->termios_mutex);
2248 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2249 goto done;
2250 /* Get the PID values and reference them so we can
2251 avoid holding the tty ctrl lock while sending signals */
2252 spin_lock_irqsave(&tty->ctrl_lock, flags);
2253 pgrp = get_pid(tty->pgrp);
2254 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2255
2256 if (pgrp)
2257 kill_pgrp(pgrp, SIGWINCH, 1);
2258 put_pid(pgrp);
2259
2260 tty->winsize = *ws;
2261 done:
2262 mutex_unlock(&tty->termios_mutex);
2263 return 0;
2264 }
2265 EXPORT_SYMBOL(tty_do_resize);
2266
2267 /**
2268 * tiocswinsz - implement window size set ioctl
2269 * @tty; tty side of tty
2270 * @arg: user buffer for result
2271 *
2272 * Copies the user idea of the window size to the kernel. Traditionally
2273 * this is just advisory information but for the Linux console it
2274 * actually has driver level meaning and triggers a VC resize.
2275 *
2276 * Locking:
2277 * Driver dependent. The default do_resize method takes the
2278 * tty termios mutex and ctrl_lock. The console takes its own lock
2279 * then calls into the default method.
2280 */
2281
2282 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2283 {
2284 struct winsize tmp_ws;
2285 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2286 return -EFAULT;
2287
2288 if (tty->ops->resize)
2289 return tty->ops->resize(tty, &tmp_ws);
2290 else
2291 return tty_do_resize(tty, &tmp_ws);
2292 }
2293
2294 /**
2295 * tioccons - allow admin to move logical console
2296 * @file: the file to become console
2297 *
2298 * Allow the administrator to move the redirected console device
2299 *
2300 * Locking: uses redirect_lock to guard the redirect information
2301 */
2302
2303 static int tioccons(struct file *file)
2304 {
2305 if (!capable(CAP_SYS_ADMIN))
2306 return -EPERM;
2307 if (file->f_op->write == redirected_tty_write) {
2308 struct file *f;
2309 spin_lock(&redirect_lock);
2310 f = redirect;
2311 redirect = NULL;
2312 spin_unlock(&redirect_lock);
2313 if (f)
2314 fput(f);
2315 return 0;
2316 }
2317 spin_lock(&redirect_lock);
2318 if (redirect) {
2319 spin_unlock(&redirect_lock);
2320 return -EBUSY;
2321 }
2322 redirect = get_file(file);
2323 spin_unlock(&redirect_lock);
2324 return 0;
2325 }
2326
2327 /**
2328 * fionbio - non blocking ioctl
2329 * @file: file to set blocking value
2330 * @p: user parameter
2331 *
2332 * Historical tty interfaces had a blocking control ioctl before
2333 * the generic functionality existed. This piece of history is preserved
2334 * in the expected tty API of posix OS's.
2335 *
2336 * Locking: none, the open file handle ensures it won't go away.
2337 */
2338
2339 static int fionbio(struct file *file, int __user *p)
2340 {
2341 int nonblock;
2342
2343 if (get_user(nonblock, p))
2344 return -EFAULT;
2345
2346 spin_lock(&file->f_lock);
2347 if (nonblock)
2348 file->f_flags |= O_NONBLOCK;
2349 else
2350 file->f_flags &= ~O_NONBLOCK;
2351 spin_unlock(&file->f_lock);
2352 return 0;
2353 }
2354
2355 /**
2356 * tiocsctty - set controlling tty
2357 * @tty: tty structure
2358 * @arg: user argument
2359 *
2360 * This ioctl is used to manage job control. It permits a session
2361 * leader to set this tty as the controlling tty for the session.
2362 *
2363 * Locking:
2364 * Takes tty_mutex() to protect tty instance
2365 * Takes tasklist_lock internally to walk sessions
2366 * Takes ->siglock() when updating signal->tty
2367 */
2368
2369 static int tiocsctty(struct tty_struct *tty, int arg)
2370 {
2371 int ret = 0;
2372 if (current->signal->leader && (task_session(current) == tty->session))
2373 return ret;
2374
2375 mutex_lock(&tty_mutex);
2376 /*
2377 * The process must be a session leader and
2378 * not have a controlling tty already.
2379 */
2380 if (!current->signal->leader || current->signal->tty) {
2381 ret = -EPERM;
2382 goto unlock;
2383 }
2384
2385 if (tty->session) {
2386 /*
2387 * This tty is already the controlling
2388 * tty for another session group!
2389 */
2390 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2391 /*
2392 * Steal it away
2393 */
2394 read_lock(&tasklist_lock);
2395 session_clear_tty(tty->session);
2396 read_unlock(&tasklist_lock);
2397 } else {
2398 ret = -EPERM;
2399 goto unlock;
2400 }
2401 }
2402 proc_set_tty(current, tty);
2403 unlock:
2404 mutex_unlock(&tty_mutex);
2405 return ret;
2406 }
2407
2408 /**
2409 * tty_get_pgrp - return a ref counted pgrp pid
2410 * @tty: tty to read
2411 *
2412 * Returns a refcounted instance of the pid struct for the process
2413 * group controlling the tty.
2414 */
2415
2416 struct pid *tty_get_pgrp(struct tty_struct *tty)
2417 {
2418 unsigned long flags;
2419 struct pid *pgrp;
2420
2421 spin_lock_irqsave(&tty->ctrl_lock, flags);
2422 pgrp = get_pid(tty->pgrp);
2423 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2424
2425 return pgrp;
2426 }
2427 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2428
2429 /**
2430 * tiocgpgrp - get process group
2431 * @tty: tty passed by user
2432 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2433 * @p: returned pid
2434 *
2435 * Obtain the process group of the tty. If there is no process group
2436 * return an error.
2437 *
2438 * Locking: none. Reference to current->signal->tty is safe.
2439 */
2440
2441 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2442 {
2443 struct pid *pid;
2444 int ret;
2445 /*
2446 * (tty == real_tty) is a cheap way of
2447 * testing if the tty is NOT a master pty.
2448 */
2449 if (tty == real_tty && current->signal->tty != real_tty)
2450 return -ENOTTY;
2451 pid = tty_get_pgrp(real_tty);
2452 ret = put_user(pid_vnr(pid), p);
2453 put_pid(pid);
2454 return ret;
2455 }
2456
2457 /**
2458 * tiocspgrp - attempt to set process group
2459 * @tty: tty passed by user
2460 * @real_tty: tty side device matching tty passed by user
2461 * @p: pid pointer
2462 *
2463 * Set the process group of the tty to the session passed. Only
2464 * permitted where the tty session is our session.
2465 *
2466 * Locking: RCU, ctrl lock
2467 */
2468
2469 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2470 {
2471 struct pid *pgrp;
2472 pid_t pgrp_nr;
2473 int retval = tty_check_change(real_tty);
2474 unsigned long flags;
2475
2476 if (retval == -EIO)
2477 return -ENOTTY;
2478 if (retval)
2479 return retval;
2480 if (!current->signal->tty ||
2481 (current->signal->tty != real_tty) ||
2482 (real_tty->session != task_session(current)))
2483 return -ENOTTY;
2484 if (get_user(pgrp_nr, p))
2485 return -EFAULT;
2486 if (pgrp_nr < 0)
2487 return -EINVAL;
2488 rcu_read_lock();
2489 pgrp = find_vpid(pgrp_nr);
2490 retval = -ESRCH;
2491 if (!pgrp)
2492 goto out_unlock;
2493 retval = -EPERM;
2494 if (session_of_pgrp(pgrp) != task_session(current))
2495 goto out_unlock;
2496 retval = 0;
2497 spin_lock_irqsave(&tty->ctrl_lock, flags);
2498 put_pid(real_tty->pgrp);
2499 real_tty->pgrp = get_pid(pgrp);
2500 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2501 out_unlock:
2502 rcu_read_unlock();
2503 return retval;
2504 }
2505
2506 /**
2507 * tiocgsid - get session id
2508 * @tty: tty passed by user
2509 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2510 * @p: pointer to returned session id
2511 *
2512 * Obtain the session id of the tty. If there is no session
2513 * return an error.
2514 *
2515 * Locking: none. Reference to current->signal->tty is safe.
2516 */
2517
2518 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2519 {
2520 /*
2521 * (tty == real_tty) is a cheap way of
2522 * testing if the tty is NOT a master pty.
2523 */
2524 if (tty == real_tty && current->signal->tty != real_tty)
2525 return -ENOTTY;
2526 if (!real_tty->session)
2527 return -ENOTTY;
2528 return put_user(pid_vnr(real_tty->session), p);
2529 }
2530
2531 /**
2532 * tiocsetd - set line discipline
2533 * @tty: tty device
2534 * @p: pointer to user data
2535 *
2536 * Set the line discipline according to user request.
2537 *
2538 * Locking: see tty_set_ldisc, this function is just a helper
2539 */
2540
2541 static int tiocsetd(struct tty_struct *tty, int __user *p)
2542 {
2543 int ldisc;
2544 int ret;
2545
2546 if (get_user(ldisc, p))
2547 return -EFAULT;
2548
2549 ret = tty_set_ldisc(tty, ldisc);
2550
2551 return ret;
2552 }
2553
2554 /**
2555 * send_break - performed time break
2556 * @tty: device to break on
2557 * @duration: timeout in mS
2558 *
2559 * Perform a timed break on hardware that lacks its own driver level
2560 * timed break functionality.
2561 *
2562 * Locking:
2563 * atomic_write_lock serializes
2564 *
2565 */
2566
2567 static int send_break(struct tty_struct *tty, unsigned int duration)
2568 {
2569 int retval;
2570
2571 if (tty->ops->break_ctl == NULL)
2572 return 0;
2573
2574 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2575 retval = tty->ops->break_ctl(tty, duration);
2576 else {
2577 /* Do the work ourselves */
2578 if (tty_write_lock(tty, 0) < 0)
2579 return -EINTR;
2580 retval = tty->ops->break_ctl(tty, -1);
2581 if (retval)
2582 goto out;
2583 if (!signal_pending(current))
2584 msleep_interruptible(duration);
2585 retval = tty->ops->break_ctl(tty, 0);
2586 out:
2587 tty_write_unlock(tty);
2588 if (signal_pending(current))
2589 retval = -EINTR;
2590 }
2591 return retval;
2592 }
2593
2594 /**
2595 * tty_tiocmget - get modem status
2596 * @tty: tty device
2597 * @file: user file pointer
2598 * @p: pointer to result
2599 *
2600 * Obtain the modem status bits from the tty driver if the feature
2601 * is supported. Return -EINVAL if it is not available.
2602 *
2603 * Locking: none (up to the driver)
2604 */
2605
2606 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2607 {
2608 int retval = -EINVAL;
2609
2610 if (tty->ops->tiocmget) {
2611 retval = tty->ops->tiocmget(tty);
2612
2613 if (retval >= 0)
2614 retval = put_user(retval, p);
2615 }
2616 return retval;
2617 }
2618
2619 /**
2620 * tty_tiocmset - set modem status
2621 * @tty: tty device
2622 * @cmd: command - clear bits, set bits or set all
2623 * @p: pointer to desired bits
2624 *
2625 * Set the modem status bits from the tty driver if the feature
2626 * is supported. Return -EINVAL if it is not available.
2627 *
2628 * Locking: none (up to the driver)
2629 */
2630
2631 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2632 unsigned __user *p)
2633 {
2634 int retval;
2635 unsigned int set, clear, val;
2636
2637 if (tty->ops->tiocmset == NULL)
2638 return -EINVAL;
2639
2640 retval = get_user(val, p);
2641 if (retval)
2642 return retval;
2643 set = clear = 0;
2644 switch (cmd) {
2645 case TIOCMBIS:
2646 set = val;
2647 break;
2648 case TIOCMBIC:
2649 clear = val;
2650 break;
2651 case TIOCMSET:
2652 set = val;
2653 clear = ~val;
2654 break;
2655 }
2656 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2657 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2658 return tty->ops->tiocmset(tty, set, clear);
2659 }
2660
2661 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2662 {
2663 int retval = -EINVAL;
2664 struct serial_icounter_struct icount;
2665 memset(&icount, 0, sizeof(icount));
2666 if (tty->ops->get_icount)
2667 retval = tty->ops->get_icount(tty, &icount);
2668 if (retval != 0)
2669 return retval;
2670 if (copy_to_user(arg, &icount, sizeof(icount)))
2671 return -EFAULT;
2672 return 0;
2673 }
2674
2675 struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2676 {
2677 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2678 tty->driver->subtype == PTY_TYPE_MASTER)
2679 tty = tty->link;
2680 return tty;
2681 }
2682 EXPORT_SYMBOL(tty_pair_get_tty);
2683
2684 struct tty_struct *tty_pair_get_pty(struct tty_struct *tty)
2685 {
2686 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2687 tty->driver->subtype == PTY_TYPE_MASTER)
2688 return tty;
2689 return tty->link;
2690 }
2691 EXPORT_SYMBOL(tty_pair_get_pty);
2692
2693 /*
2694 * Split this up, as gcc can choke on it otherwise..
2695 */
2696 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2697 {
2698 struct tty_struct *tty = file_tty(file);
2699 struct tty_struct *real_tty;
2700 void __user *p = (void __user *)arg;
2701 int retval;
2702 struct tty_ldisc *ld;
2703
2704 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2705 return -EINVAL;
2706
2707 real_tty = tty_pair_get_tty(tty);
2708
2709 /*
2710 * Factor out some common prep work
2711 */
2712 switch (cmd) {
2713 case TIOCSETD:
2714 case TIOCSBRK:
2715 case TIOCCBRK:
2716 case TCSBRK:
2717 case TCSBRKP:
2718 retval = tty_check_change(tty);
2719 if (retval)
2720 return retval;
2721 if (cmd != TIOCCBRK) {
2722 tty_wait_until_sent(tty, 0);
2723 if (signal_pending(current))
2724 return -EINTR;
2725 }
2726 break;
2727 }
2728
2729 /*
2730 * Now do the stuff.
2731 */
2732 switch (cmd) {
2733 case TIOCSTI:
2734 return tiocsti(tty, p);
2735 case TIOCGWINSZ:
2736 return tiocgwinsz(real_tty, p);
2737 case TIOCSWINSZ:
2738 return tiocswinsz(real_tty, p);
2739 case TIOCCONS:
2740 return real_tty != tty ? -EINVAL : tioccons(file);
2741 case FIONBIO:
2742 return fionbio(file, p);
2743 case TIOCEXCL:
2744 set_bit(TTY_EXCLUSIVE, &tty->flags);
2745 return 0;
2746 case TIOCNXCL:
2747 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2748 return 0;
2749 case TIOCGEXCL:
2750 {
2751 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2752 return put_user(excl, (int __user *)p);
2753 }
2754 case TIOCNOTTY:
2755 if (current->signal->tty != tty)
2756 return -ENOTTY;
2757 no_tty();
2758 return 0;
2759 case TIOCSCTTY:
2760 return tiocsctty(tty, arg);
2761 case TIOCGPGRP:
2762 return tiocgpgrp(tty, real_tty, p);
2763 case TIOCSPGRP:
2764 return tiocspgrp(tty, real_tty, p);
2765 case TIOCGSID:
2766 return tiocgsid(tty, real_tty, p);
2767 case TIOCGETD:
2768 return put_user(tty->ldisc->ops->num, (int __user *)p);
2769 case TIOCSETD:
2770 return tiocsetd(tty, p);
2771 case TIOCVHANGUP:
2772 if (!capable(CAP_SYS_ADMIN))
2773 return -EPERM;
2774 tty_vhangup(tty);
2775 return 0;
2776 case TIOCGDEV:
2777 {
2778 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2779 return put_user(ret, (unsigned int __user *)p);
2780 }
2781 /*
2782 * Break handling
2783 */
2784 case TIOCSBRK: /* Turn break on, unconditionally */
2785 if (tty->ops->break_ctl)
2786 return tty->ops->break_ctl(tty, -1);
2787 return 0;
2788 case TIOCCBRK: /* Turn break off, unconditionally */
2789 if (tty->ops->break_ctl)
2790 return tty->ops->break_ctl(tty, 0);
2791 return 0;
2792 case TCSBRK: /* SVID version: non-zero arg --> no break */
2793 /* non-zero arg means wait for all output data
2794 * to be sent (performed above) but don't send break.
2795 * This is used by the tcdrain() termios function.
2796 */
2797 if (!arg)
2798 return send_break(tty, 250);
2799 return 0;
2800 case TCSBRKP: /* support for POSIX tcsendbreak() */
2801 return send_break(tty, arg ? arg*100 : 250);
2802
2803 case TIOCMGET:
2804 return tty_tiocmget(tty, p);
2805 case TIOCMSET:
2806 case TIOCMBIC:
2807 case TIOCMBIS:
2808 return tty_tiocmset(tty, cmd, p);
2809 case TIOCGICOUNT:
2810 retval = tty_tiocgicount(tty, p);
2811 /* For the moment allow fall through to the old method */
2812 if (retval != -EINVAL)
2813 return retval;
2814 break;
2815 case TCFLSH:
2816 switch (arg) {
2817 case TCIFLUSH:
2818 case TCIOFLUSH:
2819 /* flush tty buffer and allow ldisc to process ioctl */
2820 tty_buffer_flush(tty);
2821 break;
2822 }
2823 break;
2824 }
2825 if (tty->ops->ioctl) {
2826 retval = (tty->ops->ioctl)(tty, cmd, arg);
2827 if (retval != -ENOIOCTLCMD)
2828 return retval;
2829 }
2830 ld = tty_ldisc_ref_wait(tty);
2831 retval = -EINVAL;
2832 if (ld->ops->ioctl) {
2833 retval = ld->ops->ioctl(tty, file, cmd, arg);
2834 if (retval == -ENOIOCTLCMD)
2835 retval = -ENOTTY;
2836 }
2837 tty_ldisc_deref(ld);
2838 return retval;
2839 }
2840
2841 #ifdef CONFIG_COMPAT
2842 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2843 unsigned long arg)
2844 {
2845 struct tty_struct *tty = file_tty(file);
2846 struct tty_ldisc *ld;
2847 int retval = -ENOIOCTLCMD;
2848
2849 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2850 return -EINVAL;
2851
2852 if (tty->ops->compat_ioctl) {
2853 retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2854 if (retval != -ENOIOCTLCMD)
2855 return retval;
2856 }
2857
2858 ld = tty_ldisc_ref_wait(tty);
2859 if (ld->ops->compat_ioctl)
2860 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2861 else
2862 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2863 tty_ldisc_deref(ld);
2864
2865 return retval;
2866 }
2867 #endif
2868
2869 static int this_tty(const void *t, struct file *file, unsigned fd)
2870 {
2871 if (likely(file->f_op->read != tty_read))
2872 return 0;
2873 return file_tty(file) != t ? 0 : fd + 1;
2874 }
2875
2876 /*
2877 * This implements the "Secure Attention Key" --- the idea is to
2878 * prevent trojan horses by killing all processes associated with this
2879 * tty when the user hits the "Secure Attention Key". Required for
2880 * super-paranoid applications --- see the Orange Book for more details.
2881 *
2882 * This code could be nicer; ideally it should send a HUP, wait a few
2883 * seconds, then send a INT, and then a KILL signal. But you then
2884 * have to coordinate with the init process, since all processes associated
2885 * with the current tty must be dead before the new getty is allowed
2886 * to spawn.
2887 *
2888 * Now, if it would be correct ;-/ The current code has a nasty hole -
2889 * it doesn't catch files in flight. We may send the descriptor to ourselves
2890 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2891 *
2892 * Nasty bug: do_SAK is being called in interrupt context. This can
2893 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2894 */
2895 void __do_SAK(struct tty_struct *tty)
2896 {
2897 #ifdef TTY_SOFT_SAK
2898 tty_hangup(tty);
2899 #else
2900 struct task_struct *g, *p;
2901 struct pid *session;
2902 int i;
2903
2904 if (!tty)
2905 return;
2906 session = tty->session;
2907
2908 tty_ldisc_flush(tty);
2909
2910 tty_driver_flush_buffer(tty);
2911
2912 read_lock(&tasklist_lock);
2913 /* Kill the entire session */
2914 do_each_pid_task(session, PIDTYPE_SID, p) {
2915 printk(KERN_NOTICE "SAK: killed process %d"
2916 " (%s): task_session(p)==tty->session\n",
2917 task_pid_nr(p), p->comm);
2918 send_sig(SIGKILL, p, 1);
2919 } while_each_pid_task(session, PIDTYPE_SID, p);
2920 /* Now kill any processes that happen to have the
2921 * tty open.
2922 */
2923 do_each_thread(g, p) {
2924 if (p->signal->tty == tty) {
2925 printk(KERN_NOTICE "SAK: killed process %d"
2926 " (%s): task_session(p)==tty->session\n",
2927 task_pid_nr(p), p->comm);
2928 send_sig(SIGKILL, p, 1);
2929 continue;
2930 }
2931 task_lock(p);
2932 i = iterate_fd(p->files, 0, this_tty, tty);
2933 if (i != 0) {
2934 printk(KERN_NOTICE "SAK: killed process %d"
2935 " (%s): fd#%d opened to the tty\n",
2936 task_pid_nr(p), p->comm, i - 1);
2937 force_sig(SIGKILL, p);
2938 }
2939 task_unlock(p);
2940 } while_each_thread(g, p);
2941 read_unlock(&tasklist_lock);
2942 #endif
2943 }
2944
2945 static void do_SAK_work(struct work_struct *work)
2946 {
2947 struct tty_struct *tty =
2948 container_of(work, struct tty_struct, SAK_work);
2949 __do_SAK(tty);
2950 }
2951
2952 /*
2953 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2954 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2955 * the values which we write to it will be identical to the values which it
2956 * already has. --akpm
2957 */
2958 void do_SAK(struct tty_struct *tty)
2959 {
2960 if (!tty)
2961 return;
2962 schedule_work(&tty->SAK_work);
2963 }
2964
2965 EXPORT_SYMBOL(do_SAK);
2966
2967 static int dev_match_devt(struct device *dev, const void *data)
2968 {
2969 const dev_t *devt = data;
2970 return dev->devt == *devt;
2971 }
2972
2973 /* Must put_device() after it's unused! */
2974 static struct device *tty_get_device(struct tty_struct *tty)
2975 {
2976 dev_t devt = tty_devnum(tty);
2977 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2978 }
2979
2980
2981 /**
2982 * initialize_tty_struct
2983 * @tty: tty to initialize
2984 *
2985 * This subroutine initializes a tty structure that has been newly
2986 * allocated.
2987 *
2988 * Locking: none - tty in question must not be exposed at this point
2989 */
2990
2991 void initialize_tty_struct(struct tty_struct *tty,
2992 struct tty_driver *driver, int idx)
2993 {
2994 memset(tty, 0, sizeof(struct tty_struct));
2995 kref_init(&tty->kref);
2996 tty->magic = TTY_MAGIC;
2997 tty_ldisc_init(tty);
2998 tty->session = NULL;
2999 tty->pgrp = NULL;
3000 mutex_init(&tty->legacy_mutex);
3001 mutex_init(&tty->termios_mutex);
3002 mutex_init(&tty->ldisc_mutex);
3003 init_waitqueue_head(&tty->write_wait);
3004 init_waitqueue_head(&tty->read_wait);
3005 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3006 mutex_init(&tty->atomic_write_lock);
3007 spin_lock_init(&tty->ctrl_lock);
3008 INIT_LIST_HEAD(&tty->tty_files);
3009 INIT_WORK(&tty->SAK_work, do_SAK_work);
3010
3011 tty->driver = driver;
3012 tty->ops = driver->ops;
3013 tty->index = idx;
3014 tty_line_name(driver, idx, tty->name);
3015 tty->dev = tty_get_device(tty);
3016 }
3017
3018 /**
3019 * deinitialize_tty_struct
3020 * @tty: tty to deinitialize
3021 *
3022 * This subroutine deinitializes a tty structure that has been newly
3023 * allocated but tty_release cannot be called on that yet.
3024 *
3025 * Locking: none - tty in question must not be exposed at this point
3026 */
3027 void deinitialize_tty_struct(struct tty_struct *tty)
3028 {
3029 tty_ldisc_deinit(tty);
3030 }
3031
3032 /**
3033 * tty_put_char - write one character to a tty
3034 * @tty: tty
3035 * @ch: character
3036 *
3037 * Write one byte to the tty using the provided put_char method
3038 * if present. Returns the number of characters successfully output.
3039 *
3040 * Note: the specific put_char operation in the driver layer may go
3041 * away soon. Don't call it directly, use this method
3042 */
3043
3044 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3045 {
3046 if (tty->ops->put_char)
3047 return tty->ops->put_char(tty, ch);
3048 return tty->ops->write(tty, &ch, 1);
3049 }
3050 EXPORT_SYMBOL_GPL(tty_put_char);
3051
3052 struct class *tty_class;
3053
3054 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3055 unsigned int index, unsigned int count)
3056 {
3057 /* init here, since reused cdevs cause crashes */
3058 cdev_init(&driver->cdevs[index], &tty_fops);
3059 driver->cdevs[index].owner = driver->owner;
3060 return cdev_add(&driver->cdevs[index], dev, count);
3061 }
3062
3063 /**
3064 * tty_register_device - register a tty device
3065 * @driver: the tty driver that describes the tty device
3066 * @index: the index in the tty driver for this tty device
3067 * @device: a struct device that is associated with this tty device.
3068 * This field is optional, if there is no known struct device
3069 * for this tty device it can be set to NULL safely.
3070 *
3071 * Returns a pointer to the struct device for this tty device
3072 * (or ERR_PTR(-EFOO) on error).
3073 *
3074 * This call is required to be made to register an individual tty device
3075 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3076 * that bit is not set, this function should not be called by a tty
3077 * driver.
3078 *
3079 * Locking: ??
3080 */
3081
3082 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3083 struct device *device)
3084 {
3085 return tty_register_device_attr(driver, index, device, NULL, NULL);
3086 }
3087 EXPORT_SYMBOL(tty_register_device);
3088
3089 static void tty_device_create_release(struct device *dev)
3090 {
3091 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3092 kfree(dev);
3093 }
3094
3095 /**
3096 * tty_register_device_attr - register a tty device
3097 * @driver: the tty driver that describes the tty device
3098 * @index: the index in the tty driver for this tty device
3099 * @device: a struct device that is associated with this tty device.
3100 * This field is optional, if there is no known struct device
3101 * for this tty device it can be set to NULL safely.
3102 * @drvdata: Driver data to be set to device.
3103 * @attr_grp: Attribute group to be set on device.
3104 *
3105 * Returns a pointer to the struct device for this tty device
3106 * (or ERR_PTR(-EFOO) on error).
3107 *
3108 * This call is required to be made to register an individual tty device
3109 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3110 * that bit is not set, this function should not be called by a tty
3111 * driver.
3112 *
3113 * Locking: ??
3114 */
3115 struct device *tty_register_device_attr(struct tty_driver *driver,
3116 unsigned index, struct device *device,
3117 void *drvdata,
3118 const struct attribute_group **attr_grp)
3119 {
3120 char name[64];
3121 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3122 struct device *dev = NULL;
3123 int retval = -ENODEV;
3124 bool cdev = false;
3125
3126 if (index >= driver->num) {
3127 printk(KERN_ERR "Attempt to register invalid tty line number "
3128 " (%d).\n", index);
3129 return ERR_PTR(-EINVAL);
3130 }
3131
3132 if (driver->type == TTY_DRIVER_TYPE_PTY)
3133 pty_line_name(driver, index, name);
3134 else
3135 tty_line_name(driver, index, name);
3136
3137 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3138 retval = tty_cdev_add(driver, devt, index, 1);
3139 if (retval)
3140 goto error;
3141 cdev = true;
3142 }
3143
3144 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3145 if (!dev) {
3146 retval = -ENOMEM;
3147 goto error;
3148 }
3149
3150 dev->devt = devt;
3151 dev->class = tty_class;
3152 dev->parent = device;
3153 dev->release = tty_device_create_release;
3154 dev_set_name(dev, "%s", name);
3155 dev->groups = attr_grp;
3156 dev_set_drvdata(dev, drvdata);
3157
3158 retval = device_register(dev);
3159 if (retval)
3160 goto error;
3161
3162 return dev;
3163
3164 error:
3165 put_device(dev);
3166 if (cdev)
3167 cdev_del(&driver->cdevs[index]);
3168 return ERR_PTR(retval);
3169 }
3170 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3171
3172 /**
3173 * tty_unregister_device - unregister a tty device
3174 * @driver: the tty driver that describes the tty device
3175 * @index: the index in the tty driver for this tty device
3176 *
3177 * If a tty device is registered with a call to tty_register_device() then
3178 * this function must be called when the tty device is gone.
3179 *
3180 * Locking: ??
3181 */
3182
3183 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3184 {
3185 device_destroy(tty_class,
3186 MKDEV(driver->major, driver->minor_start) + index);
3187 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3188 cdev_del(&driver->cdevs[index]);
3189 }
3190 EXPORT_SYMBOL(tty_unregister_device);
3191
3192 /**
3193 * __tty_alloc_driver -- allocate tty driver
3194 * @lines: count of lines this driver can handle at most
3195 * @owner: module which is repsonsible for this driver
3196 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3197 *
3198 * This should not be called directly, some of the provided macros should be
3199 * used instead. Use IS_ERR and friends on @retval.
3200 */
3201 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3202 unsigned long flags)
3203 {
3204 struct tty_driver *driver;
3205 unsigned int cdevs = 1;
3206 int err;
3207
3208 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3209 return ERR_PTR(-EINVAL);
3210
3211 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3212 if (!driver)
3213 return ERR_PTR(-ENOMEM);
3214
3215 kref_init(&driver->kref);
3216 driver->magic = TTY_DRIVER_MAGIC;
3217 driver->num = lines;
3218 driver->owner = owner;
3219 driver->flags = flags;
3220
3221 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3222 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3223 GFP_KERNEL);
3224 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3225 GFP_KERNEL);
3226 if (!driver->ttys || !driver->termios) {
3227 err = -ENOMEM;
3228 goto err_free_all;
3229 }
3230 }
3231
3232 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3233 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3234 GFP_KERNEL);
3235 if (!driver->ports) {
3236 err = -ENOMEM;
3237 goto err_free_all;
3238 }
3239 cdevs = lines;
3240 }
3241
3242 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3243 if (!driver->cdevs) {
3244 err = -ENOMEM;
3245 goto err_free_all;
3246 }
3247
3248 return driver;
3249 err_free_all:
3250 kfree(driver->ports);
3251 kfree(driver->ttys);
3252 kfree(driver->termios);
3253 kfree(driver);
3254 return ERR_PTR(err);
3255 }
3256 EXPORT_SYMBOL(__tty_alloc_driver);
3257
3258 static void destruct_tty_driver(struct kref *kref)
3259 {
3260 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3261 int i;
3262 struct ktermios *tp;
3263
3264 if (driver->flags & TTY_DRIVER_INSTALLED) {
3265 /*
3266 * Free the termios and termios_locked structures because
3267 * we don't want to get memory leaks when modular tty
3268 * drivers are removed from the kernel.
3269 */
3270 for (i = 0; i < driver->num; i++) {
3271 tp = driver->termios[i];
3272 if (tp) {
3273 driver->termios[i] = NULL;
3274 kfree(tp);
3275 }
3276 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3277 tty_unregister_device(driver, i);
3278 }
3279 proc_tty_unregister_driver(driver);
3280 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3281 cdev_del(&driver->cdevs[0]);
3282 }
3283 kfree(driver->cdevs);
3284 kfree(driver->ports);
3285 kfree(driver->termios);
3286 kfree(driver->ttys);
3287 kfree(driver);
3288 }
3289
3290 void tty_driver_kref_put(struct tty_driver *driver)
3291 {
3292 kref_put(&driver->kref, destruct_tty_driver);
3293 }
3294 EXPORT_SYMBOL(tty_driver_kref_put);
3295
3296 void tty_set_operations(struct tty_driver *driver,
3297 const struct tty_operations *op)
3298 {
3299 driver->ops = op;
3300 };
3301 EXPORT_SYMBOL(tty_set_operations);
3302
3303 void put_tty_driver(struct tty_driver *d)
3304 {
3305 tty_driver_kref_put(d);
3306 }
3307 EXPORT_SYMBOL(put_tty_driver);
3308
3309 /*
3310 * Called by a tty driver to register itself.
3311 */
3312 int tty_register_driver(struct tty_driver *driver)
3313 {
3314 int error;
3315 int i;
3316 dev_t dev;
3317 struct device *d;
3318
3319 if (!driver->major) {
3320 error = alloc_chrdev_region(&dev, driver->minor_start,
3321 driver->num, driver->name);
3322 if (!error) {
3323 driver->major = MAJOR(dev);
3324 driver->minor_start = MINOR(dev);
3325 }
3326 } else {
3327 dev = MKDEV(driver->major, driver->minor_start);
3328 error = register_chrdev_region(dev, driver->num, driver->name);
3329 }
3330 if (error < 0)
3331 goto err;
3332
3333 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3334 error = tty_cdev_add(driver, dev, 0, driver->num);
3335 if (error)
3336 goto err_unreg_char;
3337 }
3338
3339 mutex_lock(&tty_mutex);
3340 list_add(&driver->tty_drivers, &tty_drivers);
3341 mutex_unlock(&tty_mutex);
3342
3343 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3344 for (i = 0; i < driver->num; i++) {
3345 d = tty_register_device(driver, i, NULL);
3346 if (IS_ERR(d)) {
3347 error = PTR_ERR(d);
3348 goto err_unreg_devs;
3349 }
3350 }
3351 }
3352 proc_tty_register_driver(driver);
3353 driver->flags |= TTY_DRIVER_INSTALLED;
3354 return 0;
3355
3356 err_unreg_devs:
3357 for (i--; i >= 0; i--)
3358 tty_unregister_device(driver, i);
3359
3360 mutex_lock(&tty_mutex);
3361 list_del(&driver->tty_drivers);
3362 mutex_unlock(&tty_mutex);
3363
3364 err_unreg_char:
3365 unregister_chrdev_region(dev, driver->num);
3366 err:
3367 return error;
3368 }
3369 EXPORT_SYMBOL(tty_register_driver);
3370
3371 /*
3372 * Called by a tty driver to unregister itself.
3373 */
3374 int tty_unregister_driver(struct tty_driver *driver)
3375 {
3376 #if 0
3377 /* FIXME */
3378 if (driver->refcount)
3379 return -EBUSY;
3380 #endif
3381 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3382 driver->num);
3383 mutex_lock(&tty_mutex);
3384 list_del(&driver->tty_drivers);
3385 mutex_unlock(&tty_mutex);
3386 return 0;
3387 }
3388
3389 EXPORT_SYMBOL(tty_unregister_driver);
3390
3391 dev_t tty_devnum(struct tty_struct *tty)
3392 {
3393 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3394 }
3395 EXPORT_SYMBOL(tty_devnum);
3396
3397 void proc_clear_tty(struct task_struct *p)
3398 {
3399 unsigned long flags;
3400 struct tty_struct *tty;
3401 spin_lock_irqsave(&p->sighand->siglock, flags);
3402 tty = p->signal->tty;
3403 p->signal->tty = NULL;
3404 spin_unlock_irqrestore(&p->sighand->siglock, flags);
3405 tty_kref_put(tty);
3406 }
3407
3408 /* Called under the sighand lock */
3409
3410 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3411 {
3412 if (tty) {
3413 unsigned long flags;
3414 /* We should not have a session or pgrp to put here but.... */
3415 spin_lock_irqsave(&tty->ctrl_lock, flags);
3416 put_pid(tty->session);
3417 put_pid(tty->pgrp);
3418 tty->pgrp = get_pid(task_pgrp(tsk));
3419 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3420 tty->session = get_pid(task_session(tsk));
3421 if (tsk->signal->tty) {
3422 printk(KERN_DEBUG "tty not NULL!!\n");
3423 tty_kref_put(tsk->signal->tty);
3424 }
3425 }
3426 put_pid(tsk->signal->tty_old_pgrp);
3427 tsk->signal->tty = tty_kref_get(tty);
3428 tsk->signal->tty_old_pgrp = NULL;
3429 }
3430
3431 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3432 {
3433 spin_lock_irq(&tsk->sighand->siglock);
3434 __proc_set_tty(tsk, tty);
3435 spin_unlock_irq(&tsk->sighand->siglock);
3436 }
3437
3438 struct tty_struct *get_current_tty(void)
3439 {
3440 struct tty_struct *tty;
3441 unsigned long flags;
3442
3443 spin_lock_irqsave(&current->sighand->siglock, flags);
3444 tty = tty_kref_get(current->signal->tty);
3445 spin_unlock_irqrestore(&current->sighand->siglock, flags);
3446 return tty;
3447 }
3448 EXPORT_SYMBOL_GPL(get_current_tty);
3449
3450 void tty_default_fops(struct file_operations *fops)
3451 {
3452 *fops = tty_fops;
3453 }
3454
3455 /*
3456 * Initialize the console device. This is called *early*, so
3457 * we can't necessarily depend on lots of kernel help here.
3458 * Just do some early initializations, and do the complex setup
3459 * later.
3460 */
3461 void __init console_init(void)
3462 {
3463 initcall_t *call;
3464
3465 /* Setup the default TTY line discipline. */
3466 tty_ldisc_begin();
3467
3468 /*
3469 * set up the console device so that later boot sequences can
3470 * inform about problems etc..
3471 */
3472 call = __con_initcall_start;
3473 while (call < __con_initcall_end) {
3474 (*call)();
3475 call++;
3476 }
3477 }
3478
3479 static char *tty_devnode(struct device *dev, umode_t *mode)
3480 {
3481 if (!mode)
3482 return NULL;
3483 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3484 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3485 *mode = 0666;
3486 return NULL;
3487 }
3488
3489 static int __init tty_class_init(void)
3490 {
3491 tty_class = class_create(THIS_MODULE, "tty");
3492 if (IS_ERR(tty_class))
3493 return PTR_ERR(tty_class);
3494 tty_class->devnode = tty_devnode;
3495 return 0;
3496 }
3497
3498 postcore_initcall(tty_class_init);
3499
3500 /* 3/2004 jmc: why do these devices exist? */
3501 static struct cdev tty_cdev, console_cdev;
3502
3503 static ssize_t show_cons_active(struct device *dev,
3504 struct device_attribute *attr, char *buf)
3505 {
3506 struct console *cs[16];
3507 int i = 0;
3508 struct console *c;
3509 ssize_t count = 0;
3510
3511 console_lock();
3512 for_each_console(c) {
3513 if (!c->device)
3514 continue;
3515 if (!c->write)
3516 continue;
3517 if ((c->flags & CON_ENABLED) == 0)
3518 continue;
3519 cs[i++] = c;
3520 if (i >= ARRAY_SIZE(cs))
3521 break;
3522 }
3523 while (i--)
3524 count += sprintf(buf + count, "%s%d%c",
3525 cs[i]->name, cs[i]->index, i ? ' ':'\n');
3526 console_unlock();
3527
3528 return count;
3529 }
3530 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3531
3532 static struct device *consdev;
3533
3534 void console_sysfs_notify(void)
3535 {
3536 if (consdev)
3537 sysfs_notify(&consdev->kobj, NULL, "active");
3538 }
3539
3540 /*
3541 * Ok, now we can initialize the rest of the tty devices and can count
3542 * on memory allocations, interrupts etc..
3543 */
3544 int __init tty_init(void)
3545 {
3546 cdev_init(&tty_cdev, &tty_fops);
3547 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3548 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3549 panic("Couldn't register /dev/tty driver\n");
3550 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3551
3552 cdev_init(&console_cdev, &console_fops);
3553 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3554 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3555 panic("Couldn't register /dev/console driver\n");
3556 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3557 "console");
3558 if (IS_ERR(consdev))
3559 consdev = NULL;
3560 else
3561 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3562
3563 #ifdef CONFIG_VT
3564 vty_init(&console_fops);
3565 #endif
3566 return 0;
3567 }
3568
Linux kernel - Deliverables
This page took 0.111606 seconds and 5 git commands to generate.